2 Unix SMB2 implementation.
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Stefan Metzmacher 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "system/time.h"
24 #include "libcli/smb2/smb2.h"
25 #include "libcli/smb2/smb2_calls.h"
26 #include "smb_server/smb_server.h"
27 #include "smb_server/service_smb_proto.h"
28 #include "smb_server/smb2/smb2_server.h"
29 #include "smbd/service_stream.h"
30 #include "lib/stream/packet.h"
31 #include "ntvfs/ntvfs.h"
33 static int smb2srv_request_destructor(struct smb2srv_request
*req
)
35 DLIST_REMOVE(req
->smb_conn
->requests2
.list
, req
);
36 if (req
->pending_id
) {
37 idr_remove(req
->smb_conn
->requests2
.idtree_req
, req
->pending_id
);
42 static int smb2srv_request_deny_destructor(struct smb2srv_request
*req
)
47 static struct smb2srv_request
*smb2srv_init_request(struct smbsrv_connection
*smb_conn
)
49 struct smb2srv_request
*req
;
51 req
= talloc_zero(smb_conn
, struct smb2srv_request
);
52 if (!req
) return NULL
;
54 req
->smb_conn
= smb_conn
;
56 talloc_set_destructor(req
, smb2srv_request_destructor
);
61 NTSTATUS
smb2srv_setup_reply(struct smb2srv_request
*req
, uint16_t body_fixed_size
,
62 BOOL body_dynamic_present
, uint32_t body_dynamic_size
)
64 uint32_t flags
= 0x00000001;
65 uint32_t pid
= IVAL(req
->in
.hdr
, SMB2_HDR_PID
);
66 uint32_t tid
= IVAL(req
->in
.hdr
, SMB2_HDR_TID
);
68 if (req
->pending_id
) {
70 pid
= req
->pending_id
;
74 if (body_dynamic_present
) {
75 if (body_dynamic_size
== 0) {
76 body_dynamic_size
= 1;
79 body_dynamic_size
= 0;
82 req
->out
.size
= SMB2_HDR_BODY
+NBT_HDR_SIZE
+body_fixed_size
;
84 req
->out
.allocated
= req
->out
.size
+ body_dynamic_size
;
85 req
->out
.buffer
= talloc_size(req
, req
->out
.allocated
);
86 NT_STATUS_HAVE_NO_MEMORY(req
->out
.buffer
);
88 req
->out
.hdr
= req
->out
.buffer
+ NBT_HDR_SIZE
;
89 req
->out
.body
= req
->out
.hdr
+ SMB2_HDR_BODY
;
90 req
->out
.body_fixed
= body_fixed_size
;
91 req
->out
.body_size
= body_fixed_size
;
92 req
->out
.dynamic
= (body_dynamic_size
? req
->out
.body
+ body_fixed_size
: NULL
);
94 SIVAL(req
->out
.hdr
, 0, SMB2_MAGIC
);
95 SSVAL(req
->out
.hdr
, SMB2_HDR_LENGTH
, SMB2_HDR_BODY
);
96 SSVAL(req
->out
.hdr
, SMB2_HDR_PAD1
, 0);
97 SIVAL(req
->out
.hdr
, SMB2_HDR_STATUS
, NT_STATUS_V(req
->status
));
98 SSVAL(req
->out
.hdr
, SMB2_HDR_OPCODE
, SVAL(req
->in
.hdr
, SMB2_HDR_OPCODE
));
99 SSVAL(req
->out
.hdr
, SMB2_HDR_UNKNOWN1
,0x0001);
100 SIVAL(req
->out
.hdr
, SMB2_HDR_FLAGS
, flags
);
101 SIVAL(req
->out
.hdr
, SMB2_HDR_UNKNOWN2
,0);
102 SBVAL(req
->out
.hdr
, SMB2_HDR_SEQNUM
, req
->seqnum
);
103 SIVAL(req
->out
.hdr
, SMB2_HDR_PID
, pid
);
104 SIVAL(req
->out
.hdr
, SMB2_HDR_TID
, tid
);
105 SBVAL(req
->out
.hdr
, SMB2_HDR_UID
, BVAL(req
->in
.hdr
