Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.2.x/source/smbd/negprot.c@ 770

Visit:

Last change on this file since 770 was 133, checked in by Paul Smedley, 17 years ago
Update trunk to 3.2.0pre3
File size: 20.8 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	negprot reply code
4	Copyright (C) Andrew Tridgell 1992-1998
5	Copyright (C) Volker Lendecke 2007
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "includes.h"
22
23	extern fstring remote_proto;
24	extern enum protocol_types Protocol;
25	extern int max_recv;
26
27	bool global_encrypted_passwords_negotiated = False;
28	bool global_spnego_negotiated = False;
29	struct auth_context *negprot_global_auth_context = NULL;
30
31	static void get_challenge(uint8 buff[8])
32	{
33	NTSTATUS nt_status;
34	const uint8 *cryptkey;
35
36	/* We might be called more than once, multiple negprots are
37	* permitted */
38	if (negprot_global_auth_context) {
39	DEBUG(3, ("get challenge: is this a secondary negprot? negprot_global_auth_context is non-NULL!\n"));
40	(negprot_global_auth_context->free)(&negprot_global_auth_context);
41	}
42
43	DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
44	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&negprot_global_auth_context))) {
45	DEBUG(0, ("make_auth_context_subsystem returned %s", nt_errstr(nt_status)));
46	smb_panic("cannot make_negprot_global_auth_context!");
47	}
48	DEBUG(10, ("get challenge: getting challenge\n"));
49	cryptkey = negprot_global_auth_context->get_ntlm_challenge(negprot_global_auth_context);
50	memcpy(buff, cryptkey, 8);
51	}
52
53	/****************************************************************************
54	Reply for the core protocol.
55	****************************************************************************/
56
57	static void reply_corep(struct smb_request *req, uint16 choice)
58	{
59	reply_outbuf(req, 1, 0);
60	SSVAL(req->outbuf, smb_vwv0, choice);
61
62	Protocol = PROTOCOL_CORE;
63	}
64
65	/****************************************************************************
66	Reply for the coreplus protocol.
67	****************************************************************************/
68
69	static void reply_coreplus(struct smb_request *req, uint16 choice)
70	{
71	int raw = (lp_readraw()?1:0) \| (lp_writeraw()?2:0);
72
73	reply_outbuf(req, 13, 0);
74
75	SSVAL(req->outbuf,smb_vwv0,choice);
76	SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support
77	readbraw and writebraw (possibly) */
78	/* Reply, SMBlockread, SMBwritelock supported. */
79	SCVAL(req->outbuf,smb_flg,FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
80	SSVAL(req->outbuf,smb_vwv1,0x1); /* user level security, don't
81	* encrypt */
82	Protocol = PROTOCOL_COREPLUS;
83	}
84
85	/****************************************************************************
86	Reply for the lanman 1.0 protocol.
87	****************************************************************************/
88
89	static void reply_lanman1(struct smb_request *req, uint16 choice)
90	{
91	int raw = (lp_readraw()?1:0) \| (lp_writeraw()?2:0);
92	int secword=0;
93	time_t t = time(NULL);
94
95	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
96
97	if (lp_security()>=SEC_USER)
98	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
99	if (global_encrypted_passwords_negotiated)
100	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
101
102	reply_outbuf(req, 13, global_encrypted_passwords_negotiated?8:0);
103
104	SSVAL(req->outbuf,smb_vwv0,choice);
105	SSVAL(req->outbuf,smb_vwv1,secword);
106	/* Create a token value and add it to the outgoing packet. */
107	if (global_encrypted_passwords_negotiated) {
108	get_challenge((uint8 *)smb_buf(req->outbuf));
109	SSVAL(req->outbuf,smb_vwv11, 8);
110	}
111
112	Protocol = PROTOCOL_LANMAN1;
113
114	/* Reply, SMBlockread, SMBwritelock supported. */
115	SCVAL(req->outbuf,smb_flg,FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
116	SSVAL(req->outbuf,smb_vwv2,max_recv);
117	SSVAL(req->outbuf,smb_vwv3,lp_maxmux()); /* maxmux */
118	SSVAL(req->outbuf,smb_vwv4,1);
119	SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support
120	readbraw writebraw (possibly) */
121	SIVAL(req->outbuf,smb_vwv6,sys_getpid());
122	SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
123
124	srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
125
126	return;
127	}
128
129	/****************************************************************************
