static void smbd_smb2_request_find_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
int i = req->current_idx;
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint16_t out_output_buffer_offset;
DATA_BLOB out_output_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_find_recv(subreq,
req,
&out_output_buffer);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
out_output_buffer_offset = SMB2_HDR_BODY + 0x08;
outhdr = (uint8_t *)req->out.vector[i].iov_base;
outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
out_output_buffer_offset); /* output buffer offset */
SIVAL(outbody.data, 0x04,
out_output_buffer.length); /* output buffer length */
DEBUG(10,("smbd_smb2_request_find_done: out_output_buffer.length = %u\n",
(unsigned int)out_output_buffer.length ));
outdyn = out_output_buffer;
error = smbd_smb2_request_done(req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_read_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint8_t out_data_offset;
DATA_BLOB out_data_buffer = data_blob_null;
uint32_t out_data_remaining = 0;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_read_recv(subreq,
req,
&out_data_buffer,
&out_data_remaining);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
out_data_offset = SMB2_HDR_BODY + 0x10;
outbody = smbd_smb2_generate_outbody(req, 0x10);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x10 + 1); /* struct size */
SCVAL(outbody.data, 0x02,
out_data_offset); /* data offset */
SCVAL(outbody.data, 0x03, 0); /* reserved */
SIVAL(outbody.data, 0x04,
out_data_buffer.length); /* data length */
SIVAL(outbody.data, 0x08,
out_data_remaining); /* data remaining */
SIVAL(outbody.data, 0x0C, 0); /* reserved */
outdyn = out_data_buffer;
error = smbd_smb2_request_done(req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_oplock_break_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
const uint8_t *inbody;
int i = req->current_idx;
uint64_t in_file_id_persistent;
uint64_t in_file_id_volatile;
uint8_t out_oplock_level = 0;
DATA_BLOB outbody;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_oplock_break_recv(subreq, &out_oplock_level);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
in_file_id_persistent = BVAL(inbody, 0x08);
in_file_id_volatile = BVAL(inbody, 0x10);
outbody = data_blob_talloc(req->out.vector, NULL, 0x18);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x18); /* struct size */
SCVAL(outbody.data, 0x02,
out_oplock_level); /* SMB2 oplock level */
SCVAL(outbody.data, 0x03, 0); /* reserved */
SIVAL(outbody.data, 0x04, 0); /* reserved */
SBVAL(outbody.data, 0x08,
in_file_id_persistent); /* file id (persistent) */
SBVAL(outbody.data, 0x10,
in_file_id_volatile); /* file id (volatile) */
error = smbd_smb2_request_done(req, outbody, NULL);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_notify_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint16_t out_output_buffer_offset;
DATA_BLOB out_output_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_notify_recv(subreq,
req,
&out_output_buffer);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
out_output_buffer_offset = SMB2_HDR_BODY + 0x08;
outbody = smbd_smb2_generate_outbody(req, 0x08);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
out_output_buffer_offset); /* output buffer offset */
SIVAL(outbody.data, 0x04,
out_output_buffer.length); /* output buffer length */
outdyn = out_output_buffer;
error = smbd_smb2_request_done(req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_write_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
int i = req->current_idx;
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint32_t out_count = 0;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_write_recv(subreq, &out_count);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
outhdr = (uint8_t *)req->out.vector[i].iov_base;
outbody = data_blob_talloc(req->out.vector, NULL, 0x10);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x10 + 1); /* struct size */
SSVAL(outbody.data, 0x02, 0); /* reserved */
SIVAL(outbody.data, 0x04, out_count); /* count */
SIVAL(outbody.data, 0x08, 0); /* remaining */
SSVAL(outbody.data, 0x0C, 0); /* write channel info offset */
SSVAL(outbody.data, 0x0E, 0); /* write channel info length */
outdyn = data_blob_const(NULL, 0);
error = smbd_smb2_request_done(req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn, nt_errstr(error));
return;
}
}
static void smbd_smb2_request_flush_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
DATA_BLOB outbody;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_flush_recv(subreq);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
outbody = smbd_smb2_generate_outbody(req, 0x04);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x04); /* struct size */
SSVAL(outbody.data, 0x02, 0); /* reserved */
error = smbd_smb2_request_done(req, outbody, NULL);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_setinfo_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
