#include <smbsrv/smb2_kproto.h>
#include <smbsrv/smb2.h>
#include <sys/random.h>
#define SMB2_NEGOTIATE_MAX_DIALECTS 64
static int smb2_negotiate_common(smb_request_t *, uint16_t);
uint32_t smb2srv_capabilities =
SMB2_CAP_DFS |
SMB2_CAP_LEASING |
SMB2_CAP_LARGE_MTU |
SMB2_CAP_PERSISTENT_HANDLES |
SMB2_CAP_ENCRYPTION;
#define SMB_2X_CAPS (SMB2_CAP_DFS | SMB2_CAP_LEASING | SMB2_CAP_LARGE_MTU)
uint32_t smb2_tcp_bufsize = (1<<22);
uint32_t smb2_max_rwsize = (1<<20);
uint32_t smb2_max_trans = (1<<16);
uint32_t smb2_old_rwsize = (1<<16);
static uint16_t smb2_versions[] = {
0x202,
0x210,
0x300,
0x302,
0x311,
};
static uint16_t smb2_nversions =
sizeof (smb2_versions) / sizeof (smb2_versions[0]);
enum smb2_neg_ctx_type {
SMB2_PREAUTH_INTEGRITY_CAPS = 1,
SMB2_ENCRYPTION_CAPS = 2,
SMB2_COMPRESSION_CAPS = 3,
SMB2_NETNAME_NEGOTIATE_CONTEXT_ID = 5,
SMB2_TRANSPORT_CAPS = 6,
SMB2_RDMA_TRANSFORM_CAPS = 7,
SMB2_SIGNING_CAPS = 8,
};
typedef struct smb2_negotiate_ctx {
uint16_t type;
uint16_t datalen;
} smb2_neg_ctx_t;
#define SMB31_PREAUTH_CTX_SALT_LEN 32
#define MAX_HASHID_NUM (1)
#define MAX_CIPHER_NUM (8)
typedef struct smb2_preauth_integrity_caps {
uint16_t picap_hash_count;
uint16_t picap_salt_len;
uint16_t picap_hash_ids[MAX_HASHID_NUM];
uint8_t picap_salt[SMB31_PREAUTH_CTX_SALT_LEN];
} smb2_preauth_caps_t;
typedef struct smb2_encryption_caps {
uint16_t encap_cipher_count;
uint16_t encap_cipher_ids[MAX_CIPHER_NUM];
} smb2_encrypt_caps_t;
typedef struct smb2_signing_caps {
uint16_t sicap_alg_count;
uint16_t sicap_alg_ids[MAX_CIPHER_NUM];
} smb2_sign_caps_t;
typedef struct smb2_preauth_neg_ctx {
smb2_neg_ctx_t neg_ctx;
smb2_preauth_caps_t preauth_caps;
} smb2_preauth_neg_ctx_t;
typedef struct smb2_encrypt_neg_ctx {
smb2_neg_ctx_t neg_ctx;
smb2_encrypt_caps_t encrypt_caps;
} smb2_encrypt_neg_ctx_t;
typedef struct smb2_sign_neg_ctx {
smb2_neg_ctx_t neg_ctx;
smb2_sign_caps_t sign_caps;
} smb2_sign_neg_ctx_t;
typedef struct smb2_neg_ctxs {
uint32_t offset;
uint16_t count;
smb2_preauth_neg_ctx_t preauth_ctx;
smb2_encrypt_neg_ctx_t encrypt_ctx;
smb2_sign_neg_ctx_t sign_ctx;
boolean_t has_preauth;
boolean_t has_encrypt;
boolean_t has_signing;
} smb2_neg_ctxs_t;
#define NEG_CTX_INFO_OFFSET (SMB2_HDR_SIZE + 28)
#define NEG_CTX_OFFSET_OFFSET (SMB2_HDR_SIZE + 64)
#define NEG_CTX_MAX_COUNT (16)
#define NEG_CTX_MAX_DATALEN (256)
#define STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP (0xC05D0000)
#define STATUS_PREAUTH_HASH_OVERLAP \
STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP
typedef struct smb2_arg_negotiate {
struct smb2_neg_ctxs neg_in_ctxs;
struct smb2_neg_ctxs neg_out_ctxs;
smb2_neg_ctx_t neg_cur_ctx;
const char *neg_err_rsn;
uint16_t neg_dialect_cnt;
uint16_t neg_dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
uint16_t neg_highest_dialect;
} smb2_arg_negotiate_t;
