smb_session_setup_andx.c revision 9fb67ea305c66b6a297583b9b0db6796b0dfe497
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <smbsrv/smb_kproto.h>
#include <smbsrv/smb_token.h>
typedef struct smb_sessionsetup_info {
char *ssi_user;
char *ssi_domain;
char *ssi_native_os;
char *ssi_native_lm;
#define SMB_AUTH_FAILED -1
#define SMB_AUTH_USER 0
#define SMB_AUTH_GUEST 1
smb_session_key_t **);
{
return (SDRC_SUCCESS);
}
void
{
}
{
char ipaddr_buf[INET6_ADDRSTRLEN];
int native_lm;
int auth_res;
int rc;
if (rc != 0)
return (SDRC_ERROR);
/*
* The padding between the Native OS and Native LM is a
* bit strange. On NT4.0, there is a 2 byte pad between
* the OS (Windows NT 1381) and LM (Windows NT 4.0).
* On Windows 2000, there is no padding between the OS
* (Windows 2000 2195) and LM (Windows 2000 5.0).
*
* If the padding is removed from this decode string
* the NT4.0 LM comes out as an empty string.
*
* So if the client's native OS is Win NT we consider
* the padding otherwise we don't.
*/
sr,
if (rc != 0)
return (SDRC_ERROR);
else
/*
* If the Native Lanman cannot be determined,
* default to Windows NT.
*/
} else {
&sinfo.ssi_cipwlen);
if (rc != 0)
return (SDRC_ERROR);
if (rc != 0)
return (SDRC_ERROR);
/*
* Despite the CIFS/1.0 spec, the rest of this message is
* not always present. We need to try to get the account
* name and the primary domain but we don't care about the
* the native OS or native LanMan fields.
*/
}
/*
* If the sinfo.ssi_vcnumber is zero, we can discard any
* other connections associated with this client.
*/
if (sinfo.ssi_vcnumber == 0)
if (auth_res == SMB_AUTH_FAILED)
return (SDRC_ERROR);
if (native_lm == NATIVE_LM_WIN2000)
/*
* Check to see if SMB signing is enable, but if it is already turned
* on leave it.
* The first authenticated logon provides the MAC key and sequence
* numbers for signing all further session on the
* same network connection.
*/
"SmbSessonSetupX: client %s is not capable of signing",
return (SDRC_ERROR);
}
3,
-1, /* andx_off */
sr,
}
/*
* Tries to authenticate the connected user.
*
* It first tries to see if the user has already been authenticated.
* If a match is found, the user structure in the session is duplicated
* and the function returns. Otherwise, user information is passed to
* smbd for authentication. If smbd can authenticate the user an access
* token structure is returned. A cred_t and user structure is created
* based on the returned access token.
*/
static int
{
char *p;
(sinfo->ssi_cspwlen == 0) &&
(sinfo->ssi_cipwlen == 0 ||
} else {
}
/*
* Handle user@domain format.
*
* We need to extract the user and domain names but
* should keep the request data as is. This is important
* for some forms of authentication.
*/
*p = '\0';
}
}
/*
* See if this user has already been authenticated.
*
* If no domain name is provided we cannot determine whether
* this is a local or domain user when server is operating
* in domain mode, so lookup will be done after authentication.
*/
if (security == SMB_SECMODE_WORKGRP) {
} else {
}
? SMB_AUTH_GUEST : SMB_AUTH_USER);
}
&user_info);
return (SMB_AUTH_FAILED);
}
if (need_lookup) {
? SMB_AUTH_GUEST : SMB_AUTH_USER);
}
}
if (usr_token->tkn_session_key) {
sizeof (smb_session_key_t));
}
if (user->u_privcred)
}
return (SMB_AUTH_FAILED);
}
? SMB_AUTH_GUEST : SMB_AUTH_USER);
}