Pkt * cifshdr(Session *s, Share *sp, int cmd) { Pkt *p; int sign, tid, dfs; dfs = 0; tid = NO_TID; Active = IDLE_TIME; werrstr(""); sign = s->secmode & SECMODE_SIGN_ENABLED? FL2_PACKET_SIGNATURES: 0; if(sp){ tid = sp->tid; // FIXME! if(sp->options & SMB_SHARE_IS_IN_DFS) // FIXME! dfs = FL2_DFS; } p = emalloc9p(sizeof(Pkt) + MTU); memset(p, 0, sizeof(Pkt) +MTU); p->buf = (uchar *)p + sizeof(Pkt); p->s = s; p->request = cmd; /* for debug */ qlock(&s->seqlock); if(s->seqrun){ p->seq = s->seq; s->seq = (s->seq + 2) % 0x10000; } qunlock(&s->seqlock); nbthdr(p); pmem(p, magic, nelem(magic)); p8(p, cmd); pl32(p, 0); /* status (error) */ p8(p, FL_CASELESS_NAMES | FL_CANNONICAL_NAMES); /* flags */ pl16(p, s->flags2 | dfs | sign); /* flags2 */ pl16(p, (s->pid >> 16) & 0xffff); /* PID MS bits */ pl32(p, p->seq); /* MAC / sequence number */ pl32(p, 0); /* MAC */ pl16(p, 0); /* padding */ pl16(p, tid); pl16(p, s->pid & 0xffff); pl16(p, s->uid); pl16(p, s->mid); p->wordbase = p8(p, 0); /* filled in by pbytes() */ return p; }
CIFStreeconnect(Session *s, char *cname, char *tree, Share *sp) { int len; char *resp, *path; char zeros[24]; Pkt *p; resp = Sess->auth->resp[0]; len = Sess->auth->len[0]; if((s->secmode & SECMODE_USER) != SECMODE_USER){ memset(zeros, 0, sizeof zeros); resp = zeros; len = sizeof zeros; } p = cifshdr(s, nil, SMB_COM_TREE_CONNECT_ANDX); p8(p, 0xFF); /* Secondary command */ p8(p, 0); /* Reserved */ pl16(p, 0); /* Offset to next Word Count */ pl16(p, 0); /* Flags */ if((s->secmode & SECMODE_PW_ENCRYPT) == 0){ pl16(p, len+1); /* password len, including null */ pbytes(p); pascii(p, resp); }else{ pl16(p, len); pbytes(p); pmem(p, resp, len); } path = smprint("//%s/%s", cname, tree); ppath(p, path); /* path */ free(path); pascii(p, "?????"); /* service type any (so we can do RAP calls) */ if(cifsrpc(p) == -1){ free(p); return -1; } g8(p); /* Secondary command */ g8(p); /* Reserved */ gl16(p); /* Offset to next command */ sp->options = g8(p); /* options supported */ sp->tid = p->tid; /* get received TID from packet header */ free(p); return 0; }
/** * main - moving the program break * * Return: EXIT_FAILURE if something failed. Otherwise EXIT_SUCCESS */ int main(void) { void *p; size_t size_of_the_chunk; char prev_used; p = malloc(0); printf("%p\n", p); pmem((char *)p - 0x10, 0x10); size_of_the_chunk = *((size_t *)((char *)p - 8)); prev_used = size_of_the_chunk & 1; size_of_the_chunk -= prev_used; printf("chunk size = %li bytes\n", size_of_the_chunk); return (EXIT_SUCCESS); }
int CIFSsession(Session *s) { char os[64], *q; Rune r; Pkt *p; enum { mycaps = CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS | CAP_NT_FIND | CAP_STATUS32, }; s->seqrun = 1; /* activate the sequence number generation/checking */ p = cifshdr(s, nil, SMB_COM_SESSION_SETUP_ANDX); p8(p, 0xFF); /* No secondary command */ p8(p, 0); /* Reserved (must be zero) */ pl16(p, 0); /* Offset to next command */ pl16(p, MTU); /* my max buffer size */ pl16(p, 1); /* my max multiplexed