Print this page
NEX-20371 SMB2 message sizes cause lock contention in page_create_va
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-19944 SMB2 server should require signed Validate Negotiate requests
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-17589 Get "too high" smbd error when copy big file to cifs share (redo)
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-17289 Minimal SMB 3.0.2 support
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-17001 illumos 9500 HP scanner needs smaller SMB2 rwsize
9500 HP scanner needs smaller SMB2 rwsize
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
Reviewed by: Andy Fiddaman <omnios@citrus-it.net>
Reviewed by: Bill Sommerfeld <sommerfeld@hamachi.org>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Gordon Ross <gordon.w.ross@gmail.com>
NEX-15959 SMB 2.1 negotiation failure after NEX-9808
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-15959 SMB 2.1 negotiation failure after NEX-9808
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15578 SMB2 durable handle redesign
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15578 SMB2 durable handle redesign
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-10231 SMB logon fails in fksmbd (small fix)
NEX-10019 SMB server min_protocol setting
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-10231 SMB logon fails in fksmbd
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
NEX-1643 dtrace provider for smbsrv
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-9864 Some SMB cancel races remain after NEX-5845
Revert (part of) "NEX-5845 rework SMB immediate cancel"
reverts (part of) commit 7a5da69f6d42b17ebcc95ca3d02925d07a01343e.
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-5844 want SMB2 ioctl FSCTL_SRV_COPYCHUNK
NEX-6124 smb_fsop_read/write should allow file != sr->fid_ofile
NEX-6125 smbtorture invalid response with smb2.ioctl
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-4598 SMB2 credit shortage with Mac client
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-3738 Should support SMB2_CAP_LARGE_MTU
Reviewed by: Alek Pinchuk <alek@nexenta.com>
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-3610 CLONE NEX-3591 SMB3 signing
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
NEX-3611 CLONE NEX-3550 Replace smb2_enable with max_protocol
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
NEX-2976 SMB2 client may fail to connect when server requires signing
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
NEX-2781 SMB2 credit handling needs work
NEX-2353 Codenomicon: SMB2 TC # 448950 - PANIC in SMB2.Compounded-commands...
SUP-887 Mac client hangs when accessing an SMB2 share on a nexenta 4.0 system
SMB-137 assertion failed: (sr->reply.chain_offset & 7) == 0, file: ../../common/fs/smbsrv/smb2_dispatch.c, line: 727
SMB-55 SMB2 signing
NEX-1059 Shared folder is not available in Windows 7/8/2012 when SMB2 is enabled in Workgroup mode
(Implement "Secure Negotiation")
NEX-1050 enable_smb2 should be smb2_enable
SMB-11 SMB2 message parse & dispatch
SMB-12 SMB2 Negotiate Protocol
SMB-13 SMB2 Session Setup
SMB-14 SMB2 Logoff
SMB-15 SMB2 Tree Connect
SMB-16 SMB2 Tree Disconnect
SMB-17 SMB2 Create
SMB-18 SMB2 Close
SMB-19 SMB2 Flush
SMB-20 SMB2 Read
SMB-21 SMB2 Write
SMB-22 SMB2 Lock/Unlock
SMB-23 SMB2 Ioctl
SMB-24 SMB2 Cancel
SMB-25 SMB2 Echo
SMB-26 SMB2 Query Dir
SMB-27 SMB2 Change Notify
SMB-28 SMB2 Query Info
SMB-29 SMB2 Set Info
SMB-30 SMB2 Oplocks
SMB-53 SMB2 Create Context options
(SMB2 code review cleanup 1, 2, 3)
*** 8,18 ****
* source. A copy of the CDDL is also available via the Internet at
* http://www.illumos.org/license/CDDL.
*/
/*
! * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Dispatch function for SMB2_NEGOTIATE
*/
--- 8,18 ----
* source. A copy of the CDDL is also available via the Internet at
* http://www.illumos.org/license/CDDL.
