Print this page
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-1643 dtrace provider for smbsrv
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
SUP-672 Zero-padded IP address strings returned by SMB server...
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
SUP-866 smbd lwps stuck in libsocket recv() for no apparent reason
SMB-152 mem leak in smb_authenticate_ext/smb_authsock_sendrecv
SMB-55 SMB2 signing
SMB-11 SMB2 message parse & dispatch
SMB-12 SMB2 Negotiate Protocol
SMB-13 SMB2 Session Setup
SMB-14 SMB2 Logoff
SMB-15 SMB2 Tree Connect
SMB-16 SMB2 Tree Disconnect
SMB-17 SMB2 Create
SMB-18 SMB2 Close
SMB-19 SMB2 Flush
SMB-20 SMB2 Read
SMB-21 SMB2 Write
SMB-22 SMB2 Lock/Unlock
SMB-23 SMB2 Ioctl
SMB-24 SMB2 Cancel
SMB-25 SMB2 Echo
SMB-26 SMB2 Query Dir
SMB-27 SMB2 Change Notify
SMB-28 SMB2 Query Info
SMB-29 SMB2 Set Info
SMB-30 SMB2 Oplocks
SMB-53 SMB2 Create Context options
(SMB2 code review cleanup 1, 2, 3)
SMB-56 extended security NTLMSSP, inbound
SMB-50 User-mode SMB server
Includes work by these authors:
Thomas Keiser <thomas.keiser@nexenta.com>
Albert Lee <trisk@nexenta.com>
SUP-694 panic on bad mutex in smb_event_wait()
SMB-65 SMB server in non-global zones (data structure changes)
Many things move to the smb_server_t object, and
many functions gain an sv arg (which server).
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/fs/smbsrv/smb_session_setup_andx.c
+++ new/usr/src/uts/common/fs/smbsrv/smb_session_setup_andx.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 - * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
23 + * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
24 24 */
25 25
26 26 #include <sys/types.h>
27 27 #include <sys/sid.h>
28 28 #include <sys/priv_names.h>
29 29 #include <sys/socket.h>
30 30 #include <netinet/in.h>
31 31 #include <smbsrv/smb_idmap.h>
32 32 #include <smbsrv/smb_kproto.h>
33 33 #include <smbsrv/smb_token.h>
34 34
35 35 smb_sdrc_t
36 36 smb_pre_session_setup_andx(smb_request_t *sr)
37 37 {
38 38 smb_arg_sessionsetup_t *sinfo;
39 39 char *native_os;
40 40 char *native_lm;
41 41 int rc = 0;
42 42
43 43 sinfo = smb_srm_zalloc(sr, sizeof (smb_arg_sessionsetup_t));
44 44 sr->sr_ssetup = sinfo;
45 45
46 46 /*
47 47 * Enforce the minimum word count seen in the old protocol,
48 48 * to make sure we have enough to decode the common stuff.
49 49 * Further wcnt checks below.
50 50 */
51 51 if (sr->smb_wct < 10) {
52 52 rc = -1;
53 53 goto done;
54 54 }
55 55
56 56 /*
57 57 * Parse common part of SMB session setup.
