1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2013-2021 Tintri by DDN, Inc. All rights reserved.
14  * Copyright 2022 RackTop Systems, Inc.
15  */
16 
17 /*
18  * Dispatch function for SMB2_NEGOTIATE
19  */
20 
21 #include <smbsrv/smb2_kproto.h>
22 #include <smbsrv/smb2.h>
23 #include <sys/random.h>
24 
25 /*
26  * Note from [MS-SMB2] Sec. 2.2.3:  Windows servers return
27  * invalid parameter if the dialect count is greater than 64
28  * This is here (and not in smb2.h) because this is technically
29  * an implementation detail, not protocol specification.
30  */
31 #define	SMB2_NEGOTIATE_MAX_DIALECTS	64
32 
33 static int smb2_negotiate_common(smb_request_t *, uint16_t);
34 
35 /* List of supported capabilities.  Can be patched for testing. */
36 uint32_t smb2srv_capabilities =
37 	SMB2_CAP_DFS |
38 	SMB2_CAP_LEASING |
39 	SMB2_CAP_LARGE_MTU |
40 	SMB2_CAP_PERSISTENT_HANDLES |
41 	SMB2_CAP_ENCRYPTION;
42 
43 /* These are the only capabilities defined for SMB2.X */
44 #define	SMB_2X_CAPS (SMB2_CAP_DFS | SMB2_CAP_LEASING | SMB2_CAP_LARGE_MTU)
45 
46 /*
47  * These are not intended as customer tunables, but dev. & test folks
48  * might want to adjust them (with caution).
49  *
50  * smb2_tcp_bufsize is the TCP buffer size, applied to the network socket
51  * with setsockopt SO_SNDBUF, SO_RCVBUF.  These set the TCP window size.
52  * This is also used as a "sanity limit" for internal send/reply message
53  * allocations.  Note that with compounding SMB2 messages may contain
54  * multiple requests/responses.  This size should be large enough for
55  * at least a few SMB2 requests, and at least 2X smb2_max_rwsize.
56  *
57  * smb2_max_rwsize is what we put in the SMB2 negotiate response to tell
58  * the client the largest read and write request size we'll support.
59  * One megabyte is a compromise between efficiency on fast networks
60  * and memory consumption (for the buffers) on the server side.
61  *
62  * smb2_max_trans is the largest "transact" send or receive, which is
63  * used for directory listings and info set/get operations.
64  */
65 uint32_t smb2_tcp_bufsize = (1<<22);	/* 4MB */
66 uint32_t smb2_max_rwsize = (1<<20);	/* 1MB */
67 uint32_t smb2_max_trans  = (1<<16);	/* 64KB */
68 
69 /*
70  * With clients (e.g. HP scanners) that don't advertise SMB2_CAP_LARGE_MTU
71  * (including all clients using dialect < SMB 2.1), use a "conservative" value
72  * for max r/w size because some older clients misbehave with larger values.
73  * 64KB is recommended in the [MS-SMB2] spec.  (3.3.5.3.1 SMB 2.1 or SMB 3.x
74  * Support) as the minimum so we'll use that.
75  */
76 uint32_t smb2_old_rwsize = (1<<16);	/* 64KB */
77 
78 /*
79  * List of all SMB2 versions we implement.  Note that the
80  * versions we support may be limited by the
81  * _cfg.skc_max_protocol and min_protocol settings.
82  */
83 static uint16_t smb2_versions[] = {
84 	0x202,	/* SMB 2.002 */
85 	0x210,	/* SMB 2.1 */
86 	0x300,	/* SMB 3.0 */
87 	0x302,	/* SMB 3.02 */
88 	0x311,	/* SMB 3.11 */
89 };
90 static uint16_t smb2_nversions =
91     sizeof (smb2_versions) / sizeof (smb2_versions[0]);
92 
93 enum smb2_neg_ctx_type {
94 	SMB2_PREAUTH_INTEGRITY_CAPS		= 1,
95 	SMB2_ENCRYPTION_CAPS			= 2,
96 	SMB2_COMPRESSION_CAPS			= 3,	/* not imlemented */
97 	SMB2_NETNAME_NEGOTIATE_CONTEXT_ID	= 5	/* not imlemented */
98 };
99 
100 typedef struct smb2_negotiate_ctx {
101 	uint16_t	type;
102 	uint16_t	datalen;
103 } smb2_neg_ctx_t;
104 
105 #define	SMB31_PREAUTH_CTX_SALT_LEN	32
106 
107 /*
108  * SMB 3.1.1 originally specified a single hashing algorithm - SHA-512 - and
109  * two encryption ones - AES-128-CCM and AES-128-GCM.
110  * Windows Server 2022 and Windows 11 introduced two further encryption
111  * algorithms - AES-256-CCM and AES-256-GCM.
