4 files changed, 601 insertions, 129 deletions
diff --git a/usr/src/uts/common/netsmb/mchain.h b/usr/src/uts/common/netsmb/mchain.h
index c5c8512fd7..156671999b 100644
--- a/usr/src/uts/common/netsmb/mchain.h
+++ b/usr/src/uts/common/netsmb/mchain.h
@@ -35,6 +35,8 @@
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #ifndef _MCHAIN_H_
@@ -70,10 +72,10 @@
 #else	/* (BYTE_ORDER == LITTLE_ENDIAN) */
 
 /* little-endian values on big-endian (swap) */
-#define	letohs(x) 	BSWAP_16(x)
-#define	htoles(x) 	BSWAP_16(x)
-#define	letohl(x) 	BSWAP_32(x)
-#define	htolel(x) 	BSWAP_32(x)
+#define	letohs(x)	BSWAP_16(x)
+#define	htoles(x)	BSWAP_16(x)
+#define	letohl(x)	BSWAP_32(x)
+#define	htolel(x)	BSWAP_32(x)
 #define	letohq(x)	BSWAP_64(x)
 #define	htoleq(x)	BSWAP_64(x)
 
@@ -93,7 +95,7 @@
  * wrappers for streams functions.  See: subr_mchain.c
  */
 
-#ifdef _KERNEL
+#if defined(_KERNEL) || defined(_FAKE_KERNEL)
 
 /*
  * BSD-style mbuf "shim" for kernel code.  Note, this
@@ -103,6 +105,7 @@
  */
 
 #include <sys/stream.h> /* mblk_t */
+#include <sys/strsun.h> /* MBLKL */
 typedef mblk_t mbuf_t;
 
 /* BEGIN CSTYLED */
@@ -112,9 +115,9 @@ typedef mblk_t mbuf_t;
  *   m_data ... (m_data + m_len)
  * In Unix STREAMS, the mblk payload is:
  *   b_rptr ... b_wptr
- * 
+ *
  * Here are some handy conversion notes:
- * 
+ *
  * struct mbuf                     struct mblk
  *   m->m_next                       m->b_cont
  *   m->m_nextpkt                    m->b_next
@@ -124,7 +127,7 @@ typedef mblk_t mbuf_t;
  *   &m->m_dat[MLEN]                 m->b_datap->db_lim
  *   M_TRAILINGSPACE(m)              MBLKTAIL(m)
  *   m_freem(m)                      freemsg(m)
- * 
+ *
  * Note that mbufs chains also have a special "packet" header,
  * which has the length of the whole message.  In STREAMS one
  * typically just calls msgdsize(m) to get that.
@@ -177,7 +180,7 @@ void m_freem(mbuf_t *);
 #define	MB_MZERO	3		/* bzero(), mb_put_mem only */
 #define	MB_MCUSTOM	4		/* use an user defined function */
 
-#ifdef _KERNEL
+#if defined(_KERNEL) || defined(_FAKE_KERNEL)
 
 struct mbchain {
 	mblk_t *mb_top;
@@ -224,6 +227,7 @@ void mb_initm(mbchain_t *, mbuf_t *);
 void mb_done(mbchain_t *);
 void *mb_reserve(mbchain_t *, int size);
 
+int  mb_put_align8(mbchain_t *mbp);
 int  mb_put_padbyte(mbchain_t *mbp);
 int  mb_put_uint8(mbchain_t *, uint8_t);
 int  mb_put_uint16be(mbchain_t *, uint16_t);
@@ -234,6 +238,7 @@ int  mb_put_uint64be(mbchain_t *, uint64_t);
 int  mb_put_uint64le(mbchain_t *, uint64_t);
 int  mb_put_mem(mbchain_t *, const void *, int, int);
 int  mb_put_mbuf(mbchain_t *, mbuf_t *);
+int  mb_put_mbchain(mbchain_t *, mbchain_t *);
 
 int  md_init(mdchain_t *mdp);
 void md_initm(mdchain_t *mbp, mbuf_t *m);
@@ -248,5 +253,7 @@ int  md_get_uint64be(mdchain_t *, uint64_t *);
 int  md_get_uint64le(mdchain_t *, uint64_t *);
 int  md_get_mem(mdchain_t *, void *, int, int);
 int  md_get_mbuf(mdchain_t *, int, mbuf_t **);
+int  md_seek(mdchain_t *, uint32_t);
+uint32_t md_tell(mdchain_t *);
 
 #endif	/* !_MCHAIN_H_ */
diff --git a/usr/src/uts/common/netsmb/smb.h b/usr/src/uts/common/netsmb/smb.h
index e3bfc5144c..b57be5bbfe 100644
--- a/usr/src/uts/common/netsmb/smb.h
+++ b/usr/src/uts/common/netsmb/smb.h
@@ -40,6 +40,7 @@
 
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #ifndef _NETSMB_SMB_H_
@@ -66,8 +67,8 @@ enum smb_dialects {
 	SMB_DIALECT_LANMAN1_0,		/* MICROSOFT NETWORKS 3.0, LANMAN1.0 */
 	SMB_DIALECT_LANMAN2_0,		/* LM1.2X002, DOS LM1.2X002, Samba */
 	SMB_DIALECT_LANMAN2_1,		/* DOS LANMAN2.1, LANMAN2.1 */
-	SMB_DIALECT_NTLM0_12		/* NT LM 0.12, Windows for Workgroups */
-					/* 3.1a, * NT LANMAN 1.0 */
+	SMB_DIALECT_NTLM0_12,		/* NT LM 0.12, etc. */
+	SMB_DIALECT_SMB2_FF		/* SMB1 negotiate to SMB2 */
 };
 
