search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / libcli / smb / smb2cli_ioctl.c
blob2c1d76c940b37003e4c04f9df246e44a54b4dd67
1 /*
2 Unix SMB/CIFS implementation.
3 smb2 lib
4 Copyright (C) Stefan Metzmacher 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/network.h"
22 #include "lib/util/tevent_ntstatus.h"
23 #include "smb_common.h"
24 #include "smbXcli_base.h"
25 #include "librpc/gen_ndr/ndr_ioctl.h"
26
27 struct smb2cli_ioctl_state {
28 uint8_t fixed[0x38];
29 uint8_t dyn_pad[1];
30 uint32_t max_input_length;
31 uint32_t max_output_length;
32 struct iovec *recv_iov;
33 bool out_valid;
34 DATA_BLOB out_input_buffer;
35 DATA_BLOB out_output_buffer;
36 uint32_t ctl_code;
37 };
38
39 static void smb2cli_ioctl_done(struct tevent_req *subreq);
40
41 struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
42 struct tevent_context *ev,
43 struct smbXcli_conn *conn,
44 uint32_t timeout_msec,
45 struct smbXcli_session *session,
46 struct smbXcli_tcon *tcon,
47 uint64_t in_fid_persistent,
48 uint64_t in_fid_volatile,
49 uint32_t in_ctl_code,
50 uint32_t in_max_input_length,
51 const DATA_BLOB *in_input_buffer,
52 uint32_t in_max_output_length,
53 const DATA_BLOB *in_output_buffer,
54 uint32_t in_flags)
55 {
56 struct tevent_req *req, *subreq;
57 struct smb2cli_ioctl_state *state;
58 uint8_t *fixed;
59 uint8_t *dyn;
60 size_t dyn_len;
61 uint32_t input_buffer_offset = 0;
62 uint32_t input_buffer_length = 0;
63 uint32_t output_buffer_offset = 0;
64 uint32_t output_buffer_length = 0;
65 uint32_t pad_length = 0;
66 uint64_t tmp64;
67 uint32_t max_dyn_len = 0;
68
69 req = tevent_req_create(mem_ctx, &state,
70 struct smb2cli_ioctl_state);
71 if (req == NULL) {
72 return NULL;
73 }
74 state->ctl_code = in_ctl_code;
75 state->max_input_length = in_max_input_length;
76 state->max_output_length = in_max_output_length;
77
78 tmp64 = in_max_input_length;
79 tmp64 += in_max_output_length;
80 if (tmp64 > UINT32_MAX) {
81 max_dyn_len = UINT32_MAX;
82 } else {
83 max_dyn_len = tmp64;
84 }
85
86 if (in_input_buffer) {
87 input_buffer_offset = SMB2_HDR_BODY+0x38;
88 input_buffer_length = in_input_buffer->length;
89 }
90
91 if (in_output_buffer) {
92 output_buffer_offset = SMB2_HDR_BODY+0x38;
93 output_buffer_length = in_output_buffer->length;
94 if (input_buffer_length > 0 && output_buffer_length > 0) {
95 uint32_t tmp;
96 output_buffer_offset += input_buffer_length;
97 tmp = output_buffer_offset;
98 output_buffer_offset = NDR_ROUND(output_buffer_offset, 8);
99 pad_length = output_buffer_offset - tmp;
100 }
101 }
102
103 fixed = state->fixed;
104
105 SSVAL(fixed, 0x00, 0x39);
106 SSVAL(fixed, 0x02, 0); /* reserved */
107 SIVAL(fixed, 0x04, in_ctl_code);
108 SBVAL(fixed, 0x08, in_fid_persistent);
109 SBVAL(fixed, 0x10, in_fid_volatile);
110 SIVAL(fixed, 0x18, input_buffer_offset);
111 SIVAL(fixed, 0x1C, input_buffer_length);
112 SIVAL(fixed, 0x20, in_max_input_length);
113 SIVAL(fixed, 0x24, output_buffer_offset);
114 SIVAL(fixed, 0x28, output_buffer_length);
115 SIVAL(fixed, 0x2C, in_max_output_length);
116 SIVAL(fixed, 0x30, in_flags);
117 SIVAL(fixed, 0x34, 0); /* reserved */
118
119 if (input_buffer_length > 0 && output_buffer_length > 0) {
120 size_t avail = UINT32_MAX - (input_buffer_length + pad_length);
121 size_t ofs = output_buffer_offset - input_buffer_offset;
122
123 if (avail < output_buffer_length) {