static boolean_t
smb2_supported_version(smb_session_t *s, uint16_t version)
{
int i;
if (version > s->s_cfg.skc_max_protocol ||
version < s->s_cfg.skc_min_protocol)
return (B_FALSE);
for (i = 0; i < smb2_nversions; i++)
if (version == smb2_versions[i])
return (B_TRUE);
return (B_FALSE);
}
static uint16_t
smb2_find_best_dialect(smb_session_t *s, uint16_t cl_versions[],
uint16_t version_cnt)
{
uint16_t best_version = 0;
int i;
for (i = 0; i < version_cnt; i++)
if (smb2_supported_version(s, cl_versions[i]) &&
best_version < cl_versions[i])
best_version = cl_versions[i];
return (best_version);
}
static uint32_t
smb31_decode_neg_ctxs(smb_request_t *sr)
{
smb2_arg_negotiate_t *nego = sr->arg.other;
smb2_neg_ctxs_t *neg_ctxs = &nego->neg_in_ctxs;
smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
smb2_sign_caps_t *sicap = &neg_ctxs->sign_ctx.sign_caps;
uint32_t status = 0;
int32_t ctx_next_off;
int32_t skip;
int found_preauth_ctx = 0;
int found_encrypt_ctx = 0;
int found_signing_ctx = 0;
int cnt, i;
int rc;
cnt = neg_ctxs->count;
if (cnt < 1 || cnt > NEG_CTX_MAX_COUNT) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Bad context count";
goto errout;
}
if (neg_ctxs->offset % 8 != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "First context unaligned";
goto errout;
}
ctx_next_off = neg_ctxs->offset;
for (i = 0; i < cnt; i++) {
skip = ctx_next_off - sr->command.chain_offset;
if (skip < 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "skip < 0";
goto errout;
}
if (skip > 0 &&
smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Failed to skip to context";
goto errout;
}
rc = smb_mbc_decodef(
&sr->command, "ww4.",
&nego->neg_cur_ctx.type,
&nego->neg_cur_ctx.datalen);
DTRACE_PROBE2(new__ctx, smb_request_t *, sr,
smb2_arg_negotiate_t *, nego);
if (rc != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Decoding header failed";
goto errout;
}
if (nego->neg_cur_ctx.datalen > NEG_CTX_MAX_DATALEN) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Invalid context length";
goto errout;
}
ctx_next_off = P2ROUNDUP(
sr->command.chain_offset + nego->neg_cur_ctx.datalen, 8);
switch (nego->neg_cur_ctx.type) {
case SMB2_PREAUTH_INTEGRITY_CAPS:
neg_ctxs->preauth_ctx.neg_ctx = nego->neg_cur_ctx;
if (found_preauth_ctx++ != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Multiple preauth contexts";
continue;
}
neg_ctxs->has_preauth = B_TRUE;
rc = smb_mbc_decodef(
&sr->command, "ww",
&picap->picap_hash_count,
&picap->picap_salt_len);
if (rc != 0 || picap->picap_hash_count >
MAX_HASHID_NUM) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Bad preauth lengths";
goto errout;
}
rc = smb_mbc_decodef(
&sr->command, "#w",
picap->picap_hash_count,
&picap->picap_hash_ids[0]);
if (rc != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn =
"Failed to decode preauth hashes";
goto errout;
}
