Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Copyright (C) Andrew Tridgell 2005
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 : /*
20 : a composite API for making handling a generic async session setup
21 : */
22 :
23 : #include "includes.h"
24 : #include <tevent.h>
25 : #include "libcli/raw/libcliraw.h"
26 : #include "libcli/raw/raw_proto.h"
27 : #include "libcli/composite/composite.h"
28 : #include "libcli/smb_composite/smb_composite.h"
29 : #include "libcli/auth/libcli_auth.h"
30 : #include "auth/auth.h"
31 : #include "auth/gensec/gensec.h"
32 : #include "auth/credentials/credentials.h"
33 : #include "version.h"
34 : #include "param/param.h"
35 : #include "libcli/smb/smbXcli_base.h"
36 :
37 : struct sesssetup_state {
38 : struct smbcli_session *session;
39 : union smb_sesssetup setup;
40 : const char *chosen_oid;
41 : NTSTATUS remote_status;
42 : NTSTATUS gensec_status;
43 : struct smb_composite_sesssetup *io;
44 : struct smbcli_request *req;
45 : struct smbcli_request *check_req;
46 : unsigned int logon_retries;
47 : };
48 :
49 3617 : static int sesssetup_state_destructor(struct sesssetup_state *state)
50 : {
51 3617 : if (state->req) {
52 0 : talloc_free(state->req);
53 0 : state->req = NULL;
54 : }
55 :
56 3617 : return 0;
57 : }
58 :
59 : static NTSTATUS session_setup_old(struct composite_context *c,
60 : struct smbcli_session *session,
61 : struct smb_composite_sesssetup *io,
62 : struct smbcli_request **req);
63 : static NTSTATUS session_setup_nt1(struct composite_context *c,
64 : struct smbcli_session *session,
65 : struct smb_composite_sesssetup *io,
66 : struct smbcli_request **req);
67 : static NTSTATUS session_setup_spnego_restart(struct composite_context *c,
68 : struct smbcli_session *session,
69 : struct smb_composite_sesssetup *io);
70 : static NTSTATUS session_setup_spnego(struct composite_context *c,
71 : struct smbcli_session *session,
72 : struct smb_composite_sesssetup *io,
73 : struct smbcli_request **req);
74 : static void smb_composite_sesssetup_spnego_done1(struct tevent_req *subreq);
75 : static void smb_composite_sesssetup_spnego_done2(struct tevent_req *subreq);
76 :
77 :
78 : /*
79 : handler for completion of a smbcli_request sub-request
80 : */
81 5708 : static void request_handler(struct smbcli_request *req)
82 : {
83 5708 : struct composite_context *c = (struct composite_context *)req->async.private_data;
84 5708 : struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
85 5708 : struct smbcli_session *session = req->session;
86 5708 : DATA_BLOB null_data_blob = data_blob(NULL, 0);
87 : NTSTATUS session_key_err, nt_status;
88 5708 : struct smbcli_request *check_req = NULL;
89 5708 : const char *os = NULL;
90 5708 : const char *lanman = NULL;
91 :
92 5708 : if (req->sign_caller_checks) {
93 5423 : req->do_not_free = true;
94 5423 : check_req = req;
95 : }
96 :
97 5708 : state->remote_status = smb_raw_sesssetup_recv(req, state, &state->setup);
98 5708 : c->status = state->remote_status;
99 5708 : state->req = NULL;
100 :
101 : /*
102 : * we only need to check the signature if the
103 : * NT_STATUS_OK is returned
104 : */
105 5708 : if (!NT_STATUS_IS_OK(state->remote_status)) {
106 2863 : talloc_free(check_req);
107 2863 : check_req = NULL;
108 : }
109 :
110 5708 : switch (state->setup.old.level) {
111 4 : case RAW_SESSSETUP_OLD:
112 4 : state->io->out.vuid = state->setup.old.out.vuid;
113 : /* This doesn't work, as this only happens on old
114 : * protocols, where this comparison won't match. */
115 4 : if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
