summaryrefslogtreecommitdiffstats
path: root/source4/ntvfs/ipc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/ntvfs/ipc')
-rw-r--r--source4/ntvfs/ipc/README5
-rw-r--r--source4/ntvfs/ipc/ipc_rap.c511
-rw-r--r--source4/ntvfs/ipc/rap_server.c95
-rw-r--r--source4/ntvfs/ipc/vfs_ipc.c1356
4 files changed, 1967 insertions, 0 deletions
diff --git a/source4/ntvfs/ipc/README b/source4/ntvfs/ipc/README
new file mode 100644
index 0000000..059a714
--- /dev/null
+++ b/source4/ntvfs/ipc/README
@@ -0,0 +1,5 @@
+This is the IPC$ backend for Samba. NTVFS operations that are made on
+IPC$ shares are directed here by default. Most file operations
+are not supported on IPC$ shares.
+
+
diff --git a/source4/ntvfs/ipc/ipc_rap.c b/source4/ntvfs/ipc/ipc_rap.c
new file mode 100644
index 0000000..9ddde5e
--- /dev/null
+++ b/source4/ntvfs/ipc/ipc_rap.c
@@ -0,0 +1,511 @@
+/*
+ Unix SMB/CIFS implementation.
+ RAP handlers
+
+ Copyright (C) Volker Lendecke 2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/raw/interfaces.h"
+#include "../librpc/gen_ndr/rap.h"
+#include "events/events.h"
+#include "ntvfs/ipc/proto.h"
+#include "librpc/ndr/libndr.h"
+#include "param/param.h"
+
+#define NDR_RETURN(call) do { \
+ enum ndr_err_code _ndr_err; \
+ _ndr_err = call; \
+ if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
+ return ndr_map_error2ntstatus(_ndr_err); \
+ } \
+} while (0)
+
+#define RAP_GOTO(call) do { \
+ result = call; \
+ if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) {\
+ goto buffer_overflow; \
+ } \
+ if (!NT_STATUS_IS_OK(result)) { \
+ goto done; \
+ } \
+} while (0)
+
+#define NDR_GOTO(call) do { \
+ enum ndr_err_code _ndr_err; \
+ _ndr_err = call; \
+ if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
+ RAP_GOTO(ndr_map_error2ntstatus(_ndr_err)); \
+ } \
+} while (0)
+
+
+#define NERR_notsupported 50
+
+struct rap_string_heap {
+ TALLOC_CTX *mem_ctx;
+ int offset;
+ int num_strings;
+ const char **strings;
+};
+
+struct rap_heap_save {
+ int offset, num_strings;
+};
+
+static void rap_heap_save(struct rap_string_heap *heap,
+ struct rap_heap_save *save)
+{
+ save->offset = heap->offset;
+ save->num_strings = heap->num_strings;
+}
+
+static void rap_heap_restore(struct rap_string_heap *heap,
+ struct rap_heap_save *save)
+{
+ heap->offset = save->offset;
+ heap->num_strings = save->num_strings;
+}
+
+struct rap_call {
+ struct loadparm_context *lp_ctx;
+
+ TALLOC_CTX *mem_ctx;
+ uint16_t callno;
+ const char *paramdesc;
+ const char *datadesc;
+
+ uint16_t status;
+ uint16_t convert;
+
+ uint16_t rcv_paramlen, rcv_datalen;
+
+ struct ndr_push *ndr_push_param;
+ struct ndr_push *ndr_push_data;
+ struct rap_string_heap *heap;
+
+ struct ndr_pull *ndr_pull_param;
+ struct ndr_pull *ndr_pull_data;
+
+ struct tevent_context *event_ctx;
+};
+
+#define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
+
+static struct rap_call *new_rap_srv_call(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev_ctx,
+ struct loadparm_context *lp_ctx,
+ struct smb_trans2 *trans)
+{
+ struct rap_call *call;
+
+ call = talloc(mem_ctx, struct rap_call);
+
+ if (call == NULL)
+ return NULL;
+
+ ZERO_STRUCTP(call);
+
+ call->lp_ctx = talloc_reference(call, lp_ctx);
+ call->event_ctx = ev_ctx;
+
+ call->mem_ctx = mem_ctx;
+
+ call->ndr_pull_param = ndr_pull_init_blob(&trans->in.params, mem_ctx);
+ call->ndr_pull_param->flags = RAPNDR_FLAGS;
+
+ call->ndr_pull_data = ndr_pull_init_blob(&trans->in.data, mem_ctx);
+ call->ndr_pull_data->flags = RAPNDR_FLAGS;
+
+ call->heap = talloc(mem_ctx, struct rap_string_heap);
+
+ if (call->heap == NULL)
+ return NULL;
+
+ ZERO_STRUCTP(call->heap);
+
+ call->heap->mem_ctx = mem_ctx;
+
+ return call;
+}
+
+static NTSTATUS rap_srv_pull_word(struct rap_call *call, uint16_t *result)
+{
+ enum ndr_err_code ndr_err;
+
+ if (*call->paramdesc++ != 'W')
+ return NT_STATUS_INVALID_PARAMETER;
+
+ ndr_err = ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, result);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_dword(struct rap_call *call, uint32_t *result)
+{
+ enum ndr_err_code ndr_err;
+
+ if (*call->paramdesc++ != 'D')
+ return NT_STATUS_INVALID_PARAMETER;
+
+ ndr_err = ndr_pull_uint32(call->ndr_pull_param, NDR_SCALARS, result);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_string(struct rap_call *call, const char **result)
+{
+ enum ndr_err_code ndr_err;
+ char paramdesc = *call->paramdesc++;
+
+ if (paramdesc == 'O') {
+ *result = NULL;
+ return NT_STATUS_OK;
+ }
+
+ if (paramdesc != 'z')
+ return NT_STATUS_INVALID_PARAMETER;
+
+ ndr_err = ndr_pull_string(call->ndr_pull_param, NDR_SCALARS, result);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_bufsize(struct rap_call *call, uint16_t *bufsize)
+{
+ enum ndr_err_code ndr_err;
+
+ if ( (*call->paramdesc++ != 'r') || (*call->paramdesc++ != 'L') )
+ return NT_STATUS_INVALID_PARAMETER;
+
+ ndr_err = ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, bufsize);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ call->heap->offset = *bufsize;
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_srv_pull_expect_multiple(struct rap_call *call)
+{
