static void reply_corep(struct smb_request *req, uint16 choice)
{
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf, smb_vwv0, choice);
set_Protocol(PROTOCOL_CORE);
}
static void reply_lockingX_success(struct blocking_lock_record *blr)
{
struct smb_request *req = blr->req;
reply_outbuf(req, 2, 0);
SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
/*
* As this message is a lockingX call we must handle
* any following chained message correctly.
* This is normally handled in construct_reply(),
* but as that calls switch_message, we can't use
* that here and must set up the chain info manually.
*/
if (!srv_send_smb(req->sconn,
(char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
&req->pcd)) {
exit_server_cleanly("construct_reply: srv_send_smb failed.");
}
TALLOC_FREE(req->outbuf);
}
static void reply_lockingX_success(struct blocking_lock_record *blr)
{
reply_outbuf(blr->req, 2, 0);
/*
* As this message is a lockingX call we must handle
* any following chained message correctly.
* This is normally handled in construct_reply(),
* but as that calls switch_message, we can't use
* that here and must set up the chain info manually.
*/
chain_reply(blr->req);
TALLOC_FREE(blr->req->outbuf);
}
static void reply_coreplus(struct smb_request *req, uint16 choice)
{
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
reply_outbuf(req, 13, 0);
SSVAL(req->outbuf,smb_vwv0,choice);
SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support
readbraw and writebraw (possibly) */
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
SSVAL(req->outbuf,smb_vwv1,0x1); /* user level security, don't
* encrypt */
set_Protocol(PROTOCOL_COREPLUS);
}
static void reply_lanman1(struct smb_request *req, uint16 choice)
{
int secword=0;
time_t t = time(NULL);
struct smbd_server_connection *sconn = req->sconn;
uint16_t raw;
if (lp_async_smb_echo_handler()) {
raw = 0;
} else {
raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0);
}
sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
SSVAL(req->outbuf,smb_vwv0,choice);
SSVAL(req->outbuf,smb_vwv1,secword);
/* Create a token value and add it to the outgoing packet. */
if (sconn->smb1.negprot.encrypted_passwords) {
get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
SSVAL(req->outbuf,smb_vwv11, 8);
}
smbXsrv_connection_init_tables(req->sconn->conn, PROTOCOL_LANMAN1);
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
SSVAL(req->outbuf,smb_vwv2, sconn->smb1.negprot.max_recv);
SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */
SSVAL(req->outbuf,smb_vwv4, 1);
SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support
readbraw writebraw (possibly) */
SIVAL(req->outbuf,smb_vwv6, getpid());
SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
return;
}
void reply_pipe_read_and_X(struct smb_request *req)
{
smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2));
int smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
int smb_mincnt = SVAL(req->inbuf,smb_vwv6);
int nread = -1;
char *data;
bool unused;
/* we don't use the offset given to use for pipe reads. This
is deliberate, instead we always return the next lump of
data on the pipe */
#if 0
uint32 smb_offs = IVAL(req->inbuf,smb_vwv3);
#endif
if (!p) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
reply_outbuf(req, 12, smb_maxcnt);
data = smb_buf(req->outbuf);
nread = read_from_pipe(p, data, smb_maxcnt, &unused);
if (nread < 0) {
reply_doserror(req, ERRDOS, ERRnoaccess);
return;
}
srv_set_message((char *)req->outbuf, 12, nread, False);
SSVAL(req->outbuf,smb_vwv5,nread);
SSVAL(req->outbuf,smb_vwv6,smb_offset(data,req->outbuf));
SSVAL(smb_buf(req->outbuf),-2,nread);
DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n",
p->pnum, smb_mincnt, smb_maxcnt, nread));
chain_reply(req);
}
void reply_pipe_close(connection_struct *conn, struct smb_request *req)
{
smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv0));
if (!p) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum));
if (!close_rpc_pipe_hnd(p)) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
