1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2013-2021 Tintri by DDN, Inc. All rights reserved.
14 * Copyright 2022 RackTop Systems, Inc.
15 */
16
17 /*
18 * Dispatch function for SMB2_NEGOTIATE
19 */
20
21 #include <smbsrv/smb2_kproto.h>
22 #include <smbsrv/smb2.h>
23 #include <sys/random.h>
24
25 /*
26 * Note from [MS-SMB2] Sec. 2.2.3: Windows servers return
27 * invalid parameter if the dialect count is greater than 64
28 * This is here (and not in smb2.h) because this is technically
29 * an implementation detail, not protocol specification.
30 */
31 #define SMB2_NEGOTIATE_MAX_DIALECTS 64
32
33 static int smb2_negotiate_common(smb_request_t *, uint16_t);
34
35 /* List of supported capabilities. Can be patched for testing. */
36 uint32_t smb2srv_capabilities =
37 SMB2_CAP_DFS |
38 SMB2_CAP_LEASING |
39 SMB2_CAP_LARGE_MTU |
40 SMB2_CAP_PERSISTENT_HANDLES |
41 SMB2_CAP_ENCRYPTION;
42
43 /* These are the only capabilities defined for SMB2.X */
44 #define SMB_2X_CAPS (SMB2_CAP_DFS | SMB2_CAP_LEASING | SMB2_CAP_LARGE_MTU)
45
46 /*
47 * These are not intended as customer tunables, but dev. & test folks
48 * might want to adjust them (with caution).
49 *
50 * smb2_tcp_bufsize is the TCP buffer size, applied to the network socket
51 * with setsockopt SO_SNDBUF, SO_RCVBUF. These set the TCP window size.
52 * This is also used as a "sanity limit" for internal send/reply message
53 * allocations. Note that with compounding SMB2 messages may contain
54 * multiple requests/responses. This size should be large enough for
55 * at least a few SMB2 requests, and at least 2X smb2_max_rwsize.
56 *
57 * smb2_max_rwsize is what we put in the SMB2 negotiate response to tell
58 * the client the largest read and write request size we'll support.
59 * One megabyte is a compromise between efficiency on fast networks
60 * and memory consumption (for the buffers) on the server side.
61 *
62 * smb2_max_trans is the largest "transact" send or receive, which is
63 * used for directory listings and info set/get operations.
64 */
65 uint32_t smb2_tcp_bufsize = (1<<22); /* 4MB */
66 uint32_t smb2_max_rwsize = (1<<20); /* 1MB */
67 uint32_t smb2_max_trans = (1<<16); /* 64KB */
68
69 /*
70 * With clients (e.g. HP scanners) that don't advertise SMB2_CAP_LARGE_MTU
71 * (including all clients using dialect < SMB 2.1), use a "conservative" value
72 * for max r/w size because some older clients misbehave with larger values.
73 * 64KB is recommended in the [MS-SMB2] spec. (3.3.5.3.1 SMB 2.1 or SMB 3.x
74 * Support) as the minimum so we'll use that.
75 */
76 uint32_t smb2_old_rwsize = (1<<16); /* 64KB */
77
78 /*
79 * List of all SMB2 versions we implement. Note that the
80 * versions we support may be limited by the
81 * _cfg.skc_max_protocol and min_protocol settings.
82 */
83 static uint16_t smb2_versions[] = {
84 0x202, /* SMB 2.002 */
85 0x210, /* SMB 2.1 */
86 0x300, /* SMB 3.0 */
87 0x302, /* SMB 3.02 */
88 0x311, /* SMB 3.11 */
89 };
90 static uint16_t smb2_nversions =
91 sizeof (smb2_versions) / sizeof (smb2_versions[0]);
92
93 enum smb2_neg_ctx_type {
94 SMB2_PREAUTH_INTEGRITY_CAPS = 1,
95 SMB2_ENCRYPTION_CAPS = 2,
96 SMB2_COMPRESSION_CAPS = 3, /* not imlemented */
97 SMB2_NETNAME_NEGOTIATE_CONTEXT_ID = 5 /* not imlemented */
98 };
99
100 typedef struct smb2_negotiate_ctx {
101 uint16_t type;
102 uint16_t datalen;
103 } smb2_neg_ctx_t;
104
105 #define SMB31_PREAUTH_CTX_SALT_LEN 32
106
107 /*
108 * SMB 3.1.1 originally specified a single hashing algorithm - SHA-512 - and
109 * two encryption ones - AES-128-CCM and AES-128-GCM.
110 * Windows Server 2022 and Windows 11 introduced two further encryption
111 * algorithms - AES-256-CCM and AES-256-GCM.
