2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1998-2001
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jim McDonough 2002
7 Copyright (C) Luke Howard 2003
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 setup the OS, Lanman and domain portions of a session setup reply
29 static void sesssetup_common_strings(struct smbsrv_request *req,
30 char **os, char **lanman, char **domain)
32 (*os) = talloc_asprintf(req, "Unix");
33 (*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING);
34 (*domain) = talloc_asprintf(req, "%s", lp_workgroup());
39 handler for old style session setup
41 static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
44 struct auth_usersupplied_info *user_info = NULL;
45 struct auth_serversupplied_info *server_info = NULL;
46 struct auth_session_info *session_info;
48 TALLOC_CTX *mem_ctx = talloc_named(req, 0, "NT1 session setup");
51 return NT_STATUS_NO_MEMORY;
54 if (!req->smb_conn->negotiate.done_sesssetup) {
55 req->smb_conn->negotiate.max_send = sess->old.in.bufsize;
58 remote_machine = socket_get_peer_addr(req->smb_conn->connection->socket, mem_ctx);
59 status = make_user_info_for_reply_enc(req->smb_conn,
61 sess->old.in.user, sess->old.in.domain,
63 sess->old.in.password,
65 if (!NT_STATUS_IS_OK(status)) {
67 return NT_STATUS_ACCESS_DENIED;
70 status = req->smb_conn->negotiate.auth_context->check_ntlm_password(req->smb_conn->negotiate.auth_context,
74 if (!NT_STATUS_IS_OK(status)) {
76 return nt_status_squash(status);
79 /* This references server_info into session_info */
80 status = make_session_info(req, server_info, &session_info);
82 if (!NT_STATUS_IS_OK(status)) {
83 return nt_status_squash(status);
86 sess->old.out.action = 0;
87 sess->old.out.vuid = smbsrv_register_session(req->smb_conn, session_info, NULL);
88 if (sess->old.out.vuid == UID_FIELD_INVALID) {
89 return NT_STATUS_ACCESS_DENIED;
91 sesssetup_common_strings(req,
93 &sess->old.out.lanman,
94 &sess->old.out.domain);
96 req->session = smbsrv_session_find(req->smb_conn, sess->old.out.vuid);
103 handler for NT1 style session setup
105 static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
108 struct auth_usersupplied_info *user_info = NULL;
109 struct auth_serversupplied_info *server_info = NULL;
110 struct auth_session_info *session_info;
111 TALLOC_CTX *mem_ctx = talloc_named(req, 0, "NT1 session setup");
114 return NT_STATUS_NO_MEMORY;
117 if (!req->smb_conn->negotiate.done_sesssetup) {
118 req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
119 req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
122 if (req->smb_conn->negotiate.spnego_negotiated) {
123 struct auth_context *auth_context;
125 if (sess->nt1.in.user && *sess->nt1.in.user) {
126 return NT_STATUS_ACCESS_DENIED;
128 make_user_info_guest(req->smb_conn, &user_info);
131 status = make_auth_context_subsystem(req->smb_conn, &auth_context);
133 if (!NT_STATUS_IS_OK(status)) {
134 talloc_free(mem_ctx);
138 status = auth_context->check_ntlm_password(auth_context,
143 char *remote_machine;
144 remote_machine = socket_get_peer_addr(req->smb_conn->connection->socket, mem_ctx);
145 status = make_user_info_for_reply_enc(req->smb_conn,
147 sess->nt1.in.user, sess->nt1.in.domain,
149 sess->nt1.in.password1,
150 sess->nt1.in.password2);
151 if (!NT_STATUS_IS_OK(status)) {
152 talloc_free(mem_ctx);
153 return NT_STATUS_ACCESS_DENIED;
156 status = req->smb_conn->negotiate
157 .auth_context->check_ntlm_password(req->smb_conn->negotiate
164 if (!NT_STATUS_IS_OK(status)) {
165 talloc_free(mem_ctx);
166 return nt_status_squash(status);
169 /* This references server_info into session_info */
170 status = make_session_info(mem_ctx, server_info, &session_info);
171 if (!NT_STATUS_IS_OK(status)) {
172 talloc_free(mem_ctx);
