source3/smbd/smb2_notify.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Core SMB2 server
   4
   5    Copyright (C) Stefan Metzmacher 2009
   6    Copyright (C) Jeremy Allison 2010
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "smbd/smbd.h"
  24 #include "smbd/globals.h"
  25 #include "../libcli/smb/smb_common.h"
  26 #include "../lib/util/tevent_ntstatus.h"
  27
  28 struct smbd_smb2_notify_state {
  29         struct smbd_smb2_request *smb2req;
  30         struct smb_request *smbreq;
  31         NTSTATUS status;
  32         DATA_BLOB out_output_buffer;
  33 };
  34
  35 static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx,
  36                                                 struct tevent_context *ev,
  37                                                 struct smbd_smb2_request *smb2req,
  38                                                 struct files_struct *in_fsp,
  39                                                 uint16_t in_flags,
  40                                                 uint32_t in_output_buffer_length,
  41                                                 uint64_t in_completion_filter);
  42 static NTSTATUS smbd_smb2_notify_recv(struct tevent_req *req,
  43                                       TALLOC_CTX *mem_ctx,
  44                                       DATA_BLOB *out_output_buffer);
  45
  46 static void smbd_smb2_request_notify_done(struct tevent_req *subreq);
  47 NTSTATUS smbd_smb2_request_process_notify(struct smbd_smb2_request *req)
  48 {
  49         NTSTATUS status;
  50         const uint8_t *inbody;
  51         uint16_t in_flags;
  52         uint32_t in_output_buffer_length;
  53         uint64_t in_file_id_persistent;
  54         uint64_t in_file_id_volatile;
  55         struct files_struct *in_fsp;
  56         uint64_t in_completion_filter;
  57         struct tevent_req *subreq;
  58
  59         status = smbd_smb2_request_verify_sizes(req, 0x20);
  60         if (!NT_STATUS_IS_OK(status)) {
  61                 return smbd_smb2_request_error(req, status);
  62         }
  63         inbody = SMBD_SMB2_IN_BODY_PTR(req);
  64
  65         in_flags                = SVAL(inbody, 0x02);
  66         in_output_buffer_length = IVAL(inbody, 0x04);
  67         in_file_id_persistent   = BVAL(inbody, 0x08);
  68         in_file_id_volatile     = BVAL(inbody, 0x10);
  69         in_completion_filter    = IVAL(inbody, 0x18);
  70
  71         /*
  72          * 0x00010000 is what Windows 7 uses,
  73          * Windows 2008 uses 0x00080000
  74          */
  75         if (in_output_buffer_length > req->sconn->smb2.max_trans) {
  76                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  77         }
  78
  79         status = smbd_smb2_request_verify_creditcharge(req,
  80                                                 in_output_buffer_length);
  81
  82         if (!NT_STATUS_IS_OK(status)) {
  83                 return smbd_smb2_request_error(req, status);
  84         }
  85
  86         in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile);
  87         if (in_fsp == NULL) {
  88                 return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
  89         }
  90
  91         subreq = smbd_smb2_notify_send(req, req->sconn->ev_ctx,
  92                                        req, in_fsp,
  93                                        in_flags,
  94                                        in_output_buffer_length,
  95                                        in_completion_filter);
  96         if (subreq == NULL) {
  97                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
  98         }
  99         tevent_req_set_callback(subreq, smbd_smb2_request_notify_done, req);
 100
 101         return smbd_smb2_request_pending_queue(req, subreq, 500);
 102 }
 103
 104 static void smbd_smb2_request_notify_done(struct tevent_req *subreq)
 105 {
 106         struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
 107                                         struct smbd_smb2_request);
 108         DATA_BLOB outbody;
 109         DATA_BLOB outdyn;
 110         uint16_t out_output_buffer_offset;
 111         DATA_BLOB out_output_buffer = data_blob_null;
 112         NTSTATUS status;
 113         NTSTATUS error; /* transport error */
 114
 115         if (req->cancelled) {
 116                 struct smbd_smb2_notify_state *state = tevent_req_data(subreq,
 117                                                struct smbd_smb2_notify_state);
 118                 const uint8_t *inhdr = SMBD_SMB2_IN_HDR_PTR(req);
 119                 uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
 120
 121                 DEBUG(10,("smbd_smb2_request_notify_done: cancelled mid %llu\n",
 122                         (unsigned long long)mid ));
 123                 error = smbd_smb2_request_error(req, NT_STATUS_CANCELLED);
 124                 if (!NT_STATUS_IS_OK(error)) {
 125                         smbd_server_connection_terminate(req->sconn,
 126                                 nt_errstr(error));
 127                         return;
 128                 }
 129                 TALLOC_FREE(state->im);
 130                 return;
 131         }
 132
 133         status = smbd_smb2_notify_recv(subreq,
 134                                        req,
 135                                        &out_output_buffer);
