/* send a nttrans create reply */ static NTSTATUS nttrans_create_send(struct nttrans_op *op) { union smb_open *io = talloc_get_type(op->op_info, union smb_open); uint8_t *params; NTSTATUS status; status = nttrans_setup_reply(op, op->trans, 69, 0, 0); NT_STATUS_NOT_OK_RETURN(status); params = op->trans->out.params.data; SSVAL(params, 0, io->ntcreatex.out.oplock_level); smbsrv_push_fnum(params, 2, io->ntcreatex.out.file.ntvfs); SIVAL(params, 4, io->ntcreatex.out.create_action); SIVAL(params, 8, 0); /* ea error offset */ push_nttime(params, 12, io->ntcreatex.out.create_time); push_nttime(params, 20, io->ntcreatex.out.access_time); push_nttime(params, 28, io->ntcreatex.out.write_time); push_nttime(params, 36, io->ntcreatex.out.change_time); SIVAL(params, 44, io->ntcreatex.out.attrib); SBVAL(params, 48, io->ntcreatex.out.alloc_size); SBVAL(params, 56, io->ntcreatex.out.size); SSVAL(params, 64, io->ntcreatex.out.file_type); SSVAL(params, 66, io->ntcreatex.out.ipc_state); SCVAL(params, 68, io->ntcreatex.out.is_directory); return NT_STATUS_OK; }
void server_id_put(uint8_t buf[24], const struct server_id id) { SBVAL(buf, 0, id.pid); SIVAL(buf, 8, id.task_id); SIVAL(buf, 12, id.vnn); SBVAL(buf, 16, id.unique_id); }
/** send a session setup request */ struct smb2_request *smb2_session_setup_send(struct smb2_session *session, struct smb2_session_setup *io) { struct smb2_request *req; NTSTATUS status; req = smb2_request_init(session->transport, SMB2_OP_SESSSETUP, 0x18, true, io->in.secblob.length); if (req == NULL) return NULL; SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, session->uid); SCVAL(req->out.body, 0x02, io->in.vc_number); SCVAL(req->out.body, 0x03, io->in.security_mode); SIVAL(req->out.body, 0x04, io->in.capabilities); SIVAL(req->out.body, 0x08, io->in.channel); SBVAL(req->out.body, 0x10, io->in.previous_sessionid); req->session = session; status = smb2_push_o16s16_blob(&req->out, 0x0C, io->in.secblob); if (!NT_STATUS_IS_OK(status)) { talloc_free(req); return NULL; } smb2_transport_send(req); return req; }
static void smbd_smb2_request_oplock_break_done(struct tevent_req *subreq) { struct smbd_smb2_request *req = tevent_req_callback_data(subreq, struct smbd_smb2_request); const uint8_t *inbody; int i = req->current_idx; uint64_t in_file_id_persistent; uint64_t in_file_id_volatile; uint8_t out_oplock_level = 0; DATA_BLOB outbody; NTSTATUS status; NTSTATUS error; /* transport error */ status = smbd_smb2_oplock_break_recv(subreq, &out_oplock_level); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { error = smbd_smb2_request_error(req, status); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(req->sconn, nt_errstr(error)); return; } return; } inbody = (const uint8_t *)req->in.vector[i+1].iov_base; in_file_id_persistent = BVAL(inbody, 0x08); in_file_id_volatile = BVAL(inbody, 0x10); outbody = data_blob_talloc(req->out.vector, NULL, 0x18); if (outbody.data == NULL) { error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(req->sconn, nt_errstr(error)); return; } return; } SSVAL(outbody.data, 0x00, 0x18); /* struct size */ SCVAL(outbody.data, 0x02, out_oplock_level); /* SMB2 oplock level */ SCVAL(outbody.data, 0x03, 0); /* reserved */ SIVAL(outbody.data, 0x04, 0); /* reserved */ SBVAL(outbody.data, 0x08, in_file_id_persistent); /* file id (persistent) */ SBVAL(outbody.data, 0x10, in_file_id_volatile); /* file id (volatile) */ error = smbd_smb2_request_done(req, outbody, NULL); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(req->sconn, nt_errstr(error)); return; } }
/* * reply to a SMB negprot request with dialect "SMB 2.002" */ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) { struct smb2srv_request *req; uint32_t body_fixed_size = 0x26; req = talloc_zero(smb_req->smb_conn, struct smb2srv_request); if (!req) goto nomem; req->smb_conn = smb_req->smb_conn; req->request_time = smb_req->request_time; talloc_steal(req, smb_req); req->in.size = NBT_HDR_SIZE+SMB2_HDR_BODY+body_fixed_size; req->in.allocated = req->in.size; req->in.buffer = talloc_array(req, uint8_t, req->in.allocated); if (!req->in.buffer) goto nomem; req->in.hdr = req->in.buffer + NBT_HDR_SIZE; req->in.body = req->in.hdr + SMB2_HDR_BODY; req->in.body_size = body_fixed_size; req->in.dynamic = NULL; smb2srv_setup_bufinfo(req); SIVAL(req->in.hdr, 0, SMB2_MAGIC); SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); SSVAL(req->in.hdr, SMB2_HDR_EPOCH, 0); SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0); SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT); SSVAL(req->in.hdr, SMB2_HDR_CREDIT, 0); SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0); SIVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND, 0); SBVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID, 0); SIVAL(req->in.hdr, SMB2_HDR_PID, 0); SIVAL(req->in.hdr, SMB2_HDR_TID, 0); SBVAL(req->in.hdr, SMB2_HDR_SESSION_ID, 0); memset(req->in.hdr+SMB2_HDR_SIGNATURE, 0, 16); /* this seems to be a bug, they use 0x24 but the length is 0x26 */ SSVAL(req->in.body, 0x00, 0x24); SSVAL(req->in.body, 0x02, 1); memset(req->in.body+0x04, 0, 32); SSVAL(req->in.body, 0x24, SMB2_DIALECT_REVISION_202); smb2srv_negprot_recv(req); return; nomem: smbsrv_terminate_connection(smb_req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY)); talloc_free(req); return; }
/* * reply to a SMB negprot request with dialect "SMB 2.001" */ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req) { struct smb2srv_request *req; uint32_t body_fixed_size = 0x26; /* create a fake SMB2 negprot request */ req = talloc_zero(smb_req->smb_conn, struct smb2srv_request); if (!req) goto nomem; req->smb_conn = smb_req->smb_conn; req->request_time = smb_req->request_time; talloc_steal(req, smb_req); req->in.size = NBT_HDR_SIZE+SMB2_HDR_BODY+body_fixed_size; req->in.allocated = req->in.size; req->in.buffer = talloc_size(req, req->in.allocated); if (!req->in.buffer) goto nomem; req->in.hdr = req->in.buffer + NBT_HDR_SIZE; req->in.body = req->in.hdr + SMB2_HDR_BODY; req->in.body_size = body_fixed_size; req->in.dynamic = NULL; SIVAL(req->in.hdr, 0, SMB2_MAGIC); SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); SSVAL(req->in.hdr, SMB2_HDR_PAD1, 0); SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0); SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_NEGPROT); SSVAL(req->in.hdr, SMB2_HDR_UNKNOWN1, 0); SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0); SIVAL(req->in.hdr, SMB2_HDR_CHAIN_OFFSET, 0); SBVAL(req->in.hdr, SMB2_HDR_SEQNUM, 0); SIVAL(req->in.hdr, SMB2_HDR_PID, 0); SIVAL(req->in.hdr, SMB2_HDR_TID, 0); SBVAL(req->in.hdr, SMB2_HDR_UID, 0); memset(req->in.hdr+SMB2_HDR_SIG, 0, 16); /* this seems to be a bug, they use 0x24 but the length is 0x26 */ SSVAL(req->in.body, 0x00, 0x24); SSVAL(req->in.body, 0x02, 1); memset(req->in.body+0x04, 0, 32); SSVAL(req->in.body, 0x24, 0); smb2srv_negprot_recv(req); return; nomem: smbsrv_terminate_connection(smb_req->smb_conn, nt_errstr(NT_STATUS_NO_MEMORY)); talloc_free(req); return; }
uint32_t smbXsrv_open_hash(struct smbXsrv_open *_open) { uint8_t buf[8+8+8]; uint32_t ret; SBVAL(buf, 0, _open->global->open_persistent_id); SBVAL(buf, 8, _open->global->open_volatile_id); SBVAL(buf, 16, _open->global->open_time); ret = hash(buf, sizeof(buf), 0); if (ret == 0) { ret = 1; } return ret; }
void smb2srv_push_handle(uint8_t *base, uint_t offset, struct ntvfs_handle *ntvfs) { struct smbsrv_handle *handle = talloc_get_type(ntvfs->frontend_data.private_data, struct smbsrv_handle); /* * the handle is 128 bit on the wire */ SBVAL(base, offset, handle->hid); SIVAL(base, offset + 8, handle->tcon->tid); SIVAL(base, offset + 12,UINT32_MAX); }
static void smb2srv_create_send(struct ntvfs_request *ntvfs) { struct smb2srv_request *req; union smb_open *io; SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_open); SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x58, True, io->smb2.out.blob.length)); SSVAL(req->out.body, 0x02, io->smb2.out.oplock_flags); SIVAL(req->out.body, 0x04, io->smb2.out.create_action); SBVAL(req->out.body, 0x08, io->smb2.out.create_time); SBVAL(req->out.body, 0x10, io->smb2.out.access_time); SBVAL(req->out.body, 0x18, io->smb2.out.write_time); SBVAL(req->out.body, 0x20, io->smb2.out.change_time); SBVAL(req->out.body, 0x28, io->smb2.out.alloc_size); SBVAL(req->out.body, 0x30, io->smb2.out.size); SIVAL(req->out.body, 0x38, io->smb2.out.file_attr); SIVAL(req->out.body, 0x3C, io->smb2.out._pad); smb2srv_push_handle(req->out.body, 0x40, io->smb2.out.file.ntvfs); SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x50, io->smb2.out.blob)); /* also setup the chained file handle */ req->chained_file_handle = req->_chained_file_handle; smb2srv_push_handle(req->chained_file_handle, 0, io->smb2.out.file.ntvfs); smb2srv_send_reply(req); }
static void smb2srv_read_send(struct ntvfs_request *ntvfs) { struct smb2srv_request *req; union smb_read *io; SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_read); SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x10, True, io->smb2.out.data.length)); /* TODO: avoid the memcpy */ SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, io->smb2.out.data)); SBVAL(req->out.body, 0x08, io->smb2.out.unknown1); smb2srv_send_reply(req); }