DATA_BLOB outbody;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_setinfo_recv(subreq);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
outbody = data_blob_talloc(req->out.vector, NULL, 0x02);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x02); /* struct size */
error = smbd_smb2_request_done(req, outbody, NULL);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
{
struct smbXsrv_connection *xconn = req->xconn;
NTSTATUS status;
const uint8_t *inbody;
const uint8_t *indyn = NULL;
DATA_BLOB outbody;
DATA_BLOB outdyn;
DATA_BLOB negprot_spnego_blob;
uint16_t security_offset;
DATA_BLOB security_buffer;
size_t expected_dyn_size = 0;
size_t c;
uint16_t security_mode;
uint16_t dialect_count;
uint16_t in_security_mode;
uint32_t in_capabilities;
DATA_BLOB in_guid_blob;
struct GUID in_guid;
struct smb2_negotiate_contexts in_c = { .num_contexts = 0, };
struct smb2_negotiate_context *in_preauth = NULL;
struct smb2_negotiate_context *in_cipher = NULL;
struct smb2_negotiate_contexts out_c = { .num_contexts = 0, };
DATA_BLOB out_negotiate_context_blob = data_blob_null;
uint32_t out_negotiate_context_offset = 0;
uint16_t out_negotiate_context_count = 0;
uint16_t dialect = 0;
uint32_t capabilities;
DATA_BLOB out_guid_blob;
struct GUID out_guid;
enum protocol_types protocol = PROTOCOL_NONE;
uint32_t max_limit;
uint32_t max_trans = lp_smb2_max_trans();
uint32_t max_read = lp_smb2_max_read();
uint32_t max_write = lp_smb2_max_write();
NTTIME now = timeval_to_nttime(&req->request_time);
bool signing_required = true;
bool ok;
status = smbd_smb2_request_verify_sizes(req, 0x24);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
inbody = SMBD_SMB2_IN_BODY_PTR(req);
dialect_count = SVAL(inbody, 0x02);
in_security_mode = SVAL(inbody, 0x04);
in_capabilities = IVAL(inbody, 0x08);
in_guid_blob = data_blob_const(inbody + 0x0C, 16);
if (dialect_count == 0) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
expected_dyn_size = dialect_count * 2;
if (SMBD_SMB2_IN_DYN_LEN(req) < expected_dyn_size) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
indyn = SMBD_SMB2_IN_DYN_PTR(req);
protocol = smbd_smb2_protocol_dialect_match(indyn,
dialect_count,
&dialect);
for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) {
if (lp_server_max_protocol() < PROTOCOL_SMB2_10) {
break;
}
dialect = SVAL(indyn, c*2);
if (dialect == SMB2_DIALECT_REVISION_2FF) {
if (xconn->smb2.allow_2ff) {
xconn->smb2.allow_2ff = false;
protocol = PROTOCOL_SMB2_10;
break;
}
}
}
if (protocol == PROTOCOL_NONE) {
return smbd_smb2_request_error(req, NT_STATUS_NOT_SUPPORTED);
}
if (protocol >= PROTOCOL_SMB3_10) {
uint32_t in_negotiate_context_offset = 0;
uint16_t in_negotiate_context_count = 0;
DATA_BLOB in_negotiate_context_blob = data_blob_null;
size_t ofs;
in_negotiate_context_offset = IVAL(inbody, 0x1C);
in_negotiate_context_count = SVAL(inbody, 0x20);
ofs = SMB2_HDR_BODY;
ofs += SMBD_SMB2_IN_BODY_LEN(req);
ofs += expected_dyn_size;
if ((ofs % 8) != 0) {
ofs += 8 - (ofs % 8);
}
if (in_negotiate_context_offset != ofs) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
ofs -= SMB2_HDR_BODY;
ofs -= SMBD_SMB2_IN_BODY_LEN(req);
if (SMBD_SMB2_IN_DYN_LEN(req) < ofs) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
in_negotiate_context_blob = data_blob_const(indyn,
SMBD_SMB2_IN_DYN_LEN(req));
in_negotiate_context_blob.data += ofs;
in_negotiate_context_blob.length -= ofs;
status = smb2_negotiate_context_parse(req,
in_negotiate_context_blob, &in_c);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
if (in_negotiate_context_count != in_c.num_contexts) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
}
if ((dialect != SMB2_DIALECT_REVISION_2FF) &&
(protocol >= PROTOCOL_SMB2_10) &&
!GUID_all_zero(&in_guid))
{
ok = remote_arch_cache_update(&in_guid);
if (!ok) {
return smbd_smb2_request_error(
req, NT_STATUS_UNSUCCESSFUL);
}
}
switch (get_remote_arch()) {
case RA_VISTA:
case RA_SAMBA:
case RA_CIFSFS:
case RA_OSX:
break;
default:
set_remote_arch(RA_VISTA);
break;
}
fstr_sprintf(remote_proto, "SMB%X_%02X",
(dialect >> 8) & 0xFF, dialect & 0xFF);
reload_services(req->sconn, conn_snum_used, true);
DEBUG(3,("Selected protocol %s\n", remote_proto));
in_preauth = smb2_negotiate_context_find(&in_c,
SMB2_PREAUTH_INTEGRITY_CAPABILITIES);
if (protocol >= PROTOCOL_SMB3_10 && in_preauth == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
in_cipher = smb2_negotiate_context_find(&in_c,
SMB2_ENCRYPTION_CAPABILITIES);
/* negprot_spnego() returns a the server guid in the first 16 bytes */
negprot_spnego_blob = negprot_spnego(req, xconn);
if (negprot_spnego_blob.data == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
if (negprot_spnego_blob.length < 16) {
return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
}
security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
/*
* We use xconn->smb1.signing_state as that's already present
* and used lpcfg_server_signing_allowed() to get the correct
* defaults, e.g. signing_required for an ad_dc.