116 : /* we neet to reset the vuid for a new try */
117 0 : session->vuid = 0;
118 0 : if (cli_credentials_wrong_password(state->io->in.credentials)) {
119 0 : nt_status = session_setup_old(c, session,
120 : state->io,
121 : &state->req);
122 0 : if (NT_STATUS_IS_OK(nt_status)) {
123 0 : talloc_free(check_req);
124 0 : c->status = nt_status;
125 0 : composite_continue_smb(c, state->req, request_handler, c);
126 0 : return;
127 : }
128 : }
129 : }
130 4 : if (!NT_STATUS_IS_OK(c->status)) {
131 0 : composite_error(c, c->status);
132 0 : return;
133 : }
134 4 : os = state->setup.old.out.os;
135 4 : lanman = state->setup.old.out.lanman;
136 9 : break;
137 :
138 19 : case RAW_SESSSETUP_NT1:
139 19 : state->io->out.vuid = state->setup.nt1.out.vuid;
140 19 : if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
141 : /* we need to reset the vuid for a new try */
142 0 : session->vuid = 0;
143 0 : if (cli_credentials_wrong_password(state->io->in.credentials)) {
144 0 : nt_status = session_setup_nt1(c, session,
145 : state->io,
146 : &state->req);
147 0 : if (NT_STATUS_IS_OK(nt_status)) {
148 0 : talloc_free(check_req);
149 0 : c->status = nt_status;
150 0 : composite_continue_smb(c, state->req, request_handler, c);
151 0 : return;
152 : }
153 : }
154 : }
155 19 : if (!NT_STATUS_IS_OK(c->status)) {
156 2 : composite_error(c, c->status);
157 2 : return;
158 : }
159 17 : os = state->setup.nt1.out.os;
160 17 : lanman = state->setup.nt1.out.lanman;
161 17 : break;
162 :
163 5685 : case RAW_SESSSETUP_SPNEGO:
164 5685 : state->io->out.vuid = state->setup.spnego.out.vuid;
165 5685 : if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
166 : const char *principal;
167 :
168 : /* we need to reset the vuid for a new try */
169 766 : session->vuid = 0;
170 :
171 766 : principal = gensec_get_target_principal(session->gensec);
172 766 : if (principal == NULL) {
173 766 : const char *hostname = gensec_get_target_hostname(session->gensec);
174 766 : const char *service = gensec_get_target_service(session->gensec);
175 766 : if (hostname != NULL && service != NULL) {
176 766 : principal = talloc_asprintf(state, "%s/%s", service, hostname);
177 : }
178 : }
179 1532 : if (cli_credentials_failed_kerberos_login(state->io->in.credentials, principal, &state->logon_retries) ||
180 766 : cli_credentials_wrong_password(state->io->in.credentials)) {
181 0 : struct tevent_req *subreq = NULL;
182 :
183 0 : nt_status = session_setup_spnego_restart(c, session, state->io);
184 0 : if (!NT_STATUS_IS_OK(nt_status)) {
185 0 : DEBUG(1, ("session_setup_spnego_restart() failed: %s\n",
186 : nt_errstr(nt_status)));
187 0 : c->status = nt_status;
188 0 : composite_error(c, c->status);
189 0 : return;
190 : }
191 :
192 0 : subreq = gensec_update_send(state, c->event_ctx,
193 : session->gensec,
194 : state->setup.spnego.out.secblob);
195 0 : if (composite_nomem(subreq, c)) {
196 0 : return;
197 : }
198 0 : tevent_req_set_callback(subreq,
199 : smb_composite_sesssetup_spnego_done1,
200 : c);
201 0 : return;
202 : }
203 : }
204 5685 : if (GENSEC_UPDATE_IS_NTERROR(c->status)) {
205 769 : composite_error(c, c->status);
206 769 : return;
207 : }
208 4916 : if (NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
209 4916 : struct tevent_req *subreq = NULL;
210 :
211 : /* The status value here, from the earlier pass at GENSEC is
212 : * vital to the security of the system. Even if the other end
213 : * accepts, if GENSEC claims 'MORE_PROCESSING_REQUIRED' then
214 : * you must keep feeding it blobs, or else the remote
215 : * host/attacker might avoid mutal authentication
