Startsida Utforska Hjälp
Logga in
unidan
/
libdsm
Bevaka 1
Stjärnmärk 0
Fork 0
Filer Ärenden 1 Pull-förfrågningar 0 Wiki
Träd: e9a8331d20
Grenar Taggar
libdsm
/
src
/
smb_session.c

smb_session.c 8.3 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301 
  1. //---------------------------------------------------------------------------
    2. 

  2. //  __________________    _________  _____            _____  .__         ._.
    3. 

  3. //  \______   \______ \  /   _____/ /     \          /  _  \ |__| ____   | |
    4. 

  4. //   |    |  _/|    |  \ \_____  \ /  \ /  \        /  /_\  \|  _/ __ \  | |
    5. 

  5. //   |    |   \|    `   \/        /    Y    \      /    |    |  \  ___/   \|
    6. 

  6. //   |______  /_______  /_______  \____|__  / /\   \____|__  |__|\___ |   __
    7. 

  7. //          \/        \/        \/        \/  )/           \/        \/   \/
    8. 

  8. //
    9. 

  9. // This file is part of libdsm. Copyright © 2014 VideoLabs SAS
    10. 

  10. //
    11. 

  11. // Author: Julien 'Lta' BALLET <contact@lta.io>
    12. 

  12. //
    13. 

  13. // This program is free software. It comes without any warranty, to the extent
    14. 

  14. // permitted by applicable law. You can redistribute it and/or modify it under
    15. 

  15. // the terms of the Do What The Fuck You Want To Public License, Version 2, as
    16. 

  16. // published by Sam Hocevar. See the COPYING file for more details.
    17. 

  17. //----------------------------------------------------------------------------
    18. 

  18. 

  19. #include <stdlib.h>
    20. 

  20. #include <string.h>
    21. 

  21. #include <stdio.h>
    22. 

  22. #include <assert.h>
    23. 

  23. 

  24. #include "bdsm/debug.h"
    25. 

  25. #include "bdsm/smb_session.h"
    26. 

  26. #include "bdsm/smb_ntlm.h"
    27. 

  27. 

  28. smb_session_t   *smb_session_new()
    29. 

  29. {
    30. 

  30.   smb_session_t *s;
    31. 

  31. 

  32.   s = malloc(sizeof(smb_session_t));
    33. 

  33.   assert(s != NULL);
    34. 

  34.   memset((void *)s, 0, sizeof(smb_session_t));
    35. 

  35. 

  36.   return (s);
    37. 

  37. }
    38. 

  38. 

  39. void            smb_session_destroy(smb_session_t *s)
    40. 

  40. {
    41. 

  41.   if (s != NULL)
    42. 

  42.   {
    43. 

  43.     // FIXME Free smb_share and smb_file
    44. 

  44.     if (s->nb_session != NULL)
    45. 

  45.       netbios_session_destroy(s->nb_session);
    46. 

  46.     free(s);
    47. 

  47.   }
    48. 

  48. }
    49. 

  49. 

  50. int             smb_session_state(smb_session_t *s)
    51. 

  51. {
    52. 

  52.   if (s != NULL)
    53. 

  53.     return (s->state);
    54. 

  54.   else
    55. 

  55.     return (SMB_STATE_ERROR);
    56. 

  56. }
    57. 

  57. 

  58. int             smb_session_connect(smb_session_t *s, const char *name,
    59. 

  59.                                     uint32_t ip)
    60. 

  60. {
    61. 

  61.   assert(s != NULL && name != NULL);
    62. 

  62. 

  63.   if ((s->nb_session = netbios_session_new(ip)) == NULL)
    64. 

  64.     goto error;
    65. 

  65.   if (!netbios_session_connect(s->nb_session, name))
    66. 

  66.     goto error;
    67. 

  67. 

  68.   memcpy(s->srv.name, name, strlen(name) + 1);
    69. 

  69.   s->state = SMB_STATE_NETBIOS_OK;
    70. 

  70. 

  71.   if (!smb_negotiate(s))
    72. 