112 */
113 #define MAX_HASHID_NUM (1)
114 #define MAX_CIPHER_NUM (8)
115
116 typedef struct smb2_preauth_integrity_caps {
117 uint16_t picap_hash_count;
118 uint16_t picap_salt_len;
119 uint16_t picap_hash_id;
120 uint8_t picap_salt[SMB31_PREAUTH_CTX_SALT_LEN];
121 } smb2_preauth_caps_t;
122
123 typedef struct smb2_encryption_caps {
124 uint16_t encap_cipher_count;
125 uint16_t encap_cipher_ids[MAX_CIPHER_NUM];
126 } smb2_encrypt_caps_t;
127
128 /*
129 * The contexts we support
130 */
131 typedef struct smb2_preauth_neg_ctx {
132 smb2_neg_ctx_t neg_ctx;
133 smb2_preauth_caps_t preauth_caps;
134 } smb2_preauth_neg_ctx_t;
135
136 typedef struct smb2_encrypt_neg_ctx {
137 smb2_neg_ctx_t neg_ctx;
138 smb2_encrypt_caps_t encrypt_caps;
139 } smb2_encrypt_neg_ctx_t;
140
141 typedef struct smb2_neg_ctxs {
142 uint32_t offset;
143 uint16_t count;
144 smb2_preauth_neg_ctx_t preauth_ctx;
145 smb2_encrypt_neg_ctx_t encrypt_ctx;
146 } smb2_neg_ctxs_t;
147
148 #define NEG_CTX_INFO_OFFSET (SMB2_HDR_SIZE + 28)
149 #define NEG_CTX_OFFSET_OFFSET (SMB2_HDR_SIZE + 64)
150 #define NEG_CTX_MAX_COUNT (16)
151 #define NEG_CTX_MAX_DATALEN (256)
152
153 #define STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP (0xC05D0000)
154
155 #define STATUS_PREAUTH_HASH_OVERLAP \
156 STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP
157
158 typedef struct smb2_arg_negotiate {
159 struct smb2_neg_ctxs neg_in_ctxs;
160 struct smb2_neg_ctxs neg_out_ctxs;
161 uint16_t neg_dialect_cnt;
162 uint16_t neg_dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
163 uint16_t neg_highest_dialect;
164 } smb2_arg_negotiate_t;
165
166
167 static boolean_t
smb2_supported_version(smb_session_t * s,uint16_t version)168 smb2_supported_version(smb_session_t *s, uint16_t version)
169 {
170 int i;
171
172 if (version > s->s_cfg.skc_max_protocol ||
173 version < s->s_cfg.skc_min_protocol)
174 return (B_FALSE);
175 for (i = 0; i < smb2_nversions; i++)
176 if (version == smb2_versions[i])
177 return (B_TRUE);
178 return (B_FALSE);
179 }
180
181 static uint16_t
smb2_find_best_dialect(smb_session_t * s,uint16_t cl_versions[],uint16_t version_cnt)182 smb2_find_best_dialect(smb_session_t *s, uint16_t cl_versions[],
183 uint16_t version_cnt)
184 {
185 uint16_t best_version = 0;
186 int i;
187
188 for (i = 0; i < version_cnt; i++)
189 if (smb2_supported_version(s, cl_versions[i]) &&
190 best_version < cl_versions[i])
191 best_version = cl_versions[i];
192
193 return (best_version);
194 }
195
196 /*
197 * This function should be called only for dialect >= 0x311
198 * Negotiate context list should contain exactly one
199 * SMB2_PREAUTH_INTEGRITY_CAPS context.
200 * Otherwise STATUS_INVALID_PARAMETER.
201 * It should contain at least 1 hash algorith what server does support.
202 * Otehrwise STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP.
203 */
204 static uint32_t
smb31_decode_neg_ctxs(smb_request_t * sr)205 smb31_decode_neg_ctxs(smb_request_t *sr)
206 {
207 smb_session_t *s = sr->session;
208 smb2_arg_negotiate_t *nego = sr->arg.other;
209 smb2_neg_ctxs_t *neg_ctxs = &nego->neg_in_ctxs;
210 smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
211 smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
212 boolean_t found_sha512 = B_FALSE;
213 boolean_t found_cipher = B_FALSE;
214 uint32_t ciphers = sr->sr_server->sv_cfg.skc_encrypt_ciphers;
215 uint32_t status = 0;
216 int32_t skip;
217 int found_preauth_ctx = 0;
218 int found_encrypt_ctx = 0;
219 int cnt, i;
220 int rc;
221
222 /*
223 * There should be exactly 1 SMB2_PREAUTH_INTEGRITY_CAPS negotiate ctx.
