source3/smbd/smb2_ioctl_network_fs.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Core SMB2 server
   4
   5    Copyright (C) Stefan Metzmacher 2009
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "smbd/smbd.h"
  23 #include "smbd/globals.h"
  24 #include "../libcli/smb/smb_common.h"
  25 #include "../lib/util/tevent_ntstatus.h"
  26 #include "include/ntioctl.h"
  27 #include "../librpc/ndr/libndr.h"
  28 #include "smb2_ioctl_private.h"
  29
  30 static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
  31                                         struct tevent_context *ev,
  32                                         struct smbXsrv_connection *conn,
  33                                         DATA_BLOB *in_input,
  34                                         uint32_t in_max_output,
  35                                         DATA_BLOB *out_output,
  36                                         bool *disconnect)
  37 {
  38         uint32_t in_capabilities;
  39         DATA_BLOB in_guid_blob;
  40         struct GUID in_guid;
  41         uint16_t in_security_mode;
  42         uint16_t in_num_dialects;
  43         uint16_t i;
  44         DATA_BLOB out_guid_blob;
  45         NTSTATUS status;
  46
  47         if (in_input->length < 0x18) {
  48                 return NT_STATUS_INVALID_PARAMETER;
  49         }
  50
  51         in_capabilities = IVAL(in_input->data, 0x00);
  52         in_guid_blob = data_blob_const(in_input->data + 0x04, 16);
  53         in_security_mode = SVAL(in_input->data, 0x14);
  54         in_num_dialects = SVAL(in_input->data, 0x16);
  55
  56         if (in_input->length < (0x18 + in_num_dialects*2)) {
  57                 return NT_STATUS_INVALID_PARAMETER;
  58         }
  59
  60         if (in_max_output < 0x18) {
  61                 return NT_STATUS_BUFFER_TOO_SMALL;
  62         }
  63
  64         status = GUID_from_ndr_blob(&in_guid_blob, &in_guid);
  65         if (!NT_STATUS_IS_OK(status)) {
  66                 return status;
  67         }
  68
  69         if (in_num_dialects != conn->smb2.client.num_dialects) {
  70                 *disconnect = true;
  71                 return NT_STATUS_ACCESS_DENIED;
  72         }
  73
  74         for (i=0; i < in_num_dialects; i++) {
  75                 uint16_t v = SVAL(in_input->data, 0x18 + i*2);
  76
  77                 if (conn->smb2.client.dialects[i] != v) {
  78                         *disconnect = true;
  79                         return NT_STATUS_ACCESS_DENIED;
  80                 }
  81         }
  82
  83         if (GUID_compare(&in_guid, &conn->smb2.client.guid) != 0) {
  84                 *disconnect = true;
  85                 return NT_STATUS_ACCESS_DENIED;
  86         }
  87
  88         if (in_security_mode != conn->smb2.client.security_mode) {
  89                 *disconnect = true;
  90                 return NT_STATUS_ACCESS_DENIED;
  91         }
  92
  93         if (in_capabilities != conn->smb2.client.capabilities) {
  94                 *disconnect = true;
  95                 return NT_STATUS_ACCESS_DENIED;
  96         }
  97
  98         status = GUID_to_ndr_blob(&conn->smb2.server.guid, mem_ctx,
  99                                   &out_guid_blob);
 100         if (!NT_STATUS_IS_OK(status)) {
 101                 return status;
 102         }
 103
 104         *out_output = data_blob_talloc(mem_ctx, NULL, 0x18);
 105         if (out_output->data == NULL) {
 106                 return NT_STATUS_NO_MEMORY;
 107         }
 108
 109         SIVAL(out_output->data, 0x00, conn->smb2.server.capabilities);
 110         memcpy(out_output->data+0x04, out_guid_blob.data, 16);
 111         SIVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
 112         SIVAL(out_output->data, 0x16, conn->smb2.server.dialect);
 113
 114         return NT_STATUS_OK;
 115 }
 116
 117 NTSTATUS smb2_ioctl_network_fs(uint32_t ctl_code,
 118                                struct tevent_context *ev,
 119                                struct tevent_req *req,
 120                                struct smbd_smb2_ioctl_state *state)
 121 {
 122         NTSTATUS status;
 123
 124         switch (ctl_code) {
 125         case FSCTL_VALIDATE_NEGOTIATE_INFO:
 126         {
 127                 status = fsctl_validate_neg_info(state, ev,
 128                                                  state->smbreq->sconn->conn,
 129                                                  &state->in_input,
 130                                                  state->in_max_output,
 131                                                  &state->out_output,
 132                                                  &state->disconnect);
 133                 if (!tevent_req_nterror(req, status)) {
 134                         tevent_req_done(req);
 135                 }
 136                 return tevent_req_post(req, ev);
 137         }
 138         default: {
 139                 uint8_t *out_data = NULL;
 140                 uint32_t out_data_len = 0;
 141
 142                 status = SMB_VFS_FSCTL(state->fsp,
 143                                        state,
 144                                        ctl_code,
 145                                        state->smbreq->flags2,
 146                                        state->in_input.data,
 147                                        state->in_input.length,
 148                                        &out_data,
 149                                        state->in_max_output,
 150                                        &out_data_len);
 151                 state->out_output = data_blob_const(out_data, out_data_len);
 152                 if (NT_STATUS_IS_OK(status)) {
 153                         tevent_req_done(req);
 154                         return tevent_req_post(req, ev);
 155                 }
 156
 157                 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
 158                         if (IS_IPC(state->smbreq->conn)) {
 159                                 status = NT_STATUS_FS_DRIVER_REQUIRED;
 160                         } else {
 161                                 status = NT_STATUS_INVALID_DEVICE_REQUEST;
 162                         }
 163                 }
 164
 165                 tevent_req_nterror(req, status);
 166                 return tevent_req_post(req, ev);
 167                 break;
 168         }
 169         }
 170
 171         tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
 172         return tevent_req_post(req, ev);
 173 }