Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

negprot.c

Visit:

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago
Samba Server: update vendor to version 4.4.3
File size: 22.6 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	negprot reply code
4	Copyright (C) Andrew Tridgell 1992-1998
5	Copyright (C) Volker Lendecke 2007
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "includes.h"
22	#include "smbd/smbd.h"
23	#include "smbd/globals.h"
24	#include "serverid.h"
25	#include "auth.h"
26	#include "messages.h"
27	#include "smbprofile.h"
28	#include "auth/gensec/gensec.h"
29	#include "../libcli/smb/smb_signing.h"
30
31	extern fstring remote_proto;
32
33	static void get_challenge(struct smbXsrv_connection *xconn, uint8_t buff[8])
34	{
35	NTSTATUS nt_status;
36
37	/* We might be called more than once, multiple negprots are
38	* permitted */
39	if (xconn->smb1.negprot.auth_context) {
40	DEBUG(3, ("get challenge: is this a secondary negprot? "
41	"sconn->negprot.auth_context is non-NULL!\n"));
42	TALLOC_FREE(xconn->smb1.negprot.auth_context);
43	}
44
45	DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
46	nt_status = make_auth4_context(
47	xconn, &xconn->smb1.negprot.auth_context);
48	if (!NT_STATUS_IS_OK(nt_status)) {
49	DEBUG(0, ("make_auth_context_subsystem returned %s",
50	nt_errstr(nt_status)));
51	smb_panic("cannot make_negprot_global_auth_context!");
52	}
53	DEBUG(10, ("get challenge: getting challenge\n"));
54	xconn->smb1.negprot.auth_context->get_ntlm_challenge(
55	xconn->smb1.negprot.auth_context, buff);
56	}
57
58	/****************************************************************************
59	Reply for the lanman 1.0 protocol.
60	****************************************************************************/
61
62	static void reply_lanman1(struct smb_request *req, uint16_t choice)
63	{
64	int secword=0;
65	time_t t = time(NULL);
66	struct smbXsrv_connection *xconn = req->xconn;
67	uint16_t raw;
68	if (lp_async_smb_echo_handler()) {
69	raw = 0;
70	} else {
71	raw = (lp_read_raw()?1:0) \| (lp_write_raw()?2:0);
72	}
73
74	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
75
76	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
77	if (xconn->smb1.negprot.encrypted_passwords) {
78	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
79	}
80
81	reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
82
83	SSVAL(req->outbuf,smb_vwv0,choice);
84	SSVAL(req->outbuf,smb_vwv1,secword);
85	/* Create a token value and add it to the outgoing packet. */
86	if (xconn->smb1.negprot.encrypted_passwords) {
87	get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
88	SSVAL(req->outbuf,smb_vwv11, 8);
89	}
90
91	smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
92
93	/* Reply, SMBlockread, SMBwritelock supported. */
94	SCVAL(req->outbuf,smb_flg, FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
95	SSVAL(req->outbuf,smb_vwv2, xconn->smb1.negprot.max_recv);
96	SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
97	SSVAL(req->outbuf,smb_vwv4, 1);
98	SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
99	readbraw writebraw (possibly) */
100	SIVAL(req->outbuf,smb_vwv6, getpid());
101	SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
102
103	srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
104
105	return;
106	}
107
108	/****************************************************************************
109	Reply for the lanman 2.0 protocol.
110	****************************************************************************/
111
112	static void reply_lanman2(struct smb_request *req, uint16_t choice)
113	{
114	int secword=0;
115	time_t t = time(NULL);
116	struct smbXsrv_connection *xconn = req->xconn;
117	uint16_t raw;
118	if (lp_async_smb_echo_handler()) {
119	raw = 0;
120	} else {
121	raw = (lp_read_raw()?1:0) \| (lp_write_raw()?2:0);
122	}
123
124	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
125
126	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
127	if (xconn->smb1.negprot.encrypted_passwords) {
128	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
129	}
130
131	reply_outbuf(req, 13, xconn->smb1.negprot.encrypted_passwords?8:0);
132
133	SSVAL(req->outbuf,smb_vwv0, choice);
134	SSVAL(req->outbuf,smb_vwv1, secword);
135	SIVAL(req->outbuf,smb_vwv6, getpid());
136
137	/* Create a token value and add it to the outgoing packet. */
138	if (xconn->smb1.negprot.encrypted_passwords) {
139	get_challenge(xconn, (uint8_t *)smb_buf(req->outbuf));
140	SSVAL(req->outbuf,smb_vwv11, 8);
141	}
142
143	smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
144
145	/* Reply, SMBlockread, SMBwritelock supported. */
146	SCVAL(req->outbuf,smb_flg,FLAG_REPLY\|FLAG_SUPPORT_LOCKREAD);
147	SSVAL(req->outbuf,smb_vwv2,xconn->smb1.negprot.max_recv);
148	SSVAL(req->outbuf,smb_vwv3,lp_max_mux());
149	SSVAL(req->outbuf,smb_vwv4,1);
150	SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
151	SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
152	srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
153	}
154
155	/****************************************************************************
