CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
[kai/samba-autobuild/.git] / source4 / smb_server / smb2 / negprot.c
index f915392ffaee5af9d19472ac90f0eb44d272bb61..addd278eb4c2068a3448274139975a564abbc0b2 100644 (file)
 #include "libcli/smb2/smb2.h"
 #include "libcli/smb2/smb2_calls.h"
 #include "smb_server/smb_server.h"
-#include "smb_server/service_smb_proto.h"
 #include "smb_server/smb2/smb2_server.h"
 #include "smbd/service_stream.h"
 #include "param/param.h"
-#include "librpc/ndr/libndr.h"
 
 static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *_blob)
 {
@@ -51,8 +49,10 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
        nt_status = cli_credentials_set_machine_account(server_credentials, req->smb_conn->lp_ctx);
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status)));
-               talloc_free(server_credentials);
-               server_credentials = NULL;
+               /*
+                * We keep the server_credentials as anonymous
+                * this is required for the spoolss.notify test
+                */
        }
 
        req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials);
@@ -81,7 +81,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
                return nt_status;
        }
 
-       nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
+       nt_status = gensec_update_ev(gensec_security, req, req->smb_conn->connection->event.ctx, null_data_blob, &blob);
        if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
                smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
@@ -99,6 +99,8 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
        struct timeval boot_time;
        uint16_t i;
        uint16_t dialect = 0;
+       enum smb_signing_setting signing_setting;
+       struct loadparm_context *lp_ctx = req->smb_conn->lp_ctx;
 
        /* we only do one dialect for now */
        if (io->in.dialect_count < 1) {
@@ -115,18 +117,44 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
                return NT_STATUS_NOT_SUPPORTED;
        }
 
-       req->smb_conn->negotiate.protocol = PROTOCOL_SMB2;
+       req->smb_conn->negotiate.protocol = PROTOCOL_SMB2_02;
 
        current_time = timeval_current(); /* TODO: handle timezone?! */
        boot_time = timeval_current(); /* TODO: fix me */
 
        ZERO_STRUCT(io->out);
-       switch (lp_server_signing(req->smb_conn->lp_ctx)) {
+
+       signing_setting = lpcfg_server_signing(lp_ctx);
+       if (signing_setting == SMB_SIGNING_DEFAULT) {
+               /*
+                * If we are a domain controller, SMB signing is
+                * really important, as it can prevent a number of
+                * attacks on communications between us and the
+                * clients
+                *
+                * However, it really sucks (no sendfile, CPU
+                * overhead) performance-wise when used on a
+                * file server, so disable it by default
+                * on non-DCs
+                */
+
+               if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
+                       signing_setting = SMB_SIGNING_REQUIRED;
+               } else {
+                       signing_setting = SMB_SIGNING_OFF;
+               }
+       }
+
+       switch (signing_setting) {
+       case SMB_SIGNING_DEFAULT:
+       case SMB_SIGNING_IPC_DEFAULT:
+               smb_panic(__location__);
+               break;
        case SMB_SIGNING_OFF:
                io->out.security_mode = 0;
                break;
-       case SMB_SIGNING_SUPPORTED:
-       case SMB_SIGNING_AUTO:
+       case SMB_SIGNING_DESIRED:
+       case SMB_SIGNING_IF_REQUIRED:
                io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
                break;
        case SMB_SIGNING_REQUIRED:
@@ -137,11 +165,11 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
        }
        io->out.dialect_revision   = dialect;
        io->out.capabilities       = 0;
-       io->out.max_transact_size  = lp_parm_ulong(req->smb_conn->lp_ctx, NULL, 
+       io->out.max_transact_size  = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
                                                   "smb2", "max transaction size", 0x10000);
-       io->out.max_read_size      = lp_parm_ulong(req->smb_conn->lp_ctx, NULL, 
+       io->out.max_read_size      = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
                                                   "smb2", "max read size", 0x10000);
-       io->out.max_write_size     = lp_parm_ulong(req->smb_conn->lp_ctx, NULL, 
+       io->out.max_write_size     = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
                                                   "smb2", "max write size", 0x10000);
        io->out.system_time        = timeval_to_nttime(&current_time);
        io->out.server_start_time  = timeval_to_nttime(&boot_time);
@@ -155,7 +183,6 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
 static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negprot *io)
 {
        NTSTATUS status;
-       enum ndr_err_code ndr_err;
 
        if (NT_STATUS_IS_ERR(req->status)) {
                smb2srv_send_error(req, req->status); /* TODO: is this correct? */
@@ -172,8 +199,8 @@ static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negpro
        SSVAL(req->out.body, 0x02, io->out.security_mode);
        SIVAL(req->out.body, 0x04, io->out.dialect_revision);
        SIVAL(req->out.body, 0x06, io->out.reserved);
-       ndr_err = smbcli_push_guid(req->out.body, 0x08, &io->out.server_guid);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+       status = smbcli_push_guid(req->out.body, 0x08, &io->out.server_guid);
+       if (!NT_STATUS_IS_OK(status)) {
                smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
                talloc_free(req);
                return;
@@ -199,7 +226,6 @@ void smb2srv_negprot_recv(struct smb2srv_request *req)
 {
        struct smb2_negprot *io;
        int i;
-       enum ndr_err_code ndr_err;
 
        if (req->in.body_size < 0x26) {
                smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");
@@ -217,8 +243,8 @@ void smb2srv_negprot_recv(struct smb2srv_request *req)
        io->in.security_mode = SVAL(req->in.body, 0x04);
        io->in.reserved      = SVAL(req->in.body, 0x06);
        io->in.capabilities  = IVAL(req->in.body, 0x08);
-       ndr_err = smbcli_pull_guid(req->in.body, 0xC, &io->in.client_guid);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+       req->status = smbcli_pull_guid(req->in.body, 0xC, &io->in.client_guid);
+       if (!NT_STATUS_IS_OK(req->status)) {
                smbsrv_terminate_connection(req->smb_conn, "Bad GUID in SMB2 negprot");
                talloc_free(req);
                return;