2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan (metze) Metzmacher 2003
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "libsmb/libsmb.h"
22 #include "../librpc/gen_ndr/ndr_security.h"
23 #include "fake_file.h"
24 #include "../libcli/security/security.h"
26 #include "../libcli/smb/smbXcli_base.h"
27 #include "librpc/gen_ndr/ndr_quota.h"
29 NTSTATUS
cli_get_quota_handle(struct cli_state
*cli
, uint16_t *quota_fnum
)
31 return cli_ntcreate(cli
, FAKE_FILE_NAME_QUOTA_WIN32
,
32 0x00000016, DESIRED_ACCESS_PIPE
,
33 0x00000000, FILE_SHARE_READ
|FILE_SHARE_WRITE
,
34 FILE_OPEN
, 0x00000000, 0x03, quota_fnum
, NULL
);
37 void free_ntquota_list(SMB_NTQUOTA_LIST
**qt_list
)
39 if (!qt_list
|| !*qt_list
) {
43 if ((*qt_list
)->mem_ctx
)
44 talloc_destroy((*qt_list
)->mem_ctx
);
51 bool add_record_to_ntquota_list(TALLOC_CTX
*mem_ctx
,
52 SMB_NTQUOTA_STRUCT
*pqt
,
53 SMB_NTQUOTA_LIST
**pqt_list
)
55 SMB_NTQUOTA_LIST
*tmp_list_ent
;
57 if ((tmp_list_ent
= talloc_zero(mem_ctx
, SMB_NTQUOTA_LIST
)) == NULL
) {
61 if ((tmp_list_ent
->quotas
= talloc_zero(mem_ctx
, SMB_NTQUOTA_STRUCT
)) ==
66 *tmp_list_ent
->quotas
= *pqt
;
67 tmp_list_ent
->mem_ctx
= mem_ctx
;
69 DLIST_ADD((*pqt_list
), tmp_list_ent
);
74 bool parse_user_quota_record(const uint8_t *rdata
,
75 unsigned int rdata_count
,
77 SMB_NTQUOTA_STRUCT
*pqt
)
79 struct file_quota_information info
= {0};
80 TALLOC_CTX
*frame
= talloc_stackframe();
82 enum ndr_err_code err
;
85 blob
.data
= discard_const_p(uint8_t, rdata
);
86 blob
.length
= rdata_count
;
87 err
= ndr_pull_struct_blob(
91 (ndr_pull_flags_fn_t
)ndr_pull_file_quota_information
);
93 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
97 *offset
= info
.next_entry_offset
;
100 pqt
->usedspace
= info
.quota_used
;
102 pqt
->softlim
= info
.quota_threshold
;
104 pqt
->hardlim
= info
.quota_limit
;
106 pqt
->qtype
= SMB_USER_QUOTA_TYPE
;
114 NTSTATUS
parse_user_quota_list(const uint8_t *curdata
,
115 uint32_t curdata_count
,
117 SMB_NTQUOTA_LIST
**pqt_list
)
119 NTSTATUS status
= NT_STATUS_OK
;
121 SMB_NTQUOTA_STRUCT qt
;
125 if (!parse_user_quota_record(curdata
, curdata_count
, &offset
,
127 DEBUG(1, ("Failed to parse the quota record\n"));
128 status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
132 if (offset
> curdata_count
) {
133 DEBUG(1, ("out of bounds offset in quota record\n"));
134 status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
138 if (curdata
+ offset
< curdata
) {
139 DEBUG(1, ("Pointer overflow in quota record\n"));
140 status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
144 if (!add_record_to_ntquota_list(mem_ctx
, &qt
, pqt_list
)) {
145 status
= NT_STATUS_NO_MEMORY
;
150 curdata_count
-= offset
;
160 NTSTATUS
parse_fs_quota_buffer(const uint8_t *rdata
,
161 unsigned int rdata_count
,
162 SMB_NTQUOTA_STRUCT
*pqt
)
164 SMB_NTQUOTA_STRUCT qt
;
168 if (rdata_count
< 48) {
169 /* minimum length is not enforced by SMB2 client.
