search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-server: Remove duplicate logic
[samba4-gss.git] / source4 / smb_server / smb2 / receive.c
blob7818fdc48261b66c7485e38f46700b902e44fa22
1 /*
2 Unix SMB2 implementation.
3
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Stefan Metzmacher 2005
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "system/time.h"
23 #include "libcli/smb2/smb2.h"
24 #include "libcli/smb2/smb2_calls.h"
25 #include "smb_server/smb_server.h"
26 #include "smb_server/smb2/smb2_server.h"
27 #include "samba/service_stream.h"
28 #include "lib/stream/packet.h"
29 #include "ntvfs/ntvfs.h"
30 #include "param/param.h"
31 #include "auth/auth.h"
32 #include "lib/util/idtree.h"
33
34 /* fill in the bufinfo */
35 void smb2srv_setup_bufinfo(struct smb2srv_request *req)
36 {
37 req->in.bufinfo.mem_ctx = req;
38 req->in.bufinfo.flags = BUFINFO_FLAG_UNICODE | BUFINFO_FLAG_SMB2;
39 req->in.bufinfo.align_base = req->in.buffer;
40 if (req->in.dynamic) {
41 req->in.bufinfo.data = req->in.dynamic;
42 req->in.bufinfo.data_size = req->in.body_size - req->in.body_fixed;
43 } else {
44 req->in.bufinfo.data = NULL;
45 req->in.bufinfo.data_size = 0;
46 }
47 }
48
49 static int smb2srv_request_destructor(struct smb2srv_request *req)
50 {
51 DLIST_REMOVE(req->smb_conn->requests2.list, req);
52 if (req->pending_id) {
53 idr_remove(req->smb_conn->requests2.idtree_req, req->pending_id);
54 }
55 return 0;
56 }
57
58 static int smb2srv_request_deny_destructor(struct smb2srv_request *req)
59 {
60 return -1;
61 }
62
63 struct smb2srv_request *smb2srv_init_request(struct smbsrv_connection *smb_conn)
64 {
65 struct smb2srv_request *req;
66
67 req = talloc_zero(smb_conn, struct smb2srv_request);
68 if (!req) return NULL;
69
70 req->smb_conn = smb_conn;
71
72 req->chained_session_id = UINT64_MAX;
73 req->chained_tree_id = UINT32_MAX;
74
75 talloc_set_destructor(req, smb2srv_request_destructor);
76
77 return req;
78 }
79
80 NTSTATUS smb2srv_setup_reply(struct smb2srv_request *req, uint16_t body_fixed_size,
81 bool body_dynamic_present, uint32_t body_dynamic_size)
82 {
83 uint32_t flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
84 uint32_t pid = IVAL(req->in.hdr, SMB2_HDR_PID);
85 uint32_t tid = IVAL(req->in.hdr, SMB2_HDR_TID);
86 uint16_t credits = SVAL(req->in.hdr, SMB2_HDR_CREDIT);
87
88 if (credits == 0) {
89 credits = 1;
90 }
91
92 flags |= SMB2_HDR_FLAG_REDIRECT;
93
94 if (req->pending_id) {
95 flags |= SMB2_HDR_FLAG_ASYNC;
96 pid = req->pending_id;
97 tid = 0;
98 credits = 0;
99 }
100
101 if (body_dynamic_present) {
102 if (body_dynamic_size == 0) {
103 body_dynamic_size = 1;
104 }
105 } else {
106 body_dynamic_size = 0;
107 }
108
109 req->out.size = SMB2_HDR_BODY+NBT_HDR_SIZE+body_fixed_size;
110
111 req->out.allocated = req->out.size + body_dynamic_size;
112 req->out.buffer = talloc_array(req, uint8_t,
113 req->out.allocated);
114 NT_STATUS_HAVE_NO_MEMORY(req->out.buffer);
115
116 req->out.hdr = req->out.buffer + NBT_HDR_SIZE;
117 req->out.body = req->out.hdr + SMB2_HDR_BODY;
118 req->out.body_fixed = body_fixed_size;
119 req->out.body_size = body_fixed_size;
120 req->out.dynamic = (body_dynamic_size ? req->out.body + body_fixed_size : NULL);
121
122 SIVAL(req->out.hdr, 0, SMB2_MAGIC);
123 SSVAL(req->out.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
124 SSVAL(req->out.hdr, SMB2_HDR_CREDIT_CHARGE,
125 SVAL(req->in.hdr, SMB2_HDR_CREDIT_CHARGE));
126 SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(req->status));
127 SSVAL(req->out.hdr, SMB2_HDR_OPCODE, SVAL(req->in.hdr, SMB2_HDR_OPCODE));