216 : * requirements */
217 :
218 4916 : subreq = gensec_update_send(state, c->event_ctx,
219 : session->gensec,
220 : state->setup.spnego.out.secblob);
221 4916 : if (composite_nomem(subreq, c)) {
222 481 : return;
223 : }
224 4916 : tevent_req_set_callback(subreq,
225 : smb_composite_sesssetup_spnego_done2,
226 : c);
227 4916 : if (NT_STATUS_IS_OK(state->remote_status)) {
228 2824 : state->check_req = check_req;
229 : } else {
230 2092 : TALLOC_FREE(check_req);
231 : }
232 4784 : return;
233 : } else {
234 0 : state->setup.spnego.in.secblob = data_blob(NULL, 0);
235 : }
236 :
237 0 : if (cli_credentials_is_anonymous(state->io->in.credentials)) {
238 : /*
239 : * anonymous => no signing
240 : */
241 0 : } else if (NT_STATUS_IS_OK(state->remote_status)) {
242 : DATA_BLOB session_key;
243 :
244 0 : if (state->setup.spnego.in.secblob.length) {
245 0 : c->status = NT_STATUS_INTERNAL_ERROR;
246 0 : composite_error(c, c->status);
247 0 : return;
248 : }
249 0 : session_key_err = gensec_session_key(session->gensec, session, &session_key);
250 0 : if (NT_STATUS_IS_OK(session_key_err)) {
251 0 : smb1cli_conn_activate_signing(session->transport->conn,
252 : session_key,
253 : null_data_blob);
254 : }
255 :
256 0 : c->status = smb1cli_session_set_session_key(session->smbXcli,
257 : session_key);
258 0 : data_blob_free(&session_key);
259 0 : if (!NT_STATUS_IS_OK(c->status)) {
260 0 : composite_error(c, c->status);
261 0 : return;
262 : }
263 : }
264 :
265 0 : os = state->setup.spnego.out.os;
266 0 : lanman = state->setup.spnego.out.lanman;
267 0 : break;
268 :
269 0 : case RAW_SESSSETUP_SMB2:
270 0 : c->status = NT_STATUS_INTERNAL_ERROR;
271 0 : composite_error(c, c->status);
272 0 : return;
273 : }
274 :
275 21 : if (check_req) {
276 : bool ok;
277 :
278 0 : check_req->sign_caller_checks = false;
279 :
280 0 : ok = smb1cli_conn_check_signing(check_req->transport->conn,
281 0 : check_req->in.buffer, 1);
282 0 : TALLOC_FREE(check_req);
283 0 : if (!ok) {
284 0 : c->status = NT_STATUS_ACCESS_DENIED;
285 0 : composite_error(c, c->status);
286 0 : return;
287 : }
288 : }
289 :
290 21 : if (!NT_STATUS_IS_OK(c->status)) {
291 0 : composite_error(c, c->status);
292 0 : return;
293 : }
294 :
295 21 : if (os) {
296 21 : session->os = talloc_strdup(session, os);
297 21 : if (composite_nomem(session->os, c)) return;
298 : } else {
299 0 : session->os = NULL;
300 : }
301 21 : if (lanman) {
302 17 : session->lanman = talloc_strdup(session, lanman);
303 17 : if (composite_nomem(session->lanman, c)) return;
304 : } else {
305 4 : session->lanman = NULL;
306 : }
307 :
308 21 : composite_done(c);
309 : }
310 :
311 :
312 : /*
313 : send a nt1 style session setup
314 : */
315 20 : static NTSTATUS session_setup_nt1(struct composite_context *c,
316 : struct smbcli_session *session,
317 : struct smb_composite_sesssetup *io,
318 : struct smbcli_request **req)
319 : {
320 20 : NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR;
321 20 : struct sesssetup_state *state = talloc_get_type(c->private_data,
322 : struct sesssetup_state);
323 20 : const char *domain = cli_credentials_get_domain(io->in.credentials);
324 :
325 : /*
326 : * domain controllers tend to reject the NTLM v2 blob
327 : * if the netbiosname is not valid (e.g. IP address or FQDN)
328 : * so just leave it away (as Windows client do)
329 : */
330 20 : DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
331 :
332 20 : DATA_BLOB session_key = data_blob(NULL, 0);
333 20 : int flags = CLI_CRED_NTLM_AUTH;
334 :
335 20 : if (session->options.lanman_auth) {
336 20 : flags |= CLI_CRED_LANMAN_AUTH;
