0a9edbc273b7d337ec793a91680895823c553dcf
[kai/samba.git] / source3 / smbd / smb2_sesssetup.c
1 /*
2    Unix SMB/CIFS implementation.
3    Core SMB2 server
4
5    Copyright (C) Stefan Metzmacher 2009
6    Copyright (C) Jeremy Allison 2010
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "../libcli/auth/spnego.h"
27 #include "../auth/gensec/gensec.h"
28 #include "../auth/ntlmssp/ntlmssp.h"
29 #include "ntlmssp_wrap.h"
30 #include "../librpc/gen_ndr/krb5pac.h"
31 #include "libads/kerberos_proto.h"
32 #include "../lib/util/asn1.h"
33 #include "auth.h"
34 #include "../lib/tsocket/tsocket.h"
35 #include "../libcli/security/security.h"
36
37 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
38                                         uint64_t in_session_id,
39                                         uint8_t in_security_mode,
40                                         DATA_BLOB in_security_buffer,
41                                         uint16_t *out_session_flags,
42                                         DATA_BLOB *out_security_buffer,
43                                         uint64_t *out_session_id);
44
45 NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
46 {
47         const uint8_t *inhdr;
48         const uint8_t *inbody;
49         int i = smb2req->current_idx;
50         uint8_t *outhdr;
51         DATA_BLOB outbody;
52         DATA_BLOB outdyn;
53         uint64_t in_session_id;
54         uint8_t in_security_mode;
55         uint16_t in_security_offset;
56         uint16_t in_security_length;
57         DATA_BLOB in_security_buffer;
58         uint16_t out_session_flags;
59         uint64_t out_session_id;
60         uint16_t out_security_offset;
61         DATA_BLOB out_security_buffer = data_blob_null;
62         NTSTATUS status;
63
64         status = smbd_smb2_request_verify_sizes(smb2req, 0x19);
65         if (!NT_STATUS_IS_OK(status)) {
66                 return smbd_smb2_request_error(smb2req, status);
67         }
68         inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
69         inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
70
71         in_security_offset = SVAL(inbody, 0x0C);
72         in_security_length = SVAL(inbody, 0x0E);
73
74         if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) {
75                 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
76         }
77
78         if (in_security_length > smb2req->in.vector[i+2].iov_len) {
79                 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
80         }
81
82         in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
83         in_security_mode = CVAL(inbody, 0x03);
84         in_security_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base;
85         in_security_buffer.length = in_security_length;
86
87         status = smbd_smb2_session_setup(smb2req,
88                                          in_session_id,
89                                          in_security_mode,
90                                          in_security_buffer,
91                                          &out_session_flags,
92                                          &out_security_buffer,
93                                          &out_session_id);
94         if (!NT_STATUS_IS_OK(status) &&
95             !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
96                 status = nt_status_squash(status);
97                 return smbd_smb2_request_error(smb2req, status);
98         }
99
100         out_security_offset = SMB2_HDR_BODY + 0x08;
101
102         outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
103
104         outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x08);
105         if (outbody.data == NULL) {
106                 return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
107         }
108
109         SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
110
111         SSVAL(outbody.data, 0x00, 0x08 + 1);    /* struct size */
112         SSVAL(outbody.data, 0x02,
113               out_session_flags);               /* session flags */
114         SSVAL(outbody.data, 0x04,
115               out_security_offset);             /* security buffer offset */
116         SSVAL(outbody.data, 0x06,
117               out_security_buffer.length);      /* security buffer length */
118
119         outdyn = out_security_buffer;
120
121         return smbd_smb2_request_done_ex(smb2req, status, outbody, &outdyn,
122                                          __location__);
123 }
124
125 static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
126 {
127         if (session->sconn == NULL) {
128                 return 0;
129         }
130
131         /* first free all tcons */
132         while (session->tcons.list) {
133                 talloc_free(session->tcons.list);
134         }
135
136         idr_remove(session->sconn->smb2.sessions.idtree, session->vuid);
137         DLIST_REMOVE(session->sconn->smb2.sessions.list, session);
138         invalidate_vuid(session->sconn, session->vuid);
139
140         session->vuid = 0;
141         session->status = NT_STATUS_USER_SESSION_DELETED;
142         session->sconn = NULL;
143
144         return 0;
145 }
146
147 #ifdef HAVE_KRB5
148 static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
149                                         struct smbd_smb2_request *smb2req,
150                                         uint8_t in_security_mode,
151                                         const DATA_BLOB *secblob,
152                                         const char *mechOID,
153                                         uint16_t *out_session_flags,
154                                         DATA_BLOB *out_security_buffer,
155                                         uint64_t *out_session_id)
156 {
157         DATA_BLOB ap_rep = data_blob_null;
158         DATA_BLOB ap_rep_wrapped = data_blob_null;
159         DATA_BLOB ticket = data_blob_null;
160         DATA_BLOB session_key = data_blob_null;
161         DATA_BLOB secblob_out = data_blob_null;
