From 910d61bcd1fbfc6fc406d4384f305f5210e92d56 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 18 Nov 2005 14:13:49 +0000 Subject: r11789: - add the start of a SMB2 server - it does Negprot and SessionSetup yet the rest returns NT_STATUS_NOT_IMPLEMENTED - it's off by default, enable with: smbsrv:enable smb2 = yes - negotition in the SMB Negprot isn't supported yet - it's only tested with smbtorture SMB2-CONNECT not with vista as client metze (This used to be commit 08b31d5f618d2e416cb9812ad3a49754cd7212b8) --- source4/smb_server/smb2/negprot.c | 177 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) create mode 100644 source4/smb_server/smb2/negprot.c (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c new file mode 100644 index 0000000000..630f38b159 --- /dev/null +++ b/source4/smb_server/smb2/negprot.c @@ -0,0 +1,177 @@ +/* + Unix SMB2 implementation. + + Copyright (C) Andrew Bartlett 2001-2005 + Copyright (C) Stefan Metzmacher 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "auth/auth.h" +#include "libcli/smb2/smb2.h" +#include "libcli/smb2/smb2_calls.h" +#include "smb_server/smb_server.h" +#include "smb_server/smb2/smb2_server.h" +#include "smbd/service_stream.h" + +static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *_blob) +{ + struct gensec_security *gensec_security; + DATA_BLOB null_data_blob = data_blob(NULL, 0); + DATA_BLOB blob; + NTSTATUS nt_status; + struct cli_credentials *server_credentials; + + nt_status = gensec_server_start(req, &gensec_security, + req->smb_conn->connection->event.ctx); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n"); + return nt_status; + } + + server_credentials = cli_credentials_init(req); + if (!server_credentials) { + smbsrv_terminate_connection(req->smb_conn, "Failed to init server credentials\n"); + return NT_STATUS_NO_MEMORY; + } + + cli_credentials_set_conf(server_credentials); + nt_status = cli_credentials_set_machine_account(server_credentials); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); + talloc_free(server_credentials); + server_credentials = NULL; + } + + req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials); + + gensec_set_target_service(gensec_security, "cifs"); + + gensec_set_credentials(gensec_security, server_credentials); + + nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n"); + return nt_status; + } + + nt_status = gensec_update(gensec_security, req, null_data_blob, &blob); + if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n"); + return nt_status; + } + + *_blob = blob; + return NT_STATUS_OK; +} + +static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io) +{ + NTSTATUS status; + struct timeval current_time; + struct timeval boot_time; + + current_time = timeval_current(); /* TODO: handle timezone?! */ + boot_time = timeval_current(); /* TODO: fix me */ + + io->out._pad = 0; + io->out.unknown2 = 0x06; + ZERO_STRUCT(io->out.sessid); + io->out.unknown3 = 0x0d; + io->out.unknown4 = 0x00; + io->out.unknown5 = 0x01; + io->out.unknown6 = 0x01; + io->out.unknown7 = 0x01; + io->out.current_time = timeval_to_nttime(¤t_time); + io->out.boot_time = timeval_to_nttime(&boot_time); + status = smb2srv_negprot_secblob(req, &io->out.secblob); + NT_STATUS_NOT_OK_RETURN(status); + io->out.unknown9 = 0x204d4c20; + + return NT_STATUS_OK; +} + +static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negprot *io) +{ + NTSTATUS status; + + if (NT_STATUS_IS_ERR(req->status)) { + smb2srv_send_error(req, req->status); /* TODO: is this correct? */ + return; + } + + status = smb2srv_setup_reply(req, 0x40, io->out.secblob.length); + if (!NT_STATUS_IS_OK(status)) { + smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); + talloc_free(req); + return; + } + + SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(req->status)); + + SSVAL(req->out.body, 0x02, io->out._pad); + SIVAL(req->out.body, 0x04, io->out.unknown2); + memcpy(req->out.body+0x08, io->out.sessid, 16); + SIVAL(req->out.body, 0x18, io->out.unknown3); + SSVAL(req->out.body, 0x1C, io->out.unknown4); + SIVAL(req->out.body, 0x1E, io->out.unknown5); + SIVAL(req->out.body, 0x22, io->out.unknown6); + SSVAL(req->out.body, 0x26, io->out.unknown7); + push_nttime(req->out.body, 0x28, io->out.current_time); + push_nttime(req->out.body, 0x30, io->out.boot_time); + status = smb2_push_o16s16_blob(&req->out, 0x38, io->out.secblob); + if (!NT_STATUS_IS_OK(status)) { + smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); + talloc_free(req); + return; + } + + SIVAL(req->out.body, 0x3C, io->out.unknown9); + + smb2srv_send_reply(req); +} + +void smb2srv_negprot_recv(struct smb2srv_request *req) +{ + struct smb2_negprot *io; + + if (req->in.body_size < 