2003-04-11 23:32:00 +00:00
/*
Unix SMB / CIFS implementation .
FS info functions
Copyright ( C ) Stefan ( metze ) Metzmacher 2003
2007-12-26 17:12:36 -08:00
Copyright ( C ) Jeremy Allison 2007
2003-04-11 23:32:00 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2003-04-11 23:32:00 +00:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-04-11 23:32:00 +00:00
*/
# include "includes.h"
2004-11-12 23:42:12 +00:00
/****************************************************************************
Get UNIX extensions version info .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-12-06 17:16:33 -08:00
2007-10-18 17:40:25 -07:00
bool cli_unix_extensions_version ( struct cli_state * cli , uint16 * pmajor , uint16 * pminor ,
2004-11-12 23:42:12 +00:00
uint32 * pcaplow , uint32 * pcaphigh )
{
2007-10-18 17:40:25 -07:00
bool ret = False ;
2004-11-12 23:42:12 +00:00
uint16 setup ;
char param [ 2 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
setup = TRANSACT2_QFSINFO ;
2007-12-06 17:16:33 -08:00
2004-11-12 23:42:12 +00:00
SSVAL ( param , 0 , SMB_QUERY_CIFS_UNIX_INFO ) ;
2007-12-06 17:16:33 -08:00
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
2004-11-12 23:42:12 +00:00
0 , 0 ,
& setup , 1 , 0 ,
param , 2 , 0 ,
NULL , 0 , 560 ) ) {
goto cleanup ;
}
2007-12-06 17:16:33 -08:00
2004-11-12 23:42:12 +00:00
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
goto cleanup ;
}
if ( cli_is_error ( cli ) ) {
ret = False ;
goto cleanup ;
} else {
ret = True ;
}
if ( rdata_count < 12 ) {
goto cleanup ;
}
* pmajor = SVAL ( rdata , 0 ) ;
* pminor = SVAL ( rdata , 2 ) ;
2007-05-16 00:07:38 +00:00
cli - > posix_capabilities = * pcaplow = IVAL ( rdata , 4 ) ;
2004-11-12 23:42:12 +00:00
* pcaphigh = IVAL ( rdata , 8 ) ;
2007-12-06 17:16:33 -08:00
/* todo: but not yet needed
2004-11-12 23:42:12 +00:00
* return the other stuff
*/
cleanup :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
2007-12-06 17:16:33 -08:00
return ret ;
2004-11-12 23:42:12 +00:00
}
2003-04-11 23:32:00 +00:00
2006-07-12 00:21:14 +00:00
/****************************************************************************
Set UNIX extensions capabilities .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-12-06 17:16:33 -08:00
2007-10-18 17:40:25 -07:00
bool cli_set_unix_extensions_capabilities ( struct cli_state * cli , uint16 major , uint16 minor ,
2006-07-12 00:21:14 +00:00
uint32 caplow , uint32 caphigh )
{
2007-10-18 17:40:25 -07:00
bool ret = False ;
2006-07-12 00:21:14 +00:00
uint16 setup ;
char param [ 4 ] ;
char data [ 12 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
setup = TRANSACT2_SETFSINFO ;
2007-12-06 17:16:33 -08:00
2006-07-12 00:21:14 +00:00
SSVAL ( param , 0 , 0 ) ;
SSVAL ( param , 2 , SMB_SET_CIFS_UNIX_INFO ) ;
SSVAL ( data , 0 , major ) ;
SSVAL ( data , 2 , minor ) ;
SIVAL ( data , 4 , caplow ) ;
SIVAL ( data , 8 , caphigh ) ;
2007-12-06 17:16:33 -08:00
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
2006-07-12 00:21:14 +00:00
0 , 0 ,
& setup , 1 , 0 ,
param , 4 , 0 ,
data , 12 , 560 ) ) {
goto cleanup ;
}
2007-12-06 17:16:33 -08:00
2006-07-12 00:21:14 +00:00
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
goto cleanup ;
}
if ( cli_is_error ( cli ) ) {
ret = False ;
goto cleanup ;
} else {
ret = True ;
}
cleanup :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
2007-12-06 17:16:33 -08:00
return ret ;
2006-07-12 00:21:14 +00:00
}
2007-10-18 17:40:25 -07:00
