1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/smbd/nttrans.c
Uri Simchoni 4bfd27b077 smbd: remove coupling between get_ea_names_from_file() and "ea support"
The "ea support" configuration variable determines whether smbd
should attempt to manipulate extended attributes via SMB protocol.
It does not pertain to the underlying storage and its support for
extended attributes.

get_ea_names_from_file() is being used also by vfs_streams_xattr -
a module which has nothing to do with client-visible extended
attributes. As such, vfs_streams_xattr should be able to operate
irrespective of the value of "ea support".

This patch moves the check for ea support to the callers.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-02 22:30:23 +01:00

3124 lines
80 KiB
C

/*
Unix SMB/CIFS implementation.
SMB NT transaction handling
Copyright (C) Jeremy Allison 1994-2007
Copyright (C) Stefan (metze) Metzmacher 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "system/filesys.h"
#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "fake_file.h"
#include "../libcli/security/security.h"
#include "../librpc/gen_ndr/ndr_security.h"
#include "passdb/lookup_sid.h"
#include "auth.h"
#include "smbprofile.h"
#include "libsmb/libsmb.h"
#include "lib/util_ea.h"
extern const struct generic_mapping file_generic_mapping;
static char *nttrans_realloc(char **ptr, size_t size)
{
if (ptr==NULL) {
smb_panic("nttrans_realloc() called with NULL ptr");
}
*ptr = (char *)SMB_REALLOC(*ptr, size);
if(*ptr == NULL) {
return NULL;
}
memset(*ptr,'\0',size);
return *ptr;
}
/****************************************************************************
Send the required number of replies back.
We assume all fields other than the data fields are
set correctly for the type of call.
HACK ! Always assumes smb_setup field is zero.
****************************************************************************/
static void send_nt_replies(connection_struct *conn,
struct smb_request *req, NTSTATUS nt_error,
char *params, int paramsize,
char *pdata, int datasize)
{
int data_to_send = datasize;
int params_to_send = paramsize;
int useable_space;
char *pp = params;
char *pd = pdata;
int params_sent_thistime, data_sent_thistime, total_sent_thistime;
int alignment_offset = 1;
int data_alignment_offset = 0;
struct smbXsrv_connection *xconn = req->xconn;
int max_send = xconn->smb1.sessions.max_send;
/*
* If there genuinely are no parameters or data to send just send
* the empty packet.
*/
if(params_to_send == 0 && data_to_send == 0) {
reply_outbuf(req, 18, 0);
if (NT_STATUS_V(nt_error)) {
error_packet_set((char *)req->outbuf,
0, 0, nt_error,
__LINE__,__FILE__);
}
show_msg((char *)req->outbuf);
if (!srv_send_smb(xconn,
(char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn),
&req->pcd)) {
exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
}
TALLOC_FREE(req->outbuf);
return;
}
/*
* When sending params and data ensure that both are nicely aligned.
* Only do this alignment when there is also data to send - else
* can cause NT redirector problems.
*/
if (((params_to_send % 4) != 0) && (data_to_send != 0)) {
data_alignment_offset = 4 - (params_to_send % 4);
}
/*
* Space is bufsize minus Netbios over TCP header minus SMB header.
* The alignment_offset is to align the param bytes on a four byte
* boundary (2 bytes for data len, one byte pad).
* NT needs this to work correctly.
*/
useable_space = max_send - (smb_size
+ 2 * 18 /* wct */
+ alignment_offset
+ data_alignment_offset);
if (useable_space < 0) {
char *msg = talloc_asprintf(
talloc_tos(),
"send_nt_replies failed sanity useable_space = %d!!!",
useable_space);
DEBUG(0, ("%s\n", msg));
exit_server_cleanly(msg);
}
while (params_to_send || data_to_send) {
/*
* Calculate whether we will totally or partially fill this packet.
*/
total_sent_thistime = params_to_send + data_to_send;
/*
* We can never send more than useable_space.
*/
total_sent_thistime = MIN(total_sent_thistime, useable_space);
reply_outbuf(req, 18,
total_sent_thistime + alignment_offset
+ data_alignment_offset);
/*
* Set total params and data to be sent.
*/
SIVAL(req->outbuf,smb_ntr_TotalParameterCount,paramsize);
SIVAL(req->outbuf,smb_ntr_TotalDataCount,datasize);
/*
* Calculate how many parameters and data we can fit into
* this packet. Parameters get precedence.
*/
params_sent_thistime = MIN(params_to_send,useable_space);
data_sent_thistime = useable_space - params_sent_thistime;
data_sent_thistime = MIN(data_sent_thistime,data_to_send);
SIVAL(req->outbuf, smb_ntr_ParameterCount,
params_sent_thistime);
if(params_sent_thistime == 0) {
SIVAL(req->outbuf,smb_ntr_ParameterOffset,0);
SIVAL(req->outbuf,smb_ntr_ParameterDisplacement,0);
} else {
/*
* smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
* parameter bytes, however the first 4 bytes of outbuf are
* the Netbios over TCP header. Thus use smb_base() to subtract
* them from the calculation.
*/
SIVAL(req->outbuf,smb_ntr_ParameterOffset,
((smb_buf(req->outbuf)+alignment_offset)
- smb_base(req->outbuf)));
/*
* Absolute displacement of param bytes sent in this packet.
*/
SIVAL(req->outbuf, smb_ntr_ParameterDisplacement,
pp - params);
}
/*
* Deal with the data portion.
*/
SIVAL(req->outbuf, smb_ntr_DataCount, data_sent_thistime);
if(data_sent_thistime == 0) {
SIVAL(req->outbuf,smb_ntr_DataOffset,0);
SIVAL(req->outbuf,smb_ntr_DataDisplacement, 0);
} else {
/*
* The offset of the data bytes is the offset of the
* parameter bytes plus the number of parameters being sent this time.
*/
SIVAL(req->outbuf, smb_ntr_DataOffset,
((smb_buf(req->outbuf)+alignment_offset) -
smb_base(req->outbuf))
+ params_sent_thistime + data_alignment_offset);
SIVAL(req->outbuf,smb_ntr_DataDisplacement, pd - pdata);
}
/*
* Copy the param bytes into the packet.
*/
if(params_sent_thistime) {
if (alignment_offset != 0) {
memset(smb_buf(req->outbuf), 0,
alignment_offset);
}
memcpy((smb_buf(req->outbuf)+alignment_offset), pp,
params_sent_thistime);
}
/*
* Copy in the data bytes
*/
if(data_sent_thistime) {
if (data_alignment_offset != 0) {
memset((smb_buf(req->outbuf)+alignment_offset+
params_sent_thistime), 0,
data_alignment_offset);
}
memcpy(smb_buf(req->outbuf)+alignment_offset
+params_sent_thistime+data_alignment_offset,
pd,data_sent_thistime);
}
DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
params_sent_thistime, data_sent_thistime, useable_space));
DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
params_to_send, data_to_send, paramsize, datasize));
if (NT_STATUS_V(nt_error)) {
error_packet_set((char *)req->outbuf,
0, 0, nt_error,
__LINE__,__FILE__);
}
/* Send the packet */
show_msg((char *)req->outbuf);
if (!srv_send_smb(xconn,
(char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn),
&req->pcd)) {
exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
}
TALLOC_FREE(req->outbuf);
pp += params_sent_thistime;
pd += data_sent_thistime;
params_to_send -= params_sent_thistime;
data_to_send -= data_sent_thistime;
/*
* Sanity check
*/
if(params_to_send < 0 || data_to_send < 0) {
DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
params_to_send, data_to_send));
exit_server_cleanly("send_nt_replies: internal error");
}
}
}
/****************************************************************************
Reply to an NT create and X call on a pipe
****************************************************************************/
static void nt_open_pipe(char *fname, connection_struct *conn,
struct smb_request *req, uint16_t *ppnum)
{
files_struct *fsp;
NTSTATUS status;
DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
/* Strip \\ off the name if present. */
while (fname[0] == '\\') {
fname++;
}
status = open_np_file(req, fname, &fsp);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
ERRDOS, ERRbadpipe);
return;
}
reply_nterror(req, status);
return;
}
*ppnum = fsp->fnum;
return;
}
/****************************************************************************
Reply to an NT create and X call for pipes.
****************************************************************************/
static void do_ntcreate_pipe_open(connection_struct *conn,
struct smb_request *req)
{
char *fname = NULL;
uint16_t pnum = FNUM_FIELD_INVALID;
char *p = NULL;
uint32_t flags = IVAL(req->vwv+3, 1);
TALLOC_CTX *ctx = talloc_tos();
srvstr_pull_req_talloc(ctx, req, &fname, req->buf, STR_TERMINATE);
if (!fname) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
ERRDOS, ERRbadpipe);
return;
}
nt_open_pipe(fname, conn, req, &pnum);
if (req->outbuf) {
/* error reply */
return;
}
/*
* Deal with pipe return.
