sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
9d09b66f41
samba-mirror/source3/smbd/smb2_sesssetup.c

838 lines
23 KiB
C
Raw Normal View History

s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
/*
Unix SMB/CIFS implementation.
Core SMB2 server
Copyright (C) Stefan Metzmacher 2009
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
Copyright (C) Jeremy Allison 2010
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
s3: include smbd/smbd.h where needed. Guenther
2011-03-22 18:57:01 +03:00
#include "smbd/smbd.h"
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
#include "smbd/globals.h"
libcli: move some common SMB and SMB2 stuff into libcli/smb/ This will hold code that's shared between source3 and source4. metze
2009-08-12 19:52:55 +04:00
#include "../libcli/smb/smb_common.h"
spnego: share spnego_parse. Guenther
2009-09-17 02:21:01 +04:00
#include "../libcli/auth/spnego.h"
ntlmssp: Make the ntlmssp.h from source3/ a common header The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-25 14:19:22 +04:00
#include "../libcli/auth/ntlmssp.h"
s3-auth: Move auth_ntlmssp wrappers in their own file Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19 21:36:33 +04:00
#include "ntlmssp_wrap.h"
s3-krb5: include krb5pac.h where needed. Guenther
2010-08-03 01:12:16 +04:00
#include "../librpc/gen_ndr/krb5pac.h"
s3: avoid global include of ads.h. Guenther
2010-07-02 02:32:52 +04:00
#include "libads/kerberos_proto.h"
s3-build: only include asn1 headers where actually needed. Guenther
2011-02-24 14:27:29 +03:00
#include "../lib/util/asn1.h"
s3-auth: smbd needs auth.h Guenther
2011-03-24 15:46:20 +03:00
#include "auth.h"
s3-smbd: Replace client_id in smbd session setup. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-16 18:03:03 +04:00
#include "../lib/tsocket/tsocket.h"
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
uint64_t in_session_id,
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
uint8_t in_security_mode,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
DATA_BLOB in_security_buffer,
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
uint16_t *out_session_flags,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
DATA_BLOB *out_security_buffer,
uint64_t *out_session_id);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
{
const uint8_t *inhdr;
const uint8_t *inbody;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
int i = smb2req->current_idx;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
size_t expected_body_size = 0x19;
size_t body_size;
uint64_t in_session_id;
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
uint8_t in_security_mode;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
uint16_t in_security_offset;
uint16_t in_security_length;
DATA_BLOB in_security_buffer;
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
uint16_t out_session_flags;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
uint64_t out_session_id;
uint16_t out_security_offset;
DATA_BLOB out_security_buffer;
NTSTATUS status;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
if (smb2req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
body_size = SVAL(inbody, 0x00);
if (body_size != expected_body_size) {
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
in_security_offset = SVAL(inbody, 0x0C);
in_security_length = SVAL(inbody, 0x0E);
if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
if (in_security_length > smb2req->in.vector[i+2].iov_len) {
return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
s3:smbd: SMB2 session ids are 64bit... We only grand ids up to 0x0000000000FFFFFF, because that's what our idtree implementation can handle. But also 16777215 sessions on one tcp connection should be enough:-) metze
2009-05-22 13:06:54 +04:00
in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
in_security_mode = CVAL(inbody, 0x03);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
in_security_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
in_security_buffer.length = in_security_length;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
status = smbd_smb2_session_setup(smb2req,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
in_session_id,
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
in_security_mode,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
in_security_buffer,
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
&out_session_flags,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
&out_security_buffer,
&out_session_id);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
status = nt_status_squash(status);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return smbd_smb2_request_error(smb2req, status);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
out_security_offset = SMB2_HDR_BODY + 0x08;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x08);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
if (outbody.data == NULL) {
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
SSVAL(outbody.data, 0x02,
out_session_flags); /* session flags */
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
SSVAL(outbody.data, 0x04,
out_security_offset); /* security buffer offset */
SSVAL(outbody.data, 0x06,
out_security_buffer.length); /* security buffer length */
