2 Unix SMB/CIFS implementation.
4 SMB2 client request handling
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Stefan Metzmacher 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "libcli/raw/libcliraw.h"
26 #include "libcli/smb2/smb2.h"
27 #include "include/dlinklist.h"
28 #include "lib/events/events.h"
31 initialise a smb2 request
33 struct smb2_request *smb2_request_init(struct smb2_transport *transport, uint16_t opcode,
34 uint16_t body_fixed_size, BOOL body_dynamic_present,
35 uint32_t body_dynamic_size)
37 struct smb2_request *req;
39 if (body_dynamic_present) {
40 if (body_dynamic_size == 0) {
41 body_dynamic_size = 1;
44 body_dynamic_size = 0;
47 req = talloc(transport, struct smb2_request);
48 if (req == NULL) return NULL;
50 req->state = SMB2_REQUEST_INIT;
51 req->transport = transport;
54 req->seqnum = transport->seqnum++;
55 req->status = NT_STATUS_OK;
57 req->next = req->prev = NULL;
61 req->out.size = SMB2_HDR_BODY+NBT_HDR_SIZE+body_fixed_size;
63 req->out.allocated = req->out.size + body_dynamic_size;
64 req->out.buffer = talloc_size(req, req->out.allocated);
65 if (req->out.buffer == NULL) {
70 req->out.hdr = req->out.buffer + NBT_HDR_SIZE;
71 req->out.body = req->out.hdr + SMB2_HDR_BODY;
72 req->out.body_size = body_fixed_size;
73 req->out.dynamic = (body_dynamic_size ? req->out.body + body_fixed_size : NULL);
75 SIVAL(req->out.hdr, 0, SMB2_MAGIC);
76 SSVAL(req->out.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
77 SSVAL(req->out.hdr, SMB2_HDR_PAD1, 0);
78 SIVAL(req->out.hdr, SMB2_HDR_STATUS, 0);
79 SSVAL(req->out.hdr, SMB2_HDR_OPCODE, opcode);
80 SSVAL(req->out.hdr, SMB2_HDR_PAD2, 0);
81 SIVAL(req->out.hdr, SMB2_HDR_FLAGS, 0);
82 SIVAL(req->out.hdr, SMB2_HDR_UNKNOWN, 0);
83 SBVAL(req->out.hdr, SMB2_HDR_SEQNUM, req->seqnum);
84 SIVAL(req->out.hdr, SMB2_HDR_PID, 0);
85 SIVAL(req->out.hdr, SMB2_HDR_TID, 0);
86 SBVAL(req->out.hdr, SMB2_HDR_UID, 0);
87 memset(req->out.hdr+SMB2_HDR_SIG, 0, 16);
89 /* set the length of the fixed body part and +1 if there's a dynamic part also */
90 SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0));
93 * if we have a dynamic part, make sure the first byte
94 * which is always be part of the packet is initialized
96 if (body_dynamic_size) {
98 SCVAL(req->out.dynamic, 0, 0);
105 initialise a smb2 request for tree operations
107 struct smb2_request *smb2_request_init_tree(struct smb2_tree *tree, uint16_t opcode,
108 uint16_t body_fixed_size, BOOL body_dynamic_present,
109 uint32_t body_dynamic_size)
111 struct smb2_request *req = smb2_request_init(tree->session->transport, opcode,
112 body_fixed_size, body_dynamic_present,
114 if (req == NULL) return NULL;
116 SBVAL(req->out.hdr, SMB2_HDR_UID, tree->session->uid);
117 SIVAL(req->out.hdr, SMB2_HDR_TID, tree->tid);
118 req->session = tree->session;
124 /* destroy a request structure and return final status */
125 NTSTATUS smb2_request_destroy(struct smb2_request *req)
129 /* this is the error code we give the application for when a
130 _send() call fails completely */
131 if (!req) return NT_STATUS_UNSUCCESSFUL;
133 if (req->transport) {
134 /* remove it from the list of pending requests (a null op if
135 its not in the list) */
136 DLIST_REMOVE(req->transport->pending_recv, req);
139 if (req->state == SMB2_REQUEST_ERROR &&
140 NT_STATUS_IS_OK(req->status)) {
