xref: /illumos-gate/usr/src/uts/common/fs/smbsrv/smb2_negotiate.c (revision 78801af7286cd73dbc996d470f789e75993cf15d)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2019 Nexenta Systems, Inc.  All rights reserved.
14  * Copyright 2020 RackTop Systems, Inc.
15  */
16 
17 /*
18  * Dispatch function for SMB2_NEGOTIATE
19  */
20 
21 #include <smbsrv/smb2_kproto.h>
22 #include <smbsrv/smb2.h>
23 #include <sys/random.h>
24 
25 static int smb2_negotiate_common(smb_request_t *, uint16_t);
26 
27 /* List of supported capabilities.  Can be patched for testing. */
28 uint32_t smb2srv_capabilities =
29 	SMB2_CAP_DFS |
30 	SMB2_CAP_LEASING |
31 	SMB2_CAP_LARGE_MTU |
32 	SMB2_CAP_PERSISTENT_HANDLES |
33 	SMB2_CAP_ENCRYPTION;
34 
35 /* These are the only capabilities defined for SMB2.X */
36 #define	SMB_2X_CAPS (SMB2_CAP_DFS | SMB2_CAP_LEASING | SMB2_CAP_LARGE_MTU)
37 
38 /*
39  * These are not intended as customer tunables, but dev. & test folks
40  * might want to adjust them (with caution).
41  *
42  * smb2_tcp_bufsize is the TCP buffer size, applied to the network socket
43  * with setsockopt SO_SNDBUF, SO_RCVBUF.  These set the TCP window size.
44  * This is also used as a "sanity limit" for internal send/reply message
45  * allocations.  Note that with compounding SMB2 messages may contain
46  * multiple requests/responses.  This size should be large enough for
47  * at least a few SMB2 requests, and at least 2X smb2_max_rwsize.
48  *
49  * smb2_max_rwsize is what we put in the SMB2 negotiate response to tell
50  * the client the largest read and write request size we'll support.
51  * For now, we're using contiguous allocations, so keep this at 64KB
52  * so that (even with message overhead) allocations stay below 128KB,
53  * avoiding kmem_alloc -> page_create_va thrashing.
54  *
55  * smb2_max_trans is the largest "transact" send or receive, which is
56  * used for directory listings and info set/get operations.
57  */
58 uint32_t smb2_tcp_bufsize = (1<<22);	/* 4MB */
59 uint32_t smb2_max_rwsize = (1<<16);	/* 64KB */
60 uint32_t smb2_max_trans  = (1<<16);	/* 64KB */
61 
62 /*
63  * With clients (e.g. HP scanners) that don't advertise SMB2_CAP_LARGE_MTU
64  * (including all clients using dialect < SMB 2.1), use a "conservative" value
65  * for max r/w size because some older clients misbehave with larger values.
66  * 64KB is recommended in the [MS-SMB2] spec.  (3.3.5.3.1 SMB 2.1 or SMB 3.x
67  * Support) as the minimum so we'll use that.
68  */
69 uint32_t smb2_old_rwsize = (1<<16);	/* 64KB */
70 
71 /*
72  * List of all SMB2 versions we implement.  Note that the
73  * versions we support may be limited by the
74  * _cfg.skc_max_protocol and min_protocol settings.
75  */
76 static uint16_t smb2_versions[] = {
77 	0x202,	/* SMB 2.002 */
78 	0x210,	/* SMB 2.1 */
79 	0x300,	/* SMB 3.0 */
80 	0x302,	/* SMB 3.02 */
81 	0x311,	/* SMB 3.11 */
82 };
83 static uint16_t smb2_nversions =
84     sizeof (smb2_versions) / sizeof (smb2_versions[0]);
85 
86 static boolean_t
87 smb2_supported_version(smb_session_t *s, uint16_t version)
88 {
89 	int i;
90 
91 	if (version > s->s_cfg.skc_max_protocol ||
92 	    version < s->s_cfg.skc_min_protocol)
93 		return (B_FALSE);
94 	for (i = 0; i < smb2_nversions; i++)
95 		if (version == smb2_versions[i])
96 			return (B_TRUE);
97 	return (B_FALSE);
98 }
99 
100 /*
101  * Helper for the (SMB1) smb_com_negotiate().  This is the
102  * very unusual protocol interaction where an SMB1 negotiate
103  * gets an SMB2 negotiate response.  This is the normal way
104  * clients first find out if the server supports SMB2.
105  *
106  * Note: This sends an SMB2 reply _itself_ and then returns
107  * SDRC_NO_REPLY so the caller will not send an SMB1 reply.
108  * Also, this is called directly from the reader thread, so
109  * we know this is the only thread using this session.
110  *
111  * The caller frees this request.