*/
/*
! * Copyright 2019 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Dispatch function for SMB2_NEGOTIATE
*/
*** 22,33 ****
static int smb2_negotiate_common(smb_request_t *, uint16_t);
uint32_t smb2srv_capabilities =
SMB2_CAP_DFS |
! SMB2_CAP_LARGE_MTU;
/*
* These are not intended as customer tunables, but dev. & test folks
* might want to adjust them (with caution).
*
* smb2_tcp_bufsize is the TCP buffer size, applied to the network socket
--- 22,39 ----
static int smb2_negotiate_common(smb_request_t *, uint16_t);
uint32_t smb2srv_capabilities =
SMB2_CAP_DFS |
! SMB2_CAP_LEASING |
! SMB2_CAP_LARGE_MTU |
! SMB2_CAP_PERSISTENT_HANDLES |
! SMB2_CAP_ENCRYPTION;
+ /* These are the only capabilities defined for SMB2.X */
+ #define SMB_2X_CAPS (SMB2_CAP_DFS | SMB2_CAP_LEASING | SMB2_CAP_LARGE_MTU)
+
/*
* These are not intended as customer tunables, but dev. & test folks
* might want to adjust them (with caution).
*
* smb2_tcp_bufsize is the TCP buffer size, applied to the network socket
*** 37,74 ****
* multiple requests/responses. This size should be large enough for
* at least a few SMB2 requests, and at least 2X smb2_max_rwsize.
*
* smb2_max_rwsize is what we put in the SMB2 negotiate response to tell
* the client the largest read and write request size we'll support.
! * One megabyte is a compromise between efficiency on fast networks
! * and memory consumption (for the buffers) on the server side.
*
* smb2_max_trans is the largest "transact" send or receive, which is
* used for directory listings and info set/get operations.
*/
uint32_t smb2_tcp_bufsize = (1<<22); /* 4MB */
! uint32_t smb2_max_rwsize = (1<<20); /* 1MB */
uint32_t smb2_max_trans = (1<<16); /* 64KB */
/*
* List of all SMB2 versions we implement. Note that the
! * highest version we support may be limited by the
! * _cfg.skc_max_protocol setting.
*/
static uint16_t smb2_versions[] = {
0x202, /* SMB 2.002 */
0x210, /* SMB 2.1 */
};
static uint16_t smb2_nversions =
sizeof (smb2_versions) / sizeof (smb2_versions[0]);
static boolean_t
smb2_supported_version(smb_session_t *s, uint16_t version)
{
int i;
! if (version > s->s_cfg.skc_max_protocol)
return (B_FALSE);
for (i = 0; i < smb2_nversions; i++)
if (version == smb2_versions[i])
return (B_TRUE);
return (B_FALSE);
--- 43,93 ----
* multiple requests/responses. This size should be large enough for
* at least a few SMB2 requests, and at least 2X smb2_max_rwsize.
*
* smb2_max_rwsize is what we put in the SMB2 negotiate response to tell
* the client the largest read and write request size we'll support.
! * For now, we're using contiguous allocations, so keep this at 64KB
! * so that (even with message overhead) allocations stay below 128KB,
! * avoiding kmem_alloc -> page_create_va thrashing.
*
* smb2_max_trans is the largest "transact" send or receive, which is
* used for directory listings and info set/get operations.
*/
uint32_t smb2_tcp_bufsize = (1<<22); /* 4MB */
! uint32_t smb2_max_rwsize = (1<<16); /* 64KB */
uint32_t smb2_max_trans = (1<<16); /* 64KB */
/*
+ * With clients (e.g. HP scanners) that don't advertise SMB2_CAP_LARGE_MTU
+ * (including all clients using dialect < SMB 2.1), use a "conservative" value
+ * for max r/w size because some older clients misbehave with larger values.
+ * 64KB is recommended in the [MS-SMB2] spec. (3.3.5.3.1 SMB 2.1 or SMB 3.x
+ * Support) as the minimum so we'll use that.