58 58 * skip: vcnumber(2), sesskey(4)
59 59 */
60 60 rc = smbsr_decode_vwv(sr, "b.www6.",
61 61 &sr->andx_com, &sr->andx_off,
62 62 &sinfo->ssi_maxbufsize, &sinfo->ssi_maxmpxcount);
63 63 if (rc != 0)
64 64 goto done;
65 65
66 66 if (sr->session->dialect < NT_LM_0_12) {
67 67
68 68 sinfo->ssi_type = SMB_SSNSETUP_PRE_NTLM012;
69 69 sinfo->ssi_capabilities = 0;
70 70
71 71 rc = smbsr_decode_vwv(sr, "w4.",
72 72 &sinfo->ssi_lmpwlen);
73 73 if (rc != 0)
74 74 goto done;
75 75
76 76 sinfo->ssi_lmpwd = smb_srm_zalloc(sr, sinfo->ssi_lmpwlen + 1);
77 77 rc = smbsr_decode_data(sr, "%#c", sr, sinfo->ssi_lmpwlen,
78 78 sinfo->ssi_lmpwd);
79 79 if (rc != 0)
80 80 goto done;
81 81
82 82 sinfo->ssi_lmpwd[sinfo->ssi_lmpwlen] = 0;
83 83
84 84 if (smbsr_decode_data(sr, "%u", sr, &sinfo->ssi_user) != 0)
85 85 sinfo->ssi_user = "";
86 86
87 87 if (smbsr_decode_data(sr, "%u", sr, &sinfo->ssi_domain) != 0)
88 88 sinfo->ssi_domain = "";
89 89
90 90 goto part2;
91 91 }
92 92
93 93 /*
94 94 * We have dialect >= NT_LM_0_12
95 95 */
96 96 if (sr->smb_wct == 13) {
97 97 /* Old style (non-extended) request. */
98 98 sinfo->ssi_type = SMB_SSNSETUP_NTLM012_NOEXT;
99 99
100 100 rc = smbsr_decode_vwv(sr, "ww4.l",
101 101 &sinfo->ssi_lmpwlen,
102 102 &sinfo->ssi_ntpwlen,
103 103 &sinfo->ssi_capabilities);
104 104 if (rc != 0)
105 105 goto done;
106 106
107 107 /* paranoid: ignore cap. ext. sec. here */
108 108 sinfo->ssi_capabilities &= ~CAP_EXTENDED_SECURITY;
109 109
110 110 sinfo->ssi_lmpwd = smb_srm_zalloc(sr, sinfo->ssi_lmpwlen + 1);
111 111 sinfo->ssi_ntpwd = smb_srm_zalloc(sr, sinfo->ssi_ntpwlen + 1);
112 112
113 113 rc = smbsr_decode_data(sr, "%#c#cuu", sr,
114 114 sinfo->ssi_lmpwlen, sinfo->ssi_lmpwd,
115 115 sinfo->ssi_ntpwlen, sinfo->ssi_ntpwd,
116 116 &sinfo->ssi_user, &sinfo->ssi_domain);
117 117 if (rc != 0)
118 118 goto done;
119 119
120 120 sinfo->ssi_lmpwd[sinfo->ssi_lmpwlen] = 0;
121 121 sinfo->ssi_ntpwd[sinfo->ssi_ntpwlen] = 0;
122 122
123 123 goto part2;
124 124 }
125 125
126 126 if (sr->smb_wct == 12) {
127 127 /* New style (extended) request. */
128 128 sinfo->ssi_type = SMB_SSNSETUP_NTLM012_EXTSEC;
129 129
130 130 rc = smbsr_decode_vwv(sr, "w4.l",
131 131 &sinfo->ssi_iseclen,
132 132 &sinfo->ssi_capabilities);
133 133 if (rc != 0)
134 134 goto done;
135 135
136 136 if ((sinfo->ssi_capabilities & CAP_EXTENDED_SECURITY) == 0) {
137 137 rc = -1;
138 138 goto done;
139 139 }
140 140
141 141 sinfo->ssi_isecblob = smb_srm_zalloc(sr, sinfo->ssi_iseclen);
142 142 rc = smbsr_decode_data(sr, "%#c", sr,
143 143 sinfo->ssi_iseclen, sinfo->ssi_isecblob);
144 144 if (rc != 0)
145 145 goto done;
146 146
147 147 goto part2;
148 148 }
149 149
150 150 /* Invalid message */
151 151 rc = -1;
152 152 goto done;
153 153
154 154 part2:
155 155 /*
156 156 * Get the "Native OS" and "Native LanMan" strings.
157 157 * These are not critical to protocol function, so
158 158 * if we can't parse them, just guess "NT".
159 159 * These strings are free'd with the sr.
160 160 *
161 161 * In NTLM 0.12, the padding between the Native OS and Native LM
162 162 * is a bit strange. On NT4.0, there is a 2 byte pad between the
163 163 * OS (Windows NT 1381) and LM (Windows NT 4.0). On Windows 2000,
164 164 * there is no padding between the OS (Windows 2000 2195) and LM
165 165 * (Windows 2000 5.0). If the padding is removed from the decode
166 166 * string the NT4.0 LM comes out as an empty string. So if the
167 167 * client's native OS is Win NT, assume extra padding.