112  */
113 smb_sdrc_t
114 smb1_negotiate_smb2(smb_request_t *sr)
115 {
116 	smb_session_t *s = sr->session;
117 	smb_arg_negotiate_t *negprot = sr->sr_negprot;
118 	uint16_t smb2_version;
119 
120 	/*
121 	 * Note: In the SMB1 negotiate command handler, we
122 	 * agreed with one of the SMB2 dialects.  If that
123 	 * dialect was "SMB 2.002", we'll respond here with
124 	 * version 0x202 and negotiation is done.  If that
125 	 * dialect was "SMB 2.???", we'll respond here with
126 	 * the "wildcard" version 0x2FF, and the client will
127 	 * come back with an SMB2 negotiate.
128 	 */
129 	switch (negprot->ni_dialect) {
130 	case DIALECT_SMB2002:	/* SMB 2.002 (a.k.a. SMB2.0) */
131 		smb2_version = SMB_VERS_2_002;
132 		s->dialect = smb2_version;
133 		s->s_state = SMB_SESSION_STATE_NEGOTIATED;
134 		/* Allow normal SMB2 requests now. */
135 		s->newrq_func = smb2sr_newrq;
136 		break;
137 	case DIALECT_SMB2XXX:	/* SMB 2.??? (wildcard vers) */
138 		/*
139 		 * Expecting an SMB2 negotiate next, so keep the
140 		 * initial s->newrq_func.
141 		 */
142 		smb2_version = 0x2FF;
143 		break;
144 	default:
145 		return (SDRC_DROP_VC);
146 	}
147 
148 	/*
149 	 * We did not decode an SMB2 header, so make sure
150 	 * the SMB2 header fields are initialized.
151 	 * (Most are zero from smb_request_alloc.)
152 	 * Also, the SMB1 common dispatch code reserved space
153 	 * for an SMB1 header, which we need to undo here.
154 	 */
155 	sr->smb2_reply_hdr = sr->reply.chain_offset = 0;
156 	sr->smb2_cmd_code = SMB2_NEGOTIATE;
157 	sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR;
158 
159 	(void) smb2_encode_header(sr, B_FALSE);
160 	if (smb2_negotiate_common(sr, smb2_version) != 0)
161 		sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
162 	if (sr->smb2_status != 0)
163 		smb2sr_put_error(sr, sr->smb2_status);
164 	(void) smb2_encode_header(sr, B_TRUE);
165 
166 	smb2_send_reply(sr);
167 
168 	/*
169 	 * We sent the reply, so tell the SMB1 dispatch
170 	 * it should NOT (also) send a reply.
171 	 */
172 	return (SDRC_NO_REPLY);
173 }
174 
175 static uint16_t
176 smb2_find_best_dialect(smb_session_t *s, uint16_t cl_versions[],
177     uint16_t version_cnt)
178 {
179 	uint16_t best_version = 0;
180 	int i;
181 
182 	for (i = 0; i < version_cnt; i++)
183 		if (smb2_supported_version(s, cl_versions[i]) &&
184 		    best_version < cl_versions[i])
185 			best_version = cl_versions[i];
186 
187 	return (best_version);
188 }
189 
190 /*
191  * SMB2 Negotiate gets special handling.  This is called directly by
192  * the reader thread (see smbsr_newrq_initial) with what _should_ be
193  * an SMB2 Negotiate.  Only the "\feSMB" header has been checked
194  * when this is called, so this needs to check the SMB command,
195  * if it's Negotiate execute it, then send the reply, etc.
196  *
197  * Since this is called directly from the reader thread, we
198  * know this is the only thread currently using this session.
199  * This has to duplicate some of what smb2sr_work does as a
200  * result of bypassing the normal dispatch mechanism.
201  *
202  * The caller always frees this request.
203  *
204  * Return value is 0 for success, and anything else will
205  * terminate the reader thread (drop the connection).
206  */
207 enum smb2_neg_ctx_type {
208 	SMB2_PREAUTH_INTEGRITY_CAPS		= 1,
209 	SMB2_ENCRYPTION_CAPS			= 2,
210 	SMB2_COMPRESSION_CAPS			= 3,	/* not imlemented */
211 	SMB2_NETNAME_NEGOTIATE_CONTEXT_ID	= 5	/* not imlemented */
212 };
213 
214 typedef struct smb2_negotiate_ctx {
215 	uint16_t	type;
216 	uint16_t	datalen;
217 } smb2_neg_ctx_t;
218 
219 #define	SMB31_PREAUTH_CTX_SALT_LEN	32
220 
221 /*
222  * SMB 3.1.1 specifies the only hashing algorithm - SHA-512 and
223  * two encryption ones - AES-128-CCM and AES-128-GCM.
