/*
* reply to a SMB negprot request with dialect "SMB 2.002"
*/
void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req)
{
struct smb2srv_request *req;
uint32_t body_fixed_size = 0x26;
req = talloc_zero(smb_req->smb_conn, struct smb2srv_request);
if (!req) goto nomem;
req->smb_conn = smb_req->smb_conn;
req->request_time = smb_req->request_time;
talloc_steal(req, smb_req);
req->in.size = NBT_HDR_SIZE+SMB2_HDR_BODY+body_fixed_size;
req->in.allocated = req->in.size;
req->in.buffer = talloc_array(req, uint8_t, req->in.allocated);
if (!req->in.buffer) goto nomem;
req->in.hdr = req->in.buffer + NBT_HDR_SIZE;
req->in.body = req->in.hdr + SMB2_HDR_BODY;
req->in.body_size = body_fixed_size;
req->in.dynamic = NULL;
smb2srv_setup_bufinfo(req);
SIVAL(req->in.hdr, 0, SMB2_MAGIC);
SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
SSVAL(req->in.hdr, SMB2_HDR_EPOCH, 0);
SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0);
SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT);
SSVAL(req->in.hdr, SMB2_HDR_CREDIT, 0);
SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0);
SIVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND, 0);
SBVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID, 0);
SIVAL(req->in.hdr, SMB2_HDR_PID, 0);
SIVAL(req->in.hdr, SMB2_HDR_TID, 0);
SBVAL(req->in.hdr, SMB2_HDR_SESSION_ID, 0);
memset(req->in.hdr+SMB2_HDR_SIGNATURE, 0, 16);
/* this seems to be a bug, they use 0x24 but the length is 0x26 */
SSVAL(req->in.body, 0x00, 0x24);
SSVAL(req->in.body, 0x02, 1);
memset(req->in.body+0x04, 0, 32);
SSVAL(req->in.body, 0x24, SMB2_DIALECT_REVISION_202);
smb2srv_negprot_recv(req);
return;
nomem:
smbsrv_terminate_connection(smb_req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY));
talloc_free(req);
return;
}
NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
{
struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
struct smb2srv_request *req;
struct timeval cur_time = timeval_current();
uint32_t protocol_version;
uint16_t buffer_code;
uint32_t dynamic_size;
uint32_t flags;
smb_conn->statistics.last_request_time = cur_time;
/* see if its a special NBT packet */
if (CVAL(blob.data,0) != 0) {
DEBUG(2,("Special NBT packet on SMB2 connection"));
smbsrv_terminate_connection(smb_conn, "Special NBT packet on SMB2 connection");
return NT_STATUS_OK;
}
if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE_NO_BODY)) {
DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob.length));
smbsrv_terminate_connection(smb_conn, "Invalid SMB2 packet");
return NT_STATUS_OK;
}
protocol_version = IVAL(blob.data, NBT_HDR_SIZE);
if (protocol_version != SMB2_MAGIC) {
DEBUG(2,("Invalid SMB packet: protocol prefix: 0x%08X\n",
protocol_version));
smbsrv_terminate_connection(smb_conn, "NON-SMB2 packet");
return NT_STATUS_OK;
}
req = smb2srv_init_request(smb_conn);
NT_STATUS_HAVE_NO_MEMORY(req);
req->in.buffer = talloc_steal(req, blob.data);
req->in.size = blob.length;
req->request_time = cur_time;
req->in.allocated = req->in.size;
req->in.hdr = req->in.buffer+ NBT_HDR_SIZE;
req->in.body = req->in.hdr + SMB2_HDR_BODY;
req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
req->in.dynamic = NULL;
req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
if (req->in.body_size < 2) {
/* error handling for this is different for negprot to
other packet types */
uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
if (opcode == SMB2_OP_NEGPROT) {
smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");
return NT_STATUS_OK;
} else {
smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
return NT_STATUS_OK;
}
}
buffer_code = SVAL(req->in.body, 0);