*/
signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
if (signing_required) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
capabilities = 0;
if (lp_host_msdfs()) {
capabilities |= SMB2_CAP_DFS;
}
if (protocol >= PROTOCOL_SMB2_10 &&
lp_smb2_leases() &&
lp_oplocks(GLOBAL_SECTION_SNUM) &&
!lp_kernel_oplocks(GLOBAL_SECTION_SNUM))
{
capabilities |= SMB2_CAP_LEASING;
}
if ((protocol >= PROTOCOL_SMB2_24) &&
(lp_smb_encrypt(-1) != SMB_SIGNING_OFF) &&
(in_capabilities & SMB2_CAP_ENCRYPTION)) {
capabilities |= SMB2_CAP_ENCRYPTION;
}
/*
* 0x10000 (65536) is the maximum allowed message size
* for SMB 2.0
*/
max_limit = 0x10000;
if (protocol >= PROTOCOL_SMB2_10) {
int p = 0;
if (tsocket_address_is_inet(req->sconn->local_address, "ip")) {
p = tsocket_address_inet_port(req->sconn->local_address);
}
/* largeMTU is not supported over NBT (tcp port 139) */
if (p != NBT_SMB_PORT) {
capabilities |= SMB2_CAP_LARGE_MTU;
xconn->smb2.credits.multicredit = true;
/*
* We allow up to almost 16MB.
*
* The maximum PDU size is 0xFFFFFF (16776960)
* and we need some space for the header.
*/
max_limit = 0xFFFF00;
}
}
/*
* the defaults are 8MB, but we'll limit this to max_limit based on
* the dialect (64kb for SMB 2.0, 8MB for SMB >= 2.1 with LargeMTU)
*
* user configured values exceeding the limits will be overwritten,
* only smaller values will be accepted
*/
max_trans = MIN(max_limit, lp_smb2_max_trans());
max_read = MIN(max_limit, lp_smb2_max_read());
max_write = MIN(max_limit, lp_smb2_max_write());
if (in_preauth != NULL) {
size_t needed = 4;
uint16_t hash_count;
uint16_t salt_length;
uint16_t selected_preauth = 0;
const uint8_t *p;
uint8_t buf[38];
DATA_BLOB b;
size_t i;
if (in_preauth->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
hash_count = SVAL(in_preauth->data.data, 0);
salt_length = SVAL(in_preauth->data.data, 2);
if (hash_count == 0) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
p = in_preauth->data.data + needed;
needed += hash_count * 2;
needed += salt_length;
if (in_preauth->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
for (i=0; i < hash_count; i++) {
uint16_t v;
v = SVAL(p, 0);
p += 2;
if (v == SMB2_PREAUTH_INTEGRITY_SHA512) {
selected_preauth = v;
break;
}
}
if (selected_preauth == 0) {
return smbd_smb2_request_error(req,
NT_STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP);
}
SSVAL(buf, 0, 1); /* HashAlgorithmCount */
SSVAL(buf, 2, 32); /* SaltLength */
SSVAL(buf, 4, selected_preauth);
generate_random_buffer(buf + 6, 32);
b = data_blob_const(buf, sizeof(buf));
status = smb2_negotiate_context_add(req, &out_c,
SMB2_PREAUTH_INTEGRITY_CAPABILITIES, b);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
req->preauth = &req->xconn->smb2.preauth;
}
if (in_cipher != NULL) {
size_t needed = 2;
uint16_t cipher_count;
const uint8_t *p;
uint8_t buf[4];
DATA_BLOB b;
size_t i;
bool aes_128_ccm_supported = false;
bool aes_128_gcm_supported = false;
capabilities &= ~SMB2_CAP_ENCRYPTION;
if (in_cipher->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
cipher_count = SVAL(in_cipher->data.data, 0);
if (cipher_count == 0) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
p = in_cipher->data.data + needed;
needed += cipher_count * 2;
if (in_cipher->data.length < needed) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
for (i=0; i < cipher_count; i++) {
uint16_t v;
v = SVAL(p, 0);
p += 2;
if (v == SMB2_ENCRYPTION_AES128_GCM) {
aes_128_gcm_supported = true;
}
if (v == SMB2_ENCRYPTION_AES128_CCM) {
aes_128_ccm_supported = true;
}
}
/*
* For now we preferr CCM because our implementation
* is faster than GCM, see bug #11451.
