smb_session_setup_andx.c revision bbf6f00c25b6a2bed23c35eac6d62998ecdb338c
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB: session_setup_andx
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This SMB is used to further "Set up" the session normally just
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * established via the negotiate protocol.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * One primary function is to perform a "user logon" in the case where the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * server is in user level security mode. The Uid in the SMB header is set
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * by the client to be the userid desired for the AccountName and validated
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * by the AccountPassword.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If the negotiated protocol is prior to NT LM 0.12, the format of
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_SESSION_SETUP_ANDX is:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Client Request Description
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ============================== =====================================
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR WordCount; Count of parameter words = 10
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR AndXCommand; Secondary (X) command; 0xFF = none
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR AndXReserved; Reserved (must be 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT AndXOffset; Offset to next command WordCount
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT MaxBufferSize; Client maximum buffer size
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT MaxMpxCount; Actual maximum multiplexed pending
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * requests
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT VcNumber; 0 = first (only), nonzero=additional
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * VC number
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ULONG SessionKey; Session key (valid iff VcNumber != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT PasswordLength; Account password size
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ULONG Reserved; Must be 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT ByteCount; Count of data bytes; min = 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR AccountPassword[]; Account Password
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING AccountName[]; Account Name
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING PrimaryDomain[]; Client's primary domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING NativeOS[]; Client's native operating system
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING NativeLanMan[]; Client's native LAN Manager type
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and the response is:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Server Response Description
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ================================== =================================
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR WordCount; Count of parameter words = 3
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR AndXCommand; Secondary (X) command; 0xFF =
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR AndXReserved; Reserved (must be 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT AndXOffset; Offset to next command WordCount
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT Action; Request mode:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * bit0 = logged in as GUEST
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT ByteCount; Count of data bytes
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING NativeOS[]; Server's native operating system
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING NativeLanMan[]; Server's native LAN Manager type
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING PrimaryDomain[]; Server's primary domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If the server is in "share level security mode", the account name and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * passwd should be ignored by the server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If challenge/response authentication is not being used, AccountPassword
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should be a null terminated ASCII string with PasswordLength set to the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * string size including the null; the password will case insensitive. If
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * challenge/response authentication is being used (see section 2.10), then
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * AccountPassword will be the response to the server's challenge, and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * PasswordLength should be set to its length.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The server validates the name and password supplied and if valid, it
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * registers the user identifier on this session as representing the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * specified AccountName. The Uid field in the SMB header will then be
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * used to validate access on subsequent SMB requests. The SMB requests
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * where permission checks are required are those which refer to a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * symbolically named resource such as SMB_COM_OPEN, SMB_COM_RENAME,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_DELETE, etc.. The value of the Uid is relative to a specific
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * client/server session so it is possible to have the same Uid value
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * represent two different users on two different sessions at the server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Multiple session setup commands may be sent to register additional users
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * on this session. If the server receives an additional
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_SESSION_SETUP_ANDX, only the Uid, AccountName and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * AccountPassword fields need contain valid values (the server MUST ignore
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the other fields).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The client writes the name of its domain in PrimaryDomain if it knows
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * what the domain name is. If the domain name is unknown, the client
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * either encodes it as a NULL string, or as a question mark.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If bit0 of Action is set, this informs the client that although the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * server did not recognize the AccountName, it logged the user in as a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * guest. This is optional behavior by the server, and in any case one
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * would ordinarily expect guest privileges to limited.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Another function of the Session Set Up protocol is to inform the server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * of the maximum values which will be utilized by this client. Here
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * MaxBufferSize is the maximum message size which the client can receive.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Thus although the server may support 16k buffers (as returned in the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_NEGOTIATE response), if the client only has 4k buffers, the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * value of MaxBufferSize here would be 4096. The minimum allowable value
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * for MaxBufferSize is 1024. The SMB_COM_NEGOTIATE response includes the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * server buffer size supported. Thus this is the maximum SMB message size
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * which the client can send to the server. This size may be larger than
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the size returned to the server from the client via the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_SESSION_SETUP_AND X protocol which is the maximum SMB message
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * size which the server may send to the client. Thus if the server's
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * buffer size were 4k and the client's buffer size were only 2K, the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * client could send up to 4k (standard) write requests but must only
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * request up to 2k for (standard) read requests.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The field, MaxMpxCount informs the server of the maximum number of
