/* push a string into the data portion of the request packet, growing it if necessary this gets quite tricky - please be very careful to cover all cases when modifying this if dest is NULL, then put the string at the end of the data portion of the packet if dest_len is -1 then no limit applies */ size_t smbcli_req_append_ascii4(struct smbcli_request *req, const char *str, unsigned int flags) { size_t size; smbcli_req_append_bytes(req, (const uint8_t *)"\4", 1); size = smbcli_req_append_string(req, str, flags); return size + 1; }
/* this is like smbcli_req_append_string but it also return the non-terminated string byte length, which can be less than the number of bytes consumed in the packet for 2 reasons: 1) the string in the packet may be null terminated 2) the string in the packet may need a 1 byte UCS2 alignment this is used in places where the non-terminated string byte length is placed in the packet as a separate field */ size_t smbcli_req_append_string_len(struct smbcli_request *req, const char *str, unsigned int flags, int *len) { int diff = 0; size_t ret; /* determine string type to use */ if (!(flags & (STR_ASCII|STR_UNICODE))) { flags |= (req->transport->negotiate.capabilities & CAP_UNICODE) ? STR_UNICODE : STR_ASCII; } /* see if an alignment byte will be used */ if ((flags & STR_UNICODE) && !(flags & STR_NOALIGN)) { diff = ucs2_align(NULL, req->out.data + req->out.data_size, flags); } /* do the hard work */ ret = smbcli_req_append_string(req, str, flags); /* see if we need to subtract the termination */ if (flags & STR_TERMINATE) { diff += (flags & STR_UNICODE) ? 2 : 1; } if (ret >= diff) { (*len) = ret - diff; } else { (*len) = ret; } return ret; }
/* Send a negprot command. */ struct smbcli_request *smb_raw_negotiate_send(struct smbcli_transport *transport, bool unicode, int maxprotocol) { struct smbcli_request *req; int i; uint16_t flags2 = 0; req = smbcli_request_setup_transport(transport, SMBnegprot, 0, 0); if (!req) { return NULL; } flags2 |= FLAGS2_32_BIT_ERROR_CODES; if (unicode) { flags2 |= FLAGS2_UNICODE_STRINGS; } flags2 |= FLAGS2_EXTENDED_ATTRIBUTES; flags2 |= FLAGS2_LONG_PATH_COMPONENTS; flags2 |= FLAGS2_IS_LONG_NAME; if (transport->options.use_spnego) { flags2 |= FLAGS2_EXTENDED_SECURITY; } SSVAL(req->out.hdr,HDR_FLG2, flags2); /* setup the protocol strings */ for (i=0; i < ARRAY_SIZE(prots) && prots[i].prot <= maxprotocol; i++) { smbcli_req_append_bytes(req, (const uint8_t *)"\2", 1); smbcli_req_append_string(req, prots[i].name, STR_TERMINATE | STR_ASCII); } if (!smbcli_request_send(req)) { smbcli_request_destroy(req); return NULL; } return req; }
/**************************************************************************** Perform a session setup (async send) ****************************************************************************/ struct smbcli_request *smb_raw_sesssetup_send(struct smbcli_session *session, union smb_sesssetup *parms) { struct smbcli_request *req = NULL; switch (parms->old.level) { case RAW_SESSSETUP_OLD: SETUP_REQUEST_SESSION(SMBsesssetupX, 10, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv,VWV(2),parms->old.in.bufsize); SSVAL(req->out.vwv,VWV(3),parms->old.in.mpx_max); SSVAL(req->out.vwv,VWV(4),parms->old.in.vc_num); SIVAL(req->out.vwv,VWV(5),parms->old.in.sesskey); SSVAL(req->out.vwv,VWV(7),parms->old.in.password.length); SIVAL(req->out.vwv,VWV(8), 0); /* reserved */ smbcli_req_append_blob(req, &parms->old.in.password); smbcli_req_append_string(req, parms->old.in.user, STR_TERMINATE); smbcli_req_append_string(req, parms->old.in.domain, STR_TERMINATE|STR_UPPER); smbcli_req_append_string(req, parms->old.in.os, STR_TERMINATE); smbcli_req_append_string(req, parms->old.in.lanman, STR_TERMINATE); break; case RAW_SESSSETUP_NT1: SETUP_REQUEST_SESSION(SMBsesssetupX, 13, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), parms->nt1.in.bufsize); SSVAL(req->out.vwv, VWV(3), parms->nt1.in.mpx_max); SSVAL(req->out.vwv, VWV(4), parms->nt1.in.vc_num); SIVAL(req->out.vwv, VWV(5), parms->nt1.in.sesskey); SSVAL(req->out.vwv, VWV(7), parms->nt1.in.password1.length); SSVAL(req->out.vwv, VWV(8), parms->nt1.in.password2.length); SIVAL(req->out.vwv, VWV(9), 0); /* reserved */ SIVAL(req->out.vwv, VWV(11), parms->nt1.in.capabilities); smbcli_req_append_blob(req, &parms->nt1.in.password1); smbcli_req_append_blob(req, &parms->nt1.in.password2); smbcli_req_append_string(req, parms->nt1.in.user, STR_TERMINATE); smbcli_req_append_string(req, parms->nt1.in.domain, STR_TERMINATE|STR_UPPER); smbcli_req_append_string(req, parms->nt1.in.os, STR_TERMINATE); smbcli_req_append_string(req, parms->nt1.in.lanman, STR_TERMINATE); break; case RAW_SESSSETUP_SPNEGO: SETUP_REQUEST_SESSION(SMBsesssetupX, 12, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), parms->spnego.in.bufsize); SSVAL(req->out.vwv, VWV(3), parms->spnego.in.mpx_max); SSVAL(req->out.vwv, VWV(4), parms->spnego.in.vc_num); SIVAL(req->out.vwv, VWV(5), parms->spnego.in.sesskey); SSVAL(req->out.vwv, VWV(7), parms->spnego.in.secblob.length); SIVAL(req->out.vwv, VWV(8), 0); /* reserved */ SIVAL(req->out.vwv, VWV(10), parms->spnego.in.capabilities); smbcli_req_append_blob(req, &parms->spnego.in.secblob); smbcli_req_append_string(req, parms->spnego.in.os, STR_TERMINATE); smbcli_req_append_string(req, parms->spnego.in.lanman, STR_TERMINATE); smbcli_req_append_string(req, parms->spnego.in.workgroup, STR_TERMINATE); break; case RAW_SESSSETUP_SMB2: return NULL; } if (!smbcli_request_send(req)) { smbcli_request_destroy(req); return NULL; } return req; }
/**************************************************************************** Open a file - async send ****************************************************************************/ _PUBLIC_ struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, union smb_open *parms) { int len; struct smbcli_request *req = NULL; bool bigoffset = false; switch (parms->generic.level) { case RAW_OPEN_T2OPEN: return smb_raw_t2open_send(tree, parms); case RAW_OPEN_OPEN: SETUP_REQUEST(SMBopen, 2, 0); SSVAL(req->out.vwv, VWV(0), parms->openold.in.open_mode); SSVAL(req->out.vwv, VWV(1), parms->openold.in.search_attrs); smbcli_req_append_ascii4(req, parms->openold.in.fname, STR_TERMINATE); break; case RAW_OPEN_OPENX: SETUP_REQUEST(SMBopenX, 15, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), parms->openx.in.flags); SSVAL(req->out.vwv, VWV(3), parms->openx.in.open_mode); SSVAL(req->out.vwv, VWV(4), parms->openx.in.search_attrs); SSVAL(req->out.vwv, VWV(5), parms->openx.in.file_attrs); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(6), parms->openx.in.write_time); SSVAL(req->out.vwv, VWV(8), parms->openx.in.open_func); SIVAL(req->out.vwv, VWV(9), parms->openx.in.size); SIVAL(req->out.vwv, VWV(11),parms->openx.in.timeout); SIVAL(req->out.vwv, VWV(13),0); /* reserved */ smbcli_req_append_string(req, parms->openx.in.fname, STR_TERMINATE); break; case RAW_OPEN_MKNEW: SETUP_REQUEST(SMBmknew, 3, 0); SSVAL(req->out.vwv, VWV(0), parms->mknew.in.attrib); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(1), parms->mknew.in.write_time); smbcli_req_append_ascii4(req, parms->mknew.in.fname, STR_TERMINATE); break; case RAW_OPEN_CREATE: SETUP_REQUEST(SMBcreate, 3, 0); SSVAL(req->out.vwv, VWV(0), parms->create.in.attrib); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(1), parms->create.in.write_time); smbcli_req_append_ascii4(req, parms->create.in.fname, STR_TERMINATE); break; case RAW_OPEN_CTEMP: SETUP_REQUEST(SMBctemp, 3, 0); SSVAL(req->out.vwv, VWV(0), parms->ctemp.in.attrib); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(1), parms->ctemp.in.write_time); smbcli_req_append_ascii4(req, parms->ctemp.in.directory, STR_TERMINATE); break; case RAW_OPEN_SPLOPEN: SETUP_REQUEST(SMBsplopen, 2, 