162         uint8 tok_id[2];
163         struct PAC_LOGON_INFO *logon_info = NULL;
164         char *principal = NULL;
165         char *user = NULL;
166         char *domain = NULL;
167         struct passwd *pw = NULL;
168         NTSTATUS status;
169         char *real_username;
170         bool username_was_mapped = false;
171         bool map_domainuser_to_guest = false;
172         bool guest = false;
173
174         if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
175                 status = NT_STATUS_LOGON_FAILURE;
176                 goto fail;
177         }
178
179         status = ads_verify_ticket(smb2req, lp_realm(), 0, &ticket,
180                                    &principal, &logon_info, &ap_rep,
181                                    &session_key, true);
182
183         if (!NT_STATUS_IS_OK(status)) {
184                 DEBUG(1,("smb2: Failed to verify incoming ticket with error %s!\n",
185                         nt_errstr(status)));
186                 if (!NT_STATUS_EQUAL(status, NT_STATUS_TIME_DIFFERENCE_AT_DC)) {
187                         status = NT_STATUS_LOGON_FAILURE;
188                 }
189                 goto fail;
190         }
191
192         status = get_user_from_kerberos_info(talloc_tos(),
193                                              session->sconn->remote_hostname,
194                                              principal, logon_info,
195                                              &username_was_mapped,
196                                              &map_domainuser_to_guest,
197                                              &user, &domain,
198                                              &real_username, &pw);
199         if (!NT_STATUS_IS_OK(status)) {
200                 goto fail;
201         }
202
203         /* save the PAC data if we have it */
204         if (logon_info) {
205                 netsamlogon_cache_store(user, &logon_info->info3);
206         }
207
208         /* setup the string used by %U */
209         sub_set_smb_name(real_username);
210
211         /* reload services so that the new %U is taken into account */
212         reload_services(smb2req->sconn, conn_snum_used, true);
213
214         status = make_session_info_krb5(session,
215                                         user, domain, real_username, pw,
216                                         logon_info, map_domainuser_to_guest,
217                                         username_was_mapped,
218                                         &session_key,
219                                         &session->session_info);
220         if (!NT_STATUS_IS_OK(status)) {
221                 DEBUG(1, ("smb2: make_server_info_krb5 failed\n"));
222                 goto fail;
223         }
224
225         if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
226              lp_server_signing() == SMB_SIGNING_REQUIRED) {
227                 session->do_signing = true;
228         }
229
230         if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) {
231                 /* we map anonymous to guest internally */
232                 *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
233                 *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
234                 /* force no signing */
235                 session->do_signing = false;
236                 guest = true;
237         }
238
239         session->session_key = session->session_info->session_key;
240
241         session->compat_vuser = talloc_zero(session, user_struct);
242         if (session->compat_vuser == NULL) {
243                 status = NT_STATUS_NO_MEMORY;
244                 goto fail;
245         }
246         session->compat_vuser->auth_ntlmssp_state = NULL;
247         session->compat_vuser->homes_snum = -1;
248         session->compat_vuser->session_info = session->session_info;
249         session->compat_vuser->session_keystr = NULL;
250         session->compat_vuser->vuid = session->vuid;
251         DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser);
252
253         if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
254                 session->compat_vuser->homes_snum =
255                         register_homes_share(session->session_info->unix_info->unix_name);
256         }
257
258         if (!session_claim(session->sconn, session->compat_vuser)) {
259                 DEBUG(1, ("smb2: Failed to claim session "
260                         "for vuid=%d\n",
261                         session->compat_vuser->vuid));
262                 goto fail;
263         }
264
265         session->status = NT_STATUS_OK;
266
267         /*
268          * we attach the session to the request
269          * so that the response can be signed
270          */
271         smb2req->session = session;
272         if (!guest) {
273                 smb2req->do_signing = true;
274         }
275
276         global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
277         status = NT_STATUS_OK;
278
279         /* wrap that up in a nice GSS-API wrapping */
280         ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep,
281                                 TOK_ID_KRB_AP_REP);
282
283         secblob_out = spnego_gen_auth_response(
284                                         talloc_tos(),
285                                         &ap_rep_wrapped,
286                                         status,
287                                         mechOID);
288
289         *out_security_buffer = data_blob_talloc(smb2req,
290                                                 secblob_out.data,
291                                                 secblob_out.length);
292         if (secblob_out.data && out_security_buffer->data == NULL) {
293                 status = NT_STATUS_NO_MEMORY;
294                 goto fail;
295         }
296
297         data_blob_free(&ap_rep);
298         data_blob_free(&ap_rep_wrapped);
299         data_blob_free(&ticket);
300         data_blob_free(&session_key);
301         data_blob_free(&secblob_out);
302
