1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

2380 lines
74 KiB
C
Raw Normal View History

/*
Unix SMB/CIFS implementation.
Main SMB reply routines
Copyright (C) Andrew Tridgell 1992-2003
Copyright (C) James J Myers 2003 <myersjj@samba.org>
Copyright (C) Stefan Metzmacher 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
This file handles most of the reply_ calls that the server
makes to handle specific SMB commands
*/
#include "includes.h"
#include "smb_server/smb_server.h"
#include "ntvfs/ntvfs.h"
#include "librpc/gen_ndr/ndr_nbt.h"
#include "libcli/nbt/libnbt.h"
/****************************************************************************
Reply to a simple request (async send)
****************************************************************************/
static void reply_simple_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
SMBSRV_CHECK_ASYNC_STATUS_SIMPLE;
smbsrv_setup_reply(req, 0, 0);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a tcon (async reply)
****************************************************************************/
static void reply_tcon_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_tcon *con;
SMBSRV_CHECK_ASYNC_STATUS(con, union smb_tcon);
/* construct reply */
smbsrv_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), con->tcon.out.max_xmit);
SSVAL(req->out.vwv, VWV(1), con->tcon.out.tid);
SSVAL(req->out.hdr, HDR_TID, req->tcon->tid);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a tcon.
****************************************************************************/
void smbsrv_reply_tcon(struct smbsrv_request *req)
{
union smb_tcon *con;
NTSTATUS status;
uint8_t *p;
/* parse request */
SMBSRV_CHECK_WCT(req, 0);
SMBSRV_TALLOC_IO_PTR(con, union smb_tcon);
con->tcon.level = RAW_TCON_TCON;
p = req->in.data;
p += req_pull_ascii4(&req->in.bufinfo, &con->tcon.in.service, p, STR_TERMINATE);
p += req_pull_ascii4(&req->in.bufinfo, &con->tcon.in.password, p, STR_TERMINATE);
p += req_pull_ascii4(&req->in.bufinfo, &con->tcon.in.dev, p, STR_TERMINATE);
if (!con->tcon.in.service || !con->tcon.in.password || !con->tcon.in.dev) {
smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* Instantiate backend */
status = smbsrv_tcon_backend(req, con);
if (!NT_STATUS_IS_OK(status)) {
smbsrv_send_error(req, status);
return;
}
SMBSRV_SETUP_NTVFS_REQUEST(reply_tcon_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
/* Invoke NTVFS connection hook */
Have ntvfs_connect() accept union smb_tcon *tcon instead of char* sharename This change brings ntvfs_connect into compliance with other ntvfs functions which take an ntvfs module, an ntvfs request and an smb io union. It now becomes the responsibility of ntvfs modules to examine tcon->generic.level themselves and derive the share name and any other options directly; e.g. const char *sharename; switch (tcon->generic.level) { case RAW_TCON_TCON: sharename = tcon->tcon.in.service; break; case RAW_TCON_TCONX: sharename = tcon->tconx.in.path; break; case RAW_TCON_SMB2: default: return NT_STATUS_INVALID_LEVEL; } if (strncmp(sharename, "\\\\", 2) == 0) { char *p = strchr(sharename+2, '\\'); if (p) { sharename = p + 1; } } service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in some of the tcon->..out values. For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and tcon->tconx.out.options For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and tcon->tcon.out.max_xmit Thus the ntvfs_connect function for vfs modules may override these values if desired, but are not required to. ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type fields, for RAW_TCON_TCONX, perhaps something like: if (tcon->generic.level == RAW_TCON_TCONX) { tcon->tconx.out.fs_type = ntvfs->ctx->fs_type; tcon->tconx.out.dev_type = ntvfs->ctx->dev_type; } Signed-off-by: Sam Liddicott <sam@liddicott.com> (I fixed the ntvfs_connect() in the smb_server/smb2/ and the RAW_TCON_SMB2 switch case in the modules) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-05-14 08:58:50 +01:00
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_connect(req->ntvfs, con));
}
/****************************************************************************
Reply to a tcon and X (async reply)
****************************************************************************/
static void reply_tcon_and_X_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_tcon *con;
SMBSRV_CHECK_ASYNC_STATUS(con, union smb_tcon);
/* construct reply - two variants */
if (req->smb_conn->negotiate.protocol < PROTOCOL_NT1) {
smbsrv_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
req_push_str(req, NULL, con->tconx.out.dev_type, -1, STR_TERMINATE|STR_ASCII);
} else {
smbsrv_setup_reply(req, 3, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), con->tconx.out.options);
req_push_str(req, NULL, con->tconx.out.dev_type, -1, STR_TERMINATE|STR_ASCII);
req_push_str(req, NULL, con->tconx.out.fs_type, -1, STR_TERMINATE);
}
/* set the incoming and outgoing tid to the just created one */
SSVAL(req->in.hdr, HDR_TID, con->tconx.out.tid);
SSVAL(req->out.hdr,HDR_TID, con->tconx.out.tid);
smbsrv_chain_reply(req);
}
/****************************************************************************
Reply to a tcon and X.
****************************************************************************/
void smbsrv_reply_tcon_and_X(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_tcon *con;
uint8_t *p;
uint16_t passlen;
SMBSRV_TALLOC_IO_PTR(con, union smb_tcon);
con->tconx.level = RAW_TCON_TCONX;
/* parse request */
SMBSRV_CHECK_WCT(req, 4);
con->tconx.in.flags = SVAL(req->in.vwv, VWV(2));
passlen = SVAL(req->in.vwv, VWV(3));
p = req->in.data;
if (!req_pull_blob(&req->in.bufinfo, p, passlen, &con->tconx.in.password)) {
smbsrv_send_error(req, NT_STATUS_ILL_FORMED_PASSWORD);
return;
}
p += passlen;
p += req_pull_string(&req->in.bufinfo, &con->tconx.in.path, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &con->tconx.in.device, p, -1, STR_ASCII);
if (!con->tconx.in.path || !con->tconx.in.device) {
smbsrv_send_error(req, NT_STATUS_BAD_DEVICE_TYPE);
return;
}
/* Instantiate backend */
status = smbsrv_tcon_backend(req, con);
if (!NT_STATUS_IS_OK(status)) {
smbsrv_send_error(req, status);
return;
}
SMBSRV_SETUP_NTVFS_REQUEST(reply_tcon_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
/* Invoke NTVFS connection hook */
Have ntvfs_connect() accept union smb_tcon *tcon instead of char* sharename This change brings ntvfs_connect into compliance with other ntvfs functions which take an ntvfs module, an ntvfs request and an smb io union. It now becomes the responsibility of ntvfs modules to examine tcon->generic.level themselves and derive the share name and any other options directly; e.g. const char *sharename; switch (tcon->generic.level) { case RAW_TCON_TCON: sharename = tcon->tcon.in.service; break; case RAW_TCON_TCONX: sharename = tcon->tconx.in.path; break; case RAW_TCON_SMB2: default: return NT_STATUS_INVALID_LEVEL; } if (strncmp(sharename, "\\\\", 2) == 0) { char *p = strchr(sharename+2, '\\'); if (p) { sharename = p + 1; } } service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in some of the tcon->..out values. For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and tcon->tconx.out.options For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and tcon->tcon.out.max_xmit Thus the ntvfs_connect function for vfs modules may override these values if desired, but are not required to. ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type fields, for RAW_TCON_TCONX, perhaps something like: if (tcon->generic.level == RAW_TCON_TCONX) { tcon->tconx.out.fs_type = ntvfs->ctx->fs_type; tcon->tconx.out.dev_type = ntvfs->ctx->dev_type; } Signed-off-by: Sam Liddicott <sam@liddicott.com> (I fixed the ntvfs_connect() in the smb_server/smb2/ and the RAW_TCON_SMB2 switch case in the modules) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-05-14 08:58:50 +01:00
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_connect(req->ntvfs, con));
}
/****************************************************************************
Reply to an unknown request
****************************************************************************/
void smbsrv_reply_unknown(struct smbsrv_request *req)
{
int type;
type = CVAL(req->in.hdr, HDR_COM);
DEBUG(0,("unknown command type %d (0x%X)\n", type, type));
smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRunknownsmb));
}
/****************************************************************************
Reply to an ioctl (async reply)
****************************************************************************/
static void reply_ioctl_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_ioctl *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_ioctl);
/* the +1 is for nicer alignment */
smbsrv_setup_reply(req, 8, io->ioctl.out.blob.length+1);
SSVAL(req->out.vwv, VWV(1), io->ioctl.out.blob.length);
SSVAL(req->out.vwv, VWV(5), io->ioctl.out.blob.length);
SSVAL(req->out.vwv, VWV(6), PTR_DIFF(req->out.data, req->out.hdr) + 1);
memcpy(req->out.data+1, io->ioctl.out.blob.data, io->ioctl.out.blob.length);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to an ioctl.