224  */
225 #define	MAX_HASHID_NUM	(1)
226 #define	MAX_CIPHER_NUM	(2)
227 
228 typedef struct smb2_preauth_integrity_caps {
229 	uint16_t	picap_hash_count;
230 	uint16_t	picap_salt_len;
231 	uint16_t	picap_hash_id;
232 	uint8_t		picap_salt[SMB31_PREAUTH_CTX_SALT_LEN];
233 } smb2_preauth_caps_t;
234 
235 typedef struct smb2_encryption_caps {
236 	uint16_t	encap_cipher_count;
237 	uint16_t	encap_cipher_ids[MAX_CIPHER_NUM];
238 } smb2_encrypt_caps_t;
239 
240 /*
241  * The contexts we support
242  */
243 typedef struct smb2_preauth_neg_ctx {
244 	smb2_neg_ctx_t		neg_ctx;
245 	smb2_preauth_caps_t	preauth_caps;
246 } smb2_preauth_neg_ctx_t;
247 
248 typedef struct smb2_encrypt_neg_ctx {
249 	smb2_neg_ctx_t		neg_ctx;
250 	smb2_encrypt_caps_t	encrypt_caps;
251 } smb2_encrypt_neg_ctx_t;
252 
253 typedef struct smb2_neg_ctxs {
254 	uint32_t		offset;
255 	uint16_t		count;
256 	smb2_preauth_neg_ctx_t	preauth_ctx;
257 	smb2_encrypt_neg_ctx_t	encrypt_ctx;
258 } smb2_neg_ctxs_t;
259 
260 #define	NEG_CTX_INFO_OFFSET	(SMB2_HDR_SIZE + 28)
261 #define	NEG_CTX_OFFSET_OFFSET	(SMB2_HDR_SIZE + 64)
262 #define	NEG_CTX_MAX_COUNT	(16)
263 #define	NEG_CTX_MAX_DATALEN	(256)
264 
265 #define	STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP	(0xC05D0000)
266 
267 #define	STATUS_PREAUTH_HASH_OVERLAP \
268     STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP
269 
270 /*
271  * This function should be called only for dialect >= 0x311
272  * Negotiate context list should contain exactly one
273  * SMB2_PREAUTH_INTEGRITY_CAPS context.
274  * Otherwise STATUS_INVALID_PARAMETER.
275  * It should contain at least 1 hash algorith what server does support.
276  * Otehrwise STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP.
277  */
278 static uint32_t
279 smb31_decode_neg_ctxs(smb_request_t *sr, smb2_neg_ctxs_t *neg_ctxs)
280 {
281 	smb_session_t *s = sr->session;
282 	smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
283 	smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
284 	boolean_t preauth_sha512_enabled = B_FALSE;
285 	boolean_t encrypt_ccm_enabled = B_FALSE;
286 	boolean_t encrypt_gcm_enabled = B_FALSE;
287 	uint16_t cipher = sr->sr_server->sv_cfg.skc_encrypt_cipher;
288 	uint32_t status = 0;
289 	int32_t skip;
290 	int found_preauth_ctx = 0;
291 	int found_encrypt_ctx = 0;
292 	int cnt, i;
293 	int rc;
294 
295 	sr->command.chain_offset = NEG_CTX_INFO_OFFSET;
296 
297 	rc = smb_mbc_decodef(&sr->command, "lw2.",
298 	    &neg_ctxs->offset,	/* l */
299 	    &neg_ctxs->count);	/* w */
300 	if (rc != 0) {
301 		status = NT_STATUS_INVALID_PARAMETER;
302 		goto errout;
303 	}
304 	/*
305 	 * There should be exactly 1 SMB2_PREAUTH_INTEGRITY_CAPS negotiate ctx.
306 	 * SMB2_ENCRYPTION_CAPS is optional one.
307 	 * If there is no contexts or there are to many then stop parsing.
308 	 */
309 	cnt = neg_ctxs->count;
310 	if (cnt < 1 || cnt > NEG_CTX_MAX_COUNT) {
311 		status = NT_STATUS_INVALID_PARAMETER;
312 		goto errout;
313 	}
314 
315 	/*
316 	 * Cannot proceed parsing if the first context isn't aligned by 8.
317 	 */
318 	if (neg_ctxs->offset % 8 != 0) {
319 		status = NT_STATUS_INVALID_PARAMETER;
320 		goto errout;
321 	}
322 
323 	if ((skip = neg_ctxs->offset - sr->command.chain_offset) != 0 &&
324 	    smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
325 		status = NT_STATUS_INVALID_PARAMETER;
326 		goto errout;
327 	}
328 
329 	/*
330 	 * Parse negotiate contexts. Ignore non-decoding errors to fill
331 	 * as much as possible data for dtrace probe.