130	Reply for the lanman 2.0 protocol.
131	****************************************************************************/
132
133	static void reply_lanman2(struct smb_request *req, uint16 choice)
134	{
135	int raw = (lp_readraw()?1:0) \| (lp_writeraw()?2:0);
136	int secword=0;
137	time_t t = time(NULL);
138
139	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
140
141	if (lp_security()>=SEC_USER)
142	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
143	if (global_encrypted_passwords_negotiated)
144	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
145
146	reply_outbuf(req, 13, global_encrypted_passwords_negotiated?8:0);
147
148	SSVAL(req->outbuf,smb_vwv0,choice);
149	SSVAL(req->outbuf,smb_vwv1,secword);
150	SIVAL(req->outbuf,smb_vwv6,sys_getpid());
151
152	/* Create a token value and add it to the outgoing packet. */
153	if (global_encrypted_passwords_negotiated) {
154	get_challenge((uint8 *)smb_buf(req->outbuf));
155	SSVAL(req->outbuf,smb_vwv11, 8);
156	}
157
158	Protocol = PROTOCOL_LANMAN2;
159
160	/* Reply, SMBlockread, SMBwritelock supported. */
161	SCVAL(req->outbuf,smb_flg,FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
162	SSVAL(req->outbuf,smb_vwv2,max_recv);
163	SSVAL(req->outbuf,smb_vwv3,lp_maxmux());
164	SSVAL(req->outbuf,smb_vwv4,1);
165	SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
166	SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
167	srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
168	}
169
170	/****************************************************************************
171	Generate the spnego negprot reply blob. Return the number of bytes used.
172	****************************************************************************/
173
174	static DATA_BLOB negprot_spnego(void)
175	{
176	DATA_BLOB blob;
177	nstring dos_name;
178	fstring unix_name;
179	#ifdef DEVELOPER
180	size_t slen;
181	#endif
182	char guid[17];
183	const char *OIDs_krb5[] = {OID_KERBEROS5,
184	OID_KERBEROS5_OLD,
185	OID_NTLMSSP,
186	NULL};
187	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
188
189	global_spnego_negotiated = True;
190
191	memset(guid, '\0', sizeof(guid));
192
193	safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1);
194	strlower_m(unix_name);
195	push_ascii_nstring(dos_name, unix_name);
196	safe_strcpy(guid, dos_name, sizeof(guid)-1);
197
198	#ifdef DEVELOPER
199	/* Fix valgrind 'uninitialized bytes' issue. */
200	slen = strlen(dos_name);
201	if (slen < sizeof(guid)) {
202	memset(guid+slen, '\0', sizeof(guid) - slen);
203	}
204	#endif
205
206	/* strangely enough, NT does not sent the single OID NTLMSSP when
207	not a ADS member, it sends no OIDs at all
208
209	OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
210	about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
211
212	Our sessionsetup code now handles raw NTLMSSP connects, so we can go
213	back to doing what W2K3 does here. This is needed to make PocketPC 2003
214	CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
215	for details. JRA.
216
217	*/
218
219	if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
220	#if 0
221	/* Code for PocketPC client */
222	blob = data_blob(guid, 16);
223	#else
224	/* Code for standalone WXP client */
225	blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
226	#endif
227	} else {
228	fstring myname;
229	char *host_princ_s = NULL;
230	name_to_fqdn(myname, global_myname());
231	strlower_m(myname);
232	if (asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm())
233	== -1) {
234	return data_blob_null;
235	}
236	blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
237	SAFE_FREE(host_princ_s);
238	}
239
240	return blob;
241	}
242
243	/****************************************************************************
244	Reply for the nt protocol.
245	****************************************************************************/
246
247	static void reply_nt1(struct smb_request *req, uint16 choice)
248	{
249	/* dual names + lock_and_read + nt SMBs + remote API calls */
250	int capabilities = CAP_NT_FIND\|CAP_LOCK_AND_READ\|
251	CAP_LEVEL_II_OPLOCKS;
252
253	int secword=0;
254	char p, q;
255	bool negotiate_spnego = False;
256	time_t t = time(NULL);
257	ssize_t ret;
258
259	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
260
261	/* Check the flags field to see if this is Vista.
