xref: /illumos-gate/usr/src/uts/common/fs/smbsrv/smb2_negotiate.c (revision 012e6ce759c490003aed29439cc47d3d73a99ad3)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2019 Nexenta Systems, Inc.  All rights reserved.
14  * Copyright 2022 RackTop Systems, Inc.
15  */
16 
17 /*
18  * Dispatch function for SMB2_NEGOTIATE
19  */
20 
21 #include <smbsrv/smb2_kproto.h>
22 #include <smbsrv/smb2.h>
23 #include <sys/random.h>
24 
25 /*
26  * Note from [MS-SMB2] Sec. 2.2.3:  Windows servers return
27  * invalid parameter if the dialect count is greater than 64
28  * This is here (and not in smb2.h) because this is technically
29  * an implementation detail, not protocol specification.
30  */
31 #define	SMB2_NEGOTIATE_MAX_DIALECTS	64
32 
33 static int smb2_negotiate_common(smb_request_t *, uint16_t);
34 
35 /* List of supported capabilities.  Can be patched for testing. */
36 uint32_t smb2srv_capabilities =
37 	SMB2_CAP_DFS |
38 	SMB2_CAP_LEASING |
39 	SMB2_CAP_LARGE_MTU |
40 	SMB2_CAP_PERSISTENT_HANDLES |
41 #ifndef	_FAKE_KERNEL
42 	SMB2_CAP_ENCRYPTION |
43 #endif
44 	0;
45 
46 /* These are the only capabilities defined for SMB2.X */
47 #define	SMB_2X_CAPS (SMB2_CAP_DFS | SMB2_CAP_LEASING | SMB2_CAP_LARGE_MTU)
48 
49 /*
50  * These are not intended as customer tunables, but dev. & test folks
51  * might want to adjust them (with caution).
52  *
53  * smb2_tcp_bufsize is the TCP buffer size, applied to the network socket
54  * with setsockopt SO_SNDBUF, SO_RCVBUF.  These set the TCP window size.
55  * This is also used as a "sanity limit" for internal send/reply message
56  * allocations.  Note that with compounding SMB2 messages may contain
57  * multiple requests/responses.  This size should be large enough for
58  * at least a few SMB2 requests, and at least 2X smb2_max_rwsize.
59  *
60  * smb2_max_rwsize is what we put in the SMB2 negotiate response to tell
61  * the client the largest read and write request size we'll support.
62  * For now, we're using contiguous allocations, so keep this at 64KB
63  * so that (even with message overhead) allocations stay below 128KB,
64  * avoiding kmem_alloc -> page_create_va thrashing.
65  *
66  * smb2_max_trans is the largest "transact" send or receive, which is
67  * used for directory listings and info set/get operations.
68  */
69 uint32_t smb2_tcp_bufsize = (1<<22);	/* 4MB */
70 uint32_t smb2_max_rwsize = (1<<16);	/* 64KB */
71 uint32_t smb2_max_trans  = (1<<16);	/* 64KB */
72 
73 /*
74  * With clients (e.g. HP scanners) that don't advertise SMB2_CAP_LARGE_MTU
75  * (including all clients using dialect < SMB 2.1), use a "conservative" value
76  * for max r/w size because some older clients misbehave with larger values.
77  * 64KB is recommended in the [MS-SMB2] spec.  (3.3.5.3.1 SMB 2.1 or SMB 3.x
78  * Support) as the minimum so we'll use that.
79  */
80 uint32_t smb2_old_rwsize = (1<<16);	/* 64KB */
81 
82 /*
83  * List of all SMB2 versions we implement.  Note that the
84  * versions we support may be limited by the
85  * _cfg.skc_max_protocol and min_protocol settings.
86  */
87 static uint16_t smb2_versions[] = {
88 	0x202,	/* SMB 2.002 */
89 	0x210,	/* SMB 2.1 */
90 	0x300,	/* SMB 3.0 */
91 	0x302,	/* SMB 3.02 */
92 	0x311,	/* SMB 3.11 */
93 };
94 static uint16_t smb2_nversions =
95     sizeof (smb2_versions) / sizeof (smb2_versions[0]);
96 
97 enum smb2_neg_ctx_type {
98 	SMB2_PREAUTH_INTEGRITY_CAPS		= 1,
99 	SMB2_ENCRYPTION_CAPS			= 2,
100 	SMB2_COMPRESSION_CAPS			= 3,	/* not imlemented */
101 	SMB2_NETNAME_NEGOTIATE_CONTEXT_ID	= 5	/* not imlemented */
102 };
103 
104 typedef struct smb2_negotiate_ctx {
105 	uint16_t	type;
106 	uint16_t	datalen;
107 } smb2_neg_ctx_t;
108 
109 #define	SMB31_PREAUTH_CTX_SALT_LEN	32
110 
111 /*
112  * SMB 3.1.1 originally specified a single hashing algorithm - SHA-512 - and
113  * two encryption ones - AES-128-CCM and AES-128-GCM.