 136         TALLOC_FREE(subreq);
 137         if (!NT_STATUS_IS_OK(status)) {
 138                 error = smbd_smb2_request_error(req, status);
 139                 if (!NT_STATUS_IS_OK(error)) {
 140                         smbd_server_connection_terminate(req->sconn,
 141                                                          nt_errstr(error));
 142                         return;
 143                 }
 144                 return;
 145         }
 146
 147         out_output_buffer_offset = SMB2_HDR_BODY + 0x08;
 148
 149         outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
 150         if (outbody.data == NULL) {
 151                 error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
 152                 if (!NT_STATUS_IS_OK(error)) {
 153                         smbd_server_connection_terminate(req->sconn,
 154                                                          nt_errstr(error));
 155                         return;
 156                 }
 157                 return;
 158         }
 159
 160         SSVAL(outbody.data, 0x00, 0x08 + 1);    /* struct size */
 161         SSVAL(outbody.data, 0x02,
 162               out_output_buffer_offset);        /* output buffer offset */
 163         SIVAL(outbody.data, 0x04,
 164               out_output_buffer.length);        /* output buffer length */
 165
 166         outdyn = out_output_buffer;
 167
 168         error = smbd_smb2_request_done(req, outbody, &outdyn);
 169         if (!NT_STATUS_IS_OK(error)) {
 170                 smbd_server_connection_terminate(req->sconn,
 171                                                  nt_errstr(error));
 172                 return;
 173         }
 174 }
 175
 176 static void smbd_smb2_notify_reply(struct smb_request *smbreq,
 177                                    NTSTATUS error_code,
 178                                    uint8_t *buf, size_t len);
 179 static bool smbd_smb2_notify_cancel(struct tevent_req *req);
 180
 181 static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx,
 182                                                 struct tevent_context *ev,
 183                                                 struct smbd_smb2_request *smb2req,
 184                                                 struct files_struct *fsp,
 185                                                 uint16_t in_flags,
 186                                                 uint32_t in_output_buffer_length,
 187                                                 uint64_t in_completion_filter)
 188 {
 189         struct tevent_req *req;
 190         struct smbd_smb2_notify_state *state;
 191         struct smb_request *smbreq;
 192         connection_struct *conn = smb2req->tcon->compat;
 193         bool recursive = (in_flags & SMB2_WATCH_TREE) ? true : false;
 194         NTSTATUS status;
 195
 196         req = tevent_req_create(mem_ctx, &state,
 197                                 struct smbd_smb2_notify_state);
 198         if (req == NULL) {
 199                 return NULL;
 200         }
 201         state->smb2req = smb2req;
 202         state->status = NT_STATUS_INTERNAL_ERROR;
 203         state->out_output_buffer = data_blob_null;
 204
 205         DEBUG(10,("smbd_smb2_notify_send: %s - %s\n",
 206                   fsp_str_dbg(fsp), fsp_fnum_dbg(fsp)));
 207
 208         smbreq = smbd_smb2_fake_smb_request(smb2req);
 209         if (tevent_req_nomem(smbreq, req)) {
 210                 return tevent_req_post(req, ev);
 211         }
 212
 213         state->smbreq = smbreq;
 214         smbreq->async_priv = (void *)req;
 215
 216         {
 217                 char *filter_string;
 218
 219                 filter_string = notify_filter_string(NULL, in_completion_filter);
 220                 if (tevent_req_nomem(filter_string, req)) {
 221                         return tevent_req_post(req, ev);
 222                 }
 223
 224                 DEBUG(3,("smbd_smb2_notify_send: notify change "
 225                          "called on %s, filter = %s, recursive = %d\n",
 226                          fsp_str_dbg(fsp), filter_string, recursive));
 227
 228                 TALLOC_FREE(filter_string);
 229         }
 230
 231         if ((!fsp->is_directory) || (conn != fsp->conn)) {
 232                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
 233                 return tevent_req_post(req, ev);
 234         }
 235
 236         if (fsp->notify == NULL) {
 237
 238                 status = change_notify_create(fsp,
 239                                               in_completion_filter,
 240                                               recursive);
 241                 if (!NT_STATUS_IS_OK(status)) {
 242                         DEBUG(10, ("change_notify_create returned %s\n",
 243                                    nt_errstr(status)));
 244                         tevent_req_nterror(req, status);
 245                         return tevent_req_post(req, ev);
 246                 }
 247         }
 248
 249         if (change_notify_fsp_has_changes(fsp)) {
 250
 251                 /*
 252                  * We've got changes pending, respond immediately
 253                  */
 254
 255                 /*
 256                  * TODO: write a torture test to check the filtering behaviour
 257                  * here.
