smb_session_setup_andx.c revision 148c5f43199ca0b43fc8e3b643aab11cd66ea327
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightstatic int smb_authenticate(smb_request_t *, smb_arg_sessionsetup_t *,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightstatic void smb_cred_set_sid(smb_id_t *id, ksid_t *ksid);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightstatic ksidlist_t *smb_cred_set_sidlist(smb_ids_t *token_grps);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * In NTLM 0.12, the padding between the Native OS and Native LM is a bit
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * strange. On NT4.0, there is a 2 byte pad between the OS (Windows NT 1381)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * and LM (Windows NT 4.0). On Windows 2000, there is no padding between
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * the OS (Windows 2000 2195) and LM (Windows 2000 5.0).
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If the padding is removed from the decode string the NT4.0 LM comes out
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * as an empty string. So if the client's native OS is Win NT we consider
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * the padding otherwise we don't.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * For Pre-NTLM 0.12, despite the CIFS/1.0 spec, the user and domain are
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * not always present in the message. We try to get the account name and
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * the primary domain but we don't care about the the native OS or native
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * LM fields.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If the Native LM cannot be determined, default to Windows NT.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sinfo = smb_srm_zalloc(sr, sizeof (smb_arg_sessionsetup_t));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rc = smbsr_decode_vwv(sr, "b.wwwwlww4.l", &sr->andx_com,
7b59d02d2a384be9a08087b14defadd214b3c1ddjb if (rc != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sinfo->ssi_cipwd = smb_srm_zalloc(sr, sinfo->ssi_cipwlen + 1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sinfo->ssi_cspwd = smb_srm_zalloc(sr, sinfo->ssi_cspwlen + 1);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (rc != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sr->session->native_os = smbnative_os_value(native_os);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright rc = smbsr_decode_data(sr, "%,u", sr, &native_lm);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright rc = smbsr_decode_data(sr, "%u", sr, &native_lm);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sr->session->native_lm = smbnative_lm_value(native_lm);
7b59d02d2a384be9a08087b14defadd214b3c1ddjb if (rc != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sinfo->ssi_cipwd = smb_srm_zalloc(sr, sinfo->ssi_cipwlen + 1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright rc = smbsr_decode_data(sr, "%#c", sr, sinfo->ssi_cipwlen,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (rc != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smbsr_decode_data(sr, "%u", sr, &sinfo->ssi_user) != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smbsr_decode_data(sr, "%u", sr, &sinfo->ssi_domain) != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sr->session->native_lm = smbnative_lm_value(native_lm);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright DTRACE_SMB_2(op__SessionSetupX__start, smb_request_t *, sr,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright DTRACE_SMB_2(op__SessionSetupX__done, smb_request_t *, sr,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright bzero(sinfo->ssi_cipwd, sinfo->ssi_cipwlen + 1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright bzero(sinfo->ssi_cspwd, sinfo->ssi_cspwlen + 1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If the vcnumber is zero, discard any other connections associated with
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * this client.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If signing has not already been enabled on this session check to see if
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * it should be enabled. The first authenticated logon provides the MAC
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * key and sequence numbers for signing all subsequent sessions on the same
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * connection.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * NT systems use different native OS and native LanMan values dependent on
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * whether they are acting as a client or a server. NT 4.0 server responds
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * with the following values:
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * NativeOS: Windows NT 4.0
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * NativeLM: NT LAN Manager 4.0
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb smb_server_reconnection_check(sr->sr_server, sr->session);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_authenticate(sr, sinfo, &session_key) != 0)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (sr->session->native_lm == NATIVE_LM_WIN2000)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright sr->session->capabilities = sinfo->ssi_capabilities;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (!(sr->session->signing.flags & SMB_SIGNING_ENABLED) &&
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (sr->session->secmode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) &&
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_sign_init(sr, session_key, (char *)sinfo->ssi_cspwd,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if (!(sr->smb_flg2 & SMB_FLAGS2_SMB_SECURITY_SIGNATURE) &&
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego (void) smb_inet_ntop(&sr->session->ipaddr, ipaddr_buf,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright "SmbSessonSetupX: client %s does not support signing",
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States smbnative_os_str(&sr->sr_cfg->skc_version),
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States smbnative_lm_str(&sr->sr_cfg->skc_version),
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Authenticate a user. If the user has already been authenticated on
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * this session, we can simply dup the user and return.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Otherwise, the user information is passed to smbd for authentication.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If smbd can authenticate the user an access token is returned and we