rc = smb_mbc_decodef(
&sr->command, "#c",
sizeof (picap->picap_salt),
&picap->picap_salt[0]);
if (rc != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn =
"Failed to decode preauth salt";
goto errout;
}
break;
case SMB2_ENCRYPTION_CAPS:
neg_ctxs->encrypt_ctx.neg_ctx = nego->neg_cur_ctx;
if (found_encrypt_ctx++ != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Multiple encrypt contexts";
continue;
}
neg_ctxs->has_encrypt = B_TRUE;
rc = smb_mbc_decodef(
&sr->command, "w",
&encap->encap_cipher_count);
if (rc != 0 || encap->encap_cipher_count >
MAX_CIPHER_NUM) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn =
"Bad encryption cipher count";
goto errout;
}
rc = smb_mbc_decodef(
&sr->command, "#w",
encap->encap_cipher_count,
&encap->encap_cipher_ids[0]);
if (rc != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn =
"Failed to decode encryption ciphers";
goto errout;
}
break;
case SMB2_SIGNING_CAPS:
neg_ctxs->sign_ctx.neg_ctx = nego->neg_cur_ctx;
if (found_signing_ctx++ != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn = "Multiple signing contexts";
continue;
}
neg_ctxs->has_signing = B_TRUE;
rc = smb_mbc_decodef(
&sr->command, "w",
&sicap->sicap_alg_count);
if (rc != 0 || sicap->sicap_alg_count >
MAX_CIPHER_NUM || sicap->sicap_alg_count == 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn =
"Bad signing algorithm count";
goto errout;
}
rc = smb_mbc_decodef(
&sr->command, "#w",
sicap->sicap_alg_count,
&sicap->sicap_alg_ids[0]);
if (rc != 0) {
status = NT_STATUS_INVALID_PARAMETER;
nego->neg_err_rsn =
"Failed to decode signing algorithms";
goto errout;
}
break;
default:
DTRACE_PROBE2(unknown, smb_request_t *, sr,
smb2_arg_negotiate_t *, nego);
break;
}
}
errout:
DTRACE_PROBE3(decode, smb_request_t *, sr, smb2_arg_negotiate_t *, nego,
uint32_t, status);
return (status);
}
static uint32_t
smb31_process_preauth_caps(smb_request_t *sr, smb2_neg_ctxs_t *in_ctx,
smb2_neg_ctxs_t *out_ctx)
{
smb2_preauth_caps_t *in_caps = &in_ctx->preauth_ctx.preauth_caps;
smb2_preauth_caps_t *out_caps = &out_ctx->preauth_ctx.preauth_caps;
smb_session_t *s = sr->session;
if (!in_ctx->has_preauth)
return (NT_STATUS_INVALID_PARAMETER);
for (int i = 0; i < in_caps->picap_hash_count; i++) {
uint16_t c = in_caps->picap_hash_ids[i];
if (c == SMB3_HASH_SHA512) {
uint16_t salt_len = sizeof (out_caps->picap_salt);
s->smb31_preauth_hashid = c;
out_caps->picap_hash_count = 1;
out_caps->picap_hash_ids[0] = c;
out_caps->picap_salt_len = salt_len;
out_ctx->has_preauth = B_TRUE;
(void) random_get_pseudo_bytes(out_caps->picap_salt,
salt_len);
return (NT_STATUS_SUCCESS);
}
}
s->smb31_preauth_hashid = 0;
out_caps->picap_hash_count = 0;
return (STATUS_PREAUTH_HASH_OVERLAP);
}
static void
smb31_process_encrypt_caps(smb_request_t *sr, smb2_neg_ctxs_t *in_ctx,
smb2_neg_ctxs_t *out_ctx)
{