req->in.body_fixed = (buffer_code & ~1);
dynamic_size = req->in.body_size - req->in.body_fixed;
if (dynamic_size != 0 && (buffer_code & 1)) {
req->in.dynamic = req->in.body + req->in.body_fixed;
if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n",
dynamic_size));
smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
return NT_STATUS_OK;
}
}
smb2srv_setup_bufinfo(req);
/*
* TODO: - make sure the length field is 64
* - make sure it's a request
*/
flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
/* the first request should never have the related flag set */
if (flags & SMB2_HDR_FLAG_CHAINED) {
req->chain_status = NT_STATUS_INVALID_PARAMETER;
}
return smb2srv_reply(req);
}
static void smb2srv_chain_reply(struct smb2srv_request *p_req)
{
NTSTATUS status;
struct smb2srv_request *req;
uint32_t chain_offset;
uint32_t protocol_version;
uint16_t buffer_code;
uint32_t dynamic_size;
uint32_t flags;
uint32_t last_hdr_offset;
last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
chain_offset = p_req->chain_offset;
p_req->chain_offset = 0;
if (p_req->in.size < (last_hdr_offset + chain_offset + SMB2_MIN_SIZE_NO_BODY)) {
DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X from last hdr 0x%X\n",
chain_offset, last_hdr_offset));
smbsrv_terminate_connection(p_req->smb_conn, "Invalid SMB2 chained packet");
return;
}
protocol_version = IVAL(p_req->in.buffer, last_hdr_offset + chain_offset);
if (protocol_version != SMB2_MAGIC) {
DEBUG(2,("Invalid SMB chained packet: protocol prefix: 0x%08X\n",
protocol_version));
smbsrv_terminate_connection(p_req->smb_conn, "NON-SMB2 chained packet");
return;
}
req = smb2srv_init_request(p_req->smb_conn);
if (!req) {
smbsrv_terminate_connection(p_req->smb_conn, "SMB2 chained packet - no memory");
return;
}
req->in.buffer = talloc_steal(req, p_req->in.buffer);
req->in.size = p_req->in.size;
req->request_time = p_req->request_time;
req->in.allocated = req->in.size;
req->in.hdr = req->in.buffer+ last_hdr_offset + chain_offset;
req->in.body = req->in.hdr + SMB2_HDR_BODY;
req->in.body_size = req->in.size - (last_hdr_offset+ chain_offset + SMB2_HDR_BODY);
req->in.dynamic = NULL;
req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
if (req->in.body_size < 2) {
/* error handling for this is different for negprot to
other packet types */
uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
if (opcode == SMB2_OP_NEGPROT) {
smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");
} else {
smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
}
}
buffer_code = SVAL(req->in.body, 0);
req->in.body_fixed = (buffer_code & ~1);
dynamic_size = req->in.body_size - req->in.body_fixed;
if (dynamic_size != 0 && (buffer_code & 1)) {
req->in.dynamic = req->in.body + req->in.body_fixed;
if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
DEBUG(1,("SMB2 chained request invalid dynamic size 0x%x\n",
dynamic_size));
smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
return;
}
}
smb2srv_setup_bufinfo(req);
flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
if (flags & SMB2_HDR_FLAG_CHAINED) {
if (p_req->chained_file_handle) {
memcpy(req->_chained_file_handle,
p_req->_chained_file_handle,
sizeof(req->_chained_file_handle));
req->chained_file_handle = req->_chained_file_handle;
}
req->chained_session_id = p_req->chained_session_id;
req->chained_tree_id = p_req->chained_tree_id;
req->chain_status = p_req->chain_status;
}
/*
* TODO: - make sure the length field is 64
* - make sure it's a request
*/
status = smb2srv_reply(req);
if (!NT_STATUS_IS_OK(status)) {
smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
talloc_free(req);
return;
}
}
