da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sinfo = smb_srm_zalloc(sr, sizeof (smb_arg_sessionsetup_t));
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Enforce the minimum word count seen in the old protocol,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * to make sure we have enough to decode the common stuff.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Further wcnt checks below.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Parse common part of SMB session setup.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * skip: vcnumber(2), sesskey(4)
12b65585e720714b31036daaa2b30eb76014048eGordon Ross &sinfo->ssi_maxbufsize, &sinfo->ssi_maxmpxcount);
7b59d02d2a384be9a08087b14defadd214b3c1ddjb if (rc != 0)
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sinfo->ssi_lmpwd = smb_srm_zalloc(sr, sinfo->ssi_lmpwlen + 1);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross rc = smbsr_decode_data(sr, "%#c", sr, sinfo->ssi_lmpwlen,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (rc != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smbsr_decode_data(sr, "%u", sr, &sinfo->ssi_user) != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smbsr_decode_data(sr, "%u", sr, &sinfo->ssi_domain) != 0)
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * We have dialect >= NT_LM_0_12
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* Old style (non-extended) request. */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* paranoid: ignore cap. ext. sec. here */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sinfo->ssi_capabilities &= ~CAP_EXTENDED_SECURITY;
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sinfo->ssi_lmpwd = smb_srm_zalloc(sr, sinfo->ssi_lmpwlen + 1);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sinfo->ssi_ntpwd = smb_srm_zalloc(sr, sinfo->ssi_ntpwlen + 1);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* New style (extended) request. */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross if ((sinfo->ssi_capabilities & CAP_EXTENDED_SECURITY) == 0) {
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sinfo->ssi_isecblob = smb_srm_zalloc(sr, sinfo->ssi_iseclen);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* Invalid message */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Get the "Native OS" and "Native LanMan" strings.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * These are not critical to protocol function, so
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * if we can't parse them, just guess "NT".
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * These strings are free'd with the sr.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * In NTLM 0.12, the padding between the Native OS and Native LM
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * is a bit strange. On NT4.0, there is a 2 byte pad between the
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * OS (Windows NT 1381) and LM (Windows NT 4.0). On Windows 2000,
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * there is no padding between the OS (Windows 2000 2195) and LM
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * (Windows 2000 5.0). If the padding is removed from the decode
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * string the NT4.0 LM comes out as an empty string. So if the
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * client's native OS is Win NT, assume extra padding.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross rc = smbsr_decode_data(sr, "%u", sr, &native_os);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sinfo->ssi_native_os = smbnative_os_value(native_os);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross rc = smbsr_decode_data(sr, "%,u", sr, &native_lm);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross rc = smbsr_decode_data(sr, "%u", sr, &native_lm);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sinfo->ssi_native_lm = smbnative_lm_value(native_lm);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross "SmbSessonSetupX: client %s invalid request",
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright DTRACE_SMB_2(op__SessionSetupX__start, smb_request_t *, sr,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright DTRACE_SMB_2(op__SessionSetupX__done, smb_request_t *, sr,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * NT systems use different native OS and native LanMan values dependent on
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * whether they are acting as a client or a server. NT 4.0 server responds
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * with the following values:
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * NativeOS: Windows NT 4.0
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * NativeLM: NT LAN Manager 4.0
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * Some stuff we do only in the first in a (possible)
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * sequence of session setup requests.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross if (sinfo->ssi_type != SMB_SSNSETUP_NTLM012_EXTSEC ||
12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* This is a first (or only) call */
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sr->session->smb_msg_size = sinfo->ssi_maxbufsize;
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sr->session->smb_max_mpx = sinfo->ssi_maxmpxcount;
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sr->session->capabilities = sinfo->ssi_capabilities;
12b65585e720714b31036daaa2b30eb76014048eGordon Ross sr->session->capabilities &= ~CAP_LEVEL_II_OPLOCKS;
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * The "meat" of authentication happens here.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross if (sinfo->ssi_type == SMB_SSNSETUP_NTLM012_EXTSEC)
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * This is not really an error, but tells the client
12b65585e720714b31036daaa2b30eb76014048eGordon Ross * it should send another session setup request.
12b65585e720714b31036daaa2b30eb76014048eGordon Ross smbsr_error(sr, status, ERRDOS, ERROR_ACCESS_DENIED);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross smbsr_error(sr, status, ERRSRV, ERRtoomanyuids);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross smbsr_error(sr, status, ERRDOS, ERROR_NO_LOGON_SERVERS);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross smbsr_error(sr, status, ERRDOS, ERROR_NETLOGON_NOT_STARTED);
12b65585e720714b31036daaa2b30eb76014048eGordon Ross action = SMB_USER_IS_GUEST(sr->uid_user) ? 1 : 0;
12b65585e720714b31036daaa2b30eb76014048eGordon Ross rc = smbsr_encode_result(sr, 3, VAR_BCC, "bb.www%uuu",
12b65585e720714b31036daaa2b30eb76014048eGordon Ross rc = smbsr_encode_result(sr, 4, VAR_BCC, "bb.wwww%#cuuu",