337 : }
338 :
339 20 : if (session->options.ntlmv2_auth) {
340 10 : flags |= CLI_CRED_NTLMv2_AUTH;
341 : }
342 :
343 20 : state->setup.nt1.level = RAW_SESSSETUP_NT1;
344 20 : state->setup.nt1.in.bufsize = session->transport->options.max_xmit;
345 20 : state->setup.nt1.in.mpx_max = session->transport->options.max_mux;
346 20 : state->setup.nt1.in.vc_num = 1;
347 20 : state->setup.nt1.in.sesskey = io->in.sesskey;
348 20 : state->setup.nt1.in.capabilities = io->in.capabilities;
349 20 : state->setup.nt1.in.os = "Unix";
350 20 : state->setup.nt1.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
351 :
352 20 : cli_credentials_get_ntlm_username_domain(io->in.credentials, state,
353 : &state->setup.nt1.in.user,
354 : &state->setup.nt1.in.domain);
355 :
356 :
357 20 : if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
358 20 : if (!cli_credentials_is_anonymous(io->in.credentials) &&
359 9 : session->options.ntlmv2_auth &&
360 9 : session->transport->options.use_spnego)
361 : {
362 : /*
363 : * Don't send an NTLMv2_RESPONSE without NTLMSSP
364 : * if we want to use spnego
365 : */
366 1 : return NT_STATUS_INVALID_PARAMETER;
367 : }
368 :
369 32 : nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state,
370 : &flags,
371 19 : session->transport->negotiate.secblob,
372 : NULL, /* server_timestamp */
373 : names_blob,
374 : &state->setup.nt1.in.password1,
375 : &state->setup.nt1.in.password2,
376 : NULL, &session_key);
377 19 : NT_STATUS_NOT_OK_RETURN(nt_status);
378 0 : } else if (session->options.plaintext_auth) {
379 0 : const char *password = cli_credentials_get_password(io->in.credentials);
380 0 : state->setup.nt1.in.password1 = data_blob_talloc(state, password, strlen(password));
381 0 : state->setup.nt1.in.password2 = data_blob(NULL, 0);
382 : } else {
383 : /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */
384 0 : return NT_STATUS_INVALID_PARAMETER;
385 : }
386 :
387 19 : *req = smb_raw_sesssetup_send(session, &state->setup);
388 19 : if (!*req) {
389 0 : return NT_STATUS_NO_MEMORY;
390 : }
391 :
392 19 : if (!NT_STATUS_IS_OK(nt_status)) {
393 : /*
394 : * plain text => no signing
395 : */
396 0 : return (*req)->status;
397 : }
398 :
399 19 : if (cli_credentials_is_anonymous(io->in.credentials)) {
400 : /*
401 : * anonymous => no signing
402 : */
403 1 : return (*req)->status;
404 : }
405 :
406 18 : smb1cli_conn_activate_signing(session->transport->conn,
407 : session_key,
408 : state->setup.nt1.in.password2);
409 :
410 18 : nt_status = smb1cli_session_set_session_key(session->smbXcli,
411 : session_key);
412 18 : data_blob_free(&session_key);
413 18 : if (!NT_STATUS_IS_OK(nt_status)) {
414 0 : return nt_status;
415 : }
416 :
417 18 : return (*req)->status;
418 : }
419 :
420 :
421 : /*
422 : old style session setup (pre NT1 protocol level)
423 : */
424 4 : static NTSTATUS session_setup_old(struct composite_context *c,
425 : struct smbcli_session *session,
426 : struct smb_composite_sesssetup *io,
427 : struct smbcli_request **req)
428 : {
429 : NTSTATUS nt_status;
430 4 : struct sesssetup_state *state = talloc_get_type(c->private_data,
431 : struct sesssetup_state);
432 4 : const char *password = cli_credentials_get_password(io->in.credentials);
433 :
434 : /*
435 : * domain controllers tend to reject the NTLM v2 blob
436 : * if the netbiosname is not valid (e.g. IP address or FQDN)
437 : * so just leave it away (as Windows client do)
438 : */
439 : DATA_BLOB session_key;
440 :
441 4 : state->setup.old.level = RAW_SESSSETUP_OLD;
442 4 : state->setup.old.in.bufsize = session->transport->options.max_xmit;