224 * SMB2_ENCRYPTION_CAPS is optional one.
225 * If there is no contexts or there are to many then stop parsing.
226 */
227 cnt = neg_ctxs->count;
228 if (cnt < 1 || cnt > NEG_CTX_MAX_COUNT) {
229 status = NT_STATUS_INVALID_PARAMETER;
230 goto errout;
231 }
232
233 /*
234 * Cannot proceed parsing if the first context isn't aligned by 8.
235 */
236 if (neg_ctxs->offset % 8 != 0) {
237 status = NT_STATUS_INVALID_PARAMETER;
238 goto errout;
239 }
240
241 if ((skip = neg_ctxs->offset - sr->command.chain_offset) != 0 &&
242 smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
243 status = NT_STATUS_INVALID_PARAMETER;
244 goto errout;
245 }
246
247 /*
248 * Parse negotiate contexts. Ignore non-decoding errors to fill
249 * as much as possible data for dtrace probe.
250 */
251 for (i = 0; i < cnt; i++) {
252 smb2_neg_ctx_t neg_ctx;
253 int32_t ctx_end_off;
254 int32_t ctx_next_off;
255
256 if (i > 0) {
257 if ((skip = ctx_next_off - ctx_end_off) != 0 &&
258 smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
259 status = NT_STATUS_INVALID_PARAMETER;
260 goto errout;
261 }
262 }
263
264 rc = smb_mbc_decodef(
265 &sr->command, "ww4.",
266 &neg_ctx.type, /* w */
267 &neg_ctx.datalen); /* w */
268 if (rc != 0) {
269 status = NT_STATUS_INVALID_PARAMETER;
270 goto errout;
271 }
272
273 /*
274 * We got something crazy
275 */
276 if (neg_ctx.datalen > NEG_CTX_MAX_DATALEN) {
277 status = NT_STATUS_INVALID_PARAMETER;
278 goto errout;
279 }
280
281 ctx_end_off = sr->command.chain_offset + neg_ctx.datalen;
282 ctx_next_off = P2ROUNDUP(ctx_end_off, 8);
283
284 switch (neg_ctx.type) {
285 case SMB2_PREAUTH_INTEGRITY_CAPS:
286 memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
287 sizeof (neg_ctx));
288
289 if (found_preauth_ctx++ != 0) {
290 status = NT_STATUS_INVALID_PARAMETER;
291 continue;
292 }
293
294 rc = smb_mbc_decodef(
295 &sr->command, "ww",
296 &picap->picap_hash_count, /* w */
297 &picap->picap_salt_len); /* w */
298 if (rc != 0 || picap->picap_hash_count >
299 MAX_HASHID_NUM) {
300 status = NT_STATUS_INVALID_PARAMETER;
301 goto errout;
302 }
303
304 /*
305 * Get hash id
306 */
307 rc = smb_mbc_decodef(
308 &sr->command, "#w",
309 picap->picap_hash_count,
310 &picap->picap_hash_id); /* w */
311 if (rc != 0) {
312 status = NT_STATUS_INVALID_PARAMETER;
313 goto errout;
314 }
315
316 /*
317 * Get salt
318 */
319 rc = smb_mbc_decodef(
320 &sr->command, "#c",
321 sizeof (picap->picap_salt),
322 &picap->picap_salt[0]); /* w */
323 if (rc != 0) {
324 status = NT_STATUS_INVALID_PARAMETER;
325 goto errout;
326 }
327
328 /*
329 * In SMB 0x311 there should be exactly 1 preauth
330 * negotiate context, and there should be exactly 1
331 * hash value in the list - SHA512.
332 */
333 if (picap->picap_hash_count != 1) {
334 status = NT_STATUS_INVALID_PARAMETER;
335 continue;
336 }
337
338 if (picap->picap_hash_id == SMB3_HASH_SHA512)
339 found_sha512 = B_TRUE;
340 break;
341 case SMB2_ENCRYPTION_CAPS:
342 memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
343 sizeof (neg_ctx));
344
345 if (found_encrypt_ctx++ != 0) {
346 status = NT_STATUS_INVALID_PARAMETER;
347 continue;
348 }
349
350 rc = smb_mbc_decodef(
351 &sr->command, "w",
352 &encap->encap_cipher_count); /* w */
353 if (rc != 0 || encap->encap_cipher_count >
354 MAX_CIPHER_NUM) {
355 status = NT_STATUS_INVALID_PARAMETER;
356 goto errout;
357 }
358
359 /*
360 * Get cipher list
361 */
362 rc = smb_mbc_decodef(
363 &sr->command, "#w",
364 encap->encap_cipher_count,
365 &encap->encap_cipher_ids[0]); /* w */
366 if (rc != 0) {
367 status = NT_STATUS_INVALID_PARAMETER;
368 goto errout;
369 }
370
371 /*
372 * Select the first enabled cipher.