+ */
+ uint32_t smb2_old_rwsize = (1<<16); /* 64KB */
+
+ /*
* List of all SMB2 versions we implement. Note that the
! * versions we support may be limited by the
! * _cfg.skc_max_protocol and min_protocol settings.
*/
static uint16_t smb2_versions[] = {
0x202, /* SMB 2.002 */
0x210, /* SMB 2.1 */
+ 0x300, /* SMB 3.0 */
+ 0x302, /* SMB 3.02 */
};
static uint16_t smb2_nversions =
sizeof (smb2_versions) / sizeof (smb2_versions[0]);
static boolean_t
smb2_supported_version(smb_session_t *s, uint16_t version)
{
int i;
! if (version > s->s_cfg.skc_max_protocol ||
! version < s->s_cfg.skc_min_protocol)
return (B_FALSE);
for (i = 0; i < smb2_nversions; i++)
if (version == smb2_versions[i])
return (B_TRUE);
return (B_FALSE);
*** 91,101 ****
smb1_negotiate_smb2(smb_request_t *sr)
{
smb_session_t *s = sr->session;
smb_arg_negotiate_t *negprot = sr->sr_negprot;
uint16_t smb2_version;
- uint16_t secmode2;
int rc;
/*
* Note: In the SMB1 negotiate command handler, we
* agreed with one of the SMB2 dialects. If that
--- 110,119 ----
*** 105,146 ****
* the "wildcard" version 0x2FF, and the client will
* come back with an SMB2 negotiate.
*/
switch (negprot->ni_dialect) {
case DIALECT_SMB2002: /* SMB 2.002 (a.k.a. SMB2.0) */
! smb2_version = 0x202;
s->dialect = smb2_version;
s->s_state = SMB_SESSION_STATE_NEGOTIATED;
/* Allow normal SMB2 requests now. */
s->newrq_func = smb2sr_newrq;
-
- /*
- * Translate SMB1 sec. mode to SMB2.
- */
- secmode2 = 0;
- if (s->secmode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)
- secmode2 |= SMB2_NEGOTIATE_SIGNING_ENABLED;
- if (s->secmode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)
- secmode2 |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
- s->secmode = secmode2;
break;
case DIALECT_SMB2XXX: /* SMB 2.??? (wildcard vers) */
/*
* Expecting an SMB2 negotiate next, so keep the
! * initial s->newrq_func. Note that secmode is
! * fiction good enough to pass the signing check
! * in smb2_negotiate_common(). We'll check the
! * real secmode when the 2nd negotiate comes.
*/
smb2_version = 0x2FF;
- s->secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
break;
default:
return (SDRC_DROP_VC);
}
/*
* We did not decode an SMB2 header, so make sure
* the SMB2 header fields are initialized.
* (Most are zero from smb_request_alloc.)
* Also, the SMB1 common dispatch code reserved space
* for an SMB1 header, which we need to undo here.
--- 123,162 ----
* the "wildcard" version 0x2FF, and the client will
* come back with an SMB2 negotiate.
*/
switch (negprot->ni_dialect) {
case DIALECT_SMB2002: /* SMB 2.002 (a.k.a. SMB2.0) */
! smb2_version = SMB_VERS_2_002;
s->dialect = smb2_version;
s->s_state = SMB_SESSION_STATE_NEGOTIATED;
/* Allow normal SMB2 requests now. */
s->newrq_func = smb2sr_newrq;
break;
case DIALECT_SMB2XXX: /* SMB 2.??? (wildcard vers) */
/*
* Expecting an SMB2 negotiate next, so keep the
! * initial s->newrq_func.
*/
smb2_version = 0x2FF;
break;
default:
return (SDRC_DROP_VC);
}
/*
+ * Clients that negotiate SMB2 from SMB1 have not yet had the
+ * opportunity to provide us with a secmode. However, any
+ * client that negotiates SMB2 should support signing, so
+ * this should be fiction good enough to pass the signing
+ * check in smb2_negotiate_common(). Even if the client
+ * doesn't support signing and we require it, we'll fail them
+ * later when they fail to sign the packet. For 2.???,
+ * we'll check the real secmode when the 2nd negotiate comes.
