s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_lock.c

[metze/samba/wip.git] / source3 / smbd / smb2_lock.c
diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c

index b106c5fad10112d5e5f39cbc447e14c0e33e5009..ed1d688cfc59d8a00dd4906471174e3642502bb0 100644 (file)
--- a/source3/smbd/smb2_lock.c
+++ b/source3/smbd/smb2_lock.c
@@ -20,9 +20,11 @@
  */
  
  #include "includes.h"
+#include "smbd/smbd.h"
  #include "smbd/globals.h"
  #include "../libcli/smb/smb_common.h"
-#include "librpc/gen_ndr/messaging.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "messages.h"
  
  struct smbd_smb2_lock_element {
         uint64_t offset;
@@ -38,7 +40,8 @@ struct smbd_smb2_lock_state {
         struct smbd_lock_element *locks;
  };
  
-static void remove_pending_lock(TALLOC_CTX *mem_ctx, struct blocking_lock_record *blr);
+static void remove_pending_lock(struct smbd_smb2_lock_state *state,
+                               struct blocking_lock_record *blr);
  
  static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
                                                  struct tevent_context *ev,
@@ -55,8 +58,6 @@ NTSTATUS smbd_smb2_request_process_lock(struct smbd_smb2_request *req)
         const uint8_t *inhdr;
         const uint8_t *inbody;
         const int i = req->current_idx;
-       size_t expected_body_size = 0x30;
-       size_t body_size;
         uint32_t in_smbpid;
         uint16_t in_lock_count;
         uint64_t in_file_id_persistent;
@@ -65,19 +66,15 @@ NTSTATUS smbd_smb2_request_process_lock(struct smbd_smb2_request *req)
         struct tevent_req *subreq;
         const uint8_t *lock_buffer;
         uint16_t l;
+       NTSTATUS status;
  
-       inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
-       if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-               return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+       status = smbd_smb2_request_verify_sizes(req, 0x30);
+       if (!NT_STATUS_IS_OK(status)) {
+               return smbd_smb2_request_error(req, status);
         }
-
+       inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
  
-       body_size = SVAL(inbody, 0x00);
-       if (body_size != expected_body_size) {
-               return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-       }
-
         in_smbpid                       = IVAL(inhdr, SMB2_HDR_PID);
  
         in_lock_count                   = CVAL(inbody, 0x02);
@@ -95,7 +92,7 @@ NTSTATUS smbd_smb2_request_process_lock(struct smbd_smb2_request *req)
  
         if (req->compat_chain_fsp) {
                 /* skip check */
-       } else if (in_file_id_persistent != 0) {
+       } else if (in_file_id_persistent != in_file_id_volatile) {
                 return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
         }
  
@@ -297,12 +294,11 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
                 switch (in_locks[i].flags) {
                 case SMB2_LOCK_FLAG_SHARED:
                 case SMB2_LOCK_FLAG_EXCLUSIVE:
-                       if (i > 0) {
-                               tevent_req_nterror(req,
-                                                  NT_STATUS_INVALID_PARAMETER);
-                               return tevent_req_post(req, ev);
-                       }
                         if (isunlock) {
+                               invalid = true;
+                               break;
+                       }
+                       if (i > 0) {
                                 tevent_req_nterror(req,
                                                    NT_STATUS_INVALID_PARAMETER);
                                 return tevent_req_post(req, ev);
@@ -312,9 +308,7 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
                 case SMB2_LOCK_FLAG_SHARED|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY:
                 case SMB2_LOCK_FLAG_EXCLUSIVE|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY:
                         if (isunlock) {
-                               tevent_req_nterror(req,
-                                                  NT_STATUS_INVALID_PARAMETER);
-                               return tevent_req_post(req, ev);
+                               invalid = true;
                         }
                         break;
  
@@ -341,7 +335,7 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
                         return tevent_req_post(req, ev);
                 }
  
-               locks[i].smbpid = in_smbpid;
+               locks[i].smblctx = in_file_id_volatile;
                 locks[i].offset = in_locks[i].offset;
                 locks[i].count  = in_locks[i].length;
  
@@ -362,13 +356,12 @@ static struct tevent_req *smbd_smb2_lock_send(TALLOC_CTX *mem_ctx,
                 }
  