156	Generate the spnego negprot reply blob. Return the number of bytes used.
157	****************************************************************************/
158
159	DATA_BLOB negprot_spnego(TALLOC_CTX ctx, struct smbXsrv_connection xconn)
160	{
161	DATA_BLOB blob = data_blob_null;
162	DATA_BLOB blob_out = data_blob_null;
163	nstring dos_name;
164	fstring unix_name;
165	NTSTATUS status;
166	#ifdef DEVELOPER
167	size_t slen;
168	#endif
169	struct gensec_security *gensec_security;
170
171	/* See if we can get an SPNEGO blob */
172	status = auth_generic_prepare(talloc_tos(),
173	xconn->remote_address,
174	&gensec_security);
175	if (NT_STATUS_IS_OK(status)) {
176	status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
177	if (NT_STATUS_IS_OK(status)) {
178	status = gensec_update(gensec_security, ctx,
179	data_blob_null, &blob);
180	/* If we get the list of OIDs, the 'OK' answer
181	* is NT_STATUS_MORE_PROCESSING_REQUIRED */
182	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
183	DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
184	blob = data_blob_null;
185	}
186	}
187	TALLOC_FREE(gensec_security);
188	}
189
190	xconn->smb1.negprot.spnego = true;
191
192	/* strangely enough, NT does not sent the single OID NTLMSSP when
193	not a ADS member, it sends no OIDs at all
194
195	OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
196	about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
197
198	Our sessionsetup code now handles raw NTLMSSP connects, so we can go
199	back to doing what W2K3 does here. This is needed to make PocketPC 2003
200	CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
201	for details. JRA.
202
203	*/
204
205	if (blob.length == 0 \|\| blob.data == NULL) {
206	return data_blob_null;
207	}
208
209	blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
210	if (blob_out.data == NULL) {
211	data_blob_free(&blob);
212	return data_blob_null;
213	}
214
215	memset(blob_out.data, '\0', 16);
216
217	checked_strlcpy(unix_name, lp_netbios_name(), sizeof(unix_name));
218	(void)strlower_m(unix_name);
219	push_ascii_nstring(dos_name, unix_name);
220	strlcpy((char *)blob_out.data, dos_name, 17);
221
222	#ifdef DEVELOPER
223	/* Fix valgrind 'uninitialized bytes' issue. */
224	slen = strlen(dos_name);
225	if (slen < 16) {
226	memset(blob_out.data+slen, '\0', 16 - slen);
227	}
228	#endif
229
230	memcpy(&blob_out.data[16], blob.data, blob.length);
231
232	data_blob_free(&blob);
233
234	return blob_out;
235	}
236
237	/****************************************************************************
238	Reply for the nt protocol.
239	****************************************************************************/
240
241	static void reply_nt1(struct smb_request *req, uint16_t choice)
242	{
243	/* dual names + lock_and_read + nt SMBs + remote API calls */
244	int capabilities = CAP_NT_FIND\|CAP_LOCK_AND_READ\|
245	CAP_LEVEL_II_OPLOCKS;
246
247	int secword=0;
248	bool negotiate_spnego = False;
249	struct timespec ts;
250	ssize_t ret;
251	struct smbXsrv_connection *xconn = req->xconn;
252	bool signing_desired = false;
253	bool signing_required = false;
254
255	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
256
257	/* Check the flags field to see if this is Vista.