373 * Client should list more prioritized ciphers first.
374 */
375 for (int k = 0; k < encap->encap_cipher_count; k++) {
376 uint16_t c = encap->encap_cipher_ids[k];
377
378 if (c <= SMB3_CIPHER_MAX &&
379 (SMB3_CIPHER_BIT(c) & ciphers) != 0) {
380 s->smb31_enc_cipherid = c;
381 found_cipher = B_TRUE;
382 break;
383 }
384 }
385 break;
386 default:
387 ;
388 }
389 }
390
391 if (status)
392 goto errout;
393
394 /* Not found mandatory SMB2_PREAUTH_INTEGRITY_CAPS ctx */
395 if (found_preauth_ctx != 1 || found_encrypt_ctx > 1) {
396 status = NT_STATUS_INVALID_PARAMETER;
397 goto errout;
398 }
399
400 if (!found_sha512) {
401 status = STATUS_PREAUTH_HASH_OVERLAP;
402 goto errout;
403 }
404
405 s->smb31_preauth_hashid = SMB3_HASH_SHA512;
406
407 if (!found_cipher)
408 s->smb31_enc_cipherid = 0;
409
410 /* Initialize out = in */
411 nego->neg_out_ctxs = nego->neg_in_ctxs;
412
413 errout:
414 return (status);
415 }
416
417 static int
smb31_encode_neg_ctxs(smb_request_t * sr)418 smb31_encode_neg_ctxs(smb_request_t *sr)
419 {
420 smb_session_t *s = sr->session;
421 smb2_arg_negotiate_t *nego = sr->arg.other;
422 smb2_neg_ctxs_t *neg_ctxs = &nego->neg_out_ctxs;
423 smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
424 smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
425 uint16_t salt_len = sizeof (picap->picap_salt);
426 uint32_t preauth_ctx_len = 6 + salt_len;
427 uint32_t enc_ctx_len = 4;
428 uint32_t neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
429 P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
430 uint32_t rc;
431
432 if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
433 return (rc);
434
435 ASSERT3S(neg_ctx_off, ==, sr->reply.chain_offset);
436
437 picap->picap_hash_id = s->smb31_preauth_hashid;
438 picap->picap_salt_len = salt_len;
439
440 (void) random_get_pseudo_bytes(picap->picap_salt, salt_len);
441
442 rc = smb_mbc_encodef(
443 &sr->reply, "ww4.",
444 SMB2_PREAUTH_INTEGRITY_CAPS,
445 preauth_ctx_len
446 /* 4. */); /* reserved */
447 if (rc != 0)
448 return (rc);
449
450 rc = smb_mbc_encodef(
451 &sr->reply, "www#c",
452 1, /* hash algo count */
453 salt_len, /* salt length */
454 s->smb31_preauth_hashid, /* hash id */
455 salt_len, /* salt length */
456 picap->picap_salt);
457 if (rc != 0)
458 return (rc);
459
460 /*
461 * If we did not get SMB2_ENCRYPTION_CAPS, don't send one.
462 */
463 if (encap->encap_cipher_count == 0)
464 return (0);
465
466 /*
467 * Encode SMB2_ENCRYPTION_CAPS response.
468 */
469 if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
470 return (rc);
471
472 rc = smb_mbc_encodef(
473 &sr->reply, "ww4.",
474 SMB2_ENCRYPTION_CAPS,
475 enc_ctx_len
476 /* 4. */); /* reserved */
477
478 rc = smb_mbc_encodef(
479 &sr->reply, "ww",
480 1, /* cipher count */
481 s->smb31_enc_cipherid); /* encrypt. cipher id */
482
483 return (rc);
484 }
485
486 /*
487 * Helper for the (SMB1) smb_com_negotiate(). This is the
488 * very unusual protocol interaction where an SMB1 negotiate
489 * gets an SMB2 negotiate response. This is the normal way
490 * clients first find out if the server supports SMB2.
491 *
492 * Note: This sends an SMB2 reply _itself_ and then returns
493 * SDRC_NO_REPLY so the caller will not send an SMB1 reply.
494 * Also, this is called directly from the reader thread, so
495 * we know this is the only thread using this session.
496 * Otherwise, this is similar to smb2_newrq_negotiate().
497 *
498 * The caller frees this request.