0x26) { + smb2srv_send_error(req, NT_STATUS_FOOBAR); + return; + } + + io = talloc(req, struct smb2_negprot); + if (!io) { + smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY)); + talloc_free(req); + return; + } + + io->in.unknown1 = SVAL(req->in.body, 0x02); + memcpy(io->in.unknown2, req->in.body + 0x04, 0x20); + io->in.unknown3 = SVAL(req->in.body, 0x24); + + req->status = smb2srv_negprot_backend(req, io); + + if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) { + talloc_free(req); + return; + } + smb2srv_negprot_send(req, io); +} -- cgit From 2634f22bfcd5172ae20e9fa0d236aee91c43c1ae Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 6 Dec 2005 13:26:24 +0000 Subject: r12092: - add dummy functions for the missing SMB2 opcodes - implement keepalive and logoff metze (This used to be commit 859ab627f45a5acca1deb66b8abdc38eaf49e5a2) --- source4/smb_server/smb2/negprot.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 630f38b159..71e86ad805 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -123,8 +123,6 @@ static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negpro return; } - SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(req->status)); - SSVAL(req->out.body, 0x02, io->out._pad); SIVAL(req->out.body, 0x04, io->out.unknown2); memcpy(req->out.body+0x08, io->out.sessid, 16); -- cgit From d8503c6ba120172e9aae737c5510e547e8dea4a5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Mar 2006 14:19:11 +0000 Subject: r13860: - add support for SMB2 ("SMB 2.001") negotiation in SMB negprot requests - the default max protocol is still NT1 metze (This used to be commit d1bae931b327dda28e648efc473e0462cf036f7c) --- source4/smb_server/smb2/negprot.c | 53 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 71e86ad805..6aab25427f 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -173,3 +173,56 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) } smb2srv_negprot_send(req, io); } + +/* + * reply to a SMB negprot request with dialect "SMB 2.001" + */ +void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) +{ + struct smb2srv_request *req; + uint32_t body_fixed_size = 0x26; + + /* create a fake SMB2 negprot request */ + req = talloc_zero(smb_req->smb_conn, struct smb2srv_request); + if (!req) goto nomem; + req->smb_conn = smb_req->smb_conn; + req->request_time = smb_req->request_time; + talloc_steal(req, smb_req); + + req->in.size = NBT_HDR_SIZE+SMB2_HDR_BODY+body_fixed_size; + req->in.allocated = req->in.size; + req->in.buffer = talloc_size(req, req->in.allocated); + if (!req->in.buffer) goto nomem; + req->in.hdr = req->in.buffer + NBT_HDR_SIZE; + req->in.body = req->in.hdr + SMB2_HDR_BODY; + req->in.body_size = body_fixed_size; + req->in.dynamic = NULL; + + SIVAL(req->in.hdr, 0, SMB2_MAGIC); + SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); + SSVAL(req->in.hdr, SMB2_HDR_PAD1, 0); + SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0); + SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT); + SSVAL(req->in.hdr, SMB2_HDR_PAD2, 0); + SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0); + SIVAL(req->in.hdr, SMB2_HDR_UNKNOWN, 0); + SBVAL(req->in.hdr, SMB2_HDR_SEQNUM, 0); + SIVAL(req->in.hdr, SMB2_HDR_PID, 0); + SIVAL(req->in.hdr, SMB2_HDR_TID, 0); + SBVAL(req->in.hdr, SMB2_HDR_UID, 0); + memset(req->in.hdr+SMB2_HDR_SIG, 0, 16); + + /* this seems to be a bug, they use 0x24 but the length is 0x26 */ + SSVAL(req->in.body, 0x00, 0x24); + + SSVAL(req->in.body, 0x02, 1); + memset(req->in.body+0x04, 0, 32); + SSVAL(req->in.body, 0x24, 0); + + smb2srv_negprot_recv(req); + return; +nomem: + smbsrv_terminate_connection(smb_req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY)); + talloc_free(req); + return; +} -- cgit From bc141c795767cc765731c607f1fb047811da6e03 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Apr 2006 01:55:17 +0000 Subject: r15304: Fix smbd build, more updates on getting --enable-dso to build again (This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944) --- source4/smb_server/smb2/negprot.