SmbProcessResult
smbresponsesend(SmbSession *s)
{
uchar cmd;
SmbProcessResult pr;
assert(smbbufferoffsetgetb(s->response, 4, &cmd));
smbloglock();
smblogprint(cmd, "sending:\n");
smblogdata(cmd, smblogprint, smbbufferreadpointer(s->response), smbbufferreadspace(s->response), 256);
smblogunlock();
if (s->nbss) {
NbScatterGather a[2];
a[0].p = smbbufferreadpointer(s->response);
a[0].l = smbbufferreadspace(s->response);
a[1].p = nil;
nbssgatherwrite(s->nbss, a);
pr = SmbProcessResultOk;
}
else if (s->cifss) {
ulong l = smbbufferreadspace(s->response);
uchar nl[4];
hnputl(nl, l);
write(s->cifss->fd, nl, 4);
write(s->cifss->fd, smbbufferreadpointer(s->response), l);
pr = SmbProcessResultOk;
}
else
pr = SmbProcessResultDie;
smbbufferreset(s->response);
return pr;
}
int
smblogvprint(int cmd, char *fmt, va_list ap)
{
if (cmd < 0 || smboptable[cmd].debug) {
smbloglock();
smbloglockedvprint(fmt, ap);
smblogunlock();
}
return 0;
}
int
smblogprintif(int v, char *fmt, ...)
{
if (v) {
va_list ap;
va_start(ap, fmt);
smbloglock();
smbloglockedvprint(fmt, ap);
smblogunlock();
va_end(ap);
}
return 0;
}
int
smbsessionwrite(SmbSession *smbs, void *p, int32_t n)
{
SmbHeader h;
SmbOpTableEntry *ote;
uint8_t *pdata;
int rv;
SmbBuffer *b = nil;
uint16_t bytecount;
SmbProcessResult pr;
if (smbs->response == nil)
smbs->response = smbbuffernew(576);
else
smbresponsereset(smbs);
smbs->errclass = SUCCESS;
smbs->error = SUCCESS;
// print("received %ld bytes\n", n);
if (n <= 0)
goto closedown;
b = smbbufferinit(p, p, n);
if (!smbbuffergetheader(b, &h, &pdata, &bytecount)) {
smblogprint(-1, "smb: invalid header\n");
goto closedown;
}
smbloglock();
smblogprint(h.command, "received:\n");
smblogdata(h.command, smblogprint, p, n, 0x1000);
smblogunlock();
ote = smboptable + h.command;
if (ote->name == nil) {
smblogprint(-1, "smb: illegal opcode 0x%.2x\n", h.command);
goto unimp;
}
if (ote->process == nil) {
smblogprint(-1, "smb: opcode %s unimplemented\n", ote->name);
goto unimp;
}
if (smbs->nextcommand != SMB_COM_NO_ANDX_COMMAND
&& smbs->nextcommand != h.command) {
smblogprint(-1, "smb: wrong command - expected %.2x\n", smbs->nextcommand);
goto misc;
}
smbs->nextcommand = SMB_COM_NO_ANDX_COMMAND;
switch (h.command) {
case SMB_COM_NEGOTIATE:
case SMB_COM_SESSION_SETUP_ANDX:
case SMB_COM_TREE_CONNECT_ANDX:
case SMB_COM_ECHO:
break;
default:
if (smbs->state != SmbSessionEstablished) {
smblogprint(-1, "aquarela: command %.2x unexpected\n", h.command);
goto unimp;
}
}
pr = (*ote->process)(smbs, &h, pdata, b);
switch (pr) {
case SmbProcessResultUnimp:
unimp:
smbseterror(smbs, ERRDOS, ERRunsup);
pr = SmbProcessResultError;
break;
case SmbProcessResultFormat:
smbseterror(smbs, ERRSRV, ERRsmbcmd);
pr = SmbProcessResultError;
break;
case SmbProcessResultMisc:
misc:
smbseterror(smbs, ERRSRV, ERRerror);
pr = SmbProcessResultError;
break;
case SmbProcessResultOk:
case SmbProcessResultError:
case SmbProcessResultReply:
case SmbProcessResultDie:
break;
}
if (pr == SmbProcessResultError) {
smblogprint(h.command, "reply: error %d/%d\n", smbs->errclass, smbs->error);