332 	 */
333 	for (i = 0; i < cnt; i++) {
334 		smb2_neg_ctx_t neg_ctx;
335 		int32_t ctx_end_off;
336 		int32_t ctx_next_off;
337 
338 		if (i > 0) {
339 			if ((skip = ctx_next_off - ctx_end_off) != 0 &&
340 			    smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
341 				status = NT_STATUS_INVALID_PARAMETER;
342 				goto errout;
343 			}
344 		}
345 
346 		rc = smb_mbc_decodef(
347 		    &sr->command, "ww4.",
348 		    &neg_ctx.type,	/* w */
349 		    &neg_ctx.datalen);	/* w */
350 		if (rc != 0) {
351 			status = NT_STATUS_INVALID_PARAMETER;
352 			goto errout;
353 		}
354 
355 		/*
356 		 * We got something crazy
357 		 */
358 		if (neg_ctx.datalen > NEG_CTX_MAX_DATALEN) {
359 			status = NT_STATUS_INVALID_PARAMETER;
360 			goto errout;
361 		}
362 
363 		ctx_end_off = sr->command.chain_offset + neg_ctx.datalen;
364 		ctx_next_off = P2ROUNDUP(ctx_end_off, 8);
365 
366 		switch (neg_ctx.type) {
367 		case SMB2_PREAUTH_INTEGRITY_CAPS:
368 			memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
369 			    sizeof (neg_ctx));
370 
371 			if (found_preauth_ctx++ != 0) {
372 				status = NT_STATUS_INVALID_PARAMETER;
373 				continue;
374 			}
375 
376 			rc = smb_mbc_decodef(
377 			    &sr->command, "ww",
378 			    &picap->picap_hash_count,	/* w */
379 			    &picap->picap_salt_len);	/* w */
380 			if (rc != 0 || picap->picap_hash_count >
381 			    MAX_HASHID_NUM) {
382 				status = NT_STATUS_INVALID_PARAMETER;
383 				goto errout;
384 			}
385 
386 			/*
387 			 * Get hash id
388 			 */
389 			rc = smb_mbc_decodef(
390 			    &sr->command, "#w",
391 			    picap->picap_hash_count,
392 			    &picap->picap_hash_id);	/* w */
393 			if (rc != 0) {
394 				status = NT_STATUS_INVALID_PARAMETER;
395 				goto errout;
396 			}
397 
398 			/*
399 			 * Get salt
400 			 */
401 			rc = smb_mbc_decodef(
402 			    &sr->command, "#c",
403 			    sizeof (picap->picap_salt),
404 			    &picap->picap_salt[0]);	/* w */
405 			if (rc != 0) {
406 				status = NT_STATUS_INVALID_PARAMETER;
407 				goto errout;
408 			}
409 
410 			/*
411 			 * In SMB 0x311 there should be exactly 1 preauth
412 			 * negotiate context, and there should be exactly 1
413 			 * hash value in the list - SHA512.
414 			 */
415 			if (picap->picap_hash_count != 1) {
416 				status = NT_STATUS_INVALID_PARAMETER;
417 				continue;
418 			}
419 
420 			if (picap->picap_hash_id == SMB3_HASH_SHA512)
421 				preauth_sha512_enabled = B_TRUE;
422 			break;
423 		case SMB2_ENCRYPTION_CAPS:
424 			memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
425 			    sizeof (neg_ctx));
426 
427 			if (found_encrypt_ctx++ != 0) {
428 				status = NT_STATUS_INVALID_PARAMETER;
429 				continue;
430 			}
431 
432 			rc = smb_mbc_decodef(
433 			    &sr->command, "w",
434 			    &encap->encap_cipher_count);	/* w */
435 			if (rc != 0 || encap->encap_cipher_count >
436 			    MAX_CIPHER_NUM) {
437 				status = NT_STATUS_INVALID_PARAMETER;
438 				goto errout;
439 			}
440 
441 			/*
442 			 * Get cipher list
443 			 */
444 			rc = smb_mbc_decodef(
445 			    &sr->command, "#w",
446 			    encap->encap_cipher_count,
447 			    &encap->encap_cipher_ids[0]);	/* w */
448 			if (rc != 0) {
449 				status = NT_STATUS_INVALID_PARAMETER;
450 				goto errout;
451 			}
452 
453 			for (int k = 0; k < encap->encap_cipher_count; k++) {
454 				switch (encap->encap_cipher_ids[k]) {
455 				case SMB3_CIPHER_AES128_CCM:
456 					encrypt_ccm_enabled = B_TRUE;
457 					break;
458 				case SMB3_CIPHER_AES128_GCM:
459 					encrypt_gcm_enabled = B_TRUE;
460 					break;
461 				default:
462 					;
463 				}
464 			}
465 			break;
466 		default:
467 			;
468 		}
469 	}
470 
471 	if (status)
472 		goto errout;
473 
474 	/* Not found mandatory SMB2_PREAUTH_INTEGRITY_CAPS ctx */
475 	if (found_preauth_ctx != 1 || found_encrypt_ctx > 1) {
476 		status = NT_STATUS_INVALID_PARAMETER;
477 		goto errout;
478 	}
479 
480 	if (!preauth_sha512_enabled) {