171 DEBUG(1, ("small returned fs quota buffer\n"));
172 return NT_STATUS_INVALID_NETWORK_RESPONSE
;
175 /* unknown_1 24 NULL bytes in pdata*/
177 /* the soft quotas 8 bytes (uint64_t)*/
178 qt
.softlim
= BVAL(rdata
, 24);
180 /* the hard quotas 8 bytes (uint64_t)*/
181 qt
.hardlim
= BVAL(rdata
, 32);
183 /* quota_flags 2 bytes **/
184 qt
.qflags
= SVAL(rdata
, 40);
186 qt
.qtype
= SMB_USER_FS_QUOTA_TYPE
;
193 NTSTATUS
build_user_quota_buffer(SMB_NTQUOTA_LIST
*qt_list
,
197 SMB_NTQUOTA_LIST
**end_ptr
)
199 return fill_quota_buffer(mem_ctx
,
207 NTSTATUS
build_fs_quota_buffer(TALLOC_CTX
*mem_ctx
,
208 const SMB_NTQUOTA_STRUCT
*pqt
,
214 if (maxlen
> 0 && maxlen
< 48) {
215 return NT_STATUS_BUFFER_TOO_SMALL
;
218 *blob
= data_blob_talloc_zero(mem_ctx
, 48);
221 return NT_STATUS_NO_MEMORY
;
226 /* Unknown1 24 NULL bytes*/
227 SBIG_UINT(buf
, 0, (uint64_t)0);
228 SBIG_UINT(buf
, 8, (uint64_t)0);
229 SBIG_UINT(buf
, 16, (uint64_t)0);
231 /* Default Soft Quota 8 bytes */
232 SBIG_UINT(buf
, 24, pqt
->softlim
);
234 /* Default Hard Quota 8 bytes */
235 SBIG_UINT(buf
, 32, pqt
->hardlim
);
237 /* Quota flag 4 bytes */
238 SIVAL(buf
, 40, pqt
->qflags
);
240 /* 4 padding bytes */
246 NTSTATUS
cli_get_user_quota(struct cli_state
*cli
, int quota_fnum
,
247 SMB_NTQUOTA_STRUCT
*pqt
)
250 uint8_t *rparam
= NULL
, *rdata
= NULL
;
251 uint32_t rparam_count
, rdata_count
;
252 unsigned int sid_len
;
254 struct nttrans_query_quota_params get_quota
= {0};
255 struct file_get_quota_info info
= {0};
256 enum ndr_err_code err
;
258 TALLOC_CTX
*frame
= talloc_stackframe();
259 DATA_BLOB data_blob
= data_blob_null
;
260 DATA_BLOB param_blob
= data_blob_null
;
263 smb_panic("cli_get_user_quota() called with NULL Pointer!");
266 if (smbXcli_conn_protocol(cli
->conn
) >= PROTOCOL_SMB2_02
) {
268 return cli_smb2_get_user_quota(cli
, quota_fnum
, pqt
);
271 get_quota
.fid
= quota_fnum
;
272 get_quota
.return_single_entry
= 1;
273 get_quota
.restart_scan
= 0;
275 sid_len
= ndr_size_dom_sid(&pqt
->sid
, 0);
277 info
.next_entry_offset
= 0;
278 info
.sid_length
= sid_len
;
281 err
= ndr_push_struct_blob(
285 (ndr_push_flags_fn_t
)ndr_push_file_get_quota_info
);
287 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
288 status
= NT_STATUS_INTERNAL_ERROR
;
292 get_quota
.sid_list_length
= data_blob
.length
;
293 get_quota
.start_sid_offset
= data_blob
.length
;
295 err
= ndr_push_struct_blob(
299 (ndr_push_flags_fn_t
)ndr_push_nttrans_query_quota_params
);
301 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
302 status
= NT_STATUS_INTERNAL_ERROR
;
306 status
= cli_trans(talloc_tos(), cli
, SMBnttrans
,
307 NULL
, -1, /* name, fid */
308 NT_TRANSACT_GET_USER_QUOTA
, 0,
309 setup
, 1, 0, /* setup */
310 param_blob
.data
, param_blob
.length
, 4, /* params */
311 data_blob
.data
, data_blob
.length
