2 * Copyright (c) 2000-2001 Boris Popov
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Boris Popov.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * $FreeBSD: src/sys/netsmb/smb_smb.c,v 1.1.2.3 2002/12/14 14:44:19 fjoe Exp $
33 * $DragonFly: src/sys/netproto/smb/smb_smb.c,v 1.7 2007/08/21 17:26:47 dillon Exp $
36 * various SMB requests. Most of the routines merely packs data into mbufs.
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/kernel.h>
41 #include <sys/malloc.h>
44 #include <sys/sysctl.h>
45 #include <sys/socket.h>
48 #include <sys/iconv.h>
49 #include <machine/limits.h>
62 static struct smb_dialect smb_dialects[] = {
63 {SMB_DIALECT_CORE, "PC NETWORK PROGRAM 1.0"},
64 {SMB_DIALECT_COREPLUS, "MICROSOFT NETWORKS 1.03"},
65 {SMB_DIALECT_LANMAN1_0, "MICROSOFT NETWORKS 3.0"},
66 {SMB_DIALECT_LANMAN1_0, "LANMAN1.0"},
67 {SMB_DIALECT_LANMAN2_0, "LM1.2X002"},
68 {SMB_DIALECT_LANMAN2_0, "Samba"},
69 {SMB_DIALECT_NTLM0_12, "NT LANMAN 1.0"},
70 {SMB_DIALECT_NTLM0_12, "NT LM 0.12"},
74 #define SMB_DIALECT_MAX (sizeof(smb_dialects) / sizeof(struct smb_dialect) - 2)
77 smb_smb_nomux(struct smb_vc *vcp, struct smb_cred *scred, const char *name)
79 if (scred->scr_td == vcp->vc_iod->iod_td)
81 SMBERROR("wrong function called(%s)\n", name);
86 smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
88 struct smb_dialect *dp;
89 struct smb_sopt *sp = NULL;
93 u_int8_t wc, stime[8], sblen;
94 u_int16_t dindex, tw, tw1, swlen, bc;
97 if (smb_smb_nomux(vcp, scred, __func__) != 0)
101 vcp->obj.co_flags &= ~(SMBV_ENCRYPT);
103 bzero(sp, sizeof(struct smb_sopt));
104 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_NEGOTIATE, scred, &rqp);
107 smb_rq_getrequest(rqp, &mbp);
111 for(dp = smb_dialects; dp->d_id != -1; dp++) {
112 mb_put_uint8(mbp, SMB_DT_DIALECT);
113 smb_put_dstring(mbp, vcp, dp->d_name, SMB_CS_NONE);
116 error = smb_rq_simple(rqp);
117 SMBSDEBUG("%d\n", error);
120 smb_rq_getreply(rqp, &mdp);
122 error = md_get_uint8(mdp, &wc);
125 error = md_get_uint16le(mdp, &dindex);
129 SMBERROR("Don't know how to talk with server %s (%d)\n", "xxx", dindex);
133 dp = smb_dialects + dindex;
134 sp->sv_proto = dp->d_id;
135 SMBSDEBUG("Dialect %s (%d, %d)\n", dp->d_name, dindex, wc);
137 if (dp->d_id >= SMB_DIALECT_NTLM0_12) {
140 md_get_uint8(mdp, &sp->sv_sm);
141 md_get_uint16le(mdp, &sp->sv_maxmux);
142 md_get_uint16le(mdp, &sp->sv_maxvcs);
143 md_get_uint32le(mdp, &sp->sv_maxtx);
144 md_get_uint32le(mdp, &sp->sv_maxraw);
145 md_get_uint32le(mdp, &sp->sv_skey);
146 md_get_uint32le(mdp, &sp->sv_caps);
147 md_get_mem(mdp, stime, 8, MB_MSYSTEM);
148 md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
149 md_get_uint8(mdp, &sblen);
150 if (sblen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
151 if (sblen != SMB_MAXCHALLENGELEN) {
152 SMBERROR("Unexpected length of security blob (%d)\n", sblen);
155 error = md_get_uint16(mdp, &bc);
158 if (sp->sv_caps & SMB_CAP_EXT_SECURITY)
159 md_get_mem(mdp, NULL, 16, MB_MSYSTEM);
160 error = md_get_mem(mdp, vcp->vc_ch, sblen, MB_MSYSTEM);
163 vcp->vc_chlen = sblen;
164 vcp->obj.co_flags |= SMBV_ENCRYPT;
166 vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
167 if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
168 sp->sv_maxtx < 4096 &&
169 (sp->sv_caps & SMB_CAP_NT_SMBS) == 0) {
170 vcp->obj.co_flags |= SMBV_WIN95;
171 SMBSDEBUG("Win95 detected\n");
173 } else if (dp->d_id > SMB_DIALECT_CORE) {