*/
if (aes_128_ccm_supported) {
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
} else if (aes_128_gcm_supported) {
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
}
SSVAL(buf, 0, 1); /* ChiperCount */
SSVAL(buf, 2, xconn->smb2.server.cipher);
b = data_blob_const(buf, sizeof(buf));
status = smb2_negotiate_context_add(req, &out_c,
SMB2_ENCRYPTION_CAPABILITIES, b);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
}
if (capabilities & SMB2_CAP_ENCRYPTION) {
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
}
if (protocol >= PROTOCOL_SMB2_22 &&
xconn->client->server_multi_channel_enabled)
{
if (in_capabilities & SMB2_CAP_MULTI_CHANNEL) {
capabilities |= SMB2_CAP_MULTI_CHANNEL;
}
}
security_offset = SMB2_HDR_BODY + 0x40;
#if 1
/* Try SPNEGO auth... */
security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
negprot_spnego_blob.length - 16);
#else
/* for now we want raw NTLMSSP */
security_buffer = data_blob_const(NULL, 0);
#endif
if (out_c.num_contexts != 0) {
status = smb2_negotiate_context_push(req,
&out_negotiate_context_blob,
out_c);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
}
if (out_negotiate_context_blob.length != 0) {
static const uint8_t zeros[8];
size_t pad = 0;
size_t ofs;
outdyn = data_blob_dup_talloc(req, security_buffer);
if (outdyn.length != security_buffer.length) {
return smbd_smb2_request_error(req,
NT_STATUS_NO_MEMORY);
}
ofs = security_offset + security_buffer.length;
if ((ofs % 8) != 0) {
pad = 8 - (ofs % 8);
}
ofs += pad;
ok = data_blob_append(req, &outdyn, zeros, pad);
if (!ok) {
return smbd_smb2_request_error(req,
NT_STATUS_NO_MEMORY);
}
ok = data_blob_append(req, &outdyn,
out_negotiate_context_blob.data,
out_negotiate_context_blob.length);
if (!ok) {
return smbd_smb2_request_error(req,
NT_STATUS_NO_MEMORY);
}
out_negotiate_context_offset = ofs;
out_negotiate_context_count = out_c.num_contexts;
} else {
outdyn = security_buffer;
}
out_guid_blob = data_blob_const(negprot_spnego_blob.data, 16);
status = GUID_from_ndr_blob(&out_guid_blob, &out_guid);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
outbody = smbd_smb2_generate_outbody(req, 0x40);
if (outbody.data == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
security_mode); /* security mode */
SSVAL(outbody.data, 0x04, dialect); /* dialect revision */
SSVAL(outbody.data, 0x06,
out_negotiate_context_count); /* reserved/NegotiateContextCount */
memcpy(outbody.data + 0x08,
out_guid_blob.data, 16); /* server guid */
SIVAL(outbody.data, 0x18,
capabilities); /* capabilities */
SIVAL(outbody.data, 0x1C, max_trans); /* max transact size */
SIVAL(outbody.data, 0x20, max_read); /* max read size */
SIVAL(outbody.data, 0x24, max_write); /* max write size */
SBVAL(outbody.data, 0x28, now); /* system time */
SBVAL(outbody.data, 0x30, 0); /* server start time */
SSVAL(outbody.data, 0x38,
security_offset); /* security buffer offset */
SSVAL(outbody.data, 0x3A,
security_buffer.length); /* security buffer length */
SIVAL(outbody.data, 0x3C,
out_negotiate_context_offset); /* reserved/NegotiateContextOffset */
req->sconn->using_smb2 = true;
if (dialect != SMB2_DIALECT_REVISION_2FF) {
struct smbXsrv_client_global0 *global0 = NULL;
status = smbXsrv_connection_init_tables(xconn, protocol);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
xconn->smb2.client.capabilities = in_capabilities;
xconn->smb2.client.security_mode = in_security_mode;
xconn->smb2.client.guid = in_guid;
xconn->smb2.client.num_dialects = dialect_count;
xconn->smb2.client.dialects = talloc_array(xconn,
uint16_t,
dialect_count);
if (xconn->smb2.client.dialects == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
for (c=0; c < dialect_count; c++) {
xconn->smb2.client.dialects[c] = SVAL(indyn, c*2);
}
xconn->smb2.server.capabilities = capabilities;
xconn->smb2.server.security_mode = security_mode;
xconn->smb2.server.guid = out_guid;
xconn->smb2.server.dialect = dialect;
xconn->smb2.server.max_trans = max_trans;
xconn->smb2.server.max_read = max_read;
xconn->smb2.server.max_write = max_write;
if (xconn->protocol < PROTOCOL_SMB2_10) {
/*
* SMB2_02 doesn't support client guids
*/
return smbd_smb2_request_done(req, outbody, &outdyn);
}
if (!xconn->client->server_multi_channel_enabled) {
/*
* Only deal with the client guid database
* if multi-channel is enabled.
*/
return smbd_smb2_request_done(req, outbody, &outdyn);
}
if (xconn->smb2.client.guid_verified) {
/*
* The connection was passed from another
* smbd process.
*/
return smbd_smb2_request_done(req, outbody, &outdyn);
}
status = smb2srv_client_lookup_global(xconn->client,
xconn->smb2.client.guid,
req, &global0);
/*
* TODO: check for races...
*/
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECTID_NOT_FOUND)) {
/*
* This stores the new client information in
* smbXsrv_client_global.tdb
*/
xconn->client->global->client_guid =
xconn->smb2.client.guid;
status = smbXsrv_client_update(xconn->client);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
xconn->smb2.client.guid_verified = true;
} else if (NT_STATUS_IS_OK(status)) {
status = smb2srv_client_connection_pass(req,
global0);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
smbd_server_connection_terminate(xconn,
"passed connection");
return NT_STATUS_OBJECTID_EXISTS;
} else {
return smbd_smb2_request_error(req, status);
}
}
return smbd_smb2_request_done(req, outbody, &outdyn);
}
static void smbd_smb2_request_notify_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
int i = req->current_idx;