static void smb2srv_write_send(struct ntvfs_request *ntvfs) { struct smb2srv_request *req; union smb_write *io; SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_write); SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x10, True, 0)); SSVAL(req->out.body, 0x02, io->smb2.out._pad); SIVAL(req->out.body, 0x04, io->smb2.out.nwritten); SBVAL(req->out.body, 0x08, io->smb2.out.unknown1); smb2srv_send_reply(req); }
/* send a write request */ struct smb2_request *smb2_write_send(struct smb2_tree *tree, struct smb2_write *io) { NTSTATUS status; struct smb2_request *req; req = smb2_request_init_tree(tree, SMB2_OP_WRITE, 0x30, true, io->in.data.length); if (req == NULL) return NULL; status = smb2_push_o16s32_blob(&req->out, 0x02, io->in.data); if (!NT_STATUS_IS_OK(status)) { talloc_free(req); return NULL; } SBVAL(req->out.body, 0x08, io->in.offset); smb2_push_handle(req->out.body+0x10, &io->in.file.handle); SBVAL(req->out.body, 0x20, io->in.unknown1); SBVAL(req->out.body, 0x28, io->in.unknown2); smb2_transport_send(req); return req; }
/* initialise a smb2 request for tree operations */ struct smb2_request *smb2_request_init_tree(struct smb2_tree *tree, uint16_t opcode, uint16_t body_fixed_size, BOOL body_dynamic_present, uint32_t body_dynamic_size) { struct smb2_request *req = smb2_request_init(tree->session->transport, opcode, body_fixed_size, body_dynamic_present, body_dynamic_size); if (req == NULL) return NULL; SBVAL(req->out.hdr, SMB2_HDR_UID, tree->session->uid); SIVAL(req->out.hdr, SMB2_HDR_TID, tree->tid); req->session = tree->session; req->tree = tree; return req; }
/* Send a Lease Break Acknowledgement */ struct smb2_request *smb2_lease_break_ack_send(struct smb2_tree *tree, struct smb2_lease_break_ack *io) { struct smb2_request *req; req = smb2_request_init_tree(tree, SMB2_OP_BREAK, 0x24, false, 0); if (req == NULL) return NULL; SIVAL(req->out.body, 0x02, io->in.reserved); SIVAL(req->out.body, 0x04, io->in.lease.lease_flags); memcpy(req->out.body+0x8, &io->in.lease.lease_key, sizeof(struct smb2_lease_key)); SIVAL(req->out.body, 0x18, io->in.lease.lease_state); SBVAL(req->out.body, 0x1C, io->in.lease.lease_duration); smb2_transport_send(req); return req; }
static NTSTATUS generate_gp_registry_entry(TALLOC_CTX *mem_ctx, const char *key, const char *value, uint32_t data_type, const void *data_p, enum gp_reg_action action, struct gp_registry_entry **entry_out) { struct gp_registry_entry *entry = NULL; struct registry_value *data = NULL; entry = talloc_zero(mem_ctx, struct gp_registry_entry); NT_STATUS_HAVE_NO_MEMORY(entry); data = talloc_zero(mem_ctx, struct registry_value); NT_STATUS_HAVE_NO_MEMORY(data); data->type = data_type; switch (data->type) { case REG_QWORD: data->data = data_blob_talloc(mem_ctx, NULL, 8); SBVAL(data->data.data, 0, *(uint64_t *)data_p); break; case REG_SZ: if (!push_reg_sz(mem_ctx, &data->data, (const char *)data_p)) { return NT_STATUS_NO_MEMORY; } break; default: return NT_STATUS_NOT_SUPPORTED; } entry->key = key; entry->data = data; entry->action = action; entry->value = talloc_strdup(mem_ctx, value); NT_STATUS_HAVE_NO_MEMORY(entry->value); *entry_out = entry; return NT_STATUS_OK; }
static WERROR dsdb_syntax_NTTIME_ldb_to_drsuapi(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct dsdb_attribute *attr, const struct ldb_message_element *in, TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaAttribute *out) { uint32_t i; DATA_BLOB *blobs; if (attr->attributeID_id == 0xFFFFFFFF) { return WERR_FOOBAR; } out->attid = attr->attributeID_id; out->value_ctr.num_values = in->num_values; out->value_ctr.values = talloc_array(mem_ctx, struct drsuapi_DsAttributeValue, in->num_values); W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values); blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values); W_ERROR_HAVE_NO_MEMORY(blobs); for (i=0; i < in->num_values; i++) { NTTIME v; time_t t; out->value_ctr.values[i].blob = &blobs[i]; blobs[i] = data_blob_talloc(blobs, NULL, 8); W_ERROR_HAVE_NO_MEMORY(blobs[i].data); t = ldb_string_to_time((const char *)in->values[i].data); unix_to_nt_time(&v, t); v /= 10000000; SBVAL(blobs[i].data, 0, v); } return WERR_OK; }