174 md_get_uint16le(mdp, &tw);
176 md_get_uint16le(mdp, &tw);
178 md_get_uint16le(mdp, &sp->sv_maxmux);
179 md_get_uint16le(mdp, &sp->sv_maxvcs);
180 md_get_uint16le(mdp, &tw); /* rawmode */
181 md_get_uint32le(mdp, &sp->sv_skey);
182 if (wc == 13) { /* >= LANMAN1 */
183 md_get_uint16(mdp, &tw); /* time */
184 md_get_uint16(mdp, &tw1); /* date */
185 md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
186 md_get_uint16le(mdp, &swlen);
187 if (swlen > SMB_MAXCHALLENGELEN)
189 md_get_uint16(mdp, NULL); /* mbz */
190 if (md_get_uint16(mdp, &bc) != 0)
194 if (swlen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
195 error = md_get_mem(mdp, vcp->vc_ch, swlen, MB_MSYSTEM);
198 vcp->vc_chlen = swlen;
199 vcp->obj.co_flags |= SMBV_ENCRYPT;
202 vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
203 } else { /* an old CORE protocol */
209 vcp->vc_maxvcs = sp->sv_maxvcs;
210 if (vcp->vc_maxvcs <= 1) {
211 if (vcp->vc_maxvcs == 0)
214 if (sp->sv_maxtx <= 0 || sp->sv_maxtx > 0xffff)
216 SMB_TRAN_GETPARAM(vcp, SMBTP_SNDSZ, &maxqsz);
217 vcp->vc_txmax = min(sp->sv_maxtx, maxqsz);
218 SMBSDEBUG("TZ = %d\n", sp->sv_tz);
219 SMBSDEBUG("CAPS = %x\n", sp->sv_caps);
220 SMBSDEBUG("MAXMUX = %d\n", sp->sv_maxmux);
221 SMBSDEBUG("MAXVCS = %d\n", sp->sv_maxvcs);
222 SMBSDEBUG("MAXRAW = %d\n", sp->sv_maxraw);
223 SMBSDEBUG("MAXTX = %d\n", sp->sv_maxtx);
231 smb_smb_ssnsetup(struct smb_vc *vcp, struct smb_cred *scred)
237 smb_uniptr unipp, ntencpass = NULL;
238 char *pp, *up, *pbuf, *encpass;
239 int error, plen, uniplen, ulen;
241 vcp->vc_smbuid = SMB_UID_UNKNOWN;
243 if (smb_smb_nomux(vcp, scred, __func__) != 0)
246 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_SESSION_SETUP_ANDX, scred, &rqp);
249 pbuf = kmalloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
250 encpass = kmalloc(24, M_SMBTEMP, M_WAITOK);
251 if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
252 iconv_convstr(vcp->vc_toupper, pbuf, smb_vc_getpass(vcp));
253 iconv_convstr(vcp->vc_toserver, pbuf, pbuf);
254 if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
256 smb_encrypt(pbuf, vcp->vc_ch, encpass);
257 ntencpass = kmalloc(uniplen, M_SMBTEMP, M_WAITOK);
258 iconv_convstr(vcp->vc_toserver, pbuf, smb_vc_getpass(vcp));
259 smb_ntencrypt(pbuf, vcp->vc_ch, (u_char*)ntencpass);
263 plen = strlen(pbuf) + 1;
266 ntencpass = kmalloc(uniplen, M_SMBTEMP, M_WAITOK);
267 smb_strtouni(ntencpass, smb_vc_getpass(vcp));
271 * The uniplen is zeroed because Samba cannot deal
272 * with this 2nd cleartext password. This Samba
273 * "bug" is actually a workaround for problems in
281 * In the share security mode password will be used
282 * only in the tree authentication
287 uniplen = 0 /* sizeof(smb_unieol) */;
291 up = vcp->vc_username;
292 ulen = strlen(up) + 1;
293 mb_put_uint8(mbp, 0xff);
294 mb_put_uint8(mbp, 0);
295 mb_put_uint16le(mbp, 0);
296 mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxtx);
297 mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxmux);
298 mb_put_uint16le(mbp, vcp->vc_number);
299 mb_put_uint32le(mbp, vcp->vc_sopt.sv_skey);
300 mb_put_uint16le(mbp, plen);
301 if (SMB_DIALECT(vcp) < SMB_DIALECT_NTLM0_12) {
302 mb_put_uint32le(mbp, 0);
305 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
306 smb_put_dstring(mbp, vcp, up, SMB_CS_NONE);
308 mb_put_uint16le(mbp, uniplen);
309 mb_put_uint32le(mbp, 0); /* reserved */
310 mb_put_uint32le(mbp, vcp->obj.co_flags & SMBV_UNICODE ?