, SMB2_HDR_UID
));
106 memset(req
->out
.hdr
+SMB2_HDR_SIG
, 0, 16);
108 /* set the length of the fixed body part and +1 if there's a dynamic part also */
109 SSVAL(req
->out
.body
, 0, body_fixed_size
+ (body_dynamic_size
?1:0));
112 * if we have a dynamic part, make sure the first byte
113 * which is always be part of the packet is initialized
115 if (body_dynamic_size
) {
117 SCVAL(req
->out
.dynamic
, 0, 0);
123 void smb2srv_send_reply(struct smb2srv_request
*req
)
128 if (req
->smb_conn
->connection
->event
.fde
== NULL
) {
129 /* the socket has been destroyed - no point trying to send a reply! */
134 if (req
->out
.size
> NBT_HDR_SIZE
) {
135 _smb2_setlen(req
->out
.buffer
, req
->out
.size
- NBT_HDR_SIZE
);
138 blob
= data_blob_const(req
->out
.buffer
, req
->out
.size
);
139 status
= packet_send(req
->smb_conn
->packet
, blob
);
140 if (!NT_STATUS_IS_OK(status
)) {
141 smbsrv_terminate_connection(req
->smb_conn
, nt_errstr(status
));
146 void smb2srv_send_error(struct smb2srv_request
*req
, NTSTATUS error
)
150 if (req
->smb_conn
->connection
->event
.fde
== NULL
) {
151 /* the socket has been destroyed - no point trying to send an error! */
156 status
= smb2srv_setup_reply(req
, 8, True
, 0);
157 if (!NT_STATUS_IS_OK(status
)) {
158 smbsrv_terminate_connection(req
->smb_conn
, nt_errstr(status
));
163 SIVAL(req
->out
.hdr
, SMB2_HDR_STATUS
, NT_STATUS_V(error
));
165 SSVAL(req
->out
.body
, 0x02, 0);
166 SIVAL(req
->out
.body
, 0x04, 0);
168 smb2srv_send_reply(req
);
171 static NTSTATUS
smb2srv_reply(struct smb2srv_request
*req
)
177 opcode
= SVAL(req
->in
.hdr
, SMB2_HDR_OPCODE
);
178 req
->seqnum
= BVAL(req
->in
.hdr
, SMB2_HDR_SEQNUM
);
179 tid
= IVAL(req
->in
.hdr
, SMB2_HDR_TID
);
180 uid
= BVAL(req
->in
.hdr
, SMB2_HDR_UID
);
182 req
->session
= smbsrv_session_find(req
->smb_conn
, uid
, req
->request_time
);
183 req
->tcon
= smbsrv_smb2_tcon_find(req
->session
, tid
, req
->request_time
);
187 /* TODO: check the seqnum */
190 case SMB2_OP_NEGPROT
:
191 smb2srv_negprot_recv(req
);
193 case SMB2_OP_SESSSETUP
:
194 smb2srv_sesssetup_recv(req
);
197 if (!req
->session
) goto nosession
;
198 smb2srv_logoff_recv(req
);
201 if (!req
->session
) goto nosession
;
202 smb2srv_tcon_recv(req
);
205 if (!req
->session
) goto nosession
;
206 if (!req
->tcon
) goto notcon
;
207 smb2srv_tdis_recv(req
);
210 if (!req
->session
) goto nosession
;
211 if (!req
->tcon
) goto notcon
;
212 smb2srv_create_recv(req
);
215 if (!req
->session
) goto nosession
;
216 if (!req
->tcon
) goto notcon
;
217 smb2srv_close_recv(req
);
220 if (!req
->session
) goto nosession
;
221 if (!req
->tcon
) goto notcon
;
222 smb2srv_flush_recv(req
);
225 if (!req
->session
) goto nosession
;
226 if (!req
->tcon
) goto notcon
;
227 smb2srv_read_recv(req
);
230 if (!req
->session
) goto nosession
;
231 if (!req
->tcon
) goto notcon
;
232 smb2srv_write_recv(req
);
235 if (!req
->session
) goto nosession
;
236 if (!req
->tcon
) goto notcon
;
237 smb2srv_lock_recv(req
);
240 if (!req
->session
) goto nosession
;
241 if (!req
->tcon
) goto notcon
;
242 smb2srv_ioctl_recv(req
);
245 smb2srv_cancel_recv(req
);
247 case SMB2_OP_KEEPALIVE
:
248 smb2srv_keepalive_recv(req
);
251 if (!req
->session
) goto nosession
;
252 if (!req
->tcon
) goto notcon
;
253 smb2srv_find_recv(req
);
256 if (!req
->session
) goto nosession
;
257 if (!req
->tcon
) goto notcon
;
258 smb2srv_notify_recv(req
);
260 case SMB2_OP_GETINFO
:
261 if (!req
->session
) goto nosession
;
262 if (!req
->tcon
) goto notcon
;
263 smb2srv_getinfo_recv(req
);
265 case SMB2_OP_SETINFO
:
266 if (!req
->session
) goto nosession
;
267 if (!req
->tcon
) goto notcon
;
268 smb2srv_setinfo_recv(req
);
271 if (!req
->session
) goto nosession
;
272 if (!req
->tcon
) goto notcon
;
273 smb2srv_break_recv(req
);
277 DEBUG(1,("Invalid SMB2 opcode: 0x%04X\n", opcode
));
278 smbsrv_terminate_connection(req
->smb_conn
, "Invalid SMB2 opcode");
282 smb2srv_send_error(req
, NT_STATUS_USER_SESSION_DELETED
);
285 smb2srv_send_error(req
, NT_STATUS_NETWORK_NAME_DELETED
);
289 NTSTATUS
smbsrv_recv_smb2_request(void *private, DATA_BLOB blob
)
291 struct smbsrv_connection
*smb_conn
= talloc_get_type(private, struct smbsrv_connection
);
292 struct smb2srv_request
*req
;
293 struct timeval cur_time
= timeval_current();
294 uint32_t protocol_version
;
295 uint16_t buffer_code
;
296 uint32_t dynamic_size
;
298 smb_conn
->statistics
.last_request_time
= cur_time
;
300 /* see if its a special NBT packet */
301 if (CVAL(blob
.data
,0) != 0) {
302 DEBUG(2,("Special NBT packet on SMB2 connection"));
303 smbsrv_terminate_connection(smb_conn
, "Special NBT packet on SMB2 connection");
307 if (blob
.length
< (NBT_HDR_SIZE
+ SMB2_MIN_SIZE
)) {
308 DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob
.length
));
309 smbsrv_terminate_connection(smb_conn
, "Invalid SMB2 packet");
313 protocol_version
= IVAL(blob
.data
, NBT_HDR_SIZE
);
315 if (protocol_version
!= SMB2_MAGIC
) {
316 DEBUG(2,("Invalid SMB packet: protocol prefix: 0x%08X\n",
318 smbsrv_terminate_connection(smb_conn
, "NON-SMB2 packet");
322 req
= smb2srv_init_request(smb_conn
);
323 NT_STATUS_HAVE_NO_MEMORY(req
);
325 req
->in
.buffer
= talloc_steal(req
, blob
.data
);
326 req
->in
.size
= blob
.length
;
327 req
->request_time
= cur_time
;
328 req
->in
.allocated
= req
->in
.size
;
330 req
->in
.hdr
= req
->in
.buffer
+ NBT_HDR_SIZE
;
331 req
->in
.body
= req
->in
.hdr
+ SMB2_HDR_BODY
;
332 req
->in
.body_size
= req
->in
.size
- (SMB2_HDR_BODY
+NBT_HDR_SIZE
);
333 req
->in
.dynamic
= NULL
;
335 buffer_code
= SVAL(req
->in
.body
, 0);
336 req
->in
.body_fixed
= (buffer_code
& ~1);
337 dynamic_size
= req
->in
.body_size
- req
->in
.body_fixed
;
339 if (dynamic_size
!= 0 && (buffer_code
& 1)) {
340 req
->in
.dynamic
= req
->in
.body
+ req
->in
.body_fixed
;
341 if (smb2_oob(&req
->in
, req
->in
.dynamic
, dynamic_size
)) {
342 DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n",
344 smb2srv_send_error(req
, NT_STATUS_INVALID_PARAMETER
);
350 * TODO: - make sure the length field is 64
351 * - make sure it's a request
354 return smb2srv_reply(req
);
357 static NTSTATUS
smb2srv_init_pending(struct smbsrv_connection
*smb_conn
)
359 smb_conn
->requests2
.idtree_req
= idr_init(smb_conn
);
360 NT_STATUS_HAVE_NO_MEMORY(smb_conn
->requests2
.idtree_req
);
361 smb_conn
->requests2
.idtree_limit
= 0x00FFFFFF & (UINT32_MAX
- 1);
362 smb_conn
->requests2
.list
= NULL
;
367 NTSTATUS
smb2srv_queue_pending(struct smb2srv_request
*req
)
371 if (req
->pending_id
) {
372 return NT_STATUS_INTERNAL_ERROR
;
375 id
= idr_get_new_above(req
->smb_conn
->requests2
.idtree_req
, req
,
376 1, req
->smb_conn
->requests2
.idtree_limit
);
378 return NT_STATUS_INSUFFICIENT_RESOURCES
;
381 DLIST_ADD_END(req
->smb_conn
->requests2
.list
, req
, struct smb2srv_request
*);
382 req
->pending_id
= id
;
384 talloc_set_destructor(req
, smb2srv_request_deny_destructor
);
385 smb2srv_send_error(req
, STATUS_PENDING
);
386 talloc_set_destructor(req
, smb2srv_request_destructor
);
391 void smb2srv_cancel_recv(struct smb2srv_request
*req
)
396 struct smb2srv_request
*r
;
398 if (!req
->session
) goto done
;
400 flags
= IVAL(req
->in
.hdr
, SMB2_HDR_FLAGS
);
401 pending_id
= IVAL(req
->in
.hdr
, SMB2_HDR_PID
);
403 if (!(flags
& 0x00000002)) {
404 /* TODO: what to do here? */
408 p
= idr_find(req
->smb_conn
->requests2
.idtree_req
, pending_id
);
411 r
= talloc_get_type(p
, struct smb2srv_request
);
414 if (!r
->ntvfs
) goto done
;
416 ntvfs_cancel(r
->ntvfs
);
419 /* we never generate a reply for a SMB2 Cancel */
424 * init the SMB2 protocol related stuff
426 NTSTATUS
smbsrv_init_smb2_connection(struct smbsrv_connection
*smb_conn
)
430 /* now initialise a few default values associated with this smb socket */
431 smb_conn
->negotiate
.max_send
= 0xFFFF;
433 /* this is the size that w2k uses, and it appears to be important for
435 smb_conn
->negotiate
.max_recv
= lp_max_xmit();
437 smb_conn
->negotiate
.zone_offset
= get_time_zone(time(NULL
));
439 smb_conn
->config
.security
= SEC_USER
;
440 smb_conn
->config
.nt_status_support
= True
;
442 status
= smbsrv_init_sessions(smb_conn
, UINT64_MAX
);
443 NT_STATUS_NOT_OK_RETURN(status
);
445 status
= smb2srv_init_pending(smb_conn
);
446 NT_STATUS_NOT_OK_RETURN(status
);