bool cli_get_fs_attr_info ( struct cli_state * cli , uint32 * fs_attr )
2003-04-11 23:32:00 +00:00
{
2007-10-18 17:40:25 -07:00
bool ret = False ;
2003-04-11 23:32:00 +00:00
uint16 setup ;
char param [ 2 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
if ( ! cli | | ! fs_attr )
smb_panic ( " cli_get_fs_attr_info() called with NULL Pionter! " ) ;
setup = TRANSACT2_QFSINFO ;
2007-12-06 17:16:33 -08:00
2003-04-11 23:32:00 +00:00
SSVAL ( param , 0 , SMB_QUERY_FS_ATTRIBUTE_INFO ) ;
2007-12-06 17:16:33 -08:00
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
2003-04-11 23:32:00 +00:00
0 , 0 ,
& setup , 1 , 0 ,
param , 2 , 0 ,
NULL , 0 , 560 ) ) {
goto cleanup ;
}
2007-12-06 17:16:33 -08:00
2003-04-11 23:32:00 +00:00
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
goto cleanup ;
}
if ( cli_is_error ( cli ) ) {
ret = False ;
goto cleanup ;
} else {
ret = True ;
}
if ( rdata_count < 12 ) {
goto cleanup ;
}
* fs_attr = IVAL ( rdata , 0 ) ;
2007-12-06 17:16:33 -08:00
/* todo: but not yet needed
2003-04-11 23:32:00 +00:00
* return the other stuff
*/
cleanup :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
2007-12-06 17:16:33 -08:00
return ret ;
2003-04-11 23:32:00 +00:00
}
2005-03-30 00:47:57 +00:00
2007-10-18 17:40:25 -07:00
bool cli_get_fs_volume_info_old ( struct cli_state * cli , fstring volume_name , uint32 * pserial_number )
2005-03-30 00:47:57 +00:00
{
2007-10-18 17:40:25 -07:00
bool ret = False ;
2005-03-30 00:47:57 +00:00
uint16 setup ;
char param [ 2 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
unsigned char nlen ;
setup = TRANSACT2_QFSINFO ;
2007-12-06 17:16:33 -08:00
2005-03-30 00:47:57 +00:00
SSVAL ( param , 0 , SMB_INFO_VOLUME ) ;
2007-12-06 17:16:33 -08:00
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
2005-03-30 00:47:57 +00:00
0 , 0 ,
& setup , 1 , 0 ,
param , 2 , 0 ,
NULL , 0 , 560 ) ) {
goto cleanup ;
}
2007-12-06 17:16:33 -08:00
2005-03-30 00:47:57 +00:00
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
goto cleanup ;
}
if ( cli_is_error ( cli ) ) {
ret = False ;
goto cleanup ;
} else {
ret = True ;
}
if ( rdata_count < 5 ) {
goto cleanup ;
}
if ( pserial_number ) {
* pserial_number = IVAL ( rdata , 0 ) ;
}
nlen = CVAL ( rdata , l2_vol_cch ) ;
2009-01-26 03:38:05 +01:00
clistr_pull ( cli - > inbuf , volume_name , rdata + l2_vol_szVolLabel ,
sizeof ( fstring ) , nlen , STR_NOALIGN ) ;
2005-03-30 00:47:57 +00:00
2007-12-06 17:16:33 -08:00
/* todo: but not yet needed
2005-03-30 00:47:57 +00:00
* return the other stuff
*/
cleanup :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
2007-12-06 17:16:33 -08:00
return ret ;
2005-03-30 00:47:57 +00:00
}
2007-10-18 17:40:25 -07:00
bool cli_get_fs_volume_info ( struct cli_state * cli , fstring volume_name , uint32 * pserial_number , time_t * pdate )
2005-03-30 00:47:57 +00:00
{
2007-10-18 17:40:25 -07:00
bool ret = False ;
2005-03-30 00:47:57 +00:00
uint16 setup ;
char param [ 2 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
unsigned int nlen ;
setup = TRANSACT2_QFSINFO ;
2007-12-06 17:16:33 -08:00
2005-03-30 00:47:57 +00:00
SSVAL ( param , 0 , SMB_QUERY_FS_VOLUME_INFO ) ;
2007-12-06 17:16:33 -08:00
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
2005-03-30 00:47:57 +00:00
0 , 0 ,
& setup , 1 , 0 ,
param , 2 , 0 ,
NULL , 0 , 560 ) ) {
goto cleanup ;
}
2007-12-06 17:16:33 -08:00
2005-03-30 00:47:57 +00:00
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
goto cleanup ;
}
if ( cli_is_error ( cli ) ) {
ret = False ;