443 4 : state->setup.old.in.mpx_max = session->transport->options.max_mux;
444 4 : state->setup.old.in.vc_num = 1;
445 4 : state->setup.old.in.sesskey = io->in.sesskey;
446 4 : state->setup.old.in.os = "Unix";
447 4 : state->setup.old.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
448 4 : cli_credentials_get_ntlm_username_domain(io->in.credentials, state,
449 : &state->setup.old.in.user,
450 : &state->setup.old.in.domain);
451 :
452 4 : if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
453 4 : DATA_BLOB names_blob = data_blob_null;
454 4 : int flags = 0;
455 :
456 6 : if (!cli_credentials_is_anonymous(io->in.credentials) &&
457 4 : !session->options.lanman_auth)
458 : {
459 0 : return NT_STATUS_INVALID_PARAMETER;
460 : }
461 :
462 4 : flags |= CLI_CRED_LANMAN_AUTH;
463 :
464 6 : nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state,
465 : &flags,
466 4 : session->transport->negotiate.secblob,
467 : NULL, /* server_timestamp */
468 : names_blob,
469 : &state->setup.old.in.password,
470 : NULL,
471 : NULL, &session_key);
472 4 : NT_STATUS_NOT_OK_RETURN(nt_status);
473 :
474 4 : nt_status = smb1cli_session_set_session_key(session->smbXcli,
475 : session_key);
476 4 : data_blob_free(&session_key);
477 4 : if (!NT_STATUS_IS_OK(nt_status)) {
478 0 : return nt_status;
479 : }
480 0 : } else if (session->options.plaintext_auth) {
481 0 : state->setup.old.in.password = data_blob_talloc(state, password, strlen(password));
482 : } else {
483 : /* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */
484 0 : return NT_STATUS_INVALID_PARAMETER;
485 : }
486 :
487 4 : *req = smb_raw_sesssetup_send(session, &state->setup);
488 4 : if (!*req) {
489 0 : return NT_STATUS_NO_MEMORY;
490 : }
491 4 : return (*req)->status;
492 : }
493 :
494 3593 : static NTSTATUS session_setup_spnego_restart(struct composite_context *c,
495 : struct smbcli_session *session,
496 : struct smb_composite_sesssetup *io)
497 : {
498 3593 : struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
499 : NTSTATUS status;
500 :
501 3593 : status = gensec_client_start(session, &session->gensec,
502 : io->in.gensec_settings);
503 3593 : if (!NT_STATUS_IS_OK(status)) {
504 0 : DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
505 0 : return status;
506 : }
507 :
508 3593 : gensec_want_feature(session->gensec, GENSEC_FEATURE_SESSION_KEY);
509 :
510 3593 : status = gensec_set_credentials(session->gensec, io->in.credentials);
511 3593 : if (!NT_STATUS_IS_OK(status)) {
512 0 : DEBUG(1, ("Failed to start set GENSEC client credentials: %s\n",
513 : nt_errstr(status)));
514 0 : return status;
515 : }
516 :
517 3593 : status = gensec_set_target_hostname(session->gensec,
518 3593 : smbXcli_conn_remote_name(session->transport->conn));
519 3593 : if (!NT_STATUS_IS_OK(status)) {
520 0 : DEBUG(1, ("Failed to start set GENSEC target hostname: %s\n",
521 : nt_errstr(status)));
522 0 : return status;
523 : }
524 :
525 3593 : status = gensec_set_target_service(session->gensec, "cifs");
526 3593 : if (!NT_STATUS_IS_OK(status)) {
527 0 : DEBUG(1, ("Failed to start set GENSEC target service: %s\n",
528 : nt_errstr(status)));
529 0 : return status;
530 : }
531 :
532 3593 : state->setup.spnego.out.secblob =
533 3593 : session->transport->negotiate.secblob;
534 3593 : if (session->transport->negotiate.secblob.length) {
535 3593 : state->chosen_oid = GENSEC_OID_SPNEGO;
536 3593 : status = gensec_start_mech_by_oid(session->gensec,
537 : state->chosen_oid);
538 3593 : if (!NT_STATUS_IS_OK(status)) {
539 0 : DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