114  * Windows Server 2022 and Windows 11 introduced two further encryption
115  * algorithms - AES-256-CCM and AES-256-GCM.
116  */
117 #define	MAX_HASHID_NUM	(1)
118 #define	MAX_CIPHER_NUM	(8)
119 
120 typedef struct smb2_preauth_integrity_caps {
121 	uint16_t	picap_hash_count;
122 	uint16_t	picap_salt_len;
123 	uint16_t	picap_hash_id;
124 	uint8_t		picap_salt[SMB31_PREAUTH_CTX_SALT_LEN];
125 } smb2_preauth_caps_t;
126 
127 typedef struct smb2_encryption_caps {
128 	uint16_t	encap_cipher_count;
129 	uint16_t	encap_cipher_ids[MAX_CIPHER_NUM];
130 } smb2_encrypt_caps_t;
131 
132 /*
133  * The contexts we support
134  */
135 typedef struct smb2_preauth_neg_ctx {
136 	smb2_neg_ctx_t		neg_ctx;
137 	smb2_preauth_caps_t	preauth_caps;
138 } smb2_preauth_neg_ctx_t;
139 
140 typedef struct smb2_encrypt_neg_ctx {
141 	smb2_neg_ctx_t		neg_ctx;
142 	smb2_encrypt_caps_t	encrypt_caps;
143 } smb2_encrypt_neg_ctx_t;
144 
145 typedef struct smb2_neg_ctxs {
146 	uint32_t		offset;
147 	uint16_t		count;
148 	smb2_preauth_neg_ctx_t	preauth_ctx;
149 	smb2_encrypt_neg_ctx_t	encrypt_ctx;
150 } smb2_neg_ctxs_t;
151 
152 #define	NEG_CTX_INFO_OFFSET	(SMB2_HDR_SIZE + 28)
153 #define	NEG_CTX_OFFSET_OFFSET	(SMB2_HDR_SIZE + 64)
154 #define	NEG_CTX_MAX_COUNT	(16)
155 #define	NEG_CTX_MAX_DATALEN	(256)
156 
157 #define	STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP	(0xC05D0000)
158 
159 #define	STATUS_PREAUTH_HASH_OVERLAP \
160     STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP
161 
162 typedef struct smb2_arg_negotiate {
163 	struct smb2_neg_ctxs	neg_in_ctxs;
164 	struct smb2_neg_ctxs	neg_out_ctxs;
165 	uint16_t		neg_dialect_cnt;
166 	uint16_t		neg_dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
167 	uint16_t		neg_highest_dialect;
168 } smb2_arg_negotiate_t;
169 
170 
171 static boolean_t
172 smb2_supported_version(smb_session_t *s, uint16_t version)
173 {
174 	int i;
175 
176 	if (version > s->s_cfg.skc_max_protocol ||
177 	    version < s->s_cfg.skc_min_protocol)
178 		return (B_FALSE);
179 	for (i = 0; i < smb2_nversions; i++)
180 		if (version == smb2_versions[i])
181 			return (B_TRUE);
182 	return (B_FALSE);
183 }
184 
185 static uint16_t
186 smb2_find_best_dialect(smb_session_t *s, uint16_t cl_versions[],
187     uint16_t version_cnt)
188 {
189 	uint16_t best_version = 0;
190 	int i;
191 
192 	for (i = 0; i < version_cnt; i++)
193 		if (smb2_supported_version(s, cl_versions[i]) &&
194 		    best_version < cl_versions[i])
195 			best_version = cl_versions[i];
196 
197 	return (best_version);
198 }
199 
200 /*
201  * This function should be called only for dialect >= 0x311
202  * Negotiate context list should contain exactly one
203  * SMB2_PREAUTH_INTEGRITY_CAPS context.
204  * Otherwise STATUS_INVALID_PARAMETER.
205  * It should contain at least 1 hash algorith what server does support.
206  * Otehrwise STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP.
207  */
208 static uint32_t
209 smb31_decode_neg_ctxs(smb_request_t *sr)
210 {
211 	smb_session_t *s = sr->session;
212 	smb2_arg_negotiate_t *nego = sr->arg.other;
213 	smb2_neg_ctxs_t *neg_ctxs = &nego->neg_in_ctxs;
214 	smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
215 	smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
216 	boolean_t found_sha512 = B_FALSE;
217 	boolean_t found_cipher = B_FALSE;
218 	uint32_t ciphers = sr->sr_server->sv_cfg.skc_encrypt_ciphers;
219 	uint32_t status = 0;
220 	int32_t skip;
221 	int found_preauth_ctx = 0;
222 	int found_encrypt_ctx = 0;
223 	int cnt, i;
224 	int rc;
225 
226 	/*
227 	 * There should be exactly 1 SMB2_PREAUTH_INTEGRITY_CAPS negotiate ctx.
228 	 * SMB2_ENCRYPTION_CAPS is optional one.