goto cleanup ;
} else {
ret = True ;
}
if ( rdata_count < 19 ) {
goto cleanup ;
}
if ( pdate ) {
2006-08-24 16:44:00 +00:00
struct timespec ts ;
ts = interpret_long_date ( rdata ) ;
* pdate = ts . tv_sec ;
2005-03-30 00:47:57 +00:00
}
if ( pserial_number ) {
* pserial_number = IVAL ( rdata , 8 ) ;
}
nlen = IVAL ( rdata , 12 ) ;
2009-01-26 03:38:05 +01:00
clistr_pull ( cli - > inbuf , volume_name , rdata + 18 , sizeof ( fstring ) ,
nlen , STR_UNICODE ) ;
2005-03-30 00:47:57 +00:00
2007-12-06 17:16:33 -08:00
/* todo: but not yet needed
2005-03-30 00:47:57 +00:00
* return the other stuff
*/
cleanup :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
2007-12-06 17:16:33 -08:00
return ret ;
2005-03-30 00:47:57 +00:00
}
2007-12-26 17:12:36 -08:00
2009-02-12 10:39:17 -05:00
bool cli_get_fs_full_size_info ( struct cli_state * cli ,
uint64_t * total_allocation_units ,
uint64_t * caller_allocation_units ,
uint64_t * actual_allocation_units ,
uint64_t * sectors_per_allocation_unit ,
uint64_t * bytes_per_sector )
{
bool ret = False ;
uint16 setup ;
char param [ 2 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
setup = TRANSACT2_QFSINFO ;
SSVAL ( param , 0 , SMB_FS_FULL_SIZE_INFORMATION ) ;
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
0 , 0 ,
& setup , 1 , 0 ,
param , 2 , 0 ,
NULL , 0 , 560 ) ) {
goto cleanup ;
}
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
goto cleanup ;
}
if ( cli_is_error ( cli ) ) {
ret = False ;
goto cleanup ;
} else {
ret = True ;
}
if ( rdata_count ! = 32 ) {
goto cleanup ;
}
if ( total_allocation_units ) {
* total_allocation_units = BIG_UINT ( rdata , 0 ) ;
}
if ( caller_allocation_units ) {
* caller_allocation_units = BIG_UINT ( rdata , 8 ) ;
}
if ( actual_allocation_units ) {
* actual_allocation_units = BIG_UINT ( rdata , 16 ) ;
}
if ( sectors_per_allocation_unit ) {
* sectors_per_allocation_unit = IVAL ( rdata , 24 ) ;
}
if ( bytes_per_sector ) {
* bytes_per_sector = IVAL ( rdata , 28 ) ;
}
cleanup :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
return ret ;
}
bool cli_get_posix_fs_info ( struct cli_state * cli ,
uint32 * optimal_transfer_size ,
uint32 * block_size ,
uint64_t * total_blocks ,
uint64_t * blocks_available ,
uint64_t * user_blocks_available ,
uint64_t * total_file_nodes ,
uint64_t * free_file_nodes ,
uint64_t * fs_identifier )
{
bool ret = False ;
uint16 setup ;
char param [ 2 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
setup = TRANSACT2_QFSINFO ;
SSVAL ( param , 0 , SMB_QUERY_POSIX_FS_INFO ) ;
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
0 , 0 ,
& setup , 1 , 0 ,
param , 2 , 0 ,
NULL , 0 , 560 ) ) {
goto cleanup ;
}
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
goto cleanup ;
}
if ( cli_is_error ( cli ) ) {
ret = False ;
goto cleanup ;
} else {
ret = True ;
}
if ( rdata_count ! = 56 ) {
goto cleanup ;
}
if ( optimal_transfer_size ) {
* optimal_transfer_size = IVAL ( rdata , 0 ) ;
}
if ( block_size ) {
* block_size = IVAL ( rdata , 4 ) ;
}
if ( total_blocks ) {
* total_blocks = BIG_UINT ( rdata , 8 ) ;
}
if ( blocks_available ) {
* blocks_available = BIG_UINT ( rdata , 16 ) ;
}
if ( user_blocks_available ) {
* user_blocks_available = BIG_UINT ( rdata , 24 ) ;
}
if ( total_file_nodes ) {
* total_file_nodes = BIG_UINT ( rdata , 32 ) ;
}
if ( free_file_nodes ) {
* free_file_nodes = BIG_UINT ( rdata , 40 ) ;
}
if ( fs_identifier ) {
* fs_identifier = BIG_UINT ( rdata , 48 ) ;
}