540 : gensec_get_name_by_oid(session->gensec,
541 : state->chosen_oid),
542 : nt_errstr(status)));
543 0 : state->setup.spnego.out.secblob = data_blob_null;
544 0 : state->chosen_oid = GENSEC_OID_NTLMSSP;
545 0 : status = gensec_start_mech_by_oid(session->gensec,
546 : state->chosen_oid);
547 0 : if (!NT_STATUS_IS_OK(status)) {
548 0 : DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
549 : gensec_get_name_by_oid(session->gensec,
550 : state->chosen_oid),
551 : nt_errstr(status)));
552 0 : return status;
553 : }
554 : }
555 : } else {
556 : /* without a sec blob, means raw NTLMSSP */
557 0 : state->chosen_oid = GENSEC_OID_NTLMSSP;
558 0 : status = gensec_start_mech_by_oid(session->gensec,
559 : state->chosen_oid);
560 0 : if (!NT_STATUS_IS_OK(status)) {
561 0 : DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
562 : gensec_get_name_by_oid(session->gensec,
563 : state->chosen_oid),
564 : nt_errstr(status)));
565 0 : return status;
566 : }
567 : }
568 :
569 3593 : state->gensec_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
570 3593 : state->remote_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
571 3593 : return NT_STATUS_OK;
572 : }
573 :
574 : /*
575 : Modern, all singing, all dancing extended security (and possibly SPNEGO) request
576 : */
577 3593 : static NTSTATUS session_setup_spnego(struct composite_context *c,
578 : struct smbcli_session *session,
579 : struct smb_composite_sesssetup *io,
580 : struct smbcli_request **req)
581 : {
582 3593 : struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
583 :
584 3593 : state->setup.spnego.level = RAW_SESSSETUP_SPNEGO;
585 3593 : state->setup.spnego.in.bufsize = session->transport->options.max_xmit;
586 3593 : state->setup.spnego.in.mpx_max = session->transport->options.max_mux;
587 3593 : state->setup.spnego.in.vc_num = 1;
588 3593 : state->setup.spnego.in.sesskey = io->in.sesskey;
589 3593 : state->setup.spnego.in.capabilities = io->in.capabilities;
590 3593 : state->setup.spnego.in.os = "Unix";
591 3593 : state->setup.spnego.in.lanman = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
592 3593 : state->setup.spnego.in.workgroup = io->in.workgroup;
593 :
594 3593 : *req = smb_raw_sesssetup_send(session, &state->setup);
595 3593 : if (!*req) {
596 0 : return NT_STATUS_NO_MEMORY;
597 : }
598 :
599 : /*
600 : * we need to check the signature ourself
601 : * as the session key might be the acceptor subkey
602 : * which comes within the response itself
603 : */
604 3593 : if (!smb1cli_conn_signing_is_active((*req)->transport->conn)) {
605 3443 : (*req)->sign_caller_checks = true;
606 : }
607 :
608 3593 : return (*req)->status;
609 : }
610 :
611 :
612 : /*
613 : composite session setup function that hides the details of all the
614 : different session setup varients, including the multi-pass nature of
615 : the spnego varient
616 : */
617 3619 : struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *session,
618 : struct smb_composite_sesssetup *io)
619 : {
620 : struct composite_context *c;
621 : struct sesssetup_state *state;
622 : NTSTATUS status;
623 3212 : enum smb_encryption_setting encryption_state =
624 3619 : cli_credentials_get_smb_encryption(io->in.credentials);
625 :
626 3619 : c = composite_create(session, session->transport->ev);
627 3619 : if (c == NULL) return NULL;
628 :
629 3619 : if (encryption_state > SMB_ENCRYPTION_DESIRED) {
630 2 : composite_error(c, NT_STATUS_PROTOCOL_NOT_SUPPORTED);
631 2 : return c;
632 : }
633 :
634 3617 : state = talloc_zero(c, struct sesssetup_state);
635 3617 : if (composite_nomem(state, c)) return c;
