mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
6f91cce14e
read_symlink_reparse() does this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
568 lines
13 KiB
C
568 lines
13 KiB
C
/*
|
|
* Unix SMB/CIFS implementation.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "replace.h"
|
|
#include "libcli/smb/reparse.h"
|
|
#include "lib/util/iov_buf.h"
|
|
#include "libcli/smb/smb_constants.h"
|
|
#include "libcli/util/error.h"
|
|
#include "lib/util/debug.h"
|
|
#include "lib/util/bytearray.h"
|
|
#include "lib/util/talloc_stack.h"
|
|
#include "lib/util/charset/charset.h"
|
|
#include "smb_util.h"
|
|
|
|
static NTSTATUS reparse_buffer_check(const uint8_t *in_data,
|
|
size_t in_len,
|
|
uint32_t *reparse_tag,
|
|
const uint8_t **_reparse_data,
|
|
size_t *_reparse_data_length)
|
|
{
|
|
uint16_t reparse_data_length;
|
|
|
|
if (in_len == 0) {
|
|
DBG_DEBUG("in_len=0\n");
|
|
return NT_STATUS_INVALID_BUFFER_SIZE;
|
|
}
|
|
if (in_len < 8) {
|
|
DBG_DEBUG("in_len=%zu\n", in_len);
|
|
return NT_STATUS_IO_REPARSE_DATA_INVALID;
|
|
}
|
|
|
|
reparse_data_length = PULL_LE_U16(in_data, 4);
|
|
|
|
if (reparse_data_length > (in_len - 8)) {
|
|
DBG_DEBUG("in_len=%zu, reparse_data_length=%" PRIu16 "\n",
|
|
in_len,
|
|
reparse_data_length);
|
|
return NT_STATUS_IO_REPARSE_DATA_INVALID;
|
|
}
|
|
|
|
*reparse_tag = PULL_LE_U32(in_data, 0);
|
|
*_reparse_data = in_data + 8;
|
|
*_reparse_data_length = reparse_data_length;
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
static int nfs_reparse_buffer_parse(TALLOC_CTX *mem_ctx,
|
|
struct nfs_reparse_data_buffer *dst,
|
|
const uint8_t *src,
|
|
size_t srclen)
|
|
{
|
|
uint64_t type;
|
|
|
|
if (srclen < 8) {
|
|
DBG_DEBUG("srclen=%zu too short\n", srclen);
|
|
return EINVAL;
|
|
}
|
|
|
|
type = PULL_LE_U64(src, 0);
|
|
|
|
switch (type) {
|
|
case NFS_SPECFILE_CHR:
|
|
FALL_THROUGH;
|
|
case NFS_SPECFILE_BLK:
|
|
if (srclen < 16) {
|
|
DBG_DEBUG("srclen %zu too short for type %" PRIx64 "\n",
|
|
srclen,
|
|
type);
|
|
return EINVAL;
|
|
}
|
|
dst->data.dev.major = PULL_LE_U32(src, 8);
|
|
dst->data.dev.minor = PULL_LE_U32(src, 12);
|
|
break;
|
|
case NFS_SPECFILE_LNK: {
|
|
bool ok;
|
|
|
|
ok = convert_string_talloc(mem_ctx,
|
|
CH_UTF16,
|
|
CH_UNIX,
|
|
src + 8,
|
|
srclen - 8,
|
|
&dst->data.lnk_target,
|
|
NULL);
|
|
if (!ok) {
|
|
return errno;
|
|
}
|
|
break;
|
|
}
|
|
case NFS_SPECFILE_FIFO:
|
|
break; /* empty, no data */
|
|
case NFS_SPECFILE_SOCK:
|
|
break; /* empty, no data */
|
|
default:
|
|
DBG_DEBUG("Unknown NFS reparse type %" PRIx64 "\n", type);
|
|
return EINVAL;
|
|
}
|
|
|
|
dst->type = type;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int symlink_reparse_buffer_parse(TALLOC_CTX *mem_ctx,
