Pkt *
cifshdr(Session *s, Share *sp, int cmd)
{
Pkt *p;
int sign, tid, dfs;
dfs = 0;
tid = NO_TID;
Active = IDLE_TIME;
werrstr("");
sign = s->secmode & SECMODE_SIGN_ENABLED? FL2_PACKET_SIGNATURES: 0;
if(sp){
tid = sp->tid;
// FIXME! if(sp->options & SMB_SHARE_IS_IN_DFS)
// FIXME! dfs = FL2_DFS;
}
p = emalloc9p(sizeof(Pkt) + MTU);
memset(p, 0, sizeof(Pkt) +MTU);
p->buf = (uchar *)p + sizeof(Pkt);
p->s = s;
p->request = cmd; /* for debug */
qlock(&s->seqlock);
if(s->seqrun){
p->seq = s->seq;
s->seq = (s->seq + 2) % 0x10000;
}
qunlock(&s->seqlock);
nbthdr(p);
pmem(p, magic, nelem(magic));
p8(p, cmd);
pl32(p, 0); /* status (error) */
p8(p, FL_CASELESS_NAMES | FL_CANNONICAL_NAMES); /* flags */
pl16(p, s->flags2 | dfs | sign); /* flags2 */
pl16(p, (s->pid >> 16) & 0xffff); /* PID MS bits */
pl32(p, p->seq); /* MAC / sequence number */
pl32(p, 0); /* MAC */
pl16(p, 0); /* padding */
pl16(p, tid);
pl16(p, s->pid & 0xffff);
pl16(p, s->uid);
pl16(p, s->mid);
p->wordbase = p8(p, 0); /* filled in by pbytes() */
return p;
}
CIFStreeconnect(Session *s, char *cname, char *tree, Share *sp)
{
int len;
char *resp, *path;
char zeros[24];
Pkt *p;
resp = Sess->auth->resp[0];
len = Sess->auth->len[0];
if((s->secmode & SECMODE_USER) != SECMODE_USER){
memset(zeros, 0, sizeof zeros);
resp = zeros;
len = sizeof zeros;
}
p = cifshdr(s, nil, SMB_COM_TREE_CONNECT_ANDX);
p8(p, 0xFF); /* Secondary command */
p8(p, 0); /* Reserved */
pl16(p, 0); /* Offset to next Word Count */
pl16(p, 0); /* Flags */
if((s->secmode & SECMODE_PW_ENCRYPT) == 0){
pl16(p, len+1); /* password len, including null */
pbytes(p);
pascii(p, resp);
}else{
pl16(p, len);
pbytes(p);
pmem(p, resp, len);
}
path = smprint("//%s/%s", cname, tree);
ppath(p, path); /* path */
free(path);
pascii(p, "?????"); /* service type any (so we can do RAP calls) */
if(cifsrpc(p) == -1){
free(p);
return -1;
}
g8(p); /* Secondary command */
g8(p); /* Reserved */
gl16(p); /* Offset to next command */
sp->options = g8(p); /* options supported */
sp->tid = p->tid; /* get received TID from packet header */
free(p);
return 0;
}
/**
* main - moving the program break
*
* Return: EXIT_FAILURE if something failed. Otherwise EXIT_SUCCESS
*/
int main(void)
{
void *p;
size_t size_of_the_chunk;
char prev_used;
p = malloc(0);
printf("%p\n", p);
pmem((char *)p - 0x10, 0x10);
size_of_the_chunk = *((size_t *)((char *)p - 8));
prev_used = size_of_the_chunk & 1;
size_of_the_chunk -= prev_used;
printf("chunk size = %li bytes\n", size_of_the_chunk);
return (EXIT_SUCCESS);
}
int
CIFSsession(Session *s)
{
char os[64], *q;
Rune r;
Pkt *p;
enum {
mycaps = CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
CAP_NT_FIND | CAP_STATUS32,
};
s->seqrun = 1; /* activate the sequence number generation/checking */
p = cifshdr(s, nil, SMB_COM_SESSION_SETUP_ANDX);
p8(p, 0xFF); /* No secondary command */
p8(p, 0); /* Reserved (must be zero) */
pl16(p, 0); /* Offset to next command */
pl16(p, MTU); /* my max buffer size */
pl16(p, 1); /* my max multiplexed pending requests */
