lib: Remove server_id_str()

[metze/samba-autobuild/.git] / source3 / smbd / sesssetup.c

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 4d58e7a0be2f91b68a90efcf9088da7930331dae..f41f8e32362f0b6f30f02f943a75ccc2be38970e 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -46,10 +46,14 @@ static int push_signature(uint8 **outbuf)
 {
        char *lanman;
        int result, tmp;
+       fstring native_os;
 
        result = 0;
 
-       tmp = message_push_string(outbuf, "Unix", STR_TERMINATE);
+       fstr_sprintf(native_os, "Windows %d.%d", SAMBA_MAJOR_NBT_ANNOUNCE_VERSION,
+               SAMBA_MINOR_NBT_ANNOUNCE_VERSION);
+
+       tmp = message_push_string(outbuf, native_os, STR_TERMINATE);
 
        if (tmp == -1) return -1;
        result += tmp;
@@ -96,14 +100,14 @@ static NTSTATUS check_guest_password(const struct tsocket_address *remote_addres
        auth_context->get_ntlm_challenge(auth_context,
                                         chal);
 
-       if (!make_user_info_guest(remote_address, &user_info)) {
+       if (!make_user_info_guest(talloc_tos(), remote_address, &user_info)) {
                TALLOC_FREE(auth_context);
                return NT_STATUS_NO_MEMORY;
        }
 
        nt_status = auth_check_password_session_info(auth_context, 
                                                     mem_ctx, user_info, session_info);
-       free_user_info(&user_info);
+       TALLOC_FREE(user_info);
        TALLOC_FREE(auth_context);
        return nt_status;
 }
@@ -123,20 +127,21 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        const char *native_os;
        const char *native_lanman;
        const char *primary_domain;
-       const char *p2;
        uint16 data_blob_len = SVAL(req->vwv+7, 0);
        enum remote_arch_types ra_type = get_remote_arch();
        uint64_t vuid = req->vuid;
        NTSTATUS status = NT_STATUS_OK;
+       struct smbXsrv_connection *xconn = req->xconn;
        struct smbd_server_connection *sconn = req->sconn;
        uint16_t action = 0;
        NTTIME now = timeval_to_nttime(&req->request_time);
        struct smbXsrv_session *session = NULL;
+       uint16_t smb_bufsize = SVAL(req->vwv+2, 0);
        uint32_t client_caps = IVAL(req->vwv+10, 0);
 
        DEBUG(3,("Doing spnego session setup\n"));
 
-       if (global_client_caps == 0) {
+       if (!xconn->smb1.sessions.done_sesssetup) {
                global_client_caps = client_caps;
 
                if (!(global_client_caps & CAP_STATUS32)) {
@@ -160,17 +165,17 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        file_save("negotiate.dat", in_blob.data, in_blob.length);
 #endif
 
-       p2 = (const char *)req->buf + in_blob.length;
+       p = req->buf + in_blob.length;
 
-       p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+       p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
                                     STR_TERMINATE);
        native_os = tmp ? tmp : "";
 
-       p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+       p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
                                     STR_TERMINATE);
        native_lanman = tmp ? tmp : "";
 
-       p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+       p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
                                     STR_TERMINATE);
        primary_domain = tmp ? tmp : "";
 
@@ -198,7 +203,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        }
 
        if (vuid != 0) {
-               status = smb1srv_session_lookup(sconn->conn,
+               status = smb1srv_session_lookup(xconn,
                                                vuid, now,
                                                &session);
                if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
@@ -221,7 +226,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 
        if (session == NULL) {
                /* create a new session */
-               status = smbXsrv_session_create(sconn->conn,
+               status = smbXsrv_session_create(xconn,
                                                now, &session);
                if (!NT_STATUS_IS_OK(status)) {
                        reply_nterror(req, nt_status_squash(status));
@@ -230,7 +235,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        }
 
        if (!session->gensec) {
-               status = auth_generic_prepare(session, sconn->remote_address,
+               status = auth_generic_prepare(session, xconn->remote_address,
                                              &session->gensec);
                if (!NT_STATUS_IS_OK(status)) {
                        TALLOC_FREE(session);
@@ -253,7 +258,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 
        become_root();
        status = gensec_update(session->gensec,
-                              talloc_tos(), NULL,
+                              talloc_tos(),
                               in_blob, &out_blob);
        unbecome_root();
        if (!NT_STATUS_IS_OK(status) &&
@@ -326,16 +331,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                                register_homes_share(session_info->unix_info->unix_name);
                }
 