303         *out_session_id = session->vuid;
304
305         return NT_STATUS_OK;
306
307   fail:
308
309         data_blob_free(&ap_rep);
310         data_blob_free(&ap_rep_wrapped);
311         data_blob_free(&ticket);
312         data_blob_free(&session_key);
313         data_blob_free(&secblob_out);
314
315         ap_rep_wrapped = data_blob_null;
316         secblob_out = spnego_gen_auth_response(
317                                         talloc_tos(),
318                                         &ap_rep_wrapped,
319                                         status,
320                                         mechOID);
321
322         *out_security_buffer = data_blob_talloc(smb2req,
323                                                 secblob_out.data,
324                                                 secblob_out.length);
325         data_blob_free(&secblob_out);
326         return status;
327 }
328 #endif
329
330 static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
331                                         struct smbd_smb2_request *smb2req,
332                                         uint8_t in_security_mode,
333                                         DATA_BLOB in_security_buffer,
334                                         uint16_t *out_session_flags,
335                                         DATA_BLOB *out_security_buffer,
336                                         uint64_t *out_session_id)
337 {
338         DATA_BLOB secblob_in = data_blob_null;
339         DATA_BLOB chal_out = data_blob_null;
340         char *kerb_mech = NULL;
341         NTSTATUS status;
342
343         /* Ensure we have no old NTLM state around. */
344         TALLOC_FREE(session->auth_ntlmssp_state);
345
346         status = parse_spnego_mechanisms(talloc_tos(), in_security_buffer,
347                         &secblob_in, &kerb_mech);
348         if (!NT_STATUS_IS_OK(status)) {
349                 goto out;
350         }
351
352 #ifdef HAVE_KRB5
353         if (kerb_mech && ((lp_security()==SEC_ADS) ||
354                                 USE_KERBEROS_KEYTAB) ) {
355                 status = smbd_smb2_session_setup_krb5(session,
356                                 smb2req,
357                                 in_security_mode,
358                                 &secblob_in,
359                                 kerb_mech,
360                                 out_session_flags,
361                                 out_security_buffer,
362                                 out_session_id);
363
364                 goto out;
365         }
366 #endif
367
368         if (kerb_mech) {
369                 /* The mechtoken is a krb5 ticket, but
370                  * we need to fall back to NTLM. */
371
372                 DEBUG(3,("smb2: Got krb5 ticket in SPNEGO "
373                         "but set to downgrade to NTLMSSP\n"));
374
375                 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
376         } else {
377                 /* Fall back to NTLMSSP. */
378                 status = auth_generic_prepare(session, session->sconn->remote_address,
379                                             &session->auth_ntlmssp_state);
380                 if (!NT_STATUS_IS_OK(status)) {
381                         goto out;
382                 }
383
384                 gensec_want_feature(session->auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
385
386                 status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
387                 if (!NT_STATUS_IS_OK(status)) {
388                         goto out;
389                 }
390
391                 status = gensec_update(session->auth_ntlmssp_state->gensec_security,
392                                        talloc_tos(), NULL,
393                                        secblob_in,
394                                        &chal_out);
395         }
396
397         if (!NT_STATUS_IS_OK(status) &&
398                         !NT_STATUS_EQUAL(status,
399                                 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
400                 goto out;
401         }
402
403         *out_security_buffer = spnego_gen_auth_response(smb2req,
404                                                 &chal_out,
405                                                 status,
406                                                 OID_NTLMSSP);
407         if (out_security_buffer->data == NULL) {
408                 status = NT_STATUS_NO_MEMORY;
409                 goto out;
410         }
411         *out_session_id = session->vuid;
412
413   out:
414
415         data_blob_free(&secblob_in);
416         data_blob_free(&chal_out);
417         TALLOC_FREE(kerb_mech);
418         if (!NT_STATUS_IS_OK(status) &&
419                         !NT_STATUS_EQUAL(status,
420                                 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
421                 TALLOC_FREE(session);
422         }
423         return status;
424 }
425
426 static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *session,
427                                         struct smbd_smb2_request *smb2req,
428                                         uint8_t in_security_mode,
429                                         DATA_BLOB in_security_buffer,
430                                         uint16_t *out_session_flags,
431                                         uint64_t *out_session_id)
432 {
433         bool guest = false;
434
435         if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
436             lp_server_signing() == SMB_SIGNING_REQUIRED) {
437                 session->do_signing = true;
438         }
439
440         if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) {
441                 /* we map anonymous to guest internally */
442                 *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
443                 *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
444                 /* force no signing */
445                 session->do_signing = false;
446                 guest = true;
447         }
