source3/smbd/smb2_lock.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Core SMB2 server
   4
   5    Copyright (C) Stefan Metzmacher 2009
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "smbd/globals.h"
  23 #include "../libcli/smb/smb_common.h"
  24
  25 struct smbd_smb2_lock_element {
  26         uint64_t offset;
  27         uint64_t length;
  28         uint32_t flags;
  29 };
  30
  31 static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
  32                                                  struct tevent_context *ev,
  33                                                  struct smbd_smb2_request *smb2req,
  34                                                  uint32_t in_smbpid,
  35                                                  uint64_t in_file_id_volatile,
  36                                                  uint16_t in_lock_count,
  37                                                  struct smbd_smb2_lock_element *in_locks);
  38 static NTSTATUS smbd_smb2_lock_recv(struct tevent_req *req);
  39
  40 static void smbd_smb2_request_lock_done(struct tevent_req *subreq);
  41 NTSTATUS smbd_smb2_request_process_lock(struct smbd_smb2_request *req)
  42 {
  43         const uint8_t *inhdr;
  44         const uint8_t *inbody;
  45         const int i = req->current_idx;
  46         size_t expected_body_size = 0x30;
  47         size_t body_size;
  48         uint32_t in_smbpid;
  49         uint16_t in_lock_count;
  50         uint64_t in_file_id_persistent;
  51         uint64_t in_file_id_volatile;
  52         struct smbd_smb2_lock_element *in_locks;
  53         struct tevent_req *subreq;
  54         const uint8_t *lock_buffer;
  55         uint16_t l;
  56
  57         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
  58         if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
  59                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  60         }
  61
  62         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
  63
  64         body_size = SVAL(inbody, 0x00);
  65         if (body_size != expected_body_size) {
  66                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  67         }
  68
  69         in_smbpid                       = IVAL(inhdr, SMB2_HDR_PID);
  70
  71         in_lock_count                   = CVAL(inbody, 0x02);
  72         /* 0x04 - 4 bytes reserved */
  73         in_file_id_persistent           = BVAL(inbody, 0x08);
  74         in_file_id_volatile             = BVAL(inbody, 0x10);
  75
  76         if (in_lock_count < 1) {
  77                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  78         }
  79
  80         if (((in_lock_count - 1) * 0x18) > req->in.vector[i+2].iov_len) {
  81                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
  82         }
  83
  84         if (req->compat_chain_fsp) {
  85                 /* skip check */
  86         } else if (in_file_id_persistent != 0) {
  87                 return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
  88         }
  89
  90         in_locks = talloc_array(req, struct smbd_smb2_lock_element,
  91                                 in_lock_count);
  92         if (in_locks == NULL) {
  93                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
  94         }
  95
  96         l = 0;
  97         lock_buffer = inbody + 0x18;
  98
  99         in_locks[l].offset      = BVAL(lock_buffer, 0x00);
 100         in_locks[l].length      = BVAL(lock_buffer, 0x08);
 101         in_locks[l].flags       = IVAL(lock_buffer, 0x10);
 102         /* 0x14 - 4 reserved bytes */
 103
 104         lock_buffer = (const uint8_t *)req->in.vector[i+2].iov_base;
 105
 106         for (l=1; l < in_lock_count; l++) {
 107                 in_locks[l].offset      = BVAL(lock_buffer, 0x00);
 108                 in_locks[l].length      = BVAL(lock_buffer, 0x08);
 109                 in_locks[l].flags       = IVAL(lock_buffer, 0x10);
 110                 /* 0x14 - 4 reserved bytes */
 111
 112                 lock_buffer += 0x18;
 113         }
 114
 115         subreq = smbd_smb2_lock_send(req,
 116                                      req->sconn->smb2.event_ctx,
 117                                      req,
 118                                      in_smbpid,
 119                                      in_file_id_volatile,
 120                                      in_lock_count,
 121                                      in_locks);
 122         if (subreq == NULL) {
 123                 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
 124         }
 125         tevent_req_set_callback(subreq, smbd_smb2_request_lock_done, req);
 126
 127         if (tevent_req_is_in_progress(subreq)) {
 128                 return smbd_smb2_request_pending_queue(req);
 129         }
 130
 131         return NT_STATUS_OK;
 132 }
 133
 134 static void smbd_smb2_request_lock_done(struct tevent_req *subreq)
 135 {
 136         struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
 137                                         struct smbd_smb2_request);
 138         DATA_BLOB outbody;
 139         NTSTATUS status;
 140         NTSTATUS error; /* transport error */
 141
 142         status = smbd_smb2_lock_recv(subreq);
 143         TALLOC_FREE(subreq);
 144         if (!NT_STATUS_IS_OK(status)) {
 145                 error = smbd_smb2_request_error(req, status);
