s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and session_y...

[kai/samba.git] / source3 / smbd / smb2_sesssetup.c
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c

index 85bcc05c4a2dc898570bcdcef83bebffe034ead5..29253d032171160cd2d9f2939aaa5e7c38cffd85 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -49,7 +49,6 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
  {
         const uint8_t *inhdr;
         const uint8_t *inbody;
-       int i = smb2req->current_idx;
         uint64_t in_session_id;
         uint8_t in_flags;
         uint8_t in_security_mode;
@@ -64,8 +63,8 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
         if (!NT_STATUS_IS_OK(status)) {
                 return smbd_smb2_request_error(smb2req, status);
         }
-       inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
-       inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
+       inhdr = SMBD_SMB2_IN_HDR_PTR(smb2req);
+       inbody = SMBD_SMB2_IN_BODY_PTR(smb2req);
  
         in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
  
@@ -77,15 +76,15 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
         in_security_length = SVAL(inbody, 0x0E);
         in_previous_session_id = BVAL(inbody, 0x10);
  
-       if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) {
+       if (in_security_offset != (SMB2_HDR_BODY + SMBD_SMB2_IN_BODY_LEN(smb2req))) {
                 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
         }
  
-       if (in_security_length > smb2req->in.vector[i+2].iov_len) {
+       if (in_security_length > SMBD_SMB2_IN_DYN_LEN(smb2req)) {
                 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
         }
  
-       in_security_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base;
+       in_security_buffer.data = SMBD_SMB2_IN_DYN_PTR(smb2req);
         in_security_buffer.length = in_security_length;
  
         subreq = smbd_smb2_session_setup_send(smb2req,
@@ -109,7 +108,6 @@ static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
         struct smbd_smb2_request *smb2req =
                 tevent_req_callback_data(subreq,
                 struct smbd_smb2_request);
-       int i = smb2req->current_idx;
         uint8_t *outhdr;
         DATA_BLOB outbody;
         DATA_BLOB outdyn;
@@ -140,7 +138,7 @@ static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
  
         out_security_offset = SMB2_HDR_BODY + 0x08;
  
-       outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
+       outhdr = SMBD_SMB2_OUT_HDR_PTR(smb2req);
  
         outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x08);
         if (outbody.data == NULL) {
@@ -192,6 +190,10 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                 x->global->signing_required = true;
         }
  
+       if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) {
+               x->global->encryption_required = true;
+       }
+
         if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
                 /* we map anonymous to guest internally */
                 *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
@@ -201,6 +203,24 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                 guest = true;
         }
  
+       if (guest && x->global->encryption_required) {
+               DEBUG(1,("reject guest session as encryption is required\n"));
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
+       if (!(conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+               if (x->global->encryption_required) {
+                       DEBUG(1,("reject session with dialect[0x%04X] "
+                                "as encryption is required\n",
+                                conn->smb2.server.dialect));
+                       return NT_STATUS_ACCESS_DENIED;
+               }
+       }
+
+       if (x->global->encryption_required) {
+               *out_session_flags |= SMB2_SESSION_FLAG_ENCRYPT_DATA;
+       }
+
         ZERO_STRUCT(session_key);
         memcpy(session_key, session_info->session_key.data,
                MIN(session_info->session_key.length, sizeof(session_key)));
@@ -210,7 +230,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                                                   sizeof(session_key));
         if (x->global->signing_key.data == NULL) {
                 ZERO_STRUCT(session_key);
-               TALLOC_FREE(session);
                 return NT_STATUS_NO_MEMORY;
         }
  
@@ -224,11 +243,49 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                                     x->global->signing_key.data);
         }
  
+       if (conn->protocol >= PROTOCOL_SMB2_24) {
+               const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
+               const DATA_BLOB context = data_blob_string_const_null("ServerIn ");
+
+               x->global->decryption_key = data_blob_talloc(x->global,
+                                                            session_key,
+                                                            sizeof(session_key));
+               if (x->global->decryption_key.data == NULL) {
+                       ZERO_STRUCT(session_key);
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               smb2_key_derivation(session_key, sizeof(session_key),
+                                   label.data, label.length,
+                                   context.data, context.length,
+                                   x->global->decryption_key.data);
+       }
+
+       if (conn->protocol >= PROTOCOL_SMB2_24) {
+               const DATA_BLOB label = data_blob_string_const_null("SMB2AESCCM");
+               const DATA_BLOB context = data_blob_string_const_null("ServerOut");
+
+               x->global->encryption_key = data_blob_talloc(x->global,
+                                                            session_key,
+                                                            sizeof(session_key));
+               if (x->global->encryption_key.data == NULL) {
+                       ZERO_STRUCT(session_key);
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               smb2_key_derivation(session_key, sizeof(session_key),
+                                   label.data, label.length,
+                                   context.data, context.length,
+                                   x->global->encryption_key.data);
+
+               generate_random_buffer((uint8_t *)&x->nonce_high, sizeof(x->nonce_high));
+               x->nonce_low = 1;
+       }
+
         x->global->application_key = data_blob_dup_talloc(x->global,
                                                 x->global->signing_key);
         if (x->global->application_key.data == NULL) {
                 ZERO_STRUCT(session_key);
-               TALLOC_FREE(session);
                 return NT_STATUS_NO_MEMORY;
         }
  
@@ -246,7 +303,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
         x->global->channels[0].signing_key = data_blob_dup_talloc(x->global->channels,
                                                 x->global->signing_key);
         if (x->global->channels[0].signing_key.data == NULL) {
-               TALLOC_FREE(session);
                 return NT_STATUS_NO_MEMORY;
         }
  