pl16(p, 0); /* Virtual connection # */
pl32(p, 0); /* Session key (if vc != 0) */
if((s->secmode & SECMODE_PW_ENCRYPT) == 0) {
pl16(p, utflen(Sess->auth->resp[0])*2 + 2); /* passwd size */
pl16(p, utflen(Sess->auth->resp[0])*2 + 2); /* passwd size (UPPER CASE) */
pl32(p, 0); /* Reserved */
pl32(p, mycaps);
pbytes(p);
for(q = Sess->auth->resp[0]; *q; ){
q += chartorune(&r, q);
pl16(p, toupperrune(r));
}
pl16(p, 0);
for(q = Sess->auth->resp[0]; *q; ){
q += chartorune(&r, q);
pl16(p, r);
}
pl16(p, 0);
}else{
pl16(p, Sess->auth->len[0]); /* LM passwd size */
pl16(p, Sess->auth->len[1]); /* NTLM passwd size */
pl32(p, 0); /* Reserved */
pl32(p, mycaps);
pbytes(p);
pmem(p, Sess->auth->resp[0], Sess->auth->len[0]);
pmem(p, Sess->auth->resp[1], Sess->auth->len[1]);
}
pstr(p, Sess->auth->user); /* Account name */
pstr(p, Sess->auth->windom); /* Primary domain */
pstr(p, "plan9"); /* Client OS */
pstr(p, argv0); /* Client LAN Manager type */
if(cifsrpc(p) == -1){
free(p);
return -1;
}
g8(p); /* Reserved (0) */
gl16(p); /* Offset to next command wordcount */
Sess->isguest = gl16(p) & 1; /* logged in as guest */
gl16(p);
gl16(p);
/* no security blob here - we don't understand extended security anyway */
gstr(p, os, sizeof os);
s->remos = estrdup9p(os);
free(p);
return 0;
}
// ------------------------------------------
int PCPStream::readBroadcastAtoms(AtomStream &atom, int numc, BroadcastState &bcs) {
ChanPacket pack;
//int ttl=0;
int ver = 0;
int ver_vp = 0;
GnuID fromID, destID;
int r = 0;
char ver_ex_prefix[2];
int ver_ex_number = 0;
fromID.clear();
destID.clear();
bcs.initPacketSettings();
MemoryStream pmem(pack.data, sizeof(pack.data));
AtomStream patom(pmem);
patom.writeParent(PCP_BCST, numc);
for (int i = 0; i < numc; i++) {
int c, d;
ID4 id = atom.read(c, d);
if (id == PCP_BCST_TTL) {
bcs.ttl = atom.readChar() - 1;
patom.writeChar(id, bcs.ttl);
} else if (id == PCP_BCST_HOPS) {
bcs.numHops = atom.readChar() + 1;
patom.writeChar(id, bcs.numHops);
} else if (id == PCP_BCST_FROM) {
atom.readBytes(fromID.id, 16);
patom.writeBytes(id, fromID.id, 16);
routeList.add(fromID);
} else if (id == PCP_BCST_GROUP) {
bcs.group = atom.readChar();
patom.writeChar(id, bcs.group);
} else if (id == PCP_BCST_DEST) {
atom.readBytes(destID.id, 16);
patom.writeBytes(id, destID.id, 16);
bcs.forMe = destID.isSame(servMgr->sessionID);
char idstr1[64];
char idstr2[64];
destID.toStr(idstr1);
servMgr->sessionID.toStr(idstr2);
} else if (id == PCP_BCST_CHANID) {
atom.readBytes(bcs.chanID.id, 16);
patom.writeBytes(id, bcs.chanID.id, 16);
} else if (id == PCP_BCST_VERSION) {
ver = atom.readInt();
patom.writeInt(id, ver);
} else if (id == PCP_BCST_VERSION_VP) {
ver_vp = atom.readInt();
patom.writeInt(id, ver_vp);
} else if (id == PCP_BCST_VERSION_EX_PREFIX) {
atom.readBytes(ver_ex_prefix, 2);
patom.writeBytes(id, ver_ex_prefix, 2);
} else if (id == PCP_BCST_VERSION_EX_NUMBER) {
ver_ex_number = atom.readShort();
patom.writeShort(id, ver_ex_number);