311 SMB_CAP_UNICODE : 0);
314 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
315 mb_put_mem(mbp, (caddr_t)unipp, uniplen, MB_MSYSTEM);
316 smb_put_dstring(mbp, vcp, up, SMB_CS_NONE); /* AccountName */
317 smb_put_dstring(mbp, vcp, vcp->vc_domain, SMB_CS_NONE); /* PrimaryDomain */
318 smb_put_dstring(mbp, vcp, "FreeBSD", SMB_CS_NONE); /* Client's OS */
319 smb_put_dstring(mbp, vcp, "NETSMB", SMB_CS_NONE); /* Client name */
323 kfree(ntencpass, M_SMBTEMP);
324 error = smb_rq_simple(rqp);
325 SMBSDEBUG("%d\n", error);
327 if (rqp->sr_errclass == ERRDOS && rqp->sr_serror == ERRnoaccess)
331 vcp->vc_smbuid = rqp->sr_rpuid;
333 kfree(encpass, M_SMBTEMP);
334 kfree(pbuf, M_SMBTEMP);
340 smb_smb_ssnclose(struct smb_vc *vcp, struct smb_cred *scred)
346 if (vcp->vc_smbuid == SMB_UID_UNKNOWN)
349 if (smb_smb_nomux(vcp, scred, __func__) != 0)
352 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_LOGOFF_ANDX, scred, &rqp);
357 mb_put_uint8(mbp, 0xff);
358 mb_put_uint8(mbp, 0);
359 mb_put_uint16le(mbp, 0);
363 error = smb_rq_simple(rqp);
364 SMBSDEBUG("%d\n", error);
369 static char smb_any_share[] = "?????";
372 smb_share_typename(int stype)
381 pp = smb_any_share; /* can't use LPT: here... */
398 smb_smb_treeconnect(struct smb_share *ssp, struct smb_cred *scred)
401 struct smb_rq rq, *rqp = &rq;
403 char *pp, *pbuf, *encpass;
404 int error, plen, caseopt;
406 ssp->ss_tid = SMB_TID_UNKNOWN;
407 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_CONNECT_ANDX, scred, &rqp);
411 caseopt = SMB_CS_NONE;
412 if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
418 pbuf = kmalloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
419 encpass = kmalloc(24, M_SMBTEMP, M_WAITOK);
420 iconv_convstr(vcp->vc_toupper, pbuf, smb_share_getpass(ssp));
421 iconv_convstr(vcp->vc_toserver, pbuf, pbuf);
422 if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
424 smb_encrypt(pbuf, vcp->vc_ch, encpass);
427 plen = strlen(pbuf) + 1;
433 mb_put_uint8(mbp, 0xff);
434 mb_put_uint8(mbp, 0);
435 mb_put_uint16le(mbp, 0);
436 mb_put_uint16le(mbp, 0); /* Flags */
437 mb_put_uint16le(mbp, plen);
440 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
441 smb_put_dmem(mbp, vcp, "\\\\", 2, caseopt);
442 pp = vcp->vc_srvname;
443 smb_put_dmem(mbp, vcp, pp, strlen(pp), caseopt);
444 smb_put_dmem(mbp, vcp, "\\", 1, caseopt);
446 smb_put_dstring(mbp, vcp, pp, caseopt);
447 pp = smb_share_typename(ssp->ss_type);
448 smb_put_dstring(mbp, vcp, pp, caseopt);
450 error = smb_rq_simple(rqp);
451 SMBSDEBUG("%d\n", error);
454 ssp->ss_tid = rqp->sr_rptid;
455 ssp->ss_vcgenid = vcp->vc_genid;
456 ssp->ss_flags |= SMBS_CONNECTED;
459 kfree(encpass, M_SMBTEMP);
461 kfree(pbuf, M_SMBTEMP);
467 smb_smb_treedisconnect(struct smb_share *ssp, struct smb_cred *scred)
473 if (ssp->ss_tid == SMB_TID_UNKNOWN)
475 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_DISCONNECT, scred, &rqp);
