2 Unix SMB/CIFS implementation.
3 NT transaction handling
4 Copyright (C) Andrew Tridgell 2003
5 Copyright (C) James J Myers 2003 <myersjj@samba.org>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 This file handles the parsing of transact2 requests
26 #include "smb_server/smb_server.h"
27 #include "ntvfs/ntvfs.h"
28 #include "libcli/raw/libcliraw.h"
31 hold the state of a nttrans op while in progress. Needed to allow for async backend
35 struct smb_nttrans *trans;
36 NTSTATUS (*send_fn)(struct nttrans_op *);
41 /* setup a nttrans reply, given the data and params sizes */
42 static void nttrans_setup_reply(struct smbsrv_request *req,
43 struct smb_nttrans *trans,
44 uint16_t param_size, uint16_t data_size,
47 trans->out.setup_count = setup_count;
48 if (setup_count != 0) {
49 trans->out.setup = talloc_zero_array(req, uint16_t, setup_count);
51 trans->out.params = data_blob_talloc(req, NULL, param_size);
52 trans->out.data = data_blob_talloc(req, NULL, data_size);
56 send a nttrans create reply
58 static NTSTATUS nttrans_create_send(struct nttrans_op *op)
60 union smb_open *io = talloc_get_type(op->op_info, union smb_open);
63 op->trans->out.setup_count = 0;
64 op->trans->out.setup = NULL;
65 op->trans->out.params = data_blob_talloc(op, NULL, 69);
66 op->trans->out.data = data_blob(NULL, 0);
68 params = op->trans->out.params.data;
69 NT_STATUS_HAVE_NO_MEMORY(params);
71 SSVAL(params, 0, io->ntcreatex.out.oplock_level);
72 SSVAL(params, 2, io->ntcreatex.out.fnum);
73 SIVAL(params, 4, io->ntcreatex.out.create_action);
74 SIVAL(params, 8, 0); /* ea error offset */
75 push_nttime(params, 12, io->ntcreatex.out.create_time);
76 push_nttime(params, 20, io->ntcreatex.out.access_time);
77 push_nttime(params, 28, io->ntcreatex.out.write_time);
78 push_nttime(params, 36, io->ntcreatex.out.change_time);
79 SIVAL(params, 44, io->ntcreatex.out.attrib);
80 SBVAL(params, 48, io->ntcreatex.out.alloc_size);
81 SBVAL(params, 56, io->ntcreatex.out.size);
82 SSVAL(params, 64, io->ntcreatex.out.file_type);
83 SSVAL(params, 66, io->ntcreatex.out.ipc_state);
84 SCVAL(params, 68, io->ntcreatex.out.is_directory);
90 parse NTTRANS_CREATE request
92 static NTSTATUS nttrans_create(struct smbsrv_request *req,
93 struct nttrans_op *op)
95 struct smb_nttrans *trans = op->trans;
98 uint32_t sd_length, ea_length;
102 if (trans->in.params.length < 54) {
103 return NT_STATUS_INVALID_PARAMETER;
106 /* parse the request */
107 io = talloc(op, union smb_open);
108 NT_STATUS_HAVE_NO_MEMORY(io);
110 io->ntcreatex.level = RAW_OPEN_NTTRANS_CREATE;
112 params = trans->in.params.data;
114 io->ntcreatex.in.flags = IVAL(params, 0);
115 io->ntcreatex.in.root_fid = IVAL(params, 4);
116 io->ntcreatex.in.access_mask = IVAL(params, 8);
117 io->ntcreatex.in.alloc_size = BVAL(params, 12);
118 io->ntcreatex.in.file_attr = IVAL(params, 20);
119 io->ntcreatex.in.share_access = IVAL(params, 24);
120 io->ntcreatex.in.open_disposition = IVAL(params, 28);
121 io->ntcreatex.in.create_options = IVAL(params, 32);
122 sd_length = IVAL(params, 36);
123 ea_length = IVAL(params, 40);
124 fname_len = IVAL(params, 44);
