Skip to content

Commit

Permalink
no need to set flags in cmd handlers now, clean up anonymous auth wrt…
Browse files Browse the repository at this point in the history 
… signing, proper nt login fail
  • Loading branch information
@bdodge
bdodge committed Sep 30, 2024
1 parent 7a4dc8f commit 4f66b7a
Show file tree
Hide file tree
Showing 21 changed files with 78 additions and 101 deletions.
2 changes: 1 addition & 1 deletion include/smb2/libsmb2.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1247,7 +1247,7 @@ struct smb2_server {
uint32_t max_read_size;
uint32_t max_write_size;
int signing_enabled;
int anonymous_enabled;
int allow_anonymous;
/* saved from negotiate to be used in validate negotiate info */
uint32_t capabilities;
uint32_t security_mode;
Expand Down
89 changes: 54 additions & 35 deletions lib/libsmb2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3239,6 +3239,8 @@ smb2_session_setup_request_cb(struct smb2_context *smb2, int status, void *comma
smb3_update_preauth_hash(smb2, smb2->in.niov - 1, &smb2->in.iov[1]);
memset(&err, 0, sizeof(err));

pdu = NULL;

if (smb2->sec == SMB2_SEC_NTLMSSP) {
if (ntlmssp_get_message_type(smb2,
req->security_buffer, req->security_buffer_length,
Expand Down Expand Up @@ -3287,8 +3289,18 @@ smb2_session_setup_request_cb(struct smb2_context *smb2, int status, void *comma
if (message_type == AUTHENTICATION_MESSAGE) {
if (!ntlmssp_get_authenticated(c_data->auth_data)) {
smb2_set_error(smb2, "Authentication failed: %s", smb2_get_error(smb2));
#if 0
smb2_close_context(smb2);
return;
#else
pdu = smb2_cmd_error_reply_async(smb2,
&err, SMB2_SESSION_SETUP,
SMB2_STATUS_LOGON_FAILURE, NULL, cb_data);
smb2_free_pdu(smb2, smb2->next_pdu);
smb2->next_pdu = smb2_allocate_pdu(smb2, SMB2_SESSION_SETUP,
smb2_session_setup_request_cb, cb_data);
more_processing_needed = 0;
#endif
}
if (ntlmssp_get_session_key(c_data->auth_data,
&smb2->session_key,
Expand Down Expand Up @@ -3317,29 +3329,36 @@ smb2_session_setup_request_cb(struct smb2_context *smb2, int status, void *comma
*/
smb2_create_signing_key(smb2);
}
rep.session_flags |= SMB2_SESSION_FLAG_IS_GUEST;

pdu = smb2_cmd_session_setup_reply_async(smb2, &rep, NULL, cb_data);
if (pdu == NULL) {
return;
}

if (more_processing_needed) {
pdu->header.status = SMB2_STATUS_MORE_PROCESSING_REQUIRED;

if (server->allow_anonymous &&
((smb2->user == NULL || smb2->user[0] == '\0')||
(smb2->password == NULL || smb2->password[0] == '\0'))) {
rep.session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
}
else {
if (server->handlers && server->handlers->session_established) {
ret = server->handlers->session_established(server, smb2);
if (ret) {
smb2_set_error(smb2, "server session start handler failed");
smb2_close_context(smb2);
return;
}

if (!pdu) {
pdu = smb2_cmd_session_setup_reply_async(smb2, &rep, NULL, cb_data);
if (pdu == NULL) {
return;
}

if (more_processing_needed) {
pdu->header.status = SMB2_STATUS_MORE_PROCESSING_REQUIRED;
}
else {
pdu = smb2_cmd_error_reply_async(smb2,
&err, SMB2_SESSION_SETUP,
SMB2_STATUS_NOT_IMPLEMENTED, NULL, cb_data);
if (server->handlers && server->handlers->session_established) {
ret = server->handlers->session_established(server, smb2);
if (ret) {
smb2_set_error(smb2, "server session start handler failed");
smb2_close_context(smb2);
return;
}
}
else {
pdu = smb2_cmd_error_reply_async(smb2,
&err, SMB2_SESSION_SETUP,
SMB2_STATUS_NOT_IMPLEMENTED, NULL, cb_data);
}
}
}
if (!smb2->next_pdu) {
Expand Down Expand Up @@ -3486,23 +3505,23 @@ smb2_negotiate_request_cb(struct smb2_context *smb2, int status, void *command_d
smb2->sign = 1;
}

if (server->signing_enabled) {
if (req->security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED &&
smb2->dialect == SMB2_VERSION_0210) {
/* smb2.1 requires signing if enabled on both sides
* regardless of what the flags say */
smb2->sign = 1;
}
#if 0
if (req->security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED &&
smb2->dialect == SMB2_VERSION_0311) {
/* smb3.1.1 requires signing if enabled on both sides
* regardless of what the flags say */
smb2->sign = 1;
if (!server->allow_anonymous ||
(smb2->password && smb2->password[0])) {
if (server->signing_enabled) {
if (req->security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED &&
smb2->dialect == SMB2_VERSION_0210) {
/* smb2.1 requires signing if enabled on both sides
* regardless of what the flags say */
smb2->sign = 1;
}
if (req->security_mode & SMB2_NEGOTIATE_SIGNING_ENABLED &&
smb2->dialect >= SMB2_VERSION_0311) {
/* smb3.1.1 requires signing if enabled on both sides
* regardless of what the flags say */
smb2->sign = 1;
}
}
#endif
}

if (smb2->seal) {
smb2->sign = 0;
}
Expand Down
14 changes: 9 additions & 5 deletions lib/ntlmssp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -864,7 +864,7 @@ ntlmssp_generate_blob(struct smb2_server *server, struct smb2_context *smb2, tim
}
}
else if (cmd == AUTHENTICATION_MESSAGE) {
auth_data->is_authenticated = !ntlmssp_authenticate_blob(server,
auth_data->is_authenticated = !ntlmssp_authenticate_blob(server,
smb2, auth_data,
ntlmssp, ntlmssp_len);
if (auth_data->spnego_wrap) {
Expand Down Expand Up @@ -972,15 +972,19 @@ ntlmssp_authenticate_blob(struct smb2_server *server, struct smb2_context *smb2,
auth_data->user);
return -1;
}
if (!smb2->password) {
if (!smb2->password && !server->allow_anonymous) {
smb2_set_error(smb2, "server has no passwd for %s",
auth_data->user);
return -1;
}
}
/* if no user/pw, an anonymous allowed, do anonymous */
if (!auth_data->user || (auth_data->user[0] == '\0')) {
return 0;
/* if no user/pw, and anonymous allowed, do anonymous */
if (!auth_data->user || (auth_data->user[0] == '\0') ||
!auth_data->password || (auth_data->password[0] == '\0')) {
if (server->allow_anonymous) {
return 0;
}
return -1;
}
//negotiate_flags = le32toh(u32);

Expand Down
9 changes: 5 additions & 4 deletions lib/pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -590,14 +590,15 @@ smb2_queue_pdu(struct smb2_context *smb2, struct smb2_pdu *pdu)
for (p = pdu; p; p = p->next_compound) {
if (smb2_is_server(smb2)) {
if (!(pdu->header.flags & SMB2_FLAGS_ASYNC_COMMAND)) {
/* set reply flag */
pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;

/* this is a reply to a request, so set message id to
* the same as it was in the request */
/* insure the reply message id matched the request */
req_pdu = smb2_find_pdu_by_command(smb2,
p->header.command);
if (req_pdu == NULL) {
smb2_set_error(smb2, "no matching PDU found for reply!");
smb2_set_error(smb2, "no matching req PDU "
"found for reply to cmd %d",
pdu->header.command);
}
else {
SMB2_LIST_REMOVE(&smb2->waitqueue, req_pdu);
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-close.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,9 +114,6 @@ smb2_encode_close_reply(struct smb2_context *smb2,
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_CLOSE_REPLY_SIZE & 0xfffffffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-create.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,9 +204,6 @@ smb2_encode_create_reply(struct smb2_context *smb2,
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_CREATE_REPLY_SIZE & 0xfffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-echo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,9 +108,6 @@ smb2_encode_echo_reply(struct smb2_context *smb2,
int len;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_ECHO_REPLY_SIZE;

buf = calloc(len, sizeof(uint8_t));
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-error.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,6 @@ smb2_encode_error_reply(struct smb2_context *smb2,
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_ERROR_REPLY_SIZE;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-flush.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,9 +112,6 @@ smb2_encode_flush_reply(struct smb2_context *smb2,
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_FLUSH_REPLY_SIZE & 0xfffffffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-ioctl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,9 +125,6 @@ smb2_encode_ioctl_reply(struct smb2_context *smb2,
uint8_t *buf;
struct smb2_iovec *iov, *ioctlv;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_IOCTL_REPLY_SIZE & 0xfffffffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
5 changes: 1 addition & 4 deletions lib/smb2-cmd-lock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,7 @@ smb2_encode_lock_reply(struct smb2_context *smb2,
int len;
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;


