1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 14 */ 15 16 /* 17 * Dispatch function for SMB2_SESSION_SETUP 18 * 19 * Note that the Capabilities supplied in this request are an inferior 20 * subset of those given to us previously in the SMB2 Negotiate request. 21 * We need to remember the full set of capabilities from SMB2 Negotiate, 22 * and therefore ignore the subset of capabilities supplied here. 23 */ 24 25 #include <smbsrv/smb2_kproto.h> 26 27 static void smb2_ss_adjust_credits(smb_request_t *); 28 29 smb_sdrc_t 30 smb2_session_setup(smb_request_t *sr) 31 { 32 smb_arg_sessionsetup_t *sinfo; 33 uint16_t StructureSize; 34 uint8_t Flags; 35 uint8_t SecurityMode; 36 uint32_t Capabilities; /* ignored - see above */ 37 uint32_t Channel; 38 uint16_t SecBufOffset; 39 uint16_t SecBufLength; 40 uint64_t PrevSsnId; 41 uint16_t SessionFlags; 42 uint32_t status; 43 int skip; 44 int rc = 0; 45 46 sinfo = smb_srm_zalloc(sr, sizeof (smb_arg_sessionsetup_t)); 47 sr->sr_ssetup = sinfo; 48 49 rc = smb_mbc_decodef( 50 &sr->smb_data, "wbbllwwq", 51 &StructureSize, /* w */ 52 &Flags, /* b */ 53 &SecurityMode, /* b */ 54 &Capabilities, /* l */ 55 &Channel, /* l */ 56 &SecBufOffset, /* w */ 57 &SecBufLength, /* w */ 58 &PrevSsnId); /* q */ 59 if (rc) 60 return (SDRC_ERROR); 61 62 /* 63 * We're normally positioned at the security buffer now, 64 * but there could be some padding before it. 65 */ 66 skip = (SecBufOffset + sr->smb2_cmd_hdr) - 67 sr->smb_data.chain_offset; 68 if (skip < 0) 69 return (SDRC_ERROR); 70 if (skip > 0) 71 (void) smb_mbc_decodef(&sr->smb_data, "#.", skip); 72 73 /* 74 * Get the security buffer 75 */ 76 sinfo->ssi_iseclen = SecBufLength; 77 sinfo->ssi_isecblob = smb_srm_zalloc(sr, sinfo->ssi_iseclen); 78 rc = smb_mbc_decodef(&sr->smb_data, "#c", 79 sinfo->ssi_iseclen, sinfo->ssi_isecblob); 80 if (rc) 81 return (SDRC_ERROR); 82 83 /* 84 * Decoded everything. Dtrace probe, 85 * then no more early returns. 86 */ 87 DTRACE_SMB2_START(op__SessionSetup, smb_request_t *, sr); 88 89 /* 90 * [MS-SMB2] 3.3.5.5 Receiving an SMB2 SESSION_SETUP Request 91 * 92 * If we support 3.x, RejectUnencryptedAccess is TRUE, 93 * global EncryptData is TRUE, but we're not talking 94 * 3.x or the client doesn't support encryption, 95 * return ACCESS_DENIED. 96 * 97 * If RejectUnencryptedAccess is TRUE, we force max_protocol 98 * to at least 3.0. 99 */ 100 if (sr->sr_server->sv_cfg.skc_encrypt == SMB_CONFIG_REQUIRED && 101 (sr->session->dialect < SMB_VERS_3_0 || 102 !SMB3_CLIENT_ENCRYPTS(sr))) { 103 status = NT_STATUS_ACCESS_DENIED; 104 goto errout; 105 } 106 107 /* 108 * SMB3 multi-channel features are not supported. 109 * Once they are, this will check the dialect and 110 * whether multi-channel was negotiated, i.e. 111 * if (sr->session->dialect < SMB_VERS_3_0 || 112 * s->IsMultiChannelCapable == False) 113 * return (error...) 