2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1998-2001
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jim McDonough 2002
7 Copyright (C) Luke Howard 2003
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 setup the OS, Lanman and domain portions of a session setup reply
29 static void sesssetup_common_strings(struct smbsrv_request *req,
30 char **os, char **lanman, char **domain)
32 (*os) = talloc_asprintf(req->mem_ctx, "Unix");
33 (*lanman) = talloc_asprintf(req->mem_ctx, "Samba %s", SAMBA_VERSION_STRING);
34 (*domain) = talloc_asprintf(req->mem_ctx, "%s", lp_workgroup());
39 handler for old style session setup
41 static NTSTATUS sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
44 struct auth_usersupplied_info *user_info = NULL;
45 struct auth_serversupplied_info *server_info = NULL;
46 struct auth_session_info *session_info;
49 if (!req->smb_conn->negotiate.done_sesssetup) {
50 req->smb_conn->negotiate.max_send = sess->old.in.bufsize;
55 status = make_user_info_for_reply_enc(&user_info,
56 sess->old.in.user, sess->old.in.domain,
57 sess->old.in.password,
59 if (!NT_STATUS_IS_OK(status)) {
60 return NT_STATUS_ACCESS_DENIED;
63 status = req->smb_conn->negotiate.auth_context->check_ntlm_password(req->smb_conn->negotiate.auth_context,
66 if (!NT_STATUS_IS_OK(status)) {
67 return nt_status_squash(status);
70 status = make_session_info(server_info, &session_info);
71 if (!NT_STATUS_IS_OK(status)) {
72 return nt_status_squash(status);
75 sess->old.out.action = 0;
76 sess->old.out.vuid = smbsrv_register_session(req->smb_conn, session_info, NULL);
77 if (sess->old.out.vuid == UID_FIELD_INVALID) {
78 return NT_STATUS_ACCESS_DENIED;
80 sesssetup_common_strings(req,
82 &sess->old.out.lanman,
83 &sess->old.out.domain);
85 req->session = smbsrv_session_find(req->smb_conn, sess->old.out.vuid);
92 handler for NT1 style session setup
94 static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
97 struct auth_usersupplied_info *user_info = NULL;
98 struct auth_serversupplied_info *server_info = NULL;
99 struct auth_session_info *session_info;
101 if (!req->smb_conn->negotiate.done_sesssetup) {
102 req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
103 req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
106 if (req->smb_conn->negotiate.spnego_negotiated) {
107 struct auth_context *auth_context;
109 if (sess->nt1.in.user && *sess->nt1.in.user) {
110 return NT_STATUS_ACCESS_DENIED;
112 make_user_info_guest(&user_info);
115 status = make_auth_context_subsystem(&auth_context);
117 if (!NT_STATUS_IS_OK(status)) {
121 status = auth_context->check_ntlm_password(auth_context,
125 free_auth_context(&auth_context);
128 status = make_user_info_for_reply_enc(&user_info,
129 sess->nt1.in.user, sess->nt1.in.domain,
130 sess->nt1.in.password1,
131 sess->nt1.in.password2);
132 if (!NT_STATUS_IS_OK(status)) {
133 return NT_STATUS_ACCESS_DENIED;
136 status = req->smb_conn->negotiate
137 .auth_context->check_ntlm_password(req->smb_conn->negotiate
143 if (!NT_STATUS_IS_OK(status)) {
144 return nt_status_squash(status);
147 status = make_session_info(server_info, &session_info);
148 if (!NT_STATUS_IS_OK(status)) {
149 return nt_status_squash(status);
152 sess->nt1.out.action = 0;
153 sess->nt1.out.vuid = smbsrv_register_session(req->smb_conn, session_info, NULL);
154 if (sess->nt1.out.vuid == UID_FIELD_INVALID) {
155 return NT_STATUS_ACCESS_DENIED;
157 sesssetup_common_strings(req,
159 &sess->nt1.out.lanman,
160 &sess->nt1.out.domain);
162 req->session = smbsrv_session_find(req->smb_conn, sess->nt1.out.vuid);
163 if (!session_info->server_info->guest) {
164 srv_setup_signing(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2);
172 handler for SPNEGO style session setup
174 static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *sess)
176 NTSTATUS status = NT_STATUS_ACCESS_DENIED;
177 struct smbsrv_session *smb_sess;
178 struct gensec_security *gensec_ctx = NULL;
179 struct auth_session_info *session_info = NULL;
182 if (!req->smb_conn->negotiate.done_sesssetup) {
183 req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
184 req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
187 vuid = SVAL(req->in.hdr,HDR_UID);
188 smb_sess = smbsrv_session_find(req->smb_conn, vuid);
190 if (!smb_sess->gensec_ctx) {
191 return NT_STATUS_INVALID_HANDLE;
194 /* what is when the client is already successful authentificated? */
195 if (smb_sess->session_info) {
196 return NT_STATUS_ACCESS_DENIED;
199 status = gensec_update(smb_sess->gensec_ctx, req->mem_ctx, sess->spnego.in.secblob, &sess->spnego.out.secblob);
201 status = gensec_server_start(&gensec_ctx);
202 if (!NT_STATUS_IS_OK(status)) {
203 DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
207 status = gensec_start_mech_by_oid(gensec_ctx, OID_SPNEGO);
208 if (!NT_STATUS_IS_OK(status)) {
209 DEBUG(1, ("Failed to start GENSEC SPNEGO server code: %s\n", nt_errstr(status)));
213 status = gensec_update(gensec_ctx, req->mem_ctx, sess->spnego.in.secblob, &sess->spnego.out.secblob);
218 vuid = smbsrv_register_session(req->smb_conn, session_info, gensec_ctx);
219 if (vuid == UID_FIELD_INVALID) {
220 return NT_STATUS_ACCESS_DENIED;
222 smb_sess = smbsrv_session_find(req->smb_conn, vuid);
224 return NT_STATUS_FOOBAR;
228 if (NT_STATUS_IS_OK(status)) {
229 DATA_BLOB session_key;
230 DATA_BLOB null_data_blob = data_blob(NULL, 0);
232 status = gensec_session_info(smb_sess->gensec_ctx, &smb_sess->session_info);
233 if (!NT_STATUS_IS_OK(status)) {
237 status = gensec_session_key(smb_sess->gensec_ctx,
239 if (NT_STATUS_IS_OK(status)) {
240 srv_setup_signing(req->smb_conn, &session_key, &null_data_blob);
242 req->smb_conn->signing.next_seq_num = 2;
246 sess->spnego.out.action = 0;
247 sess->spnego.out.vuid = vuid;
248 sesssetup_common_strings(req,
249 &sess->spnego.out.os,
250 &sess->spnego.out.lanman,
251 &sess->spnego.out.domain);
257 backend for sessionsetup call - this takes all 3 variants of the call
259 NTSTATUS sesssetup_backend(struct smbsrv_request *req,
260 union smb_sesssetup *sess)
262 NTSTATUS status = NT_STATUS_INVALID_LEVEL;
264 switch (sess->generic.level) {
265 case RAW_SESSSETUP_GENERIC:
266 status = NT_STATUS_INVALID_LEVEL;
268 case RAW_SESSSETUP_OLD:
269 status = sesssetup_old(req, sess);
271 case RAW_SESSSETUP_NT1:
272 status = sesssetup_nt1(req, sess);
274 case RAW_SESSSETUP_SPNEGO:
275 status = sesssetup_spnego(req, sess);
279 if (NT_STATUS_IS_OK(status)) {
280 req->smb_conn->negotiate.done_sesssetup = True;