/* TODO: REMOVE PIPE FROM DB */
reply_outbuf(req, 0, 0);
return;
}
static void reply_lanman2(struct smb_request *req, uint16 choice)
{
int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
int secword=0;
time_t t = time(NULL);
struct smbd_server_connection *sconn = req->sconn;
sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
if (lp_security()>=SEC_USER) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
}
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
SSVAL(req->outbuf,smb_vwv0,choice);
SSVAL(req->outbuf,smb_vwv1,secword);
SIVAL(req->outbuf,smb_vwv6,sys_getpid());
/* Create a token value and add it to the outgoing packet. */
if (sconn->smb1.negprot.encrypted_passwords) {
get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
SSVAL(req->outbuf,smb_vwv11, 8);
}
set_Protocol(PROTOCOL_LANMAN2);
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
SSVAL(req->outbuf,smb_vwv2,sconn->smb1.negprot.max_recv);
SSVAL(req->outbuf,smb_vwv3,lp_maxmux());
SSVAL(req->outbuf,smb_vwv4,1);
SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
}
void reply_pipe_write(struct smb_request *req)
{
smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv0));
size_t numtowrite = SVAL(req->inbuf,smb_vwv1);
int nwritten;
char *data;
if (!p) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
if (p->vuid != req->vuid) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
data = smb_buf(req->inbuf) + 3;
if (numtowrite == 0) {
nwritten = 0;
} else {
nwritten = write_to_pipe(p, data, numtowrite);
}
if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) {
reply_unixerror(req, ERRDOS, ERRnoaccess);
return;
}
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf,smb_vwv0,nwritten);
DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten));
return;
}
void send_trans_reply(connection_struct *conn,
struct smb_request *req,
char *rparam, int rparam_len,
char *rdata, int rdata_len,
bool buffer_too_large)
{
int this_ldata,this_lparam;
int tot_data_sent = 0;
int tot_param_sent = 0;
int align;
int ldata = rdata ? rdata_len : 0;
int lparam = rparam ? rparam_len : 0;
struct smbd_server_connection *sconn = req->sconn;
int max_send = sconn->smb1.sessions.max_send;
if (buffer_too_large)
DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata ));
this_lparam = MIN(lparam,max_send - 500); /* hack */
this_ldata = MIN(ldata,max_send - (500+this_lparam));
align = ((this_lparam)%4);
reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
/*
* We might have SMBtranss in req which was transferred to the outbuf,
* fix that.
*/
SCVAL(req->outbuf, smb_com, SMBtrans);
copy_trans_params_and_data((char *)req->outbuf, align,
rparam, tot_param_sent, this_lparam,
rdata, tot_data_sent, this_ldata);
SSVAL(req->outbuf,smb_vwv0,lparam);
SSVAL(req->outbuf,smb_vwv1,ldata);
SSVAL(req->outbuf,smb_vwv3,this_lparam);
SSVAL(req->outbuf,smb_vwv4,
smb_offset(smb_buf(req->outbuf)+1, req->outbuf));
SSVAL(req->outbuf,smb_vwv5,0);
SSVAL(req->outbuf,smb_vwv6,this_ldata);
SSVAL(req->outbuf,smb_vwv7,
smb_offset(smb_buf(req->outbuf)+1+this_lparam+align,
req->outbuf));
SSVAL(req->outbuf,smb_vwv8,0);
SSVAL(req->outbuf,smb_vwv9,0);
if (buffer_too_large) {
error_packet_set((char *)req->outbuf, ERRDOS, ERRmoredata,
STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__);
}
show_msg((char *)req->outbuf);
if (!srv_send_smb(sconn, (char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn), &req->pcd)) {
exit_server_cleanly("send_trans_reply: srv_send_smb failed.");
}
TALLOC_FREE(req->outbuf);
tot_data_sent = this_ldata;
tot_param_sent = this_lparam;
while (tot_data_sent < ldata || tot_param_sent < lparam)
{
this_lparam = MIN(lparam-tot_param_sent,
max_send - 500); /* hack */
this_ldata = MIN(ldata -tot_data_sent,
max_send - (500+this_lparam));
if(this_lparam < 0)
this_lparam = 0;
if(this_ldata < 0)
this_ldata = 0;
align = (this_lparam%4);
reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
/*
* We might have SMBtranss in req which was transferred to the
* outbuf, fix that.