481 		status = STATUS_PREAUTH_HASH_OVERLAP;
482 		goto errout;
483 	}
484 
485 	s->smb31_preauth_hashid = SMB3_HASH_SHA512;
486 
487 	switch (cipher) {
488 	case SMB3_CIPHER_AES128_GCM:
489 		if (encrypt_gcm_enabled) {
490 			s->smb31_enc_cipherid = cipher;
491 			break;
492 		}
493 		/* FALLTHROUGH */
494 	case SMB3_CIPHER_AES128_CCM:
495 		if (encrypt_ccm_enabled) {
496 			s->smb31_enc_cipherid = cipher;
497 			break;
498 		}
499 		/* FALLTHROUGH */
500 	default:
501 		s->smb31_enc_cipherid = 0;
502 	}
503 
504 errout:
505 	return (status);
506 }
507 
508 static int
509 smb31_encode_neg_ctxs(smb_request_t *sr, smb2_neg_ctxs_t *neg_ctxs)
510 {
511 	smb_session_t *s = sr->session;
512 	smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
513 	smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
514 	uint16_t salt_len = sizeof (picap->picap_salt);
515 	uint32_t preauth_ctx_len = 6 + salt_len;
516 	uint32_t enc_ctx_len = 4;
517 	uint32_t neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
518 	    P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
519 	uint32_t rc;
520 
521 	bzero(neg_ctxs, sizeof (*neg_ctxs));
522 
523 	if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
524 		return (rc);
525 
526 	ASSERT3S(neg_ctx_off, ==, sr->reply.chain_offset);
527 
528 	encap->encap_cipher_ids[0] = s->smb31_enc_cipherid;
529 	picap->picap_hash_id = s->smb31_preauth_hashid;
530 	picap->picap_salt_len = salt_len;
531 
532 	(void) random_get_pseudo_bytes(picap->picap_salt, salt_len);
533 
534 	rc = smb_mbc_encodef(
535 	    &sr->reply, "ww4.",
536 	    SMB2_PREAUTH_INTEGRITY_CAPS,
537 	    preauth_ctx_len
538 	    /* 4. */); /* reserved */
539 	if (rc != 0)
540 		return (rc);
541 
542 	rc = smb_mbc_encodef(
543 	    &sr->reply, "www#c",
544 	    1,				/* hash algo count */
545 	    salt_len,			/* salt length */
546 	    s->smb31_preauth_hashid,	/* hash id */
547 	    salt_len,			/* salt length */
548 	    picap->picap_salt);
549 
550 	/* aligned on 8-bytes boundary */
551 	if (rc != 0 || s->smb31_enc_cipherid == 0) {
552 		cmn_err(CE_NOTE, "Encryption is not supported");
553 		return (rc);
554 	}
555 
556 	if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
557 		return (rc);
558 
559 	rc = smb_mbc_encodef(
560 	    &sr->reply, "ww4.",
561 	    SMB2_ENCRYPTION_CAPS,
562 	    enc_ctx_len
563 	    /* 4. */); /* reserved */
564 
565 	rc = smb_mbc_encodef(
566 	    &sr->reply, "ww",
567 	    1,				/* cipher count */
568 	    s->smb31_enc_cipherid);	/* encrypt. cipher id */
569 
570 	return (rc);
571 }
572 
573 int
574 smb2_newrq_negotiate(smb_request_t *sr)
575 {
576 	smb_session_t *s = sr->session;
577 	smb2_neg_ctxs_t neg_in_ctxs;
578 	smb2_neg_ctxs_t neg_out_ctxs;
579 	smb2_arg_negotiate_t *nego2 = &sr->sr_nego2;
580 	int rc;
581 	uint32_t status = 0;
582 	uint16_t struct_size;
583 	uint16_t best_version;
584 
585 	bzero(&neg_in_ctxs, sizeof (neg_in_ctxs));
586 	bzero(&neg_out_ctxs, sizeof (neg_out_ctxs));
587 
588 	sr->smb2_cmd_hdr = sr->command.chain_offset;
589 	rc = smb2_decode_header(sr);
590 	if (rc != 0)
591 		return (rc);
592 
593 	if (sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR)
594 		return (-1);
595 
596 	if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) ||
597 	    (sr->smb2_next_command != 0))
598 		return (-1);
599 
600 	/*
601 	 * Decode SMB2 Negotiate (fixed-size part)
602 	 */
603 	rc = smb_mbc_decodef(
604 	    &sr->command, "www..l16c8.",
605 	    &struct_size,	/* w */
606 	    &s->cli_dialect_cnt,	/* w */
607 	    &s->cli_secmode,	/* w */
608 	    /* reserved		(..) */
609 	    &s->capabilities,	/* l */
610 	    s->clnt_uuid);	/* 16c */
611 	    /* start_time	  8. */
612 	if (rc != 0)
613 		return (rc);
614 	if (struct_size != 36)
615 		return (-1);
616 
617 	/*
618 	 * Decode SMB2 Negotiate (variable part)
619 	 *
620 	 * Be somewhat tolerant while decoding the variable part
621 	 * so we can return errors instead of dropping the client.
