{
const uint8_t *inhdr;
const uint8_t *inbody;
- int i = smb2req->current_idx;
uint64_t in_session_id;
uint8_t in_flags;
uint8_t in_security_mode;
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(smb2req, status);
}
- inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
- inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
+ inhdr = SMBD_SMB2_IN_HDR_PTR(smb2req);
+ inbody = SMBD_SMB2_IN_BODY_PTR(smb2req);
in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
in_security_length = SVAL(inbody, 0x0E);
in_previous_session_id = BVAL(inbody, 0x10);
- if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) {
+ if (in_security_offset != (SMB2_HDR_BODY + SMBD_SMB2_IN_BODY_LEN(smb2req))) {
return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
}
- if (in_security_length > smb2req->in.vector[i+2].iov_len) {
+ if (in_security_length > SMBD_SMB2_IN_DYN_LEN(smb2req)) {
return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
}
- in_security_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base;
+ in_security_buffer.data = SMBD_SMB2_IN_DYN_PTR(smb2req);
in_security_buffer.length = in_security_length;
subreq = smbd_smb2_session_setup_send(smb2req,
struct smbd_smb2_request *smb2req =
tevent_req_callback_data(subreq,
struct smbd_smb2_request);
- int i = smb2req->current_idx;
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
out_security_offset = SMB2_HDR_BODY + 0x08;
- outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
+ outhdr = SMBD_SMB2_OUT_HDR_PTR(smb2req);
outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x08);
if (outbody.data == NULL) {
static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
struct smbd_smb2_request *smb2req,
uint8_t in_security_mode,
- uint64_t in_previous_session_id,
- DATA_BLOB in_security_buffer,
+ struct auth_session_info *session_info,
uint16_t *out_session_flags,
uint64_t *out_session_id)
{
bool guest = false;
uint8_t session_key[16];
struct smbXsrv_session *x = session;
- struct auth_session_info *session_info;
struct smbXsrv_connection *conn = session->connection;
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
x->global->signing_required = true;
}
- status = gensec_session_info(session->gensec,
- session->global,
- &session_info);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(session);
- return status;
+ if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) {
+ x->global->encryption_required = true;
}
if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
guest = true;
}
+ if (guest && x->global->encryption_required) {
+ DEBUG(1,("reject guest session as encryption is required\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (!(conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+ if (x->global->encryption_required) {
+ DEBUG(1,("reject session with dialect[0x%04X] "
+ "as encryption is required\n",
+ conn->smb2.server.dialect));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (x->global->encryption_required) {
+ *out_session_flags |= SMB2_SESSION_FLAG_ENCRYPT_DATA;
+ }
+
ZERO_STRUCT(session_key);
memcpy(session_key, session_info->session_key.data,
MIN(session_info->session_key.length, sizeof(session_key)));
sizeof(session_key));
if (x->global->signing_key.data == NULL) {
ZERO_STRUCT(session_key);
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
x->global->signing_key.data);
}
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
+ const DATA_BLOB context = data_blob_string_const_null("ServerIn ");
+
+ x->global->decryption_key = data_blob_talloc(x->global,
+ session_key,
+ sizeof(session_key));
+ if (x->global->decryption_key.data == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ x->global->decryption_key.data);
+ }
+
+ if (conn->protocol >= PROTOCOL_SMB2_24) {
+ const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
+ const DATA_BLOB context = data_blob_string_const_null("ServerOut");
+
+ x->global->encryption_key = data_blob_talloc(x->global,
+ session_key,
+ sizeof(session_key));
+ if (x->global->encryption_key.data == NULL) {
+ ZERO_STRUCT(session_key);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ smb2_key_derivation(session_key, sizeof(session_key),
+ label.data, label.length,
+ context.data, context.length,
+ x->global->encryption_key.data);
+
+ generate_random_buffer((uint8_t *)&x->nonce_high, sizeof(x->nonce_high));
+ x->nonce_low = 1;
+ }
+
x->global->application_key = data_blob_dup_talloc(x->global,
x->global->signing_key);
if (x->global->application_key.data == NULL) {
