Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : negprot reply code
4 : Copyright (C) Andrew Tridgell 1992-1998
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "system/filesys.h"
22 : #include "auth/credentials/credentials.h"
23 : #include "auth/gensec/gensec.h"
24 : #include "auth/auth.h"
25 : #include "smb_server/smb_server.h"
26 : #include "libcli/smb2/smb2.h"
27 : #include "smb_server/smb2/smb2_server.h"
28 : #include "samba/service_stream.h"
29 : #include "lib/stream/packet.h"
30 : #include "param/param.h"
31 :
32 :
33 : /* initialise the auth_context for this server and return the cryptkey */
34 19 : static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8])
35 : {
36 : NTSTATUS nt_status;
37 :
38 : /* muliple negprots are not premitted */
39 19 : if (smb_conn->negotiate.auth_context) {
40 0 : DEBUG(3,("get challenge: is this a secondary negprot? auth_context is non-NULL!\n"));
41 0 : return NT_STATUS_FOOBAR;
42 : }
43 :
44 19 : DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
45 :
46 45 : nt_status = auth_context_create(smb_conn,
47 19 : smb_conn->connection->event.ctx,
48 19 : smb_conn->connection->msg_ctx,
49 : smb_conn->lp_ctx,
50 : &smb_conn->negotiate.auth_context);
51 19 : if (!NT_STATUS_IS_OK(nt_status)) {
52 0 : DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status)));
53 0 : return nt_status;
54 : }
55 :
56 19 : nt_status = auth_get_challenge(smb_conn->negotiate.auth_context, buff);
57 19 : if (!NT_STATUS_IS_OK(nt_status)) {
58 0 : DEBUG(0, ("auth_get_challenge() returned %s", nt_errstr(nt_status)));
59 0 : return nt_status;
60 : }
61 :
62 19 : return NT_STATUS_OK;
63 : }
64 :
65 : /****************************************************************************
66 : Reply for the core protocol.
67 : ****************************************************************************/
68 0 : static void reply_corep(struct smbsrv_request *req, uint16_t choice)
69 : {
70 0 : smbsrv_setup_reply(req, 1, 0);
71 :
72 0 : SSVAL(req->out.vwv, VWV(0), choice);
73 :
74 0 : req->smb_conn->negotiate.protocol = PROTOCOL_CORE;
75 :
76 0 : if (req->smb_conn->signing.mandatory_signing) {
77 0 : smbsrv_terminate_connection(req->smb_conn,
78 : "CORE does not support SMB signing, and it is mandatory\n");
79 0 : return;
80 : }
81 :
82 0 : smbsrv_send_reply(req);
83 : }
84 :
85 : /****************************************************************************
86 : Reply for the coreplus protocol.
87 : this is quite incomplete - we only fill in a small part of the reply, but as nobody uses
88 : this any more it probably doesn't matter
89 : ****************************************************************************/
90 0 : static void reply_coreplus(struct smbsrv_request *req, uint16_t choice)
91 : {
92 : uint16_t raw;
93 0 : if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
94 0 : raw = 0;
95 : } else {
96 0 : raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
97 0 : (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
98 : }
99 :
100 0 : smbsrv_setup_reply(req, 13, 0);
101 :
102 : /* Reply, SMBlockread, SMBwritelock supported. */
103 0 : SCVAL(req->out.hdr,HDR_FLG,
104 : CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
105 :
106 0 : SSVAL(req->out.vwv, VWV(0), choice);
107 0 : SSVAL(req->out.vwv, VWV(1), 0x1); /* user level security, don't encrypt */
108 :
109 : /* tell redirector we support
110 : readbraw and writebraw (possibly) */
111 0 : SSVAL(req->out.vwv, VWV(5), raw);
112 :
113 0 : req->smb_conn->negotiate.protocol = PROTOCOL_COREPLUS;
114 :
115 0 : if (req->smb_conn->signing.mandatory_signing) {
116 0 : smbsrv_terminate_connection(req->smb_conn,
117 : "COREPLUS does not support SMB signing, and it is mandatory\n");
118 0 : return;
119 : }
120 :
121 0 : smbsrv_send_reply(req);
122 : }
123 :
124 : /****************************************************************************
125 : Reply for the lanman 1.0 protocol.