*/
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* This is very strange. We
* return 50 words, but only set
* the wcnt to 42 ? It's definitely
* what happens on the wire....
*/
reply_outbuf(req, 50, 0);
SCVAL(req->outbuf,smb_wct,42);
} else {
reply_outbuf(req, 34, 0);
}
SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
p = (char *)req->outbuf + smb_vwv2;
p++;
SSVAL(p,0,pnum);
p += 2;
SIVAL(p,0,FILE_WAS_OPENED);
p += 4;
p += 32;
SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
p += 20;
/* File type. */
SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
/* Device state. */
SSVAL(p,2, 0x5FF); /* ? */
p += 4;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
p += 25;
SIVAL(p,0,FILE_GENERIC_ALL);
/*
* For pipes W2K3 seems to return
* 0x12019B next.
* This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
*/
SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
}
DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
}
struct case_semantics_state {
connection_struct *conn;
bool case_sensitive;
bool case_preserve;
bool short_case_preserve;
};
/****************************************************************************
Restore case semantics.
****************************************************************************/
static int restore_case_semantics(struct case_semantics_state *state)
{
state->conn->case_sensitive = state->case_sensitive;
state->conn->case_preserve = state->case_preserve;
state->conn->short_case_preserve = state->short_case_preserve;
return 0;
}
/****************************************************************************
Save case semantics.
****************************************************************************/
static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
connection_struct *conn)
{
struct case_semantics_state *result;
if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
return NULL;
}
result->conn = conn;
result->case_sensitive = conn->case_sensitive;
result->case_preserve = conn->case_preserve;
result->short_case_preserve = conn->short_case_preserve;
/* Set to POSIX. */
conn->case_sensitive = True;
conn->case_preserve = True;
conn->short_case_preserve = True;
talloc_set_destructor(result, restore_case_semantics);
return result;
}
/****************************************************************************
Reply to an NT create and X call.
****************************************************************************/
void reply_ntcreate_and_X(struct smb_request *req)
{
connection_struct *conn = req->conn;
struct smb_filename *smb_fname = NULL;
char *fname = NULL;
uint32_t flags;
uint32_t access_mask;
uint32_t file_attributes;
uint32_t share_access;
uint32_t create_disposition;
uint32_t create_options;
uint16_t root_dir_fid;
uint64_t allocation_size;
/* Breakout the oplock request bits so we can set the
reply bits separately. */
uint32_t fattr=0;
off_t file_len = 0;
int info = 0;
files_struct *fsp = NULL;
char *p = NULL;
struct timespec create_timespec;
struct timespec c_timespec;
struct timespec a_timespec;
struct timespec m_timespec;
NTSTATUS status;
int oplock_request;
uint8_t oplock_granted = NO_OPLOCK_RETURN;
struct case_semantics_state *case_state = NULL;
uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntcreateX);
if (req->wct < 24) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
flags = IVAL(req->vwv+3, 1);
access_mask = IVAL(req->vwv+7, 1);
file_attributes = IVAL(req->vwv+13, 1);
share_access = IVAL(req->vwv+15, 1);
create_disposition = IVAL(req->vwv+17, 1);
create_options = IVAL(req->vwv+19, 1);
root_dir_fid = (uint16_t)IVAL(req->vwv+5, 1);
allocation_size = BVAL(req->vwv+9, 1);
srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
goto out;
}
DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
"file_attributes = 0x%x, share_access = 0x%x, "
"create_disposition = 0x%x create_options = 0x%x "
"root_dir_fid = 0x%x, fname = %s\n",
(unsigned int)flags,
(unsigned int)access_mask,
(unsigned int)file_attributes,
(unsigned int)share_access,
(unsigned int)create_disposition,
(unsigned int)create_options,
(unsigned int)root_dir_fid,
fname));
/*
* we need to remove ignored bits when they come directly from the client
* because we reuse some of them for internal stuff
*/
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
/*
* If it's an IPC, use the pipe handler.
*/
if (IS_IPC(conn)) {
if (lp_nt_pipe_support()) {
do_ntcreate_pipe_open(conn, req);
goto out;
}
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
goto out;
}
oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
if (oplock_request) {
oplock_request |= (flags & REQUEST_BATCH_OPLOCK)
? BATCH_OPLOCK : 0;
}
if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
case_state = set_posix_case_semantics(ctx, conn);
if (!case_state) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
}
ucf_flags = filename_create_ucf_flags(req, create_disposition);
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
ucf_flags,
NULL,
&smb_fname);
TALLOC_FREE(case_state);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req,
NT_STATUS_PATH_NOT_COVERED,
ERRSRV, ERRbadpath);
goto out;
}
reply_nterror(req, status);
goto out;
}
/*
* Bug #6898 - clients using Windows opens should
* never be able to set this attribute into the
* VFS.
*/
file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
root_dir_fid, /* root_dir_fid */
smb_fname, /* fname */
access_mask, /* access_mask */
share_access, /* share_access */
create_disposition, /* create_disposition*/
create_options, /* create_options */
file_attributes, /* file_attributes */
oplock_request, /* oplock_request */
NULL, /* lease */
allocation_size, /* allocation_size */
0, /* private_flags */
NULL, /* sd */
NULL, /* ea_list */
&fsp, /* result */
&info, /* pinfo */
NULL, NULL); /* create context */
if (!NT_STATUS_IS_OK(status)) {
if (open_was_deferred(req->xconn, req->mid)) {
/* We have re-scheduled this call, no error. */
goto out;
}
reply_openerror(req, status);
goto out;
}
/* Ensure we're pointing at the correct stat struct. */
TALLOC_FREE(smb_fname);
smb_fname = fsp->fsp_name;
/*
* If the caller set the extended oplock request bit
* and we granted one (by whatever means) - set the
* correct bit for extended oplock reply.
*/
if (oplock_request &&
(lp_fake_oplocks(SNUM(conn))
|| EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))) {
/*
* Exclusive oplock granted
*/
if (flags & REQUEST_BATCH_OPLOCK) {
oplock_granted = BATCH_OPLOCK_RETURN;
} else {
oplock_granted = EXCLUSIVE_OPLOCK_RETURN;
}
} else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
oplock_granted = LEVEL_II_OPLOCK_RETURN;
} else {
oplock_granted = NO_OPLOCK_RETURN;
}
file_len = smb_fname->st.st_ex_size;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* This is very strange. We
* return 50 words, but only set
* the wcnt to 42 ? It's definitely
* what happens on the wire....
*/
reply_outbuf(req, 50, 0);
SCVAL(req->outbuf,smb_wct,42);
} else {
reply_outbuf(req, 34, 0);
}
SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
p = (char *)req->outbuf + smb_vwv2;
SCVAL(p, 0, oplock_granted);
p++;
SSVAL(p,0,fsp->fnum);
p += 2;
if ((create_disposition == FILE_SUPERSEDE)
&& (info == FILE_WAS_OVERWRITTEN)) {
SIVAL(p,0,FILE_WAS_SUPERSEDED);
} else {
SIVAL(p,0,info);
}
p += 4;
fattr = dos_mode(conn, smb_fname);
if (fattr == 0) {
fattr = FILE_ATTRIBUTE_NORMAL;
}
/* Create time. */
create_timespec = get_create_timespec(conn, fsp, smb_fname);
a_timespec = smb_fname->st.st_ex_atime;
m_timespec = smb_fname->st.st_ex_mtime;
c_timespec = get_change_timespec(conn, fsp, smb_fname);
if (lp_dos_filetime_resolution(SNUM(conn))) {
dos_filetime_timespec(&create_timespec);
dos_filetime_timespec(&a_timespec);
dos_filetime_timespec(&m_timespec);
dos_filetime_timespec(&c_timespec);
}
put_long_date_timespec(conn->ts_res, p, create_timespec); /* create time. */
p += 8;
put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
p += 8;
put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
p += 8;
put_long_date_timespec(conn->ts_res, p, c_timespec); /* change time */
p += 8;
SIVAL(p,0,fattr); /* File Attributes. */
p += 4;
SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&smb_fname->st));
p += 8;
SOFF_T(p,0,file_len);
p += 8;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG);
unsigned int num_streams = 0;
struct stream_struct *streams = NULL;
if (lp_ea_support(SNUM(conn))) {
size_t num_names = 0;
/* Do we have any EA's ? */
status = get_ea_names_from_file(
ctx, conn, fsp, smb_fname, NULL, &num_names);
if (NT_STATUS_IS_OK(status) && num_names) {
file_status &= ~NO_EAS;
}
}
status = vfs_streaminfo(conn, NULL, smb_fname, ctx,
&num_streams, &streams);
/* There is always one stream, ::$DATA. */
if (NT_STATUS_IS_OK(status) && num_streams > 1) {
file_status &= ~NO_SUBSTREAMS;
}
TALLOC_FREE(streams);
SSVAL(p,2,file_status);
}
p += 4;
SCVAL(p,0,fsp->is_directory ? 1 : 0);
if (flags & EXTENDED_RESPONSE_REQUIRED) {
uint32_t perms = 0;
p += 25;
if (fsp->is_directory ||
fsp->can_write ||
can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
perms = FILE_GENERIC_READ|FILE_EXECUTE;
}
SIVAL(p,0,perms);
}
DEBUG(5,("reply_ntcreate_and_X: %s, open name = %s\n",
fsp_fnum_dbg(fsp), smb_fname_str_dbg(smb_fname)));
out:
END_PROFILE(SMBntcreateX);
return;
}
/****************************************************************************
Reply to a NT_TRANSACT_CREATE call to open a pipe.