128 SSVAL(req->out.hdr, SMB2_HDR_CREDIT, credits);
129 SIVAL(req->out.hdr, SMB2_HDR_FLAGS, flags);
130 SIVAL(req->out.hdr, SMB2_HDR_NEXT_COMMAND, 0);
131 SBVAL(req->out.hdr, SMB2_HDR_MESSAGE_ID, req->seqnum);
132 SIVAL(req->out.hdr, SMB2_HDR_PID, pid);
133 SIVAL(req->out.hdr, SMB2_HDR_TID, tid);
134 SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID, BVAL(req->in.hdr, SMB2_HDR_SESSION_ID));
135 memcpy(req->out.hdr+SMB2_HDR_SIGNATURE,
136 req->in.hdr+SMB2_HDR_SIGNATURE, 16);
137
138 /* set the length of the fixed body part and +1 if there's a dynamic part also */
139 SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0));
140
141 /*
142 * if we have a dynamic part, make sure the first byte
143 * which is always be part of the packet is initialized
144 */
145 if (body_dynamic_size) {
146 req->out.size += 1;
147 SCVAL(req->out.dynamic, 0, 0);
148 }
149
150 return NT_STATUS_OK;
151 }
152
153 static NTSTATUS smb2srv_reply(struct smb2srv_request *req);
154
155 static void smb2srv_chain_reply(struct smb2srv_request *p_req)
156 {
157 NTSTATUS status;
158 struct smbsrv_connection *smb_conn = p_req->smb_conn;
159 struct smb2srv_request *req;
160 uint32_t chain_offset;
161 uint32_t protocol_version;
162 uint16_t buffer_code;
163 uint32_t dynamic_size;
164 uint32_t flags;
165 uint32_t last_hdr_offset;
166
167 last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
168
169 chain_offset = p_req->chain_offset;
170 p_req->chain_offset = 0;
171
172 if (p_req->in.size < (last_hdr_offset + chain_offset + SMB2_MIN_SIZE_NO_BODY)) {
173 DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X from last hdr 0x%X\n",
174 chain_offset, last_hdr_offset));
175 smbsrv_terminate_connection(smb_conn, "Invalid SMB2 chained packet");
176 return;
177 }
178
179 protocol_version = IVAL(p_req->in.buffer, last_hdr_offset + chain_offset);
180 if (protocol_version != SMB2_MAGIC) {
181 DEBUG(2,("Invalid SMB chained packet: protocol prefix: 0x%08X\n",
182 protocol_version));
183 smbsrv_terminate_connection(smb_conn, "NON-SMB2 chained packet");
184 return;
185 }
186
187 req = smb2srv_init_request(smb_conn);
188 if (!req) {
189 smbsrv_terminate_connection(smb_conn, "SMB2 chained packet - no memory");
190 return;
191 }
192
193 talloc_steal(req, p_req);
194
195 req->in.buffer = talloc_steal(req, p_req->in.buffer);
196 req->in.size = p_req->in.size;
197 req->request_time = p_req->request_time;
198 req->in.allocated = req->in.size;
199
200 req->in.hdr = req->in.buffer+ last_hdr_offset + chain_offset;
201 req->in.body = req->in.hdr + SMB2_HDR_BODY;
202 req->in.body_size = req->in.size - (last_hdr_offset+ chain_offset + SMB2_HDR_BODY);
203 req->in.dynamic = NULL;
204
205 req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
206
207 if (req->in.body_size < 2) {
208 /* error handling for this is different for negprot to
209 other packet types */
210 uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
211 if (opcode == SMB2_OP_NEGPROT) {
212 smbsrv_terminate_connection(smb_conn, "Bad body size in SMB2 negprot");
213 return;
214 } else {
215 smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
216 return;
217 }
218 }
219
220 buffer_code = SVAL(req->in.body, 0);
221 req->in.body_fixed = (buffer_code & ~1);
222 dynamic_size = req->in.body_size - req->in.body_fixed;
223
224 if (dynamic_size != 0 && (buffer_code & 1)) {
225 req->in.dynamic = req->in.body + req->in.body_fixed;
226 if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
227 DEBUG(1,("SMB2 chained request invalid dynamic size 0x%x\n",
228 dynamic_size));
229 smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