 258                  */
 259
 260                 change_notify_reply(smbreq,
 261                                     NT_STATUS_OK,
 262                                     in_output_buffer_length,
 263                                     fsp->notify,
 264                                     smbd_smb2_notify_reply);
 265
 266                 /*
 267                  * change_notify_reply() above has independently
 268                  * called tevent_req_done().
 269                  */
 270                 return tevent_req_post(req, ev);
 271         }
 272
 273         /*
 274          * No changes pending, queue the request
 275          */
 276
 277         status = change_notify_add_request(smbreq,
 278                         in_output_buffer_length,
 279                         in_completion_filter,
 280                         recursive, fsp,
 281                         smbd_smb2_notify_reply);
 282         if (!NT_STATUS_IS_OK(status)) {
 283                 tevent_req_nterror(req, status);
 284                 return tevent_req_post(req, ev);
 285         }
 286
 287         /* allow this request to be canceled */
 288         tevent_req_set_cancel_fn(req, smbd_smb2_notify_cancel);
 289
 290         return req;
 291 }
 292
 293 static void smbd_smb2_notify_reply(struct smb_request *smbreq,
 294                                    NTSTATUS error_code,
 295                                    uint8_t *buf, size_t len)
 296 {
 297         struct tevent_req *req = talloc_get_type_abort(smbreq->async_priv,
 298                                                        struct tevent_req);
 299         struct smbd_smb2_notify_state *state = tevent_req_data(req,
 300                                                struct smbd_smb2_notify_state);
 301
 302         state->status = error_code;
 303         if (!NT_STATUS_IS_OK(error_code)) {
 304                 /* nothing */
 305         } else if (len == 0) {
 306                 state->status = STATUS_NOTIFY_ENUM_DIR;
 307         } else {
 308                 state->out_output_buffer = data_blob_talloc(state, buf, len);
 309                 if (state->out_output_buffer.data == NULL) {
 310                         state->status = NT_STATUS_NO_MEMORY;
 311                 }
 312         }
 313
 314         tevent_req_defer_callback(req, state->smb2req->sconn->ev_ctx);
 315
 316         if (!NT_STATUS_IS_OK(state->status)) {
 317                 tevent_req_nterror(req, state->status);
 318                 return;
 319         }
 320
 321         tevent_req_done(req);
 322 }
 323
 324 static bool smbd_smb2_notify_cancel(struct tevent_req *req)
 325 {
 326         struct smbd_smb2_notify_state *state = tevent_req_data(req,
 327                                                struct smbd_smb2_notify_state);
 328
 329         state->smb2req->cancelled = true;
 330         smbd_notify_cancel_by_smbreq(state->smbreq);
 331
 332         return true;
 333 }
 334
 335 static NTSTATUS smbd_smb2_notify_recv(struct tevent_req *req,
 336                                       TALLOC_CTX *mem_ctx,
 337                                       DATA_BLOB *out_output_buffer)
 338 {
 339         NTSTATUS status;
 340         struct smbd_smb2_notify_state *state = tevent_req_data(req,
 341                                                struct smbd_smb2_notify_state);
 342
 343         if (tevent_req_is_nterror(req, &status)) {
 344                 tevent_req_received(req);
 345                 return status;
 346         }
 347
 348         *out_output_buffer = state->out_output_buffer;
 349         talloc_steal(mem_ctx, out_output_buffer->data);
 350
 351         tevent_req_received(req);
 352         return NT_STATUS_OK;
 353 }