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint16_t out_output_buffer_offset;
DATA_BLOB out_output_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS error; /* transport error */
if (req->cancelled) {
struct smbd_smb2_notify_state *state = tevent_req_data(subreq,
struct smbd_smb2_notify_state);
const uint8_t *inhdr = (const uint8_t *)req->in.vector[i].iov_base;
uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
DEBUG(10,("smbd_smb2_request_notify_done: cancelled mid %llu\n",
(unsigned long long)mid ));
error = smbd_smb2_request_error(req, NT_STATUS_CANCELLED);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
TALLOC_FREE(state->im);
return;
}
status = smbd_smb2_notify_recv(subreq,
req,
&out_output_buffer);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
out_output_buffer_offset = SMB2_HDR_BODY + 0x08;
outhdr = (uint8_t *)req->out.vector[i].iov_base;
outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
out_output_buffer_offset); /* output buffer offset */
SIVAL(outbody.data, 0x04,
out_output_buffer.length); /* output buffer length */
outdyn = out_output_buffer;
error = smbd_smb2_request_done(req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_getinfo_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint16_t out_output_buffer_offset;
DATA_BLOB out_output_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS call_status = NT_STATUS_OK;
NTSTATUS error; /* transport error */
status = smbd_smb2_getinfo_recv(subreq,
req,
&out_output_buffer,
&call_status);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
/* some GetInfo responses set STATUS_BUFFER_OVERFLOW and return partial,
but valid data */
if (!(NT_STATUS_IS_OK(call_status) ||
NT_STATUS_EQUAL(call_status, STATUS_BUFFER_OVERFLOW))) {
/* Return a specific error with data. */
error = smbd_smb2_request_error_ex(req,
call_status,
&out_output_buffer,
__location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
out_output_buffer_offset = SMB2_HDR_BODY + 0x08;
outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
out_output_buffer_offset); /* output buffer offset */
SIVAL(outbody.data, 0x04,
out_output_buffer.length); /* output buffer length */
outdyn = out_output_buffer;
error = smbd_smb2_request_done_ex(req, call_status, outbody, &outdyn, __location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_ioctl_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
const uint8_t *inbody;
int i = req->current_idx;
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint32_t in_ctl_code;
uint64_t in_file_id_persistent;
uint64_t in_file_id_volatile;
uint32_t out_input_offset;
uint32_t out_output_offset;
DATA_BLOB out_output_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_ioctl_recv(subreq, req, &out_output_buffer);
DEBUG(10,("smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned "
"%u status %s\n",
(unsigned int)out_output_buffer.length,
nt_errstr(status) ));
TALLOC_FREE(subreq);
if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
/* also ok */
} else if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
out_input_offset = SMB2_HDR_BODY + 0x30;
out_output_offset = SMB2_HDR_BODY + 0x30;
inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
in_ctl_code = IVAL(inbody, 0x04);
in_file_id_persistent = BVAL(inbody, 0x08);
in_file_id_volatile = BVAL(inbody, 0x10);
outhdr = (uint8_t *)req->out.vector[i].iov_base;
outbody = data_blob_talloc(req->out.vector, NULL, 0x30);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x30 + 1); /* struct size */
SSVAL(outbody.data, 0x02, 0); /* reserved */
SIVAL(outbody.data, 0x04,
in_ctl_code); /* ctl code */
SBVAL(outbody.data, 0x08,
in_file_id_persistent); /* file id (persistent) */
SBVAL(outbody.data, 0x10,
in_file_id_volatile); /* file id (volatile) */
SIVAL(outbody.data, 0x18,
out_input_offset); /* input offset */
SIVAL(outbody.data, 0x1C, 0); /* input count */
SIVAL(outbody.data, 0x20,
out_output_offset); /* output offset */
SIVAL(outbody.data, 0x24,
out_output_buffer.length); /* output count */
SIVAL(outbody.data, 0x28, 0); /* flags */
SIVAL(outbody.data, 0x2C, 0); /* reserved */
/*
* Note: Windows Vista and 2008 send back also the
* input from the request. But it was fixed in
* Windows 7.
*/
outdyn = out_output_buffer;
error = smbd_smb2_request_done_ex(req, status, outbody, &outdyn,
__location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_tcon_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req =
tevent_req_callback_data(subreq,
struct smbd_smb2_request);
uint8_t *outhdr;
DATA_BLOB outbody;
uint8_t out_share_type = 0;
uint32_t out_share_flags = 0;
uint32_t out_capabilities = 0;
uint32_t out_maximal_access = 0;
uint32_t out_tree_id = 0;
NTSTATUS status;
NTSTATUS error;
status = smbd_smb2_tree_connect_recv(subreq,
&out_share_type,
&out_share_flags,
&out_capabilities,
&out_maximal_access,
&out_tree_id);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
outhdr = SMBD_SMB2_OUT_HDR_PTR(req);
outbody = data_blob_talloc(req->out.vector, NULL, 0x10);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SIVAL(outhdr, SMB2_HDR_TID, out_tree_id);
SSVAL(outbody.data, 0x00, 0x10); /* struct size */
SCVAL(outbody.data, 0x02,
out_share_type); /* share type */
SCVAL(outbody.data, 0x03, 0); /* reserved */
SIVAL(outbody.data, 0x04,
out_share_flags); /* share flags */
SIVAL(outbody.data, 0x08,
out_capabilities); /* capabilities */
SIVAL(outbody.data, 0x0C,
out_maximal_access); /* maximal access */
error = smbd_smb2_request_done(req, outbody, NULL);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_getinfo_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