483 error = smb_rq_simple(rqp);
484 SMBSDEBUG("%d\n", error);
486 ssp->ss_tid = SMB_TID_UNKNOWN;
491 smb_smb_read(struct smb_share *ssp, u_int16_t fid,
492 int *len, int *rresid, struct uio *uio, struct smb_cred *scred)
499 int error, rlen, blksz;
501 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ, scred, &rqp);
505 blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
506 rlen = *len = min(blksz, *len);
508 smb_rq_getrequest(rqp, &mbp);
510 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
511 mb_put_uint16le(mbp, rlen);
512 mb_put_uint32le(mbp, uio->uio_offset);
513 mb_put_uint16le(mbp, (unsigned short)szmin(uio->uio_resid, 0xffff));
518 error = smb_rq_simple(rqp);
521 smb_rq_getreply(rqp, &mdp);
522 md_get_uint8(mdp, &wc);
527 md_get_uint16le(mdp, &resid);
528 md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
529 md_get_uint16le(mdp, &bc);
530 md_get_uint8(mdp, NULL); /* ignore buffer type */
531 md_get_uint16le(mdp, &resid);
536 error = md_get_uio(mdp, uio, resid);
546 smb_read(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
547 struct smb_cred *scred)
552 while (uio->uio_resid > 0) {
553 if (uio->uio_resid > INT_MAX)
556 len = (int)uio->uio_resid;
557 error = smb_smb_read(ssp, fid, &len, &resid, uio, scred);
567 smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
568 struct uio *uio, struct smb_cred *scred)
577 /* write data must be real */
578 KKASSERT(uio->uio_segflg != UIO_NOCOPY);
580 blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
584 resid = *len = min(blksz, *len);
586 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp);
589 smb_rq_getrequest(rqp, &mbp);
591 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
592 mb_put_uint16le(mbp, resid);
593 mb_put_uint32le(mbp, uio->uio_offset);
594 mb_put_uint16le(mbp, (unsigned short)szmin(uio->uio_resid, 0xffff));
597 mb_put_uint8(mbp, SMB_DT_DATA);
598 mb_put_uint16le(mbp, resid);
600 error = mb_put_uio(mbp, uio, resid);
604 error = smb_rq_simple(rqp);
607 smb_rq_getreply(rqp, &mdp);
608 md_get_uint8(mdp, &wc);
613 md_get_uint16le(mdp, &resid);
621 smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
622 struct smb_cred *scred)
624 int error = 0, len, resid;
628 while (uio->uio_resid > 0) {
629 if (uio->uio_resid > INT_MAX)
632 len = (int)uio->uio_resid;
633 error = smb_smb_write(ssp, fid, &len, &resid, uio, scred);
643 * Errors can happen on the copyin, the rpc, etc. So they
644 * imply resid is unreliable. The only safe thing is
645 * to pretend zero bytes made it. We needn't restore the
646 * iovs because callers don't depend on them in error
647 * paths - uio_resid and uio_offset are what matter.
655 smb_smb_echo(struct smb_vc *vcp, struct smb_cred *scred)
661 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_ECHO, scred, &rqp);
666 mb_put_uint16le(mbp, 1);
669 mb_put_uint32le(mbp, 0);
671 error = smb_rq_simple(rqp);
672 SMBSDEBUG("%d\n", error);