if (!smbresponseputerror(smbs, &h, smbs->errclass, smbs->error))
pr = SmbProcessResultDie;
else
pr = SmbProcessResultReply;
}
else
smblogprint(h.command, "reply: ok\n");
if (pr == SmbProcessResultReply)
rv = smbresponsesend(smbs) == SmbProcessResultOk ? 0 : -1;
else if (pr == SmbProcessResultDie)
rv = -1;
else
rv = 0;
goto done;
closedown:
rv = -1;
done:
if (rv < 0) {
smblogprintif(smbglobals.log.sessions, "shutting down\n");
smbsessionfree(smbs);
}
smbbufferfree(&b);
if (smbglobals.log.poolparanoia)
poolcheck(mainmem);
return rv;
}
SmbProcessResult
smbcomsessionsetupandx(SmbSession *s, SmbHeader *h, uchar *pdata, SmbBuffer *b)
{
uchar andxcommand;
ushort andxoffset;
ulong andxfixupoffset;
ushort vcnumber;
ulong sessionkey;
ushort caseinsensitivepasswordlength;
ushort casesensitivepasswordlength;
ushort bytecountfixup, offset;
uchar *mschapreply;
AuthInfo *ai;
char *sp;
SmbProcessResult pr;
char *accountname = nil;
char *primarydomain = nil;
char *nativeos = nil;
char *nativelanman = nil;
if (!smbcheckwordcount("comsessionsetupandx", h, 13)) {
fmtfail:
pr = SmbProcessResultFormat;
goto done;
}
andxcommand = *pdata++;
switch (andxcommand) {
case SMB_COM_TREE_CONNECT_ANDX:
case SMB_COM_OPEN_ANDX:
case SMB_COM_CREATE_NEW:
case SMB_COM_DELETE:
case SMB_COM_FIND:
case SMB_COM_COPY:
case SMB_COM_NT_RENAME:
case SMB_COM_QUERY_INFORMATION:
case SMB_COM_NO_ANDX_COMMAND:
case SMB_COM_OPEN:
case SMB_COM_CREATE:
case SMB_COM_CREATE_DIRECTORY:
case SMB_COM_DELETE_DIRECTORY:
case SMB_COM_FIND_UNIQUE:
case SMB_COM_RENAME:
case SMB_COM_CHECK_DIRECTORY:
case SMB_COM_SET_INFORMATION:
case SMB_COM_OPEN_PRINT_FILE:
break;
default:
smblogprint(h->command, "smbcomsessionsetupandx: invalid andxcommand %s (0x%.2ux)\n",
smboptable[andxcommand].name, andxcommand);
goto fmtfail;
}
pdata++;
andxoffset = smbnhgets(pdata); pdata += 2;
s->peerinfo.maxlen = smbnhgets(pdata); pdata += 2;
smbresponseinit(s, s->peerinfo.maxlen);
s->client.maxmpxcount = smbnhgets(pdata); pdata += 2;
vcnumber = smbnhgets(pdata); pdata += 2;
sessionkey = smbnhgetl(pdata); pdata += 4;
caseinsensitivepasswordlength = smbnhgets(pdata); pdata += 2;
casesensitivepasswordlength = smbnhgets(pdata); pdata += 2;
pdata += 4;
s->peerinfo.capabilities = smbnhgetl(pdata); /*pdata += 4;*/
smbloglock();
smblogprint(h->command, "andxcommand: %s offset %ud\n", smboptable[andxcommand].name, andxoffset);
smblogprint(h->command, "client.maxbuffersize: %ud\n", s->peerinfo.maxlen);
smblogprint(h->command, "client.maxmpxcount: %ud\n", s->client.maxmpxcount);
smblogprint(h->command, "vcnumber: %ud\n", vcnumber);
smblogprint(h->command, "sessionkey: 0x%.8lux\n", sessionkey);
smblogprint(h->command, "caseinsensitivepasswordlength: %ud\n", caseinsensitivepasswordlength);
smblogprint(h->command, "casesensitivepasswordlength: %ud\n", casesensitivepasswordlength);
smblogprint(h->command, "clientcapabilities: 0x%.8lux\n", s->peerinfo.capabilities);
smblogunlock();
mschapreply = smbbufferreadpointer(b);
if (!smbbuffergetbytes(b, nil, caseinsensitivepasswordlength + casesensitivepasswordlength)) {