636 3617 : c->private_data = state;
637 :
638 3617 : state->session = session;
639 3617 : state->io = io;
640 :
641 3617 : talloc_set_destructor(state, sesssetup_state_destructor);
642 :
643 : /* no session setup at all in earliest protocol varients */
644 3617 : if (session->transport->negotiate.protocol < PROTOCOL_LANMAN1) {
645 0 : ZERO_STRUCT(io->out);
646 0 : composite_done(c);
647 0 : return c;
648 : }
649 :
650 : /* see what session setup interface we will use */
651 3617 : if (session->transport->negotiate.protocol < PROTOCOL_NT1) {
652 4 : status = session_setup_old(c, session, io, &state->req);
653 6809 : } else if (!session->transport->options.use_spnego ||
654 3595 : !(io->in.capabilities & CAP_EXTENDED_SECURITY)) {
655 20 : status = session_setup_nt1(c, session, io, &state->req);
656 : } else {
657 3593 : struct tevent_req *subreq = NULL;
658 :
659 3593 : status = session_setup_spnego_restart(c, session, io);
660 3593 : if (!NT_STATUS_IS_OK(status)) {
661 0 : DEBUG(1, ("session_setup_spnego_restart() failed: %s\n",
662 : nt_errstr(status)));
663 0 : c->status = status;
664 0 : composite_error(c, c->status);
665 0 : return c;
666 : }
667 :
668 3593 : subreq = gensec_update_send(state, c->event_ctx,
669 : session->gensec,
670 : state->setup.spnego.out.secblob);
671 3593 : if (composite_nomem(subreq, c)) {
672 0 : return c;
673 : }
674 3593 : tevent_req_set_callback(subreq,
675 : smb_composite_sesssetup_spnego_done1,
676 : c);
677 3593 : return c;
678 : }
679 :
680 40 : if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
681 24 : NT_STATUS_IS_OK(status)) {
682 23 : composite_continue_smb(c, state->req, request_handler, c);
683 23 : return c;
684 : }
685 :
686 1 : composite_error(c, status);
687 1 : return c;
688 : }
689 :
690 3593 : static void smb_composite_sesssetup_spnego_done1(struct tevent_req *subreq)
691 : {
692 3194 : struct composite_context *c =
693 3593 : tevent_req_callback_data(subreq,
694 : struct composite_context);
695 3194 : struct sesssetup_state *state =
696 3593 : talloc_get_type_abort(c->private_data,
697 : struct sesssetup_state);
698 : NTSTATUS status;
699 :
700 3593 : status = gensec_update_recv(subreq, state,
701 : &state->setup.spnego.in.secblob);
702 3593 : TALLOC_FREE(subreq);
703 3593 : if (GENSEC_UPDATE_IS_NTERROR(status)) {
704 0 : DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n",
705 : gensec_get_name_by_oid(state->session->gensec,
706 : state->chosen_oid),
707 : nt_errstr(status)));
708 0 : c->status = status;
709 0 : composite_error(c, c->status);
710 0 : return;
711 : }
712 3593 : state->gensec_status = status;
713 :
714 3593 : status = session_setup_spnego(c, state->session, state->io, &state->req);
715 3593 : if (!NT_STATUS_IS_OK(status)) {
716 0 : c->status = status;
717 0 : composite_error(c, c->status);
718 0 : return;
719 : }
720 :
721 3593 : composite_continue_smb(c, state->req, request_handler, c);
722 : }
723 :
724 4916 : static void smb_composite_sesssetup_spnego_done2(struct tevent_req *subreq)
725 : {
726 4435 : struct composite_context *c =
727 4916 : tevent_req_callback_data(subreq,
728 : struct composite_context);
729 4435 : struct sesssetup_state *state =
730 4916 : talloc_get_type_abort(c->private_data,
731 : struct sesssetup_state);
732 4916 : struct smbcli_session *session = state->session;
733 : NTSTATUS status;
734 4916 : const char *os = NULL;
735 4916 : const char *lanman = NULL;
736 :
737 4916 : status = gensec_update_recv(subreq, state,
738 : &state->setup.spnego.in.secblob);
739 4916 : TALLOC_FREE(subreq);