258	WinXP sets it and Vista does not. But we have to
259	distinguish from NT which doesn't set it either. */
260
261	if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
262	((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
263	{
264	if ((get_remote_arch() != RA_SAMBA) &&
265	(get_remote_arch() != RA_CIFSFS)) {
266	set_remote_arch( RA_VISTA );
267	}
268	}
269
270	reply_outbuf(req,17,0);
271
272	/* do spnego in user level security if the client
273	supports it and we can do encrypted passwords */
274
275	if (xconn->smb1.negprot.encrypted_passwords &&
276	lp_use_spnego() &&
277	(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
278	negotiate_spnego = True;
279	capabilities \|= CAP_EXTENDED_SECURITY;
280	add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
281	/* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
282	(already partially constructed. */
283	SSVAL(req->outbuf, smb_flg2,
284	req->flags2 \| FLAGS2_EXTENDED_SECURITY);
285	}
286
287	capabilities \|= CAP_NT_SMBS\|CAP_RPC_REMOTE_APIS;
288
289	if (lp_unicode()) {
290	capabilities \|= CAP_UNICODE;
291	}
292
293	if (lp_unix_extensions()) {
294	capabilities \|= CAP_UNIX;
295	}
296
297	if (lp_large_readwrite())
298	capabilities \|= CAP_LARGE_READX\|CAP_LARGE_WRITEX\|CAP_W2K_SMBS;
299
300	capabilities \|= CAP_LARGE_FILES;
301
302	if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
303	capabilities \|= CAP_RAW_MODE;
304
305	if (lp_nt_status_support())
306	capabilities \|= CAP_STATUS32;
307
308	if (lp_host_msdfs())
309	capabilities \|= CAP_DFS;
310
311	secword \|= NEGOTIATE_SECURITY_USER_LEVEL;
312	if (xconn->smb1.negprot.encrypted_passwords) {
313	secword \|= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
314	}
315
316	signing_desired = smb_signing_is_desired(xconn->smb1.signing_state);
317	signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
318
319	if (signing_desired) {
320	secword \|= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
321	/* No raw mode with smb signing. */
322	capabilities &= ~CAP_RAW_MODE;
323	if (signing_required) {
324	secword \|=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
325	}
326	}
327
328	SSVAL(req->outbuf,smb_vwv0,choice);
329	SCVAL(req->outbuf,smb_vwv1,secword);
330
331	smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
332
333	SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
334	SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
335	SIVAL(req->outbuf,smb_vwv3+1,
336	xconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
337	SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
338	SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
339	SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
340	clock_gettime(CLOCK_REALTIME,&ts);
341	put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
342	SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
343
344	if (!negotiate_spnego) {
345	/* Create a token value and add it to the outgoing packet. */
346	if (xconn->smb1.negprot.encrypted_passwords) {
347	uint8_t chal[8];
348	/* note that we do not send a challenge at all if
349	we are using plaintext */
350	get_challenge(xconn, chal);
351	ret = message_push_blob(
352	&req->outbuf, data_blob_const(chal, sizeof(chal)));
353	if (ret == -1) {
354	DEBUG(0, ("Could not push challenge\n"));
355	reply_nterror(req, NT_STATUS_NO_MEMORY);
356	return;
357	}
358	SCVAL(req->outbuf, smb_vwv16+1, ret);
359	}
360	ret = message_push_string(&req->outbuf, lp_workgroup(),
361	STR_UNICODE\|STR_TERMINATE
362	\|STR_NOALIGN);
363	if (ret == -1) {
364	DEBUG(0, ("Could not push workgroup string\n"));
365	reply_nterror(req, NT_STATUS_NO_MEMORY);
366	return;
367	}
368	ret = message_push_string(&req->outbuf, lp_netbios_name(),
369	STR_UNICODE\|STR_TERMINATE
370	\|STR_NOALIGN);
371	if (ret == -1) {