0); SSVAL(req->out.vwv, VWV(0), parms->splopen.in.setup_length); SSVAL(req->out.vwv, VWV(1), parms->splopen.in.mode); break; case RAW_OPEN_NTCREATEX: SETUP_REQUEST(SMBntcreateX, 24, 0); SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1),0); SCVAL(req->out.vwv, VWV(2),0); /* padding */ SIVAL(req->out.vwv, 7, parms->ntcreatex.in.flags); SIVAL(req->out.vwv, 11, parms->ntcreatex.in.root_fid.fnum); SIVAL(req->out.vwv, 15, parms->ntcreatex.in.access_mask); SBVAL(req->out.vwv, 19, parms->ntcreatex.in.alloc_size); SIVAL(req->out.vwv, 27, parms->ntcreatex.in.file_attr); SIVAL(req->out.vwv, 31, parms->ntcreatex.in.share_access); SIVAL(req->out.vwv, 35, parms->ntcreatex.in.open_disposition); SIVAL(req->out.vwv, 39, parms->ntcreatex.in.create_options); SIVAL(req->out.vwv, 43, parms->ntcreatex.in.impersonation); SCVAL(req->out.vwv, 47, parms->ntcreatex.in.security_flags); smbcli_req_append_string_len(req, parms->ntcreatex.in.fname, STR_TERMINATE, &len); SSVAL(req->out.vwv, 5, len); break; case RAW_OPEN_NTTRANS_CREATE: return smb_raw_nttrans_create_send(tree, parms); case RAW_OPEN_OPENX_READX: SETUP_REQUEST(SMBopenX, 15, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), parms->openxreadx.in.flags); SSVAL(req->out.vwv, VWV(3), parms->openxreadx.in.open_mode); SSVAL(req->out.vwv, VWV(4), parms->openxreadx.in.search_attrs); SSVAL(req->out.vwv, VWV(5), parms->openxreadx.in.file_attrs); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(6), parms->openxreadx.in.write_time); SSVAL(req->out.vwv, VWV(8), parms->openxreadx.in.open_func); SIVAL(req->out.vwv, VWV(9), parms->openxreadx.in.size); SIVAL(req->out.vwv, VWV(11),parms->openxreadx.in.timeout); SIVAL(req->out.vwv, VWV(13),0); smbcli_req_append_string(req, parms->openxreadx.in.fname, STR_TERMINATE); if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) { bigoffset = true; } smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), 0); SIVAL(req->out.vwv, VWV(3), parms->openxreadx.in.offset); SSVAL(req->out.vwv, VWV(5), parms->openxreadx.in.maxcnt & 0xFFFF); SSVAL(req->out.vwv, VWV(6), parms->openxreadx.in.mincnt); SIVAL(req->out.vwv, VWV(7), parms->openxreadx.in.maxcnt >> 16); SSVAL(req->out.vwv, VWV(9), parms->openxreadx.in.remaining); if (bigoffset) { SIVAL(req->out.vwv, VWV(10),parms->openxreadx.in.offset>>32); } break; case RAW_OPEN_NTCREATEX_READX: SETUP_REQUEST(SMBntcreateX, 24, 0); SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1),0); SCVAL(req->out.vwv, VWV(2),0); /* padding */ SIVAL(req->out.vwv, 7, parms->ntcreatexreadx.in.flags); SIVAL(req->out.vwv, 11, parms->ntcreatexreadx.in.root_fid.fnum); SIVAL(req->out.vwv, 15, parms->ntcreatexreadx.in.access_mask); SBVAL(req->out.vwv, 19, parms->ntcreatexreadx.in.alloc_size); SIVAL(req->out.vwv, 27, parms->ntcreatexreadx.in.file_attr); SIVAL(req->out.vwv, 31, parms->ntcreatexreadx.in.share_access); SIVAL(req->out.vwv, 35, parms->ntcreatexreadx.in.open_disposition); SIVAL(req->out.vwv, 39, parms->ntcreatexreadx.in.create_options); SIVAL(req->out.vwv, 43, parms->ntcreatexreadx.in.impersonation); SCVAL(req->out.vwv, 47, parms->ntcreatexreadx.in.security_flags); smbcli_req_append_string_len(req, parms->ntcreatexreadx.in.fname, STR_TERMINATE, &len); SSVAL(req->out.vwv, 5, len); if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) { bigoffset = true; } smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), 0); SIVAL(req->out.vwv, VWV(3), parms->ntcreatexreadx.in.offset); SSVAL(req->out.vwv, VWV(5), parms->ntcreatexreadx.in.maxcnt & 0xFFFF); SSVAL(req->out.vwv, VWV(6), parms->ntcreatexreadx.in.mincnt); SIVAL(req->out.vwv, VWV(7), parms->ntcreatexreadx.in.maxcnt >> 16); SSVAL(req->out.vwv, VWV(9), parms->ntcreatexreadx.in.remaining); if (bigoffset) { SIVAL(req->out.vwv, VWV(10),parms->ntcreatexreadx.in.offset>>32); } break; case RAW_OPEN_SMB2: return NULL; } if (!smbcli_request_send(req)) { smbcli_request_destroy(req); return NULL; } return req; }