s3: libsmb: Do some hardening in the receive processing of cli_shadow_copy_data_recv().
[Samba.git] / source3 / smbd / smb2_ioctl_dfs.c
blob9c6647343ccf45a76adae0acd5acb472168506d3
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../lib/util/tevent_ntstatus.h"
26 #include "include/ntioctl.h"
27 #include "smb2_ioctl_private.h"
29 static NTSTATUS fsctl_dfs_get_refers(TALLOC_CTX *mem_ctx,
30 struct tevent_context *ev,
31 struct connection_struct *conn,
32 DATA_BLOB *in_input,
33 uint32_t in_max_output,
34 DATA_BLOB *out_output)
36 uint16_t in_max_referral_level;
37 DATA_BLOB in_file_name_buffer;
38 char *in_file_name_string;
39 size_t in_file_name_string_size;
40 bool ok;
41 bool overflow = false;
42 NTSTATUS status;
43 int dfs_size;
44 char *dfs_data = NULL;
45 DATA_BLOB output;
47 if (!IS_IPC(conn)) {
48 return NT_STATUS_INVALID_DEVICE_REQUEST;
51 if (!lp_host_msdfs()) {
52 return NT_STATUS_FS_DRIVER_REQUIRED;
55 if (in_input->length < (2 + 2)) {
56 return NT_STATUS_INVALID_PARAMETER;
59 in_max_referral_level = SVAL(in_input->data, 0);
60 in_file_name_buffer.data = in_input->data + 2;
61 in_file_name_buffer.length = in_input->length - 2;
63 ok = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
64 in_file_name_buffer.data,
65 in_file_name_buffer.length,
66 &in_file_name_string,
67 &in_file_name_string_size);
68 if (!ok) {
69 return NT_STATUS_ILLEGAL_CHARACTER;
72 dfs_size = setup_dfs_referral(conn,
73 in_file_name_string,
74 in_max_referral_level,
75 &dfs_data, &status);
76 if (dfs_size < 0) {
77 return status;
80 if (dfs_size > in_max_output) {
82 * TODO: we need a testsuite for this
84 overflow = true;
85 dfs_size = in_max_output;
88 output = data_blob_talloc(mem_ctx, (uint8_t *)dfs_data, dfs_size);
89 SAFE_FREE(dfs_data);
90 if ((dfs_size > 0) && (output.data == NULL)) {
91 return NT_STATUS_NO_MEMORY;
93 *out_output = output;
95 if (overflow) {
96 return STATUS_BUFFER_OVERFLOW;
98 return NT_STATUS_OK;
101 struct tevent_req *smb2_ioctl_dfs(uint32_t ctl_code,
102 struct tevent_context *ev,
103 struct tevent_req *req,
104 struct smbd_smb2_ioctl_state *state)
106 NTSTATUS status;
108 switch (ctl_code) {
109 case FSCTL_DFS_GET_REFERRALS:
110 status = fsctl_dfs_get_refers(state, ev, state->smbreq->conn,
111 &state->in_input,
112 state->in_max_output,
113 &state->out_output);
114 if (!tevent_req_nterror(req, status)) {
115 tevent_req_done(req);
117 return tevent_req_post(req, ev);
118 break;
119 default: {
120 uint8_t *out_data = NULL;
121 uint32_t out_data_len = 0;
123 if (state->fsp == NULL) {
124 status = NT_STATUS_NOT_SUPPORTED;
125 } else {
126 status = SMB_VFS_FSCTL(state->fsp,
127 state,
128 ctl_code,
129 state->smbreq->flags2,
130 state->in_input.data,
131 state->in_input.length,
132 &out_data,
133 state->in_max_output,
134 &out_data_len);
135 state->out_output = data_blob_const(out_data, out_data_len);
136 if (NT_STATUS_IS_OK(status)) {
137 tevent_req_done(req);
138 return tevent_req_post(req, ev);
142 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
143 if (IS_IPC(state->smbreq->conn)) {
144 status = NT_STATUS_FS_DRIVER_REQUIRED;
145 } else {
146 status = NT_STATUS_INVALID_DEVICE_REQUEST;
150 tevent_req_nterror(req, status);
151 return tevent_req_post(req, ev);
152 break;
156 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
157 return tevent_req_post(req, ev);