pending requests */ pl16(p, 0); /* Virtual connection # */ pl32(p, 0); /* Session key (if vc != 0) */ if((s->secmode & SECMODE_PW_ENCRYPT) == 0) { pl16(p, utflen(Sess->auth->resp[0])*2 + 2); /* passwd size */ pl16(p, utflen(Sess->auth->resp[0])*2 + 2); /* passwd size (UPPER CASE) */ pl32(p, 0); /* Reserved */ pl32(p, mycaps); pbytes(p); for(q = Sess->auth->resp[0]; *q; ){ q += chartorune(&r, q); pl16(p, toupperrune(r)); } pl16(p, 0); for(q = Sess->auth->resp[0]; *q; ){ q += chartorune(&r, q); pl16(p, r); } pl16(p, 0); }else{ pl16(p, Sess->auth->len[0]); /* LM passwd size */ pl16(p, Sess->auth->len[1]); /* NTLM passwd size */ pl32(p, 0); /* Reserved */ pl32(p, mycaps); pbytes(p); pmem(p, Sess->auth->resp[0], Sess->auth->len[0]); pmem(p, Sess->auth->resp[1], Sess->auth->len[1]); } pstr(p, Sess->auth->user); /* Account name */ pstr(p, Sess->auth->windom); /* Primary domain */ pstr(p, "plan9"); /* Client OS */ pstr(p, argv0); /* Client LAN Manager type */ if(cifsrpc(p) == -1){ free(p); return -1; } g8(p); /* Reserved (0) */ gl16(p); /* Offset to next command wordcount */ Sess->isguest = gl16(p) & 1; /* logged in as guest */ gl16(p); gl16(p); /* no security blob here - we don't understand extended security anyway */ gstr(p, os, sizeof os); s->remos = estrdup9p(os); free(p); return 0; }
// ------------------------------------------ int PCPStream::readBroadcastAtoms(AtomStream &atom, int numc, BroadcastState &bcs) { ChanPacket pack; //int ttl=0; int ver = 0; int ver_vp = 0; GnuID fromID, destID; int r = 0; char ver_ex_prefix[2]; int ver_ex_number = 0; fromID.clear(); destID.clear(); bcs.initPacketSettings(); MemoryStream pmem(pack.data, sizeof(pack.data)); AtomStream patom(pmem); patom.writeParent(PCP_BCST, numc); for (int i = 0; i < numc; i++) { int c, d; ID4 id = atom.read(c, d); if (id == PCP_BCST_TTL) { bcs.ttl = atom.readChar() - 1; patom.writeChar(id, bcs.ttl); } else if (id == PCP_BCST_HOPS) { bcs.numHops = atom.readChar() + 1; patom.writeChar(id, bcs.numHops); } else if (id == PCP_BCST_FROM) { atom.readBytes(fromID.id, 16); patom.writeBytes(id, fromID.id, 16); routeList.add(fromID); } else if (id == PCP_BCST_GROUP) { bcs.group = atom.readChar(); patom.writeChar(id, bcs.group); } else if (id == PCP_BCST_DEST) { atom.readBytes(destID.id, 16); patom.writeBytes(id, destID.id, 16); bcs.forMe = destID.isSame(servMgr->sessionID); char idstr1[64]; char idstr2[64]; destID.toStr(idstr1); servMgr->sessionID.toStr(idstr2); } else if (id == PCP_BCST_CHANID) { atom.readBytes(bcs.chanID.id, 16); patom.writeBytes(id, bcs.chanID.id, 16); } else if (id == PCP_BCST_VERSION) { ver = atom.readInt(); patom.writeInt(id, ver); } else if (id == PCP_BCST_VERSION_VP) { ver_vp = atom.readInt(); patom.writeInt(id, ver_vp); } else if (id == PCP_BCST_VERSION_EX_PREFIX) { atom.readBytes(ver_ex_prefix, 2); patom.writeBytes(id, ver_ex_prefix, 2); } else if (id == PCP_BCST_VERSION_EX_NUMBER) { ver_ex_number = atom.readShort(); patom.writeShort(id, ver_ex_number); } else if (id == PCP_HOST) { ChanHit hit; readHostAtoms(atom, c, bcs, hit, false); Servent *sv = servMgr->findServentByServentID(bcs.servent_id); if (hit.uphost.ip == 0) { // LOG_DEBUG("bcs servent_id = %d", bcs.servent_id); if (bcs.numHops == 1) { hit.uphost.ip = servMgr->serverHost.ip; hit.uphost.port = servMgr->serverHost.port; hit.uphostHops = 1; } else { //Servent *sv = servMgr->findServentByServentID(bcs.servent_id); if (sv) { hit.uphost.ip = sv->getHost().ip; hit.uphost.port = sv->waitPort; hit.uphostHops = bcs.numHops - 1; } } } if (sv && ((hit.numHops == 1 && (hit.rhost[0].ip == sv->getHost().ip && hit.uphost.ip == servMgr->serverHost.ip && hit.uphost.port == servMgr->serverHost.port) || (hit.rhost[1].localIP() && hit.rhost[1].ip == sv->getHost().ip)) || (hit.numHops != 1 && chanMgr->findParentHit(hit)))) { int oldPos = pmem.pos; hit.writeAtoms(patom, hit.chanID); pmem.pos = oldPos; r = readAtom(patom, bcs); } else { char tmp[80], tmp2[80], tmp3[80]; memset(tmp, 0, 80); memset(tmp2, 0, 80); memset(tmp3, 0, 80); hit.uphost.toStr(tmp); hit.host.toStr(tmp2); if (sv) sv->getHost().toStr(tmp3); LOG_DEBUG("### Invalid bcst: hops=%d, l/r = %d/%d, ver=%d(VP%04d), ttl=%d", bcs.numHops, hit.numListeners, hit.numRelays, ver, ver_vp, bcs.ttl); LOG_DEBUG("### %s <- %s <- sv(%s)", tmp2, tmp, tmp3); bcs.ttl = 0; } } else { // copy and process atoms int oldPos = pmem.pos; patom.writeAtoms(id, atom.io, c, d); pmem.pos = oldPos; r = readAtom(patom, bcs); } } char fromStr[64]; fromStr[0] = 0; if (fromID.isSet()) fromID.toStr(fromStr); char destStr[64]; destStr[0] = 0; if (destID.isSet()) destID.toStr(destStr); char tmp[64]; bcs.chanID.toStr(tmp); // Broadcast flood if (servMgr->lastPCPFromID.isSame(fromID) && time(NULL) - servMgr->lastPCPBcstTime < 3) { memcpy(servMgr->lastPCPFromID.id, fromID.id, 16); servMgr->lastPCPBcstTime = time(NULL); LOG_DEBUG("PCP bcst reject: group=%d, hops=%d, ver=%d(%c%c%04d), from=%s, dest=%s ttl=%d", bcs.group, bcs.numHops, ver, ver_ex_prefix[0], ver_ex_prefix[1], ver_ex_number, fromStr, destStr, bcs.ttl); return r; } memcpy(servMgr->lastPCPFromID.id, fromID.id, 16); servMgr->lastPCPBcstTime = time(NULL); // LOG_DEBUG(tmp); if (ver_ex_number) { LOG_DEBUG("PCP bcst: group=%d, hops=%d, ver=%d(%c%c%04d), from=%s, dest=%s ttl=%d", bcs.group, bcs.numHops, ver, ver_ex_prefix[0], ver_ex_prefix[1], ver_ex_number, fromStr, destStr, bcs.ttl); } else if (ver_vp) { LOG_DEBUG("PCP bcst: group=%d, hops=%d, ver=%d(VP%04d), from=%s, dest=%s ttl=%d", bcs.group, bcs.numHops, ver, ver_vp, fromStr, destStr, bcs.ttl); } else { LOG_DEBUG("PCP bcst: group=%d, hops=%d, ver=%d, from=%s, dest=%s ttl=%d", bcs.group, bcs.numHops, ver, fromStr, destStr, bcs.ttl); } if (fromID.isSet()) if (fromID.isSame(servMgr->sessionID)) { LOG_ERROR("BCST loopback"); return PCP_ERROR_BCST + PCP_ERROR_LOOPBACK; } // broadcast back out if ttl > 0 if ((bcs.ttl > 0) && (!bcs.forMe)) { pack.len = pmem.pos; pack.type = ChanPacket::T_PCP; if (bcs.group & (/*PCP_BCST_GROUP_ROOT|*/PCP_BCST_GROUP_TRACKERS | PCP_BCST_GROUP_RELAYS)) { pack.priority = 11 - bcs.numHops; chanMgr->broadcastPacketUp(pack, bcs.chanID, remoteID, destID); } if (bcs.group & (/*PCP_BCST_GROUP_ROOT|*/PCP_BCST_GROUP_TRACKERS | PCP_BCST_GROUP_RELAYS)) { servMgr->broadcastPacket(pack, bcs.chanID, remoteID, destID, Servent::T_COUT); } if (bcs.group & (PCP_BCST_GROUP_RELAYS | PCP_BCST_GROUP_TRACKERS)) { servMgr->broadcastPacket(pack, bcs.chanID, remoteID, destID, Servent::T_CIN); } if (bcs.group & (PCP_BCST_GROUP_RELAYS)) { servMgr->broadcastPacket(pack, bcs.chanID, remoteID, destID, Servent::T_RELAY); } // LOG_DEBUG("ttl=%d",ttl); } else { // LOG_DEBUG("ttl=%d",ttl); } return r; }
inline bool unlink_file(const char *filename) { try{ NtSetInformationFile_t pNtSetInformationFile = (NtSetInformationFile_t)get_proc_address(get_module_handle("ntdll.dll"), "NtSetInformationFile"); if(!pNtSetInformationFile){ return false; } NtQueryObject_t pNtQueryObject = (NtQueryObject_t)get_proc_address(get_module_handle("ntdll.dll"), "NtQueryObject"); //First step: Obtain a handle to the file using Win32 rules. This resolves relative paths void *fh = create_file(filename, generic_read | delete_access, open_existing, file_flag_backup_semantics | file_flag_delete_on_close); if(fh == invalid_handle_value){ return false; } handle_closer h_closer(fh); std::auto_ptr<ntquery_mem_t> pmem(new ntquery_mem_t); file_rename_information_t *pfri = (file_rename_information_t*)&pmem->ren.info; const std::size_t RenMaxNumChars = ((char*)pmem.get() - (char*)&pmem->ren.info.FileName[0])/sizeof(wchar_t); //Obtain file name unsigned long size; if(pNtQueryObject(fh, object_name_information, pmem.get(), sizeof(ntquery_mem_t), &size)){ return false; } //Copy filename to the rename member std::memmove(pmem->ren.info.FileName, pmem->name.Name.Buffer, pmem->name.Name.Length); std::size_t filename_string_length = pmem->name.Name.Length/sizeof(wchar_t); //Second step: obtain the complete native-nt filename //if(!get_file_name_from_handle_function(fh, pfri->FileName, RenMaxNumChars, filename_string_length)){ //return 0; //} //Add trailing mark if((RenMaxNumChars-filename_string_length) < (SystemTimeOfDayInfoLength*2)){ return false; } //Search '\\' character to replace it for(std::size_t i = filename_string_length; i != 0; --filename_string_length){ if(pmem->ren.info.FileName[--i] == L'\\') break; } //Add random number std::size_t s = RenMaxNumChars - filename_string_length; if(!get_boot_and_system_time_wstr(&pfri->FileName[filename_string_length], s)){ return false; } filename_string_length += s; //Fill rename information (FileNameLength is in bytes) pfri->FileNameLength = static_cast<unsigned long>(sizeof(wchar_t)*(filename_string_length)); pfri->Replace = 1; pfri->RootDir = 0; //Final step: change the name of the in-use file: io_status_block_t io; if(0 != pNtSetInformationFile(fh, &io, pfri, sizeof(ntquery_mem_t::ren_t), file_rename_information)){ return false; } return true; } catch(...){ return false; } }