ZERO_STRUCT(session_key);
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
x->global->channels[0].signing_key = data_blob_dup_talloc(x->global->channels,
x->global->signing_key);
if (x->global->channels[0].signing_key.data == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
session_info->session_key = data_blob_dup_talloc(session_info,
x->global->application_key);
if (session_info->session_key.data == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
session->compat = talloc_zero(session, struct user_struct);
if (session->compat == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
session->compat->session = session;
register_homes_share(session_info->unix_info->unix_name);
}
- if (!session_claim(smb2req->sconn, session->compat)) {
+ if (!session_claim(smb2req->sconn, session)) {
DEBUG(1, ("smb2: Failed to claim session "
"for vuid=%llu\n",
(unsigned long long)session->compat->vuid));
- TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
(unsigned long long)session->compat->vuid,
nt_errstr(status)));
- TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
struct smbd_smb2_request *smb2req,
+ struct auth_session_info *session_info,
uint16_t *out_session_flags,
uint64_t *out_session_id)
{
NTSTATUS status;
struct smbXsrv_session *x = session;
- struct auth_session_info *session_info;
struct smbXsrv_connection *conn = session->connection;
- status = gensec_session_info(session->gensec,
- session->global,
- &session_info);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(session);
- return status;
- }
-
data_blob_clear_free(&session_info->session_key);
session_info->session_key = data_blob_dup_talloc(session_info,
x->global->application_key);
if (session_info->session_key.data == NULL) {
- TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
(unsigned long long)session->compat->vuid,
nt_errstr(status)));
- TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
conn_clear_vuid_caches(conn->sconn, session->compat->vuid);
- /*
- * we attach the session to the request
- * so that the response can be signed
- */
- smb2req->session = session;
- smb2req->do_signing = true;
-
- global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
-
*out_session_id = session->global->session_wire_id;
return NT_STATUS_OK;
uint64_t in_previous_session_id;
DATA_BLOB in_security_buffer;
struct smbXsrv_session *session;
+ struct auth_session_info *session_info;
uint16_t out_session_flags;
DATA_BLOB out_security_buffer;
uint64_t out_session_id;
+ /* The following pointer is owned by state->session. */
+ struct smbd_smb2_session_setup_state **pp_self_ref;
};
+static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_state)
+{
+ (*pp_state)->session = NULL;
+ /*
+ * To make things clearer, ensure the pp_self_ref
+ * pointer is nulled out. We're never going to
+ * access this again.
+ */
+ (*pp_state)->pp_self_ref = NULL;
+ return 0;
+}
+
static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
{
/*
return 0;
}
+static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq);
+static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq);
+
+/************************************************************************
+ We have to tag the state->session pointer with memory talloc'ed
+ on it to ensure it gets NULL'ed out if the underlying struct smbXsrv_session
+ is deleted by shutdown whilst this request is in flight.
+************************************************************************/
+
+static NTSTATUS tag_state_session_ptr(struct smbd_smb2_session_setup_state *state)
+{
+ state->pp_self_ref = talloc_zero(state->session,
+ struct smbd_smb2_session_setup_state *);
+ if (state->pp_self_ref == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *state->pp_self_ref = state;
+ talloc_set_destructor(state->pp_self_ref, pp_self_ref_destructor);
+ return NT_STATUS_OK;
+}
+
static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct smbd_smb2_request *smb2req,
struct smbd_smb2_session_setup_state *state;
NTSTATUS status;
NTTIME now = timeval_to_nttime(&smb2req->request_time);
+ struct tevent_req *subreq;
req = tevent_req_create(mem_ctx, &state,
struct smbd_smb2_session_setup_state);
state->in_previous_session_id = in_previous_session_id;
state->in_security_buffer = in_security_buffer;
+ if (in_flags & SMB2_SESSION_FLAG_BINDING) {
+ if (smb2req->sconn->conn->protocol < PROTOCOL_SMB2_22) {
+ tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * We do not support multi channel.