230 return;
231 }
232 }
233
234 smb2srv_setup_bufinfo(req);
235
236 flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
237 if (flags & SMB2_HDR_FLAG_CHAINED) {
238 if (p_req->chained_file_handle) {
239 memcpy(req->_chained_file_handle,
240 p_req->_chained_file_handle,
241 sizeof(req->_chained_file_handle));
242 req->chained_file_handle = req->_chained_file_handle;
243 }
244 req->chained_session_id = p_req->chained_session_id;
245 req->chained_tree_id = p_req->chained_tree_id;
246 req->chain_status = p_req->chain_status;
247 }
248
249 /*
250 * TODO: - make sure the length field is 64
251 * - make sure it's a request
252 */
253
254 status = smb2srv_reply(req);
255 if (!NT_STATUS_IS_OK(status)) {
256 smbsrv_terminate_connection(smb_conn, nt_errstr(status));
257 return;
258 }
259 }
260
261 void smb2srv_send_reply(struct smb2srv_request *req)
262 {
263 DATA_BLOB blob;
264 NTSTATUS status;
265
266 if (req->smb_conn->connection->event.fde == NULL) {
267 /* the socket has been destroyed - no point trying to send a reply! */
268 talloc_free(req);
269 return;
270 }
271
272 if (req->out.size > NBT_HDR_SIZE) {
273 _smb_setlen_tcp(req->out.buffer, req->out.size - NBT_HDR_SIZE);
274 }
275
276 /* if signing is active on the session then sign the packet */
277 if (req->is_signed) {
278 status = smb2_sign_message(&req->out,
279 req->session->session_info->session_key);
280 if (!NT_STATUS_IS_OK(status)) {
281 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
282 return;
283 }
284 }
285
286
287 blob = data_blob_const(req->out.buffer, req->out.size);
288 status = packet_send(req->smb_conn->packet, blob);
289 if (!NT_STATUS_IS_OK(status)) {
290 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
291 return;
292 }
293 if (req->chain_offset) {
294 smb2srv_chain_reply(req);
295 return;
296 }
297 talloc_free(req);
298 }
299
300 void smb2srv_send_error(struct smb2srv_request *req, NTSTATUS error)
301 {
302 NTSTATUS status;
303
304 if (req->smb_conn->connection->event.fde == NULL) {
305 /* the socket has been destroyed - no point trying to send an error! */
306 talloc_free(req);
307 return;
308 }
309
310 status = smb2srv_setup_reply(req, 8, true, 0);
311 if (!NT_STATUS_IS_OK(status)) {
312 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
313 talloc_free(req);
314 return;
315 }
316
317 SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(error));
318
319 SSVAL(req->out.body, 0x02, 0);
320 SIVAL(req->out.body, 0x04, 0);
321
322 req->chain_status = NT_STATUS_INVALID_PARAMETER;
323
324 smb2srv_send_reply(req);
325 }
326
327 static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
328 {
329 uint16_t opcode;
330 uint32_t tid;
331 uint64_t uid;
332 uint32_t flags;
333
334 if (SVAL(req->in.hdr, SMB2_HDR_LENGTH) != SMB2_HDR_BODY) {
335 smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 header length");
336 return NT_STATUS_INVALID_PARAMETER;
337 }
338 opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
339 req->chain_offset = IVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND);
340 req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
341 tid = IVAL(req->in.hdr, SMB2_HDR_TID);
342 uid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
343 flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
344
345 if (opcode != SMB2_OP_CANCEL &&
346 req->smb_conn->highest_smb2_seqnum != 0 &&
347 req->seqnum <= req->smb_conn->highest_smb2_seqnum) {
348 smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 sequence number");
349 return NT_STATUS_INVALID_PARAMETER;
350 }
351 if (opcode != SMB2_OP_CANCEL) {