 /*
@@ -82,11 +83,18 @@ enum smb_dialects {
 /*
  * SMB header
  */
+
 #define	SMB_SIGNATURE		"\xFFSMB"
 #define	SMB_SIGLEN		4
 #define	SMB_HDRCMD(p)		(*((uchar_t *)(p) + SMB_SIGLEN))
 #define	SMB_HDRMID(p)		(*(ushort_t *)((uchar_t *)(p) + 30))
+#define	SMB_HDR_OFF_MID		30
 #define	SMB_HDRLEN		32
+
+#define	SMB_HDR_V1	0xFF
+#define	SMB_HDR_V2	0xFE
+#define	SMB_HDR_V3E	0xFD	/* SMB3 encrypted */
+
 /*
  * bits in the smb_flags field
  */
@@ -151,6 +159,25 @@ enum smb_dialects {
 #define	SMB_CAP_COMPRESSED_DATA		0x40000000
 #define	SMB_CAP_EXT_SECURITY		0x80000000
 
+/* SMB_COM_TREE_CONNECT_ANDX  flags. See [MS-SMB] for a complete description. */
+#define	TREE_CONNECT_ANDX_DISCONNECT_TID		0x0001
+#define	TREE_CONNECT_ANDX_EXTENDED_SIGNATURES	0x0004
+#define	TREE_CONNECT_ANDX_EXTENDED_RESPONSE		0x0008
+
+/*
+ * SMB_COM_TREE_CONNECT_ANDX  optional support flags. See [MS-SMB] for a
+ * complete description.
+ */
+#define	SMB_SUPPORT_SEARCH_BITS		0x0001	/* supports SearchAttributes */
+#define	SMB_SHARE_IS_IN_DFS		0x0002	/* share is managed by DFS */
+#define	SMB_CSC_MASK			0x000C	/* Offline-caching bits. */
+#define	SMB_UNIQUE_FILE_NAME		0x0010	/* Long file names only */
+#define	SMB_EXTENDED_SIGNATURES		0x0020	/* Signing key protection. */
+/* See [MS-SMB] for a complete description of SMB_CSC_MASK bits. */
+#define	SMB_CSC_CACHE_MANUAL_REINT	0x0000
+#define	SMB_CSC_CACHE_AUTO_REINT	0x0004
+#define	SMB_CSC_CACHE_VDO		0x0008
+
 /*
  * File attributes
  */
@@ -372,6 +399,7 @@ enum smb_dialects {
 #define	SMB_QFS_DEVICE_INFO			0x104
 #define	SMB_QFS_ATTRIBUTE_INFO			0x105
 #define	SMB_QFS_UNIX_INFO			0x200
+#define	SMB_QFS_POSIX_WHOAMI			0x202
 #define	SMB_QFS_MAC_FS_INFO			0x301
 #define	SMB_QFS_VOLUME_INFORMATION		1001
 #define	SMB_QFS_SIZE_INFORMATION		1003
@@ -381,6 +409,11 @@ enum smb_dialects {
 #define	SMB_QFS_FULL_SIZE_INFORMATION		1007
 #define	SMB_QFS_OBJECTID_INFORMATION		1008
 
+/*
+ * NT Notify Change Compeletion Filter
+ * NT Notify Actions
+ * (We don't use these.)
+ */
 
 /*
  * SMB_QFS_ATTRIBUTE_INFO bits.
@@ -403,6 +436,7 @@ enum smb_dialects {
 #define	FILE_SUPPORTS_OBJECT_IDS	0x00010000
 #define	FILE_SUPPORTS_ENCRYPTION	0x00020000
 #define	FILE_NAMED_STREAMS		0x00040000
+#define	FILE_READ_ONLY_VOLUME		0x00080000
 
 /*
  * SMB_TRANS2_QUERY_PATH levels
@@ -424,9 +458,12 @@ enum smb_dialects {
 #define	SMB_QFILEINFO_COMPRESSION_INFO		0x10b
 #define	SMB_QFILEINFO_UNIX_BASIC		0x200
 #define	SMB_QFILEINFO_UNIX_LINK			0x201
+#define	SMB_QFILEINFO_POSIX_ACL			0x204
+#define	SMB_QFILEINFO_UNIX_INFO2		0x20B
 #define	SMB_QFILEINFO_MAC_DT_GET_APPL		0x306
 #define	SMB_QFILEINFO_MAC_DT_GET_ICON		0x307
 #define	SMB_QFILEINFO_MAC_DT_GET_ICON_INFO	0x308
+#define	SMB_QFILEINFO_MAC_SPOTLIGHT		0x310
 #define	SMB_QFILEINFO_BASIC_INFORMATION		1004
 #define	SMB_QFILEINFO_STANDARD_INFORMATION	1005
 #define	SMB_QFILEINFO_INTERNAL_INFORMATION	1006
@@ -454,6 +491,9 @@ enum smb_dialects {
 #define	SMB_FIND_NAME_INFO		0x103
 #define	SMB_FIND_BOTH_DIRECTORY_INFO	0x104
 #define	SMB_FIND_UNIX_INFO		0x200
+/* Transact 2 Find First levels */
+#define	SMB_FIND_FILE_UNIX		0x202
+#define	SMB_FIND_FILE_UNIX_INFO2	0x20B /* UNIX File Info2 */
 
