Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Pipe SMB reply routines
4 : Copyright (C) Andrew Tridgell 1992-1998
5 : Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 : Copyright (C) Paul Ashton 1997-1998.
7 : Copyright (C) Jeremy Allison 2005.
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 : /*
23 : This file handles reply_ calls on named pipes that the server
24 : makes to handle specific protocols
25 : */
26 :
27 :
28 : #include "includes.h"
29 : #include "smbd/smbd.h"
30 : #include "smbd/globals.h"
31 : #include "libcli/security/security.h"
32 : #include "rpc_server/srv_pipe_hnd.h"
33 : #include "auth/auth_util.h"
34 : #include "librpc/rpc/dcerpc_helper.h"
35 :
36 17050 : NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
37 : struct files_struct **pfsp)
38 : {
39 17050 : struct smbXsrv_connection *xconn = smb_req->xconn;
40 17050 : struct connection_struct *conn = smb_req->conn;
41 620 : struct files_struct *fsp;
42 17050 : struct smb_filename *smb_fname = NULL;
43 17050 : struct auth_session_info *session_info = conn->session_info;
44 620 : NTSTATUS status;
45 :
46 17050 : status = file_new(smb_req, conn, &fsp);
47 17050 : if (!NT_STATUS_IS_OK(status)) {
48 0 : DEBUG(0, ("file_new failed: %s\n", nt_errstr(status)));
49 0 : return status;
50 : }
51 :
52 17050 : fsp->conn = conn;
53 17050 : fsp_set_fd(fsp, -1);
54 17050 : fsp->vuid = smb_req->vuid;
55 17050 : fsp->fsp_flags.can_lock = false;
56 17050 : fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
57 :
58 17050 : smb_fname = synthetic_smb_fname(talloc_tos(),
59 : name,
60 : NULL,
61 : NULL,
62 : 0,
63 : 0);
64 17050 : if (smb_fname == NULL) {
65 0 : file_free(smb_req, fsp);
66 0 : return NT_STATUS_NO_MEMORY;
67 : }
68 17050 : status = fsp_set_smb_fname(fsp, smb_fname);
69 17050 : TALLOC_FREE(smb_fname);
70 17050 : if (!NT_STATUS_IS_OK(status)) {
71 0 : file_free(smb_req, fsp);
72 0 : return status;
73 : }
74 :
75 17050 : if (smb_req->smb2req != NULL && smb_req->smb2req->was_encrypted) {
76 5 : struct security_token *security_token = NULL;
77 5 : uint16_t dialect = xconn->smb2.server.dialect;
78 5 : uint16_t srv_smb_encrypt = DCERPC_SMB_ENCRYPTION_REQUIRED;
79 5 : uint16_t cipher = xconn->smb2.server.cipher;
80 5 : struct dom_sid smb3_sid = global_sid_Samba_SMB3;
81 0 : size_t num_smb3_sids;
82 0 : bool ok;
83 :
84 5 : session_info = copy_session_info(fsp, conn->session_info);
85 5 : if (session_info == NULL) {
86 0 : DBG_ERR("Failed to copy session info\n");
87 0 : file_free(smb_req, fsp);
88 0 : return NT_STATUS_NO_MEMORY;
89 : }
90 5 : security_token = session_info->security_token;
91 :
92 : /*
93 : * Security check:
94 : *
95 : * Make sure we don't have a SMB3 SID in the security token!
96 : */
97 5 : num_smb3_sids = security_token_count_flag_sids(security_token,
98 : &smb3_sid,
99 : 3,
100 : NULL);
101 5 : if (num_smb3_sids != 0) {
102 0 : DBG_ERR("ERROR: %zu SMB3 SIDs have already been "
103 : "detected in the security token!\n",
104 : num_smb3_sids);
105 0 : file_free(smb_req, fsp);
106 0 : return NT_STATUS_ACCESS_DENIED;
107 : }
108 :
109 5 : ok = sid_append_rid(&smb3_sid, dialect);
110 5 : ok &= sid_append_rid(&smb3_sid, srv_smb_encrypt);
111 5 : ok &= sid_append_rid(&smb3_sid, cipher);
112 :
113 5 : if (!ok) {
114 0 : DBG_ERR("sid too small\n");
115 0 : file_free(smb_req, fsp);
116 0 : return NT_STATUS_BUFFER_TOO_SMALL;
117 : }
118 :
119 5 : status = add_sid_to_array_unique(security_token,
120 : &smb3_sid,
121 : &security_token->sids,
122 : &security_token->num_sids);
123 5 : if (!NT_STATUS_IS_OK(status)) {
124 0 : DBG_ERR("Failed to add SMB3 SID to security token\n");
125 0 : file_free(smb_req, fsp);
126 0 : return status;
127 : }
128 :
129 5 : fsp->fsp_flags.encryption_required = true;
130 : }
131 :
132 17670 : status = np_open(fsp, name,
133 16430 : conn->sconn->remote_address,
134 16430 : conn->sconn->local_address,
135 : session_info,
136 16430 : conn->sconn->ev_ctx,
137 16430 : conn->sconn->msg_ctx,
138 17050 : conn->sconn->dce_ctx,
139 17050 : &fsp->fake_file_handle);
140 17050 : if (!NT_STATUS_IS_OK(status)) {
141 151 : DEBUG(10, ("np_open(%s) returned %s\n", name,
142 : nt_errstr(status)));
143 151 : file_free(smb_req, fsp);
144 151 : return status;
145 : }
146 :
147 16899 : *pfsp = fsp;
148 :
149 16899 : return NT_STATUS_OK;
150 : }
|