499 */
500 smb_sdrc_t
smb1_negotiate_smb2(smb_request_t * sr)501 smb1_negotiate_smb2(smb_request_t *sr)
502 {
503 smb_session_t *s = sr->session;
504 smb_arg_negotiate_t *negprot = sr->sr_negprot;
505 uint16_t smb2_version;
506
507 /*
508 * Note: In the SMB1 negotiate command handler, we
509 * agreed with one of the SMB2 dialects. If that
510 * dialect was "SMB 2.002", we'll respond here with
511 * version 0x202 and negotiation is done. If that
512 * dialect was "SMB 2.???", we'll respond here with
513 * the "wildcard" version 0x2FF, and the client will
514 * come back with an SMB2 negotiate.
515 */
516 switch (negprot->ni_dialect) {
517 case DIALECT_SMB2002: /* SMB 2.002 (a.k.a. SMB2.0) */
518 smb2_version = SMB_VERS_2_002;
519 s->dialect = smb2_version;
520 s->s_state = SMB_SESSION_STATE_NEGOTIATED;
521 /* Allow normal SMB2 requests now. */
522 s->newrq_func = smb2sr_newrq;
523 break;
524 case DIALECT_SMB2XXX: /* SMB 2.??? (wildcard vers) */
525 /*
526 * Expecting an SMB2 negotiate next, so keep the
527 * initial s->newrq_func.
528 */
529 smb2_version = 0x2FF;
530 break;
531 default:
532 return (SDRC_DROP_VC);
533 }
534
535 /*
536 * We did not decode an SMB2 header, so make sure
537 * the SMB2 header fields are initialized.
538 * (Most are zero from smb_request_alloc.)
539 * Also, the SMB1 common dispatch code reserved space
540 * for an SMB1 header, which we need to undo here.
541 */
542 sr->smb2_reply_hdr = sr->reply.chain_offset = 0;
543 sr->smb2_cmd_code = SMB2_NEGOTIATE;
544 sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR;
545
546 /*
547 * Also setup SMB2 negotiate args (empty here).
548 * SMB1 args free'd by smb_srm_fini(sr)
549 */
550 sr->arg.other = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
551
552 (void) smb2_encode_header(sr, B_FALSE);
553 if (smb2_negotiate_common(sr, smb2_version) != 0)
554 sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
555 if (sr->smb2_status != 0)
556 smb2sr_put_error(sr, sr->smb2_status);
557 (void) smb2_encode_header(sr, B_TRUE);
558
559 smb2_send_reply(sr);
560
561 /*
562 * We sent the reply, so tell the SMB1 dispatch
563 * it should NOT (also) send a reply.
564 */
565 return (SDRC_NO_REPLY);
566 }
567
568 /*
569 * SMB2 Negotiate gets special handling. This is called directly by
570 * the reader thread (see smbsr_newrq_initial) with what _should_ be
571 * an SMB2 Negotiate. Only the "\feSMB" header has been checked
572 * when this is called, so this needs to check the SMB command,
573 * if it's Negotiate execute it, then send the reply, etc.
574 *
575 * Since this is called directly from the reader thread, we
576 * know this is the only thread currently using this session.
577 * This has to duplicate some of what smb2sr_work does as a
578 * result of bypassing the normal dispatch mechanism.
579 *
580 * The caller always frees this request.
581 *
582 * Return value is 0 for success, and anything else will
583 * terminate the reader thread (drop the connection).
584 */
585 int
smb2_newrq_negotiate(smb_request_t * sr)586 smb2_newrq_negotiate(smb_request_t *sr)
587 {
588 smb_session_t *s = sr->session;
589 smb2_arg_negotiate_t *nego;
590 int rc;
591 uint32_t nctx_status = 0;
592 uint32_t status = 0;
593 uint32_t neg_ctx_off;
594 uint16_t neg_ctx_cnt;
595 uint16_t struct_size;
596 uint16_t dialect_cnt;
597 uint16_t best_version;
598
599 nego = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
600 sr->arg.other = nego; // for dtrace
601
602 sr->smb2_cmd_hdr = sr->command.chain_offset;
603 rc = smb2_decode_header(sr);
604 if (rc != 0)
605 return (rc);
606
607 if (sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR)
608 return (-1);
609
610 if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) ||
611 (sr->smb2_next_command != 0))
612 return (-1);
613
614 /*
615 * Decode SMB2 Negotiate (fixed-size part)
616 */
617 rc = smb_mbc_decodef(
618 &sr->command, "www..l16clw..",
619 &struct_size, /* w */
620 &dialect_cnt, /* w */
621 &s->cli_secmode, /* w */
622 /* reserved (..) */
623 &s->capabilities, /* l */
624 s->clnt_uuid, /* 16c */
625 &neg_ctx_off, /* l */
626 &neg_ctx_cnt); /* w */
627 /* reserverd (..) */
628 if (rc != 0)
629 return (rc);
630 if (struct_size != 36)
631 return (-1);
632
633 /*
634 * Decode SMB2 Negotiate (variable part)
635 *
636 * Be somewhat tolerant while decoding the variable part
637 * so we can return errors instead of dropping the client.