*/
SCVAL(req->outbuf, smb_com, SMBtrans);
copy_trans_params_and_data((char *)req->outbuf, align,
rparam, tot_param_sent, this_lparam,
rdata, tot_data_sent, this_ldata);
SSVAL(req->outbuf,smb_vwv0,lparam);
SSVAL(req->outbuf,smb_vwv1,ldata);
SSVAL(req->outbuf,smb_vwv3,this_lparam);
SSVAL(req->outbuf,smb_vwv4,
smb_offset(smb_buf(req->outbuf)+1,req->outbuf));
SSVAL(req->outbuf,smb_vwv5,tot_param_sent);
SSVAL(req->outbuf,smb_vwv6,this_ldata);
SSVAL(req->outbuf,smb_vwv7,
smb_offset(smb_buf(req->outbuf)+1+this_lparam+align,
req->outbuf));
SSVAL(req->outbuf,smb_vwv8,tot_data_sent);
SSVAL(req->outbuf,smb_vwv9,0);
if (buffer_too_large) {
error_packet_set((char *)req->outbuf,
ERRDOS, ERRmoredata,
STATUS_BUFFER_OVERFLOW,
__LINE__, __FILE__);
}
show_msg((char *)req->outbuf);
if (!srv_send_smb(sconn, (char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn), &req->pcd))
exit_server_cleanly("send_trans_reply: srv_send_smb "
"failed.");
tot_data_sent += this_ldata;
tot_param_sent += this_lparam;
TALLOC_FREE(req->outbuf);
}
}
void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
{
const char *fname = NULL;
char *pipe_name = NULL;
files_struct *fsp;
TALLOC_CTX *ctx = talloc_tos();
NTSTATUS status;
/* XXXX we need to handle passed times, sattr and flags */
srvstr_pull_req_talloc(ctx, req, &pipe_name, req->buf, STR_TERMINATE);
if (!pipe_name) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
ERRDOS, ERRbadpipe);
return;
}
/* If the name doesn't start \PIPE\ then this is directed */
/* at a mailslot or something we really, really don't understand, */
/* not just something we really don't understand. */
if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) {
reply_doserror(req, ERRSRV, ERRaccess);
return;
}
DEBUG(4,("Opening pipe %s.\n", pipe_name));
/* Strip \PIPE\ off the name. */
fname = pipe_name + PIPELEN;
#if 0
/*
* Hack for NT printers... JRA.
*/
if(should_fail_next_srvsvc_open(fname)) {
reply_doserror(req, ERRSRV, ERRaccess);
return;
}
#endif
status = open_np_file(req, fname, &fsp);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
ERRDOS, ERRbadpipe);
return;
}
reply_nterror(req, status);
return;
}
/* Prepare the reply */
reply_outbuf(req, 15, 0);
/* Mark the opened file as an existing named pipe in message mode. */
SSVAL(req->outbuf,smb_vwv9,2);
SSVAL(req->outbuf,smb_vwv10,0xc700);
SSVAL(req->outbuf, smb_vwv2, fsp->fnum);
SSVAL(req->outbuf, smb_vwv3, 0); /* fmode */
srv_put_dos_date3((char *)req->outbuf, smb_vwv4, 0); /* mtime */
SIVAL(req->outbuf, smb_vwv6, 0); /* size */
SSVAL(req->outbuf, smb_vwv8, 0); /* rmode */
SSVAL(req->outbuf, smb_vwv11, 0x0001);
chain_reply(req);
return;
}
void reply_negprot(struct smb_request *req)
{
int choice= -1;
int chosen_level = -1;
int protocol;
const char *p;
int arch = ARCH_ALL;
int num_cliprotos;
char **cliprotos;
int i;
size_t converted_size;
struct smbd_server_connection *sconn = req->sconn;
START_PROFILE(SMBnegprot);
if (sconn->smb1.negprot.done) {
END_PROFILE(SMBnegprot);
exit_server_cleanly("multiple negprot's are not permitted");
}
sconn->smb1.negprot.done = true;
if (req->buflen == 0) {
DEBUG(0, ("negprot got no protocols\n"));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnegprot);
return;
}
if (req->buf[req->buflen-1] != '\0') {
DEBUG(0, ("negprot protocols not 0-terminated\n"));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnegprot);
return;
}
p = (const char *)req->buf + 1;
num_cliprotos = 0;
cliprotos = NULL;
while (smbreq_bufrem(req, p) > 0) {
char **tmp;
tmp = talloc_realloc(talloc_tos(), cliprotos, char *,
num_cliprotos+1);
if (tmp == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(cliprotos);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnegprot);
return;
}
cliprotos = tmp;
if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
&converted_size)) {
DEBUG(0, ("pull_ascii_talloc failed\n"));
TALLOC_FREE(cliprotos);
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnegprot);
return;
}
DEBUG(3, ("Requested protocol [%s]\n",