smb2_encrypt_caps_t *in_caps = &in_ctx->encrypt_ctx.encrypt_caps;
smb2_encrypt_caps_t *out_caps = &out_ctx->encrypt_ctx.encrypt_caps;
smb_session_t *s = sr->session;
if (!in_ctx->has_encrypt) {
s->smb31_enc_cipherid = 0;
return;
}
out_ctx->has_encrypt = B_TRUE;
out_caps->encap_cipher_count = 1;
for (int i = 0; i < in_caps->encap_cipher_count; i++) {
uint16_t c = in_caps->encap_cipher_ids[i];
uint32_t ciphers = sr->sr_server->sv_cfg.skc_encrypt_ciphers;
if (c < SMB3_CIPHER_ID_MAX &&
(SMB3_CIPHER_BIT(c) & ciphers) != 0) {
s->smb31_enc_cipherid = c;
out_caps->encap_cipher_ids[0] = c;
return;
}
}
s->smb31_enc_cipherid = 0;
out_caps->encap_cipher_ids[0] = 0;
}
static void
smb31_process_signing_caps(smb_request_t *sr, smb2_neg_ctxs_t *in_ctx,
smb2_neg_ctxs_t *out_ctx)
{
smb2_sign_caps_t *in_caps = &in_ctx->sign_ctx.sign_caps;
smb2_sign_caps_t *out_caps = &out_ctx->sign_ctx.sign_caps;
smb_session_t *s = sr->session;
if (!in_ctx->has_signing) {
s->smb31_sign_algid = SMB3_SIGN_AES128_CMAC;
return;
}
out_caps->sicap_alg_count = 1;
out_ctx->has_signing = B_TRUE;
for (int i = 0; i < in_caps->sicap_alg_count; i++) {
uint16_t c = in_caps->sicap_alg_ids[i];
uint32_t sign_algs = sr->sr_server->sv_cfg.skc_sign_algs;
if (c < SMB3_SIGN_ID_MAX &&
(SMB3_SIGN_ALG_BIT(c) & sign_algs) != 0) {
s->smb31_sign_algid = c;
out_caps->sicap_alg_ids[0] = c;
return;
}
}
s->smb31_sign_algid = SMB3_SIGN_AES128_CMAC;
out_caps->sicap_alg_ids[0] = SMB3_SIGN_AES128_CMAC;
}
static uint32_t
smb31_process_neg_ctxs(smb_request_t *sr)
{
smb2_arg_negotiate_t *nego = sr->arg.other;
uint32_t status;
status = smb31_process_preauth_caps(sr, &nego->neg_in_ctxs,
&nego->neg_out_ctxs);
if (status != NT_STATUS_SUCCESS)
return (status);
smb31_process_encrypt_caps(sr, &nego->neg_in_ctxs,
&nego->neg_out_ctxs);
smb31_process_signing_caps(sr, &nego->neg_in_ctxs,
&nego->neg_out_ctxs);
return (status);
}
static int
smb31_encode_neg_ctxs(smb_request_t *sr)
{
smb2_arg_negotiate_t *nego = sr->arg.other;
smb2_neg_ctxs_t *neg_ctxs = &nego->neg_out_ctxs;
smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
smb2_sign_caps_t *sicap = &neg_ctxs->sign_ctx.sign_caps;
uint16_t salt_len = picap->picap_salt_len;
uint32_t preauth_ctx_len = 6 + salt_len;
uint32_t enc_ctx_len = 4;
uint32_t sign_ctx_len = 4;
uint32_t neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
uint32_t rc;
if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
return (rc);
ASSERT3S(neg_ctx_off, ==, sr->reply.chain_offset);
rc = smb_mbc_encodef(
&sr->reply, "ww4.",
SMB2_PREAUTH_INTEGRITY_CAPS,
preauth_ctx_len
);
if (rc != 0)
return (rc);
ASSERT3U(picap->picap_hash_count, ==, 1);
rc = smb_mbc_encodef(
&sr->reply, "www#c",
picap->picap_hash_count,
picap->picap_salt_len,
picap->picap_hash_ids[0],
picap->picap_salt_len,
picap->picap_salt);
if (rc != 0)
return (rc);
if (neg_ctxs->has_encrypt) {