int i = req->current_idx;
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint16_t out_output_buffer_offset;
DATA_BLOB out_output_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS call_status = NT_STATUS_OK;
NTSTATUS error; /* transport error */
status = smbd_smb2_getinfo_recv(subreq,
req,
&out_output_buffer,
&call_status);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
if (!NT_STATUS_IS_OK(call_status)) {
/* Return a specific error with data. */
error = smbd_smb2_request_error_ex(req,
call_status,
&out_output_buffer,
__location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
out_output_buffer_offset = SMB2_HDR_BODY + 0x08;
outhdr = (uint8_t *)req->out.vector[i].iov_base;
outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
out_output_buffer_offset); /* output buffer offset */
SIVAL(outbody.data, 0x04,
out_output_buffer.length); /* output buffer length */
outdyn = out_output_buffer;
error = smbd_smb2_request_done(req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
return;
}
}
static void smbXsrv_session_close_loop(struct tevent_req *subreq)
{
struct smbXsrv_connection *conn =
tevent_req_callback_data(subreq,
struct smbXsrv_connection);
struct smbXsrv_session_table *table = conn->session_table;
int ret;
struct messaging_rec *rec = NULL;
struct smbXsrv_session_closeB close_blob;
enum ndr_err_code ndr_err;
struct smbXsrv_session_close0 *close_info0 = NULL;
struct smbXsrv_session *session = NULL;
NTSTATUS status;
struct timeval tv = timeval_current();
NTTIME now = timeval_to_nttime(&tv);
ret = msg_read_recv(subreq, talloc_tos(), &rec);
TALLOC_FREE(subreq);
if (ret != 0) {
goto next;
}
ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &close_blob,
(ndr_pull_flags_fn_t)ndr_pull_smbXsrv_session_closeB);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
DEBUG(1,("smbXsrv_session_close_loop: "
"ndr_pull_struct_blob - %s\n",
nt_errstr(status)));
goto next;
}
DEBUG(10,("smbXsrv_session_close_loop: MSG_SMBXSRV_SESSION_CLOSE\n"));
if (DEBUGLVL(10)) {
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
}
if (close_blob.version != SMBXSRV_VERSION_0) {
DEBUG(0,("smbXsrv_session_close_loop: "
"ignore invalid version %u\n", close_blob.version));
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
goto next;
}
close_info0 = close_blob.info.info0;
if (close_info0 == NULL) {
DEBUG(0,("smbXsrv_session_close_loop: "
"ignore NULL info %u\n", close_blob.version));
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
goto next;
}
status = smb2srv_session_lookup(conn, close_info0->old_session_wire_id,
now, &session);
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
DEBUG(4,("smbXsrv_session_close_loop: "
"old_session_wire_id %llu not found\n",
(unsigned long long)close_info0->old_session_wire_id));
if (DEBUGLVL(4)) {
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
}
goto next;
}
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
DEBUG(1,("smbXsrv_session_close_loop: "
"old_session_wire_id %llu - %s\n",
(unsigned long long)close_info0->old_session_wire_id,
nt_errstr(status)));
if (DEBUGLVL(1)) {
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
}
goto next;
}
if (session->global->session_global_id != close_info0->old_session_global_id) {
DEBUG(1,("smbXsrv_session_close_loop: "
"old_session_wire_id %llu - global %u != %u\n",
(unsigned long long)close_info0->old_session_wire_id,
session->global->session_global_id,
close_info0->old_session_global_id));
if (DEBUGLVL(1)) {
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
}
goto next;
}
if (session->global->creation_time != close_info0->old_creation_time) {
DEBUG(1,("smbXsrv_session_close_loop: "
"old_session_wire_id %llu - "
"creation %s (%llu) != %s (%llu)\n",
(unsigned long long)close_info0->old_session_wire_id,
nt_time_string(rec, session->global->creation_time),
(unsigned long long)session->global->creation_time,
nt_time_string(rec, close_info0->old_creation_time),
(unsigned long long)close_info0->old_creation_time));
if (DEBUGLVL(1)) {
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
}
goto next;
}
/*
* TODO: cancel all outstanding requests on the session
*/
status = smbXsrv_session_logoff(session);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("smbXsrv_session_close_loop: "
"smbXsrv_session_logoff(%llu) failed: %s\n",
(unsigned long long)session->global->session_wire_id,
nt_errstr(status)));
if (DEBUGLVL(1)) {
NDR_PRINT_DEBUG(smbXsrv_session_closeB, &close_blob);
}
}
TALLOC_FREE(session);
next:
TALLOC_FREE(rec);
subreq = msg_read_send(table, conn->ev_ctx, table->close_channel);
if (subreq == NULL) {
smbd_server_connection_terminate(conn->sconn,
"msg_read_send() failed");
return;
}
tevent_req_set_callback(subreq, smbXsrv_session_close_loop, conn);
}
static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *smb2req =
tevent_req_callback_data(subreq,
struct smbd_smb2_request);
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint16_t out_session_flags = 0;
uint64_t out_session_id = 0;
uint16_t out_security_offset;
DATA_BLOB out_security_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_session_setup_wrap_recv(subreq,
&out_session_flags,
smb2req,
&out_security_buffer,
&out_session_id);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
status = nt_status_squash(status);
error = smbd_smb2_request_error(smb2req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->xconn,
nt_errstr(error));
return;
}
return;
}