cliprotos[num_cliprotos]));
num_cliprotos += 1;
p += strlen(p) + 2;
}
for (i=0; i<num_cliprotos; i++) {
if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a"))
arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT
| ARCH_WIN2K );
else if (strcsequal(cliprotos[i], "DOS LM1.2X002"))
arch &= ( ARCH_WFWG | ARCH_WIN95 );
else if (strcsequal(cliprotos[i], "DOS LANMAN2.1"))
arch &= ( ARCH_WFWG | ARCH_WIN95 );
else if (strcsequal(cliprotos[i], "NT LM 0.12"))
arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K
| ARCH_CIFSFS);
else if (strcsequal(cliprotos[i], "SMB 2.001"))
arch = ARCH_VISTA;
else if (strcsequal(cliprotos[i], "LANMAN2.1"))
arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
else if (strcsequal(cliprotos[i], "LM1.2X002"))
arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03"))
arch &= ARCH_WINNT;
else if (strcsequal(cliprotos[i], "XENIX CORE"))
arch &= ( ARCH_WINNT | ARCH_OS2 );
else if (strcsequal(cliprotos[i], "Samba")) {
arch = ARCH_SAMBA;
break;
} else if (strcsequal(cliprotos[i], "POSIX 2")) {
arch = ARCH_CIFSFS;
break;
}
}
/* CIFSFS can send one arch only, NT LM 0.12. */
if (i == 1 && (arch & ARCH_CIFSFS)) {
arch = ARCH_CIFSFS;
}
switch ( arch ) {
case ARCH_CIFSFS:
set_remote_arch(RA_CIFSFS);
break;
case ARCH_SAMBA:
set_remote_arch(RA_SAMBA);
break;
case ARCH_WFWG:
set_remote_arch(RA_WFWG);
break;
case ARCH_WIN95:
set_remote_arch(RA_WIN95);
break;
case ARCH_WINNT:
if(req->flags2 == FLAGS2_WIN2K_SIGNATURE)
set_remote_arch(RA_WIN2K);
else
set_remote_arch(RA_WINNT);
break;
case ARCH_WIN2K:
/* Vista may have been set in the negprot so don't
override it here */
if ( get_remote_arch() != RA_VISTA )
set_remote_arch(RA_WIN2K);
break;
case ARCH_VISTA:
set_remote_arch(RA_VISTA);
break;
case ARCH_OS2:
set_remote_arch(RA_OS2);
break;
default:
set_remote_arch(RA_UNKNOWN);
break;
}
/* possibly reload - change of architecture */
reload_services(sconn, conn_snum_used, true);
/* moved from the netbios session setup code since we don't have that
when the client connects to port 445. Of course there is a small
window where we are listening to messages -- jerry */
serverid_register(messaging_server_id(sconn->msg_ctx),
FLAG_MSG_GENERAL|FLAG_MSG_SMBD
|FLAG_MSG_PRINT_GENERAL);
/* Check for protocols, most desirable first */
for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
i = 0;
if ((supported_protocols[protocol].protocol_level <= lp_server_max_protocol()) &&
(supported_protocols[protocol].protocol_level >= lp_server_min_protocol()))
while (i < num_cliprotos) {
if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) {
choice = i;
chosen_level = supported_protocols[protocol].protocol_level;
}
i++;
}
if(choice != -1)
break;
}
if(choice != -1) {
fstrcpy(remote_proto,supported_protocols[protocol].short_name);
reload_services(sconn, conn_snum_used, true);
supported_protocols[protocol].proto_reply_fn(req, choice);
DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
} else {
DEBUG(0,("No protocol supported !\n"));
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf, smb_vwv0, choice);
}
DEBUG( 5, ( "negprot index=%d\n", choice ) );
if ((lp_server_signing() == SMB_SIGNING_REQUIRED)
&& (chosen_level < PROTOCOL_NT1)) {
exit_server_cleanly("SMB signing is required and "
"client negotiated a downlevel protocol");
}
TALLOC_FREE(cliprotos);
if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) &&
!fork_echo_handler(sconn)) {
exit_server("Failed to fork echo handler");
}
END_PROFILE(SMBnegprot);
return;
}
static void reply_nt1(struct smb_request *req, uint16 choice)
{
/* dual names + lock_and_read + nt SMBs + remote API calls */
int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
CAP_LEVEL_II_OPLOCKS;
int secword=0;
bool negotiate_spnego = False;
struct timespec ts;
ssize_t ret;
struct smbd_server_connection *sconn = req->sconn;
bool signing_enabled = false;
bool signing_required = false;
sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
/* Check the flags field to see if this is Vista.