112  */
113 #define	MAX_HASHID_NUM	(1)
114 #define	MAX_CIPHER_NUM	(8)
115 
116 typedef struct smb2_preauth_integrity_caps {
117 	uint16_t	picap_hash_count;
118 	uint16_t	picap_salt_len;
119 	uint16_t	picap_hash_id;
120 	uint8_t		picap_salt[SMB31_PREAUTH_CTX_SALT_LEN];
121 } smb2_preauth_caps_t;
122 
123 typedef struct smb2_encryption_caps {
124 	uint16_t	encap_cipher_count;
125 	uint16_t	encap_cipher_ids[MAX_CIPHER_NUM];
126 } smb2_encrypt_caps_t;
127 
128 /*
129  * The contexts we support
130  */
131 typedef struct smb2_preauth_neg_ctx {
132 	smb2_neg_ctx_t		neg_ctx;
133 	smb2_preauth_caps_t	preauth_caps;
134 } smb2_preauth_neg_ctx_t;
135 
136 typedef struct smb2_encrypt_neg_ctx {
137 	smb2_neg_ctx_t		neg_ctx;
138 	smb2_encrypt_caps_t	encrypt_caps;
139 } smb2_encrypt_neg_ctx_t;
140 
141 typedef struct smb2_neg_ctxs {
142 	uint32_t		offset;
143 	uint16_t		count;
144 	smb2_preauth_neg_ctx_t	preauth_ctx;
145 	smb2_encrypt_neg_ctx_t	encrypt_ctx;
146 } smb2_neg_ctxs_t;
147 
148 #define	NEG_CTX_INFO_OFFSET	(SMB2_HDR_SIZE + 28)
149 #define	NEG_CTX_OFFSET_OFFSET	(SMB2_HDR_SIZE + 64)
150 #define	NEG_CTX_MAX_COUNT	(16)
151 #define	NEG_CTX_MAX_DATALEN	(256)
152 
153 #define	STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP	(0xC05D0000)
154 
155 #define	STATUS_PREAUTH_HASH_OVERLAP \
156     STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP
157 
158 typedef struct smb2_arg_negotiate {
159 	struct smb2_neg_ctxs	neg_in_ctxs;
160 	struct smb2_neg_ctxs	neg_out_ctxs;
161 	uint16_t		neg_dialect_cnt;
162 	uint16_t		neg_dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
163 	uint16_t		neg_highest_dialect;
164 } smb2_arg_negotiate_t;
165 
166 
167 static boolean_t
smb2_supported_version(smb_session_t * s,uint16_t version)168 smb2_supported_version(smb_session_t *s, uint16_t version)
169 {
170 	int i;
171 
172 	if (version > s->s_cfg.skc_max_protocol ||
173 	    version < s->s_cfg.skc_min_protocol)
174 		return (B_FALSE);
175 	for (i = 0; i < smb2_nversions; i++)
176 		if (version == smb2_versions[i])
177 			return (B_TRUE);
178 	return (B_FALSE);
179 }
180 
181 static uint16_t
smb2_find_best_dialect(smb_session_t * s,uint16_t cl_versions[],uint16_t version_cnt)182 smb2_find_best_dialect(smb_session_t *s, uint16_t cl_versions[],
183     uint16_t version_cnt)
184 {
185 	uint16_t best_version = 0;
186 	int i;
187 
188 	for (i = 0; i < version_cnt; i++)
189 		if (smb2_supported_version(s, cl_versions[i]) &&
190 		    best_version < cl_versions[i])
191 			best_version = cl_versions[i];
192 
193 	return (best_version);
194 }
195 
196 /*
197  * This function should be called only for dialect >= 0x311
198  * Negotiate context list should contain exactly one
199  * SMB2_PREAUTH_INTEGRITY_CAPS context.
200  * Otherwise STATUS_INVALID_PARAMETER.
201  * It should contain at least 1 hash algorith what server does support.
202  * Otehrwise STATUS_SMB_NO_PREAUTH_INEGRITY_HASH_OVERLAP.
203  */
204 static uint32_t
smb31_decode_neg_ctxs(smb_request_t * sr)205 smb31_decode_neg_ctxs(smb_request_t *sr)
206 {
207 	smb_session_t *s = sr->session;
208 	smb2_arg_negotiate_t *nego = sr->arg.other;
209 	smb2_neg_ctxs_t *neg_ctxs = &nego->neg_in_ctxs;
210 	smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
211 	smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
212 	boolean_t found_sha512 = B_FALSE;
213 	boolean_t found_cipher = B_FALSE;
214 	uint32_t ciphers = sr->sr_server->sv_cfg.skc_encrypt_ciphers;
215 	uint32_t status = 0;
216 	int32_t skip;
217 	int found_preauth_ctx = 0;
218 	int found_encrypt_ctx = 0;
219 	int cnt, i;
220 	int rc;
221 
222 	/*
223 	 * There should be exactly 1 SMB2_PREAUTH_INTEGRITY_CAPS negotiate ctx.
224 	 * SMB2_ENCRYPTION_CAPS is optional one.
225 	 * If there is no contexts or there are to many then stop parsing.
226 	 */
227 	cnt = neg_ctxs->count;
228 	if (cnt < 1 || cnt > NEG_CTX_MAX_COUNT) {
229 		status = NT_STATUS_INVALID_PARAMETER;
230 		goto errout;
231 	}
232 
233 	/*
234 	 * Cannot proceed parsing if the first context isn't aligned by 8.
