NTSTATUS smbd_smb2_request_process_getinfo(struct smbd_smb2_request *req) { const uint8_t *inhdr; const uint8_t *inbody; int i = req->current_idx; size_t expected_body_size = 0x29; size_t body_size; uint8_t in_info_type; uint8_t in_file_info_class; uint32_t in_output_buffer_length; uint16_t in_input_buffer_offset; uint32_t in_input_buffer_length; DATA_BLOB in_input_buffer; uint32_t in_additional_information; uint32_t in_flags; uint64_t in_file_id_persistent; uint64_t in_file_id_volatile; struct tevent_req *subreq; inhdr = (const uint8_t *)req->in.vector[i+0].iov_base; if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } inbody = (const uint8_t *)req->in.vector[i+1].iov_base; body_size = SVAL(inbody, 0x00); if (body_size != expected_body_size) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } in_info_type = CVAL(inbody, 0x02); in_file_info_class = CVAL(inbody, 0x03); in_output_buffer_length = IVAL(inbody, 0x04); in_input_buffer_offset = SVAL(inbody, 0x08); /* 0x0A 2 bytes reserved */ in_input_buffer_length = IVAL(inbody, 0x0C); in_additional_information = IVAL(inbody, 0x10); in_flags = IVAL(inbody, 0x14); in_file_id_persistent = BVAL(inbody, 0x18); in_file_id_volatile = BVAL(inbody, 0x20); if (in_input_buffer_offset == 0 && in_input_buffer_length == 0) { /* This is ok */ } else if (in_input_buffer_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } if (in_input_buffer_length > req->in.vector[i+2].iov_len) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base; in_input_buffer.length = in_input_buffer_length; if (req->compat_chain_fsp) { /* skip check */ } else if (in_file_id_persistent != 0) { return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED); } subreq = smbd_smb2_getinfo_send(req, req->sconn->smb2.event_ctx, req, in_info_type, in_file_info_class, in_output_buffer_length, in_input_buffer, in_additional_information, in_flags, in_file_id_volatile); if (subreq == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } tevent_req_set_callback(subreq, smbd_smb2_request_getinfo_done, req); return smbd_smb2_request_pending_queue(req, subreq); }
NTSTATUS smbd_smb2_request_process_getinfo(struct smbd_smb2_request *req) { NTSTATUS status; const uint8_t *inbody; uint8_t in_info_type; uint8_t in_file_info_class; uint32_t in_output_buffer_length; uint16_t in_input_buffer_offset; uint32_t in_input_buffer_length; DATA_BLOB in_input_buffer; uint32_t in_additional_information; uint32_t in_flags; uint64_t in_file_id_persistent; uint64_t in_file_id_volatile; struct files_struct *in_fsp; struct tevent_req *subreq; status = smbd_smb2_request_verify_sizes(req, 0x29); if (!NT_STATUS_IS_OK(status)) { return smbd_smb2_request_error(req, status); } inbody = SMBD_SMB2_IN_BODY_PTR(req); in_info_type = CVAL(inbody, 0x02); in_file_info_class = CVAL(inbody, 0x03); in_output_buffer_length = IVAL(inbody, 0x04); in_input_buffer_offset = SVAL(inbody, 0x08); /* 0x0A 2 bytes reserved */ in_input_buffer_length = IVAL(inbody, 0x0C); in_additional_information = IVAL(inbody, 0x10); in_flags = IVAL(inbody, 0x14); in_file_id_persistent = BVAL(inbody, 0x18); in_file_id_volatile = BVAL(inbody, 0x20); if (in_input_buffer_offset == 0 && in_input_buffer_length == 0) { /* This is ok */ } else if (in_input_buffer_offset != (SMB2_HDR_BODY + SMBD_SMB2_IN_BODY_LEN(req))) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } if (in_input_buffer_length > SMBD_SMB2_IN_DYN_LEN(req)) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } in_input_buffer.data = SMBD_SMB2_IN_DYN_PTR(req); in_input_buffer.length = in_input_buffer_length; if (in_input_buffer.length > req->sconn->smb2.max_trans) { DEBUG(2,("smbd_smb2_request_process_getinfo: " "client ignored max trans: %s: 0x%08X: 0x%08X\n", __location__, (unsigned)in_input_buffer.length, (unsigned)req->sconn->smb2.max_trans)); return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } if (in_output_buffer_length > req->sconn->smb2.max_trans) { DEBUG(2,("smbd_smb2_request_process_getinfo: " "client ignored max trans: %s: 0x%08X: 0x%08X\n", __location__, in_output_buffer_length, req->sconn->smb2.max_trans)); return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } status = smbd_smb2_request_verify_creditcharge(req, MAX(in_input_buffer.length,in_output_buffer_length)); if (!NT_STATUS_IS_OK(status)) { return smbd_smb2_request_error(req, status); } in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile); if (in_fsp == NULL) { return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED); } subreq = smbd_smb2_getinfo_send(req, req->sconn->ev_ctx, req, in_fsp, in_info_type, in_file_info_class, in_output_buffer_length, in_input_buffer, in_additional_information, in_flags); if (subreq == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } tevent_req_set_callback(subreq, smbd_smb2_request_getinfo_done, req); return smbd_smb2_request_pending_queue(req, subreq, 500); }
NTSTATUS smbd_smb2_request_process_getinfo(struct smbd_smb2_request *req) { NTSTATUS status; const uint8_t *inbody; int i = req->current_idx; uint8_t in_info_type; uint8_t in_file_info_class; uint32_t in_output_buffer_length; uint16_t in_input_buffer_offset; uint32_t in_input_buffer_length; DATA_BLOB in_input_buffer; uint32_t in_additional_information; uint32_t in_flags; uint64_t in_file_id_persistent; uint64_t in_file_id_volatile; struct files_struct *in_fsp; struct tevent_req *subreq; status = smbd_smb2_request_verify_sizes(req, 0x29); if (!NT_STATUS_IS_OK(status)) { return smbd_smb2_request_error(req, status); } inbody = (const uint8_t *)req->in.vector[i+1].iov_base; in_info_type = CVAL(inbody, 0x02); in_file_info_class = CVAL(inbody, 0x03); in_output_buffer_length = IVAL(inbody, 0x04); in_input_buffer_offset = SVAL(inbody, 0x08); /* 0x0A 2 bytes reserved */ in_input_buffer_length = IVAL(inbody, 0x0C); in_additional_information = IVAL(inbody, 0x10); in_flags = IVAL(inbody, 0x14); in_file_id_persistent = BVAL(inbody, 0x18); in_file_id_volatile = BVAL(inbody, 0x20); if (in_input_buffer_offset == 0 && in_input_buffer_length == 0) { /* This is ok */ } else if (in_input_buffer_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } if (in_input_buffer_length > req->in.vector[i+2].iov_len) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base; in_input_buffer.length = in_input_buffer_length; if (in_input_buffer.length > req->sconn->smb2.max_trans) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } if (in_output_buffer_length > req->sconn->smb2.max_trans) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile); if (in_fsp == NULL) { return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED); } subreq = smbd_smb2_getinfo_send(req, req->sconn->smb2.event_ctx, req, in_fsp, in_info_type, in_file_info_class, in_output_buffer_length, in_input_buffer, in_additional_information, in_flags); if (subreq == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } tevent_req_set_callback(subreq, smbd_smb2_request_getinfo_done, req); return smbd_smb2_request_pending_queue(req, subreq); }