2012-03-03 04:23:44 +04:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
1996-08-15 19:11:34 +04:00
Pipe SMB reply routines
1998-01-22 16:27:43 +03:00
Copyright ( C ) Andrew Tridgell 1992 - 1998
Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1998
Copyright ( C ) Paul Ashton 1997 - 1998.
2005-07-08 08:51:27 +04:00
Copyright ( C ) Jeremy Allison 2005.
2012-03-03 04:23:44 +04:00
1996-08-15 19:11:34 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
1996-08-15 19:11:34 +04:00
( at your option ) any later version .
2012-03-03 04:23:44 +04:00
1996-08-15 19:11:34 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2012-03-03 04:23:44 +04:00
1996-08-15 19:11:34 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
1996-08-15 19:11:34 +04:00
*/
/*
This file handles reply_ calls on named pipes that the server
makes to handle specific protocols
*/
# include "includes.h"
2011-03-22 18:57:01 +03:00
# include "smbd/smbd.h"
2010-04-27 17:12:32 +04:00
# include "smbd/globals.h"
2010-10-12 08:27:50 +04:00
# include "libcli/security/security.h"
2011-04-30 01:32:28 +04:00
# include "rpc_server/srv_pipe_hnd.h"
2020-02-07 18:48:29 +03:00
# include "auth/auth_util.h"
2020-08-28 17:31:17 +03:00
# include "librpc/rpc/dcerpc_helper.h"
1996-08-15 19:11:34 +04:00
2009-01-20 17:21:04 +03:00
NTSTATUS open_np_file ( struct smb_request * smb_req , const char * name ,
struct files_struct * * pfsp )
{
2020-02-07 18:48:29 +03:00
struct smbXsrv_connection * xconn = smb_req - > xconn ;
2009-01-20 17:21:04 +03:00
struct connection_struct * conn = smb_req - > conn ;
struct files_struct * fsp ;
2009-07-11 01:50:37 +04:00
struct smb_filename * smb_fname = NULL ;
2020-02-07 18:48:29 +03:00
struct auth_session_info * session_info = conn - > session_info ;
2009-01-20 17:21:04 +03:00
NTSTATUS status ;
status = file_new ( smb_req , conn , & fsp ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " file_new failed: %s \n " , nt_errstr ( status ) ) ) ;
return status ;
}
fsp - > conn = conn ;
2020-09-26 22:46:51 +03:00
fsp_set_fd ( fsp , - 1 ) ;
2009-01-20 17:21:04 +03:00
fsp - > vuid = smb_req - > vuid ;
2020-04-02 18:09:36 +03:00
fsp - > fsp_flags . can_lock = false ;
2009-01-20 17:21:04 +03:00
fsp - > access_mask = FILE_READ_DATA | FILE_WRITE_DATA ;
2009-07-11 01:50:37 +04:00
2020-05-03 16:08:20 +03:00
smb_fname = synthetic_smb_fname ( talloc_tos ( ) ,
name ,
NULL ,
NULL ,
2020-04-30 12:48:32 +03:00
0 ,
2020-05-03 16:08:20 +03:00
0 ) ;
2013-04-15 13:00:14 +04:00
if ( smb_fname = = NULL ) {
2009-07-11 01:50:37 +04:00
file_free ( smb_req , fsp ) ;
2013-04-15 13:00:14 +04:00
return NT_STATUS_NO_MEMORY ;
2009-07-11 01:50:37 +04:00
}
status = fsp_set_smb_fname ( fsp , smb_fname ) ;
TALLOC_FREE ( smb_fname ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
file_free ( smb_req , fsp ) ;
return status ;
}
2009-01-20 17:21:04 +03:00
2020-02-07 18:48:29 +03:00
if ( smb_req - > smb2req ! = NULL & & smb_req - > smb2req - > was_encrypted ) {
struct security_token * security_token = NULL ;
uint16_t dialect = xconn - > smb2 . server . dialect ;
2020-08-28 17:31:17 +03:00
uint16_t srv_smb_encrypt = DCERPC_SMB_ENCRYPTION_REQUIRED ;
2020-02-07 18:48:29 +03:00
uint16_t cipher = xconn - > smb2 . server . cipher ;
2021-10-08 12:34:23 +03:00
struct dom_sid smb3_sid = global_sid_Samba_SMB3 ;
2023-04-18 13:01:02 +03:00
size_t num_smb3_sids ;
2020-02-07 18:48:29 +03:00
bool ok ;
session_info = copy_session_info ( fsp , conn - > session_info ) ;
if ( session_info = = NULL ) {
DBG_ERR ( " Failed to copy session info \n " ) ;
file_free ( smb_req , fsp ) ;
return NT_STATUS_NO_MEMORY ;
}
security_token = session_info - > security_token ;
/*
* Security check :
*
* Make sure we don ' t have a SMB3 SID in the security token !
*/
2023-04-18 13:01:02 +03:00
num_smb3_sids = security_token_count_flag_sids ( security_token ,
& smb3_sid ,
3 ,
NULL ) ;
if ( num_smb3_sids ! = 0 ) {
DBG_ERR ( " ERROR: %zu SMB3 SIDs have already been "
" detected in the security token! \n " ,
num_smb3_sids ) ;
file_free ( smb_req , fsp ) ;
return NT_STATUS_ACCESS_DENIED ;
2020-02-07 18:48:29 +03:00
}
2021-08-17 21:37:04 +03:00
ok = sid_append_rid ( & smb3_sid , dialect ) ;
ok & = sid_append_rid ( & smb3_sid , srv_smb_encrypt ) ;
ok & = sid_append_rid ( & smb3_sid , cipher ) ;
2020-02-07 18:48:29 +03:00
if ( ! ok ) {
2021-08-17 21:37:04 +03:00
DBG_ERR ( " sid too small \n " ) ;
2020-02-07 18:48:29 +03:00
file_free ( smb_req , fsp ) ;
2021-08-17 21:37:04 +03:00
return NT_STATUS_BUFFER_TOO_SMALL ;
2020-02-07 18:48:29 +03:00
}
status = add_sid_to_array_unique ( security_token ,
& smb3_sid ,
& security_token - > sids ,
& security_token - > num_sids ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DBG_ERR ( " Failed to add SMB3 SID to security token \n " ) ;
file_free ( smb_req , fsp ) ;
return status ;
}
fsp - > fsp_flags . encryption_required = true ;
}
2010-04-27 17:12:32 +04:00
status = np_open ( fsp , name ,
conn - > sconn - > remote_address ,
2017-03-23 04:05:56 +03:00
conn - > sconn - > local_address ,
2020-02-07 18:48:29 +03:00
session_info ,
2018-12-27 17:18:55 +03:00
conn - > sconn - > ev_ctx ,
2010-08-08 11:11:45 +04:00
conn - > sconn - > msg_ctx ,
2019-02-27 23:36:22 +03:00
conn - > sconn - > dce_ctx ,
2010-08-08 11:11:45 +04:00
& fsp - > fake_file_handle ) ;
2009-01-20 17:21:04 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 10 , ( " np_open(%s) returned %s \n " , name ,
nt_errstr ( status ) ) ) ;
file_free ( smb_req , fsp ) ;
return status ;
}
* pfsp = fsp ;
return NT_STATUS_OK ;
}