262	WinXP sets it and Vista does not. But we have to
263	distinguish from NT which doesn't set it either. */
264
265	if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
266	((req->flags2 & FLAGS2_UNKNOWN_BIT4) == 0) )
267	{
268	if (get_remote_arch() != RA_SAMBA) {
269	set_remote_arch( RA_VISTA );
270	}
271	}
272
273	reply_outbuf(req,17,0);
274
275	/* do spnego in user level security if the client
276	supports it and we can do encrypted passwords */
277
278	if (global_encrypted_passwords_negotiated &&
279	(lp_security() != SEC_SHARE) &&
280	lp_use_spnego() &&
281	(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
282	negotiate_spnego = True;
283	capabilities \|= CAP_EXTENDED_SECURITY;
284	add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
285	/* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
286	(already partially constructed. */
287	SSVAL(req->outbuf, smb_flg2,
288	req->flags2 \| FLAGS2_EXTENDED_SECURITY);
289	}
290
291	capabilities \|= CAP_NT_SMBS\|CAP_RPC_REMOTE_APIS\|CAP_UNICODE;
292
293	if (lp_unix_extensions()) {
294	capabilities \|= CAP_UNIX;
295	}
296
297	if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
298	capabilities \|= CAP_LARGE_READX\|CAP_LARGE_WRITEX\|CAP_W2K_SMBS;
299
300	if (SMB_OFF_T_BITS == 64)
301	capabilities \|= CAP_LARGE_FILES;
302
303	if (lp_readraw() && lp_writeraw())
304	capabilities \|= CAP_RAW_MODE;
305
306	if (lp_nt_status_support())
307	capabilities \|= CAP_STATUS32;
308
309	if (lp_host_msdfs())
310	capabilities \|= CAP_DFS;
311
312	if (lp_security() >= SEC_USER)
313	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
314	if (global_encrypted_passwords_negotiated)
315	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
316
317	if (lp_server_signing()) {
318	if (lp_security() >= SEC_USER) {
319	secword \|= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
320	/* No raw mode with smb signing. */
321	capabilities &= ~CAP_RAW_MODE;
322	if (lp_server_signing() == Required)
323	secword \|=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
324	srv_set_signing_negotiated();
325	} else {
326	DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
327	if (lp_server_signing() == Required) {
328	exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
329	}
330	}
331	}
332
333	SSVAL(req->outbuf,smb_vwv0,choice);
334	SCVAL(req->outbuf,smb_vwv1,secword);
335
336	Protocol = PROTOCOL_NT1;
337
338	SSVAL(req->outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
339	SSVAL(req->outbuf,smb_vwv2+1,1); /* num vcs */
340	SIVAL(req->outbuf,smb_vwv3+1,max_recv); /* max buffer. LOTS! */
341	SIVAL(req->outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
342	SIVAL(req->outbuf,smb_vwv7+1,sys_getpid()); /* session key */
343	SIVAL(req->outbuf,smb_vwv9+1,capabilities); /* capabilities */
344	put_long_date((char *)req->outbuf+smb_vwv11+1,t);