126 : ****************************************************************************/
127 2 : static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
128 : {
129 2 : int secword=0;
130 2 : time_t t = req->request_time.tv_sec;
131 : uint16_t raw;
132 :
133 2 : if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
134 0 : raw = 0;
135 : } else {
136 4 : raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
137 2 : (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
138 : }
139 :
140 2 : req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
141 :
142 2 : if (req->smb_conn->negotiate.encrypted_passwords)
143 2 : secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
144 :
145 2 : req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN1;
146 :
147 2 : smbsrv_setup_reply(req, 13, req->smb_conn->negotiate.encrypted_passwords ? 8 : 0);
148 :
149 : /* SMBlockread, SMBwritelock supported. */
150 2 : SCVAL(req->out.hdr,HDR_FLG,
151 : CVAL(req->out.hdr, HDR_FLG) | FLAG_SUPPORT_LOCKREAD);
152 :
153 2 : SSVAL(req->out.vwv, VWV(0), choice);
154 2 : SSVAL(req->out.vwv, VWV(1), secword);
155 2 : SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
156 2 : SSVAL(req->out.vwv, VWV(3), lpcfg_max_mux(req->smb_conn->lp_ctx));
157 2 : SSVAL(req->out.vwv, VWV(4), 1);
158 2 : SSVAL(req->out.vwv, VWV(5), raw);
159 2 : SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.pid);
160 2 : srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
161 2 : SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
162 2 : SIVAL(req->out.vwv, VWV(11), 0); /* reserved */
163 :
164 : /* Create a token value and add it to the outgoing packet. */
165 2 : if (req->smb_conn->negotiate.encrypted_passwords) {
166 : NTSTATUS nt_status;
167 :
168 2 : SSVAL(req->out.vwv, VWV(11), 8);
169 :
170 2 : nt_status = get_challenge(req->smb_conn, req->out.data);
171 2 : if (!NT_STATUS_IS_OK(nt_status)) {
172 0 : smbsrv_terminate_connection(req->smb_conn, "LANMAN1 get_challenge failed\n");
173 0 : return;
174 : }
175 : }
176 :
177 2 : if (req->smb_conn->signing.mandatory_signing) {
178 0 : smbsrv_terminate_connection(req->smb_conn,
179 : "LANMAN1 does not support SMB signing, and it is mandatory\n");
180 0 : return;
181 : }
182 :
183 2 : smbsrv_send_reply(req);
184 : }
185 :
186 : /****************************************************************************
187 : Reply for the lanman 2.0 protocol.
188 : ****************************************************************************/
189 2 : static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
190 : {
191 2 : int secword=0;
192 2 : time_t t = req->request_time.tv_sec;
193 : uint16_t raw;
194 2 : if (lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx)) {
195 0 : raw = 0;
196 : } else {
197 4 : raw = (lpcfg_read_raw(req->smb_conn->lp_ctx)?1:0) |
198 2 : (lpcfg_write_raw(req->smb_conn->lp_ctx)?2:0);
199 : }
200 :
201 2 : req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
202 :
203 2 : if (req->smb_conn->negotiate.encrypted_passwords)
204 2 : secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
205 :
206 2 : req->smb_conn->negotiate.protocol = PROTOCOL_LANMAN2;
207 :
208 2 : smbsrv_setup_reply(req, 13, 0);
209 :
210 2 : SSVAL(req->out.vwv, VWV(0), choice);
211 2 : SSVAL(req->out.vwv, VWV(1), secword);
212 2 : SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
213 2 : SSVAL(req->out.vwv, VWV(3), lpcfg_max_mux(req->smb_conn->lp_ctx));
214 2 : SSVAL(req->out.vwv, VWV(4), 1);
215 2 : SSVAL(req->out.vwv, VWV(5), raw);
216 2 : SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.pid);
217 2 : srv_push_dos_date(req->smb_conn, req->out.vwv, VWV(8), t);
218 2 : SSVAL(req->out.vwv, VWV(10), req->smb_conn->negotiate.zone_offset/60);
219 2 : SIVAL(req->out.vwv, VWV(11), 0);
220 :
221 : /* Create a token value and add it to the outgoing packet. */
222 2 : if (req->smb_conn->negotiate.encrypted_passwords) {
223 2 : SSVAL(req->out.vwv, VWV(11), 8);
224 2 : req_grow_data(req, 8);
225 2 : get_challenge(req->smb_conn, req->out.data);
226 : }
227 :
228 2 : req_push_str(req, NULL, lpcfg_workgroup(req->smb_conn->lp_ctx), -1, STR_TERMINATE);
229 :
230 2 : if (req->smb_conn->signing.mandatory_signing) {
