CVE-2020-25719 mit-samba: Add mit_samba_princ_needs_pac()
[Samba.git] / source3 / smbd / smb2_ioctl_dfs.c
blob72893ca4237407de326e8ed107c9ca8c7b8a7143
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../lib/util/tevent_ntstatus.h"
26 #include "include/ntioctl.h"
27 #include "smb2_ioctl_private.h"
29 #undef DBGC_CLASS
30 #define DBGC_CLASS DBGC_SMB2
32 static NTSTATUS fsctl_dfs_get_refers(TALLOC_CTX *mem_ctx,
33 struct tevent_context *ev,
34 struct connection_struct *conn,
35 DATA_BLOB *in_input,
36 uint32_t in_max_output,
37 DATA_BLOB *out_output)
39 uint16_t in_max_referral_level;
40 DATA_BLOB in_file_name_buffer;
41 char *in_file_name_string;
42 size_t in_file_name_string_size;
43 bool ok;
44 bool overflow = false;
45 NTSTATUS status;
46 int dfs_size;
47 char *dfs_data = NULL;
48 DATA_BLOB output;
50 if (!lp_host_msdfs()) {
51 return NT_STATUS_FS_DRIVER_REQUIRED;
54 if (in_input->length < (2 + 2)) {
55 return NT_STATUS_INVALID_PARAMETER;
58 in_max_referral_level = SVAL(in_input->data, 0);
59 in_file_name_buffer.data = in_input->data + 2;
60 in_file_name_buffer.length = in_input->length - 2;
62 ok = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
63 in_file_name_buffer.data,
64 in_file_name_buffer.length,
65 &in_file_name_string,
66 &in_file_name_string_size);
67 if (!ok) {
68 return NT_STATUS_ILLEGAL_CHARACTER;
71 dfs_size = setup_dfs_referral(conn,
72 in_file_name_string,
73 in_max_referral_level,
74 &dfs_data, &status);
75 if (dfs_size < 0) {
76 return status;
79 if (dfs_size > in_max_output) {
81 * TODO: we need a testsuite for this
83 overflow = true;
84 dfs_size = in_max_output;
87 output = data_blob_talloc(mem_ctx, (uint8_t *)dfs_data, dfs_size);
88 SAFE_FREE(dfs_data);
89 if ((dfs_size > 0) && (output.data == NULL)) {
90 return NT_STATUS_NO_MEMORY;
92 *out_output = output;
94 if (overflow) {
95 return STATUS_BUFFER_OVERFLOW;
97 return NT_STATUS_OK;
100 struct tevent_req *smb2_ioctl_dfs(uint32_t ctl_code,
101 struct tevent_context *ev,
102 struct tevent_req *req,
103 struct smbd_smb2_ioctl_state *state)
105 NTSTATUS status;
107 switch (ctl_code) {
108 case FSCTL_DFS_GET_REFERRALS:
109 status = fsctl_dfs_get_refers(state, ev, state->smbreq->conn,
110 &state->in_input,
111 state->in_max_output,
112 &state->out_output);
113 if (!tevent_req_nterror(req, status)) {
114 tevent_req_done(req);
116 return tevent_req_post(req, ev);
117 break;
118 default: {
119 uint8_t *out_data = NULL;
120 uint32_t out_data_len = 0;
122 if (state->fsp == NULL) {
123 status = NT_STATUS_NOT_SUPPORTED;
124 } else {
125 status = SMB_VFS_FSCTL(state->fsp,
126 state,
127 ctl_code,
128 state->smbreq->flags2,
129 state->in_input.data,
130 state->in_input.length,
131 &out_data,
132 state->in_max_output,
133 &out_data_len);
134 state->out_output = data_blob_const(out_data, out_data_len);
135 if (NT_STATUS_IS_OK(status)) {
136 tevent_req_done(req);
137 return tevent_req_post(req, ev);
141 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
142 if (IS_IPC(state->smbreq->conn)) {
143 status = NT_STATUS_FS_DRIVER_REQUIRED;
144 } else {
145 status = NT_STATUS_INVALID_DEVICE_REQUEST;
149 tevent_req_nterror(req, status);
150 return tevent_req_post(req, ev);
151 break;
155 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
156 return tevent_req_post(req, ev);