search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used()
[Samba.git] / source3 / smbd / smb2_setinfo.c
blob751190ac626e4c2b1263084e7a0b6465bc73d1f7
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Jeremy Allison 2010
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "../libcli/smb/smb_common.h"
26 #include "trans2.h"
27 #include "../lib/util/tevent_ntstatus.h"
28
29 static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx,
30 struct tevent_context *ev,
31 struct smbd_smb2_request *smb2req,
32 uint8_t in_info_type,
33 uint8_t in_file_info_class,
34 DATA_BLOB in_input_buffer,
35 uint32_t in_additional_information,
36 uint64_t in_file_id_volatile);
37 static NTSTATUS smbd_smb2_setinfo_recv(struct tevent_req *req);
38
39 static void smbd_smb2_request_setinfo_done(struct tevent_req *subreq);
40 NTSTATUS smbd_smb2_request_process_setinfo(struct smbd_smb2_request *req)
41 {
42 NTSTATUS status;
43 const uint8_t *inbody;
44 int i = req->current_idx;
45 uint8_t in_info_type;
46 uint8_t in_file_info_class;
47 uint16_t in_input_buffer_offset;
48 uint32_t in_input_buffer_length;
49 DATA_BLOB in_input_buffer;
50 uint32_t in_additional_information;
51 uint64_t in_file_id_persistent;
52 uint64_t in_file_id_volatile;
53 struct tevent_req *subreq;
54
55 status = smbd_smb2_request_verify_sizes(req, 0x21);
56 if (!NT_STATUS_IS_OK(status)) {
57 return smbd_smb2_request_error(req, status);
58 }
59 inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
60
61 in_info_type = CVAL(inbody, 0x02);
62 in_file_info_class = CVAL(inbody, 0x03);
63 in_input_buffer_length = IVAL(inbody, 0x04);
64 in_input_buffer_offset = SVAL(inbody, 0x08);
65 /* 0x0A 2 bytes reserved */
66 in_additional_information = IVAL(inbody, 0x0C);
67 in_file_id_persistent = BVAL(inbody, 0x10);
68 in_file_id_volatile = BVAL(inbody, 0x18);
69
70 if (in_input_buffer_offset == 0 && in_input_buffer_length == 0) {
71 /* This is ok */
72 } else if (in_input_buffer_offset !=
73 (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
74 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
75 }
76
77 if (in_input_buffer_length > req->in.vector[i+2].iov_len) {
78 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
79 }
80
81 in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
82 in_input_buffer.length = in_input_buffer_length;
83
84 if (in_input_buffer.length > req->sconn->smb2.max_trans) {
85 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
86 }
87
88 if (req->compat_chain_fsp) {
89 /* skip check */
90 } else if (in_file_id_persistent != in_file_id_volatile) {
91 return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
92 }
93
94 subreq = smbd_smb2_setinfo_send(req,
95 req->sconn->smb2.event_ctx,
96 req,
97 in_info_type,
98 in_file_info_class,
99 in_input_buffer,
100 in_additional_information,
101 in_file_id_volatile);
102 if (subreq == NULL) {
103 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
104 }
105 tevent_req_set_callback(subreq, smbd_smb2_request_setinfo_done, req);
106
107 return smbd_smb2_request_pending_queue(req, subreq);
108 }
109
110 static void smbd_smb2_request_setinfo_done(struct tevent_req *subreq)
111 {
112 struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
113 struct smbd_smb2_request);
114 DATA_BLOB outbody;
115 NTSTATUS status;
116 NTSTATUS error; /* transport error */
117
118 status = smbd_smb2_setinfo_recv(subreq);
119 TALLOC_FREE(subreq);
120 if (!NT_STATUS_IS_OK(status)) {
121 error = smbd_smb2_request_error(req, status);
122 if (!NT_STATUS_IS_OK(error)) {
123 smbd_server_connection_terminate(req->sconn,
124 nt_errstr(error));
125 return;
126 }
127 return;
128 }
129
130 outbody = data_blob_talloc(req->out.vector, NULL, 0x02);
131 if (outbody.data == NULL) {
132 error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
133 if (!NT_STATUS_IS_OK(error)) {
134 smbd_server_connection_terminate(req->sconn,
135 nt_errstr(error));
136 return;
137 }
138 return;
139 }
140
141 SSVAL(outbody.data, 0x00, 0x02); /* struct size */
142
143 error = smbd_smb2_request_done(req, outbody, NULL);
144 if (!NT_STATUS_IS_OK(error)) {
145 smbd_server_connection_terminate(req->sconn,
146 nt_errstr(error));
147 return;
148 }
149 }
150
151 struct smbd_smb2_setinfo_state {
152 struct smbd_smb2_request *smb2req;
153 };
154
155 static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx,
156 struct tevent_context *ev,
157 struct smbd_smb2_request *smb2req,
158 uint8_t in_info_type,
159 uint8_t in_file_info_class,
160 DATA_BLOB in_input_buffer,
161 uint32_t in_additional_information,
162 uint64_t in_file_id_volatile)
163 {
164 struct tevent_req *req = NULL;
165 struct smbd_smb2_setinfo_state *state = NULL;
166 struct smb_request *smbreq = NULL;
167 connection_struct *conn = smb2req->tcon->compat_conn;
168 files_struct *fsp = NULL;
169 NTSTATUS status;
170
171 req = tevent_req_create(mem_ctx, &state,
172 struct smbd_smb2_setinfo_state);
173 if (req == NULL) {
174 return NULL;
175 }
176 state->smb2req = smb2req;
177
178 DEBUG(10,("smbd_smb2_setinfo_send: file_id[0x%016llX]\n",
179 (unsigned long long)in_file_id_volatile));
180
181 smbreq = smbd_smb2_fake_smb_request(smb2req);
182 if (tevent_req_nomem(smbreq, req)) {
183 return tevent_req_post(req, ev);
184 }
185
186 fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile);
187 if (fsp == NULL) {
188 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
189 return tevent_req_post(req, ev);
190 }
191 if (conn != fsp->conn) {
192 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
193 return tevent_req_post(req, ev);
194 }
195 if (smb2req->session->vuid != fsp->vuid) {
196 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
197 return tevent_req_post(req, ev);
198 }
199
200 if (IS_IPC(conn)) {
201 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
202 return tevent_req_post(req, ev);
203 }
204
205 switch (in_info_type) {
206 case 0x01:/* SMB2_SETINFO_FILE */
207 {
208 uint16_t file_info_level;
209 char *data;
210 int data_size;
211 int ret_size = 0;
212
213
214 file_info_level = in_file_info_class + 1000;
215 if (file_info_level == SMB_FILE_RENAME_INFORMATION) {
216 /* SMB2_FILE_RENAME_INFORMATION_INTERNAL == 0xFF00 + in_file_info_class */
217 file_info_level = SMB2_FILE_RENAME_INFORMATION_INTERNAL;
218 }
219
220 if (fsp->fh->fd == -1) {
221 /*
222 * This is actually a SETFILEINFO on a directory
223 * handle (returned from an NT SMB). NT5.0 seems
224 * to do this call. JRA.
225 */
226 if (INFO_LEVEL_IS_UNIX(file_info_level)) {
227 /* Always do lstat for UNIX calls. */
228 if (SMB_VFS_LSTAT(conn, fsp->fsp_name)) {
229 DEBUG(3,("smbd_smb2_setinfo_send: "
230 "SMB_VFS_LSTAT of %s failed "
231 "(%s)\n", fsp_str_dbg(fsp),
232 strerror(errno)));
233 status = map_nt_error_from_unix(errno);
234 tevent_req_nterror(req, status);
235 return tevent_req_post(req, ev);
236 }
237 } else {
238 if (SMB_VFS_STAT(conn, fsp->fsp_name) != 0) {
239 DEBUG(3,("smbd_smb2_setinfo_send: "
240 "fileinfo of %s failed (%s)\n",
241 fsp_str_dbg(fsp),
242 strerror(errno)));
243 status = map_nt_error_from_unix(errno);
244 tevent_req_nterror(req, status);
245 return tevent_req_post(req, ev);
246 }
247 }
248 } else if (fsp->print_file) {
249 /*
250 * Doing a DELETE_ON_CLOSE should cancel a print job.
251 */
252 if ((file_info_level == SMB_SET_FILE_DISPOSITION_INFO)
253 && in_input_buffer.length >= 1
254 && CVAL(in_input_buffer.data,0)) {
255 fsp->fh->private_options |= NTCREATEX_OPTIONS_PRIVATE_DELETE_ON_CLOSE;
256
257 DEBUG(3,("smbd_smb2_setinfo_send: "
258 "Cancelling print job (%s)\n",
259 fsp_str_dbg(fsp)));
260
261 tevent_req_done(req);
262 return tevent_req_post(req, ev);
263 } else {
264 tevent_req_nterror(req,
265 NT_STATUS_OBJECT_PATH_INVALID);
266 return tevent_req_post(req, ev);
267 }
268 } else {
269 /*
270 * Original code - this is an open file.
271 */
272
273 if (SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) != 0) {
274 DEBUG(3,("smbd_smb2_setinfo_send: fstat "
275 "of fnum %d failed (%s)\n", fsp->fnum,
276 strerror(errno)));
277 status = map_nt_error_from_unix(errno);
278 tevent_req_nterror(req, status);
279 return tevent_req_post(req, ev);
280 }
281 }
282
283 data = NULL;
284 data_size = in_input_buffer.length;
285 if (data_size > 0) {
286 data = (char *)SMB_MALLOC_ARRAY(char, data_size);
287 if (tevent_req_nomem(data, req)) {
288 return tevent_req_post(req, ev);
289 }
290 memcpy(data, in_input_buffer.data, data_size);
291 }
292
293 status = smbd_do_setfilepathinfo(conn, smbreq, state,
294 file_info_level,
295 fsp,
296 fsp->fsp_name,
297 &data,
298 data_size,
299 &ret_size);
300 SAFE_FREE(data);
301 if (!NT_STATUS_IS_OK(status)) {
302 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL)) {
303 status = NT_STATUS_INVALID_INFO_CLASS;
304 }
305 tevent_req_nterror(req, status);
306 return tevent_req_post(req, ev);
307 }
308 break;
309 }
310
311 case 0x03:/* SMB2_SETINFO_SECURITY */
312 {
313 if (!CAN_WRITE(conn)) {
314 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
315 return tevent_req_post(req, ev);
316 }
317
318 status = set_sd(fsp,
319 in_input_buffer.data,
320 in_input_buffer.length,
321 in_additional_information);
322 if (!NT_STATUS_IS_OK(status)) {
323 tevent_req_nterror(req, status);
324 return tevent_req_post(req, ev);
325 }
326 break;
327 }
328
329 default:
330 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
331 return tevent_req_post(req, ev);
332 }
333
334 tevent_req_done(req);
335 return tevent_req_post(req, ev);
336 }
337
338 static NTSTATUS smbd_smb2_setinfo_recv(struct tevent_req *req)
339 {
340 NTSTATUS status;
341
342 if (tevent_req_is_nterror(req, &status)) {
343 tevent_req_received(req);
344 return status;
345 }
346
347 tevent_req_received(req);
348 return NT_STATUS_OK;
349 }
Samba GIT mirror