****************************************************************************/
void smbsrv_reply_ioctl(struct smbsrv_request *req)
{
union smb_ioctl *io;
This patch adds a better dcerpc server infastructure. 1.) We now register endpoint servers add startup via register_backend() and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context 2.) each endpoint server can register at context creation time as much interfaces as it wants (multiple interfaces on one endpoint are supported!) (NOTE: there's a difference between 'endpoint server' and 'endpoint'! for details look at rpc_server/dcesrv_server.h) 3.) one endpoint can have a security descriptor registered to it self this will be checked in the future when a client wants to connect to an smb pipe endpoint. 4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module it takes this options in the [globals] section: dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper dcerpc remote:binding = ... dcerpc remote:user = ... dcerpc remote:password = ... 5.) we currently have tree endpoint servers: epmapper, rpcecho and remote the default for the 'dcerpc endpiont servers = epmapper, rpcecho' for testing you can also do dcerpc endpoint servers = rpcecho, remote, epmapper dcerpc remote:interfaces = srvsvc, samr, netlogon 6,) please notice the the epmapper now only returns NO_ENTRIES (but I think we'll find a solution for this too:-) 7.) also there're some other stuff left, but step by step :-) This patch also includes updates for the register_subsystem() , ntvfs_init(), and some other funtions to check for duplicate subsystem registration metze (hmmm, my first large commit...I hope it works as supposed :-) (This used to be commit 917e45dafd5be4c2cd90ff425b8d6f8403122349)
2004-01-08 22:55:27 +00:00
/* parse request */
SMBSRV_CHECK_WCT(req, 3);
SMBSRV_TALLOC_IO_PTR(io, union smb_ioctl);
SMBSRV_SETUP_NTVFS_REQUEST(reply_ioctl_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->ioctl.level = RAW_IOCTL_IOCTL;
io->ioctl.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->ioctl.in.request = IVAL(req->in.vwv, VWV(1));
SMBSRV_CHECK_FILE_HANDLE_ERROR(io->ioctl.in.file.ntvfs,
NT_STATUS_DOS(ERRSRV, ERRerror));
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_ioctl(req->ntvfs, io));
}
/****************************************************************************
Reply to a chkpth.
****************************************************************************/
void smbsrv_reply_chkpth(struct smbsrv_request *req)
{
union smb_chkpath *io;
SMBSRV_TALLOC_IO_PTR(io, union smb_chkpath);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
req_pull_ascii4(&req->in.bufinfo, &io->chkpath.in.path, req->in.data, STR_TERMINATE);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_chkpath(req->ntvfs, io));
}
/****************************************************************************
Reply to a getatr (async reply)
****************************************************************************/
static void reply_getatr_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_fileinfo *st;
SMBSRV_CHECK_ASYNC_STATUS(st, union smb_fileinfo);
/* construct reply */
smbsrv_setup_reply(req, 10, 0);
SSVAL(req->out.vwv, VWV(0), st->getattr.out.attrib);
srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(1), st->getattr.out.write_time);
SIVAL(req->out.vwv, VWV(3), st->getattr.out.size);
SMBSRV_VWV_RESERVED(5, 5);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a getatr.
****************************************************************************/
void smbsrv_reply_getatr(struct smbsrv_request *req)
{
union smb_fileinfo *st;
SMBSRV_TALLOC_IO_PTR(st, union smb_fileinfo);
SMBSRV_SETUP_NTVFS_REQUEST(reply_getatr_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
st->getattr.level = RAW_FILEINFO_GETATTR;
/* parse request */
req_pull_ascii4(&req->in.bufinfo, &st->getattr.in.file.path, req->in.data, STR_TERMINATE);
if (!st->getattr.in.file.path) {
smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_qpathinfo(req->ntvfs, st));
}
/****************************************************************************
Reply to a setatr.
****************************************************************************/
void smbsrv_reply_setatr(struct smbsrv_request *req)
{
union smb_setfileinfo *st;
/* parse request */
SMBSRV_CHECK_WCT(req, 8);
SMBSRV_TALLOC_IO_PTR(st, union smb_setfileinfo);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
st->setattr.level = RAW_SFILEINFO_SETATTR;
st->setattr.in.attrib = SVAL(req->in.vwv, VWV(0));
st->setattr.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
req_pull_ascii4(&req->in.bufinfo, &st->setattr.in.file.path, req->in.data, STR_TERMINATE);
if (!st->setattr.in.file.path) {
smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_setpathinfo(req->ntvfs, st));
}
/****************************************************************************
Reply to a dskattr (async reply)
****************************************************************************/
static void reply_dskattr_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_fsinfo *fs;
SMBSRV_CHECK_ASYNC_STATUS(fs, union smb_fsinfo);
/* construct reply */
smbsrv_setup_reply(req, 5, 0);
SSVAL(req->out.vwv, VWV(0), fs->dskattr.out.units_total);
SSVAL(req->out.vwv, VWV(1), fs->dskattr.out.blocks_per_unit);
SSVAL(req->out.vwv, VWV(2), fs->dskattr.out.block_size);
SSVAL(req->out.vwv, VWV(3), fs->dskattr.out.units_free);
SMBSRV_VWV_RESERVED(4, 1);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a dskattr.
****************************************************************************/
void smbsrv_reply_dskattr(struct smbsrv_request *req)
{
union smb_fsinfo *fs;
SMBSRV_TALLOC_IO_PTR(fs, union smb_fsinfo);
SMBSRV_SETUP_NTVFS_REQUEST(reply_dskattr_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
fs->dskattr.level = RAW_QFS_DSKATTR;
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_fsinfo(req->ntvfs, fs));
}
/****************************************************************************
Reply to an open (async reply)
****************************************************************************/
static void reply_open_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_open *oi;
SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
/* construct reply */
smbsrv_setup_reply(req, 7, 0);
smbsrv_push_fnum(req->out.vwv, VWV(0), oi->openold.out.file.ntvfs);
SSVAL(req->out.vwv, VWV(1), oi->openold.out.attrib);
srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(2), oi->openold.out.write_time);
SIVAL(req->out.vwv, VWV(4), oi->openold.out.size);
SSVAL(req->out.vwv, VWV(6), oi->openold.out.rmode);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to an open.
****************************************************************************/
void smbsrv_reply_open(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse request */
SMBSRV_CHECK_WCT(req, 2);
SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
SMBSRV_SETUP_NTVFS_REQUEST(reply_open_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
oi->openold.level = RAW_OPEN_OPEN;
oi->openold.in.open_mode = SVAL(req->in.vwv, VWV(0));
oi->openold.in.search_attrs = SVAL(req->in.vwv, VWV(1));
req_pull_ascii4(&req->in.bufinfo, &oi->openold.in.fname, req->in.data, STR_TERMINATE);
if (!oi->openold.in.fname) {
smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
}
/****************************************************************************
Reply to an open and X (async reply)
****************************************************************************/
static void reply_open_and_X_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_open *oi;
SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
/* build the reply */
if (oi->openx.in.flags & OPENX_FLAGS_EXTENDED_RETURN) {
smbsrv_setup_reply(req, 19, 0);
} else {
smbsrv_setup_reply(req, 15, 0);
}
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
smbsrv_push_fnum(req->out.vwv, VWV(2), oi->openx.out.file.ntvfs);
SSVAL(req->out.vwv, VWV(3), oi->openx.out.attrib);
srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(4), oi->openx.out.write_time);
SIVAL(req->out.vwv, VWV(6), oi->openx.out.size);
SSVAL(req->out.vwv, VWV(8), oi->openx.out.access);
SSVAL(req->out.vwv, VWV(9), oi->openx.out.ftype);
SSVAL(req->out.vwv, VWV(10),oi->openx.out.devstate);
SSVAL(req->out.vwv, VWV(11),oi->openx.out.action);
SIVAL(req->out.vwv, VWV(12),oi->openx.out.unique_fid);
SSVAL(req->out.vwv, VWV(14),0); /* reserved */
if (oi->openx.in.flags & OPENX_FLAGS_EXTENDED_RETURN) {
SIVAL(req->out.vwv, VWV(15),oi->openx.out.access_mask);
SMBSRV_VWV_RESERVED(17, 2);
}
req->chained_fnum = SVAL(req->out.vwv, VWV(2));
smbsrv_chain_reply(req);
}
/****************************************************************************
Reply to an open and X.
****************************************************************************/
void smbsrv_reply_open_and_X(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse the request */
SMBSRV_CHECK_WCT(req, 15);
SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
SMBSRV_SETUP_NTVFS_REQUEST(reply_open_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
oi->openx.level = RAW_OPEN_OPENX;
oi->openx.in.flags = SVAL(req->in.vwv, VWV(2));
oi->openx.in.open_mode = SVAL(req->in.vwv, VWV(3));
oi->openx.in.search_attrs = SVAL(req->in.vwv, VWV(4));
oi->openx.in.file_attrs = SVAL(req->in.vwv, VWV(5));
oi->openx.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(6));
oi->openx.in.open_func = SVAL(req->in.vwv, VWV(8));
oi->openx.in.size = IVAL(req->in.vwv, VWV(9));
oi->openx.in.timeout = IVAL(req->in.vwv, VWV(11));
req_pull_ascii4(&req->in.bufinfo, &oi->openx.in.fname, req->in.data, STR_TERMINATE);
if (!oi->openx.in.fname) {
smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
}
/****************************************************************************
Reply to a mknew or a create.
****************************************************************************/
static void reply_mknew_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_open *oi;
SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
/* build the reply */
smbsrv_setup_reply(req, 1, 0);
smbsrv_push_fnum(req->out.vwv, VWV(0), oi->mknew.out.file.ntvfs);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a mknew or a create.