+ */
+ s->cli_secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+
+ /*
* We did not decode an SMB2 header, so make sure
* the SMB2 header fields are initialized.
* (Most are zero from smb_request_alloc.)
* Also, the SMB1 common dispatch code reserved space
* for an SMB1 header, which we need to undo here.
*** 147,162 ****
--- 163,198 ----
*/
sr->smb2_reply_hdr = sr->reply.chain_offset = 0;
sr->smb2_cmd_code = SMB2_NEGOTIATE;
rc = smb2_negotiate_common(sr, smb2_version);
+ smb2_send_reply(sr);
if (rc != 0)
return (SDRC_DROP_VC);
+ /*
+ * We sent the reply, so tell the SMB1 dispatch
+ * it should NOT (also) send a reply.
+ */
return (SDRC_NO_REPLY);
}
+ static uint16_t
+ smb2_find_best_dialect(smb_session_t *s, uint16_t cl_versions[],
+ uint16_t version_cnt)
+ {
+ uint16_t best_version = 0;
+ int i;
+
+ for (i = 0; i < version_cnt; i++)
+ if (smb2_supported_version(s, cl_versions[i]) &&
+ best_version < cl_versions[i])
+ best_version = cl_versions[i];
+
+ return (best_version);
+ }
+
/*
* SMB2 Negotiate gets special handling. This is called directly by
* the reader thread (see smbsr_newrq_initial) with what _should_ be
* an SMB2 Negotiate. Only the "\feSMB" header has been checked
* when this is called, so this needs to check the SMB command,
*** 166,181 ****
* know this is the only thread currently using this session.
* This has to duplicate some of what smb2sr_work does as a
* result of bypassing the normal dispatch mechanism.
*
* The caller always frees this request.
*/
int
smb2_newrq_negotiate(smb_request_t *sr)
{
smb_session_t *s = sr->session;
! int i, rc;
uint16_t struct_size;
uint16_t best_version;
uint16_t version_cnt;
uint16_t cl_versions[8];
--- 202,220 ----
* know this is the only thread currently using this session.
* This has to duplicate some of what smb2sr_work does as a
* result of bypassing the normal dispatch mechanism.
*
* The caller always frees this request.
+ *
+ * Return value is 0 for success, and anything else will
+ * terminate the reader thread (drop the connection).
*/
int
smb2_newrq_negotiate(smb_request_t *sr)
{
smb_session_t *s = sr->session;
! int rc;
uint16_t struct_size;
uint16_t best_version;
uint16_t version_cnt;
uint16_t cl_versions[8];
*** 184,275 ****
if (rc != 0)
return (rc);
if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) ||
(sr->smb2_next_command != 0))
! return (SDRC_DROP_VC);
/*
* Decode SMB2 Negotiate (fixed-size part)
*/
rc = smb_mbc_decodef(
! &sr->command, "www..l16.8.",
&struct_size, /* w */
&version_cnt, /* w */
! &s->secmode, /* w */
/* reserved (..) */
! &s->capabilities); /* l */
! /* clnt_uuid 16. */
/* start_time 8. */
if (rc != 0)
return (rc);
if (struct_size != 36 || version_cnt > 8)
! return (SDRC_DROP_VC);
/*
* Decode SMB2 Negotiate (variable part)
*/
rc = smb_mbc_decodef(&sr->command,
"#w", version_cnt, cl_versions);
if (rc != 0)
! return (SDRC_DROP_VC);
/*
* The client offers an array of protocol versions it
* supports, which we have decoded into cl_versions[].
* We walk the array and pick the highest supported.