229 	 * If there is no contexts or there are to many then stop parsing.
230 	 */
231 	cnt = neg_ctxs->count;
232 	if (cnt < 1 || cnt > NEG_CTX_MAX_COUNT) {
233 		status = NT_STATUS_INVALID_PARAMETER;
234 		goto errout;
235 	}
236 
237 	/*
238 	 * Cannot proceed parsing if the first context isn't aligned by 8.
239 	 */
240 	if (neg_ctxs->offset % 8 != 0) {
241 		status = NT_STATUS_INVALID_PARAMETER;
242 		goto errout;
243 	}
244 
245 	if ((skip = neg_ctxs->offset - sr->command.chain_offset) != 0 &&
246 	    smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
247 		status = NT_STATUS_INVALID_PARAMETER;
248 		goto errout;
249 	}
250 
251 	/*
252 	 * Parse negotiate contexts. Ignore non-decoding errors to fill
253 	 * as much as possible data for dtrace probe.
254 	 */
255 	for (i = 0; i < cnt; i++) {
256 		smb2_neg_ctx_t neg_ctx;
257 		int32_t ctx_end_off;
258 		int32_t ctx_next_off;
259 
260 		if (i > 0) {
261 			if ((skip = ctx_next_off - ctx_end_off) != 0 &&
262 			    smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
263 				status = NT_STATUS_INVALID_PARAMETER;
264 				goto errout;
265 			}
266 		}
267 
268 		rc = smb_mbc_decodef(
269 		    &sr->command, "ww4.",
270 		    &neg_ctx.type,	/* w */
271 		    &neg_ctx.datalen);	/* w */
272 		if (rc != 0) {
273 			status = NT_STATUS_INVALID_PARAMETER;
274 			goto errout;
275 		}
276 
277 		/*
278 		 * We got something crazy
279 		 */
280 		if (neg_ctx.datalen > NEG_CTX_MAX_DATALEN) {
281 			status = NT_STATUS_INVALID_PARAMETER;
282 			goto errout;
283 		}
284 
285 		ctx_end_off = sr->command.chain_offset + neg_ctx.datalen;
286 		ctx_next_off = P2ROUNDUP(ctx_end_off, 8);
287 
288 		switch (neg_ctx.type) {
289 		case SMB2_PREAUTH_INTEGRITY_CAPS:
290 			memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
291 			    sizeof (neg_ctx));
292 
293 			if (found_preauth_ctx++ != 0) {
294 				status = NT_STATUS_INVALID_PARAMETER;
295 				continue;
296 			}
297 
298 			rc = smb_mbc_decodef(
299 			    &sr->command, "ww",
300 			    &picap->picap_hash_count,	/* w */
301 			    &picap->picap_salt_len);	/* w */
302 			if (rc != 0 || picap->picap_hash_count >
303 			    MAX_HASHID_NUM) {
304 				status = NT_STATUS_INVALID_PARAMETER;
305 				goto errout;
306 			}
307 
308 			/*
309 			 * Get hash id
310 			 */
311 			rc = smb_mbc_decodef(
312 			    &sr->command, "#w",
313 			    picap->picap_hash_count,
314 			    &picap->picap_hash_id);	/* w */
315 			if (rc != 0) {
316 				status = NT_STATUS_INVALID_PARAMETER;
317 				goto errout;
318 			}
319 
320 			/*
321 			 * Get salt
322 			 */
323 			rc = smb_mbc_decodef(
324 			    &sr->command, "#c",
325 			    sizeof (picap->picap_salt),
326 			    &picap->picap_salt[0]);	/* w */
327 			if (rc != 0) {
328 				status = NT_STATUS_INVALID_PARAMETER;
329 				goto errout;
330 			}
331 
332 			/*
333 			 * In SMB 0x311 there should be exactly 1 preauth
334 			 * negotiate context, and there should be exactly 1
335 			 * hash value in the list - SHA512.
336 			 */
337 			if (picap->picap_hash_count != 1) {
338 				status = NT_STATUS_INVALID_PARAMETER;
339 				continue;
340 			}
341 
342 			if (picap->picap_hash_id == SMB3_HASH_SHA512)
343 				found_sha512 = B_TRUE;
344 			break;
345 		case SMB2_ENCRYPTION_CAPS:
346 			memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
347 			    sizeof (neg_ctx));
348 
349 			if (found_encrypt_ctx++ != 0) {
350 				status = NT_STATUS_INVALID_PARAMETER;
351 				continue;
352 			}
353 
354 			rc = smb_mbc_decodef(
355 			    &sr->command, "w",
356 			    &encap->encap_cipher_count);	/* w */
357 			if (rc != 0 || encap->encap_cipher_count >
358 			    MAX_CIPHER_NUM) {
359 				status = NT_STATUS_INVALID_PARAMETER;
360 				goto errout;
361 			}
362 
363 			/*
364 			 * Get cipher list
365 			 */
366 			rc = smb_mbc_decodef(
367 			    &sr->command, "#w",
368 			    encap->encap_cipher_count,
369 			    &encap->encap_cipher_ids[0]);	/* w */
370 			if (rc != 0) {
371 				status = NT_STATUS_INVALID_PARAMETER;
372 				goto errout;
373 			}
374 
375 			/*
376 			 * Select the first enabled cipher.
