Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Core SMB2 server
4 :
5 : Copyright (C) Stefan Metzmacher 2009
6 : Copyright (C) Jeremy Allison 2010
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "smbd/smbd.h"
24 : #include "smbd/globals.h"
25 : #include "../libcli/smb/smb_common.h"
26 : #include "../auth/gensec/gensec.h"
27 : #include "auth.h"
28 : #include "../lib/tsocket/tsocket.h"
29 : #include "../libcli/security/security.h"
30 : #include "../lib/util/tevent_ntstatus.h"
31 : #include "source3/lib/substitute.h"
32 :
33 : #include "lib/crypto/gnutls_helpers.h"
34 : #include <gnutls/gnutls.h>
35 : #include <gnutls/crypto.h>
36 :
37 : #undef DBGC_CLASS
38 : #define DBGC_CLASS DBGC_SMB2
39 :
40 : static struct tevent_req *smbd_smb2_session_setup_wrap_send(TALLOC_CTX *mem_ctx,
41 : struct tevent_context *ev,
42 : struct smbd_smb2_request *smb2req,
43 : uint64_t in_session_id,
44 : uint8_t in_flags,
45 : uint8_t in_security_mode,
46 : uint64_t in_previous_session_id,
47 : DATA_BLOB in_security_buffer);
48 : static NTSTATUS smbd_smb2_session_setup_wrap_recv(struct tevent_req *req,
49 : uint16_t *out_session_flags,
50 : TALLOC_CTX *mem_ctx,
51 : DATA_BLOB *out_security_buffer,
52 : uint64_t *out_session_id);
53 :
54 : static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq);
55 :
56 55373 : NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
57 : {
58 1110 : const uint8_t *inhdr;
59 1110 : const uint8_t *inbody;
60 1110 : uint64_t in_session_id;
61 1110 : uint8_t in_flags;
62 1110 : uint8_t in_security_mode;
63 1110 : uint64_t in_previous_session_id;
64 1110 : uint16_t in_security_offset;
65 1110 : uint16_t in_security_length;
66 1110 : DATA_BLOB in_security_buffer;
67 1110 : NTSTATUS status;
68 1110 : struct tevent_req *subreq;
69 :
70 55373 : status = smbd_smb2_request_verify_sizes(smb2req, 0x19);
71 55373 : if (!NT_STATUS_IS_OK(status)) {
72 0 : return smbd_smb2_request_error(smb2req, status);
73 : }
74 55373 : inhdr = SMBD_SMB2_IN_HDR_PTR(smb2req);
75 55373 : inbody = SMBD_SMB2_IN_BODY_PTR(smb2req);
76 :
77 55373 : in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
78 :
79 55373 : in_flags = CVAL(inbody, 0x02);
80 55373 : in_security_mode = CVAL(inbody, 0x03);
81 : /* Capabilities = IVAL(inbody, 0x04) */
82 : /* Channel = IVAL(inbody, 0x08) */
83 55373 : in_security_offset = SVAL(inbody, 0x0C);
84 55373 : in_security_length = SVAL(inbody, 0x0E);
85 55373 : in_previous_session_id = BVAL(inbody, 0x10);
86 :
87 55373 : if (in_security_offset != (SMB2_HDR_BODY + SMBD_SMB2_IN_BODY_LEN(smb2req))) {
88 0 : return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
89 : }
90 :
91 55373 : if (in_security_length > SMBD_SMB2_IN_DYN_LEN(smb2req)) {
92 0 : return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
93 : }
94 :
95 55373 : in_security_buffer.data = SMBD_SMB2_IN_DYN_PTR(smb2req);
96 55373 : in_security_buffer.length = in_security_length;
97 :
98 56483 : subreq = smbd_smb2_session_setup_wrap_send(smb2req,
99 55373 : smb2req->sconn->ev_ctx,
100 : smb2req,
101 : in_session_id,
102 : in_flags,
103 : in_security_mode,
104 : in_previous_session_id,
105 : in_security_buffer);
106 55373 : if (subreq == NULL) {
107 0 : return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
108 : }
109 55373 : tevent_req_set_callback(subreq, smbd_smb2_request_sesssetup_done, smb2req);
110 :
111 : /*
112 : * Avoid sending a STATUS_PENDING message, which
113 : * matches a Windows Server and avoids problems with
114 : * MacOS clients.
115 : *
116 : * Even after 90 seconds a Windows Server doesn't return
117 : * STATUS_PENDING if using NTLMSSP against a non reachable
118 : * trusted domain.
119 : */
120 55373 : return smbd_smb2_request_pending_queue(smb2req, subreq, 0);
121 : }
122 :
123 55373 : static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
124 : {
125 1110 : struct smbd_smb2_request *smb2req =
126 55373 : tevent_req_callback_data(subreq,
127 : struct smbd_smb2_request);
128 1110 : uint8_t *outhdr;
129 1110 : DATA_BLOB outbody;
130 1110 : DATA_BLOB outdyn;
131 55373 : uint16_t out_session_flags = 0;
132 55373 : uint64_t out_session_id = 0;
133 1110 : uint16_t out_security_offset;
134 55373 : DATA_BLOB out_security_buffer = data_blob_null;
135 1110 : NTSTATUS status;
136 1110 : NTSTATUS error; /* transport error */
137 :
138 55373 : status = smbd_smb2_session_setup_wrap_recv(subreq,
139 : &out_session_flags,
140 : smb2req,
141 : &out_security_buffer,
142 : &out_session_id);
143 55373 : TALLOC_FREE(subreq);
144 55373 : if (!NT_STATUS_IS_OK(status) &&
145 26597 : !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
146 3847 : status = nt_status_squash(status);
147 3847 : error = smbd_smb2_request_error(smb2req, status);
148 3847 : if (!NT_STATUS_IS_OK(error)) {
149 0 : smbd_server_connection_terminate(smb2req->xconn,
150 : nt_errstr(error));
151 3552 : return;
152 : }
153 3552 : return;
154 : }
155 :
156 51526 : out_security_offset = SMB2_HDR_BODY + 0x08;
157 :
158 51526 : outhdr = SMBD_SMB2_OUT_HDR_PTR(smb2req);
159 :
160 51526 : outbody = smbd_smb2_generate_outbody(smb2req, 0x08);
161 51526 : if (outbody.data == NULL) {
162 0 : error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
163 0 : if (!NT_STATUS_IS_OK(error)) {
164 0 : smbd_server_connection_terminate(smb2req->xconn,
165 : nt_errstr(error));
166 0 : return;
167 : }
168 0 : return;
169 : }
170 :
171 51526 : SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
172 :
173 51526 : SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
174 51526 : SSVAL(outbody.data, 0x02,
175 : out_session_flags); /* session flags */
176 51526 : SSVAL(outbody.data, 0x04,
177 : out_security_offset); /* security buffer offset */
178 51526 : SSVAL(outbody.data, 0x06,
179 : out_security_buffer.length); /* security buffer length */
