1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
14 */
15
16 /*
17 * Dispatch function for SMB2_SESSION_SETUP
18 *
19 * Note that the Capabilities supplied in this request are an inferior
20 * subset of those given to us previously in the SMB2 Negotiate request.
21 * We need to remember the full set of capabilities from SMB2 Negotiate,
22 * and therefore ignore the subset of capabilities supplied here.
23 */
24
25 #include <smbsrv/smb2_kproto.h>
26
27 static void smb2_ss_adjust_credits(smb_request_t *);
28
29 smb_sdrc_t
30 smb2_session_setup(smb_request_t *sr)
31 {
32 smb_arg_sessionsetup_t *sinfo;
33 uint16_t StructureSize;
34 uint8_t Flags;
35 uint8_t SecurityMode;
36 uint32_t Capabilities; /* ignored - see above */
37 uint32_t Channel;
38 uint16_t SecBufOffset;
39 uint16_t SecBufLength;
40 uint64_t PrevSsnId;
41 uint16_t SessionFlags;
42 uint32_t status;
43 int skip;
44 int rc = 0;
45
46 sinfo = smb_srm_zalloc(sr, sizeof (smb_arg_sessionsetup_t));
47 sr->sr_ssetup = sinfo;
48
49 rc = smb_mbc_decodef(
50 &sr->smb_data, "wbbllwwq",
51 &StructureSize, /* w */
52 &Flags, /* b */
62 /*
63 * We're normally positioned at the security buffer now,
64 * but there could be some padding before it.
65 */
66 skip = (SecBufOffset + sr->smb2_cmd_hdr) -
67 sr->smb_data.chain_offset;
68 if (skip < 0)
69 return (SDRC_ERROR);
70 if (skip > 0)
71 (void) smb_mbc_decodef(&sr->smb_data, "#.", skip);
72
73 /*
74 * Get the security buffer
75 */
76 sinfo->ssi_iseclen = SecBufLength;
77 sinfo->ssi_isecblob = smb_srm_zalloc(sr, sinfo->ssi_iseclen);
78 rc = smb_mbc_decodef(&sr->smb_data, "#c",
79 sinfo->ssi_iseclen, sinfo->ssi_isecblob);
80 if (rc)
81 return (SDRC_ERROR);
82
83 /*
84 * Decoded everything. Dtrace probe,
85 * then no more early returns.
86 */
87 DTRACE_SMB2_START(op__SessionSetup, smb_request_t *, sr);
88
89 /*
90 * [MS-SMB2] 3.3.5.5 Receiving an SMB2 SESSION_SETUP Request
91 *
92 * If we support 3.x, RejectUnencryptedAccess is TRUE,
93 * global EncryptData is TRUE, but we're not talking
94 * 3.x or the client doesn't support encryption,
95 * return ACCESS_DENIED.
96 *
97 * If RejectUnencryptedAccess is TRUE, we force max_protocol
98 * to at least 3.0.
99 */
100 if (sr->sr_server->sv_cfg.skc_encrypt == SMB_CONFIG_REQUIRED &&
101 (sr->session->dialect < SMB_VERS_3_0 ||
|
1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
14 * Copyright 2020 RackTop Systems, Inc.
15 */
16
17 /*
18 * Dispatch function for SMB2_SESSION_SETUP
19 *
20 * Note that the Capabilities supplied in this request are an inferior
21 * subset of those given to us previously in the SMB2 Negotiate request.
22 * We need to remember the full set of capabilities from SMB2 Negotiate,
23 * and therefore ignore the subset of capabilities supplied here.
24 */
25
26 #include <smbsrv/smb2_kproto.h>
27
28 static void smb2_ss_adjust_credits(smb_request_t *);
29
30 smb_sdrc_t
31 smb2_session_setup(smb_request_t *sr)
32 {
33 smb_arg_sessionsetup_t *sinfo;
34 smb_session_t *s = sr->session;
35 uint16_t StructureSize;
36 uint8_t Flags;
37 uint8_t SecurityMode;
38 uint32_t Capabilities; /* ignored - see above */
39 uint32_t Channel;
40 uint16_t SecBufOffset;
41 uint16_t SecBufLength;
42 uint64_t PrevSsnId;
43 uint16_t SessionFlags;
44 uint32_t status;
45 int skip;
46 int rc = 0;
47
48 sinfo = smb_srm_zalloc(sr, sizeof (smb_arg_sessionsetup_t));
49 sr->sr_ssetup = sinfo;
50
51 rc = smb_mbc_decodef(
52 &sr->smb_data, "wbbllwwq",
53 &StructureSize, /* w */
54 &Flags, /* b */
64 /*
65 * We're normally positioned at the security buffer now,
66 * but there could be some padding before it.
67 */
68 skip = (SecBufOffset + sr->smb2_cmd_hdr) -
69 sr->smb_data.chain_offset;
70 if (skip < 0)
71 return (SDRC_ERROR);
72 if (skip > 0)
73 (void) smb_mbc_decodef(&sr->smb_data, "#.", skip);
74
75 /*
76 * Get the security buffer
77 */
78 sinfo->ssi_iseclen = SecBufLength;
79 sinfo->ssi_isecblob = smb_srm_zalloc(sr, sinfo->ssi_iseclen);
80 rc = smb_mbc_decodef(&sr->smb_data, "#c",
81 sinfo->ssi_iseclen, sinfo->ssi_isecblob);
82 if (rc)
83 return (SDRC_ERROR);
84
85 if (s->dialect >= SMB_VERS_3_11) {
86 ASSERT3U(s->smb31_preauth_hashid, !=, 0);
87 (void) smb31_preauth_sha512_calc(sr, &sr->command,
88 s->smb31_preauth_hashval);
89 }
90
91 /*
92 * Decoded everything. Dtrace probe,
93 * then no more early returns.
94 */
95 DTRACE_SMB2_START(op__SessionSetup, smb_request_t *, sr);
96
97 /*
98 * [MS-SMB2] 3.3.5.5 Receiving an SMB2 SESSION_SETUP Request
99 *
100 * If we support 3.x, RejectUnencryptedAccess is TRUE,
101 * global EncryptData is TRUE, but we're not talking
102 * 3.x or the client doesn't support encryption,
103 * return ACCESS_DENIED.
104 *
105 * If RejectUnencryptedAccess is TRUE, we force max_protocol
106 * to at least 3.0.
107 */
108 if (sr->sr_server->sv_cfg.skc_encrypt == SMB_CONFIG_REQUIRED &&
109 (sr->session->dialect < SMB_VERS_3_0 ||
|