622 	 * Will limit decoding to the size of cli_dialects here,
623 	 * and do the error checks on s->cli_dialect_cnt after the
624 	 * dtrace start probe.
625 	 */
626 	if (s->cli_dialect_cnt > 0 &&
627 	    s->cli_dialect_cnt <= SMB2_NEGOTIATE_MAX_DIALECTS &&
628 	    smb_mbc_decodef(&sr->command, "#w", s->cli_dialect_cnt,
629 	    s->cli_dialects) != 0) {
630 		/* decode error; force an error below */
631 		s->cli_dialect_cnt = 0;
632 	}
633 
634 	/*
635 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
636 	 * "If the DialectCount of the SMB2 NEGOTIATE Request is 0, the
637 	 * server MUST fail the request with STATUS_INVALID_PARAMETER."
638 	 */
639 	if (s->cli_dialect_cnt == 0 ||
640 	    s->cli_dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS) {
641 		status = NT_STATUS_INVALID_PARAMETER;
642 	}
643 
644 	/*
645 	 * The client offers an array of protocol versions it
646 	 * supports, which we have decoded into s->cli_dialects[].
647 	 * We walk the array and pick the highest supported.
648 	 *
649 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
650 	 * "If a common dialect is not found, the server MUST fail
651 	 * the request with STATUS_NOT_SUPPORTED."
652 	 */
653 
654 	if (status == 0) {
655 		best_version = smb2_find_best_dialect(s, s->cli_dialects,
656 		    s->cli_dialect_cnt);
657 		if (best_version >= SMB_VERS_3_11) {
658 			status = smb31_decode_neg_ctxs(sr, &neg_in_ctxs);
659 			nego2->neg_in_ctxs = &neg_in_ctxs;
660 		} else if (best_version == 0) {
661 			status = NT_STATUS_NOT_SUPPORTED;
662 		}
663 	}
664 
665 	DTRACE_SMB2_START(op__Negotiate, smb_request_t *, sr);
666 	nego2->neg_in_ctxs = NULL;
667 
668 	sr->smb2_hdr_flags |= SMB2_FLAGS_SERVER_TO_REDIR;
669 	(void) smb2_encode_header(sr, B_FALSE);
670 
671 	if (status != 0)
672 		goto errout;
673 
674 	/*
675 	 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
676 	 * "If the SMB2 header of the SMB2 NEGOTIATE request has the
677 	 * SMB2_FLAGS_SIGNED bit set in the Flags field, the server
678 	 * MUST fail the request with STATUS_INVALID_PARAMETER."
679 	 */
680 	if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) != 0) {
681 		sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
682 		status = NT_STATUS_INVALID_PARAMETER;
683 		goto errout;
684 	}
685 
686 	s->dialect = best_version;
687 
688 	/* Allow normal SMB2 requests now. */
689 	s->s_state = SMB_SESSION_STATE_NEGOTIATED;
690 	s->newrq_func = smb2sr_newrq;
691 
692 	if (smb2_negotiate_common(sr, best_version) != 0)
693 		status = NT_STATUS_INTERNAL_ERROR;
694 
695 	if (s->dialect >= SMB_VERS_3_11 && status == 0) {
696 		if (smb31_encode_neg_ctxs(sr, &neg_out_ctxs) != 0)
697 			status = NT_STATUS_INTERNAL_ERROR;
698 		nego2->neg_out_ctxs = &neg_out_ctxs;
699 	}
700 
701 errout:
702 	sr->smb2_status = status;
703 	DTRACE_SMB2_DONE(op__Negotiate, smb_request_t *, sr);
704 	nego2->neg_out_ctxs = NULL;
705 
706 	if (sr->smb2_status != 0)
707 		smb2sr_put_error(sr, sr->smb2_status);
708 	(void) smb2_encode_header(sr, B_TRUE);
709 
710 	if (s->dialect >= SMB_VERS_3_11 && sr->smb2_status == 0) {
711 		ASSERT3U(s->smb31_preauth_hashid, !=, 0);
712 		if (smb31_preauth_sha512_calc(sr, &sr->reply,
713 		    s->smb31_preauth_hashval,
714 		    s->smb31_preauth_hashval) != 0)
715 			cmn_err(CE_WARN, "(1) Preauth hash calculation "
716 			    "failed");
717 	}
718 
719 	smb2_send_reply(sr);
720 
721 	return (rc);
722 }
723 
724 /*
725  * Common parts of SMB2 Negotiate, used for both the
726  * SMB1-to-SMB2 style, and straight SMB2 style.