345	SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(t)/60);
346
347	p = q = smb_buf(req->outbuf);
348	if (!negotiate_spnego) {
349	/* Create a token value and add it to the outgoing packet. */
350	if (global_encrypted_passwords_negotiated) {
351	uint8 chal[8];
352	/* note that we do not send a challenge at all if
353	we are using plaintext */
354	get_challenge(chal);
355	ret = message_push_blob(
356	&req->outbuf, data_blob_const(chal, sizeof(chal)));
357	if (ret == -1) {
358	DEBUG(0, ("Could not push challenge\n"));
359	reply_nterror(req, NT_STATUS_NO_MEMORY);
360	return;
361	}
362	SCVAL(req->outbuf, smb_vwv16+1, ret);
363	p += ret;
364	}
365	ret = message_push_string(&req->outbuf, lp_workgroup(),
366	STR_UNICODE\|STR_TERMINATE
367	\|STR_NOALIGN);
368	if (ret == -1) {
369	DEBUG(0, ("Could not push challenge\n"));
370	reply_nterror(req, NT_STATUS_NO_MEMORY);
371	return;
372	}
373	DEBUG(3,("not using SPNEGO\n"));
374	} else {
375	DATA_BLOB spnego_blob = negprot_spnego();
376
377	if (spnego_blob.data == NULL) {
378	reply_nterror(req, NT_STATUS_NO_MEMORY);
379	return;
380	}
381
382	ret = message_push_blob(&req->outbuf, spnego_blob);
383	if (ret == -1) {
384	DEBUG(0, ("Could not push spnego blob\n"));
385	reply_nterror(req, NT_STATUS_NO_MEMORY);
386	return;
387	}
388	p += ret;
389	data_blob_free(&spnego_blob);
390
391	SCVAL(req->outbuf,smb_vwv16+1, 0);
392	DEBUG(3,("using SPNEGO\n"));
393	}
394
395	SSVAL(req->outbuf,smb_vwv17, p - q); /* length of challenge+domain
396	* strings */
397
398	return;
399	}
400
401	/* these are the protocol lists used for auto architecture detection:
402
403	WinNT 3.51:
404	protocol [PC NETWORK PROGRAM 1.0]
405	protocol [XENIX CORE]
406	protocol [MICROSOFT NETWORKS 1.03]
407	protocol [LANMAN1.0]
408	protocol [Windows for Workgroups 3.1a]
409	protocol [LM1.2X002]
410	protocol [LANMAN2.1]
411	protocol [NT LM 0.12]
412
413	Win95:
414	protocol [PC NETWORK PROGRAM 1.0]
415	protocol [XENIX CORE]
416	protocol [MICROSOFT NETWORKS 1.03]
417	protocol [LANMAN1.0]
418	protocol [Windows for Workgroups 3.1a]
419	protocol [LM1.2X002]
420	protocol [LANMAN2.1]
421	protocol [NT LM 0.12]
422
423	Win2K:
424	protocol [PC NETWORK PROGRAM 1.0]
425	protocol [LANMAN1.0]
426	protocol [Windows for Workgroups 3.1a]
427	protocol [LM1.2X002]
428	protocol [LANMAN2.1]
429	protocol [NT LM 0.12]
430
431	Vista:
432	protocol [PC NETWORK PROGRAM 1.0]
433	protocol [LANMAN1.0]
434	protocol [Windows for Workgroups 3.1a]
435	protocol [LM1.2X002]
436	protocol [LANMAN2.1]
437	protocol [NT LM 0.12]
438	protocol [SMB 2.001]
439
440	OS/2:
441	protocol [PC NETWORK PROGRAM 1.0]
442	protocol [XENIX CORE]
443	protocol [LANMAN1.0]
444	protocol [LM1.2X002]
445	protocol [LANMAN2.1]
446	*/
447
448	/*
449	* Modified to recognize the architecture of the remote machine better.
450	*
451	* This appears to be the matrix of which protocol is used by which
452	* MS product.