638 * Will limit decoding to the size of cli_dialects here,
639 * and do error checks on the decoded dialect_cnt after the
640 * dtrace start probe.
641 */
642 if (dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS)
643 nego->neg_dialect_cnt = SMB2_NEGOTIATE_MAX_DIALECTS;
644 else
645 nego->neg_dialect_cnt = dialect_cnt;
646 if (nego->neg_dialect_cnt > 0) {
647 rc = smb_mbc_decodef(&sr->command, "#w",
648 nego->neg_dialect_cnt,
649 nego->neg_dialects);
650 if (rc != 0)
651 return (rc); // short msg
652 }
653
654 best_version = smb2_find_best_dialect(s, nego->neg_dialects,
655 nego->neg_dialect_cnt);
656
657 if (best_version >= SMB_VERS_3_11) {
658 nego->neg_in_ctxs.offset = neg_ctx_off;
659 nego->neg_in_ctxs.count = neg_ctx_cnt;
660 nctx_status = smb31_decode_neg_ctxs(sr);
661 /* check nctx_status below */
662 }
663
664 DTRACE_SMB2_START(op__Negotiate, smb_request_t *, sr);
665
666 sr->smb2_credit_response = 1;
667 sr->smb2_hdr_flags |= SMB2_FLAGS_SERVER_TO_REDIR;
668 (void) smb2_encode_header(sr, B_FALSE);
669
670 /*
671 * NOW start validating things (NOT before here)
672 */
673
674 /*
675 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
676 * "If the SMB2 header of the SMB2 NEGOTIATE request has the
677 * SMB2_FLAGS_SIGNED bit set in the Flags field, the server
678 * MUST fail the request with STATUS_INVALID_PARAMETER."
679 */
680 if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) != 0) {
681 sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
682 status = NT_STATUS_INVALID_PARAMETER;
683 goto errout;
684 }
685
686 /*
687 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
688 * "If the DialectCount of the SMB2 NEGOTIATE Request is 0, the
689 * server MUST fail the request with STATUS_INVALID_PARAMETER."
690 * Checking the decoded value here, not the constrained one.
691 */
692 if (dialect_cnt == 0 ||
693 dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS) {
694 status = NT_STATUS_INVALID_PARAMETER;
695 goto errout;
696 }
697
698 /*
699 * We decoded the offered dialects above, and
700 * determined which was the highest we support.
701 *
702 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
703 * "If a common dialect is not found, the server MUST fail
704 * the request with STATUS_NOT_SUPPORTED."
705 */
706 if (best_version == 0) {
707 status = NT_STATUS_NOT_SUPPORTED;
708 goto errout;
709 }
710
711 /*
712 * Check for problems with the negotiate contexts.
713 */
714 if (nctx_status != 0) {
715 status = nctx_status;
716 goto errout;
717 }
718
719 /* Allow normal SMB2 requests now. */
720 s->dialect = best_version;
721 s->s_state = SMB_SESSION_STATE_NEGOTIATED;
722 s->newrq_func = smb2sr_newrq;
723
724 if (smb2_negotiate_common(sr, best_version) != 0)
725 status = NT_STATUS_INTERNAL_ERROR;
726
727 if (s->dialect >= SMB_VERS_3_11 && status == 0) {
728 if (smb31_encode_neg_ctxs(sr) != 0)
729 status = NT_STATUS_INTERNAL_ERROR;
730 }
731
732 errout:
733 sr->smb2_status = status;
734 DTRACE_SMB2_DONE(op__Negotiate, smb_request_t *, sr);
735
736 if (sr->smb2_status != 0)
737 smb2sr_put_error(sr, sr->smb2_status);
738 (void) smb2_encode_header(sr, B_TRUE);
739
740 if (s->dialect >= SMB_VERS_3_11 && sr->smb2_status == 0) {
741 ASSERT3U(s->smb31_preauth_hashid, !=, 0);
742 if (smb31_preauth_sha512_calc(sr, &sr->reply,
743 s->smb31_preauth_hashval,
744 s->smb31_preauth_hashval) != 0)
745 cmn_err(CE_WARN, "(1) Preauth hash calculation "
746 "failed");
747 }
748
749 smb2_send_reply(sr);
750
751 return (rc);
752 }
753
754 /*
755 * Common parts of SMB2 Negotiate, used for both the
756 * SMB1-to-SMB2 style, and straight SMB2 style.
