search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
selftest/knownfail: move some parts to expectedfail.d/ntlm-auth
[Samba.git] / source3 / smbd / smb2_nttrans.c
blobbf5170f07d417bb59f490d82e283d389399655b2
1 /*
2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-2007
5 Copyright (C) Stefan (metze) Metzmacher 2003
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "system/filesys.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "fake_file.h"
26 #include "../libcli/security/security.h"
27 #include "../librpc/gen_ndr/ndr_security.h"
28 #include "passdb/lookup_sid.h"
29 #include "auth.h"
30 #include "smbprofile.h"
31 #include "libsmb/libsmb.h"
32 #include "lib/util_ea.h"
33 #include "librpc/gen_ndr/ndr_quota.h"
34 #include "librpc/gen_ndr/ndr_security.h"
35
36 extern const struct generic_mapping file_generic_mapping;
37
38 /*********************************************************************
39 Windows seems to do canonicalization of inheritance bits. Do the
40 same.
41 *********************************************************************/
42
43 static void canonicalize_inheritance_bits(struct files_struct *fsp,
44 struct security_descriptor *psd)
45 {
46 bool set_auto_inherited = false;
47
48 /*
49 * We need to filter out the
50 * SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
51 * bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
52 * as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
53 * when an ACE is inherited. Otherwise we zero these bits out.
54 * See:
55 *
56 * http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
57 *
58 * for details.
59 */
60
61 if (!lp_acl_flag_inherited_canonicalization(SNUM(fsp->conn))) {
62 psd->type &= ~SEC_DESC_DACL_AUTO_INHERIT_REQ;
63 return;
64 }
65
66 if ((psd->type & (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ))
67 == (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
68 set_auto_inherited = true;
69 }
70
71 psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ);
72 if (set_auto_inherited) {
73 psd->type |= SEC_DESC_DACL_AUTO_INHERITED;
74 }
75 }
76
77 /****************************************************************************
78 Internal fn to set security descriptors.
79 ****************************************************************************/
80
81 NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
82 uint32_t security_info_sent)
83 {
84 files_struct *sd_fsp = NULL;
85 NTSTATUS status;
86
87 if (!CAN_WRITE(fsp->conn)) {
88 return NT_STATUS_ACCESS_DENIED;
89 }
90
91 if (!lp_nt_acl_support(SNUM(fsp->conn))) {
92 return NT_STATUS_OK;
93 }
94
95 status = refuse_symlink_fsp(fsp);
96 if (!NT_STATUS_IS_OK(status)) {
97 DBG_DEBUG("ACL set on symlink %s denied.\n",
98 fsp_str_dbg(fsp));
99 return status;
100 }
101
102 if (psd->owner_sid == NULL) {
103 security_info_sent &= ~SECINFO_OWNER;
104 }
105 if (psd->group_sid == NULL) {
106 security_info_sent &= ~SECINFO_GROUP;
107 }
108
109 /* Ensure we have at least one thing set. */
110 if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
111 /* Just like W2K3 */
112 return NT_STATUS_OK;
113 }
114
115 /* Ensure we have the rights to do this. */
116 if (security_info_sent & SECINFO_OWNER) {
117 if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
118 return NT_STATUS_ACCESS_DENIED;
119 }
120 }
121
122 if (security_info_sent & SECINFO_GROUP) {
123 if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
124 return NT_STATUS_ACCESS_DENIED;
125 }
126 }
127
128 if (security_info_sent & SECINFO_DACL) {
129 if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
130 return NT_STATUS_ACCESS_DENIED;
131 }
132 /* Convert all the generic bits. */
133 if (psd->dacl) {
134 security_acl_map_generic(psd->dacl, &file_generic_mapping);
135 }
136 }
137
138 if (security_info_sent & SECINFO_SACL) {
139 if (!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
140 return NT_STATUS_ACCESS_DENIED;
141 }
142 /*
143 * Setting a SACL also requires WRITE_DAC.
144 * See the smbtorture3 SMB2-SACL test.