  72.     return (0);
    73. 

  73. 

  74.   return(1);
    75. 

  75. 

  76.   error:
    77. 

  77.     s->state = SMB_STATE_ERROR;
    78. 

  78.     return (0);
    79. 

  79. }
    80. 

  80. 

  81. int             smb_session_send_msg(smb_session_t *s, smb_message_t *msg)
    82. 

  82. {
    83. 

  83.   size_t        packet_size;
    84. 

  84. 

  85.   assert(s != NULL && s->state >= SMB_STATE_NETBIOS_OK && s->nb_session != NULL);
    86. 

  86.   assert(msg != NULL && msg->packet != NULL);
    87. 

  87. 

  88.   msg->packet->header.uid = s->uid;
    89. 

  89. 

  90.   netbios_session_packet_init(s->nb_session, NETBIOS_OP_SESSION_MSG);
    91. 

  91. 

  92.   packet_size   = sizeof(smb_packet_t) + msg->cursor;
    93. 

  93.   if (!netbios_session_packet_append(s->nb_session, (char *)msg->packet, packet_size))
    94. 

  94.     return (0);
    95. 

  95.   if (!netbios_session_packet_send(s->nb_session))
    96. 

  96.     return (0);
    97. 

  97. 

  98.   return (1);
    99. 

  99. }
    100. 

  100. 

  101. size_t          smb_session_recv_msg(smb_session_t *s, smb_message_t *msg)
    102. 

  102. {
    103. 

  103.   netbios_session_packet_t  *nb_packet;
    104. 

  104.   ssize_t                   recv_size;
    105. 

  105.   size_t                    payload_size;
    106. 

  106. 

  107.   assert(s != NULL && s->nb_session != NULL);
    108. 

  108. 

  109.   recv_size = netbios_session_packet_recv(s->nb_session);
    110. 

  110.   if(recv_size <= 0)
    111. 

  111.     return (0);
    112. 

  112. 

  113.   nb_packet   = (netbios_session_packet_t *)s->nb_session->recv_buffer;
    114. 

  114.   if (msg != NULL)
    115. 

  115.     msg->packet = (smb_packet_t *)nb_packet->payload;
    116. 

  116. 

  117.   payload_size  = ntohs(nb_packet->length);
    118. 

  118.   payload_size |= (nb_packet->flags & 0x01) << 16; // XXX If this is the case we overran our recv_buffer
    119. 

  119.   if (payload_size > recv_size - sizeof(netbios_session_packet_t))
    120. 

  120.   {
    121. 

  121.     BDSM_dbg("smb_session_recv_msg: Packet size mismatch\n");
    122. 

  122.     return(0);
    123. 

  123.   }
    124. 

  124. 

  125.   if (msg != NULL)
    126. 

  126.   {
    127. 

  127.     msg->payload_size = payload_size - sizeof(smb_header_t);
    128. 

  128.     msg->cursor       = 0;
    129. 

  129.   }
    130. 

  130. 

  131.   return (payload_size - sizeof(smb_header_t));
    132. 

  132. }
    133. 

  133. 

  134. 

  135. int             smb_negotiate(smb_session_t *s)
    136. 

  136. {
    137. 

  137.   const char            *dialects[] = SMB_DIALECTS;
    138. 

  138.   smb_message_t         *msg = NULL;
    139. 

  139.   smb_message_t         answer;
    140. 

  140.   smb_negotiate_resp_t  *nego;
    141. 

  141. 

  142. 

  143.   msg = smb_message_new(SMB_CMD_NEGOTIATE, 64);
    144. 

  144.   smb_message_set_default_flags(msg);
    145. 

  145. 

  146.   smb_message_put8(msg, 0);   // wct
    147. 

  147.   smb_message_put16(msg, 0);  // bct, will be updated later
    148. 

  148. 

  149.   for(unsigned i = 0; dialects[i] != NULL; i++)
    150. 

  150.     smb_message_append(msg, dialects[i], strlen(dialects[i]) + 1);
    151. 