****************************************************************************/
void smbsrv_reply_mknew(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse the request */
SMBSRV_CHECK_WCT(req, 3);
SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
SMBSRV_SETUP_NTVFS_REQUEST(reply_mknew_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
if (CVAL(req->in.hdr, HDR_COM) == SMBmknew) {
oi->mknew.level = RAW_OPEN_MKNEW;
} else {
oi->mknew.level = RAW_OPEN_CREATE;
}
oi->mknew.in.attrib = SVAL(req->in.vwv, VWV(0));
oi->mknew.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
req_pull_ascii4(&req->in.bufinfo, &oi->mknew.in.fname, req->in.data, STR_TERMINATE);
if (!oi->mknew.in.fname) {
smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
}
/****************************************************************************
Reply to a create temporary file (async reply)
****************************************************************************/
static void reply_ctemp_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_open *oi;
SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
/* build the reply */
smbsrv_setup_reply(req, 1, 0);
smbsrv_push_fnum(req->out.vwv, VWV(0), oi->ctemp.out.file.ntvfs);
/* the returned filename is relative to the directory */
req_push_str(req, NULL, oi->ctemp.out.name, -1, STR_TERMINATE | STR_ASCII);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a create temporary file.
****************************************************************************/
void smbsrv_reply_ctemp(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse the request */
SMBSRV_CHECK_WCT(req, 3);
SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
SMBSRV_SETUP_NTVFS_REQUEST(reply_ctemp_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
oi->ctemp.level = RAW_OPEN_CTEMP;
oi->ctemp.in.attrib = SVAL(req->in.vwv, VWV(0));
oi->ctemp.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
/* the filename is actually a directory name, the server provides a filename
in that directory */
req_pull_ascii4(&req->in.bufinfo, &oi->ctemp.in.directory, req->in.data, STR_TERMINATE);
if (!oi->ctemp.in.directory) {
smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
}
/****************************************************************************
Reply to a unlink
****************************************************************************/
void smbsrv_reply_unlink(struct smbsrv_request *req)
{
union smb_unlink *unl;
/* parse the request */
SMBSRV_CHECK_WCT(req, 1);
SMBSRV_TALLOC_IO_PTR(unl, union smb_unlink);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
unl->unlink.in.attrib = SVAL(req->in.vwv, VWV(0));
req_pull_ascii4(&req->in.bufinfo, &unl->unlink.in.pattern, req->in.data, STR_TERMINATE);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_unlink(req->ntvfs, unl));
}
/****************************************************************************
Reply to a readbraw (core+ protocol).
this is a strange packet because it doesn't use a standard SMB header in the reply,
only the 4 byte NBT header
This command must be replied to synchronously
****************************************************************************/
void smbsrv_reply_readbraw(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_read io;
io.readbraw.level = RAW_READ_READBRAW;
/* there are two variants, one with 10 and one with 8 command words */
r3081: several updates to ntvfs and server side async request handling in preparation for the full share modes and ntcreatex code that I am working on. highlights include: - changed the way a backend determines if it is allowed to process a request asynchronously. The previous method of looking at the send_fn caused problems when an intermediate ntvfs module disabled it, and the caller then wanted to finished processing using this function. The new method is a REQ_CONTROL_MAY_ASYNC flag in req->control_flags, which is also a bit easier to read - fixed 2 bugs in the readbraw server code. One related to trying to answer a readbraw with smb signing (which can't work, and crashed our signing code), the second related to error handling, which attempted to send a normal SMB error packet, when readbraw must send a 0 read reply (as it has no header) - added several more ntvfs_generic.c generic mapping functions. This means that backends no longer need to implement such esoteric functions as SMBwriteunlock() if they don't want to. The backend can just request the mapping layer turn it into a write followed by an unlock. This makes the backends considerably simpler as they only need to implement one style of each function for lock, read, write, open etc, rather than the full host of functions that SMB provides. A backend can still choose to implement them individually, of course, and the CIFS backend does that. - simplified the generic structures to make them identical to the principal call for several common SMB calls (such as RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX). - started rewriting the pvfs_open() code in preparation for the full ntcreatex semantics. - in pvfs_open and ipc_open, initially allocate the open file structure as a child of the request, so on error we don't need to clean up. Then when we are going to succeed the open steal the pointer into the long term backend context. This makes for much simpler error handling (and fixes some bugs) - use a destructor in the ipc backend to make sure that everthing is cleaned up on receive error conditions. - switched the ipc backend to using idtree for fnum allocation - in the ntvfs_generic mapping routines, use a allocated secondary structure not a stack structure to ensure the request pointer remains valid even if the backend replies async. (This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
2004-10-20 08:28:31 +00:00
if (req->in.wct < 8) {
goto failed;
}
io.readbraw.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io.readbraw.in.offset = IVAL(req->in.vwv, VWV(1));
io.readbraw.in.maxcnt = SVAL(req->in.vwv, VWV(3));
io.readbraw.in.mincnt = SVAL(req->in.vwv, VWV(4));
io.readbraw.in.timeout = IVAL(req->in.vwv, VWV(5));
if (!io.readbraw.in.file.ntvfs) {
goto failed;
}
/* the 64 bit variant */
if (req->in.wct == 10) {
uint32_t offset_high = IVAL(req->in.vwv, VWV(8));
io.readbraw.in.offset |= (((off_t)offset_high) << 32);
}
/* before calling the backend we setup the raw buffer. This
* saves a copy later */
req->out.size = io.readbraw.in.maxcnt + NBT_HDR_SIZE;
req->out.buffer = talloc_size(req, req->out.size);
if (req->out.buffer == NULL) {
goto failed;
}
SIVAL(req->out.buffer, 0, 0); /* init NBT header */
/* tell the backend where to put the data */
io.readbraw.out.data = req->out.buffer + NBT_HDR_SIZE;
/* prepare the ntvfs request */
req->ntvfs = ntvfs_request_create(req->tcon->ntvfs, req,
req->session->session_info,
SVAL(req->in.hdr,HDR_PID),
req->request_time,
req, NULL, 0);
if (!req->ntvfs) {
goto failed;
}
/* call the backend */
status = ntvfs_read(req->ntvfs, &io);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
req->out.size = io.readbraw.out.nread + NBT_HDR_SIZE;
smbsrv_send_reply_nosign(req);
return;
failed:
/* any failure in readbraw is equivalent to reading zero bytes */
req->out.size = 4;
req->out.buffer = talloc_size(req, req->out.size);
SIVAL(req->out.buffer, 0, 0); /* init NBT header */
smbsrv_send_reply_nosign(req);
}
/****************************************************************************
Reply to a lockread (async reply)
****************************************************************************/
static void reply_lockread_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_read *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_read);
/* trim packet */
io->lockread.out.nread = MIN(io->lockread.out.nread,
req_max_data(req) - 3);
req_grow_data(req, 3 + io->lockread.out.nread);
/* construct reply */
SSVAL(req->out.vwv, VWV(0), io->lockread.out.nread);
SMBSRV_VWV_RESERVED(1, 4);
SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
SSVAL(req->out.data, 1, io->lockread.out.nread);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a lockread (core+ protocol).
note that the lock is a write lock, not a read lock!
****************************************************************************/
void smbsrv_reply_lockread(struct smbsrv_request *req)
{
union smb_read *io;
/* parse request */
SMBSRV_CHECK_WCT(req, 5);
SMBSRV_TALLOC_IO_PTR(io, union smb_read);
SMBSRV_SETUP_NTVFS_REQUEST(reply_lockread_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->lockread.level = RAW_READ_LOCKREAD;
io->lockread.in.file.ntvfs= smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->lockread.in.count = SVAL(req->in.vwv, VWV(1));
io->lockread.in.offset = IVAL(req->in.vwv, VWV(2));
io->lockread.in.remaining = SVAL(req->in.vwv, VWV(4));
/* setup the reply packet assuming the maximum possible read */
smbsrv_setup_reply(req, 5, 3 + io->lockread.in.count);
/* tell the backend where to put the data */
io->lockread.out.data = req->out.data + 3;
SMBSRV_CHECK_FILE_HANDLE(io->lockread.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_read(req->ntvfs, io));
}
/****************************************************************************
Reply to a read (async reply)
****************************************************************************/
static void reply_read_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_read *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_read);
/* trim packet */
io->read.out.nread = MIN(io->read.out.nread,
req_max_data(req) - 3);
req_grow_data(req, 3 + io->read.out.nread);
/* construct reply */
SSVAL(req->out.vwv, VWV(0), io->read.out.nread);
SMBSRV_VWV_RESERVED(1, 4);
SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
SSVAL(req->out.data, 1, io->read.out.nread);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a read.
