search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
auth4: Fix CID 1034877 Resource leak
[Samba.git] / source3 / smbd / smb2_ioctl_named_pipe.c
blobf9e3dec049c087eebbbc7d3ce452cb6e95205189
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../lib/util/tevent_ntstatus.h"
26 #include "rpc_server/srv_pipe_hnd.h"
27 #include "include/ntioctl.h"
28 #include "smb2_ioctl_private.h"
29
30 #undef DBGC_CLASS
31 #define DBGC_CLASS DBGC_SMB2
32
33 static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq);
34 static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq);
35
36 struct tevent_req *smb2_ioctl_named_pipe(uint32_t ctl_code,
37 struct tevent_context *ev,
38 struct tevent_req *req,
39 struct smbd_smb2_ioctl_state *state)
40 {
41 NTSTATUS status;
42 uint8_t *out_data = NULL;
43 uint32_t out_data_len = 0;
44
45 if (ctl_code == FSCTL_PIPE_TRANSCEIVE) {
46 struct tevent_req *subreq;
47
48 if (!IS_IPC(state->smbreq->conn)) {
49 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
50 return tevent_req_post(req, ev);
51 }
52
53 if (state->fsp == NULL) {
54 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
55 return tevent_req_post(req, ev);
56 }
57
58 if (!fsp_is_np(state->fsp)) {
59 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
60 return tevent_req_post(req, ev);
61 }
62
63 DEBUG(10,("smbd_smb2_ioctl_send: np_write_send of size %u\n",
64 (unsigned int)state->in_input.length ));
65
66 subreq = np_write_send(state, ev,
67 state->fsp->fake_file_handle,
68 state->in_input.data,
69 state->in_input.length);
70 if (tevent_req_nomem(subreq, req)) {
71 return tevent_req_post(req, ev);
72 }
73 tevent_req_set_callback(subreq,
74 smbd_smb2_ioctl_pipe_write_done,
75 req);
76 return req;
77 }
78
79 if (state->fsp == NULL) {
80 status = NT_STATUS_NOT_SUPPORTED;
81 } else {
82 status = SMB_VFS_FSCTL(state->fsp,
83 state,
84 ctl_code,
85 state->smbreq->flags2,
86 state->in_input.data,
87 state->in_input.length,
88 &out_data,
89 state->in_max_output,
90 &out_data_len);
91 state->out_output = data_blob_const(out_data, out_data_len);
92 if (NT_STATUS_IS_OK(status)) {
93 tevent_req_done(req);
94 return tevent_req_post(req, ev);
95 }
96 }
97
98 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
99 if (IS_IPC(state->smbreq->conn)) {
100 status = NT_STATUS_FS_DRIVER_REQUIRED;
101 } else {
102 status = NT_STATUS_INVALID_DEVICE_REQUEST;
103 }
104 }
105
106 tevent_req_nterror(req, status);
107 return tevent_req_post(req, ev);
108 }
109
110 static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq)
111 {
112 struct tevent_req *req = tevent_req_callback_data(subreq,
113 struct tevent_req);
114 struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
115 struct smbd_smb2_ioctl_state);
116 NTSTATUS status;
117 ssize_t nwritten = -1;
118
119 status = np_write_recv(subreq, &nwritten);
120
121 DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: received %ld\n",
122 (long int)nwritten ));
123
124 TALLOC_FREE(subreq);
125 if (!NT_STATUS_IS_OK(status)) {
126 tevent_req_nterror(req, status);
127 return;
128 }
129
130 if (nwritten != state->in_input.length) {
131 tevent_req_nterror(req, NT_STATUS_PIPE_NOT_AVAILABLE);
132 return;
133 }
134
135 state->out_output = data_blob_talloc(state, NULL, state->in_max_output);
136 if (state->in_max_output > 0 &&
137 tevent_req_nomem(state->out_output.data, req)) {
138 return;
139 }
140
141 DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: issuing np_read_send "
142 "of size %u\n",
143 (unsigned int)state->out_output.length ));
144
145 subreq = np_read_send(state->smbreq->conn,
146 state->smb2req->sconn->ev_ctx,
147 state->fsp->fake_file_handle,
148 state->out_output.data,
149 state->out_output.length);
150 if (tevent_req_nomem(subreq, req)) {
151 return;
152 }
153 tevent_req_set_callback(subreq, smbd_smb2_ioctl_pipe_read_done, req);
154 }
155
156 static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq)
157 {
158 struct tevent_req *req = tevent_req_callback_data(subreq,
159 struct tevent_req);
160 struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
161 struct smbd_smb2_ioctl_state);
162 NTSTATUS status;
163 ssize_t nread = -1;
164 bool is_data_outstanding = false;
165
166 status = np_read_recv(subreq, &nread, &is_data_outstanding);
167
168 DEBUG(10,("smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = %d "
169 "is_data_outstanding = %d, status = %s\n",
170 (int)nread,
171 (int)is_data_outstanding,
172 nt_errstr(status) ));
173
174 TALLOC_FREE(subreq);
175 if (!NT_STATUS_IS_OK(status)) {
176 tevent_req_nterror(req, status);
177 return;
178 }
179
180 state->out_output.length = nread;
181
182 if (is_data_outstanding) {
183 tevent_req_nterror(req, STATUS_BUFFER_OVERFLOW);
184 return;
185 }
186
187 tevent_req_done(req);
188 }
Samba GIT mirror