352 req->smb_conn->highest_smb2_seqnum = req->seqnum;
353 }
354
355 if (flags & SMB2_HDR_FLAG_CHAINED) {
356 uid = req->chained_session_id;
357 tid = req->chained_tree_id;
358 }
359
360 req->session = smbsrv_session_find(req->smb_conn, uid, req->request_time);
361 req->tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
362
363 req->chained_session_id = uid;
364 req->chained_tree_id = tid;
365
366 errno = 0;
367
368 /* supporting signing is mandatory in SMB2, and is per-packet. So we
369 should check the signature on any incoming packet that is signed, and
370 should give a signed reply to any signed request */
371 if (flags & SMB2_HDR_FLAG_SIGNED) {
372 NTSTATUS status;
373
374 if (!req->session) goto nosession;
375
376 req->is_signed = true;
377 status = smb2_check_signature(&req->in,
378 req->session->session_info->session_key);
379 if (!NT_STATUS_IS_OK(status)) {
380 smb2srv_send_error(req, status);
381 return NT_STATUS_OK;
382 }
383 } else if (req->session && req->session->smb2_signing.active) {
384 /* we require signing and this request was not signed */
385 smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);
386 return NT_STATUS_OK;
387 }
388
389 if (!NT_STATUS_IS_OK(req->chain_status)) {
390 smb2srv_send_error(req, req->chain_status);
391 return NT_STATUS_OK;
392 }
393
394 switch (opcode) {
395 case SMB2_OP_NEGPROT:
396 smb2srv_negprot_recv(req);
397 return NT_STATUS_OK;
398 case SMB2_OP_SESSSETUP:
399 smb2srv_sesssetup_recv(req);
400 return NT_STATUS_OK;
401 case SMB2_OP_LOGOFF:
402 if (!req->session) goto nosession;
403 smb2srv_logoff_recv(req);
404 return NT_STATUS_OK;
405 case SMB2_OP_TCON:
406 if (!req->session) goto nosession;
407 smb2srv_tcon_recv(req);
408 return NT_STATUS_OK;
409 case SMB2_OP_TDIS:
410 if (!req->session) goto nosession;
411 if (!req->tcon) goto notcon;
412 smb2srv_tdis_recv(req);
413 return NT_STATUS_OK;
414 case SMB2_OP_CREATE:
415 if (!req->session) goto nosession;
416 if (!req->tcon) goto notcon;
417 smb2srv_create_recv(req);
418 return NT_STATUS_OK;
419 case SMB2_OP_CLOSE:
420 if (!req->session) goto nosession;
421 if (!req->tcon) goto notcon;
422 smb2srv_close_recv(req);
423 return NT_STATUS_OK;
424 case SMB2_OP_FLUSH:
425 if (!req->session) goto nosession;
426 if (!req->tcon) goto notcon;
427 smb2srv_flush_recv(req);
428 return NT_STATUS_OK;
429 case SMB2_OP_READ:
430 if (!req->session) goto nosession;
431 if (!req->tcon) goto notcon;
432 smb2srv_read_recv(req);
433 return NT_STATUS_OK;
434 case SMB2_OP_WRITE:
435 if (!req->session) goto nosession;
436 if (!req->tcon) goto notcon;
437 smb2srv_write_recv(req);
438 return NT_STATUS_OK;
439 case SMB2_OP_LOCK:
440 if (!req->session) goto nosession;
441 if (!req->tcon) goto notcon;
442 smb2srv_lock_recv(req);
443 return NT_STATUS_OK;
444 case SMB2_OP_IOCTL:
445 if (!req->session) goto nosession;
446 if (!req->tcon) goto notcon;
447 smb2srv_ioctl_recv(req);
448 return NT_STATUS_OK;
449 case SMB2_OP_CANCEL:
450 smb2srv_cancel_recv(req);
451 return NT_STATUS_OK;
452 case SMB2_OP_KEEPALIVE:
453 smb2srv_keepalive_recv(req);
454 return NT_STATUS_OK;
455 case SMB2_OP_QUERY_DIRECTORY:
456 if (!req->session) goto nosession;
457 if (!req->tcon) goto notcon;
458 smb2srv_find_recv(req);
459 return NT_STATUS_OK;
460 case SMB2_OP_NOTIFY:
461 if (!req->session) goto nosession;
462 if (!req->tcon) goto notcon;
463 smb2srv_notify_recv(req);
464 return NT_STATUS_OK;
465 case SMB2_OP_GETINFO:
466 if (!req->session) goto nosession;
467 if (!req->tcon) goto notcon;
468 smb2srv_getinfo_recv(req);
469 return NT_STATUS_OK;