235 	 */
236 	if (neg_ctxs->offset % 8 != 0) {
237 		status = NT_STATUS_INVALID_PARAMETER;
238 		goto errout;
239 	}
240 
241 	if ((skip = neg_ctxs->offset - sr->command.chain_offset) != 0 &&
242 	    smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
243 		status = NT_STATUS_INVALID_PARAMETER;
244 		goto errout;
245 	}
246 
247 	/*
248 	 * Parse negotiate contexts. Ignore non-decoding errors to fill
249 	 * as much as possible data for dtrace probe.
250 	 */
251 	for (i = 0; i < cnt; i++) {
252 		smb2_neg_ctx_t neg_ctx;
253 		int32_t ctx_end_off;
254 		int32_t ctx_next_off;
255 
256 		if (i > 0) {
257 			if ((skip = ctx_next_off - ctx_end_off) != 0 &&
258 			    smb_mbc_decodef(&sr->command, "#.", skip) != 0) {
259 				status = NT_STATUS_INVALID_PARAMETER;
260 				goto errout;
261 			}
262 		}
263 
264 		rc = smb_mbc_decodef(
265 		    &sr->command, "ww4.",
266 		    &neg_ctx.type,	/* w */
267 		    &neg_ctx.datalen);	/* w */
268 		if (rc != 0) {
269 			status = NT_STATUS_INVALID_PARAMETER;
270 			goto errout;
271 		}
272 
273 		/*
274 		 * We got something crazy
275 		 */
276 		if (neg_ctx.datalen > NEG_CTX_MAX_DATALEN) {
277 			status = NT_STATUS_INVALID_PARAMETER;
278 			goto errout;
279 		}
280 
281 		ctx_end_off = sr->command.chain_offset + neg_ctx.datalen;
282 		ctx_next_off = P2ROUNDUP(ctx_end_off, 8);
283 
284 		switch (neg_ctx.type) {
285 		case SMB2_PREAUTH_INTEGRITY_CAPS:
286 			memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
287 			    sizeof (neg_ctx));
288 
289 			if (found_preauth_ctx++ != 0) {
290 				status = NT_STATUS_INVALID_PARAMETER;
291 				continue;
292 			}
293 
294 			rc = smb_mbc_decodef(
295 			    &sr->command, "ww",
296 			    &picap->picap_hash_count,	/* w */
297 			    &picap->picap_salt_len);	/* w */
298 			if (rc != 0 || picap->picap_hash_count >
299 			    MAX_HASHID_NUM) {
300 				status = NT_STATUS_INVALID_PARAMETER;
301 				goto errout;
302 			}
303 
304 			/*
305 			 * Get hash id
306 			 */
307 			rc = smb_mbc_decodef(
308 			    &sr->command, "#w",
309 			    picap->picap_hash_count,
310 			    &picap->picap_hash_id);	/* w */
311 			if (rc != 0) {
312 				status = NT_STATUS_INVALID_PARAMETER;
313 				goto errout;
314 			}
315 
316 			/*
317 			 * Get salt
318 			 */
319 			rc = smb_mbc_decodef(
320 			    &sr->command, "#c",
321 			    sizeof (picap->picap_salt),
322 			    &picap->picap_salt[0]);	/* w */
323 			if (rc != 0) {
324 				status = NT_STATUS_INVALID_PARAMETER;
325 				goto errout;
326 			}
327 
328 			/*
329 			 * In SMB 0x311 there should be exactly 1 preauth
330 			 * negotiate context, and there should be exactly 1
331 			 * hash value in the list - SHA512.
332 			 */
333 			if (picap->picap_hash_count != 1) {
334 				status = NT_STATUS_INVALID_PARAMETER;
335 				continue;
336 			}
337 
338 			if (picap->picap_hash_id == SMB3_HASH_SHA512)
339 				found_sha512 = B_TRUE;
340 			break;
341 		case SMB2_ENCRYPTION_CAPS:
342 			memcpy(&neg_ctxs->preauth_ctx.neg_ctx, &neg_ctx,
343 			    sizeof (neg_ctx));
344 
345 			if (found_encrypt_ctx++ != 0) {
346 				status = NT_STATUS_INVALID_PARAMETER;
347 				continue;
348 			}
349 
350 			rc = smb_mbc_decodef(
351 			    &sr->command, "w",
352 			    &encap->encap_cipher_count);	/* w */
353 			if (rc != 0 || encap->encap_cipher_count >
354 			    MAX_CIPHER_NUM) {
355 				status = NT_STATUS_INVALID_PARAMETER;
356 				goto errout;
357 			}
358 
359 			/*
360 			 * Get cipher list
361 			 */
362 			rc = smb_mbc_decodef(
363 			    &sr->command, "#w",
364 			    encap->encap_cipher_count,
365 			    &encap->encap_cipher_ids[0]);	/* w */
366 			if (rc != 0) {
367 				status = NT_STATUS_INVALID_PARAMETER;
368 				goto errout;
369 			}
370 
371 			/*
372 			 * Select the first enabled cipher.