*/
! best_version = 0;
! for (i = 0; i < version_cnt; i++)
! if (smb2_supported_version(s, cl_versions[i]) &&
! best_version < cl_versions[i])
! best_version = cl_versions[i];
! if (best_version == 0)
! return (SDRC_DROP_VC);
s->dialect = best_version;
/* Allow normal SMB2 requests now. */
s->s_state = SMB_SESSION_STATE_NEGOTIATED;
s->newrq_func = smb2sr_newrq;
rc = smb2_negotiate_common(sr, best_version);
- if (rc != 0)
- return (SDRC_DROP_VC);
! return (0);
}
/*
* Common parts of SMB2 Negotiate, used for both the
* SMB1-to-SMB2 style, and straight SMB2 style.
! * Do negotiation decisions, encode, send the reply.
*/
static int
smb2_negotiate_common(smb_request_t *sr, uint16_t version)
{
timestruc_t boot_tv, now_tv;
smb_session_t *s = sr->session;
int rc;
uint16_t secmode;
sr->smb2_status = 0;
/*
* Negotiation itself. First the Security Mode.
- * The caller stashed the client's secmode in s->secmode,
- * which we validate, and then replace with the server's
- * secmode, which is all we care about after this.
*/
secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
if (sr->sr_cfg->skc_signing_required) {
secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
/* Make sure client at least enables signing. */
! if ((s->secmode & secmode) == 0) {
sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
}
}
! s->secmode = secmode;
s->cmd_max_bytes = smb2_tcp_bufsize;
s->reply_max_bytes = smb2_tcp_bufsize;
/*
--- 223,323 ----
if (rc != 0)
return (rc);
if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) ||
(sr->smb2_next_command != 0))
! return (-1);
/*
* Decode SMB2 Negotiate (fixed-size part)
*/
rc = smb_mbc_decodef(
! &sr->command, "www..l16c8.",
&struct_size, /* w */
&version_cnt, /* w */
! &s->cli_secmode, /* w */
/* reserved (..) */
! &s->capabilities, /* l */
! s->clnt_uuid); /* 16c */
/* start_time 8. */
if (rc != 0)
return (rc);
if (struct_size != 36 || version_cnt > 8)
! return (-1);
/*
* Decode SMB2 Negotiate (variable part)
*/
rc = smb_mbc_decodef(&sr->command,
"#w", version_cnt, cl_versions);
if (rc != 0)
! return (rc);
+ DTRACE_SMB2_START(op__Negotiate, smb_request_t *, sr);
+
/*
* The client offers an array of protocol versions it
* supports, which we have decoded into cl_versions[].
* We walk the array and pick the highest supported.
*/
! best_version = smb2_find_best_dialect(s, cl_versions, version_cnt);
! if (best_version == 0) {
! cmn_err(CE_NOTE, "clnt %s no supported dialect",
! sr->session->ip_addr_str);
! sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
! rc = -1;
! goto errout;
! }
s->dialect = best_version;
/* Allow normal SMB2 requests now. */
s->s_state = SMB_SESSION_STATE_NEGOTIATED;
s->newrq_func = smb2sr_newrq;
rc = smb2_negotiate_common(sr, best_version);
! errout:
! /* sr->smb2_status was set */
! DTRACE_SMB2_DONE(op__Negotiate, smb_request_t *, sr);
!
! smb2_send_reply(sr);
!
! return (rc);
}
/*
* Common parts of SMB2 Negotiate, used for both the
* SMB1-to-SMB2 style, and straight SMB2 style.
! * Do negotiation decisions and encode the reply.
! * The caller does the network send.
! *
! * Return value is 0 for success, and anything else will
! * terminate the reader thread (drop the connection).
*/
static int
smb2_negotiate_common(smb_request_t *sr, uint16_t version)
{
timestruc_t boot_tv, now_tv;
smb_session_t *s = sr->session;
int rc;
+ uint32_t max_rwsize;
uint16_t secmode;
sr->smb2_status = 0;
/*
* Negotiation itself. First the Security Mode.