470 case SMB2_OP_SETINFO:
471 if (!req->session) goto nosession;
472 if (!req->tcon) goto notcon;
473 smb2srv_setinfo_recv(req);
474 return NT_STATUS_OK;
475 case SMB2_OP_BREAK:
476 if (!req->session) goto nosession;
477 if (!req->tcon) goto notcon;
478 smb2srv_break_recv(req);
479 return NT_STATUS_OK;
480 }
481
482 DEBUG(1,("Invalid SMB2 opcode: 0x%04X\n", opcode));
483 smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 opcode");
484 return NT_STATUS_OK;
485
486 nosession:
487 smb2srv_send_error(req, NT_STATUS_USER_SESSION_DELETED);
488 return NT_STATUS_OK;
489 notcon:
490 smb2srv_send_error(req, NT_STATUS_NETWORK_NAME_DELETED);
491 return NT_STATUS_OK;
492 }
493
494 NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
495 {
496 struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
497 struct smb2srv_request *req;
498 struct timeval cur_time = timeval_current();
499 uint32_t protocol_version;
500 uint16_t buffer_code;
501 uint32_t dynamic_size;
502 uint32_t flags;
503
504 smb_conn->statistics.last_request_time = cur_time;
505
506 /* see if its a special NBT packet */
507 if (CVAL(blob.data,0) != 0) {
508 DEBUG(2,("Special NBT packet on SMB2 connection\n"));
509 smbsrv_terminate_connection(smb_conn, "Special NBT packet on SMB2 connection");
510 return NT_STATUS_OK;
511 }
512
513 if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE_NO_BODY)) {
514 DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob.length));
515 smbsrv_terminate_connection(smb_conn, "Invalid SMB2 packet");
516 return NT_STATUS_OK;
517 }
518
519 protocol_version = IVAL(blob.data, NBT_HDR_SIZE);
520 if (protocol_version != SMB2_MAGIC) {
521 DEBUG(2,("Invalid SMB packet: protocol prefix: 0x%08X\n",
522 protocol_version));
523 smbsrv_terminate_connection(smb_conn, "NON-SMB2 packet");
524 return NT_STATUS_OK;
525 }
526
527 req = smb2srv_init_request(smb_conn);
528 NT_STATUS_HAVE_NO_MEMORY(req);
529
530 req->in.buffer = talloc_steal(req, blob.data);
531 req->in.size = blob.length;
532 req->request_time = cur_time;
533 req->in.allocated = req->in.size;
534
535 req->in.hdr = req->in.buffer+ NBT_HDR_SIZE;
536 req->in.body = req->in.hdr + SMB2_HDR_BODY;
537 req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
538 req->in.dynamic = NULL;
539
540 req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
541
542 if (req->in.body_size < 2) {
543 /* error handling for this is different for negprot to
544 other packet types */
545 uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
546 if (opcode == SMB2_OP_NEGPROT) {
547 smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");
548 return NT_STATUS_OK;
549 } else {
550 smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
551 return NT_STATUS_OK;
552 }
553 }
554
555 buffer_code = SVAL(req->in.body, 0);
556 req->in.body_fixed = (buffer_code & ~1);
557 dynamic_size = req->in.body_size - req->in.body_fixed;
558
559 if (dynamic_size != 0 && (buffer_code & 1)) {
560 req->in.dynamic = req->in.body + req->in.body_fixed;
561 if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
562 DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n",
563 dynamic_size));
564 smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
565 return NT_STATUS_OK;
566 }
567 }
568
569 smb2srv_setup_bufinfo(req);
570
571 /*
572 * TODO: - make sure the length field is 64
573 * - make sure it's a request
574 */
575
576 flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
577 /* the first request should never have the related flag set */
578 if (flags & SMB2_HDR_FLAG_CHAINED) {
579 req->chain_status = NT_STATUS_INVALID_PARAMETER;