373 			 * Client should list more prioritized ciphers first.
374 			 */
375 			for (int k = 0; k < encap->encap_cipher_count; k++) {
376 				uint16_t c = encap->encap_cipher_ids[k];
377 
378 				if (c <= SMB3_CIPHER_MAX &&
379 				    (SMB3_CIPHER_BIT(c) & ciphers) != 0) {
380 					s->smb31_enc_cipherid = c;
381 					found_cipher = B_TRUE;
382 					break;
383 				}
384 			}
385 			break;
386 		default:
387 			;
388 		}
389 	}
390 
391 	if (status)
392 		goto errout;
393 
394 	/* Not found mandatory SMB2_PREAUTH_INTEGRITY_CAPS ctx */
395 	if (found_preauth_ctx != 1 || found_encrypt_ctx > 1) {
396 		status = NT_STATUS_INVALID_PARAMETER;
397 		goto errout;
398 	}
399 
400 	if (!found_sha512) {
401 		status = STATUS_PREAUTH_HASH_OVERLAP;
402 		goto errout;
403 	}
404 
405 	s->smb31_preauth_hashid = SMB3_HASH_SHA512;
406 
407 	if (!found_cipher)
408 		s->smb31_enc_cipherid = 0;
409 
410 	/* Initialize out = in */
411 	nego->neg_out_ctxs = nego->neg_in_ctxs;
412 
413 errout:
414 	return (status);
415 }
416 
417 static int
smb31_encode_neg_ctxs(smb_request_t * sr)418 smb31_encode_neg_ctxs(smb_request_t *sr)
419 {
420 	smb_session_t *s = sr->session;
421 	smb2_arg_negotiate_t *nego = sr->arg.other;
422 	smb2_neg_ctxs_t *neg_ctxs = &nego->neg_out_ctxs;
423 	smb2_preauth_caps_t *picap = &neg_ctxs->preauth_ctx.preauth_caps;
424 	smb2_encrypt_caps_t *encap = &neg_ctxs->encrypt_ctx.encrypt_caps;
425 	uint16_t salt_len = sizeof (picap->picap_salt);
426 	uint32_t preauth_ctx_len = 6 + salt_len;
427 	uint32_t enc_ctx_len = 4;
428 	uint32_t neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
429 	    P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
430 	uint32_t rc;
431 
432 	if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
433 		return (rc);
434 
435 	ASSERT3S(neg_ctx_off, ==, sr->reply.chain_offset);
436 
437 	picap->picap_hash_id = s->smb31_preauth_hashid;
438 	picap->picap_salt_len = salt_len;
439 
440 	(void) random_get_pseudo_bytes(picap->picap_salt, salt_len);
441 
442 	rc = smb_mbc_encodef(
443 	    &sr->reply, "ww4.",
444 	    SMB2_PREAUTH_INTEGRITY_CAPS,
445 	    preauth_ctx_len
446 	    /* 4. */); /* reserved */
447 	if (rc != 0)
448 		return (rc);
449 
450 	rc = smb_mbc_encodef(
451 	    &sr->reply, "www#c",
452 	    1,				/* hash algo count */
453 	    salt_len,			/* salt length */
454 	    s->smb31_preauth_hashid,	/* hash id */
455 	    salt_len,			/* salt length */
456 	    picap->picap_salt);
457 	if (rc != 0)
458 		return (rc);
459 
460 	/*
461 	 * If we did not get SMB2_ENCRYPTION_CAPS, don't send one.
462 	 */
463 	if (encap->encap_cipher_count == 0)
464 		return (0);
465 
466 	/*
467 	 * Encode SMB2_ENCRYPTION_CAPS response.
468 	 */
469 	if ((rc = smb_mbc_put_align(&sr->reply, 8)) != 0)
470 		return (rc);
471 
472 	rc = smb_mbc_encodef(
473 	    &sr->reply, "ww4.",
474 	    SMB2_ENCRYPTION_CAPS,
475 	    enc_ctx_len
476 	    /* 4. */); /* reserved */
477 
478 	rc = smb_mbc_encodef(
479 	    &sr->reply, "ww",
480 	    1,				/* cipher count */
481 	    s->smb31_enc_cipherid);	/* encrypt. cipher id */
482 
483 	return (rc);
484 }
485 
486 /*
487  * Helper for the (SMB1) smb_com_negotiate().  This is the
488  * very unusual protocol interaction where an SMB1 negotiate
489  * gets an SMB2 negotiate response.  This is the normal way
490  * clients first find out if the server supports SMB2.
491  *
492  * Note: This sends an SMB2 reply _itself_ and then returns
493  * SDRC_NO_REPLY so the caller will not send an SMB1 reply.
494  * Also, this is called directly from the reader thread, so
495  * we know this is the only thread using this session.
496  * Otherwise, this is similar to smb2_newrq_negotiate().
497  *
498  * The caller frees this request.