125 io->ntcreatex.in.impersonation = IVAL(params, 48);
126 io->ntcreatex.in.security_flags = CVAL(params, 52);
127 io->ntcreatex.in.sec_desc = NULL;
128 io->ntcreatex.in.ea_list = NULL;
130 req_pull_string(req, &io->ntcreatex.in.fname,
132 trans->in.params.length - 54,
133 STR_NO_RANGE_CHECK | STR_TERMINATE);
134 if (!io->ntcreatex.in.fname) {
135 return NT_STATUS_INVALID_PARAMETER;
138 if (sd_length > trans->in.data.length ||
139 ea_length > trans->in.data.length ||
140 (sd_length+ea_length) > trans->in.data.length) {
141 return NT_STATUS_INVALID_PARAMETER;
144 /* this call has an optional security descriptor */
145 if (sd_length != 0) {
147 blob.data = trans->in.data.data;
148 blob.length = sd_length;
149 io->ntcreatex.in.sec_desc = talloc(io, struct security_descriptor);
150 if (io->ntcreatex.in.sec_desc == NULL) {
151 return NT_STATUS_NO_MEMORY;
153 status = ndr_pull_struct_blob(&blob, io,
154 io->ntcreatex.in.sec_desc,
155 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
156 if (!NT_STATUS_IS_OK(status)) {
161 /* and an optional ea_list */
164 blob.data = trans->in.data.data + sd_length;
165 blob.length = ea_length;
166 io->ntcreatex.in.ea_list = talloc(io, struct smb_ea_list);
167 if (io->ntcreatex.in.ea_list == NULL) {
168 return NT_STATUS_NO_MEMORY;
171 status = ea_pull_list_chained(&blob, io,
172 &io->ntcreatex.in.ea_list->num_eas,
173 &io->ntcreatex.in.ea_list->eas);
174 if (!NT_STATUS_IS_OK(status)) {
179 op->send_fn = nttrans_create_send;
182 return ntvfs_openfile(req, io);
187 send NTTRANS_QUERY_SEC_DESC reply
189 static NTSTATUS nttrans_query_sec_desc_send(struct nttrans_op *op)
191 struct smb_nttrans *trans = op->trans;
192 union smb_fileinfo *io = talloc_get_type(op->op_info, union smb_fileinfo);
195 trans->out.setup_count = 0;
196 trans->out.setup = NULL;
197 trans->out.params = data_blob_talloc(op, NULL, 4);
198 trans->out.data = data_blob(NULL, 0);
199 NT_STATUS_HAVE_NO_MEMORY(trans->out.params.data);
201 status = ndr_push_struct_blob(&trans->out.data, op,
202 io->query_secdesc.out.sd,
203 (ndr_push_flags_fn_t)ndr_push_security_descriptor);
204 NT_STATUS_NOT_OK_RETURN(status);
206 SIVAL(trans->out.params.data, 0, trans->out.data.length);
212 parse NTTRANS_QUERY_SEC_DESC request
214 static NTSTATUS nttrans_query_sec_desc(struct smbsrv_request *req,
215 struct nttrans_op *op)
217 struct smb_nttrans *trans = op->trans;
218 union smb_fileinfo *io;
220 if (trans->in.params.length < 8) {
221 return NT_STATUS_INVALID_PARAMETER;
224 /* parse the request */
225 io = talloc(op, union smb_fileinfo);
226 NT_STATUS_HAVE_NO_MEMORY(io);
228 io->query_secdesc.level = RAW_FILEINFO_SEC_DESC;
229 io->query_secdesc.in.fnum = SVAL(trans->in.params.data, 0);
230 io->query_secdesc.secinfo_flags = IVAL(trans->in.params.data, 4);
233 op->send_fn = nttrans_query_sec_desc_send;
235 return ntvfs_qfileinfo(req, io);
240 parse NTTRANS_SET_SEC_DESC request
242 static NTSTATUS nttrans_set_sec_desc(struct smbsrv_request *req,
243 struct nttrans_op *op)
245 struct smb_nttrans *trans = op->trans;
246 union smb_setfileinfo *io;
249 if (trans->in.params.length < 8) {
250 return NT_STATUS_INVALID_PARAMETER;