} else if (id == PCP_HOST) {
ChanHit hit;
readHostAtoms(atom, c, bcs, hit, false);
Servent *sv = servMgr->findServentByServentID(bcs.servent_id);
if (hit.uphost.ip == 0) {
// LOG_DEBUG("bcs servent_id = %d", bcs.servent_id);
if (bcs.numHops == 1) {
hit.uphost.ip = servMgr->serverHost.ip;
hit.uphost.port = servMgr->serverHost.port;
hit.uphostHops = 1;
} else {
//Servent *sv = servMgr->findServentByServentID(bcs.servent_id);
if (sv) {
hit.uphost.ip = sv->getHost().ip;
hit.uphost.port = sv->waitPort;
hit.uphostHops = bcs.numHops - 1;
}
}
}
if (sv &&
((hit.numHops == 1 && (hit.rhost[0].ip == sv->getHost().ip
&& hit.uphost.ip == servMgr->serverHost.ip && hit.uphost.port == servMgr->serverHost.port)
|| (hit.rhost[1].localIP() && hit.rhost[1].ip == sv->getHost().ip))
|| (hit.numHops != 1 && chanMgr->findParentHit(hit)))) {
int oldPos = pmem.pos;
hit.writeAtoms(patom, hit.chanID);
pmem.pos = oldPos;
r = readAtom(patom, bcs);
} else {
char tmp[80], tmp2[80], tmp3[80];
memset(tmp, 0, 80);
memset(tmp2, 0, 80);
memset(tmp3, 0, 80);
hit.uphost.toStr(tmp);
hit.host.toStr(tmp2);
if (sv)
sv->getHost().toStr(tmp3);
LOG_DEBUG("### Invalid bcst: hops=%d, l/r = %d/%d, ver=%d(VP%04d), ttl=%d",
bcs.numHops, hit.numListeners, hit.numRelays, ver, ver_vp, bcs.ttl);
LOG_DEBUG("### %s <- %s <- sv(%s)",
tmp2, tmp, tmp3);
bcs.ttl = 0;
}
} else {
// copy and process atoms
int oldPos = pmem.pos;
patom.writeAtoms(id, atom.io, c, d);
pmem.pos = oldPos;
r = readAtom(patom, bcs);
}
}
char fromStr[64];
fromStr[0] = 0;
if (fromID.isSet())
fromID.toStr(fromStr);
char destStr[64];
destStr[0] = 0;
if (destID.isSet())
destID.toStr(destStr);
char tmp[64];
bcs.chanID.toStr(tmp);
// Broadcast flood
if (servMgr->lastPCPFromID.isSame(fromID)
&& time(NULL) - servMgr->lastPCPBcstTime < 3) {
memcpy(servMgr->lastPCPFromID.id, fromID.id, 16);
servMgr->lastPCPBcstTime = time(NULL);
LOG_DEBUG("PCP bcst reject: group=%d, hops=%d, ver=%d(%c%c%04d), from=%s, dest=%s ttl=%d",
bcs.group, bcs.numHops, ver, ver_ex_prefix[0], ver_ex_prefix[1], ver_ex_number, fromStr, destStr, bcs.ttl);
return r;
}
memcpy(servMgr->lastPCPFromID.id, fromID.id, 16);
servMgr->lastPCPBcstTime = time(NULL);
// LOG_DEBUG(tmp);
if (ver_ex_number) {
LOG_DEBUG("PCP bcst: group=%d, hops=%d, ver=%d(%c%c%04d), from=%s, dest=%s ttl=%d",
bcs.group, bcs.numHops, ver, ver_ex_prefix[0], ver_ex_prefix[1], ver_ex_number, fromStr, destStr, bcs.ttl);
} else if (ver_vp) {
LOG_DEBUG("PCP bcst: group=%d, hops=%d, ver=%d(VP%04d), from=%s, dest=%s ttl=%d", bcs.group, bcs.numHops, ver, ver_vp, fromStr, destStr, bcs.ttl);
} else {
LOG_DEBUG("PCP bcst: group=%d, hops=%d, ver=%d, from=%s, dest=%s ttl=%d", bcs.group, bcs.numHops, ver, fromStr, destStr, bcs.ttl);
}
if (fromID.isSet()) if (fromID.isSame(servMgr->sessionID)) {
LOG_ERROR("BCST loopback");
return PCP_ERROR_BCST + PCP_ERROR_LOOPBACK;
}
// broadcast back out if ttl > 0
if ((bcs.ttl > 0) && (!bcs.forMe)) {
pack.len = pmem.pos;
pack.type = ChanPacket::T_PCP;
if (bcs.group & (/*PCP_BCST_GROUP_ROOT|*/PCP_BCST_GROUP_TRACKERS | PCP_BCST_GROUP_RELAYS)) {