499  */
500 smb_sdrc_t
smb1_negotiate_smb2(smb_request_t * sr)501 smb1_negotiate_smb2(smb_request_t *sr)
502 {
503 	smb_session_t *s = sr->session;
504 	smb_arg_negotiate_t *negprot = sr->sr_negprot;
505 	uint16_t smb2_version;
506 
507 	/*
508 	 * Note: In the SMB1 negotiate command handler, we
509 	 * agreed with one of the SMB2 dialects.  If that
510 	 * dialect was "SMB 2.002", we'll respond here with
511 	 * version 0x202 and negotiation is done.  If that
512 	 * dialect was "SMB 2.???", we'll respond here with
513 	 * the "wildcard" version 0x2FF, and the client will
514 	 * come back with an SMB2 negotiate.
515 	 */
516 	switch (negprot->ni_dialect) {
517 	case DIALECT_SMB2002:	/* SMB 2.002 (a.k.a. SMB2.0) */
518 		smb2_version = SMB_VERS_2_002;
519 		s->dialect = smb2_version;
520 		s->s_state = SMB_SESSION_STATE_NEGOTIATED;
521 		/* Allow normal SMB2 requests now. */
522 		s->newrq_func = smb2sr_newrq;
523 		break;
524 	case DIALECT_SMB2XXX:	/* SMB 2.??? (wildcard vers) */
525 		/*
526 		 * Expecting an SMB2 negotiate next, so keep the
527 		 * initial s->newrq_func.
528 		 */
529 		smb2_version = 0x2FF;
530 		break;
531 	default:
532 		return (SDRC_DROP_VC);
533 	}
534 
535 	/*
536 	 * We did not decode an SMB2 header, so make sure
537 	 * the SMB2 header fields are initialized.
538 	 * (Most are zero from smb_request_alloc.)
539 	 * Also, the SMB1 common dispatch code reserved space
540 	 * for an SMB1 header, which we need to undo here.
541 	 */
542 	sr->smb2_reply_hdr = sr->reply.chain_offset = 0;
543 	sr->smb2_cmd_code = SMB2_NEGOTIATE;
544 	sr->smb2_hdr_flags = SMB2_FLAGS_SERVER_TO_REDIR;
545 
546 	/*
547 	 * Also setup SMB2 negotiate args (empty here).
548 	 * SMB1 args free'd by smb_srm_fini(sr)
549 	 */
550 	sr->arg.other = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
551 
552 	(void) smb2_encode_header(sr, B_FALSE);
553 	if (smb2_negotiate_common(sr, smb2_version) != 0)
554 		sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
555 	if (sr->smb2_status != 0)
556 		smb2sr_put_error(sr, sr->smb2_status);
557 	(void) smb2_encode_header(sr, B_TRUE);
558 
559 	smb2_send_reply(sr);
560 
561 	/*
562 	 * We sent the reply, so tell the SMB1 dispatch
563 	 * it should NOT (also) send a reply.
564 	 */
565 	return (SDRC_NO_REPLY);
566 }
567 
568 /*
569  * SMB2 Negotiate gets special handling.  This is called directly by
570  * the reader thread (see smbsr_newrq_initial) with what _should_ be
571  * an SMB2 Negotiate.  Only the "\feSMB" header has been checked
572  * when this is called, so this needs to check the SMB command,
573  * if it's Negotiate execute it, then send the reply, etc.
574  *
575  * Since this is called directly from the reader thread, we
576  * know this is the only thread currently using this session.
577  * This has to duplicate some of what smb2sr_work does as a
578  * result of bypassing the normal dispatch mechanism.
579  *
580  * The caller always frees this request.
581  *
582  * Return value is 0 for success, and anything else will
583  * terminate the reader thread (drop the connection).
584  */
585 int
smb2_newrq_negotiate(smb_request_t * sr)586 smb2_newrq_negotiate(smb_request_t *sr)
587 {
588 	smb_session_t *s = sr->session;
589 	smb2_arg_negotiate_t *nego;
590 	int rc;
591 	uint32_t nctx_status = 0;
592 	uint32_t status = 0;
593 	uint32_t neg_ctx_off;
594 	uint16_t neg_ctx_cnt;
595 	uint16_t struct_size;
596 	uint16_t dialect_cnt;
597 	uint16_t best_version;
598 
599 	nego = smb_srm_zalloc(sr, sizeof (smb2_arg_negotiate_t));
600 	sr->arg.other = nego;	// for dtrace
601 
602 	sr->smb2_cmd_hdr = sr->command.chain_offset;
603 	rc = smb2_decode_header(sr);
604 	if (rc != 0)
605 		return (rc);
606 
607 	if (sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR)
608 		return (-1);
609 
610 	if ((sr->smb2_cmd_code != SMB2_NEGOTIATE) ||
611 	    (sr->smb2_next_command != 0))
612 		return (-1);
613 
614 	/*
615 	 * Decode SMB2 Negotiate (fixed-size part)
616 	 */
617 	rc = smb_mbc_decodef(
618 	    &sr->command, "www..l16clw..",
619 	    &struct_size,	/* w */
620 	    &dialect_cnt,	/* w */
621 	    &s->cli_secmode,	/* w */
622 	    /* reserved		(..) */
623 	    &s->capabilities,	/* l */
624 	    s->clnt_uuid,	/* 16c */
625 	    &neg_ctx_off,	/* l */
626 	    &neg_ctx_cnt);	/* w */
627 	    /* reserverd	(..) */
628 	if (rc != 0)
629 		return (rc);
630 	if (struct_size != 36)
631 		return (-1);
632 
633 	/*
634 	 * Decode SMB2 Negotiate (variable part)
635 	 *
636 	 * Be somewhat tolerant while decoding the variable part
637 	 * so we can return errors instead of dropping the client.