****************************************************************************/
void smbsrv_reply_read(struct smbsrv_request *req)
{
union smb_read *io;
/* parse request */
SMBSRV_CHECK_WCT(req, 5);
SMBSRV_TALLOC_IO_PTR(io, union smb_read);
SMBSRV_SETUP_NTVFS_REQUEST(reply_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->read.level = RAW_READ_READ;
io->read.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->read.in.count = SVAL(req->in.vwv, VWV(1));
io->read.in.offset = IVAL(req->in.vwv, VWV(2));
io->read.in.remaining = SVAL(req->in.vwv, VWV(4));
/* setup the reply packet assuming the maximum possible read */
smbsrv_setup_reply(req, 5, 3 + io->read.in.count);
/* tell the backend where to put the data */
io->read.out.data = req->out.data + 3;
SMBSRV_CHECK_FILE_HANDLE(io->read.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_read(req->ntvfs, io));
}
/****************************************************************************
Reply to a read and X (async reply)
****************************************************************************/
static void reply_read_and_X_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_read *io;
SMBSRV_CHECK_ASYNC_STATUS_ERR(io, union smb_read);
/* readx reply packets can be over-sized */
req->control_flags |= SMBSRV_REQ_CONTROL_LARGE;
if (io->readx.in.maxcnt != 0xFFFF &&
io->readx.in.mincnt != 0xFFFF) {
req_grow_data(req, 1 + io->readx.out.nread);
SCVAL(req->out.data, 0, 0); /* padding */
} else {
req_grow_data(req, io->readx.out.nread);
}
/* construct reply */
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), io->readx.out.remaining);
SSVAL(req->out.vwv, VWV(3), io->readx.out.compaction_mode);
SMBSRV_VWV_RESERVED(4, 1);
SSVAL(req->out.vwv, VWV(5), io->readx.out.nread);
SSVAL(req->out.vwv, VWV(6), PTR_DIFF(io->readx.out.data, req->out.hdr));
SSVAL(req->out.vwv, VWV(7), (io->readx.out.nread>>16));
SMBSRV_VWV_RESERVED(8, 4);
if (!NT_STATUS_IS_OK(req->ntvfs->async_states->status)) {
smbsrv_setup_error(req, req->ntvfs->async_states->status);
}
smbsrv_chain_reply(req);
}
/****************************************************************************
Reply to a read and X.
****************************************************************************/
void smbsrv_reply_read_and_X(struct smbsrv_request *req)
{
union smb_read *io;
uint16_t high_part = 0;
/* parse request */
if (req->in.wct != 12) {
SMBSRV_CHECK_WCT(req, 10);
}
SMBSRV_TALLOC_IO_PTR(io, union smb_read);
SMBSRV_SETUP_NTVFS_REQUEST(reply_read_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->readx.level = RAW_READ_READX;
io->readx.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(2));
io->readx.in.offset = IVAL(req->in.vwv, VWV(3));
io->readx.in.maxcnt = SVAL(req->in.vwv, VWV(5));
io->readx.in.mincnt = SVAL(req->in.vwv, VWV(6));
io->readx.in.remaining = SVAL(req->in.vwv, VWV(9));
if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) {
io->readx.in.read_for_execute = true;
} else {
io->readx.in.read_for_execute = false;
}
if (req->smb_conn->negotiate.protocol == PROTOCOL_NT1) {
high_part = SVAL(req->in.vwv, VWV(7));
}
if (high_part != UINT16_MAX) {
io->readx.in.maxcnt |= high_part << 16;
}
/*
* Windows truncates the length to 0x10000
*/
io->readx.in.maxcnt = MIN(io->readx.in.maxcnt, 0x10000);
/* the 64 bit variant */
if (req->in.wct == 12) {
uint32_t offset_high = IVAL(req->in.vwv, VWV(10));
io->readx.in.offset |= (((uint64_t)offset_high) << 32);
}
/* setup the reply packet assuming the maximum possible read */
smbsrv_setup_reply(req, 12, 1 + io->readx.in.maxcnt);
/* tell the backend where to put the data. Notice the pad byte. */
if (io->readx.in.maxcnt != 0xFFFF &&
io->readx.in.mincnt != 0xFFFF) {
io->readx.out.data = req->out.data + 1;
} else {
io->readx.out.data = req->out.data;
}
SMBSRV_CHECK_FILE_HANDLE(io->readx.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_read(req->ntvfs, io));
}
/****************************************************************************
Reply to a writebraw (core+ or LANMAN1.0 protocol).
****************************************************************************/
void smbsrv_reply_writebraw(struct smbsrv_request *req)
{
smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
}
/****************************************************************************
Reply to a writeunlock (async reply)
****************************************************************************/
static void reply_writeunlock_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_write *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
/* construct reply */
smbsrv_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), io->writeunlock.out.nwritten);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a writeunlock (core+).
****************************************************************************/
void smbsrv_reply_writeunlock(struct smbsrv_request *req)
{
union smb_write *io;
SMBSRV_CHECK_WCT(req, 5);
SMBSRV_TALLOC_IO_PTR(io, union smb_write);
SMBSRV_SETUP_NTVFS_REQUEST(reply_writeunlock_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->writeunlock.level = RAW_WRITE_WRITEUNLOCK;
io->writeunlock.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->writeunlock.in.count = SVAL(req->in.vwv, VWV(1));
io->writeunlock.in.offset = IVAL(req->in.vwv, VWV(2));
io->writeunlock.in.remaining = SVAL(req->in.vwv, VWV(4));
io->writeunlock.in.data = req->in.data + 3;
/* make sure they gave us the data they promised */
if (io->writeunlock.in.count+3 > req->in.data_size) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
/* make sure the data block is big enough */
if (SVAL(req->in.data, 1) < io->writeunlock.in.count) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CHECK_FILE_HANDLE(io->writeunlock.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
}
/****************************************************************************
Reply to a write (async reply)
****************************************************************************/
static void reply_write_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_write *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
/* construct reply */
smbsrv_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), io->write.out.nwritten);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a write
****************************************************************************/
void smbsrv_reply_write(struct smbsrv_request *req)
{
union smb_write *io;
SMBSRV_CHECK_WCT(req, 5);
SMBSRV_TALLOC_IO_PTR(io, union smb_write);
SMBSRV_SETUP_NTVFS_REQUEST(reply_write_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->write.level = RAW_WRITE_WRITE;
io->write.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->write.in.count = SVAL(req->in.vwv, VWV(1));
io->write.in.offset = IVAL(req->in.vwv, VWV(2));
io->write.in.remaining = SVAL(req->in.vwv, VWV(4));
io->write.in.data = req->in.data + 3;
/* make sure they gave us the data they promised */
if (req_data_oob(&req->in.bufinfo, io->write.in.data, io->write.in.count)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
/* make sure the data block is big enough */
if (SVAL(req->in.data, 1) < io->write.in.count) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CHECK_FILE_HANDLE(io->write.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
}
/****************************************************************************
Reply to a write and X (async reply)
****************************************************************************/
static void reply_write_and_X_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_write *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
/* construct reply */
smbsrv_setup_reply(req, 6, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), io->writex.out.nwritten & 0xFFFF);
SSVAL(req->out.vwv, VWV(3), io->writex.out.remaining);
SSVAL(req->out.vwv, VWV(4), io->writex.out.nwritten >> 16);
SMBSRV_VWV_RESERVED(5, 1);
smbsrv_chain_reply(req);
}
/****************************************************************************
Reply to a write and X.
****************************************************************************/
void smbsrv_reply_write_and_X(struct smbsrv_request *req)
{
union smb_write *io;
if (req->in.wct != 14) {
SMBSRV_CHECK_WCT(req, 12);
}
SMBSRV_TALLOC_IO_PTR(io, union smb_write);
SMBSRV_SETUP_NTVFS_REQUEST(reply_write_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->writex.level = RAW_WRITE_WRITEX;
io->writex.in.file.ntvfs= smbsrv_pull_fnum(req, req->in.vwv, VWV(2));
io->writex.in.offset = IVAL(req->in.vwv, VWV(3));
io->writex.in.wmode = SVAL(req->in.vwv, VWV(7));
io->writex.in.remaining = SVAL(req->in.vwv, VWV(8));
io->writex.in.count = SVAL(req->in.vwv, VWV(10));
io->writex.in.data = req->in.hdr + SVAL(req->in.vwv, VWV(11));
if (req->in.wct == 14) {
uint32_t offset_high = IVAL(req->in.vwv, VWV(12));
uint16_t count_high = SVAL(req->in.vwv, VWV(9));
io->writex.in.offset |= (((uint64_t)offset_high) << 32);
io->writex.in.count |= ((uint32_t)count_high) << 16;
}
/* make sure the data is in bounds */
if (req_data_oob(&req->in.bufinfo, io->writex.in.data, io->writex.in.count)) {
smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
return;
}
SMBSRV_CHECK_FILE_HANDLE(io->writex.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
}
/****************************************************************************
Reply to a lseek (async reply)
****************************************************************************/
static void reply_lseek_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_seek *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_seek);
/* construct reply */
smbsrv_setup_reply(req, 2, 0);
SIVALS(req->out.vwv, VWV(0), io->lseek.out.offset);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a lseek.
****************************************************************************/
void smbsrv_reply_lseek(struct smbsrv_request *req)
{
union smb_seek *io;
SMBSRV_CHECK_WCT(req, 4);
SMBSRV_TALLOC_IO_PTR(io, union smb_seek);
SMBSRV_SETUP_NTVFS_REQUEST(reply_lseek_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->lseek.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->lseek.in.mode = SVAL(req->in.vwv, VWV(1));
io->lseek.in.offset = IVALS(req->in.vwv, VWV(2));
SMBSRV_CHECK_FILE_HANDLE(io->lseek.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_seek(req->ntvfs, io));
}
/****************************************************************************
Reply to a flush.
****************************************************************************/
void smbsrv_reply_flush(struct smbsrv_request *req)
{
union smb_flush *io;
uint16_t fnum;
/* parse request */
SMBSRV_CHECK_WCT(req, 1);
SMBSRV_TALLOC_IO_PTR(io, union smb_flush);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
fnum = SVAL(req->in.vwv, VWV(0));
if (fnum == 0xFFFF) {
io->flush_all.level = RAW_FLUSH_ALL;
} else {
io->flush.level = RAW_FLUSH_FLUSH;
io->flush.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
SMBSRV_CHECK_FILE_HANDLE(io->flush.in.file.ntvfs);
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_flush(req->ntvfs, io));
}
/****************************************************************************
Reply to a close
Note that this has to deal with closing a directory opened by NT SMB's.