len = SMB2_LOCK_REPLY_SIZE & 0xfffffffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-logoff.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,9 +108,6 @@ smb2_encode_logoff_reply(struct smb2_context *smb2,
int len;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_LOGOFF_REPLY_SIZE;

buf = calloc(len, sizeof(uint8_t));
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-negotiate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,9 +204,6 @@ smb2_encode_negotiate_reply(struct smb2_context *smb2,
int len, seclen;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_NEGOTIATE_REPLY_SIZE & 0xfffe;
len = PAD_TO_32BIT(len);
if (smb2->dialect == SMB2_VERSION_ANY ||
Expand Down
4 changes: 0 additions & 4 deletions lib/smb2-cmd-notify.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,10 +115,6 @@ smb2_encode_change_notify_reply(struct smb2_context *smb2,
int len;
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_CHANGE_NOTIFY_REQUEST_SIZE & 0xfffffffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-query-directory.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,9 +206,6 @@ smb2_encode_query_directory_reply(struct smb2_context *smb2,
int in_offset;
int in_remain;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_QUERY_DIRECTORY_REPLY_SIZE & 0xfffe;
len = PAD_TO_32BIT(len);

Expand Down
4 changes: 0 additions & 4 deletions lib/smb2-cmd-query-info.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,6 @@ smb2_encode_query_info_reply(struct smb2_context *smb2,
int len;
uint8_t *buf;
struct smb2_iovec *iov, *cmdiov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_QUERY_INFO_REPLY_SIZE & 0xfffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-read.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,9 +169,6 @@ smb2_encode_read_reply(struct smb2_context *smb2,
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_READ_REPLY_SIZE & 0xfffffffe;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
5 changes: 1 addition & 4 deletions lib/smb2-cmd-tree-connect.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,10 +129,7 @@ smb2_encode_tree_connect_reply(struct smb2_context *smb2,
int len;
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;


len = SMB2_TREE_CONNECT_REPLY_SIZE;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-tree-disconnect.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,9 +109,6 @@ smb2_encode_tree_disconnect_reply(struct smb2_context *smb2,
int len;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_TREE_DISCONNECT_REPLY_SIZE;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
3 changes: 0 additions & 3 deletions lib/smb2-cmd-write.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,9 +157,6 @@ smb2_encode_write_reply(struct smb2_context *smb2,
uint8_t *buf;
struct smb2_iovec *iov;

pdu->header.flags |= SMB2_FLAGS_SERVER_TO_REDIR;
pdu->header.credit_request_response = 1;

len = SMB2_WRITE_REPLY_SIZE;
buf = calloc(len, sizeof(uint8_t));
if (buf == NULL) {
Expand Down
11 changes: 7 additions & 4 deletions lib/socket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -441,9 +441,11 @@ static int smb2_read_data(struct smb2_context *smb2, read_func func,
}
while (count > 0);

/* put on wait queue to queue_pdu doesn't complain */
SMB2_LIST_ADD_END(&smb2->waitqueue, pdu);

smb2->in.num_done = 0;
pdu->cb(smb2, smb2->hdr.status, pdu->payload, pdu->cb_data);
smb2_free_pdu(smb2, pdu);
smb2->pdu = NULL;
smb2->pdu = smb2->next_pdu;
smb2->next_pdu = NULL;
Expand Down Expand Up @@ -698,12 +700,13 @@ static int smb2_read_data(struct smb2_context *smb2, read_func func,
is_chained = smb2->hdr.next_command;

if (smb2->is_server) {
/* queue requests to correlate with replies we send back later */
/* queue requests to correlate our replies we send back later */
SMB2_LIST_ADD_END(&smb2->waitqueue, pdu);
/*
printf("wait queue:\n");
for (pdua = smb2->waitqueue; pdua; pdua = pdua->next) {
printf(" WQ req %d %ld next=%p\n", pdua->header.command, pdua->header.message_id, pdua->next);
for (struct smb2_pdu *pdua = smb2->waitqueue; pdua; pdua = pdua->next) {
printf(" WQ req %d %ld next=%p\n",
pdua->header.command, pdua->header.message_id, pdua->next);
}
*/
pdu->cb(smb2, smb2->hdr.status, pdu->payload, pdu->cb_data);
Expand Down

0 comments on commit 4f66b7a

Please sign in to comment.