180 :
181 51526 : outdyn = out_security_buffer;
182 :
183 51526 : error = smbd_smb2_request_done_ex(smb2req, status, outbody, &outdyn,
184 : __location__);
185 51526 : if (!NT_STATUS_IS_OK(error)) {
186 0 : smbd_server_connection_terminate(smb2req->xconn,
187 : nt_errstr(error));
188 0 : return;
189 : }
190 : }
191 :
192 27302 : static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
193 : struct smbXsrv_session_auth0 **_auth,
194 : struct smbd_smb2_request *smb2req,
195 : uint8_t in_security_mode,
196 : struct auth_session_info *session_info,
197 : uint16_t *out_session_flags,
198 : uint64_t *out_session_id)
199 : {
200 625 : NTSTATUS status;
201 27302 : bool guest = false;
202 27302 : struct smbXsrv_session *x = session;
203 27302 : struct smbXsrv_session_auth0 *auth = *_auth;
204 27302 : struct smbXsrv_connection *xconn = smb2req->xconn;
205 625 : size_t i;
206 27302 : struct smb2_signing_derivations derivations = {
207 : .signing = NULL,
208 : };
209 27302 : DATA_BLOB preauth_hash = data_blob_null;
210 :
211 27302 : *_auth = NULL;
212 :
213 27302 : if (xconn->protocol >= PROTOCOL_SMB3_11) {
214 603 : struct smbXsrv_preauth *preauth;
215 603 : gnutls_hash_hd_t hash_hnd;
216 603 : int rc;
217 :
218 24732 : preauth = talloc_move(smb2req, &auth->preauth);
219 :
220 24732 : rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512);
221 24732 : if (rc < 0) {
222 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
223 : }
224 25335 : rc = gnutls_hash(hash_hnd,
225 24732 : preauth->sha512_value,
226 : sizeof(preauth->sha512_value));
227 24732 : if (rc < 0) {
228 0 : gnutls_hash_deinit(hash_hnd, NULL);
229 0 : return NT_STATUS_ACCESS_DENIED;
230 : }
231 123660 : for (i = 1; i < smb2req->in.vector_count; i++) {
232 101340 : rc = gnutls_hash(hash_hnd,
233 98928 : smb2req->in.vector[i].iov_base,
234 98928 : smb2req->in.vector[i].iov_len);
235 98928 : if (rc < 0) {
236 0 : gnutls_hash_deinit(hash_hnd, NULL);
237 0 : return NT_STATUS_ACCESS_DENIED;
238 : }
239 : }
240 24732 : gnutls_hash_deinit(hash_hnd, preauth->sha512_value);
241 :
242 24732 : preauth_hash = data_blob_const(preauth->sha512_value,
243 : sizeof(preauth->sha512_value));
244 : }
245 :
246 27302 : smb2_signing_derivations_fill_const_stack(&derivations,
247 : xconn->protocol,
248 : preauth_hash);
249 :
250 27302 : if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
251 18019 : (xconn->smb2.server.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED))
252 : {
253 11325 : x->global->signing_flags = SMBXSRV_SIGNING_REQUIRED;
254 : }
255 :
256 27302 : if ((lp_server_smb_encrypt(-1) >= SMB_ENCRYPTION_DESIRED) &&
257 0 : (xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
258 0 : x->global->encryption_flags = SMBXSRV_ENCRYPTION_DESIRED;
259 : }
260 :
261 27302 : if (lp_server_smb_encrypt(-1) == SMB_ENCRYPTION_REQUIRED) {
262 0 : x->global->encryption_flags = SMBXSRV_ENCRYPTION_REQUIRED |
263 : SMBXSRV_ENCRYPTION_DESIRED;
264 : }
265 :
266 27302 : if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
267 751 : if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
268 22 : *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
269 : }
270 : /* force no signing */
271 751 : x->global->signing_flags &= ~SMBXSRV_SIGNING_REQUIRED;
272 : /* we map anonymous to guest internally */
273 751 : guest = true;
274 : }
275 :
276 26679 : if (guest && (x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED)) {
277 0 : DEBUG(1,("reject guest session as encryption is required\n"));
278 0 : return NT_STATUS_ACCESS_DENIED;
279 : }
280 :
281 27302 : if (xconn->smb2.server.cipher == 0) {
282 2714 : if (x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED) {
283 0 : DEBUG(1,("reject session with dialect[0x%04X] "
284 : "as encryption is required\n",
285 : xconn->smb2.server.dialect));
286 0 : return NT_STATUS_ACCESS_DENIED;
287 : }
288 : }
289 27302 : x->global->signing_algo = xconn->smb2.server.sign_algo;
290 27302 : x->global->encryption_cipher = xconn->smb2.server.cipher;
291 27302 : if (guest) {
292 751 : x->global->encryption_cipher = SMB2_ENCRYPTION_NONE;
293 : }
294 :
295 27302 : if (x->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED) {
296 0 : *out_session_flags |= SMB2_SESSION_FLAG_ENCRYPT_DATA;
297 : }
298 :
299 27927 : status = smb2_signing_key_sign_create(x->global,
300 27302 : x->global->signing_algo,
301 27302 : &session_info->session_key,
302 : derivations.signing,
303 26677 : &x->global->signing_key);
304 27302 : if (!NT_STATUS_IS_OK(status)) {
305 0 : return status;
306 : }
307 27302 : x->global->signing_key_blob = x->global->signing_key->blob;
308 :
309 27302 : if (x->global->encryption_cipher != SMB2_ENCRYPTION_NONE) {
310 609 : size_t nonce_size;
311 :
312 24526 : status = smb2_signing_key_cipher_create(x->global,
313 23308 : x->global->encryption_cipher,
314 23917 : &session_info->session_key,
315 : derivations.cipher_s2c,
316 23308 : &x->global->encryption_key);
317 23917 : if (!NT_STATUS_IS_OK(status)) {
318 0 : return status;
319 : }
320 23917 : x->global->encryption_key_blob = x->global->encryption_key->blob;
321 :
322 24526 : status = smb2_signing_key_cipher_create(x->global,
323 23917 : x->global->encryption_cipher,
324 23917 : &session_info->session_key,
325 : derivations.cipher_c2s,
326 23308 : &x->global->decryption_key);
327 23917 : if (!NT_STATUS_IS_OK(status)) {
328 0 : return status;
329 : }
330 23917 : x->global->decryption_key_blob = x->global->decryption_key->blob;
331 :
332 : /*
333 : * CCM and GCM algorithms must never have their
334 : * nonce wrap, or the security of the whole
335 : * communication and the keys is destroyed.
336 : * We must drop the connection once we have
337 : * transferred too much data.
338 : *
339 : * NOTE: We assume nonces greater than 8 bytes.