168 168 */
169 169 rc = smbsr_decode_data(sr, "%u", sr, &native_os);
170 170 if (rc != 0 || native_os == NULL)
171 171 sinfo->ssi_native_os = NATIVE_OS_WINNT;
172 172 else
173 173 sinfo->ssi_native_os = smbnative_os_value(native_os);
174 174
175 175 if (sinfo->ssi_native_os == NATIVE_OS_WINNT)
176 176 rc = smbsr_decode_data(sr, "%,u", sr, &native_lm);
177 177 else
178 178 rc = smbsr_decode_data(sr, "%u", sr, &native_lm);
179 179 if (rc != 0 || native_lm == NULL)
180 180 sinfo->ssi_native_lm = NATIVE_LM_NT;
181 181 else
|
↓ open down ↓ |
148 lines elided |
↑ open up ↑ |
182 182 sinfo->ssi_native_lm = smbnative_lm_value(native_lm);
183 183 rc = 0;
184 184
185 185 done:
186 186 if (rc != 0) {
187 187 cmn_err(CE_NOTE,
188 188 "SmbSessonSetupX: client %s invalid request",
189 189 sr->session->ip_addr_str);
190 190 }
191 191
192 - DTRACE_SMB_2(op__SessionSetupX__start, smb_request_t *, sr,
193 - smb_arg_sessionsetup_t, sinfo);
192 + DTRACE_SMB_START(op__SessionSetupX, smb_request_t *, sr);
194 193 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
195 194 }
196 195
197 196 void
198 197 smb_post_session_setup_andx(smb_request_t *sr)
199 198 {
200 199 smb_arg_sessionsetup_t *sinfo = sr->sr_ssetup;
201 200
202 - DTRACE_SMB_2(op__SessionSetupX__done, smb_request_t *, sr,
203 - smb_arg_sessionsetup_t, sinfo);
201 + DTRACE_SMB_DONE(op__SessionSetupX, smb_request_t *, sr);
204 202
205 203 if (sinfo->ssi_lmpwd != NULL)
206 204 bzero(sinfo->ssi_lmpwd, sinfo->ssi_lmpwlen);
207 205
208 206 if (sinfo->ssi_ntpwd != NULL)
209 207 bzero(sinfo->ssi_ntpwd, sinfo->ssi_ntpwlen);
210 208 }
211 209
212 210 /*
213 211 *
214 212 * NT systems use different native OS and native LanMan values dependent on
215 213 * whether they are acting as a client or a server. NT 4.0 server responds
216 214 * with the following values:
217 215 *
218 216 * NativeOS: Windows NT 4.0
219 217 * NativeLM: NT LAN Manager 4.0
220 218 */
221 219 smb_sdrc_t
222 220 smb_com_session_setup_andx(smb_request_t *sr)
223 221 {
224 222 smb_arg_sessionsetup_t *sinfo = sr->sr_ssetup;
225 223 uint32_t status;
226 224 uint16_t action;
227 225 int rc;
228 226
229 227 /*
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
230 228 * Some stuff we do only in the first in a (possible)
231 229 * sequence of session setup requests.
232 230 */
233 231 if (sinfo->ssi_type != SMB_SSNSETUP_NTLM012_EXTSEC ||
234 232 sr->smb_uid == 0 || sr->smb_uid == 0xFFFF) {
235 233
236 234 /* This is a first (or only) call */
237 235 sr->session->smb_msg_size = sinfo->ssi_maxbufsize;
238 236 sr->session->smb_max_mpx = sinfo->ssi_maxmpxcount;
239 237 sr->session->capabilities = sinfo->ssi_capabilities;
240 -
241 - if (!smb_oplock_levelII)
242 - sr->session->capabilities &= ~CAP_LEVEL_II_OPLOCKS;
243 -
244 238 sr->session->native_os = sinfo->ssi_native_os;
245 239 sr->session->native_lm = sinfo->ssi_native_lm;
246 240 }
247 241
242 + /* RejectUnencryptedAccess precludes SMB1 access */
243 + if (sr->sr_server->sv_cfg.skc_encrypt == SMB_CONFIG_REQUIRED) {
244 + smbsr_error(sr, NT_STATUS_ACCESS_DENIED,
245 + ERRDOS, ERROR_ACCESS_DENIED);
246 + return (SDRC_ERROR);
247 + }
248 +
248 249 /*
249 250 * The "meat" of authentication happens here.
