smb_negotiate.c revision 3db3f65c6274eb042354801a308c8e9bc4994553
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Notes on the virtual circuit (VC) values in the SMB Negotiate
* response and SessionSetupAndx request.
*
* A virtual circuit (VC) represents a connection between a client and a
* server using a reliable, session oriented transport protocol, such as
* single underlying transport connection, i.e. a single NetBIOS session,
* which limited performance for raw data transfers.
*
* The intention behind multiple VCs was to improve performance by
* allowing parallelism over each NetBIOS session. For example, raw data
* could be transmitted using a different VC from other types of SMB
* requests to remove the interleaving restriction while a raw transfer
* is in progress. So the MaxNumberVcs field was added to the negotiate
* response to make the number of VCs configurable and to allow servers
* to specify how many they were prepared to support per session
* connection. This turned out to be difficult to manage and, with
* technology improvements, it has become obsolete.
*
* Servers should set the MaxNumberVcs value in the Negotiate response
* to 1. Clients should probably ignore it. If a server receives a
* SessionSetupAndx with a VC value of 0, it should close all other
* VCs to that client. If it receives a non-zero VC, it should leave
* other VCs in tact.
*
*/
/*
* SMB: negotiate
*
* Client Request Description
* ============================ =======================================
*
* UCHAR WordCount; Count of parameter words = 0
* USHORT ByteCount; Count of data bytes; min = 2
* struct {
* UCHAR BufferFormat; 0x02 -- Dialect
* UCHAR DialectName[]; ASCII null-terminated string
* } Dialects[];
*
* The Client sends a list of dialects that it can communicate with. The
* response is a selection of one of those dialects (numbered 0 through n)
* or -1 (hex FFFF) indicating that none of the dialects were acceptable.
* The negotiate message is binding on the virtual circuit and must be
* sent. One and only one negotiate message may be sent, subsequent
* negotiate requests will be rejected with an error response and no action
* will be taken.
*
* The protocol does not impose any particular structure to the dialect
* strings. Implementors of particular protocols may choose to include,
* for example, version numbers in the string.
*
* If the server does not understand any of the dialect strings, or if PC
* NETWORK PROGRAM 1.0 is the chosen dialect, the response format is
*
* Server Response Description
* ============================ =======================================
*
* UCHAR WordCount; Count of parameter words = 1
* USHORT DialectIndex; Index of selected dialect
* USHORT ByteCount; Count of data bytes = 0
*
* If the chosen dialect is greater than core up to and including
* LANMAN2.1, the protocol response format is
*
* Server Response Description
* ============================ =======================================
*
* UCHAR WordCount; Count of parameter words = 13
* USHORT DialectIndex; Index of selected dialect
* USHORT SecurityMode; Security mode:
* bit 0: 0 = share, 1 = user
* authentication
* USHORT MaxBufferSize; Max transmit buffer size (>= 1024)
* USHORT MaxMpxCount; Max pending multiplexed requests
* USHORT MaxNumberVcs; Max VCs between client and server
* USHORT RawMode; Raw modes supported:
* bit 0: 1 = Read Raw supported
* bit 1: 1 = Write Raw supported
* ULONG SessionKey; Unique token identifying this session
* SMB_TIME ServerTime; Current time at server
* SMB_DATE ServerDate; Current date at server
* USHORT ServerTimeZone; Current time zone at server
* USHORT EncryptionKeyLength; MBZ if this is not LM2.1
* USHORT Reserved; MBZ
* USHORT ByteCount Count of data bytes
* UCHAR EncryptionKey[]; The challenge encryption key
* STRING PrimaryDomain[]; The server's primary domain
*
* MaxBufferSize is the size of the largest message which the client can
* legitimately send to the server
*
* If bit0 of the Flags field is set in the negotiate response, this
* indicates the server supports the SMB_COM_LOCK_AND_READ and
* SMB_COM_WRITE_AND_UNLOCK client requests.
*
* If the SecurityMode field indicates the server is running in user mode,
* the client must send appropriate SMB_COM_SESSION_SETUP_ANDX requests
* before the server will allow the client to access resources. If the
* authentication, the client should use the authentication mechanism
* specified in section 2.10.
*
* Clients should submit no more than MaxMpxCount distinct unanswered SMBs
* to the server when using multiplexed reads or writes (see sections 5.13
* and 5.25)
*
* Clients using the "MICROSOFT NETWORKS 1.03" dialect use a different
* form of raw reads than documented here, and servers are better off
* setting RawMode in this response to 0 for such sessions.
*
* If the negotiated dialect is "DOS LANMAN2.1" or "LANMAN2.1", then
* PrimaryDomain string should be included in this response.
*
* If the negotiated dialect is NT LM 0.12, the response format is
*
* Server Response Description
* ========================== =========================================
*
* UCHAR WordCount; Count of parameter words = 17
* USHORT DialectIndex; Index of selected dialect
* UCHAR SecurityMode; Security mode:
* bit 0: 0 = share, 1 = user
* bit 1: 1 = encrypt passwords
* USHORT MaxMpxCount; Max pending multiplexed requests
* USHORT MaxNumberVcs; Max VCs between client and server
* ULONG MaxBufferSize; Max transmit buffer size
* ULONG MaxRawSize; Maximum raw buffer size
* ULONG SessionKey; Unique token identifying this session
* ULONG Capabilities; Server capabilities
* ULONG SystemTimeLow; System (UTC) time of the server (low).
* ULONG SystemTimeHigh; System (UTC) time of the server (high).
* USHORT ServerTimeZone; Time zone of server (min from UTC)
* UCHAR EncryptionKeyLength; Length of encryption key.