448
449         session->session_key = session->session_info->session_key;
450
451         session->compat_vuser = talloc_zero(session, user_struct);
452         if (session->compat_vuser == NULL) {
453                 TALLOC_FREE(session);
454                 return NT_STATUS_NO_MEMORY;
455         }
456         session->compat_vuser->auth_ntlmssp_state = session->auth_ntlmssp_state;
457         session->compat_vuser->homes_snum = -1;
458         session->compat_vuser->session_info = session->session_info;
459         session->compat_vuser->session_keystr = NULL;
460         session->compat_vuser->vuid = session->vuid;
461         DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser);
462
463         if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
464                 session->compat_vuser->homes_snum =
465                         register_homes_share(session->session_info->unix_info->unix_name);
466         }
467
468         if (!session_claim(session->sconn, session->compat_vuser)) {
469                 DEBUG(1, ("smb2: Failed to claim session "
470                         "for vuid=%d\n",
471                         session->compat_vuser->vuid));
472                 TALLOC_FREE(session);
473                 return NT_STATUS_LOGON_FAILURE;
474         }
475
476
477         session->status = NT_STATUS_OK;
478
479         /*
480          * we attach the session to the request
481          * so that the response can be signed
482          */
483         smb2req->session = session;
484         if (!guest) {
485                 smb2req->do_signing = true;
486         }
487
488         global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
489
490         *out_session_id = session->vuid;
491
492         return NT_STATUS_OK;
493 }
494
495 static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
496                                         struct smbd_smb2_request *smb2req,
497                                         uint8_t in_security_mode,
498                                         DATA_BLOB in_security_buffer,
499                                         uint16_t *out_session_flags,
500                                         DATA_BLOB *out_security_buffer,
501                                         uint64_t *out_session_id)
502 {
503         DATA_BLOB auth = data_blob_null;
504         DATA_BLOB auth_out = data_blob_null;
505         NTSTATUS status;
506
507         if (!spnego_parse_auth(talloc_tos(), in_security_buffer, &auth)) {
508                 TALLOC_FREE(session);
509                 return NT_STATUS_LOGON_FAILURE;
510         }
511
512         if (auth.data[0] == ASN1_APPLICATION(0)) {
513                 /* Might be a second negTokenTarg packet */
514                 DATA_BLOB secblob_in = data_blob_null;
515                 char *kerb_mech = NULL;
516
517                 status = parse_spnego_mechanisms(talloc_tos(),
518                                 in_security_buffer,
519                                 &secblob_in, &kerb_mech);
520                 if (!NT_STATUS_IS_OK(status)) {
521                         TALLOC_FREE(session);
522                         return status;
523                 }
524
525 #ifdef HAVE_KRB5
526                 if (kerb_mech && ((lp_security()==SEC_ADS) ||
527                                         USE_KERBEROS_KEYTAB) ) {
528                         status = smbd_smb2_session_setup_krb5(session,
529                                         smb2req,
530                                         in_security_mode,
531                                         &secblob_in,
532                                         kerb_mech,
533                                         out_session_flags,
534                                         out_security_buffer,
535                                         out_session_id);
536
537                         data_blob_free(&secblob_in);
538                         TALLOC_FREE(kerb_mech);
539                         if (!NT_STATUS_IS_OK(status)) {
540                                 TALLOC_FREE(session);
541                         }
542                         return status;
543                 }
544 #endif
545
546                 /* Can't blunder into NTLMSSP auth if we have
547                  * a krb5 ticket. */
548
549                 if (kerb_mech) {
550                         DEBUG(3,("smb2: network "
551                                 "misconfiguration, client sent us a "
552                                 "krb5 ticket and kerberos security "
553                                 "not enabled\n"));
554                         TALLOC_FREE(session);
555                         data_blob_free(&secblob_in);
556                         TALLOC_FREE(kerb_mech);
557                         return NT_STATUS_LOGON_FAILURE;
558                 }
559
560                 data_blob_free(&secblob_in);
561         }
562
563         if (session->auth_ntlmssp_state == NULL) {
564                 status = auth_generic_prepare(session, session->sconn->remote_address,
565                                             &session->auth_ntlmssp_state);
566                 if (!NT_STATUS_IS_OK(status)) {
567                         data_blob_free(&auth);
568                         TALLOC_FREE(session);
569                         return status;
570                 }
571
572                 gensec_want_feature(session->auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
573
574                 status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
575                 if (!NT_STATUS_IS_OK(status)) {
576                         data_blob_free(&auth);
577                         TALLOC_FREE(session);
578                         return status;
579                 }
580         }
581
582         status = gensec_update(session->auth_ntlmssp_state->gensec_security,
583                                talloc_tos(), NULL,
584                                auth,
585                                &auth_out);
586         /* If status is NT_STATUS_OK then we need to get the token.