if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
return (rc);
rc = smb_mbc_encodef(
&sr->reply, "ww4.",
SMB2_ENCRYPTION_CAPS,
enc_ctx_len
);
if (rc != 0)
return (rc);
ASSERT3U(encap->encap_cipher_count, ==, 1);
rc = smb_mbc_encodef(
&sr->reply, "ww",
encap->encap_cipher_count,
encap->encap_cipher_ids[0]);
if (rc != 0)
return (rc);
}
if (neg_ctxs->has_signing) {
if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
return (rc);
rc = smb_mbc_encodef(
&sr->reply, "ww4.",
SMB2_SIGNING_CAPS,
sign_ctx_len
);
if (rc != 0)
return (rc);
ASSERT3U(sicap->sicap_alg_count, ==, 1);
rc = smb_mbc_encodef(
&sr->reply, "ww",
sicap->sicap_alg_count,
sicap->sicap_alg_ids[0]);
if (rc != 0)
return (rc);
}
return (0);
}
smb_sdrc_t
smb1_negotiate_smb2(smb_request_t *sr)
{
smb_session_t *s = sr->session;
smb_arg_negotiate_t *negprot = sr->sr_negprot;
uint16_t smb2_version;
switch (negprot->ni_dialect) {
case DIALECT_SMB2002:
smb2_version = SMB_VERS_2_002;
s->dialect = smb2_version;
s->s_state = SMB_SESSION_STATE_NEGOTIATED;
s->newrq_func = smb2sr_newrq;
break;
case DIALECT_SMB2XXX:
smb2_version = 0x2FF;
break;
default:
return (SDRC_DROP_VC);
}
sr->smb2_reply_hdr = sr->reply.chain_offset = 0;
sr->smb2_cmd_code = SMB2_NEGOTIATE;
sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR;
sr->arg.other = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
(void) smb2_encode_header(sr, B_FALSE);
if (smb2_negotiate_common(sr, smb2_version) != 0)
sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
if (sr->smb2_status != 0)
smb2sr_put_error(sr, sr->smb2_status);
(void) smb2_encode_header(sr, B_TRUE);
smb2_send_reply(sr);
return (SDRC_NO_REPLY);
}
int
smb2_newrq_negotiate(smb_request_t *sr)
{
smb_session_t *s = sr->session;
smb2_arg_negotiate_t *nego;
int rc;
uint32_t nctx_status = 0;
uint32_t status = 0;
uint32_t neg_ctx_off;
uint16_t neg_ctx_cnt;
uint16_t struct_size;
uint16_t dialect_cnt;
uint16_t best_version;
nego = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
sr->arg.other = nego;
sr->smb2_cmd_hdr = sr->command.chain_offset;
rc = smb2_decode_header(sr);
if (rc != 0)
return (rc);
if (sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR)
return (-1);
if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) ||
(sr->smb2_next_command != 0))
return (-1);
rc = smb_mbc_decodef(
&sr->command, "www..l16clw..",
&struct_size,
&dialect_cnt,
&s->cli_secmode,
&s->capabilities,
s->clnt_uuid,
&neg_ctx_off,
&neg_ctx_cnt);
if (rc != 0)
return (rc);
if (struct_size != 36)
return (-1);
if (dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS)
nego->neg_dialect_cnt = SMB2_NEGOTIATE_MAX_DIALECTS;
else
nego->neg_dialect_cnt = dialect_cnt;
if (nego->neg_dialect_cnt > 0) {
rc = smb_mbc_decodef(&sr->command, "#w",
nego->neg_dialect_cnt,
nego->neg_dialects);
if (rc != 0)
return (rc);
}