638 	 * Will limit decoding to the size of cli_dialects here,
639 	 * and do error checks on the decoded dialect_cnt after the
640 	 * dtrace start probe.
641 	 */
642 	if (dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS)
643 		nego->neg_dialect_cnt = SMB2_NEGOTIATE_MAX_DIALECTS;
644 	else
645 		nego->neg_dialect_cnt = dialect_cnt;
646 	if (nego->neg_dialect_cnt > 0) {
647 		rc = smb_mbc_decodef(&sr->command, "#w",
648 		    nego->neg_dialect_cnt,
649 		    nego->neg_dialects);
650 		if (rc != 0)
651 			return (rc);	// short msg
652 	}
653 
654 	best_version = smb2_find_best_dialect(s, nego->neg_dialects,
655 	    nego->neg_dialect_cnt);
656 
657 	if (best_version >= SMB_VERS_3_11) {
658 		nego->neg_in_ctxs.offset = neg_ctx_off;
659 		nego->neg_in_ctxs.count  = neg_ctx_cnt;
660 		nctx_status = smb31_decode_neg_ctxs(sr);
661 		/* check nctx_status below */
662 	}
663 
664 	DTRACE_SMB2_START(op__Negotiate, smb_request_t *, sr);
665 
666 	sr->smb2_credit_response = 1;
667 	sr->smb2_hdr_flags |= SMB2_FLAGS_SERVER_TO_REDIR;
668 	(void) smb2_encode_header(sr, B_FALSE);
669 
670 	/*
671 	 * NOW start validating things (NOT before here)
672 	 */
673 
674 	/*
675 	 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
676 	 * "If the SMB2 header of the SMB2 NEGOTIATE request has the
677 	 * SMB2_FLAGS_SIGNED bit set in the Flags field, the server
678 	 * MUST fail the request with STATUS_INVALID_PARAMETER."
679 	 */
680 	if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) != 0) {
681 		sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
682 		status = NT_STATUS_INVALID_PARAMETER;
683 		goto errout;
684 	}
685 
686 	/*
687 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
688 	 * "If the DialectCount of the SMB2 NEGOTIATE Request is 0, the
689 	 * server MUST fail the request with STATUS_INVALID_PARAMETER."
690 	 * Checking the decoded value here, not the constrained one.
691 	 */
692 	if (dialect_cnt == 0 ||
693 	    dialect_cnt > SMB2_NEGOTIATE_MAX_DIALECTS) {
694 		status = NT_STATUS_INVALID_PARAMETER;
695 		goto errout;
696 	}
697 
698 	/*
699 	 * We decoded the offered dialects above, and
700 	 * determined which was the highest we support.
701 	 *
702 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
703 	 * "If a common dialect is not found, the server MUST fail
704 	 * the request with STATUS_NOT_SUPPORTED."
705 	 */
706 	if (best_version == 0) {
707 		status = NT_STATUS_NOT_SUPPORTED;
708 		goto errout;
709 	}
710 
711 	/*
712 	 * Check for problems with the negotiate contexts.
713 	 */
714 	if (nctx_status != 0) {
715 		status = nctx_status;
716 		goto errout;
717 	}
718 
719 	/* Allow normal SMB2 requests now. */
720 	s->dialect = best_version;
721 	s->s_state = SMB_SESSION_STATE_NEGOTIATED;
722 	s->newrq_func = smb2sr_newrq;
723 
724 	if (smb2_negotiate_common(sr, best_version) != 0)
725 		status = NT_STATUS_INTERNAL_ERROR;
726 
727 	if (s->dialect >= SMB_VERS_3_11 && status == 0) {
728 		if (smb31_encode_neg_ctxs(sr) != 0)
729 			status = NT_STATUS_INTERNAL_ERROR;
730 	}
731 
732 errout:
733 	sr->smb2_status = status;
734 	DTRACE_SMB2_DONE(op__Negotiate, smb_request_t *, sr);
735 
736 	if (sr->smb2_status != 0)
737 		smb2sr_put_error(sr, sr->smb2_status);
738 	(void) smb2_encode_header(sr, B_TRUE);
739 
740 	if (s->dialect >= SMB_VERS_3_11 && sr->smb2_status == 0) {
741 		ASSERT3U(s->smb31_preauth_hashid, !=, 0);
742 		if (smb31_preauth_sha512_calc(sr, &sr->reply,
743 		    s->smb31_preauth_hashval,
744 		    s->smb31_preauth_hashval) != 0)
745 			cmn_err(CE_WARN, "(1) Preauth hash calculation "
746 			    "failed");
747 	}
748 
749 	smb2_send_reply(sr);
750 
751 	return (rc);
752 }
753 
754 /*
755  * Common parts of SMB2 Negotiate, used for both the
756  * SMB1-to-SMB2 style, and straight SMB2 style.