453	Protocol WfWg Win95 WinNT Win2K OS/2 Vista
454	PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
455	XENIX CORE 2 2
456	MICROSOFT NETWORKS 3.0 2 2
457	DOS LM1.2X002 3 3
458	MICROSOFT NETWORKS 1.03 3
459	DOS LANMAN2.1 4 4
460	LANMAN1.0 4 2 3 2
461	Windows for Workgroups 3.1a 5 5 5 3 3
462	LM1.2X002 6 4 4 4
463	LANMAN2.1 7 5 5 5
464	NT LM 0.12 6 8 6 6
465	SMB 2.001 7
466	*
467	* tim@fsg.com 09/29/95
468	* Win2K added by matty 17/7/99
469	*/
470
471	#define ARCH_WFWG 0x3 /* This is a fudge because WfWg is like Win95 */
472	#define ARCH_WIN95 0x2
473	#define ARCH_WINNT 0x4
474	#define ARCH_WIN2K 0xC /* Win2K is like NT */
475	#define ARCH_OS2 0x14 /* Again OS/2 is like NT */
476	#define ARCH_SAMBA 0x20
477	#define ARCH_CIFSFS 0x40
478	#define ARCH_VISTA 0x8C /* Vista is like XP/2K */
479
480	#define ARCH_ALL 0x7F
481
482	/* List of supported protocols, most desired first */
483	static const struct {
484	const char *proto_name;
485	const char *short_name;
486	void (proto_reply_fn)(struct smb_request req, uint16 choice);
487	int protocol_level;
488	} supported_protocols[] = {
489	{"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
490	{"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
491	{"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
492	{"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
493	{"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
494	{"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
495	{"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
496	{"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
497	{"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
498	{"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
499	{"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE},
500	{NULL,NULL,NULL,0},
501	};
502
503	/****************************************************************************
504	Reply to a negprot.
505	conn POINTER CAN BE NULL HERE !
506	****************************************************************************/
507
508	void reply_negprot(struct smb_request *req)
509	{
510	size_t size = smb_len(req->inbuf) + 4;
511	int choice= -1;
512	int protocol;
513	char *p;
514	int bcc = SVAL(smb_buf(req->inbuf),-2);
515	int arch = ARCH_ALL;
516	int num_cliprotos;
517	char **cliprotos;
518	int i;
519
520	static bool done_negprot = False;
521
522	START_PROFILE(SMBnegprot);
523
524	if (done_negprot) {
525	END_PROFILE(SMBnegprot);
526	exit_server_cleanly("multiple negprot's are not permitted");
527	}
528	done_negprot = True;
529
530	if (req->inbuf[size-1] != '\0') {
531	DEBUG(0, ("negprot protocols not 0-terminated\n"));
532	reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
533	END_PROFILE(SMBnegprot);
534	return;
535	}
536
537	p = smb_buf(req->inbuf) + 1;
538
539	num_cliprotos = 0;
540	cliprotos = NULL;
541
542	while (p < (smb_buf(req->inbuf) + bcc)) {
543
544	char **tmp;
545
546	tmp = TALLOC_REALLOC_ARRAY(talloc_tos(), cliprotos, char *,
547	num_cliprotos+1);
548	if (tmp == NULL) {
549	DEBUG(0, ("talloc failed\n"));
550	TALLOC_FREE(cliprotos);
551	reply_nterror(req, NT_STATUS_NO_MEMORY);
552	END_PROFILE(SMBnegprot);
553	return;
554	}
555
556	cliprotos = tmp;
557
558	if (pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p)
559	== (size_t)-1) {
560	DEBUG(0, ("pull_ascii_talloc failed\n"));
561	TALLOC_FREE(cliprotos);
562	reply_nterror(req, NT_STATUS_NO_MEMORY);
563	END_PROFILE(SMBnegprot);
564	return;
565	}
566
567	DEBUG(3, ("Requested protocol [%s]\n",
568	cliprotos[num_cliprotos]));
569
570	num_cliprotos += 1;
571	p += strlen(p) + 2;
572	}
573
574	for (i=0; i<num_cliprotos; i++) {