253 /* parse the request */
254 io = talloc(req, union smb_setfileinfo);
255 NT_STATUS_HAVE_NO_MEMORY(io);
257 io->set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
258 io->set_secdesc.file.fnum = SVAL(trans->in.params.data, 0);
259 io->set_secdesc.in.secinfo_flags = IVAL(trans->in.params.data, 4);
261 io->set_secdesc.in.sd = talloc(io, struct security_descriptor);
262 NT_STATUS_HAVE_NO_MEMORY(io->set_secdesc.in.sd);
264 status = ndr_pull_struct_blob(&trans->in.data, req,
265 io->set_secdesc.in.sd,
266 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
267 NT_STATUS_NOT_OK_RETURN(status);
269 trans->out.setup_count = 0;
270 trans->out.setup = NULL;
271 trans->out.params = data_blob(NULL, 0);
272 trans->out.data = data_blob(NULL, 0);
274 return ntvfs_setfileinfo(req, io);
278 /* parse NTTRANS_RENAME request
280 static NTSTATUS nttrans_rename(struct smbsrv_request *req,
281 struct nttrans_op *op)
283 return NT_STATUS_NOT_IMPLEMENTED;
287 parse NTTRANS_IOCTL request
289 static NTSTATUS nttrans_ioctl(struct smbsrv_request *req,
290 struct nttrans_op *op)
292 struct smb_nttrans *trans = op->trans;
300 /* should have at least 4 setup words */
301 if (trans->in.setup_count != 4) {
302 return NT_STATUS_INVALID_PARAMETER;
305 nt = talloc(op, union smb_ioctl);
306 NT_STATUS_HAVE_NO_MEMORY(nt);
308 function = IVAL(trans->in.setup, 0);
309 fnum = SVAL(trans->in.setup, 4);
310 fsctl = CVAL(trans->in.setup, 6);
311 filter = CVAL(trans->in.setup, 7);
313 blob = &trans->in.data;
315 nt->ntioctl.level = RAW_IOCTL_NTIOCTL;
316 nt->ntioctl.in.fnum = fnum;
317 nt->ntioctl.in.function = function;
318 nt->ntioctl.in.fsctl = fsctl;
319 nt->ntioctl.in.filter = filter;
321 nttrans_setup_reply(req, trans, 0, 0, 1);
322 trans->out.setup[0] = 0;
324 return ntvfs_ioctl(req, nt);
329 send NTTRANS_NOTIFY_CHANGE reply
331 static NTSTATUS nttrans_notify_change_send(struct nttrans_op *op)
333 return NT_STATUS_NOT_IMPLEMENTED;
337 parse NTTRANS_NOTIFY_CHANGE request
339 static NTSTATUS nttrans_notify_change(struct smbsrv_request *req,
340 struct nttrans_op *op)
342 struct smb_nttrans *trans = op->trans;
343 struct smb_notify *info;
345 /* should have at least 4 setup words */
346 if (trans->in.setup_count != 4) {
347 return NT_STATUS_INVALID_PARAMETER;
350 info = talloc(op, struct smb_notify);
351 NT_STATUS_HAVE_NO_MEMORY(info);
353 info->in.completion_filter = IVAL(trans->in.setup, 0);
354 info->in.fnum = SVAL(trans->in.setup, 4);
355 info->in.recursive = SVAL(trans->in.setup, 6);
356 info->in.buffer_size = trans->in.max_param;
359 op->send_fn = nttrans_notify_change_send;
361 return ntvfs_notify(req, info);
365 backend for nttrans requests
367 static NTSTATUS nttrans_backend(struct smbsrv_request *req,
368 struct nttrans_op *op)
370 /* the nttrans command is in function */
371 switch (op->trans->in.function) {
372 case NT_TRANSACT_CREATE:
373 return nttrans_create(req, op);
374 case NT_TRANSACT_IOCTL:
375 return nttrans_ioctl(req, op);
376 case NT_TRANSACT_RENAME:
377 return nttrans_rename(req, op);
378 case NT_TRANSACT_QUERY_SECURITY_DESC:
379 return nttrans_query_sec_desc(req, op);
