/*
Unix SMB/CIFS implementation.
client file operations
Copyright (C) Andrew Tridgell 1994-1998
Copyright (C) Jeremy Allison 2001-2002
Copyright (C) James Myers 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
#include "includes.h"
#include "libcli/smb/smb_common.h"
#include "system/filesys.h"
#include "lib/param/loadparm.h"
#include "lib/param/param.h"
#include "libcli/smb/smb2_negotiate_context.h"
const char *smb_protocol_types_string(enum protocol_types protocol)
{
switch (protocol) {
case PROTOCOL_DEFAULT:
return "DEFAULT";
case PROTOCOL_NONE:
return "NONE";
case PROTOCOL_CORE:
return "CORE";
case PROTOCOL_COREPLUS:
return "COREPLUS";
case PROTOCOL_LANMAN1:
return "LANMAN1";
case PROTOCOL_LANMAN2:
return "LANMAN2";
case PROTOCOL_NT1:
return "NT1";
case PROTOCOL_SMB2_02:
return "SMB2_02";
case PROTOCOL_SMB2_10:
return "SMB2_10";
case PROTOCOL_SMB3_00:
return "SMB3_00";
case PROTOCOL_SMB3_02:
return "SMB3_02";
case PROTOCOL_SMB3_11:
return "SMB3_11";
}
return "Invalid protocol_types value";
}
/**
Return a string representing a CIFS attribute for a file.
**/
char *attrib_string(TALLOC_CTX *mem_ctx, uint32_t attrib)
{
size_t i, len;
static const struct {
char c;
uint16_t attr;
} attr_strs[] = {
{'V', FILE_ATTRIBUTE_VOLUME},
{'D', FILE_ATTRIBUTE_DIRECTORY},
{'A', FILE_ATTRIBUTE_ARCHIVE},
{'H', FILE_ATTRIBUTE_HIDDEN},
{'S', FILE_ATTRIBUTE_SYSTEM},
{'N', FILE_ATTRIBUTE_NORMAL},
{'R', FILE_ATTRIBUTE_READONLY},
{'d', FILE_ATTRIBUTE_DEVICE},
{'t', FILE_ATTRIBUTE_TEMPORARY},
{'s', FILE_ATTRIBUTE_SPARSE},
{'r', FILE_ATTRIBUTE_REPARSE_POINT},
{'c', FILE_ATTRIBUTE_COMPRESSED},
{'o', FILE_ATTRIBUTE_OFFLINE},
{'n', FILE_ATTRIBUTE_NONINDEXED},
{'e', FILE_ATTRIBUTE_ENCRYPTED}
};
char *ret;
ret = talloc_array(mem_ctx, char, ARRAY_SIZE(attr_strs)+1);
if (!ret) {
return NULL;
}
for (len=i=0; i bufsize) || (offset + length > bufsize)) {
/* overflow */
return true;
}
return false;
}
/***********************************************************
Common function for pushing strings, used by smb_bytes_push_str()
and trans_bytes_push_str(). Only difference is the align_odd
parameter setting.
***********************************************************/
static uint8_t *internal_bytes_push_str(uint8_t *buf, bool ucs2,
const char *str, size_t str_len,
bool align_odd,
size_t *pconverted_size)
{
TALLOC_CTX *frame = talloc_stackframe();
size_t buflen;
char *converted;
size_t converted_size;
/*
* This check prevents us from
* (re)alloc buf on a NULL TALLOC_CTX.
*/
if (buf == NULL) {
TALLOC_FREE(frame);
return NULL;
}
buflen = talloc_get_size(buf);
if (ucs2 &&
((align_odd && (buflen % 2 == 0)) ||
(!align_odd && (buflen % 2 == 1)))) {
/*
* We're pushing into an SMB buffer, align odd
*/
buf = talloc_realloc(NULL, buf, uint8_t, buflen + 1);
if (buf == NULL) {
TALLOC_FREE(frame);
return NULL;
}
buf[buflen] = '\0';
buflen += 1;
}
if (!convert_string_talloc(frame, CH_UNIX,
ucs2 ? CH_UTF16LE : CH_DOS,
str, str_len, &converted,
&converted_size)) {
TALLOC_FREE(frame);
return NULL;
}
buf = talloc_realloc(NULL, buf, uint8_t,
buflen + converted_size);
if (buf == NULL) {
TALLOC_FREE(frame);
return NULL;
}
memcpy(buf + buflen, converted, converted_size);
TALLOC_FREE(converted);
if (pconverted_size) {
*pconverted_size = converted_size;
}
TALLOC_FREE(frame);
return buf;
}
/***********************************************************
Push a string into an SMB buffer, with odd byte alignment
if it's a UCS2 string.
***********************************************************/
uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2,
const char *str, size_t str_len,
size_t *pconverted_size)
{
return internal_bytes_push_str(buf, ucs2, str, str_len,
true, pconverted_size);
}
uint8_t *smb_bytes_push_bytes(uint8_t *buf, uint8_t prefix,
const uint8_t *bytes, size_t num_bytes)
{
size_t buflen;
/*
* This check prevents us from
* (re)alloc buf on a NULL TALLOC_CTX.
*/
if (buf == NULL) {
return NULL;
}
buflen = talloc_get_size(buf);
buf = talloc_realloc(NULL, buf, uint8_t,
buflen + 1 + num_bytes);
if (buf == NULL) {
return NULL;
}
buf[buflen] = prefix;
memcpy(&buf[buflen+1], bytes, num_bytes);
return buf;
}
/***********************************************************
Same as smb_bytes_push_str(), but without the odd byte
align for ucs2 (we're pushing into a param or data block).
static for now, although this will probably change when
other modules use async trans calls.
***********************************************************/
uint8_t *trans2_bytes_push_str(uint8_t *buf, bool ucs2,
const char *str, size_t str_len,
size_t *pconverted_size)
{
return internal_bytes_push_str(buf, ucs2, str, str_len,
false, pconverted_size);
}
uint8_t *trans2_bytes_push_bytes(uint8_t *buf,
const uint8_t *bytes, size_t num_bytes)
{
size_t buflen;
if (buf == NULL) {
return NULL;
}
buflen = talloc_get_size(buf);
buf = talloc_realloc(NULL, buf, uint8_t,
buflen + num_bytes);
if (buf == NULL) {
return NULL;
}
memcpy(&buf[buflen], bytes, num_bytes);
return buf;
}
static NTSTATUS internal_bytes_pull_str(TALLOC_CTX *mem_ctx, char **_str,
bool ucs2, bool align_odd,
const uint8_t *buf, size_t buf_len,
const uint8_t *position,
size_t *p_consumed)
{
size_t pad = 0;
size_t offset;
char *str = NULL;
size_t str_len = 0;
bool ok;
*_str = NULL;
if (p_consumed != NULL) {
*p_consumed = 0;
}
if (position < buf) {
return NT_STATUS_INTERNAL_ERROR;
}
offset = PTR_DIFF(position, buf);
if (offset > buf_len) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
if (ucs2 &&
((align_odd && (offset % 2 == 0)) ||
(!align_odd && (offset % 2 == 1)))) {
pad += 1;
offset += 1;
}
if (offset > buf_len) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
buf_len -= offset;
buf += offset;
if (ucs2) {
buf_len = utf16_null_terminated_len_n(buf, buf_len);
} else {
size_t tmp = strnlen((const char *)buf, buf_len);
if (tmp < buf_len) {
tmp += 1;
}
buf_len = tmp;
}
ok = convert_string_talloc(mem_ctx,
ucs2 ? CH_UTF16LE : CH_DOS,
CH_UNIX,
buf, buf_len,
&str, &str_len);
if (!ok) {
return map_nt_error_from_unix_common(errno);
}
if (p_consumed != NULL) {
*p_consumed = buf_len + pad;
}
*_str = str;
return NT_STATUS_OK;
}
NTSTATUS smb_bytes_pull_str(TALLOC_CTX *mem_ctx, char **_str, bool ucs2,
const uint8_t *buf, size_t buf_len,
const uint8_t *position,
size_t *_consumed)
{
return internal_bytes_pull_str(mem_ctx, _str, ucs2, true,
buf, buf_len, position, _consumed);
}
/**
* @brief Translate SMB signing settings as string to an enum.