outdyn = out_security_buffer;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return smbd_smb2_request_done_ex(smb2req, status, outbody, &outdyn,
s3:smbd: implement smbd_smb2_request_error/done() as macros on top of the _ex() function metze
2009-06-05 13:05:03 +04:00
__location__);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
static int smbd_smb2_session_destructor(struct smbd_smb2_session *session)
{
s3:smbd: rename conn => sconn for smbd_server_connection structs This should avoid confusion between smbd_server_connection and connection_struct variables. metze
2009-08-07 17:21:07 +04:00
if (session->sconn == NULL) {
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
return 0;
}
s3:smbd: implement SMB2 Tree Connect For now this only checks if the share is present or not. metze
2009-05-15 13:50:20 +04:00
/* first free all tcons */
while (session->tcons.list) {
talloc_free(session->tcons.list);
}
s3:smbd: rename conn => sconn for smbd_server_connection structs This should avoid confusion between smbd_server_connection and connection_struct variables. metze
2009-08-07 17:21:07 +04:00
idr_remove(session->sconn->smb2.sessions.idtree, session->vuid);
DLIST_REMOVE(session->sconn->smb2.sessions.list, session);
s3:smbd: correctly invalidate vuids when SMB2 is used metze
2009-08-11 20:08:26 +04:00
invalidate_vuid(session->sconn, session->vuid);
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
s3:smbd: implement SMB2 Logoff metze
2009-05-15 13:40:19 +04:00
session->vuid = 0;
session->status = NT_STATUS_USER_SESSION_DELETED;
s3:smbd: rename conn => sconn for smbd_server_connection structs This should avoid confusion between smbd_server_connection and connection_struct variables. metze
2009-08-07 17:21:07 +04:00
session->sconn = NULL;
s3:smbd: implement SMB2 Logoff metze
2009-05-15 13:40:19 +04:00
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
return 0;
}
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
static NTSTATUS setup_ntlmssp_session_info(struct smbd_smb2_session *session,
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
NTSTATUS status)
{
if (NT_STATUS_IS_OK(status)) {
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
status = auth_ntlmssp_steal_session_info(session,
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
session->auth_ntlmssp_state,
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
&session->session_info);
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
} else {
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
/* Note that this session_info won't have a session
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
* key. But for map to guest, that's exactly the right
* thing - we can't reasonably guess the key the
* client wants, as the password was wrong */
status = do_map_to_guest(status,
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
&session->session_info,
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
auth_ntlmssp_get_username(session->auth_ntlmssp_state),
auth_ntlmssp_get_domain(session->auth_ntlmssp_state));
}
return status;
}
s3 smb2: Fix the build without kerberos Jeremy, please check
2010-05-20 13:29:03 +04:00
#ifdef HAVE_KRB5
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
struct smbd_smb2_request *smb2req,
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
uint8_t in_security_mode,
const DATA_BLOB *secblob,
const char *mechOID,
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
uint16_t *out_session_flags,
DATA_BLOB *out_security_buffer,
uint64_t *out_session_id)
{
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
DATA_BLOB ap_rep = data_blob_null;
DATA_BLOB ap_rep_wrapped = data_blob_null;
DATA_BLOB ticket = data_blob_null;
DATA_BLOB session_key = data_blob_null;
DATA_BLOB secblob_out = data_blob_null;
uint8 tok_id[2];
struct PAC_LOGON_INFO *logon_info = NULL;
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
char *principal = NULL;
char *user = NULL;
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
char *domain = NULL;
struct passwd *pw = NULL;
NTSTATUS status;
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
char *real_username;
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
fstring tmp;
bool username_was_mapped = false;
bool map_domainuser_to_guest = false;
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
status = NT_STATUS_LOGON_FAILURE;
goto fail;
}
status = ads_verify_ticket(smb2req, lp_realm(), 0, &ticket,
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
&principal, &logon_info, &ap_rep,
&session_key, true);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("smb2: Failed to verify incoming ticket with error %s!\n",
nt_errstr(status)));
if (!NT_STATUS_EQUAL(status, NT_STATUS_TIME_DIFFERENCE_AT_DC)) {
status = NT_STATUS_LOGON_FAILURE;
}
goto fail;
}
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
status = get_user_from_kerberos_info(talloc_tos(),
s3-smbd: Replace client_id in smbd session setup. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-16 18:03:03 +04:00
session->sconn->remote_hostname,
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
principal, logon_info,
&username_was_mapped,
&map_domainuser_to_guest,
&user, &domain,
&real_username, &pw);
if (!NT_STATUS_IS_OK(status)) {
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
goto fail;
}
/* save the PAC data if we have it */
if (logon_info) {
