2 Unix SMB2 implementation.
4 Copyright (C) Stefan Metzmacher 2005
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "libcli/smb2/smb2.h"
22 #include "libcli/smb2/smb2_calls.h"
23 #include "smb_server/smb_server.h"
24 #include "smb_server/service_smb_proto.h"
25 #include "smb_server/smb2/smb2_server.h"
26 #include "librpc/gen_ndr/security.h"
27 #include "smbd/service_stream.h"
28 #include "ntvfs/ntvfs.h"
31 send an oplock break request to a client
33 static NTSTATUS smb2srv_send_oplock_break(void *p, struct ntvfs_handle *h, uint8_t level)
35 struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
36 struct smbsrv_handle);
37 struct smb2srv_request *req;
40 /* setup a dummy request structure */
41 req = smb2srv_init_request(handle->tcon->smb_conn);
42 NT_STATUS_HAVE_NO_MEMORY(req);
44 req->in.buffer = talloc_size(req, NBT_HDR_SIZE + SMB2_MIN_SIZE);
45 NT_STATUS_HAVE_NO_MEMORY(req->in.buffer);
46 req->in.size = NBT_HDR_SIZE + SMB2_MIN_SIZE;
47 req->in.allocated = req->in.size;
49 req->in.hdr = req->in.buffer+ NBT_HDR_SIZE;
50 req->in.body = req->in.hdr + SMB2_HDR_BODY;
51 req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
52 req->in.dynamic = NULL;
54 req->seqnum = UINT64_MAX;
56 SIVAL(req->in.hdr, 0, SMB2_MAGIC);
57 SSVAL(req->in.hdr, SMB2_HDR_LENGTH, SMB2_HDR_BODY);
58 SSVAL(req->in.hdr, SMB2_HDR_PAD1, 0);
59 SIVAL(req->in.hdr, SMB2_HDR_STATUS, 0);
60 SSVAL(req->in.hdr, SMB2_HDR_OPCODE, SMB2_OP_BREAK);
61 SSVAL(req->in.hdr, SMB2_HDR_UNKNOWN1, 0);
62 SIVAL(req->in.hdr, SMB2_HDR_FLAGS, 0);
63 SIVAL(req->in.hdr, SMB2_HDR_CHAIN_OFFSET, 0);
64 SBVAL(req->in.hdr, SMB2_HDR_SEQNUM, 0);
65 SIVAL(req->in.hdr, SMB2_HDR_PID, 0);
66 SIVAL(req->in.hdr, SMB2_HDR_TID, 0);
67 SBVAL(req->in.hdr, SMB2_HDR_UID, 0);
68 memset(req->in.hdr+SMB2_HDR_SIG, 0, 16);
70 SSVAL(req->in.body, 0, 2);
72 status = smb2srv_setup_reply(req, 0x18, False, 0);
73 NT_STATUS_NOT_OK_RETURN(status);
75 SSVAL(req->out.hdr, SMB2_HDR_UNKNOWN1, 0x0000);
77 SSVAL(req->out.body, 0x02, 0x0001);
78 SIVAL(req->out.body, 0x04, 0x00000000);
79 smb2srv_push_handle(req->out.body, 0x08, h);
81 smb2srv_send_reply(req);
86 struct ntvfs_handle *smb2srv_pull_handle(struct smb2srv_request *req, const uint8_t *base, uint_t offset)
88 struct smbsrv_tcon *tcon;
89 struct smbsrv_handle *handle;
95 * if there're chained requests used the cached handle
97 * TODO: check if this also correct when the given handle
100 if (req->chained_file_handle) {
101 base = req->chained_file_handle;
105 hid = IVAL(base, offset);
106 tid = IVAL(base, offset + 4);
107 uid = BVAL(base, offset + 8);
109 /* if it's the wildcard handle, don't waste time to search it... */
110 if (hid == UINT32_MAX && tid == UINT32_MAX && uid == UINT64_MAX) {
115 * if the (v)uid part doesn't match the given session the handle isn't
118 if (uid != req->session->vuid) {
123 * the handle can belong to a different tcon
124 * as that TID in the SMB2 header says, but
125 * the request should succeed nevertheless!
127 * because of this we put the 32 bit TID into the
128 * 128 bit handle, so that we can extract the tcon from the
132 if (tid != req->tcon->tid) {
133 tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
139 handle = smbsrv_smb2_handle_find(tcon, hid, req->request_time);
145 * as the smb2srv_tcon is a child object of the smb2srv_session
146 * the handle belongs to the correct session!