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 6aab25427f..351c9e718f 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -24,6 +24,7 @@ #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" #include "smb_server/smb_server.h" +#include "smb_server/service_smb_proto.h" #include "smb_server/smb2/smb2_server.h" #include "smbd/service_stream.h" -- cgit From dc86ab3e454d7219608d01879145dec5609acaa3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 11 May 2006 10:47:37 +0000 Subject: r15532: add a BOOL body_dynamic_present, because the body_dynamic_size can be 0 also if the dynamic flag should be set metze (This used to be commit 7829100e1ee79f4f5d24004af221288e19c09b3e) --- source4/smb_server/smb2/negprot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 351c9e718f..6d180eb1d6 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -117,7 +117,7 @@ static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negpro return; } - status = smb2srv_setup_reply(req, 0x40, io->out.secblob.length); + status = smb2srv_setup_reply(req, 0x40, True, io->out.secblob.length); if (!NT_STATUS_IS_OK(status)) { smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); talloc_free(req); -- cgit From 6acd9aed93b09b74e53a3b854085c6c8fab41819 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 1 Jul 2006 14:14:11 +0000 Subject: r16734: the 2 bytes after the opcode and before the flags, is no padding... the following patch is needed for vista beta2 to connect to samba4 metze (This used to be commit 58baae8fc463cd2c4e4ce532c153ad80313b03eb) --- source4/smb_server/smb2/negprot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 6d180eb1d6..66ba902746 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -204,9 +204,9 @@ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) SSVAL(req->in.hdr, SMB2_HDR_PAD1, 0); SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0); SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT); - SSVAL(req->in.hdr, SMB2_HDR_PAD2, 0); + SSVAL(req->in.hdr, SMB2_HDR_UNKNOWN1,0); SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0); - SIVAL(req->in.hdr, SMB2_HDR_UNKNOWN, 0); + SIVAL(req->in.hdr, SMB2_HDR_UNKNOWN2,0); SBVAL(req->in.hdr, SMB2_HDR_SEQNUM, 0); SIVAL(req->in.hdr, SMB2_HDR_PID, 0); SIVAL(req->in.hdr, SMB2_HDR_TID, 0); -- cgit From 669e5d0fab89cc6c64010d321223c3948cd676f8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Jul 2006 14:31:11 +0000 Subject: r17009: set the protocol version correct metze (This used to be commit 24ec382560de356704bcbf6cd1ee52182231e970) --- source4/smb_server/smb2/negprot.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 66ba902746..957bb9204a 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -88,6 +88,8 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 struct timeval current_time; struct timeval boot_time; + req->smb_conn->negotiate.protocol = PROTOCOL_SMB2; + current_time = timeval_current(); /* TODO: handle timezone?! */ boot_time = timeval_current(); /* TODO: fix me */ -- cgit From 7a845bcb0141a895d5685afcef1ffe7f93428d0f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 31 Jul 2006 14:05:08 +0000 Subject: r17341: pass a messaging context to auth_context_create() and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710) --- source4/smb_server/smb2/negprot.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 957bb9204a..8e3f6156ea 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -36,8 +36,10 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * NTSTATUS nt_status; struct cli_credentials *server_credentials; - nt_status = gensec_server_start(req, &gensec_security, - req->smb_conn->connection->event.ctx); + nt_status = gensec_server_start(req, + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status))); smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n"); -- cgit From 13dbee3ffea6065a826f010e50c9b4eb2c6ad109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:48:36 +0000 Subject: r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) --- source4/smb_server/smb2/negprot.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 8e3f6156ea..fe65917275 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -20,7 +20,8 @@ */ #include "includes.h" -#include "auth/auth.h" +#include "auth/credentials/credentials.h" +#include "auth/gensec/gensec.h" #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" #include "smb_server/smb_server.h" -- cgit From bf62b6642c77e14142cdb724dc99dd3f8bfd89ac Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 14 May 2007 18:02:49 +0000 Subject: r22866: handle incoming chained smb2 requests in our server code to let the windows explorer in longhorn beta3 work. metze (This used to be commit 2390c9f24daccec917608cac0870890cdc73cb1c) --- source4/smb_server/smb2/negprot.