r16918: the SMB2 Ioctls are sometimes called with a wildcard handle

the operation doesn't need a valid file handle in that case

metze
(This used to be commit d41a83d55945b07020349339888f3a34ac4eff4e)

diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 27b3510371573ed3ab2e07c1f8125487d893e605..8ebdd38beebd632d9079dae4f7ae5169e4605a6f 100644 (file)
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -1949,7 +1949,8 @@ union smb_lpq {
 enum smb_ioctl_level {
        RAW_IOCTL_IOCTL,
        RAW_IOCTL_NTIOCTL,
-       RAW_IOCTL_SMB2
+       RAW_IOCTL_SMB2,
+       RAW_IOCTL_SMB2_NO_HANDLE
 };
 
 /*

diff --git a/source4/libcli/raw/rawioctl.c b/source4/libcli/raw/rawioctl.c
index 0bd37785acb0f9a56f6ff468e9d1d0347296c594..a9812022ea659710464085b033f321ad3e52a1ef 100644 (file)
--- a/source4/libcli/raw/rawioctl.c
+++ b/source4/libcli/raw/rawioctl.c
@@ -134,6 +134,7 @@ struct smbcli_request *smb_raw_ioctl_send(struct smbcli_tree *tree, union smb_io
                break;
 
        case RAW_IOCTL_SMB2:
+       case RAW_IOCTL_SMB2_NO_HANDLE:
                return NULL;
        }
 
@@ -154,6 +155,7 @@ NTSTATUS smb_raw_ioctl_recv(struct smbcli_request *req,
                return smb_raw_ntioctl_recv(req, mem_ctx, parms);
 
        case RAW_IOCTL_SMB2:
+       case RAW_IOCTL_SMB2_NO_HANDLE:
                break;
        }
        return NT_STATUS_INVALID_LEVEL;

diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c
index a0104cae4d36a7d86cd2a7da2fe72983e6609cc2..cc8b4af285755f28bc04d483c3fccce1506f4ecb 100644 (file)
--- a/source4/ntvfs/ipc/vfs_ipc.c
+++ b/source4/ntvfs/ipc/vfs_ipc.c
@@ -843,6 +843,9 @@ static NTSTATUS ipc_ioctl(struct ntvfs_module_context *ntvfs,
        case RAW_IOCTL_SMB2:
                return ipc_ioctl_smb2(ntvfs, req, io);
 
+       case RAW_IOCTL_SMB2_NO_HANDLE:
+               return NT_STATUS_FS_DRIVER_REQUIRED;
+
        default:
                return NT_STATUS_ACCESS_DENIED;
        }

diff --git a/source4/ntvfs/posix/pvfs_ioctl.c b/source4/ntvfs/posix/pvfs_ioctl.c
index 513f03c8ec3c621427828ef7af0d8d7d451a5dd1..8ba662d3e71b1d39cea4fc53a659e4483407ac3f 100644 (file)
--- a/source4/ntvfs/posix/pvfs_ioctl.c
+++ b/source4/ntvfs/posix/pvfs_ioctl.c
@@ -73,6 +73,7 @@ NTSTATUS pvfs_ioctl(struct ntvfs_module_context *ntvfs,
                return pvfs_ntioctl(ntvfs, req, io);
 
        case RAW_IOCTL_SMB2:
+       case RAW_IOCTL_SMB2_NO_HANDLE:
                return NT_STATUS_FS_DRIVER_REQUIRED;
        }
 

diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c
index 69eb4a02f288dbcb4af21905c0e8a549ac57f9f6..fa35afce7e4f459ee31b4cdbe7cbff37e645d901 100644 (file)
--- a/source4/smb_server/smb2/fileio.c
+++ b/source4/smb_server/smb2/fileio.c
@@ -239,7 +239,14 @@ static void smb2srv_ioctl_send(struct ntvfs_request *ntvfs)
 
        SSVAL(req->out.body,    0x02,   io->smb2.out._pad);
        SIVAL(req->out.body,    0x04,   io->smb2.out.function);
-       smb2srv_push_handle(req->out.body, 0x08,io->smb2.in.file.ntvfs);
+       if (io->smb2.level == RAW_IOCTL_SMB2_NO_HANDLE) {
+               struct smb2_handle h;
+               h.data[0] = UINT64_MAX;
+               h.data[1] = UINT64_MAX;
+               smb2_push_handle(req->out.body + 0x08, &h);
+       } else {
+               smb2srv_push_handle(req->out.body, 0x08,io->smb2.in.file.ntvfs);
+       }
        SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x18, io->smb2.out.in));
        SMB2SRV_CHECK(smb2_push_o32s32_blob(&req->out, 0x20, io->smb2.out.out));
        SIVAL(req->out.body,    0x28,   io->smb2.out.unknown2);
@@ -251,23 +258,31 @@ static void smb2srv_ioctl_send(struct ntvfs_request *ntvfs)
 void smb2srv_ioctl_recv(struct smb2srv_request *req)
 {
        union smb_ioctl *io;
+       struct smb2_handle h;
 
        SMB2SRV_CHECK_BODY_SIZE(req, 0x38, True);
        SMB2SRV_TALLOC_IO_PTR(io, union smb_ioctl);
        SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_ioctl_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
 
        /* TODO: avoid the memcpy */
-       io->smb2.level                  = RAW_IOCTL_SMB2;
        io->smb2.in._pad                = SVAL(req->in.body, 0x02);
        io->smb2.in.function            = IVAL(req->in.body, 0x04);
-       io->smb2.in.file.ntvfs          = smb2srv_pull_handle(req, req->in.body, 0x08);
+       /* file handle ... */
        SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x18, &io->smb2.in.out));
        io->smb2.in.unknown2            = IVAL(req->in.body, 0x20);
        SMB2SRV_CHECK(smb2_pull_o32s32_blob(&req->in, io, req->in.body+0x24, &io->smb2.in.in));
        io->smb2.in.max_response_size   = IVAL(req->in.body, 0x2C);
        io->smb2.in.flags               = BVAL(req->in.body, 0x30);
 
-       SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+       smb2_pull_handle(req->in.body + 0x08, &h);
+       if (h.data[0] == UINT64_MAX && h.data[1] == UINT64_MAX) {
+               io->smb2.level          = RAW_IOCTL_SMB2_NO_HANDLE;
+       } else {
+               io->smb2.level          = RAW_IOCTL_SMB2;
+               io->smb2.in.file.ntvfs  = smb2srv_pull_handle(req, req->in.body, 0x08);
+               SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
+       }
+
        SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_ioctl(req->ntvfs, io));
 }