WinXP sets it and Vista does not. But we have to
distinguish from NT which doesn't set it either. */
if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) )
{
if (get_remote_arch() != RA_SAMBA) {
set_remote_arch( RA_VISTA );
}
}
reply_outbuf(req,17,0);
/* do spnego in user level security if the client
supports it and we can do encrypted passwords */
if (sconn->smb1.negprot.encrypted_passwords &&
lp_use_spnego() &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
negotiate_spnego = True;
capabilities |= CAP_EXTENDED_SECURITY;
add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
/* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
(already partially constructed. */
SSVAL(req->outbuf, smb_flg2,
req->flags2 | FLAGS2_EXTENDED_SECURITY);
}
capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
if (lp_unicode()) {
capabilities |= CAP_UNICODE;
}
if (lp_unix_extensions()) {
capabilities |= CAP_UNIX;
}
if (lp_large_readwrite())
capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
capabilities |= CAP_LARGE_FILES;
if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw())
capabilities |= CAP_RAW_MODE;
if (lp_nt_status_support())
capabilities |= CAP_STATUS32;
if (lp_host_msdfs())
capabilities |= CAP_DFS;
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (sconn->smb1.negprot.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
signing_enabled = smb_signing_is_allowed(req->sconn->smb1.signing_state);
signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state);
if (signing_enabled) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
/* No raw mode with smb signing. */
capabilities &= ~CAP_RAW_MODE;
if (signing_required) {
secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
}
}
SSVAL(req->outbuf,smb_vwv0,choice);
SCVAL(req->outbuf,smb_vwv1,secword);
smbXsrv_connection_init_tables(req->sconn->conn, PROTOCOL_NT1);
SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
SIVAL(req->outbuf,smb_vwv3+1,
sconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */
SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */
SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */
clock_gettime(CLOCK_REALTIME,&ts);
put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
if (!negotiate_spnego) {
/* Create a token value and add it to the outgoing packet. */
if (sconn->smb1.negprot.encrypted_passwords) {
uint8 chal[8];
/* note that we do not send a challenge at all if
we are using plaintext */
get_challenge(sconn, chal);
ret = message_push_blob(
&req->outbuf, data_blob_const(chal, sizeof(chal)));
if (ret == -1) {
DEBUG(0, ("Could not push challenge\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
SCVAL(req->outbuf, smb_vwv16+1, ret);
}
ret = message_push_string(&req->outbuf, lp_workgroup(),
STR_UNICODE|STR_TERMINATE
|STR_NOALIGN);
if (ret == -1) {
DEBUG(0, ("Could not push workgroup string\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
ret = message_push_string(&req->outbuf, lp_netbios_name(),
STR_UNICODE|STR_TERMINATE
|STR_NOALIGN);
if (ret == -1) {
DEBUG(0, ("Could not push netbios name string\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
DEBUG(3,("not using SPNEGO\n"));
} else {
DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn);
if (spnego_blob.data == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
ret = message_push_blob(&req->outbuf, spnego_blob);
if (ret == -1) {
DEBUG(0, ("Could not push spnego blob\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
data_blob_free(&spnego_blob);
SCVAL(req->outbuf,smb_vwv16+1, 0);