  151.   *((uint16_t *)(msg->packet->payload + 1)) = msg->cursor - 3;
    152. 

  152. 

  153.   if (!smb_session_send_msg(s, msg))
    154. 

  154.   {
    155. 

  155.     smb_message_destroy(msg);
    156. 

  156.     goto error;
    157. 

  157.   }
    158. 

  158.   smb_message_destroy(msg);
    159. 

  159. 

  160.   if (!smb_session_recv_msg(s, &answer))
    161. 

  161.     goto error;
    162. 

  162. 

  163.   nego = (smb_negotiate_resp_t *)answer.packet->payload;
    164. 

  164.   if (answer.packet->header.status != NT_STATUS_SUCCESS
    165. 

  165.       && nego->wct != 0x11 && nego->security_mode & 0x03)
    166. 

  166.     goto error;
    167. 

  167. 

  168.   s->srv.dialect        = nego->dialect_index;
    169. 

  169.   s->srv.security_mode  = nego->security_mode;
    170. 

  170.   s->srv.caps           = nego->caps;
    171. 

  171.   s->srv.session_key    = nego->session_key;
    172. 

  172.   s->srv.challenge      = nego->challenge;
    173. 

  173.   s->srv.ts             = nego->ts;
    174. 

  174. 

  175.   // Yeah !
    176. 

  176.   s->state              = SMB_STATE_DIALECT_OK;
    177. 

  177. 

  178.   return (1);
    179. 

  179. 

  180.   error:
    181. 

  181.     s->state = SMB_STATE_ERROR;
    182. 

  182.     return (0);
    183. 

  183. }
    184. 

  184. 

  185. int             smb_session_login(smb_session_t *s, const char *domain,
    186. 

  186.                                   const char *user, const char *password)
    187. 

  187. {
    188. 

  188.   smb_message_t         answer;
    189. 

  189.   smb_message_t         *msg = NULL;
    190. 

  190.   smb_session_req_t     *req = NULL;
    191. 

  191.   uint8_t               *ntlm2 = NULL;
    192. 

  192.   smb_ntlmh_t           hash_v2;
    193. 

  193.   uint8_t               *ucs;
    194. 

  194.   size_t                ucs_len;
    195. 

  195.   uint64_t              user_challenge;
    196. 

  196.   uint8_t               blob[128];
    197. 

  197.   size_t                blob_size;
    198. 

  198. 

  199.   msg = smb_message_new(SMB_CMD_SETUP, 512);
    200. 

  200.   smb_message_set_default_flags(msg);
    201. 

  201.   smb_message_set_andx_members(msg);
    202. 

  202.   req = (smb_session_req_t *)msg->packet->payload;
    203. 

  203. 

  204.   req->wct              = (sizeof(smb_session_req_t) - 3) / 2;
    205. 

  205.   req->max_buffer       = NETBIOS_SESSION_PAYLOAD;
    206. 

  206.   req->max_buffer      -= sizeof(netbios_session_packet_t);
    207. 

  207.   req->max_buffer      -= sizeof(smb_packet_t);
    208. 

  208.   req->mpx_count        = 16; // XXX ?
    209. 

  209.   req->vc_count         = 1;
    210. 

  210.   req->session_key      = s->srv.session_key;
    211. 

  211.   req->caps             = s->srv.caps; // XXX caps & our_caps_mask
    212. 

  212. 

  213.   smb_message_advance(msg, sizeof(smb_session_req_t));
    214. 

  214. 

  215.   user_challenge = smb_ntlm_generate_challenge();
    216. 

  216. 

  217.   // LM2 Response
    218. 

  218.   smb_ntlm2_hash(user, password, domain, &hash_v2);
    219. 

  219.   ntlm2 = smb_ntlm2_response(&hash_v2, s->srv.challenge,
    220. 

  220.                              (void *)&user_challenge, 8);
    221. 

  221.   smb_message_append(msg, ntlm2, 16 + 8);
    222. 

  222.   free(ntlm2);
    223. 

  223. 