, 112, /* data */
312 NULL
, /* recv_flags2 */
313 NULL
, 0, NULL
, /* rsetup */
314 &rparam
, 4, &rparam_count
,
315 &rdata
, 8, &rdata_count
);
316 if (!NT_STATUS_IS_OK(status
)) {
317 DEBUG(1, ("NT_TRANSACT_GET_USER_QUOTA failed: %s\n",
322 if (!parse_user_quota_record(rdata
, rdata_count
, &offset
, pqt
)) {
323 status
= NT_STATUS_INVALID_NETWORK_RESPONSE
;
324 DEBUG(0,("Got INVALID NT_TRANSACT_GET_USER_QUOTA reply.\n"));
335 cli_set_user_quota(struct cli_state
*cli
, int quota_fnum
, SMB_NTQUOTA_LIST
*qtl
)
339 DATA_BLOB data
= data_blob_null
;
343 smb_panic("cli_set_user_quota() called with NULL Pointer!");
346 if (smbXcli_conn_protocol(cli
->conn
) >= PROTOCOL_SMB2_02
) {
347 return cli_smb2_set_user_quota(cli
, quota_fnum
, qtl
);
350 status
= build_user_quota_buffer(qtl
, 0, talloc_tos(), &data
, NULL
);
351 if (!NT_STATUS_IS_OK(status
)) {
353 * smb1 doesn't send NT_STATUS_NO_MORE_ENTRIES so swallow
356 if (NT_STATUS_EQUAL(status
, NT_STATUS_NO_MORE_ENTRIES
)) {
357 status
= NT_STATUS_OK
;
363 SSVAL(setup
+ 0, 0, NT_TRANSACT_SET_USER_QUOTA
);
365 SSVAL(params
,0,quota_fnum
);
367 status
= cli_trans(talloc_tos(), cli
, SMBnttrans
,
368 NULL
, -1, /* name, fid */
369 NT_TRANSACT_SET_USER_QUOTA
, 0,
370 setup
, 1, 0, /* setup */
371 params
, 2, 0, /* params */
372 data
.data
, data
.length
, 0, /* data */
373 NULL
, /* recv_flags2 */
374 NULL
, 0, NULL
, /* rsetup */
375 NULL
, 0, NULL
, /* rparams */
376 NULL
, 0, NULL
); /* rdata */
378 if (!NT_STATUS_IS_OK(status
)) {
379 DEBUG(1, ("NT_TRANSACT_SET_USER_QUOTA failed: %s\n",
384 data_blob_free(&data
);
388 static NTSTATUS
cli_list_user_quota_step(struct cli_state
*cli
,
391 SMB_NTQUOTA_LIST
**pqt_list
,
395 DATA_BLOB params_blob
= data_blob_null
;
396 uint8_t *rparam
=NULL
, *rdata
=NULL
;
397 uint32_t rparam_count
=0, rdata_count
=0;
399 struct nttrans_query_quota_params quota_params
= {0};
400 enum ndr_err_code err
;
402 TALLOC_CTX
*frame
= NULL
;
403 if (smbXcli_conn_protocol(cli
->conn
) >= PROTOCOL_SMB2_02
) {
404 return cli_smb2_list_user_quota_step(cli
, mem_ctx
, quota_fnum
,
407 frame
= talloc_stackframe();
409 SSVAL(setup
+ 0, 0, NT_TRANSACT_GET_USER_QUOTA
);
411 quota_params
.fid
= quota_fnum
;
413 quota_params
.restart_scan
= 1;
415 err
= ndr_push_struct_blob(
419 (ndr_push_flags_fn_t
)ndr_push_nttrans_query_quota_params
);
421 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
422 status
= NT_STATUS_INVALID_PARAMETER
;
426 status
= cli_trans(talloc_tos(), cli
, SMBnttrans
,
427 NULL
, -1, /* name, fid */
428 NT_TRANSACT_GET_USER_QUOTA
, 0,
429 setup
, 1, 0, /* setup */
430 params_blob
.data
, params_blob
.length
, 4, /* params */
431 NULL
, 0, 2048, /* data */
432 NULL
, /* recv_flags2 */
433 NULL
, 0, NULL
, /* rsetup */
434 &rparam
, 0, &rparam_count
,
435 &rdata
, 0, &rdata_count
);