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
netsamlogon_cache_store(user, &logon_info->info3);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
}
/* setup the string used by %U */
sub_set_smb_name(real_username);
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
/* reload services so that the new %U is taken into account */
s3: Lift smbd_server_fd from reload_services()
2010-08-15 18:13:00 +04:00
reload_services(smb2req->sconn->msg_ctx, smb2req->sconn->sock, true);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
s3-auth use create_local_token() to transform server_info -> session_info Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
2011-02-11 03:50:37 +03:00
status = make_session_info_krb5(session,
user, domain, real_username, pw,
logon_info, map_domainuser_to_guest,
username_was_mapped,
&session_key,
&session->session_info);
s3-smbd: use make_server_info_krb5() in smb2 too. Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 02:49:49 +04:00
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("smb2: make_server_info_krb5 failed\n"));
goto fail;
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
}
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == Required) {
session->do_signing = true;
}
s3-auth Use guest boolean in auth_user_info_unix Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 10:09:52 +04:00
if (session->session_info->unix_info->guest) {
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
}
s3-auth Rename user_session_key -> session_key to match auth_session_info
2011-02-14 03:35:21 +03:00
session->session_key = session->session_info->session_key;
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
session->compat_vuser = talloc_zero(session, user_struct);
if (session->compat_vuser == NULL) {
status = NT_STATUS_NO_MEMORY;
goto fail;
}
session->compat_vuser->auth_ntlmssp_state = NULL;
session->compat_vuser->homes_snum = -1;
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
session->compat_vuser->session_info = session->session_info;
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
session->compat_vuser->session_keystr = NULL;
session->compat_vuser->vuid = session->vuid;
DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser);
/* This is a potentially untrusted username */
s3-smbd: User helper function to resolve kerberos user for smb2 Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-27 01:59:17 +04:00
alpha_strcpy(tmp, user, ". _-$", sizeof(tmp));
s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 09:55:31 +04:00
session->session_info->unix_info->sanitized_username =
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
talloc_strdup(session->session_info, tmp);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
s3-auth Use guest boolean in auth_user_info_unix Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 10:09:52 +04:00
if (!session->session_info->unix_info->guest) {
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
session->compat_vuser->homes_snum =
s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 09:55:31 +04:00
register_homes_share(session->session_info->unix_info->unix_name);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
}
s3: Remove smbd_server_fd() from session_claim
2010-08-16 10:00:48 +04:00
if (!session_claim(session->sconn, session->compat_vuser)) {
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
DEBUG(1, ("smb2: Failed to claim session "
"for vuid=%d\n",
session->compat_vuser->vuid));
goto fail;
}
session->status = NT_STATUS_OK;
/*
* we attach the session to the request
* so that the response can be signed
*/
smb2req->session = session;
if (session->do_signing) {
smb2req->do_signing = true;
}
global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
status = NT_STATUS_OK;
/* wrap that up in a nice GSS-API wrapping */
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep,
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
TOK_ID_KRB_AP_REP);
secblob_out = spnego_gen_auth_response(
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
talloc_tos(),
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
&ap_rep_wrapped,
status,
mechOID);
*out_security_buffer = data_blob_talloc(smb2req,
secblob_out.data,
secblob_out.length);
if (secblob_out.data && out_security_buffer->data == NULL) {
status = NT_STATUS_NO_MEMORY;
goto fail;
}
data_blob_free(&ap_rep);
data_blob_free(&ap_rep_wrapped);
data_blob_free(&ticket);
data_blob_free(&session_key);
data_blob_free(&secblob_out);
*out_session_id = session->vuid;
return NT_STATUS_OK;
fail:
data_blob_free(&ap_rep);
data_blob_free(&ap_rep_wrapped);
data_blob_free(&ticket);
data_blob_free(&session_key);
data_blob_free(&secblob_out);
ap_rep_wrapped = data_blob_null;
secblob_out = spnego_gen_auth_response(
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
talloc_tos(),
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
&ap_rep_wrapped,
status,
mechOID);
*out_security_buffer = data_blob_talloc(smb2req,
secblob_out.data,
secblob_out.length);
data_blob_free(&secblob_out);
return status;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
}
s3 smb2: Fix the build without kerberos Jeremy, please check
2010-05-20 13:29:03 +04:00
#endif
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
struct smbd_smb2_request *smb2req,
Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy.
