/* * This file and its contents are supplied under the terms of the * Common Development and Distribution License ("CDDL"), version 1.0. * You may only use this file in accordance with the terms of version * 1.0 of the CDDL. * * A full copy of the text of the CDDL should have accompanied this * source. A copy of the CDDL is also available via the Internet at * http://www.illumos.org/license/CDDL. */ /* * Copyright 2015 Nexenta Systems, Inc. All rights reserved. */ /* * Dispatch function for SMB2_NEGOTIATE */ #include #include static int smb2_negotiate_common(smb_request_t *, uint16_t); uint32_t smb2srv_capabilities = SMB2_CAP_DFS | SMB2_CAP_LARGE_MTU; /* * These are not intended as customer tunables, but dev. & test folks * might want to adjust them (with caution). * * smb2_tcp_bufsize is the TCP buffer size, applied to the network socket * with setsockopt SO_SNDBUF, SO_RCVBUF. These set the TCP window size. * This is also used as a "sanity limit" for internal send/reply message * allocations. Note that with compounding SMB2 messages may contain * multiple requests/responses. This size should be large enough for * at least a few SMB2 requests, and at least 2X smb2_max_rwsize. * * smb2_max_rwsize is what we put in the SMB2 negotiate response to tell * the client the largest read and write request size we'll support. * One megabyte is a compromise between efficiency on fast networks * and memory consumption (for the buffers) on the server side. * * smb2_max_trans is the largest "transact" send or receive, which is * used for directory listings and info set/get operations. */ uint32_t smb2_tcp_bufsize = (1<<22); /* 4MB */ uint32_t smb2_max_rwsize = (1<<20); /* 1MB */ uint32_t smb2_max_trans = (1<<16); /* 64KB */ /* * With clients (e.g. HP scanners) that don't advertise SMB2_CAP_LARGE_MTU * (including all clients using dialect < SMB 2.1), use a "conservative" value * for max r/w size because some older clients misbehave with larger values. * 64KB is recommended in the [MS-SMB2] spec. (3.3.5.3.1 SMB 2.1 or SMB 3.x * Support) as the minimum so we'll use that. */ uint32_t smb2_old_rwsize = (1<<16); /* 64KB */ /* * List of all SMB2 versions we implement. Note that the * highest version we support may be limited by the * _cfg.skc_max_protocol setting. */ static uint16_t smb2_versions[] = { 0x202, /* SMB 2.002 */ 0x210, /* SMB 2.1 */ }; static uint16_t smb2_nversions = sizeof (smb2_versions) / sizeof (smb2_versions[0]); static boolean_t smb2_supported_version(smb_session_t *s, uint16_t version) { int i; if (version > s->s_cfg.skc_max_protocol) return (B_FALSE); for (i = 0; i < smb2_nversions; i++) if (version == smb2_versions[i]) return (B_TRUE); return (B_FALSE); } /* * Helper for the (SMB1) smb_com_negotiate(). This is the * very unusual protocol interaction where an SMB1 negotiate * gets an SMB2 negotiate response. This is the normal way * clients first find out if the server supports SMB2. * * Note: This sends an SMB2 reply _itself_ and then returns * SDRC_NO_REPLY so the caller will not send an SMB1 reply. * Also, this is called directly from the reader thread, so * we know this is the only thread using this session. * * The caller frees this request. */ smb_sdrc_t smb1_negotiate_smb2(smb_request_t *sr) { smb_session_t *s = sr->session; smb_arg_negotiate_t *negprot = sr->sr_negprot; uint16_t smb2_version; uint16_t secmode2; int rc; /* * Note: In the SMB1 negotiate command handler, we * agreed with one of the SMB2 dialects. If that * dialect was "SMB 2.002", we'll respond here with * version 0x202 and negotiation is done. If that * dialect was "SMB 2.???", we'll