587          * Map to guest is now internal to auth_ntlmssp */
588         if (NT_STATUS_IS_OK(status)) {
589                 status = gensec_session_info(session->auth_ntlmssp_state->gensec_security,
590                                              session,
591                                              &session->session_info);
592         }
593
594         if (!NT_STATUS_IS_OK(status) &&
595                         !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
596                 data_blob_free(&auth);
597                 TALLOC_FREE(session);
598                 return status;
599         }
600
601         data_blob_free(&auth);
602
603         *out_security_buffer = spnego_gen_auth_response(smb2req,
604                                 &auth_out, status, NULL);
605
606         if (out_security_buffer->data == NULL) {
607                 TALLOC_FREE(session);
608                 return NT_STATUS_NO_MEMORY;
609         }
610
611         *out_session_id = session->vuid;
612
613         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
614                 return NT_STATUS_MORE_PROCESSING_REQUIRED;
615         }
616
617         /* We're done - claim the session. */
618         return smbd_smb2_common_ntlmssp_auth_return(session,
619                                                 smb2req,
620                                                 in_security_mode,
621                                                 in_security_buffer,
622                                                 out_session_flags,
623                                                 out_session_id);
624 }
625
626 static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
627                                         struct smbd_smb2_request *smb2req,
628                                         uint8_t in_security_mode,
629                                         DATA_BLOB in_security_buffer,
630                                         uint16_t *out_session_flags,
631                                         DATA_BLOB *out_security_buffer,
632                                         uint64_t *out_session_id)
633 {
634         NTSTATUS status;
635
636         *out_security_buffer = data_blob_null;
637
638         if (session->auth_ntlmssp_state == NULL) {
639                 status = auth_generic_prepare(session, session->sconn->remote_address,
640                                             &session->auth_ntlmssp_state);
641                 if (!NT_STATUS_IS_OK(status)) {
642                         TALLOC_FREE(session);
643                         return status;
644                 }
645
646                 gensec_want_feature(session->auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
647
648                 if (session->sconn->use_gensec_hook) {
649                         status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_SPNEGO);
650                 } else {
651                         status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
652                 }
653                 if (!NT_STATUS_IS_OK(status)) {
654                         TALLOC_FREE(session);
655                         return status;
656                 }
657         }
658
659         /* RAW NTLMSSP */
660         status = gensec_update(session->auth_ntlmssp_state->gensec_security,
661                                smb2req, NULL,
662                                in_security_buffer,
663                                out_security_buffer);
664
665         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
666                 *out_session_id = session->vuid;
667                 return status;
668         }
669
670         status = gensec_session_info(session->auth_ntlmssp_state->gensec_security,
671                                      session,
672                                      &session->session_info);
673
674         if (!NT_STATUS_IS_OK(status)) {
675                 TALLOC_FREE(session);
676                 return status;
677         }
678         *out_session_id = session->vuid;
679
680         return smbd_smb2_common_ntlmssp_auth_return(session,
681                                                 smb2req,
682                                                 in_security_mode,
683                                                 in_security_buffer,
684                                                 out_session_flags,
685                                                 out_session_id);
686 }
687
688 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
689                                         uint64_t in_session_id,
690                                         uint8_t in_security_mode,
691                                         DATA_BLOB in_security_buffer,
692                                         uint16_t *out_session_flags,
693                                         DATA_BLOB *out_security_buffer,
694                                         uint64_t *out_session_id)
695 {
696         struct smbd_smb2_session *session;
697
698         *out_session_flags = 0;
699         *out_session_id = 0;
700
701         if (in_session_id == 0) {
702                 int id;
703
704                 /* create a new session */