2010-05-21 23:08:18 +04:00
uint8_t in_security_mode,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
DATA_BLOB in_security_buffer,
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
uint16_t *out_session_flags,
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
DATA_BLOB *out_security_buffer,
uint64_t *out_session_id)
{
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
DATA_BLOB secblob_in = data_blob_null;
DATA_BLOB chal_out = data_blob_null;
char *kerb_mech = NULL;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
NTSTATUS status;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
/* Ensure we have no old NTLM state around. */
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
s3:smbd: implement SMB2 Tree Connect For now this only checks if the share is present or not. metze
2009-05-15 13:50:20 +04:00
Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce use of malloc, and data_blob(). Jeremy.
2010-07-21 00:35:43 +04:00
status = parse_spnego_mechanisms(talloc_tos(), in_security_buffer,
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
&secblob_in, &kerb_mech);
if (!NT_STATUS_IS_OK(status)) {
goto out;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
#ifdef HAVE_KRB5
if (kerb_mech && ((lp_security()==SEC_ADS) ||
USE_KERBEROS_KEYTAB) ) {
status = smbd_smb2_session_setup_krb5(session,
smb2req,
Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy.
2010-05-21 23:08:18 +04:00
in_security_mode,
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
&secblob_in,
kerb_mech,
out_session_flags,
out_security_buffer,
out_session_id);
goto out;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
#endif
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when using SMB2. Jeremy.
2010-06-03 22:18:11 +04:00
if (kerb_mech) {
/* The mechtoken is a krb5 ticket, but
* we need to fall back to NTLM. */
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when using SMB2. Jeremy.
2010-06-03 22:18:11 +04:00
DEBUG(3,("smb2: Got krb5 ticket in SPNEGO "
"but set to downgrade to NTLMSSP\n"));
status = NT_STATUS_MORE_PROCESSING_REQUIRED;
} else {
/* Fall back to NTLMSSP. */
s3-auth: Added remote_address to ntlmssp server. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-15 13:15:06 +04:00
status = auth_ntlmssp_start(session->sconn->remote_address,
&session->auth_ntlmssp_state);
Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when using SMB2. Jeremy.
2010-06-03 22:18:11 +04:00
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
secblob_in,
&chal_out);
}
Add NTLMSSP SPNEGO to smb2 auth. Tested with Win7. Jeremy.
2009-06-04 22:14:20 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto out;
}
Add NTLMSSP SPNEGO to smb2 auth. Tested with Win7. Jeremy.
2009-06-04 22:14:20 +04:00
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
*out_security_buffer = spnego_gen_auth_response(smb2req,
&chal_out,
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
status,
OID_NTLMSSP);
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
if (out_security_buffer->data == NULL) {
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
status = NT_STATUS_NO_MEMORY;
goto out;
}
*out_session_id = session->vuid;
Add NTLMSSP SPNEGO to smb2 auth. Tested with Win7. Jeremy.
2009-06-04 22:14:20 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
out:
Add NTLMSSP SPNEGO to smb2 auth. Tested with Win7. Jeremy.
2009-06-04 22:14:20 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
data_blob_free(&secblob_in);
data_blob_free(&chal_out);
Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce use of malloc, and data_blob(). Jeremy.