 /*
  * Selectors for NT_TRANSACT_QUERY_SECURITY_DESC and
@@ -707,6 +747,9 @@ typedef struct ntsid ntsid_t;
 #define	SMB_SFILEINFO_UNIX_BASIC		0x200
 #define	SMB_SFILEINFO_UNIX_LINK			0x201
 #define	SMB_SFILEINFO_UNIX_HLINK		0x203
+#define	SMB_SFILEINFO_POSIX_ACL			0x204
+#define	SMB_SFILEINFO_POSIX_UNLINK		0x20A
+#define	SMB_SFILEINFO_UNIX_INFO2		0x20B
 #define	SMB_SFILEINFO_DIRECTORY_INFORMATION	1001
 #define	SMB_SFILEINFO_FULL_DIRECTORY_INFORMATION	1002
 #define	SMB_SFILEINFO_BOTH_DIRECTORY_INFORMATION	1003
@@ -816,4 +859,19 @@ typedef struct ntlmv2_namehdr ntlmv2_namehdr_t;
 #define	STYPE_TEMPORARY			0x40000000
 #define	STYPE_HIDDEN			0x80000000
 
+/*
+ * Characters that are not allowed in an SMB file name component.
+ * From MSDN: Naming Files, Paths, ...
+ *	< (less than)
+ *	> (greater than)
+ *	: (colon)
+ *	" (double quote)
+ *	/ (forward slash)
+ *	\ (backslash)
+ *	| (vertical bar or pipe)
+ *	? (question mark)
+ *	* (asterisk)
+ */
+#define	SMB_FILENAME_INVALID_CHARS	"<>:\"/\\|?*"
+
 #endif /* _NETSMB_SMB_H_ */
diff --git a/usr/src/uts/common/netsmb/smb2.h b/usr/src/uts/common/netsmb/smb2.h
new file mode 100644
index 0000000000..abae5e8063
--- /dev/null
+++ b/usr/src/uts/common/netsmb/smb2.h
@@ -0,0 +1,465 @@
+/*
+ * This file and its contents are supplied under the terms of the
+ * Common Development and Distribution License ("CDDL"), version 1.0.
+ * You may only use this file in accordance with the terms of version
+ * 1.0 of the CDDL.
+ *
+ * A full copy of the text of the CDDL should have accompanied this
+ * source.  A copy of the CDDL is also available via the Internet at
+ * http://www.illumos.org/license/CDDL.
+ */
+
+/*
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
+ */
+
+#ifndef _NETSMB_SMB2_H
+#define	_NETSMB_SMB2_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define	SMB2_PROTOCOL_ID	{ 0xFE, 'S', 'M', 'B' }
+#define	SMB2_HDR_SIZE	64
+#define	SMB2_HDRLEN	SMB2_HDR_SIZE
+
+/*
+ * SMB2 header command codes.
+ * These are uint16_t on the wire.
+ */
+typedef enum {
+	SMB2_NEGOTIATE = 0,
+	SMB2_SESSION_SETUP,
+	SMB2_LOGOFF,
+	SMB2_TREE_CONNECT,
+	SMB2_TREE_DISCONNECT,
+	SMB2_CREATE,
+	SMB2_CLOSE,
+	SMB2_FLUSH,
+	SMB2_READ,
+	SMB2_WRITE,
+	SMB2_LOCK,
+	SMB2_IOCTL,
+	SMB2_CANCEL,
+	SMB2_ECHO,
+	SMB2_QUERY_DIRECTORY,
+	SMB2_CHANGE_NOTIFY,
+	SMB2_QUERY_INFO,
+	SMB2_SET_INFO,
+	SMB2_OPLOCK_BREAK,
+	/*
+	 * The above (oplock break) is the last real SMB2 op-code.
+	 * We use one more slot to represent invalid commands, and
+	 * the final enum value is used for array sizes. Keep last!
+	 */
+	SMB2_INVALID_CMD,
+	SMB2__NCMDS
+} SMB2_cmd_code;
+
+/*
+ * SMB2 header flags.
+ */
+
+/*
+ * SERVER_TO_REDIR
+ * When set, indicates the message is a response rather than
+ * a request. This MUST be set on responses sent from the
+ * server to the client, and MUST NOT be set on requests
+ * sent from the client to the server.
+ */
+#define	SMB2_FLAGS_SERVER_TO_REDIR	0x00000001
+
+/*
+ * ASYNC_COMMAND
+ * When set, indicates that this is an ASYNC SMB2 header.
+ * Always set for headers of the form described in this
+ * section.
+ */
+#define	SMB2_FLAGS_ASYNC_COMMAND	0x00000002
+
+/*
+ * RELATED_OPERATIONS
+ * When set in an SMB2 request, indicates that this request
+ * is a related operation in a compounded request chain.
+ * [MS-SMB2 sec. 3.2.4.1.4]
+ *
+ * When set in an SMB2 compound response, indicates that
+ * the request corresponding to this response was part of a
+ * related operation in a compounded request chain.
+ * [MS-SMB2 sec. 3.3.5.2.7.2]
+ */
+#define	SMB2_FLAGS_RELATED_OPERATIONS	0x00000004
+
+/*
+ * SIGNED
+ * When set, indicates that this packet has been signed.
+ * [MS-SMB2 3.1.5.1]
+ */
+#define	SMB2_FLAGS_SIGNED	0x00000008
+
+/*
+ * [MS-SMB2] 3.2.5.3.1 The SessionKey MUST be set to the
+ * first 16 bytes of the cryptographic key from GSSAPI.
+ * (Padded with zeros if the GSSAPI key is shorter.)
+ */
+#define	SMB2_SESSION_KEY_LEN	16
+
+/*
+ * DFS_OPERATIONS
+ * When set, indicates that this command is a Distributed
+ * File System (DFS) operation.  [MS-SMB2 3.3.5.9]
+ */
+#define	SMB2_FLAGS_DFS_OPERATIONS	0x10000000
+
+/*
+ * REPLAY_OPERATION
+ * This flag is only valid for the SMB 3.0 dialect. When set,
+ * it indicates that this command is a replay operation.
+ * The client MUST ignore this bit on receipt.
+ */
+#define	SMB2_FLAGS_REPLAY_OPERATION	0x20000000
+
+/*
+ * SMB2 Netgotiate [MS-SMB2 2.2.3]
+ */
+
+#define	SMB2_NEGOTIATE_SIGNING_ENABLED	0x01
+#define	SMB2_NEGOTIATE_SIGNING_REQUIRED	0x02
+
+#define	SMB2_CAP_DFS			0x00000001
+
+/* Added with SMB2.1 */
+#define	SMB2_CAP_DFS			0x00000001
+#define	SMB2_CAP_LEASING		0x00000002
+/*
+ * LARGE_MTU:
+ * When set, indicates that the client supports multi-credit operations.
+ */
+#define	SMB2_CAP_LARGE_MTU		0x00000004
+
+/* Added with SMB3.0 */
+#define	SMB2_CAP_MULTI_CHANNEL		0x00000008
+#define	SMB2_CAP_PERSISTENT_HANDLES	0x00000010
+#define	SMB2_CAP_DIRECTORY_LEASING	0x00000020
+#define	SMB2_CAP_ENCRYPTION		0x00000040
+
+/* SMB2 session flags */
+#define	SMB2_SESSION_FLAG_IS_GUEST	0x0001
+#define	SMB2_SESSION_FLAG_IS_NULL	0x0002
+#define	SMB2_SESSION_FLAG_ENCRYPT_DATA	0x0004
+
+/*
+ * SMB2 Tree connect, disconnect
+ */
+
+/* SMB2 sharetype flags */
+#define	SMB2_SHARE_TYPE_DISK		0x1
+#define	SMB2_SHARE_TYPE_PIPE		0x2
+#define	SMB2_SHARE_TYPE_PRINT		0x3
+
+/* SMB2 share flags */
+#define	SMB2_SHAREFLAG_MANUAL_CACHING			0x00000000
+#define	SMB2_SHAREFLAG_AUTO_CACHING			0x00000010
+#define	SMB2_SHAREFLAG_VDO_CACHING			0x00000020
+#define	SMB2_SHAREFLAG_NO_CACHING			0x00000030
+#define	SMB2_SHAREFLAG_DFS				0x00000001
+#define	SMB2_SHAREFLAG_DFS_ROOT				0x00000002
+#define	SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS		0x00000100
+#define	SMB2_SHAREFLAG_FORCE_SHARED_DELETE		0x00000200
+#define	SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING		0x00000400
+#define	SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM	0x00000800
+#define	SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK		0x00001000
+/* SMB 3.0 */
+#define	SMB2_SHAREFLAG_ENABLE_HASH_V1			0x00002000
+#define	SMB2_SHAREFLAG_ENABLE_HASH_V2			0x00004000
+#define	SMB2_SHAREFLAG_ENCRYPT_DATA			0x00008000
+
+/* SMB2 share capabilities */
+#define	SMB2_SHARE_CAP_DFS				0x00000008
+/* SMB 3.0 */
+#define	SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY		0x00000010
+#define	SMB2_SHARE_CAP_SCALEOUT				0x00000020
+#define	SMB2_SHARE_CAP_CLUSTER				0x00000040
+
+/*
+ * SMB2 Create (open)
+ */
+
+/* SMB2 requested oplock levels */
+#define	SMB2_OPLOCK_LEVEL_NONE				0x00
+#define	SMB2_OPLOCK_LEVEL_II				0x01
+#define	SMB2_OPLOCK_LEVEL_EXCLUSIVE			0x08
+#define	SMB2_OPLOCK_LEVEL_BATCH				0x09
+#define	SMB2_OPLOCK_LEVEL_LEASE				0xFF
+
+/* SMB2 impersonation levels */
+#define	SMB2_IMPERSONATION_ANONYMOUS			0x00
+#define	SMB2_IMPERSONATION_IDENTIFICATION		0x01
+#define	SMB2_IMPERSONATION_IMPERSONATION		0x02
+#define	SMB2_IMPERSONATION_DELEGATE			0x03
+
+/*
+ * Note: ShareAccess, CreateDispositon, CreateOptions,
+ * all use the same definitions as SMB1 (from MS-FSA).
+ * Ditto FileAccess flags (as with ACLs)
+ */
+
+/* SMB2 Create Context tags */
+
+#define	SMB2_CREATE_EA_BUFFER			0x45787441 /* ("ExtA") */
+/*
+ * The data contains the extended attributes
+ * that MUST be stored on the created file.
+ * This value MUST NOT be set for named
+ * pipes and print files.
+ */
+
+#define	SMB2_CREATE_SD_BUFFER			0x53656344 /* ("SecD") */
+/*
+ * The data contains a security descriptor that
+ * MUST be stored on the created file.
+ * This value MUST NOT be set for named
+ * pipes and print files.
+ */
+
+#define	SMB2_CREATE_DURABLE_HANDLE_REQUEST	0x44486e51 /* ("DHnQ") */
+/* The client is requesting the open to be durable */
+
+#define	SMB2_CREATE_DURABLE_HANDLE_RECONNECT	0x44486e43 /* ("DHnC") */
+/*
+ * The client is requesting to reconnect to a
+ * durable open after being disconnected
+ */
+
+#define	SMB2_CREATE_ALLOCATION_SIZE		0x416c5369 /* ("AISi") */
+/*
+ * The data contains the required allocation
+ * size of the newly created file.
+ */
+
+#define	SMB2_CREATE_QUERY_MAXIMAL_ACCESS	0x4d784163 /* ("MxAc") */
+/*
+ * The client is requesting that the server
+ * return maximal access information.
+ */
+
+#define	SMB2_CREATE_TIMEWARP_TOKEN		0x54577270 /* ("TWrp") */
+/*
+ * The client is requesting that the server
+ * open an earlier version of the file identified
+ * by the provided time stamp.
+ */
+
+#define	SMB2_CREATE_QUERY_ON_DISK_ID		0x51466964 /* ("QFid") */
+/*
+ * The client is requesting that the server return a 32-byte
+ * opaque BLOB that uniquely identifies the file being opened
+ * on disk. No data is passed to the server by the client.
+ */
+
+#define	SMB2_CREATE_REQUEST_LEASE		0x52714c73 /* ("RqLs") */
+/*
+ * The client is requesting that the server return a lease.
+ * This value is only supported for the SMB 2.1 and 3.0 dialects.
+ */
+
+/* SMB2 create request lease */
+#define	SMB2_LEASE_NONE				0x00
+#define	SMB2_LEASE_READ_CACHING			0x01
+#define	SMB2_LEASE_HANDLE_CACHING		0x02
+#define	SMB2_LEASE_WRITE_CACHING		0x04
+
+/* SMB2 lease break notification flags */
+#define	SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED  0x01
+
+/*
+ * SMB2 Close
+ */
+#define	SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB	0x0001
+
+/*
+ * SMB2 Write
+ */
+#define	SMB2_WRITEFLAG_WRITE_THROUGH		0x00000001
+
+/*
+ * SMB2 Lock Request
+ */
+
+/* SMB2 lock flags */
+
+/*
+ * SMB2_LOCKFLAG_SHARED_LOCK
+ * The range MUST be locked shared, allowing other opens
+ * to read from or take a shared lock on the range. All opens
+ * MUST NOT be allowed to write within the range. Other
+ * locks can be requested and taken on this range.
+ */
+#define	SMB2_LOCKFLAG_SHARED_LOCK	0x00000001
+
+/*
+ * SMB2_LOCKFLAG_EXCLUSIVE_LOCK