respond here with * the "wildcard" version 0x2FF, and the client will * come back with an SMB2 negotiate. */ switch (negprot->ni_dialect) { case DIALECT_SMB2002: /* SMB 2.002 (a.k.a. SMB2.0) */ smb2_version = 0x202; s->dialect = smb2_version; s->s_state = SMB_SESSION_STATE_NEGOTIATED; /* Allow normal SMB2 requests now. */ s->newrq_func = smb2sr_newrq; /* * Translate SMB1 sec. mode to SMB2. */ secmode2 = 0; if (s->secmode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) secmode2 |= SMB2_NEGOTIATE_SIGNING_ENABLED; if (s->secmode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) secmode2 |= SMB2_NEGOTIATE_SIGNING_REQUIRED; s->secmode = secmode2; break; case DIALECT_SMB2XXX: /* SMB 2.??? (wildcard vers) */ /* * Expecting an SMB2 negotiate next, so keep the * initial s->newrq_func. Note that secmode is * fiction good enough to pass the signing check * in smb2_negotiate_common(). We'll check the * real secmode when the 2nd negotiate comes. */ smb2_version = 0x2FF; s->secmode = SMB2_NEGOTIATE_SIGNING_ENABLED; break; default: return (SDRC_DROP_VC); } /* * We did not decode an SMB2 header, so make sure * the SMB2 header fields are initialized. * (Most are zero from smb_request_alloc.) * Also, the SMB1 common dispatch code reserved space * for an SMB1 header, which we need to undo here. */ sr->smb2_reply_hdr = sr->reply.chain_offset = 0; sr->smb2_cmd_code = SMB2_NEGOTIATE; rc = smb2_negotiate_common(sr, smb2_version); if (rc != 0) return (SDRC_DROP_VC); return (SDRC_NO_REPLY); } /* * SMB2 Negotiate gets special handling. This is called directly by * the reader thread (see smbsr_newrq_initial) with what _should_ be * an SMB2 Negotiate. Only the "\feSMB" header has been checked * when this is called, so this needs to check the SMB command, * if it's Negotiate execute it, then send the reply, etc. * * Since this is called directly from the reader thread, we * know this is the only thread currently using this session. * This has to duplicate some of what smb2sr_work does as a * result of bypassing the normal dispatch mechanism. * * The caller always frees this request. */ int smb2_newrq_negotiate(smb_request_t *sr) { smb_session_t *s = sr->session; int i, rc; uint16_t struct_size; uint16_t best_version; uint16_t version_cnt; uint16_t cl_versions[8]; sr->smb2_cmd_hdr = sr->command.chain_offset; rc = smb2_decode_header(sr); if (rc != 0) return (rc); if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) || (sr->smb2_next_command != 0)) return (SDRC_DROP_VC); /* * Decode SMB2 Negotiate (fixed-size part) */ rc = smb_mbc_decodef( &sr->command, "www..l16.8.", &struct_size, /* w */ &version_cnt, /* w */ &s->secmode, /* w */ /* reserved (..) */ &s->capabilities); /* l */ /* clnt_uuid 16. */ /* start_time 8. */ if (rc != 0) return (rc); if (struct_size != 36 || version_cnt > 8) return (SDRC_DROP_VC); /* * Decode SMB2 Negotiate (variable part) */ rc = smb_mbc_decodef(&sr->command, "#w", version_cnt, cl_versions); if (rc != 0) return (SDRC_DROP_VC); /* * The client offers an array of protocol versions it * supports, which we have decoded into cl_versions[]. * We walk the array and pick the highest supported. */ best_version = 0; for (i = 0; i < version_cnt; i++) if (smb2_supported_version(s, cl_versions[i]) && best_version < cl_versions[i]) best_version = cl_versions[i]; if (best_version == 0) return (SDRC_DROP_VC); s->dialect = best_version; /* Allow normal SMB2 requests now. */ s->s_state = SMB_SESSION_STATE_NEGOTIATED; s->newrq_func = smb2sr_newrq; rc = smb2_negotiate_common(sr, best_version); if (rc != 0) return (SDRC_DROP_VC); return (0); } /* * Common parts of