114 */ 115 if (Flags & SMB2_SESSION_FLAG_BINDING) { 116 status = NT_STATUS_REQUEST_NOT_ACCEPTED; 117 goto errout; 118 } 119 120 /* 121 * The real auth. work happens in here. 122 */ 123 status = smb_authenticate_ext(sr); 124 125 SecBufOffset = SMB2_HDR_SIZE + 8; 126 SecBufLength = sinfo->ssi_oseclen; 127 SessionFlags = 0; 128 129 switch (status) { 130 131 case NT_STATUS_SUCCESS: /* Authenticated */ 132 if ((sr->uid_user->u_flags & SMB_USER_FLAG_GUEST) != 0) 133 SessionFlags |= SMB2_SESSION_FLAG_IS_GUEST; 134 if ((sr->uid_user->u_flags & SMB_USER_FLAG_ANON) != 0) 135 SessionFlags |= SMB2_SESSION_FLAG_IS_NULL; 136 if (sr->uid_user->u_encrypt != SMB_CONFIG_DISABLED) 137 SessionFlags |= SMB2_SESSION_FLAG_ENCRYPT_DATA; 138 smb2_ss_adjust_credits(sr); 139 140 /* 141 * PrevSsnId is a session that the client is reporting as 142 * having gone away, and for which we might not yet have seen 143 * a disconnect. We need to log off the previous session so 144 * any durable handles in that session will become orphans 145 * that can be reclaimed in this new session. Note that 146 * either zero or the _current_ session ID means there is 147 * no previous session to logoff. 148 */ 149 if (PrevSsnId != 0 && 150 PrevSsnId != sr->smb2_ssnid) 151 smb_server_logoff_ssnid(sr, PrevSsnId); 152 break; 153 154 /* 155 * This is not really an error, but tells the client 156 * it should send another session setup request. 157 * Not smb2_put_error because we send a payload. 158 */ 159 case NT_STATUS_MORE_PROCESSING_REQUIRED: 160 sr->smb2_status = status; 161 break; 162 163 default: 164 errout: 165 SecBufLength = 0; 166 sr->smb2_status = status; 167 break; 168 } 169 170 /* sr->smb2_status set above */ 171 DTRACE_SMB2_DONE(op__SessionSetup, smb_request_t *, sr); 172 173 /* 174 * SMB2 Session Setup reply 175 */ 176 177 rc = smb_mbc_encodef( 178 &sr->reply, 179 "wwww#c", 180 9, /* StructSize */ /* w */ 181 SessionFlags, /* w */ 182 SecBufOffset, /* w */ 183 SecBufLength, /* w */ 184 SecBufLength, /* # */ 185 sinfo->ssi_osecblob); /* c */ 186 if (rc) 187 sr->smb2_status = NT_STATUS_INTERNAL_ERROR; 188 189 return (SDRC_SUCCESS); 190 } 191 192 /* 193 * After a successful authentication, raise s_max_credits up to the 194 * normal maximum that clients are allowed to request. Also, if we 195 * haven't yet given them their initial credits, do that now. 196 * 197 * Normally, clients will request some credits with session setup, 198 * but in case they don't request enough to raise s_cur_credits 199 * up to the configured initial_credits, increase the requested 200 * credits of this SR sufficiently to make that happen. The actual 201 * increase happens in the dispatch code after we return. 202 */ 203 static void 204 smb2_ss_adjust_credits(smb_request_t *sr) 205 { 206 smb_session_t *s = sr->session; 207 208 mutex_enter(&s->s_credits_mutex); 209 s->s_max_credits = s->s_cfg.skc_maximum_credits; 210 211 if (s->s_cur_credits < s->s_cfg.skc_initial_credits) { 212 uint16_t grant; 213 214 /* How many credits we want to grant with this SR. */ 215 grant = s->s_cfg.skc_initial_credits - s->s_cur_credits; 216 217 /* 218 * Do we need to increase the smb2_credit_request? 219 * One might prefer to read this expression as: 220 * ((credit_request - credit_charge) < grant) 221 * but we know credit_charge == 1 and would rather not 222 * deal with a possibly negative value on the left, 223 * so adding credit_charge to both sides... 224 */ 225 if (sr->smb2_credit_request < (grant + 1)) { 226 sr->smb2_credit_request = (grant + 1); 227 } 228 } 229 230 mutex_exit(&s->s_credits_mutex); 231 }