340 : */
341 23917 : generate_nonce_buffer((uint8_t *)&x->nonce_high_random,
342 : sizeof(x->nonce_high_random));
343 23917 : switch (xconn->smb2.server.cipher) {
344 112 : case SMB2_ENCRYPTION_AES128_CCM:
345 112 : nonce_size = SMB2_AES_128_CCM_NONCE_SIZE;
346 112 : break;
347 23763 : case SMB2_ENCRYPTION_AES128_GCM:
348 23763 : nonce_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_GCM);
349 23763 : break;
350 10 : case SMB2_ENCRYPTION_AES256_CCM:
351 10 : nonce_size = SMB2_AES_128_CCM_NONCE_SIZE;
352 10 : break;
353 12 : case SMB2_ENCRYPTION_AES256_GCM:
354 12 : nonce_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_256_GCM);
355 12 : break;
356 0 : default:
357 0 : nonce_size = 0;
358 0 : break;
359 : }
360 23917 : x->nonce_high_max = SMB2_NONCE_HIGH_MAX(nonce_size);
361 23917 : x->nonce_high = 0;
362 23917 : x->nonce_low = 0;
363 : }
364 :
365 27927 : status = smb2_signing_key_sign_create(x->global,
366 27302 : x->global->signing_algo,
367 27302 : &session_info->session_key,
368 : derivations.application,
369 27302 : &x->global->application_key);
370 27302 : if (!NT_STATUS_IS_OK(status)) {
371 0 : return status;
372 : }
373 27302 : x->global->application_key_blob = x->global->application_key->blob;
374 :
375 27302 : if (xconn->protocol >= PROTOCOL_SMB3_00 && lp_debug_encryption()) {
376 0 : DEBUG(0, ("debug encryption: dumping generated session keys\n"));
377 0 : DEBUGADD(0, ("Session Id "));
378 0 : dump_data(0, (uint8_t*)&session->global->session_wire_id,
379 : sizeof(session->global->session_wire_id));
380 0 : DEBUGADD(0, ("Session Key "));
381 0 : dump_data(0, session_info->session_key.data,
382 0 : session_info->session_key.length);
383 0 : DEBUGADD(0, ("Signing Algo: %u\n", x->global->signing_algo));
384 0 : DEBUGADD(0, ("Signing Key "));
385 0 : dump_data(0, x->global->signing_key_blob.data,
386 0 : x->global->signing_key_blob.length);
387 0 : DEBUGADD(0, ("App Key "));
388 0 : dump_data(0, x->global->application_key_blob.data,
389 0 : x->global->application_key_blob.length);
390 :
391 : /* In server code, ServerIn is the decryption key */
392 :
393 0 : DEBUGADD(0, ("Cipher Algo: %u\n", x->global->encryption_cipher));
394 0 : DEBUGADD(0, ("ServerIn Key "));
395 0 : dump_data(0, x->global->decryption_key_blob.data,
396 0 : x->global->decryption_key_blob.length);
397 0 : DEBUGADD(0, ("ServerOut Key "));
398 0 : dump_data(0, x->global->encryption_key_blob.data,
399 0 : x->global->encryption_key_blob.length);
400 : }
401 :
402 27927 : status = smb2_signing_key_copy(x->global->channels,
403 27302 : x->global->signing_key,
404 27302 : &x->global->channels[0].signing_key);
405 27302 : if (!NT_STATUS_IS_OK(status)) {
406 0 : return status;
407 : }
408 27302 : x->global->channels[0].signing_key_blob =
409 27302 : x->global->channels[0].signing_key->blob;
410 27302 : x->global->channels[0].signing_algo = x->global->signing_algo;
411 27302 : x->global->channels[0].encryption_cipher = x->global->encryption_cipher;
412 :
413 27302 : data_blob_clear_free(&session_info->session_key);
414 27302 : session_info->session_key = data_blob_dup_talloc(session_info,
415 : x->global->application_key_blob);
416 27302 : if (session_info->session_key.data == NULL) {
417 0 : return NT_STATUS_NO_MEMORY;
418 : }
419 27302 : talloc_keep_secret(session_info->session_key.data);
420 :
421 27302 : smb2req->sconn->num_users++;
422 :
423 27302 : if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
424 27174 : session->homes_snum =
425 26551 : register_homes_share(session_info->unix_info->unix_name);
426 : }
427 :
428 27302 : set_current_user_info(session_info->unix_info->sanitized_username,
429 27302 : session_info->unix_info->unix_name,
430 27302 : session_info->info->domain_name);
431 :
432 27302 : reload_services(smb2req->sconn, conn_snum_used, true);
433 :
434 27302 : session->status = NT_STATUS_OK;
435 27302 : session->global->auth_session_info = talloc_move(session->global,
436 : &session_info);
437 27302 : session->global->auth_session_info_seqnum += 1;
438 54604 : for (i=0; i < session->global->num_channels; i++) {
439 27302 : struct smbXsrv_channel_global0 *_c =
440 27302 : &session->global->channels[i];
441 :
442 27302 : _c->auth_session_info_seqnum =
443 26677 : session->global->auth_session_info_seqnum;
444 : }
445 27302 : session->global->auth_time = timeval_to_nttime(&smb2req->request_time);
446 27302 : session->global->expiration_time = gensec_expire_time(auth->gensec);
447 :
448 27302 : if (!session_claim(session)) {
449 0 : DEBUG(1, ("smb2: Failed to claim session "
450 : "for vuid=%llu\n",
451 : (unsigned long long)session->global->session_wire_id));
452 0 : return NT_STATUS_LOGON_FAILURE;
453 : }
454 :
455 27302 : TALLOC_FREE(auth);
456 27302 : status = smbXsrv_session_update(session);
457 27302 : if (!NT_STATUS_IS_OK(status)) {
458 0 : DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
459 : (unsigned long long)session->global->session_wire_id,
460 : nt_errstr(status)));
461 0 : return NT_STATUS_LOGON_FAILURE;
462 : }
463 :
464 : /*
465 : * we attach the session to the request
466 : * so that the response can be signed
467 : */
468 27302 : if (!guest) {
469 26551 : smb2req->do_signing = true;
470 : }
471 :
472 27302 : global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
473 :
474 27302 : *out_session_id = session->global->session_wire_id;
475 27302 : smb2req->last_session_id = session->global->session_wire_id;
476 :
477 27302 : return NT_STATUS_OK;
478 : }
479 :
480 143 : static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
481 : struct smbXsrv_session_auth0 **_auth,
482 : struct smbd_smb2_request *smb2req,
483 : struct auth_session_info *session_info,
484 : uint16_t *out_session_flags,
485 : uint64_t *out_session_id)
486 : {
487 24 : NTSTATUS status;
488 143 : struct smbXsrv_session *x = session;
489 143 : struct smbXsrv_session_auth0 *auth = *_auth;