static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io) { if (NT_STATUS_IS_OK(req->status)) { /* nothing */ } else if (NT_STATUS_EQUAL(req->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { /* nothing */ } else { smb2srv_send_error(req, req->status); return; } SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, true, io->smb2.out.secblob.length)); SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, io->smb2.out.uid); SSVAL(req->out.body, 0x02, io->smb2.out.session_flags); SMB2SRV_CHECK(smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob)); smb2srv_send_reply(req); }
static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io) { uint16_t unknown1; if (NT_STATUS_IS_OK(req->status)) { unknown1 = 0x0003; } else if (NT_STATUS_EQUAL(req->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { unknown1 = 0x0002; } else { smb2srv_send_error(req, req->status); return; } SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, True, io->smb2.out.secblob.length)); SSVAL(req->out.hdr, SMB2_HDR_UNKNOWN1, unknown1); SBVAL(req->out.hdr, SMB2_HDR_UID, io->smb2.out.uid); SSVAL(req->out.body, 0x02, io->smb2.out._pad); SMB2SRV_CHECK(smb2_push_o16s16_blob(&req->out, 0x04, io->smb2.out.secblob)); smb2srv_send_reply(req); }
/* send a read request */ struct smb2_request *smb2_read_send(struct smb2_tree *tree, struct smb2_read *io) { struct smb2_request *req; req = smb2_request_init_tree(tree, SMB2_OP_READ, 0x30, true, 0); if (req == NULL) return NULL; SCVAL(req->out.body, 0x02, 0); /* pad */ SCVAL(req->out.body, 0x03, 0); /* reserved */ SIVAL(req->out.body, 0x04, io->in.length); SBVAL(req->out.body, 0x08, io->in.offset); smb2_push_handle(req->out.body+0x10, &io->in.file.handle); SIVAL(req->out.body, 0x20, io->in.min_count); SIVAL(req->out.body, 0x24, io->in.channel); SIVAL(req->out.body, 0x28, io->in.remaining); SSVAL(req->out.body, 0x2C, io->in.channel_offset); SSVAL(req->out.body, 0x2E, io->in.channel_length); req->credit_charge = (MAX(io->in.length, 1) - 1)/ 65536 + 1; smb2_transport_send(req); return req; }
static void smb2srv_create_send(struct ntvfs_request *ntvfs) { struct smb2srv_request *req; union smb_open *io; DATA_BLOB blob; SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_open); /* setup the blobs we should give in the reply */ if (io->smb2.out.maximal_access != 0) { uint32_t data[2]; SIVAL(data, 0, 0); SIVAL(data, 4, io->smb2.out.maximal_access); SMB2SRV_CHECK(smb2_create_blob_add(req, &io->smb2.out.blobs, SMB2_CREATE_TAG_MXAC, data_blob_const(data, 8))); } SMB2SRV_CHECK(smb2_create_blob_push(req, &blob, io->smb2.out.blobs)); SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x58, true, blob.length)); SCVAL(req->out.body, 0x02, io->smb2.out.oplock_level); SCVAL(req->out.body, 0x03, io->smb2.out.reserved); SIVAL(req->out.body, 0x04, io->smb2.out.create_action); SBVAL(req->out.body, 0x08, io->smb2.out.create_time); SBVAL(req->out.body, 0x10, io->smb2.out.access_time); SBVAL(req->out.body, 0x18, io->smb2.out.write_time); SBVAL(req->out.body, 0x20, io->smb2.out.change_time); SBVAL(req->out.body, 0x28, io->smb2.out.alloc_size); SBVAL(req->out.body, 0x30, io->smb2.out.size); SIVAL(req->out.body, 0x38, io->smb2.out.file_attr); SIVAL(req->out.body, 0x3C, io->smb2.out.reserved2); smb2srv_push_handle(req->out.body, 0x40, io->smb2.out.file.ntvfs); SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x50, blob)); /* also setup the chained file handle */ req->chained_file_handle = req->_chained_file_handle; smb2srv_push_handle(req->chained_file_handle, 0, io->smb2.out.file.ntvfs); smb2srv_send_reply(req); }
static void smb2srv_close_send(struct ntvfs_request *ntvfs) { struct smb2srv_request *req; union smb_close *io; SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_close); SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x3C, False, 0)); SSVAL(req->out.body, 0x02, io->smb2.out.flags); SIVAL(req->out.body, 0x04, io->smb2.out._pad); SBVAL(req->out.body, 0x08, io->smb2.out.create_time); SBVAL(req->out.body, 0x10, io->smb2.out.access_time); SBVAL(req->out.body, 0x18, io->smb2.out.write_time); SBVAL(req->out.body, 0x20, io->smb2.out.change_time); SBVAL(req->out.body, 0x28, io->smb2.out.alloc_size); SBVAL(req->out.body, 0x30, io->smb2.out.size); SIVAL(req->out.body, 0x38, io->smb2.out.file_attr); smb2srv_send_reply(req); }