best_version = smb2_find_best_dialect(s, nego->neg_dialects,
nego->neg_dialect_cnt);
if (best_version >= SMB_VERS_3_11) {
nego->neg_in_ctxs.offset = neg_ctx_off;
nego->neg_in_ctxs.count = neg_ctx_cnt;
nctx_status = smb31_decode_neg_ctxs(sr);
}
DTRACE_SMB2_START(op__Negotiate, smb_request_t *, sr);
sr->smb2_credit_response = 1;
sr->smb2_hdr_flags |= SMB2_FLAGS_SERVER_TO_REDIR;
(void) smb2_encode_header(sr, B_FALSE);
if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) != 0) {
sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
status = NT_STATUS_INVALID_PARAMETER;
goto errout;
}
if (dialect_cnt == 0 ||
dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS) {
status = NT_STATUS_INVALID_PARAMETER;
goto errout;
}
if (best_version == 0) {
status = NT_STATUS_NOT_SUPPORTED;
goto errout;
}
if (nctx_status != 0) {
status = nctx_status;
goto errout;
}
s->dialect = best_version;
s->s_state = SMB_SESSION_STATE_NEGOTIATED;
s->newrq_func = smb2sr_newrq;
if (s->dialect >= SMB_VERS_3_11) {
status = smb31_process_neg_ctxs(sr);
if (status != NT_STATUS_SUCCESS)
goto errout;
}
if (smb2_negotiate_common(sr, best_version) != 0)
status = NT_STATUS_INTERNAL_ERROR;
if (s->dialect >= SMB_VERS_3_11 && status == 0) {
if (smb31_encode_neg_ctxs(sr) != 0)
status = NT_STATUS_INTERNAL_ERROR;
}
errout:
sr->smb2_status = status;
DTRACE_SMB2_DONE(op__Negotiate, smb_request_t *, sr);
if (sr->smb2_status != 0)
smb2sr_put_error(sr, sr->smb2_status);
(void) smb2_encode_header(sr, B_TRUE);
if (s->dialect >= SMB_VERS_3_11 && sr->smb2_status == 0) {
ASSERT3U(s->smb31_preauth_hashid, !=, 0);
if (smb31_preauth_sha512_calc(sr, &sr->reply,
s->smb31_preauth_hashval,
s->smb31_preauth_hashval) != 0)
cmn_err(CE_WARN, "(1) Preauth hash calculation "
"failed");
}
smb2_send_reply(sr);
return (rc);
}
static int
smb2_negotiate_common(smb_request_t *sr, uint16_t version)
{
timestruc_t boot_tv, now_tv;
smb_session_t *s = sr->session;
smb2_arg_negotiate_t *nego = sr->arg.other;
int rc;
uint32_t max_rwsize;
uint16_t secmode;
uint16_t neg_ctx_cnt = 0;
uint32_t neg_ctx_off = 0;
secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
if (sr->sr_cfg->skc_signing_required)
secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
s->srv_secmode = secmode;
s->cmd_max_bytes = smb2_tcp_bufsize;
s->reply_max_bytes = smb2_tcp_bufsize;
s->s_cur_credits = s->s_max_credits = 1;
sr->smb2_credit_response = 1;
boot_tv.tv_sec = smb_get_boottime();
boot_tv.tv_nsec = 0;
now_tv.tv_sec = gethrestime_sec();
now_tv.tv_nsec = 0;
if (version >= 0x311)
smb31_preauth_init_mech(s);
if (s->dialect < SMB_VERS_2_1) {
s->srv_cap = smb2srv_capabilities & SMB2_CAP_DFS;
} else if (s->dialect < SMB_VERS_3_0) {
s->srv_cap = smb2srv_capabilities & SMB_2X_CAPS;
s->smb31_sign_algid = SMB3_SIGN_SHA256_HMAC;
} else {
s->srv_cap = smb2srv_capabilities &
(SMB_2X_CAPS | s->capabilities);