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * requests which the client will have outstanding to the server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * simultaneously (see sections 5.13 and 5.25).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The VcNumber field specifies whether the client wants this to be the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * first VC or an additional VC. If the the SMB_COM_SESSION_SETUP_ANDX
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * request contains a VcNumber of 0 and other VCs are still connected to
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * that client, they should be aborted to free any resources held by the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * server. This condition could occur if the client was rebooted and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * reconnected to the server before the transport level had informed the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * server of the previous VC termination. There is more information on
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The values for MaxBufferSize, MaxMpxCount, and VcNumber must be less
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * than or equal to the maximum values supported by the server as returned
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * in the SMB_COM_NEGOTIATE response.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If the negotiated SMB dialect is "NT LM 0.12" or later, the format of
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the response SMB is unchanged, but the request is:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Client Request Description
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ============================== =====================================
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR WordCount; Count of parameter words = 13
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR AndXCommand; Secondary (X) command; 0xFF = none
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR AndXReserved; Reserved (must be 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT AndXOffset; Offset to next command WordCount
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT MaxBufferSize; Client's maximum buffer size
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT MaxMpxCount; Actual maximum multiplexed pending
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * requests
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT VcNumber; 0 = first (only), nonzero=additional
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * VC number
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ULONG SessionKey; Session key (valid iff VcNumber != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT Account password size, ANSI
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CaseInsensitivePasswordLength;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT Account password size, Unicode
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CaseSensitivePasswordLength;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ULONG Reserved; must be 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ULONG Capabilities; Client capabilities
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * USHORT ByteCount; Count of data bytes; min = 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR Account Password, ANSI
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CaseInsensitivePassword[];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * UCHAR CaseSensitivePassword[]; Account Password, Unicode
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING AccountName[]; Account Name, Unicode
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING PrimaryDomain[]; Client's primary domain, Unicode
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING NativeOS[]; Client's native operating system,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * STRING NativeLanMan[]; Client's native LAN Manager type,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The client expresses its capabilities to the server encoded in the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Capabilities field:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Capability Name Encoding Description
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ======================== ========= ================================
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CAP_UNICODE 0x0004 The client can use UNICODE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CAP_LARGE_FILES 0x0008 The client can deal with files
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * having 64 bit offsets
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CAP_NT_SMBS 0x0010 The client understands the SMBs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * introduced with the NT LM 0.12
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * dialect. Implies CAP_NT_FIND.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CAP_NT_FIND 0x0200
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CAP_STATUS32 0x0040 The client can receive 32 bit
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * errors encoded in Status.Status
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CAP_LEVEL_II_OPLOCKS 0x0080 The client understands Level II
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The entire message sent and received including the optional ANDX SMB
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * must fit in the negotiated maximum transfer size. The following are the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * only valid SMB commands for AndXCommand for SMB_COM_SESSION_SETUP_ANDX
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_TREE_CONNECT_ANDX SMB_COM_OPEN
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_OPEN_ANDX SMB_COM_CREATE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_CREATE_NEW SMB_COM_CREATE_DIRECTORY
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_DELETE SMB_COM_DELETE_DIRECTORY
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_FIND SMB_COM_FIND_UNIQUE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_COPY SMB_COM_RENAME
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_NT_RENAME SMB_COM_CHECK_DIRECTORY
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_QUERY_INFORMATION SMB_COM_SET_INFORMATION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_NO_ANDX_COMMAND SMB_COM_OPEN_PRINT_FILE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SMB_COM_GET_PRINT_QUEUE SMB_COM_TRANSACTION
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 4.1.2.1 Errors
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ERRSRV/ERRerror - no NEG_PROT issued
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ERRSRV/ERRbadpw - password not correct for given user name
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ERRSRV/ERRtoomanyuids - maximum number of users per session exceeded
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * ERRSRV/ERRnosupport - chaining of this request to the previous one is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * not supported
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic int smb_authenticate(smb_request_t *, smb_sessionsetup_info_t *,
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb DTRACE_SMB_1(op__SessionSetupX__start, smb_request_t *, sr);
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb DTRACE_SMB_1(op__SessionSetupX__done, smb_request_t *, sr);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego bzero(&sinfo, sizeof (smb_sessionsetup_info_t));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rc = smbsr_decode_vwv(sr, "b.wwwwlww4.l", &sr->andx_com,
7b59d02d2a384be9a08087b14defadd214b3c1ddjb if (rc != 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego sinfo.ssi_cipwd = kmem_alloc(sinfo.ssi_cipwlen + 1, KM_SLEEP);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego sinfo.ssi_cspwd = kmem_alloc(sinfo.ssi_cspwlen + 1, KM_SLEEP);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The padding between the Native OS and Native LM is a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * bit strange. On NT4.0, there is a 2 byte pad between
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the OS (Windows NT 1381) and LM (Windows NT 4.0).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On Windows 2000, there is no padding between the OS
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * (Windows 2000 2195) and LM (Windows 2000 5.0).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If the padding is removed from this decode string
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the NT4.0 LM comes out as an empty string.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * So if the client's native OS is Win NT we consider
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the padding otherwise we don't.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (rc != 0) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego kmem_free(sinfo.ssi_cipwd, sinfo.ssi_cipwlen + 1);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego kmem_free(sinfo.ssi_cspwd, sinfo.ssi_cspwlen + 1);
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright * If the Native Lanman cannot be determined,
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright * default to Windows NT.