static void smb2srv_close_send(struct ntvfs_request *ntvfs) { struct smb2srv_request *req; union smb_close *io; SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_close); SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x3C, false, 0)); SSVAL(req->out.body, 0x02, io->smb2.out.flags); SIVAL(req->out.body, 0x04, io->smb2.out._pad); SBVAL(req->out.body, 0x08, io->smb2.out.create_time); SBVAL(req->out.body, 0x10, io->smb2.out.access_time); SBVAL(req->out.body, 0x18, io->smb2.out.write_time); SBVAL(req->out.body, 0x20, io->smb2.out.change_time); SBVAL(req->out.body, 0x28, io->smb2.out.alloc_size); SBVAL(req->out.body, 0x30, io->smb2.out.size); SIVAL(req->out.body, 0x38, io->smb2.out.file_attr); /* also destroy the chained file handle */ req->chained_file_handle = NULL; memset(req->_chained_file_handle, 0, sizeof(req->_chained_file_handle)); smb2srv_send_reply(req); }
static void smbd_smb2_request_close_done(struct tevent_req *subreq) { struct smbd_smb2_request *req = tevent_req_callback_data(subreq, struct smbd_smb2_request); DATA_BLOB outbody; uint16_t out_flags = 0; connection_struct *conn = req->tcon->compat; struct timespec out_creation_ts = { 0, }; struct timespec out_last_access_ts = { 0, }; struct timespec out_last_write_ts = { 0, }; struct timespec out_change_ts = { 0, }; uint64_t out_allocation_size = 0; uint64_t out_end_of_file = 0; uint32_t out_file_attributes = 0; NTSTATUS status; NTSTATUS error; status = smbd_smb2_close_recv(subreq, &out_flags, &out_creation_ts, &out_last_access_ts, &out_last_write_ts, &out_change_ts, &out_allocation_size, &out_end_of_file, &out_file_attributes); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { error = smbd_smb2_request_error(req, status); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(req->xconn, nt_errstr(error)); return; } return; } outbody = smbd_smb2_generate_outbody(req, 0x3C); if (outbody.data == NULL) { error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(req->xconn, nt_errstr(error)); return; } return; } SSVAL(outbody.data, 0x00, 0x3C); /* struct size */ SSVAL(outbody.data, 0x02, out_flags); SIVAL(outbody.data, 0x04, 0); /* reserved */ put_long_date_timespec(conn->ts_res, (char *)outbody.data + 0x08, out_creation_ts); put_long_date_timespec(conn->ts_res, (char *)outbody.data + 0x10, out_last_access_ts); put_long_date_timespec(conn->ts_res, (char *)outbody.data + 0x18, out_last_write_ts); put_long_date_timespec(conn->ts_res, (char *)outbody.data + 0x20, out_change_ts); SBVAL(outbody.data, 0x28, out_allocation_size); SBVAL(outbody.data, 0x30, out_end_of_file); SIVAL(outbody.data, 0x38, out_file_attributes); error = smbd_smb2_request_done(req, outbody, NULL); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(req->xconn, nt_errstr(error)); return; } }
/* push a file handle into a buffer */ void smb2_push_handle(uint8_t *data, struct smb2_handle *h) { SBVAL(data, 0, h->data[0]); SBVAL(data, 8, h->data[1]); }
/* initialise a smb2 request */ struct smb2_request *smb2_request_init(struct smb2_transport *transport, uint16_t opcode, uint16_t body_fixed_size, bool body_dynamic_present, uint32_t body_dynamic_size) { struct smb2_request *req; uint32_t hdr_offset; bool compound = false; if (body_dynamic_present) { if (body_dynamic_size == 0) { body_dynamic_size = 1; } } else { body_dynamic_size = 0; } req = talloc_zero(transport, struct smb2_request); if (req == NULL) return NULL; req->state = SMB2_REQUEST_INIT; req->transport = transport; hdr_offset = NBT_HDR_SIZE; req->out.size = hdr_offset + SMB2_HDR_BODY + body_fixed_size; req->out.allocated = req->out.size + body_dynamic_size; req->out.buffer = talloc_realloc(req, req->out.buffer, uint8_t, req->out.allocated); if (req->out.buffer == NULL) { talloc_free(req); return NULL; } req->out.hdr = req->out.buffer + hdr_offset; req->out.body = req->out.hdr + SMB2_HDR_BODY; req->out.body_fixed= body_fixed_size; req->out.body_size = body_fixed_size; req->out.dynamic = (body_dynamic_size ? req->out.body + body_fixed_size : NULL); SIVAL(req->out.hdr, 0, SMB2_MAGIC); SSVAL(req->out.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); SSVAL(req->out.hdr, SMB2_HDR_CREDIT_CHARGE, 0); SIVAL(req->out.hdr, SMB2_HDR_STATUS, 0); SSVAL(req->out.hdr, SMB2_HDR_OPCODE, opcode); SSVAL(req->out.hdr, SMB2_HDR_CREDIT, 0); SIVAL(req->out.hdr, SMB2_HDR_FLAGS, 0); SIVAL(req->out.hdr, SMB2_HDR_NEXT_COMMAND, 0); SBVAL(req->out.hdr, SMB2_HDR_MESSAGE_ID, 0); SIVAL(req->out.hdr, SMB2_HDR_PID, 0); SIVAL(req->out.hdr, SMB2_HDR_TID, 0); SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, 0); memset(req->out.hdr+SMB2_HDR_SIGNATURE, 0, 16); /* set the length of the fixed body part and +1 if there's a dynamic part also */ SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0)); /* * if we have a dynamic part, make sure the first byte * which is always be part of the packet is initialized */ if (body_dynamic_size && !compound) { req->out.size += 1; SCVAL(req->out.dynamic, 0, 0); } return req; }
