Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

negprot.c@ 7

Visit:

Last change on this file since 7 was 1, checked in by Paul Smedley, 18 years ago
Initial code import
File size: 19.1 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	negprot reply code
4	Copyright (C) Andrew Tridgell 1992-1998
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 2 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program; if not, write to the Free Software
18	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19	*/
20
21	#include "includes.h"
22
23	extern fstring remote_proto;
24	extern enum protocol_types Protocol;
25	extern int max_recv;
26
27	BOOL global_encrypted_passwords_negotiated = False;
28	BOOL global_spnego_negotiated = False;
29	struct auth_context *negprot_global_auth_context = NULL;
30
31	static void get_challenge(char buff[8])
32	{
33	NTSTATUS nt_status;
34	const uint8 *cryptkey;
35
36	/* We might be called more than once, multiple negprots are
37	* permitted */
38	if (negprot_global_auth_context) {
39	DEBUG(3, ("get challenge: is this a secondary negprot? negprot_global_auth_context is non-NULL!\n"));
40	(negprot_global_auth_context->free)(&negprot_global_auth_context);
41	}
42
43	DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
44	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&negprot_global_auth_context))) {
45	DEBUG(0, ("make_auth_context_subsystem returned %s", nt_errstr(nt_status)));
46	smb_panic("cannot make_negprot_global_auth_context!\n");
47	}
48	DEBUG(10, ("get challenge: getting challenge\n"));
49	cryptkey = negprot_global_auth_context->get_ntlm_challenge(negprot_global_auth_context);
50	memcpy(buff, cryptkey, 8);
51	}
52
53	/****************************************************************************
54	Reply for the core protocol.
55	****************************************************************************/
56
57	static int reply_corep(char inbuf, char outbuf)
58	{
59	int outsize = set_message(outbuf,1,0,True);
60
61	Protocol = PROTOCOL_CORE;
62
63	return outsize;
64	}
65
66	/****************************************************************************
67	Reply for the coreplus protocol.
68	****************************************************************************/
69
70	static int reply_coreplus(char inbuf, char outbuf)
71	{
72	int raw = (lp_readraw()?1:0) \| (lp_writeraw()?2:0);
73	int outsize = set_message(outbuf,13,0,True);
74	SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
75	readbraw and writebraw (possibly) */
76	/* Reply, SMBlockread, SMBwritelock supported. */
77	SCVAL(outbuf,smb_flg,FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
78	SSVAL(outbuf,smb_vwv1,0x1); /* user level security, don't encrypt */
79
80	Protocol = PROTOCOL_COREPLUS;
81
82	return outsize;
83	}
84
85	/****************************************************************************
86	Reply for the lanman 1.0 protocol.
87	****************************************************************************/
88
89	static int reply_lanman1(char inbuf, char outbuf)
90	{
91	int raw = (lp_readraw()?1:0) \| (lp_writeraw()?2:0);
92	int secword=0;
93	time_t t = time(NULL);
94
95	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
96
97	if (lp_security()>=SEC_USER)
98	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
99	if (global_encrypted_passwords_negotiated)
100	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
101
102	set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True);
103	SSVAL(outbuf,smb_vwv1,secword);
104	/* Create a token value and add it to the outgoing packet. */
105	if (global_encrypted_passwords_negotiated) {
106	get_challenge(smb_buf(outbuf));
107	SSVAL(outbuf,smb_vwv11, 8);
108	}
109
110	Protocol = PROTOCOL_LANMAN1;
111
112	/* Reply, SMBlockread, SMBwritelock supported. */
113	SCVAL(outbuf,smb_flg,FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
114	SSVAL(outbuf,smb_vwv2,max_recv);
115	SSVAL(outbuf,smb_vwv3,lp_maxmux()); /* maxmux */
116	SSVAL(outbuf,smb_vwv4,1);
117	SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
118	readbraw writebraw (possibly) */
119	SIVAL(outbuf,smb_vwv6,sys_getpid());
120	SSVAL(outbuf,smb_vwv10, set_server_zone_offset(t)/60);
121
122	srv_put_dos_date(outbuf,smb_vwv8,t);
123
124	return (smb_len(outbuf)+4);
125	}
126
127	/****************************************************************************