****************************************************************************/
static void do_nt_transact_create_pipe(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup, uint32_t setup_count,
char **ppparams, uint32_t parameter_count,
char **ppdata, uint32_t data_count)
{
char *fname = NULL;
char *params = *ppparams;
uint16_t pnum = FNUM_FIELD_INVALID;
char *p = NULL;
NTSTATUS status;
size_t param_len;
uint32_t flags;
TALLOC_CTX *ctx = talloc_tos();
/*
* Ensure minimum number of parameters sent.
*/
if(parameter_count < 54) {
DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
flags = IVAL(params,0);
if (req->posix_pathnames) {
srvstr_get_path_posix(ctx,
params,
req->flags2,
&fname,
params+53,
parameter_count-53,
STR_TERMINATE,
&status);
} else {
srvstr_get_path(ctx,
params,
req->flags2,
&fname,
params+53,
parameter_count-53,
STR_TERMINATE,
&status);
}
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
nt_open_pipe(fname, conn, req, &pnum);
if (req->outbuf) {
/* Error return */
return;
}
/* Realloc the size of parameters and data we will return */
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* Extended response is 32 more byyes. */
param_len = 101;
} else {
param_len = 69;
}
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
p = params;
SCVAL(p,0,NO_OPLOCK_RETURN);
p += 2;
SSVAL(p,0,pnum);
p += 2;
SIVAL(p,0,FILE_WAS_OPENED);
p += 8;
p += 32;
SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
p += 20;
/* File type. */
SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
/* Device state. */
SSVAL(p,2, 0x5FF); /* ? */
p += 4;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
p += 25;
SIVAL(p,0,FILE_GENERIC_ALL);
/*
* For pipes W2K3 seems to return
* 0x12019B next.
* This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
*/
SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
}
DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
/* Send the required number of replies */
send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
return;
}
/*********************************************************************
Windows seems to do canonicalization of inheritance bits. Do the
same.
*********************************************************************/
static void canonicalize_inheritance_bits(struct security_descriptor *psd)
{
bool set_auto_inherited = false;
/*
* We need to filter out the
* SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
* bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
* as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
* when an ACE is inherited. Otherwise we zero these bits out.
* See:
*
* http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
*
* for details.
*/
if ((psd->type & (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ))
== (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
set_auto_inherited = true;
}
psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ);
if (set_auto_inherited) {
psd->type |= SEC_DESC_DACL_AUTO_INHERITED;
}
}
/****************************************************************************
Internal fn to set security descriptors.
****************************************************************************/
NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
uint32_t security_info_sent)
{
NTSTATUS status;
if (!CAN_WRITE(fsp->conn)) {
return NT_STATUS_ACCESS_DENIED;
}
if (!lp_nt_acl_support(SNUM(fsp->conn))) {
return NT_STATUS_OK;
}
if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
DEBUG(10, ("ACL set on symlink %s denied.\n",
fsp_str_dbg(fsp)));
return NT_STATUS_ACCESS_DENIED;
}
if (psd->owner_sid == NULL) {
security_info_sent &= ~SECINFO_OWNER;
}
if (psd->group_sid == NULL) {
security_info_sent &= ~SECINFO_GROUP;
}
/* Ensure we have at least one thing set. */
if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
/* Just like W2K3 */
return NT_STATUS_OK;
}
/* Ensure we have the rights to do this. */
if (security_info_sent & SECINFO_OWNER) {
if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
return NT_STATUS_ACCESS_DENIED;
}
}
if (security_info_sent & SECINFO_GROUP) {
if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
return NT_STATUS_ACCESS_DENIED;
}
}
if (security_info_sent & SECINFO_DACL) {
if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
return NT_STATUS_ACCESS_DENIED;
}
/* Convert all the generic bits. */
if (psd->dacl) {
security_acl_map_generic(psd->dacl, &file_generic_mapping);
}
}
if (security_info_sent & SECINFO_SACL) {
if (!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
return NT_STATUS_ACCESS_DENIED;
}
/* Convert all the generic bits. */
if (psd->sacl) {
security_acl_map_generic(psd->sacl, &file_generic_mapping);
}
}
canonicalize_inheritance_bits(psd);
if (DEBUGLEVEL >= 10) {
DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor, psd);
}
status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd);
TALLOC_FREE(psd);
return status;
}
/****************************************************************************
Internal fn to set security descriptors from a data blob.
****************************************************************************/
NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
uint32_t security_info_sent)
{
struct security_descriptor *psd = NULL;
NTSTATUS status;
if (sd_len == 0) {
return NT_STATUS_INVALID_PARAMETER;
}
status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return set_sd(fsp, psd, security_info_sent);
}
/****************************************************************************
Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
****************************************************************************/
static void call_nt_transact_create(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup, uint32_t setup_count,
char **ppparams, uint32_t parameter_count,
char **ppdata, uint32_t data_count,
uint32_t max_data_count)
{
struct smb_filename *smb_fname = NULL;
char *fname = NULL;
char *params = *ppparams;
char *data = *ppdata;
/* Breakout the oplock request bits so we can set the reply bits separately. */
uint32_t fattr=0;
off_t file_len = 0;
int info = 0;
files_struct *fsp = NULL;
char *p = NULL;
uint32_t flags;
uint32_t access_mask;
uint32_t file_attributes;
uint32_t share_access;
uint32_t create_disposition;
uint32_t create_options;
uint32_t sd_len;
struct security_descriptor *sd = NULL;
uint32_t ea_len;
uint16_t root_dir_fid;
struct timespec create_timespec;
struct timespec c_timespec;
struct timespec a_timespec;
struct timespec m_timespec;
struct ea_list *ea_list = NULL;
NTSTATUS status;
size_t param_len;
uint64_t allocation_size;
int oplock_request;
uint8_t oplock_granted;
struct case_semantics_state *case_state = NULL;
uint32_t ucf_flags;
TALLOC_CTX *ctx = talloc_tos();
DEBUG(5,("call_nt_transact_create\n"));
/*
* If it's an IPC, use the pipe handler.
*/
if (IS_IPC(conn)) {
if (lp_nt_pipe_support()) {
do_nt_transact_create_pipe(
conn, req,
ppsetup, setup_count,
ppparams, parameter_count,
ppdata, data_count);
goto out;
}
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
goto out;
}
/*
* Ensure minimum number of parameters sent.