173 return nt_status_squash(status);
176 sess->nt1.out.action = 0;
177 sess->nt1.out.vuid = smbsrv_register_session(req->smb_conn, session_info, NULL);
178 talloc_free(mem_ctx);
179 if (sess->nt1.out.vuid == UID_FIELD_INVALID) {
180 return NT_STATUS_ACCESS_DENIED;
182 sesssetup_common_strings(req,
184 &sess->nt1.out.lanman,
185 &sess->nt1.out.domain);
187 req->session = smbsrv_session_find(req->smb_conn, sess->nt1.out.vuid);
188 if (session_info->server_info->guest) {
191 if (!srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2)) {
192 /* Already signing, or disabled */
196 /* Force check of the request packet, now we know the session key */
197 req_signing_check_incoming(req);
199 srv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2);
206 handler for SPNEGO style session setup
208 static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess)
210 NTSTATUS status = NT_STATUS_ACCESS_DENIED;
211 struct smbsrv_session *smb_sess;
212 struct gensec_security *gensec_ctx = NULL;
213 struct auth_session_info *session_info = NULL;
216 if (!req->smb_conn->negotiate.done_sesssetup) {
217 req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
218 req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
221 vuid = SVAL(req->in.hdr,HDR_UID);
222 smb_sess = smbsrv_session_find(req->smb_conn, vuid);
223 if (smb_sess && !smb_sess->session_info) {
224 if (!smb_sess->gensec_ctx) {
225 return NT_STATUS_INVALID_HANDLE;
228 status = gensec_update(smb_sess->gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob);
232 status = gensec_server_start(req->smb_conn, &gensec_ctx);
233 if (!NT_STATUS_IS_OK(status)) {
234 DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
238 gensec_want_feature(gensec_ctx, GENSEC_WANT_SESSION_KEY);
240 status = gensec_start_mech_by_oid(gensec_ctx, OID_SPNEGO);
241 if (!NT_STATUS_IS_OK(status)) {
242 DEBUG(1, ("Failed to start GENSEC SPNEGO server code: %s\n", nt_errstr(status)));
246 status = gensec_update(gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob);
251 vuid = smbsrv_register_session(req->smb_conn,
252 session_info, gensec_ctx);
253 if (vuid == UID_FIELD_INVALID) {
254 return NT_STATUS_ACCESS_DENIED;
256 smb_sess = smbsrv_session_find(req->smb_conn, vuid);
258 return NT_STATUS_FOOBAR;
262 if (NT_STATUS_IS_OK(status)) {
263 DATA_BLOB session_key;
265 status = gensec_session_info(smb_sess->gensec_ctx, &smb_sess->session_info);
266 if (!NT_STATUS_IS_OK(status)) {
270 status = gensec_session_key(smb_sess->gensec_ctx,
272 if (NT_STATUS_IS_OK(status)
273 && !smb_sess->session_info->server_info->guest
274 && srv_setup_signing(req->smb_conn, &session_key, NULL)) {
275 /* Force check of the request packet, now we know the session key */
276 req_signing_check_incoming(req);
278 srv_signing_restart(req->smb_conn, &session_key, NULL);
282 status = nt_status_squash(status);
283 if (smb_sess->gensec_ctx &&
284 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
285 gensec_end(&smb_sess->gensec_ctx);
289 sess->spnego.out.action = 0;
290 sess->spnego.out.vuid = vuid;
291 sesssetup_common_strings(req,
292 &sess->spnego.out.os,
293 &sess->spnego.out.lanman,
294 &sess->spnego.out.domain);
300 backend for sessionsetup call - this takes all 3 variants of the call
302 NTSTATUS sesssetup_backend(struct smbsrv_request *req,
303 union smb_sesssetup *sess)
305 NTSTATUS status = NT_STATUS_INVALID_LEVEL;
307 switch (sess->generic.level) {
308 case RAW_SESSSETUP_GENERIC:
309 status = NT_STATUS_INVALID_LEVEL;
311 case RAW_SESSSETUP_OLD:
312 status = sesssetup_old(req, sess);
314 case RAW_SESSSETUP_NT1:
315 status = sesssetup_nt1(req, sess);
317 case RAW_SESSSETUP_SPNEGO:
318 status = sesssetup_spnego(req, sess);
322 if (NT_STATUS_IS_OK(status)) {
323 req->smb_conn->negotiate.done_sesssetup = True;