From: Michael Adam Date: Thu, 21 Jan 2016 17:59:34 +0000 (+0100) Subject: s3:smb2_sesssetup: implement SMB3 session bind (disabled) X-Git-Tag: samba-4.4.0rc1~77 X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=a1a8746174dff0b80ef4620894001a610b78f208 s3:smb2_sesssetup: implement SMB3 session bind (disabled) This is disabled for now. It will be possible to enabled it via a config switch once the underpinnings are complete. Pair-Programmed-With: Stefan Metzmacher Pair-Programmed-With: Guenther Deschner Signed-off-by: Michael Adam Signed-off-by: Stefan Metzmacher Autobuild-User(master): Michael Adam Autobuild-Date(master): Sat Jan 23 03:22:18 CET 2016 on sn-devel-144 --- diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 45386534ef2..a95f8a1a499 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -699,6 +699,7 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx, NTTIME now = timeval_to_nttime(&smb2req->request_time); struct tevent_req *subreq; struct smbXsrv_channel_global0 *c = NULL; + enum security_user_level seclvl; req = tevent_req_create(mem_ctx, &state, struct smbd_smb2_session_setup_state); @@ -719,13 +720,87 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + if (!smb2req->xconn->client->server_multi_channel_enabled) { + tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED); + return tevent_req_post(req, ev); + } + + if (in_session_id == 0) { + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + + if (smb2req->session == NULL) { + tevent_req_nterror(req, NT_STATUS_USER_SESSION_DELETED); + return tevent_req_post(req, ev); + } + + if (!smb2req->do_signing) { + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + + status = smbXsrv_session_find_channel(smb2req->session, + smb2req->xconn, + &c); + if (NT_STATUS_IS_OK(status)) { + if (c->signing_key.length == 0) { + goto auth; + } + tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED); + return tevent_req_post(req, ev); + } + /* - * We do not support multi channel. + * OLD: 3.00 NEW 3.02 => INVALID_PARAMETER + * OLD: 3.02 NEW 3.00 => INVALID_PARAMETER + * OLD: 2.10 NEW 3.02 => ACCESS_DENIED + * OLD: 3.02 NEW 2.10 => ACCESS_DENIED */ - tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED); - return tevent_req_post(req, ev); + if (smb2req->session->global->connection_dialect + < SMB2_DIALECT_REVISION_222) + { + tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); + return tevent_req_post(req, ev); + } + if (smb2req->xconn->smb2.server.dialect + < SMB2_DIALECT_REVISION_222) + { + tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); + return tevent_req_post(req, ev); + } + if (smb2req->session->global->connection_dialect + != smb2req->xconn->smb2.server.dialect) + { + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + + seclvl = security_session_user_level( + smb2req->session->global->auth_session_info, + NULL); + if (seclvl < SECURITY_USER) { + tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED); + return tevent_req_post(req, ev); + } + + status = smbXsrv_session_add_channel(smb2req->session, + smb2req->xconn, + &c); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return tevent_req_post(req, ev); + } + + status = smbXsrv_session_update(smb2req->session); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return tevent_req_post(req, ev); + } } +auth: + if (state->in_session_id == 0) { /* create a new session */ status = smbXsrv_session_create(state->smb2req->xconn,