1 /* 2 Unix SMB/CIFS implementation. 3 Core SMB2 server 4 5 Copyright (C) Stefan Metzmacher 2009 6 Copyright (C) David Disseldorp 2012 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 3 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program. If not, see <http://www.gnu.org/licenses/>. 20 */ 21 22 #include "includes.h" 23 #include "smbd/smbd.h" 24 #include "smbd/globals.h" 25 #include "../libcli/smb/smb_common.h" 26 #include "../libcli/security/security.h" 27 #include "../lib/util/tevent_ntstatus.h" 28 #include "include/ntioctl.h" 29 #include "../librpc/ndr/libndr.h" 30 #include "librpc/gen_ndr/ndr_ioctl.h" 31 #include "smb2_ioctl_private.h" 32 #include "../lib/tsocket/tsocket.h" 33 34 #undef DBGC_CLASS 35 #define DBGC_CLASS DBGC_SMB2 36 37 static void copychunk_pack_limits(struct srv_copychunk_rsp *cc_rsp) 38 { 39 cc_rsp->chunks_written = COPYCHUNK_MAX_CHUNKS; 40 cc_rsp->chunk_bytes_written = COPYCHUNK_MAX_CHUNK_LEN; 41 cc_rsp->total_bytes_written = COPYCHUNK_MAX_TOTAL_LEN; 42 } 43 44 static NTSTATUS copychunk_check_limits(struct srv_copychunk_copy *cc_copy) 45 { 46 uint32_t i; 47 uint32_t total_len = 0; 48 49 /* 50 * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request 51 * Send and invalid parameter response if: 52 * - The ChunkCount value is greater than 53 * ServerSideCopyMaxNumberofChunks 54 */ 55 if (cc_copy->chunk_count > COPYCHUNK_MAX_CHUNKS) { 56 return NT_STATUS_INVALID_PARAMETER; 57 } 58 59 for (i = 0; i < cc_copy->chunk_count; i++) { 60 /* 61 * - The Length value in a single chunk is greater than 62 * ServerSideCopyMaxChunkSize or equal to zero. 63 */ 64 if ((cc_copy->chunks[i].length == 0) 65 || (cc_copy->chunks[i].length > COPYCHUNK_MAX_CHUNK_LEN)) { 66 return NT_STATUS_INVALID_PARAMETER; 67 } 68 total_len += cc_copy->chunks[i].length; 69 } 70 /* 71 * - Sum of Lengths in all chunks is greater than 72 * ServerSideCopyMaxDataSize 73 */ 74 if (total_len > COPYCHUNK_MAX_TOTAL_LEN) { 75 return NT_STATUS_INVALID_PARAMETER; 76 } 77 78 return NT_STATUS_OK; 79 } 80 81 struct fsctl_srv_copychunk_state { 82 struct tevent_context *ev; 83 struct connection_struct *conn; 84 struct srv_copychunk_copy cc_copy; 85 uint32_t current_chunk; 86 NTSTATUS status; 87 off_t total_written; 88 uint32_t ctl_code; 89 DATA_BLOB token; 90 struct files_struct *src_fsp; 91 struct files_struct *dst_fsp; 92 enum { 93 COPYCHUNK_OUT_EMPTY = 0, 94 COPYCHUNK_OUT_LIMITS, 95 COPYCHUNK_OUT_RSP, 96 } out_data; 97 }; 98 static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq); 99 100 static NTSTATUS fsctl_srv_copychunk_loop(struct tevent_req *req); 101 102 static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx, 103 struct tevent_context *ev, 104 uint32_t ctl_code, 105 struct files_struct *dst_fsp, 106 DATA_BLOB *in_input, 107 size_t in_max_output, 108 struct smbd_smb2_request *smb2req) 109 { 110 struct tevent_req *req = NULL; 111 struct fsctl_srv_copychunk_state *state = NULL; 112 enum ndr_err_code ndr_ret; 113 NTSTATUS status; 114 115 /* handler for both copy-chunk variants */ 116 SMB_ASSERT((ctl_code == FSCTL_SRV_COPYCHUNK) 117 || (ctl_code == FSCTL_SRV_COPYCHUNK_WRITE)); 118 119 req = tevent_req_create(mem_ctx, &state, 120 struct fsctl_srv_copychunk_state); 121 if (req == NULL) { 122 return NULL; 123 } 124 *state = (struct fsctl_srv_copychunk_state) { 125 .conn = dst_fsp->conn, 126 .ev = ev, 127 .ctl_code = ctl_code, 128 .dst_fsp = dst_fsp, 129 }; 130 131 if (in_max_output < sizeof(struct srv_copychunk_rsp)) { 132 DEBUG(3, ("max output %d not large enough to hold copy chunk " 133 "response %lu\n", (int)in_max_output, 134 (unsigned long)sizeof(struct srv_copychunk_rsp))); 135 state->status = NT_STATUS_INVALID_PARAMETER; 136 tevent_req_nterror(req, state->status); 137 return tevent_req_post(req, ev); 138 } 139 140 ndr_ret = ndr_pull_struct_blob(in_input, mem_ctx, &state->cc_copy, 141 (ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_copy); 142 if (ndr_ret != NDR_ERR_SUCCESS) { 143 DEBUG(0, ("failed to unmarshall copy chunk req\n")); 144 state->status = NT_STATUS_INVALID_PARAMETER; 145 tevent_req_nterror(req, state->status); 146 return tevent_req_post(req, ev); 147 } 148 149 state->token = data_blob_const(state->cc_copy.source_key, 150 sizeof(state->cc_copy.source_key)); 151 152 state->status = copychunk_check_limits(&state->cc_copy); 153 if (!NT_STATUS_IS_OK(state->status)) { 154 DEBUG(3, ("copy chunk req exceeds limits\n")); 155 state->out_data = COPYCHUNK_OUT_LIMITS; 156 tevent_req_nterror(req, state->status); 157 return tevent_req_post(req, ev); 158 } 159 160 /* any errors from here onwards should carry copychunk response data */ 161 state->out_data = COPYCHUNK_OUT_RSP; 162 163 status = fsctl_srv_copychunk_loop(req); 164 if (tevent_req_nterror(req, status)) { 165 return tevent_req_post(req, ev); 166 } 167 168 return req; 169 } 170 171 static NTSTATUS fsctl_srv_copychunk_loop(struct tevent_req *req) 172 { 173 struct fsctl_srv_copychunk_state *state = tevent_req_data( 174 req, struct fsctl_srv_copychunk_state); 175 struct tevent_req *subreq = NULL; 176 uint32_t length = 0; 177 off_t source_off = 0; 178 off_t target_off = 0; 179 180 /* 181 * chunk_count can be 0 which must either just do nothing returning 182 * success saying number of copied chunks is 0 (verified against 183 * Windows). 184 * 185 * Or it can be a special macOS copyfile request, so we send this into 186 * the VFS, vfs_fruit if loaded implements the macOS copyile semantics. 187 */ 188 if (state->cc_copy.chunk_count > 0) { 189 struct srv_copychunk *chunk = NULL; 190 191 chunk = &state->cc_copy.chunks[state->current_chunk]; 192 length = chunk->length; 193 source_off = chunk->source_off; 194 target_off = chunk->target_off; 195 } 196 197 subreq = SMB_VFS_OFFLOAD_WRITE_SEND(state->dst_fsp->conn, 198 state, 199 state->ev, 200 state->ctl_code, 201 &state->token, 202 source_off, 203 state->dst_fsp, 204 target_off, 205 length); 206 if (tevent_req_nomem(subreq, req)) { 207 return NT_STATUS_NO_MEMORY; 208 } 209 tevent_req_set_callback(subreq, fsctl_srv_copychunk_vfs_done, req); 210 211 return NT_STATUS_OK; 212 } 213 214 static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq) 215 { 216 struct tevent_req *req = tevent_req_callback_data( 217 subreq, struct tevent_req); 218 struct fsctl_srv_copychunk_state *state = tevent_req_data( 219 req, struct fsctl_srv_copychunk_state); 220 off_t chunk_nwritten; 221 NTSTATUS status; 222 223 status = SMB_VFS_OFFLOAD_WRITE_RECV(state->conn, subreq, 224 &chunk_nwritten); 225 TALLOC_FREE(subreq); 226 if (!NT_STATUS_IS_OK(status)) { 227 DBG_ERR("copy chunk failed [%s] chunk [%u] of [%u]\n", 228 nt_errstr(status), 229 (unsigned int)state->current_chunk, 230 (unsigned int)state->cc_copy.chunk_count); 231 tevent_req_nterror(req, status); 232 return; 233 } 234 235 DBG_DEBUG("good copy chunk [%u] of [%u]\n", 236 (unsigned int)state->current_chunk, 237 (unsigned int)state->cc_copy.chunk_count); 238 state->total_written += chunk_nwritten; 239 240 if (state->cc_copy.chunk_count == 0) { 241 /* 242 * This must not produce an error but just return a chunk count 243 * of 0 in the response. 244 */ 245 tevent_req_done(req); 246 return; 247 } 248 249 state->current_chunk++; 250 if (state->current_chunk == state->cc_copy.chunk_count) { 251 tevent_req_done(req); 252 return; 253 } 254 255 status = fsctl_srv_copychunk_loop(req); 256 if (tevent_req_nterror(req, status)) { 257 return; 258 } 259 } 260 261 static NTSTATUS fsctl_srv_copychunk_recv(struct tevent_req *req, 262 struct srv_copychunk_rsp *cc_rsp, 263 bool *pack_rsp) 264 { 265 struct fsctl_srv_copychunk_state *state = tevent_req_data(req, 266 struct fsctl_srv_copychunk_state); 267 NTSTATUS status; 268 269 switch (state->out_data) { 270 case COPYCHUNK_OUT_EMPTY: 271 *pack_rsp = false; 272 break; 273 case COPYCHUNK_OUT_LIMITS: 274 /* 2.2.32.1 - send back our maximum transfer size limits */ 275 copychunk_pack_limits(cc_rsp); 276 *pack_rsp = true; 277 break; 278 case COPYCHUNK_OUT_RSP: 279 cc_rsp->chunks_written = state->current_chunk; 280 cc_rsp->chunk_bytes_written = 0; 281 cc_rsp->total_bytes_written = state->total_written; 282 *pack_rsp = true; 283 break; 284 default: /* not reached */ 285 assert(1); 286 break; 287 } 288 status = tevent_req_simple_recv_ntstatus(req); 289 return status; 290 } 291 292 static NTSTATUS fsctl_network_iface_info(TALLOC_CTX *mem_ctx, 293 struct tevent_context *ev, 294 struct smbXsrv_connection *xconn, 295 DATA_BLOB *in_input, 296 uint32_t in_max_output, 297 DATA_BLOB *out_output) 298 { 299 struct fsctl_net_iface_info *array = NULL; 300 struct fsctl_net_iface_info *first = NULL; 301 struct fsctl_net_iface_info *last = NULL; 302 size_t i; 303 size_t num_ifaces = iface_count(); 304 enum ndr_err_code ndr_err; 305 306 if (in_input->length != 0) { 307 return NT_STATUS_INVALID_PARAMETER; 308 } 309 310 *out_output = data_blob_null; 311 312 array = talloc_zero_array(mem_ctx, 313 struct fsctl_net_iface_info, 314 num_ifaces); 315 if (array == NULL) { 316 return NT_STATUS_NO_MEMORY; 317 } 318 319 for (i=0; i < num_ifaces; i++) { 320 struct fsctl_net_iface_info *cur = &array[i]; 321 const struct interface *iface = get_interface(i); 322 const struct sockaddr_storage *ifss = &iface->ip; 323 const void *ifptr = ifss; 324 const struct sockaddr *ifsa = (const struct sockaddr *)ifptr; 325 struct tsocket_address *a = NULL; 326 char *addr; 327 bool ok; 328 int ret; 329 330 ret = tsocket_address_bsd_from_sockaddr(array, 331 ifsa, sizeof(struct sockaddr_storage), 332 &a); 333 if (ret != 0) { 334 return map_nt_error_from_unix_common(errno); 335 } 336 337 ok = tsocket_address_is_inet(a, "ip"); 338 if (!ok) { 339 continue; 340 } 341 342 addr = tsocket_address_inet_addr_string(a, array); 343 if (addr == NULL) { 344 TALLOC_FREE(array); 345 return NT_STATUS_NO_MEMORY; 346 } 347 348 cur->ifindex = iface->if_index; 349 if (cur->ifindex == 0) { 350 /* 351 * Did not get interface index from kernel, 352 * nor from the config. ==> Apply a common 353 * default value for these cases. 354 */ 355 cur->ifindex = UINT32_MAX; 356 } 357 cur->capability = iface->capability; 358 cur->linkspeed = iface->linkspeed; 359 if (cur->linkspeed == 0) { 360 DBG_DEBUG("Link speed 0 on interface [%s] - skipping " 361 "address [%s].\n", iface->name, addr); 362 continue; 363 } 364 365 ok = tsocket_address_is_inet(a, "ipv4"); 366 if (ok) { 367 cur->sockaddr.family = FSCTL_NET_IFACE_AF_INET; 368 cur->sockaddr.saddr.saddr_in.ipv4 = addr; 369 } 370 ok = tsocket_address_is_inet(a, "ipv6"); 371 if (ok) { 372 cur->sockaddr.family = FSCTL_NET_IFACE_AF_INET6; 373 cur->sockaddr.saddr.saddr_in6.ipv6 = addr; 374 } 375 376 if (first == NULL) { 377 first = cur; 378 } 379 if (last != NULL) { 380 last->next = cur; 381 } 382 last = cur; 383 } 384 385 if (first == NULL) { 386 TALLOC_FREE(array); 387 return NT_STATUS_OK; 388 } 389 390 if (DEBUGLEVEL >= 10) { 391 NDR_PRINT_DEBUG(fsctl_net_iface_info, first); 392 } 393 394 ndr_err = ndr_push_struct_blob(out_output, mem_ctx, first, 395 (ndr_push_flags_fn_t)ndr_push_fsctl_net_iface_info); 396 TALLOC_FREE(array); 397 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 398 return ndr_map_error2ntstatus(ndr_err); 399 } 400 401 return NT_STATUS_OK; 402 } 403 404 static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx, 405 struct tevent_context *ev, 406 struct smbXsrv_connection *conn, 407 DATA_BLOB *in_input, 408 uint32_t in_max_output, 409 DATA_BLOB *out_output, 410 bool *disconnect) 411 { 412 uint32_t in_capabilities; 413 DATA_BLOB in_guid_blob; 414 struct GUID in_guid; 415 uint16_t in_security_mode; 416 uint16_t in_num_dialects; 417 uint16_t dialect; 418 DATA_BLOB out_guid_blob; 419 NTSTATUS status; 420 enum protocol_types protocol = PROTOCOL_NONE; 421 422 if (lp_server_max_protocol() <= PROTOCOL_SMB2_02) { 423 /* 424 * With SMB 2.02 we didn't get the 425 * capabitities, client guid, security mode 426 * and dialects the client would have offered. 427 * 428 * So we behave compatible with a true 429 * SMB 2.02 server and return NT_STATUS_FILE_CLOSED. 430 * 431 * As SMB >= 2.10 offers the two phase SMB2 Negotiate 432 * we keep supporting FSCTL_VALIDATE_NEGOTIATE_INFO 433 * starting with SMB 2.10, while Windows only supports 434 * it starting with SMB > 2.10. 435 */ 436 return NT_STATUS_FILE_CLOSED; 437 } 438 439 if (in_input->length < 0x18) { 440 return NT_STATUS_INVALID_PARAMETER; 441 } 442 443 in_capabilities = IVAL(in_input->data, 0x00); 444 in_guid_blob = data_blob_const(in_input->data + 0x04, 16); 445 in_security_mode = SVAL(in_input->data, 0x14); 446 in_num_dialects = SVAL(in_input->data, 0x16); 447 448 if (in_input->length < (0x18 + in_num_dialects*2)) { 449 return NT_STATUS_INVALID_PARAMETER; 450 } 451 452 if (in_max_output < 0x18) { 453 return NT_STATUS_BUFFER_TOO_SMALL; 454 } 455 456 status = GUID_from_ndr_blob(&in_guid_blob, &in_guid); 457 if (!NT_STATUS_IS_OK(status)) { 458 return status; 459 } 460 461 /* 462 * From: [MS-SMB2] 463 * 3.3.5.15.12 Handling a Validate Negotiate Info Request 464 * 465 * The server MUST determine the greatest common dialect 466 * between the dialects it implements and the Dialects array 467 * of the VALIDATE_NEGOTIATE_INFO request. If no dialect is 468 * matched, or if the value is not equal to Connection.Dialect, 469 * the server MUST terminate the transport connection 470 * and free the Connection object. 471 */ 472 protocol = smbd_smb2_protocol_dialect_match(in_input->data + 0x18, 473 in_num_dialects, 474 &dialect); 475 if (conn->protocol != protocol) { 476 *disconnect = true; 477 return NT_STATUS_ACCESS_DENIED; 478 } 479 480 if (!GUID_equal(&in_guid, &conn->smb2.client.guid)) { 481 *disconnect = true; 482 return NT_STATUS_ACCESS_DENIED; 483 } 484 485 if (in_security_mode != conn->smb2.client.security_mode) { 486 *disconnect = true; 487 return NT_STATUS_ACCESS_DENIED; 488 } 489 490 if (in_capabilities != conn->smb2.client.capabilities) { 491 *disconnect = true; 492 return NT_STATUS_ACCESS_DENIED; 493 } 494 495 status = GUID_to_ndr_blob(&conn->smb2.server.guid, mem_ctx, 496 &out_guid_blob); 497 if (!NT_STATUS_IS_OK(status)) { 498 return status; 499 } 500 501 *out_output = data_blob_talloc(mem_ctx, NULL, 0x18); 502 if (out_output->data == NULL) { 503 return NT_STATUS_NO_MEMORY; 504 } 505 506 SIVAL(out_output->data, 0x00, conn->smb2.server.capabilities); 507 memcpy(out_output->data+0x04, out_guid_blob.data, 16); 508 SSVAL(out_output->data, 0x14, conn->smb2.server.security_mode); 509 SSVAL(out_output->data, 0x16, conn->smb2.server.dialect); 510 511 return NT_STATUS_OK; 512 } 513 514 static void smb2_ioctl_network_fs_copychunk_done(struct tevent_req *subreq); 515 static void smb2_ioctl_network_fs_offload_read_done(struct tevent_req *subreq); 516 517 struct tevent_req *smb2_ioctl_network_fs(uint32_t ctl_code, 518 struct tevent_context *ev, 519 struct tevent_req *req, 520 struct smbd_smb2_ioctl_state *state) 521 { 522 struct tevent_req *subreq; 523 NTSTATUS status; 524 525 switch (ctl_code) { 526 /* 527 * [MS-SMB2] 2.2.31 528 * FSCTL_SRV_COPYCHUNK is issued when a handle has 529 * FILE_READ_DATA and FILE_WRITE_DATA access to the file; 530 * FSCTL_SRV_COPYCHUNK_WRITE is issued when a handle only has 531 * FILE_WRITE_DATA access. 532 */ 533 case FSCTL_SRV_COPYCHUNK_WRITE: /* FALL THROUGH */ 534 case FSCTL_SRV_COPYCHUNK: 535 subreq = fsctl_srv_copychunk_send(state, ev, 536 ctl_code, 537 state->fsp, 538 &state->in_input, 539 state->in_max_output, 540 state->smb2req); 541 if (tevent_req_nomem(subreq, req)) { 542 return tevent_req_post(req, ev); 543 } 544 tevent_req_set_callback(subreq, 545 smb2_ioctl_network_fs_copychunk_done, 546 req); 547 return req; 548 break; 549 case FSCTL_QUERY_NETWORK_INTERFACE_INFO: 550 if (!state->smbreq->xconn->client->server_multi_channel_enabled) 551 { 552 if (IS_IPC(state->smbreq->conn)) { 553 status = NT_STATUS_FS_DRIVER_REQUIRED; 554 } else { 555 status = NT_STATUS_INVALID_DEVICE_REQUEST; 556 } 557 558 tevent_req_nterror(req, status); 559 return tevent_req_post(req, ev); 560 } 561 562 status = fsctl_network_iface_info(state, ev, 563 state->smbreq->xconn, 564 &state->in_input, 565 state->in_max_output, 566 &state->out_output); 567 if (!tevent_req_nterror(req, status)) { 568 tevent_req_done(req); 569 } 570 return tevent_req_post(req, ev); 571 break; 572 case FSCTL_VALIDATE_NEGOTIATE_INFO: 573 status = fsctl_validate_neg_info(state, ev, 574 state->smbreq->xconn, 575 &state->in_input, 576 state->in_max_output, 577 &state->out_output, 578 &state->disconnect); 579 if (!tevent_req_nterror(req, status)) { 580 tevent_req_done(req); 581 } 582 return