+ * The range MUST be locked exclusive, not allowing other
+ * opens to read, write, or lock within the range.
+ */
+#define	SMB2_LOCKFLAG_EXCLUSIVE_LOCK	0x00000002
+
+/*
+ * SMB2_LOCKFLAG_UNLOCK
+ * The range MUST be unlocked from a previous lock taken
+ * on this range. The unlock range MUST be identical to the
+ * lock range. Sub-ranges cannot be unlocked.
+ */
+#define	SMB2_LOCKFLAG_UNLOCK		0x00000004
+
+/*
+ * SMB2_LOCKFLAG_FAIL_IMMEDIATELY
+ * The lock operation MUST fail immediately if it conflicts
+ * with an existing lock, instead of waiting for the range to
+ * become available.  This can be OR'ed with either of
+ * shared_lock, exclusive_lock (nothing else).
+ */
+#define	SMB2_LOCKFLAG_FAIL_IMMEDIATELY	0x00000010
+
+/*
+ * SMB2 Ioctl Request
+ */
+#define	SMB2_IOCTL_IS_FSCTL		0x00000001
+
+
+/*
+ * SMB2 Query Directory
+ */
+
+/*
+ * SMB2 query directory info levels
+ * Same as SMB1 (see ntifs.h)
+ */
+
+/*
+ * SMB2 Query Directory Flags
+ * (our own names for these - spec. used poor names)
+ */
+#define	SMB2_QDIR_FLAG_RESTART		0x01 /* SMB2_RESTART_SCANS */
+#define	SMB2_QDIR_FLAG_SINGLE		0x02 /* SMB2_RETURN_SINGLE_ENTRY */
+#define	SMB2_QDIR_FLAG_INDEX		0x04 /* SMB2_INDEX_SPECIFIED */
+#define	SMB2_QDIR_FLAG_REOPEN		0x10 /* SMB2_REOPEN */
+
+/*
+ * SMB2 Query Info Request
+ */
+
+/* info type */
+#define	SMB2_0_INFO_FILE		0x01
+/* The file information is requested. */
+#define	SMB2_0_INFO_FILESYSTEM		0x02
+/* The underlying object store information is requested. */
+#define	SMB2_0_INFO_SECURITY		0x03
+/* The security information is requested. */
+#define	SMB2_0_INFO_QUOTA		0x04
+/* The underlying object store quota information is requested. */
+
+/*
+ * MS-FSCC 2.5 FileSystem Information Classes.
+ * Also see MSDN for ZwQueryVolumeInformationFile.
+ */
+typedef enum _FS_INFORMATION_CLASS
+{
+	FileFsVolumeInformation		= 1, /* Query */
+	FileFsLabelInformation		= 2, /* Set */
+	FileFsSizeInformation		= 3, /* Query */
+	FileFsDeviceInformation		= 4, /* Query */
+	FileFsAttributeInformation	= 5, /* Query */
+	FileFsControlInformation	= 6, /* Query, Set */
+	FileFsFullSizeInformation	= 7, /* Query */
+	FileFsObjectIdInformation	= 8, /* Query, Set */
+	FileFsDriverPathInformation	= 9 /* Query */
+} FS_INFORMATION_CLASS;
+
+/*
+ * MS-FSCC 2.4 File Information Classes
+ */
+typedef enum _FILE_INFORMATION_CLASS
+{
+	FileDirectoryInformation	= 1,
+	FileFullDirectoryInformation	= 2,
+	FileBothDirectoryInformation	= 3,
+	FileBasicInformation		= 4,
+	FileStandardInformation		= 5,
+	FileInternalInformation		= 6,
+	FileEaInformation		= 7,
+	FileAccessInformation		= 8,
+	FileNameInformation		= 9,
+	FileRenameInformation		= 10,
+	FileLinkInformation		= 11,
+	FileNamesInformation		= 12,
+	FileDispositionInformation	= 13,
+	FilePositionInformation		= 14,
+	FileFullEaInformation		= 15,
+	FileModeInformation		= 16,
+	FileAlignmentInformation	= 17,
+	FileAllInformation		= 18,
+	FileAllocationInformation	= 19,
+	FileEndOfFileInformation	= 20,
+	FileAlternateNameInformation	= 21,
+	FileStreamInformation		= 22,
+	FilePipeInformation		= 23,
+	FilePipeLocalInformation	= 24,
+	FilePipeRemoteInformation	= 25,
+	FileMailslotQueryInformation	= 26,
+	FileMailslotSetInformation	= 27,
+	FileCompressionInformation	= 28,
+	FileObjectIdInformation		= 29,
+	FileMoveClusterInformation	= 31,
+	FileQuotaInformation		= 32,
+	FileReparsePointInformation	= 33,
+	FileNetworkOpenInformation	= 34,
+	FileAttributeTagInformation	= 35,
+	FileTrackingInformation		= 36,
+	FileIdBothDirectoryInformation	= 37,
+	FileIdFullDirectoryInformation	= 38,
+	FileValidDataLengthInformation	= 39,
+	FileShortNameInformation	= 40,
+	FileSfioReserveInformation	= 44,
+	FileSfioVolumeInformation	= 45,
+	FileHardLinkInformation		= 46,
+	FileNormalizedNameInformation	= 48,
+	FileIdGlobalTxDirectoryInformation = 50,
+	FileStandardLinkInformation	= 54
+} FILE_INFORMATION_CLASS;
+
+/*
+ * SMB2 Change Nofity Request
+ */
+#define	SMB2_WATCH_TREE			0x00000001
+
+/*
+ * After here, added stuff from darwin
+ */
+#define	SMB2_TID_UNKNOWN	0
+#define	SMB2_FID_UNUSED		0xffffffffffffffff
+
+/* smb2_durable_handle flags */
+typedef enum _SMB2_DURABLE_HANDLE_FLAGS
+{
+	SMB2_DURABLE_HANDLE_REQUEST = 0x0001,
+	SMB2_DURABLE_HANDLE_RECONNECT = 0x0002,
+	SMB2_DURABLE_HANDLE_GRANTED = 0x0004,
+	SMB2_LEASE_GRANTED = 0x0008
+} _SMB2_DURABLE_HANDLE_FLAGS;
+
+struct smb2_durable_handle {
+	uint64_t fid;	/* SMBFID to reconnect in durable handle reconnect */
+	uint64_t flags;
+	uint64_t lease_key_hi;	/* atomic increment number */
+	uint64_t lease_key_low;	/* node hash value */
+	uint32_t lease_state;
+	uint32_t pad;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _NETSMB_SMB2_H */
diff --git a/usr/src/uts/common/netsmb/smb_dev.h b/usr/src/uts/common/netsmb/smb_dev.h
index d2e7690062..817d214b3e 100644
--- a/usr/src/uts/common/netsmb/smb_dev.h
+++ b/usr/src/uts/common/netsmb/smb_dev.h
@@ -33,9 +33,10 @@
  */
 