380 case NT_TRANSACT_SET_SECURITY_DESC:
381 return nttrans_set_sec_desc(req, op);
382 case NT_TRANSACT_NOTIFY_CHANGE:
383 return nttrans_notify_change(req, op);
386 /* an unknown nttrans command */
387 return NT_STATUS_DOS(ERRSRV, ERRerror);
391 static void reply_nttrans_send(struct smbsrv_request *req)
393 uint16_t params_left, data_left;
394 uint8_t *params, *data;
395 struct smb_nttrans *trans;
396 struct nttrans_op *op;
398 if (!NT_STATUS_IS_OK(req->async_states->status)) {
399 smbsrv_send_error(req, req->async_states->status);
403 op = talloc_get_type(req->async_states->private_data, struct nttrans_op);
406 /* if this function needs work to form the nttrans reply buffer, then
408 if (op->send_fn != NULL) {
410 status = op->send_fn(op);
411 if (!NT_STATUS_IS_OK(status)) {
412 smbsrv_send_error(req, status);
417 /* note that we don't check the max_setup count (matching w2k3
420 if (trans->out.params.length > trans->in.max_param) {
421 smbsrv_setup_error(req, NT_STATUS_BUFFER_TOO_SMALL);
422 trans->out.params.length = trans->in.max_param;
424 if (trans->out.data.length > trans->in.max_data) {
425 smbsrv_setup_error(req, NT_STATUS_BUFFER_TOO_SMALL);
426 trans->out.data.length = trans->in.max_data;
429 params_left = trans->out.params.length;
430 data_left = trans->out.data.length;
431 params = trans->out.params.data;
432 data = trans->out.data.data;
434 smbsrv_setup_reply(req, 18 + trans->out.setup_count, 0);
436 /* we need to divide up the reply into chunks that fit into
437 the negotiated buffer size */
439 uint16_t this_data, this_param, max_bytes;
440 uint_t align1 = 1, align2 = (params_left ? 2 : 0);
441 struct smbsrv_request *this_req;
444 max_bytes = req_max_data(req) - (align1 + align2);
446 this_param = params_left;
447 if (this_param > max_bytes) {
448 this_param = max_bytes;
450 max_bytes -= this_param;
452 this_data = data_left;
453 if (this_data > max_bytes) {
454 this_data = max_bytes;
457 /* don't destroy unless this is the last chunk */
458 if (params_left - this_param != 0 ||
459 data_left - this_data != 0) {
460 this_req = smbsrv_setup_secondary_request(req);
465 req_grow_data(req, this_param + this_data + (align1 + align2));
467 SSVAL(this_req->out.vwv, 0, 0); /* reserved */
468 SCVAL(this_req->out.vwv, 2, 0); /* reserved */
469 SIVAL(this_req->out.vwv, 3, trans->out.params.length);
470 SIVAL(this_req->out.vwv, 7, trans->out.data.length);
472 SIVAL(this_req->out.vwv, 11, this_param);
473 SIVAL(this_req->out.vwv, 15, align1 + PTR_DIFF(this_req->out.data, this_req->out.hdr));
474 SIVAL(this_req->out.vwv, 19, PTR_DIFF(params, trans->out.params.data));
476 SIVAL(this_req->out.vwv, 23, this_data);
477 SIVAL(this_req->out.vwv, 27, align1 + align2 +
478 PTR_DIFF(this_req->out.data + this_param, this_req->out.hdr));
479 SIVAL(this_req->out.vwv, 31, PTR_DIFF(data, trans->out.data.data));
481 SCVAL(this_req->out.vwv, 35, trans->out.setup_count);
482 for (i=0;i<trans->out.setup_count;i++) {
483 SSVAL(this_req->out.vwv, VWV(18+i), trans->out.setup[i]);
486 memset(this_req->out.data, 0, align1);
487 if (this_param != 0) {
488 memcpy(this_req->out.data + align1, params, this_param);