490 143 : struct smbXsrv_connection *xconn = smb2req->xconn;
491 24 : size_t i;
492 :
493 143 : *_auth = NULL;
494 :
495 143 : data_blob_clear_free(&session_info->session_key);
496 143 : session_info->session_key = data_blob_dup_talloc(session_info,
497 : x->global->application_key_blob);
498 143 : if (session_info->session_key.data == NULL) {
499 0 : return NT_STATUS_NO_MEMORY;
500 : }
501 143 : talloc_keep_secret(session_info->session_key.data);
502 :
503 167 : session->homes_snum =
504 143 : register_homes_share(session_info->unix_info->unix_name);
505 :
506 143 : set_current_user_info(session_info->unix_info->sanitized_username,
507 143 : session_info->unix_info->unix_name,
508 143 : session_info->info->domain_name);
509 :
510 143 : reload_services(smb2req->sconn, conn_snum_used, true);
511 :
512 143 : if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
513 95 : smb2req->do_signing = true;
514 : }
515 :
516 143 : session->status = NT_STATUS_OK;
517 143 : TALLOC_FREE(session->global->auth_session_info);
518 143 : session->global->auth_session_info = talloc_move(session->global,
519 : &session_info);
520 143 : session->global->auth_session_info_seqnum += 1;
521 286 : for (i=0; i < session->global->num_channels; i++) {
522 143 : struct smbXsrv_channel_global0 *_c =
523 143 : &session->global->channels[i];
524 :
525 143 : _c->auth_session_info_seqnum =
526 119 : session->global->auth_session_info_seqnum;
527 : }
528 143 : session->global->auth_time = timeval_to_nttime(&smb2req->request_time);
529 143 : session->global->expiration_time = gensec_expire_time(auth->gensec);
530 :
531 143 : TALLOC_FREE(auth);
532 143 : status = smbXsrv_session_update(session);
533 143 : if (!NT_STATUS_IS_OK(status)) {
534 0 : DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
535 : (unsigned long long)session->global->session_wire_id,
536 : nt_errstr(status)));
537 0 : return NT_STATUS_LOGON_FAILURE;
538 : }
539 :
540 143 : conn_clear_vuid_caches(xconn->client->sconn,
541 143 : session->global->session_wire_id);
542 :
543 143 : *out_session_id = session->global->session_wire_id;
544 :
545 143 : return NT_STATUS_OK;
546 : }
547 :
548 896 : static NTSTATUS smbd_smb2_bind_auth_return(struct smbXsrv_session *session,
549 : struct smbXsrv_session_auth0 **_auth,
550 : struct smbd_smb2_request *smb2req,
551 : struct auth_session_info *session_info,
552 : uint16_t *out_session_flags,
553 : uint64_t *out_session_id)
554 : {
555 20 : NTSTATUS status;
556 896 : struct smbXsrv_session *x = session;
557 896 : struct smbXsrv_session_auth0 *auth = *_auth;
558 896 : struct smbXsrv_connection *xconn = smb2req->xconn;
559 896 : struct smbXsrv_channel_global0 *c = NULL;
560 20 : size_t i;
561 896 : struct smb2_signing_derivations derivations = {
562 : .signing = NULL,
563 : };
564 896 : DATA_BLOB preauth_hash = data_blob_null;
565 20 : bool ok;
566 :
567 896 : *_auth = NULL;
568 :
569 896 : if (xconn->protocol >= PROTOCOL_SMB3_11) {
570 20 : struct smbXsrv_preauth *preauth;
571 896 : gnutls_hash_hd_t hash_hnd = NULL;
572 20 : int rc;
573 :
574 896 : preauth = talloc_move(smb2req, &auth->preauth);
575 :
576 896 : rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512);
577 896 : if (rc < 0) {
578 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
579 : }
580 :
581 916 : rc = gnutls_hash(hash_hnd,
582 896 : preauth->sha512_value,
583 : sizeof(preauth->sha512_value));
584 896 : if (rc < 0) {
585 0 : gnutls_hash_deinit(hash_hnd, NULL);
586 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
587 : }
588 4480 : for (i = 1; i < smb2req->in.vector_count; i++) {
589 3664 : rc = gnutls_hash(hash_hnd,
590 3584 : smb2req->in.vector[i].iov_base,
591 3584 : smb2req->in.vector[i].iov_len);
592 3584 : if (rc < 0) {
593 0 : gnutls_hash_deinit(hash_hnd, NULL);
594 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
595 : }
596 : }
597 896 : gnutls_hash_deinit(hash_hnd, preauth->sha512_value);
598 :
599 896 : preauth_hash = data_blob_const(preauth->sha512_value,
600 : sizeof(preauth->sha512_value));
601 : }
602 :
603 896 : smb2_signing_derivations_fill_const_stack(&derivations,
604 : xconn->protocol,
605 : preauth_hash);
606 :
607 896 : status = smbXsrv_session_find_channel(session, xconn, &c);
608 896 : if (!NT_STATUS_IS_OK(status)) {
609 0 : return status;
610 : }
611 :
612 916 : ok = security_token_is_sid(session_info->security_token,
613 896 : &x->global->auth_session_info->security_token->sids[0]);
614 896 : if (!ok) {
615 8 : return NT_STATUS_ACCESS_DENIED;
616 : }
617 :
618 888 : if (session_info->session_key.length == 0) {
619 : /* See [MS-SMB2] 3.3.5.2.4 for the return code. */
620 0 : return NT_STATUS_NOT_SUPPORTED;
621 : }
622 :
623 888 : c->signing_algo = xconn->smb2.server.sign_algo;
624 888 : c->encryption_cipher = xconn->smb2.server.cipher;
625 :
626 906 : status = smb2_signing_key_sign_create(x->global->channels,
627 870 : c->signing_algo,
628 888 : &session_info->session_key,
629 : derivations.signing,
630 870 : &c->signing_key);
631 888 : if (!NT_STATUS_IS_OK(status)) {
632 0 : return status;
633 : }
634 888 : c->signing_key_blob = c->signing_key->blob;
635 :
636 888 : TALLOC_FREE(auth);
637 888 : status = smbXsrv_session_update(session);
638 888 : if (!NT_STATUS_IS_OK(status)) {
639 0 : DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n",
640 : (unsigned long long)session->global->session_wire_id,
641 : nt_errstr(status)));
642 0 : return NT_STATUS_LOGON_FAILURE;
643 : }
644 :
645 888 : *out_session_id = session->global->session_wire_id;
646 :
647 888 : return NT_STATUS_OK;
648 : }
649 :
650 : struct smbd_smb2_session_setup_state {
651 : struct tevent_context *ev;
652 : struct smbd_smb2_request *smb2req;
653 : uint64_t in_session_id;
654 : uint8_t in_flags;
655 : uint8_t in_security_mode;
656 : uint64_t in_previous_session_id;
657 : DATA_BLOB in_security_buffer;
658 : struct smbXsrv_session *session;
659 : struct smbXsrv_session_auth0 *auth;