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index fe65917275..c666b3d761 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -204,18 +204,18 @@ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) req->in.body_size = body_fixed_size; req->in.dynamic = NULL; - SIVAL(req->in.hdr, 0, SMB2_MAGIC); - SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); - SSVAL(req->in.hdr, SMB2_HDR_PAD1, 0); - SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0); - SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT); - SSVAL(req->in.hdr, SMB2_HDR_UNKNOWN1,0); - SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0); - SIVAL(req->in.hdr, SMB2_HDR_UNKNOWN2,0); - SBVAL(req->in.hdr, SMB2_HDR_SEQNUM, 0); - SIVAL(req->in.hdr, SMB2_HDR_PID, 0); - SIVAL(req->in.hdr, SMB2_HDR_TID, 0); - SBVAL(req->in.hdr, SMB2_HDR_UID, 0); + SIVAL(req->in.hdr, 0, SMB2_MAGIC); + SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); + SSVAL(req->in.hdr, SMB2_HDR_PAD1, 0); + SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0); + SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT); + SSVAL(req->in.hdr, SMB2_HDR_UNKNOWN1, 0); + SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0); + SIVAL(req->in.hdr, SMB2_HDR_CHAIN_OFFSET, 0); + SBVAL(req->in.hdr, SMB2_HDR_SEQNUM, 0); + SIVAL(req->in.hdr, SMB2_HDR_PID, 0); + SIVAL(req->in.hdr, SMB2_HDR_TID, 0); + SBVAL(req->in.hdr, SMB2_HDR_UID, 0); memset(req->in.hdr+SMB2_HDR_SIG, 0, 16); /* this seems to be a bug, they use 0x24 but the length is 0x26 */ -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/smb_server/smb2/negprot.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index c666b3d761..2aca91adf8 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 98b57d5eb61094a9c88e2f7d90d3e21b7e74e9d8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 16:46:30 +0000 Subject: r25035: Fix some more warnings, use service pointer rather than service number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f) --- source4/smb_server/smb2/negprot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 2aca91adf8..8aa652e27e 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -196,7 +196,7 @@ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) req->in.size = NBT_HDR_SIZE+SMB2_HDR_BODY+body_fixed_size; req->in.allocated = req->in.size; - req->in.buffer = talloc_size(req, req->in.allocated); + req->in.buffer = talloc_array(req, uint8_t, req->in.allocated); if (!req->in.buffer) goto nomem; req->in.hdr = req->in.buffer + NBT_HDR_SIZE; req->in.body = req->in.hdr + SMB2_HDR_BODY; -- cgit From 37d53832a4623653f706e77985a79d84bd7c6694 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Sep 2007 01:17:46 +0000 Subject: r25398: Parse loadparm context to all lp_*() functions. (This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238) --- source4/smb_server/smb2/negprot.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 8aa652e27e..3035f77396 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -27,6 +27,7 @@ #include "smb_server/service_smb_proto.h" #include "smb_server/smb2/smb2_server.h" #include "smbd/service_stream.h" +#include "param/param.h" static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *_blob) { @@ -52,7 +53,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * return NT_STATUS_NO_MEMORY; } - cli_credentials_set_conf(server_credentials); + cli_credentials_set_conf(server_credentials, global_loadparm); nt_status = cli_credentials_set_machine_account(server_credentials); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); -- cgit From 0c56f8dac31c51a42dedf2a1da9fd76896855b19 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:10:49 +0000 Subject: r25551: Convert to standard bool type. (This used to be commit c9651e2c5c078edee7b91085e936a93625c8d708) --- source4/smb_server/smb2/negprot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 3035f77396..78c17aa03e 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -122,7 +122,7 @@ static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negpro return; } - status = smb2srv_setup_reply(req, 0x40, True, io->out.secblob.length); + status = smb2srv_setup_reply(req, 0x40, true, io->out.secblob.length); if (!NT_STATUS_IS_OK(status)) { smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); talloc_free(req); -- cgit From ecea5ce24553989103d4a06296b24f4d29f30a36 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 17:41:50 +0100 Subject: r26260: Store loadparm context in gensec context. (This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081) --- source4/smb_server/smb2/negprot.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 78c17aa03e..30160c9d5d 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -39,6 +39,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * nt_status = gensec_server_start(req, req->smb_conn->connection->event.ctx, + global_loadparm, req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { -- cgit From b83a7a135f3247f553cb04173646b2d871b97235 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 21:25:17 +0100 Subject: r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730) --- source4/smb_server/smb2/negprot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 30160c9d5d..664079812a 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -39,7 +39,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * nt_status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - global_loadparm, + req->smb_conn->lp_ctx, req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { @@ -54,7 +54,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * return NT_STATUS_NO_MEMORY; } - cli_credentials_set_conf(server_credentials, global_loadparm); + cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx); nt_status = cli_credentials_set_machine_account(server_credentials); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); -- cgit From a2cea02584256e2cf59da5420e8e080e70c66939 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 13 Dec 2007 22:46:17 +0100 Subject: r26430: require explicit specification of loadparm context. (This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6) --- source4/smb_server/smb2/negprot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 664079812a..8e3cfd3547 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -55,7 +55,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * } cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx); - nt_status = cli_credentials_set_machine_account(server_credentials); + nt_status = cli_credentials_set_machine_account(server_credentials, req->smb_conn->lp_ctx); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); talloc_free(server_credentials); -- cgit From ccc27e681cbd6283513b929d58f2ebce35e6658b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Feb 2008 12:54:44 +1100 Subject: fixed up the .in side of SMB2 negprot fixed the input side of the SMB2 negprot structure and parsers according to the documentation (This used to be commit 55af8acc7b32c24e4b1187e9d8d1c8f060e914b0) --- source4/smb_server/smb2/negprot.c | 40 ++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 8e3cfd3547..68509d71c6 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "libcli/raw/libcliraw.h" #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" #include "smb_server/smb_server.h" @@ -92,6 +93,12 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 struct timeval current_time; struct timeval boot_time; + /* we only do dialect 0 for now */ + if (io->in.dialect_count < 1 || + io->in.dialects[0] != 0) { + return NT_STATUS_NOT_SUPPORTED; + } + req->smb_conn->negotiate.protocol = PROTOCOL_SMB2; current_time = timeval_current(); /* TODO: handle timezone?! */ @@ -155,6 +162,9 @@ static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negpro void smb2srv_negprot_recv(struct smb2srv_request *req) { struct smb2_negprot *io; + int i; + DATA_BLOB guid_blob; + enum ndr_err_code ndr_err; if (req->in.body_size < 0x26) { smb2srv_send_error(req, NT_STATUS_FOOBAR); @@ -168,9 +178,30 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) return; } - io->in.unknown1 = SVAL(req->in.body, 0x02); - memcpy(io->in.unknown2, req->in.body + 0x04, 0x20); - io->in.unknown3 = SVAL(req->in.body, 0x24); + io->in.dialect_count = SVAL(req->in.body, 0x02); + io->in.security_mode = SVAL(req->in.body, 0x04); + io->in.reserved = SVAL(req->in.body, 0x06); + io->in.capabilities = IVAL(req->in.body, 0x08); + guid_blob.data = req->in.body + 0xC; + guid_blob.length = 16; + ndr_err = ndr_pull_struct_blob(&guid_blob, req, NULL, &io->in.client_guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_FOOBAR)); + talloc_free(req); + return; + } + io->in.start_time = smbcli_pull_nttime(req->in.body, 0x1C); + + io->in.dialects = talloc_array(req, uint16_t, io->in.dialect_count); + if (io->in.dialects == NULL) { + smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY)); + talloc_free(req); + return; + } + for (i=0;iin.dialect_count;i++) { + io->in.dialects[i] = SVAL(req->in.body, 0x24+i*2); + } req->status = smb2srv_negprot_backend(req, io); @@ -182,14 +213,13 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) } /* - * reply to a SMB negprot request with dialect "SMB 2.001" + * reply to a SMB negprot request with dialect "SMB 2.002" */ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) { struct smb2srv_request *req; uint32_t body_fixed_size = 0x26; - /* create a fake SMB2 negprot request */ req = talloc_zero(smb_req->smb_conn, struct smb2srv_request); if (!req) goto nomem; req->smb_conn = smb_req->smb_conn; -- cgit From 8fdb9504dcfc98080c5c2b5ce134b51ab631fa95 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Feb 2008 16:20:13 +1100 Subject: converted the out side of SMB2 negprot handling This follows the SMB2 PFIF docs. Current versions of Vista can now connect to Samba4 as a SMB2 server and do basic operations (This used to be commit 9dc284770df9393a1a619735dc7a148713936fa7) --- source4/smb_server/smb2/negprot.c | 59 ++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 29 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 