pack.priority = 11 - bcs.numHops;
chanMgr->broadcastPacketUp(pack, bcs.chanID, remoteID, destID);
}
if (bcs.group & (/*PCP_BCST_GROUP_ROOT|*/PCP_BCST_GROUP_TRACKERS | PCP_BCST_GROUP_RELAYS)) {
servMgr->broadcastPacket(pack, bcs.chanID, remoteID, destID, Servent::T_COUT);
}
if (bcs.group & (PCP_BCST_GROUP_RELAYS | PCP_BCST_GROUP_TRACKERS)) {
servMgr->broadcastPacket(pack, bcs.chanID, remoteID, destID, Servent::T_CIN);
}
if (bcs.group & (PCP_BCST_GROUP_RELAYS)) {
servMgr->broadcastPacket(pack, bcs.chanID, remoteID, destID, Servent::T_RELAY);
}
// LOG_DEBUG("ttl=%d",ttl);
} else {
// LOG_DEBUG("ttl=%d",ttl);
}
return r;
}
inline bool unlink_file(const char *filename)
{
try{
NtSetInformationFile_t pNtSetInformationFile =
(NtSetInformationFile_t)get_proc_address(get_module_handle("ntdll.dll"), "NtSetInformationFile");
if(!pNtSetInformationFile){
return false;
}
NtQueryObject_t pNtQueryObject =
(NtQueryObject_t)get_proc_address(get_module_handle("ntdll.dll"), "NtQueryObject");
//First step: Obtain a handle to the file using Win32 rules. This resolves relative paths
void *fh = create_file(filename, generic_read | delete_access, open_existing,
file_flag_backup_semantics | file_flag_delete_on_close);
if(fh == invalid_handle_value){
return false;
}
handle_closer h_closer(fh);
std::auto_ptr<ntquery_mem_t> pmem(new ntquery_mem_t);
file_rename_information_t *pfri = (file_rename_information_t*)&pmem->ren.info;
const std::size_t RenMaxNumChars =
((char*)pmem.get() - (char*)&pmem->ren.info.FileName[0])/sizeof(wchar_t);
//Obtain file name
unsigned long size;
if(pNtQueryObject(fh, object_name_information, pmem.get(), sizeof(ntquery_mem_t), &size)){
return false;
}
//Copy filename to the rename member
std::memmove(pmem->ren.info.FileName, pmem->name.Name.Buffer, pmem->name.Name.Length);
std::size_t filename_string_length = pmem->name.Name.Length/sizeof(wchar_t);
//Second step: obtain the complete native-nt filename
//if(!get_file_name_from_handle_function(fh, pfri->FileName, RenMaxNumChars, filename_string_length)){
//return 0;
//}
//Add trailing mark
if((RenMaxNumChars-filename_string_length) < (SystemTimeOfDayInfoLength*2)){
return false;
}
//Search '\\' character to replace it
for(std::size_t i = filename_string_length; i != 0; --filename_string_length){
if(pmem->ren.info.FileName[--i] == L'\\')
break;
}
//Add random number
std::size_t s = RenMaxNumChars - filename_string_length;
if(!get_boot_and_system_time_wstr(&pfri->FileName[filename_string_length], s)){
return false;
}
filename_string_length += s;
//Fill rename information (FileNameLength is in bytes)
pfri->FileNameLength = static_cast<unsigned long>(sizeof(wchar_t)*(filename_string_length));
pfri->Replace = 1;
pfri->RootDir = 0;
//Final step: change the name of the in-use file:
io_status_block_t io;
if(0 != pNtSetInformationFile(fh, &io, pfri, sizeof(ntquery_mem_t::ren_t), file_rename_information)){
return false;
}
return true;
}
catch(...){
return false;
}
}