727  * Do negotiation decisions and encode the reply.
728  * The caller does the network send.
729  *
730  * Return value is 0 for success, else error.
731  */
732 static int
733 smb2_negotiate_common(smb_request_t *sr, uint16_t version)
734 {
735 	timestruc_t boot_tv, now_tv;
736 	smb_session_t *s = sr->session;
737 	int rc;
738 	uint32_t max_rwsize;
739 	uint16_t secmode;
740 	uint16_t neg_ctx_cnt = 0;
741 	uint32_t neg_ctx_off = 0;
742 
743 	/*
744 	 * Negotiation itself.  First the Security Mode.
745 	 */
746 	secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
747 	if (sr->sr_cfg->skc_signing_required)
748 		secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
749 	s->srv_secmode = secmode;
750 
751 	s->cmd_max_bytes = smb2_tcp_bufsize;
752 	s->reply_max_bytes = smb2_tcp_bufsize;
753 
754 	/*
755 	 * "The number of credits held by the client MUST be considered
756 	 * as 1 when the connection is established." [MS-SMB2]
757 	 * We leave credits at 1 until the first successful
758 	 * session setup is completed.
759 	 */
760 	s->s_cur_credits = s->s_max_credits = 1;
761 	sr->smb2_credit_response = 1;
762 
763 	boot_tv.tv_sec = smb_get_boottime();
764 	boot_tv.tv_nsec = 0;
765 	now_tv.tv_sec = gethrestime_sec();
766 	now_tv.tv_nsec = 0;
767 
768 	/*
769 	 * If the version is 0x2FF, we haven't completed negotiate.
770 	 * Don't initialize until we have our final request.
771 	 */
772 	if (version != 0x2FF)
773 		smb2_sign_init_mech(s);
774 	if (version >= 0x311)
775 		smb31_preauth_init_mech(s);
776 
777 	/*
778 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
779 	 *
780 	 * The SMB2.x capabilities are returned without regard for
781 	 * what capabilities the client provided in the request.
782 	 * The SMB3.x capabilities returned are the traditional
783 	 * logical AND of server and client capabilities.
784 	 *
785 	 * One additional check: If KCF is missing something we
786 	 * require for encryption, turn off that capability.
787 	 */
788 	if (s->dialect < SMB_VERS_2_1) {
789 		/* SMB 2.002 */
790 		s->srv_cap = smb2srv_capabilities & SMB2_CAP_DFS;
791 	} else if (s->dialect < SMB_VERS_3_0) {
792 		/* SMB 2.x */
793 		s->srv_cap = smb2srv_capabilities & SMB_2X_CAPS;
794 	} else {
795 		/* SMB 3.0 or later */
796 		s->srv_cap = smb2srv_capabilities &
797 		    (SMB_2X_CAPS | s->capabilities);
798 		if ((s->srv_cap & SMB2_CAP_ENCRYPTION) != 0 &&
799 		    smb3_encrypt_init_mech(s) != 0) {
800 			s->srv_cap &= ~SMB2_CAP_ENCRYPTION;
801 			s->smb31_enc_cipherid = 0;
802 		}
803 
804 		if (s->dialect >= SMB_VERS_3_11) {
805 			neg_ctx_cnt = s->smb31_enc_cipherid == 0 ? 1 : 2;
806 			neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
807 			    P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
808 
809 			ASSERT3U(s->smb31_preauth_hashid, !=, 0);
810 
811 			if (smb31_preauth_sha512_calc(sr, &sr->command,
812 			    s->smb31_preauth_hashval,
813 			    s->smb31_preauth_hashval) != 0)
814 				cmn_err(CE_WARN, "(0) Preauth hash calculation "
815 				    "failed");
816 		}
817 	}
818 
819 	/*
820 	 * See notes above smb2_max_rwsize, smb2_old_rwsize
821 	 */
822 	if (s->capabilities & SMB2_CAP_LARGE_MTU)
823 		max_rwsize = smb2_max_rwsize;
824 	else
825 		max_rwsize = smb2_old_rwsize;
826 
827 	rc = smb_mbc_encodef(
828 	    &sr->reply,
829 	    "wwww#cllllTTwwl#c",
830 	    65,	/* StructSize */	/* w */
831 	    s->srv_secmode,		/* w */
832 	    version,			/* w */
833 	    neg_ctx_cnt,		/* w */
834 	    UUID_LEN,			/* # */
835 	    &s->s_cfg.skc_machine_uuid, /* c */
836 	    s->srv_cap,			/* l */
837 	    smb2_max_trans,		/* l */
838 	    max_rwsize,			/* l */
839 	    max_rwsize,			/* l */
840 	    &now_tv,			/* T */
841 	    &boot_tv,			/* T */
842 	    128, /* SecBufOff */	/* w */
843 	    sr->sr_cfg->skc_negtok_len,	/* w */
844 	    neg_ctx_off,		/* l */
845 	    sr->sr_cfg->skc_negtok_len,	/* # */
846 	    sr->sr_cfg->skc_negtok);	/* c */
847 
848 
849 
850 	/* smb2_send_reply(sr); in caller */
851 
852 	(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
853 	    SO_SNDBUF, (const void *)&smb2_tcp_bufsize,
854 	    sizeof (smb2_tcp_bufsize), CRED());
855 	(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
856 	    SO_RCVBUF, (const void *)&smb2_tcp_bufsize,
857 	    sizeof (smb2_tcp_bufsize), CRED());
858 
859 	return (rc);
860 }
861 
862 /*
863  * SMB2 Dispatch table handler, which will run if we see an
864  * SMB2_NEGOTIATE after the initial negotiation is done.