437 /* compat. with smbd + safeguard against
440 if (NT_STATUS_IS_OK(status
) && rdata_count
== 0) {
441 status
= NT_STATUS_NO_MORE_ENTRIES
;
444 if (!NT_STATUS_IS_OK(status
)) {
448 status
= parse_user_quota_list(rdata
, rdata_count
, mem_ctx
, pqt_list
);
458 NTSTATUS
cli_list_user_quota(struct cli_state
*cli
,
460 SMB_NTQUOTA_LIST
**pqt_list
)
463 TALLOC_CTX
*mem_ctx
= NULL
;
466 if (!cli
|| !pqt_list
) {
467 smb_panic("cli_list_user_quota() called with NULL Pointer!");
472 if ((mem_ctx
= talloc_init("SMB_USER_QUOTA_LIST")) == NULL
) {
473 return NT_STATUS_NO_MEMORY
;
477 status
= cli_list_user_quota_step(cli
, mem_ctx
, quota_fnum
,
480 } while (NT_STATUS_IS_OK(status
));
482 if (NT_STATUS_EQUAL(status
, NT_STATUS_NO_MORE_ENTRIES
)) {
483 status
= NT_STATUS_OK
;
486 if (!NT_STATUS_IS_OK(status
) || *pqt_list
== NULL
) {
487 TALLOC_FREE(mem_ctx
);
493 NTSTATUS
cli_get_fs_quota_info(struct cli_state
*cli
, int quota_fnum
,
494 SMB_NTQUOTA_STRUCT
*pqt
)
499 uint32_t rdata_count
=0;
503 smb_panic("cli_get_fs_quota_info() called with NULL Pointer!");
506 if (smbXcli_conn_protocol(cli
->conn
) >= PROTOCOL_SMB2_02
) {
507 return cli_smb2_get_fs_quota_info(cli
, quota_fnum
, pqt
);
510 SSVAL(setup
+ 0, 0, TRANSACT2_QFSINFO
);
512 SSVAL(param
,0,SMB_FS_QUOTA_INFORMATION
);
514 status
= cli_trans(talloc_tos(), cli
, SMBtrans2
,
515 NULL
, -1, /* name, fid */
516 0, 0, /* function, flags */
517 setup
, 1, 0, /* setup */
518 param
, 2, 0, /* param */
519 NULL
, 0, 560, /* data */
520 NULL
, /* recv_flags2 */
521 NULL
, 0, NULL
, /* rsetup */
522 NULL
, 0, NULL
, /* rparam */
523 &rdata
, 48, &rdata_count
);
525 if (!NT_STATUS_IS_OK(status
)) {
526 DEBUG(1, ("SMB_FS_QUOTA_INFORMATION failed: %s\n",
531 status
= parse_fs_quota_buffer(rdata
, rdata_count
, pqt
);
537 NTSTATUS
cli_set_fs_quota_info(struct cli_state
*cli
, int quota_fnum
,
538 SMB_NTQUOTA_STRUCT
*pqt
)
542 DATA_BLOB data
= data_blob_null
;
546 smb_panic("cli_set_fs_quota_info() called with NULL Pointer!");
549 if (smbXcli_conn_protocol(cli
->conn
) >= PROTOCOL_SMB2_02
) {
550 return cli_smb2_set_fs_quota_info(cli
, quota_fnum
, pqt
);
553 status
= build_fs_quota_buffer(talloc_tos(), pqt
, &data
, 0);
554 if (!NT_STATUS_IS_OK(status
)) {
558 SSVAL(setup
+ 0, 0,TRANSACT2_SETFSINFO
);
560 SSVAL(param
,0,quota_fnum
);
561 SSVAL(param
,2,SMB_FS_QUOTA_INFORMATION
);
563 status
= cli_trans(talloc_tos(), cli
, SMBtrans2
,
564 NULL
, -1, /* name, fid */
565 0, 0, /* function, flags */
566 setup
, 1, 0, /* setup */
567 param
, 4, 0, /* param */
568 data
.data
, data
.length
, 0, /* data */
569 NULL
, /* recv_flags2 */
570 NULL
, 0, NULL
, /* rsetup */
571 NULL
, 0, NULL
, /* rparam */
572 NULL
, 0, NULL
); /* rdata */
574 if (!NT_STATUS_IS_OK(status
)) {
575 DEBUG(1, ("SMB_FS_QUOTA_INFORMATION failed: %s\n",
582 NTSTATUS
fill_quota_buffer(TALLOC_CTX
