1 /*
2 Unix SMB/CIFS implementation.
3
4 SMB2 client ioctl call
5
6 Copyright (C) Andrew Tridgell 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "libcli/smb2/smb2.h"
24 #include "libcli/smb2/smb2_calls.h"
25 #include "librpc/gen_ndr/ioctl.h"
26
27 /*
28 send a ioctl request
29 */
smb2_ioctl_send(struct smb2_tree * tree,struct smb2_ioctl * io)30 struct smb2_request *smb2_ioctl_send(struct smb2_tree *tree, struct smb2_ioctl *io)
31 {
32 NTSTATUS status;
33 struct smb2_request *req;
34 uint64_t max_payload_in;
35 uint64_t max_payload_out;
36 size_t max_payload;
37
38 req = smb2_request_init_tree(tree, SMB2_OP_IOCTL, 0x38, true,
39 io->in.in.length+io->in.out.length);
40 if (req == NULL) return NULL;
41
42 SSVAL(req->out.body, 0x02, 0); /* pad */
43 SIVAL(req->out.body, 0x04, io->in.function);
44 smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
45
46 status = smb2_push_o32s32_blob(&req->out, 0x18, io->in.out);
47 if (!NT_STATUS_IS_OK(status)) {
48 talloc_free(req);
49 return NULL;
50 }
51
52 SIVAL(req->out.body, 0x20, io->in.max_input_response);
53
54 status = smb2_push_o32s32_blob(&req->out, 0x24, io->in.in);
55 if (!NT_STATUS_IS_OK(status)) {
56 talloc_free(req);
57 return NULL;
58 }
59
60 SIVAL(req->out.body, 0x2C, io->in.max_output_response);
61 SBVAL(req->out.body, 0x30, io->in.flags);
62
63 max_payload_in = io->in.out.length + io->in.in.length;
64 max_payload_in = MIN(max_payload_in, UINT32_MAX);
65 max_payload_out = io->in.max_input_response + io->in.max_output_response;
66 max_payload_out = MIN(max_payload_out, UINT32_MAX);
67
68 max_payload = MAX(max_payload_in, max_payload_out);
69 req->credit_charge = (MAX(max_payload, 1) - 1)/ 65536 + 1;
70
71 smb2_transport_send(req);
72
73 return req;
74 }
75
76 /*
77 * 3.3.4.4 Sending an Error Response
78 */
smb2_ioctl_is_failure(uint32_t ctl_code,NTSTATUS status,size_t data_size)79 static bool smb2_ioctl_is_failure(uint32_t ctl_code, NTSTATUS status,
80 size_t data_size)
81 {
82 if (NT_STATUS_IS_OK(status)) {
83 return false;
84 }
85
86 if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)
87 && ((ctl_code == FSCTL_PIPE_TRANSCEIVE)
88 || (ctl_code == FSCTL_PIPE_PEEK)
89 || (ctl_code == FSCTL_DFS_GET_REFERRALS))) {
90 return false;
91 }
92
93 if (((ctl_code == FSCTL_SRV_COPYCHUNK)
94 || (ctl_code == FSCTL_SRV_COPYCHUNK_WRITE))
95 && (data_size == sizeof(struct srv_copychunk_rsp))) {
96 /*
97 * copychunk responses may come with copychunk data or error
98 * response data, independent of status.
99 */
100 return false;
101 }
102
103 return true;
104 }
105
106 /*
107 recv a ioctl reply
108 */
smb2_ioctl_recv(struct smb2_request * req,TALLOC_CTX * mem_ctx,struct smb2_ioctl * io)109 NTSTATUS smb2_ioctl_recv(struct smb2_request *req,
110 TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
111 {
112 NTSTATUS status;
113
114 if (!smb2_request_receive(req) ||
115 smb2_ioctl_is_failure(io->in.function, req->status,
116 req->in.bufinfo.data_size)) {
117 return smb2_request_destroy(req);
118 }
119
120 SMB2_CHECK_PACKET_RECV(req, 0x30, true);
121
122 io->out.reserved = SVAL(req->in.body, 0x02);
123 io->out.function = IVAL(req->in.body, 0x04);
124 smb2_pull_handle(req->in.body+0x08, &io->out.file.handle);
125
126 status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x18, &io->out.in);
127 if (!NT_STATUS_IS_OK(status)) {
128 smb2_request_destroy(req);
129 return status;
130 }
131
132 status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x20, &io->out.out);
133 if (!NT_STATUS_IS_OK(status)) {
134 smb2_request_destroy(req);
135 return status;
136 }
137
138 io->out.flags = IVAL(req->in.body, 0x28);
139 io->out.reserved2 = IVAL(req->in.body, 0x2C);
140
141 return smb2_request_destroy(req);
142 }
143
144 /*
145 sync ioctl request
146 */
smb2_ioctl(struct smb2_tree * tree,TALLOC_CTX * mem_ctx,struct smb2_ioctl * io)147 NTSTATUS smb2_ioctl(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
148 {
149 struct smb2_request *req = smb2_ioctl_send(tree, io);
150 return smb2_ioctl_recv(req, mem_ctx, io);
151 }
152