cleanup :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
return ret ;
}
2007-12-26 17:12:36 -08:00
/******************************************************************************
Send / receive the request encryption blob .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS enc_blob_send_receive ( struct cli_state * cli , DATA_BLOB * in , DATA_BLOB * out , DATA_BLOB * param_out )
{
uint16 setup ;
char param [ 4 ] ;
char * rparam = NULL , * rdata = NULL ;
unsigned int rparam_count = 0 , rdata_count = 0 ;
NTSTATUS status = NT_STATUS_OK ;
setup = TRANSACT2_SETFSINFO ;
SSVAL ( param , 0 , 0 ) ;
SSVAL ( param , 2 , SMB_REQUEST_TRANSPORT_ENCRYPTION ) ;
if ( ! cli_send_trans ( cli , SMBtrans2 ,
NULL ,
0 , 0 ,
& setup , 1 , 0 ,
param , 4 , 0 ,
( char * ) in - > data , in - > length , CLI_BUFFER_SIZE ) ) {
status = cli_nt_error ( cli ) ;
goto out ;
}
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
& rparam , & rparam_count ,
& rdata , & rdata_count ) ) {
status = cli_nt_error ( cli ) ;
goto out ;
}
if ( cli_is_error ( cli ) ) {
status = cli_nt_error ( cli ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) ) {
goto out ;
}
}
* out = data_blob ( rdata , rdata_count ) ;
* param_out = data_blob ( rparam , rparam_count ) ;
out :
SAFE_FREE ( rparam ) ;
SAFE_FREE ( rdata ) ;
return status ;
}
/******************************************************************************
Make a client state struct .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static struct smb_trans_enc_state * make_cli_enc_state ( enum smb_trans_enc_type smb_enc_type )
{
struct smb_trans_enc_state * es = NULL ;
es = SMB_MALLOC_P ( struct smb_trans_enc_state ) ;
if ( ! es ) {
return NULL ;
}
ZERO_STRUCTP ( es ) ;
es - > smb_enc_type = smb_enc_type ;
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
2008-02-28 06:01:09 -08:00
if ( smb_enc_type = = SMB_TRANS_ENC_GSS ) {
2007-12-26 17:12:36 -08:00
es - > s . gss_state = SMB_MALLOC_P ( struct smb_tran_enc_state_gss ) ;
if ( ! es - > s . gss_state ) {
SAFE_FREE ( es ) ;
return NULL ;
}
ZERO_STRUCTP ( es - > s . gss_state ) ;
}
2008-02-28 06:01:09 -08:00
# endif
2007-12-26 17:12:36 -08:00
return es ;
}
/******************************************************************************
Start a raw ntlmssp encryption .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS cli_raw_ntlm_smb_encryption_start ( struct cli_state * cli ,
const char * user ,
const char * pass ,
const char * domain )
{
DATA_BLOB blob_in = data_blob_null ;
DATA_BLOB blob_out = data_blob_null ;
DATA_BLOB param_out = data_blob_null ;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL ;
struct smb_trans_enc_state * es = make_cli_enc_state ( SMB_TRANS_ENC_NTLM ) ;
if ( ! es ) {
return NT_STATUS_NO_MEMORY ;
}
status = ntlmssp_client_start ( & es - > s . ntlmssp_state ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto fail ;
}
ntlmssp_want_feature ( es - > s . ntlmssp_state , NTLMSSP_FEATURE_SESSION_KEY ) ;
es - > s . ntlmssp_state - > neg_flags | = ( NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL ) ;
if ( ! NT_STATUS_IS_OK ( status = ntlmssp_set_username ( es - > s . ntlmssp_state , user ) ) ) {
goto fail ;
}
if ( ! NT_STATUS_IS_OK ( status = ntlmssp_set_domain ( es - > s . ntlmssp_state , domain ) ) ) {
goto fail ;
}
if ( ! NT_STATUS_IS_OK ( status = ntlmssp_set_password ( es - > s . ntlmssp_state , pass ) ) ) {
goto fail ;
}
do {
status = ntlmssp_update ( es - > s . ntlmssp_state , blob_in , & blob_out ) ;