*mem_ctx
,
583 SMB_NTQUOTA_LIST
*qlist
,
587 SMB_NTQUOTA_LIST
**end_ptr
)
589 int ndr_flags
= NDR_SCALARS
| NDR_BUFFERS
;
590 struct ndr_push
*qndr
= NULL
;
591 uint32_t start_offset
= 0;
592 uint32_t padding
= 0;
594 /* We must push at least one. */
595 return NT_STATUS_NO_MORE_ENTRIES
;
598 qndr
= ndr_push_init_ctx(mem_ctx
);
600 return NT_STATUS_NO_MEMORY
;
603 for (;qlist
!= NULL
; qlist
= qlist
->next
) {
604 struct file_quota_information info
= {0};
605 enum ndr_err_code err
;
606 uint32_t dsize
= sizeof(info
.next_entry_offset
)
607 + sizeof(info
.sid_length
)
608 + sizeof(info
.change_time
)
609 + sizeof(info
.quota_used
)
610 + sizeof(info
.quota_threshold
)
611 + sizeof(info
.quota_limit
);
614 info
.sid_length
= ndr_size_dom_sid(&qlist
->quotas
->sid
, 0);
617 uint32_t curr_pos_no_padding
= qndr
->offset
- padding
;
618 uint32_t payload
= dsize
+ info
.sid_length
;
619 uint32_t new_pos
= (curr_pos_no_padding
+ payload
);
620 if (new_pos
< curr_pos_no_padding
) {
621 /* Detect unlikely integer wrap */
622 DBG_ERR("Integer wrap while adjusting pos "
623 "0x%x by offset 0x%x\n",
624 curr_pos_no_padding
, payload
);
625 return NT_STATUS_INTERNAL_ERROR
;
627 if (new_pos
> max_data
) {
628 DBG_WARNING("Max data will be exceeded "
629 "writing next query info. "
630 "cur_pos 0x%x, sid_length 0x%x, "
631 "dsize 0x%x, max_data 0x%x\n",
640 start_offset
= qndr
->offset
;
641 info
.sid
= qlist
->quotas
->sid
;
642 info
.quota_used
= qlist
->quotas
->usedspace
;
643 info
.quota_threshold
= qlist
->quotas
->softlim
;
644 info
.quota_limit
= qlist
->quotas
->hardlim
;
646 err
= ndr_push_file_quota_information(qndr
,
650 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
651 DBG_DEBUG("Failed to push the quota sid\n");
652 return NT_STATUS_INTERNAL_ERROR
;
655 /* pidl will align to 8 bytes due to 8 byte members*/
656 /* Remember how much align padding we've used. */
657 padding
= qndr
->offset
;
659 err
= ndr_push_align(qndr
, 8);
660 if (!NDR_ERR_CODE_IS_SUCCESS(err
)) {
661 DBG_DEBUG("ndr_push_align returned %s\n",
662 ndr_map_error2string(err
));
663 return ndr_map_error2ntstatus(err
);
666 padding
= qndr
->offset
- padding
;
669 * Overwrite next_entry_offset for this entry now
670 * we know what it should be. We know we're using
671 * LIBNDR_FLAG_LITTLE_ENDIAN here so we can use
674 info
.next_entry_offset
= qndr
->offset
- start_offset
;
675 SIVAL(qndr
->data
, start_offset
, info
.next_entry_offset
);
682 if (end_ptr
!= NULL
) {
686 /* Remove the padding alignment on the last element pushed. */
687 blob
->length
= qndr
->offset
- padding
;
688 blob
->data
= qndr
->data
;
691 * Terminate the pushed array by setting next_entry_offset
692 * for the last element to zero.
694 if (blob
->length
>= sizeof(uint32_t)) {
695 SIVAL(qndr
->data
, start_offset
, 0);