124 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
125 return tevent_req_post(req, ev);
126 }
127
128 dyn_len = input_buffer_length + output_buffer_length + pad_length;
129
130 dyn = talloc_zero_array(state, uint8_t, dyn_len);
131 if (tevent_req_nomem(dyn, req)) {
132 return tevent_req_post(req, ev);
133 }
134 memcpy(dyn, in_input_buffer->data,
135 in_input_buffer->length);
136 memcpy(dyn + ofs, in_output_buffer->data,
137 in_output_buffer->length);
138 } else if (input_buffer_length > 0) {
139 dyn = in_input_buffer->data;
140 dyn_len = in_input_buffer->length;
141 } else if (output_buffer_length > 0) {
142 dyn = in_output_buffer->data;
143 dyn_len = in_output_buffer->length;
144 } else {
145 dyn = state->dyn_pad;
146 dyn_len = sizeof(state->dyn_pad);
147 }
148
149 subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_IOCTL,
150 0, 0, /* flags */
151 timeout_msec,
152 tcon,
153 session,
154 state->fixed, sizeof(state->fixed),
155 dyn, dyn_len,
156 max_dyn_len);
157 if (tevent_req_nomem(subreq, req)) {
158 return tevent_req_post(req, ev);
159 }
160 tevent_req_set_callback(subreq, smb2cli_ioctl_done, req);
161 return req;
162 }
163
164 static void smb2cli_ioctl_done(struct tevent_req *subreq)
165 {
166 struct tevent_req *req =
167 tevent_req_callback_data(subreq,
168 struct tevent_req);
169 struct smb2cli_ioctl_state *state =
170 tevent_req_data(req,
171 struct smb2cli_ioctl_state);
172 NTSTATUS status;
173 NTSTATUS error;
174 struct iovec *iov;
175 uint8_t *fixed;
176 DATA_BLOB dyn_buffer = data_blob_null;
177 uint32_t dyn_ofs = SMB2_HDR_BODY + 0x30;
178 uint32_t input_min_offset;
179 uint32_t input_buffer_offset;
180 uint32_t input_buffer_length;
181 uint32_t input_next_offset;
182 uint32_t output_min_offset;
183 uint32_t output_buffer_offset;
184 uint32_t output_buffer_length;
185 uint32_t output_next_offset;
186 static const struct smb2cli_req_expected_response expected[] = {
187 {
188 .status = NT_STATUS_OK,
189 .body_size = 0x31
190 },
191 {
192 .status = STATUS_BUFFER_OVERFLOW,
193 .body_size = 0x31
194 },
195 {
196 /*
197 * We need to make sure that
198 * a response with NT_STATUS_FILE_CLOSED
199 * without signing generates NT_STATUS_ACCESS_DENIED
200 * if the request was signed.
201 */
202 .status = NT_STATUS_FILE_CLOSED,
203 .body_size = 0x09,
204 },
205 {
206 /*
207 * a normal error
208 */
209 .status = NT_STATUS_INVALID_PARAMETER,
210 .body_size = 0x09
211 },
212 {
213 /*
214 * a special case for FSCTL_SRV_COPYCHUNK_*
215 */
216 .status = NT_STATUS_INVALID_PARAMETER,
217 .body_size = 0x31
218 },
219 };
220
221 status = smb2cli_req_recv(subreq, state, &iov,
222 expected, ARRAY_SIZE(expected));
223 TALLOC_FREE(subreq);
224 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
225 switch (state->ctl_code) {
226 case FSCTL_SRV_COPYCHUNK:
227 case FSCTL_SRV_COPYCHUNK_WRITE:
228 break;
229 default:
230 tevent_req_nterror(req, status);
231 return;
232 }
233
234 if (iov[1].iov_len != 0x30) {
235 tevent_req_nterror(req,
236 NT_STATUS_INVALID_NETWORK_RESPONSE);
237 return;
238 }
239 } else if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
240 /* no error */
241 } else {
242 if (tevent_req_nterror(req, status)) {
243 return;
244 }
245 }
246
247 /*
248 * At this stage we're sure that got a body size of 0x31,
249 * either with NT_STATUS_OK, STATUS_BUFFER_OVERFLOW or
250 * NT_STATUS_INVALID_PARAMETER.