out_security_offset = SMB2_HDR_BODY + 0x08;
outhdr = SMBD_SMB2_OUT_HDR_PTR(smb2req);
outbody = smbd_smb2_generate_outbody(smb2req, 0x08);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->xconn,
nt_errstr(error));
return;
}
return;
}
SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id);
SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
out_session_flags); /* session flags */
SSVAL(outbody.data, 0x04,
out_security_offset); /* security buffer offset */
SSVAL(outbody.data, 0x06,
out_security_buffer.length); /* security buffer length */
outdyn = out_security_buffer;
error = smbd_smb2_request_done_ex(smb2req, status, outbody, &outdyn,
__location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->xconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_create_done(struct tevent_req *tsubreq)
{
struct smbd_smb2_request *smb2req = tevent_req_callback_data(tsubreq,
struct smbd_smb2_request);
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint8_t out_oplock_level = 0;
uint32_t out_create_action = 0;
connection_struct *conn = smb2req->tcon->compat;
struct timespec out_creation_ts = { 0, };
struct timespec out_last_access_ts = { 0, };
struct timespec out_last_write_ts = { 0, };
struct timespec out_change_ts = { 0, };
uint64_t out_allocation_size = 0;
uint64_t out_end_of_file = 0;
uint32_t out_file_attributes = 0;
uint64_t out_file_id_persistent = 0;
uint64_t out_file_id_volatile = 0;
struct smb2_create_blobs out_context_blobs;
DATA_BLOB out_context_buffer;
uint16_t out_context_buffer_offset = 0;
NTSTATUS status;
NTSTATUS error; /* transport error */
status = smbd_smb2_create_recv(tsubreq,
smb2req,
&out_oplock_level,
&out_create_action,
&out_creation_ts,
&out_last_access_ts,
&out_last_write_ts,
&out_change_ts,
&out_allocation_size,
&out_end_of_file,
&out_file_attributes,
&out_file_id_persistent,
&out_file_id_volatile,
&out_context_blobs);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(smb2req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->xconn,
nt_errstr(error));
return;
}
return;
}
status = smb2_create_blob_push(smb2req, &out_context_buffer, out_context_blobs);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(smb2req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->xconn,
nt_errstr(error));
return;
}
return;
}
if (out_context_buffer.length > 0) {
out_context_buffer_offset = SMB2_HDR_BODY + 0x58;
}
outbody = smbd_smb2_generate_outbody(smb2req, 0x58);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->xconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x58 + 1); /* struct size */
SCVAL(outbody.data, 0x02,
out_oplock_level); /* oplock level */
SCVAL(outbody.data, 0x03, 0); /* reserved */
SIVAL(outbody.data, 0x04,
out_create_action); /* create action */
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x08,
out_creation_ts); /* creation time */
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x10,
out_last_access_ts); /* last access time */
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x18,
out_last_write_ts); /* last write time */
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x20,
out_change_ts); /* change time */
SBVAL(outbody.data, 0x28,
out_allocation_size); /* allocation size */
SBVAL(outbody.data, 0x30,
out_end_of_file); /* end of file */
SIVAL(outbody.data, 0x38,
out_file_attributes); /* file attributes */
SIVAL(outbody.data, 0x3C, 0); /* reserved */
SBVAL(outbody.data, 0x40,
out_file_id_persistent); /* file id (persistent) */
SBVAL(outbody.data, 0x48,
out_file_id_volatile); /* file id (volatile) */
SIVAL(outbody.data, 0x50,
out_context_buffer_offset); /* create contexts offset */
SIVAL(outbody.data, 0x54,
out_context_buffer.length); /* create contexts length */
outdyn = out_context_buffer;
error = smbd_smb2_request_done(smb2req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->xconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_create_done(struct tevent_req *tsubreq)
{
struct smbd_smb2_request *smb2req = tevent_req_callback_data(tsubreq,
struct smbd_smb2_request);
int i = smb2req->current_idx;
uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint8_t out_oplock_level = 0;
uint32_t out_create_action = 0;
NTTIME out_creation_time = 0;
NTTIME out_last_access_time = 0;
NTTIME out_last_write_time = 0;
NTTIME out_change_time = 0;
uint64_t out_allocation_size = 0;
uint64_t out_end_of_file = 0;
uint32_t out_file_attributes = 0;
uint64_t out_file_id_persistent = 0;
uint64_t out_file_id_volatile = 0;
struct smb2_create_blobs out_context_blobs;
DATA_BLOB out_context_buffer;
uint16_t out_context_buffer_offset = 0;
NTSTATUS status;
NTSTATUS error; /* transport error */
if (smb2req->cancelled) {
uint64_t mid = get_mid_from_smb2req(smb2req);
DEBUG(10,("smbd_smb2_request_create_done: cancelled mid %llu\n",
(unsigned long long)mid ));
error = smbd_smb2_request_error(smb2req, NT_STATUS_CANCELLED);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->sconn,
nt_errstr(error));
return;
}
return;
}
status = smbd_smb2_create_recv(tsubreq,
smb2req,
&out_oplock_level,
&out_create_action,
&out_creation_time,
&out_last_access_time,
&out_last_write_time,
&out_change_time,
&out_allocation_size,
&out_end_of_file,
&out_file_attributes,
&out_file_id_persistent,
&out_file_id_volatile,
&out_context_blobs);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(smb2req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->sconn,
nt_errstr(error));
return;
}
return;
}