575	if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a"))
576	arch &= ( ARCH_WFWG \| ARCH_WIN95 \| ARCH_WINNT
577	\| ARCH_WIN2K );
578	else if (strcsequal(cliprotos[i], "DOS LM1.2X002"))
579	arch &= ( ARCH_WFWG \| ARCH_WIN95 );
580	else if (strcsequal(cliprotos[i], "DOS LANMAN2.1"))
581	arch &= ( ARCH_WFWG \| ARCH_WIN95 );
582	else if (strcsequal(cliprotos[i], "NT LM 0.12"))
583	arch &= ( ARCH_WIN95 \| ARCH_WINNT \| ARCH_WIN2K
584	\| ARCH_CIFSFS);
585	else if (strcsequal(cliprotos[i], "SMB 2.001"))
586	arch = ARCH_VISTA;
587	else if (strcsequal(cliprotos[i], "LANMAN2.1"))
588	arch &= ( ARCH_WINNT \| ARCH_WIN2K \| ARCH_OS2 );
589	else if (strcsequal(cliprotos[i], "LM1.2X002"))
590	arch &= ( ARCH_WINNT \| ARCH_WIN2K \| ARCH_OS2 );
591	else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03"))
592	arch &= ARCH_WINNT;
593	else if (strcsequal(cliprotos[i], "XENIX CORE"))
594	arch &= ( ARCH_WINNT \| ARCH_OS2 );
595	else if (strcsequal(cliprotos[i], "Samba")) {
596	arch = ARCH_SAMBA;
597	break;
598	} else if (strcsequal(cliprotos[i], "POSIX 2")) {
599	arch = ARCH_CIFSFS;
600	break;
601	}
602	}
603
604	/* CIFSFS can send one arch only, NT LM 0.12. */
605	if (i == 1 && (arch & ARCH_CIFSFS)) {
606	arch = ARCH_CIFSFS;
607	}
608
609	switch ( arch ) {
610	case ARCH_CIFSFS:
611	set_remote_arch(RA_CIFSFS);
612	break;
613	case ARCH_SAMBA:
614	set_remote_arch(RA_SAMBA);
615	break;
616	case ARCH_WFWG:
617	set_remote_arch(RA_WFWG);
618	break;
619	case ARCH_WIN95:
620	set_remote_arch(RA_WIN95);
621	break;
622	case ARCH_WINNT:
623	if(req->flags2 == FLAGS2_WIN2K_SIGNATURE)
624	set_remote_arch(RA_WIN2K);
625	else
626	set_remote_arch(RA_WINNT);
627	break;
628	case ARCH_WIN2K:
629	/* Vista may have been set in the negprot so don't
630	override it here */
631	if ( get_remote_arch() != RA_VISTA )
632	set_remote_arch(RA_WIN2K);
633	break;
634	case ARCH_VISTA:
635	set_remote_arch(RA_VISTA);
636	break;
637	case ARCH_OS2:
638	set_remote_arch(RA_OS2);
639	break;
640	default:
641	set_remote_arch(RA_UNKNOWN);
642	break;
643	}
644
645	/* possibly reload - change of architecture */
646	reload_services(True);
647
648	/* moved from the netbios session setup code since we don't have that
649	when the client connects to port 445. Of course there is a small
650	window where we are listening to messages -- jerry */
651
652	claim_connection(
653	NULL,"",FLAG_MSG_GENERAL\|FLAG_MSG_SMBD\|FLAG_MSG_PRINT_GENERAL);
654
655	/* Check for protocols, most desirable first */
656	for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
657	i = 0;
658	if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) &&
659	(supported_protocols[protocol].protocol_level >= lp_minprotocol()))
660	while (i < num_cliprotos) {
661	if (strequal(cliprotos[i],supported_protocols[protocol].proto_name))
662	choice = i;
663	i++;
664	}
665	if(choice != -1)
666	break;
667	}
668
669	if(choice != -1) {
670	fstrcpy(remote_proto,supported_protocols[protocol].short_name);
671	reload_services(True);
672	supported_protocols[protocol].proto_reply_fn(req, choice);
673	DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
674	} else {
675	DEBUG(0,("No protocol supported !\n"));
676	reply_outbuf(req, 1, 0);
677	SSVAL(req->outbuf, smb_vwv0, choice);
678	}
679
680	DEBUG( 5, ( "negprot index=%d\n", choice ) );
681
682	if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) {
683	exit_server_cleanly("SMB signing is required and "
684	"client negotiated a downlevel protocol");
685	}
686
687	TALLOC_FREE(cliprotos);
688	END_PROFILE(SMBnegprot);
689	return;
690	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: