source4/smb_server/smb2/tcon.c

   1 /*
   2    Unix SMB2 implementation.
   3
   4    Copyright (C) Stefan Metzmacher      2005
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "libcli/smb2/smb2.h"
  22 #include "libcli/smb2/smb2_calls.h"
  23 #include "smb_server/smb_server.h"
  24 #include "smb_server/service_smb_proto.h"
  25 #include "smb_server/smb2/smb2_server.h"
  26 #include "librpc/gen_ndr/security.h"
  27 #include "smbd/service_stream.h"
  28 #include "ntvfs/ntvfs.h"
  29
  30 /*
  31   send an oplock break request to a client
  32 */
  33 static NTSTATUS smb2srv_send_oplock_break(void *p, struct ntvfs_handle *h, uint8_t level)
  34 {
  35         struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
  36                                                        struct smbsrv_handle);
  37         struct smb2srv_request *req;
  38         NTSTATUS status;
  39
  40         /* setup a dummy request structure */
  41         req = smb2srv_init_request(handle->tcon->smb_conn);
  42         NT_STATUS_HAVE_NO_MEMORY(req);
  43
  44         req->in.buffer          = talloc_size(req, NBT_HDR_SIZE + SMB2_MIN_SIZE);
  45         NT_STATUS_HAVE_NO_MEMORY(req->in.buffer);
  46         req->in.size            = NBT_HDR_SIZE + SMB2_MIN_SIZE;
  47         req->in.allocated       = req->in.size;
  48
  49         req->in.hdr             = req->in.buffer+ NBT_HDR_SIZE;
  50         req->in.body            = req->in.hdr   + SMB2_HDR_BODY;
  51         req->in.body_size       = req->in.size  - (SMB2_HDR_BODY+NBT_HDR_SIZE);
  52         req->in.dynamic         = NULL;
  53
  54         req->seqnum             = UINT64_MAX;
  55
  56         SIVAL(req->in.hdr, 0,                           SMB2_MAGIC);
  57         SSVAL(req->in.hdr, SMB2_HDR_LENGTH,             SMB2_HDR_BODY);
  58         SSVAL(req->in.hdr, SMB2_HDR_PAD1,               0);
  59         SIVAL(req->in.hdr, SMB2_HDR_STATUS,             0);
  60         SSVAL(req->in.hdr, SMB2_HDR_OPCODE,             SMB2_OP_BREAK);
  61         SSVAL(req->in.hdr, SMB2_HDR_UNKNOWN1,           0);
  62         SIVAL(req->in.hdr, SMB2_HDR_FLAGS,              0);
  63         SIVAL(req->in.hdr, SMB2_HDR_CHAIN_OFFSET,       0);
  64         SBVAL(req->in.hdr, SMB2_HDR_SEQNUM,             0);
  65         SIVAL(req->in.hdr, SMB2_HDR_PID,                0);
  66         SIVAL(req->in.hdr, SMB2_HDR_TID,                0);
  67         SBVAL(req->in.hdr, SMB2_HDR_UID,                0);
  68         memset(req->in.hdr+SMB2_HDR_SIG, 0, 16);
  69
  70         SSVAL(req->in.body, 0, 2);
  71
  72         status = smb2srv_setup_reply(req, 0x18, False, 0);
  73         NT_STATUS_NOT_OK_RETURN(status);
  74
  75         SSVAL(req->out.hdr, SMB2_HDR_UNKNOWN1,  0x0000);
  76
  77         SSVAL(req->out.body, 0x02, 0x0001);
  78         SIVAL(req->out.body, 0x04, 0x00000000);
  79         smb2srv_push_handle(req->out.body, 0x08, h);
  80
  81         smb2srv_send_reply(req);
  82
  83         return NT_STATUS_OK;
  84 }
  85
  86 struct ntvfs_handle *smb2srv_pull_handle(struct smb2srv_request *req, const uint8_t *base, uint_t offset)
  87 {
  88         struct smbsrv_tcon *tcon;
  89         struct smbsrv_handle *handle;
  90         uint32_t hid;
  91         uint32_t tid;
  92         uint64_t uid;
  93
  94         /*
  95          * if there're chained requests used the cached handle
  96          *
  97          * TODO: check if this also correct when the given handle
  98          *       isn't all 0xFF.
  99          */
 100         if (req->chained_file_handle) {
 101                 base = req->chained_file_handle;
 102                 offset = 0;
 103         }
 104
 105         hid = IVAL(base, offset);
 106         tid = IVAL(base, offset + 4);
 107         uid = BVAL(base, offset + 8);
 108
 109         /* if it's the wildcard handle, don't waste time to search it... */
 110         if (hid == UINT32_MAX && tid == UINT32_MAX && uid == UINT64_MAX) {
 111                 return NULL;
 112         }
 113
 114         /*
 115          * if the (v)uid part doesn't match the given session the handle isn't
 116          * valid
 117          */
 118         if (uid != req->session->vuid) {
 119                 return NULL;
 120         }
 121
 122         /*
 123          * the handle can belong to a different tcon
 124          * as that TID in the SMB2 header says, but
 125          * the request should succeed nevertheless!
 126          *
 127          * because of this we put the 32 bit TID into the
 128          * 128 bit handle, so that we can extract the tcon from the
 129          * handle
 130          */
 131         tcon = req->tcon;
 132         if (tid != req->tcon->tid) {
 133                 tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
 134                 if (!tcon) {
 135                         return NULL;
 136                 }
 137         }
 138
 139         handle = smbsrv_smb2_handle_find(tcon, hid, req->request_time);
 140         if (!handle) {
 141                 return NULL;
 142         }
 143
 144         /*
 145          * as the smb2srv_tcon is a child object of the smb2srv_session
 146          * the handle belongs to the correct session!
 147          *
 148          * Note: no check is needed here for SMB2
 149          */
 150
 151         /*
 152          * as the handle may have overwritten the tcon
 153          * we need to set it on the request so that the
 154          * correct ntvfs context will be used for the ntvfs_*() request
 155          *
 156          * TODO: check if that's correct for chained requests as well!
 157          */
 158         req->tcon = tcon;
 159         return handle->ntvfs;
 160 }
 161
 162 void smb2srv_push_handle(uint8_t *base, uint_t offset, struct ntvfs_handle *ntvfs)
 163 {
 164         struct smbsrv_handle *handle = talloc_get_type(ntvfs->frontend_data.private_data,
 165                                        struct smbsrv_handle);
 166
 167         /*
 168          * the handle is 128 bit on the wire
 169          */
 170         SIVAL(base, offset,     handle->hid);
 171         SIVAL(base, offset + 4, handle->tcon->tid);
 172         SBVAL(base, offset + 8, handle->session->vuid);
 173 }
 174
 175 static NTSTATUS smb2srv_handle_create_new(void *private_data, struct ntvfs_request *ntvfs, struct ntvfs_handle **_h)
 176 {
 177         struct smb2srv_request *req = talloc_get_type(ntvfs->frontend_data.private_data,
 178                                       struct smb2srv_request);
 179         struct smbsrv_handle *handle;
 180         struct ntvfs_handle *h;
 181
 182         handle = smbsrv_handle_new(req->session, req->tcon, req, req->request_time);
 183         if (!handle) return NT_STATUS_INSUFFICIENT_RESOURCES;
 184
 185         h = talloc_zero(handle, struct ntvfs_handle);
 186         if (!h) goto nomem;
 187
 188         /*
 189          * note: we don't set handle->ntvfs yet,
 190          *       this will be done by smbsrv_handle_make_valid()
 191          *       this makes sure the handle is invalid for clients
 192          *       until the ntvfs subsystem has made it valid
 193          */
 194         h->ctx          = ntvfs->ctx;
 195         h->session_info = ntvfs->session_info;
 196         h->smbpid       = ntvfs->smbpid;
 197
 198         h->frontend_data.private_data = handle;
 199
 200         *_h = h;
 201         return NT_STATUS_OK;
 202 nomem:
 203         talloc_free(handle);
 204         return NT_STATUS_NO_MEMORY;
 205 }
 206
 207 static NTSTATUS smb2srv_handle_make_valid(void *private_data, struct ntvfs_handle *h)
 208 {
 209         struct smbsrv_tcon *tcon = talloc_get_type(private_data, struct smbsrv_tcon);
 210         struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
 211                                                        struct smbsrv_handle);
 212         /* this tells the frontend that the handle is valid */
 213         handle->ntvfs = h;
 214         /* this moves the smbsrv_request to the smbsrv_tcon memory context */
 215         talloc_steal(tcon, handle);
 216         return NT_STATUS_OK;
 217 }
 218
 219 static void smb2srv_handle_destroy(void *private_data, struct ntvfs_handle *h)
 220 {
 221         struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data,
 222                                                        struct smbsrv_handle);
 223         talloc_free(handle);
 224 }
 225
 226 static struct ntvfs_handle *smb2srv_handle_search_by_wire_key(void *private_data, struct ntvfs_request *ntvfs, const DATA_BLOB *key)
 227 {
 228         return NULL;
 229 }
 230
 231 static DATA_BLOB smb2srv_handle_get_wire_key(void *private_data, struct ntvfs_handle *handle, TALLOC_CTX *mem_ctx)
 232 {
 233         return data_blob(NULL, 0);
 234 }
 235
 236 static NTSTATUS smb2srv_tcon_backend(struct smb2srv_request *req, union smb_tcon *io)
 237 {
 238         struct smbsrv_tcon *tcon;
 239         NTSTATUS status;
 240         enum ntvfs_type type;
 241         uint16_t type_smb2;
 242         uint32_t unknown2;
 243         const char *service = io->smb2.in.path;
 244         struct share_config *scfg;
 245         const char *sharetype;
 246
 247         if (strncmp(service, "\\\\", 2) == 0) {
 248                 const char *p = strchr(service+2, '\\');
 249                 if (p) {
 250                         service = p + 1;
 251                 }
 252         }
 253
 254         status = share_get_config(req, req->smb_conn->share_context, service, &scfg);
 255         if (!NT_STATUS_IS_OK(status)) {
 256                 DEBUG(0,("smb2srv_tcon_backend: couldn't find service %s\n", service));
 257                 return NT_STATUS_BAD_NETWORK_NAME;
 258         }
 259
 260         if (!socket_check_access(req->smb_conn->connection->socket,
 261                                  scfg->name,
 262                                  share_string_list_option(req, scfg, SHARE_HOSTS_ALLOW),
 263                                  share_string_list_option(req, scfg, SHARE_HOSTS_DENY))) {
 264                 return NT_STATUS_ACCESS_DENIED;
 265         }
 266
 267         /* work out what sort of connection this is */
 268         sharetype = share_string_option(scfg, SHARE_TYPE, "DISK");
 269         if (sharetype && strcmp(sharetype, "IPC") == 0) {
 270                 type = NTVFS_IPC;
 271                 type_smb2 = 0x0002;
 272                 unknown2 = 0x00000030;
 273         } else if (sharetype && strcmp(sharetype, "PRINTER") == 0) {
 274                 type = NTVFS_PRINT;
 275                 type_smb2 = 0x0003;
 276                 unknown2 = 0x00000000;
 277         } else {
 278                 type = NTVFS_DISK;
 279                 type_smb2 = 0x0001;
 280                 unknown2 = 0x00000800;
 281         }
 282
 283         tcon = smbsrv_smb2_tcon_new(req->session, scfg->name);
 284         if (!tcon) {
 285                 DEBUG(0,("smb2srv_tcon_backend: Couldn't find free connection.\n"));
 286                 return NT_STATUS_INSUFFICIENT_RESOURCES;
 287         }
 288         req->tcon = tcon;
 289
 290         /* init ntvfs function pointers */
 291         status = ntvfs_init_connection(tcon, scfg, type,
 292                                        req->smb_conn->negotiate.protocol,
 293                                        req->smb_conn->connection->event.ctx,
 294                                        req->smb_conn->connection->msg_ctx,
 295                                        req->smb_conn->connection->server_id,
 296                                        &tcon->ntvfs);
 297         if (!NT_STATUS_IS_OK(status)) {
 298                 DEBUG(0, ("smb2srv_tcon_backend: ntvfs_init_connection failed for service %s\n",
 299                           scfg->name));
 300                 goto failed;
 301         }
 302
 303         status = ntvfs_set_oplock_handler(tcon->ntvfs, smb2srv_send_oplock_break, tcon);
 304         if (!NT_STATUS_IS_OK(status)) {
 305                 DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the oplock handler!\n"));
 306                 goto failed;
 307         }
 308
 309         status = ntvfs_set_addr_callbacks(tcon->ntvfs, smbsrv_get_my_addr, smbsrv_get_peer_addr, req->smb_conn);
 310         if (!NT_STATUS_IS_OK(status)) {
 311                 DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the addr callbacks!\n"));
 312                 goto failed;
 313         }
 314
 315         status = ntvfs_set_handle_callbacks(tcon->ntvfs,
 316                                             smb2srv_handle_create_new,
 317                                             smb2srv_handle_make_valid,
 318                                             smb2srv_handle_destroy,
 319                                             smb2srv_handle_search_by_wire_key,
 320                                             smb2srv_handle_get_wire_key,
 321                                             tcon);
 322         if (!NT_STATUS_IS_OK(status)) {
 323                 DEBUG(0,("smb2srv_tcon_backend: NTVFS failed to set the handle callbacks!\n"));
 324                 goto failed;
 325         }
 326
 327         req->ntvfs = ntvfs_request_create(req->tcon->ntvfs, req,
 328                                           req->session->session_info,
 329                                           0, /* TODO: fill in PID */
 330                                           req->request_time,
 331                                           req, NULL, 0);
 332         if (!req->ntvfs) {
 333                 status = NT_STATUS_NO_MEMORY;
 334                 goto failed;
 335         }
 336
 337         /* Invoke NTVFS connection hook */
 338         status = ntvfs_connect(req->ntvfs, scfg->name);
 339         if (!NT_STATUS_IS_OK(status)) {
 340                 DEBUG(0,("smb2srv_tcon_backend: NTVFS ntvfs_connect() failed!\n"));
 341                 goto failed;
 342         }
 343
 344         io->smb2.out.unknown1   = type_smb2; /* 1 - DISK, 2 - Print, 3 - IPC */
 345         io->smb2.out.unknown2   = unknown2;
 346         io->smb2.out.unknown3   = 0x00000000;
 347         io->smb2.out.access_mask= SEC_RIGHTS_FILE_ALL;
 348
 349         io->smb2.out.tid        = tcon->tid;
 350
 351         return NT_STATUS_OK;
 352
 353 failed:
 354         req->tcon = NULL;
 355         talloc_free(tcon);
 356         return status;
 357 }
 358
 359 static void smb2srv_tcon_send(struct smb2srv_request *req, union smb_tcon *io)
 360 {
 361         uint16_t unknown1;
 362
 363         if (!NT_STATUS_IS_OK(req->status)) {
 364                 smb2srv_send_error(req, req->status);
 365                 return;
 366         }
 367         if (io->smb2.out.unknown1 == 0x0002) {
 368                 /* if it's an IPC share vista returns 0x0005 */
 369                 unknown1 = 0x0005;
 370         } else {
 371                 unknown1 = 0x0001;
 372         }
 373
 374         SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x10, False, 0));
 375
 376         SIVAL(req->out.hdr,     SMB2_HDR_TID,   io->smb2.out.tid);
 377         SSVAL(req->out.hdr,     SMB2_HDR_UNKNOWN1,unknown1);
 378
 379         SSVAL(req->out.body,    0x02,           io->smb2.out.unknown1);
 380         SIVAL(req->out.body,    0x04,           io->smb2.out.unknown2);
 381         SIVAL(req->out.body,    0x08,           io->smb2.out.unknown3);
 382         SIVAL(req->out.body,    0x0C,           io->smb2.out.access_mask);
 383
 384         smb2srv_send_reply(req);
 385 }
 386
 387 void smb2srv_tcon_recv(struct smb2srv_request *req)
 388 {
 389         union smb_tcon *io;
 390
 391         SMB2SRV_CHECK_BODY_SIZE(req, 0x08, True);
 392         SMB2SRV_TALLOC_IO_PTR(io, union smb_tcon);
 393
 394         io->smb2.level          = RAW_TCON_SMB2;
 395         io->smb2.in.unknown1    = SVAL(req->in.body, 0x02);
 396         SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, io, req->in.body+0x04, &io->smb2.in.path));
 397
 398         req->status = smb2srv_tcon_backend(req, io);
 399
 400         if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
 401                 talloc_free(req);
 402                 return;
 403         }
 404         smb2srv_tcon_send(req, io);
 405 }
 406
 407 static NTSTATUS smb2srv_tdis_backend(struct smb2srv_request *req)
 408 {
 409         /* TODO: call ntvfs backends to close file of this tcon */
 410         talloc_free(req->tcon);
 411         req->tcon = NULL;
 412         return NT_STATUS_OK;
 413 }
 414
 415 static void smb2srv_tdis_send(struct smb2srv_request *req)
 416 {
 417         NTSTATUS status;
 418
 419         if (NT_STATUS_IS_ERR(req->status)) {
 420                 smb2srv_send_error(req, req->status);
 421                 return;
 422         }
 423
 424         status = smb2srv_setup_reply(req, 0x04, False, 0);
 425         if (!NT_STATUS_IS_OK(status)) {
 426                 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
 427                 talloc_free(req);
 428                 return;
 429         }
 430
 431         SSVAL(req->out.body, 0x02, 0);
 432
 433         smb2srv_send_reply(req);
 434 }
 435
 436 void smb2srv_tdis_recv(struct smb2srv_request *req)
 437 {
 438         uint16_t _pad;
 439
 440         SMB2SRV_CHECK_BODY_SIZE(req, 0x04, False);
 441
 442         _pad    = SVAL(req->in.body, 0x02);
 443
 444         req->status = smb2srv_tdis_backend(req);
 445
 446         if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) {
 447                 talloc_free(req);
 448                 return;
 449         }
 450         smb2srv_tdis_send(req);
 451 }