                 DEBUG(10,("smbd_smb2_lock_send: index %d offset=%llu, count=%llu, "
-                       "pid = %u type %d\n",
+                       "smblctx = %llu type %d\n",
                         i,
                         (unsigned long long)locks[i].offset,
                         (unsigned long long)locks[i].count,
-                       (unsigned int)locks[i].smbpid,
+                       (unsigned long long)locks[i].smblctx,
                         (int)locks[i].brltype ));
-
         }
  
         state->locks = locks;
@@ -457,8 +450,16 @@ static void received_unlock_msg(struct messaging_context *msg,
                                 struct server_id server_id,
                                 DATA_BLOB *data)
  {
+       struct smbd_server_connection *sconn;
+
         DEBUG(10,("received_unlock_msg (SMB2)\n"));
-       process_blocking_lock_queue_smb2(timeval_current());
+
+       sconn = msg_ctx_to_sconn(msg);
+       if (sconn == NULL) {
+               DEBUG(1, ("could not find sconn\n"));
+               return;
+       }
+       process_blocking_lock_queue_smb2(sconn, timeval_current());
  }
  
  /****************************************************************
@@ -510,11 +511,11 @@ static bool recalc_smb2_brl_timeout(struct smbd_server_connection *sconn)
                 }
                 if (timeval_is_zero(&blr->expire_time)) {
                         /*
-                        * If we're blocked on pid 0xFFFFFFFF this is
+                        * If we're blocked on pid 0xFFFFFFFFFFFFFFFFLL this is
                          * a POSIX lock, so calculate a timeout of
                          * 10 seconds into the future.
                          */
-                       if (blr->blocking_pid == 0xFFFFFFFF) {
+                       if (blr->blocking_smblctx == 0xFFFFFFFFFFFFFFFFLL) {
                                 struct timeval psx_to = timeval_current_ofs(10, 0);
                                 next_timeout = timeval_brl_min(&next_timeout, &psx_to);
                         }
@@ -561,7 +562,7 @@ static bool recalc_smb2_brl_timeout(struct smbd_server_connection *sconn)
         }
  
         sconn->smb2.locks.brl_timeout = event_add_timed(
-                               smbd_event_context(),
+                               server_event_context(),
                                 NULL,
                                 next_timeout,
                                 brl_timeout_fn,
@@ -582,14 +583,14 @@ bool push_blocking_lock_request_smb2( struct byte_range_lock *br_lck,
                                 files_struct *fsp,
                                 int lock_timeout,
                                 int lock_num,
-                               uint32_t lock_pid,
+                               uint64_t smblctx,
                                 enum brl_type lock_type,
                                 enum brl_flavour lock_flav,
                                 uint64_t offset,
                                 uint64_t count,
-                               uint32_t blocking_pid)
+                               uint64_t blocking_smblctx)
  {
-       struct smbd_server_connection *sconn = smbd_server_conn;
+       struct smbd_server_connection *sconn = smb1req->sconn;
         struct smbd_smb2_request *smb2req = smb1req->smb2req;
         struct tevent_req *req = NULL;
         struct smbd_smb2_lock_state *state = NULL;
@@ -621,14 +622,12 @@ bool push_blocking_lock_request_smb2( struct byte_range_lock *br_lck,
                 blr->expire_time.tv_sec = 0;
                 blr->expire_time.tv_usec = 0; /* Never expire. */
         } else {
-               blr->expire_time = timeval_current_ofs(
-                       lock_timeout/1000,
-                       (lock_timeout % 1000) * 1000);
+               blr->expire_time = timeval_current_ofs_msec(lock_timeout);
         }
  
         blr->lock_num = lock_num;
-       blr->lock_pid = lock_pid;
-       blr->blocking_pid = blocking_pid;
+       blr->smblctx = smblctx;
+       blr->blocking_smblctx = blocking_smblctx;
         blr->lock_flav = lock_flav;
         blr->lock_type = lock_type;
         blr->offset = offset;
@@ -638,10 +637,10 @@ bool push_blocking_lock_request_smb2( struct byte_range_lock *br_lck,
         blr->blr_private = NULL;
  
         /* Add a pending lock record for this. */
-       status = brl_lock(smbd_messaging_context(),
+       status = brl_lock(sconn->msg_ctx,
                         br_lck,
-                       lock_pid,
-                       procid_self(),
+                       smblctx,
+                       sconn_server_id(sconn),
                         offset,
                         count,
                         lock_type == READ_LOCK ? PENDING_READ_LOCK : PENDING_WRITE_LOCK,
@@ -666,7 +665,7 @@ bool push_blocking_lock_request_smb2( struct byte_range_lock *br_lck,
  
         /* Ensure we'll receive messages when this is unlocked. */
         if (!sconn->smb2.locks.blocking_lock_unlock_state) {
-               messaging_register(smbd_messaging_context(), NULL,
+               messaging_register(sconn->msg_ctx, NULL,
                                 MSG_SMB_UNLOCK, received_unlock_msg);
                 sconn->smb2.locks.blocking_lock_unlock_state = true;
          }
@@ -681,23 +680,38 @@ bool push_blocking_lock_request_smb2( struct byte_range_lock *br_lck,
   Remove a pending lock record under lock.
  *****************************************************************/
  
