/* Unix SMB/CIFS implementation. Copyright (C) Gregor Beck 2013 Copyright (C) Stefan Metzmacher 2013 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include "system/network.h" #include "lib/util/tevent_ntstatus.h" #include "smb_common.h" #include "smbXcli_base.h" static uint8_t *internal_bytes_push_str(uint8_t *buf, bool ucs2, const char *str, size_t str_len, bool align_odd, size_t *pconverted_size) { TALLOC_CTX *frame = talloc_stackframe(); size_t buflen; char *converted; size_t converted_size; /* * This check prevents us from * (re)alloc buf on a NULL TALLOC_CTX. */ if (buf == NULL) { TALLOC_FREE(frame); return NULL; } buflen = talloc_get_size(buf); if (ucs2 && ((align_odd && (buflen % 2 == 0)) || (!align_odd && (buflen % 2 == 1)))) { /* * We're pushing into an SMB buffer, align odd */ buf = talloc_realloc(NULL, buf, uint8_t, buflen + 1); if (buf == NULL) { TALLOC_FREE(frame); return NULL; } buf[buflen] = '\0'; buflen += 1; } if (!convert_string_talloc(frame, CH_UNIX, ucs2 ? CH_UTF16LE : CH_DOS, str, str_len, &converted, &converted_size)) { TALLOC_FREE(frame); return NULL; } buf = talloc_realloc(NULL, buf, uint8_t, buflen + converted_size); if (buf == NULL) { TALLOC_FREE(frame); return NULL; } memcpy(buf + buflen, converted, converted_size); TALLOC_FREE(converted); if (pconverted_size) { *pconverted_size = converted_size; } TALLOC_FREE(frame); return buf; } static uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2, const char *str, size_t str_len, size_t *pconverted_size) { return internal_bytes_push_str(buf, ucs2, str, str_len, true, pconverted_size); } struct smb1cli_ntcreatex_state { uint16_t vwv[24]; uint16_t fnum; }; static void smb1cli_ntcreatex_done(struct tevent_req *subreq); /** * Send an asynchronous SMB_COM_NT_CREATE_ANDX request. * MS-CIFS 2.2.4.64.1 * @see smb1cli_ntcreatex_recv(), smb1cli_ntcreatex() * * @param[in] mem_ctx The memory context for the result. * @param[in] ev The event context to work on. * @param[in] conn The smb connection. * @param[in] timeout_msec If positiv a timeout for the request. * @param[in] pid The process identifier * @param[in] tcon The smb tree connect. * @param[in] session The smb session. * @param[in] fname The name of the file or directory to be opened or created. * @param[in] CreatFlags * @param[in] RootDirectoryFid The file id of an opened root directory fname is based on. 0 means root of the share. * @param[in] DesiredAccess A field of flags that indicate standard, specific, and generic access rights to be requested. * @param[in] AllocationSize Number of Bytes to allocate if the file is to be created or overwritten. * @param[in] FileAttributes Extended file attributes * @param[in] ShareAccess A field that specifies how the file should be shared with other processes. * @param[in] CreateDisposition A value that represents the action to take if the file already exists or if the file is a new file and does not already exist. * @param[in] CreateOptions A field of flag options to use if creating a file or directory. * @param[in] ImpersonationLevel * @param[in] SecurityFlags * * @return a tevent_req or NULL */ struct tevent_req *smb1cli_ntcreatex_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbXcli_conn *conn, uint32_t timeout_msec, uint32_t pid, struct smbXcli_tcon *tcon, struct smbXcli_session *session, const char *fname, uint32_t CreatFlags, uint32_t RootDirectoryFid, uint32_t DesiredAccess, uint64_t AllocationSize, uint32_t FileAttributes, uint32_t ShareAccess, uint32_t CreateDisposition, uint32_t CreateOptions, uint32_t ImpersonationLevel, uint8_t SecurityFlags) { struct tevent_req *req, *subreq; struct smb1cli_ntcreatex_state *state; uint8_t *bytes; size_t converted_len; req = tevent_req_create(mem_ctx, &state, struct smb1cli_ntcreatex_state); if (req == NULL) { return NULL; } SCVAL(state->vwv+0, 0, 0xFF); SCVAL(state->vwv+0, 1, 0); SSVAL(state->vwv+1, 0, 0); SCVAL(state->vwv+2, 0, 0); SIVAL(state->vwv+3, 1, CreatFlags); SIVAL(state->vwv+5, 1, RootDirectoryFid); SIVAL(state->vwv+7, 1, DesiredAccess); SBVAL(state->vwv+9, 1, AllocationSize); SIVAL(state->vwv+13, 1, FileAttributes); SIVAL(state->vwv+15, 1, ShareAccess); SIVAL(state->vwv+17, 1, CreateDisposition); SIVAL(state->vwv+19, 1, CreateOptions); SIVAL(state->vwv+21, 1, ImpersonationLevel); SCVAL(state->vwv+23, 1, SecurityFlags); bytes = talloc_array(state, uint8_t, 0); bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(conn), fname, strlen(fname)+1, &converted_len); /* sigh. this copes with broken netapp filer behaviour */ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(conn), "", 1, NULL); if (tevent_req_nomem(bytes, req)) { return tevent_req_post(req, ev); } SSVAL(state->vwv+2, 