377 			 * Client should list more prioritized ciphers first.
378 			 */
379 			for (int k = 0; k < encap->encap_cipher_count; k++) {
380 				uint16_t c = encap->encap_cipher_ids[k];
381 
382 				if (c <= SMB3_CIPHER_MAX &&
383 				    (SMB3_CIPHER_BIT(c) & ciphers) != 0) {
384 					s->smb31_enc_cipherid = c;
385 					found_cipher = B_TRUE;
386 					break;
387 				}
388 			}
389 			break;
390 		default:
391 			;
392 		}
393 	}
394 
395 	if (status)
396 		goto errout;
397 
398 	/* Not found mandatory SMB2_PREAUTH_INTEGRITY_CAPS ctx */
399 	if (found_preauth_ctx != 1 || found_encrypt_ctx > 1) {
400 		status = NT_STATUS_INVALID_PARAMETER;
401 		goto errout;
402 	}
403 
404 	if (!found_sha512) {
405 		status = STATUS_PREAUTH_HASH_OVERLAP;
406 		goto errout;
407 	}
408 
409 	s->smb31_preauth_hashid = SMB3_HASH_SHA512;
410 
411 	if (!found_cipher)
412 		s->smb31_enc_cipherid = 0;
413 
414 	/* Initialize out = in */
415 	nego->neg_out_ctxs = nego->neg_in_ctxs;
416 
417 errout:
418 	return (status);
419 }
420 
421 static int
422 smb31_encode_neg_ctxs(smb_request_t *sr)
423 {
424 	smb_session_t *s = sr->session;
425 	smb2_arg_negotiate_t *nego = sr->arg.other;
426 	smb2_neg_ctxs_t *neg_ctxs = &nego->neg_out_ctxs;
427 	smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
428 	smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
429 	uint16_t salt_len = sizeof (picap->picap_salt);
430 	uint32_t preauth_ctx_len = 6 + salt_len;
431 	uint32_t enc_ctx_len = 4;
432 	uint32_t neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
433 	    P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
434 	uint32_t rc;
435 
436 	if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
437 		return (rc);
438 
439 	ASSERT3S(neg_ctx_off, ==, sr->reply.chain_offset);
440 
441 	picap->picap_hash_id = s->smb31_preauth_hashid;
442 	picap->picap_salt_len = salt_len;
443 
444 	(void) random_get_pseudo_bytes(picap->picap_salt, salt_len);
445 
446 	rc = smb_mbc_encodef(
447 	    &sr->reply, "ww4.",
448 	    SMB2_PREAUTH_INTEGRITY_CAPS,
449 	    preauth_ctx_len
450 	    /* 4. */); /* reserved */
451 	if (rc != 0)
452 		return (rc);
453 
454 	rc = smb_mbc_encodef(
455 	    &sr->reply, "www#c",
456 	    1,				/* hash algo count */
457 	    salt_len,			/* salt length */
458 	    s->smb31_preauth_hashid,	/* hash id */
459 	    salt_len,			/* salt length */
460 	    picap->picap_salt);
461 	if (rc != 0)
462 		return (rc);
463 
464 	/*
465 	 * If we did not get SMB2_ENCRYPTION_CAPS, don't send one.
466 	 */
467 	if (encap->encap_cipher_count == 0)
468 		return (0);
469 
470 	/*
471 	 * Encode SMB2_ENCRYPTION_CAPS response.
472 	 */
473 	if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
474 		return (rc);
475 
476 	rc = smb_mbc_encodef(
477 	    &sr->reply, "ww4.",
478 	    SMB2_ENCRYPTION_CAPS,
479 	    enc_ctx_len
480 	    /* 4. */); /* reserved */
481 
482 	rc = smb_mbc_encodef(
483 	    &sr->reply, "ww",
484 	    1,				/* cipher count */
485 	    s->smb31_enc_cipherid);	/* encrypt. cipher id */
486 
487 	return (rc);
488 }
489 
490 /*
491  * Helper for the (SMB1) smb_com_negotiate().  This is the
492  * very unusual protocol interaction where an SMB1 negotiate
493  * gets an SMB2 negotiate response.  This is the normal way
494  * clients first find out if the server supports SMB2.
495  *
496  * Note: This sends an SMB2 reply _itself_ and then returns
497  * SDRC_NO_REPLY so the caller will not send an SMB1 reply.
498  * Also, this is called directly from the reader thread, so
499  * we know this is the only thread using this session.
500  * Otherwise, this is similar to smb2_newrq_negotiate().
501  *
502  * The caller frees this request.