****************************************************************************/
void smbsrv_reply_close(struct smbsrv_request *req)
{
union smb_close *io;
/* parse request */
SMBSRV_CHECK_WCT(req, 3);
SMBSRV_TALLOC_IO_PTR(io, union smb_close);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->close.level = RAW_CLOSE_CLOSE;
io->close.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->close.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
SMBSRV_CHECK_FILE_HANDLE(io->close.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_close(req->ntvfs, io));
}
/****************************************************************************
Reply to a writeclose (async reply)
****************************************************************************/
static void reply_writeclose_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_write *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_write);
/* construct reply */
smbsrv_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), io->write.out.nwritten);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a writeclose (Core+ protocol).
****************************************************************************/
void smbsrv_reply_writeclose(struct smbsrv_request *req)
{
union smb_write *io;
/* this one is pretty weird - the wct can be 6 or 12 */
if (req->in.wct != 12) {
SMBSRV_CHECK_WCT(req, 6);
}
SMBSRV_TALLOC_IO_PTR(io, union smb_write);
SMBSRV_SETUP_NTVFS_REQUEST(reply_writeclose_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->writeclose.level = RAW_WRITE_WRITECLOSE;
io->writeclose.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->writeclose.in.count = SVAL(req->in.vwv, VWV(1));
io->writeclose.in.offset = IVAL(req->in.vwv, VWV(2));
io->writeclose.in.mtime = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(4));
io->writeclose.in.data = req->in.data + 1;
/* make sure they gave us the data they promised */
if (req_data_oob(&req->in.bufinfo, io->writeclose.in.data, io->writeclose.in.count)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CHECK_FILE_HANDLE(io->writeclose.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
}
/****************************************************************************
Reply to a lock.
****************************************************************************/
void smbsrv_reply_lock(struct smbsrv_request *req)
{
union smb_lock *lck;
/* parse request */
SMBSRV_CHECK_WCT(req, 5);
SMBSRV_TALLOC_IO_PTR(lck, union smb_lock);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
lck->lock.level = RAW_LOCK_LOCK;
lck->lock.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
lck->lock.in.count = IVAL(req->in.vwv, VWV(1));
lck->lock.in.offset = IVAL(req->in.vwv, VWV(3));
SMBSRV_CHECK_FILE_HANDLE(lck->lock.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, lck));
}
/****************************************************************************
Reply to a unlock.
****************************************************************************/
void smbsrv_reply_unlock(struct smbsrv_request *req)
{
union smb_lock *lck;
/* parse request */
SMBSRV_CHECK_WCT(req, 5);
SMBSRV_TALLOC_IO_PTR(lck, union smb_lock);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
lck->unlock.level = RAW_LOCK_UNLOCK;
lck->unlock.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
lck->unlock.in.count = IVAL(req->in.vwv, VWV(1));
lck->unlock.in.offset = IVAL(req->in.vwv, VWV(3));
SMBSRV_CHECK_FILE_HANDLE(lck->unlock.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, lck));
}
/****************************************************************************
Reply to a tdis.
****************************************************************************/
void smbsrv_reply_tdis(struct smbsrv_request *req)
{
struct smbsrv_handle *h, *nh;
SMBSRV_CHECK_WCT(req, 0);
/*
* TODO: cancel all pending requests on this tcon
*/
/*
* close all handles on this tcon
*/
for (h=req->tcon->handles.list; h; h=nh) {
nh = h->next;
talloc_free(h);
}
/* finally destroy the tcon */
talloc_free(req->tcon);
req->tcon = NULL;
smbsrv_setup_reply(req, 0, 0);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a echo. This is one of the few calls that is handled directly (the
backends don't see it at all)
****************************************************************************/
void smbsrv_reply_echo(struct smbsrv_request *req)
{
uint16_t count;
int i;
SMBSRV_CHECK_WCT(req, 1);
count = SVAL(req->in.vwv, VWV(0));
smbsrv_setup_reply(req, 1, req->in.data_size);
memcpy(req->out.data, req->in.data, req->in.data_size);
for (i=1; i <= count;i++) {
struct smbsrv_request *this_req;
if (i != count) {
this_req = smbsrv_setup_secondary_request(req);
} else {
this_req = req;
}
SSVAL(this_req->out.vwv, VWV(0), i);
smbsrv_send_reply(this_req);
}
}
/****************************************************************************
Reply to a printopen (async reply)
****************************************************************************/
static void reply_printopen_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_open *oi;
SMBSRV_CHECK_ASYNC_STATUS(oi, union smb_open);
/* construct reply */
smbsrv_setup_reply(req, 1, 0);
smbsrv_push_fnum(req->out.vwv, VWV(0), oi->openold.out.file.ntvfs);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a printopen.
****************************************************************************/
void smbsrv_reply_printopen(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse request */
SMBSRV_CHECK_WCT(req, 2);
SMBSRV_TALLOC_IO_PTR(oi, union smb_open);
SMBSRV_SETUP_NTVFS_REQUEST(reply_printopen_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
oi->splopen.level = RAW_OPEN_SPLOPEN;
oi->splopen.in.setup_length = SVAL(req->in.vwv, VWV(0));
oi->splopen.in.mode = SVAL(req->in.vwv, VWV(1));
req_pull_ascii4(&req->in.bufinfo, &oi->splopen.in.ident, req->in.data, STR_TERMINATE);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, oi));
}
/****************************************************************************
Reply to a printclose.
****************************************************************************/
void smbsrv_reply_printclose(struct smbsrv_request *req)
{
union smb_close *io;
/* parse request */
SMBSRV_CHECK_WCT(req, 3);
SMBSRV_TALLOC_IO_PTR(io, union smb_close);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->splclose.level = RAW_CLOSE_SPLCLOSE;
io->splclose.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
SMBSRV_CHECK_FILE_HANDLE(io->splclose.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_close(req->ntvfs, io));
}
/****************************************************************************
Reply to a printqueue.
****************************************************************************/
static void reply_printqueue_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_lpq *lpq;
int i, maxcount;
const unsigned int el_size = 28;
SMBSRV_CHECK_ASYNC_STATUS(lpq,union smb_lpq);
/* construct reply */
smbsrv_setup_reply(req, 2, 0);
/* truncate the returned list to fit in the negotiated buffer size */
maxcount = (req_max_data(req) - 3) / el_size;
if (maxcount < lpq->retq.out.count) {
lpq->retq.out.count = maxcount;
}
/* setup enough space in the reply */
req_grow_data(req, 3 + el_size*lpq->retq.out.count);
/* and fill it in */
SSVAL(req->out.vwv, VWV(0), lpq->retq.out.count);
SSVAL(req->out.vwv, VWV(1), lpq->retq.out.restart_idx);
SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
SSVAL(req->out.data, 1, el_size*lpq->retq.out.count);
req->out.ptr = req->out.data + 3;
for (i=0;i<lpq->retq.out.count;i++) {
srv_push_dos_date2(req->smb_conn, req->out.ptr, 0 , lpq->retq.out.queue[i].time);
SCVAL(req->out.ptr, 4, lpq->retq.out.queue[i].status);
SSVAL(req->out.ptr, 5, lpq->retq.out.queue[i].job);
SIVAL(req->out.ptr, 7, lpq->retq.out.queue[i].size);
SCVAL(req->out.ptr, 11, 0); /* reserved */
req_push_str(req, req->out.ptr+12, lpq->retq.out.queue[i].user, 16, STR_ASCII);
req->out.ptr += el_size;
}
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a printqueue.
****************************************************************************/
void smbsrv_reply_printqueue(struct smbsrv_request *req)
{
union smb_lpq *lpq;
/* parse request */
SMBSRV_CHECK_WCT(req, 2);
SMBSRV_TALLOC_IO_PTR(lpq, union smb_lpq);
SMBSRV_SETUP_NTVFS_REQUEST(reply_printqueue_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
lpq->retq.level = RAW_LPQ_RETQ;
lpq->retq.in.maxcount = SVAL(req->in.vwv, VWV(0));
lpq->retq.in.startidx = SVAL(req->in.vwv, VWV(1));
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lpq(req->ntvfs, lpq));
}
/****************************************************************************
Reply to a printwrite.
****************************************************************************/
void smbsrv_reply_printwrite(struct smbsrv_request *req)
{
union smb_write *io;
/* parse request */
SMBSRV_CHECK_WCT(req, 1);
SMBSRV_TALLOC_IO_PTR(io, union smb_write);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
if (req->in.data_size < 3) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
io->splwrite.level = RAW_WRITE_SPLWRITE;
io->splwrite.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
io->splwrite.in.count = SVAL(req->in.data, 1);
io->splwrite.in.data = req->in.data + 3;
/* make sure they gave us the data they promised */
if (req_data_oob(&req->in.bufinfo, io->splwrite.in.data, io->splwrite.in.count)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CHECK_FILE_HANDLE(io->splwrite.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_write(req->ntvfs, io));
}
/****************************************************************************
Reply to a mkdir.