data_blob_free ( & blob_in ) ;
data_blob_free ( & param_out ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) | | NT_STATUS_IS_OK ( status ) ) {
NTSTATUS trans_status = enc_blob_send_receive ( cli ,
& blob_out ,
& blob_in ,
& param_out ) ;
if ( ! NT_STATUS_EQUAL ( trans_status ,
NT_STATUS_MORE_PROCESSING_REQUIRED ) & &
! NT_STATUS_IS_OK ( trans_status ) ) {
status = trans_status ;
} else {
if ( param_out . length = = 2 ) {
es - > enc_ctx_num = SVAL ( param_out . data , 0 ) ;
}
}
}
data_blob_free ( & blob_out ) ;
} while ( NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) ) ;
data_blob_free ( & blob_in ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
/* Replace the old state, if any. */
if ( cli - > trans_enc_state ) {
common_free_encryption_state ( & cli - > trans_enc_state ) ;
}
cli - > trans_enc_state = es ;
cli - > trans_enc_state - > enc_on = True ;
es = NULL ;
}
fail :
common_free_encryption_state ( & es ) ;
return status ;
}
# if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
# ifndef SMB_GSS_REQUIRED_FLAGS
# define SMB_GSS_REQUIRED_FLAGS (GSS_C_CONF_FLAG|GSS_C_INTEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)
# endif
/******************************************************************************
Get client gss blob to send to a server .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS make_cli_gss_blob ( struct smb_trans_enc_state * es ,
const char * service ,
const char * host ,
NTSTATUS status_in ,
DATA_BLOB spnego_blob_in ,
DATA_BLOB * p_blob_out )
{
const char * krb_mechs [ ] = { OID_KERBEROS5 , NULL } ;
OM_uint32 ret ;
OM_uint32 min ;
gss_name_t srv_name ;
gss_buffer_desc input_name ;
gss_buffer_desc * p_tok_in ;
gss_buffer_desc tok_out , tok_in ;
DATA_BLOB blob_out = data_blob_null ;
DATA_BLOB blob_in = data_blob_null ;
char * host_princ_s = NULL ;
OM_uint32 ret_flags = 0 ;
NTSTATUS status = NT_STATUS_OK ;
gss_OID_desc nt_hostbased_service =
{ 10 , CONST_DISCARD ( char * , " \x2a \x86 \x48 \x86 \xf7 \x12 \x01 \x02 \x01 \x04 " ) } ;
memset ( & tok_out , ' \0 ' , sizeof ( tok_out ) ) ;
/* Get a ticket for the service@host */
2008-02-25 15:24:49 +01:00
if ( asprintf ( & host_princ_s , " %s@%s " , service , host ) = = - 1 ) {
2007-12-26 17:12:36 -08:00
return NT_STATUS_NO_MEMORY ;
}
input_name . value = host_princ_s ;
input_name . length = strlen ( host_princ_s ) + 1 ;
ret = gss_import_name ( & min ,
& input_name ,
& nt_hostbased_service ,
& srv_name ) ;
if ( ret ! = GSS_S_COMPLETE ) {
SAFE_FREE ( host_princ_s ) ;
return map_nt_error_from_gss ( ret , min ) ;
}
if ( spnego_blob_in . length = = 0 ) {
p_tok_in = GSS_C_NO_BUFFER ;
} else {
/* Remove the SPNEGO wrapper */
if ( ! spnego_parse_auth_response ( spnego_blob_in , status_in , OID_KERBEROS5 , & blob_in ) ) {
status = NT_STATUS_UNSUCCESSFUL ;
goto fail ;
}
tok_in . value = blob_in . data ;
tok_in . length = blob_in . length ;
p_tok_in = & tok_in ;
}
ret = gss_init_sec_context ( & min ,
GSS_C_NO_CREDENTIAL , /* Use our default cred. */
& es - > s . gss_state - > gss_ctx ,
srv_name ,
GSS_C_NO_OID , /* default OID. */
2008-08-08 14:32:15 -07:00
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG ,
2007-12-26 17:12:36 -08:00
GSS_C_INDEFINITE , /* requested ticket lifetime. */
NULL , /* no channel bindings */
p_tok_in ,
NULL , /* ignore mech type */
& tok_out ,
& ret_flags ,
NULL ) ; /* ignore time_rec */
status = map_nt_error_from_gss ( ret , min ) ;