SMB2 Negotiate, used for both the * SMB1-to-SMB2 style, and straight SMB2 style. * Do negotiation decisions, encode, send the reply. */ static int smb2_negotiate_common(smb_request_t *sr, uint16_t version) { timestruc_t boot_tv, now_tv; smb_session_t *s = sr->session; int rc; uint32_t max_rwsize; uint16_t secmode; sr->smb2_status = 0; /* * Negotiation itself. First the Security Mode. * The caller stashed the client's secmode in s->secmode, * which we validate, and then replace with the server's * secmode, which is all we care about after this. */ secmode = SMB2_NEGOTIATE_SIGNING_ENABLED; if (sr->sr_cfg->skc_signing_required) { secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; /* Make sure client at least enables signing. */ if ((s->secmode & secmode) == 0) { sr->smb2_status = NT_STATUS_INVALID_PARAMETER; } } s->secmode = secmode; s->cmd_max_bytes = smb2_tcp_bufsize; s->reply_max_bytes = smb2_tcp_bufsize; /* * "The number of credits held by the client MUST be considered * as 1 when the connection is established." [MS-SMB2] * We leave credits at 1 until the first successful * session setup is completed. */ s->s_cur_credits = s->s_max_credits = 1; sr->smb2_credit_response = 1; boot_tv.tv_sec = smb_get_boottime(); boot_tv.tv_nsec = 0; now_tv.tv_sec = gethrestime_sec(); now_tv.tv_nsec = 0; /* * SMB2 negotiate reply */ sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR; (void) smb2_encode_header(sr, B_FALSE); if (sr->smb2_status != 0) { smb2sr_put_error(sr, sr->smb2_status); smb2_send_reply(sr); return (-1); /* will drop */ } /* * See notes above smb2_max_rwsize, smb2_old_rwsize */ if (s->capabilities & SMB2_CAP_LARGE_MTU) max_rwsize = smb2_max_rwsize; else max_rwsize = smb2_old_rwsize; rc = smb_mbc_encodef( &sr->reply, "wwww#cllllTTwwl#c", 65, /* StructSize */ /* w */ s->secmode, /* w */ version, /* w */ 0, /* reserved */ /* w */ UUID_LEN, /* # */ &s->s_cfg.skc_machine_uuid, /* c */ smb2srv_capabilities, /* l */ smb2_max_trans, /* l */ max_rwsize, /* l */ max_rwsize, /* l */ &now_tv, /* T */ &boot_tv, /* T */ 128, /* SecBufOff */ /* w */ sr->sr_cfg->skc_negtok_len, /* w */ 0, /* reserved */ /* l */ sr->sr_cfg->skc_negtok_len, /* # */ sr->sr_cfg->skc_negtok); /* c */ smb2_send_reply(sr); (void) ksocket_setsockopt(s->sock, SOL_SOCKET, SO_SNDBUF, (const void *)&smb2_tcp_bufsize, sizeof (smb2_tcp_bufsize), CRED()); (void) ksocket_setsockopt(s->sock, SOL_SOCKET, SO_RCVBUF, (const void *)&smb2_tcp_bufsize, sizeof (smb2_tcp_bufsize), CRED()); return (rc); } /* * SMB2 Dispatch table handler, which will run if we see an * SMB2_NEGOTIATE after the initial negotiation is done. * That would be a protocol error. */ smb_sdrc_t smb2_negotiate(smb_request_t *sr) { sr->smb2_status = NT_STATUS_INVALID_PARAMETER; return (SDRC_ERROR); } /* * VALIDATE_NEGOTIATE_INFO [MS-SMB2] 2.2.32.6 */ uint32_t smb2_fsctl_vneginfo(smb_request_t *sr, smb_fsctl_t *fsctl) { smb_session_t *s = sr->session; int rc; /* * The spec. says to parse the VALIDATE_NEGOTIATE_INFO here * and verify that the original negotiate was not modified. * The only tampering we need worry about is secmode, and * we're not taking that from the client, so don't bother. * * One interesting requirement here is that we MUST reply * with exactly the same information as we returned in our * original reply to the SMB2 negotiate on this session. * If we don't the client closes the connection. */ rc = smb_mbc_encodef( fsctl->out_mbc, "l#cww", smb2srv_capabilities, /* l */ UUID_LEN, /* # */ &s->s_cfg.skc_machine_uuid, /* c */ s->secmode, /* w */ s->dialect); /* w */ if (rc) return (NT_STATUS_INTERNAL_ERROR); return (0); }