r16918: the SMB2 Ioctls are sometimes called with a wildcard handle

the operation doesn't need a valid file handle in that case

metze
(This used to be commit d41a83d559)

source4/libcli/raw/interfaces.h

@@ -1949,7 +1949,8 @@ union smb_lpq {
 enum smb_ioctl_level {
 	RAW_IOCTL_IOCTL,
 	RAW_IOCTL_NTIOCTL,
-	RAW_IOCTL_SMB2
+	RAW_IOCTL_SMB2,
+	RAW_IOCTL_SMB2_NO_HANDLE
 };
 
 /*

source4/libcli/raw/rawioctl.c

@@ -134,6 +134,7 @@ struct smbcli_request *smb_raw_ioctl_send(struct smbcli_tree *tree, union smb_io
 		break;
 
 	case RAW_IOCTL_SMB2:
+	case RAW_IOCTL_SMB2_NO_HANDLE:
 		return NULL;
 	}
 
@@ -154,6 +155,7 @@ NTSTATUS smb_raw_ioctl_recv(struct smbcli_request *req,
 		return smb_raw_ntioctl_recv(req, mem_ctx, parms);
 
 	case RAW_IOCTL_SMB2:
+	case RAW_IOCTL_SMB2_NO_HANDLE:
 		break;
 	}
 	return NT_STATUS_INVALID_LEVEL;

source4/ntvfs/ipc/vfs_ipc.c

@@ -843,6 +843,9 @@ static NTSTATUS ipc_ioctl(struct ntvfs_module_context *ntvfs,
 	case RAW_IOCTL_SMB2:
 		return ipc_ioctl_smb2(ntvfs, req, io);
 
+	case RAW_IOCTL_SMB2_NO_HANDLE:
+		return NT_STATUS_FS_DRIVER_REQUIRED;
+
 	default:
 		return NT_STATUS_ACCESS_DENIED;
 	}

source4/ntvfs/posix/pvfs_ioctl.c

@@ -73,6 +73,7 @@ NTSTATUS pvfs_ioctl(struct ntvfs_module_context *ntvfs,
 		return pvfs_ntioctl(ntvfs, req, io);
 
 	case RAW_IOCTL_SMB2:
+	case RAW_IOCTL_SMB2_NO_HANDLE:
 		return NT_STATUS_FS_DRIVER_REQUIRED;
 	}
 

source4/smb_server/smb2/fileio.c

@@ -239,7 +239,14 @@ static void smb2srv_ioctl_send(struct ntvfs_request *ntvfs)
 
 	SSVAL(req->out.body,	0x02,	io->smb2.out._pad);
 	SIVAL(req->out.body,	0x04,	io->smb2.out.function);
+	if (io->smb2.level == RAW_IOCTL_SMB2_NO_HANDLE) {
+		struct smb2_handle h;
+		h.data[0] = UINT64_MAX;
+		h.data[1] = UINT64_MAX;
+		smb2_push_handle(req->out.body + 0x08, &h);
+	} else {
 		smb2srv_push_handle(req->out.body, 0x08,io->smb2.in.file.ntvfs);
+	}
 	SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x18, io->smb2.out.in));
 	SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x20, io->smb2.out.out));
 	SIVAL(req->out.body,	0x28,	io->smb2.out.unknown2);
@@ -251,23 +258,31 @@ static void smb2srv_ioctl_send(struct ntvfs_request *ntvfs)
 void smb2srv_ioctl_recv(struct smb2srv_request *req)
 {
 	union smb_ioctl *io;
+	struct smb2_handle h;
 
 	SMB2SRV_CHECK_BODY_SIZE(req, 0x38, True);
 	SMB2SRV_TALLOC_IO_PTR(io, union smb_ioctl);
 	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_ioctl_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
 
 	/* TODO: avoid the memcpy */
-	io->smb2.level			= RAW_IOCTL_SMB2;
 	io->smb2.in._pad		= SVAL(req->in.body, 0x02);
 	io->smb2.in.function		= IVAL(req->in.body, 0x04);
-	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
+	/* file handle ... */
 	SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x18, &io->smb2.in.out));
 	io->smb2.in.unknown2		= IVAL(req->in.body, 0x20);
 	SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x24, &io->smb2.in.in));
 	io->smb2.in.max_response_size	= IVAL(req->in.body, 0x2C);
 	io->smb2.in.flags		= BVAL(req->in.body, 0x30);
 
+	smb2_pull_handle(req->in.body + 0x08, &h);
+	if (h.data[0] == UINT64_MAX && h.data[1] == UINT64_MAX) {
+		io->smb2.level		= RAW_IOCTL_SMB2_NO_HANDLE;
+	} else {
+		io->smb2.level		= RAW_IOCTL_SMB2;
+		io->smb2.in.file.ntvfs	= smb2srv_pull_handle(req, req->in.body, 0x08);
 		SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+	}
+
 	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_ioctl(req->ntvfs, io));
 }