|
|
struct symlink_reparse_struct *dst,
|
|
const uint8_t *src,
|
|
size_t srclen)
|
|
{
|
|
uint16_t reparse_data_length;
|
|
uint16_t substitute_name_offset, substitute_name_length;
|
|
uint16_t print_name_offset, print_name_length;
|
|
bool ok;
|
|
|
|
if (srclen < 20) {
|
|
DBG_DEBUG("srclen = %zu, expected >= 20\n", srclen);
|
|
return EINVAL;
|
|
}
|
|
if (PULL_LE_U32(src, 0) != IO_REPARSE_TAG_SYMLINK) {
|
|
DBG_DEBUG("Got ReparseTag %8.8x, expected %8.8x\n",
|
|
PULL_LE_U32(src, 0),
|
|
IO_REPARSE_TAG_SYMLINK);
|
|
return EINVAL;
|
|
}
|
|
|
|
reparse_data_length = PULL_LE_U16(src, 4);
|
|
substitute_name_offset = PULL_LE_U16(src, 8);
|
|
substitute_name_length = PULL_LE_U16(src, 10);
|
|
print_name_offset = PULL_LE_U16(src, 12);
|
|
print_name_length = PULL_LE_U16(src, 14);
|
|
|
|
if (reparse_data_length < 12) {
|
|
DBG_DEBUG("reparse_data_length = %"PRIu16", expected >= 12\n",
|
|
reparse_data_length);
|
|
return EINVAL;
|
|
}
|
|
if (smb_buffer_oob(srclen - 8, reparse_data_length, 0)) {
|
|
DBG_DEBUG("reparse_data_length (%"PRIu16") too large for "
|
|
"src_len (%zu)\n",
|
|
reparse_data_length,
|
|
srclen);
|
|
return EINVAL;
|
|
}
|
|
if (smb_buffer_oob(reparse_data_length - 12, substitute_name_offset,
|
|
substitute_name_length)) {
|
|
DBG_DEBUG("substitute_name (%"PRIu16"/%"PRIu16") does not fit "
|
|
"in reparse_data_length (%"PRIu16")\n",
|
|
substitute_name_offset,
|
|
substitute_name_length,
|
|
reparse_data_length - 12);
|
|
return EINVAL;
|
|
}
|
|
if (smb_buffer_oob(reparse_data_length - 12, print_name_offset,
|
|
print_name_length)) {
|
|
DBG_DEBUG("print_name (%"PRIu16"/%"PRIu16") does not fit in "
|
|
"reparse_data_length (%"PRIu16")\n",
|
|
print_name_offset,
|
|
print_name_length,
|
|
reparse_data_length - 12);
|
|
return EINVAL;
|
|
}
|
|
|
|
*dst = (struct symlink_reparse_struct) {
|
|
.unparsed_path_length = PULL_LE_U16(src, 6),
|
|
.flags = PULL_LE_U32(src, 16),
|
|
};
|
|
|
|
ok = convert_string_talloc(mem_ctx,
|
|
CH_UTF16,
|
|
CH_UNIX,
|
|
src + 20 + substitute_name_offset,
|
|
substitute_name_length,
|
|
&dst->substitute_name,
|
|
NULL);
|
|
if (!ok) {
|
|
int ret = errno;
|
|
DBG_DEBUG("convert_string_talloc for substitute_name "
|
|
"failed\n");
|
|
return ret;
|
|
}
|
|
|
|
ok = convert_string_talloc(mem_ctx,
|
|
CH_UTF16,
|
|
CH_UNIX,
|
|
src + 20 + print_name_offset,
|
|
print_name_length,
|
|
&dst->print_name,
|
|
NULL);
|
|
if (!ok) {
|
|
int ret = errno;
|
|
DBG_DEBUG("convert_string_talloc for print_name failed\n");
|
|
TALLOC_FREE(dst->substitute_name);
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
NTSTATUS reparse_data_buffer_parse(TALLOC_CTX *mem_ctx,
