source: branches/samba-3.5.x/source3/smbd/smb2_negprot.c

Last change on this file was 414, checked in by Herwig Bauernfeind, 15 years ago

Samba 3.5.0: Initial import
File size: 5.2 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21#include "includes.h"
22#include "smbd/globals.h"
23#include "../libcli/smb/smb_common.h"
24
25/*
26 * this is the entry point if SMB2 is selected via
27 * the SMB negprot
28 */
29void reply_smb2002(struct smb_request *req, uint16_t choice)
30{
31 uint8_t *smb2_inbuf;
32 uint8_t *smb2_hdr;
33 uint8_t *smb2_body;
34 uint8_t *smb2_dyn;
35 size_t len = 4 + SMB2_HDR_BODY + 0x24 + 2;
36
37 smb2_inbuf = talloc_zero_array(talloc_tos(), uint8_t, len);
38 if (smb2_inbuf == NULL) {
39 DEBUG(0, ("Could not push spnego blob\n"));
40 reply_nterror(req, NT_STATUS_NO_MEMORY);
41 return;
42 }
43 smb2_hdr = smb2_inbuf + 4;
44 smb2_body = smb2_hdr + SMB2_HDR_BODY;
45 smb2_dyn = smb2_body + 0x24;
46
47 SIVAL(smb2_hdr, SMB2_HDR_PROTOCOL_ID, SMB2_MAGIC);
48 SIVAL(smb2_hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
49
50 SSVAL(smb2_body, 0x00, 0x0024); /* struct size */
51 SSVAL(smb2_body, 0x02, 0x0001); /* dialect count */
52
53 SSVAL(smb2_dyn, 0x00, 0x0202); /* dialect 2.002 */
54
55 req->outbuf = NULL;
56
57 smbd_smb2_first_negprot(smbd_server_conn, smb2_inbuf, len);
58 return;
59}
60
61NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
62{
63 const uint8_t *inbody;
64 const uint8_t *indyn = NULL;
65 int i = req->current_idx;
66 DATA_BLOB outbody;
67 DATA_BLOB outdyn;
68 DATA_BLOB negprot_spnego_blob;
69 uint16_t security_offset;
70 DATA_BLOB security_buffer;
71 size_t expected_body_size = 0x24;
72 size_t body_size;
73 size_t expected_dyn_size = 0;
74 size_t c;
75 uint16_t security_mode;
76 uint16_t dialect_count;
77 uint16_t dialect = 0;
78 uint32_t capabilities;
79
80/* TODO: drop the connection with INVALI_PARAMETER */
81
82 if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
83 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
84 }
85
86 inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
87
88 body_size = SVAL(inbody, 0x00);
89 if (body_size != expected_body_size) {
90 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
91 }
92
93 dialect_count = SVAL(inbody, 0x02);
94 if (dialect_count == 0) {
95 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
96 }
97
98 expected_dyn_size = dialect_count * 2;
99 if (req->in.vector[i+2].iov_len < expected_dyn_size) {
100 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
101 }
102 indyn = (const uint8_t *)req->in.vector[i+2].iov_base;
103
104 for (c=0; c < dialect_count; c++) {
105 dialect = SVAL(indyn, c*2);
106 if (dialect == SMB2_DIALECT_REVISION_202) {
107 break;
108 }
109 }
110
111 if (dialect != SMB2_DIALECT_REVISION_202) {
112 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
113 }
114
115 set_Protocol(PROTOCOL_SMB2);
116
117 if (get_remote_arch() != RA_SAMBA) {
118 set_remote_arch(RA_VISTA);
119 }
120
121 /* negprot_spnego() returns a the server guid in the first 16 bytes */
122 negprot_spnego_blob = negprot_spnego();
123 if (negprot_spnego_blob.data == NULL) {
124 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
125 }
126 talloc_steal(req, negprot_spnego_blob.data);
127
128 if (negprot_spnego_blob.length < 16) {
129 return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
130 }
131
132 security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
133 if (lp_server_signing() == Required) {
134 security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
135 }
136
137 capabilities = 0;
138 if (lp_host_msdfs()) {
139 capabilities |= SMB2_CAP_DFS;
140 }
141
142 security_offset = SMB2_HDR_BODY + 0x40;
143
144#if 1
145 /* Try SPNEGO auth... */
146 security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
147 negprot_spnego_blob.length - 16);
148#else
149 /* for now we want raw NTLMSSP */
150 security_buffer = data_blob_const(NULL, 0);
151#endif
152
153 outbody = data_blob_talloc(req->out.vector, NULL, 0x40);
154 if (outbody.data == NULL) {
155 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
156 }
157
158 SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
159 SSVAL(outbody.data, 0x02,
160 security_mode); /* security mode */
161 SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
162 SSVAL(outbody.data, 0x06, 0); /* reserved */
163 memcpy(outbody.data + 0x08,
164 negprot_spnego_blob.data, 16); /* server guid */
165 SIVAL(outbody.data, 0x18,
166 capabilities); /* capabilities */
167 SIVAL(outbody.data, 0x1C, 0x00010000); /* max transact size */
168 SIVAL(outbody.data, 0x20, 0x00010000); /* max read size */
169 SIVAL(outbody.data, 0x24, 0x00010000); /* max write size */
170 SBVAL(outbody.data, 0x28, 0); /* system time */
171 SBVAL(outbody.data, 0x30, 0); /* server start time */
172 SSVAL(outbody.data, 0x38,
173 security_offset); /* security buffer offset */
174 SSVAL(outbody.data, 0x3A,
175 security_buffer.length); /* security buffer length */
176 SIVAL(outbody.data, 0x3C, 0); /* reserved */
177
178 outdyn = security_buffer;
179
180 return smbd_smb2_request_done(req, outbody, &outdyn);
181}
Note: See TracBrowser for help on using the repository browser.