865  * That would be a protocol error.
866  */
867 smb_sdrc_t
868 smb2_negotiate(smb_request_t *sr)
869 {
870 	sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
871 	return (SDRC_ERROR);
872 }
873 
874 /*
875  * VALIDATE_NEGOTIATE_INFO [MS-SMB2] 2.2.32.6
876  */
877 uint32_t
878 smb2_nego_validate(smb_request_t *sr, smb_fsctl_t *fsctl)
879 {
880 	smb_session_t *s = sr->session;
881 	boolean_t smb311 = s->s_cfg.skc_max_protocol >= SMB_VERS_3_11;
882 	int rc;
883 
884 	/*
885 	 * The spec. says to parse the VALIDATE_NEGOTIATE_INFO here
886 	 * and verify that the original negotiate was not modified.
887 	 * The request MUST be signed, and we MUST validate the signature.
888 	 *
889 	 * One interesting requirement here is that we MUST reply
890 	 * with exactly the same information as we returned in our
891 	 * original reply to the SMB2 negotiate on this session.
892 	 * If we don't the client closes the connection.
893 	 */
894 
895 	uint32_t capabilities;
896 	uint16_t secmode;
897 	uint16_t num_dialects;
898 	uint16_t dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
899 	uint8_t clnt_guid[16];
900 
901 	if (s->dialect >= SMB_VERS_3_11)
902 		goto drop;
903 
904 	if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0)
905 		goto drop;
906 
907 	if (fsctl->InputCount < 24)
908 		goto drop;
909 
910 	(void) smb_mbc_decodef(fsctl->in_mbc, "l16cww",
911 	    &capabilities, /* l */
912 	    &clnt_guid, /* 16c */
913 	    &secmode, /* w */
914 	    &num_dialects); /* w */
915 
916 	if (num_dialects == 0 || num_dialects > SMB2_NEGOTIATE_MAX_DIALECTS)
917 		goto drop;
918 	if (smb311 && num_dialects != s->cli_dialect_cnt)
919 		goto drop;
920 	if (secmode != s->cli_secmode)
921 		goto drop;
922 	if (capabilities != s->capabilities)
923 		goto drop;
924 	if (memcmp(clnt_guid, s->clnt_uuid, sizeof (clnt_guid)) != 0)
925 		goto drop;
926 
927 	if (fsctl->InputCount < (24 + num_dialects * sizeof (*dialects)))
928 		goto drop;
929 
930 	rc = smb_mbc_decodef(fsctl->in_mbc, "#w", num_dialects, dialects);
931 	if (rc != 0)
932 		goto drop;
933 
934 	if (smb311) {
935 		for (int i = 0; i < num_dialects; i++) {
936 			if (dialects[i] != s->cli_dialects[i])
937 				goto drop;
938 		}
939 	} else {
940 		if (smb2_find_best_dialect(s, dialects, num_dialects) !=
941 		    s->dialect)
942 			goto drop;
943 	}
944 
945 	rc = smb_mbc_encodef(
946 	    fsctl->out_mbc, "l#cww",
947 	    s->srv_cap,			/* l */
948 	    UUID_LEN,			/* # */
949 	    &s->s_cfg.skc_machine_uuid, /* c */
950 	    s->srv_secmode,		/* w */
951 	    s->dialect);		/* w */
952 	if (rc == 0)
953 		return (rc);
954 
955 drop:
956 	smb_session_disconnect(s);
957 	return (NT_STATUS_ACCESS_DENIED);
958 }
959