7b59d02d2a384be9a08087b14defadd214b3c1ddjb if (rc != 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego sinfo.ssi_cipwd = kmem_alloc(sinfo.ssi_cipwlen + 1, KM_SLEEP);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego rc = smbsr_decode_data(sr, "%#c", sr, sinfo.ssi_cipwlen,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (rc != 0) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego kmem_free(sinfo.ssi_cipwd, sinfo.ssi_cipwlen + 1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Despite the CIFS/1.0 spec, the rest of this message is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * not always present. We need to try to get the account
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * name and the primary domain but we don't care about the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the native OS or native LanMan fields.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smbsr_decode_data(sr, "%u", sr, &sinfo.ssi_user) != 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if (smbsr_decode_data(sr, "%u", sr, &sinfo.ssi_domain) != 0)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If the sinfo.ssi_vcnumber is zero, we can discard any
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * other connections associated with this client.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb smb_server_reconnection_check(sr->sr_server, sr->session);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego auth_res = smb_authenticate(sr, &sinfo, &session_key);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego kmem_free(sinfo.ssi_cipwd, sinfo.ssi_cipwlen + 1);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego kmem_free(sinfo.ssi_cspwd, sinfo.ssi_cspwlen + 1);
fc724630b14603e4c1147df68b7bf45f7de7431fAlan Wright native_lm = smbnative_lm_value(sinfo.ssi_native_lm);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright sr->session->smb_msg_size = sinfo.ssi_maxbufsize;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego sr->session->capabilities = sinfo.ssi_capabilities;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Check to see if SMB signing is enable, but if it is already turned
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * on leave it.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The first authenticated logon provides the MAC key and sequence
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * numbers for signing all further session on the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * same network connection.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (!(sr->session->signing.flags & SMB_SIGNING_ENABLED) &&
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (sr->session->secmode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) &&
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego smb_sign_init(sr, session_key, (char *)sinfo.ssi_cspwd,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego kmem_free(sinfo.ssi_cspwd, sinfo.ssi_cspwlen + 1);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if (!(sr->smb_flg2 & SMB_FLAGS2_SMB_SECURITY_SIGNATURE) &&
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego (void) smb_inet_ntop(&sr->session->ipaddr, ipaddr_buf,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego "SmbSessonSetupX: client %s is not capable of signing",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NT systems use different native OS and native LanMan values
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * dependent on whether they are acting as a client or a server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * As a server, NT 4.0 responds with the following values:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NativeOS: Windows NT 4.0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * NativeLM: NT LAN Manager 4.0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * We should probably use the same values as NT but this code has
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * been using the product name and "Windows NT 4.0" for a long time
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and I don't know if a change would cause any problems (see the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * conditional test below).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Windows NT 4.0",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "NT LAN Manager 4.0",
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Tries to authenticate the connected user.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * It first tries to see if the user has already been authenticated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If a match is found, the user structure in the session is duplicated
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * and the function returns. Otherwise, user information is passed to
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * smbd for authentication. If smbd can authenticate the user an access
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * token structure is returned. A cred_t and user structure is created
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * based on the returned access token.
7f667e74610492ddbce8ce60f52ece95d2401949jose borregosmb_authenticate(smb_request_t *sr, smb_sessionsetup_info_t *sinfo,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (sinfo->ssi_cipwlen == 1 && *sinfo->ssi_cipwd == 0))) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Handle user@domain format.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * We need to extract the user and domain names but
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * should keep the request data as is. This is important
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * for some forms of authentication.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * See if this user has already been authenticated.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * If no domain name is provided we cannot determine whether
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * this is a local or domain user when server is operating
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in domain mode, so lookup will be done after authentication.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego user = smb_session_dup_user(sr->session, hostname,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright user = smb_session_dup_user(sr->session, clnt_info.e_domain,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.workstation = sr->session->workstation;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.local_ipaddr = sr->session->local_ipaddr;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.nt_password.nt_password_val = sinfo->ssi_cspwd;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.nt_password.nt_password_len = sinfo->ssi_cspwlen;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.lm_password.lm_password_val = sinfo->ssi_cipwd;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.lm_password.lm_password_len = sinfo->ssi_cipwlen;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.native_lm = smbnative_lm_value(sinfo->ssi_native_lm);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego clnt_info.local_port = sr->session->s_local_port;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego DTRACE_PROBE1(smb__sessionsetup__clntinfo, netr_client_t *,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego usr_token->tkn_domain_name, usr_token->tkn_account_name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *session_key = kmem_alloc(sizeof (smb_session_key_t),
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego (void) memcpy(*session_key, usr_token->tkn_session_key,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if ((cr = smb_cred_create(usr_token, &privileges)) != NULL) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego kmem_free(*session_key, sizeof (smb_session_key_t));