68509d71c6..043534d777 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -96,7 +96,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 /* we only do dialect 0 for now */ if (io->in.dialect_count < 1 || io->in.dialects[0] != 0) { - return NT_STATUS_NOT_SUPPORTED; + DEBUG(0,("Got unexpected SMB2 dialect %u\n", io->in.dialects[0])); } req->smb_conn->negotiate.protocol = PROTOCOL_SMB2; @@ -104,19 +104,19 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 current_time = timeval_current(); /* TODO: handle timezone?! */ boot_time = timeval_current(); /* TODO: fix me */ - io->out._pad = 0; - io->out.unknown2 = 0x06; - ZERO_STRUCT(io->out.sessid); - io->out.unknown3 = 0x0d; - io->out.unknown4 = 0x00; - io->out.unknown5 = 0x01; - io->out.unknown6 = 0x01; - io->out.unknown7 = 0x01; - io->out.current_time = timeval_to_nttime(¤t_time); - io->out.boot_time = timeval_to_nttime(&boot_time); + ZERO_STRUCT(io->out); + io->out.security_mode = 0; /* no signing yet */ + /* choose the first dialect offered for now */ + io->out.dialect_revision = io->in.dialects[0]; + io->out.capabilities = 0; + io->out.max_transact_size = 0x10000; + io->out.max_read_size = 0x10000; + io->out.max_write_size = 0x10000; + io->out.system_time = timeval_to_nttime(¤t_time); + io->out.server_start_time = timeval_to_nttime(&boot_time); + io->out.reserved2 = 0; status = smb2srv_negprot_secblob(req, &io->out.secblob); NT_STATUS_NOT_OK_RETURN(status); - io->out.unknown9 = 0x204d4c20; return NT_STATUS_OK; } @@ -124,6 +124,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negprot *io) { NTSTATUS status; + enum ndr_err_code ndr_err; if (NT_STATUS_IS_ERR(req->status)) { smb2srv_send_error(req, req->status); /* TODO: is this correct? */ @@ -137,16 +138,22 @@ static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negpro return; } - SSVAL(req->out.body, 0x02, io->out._pad); - SIVAL(req->out.body, 0x04, io->out.unknown2); - memcpy(req->out.body+0x08, io->out.sessid, 16); - SIVAL(req->out.body, 0x18, io->out.unknown3); - SSVAL(req->out.body, 0x1C, io->out.unknown4); - SIVAL(req->out.body, 0x1E, io->out.unknown5); - SIVAL(req->out.body, 0x22, io->out.unknown6); - SSVAL(req->out.body, 0x26, io->out.unknown7); - push_nttime(req->out.body, 0x28, io->out.current_time); - push_nttime(req->out.body, 0x30, io->out.boot_time); + SSVAL(req->out.body, 0x02, io->out.security_mode); + SIVAL(req->out.body, 0x04, io->out.dialect_revision); + SIVAL(req->out.body, 0x06, io->out.reserved); + ndr_err = smbcli_push_guid(req->out.body, 0x08, &io->out.server_guid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); + talloc_free(req); + return; + } + SIVAL(req->out.body, 0x18, io->out.capabilities); + SIVAL(req->out.body, 0x1C, io->out.max_transact_size); + SIVAL(req->out.body, 0x20, io->out.max_read_size); + SIVAL(req->out.body, 0x24, io->out.max_write_size); + push_nttime(req->out.body, 0x28, io->out.system_time); + push_nttime(req->out.body, 0x30, io->out.server_start_time); + SIVAL(req->out.body, 0x3C, io->out.reserved2); status = smb2_push_o16s16_blob(&req->out, 0x38, io->out.secblob); if (!NT_STATUS_IS_OK(status)) { smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); @@ -154,8 +161,6 @@ static void smb2srv_negprot_send(struct smb2srv_request *req, struct smb2_negpro return; } - SIVAL(req->out.body, 0x3C, io->out.unknown9); - smb2srv_send_reply(req); } @@ -163,7 +168,6 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) { struct smb2_negprot *io; int i; - DATA_BLOB guid_blob; enum ndr_err_code ndr_err; if (req->in.body_size < 0x26) { @@ -182,10 +186,7 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) io->in.security_mode = SVAL(req->in.body, 0x04); io->in.reserved = SVAL(req->in.body, 0x06); io->in.capabilities = IVAL(req->in.body, 0x08); - guid_blob.data = req->in.body + 0xC; - guid_blob.length = 16; - ndr_err = ndr_pull_struct_blob(&guid_blob, req, NULL, &io->in.client_guid, - (ndr_pull_flags_fn_t)ndr_pull_GUID); + ndr_err = smbcli_pull_guid(req->in.body, 0xC, &io->in.client_guid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_FOOBAR)); talloc_free(req); -- cgit From a2505c5a2cc2b7b692ffbcdd8c6b86000a15d2c7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Feb 2008 17:00:35 +1100 Subject: updated SMB2 header defines to match WSPP docs (This used to be commit d2c6ad55eca27f50a38fc6e2a85032eddb3f0aae) --- source4/smb_server/smb2/negprot.