|
|
struct reparse_data_buffer *dst,
|
|
const uint8_t *buf,
|
|
size_t buflen)
|
|
{
|
|
const uint8_t *reparse_data;
|
|
size_t reparse_data_length;
|
|
NTSTATUS status;
|
|
int ret;
|
|
|
|
status = reparse_buffer_check(buf,
|
|
buflen,
|
|
&dst->tag,
|
|
&reparse_data,
|
|
&reparse_data_length);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
return status;
|
|
}
|
|
|
|
switch (dst->tag) {
|
|
case IO_REPARSE_TAG_SYMLINK:
|
|
ret = symlink_reparse_buffer_parse(mem_ctx,
|
|
&dst->parsed.lnk,
|
|
buf,
|
|
buflen);
|
|
if (ret != 0) {
|
|
return map_nt_error_from_unix_common(ret);
|
|
}
|
|
break;
|
|
case IO_REPARSE_TAG_NFS:
|
|
ret = nfs_reparse_buffer_parse(mem_ctx,
|
|
&dst->parsed.nfs,
|
|
reparse_data,
|
|
reparse_data_length);
|
|
if (ret != 0) {
|
|
return map_nt_error_from_unix_common(ret);
|
|
}
|
|
break;
|
|
default:
|
|
dst->parsed.raw.data = talloc_memdup(mem_ctx,
|
|
reparse_data,
|
|
reparse_data_length);
|
|
if (dst->parsed.raw.data == NULL) {
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
dst->parsed.raw.length = reparse_data_length;
|
|
dst->parsed.raw.reserved = PULL_LE_U16(buf, 6);
|
|
break;
|
|
}
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
char *reparse_data_buffer_str(TALLOC_CTX *mem_ctx,
|
|
const struct reparse_data_buffer *dst)
|
|
{
|
|
char *s = talloc_strdup(mem_ctx, "");
|
|
|
|
switch (dst->tag) {
|
|
case IO_REPARSE_TAG_SYMLINK: {
|
|
const struct symlink_reparse_struct *lnk = &dst->parsed.lnk;
|
|
talloc_asprintf_addbuf(&s,
|
|
"0x%" PRIx32
|
|
" (IO_REPARSE_TAG_SYMLINK)\n",
|
|
dst->tag);
|
|
talloc_asprintf_addbuf(&s,
|
|
"unparsed=%" PRIu16 "\n",
|
|
lnk->unparsed_path_length);
|
|
talloc_asprintf_addbuf(&s,
|
|
"substitute_name=%s\n",
|
|
lnk->substitute_name);
|
|
talloc_asprintf_addbuf(&s, "print_name=%s\n", lnk->print_name);
|
|
talloc_asprintf_addbuf(&s, "flags=%" PRIu32 "\n", lnk->flags);
|
|
break;
|
|
}
|
|
case IO_REPARSE_TAG_NFS: {
|
|
const struct nfs_reparse_data_buffer *nfs = &dst->parsed.nfs;
|
|
|
|
talloc_asprintf_addbuf(&s,
|
|
"0x%" PRIx32 " (IO_REPARSE_TAG_NFS)\n",
|
|
dst->tag);
|
|
|
|
switch (nfs->type) {
|
|
case NFS_SPECFILE_FIFO:
|
|
talloc_asprintf_addbuf(&s,
|
|
" 0x%" PRIx64
|
|
" (NFS_SPECFILE_FIFO)\n",
|
|
nfs->type);
|
|
break;
|
|
case NFS_SPECFILE_SOCK:
|
|
talloc_asprintf_addbuf(&s,
|
|
" 0x%" PRIx64
|
|
" (NFS_SPECFILE_SOCK)\n",
|
|
nfs->type);
|
|
break;
|
|
case NFS_SPECFILE_LNK:
|
|
talloc_asprintf_addbuf(&s,
|
|
" 0x%" PRIx64
|
|
" (NFS_SPECFILE_LNK)\n",
|
|
nfs->type);
|
|
talloc_asprintf_addbuf(&s,
|
|
" -> %s\n ",
|
|
nfs->data.lnk_target);
|
|
break;
|
|
case NFS_SPECFILE_BLK:
|
|
talloc_asprintf_addbuf(&s,
|
|
" 0x%" PRIx64