757 * Do negotiation decisions and encode the reply.
758 * The caller does the network send.
759 *
760 * Return value is 0 for success, else error.
761 */
762 static int
smb2_negotiate_common(smb_request_t * sr,uint16_t version)763 smb2_negotiate_common(smb_request_t *sr, uint16_t version)
764 {
765 timestruc_t boot_tv, now_tv;
766 smb_session_t *s = sr->session;
767 smb2_arg_negotiate_t *nego = sr->arg.other;
768 int rc;
769 uint32_t max_rwsize;
770 uint16_t secmode;
771 uint16_t neg_ctx_cnt = 0;
772 uint32_t neg_ctx_off = 0;
773
774 /*
775 * Negotiation itself. First the Security Mode.
776 */
777 secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
778 if (sr->sr_cfg->skc_signing_required)
779 secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
780 s->srv_secmode = secmode;
781
782 s->cmd_max_bytes = smb2_tcp_bufsize;
783 s->reply_max_bytes = smb2_tcp_bufsize;
784
785 /*
786 * "The number of credits held by the client MUST be considered
787 * as 1 when the connection is established." [MS-SMB2]
788 * We leave credits at 1 until the first successful
789 * session setup is completed.
790 */
791 s->s_cur_credits = s->s_max_credits = 1;
792 sr->smb2_credit_response = 1;
793
794 boot_tv.tv_sec = smb_get_boottime();
795 boot_tv.tv_nsec = 0;
796 now_tv.tv_sec = gethrestime_sec();
797 now_tv.tv_nsec = 0;
798
799 /*
800 * If the version is 0x2FF, we haven't completed negotiate.
801 * Don't initialize until we have our final request.
802 */
803 if (version != 0x2FF)
804 smb2_sign_init_mech(s);
805 if (version >= 0x311)
806 smb31_preauth_init_mech(s);
807
808 /*
809 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
810 *
811 * The SMB2.x capabilities are returned without regard for
812 * what capabilities the client provided in the request.
813 * The SMB3.x capabilities returned are the traditional
814 * logical AND of server and client capabilities, except
815 * for the SMB2.x capabilities which are what the server
816 * supports (regardless of the client capabilities).
817 *
818 * One additional check: If KCF is missing something we
819 * require for encryption, turn off that capability.
820 */
821 if (s->dialect < SMB_VERS_2_1) {
822 /* SMB 2.002 */
823 s->srv_cap = smb2srv_capabilities & SMB2_CAP_DFS;
824 } else if (s->dialect < SMB_VERS_3_0) {
825 /* SMB 2.x */
826 s->srv_cap = smb2srv_capabilities & SMB_2X_CAPS;
827 } else {
828 /* SMB 3.0 or later */
829 s->srv_cap = smb2srv_capabilities &
830 (SMB_2X_CAPS | s->capabilities);
831
832 if (s->dialect < SMB_VERS_3_11)
833 s->smb31_enc_cipherid = SMB3_CIPHER_AES128_CCM;
834 /* else from negotiate context */
835
836 if ((s->srv_cap & SMB2_CAP_ENCRYPTION) != 0 &&
837 smb3_encrypt_init_mech(s) != 0) {
838 s->srv_cap &= ~SMB2_CAP_ENCRYPTION;
839 }
840
841 if (s->dialect >= SMB_VERS_3_11) {
842 smb2_encrypt_caps_t *encap =
843 &nego->neg_in_ctxs.encrypt_ctx.encrypt_caps;
844
845 neg_ctx_cnt = 1; // always have preauth
846
847 if (encap->encap_cipher_count != 0)
848 neg_ctx_cnt++;
849
850 neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
851 P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
852
853 ASSERT3U(s->smb31_preauth_hashid, !=, 0);
854
855 if (smb31_preauth_sha512_calc(sr, &sr->command,
856 s->smb31_preauth_hashval,
857 s->smb31_preauth_hashval) != 0)
858 cmn_err(CE_WARN, "(0) Preauth hash calculation "
859 "failed");
860 }
861 }
862
863 /*
864 * See notes above smb2_max_rwsize, smb2_old_rwsize
865 */
866 if (s->capabilities & SMB2_CAP_LARGE_MTU)
867 max_rwsize = smb2_max_rwsize;
868 else
869 max_rwsize = smb2_old_rwsize;
870
871 rc = smb_mbc_encodef(
872 &sr->reply,
873 "wwww#cllllTTwwl#c",