231 0 : smbsrv_terminate_connection(req->smb_conn,
232 : "LANMAN2 does not support SMB signing, and it is mandatory\n");
233 0 : return;
234 : }
235 :
236 2 : smbsrv_send_reply(req);
237 : }
238 :
239 15 : static void reply_nt1_orig(struct smbsrv_request *req)
240 : {
241 : /* Create a token value and add it to the outgoing packet. */
242 15 : if (req->smb_conn->negotiate.encrypted_passwords) {
243 15 : req_grow_data(req, 8);
244 : /* note that we do not send a challenge at all if
245 : we are using plaintext */
246 15 : get_challenge(req->smb_conn, req->out.ptr);
247 15 : req->out.ptr += 8;
248 15 : SCVAL(req->out.vwv+1, VWV(16), 8);
249 : }
250 15 : req_push_str(req, NULL, lpcfg_workgroup(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
251 15 : req_push_str(req, NULL, lpcfg_netbios_name(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
252 15 : DEBUG(3,("not using extended security (SPNEGO or NTLMSSP)\n"));
253 15 : }
254 :
255 : /*
256 : try to determine if the filesystem supports large files
257 : */
258 975 : static bool large_file_support(const char *path)
259 : {
260 : int fd;
261 : ssize_t ret;
262 : char c;
263 :
264 975 : fd = open(path, O_RDWR|O_CREAT, 0600);
265 975 : unlink(path);
266 975 : if (fd == -1) {
267 : /* have to assume large files are OK */
268 0 : return true;
269 : }
270 975 : ret = pread(fd, &c, 1, ((uint64_t)1)<<32);
271 975 : close(fd);
272 975 : return ret == 0;
273 : }
274 :
275 : /****************************************************************************
276 : Reply for the nt protocol.
277 : ****************************************************************************/
278 975 : static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
279 : {
280 : /* dual names + lock_and_read + nt SMBs + remote API calls */
281 : int capabilities;
282 975 : int secword=0;
283 975 : time_t t = req->request_time.tv_sec;
284 : NTTIME nttime;
285 975 : bool negotiate_spnego = false;
286 : char *large_test_path;
287 :
288 975 : unix_to_nt_time(&nttime, t);
289 :
290 975 : capabilities =
291 : CAP_NT_FIND | CAP_LOCK_AND_READ |
292 : CAP_LEVEL_II_OPLOCKS | CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
293 :
294 975 : req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypt_passwords(req->smb_conn->lp_ctx);
295 :
296 : /* do spnego in user level security if the client
297 : supports it and we can do encrypted passwords */
298 :
299 1897 : if (req->smb_conn->negotiate.encrypted_passwords &&
300 975 : (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
301 960 : negotiate_spnego = true;
302 960 : capabilities |= CAP_EXTENDED_SECURITY;
303 : }
304 :
305 975 : if (lpcfg_large_readwrite(req->smb_conn->lp_ctx)) {
306 975 : capabilities |= CAP_LARGE_READX | CAP_LARGE_WRITEX | CAP_W2K_SMBS;
307 : }
308 :
309 975 : large_test_path = lpcfg_lock_path(req, req->smb_conn->lp_ctx, "large_test.dat");
310 975 : if (large_file_support(large_test_path)) {
311 975 : capabilities |= CAP_LARGE_FILES;
312 : }
313 :
314 1950 : if (!lpcfg_async_smb_echo_handler(req->smb_conn->lp_ctx) &&
315 1950 : lpcfg_read_raw(req->smb_conn->lp_ctx) &&
316 975 : lpcfg_write_raw(req->smb_conn->lp_ctx)) {
317 975 : capabilities |= CAP_RAW_MODE;
318 : }
319 :
320 : /* allow for disabling unicode */
321 975 : if (lpcfg_unicode(req->smb_conn->lp_ctx)) {
322 975 : capabilities |= CAP_UNICODE;
323 : }
324 :
325 975 : if (lpcfg_nt_status_support(req->smb_conn->lp_ctx)) {
326 975 : capabilities |= CAP_STATUS32;
327 : }
328 :
329 975 : if (lpcfg_host_msdfs(req->smb_conn->lp_ctx)) {
330 867 : capabilities |= CAP_DFS;
331 : }
332 :
333 975 : secword |= NEGOTIATE_SECURITY_USER_LEVEL;
334 :
335 975 : if (req->smb_conn->negotiate.encrypted_passwords) {
336 975 : secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
337 : }
338 :
339 975 : if (req->smb_conn->signing.allow_smb_signing) {
340 973 : secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
341 : }
342 :
343 975 : if (req->smb_conn->signing.mandatory_signing) {
344 867 : secword |= NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
345 : }
346 :
347 975 : req->smb_conn->negotiate.protocol = PROTOCOL_NT1;
348 :
349 975 : smbsrv_setup_reply(req, 17, 0);
350 :