660 : struct auth_session_info *session_info;
661 : uint16_t out_session_flags;
662 : DATA_BLOB out_security_buffer;
663 : uint64_t out_session_id;
664 : };
665 :
666 : static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq);
667 : static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq);
668 : static void smbd_smb2_session_setup_auth_return(struct tevent_req *req);
669 :
670 55373 : static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
671 : struct tevent_context *ev,
672 : struct smbd_smb2_request *smb2req,
673 : uint64_t in_session_id,
674 : uint8_t in_flags,
675 : uint8_t in_security_mode,
676 : uint64_t in_previous_session_id,
677 : DATA_BLOB in_security_buffer)
678 : {
679 1110 : struct tevent_req *req;
680 1110 : struct smbd_smb2_session_setup_state *state;
681 1110 : NTSTATUS status;
682 55373 : NTTIME now = timeval_to_nttime(&smb2req->request_time);
683 1110 : struct tevent_req *subreq;
684 55373 : struct smbXsrv_channel_global0 *c = NULL;
685 1110 : enum security_user_level seclvl;
686 :
687 55373 : req = tevent_req_create(mem_ctx, &state,
688 : struct smbd_smb2_session_setup_state);
689 55373 : if (req == NULL) {
690 0 : return NULL;
691 : }
692 55373 : state->ev = ev;
693 55373 : state->smb2req = smb2req;
694 55373 : state->in_session_id = in_session_id;
695 55373 : state->in_flags = in_flags;
696 55373 : state->in_security_mode = in_security_mode;
697 55373 : state->in_previous_session_id = in_previous_session_id;
698 55373 : state->in_security_buffer = in_security_buffer;
699 :
700 55373 : if (in_flags & SMB2_SESSION_FLAG_BINDING) {
701 2264 : if (in_session_id == 0) {
702 0 : tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
703 0 : return tevent_req_post(req, ev);
704 : }
705 :
706 2264 : if (smb2req->session == NULL) {
707 0 : tevent_req_nterror(req, NT_STATUS_USER_SESSION_DELETED);
708 0 : return tevent_req_post(req, ev);
709 : }
710 :
711 2264 : if ((smb2req->session->global->signing_algo >= SMB2_SIGNING_AES128_GMAC) &&
712 1734 : (smb2req->xconn->smb2.server.sign_algo != smb2req->session->global->signing_algo))
713 : {
714 280 : tevent_req_nterror(req, NT_STATUS_REQUEST_OUT_OF_SEQUENCE);
715 280 : return tevent_req_post(req, ev);
716 : }
717 1984 : if ((smb2req->xconn->smb2.server.sign_algo >= SMB2_SIGNING_AES128_GMAC) &&
718 1650 : (smb2req->session->global->signing_algo != smb2req->xconn->smb2.server.sign_algo))
719 : {
720 280 : tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
721 280 : return tevent_req_post(req, ev);
722 : }
723 :
724 1704 : if (smb2req->xconn->protocol < PROTOCOL_SMB3_00) {
725 100 : tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
726 100 : return tevent_req_post(req, ev);
727 : }
728 :
729 1604 : if (!smb2req->xconn->client->server_multi_channel_enabled) {
730 0 : tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
731 0 : return tevent_req_post(req, ev);
732 : }
733 :
734 1604 : if (!smb2req->do_signing) {
735 0 : tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
736 0 : return tevent_req_post(req, ev);
737 : }
738 :
739 1604 : if (smb2req->session->global->connection_dialect
740 1604 : != smb2req->xconn->smb2.server.dialect)
741 : {
742 88 : tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
743 88 : return tevent_req_post(req, ev);
744 : }
745 :
746 1516 : if (smb2req->session->global->encryption_cipher
747 1516 : != smb2req->xconn->smb2.server.cipher)
748 : {
749 48 : tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
750 48 : return tevent_req_post(req, ev);
751 : }
752 :
753 1468 : status = smb2req->session->status;
754 1468 : if (NT_STATUS_EQUAL(status, NT_STATUS_BAD_LOGON_SESSION_STATE)) {
755 : /*
756 : * This comes from smb2srv_session_lookup_global().
757 : * And it's a cross node/cross smbd session bind,
758 : * which can't work in our architecture.
759 : *
760 : * Returning NT_STATUS_REQUEST_NOT_ACCEPTED is better
761 : * than NT_STATUS_USER_SESSION_DELETED in order to
762 : * avoid a completely new session.
763 : */
764 24 : tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
765 24 : return tevent_req_post(req, ev);
766 : }
767 :
768 1444 : status = smbXsrv_session_find_channel(smb2req->session,
769 1410 : smb2req->xconn,
770 : &c);
771 1444 : if (NT_STATUS_IS_OK(status)) {
772 534 : if (!smb2_signing_key_valid(c->signing_key)) {
773 534 : goto auth;
774 : }
775 0 : tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
776 0 : return tevent_req_post(req, ev);
777 : }
778 :
779 932 : seclvl = security_session_user_level(
780 910 : smb2req->session->global->auth_session_info,
781 : NULL);
782 910 : if (seclvl < SECURITY_USER) {
783 0 : tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
784 0 : return tevent_req_post(req, ev);
785 : }
786 :
787 910 : status = smbXsrv_session_add_channel(smb2req->session,
788 : smb2req->xconn,
789 : now,
790 : &c);
791 910 : if (tevent_req_nterror(req, status)) {
792 4 : return tevent_req_post(req, ev);
793 : }
794 :
795 906 : status = smbXsrv_session_update(smb2req->session);
796 906 : if (tevent_req_nterror(req, status)) {
797 0 : return tevent_req_post(req, ev);
798 : }
799 : }
800 :
801 54015 : auth:
802 :
803 54549 : if (state->in_session_id == 0) {
804 : /* create a new session */
805 29480 : status = smbXsrv_session_create(state->smb2req->xconn,
806 28853 : now, &state->session);
807 29480 : if (tevent_req_nterror(req, status)) {
808 0 : return tevent_req_post(req, ev);
809 : }
810 29480 : smb2req->session = state->session;
811 : } else {
812 25069 : if (smb2req->session == NULL) {
813 0 : tevent_req_nterror(req, NT_STATUS_USER_SESSION_DELETED);
814 0 : return tevent_req_post(req, ev);
815 : }
816 :
817 25069 : state->session = smb2req->session;
818 25069 : status = state->session->status;
819 25069 : if (NT_STATUS_EQUAL(status, NT_STATUS_BAD_LOGON_SESSION_STATE)) {
820 : /*
821 : * This comes from smb2srv_session_lookup_global().