*
* @param[in] str The string to translate.
*
* @return A corresponding enum @smb_signing_setting translated from the string.
*/
enum smb_signing_setting smb_signing_setting_translate(const char *str)
{
enum smb_signing_setting signing_state = SMB_SIGNING_REQUIRED;
int32_t val = lpcfg_parse_enum_vals("client signing", str);
if (val != INT32_MIN) {
signing_state = val;
}
return signing_state;
}
/**
* @brief Translate SMB encryption settings as string to an enum.
*
* @param[in] str The string to translate.
*
* @return A corresponding enum @smb_encryption_setting translated from the
* string.
*/
enum smb_encryption_setting smb_encryption_setting_translate(const char *str)
{
enum smb_encryption_setting encryption_state = SMB_ENCRYPTION_REQUIRED;
int32_t val = lpcfg_parse_enum_vals("client smb encrypt", str);
if (val != INT32_MIN) {
encryption_state = val;
}
return encryption_state;
}
static const struct enum_list enum_smb3_signing_algorithms[] = {
{SMB2_SIGNING_AES128_GMAC, "AES-128-GMAC"},
{SMB2_SIGNING_AES128_CMAC, "AES-128-CMAC"},
{SMB2_SIGNING_HMAC_SHA256, "HMAC-SHA256"},
{-1, NULL}
};
const char *smb3_signing_algorithm_name(uint16_t algo)
{
size_t i;
for (i = 0; i < ARRAY_SIZE(enum_smb3_signing_algorithms); i++) {
if (enum_smb3_signing_algorithms[i].value != algo) {
continue;
}
return enum_smb3_signing_algorithms[i].name;
}
return NULL;
}
static const struct enum_list enum_smb3_encryption_algorithms[] = {
{SMB2_ENCRYPTION_AES128_GCM, "AES-128-GCM"},
{SMB2_ENCRYPTION_AES128_CCM, "AES-128-CCM"},
{SMB2_ENCRYPTION_AES256_GCM, "AES-256-GCM"},
{SMB2_ENCRYPTION_AES256_CCM, "AES-256-CCM"},
{-1, NULL}
};
const char *smb3_encryption_algorithm_name(uint16_t algo)
{
size_t i;
for (i = 0; i < ARRAY_SIZE(enum_smb3_encryption_algorithms); i++) {
if (enum_smb3_encryption_algorithms[i].value != algo) {
continue;
}
return enum_smb3_encryption_algorithms[i].name;
}
return NULL;
}
static int32_t parse_enum_val(const struct enum_list *e,
const char *param_name,
const char *param_value)
{
struct parm_struct parm = {
.label = param_name,
.type = P_LIST,
.p_class = P_GLOBAL,
.enum_list = e,
};
int32_t ret = INT32_MIN;
bool ok;
ok = lp_set_enum_parm(&parm, param_value, &ret);
if (!ok) {
return INT32_MIN;
}
return ret;
}
struct smb311_capabilities smb311_capabilities_parse(const char *role,
const char * const *signing_algos,
const char * const *encryption_algos)
{
struct smb311_capabilities c = {
.signing = {
.num_algos = 0,
},
.encryption = {
.num_algos = 0,
},
};
char sign_param[64] = { 0, };
char enc_param[64] = { 0, };
size_t ai;
snprintf(sign_param, sizeof(sign_param),
"%s smb3 signing algorithms", role);
snprintf(enc_param, sizeof(enc_param),
"%s smb3 encryption algorithms", role);
for (ai = 0; signing_algos != NULL && signing_algos[ai] != NULL; ai++) {
const char *algoname = signing_algos[ai];
int32_t v32;
uint16_t algo;
size_t di;
bool ignore = false;
if (c.signing.num_algos >= SMB3_ENCRYTION_CAPABILITIES_MAX_ALGOS) {
DBG_ERR("WARNING: Ignoring trailing value '%s' for parameter '%s'\n",