372	DEBUG(0, ("Could not push netbios name string\n"));
373	reply_nterror(req, NT_STATUS_NO_MEMORY);
374	return;
375	}
376	DEBUG(3,("not using SPNEGO\n"));
377	} else {
378	DATA_BLOB spnego_blob = negprot_spnego(req, xconn);
379
380	if (spnego_blob.data == NULL) {
381	reply_nterror(req, NT_STATUS_NO_MEMORY);
382	return;
383	}
384
385	ret = message_push_blob(&req->outbuf, spnego_blob);
386	if (ret == -1) {
387	DEBUG(0, ("Could not push spnego blob\n"));
388	reply_nterror(req, NT_STATUS_NO_MEMORY);
389	return;
390	}
391	data_blob_free(&spnego_blob);
392
393	SCVAL(req->outbuf,smb_vwv16+1, 0);
394	DEBUG(3,("using SPNEGO\n"));
395	}
396
397	return;
398	}
399
400	/* these are the protocol lists used for auto architecture detection:
401
402	WinNT 3.51:
403	protocol [PC NETWORK PROGRAM 1.0]
404	protocol [XENIX CORE]
405	protocol [MICROSOFT NETWORKS 1.03]
406	protocol [LANMAN1.0]
407	protocol [Windows for Workgroups 3.1a]
408	protocol [LM1.2X002]
409	protocol [LANMAN2.1]
410	protocol [NT LM 0.12]
411
412	Win95:
413	protocol [PC NETWORK PROGRAM 1.0]
414	protocol [XENIX CORE]
415	protocol [MICROSOFT NETWORKS 1.03]
416	protocol [LANMAN1.0]
417	protocol [Windows for Workgroups 3.1a]
418	protocol [LM1.2X002]
419	protocol [LANMAN2.1]
420	protocol [NT LM 0.12]
421
422	Win2K:
423	protocol [PC NETWORK PROGRAM 1.0]
424	protocol [LANMAN1.0]
425	protocol [Windows for Workgroups 3.1a]
426	protocol [LM1.2X002]
427	protocol [LANMAN2.1]
428	protocol [NT LM 0.12]
429
430	Vista:
431	protocol [PC NETWORK PROGRAM 1.0]
432	protocol [LANMAN1.0]
433	protocol [Windows for Workgroups 3.1a]
434	protocol [LM1.2X002]
435	protocol [LANMAN2.1]
436	protocol [NT LM 0.12]
437	protocol [SMB 2.001]
438
439	OS/2:
440	protocol [PC NETWORK PROGRAM 1.0]
441	protocol [XENIX CORE]
442	protocol [LANMAN1.0]
443	protocol [LM1.2X002]
444	protocol [LANMAN2.1]
445
446	OSX:
447	protocol [NT LM 0.12]
448	protocol [SMB 2.002]
449	protocol [SMB 2.???]
450	*/
451
452	/*
453	* Modified to recognize the architecture of the remote machine better.
454	*
455	* This appears to be the matrix of which protocol is used by which
456	* product.
457	Protocol WfWg Win95 WinNT Win2K OS/2 Vista OSX
458	PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
459	XENIX CORE 2 2
460	MICROSOFT NETWORKS 3.0 2 2
461	DOS LM1.2X002 3 3
462	MICROSOFT NETWORKS 1.03 3
463	DOS LANMAN2.1 4 4
464	LANMAN1.0 4 2 3 2
465	Windows for Workgroups 3.1a 5 5 5 3 3
466	LM1.2X002 6 4 4 4
467	LANMAN2.1 7 5 5 5
468	NT LM 0.12 6 8 6 6 6 1
469	SMB 2.001 7
470	SMB 2.002 2
471	SMB 2.??? 3
472	*
473	* tim@fsg.com 09/29/95
474	* Win2K added by matty 17/7/99
475	*/
476
477	#define PROT_PC_NETWORK_PROGRAM_1_0 0x0001
478	#define PROT_XENIX_CORE 0x0002
479	#define PROT_MICROSOFT_NETWORKS_3_0 0x0004
480	#define PROT_DOS_LM1_2X002 0x0008
481	#define PROT_MICROSOFT_NETWORKS_1_03 0x0010
482	#define PROT_DOS_LANMAN2_1 0x0020
483	#define PROT_LANMAN1_0 0x0040
484	#define PROT_WFWG 0x0080
485	#define PROT_LM1_2X002 0x0100
486	#define PROT_LANMAN2_1 0x0200
487	#define PROT_NT_LM_0_12 0x0400
488	#define PROT_SMB_2_001 0x0800
489	#define PROT_SMB_2_002 0x1000
490	#define PROT_SMB_2_FF 0x2000
491	#define PROT_SAMBA 0x4000
492	#define PROT_POSIX_2 0x8000
493
494	#define ARCH_WFWG ( PROT_PC_NETWORK_PROGRAM_1_0 \| PROT_MICROSOFT_NETWORKS_3_0 \| \
495	PROT_DOS_LM1_2X002 \| PROT_DOS_LANMAN2_1 \| PROT_WFWG )
496	#define ARCH_WIN95 ( ARCH_WFWG \| PROT_NT_LM_0_12 )
497	#define ARCH_WINNT ( PROT_PC_NETWORK_PROGRAM_1_0 \| PROT_XENIX_CORE \| \
498	PROT_MICROSOFT_NETWORKS_1_03 \| PROT_LANMAN1_0 \| PROT_WFWG \| \
499	PROT_LM1_2X002 \| PROT_LANMAN2_1 \| PROT_NT_LM_0_12 )
500	#define ARCH_WIN2K ( ARCH_WINNT & ~(PROT_XENIX_CORE \| PROT_MICROSOFT_NETWORKS_1_03) )
501	#define ARCH_OS2 ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 \| PROT_WFWG) )
502	#define ARCH_VISTA ( ARCH_WIN2K \| PROT_SMB_2_001 )