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * generate a cred and new user based on the token.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wrightsmb_authenticate(smb_request_t *sr, smb_arg_sessionsetup_t *sinfo,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States char *hostname = sr->sr_cfg->skc_hostname;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States int security = sr->sr_cfg->skc_secmode;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States smb_user_t *user = NULL;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States smb_logon_t user_info;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States boolean_t need_lookup = B_FALSE;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States uint32_t privileges;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States cred_t *cr;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States char *buf = NULL;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States char *p;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States bzero(&user_info, sizeof (smb_logon_t));
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if ((*sinfo->ssi_user == '\0') &&
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States (sinfo->ssi_cspwlen == 0) &&
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States (sinfo->ssi_cipwlen == 1 && *sinfo->ssi_cipwd == '\0'))) {
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_e_username = "anonymous";
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_flags |= SMB_ATF_ANON;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_e_username = sinfo->ssi_user;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Handle user@domain format. We need to retain the original
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * data as this is important in some forms of authentication.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_e_username = buf;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_e_domain = p + 1;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If no domain name has been provided in domain mode we cannot
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * determine if this is a local user or a domain user without
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * obtaining an access token. So we postpone the lookup until
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * after authentication.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego user = smb_session_dup_user(sr->session, hostname,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_e_username);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States } else if (*user_info.lg_e_domain != '\0') {
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user = smb_session_dup_user(sr->session, user_info.lg_e_domain,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_e_username);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_level = NETR_NETWORK_LOGON;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_domain = sinfo->ssi_domain;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_username = sinfo->ssi_user;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_workstation = sr->session->workstation;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_clnt_ipaddr = sr->session->ipaddr;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_local_ipaddr = sr->session->local_ipaddr;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_local_port = sr->session->s_local_port;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_challenge_key.val = sr->session->challenge_key;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_challenge_key.len = sr->session->challenge_len;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_nt_password.val = sinfo->ssi_cspwd;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_nt_password.len = sinfo->ssi_cspwlen;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_lm_password.val = sinfo->ssi_cipwd;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_lm_password.len = sinfo->ssi_cipwlen;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States user_info.lg_native_os = sr->session->native_os;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright user_info.lg_native_lm = sr->session->native_lm;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright DTRACE_PROBE1(smb__sessionsetup__clntinfo, smb_logon_t *, &user_info);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if ((token = smb_get_token(&user_info)) == NULL) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright return (-1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright token->tkn_domain_name, token->tkn_account_name);
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States *session_key = smb_srm_zalloc(sr, sizeof (smb_session_key_t));
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smbsr_error(sr, 0, ERRDOS, ERROR_INVALID_HANDLE);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright return (-1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright token->tkn_domain_name, token->tkn_account_name,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright token->tkn_flags, privileges, token->tkn_audit_sid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego smbsr_error(sr, 0, ERRDOS, ERROR_INVALID_HANDLE);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright return (-1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Allocate a Solaris cred and initialize it based on the access token.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If the user can be mapped to a non-ephemeral ID, the cred gid is set
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * to the Solaris user's primary group.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * If the mapped UID is ephemeral, or the primary group could not be
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * obtained, the cred gid is set to whatever Solaris group is mapped
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * to the token's primary group.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (!IDMAP_ID_IS_EPHEMERAL(token->tkn_user.i_id) &&
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (crsetugid(cr, token->tkn_user.i_id, gid) != 0) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (crsetgroups(cr, posix_grps->pg_ngrps, posix_grps->pg_grps) != 0) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_cred_set_sid(&token->tkn_primary_grp, &ksid);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright ksidlist = smb_cred_set_sidlist(&token->tkn_win_grps);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_token_query_privilege(token, SE_TAKE_OWNERSHIP_LUID))
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Initialize the ksid based on the given smb_id_t.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Allocate and initialize the ksidlist based on the access token group list.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright lp = kmem_zalloc(KSIDLIST_MEM(token_grps->i_cnt), KM_SLEEP);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright smb_cred_set_sid(&token_grps->i_ids[i], &lp->ksl_sids[i]);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Convert access token privileges to local definitions.
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_token_query_privilege(token, SE_BACKUP_LUID))
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_token_query_privilege(token, SE_RESTORE_LUID))
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright if (smb_token_query_privilege(token, SE_TAKE_OWNERSHIP_LUID))