250 251 */
251 252 if (sinfo->ssi_type == SMB_SSNSETUP_NTLM012_EXTSEC)
252 253 status = smb_authenticate_ext(sr);
253 254 else
254 255 status = smb_authenticate_old(sr);
255 256
256 257 switch (status) {
257 258
258 259 case NT_STATUS_SUCCESS:
259 260 break;
260 261
261 262 /*
262 263 * This is not really an error, but tells the client
263 264 * it should send another session setup request.
264 265 */
265 266 case NT_STATUS_MORE_PROCESSING_REQUIRED:
266 267 smbsr_error(sr, status, 0, 0);
267 268 break;
268 269
269 270 case NT_STATUS_ACCESS_DENIED:
270 271 smbsr_error(sr, status, ERRDOS, ERROR_ACCESS_DENIED);
271 272 return (SDRC_ERROR);
272 273
273 274 case NT_STATUS_TOO_MANY_SESSIONS:
274 275 smbsr_error(sr, status, ERRSRV, ERRtoomanyuids);
275 276 return (SDRC_ERROR);
276 277
277 278 case NT_STATUS_NO_LOGON_SERVERS:
278 279 smbsr_error(sr, status, ERRDOS, ERROR_NO_LOGON_SERVERS);
279 280 return (SDRC_ERROR);
280 281
281 282 case NT_STATUS_NETLOGON_NOT_STARTED:
282 283 smbsr_error(sr, status, ERRDOS, ERROR_NETLOGON_NOT_STARTED);
283 284 return (SDRC_ERROR);
284 285
285 286 case NT_STATUS_USER_SESSION_DELETED:
286 287 smbsr_error(sr, status, ERRSRV, ERRbaduid);
|
↓ open down ↓ |
29 lines elided |
↑ open up ↑ |
287 288 return (SDRC_ERROR);
288 289
289 290 case NT_STATUS_INSUFF_SERVER_RESOURCES:
290 291 smbsr_error(sr, status, ERRSRV, ERRnoresource);
291 292 return (SDRC_ERROR);
292 293
293 294 case NT_STATUS_INTERNAL_ERROR:
294 295 default:
295 296 smbsr_error(sr, status, ERRSRV, ERRsrverror);
296 297 return (SDRC_ERROR);
298 +
297 299 }
298 300
299 301 action = SMB_USER_IS_GUEST(sr->uid_user) ? 1 : 0;
300 302
301 303 switch (sinfo->ssi_type) {
302 304
303 305 default:
304 306 case SMB_SSNSETUP_PRE_NTLM012:
305 307 case SMB_SSNSETUP_NTLM012_NOEXT:
306 308
307 309 rc = smbsr_encode_result(sr, 3, VAR_BCC, "bb.www%uuu",
308 310 3,
309 311 sr->andx_com,
310 312 -1, /* andx_off */
311 313 action,
312 314 VAR_BCC,
313 315 sr,
314 316 sr->sr_cfg->skc_native_os,
315 317 sr->sr_cfg->skc_native_lm,
316 318 sr->sr_cfg->skc_nbdomain);
317 319 break;
318 320
319 321 case SMB_SSNSETUP_NTLM012_EXTSEC:
320 322
321 323 rc = smbsr_encode_result(sr, 4, VAR_BCC, "bb.wwww%#cuuu",
322 324 4,
323 325 sr->andx_com,
324 326 -1, /* andx_off */
325 327 action,
326 328 sinfo->ssi_oseclen,
327 329 VAR_BCC,
328 330 sr,
329 331 sinfo->ssi_oseclen,
330 332 sinfo->ssi_osecblob,
331 333 sr->sr_cfg->skc_native_os,
332 334 sr->sr_cfg->skc_native_lm,
333 335 sr->sr_cfg->skc_nbdomain);
334 336 break;
335 337 }
336 338
337 339 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
338 340 }
|
↓ open down ↓ |
32 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX