sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
ec6973747a
samba-mirror/source4/smb_server/reply.c
Andrew Bartlett 9782a22fa9 r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don't 
segfault).  This should fix another of the issues that Richard came up
with last week.

Andrew Bartlett
(This used to be commit c2c8b6abf3)
2007-10-10 13:11:30 -05:00

2461 lines
71 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
Main SMB reply routines
Copyright (C) Andrew Tridgell 1992-2003
Copyright (C) James J Myers 2003 <myersjj@samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/*
This file handles most of the reply_ calls that the server
makes to handle specific protocols
*/
#include "includes.h"
#include "smb_server/smb_server.h"
#include "libcli/nbt/libnbt.h"
/* useful way of catching wct errors with file and line number */
#define REQ_CHECK_WCT(req, wcount) do { \
if ((req)->in.wct != (wcount)) { \
DEBUG(1,("Unexpected WCT %d at %s(%d) - expected %d\n", \
(req)->in.wct, __FILE__, __LINE__, wcount)); \
req_reply_dos_error(req, ERRSRV, ERRerror); \
return; \
}} while (0)
/* check req->async_states->status and if not OK then send an error reply */
#define CHECK_ASYNC_STATUS do { \
if (!NT_STATUS_IS_OK(req->async_states->status)) { \
req_reply_error(req, req->async_states->status); \
return; \
}} while (0)
/* useful wrapper for talloc with NO_MEMORY reply */
#define REQ_TALLOC(ptr, size) do { \
ptr = talloc_size(req, size); \
if (!ptr) { \
req_reply_error(req, NT_STATUS_NO_MEMORY); \
return; \
}} while (0)
/*
check if the backend wants to handle the request asynchronously.
if it wants it handled synchronously then call the send function
immediately
*/
#define REQ_ASYNC_TAIL do { \
if (!(req->async_states->state & NTVFS_ASYNC_STATE_ASYNC)) { \
req->async_states->send_fn(req); \
}} while (0)
/* zero out some reserved fields in a reply */
#define REQ_VWV_RESERVED(start, count) memset(req->out.vwv + VWV(start), 0, (count)*2)
/****************************************************************************
Reply to a simple request (async send)
****************************************************************************/
static void reply_simple_send(struct smbsrv_request *req)
{
CHECK_ASYNC_STATUS;
req_setup_reply(req, 0, 0);
req_send_reply(req);
}
/****************************************************************************
Reply to a tcon.
****************************************************************************/
void reply_tcon(struct smbsrv_request *req)
{
union smb_tcon con;
NTSTATUS status;
uint8_t *p;
/* parse request */
REQ_CHECK_WCT(req, 0);
con.tcon.level = RAW_TCON_TCON;
p = req->in.data;
p += req_pull_ascii4(req, &con.tcon.in.service, p, STR_TERMINATE);
p += req_pull_ascii4(req, &con.tcon.in.password, p, STR_TERMINATE);
p += req_pull_ascii4(req, &con.tcon.in.dev, p, STR_TERMINATE);
if (!con.tcon.in.service || !con.tcon.in.password || !con.tcon.in.dev) {
req_reply_error(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* call backend */
status = tcon_backend(req, &con);
if (!NT_STATUS_IS_OK(status)) {
req_reply_error(req, status);
return;
}
/* construct reply */
req_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), con.tcon.out.max_xmit);
SSVAL(req->out.vwv, VWV(1), con.tcon.out.tid);
SSVAL(req->out.hdr, HDR_TID, req->tcon->tid);
req_send_reply(req);
}
/****************************************************************************
Reply to a tcon and X.
****************************************************************************/
void reply_tcon_and_X(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_tcon con;
uint8_t *p;
uint16_t passlen;
con.tconx.level = RAW_TCON_TCONX;
/* parse request */
REQ_CHECK_WCT(req, 4);
con.tconx.in.flags = SVAL(req->in.vwv, VWV(2));
passlen = SVAL(req->in.vwv, VWV(3));
p = req->in.data;
if (!req_pull_blob(req, p, passlen, &con.tconx.in.password)) {
req_reply_error(req, NT_STATUS_ILL_FORMED_PASSWORD);
return;
}
p += passlen;
p += req_pull_string(req, &con.tconx.in.path, p, -1, STR_TERMINATE);
p += req_pull_string(req, &con.tconx.in.device, p, -1, STR_ASCII);
if (!con.tconx.in.path || !con.tconx.in.device) {
req_reply_error(req, NT_STATUS_BAD_DEVICE_TYPE);
return;
}
/* call backend */
status = tcon_backend(req, &con);
if (!NT_STATUS_IS_OK(status)) {
req_reply_error(req, status);
return;
}
/* construct reply - two variants */
if (req->smb_conn->negotiate.protocol < PROTOCOL_NT1) {
req_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
req_push_str(req, NULL, con.tconx.out.dev_type, -1, STR_TERMINATE|STR_ASCII);
} else {
req_setup_reply(req, 3, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), con.tconx.out.options);
req_push_str(req, NULL, con.tconx.out.dev_type, -1, STR_TERMINATE|STR_ASCII);
req_push_str(req, NULL, con.tconx.out.fs_type, -1, STR_TERMINATE);
}
/* set the incoming and outgoing tid to the just created one */
SSVAL(req->in.hdr, HDR_TID, con.tconx.out.tid);
SSVAL(req->out.hdr,HDR_TID, con.tconx.out.tid);
chain_reply(req);
}
/****************************************************************************
Reply to an unknown request
****************************************************************************/
void reply_unknown(struct smbsrv_request *req)
{
int type;
type = CVAL(req->in.hdr, HDR_COM);
DEBUG(0,("unknown command type %d (0x%X)\n", type, type));
req_reply_dos_error(req, ERRSRV, ERRunknownsmb);
}
/****************************************************************************
Reply to an ioctl (async reply)
****************************************************************************/
static void reply_ioctl_send(struct smbsrv_request *req)
{
union smb_ioctl *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* the +1 is for nicer alignment */
req_setup_reply(req, 8, io->ioctl.out.blob.length+1);
SSVAL(req->out.vwv, VWV(1), io->ioctl.out.blob.length);
SSVAL(req->out.vwv, VWV(5), io->ioctl.out.blob.length);
SSVAL(req->out.vwv, VWV(6), PTR_DIFF(req->out.data, req->out.hdr) + 1);
memcpy(req->out.data+1, io->ioctl.out.blob.data, io->ioctl.out.blob.length);
req_send_reply(req);
}
/****************************************************************************
Reply to an ioctl.
****************************************************************************/
void reply_ioctl(struct smbsrv_request *req)
{
union smb_ioctl *io;
/* parse request */
REQ_CHECK_WCT(req, 3);
REQ_TALLOC(io, sizeof(*io));
io->ioctl.level = RAW_IOCTL_IOCTL;
io->ioctl.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->ioctl.in.request = IVAL(req->in.vwv, VWV(1));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_ioctl_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_ioctl(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a chkpth.
****************************************************************************/
void reply_chkpth(struct smbsrv_request *req)
{
struct smb_chkpath *io;
REQ_TALLOC(io, sizeof(*io));
req_pull_ascii4(req, &io->in.path, req->in.data, STR_TERMINATE);
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
req->async_states->status = ntvfs_chkpath(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a getatr (async reply)
****************************************************************************/
static void reply_getatr_send(struct smbsrv_request *req)
{
union smb_fileinfo *st = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 10, 0);
SSVAL(req->out.vwv, VWV(0), st->getattr.out.attrib);
srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(1), st->getattr.out.write_time);
SIVAL(req->out.vwv, VWV(3), st->getattr.out.size);
REQ_VWV_RESERVED(5, 5);
req_send_reply(req);
}
/****************************************************************************
Reply to a getatr.
****************************************************************************/
void reply_getatr(struct smbsrv_request *req)
{
union smb_fileinfo *st;
REQ_TALLOC(st, sizeof(*st));
st->getattr.level = RAW_FILEINFO_GETATTR;
/* parse request */
req_pull_ascii4(req, &st->getattr.in.fname, req->in.data, STR_TERMINATE);
if (!st->getattr.in.fname) {
req_reply_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_getatr_send;
req->async_states->private_data = st;
/* call backend */
req->async_states->status = ntvfs_qpathinfo(req, st);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a setatr.
****************************************************************************/
void reply_setatr(struct smbsrv_request *req)
{
union smb_setfileinfo *st;
/* parse request */
REQ_CHECK_WCT(req, 8);
REQ_TALLOC(st, sizeof(*st));
st->setattr.level = RAW_SFILEINFO_SETATTR;
st->setattr.in.attrib = SVAL(req->in.vwv, VWV(0));
st->setattr.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
req_pull_ascii4(req, &st->setattr.file.fname, req->in.data, STR_TERMINATE);
if (!st->setattr.file.fname) {
req_reply_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_setpathinfo(req, st);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a dskattr (async reply)
****************************************************************************/
static void reply_dskattr_send(struct smbsrv_request *req)
{
union smb_fsinfo *fs = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 5, 0);
SSVAL(req->out.vwv, VWV(0), fs->dskattr.out.units_total);
SSVAL(req->out.vwv, VWV(1), fs->dskattr.out.blocks_per_unit);
SSVAL(req->out.vwv, VWV(2), fs->dskattr.out.block_size);
SSVAL(req->out.vwv, VWV(3), fs->dskattr.out.units_free);
REQ_VWV_RESERVED(4, 1);
req_send_reply(req);
}
/****************************************************************************
Reply to a dskattr.
****************************************************************************/
void reply_dskattr(struct smbsrv_request *req)
{
union smb_fsinfo *fs;
REQ_TALLOC(fs, sizeof(*fs));
fs->dskattr.level = RAW_QFS_DSKATTR;
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_dskattr_send;
req->async_states->private_data = fs;
/* call backend */
req->async_states->status = ntvfs_fsinfo(req, fs);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to an open (async reply)
****************************************************************************/
static void reply_open_send(struct smbsrv_request *req)
{
union smb_open *oi = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 7, 0);
SSVAL(req->out.vwv, VWV(0), oi->openold.out.fnum);
SSVAL(req->out.vwv, VWV(1), oi->openold.out.attrib);
srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(2), oi->openold.out.write_time);
SIVAL(req->out.vwv, VWV(4), oi->openold.out.size);
SSVAL(req->out.vwv, VWV(6), oi->openold.out.rmode);
req_send_reply(req);
}
/****************************************************************************
Reply to an open.
****************************************************************************/
void reply_open(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse request */
REQ_CHECK_WCT(req, 2);
REQ_TALLOC(oi, sizeof(*oi));
oi->openold.level = RAW_OPEN_OPEN;
oi->openold.in.open_mode = SVAL(req->in.vwv, VWV(0));
oi->openold.in.search_attrs = SVAL(req->in.vwv, VWV(1));
req_pull_ascii4(req, &oi->openold.in.fname, req->in.data, STR_TERMINATE);
if (!oi->openold.in.fname) {
req_reply_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_open_send;
req->async_states->private_data = oi;
/* call backend */
req->async_states->status = ntvfs_openfile(req, oi);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to an open and X (async reply)
****************************************************************************/
static void reply_open_and_X_send(struct smbsrv_request *req)
{
union smb_open *oi = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* build the reply */
if (oi->openx.in.flags & OPENX_FLAGS_EXTENDED_RETURN) {
req_setup_reply(req, 19, 0);
} else {
req_setup_reply(req, 15, 0);
}
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), oi->openx.out.fnum);
SSVAL(req->out.vwv, VWV(3), oi->openx.out.attrib);
srv_push_dos_date3(req->smb_conn, req->out.vwv, VWV(4), oi->openx.out.write_time);
SIVAL(req->out.vwv, VWV(6), oi->openx.out.size);
SSVAL(req->out.vwv, VWV(8), oi->openx.out.access);
SSVAL(req->out.vwv, VWV(9), oi->openx.out.ftype);
SSVAL(req->out.vwv, VWV(10),oi->openx.out.devstate);
SSVAL(req->out.vwv, VWV(11),oi->openx.out.action);
SIVAL(req->out.vwv, VWV(12),oi->openx.out.unique_fid);
SSVAL(req->out.vwv, VWV(14),0); /* reserved */
if (oi->openx.in.flags & OPENX_FLAGS_EXTENDED_RETURN) {
SIVAL(req->out.vwv, VWV(15),oi->openx.out.access_mask);
REQ_VWV_RESERVED(17, 2);
}
req->chained_fnum = oi->openx.out.fnum;
chain_reply(req);
}
/****************************************************************************
Reply to an open and X.
****************************************************************************/
void reply_open_and_X(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse the request */
REQ_CHECK_WCT(req, 15);
REQ_TALLOC(oi, sizeof(*oi));
oi->openx.level = RAW_OPEN_OPENX;
oi->openx.in.flags = SVAL(req->in.vwv, VWV(2));
oi->openx.in.open_mode = SVAL(req->in.vwv, VWV(3));
oi->openx.in.search_attrs = SVAL(req->in.vwv, VWV(4));
oi->openx.in.file_attrs = SVAL(req->in.vwv, VWV(5));
oi->openx.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(6));
oi->openx.in.open_func = SVAL(req->in.vwv, VWV(8));
oi->openx.in.size = IVAL(req->in.vwv, VWV(9));
oi->openx.in.timeout = IVAL(req->in.vwv, VWV(11));
req_pull_ascii4(req, &oi->openx.in.fname, req->in.data, STR_TERMINATE);
if (!oi->openx.in.fname) {
req_reply_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_open_and_X_send;
req->async_states->private_data = oi;
/* call the backend */
req->async_states->status = ntvfs_openfile(req, oi);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a mknew or a create.
****************************************************************************/
static void reply_mknew_send(struct smbsrv_request *req)
{
union smb_open *oi = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* build the reply */
req_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), oi->mknew.out.fnum);
req_send_reply(req);
}
/****************************************************************************
Reply to a mknew or a create.
****************************************************************************/
void reply_mknew(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse the request */
REQ_CHECK_WCT(req, 3);
REQ_TALLOC(oi, sizeof(*oi));
if (CVAL(req->in.hdr, HDR_COM) == SMBmknew) {
oi->mknew.level = RAW_OPEN_MKNEW;
} else {
oi->mknew.level = RAW_OPEN_CREATE;
}
oi->mknew.in.attrib = SVAL(req->in.vwv, VWV(0));
oi->mknew.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
req_pull_ascii4(req, &oi->mknew.in.fname, req->in.data, STR_TERMINATE);
if (!oi->mknew.in.fname) {
req_reply_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_mknew_send;
req->async_states->private_data = oi;
/* call the backend */
req->async_states->status = ntvfs_openfile(req, oi);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a create temporary file (async reply)
****************************************************************************/
static void reply_ctemp_send(struct smbsrv_request *req)
{
union smb_open *oi = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* build the reply */
req_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), oi->ctemp.out.fnum);
/* the returned filename is relative to the directory */
req_push_str(req, NULL, oi->ctemp.out.name, -1, STR_TERMINATE | STR_ASCII);
req_send_reply(req);
}
/****************************************************************************
Reply to a create temporary file.
****************************************************************************/
void reply_ctemp(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse the request */
REQ_CHECK_WCT(req, 3);
REQ_TALLOC(oi, sizeof(*oi));
oi->ctemp.level = RAW_OPEN_CTEMP;
oi->ctemp.in.attrib = SVAL(req->in.vwv, VWV(0));
oi->ctemp.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
/* the filename is actually a directory name, the server provides a filename
in that directory */
req_pull_ascii4(req, &oi->ctemp.in.directory, req->in.data, STR_TERMINATE);
if (!oi->ctemp.in.directory) {
req_reply_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_ctemp_send;
req->async_states->private_data = oi;
/* call the backend */
req->async_states->status = ntvfs_openfile(req, oi);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a unlink
****************************************************************************/
void reply_unlink(struct smbsrv_request *req)
{
struct smb_unlink *unl;
/* parse the request */
REQ_CHECK_WCT(req, 1);
REQ_TALLOC(unl, sizeof(*unl));
unl->in.attrib = SVAL(req->in.vwv, VWV(0));
req_pull_ascii4(req, &unl->in.pattern, req->in.data, STR_TERMINATE);
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_unlink(req, unl);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a readbraw (core+ protocol).
this is a strange packet because it doesn't use a standard SMB header in the reply,
only the 4 byte NBT header
This command must be replied to synchronously
****************************************************************************/
void reply_readbraw(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_read io;
io.readbraw.level = RAW_READ_READBRAW;
/* there are two variants, one with 10 and one with 8 command words */
if (req->in.wct < 8) {
goto failed;
}
io.readbraw.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io.readbraw.in.offset = IVAL(req->in.vwv, VWV(1));
io.readbraw.in.maxcnt = SVAL(req->in.vwv, VWV(3));
io.readbraw.in.mincnt = SVAL(req->in.vwv, VWV(4));
io.readbraw.in.timeout = IVAL(req->in.vwv, VWV(5));
/* the 64 bit variant */
if (req->in.wct == 10) {
uint32_t offset_high = IVAL(req->in.vwv, VWV(8));
io.readbraw.in.offset |= (((off_t)offset_high) << 32);
}
/* before calling the backend we setup the raw buffer. This
* saves a copy later */
req->out.size = io.readbraw.in.maxcnt + NBT_HDR_SIZE;
req->out.buffer = talloc_size(req, req->out.size);
if (req->out.buffer == NULL) {
goto failed;
}
SIVAL(req->out.buffer, 0, 0); /* init NBT header */
/* tell the backend where to put the data */
io.readbraw.out.data = req->out.buffer + NBT_HDR_SIZE;
/* call the backend */
status = ntvfs_read(req, &io);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
req->out.size = io.readbraw.out.nread + NBT_HDR_SIZE;
req_send_reply_nosign(req);
return;
failed:
/* any failure in readbraw is equivalent to reading zero bytes */
req->out.size = 4;
req->out.buffer = talloc_size(req, req->out.size);
SIVAL(req->out.buffer, 0, 0); /* init NBT header */
req_send_reply_nosign(req);
}
/****************************************************************************
Reply to a lockread (async reply)
****************************************************************************/
static void reply_lockread_send(struct smbsrv_request *req)
{
union smb_read *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* trim packet */
io->lockread.out.nread = MIN(io->lockread.out.nread,
req_max_data(req) - 3);
req_grow_data(req, 3 + io->lockread.out.nread);
/* construct reply */
SSVAL(req->out.vwv, VWV(0), io->lockread.out.nread);
REQ_VWV_RESERVED(1, 4);
SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
SSVAL(req->out.data, 1, io->lockread.out.nread);
req_send_reply(req);
}
/****************************************************************************
Reply to a lockread (core+ protocol).
note that the lock is a write lock, not a read lock!
****************************************************************************/
void reply_lockread(struct smbsrv_request *req)
{
union smb_read *io;
/* parse request */
REQ_CHECK_WCT(req, 5);
REQ_TALLOC(io, sizeof(*io));
io->lockread.level = RAW_READ_LOCKREAD;
io->lockread.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->lockread.in.count = SVAL(req->in.vwv, VWV(1));
io->lockread.in.offset = IVAL(req->in.vwv, VWV(2));
io->lockread.in.remaining = SVAL(req->in.vwv, VWV(4));
/* setup the reply packet assuming the maximum possible read */
req_setup_reply(req, 5, 3 + io->lockread.in.count);
/* tell the backend where to put the data */
io->lockread.out.data = req->out.data + 3;
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_lockread_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_read(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a read (async reply)
****************************************************************************/
static void reply_read_send(struct smbsrv_request *req)
{
union smb_read *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* trim packet */
io->read.out.nread = MIN(io->read.out.nread,
req_max_data(req) - 3);
req_grow_data(req, 3 + io->read.out.nread);
/* construct reply */
SSVAL(req->out.vwv, VWV(0), io->read.out.nread);
REQ_VWV_RESERVED(1, 4);
SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
SSVAL(req->out.data, 1, io->read.out.nread);
req_send_reply(req);
}
/****************************************************************************
Reply to a read.
****************************************************************************/
void reply_read(struct smbsrv_request *req)
{
union smb_read *io;
/* parse request */
REQ_CHECK_WCT(req, 5);
REQ_TALLOC(io, sizeof(*io));
io->read.level = RAW_READ_READ;
io->read.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->read.in.count = SVAL(req->in.vwv, VWV(1));
io->read.in.offset = IVAL(req->in.vwv, VWV(2));
io->read.in.remaining = SVAL(req->in.vwv, VWV(4));
/* setup the reply packet assuming the maximum possible read */
req_setup_reply(req, 5, 3 + io->read.in.count);
/* tell the backend where to put the data */
io->read.out.data = req->out.data + 3;
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_read_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_read(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a read and X (async reply)
****************************************************************************/
static void reply_read_and_X_send(struct smbsrv_request *req)
{
union smb_read *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* readx reply packets can be over-sized */
req->control_flags |= REQ_CONTROL_LARGE;
if (io->readx.in.maxcnt != 0xFFFF &&
io->readx.in.mincnt != 0xFFFF) {
req_grow_data(req, 1 + io->readx.out.nread);
SCVAL(req->out.data, 0, 0); /* padding */
} else {
req_grow_data(req, io->readx.out.nread);
}
/* construct reply */
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), io->readx.out.remaining);
SSVAL(req->out.vwv, VWV(3), io->readx.out.compaction_mode);
REQ_VWV_RESERVED(4, 1);
SSVAL(req->out.vwv, VWV(5), io->readx.out.nread);
SSVAL(req->out.vwv, VWV(6), PTR_DIFF(io->readx.out.data, req->out.hdr));
REQ_VWV_RESERVED(7, 5);
chain_reply(req);
}
/****************************************************************************
Reply to a read and X.
****************************************************************************/
void reply_read_and_X(struct smbsrv_request *req)
{
union smb_read *io;
/* parse request */
if (req->in.wct != 12) {
REQ_CHECK_WCT(req, 10);
}
REQ_TALLOC(io, sizeof(*io));
io->readx.level = RAW_READ_READX;
io->readx.in.fnum = req_fnum(req, req->in.vwv, VWV(2));
io->readx.in.offset = IVAL(req->in.vwv, VWV(3));
io->readx.in.maxcnt = SVAL(req->in.vwv, VWV(5));
io->readx.in.mincnt = SVAL(req->in.vwv, VWV(6));
io->readx.in.remaining = SVAL(req->in.vwv, VWV(9));
if (req->smb_conn->negotiate.client_caps & CAP_LARGE_READX) {
uint32_t high_part = IVAL(req->in.vwv, VWV(7));
if (high_part == 1) {
io->readx.in.maxcnt |= high_part << 16;
}
}
/* the 64 bit variant */
if (req->in.wct == 12) {
uint32_t offset_high = IVAL(req->in.vwv, VWV(10));
io->readx.in.offset |= (((uint64_t)offset_high) << 32);
}
/* setup the reply packet assuming the maximum possible read */
req_setup_reply(req, 12, 1 + io->readx.in.maxcnt);
/* tell the backend where to put the data. Notice the pad byte. */
if (io->readx.in.maxcnt != 0xFFFF &&
io->readx.in.mincnt != 0xFFFF) {
io->readx.out.data = req->out.data + 1;
} else {
io->readx.out.data = req->out.data;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_read_and_X_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_read(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a writebraw (core+ or LANMAN1.0 protocol).
****************************************************************************/
void reply_writebraw(struct smbsrv_request *req)
{
req_reply_dos_error(req, ERRSRV, ERRuseSTD);
}
/****************************************************************************
Reply to a writeunlock (async reply)
****************************************************************************/
static void reply_writeunlock_send(struct smbsrv_request *req)
{
union smb_write *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), io->writeunlock.out.nwritten);
req_send_reply(req);
}
/****************************************************************************
Reply to a writeunlock (core+).
****************************************************************************/
void reply_writeunlock(struct smbsrv_request *req)
{
union smb_write *io;
REQ_CHECK_WCT(req, 5);
REQ_TALLOC(io, sizeof(*io));
io->writeunlock.level = RAW_WRITE_WRITEUNLOCK;
io->writeunlock.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->writeunlock.in.count = SVAL(req->in.vwv, VWV(1));
io->writeunlock.in.offset = IVAL(req->in.vwv, VWV(2));
io->writeunlock.in.remaining = SVAL(req->in.vwv, VWV(4));
io->writeunlock.in.data = req->in.data + 3;
/* make sure they gave us the data they promised */
if (io->writeunlock.in.count+3 > req->in.data_size) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
/* make sure the data block is big enough */
if (SVAL(req->in.data, 1) < io->writeunlock.in.count) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_writeunlock_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_write(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a write (async reply)
****************************************************************************/
static void reply_write_send(struct smbsrv_request *req)
{
union smb_write *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), io->write.out.nwritten);
req_send_reply(req);
}
/****************************************************************************
Reply to a write
****************************************************************************/
void reply_write(struct smbsrv_request *req)
{
union smb_write *io;
REQ_CHECK_WCT(req, 5);
REQ_TALLOC(io, sizeof(*io));
io->write.level = RAW_WRITE_WRITE;
io->write.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->write.in.count = SVAL(req->in.vwv, VWV(1));
io->write.in.offset = IVAL(req->in.vwv, VWV(2));
io->write.in.remaining = SVAL(req->in.vwv, VWV(4));
io->write.in.data = req->in.data + 3;
/* make sure they gave us the data they promised */
if (req_data_oob(req, io->write.in.data, io->write.in.count)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
/* make sure the data block is big enough */
if (SVAL(req->in.data, 1) < io->write.in.count) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_write_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_write(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a write and X (async reply)
****************************************************************************/
static void reply_write_and_X_send(struct smbsrv_request *req)
{
union smb_write *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 6, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), io->writex.out.nwritten & 0xFFFF);
SSVAL(req->out.vwv, VWV(3), io->writex.out.remaining);
SSVAL(req->out.vwv, VWV(4), io->writex.out.nwritten >> 16);
REQ_VWV_RESERVED(5, 1);
chain_reply(req);
}
/****************************************************************************
Reply to a write and X.
****************************************************************************/
void reply_write_and_X(struct smbsrv_request *req)
{
union smb_write *io;
if (req->in.wct != 14) {
REQ_CHECK_WCT(req, 12);
}
REQ_TALLOC(io, sizeof(*io));
io->writex.level = RAW_WRITE_WRITEX;
io->writex.in.fnum = req_fnum(req, req->in.vwv, VWV(2));
io->writex.in.offset = IVAL(req->in.vwv, VWV(3));
io->writex.in.wmode = SVAL(req->in.vwv, VWV(7));
io->writex.in.remaining = SVAL(req->in.vwv, VWV(8));
io->writex.in.count = SVAL(req->in.vwv, VWV(10));
io->writex.in.data = req->in.hdr + SVAL(req->in.vwv, VWV(11));
if (req->in.wct == 14) {
uint32_t offset_high = IVAL(req->in.vwv, VWV(12));
uint16_t count_high = SVAL(req->in.vwv, VWV(9));
io->writex.in.offset |= (((uint64_t)offset_high) << 32);
io->writex.in.count |= ((uint32_t)count_high) << 16;
}
/* make sure the data is in bounds */
if (req_data_oob(req, io->writex.in.data, io->writex.in.count)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_write_and_X_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_write(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a lseek (async reply)
****************************************************************************/
static void reply_lseek_send(struct smbsrv_request *req)
{
struct smb_seek *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 2, 0);
SIVALS(req->out.vwv, VWV(0), io->out.offset);
req_send_reply(req);
}
/****************************************************************************
Reply to a lseek.
****************************************************************************/
void reply_lseek(struct smbsrv_request *req)
{
struct smb_seek *io;
REQ_CHECK_WCT(req, 4);
REQ_TALLOC(io, sizeof(*io));
io->in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->in.mode = SVAL(req->in.vwv, VWV(1));
io->in.offset = IVALS(req->in.vwv, VWV(2));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_lseek_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_seek(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a flush.
****************************************************************************/
void reply_flush(struct smbsrv_request *req)
{
struct smb_flush *io;
/* parse request */
REQ_CHECK_WCT(req, 1);
REQ_TALLOC(io, sizeof(*io));
io->in.fnum = req_fnum(req, req->in.vwv, VWV(0));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_flush(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a exit. This closes all files open by a smbpid
****************************************************************************/
void reply_exit(struct smbsrv_request *req)
{
NTSTATUS status;
struct smbsrv_tcon *tcon;
REQ_CHECK_WCT(req, 0);
for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
req->tcon = tcon;
status = ntvfs_exit(req);
req->tcon = NULL;
if (!NT_STATUS_IS_OK(status)) {
req_reply_error(req, status);
return;
}
}
req_setup_reply(req, 0, 0);
req_send_reply(req);
}
/****************************************************************************
Reply to a close
Note that this has to deal with closing a directory opened by NT SMB's.
****************************************************************************/
void reply_close(struct smbsrv_request *req)
{
union smb_close *io;
/* parse request */
REQ_CHECK_WCT(req, 3);
REQ_TALLOC(io, sizeof(*io));
io->close.level = RAW_CLOSE_CLOSE;
io->close.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->close.in.write_time = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(1));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_close(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a writeclose (async reply)
****************************************************************************/
static void reply_writeclose_send(struct smbsrv_request *req)
{
union smb_write *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), io->write.out.nwritten);
req_send_reply(req);
}
/****************************************************************************
Reply to a writeclose (Core+ protocol).
****************************************************************************/
void reply_writeclose(struct smbsrv_request *req)
{
union smb_write *io;
/* this one is pretty weird - the wct can be 6 or 12 */
if (req->in.wct != 12) {
REQ_CHECK_WCT(req, 6);
}
REQ_TALLOC(io, sizeof(*io));
io->writeclose.level = RAW_WRITE_WRITECLOSE;
io->writeclose.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->writeclose.in.count = SVAL(req->in.vwv, VWV(1));
io->writeclose.in.offset = IVAL(req->in.vwv, VWV(2));
io->writeclose.in.mtime = srv_pull_dos_date3(req->smb_conn, req->in.vwv + VWV(4));
io->writeclose.in.data = req->in.data + 1;
/* make sure they gave us the data they promised */
if (req_data_oob(req, io->writeclose.in.data, io->writeclose.in.count)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_writeclose_send;
req->async_states->private_data = io;
/* call backend */
req->async_states->status = ntvfs_write(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a lock.
****************************************************************************/
void reply_lock(struct smbsrv_request *req)
{
union smb_lock *lck;
/* parse request */
REQ_CHECK_WCT(req, 5);
REQ_TALLOC(lck, sizeof(*lck));
lck->lock.level = RAW_LOCK_LOCK;
lck->lock.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
lck->lock.in.count = IVAL(req->in.vwv, VWV(1));
lck->lock.in.offset = IVAL(req->in.vwv, VWV(3));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_lock(req, lck);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a unlock.
****************************************************************************/
void reply_unlock(struct smbsrv_request *req)
{
union smb_lock *lck;
/* parse request */
REQ_CHECK_WCT(req, 5);
REQ_TALLOC(lck, sizeof(*lck));
lck->unlock.level = RAW_LOCK_UNLOCK;
lck->unlock.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
lck->unlock.in.count = IVAL(req->in.vwv, VWV(1));
lck->unlock.in.offset = IVAL(req->in.vwv, VWV(3));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_lock(req, lck);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a tdis.
****************************************************************************/
void reply_tdis(struct smbsrv_request *req)
{
REQ_CHECK_WCT(req, 0);
if (req->tcon == NULL) {
req_reply_error(req, NT_STATUS_INVALID_HANDLE);
return;
}
talloc_free(req->tcon);
/* construct reply */
req_setup_reply(req, 0, 0);
req_send_reply(req);
}
/****************************************************************************
Reply to a echo. This is one of the few calls that is handled directly (the
backends don't see it at all)
****************************************************************************/
void reply_echo(struct smbsrv_request *req)
{
uint16_t count;
int i;
REQ_CHECK_WCT(req, 0);
count = SVAL(req->in.vwv, VWV(0));
req_setup_reply(req, 1, req->in.data_size);
memcpy(req->out.data, req->in.data, req->in.data_size);
for (i=1; i <= count;i++) {
struct smbsrv_request *this_req;
if (i != count) {
this_req = req_setup_secondary(req);
} else {
this_req = req;
}
SSVAL(this_req->out.vwv, VWV(0), i);
req_send_reply(this_req);
}
}
/****************************************************************************
Reply to a printopen (async reply)
****************************************************************************/
static void reply_printopen_send(struct smbsrv_request *req)
{
union smb_open *oi = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), oi->openold.out.fnum);
req_send_reply(req);
}
/****************************************************************************
Reply to a printopen.
****************************************************************************/
void reply_printopen(struct smbsrv_request *req)
{
union smb_open *oi;
/* parse request */
REQ_CHECK_WCT(req, 2);
REQ_TALLOC(oi, sizeof(*oi));
oi->splopen.level = RAW_OPEN_SPLOPEN;
oi->splopen.in.setup_length = SVAL(req->in.vwv, VWV(0));
oi->splopen.in.mode = SVAL(req->in.vwv, VWV(1));
req_pull_ascii4(req, &oi->splopen.in.ident, req->in.data, STR_TERMINATE);
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_printopen_send;
req->async_states->private_data = oi;
/* call backend */
req->async_states->status = ntvfs_openfile(req, oi);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a printclose.
****************************************************************************/
void reply_printclose(struct smbsrv_request *req)
{
union smb_close *io;
/* parse request */
REQ_CHECK_WCT(req, 3);
REQ_TALLOC(io, sizeof(*io));
io->splclose.level = RAW_CLOSE_SPLCLOSE;
io->splclose.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_close(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a printqueue.
****************************************************************************/
void reply_printqueue_send(struct smbsrv_request *req)
{
union smb_lpq *lpq = req->async_states->private_data;
int i, maxcount;
const uint_t el_size = 28;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 2, 0);
/* truncate the returned list to fit in the negotiated buffer size */
maxcount = (req_max_data(req) - 3) / el_size;
if (maxcount < lpq->retq.out.count) {
lpq->retq.out.count = maxcount;
}
/* setup enough space in the reply */
req_grow_data(req, 3 + el_size*lpq->retq.out.count);
/* and fill it in */
SSVAL(req->out.vwv, VWV(0), lpq->retq.out.count);
SSVAL(req->out.vwv, VWV(1), lpq->retq.out.restart_idx);
SCVAL(req->out.data, 0, SMB_DATA_BLOCK);
SSVAL(req->out.data, 1, el_size*lpq->retq.out.count);
req->out.ptr = req->out.data + 3;
for (i=0;i<lpq->retq.out.count;i++) {
srv_push_dos_date2(req->smb_conn, req->out.ptr, 0 , lpq->retq.out.queue[i].time);
SCVAL(req->out.ptr, 4, lpq->retq.out.queue[i].status);
SSVAL(req->out.ptr, 5, lpq->retq.out.queue[i].job);
SIVAL(req->out.ptr, 7, lpq->retq.out.queue[i].size);
SCVAL(req->out.ptr, 11, 0); /* reserved */
req_push_str(req, req->out.ptr+12, lpq->retq.out.queue[i].user, 16, STR_ASCII);
req->out.ptr += el_size;
}
req_send_reply(req);
}
/****************************************************************************
Reply to a printqueue.
****************************************************************************/
void reply_printqueue(struct smbsrv_request *req)
{
union smb_lpq *lpq;
/* parse request */
REQ_CHECK_WCT(req, 2);
REQ_TALLOC(lpq, sizeof(*lpq));
lpq->retq.level = RAW_LPQ_RETQ;
lpq->retq.in.maxcount = SVAL(req->in.vwv, VWV(0));
lpq->retq.in.startidx = SVAL(req->in.vwv, VWV(1));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_printqueue_send;
req->async_states->private_data = lpq;
/* call backend */
req->async_states->status = ntvfs_lpq(req, lpq);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a printwrite.
****************************************************************************/
void reply_printwrite(struct smbsrv_request *req)
{
union smb_write *io;
/* parse request */
REQ_CHECK_WCT(req, 1);
REQ_TALLOC(io, sizeof(*io));
io->splwrite.level = RAW_WRITE_SPLWRITE;
if (req->in.data_size < 3) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
io->splwrite.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
io->splwrite.in.count = SVAL(req->in.data, 1);
io->splwrite.in.data = req->in.data + 3;
/* make sure they gave us the data they promised */
if (req_data_oob(req, io->splwrite.in.data, io->splwrite.in.count)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_write(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a mkdir.
****************************************************************************/
void reply_mkdir(struct smbsrv_request *req)
{
union smb_mkdir *io;
/* parse the request */
REQ_CHECK_WCT(req, 0);
REQ_TALLOC(io, sizeof(*io));
io->generic.level = RAW_MKDIR_MKDIR;
req_pull_ascii4(req, &io->mkdir.in.path, req->in.data, STR_TERMINATE);
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_mkdir(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a rmdir.
****************************************************************************/
void reply_rmdir(struct smbsrv_request *req)
{
struct smb_rmdir *io;
/* parse the request */
REQ_CHECK_WCT(req, 0);
REQ_TALLOC(io, sizeof(*io));
req_pull_ascii4(req, &io->in.path, req->in.data, STR_TERMINATE);
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_rmdir(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a mv.
****************************************************************************/
void reply_mv(struct smbsrv_request *req)
{
union smb_rename *io;
uint8_t *p;
/* parse the request */
REQ_CHECK_WCT(req, 1);
REQ_TALLOC(io, sizeof(*io));
io->generic.level = RAW_RENAME_RENAME;
io->rename.in.attrib = SVAL(req->in.vwv, VWV(0));
p = req->in.data;
p += req_pull_ascii4(req, &io->rename.in.pattern1, p, STR_TERMINATE);
p += req_pull_ascii4(req, &io->rename.in.pattern2, p, STR_TERMINATE);
if (!io->rename.in.pattern1 || !io->rename.in.pattern2) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_rename(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to an NT rename.
****************************************************************************/
void reply_ntrename(struct smbsrv_request *req)
{
union smb_rename *io;
uint8_t *p;
/* parse the request */
REQ_CHECK_WCT(req, 4);
REQ_TALLOC(io, sizeof(*io));
io->generic.level = RAW_RENAME_NTRENAME;
io->ntrename.in.attrib = SVAL(req->in.vwv, VWV(0));
io->ntrename.in.flags = SVAL(req->in.vwv, VWV(1));
io->ntrename.in.cluster_size = IVAL(req->in.vwv, VWV(2));
p = req->in.data;
p += req_pull_ascii4(req, &io->ntrename.in.old_name, p, STR_TERMINATE);
p += req_pull_ascii4(req, &io->ntrename.in.new_name, p, STR_TERMINATE);
if (!io->ntrename.in.old_name || !io->ntrename.in.new_name) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_rename(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a file copy (async reply)
****************************************************************************/
static void reply_copy_send(struct smbsrv_request *req)
{
struct smb_copy *cp = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* build the reply */
req_setup_reply(req, 1, 0);
SSVAL(req->out.vwv, VWV(0), cp->out.count);
req_send_reply(req);
}
/****************************************************************************
Reply to a file copy.
****************************************************************************/
void reply_copy(struct smbsrv_request *req)
{
struct smb_copy *cp;
uint8_t *p;
/* parse request */
REQ_CHECK_WCT(req, 3);
REQ_TALLOC(cp, sizeof(*cp));
cp->in.tid2 = SVAL(req->in.vwv, VWV(0));
cp->in.ofun = SVAL(req->in.vwv, VWV(1));
cp->in.flags = SVAL(req->in.vwv, VWV(2));
p = req->in.data;
p += req_pull_ascii4(req, &cp->in.path1, p, STR_TERMINATE);
p += req_pull_ascii4(req, &cp->in.path2, p, STR_TERMINATE);
if (!cp->in.path1 || !cp->in.path2) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_copy_send;
req->async_states->private_data = cp;
/* call backend */
req->async_states->status = ntvfs_copy(req, cp);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a lockingX request (async send)
****************************************************************************/
static void reply_lockingX_send(struct smbsrv_request *req)
{
union smb_lock *lck = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* if it was an oplock break ack then we only send a reply if
there was an error */
if (lck->lockx.in.ulock_cnt + lck->lockx.in.lock_cnt == 0) {
req_destroy(req);
return;
}
/* construct reply */
req_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
chain_reply(req);
}
/****************************************************************************
Reply to a lockingX request.
****************************************************************************/
void reply_lockingX(struct smbsrv_request *req)
{
union smb_lock *lck;
uint_t total_locks, i;
uint_t lck_size;
uint8_t *p;
/* parse request */
REQ_CHECK_WCT(req, 8);
REQ_TALLOC(lck, sizeof(*lck));
lck->lockx.level = RAW_LOCK_LOCKX;
lck->lockx.in.fnum = req_fnum(req, req->in.vwv, VWV(2));
lck->lockx.in.mode = SVAL(req->in.vwv, VWV(3));
lck->lockx.in.timeout = IVAL(req->in.vwv, VWV(4));
lck->lockx.in.ulock_cnt = SVAL(req->in.vwv, VWV(6));
lck->lockx.in.lock_cnt = SVAL(req->in.vwv, VWV(7));
total_locks = lck->lockx.in.ulock_cnt + lck->lockx.in.lock_cnt;
/* there are two variants, one with 64 bit offsets and counts */
if (lck->lockx.in.mode & LOCKING_ANDX_LARGE_FILES) {
lck_size = 20;
} else {
lck_size = 10;
}
/* make sure we got the promised data */
if (req_data_oob(req, req->in.data, total_locks * lck_size)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
/* allocate the locks array */
if (total_locks) {
REQ_TALLOC(lck->lockx.in.locks, total_locks * sizeof(lck->lockx.in.locks[0]));
}
p = req->in.data;
/* construct the locks array */
for (i=0;i<total_locks;i++) {
uint32_t ofs_high=0, count_high=0;
lck->lockx.in.locks[i].pid = SVAL(p, 0);
if (lck->lockx.in.mode & LOCKING_ANDX_LARGE_FILES) {
ofs_high = IVAL(p, 4);
lck->lockx.in.locks[i].offset = IVAL(p, 8);
count_high = IVAL(p, 12);
lck->lockx.in.locks[i].count = IVAL(p, 16);
} else {
lck->lockx.in.locks[i].offset = IVAL(p, 2);
lck->lockx.in.locks[i].count = IVAL(p, 6);
}
if (ofs_high != 0 || count_high != 0) {
lck->lockx.in.locks[i].count |= ((uint64_t)count_high) << 32;
lck->lockx.in.locks[i].offset |= ((uint64_t)ofs_high) << 32;
}
p += lck_size;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_lockingX_send;
req->async_states->private_data = lck;
/* call backend */
req->async_states->status = ntvfs_lock(req, lck);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a SMBreadbmpx (read block multiplex) request.
****************************************************************************/
void reply_readbmpx(struct smbsrv_request *req)
{
/* tell the client to not use a multiplexed read - its too broken to use */
req_reply_dos_error(req, ERRSRV, ERRuseSTD);
}
/****************************************************************************
Reply to a SMBsetattrE.
****************************************************************************/
void reply_setattrE(struct smbsrv_request *req)
{
union smb_setfileinfo *info;
/* parse request */
REQ_CHECK_WCT(req, 7);
REQ_TALLOC(info, sizeof(*info));
info->setattre.level = RAW_SFILEINFO_SETATTRE;
info->setattre.file.fnum = req_fnum(req, req->in.vwv, VWV(0));
info->setattre.in.create_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(1));
info->setattre.in.access_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(3));
info->setattre.in.write_time = srv_pull_dos_date2(req->smb_conn, req->in.vwv + VWV(5));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_simple_send;
/* call backend */
req->async_states->status = ntvfs_setfileinfo(req, info);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to a SMBwritebmpx (write block multiplex primary) request.
****************************************************************************/
void reply_writebmpx(struct smbsrv_request *req)
{
req_reply_dos_error(req, ERRSRV, ERRuseSTD);
}
/****************************************************************************
Reply to a SMBwritebs (write block multiplex secondary) request.
****************************************************************************/
void reply_writebs(struct smbsrv_request *req)
{
req_reply_dos_error(req, ERRSRV, ERRuseSTD);
}
/****************************************************************************
Reply to a SMBgetattrE (async reply)
****************************************************************************/
static void reply_getattrE_send(struct smbsrv_request *req)
{
union smb_fileinfo *info = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* setup reply */
req_setup_reply(req, 11, 0);
srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(0), info->getattre.out.create_time);
srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(2), info->getattre.out.access_time);
srv_push_dos_date2(req->smb_conn, req->out.vwv, VWV(4), info->getattre.out.write_time);
SIVAL(req->out.vwv, VWV(6), info->getattre.out.size);
SIVAL(req->out.vwv, VWV(8), info->getattre.out.alloc_size);
SSVAL(req->out.vwv, VWV(10), info->getattre.out.attrib);
req_send_reply(req);
}
/****************************************************************************
Reply to a SMBgetattrE.
****************************************************************************/
void reply_getattrE(struct smbsrv_request *req)
{
union smb_fileinfo *info;
/* parse request */
REQ_CHECK_WCT(req, 1);
REQ_TALLOC(info, sizeof(*info));
info->getattr.level = RAW_FILEINFO_GETATTRE;
info->getattr.in.fnum = req_fnum(req, req->in.vwv, VWV(0));
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_getattrE_send;
req->async_states->private_data = info;
/* call backend */
req->async_states->status = ntvfs_qfileinfo(req, info);
REQ_ASYNC_TAIL;
}
/****************************************************************************
reply to an old style session setup command
****************************************************************************/
static void reply_sesssetup_old(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_sesssetup sess;
uint8_t *p;
uint16_t passlen;
sess.old.level = RAW_SESSSETUP_OLD;
/* parse request */
sess.old.in.bufsize = SVAL(req->in.vwv, VWV(2));
sess.old.in.mpx_max = SVAL(req->in.vwv, VWV(3));
sess.old.in.vc_num = SVAL(req->in.vwv, VWV(4));
sess.old.in.sesskey = IVAL(req->in.vwv, VWV(5));
passlen = SVAL(req->in.vwv, VWV(7));
/* check the request isn't malformed */
if (req_data_oob(req, req->in.data, passlen)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
p = req->in.data;
if (!req_pull_blob(req, p, passlen, &sess.old.in.password)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
p += passlen;
p += req_pull_string(req, &sess.old.in.user, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.old.in.domain, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.old.in.os, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.old.in.lanman, p, -1, STR_TERMINATE);
/* call the generic handler */
status = sesssetup_backend(req, &sess);
if (!NT_STATUS_IS_OK(status)) {
req_reply_error(req, status);
return;
}
/* construct reply */
req_setup_reply(req, 3, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), sess.old.out.action);
SSVAL(req->out.hdr, HDR_UID, sess.old.out.vuid);
chain_reply(req);
}
/****************************************************************************
reply to an NT1 style session setup command
****************************************************************************/
static void reply_sesssetup_nt1(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_sesssetup sess;
uint8_t *p;
uint16_t passlen1, passlen2;
sess.nt1.level = RAW_SESSSETUP_NT1;
/* parse request */
sess.nt1.in.bufsize = SVAL(req->in.vwv, VWV(2));
sess.nt1.in.mpx_max = SVAL(req->in.vwv, VWV(3));
sess.nt1.in.vc_num = SVAL(req->in.vwv, VWV(4));
sess.nt1.in.sesskey = IVAL(req->in.vwv, VWV(5));
passlen1 = SVAL(req->in.vwv, VWV(7));
passlen2 = SVAL(req->in.vwv, VWV(8));
sess.nt1.in.capabilities = IVAL(req->in.vwv, VWV(11));
/* check the request isn't malformed */
if (req_data_oob(req, req->in.data, passlen1) ||
req_data_oob(req, req->in.data + passlen1, passlen2)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
p = req->in.data;
if (!req_pull_blob(req, p, passlen1, &sess.nt1.in.password1)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
p += passlen1;
if (!req_pull_blob(req, p, passlen2, &sess.nt1.in.password2)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
p += passlen2;
p += req_pull_string(req, &sess.nt1.in.user, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.nt1.in.domain, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.nt1.in.os, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.nt1.in.lanman, p, -1, STR_TERMINATE);
/* call the generic handler */
status = sesssetup_backend(req, &sess);
if (!NT_STATUS_IS_OK(status)) {
req_reply_error(req, status);
return;
}
/* construct reply */
req_setup_reply(req, 3, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), sess.nt1.out.action);
SSVAL(req->out.hdr, HDR_UID, sess.nt1.out.vuid);
req_push_str(req, NULL, sess.nt1.out.os, -1, STR_TERMINATE);
req_push_str(req, NULL, sess.nt1.out.lanman, -1, STR_TERMINATE);
req_push_str(req, NULL, sess.nt1.out.domain, -1, STR_TERMINATE);
chain_reply(req);
}
/****************************************************************************
reply to an SPNEGO style session setup command
****************************************************************************/
static void reply_sesssetup_spnego(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_sesssetup sess;
uint8_t *p;
uint16_t blob_len;
sess.spnego.level = RAW_SESSSETUP_SPNEGO;
/* parse request */
sess.spnego.in.bufsize = SVAL(req->in.vwv, VWV(2));
sess.spnego.in.mpx_max = SVAL(req->in.vwv, VWV(3));
sess.spnego.in.vc_num = SVAL(req->in.vwv, VWV(4));
sess.spnego.in.sesskey = IVAL(req->in.vwv, VWV(5));
blob_len = SVAL(req->in.vwv, VWV(7));
sess.spnego.in.capabilities = IVAL(req->in.vwv, VWV(10));
p = req->in.data;
if (!req_pull_blob(req, p, blob_len, &sess.spnego.in.secblob)) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
p += blob_len;
p += req_pull_string(req, &sess.spnego.in.os, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.spnego.in.lanman, p, -1, STR_TERMINATE);
p += req_pull_string(req, &sess.spnego.in.workgroup, p, -1, STR_TERMINATE);
/* call the generic handler */
status = sesssetup_backend(req, &sess);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
req_reply_error(req, status);
return;
}
/* construct reply */
req_setup_reply(req, 4, sess.spnego.out.secblob.length);
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
req_setup_error(req, status);
}
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SSVAL(req->out.vwv, VWV(2), sess.spnego.out.action);
SSVAL(req->out.vwv, VWV(3), sess.spnego.out.secblob.length);
SSVAL(req->out.hdr, HDR_UID, sess.spnego.out.vuid);
memcpy(req->out.data, sess.spnego.out.secblob.data, sess.spnego.out.secblob.length);
req_push_str(req, NULL, sess.spnego.out.os, -1, STR_TERMINATE);
req_push_str(req, NULL, sess.spnego.out.lanman, -1, STR_TERMINATE);
req_push_str(req, NULL, sess.spnego.out.workgroup, -1, STR_TERMINATE);
chain_reply(req);
}
/****************************************************************************
reply to a session setup command
****************************************************************************/
void reply_sesssetup(struct smbsrv_request *req)
{
switch (req->in.wct) {
case 10:
/* a pre-NT1 call */
reply_sesssetup_old(req);
return;
case 13:
/* a NT1 call */
reply_sesssetup_nt1(req);
return;
case 12:
/* a SPNEGO call */
reply_sesssetup_spnego(req);
return;
}
/* unsupported variant */
req_reply_error(req, NT_STATUS_FOOBAR);
}
/****************************************************************************
Reply to a SMBulogoffX.
****************************************************************************/
void reply_ulogoffX(struct smbsrv_request *req)
{
struct smbsrv_tcon *tcon;
NTSTATUS status;
if (!req->session) {
req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
return;
}
/* in user level security we are supposed to close any files
open by this user on all open tree connects */
for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
req->tcon = tcon;
status = ntvfs_logoff(req);
req->tcon = NULL;
if (!NT_STATUS_IS_OK(status)) {
req_reply_error(req, status);
return;
}
}
talloc_free(req->session);
req->session = NULL; /* it is now invalid, don't use on
any chained packets */
req_setup_reply(req, 2, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
chain_reply(req);
}
/****************************************************************************
Reply to an SMBfindclose request
****************************************************************************/
void reply_findclose(struct smbsrv_request *req)
{
NTSTATUS status;
union smb_search_close io;
io.findclose.level = RAW_FINDCLOSE_FINDCLOSE;
/* parse request */
REQ_CHECK_WCT(req, 1);
io.findclose.in.handle = SVAL(req->in.vwv, VWV(0));
/* call backend */
status = ntvfs_search_close(req, &io);
if (!NT_STATUS_IS_OK(status)) {
req_reply_error(req, status);
return;
}
/* construct reply */
req_setup_reply(req, 0, 0);
req_send_reply(req);
}
/****************************************************************************
Reply to an SMBfindnclose request
****************************************************************************/
void reply_findnclose(struct smbsrv_request *req)
{
req_reply_error(req, NT_STATUS_FOOBAR);
}
/****************************************************************************
Reply to an SMBntcreateX request (async send)
****************************************************************************/
static void reply_ntcreate_and_X_send(struct smbsrv_request *req)
{
union smb_open *io = req->async_states->private_data;
CHECK_ASYNC_STATUS;
/* construct reply */
req_setup_reply(req, 34, 0);
SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
SSVAL(req->out.vwv, VWV(1), 0);
SCVAL(req->out.vwv, VWV(2), io->ntcreatex.out.oplock_level);
/* the rest of the parameters are not aligned! */
SSVAL(req->out.vwv, 5, io->ntcreatex.out.fnum);
SIVAL(req->out.vwv, 7, io->ntcreatex.out.create_action);
push_nttime(req->out.vwv, 11, io->ntcreatex.out.create_time);
push_nttime(req->out.vwv, 19, io->ntcreatex.out.access_time);
push_nttime(req->out.vwv, 27, io->ntcreatex.out.write_time);
push_nttime(req->out.vwv, 35, io->ntcreatex.out.change_time);
SIVAL(req->out.vwv, 43, io->ntcreatex.out.attrib);
SBVAL(req->out.vwv, 47, io->ntcreatex.out.alloc_size);
SBVAL(req->out.vwv, 55, io->ntcreatex.out.size);
SSVAL(req->out.vwv, 63, io->ntcreatex.out.file_type);
SSVAL(req->out.vwv, 65, io->ntcreatex.out.ipc_state);
SCVAL(req->out.vwv, 67, io->ntcreatex.out.is_directory);
req->chained_fnum = io->ntcreatex.out.fnum;
chain_reply(req);
}
/****************************************************************************
Reply to an SMBntcreateX request
****************************************************************************/
void reply_ntcreate_and_X(struct smbsrv_request *req)
{
union smb_open *io;
uint16_t fname_len;
/* parse the request */
REQ_CHECK_WCT(req, 24);
REQ_TALLOC(io, sizeof(*io));
io->ntcreatex.level = RAW_OPEN_NTCREATEX;
/* notice that the word parameters are not word aligned, so we don't use VWV() */
fname_len = SVAL(req->in.vwv, 5);
io->ntcreatex.in.flags = IVAL(req->in.vwv, 7);
io->ntcreatex.in.root_fid = IVAL(req->in.vwv, 11);
io->ntcreatex.in.access_mask = IVAL(req->in.vwv, 15);
io->ntcreatex.in.alloc_size = BVAL(req->in.vwv, 19);
io->ntcreatex.in.file_attr = IVAL(req->in.vwv, 27);
io->ntcreatex.in.share_access = IVAL(req->in.vwv, 31);
io->ntcreatex.in.open_disposition = IVAL(req->in.vwv, 35);
io->ntcreatex.in.create_options = IVAL(req->in.vwv, 39);
io->ntcreatex.in.impersonation = IVAL(req->in.vwv, 43);
io->ntcreatex.in.security_flags = CVAL(req->in.vwv, 47);
io->ntcreatex.in.ea_list = NULL;
io->ntcreatex.in.sec_desc = NULL;
/* we need a neater way to handle this alignment */
if ((req->flags2 & FLAGS2_UNICODE_STRINGS) &&
ucs2_align(req->in.buffer, req->in.data, STR_TERMINATE|STR_UNICODE)) {
fname_len++;
}
req_pull_string(req, &io->ntcreatex.in.fname, req->in.data, fname_len, STR_TERMINATE);
if (!io->ntcreatex.in.fname) {
req_reply_error(req, NT_STATUS_FOOBAR);
return;
}
req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
req->async_states->send_fn = reply_ntcreate_and_X_send;
req->async_states->private_data = io;
/* call the backend */
req->async_states->status = ntvfs_openfile(req, io);
REQ_ASYNC_TAIL;
}
/****************************************************************************
Reply to an SMBntcancel request
****************************************************************************/
void reply_ntcancel(struct smbsrv_request *req)
{
/* NOTE: this request does not generate a reply */
req_signing_no_reply(req);
ntvfs_cancel(req);
req_destroy(req);
}
/****************************************************************************
Reply to an SMBsends request
****************************************************************************/
void reply_sends(struct smbsrv_request *req)
{
req_reply_error(req, NT_STATUS_FOOBAR);
}
/****************************************************************************
Reply to an SMBsendstrt request
****************************************************************************/
void reply_sendstrt(struct smbsrv_request *req)
{
req_reply_error(req, NT_STATUS_FOOBAR);
}
/****************************************************************************
Reply to an SMBsendend request
****************************************************************************/
void reply_sendend(struct smbsrv_request *req)
{
req_reply_error(req, NT_STATUS_FOOBAR);
}
/****************************************************************************
Reply to an SMBsendtxt request
****************************************************************************/
void reply_sendtxt(struct smbsrv_request *req)
{
req_reply_error(req, NT_STATUS_FOOBAR);
}
/*
parse the called/calling names from session request
*/
static NTSTATUS parse_session_request(struct smbsrv_request *req)
{
DATA_BLOB blob;
NTSTATUS status;
blob.data = req->in.buffer + 4;
blob.length = ascii_len_n(blob.data, req->in.size - PTR_DIFF(blob.data, req->in.buffer));
if (blob.length == 0) return NT_STATUS_BAD_NETWORK_NAME;
req->smb_conn->negotiate.called_name = talloc(req->smb_conn, struct nbt_name);
req->smb_conn->negotiate.calling_name = talloc(req->smb_conn, struct nbt_name);
if (req->smb_conn->negotiate.called_name == NULL ||
req->smb_conn->negotiate.calling_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = nbt_name_from_blob(req, &blob, req->smb_conn->negotiate.called_name);
NT_STATUS_NOT_OK_RETURN(status);
blob.data += blob.length;
blob.length = ascii_len_n(blob.data, req->in.size - PTR_DIFF(blob.data, req->in.buffer));
if (blob.length == 0) return NT_STATUS_BAD_NETWORK_NAME;
status = nbt_name_from_blob(req, &blob, req->smb_conn->negotiate.calling_name);
NT_STATUS_NOT_OK_RETURN(status);
req->smb_conn->negotiate.done_nbt_session = True;
return NT_STATUS_OK;
}
/****************************************************************************
Reply to a special message - a SMB packet with non zero NBT message type
****************************************************************************/
void reply_special(struct smbsrv_request *req)
{
uint8_t msg_type;
uint8_t *buf = talloc_zero_array(req, uint8_t, 4);
msg_type = CVAL(req->in.buffer,0);
SIVAL(buf, 0, 0);
switch (msg_type) {
case 0x81: /* session request */
if (req->smb_conn->negotiate.done_nbt_session) {
DEBUG(0,("Warning: ignoring secondary session request\n"));
return;
}
SCVAL(buf,0,0x82);
SCVAL(buf,3,0);
/* we don't check the status - samba always accepts session
requests for any name */
parse_session_request(req);
req->out.buffer = buf;
req->out.size = 4;
req_send_reply_nosign(req);
return;
case 0x89: /* session keepalive request
(some old clients produce this?) */
SCVAL(buf, 0, SMBkeepalive);
SCVAL(buf, 3, 0);
req->out.buffer = buf;
req->out.size = 4;
req_send_reply_nosign(req);
return;
case SMBkeepalive:
/* session keepalive - swallow it */
req_destroy(req);
return;
}
DEBUG(0,("Unexpected NBT session packet (%d)\n", msg_type));
req_destroy(req);
}
View Git Blame Copy Permalink