2010-07-21 00:35:43 +04:00
TALLOC_FREE(kerb_mech);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
TALLOC_FREE(session);
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
}
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return status;
}
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *session,
struct smbd_smb2_request *smb2req,
uint8_t in_security_mode,
DATA_BLOB in_security_buffer,
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
uint16_t *out_session_flags,
uint64_t *out_session_id)
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
{
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
fstring tmp;
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == Required) {
session->do_signing = true;
}
s3-auth Use guest boolean in auth_user_info_unix Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 10:09:52 +04:00
if (session->session_info->unix_info->guest) {
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
}
s3-auth Rename user_session_key -> session_key to match auth_session_info
2011-02-14 03:35:21 +03:00
session->session_key = session->session_info->session_key;
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
s3:smbd: create a user_struct for compat in SMB2 Session Setup metze
2009-05-27 20:33:45 +04:00
session->compat_vuser = talloc_zero(session, user_struct);
if (session->compat_vuser == NULL) {
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
s3:smbd: create a user_struct for compat in SMB2 Session Setup metze
2009-05-27 20:33:45 +04:00
TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
session->compat_vuser->auth_ntlmssp_state = session->auth_ntlmssp_state;
session->compat_vuser->homes_snum = -1;
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
session->compat_vuser->session_info = session->session_info;
s3:smbd: create a user_struct for compat in SMB2 Session Setup metze
2009-05-27 20:33:45 +04:00
session->compat_vuser->session_keystr = NULL;
session->compat_vuser->vuid = session->vuid;
s3:smbd: rename conn => sconn for smbd_server_connection structs This should avoid confusion between smbd_server_connection and connection_struct variables. metze
2009-08-07 17:21:07 +04:00
DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser);
s3:smbd: create a user_struct for compat in SMB2 Session Setup metze
2009-05-27 20:33:45 +04:00
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
/* This is a potentially untrusted username */
alpha_strcpy(tmp,
s3:auth Make AUTH_NTLMSSP_STATE a private structure. This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-25 09:34:06 +04:00
auth_ntlmssp_get_username(session->auth_ntlmssp_state),
". _-$",
sizeof(tmp));
s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 09:55:31 +04:00
session->session_info->unix_info->sanitized_username = talloc_strdup(
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
session->session_info, tmp);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
s3-auth Use guest boolean in auth_user_info_unix Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 10:09:52 +04:00
if (!session->compat_vuser->session_info->unix_info->guest) {
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
session->compat_vuser->homes_snum =
s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15 09:55:31 +04:00
register_homes_share(session->session_info->unix_info->unix_name);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
}
s3: Remove smbd_server_fd() from session_claim
2010-08-16 10:00:48 +04:00
if (!session_claim(session->sconn, session->compat_vuser)) {
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
DEBUG(1, ("smb2: Failed to claim session "
"for vuid=%d\n",
session->compat_vuser->vuid));
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
session->status = NT_STATUS_OK;
/*
* we attach the session to the request
* so that the response can be signed
*/
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
smb2req->session = session;
s3:smbd: add support for SMB2 signing metze
2009-05-23 00:58:39 +04:00
if (session->do_signing) {
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
smb2req->do_signing = true;
}
global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
*out_session_id = session->vuid;
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return NT_STATUS_OK;
}
static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
struct smbd_smb2_request *smb2req,
uint8_t in_security_mode,
DATA_BLOB in_security_buffer,
uint16_t *out_session_flags,
DATA_BLOB *out_security_buffer,
uint64_t *out_session_id)
{
DATA_BLOB auth = data_blob_null;
DATA_BLOB auth_out = data_blob_null;
NTSTATUS status;
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
if (!spnego_parse_auth(talloc_tos(), in_security_buffer, &auth)) {
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
}
Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy.
2010-05-21 23:08:18 +04:00
if (auth.data[0] == ASN1_APPLICATION(0)) {
/* Might be a second negTokenTarg packet */
DATA_BLOB secblob_in = data_blob_null;
char *kerb_mech = NULL;
Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce use of malloc, and data_blob(). Jeremy.
2010-07-21 00:35:43 +04:00
status = parse_spnego_mechanisms(talloc_tos(),
in_security_buffer,
Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy.
2010-05-21 23:08:18 +04:00
&secblob_in, &kerb_mech);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;
}
#ifdef HAVE_KRB5
if (kerb_mech && ((lp_security()==SEC_ADS) ||
USE_KERBEROS_KEYTAB) ) {
status = smbd_smb2_session_setup_krb5(session,
smb2req,
in_security_mode,
&secblob_in,
kerb_mech,
out_session_flags,
out_security_buffer,
out_session_id);
data_blob_free(&secblob_in);
Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce use of malloc, and data_blob(). Jeremy.
2010-07-21 00:35:43 +04:00
TALLOC_FREE(kerb_mech);
Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy.