705                 session = talloc_zero(smb2req->sconn, struct smbd_smb2_session);
706                 if (session == NULL) {
707                         return NT_STATUS_NO_MEMORY;
708                 }
709                 session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
710                 id = idr_get_new_random(smb2req->sconn->smb2.sessions.idtree,
711                                         session,
712                                         smb2req->sconn->smb2.sessions.limit);
713                 if (id == -1) {
714                         return NT_STATUS_INSUFFICIENT_RESOURCES;
715                 }
716                 session->vuid = id;
717
718                 session->tcons.idtree = idr_init(session);
719                 if (session->tcons.idtree == NULL) {
720                         return NT_STATUS_NO_MEMORY;
721                 }
722                 session->tcons.limit = 0x0000FFFE;
723                 session->tcons.list = NULL;
724
725                 DLIST_ADD_END(smb2req->sconn->smb2.sessions.list, session,
726                               struct smbd_smb2_session *);
727                 session->sconn = smb2req->sconn;
728                 talloc_set_destructor(session, smbd_smb2_session_destructor);
729         } else {
730                 void *p;
731
732                 /* lookup an existing session */
733                 p = idr_find(smb2req->sconn->smb2.sessions.idtree, in_session_id);
734                 if (p == NULL) {
735                         return NT_STATUS_USER_SESSION_DELETED;
736                 }
737                 session = talloc_get_type_abort(p, struct smbd_smb2_session);
738         }
739
740         if (NT_STATUS_IS_OK(session->status)) {
741                 return NT_STATUS_REQUEST_NOT_ACCEPTED;
742         }
743
744         /* Handle either raw NTLMSSP or hand off the whole blob to
745          * GENSEC.  The processing at this layer is essentially
746          * identical regardless.  In particular, both rely only on the
747          * status code (not the contents of the packet) and do not
748          * wrap the result */
749         if (session->sconn->use_gensec_hook
750             || ntlmssp_blob_matches_magic(&in_security_buffer)) {
751                 return smbd_smb2_raw_ntlmssp_auth(session,
752                                                 smb2req,
753                                                 in_security_mode,
754                                                 in_security_buffer,
755                                                 out_session_flags,
756                                                 out_security_buffer,
757                                                 out_session_id);
758         } else if (in_security_buffer.data[0] == ASN1_APPLICATION(0)) {
759                 return smbd_smb2_spnego_negotiate(session,
760                                                 smb2req,
761                                                 in_security_mode,
762                                                 in_security_buffer,
763                                                 out_session_flags,
764                                                 out_security_buffer,
765                                                 out_session_id);
766         } else if (in_security_buffer.data[0] == ASN1_CONTEXT(1)) {
767                 return smbd_smb2_spnego_auth(session,
768                                                 smb2req,
769                                                 in_security_mode,
770                                                 in_security_buffer,
771                                                 out_session_flags,
772                                                 out_security_buffer,
773                                                 out_session_id);
774         }
775
776         /* Unknown packet type. */
777         DEBUG(1,("Unknown packet type %u in smb2 sessionsetup\n",
778                 (unsigned int)in_security_buffer.data[0] ));
779         TALLOC_FREE(session);
780         return NT_STATUS_LOGON_FAILURE;
781 }
782
783 NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
784 {
785         NTSTATUS status;
786         DATA_BLOB outbody;
787
788         status = smbd_smb2_request_verify_sizes(req, 0x04);
789         if (!NT_STATUS_IS_OK(status)) {
790                 return smbd_smb2_request_error(req, status);
791         }
792
793         /*
794          * TODO: cancel all outstanding requests on the session
795          *       and delete all tree connections.
796          */
797         smbd_smb2_session_destructor(req->session);
798         /*
799          * we may need to sign the response, so we need to keep
800          * the session until the response is sent to the wire.
801          */
802         talloc_steal(req, req->session);
803
804         outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
805         if (outbody.data == NULL) {
806                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
807         }
808
809         SSVAL(outbody.data, 0x00, 0x04);        /* struct size */
810         SSVAL(outbody.data, 0x02, 0);           /* reserved */
811
812         return smbd_smb2_request_done(req, outbody, NULL);
813 }