*/
if(parameter_count < 54) {
DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
flags = IVAL(params,0);
access_mask = IVAL(params,8);
file_attributes = IVAL(params,20);
share_access = IVAL(params,24);
create_disposition = IVAL(params,28);
create_options = IVAL(params,32);
sd_len = IVAL(params,36);
ea_len = IVAL(params,40);
root_dir_fid = (uint16_t)IVAL(params,4);
allocation_size = BVAL(params,12);
/*
* we need to remove ignored bits when they come directly from the client
* because we reuse some of them for internal stuff
*/
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
if (req->posix_pathnames) {
srvstr_get_path_posix(ctx,
params,
req->flags2,
&fname,
params+53,
parameter_count-53,
STR_TERMINATE,
&status);
} else {
srvstr_get_path(ctx,
params,
req->flags2,
&fname,
params+53,
parameter_count-53,
STR_TERMINATE,
&status);
}
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
goto out;
}
if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
case_state = set_posix_case_semantics(ctx, conn);
if (!case_state) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
}
ucf_flags = filename_create_ucf_flags(req, create_disposition);
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
ucf_flags,
NULL,
&smb_fname);
TALLOC_FREE(case_state);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req,
NT_STATUS_PATH_NOT_COVERED,
ERRSRV, ERRbadpath);
goto out;
}
reply_nterror(req, status);
goto out;
}
/* Ensure the data_len is correct for the sd and ea values given. */
if ((ea_len + sd_len > data_count)
|| (ea_len > data_count) || (sd_len > data_count)
|| (ea_len + sd_len < ea_len) || (ea_len + sd_len < sd_len)) {
DEBUG(10, ("call_nt_transact_create - ea_len = %u, sd_len = "
"%u, data_count = %u\n", (unsigned int)ea_len,
(unsigned int)sd_len, (unsigned int)data_count));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
if (sd_len) {
DEBUG(10, ("call_nt_transact_create - sd_len = %d\n",
sd_len));
status = unmarshall_sec_desc(ctx, (uint8_t *)data, sd_len,
&sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("call_nt_transact_create: "
"unmarshall_sec_desc failed: %s\n",
nt_errstr(status)));
reply_nterror(req, status);
goto out;
}
}
if (ea_len) {
if (!lp_ea_support(SNUM(conn))) {
DEBUG(10, ("call_nt_transact_create - ea_len = %u but "
"EA's not supported.\n",
(unsigned int)ea_len));
reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
goto out;
}
if (ea_len < 10) {
DEBUG(10,("call_nt_transact_create - ea_len = %u - "
"too small (should be more than 10)\n",
(unsigned int)ea_len ));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
/* We have already checked that ea_len <= data_count here. */
ea_list = read_nttrans_ea_list(talloc_tos(), data + sd_len,
ea_len);
if (ea_list == NULL) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
if (!req->posix_pathnames &&
ea_list_has_invalid_name(ea_list)) {
/* Realloc the size of parameters and data we will return */
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* Extended response is 32 more byyes. */
param_len = 101;
} else {
param_len = 69;
}
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
memset(params, '\0', param_len);
send_nt_replies(conn, req, STATUS_INVALID_EA_NAME,
params, param_len, NULL, 0);
goto out;
}
}
oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
if (oplock_request) {
oplock_request |= (flags & REQUEST_BATCH_OPLOCK)
? BATCH_OPLOCK : 0;
}
/*
* Bug #6898 - clients using Windows opens should
* never be able to set this attribute into the
* VFS.
*/
file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
root_dir_fid, /* root_dir_fid */
smb_fname, /* fname */
access_mask, /* access_mask */
share_access, /* share_access */
create_disposition, /* create_disposition*/
create_options, /* create_options */
file_attributes, /* file_attributes */
oplock_request, /* oplock_request */
NULL, /* lease */
allocation_size, /* allocation_size */
0, /* private_flags */
sd, /* sd */
ea_list, /* ea_list */
&fsp, /* result */
&info, /* pinfo */
NULL, NULL); /* create context */
if(!NT_STATUS_IS_OK(status)) {
if (open_was_deferred(req->xconn, req->mid)) {
/* We have re-scheduled this call, no error. */
return;
}
reply_openerror(req, status);
goto out;
}
/* Ensure we're pointing at the correct stat struct. */
TALLOC_FREE(smb_fname);
smb_fname = fsp->fsp_name;
/*
* If the caller set the extended oplock request bit
* and we granted one (by whatever means) - set the
* correct bit for extended oplock reply.
*/
if (oplock_request &&
(lp_fake_oplocks(SNUM(conn))
|| EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))) {
/*
* Exclusive oplock granted
*/
if (flags & REQUEST_BATCH_OPLOCK) {
oplock_granted = BATCH_OPLOCK_RETURN;
} else {
oplock_granted = EXCLUSIVE_OPLOCK_RETURN;
}
} else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
oplock_granted = LEVEL_II_OPLOCK_RETURN;
} else {
oplock_granted = NO_OPLOCK_RETURN;
}
file_len = smb_fname->st.st_ex_size;
/* Realloc the size of parameters and data we will return */
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* Extended response is 32 more byyes. */
param_len = 101;
} else {
param_len = 69;
}
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
p = params;
SCVAL(p, 0, oplock_granted);
p += 2;
SSVAL(p,0,fsp->fnum);
p += 2;
if ((create_disposition == FILE_SUPERSEDE)
&& (info == FILE_WAS_OVERWRITTEN)) {
SIVAL(p,0,FILE_WAS_SUPERSEDED);
} else {
SIVAL(p,0,info);
}
p += 8;
fattr = dos_mode(conn, smb_fname);
if (fattr == 0) {
fattr = FILE_ATTRIBUTE_NORMAL;
}
/* Create time. */
create_timespec = get_create_timespec(conn, fsp, smb_fname);
a_timespec = smb_fname->st.st_ex_atime;
m_timespec = smb_fname->st.st_ex_mtime;
c_timespec = get_change_timespec(conn, fsp, smb_fname);
if (lp_dos_filetime_resolution(SNUM(conn))) {
dos_filetime_timespec(&create_timespec);
dos_filetime_timespec(&a_timespec);
dos_filetime_timespec(&m_timespec);
dos_filetime_timespec(&c_timespec);
}
put_long_date_timespec(conn->ts_res, p, create_timespec); /* create time. */
p += 8;
put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
p += 8;
put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
p += 8;
put_long_date_timespec(conn->ts_res, p, c_timespec); /* change time */
p += 8;
SIVAL(p,0,fattr); /* File Attributes. */
p += 4;
SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st));
p += 8;
SOFF_T(p,0,file_len);
p += 8;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG);
unsigned int num_streams = 0;
struct stream_struct *streams = NULL;
if (lp_ea_support(SNUM(conn))) {
size_t num_names = 0;
/* Do we have any EA's ? */
status = get_ea_names_from_file(
ctx, conn, fsp, smb_fname, NULL, &num_names);
if (NT_STATUS_IS_OK(status) && num_names) {
file_status &= ~NO_EAS;
}
}
status = vfs_streaminfo(conn, NULL, smb_fname, ctx,
&num_streams, &streams);
/* There is always one stream, ::$DATA. */
if (NT_STATUS_IS_OK(status) && num_streams > 1) {
file_status &= ~NO_SUBSTREAMS;
}
TALLOC_FREE(streams);
SSVAL(p,2,file_status);
}
p += 4;
SCVAL(p,0,fsp->is_directory ? 1 : 0);
if (flags & EXTENDED_RESPONSE_REQUIRED) {
uint32_t perms = 0;
p += 25;
if (fsp->is_directory ||
fsp->can_write ||
can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
perms = FILE_GENERIC_READ|FILE_EXECUTE;
}
SIVAL(p,0,perms);
}
DEBUG(5,("call_nt_transact_create: open name = %s\n",
smb_fname_str_dbg(smb_fname)));
/* Send the required number of replies */
send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
out:
return;
}
/****************************************************************************
Reply to a NT CANCEL request.
conn POINTER CAN BE NULL HERE !
****************************************************************************/
void reply_ntcancel(struct smb_request *req)
{
struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
/*
* Go through and cancel any pending change notifies.
*/
START_PROFILE(SMBntcancel);
srv_cancel_sign_response(xconn);
remove_pending_change_notify_requests_by_mid(sconn, req->mid);
remove_pending_lock_requests_by_mid_smb1(sconn, req->mid);
DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n",
(unsigned long long)req->mid));
END_PROFILE(SMBntcancel);
return;
}
/****************************************************************************
Copy a file.
****************************************************************************/
static NTSTATUS copy_internals(TALLOC_CTX *ctx,
connection_struct *conn,
struct smb_request *req,
struct smb_filename *smb_fname_src,
struct smb_filename *smb_fname_dst,
uint32_t attrs)
{
files_struct *fsp1,*fsp2;
uint32_t fattr;
int info;
off_t ret=-1;
NTSTATUS status = NT_STATUS_OK;
char *parent;
if (!CAN_WRITE(conn)) {
status = NT_STATUS_MEDIA_WRITE_PROTECTED;
goto out;
}
/* Source must already exist. */
if (!VALID_STAT(smb_fname_src->st)) {
status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
goto out;
}
/* Ensure attributes match. */
fattr = dos_mode(conn, smb_fname_src);
if ((fattr & ~attrs) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
status = NT_STATUS_NO_SUCH_FILE;
goto out;
}
/* Disallow if dst file already exists. */
if (VALID_STAT(smb_fname_dst->st)) {
status = NT_STATUS_OBJECT_NAME_COLLISION;
goto out;
}
/* No links from a directory. */
if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
status = NT_STATUS_FILE_IS_A_DIRECTORY;
goto out;
}
DEBUG(10,("copy_internals: doing file copy %s to %s\n",
smb_fname_str_dbg(smb_fname_src),
smb_fname_str_dbg(smb_fname_dst)));
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
0, /* root_dir_fid */
smb_fname_src, /* fname */
FILE_READ_DATA|FILE_READ_ATTRIBUTES|
FILE_READ_EA, /* access_mask */
(FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
FILE_SHARE_DELETE),
FILE_OPEN, /* create_disposition*/
0, /* create_options */
FILE_ATTRIBUTE_NORMAL, /* file_attributes */
NO_OPLOCK, /* oplock_request */
NULL, /* lease */
0, /* allocation_size */
0, /* private_flags */
NULL, /* sd */
NULL, /* ea_list */
&fsp1, /* result */
&info, /* pinfo */
NULL, NULL); /* create context */
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
0, /* root_dir_fid */
smb_fname_dst, /* fname */
FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|
FILE_WRITE_EA, /* access_mask */
(FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
FILE_SHARE_DELETE),
FILE_CREATE, /* create_disposition*/
0, /* create_options */
fattr, /* file_attributes */
NO_OPLOCK, /* oplock_request */
NULL, /* lease */
0, /* allocation_size */
0, /* private_flags */
NULL, /* sd */
NULL, /* ea_list */
&fsp2, /* result */
&info, /* pinfo */
NULL, NULL); /* create context */
if (!NT_STATUS_IS_OK(status)) {
close_file(NULL, fsp1, ERROR_CLOSE);
goto out;
}
if (smb_fname_src->st.st_ex_size) {
ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
}
/*
* As we are opening fsp1 read-only we only expect
* an error on close on fsp2 if we are out of space.
* Thus we don't look at the error return from the
* close of fsp1.
*/
close_file(NULL, fsp1, NORMAL_CLOSE);
/* Ensure the modtime is set correctly on the destination file. */
set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
status = close_file(NULL, fsp2, NORMAL_CLOSE);
/* Grrr. We have to do this as open_file_ntcreate adds FILE_ATTRIBUTE_ARCHIVE when it
creates the file. This isn't the correct thing to do in the copy
case. JRA */
if (!parent_dirname(talloc_tos(), smb_fname_dst->base_name, &parent,
NULL)) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
file_set_dosmode(conn, smb_fname_dst, fattr, parent, false);
TALLOC_FREE(parent);
if (ret < (off_t)smb_fname_src->st.st_ex_size) {
status = NT_STATUS_DISK_FULL;
goto out;
}
out:
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
smb_fname_str_dbg(smb_fname_dst)));
}
return status;
}
/****************************************************************************
Reply to a NT rename request.
****************************************************************************/
void reply_ntrename(struct smb_request *req)
{
connection_struct *conn = req->conn;
struct smb_filename *smb_fname_old = NULL;
struct smb_filename *smb_fname_new = NULL;
char *oldname = NULL;
char *newname = NULL;
const char *p;
NTSTATUS status;
bool src_has_wcard = False;
bool dest_has_wcard = False;
uint32_t attrs;
uint32_t ucf_flags_src = (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
uint32_t ucf_flags_dst = (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
uint16_t rename_type;
TALLOC_CTX *ctx = talloc_tos();
bool stream_rename = false;
START_PROFILE(SMBntrename);
if (req->wct < 4) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
attrs = SVAL(req->vwv+0, 0);
rename_type = SVAL(req->vwv+1, 0);
p = (const char *)req->buf + 1;
p += srvstr_get_path_req_wcard(ctx, req, &oldname, p, STR_TERMINATE,
&status, &src_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
goto out;
}
if (!req->posix_pathnames && ms_has_wild(oldname)) {
reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
goto out;
}
p++;
p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
&status, &dest_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
goto out;
}
if (!req->posix_pathnames) {
/* The newname must begin with a ':' if the
oldname contains a ':'. */
if (strchr_m(oldname, ':')) {
if (newname[0] != ':') {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
stream_rename = true;
}
}
/*
* If this is a rename operation, allow wildcards and save the
* destination's last component.
*/
if (rename_type == RENAME_FLAG_RENAME) {
ucf_flags_src = UCF_COND_ALLOW_WCARD_LCOMP;
ucf_flags_dst = UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP;
}
/* rename_internals() calls unix_convert(), so don't call it here. */
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
oldname,
ucf_flags_src,
NULL,
&smb_fname_old);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status,
NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req,
NT_STATUS_PATH_NOT_COVERED,
ERRSRV, ERRbadpath);
goto out;
}
reply_nterror(req, status);
goto out;
}
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
newname,
ucf_flags_dst,
&dest_has_wcard,
&smb_fname_new);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status,
NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req,
NT_STATUS_PATH_NOT_COVERED,
ERRSRV, ERRbadpath);
goto out;
}
reply_nterror(req, status);
goto out;
}
if (stream_rename) {
/* smb_fname_new must be the same as smb_fname_old. */
TALLOC_FREE(smb_fname_new->base_name);
smb_fname_new->base_name = talloc_strdup(smb_fname_new,
smb_fname_old->base_name);
if (!smb_fname_new->base_name) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
}
DEBUG(3,("reply_ntrename: %s -> %s\n",
smb_fname_str_dbg(smb_fname_old),
smb_fname_str_dbg(smb_fname_new)));
switch(rename_type) {
case RENAME_FLAG_RENAME:
status = rename_internals(ctx, conn, req,
smb_fname_old, smb_fname_new,
attrs, False, src_has_wcard,
dest_has_wcard,
DELETE_ACCESS);
break;
case RENAME_FLAG_HARD_LINK:
if (src_has_wcard || dest_has_wcard) {
/* No wildcards. */
status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
} else {
status = hardlink_internals(ctx, conn,
req,
false,
smb_fname_old,
smb_fname_new);
}
break;
case RENAME_FLAG_COPY:
if (src_has_wcard || dest_has_wcard) {
/* No wildcards. */
status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
} else {
status = copy_internals(ctx, conn, req,
smb_fname_old,
smb_fname_new,
attrs);
}
break;
case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
status = NT_STATUS_INVALID_PARAMETER;
break;
default:
status = NT_STATUS_ACCESS_DENIED; /* Default error. */
break;
}
if (!NT_STATUS_IS_OK(status)) {
if (open_was_deferred(req->xconn, req->mid)) {
/* We have re-scheduled this call. */
goto out;
}
reply_nterror(req, status);
goto out;
}
reply_outbuf(req, 0, 0);
out:
END_PROFILE(SMBntrename);
return;
}
/****************************************************************************
Reply to a notify change - queue the request and
don't allow a directory to be opened.
****************************************************************************/
static void smbd_smb1_notify_reply(struct smb_request *req,
NTSTATUS error_code,
uint8_t *buf, size_t len)
{
send_nt_replies(req->conn, req, error_code, (char *)buf, len, NULL, 0);
}
static void call_nt_transact_notify_change(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup,
uint32_t setup_count,
char **ppparams,
uint32_t parameter_count,
char **ppdata, uint32_t data_count,
uint32_t max_data_count,
uint32_t max_param_count)
{
uint16_t *setup = *ppsetup;
files_struct *fsp;
uint32_t filter;
NTSTATUS status;
bool recursive;
if(setup_count < 6) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
fsp = file_fsp(req, SVAL(setup,4));
filter = IVAL(setup, 0);
recursive = (SVAL(setup, 6) != 0) ? True : False;
DEBUG(3,("call_nt_transact_notify_change\n"));
if(!fsp) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
{
char *filter_string;
if (!(filter_string = notify_filter_string(NULL, filter))) {
reply_nterror(req,NT_STATUS_NO_MEMORY);
return;
}
DEBUG(3,("call_nt_transact_notify_change: notify change "
"called on %s, filter = %s, recursive = %d\n",
fsp_str_dbg(fsp), filter_string, recursive));
TALLOC_FREE(filter_string);
}
if((!fsp->is_directory) || (conn != fsp->conn)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
if (fsp->notify == NULL) {
status = change_notify_create(fsp, filter, recursive);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("change_notify_create returned %s\n",
nt_errstr(status)));
reply_nterror(req, status);
return;
}
}
if (change_notify_fsp_has_changes(fsp)) {
/*
* We've got changes pending, respond immediately
*/
/*
* TODO: write a torture test to check the filtering behaviour
* here.
*/
change_notify_reply(req,
NT_STATUS_OK,
max_param_count,
fsp->notify,
smbd_smb1_notify_reply);
/*
* change_notify_reply() above has independently sent its
* results
*/
return;
}
/*
* No changes pending, queue the request
*/
status = change_notify_add_request(req,
max_param_count,
filter,
recursive, fsp,
smbd_smb1_notify_reply);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
}
return;
}
/****************************************************************************
Reply to an NT transact rename command.
****************************************************************************/
static void call_nt_transact_rename(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup, uint32_t setup_count,
char **ppparams, uint32_t parameter_count,
char **ppdata, uint32_t data_count,
uint32_t max_data_count)
{
char *params = *ppparams;
char *new_name = NULL;
files_struct *fsp = NULL;
bool dest_has_wcard = False;
NTSTATUS status;
TALLOC_CTX *ctx = talloc_tos();
if(parameter_count < 5) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
fsp = file_fsp(req, SVAL(params, 0));
if (!check_fsp(conn, req, fsp)) {
return;
}
if (req->posix_pathnames) {
srvstr_get_path_wcard_posix(ctx,
params,
req->flags2,
&new_name,
params+4,
parameter_count - 4,
STR_TERMINATE,
&status,
&dest_has_wcard);
} else {
srvstr_get_path_wcard(ctx,
params,
req->flags2,
&new_name,
params+4,
parameter_count - 4,
STR_TERMINATE,
&status,
&dest_has_wcard);
}
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
/*
* W2K3 ignores this request as the RAW-RENAME test
* demonstrates, so we do.
*/
send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
DEBUG(3,("nt transact rename from = %s, to = %s ignored!\n",
fsp_str_dbg(fsp), new_name));
return;
}
/******************************************************************************
Fake up a completely empty SD.
*******************************************************************************/
static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, struct security_descriptor **ppsd)
{
size_t sd_size;
*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
if(!*ppsd) {
DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
/****************************************************************************
Reply to query a security descriptor.
Callable from SMB1 and SMB2.
If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with
the required size.
****************************************************************************/
NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
TALLOC_CTX *mem_ctx,
files_struct *fsp,
uint32_t security_info_wanted,
uint32_t max_data_count,
uint8_t **ppmarshalled_sd,
size_t *psd_size)
{
NTSTATUS status;
struct security_descriptor *psd = NULL;
TALLOC_CTX *frame = talloc_stackframe();
/*
* Get the permissions to return.
*/
if ((security_info_wanted & SECINFO_SACL) &&
!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
DEBUG(10, ("Access to SACL denied.\n"));
TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) &&
!(fsp->access_mask & SEC_STD_READ_CONTROL)) {
DEBUG(10, ("Access to DACL, OWNER, or GROUP denied.\n"));
TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
DEBUG(10, ("ACL get on symlink %s denied.\n",
fsp_str_dbg(fsp)));
TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
SECINFO_GROUP|SECINFO_SACL)) {
/* Don't return SECINFO_LABEL if anything else was
requested. See bug #8458. */
security_info_wanted &= ~SECINFO_LABEL;
}
if (!lp_nt_acl_support(SNUM(conn))) {
status = get_null_nt_acl(frame, &psd);
} else if (security_info_wanted & SECINFO_LABEL) {
/* Like W2K3 return a null object. */
status = get_null_nt_acl(frame, &psd);
} else {
status = SMB_VFS_FGET_NT_ACL(
fsp, security_info_wanted, frame, &psd);
}
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
}
if (!(security_info_wanted & SECINFO_OWNER)) {
psd->owner_sid = NULL;
}
if (!(security_info_wanted & SECINFO_GROUP)) {
psd->group_sid = NULL;
}
if (!(security_info_wanted & SECINFO_DACL)) {
psd->type &= ~SEC_DESC_DACL_PRESENT;
psd->dacl = NULL;
}
if (!(security_info_wanted & SECINFO_SACL)) {
psd->type &= ~SEC_DESC_SACL_PRESENT;
psd->sacl = NULL;
}
/* If the SACL/DACL is NULL, but was requested, we mark that it is
* present in the reply to match Windows behavior */
if (psd->sacl == NULL &&
security_info_wanted & SECINFO_SACL)
psd->type |= SEC_DESC_SACL_PRESENT;
if (psd->dacl == NULL &&
security_info_wanted & SECINFO_DACL)
psd->type |= SEC_DESC_DACL_PRESENT;
if (security_info_wanted & SECINFO_LABEL) {
/* Like W2K3 return a null object. */
psd->owner_sid = NULL;
psd->group_sid = NULL;
psd->dacl = NULL;
psd->sacl = NULL;
psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
}
*psd_size = ndr_size_security_descriptor(psd, 0);
DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n",
(unsigned long)*psd_size));
if (DEBUGLEVEL >= 10) {
DEBUG(10,("smbd_do_query_security_desc for file %s\n",
fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor, psd);
}
if (max_data_count < *psd_size) {
TALLOC_FREE(frame);
return NT_STATUS_BUFFER_TOO_SMALL;
}
status = marshall_sec_desc(mem_ctx, psd,
ppmarshalled_sd, psd_size);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
}
TALLOC_FREE(frame);
return NT_STATUS_OK;
}
/****************************************************************************
SMB1 reply to query a security descriptor.
****************************************************************************/
static void call_nt_transact_query_security_desc(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup,
uint32_t setup_count,
char **ppparams,
uint32_t parameter_count,
char **ppdata,
uint32_t data_count,
uint32_t max_data_count)
{
char *params = *ppparams;
char *data = *ppdata;
size_t sd_size = 0;
uint32_t security_info_wanted;
files_struct *fsp = NULL;
NTSTATUS status;
uint8_t *marshalled_sd = NULL;
if(parameter_count < 8) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
fsp = file_fsp(req, SVAL(params,0));
if(!fsp) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
security_info_wanted = IVAL(params,4);
DEBUG(3,("call_nt_transact_query_security_desc: file = %s, "
"info_wanted = 0x%x\n", fsp_str_dbg(fsp),
(unsigned int)security_info_wanted));
params = nttrans_realloc(ppparams, 4);
if(params == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
/*
* Get the permissions to return.
*/
status = smbd_do_query_security_desc(conn,
talloc_tos(),
fsp,
security_info_wanted &
SMB_SUPPORTED_SECINFO_FLAGS,
max_data_count,
&marshalled_sd,
&sd_size);
if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
SIVAL(params,0,(uint32_t)sd_size);
send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
params, 4, NULL, 0);
return;
}
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
SMB_ASSERT(sd_size > 0);
SIVAL(params,0,(uint32_t)sd_size);
if (max_data_count < sd_size) {
send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
params, 4, NULL, 0);
return;
}
/*
* Allocate the data we will return.
*/
data = nttrans_realloc(ppdata, sd_size);
if(data == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
memcpy(data, marshalled_sd, sd_size);
send_nt_replies(conn, req, NT_STATUS_OK, params, 4, data, (int)sd_size);
return;
}
/****************************************************************************
Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
****************************************************************************/
static void call_nt_transact_set_security_desc(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup,
uint32_t setup_count,
char **ppparams,
uint32_t parameter_count,
char **ppdata,
uint32_t data_count,
uint32_t max_data_count)
{
char *params= *ppparams;
char *data = *ppdata;
files_struct *fsp = NULL;
uint32_t security_info_sent = 0;
NTSTATUS status;
if(parameter_count < 8) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
if((fsp = file_fsp(req, SVAL(params,0))) == NULL) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
if (!CAN_WRITE(fsp->conn)) {
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
if(!lp_nt_acl_support(SNUM(conn))) {
goto done;
}
security_info_sent = IVAL(params,4);
DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n",
fsp_str_dbg(fsp), (unsigned int)security_info_sent));
if (data_count == 0) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
status = set_sd_blob(fsp, (uint8_t *)data, data_count,
security_info_sent & SMB_SUPPORTED_SECINFO_FLAGS);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
done:
send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
return;
}
/****************************************************************************
Reply to NT IOCTL
****************************************************************************/
static void call_nt_transact_ioctl(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup, uint32_t setup_count,
char **ppparams, uint32_t parameter_count,
char **ppdata, uint32_t data_count,
uint32_t max_data_count)
{
NTSTATUS status;
uint32_t function;
uint16_t fidnum;
files_struct *fsp;
uint8_t isFSctl;
uint8_t compfilter;
char *out_data = NULL;
uint32_t out_data_len = 0;
char *pdata = *ppdata;
TALLOC_CTX *ctx = talloc_tos();
if (setup_count != 8) {
DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count));
reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
return;
}
function = IVAL(*ppsetup, 0);
fidnum = SVAL(*ppsetup, 4);
isFSctl = CVAL(*ppsetup, 6);
compfilter = CVAL(*ppsetup, 7);
DEBUG(10, ("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
function, fidnum, isFSctl, compfilter));
fsp=file_fsp(req, fidnum);
/*
* We don't really implement IOCTLs, especially on files.
*/
if (!isFSctl) {
DEBUG(10, ("isFSctl: 0x%02X indicates IOCTL, not FSCTL!\n",
isFSctl));
reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
return;
}
/* Has to be for an open file! */
if (!check_fsp_open(conn, req, fsp)) {
return;
}
SMB_PERFCOUNT_SET_IOCTL(&req->pcd, function);
/*
* out_data might be allocated by the VFS module, but talloc should be
* used, and should be cleaned up when the request ends.
*/
status = SMB_VFS_FSCTL(fsp,
ctx,
function,
req->flags2,
(uint8_t *)pdata,
data_count,
(uint8_t **)&out_data,
max_data_count,
&out_data_len);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
} else {
send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, out_data, out_data_len);
}
}
#ifdef HAVE_SYS_QUOTAS
/****************************************************************************
Reply to get user quota
****************************************************************************/
static void call_nt_transact_get_user_quota(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup,
uint32_t setup_count,
char **ppparams,
uint32_t parameter_count,
char **ppdata,
uint32_t data_count,
uint32_t max_data_count)
{
NTSTATUS nt_status = NT_STATUS_OK;
char *params = *ppparams;
char *pdata = *ppdata;
char *entry;
int data_len=0,param_len=0;
int qt_len=0;
int entry_len = 0;
files_struct *fsp = NULL;
uint16_t level = 0;
size_t sid_len;
struct dom_sid sid;
bool start_enum = True;
SMB_NTQUOTA_STRUCT qt;
SMB_NTQUOTA_LIST *tmp_list;
SMB_NTQUOTA_HANDLE *qt_handle = NULL;
ZERO_STRUCT(qt);
/* access check */
if (get_current_uid(conn) != sec_initial_uid()) {
DEBUG(1,("get_user_quota: access_denied service [%s] user "
"[%s]\n", lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
/*
* Ensure minimum number of parameters sent.
*/
if (parameter_count < 4) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* maybe we can check the quota_fnum */
fsp = file_fsp(req, SVAL(params,0));
if (!check_fsp_ntquota_handle(conn, req, fsp)) {
DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
/* the NULL pointer checking for fsp->fake_file_handle->pd
* is done by CHECK_NTQUOTA_HANDLE_OK()
*/
qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->private_data;
level = SVAL(params,2);
/* unknown 12 bytes leading in params */
switch (level) {
case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE:
/* seems that we should continue with the enum here --metze */
if (qt_handle->quota_list!=NULL &&
qt_handle->tmp_list==NULL) {
/* free the list */
free_ntquota_list(&(qt_handle->quota_list));
/* Realloc the size of parameters and data we will return */
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
data_len = 0;
SIVAL(params,0,data_len);
break;
}
start_enum = False;
case TRANSACT_GET_USER_QUOTA_LIST_START:
if (qt_handle->quota_list==NULL &&
qt_handle->tmp_list==NULL) {
start_enum = True;
}
if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0) {
reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
/* Realloc the size of parameters and data we will return */
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
/* we should not trust the value in max_data_count*/
max_data_count = MIN(max_data_count,2048);
pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
if(pdata == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
entry = pdata;
/* set params Size of returned Quota Data 4 bytes*/
/* but set it later when we know it */
/* for each entry push the data */
if (start_enum) {
qt_handle->tmp_list = qt_handle->quota_list;
}
tmp_list = qt_handle->tmp_list;
for (;((tmp_list!=NULL)&&((qt_len +40+SID_MAX_SIZE)<max_data_count));
tmp_list=tmp_list->next,entry+=entry_len,qt_len+=entry_len) {
sid_len = ndr_size_dom_sid(
&tmp_list->quotas->sid, 0);
entry_len = 40 + sid_len;
/* nextoffset entry 4 bytes */
SIVAL(entry,0,entry_len);
/* then the len of the SID 4 bytes */
SIVAL(entry,4,sid_len);
/* unknown data 8 bytes uint64_t */
SBIG_UINT(entry,8,(uint64_t)0); /* this is not 0 in windows...-metze*/
/* the used disk space 8 bytes uint64_t */
SBIG_UINT(entry,16,tmp_list->quotas->usedspace);
/* the soft quotas 8 bytes uint64_t */
SBIG_UINT(entry,24,tmp_list->quotas->softlim);
/* the hard quotas 8 bytes uint64_t */
SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
/* and now the SID */
sid_linearize((uint8_t *)(entry+40), sid_len,
&tmp_list->quotas->sid);
}
qt_handle->tmp_list = tmp_list;
/* overwrite the offset of the last entry */
SIVAL(entry-entry_len,0,0);
data_len = 4+qt_len;
/* overwrite the params quota_data_len */
SIVAL(params,0,data_len);
break;
case TRANSACT_GET_USER_QUOTA_FOR_SID:
/* unknown 4 bytes IVAL(pdata,0) */
if (data_count < 8) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
sid_len = IVAL(pdata,4);
/* Ensure this is less than 1mb. */
if (sid_len > (1024*1024)) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
if (data_count < 8+sid_len) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
data_len = 4+40+sid_len;
if (max_data_count < data_len) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
max_data_count, data_len));
param_len = 4;
SIVAL(params,0,data_len);
data_len = 0;
nt_status = NT_STATUS_BUFFER_TOO_SMALL;
break;
}
if (!sid_parse((const uint8_t *)(pdata+8), sid_len,
&sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
nt_status = vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE,
&sid, &qt);
if (!NT_STATUS_IS_OK(nt_status)) {
reply_nterror(req, nt_status);
return;
}
/* Realloc the size of parameters and data we will return */
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
pdata = nttrans_realloc(ppdata, data_len);
if(pdata == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
entry = pdata;
/* set params Size of returned Quota Data 4 bytes*/
SIVAL(params,0,data_len);
/* nextoffset entry 4 bytes */
SIVAL(entry,0,0);
/* then the len of the SID 4 bytes */
SIVAL(entry,4,sid_len);
/* unknown data 8 bytes uint64_t */
SBIG_UINT(entry,8,(uint64_t)0); /* this is not 0 in windows...-mezte*/
/* the used disk space 8 bytes uint64_t */
SBIG_UINT(entry,16,qt.usedspace);
/* the soft quotas 8 bytes uint64_t */
SBIG_UINT(entry,24,qt.softlim);
/* the hard quotas 8 bytes uint64_t */
SBIG_UINT(entry,32,qt.hardlim);
/* and now the SID */
sid_linearize((uint8_t *)(entry+40), sid_len, &sid);
break;
default:
DEBUG(0, ("do_nt_transact_get_user_quota: %s: unknown "
"level 0x%04hX\n",
fsp_fnum_dbg(fsp), level));
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
break;
}
send_nt_replies(conn, req, nt_status, params, param_len,
pdata, data_len);
}
/****************************************************************************
Reply to set user quota
****************************************************************************/
static void call_nt_transact_set_user_quota(connection_struct *conn,
struct smb_request *req,
uint16_t **ppsetup,
uint32_t setup_count,
char **ppparams,
uint32_t parameter_count,
char **ppdata,
uint32_t data_count,
uint32_t max_data_count)
{
char *params = *ppparams;
char *pdata = *ppdata;
int data_len=0,param_len=0;
SMB_NTQUOTA_STRUCT qt;
size_t sid_len;
struct dom_sid sid;
files_struct *fsp = NULL;
ZERO_STRUCT(qt);
/* access check */
if (get_current_uid(conn) != 0) {
DEBUG(1,("set_user_quota: access_denied service [%s] user "
"[%s]\n", lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
/*
* Ensure minimum number of parameters sent.
*/
if (parameter_count < 2) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* maybe we can check the quota_fnum */
fsp = file_fsp(req, SVAL(params,0));
if (!check_fsp_ntquota_handle(conn, req, fsp)) {
DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
if (data_count < 40) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* offset to next quota record.
* 4 bytes IVAL(pdata,0)
* unused here...
*/
/* sid len */
sid_len = IVAL(pdata,4);
if (data_count < 40+sid_len || (40+sid_len < sid_len)) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* unknown 8 bytes in pdata
* maybe its the change time in NTTIME
*/
/* the used space 8 bytes (uint64_t)*/
qt.usedspace = BVAL(pdata,16);
/* the soft quotas 8 bytes (uint64_t)*/
qt.softlim = BVAL(pdata,24);
/* the hard quotas 8 bytes (uint64_t)*/
qt.hardlim = BVAL(pdata,32);
if (!sid_parse((const uint8_t *)(pdata+40), sid_len, &sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
/* 44 unknown bytes left... */
if (vfs_set_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
send_nt_replies(conn, req, NT_STATUS_OK, params, param_len,
pdata, data_len);
}
#endif /* HAVE_SYS_QUOTAS */
static void handle_nttrans(connection_struct *conn,
struct trans_state *state,
struct smb_request *req)
{
if (get_Protocol() >= PROTOCOL_NT1) {
req->flags2 |= 0x40; /* IS_LONG_NAME */
SSVAL(discard_const_p(uint8_t, req->inbuf),smb_flg2,req->flags2);
}
SMB_PERFCOUNT_SET_SUBOP(&req->pcd, state->call);
/* Now we must call the relevant NT_TRANS function */
switch(state->call) {
case NT_TRANSACT_CREATE:
{
START_PROFILE(NT_transact_create);
call_nt_transact_create(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_create);
break;
}
case NT_TRANSACT_IOCTL:
{
START_PROFILE(NT_transact_ioctl);
call_nt_transact_ioctl(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_ioctl);
break;
}
case NT_TRANSACT_SET_SECURITY_DESC:
{
START_PROFILE(NT_transact_set_security_desc);
call_nt_transact_set_security_desc(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_set_security_desc);
break;
}
case NT_TRANSACT_NOTIFY_CHANGE:
{
START_PROFILE(NT_transact_notify_change);
call_nt_transact_notify_change(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return,
state->max_param_return);
END_PROFILE(NT_transact_notify_change);
break;
}
case NT_TRANSACT_RENAME:
{
START_PROFILE(NT_transact_rename);
call_nt_transact_rename(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_rename);
break;
}
case NT_TRANSACT_QUERY_SECURITY_DESC:
{
START_PROFILE(NT_transact_query_security_desc);
call_nt_transact_query_security_desc(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_query_security_desc);
break;
}
#ifdef HAVE_SYS_QUOTAS
case NT_TRANSACT_GET_USER_QUOTA:
{
START_PROFILE(NT_transact_get_user_quota);
call_nt_transact_get_user_quota(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_get_user_quota);
break;
}
case NT_TRANSACT_SET_USER_QUOTA:
{
START_PROFILE(NT_transact_set_user_quota);
call_nt_transact_set_user_quota(
conn, req,
&state->setup, state->setup_count,
&state->param, state->total_param,
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_set_user_quota);
break;
}
#endif /* HAVE_SYS_QUOTAS */
default:
/* Error in request */
DEBUG(0,("handle_nttrans: Unknown request %d in "
"nttrans call\n", state->call));
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
return;
}
/****************************************************************************
Reply to a SMBNTtrans.