  224.   // NTLM2 Response
    225. 

  225.   blob_size = smb_ntlm_blob((smb_ntlm_blob_t *)blob, s->srv.ts,
    226. 

  226.                             user_challenge, domain);
    227. 

  227.   ntlm2 = smb_ntlm2_response(&hash_v2, s->srv.challenge, blob, blob_size);
    228. 

  228.   //smb_message_append(msg, ntlm2, 16 + blob_size);
    229. 

  229.   free(ntlm2);
    230. 

  230. 

  231.   req->oem_pass_len = 16 + SMB_LM2_BLOB_SIZE;
    232. 

  232.   req->uni_pass_len = 0; //16 + blob_size; //SMB_NTLM2_BLOB_SIZE;
    233. 

  233.   if (msg->cursor / 2) // Padding !
    234. 

  234.     smb_message_put8(msg, 0);
    235. 

  235. 

  236.   smb_message_put_utf16(msg, "", user, strlen(user));
    237. 

  237.   smb_message_put16(msg, 0);
    238. 

  238.   smb_message_put_utf16(msg, "", domain, strlen(domain));
    239. 

  239.   smb_message_put16(msg, 0);
    240. 

  240.   smb_message_put_utf16(msg, "", SMB_OS, strlen(SMB_OS));
    241. 

  241.   smb_message_put16(msg, 0);
    242. 

  242.   smb_message_put_utf16(msg, "", SMB_LANMAN, strlen(SMB_OS));
    243. 

  243.   smb_message_put16(msg, 0);
    244. 

  244. 

  245.   req->payload_size = msg->cursor - sizeof(smb_session_req_t);
    246. 

  246. 

  247.   if (!smb_session_send_msg(s, msg))
    248. 

  248.   {
    249. 

  249.     smb_message_destroy(msg);
    250. 

  250.     BDSM_dbg("Unable to send Session Setup AndX message\n");
    251. 

  251.     return (0);
    252. 

  252.   }
    253. 

  253.   smb_message_destroy(msg);
    254. 

  254. 

  255.   if (smb_session_recv_msg(s, &answer) == 0)
    256. 

  256.   {
    257. 

  257.     BDSM_dbg("Unable to get Session Setup AndX reply\n");
    258. 

  258.     return (0);
    259. 

  259.   }
    260. 

  260. 

  261.   smb_session_resp_t *r = (smb_session_resp_t *)answer.packet->payload;
    262. 

  262.   if (answer.packet->header.status != NT_STATUS_SUCCESS)
    263. 

  263.   {
    264. 

  264.     BDSM_dbg("Session Setup AndX : failure.\n");
    265. 

  265.     return (0);
    266. 

  266.   }
    267. 

  267. 

  268.   if (r->action & 0x0001)
    269. 

  269.     s->guest = 1;
    270. 

  270.   s->state  = SMB_STATE_SESSION_OK;
    271. 

  271.   s->uid    = answer.packet->header.uid;
    272. 

  272. 

  273.   return (1);
    274. 

  274. }
    275. 

  275. 

  276. int             smb_session_is_guest(smb_session_t *s)
    277. 

  277. {
    278. 

  278.   // Invalid session object
    279. 

  279.   if (s == NULL)
    280. 

  280.     return (-1);
    281. 

  281. 

  282.   // We're not logged in yet.
    283. 

  283.   if (smb_session_state(s) != SMB_STATE_SESSION_OK)
    284. 

  284.     return (-1);
    285. 

  285. 

  286.   // We're logged in as guest
    287. 

  287.   if (s->guest)
    288. 

  288.     return (1);
    289. 

  289. 

  290.   // We're logged in as regular user
    291. 

  291.   return (0);
    292. 

  292. }
    293. 

  293. 

  294. const char      *smb_session_server_name(smb_session_t *s)
    295. 

  295. {
    296. 

  296.   if (s == NULL)
    297. 

  297.     return (NULL);
    298. 

  298.   else
    299. 

  299.     return (s->srv.name);
    300. 

  300. }
    301. 

  301.