*/
secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
if (sr->sr_cfg->skc_signing_required) {
secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
/* Make sure client at least enables signing. */
! if ((s->cli_secmode & secmode) == 0) {
sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
}
}
! s->srv_secmode = secmode;
s->cmd_max_bytes = smb2_tcp_bufsize;
s->reply_max_bytes = smb2_tcp_bufsize;
/*
*** 291,326 ****
*/
sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR;
(void) smb2_encode_header(sr, B_FALSE);
if (sr->smb2_status != 0) {
smb2sr_put_error(sr, sr->smb2_status);
! smb2_send_reply(sr);
return (-1); /* will drop */
}
rc = smb_mbc_encodef(
&sr->reply,
"wwww#cllllTTwwl#c",
65, /* StructSize */ /* w */
! s->secmode, /* w */
version, /* w */
0, /* reserved */ /* w */
UUID_LEN, /* # */
&s->s_cfg.skc_machine_uuid, /* c */
! smb2srv_capabilities, /* l */
smb2_max_trans, /* l */
! smb2_max_rwsize, /* l */
! smb2_max_rwsize, /* l */
&now_tv, /* T */
&boot_tv, /* T */
128, /* SecBufOff */ /* w */
sr->sr_cfg->skc_negtok_len, /* w */
0, /* reserved */ /* l */
sr->sr_cfg->skc_negtok_len, /* # */
sr->sr_cfg->skc_negtok); /* c */
! smb2_send_reply(sr);
(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
SO_SNDBUF, (const void *)&smb2_tcp_bufsize,
sizeof (smb2_tcp_bufsize), CRED());
(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
--- 339,413 ----
*/
sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR;
(void) smb2_encode_header(sr, B_FALSE);
if (sr->smb2_status != 0) {
smb2sr_put_error(sr, sr->smb2_status);
! /* smb2_send_reply(sr); in caller */
return (-1); /* will drop */
}
+ /*
+ * If the version is 0x2FF, we haven't completed negotiate.
+ * Don't initialize until we have our final request.
+ */
+ if (version != 0x2FF)
+ smb2_sign_init_mech(s);
+
+ /*
+ * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
+ *
+ * The SMB2.x capabilities are returned without regard for
+ * what capabilities the client provided in the request.
+ * The SMB3.x capabilities returned are the traditional
+ * logical AND of server and client capabilities.
+ *
+ * One additional check: If KCF is missing something we
+ * require for encryption, turn off that capability.
+ */
+ if (s->dialect < SMB_VERS_3_0) {
+ /* SMB 2.x */
+ s->srv_cap = smb2srv_capabilities & SMB_2X_CAPS;
+ } else {
+ /* SMB 3.0 or later */
+ s->srv_cap = smb2srv_capabilities &
+ (SMB_2X_CAPS | s->capabilities);
+ if ((s->srv_cap & SMB2_CAP_ENCRYPTION) != 0 &&
+ smb3_encrypt_init_mech(s) != 0) {
+ s->srv_cap &= ~SMB2_CAP_ENCRYPTION;
+ }
+ }
+
+ /*
+ * See notes above smb2_max_rwsize, smb2_old_rwsize
+ */
+ if (s->capabilities & SMB2_CAP_LARGE_MTU)
+ max_rwsize = smb2_max_rwsize;
+ else
+ max_rwsize = smb2_old_rwsize;
+
rc = smb_mbc_encodef(
&sr->reply,
"wwww#cllllTTwwl#c",
65, /* StructSize */ /* w */
! s->srv_secmode, /* w */
version, /* w */
0, /* reserved */ /* w */
UUID_LEN, /* # */
&s->s_cfg.skc_machine_uuid, /* c */
! s->srv_cap, /* l */
smb2_max_trans, /* l */
! max_rwsize, /* l */
! max_rwsize, /* l */
&now_tv, /* T */
&boot_tv, /* T */
128, /* SecBufOff */ /* w */
sr->sr_cfg->skc_negtok_len, /* w */
0, /* reserved */ /* l */
sr->sr_cfg->skc_negtok_len, /* # */
sr->sr_cfg->skc_negtok); /* c */
! /* smb2_send_reply(sr); in caller */
(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
SO_SNDBUF, (const void *)&smb2_tcp_bufsize,
sizeof (smb2_tcp_bufsize), CRED());
(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
*** 344,377 ****
/*
* VALIDATE_NEGOTIATE_INFO [MS-SMB2] 2.2.32.6
*/
uint32_t
! smb2_fsctl_vneginfo(smb_request_t *sr, smb_fsctl_t *fsctl)
{
smb_session_t *s = sr->session;
int rc;
/*
* The spec. says to parse the VALIDATE_NEGOTIATE_INFO here
* and verify that the original negotiate was not modified.