1, converted_len); subreq = smb1cli_req_send(state, ev, conn, SMBntcreateX, 0, 0, /* *_flags */ 0, 0, /* *_flags2 */ timeout_msec, pid, tcon, session, ARRAY_SIZE(state->vwv), state->vwv, talloc_get_size(bytes), bytes); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } tevent_req_set_callback(subreq, smb1cli_ntcreatex_done, req); return req; } static void smb1cli_ntcreatex_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data( subreq, struct tevent_req); struct smb1cli_ntcreatex_state *state = tevent_req_data( req, struct smb1cli_ntcreatex_state); struct iovec *recv_iov = NULL; uint8_t wct; uint16_t *vwv; NTSTATUS status; static const struct smb1cli_req_expected_response expected[] = { { .status = NT_STATUS_OK, .wct = 0x22 }, { /* * This is the broken version see from * [MS-SMB]: * Windows-based SMB servers send 50 (0x32) words in the extended * response although they set the WordCount field to 0x2A. * * And Samba does the same... */ .status = NT_STATUS_OK, .wct = 0x2a }, { .status = NT_STATUS_OK, .wct = 0x32 }, }; status = smb1cli_req_recv(subreq, state, &recv_iov, NULL, /* phdr */ &wct, &vwv, NULL, /* pvwv_offset */ NULL, /* num_bytes */ NULL, /* bytes */ NULL, /* pbytes_offset */ NULL, /* inbuf */ expected, ARRAY_SIZE(expected)); TALLOC_FREE(subreq); if (tevent_req_nterror(req, status)) { return; } state->fnum = SVAL(vwv+2, 1); tevent_req_done(req); } /** * Receive the response to an asynchronous SMB_COM_NT_CREATE_ANDX request. * MS-CIFS 2.2.4.64.2 * * @param[in] req A tevent request created with smb1cli_ntcreatex_send() * @param[out] pfnum The file id of the opened file or directory. * * @return NT_STATUS_OK on succsess */ NTSTATUS smb1cli_ntcreatex_recv(struct tevent_req *req, uint16_t *pfnum) { struct smb1cli_ntcreatex_state *state = tevent_req_data( req, struct smb1cli_ntcreatex_state); NTSTATUS status; if (tevent_req_is_nterror(req, &status)) { tevent_req_received(req); return status; } *pfnum = state->fnum; tevent_req_received(req); return NT_STATUS_OK; } /** * Send a synchronous SMB_COM_NT_CREATE_ANDX request. * MS-CIFS 2.2.4.64 * @see smb1cli_ntcreatex_send() smb1cli_ntcreatex_recv() * * @param[in] conn The smb connection. * @param[in] timeout_msec If positiv a timeout for the request. * @param[in] pid The process identifier * @param[in] tcon The smb tree connect. * @param[in] session The smb session. * @param[in] fname The name of the file or directory to be opened or created. * @param[in] CreatFlags * @param[in] RootDirectoryFid The file id of an opened root directory fname is based on. 0 means root of the share. * @param[in] DesiredAccess A field of flags that indicate standard, specific, and generic access rights to be requested. * @param[in] AllocationSize Number of Bytes to allocate if the file is to be created or overwritten. * @param[in] FileAttributes Extended file attributes * @param[in] ShareAccess A field that specifies how the file should be shared with other processes. * @param[in] CreateDisposition A value that represents the action to take if the file already exists or if the file is a new file and does not already exist. * @param[in] CreateOptions A field of flag options to use if creating a file or directory. * @param[in] ImpersonationLevel * @param[in] SecurityFlags * @param[out] pfnum The file id representing the file or directory created or opened. * * @return NT_STATUS_OK on succsess */ NTSTATUS smb1cli_ntcreatex(struct smbXcli_conn *conn, uint32_t timeout_msec, uint32_t pid, struct smbXcli_tcon *tcon, struct smbXcli_session *session, const char *fname, uint32_t CreatFlags, uint32_t RootDirectoryFid, uint32_t DesiredAccess, uint64_t AllocationSize, uint32_t FileAttributes, uint32_t ShareAccess, uint32_t CreateDisposition, uint32_t CreateOptions, uint32_t ImpersonationLevel, uint8_t SecurityFlags, uint16_t *pfnum) { TALLOC_CTX *frame = NULL; struct tevent_context *ev; struct tevent_req *req; NTSTATUS status = NT_STATUS_OK; frame = talloc_stackframe(); if (smbXcli_conn_has_async_calls(conn)) { /* * Can't use sync call while an async call is in flight */ status = NT_STATUS_INVALID_PARAMETER; goto fail; } ev = samba_tevent_context_init(frame); if (ev == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; } req = smb1cli_ntcreatex_send(frame, ev, conn, timeout_msec, pid, tcon, session, fname, CreatFlags, RootDirectoryFid, DesiredAccess, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, ImpersonationLevel, SecurityFlags); if (req == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; } if (!tevent_req_poll_ntstatus(req, ev, &status)) { goto fail; } status = smb1cli_ntcreatex_recv(req, pfnum); fail: TALLOC_FREE(frame); return status; }