smblogprint(h->command, "smbcomsessionsetupandx: not enough bdata for passwords\n");
goto fmtfail;
}
if (!smbbuffergetstring(b, h, 0, &accountname)
|| !smbbuffergetstring(b, h, 0, &primarydomain)
|| !smbbuffergetstring(b, h, 0, &nativeos)
|| !smbbuffergetstring(b, h, 0, &nativelanman)) {
smblogprint(h->command, "smbcomsessionsetupandx: not enough bytes for strings\n");
goto fmtfail;
}
for (sp = accountname; *sp; sp++)
*sp = tolower(*sp);
smblogprint(h->command, "account: %s\n", accountname);
smblogprint(h->command, "primarydomain: %s\n", primarydomain);
smblogprint(h->command, "nativeos: %s\n", nativeos);
smblogprint(h->command, "nativelanman: %s\n", nativelanman);
if (s->client.accountname && accountname[0] && strcmp(s->client.accountname, accountname) != 0) {
smblogprint(h->command, "smbcomsessionsetupandx: more than one user on VC (before %s, now %s)\n",
s->client.accountname, accountname);
smbseterror(s, ERRSRV, ERRtoomanyuids);
errordone:
pr = SmbProcessResultError;
goto done;
}
if (s->client.accountname == nil) {
/* first time */
if (accountname[0] == 0) {
smbseterror(s, ERRSRV, ERRbaduid);
goto errordone;
}
if ((casesensitivepasswordlength != 24 || caseinsensitivepasswordlength != 24)) {
smblogprint(h->command,
"smbcomsessionsetupandx: case sensitive/insensitive password length not 24\n");
smbseterror(s, ERRSRV, ERRbadpw);
goto errordone;
}
memcpy(&s->client.mschapreply, mschapreply, sizeof(s->client.mschapreply));
if(s->cs == nil){
smbseterror(s, ERRSRV, ERRerror);
goto errordone;
}
s->cs->user = accountname;
s->cs->resp = &s->client.mschapreply;
s->cs->nresp = sizeof(MSchapreply);
ai = auth_response(s->cs);
if (ai == nil) {
smblogprint(h->command, "authentication failed\n");
smbseterror(s, ERRSRV, ERRbadpw);
goto errordone;
}
smblogprint(h->command, "authentication succeeded\n");
if (auth_chuid(ai, nil) < 0) {
smblogprint(h->command, "smbcomsessionsetupandx: chuid failed: %r\n");
auth_freeAI(ai);
miscerror:
pr = SmbProcessResultMisc;
goto done;
}
auth_freeAI(ai);
h->uid = 1;
s->client.accountname = accountname;
s->client.primarydomain = primarydomain;
s->client.nativeos = nativeos;
s->client.nativelanman = nativelanman;
accountname = nil;
primarydomain = nil;
nativeos = nil;
nativelanman = nil;
}
else {
if (caseinsensitivepasswordlength == 24 && casesensitivepasswordlength == 24
&& memcmp(&s->client.mschapreply, mschapreply, sizeof(MSchapreply)) != 0) {
smblogprint(h->command, "second time authentication failed\n");
smbseterror(s, ERRSRV, ERRbadpw);
goto errordone;
}
}
/* CIFS says 4 with or without extended security, samba/ms says 3 without */
h->wordcount = 3;
if (!smbresponseputandxheader(s, h, andxcommand, &andxfixupoffset))
goto miscerror;
if (!smbresponseputs(s, 0))
goto miscerror;
bytecountfixup = smbresponseoffset(s);
if (!smbresponseputs(s, 0))
goto miscerror;
if (!smbresponseputstring(s, 1, smbglobals.nativeos)
|| !smbresponseputstring(s, 1, smbglobals.serverinfo.nativelanman)
|| !smbresponseputstring(s, 1, smbglobals.primarydomain))
goto miscerror;