874 65, /* StructSize */ /* w */
875 s->srv_secmode, /* w */
876 version, /* w */
877 neg_ctx_cnt, /* w */
878 UUID_LEN, /* # */
879 &s->s_cfg.skc_machine_uuid, /* c */
880 s->srv_cap, /* l */
881 smb2_max_trans, /* l */
882 max_rwsize, /* l */
883 max_rwsize, /* l */
884 &now_tv, /* T */
885 &boot_tv, /* T */
886 128, /* SecBufOff */ /* w */
887 sr->sr_cfg->skc_negtok_len, /* w */
888 neg_ctx_off, /* l */
889 sr->sr_cfg->skc_negtok_len, /* # */
890 sr->sr_cfg->skc_negtok); /* c */
891
892 /* Note: smb31_encode_neg_ctxs() follows in caller */
893
894 /* smb2_send_reply(sr); in caller */
895
896 (void) ksocket_setsockopt(s->sock, SOL_SOCKET,
897 SO_SNDBUF, (const void *)&smb2_tcp_bufsize,
898 sizeof (smb2_tcp_bufsize), CRED());
899 (void) ksocket_setsockopt(s->sock, SOL_SOCKET,
900 SO_RCVBUF, (const void *)&smb2_tcp_bufsize,
901 sizeof (smb2_tcp_bufsize), CRED());
902
903 return (rc);
904 }
905
906 /*
907 * SMB2 Dispatch table handler, which will run if we see an
908 * SMB2_NEGOTIATE after the initial negotiation is done.
909 * That would be a protocol error.
910 */
911 smb_sdrc_t
smb2_negotiate(smb_request_t * sr)912 smb2_negotiate(smb_request_t *sr)
913 {
914 sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
915 return (SDRC_ERROR);
916 }
917
918 /*
919 * VALIDATE_NEGOTIATE_INFO [MS-SMB2] 2.2.32.6
920 */
921 uint32_t
smb2_nego_validate(smb_request_t * sr,smb_fsctl_t * fsctl)922 smb2_nego_validate(smb_request_t *sr, smb_fsctl_t *fsctl)
923 {
924 smb_session_t *s = sr->session;
925 int rc;
926
927 /*
928 * The spec. says to parse the VALIDATE_NEGOTIATE_INFO here
929 * and verify that the original negotiate was not modified.
930 *
931 * One interesting requirement here is that we MUST reply
932 * with exactly the same information as we returned in our
933 * original reply to the SMB2 negotiate on this session.
934 * If we don't the client closes the connection.
935 */
936
937 uint32_t capabilities;
938 uint16_t secmode;
939 uint16_t num_dialects;
940 uint16_t dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
941 uint8_t clnt_guid[16];
942
943 if (s->dialect >= SMB_VERS_3_11)
944 goto drop;
945
946 /*
947 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
948 *
949 * If the dialect is SMB3 and the message was successfully
950 * decrypted we MUST skip processing of the signature.
951 */
952 if (!sr->encrypted && (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0)
953 goto drop;
954
955 if (fsctl->InputCount < 24)
956 goto drop;
957
958 (void) smb_mbc_decodef(fsctl->in_mbc, "l16cww",
959 &capabilities, /* l */
960 &clnt_guid, /* 16c */
961 &secmode, /* w */
962 &num_dialects); /* w */
963
964 if (num_dialects == 0 || num_dialects > SMB2_NEGOTIATE_MAX_DIALECTS)
965 goto drop;
966 if (secmode != s->cli_secmode)
967 goto drop;
968 if (capabilities != s->capabilities)
969 goto drop;
970 if (memcmp(clnt_guid, s->clnt_uuid, sizeof (clnt_guid)) != 0)
971 goto drop;
972
973 rc = smb_mbc_decodef(fsctl->in_mbc, "#w", num_dialects, dialects);
974 if (rc != 0)
975 goto drop;
976
977 /*
978 * MS-SMB2 says we should compare the dialects array with the
979 * one sent previously, but that appears to be unnecessary
980 * as long as we end up with the same dialect.
981 */
982 if (smb2_find_best_dialect(s, dialects, num_dialects) != s->dialect)
983 goto drop;
984
985 rc = smb_mbc_encodef(
986 fsctl->out_mbc, "l#cww",
987 s->srv_cap, /* l */
988 UUID_LEN, /* # */
989 &s->s_cfg.skc_machine_uuid, /* c */
990 s->srv_secmode, /* w */
991 s->dialect); /* w */
992 if (rc == 0)
993 return (rc);
994
995 drop:
996 smb_session_disconnect(s);
997 return (NT_STATUS_ACCESS_DENIED);
998 }
999