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 043534d777..4f44147606 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -238,17 +238,17 @@ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) SIVAL(req->in.hdr, 0, SMB2_MAGIC); SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); - SSVAL(req->in.hdr, SMB2_HDR_PAD1, 0); + SSVAL(req->in.hdr, SMB2_HDR_EPOCH, 0); SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0); SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT); - SSVAL(req->in.hdr, SMB2_HDR_UNKNOWN1, 0); + SSVAL(req->in.hdr, SMB2_HDR_CREDIT, 0); SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0); - SIVAL(req->in.hdr, SMB2_HDR_CHAIN_OFFSET, 0); - SBVAL(req->in.hdr, SMB2_HDR_SEQNUM, 0); + SIVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND, 0); + SBVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID, 0); SIVAL(req->in.hdr, SMB2_HDR_PID, 0); SIVAL(req->in.hdr, SMB2_HDR_TID, 0); - SBVAL(req->in.hdr, SMB2_HDR_UID, 0); - memset(req->in.hdr+SMB2_HDR_SIG, 0, 16); + SBVAL(req->in.hdr, SMB2_HDR_SESSION_ID, 0); + memset(req->in.hdr+SMB2_HDR_SIGNATURE, 0, 16); /* this seems to be a bug, they use 0x24 but the length is 0x26 */ SSVAL(req->in.body, 0x00, 0x24); -- cgit From cd2b003abaaaed5054db6e266dbfccf7e1193932 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Feb 2008 20:29:31 +1100 Subject: fixed crash when 0 dialects (thanks metze!) (This used to be commit 252bcf207b8117f325075cbb7bd05063756ac283) --- source4/smb_server/smb2/negprot.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 4f44147606..7c295c05ab 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -94,8 +94,10 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 struct timeval boot_time; /* we only do dialect 0 for now */ - if (io->in.dialect_count < 1 || - io->in.dialects[0] != 0) { + if (io->in.dialect_count < 1) { + return NT_STATUS_NOT_SUPPORTED; + } + if (io->in.dialects[0] != 0) { DEBUG(0,("Got unexpected SMB2 dialect %u\n", io->in.dialects[0])); } -- cgit From e870cfec9f3512b0f1bd3110d7b975652525e28a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Feb 2008 10:12:33 +1100 Subject: Convert SMB and SMB2 code to use a common buffer handling structure This converts our SMB and SMB2 code to use a common structure "struct request_bufinfo" for information on the buffer bounds of a packet, alignment information and string handling. This allows us to use a common backend for SMB and SMB2 code, while still using all the same string and blob handling functions. Up to now we had been passing a NULL req handle into these common routines from the SMB2 side of the server, which meant that we failed any operation which did a bounds checked string extraction (such as a RenameInformation setinfo call, which is what Vista uses for renaming files) There is still some more work to be done on this - for example we can now remove many of the SMB2 specific buffer handling functions that we had, and use the SMB ones. (This used to be commit ca6d9be6cb6a403a81b18fa6e9a6a0518d7f0f68) --- source4/smb_server/smb2/negprot.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 7c295c05ab..578eadbe8f 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -238,6 +238,8 @@ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) req->in.body_size = body_fixed_size; req->in.dynamic = NULL; + smb2srv_setup_bufinfo(req); + SIVAL(req->in.hdr, 0, SMB2_MAGIC); SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); SSVAL(req->in.hdr, SMB2_HDR_EPOCH, 0); -- cgit From b640f475be9b0f83e7812a5c7756344c5891cba3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Feb 2008 17:11:36 +1100 Subject: updated SMB2 code for getinfo according to WSPP docs - Updated getinfo structures and field names - also updated the protocol revision number handling to reflect new docs (This used to be commit 3aaa2e86d94675c6c68d66d75292c3e34bfbc81b) --- source4/smb_server/smb2/negprot.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 578eadbe8f..5bbd7f7d5e 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -93,12 +93,14 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 struct timeval current_time; struct timeval boot_time; - /* we only do dialect 0 for now */ + /* we only do one dialect for now */ if (io->in.dialect_count < 1) { return NT_STATUS_NOT_SUPPORTED; } - if (io->in.dialects[0] != 0) { + if (io->in.dialects[0] != 0 && + io->in.dialects[0] != SMB2_DIALECT_REVISION) { DEBUG(0,("Got unexpected SMB2 dialect %u\n", io->in.dialects[0])); + return NT_STATUS_NOT_SUPPORTED; } req->smb_conn->negotiate.protocol = PROTOCOL_SMB2; @@ -108,8 +110,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 ZERO_STRUCT(io->out); io->out.security_mode = 0; /* no signing yet */ - /* choose the first dialect offered for now */ - io->out.dialect_revision = io->in.dialects[0]; + io->out.dialect_revision = SMB2_DIALECT_REVISION; io->out.capabilities = 0; io->out.max_transact_size = 0x10000; io->out.max_read_size = 0x10000; -- cgit From afe3e8172ddaa5e4aa811faceecda4f943d6e2ef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 04:53:27 +0200 Subject: Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) --- source4/smb_server/smb2/negprot.