141 req->status = NT_STATUS_INTERNAL_ERROR;
144 status = req->status;
150 receive a response to a packet
152 BOOL smb2_request_receive(struct smb2_request *req)
154 /* req can be NULL when a send has failed. This eliminates lots of NULL
155 checks in each module */
156 if (!req) return False;
158 /* keep receiving packets until this one is replied to */
159 while (req->state <= SMB2_REQUEST_RECV) {
160 if (event_loop_once(req->transport->socket->event.ctx) != 0) {
165 return req->state == SMB2_REQUEST_DONE;
168 /* Return true if the last packet was in error */
169 BOOL smb2_request_is_error(struct smb2_request *req)
171 return NT_STATUS_IS_ERR(req->status);
174 /* Return true if the last packet was OK */
175 BOOL smb2_request_is_ok(struct smb2_request *req)
177 return NT_STATUS_IS_OK(req->status);
181 check if a range in the reply body is out of bounds
183 BOOL smb2_oob(struct smb2_request_buffer *buf, const uint8_t *ptr, size_t size)
185 /* be careful with wraparound! */
186 if (ptr < buf->body ||
187 ptr >= buf->body + buf->body_size ||
188 size > buf->body_size ||
189 ptr + size > buf->body + buf->body_size) {
195 size_t smb2_padding_size(uint32_t offset, size_t n)
197 if ((offset & (n-1)) == 0) return 0;
198 return n - (offset & (n-1));
202 grow a SMB2 buffer by the specified amount
204 static NTSTATUS smb2_grow_buffer(struct smb2_request_buffer *buf, size_t increase)
208 uint32_t newsize = buf->size + increase;
210 /* a packet size should be limited a bit */
211 if (newsize >= 0x00FFFFFF) return NT_STATUS_MARSHALL_OVERFLOW;
213 if (newsize <= buf->allocated) return NT_STATUS_OK;
215 dynamic_ofs = buf->dynamic - buf->buffer;
217 buffer_ptr = talloc_realloc_size(buf, buf->buffer, newsize);
218 NT_STATUS_HAVE_NO_MEMORY(buffer_ptr);
220 buf->buffer = buffer_ptr;
221 buf->hdr = buf->buffer + NBT_HDR_SIZE;
222 buf->body = buf->hdr + SMB2_HDR_BODY;
223 buf->dynamic = buf->buffer + dynamic_ofs;
224 buf->allocated = newsize;
230 pull a uint16_t ofs/ uint16_t length/blob triple from a data blob
231 the ptr points to the start of the offset/length pair
233 NTSTATUS smb2_pull_o16s16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
236 if (smb2_oob(buf, ptr, 4)) {
237 return NT_STATUS_BUFFER_TOO_SMALL;
241 if (ofs == 0 || size == 0) {
242 *blob = data_blob(NULL, 0);
245 if (smb2_oob(buf, buf->hdr + ofs, size)) {
246 return NT_STATUS_BUFFER_TOO_SMALL;
248 *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
249 NT_STATUS_HAVE_NO_MEMORY(blob->data);
254 push a uint16_t ofs/ uint16_t length/blob triple into a data blob
255 the ofs points to the start of the offset/length pair, and is relative
258 NTSTATUS smb2_push_o16s16_blob(struct smb2_request_buffer *buf,
259 uint16_t ofs, DATA_BLOB blob)
263 size_t padding_length;
264 uint8_t *ptr = buf->body+ofs;
266 if (buf->dynamic == NULL) {
267 return NT_STATUS_INVALID_PARAMETER;
270 /* we have only 16 bit for the size */
271 if (blob.length > 0xFFFF) {
272 return NT_STATUS_BUFFER_TOO_SMALL;
275 /* check if there're enough room for ofs and size */
276 if (smb2_oob(buf, ptr, 4)) {
277 return NT_STATUS_BUFFER_TOO_SMALL;
280 if (blob.length == 0) {
286 offset = buf->dynamic - buf->hdr;
287 padding_length = smb2_padding_size(offset, 2);
288 offset += padding_length;
290 SSVAL(ptr, 0, offset);
291 SSVAL(ptr, 2, blob.length);