822 : */
823 592 : tevent_req_nterror(req, NT_STATUS_USER_SESSION_DELETED);
824 592 : return tevent_req_post(req, ev);
825 : }
826 24477 : if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
827 30 : status = NT_STATUS_OK;
828 : }
829 24477 : if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
830 22659 : status = NT_STATUS_OK;
831 : }
832 24477 : if (tevent_req_nterror(req, status)) {
833 0 : return tevent_req_post(req, ev);
834 : }
835 : }
836 :
837 54817 : status = smbXsrv_session_find_channel(smb2req->session,
838 53957 : smb2req->xconn, &c);
839 53957 : if (tevent_req_nterror(req, status)) {
840 204 : return tevent_req_post(req, ev);
841 : }
842 :
843 53753 : if (!(in_flags & SMB2_SESSION_FLAG_BINDING)) {
844 52313 : state->session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
845 : }
846 :
847 54579 : status = smbXsrv_session_find_auth(state->session, smb2req->xconn,
848 53753 : now, &state->auth);
849 53753 : if (!NT_STATUS_IS_OK(status)) {
850 31238 : status = smbXsrv_session_create_auth(state->session,
851 : smb2req->xconn, now,
852 : in_flags, in_security_mode,
853 30560 : &state->auth);
854 30560 : if (tevent_req_nterror(req, status)) {
855 0 : return tevent_req_post(req, ev);
856 : }
857 : }
858 :
859 53753 : if (state->auth->gensec == NULL) {
860 31238 : status = auth_generic_prepare(state->auth,
861 29882 : state->smb2req->xconn->remote_address,
862 30560 : state->smb2req->xconn->local_address,
863 : "SMB2",
864 29882 : &state->auth->gensec);
865 30560 : if (tevent_req_nterror(req, status)) {
866 0 : return tevent_req_post(req, ev);
867 : }
868 :
869 30560 : gensec_want_feature(state->auth->gensec, GENSEC_FEATURE_SESSION_KEY);
870 30560 : gensec_want_feature(state->auth->gensec, GENSEC_FEATURE_UNIX_TOKEN);
871 30560 : gensec_want_feature(state->auth->gensec, GENSEC_FEATURE_SMB_TRANSPORT);
872 :
873 30560 : status = gensec_start_mech_by_oid(state->auth->gensec,
874 : GENSEC_OID_SPNEGO);
875 30560 : if (tevent_req_nterror(req, status)) {
876 0 : return tevent_req_post(req, ev);
877 : }
878 : }
879 :
880 53753 : status = smbXsrv_session_update(state->session);
881 53753 : if (tevent_req_nterror(req, status)) {
882 0 : return tevent_req_post(req, ev);
883 : }
884 :
885 53753 : become_root();
886 54579 : subreq = gensec_update_send(state, state->ev,
887 53753 : state->auth->gensec,
888 53753 : state->in_security_buffer);
889 53753 : unbecome_root();
890 53753 : if (tevent_req_nomem(subreq, req)) {
891 0 : return tevent_req_post(req, ev);
892 : }
893 53753 : tevent_req_set_callback(subreq, smbd_smb2_session_setup_gensec_done, req);
894 :
895 53753 : return req;
896 : }
897 :
898 53753 : static void smbd_smb2_session_setup_gensec_done(struct tevent_req *subreq)
899 : {
900 826 : struct tevent_req *req =
901 53753 : tevent_req_callback_data(subreq,
902 : struct tevent_req);
903 826 : struct smbd_smb2_session_setup_state *state =
904 53753 : tevent_req_data(req,
905 : struct smbd_smb2_session_setup_state);
906 826 : NTSTATUS status;
907 :
908 53753 : become_root();
909 53753 : status = gensec_update_recv(subreq, state,
910 : &state->out_security_buffer);
911 53753 : unbecome_root();
912 53753 : TALLOC_FREE(subreq);
913 53753 : if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
914 30560 : !NT_STATUS_IS_OK(status)) {
915 2212 : tevent_req_nterror(req, status);
916 2212 : return;
917 : }
918 :
919 51541 : if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
920 23193 : state->out_session_id = state->session->global->session_wire_id;
921 23193 : state->smb2req->preauth = state->auth->preauth;
922 23193 : tevent_req_nterror(req, status);
923 23193 : return;
924 : }
925 :
926 28348 : status = gensec_session_info(state->auth->gensec,
927 : state,
928 : &state->session_info);
929 28348 : if (tevent_req_nterror(req, status)) {
930 7 : return;
931 : }
932 :
933 28341 : if ((state->in_previous_session_id != 0) &&
934 103 : (state->session->global->session_wire_id !=
935 99 : state->in_previous_session_id))
936 : {
937 107 : subreq = smb2srv_session_close_previous_send(state, state->ev,
938 103 : state->smb2req->xconn,
939 : state->session_info,
940 : state->in_previous_session_id,
941 99 : state->session->global->session_wire_id);
942 103 : if (tevent_req_nomem(subreq, req)) {
943 0 : return;
944 : }
945 103 : tevent_req_set_callback(subreq,
946 : smbd_smb2_session_setup_previous_done,
947 : req);
948 103 : return;
949 : }
950 :
951 28238 : smbd_smb2_session_setup_auth_return(req);
952 : }
953 :
954 103 : static void smbd_smb2_session_setup_previous_done(struct tevent_req *subreq)
955 : {
956 4 : struct tevent_req *req =
957 103 : tevent_req_callback_data(subreq,
958 : struct tevent_req);
959 4 : NTSTATUS status;
960 :
961 103 : status = smb2srv_session_close_previous_recv(subreq);
962 103 : TALLOC_FREE(subreq);
963 103 : if (tevent_req_nterror(req, status)) {
964 0 : return;
965 : }
966 :
967 103 : smbd_smb2_session_setup_auth_return(req);
968 : }
969 :
970 28341 : static void smbd_smb2_session_setup_auth_return(struct tevent_req *req)
971 : {
972 669 : struct smbd_smb2_session_setup_state *state =
973 28341 : tevent_req_data(req,
974 : struct smbd_smb2_session_setup_state);
975 669 : NTSTATUS status;
976 :
977 28341 : if (state->in_flags & SMB2_SESSION_FLAG_BINDING) {
978 896 : status = smbd_smb2_bind_auth_return(state->session,
979 : &state->auth,
980 : state->smb2req,
981 : state->session_info,
982 : &state->out_session_flags,
983 : &state->out_session_id);
984 896 : if (tevent_req_nterror(req, status)) {
985 6 : return;
986 : }
987 888 : tevent_req_done(req);
988 888 : return;
989 : }
990 :
991 27445 : if (state->session->global->auth_session_info != NULL) {
992 143 : status = smbd_smb2_reauth_generic_return(state->session,
993 : &state->auth,
994 : state->smb2req,
995 : state->session_info,
996 : &state->out_session_flags,
997 : &state->out_session_id);
998 143 : if (tevent_req_nterror(req, status)) {
999 0 : return;
1000 : }
1001 143 : tevent_req_done(req);
1002 143 : return;
1003 : }
1004 :
1005 27302 : status = smbd_smb2_auth_generic_return(state->session,