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 5bbd7f7d5e..e7352f7c42 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -22,6 +22,7 @@ #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" #include "libcli/raw/libcliraw.h" +#include "libcli/raw/raw_proto.h" #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" #include "smb_server/smb_server.h" @@ -29,6 +30,7 @@ #include "smb_server/smb2/smb2_server.h" #include "smbd/service_stream.h" #include "param/param.h" +#include "librpc/ndr/libndr.h" static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *_blob) { -- cgit From 769ebe91711330d5b75f9632c2b1d1847dd32a15 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 17 Apr 2008 09:37:29 +0200 Subject: make smb2 read and write size configurable (This used to be commit 2090e75e0c28f8d2aada305059bdb455f42ed0d5) --- source4/smb_server/smb2/negprot.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index e7352f7c42..4479ae2da1 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -114,9 +114,12 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 io->out.security_mode = 0; /* no signing yet */ io->out.dialect_revision = SMB2_DIALECT_REVISION; io->out.capabilities = 0; - io->out.max_transact_size = 0x10000; - io->out.max_read_size = 0x10000; - io->out.max_write_size = 0x10000; + io->out.max_transact_size = lp_parm_ulong(req->smb_conn->lp_ctx, NULL, + "smb2", "max transaction size", 0x10000); + io->out.max_read_size = lp_parm_ulong(req->smb_conn->lp_ctx, NULL, + "smb2", "max read size", 0x10000); + io->out.max_write_size = lp_parm_ulong(req->smb_conn->lp_ctx, NULL, + "smb2", "max write size", 0x10000); io->out.system_time = timeval_to_nttime(¤t_time); io->out.server_start_time = timeval_to_nttime(&boot_time); io->out.reserved2 = 0; -- cgit From e97cf207fac5e4101376d2a10dd95a93a9a1e0fb Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 6 Jun 2008 22:10:30 -0700 Subject: added server side SMB2 signing (This used to be commit 8e919dcb0826a5b25d037ee6144af5f7cb21f3ae) --- source4/smb_server/smb2/negprot.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 4479ae2da1..2da39001ab 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -111,7 +111,18 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 boot_time = timeval_current(); /* TODO: fix me */ ZERO_STRUCT(io->out); - io->out.security_mode = 0; /* no signing yet */ + switch (lp_server_signing(req->smb_conn->lp_ctx)) { + case SMB_SIGNING_OFF: + io->out.security_mode = 0; + break; + case SMB_SIGNING_SUPPORTED: + case SMB_SIGNING_AUTO: + io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; + break; + case SMB_SIGNING_REQUIRED: + io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED; + break; + } io->out.dialect_revision = SMB2_DIALECT_REVISION; io->out.capabilities = 0; io->out.max_transact_size = lp_parm_ulong(req->smb_conn->lp_ctx, NULL, -- cgit From e4ad580b99c5b372353c285569204ab94c177748 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 7 Jun 2008 08:14:25 -0700 Subject: fixed mandatory signing Metze pointed out that if signing is mandatory in the server then we need to reject packets without the signed flag if the packet contains a session id. (This used to be commit 056f16e664e581bab1c07759e99ad4f6685c58eb) --- source4/smb_server/smb2/negprot.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 2da39001ab..3e6e2e1a43 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -121,6 +121,8 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 break; case SMB_SIGNING_REQUIRED: io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED; + /* force signing on immediately */ + req->smb_conn->doing_signing = true; break; } io->out.dialect_revision = SMB2_DIALECT_REVISION; -- cgit From 8623e2cc4ca3b7fefcdc943c1da8a89b805f5d29 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 9 Jun 2008 21:45:19 +0200 Subject: smb2srv: correctly hold the signing state per session metze (This used to be commit 5b3ba3f3556e8031133128853cd2324ee3852aa1) --- source4/smb_server/smb2/negprot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb2/negprot.c') diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 3e6e2e1a43..d64b36d659 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -122,7 +122,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 case SMB_SIGNING_REQUIRED: io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED; /* force signing on immediately */ - req->smb_conn->doing_signing = true; + req->smb_conn->smb2_signing_required = true; break; } io->out.dialect_revision = SMB2_DIALECT_REVISION; -- cgit