+ */
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
talloc_set_destructor(state, smbd_smb2_session_setup_state_destructor);
if (state->in_session_id == 0) {
}
}
+ status = tag_state_session_ptr(state);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
if (state->session->gensec == NULL) {
status = auth_generic_prepare(state->session,
state->session->connection->remote_address,
}
become_root();
- status = gensec_update(state->session->gensec,
- state, NULL,
- state->in_security_buffer,
- &state->out_security_buffer);
+ subreq = gensec_update_send(state, state->ev,
+ state->session->gensec,
+ state->in_security_buffer);
unbecome_root();
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, smbd_smb2_session_setup_gensec_done, req);
+
+ return req;
+}
+
+static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct smbd_smb2_session_setup_state *state =
+ tevent_req_data(req,
+ struct smbd_smb2_session_setup_state);
+ NTSTATUS status;
+
+ become_root();
+ status = gensec_update_recv(subreq, state,
+ &state->out_security_buffer);
+ unbecome_root();
+ TALLOC_FREE(subreq);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
- return tevent_req_post(req, ev);
+ return;
}
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
state->out_session_id = state->session->global->session_wire_id;
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_nterror(req, status);
- return tevent_req_post(req, ev);
+ return;
+ }
+
+ status = gensec_session_info(state->session->gensec,
+ state->session->global,
+ &state->session_info);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if ((state->in_previous_session_id != 0) &&
+ (state->session->global->session_wire_id !=
+ state->in_previous_session_id))
+ {
+ subreq = smb2srv_session_close_previous_send(state, state->ev,
+ state->session->connection,
+ state->session_info,
+ state->in_previous_session_id,
+ state->session->global->session_wire_id);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ smbd_smb2_session_setup_previous_done,
+ req);
+ return;
}
if (state->session->global->auth_session_info != NULL) {
status = smbd_smb2_reauth_generic_return(state->session,
state->smb2req,
+ state->session_info,
&state->out_session_flags,
&state->out_session_id);
if (tevent_req_nterror(req, status)) {
- return tevent_req_post(req, ev);
+ return;
}
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_done(req);
- return tevent_req_post(req, ev);
+ return;
}
status = smbd_smb2_auth_generic_return(state->session,
state->smb2req,
state->in_security_mode,
- state->in_previous_session_id,
- state->in_security_buffer,
+ state->session_info,
&state->out_session_flags,
&state->out_session_id);
if (tevent_req_nterror(req, status)) {
- return tevent_req_post(req, ev);
+ return;
+ }
+
+ /* we want to keep the session */
+ TALLOC_FREE(state->pp_self_ref);
+ tevent_req_done(req);
+ return;
+}
+
+static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct smbd_smb2_session_setup_state *state =
+ tevent_req_data(req,
+ struct smbd_smb2_session_setup_state);
+ NTSTATUS status;
+
+ status = smb2srv_session_close_previous_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (state->session->global->auth_session_info != NULL) {
+ status = smbd_smb2_reauth_generic_return(state->session,
+ state->smb2req,
+ state->session_info,
+ &state->out_session_flags,
+ &state->out_session_id);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ /* we want to keep the session */
+ TALLOC_FREE(state->pp_self_ref);
+ tevent_req_done(req);
+ return;
+ }
+
+ status = smbd_smb2_auth_generic_return(state->session,
+ state->smb2req,
+ state->in_security_mode,
+ state->session_info,
+ &state->out_session_flags,
+ &state->out_session_id);
+ if (tevent_req_nterror(req, status)) {
+ return;
}
/* we want to keep the session */
- state->session = NULL;
+ TALLOC_FREE(state->pp_self_ref);
tevent_req_done(req);
- return tevent_req_post(req, ev);
+ return;
}
static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,