 146                 if (!NT_STATUS_IS_OK(error)) {
 147                         smbd_server_connection_terminate(req->sconn,
 148                                                          nt_errstr(error));
 149                         return;
 150                 }
 151                 return;
 152         }
 153
 154         outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
 155         if (outbody.data == NULL) {
 156                 error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
 157                 if (!NT_STATUS_IS_OK(error)) {
 158                         smbd_server_connection_terminate(req->sconn,
 159                                                          nt_errstr(error));
 160                         return;
 161                 }
 162                 return;
 163         }
 164
 165         SSVAL(outbody.data, 0x00, 0x04);        /* struct size */
 166         SSVAL(outbody.data, 0x02, 0);           /* reserved */
 167
 168         error = smbd_smb2_request_done(req, outbody, NULL);
 169         if (!NT_STATUS_IS_OK(error)) {
 170                 smbd_server_connection_terminate(req->sconn,
 171                                                  nt_errstr(error));
 172                 return;
 173         }
 174 }
 175
 176 struct smbd_smb2_lock_state {
 177         struct smbd_smb2_request *smb2req;
 178 };
 179
 180 static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
 181                                                  struct tevent_context *ev,
 182                                                  struct smbd_smb2_request *smb2req,
 183                                                  uint32_t in_smbpid,
 184                                                  uint64_t in_file_id_volatile,
 185                                                  uint16_t in_lock_count,
 186                                                  struct smbd_smb2_lock_element *in_locks)
 187 {
 188         struct tevent_req *req;
 189         struct smbd_smb2_lock_state *state;
 190         struct smb_request *smbreq;
 191         connection_struct *conn = smb2req->tcon->compat_conn;
 192         files_struct *fsp;
 193         int32_t timeout = -1;
 194         bool isunlock = false;
 195         uint16_t i;
 196         struct smbd_lock_element *locks;
 197         NTSTATUS status;
 198         bool async = false;
 199
 200         req = tevent_req_create(mem_ctx, &state,
 201                                 struct smbd_smb2_lock_state);
 202         if (req == NULL) {
 203                 return NULL;
 204         }
 205         state->smb2req = smb2req;
 206
 207         DEBUG(10,("smbd_smb2_lock_send: file_id[0x%016llX]\n",
 208                   (unsigned long long)in_file_id_volatile));
 209
 210         smbreq = smbd_smb2_fake_smb_request(smb2req);
 211         if (tevent_req_nomem(smbreq, req)) {
 212                 return tevent_req_post(req, ev);
 213         }
 214
 215         fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile);
 216         if (fsp == NULL) {
 217                 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
 218                 return tevent_req_post(req, ev);
 219         }
 220         if (conn != fsp->conn) {
 221                 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
 222                 return tevent_req_post(req, ev);
 223         }
 224         if (smb2req->session->vuid != fsp->vuid) {
 225                 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
 226                 return tevent_req_post(req, ev);
 227         }
 228
 229         locks = talloc_array(state, struct smbd_lock_element, in_lock_count);
 230         if (locks == NULL) {
 231                 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
 232                 return tevent_req_post(req, ev);
 233         }
 234
 235         switch (in_locks[0].flags) {
 236         case SMB2_LOCK_FLAG_SHARED:
 237         case SMB2_LOCK_FLAG_EXCLUSIVE:
 238                 if (in_lock_count > 1) {
 239                         tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
 240                         return tevent_req_post(req, ev);
 241                 }
 242                 timeout = -1;
 243                 break;
 244
 245         case SMB2_LOCK_FLAG_SHARED|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY:
 246         case SMB2_LOCK_FLAG_EXCLUSIVE|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY:
 247                 timeout = 0;
 248                 break;
 249
 250         case SMB2_LOCK_FLAG_UNLOCK:
 251                 /* only the first lock gives the UNLOCK bit - see
 252                    MS-SMB2 3.3.5.14 */
 253                 isunlock = true;
 254                 timeout = 0;
 255                 break;
 256
 257         default:
 258                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
 259                 return tevent_req_post(req, ev);
 260         }
 261
 262         for (i=0; i<in_lock_count; i++) {
 263                 uint64_t max_count;
 264                 bool invalid = false;
 265
 266                 switch (in_locks[i].flags) {
 267                 case SMB2_LOCK_FLAG_SHARED:
 268                 case SMB2_LOCK_FLAG_EXCLUSIVE:
 269                         if (i > 0) {
 270                                 tevent_req_nterror(req,