****************************************************************************/
void reply_nttrans(struct smb_request *req)
{
connection_struct *conn = req->conn;
uint32_t pscnt;
uint32_t psoff;
uint32_t dscnt;
uint32_t dsoff;
uint16_t function_code;
NTSTATUS result;
struct trans_state *state;
START_PROFILE(SMBnttrans);
if (req->wct < 19) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttrans);
return;
}
pscnt = IVAL(req->vwv+9, 1);
psoff = IVAL(req->vwv+11, 1);
dscnt = IVAL(req->vwv+13, 1);
dsoff = IVAL(req->vwv+15, 1);
function_code = SVAL(req->vwv+18, 0);
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
END_PROFILE(SMBnttrans);
return;
}
result = allow_new_trans(conn->pending_trans, req->mid);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result)));
reply_nterror(req, result);
END_PROFILE(SMBnttrans);
return;
}
if ((state = talloc(conn, struct trans_state)) == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
state->cmd = SMBnttrans;
state->mid = req->mid;
state->vuid = req->vuid;
state->total_data = IVAL(req->vwv+3, 1);
state->data = NULL;
state->total_param = IVAL(req->vwv+1, 1);
state->param = NULL;
state->max_data_return = IVAL(req->vwv+7, 1);
state->max_param_return = IVAL(req->vwv+5, 1);
/* setup count is in *words* */
state->setup_count = 2*CVAL(req->vwv+17, 1);
state->setup = NULL;
state->call = function_code;
DEBUG(10, ("num_setup=%u, "
"param_total=%u, this_param=%u, max_param=%u, "
"data_total=%u, this_data=%u, max_data=%u, "
"param_offset=%u, data_offset=%u\n",
(unsigned)state->setup_count,
(unsigned)state->total_param, (unsigned)pscnt,
(unsigned)state->max_param_return,
(unsigned)state->total_data, (unsigned)dscnt,
(unsigned)state->max_data_return,
(unsigned)psoff, (unsigned)dsoff));
/*
* All nttrans messages we handle have smb_wct == 19 +
* state->setup_count. Ensure this is so as a sanity check.
*/
if(req->wct != 19 + (state->setup_count/2)) {
DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
req->wct, 19 + (state->setup_count/2)));
goto bad_param;
}
/* Don't allow more than 128mb for each value. */
if ((state->total_data > (1024*1024*128)) ||
(state->total_param > (1024*1024*128))) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
if ((dscnt > state->total_data) || (pscnt > state->total_param))
goto bad_param;
if (state->total_data) {
if (trans_oob(state->total_data, 0, dscnt)
|| trans_oob(smb_len(req->inbuf), dsoff, dscnt)) {
goto bad_param;
}
/* Can't use talloc here, the core routines do realloc on the
* params and data. */
if ((state->data = (char *)SMB_MALLOC(state->total_data)) == NULL) {
DEBUG(0,("reply_nttrans: data malloc fail for %u "
"bytes !\n", (unsigned int)state->total_data));
TALLOC_FREE(state);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt);
}
if (state->total_param) {
if (trans_oob(state->total_param, 0, pscnt)
|| trans_oob(smb_len(req->inbuf), psoff, pscnt)) {
goto bad_param;
}
/* Can't use talloc here, the core routines do realloc on the
* params and data. */
if ((state->param = (char *)SMB_MALLOC(state->total_param)) == NULL) {
DEBUG(0,("reply_nttrans: param malloc fail for %u "
"bytes !\n", (unsigned int)state->total_param));
SAFE_FREE(state->data);
TALLOC_FREE(state);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt);
}
state->received_data = dscnt;
state->received_param = pscnt;
if(state->setup_count > 0) {
DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
state->setup_count));
/*
* No overflow possible here, state->setup_count is an
* unsigned int, being filled by a single byte from
* CVAL(req->vwv+13, 0) above. The cast in the comparison
* below is not necessary, it's here to clarify things. The
* validity of req->vwv and req->wct has been checked in
* init_smb_request already.
*/
if ((state->setup_count/2) + 19 > (unsigned int)req->wct) {
goto bad_param;
}
state->setup = (uint16_t *)TALLOC(state, state->setup_count);
if (state->setup == NULL) {
DEBUG(0,("reply_nttrans : Out of memory\n"));
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
memcpy(state->setup, req->vwv+19, state->setup_count);
dump_data(10, (uint8_t *)state->setup, state->setup_count);
}
if ((state->received_data == state->total_data) &&
(state->received_param == state->total_param)) {
handle_nttrans(conn, state, req);
SAFE_FREE(state->param);
SAFE_FREE(state->data);
TALLOC_FREE(state);
END_PROFILE(SMBnttrans);
return;
}
DLIST_ADD(conn->pending_trans, state);
/* We need to send an interim response then receive the rest
of the parameter/data bytes */
reply_outbuf(req, 0, 0);
show_msg((char *)req->outbuf);
END_PROFILE(SMBnttrans);
return;
bad_param:
DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttrans);
return;
}
/****************************************************************************
Reply to a SMBnttranss
****************************************************************************/
void reply_nttranss(struct smb_request *req)
{
connection_struct *conn = req->conn;
uint32_t pcnt,poff,dcnt,doff,pdisp,ddisp;
struct trans_state *state;
START_PROFILE(SMBnttranss);
show_msg((const char *)req->inbuf);
/* Windows clients expect all replies to
an NT transact secondary (SMBnttranss 0xA1)
to have a command code of NT transact
(SMBnttrans 0xA0). See bug #8989 for details. */
req->cmd = SMBnttrans;
if (req->wct < 18) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttranss);
return;
}
for (state = conn->pending_trans; state != NULL;
state = state->next) {
if (state->mid == req->mid) {
break;
}
}
if ((state == NULL) || (state->cmd != SMBnttrans)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttranss);
return;
}
/* Revise state->total_param and state->total_data in case they have
changed downwards */
if (IVAL(req->vwv+1, 1) < state->total_param) {
state->total_param = IVAL(req->vwv+1, 1);
}
if (IVAL(req->vwv+3, 1) < state->total_data) {
state->total_data = IVAL(req->vwv+3, 1);
}
pcnt = IVAL(req->vwv+5, 1);
poff = IVAL(req->vwv+7, 1);
pdisp = IVAL(req->vwv+9, 1);
dcnt = IVAL(req->vwv+11, 1);
doff = IVAL(req->vwv+13, 1);
ddisp = IVAL(req->vwv+15, 1);
state->received_param += pcnt;
state->received_data += dcnt;
if ((state->received_data > state->total_data) ||
(state->received_param > state->total_param))
goto bad_param;
if (pcnt) {
if (trans_oob(state->total_param, pdisp, pcnt)
|| trans_oob(smb_len(req->inbuf), poff, pcnt)) {
goto bad_param;
}
memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,pcnt);
}
if (dcnt) {
if (trans_oob(state->total_data, ddisp, dcnt)
|| trans_oob(smb_len(req->inbuf), doff, dcnt)) {
goto bad_param;
}
memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt);
}
if ((state->received_param < state->total_param) ||
(state->received_data < state->total_data)) {
END_PROFILE(SMBnttranss);
return;
}
handle_nttrans(conn, state, req);
DLIST_REMOVE(conn->pending_trans, state);
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
END_PROFILE(SMBnttranss);
return;
bad_param:
DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
DLIST_REMOVE(conn->pending_trans, state);
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttranss);
return;
}