+ if ( (*call->paramdesc++ != 'e') || (*call->paramdesc++ != 'h') )
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS rap_push_string(struct ndr_push *data_push,
+ struct rap_string_heap *heap,
+ const char *str)
+{
+ size_t space;
+
+ if (str == NULL)
+ str = "";
+
+ space = strlen(str)+1;
+
+ if (heap->offset < space)
+ return NT_STATUS_BUFFER_TOO_SMALL;
+
+ heap->offset -= space;
+
+ NDR_RETURN(ndr_push_uint16(data_push, NDR_SCALARS, heap->offset));
+ NDR_RETURN(ndr_push_uint16(data_push, NDR_SCALARS, 0));
+
+ heap->strings = talloc_realloc(heap->mem_ctx,
+ heap->strings,
+ const char *,
+ heap->num_strings + 1);
+
+ if (heap->strings == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ heap->strings[heap->num_strings] = str;
+ heap->num_strings += 1;
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS _rap_netshareenum(struct rap_call *call)
+{
+ struct rap_NetShareEnum r;
+ NTSTATUS result;
+ uint32_t offset_save = 0;
+ struct rap_heap_save heap_save = {0};
+
+ RAP_GOTO(rap_srv_pull_word(call, &r.in.level));
+ RAP_GOTO(rap_srv_pull_bufsize(call, &r.in.bufsize));
+ RAP_GOTO(rap_srv_pull_expect_multiple(call));
+
+ switch(r.in.level) {
+ case 0:
+ if (strcmp(call->datadesc, "B13") != 0)
+ return NT_STATUS_INVALID_PARAMETER;
+ break;
+ case 1:
+ if (strcmp(call->datadesc, "B13BWz") != 0)
+ return NT_STATUS_INVALID_PARAMETER;
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ break;
+ }
+
+ result = rap_netshareenum(call, call->event_ctx, call->lp_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(result))
+ return result;
+
+ for (r.out.count = 0; r.out.count < r.out.available; r.out.count++) {
+
+ int i = r.out.count;
+
+ offset_save = call->ndr_push_data->offset;
+ rap_heap_save(call->heap, &heap_save);
+
+ switch(r.in.level) {
+ case 0:
+ NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+ (const uint8_t *)r.out.info[i].info0.share_name,
+ sizeof(r.out.info[i].info0.share_name)));
+ break;
+ case 1:
+ NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+ (const uint8_t *)r.out.info[i].info1.share_name,
+ sizeof(r.out.info[i].info1.share_name)));
+ NDR_GOTO(ndr_push_uint8(call->ndr_push_data,
+ NDR_SCALARS, r.out.info[i].info1.reserved1));
+ NDR_GOTO(ndr_push_uint16(call->ndr_push_data,
+ NDR_SCALARS, r.out.info[i].info1.share_type));
+
+ RAP_GOTO(rap_push_string(call->ndr_push_data,
+ call->heap,
+ r.out.info[i].info1.comment));
+
+ break;
+ }
+
+ if (call->ndr_push_data->offset > call->heap->offset) {
+
+ buffer_overflow:
+
+ call->ndr_push_data->offset = offset_save;
+ rap_heap_restore(call->heap, &heap_save);
+ break;
+ }
+ }
+
+ call->status = r.out.status;
+
+ NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.count));
+ NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.available));
+
+ result = NT_STATUS_OK;
+
+ done:
+ return result;
+}
+
+static NTSTATUS _rap_netserverenum2(struct rap_call *call)
+{
+ struct rap_NetServerEnum2 r;
+ NTSTATUS result;
+ uint32_t offset_save = 0;
+ struct rap_heap_save heap_save = {0};
+
+ RAP_GOTO(rap_srv_pull_word(call, &r.in.level));
+ RAP_GOTO(rap_srv_pull_bufsize(call, &r.in.bufsize));
+ RAP_GOTO(rap_srv_pull_expect_multiple(call));
+ RAP_GOTO(rap_srv_pull_dword(call, &r.in.servertype));
+ RAP_GOTO(rap_srv_pull_string(call, &r.in.domain));
+
+ switch(r.in.level) {
+ case 0:
+ if (strcmp(call->datadesc, "B16") != 0)
+ return NT_STATUS_INVALID_PARAMETER;
+ break;
+ case 1:
+ if (strcmp(call->datadesc, "B16BBDz") != 0)
+ return NT_STATUS_INVALID_PARAMETER;
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ break;
+ }
+
+ result = rap_netserverenum2(call, call->lp_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(result))
+ return result;
+
+ for (r.out.count = 0; r.out.count < r.out.available; r.out.count++) {
+
+ int i = r.out.count;
+
+ offset_save = call->ndr_push_data->offset;
+ rap_heap_save(call->heap, &heap_save);
+
+ switch(r.in.level) {
+ case 0:
+ NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+ (const uint8_t *)r.out.info[i].info0.name,
+ sizeof(r.out.info[i].info0.name)));
+ break;
+ case 1:
+ NDR_GOTO(ndr_push_bytes(call->ndr_push_data,
+ (const uint8_t *)r.out.info[i].info1.name,
+ sizeof(r.out.info[i].info1.name)));
+ NDR_GOTO(ndr_push_uint8(call->ndr_push_data,
+ NDR_SCALARS, r.out.info[i].info1.version_major));
+ NDR_GOTO(ndr_push_uint8(call->ndr_push_data,
+ NDR_SCALARS, r.out.info[i].info1.version_minor));
+ NDR_GOTO(ndr_push_uint32(call->ndr_push_data,
+ NDR_SCALARS, r.out.info[i].info1.servertype));
+
+ RAP_GOTO(rap_push_string(call->ndr_push_data,
+ call->heap,
+ r.out.info[i].info1.comment));
+
+ break;
+ }
+
+ if (call->ndr_push_data->offset > call->heap->offset) {
+
+ buffer_overflow:
+
+ call->ndr_push_data->offset = offset_save;
+ rap_heap_restore(call->heap, &heap_save);
+ break;
+ }
+ }
+
+ call->status = r.out.status;
+
+ NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.count));
+ NDR_RETURN(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.available));
+
+ result = NT_STATUS_OK;
+
+ done:
+ return result;
+}
+
+static NTSTATUS api_Unsupported(struct rap_call *call)
+{
+ call->status = NERR_notsupported;
+ call->convert = 0;
+ return NT_STATUS_OK;
+}
+
+static const struct
+{
+ const char *name;
+ int id;
+ NTSTATUS (*fn)(struct rap_call *call);
+} api_commands[] = {
+ {"NetShareEnum", RAP_WshareEnum, _rap_netshareenum },
+ {"NetServerEnum2", RAP_NetServerEnum2, _rap_netserverenum2 },
+ {NULL, -1, api_Unsupported}
+};
+
+NTSTATUS ipc_rap_call(TALLOC_CTX *mem_ctx, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx,
+ struct smb_trans2 *trans)
+{
+ int i;
+ NTSTATUS result;
+ struct rap_call *call;
+ DATA_BLOB result_param, result_data;
+ struct ndr_push *final_param;
+ struct ndr_push *final_data;
+
+ call = new_rap_srv_call(mem_ctx, event_ctx, lp_ctx, trans);
+
+ if (call == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ NDR_RETURN(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &call->callno));
+ NDR_RETURN(ndr_pull_string(call->ndr_pull_param, NDR_SCALARS,
+ &call->paramdesc));
+ NDR_RETURN(ndr_pull_string(call->ndr_pull_param, NDR_SCALARS,
+ &call->datadesc));
+
+ call->ndr_push_param = ndr_push_init_ctx(call);
+ call->ndr_push_data = ndr_push_init_ctx(call);
+
+ if ((call->ndr_push_param == NULL) || (call->ndr_push_data == NULL))
+ return NT_STATUS_NO_MEMORY;
+
+ call->ndr_push_param->flags = RAPNDR_FLAGS;
+ call->ndr_push_data->flags = RAPNDR_FLAGS;
+
+ result = NT_STATUS_INVALID_SYSTEM_SERVICE;
+
+ for (i=0; api_commands[i].name != NULL; i++) {
+ if (api_commands[i].id == call->callno) {
+ DEBUG(5, ("Running RAP call %s\n",
+ api_commands[i].name));
+ result = api_commands[i].fn(call);
+ break;
+ }
+ }
+
+ if (!NT_STATUS_IS_OK(result))
+ return result;
+
+ result_param = ndr_push_blob(call->ndr_push_param);
+ result_data = ndr_push_blob(call->ndr_push_data);
+
+ final_param = ndr_push_init_ctx(call);
+ final_data = ndr_push_init_ctx(call);
+
+ if ((final_param == NULL) || (final_data == NULL))
+ return NT_STATUS_NO_MEMORY;
+
+ final_param->flags = RAPNDR_FLAGS;
+ final_data->flags = RAPNDR_FLAGS;
+
+ NDR_RETURN(ndr_push_uint16(final_param, NDR_SCALARS, call->status));
+ NDR_RETURN(ndr_push_uint16(final_param,
+ NDR_SCALARS, call->heap->offset - result_data.length));
+ NDR_RETURN(ndr_push_bytes(final_param, result_param.data,
+ result_param.length));
+
+ NDR_RETURN(ndr_push_bytes(final_data, result_data.data,
+ result_data.length));
+
+ for (i=call->heap->num_strings-1; i>=0; i--)
+ NDR_RETURN(ndr_push_string(final_data, NDR_SCALARS,
+ call->heap->strings[i]));
+
+ trans->out.setup_count = 0;
+ trans->out.setup = NULL;
+ trans->out.params = ndr_push_blob(final_param);
+ trans->out.data = ndr_push_blob(final_data);
+
+ return result;
+}
diff --git a/source4/ntvfs/ipc/rap_server.c b/source4/ntvfs/ipc/rap_server.c
new file mode 100644
index 0000000..4c4beca
--- /dev/null
+++ b/source4/ntvfs/ipc/rap_server.c
@@ -0,0 +1,95 @@
+/*
+ Unix SMB/CIFS implementation.
+ RAP handlers
+
+ Copyright (C) Volker Lendecke 2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "param/share.h"
+#include "../librpc/gen_ndr/rap.h"
+#include "libcli/raw/interfaces.h"
+#include "librpc/gen_ndr/srvsvc.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "rpc_server/common/common.h"
+#include "rpc_server/common/share.h"
+#include "param/param.h"
+#include "ntvfs/ipc/proto.h"
+
+/* At this moment these are just dummy functions, but you might get the
+ * idea. */
+
+NTSTATUS rap_netshareenum(TALLOC_CTX *mem_ctx,
+ struct tevent_context *event_ctx,
+ struct loadparm_context *lp_ctx,
+ struct rap_NetShareEnum *r)
+{
+ NTSTATUS nterr;
+ const char **snames;
+ struct share_context *sctx;
+ struct share_config *scfg;
+ int i, j, count;
+
+ r->out.status = 0;
+ r->out.available = 0;
+ r->out.info = NULL;
+
+ nterr = share_get_context(mem_ctx, lp_ctx, &sctx);
+ if (!NT_STATUS_IS_OK(nterr)) {
+ return nterr;
+ }
+
+ nterr = share_list_all(mem_ctx, sctx, &count, &snames);
+ if (!NT_STATUS_IS_OK(nterr)) {
+ return nterr;
+ }
+
+ r->out.available = count;
+ r->out.info = talloc_array(mem_ctx,
+ union rap_share_info, r->out.available);
+
+ for (i = 0, j = 0; i < r->out.available; i++) {
+ size_t sname_len;
+
+ if (!NT_STATUS_IS_OK(share_get_config(mem_ctx, sctx, snames[i], &scfg))) {
+ DEBUG(3, ("WARNING: Service [%s] disappeared after enumeration!\n", snames[i]));
+ continue;
+ }
+ /* Make sure we have NUL-termination */
+ sname_len = MIN(strlen(snames[i]),
+ sizeof(r->out.info[j].info1.share_name));
+ strlcpy((char *)r->out.info[j].info1.share_name,
+ snames[i],
+ sname_len);
+ r->out.info[i].info1.reserved1 = 0;
+ r->out.info[i].info1.share_type = dcesrv_common_get_share_type(mem_ctx, NULL, scfg);
+ r->out.info[i].info1.comment = share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");
+ talloc_free(scfg);
+ j++;
+ }
+ r->out.available = j;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS rap_netserverenum2(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ struct rap_NetServerEnum2 *r)
+{
+ r->out.status = 0;
+ r->out.available = 0;
+ return NT_STATUS_OK;
+}
diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c
new file mode 100644
index 0000000..01e2a5d
--- /dev/null
+++ b/source4/ntvfs/ipc/vfs_ipc.c
@@ -0,0 +1,1356 @@
+/*
+ Unix SMB/CIFS implementation.
+ default IPC$ NTVFS backend
+
+ Copyright (C) Andrew Tridgell 2003
+ Copyright (C) Stefan (metze) Metzmacher 2004-2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ this implements the IPC$ backend, called by the NTVFS subsystem to
+ handle requests on IPC$ shares
+*/
+
+
+#include "includes.h"
+#include "../lib/util/dlinklist.h"
+#include "ntvfs/ntvfs.h"
+#include "../librpc/gen_ndr/rap.h"
+#include "ntvfs/ipc/proto.h"
+#include "../libcli/smb/smb_constants.h"
+#include "param/param.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../libcli/named_pipe_auth/npa_tstream.h"
+#include "auth/auth.h"
+#include "auth/auth_sam_reply.h"
+#include "lib/socket/socket.h"
+#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_krb5.h"
+#include "system/kerberos.h"
+#include "system/gssapi.h"
+#include "system/locale.h"
+#include "system/filesys.h"
+
+#undef strncasecmp
+
+/* this is the private structure used to keep the state of an open
+ ipc$ connection. It needs to keep information about all open
+ pipes */
+struct ipc_private {
+ struct ntvfs_module_context *ntvfs;
+
+ /* a list of open pipes */
+ struct pipe_state {
+ struct pipe_state *next, *prev;
+ struct ipc_private *ipriv;
+ const char *pipe_name;
+ struct ntvfs_handle *handle;
+ struct tstream_context *npipe;
+ uint16_t file_type;
+ uint16_t device_state;
+ uint64_t allocation_size;
+ struct tevent_queue *write_queue;
+ struct tevent_queue *read_queue;
+ } *pipe_list;
+};
+
+
+/*
+ find a open pipe give a file handle
+*/
+static struct pipe_state *pipe_state_find(struct ipc_private *ipriv, struct ntvfs_handle *handle)
+{
+ struct pipe_state *s;
+ void *p;
+
+ p = ntvfs_handle_get_backend_data(handle, ipriv->ntvfs);
+ if (!p) return NULL;
+
+ s = talloc_get_type(p, struct pipe_state);
+ if (!s) return NULL;
+
+ return s;
+}
+
+/*
+ find a open pipe give a wire fnum
+*/
+static struct pipe_state *pipe_state_find_key(struct ipc_private *ipriv, struct ntvfs_request *req, const DATA_BLOB *key)
+{
+ struct ntvfs_handle *h;
+
+ h = ntvfs_handle_search_by_wire_key(ipriv->ntvfs, req, key);
+ if (!h) return NULL;
+
+ return pipe_state_find(ipriv, h);
+}
+
+
+/*
+ connect to a share - always works
+*/
+static NTSTATUS ipc_connect(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req,
+ union smb_tcon* tcon)
+{
+ struct ipc_private *ipriv;
+ const char *sharename;
+
+ switch (tcon->generic.level) {
+ case RAW_TCON_TCON:
+ sharename = tcon->tcon.in.service;
+ break;
+ case RAW_TCON_TCONX:
+ sharename = tcon->tconx.in.path;
+ break;
+ case RAW_TCON_SMB2:
+ sharename = tcon->smb2.in.path;
+ break;
+ default:
+ return NT_STATUS_INVALID_LEVEL;
+ }
+
+ if (strncmp(sharename, "\\\\", 2) == 0) {
+ char *p = strchr(sharename+2, '\\');
+ if (p) {
+ sharename = p + 1;
+ }
+ }
+
+ ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "IPC");
+ NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->fs_type);
+
+ ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "IPC");
+ NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->dev_type);
+
+ if (tcon->generic.level == RAW_TCON_TCONX) {
+ tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
+ tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
+ }
+
+ /* prepare the private state for this connection */
+ ipriv = talloc(ntvfs, struct ipc_private);
+ NT_STATUS_HAVE_NO_MEMORY(ipriv);
+
+ ntvfs->private_data = ipriv;
+
+ ipriv->ntvfs = ntvfs;
+ ipriv->pipe_list = NULL;
+
+ return NT_STATUS_OK;
+}
+
+/*
+ disconnect from a share
+*/
+static NTSTATUS ipc_disconnect(struct ntvfs_module_context *ntvfs)
+{
+ return NT_STATUS_OK;
+}
+
+/*
+ delete a file
+*/
+static NTSTATUS ipc_unlink(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req,
+ union smb_unlink *unl)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ check if a directory exists
+*/
+static NTSTATUS ipc_chkpath(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req,
+ union smb_chkpath *cp)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ return info on a pathname
+*/
+static NTSTATUS ipc_qpathinfo(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_fileinfo *info)
+{
+ switch (info->generic.level) {
+ case RAW_FILEINFO_GENERIC:
+ return NT_STATUS_INVALID_DEVICE_REQUEST;
+ case RAW_FILEINFO_GETATTR:
+ return NT_STATUS_ACCESS_DENIED;
+ default:
+ return ntvfs_map_qpathinfo(ntvfs, req, info);
+ }
+}
+
+/*
+ set info on a pathname
+*/
+static NTSTATUS ipc_setpathinfo(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_setfileinfo *st)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+
+/*
+ destroy a open pipe structure
+*/
+static int ipc_fd_destructor(struct pipe_state *p)
+{
+ DLIST_REMOVE(p->ipriv->pipe_list, p);
+ ntvfs_handle_remove_backend_data(p->handle, p->ipriv->ntvfs);
+ return 0;
+}
+
+struct ipc_open_state {
+ struct ipc_private *ipriv;
+ struct pipe_state *p;
+ struct ntvfs_request *req;
+ union smb_open *oi;
+ struct auth_session_info_transport *session_info_transport;
+};
+
+static void ipc_open_done(struct tevent_req *subreq);
+
+/*
+ check the pipename is valid
+ */
+static NTSTATUS validate_pipename(const char *name)
+{
+ while (*name) {
+ if (!isalnum(*name) && *name != '_') {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ name++;
+ }
+ return NT_STATUS_OK;
+}
+
+/*
+ open a file - used for MSRPC pipes
+*/
+static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_open *oi)
+{
+ NTSTATUS status;
+ struct pipe_state *p;
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct ntvfs_handle *h;
+ struct ipc_open_state *state;
+ struct tevent_req *subreq;
+ const char *fname;
+ const char *directory;
+ const struct tsocket_address *remote_client_addr;
+ const struct tsocket_address *local_server_addr;
+
+ switch (oi->generic.level) {
+ case RAW_OPEN_NTCREATEX:
+ case RAW_OPEN_NTTRANS_CREATE:
+ fname = oi->ntcreatex.in.fname;
+ while (fname[0] == '\\') fname++;
+ break;
+ case RAW_OPEN_OPENX:
+ fname = oi->openx.in.fname;
+ while (fname[0] == '\\') fname++;
+ if (strncasecmp(fname, "PIPE\\", 5) != 0) {
+ return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+ }
+ while (fname[0] == '\\') fname++;
+ break;
+ case RAW_OPEN_SMB2:
+ fname = oi->smb2.in.fname;
+ break;
+ default:
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ directory = talloc_asprintf(req, "%s/np",
+ lpcfg_ncalrpc_dir(ipriv->ntvfs->ctx->lp_ctx));
+ NT_STATUS_HAVE_NO_MEMORY(directory);
+
+ state = talloc(req, struct ipc_open_state);
+ NT_STATUS_HAVE_NO_MEMORY(state);
+
+ status = ntvfs_handle_new(ntvfs, req, &h);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ p = talloc(h, struct pipe_state);
+ NT_STATUS_HAVE_NO_MEMORY(p);
+
+ /* check for valid characters in name */
+ fname = strlower_talloc(p, fname);
+
+ status = validate_pipename(fname);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ p->pipe_name = talloc_asprintf(p, "\\pipe\\%s", fname);
+ NT_STATUS_HAVE_NO_MEMORY(p->pipe_name);
+
+ p->handle = h;
+ p->ipriv = ipriv;
+
+ p->write_queue = tevent_queue_create(p, "ipc_write_queue");
+ NT_STATUS_HAVE_NO_MEMORY(p->write_queue);
+
+ p->read_queue = tevent_queue_create(p, "ipc_read_queue");
+ NT_STATUS_HAVE_NO_MEMORY(p->read_queue);
+
+ state->ipriv = ipriv;
+ state->p = p;
+ state->req = req;
+ state->oi = oi;
+
+ status = auth_session_info_transport_from_session(state,
+ req->session_info,
+ ipriv->ntvfs->ctx->event_ctx,
+ ipriv->ntvfs->ctx->lp_ctx,
+ &state->session_info_transport);
+
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ local_server_addr = ntvfs_get_local_address(ipriv->ntvfs);
+ remote_client_addr = ntvfs_get_remote_address(ipriv->ntvfs);
+
+ subreq = tstream_npa_connect_send(p,
+ ipriv->ntvfs->ctx->event_ctx,
+ directory,
+ fname,
+ NCACN_NP,
+ remote_client_addr,
+ NULL,
+ local_server_addr,
+ NULL,
+ state->session_info_transport);
+ NT_STATUS_HAVE_NO_MEMORY(subreq);
+ tevent_req_set_callback(subreq, ipc_open_done, state);
+
+ req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+ return NT_STATUS_OK;
+}
+
+static void ipc_open_done(struct tevent_req *subreq)
+{
+ struct ipc_open_state *state = tevent_req_callback_data(subreq,
+ struct ipc_open_state);
+ struct ipc_private *ipriv = state->ipriv;
+ struct pipe_state *p = state->p;
+ struct ntvfs_request *req = state->req;
+ union smb_open *oi = state->oi;
+ int ret;
+ int sys_errno;
+ NTSTATUS status;
+
+ ret = tstream_npa_connect_recv(subreq, &sys_errno,
+ p, &p->npipe,
+ &p->file_type,
+ &p->device_state,
+ &p->allocation_size);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ goto reply;
+ }
+
+ DLIST_ADD(ipriv->pipe_list, p);
+ talloc_set_destructor(p, ipc_fd_destructor);
+
+ status = ntvfs_handle_set_backend_data(p->handle, ipriv->ntvfs, p);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto reply;
+ }
+
+ switch (oi->generic.level) {
+ case RAW_OPEN_NTCREATEX:
+ ZERO_STRUCT(oi->ntcreatex.out);
+ oi->ntcreatex.out.file.ntvfs = p->handle;
+ oi->ntcreatex.out.oplock_level = 0;
+ oi->ntcreatex.out.create_action = NTCREATEX_ACTION_EXISTED;
+ oi->ntcreatex.out.create_time = 0;
+ oi->ntcreatex.out.access_time = 0;
+ oi->ntcreatex.out.write_time = 0;
+ oi->ntcreatex.out.change_time = 0;
+ oi->ntcreatex.out.attrib = FILE_ATTRIBUTE_NORMAL;
+ oi->ntcreatex.out.alloc_size = p->allocation_size;
+ oi->ntcreatex.out.size = 0;
+ oi->ntcreatex.out.file_type = p->file_type;
+ oi->ntcreatex.out.ipc_state = p->device_state;
+ oi->ntcreatex.out.is_directory = 0;
+ break;
+ case RAW_OPEN_OPENX:
+ ZERO_STRUCT(oi->openx.out);
+ oi->openx.out.file.ntvfs = p->handle;
+ oi->openx.out.attrib = FILE_ATTRIBUTE_NORMAL;
+ oi->openx.out.write_time = 0;
+ oi->openx.out.size = 0;
+ oi->openx.out.access = 0;
+ oi->openx.out.ftype = p->file_type;
+ oi->openx.out.devstate = p->device_state;
+ oi->openx.out.action = 0;
+ oi->openx.out.unique_fid = 0;
+ oi->openx.out.access_mask = 0;
+ oi->openx.out.unknown = 0;
+ break;
+ case RAW_OPEN_SMB2:
+ ZERO_STRUCT(oi->smb2.out);
+ oi->smb2.out.file.ntvfs = p->handle;
+ oi->smb2.out.oplock_level = oi->smb2.in.oplock_level;
+ oi->smb2.out.create_action = NTCREATEX_ACTION_EXISTED;
+ oi->smb2.out.create_time = 0;
+ oi->smb2.out.access_time = 0;
+ oi->smb2.out.write_time = 0;
+ oi->smb2.out.change_time = 0;
+ oi->smb2.out.alloc_size = p->allocation_size;
+ oi->smb2.out.size = 0;
+ oi->smb2.out.file_attr = FILE_ATTRIBUTE_NORMAL;
+ oi->smb2.out.reserved2 = 0;
+ break;
+ default:
+ break;
+ }
+
+reply:
+ req->async_states->status = status;
+ req->async_states->send_fn(req);
+}
+
+/*
+ create a directory
+*/
+static NTSTATUS ipc_mkdir(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_mkdir *md)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ remove a directory
+*/
+static NTSTATUS ipc_rmdir(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, struct smb_rmdir *rd)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ rename a set of files
+*/
+static NTSTATUS ipc_rename(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_rename *ren)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ copy a set of files
+*/
+static NTSTATUS ipc_copy(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, struct smb_copy *cp)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+struct ipc_readv_next_vector_state {
+ uint8_t *buf;
+ size_t len;
+ off_t ofs;
+ size_t remaining;
+};
+
+static void ipc_readv_next_vector_init(struct ipc_readv_next_vector_state *s,
+ uint8_t *buf, size_t len)
+{
+ ZERO_STRUCTP(s);
+
+ s->buf = buf;
+ s->len = MIN(len, UINT16_MAX);
+}
+
+static int ipc_readv_next_vector(struct tstream_context *stream,
+ void *private_data,
+ TALLOC_CTX *mem_ctx,
+ struct iovec **_vector,
+ size_t *count)
+{
+ struct ipc_readv_next_vector_state *state =
+ (struct ipc_readv_next_vector_state *)private_data;
+ struct iovec *vector;
+ ssize_t pending;
+ size_t wanted;
+
+ if (state->ofs == state->len) {
+ *_vector = NULL;
+ *count = 0;
+ return 0;
+ }
+
+ pending = tstream_pending_bytes(stream);
+ if (pending == -1) {
+ return -1;
+ }
+
+ if (pending == 0 && state->ofs != 0) {
+ /* return a short read */
+ *_vector = NULL;
+ *count = 0;
+ return 0;
+ }
+
+ if (pending == 0) {
+ /* we want at least one byte and recheck again */
+ wanted = 1;
+ } else {
+ size_t missing = state->len - state->ofs;
+ if (pending > missing) {
+ /* there's more available */
+ state->remaining = pending - missing;
+ wanted = missing;
+ } else {
+ /* read what we can get and recheck in the next cycle */
+ wanted = pending;
+ }
+ }
+
+ vector = talloc_array(mem_ctx, struct iovec, 1);
+ if (!vector) {
+ return -1;
+ }
+
+ vector[0].iov_base = (char *) (state->buf + state->ofs);
+ vector[0].iov_len = wanted;
+
+ state->ofs += wanted;
+
+ *_vector = vector;
+ *count = 1;
+ return 0;
+}
+
+struct ipc_read_state {
+ struct ipc_private *ipriv;
+ struct pipe_state *p;
+ struct ntvfs_request *req;
+ union smb_read *rd;
+ struct ipc_readv_next_vector_state next_vector;
+};
+
+static void ipc_read_done(struct tevent_req *subreq);
+
+/*
+ read from a file
+*/
+static NTSTATUS ipc_read(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_read *rd)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p;
+ struct ipc_read_state *state;
+ struct tevent_req *subreq;
+
+ if (rd->generic.level != RAW_READ_GENERIC) {
+ return ntvfs_map_read(ntvfs, req, rd);
+ }
+
+ p = pipe_state_find(ipriv, rd->readx.in.file.ntvfs);
+ if (!p) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ state = talloc(req, struct ipc_read_state);
+ NT_STATUS_HAVE_NO_MEMORY(state);
+
+ state->ipriv = ipriv;
+ state->p = p;
+ state->req = req;
+ state->rd = rd;
+
+ /* rd->readx.out.data is already allocated */
+ ipc_readv_next_vector_init(&state->next_vector,
+ rd->readx.out.data,
+ rd->readx.in.maxcnt);
+
+ subreq = tstream_readv_pdu_queue_send(req,
+ ipriv->ntvfs->ctx->event_ctx,
+ p->npipe,
+ p->read_queue,
+ ipc_readv_next_vector,
+ &state->next_vector);
+ NT_STATUS_HAVE_NO_MEMORY(subreq);
+ tevent_req_set_callback(subreq, ipc_read_done, state);
+
+ req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+ return NT_STATUS_OK;
+}
+
+static void ipc_read_done(struct tevent_req *subreq)
+{
+ struct ipc_read_state *state =
+ tevent_req_callback_data(subreq,
+ struct ipc_read_state);
+ struct ntvfs_request *req = state->req;
+ union smb_read *rd = state->rd;
+ int ret;
+ int sys_errno;
+ NTSTATUS status;
+
+ ret = tstream_readv_pdu_queue_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ goto reply;
+ }
+
+ status = NT_STATUS_OK;
+ if (state->next_vector.remaining > 0) {
+ status = STATUS_BUFFER_OVERFLOW;
+ }
+
+ rd->readx.out.remaining = state->next_vector.remaining;
+ rd->readx.out.compaction_mode = 0;
+ rd->readx.out.nread = ret;
+
+reply:
+ req->async_states->status = status;
+ req->async_states->send_fn(req);
+}
+
+struct ipc_write_state {
+ struct ipc_private *ipriv;
+ struct pipe_state *p;
+ struct ntvfs_request *req;
+ union smb_write *wr;
+ struct iovec iov;
+};
+
+static void ipc_write_done(struct tevent_req *subreq);
+
+/*
+ write to a file
+*/
+static NTSTATUS ipc_write(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_write *wr)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p;
+ struct tevent_req *subreq;
+ struct ipc_write_state *state;
+
+ if (wr->generic.level != RAW_WRITE_GENERIC) {
+ return ntvfs_map_write(ntvfs, req, wr);
+ }
+
+ p = pipe_state_find(ipriv, wr->writex.in.file.ntvfs);
+ if (!p) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ state = talloc(req, struct ipc_write_state);
+ NT_STATUS_HAVE_NO_MEMORY(state);
+
+ state->ipriv = ipriv;
+ state->p = p;
+ state->req = req;
+ state->wr = wr;
+ state->iov.iov_base = discard_const_p(void, wr->writex.in.data);
+ state->iov.iov_len = wr->writex.in.count;
+
+ subreq = tstream_writev_queue_send(state,
+ ipriv->ntvfs->ctx->event_ctx,
+ p->npipe,
+ p->write_queue,
+ &state->iov, 1);
+ NT_STATUS_HAVE_NO_MEMORY(subreq);
+ tevent_req_set_callback(subreq, ipc_write_done, state);
+
+ req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+ return NT_STATUS_OK;
+}
+
+static void ipc_write_done(struct tevent_req *subreq)
+{
+ struct ipc_write_state *state =
+ tevent_req_callback_data(subreq,
+ struct ipc_write_state);
+ struct ntvfs_request *req = state->req;
+ union smb_write *wr = state->wr;
+ int ret;
+ int sys_errno;
+ NTSTATUS status;
+
+ ret = tstream_writev_queue_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ goto reply;
+ }
+
+ status = NT_STATUS_OK;
+
+ wr->writex.out.nwritten = ret;
+ wr->writex.out.remaining = 0;
+
+reply:
+ req->async_states->status = status;
+ req->async_states->send_fn(req);
+}
+
+/*
+ seek in a file
+*/
+static NTSTATUS ipc_seek(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req,
+ union smb_seek *io)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ flush a file
+*/
+static NTSTATUS ipc_flush(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req,
+ union smb_flush *io)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ close a file
+*/
+static NTSTATUS ipc_close(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_close *io)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p;
+
+ if (io->generic.level != RAW_CLOSE_GENERIC) {
+ return ntvfs_map_close(ntvfs, req, io);
+ }
+
+ ZERO_STRUCT(io->generic.out);
+
+ p = pipe_state_find(ipriv, io->generic.in.file.ntvfs);
+ if (!p) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ talloc_free(p);
+
+ return NT_STATUS_OK;
+}
+
+/*
+ exit - closing files
+*/
+static NTSTATUS ipc_exit(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p, *next;
+
+ for (p=ipriv->pipe_list; p; p=next) {
+ next = p->next;
+ if (p->handle->session_info == req->session_info &&
+ p->handle->smbpid == req->smbpid) {
+ talloc_free(p);
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*
+ logoff - closing files open by the user
+*/
+static NTSTATUS ipc_logoff(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p, *next;
+
+ for (p=ipriv->pipe_list; p; p=next) {
+ next = p->next;
+ if (p->handle->session_info == req->session_info) {
+ talloc_free(p);
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*
+ setup for an async call
+*/
+static NTSTATUS ipc_async_setup(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req,
+ void *private_data)
+{
+ return NT_STATUS_OK;
+}
+
+/*
+ cancel an async call
+*/
+static NTSTATUS ipc_cancel(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req)
+{
+ return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*
+ lock a byte range
+*/
+static NTSTATUS ipc_lock(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_lock *lck)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ set info on a open file
+*/
+static NTSTATUS ipc_setfileinfo(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_setfileinfo *info)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ query info on a open file
+*/
+static NTSTATUS ipc_qfileinfo(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_fileinfo *info)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p = pipe_state_find(ipriv, info->generic.in.file.ntvfs);
+ if (!p) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+ switch (info->generic.level) {
+ case RAW_FILEINFO_GENERIC:
+ {
+ ZERO_STRUCT(info->generic.out);
+ info->generic.out.attrib = FILE_ATTRIBUTE_NORMAL;
+ info->generic.out.fname.s = strrchr(p->pipe_name, '\\');
+ info->generic.out.alloc_size = 4096;
+ info->generic.out.nlink = 1;
+ /* What the heck? Match Win2k3: IPC$ pipes are delete pending */
+ info->generic.out.delete_pending = 1;
+ return NT_STATUS_OK;
+ }
+ case RAW_FILEINFO_ALT_NAME_INFO:
+ case RAW_FILEINFO_ALT_NAME_INFORMATION:
+ case RAW_FILEINFO_STREAM_INFO:
+ case RAW_FILEINFO_STREAM_INFORMATION:
+ case RAW_FILEINFO_COMPRESSION_INFO:
+ case RAW_FILEINFO_COMPRESSION_INFORMATION:
+ case RAW_FILEINFO_NETWORK_OPEN_INFORMATION:
+ case RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION:
+ return NT_STATUS_INVALID_PARAMETER;
+ case RAW_FILEINFO_ALL_EAS:
+ return NT_STATUS_ACCESS_DENIED;
+ default:
+ return ntvfs_map_qfileinfo(ntvfs, req, info);
+ }
+}
+
+
+/*
+ return filesystem info
+*/
+static NTSTATUS ipc_fsinfo(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_fsinfo *fs)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ return print queue info
+*/
+static NTSTATUS ipc_lpq(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_lpq *lpq)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ list files in a directory matching a wildcard pattern
+*/
+static NTSTATUS ipc_search_first(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_search_first *io,
+ void *search_private,
+ bool (*callback)(void *, const union smb_search_data *))
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ continue listing files in a directory
+*/
+static NTSTATUS ipc_search_next(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_search_next *io,
+ void *search_private,
+ bool (*callback)(void *, const union smb_search_data *))
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+/*
+ end listing files in a directory
+*/
+static NTSTATUS ipc_search_close(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_search_close *io)
+{
+ return NT_STATUS_ACCESS_DENIED;
+}
+
+struct ipc_trans_state {
+ struct ipc_private *ipriv;
+ struct pipe_state *p;
+ struct ntvfs_request *req;
+ struct smb_trans2 *trans;
+ struct iovec writev_iov;
+ struct ipc_readv_next_vector_state next_vector;
+};
+
+static void ipc_trans_writev_done(struct tevent_req *subreq);
+static void ipc_trans_readv_done(struct tevent_req *subreq);
+
+/* SMBtrans - handle a DCERPC command */
+static NTSTATUS ipc_dcerpc_cmd(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, struct smb_trans2 *trans)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p;
+ DATA_BLOB fnum_key;
+ uint16_t fnum;
+ struct ipc_trans_state *state;
+ struct tevent_req *subreq;
+
+ /*
+ * the fnum is in setup[1], a 16 bit value
+ * the setup[*] values are already in host byteorder
+ * but ntvfs_handle_search_by_wire_key() expects
+ * network byteorder
+ */
+ SSVAL(&fnum, 0, trans->in.setup[1]);
+ fnum_key = data_blob_const(&fnum, 2);
+
+ p = pipe_state_find_key(ipriv, req, &fnum_key);
+ if (!p) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ /*
+ * Trans requests are only allowed
+ * if no other Trans or Read is active
+ */
+ if (tevent_queue_length(p->read_queue) > 0) {
+ return NT_STATUS_PIPE_BUSY;
+ }
+
+ state = talloc(req, struct ipc_trans_state);
+ NT_STATUS_HAVE_NO_MEMORY(state);
+
+ trans->out.setup_count = 0;
+ trans->out.setup = NULL;
+ trans->out.params = data_blob(NULL, 0);
+ trans->out.data = data_blob_talloc(req, NULL, trans->in.max_data);
+ NT_STATUS_HAVE_NO_MEMORY(trans->out.data.data);
+
+ state->ipriv = ipriv;
+ state->p = p;
+ state->req = req;
+ state->trans = trans;
+ state->writev_iov.iov_base = (char *) trans->in.data.data;
+ state->writev_iov.iov_len = trans->in.data.length;
+
+ ipc_readv_next_vector_init(&state->next_vector,
+ trans->out.data.data,
+ trans->out.data.length);
+
+ subreq = tstream_writev_queue_send(state,
+ ipriv->ntvfs->ctx->event_ctx,
+ p->npipe,
+ p->write_queue,
+ &state->writev_iov, 1);
+ NT_STATUS_HAVE_NO_MEMORY(subreq);
+ tevent_req_set_callback(subreq, ipc_trans_writev_done, state);
+
+ req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+ return NT_STATUS_OK;
+}
+
+static void ipc_trans_writev_done(struct tevent_req *subreq)
+{
+ struct ipc_trans_state *state =
+ tevent_req_callback_data(subreq,
+ struct ipc_trans_state);
+ struct ipc_private *ipriv = state->ipriv;
+ struct pipe_state *p = state->p;
+ struct ntvfs_request *req = state->req;
+ int ret;
+ int sys_errno;
+ NTSTATUS status;
+