@@ -254,13 +310,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
         session_info->session_key = data_blob_dup_talloc(session_info,
                                                 x->global->application_key);
         if (session_info->session_key.data == NULL) {
-               TALLOC_FREE(session);
                 return NT_STATUS_NO_MEMORY;
         }
  
         session->compat = talloc_zero(session, struct user_struct);
         if (session->compat == NULL) {
-               TALLOC_FREE(session);
                 return NT_STATUS_NO_MEMORY;
         }
         session->compat->session = session;
@@ -276,11 +330,10 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                         register_homes_share(session_info->unix_info->unix_name);
         }
  
-       if (!session_claim(smb2req->sconn, session->compat)) {
+       if (!session_claim(smb2req->sconn, session)) {
                 DEBUG(1, ("smb2: Failed to claim session "
                         "for vuid=%llu\n",
                         (unsigned long long)session->compat->vuid));
-               TALLOC_FREE(session);
                 return NT_STATUS_LOGON_FAILURE;
         }
  
@@ -302,7 +355,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                 DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
                           (unsigned long long)session->compat->vuid,
                           nt_errstr(status)));
-               TALLOC_FREE(session);
                 return NT_STATUS_LOGON_FAILURE;
         }
  
@@ -336,7 +388,6 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
         session_info->session_key = data_blob_dup_talloc(session_info,
                                                 x->global->application_key);
         if (session_info->session_key.data == NULL) {
-               TALLOC_FREE(session);
                 return NT_STATUS_NO_MEMORY;
         }
  
@@ -365,21 +416,11 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
                 DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
                           (unsigned long long)session->compat->vuid,
                           nt_errstr(status)));
-               TALLOC_FREE(session);
                 return NT_STATUS_LOGON_FAILURE;
         }
  
         conn_clear_vuid_caches(conn->sconn, session->compat->vuid);
  
-       /*
-        * we attach the session to the request
-        * so that the response can be signed
-        */
-       smb2req->session = session;
-       smb2req->do_signing = true;
-
-       global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
-
         *out_session_id = session->global->session_wire_id;
  
         return NT_STATUS_OK;
@@ -398,8 +439,22 @@ struct smbd_smb2_session_setup_state {
         uint16_t out_session_flags;
         DATA_BLOB out_security_buffer;
         uint64_t out_session_id;
+       /* The following pointer is owned by state->session. */
+       struct smbd_smb2_session_setup_state **pp_self_ref;
  };
  
+static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_state)
+{
+       (*pp_state)->session = NULL;
+       /*
+        * To make things clearer, ensure the pp_self_ref
+        * pointer is nulled out. We're never going to
+        * access this again.
+        */
+       (*pp_state)->pp_self_ref = NULL;
+       return 0;
+}
+
  static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
  {
         /*
@@ -413,6 +468,24 @@ static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_set
  static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq);
  static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq);
  
+/************************************************************************
+ We have to tag the state->session pointer with memory talloc'ed
+ on it to ensure it gets NULL'ed out if the underlying struct smbXsrv_session
+ is deleted by shutdown whilst this request is in flight.
+************************************************************************/
+
+static NTSTATUS tag_state_session_ptr(struct smbd_smb2_session_setup_state *state)
+{
+       state->pp_self_ref = talloc_zero(state->session,
+                       struct smbd_smb2_session_setup_state *);
+       if (state->pp_self_ref == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       *state->pp_self_ref = state;
+       talloc_set_destructor(state->pp_self_ref, pp_self_ref_destructor);
+       return NT_STATUS_OK;
+}
+
  static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
                                         struct tevent_context *ev,
                                         struct smbd_smb2_request *smb2req,
@@ -441,6 +514,19 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
         state->in_previous_session_id = in_previous_session_id;
         state->in_security_buffer = in_security_buffer;
  
+       if (in_flags & SMB2_SESSION_FLAG_BINDING) {
+               if (smb2req->sconn->conn->protocol < PROTOCOL_SMB2_22) {
+                       tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
+                       return tevent_req_post(req, ev);
+               }
+
+               /*
+                * We do not support multi channel.
+                */
+               tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+               return tevent_req_post(req, ev);
+       }
+
         talloc_set_destructor(state, smbd_smb2_session_setup_state_destructor);
  
         if (state->in_session_id == 0) {
@@ -468,6 +554,11 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
                 }
         }
  
+       status = tag_state_session_ptr(state);
+       if (tevent_req_nterror(req, status)) {
+               return tevent_req_post(req, ev);
+       }
+
         if (state->session->gensec == NULL) {
                 status = auth_generic_prepare(state->session,
                                               state->session->connection->remote_address,
@@ -523,7 +614,7 @@ static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq)
         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                 state->out_session_id = state->session->global->session_wire_id;
                 /* we want to keep the session */
-               state->session = NULL;
+               TALLOC_FREE(state->pp_self_ref);
                 tevent_req_nterror(req, status);
                 return;
         }
@@ -563,7 +654,7 @@ static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq)
                         return;
                 }
                 /* we want to keep the session */
-               state->session = NULL;
+               TALLOC_FREE(state->pp_self_ref);
                 tevent_req_done(req);
                 return;
         }
@@ -579,7 +670,7 @@ static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq)
         }
  
         /* we want to keep the session */
-       state->session = NULL;
+       TALLOC_FREE(state->pp_self_ref);
         tevent_req_done(req);
         return;
  }
@@ -610,7 +701,7 @@ static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq)
                         return;
                 }
                 /* we want to keep the session */
-               state->session = NULL;
+               TALLOC_FREE(state->pp_self_ref);
                 tevent_req_done(req);
                 return;
         }
@@ -626,7 +717,7 @@ static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq)
         }
  
         /* we want to keep the session */
-       state->session = NULL;
+       TALLOC_FREE(state->pp_self_ref);
         tevent_req_done(req);
         return;
  }