1006 : &state->auth,
1007 : state->smb2req,
1008 27302 : state->in_security_mode,
1009 : state->session_info,
1010 : &state->out_session_flags,
1011 : &state->out_session_id);
1012 27302 : if (tevent_req_nterror(req, status)) {
1013 0 : return;
1014 : }
1015 :
1016 27302 : tevent_req_done(req);
1017 27302 : return;
1018 : }
1019 :
1020 55373 : static NTSTATUS smbd_smb2_session_setup_recv(struct tevent_req *req,
1021 : uint16_t *out_session_flags,
1022 : TALLOC_CTX *mem_ctx,
1023 : DATA_BLOB *out_security_buffer,
1024 : uint64_t *out_session_id)
1025 : {
1026 1110 : struct smbd_smb2_session_setup_state *state =
1027 55373 : tevent_req_data(req,
1028 : struct smbd_smb2_session_setup_state);
1029 1110 : NTSTATUS status;
1030 :
1031 55373 : if (tevent_req_is_nterror(req, &status)) {
1032 27040 : if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1033 3847 : tevent_req_received(req);
1034 3847 : return nt_status_squash(status);
1035 : }
1036 : } else {
1037 28333 : status = NT_STATUS_OK;
1038 : }
1039 :
1040 51526 : *out_session_flags = state->out_session_flags;
1041 51526 : *out_security_buffer = state->out_security_buffer;
1042 51526 : *out_session_id = state->out_session_id;
1043 :
1044 51526 : talloc_steal(mem_ctx, out_security_buffer->data);
1045 51526 : tevent_req_received(req);
1046 51526 : return status;
1047 : }
1048 :
1049 : struct smbd_smb2_session_setup_wrap_state {
1050 : struct tevent_context *ev;
1051 : struct smbd_smb2_request *smb2req;
1052 : uint64_t in_session_id;
1053 : uint8_t in_flags;
1054 : uint8_t in_security_mode;
1055 : uint64_t in_previous_session_id;
1056 : DATA_BLOB in_security_buffer;
1057 : uint16_t out_session_flags;
1058 : DATA_BLOB out_security_buffer;
1059 : uint64_t out_session_id;
1060 : NTSTATUS error;
1061 : };
1062 :
1063 : static void smbd_smb2_session_setup_wrap_setup_done(struct tevent_req *subreq);
1064 : static void smbd_smb2_session_setup_wrap_shutdown_done(struct tevent_req *subreq);
1065 :
1066 55373 : static struct tevent_req *smbd_smb2_session_setup_wrap_send(TALLOC_CTX *mem_ctx,
1067 : struct tevent_context *ev,
1068 : struct smbd_smb2_request *smb2req,
1069 : uint64_t in_session_id,
1070 : uint8_t in_flags,
1071 : uint8_t in_security_mode,
1072 : uint64_t in_previous_session_id,
1073 : DATA_BLOB in_security_buffer)
1074 : {
1075 1110 : struct tevent_req *req;
1076 1110 : struct smbd_smb2_session_setup_wrap_state *state;
1077 1110 : struct tevent_req *subreq;
1078 :
1079 55373 : req = tevent_req_create(mem_ctx, &state,
1080 : struct smbd_smb2_session_setup_wrap_state);
1081 55373 : if (req == NULL) {
1082 0 : return NULL;
1083 : }
1084 55373 : state->ev = ev;
1085 55373 : state->smb2req = smb2req;
1086 55373 : state->in_session_id = in_session_id;
1087 55373 : state->in_flags = in_flags;
1088 55373 : state->in_security_mode = in_security_mode;
1089 55373 : state->in_previous_session_id = in_previous_session_id;
1090 55373 : state->in_security_buffer = in_security_buffer;
1091 :
1092 55373 : subreq = smbd_smb2_session_setup_send(state, state->ev,
1093 54263 : state->smb2req,
1094 54263 : state->in_session_id,
1095 54263 : state->in_flags,
1096 54263 : state->in_security_mode,
1097 54263 : state->in_previous_session_id,
1098 54263 : state->in_security_buffer);
1099 55373 : if (tevent_req_nomem(subreq, req)) {
1100 0 : return tevent_req_post(req, ev);
1101 : }
1102 55373 : tevent_req_set_callback(subreq,
1103 : smbd_smb2_session_setup_wrap_setup_done, req);
1104 :
1105 55373 : return req;
1106 : }
1107 :
1108 55373 : static void smbd_smb2_session_setup_wrap_setup_done(struct tevent_req *subreq)
1109 : {
1110 1110 : struct tevent_req *req =
1111 55373 : tevent_req_callback_data(subreq,
1112 : struct tevent_req);
1113 1110 : struct smbd_smb2_session_setup_wrap_state *state =
1114 55373 : tevent_req_data(req,
1115 : struct smbd_smb2_session_setup_wrap_state);
1116 1110 : NTSTATUS status;
1117 :
1118 55373 : status = smbd_smb2_session_setup_recv(subreq,
1119 : &state->out_session_flags,
1120 : state,
1121 : &state->out_security_buffer,
1122 : &state->out_session_id);
1123 55373 : TALLOC_FREE(subreq);
1124 55373 : if (NT_STATUS_IS_OK(status)) {
1125 28333 : tevent_req_done(req);
1126 52728 : return;
1127 : }
1128 27040 : if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1129 23193 : tevent_req_nterror(req, status);
1130 23193 : return;
1131 : }
1132 :
1133 3847 : if (state->smb2req->session == NULL) {
1134 0 : tevent_req_nterror(req, status);
1135 0 : return;
1136 : }
1137 :
1138 3847 : state->error = status;
1139 :
1140 3847 : if (state->in_flags & SMB2_SESSION_FLAG_BINDING) {
1141 842 : status = smbXsrv_session_remove_channel(state->smb2req->session,
1142 694 : state->smb2req->xconn);
1143 842 : if (tevent_req_nterror(req, status)) {
1144 0 : return;
1145 : }
1146 842 : tevent_req_nterror(req, state->error);
1147 842 : return;
1148 : }
1149 :
1150 3005 : if (NT_STATUS_EQUAL(state->error, NT_STATUS_USER_SESSION_DELETED)) {
1151 796 : tevent_req_nterror(req, state->error);
1152 796 : return;
1153 : }
1154 :
1155 2209 : subreq = smb2srv_session_shutdown_send(state, state->ev,
1156 2202 : state->smb2req->session,
1157 : state->smb2req);
1158 2209 : if (tevent_req_nomem(subreq, req)) {
1159 0 : return;
1160 : }
1161 2209 : tevent_req_set_callback(subreq,
1162 : smbd_smb2_session_setup_wrap_shutdown_done,
1163 : req);
1164 : }
1165 :
1166 2209 : static void smbd_smb2_session_setup_wrap_shutdown_done(struct tevent_req *subreq)
1167 : {
1168 7 : struct tevent_req *req =
1169 2209 : tevent_req_callback_data(subreq,
1170 : struct tevent_req);
1171 7 : struct smbd_smb2_session_setup_wrap_state *state =
1172 2209 : tevent_req_data(req,
1173 : struct smbd_smb2_session_setup_wrap_state);
1174 7 : NTSTATUS status;
1175 :
1176 2209 : status = smb2srv_session_shutdown_recv(subreq);
1177 2209 : TALLOC_FREE(subreq);
1178 2209 : if (tevent_req_nterror(req, status)) {
1179 0 : return;
1180 : }
1181 :
1182 : /*
1183 : * we may need to sign the response, so we need to keep
1184 : * the session until the response is sent to the wire.
