2012-03-03 01:23:44 +01:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
1996-08-15 15:11:34 +00:00
Pipe SMB reply routines
1998-01-22 13:27:43 +00:00
Copyright ( C ) Andrew Tridgell 1992 - 1998
Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1998
Copyright ( C ) Paul Ashton 1997 - 1998.
2005-07-08 04:51:27 +00:00
Copyright ( C ) Jeremy Allison 2005.
2012-03-03 01:23:44 +01:00
1996-08-15 15:11:34 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
1996-08-15 15:11:34 +00:00
( at your option ) any later version .
2012-03-03 01:23:44 +01:00
1996-08-15 15:11:34 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2012-03-03 01:23:44 +01:00
1996-08-15 15:11:34 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
1996-08-15 15:11:34 +00:00
*/
/*
This file handles reply_ calls on named pipes that the server
makes to handle specific protocols
*/
# include "includes.h"
2011-03-22 16:57:01 +01:00
# include "smbd/smbd.h"
2010-04-27 15:12:32 +02:00
# include "smbd/globals.h"
2010-10-12 15:27:50 +11:00
# include "libcli/security/security.h"
2011-04-29 23:32:28 +02:00
# include "rpc_server/srv_pipe_hnd.h"
2020-02-07 16:48:29 +01:00
# include "auth/auth_util.h"
2020-08-28 16:31:17 +02:00
# include "librpc/rpc/dcerpc_helper.h"
1996-08-15 15:11:34 +00:00
2009-01-20 15:21:04 +01:00
NTSTATUS open_np_file ( struct smb_request * smb_req , const char * name ,
struct files_struct * * pfsp )
{
2020-02-07 16:48:29 +01:00
struct smbXsrv_connection * xconn = smb_req - > xconn ;
2009-01-20 15:21:04 +01:00
struct connection_struct * conn = smb_req - > conn ;
struct files_struct * fsp ;
2009-07-10 14:50:37 -07:00
struct smb_filename * smb_fname = NULL ;
2020-02-07 16:48:29 +01:00
struct auth_session_info * session_info = conn - > session_info ;
2009-01-20 15:21:04 +01:00
NTSTATUS status ;
status = file_new ( smb_req , conn , & fsp ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " file_new failed: %s \n " , nt_errstr ( status ) ) ) ;
return status ;
}
fsp - > conn = conn ;
2020-09-26 21:46:51 +02:00
fsp_set_fd ( fsp , - 1 ) ;
2009-01-20 15:21:04 +01:00
fsp - > vuid = smb_req - > vuid ;
2020-04-02 17:09:36 +02:00
fsp - > fsp_flags . can_lock = false ;
2009-01-20 15:21:04 +01:00
fsp - > access_mask = FILE_READ_DATA | FILE_WRITE_DATA ;
2009-07-10 14:50:37 -07:00
2020-05-03 15:08:20 +02:00
smb_fname = synthetic_smb_fname ( talloc_tos ( ) ,
name ,
NULL ,
NULL ,
2020-04-30 11:48:32 +02:00
0 ,
2020-05-03 15:08:20 +02:00
0 ) ;
2013-04-15 11:00:14 +02:00
if ( smb_fname = = NULL ) {
2009-07-10 14:50:37 -07:00
file_free ( smb_req , fsp ) ;
2013-04-15 11:00:14 +02:00
return NT_STATUS_NO_MEMORY ;
2009-07-10 14:50:37 -07:00
}
status = fsp_set_smb_fname ( fsp , smb_fname ) ;
TALLOC_FREE ( smb_fname ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
file_free ( smb_req , fsp ) ;
return status ;
}
2009-01-20 15:21:04 +01:00
2020-02-07 16:48:29 +01:00
if ( smb_req - > smb2req ! = NULL & & smb_req - > smb2req - > was_encrypted ) {
struct security_token * security_token = NULL ;
uint16_t dialect = xconn - > smb2 . server . dialect ;
2020-08-28 16:31:17 +02:00
uint16_t srv_smb_encrypt = DCERPC_SMB_ENCRYPTION_REQUIRED ;
2020-02-07 16:48:29 +01:00
uint16_t cipher = xconn - > smb2 . server . cipher ;
2021-10-08 11:34:23 +02:00
struct dom_sid smb3_sid = global_sid_Samba_SMB3 ;
2020-02-07 16:48:29 +01:00
uint32_t i ;
bool ok ;
session_info = copy_session_info ( fsp , conn - > session_info ) ;
if ( session_info = = NULL ) {
DBG_ERR ( " Failed to copy session info \n " ) ;
file_free ( smb_req , fsp ) ;
return NT_STATUS_NO_MEMORY ;
}
security_token = session_info - > security_token ;
/*
* Security check :
*
* Make sure we don ' t have a SMB3 SID in the security token !
*/
for ( i = 0 ; i < security_token - > num_sids ; i + + ) {
int cmp ;
cmp = dom_sid_compare_domain ( & security_token - > sids [ i ] ,
2021-08-17 20:37:04 +02:00
& smb3_sid ) ;
2020-02-07 16:48:29 +01:00
if ( cmp = = 0 ) {
DBG_ERR ( " ERROR: An SMB3 SID has already been "
" detected in the security token! \n " ) ;
file_free ( smb_req , fsp ) ;
return NT_STATUS_ACCESS_DENIED ;
}
}
2021-08-17 20:37:04 +02:00
ok = sid_append_rid ( & smb3_sid , dialect ) ;
ok & = sid_append_rid ( & smb3_sid , srv_smb_encrypt ) ;
ok & = sid_append_rid ( & smb3_sid , cipher ) ;
2020-02-07 16:48:29 +01:00
if ( ! ok ) {
2021-08-17 20:37:04 +02:00
DBG_ERR ( " sid too small \n " ) ;
2020-02-07 16:48:29 +01:00
file_free ( smb_req , fsp ) ;
2021-08-17 20:37:04 +02:00
return NT_STATUS_BUFFER_TOO_SMALL ;
2020-02-07 16:48:29 +01:00
}
status = add_sid_to_array_unique ( security_token ,
& smb3_sid ,
& security_token - > sids ,
& security_token - > num_sids ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DBG_ERR ( " Failed to add SMB3 SID to security token \n " ) ;
file_free ( smb_req , fsp ) ;
return status ;
}
fsp - > fsp_flags . encryption_required = true ;
}
2010-04-27 15:12:32 +02:00
status = np_open ( fsp , name ,
conn - > sconn - > remote_address ,
2017-03-23 14:05:56 +13:00
conn - > sconn - > local_address ,
2020-02-07 16:48:29 +01:00
session_info ,
2018-12-27 15:18:55 +01:00
conn - > sconn - > ev_ctx ,
2010-08-08 09:11:45 +02:00
conn - > sconn - > msg_ctx ,
2019-02-27 21:36:22 +01:00
conn - > sconn - > dce_ctx ,
2010-08-08 09:11:45 +02:00
& fsp - > fake_file_handle ) ;
2009-01-20 15:21:04 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 10 , ( " np_open(%s) returned %s \n " , name ,
nt_errstr ( status ) ) ) ;
file_free ( smb_req , fsp ) ;
return status ;
}
* pfsp = fsp ;
return NT_STATUS_OK ;
}