503  */
504 smb_sdrc_t
505 smb1_negotiate_smb2(smb_request_t *sr)
506 {
507 	smb_session_t *s = sr->session;
508 	smb_arg_negotiate_t *negprot = sr->sr_negprot;
509 	uint16_t smb2_version;
510 
511 	/*
512 	 * Note: In the SMB1 negotiate command handler, we
513 	 * agreed with one of the SMB2 dialects.  If that
514 	 * dialect was "SMB 2.002", we'll respond here with
515 	 * version 0x202 and negotiation is done.  If that
516 	 * dialect was "SMB 2.???", we'll respond here with
517 	 * the "wildcard" version 0x2FF, and the client will
518 	 * come back with an SMB2 negotiate.
519 	 */
520 	switch (negprot->ni_dialect) {
521 	case DIALECT_SMB2002:	/* SMB 2.002 (a.k.a. SMB2.0) */
522 		smb2_version = SMB_VERS_2_002;
523 		s->dialect = smb2_version;
524 		s->s_state = SMB_SESSION_STATE_NEGOTIATED;
525 		/* Allow normal SMB2 requests now. */
526 		s->newrq_func = smb2sr_newrq;
527 		break;
528 	case DIALECT_SMB2XXX:	/* SMB 2.??? (wildcard vers) */
529 		/*
530 		 * Expecting an SMB2 negotiate next, so keep the
531 		 * initial s->newrq_func.
532 		 */
533 		smb2_version = 0x2FF;
534 		break;
535 	default:
536 		return (SDRC_DROP_VC);
537 	}
538 
539 	/*
540 	 * We did not decode an SMB2 header, so make sure
541 	 * the SMB2 header fields are initialized.
542 	 * (Most are zero from smb_request_alloc.)
543 	 * Also, the SMB1 common dispatch code reserved space
544 	 * for an SMB1 header, which we need to undo here.
545 	 */
546 	sr->smb2_reply_hdr = sr->reply.chain_offset = 0;
547 	sr->smb2_cmd_code = SMB2_NEGOTIATE;
548 	sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR;
549 
550 	/*
551 	 * Also setup SMB2 negotiate args (empty here).
552 	 * SMB1 args free'd by smb_srm_fini(sr)
553 	 */
554 	sr->arg.other = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
555 
556 	(void) smb2_encode_header(sr, B_FALSE);
557 	if (smb2_negotiate_common(sr, smb2_version) != 0)
558 		sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
559 	if (sr->smb2_status != 0)
560 		smb2sr_put_error(sr, sr->smb2_status);
561 	(void) smb2_encode_header(sr, B_TRUE);
562 
563 	smb2_send_reply(sr);
564 
565 	/*
566 	 * We sent the reply, so tell the SMB1 dispatch
567 	 * it should NOT (also) send a reply.
568 	 */
569 	return (SDRC_NO_REPLY);
570 }
571 
572 /*
573  * SMB2 Negotiate gets special handling.  This is called directly by
574  * the reader thread (see smbsr_newrq_initial) with what _should_ be
575  * an SMB2 Negotiate.  Only the "\feSMB" header has been checked
576  * when this is called, so this needs to check the SMB command,
577  * if it's Negotiate execute it, then send the reply, etc.
578  *
579  * Since this is called directly from the reader thread, we
580  * know this is the only thread currently using this session.
581  * This has to duplicate some of what smb2sr_work does as a
582  * result of bypassing the normal dispatch mechanism.
583  *
584  * The caller always frees this request.
585  *
586  * Return value is 0 for success, and anything else will
587  * terminate the reader thread (drop the connection).
588  */
589 int
590 smb2_newrq_negotiate(smb_request_t *sr)
591 {
592 	smb_session_t *s = sr->session;
593 	smb2_arg_negotiate_t *nego;
594 	int rc;
595 	uint32_t nctx_status = 0;
596 	uint32_t status = 0;
597 	uint32_t neg_ctx_off;
598 	uint16_t neg_ctx_cnt;
599 	uint16_t struct_size;
600 	uint16_t dialect_cnt;
601 	uint16_t best_version;
602 
603 	nego = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
604 	sr->arg.other = nego;	// for dtrace
605 
606 	sr->smb2_cmd_hdr = sr->command.chain_offset;
607 	rc = smb2_decode_header(sr);
608 	if (rc != 0)
609 		return (rc);
610 
611 	if (sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR)
612 		return (-1);
613 
614 	if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) ||
615 	    (sr->smb2_next_command != 0))
616 		return (-1);
617 
618 	/*
619 	 * Decode SMB2 Negotiate (fixed-size part)
620 	 */
621 	rc = smb_mbc_decodef(
622 	    &sr->command, "www..l16clw..",
623 	    &struct_size,	/* w */
624 	    &dialect_cnt,	/* w */
625 	    &s->cli_secmode,	/* w */
626 	    /* reserved		(..) */
627 	    &s->capabilities,	/* l */
628 	    s->clnt_uuid,	/* 16c */
629 	    &neg_ctx_off,	/* l */
630 	    &neg_ctx_cnt);	/* w */
631 	    /* reserverd	(..) */
632 	if (rc != 0)
633 		return (rc);
634 	if (struct_size != 36)
635 		return (-1);
636 
637 	/*
638 	 * Decode SMB2 Negotiate (variable part)
639 	 *
640 	 * Be somewhat tolerant while decoding the variable part
641 	 * so we can return errors instead of dropping the client.