1185 : */
1186 2209 : talloc_steal(state->smb2req, state->smb2req->session);
1187 :
1188 2209 : tevent_req_nterror(req, state->error);
1189 : }
1190 :
1191 55373 : static NTSTATUS smbd_smb2_session_setup_wrap_recv(struct tevent_req *req,
1192 : uint16_t *out_session_flags,
1193 : TALLOC_CTX *mem_ctx,
1194 : DATA_BLOB *out_security_buffer,
1195 : uint64_t *out_session_id)
1196 : {
1197 1110 : struct smbd_smb2_session_setup_wrap_state *state =
1198 55373 : tevent_req_data(req,
1199 : struct smbd_smb2_session_setup_wrap_state);
1200 1110 : NTSTATUS status;
1201 :
1202 55373 : if (tevent_req_is_nterror(req, &status)) {
1203 27040 : if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1204 3847 : tevent_req_received(req);
1205 3847 : return nt_status_squash(status);
1206 : }
1207 : } else {
1208 28333 : status = NT_STATUS_OK;
1209 : }
1210 :
1211 51526 : *out_session_flags = state->out_session_flags;
1212 51526 : *out_security_buffer = state->out_security_buffer;
1213 51526 : *out_session_id = state->out_session_id;
1214 :
1215 51526 : talloc_steal(mem_ctx, out_security_buffer->data);
1216 51526 : tevent_req_received(req);
1217 51526 : return status;
1218 : }
1219 :
1220 : static struct tevent_req *smbd_smb2_logoff_send(TALLOC_CTX *mem_ctx,
1221 : struct tevent_context *ev,
1222 : struct smbd_smb2_request *smb2req);
1223 : static NTSTATUS smbd_smb2_logoff_recv(struct tevent_req *req);
1224 : static void smbd_smb2_request_logoff_done(struct tevent_req *subreq);
1225 :
1226 164 : NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
1227 : {
1228 6 : NTSTATUS status;
1229 164 : struct tevent_req *subreq = NULL;
1230 :
1231 164 : status = smbd_smb2_request_verify_sizes(req, 0x04);
1232 164 : if (!NT_STATUS_IS_OK(status)) {
1233 0 : return smbd_smb2_request_error(req, status);
1234 : }
1235 :
1236 164 : subreq = smbd_smb2_logoff_send(req, req->sconn->ev_ctx, req);
1237 164 : if (subreq == NULL) {
1238 0 : return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
1239 : }
1240 164 : tevent_req_set_callback(subreq, smbd_smb2_request_logoff_done, req);
1241 :
1242 : /*
1243 : * Avoid sending a STATUS_PENDING message, it's very likely
1244 : * the client won't expect that.
1245 : */
1246 164 : return smbd_smb2_request_pending_queue(req, subreq, 0);
1247 : }
1248 :
1249 164 : static void smbd_smb2_request_logoff_done(struct tevent_req *subreq)
1250 : {
1251 6 : struct smbd_smb2_request *smb2req =
1252 164 : tevent_req_callback_data(subreq,
1253 : struct smbd_smb2_request);
1254 6 : DATA_BLOB outbody;
1255 6 : NTSTATUS status;
1256 6 : NTSTATUS error;
1257 :
1258 170 : status = smbd_smb2_logoff_recv(subreq);
1259 164 : TALLOC_FREE(subreq);
1260 164 : if (!NT_STATUS_IS_OK(status)) {
1261 0 : error = smbd_smb2_request_error(smb2req, status);
1262 0 : if (!NT_STATUS_IS_OK(error)) {
1263 0 : smbd_server_connection_terminate(smb2req->xconn,
1264 : nt_errstr(error));
1265 0 : return;
1266 : }
1267 0 : return;
1268 : }
1269 :
1270 164 : outbody = smbd_smb2_generate_outbody(smb2req, 0x04);
1271 164 : if (outbody.data == NULL) {
1272 0 : error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
1273 0 : if (!NT_STATUS_IS_OK(error)) {
1274 0 : smbd_server_connection_terminate(smb2req->xconn,
1275 : nt_errstr(error));
1276 0 : return;
1277 : }
1278 0 : return;
1279 : }
1280 :
1281 164 : SSVAL(outbody.data, 0x00, 0x04); /* struct size */
1282 164 : SSVAL(outbody.data, 0x02, 0); /* reserved */
1283 :
1284 164 : error = smbd_smb2_request_done(smb2req, outbody, NULL);
1285 164 : if (!NT_STATUS_IS_OK(error)) {
1286 0 : smbd_server_connection_terminate(smb2req->xconn,
1287 : nt_errstr(error));
1288 0 : return;
1289 : }
1290 : }
1291 :
1292 : struct smbd_smb2_logoff_state {
1293 : struct smbd_smb2_request *smb2req;
1294 : };
1295 :
1296 : static void smbd_smb2_logoff_shutdown_done(struct tevent_req *subreq);
1297 :
1298 164 : static struct tevent_req *smbd_smb2_logoff_send(TALLOC_CTX *mem_ctx,
1299 : struct tevent_context *ev,
1300 : struct smbd_smb2_request *smb2req)
1301 : {
1302 6 : struct tevent_req *req;
1303 6 : struct smbd_smb2_logoff_state *state;
1304 6 : struct tevent_req *subreq;
1305 :
1306 164 : req = tevent_req_create(mem_ctx, &state,
1307 : struct smbd_smb2_logoff_state);
1308 164 : if (req == NULL) {
1309 0 : return NULL;
1310 : }
1311 164 : state->smb2req = smb2req;
1312 :
1313 164 : subreq = smb2srv_session_shutdown_send(state, ev,
1314 : smb2req->session,
1315 : smb2req);
1316 164 : if (tevent_req_nomem(subreq, req)) {
1317 0 : return tevent_req_post(req, ev);
1318 : }
1319 164 : tevent_req_set_callback(subreq, smbd_smb2_logoff_shutdown_done, req);
1320 :
1321 164 : return req;
1322 : }
1323 :
1324 164 : static void smbd_smb2_logoff_shutdown_done(struct tevent_req *subreq)
1325 : {
1326 164 : struct tevent_req *req = tevent_req_callback_data(
1327 : subreq, struct tevent_req);
1328 164 : struct smbd_smb2_logoff_state *state = tevent_req_data(
1329 : req, struct smbd_smb2_logoff_state);
1330 6 : NTSTATUS status;
1331 6 : bool ok;
1332 164 : const struct GUID *client_guid =
1333 164 : &state->smb2req->session->client->global->client_guid;
1334 :
1335 164 : status = smb2srv_session_shutdown_recv(subreq);
1336 164 : if (tevent_req_nterror(req, status)) {
1337 0 : return;
1338 : }
1339 164 : TALLOC_FREE(subreq);
1340 :
1341 164 : if (!GUID_all_zero(client_guid)) {
1342 151 : ok = remote_arch_cache_delete(client_guid);
1343 151 : if (!ok) {
1344 : /* Most likely not an error, but not in cache */
1345 139 : DBG_DEBUG("Deletion from remote arch cache failed\n");
1346 : }
1347 : }
1348 :
1349 : /*
1350 : * As we've been awoken, we may have changed
1351 : * uid in the meantime. Ensure we're still
1352 : * root (SMB2_OP_LOGOFF has .as_root = true).
1353 : */
1354 164 : change_to_root_user();
1355 :
1356 164 : status = smbXsrv_session_logoff(state->smb2req->session);
1357 164 : if (tevent_req_nterror(req, status)) {
1358 0 : return;
1359 : }
1360 :
1361 : /*
1362 : * we may need to sign the response, so we need to keep
1363 : * the session until the response is sent to the wire.
1364 : */
1365 164 : talloc_steal(state->smb2req, state->smb2req->session);
1366 :
1367 164 : tevent_req_done(req);
1368 : }
1369 :
1370 164 : static NTSTATUS smbd_smb2_logoff_recv(struct tevent_req *req)
1371 : {
1372 164 : return tevent_req_simple_recv_ntstatus(req);
1373 : }
|