|
|
" (NFS_SPECFILE_BLK)\n",
|
|
nfs->type);
|
|
talloc_asprintf_addbuf(&s,
|
|
" %" PRIu32 "/%" PRIu32 "\n",
|
|
nfs->data.dev.major,
|
|
nfs->data.dev.minor);
|
|
break;
|
|
case NFS_SPECFILE_CHR:
|
|
talloc_asprintf_addbuf(&s,
|
|
" 0x%" PRIx64
|
|
" (NFS_SPECFILE_CHR)\n",
|
|
nfs->type);
|
|
talloc_asprintf_addbuf(&s,
|
|
" %" PRIu32 "/%" PRIu32 "\n",
|
|
nfs->data.dev.major,
|
|
nfs->data.dev.minor);
|
|
break;
|
|
default:
|
|
talloc_asprintf_addbuf(&s,
|
|
" 0x%" PRIu64
|
|
" (Unknown type)\n",
|
|
nfs->type);
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
default:
|
|
talloc_asprintf_addbuf(&s, "%" PRIu32 "\n", dst->tag);
|
|
break;
|
|
}
|
|
return s;
|
|
}
|
|
|
|
static ssize_t reparse_buffer_marshall(uint32_t reparse_tag,
|
|
uint16_t reserved,
|
|
const struct iovec *iov,
|
|
int iovlen,
|
|
uint8_t *buf,
|
|
size_t buflen)
|
|
{
|
|
ssize_t reparse_data_length = iov_buflen(iov, iovlen);
|
|
size_t needed;
|
|
|
|
if (reparse_data_length == -1) {
|
|
return -1;
|
|
}
|
|
if (reparse_data_length > UINT16_MAX) {
|
|
return -1;
|
|
}
|
|
|
|
needed = reparse_data_length + 8;
|
|
if (needed < reparse_data_length) {
|
|
return -1;
|
|
}
|
|
|
|
if (buflen >= needed) {
|
|
PUSH_LE_U32(buf, 0, reparse_tag);
|
|
PUSH_LE_U16(buf, 4, reparse_data_length);
|
|
PUSH_LE_U16(buf, 6, reserved);
|
|
iov_buf(iov, iovlen, buf + 8, buflen - 8);
|
|
}
|
|
|
|
return needed;
|
|
}
|
|
|
|
static ssize_t
|
|
reparse_data_buffer_marshall_syml(const struct symlink_reparse_struct *src,
|
|
uint8_t *buf,
|
|
size_t buflen)
|
|
{
|
|
uint8_t sbuf[12];
|
|
struct iovec iov[3];
|
|
const char *print_name = src->print_name;
|
|
uint8_t *subst_utf16 = NULL;
|
|
uint8_t *print_utf16 = NULL;
|
|
size_t subst_len = 0;
|
|
size_t print_len = 0;
|
|
ssize_t ret = -1;
|
|
bool ok;
|
|
|
|
if (src->substitute_name == NULL) {
|
|
return -1;
|
|
}
|
|
if (src->print_name == NULL) {
|
|
print_name = src->substitute_name;
|
|
}
|
|
|
|
iov[0] = (struct iovec){
|
|
.iov_base = sbuf,
|
|
.iov_len = sizeof(sbuf),
|
|
};
|
|
|
|
ok = convert_string_talloc(talloc_tos(),
|
|
CH_UNIX,
|
|
CH_UTF16,
|
|
src->substitute_name,
|
|
strlen(src->substitute_name),
|
|
&subst_utf16,
|
|
&subst_len);
|
|
if (!ok) {
|
|
goto fail;
|
|
}
|
|
if (subst_len > UINT16_MAX) {
|
|
goto fail;
|
|
}
|
|
iov[1] = (struct iovec){
|
|
.iov_base = subst_utf16,
|
|
.iov_len = subst_len,
|
|
};
|
|
|
|
ok = convert_string_talloc(talloc_tos(),
|
|
CH_UNIX,
|
|
CH_UTF16,
|
|
print_name,
|
|
strlen(print_name),
|
|
&print_utf16,
|
|
&print_len);
|
|
if (!ok) {
|
|
goto fail;
|
|
}
|
|
if (print_len > UINT16_MAX) {
|
|
goto fail;
|
|
}
|
|
iov[2] = (struct iovec){
|
|
.iov_base = print_utf16,