351 975 : SSVAL(req->out.vwv, VWV(0), choice);
352 975 : SCVAL(req->out.vwv, VWV(1), secword);
353 :
354 : /* notice the strange +1 on vwv here? That's because
355 : this is the one and only SMB packet that is malformed in
356 : the specification - all the command words after the secword
357 : are offset by 1 byte */
358 975 : SSVAL(req->out.vwv+1, VWV(1), lpcfg_max_mux(req->smb_conn->lp_ctx));
359 975 : SSVAL(req->out.vwv+1, VWV(2), 1); /* num vcs */
360 975 : SIVAL(req->out.vwv+1, VWV(3), req->smb_conn->negotiate.max_recv);
361 975 : SIVAL(req->out.vwv+1, VWV(5), 0x10000); /* raw size. full 64k */
362 975 : SIVAL(req->out.vwv+1, VWV(7), req->smb_conn->connection->server_id.pid); /* session key */
363 :
364 975 : SIVAL(req->out.vwv+1, VWV(9), capabilities);
365 975 : push_nttime(req->out.vwv+1, VWV(11), nttime);
366 975 : SSVALS(req->out.vwv+1,VWV(15), req->smb_conn->negotiate.zone_offset/60);
367 :
368 975 : if (!negotiate_spnego) {
369 15 : reply_nt1_orig(req);
370 : } else {
371 : struct cli_credentials *server_credentials;
372 : struct gensec_security *gensec_security;
373 960 : DATA_BLOB null_data_blob = data_blob(NULL, 0);
374 960 : DATA_BLOB blob = data_blob_null;
375 : const char *oid;
376 : NTSTATUS nt_status;
377 :
378 911 : server_credentials =
379 960 : cli_credentials_init_server(req, req->smb_conn->lp_ctx);
380 960 : if (server_credentials == NULL) {
381 0 : DBG_DEBUG("Failed to obtain server credentials, "
382 : "perhaps a standalone server?\n");
383 : /*
384 : * Create anon server credentials for for the
385 : * spoolss.notify test.
386 : */
387 0 : server_credentials = cli_credentials_init_anon(req);
388 0 : if (server_credentials == NULL) {
389 0 : smbsrv_terminate_connection(req->smb_conn,
390 : "Failed to init server credentials\n");
391 0 : return;
392 : }
393 : }
394 :
395 2782 : nt_status = samba_server_gensec_start(req,
396 960 : req->smb_conn->connection->event.ctx,
397 960 : req->smb_conn->connection->msg_ctx,
398 960 : req->smb_conn->lp_ctx,
399 : server_credentials,
400 : "cifs",
401 : &gensec_security);
402 :
403 960 : if (!NT_STATUS_IS_OK(nt_status)) {
404 0 : DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
405 0 : smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
406 0 : return;
407 : }
408 :
409 960 : if (req->smb_conn->negotiate.auth_context) {
410 0 : smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
411 0 : return;
412 : }
413 960 : req->smb_conn->negotiate.server_credentials = talloc_reparent(req, req->smb_conn, server_credentials);
414 :
415 960 : oid = GENSEC_OID_SPNEGO;
416 960 : nt_status = gensec_start_mech_by_oid(gensec_security, oid);
417 :
418 960 : if (NT_STATUS_IS_OK(nt_status)) {
419 : /* Get and push the proposed OID list into the packets */
420 960 : nt_status = gensec_update(gensec_security, req,
421 : null_data_blob, &blob);
422 :
423 960 : if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
424 0 : DEBUG(1, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
425 : }
426 : }
427 :
428 960 : if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
429 960 : DEBUG(3,("using SPNEGO\n"));
430 : } else {
431 0 : DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status)));
432 0 : oid = GENSEC_OID_NTLMSSP;
433 0 : nt_status = gensec_start_mech_by_oid(gensec_security, oid);
434 :
435 0 : if (!NT_STATUS_IS_OK(nt_status)) {
436 0 : DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status)));
437 0 : reply_nt1_orig(req);
438 0 : return;
439 : }
440 : /* NTLMSSP is a client-first exchange */
441 0 : blob = data_blob(NULL, 0);
442 0 : DEBUG(3,("using raw-NTLMSSP\n"));
443 : }
444 :
445 960 : req->smb_conn->negotiate.oid = oid;
446 :
447 960 : req_grow_data(req, blob.length + 16);
448 : /* a NOT very random guid, perhaps we should get it
449 : * from the credentials (kitchen sink...) */
450 960 : memset(req->out.ptr, '\0', 16);
451 960 : req->out.ptr += 16;
452 :
453 960 : memcpy(req->out.ptr, blob.data, blob.length);
454 960 : SCVAL(req->out.vwv+1, VWV(16), blob.length + 16);
455 960 : req->out.ptr += blob.length;
456 : }
457 :
458 975 : smbsrv_send_reply_nosign(req);
459 : }
460 :
461 : /****************************************************************************