128	Reply for the lanman 2.0 protocol.
129	****************************************************************************/
130
131	static int reply_lanman2(char inbuf, char outbuf)
132	{
133	int raw = (lp_readraw()?1:0) \| (lp_writeraw()?2:0);
134	int secword=0;
135	time_t t = time(NULL);
136
137	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
138
139	if (lp_security()>=SEC_USER)
140	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
141	if (global_encrypted_passwords_negotiated)
142	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
143
144	set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True);
145	SSVAL(outbuf,smb_vwv1,secword);
146	SIVAL(outbuf,smb_vwv6,sys_getpid());
147
148	/* Create a token value and add it to the outgoing packet. */
149	if (global_encrypted_passwords_negotiated) {
150	get_challenge(smb_buf(outbuf));
151	SSVAL(outbuf,smb_vwv11, 8);
152	}
153
154	Protocol = PROTOCOL_LANMAN2;
155
156	/* Reply, SMBlockread, SMBwritelock supported. */
157	SCVAL(outbuf,smb_flg,FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
158	SSVAL(outbuf,smb_vwv2,max_recv);
159	SSVAL(outbuf,smb_vwv3,lp_maxmux());
160	SSVAL(outbuf,smb_vwv4,1);
161	SSVAL(outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
162	SSVAL(outbuf,smb_vwv10, set_server_zone_offset(t)/60);
163	srv_put_dos_date(outbuf,smb_vwv8,t);
164
165	return (smb_len(outbuf)+4);
166	}
167
168	/****************************************************************************
169	Generate the spnego negprot reply blob. Return the number of bytes used.
170	****************************************************************************/
171
172	static DATA_BLOB negprot_spnego(void)
173	{
174	DATA_BLOB blob;
175	nstring dos_name;
176	fstring unix_name;
177	#ifdef DEVELOPER
178	size_t slen;
179	#endif
180	char guid[17];
181	const char *OIDs_krb5[] = {OID_KERBEROS5,
182	OID_KERBEROS5_OLD,
183	OID_NTLMSSP,
184	NULL};
185	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
186
187	global_spnego_negotiated = True;
188
189	memset(guid, '\0', sizeof(guid));
190
191	safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1);
192	strlower_m(unix_name);
193	push_ascii_nstring(dos_name, unix_name);
194	safe_strcpy(guid, dos_name, sizeof(guid)-1);
195
196	#ifdef DEVELOPER
197	/* Fix valgrind 'uninitialized bytes' issue. */
198	slen = strlen(dos_name);
199	if (slen < sizeof(guid)) {
200	memset(guid+slen, '\0', sizeof(guid) - slen);
201	}
202	#endif
203
204	/* strangely enough, NT does not sent the single OID NTLMSSP when
205	not a ADS member, it sends no OIDs at all
206
207	OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
208	about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
209
210	Our sessionsetup code now handles raw NTLMSSP connects, so we can go
211	back to doing what W2K3 does here. This is needed to make PocketPC 2003
212	CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
213	for details. JRA.
214
215	*/
216
217	if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
218	#if 0
219	/* Code for PocketPC client */
220	blob = data_blob(guid, 16);
221	#else
222	/* Code for standalone WXP client */
223	blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
224	#endif
225	} else {
226	fstring myname;
227	char *host_princ_s = NULL;
228	name_to_fqdn(myname, global_myname());
229	strlower_m(myname);
230	asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm());
231	blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
232	SAFE_FREE(host_princ_s);
233	}
234
235	return blob;
236	}
237
238	/****************************************************************************
239	Reply for the nt protocol.
240	****************************************************************************/
241
242	static int reply_nt1(char inbuf, char outbuf)
243	{
244	/* dual names + lock_and_read + nt SMBs + remote API calls */
245	int capabilities = CAP_NT_FIND\|CAP_LOCK_AND_READ\|
246	CAP_LEVEL_II_OPLOCKS;
247
248	int secword=0;
249	char p, q;
250	BOOL negotiate_spnego = False;
251	time_t t = time(NULL);
252
253	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
254
255	/* Check the flags field to see if this is Vista.