293 status = smb2_grow_buffer(buf, padding_length + blob.length);
294 NT_STATUS_NOT_OK_RETURN(status);
296 memset(buf->dynamic, 0, padding_length);
297 buf->dynamic += padding_length;
299 memcpy(buf->dynamic, blob.data, blob.length);
300 buf->dynamic += blob.length;
302 buf->size += blob.length + padding_length;
303 buf->body_size += blob.length + padding_length;
310 push a uint16_t ofs/ uint32_t length/blob triple into a data blob
311 the ofs points to the start of the offset/length pair, and is relative
314 NTSTATUS smb2_push_o16s32_blob(struct smb2_request_buffer *buf,
315 uint16_t ofs, DATA_BLOB blob)
319 size_t padding_length;
320 uint8_t *ptr = buf->body+ofs;
322 if (buf->dynamic == NULL) {
323 return NT_STATUS_INVALID_PARAMETER;
326 /* check if there're enough room for ofs and size */
327 if (smb2_oob(buf, ptr, 6)) {
328 return NT_STATUS_BUFFER_TOO_SMALL;
331 if (blob.length == 0) {
337 offset = buf->dynamic - buf->hdr;
338 padding_length = smb2_padding_size(offset, 2);
339 offset += padding_length;
341 SSVAL(ptr, 0, offset);
342 SIVAL(ptr, 2, blob.length);
344 status = smb2_grow_buffer(buf, padding_length + blob.length);
345 NT_STATUS_NOT_OK_RETURN(status);
347 memset(buf->dynamic, 0, padding_length);
348 buf->dynamic += padding_length;
350 memcpy(buf->dynamic, blob.data, blob.length);
351 buf->dynamic += blob.length;
353 buf->size += blob.length + padding_length;
354 buf->body_size += blob.length + padding_length;
361 push a uint32_t ofs/ uint32_t length/blob triple into a data blob
362 the ofs points to the start of the offset/length pair, and is relative
365 NTSTATUS smb2_push_o32s32_blob(struct smb2_request_buffer *buf,
366 uint32_t ofs, DATA_BLOB blob)
370 size_t padding_length;
371 uint8_t *ptr = buf->body+ofs;
373 if (buf->dynamic == NULL) {
374 return NT_STATUS_INVALID_PARAMETER;
377 /* check if there're enough room for ofs and size */
378 if (smb2_oob(buf, ptr, 8)) {
379 return NT_STATUS_BUFFER_TOO_SMALL;
382 if (blob.length == 0) {
388 offset = buf->dynamic - buf->hdr;
389 padding_length = smb2_padding_size(offset, 8);
390 offset += padding_length;
392 SIVAL(ptr, 0, offset);
393 SIVAL(ptr, 4, blob.length);
395 status = smb2_grow_buffer(buf, padding_length + blob.length);
396 NT_STATUS_NOT_OK_RETURN(status);
398 memset(buf->dynamic, 0, padding_length);
399 buf->dynamic += padding_length;
401 memcpy(buf->dynamic, blob.data, blob.length);
402 buf->dynamic += blob.length;
404 buf->size += blob.length + padding_length;
405 buf->body_size += blob.length + padding_length;
412 push a uint32_t length/ uint32_t ofs/blob triple into a data blob
413 the ofs points to the start of the length/offset pair, and is relative
416 NTSTATUS smb2_push_s32o32_blob(struct smb2_request_buffer *buf,
417 uint32_t ofs, DATA_BLOB blob)
421 size_t padding_length;
422 uint8_t *ptr = buf->body+ofs;
424 if (buf->dynamic == NULL) {
425 return NT_STATUS_INVALID_PARAMETER;
428 /* check if there're enough room for ofs and size */
429 if (smb2_oob(buf, ptr, 8)) {
430 return NT_STATUS_BUFFER_TOO_SMALL;
433 if (blob.length == 0) {
439 offset = buf->dynamic - buf->hdr;
440 padding_length = smb2_padding_size(offset, 8);
441 offset += padding_length;
443 SIVAL(ptr, 0, blob.length);
444 SIVAL(ptr, 4, offset);
446 status = smb2_grow_buffer(buf, padding_length + blob.length);
447 NT_STATUS_NOT_OK_RETURN(status);
449 memset(buf->dynamic, 0, padding_length);
450 buf->dynamic += padding_length;
452 memcpy(buf->dynamic, blob.data, blob.length);
453 buf->dynamic += blob.length;
455 buf->size += blob.length + padding_length;
456 buf->body_size += blob.length + padding_length;
462 pull a uint16_t ofs/ uint32_t length/blob triple from a data blob
463 the ptr points to the start of the offset/length pair
465 NTSTATUS smb2_pull_o16s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
470 if (smb2_oob(buf, ptr, 6)) {
471 return NT_STATUS_BUFFER_TOO_SMALL;
475 if (ofs == 0 || size == 0) {
476 *blob = data_blob(NULL, 0);
479 if (smb2_oob(buf, buf->hdr + ofs, size)) {
480 return NT_STATUS_BUFFER_TOO_SMALL;
482 *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
483 NT_STATUS_HAVE_NO_MEMORY(blob->data);
488 pull a uint32_t ofs/ uint32_t length/blob triple from a data blob
489 the ptr points to the start of the offset/length pair
491 NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
494 if (smb2_oob(buf, ptr, 8)) {
495 return NT_STATUS_BUFFER_TOO_SMALL;
499 if (ofs == 0 || size == 0) {
500 *blob = data_blob(NULL, 0);
503 if (smb2_oob(buf, buf->hdr + ofs, size)) {
504 return NT_STATUS_BUFFER_TOO_SMALL;
506 *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
507 NT_STATUS_HAVE_NO_MEMORY(blob->data);
512 pull a uint32_t length/ uint32_t ofs/blob triple from a data blob
513 the ptr points to the start of the offset/length pair
515 NTSTATUS smb2_pull_s32o32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
518 if (smb2_oob(buf, ptr, 8)) {
519 return NT_STATUS_BUFFER_TOO_SMALL;
523 if (ofs == 0 || size == 0) {
524 *blob = data_blob(NULL, 0);
527 if (smb2_oob(buf, buf->hdr + ofs, size)) {
528 return NT_STATUS_BUFFER_TOO_SMALL;
530 *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
531 NT_STATUS_HAVE_NO_MEMORY(blob->data);
536 pull a string in a uint16_t ofs/ uint16_t length/blob format
537 UTF-16 without termination
539 NTSTATUS smb2_pull_o16s16_string(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx,
540 uint8_t *ptr, const char **str)
547 status = smb2_pull_o16s16_blob(buf, mem_ctx, ptr, &blob);
548 NT_STATUS_NOT_OK_RETURN(status);
550 if (blob.length == 0) {
552 s = talloc_strdup(mem_ctx, "");
553 NT_STATUS_HAVE_NO_MEMORY(s);
558 size = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
559 blob.data, blob.length, &vstr);
560 data_blob_free(&blob);
563 return NT_STATUS_ILLEGAL_CHARACTER;
569 push a string in a uint16_t ofs/ uint16_t length/blob format
570 UTF-16 without termination
572 NTSTATUS smb2_push_o16s16_string(struct smb2_request_buffer *buf,
573 uint16_t ofs, const char *str)
579 if (strcmp("", str) == 0) {
580 return smb2_push_o16s16_blob(buf, ofs, data_blob(NULL, 0));
583 size = convert_string_talloc(buf->buffer, CH_UNIX, CH_UTF16,
584 str, strlen(str), (void **)&blob.data);
586 return NT_STATUS_ILLEGAL_CHARACTER;
590 status = smb2_push_o16s16_blob(buf, ofs, blob);
591 data_blob_free(&blob);
596 push a file handle into a buffer
598 void smb2_push_handle(uint8_t *data, struct smb2_handle *h)
600 SBVAL(data, 0, h->data[0]);
601 SBVAL(data, 8, h->data[1]);
605 pull a file handle from a buffer
607 void smb2_pull_handle(uint8_t *ptr, struct smb2_handle *h)
609 h->data[0] = BVAL(ptr, 0);
610 h->data[1] = BVAL(ptr, 8);
git.samba.org / amitay / samba.git / blob