search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: libsmb: Do some hardening in the receive processing of cli_shadow_copy_data_recv().
[Samba.git] / source3 / smbd / smb2_glue.c
blob0bb34be454f76c47218adbf330d26ec377dc5255
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25
26 struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req)
27 {
28 struct smb_request *smbreq;
29 const uint8_t *inhdr = SMBD_SMB2_IN_HDR_PTR(req);
30
31 if (req->smb1req) {
32 smbreq = req->smb1req;
33 } else {
34 smbreq = talloc_zero(req, struct smb_request);
35 if (smbreq == NULL) {
36 return NULL;
37 }
38 }
39
40 smbreq->request_time = req->request_time;
41 smbreq->vuid = req->session->compat->vuid;
42 smbreq->tid = req->tcon->compat->cnum;
43 smbreq->conn = req->tcon->compat;
44 smbreq->sconn = req->sconn;
45 smbreq->xconn = req->xconn;
46 smbreq->smbpid = (uint16_t)IVAL(inhdr, SMB2_HDR_PID);
47 smbreq->flags2 = FLAGS2_UNICODE_STRINGS |
48 FLAGS2_32_BIT_ERROR_CODES |
49 FLAGS2_LONG_PATH_COMPONENTS |
50 FLAGS2_IS_LONG_NAME;
51
52 /* This is not documented in revision 49 of [MS-SMB2] but should be
53 * added in a later revision (and torture test smb2.read.access
54 * as well as smb2.ioctl_copy_chunk_bad_access against
55 * Server 2012R2 confirms this)
56 *
57 * If FILE_EXECUTE is granted to a handle then the SMB2 server
58 * acts as if FILE_READ_DATA has also been granted. We must still
59 * keep the original granted mask, because with ioctl requests,
60 * access checks are made on the file handle, "below" the SMB2
61 * server, and the object store below the SMB layer is not aware
62 * of this arrangement (see smb2.ioctl.copy_chunk_bad_access
63 * torture test).
64 */
65 smbreq->flags2 |= FLAGS2_READ_PERMIT_EXECUTE;
66
67 if (IVAL(inhdr, SMB2_HDR_FLAGS) & SMB2_HDR_FLAG_DFS) {
68 smbreq->flags2 |= FLAGS2_DFS_PATHNAMES;
69 }
70 smbreq->mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
71 smbreq->chain_fsp = req->compat_chain_fsp;
72 smbreq->smb2req = req;
73 req->smb1req = smbreq;
74
75 return smbreq;
76 }
77
78 /*********************************************************
79 Are there unread bytes for recvfile ?
80 *********************************************************/
81
82 size_t smbd_smb2_unread_bytes(struct smbd_smb2_request *req)
83 {
84 if (req->smb1req) {
85 return req->smb1req->unread_bytes;
86 }
87 return 0;
88 }
89
90 /*********************************************************
91 Called from file_free() to remove any chained fsp pointers.
92 *********************************************************/
93
94 void remove_smb2_chained_fsp(files_struct *fsp)
95 {
96 struct smbd_server_connection *sconn = fsp->conn->sconn;
97 struct smbXsrv_connection *xconn = NULL;
98
99 if (sconn->client != NULL) {
100 xconn = sconn->client->connections;
101 }
102
103 for (; xconn != NULL; xconn = xconn->next) {
104 struct smbd_smb2_request *smb2req;
105
106 for (smb2req = xconn->smb2.requests; smb2req; smb2req = smb2req->next) {
107 if (smb2req->compat_chain_fsp == fsp) {
108 smb2req->compat_chain_fsp = NULL;
109 }
110 if (smb2req->smb1req && smb2req->smb1req->chain_fsp == fsp) {
111 smb2req->smb1req->chain_fsp = NULL;
112 }
113 }
114 }
115 }
Samba GIT mirror