offset = smbresponseoffset(s);
smbresponseoffsetputs(s, bytecountfixup, offset - bytecountfixup - 2);
s->state = SmbSessionEstablished;
if (andxcommand != SMB_COM_NO_ANDX_COMMAND)
pr = smbchaincommand(s, h, andxfixupoffset, andxcommand, andxoffset, b);
else
pr = SmbProcessResultReply;
done:
free(accountname);
free(primarydomain);
free(nativeos);
free(nativelanman);
return pr;
}
SmbProcessResult
smbtrans2findfirst2(SmbSession *s, SmbHeader *h)
{
SmbBuffer *b;
char *pattern = nil;
char *dir = nil;
char *name = nil;
ushort searchattributes, searchcount, flags, informationlevel;
ulong searchstoragetype;
SmbDirCache *dc = nil;
ushort e;
ulong nameoffset;
ushort eos;
SmbSearch *search;
SmbProcessResult pr;
Reprog *r = nil;
SmbTree *t;
int debug;
debug = smboptable[h->command].debug
|| smbtrans2optable[SMB_TRANS2_FIND_FIRST2].debug
|| smbglobals.log.find;
poolcheck(mainmem);
b = smbbufferinit(s->transaction.in.parameters, s->transaction.in.parameters, s->transaction.in.tpcount);
if (!smbbuffergets(b, &searchattributes)
|| !smbbuffergets(b, &searchcount)
|| !smbbuffergets(b, &flags)
|| !smbbuffergets(b, &informationlevel)
|| !smbbuffergetl(b, &searchstoragetype)
|| !smbbuffergetstring(b, h, SMB_STRING_PATH, &pattern)) {
pr = SmbProcessResultFormat;
goto done;
}
smbloglock();
smblogprintif(debug, "searchattributes: 0x%.4ux\n", searchattributes);
smblogprintif(debug, "searchcount: 0x%.4ux\n", searchcount);
smblogprintif(debug, "flags: 0x%.4ux\n", flags);
smblogprintif(debug, "informationlevel: 0x%.4ux\n", informationlevel);
smblogprintif(debug, "searchstoragetype: 0x%.8lux\n", searchstoragetype);
smblogprintif(debug, "pattern: %s\n", pattern);
smblogunlock();
smbpathsplit(pattern, &dir, &name);
if (informationlevel != SMB_INFO_STANDARD && informationlevel != SMB_FIND_FILE_BOTH_DIRECTORY_INFO) {
smblogprint(-1, "smbtrans2findfirst2: infolevel 0x%.4ux not implemented\n", informationlevel);
smbseterror(s, ERRDOS, ERRunknownlevel);
pr = SmbProcessResultError;
goto done;
}
t = smbidmapfind(s->tidmap, h->tid);
if (t == nil) {
smbseterror(s, ERRSRV, ERRinvtid);
pr = SmbProcessResultError;
goto done;
}
dc = smbmkdircache(t, dir);
if (dc == nil) {
smbseterror(s, ERRDOS, ERRnoaccess);
pr = SmbProcessResultError;
goto done;
}
poolcheck(mainmem);
r = smbmkrep(name);
populate(s, dc, r, informationlevel, flags, searchcount, &e, &nameoffset);
poolcheck(mainmem);
eos = dc->i >= dc->n;
if ((flags & SMB_FIND_CLOSE) != 0 || ((flags & SMB_FIND_CLOSE_EOS) != 0 && eos))
smbdircachefree(&dc);
poolcheck(mainmem);
if (dc) {
/* create a search handle */
search = smbsearchnew(s, dc, r, t);
r = nil;
dc = nil;
}
else
search = nil;
smbbufferputs(s->transaction.out.parameters, search ? search->id : 0);
smbbufferputs(s->transaction.out.parameters, e);
smbbufferputs(s->transaction.out.parameters, eos);
smbbufferputs(s->transaction.out.parameters, 0);
smbbufferputs(s->transaction.out.parameters, nameoffset);
pr = SmbProcessResultReply;
done:
smbbufferfree(&b);
free(pattern);
free(dir);
free(name);
smbdircachefree(&dc);
free(r);
return pr;
}