status = smb2_create_blob_push(smb2req, &out_context_buffer, out_context_blobs);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(smb2req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->sconn,
nt_errstr(error));
return;
}
return;
}
if (out_context_buffer.length > 0) {
out_context_buffer_offset = SMB2_HDR_BODY + 0x58;
}
outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x58);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->sconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x58 + 1); /* struct size */
SCVAL(outbody.data, 0x02,
out_oplock_level); /* oplock level */
SCVAL(outbody.data, 0x03, 0); /* reserved */
SIVAL(outbody.data, 0x04,
out_create_action); /* create action */
SBVAL(outbody.data, 0x08,
out_creation_time); /* creation time */
SBVAL(outbody.data, 0x10,
out_last_access_time); /* last access time */
SBVAL(outbody.data, 0x18,
out_last_write_time); /* last write time */
SBVAL(outbody.data, 0x20,
out_change_time); /* change time */
SBVAL(outbody.data, 0x28,
out_allocation_size); /* allocation size */
SBVAL(outbody.data, 0x30,
out_end_of_file); /* end of file */
SIVAL(outbody.data, 0x38,
out_file_attributes); /* file attributes */
SIVAL(outbody.data, 0x3C, 0); /* reserved */
SBVAL(outbody.data, 0x40,
out_file_id_persistent); /* file id (persistent) */
SBVAL(outbody.data, 0x48,
out_file_id_volatile); /* file id (volatile) */
SIVAL(outbody.data, 0x50,
out_context_buffer_offset); /* create contexts offset */
SIVAL(outbody.data, 0x54,
out_context_buffer.length); /* create contexts length */
outdyn = out_context_buffer;
error = smbd_smb2_request_done(smb2req, outbody, &outdyn);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(smb2req->sconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_close_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req =
tevent_req_callback_data(subreq,
struct smbd_smb2_request);
DATA_BLOB outbody;
uint16_t out_flags = 0;
connection_struct *conn = req->tcon->compat;
struct timespec out_creation_ts = { 0, };
struct timespec out_last_access_ts = { 0, };
struct timespec out_last_write_ts = { 0, };
struct timespec out_change_ts = { 0, };
uint64_t out_allocation_size = 0;
uint64_t out_end_of_file = 0;
uint32_t out_file_attributes = 0;
NTSTATUS status;
NTSTATUS error;
status = smbd_smb2_close_recv(subreq,
&out_flags,
&out_creation_ts,
&out_last_access_ts,
&out_last_write_ts,
&out_change_ts,
&out_allocation_size,
&out_end_of_file,
&out_file_attributes);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
outbody = smbd_smb2_generate_outbody(req, 0x3C);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x3C); /* struct size */
SSVAL(outbody.data, 0x02, out_flags);
SIVAL(outbody.data, 0x04, 0); /* reserved */
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x08, out_creation_ts);
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x10, out_last_access_ts);
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x18, out_last_write_ts);
put_long_date_timespec(conn->ts_res,
(char *)outbody.data + 0x20, out_change_ts);
SBVAL(outbody.data, 0x28, out_allocation_size);
SBVAL(outbody.data, 0x30, out_end_of_file);
SIVAL(outbody.data, 0x38, out_file_attributes);
error = smbd_smb2_request_done(req, outbody, NULL);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
}
static void smbd_smb2_request_ioctl_done(struct tevent_req *subreq)
{
struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
struct smbd_smb2_request);
const uint8_t *inbody;
DATA_BLOB outbody;
DATA_BLOB outdyn;
uint32_t in_ctl_code;
uint64_t in_file_id_persistent;
uint64_t in_file_id_volatile;
uint32_t out_input_offset;
uint32_t out_output_offset;
DATA_BLOB out_output_buffer = data_blob_null;
NTSTATUS status;
NTSTATUS error; /* transport error */
bool disconnect = false;
status = smbd_smb2_ioctl_recv(subreq, req,
&out_output_buffer,
&disconnect);
DEBUG(10,("smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned "
"%u status %s\n",
(unsigned int)out_output_buffer.length,
nt_errstr(status) ));
TALLOC_FREE(subreq);
if (disconnect) {
error = status;
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
inbody = SMBD_SMB2_IN_BODY_PTR(req);
in_ctl_code = IVAL(inbody, 0x04);
in_file_id_persistent = BVAL(inbody, 0x08);
in_file_id_volatile = BVAL(inbody, 0x10);
if (smbd_smb2_ioctl_is_failure(in_ctl_code, status,
out_output_buffer.length)) {
error = smbd_smb2_request_error(req, status);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
out_input_offset = SMB2_HDR_BODY + 0x30;
out_output_offset = SMB2_HDR_BODY + 0x30;
outbody = smbd_smb2_generate_outbody(req, 0x30);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
return;
}
SSVAL(outbody.data, 0x00, 0x30 + 1); /* struct size */
SSVAL(outbody.data, 0x02, 0); /* reserved */
SIVAL(outbody.data, 0x04,
in_ctl_code); /* ctl code */
SBVAL(outbody.data, 0x08,
in_file_id_persistent); /* file id (persistent) */
SBVAL(outbody.data, 0x10,
in_file_id_volatile); /* file id (volatile) */
SIVAL(outbody.data, 0x18,
out_input_offset); /* input offset */
SIVAL(outbody.data, 0x1C, 0); /* input count */
SIVAL(outbody.data, 0x20,
out_output_offset); /* output offset */
SIVAL(outbody.data, 0x24,
out_output_buffer.length); /* output count */
SIVAL(outbody.data, 0x28, 0); /* flags */
SIVAL(outbody.data, 0x2C, 0); /* reserved */
/*
* Note: Windows Vista and 2008 send back also the
* input from the request. But it was fixed in
* Windows 7.
*/
outdyn = out_output_buffer;
error = smbd_smb2_request_done_ex(req, status, outbody, &outdyn,
__location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->xconn,
nt_errstr(error));
return;
}
}