-               if (!session_claim(sconn, session->compat)) {
-                       DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n",
-                                 (unsigned long long)session->compat->vuid));
-                       data_blob_free(&out_blob);
-                       TALLOC_FREE(session);
-                       reply_nterror(req, NT_STATUS_LOGON_FAILURE);
-                       return;
-               }
-
-               if (srv_is_signing_negotiated(sconn) &&
+               if (srv_is_signing_negotiated(xconn) &&
                    action == 0 &&
                    session->global->signing_key.length > 0)
                {
@@ -343,7 +339,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                         * Try and turn on server signing on the first non-guest
                         * sessionsetup.
                         */
-                       srv_set_signing(sconn,
+                       srv_set_signing(xconn,
                                session->global->signing_key,
                                data_blob_null);
                }
@@ -358,6 +354,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                session->global->auth_session_info_seqnum += 1;
                session->global->channels[0].auth_session_info_seqnum =
                        session->global->auth_session_info_seqnum;
+               session->global->auth_time = now;
                if (client_caps & CAP_DYNAMIC_REAUTH) {
                        session->global->expiration_time =
                                gensec_expire_time(session->gensec);
@@ -366,6 +363,15 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                                GENSEC_EXPIRE_TIME_INFINITY;
                }
 
+               if (!session_claim(session)) {
+                       DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n",
+                                 (unsigned long long)session->compat->vuid));
+                       data_blob_free(&out_blob);
+                       TALLOC_FREE(session);
+                       reply_nterror(req, NT_STATUS_LOGON_FAILURE);
+                       return;
+               }
+
                status = smbXsrv_session_update(session);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0, ("smb1: Failed to update session for vuid=%llu - %s\n",
@@ -377,6 +383,15 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                        return;
                }
 
+               if (!xconn->smb1.sessions.done_sesssetup) {
+                       if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
+                               reply_force_doserror(req, ERRSRV, ERRerror);
+                               return;
+                       }
+                       xconn->smb1.sessions.max_send = smb_bufsize;
+                       xconn->smb1.sessions.done_sesssetup = true;
+               }
+
                /* current_user_info is changed on new vuid */
                reload_services(sconn, conn_snum_used, true);
        } else if (NT_STATUS_IS_OK(status)) {
@@ -427,6 +442,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                session->global->auth_session_info_seqnum += 1;
                session->global->channels[0].auth_session_info_seqnum =
                        session->global->auth_session_info_seqnum;
+               session->global->auth_time = now;
                if (client_caps & CAP_DYNAMIC_REAUTH) {
                        session->global->expiration_time =
                                gensec_expire_time(session->gensec);
@@ -488,36 +504,44 @@ struct shutdown_state {
        struct messaging_context *msg_ctx;
 };
 
-static int shutdown_other_smbds(const struct connections_key *key,
-                               const struct connections_data *crec,
+static int shutdown_other_smbds(struct smbXsrv_session_global0 *session,
                                void *private_data)
 {
        struct shutdown_state *state = (struct shutdown_state *)private_data;
        struct server_id self_pid = messaging_server_id(state->msg_ctx);
+       struct server_id pid = session->channels[0].server_id;
+       const char *addr = session->channels[0].remote_address;
+       struct server_id_buf tmp;
 
        DEBUG(10, ("shutdown_other_smbds: %s, %s\n",
-                  server_id_str(talloc_tos(), &crec->pid), crec->addr));
+                  server_id_str_buf(pid, &tmp), addr));
 
-       if (!process_exists(crec->pid)) {
+       if (!process_exists(pid)) {
                DEBUG(10, ("process does not exist\n"));
                return 0;
        }
 
-       if (serverid_equal(&crec->pid, &self_pid)) {
+       if (serverid_equal(&pid, &self_pid)) {
                DEBUG(10, ("It's me\n"));
                return 0;
        }
 
-       if (strcmp(state->ip, crec->addr) != 0) {
-               DEBUG(10, ("%s does not match %s\n", state->ip, crec->addr));
+       /*
+        * here we use strstr() because 'addr'
+        * (session->channels[0].remote_address)
+        * contains a string like:
+        * 'ipv4:127.0.0.1:48163'
+        */
+       if (strstr(addr, state->ip)  == NULL) {
+               DEBUG(10, ("%s does not match %s\n", state->ip, addr));
                return 0;
        }
 
        DEBUG(1, ("shutdown_other_smbds: shutting down pid %u "
-                 "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid),
+                 "(IP %s)\n", (unsigned int)procid_to_pid(&pid),
                  state->ip));
 
-       messaging_send(state->msg_ctx, crec->pid, MSG_SHUTDOWN,
+       messaging_send(state->msg_ctx, pid, MSG_SHUTDOWN,
                       &data_blob_null);
        return 0;
 }
@@ -541,7 +565,7 @@ static void setup_new_vc_session(struct smbd_server_connection *sconn)
                }
                state.ip = addr;
                state.msg_ctx = sconn->msg_ctx;
-               connections_forall_read(shutdown_other_smbds, &state);
+               smbXsrv_session_global_traverse(shutdown_other_smbds, &state);
                TALLOC_FREE(addr);
        }
 }
@@ -553,7 +577,7 @@ static void setup_new_vc_session(struct smbd_server_connection *sconn)
 void reply_sesssetup_and_X(struct smb_request *req)
 {
        uint64_t sess_vuid;
-       int smb_bufsize;
+       uint16_t smb_bufsize;
        DATA_BLOB lm_resp;
        DATA_BLOB nt_resp;
        DATA_BLOB plaintext_password;
@@ -570,11 +594,10 @@ void reply_sesssetup_and_X(struct smb_request *req)
        uint16_t action = 0;
        NTTIME now = timeval_to_nttime(&req->request_time);
        struct smbXsrv_session *session = NULL;
-
        NTSTATUS nt_status;
+       struct smbXsrv_connection *xconn = req->xconn;
        struct smbd_server_connection *sconn = req->sconn;
-
-       bool doencrypt = sconn->smb1.negprot.encrypted_passwords;
+       bool doencrypt = xconn->smb1.negprot.encrypted_passwords;
        bool signing_allowed = false;
        bool signing_mandatory = false;
 
@@ -598,7 +621,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
         * It finds out when it needs to turn into a noop
         * itself.
         */
-       srv_set_signing_negotiated(req->sconn,
+       srv_set_signing_negotiated(xconn,
                                   signing_allowed,
                                   signing_mandatory);
 
@@ -607,7 +630,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
        if (req->wct == 12 &&
            (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
 
-               if (!sconn->smb1.negprot.spnego) {
+               if (!xconn->smb1.negprot.spnego) {
                        DEBUG(0,("reply_sesssetup_and_X:  Rejecting attempt "
                                 "at SPNEGO session setup when it was not "
                                 "negotiated.\n"));
@@ -664,8 +687,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
                const uint8_t *save_p = req->buf;
                uint16 byte_count;
 
-
-               if(global_client_caps == 0) {
+               if (!xconn->smb1.sessions.done_sesssetup) {
                        global_client_caps = IVAL(req->vwv+11, 0);
 
                        if (!(global_client_caps & CAP_STATUS32)) {
@@ -818,7 +840,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
                                domain, user, get_remote_machine_name()));
 
        if (*user) {
-               if (sconn->smb1.negprot.spnego) {
+               if (xconn->smb1.negprot.spnego) {
 
                        /* This has to be here, because this is a perfectly
                         * valid behaviour for guest logons :-( */
@@ -846,7 +868,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 
        } else if (doencrypt) {
                struct auth4_context *negprot_auth_context = NULL;
-               negprot_auth_context = sconn->smb1.negprot.auth_context;
+               negprot_auth_context = xconn->smb1.negprot.auth_context;
                if (!negprot_auth_context) {
                        DEBUG(0, ("reply_sesssetup_and_X:  Attempted encrypted "
                                "session setup without negprot denied!\n"));
@@ -855,10 +877,11 @@ void reply_sesssetup_and_X(struct smb_request *req)
                        END_PROFILE(SMBsesssetupX);
                        return;
                }
-               nt_status = make_user_info_for_reply_enc(&user_info, user,
-                                               domain,
-                                               sconn->remote_address,
-                                               lm_resp, nt_resp);
+               nt_status = make_user_info_for_reply_enc(talloc_tos(),
+                                                        &user_info, user,
+                                                        domain,
+                                                        sconn->remote_address,
+                                                        lm_resp, nt_resp);
                if (NT_STATUS_IS_OK(nt_status)) {
                        nt_status = auth_check_password_session_info(negprot_auth_context, 
                                                                     req, user_info, &session_info);
@@ -875,7 +898,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
                        plaintext_auth_context->get_ntlm_challenge(
                                        plaintext_auth_context, chal);
 