740 4916 : if (GENSEC_UPDATE_IS_NTERROR(status)) {
741 0 : DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n",
742 : gensec_get_name_by_oid(state->session->gensec,
743 : state->chosen_oid),
744 : nt_errstr(status)));
745 0 : c->status = status;
746 0 : composite_error(c, c->status);
747 0 : return;
748 : }
749 4916 : state->gensec_status = status;
750 :
751 4916 : if (NT_STATUS_IS_OK(state->remote_status)) {
752 2824 : if (state->setup.spnego.in.secblob.length) {
753 0 : c->status = NT_STATUS_INTERNAL_ERROR;
754 0 : composite_error(c, c->status);
755 0 : return;
756 : }
757 : }
758 :
759 4916 : if (state->setup.spnego.in.secblob.length) {
760 : /*
761 : * set the session->vuid value only for calling
762 : * smb_raw_sesssetup_send()
763 : */
764 2092 : uint16_t vuid = session->vuid;
765 2092 : session->vuid = state->io->out.vuid;
766 2092 : state->req = smb_raw_sesssetup_send(session, &state->setup);
767 2092 : session->vuid = vuid;
768 4066 : if (state->req &&
769 2092 : !smb1cli_conn_signing_is_active(state->req->transport->conn)) {
770 1980 : state->req->sign_caller_checks = true;
771 : }
772 2092 : composite_continue_smb(c, state->req, request_handler, c);
773 2092 : return;
774 : }
775 :
776 2824 : if (cli_credentials_is_anonymous(state->io->in.credentials)) {
777 : /*
778 : * anonymous => no signing
779 : */
780 2779 : } else if (NT_STATUS_IS_OK(state->remote_status)) {
781 : NTSTATUS session_key_err;
782 : DATA_BLOB session_key;
783 :
784 2779 : session_key_err = gensec_session_key(session->gensec, session, &session_key);
785 2779 : if (NT_STATUS_IS_OK(session_key_err)) {
786 2779 : smb1cli_conn_activate_signing(session->transport->conn,
787 : session_key,
788 : data_blob_null);
789 : }
790 :
791 2779 : c->status = smb1cli_session_set_session_key(session->smbXcli,
792 : session_key);
793 2779 : data_blob_free(&session_key);
794 2779 : if (!NT_STATUS_IS_OK(c->status)) {
795 0 : composite_error(c, c->status);
796 0 : return;
797 : }
798 : }
799 :
800 2824 : os = state->setup.spnego.out.os;
801 2824 : lanman = state->setup.spnego.out.lanman;
802 :
803 2824 : if (state->check_req) {
804 2762 : struct smbcli_request *check_req = state->check_req;
805 : bool ok;
806 :
807 2762 : check_req->sign_caller_checks = false;
808 :
809 2762 : ok = smb1cli_conn_check_signing(check_req->transport->conn,
810 2762 : check_req->in.buffer, 1);
811 2762 : TALLOC_FREE(check_req);
812 2762 : if (!ok) {
813 0 : c->status = NT_STATUS_ACCESS_DENIED;
814 0 : composite_error(c, c->status);
815 0 : return;
816 : }
817 : }
818 :
819 2824 : if (os) {
820 2824 : session->os = talloc_strdup(session, os);
821 2824 : if (composite_nomem(session->os, c)) return;
822 : } else {
823 0 : session->os = NULL;
824 : }
825 2824 : if (lanman) {
826 2824 : session->lanman = talloc_strdup(session, lanman);
827 2824 : if (composite_nomem(session->lanman, c)) return;
828 : } else {
829 0 : session->lanman = NULL;
830 : }
831 :
832 2824 : composite_done(c);
833 : }
834 :
835 : /*
836 : receive a composite session setup reply
837 : */
838 3617 : NTSTATUS smb_composite_sesssetup_recv(struct composite_context *c)
839 : {
840 : NTSTATUS status;
841 3617 : status = composite_wait(c);
842 3617 : talloc_free(c);
843 3617 : return status;
844 : }
845 :
846 : /*
847 : sync version of smb_composite_sesssetup
848 : */
849 836 : NTSTATUS smb_composite_sesssetup(struct smbcli_session *session, struct smb_composite_sesssetup *io)
850 : {
851 836 : struct composite_context *c = smb_composite_sesssetup_send(session, io);
852 836 : return smb_composite_sesssetup_recv(c);
853 : }
|