757  * Do negotiation decisions and encode the reply.
758  * The caller does the network send.
759  *
760  * Return value is 0 for success, else error.
761  */
762 static int
smb2_negotiate_common(smb_request_t * sr,uint16_t version)763 smb2_negotiate_common(smb_request_t *sr, uint16_t version)
764 {
765 	timestruc_t boot_tv, now_tv;
766 	smb_session_t *s = sr->session;
767 	smb2_arg_negotiate_t *nego = sr->arg.other;
768 	int rc;
769 	uint32_t max_rwsize;
770 	uint16_t secmode;
771 	uint16_t neg_ctx_cnt = 0;
772 	uint32_t neg_ctx_off = 0;
773 
774 	/*
775 	 * Negotiation itself.  First the Security Mode.
776 	 */
777 	secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
778 	if (sr->sr_cfg->skc_signing_required)
779 		secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
780 	s->srv_secmode = secmode;
781 
782 	s->cmd_max_bytes = smb2_tcp_bufsize;
783 	s->reply_max_bytes = smb2_tcp_bufsize;
784 
785 	/*
786 	 * "The number of credits held by the client MUST be considered
787 	 * as 1 when the connection is established." [MS-SMB2]
788 	 * We leave credits at 1 until the first successful
789 	 * session setup is completed.
790 	 */
791 	s->s_cur_credits = s->s_max_credits = 1;
792 	sr->smb2_credit_response = 1;
793 
794 	boot_tv.tv_sec = smb_get_boottime();
795 	boot_tv.tv_nsec = 0;
796 	now_tv.tv_sec = gethrestime_sec();
797 	now_tv.tv_nsec = 0;
798 
799 	/*
800 	 * If the version is 0x2FF, we haven't completed negotiate.
801 	 * Don't initialize until we have our final request.
802 	 */
803 	if (version != 0x2FF)
804 		smb2_sign_init_mech(s);
805 	if (version >= 0x311)
806 		smb31_preauth_init_mech(s);
807 
808 	/*
809 	 * [MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request
810 	 *
811 	 * The SMB2.x capabilities are returned without regard for
812 	 * what capabilities the client provided in the request.
813 	 * The SMB3.x capabilities returned are the traditional
814 	 * logical AND of server and client capabilities, except
815 	 * for the SMB2.x capabilities which are what the server
816 	 * supports (regardless of the client capabilities).
817 	 *
818 	 * One additional check: If KCF is missing something we
819 	 * require for encryption, turn off that capability.
820 	 */
821 	if (s->dialect < SMB_VERS_2_1) {
822 		/* SMB 2.002 */
823 		s->srv_cap = smb2srv_capabilities & SMB2_CAP_DFS;
824 	} else if (s->dialect < SMB_VERS_3_0) {
825 		/* SMB 2.x */
826 		s->srv_cap = smb2srv_capabilities & SMB_2X_CAPS;
827 	} else {
828 		/* SMB 3.0 or later */
829 		s->srv_cap = smb2srv_capabilities &
830 		    (SMB_2X_CAPS | s->capabilities);
831 
832 		if (s->dialect < SMB_VERS_3_11)
833 			s->smb31_enc_cipherid = SMB3_CIPHER_AES128_CCM;
834 		/* else from negotiate context */
835 
836 		if ((s->srv_cap & SMB2_CAP_ENCRYPTION) != 0 &&
837 		    smb3_encrypt_init_mech(s) != 0) {
838 			s->srv_cap &= ~SMB2_CAP_ENCRYPTION;
839 		}
840 
841 		if (s->dialect >= SMB_VERS_3_11) {
842 			smb2_encrypt_caps_t *encap =
843 			    &nego->neg_in_ctxs.encrypt_ctx.encrypt_caps;
844 
845 			neg_ctx_cnt = 1; // always have preauth
846 
847 			if (encap->encap_cipher_count != 0)
848 				neg_ctx_cnt++;
849 
850 			neg_ctx_off = NEG_CTX_OFFSET_OFFSET +
851 			    P2ROUNDUP(sr->sr_cfg->skc_negtok_len, 8);
852 
853 			ASSERT3U(s->smb31_preauth_hashid, !=, 0);
854 
855 			if (smb31_preauth_sha512_calc(sr, &sr->command,
856 			    s->smb31_preauth_hashval,
857 			    s->smb31_preauth_hashval) != 0)
858 				cmn_err(CE_WARN, "(0) Preauth hash calculation "
859 				    "failed");
860 		}
861 	}
862 
863 	/*
864 	 * See notes above smb2_max_rwsize, smb2_old_rwsize
865 	 */
866 	if (s->capabilities & SMB2_CAP_LARGE_MTU)
867 		max_rwsize = smb2_max_rwsize;
868 	else
869 		max_rwsize = smb2_old_rwsize;
870 
871 	rc = smb_mbc_encodef(
872 	    &sr->reply,
873 	    "wwww#cllllTTwwl#c",
874 	    65,	/* StructSize */	/* w */
