s3:smbd: implement SMB2 Session Setup with raw NTLMSSP
[ira/wip.git] / source3 / smbd / smb2_sesssetup.c
1 /*
2    Unix SMB/CIFS implementation.
3    Core SMB2 server
4
5    Copyright (C) Stefan Metzmacher 2009
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/globals.h"
23 #include "../source4/libcli/smb2/smb2_constants.h"
24
25 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
26                                         uint64_t in_session_id,
27                                         DATA_BLOB in_security_buffer,
28                                         DATA_BLOB *out_security_buffer,
29                                         uint64_t *out_session_id);
30
31 NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req)
32 {
33         const uint8_t *inhdr;
34         const uint8_t *inbody;
35         int i = req->current_idx;
36         uint8_t *outhdr;
37         DATA_BLOB outbody;
38         DATA_BLOB outdyn;
39         size_t expected_body_size = 0x19;
40         size_t body_size;
41         uint64_t in_session_id;
42         uint16_t in_security_offset;
43         uint16_t in_security_length;
44         DATA_BLOB in_security_buffer;
45         uint64_t out_session_id;
46         uint16_t out_security_offset;
47         DATA_BLOB out_security_buffer;
48         NTSTATUS status;
49
50         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
51
52         if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
53                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
54         }
55
56         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
57
58         body_size = SVAL(inbody, 0x00);
59         if (body_size != expected_body_size) {
60                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
61         }
62
63         in_security_offset = SVAL(inbody, 0x0C);
64         in_security_length = SVAL(inbody, 0x0E);
65
66         if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
67                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
68         }
69
70         if (in_security_length > req->in.vector[i+2].iov_len) {
71                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
72         }
73
74         in_session_id = SVAL(inhdr, SMB2_HDR_SESSION_ID);
75         in_security_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
76         in_security_buffer.length = in_security_length;
77
78         status = smbd_smb2_session_setup(req,
79                                          in_session_id,
80                                          in_security_buffer,
81                                          &out_security_buffer,
82                                          &out_session_id);
83         if (!NT_STATUS_IS_OK(status) &&
84             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
85                 status = nt_status_squash(status);
86                 return smbd_smb2_request_error(req, status);
87         }
88
89         out_security_offset = SMB2_HDR_BODY + 0x08;
90
91         outhdr = (uint8_t *)req->out.vector[i].iov_base;
92
93         outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
94         if (outbody.data == NULL) {
95                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
96         }
97
98         SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
99
100         SSVAL(outbody.data, 0x00, 0x08 + 1);    /* struct size */
101         SSVAL(outbody.data, 0x02, 0);           /* session flags */
102         SSVAL(outbody.data, 0x04,
103               out_security_offset);             /* security buffer offset */
104         SSVAL(outbody.data, 0x06,
105               out_security_buffer.length);      /* security buffer length */
106
107         outdyn = out_security_buffer;
108
109         return smbd_smb2_request_done_ex(req, status, outbody, &outdyn);
110 }
111
112 static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
113 {
114         if (session->conn == NULL) {
115                 return 0;
116         }
117
118         idr_remove(session->conn->smb2.sessions.idtree, session->vuid);
119         DLIST_REMOVE(session->conn->smb2.sessions.list, session);
120
121         return 0;
122 }
123
124 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
125                                         uint64_t in_session_id,
126                                         DATA_BLOB in_security_buffer,
127                                         DATA_BLOB *out_security_buffer,
128                                         uint64_t *out_session_id)
129 {
130         struct smbd_smb2_session *session;
131         NTSTATUS status;
132
133         if (in_session_id == 0) {
134                 int id;
135
136                 /* create a new session */
137                 session = talloc_zero(req->conn, struct smbd_smb2_session);
138                 if (session == NULL) {
139                         return NT_STATUS_NO_MEMORY;
140                 }
141                 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
142                 id = idr_get_new_random(req->conn->smb2.sessions.idtree,
143                                         session,
144                                         req->conn->smb2.sessions.limit);
145                 if (id == -1) {
146                         return NT_STATUS_INSUFFICIENT_RESOURCES;
147                 }
148                 session->vuid = id;
149                 DLIST_ADD_END(req->conn->smb2.sessions.list, session,
150                               struct smbd_smb2_session *);
151                 session->conn = req->conn;
152                 talloc_set_destructor(session, smbd_smb2_session_destructor);
153         } else {
154                 void *p;
155
156                 /* lookup an existing session */
157                 p = idr_find(req->conn->smb2.sessions.idtree, in_session_id);
158                 if (p == NULL) {
159                         return NT_STATUS_USER_SESSION_DELETED;
160                 }
161                 session = talloc_get_type_abort(p, struct smbd_smb2_session);
162         }
163
164         if (NT_STATUS_IS_OK(session->status)) {
165                 return NT_STATUS_REQUEST_NOT_ACCEPTED;
166         }
167
168         if (session->auth_ntlmssp_state == NULL) {
169                 status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
170                 if (!NT_STATUS_IS_OK(status)) {
171                         return status;
172                 }
173         }
174
175         status = auth_ntlmssp_update(session->auth_ntlmssp_state,
176                                      in_security_buffer,
177                                      out_security_buffer);
178         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
179                 /* nothing to do */
180         } else if (NT_STATUS_IS_OK(status)) {
181                 /* TODO: setup session key for signing */
182                 session->status = NT_STATUS_OK;
183         } else {
184                 return status;
185         }
186
187         *out_session_id = session->vuid;
188         return status;
189 }
190