251 */
252
253 state->recv_iov = iov;
254 fixed = (uint8_t *)iov[1].iov_base;
255 dyn_buffer = data_blob_const((uint8_t *)iov[2].iov_base,
256 iov[2].iov_len);
257
258 input_buffer_offset = IVAL(fixed, 0x18);
259 input_buffer_length = IVAL(fixed, 0x1C);
260 output_buffer_offset = IVAL(fixed, 0x20);
261 output_buffer_length = IVAL(fixed, 0x24);
262
263 input_min_offset = dyn_ofs;
264 input_next_offset = dyn_ofs;
265 error = smb2cli_parse_dyn_buffer(dyn_ofs,
266 dyn_buffer,
267 input_min_offset,
268 input_buffer_offset,
269 input_buffer_length,
270 state->max_input_length,
271 &input_next_offset,
272 &state->out_input_buffer);
273 if (tevent_req_nterror(req, error)) {
274 return;
275 }
276
277 /*
278 * If output data is returned, the output offset MUST be set to
279 * InputOffset + InputCount rounded up to a multiple of 8.
280 */
281 output_min_offset = NDR_ROUND(input_next_offset, 8);
282 output_next_offset = 0; /* this variable is completely ignored */
283 error = smb2cli_parse_dyn_buffer(dyn_ofs,
284 dyn_buffer,
285 output_min_offset,
286 output_buffer_offset,
287 output_buffer_length,
288 state->max_output_length,
289 &output_next_offset,
290 &state->out_output_buffer);
291 if (tevent_req_nterror(req, error)) {
292 return;
293 }
294
295 state->out_valid = true;
296
297 if (tevent_req_nterror(req, status)) {
298 return;
299 }
300
301 tevent_req_done(req);
302 }
303
304 NTSTATUS smb2cli_ioctl_recv(struct tevent_req *req,
305 TALLOC_CTX *mem_ctx,
306 DATA_BLOB *out_input_buffer,
307 DATA_BLOB *out_output_buffer)
308 {
309 struct smb2cli_ioctl_state *state =
310 tevent_req_data(req,
311 struct smb2cli_ioctl_state);
312 NTSTATUS status = NT_STATUS_OK;
313
314 if (tevent_req_is_nterror(req, &status) && !state->out_valid) {
315 if (out_input_buffer) {
316 *out_input_buffer = data_blob_null;
317 }
318 if (out_output_buffer) {
319 *out_output_buffer = data_blob_null;
320 }
321 tevent_req_received(req);
322 return status;
323 }
324
325 talloc_steal(mem_ctx, state->recv_iov);
326 if (out_input_buffer) {
327 *out_input_buffer = state->out_input_buffer;
328 }
329 if (out_output_buffer) {
330 *out_output_buffer = state->out_output_buffer;
331 }
332
333 tevent_req_received(req);
334 return status;
335 }
336
337 NTSTATUS smb2cli_ioctl(struct smbXcli_conn *conn,
338 uint32_t timeout_msec,
339 struct smbXcli_session *session,
340 struct smbXcli_tcon *tcon,
341 uint64_t in_fid_persistent,
342 uint64_t in_fid_volatile,
343 uint32_t in_ctl_code,
344 uint32_t in_max_input_length,
345 const DATA_BLOB *in_input_buffer,
346 uint32_t in_max_output_length,
347 const DATA_BLOB *in_output_buffer,
348 uint32_t in_flags,
349 TALLOC_CTX *mem_ctx,
350 DATA_BLOB *out_input_buffer,
351 DATA_BLOB *out_output_buffer)
352 {
353 TALLOC_CTX *frame = talloc_stackframe();
354 struct tevent_context *ev;
355 struct tevent_req *req;
356 NTSTATUS status = NT_STATUS_NO_MEMORY;
357
358 if (smbXcli_conn_has_async_calls(conn)) {
359 /*
360 * Can't use sync call while an async call is in flight
361 */
362 status = NT_STATUS_INVALID_PARAMETER_MIX;
363 goto fail;
364 }
365 ev = samba_tevent_context_init(frame);
366 if (ev == NULL) {
367 goto fail;
368 }
369 req = smb2cli_ioctl_send(frame, ev, conn, timeout_msec,
370 session, tcon,
371 in_fid_persistent,
372 in_fid_volatile,
373 in_ctl_code,
374 in_max_input_length,
375 in_input_buffer,
376 in_max_output_length,
377 in_output_buffer,
378 in_flags);
379 if (req == NULL) {
380 goto fail;
381 }
382 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
383 goto fail;
384 }
385 status = smb2cli_ioctl_recv(req, mem_ctx,
386 out_input_buffer,
387 out_output_buffer);
388 fail:
389 TALLOC_FREE(frame);
390 return status;
391 }
392
393 struct smb2cli_ioctl_pipe_wait_state {
394 DATA_BLOB in_blob;
395 DATA_BLOB out_blob;
396 };
397
398 static void smb2cli_ioctl_pipe_wait_done(struct tevent_req *subreq);
399
400 struct tevent_req *smb2cli_ioctl_pipe_wait_send(TALLOC_CTX *mem_ctx,
401 struct tevent_context *ev,
402 struct smbXcli_conn *conn,
403 uint32_t timeout_msec,
404 struct smbXcli_session *session,
405 struct smbXcli_tcon *tcon,
406 const char *pipe_name,
407 uint64_t pipe_wait_timeout)
408 {
409 struct tevent_req *req = NULL;
410 struct tevent_req *subreq = NULL;
411 struct smb2cli_ioctl_pipe_wait_state *state = NULL;
412 struct fsctl_pipe_wait fsctl = {0};
413 enum ndr_err_code err;
414
415 req = tevent_req_create(mem_ctx, &state,
416 struct smb2cli_ioctl_pipe_wait_state);
417 if (req == NULL) {
418 return NULL;
419 }
420
421 state->out_blob = data_blob_string_const("");
422
423 fsctl.pipe_name = pipe_name;
424 fsctl.timeout = pipe_wait_timeout;
425 fsctl.timeout_specified = pipe_wait_timeout > 0 ? 1 : 0;
426
427 err = ndr_push_struct_blob(&state->in_blob, mem_ctx, &fsctl,
428 (ndr_push_flags_fn_t)ndr_push_fsctl_pipe_wait);
429 if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
430 return NULL;
431 }
432
433 subreq = smb2cli_ioctl_send(mem_ctx, ev, conn, timeout_msec,
434 session, tcon,
435 UINT64_MAX, UINT64_MAX,
436 FSCTL_PIPE_WAIT,
437 0, &state->in_blob,
438 0, &state->out_blob,
439 SMB2_IOCTL_FLAG_IS_FSCTL);
440 if (tevent_req_nomem(subreq, req)) {
441 return tevent_req_post(subreq, ev);
442 }
443 tevent_req_set_callback(subreq, smb2cli_ioctl_pipe_wait_done, req);
444
445 return req;
446 }
447
448 static void smb2cli_ioctl_pipe_wait_done(struct tevent_req *subreq)
449 {
450 struct tevent_req *req = tevent_req_callback_data(
451 subreq, struct tevent_req);
452 struct smb2cli_ioctl_pipe_wait_state *state = tevent_req_data(
453 req, struct smb2cli_ioctl_pipe_wait_state);
454 NTSTATUS status;
455
456 status = smb2cli_ioctl_recv(subreq, state, NULL, NULL);
457 TALLOC_FREE(subreq);
458 if (tevent_req_nterror(req, status)) {
459 return;
460 }
461
462 tevent_req_done(req);
463 }
464
465
466 NTSTATUS smb2cli_ioctl_pipe_wait_recv(struct tevent_req *req)
467 {
468 NTSTATUS status;
469
470 if (tevent_req_is_nterror(req, &status)) {
471 tevent_req_received(req);
472 return status;
473 }
474
475 tevent_req_received(req);
476 return NT_STATUS_OK;
477 }
478
479 NTSTATUS smb2cli_ioctl_pipe_wait(struct smbXcli_conn *conn,
480 uint32_t timeout_msec,
481 struct smbXcli_session *session,
482 struct smbXcli_tcon *tcon,
483 const char *pipe_name,
484 uint64_t pipe_wait_timeout)
485 {
486 TALLOC_CTX *frame = talloc_stackframe();
487 struct tevent_context *ev = NULL;
488 struct tevent_req *req = NULL;
489 NTSTATUS status = NT_STATUS_NO_MEMORY;
490
491 if (smbXcli_conn_has_async_calls(conn)) {
492 /*
493 * Can't use sync call while an async call is in flight
494 */
495 status = NT_STATUS_INVALID_PARAMETER_MIX;
496 goto fail;
497 }
498
499 ev = samba_tevent_context_init(frame);
500 if (ev == NULL) {
501 goto fail;
502 }
503
504 req = smb2cli_ioctl_pipe_wait_send(frame, ev, conn, timeout_msec,
505 session, tcon,
506 pipe_name, pipe_wait_timeout);
507 if (req == NULL) {
508 goto fail;
509 }
510 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
511 goto fail;
512 }
513
514 status = smb2cli_ioctl_pipe_wait_recv(req);
515
516 fail:
517 TALLOC_FREE(frame);
518 return status;
519 }
GSS-enabled samba4