503	#define ARCH_SAMBA ( PROT_SAMBA )
504	#define ARCH_CIFSFS ( PROT_POSIX_2 )
505	#define ARCH_OSX ( PROT_NT_LM_0_12 \| PROT_SMB_2_002 \| PROT_SMB_2_FF )
506
507	/* List of supported protocols, most desired first */
508	static const struct {
509	const char *proto_name;
510	const char *short_name;
511	void (proto_reply_fn)(struct smb_request req, uint16_t choice);
512	int protocol_level;
513	} supported_protocols[] = {
514	{"SMB 2.???", "SMB2_FF", reply_smb20ff, PROTOCOL_SMB2_10},
515	{"SMB 2.002", "SMB2_02", reply_smb2002, PROTOCOL_SMB2_02},
516	{"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
517	{"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
518	{"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
519	{"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
520	{"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
521	{"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
522	{"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
523	{"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
524	{"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
525	{NULL,NULL,NULL,0},
526	};
527
528	/****************************************************************************
529	Reply to a negprot.
530	conn POINTER CAN BE NULL HERE !
531	****************************************************************************/
532
533	void reply_negprot(struct smb_request *req)
534	{
535	int choice= -1;
536	int chosen_level = -1;
537	int protocol;
538	const char *p;
539	int protocols = 0;
540	int num_cliprotos;
541	char **cliprotos;
542	int i;
543	size_t converted_size;
544	struct smbXsrv_connection *xconn = req->xconn;
545	struct smbd_server_connection *sconn = req->sconn;
546	bool signing_required = true;
547
548	START_PROFILE(SMBnegprot);
549
550	if (xconn->smb1.negprot.done) {
551	END_PROFILE(SMBnegprot);
552	exit_server_cleanly("multiple negprot's are not permitted");
553	}
554	xconn->smb1.negprot.done = true;
555
556	if (req->buflen == 0) {
557	DEBUG(0, ("negprot got no protocols\n"));
558	reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
559	END_PROFILE(SMBnegprot);
560	return;
561	}
562
563	if (req->buf[req->buflen-1] != '\0') {
564	DEBUG(0, ("negprot protocols not 0-terminated\n"));
565	reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
566	END_PROFILE(SMBnegprot);
567	return;
568	}
569
570	p = (const char *)req->buf + 1;
571
572	num_cliprotos = 0;
573	cliprotos = NULL;
574
575	while (smbreq_bufrem(req, p) > 0) {
576
577	char **tmp;
578
579	tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
580	num_cliprotos+1);
581	if (tmp == NULL) {
582	DEBUG(0, ("talloc failed\n"));
583	TALLOC_FREE(cliprotos);
584	reply_nterror(req, NT_STATUS_NO_MEMORY);
585	END_PROFILE(SMBnegprot);
586	return;
587	}
588
589	cliprotos = tmp;
590
591	if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
592	&converted_size)) {
593	DEBUG(0, ("pull_ascii_talloc failed\n"));
594	TALLOC_FREE(cliprotos);
595	reply_nterror(req, NT_STATUS_NO_MEMORY);
596	END_PROFILE(SMBnegprot);
597	return;
598	}
599
600	DEBUG(3, ("Requested protocol [%s]\n",
601	cliprotos[num_cliprotos]));
602
603	num_cliprotos += 1;
604	p += strlen(p) + 2;
605	}
606
607	for (i=0; i<num_cliprotos; i++) {
608	if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
609	protocols \|= PROT_WFWG;
610	} else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
611	protocols \|= PROT_DOS_LM1_2X002;
612	} else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
613	protocols \|= PROT_DOS_LANMAN2_1;
614	} else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
615	protocols \|= PROT_LANMAN1_0;
616	} else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
617	protocols \|= PROT_NT_LM_0_12;
618	} else if (strcsequal(cliprotos[i], "SMB 2.001")) {
619	protocols \|= PROT_SMB_2_001;