642 	 * Will limit decoding to the size of cli_dialects here,
643 	 * and do error checks on the decoded dialect_cnt after the
644 	 * dtrace start probe.
645 	 */
646 	if (dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS)
647 		nego->neg_dialect_cnt = SMB2_NEGOTIATE_MAX_DIALECTS;
648 	else
649 		nego->neg_dialect_cnt = dialect_cnt;
650 	if (nego->neg_dialect_cnt > 0) {
651 		rc = smb_mbc_decodef(&sr->command, "#w",
652 		    nego->neg_dialect_cnt,
653 		    nego->neg_dialects);
654 		if (rc != 0)
655 			return (rc);	// short msg
656 	}
657 
658 	best_version = smb2_find_best_dialect(s, nego->neg_dialects,
659 	    nego->neg_dialect_cnt);
660 
661 	if (best_version >= SMB_VERS_3_11) {
662 		nego->neg_in_ctxs.offset = neg_ctx_off;
663 		nego->neg_in_ctxs.count  = neg_ctx_cnt;
664 		nctx_status = smb31_decode_neg_ctxs(sr);
665 		/* check nctx_status below */
666 	}
667 
668 	DTRACE_SMB2_START(op__Negotiate, smb_request_t *, sr);
669 
670 	sr->smb2_credit_response = 1;
671 	sr->smb2_hdr_flags |= SMB2_FLAGS_SERVER_TO_REDIR;
672 	(void) smb2_encode_header(sr, B_FALSE);
673 
674 	/*
675 	 * NOW start validating things (NOT before here)
676 	 */
677 
678 	/*
679 	 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
680 	 * "If the SMB2 header of the SMB2 NEGOTIATE request has the
681 	 * SMB2_FLAGS_SIGNED bit set in the Flags field, the server
682 	 * MUST fail the request with STATUS_INVALID_PARAMETER."
683 	 */
684 	if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) != 0) {
685 		sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
686 		status = NT_STATUS_INVALID_PARAMETER;
687 		goto errout;
688 	}
689 
690 	/*
691 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
692 	 * "If the DialectCount of the SMB2 NEGOTIATE Request is 0, the
693 	 * server MUST fail the request with STATUS_INVALID_PARAMETER."
694 	 * Checking the decoded value here, not the constrained one.
695 	 */
696 	if (dialect_cnt == 0 ||
697 	    dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS) {
698 		status = NT_STATUS_INVALID_PARAMETER;
699 		goto errout;
700 	}
701 
702 	/*
703 	 * We decoded the offered dialects above, and
704 	 * determined which was the highest we support.
705 	 *
706 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
707 	 * "If a common dialect is not found, the server MUST fail
708 	 * the request with STATUS_NOT_SUPPORTED."
709 	 */
710 	if (best_version == 0) {
711 		status = NT_STATUS_NOT_SUPPORTED;
712 		goto errout;
713 	}
714 
715 	/*
716 	 * Check for problems with the negotiate contexts.
717 	 */
718 	if (nctx_status != 0) {
719 		status = nctx_status;
720 		goto errout;
721 	}
722 
723 	/* Allow normal SMB2 requests now. */
724 	s->dialect = best_version;
725 	s->s_state = SMB_SESSION_STATE_NEGOTIATED;
726 	s->newrq_func = smb2sr_newrq;
727 
728 	if (smb2_negotiate_common(sr, best_version) != 0)
729 		status = NT_STATUS_INTERNAL_ERROR;
730 
731 	if (s->dialect >= SMB_VERS_3_11 && status == 0) {
732 		if (smb31_encode_neg_ctxs(sr) != 0)
733 			status = NT_STATUS_INTERNAL_ERROR;
734 	}
735 
736 errout:
737 	sr->smb2_status = status;
738 	DTRACE_SMB2_DONE(op__Negotiate, smb_request_t *, sr);
739 
740 	if (sr->smb2_status != 0)
741 		smb2sr_put_error(sr, sr->smb2_status);
742 	(void) smb2_encode_header(sr, B_TRUE);
743 
744 	if (s->dialect >= SMB_VERS_3_11 && sr->smb2_status == 0) {
745 		ASSERT3U(s->smb31_preauth_hashid, !=, 0);
746 		if (smb31_preauth_sha512_calc(sr, &sr->reply,
747 		    s->smb31_preauth_hashval,
748 		    s->smb31_preauth_hashval) != 0)
749 			cmn_err(CE_WARN, "(1) Preauth hash calculation "
750 			    "failed");
751 	}
752 
753 	smb2_send_reply(sr);
754 
755 	return (rc);
756 }
757 
758 /*
759  * Common parts of SMB2 Negotiate, used for both the
760  * SMB1-to-SMB2 style, and straight SMB2 style.