if ( ! NT_STATUS_IS_OK ( status ) & & ! NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) ) {
ADS_STATUS adss = ADS_ERROR_GSS ( ret , min ) ;
DEBUG ( 10 , ( " make_cli_gss_blob: gss_init_sec_context failed with %s \n " ,
ads_errstr ( adss ) ) ) ;
goto fail ;
}
if ( ( ret_flags & SMB_GSS_REQUIRED_FLAGS ) ! = SMB_GSS_REQUIRED_FLAGS ) {
status = NT_STATUS_ACCESS_DENIED ;
}
blob_out = data_blob ( tok_out . value , tok_out . length ) ;
/* Wrap in an SPNEGO wrapper */
* p_blob_out = gen_negTokenTarg ( krb_mechs , blob_out ) ;
fail :
data_blob_free ( & blob_out ) ;
data_blob_free ( & blob_in ) ;
SAFE_FREE ( host_princ_s ) ;
gss_release_name ( & min , & srv_name ) ;
if ( tok_out . value ) {
gss_release_buffer ( & min , & tok_out ) ;
}
return status ;
}
/******************************************************************************
Start a SPNEGO gssapi encryption context .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS cli_gss_smb_encryption_start ( struct cli_state * cli )
{
DATA_BLOB blob_recv = data_blob_null ;
DATA_BLOB blob_send = data_blob_null ;
DATA_BLOB param_out = data_blob_null ;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL ;
fstring fqdn ;
const char * servicename ;
struct smb_trans_enc_state * es = make_cli_enc_state ( SMB_TRANS_ENC_GSS ) ;
if ( ! es ) {
return NT_STATUS_NO_MEMORY ;
}
name_to_fqdn ( fqdn , cli - > desthost ) ;
strlower_m ( fqdn ) ;
servicename = " cifs " ;
status = make_cli_gss_blob ( es , servicename , fqdn , NT_STATUS_OK , blob_recv , & blob_send ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) ) {
servicename = " host " ;
status = make_cli_gss_blob ( es , servicename , fqdn , NT_STATUS_OK , blob_recv , & blob_send ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) ) {
goto fail ;
}
}
do {
data_blob_free ( & blob_recv ) ;
status = enc_blob_send_receive ( cli , & blob_send , & blob_recv , & param_out ) ;
if ( param_out . length = = 2 ) {
es - > enc_ctx_num = SVAL ( param_out . data , 0 ) ;
}
data_blob_free ( & blob_send ) ;
status = make_cli_gss_blob ( es , servicename , fqdn , status , blob_recv , & blob_send ) ;
} while ( NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) ) ;
data_blob_free ( & blob_recv ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
/* Replace the old state, if any. */
if ( cli - > trans_enc_state ) {
common_free_encryption_state ( & cli - > trans_enc_state ) ;
}
cli - > trans_enc_state = es ;
cli - > trans_enc_state - > enc_on = True ;
es = NULL ;
}
fail :
common_free_encryption_state ( & es ) ;
return status ;
}
# else
NTSTATUS cli_gss_smb_encryption_start ( struct cli_state * cli )
{
return NT_STATUS_NOT_SUPPORTED ;
}
# endif
2008-01-05 00:23:35 -08:00
/********************************************************************
Ensure a connection is encrypted .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS cli_force_encryption ( struct cli_state * c ,
const char * username ,
const char * password ,
const char * domain )
{
uint16 major , minor ;
uint32 caplow , caphigh ;
if ( ! SERVER_HAS_UNIX_CIFS ( c ) ) {
return NT_STATUS_NOT_SUPPORTED ;
}
if ( ! cli_unix_extensions_version ( c , & major , & minor , & caplow , & caphigh ) ) {
return NT_STATUS_UNKNOWN_REVISION ;
}
if ( ! ( caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP ) ) {
return NT_STATUS_UNSUPPORTED_COMPRESSION ;
}
if ( c - > use_kerberos ) {
return cli_gss_smb_encryption_start ( c ) ;
}
return cli_raw_ntlm_smb_encryption_start ( c ,
username ,
password ,
domain ) ;
}