tevent_req_post(req, ev); 583 break; 584 case FSCTL_SRV_REQUEST_RESUME_KEY: 585 subreq = SMB_VFS_OFFLOAD_READ_SEND(state, 586 ev, 587 state->fsp, 588 FSCTL_SRV_REQUEST_RESUME_KEY, 589 0, 0, 0); 590 if (tevent_req_nomem(subreq, req)) { 591 return tevent_req_post(req, ev); 592 } 593 tevent_req_set_callback( 594 subreq, smb2_ioctl_network_fs_offload_read_done, req); 595 return req; 596 597 default: { 598 uint8_t *out_data = NULL; 599 uint32_t out_data_len = 0; 600 601 if (state->fsp == NULL) { 602 status = NT_STATUS_NOT_SUPPORTED; 603 } else { 604 status = SMB_VFS_FSCTL(state->fsp, 605 state, 606 ctl_code, 607 state->smbreq->flags2, 608 state->in_input.data, 609 state->in_input.length, 610 &out_data, 611 state->in_max_output, 612 &out_data_len); 613 state->out_output = data_blob_const(out_data, out_data_len); 614 if (NT_STATUS_IS_OK(status)) { 615 tevent_req_done(req); 616 return tevent_req_post(req, ev); 617 } 618 } 619 620 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { 621 if (IS_IPC(state->smbreq->conn)) { 622 status = NT_STATUS_FS_DRIVER_REQUIRED; 623 } else { 624 status = NT_STATUS_INVALID_DEVICE_REQUEST; 625 } 626 } 627 628 tevent_req_nterror(req, status); 629 return tevent_req_post(req, ev); 630 break; 631 } 632 } 633 634 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); 635 return tevent_req_post(req, ev); 636 } 637 638 static void smb2_ioctl_network_fs_copychunk_done(struct tevent_req *subreq) 639 { 640 struct tevent_req *req = tevent_req_callback_data(subreq, 641 struct tevent_req); 642 struct smbd_smb2_ioctl_state *ioctl_state = tevent_req_data(req, 643 struct smbd_smb2_ioctl_state); 644 struct srv_copychunk_rsp cc_rsp; 645 NTSTATUS status; 646 bool pack_rsp = false; 647 648 ZERO_STRUCT(cc_rsp); 649 status = fsctl_srv_copychunk_recv(subreq, &cc_rsp, &pack_rsp); 650 TALLOC_FREE(subreq); 651 if (pack_rsp == true) { 652 enum ndr_err_code ndr_ret; 653 ndr_ret = ndr_push_struct_blob(&ioctl_state->out_output, 654 ioctl_state, 655 &cc_rsp, 656 (ndr_push_flags_fn_t)ndr_push_srv_copychunk_rsp); 657 if (ndr_ret != NDR_ERR_SUCCESS) { 658 status = NT_STATUS_INTERNAL_ERROR; 659 } 660 } 661 662 if (!tevent_req_nterror(req, status)) { 663 tevent_req_done(req); 664 } 665 } 666 667 static void smb2_ioctl_network_fs_offload_read_done(struct tevent_req *subreq) 668 { 669 struct tevent_req *req = tevent_req_callback_data( 670 subreq, struct tevent_req); 671 struct smbd_smb2_ioctl_state *state = tevent_req_data( 672 req, struct smbd_smb2_ioctl_state); 673 struct req_resume_key_rsp rkey_rsp; 674 enum ndr_err_code ndr_ret; 675 DATA_BLOB token; 676 NTSTATUS status; 677 678 status = SMB_VFS_OFFLOAD_READ_RECV(subreq, 679 state->fsp->conn, 680 state, 681 &token); 682 TALLOC_FREE(subreq); 683 if (tevent_req_nterror(req, status)) { 684 return; 685 } 686 687 if (token.length != sizeof(rkey_rsp.resume_key)) { 688 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); 689 return; 690 } 691 692 ZERO_STRUCT(rkey_rsp); 693 memcpy(rkey_rsp.resume_key, token.data, token.length); 694 695 ndr_ret = ndr_push_struct_blob(&state->out_output, state, &rkey_rsp, 696 (ndr_push_flags_fn_t)ndr_push_req_resume_key_rsp); 697 if (ndr_ret != NDR_ERR_SUCCESS) { 698 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); 699 return; 700 } 701 702 tevent_req_done(req); 703 return; 704 } 705