256	WinXP sets it and Vista does not. But we have to
257	distinguish from NT which doesn't set it either. */
258
259	if ( (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY) &&
260	((SVAL(inbuf, smb_flg2) & FLAGS2_UNKNOWN_BIT4) == 0) )
261	{
262	set_remote_arch( RA_VISTA );
263	}
264
265	/* do spnego in user level security if the client
266	supports it and we can do encrypted passwords */
267
268	if (global_encrypted_passwords_negotiated &&
269	(lp_security() != SEC_SHARE) &&
270	lp_use_spnego() &&
271	(SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
272	negotiate_spnego = True;
273	capabilities \|= CAP_EXTENDED_SECURITY;
274	add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
275	/* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply (already
276	partially constructed. */
277	SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) \| FLAGS2_EXTENDED_SECURITY);
278	}
279
280	capabilities \|= CAP_NT_SMBS\|CAP_RPC_REMOTE_APIS\|CAP_UNICODE;
281
282	if (lp_unix_extensions()) {
283	capabilities \|= CAP_UNIX;
284	}
285
286	if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
287	capabilities \|= CAP_LARGE_READX\|CAP_LARGE_WRITEX\|CAP_W2K_SMBS;
288
289	if (SMB_OFF_T_BITS == 64)
290	capabilities \|= CAP_LARGE_FILES;
291
292	if (lp_readraw() && lp_writeraw())
293	capabilities \|= CAP_RAW_MODE;
294
295	if (lp_nt_status_support())
296	capabilities \|= CAP_STATUS32;
297
298	if (lp_host_msdfs())
299	capabilities \|= CAP_DFS;
300
301	if (lp_security() >= SEC_USER)
302	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
303	if (global_encrypted_passwords_negotiated)
304	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
305
306	if (lp_server_signing()) {
307	if (lp_security() >= SEC_USER) {
308	secword \|= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
309	/* No raw mode with smb signing. */
310	capabilities &= ~CAP_RAW_MODE;
311	if (lp_server_signing() == Required)
312	secword \|=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
313	srv_set_signing_negotiated();
314	} else {
315	DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
316	if (lp_server_signing() == Required) {
317	exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
318	}
319	}
320	}
321
322	set_message(outbuf,17,0,True);
323
324	SCVAL(outbuf,smb_vwv1,secword);
325
326	Protocol = PROTOCOL_NT1;
327
328	SSVAL(outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
329	SSVAL(outbuf,smb_vwv2+1,1); /* num vcs */
330	SIVAL(outbuf,smb_vwv3+1,max_recv); /* max buffer. LOTS! */
331	SIVAL(outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
332	SIVAL(outbuf,smb_vwv7+1,sys_getpid()); /* session key */
333	SIVAL(outbuf,smb_vwv9+1,capabilities); /* capabilities */
334	put_long_date(outbuf+smb_vwv11+1,t);
335	SSVALS(outbuf,smb_vwv15+1,set_server_zone_offset(t)/60);
336
337	p = q = smb_buf(outbuf);
338	if (!negotiate_spnego) {
339	/* Create a token value and add it to the outgoing packet. */
340	if (global_encrypted_passwords_negotiated) {
341	/* note that we do not send a challenge at all if
342	we are using plaintext */
343	get_challenge(p);
344	SCVAL(outbuf,smb_vwv16+1,8);
345	p += 8;
346	}
347	p += srvstr_push(outbuf, p, lp_workgroup(), -1,
348	STR_UNICODE\|STR_TERMINATE\|STR_NOALIGN);
349	DEBUG(3,("not using SPNEGO\n"));
350	} else {
351	DATA_BLOB spnego_blob = negprot_spnego();
352
353	if (spnego_blob.data == NULL) {
354	return ERROR_NT(NT_STATUS_NO_MEMORY);
355	}
356
357	memcpy(p, spnego_blob.data, spnego_blob.length);
358	p += spnego_blob.length;
359	data_blob_free(&spnego_blob);
360
361	SCVAL(outbuf,smb_vwv16+1, 0);
362	DEBUG(3,("using SPNEGO\n"));
363	}
364
365	SSVAL(outbuf,smb_vwv17, p - q); /* length of challenge+domain strings */
366	set_message_end(outbuf, p);
367
368	return (smb_len(outbuf)+4);
369	}
370
371	/* these are the protocol lists used for auto architecture detection:
372
373	WinNT 3.51:
374	protocol [PC NETWORK PROGRAM 1.0]
375	protocol [XENIX CORE]
376	protocol [MICROSOFT NETWORKS 1.03]
377	protocol [LANMAN1.0]
378	protocol [Windows for Workgroups 3.1a]
379	protocol [LM1.2X002]
380	protocol [LANMAN2.1]
381	protocol [NT LM 0.12]
382
383	Win95:
384	protocol [PC NETWORK PROGRAM 1.0]
385	protocol [XENIX CORE]
386	protocol [MICROSOFT NETWORKS 1.03]
387	protocol [LANMAN1.0]
388	protocol [Windows for Workgroups 3.1a]
389	protocol [LM1.2X002]
390	protocol [LANMAN2.1]
391	protocol [NT LM 0.12]
392
393	Win2K:
394	protocol [PC NETWORK PROGRAM 1.0]
395	protocol [LANMAN1.0]
396	protocol [Windows for Workgroups 3.1a]
397	protocol [LM1.2X002]
398	protocol [LANMAN2.1]
399	protocol [NT LM 0.12]
400
401	Vista:
402	protocol [PC NETWORK PROGRAM 1.0]
403	protocol [LANMAN1.0]
404	protocol [Windows for Workgroups 3.1a]
405	protocol [LM1.2X002]
406	protocol [LANMAN2.1]
407	protocol [NT LM 0.12]
408	protocol [SMB 2.001]
409
410	OS/2:
411	protocol [PC NETWORK PROGRAM 1.0]
412	protocol [XENIX CORE]
413	protocol [LANMAN1.0]
414	protocol [LM1.2X002]
415	protocol [LANMAN2.1]
416	*/
417
418	/*
419	* Modified to recognize the architecture of the remote machine better.