2010-05-21 23:08:18 +04:00
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
}
return status;
}
#endif
/* Can't blunder into NTLMSSP auth if we have
* a krb5 ticket. */
if (kerb_mech) {
DEBUG(3,("smb2: network "
"misconfiguration, client sent us a "
"krb5 ticket and kerberos security "
"not enabled\n"));
TALLOC_FREE(session);
data_blob_free(&secblob_in);
Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce use of malloc, and data_blob(). Jeremy.
2010-07-21 00:35:43 +04:00
TALLOC_FREE(kerb_mech);
Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy.
2010-05-21 23:08:18 +04:00
return NT_STATUS_LOGON_FAILURE;
}
Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when using SMB2. Jeremy.
2010-06-03 22:18:11 +04:00
data_blob_free(&secblob_in);
}
if (session->auth_ntlmssp_state == NULL) {
s3-auth: Added remote_address to ntlmssp server. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-15 13:15:06 +04:00
status = auth_ntlmssp_start(session->sconn->remote_address,
&session->auth_ntlmssp_state);
Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when using SMB2. Jeremy.
2010-06-03 22:18:11 +04:00
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&auth);
TALLOC_FREE(session);
return status;
}
Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy.
2010-05-21 23:08:18 +04:00
}
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
auth,
&auth_out);
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
/* We need to call setup_ntlmssp_session_info() if status==NT_STATUS_OK,
Fix bug #7608 - Win7 SMB2 authentication causes smbd panic We need to call setup_ntlmssp_server_info() if status==NT_STATUS_OK, or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED, as this can trigger map to guest. Jeremy.
2010-08-10 03:16:24 +04:00
or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED,
as this can trigger map to guest. */
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
status = setup_ntlmssp_session_info(session, status);
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
}
Allow us to cope correctly with NT_STATUS_MORE_PROCESSING_REQUIRED when downgrading from krb5 to NTLMSSP over SMB2. Jeremy.
2010-06-03 22:50:08 +04:00
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
data_blob_free(&auth);
TALLOC_FREE(session);
return status;
}
data_blob_free(&auth);
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
*out_security_buffer = spnego_gen_auth_response(smb2req,
&auth_out, status, NULL);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL contexts. Jeremy.
2010-07-21 03:17:58 +04:00
if (out_security_buffer->data == NULL) {
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
*out_session_id = session->vuid;
SMB2 always have level2 oplock capability. Correct mapping from break messages to SMB2 oplock levels. Jeremy.
2010-05-11 01:23:44 +04:00
Allow us to cope correctly with NT_STATUS_MORE_PROCESSING_REQUIRED when downgrading from krb5 to NTLMSSP over SMB2. Jeremy.
2010-06-03 22:50:08 +04:00
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
return NT_STATUS_MORE_PROCESSING_REQUIRED;
}
/* We're done - claim the session. */
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
return smbd_smb2_common_ntlmssp_auth_return(session,
smb2req,
in_security_mode,
in_security_buffer,
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
out_session_flags,
out_session_id);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
}
static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
struct smbd_smb2_request *smb2req,
uint8_t in_security_mode,
DATA_BLOB in_security_buffer,
uint16_t *out_session_flags,
DATA_BLOB *out_security_buffer,
uint64_t *out_session_id)
{
NTSTATUS status;
DATA_BLOB secblob_out = data_blob_null;
if (session->auth_ntlmssp_state == NULL) {
s3-auth: Added remote_address to ntlmssp server. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-15 13:15:06 +04:00
status = auth_ntlmssp_start(session->sconn->remote_address,
&session->auth_ntlmssp_state);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;
}
}
/* RAW NTLMSSP */
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
in_security_buffer,
&secblob_out);
if (NT_STATUS_IS_OK(status) ||
NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
*out_security_buffer = data_blob_talloc(smb2req,
secblob_out.data,
secblob_out.length);
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
if (secblob_out.data && out_security_buffer->data == NULL) {
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
}
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
*out_session_id = session->vuid;
return status;
}
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21 12:25:52 +03:00
status = setup_ntlmssp_session_info(session, status);
Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy.