 271                                                    NT_STATUS_INVALID_PARAMETER);
 272                                 return tevent_req_post(req, ev);
 273                         }
 274                         if (isunlock) {
 275                                 tevent_req_nterror(req,
 276                                                    NT_STATUS_INVALID_PARAMETER);
 277                                 return tevent_req_post(req, ev);
 278                         }
 279                         break;
 280
 281                 case SMB2_LOCK_FLAG_SHARED|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY:
 282                 case SMB2_LOCK_FLAG_EXCLUSIVE|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY:
 283                         if (isunlock) {
 284                                 tevent_req_nterror(req,
 285                                                    NT_STATUS_INVALID_PARAMETER);
 286                                 return tevent_req_post(req, ev);
 287                         }
 288                         break;
 289
 290                 case SMB2_LOCK_FLAG_UNLOCK:
 291                         if (!isunlock) {
 292                                 tevent_req_nterror(req,
 293                                                    NT_STATUS_INVALID_PARAMETER);
 294                                 return tevent_req_post(req, ev);
 295                         }
 296                         break;
 297
 298                 default:
 299                         if (isunlock) {
 300                                 /*
 301                                  * is the first element was a UNLOCK
 302                                  * we need to deferr the error response
 303                                  * to the backend, because we need to process
 304                                  * all unlock elements before
 305                                  */
 306                                 invalid = true;
 307                                 break;
 308                         }
 309                         tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
 310                         return tevent_req_post(req, ev);
 311                 }
 312
 313                 locks[i].smbpid = in_smbpid;
 314                 locks[i].offset = in_locks[i].offset;
 315                 locks[i].count  = in_locks[i].length;
 316
 317                 if (in_locks[i].flags & SMB2_LOCK_FLAG_EXCLUSIVE) {
 318                         locks[i].brltype = WRITE_LOCK;
 319                 } else if (in_locks[i].flags & SMB2_LOCK_FLAG_SHARED) {
 320                         locks[i].brltype = READ_LOCK;
 321                 } else if (invalid) {
 322                         /*
 323                          * this is an invalid UNLOCK element
 324                          * and the backend needs to test for
 325                          * brltype != UNLOCK_LOCK and return
 326                          * NT_STATUS_INVALID_PARAMER
 327                          */
 328                         locks[i].brltype = READ_LOCK;
 329                 } else {
 330                         locks[i].brltype = UNLOCK_LOCK;
 331                 }
 332
 333                 max_count = UINT64_MAX - locks[i].offset;
 334                 if (locks[i].count > max_count) {
 335                         tevent_req_nterror(req, NT_STATUS_INVALID_LOCK_RANGE);
 336                         return tevent_req_post(req, ev);
 337                 }
 338         }
 339
 340         if (isunlock) {
 341                 status = smbd_do_locking(smbreq, fsp,
 342                                          0,
 343                                          timeout,
 344                                          in_lock_count,
 345                                          locks,
 346                                          0,
 347                                          NULL,
 348                                          &async);
 349         } else {
 350                 status = smbd_do_locking(smbreq, fsp,
 351                                          0,
 352                                          timeout,
 353                                          0,
 354                                          NULL,
 355                                          in_lock_count,
 356                                          locks,
 357                                          &async);
 358         }
 359         if (!NT_STATUS_IS_OK(status)) {
 360                 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_LOCK_CONFLICT)) {
 361                        status = NT_STATUS_LOCK_NOT_GRANTED;
 362                 }
 363                 tevent_req_nterror(req, status);
 364                 return tevent_req_post(req, ev);
 365         }
 366
 367         if (async) {
 368                 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
 369                 return tevent_req_post(req, ev);
 370         }
 371
 372         tevent_req_done(req);
 373         return tevent_req_post(req, ev);
 374 }
 375
 376 static NTSTATUS smbd_smb2_lock_recv(struct tevent_req *req)
 377 {
 378         NTSTATUS status;
 379
 380         if (tevent_req_is_nterror(req, &status)) {
 381                 tevent_req_received(req);
 382                 return status;
 383         }
 384
 385         tevent_req_received(req);
 386         return NT_STATUS_OK;
 387 }