/* initialise a smb2 request */ struct smb2_request *smb2_request_init(struct smb2_transport *transport, uint16_t opcode, uint16_t body_fixed_size, BOOL body_dynamic_present, uint32_t body_dynamic_size) { struct smb2_request *req; uint64_t seqnum; if (body_dynamic_present) { if (body_dynamic_size == 0) { body_dynamic_size = 1; } } else { body_dynamic_size = 0; } req = talloc(transport, struct smb2_request); if (req == NULL) return NULL; seqnum = transport->seqnum++; if (seqnum == UINT64_MAX) { seqnum = transport->seqnum++; } req->state = SMB2_REQUEST_INIT; req->transport = transport; req->session = NULL; req->tree = NULL; req->seqnum = seqnum; req->status = NT_STATUS_OK; req->async.fn = NULL; req->next = req->prev = NULL; ZERO_STRUCT(req->cancel); ZERO_STRUCT(req->in); req->out.size = SMB2_HDR_BODY+NBT_HDR_SIZE+body_fixed_size; req->out.allocated = req->out.size + body_dynamic_size; req->out.buffer = talloc_size(req, req->out.allocated); if (req->out.buffer == NULL) { talloc_free(req); return NULL; } req->out.hdr = req->out.buffer + NBT_HDR_SIZE; req->out.body = req->out.hdr + SMB2_HDR_BODY; req->out.body_fixed= body_fixed_size; req->out.body_size = body_fixed_size; req->out.dynamic = (body_dynamic_size ? req->out.body + body_fixed_size : NULL); SIVAL(req->out.hdr, 0, SMB2_MAGIC); SSVAL(req->out.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY); SSVAL(req->out.hdr, SMB2_HDR_PAD1, 0); SIVAL(req->out.hdr, SMB2_HDR_STATUS, 0); SSVAL(req->out.hdr, SMB2_HDR_OPCODE, opcode); SSVAL(req->out.hdr, SMB2_HDR_UNKNOWN1, 0); SIVAL(req->out.hdr, SMB2_HDR_FLAGS, 0); SIVAL(req->out.hdr, SMB2_HDR_CHAIN_OFFSET, 0); SBVAL(req->out.hdr, SMB2_HDR_SEQNUM, req->seqnum); SIVAL(req->out.hdr, SMB2_HDR_PID, 0); SIVAL(req->out.hdr, SMB2_HDR_TID, 0); SBVAL(req->out.hdr, SMB2_HDR_UID, 0); memset(req->out.hdr+SMB2_HDR_SIG, 0, 16); /* set the length of the fixed body part and +1 if there's a dynamic part also */ SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0)); /* * if we have a dynamic part, make sure the first byte * which is always be part of the packet is initialized */ if (body_dynamic_size) { req->out.size += 1; SCVAL(req->out.dynamic, 0, 0); } return req; }
/* put a NTTIME into a packet */ void smbcli_push_nttime(void *base, uint16_t offset, NTTIME t) { SBVAL(base, offset, t); }
NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) { const uint8_t *inbody; const uint8_t *indyn = NULL; int i = req->current_idx; DATA_BLOB outbody; DATA_BLOB outdyn; DATA_BLOB negprot_spnego_blob; uint16_t security_offset; DATA_BLOB security_buffer; size_t expected_body_size = 0x24; size_t body_size; size_t expected_dyn_size = 0; size_t c; uint16_t security_mode; uint16_t dialect_count; uint16_t dialect = 0; uint32_t capabilities; /* TODO: drop the connection with INVALI_PARAMETER */ if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } inbody = (const uint8_t *)req->in.vector[i+1].iov_base; body_size = SVAL(inbody, 0x00); if (body_size != expected_body_size) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } dialect_count = SVAL(inbody, 0x02); if (dialect_count == 0) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } expected_dyn_size = dialect_count * 2; if (req->in.vector[i+2].iov_len < expected_dyn_size) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } indyn = (const uint8_t *)req->in.vector[i+2].iov_base; for (c=0; c < dialect_count; c++) { dialect = SVAL(indyn, c*2); if (dialect == SMB2_DIALECT_REVISION_202) { break; } } if (dialect != SMB2_DIALECT_REVISION_202) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } set_Protocol(PROTOCOL_SMB2); if (get_remote_arch() != RA_SAMBA) { set_remote_arch(RA_VISTA); } /* negprot_spnego() returns a the server guid in the first 16 bytes */ negprot_spnego_blob = negprot_spnego(); if (negprot_spnego_blob.data == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } talloc_steal(req, negprot_spnego_blob.data); if (negprot_spnego_blob.length < 16) { return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR); } security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; if (lp_server_signing() == Required) { security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; } capabilities = 0; if (lp_host_msdfs()) { capabilities |= SMB2_CAP_DFS; } security_offset = SMB2_HDR_BODY + 0x40; #if 1 /* Try SPNEGO auth... */ security_buffer = data_blob_const(negprot_spnego_blob.data + 16, negprot_spnego_blob.length - 16); #else /* for now we want raw NTLMSSP */ security_buffer = data_blob_const(NULL, 0); #endif outbody = data_blob_talloc(req->out.vector, NULL, 0x40); if (outbody.data == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */ SSVAL(outbody.data, 0x02, security_mode); /* security mode */ SSVAL(outbody.data, 0x04, dialect); /* dialect revision */ SSVAL(outbody.data, 0x06, 0); /* reserved */ memcpy(outbody.data + 0x08, negprot_spnego_blob.data, 16); /* server guid */ SIVAL(outbody.data, 0x18, capabilities); /* capabilities */ SIVAL(outbody.data, 0x1C, 0x00010000); /* max transact size */ SIVAL(outbody.data, 0x20, 0x00010000); /* max read size */ SIVAL(outbody.data, 0x24, 0x00010000); /* max write size */ SBVAL(outbody.data, 0x28, 0); /* system time */ SBVAL(outbody.data, 0x30, 0); /* server start time */ SSVAL(outbody.data, 0x38, security_offset); /* security buffer offset */ SSVAL(outbody.data, 0x3A, security_buffer.length); /* security buffer length */ SIVAL(outbody.data, 0x3C, 0); /* reserved */ outdyn = security_buffer; return smbd_smb2_request_done(req, outbody, &outdyn); }
static void smbd_smb2_request_sesssetup_done(struct tevent_req *subreq) { struct smbd_smb2_request *smb2req = tevent_req_callback_data(subreq, struct smbd_smb2_request); uint8_t *outhdr; DATA_BLOB outbody; DATA_BLOB outdyn; uint16_t out_session_flags = 0; uint64_t out_session_id = 0; uint16_t out_security_offset; DATA_BLOB out_security_buffer = data_blob_null; NTSTATUS status; NTSTATUS error; /* transport error */ status = smbd_smb2_session_setup_wrap_recv(subreq, &out_session_flags, smb2req, &out_security_buffer, &out_session_id); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { status = nt_status_squash(status); error = smbd_smb2_request_error(smb2req, status); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(smb2req->xconn, nt_errstr(error)); return; } return; } out_security_offset = SMB2_HDR_BODY + 0x08; outhdr = SMBD_SMB2_OUT_HDR_PTR(smb2req); outbody = smbd_smb2_generate_outbody(smb2req, 0x08); if (outbody.data == NULL) { error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(smb2req->xconn, nt_errstr(error)); return; } return; } SBVAL(outhdr, SMB2_HDR_SESSION_ID, out_session_id); SSVAL(outbody.data, 0x00, 0x08 + 1); /* struct size */ SSVAL(outbody.data, 0x02, out_session_flags); /* session flags */ SSVAL(outbody.data, 0x04, out_security_offset); /* security buffer offset */ SSVAL(outbody.data, 0x06, out_security_buffer.length); /* security buffer length */ outdyn = out_security_buffer; error = smbd_smb2_request_done_ex(smb2req, status, outbody, &outdyn, __location__); if (!NT_STATUS_IS_OK(error)) { smbd_server_connection_terminate(smb2req->xconn, nt_errstr(error)); return; } }
/**************************************************************************** Open a file - async send ****************************************************************************/ _PUBLIC_ struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, union smb_open *parms) { int len; struct smbcli_request *req = NULL; bool bigoffset = false; switch (parms->generic.level) { case RAW_OPEN_T2OPEN: return smb_raw_t2open_send(tree, parms); case RAW_OPEN_OPEN: SETUP_REQUEST(SMBopen, 2, 0); SSVAL(req->out.vwv, VWV(0), parms->openold.in.open_mode); SSVAL(req->out.vwv, VWV(1), parms->openold.in.search_attrs); smbcli_req_append_ascii4(req, parms->openold.in.fname, STR_TERMINATE); break; case RAW_OPEN_OPENX: SETUP_REQUEST(SMBopenX, 15, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), parms->openx.in.flags); SSVAL(req->out.vwv, VWV(3), parms->openx.in.open_mode); SSVAL(req->out.vwv, VWV(4), parms->openx.in.search_attrs); SSVAL(req->out.vwv, VWV(5), parms->openx.in.file_attrs); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(6), parms->openx.in.write_time); SSVAL(req->out.vwv, VWV(8), parms->openx.in.open_func); SIVAL(req->out.vwv, VWV(9), parms->openx.in.size); SIVAL(req->out.vwv, VWV(11),parms->openx.in.timeout); SIVAL(req->out.vwv, VWV(13),0); /* reserved */ smbcli_req_append_string(req, parms->openx.in.fname, STR_TERMINATE); break; case RAW_OPEN_MKNEW: SETUP_REQUEST(SMBmknew, 3, 0); SSVAL(req->out.vwv, VWV(0), parms->mknew.in.attrib); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(1), parms->mknew.in.write_time); smbcli_req_append_ascii4(req, parms->mknew.in.fname, STR_TERMINATE); break; case RAW_OPEN_CREATE: SETUP_REQUEST(SMBcreate, 3, 