 /*
- * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #ifndef _NETSMB_DEV_H_
@@ -71,9 +72,9 @@
  * associated structures change in ways that would
  * make them incompatible with an old driver.
  */
-#define	NSMB_VERMAJ	1
-#define	NSMB_VERMIN	4000
-#define	NSMB_VERSION	(NSMB_VERMAJ * 100000 + NSMB_VERMIN)
+#define	NSMB_VERMAJ	2
+#define	NSMB_VERMIN	0x100
+#define	NSMB_VERSION	((NSMB_VERMAJ << 16) | NSMB_VERMIN)
 
 /*
  * Some errno values we need to expose to the library.
@@ -84,7 +85,7 @@
  * EAUTH is used for CIFS authentication errors.
  */
 #ifndef EBADRPC
-#define	EBADRPC 	113
+#define	EBADRPC		113
 #endif
 #ifndef EAUTH
 #define	EAUTH		114
@@ -111,13 +112,21 @@
 #define	SMBVOPT_PRIVATE		0x0002	/* connection should be private */
 #define	SMBVOPT_SINGLESHARE	0x0004	/* keep only one share at this VC */
 #define	SMBVOPT_PERMANENT	0x0010	/* object will keep last reference */
-#define	SMBVOPT_EXT_SEC		0x0020	/* extended security negotiation */
-#define	SMBVOPT_USE_KEYCHAIN	0x0040	/* get p/w from keychain */
-#define	SMBVOPT_KC_DOMAIN	0x0080	/* keychain lookup uses domain */
+#define	SMBVOPT_ANONYMOUS	0x0020	/* using a NULL session */
+
+#define	SMBVOPT_SIGNING_ENABLED		0x10000	/* sign if server agrees */
+#define	SMBVOPT_SIGNING_REQUIRED	0x20000 /* signing required */
+#define	SMBVOPT_SIGNING_MASK		0x30000	/* all signing bits */
 
-#define	SMBVOPT_SIGNING_ENABLED		0x0100	/* sign if server agrees */
-#define	SMBVOPT_SIGNING_REQUIRED	0x0200	/* signing required */
-#define	SMBVOPT_SIGNING_MASK		0x0300	/* all signing bits */
+#define	SMB2_DIALECT_BASE	0x0200
+#define	SMB2_DIALECT_0202	0x0202
+#define	SMB2_DIALECT_02ff	0x02ff
+#define	SMB2_DIALECT_0210	0x0210
+#define	SMB2_DIALECT_0300	0x0300
+#define	SMB2_DIALECT_0302	0x0302
+
+/* Maximum supported dialect (for ssn_maxver) */
+#define	SMB2_DIALECT_MAX	SMB2_DIALECT_0210
 