|
|
.iov_len = print_len,
|
|
};
|
|
|
|
PUSH_LE_U16(sbuf, 0, 0); /* SubstituteNameOffset */
|
|
PUSH_LE_U16(sbuf, 2, subst_len); /* SubstituteNameLength */
|
|
PUSH_LE_U16(sbuf, 4, subst_len); /* PrintNameOffset */
|
|
PUSH_LE_U16(sbuf, 6, print_len); /* PrintNameLength */
|
|
PUSH_LE_U32(sbuf, 8, src->flags); /* Flags */
|
|
|
|
ret = reparse_buffer_marshall(IO_REPARSE_TAG_SYMLINK,
|
|
src->unparsed_path_length,
|
|
iov,
|
|
ARRAY_SIZE(iov),
|
|
buf,
|
|
buflen);
|
|
|
|
fail:
|
|
TALLOC_FREE(subst_utf16);
|
|
TALLOC_FREE(print_utf16);
|
|
return ret;
|
|
}
|
|
|
|
static ssize_t
|
|
reparse_data_buffer_marshall_nfs(const struct nfs_reparse_data_buffer *src,
|
|
uint8_t *buf,
|
|
size_t buflen)
|
|
{
|
|
uint8_t typebuf[8];
|
|
uint8_t devbuf[8];
|
|
struct iovec iov[2] = {};
|
|
size_t iovlen;
|
|
uint8_t *lnk_utf16 = NULL;
|
|
size_t lnk_len = 0;
|
|
ssize_t ret;
|
|
|
|
PUSH_LE_U64(typebuf, 0, src->type);
|
|
iov[0] = (struct iovec){
|
|
.iov_base = typebuf,
|
|
.iov_len = sizeof(typebuf),
|
|
};
|
|
iovlen = 1;
|
|
|
|
switch (src->type) {
|
|
case NFS_SPECFILE_LNK: {
|
|
bool ok = convert_string_talloc(talloc_tos(),
|
|
CH_UNIX,
|
|
CH_UTF16,
|
|
src->data.lnk_target,
|
|
strlen(src->data.lnk_target),
|
|
&lnk_utf16,
|
|
&lnk_len);
|
|
if (!ok) {
|
|
return -1;
|
|
}
|
|
iov[1] = (struct iovec){
|
|
.iov_base = lnk_utf16,
|
|
.iov_len = lnk_len,
|
|
};
|
|
iovlen = 2;
|
|
break;
|
|
}
|
|
case NFS_SPECFILE_CHR:
|
|
FALL_THROUGH;
|
|
case NFS_SPECFILE_BLK:
|
|
PUSH_LE_U32(devbuf, 0, src->data.dev.major);
|
|
PUSH_LE_U32(devbuf, 4, src->data.dev.minor);
|
|
iov[1] = (struct iovec){
|
|
.iov_base = devbuf,
|
|
.iov_len = sizeof(devbuf),
|
|
};
|
|
iovlen = 2;
|
|
break;
|
|
default:
|
|
break;
|
|
/* Nothing to do for NFS_SPECFILE_FIFO and _SOCK */
|
|
}
|
|
|
|
ret = reparse_buffer_marshall(IO_REPARSE_TAG_NFS,
|
|
0,
|
|
iov,
|
|
iovlen,
|
|
buf,
|
|
buflen);
|
|
TALLOC_FREE(lnk_utf16);
|
|
return ret;
|
|
}
|
|
|
|
ssize_t reparse_data_buffer_marshall(const struct reparse_data_buffer *src,
|
|
uint8_t *buf,
|
|
size_t buflen)
|
|
{
|
|
ssize_t ret = -1;
|
|
|
|
switch (src->tag) {
|
|
case IO_REPARSE_TAG_SYMLINK:
|
|
|
|
ret = reparse_data_buffer_marshall_syml(&src->parsed.lnk,
|
|
buf,
|
|
buflen);
|
|
break;
|
|
|
|
case IO_REPARSE_TAG_NFS:
|
|
|
|
ret = reparse_data_buffer_marshall_nfs(&src->parsed.nfs,
|
|
buf,
|
|
buflen);
|
|
break;
|
|
|
|
default: {
|
|
struct iovec iov = {
|
|
.iov_base = src->parsed.raw.data,
|
|
.iov_len = src->parsed.raw.length,
|
|
};
|
|
ret = reparse_buffer_marshall(src->tag,
|
|
src->parsed.raw.reserved,
|
|
&iov,
|
|
1,
|
|
buf,
|
|
buflen);
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|