148 * Note: no check is needed here for SMB2
152 * as the handle may have overwritten the tcon
153 * we need to set it on the request so that the
154 * correct ntvfs context will be used for the ntvfs_*() request
156 * TODO: check if that's correct for chained requests as well!
159 return handle->ntvfs;
162 void smb2srv_push_handle(uint8_t *base, uint_t offset, struct ntvfs_handle *ntvfs)
164 struct smbsrv_handle *handle = talloc_get_type(ntvfs->frontend_data.private_data,
165 struct smbsrv_handle);
168 * the handle is 128 bit on the wire
170 SIVAL(base, offset, handle->hid);
171 SIVAL(base, offset + 4, handle->tcon->tid);
172 SBVAL(base, offset + 8, handle->session->vuid);
175 static NTSTATUS smb2srv_handle_create_new(void *private_data, struct ntvfs_request *ntvfs, struct ntvfs_handle **_h)
177 struct smb2srv_request *req = talloc_get_type(ntvfs->frontend_data.private_data,
178 struct smb2srv_request);
179 struct smbsrv_handle *handle;
180 struct ntvfs_handle *h;
182 handle = smbsrv_handle_new(req->session, req->tcon, req, req->request_time);
183 if (!handle) return NT_STATUS_INSUFFICIENT_RESOURCES;
185 h = talloc_zero(handle, struct ntvfs_handle);
189 * note: we don't set handle->ntvfs yet,
190 * this will be done by smbsrv_handle_make_valid()
191 * this makes sure the handle is invalid for clients
192 * until the ntvfs subsystem has made it valid
195 h->session_info = ntvfs->session_info;
196 h->smbpid = ntvfs->smbpid;
198 h->frontend_data.private_data = handle;
204 return NT_STATUS_NO_MEMORY;
207 static NTSTATUS smb2srv_handle_make_valid(void *private_data, struct ntvfs_handle *h)
209 struct smbsrv_tcon *tcon = talloc_get_type(private_data, struct smbsrv_tcon);
210 struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
211 struct smbsrv_handle);
212 /* this tells the frontend that the handle is valid */
214 /* this moves the smbsrv_request to the smbsrv_tcon memory context */
215 talloc_steal(tcon, handle);
219 static void smb2srv_handle_destroy(void *private_data, struct ntvfs_handle *h)
221 struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
222 struct smbsrv_handle);
226 static struct ntvfs_handle *smb2srv_handle_search_by_wire_key(void *private_data, struct ntvfs_request *ntvfs, const DATA_BLOB *key)
231 static DATA_BLOB smb2srv_handle_get_wire_key(void *private_data, struct ntvfs_handle *handle, TALLOC_CTX *mem_ctx)
233 return data_blob(NULL, 0);
236 static NTSTATUS smb2srv_tcon_backend(struct smb2srv_request *req, union smb_tcon *io)
238 struct smbsrv_tcon *tcon;
240 enum ntvfs_type type;
243 const char *service = io->smb2.in.path;
244 struct share_config *scfg;
245 const char *sharetype;
247 if (strncmp(service, "\\\\", 2) == 0) {
248 const char *p = strchr(service+2, '\\');
254 status = share_get_config(req, req->smb_conn->share_context, service, &scfg);
255 if (!NT_STATUS_IS_OK(status)) {
256 DEBUG(0,("smb2srv_tcon_backend: couldn't find service %s\n", service));
257 return NT_STATUS_BAD_NETWORK_NAME;
260 if (!socket_check_access(req->smb_conn->connection->socket,
262 share_string_list_option(req, scfg, SHARE_HOSTS_ALLOW),
263 share_string_list_option(req, scfg, SHARE_HOSTS_DENY))) {
264 return NT_STATUS_ACCESS_DENIED;
267 /* work out what sort of connection this is */
268 sharetype = share_string_option(scfg, SHARE_TYPE, "DISK");
269 if (sharetype && strcmp(sharetype, "IPC") == 0) {
272 unknown2 = 0x00000030;
273 } else if (sharetype && strcmp(sharetype, "PRINTER") == 0) {
276 unknown2 = 0x00000000;
280 unknown2 = 0x00000800;
283 tcon = smbsrv_smb2_tcon_new(req->session, scfg->name);
285 DEBUG(0,("smb2srv_tcon_backend: Couldn't find free connection.\n"));
286 return NT_STATUS_INSUFFICIENT_RESOURCES;