! * The only tampering we need worry about is secmode, and
! * we're not taking that from the client, so don't bother.
*
* One interesting requirement here is that we MUST reply
* with exactly the same information as we returned in our
* original reply to the SMB2 negotiate on this session.
* If we don't the client closes the connection.
*/
rc = smb_mbc_encodef(
fsctl->out_mbc, "l#cww",
! smb2srv_capabilities, /* l */
UUID_LEN, /* # */
&s->s_cfg.skc_machine_uuid, /* c */
! s->secmode, /* w */
s->dialect); /* w */
! if (rc)
! return (NT_STATUS_INTERNAL_ERROR);
! return (0);
}
--- 431,501 ----
/*
* VALIDATE_NEGOTIATE_INFO [MS-SMB2] 2.2.32.6
*/
uint32_t
! smb2_nego_validate(smb_request_t *sr, smb_fsctl_t *fsctl)
{
smb_session_t *s = sr->session;
int rc;
/*
* The spec. says to parse the VALIDATE_NEGOTIATE_INFO here
* and verify that the original negotiate was not modified.
! * The request MUST be signed, and we MUST validate the signature.
*
* One interesting requirement here is that we MUST reply
* with exactly the same information as we returned in our
* original reply to the SMB2 negotiate on this session.
* If we don't the client closes the connection.
*/
+ /* dialects[8] taken from cl_versions[8] in smb2_newrq_negotiate */
+ uint32_t capabilities;
+ uint16_t secmode, num_dialects, dialects[8];
+ uint8_t clnt_guid[16];
+
+ if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0)
+ goto drop;
+
+ if (fsctl->InputCount < 24)
+ goto drop;
+
+ (void) smb_mbc_decodef(fsctl->in_mbc, "l16cww",
+ &capabilities, /* l */
+ &clnt_guid, /* 16c */
+ &secmode, /* w */
+ &num_dialects); /* w */
+
+ if (num_dialects == 0 || num_dialects > 8)
+ goto drop;
+ if (secmode != s->cli_secmode)
+ goto drop;
+ if (capabilities != s->capabilities)
+ goto drop;
+ if (memcmp(clnt_guid, s->clnt_uuid, sizeof (clnt_guid)) != 0)
+ goto drop;
+
+ if (fsctl->InputCount < (24 + num_dialects * sizeof (*dialects)))
+ goto drop;
+
+ rc = smb_mbc_decodef(fsctl->in_mbc, "#w", num_dialects, dialects);
+ if (rc != 0)
+ goto drop;
+
+ if (smb2_find_best_dialect(s, dialects, num_dialects) != s->dialect)
+ goto drop;
+
rc = smb_mbc_encodef(
fsctl->out_mbc, "l#cww",
! s->srv_cap, /* l */
UUID_LEN, /* # */
&s->s_cfg.skc_machine_uuid, /* c */
! s->srv_secmode, /* w */
s->dialect); /* w */
! if (rc == 0)
! return (rc);
! drop:
! smb_session_disconnect(s);
! return (NT_STATUS_ACCESS_DENIED);
}