Core SMB2 server
Copyright (C) Stefan Metzmacher 2009
+ Copyright (C) Jeremy Allison 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "includes.h"
+#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "../libcli/smb/smb_common.h"
+#include "trans2.h"
+#include "../lib/util/tevent_ntstatus.h"
static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct smbd_smb2_request *smb2req,
+ struct files_struct *in_fsp,
uint8_t in_info_type,
uint8_t in_file_info_class,
DATA_BLOB in_input_buffer,
- uint32_t in_additional_information,
- uint64_t in_file_id_volatile);
+ uint32_t in_additional_information);
static NTSTATUS smbd_smb2_setinfo_recv(struct tevent_req *req);
static void smbd_smb2_request_setinfo_done(struct tevent_req *subreq);
NTSTATUS smbd_smb2_request_process_setinfo(struct smbd_smb2_request *req)
{
- const uint8_t *inhdr;
+ NTSTATUS status;
const uint8_t *inbody;
int i = req->current_idx;
- size_t expected_body_size = 0x21;
- size_t body_size;
uint8_t in_info_type;
uint8_t in_file_info_class;
uint16_t in_input_buffer_offset;
uint32_t in_additional_information;
uint64_t in_file_id_persistent;
uint64_t in_file_id_volatile;
+ struct files_struct *in_fsp;
struct tevent_req *subreq;
- inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
- if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
- return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+ status = smbd_smb2_request_verify_sizes(req, 0x21);
+ if (!NT_STATUS_IS_OK(status)) {
+ return smbd_smb2_request_error(req, status);
}
-
inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
- body_size = SVAL(inbody, 0x00);
- if (body_size != expected_body_size) {
- return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
- }
-
in_info_type = CVAL(inbody, 0x02);
in_file_info_class = CVAL(inbody, 0x03);
in_input_buffer_length = IVAL(inbody, 0x04);
if (in_input_buffer_offset == 0 && in_input_buffer_length == 0) {
/* This is ok */
} else if (in_input_buffer_offset !=
- (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
+ (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
in_input_buffer.length = in_input_buffer_length;
- if (req->compat_chain_fsp) {
- /* skip check */
- } else if (in_file_id_persistent != 0) {
+ if (in_input_buffer.length > req->sconn->smb2.max_trans) {
+ DEBUG(2,("smbd_smb2_request_process_setinfo: "
+ "client ignored max trans: %s: 0x%08X: 0x%08X\n",
+ __location__, (unsigned)in_input_buffer.length,
+ (unsigned)req->sconn->smb2.max_trans));
+ return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+ }
+
+ status = smbd_smb2_request_verify_creditcharge(req,
+ in_input_buffer.length);
+ if (!NT_STATUS_IS_OK(status)) {
+ return smbd_smb2_request_error(req, status);
+ }
+
+ in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile);
+ if (in_fsp == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
}
- subreq = smbd_smb2_setinfo_send(req,
- req->sconn->smb2.event_ctx,
- req,
+ subreq = smbd_smb2_setinfo_send(req, req->sconn->ev_ctx,
+ req, in_fsp,
in_info_type,
in_file_info_class,
in_input_buffer,
- in_additional_information,
- in_file_id_volatile);
+ in_additional_information);
if (subreq == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
tevent_req_set_callback(subreq, smbd_smb2_request_setinfo_done, req);
- return smbd_smb2_request_pending_queue(req, subreq);
+ return smbd_smb2_request_pending_queue(req, subreq, 500);
}
static void smbd_smb2_request_setinfo_done(struct tevent_req *subreq)
static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct smbd_smb2_request *smb2req,
+ struct files_struct *fsp,
uint8_t in_info_type,
uint8_t in_file_info_class,
DATA_BLOB in_input_buffer,
- uint32_t in_additional_information,
- uint64_t in_file_id_volatile)
+ uint32_t in_additional_information)
{
- struct tevent_req *req;
- struct smbd_smb2_setinfo_state *state;
- struct smb_request *smbreq;
- connection_struct *conn = smb2req->tcon->compat_conn;
- files_struct *fsp;
+ struct tevent_req *req = NULL;
+ struct smbd_smb2_setinfo_state *state = NULL;
+ struct smb_request *smbreq = NULL;
+ connection_struct *conn = smb2req->tcon->compat;
+ NTSTATUS status;
req = tevent_req_create(mem_ctx, &state,
struct smbd_smb2_setinfo_state);
}
state->smb2req = smb2req;
- DEBUG(10,("smbd_smb2_setinfo_send: file_id[0x%016llX]\n",
- (unsigned long long)in_file_id_volatile));
+ DEBUG(10,("smbd_smb2_setinfo_send: %s - %s\n",
+ fsp_str_dbg(fsp), fsp_fnum_dbg(fsp)));
smbreq = smbd_smb2_fake_smb_request(smb2req);
if (tevent_req_nomem(smbreq, req)) {
return tevent_req_post(req, ev);
}
- fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile);
- if (fsp == NULL) {
- tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
- return tevent_req_post(req, ev);
- }
- if (conn != fsp->conn) {
- tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
- return tevent_req_post(req, ev);
- }
- if (smb2req->session->vuid != fsp->vuid) {
- tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
- return tevent_req_post(req, ev);
- }
-
if (IS_IPC(conn)) {
tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
return tevent_req_post(req, ev);
char *data;
int data_size;
int ret_size = 0;
- NTSTATUS status;
file_info_level = in_file_info_class + 1000;
file_info_level = SMB2_FILE_RENAME_INFORMATION_INTERNAL;
}
- if (fsp->is_directory || fsp->fh->fd == -1) {
+ if (fsp->fh->fd == -1) {
/*
* This is actually a SETFILEINFO on a directory
* handle (returned from an NT SMB). NT5.0 seems
if ((file_info_level == SMB_SET_FILE_DISPOSITION_INFO)
&& in_input_buffer.length >= 1
&& CVAL(in_input_buffer.data,0)) {
- fsp->fh->private_options |= FILE_DELETE_ON_CLOSE;
+ fsp->fh->private_options |= NTCREATEX_OPTIONS_PRIVATE_DELETE_ON_CLOSE;
DEBUG(3,("smbd_smb2_setinfo_send: "
"Cancelling print job (%s)\n",
if (SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) != 0) {
DEBUG(3,("smbd_smb2_setinfo_send: fstat "
- "of fnum %d failed (%s)\n", fsp->fnum,
+ "of %s failed (%s)\n",
+ fsp_fnum_dbg(fsp),
strerror(errno)));
status = map_nt_error_from_unix(errno);
tevent_req_nterror(req, status);
if (data_size > 0) {
data = (char *)SMB_MALLOC_ARRAY(char, data_size);
if (tevent_req_nomem(data, req)) {
-
+ return tevent_req_post(req, ev);
}
memcpy(data, in_input_buffer.data, data_size);
}
break;
}
+ case 0x03:/* SMB2_SETINFO_SECURITY */
+ {
+ if (!CAN_WRITE(conn)) {
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+
+ status = set_sd(fsp,
+ in_input_buffer.data,
+ in_input_buffer.length,
+ in_additional_information);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+ break;
+ }
+
default:
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
return tevent_req_post(req, ev);