****************************************************************************/
void smbsrv_reply_mkdir(struct smbsrv_request *req)
{
union smb_mkdir *io;
/* parse the request */
SMBSRV_CHECK_WCT(req, 0);
SMBSRV_TALLOC_IO_PTR(io, union smb_mkdir);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->generic.level = RAW_MKDIR_MKDIR;
req_pull_ascii4(&req->in.bufinfo, &io->mkdir.in.path, req->in.data, STR_TERMINATE);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_mkdir(req->ntvfs, io));
}
/****************************************************************************
Reply to a rmdir.
****************************************************************************/
void smbsrv_reply_rmdir(struct smbsrv_request *req)
{
struct smb_rmdir *io;
/* parse the request */
SMBSRV_CHECK_WCT(req, 0);
SMBSRV_TALLOC_IO_PTR(io, struct smb_rmdir);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
req_pull_ascii4(&req->in.bufinfo, &io->in.path, req->in.data, STR_TERMINATE);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_rmdir(req->ntvfs, io));
}
/****************************************************************************
Reply to a mv.
****************************************************************************/
void smbsrv_reply_mv(struct smbsrv_request *req)
{
union smb_rename *io;
uint8_t *p;
/* parse the request */
SMBSRV_CHECK_WCT(req, 1);
SMBSRV_TALLOC_IO_PTR(io, union smb_rename);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->generic.level = RAW_RENAME_RENAME;
io->rename.in.attrib = SVAL(req->in.vwv, VWV(0));
p = req->in.data;
p += req_pull_ascii4(&req->in.bufinfo, &io->rename.in.pattern1, p, STR_TERMINATE);
p += req_pull_ascii4(&req->in.bufinfo, &io->rename.in.pattern2, p, STR_TERMINATE);
if (!io->rename.in.pattern1 || !io->rename.in.pattern2) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_rename(req->ntvfs, io));
}
/****************************************************************************
Reply to an NT rename.
****************************************************************************/
void smbsrv_reply_ntrename(struct smbsrv_request *req)
{
union smb_rename *io;
uint8_t *p;
/* parse the request */
SMBSRV_CHECK_WCT(req, 4);
SMBSRV_TALLOC_IO_PTR(io, union smb_rename);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->generic.level = RAW_RENAME_NTRENAME;
io->ntrename.in.attrib = SVAL(req->in.vwv, VWV(0));
io->ntrename.in.flags = SVAL(req->in.vwv, VWV(1));
io->ntrename.in.cluster_size = IVAL(req->in.vwv, VWV(2));
p = req->in.data;
p += req_pull_ascii4(&req->in.bufinfo, &io->ntrename.in.old_name, p, STR_TERMINATE);
p += req_pull_ascii4(&req->in.bufinfo, &io->ntrename.in.new_name, p, STR_TERMINATE);
if (!io->ntrename.in.old_name || !io->ntrename.in.new_name) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_rename(req->ntvfs, io));
}
/****************************************************************************
Reply to a file copy (async reply)
****************************************************************************/
static void reply_copy_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
struct smb_copy *cp;
SMBSRV_CHECK_ASYNC_STATUS(cp, struct smb_copy);
/* build the reply */
smbsrv_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), cp->out.count);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a file copy.
****************************************************************************/
void smbsrv_reply_copy(struct smbsrv_request *req)
{
struct smb_copy *cp;
uint8_t *p;
/* parse request */
SMBSRV_CHECK_WCT(req, 3);
SMBSRV_TALLOC_IO_PTR(cp, struct smb_copy);
SMBSRV_SETUP_NTVFS_REQUEST(reply_copy_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
cp->in.tid2 = SVAL(req->in.vwv, VWV(0));
cp->in.ofun = SVAL(req->in.vwv, VWV(1));
cp->in.flags = SVAL(req->in.vwv, VWV(2));
p = req->in.data;
p += req_pull_ascii4(&req->in.bufinfo, &cp->in.path1, p, STR_TERMINATE);
p += req_pull_ascii4(&req->in.bufinfo, &cp->in.path2, p, STR_TERMINATE);
if (!cp->in.path1 || !cp->in.path2) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_copy(req->ntvfs, cp));
}
/****************************************************************************
Reply to a lockingX request (async send)
****************************************************************************/
static void reply_lockingX_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_lock *lck;
SMBSRV_CHECK_ASYNC_STATUS(lck, union smb_lock);
/* if it was an oplock break ack then we only send a reply if
there was an error */
if (lck->lockx.in.ulock_cnt + lck->lockx.in.lock_cnt == 0) {
talloc_free(req);
return;
}
/* construct reply */
smbsrv_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
smbsrv_chain_reply(req);
}
/****************************************************************************
Reply to a lockingX request.
****************************************************************************/
void smbsrv_reply_lockingX(struct smbsrv_request *req)
{
union smb_lock *lck;
unsigned int total_locks, i;
unsigned int lck_size;
uint8_t *p;
/* parse request */
SMBSRV_CHECK_WCT(req, 8);
SMBSRV_TALLOC_IO_PTR(lck, union smb_lock);
SMBSRV_SETUP_NTVFS_REQUEST(reply_lockingX_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
lck->lockx.level = RAW_LOCK_LOCKX;
lck->lockx.in.file.ntvfs= smbsrv_pull_fnum(req, req->in.vwv, VWV(2));
lck->lockx.in.mode = SVAL(req->in.vwv, VWV(3));
lck->lockx.in.timeout = IVAL(req->in.vwv, VWV(4));
lck->lockx.in.ulock_cnt = SVAL(req->in.vwv, VWV(6));
lck->lockx.in.lock_cnt = SVAL(req->in.vwv, VWV(7));
total_locks = lck->lockx.in.ulock_cnt + lck->lockx.in.lock_cnt;
/* there are two variants, one with 64 bit offsets and counts */
if (lck->lockx.in.mode & LOCKING_ANDX_LARGE_FILES) {
lck_size = 20;
} else {
lck_size = 10;
}
/* make sure we got the promised data */
if (req_data_oob(&req->in.bufinfo, req->in.data, total_locks * lck_size)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
/* allocate the locks array */
if (total_locks) {
lck->lockx.in.locks = talloc_array(req, struct smb_lock_entry,
total_locks);
if (lck->lockx.in.locks == NULL) {
smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
return;
}
}
p = req->in.data;
/* construct the locks array */
for (i=0;i<total_locks;i++) {
uint32_t ofs_high=0, count_high=0;
lck->lockx.in.locks[i].pid = SVAL(p, 0);
if (lck->lockx.in.mode & LOCKING_ANDX_LARGE_FILES) {
ofs_high = IVAL(p, 4);
lck->lockx.in.locks[i].offset = IVAL(p, 8);
count_high = IVAL(p, 12);
lck->lockx.in.locks[i].count = IVAL(p, 16);
} else {
lck->lockx.in.locks[i].offset = IVAL(p, 2);
lck->lockx.in.locks[i].count = IVAL(p, 6);
}
if (ofs_high != 0 || count_high != 0) {
lck->lockx.in.locks[i].count |= ((uint64_t)count_high) << 32;
lck->lockx.in.locks[i].offset |= ((uint64_t)ofs_high) << 32;
}
p += lck_size;
}
SMBSRV_CHECK_FILE_HANDLE(lck->lockx.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, lck));
}
/****************************************************************************
Reply to a SMBreadbmpx (read block multiplex) request.
****************************************************************************/
void smbsrv_reply_readbmpx(struct smbsrv_request *req)
{
/* tell the client to not use a multiplexed read - its too broken to use */
smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
}
/****************************************************************************
Reply to a SMBsetattrE.
****************************************************************************/
void smbsrv_reply_setattrE(struct smbsrv_request *req)
{
union smb_setfileinfo *info;
/* parse request */
SMBSRV_CHECK_WCT(req, 7);
SMBSRV_TALLOC_IO_PTR(info, union smb_setfileinfo);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
info->setattre.level = RAW_SFILEINFO_SETATTRE;
info->setattre.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
info->setattre.in.create_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(1));
info->setattre.in.access_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(3));
info->setattre.in.write_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(5));
SMBSRV_CHECK_FILE_HANDLE(info->setattre.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_setfileinfo(req->ntvfs, info));
}
/****************************************************************************
Reply to a SMBwritebmpx (write block multiplex primary) request.
****************************************************************************/
void smbsrv_reply_writebmpx(struct smbsrv_request *req)
{
smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
}
/****************************************************************************
Reply to a SMBwritebs (write block multiplex secondary) request.
****************************************************************************/
void smbsrv_reply_writebs(struct smbsrv_request *req)
{
smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRuseSTD));
}
/****************************************************************************
Reply to a SMBgetattrE (async reply)
****************************************************************************/
static void reply_getattrE_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_fileinfo *info;
SMBSRV_CHECK_ASYNC_STATUS(info, union smb_fileinfo);
/* setup reply */
smbsrv_setup_reply(req, 11, 0);
srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(0), info->getattre.out.create_time);
srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(2), info->getattre.out.access_time);
srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(4), info->getattre.out.write_time);
SIVAL(req->out.vwv, VWV(6), info->getattre.out.size);
SIVAL(req->out.vwv, VWV(8), info->getattre.out.alloc_size);
SSVAL(req->out.vwv, VWV(10), info->getattre.out.attrib);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a SMBgetattrE.