490 memset(this_req->out.data+this_param+align1, 0, align2);
491 if (this_data != 0) {
492 memcpy(this_req->out.data+this_param+align1+align2,
496 params_left -= this_param;
497 data_left -= this_data;
498 params += this_param;
501 smbsrv_send_reply(this_req);
502 } while (params_left != 0 || data_left != 0);
506 /****************************************************************************
507 Reply to an SMBnttrans request
508 ****************************************************************************/
509 void smbsrv_reply_nttrans(struct smbsrv_request *req)
511 struct nttrans_op *op;
512 struct smb_nttrans *trans;
514 uint16_t param_ofs, data_ofs;
515 uint16_t param_count, data_count;
516 uint16_t param_total, data_total;
519 if (req->in.wct < 19) {
520 smbsrv_send_error(req, NT_STATUS_FOOBAR);
524 op = talloc(req, struct nttrans_op);
526 smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
530 trans = talloc(op, struct smb_nttrans);
532 smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
540 trans->in.max_setup = CVAL(req->in.vwv, 0);
541 param_total = IVAL(req->in.vwv, 3);
542 data_total = IVAL(req->in.vwv, 7);
543 trans->in.max_param = IVAL(req->in.vwv, 11);
544 trans->in.max_data = IVAL(req->in.vwv, 15);
545 param_count = IVAL(req->in.vwv, 19);
546 param_ofs = IVAL(req->in.vwv, 23);
547 data_count = IVAL(req->in.vwv, 27);
548 data_ofs = IVAL(req->in.vwv, 31);
549 trans->in.setup_count = CVAL(req->in.vwv, 35);
550 trans->in.function = SVAL(req->in.vwv, 36);
552 if (req->in.wct != 19 + trans->in.setup_count) {
553 smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
557 /* parse out the setup words */
558 trans->in.setup = talloc_array(req, uint16_t, trans->in.setup_count);
559 if (!trans->in.setup) {
560 smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
563 for (i=0;i<trans->in.setup_count;i++) {
564 trans->in.setup[i] = SVAL(req->in.vwv, VWV(19+i));
567 if (!req_pull_blob(req, req->in.hdr + param_ofs, param_count, &trans->in.params) ||
568 !req_pull_blob(req, req->in.hdr + data_ofs, data_count, &trans->in.data)) {
569 smbsrv_send_error(req, NT_STATUS_FOOBAR);
573 /* is it a partial request? if so, then send a 'send more' message */
574 if (param_total > param_count ||
575 data_total > data_count) {
576 DEBUG(0,("REWRITE: not handling partial nttrans requests!\n"));
580 req->async_states->state |= NTVFS_ASYNC_STATE_MAY_ASYNC;
581 req->async_states->send_fn = reply_nttrans_send;
582 req->async_states->private_data = op;
584 /* its a full request, give it to the backend */
585 req->async_states->status = nttrans_backend(req, op);
587 /* if the backend replied synchronously, then send now */
588 if (!(req->async_states->state & NTVFS_ASYNC_STATE_ASYNC)) {
589 req->async_states->send_fn(req);
594 /****************************************************************************
595 Reply to an SMBnttranss request
596 ****************************************************************************/
597 void smbsrv_reply_nttranss(struct smbsrv_request *req)
599 smbsrv_send_error(req, NT_STATUS_FOOBAR);
git.samba.org / samba.git / blob