* USHORT ByteCount; Count of data bytes
* UCHAR EncryptionKey[]; The challenge encryption key
* UCHAR OemDomainName[]; The name of the domain (in OEM chars)
*
* In addition to the definitions above, MaxBufferSize is the size of the
* largest message which the client can legitimately send to the server.
* If the client is using a connectionless protocol, MaxBufferSize must be
* set to the smaller of the server's internal buffer size and the amount
* of data which can be placed in a response packet.
*
* MaxRawSize specifies the maximum message size the server can send or
* receive for SMB_COM_WRITE_RAW or SMB_COM_READ_RAW.
*
* Connectionless clients must set Sid to 0 in the SMB request header.
*
* Capabilities allows the server to tell the client what it supports.
* The bit definitions defined in cifs.h. Bit 0x2000 used to be set in
* the negotiate response capabilities but it caused problems with
* Windows 2000. It is probably not valid, it doesn't appear in the
* CIFS spec.
*
* 4.1.1.1 Errors
*
*/
#include <sys/socketvar.h>
#include <smbsrv/smb_incl.h>
#include <smbsrv/smb_i18n.h>
/*
* Maximum buffer size for DOS: chosen to be the same as NT.
* Do not change this value, DOS is very sensitive to it.
*/
#define SMB_DOS_MAXBUF 0x1104
/*
* The DOS TCP rcvbuf is set to 8700 because DOS 6.1 seems to have problems
* with other values. DOS 6.1 seems to depend on a window value of 8700 to
* send the next set of data. If we return a window value of 40KB, after
* sending 8700 bytes of data, it will start the next set of data from 40KB
* instead of 8.7k. Why 8.7k? We have no idea; it is the value that NT uses.
* September 2000.
*
* IR104720 Increased smb_nt_tcp_rcvbuf from 40KB to just under 1MB to allow
* for a larger TCP window sizei based on observations of Windows 2000 and
* performance testing. March 2003.
*/
static void smb_get_security_info(smb_request_t *, unsigned short *,
unsigned char *, unsigned char *, uint32_t *);
/*
* Function: int smb_com_negotiate(struct smb_request *)
*/
{
return (SDRC_SUCCESS);
}
void
{
}
{
int dialect = 0;
int this_dialect;
unsigned char keylen;
int sel_pos = -1;
int pos;
char key[32];
char *p;
unsigned short secmode;
uint32_t capabilities = 0;
int rc;
unsigned short max_mpx_count;
char ipaddr_buf[INET_ADDRSTRLEN];
/* The protocol has already been negotiated. */
return (SDRC_ERROR);
}
for (pos = 0;
pos++) {
return (SDRC_ERROR);
}
if (this_dialect < 0)
continue;
if (dialect < this_dialect) {
}
}
if (sel_pos < 0) {
return (SDRC_ERROR);
}
/* tz correct. (min) */
switch (dialect) {
case DIALECT_UNKNOWN:
case PC_NETWORK_PROGRAM_1_0: /* core */
(const void *)&smb_dos_tcp_rcvbuf,
sizeof (smb_dos_tcp_rcvbuf));
break;
case PCLAN1_0:
case MICROSOFT_NETWORKS_1_03:
case MICROSOFT_NETWORKS_3_0:
case LANMAN1_0:
case LM1_2X002:
case DOS_LM1_2X002:
(const void *)&smb_dos_tcp_rcvbuf,
sizeof (smb_dos_tcp_rcvbuf));
"bwwwwwwlYww2.w#c",
13, /* wct */
sel_pos, /* dialect index */
secmode, /* security mode */
SMB_DOS_MAXBUF, /* max buffer size */
1, /* max MPX (temporary) */
1, /* max VCs (temporary, ambiguous) */
3, /* raw mode (s/b 3) */
sesskey, /* session key */
tz_correction, /* see smb_get_gmtoff */
(short)keylen, /* Encryption Key Length */
/* reserved field handled 2. */
(int)keylen,
key); /* encryption key */
break;
case DOS_LANMAN2_1:
case LANMAN2_1:
(const void *)&smb_dos_tcp_rcvbuf,
sizeof (smb_dos_tcp_rcvbuf));
"bwwwwwwlYww2.w#cs",
13, /* wct */
sel_pos, /* dialect index */
secmode, /* security mode */
SMB_DOS_MAXBUF, /* max buffer size */
1, /* max MPX (temporary) */
1, /* max VCs (temporary, ambiguous) */
3, /* raw mode (s/b 3) */
sesskey, /* session key */
(short)keylen, /* Encryption Key Length */
/* reserved field handled 2. */
(int)keylen,
key, /* encryption key */
break;
case NT_LM_0_12:
(const void *)&smb_nt_tcp_rcvbuf,
sizeof (smb_nt_tcp_rcvbuf));
/*
* UNICODE support is required to enable support for long
* share names and long file names and streams.
*/
/*
* Turn off Extended Security Negotiation
*/
/*
* Allow SMB signatures if security challenge response enabled
*/
if ((secmode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
secmode |=
}
ipaddr_buf, sizeof (ipaddr_buf));
"bwbwwllllTwbw#cZ",
17, /* wct */
sel_pos, /* dialect index */
secmode, /* security mode */
max_mpx_count, /* max MPX (temporary) */
1, /* max VCs (temporary, ambiguous) */
0xFFFF, /* max raw size */
sesskey, /* session key */
&time_val, /* system time */
keylen, /* Encryption Key Length */
(int)keylen,
key, /* encryption key */
break;
default:
return (SDRC_ERROR);
}
if (rc != 0)
return (SDRC_ERROR);
/*
* Save the agreed dialect. Note that this value is also
* used to detect and reject attempts to re-negotiate.
*/
return (SDRC_SUCCESS);
}
static void
struct smb_request *sr,
unsigned short *secmode,
unsigned char *key,
unsigned char *keylen,
{
*keylen = 8;
}