 /*
  * Option flags in smbioc_oshare.ioc_opt
@@ -137,13 +146,18 @@
 
 /*
  * network IO daemon states
- * really connection states.
  */
 enum smbiod_state {
-	SMBIOD_ST_IDLE = 0,	/* no user requests enqueued yet */
-	SMBIOD_ST_RECONNECT,	/* a [re]connect attempt is in progress */
+	SMBIOD_ST_UNINIT = 0,	/* uninitialized */
+	SMBIOD_ST_RECONNECT,	/* a [re]connect attempt requested */
 	SMBIOD_ST_RCFAILED,	/* a reconnect attempt has failed */
-	SMBIOD_ST_VCACTIVE,	/* session established */
+	SMBIOD_ST_CONNECTED,	/* Transport (TCP) connected */
+	SMBIOD_ST_NEGOTIATED,	/* Negotiated SMB/SMB2+ */
+	SMBIOD_ST_AUTHCONT,	/* Session setup continuing */
+	SMBIOD_ST_AUTHFAIL,	/* Session setup failed */
+	SMBIOD_ST_AUTHOK,	/* Session setup success */
+	SMBIOD_ST_VCACTIVE,	/* iod_work running */
+	SMBIOD_ST_IDLE,		/* no trees, will go DEAD */
 	SMBIOD_ST_DEAD		/* connection gone, no IOD */
 };
 
@@ -204,8 +218,10 @@ typedef struct smbioc_ssn_ident smbioc_ssn_ident_t;
  * Structure used with SMBIOC_SSN_FIND, _CREATE
  */
 struct smbioc_ossn {
-	uint32_t		ssn_vopt;	/* i.e. SMBVOPT_CREATE */
 	uint32_t		ssn_owner;	/* Unix owner (UID) */
+	uint32_t		ssn_vopt;	/* i.e. SMBVOPT_CREATE */
+	uint16_t		ssn_minver;	/* Min SMB version. */
+	uint16_t		ssn_maxver;	/* Max SMB version. */
 	smbioc_ssn_ident_t	ssn_id;
 	char			ssn_srvname[SMBIOC_MAX_NAME];
 };
@@ -232,55 +248,19 @@ typedef struct smbioc_tcon {
 	smbioc_oshare_t	tc_sh;
 } smbioc_tcon_t;
 
-
-/*
- * Negotiated protocol parameters
- */
-struct smb_sopt {
-	int16_t		sv_proto;	/* protocol dialect */
-	uchar_t		sv_sm;		/* security mode */
-	int16_t		sv_tz;		/* offset in min relative to UTC */
-	uint16_t	sv_maxmux;	/* max number of outstanding rq's */
-	uint16_t 	sv_maxvcs;	/* max number of VCs */
-	uint16_t	sv_rawmode;
-	uint32_t	sv_maxtx;	/* maximum transmit buf size */
-	uint32_t	sv_maxraw;	/* maximum raw-buffer size */
-	uint32_t	sv_skey;	/* session key */
-	uint32_t	sv_caps;	/* capabilites SMB_CAP_ */
-};
-typedef struct smb_sopt smb_sopt_t;
-
-/*
- * State carried in/out of the driver by the IOD thread.
- * Inside the driver, these are members of the "VC" object.
- */
-struct smb_iods {
-	int32_t		is_tran_fd;	/* transport FD */
-	uint32_t	is_vcflags;	/* SMBV_... */
-	uint8_t 	is_hflags;	/* SMB header flags */
-	uint16_t	is_hflags2;	/* SMB header flags2 */
-	uint16_t	is_smbuid;	/* SMB header UID */
-	uint16_t	is_next_mid;	/* SMB header MID */
-	uint32_t	is_txmax;	/* max tx/rx packet size */
-	uint32_t	is_rwmax;	/* max read/write data size */
-	uint32_t	is_rxmax;	/* max readx data size */
-	uint32_t	is_wxmax;	/* max writex data size */
-	uint8_t		is_ssn_key[SMBIOC_HASH_SZ]; /* session key */
-	/* Signing state */
-	uint32_t	is_next_seq;	/* my next sequence number */
-	uint32_t	is_u_maclen;	/* MAC key length */
-	lptr_t		is_u_mackey;	/* user-space ptr! */
-};
-typedef struct smb_iods smb_iods_t;
-
 /*
  * This is the operational state information passed
  * in and out of the driver for SMBIOC_SSN_WORK
  */
 struct smbioc_ssn_work {
-	smb_iods_t	wk_iods;
-	smb_sopt_t	wk_sopt;
-	int		wk_out_state;
+	uint32_t	wk_out_state;	/* out-only */
+	uint32_t	wk_u_ssnkey_len; /* ssn key length */
+	lptr_t		wk_u_ssnkey_buf; /* user-space ptr! */
+	uint32_t	wk_u_auth_rlen;	/* recv auth tok len */
+	uint32_t	wk_u_auth_wlen;	/* send auth tok len */
+	lptr_t		wk_u_auth_rbuf;	/* recv auth tok buf */
+	lptr_t		wk_u_auth_wbuf;	/* send auth tok buf */
+	uint8_t		wk_cl_guid[16];	/* client GUID */
 };
 typedef struct smbioc_ssn_work smbioc_ssn_work_t;
 