420	*
421	* This appears to be the matrix of which protocol is used by which
422	* MS product.
423	Protocol WfWg Win95 WinNT Win2K OS/2 Vista
424	PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
425	XENIX CORE 2 2
426	MICROSOFT NETWORKS 3.0 2 2
427	DOS LM1.2X002 3 3
428	MICROSOFT NETWORKS 1.03 3
429	DOS LANMAN2.1 4 4
430	LANMAN1.0 4 2 3 2
431	Windows for Workgroups 3.1a 5 5 5 3 3
432	LM1.2X002 6 4 4 4
433	LANMAN2.1 7 5 5 5
434	NT LM 0.12 6 8 6 6
435	SMB 2.001 7
436	*
437	* tim@fsg.com 09/29/95
438	* Win2K added by matty 17/7/99
439	*/
440
441	#define ARCH_WFWG 0x3 /* This is a fudge because WfWg is like Win95 */
442	#define ARCH_WIN95 0x2
443	#define ARCH_WINNT 0x4
444	#define ARCH_WIN2K 0xC /* Win2K is like NT */
445	#define ARCH_OS2 0x14 /* Again OS/2 is like NT */
446	#define ARCH_SAMBA 0x20
447	#define ARCH_CIFSFS 0x40
448	#define ARCH_VISTA 0x8C /* Vista is like XP/2K */
449
450	#define ARCH_ALL 0x7F
451
452	/* List of supported protocols, most desired first */
453	static const struct {
454	const char *proto_name;
455	const char *short_name;
456	int (proto_reply_fn)(char , char *);
457	int protocol_level;
458	} supported_protocols[] = {
459	{"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
460	{"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
461	{"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
462	{"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
463	{"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
464	{"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
465	{"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
466	{"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
467	{"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
468	{"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
469	{"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE},
470	{NULL,NULL,NULL,0},
471	};
472
473	/****************************************************************************
474	Reply to a negprot.
475	conn POINTER CAN BE NULL HERE !
476	****************************************************************************/
477
478	int reply_negprot(connection_struct *conn,
479	char inbuf,char outbuf, int dum_size,
480	int dum_buffsize)
481	{
482	int outsize = set_message(outbuf,1,0,True);
483	int Index=0;
484	int choice= -1;
485	int protocol;
486	char *p;
487	int bcc = SVAL(smb_buf(inbuf),-2);
488	int arch = ARCH_ALL;
489
490	static BOOL done_negprot = False;
491
492	START_PROFILE(SMBnegprot);
493
494	if (done_negprot) {
495	END_PROFILE(SMBnegprot);
496	exit_server_cleanly("multiple negprot's are not permitted");
497	}
498	done_negprot = True;
499
500	p = smb_buf(inbuf)+1;
501	while (p < (smb_buf(inbuf) + bcc)) {
502	Index++;
503	DEBUG(3,("Requested protocol [%s]\n",p));
504	if (strcsequal(p,"Windows for Workgroups 3.1a"))
505	arch &= ( ARCH_WFWG \| ARCH_WIN95 \| ARCH_WINNT \| ARCH_WIN2K );
506	else if (strcsequal(p,"DOS LM1.2X002"))
507	arch &= ( ARCH_WFWG \| ARCH_WIN95 );
508	else if (strcsequal(p,"DOS LANMAN2.1"))
509	arch &= ( ARCH_WFWG \| ARCH_WIN95 );
510	else if (strcsequal(p,"NT LM 0.12"))
511	arch &= ( ARCH_WIN95 \| ARCH_WINNT \| ARCH_WIN2K \| ARCH_CIFSFS);
512	else if (strcsequal(p,"SMB 2.001"))
