search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dosmode: Change message of result to informational
[Samba.git] / libcli / smb / smb2cli_ioctl.c
blob42a424e6b9faaad86e4acff12ed3716076a701dc
1 /*
2 Unix SMB/CIFS implementation.
3 smb2 lib
4 Copyright (C) Stefan Metzmacher 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/network.h"
22 #include "lib/util/tevent_ntstatus.h"
23 #include "smb_common.h"
24 #include "smbXcli_base.h"
25 #include "librpc/ndr/libndr.h"
26 #include "librpc/gen_ndr/ioctl.h"
27
28 struct smb2cli_ioctl_state {
29 uint8_t fixed[0x38];
30 uint8_t dyn_pad[1];
31 uint32_t max_input_length;
32 uint32_t max_output_length;
33 struct iovec *recv_iov;
34 DATA_BLOB out_input_buffer;
35 DATA_BLOB out_output_buffer;
36 uint32_t ctl_code;
37 };
38
39 static void smb2cli_ioctl_done(struct tevent_req *subreq);
40
41 struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
42 struct tevent_context *ev,
43 struct smbXcli_conn *conn,
44 uint32_t timeout_msec,
45 struct smbXcli_session *session,
46 struct smbXcli_tcon *tcon,
47 uint64_t in_fid_persistent,
48 uint64_t in_fid_volatile,
49 uint32_t in_ctl_code,
50 uint32_t in_max_input_length,
51 const DATA_BLOB *in_input_buffer,
52 uint32_t in_max_output_length,
53 const DATA_BLOB *in_output_buffer,
54 uint32_t in_flags)
55 {
56 struct tevent_req *req, *subreq;
57 struct smb2cli_ioctl_state *state;
58 uint8_t *fixed;
59 uint8_t *dyn;
60 size_t dyn_len;
61 uint32_t input_buffer_offset = 0;
62 uint32_t input_buffer_length = 0;
63 uint32_t output_buffer_offset = 0;
64 uint32_t output_buffer_length = 0;
65 uint32_t pad_length = 0;
66 uint64_t tmp64;
67 uint32_t max_dyn_len = 0;
68
69 req = tevent_req_create(mem_ctx, &state,
70 struct smb2cli_ioctl_state);
71 if (req == NULL) {
72 return NULL;
73 }
74 state->ctl_code = in_ctl_code;
75 state->max_input_length = in_max_input_length;
76 state->max_output_length = in_max_output_length;
77
78 tmp64 = in_max_input_length;
79 tmp64 += in_max_output_length;
80 if (tmp64 > UINT32_MAX) {
81 max_dyn_len = UINT32_MAX;
82 } else {
83 max_dyn_len = tmp64;
84 }
85
86 if (in_input_buffer) {
87 input_buffer_offset = SMB2_HDR_BODY+0x38;
88 input_buffer_length = in_input_buffer->length;
89 }
90
91 if (in_output_buffer) {
92 output_buffer_offset = SMB2_HDR_BODY+0x38;
93 output_buffer_length = in_output_buffer->length;
94 if (input_buffer_length > 0 && output_buffer_length > 0) {
95 uint32_t tmp;
96 output_buffer_offset += input_buffer_length;
97 tmp = output_buffer_offset;
98 output_buffer_offset = NDR_ROUND(output_buffer_offset, 8);
99 pad_length = output_buffer_offset - tmp;
100 }
101 }
102
103 fixed = state->fixed;
104
105 SSVAL(fixed, 0x00, 0x39);
106 SSVAL(fixed, 0x02, 0); /* reserved */
107 SIVAL(fixed, 0x04, in_ctl_code);
108 SBVAL(fixed, 0x08, in_fid_persistent);
109 SBVAL(fixed, 0x10, in_fid_volatile);
110 SIVAL(fixed, 0x18, input_buffer_offset);
111 SIVAL(fixed, 0x1C, input_buffer_length);
112 SIVAL(fixed, 0x20, in_max_input_length);
113 SIVAL(fixed, 0x24, output_buffer_offset);
114 SIVAL(fixed, 0x28, output_buffer_length);
115 SIVAL(fixed, 0x2C, in_max_output_length);
116 SIVAL(fixed, 0x30, in_flags);
117 SIVAL(fixed, 0x34, 0); /* reserved */
118
119 if (input_buffer_length > 0 && output_buffer_length > 0) {
120 size_t avail = UINT32_MAX - (input_buffer_length + pad_length);
121 size_t ofs = output_buffer_offset - input_buffer_offset;
122
123 if (avail < output_buffer_length) {
124 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
125 return tevent_req_post(req, ev);
126 }
127
128 dyn_len = input_buffer_length + output_buffer_length + pad_length;
129
130 dyn = talloc_zero_array(state, uint8_t, dyn_len);
131 if (tevent_req_nomem(dyn, req)) {
132 return tevent_req_post(req, ev);
133 }
134 memcpy(dyn, in_input_buffer->data,
135 in_input_buffer->length);