761  * Do negotiation decisions and encode the reply.
762  * The caller does the network send.
763  *
764  * Return value is 0 for success, else error.
765  */
766 static int
767 smb2_negotiate_common(smb_request_t *sr, uint16_t version)
768 {
769 	timestruc_t boot_tv, now_tv;
770 	smb_session_t *s = sr->session;
771 	smb2_arg_negotiate_t *nego = sr->arg.other;
772 	int rc;
773 	uint32_t max_rwsize;
774 	uint16_t secmode;
775 	uint16_t neg_ctx_cnt = 0;
776 	uint32_t neg_ctx_off = 0;
777 
778 	/*
779 	 * Negotiation itself.  First the Security Mode.
780 	 */
781 	secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
782 	if (sr->sr_cfg->skc_signing_required)
783 		secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
784 	s->srv_secmode = secmode;
785 
786 	s->cmd_max_bytes = smb2_tcp_bufsize;
787 	s->reply_max_bytes = smb2_tcp_bufsize;
788 
789 	/*
790 	 * "The number of credits held by the client MUST be considered
791 	 * as 1 when the connection is established." [MS-SMB2]
792 	 * We leave credits at 1 until the first successful
793 	 * session setup is completed.
794 	 */
795 	s->s_cur_credits = s->s_max_credits = 1;
796 	sr->smb2_credit_response = 1;
797 
798 	boot_tv.tv_sec = smb_get_boottime();
799 	boot_tv.tv_nsec = 0;
800 	now_tv.tv_sec = gethrestime_sec();
801 	now_tv.tv_nsec = 0;
802 
803 	/*
804 	 * If the version is 0x2FF, we haven't completed negotiate.
805 	 * Don't initialize until we have our final request.
806 	 */
807 	if (version != 0x2FF)
808 		smb2_sign_init_mech(s);
809 	if (version >= 0x311)
810 		smb31_preauth_init_mech(s);
811 
812 	/*
813 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
814 	 *
815 	 * The SMB2.x capabilities are returned without regard for
816 	 * what capabilities the client provided in the request.
817 	 * The SMB3.x capabilities returned are the traditional
818 	 * logical AND of server and client capabilities, except
819 	 * for the SMB2.x capabilities which are what the server
820 	 * supports (regardless of the client capabilities).
821 	 *
822 	 * One additional check: If KCF is missing something we
823 	 * require for encryption, turn off that capability.
824 	 */
825 	if (s->dialect < SMB_VERS_2_1) {
826 		/* SMB 2.002 */
827 		s->srv_cap = smb2srv_capabilities & SMB2_CAP_DFS;
828 	} else if (s->dialect < SMB_VERS_3_0) {
829 		/* SMB 2.x */
830 		s->srv_cap = smb2srv_capabilities & SMB_2X_CAPS;
831 	} else {
832 		/* SMB 3.0 or later */
833 		s->srv_cap = smb2srv_capabilities &
834 		    (SMB_2X_CAPS | s->capabilities);
835 
836 		if (s->dialect < SMB_VERS_3_11)
837 			s->smb31_enc_cipherid = SMB3_CIPHER_AES128_CCM;
838 		/* else from negotiate context */
839 
840 		if ((s->srv_cap & SMB2_CAP_ENCRYPTION) != 0 &&
841 		    smb3_encrypt_init_mech(s) != 0) {
842 			s->srv_cap &= ~SMB2_CAP_ENCRYPTION;
843 		}
844 
845 		if (s->dialect >= SMB_VERS_3_11) {
846 			smb2_encrypt_caps_t *encap =
847 			    &nego->neg_in_ctxs.encrypt_ctx.encrypt_caps;
848 
849 			neg_ctx_cnt = 1; // always have preauth
850 
851 			if (encap->encap_cipher_count != 0)
852 				neg_ctx_cnt++;
853 
854 			neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
855 			    P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
856 
857 			ASSERT3U(s->smb31_preauth_hashid, !=, 0);
858 
859 			if (smb31_preauth_sha512_calc(sr, &sr->command,
860 			    s->smb31_preauth_hashval,
861 			    s->smb31_preauth_hashval) != 0)
862 				cmn_err(CE_WARN, "(0) Preauth hash calculation "
863 				    "failed");
864 		}
865 	}
866 
867 	/*
868 	 * See notes above smb2_max_rwsize, smb2_old_rwsize
869 	 */
870 	if (s->capabilities & SMB2_CAP_LARGE_MTU)
871 		max_rwsize = smb2_max_rwsize;
872 	else
873 		max_rwsize = smb2_old_rwsize;
874 
875 	rc = smb_mbc_encodef(
876 	    &sr->reply,
877 	    "wwww#cllllTTwwl#c",
878 	    65,	/* StructSize */	/* w */