@@ -288,66 +268,27 @@ typedef struct smbioc_ssn_work smbioc_ssn_work_t;
  * User-level SMB requests
  */
 
-/*
- * SMBIOC_REQUEST (simple SMB request)
- */
-typedef struct smbioc_rq {
-	uchar_t		ioc_cmd;
-	uint8_t 	ioc_errclass;
-	uint16_t	ioc_serror;
-	uint32_t	ioc_error;
-	uint32_t	ioc_tbufsz;	/* transmit */
-	uint32_t	ioc_rbufsz;	/* receive */
-	lptr_t		_ioc_tbuf;
-	lptr_t		_ioc_rbuf;
-} smbioc_rq_t;
-#define	ioc_tbuf	_ioc_tbuf.lp_ptr
-#define	ioc_rbuf	_ioc_rbuf.lp_ptr
-
-
-#define	SMBIOC_T2RQ_MAXSETUP	4
-#define	SMBIOC_T2RQ_MAXNAME	128
-
-typedef struct smbioc_t2rq {
-	uint16_t	ioc_setup[SMBIOC_T2RQ_MAXSETUP];
-	int32_t		ioc_setupcnt;
-	char		ioc_name[SMBIOC_T2RQ_MAXNAME];
-	ushort_t	ioc_tparamcnt;
-	ushort_t	ioc_tdatacnt;
-	ushort_t	ioc_rparamcnt;
-	ushort_t	ioc_rdatacnt;
-	uint8_t 	ioc__pad1;
-	uint8_t 	ioc_errclass;
-	uint16_t	ioc_serror;
-	uint32_t	ioc_error;
-	uint16_t	ioc_rpflags2;
-	uint16_t	ioc__pad2;
-	lptr_t		_ioc_tparam;
-	lptr_t		_ioc_tdata;
-	lptr_t		_ioc_rparam;
-	lptr_t		_ioc_rdata;
-} smbioc_t2rq_t;
-#define	ioc_tparam	_ioc_tparam.lp_ptr
-#define	ioc_tdata	_ioc_tdata.lp_ptr
-#define	ioc_rparam	_ioc_rparam.lp_ptr
-#define	ioc_rdata	_ioc_rdata.lp_ptr
-
-
-typedef struct smbioc_flags {
-	int32_t		ioc_level;	/* 0 - session, 1 - share */
-	int32_t		ioc_flags;
-	int32_t		ioc_mask;
-} smbioc_flags_t;
-
 typedef struct smbioc_rw {
-	int32_t		ioc_fh;
 	uint32_t	ioc_cnt;
+	uint32_t	ioc_flags;
 	lloff_t	_ioc_offset;
 	lptr_t	_ioc_base;
 } smbioc_rw_t;
 #define	ioc_offset	_ioc_offset._f
 #define	ioc_base	_ioc_base.lp_ptr
 
+/* Transact on named pipe (send/recv) */
+typedef struct smbioc_xnp {
+	uint32_t	ioc_tdlen;	/* transmit len */
+	uint32_t	ioc_rdlen;	/* recv maxlen */
+	uint32_t	ioc_more;	/* more data to read */
+	uint32_t	ioc_pad1;
+	lptr_t		_ioc_tdata;
+	lptr_t		_ioc_rdata;
+} smbioc_xnp_t;
+#define	ioc_tdata	_ioc_tdata.lp_ptr
+#define	ioc_rdata	_ioc_rdata.lp_ptr
+
 typedef struct smbioc_ntcreate {
 	uint32_t	ioc_req_acc;
 	uint32_t	ioc_efattr;
@@ -383,18 +324,16 @@ typedef struct smbioc_pk {
  * Keep GETVERS first and use it to verify
  * driver compatibility with the library.
  */
-#define	SMBIOC_BASE 	((('n' << 8) | 's') << 8)
+#define	SMBIOC_BASE	((('n' << 8) | 's') << 8)
 typedef enum nsmb_ioc {
 	SMBIOC_GETVERS = SMBIOC_BASE,	/* keep first */
-	SMBIOC_FLAGS2,		/* get hflags2 */
+	SMBIOC_FLAGS2,		/* obsolete */
 	SMBIOC_GETSSNKEY,	/* get SMB session key */
 	SMBIOC_DUP_DEV,		/* duplicate dev handle */
 
-	SMBIOC_REQUEST,		/* simple request */
-	SMBIOC_T2RQ,		/* trans2 request */
-
 	SMBIOC_READ,		/* read (pipe) */
 	SMBIOC_WRITE,		/* write (pipe) */
+	SMBIOC_XACTNP,		/* "transact" (pipe) */
 	SMBIOC_NTCREATE,	/* open or create */
 	SMBIOC_PRINTJOB,	/* open print job */
 	SMBIOC_CLOSEFH,		/* from ntcreate or printjob */
@@ -409,9 +348,12 @@ typedef enum nsmb_ioc {
 	SMBIOC_TREE_KILL,
 	SMBIOC_TREE_RELE,
 
+	SMBIOC_IOD_CONNECT,	/* Setup connection */
+	SMBIOC_IOD_NEGOTIATE,	/* SMB/SMB2 negotiate */
+	SMBIOC_IOD_SSNSETUP,	/* SMB/SMB2 session setup */
 	SMBIOC_IOD_WORK,	/* work on session requests */
 	SMBIOC_IOD_IDLE,	/* wait for requests on this session */
-	SMBIOC_IOD_RCFAIL,	/* notify that reconnect failed */
+	SMBIOC_IOD_RCFAIL,	/* tell driver reconnect failed */
 
 	/* Password Keychain (PK) support. */
 	SMBIOC_PK_ADD,    /* Add/Modify a password entry */