136 memcpy(dyn + ofs, in_output_buffer->data,
137 in_output_buffer->length);
138 } else if (input_buffer_length > 0) {
139 dyn = in_input_buffer->data;
140 dyn_len = in_input_buffer->length;
141 } else if (output_buffer_length > 0) {
142 dyn = in_output_buffer->data;
143 dyn_len = in_output_buffer->length;
144 } else {
145 dyn = state->dyn_pad;
146 dyn_len = sizeof(state->dyn_pad);
147 }
148
149 subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_IOCTL,
150 0, 0, /* flags */
151 timeout_msec,
152 tcon,
153 session,
154 state->fixed, sizeof(state->fixed),
155 dyn, dyn_len,
156 max_dyn_len);
157 if (tevent_req_nomem(subreq, req)) {
158 return tevent_req_post(req, ev);
159 }
160 tevent_req_set_callback(subreq, smb2cli_ioctl_done, req);
161 return req;
162 }
163
164 /*
165 * 3.3.4.4 Sending an Error Response
166 * An error code other than one of the following indicates a failure:
167 */
168 static bool smb2cli_ioctl_is_failure(uint32_t ctl_code, NTSTATUS status,
169 size_t data_size)
170 {
171 if (NT_STATUS_IS_OK(status)) {
172 return false;
173 }
174
175 /*
176 * STATUS_INVALID_PARAMETER in a FSCTL_SRV_COPYCHUNK or
177 * FSCTL_SRV_COPYCHUNK_WRITE Response, when returning an
178 * SRV_COPYCHUNK_RESPONSE as described in section 2.2.32.1.
179 */
180 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER) &&
181 (ctl_code == FSCTL_SRV_COPYCHUNK ||
182 ctl_code == FSCTL_SRV_COPYCHUNK_WRITE) &&
183 data_size == sizeof(struct srv_copychunk_rsp)) {
184 return false;
185 }
186
187 return true;
188 }
189
190 static void smb2cli_ioctl_done(struct tevent_req *subreq)
191 {
192 struct tevent_req *req =
193 tevent_req_callback_data(subreq,
194 struct tevent_req);
195 struct smb2cli_ioctl_state *state =
196 tevent_req_data(req,
197 struct smb2cli_ioctl_state);
198 NTSTATUS status;
199 struct iovec *iov;
200 uint8_t *fixed;
201 uint8_t *dyn;
202 size_t dyn_len;
203 uint32_t dyn_ofs = SMB2_HDR_BODY + 0x30;
204 uint32_t input_buffer_offset;
205 uint32_t input_buffer_length;
206 uint32_t output_buffer_offset;
207 uint32_t output_buffer_length;
208 static const struct smb2cli_req_expected_response expected[] = {
209 {
210 .status = NT_STATUS_OK,
211 .body_size = 0x31
212 },
213 {
214 .status = STATUS_BUFFER_OVERFLOW,
215 .body_size = 0x31
216 },
217 {
218 /*
219 * We need to make sure that
220 * a response with NT_STATUS_FILE_CLOSED
221 * without signing generates NT_STATUS_ACCESS_DENIED
222 * if the request was signed.
223 */
224 .status = NT_STATUS_FILE_CLOSED,
225 .body_size = 0x09,
226 },
227 {
228 .status = NT_STATUS_INVALID_PARAMETER,
229 .body_size = 0x31
230 },
231 };
232
233 status = smb2cli_req_recv(subreq, state, &iov,
234 expected, ARRAY_SIZE(expected));
235 TALLOC_FREE(subreq);
236 if (iov == NULL && tevent_req_nterror(req, status)) {
237 return;
238 }
239
240 state->recv_iov = iov;
241 fixed = (uint8_t *)iov[1].iov_base;
242 dyn = (uint8_t *)iov[2].iov_base;
243 dyn_len = iov[2].iov_len;
244
245 input_buffer_offset = IVAL(fixed, 0x18);
246 input_buffer_length = IVAL(fixed, 0x1C);
247 output_buffer_offset = IVAL(fixed, 0x20);
248 output_buffer_length = IVAL(fixed, 0x24);
249
250 if (smb2cli_ioctl_is_failure(state->ctl_code, status, output_buffer_length) &&
251 tevent_req_nterror(req, status)) {
252 return;
253 }
254
255 if ((input_buffer_offset > 0) && (input_buffer_length > 0)) {
256 uint32_t ofs;
257
258 if (input_buffer_offset != dyn_ofs) {
259 tevent_req_nterror(
260 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
261 return;
262 }
263
264 ofs = input_buffer_length;
265 ofs = NDR_ROUND(ofs, 8);
266
267 if (state->max_input_length == 0) {
268 /*
269 * If max_input_length is 0 we ignore
270 * the input_buffer_length, because
271 * Windows 2008 echos the DCERPC request
272 * from the requested input_buffer
273 * to the response input_buffer.
274 */
275 input_buffer_length = 0;
276 }
277
278 if (input_buffer_length > dyn_len) {
279 tevent_req_nterror(
280 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
281 return;
282 }
283
284 if (input_buffer_length > state->max_input_length) {
285 tevent_req_nterror(
286 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
287 return;
288 }
289
290 state->out_input_buffer.data = dyn;
291 state->out_input_buffer.length = input_buffer_length;
292
293 if (ofs > dyn_len) {
294 tevent_req_nterror(
295 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
296 return;
297 }
298
299 dyn_ofs += ofs;
300 dyn += ofs;
301 dyn_len -= ofs;
302 }
303
304 if ((output_buffer_offset > 0) && (output_buffer_length > 0)) {
305 if (output_buffer_offset != dyn_ofs) {
306 tevent_req_nterror(
307 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
308 return;
309 }
310
311 if (state->max_output_length == 0) {
312 /*
313 * We do the same logic as for
314 * max_input_length.
315 */
316 output_buffer_length = 0;
317 }
318
319 if (output_buffer_length > dyn_len) {
320 tevent_req_nterror(
321 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
322 return;
323 }
324
325 if (output_buffer_length > state->max_output_length) {
326 tevent_req_nterror(
327 req, NT_STATUS_INVALID_NETWORK_RESPONSE);
328 return;
329 }
330
331 state->out_output_buffer.data = dyn;
332 state->out_output_buffer.length = output_buffer_length;
333 }
334
335 if (tevent_req_nterror(req, status)) {
336 return;
337 }
338
339 tevent_req_done(req);
340 }
341
342 NTSTATUS smb2cli_ioctl_recv(struct tevent_req *req,
343 TALLOC_CTX *mem_ctx,
344 DATA_BLOB *out_input_buffer,
345 DATA_BLOB *out_output_buffer)
346 {
347 struct smb2cli_ioctl_state *state =
348 tevent_req_data(req,
349 struct smb2cli_ioctl_state);
350 NTSTATUS status = NT_STATUS_OK;
351
352 if (tevent_req_is_nterror(req, &status) &&
353 smb2cli_ioctl_is_failure(state->ctl_code, status, state->out_output_buffer.length)) {
354 tevent_req_received(req);
355 return status;
356 }
357
358 talloc_steal(mem_ctx, state->recv_iov);
359 if (out_input_buffer) {
360 *out_input_buffer = state->out_input_buffer;
361 }
362 if (out_output_buffer) {
363 *out_output_buffer = state->out_output_buffer;
364 }
365
366 tevent_req_received(req);
367 return status;
368 }
369
370 NTSTATUS smb2cli_ioctl(struct smbXcli_conn *conn,
371 uint32_t timeout_msec,
372 struct smbXcli_session *session,
373 struct smbXcli_tcon *tcon,
374 uint64_t in_fid_persistent,
375 uint64_t in_fid_volatile,
376 uint32_t in_ctl_code,
377 uint32_t in_max_input_length,
378 const DATA_BLOB *in_input_buffer,
379 uint32_t in_max_output_length,
380 const DATA_BLOB *in_output_buffer,
381 uint32_t in_flags,
382 TALLOC_CTX *mem_ctx,
383 DATA_BLOB *out_input_buffer,
384 DATA_BLOB *out_output_buffer)
385 {
386 TALLOC_CTX *frame = talloc_stackframe();
387 struct tevent_context *ev;
388 struct tevent_req *req;
389 NTSTATUS status = NT_STATUS_NO_MEMORY;
390
391 if (smbXcli_conn_has_async_calls(conn)) {
392 /*
393 * Can't use sync call while an async call is in flight
394 */
395 status = NT_STATUS_INVALID_PARAMETER_MIX;
396 goto fail;
397 }
398 ev = samba_tevent_context_init(frame);
399 if (ev == NULL) {
400 goto fail;
401 }
402 req = smb2cli_ioctl_send(frame, ev, conn, timeout_msec,
403 session, tcon,
404 in_fid_persistent,
405 in_fid_volatile,
406 in_ctl_code,
407 in_max_input_length,
408 in_input_buffer,
409 in_max_output_length,
410 in_output_buffer,
411 in_flags);
412 if (req == NULL) {
413 goto fail;
414 }
415 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
416 goto fail;
417 }
418 status = smb2cli_ioctl_recv(req, mem_ctx,
419 out_input_buffer,
420 out_output_buffer);
421 fail:
422 TALLOC_FREE(frame);
423 return status;
424 }
Samba GIT mirror