s3:smbd: SMB2 session ids are 64bit...
[ira/wip.git] / source3 / smbd / smb2_sesssetup.c
1 /*
2    Unix SMB/CIFS implementation.
3    Core SMB2 server
4
5    Copyright (C) Stefan Metzmacher 2009
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/globals.h"
23 #include "../source4/libcli/smb2/smb2_constants.h"
24
25 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
26                                         uint64_t in_session_id,
27                                         DATA_BLOB in_security_buffer,
28                                         DATA_BLOB *out_security_buffer,
29                                         uint64_t *out_session_id);
30
31 NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req)
32 {
33         const uint8_t *inhdr;
34         const uint8_t *inbody;
35         int i = req->current_idx;
36         uint8_t *outhdr;
37         DATA_BLOB outbody;
38         DATA_BLOB outdyn;
39         size_t expected_body_size = 0x19;
40         size_t body_size;
41         uint64_t in_session_id;
42         uint16_t in_security_offset;
43         uint16_t in_security_length;
44         DATA_BLOB in_security_buffer;
45         uint64_t out_session_id;
46         uint16_t out_security_offset;
47         DATA_BLOB out_security_buffer;
48         NTSTATUS status;
49
50         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
51
52         if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
53                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
54         }
55
56         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
57
58         body_size = SVAL(inbody, 0x00);
59         if (body_size != expected_body_size) {
60                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
61         }
62
63         in_security_offset = SVAL(inbody, 0x0C);
64         in_security_length = SVAL(inbody, 0x0E);
65
66         if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
67                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
68         }
69
70         if (in_security_length > req->in.vector[i+2].iov_len) {
71                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
72         }
73
74         in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
75         in_security_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
76         in_security_buffer.length = in_security_length;
77
78         status = smbd_smb2_session_setup(req,
79                                          in_session_id,
80                                          in_security_buffer,
81                                          &out_security_buffer,
82                                          &out_session_id);
83         if (!NT_STATUS_IS_OK(status) &&
84             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
85                 status = nt_status_squash(status);
86                 return smbd_smb2_request_error(req, status);
87         }
88
89         out_security_offset = SMB2_HDR_BODY + 0x08;
90
91         outhdr = (uint8_t *)req->out.vector[i].iov_base;
92
93         outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
94         if (outbody.data == NULL) {
95                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
96         }
97
98         SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
99
100         SSVAL(outbody.data, 0x00, 0x08 + 1);    /* struct size */
101         SSVAL(outbody.data, 0x02, 0);           /* session flags */
102         SSVAL(outbody.data, 0x04,
103               out_security_offset);             /* security buffer offset */
104         SSVAL(outbody.data, 0x06,
105               out_security_buffer.length);      /* security buffer length */
106
107         outdyn = out_security_buffer;
108
109         return smbd_smb2_request_done_ex(req, status, outbody, &outdyn);
110 }
111
112 static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
113 {
114         if (session->conn == NULL) {
115                 return 0;
116         }
117
118         idr_remove(session->conn->smb2.sessions.idtree, session->vuid);
119         DLIST_REMOVE(session->conn->smb2.sessions.list, session);
120
121         session->vuid = 0;
122         session->status = NT_STATUS_USER_SESSION_DELETED;
123         session->conn = NULL;
124
125         return 0;
126 }
127
128 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *req,
129                                         uint64_t in_session_id,
130                                         DATA_BLOB in_security_buffer,
131                                         DATA_BLOB *out_security_buffer,
132                                         uint64_t *out_session_id)
133 {
134         struct smbd_smb2_session *session;
135         NTSTATUS status;
136
137         if (in_session_id == 0) {
138                 int id;
139
140                 /* create a new session */
141                 session = talloc_zero(req->conn, struct smbd_smb2_session);
142                 if (session == NULL) {
143                         return NT_STATUS_NO_MEMORY;
144                 }
145                 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
146                 id = idr_get_new_random(req->conn->smb2.sessions.idtree,
147                                         session,
148                                         req->conn->smb2.sessions.limit);
149                 if (id == -1) {
150                         return NT_STATUS_INSUFFICIENT_RESOURCES;
151                 }
152                 session->vuid = id;
153                 DLIST_ADD_END(req->conn->smb2.sessions.list, session,
154                               struct smbd_smb2_session *);
155                 session->conn = req->conn;
156                 talloc_set_destructor(session, smbd_smb2_session_destructor);
157         } else {
158                 void *p;
159
160                 /* lookup an existing session */
161                 p = idr_find(req->conn->smb2.sessions.idtree, in_session_id);
162                 if (p == NULL) {
163                         return NT_STATUS_USER_SESSION_DELETED;
164                 }
165                 session = talloc_get_type_abort(p, struct smbd_smb2_session);
166         }
167
168         if (NT_STATUS_IS_OK(session->status)) {
169                 return NT_STATUS_REQUEST_NOT_ACCEPTED;
170         }
171
172         if (session->auth_ntlmssp_state == NULL) {
173                 status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
174                 if (!NT_STATUS_IS_OK(status)) {
175                         return status;
176                 }
177         }
178
179         status = auth_ntlmssp_update(session->auth_ntlmssp_state,
180                                      in_security_buffer,
181                                      out_security_buffer);
182         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
183                 /* nothing to do */
184         } else if (NT_STATUS_IS_OK(status)) {
185                 /* TODO: setup session key for signing */
186                 session->status = NT_STATUS_OK;
187                 /*
188                  * we attach the session to the request
189                  * so that the response can be signed
190                  */
191                 req->session = session;
192         } else {
193                 return status;
194         }
195
196         *out_session_id = session->vuid;
197         return status;
198 }
199
200 NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
201 {
202         const uint8_t *inhdr;
203         int i = req->current_idx;
204         uint64_t in_session_id;
205         void *p;
206         struct smbd_smb2_session *session;
207
208         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
209
210         in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
211
212         /* lookup an existing session */
213         p = idr_find(req->conn->smb2.sessions.idtree, in_session_id);
214         if (p == NULL) {
215                 return NT_STATUS_USER_SESSION_DELETED;
216         }
217         session = talloc_get_type_abort(p, struct smbd_smb2_session);
218
219         if (!NT_STATUS_IS_OK(session->status)) {
220                 return NT_STATUS_ACCESS_DENIED;
221         }
222
223         req->session = session;
224         return NT_STATUS_OK;
225 }
226
227 NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
228 {
229         const uint8_t *inbody;
230         int i = req->current_idx;
231         DATA_BLOB outbody;
232         size_t expected_body_size = 0x04;
233         size_t body_size;
234
235         if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
236                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
237         }
238
239         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
240
241         body_size = SVAL(inbody, 0x00);
242         if (body_size != expected_body_size) {
243                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
244         }
245
246         /*
247          * TODO: cancel all outstanding requests on the session
248          *       and delete all tree connections.
249          */
250         smbd_smb2_session_destructor(req->session);
251         /*
252          * we may need to sign the response, so we need to keep
253          * the session until the response is sent to the wire.
254          */
255         talloc_steal(req, req->session);
256
257         outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
258         if (outbody.data == NULL) {
259                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
260         }
261
262         SSVAL(outbody.data, 0x00, 0x04);        /* struct size */
263         SSVAL(outbody.data, 0x02, 0);           /* reserved */
264
265         return smbd_smb2_request_done(req, outbody, NULL);
266 }