290 /* init ntvfs function pointers */
291 status = ntvfs_init_connection(tcon, scfg, type,
292 req->smb_conn->negotiate.protocol,
293 req->smb_conn->connection->event.ctx,
294 req->smb_conn->connection->msg_ctx,
295 req->smb_conn->connection->server_id,
297 if (!NT_STATUS_IS_OK(status)) {
298 DEBUG(0, ("smb2srv_tcon_backend: ntvfs_init_connection failed for service %s\n",
303 status = ntvfs_set_oplock_handler(tcon->ntvfs, smb2srv_send_oplock_break, tcon);
304 if (!NT_STATUS_IS_OK(status)) {
305 DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the oplock handler!\n"));
309 status = ntvfs_set_addr_callbacks(tcon->ntvfs, smbsrv_get_my_addr, smbsrv_get_peer_addr, req->smb_conn);
310 if (!NT_STATUS_IS_OK(status)) {
311 DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the addr callbacks!\n"));
315 status = ntvfs_set_handle_callbacks(tcon->ntvfs,
316 smb2srv_handle_create_new,
317 smb2srv_handle_make_valid,
318 smb2srv_handle_destroy,
319 smb2srv_handle_search_by_wire_key,
320 smb2srv_handle_get_wire_key,
322 if (!NT_STATUS_IS_OK(status)) {
323 DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the handle callbacks!\n"));
327 req->ntvfs = ntvfs_request_create(req->tcon->ntvfs, req,
328 req->session->session_info,
329 0, /* TODO: fill in PID */
333 status = NT_STATUS_NO_MEMORY;
337 /* Invoke NTVFS connection hook */
338 status = ntvfs_connect(req->ntvfs, scfg->name);
339 if (!NT_STATUS_IS_OK(status)) {
340 DEBUG(0,("smb2srv_tcon_backend: NTVFS ntvfs_connect() failed!\n"));
344 io->smb2.out.unknown1 = type_smb2; /* 1 - DISK, 2 - Print, 3 - IPC */
345 io->smb2.out.unknown2 = unknown2;
346 io->smb2.out.unknown3 = 0x00000000;
347 io->smb2.out.access_mask= SEC_RIGHTS_FILE_ALL;
349 io->smb2.out.tid = tcon->tid;
359 static void smb2srv_tcon_send(struct smb2srv_request *req, union smb_tcon *io)
363 if (!NT_STATUS_IS_OK(req->status)) {
364 smb2srv_send_error(req, req->status);
367 if (io->smb2.out.unknown1 == 0x0002) {
368 /* if it's an IPC share vista returns 0x0005 */
374 SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x10, False, 0));
376 SIVAL(req->out.hdr, SMB2_HDR_TID, io->smb2.out.tid);
377 SSVAL(req->out.hdr, SMB2_HDR_UNKNOWN1,unknown1);
379 SSVAL(req->out.body, 0x02, io->smb2.out.unknown1);
380 SIVAL(req->out.body, 0x04, io->smb2.out.unknown2);
381 SIVAL(req->out.body, 0x08, io->smb2.out.unknown3);
382 SIVAL(req->out.body, 0x0C, io->smb2.out.access_mask);
384 smb2srv_send_reply(req);
387 void smb2srv_tcon_recv(struct smb2srv_request *req)
391 SMB2SRV_CHECK_BODY_SIZE(req, 0x08, True);
392 SMB2SRV_TALLOC_IO_PTR(io, union smb_tcon);
394 io->smb2.level = RAW_TCON_SMB2;
395 io->smb2.in.unknown1 = SVAL(req->in.body, 0x02);
396 SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, io, req->in.body+0x04, &io->smb2.in.path));
398 req->status = smb2srv_tcon_backend(req, io);
400 if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
404 smb2srv_tcon_send(req, io);
407 static NTSTATUS smb2srv_tdis_backend(struct smb2srv_request *req)
409 /* TODO: call ntvfs backends to close file of this tcon */
410 talloc_free(req->tcon);
415 static void smb2srv_tdis_send(struct smb2srv_request *req)
419 if (NT_STATUS_IS_ERR(req->status)) {
420 smb2srv_send_error(req, req->status);
424 status = smb2srv_setup_reply(req, 0x04, False, 0);
425 if (!NT_STATUS_IS_OK(status)) {
426 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
431 SSVAL(req->out.body, 0x02, 0);
433 smb2srv_send_reply(req);
436 void smb2srv_tdis_recv(struct smb2srv_request *req)
440 SMB2SRV_CHECK_BODY_SIZE(req, 0x04, False);
442 _pad = SVAL(req->in.body, 0x02);
444 req->status = smb2srv_tdis_backend(req);
446 if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
450 smb2srv_tdis_send(req);