From 8963930974174598710d2cc4a8609a856199dfea Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 11 May 2012 17:45:16 +0200
Subject: [PATCH] s3:smb2_ioctl: implement FSCTL_VALIDATE_NEGOTIATE_INFO_224

metze
---
 source3/smbd/smb2_ioctl.c | 73 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c
index 4bbb8aecb1ab..f1ad8ab16db5 100644
--- a/source3/smbd/smb2_ioctl.c
+++ b/source3/smbd/smb2_ioctl.c
@@ -25,6 +25,7 @@
 #include "../lib/util/tevent_ntstatus.h"
 #include "rpc_server/srv_pipe_hnd.h"
 #include "include/ntioctl.h"
+#include "../librpc/ndr/libndr.h"
 
 static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx,
 					       struct tevent_context *ev,
@@ -389,6 +390,78 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx,
 					req);
 		return req;
 
+	case FSCTL_VALIDATE_NEGOTIATE_INFO_224:
+	{
+		struct smbXsrv_connection *conn = smbreq->sconn->conn;
+		uint32_t in_capabilities;
+		DATA_BLOB in_guid_blob;
+		struct GUID in_guid;
+		uint16_t in_security_mode;
+		uint16_t in_max_dialect;
+		uint16_t max_dialect;
+		DATA_BLOB out_guid_blob;
+		NTSTATUS status;
+
+		if (in_input.length != 0x18) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+			return tevent_req_post(req, ev);
+		}
+
+		if (in_max_output < 0x18) {
+			tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
+			return tevent_req_post(req, ev);
+		}
+
+		in_capabilities = IVAL(in_input.data, 0x00);
+		in_guid_blob = data_blob_const(in_input.data + 0x04, 16);
+		in_security_mode = SVAL(in_input.data, 0x14);
+		in_max_dialect = SVAL(in_input.data, 0x16);
+
+		max_dialect = conn->smb2.client.dialects[conn->smb2.client.num_dialects-1];
+		if (in_max_dialect != max_dialect) {
+			state->disconnect = true;
+			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+			return tevent_req_post(req, ev);
+		}
+
+		if (!GUID_compare(&in_guid, &conn->smb2.client.guid)) {
+			state->disconnect = true;
+			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+			return tevent_req_post(req, ev);
+		}
+
+		if (in_security_mode != conn->smb2.client.security_mode) {
+			state->disconnect = true;
+			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+			return tevent_req_post(req, ev);
+		}
+
+		if (in_capabilities != conn->smb2.client.capabilities) {
+			state->disconnect = true;
+			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+			return tevent_req_post(req, ev);
+		}
+
+		status = GUID_to_ndr_blob(&conn->smb2.server.guid, state,
+					  &out_guid_blob);
+		if (tevent_req_nterror(req, status)) {
+			return tevent_req_post(req, ev);
+		}
+
+		state->out_output = data_blob_talloc(state, NULL, 0x18);
+		if (tevent_req_nomem(state->out_output.data, req)) {
+			return tevent_req_post(req, ev);
+		}
+
+		SIVAL(state->out_output.data, 0x00, conn->smb2.server.capabilities);
+		memcpy(state->out_output.data+0x04, out_guid_blob.data, 16);
+		SIVAL(state->out_output.data, 0x14, conn->smb2.server.security_mode);
+		SIVAL(state->out_output.data, 0x16, conn->smb2.server.dialect);
+
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+
 	default: {
 		uint8_t *out_data = NULL;
 		uint32_t out_data_len = 0;
-- 
2.34.1