-                       if (!make_user_info_for_reply(&user_info,
+                       if (!make_user_info_for_reply(talloc_tos(),
+                                                     &user_info,
                                                      user, domain,
                                                      sconn->remote_address,
                                                      chal,
@@ -891,7 +915,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
                }
        }
 
-       free_user_info(&user_info);
+       TALLOC_FREE(user_info);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
                data_blob_free(&nt_resp);
@@ -921,7 +945,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
        /* register the name and uid as being validated, so further connections
           to a uid can get through without a password, on the same VC */
 
-       nt_status = smbXsrv_session_create(sconn->conn,
+       nt_status = smbXsrv_session_create(xconn,
                                           now, &session);
        if (!NT_STATUS_IS_OK(nt_status)) {
                data_blob_free(&nt_resp);
@@ -1008,18 +1032,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
                        register_homes_share(session_info->unix_info->unix_name);
        }
 
-       if (!session_claim(sconn, session->compat)) {
-               DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n",
-                         (unsigned long long)session->compat->vuid));
-               data_blob_free(&nt_resp);
-               data_blob_free(&lm_resp);
-               TALLOC_FREE(session);
-               reply_nterror(req, NT_STATUS_LOGON_FAILURE);
-               END_PROFILE(SMBsesssetupX);
-               return;
-       }
-
-       if (srv_is_signing_negotiated(sconn) &&
+       if (srv_is_signing_negotiated(xconn) &&
            action == 0 &&
            session->global->signing_key.length > 0)
        {
@@ -1027,7 +1040,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
                 * Try and turn on server signing on the first non-guest
                 * sessionsetup.
                 */
-               srv_set_signing(sconn,
+               srv_set_signing(xconn,
                        session->global->signing_key,
                        nt_resp.data ? nt_resp : lm_resp);
        }
@@ -1042,6 +1055,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
        session->global->auth_session_info_seqnum += 1;
        session->global->channels[0].auth_session_info_seqnum =
                session->global->auth_session_info_seqnum;
+       session->global->auth_time = now;
        session->global->expiration_time = GENSEC_EXPIRE_TIME_INFINITY;
 
        nt_status = smbXsrv_session_update(session);
@@ -1057,6 +1071,17 @@ void reply_sesssetup_and_X(struct smb_request *req)
                return;
        }
 
+       if (!session_claim(session)) {
+               DEBUG(1, ("smb1: Failed to claim session for vuid=%llu\n",
+                         (unsigned long long)session->compat->vuid));
+               data_blob_free(&nt_resp);
+               data_blob_free(&lm_resp);
+               TALLOC_FREE(session);
+               reply_nterror(req, NT_STATUS_LOGON_FAILURE);
+               END_PROFILE(SMBsesssetupX);
+               return;
+       }
+
        /* current_user_info is changed on new vuid */
        reload_services(sconn, conn_snum_used, true);
 
@@ -1070,11 +1095,15 @@ void reply_sesssetup_and_X(struct smb_request *req)
        SSVAL(discard_const_p(char, req->inbuf),smb_uid,sess_vuid);
        req->vuid = sess_vuid;
 
-       if (!sconn->smb1.sessions.done_sesssetup) {
-               sconn->smb1.sessions.max_send =
-                       MIN(sconn->smb1.sessions.max_send,smb_bufsize);
+       if (!xconn->smb1.sessions.done_sesssetup) {
+               if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
+                       reply_force_doserror(req, ERRSRV, ERRerror);
+                       END_PROFILE(SMBsesssetupX);
+                       return;
+               }
+               xconn->smb1.sessions.max_send = smb_bufsize;
+               xconn->smb1.sessions.done_sesssetup = true;
        }
-       sconn->smb1.sessions.done_sesssetup = true;
 
        END_PROFILE(SMBsesssetupX);
 }