algoname, sign_param);
continue;
}
v32 = parse_enum_val(enum_smb3_signing_algorithms,
sign_param, algoname);
if (v32 == INT32_MAX) {
continue;
}
algo = v32;
for (di = 0; di < c.signing.num_algos; di++) {
if (algo != c.signing.algos[di]) {
continue;
}
ignore = true;
break;
}
if (ignore) {
DBG_ERR("WARNING: Ignoring duplicate value '%s' for parameter '%s'\n",
algoname, sign_param);
continue;
}
c.signing.algos[c.signing.num_algos] = algo;
c.signing.num_algos += 1;
}
for (ai = 0; encryption_algos != NULL && encryption_algos[ai] != NULL; ai++) {
const char *algoname = encryption_algos[ai];
int32_t v32;
uint16_t algo;
size_t di;
bool ignore = false;
if (c.encryption.num_algos >= SMB3_ENCRYTION_CAPABILITIES_MAX_ALGOS) {
DBG_ERR("WARNING: Ignoring trailing value '%s' for parameter '%s'\n",
algoname, enc_param);
continue;
}
v32 = parse_enum_val(enum_smb3_encryption_algorithms,
enc_param, algoname);
if (v32 == INT32_MAX) {
continue;
}
algo = v32;
for (di = 0; di < c.encryption.num_algos; di++) {
if (algo != c.encryption.algos[di]) {
continue;
}
ignore = true;
break;
}
if (ignore) {
DBG_ERR("WARNING: Ignoring duplicate value '%s' for parameter '%s'\n",
algoname, enc_param);
continue;
}
c.encryption.algos[c.encryption.num_algos] = algo;
c.encryption.num_algos += 1;
}
return c;
}
NTSTATUS smb311_capabilities_check(const struct smb311_capabilities *c,
const char *debug_prefix,
int debug_lvl,
NTSTATUS error_status,
const char *role,
enum protocol_types protocol,
uint16_t sign_algo,
uint16_t cipher_algo)
{
const struct smb3_signing_capabilities *sign_algos =
&c->signing;
const struct smb3_encryption_capabilities *ciphers =
&c->encryption;
bool found_signing = false;
bool found_encryption = false;
size_t i;
for (i = 0; i < sign_algos->num_algos; i++) {
if (sign_algo == sign_algos->algos[i]) {
/*
* We found a match
*/
found_signing = true;
break;
}
}
for (i = 0; i < ciphers->num_algos; i++) {
if (cipher_algo == SMB2_ENCRYPTION_NONE) {
/*
* encryption not supported, we'll error out later
*/
found_encryption = true;
break;
}
if (cipher_algo == ciphers->algos[i]) {
/*
* We found a match
*/
found_encryption = true;
break;
}
}
if (!found_signing) {
/*
* We negotiated a signing algo we don't allow,
* most likely for SMB < 3.1.1
*/
DEBUG(debug_lvl,("%s: "
"SMB3 signing algorithm[%u][%s] on dialect[%s] "
"not allowed by '%s smb3 signing algorithms' - %s.\n",
debug_prefix,
sign_algo,
smb3_signing_algorithm_name(sign_algo),
smb_protocol_types_string(protocol),
role,
nt_errstr(error_status)));
return error_status;
}
if (!found_encryption) {
/*
* We negotiated a cipher we don't allow,
* most likely for SMB 3.0 and 3.0.2
*/
DEBUG(debug_lvl,("%s: "
"SMB3 encryption algorithm[%u][%s] on dialect[%s] "
"not allowed by '%s smb3 encryption algorithms' - %s.\n",
debug_prefix,
cipher_algo,
smb3_encryption_algorithm_name(cipher_algo),
smb_protocol_types_string(protocol),
role,
nt_errstr(error_status)));
return error_status;
}
return NT_STATUS_OK;
}