DEBUG(3,("using SPNEGO\n"));
}
return;
}
void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
{
const char *fname = NULL;
char *pipe_name = NULL;
smb_np_struct *p;
int size=0,fmode=0,mtime=0,rmode=0;
int i;
TALLOC_CTX *ctx = talloc_tos();
/* XXXX we need to handle passed times, sattr and flags */
srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &pipe_name,
smb_buf(req->inbuf), STR_TERMINATE);
if (!pipe_name) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
ERRDOS, ERRbadpipe);
return;
}
/* If the name doesn't start \PIPE\ then this is directed */
/* at a mailslot or something we really, really don't understand, */
/* not just something we really don't understand. */
if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) {
reply_doserror(req, ERRSRV, ERRaccess);
return;
}
DEBUG(4,("Opening pipe %s.\n", pipe_name));
/* See if it is one we want to handle. */
for( i = 0; pipe_names[i].client_pipe ; i++ ) {
if( strequal(pipe_name,pipe_names[i].client_pipe)) {
break;
}
}
if (pipe_names[i].client_pipe == NULL) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
ERRDOS, ERRbadpipe);
return;
}
/* Strip \PIPE\ off the name. */
fname = pipe_name + PIPELEN;
#if 0
/*
* Hack for NT printers... JRA.
*/
if(should_fail_next_srvsvc_open(fname)) {
reply_doserror(req, ERRSRV, ERRaccess);
return;
}
#endif
/* Known pipes arrive with DIR attribs. Remove it so a regular file */
/* can be opened and add it in after the open. */
DEBUG(3,("Known pipe %s opening.\n",fname));
p = open_rpc_pipe_p(fname, conn, req->vuid);
if (!p) {
reply_doserror(req, ERRSRV, ERRnofids);
return;
}
/* Prepare the reply */
reply_outbuf(req, 15, 0);
/* Mark the opened file as an existing named pipe in message mode. */
SSVAL(req->outbuf,smb_vwv9,2);
SSVAL(req->outbuf,smb_vwv10,0xc700);
if (rmode == 2) {
DEBUG(4,("Resetting open result to open from create.\n"));
rmode = 1;
}
SSVAL(req->outbuf,smb_vwv2, p->pnum);
SSVAL(req->outbuf,smb_vwv3,fmode);
srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
SIVAL(req->outbuf,smb_vwv6,size);
SSVAL(req->outbuf,smb_vwv8,rmode);
SSVAL(req->outbuf,smb_vwv11,0x0001);
chain_reply(req);
return;
}
void reply_pipe_write_and_X(struct smb_request *req)
{
smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2));
size_t numtowrite = SVAL(req->inbuf,smb_vwv10);
int nwritten = -1;
int smb_doff = SVAL(req->inbuf, smb_vwv11);
bool pipe_start_message_raw =
((SVAL(req->inbuf, smb_vwv7)
& (PIPE_START_MESSAGE|PIPE_RAW_MODE))
== (PIPE_START_MESSAGE|PIPE_RAW_MODE));
char *data;
if (!p) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
if (p->vuid != req->vuid) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
data = smb_base(req->inbuf) + smb_doff;
if (numtowrite == 0) {
nwritten = 0;
} else {
if(pipe_start_message_raw) {
/*
* For the start of a message in named pipe byte mode,
* the first two bytes are a length-of-pdu field. Ignore
* them (we don't trust the client). JRA.
*/
if(numtowrite < 2) {
DEBUG(0,("reply_pipe_write_and_X: start of "
"message set and not enough data "
"sent.(%u)\n",
(unsigned int)numtowrite ));
reply_unixerror(req, ERRDOS, ERRnoaccess);
return;
}
data += 2;
numtowrite -= 2;
}
nwritten = write_to_pipe(p, data, numtowrite);
}
if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) {
reply_unixerror(req, ERRDOS,ERRnoaccess);
return;
}
reply_outbuf(req, 6, 0);
nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten);
SSVAL(req->outbuf,smb_vwv2,nwritten);
DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten));
chain_reply(req);
}
