search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper
[Samba.git] / libcli / smb / smb2cli_ioctl.c
blob687c9d5110b867bdb6a51e287d28445ed1264253
1 /*
2 Unix SMB/CIFS implementation.
3 smb2 lib
4 Copyright (C) Stefan Metzmacher 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/network.h"
22 #include "lib/util/tevent_ntstatus.h"
23 #include "smb_common.h"
24 #include "smbXcli_base.h"
25 #include "librpc/ndr/libndr.h"
26
27 struct smb2cli_ioctl_state {
28 uint8_t fixed[0x38];
29 uint8_t dyn_pad[1];
30 uint32_t max_input_length;
31 uint32_t max_output_length;
32 struct iovec *recv_iov;
33 DATA_BLOB out_input_buffer;
34 DATA_BLOB out_output_buffer;
35 };
36
37 static void smb2cli_ioctl_done(struct tevent_req *subreq);
38
39 struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
40 struct tevent_context *ev,
41 struct smbXcli_conn *conn,
42 uint32_t timeout_msec,
43 struct smbXcli_session *session,
44 struct smbXcli_tcon *tcon,
45 uint64_t in_fid_persistent,
46 uint64_t in_fid_volatile,
47 uint32_t in_ctl_code,
48 uint32_t in_max_input_length,
49 const DATA_BLOB *in_input_buffer,
50 uint32_t in_max_output_length,
51 const DATA_BLOB *in_output_buffer,
52 uint32_t in_flags)
53 {
54 struct tevent_req *req, *subreq;
55 struct smb2cli_ioctl_state *state;
56 uint8_t *fixed;
57 uint8_t *dyn;
58 size_t dyn_len;
59 uint32_t input_buffer_offset = 0;
60 uint32_t input_buffer_length = 0;
61 uint32_t output_buffer_offset = 0;
62 uint32_t output_buffer_length = 0;
63 uint32_t pad_length = 0;
64
65 req = tevent_req_create(mem_ctx, &state,
66 struct smb2cli_ioctl_state);
67 if (req == NULL) {
68 return NULL;
69 }
70 state->max_input_length = in_max_input_length;
71 state->max_output_length = in_max_output_length;
72
73 if (in_input_buffer) {
74 input_buffer_offset = SMB2_HDR_BODY+0x38;
75 input_buffer_length = in_input_buffer->length;
76 }
77
78 if (in_output_buffer) {
79 output_buffer_offset = SMB2_HDR_BODY+0x38;
80 if (input_buffer_length > 0 && output_buffer_length > 0) {
81 uint32_t tmp;
82 output_buffer_offset += input_buffer_length;
83 tmp = output_buffer_offset;
84 output_buffer_offset = NDR_ROUND(output_buffer_offset, 8);
85 pad_length = output_buffer_offset - tmp;
86 }
87 output_buffer_length = in_output_buffer->length;
88 }
89
90 fixed = state->fixed;
91
92 SSVAL(fixed, 0x00, 0x39);
93 SSVAL(fixed, 0x02, 0); /* reserved */
94 SIVAL(fixed, 0x04, in_ctl_code);
95 SBVAL(fixed, 0x08, in_fid_persistent);
96 SBVAL(fixed, 0x10, in_fid_volatile);
97 SIVAL(fixed, 0x18, input_buffer_offset);
98 SIVAL(fixed, 0x1C, input_buffer_length);
99 SIVAL(fixed, 0x20, in_max_input_length);
100 SIVAL(fixed, 0x24, output_buffer_offset);
101 SIVAL(fixed, 0x28, output_buffer_length);
102 SIVAL(fixed, 0x2C, in_max_output_length);
103 SIVAL(fixed, 0x30, in_flags);
104 SIVAL(fixed, 0x34, 0); /* reserved */
105
106 if (input_buffer_length > 0 && output_buffer_length > 0) {
107 size_t avail = UINT32_MAX - (input_buffer_length + pad_length);
108 size_t ofs = output_buffer_offset - input_buffer_offset;
109
110 if (avail < output_buffer_length) {
111 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
112 return tevent_req_post(req, ev);
113 }
114
115 dyn_len = input_buffer_length + output_buffer_length + pad_length;
116
117 dyn = talloc_zero_array(state, uint8_t, dyn_len);
118 if (tevent_req_nomem(dyn, req)) {
119 return tevent_req_post(req, ev);
120 }
121 memcpy(dyn, in_input_buffer->data,
122 in_input_buffer->length);
123 memcpy(dyn + ofs, in_output_buffer->data,
124 in_output_buffer->length);
125 } else if (input_buffer_length > 0) {
126 dyn = in_input_buffer->data;
127 dyn_len = in_input_buffer->length;
128 } else if (output_buffer_length > 0) {
129 dyn = in_output_buffer->data;
130 dyn_len = in_output_buffer->length;
131 } else {
132 dyn = state->dyn_pad;
133 dyn_len = sizeof(state->dyn_pad);
134 }
135
136 subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_IOCTL,
137 0, 0, /* flags */
138 timeout_msec,
139 tcon,
140 session,
141 state->fixed, sizeof(state->fixed),
142 dyn, dyn_len);
143 if (tevent_req_nomem(subreq, req)) {
144 return tevent_req_post(req, ev);
145 }
146 tevent_req_set_callback(subreq, smb2cli_ioctl_done, req);
147 return req;
148 }
149
150 static void smb2cli_ioctl_done(struct tevent_req *subreq)
151 {
152 struct tevent_req *req =
153 tevent_req_callback_data(subreq,
154 struct tevent_req);
155 struct smb2cli_ioctl_state *state =
156 tevent_req_data(req,
157 struct smb2cli_ioctl_state);
158 NTSTATUS status;
159 struct iovec *iov;
160 uint8_t *fixed;
161 uint8_t *dyn;
162 size_t dyn_len;
163 uint32_t dyn_ofs = SMB2_HDR_BODY + 0x30;
164 uint32_t input_buffer_offset;
165 uint32_t input_buffer_length;
166 uint32_t output_buffer_offset;
167 uint32_t output_buffer_length;
168 static const struct smb2cli_req_expected_response expected[] = {
169 {
170 .status = NT_STATUS_OK,
171 .body_size = 0x31
172 },
173 {
174 .status = STATUS_BUFFER_OVERFLOW,
175 .body_size = 0x31
176 }
177 };
178
179 status = smb2cli_req_recv(subreq, state, &iov,
180 expected, ARRAY_SIZE(expected));
181 if (tevent_req_nterror(req, status)) {
182 return;
183 }
184
185 state->recv_iov = iov;
186 fixed = (uint8_t *)iov[1].iov_base;
187 dyn = (uint8_t *)iov[2].iov_base;
188 dyn_len = iov[2].iov_len;
189
190 input_buffer_offset = IVAL(fixed, 0x18);
191 input_buffer_length = IVAL(fixed, 0x1C);
192 output_buffer_offset = IVAL(fixed, 0x20);
193 output_buffer_length = IVAL(fixed, 0x24);
194
195 if ((input_buffer_offset > 0) && (input_buffer_length > 0)) {
196 uint32_t ofs;
197
198 if (input_buffer_offset != dyn_ofs) {
199 tevent_req_nterror(
200 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
201 return;
202 }
203
204 if (input_buffer_length < dyn_len) {
205 tevent_req_nterror(
206 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
207 return;
208 }
209
210 if (input_buffer_length > state->max_input_length) {
211 tevent_req_nterror(
212 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
213 return;
214 }
215
216 state->out_input_buffer.data = dyn;
217 state->out_input_buffer.length = input_buffer_length;
218
219 ofs = input_buffer_length;
220 ofs = NDR_ROUND(ofs, 8);
221
222 dyn_ofs += ofs;
223 dyn += ofs;
224 dyn_len -= ofs;
225 }
226
227 if ((output_buffer_offset > 0) && (output_buffer_length > 0)) {
228 if (output_buffer_offset != dyn_ofs) {
229 tevent_req_nterror(
230 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
231 return;
232 }
233
234 if (output_buffer_length < dyn_len) {
235 tevent_req_nterror(
236 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
237 return;
238 }
239
240 if (output_buffer_length > state->max_output_length) {
241 tevent_req_nterror(
242 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
243 return;
244 }
245
246 state->out_output_buffer.data = dyn;
247 state->out_output_buffer.length = output_buffer_length;
248 }
249
250 tevent_req_done(req);
251 }
252
253 NTSTATUS smb2cli_ioctl_recv(struct tevent_req *req,
254 TALLOC_CTX *mem_ctx,
255 DATA_BLOB *out_input_buffer,
256 DATA_BLOB *out_output_buffer)
257 {
258 struct smb2cli_ioctl_state *state =
259 tevent_req_data(req,
260 struct smb2cli_ioctl_state);
261 NTSTATUS status;
262
263 if (tevent_req_is_nterror(req, &status)) {
264 tevent_req_received(req);
265 return status;
266 }
267
268 talloc_steal(mem_ctx, state->recv_iov);
269 if (out_input_buffer) {
270 *out_input_buffer = state->out_input_buffer;
271 }
272 if (out_output_buffer) {
273 *out_output_buffer = state->out_output_buffer;
274 }
275
276 tevent_req_received(req);
277 return NT_STATUS_OK;
278 }
279
280 NTSTATUS smb2cli_ioctl(struct smbXcli_conn *conn,
281 uint32_t timeout_msec,
282 struct smbXcli_session *session,
283 struct smbXcli_tcon *tcon,
284 uint64_t in_fid_persistent,
285 uint64_t in_fid_volatile,
286 uint32_t in_ctl_code,
287 uint32_t in_max_input_length,
288 const DATA_BLOB *in_input_buffer,
289 uint32_t in_max_output_length,
290 const DATA_BLOB *in_output_buffer,
291 uint32_t in_flags,
292 TALLOC_CTX *mem_ctx,
293 DATA_BLOB *out_input_buffer,
294 DATA_BLOB *out_output_buffer)
295 {
296 TALLOC_CTX *frame = talloc_stackframe();
297 struct tevent_context *ev;
298 struct tevent_req *req;
299 NTSTATUS status = NT_STATUS_NO_MEMORY;
300
301 if (smbXcli_conn_has_async_calls(conn)) {
302 /*
303 * Can't use sync call while an async call is in flight
304 */
305 status = NT_STATUS_INVALID_PARAMETER_MIX;
306 goto fail;
307 }
308 ev = tevent_context_init(frame);
309 if (ev == NULL) {
310 goto fail;
311 }
312 req = smb2cli_ioctl_send(frame, ev, conn, timeout_msec,
313 session, tcon,
314 in_fid_persistent,
315 in_fid_volatile,
316 in_ctl_code,
317 in_max_input_length,
318 in_input_buffer,
319 in_max_output_length,
320 in_output_buffer,
321 in_flags);
322 if (req == NULL) {
323 goto fail;
324 }
325 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
326 goto fail;
327 }
328 status = smb2cli_ioctl_recv(req, mem_ctx,
329 out_input_buffer,
330 out_output_buffer);
331 fail:
332 TALLOC_FREE(frame);
333 return status;
334 }
Samba GIT mirror