620	} else if (strcsequal(cliprotos[i], "SMB 2.002")) {
621	protocols \|= PROT_SMB_2_002;
622	} else if (strcsequal(cliprotos[i], "SMB 2.???")) {
623	protocols \|= PROT_SMB_2_FF;
624	} else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
625	protocols \|= PROT_LANMAN2_1;
626	} else if (strcsequal(cliprotos[i], "LM1.2X002")) {
627	protocols \|= PROT_LM1_2X002;
628	} else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
629	protocols \|= PROT_MICROSOFT_NETWORKS_1_03;
630	} else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
631	protocols \|= PROT_MICROSOFT_NETWORKS_3_0;
632	} else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
633	protocols \|= PROT_PC_NETWORK_PROGRAM_1_0;
634	} else if (strcsequal(cliprotos[i], "XENIX CORE")) {
635	protocols \|= PROT_XENIX_CORE;
636	} else if (strcsequal(cliprotos[i], "Samba")) {
637	protocols = PROT_SAMBA;
638	break;
639	} else if (strcsequal(cliprotos[i], "POSIX 2")) {
640	protocols = PROT_POSIX_2;
641	break;
642	}
643	}
644
645	switch ( protocols ) {
646	/* Old CIFSFS can send one arch only, NT LM 0.12. */
647	case PROT_NT_LM_0_12:
648	case ARCH_CIFSFS:
649	set_remote_arch(RA_CIFSFS);
650	break;
651	case ARCH_SAMBA:
652	set_remote_arch(RA_SAMBA);
653	break;
654	case ARCH_WFWG:
655	set_remote_arch(RA_WFWG);
656	break;
657	case ARCH_WIN95:
658	set_remote_arch(RA_WIN95);
659	break;
660	case ARCH_WINNT:
661	set_remote_arch(RA_WINNT);
662	break;
663	case ARCH_WIN2K:
664	set_remote_arch(RA_WIN2K);
665	break;
666	case ARCH_VISTA:
667	set_remote_arch(RA_VISTA);
668	break;
669	case ARCH_OS2:
670	set_remote_arch(RA_OS2);
671	break;
672	case ARCH_OSX:
673	set_remote_arch(RA_OSX);
674	break;
675	default:
676	set_remote_arch(RA_UNKNOWN);
677	break;
678	}
679
680	/* possibly reload - change of architecture */
681	reload_services(sconn, conn_snum_used, true);
682
683	/* moved from the netbios session setup code since we don't have that
684	when the client connects to port 445. Of course there is a small
685	window where we are listening to messages -- jerry */
686
687	serverid_register(messaging_server_id(sconn->msg_ctx),
688	FLAG_MSG_GENERAL\|FLAG_MSG_SMBD
689	\|FLAG_MSG_PRINT_GENERAL);
690
691	/* Check for protocols, most desirable first */
692	for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
693	i = 0;
694	if ((supported_protocols[protocol].protocol_level <= lp_server_max_protocol()) &&
695	(supported_protocols[protocol].protocol_level >= lp_server_min_protocol()))
696	while (i < num_cliprotos) {
697	if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
698	choice = i;
699	chosen_level = supported_protocols[protocol].protocol_level;
700	}
701	i++;
702	}
703	if(choice != -1)
704	break;
705	}
706
707	if(choice != -1) {
708	fstrcpy(remote_proto,supported_protocols[protocol].short_name);
709	reload_services(sconn, conn_snum_used, true);
710	supported_protocols[protocol].proto_reply_fn(req, choice);
711	DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
712	} else {
713	DEBUG(0,("No protocol supported !\n"));
714	reply_outbuf(req, 1, 0);
715	SSVAL(req->outbuf, smb_vwv0, choice);
716	}
717
718	DEBUG( 5, ( "negprot index=%d\n", choice ) );
719
720	/* We always have xconn->smb1.signing_state also for >= SMB2_02 */
721	signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
722	if (signing_required && (chosen_level < PROTOCOL_NT1)) {
723	exit_server_cleanly("SMB signing is required and "
724	"client negotiated a downlevel protocol");
725	}
726
727	TALLOC_FREE(cliprotos);
728
729	if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
730	!fork_echo_handler(xconn)) {
731	exit_server("Failed to fork echo handler");
732	}
733
734	END_PROFILE(SMBnegprot);
735	return;
736	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/current/source3/smbd/negprot.c

Download in other formats: