search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r21745: indent
[Samba/ekacnet.git] / source4 / smb_server / smb2 / receive.c
blobf2a34bdcbfd1a2ff4193b6037d1145348a154bd5
1 /*
2 Unix SMB2 implementation.
3
4 Copyright (C) Andrew Tridgell 2005
5 Copyright (C) Stefan Metzmacher 2005
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23 #include "system/time.h"
24 #include "libcli/smb2/smb2.h"
25 #include "libcli/smb2/smb2_calls.h"
26 #include "smb_server/smb_server.h"
27 #include "smb_server/service_smb_proto.h"
28 #include "smb_server/smb2/smb2_server.h"
29 #include "smbd/service_stream.h"
30 #include "lib/stream/packet.h"
31 #include "ntvfs/ntvfs.h"
32
33 static int smb2srv_request_destructor(struct smb2srv_request *req)
34 {
35 DLIST_REMOVE(req->smb_conn->requests2.list, req);
36 if (req->pending_id) {
37 idr_remove(req->smb_conn->requests2.idtree_req, req->pending_id);
38 }
39 return 0;
40 }
41
42 static int smb2srv_request_deny_destructor(struct smb2srv_request *req)
43 {
44 return -1;
45 }
46
47 static struct smb2srv_request *smb2srv_init_request(struct smbsrv_connection *smb_conn)
48 {
49 struct smb2srv_request *req;
50
51 req = talloc_zero(smb_conn, struct smb2srv_request);
52 if (!req) return NULL;
53
54 req->smb_conn = smb_conn;
55
56 talloc_set_destructor(req, smb2srv_request_destructor);
57
58 return req;
59 }
60
61 NTSTATUS smb2srv_setup_reply(struct smb2srv_request *req, uint16_t body_fixed_size,
62 BOOL body_dynamic_present, uint32_t body_dynamic_size)
63 {
64 uint32_t flags = 0x00000001;
65 uint32_t pid = IVAL(req->in.hdr, SMB2_HDR_PID);
66 uint32_t tid = IVAL(req->in.hdr, SMB2_HDR_TID);
67
68 if (req->pending_id) {
69 flags |= 0x00000002;
70 pid = req->pending_id;
71 tid = 0;
72 }
73
74 if (body_dynamic_present) {
75 if (body_dynamic_size == 0) {
76 body_dynamic_size = 1;
77 }
78 } else {
79 body_dynamic_size = 0;
80 }
81
82 req->out.size = SMB2_HDR_BODY+NBT_HDR_SIZE+body_fixed_size;
83
84 req->out.allocated = req->out.size + body_dynamic_size;
85 req->out.buffer = talloc_size(req, req->out.allocated);
86 NT_STATUS_HAVE_NO_MEMORY(req->out.buffer);
87
88 req->out.hdr = req->out.buffer + NBT_HDR_SIZE;
89 req->out.body = req->out.hdr + SMB2_HDR_BODY;
90 req->out.body_fixed = body_fixed_size;
91 req->out.body_size = body_fixed_size;
92 req->out.dynamic = (body_dynamic_size ? req->out.body + body_fixed_size : NULL);
93
94 SIVAL(req->out.hdr, 0, SMB2_MAGIC);
95 SSVAL(req->out.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
96 SSVAL(req->out.hdr, SMB2_HDR_PAD1, 0);
97 SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(req->status));
98 SSVAL(req->out.hdr, SMB2_HDR_OPCODE, SVAL(req->in.hdr, SMB2_HDR_OPCODE));
99 SSVAL(req->out.hdr, SMB2_HDR_UNKNOWN1,0x0001);
100 SIVAL(req->out.hdr, SMB2_HDR_FLAGS, flags);
101 SIVAL(req->out.hdr, SMB2_HDR_UNKNOWN2,0);
102 SBVAL(req->out.hdr, SMB2_HDR_SEQNUM, req->seqnum);
103 SIVAL(req->out.hdr, SMB2_HDR_PID, pid);
104 SIVAL(req->out.hdr, SMB2_HDR_TID, tid);
105 SBVAL(req->out.hdr, SMB2_HDR_UID, BVAL(req->in.hdr, SMB2_HDR_UID));
106 memset(req->out.hdr+SMB2_HDR_SIG, 0, 16);
107
108 /* set the length of the fixed body part and +1 if there's a dynamic part also */
109 SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0));
110
111 /*
112 * if we have a dynamic part, make sure the first byte
113 * which is always be part of the packet is initialized
114 */
115 if (body_dynamic_size) {
116 req->out.size += 1;
117 SCVAL(req->out.dynamic, 0, 0);
118 }
119
120 return NT_STATUS_OK;
121 }
122
123 void smb2srv_send_reply(struct smb2srv_request *req)
124 {
125 DATA_BLOB blob;
126 NTSTATUS status;
127
128 if (req->smb_conn->connection->event.fde == NULL) {
129 /* the socket has been destroyed - no point trying to send a reply! */
130 talloc_free(req);
131 return;
132 }
133
134 if (req->out.size > NBT_HDR_SIZE) {
135 _smb2_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE);
136 }
137
138 blob = data_blob_const(req->out.buffer, req->out.size);
139 status = packet_send(req->smb_conn->packet, blob);
140 if (!NT_STATUS_IS_OK(status)) {
141 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
142 }
143 talloc_free(req);
144 }
145
146 void smb2srv_send_error(struct smb2srv_request *req, NTSTATUS error)
147 {
148 NTSTATUS status;
149
150 if (req->smb_conn->connection->event.fde == NULL) {
151 /* the socket has been destroyed - no point trying to send an error! */
152 talloc_free(req);
153 return;
154 }
155
156 status = smb2srv_setup_reply(req, 8, True, 0);
157 if (!NT_STATUS_IS_OK(status)) {
158 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
159 talloc_free(req);
160 return;
161 }
162
163 SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(error));
164
165 SSVAL(req->out.body, 0x02, 0);
166 SIVAL(req->out.body, 0x04, 0);
167
168 smb2srv_send_reply(req);
169 }
170
171 static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
172 {
173 uint16_t opcode;
174 uint32_t tid;
175 uint64_t uid;
176
177 opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
178 req->seqnum = BVAL(req->in.hdr, SMB2_HDR_SEQNUM);
179 tid = IVAL(req->in.hdr, SMB2_HDR_TID);
180 uid = BVAL(req->in.hdr, SMB2_HDR_UID);
181
182 req->session = smbsrv_session_find(req->smb_conn, uid, req->request_time);
183 req->tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
184
185 errno = 0;
186
187 /* TODO: check the seqnum */
188
189 switch (opcode) {
190 case SMB2_OP_NEGPROT:
191 smb2srv_negprot_recv(req);
192 return NT_STATUS_OK;
193 case SMB2_OP_SESSSETUP:
194 smb2srv_sesssetup_recv(req);
195 return NT_STATUS_OK;
196 case SMB2_OP_LOGOFF:
197 if (!req->session) goto nosession;
198 smb2srv_logoff_recv(req);
199 return NT_STATUS_OK;
200 case SMB2_OP_TCON:
201 if (!req->session) goto nosession;
202 smb2srv_tcon_recv(req);
203 return NT_STATUS_OK;
204 case SMB2_OP_TDIS:
205 if (!req->session) goto nosession;
206 if (!req->tcon) goto notcon;
207 smb2srv_tdis_recv(req);
208 return NT_STATUS_OK;
209 case SMB2_OP_CREATE:
210 if (!req->session) goto nosession;
211 if (!req->tcon) goto notcon;
212 smb2srv_create_recv(req);
213 return NT_STATUS_OK;
214 case SMB2_OP_CLOSE:
215 if (!req->session) goto nosession;
216 if (!req->tcon) goto notcon;
217 smb2srv_close_recv(req);
218 return NT_STATUS_OK;
219 case SMB2_OP_FLUSH:
220 if (!req->session) goto nosession;
221 if (!req->tcon) goto notcon;
222 smb2srv_flush_recv(req);
223 return NT_STATUS_OK;
224 case SMB2_OP_READ:
225 if (!req->session) goto nosession;
226 if (!req->tcon) goto notcon;
227 smb2srv_read_recv(req);
228 return NT_STATUS_OK;
229 case SMB2_OP_WRITE:
230 if (!req->session) goto nosession;
231 if (!req->tcon) goto notcon;
232 smb2srv_write_recv(req);
233 return NT_STATUS_OK;
234 case SMB2_OP_LOCK:
235 if (!req->session) goto nosession;
236 if (!req->tcon) goto notcon;
237 smb2srv_lock_recv(req);
238 return NT_STATUS_OK;
239 case SMB2_OP_IOCTL:
240 if (!req->session) goto nosession;
241 if (!req->tcon) goto notcon;
242 smb2srv_ioctl_recv(req);
243 return NT_STATUS_OK;
244 case SMB2_OP_CANCEL:
245 smb2srv_cancel_recv(req);
246 return NT_STATUS_OK;
247 case SMB2_OP_KEEPALIVE:
248 smb2srv_keepalive_recv(req);
249 return NT_STATUS_OK;
250 case SMB2_OP_FIND:
251 if (!req->session) goto nosession;
252 if (!req->tcon) goto notcon;
253 smb2srv_find_recv(req);
254 return NT_STATUS_OK;
255 case SMB2_OP_NOTIFY:
256 if (!req->session) goto nosession;
257 if (!req->tcon) goto notcon;
258 smb2srv_notify_recv(req);
259 return NT_STATUS_OK;
260 case SMB2_OP_GETINFO:
261 if (!req->session) goto nosession;
262 if (!req->tcon) goto notcon;
263 smb2srv_getinfo_recv(req);
264 return NT_STATUS_OK;
265 case SMB2_OP_SETINFO:
266 if (!req->session) goto nosession;
267 if (!req->tcon) goto notcon;
268 smb2srv_setinfo_recv(req);
269 return NT_STATUS_OK;
270 case SMB2_OP_BREAK:
271 if (!req->session) goto nosession;
272 if (!req->tcon) goto notcon;
273 smb2srv_break_recv(req);
274 return NT_STATUS_OK;
275 }
276
277 DEBUG(1,("Invalid SMB2 opcode: 0x%04X\n", opcode));
278 smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 opcode");
279 return NT_STATUS_OK;
280
281 nosession:
282 smb2srv_send_error(req, NT_STATUS_USER_SESSION_DELETED);
283 return NT_STATUS_OK;
284 notcon:
285 smb2srv_send_error(req, NT_STATUS_NETWORK_NAME_DELETED);
286 return NT_STATUS_OK;
287 }
288
289 NTSTATUS smbsrv_recv_smb2_request(void *private, DATA_BLOB blob)
290 {
291 struct smbsrv_connection *smb_conn = talloc_get_type(private, struct smbsrv_connection);
292 struct smb2srv_request *req;
293 struct timeval cur_time = timeval_current();
294 uint32_t protocol_version;
295 uint16_t buffer_code;
296 uint32_t dynamic_size;
297
298 smb_conn->statistics.last_request_time = cur_time;
299
300 /* see if its a special NBT packet */
301 if (CVAL(blob.data,0) != 0) {
302 DEBUG(2,("Special NBT packet on SMB2 connection"));
303 smbsrv_terminate_connection(smb_conn, "Special NBT packet on SMB2 connection");
304 return NT_STATUS_OK;
305 }
306
307 if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE)) {
308 DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob.length));
309 smbsrv_terminate_connection(smb_conn, "Invalid SMB2 packet");
310 return NT_STATUS_OK;
311 }
312
313 protocol_version = IVAL(blob.data, NBT_HDR_SIZE);
314
315 if (protocol_version != SMB2_MAGIC) {
316 DEBUG(2,("Invalid SMB packet: protocol prefix: 0x%08X\n",
317 protocol_version));
318 smbsrv_terminate_connection(smb_conn, "NON-SMB2 packet");
319 return NT_STATUS_OK;
320 }
321
322 req = smb2srv_init_request(smb_conn);
323 NT_STATUS_HAVE_NO_MEMORY(req);
324
325 req->in.buffer = talloc_steal(req, blob.data);
326 req->in.size = blob.length;
327 req->request_time = cur_time;
328 req->in.allocated = req->in.size;
329
330 req->in.hdr = req->in.buffer+ NBT_HDR_SIZE;
331 req->in.body = req->in.hdr + SMB2_HDR_BODY;
332 req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
333 req->in.dynamic = NULL;
334
335 buffer_code = SVAL(req->in.body, 0);
336 req->in.body_fixed = (buffer_code & ~1);
337 dynamic_size = req->in.body_size - req->in.body_fixed;
338
339 if (dynamic_size != 0 && (buffer_code & 1)) {
340 req->in.dynamic = req->in.body + req->in.body_fixed;
341 if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
342 DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n",
343 dynamic_size));
344 smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
345 return NT_STATUS_OK;
346 }
347 }
348
349 /*
350 * TODO: - make sure the length field is 64
351 * - make sure it's a request
352 */
353
354 return smb2srv_reply(req);
355 }
356
357 static NTSTATUS smb2srv_init_pending(struct smbsrv_connection *smb_conn)
358 {
359 smb_conn->requests2.idtree_req = idr_init(smb_conn);
360 NT_STATUS_HAVE_NO_MEMORY(smb_conn->requests2.idtree_req);
361 smb_conn->requests2.idtree_limit = 0x00FFFFFF & (UINT32_MAX - 1);
362 smb_conn->requests2.list = NULL;
363
364 return NT_STATUS_OK;
365 }
366
367 NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req)
368 {
369 int id;
370
371 if (req->pending_id) {
372 return NT_STATUS_INTERNAL_ERROR;
373 }
374
375 id = idr_get_new_above(req->smb_conn->requests2.idtree_req, req,
376 1, req->smb_conn->requests2.idtree_limit);
377 if (id == -1) {
378 return NT_STATUS_INSUFFICIENT_RESOURCES;
379 }
380
381 DLIST_ADD_END(req->smb_conn->requests2.list, req, struct smb2srv_request *);
382 req->pending_id = id;
383
384 talloc_set_destructor(req, smb2srv_request_deny_destructor);
385 smb2srv_send_error(req, STATUS_PENDING);
386 talloc_set_destructor(req, smb2srv_request_destructor);
387
388 return NT_STATUS_OK;
389 }
390
391 void smb2srv_cancel_recv(struct smb2srv_request *req)
392 {
393 uint32_t pending_id;
394 uint32_t flags;
395 void *p;
396 struct smb2srv_request *r;
397
398 if (!req->session) goto done;
399
400 flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
401 pending_id = IVAL(req->in.hdr, SMB2_HDR_PID);
402
403 if (!(flags & 0x00000002)) {
404 /* TODO: what to do here? */
405 goto done;
406 }
407
408 p = idr_find(req->smb_conn->requests2.idtree_req, pending_id);
409 if (!p) goto done;
410
411 r = talloc_get_type(p, struct smb2srv_request);
412 if (!r) goto done;
413
414 if (!r->ntvfs) goto done;
415
416 ntvfs_cancel(r->ntvfs);
417
418 done:
419 /* we never generate a reply for a SMB2 Cancel */
420 talloc_free(req);
421 }
422
423 /*
424 * init the SMB2 protocol related stuff
425 */
426 NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
427 {
428 NTSTATUS status;
429
430 /* now initialise a few default values associated with this smb socket */
431 smb_conn->negotiate.max_send = 0xFFFF;
432
433 /* this is the size that w2k uses, and it appears to be important for
434 good performance */
435 smb_conn->negotiate.max_recv = lp_max_xmit();
436
437 smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
438
439 smb_conn->config.security = SEC_USER;
440 smb_conn->config.nt_status_support = True;
441
442 status = smbsrv_init_sessions(smb_conn, UINT64_MAX);
443 NT_STATUS_NOT_OK_RETURN(status);
444
445 status = smb2srv_init_pending(smb_conn);
446 NT_STATUS_NOT_OK_RETURN(status);
447
448 return NT_STATUS_OK;
449
450 }