580 }
581
582 return smb2srv_reply(req);
583 }
584
585 static NTSTATUS smb2srv_init_pending(struct smbsrv_connection *smb_conn)
586 {
587 smb_conn->requests2.idtree_req = idr_init(smb_conn);
588 NT_STATUS_HAVE_NO_MEMORY(smb_conn->requests2.idtree_req);
589 smb_conn->requests2.idtree_limit = 0x00FFFFFF & (UINT32_MAX - 1);
590 smb_conn->requests2.list = NULL;
591
592 return NT_STATUS_OK;
593 }
594
595 NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req)
596 {
597 NTSTATUS status;
598 bool signing_used = false;
599 int id;
600 uint16_t credits = SVAL(req->in.hdr, SMB2_HDR_CREDIT);
601
602 if (credits == 0) {
603 credits = 1;
604 }
605
606 if (req->pending_id) {
607 return NT_STATUS_INTERNAL_ERROR;
608 }
609
610 if (req->smb_conn->connection->event.fde == NULL) {
611 /* the socket has been destroyed - no point trying to send an error! */
612 return NT_STATUS_REMOTE_DISCONNECT;
613 }
614
615 id = idr_get_new_above(req->smb_conn->requests2.idtree_req, req,
616 1, req->smb_conn->requests2.idtree_limit);
617 if (id == -1) {
618 return NT_STATUS_INSUFFICIENT_RESOURCES;
619 }
620
621 DLIST_ADD_END(req->smb_conn->requests2.list, req);
622 req->pending_id = id;
623
624 talloc_set_destructor(req, smb2srv_request_deny_destructor);
625
626 status = smb2srv_setup_reply(req, 8, true, 0);
627 if (!NT_STATUS_IS_OK(status)) {
628 return status;
629 }
630
631 SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(NT_STATUS_PENDING));
632 SSVAL(req->out.hdr, SMB2_HDR_CREDIT, credits);
633
634 SSVAL(req->out.body, 0x02, 0);
635 SIVAL(req->out.body, 0x04, 0);
636
637 /* if the real reply will be signed set the signed flags, but don't sign */
638 if (req->is_signed) {
639 SIVAL(req->out.hdr, SMB2_HDR_FLAGS, IVAL(req->out.hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED);
640 signing_used = req->is_signed;
641 req->is_signed = false;
642 }
643
644 smb2srv_send_reply(req);
645
646 req->is_signed = signing_used;
647
648 talloc_set_destructor(req, smb2srv_request_destructor);
649 return NT_STATUS_OK;
650 }
651
652 void smb2srv_cancel_recv(struct smb2srv_request *req)
653 {
654 uint32_t pending_id;
655 uint32_t flags;
656 void *p;
657 struct smb2srv_request *r;
658
659 if (!req->session) goto done;
660
661 flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
662 pending_id = IVAL(req->in.hdr, SMB2_HDR_PID);
663
664 if (!(flags & SMB2_HDR_FLAG_ASYNC)) {
665 /* TODO: what to do here? */
666 goto done;
667 }
668
669 p = idr_find(req->smb_conn->requests2.idtree_req, pending_id);
670 if (!p) goto done;
671
672 r = talloc_get_type(p, struct smb2srv_request);
673 if (!r) goto done;
674
675 if (!r->ntvfs) goto done;
676
677 ntvfs_cancel(r->ntvfs);
678
679 done:
680 /* we never generate a reply for a SMB2 Cancel */
681 talloc_free(req);
682 }
683
684 /*
685 * init the SMB2 protocol related stuff
686 */
687 NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
688 {
689 NTSTATUS status;
690
691 /* now initialise a few default values associated with this smb socket */
692 smb_conn->negotiate.max_send = 0xFFFF;
693
694 /* this is the size that w2k uses, and it appears to be important for
695 good performance */
696 smb_conn->negotiate.max_recv = lpcfg_max_xmit(smb_conn->lp_ctx);
697
698 smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
699
700 smb_conn->config.nt_status_support = true;
701
702 status = smbsrv_init_sessions(smb_conn, UINT64_MAX);
703 NT_STATUS_NOT_OK_RETURN(status);
704
705 status = smb2srv_init_pending(smb_conn);
706 NT_STATUS_NOT_OK_RETURN(status);
707
708 return NT_STATUS_OK;
709
710 }
GSS-enabled samba4