0); SSVAL(req->out.vwv, VWV(0), parms->create.in.attrib); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(1), parms->create.in.write_time); smbcli_req_append_ascii4(req, parms->create.in.fname, STR_TERMINATE); break; case RAW_OPEN_CTEMP: SETUP_REQUEST(SMBctemp, 3, 0); SSVAL(req->out.vwv, VWV(0), parms->ctemp.in.attrib); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(1), parms->ctemp.in.write_time); smbcli_req_append_ascii4(req, parms->ctemp.in.directory, STR_TERMINATE); break; case RAW_OPEN_SPLOPEN: SETUP_REQUEST(SMBsplopen, 2, 0); SSVAL(req->out.vwv, VWV(0), parms->splopen.in.setup_length); SSVAL(req->out.vwv, VWV(1), parms->splopen.in.mode); break; case RAW_OPEN_NTCREATEX: SETUP_REQUEST(SMBntcreateX, 24, 0); SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1),0); SCVAL(req->out.vwv, VWV(2),0); /* padding */ SIVAL(req->out.vwv, 7, parms->ntcreatex.in.flags); SIVAL(req->out.vwv, 11, parms->ntcreatex.in.root_fid.fnum); SIVAL(req->out.vwv, 15, parms->ntcreatex.in.access_mask); SBVAL(req->out.vwv, 19, parms->ntcreatex.in.alloc_size); SIVAL(req->out.vwv, 27, parms->ntcreatex.in.file_attr); SIVAL(req->out.vwv, 31, parms->ntcreatex.in.share_access); SIVAL(req->out.vwv, 35, parms->ntcreatex.in.open_disposition); SIVAL(req->out.vwv, 39, parms->ntcreatex.in.create_options); SIVAL(req->out.vwv, 43, parms->ntcreatex.in.impersonation); SCVAL(req->out.vwv, 47, parms->ntcreatex.in.security_flags); smbcli_req_append_string_len(req, parms->ntcreatex.in.fname, STR_TERMINATE, &len); SSVAL(req->out.vwv, 5, len); break; case RAW_OPEN_NTTRANS_CREATE: return smb_raw_nttrans_create_send(tree, parms); case RAW_OPEN_OPENX_READX: SETUP_REQUEST(SMBopenX, 15, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), parms->openxreadx.in.flags); SSVAL(req->out.vwv, VWV(3), parms->openxreadx.in.open_mode); SSVAL(req->out.vwv, VWV(4), parms->openxreadx.in.search_attrs); SSVAL(req->out.vwv, VWV(5), parms->openxreadx.in.file_attrs); raw_push_dos_date3(tree->session->transport, req->out.vwv, VWV(6), parms->openxreadx.in.write_time); SSVAL(req->out.vwv, VWV(8), parms->openxreadx.in.open_func); SIVAL(req->out.vwv, VWV(9), parms->openxreadx.in.size); SIVAL(req->out.vwv, VWV(11),parms->openxreadx.in.timeout); SIVAL(req->out.vwv, VWV(13),0); smbcli_req_append_string(req, parms->openxreadx.in.fname, STR_TERMINATE); if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) { bigoffset = true; } smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), 0); SIVAL(req->out.vwv, VWV(3), parms->openxreadx.in.offset); SSVAL(req->out.vwv, VWV(5), parms->openxreadx.in.maxcnt & 0xFFFF); SSVAL(req->out.vwv, VWV(6), parms->openxreadx.in.mincnt); SIVAL(req->out.vwv, VWV(7), parms->openxreadx.in.maxcnt >> 16); SSVAL(req->out.vwv, VWV(9), parms->openxreadx.in.remaining); if (bigoffset) { SIVAL(req->out.vwv, VWV(10),parms->openxreadx.in.offset>>32); } break; case RAW_OPEN_NTCREATEX_READX: SETUP_REQUEST(SMBntcreateX, 24, 0); SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1),0); SCVAL(req->out.vwv, VWV(2),0); /* padding */ SIVAL(req->out.vwv, 7, parms->ntcreatexreadx.in.flags); SIVAL(req->out.vwv, 11, parms->ntcreatexreadx.in.root_fid.fnum); SIVAL(req->out.vwv, 15, parms->ntcreatexreadx.in.access_mask); SBVAL(req->out.vwv, 19, parms->ntcreatexreadx.in.alloc_size); SIVAL(req->out.vwv, 27, parms->ntcreatexreadx.in.file_attr); SIVAL(req->out.vwv, 31, parms->ntcreatexreadx.in.share_access); SIVAL(req->out.vwv, 35, parms->ntcreatexreadx.in.open_disposition); SIVAL(req->out.vwv, 39, parms->ntcreatexreadx.in.create_options); SIVAL(req->out.vwv, 43, parms->ntcreatexreadx.in.impersonation); SCVAL(req->out.vwv, 47, parms->ntcreatexreadx.in.security_flags); smbcli_req_append_string_len(req, parms->ntcreatexreadx.in.fname, STR_TERMINATE, &len); SSVAL(req->out.vwv, 5, len); if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) { bigoffset = true; } smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0); SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); SSVAL(req->out.vwv, VWV(1), 0); SSVAL(req->out.vwv, VWV(2), 0); SIVAL(req->out.vwv, VWV(3), parms->ntcreatexreadx.in.offset); SSVAL(req->out.vwv, VWV(5), parms->ntcreatexreadx.in.maxcnt & 0xFFFF); SSVAL(req->out.vwv, VWV(6), parms->ntcreatexreadx.in.mincnt); SIVAL(req->out.vwv, VWV(7), parms->ntcreatexreadx.in.maxcnt >> 16); SSVAL(req->out.vwv, VWV(9), parms->ntcreatexreadx.in.remaining); if (bigoffset) { SIVAL(req->out.vwv, VWV(10),parms->ntcreatexreadx.in.offset>>32); } break; case RAW_OPEN_SMB2: return NULL; } if (!smbcli_request_send(req)) { smbcli_request_destroy(req); return NULL; } return req; }