462 : Reply for the SMB2 2.001 protocol
463 : ****************************************************************************/
464 1338 : static void reply_smb2(struct smbsrv_request *req, uint16_t choice)
465 : {
466 1338 : struct smbsrv_connection *smb_conn = req->smb_conn;
467 : NTSTATUS status;
468 :
469 1338 : talloc_free(smb_conn->sessions.idtree_vuid);
470 1338 : ZERO_STRUCT(smb_conn->sessions);
471 1338 : talloc_free(smb_conn->smb_tcons.idtree_tid);
472 1338 : ZERO_STRUCT(smb_conn->smb_tcons);
473 1338 : ZERO_STRUCT(smb_conn->signing);
474 :
475 : /* reply with a SMB2 packet */
476 1338 : status = smbsrv_init_smb2_connection(smb_conn);
477 1338 : if (!NT_STATUS_IS_OK(status)) {
478 0 : smbsrv_terminate_connection(smb_conn, nt_errstr(status));
479 0 : talloc_free(req);
480 0 : return;
481 : }
482 1338 : packet_set_callback(smb_conn->packet, smbsrv_recv_smb2_request);
483 1338 : smb2srv_reply_smb_negprot(req);
484 1338 : req = NULL;
485 : }
486 :
487 : /* List of supported protocols, most desired first */
488 : static const struct {
489 : const char *proto_name;
490 : const char *short_name;
491 : void (*proto_reply_fn)(struct smbsrv_request *req, uint16_t choice);
492 : int protocol_level;
493 : } supported_protocols[] = {
494 : {"SMB 2.002", "SMB2", reply_smb2, PROTOCOL_SMB2_02},
495 : {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
496 : {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
497 : {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
498 : {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
499 : {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
500 : {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
501 : {"Windows for Workgroups 3.1a", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
502 : {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
503 : {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
504 : {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
505 : {"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE},
506 : {NULL,NULL,NULL,0},
507 : };
508 :
509 : /****************************************************************************
510 : Reply to a negprot.
511 : ****************************************************************************/
512 :
513 2319 : void smbsrv_reply_negprot(struct smbsrv_request *req)
514 : {
515 : int protocol;
516 : uint8_t *p;
517 2319 : uint32_t protos_count = 0;
518 2319 : const char **protos = NULL;
519 :
520 2319 : if (req->smb_conn->negotiate.done_negprot) {
521 2 : smbsrv_terminate_connection(req->smb_conn, "multiple negprot's are not permitted");
522 2 : return;
523 : }
524 2317 : req->smb_conn->negotiate.done_negprot = true;
525 :
526 2317 : p = req->in.data;
527 17342 : while (true) {
528 : size_t len;
529 :
530 19659 : protos = talloc_realloc(req, protos, const char *, protos_count + 1);
531 19659 : if (!protos) {
532 0 : smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
533 0 : return;
534 : }
535 19659 : protos[protos_count] = NULL;
536 19659 : len = req_pull_ascii4(&req->in.bufinfo, &protos[protos_count], p, STR_ASCII|STR_TERMINATE);
537 19659 : p += len;
538 19659 : if (len == 0 || !protos[protos_count]) break;
539 :
540 17342 : DEBUG(5,("Requested protocol [%d][%s]\n", protos_count, protos[protos_count]));
541 17342 : protos_count++;
542 : }
543 :
544 : /* Check for protocols, most desirable first */
545 3314 : for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
546 : int i;
547 :
548 3314 : if (supported_protocols[protocol].protocol_level > lpcfg_server_max_protocol(req->smb_conn->lp_ctx))
549 0 : continue;
550 3314 : if (supported_protocols[protocol].protocol_level < lpcfg_server_min_protocol(req->smb_conn->lp_ctx))
551 0 : continue;
552 :
553 49256 : for (i = 0; i < protos_count; i++) {
554 24865 : if (strcmp(supported_protocols[protocol].proto_name, protos[i]) != 0) continue;
555 :
556 2317 : supported_protocols[protocol].proto_reply_fn(req, i);
557 2317 : DEBUG(3,("Selected protocol [%d][%s]\n",
558 : i, supported_protocols[protocol].proto_name));
559 2317 : return;
560 : }
561 : }
562 :
563 0 : smbsrv_terminate_connection(req->smb_conn, "No protocol supported !");
564 : }
|