if (s->dialect < SMB_VERS_3_11) {
s->smb31_enc_cipherid = SMB3_CIPHER_AES128_CCM;
s->smb31_sign_algid = SMB3_SIGN_AES128_CMAC;
}
if ((s->srv_cap & SMB2_CAP_ENCRYPTION) != 0 &&
smb3_encrypt_init_mech(s) != 0) {
s->srv_cap &= ~SMB2_CAP_ENCRYPTION;
}
if (s->dialect >= SMB_VERS_3_11) {
smb2_encrypt_caps_t *encap =
&nego->neg_out_ctxs.encrypt_ctx.encrypt_caps;
smb2_sign_caps_t *sicap =
&nego->neg_out_ctxs.sign_ctx.sign_caps;
neg_ctx_cnt = 1;
if (encap->encap_cipher_count != 0)
neg_ctx_cnt++;
if (sicap->sicap_alg_count != 0)
neg_ctx_cnt++;
neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
ASSERT3U(s->smb31_preauth_hashid, !=, 0);
if (smb31_preauth_sha512_calc(sr, &sr->command,
s->smb31_preauth_hashval,
s->smb31_preauth_hashval) != 0)
cmn_err(CE_WARN, "(0) Preauth hash calculation "
"failed");
}
}
if (version != 0x2FF)
smb2_sign_init_mech(s);
if (s->capabilities & SMB2_CAP_LARGE_MTU)
max_rwsize = smb2_max_rwsize;
else
max_rwsize = smb2_old_rwsize;
rc = smb_mbc_encodef(
&sr->reply,
"wwww#cllllTTwwl#c",
65,
s->srv_secmode,
version,
neg_ctx_cnt,
UUID_LEN,
&s->s_cfg.skc_machine_uuid,
s->srv_cap,
smb2_max_trans,
max_rwsize,
max_rwsize,
&now_tv,
&boot_tv,
128,
sr->sr_cfg->skc_negtok_len,
neg_ctx_off,
sr->sr_cfg->skc_negtok_len,
sr->sr_cfg->skc_negtok);
(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
SO_SNDBUF, (const void *)&smb2_tcp_bufsize,
sizeof (smb2_tcp_bufsize), CRED());
(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
SO_RCVBUF, (const void *)&smb2_tcp_bufsize,
sizeof (smb2_tcp_bufsize), CRED());
return (rc);
}
smb_sdrc_t
smb2_negotiate(smb_request_t *sr)
{
sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
return (SDRC_ERROR);
}
uint32_t
smb2_nego_validate(smb_request_t *sr, smb_fsctl_t *fsctl)
{
smb_session_t *s = sr->session;
int rc;
uint32_t capabilities;
uint16_t secmode;
uint16_t num_dialects;
uint16_t dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
uint8_t clnt_guid[16];
if (s->dialect >= SMB_VERS_3_11)
goto drop;
if (!sr->encrypted && (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0)
goto drop;
if (fsctl->InputCount < 24)
goto drop;
(void) smb_mbc_decodef(fsctl->in_mbc, "l16cww",
&capabilities,
&clnt_guid,
&secmode,
&num_dialects);
if (num_dialects == 0 || num_dialects > SMB2_NEGOTIATE_MAX_DIALECTS)
goto drop;
if (secmode != s->cli_secmode)
goto drop;
if (capabilities != s->capabilities)
goto drop;
if (memcmp(clnt_guid, s->clnt_uuid, sizeof (clnt_guid)) != 0)
goto drop;
rc = smb_mbc_decodef(fsctl->in_mbc, "#w", num_dialects, dialects);
if (rc != 0)
goto drop;
if (smb2_find_best_dialect(s, dialects, num_dialects) != s->dialect)
goto drop;
rc = smb_mbc_encodef(
fsctl->out_mbc, "l#cww",
s->srv_cap,
UUID_LEN,
&s->s_cfg.skc_machine_uuid,
s->srv_secmode,
s->dialect);
if (rc == 0)
return (rc);
drop:
smb_session_disconnect(s);
return (NT_STATUS_ACCESS_DENIED);
}