145 */
146 if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
147 return NT_STATUS_ACCESS_DENIED;
148 }
149 /* Convert all the generic bits. */
150 if (psd->sacl) {
151 security_acl_map_generic(psd->sacl, &file_generic_mapping);
152 }
153 }
154
155 canonicalize_inheritance_bits(fsp, psd);
156
157 if (DEBUGLEVEL >= 10) {
158 DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
159 NDR_PRINT_DEBUG(security_descriptor, psd);
160 }
161
162 sd_fsp = metadata_fsp(fsp);
163 status = SMB_VFS_FSET_NT_ACL(sd_fsp, security_info_sent, psd);
164
165 TALLOC_FREE(psd);
166
167 return status;
168 }
169
170 static bool check_smb2_posix_chmod_ace(const struct files_struct *fsp,
171 uint32_t security_info_sent,
172 struct security_descriptor *psd,
173 mode_t *pmode)
174 {
175 int cmp;
176
177 /*
178 * This must be an ACL with one ACE containing an
179 * MS NFS style mode entry coming in on a POSIX
180 * handle over SMB2+.
181 */
182 if (!fsp->conn->sconn->using_smb2) {
183 return false;
184 }
185
186 if (!(fsp->posix_flags & FSP_POSIX_FLAGS_OPEN)) {
187 return false;
188 }
189
190 if (!(security_info_sent & SECINFO_DACL)) {
191 return false;
192 }
193
194 if (psd->dacl == NULL) {
195 return false;
196 }
197
198 if (psd->dacl->num_aces != 1) {
199 return false;
200 }
201
202 cmp = dom_sid_compare_domain(&global_sid_Unix_NFS_Mode,
203 &psd->dacl->aces[0].trustee);
204 if (cmp != 0) {
205 return false;
206 }
207
208 *pmode = (mode_t)psd->dacl->aces[0].trustee.sub_auths[2];
209 *pmode &= (S_IRWXU | S_IRWXG | S_IRWXO);
210
211 return true;
212 }
213
214 /****************************************************************************
215 Internal fn to set security descriptors from a data blob.
216 ****************************************************************************/
217
218 NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
219 uint32_t security_info_sent)
220 {
221 struct security_descriptor *psd = NULL;
222 NTSTATUS status;
223 bool do_chmod = false;
224 mode_t smb2_posix_mode = 0;
225 int ret;
226
227 if (sd_len == 0) {
228 return NT_STATUS_INVALID_PARAMETER;
229 }
230
231 status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
232
233 if (!NT_STATUS_IS_OK(status)) {
234 return status;
235 }
236
237 do_chmod = check_smb2_posix_chmod_ace(fsp,
238 security_info_sent,
239 psd,
240 &smb2_posix_mode);
241 if (!do_chmod) {
242 return set_sd(fsp, psd, security_info_sent);
243 }
244
245 TALLOC_FREE(psd);
246
247 ret = SMB_VFS_FCHMOD(fsp, smb2_posix_mode);
248 if (ret != 0) {
249 status = map_nt_error_from_unix(errno);
250 DBG_ERR("smb2_posix_chmod [%s] [%04o] failed: %s\n",
251 fsp_str_dbg(fsp),
252 (unsigned)smb2_posix_mode,
253 nt_errstr(status));
254 return status;
255 }
256
257 return NT_STATUS_OK;
258 }
259
260 /****************************************************************************