-static void remove_pending_lock(TALLOC_CTX *mem_ctx, struct blocking_lock_record *blr)
+static void remove_pending_lock(struct smbd_smb2_lock_state *state,
+                       struct blocking_lock_record *blr)
  {
+       int i;
         struct byte_range_lock *br_lck = brl_get_locks(
-                               mem_ctx, blr->fsp);
+                               state, blr->fsp);
  
         DEBUG(10, ("remove_pending_lock: BLR = %p\n", blr));
  
         if (br_lck) {
                 brl_lock_cancel(br_lck,
-                               blr->lock_pid,
-                               procid_self(),
+                               blr->smblctx,
+                               sconn_server_id(blr->fsp->conn->sconn),
                                 blr->offset,
                                 blr->count,
                                 blr->lock_flav,
                                 blr);
                 TALLOC_FREE(br_lck);
         }
+
+       /* Remove the locks we already got. */
+
+       for(i = blr->lock_num - 1; i >= 0; i--) {
+               struct smbd_lock_element *e = &state->locks[i];
+
+               do_unlock(blr->fsp->conn->sconn->msg_ctx,
+                       blr->fsp,
+                       e->smblctx,
+                       e->count,
+                       e->offset,
+                       WINDOWS_LOCK);
+       }
  }
  
  /****************************************************************
@@ -708,7 +722,7 @@ static void remove_pending_lock(TALLOC_CTX *mem_ctx, struct blocking_lock_record
  static void reprocess_blocked_smb2_lock(struct smbd_smb2_request *smb2req,
                                 struct timeval tv_curr)
  {
-       NTSTATUS status;
+       NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
         struct blocking_lock_record *blr = NULL;
         struct smbd_smb2_lock_state *state = NULL;
         files_struct *fsp = NULL;
@@ -730,16 +744,16 @@ static void reprocess_blocked_smb2_lock(struct smbd_smb2_request *smb2req,
                 struct byte_range_lock *br_lck = NULL;
                 struct smbd_lock_element *e = &state->locks[blr->lock_num];
  
-               br_lck = do_lock(smbd_messaging_context(),
+               br_lck = do_lock(fsp->conn->sconn->msg_ctx,
                                 fsp,
-                               e->smbpid,
+                               e->smblctx,
                                 e->count,
                                 e->offset,
                                 e->brltype,
                                 WINDOWS_LOCK,
                                 true,
                                 &status,
-                               &blr->blocking_pid,
+                               &blr->blocking_smblctx,
                                 blr);
  
                 TALLOC_FREE(br_lck);
@@ -807,9 +821,9 @@ static void reprocess_blocked_smb2_lock(struct smbd_smb2_request *smb2req,
   the request queue.
  *****************************************************************/
  
-void process_blocking_lock_queue_smb2(struct timeval tv_curr)
+void process_blocking_lock_queue_smb2(
+       struct smbd_server_connection *sconn, struct timeval tv_curr)
  {
-       struct smbd_server_connection *sconn = smbd_server_conn;
         struct smbd_smb2_request *smb2req, *nextreq;
  
         for (smb2req = sconn->smb2.requests; smb2req; smb2req = nextreq) {
@@ -840,9 +854,10 @@ void process_blocking_lock_queue_smb2(struct timeval tv_curr)
  ****************************************************************************/
  
  void cancel_pending_lock_requests_by_fid_smb2(files_struct *fsp,
-                       struct byte_range_lock *br_lck)
+                       struct byte_range_lock *br_lck,
+                       enum file_close_type close_type)
  {
-       struct smbd_server_connection *sconn = smbd_server_conn;
+       struct smbd_server_connection *sconn = fsp->conn->sconn;
         struct smbd_smb2_request *smb2req, *nextreq;
  
         for (smb2req = sconn->smb2.requests; smb2req; smb2req = nextreq) {
@@ -896,14 +911,19 @@ void cancel_pending_lock_requests_by_fid_smb2(files_struct *fsp,
  
                 /* Remove the entries from the lock db. */
                 brl_lock_cancel(br_lck,
-                               blr->lock_pid,
-                               procid_self(),
+                               blr->smblctx,
+                               sconn_server_id(sconn),
                                 blr->offset,
                                 blr->count,
                                 blr->lock_flav,
                                 blr);
  
                 /* Finally end the request. */
-               tevent_req_nterror(smb2req->subreq, NT_STATUS_RANGE_NOT_LOCKED);
+               if (close_type == SHUTDOWN_CLOSE) {
+                       tevent_req_done(smb2req->subreq);
+               } else {
+                       tevent_req_nterror(smb2req->subreq,
+                               NT_STATUS_RANGE_NOT_LOCKED);
+               }
         }
  }