2010-07-16 22:05:34 +04:00
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
if (!NT_STATUS_IS_OK(status)) {
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
TALLOC_FREE(session);
return status;
}
*out_session_id = session->vuid;
return smbd_smb2_common_ntlmssp_auth_return(session,
smb2req,
in_security_mode,
in_security_buffer,
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
out_session_flags,
out_session_id);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
}
static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
uint64_t in_session_id,
uint8_t in_security_mode,
DATA_BLOB in_security_buffer,
uint16_t *out_session_flags,
DATA_BLOB *out_security_buffer,
uint64_t *out_session_id)
{
struct smbd_smb2_session *session;
*out_session_flags = 0;
*out_session_id = 0;
if (in_session_id == 0) {
int id;
/* create a new session */
session = talloc_zero(smb2req->sconn, struct smbd_smb2_session);
if (session == NULL) {
return NT_STATUS_NO_MEMORY;
}
session->status = NT_STATUS_MORE_PROCESSING_REQUIRED;
id = idr_get_new_random(smb2req->sconn->smb2.sessions.idtree,
session,
smb2req->sconn->smb2.sessions.limit);
if (id == -1) {
return NT_STATUS_INSUFFICIENT_RESOURCES;
}
session->vuid = id;
session->tcons.idtree = idr_init(session);
if (session->tcons.idtree == NULL) {
return NT_STATUS_NO_MEMORY;
}
session->tcons.limit = 0x0000FFFE;
session->tcons.list = NULL;
DLIST_ADD_END(smb2req->sconn->smb2.sessions.list, session,
struct smbd_smb2_session *);
session->sconn = smb2req->sconn;
talloc_set_destructor(session, smbd_smb2_session_destructor);
} else {
void *p;
/* lookup an existing session */
p = idr_find(smb2req->sconn->smb2.sessions.idtree, in_session_id);
if (p == NULL) {
return NT_STATUS_USER_SESSION_DELETED;
}
session = talloc_get_type_abort(p, struct smbd_smb2_session);
}
if (NT_STATUS_IS_OK(session->status)) {
return NT_STATUS_REQUEST_NOT_ACCEPTED;
}
if (in_security_buffer.data[0] == ASN1_APPLICATION(0)) {
return smbd_smb2_spnego_negotiate(session,
smb2req,
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code. Jeremy.
2010-05-18 05:22:19 +04:00
in_security_mode,
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
in_security_buffer,
out_session_flags,
out_security_buffer,
out_session_id);
} else if (in_security_buffer.data[0] == ASN1_CONTEXT(1)) {
return smbd_smb2_spnego_auth(session,
smb2req,
in_security_mode,
in_security_buffer,
out_session_flags,
out_security_buffer,
out_session_id);
} else if (strncmp((char *)(in_security_buffer.data), "NTLMSSP", 7) == 0) {
return smbd_smb2_raw_ntlmssp_auth(session,
smb2req,
in_security_mode,
in_security_buffer,
out_session_flags,
out_security_buffer,
out_session_id);
}
/* Unknown packet type. */
DEBUG(1,("Unknown packet type %u in smb2 sessionsetup\n",
(unsigned int)in_security_buffer.data[0] ));
s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-17 03:44:22 +04:00
TALLOC_FREE(session->auth_ntlmssp_state);
Refactor the sessionsetup SMB2 code to make it easy to add krb5. Fix a memory leak in returning security blobs. Jeremy
2010-05-18 00:05:22 +04:00
TALLOC_FREE(session);
return NT_STATUS_LOGON_FAILURE;
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP metze
2009-05-15 13:20:34 +04:00
}
s3:smbd: implement SMB2 Logoff metze
2009-05-15 13:40:19 +04:00
NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
{
const uint8_t *inbody;
int i = req->current_idx;
DATA_BLOB outbody;
size_t expected_body_size = 0x04;
size_t body_size;
if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
body_size = SVAL(inbody, 0x00);
if (body_size != expected_body_size) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
/*
* TODO: cancel all outstanding requests on the session
* and delete all tree connections.
*/
smbd_smb2_session_destructor(req->session);
/*
* we may need to sign the response, so we need to keep
* the session until the response is sent to the wire.
*/
talloc_steal(req, req->session);
outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
if (outbody.data == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
SSVAL(outbody.data, 0x00, 0x04); /* struct size */
SSVAL(outbody.data, 0x02, 0); /* reserved */
return smbd_smb2_request_done(req, outbody, NULL);
}
Copy Permalink