513	arch = ARCH_VISTA;
514	else if (strcsequal(p,"LANMAN2.1"))
515	arch &= ( ARCH_WINNT \| ARCH_WIN2K \| ARCH_OS2 );
516	else if (strcsequal(p,"LM1.2X002"))
517	arch &= ( ARCH_WINNT \| ARCH_WIN2K \| ARCH_OS2 );
518	else if (strcsequal(p,"MICROSOFT NETWORKS 1.03"))
519	arch &= ARCH_WINNT;
520	else if (strcsequal(p,"XENIX CORE"))
521	arch &= ( ARCH_WINNT \| ARCH_OS2 );
522	else if (strcsequal(p,"Samba")) {
523	arch = ARCH_SAMBA;
524	break;
525	} else if (strcsequal(p,"POSIX 2")) {
526	arch = ARCH_CIFSFS;
527	break;
528	}
529
530	p += strlen(p) + 2;
531	}
532
533	/* CIFSFS can send one arch only, NT LM 0.12. */
534	if (Index == 1 && (arch & ARCH_CIFSFS)) {
535	arch = ARCH_CIFSFS;
536	}
537
538	switch ( arch ) {
539	case ARCH_CIFSFS:
540	set_remote_arch(RA_CIFSFS);
541	break;
542	case ARCH_SAMBA:
543	set_remote_arch(RA_SAMBA);
544	break;
545	case ARCH_WFWG:
546	set_remote_arch(RA_WFWG);
547	break;
548	case ARCH_WIN95:
549	set_remote_arch(RA_WIN95);
550	break;
551	case ARCH_WINNT:
552	if(SVAL(inbuf,smb_flg2)==FLAGS2_WIN2K_SIGNATURE)
553	set_remote_arch(RA_WIN2K);
554	else
555	set_remote_arch(RA_WINNT);
556	break;
557	case ARCH_WIN2K:
558	/* Vista may have been set in the negprot so don't
559	override it here */
560	if ( get_remote_arch() != RA_VISTA )
561	set_remote_arch(RA_WIN2K);
562	break;
563	case ARCH_VISTA:
564	set_remote_arch(RA_VISTA);
565	break;
566	case ARCH_OS2:
567	set_remote_arch(RA_OS2);
568	break;
569	default:
570	set_remote_arch(RA_UNKNOWN);
571	break;
572	}
573
574	/* possibly reload - change of architecture */
575	reload_services(True);
576
577	/* moved from the netbios session setup code since we don't have that
578	when the client connects to port 445. Of course there is a small
579	window where we are listening to messages -- jerry */
580
581	claim_connection(NULL,"",0,True,FLAG_MSG_GENERAL\|FLAG_MSG_SMBD\|FLAG_MSG_PRINT_GENERAL);
582
583	/* Check for protocols, most desirable first */
584	for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
585	p = smb_buf(inbuf)+1;
586	Index = 0;
587	if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) &&
588	(supported_protocols[protocol].protocol_level >= lp_minprotocol()))
589	while (p < (smb_buf(inbuf) + bcc)) {
590	if (strequal(p,supported_protocols[protocol].proto_name))
591	choice = Index;
592	Index++;
593	p += strlen(p) + 2;
594	}
595	if(choice != -1)
596	break;
597	}
598
599	SSVAL(outbuf,smb_vwv0,choice);
600	if(choice != -1) {
601	fstrcpy(remote_proto,supported_protocols[protocol].short_name);
602	reload_services(True);
603	outsize = supported_protocols[protocol].proto_reply_fn(inbuf, outbuf);
604	DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
605	} else {
606	DEBUG(0,("No protocol supported !\n"));
607	}
608	SSVAL(outbuf,smb_vwv0,choice);
609
610	DEBUG( 5, ( "negprot index=%d\n", choice ) );
611
612	if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) {
613	exit_server_cleanly("SMB signing is required and "
614	"client negotiated a downlevel protocol");
615	}
616
617	END_PROFILE(SMBnegprot);
618	return(outsize);
619	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/samba-3.0.25pre1/source/smbd/negprot.c@ 7

Download in other formats: