/src/samba/source3/smbd/smb2_ioctl_named_pipe.c

Source
/*
   Unix SMB/CIFS implementation.
   Core SMB2 server

   Copyright (C) Stefan Metzmacher 2009

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "includes.h"
#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "../libcli/smb/smb_common.h"
#include "../lib/util/tevent_ntstatus.h"
#include "rpc_server/srv_pipe_hnd.h"
#include "include/ntioctl.h"
#include "smb2_ioctl_private.h"

#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SMB2

static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq);
static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq);

struct tevent_req *smb2_ioctl_named_pipe(uint32_t ctl_code,
           struct tevent_context *ev,
           struct tevent_req *req,
           struct smbd_smb2_ioctl_state *state)
{
  NTSTATUS status;
  uint8_t *out_data = NULL;
  uint32_t out_data_len = 0;

  if (ctl_code == FSCTL_PIPE_TRANSCEIVE) {
    struct tevent_req *subreq;

    if (!IS_IPC(state->smbreq->conn)) {
      tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
      return tevent_req_post(req, ev);
    }

    if (state->fsp == NULL) {
      tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
      return tevent_req_post(req, ev);
    }

    if (!fsp_is_np(state->fsp)) {
      tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
      return tevent_req_post(req, ev);
    }

    DEBUG(10,("smbd_smb2_ioctl_send: np_write_send of size %u\n",
      (unsigned int)state->in_input.length ));

    subreq = np_write_send(state, ev,
               state->fsp->fake_file_handle,
               state->in_input.data,
               state->in_input.length);
    if (tevent_req_nomem(subreq, req)) {
      return tevent_req_post(req, ev);
    }
    tevent_req_set_callback(subreq,
          smbd_smb2_ioctl_pipe_write_done,
          req);
    return req;
  }

  if (state->fsp == NULL) {
    status = NT_STATUS_NOT_SUPPORTED;
  } else {
    status = SMB_VFS_FSCTL(state->fsp,
               state,
               ctl_code,
               state->smbreq->flags2,
               state->in_input.data,
               state->in_input.length,
               &out_data,
               state->in_max_output,
               &out_data_len);
    state->out_output = data_blob_const(out_data, out_data_len);
    if (NT_STATUS_IS_OK(status)) {
      tevent_req_done(req);
      return tevent_req_post(req, ev);
    }
  }

  if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
    if (IS_IPC(state->smbreq->conn)) {
      status = NT_STATUS_FS_DRIVER_REQUIRED;
    } else {
      status = NT_STATUS_INVALID_DEVICE_REQUEST;
    }
  }

  tevent_req_nterror(req, status);
  return tevent_req_post(req, ev);
}

static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq)
{
  struct tevent_req *req = tevent_req_callback_data(subreq,
         struct tevent_req);
  struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
                struct smbd_smb2_ioctl_state);
  NTSTATUS status;
  ssize_t nwritten = -1;

  status = np_write_recv(subreq, &nwritten);

  DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: received %ld\n",
    (long int)nwritten ));

  TALLOC_FREE(subreq);
  if (!NT_STATUS_IS_OK(status)) {
    status = nt_status_np_pipe(status);
    tevent_req_nterror(req, status);
    return;
  }

  if (nwritten != state->in_input.length) {
    tevent_req_nterror(req, NT_STATUS_PIPE_NOT_AVAILABLE);
    return;
  }

  state->out_output = data_blob_talloc(state, NULL, state->in_max_output);
  if (state->in_max_output > 0 &&
      tevent_req_nomem(state->out_output.data, req)) {
    return;
  }

  DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: issuing np_read_send "
    "of size %u\n",
    (unsigned int)state->out_output.length ));

  subreq = np_read_send(state->smbreq->conn,
            state->smb2req->sconn->ev_ctx,
            state->fsp->fake_file_handle,
            state->out_output.data,
            state->out_output.length);
  if (tevent_req_nomem(subreq, req)) {
    return;
  }
  tevent_req_set_callback(subreq, smbd_smb2_ioctl_pipe_read_done, req);
}

static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq)
{
  struct tevent_req *req = tevent_req_callback_data(subreq,
         struct tevent_req);
  struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
                struct smbd_smb2_ioctl_state);
  NTSTATUS status;
  ssize_t nread = -1;
  bool is_data_outstanding = false;

  status = np_read_recv(subreq, &nread, &is_data_outstanding);

  DEBUG(10,("smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = %d "
     "is_data_outstanding = %d, status = %s\n",
    (int)nread,
    (int)is_data_outstanding,
    nt_errstr(status) ));

  TALLOC_FREE(subreq);
  if (!NT_STATUS_IS_OK(status)) {
    status = nt_status_np_pipe(status);
    tevent_req_nterror(req, status);
    return;
  }

  state->out_output.length = nread;

  if (is_data_outstanding) {
    tevent_req_nterror(req, STATUS_BUFFER_OVERFLOW);
    return;
  }

  tevent_req_done(req);
}

Line	Count	Source
1		/*
2		Unix SMB/CIFS implementation.
3		Core SMB2 server
4
5		Copyright (C) Stefan Metzmacher 2009
6
7		This program is free software; you can redistribute it and/or modify
8		it under the terms of the GNU General Public License as published by
9		the Free Software Foundation; either version 3 of the License, or
10		(at your option) any later version.
11
12		This program is distributed in the hope that it will be useful,
13		but WITHOUT ANY WARRANTY; without even the implied warranty of
14		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15		GNU General Public License for more details.
16
17		You should have received a copy of the GNU General Public License
18		along with this program. If not, see <http://www.gnu.org/licenses/>.
19		*/
20
21		#include "includes.h"
22		#include "smbd/smbd.h"
23		#include "smbd/globals.h"
24		#include "../libcli/smb/smb_common.h"
25		#include "../lib/util/tevent_ntstatus.h"
26		#include "rpc_server/srv_pipe_hnd.h"
27		#include "include/ntioctl.h"
28		#include "smb2_ioctl_private.h"
29
30		#undef DBGC_CLASS
31	0	#define DBGC_CLASS DBGC_SMB2
32
33		static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq);
34		static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq);
35
36		struct tevent_req *smb2_ioctl_named_pipe(uint32_t ctl_code,
37		struct tevent_context *ev,
38		struct tevent_req *req,
39		struct smbd_smb2_ioctl_state *state)
40	0	{
41	0	NTSTATUS status;
42	0	uint8_t *out_data = NULL;
43	0	uint32_t out_data_len = 0;
44
45	0	if (ctl_code == FSCTL_PIPE_TRANSCEIVE) {
46	0	struct tevent_req *subreq;
47
48	0	if (!IS_IPC(state->smbreq->conn)) {
49	0	tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
50	0	return tevent_req_post(req, ev);
51	0	}
52
53	0	if (state->fsp == NULL) {
54	0	tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
55	0	return tevent_req_post(req, ev);
56	0	}
57
58	0	if (!fsp_is_np(state->fsp)) {
59	0	tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
60	0	return tevent_req_post(req, ev);
61	0	}
62
63	0	DEBUG(10,("smbd_smb2_ioctl_send: np_write_send of size %u\n",
64	0	(unsigned int)state->in_input.length ));
65
66	0	subreq = np_write_send(state, ev,
67	0	state->fsp->fake_file_handle,
68	0	state->in_input.data,
69	0	state->in_input.length);
70	0	if (tevent_req_nomem(subreq, req)) {
71	0	return tevent_req_post(req, ev);
72	0	}
73	0	tevent_req_set_callback(subreq,
74	0	smbd_smb2_ioctl_pipe_write_done,
75	0	req);
76	0	return req;
77	0	}
78
79	0	if (state->fsp == NULL) {
80	0	status = NT_STATUS_NOT_SUPPORTED;
81	0	} else {
82	0	status = SMB_VFS_FSCTL(state->fsp,
83	0	state,
84	0	ctl_code,
85	0	state->smbreq->flags2,
86	0	state->in_input.data,
87	0	state->in_input.length,
88	0	&out_data,
89	0	state->in_max_output,
90	0	&out_data_len);
91	0	state->out_output = data_blob_const(out_data, out_data_len);
92	0	if (NT_STATUS_IS_OK(status)) {
93	0	tevent_req_done(req);
94	0	return tevent_req_post(req, ev);
95	0	}
96	0	}
97
98	0	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
99	0	if (IS_IPC(state->smbreq->conn)) {
100	0	status = NT_STATUS_FS_DRIVER_REQUIRED;
101	0	} else {
102	0	status = NT_STATUS_INVALID_DEVICE_REQUEST;
103	0	}
104	0	}
105
106	0	tevent_req_nterror(req, status);
107	0	return tevent_req_post(req, ev);
108	0	}
109
110		static void smbd_smb2_ioctl_pipe_write_done(struct tevent_req *subreq)
111	0	{
112	0	struct tevent_req *req = tevent_req_callback_data(subreq,
113	0	struct tevent_req);
114	0	struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
115	0	struct smbd_smb2_ioctl_state);
116	0	NTSTATUS status;
117	0	ssize_t nwritten = -1;
118
119	0	status = np_write_recv(subreq, &nwritten);
120
121	0	DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: received %ld\n",
122	0	(long int)nwritten ));
123
124	0	TALLOC_FREE(subreq);
125	0	if (!NT_STATUS_IS_OK(status)) {
126	0	status = nt_status_np_pipe(status);
127	0	tevent_req_nterror(req, status);
128	0	return;
129	0	}
130
131	0	if (nwritten != state->in_input.length) {
132	0	tevent_req_nterror(req, NT_STATUS_PIPE_NOT_AVAILABLE);
133	0	return;
134	0	}
135
136	0	state->out_output = data_blob_talloc(state, NULL, state->in_max_output);
137	0	if (state->in_max_output > 0 &&
138	0	tevent_req_nomem(state->out_output.data, req)) {
139	0	return;
140	0	}
141
142	0	DEBUG(10,("smbd_smb2_ioctl_pipe_write_done: issuing np_read_send "
143	0	"of size %u\n",
144	0	(unsigned int)state->out_output.length ));
145
146	0	subreq = np_read_send(state->smbreq->conn,
147	0	state->smb2req->sconn->ev_ctx,
148	0	state->fsp->fake_file_handle,
149	0	state->out_output.data,
150	0	state->out_output.length);
151	0	if (tevent_req_nomem(subreq, req)) {
152	0	return;
153	0	}
154	0	tevent_req_set_callback(subreq, smbd_smb2_ioctl_pipe_read_done, req);
155	0	}
156
157		static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq)
158	0	{
159	0	struct tevent_req *req = tevent_req_callback_data(subreq,
160	0	struct tevent_req);
161	0	struct smbd_smb2_ioctl_state *state = tevent_req_data(req,
162	0	struct smbd_smb2_ioctl_state);
163	0	NTSTATUS status;
164	0	ssize_t nread = -1;
165	0	bool is_data_outstanding = false;
166
167	0	status = np_read_recv(subreq, &nread, &is_data_outstanding);
168
169	0	DEBUG(10,("smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = %d "
170	0	"is_data_outstanding = %d, status = %s\n",
171	0	(int)nread,
172	0	(int)is_data_outstanding,
173	0	nt_errstr(status) ));
174
175	0	TALLOC_FREE(subreq);
176	0	if (!NT_STATUS_IS_OK(status)) {
177	0	status = nt_status_np_pipe(status);
178	0	tevent_req_nterror(req, status);
179	0	return;
180	0	}
181
182	0	state->out_output.length = nread;
183
184	0	if (is_data_outstanding) {
185	0	tevent_req_nterror(req, STATUS_BUFFER_OVERFLOW);
186	0	return;
187	0	}
188
189	0	tevent_req_done(req);
190	0	}

Coverage Report

Created: 2026-02-14 07:07