1 /*
2    Unix SMB/CIFS implementation.
3    Core SMB2 server
4 
5    Copyright (C) Stefan Metzmacher 2009
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11 
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16 
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20 
21 #include "includes.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../lib/util/tevent_ntstatus.h"
26 #include "rpc_server/srv_pipe_hnd.h"
27 #include "include/ntioctl.h"
28 #include "smb2_ioctl_private.h"
29 
30 #undef DBGC_CLASS
31 #define DBGC_CLASS DBGC_SMB2
32 
33 static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq);
34 static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq);
35 
smb2_ioctl_named_pipe(uint32_t ctl_code,struct tevent_context * ev,struct tevent_req * req,struct smbd_smb2_ioctl_state * state)36 struct tevent_req *smb2_ioctl_named_pipe(uint32_t ctl_code,
37 					 struct tevent_context *ev,
38 					 struct tevent_req *req,
39 					 struct smbd_smb2_ioctl_state *state)
40 {
41 	NTSTATUS status;
42 	uint8_t *out_data = NULL;
43 	uint32_t out_data_len = 0;
44 
45 	if (ctl_code == FSCTL_PIPE_TRANSCEIVE) {
46 		struct tevent_req *subreq;
47 
48 		if (!IS_IPC(state->smbreq->conn)) {
49 			tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
50 			return tevent_req_post(req, ev);
51 		}
52 
53 		if (state->fsp == NULL) {
54 			tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
55 			return tevent_req_post(req, ev);
56 		}
57 
58 		if (!fsp_is_np(state->fsp)) {
59 			tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
60 			return tevent_req_post(req, ev);
61 		}
62 
63 		DEBUG(10,("smbd_smb2_ioctl_send: np_write_send of size %u\n",
64 			(unsigned int)state->in_input.length ));
65 
66 		subreq = np_write_send(state, ev,
67 				       state->fsp->fake_file_handle,
68 				       state->in_input.data,
69 				       state->in_input.length);
70 		if (tevent_req_nomem(subreq, req)) {
71 			return tevent_req_post(req, ev);
72 		}
73 		tevent_req_set_callback(subreq,
74 					smbd_smb2_ioctl_pipe_write_done,
75 					req);
76 		return req;
77 	}
78 
79 	if (state->fsp == NULL) {
80 		status = NT_STATUS_NOT_SUPPORTED;
81 	} else {
82 		status = SMB_VFS_FSCTL(state->fsp,
83 				       state,
84 				       ctl_code,
85 				       state->smbreq->flags2,
86 				       state->in_input.data,
87 				       state->in_input.length,
88 				       &out_data,
89 				       state->in_max_output,
90 				       &out_data_len);
91 		state->out_output = data_blob_const(out_data, out_data_len);
92 		if (NT_STATUS_IS_OK(status)) {
93 			tevent_req_done(req);
94 			return tevent_req_post(req, ev);
95 		}
96 	}
97 
98 	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
99 		if (IS_IPC(state->smbreq->conn)) {
100 			status = NT_STATUS_FS_DRIVER_REQUIRED;
101 		} else {
102 			status = NT_STATUS_INVALID_DEVICE_REQUEST;
103 		}
104 	}
105 
106 	tevent_req_nterror(req, status);
107 	return tevent_req_post(req, ev);
108 }
109 
smbd_smb2_ioctl_pipe_write_done(struct tevent_req * subreq)110 static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq)
111 {
112 	struct tevent_req *req = tevent_req_callback_data(subreq,
113 				 struct tevent_req);
114 	struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
115 					      struct smbd_smb2_ioctl_state);
116 	NTSTATUS status;
117 	ssize_t nwritten = -1;
118 
119 	status = np_write_recv(subreq, &nwritten);
120 
121 	DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: received %ld\n",
122 		(long int)nwritten ));
123 
124 	TALLOC_FREE(subreq);
125 	if (!NT_STATUS_IS_OK(status)) {
126 		tevent_req_nterror(req, status);
127 		return;
128 	}
129 
130 	if (nwritten != state->in_input.length) {
131 		tevent_req_nterror(req, NT_STATUS_PIPE_NOT_AVAILABLE);
132 		return;
133 	}
134 
135 	state->out_output = data_blob_talloc(state, NULL, state->in_max_output);
136 	if (state->in_max_output > 0 &&
137 	    tevent_req_nomem(state->out_output.data, req)) {
138 		return;
139 	}
140 
141 	DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: issuing np_read_send "
142 		"of size %u\n",
143 		(unsigned int)state->out_output.length ));
144 
145 	subreq = np_read_send(state->smbreq->conn,
146 			      state->smb2req->sconn->ev_ctx,
147 			      state->fsp->fake_file_handle,
148 			      state->out_output.data,
149 			      state->out_output.length);
150 	if (tevent_req_nomem(subreq, req)) {
151 		return;
152 	}
153 	tevent_req_set_callback(subreq, smbd_smb2_ioctl_pipe_read_done, req);
154 }
155 
smbd_smb2_ioctl_pipe_read_done(struct tevent_req * subreq)156 static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq)
157 {
158 	struct tevent_req *req = tevent_req_callback_data(subreq,
159 				 struct tevent_req);
160 	struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
161 					      struct smbd_smb2_ioctl_state);
162 	NTSTATUS status;
163 	ssize_t nread = -1;
164 	bool is_data_outstanding = false;
165 
166 	status = np_read_recv(subreq, &nread, &is_data_outstanding);
167 
168 	DEBUG(10,("smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = %d "
169 		 "is_data_outstanding = %d, status = %s\n",
170 		(int)nread,
171 		(int)is_data_outstanding,
172 		nt_errstr(status) ));
173 
174 	TALLOC_FREE(subreq);
175 	if (!NT_STATUS_IS_OK(status)) {
176 		tevent_req_nterror(req, status);
177 		return;
178 	}
179 
180 	state->out_output.length = nread;
181 
182 	if (is_data_outstanding) {
183 		tevent_req_nterror(req, STATUS_BUFFER_OVERFLOW);
184 		return;
185 	}
186 
187 	tevent_req_done(req);
188 }
189