****************************************************************************/
void smbsrv_reply_getattrE(struct smbsrv_request *req)
{
union smb_fileinfo *info;
/* parse request */
SMBSRV_CHECK_WCT(req, 1);
SMBSRV_TALLOC_IO_PTR(info, union smb_fileinfo);
SMBSRV_SETUP_NTVFS_REQUEST(reply_getattrE_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
info->getattr.level = RAW_FILEINFO_GETATTRE;
info->getattr.in.file.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, VWV(0));
SMBSRV_CHECK_FILE_HANDLE(info->getattr.in.file.ntvfs);
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_qfileinfo(req->ntvfs, info));
}
void smbsrv_reply_sesssetup_send(struct smbsrv_request *req,
union smb_sesssetup *io,
NTSTATUS status)
{
switch (io->old.level) {
case RAW_SESSSETUP_OLD:
if (!NT_STATUS_IS_OK(status)) {
smbsrv_send_error(req, status);
return;
}
/* construct reply */
smbsrv_setup_reply(req, 3, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), io->old.out.action);
SSVAL(req->out.hdr, HDR_UID, io->old.out.vuid);
smbsrv_chain_reply(req);
return;
case RAW_SESSSETUP_NT1:
if (!NT_STATUS_IS_OK(status)) {
smbsrv_send_error(req, status);
return;
}
/* construct reply */
smbsrv_setup_reply(req, 3, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), io->nt1.out.action);
SSVAL(req->out.hdr, HDR_UID, io->nt1.out.vuid);
req_push_str(req, NULL, io->nt1.out.os, -1, STR_TERMINATE);
req_push_str(req, NULL, io->nt1.out.lanman, -1, STR_TERMINATE);
req_push_str(req, NULL, io->nt1.out.domain, -1, STR_TERMINATE);
smbsrv_chain_reply(req);
return;
case RAW_SESSSETUP_SPNEGO:
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
smbsrv_send_error(req, status);
return;
}
/* construct reply */
smbsrv_setup_reply(req, 4, io->spnego.out.secblob.length);
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
smbsrv_setup_error(req, status);
}
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), io->spnego.out.action);
SSVAL(req->out.vwv, VWV(3), io->spnego.out.secblob.length);
SSVAL(req->out.hdr, HDR_UID, io->spnego.out.vuid);
memcpy(req->out.data, io->spnego.out.secblob.data, io->spnego.out.secblob.length);
req_push_str(req, NULL, io->spnego.out.os, -1, STR_TERMINATE);
req_push_str(req, NULL, io->spnego.out.lanman, -1, STR_TERMINATE);
req_push_str(req, NULL, io->spnego.out.workgroup, -1, STR_TERMINATE);
smbsrv_chain_reply(req);
return;
case RAW_SESSSETUP_SMB2:
break;
}
smbsrv_send_error(req, NT_STATUS_INTERNAL_ERROR);
}
/****************************************************************************
reply to an old style session setup command
****************************************************************************/
static void reply_sesssetup_old(struct smbsrv_request *req)
{
uint8_t *p;
uint16_t passlen;
union smb_sesssetup *io;
SMBSRV_TALLOC_IO_PTR(io, union smb_sesssetup);
io->old.level = RAW_SESSSETUP_OLD;
/* parse request */
io->old.in.bufsize = SVAL(req->in.vwv, VWV(2));
io->old.in.mpx_max = SVAL(req->in.vwv, VWV(3));
io->old.in.vc_num = SVAL(req->in.vwv, VWV(4));
io->old.in.sesskey = IVAL(req->in.vwv, VWV(5));
passlen = SVAL(req->in.vwv, VWV(7));
/* check the request isn't malformed */
if (req_data_oob(&req->in.bufinfo, req->in.data, passlen)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
p = req->in.data;
if (!req_pull_blob(&req->in.bufinfo, p, passlen, &io->old.in.password)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
p += passlen;
p += req_pull_string(&req->in.bufinfo, &io->old.in.user, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->old.in.domain, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->old.in.os, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->old.in.lanman, p, -1, STR_TERMINATE);
/* call the generic handler */
smbsrv_sesssetup_backend(req, io);
}
/****************************************************************************
reply to an NT1 style session setup command
****************************************************************************/
static void reply_sesssetup_nt1(struct smbsrv_request *req)
{
uint8_t *p;
uint16_t passlen1, passlen2;
union smb_sesssetup *io;
SMBSRV_TALLOC_IO_PTR(io, union smb_sesssetup);
io->nt1.level = RAW_SESSSETUP_NT1;
/* parse request */
io->nt1.in.bufsize = SVAL(req->in.vwv, VWV(2));
io->nt1.in.mpx_max = SVAL(req->in.vwv, VWV(3));
io->nt1.in.vc_num = SVAL(req->in.vwv, VWV(4));
io->nt1.in.sesskey = IVAL(req->in.vwv, VWV(5));
passlen1 = SVAL(req->in.vwv, VWV(7));
passlen2 = SVAL(req->in.vwv, VWV(8));
io->nt1.in.capabilities = IVAL(req->in.vwv, VWV(11));
/* check the request isn't malformed */
if (req_data_oob(&req->in.bufinfo, req->in.data, passlen1) ||
req_data_oob(&req->in.bufinfo, req->in.data + passlen1, passlen2)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
p = req->in.data;
if (!req_pull_blob(&req->in.bufinfo, p, passlen1, &io->nt1.in.password1)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
p += passlen1;
if (!req_pull_blob(&req->in.bufinfo, p, passlen2, &io->nt1.in.password2)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
p += passlen2;
p += req_pull_string(&req->in.bufinfo, &io->nt1.in.user, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->nt1.in.domain, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->nt1.in.os, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->nt1.in.lanman, p, -1, STR_TERMINATE);
/* call the generic handler */
smbsrv_sesssetup_backend(req, io);
}
/****************************************************************************
reply to an SPNEGO style session setup command
****************************************************************************/
static void reply_sesssetup_spnego(struct smbsrv_request *req)
{
uint8_t *p;
uint16_t blob_len;
union smb_sesssetup *io;
SMBSRV_TALLOC_IO_PTR(io, union smb_sesssetup);
io->spnego.level = RAW_SESSSETUP_SPNEGO;
/* parse request */
io->spnego.in.bufsize = SVAL(req->in.vwv, VWV(2));
io->spnego.in.mpx_max = SVAL(req->in.vwv, VWV(3));
io->spnego.in.vc_num = SVAL(req->in.vwv, VWV(4));
io->spnego.in.sesskey = IVAL(req->in.vwv, VWV(5));
blob_len = SVAL(req->in.vwv, VWV(7));
io->spnego.in.capabilities = IVAL(req->in.vwv, VWV(10));
p = req->in.data;
if (!req_pull_blob(&req->in.bufinfo, p, blob_len, &io->spnego.in.secblob)) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
p += blob_len;
p += req_pull_string(&req->in.bufinfo, &io->spnego.in.os, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->spnego.in.lanman, p, -1, STR_TERMINATE);
p += req_pull_string(&req->in.bufinfo, &io->spnego.in.workgroup, p, -1, STR_TERMINATE);
/* call the generic handler */
smbsrv_sesssetup_backend(req, io);
}
/****************************************************************************
reply to a session setup command
****************************************************************************/
void smbsrv_reply_sesssetup(struct smbsrv_request *req)
{
switch (req->in.wct) {
case 10:
/* a pre-NT1 call */
reply_sesssetup_old(req);
return;
case 13:
/* a NT1 call */
reply_sesssetup_nt1(req);
return;
case 12:
/* a SPNEGO call */
reply_sesssetup_spnego(req);
return;
}
/* unsupported variant */
smbsrv_send_error(req, NT_STATUS_FOOBAR);
}
/****************************************************************************
Reply to a exit. This closes all files open by a smbpid
****************************************************************************/
void smbsrv_reply_exit(struct smbsrv_request *req)
{
struct smbsrv_handle_session_item *i, *ni;
struct smbsrv_handle *h;
struct smbsrv_tcon *tcon;
uint16_t smbpid;
SMBSRV_CHECK_WCT(req, 0);
smbpid = SVAL(req->in.hdr,HDR_PID);
/* first destroy all handles, which have the same PID as the request */
for (i=req->session->handles; i; i=ni) {
ni = i->next;
h = i->handle;
if (h->smbpid != smbpid) continue;
talloc_free(h);
}
/*
* then let the ntvfs backends proxy the call if they want to,
* but we didn't check the return value of the backends,
* as for the SMB client the call succeed
*/
for (tcon=req->smb_conn->smb_tcons.list;tcon;tcon=tcon->next) {
req->tcon = tcon;
SMBSRV_SETUP_NTVFS_REQUEST(NULL,0);
ntvfs_exit(req->ntvfs);
talloc_free(req->ntvfs);
req->ntvfs = NULL;
req->tcon = NULL;
}
smbsrv_setup_reply(req, 0, 0);
smbsrv_send_reply(req);
}
/****************************************************************************
Reply to a SMBulogoffX.