875 	    s->srv_secmode,		/* w */
876 	    version,			/* w */
877 	    neg_ctx_cnt,		/* w */
878 	    UUID_LEN,			/* # */
879 	    &s->s_cfg.skc_machine_uuid, /* c */
880 	    s->srv_cap,			/* l */
881 	    smb2_max_trans,		/* l */
882 	    max_rwsize,			/* l */
883 	    max_rwsize,			/* l */
884 	    &now_tv,			/* T */
885 	    &boot_tv,			/* T */
886 	    128, /* SecBufOff */	/* w */
887 	    sr->sr_cfg->skc_negtok_len,	/* w */
888 	    neg_ctx_off,		/* l */
889 	    sr->sr_cfg->skc_negtok_len,	/* # */
890 	    sr->sr_cfg->skc_negtok);	/* c */
891 
892 	/* Note: smb31_encode_neg_ctxs() follows in caller */
893 
894 	/* smb2_send_reply(sr); in caller */
895 
896 	(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
897 	    SO_SNDBUF, (const void *)&smb2_tcp_bufsize,
898 	    sizeof (smb2_tcp_bufsize), CRED());
899 	(void) ksocket_setsockopt(s->sock, SOL_SOCKET,
900 	    SO_RCVBUF, (const void *)&smb2_tcp_bufsize,
901 	    sizeof (smb2_tcp_bufsize), CRED());
902 
903 	return (rc);
904 }
905 
906 /*
907  * SMB2 Dispatch table handler, which will run if we see an
908  * SMB2_NEGOTIATE after the initial negotiation is done.
909  * That would be a protocol error.
910  */
911 smb_sdrc_t
smb2_negotiate(smb_request_t * sr)912 smb2_negotiate(smb_request_t *sr)
913 {
914 	sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
915 	return (SDRC_ERROR);
916 }
917 
918 /*
919  * VALIDATE_NEGOTIATE_INFO [MS-SMB2] 2.2.32.6
920  */
921 uint32_t
smb2_nego_validate(smb_request_t * sr,smb_fsctl_t * fsctl)922 smb2_nego_validate(smb_request_t *sr, smb_fsctl_t *fsctl)
923 {
924 	smb_session_t *s = sr->session;
925 	int rc;
926 
927 	/*
928 	 * The spec. says to parse the VALIDATE_NEGOTIATE_INFO here
929 	 * and verify that the original negotiate was not modified.
930 	 *
931 	 * One interesting requirement here is that we MUST reply
932 	 * with exactly the same information as we returned in our
933 	 * original reply to the SMB2 negotiate on this session.
934 	 * If we don't the client closes the connection.
935 	 */
936 
937 	uint32_t capabilities;
938 	uint16_t secmode;
939 	uint16_t num_dialects;
940 	uint16_t dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
941 	uint8_t clnt_guid[16];
942 
943 	if (s->dialect >= SMB_VERS_3_11)
944 		goto drop;
945 
946 	/*
947 	 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
948 	 *
949 	 * If the dialect is SMB3 and the message was successfully
950 	 * decrypted we MUST skip processing of the signature.
951 	 */
952 	if (!sr->encrypted && (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0)
953 		goto drop;
954 
955 	if (fsctl->InputCount < 24)
956 		goto drop;
957 
958 	(void) smb_mbc_decodef(fsctl->in_mbc, "l16cww",
959 	    &capabilities, /* l */
960 	    &clnt_guid, /* 16c */
961 	    &secmode, /* w */
962 	    &num_dialects); /* w */
963 
964 	if (num_dialects == 0 || num_dialects > SMB2_NEGOTIATE_MAX_DIALECTS)
965 		goto drop;
966 	if (secmode != s->cli_secmode)
967 		goto drop;
968 	if (capabilities != s->capabilities)
969 		goto drop;
970 	if (memcmp(clnt_guid, s->clnt_uuid, sizeof (clnt_guid)) != 0)
971 		goto drop;
972 
973 	rc = smb_mbc_decodef(fsctl->in_mbc, "#w", num_dialects, dialects);
974 	if (rc != 0)
975 		goto drop;
976 
977 	/*
978 	 * MS-SMB2 says we should compare the dialects array with the
979 	 * one sent previously, but that appears to be unnecessary
980 	 * as long as we end up with the same dialect.
981 	 */
982 	if (smb2_find_best_dialect(s, dialects, num_dialects) != s->dialect)
983 		goto drop;
984 
985 	rc = smb_mbc_encodef(
986 	    fsctl->out_mbc, "l#cww",
987 	    s->srv_cap,			/* l */
988 	    UUID_LEN,			/* # */
989 	    &s->s_cfg.skc_machine_uuid, /* c */
990 	    s->srv_secmode,		/* w */
991 	    s->dialect);		/* w */
992 	if (rc == 0)
993 		return (rc);
994 
995 drop:
996 	smb_session_disconnect(s);
997 	return (NT_STATUS_ACCESS_DENIED);
998 }
999