261 Copy a file.
262 ****************************************************************************/
263
264 NTSTATUS copy_internals(TALLOC_CTX *ctx,
265 connection_struct *conn,
266 struct smb_request *req,
267 struct files_struct *src_dirfsp,
268 struct smb_filename *smb_fname_src,
269 struct files_struct *dst_dirfsp,
270 struct smb_filename *smb_fname_dst,
271 uint32_t attrs)
272 {
273 files_struct *fsp1,*fsp2;
274 uint32_t fattr;
275 int info;
276 off_t ret=-1;
277 NTSTATUS status = NT_STATUS_OK;
278 struct smb_filename *parent = NULL;
279 struct smb_filename *pathref = NULL;
280
281 if (!CAN_WRITE(conn)) {
282 status = NT_STATUS_MEDIA_WRITE_PROTECTED;
283 goto out;
284 }
285
286 /* Source must already exist. */
287 if (!VALID_STAT(smb_fname_src->st)) {
288 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
289 goto out;
290 }
291
292 /* Ensure attributes match. */
293 fattr = fdos_mode(smb_fname_src->fsp);
294 if ((fattr & ~attrs) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
295 status = NT_STATUS_NO_SUCH_FILE;
296 goto out;
297 }
298
299 /* Disallow if dst file already exists. */
300 if (VALID_STAT(smb_fname_dst->st)) {
301 status = NT_STATUS_OBJECT_NAME_COLLISION;
302 goto out;
303 }
304
305 /* No links from a directory. */
306 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
307 status = NT_STATUS_FILE_IS_A_DIRECTORY;
308 goto out;
309 }
310
311 DEBUG(10,("copy_internals: doing file copy %s to %s\n",
312 smb_fname_str_dbg(smb_fname_src),
313 smb_fname_str_dbg(smb_fname_dst)));
314
315 status = SMB_VFS_CREATE_FILE(
316 conn, /* conn */
317 req, /* req */
318 src_dirfsp, /* dirfsp */
319 smb_fname_src, /* fname */
320 FILE_READ_DATA|FILE_READ_ATTRIBUTES|
321 FILE_READ_EA, /* access_mask */
322 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
323 FILE_SHARE_DELETE),
324 FILE_OPEN, /* create_disposition*/
325 0, /* create_options */
326 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
327 NO_OPLOCK, /* oplock_request */
328 NULL, /* lease */
329 0, /* allocation_size */
330 0, /* private_flags */
331 NULL, /* sd */
332 NULL, /* ea_list */
333 &fsp1, /* result */
334 &info, /* pinfo */
335 NULL, NULL); /* create context */
336
337 if (!NT_STATUS_IS_OK(status)) {
338 goto out;
339 }
340
341 status = SMB_VFS_CREATE_FILE(
342 conn, /* conn */
343 req, /* req */
344 dst_dirfsp, /* dirfsp */
345 smb_fname_dst, /* fname */
346 FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|
347 FILE_WRITE_EA, /* access_mask */
348 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
349 FILE_SHARE_DELETE),
350 FILE_CREATE, /* create_disposition*/
351 0, /* create_options */
352 fattr, /* file_attributes */
353 NO_OPLOCK, /* oplock_request */
354 NULL, /* lease */
355 0, /* allocation_size */
356 0, /* private_flags */
357 NULL, /* sd */
358 NULL, /* ea_list */
359 &fsp2, /* result */
360 &info, /* pinfo */
361 NULL, NULL); /* create context */
362
363 if (!NT_STATUS_IS_OK(status)) {
364 close_file_free(NULL, &fsp1, ERROR_CLOSE);
365 goto out;
366 }
367
368 if (smb_fname_src->st.st_ex_size) {
369 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
370 }
371
372 /*
373 * As we are opening fsp1 read-only we only expect
374 * an error on close on fsp2 if we are out of space.
375 * Thus we don't look at the error return from the
376 * close of fsp1.
377 */
378 close_file_free(NULL, &fsp1, NORMAL_CLOSE);
379
380 /* Ensure the modtime is set correctly on the destination file. */
381 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
382
383 status = close_file_free(NULL, &fsp2, NORMAL_CLOSE);
384 if (!NT_STATUS_IS_OK(status)) {
385 DBG_WARNING("close_file_free() failed: %s\n",
386 nt_errstr(status));
387 /*
388 * We can't do much but leak the fsp
389 */
390 goto out;
391 }
392
393 /* Grrr. We have to do this as open_file_ntcreate adds FILE_ATTRIBUTE_ARCHIVE when it
394 creates the file. This isn't the correct thing to do in the copy
395 case. JRA */
396
397 status = SMB_VFS_PARENT_PATHNAME(conn,
398 talloc_tos(),
399 smb_fname_dst,
400 &parent,
401 NULL);
402 if (!NT_STATUS_IS_OK(status)) {
403 goto out;
404 }
405 if (smb_fname_dst->fsp == NULL) {
406 status = synthetic_pathref(parent,
407 conn->cwd_fsp,
408 smb_fname_dst->base_name,
409 smb_fname_dst->stream_name,
410 NULL,
411 smb_fname_dst->twrp,
412 smb_fname_dst->flags,
413 &pathref);
414
415 /* should we handle NT_STATUS_OBJECT_NAME_NOT_FOUND specially here ???? */
416 if (!NT_STATUS_IS_OK(status)) {
417 TALLOC_FREE(parent);
418 goto out;
419 }
420 file_set_dosmode(conn, pathref, fattr, parent, false);
421 smb_fname_dst->st.st_ex_mode = pathref->st.st_ex_mode;
422 } else {
423 file_set_dosmode(conn, smb_fname_dst, fattr, parent, false);
424 }
425 TALLOC_FREE(parent);
426
427 if (ret < (off_t)smb_fname_src->st.st_ex_size) {
428 status = NT_STATUS_DISK_FULL;
429 goto out;
430 }
431 out:
432 if (!NT_STATUS_IS_OK(status)) {
433 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
434 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
435 smb_fname_str_dbg(smb_fname_dst)));
436 }
437
438 return status;
439 }
440
441 /******************************************************************************
442 Fake up a completely empty SD.
443 *******************************************************************************/
444
445 static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, struct security_descriptor **ppsd)
446 {
447 size_t sd_size;
448
449 *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
450 if(!*ppsd) {
451 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
452 return NT_STATUS_NO_MEMORY;
453 }
454
455 return NT_STATUS_OK;
456 }
457
458 /****************************************************************************
459 Get a security descriptor from the file system, normalize for components
460 requested.
461 ****************************************************************************/
462
463 static NTSTATUS smbd_fetch_security_desc(connection_struct *conn,
464 TALLOC_CTX *mem_ctx,
465 files_struct *fsp,
466 uint32_t security_info_wanted,
467 struct security_descriptor **ppsd)
468 {
469 NTSTATUS status;
470 struct security_descriptor *psd = NULL;
471 bool need_to_read_sd = false;
472
473 /*
474 * Get the permissions to return.
475 */
476
477 if ((security_info_wanted & SECINFO_SACL) &&
478 !(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
479 DEBUG(10, ("Access to SACL denied.\n"));
480 return NT_STATUS_ACCESS_DENIED;
481 }
482
483 if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) &&
484 !(fsp->access_mask & SEC_STD_READ_CONTROL)) {
485 DEBUG(10, ("Access to DACL, OWNER, or GROUP denied.\n"));
486 return NT_STATUS_ACCESS_DENIED;
487 }
488
489 status = refuse_symlink_fsp(fsp);
490 if (!NT_STATUS_IS_OK(status)) {
491 DBG_DEBUG("ACL get on symlink %s denied.\n",
492 fsp_str_dbg(fsp));
493 return status;
494 }
495
496 if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
497 SECINFO_GROUP|SECINFO_SACL)) {
498 /* Don't return SECINFO_LABEL if anything else was
499 requested. See bug #8458. */
500 security_info_wanted &= ~SECINFO_LABEL;
501
502 /*
503 * Only query the file system SD if the caller asks
504 * for any bits. This allows a caller to open without
505 * READ_CONTROL but still issue a query sd. See
506 * smb2.sdread test.
507 */
508 need_to_read_sd = true;
509 }
510
511 if (lp_nt_acl_support(SNUM(conn)) &&
512 ((security_info_wanted & SECINFO_LABEL) == 0) &&
513 need_to_read_sd)
514 {
515 files_struct *sd_fsp = metadata_fsp(fsp);
516 status = SMB_VFS_FGET_NT_ACL(
517 sd_fsp, security_info_wanted, mem_ctx, &psd);
518 } else {
519 status = get_null_nt_acl(mem_ctx, &psd);
520 }
521
522 if (!NT_STATUS_IS_OK(status)) {
523 return status;
524 }
525
526 if (!(security_info_wanted & SECINFO_OWNER)) {
527 psd->owner_sid = NULL;
528 }
529 if (!(security_info_wanted & SECINFO_GROUP)) {
530 psd->group_sid = NULL;
531 }
532 if (!(security_info_wanted & SECINFO_DACL)) {
533 psd->type &= ~SEC_DESC_DACL_PRESENT;
534 psd->dacl = NULL;
535 }
536 if (!(security_info_wanted & SECINFO_SACL)) {
537 psd->type &= ~SEC_DESC_SACL_PRESENT;
538 psd->sacl = NULL;
539 }
540
541 /* If the SACL/DACL is NULL, but was requested, we mark that it is
542 * present in the reply to match Windows behavior */
543 if (psd->sacl == NULL &&
544 security_info_wanted & SECINFO_SACL)
545 psd->type |= SEC_DESC_SACL_PRESENT;
546 if (psd->dacl == NULL &&
547 security_info_wanted & SECINFO_DACL)
548 psd->type |= SEC_DESC_DACL_PRESENT;
549
550 if (security_info_wanted & SECINFO_LABEL) {
551 /* Like W2K3 return a null object. */
552 psd->owner_sid = NULL;
553 psd->group_sid = NULL;
554 psd->dacl = NULL;
555 psd->sacl = NULL;
556 psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
557 }
558
559 *ppsd = psd;
560 return NT_STATUS_OK;
561 }
562
563 /****************************************************************************
564 Write a security descriptor into marshalled format.
565 ****************************************************************************/
566
567 static NTSTATUS smbd_marshall_security_desc(TALLOC_CTX *mem_ctx,
568 files_struct *fsp,
569 struct security_descriptor *psd,
570 uint32_t max_data_count,
571 uint8_t **ppmarshalled_sd,
572 size_t *psd_size)
573 {
574 *psd_size = ndr_size_security_descriptor(psd, 0);
575
576 DBG_NOTICE("sd_size = %zu.\n", *psd_size);
577
578 if (DEBUGLEVEL >= 10) {
579 DBG_DEBUG("security desc for file %s\n",
580 fsp_str_dbg(fsp));
581 NDR_PRINT_DEBUG(security_descriptor, psd);
582 }
583
584 if (max_data_count < *psd_size) {
585 return NT_STATUS_BUFFER_TOO_SMALL;
586 }
587
588 return marshall_sec_desc(mem_ctx,
589 psd,
590 ppmarshalled_sd,
591 psd_size);
592 }
593
594 /****************************************************************************
595 Reply to query a security descriptor.
596 Callable from SMB1 and SMB2.
597 If it returns NT_STATUS_BUFFER_TOO_SMALL, psd_size is initialized with
598 the required size.
599 ****************************************************************************/
600
601 NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
602 TALLOC_CTX *mem_ctx,
603 files_struct *fsp,
604 uint32_t security_info_wanted,
605 uint32_t max_data_count,
606 uint8_t **ppmarshalled_sd,
607 size_t *psd_size)
608 {
609 NTSTATUS status;
610 struct security_descriptor *psd = NULL;
611
612 /*
613 * Get the permissions to return.
614 */
615
616 status = smbd_fetch_security_desc(conn,
617 mem_ctx,
618 fsp,
619 security_info_wanted,
620 &psd);
621 if (!NT_STATUS_IS_OK(status)) {
622 return status;
623 }
624
625 status = smbd_marshall_security_desc(mem_ctx,
626 fsp,
627 psd,
628 max_data_count,
629 ppmarshalled_sd,
630 psd_size);
631 TALLOC_FREE(psd);
632 return status;
633 }
634
635 #ifdef HAVE_SYS_QUOTAS
636 static enum ndr_err_code fill_qtlist_from_sids(TALLOC_CTX *mem_ctx,
637 struct files_struct *fsp,
638 SMB_NTQUOTA_HANDLE *qt_handle,
639 struct dom_sid *sids,
640 uint32_t elems)
641 {
642 uint32_t i;
643 TALLOC_CTX *list_ctx = NULL;
644
645 list_ctx = talloc_init("quota_sid_list");
646
647 if (list_ctx == NULL) {
648 DBG_ERR("failed to allocate\n");
649 return NDR_ERR_ALLOC;
650 }
651
652 if (qt_handle->quota_list!=NULL) {
653 free_ntquota_list(&(qt_handle->quota_list));
654 }
655 for (i = 0; i < elems; i++) {
656 SMB_NTQUOTA_STRUCT qt;
657 SMB_NTQUOTA_LIST *list_item;
658 bool ok;
659
660 if (!NT_STATUS_IS_OK(vfs_get_ntquota(fsp,
661 SMB_USER_QUOTA_TYPE,
662 &sids[i], &qt))) {
663 /* non fatal error, return empty item in result */
664 ZERO_STRUCT(qt);
665 continue;
666 }
667
668
669 list_item = talloc_zero(list_ctx, SMB_NTQUOTA_LIST);
670 if (list_item == NULL) {
671 DBG_ERR("failed to allocate\n");
672 return NDR_ERR_ALLOC;
673 }
674
675 ok = sid_to_uid(&sids[i], &list_item->uid);
676 if (!ok) {
677 struct dom_sid_buf buf;
678 DBG_WARNING("Could not convert SID %s to uid\n",
679 dom_sid_str_buf(&sids[i], &buf));
680 /* No idea what to return here... */
681 return NDR_ERR_INVALID_POINTER;
682 }
683
684 list_item->quotas = talloc_zero(list_item, SMB_NTQUOTA_STRUCT);
685 if (list_item->quotas == NULL) {
686 DBG_ERR("failed to allocate\n");
687 return NDR_ERR_ALLOC;
688 }
689
690 *list_item->quotas = qt;
691 list_item->mem_ctx = list_ctx;
692 DLIST_ADD(qt_handle->quota_list, list_item);
693 }
694 qt_handle->tmp_list = qt_handle->quota_list;
695 return NDR_ERR_SUCCESS;
696 }
697
698 static enum ndr_err_code extract_sids_from_buf(TALLOC_CTX *mem_ctx,
699 uint32_t sidlistlength,
700 DATA_BLOB *sid_buf,
701 struct dom_sid **sids,
702 uint32_t *num)
703 {
704 DATA_BLOB blob;
705 uint32_t i = 0;
706 enum ndr_err_code err;
707
708 struct sid_list_elem {
709 struct sid_list_elem *prev, *next;
710 struct dom_sid sid;
711 };
712
713 struct sid_list_elem *sid_list = NULL;
714 struct sid_list_elem *iter = NULL;
715 TALLOC_CTX *list_ctx = talloc_init("sid_list");
716 if (!list_ctx) {
717 DBG_ERR("OOM\n");
718 err = NDR_ERR_ALLOC;
719 goto done;
720 }
721
722 *num = 0;
723 *sids = NULL;
724
725 if (sidlistlength) {
726 uint32_t offset = 0;
727 struct ndr_pull *ndr_pull = NULL;
728
729 if (sidlistlength > sid_buf->length) {
730 DBG_ERR("sid_list_length 0x%x exceeds "
731 "available bytes %zx\n",
732 sidlistlength,
733 sid_buf->length);
734 err = NDR_ERR_OFFSET;
735 goto done;
736 }
737 while (true) {
738 struct file_get_quota_info info;
739 struct sid_list_elem *item = NULL;
740 uint32_t new_offset = 0;
741 blob.data = sid_buf->data + offset;
742 blob.length = sidlistlength - offset;
743 ndr_pull = ndr_pull_init_blob(&blob, list_ctx);
744 if (!ndr_pull) {
745 DBG_ERR("OOM\n");
746 err = NDR_ERR_ALLOC;
747 goto done;
748 }
749 err = ndr_pull_file_get_quota_info(ndr_pull,
750 NDR_SCALARS | NDR_BUFFERS, &info);
751 if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
752 DBG_ERR("Failed to pull file_get_quota_info "
753 "from sidlist buffer\n");
754 goto done;
755 }
756 item = talloc_zero(list_ctx, struct sid_list_elem);
757 if (!item) {
758 DBG_ERR("OOM\n");
759 err = NDR_ERR_ALLOC;
760 goto done;
761 }
762 item->sid = info.sid;
763 DLIST_ADD(sid_list, item);
764 i++;
765 if (i == UINT32_MAX) {
766 DBG_ERR("Integer overflow\n");
767 err = NDR_ERR_ARRAY_SIZE;
768 goto done;
769 }
770 new_offset = info.next_entry_offset;
771
772 /* if new_offset == 0 no more sid(s) to read. */
773 if (new_offset == 0) {
774 break;
775 }
776
777 /* Integer wrap? */
778 if ((offset + new_offset) < offset) {
779 DBG_ERR("Integer wrap while adding "
780 "new_offset 0x%x to current "
781 "buffer offset 0x%x\n",
782 new_offset, offset);
783 err = NDR_ERR_OFFSET;
784 goto done;
785 }
786
787 offset += new_offset;
788
789 /* check if new offset is outside buffer boundary. */
790 if (offset >= sidlistlength) {
791 DBG_ERR("bufsize 0x%x exceeded by "
792 "new offset 0x%x)\n",
793 sidlistlength,
794 offset);
795 err = NDR_ERR_OFFSET;
796 goto done;
797 }
798 }
799 *sids = talloc_zero_array(mem_ctx, struct dom_sid, i);
800 if (*sids == NULL) {
801 DBG_ERR("OOM\n");
802 err = NDR_ERR_ALLOC;
803 goto done;
804 }
805
806 *num = i;
807
808 for (iter = sid_list, i = 0; iter; iter = iter->next, i++) {
809 struct dom_sid_buf buf;
810 (*sids)[i] = iter->sid;
811 DBG_DEBUG("quota SID[%u] %s\n",
812 (unsigned int)i,
813 dom_sid_str_buf(&iter->sid, &buf));
814 }
815 }
816 err = NDR_ERR_SUCCESS;
817 done:
818 TALLOC_FREE(list_ctx);
819 return err;
820 }
821
822 NTSTATUS smbd_do_query_getinfo_quota(TALLOC_CTX *mem_ctx,
823 files_struct *fsp,
824 bool restart_scan,
825 bool return_single,
826 uint32_t sid_list_length,
827 DATA_BLOB *sid_buf,
828 uint32_t max_data_count,
829 uint8_t **p_data,
830 uint32_t *p_data_size)
831 {
832 NTSTATUS status;
833 SMB_NTQUOTA_HANDLE *qt_handle = NULL;
834 SMB_NTQUOTA_LIST *qt_list = NULL;
835 DATA_BLOB blob = data_blob_null;
836 enum ndr_err_code err;
837
838 qt_handle =
839 (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->private_data;
840
841 if (sid_list_length ) {
842 struct dom_sid *sids;
843 uint32_t elems = 0;
844 /*
845 * error check pulled offsets and lengths for wrap and
846 * exceeding available bytes.
847 */
848 if (sid_list_length > sid_buf->length) {
849 DBG_ERR("sid_list_length 0x%x exceeds "
850 "available bytes %zx\n",
851 sid_list_length,
852 sid_buf->length);
853 return NT_STATUS_INVALID_PARAMETER;
854 }
855
856 err = extract_sids_from_buf(mem_ctx, sid_list_length,
857 sid_buf, &sids, &elems);
858 if (!NDR_ERR_CODE_IS_SUCCESS(err) || elems == 0) {
859 return NT_STATUS_INVALID_PARAMETER;
860 }
861 err = fill_qtlist_from_sids(mem_ctx,
862 fsp,
863 qt_handle,
864 sids,
865 elems);
866 if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
867 return NT_STATUS_INVALID_PARAMETER;
868 }
869 } else if (restart_scan) {
870 if (vfs_get_user_ntquota_list(fsp,
871 &(qt_handle->quota_list))!=0) {
872 return NT_STATUS_INTERNAL_ERROR;
873 }
874 } else {
875 if (qt_handle->quota_list!=NULL &&
876 qt_handle->tmp_list==NULL) {
877 free_ntquota_list(&(qt_handle->quota_list));
878 }
879 }
880
881 if (restart_scan !=0 ) {
882 qt_list = qt_handle->quota_list;
883 } else {
884 qt_list = qt_handle->tmp_list;
885 }
886 status = fill_quota_buffer(mem_ctx, qt_list,
887 return_single != 0,
888 max_data_count,
889 &blob,
890 &qt_handle->tmp_list);
891 if (!NT_STATUS_IS_OK(status)) {
892 return status;
893 }
894 if (blob.length > max_data_count) {
895 return NT_STATUS_BUFFER_TOO_SMALL;
896 }
897
898 *p_data = blob.data;
899 *p_data_size = blob.length;
900 return NT_STATUS_OK;
901 }
902 #endif /* HAVE_SYS_QUOTAS */
Samba GIT mirror