879 	    s->srv_secmode,		/* w */
880 	    version,			/* w */
881 	    neg_ctx_cnt,		/* w */
882 	    UUID_LEN,			/* # */
883 	    &s->s_cfg.skc_machine_uuid, /* c */
884 	    s->srv_cap,			/* l */
885 	    smb2_max_trans,		/* l */
886 	    max_rwsize,			/* l */
887 	    max_rwsize,			/* l */
888 	    &now_tv,			/* T */
889 	    &boot_tv,			/* T */
890 	    128, /* SecBufOff */	/* w */
891 	    sr->sr_cfg->skc_negtok_len,	/* w */
892 	    neg_ctx_off,		/* l */
893 	    sr->sr_cfg->skc_negtok_len,	/* # */
894 	    sr->sr_cfg->skc_negtok);	/* c */
895 
896 	/* Note: smb31_encode_neg_ctxs() follows in caller */
897 
898 	/* smb2_send_reply(sr); in caller */
899 
900 	(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
901 	    SO_SNDBUF, (const void *)&smb2_tcp_bufsize,
902 	    sizeof (smb2_tcp_bufsize), CRED());
903 	(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
904 	    SO_RCVBUF, (const void *)&smb2_tcp_bufsize,
905 	    sizeof (smb2_tcp_bufsize), CRED());
906 
907 	return (rc);
908 }
909 
910 /*
911  * SMB2 Dispatch table handler, which will run if we see an
912  * SMB2_NEGOTIATE after the initial negotiation is done.
913  * That would be a protocol error.
914  */
915 smb_sdrc_t
916 smb2_negotiate(smb_request_t *sr)
917 {
918 	sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
919 	return (SDRC_ERROR);
920 }
921 
922 /*
923  * VALIDATE_NEGOTIATE_INFO [MS-SMB2] 2.2.32.6
924  */
925 uint32_t
926 smb2_nego_validate(smb_request_t *sr, smb_fsctl_t *fsctl)
927 {
928 	smb_session_t *s = sr->session;
929 	int rc;
930 
931 	/*
932 	 * The spec. says to parse the VALIDATE_NEGOTIATE_INFO here
933 	 * and verify that the original negotiate was not modified.
934 	 *
935 	 * One interesting requirement here is that we MUST reply
936 	 * with exactly the same information as we returned in our
937 	 * original reply to the SMB2 negotiate on this session.
938 	 * If we don't the client closes the connection.
939 	 */
940 
941 	uint32_t capabilities;
942 	uint16_t secmode;
943 	uint16_t num_dialects;
944 	uint16_t dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
945 	uint8_t clnt_guid[16];
946 
947 	if (s->dialect >= SMB_VERS_3_11)
948 		goto drop;
949 
950 	/*
951 	 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
952 	 *
953 	 * If the dialect is SMB3 and the message was successfully
954 	 * decrypted we MUST skip processing of the signature.
955 	 */
956 	if (!sr->encrypted && (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0)
957 		goto drop;
958 
959 	if (fsctl->InputCount < 24)
960 		goto drop;
961 
962 	(void) smb_mbc_decodef(fsctl->in_mbc, "l16cww",
963 	    &capabilities, /* l */
964 	    &clnt_guid, /* 16c */
965 	    &secmode, /* w */
966 	    &num_dialects); /* w */
967 
968 	if (num_dialects == 0 || num_dialects > SMB2_NEGOTIATE_MAX_DIALECTS)
969 		goto drop;
970 	if (secmode != s->cli_secmode)
971 		goto drop;
972 	if (capabilities != s->capabilities)
973 		goto drop;
974 	if (memcmp(clnt_guid, s->clnt_uuid, sizeof (clnt_guid)) != 0)
975 		goto drop;
976 
977 	rc = smb_mbc_decodef(fsctl->in_mbc, "#w", num_dialects, dialects);
978 	if (rc != 0)
979 		goto drop;
980 
981 	/*
982 	 * MS-SMB2 says we should compare the dialects array with the
983 	 * one sent previously, but that appears to be unnecessary
984 	 * as long as we end up with the same dialect.
985 	 */
986 	if (smb2_find_best_dialect(s, dialects, num_dialects) != s->dialect)
987 		goto drop;
988 
989 	rc = smb_mbc_encodef(
990 	    fsctl->out_mbc, "l#cww",
991 	    s->srv_cap,			/* l */
992 	    UUID_LEN,			/* # */
993 	    &s->s_cfg.skc_machine_uuid, /* c */
994 	    s->srv_secmode,		/* w */
995 	    s->dialect);		/* w */
996 	if (rc == 0)
997 		return (rc);
998 
999 drop:
1000 	smb_session_disconnect(s);
1001 	return (NT_STATUS_ACCESS_DENIED);
1002 }
1003