****************************************************************************/
void smbsrv_reply_ulogoffX(struct smbsrv_request *req)
{
struct smbsrv_handle_session_item *i, *ni;
struct smbsrv_handle *h;
struct smbsrv_tcon *tcon;
SMBSRV_CHECK_WCT(req, 2);
/*
* TODO: cancel all pending requests
*/
/* destroy all handles */
for (i=req->session->handles; i; i=ni) {
ni = i->next;
h = i->handle;
talloc_free(h);
}
/*
* then let the ntvfs backends proxy the call if they want to,
* but we didn't check the return value of the backends,
* as for the SMB client the call succeed
*/
for (tcon=req->smb_conn->smb_tcons.list;tcon;tcon=tcon->next) {
req->tcon = tcon;
SMBSRV_SETUP_NTVFS_REQUEST(NULL,0);
ntvfs_logoff(req->ntvfs);
talloc_free(req->ntvfs);
req->ntvfs = NULL;
req->tcon = NULL;
}
talloc_free(req->session);
req->session = NULL; /* it is now invalid, don't use on
any chained packets */
smbsrv_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
smbsrv_chain_reply(req);
}
/****************************************************************************
Reply to an SMBfindclose request
****************************************************************************/
void smbsrv_reply_findclose(struct smbsrv_request *req)
{
union smb_search_close *io;
/* parse request */
SMBSRV_CHECK_WCT(req, 1);
SMBSRV_TALLOC_IO_PTR(io, union smb_search_close);
SMBSRV_SETUP_NTVFS_REQUEST(reply_simple_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->findclose.level = RAW_FINDCLOSE_FINDCLOSE;
io->findclose.in.handle = SVAL(req->in.vwv, VWV(0));
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_search_close(req->ntvfs, io));
}
/****************************************************************************
Reply to an SMBfindnclose request
****************************************************************************/
void smbsrv_reply_findnclose(struct smbsrv_request *req)
{
smbsrv_send_error(req, NT_STATUS_FOOBAR);
}
/****************************************************************************
Reply to an SMBntcreateX request (async send)
****************************************************************************/
static void reply_ntcreate_and_X_send(struct ntvfs_request *ntvfs)
{
struct smbsrv_request *req;
union smb_open *io;
SMBSRV_CHECK_ASYNC_STATUS(io, union smb_open);
/* construct reply */
smbsrv_setup_reply(req, 34, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SCVAL(req->out.vwv, VWV(2), io->ntcreatex.out.oplock_level);
/* the rest of the parameters are not aligned! */
smbsrv_push_fnum(req->out.vwv, 5, io->ntcreatex.out.file.ntvfs);
SIVAL(req->out.vwv, 7, io->ntcreatex.out.create_action);
push_nttime(req->out.vwv, 11, io->ntcreatex.out.create_time);
push_nttime(req->out.vwv, 19, io->ntcreatex.out.access_time);
push_nttime(req->out.vwv, 27, io->ntcreatex.out.write_time);
push_nttime(req->out.vwv, 35, io->ntcreatex.out.change_time);
SIVAL(req->out.vwv, 43, io->ntcreatex.out.attrib);
SBVAL(req->out.vwv, 47, io->ntcreatex.out.alloc_size);
SBVAL(req->out.vwv, 55, io->ntcreatex.out.size);
SSVAL(req->out.vwv, 63, io->ntcreatex.out.file_type);
SSVAL(req->out.vwv, 65, io->ntcreatex.out.ipc_state);
SCVAL(req->out.vwv, 67, io->ntcreatex.out.is_directory);
req->chained_fnum = SVAL(req->out.vwv, 5);
smbsrv_chain_reply(req);
}
/****************************************************************************
Reply to an SMBntcreateX request
****************************************************************************/
void smbsrv_reply_ntcreate_and_X(struct smbsrv_request *req)
{
union smb_open *io;
uint16_t fname_len;
/* parse the request */
SMBSRV_CHECK_WCT(req, 24);
SMBSRV_TALLOC_IO_PTR(io, union smb_open);
SMBSRV_SETUP_NTVFS_REQUEST(reply_ntcreate_and_X_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->ntcreatex.level = RAW_OPEN_NTCREATEX;
/* notice that the word parameters are not word aligned, so we don't use VWV() */
fname_len = SVAL(req->in.vwv, 5);
io->ntcreatex.in.flags = IVAL(req->in.vwv, 7);
io->ntcreatex.in.root_fid.ntvfs = smbsrv_pull_fnum(req, req->in.vwv, 11);
io->ntcreatex.in.access_mask = IVAL(req->in.vwv, 15);
io->ntcreatex.in.alloc_size = BVAL(req->in.vwv, 19);
io->ntcreatex.in.file_attr = IVAL(req->in.vwv, 27);
io->ntcreatex.in.share_access = IVAL(req->in.vwv, 31);
io->ntcreatex.in.open_disposition = IVAL(req->in.vwv, 35);
io->ntcreatex.in.create_options = IVAL(req->in.vwv, 39);
io->ntcreatex.in.impersonation = IVAL(req->in.vwv, 43);
io->ntcreatex.in.security_flags = CVAL(req->in.vwv, 47);
io->ntcreatex.in.ea_list = NULL;
io->ntcreatex.in.sec_desc = NULL;
io->ntcreatex.in.query_maximal_access = false;
io->ntcreatex.in.query_on_disk_id = false;
io->ntcreatex.in.private_flags = 0;
/* we need a neater way to handle this alignment */
if ((req->flags2 & FLAGS2_UNICODE_STRINGS) &&
ucs2_align(req->in.buffer, req->in.data, STR_TERMINATE|STR_UNICODE)) {
fname_len++;
}
req_pull_string(&req->in.bufinfo, &io->ntcreatex.in.fname, req->in.data, fname_len, STR_TERMINATE);
if (!io->ntcreatex.in.fname) {
smbsrv_send_error(req, NT_STATUS_FOOBAR);
return;
}
SMBSRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, io));
}
/****************************************************************************
Reply to an SMBntcancel request
****************************************************************************/
void smbsrv_reply_ntcancel(struct smbsrv_request *req)
{
struct smbsrv_request *r;
uint16_t tid = SVAL(req->in.hdr,HDR_TID);
uint16_t uid = SVAL(req->in.hdr,HDR_UID);
uint16_t mid = SVAL(req->in.hdr,HDR_MID);
uint16_t pid = SVAL(req->in.hdr,HDR_PID);
for (r = req->smb_conn->requests; r; r = r->next) {
if (tid != SVAL(r->in.hdr,HDR_TID)) continue;
if (uid != SVAL(r->in.hdr,HDR_UID)) continue;
if (mid != SVAL(r->in.hdr,HDR_MID)) continue;
if (pid != SVAL(r->in.hdr,HDR_PID)) continue;
SMBSRV_CHECK(ntvfs_cancel(r->ntvfs));
/* NOTE: this request does not generate a reply */
talloc_free(req);
return;
}
/* TODO: workout the correct error code,
* until we know how the smb signing works
* for ntcancel replies, don't send an error
*/
/*smbsrv_send_error(req, NT_STATUS_FOOBAR);*/
talloc_free(req);
}
/*
parse the called/calling names from session request
*/
static NTSTATUS parse_session_request(struct smbsrv_request *req)
{
DATA_BLOB blob;
NTSTATUS status;
blob.data = req->in.buffer + 4;
blob.length = ascii_len_n((const char *)blob.data, req->in.size - PTR_DIFF(blob.data, req->in.buffer));
if (blob.length == 0) return NT_STATUS_BAD_NETWORK_NAME;
req->smb_conn->negotiate.called_name = talloc(req->smb_conn, struct nbt_name);
req->smb_conn->negotiate.calling_name = talloc(req->smb_conn, struct nbt_name);
if (req->smb_conn->negotiate.called_name == NULL ||
req->smb_conn->negotiate.calling_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = nbt_name_from_blob(req->smb_conn, &blob,
req->smb_conn->negotiate.called_name);
NT_STATUS_NOT_OK_RETURN(status);
blob.data += blob.length;
blob.length = ascii_len_n((const char *)blob.data, req->in.size - PTR_DIFF(blob.data, req->in.buffer));
if (blob.length == 0) return NT_STATUS_BAD_NETWORK_NAME;
status = nbt_name_from_blob(req->smb_conn, &blob,
req->smb_conn->negotiate.calling_name);
NT_STATUS_NOT_OK_RETURN(status);
req->smb_conn->negotiate.done_nbt_session = true;
return NT_STATUS_OK;
}
/****************************************************************************
Reply to a special message - a SMB packet with non zero NBT message type
****************************************************************************/
void smbsrv_reply_special(struct smbsrv_request *req)
{
uint8_t msg_type;
uint8_t *buf = talloc_zero_array(req, uint8_t, 4);
msg_type = CVAL(req->in.buffer,0);
SIVAL(buf, 0, 0);
switch (msg_type) {
case NBSSrequest: /* session request */
if (req->smb_conn->negotiate.done_nbt_session) {
DEBUG(0,("Warning: ignoring secondary session request\n"));
return;
}
SCVAL(buf,0,0x82);
SCVAL(buf,3,0);
/* we don't check the status - samba always accepts session
requests for any name */
parse_session_request(req);
req->out.buffer = buf;
req->out.size = 4;
smbsrv_send_reply_nosign(req);
return;
case 0x89: /* session keepalive request
(some old clients produce this?) */
SCVAL(buf, 0, NBSSkeepalive);
SCVAL(buf, 3, 0);
req->out.buffer = buf;
req->out.size = 4;
smbsrv_send_reply_nosign(req);
return;
case NBSSkeepalive:
/* session keepalive - swallow it */
talloc_free(req);
return;
}
DEBUG(0,("Unexpected NBT session packet (%d)\n", msg_type));
talloc_free(req);
}