+ ret = tstream_writev_queue_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (ret == 0) {
+ status = NT_STATUS_PIPE_DISCONNECTED;
+ goto reply;
+ } else if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ goto reply;
+ }
+
+ subreq = tstream_readv_pdu_queue_send(state,
+ ipriv->ntvfs->ctx->event_ctx,
+ p->npipe,
+ p->read_queue,
+ ipc_readv_next_vector,
+ &state->next_vector);
+ if (!subreq) {
+ status = NT_STATUS_NO_MEMORY;
+ goto reply;
+ }
+ tevent_req_set_callback(subreq, ipc_trans_readv_done, state);
+ return;
+
+reply:
+ req->async_states->status = status;
+ req->async_states->send_fn(req);
+}
+
+static void ipc_trans_readv_done(struct tevent_req *subreq)
+{
+ struct ipc_trans_state *state =
+ tevent_req_callback_data(subreq,
+ struct ipc_trans_state);
+ struct ntvfs_request *req = state->req;
+ struct smb_trans2 *trans = state->trans;
+ int ret;
+ int sys_errno;
+ NTSTATUS status;
+
+ ret = tstream_readv_pdu_queue_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ goto reply;
+ }
+
+ status = NT_STATUS_OK;
+ if (state->next_vector.remaining > 0) {
+ status = STATUS_BUFFER_OVERFLOW;
+ }
+
+ trans->out.data.length = ret;
+
+reply:
+ req->async_states->status = status;
+ req->async_states->send_fn(req);
+}
+
+/* SMBtrans - set named pipe state */
+static NTSTATUS ipc_set_nm_pipe_state(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, struct smb_trans2 *trans)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p;
+ DATA_BLOB fnum_key;
+
+ /* the fnum is in setup[1] */
+ fnum_key = data_blob_const(&trans->in.setup[1], sizeof(trans->in.setup[1]));
+
+ p = pipe_state_find_key(ipriv, req, &fnum_key);
+ if (!p) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (trans->in.params.length != 2) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /*
+ * TODO: pass this to the tstream_npa logic
+ */
+ p->device_state = SVAL(trans->in.params.data, 0);
+
+ trans->out.setup_count = 0;
+ trans->out.setup = NULL;
+ trans->out.params = data_blob(NULL, 0);
+ trans->out.data = data_blob(NULL, 0);
+
+ return NT_STATUS_OK;
+}
+
+
+/* SMBtrans - used to provide access to SMB pipes */
+static NTSTATUS ipc_trans(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, struct smb_trans2 *trans)
+{
+ NTSTATUS status;
+
+ if (strequal(trans->in.trans_name, "\\PIPE\\LANMAN"))
+ return ipc_rap_call(req, ntvfs->ctx->event_ctx, ntvfs->ctx->lp_ctx, trans);
+
+ if (trans->in.setup_count != 2) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (trans->in.setup[0]) {
+ case TRANSACT_SETNAMEDPIPEHANDLESTATE:
+ status = ipc_set_nm_pipe_state(ntvfs, req, trans);
+ break;
+ case TRANSACT_DCERPCCMD:
+ status = ipc_dcerpc_cmd(ntvfs, req, trans);
+ break;
+ default:
+ status = NT_STATUS_INVALID_PARAMETER;
+ break;
+ }
+
+ return status;
+}
+
+struct ipc_ioctl_state {
+ struct ipc_private *ipriv;
+ struct pipe_state *p;
+ struct ntvfs_request *req;
+ union smb_ioctl *io;
+ struct iovec writev_iov;
+ struct ipc_readv_next_vector_state next_vector;
+};
+
+static void ipc_ioctl_writev_done(struct tevent_req *subreq);
+static void ipc_ioctl_readv_done(struct tevent_req *subreq);
+
+static NTSTATUS ipc_ioctl_smb2(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_ioctl *io)
+{
+ struct ipc_private *ipriv = talloc_get_type_abort(ntvfs->private_data,
+ struct ipc_private);
+ struct pipe_state *p;
+ struct ipc_ioctl_state *state;
+ struct tevent_req *subreq;
+
+ switch (io->smb2.in.function) {
+ case FSCTL_NAMED_PIPE_READ_WRITE:
+ break;
+
+ default:
+ return NT_STATUS_FS_DRIVER_REQUIRED;
+ }
+
+ p = pipe_state_find(ipriv, io->smb2.in.file.ntvfs);
+ if (!p) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ /*
+ * Trans requests are only allowed
+ * if no other Trans or Read is active
+ */
+ if (tevent_queue_length(p->read_queue) > 0) {
+ return NT_STATUS_PIPE_BUSY;
+ }
+
+ state = talloc(req, struct ipc_ioctl_state);
+ NT_STATUS_HAVE_NO_MEMORY(state);
+
+ io->smb2.out.reserved = 0;
+ io->smb2.out.function = io->smb2.in.function;
+ io->smb2.out.flags = 0;
+ io->smb2.out.reserved2 = 0;
+ io->smb2.out.in = data_blob_null;
+ io->smb2.out.out = data_blob_talloc(req, NULL, io->smb2.in.max_output_response);
+ NT_STATUS_HAVE_NO_MEMORY(io->smb2.out.out.data);
+
+ state->ipriv = ipriv;
+ state->p = p;
+ state->req = req;
+ state->io = io;
+ state->writev_iov.iov_base = (char *) io->smb2.in.out.data;
+ state->writev_iov.iov_len = io->smb2.in.out.length;
+
+ ipc_readv_next_vector_init(&state->next_vector,
+ io->smb2.out.out.data,
+ io->smb2.out.out.length);
+
+ subreq = tstream_writev_queue_send(state,
+ ipriv->ntvfs->ctx->event_ctx,
+ p->npipe,
+ p->write_queue,
+ &state->writev_iov, 1);
+ NT_STATUS_HAVE_NO_MEMORY(subreq);
+ tevent_req_set_callback(subreq, ipc_ioctl_writev_done, state);
+
+ req->async_states->state |= NTVFS_ASYNC_STATE_ASYNC;
+ return NT_STATUS_OK;
+}
+
+static void ipc_ioctl_writev_done(struct tevent_req *subreq)
+{
+ struct ipc_ioctl_state *state =
+ tevent_req_callback_data(subreq,
+ struct ipc_ioctl_state);
+ struct ipc_private *ipriv = state->ipriv;
+ struct pipe_state *p = state->p;
+ struct ntvfs_request *req = state->req;
+ int ret;
+ int sys_errno;
+ NTSTATUS status;
+
+ ret = tstream_writev_queue_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ goto reply;
+ }
+
+ subreq = tstream_readv_pdu_queue_send(state,
+ ipriv->ntvfs->ctx->event_ctx,
+ p->npipe,
+ p->read_queue,
+ ipc_readv_next_vector,
+ &state->next_vector);
+ if (!subreq) {
+ status = NT_STATUS_NO_MEMORY;
+ goto reply;
+ }
+ tevent_req_set_callback(subreq, ipc_ioctl_readv_done, state);
+ return;
+
+reply:
+ req->async_states->status = status;
+ req->async_states->send_fn(req);
+}
+
+static void ipc_ioctl_readv_done(struct tevent_req *subreq)
+{
+ struct ipc_ioctl_state *state =
+ tevent_req_callback_data(subreq,
+ struct ipc_ioctl_state);
+ struct ntvfs_request *req = state->req;
+ union smb_ioctl *io = state->io;
+ int ret;
+ int sys_errno;
+ NTSTATUS status;
+
+ ret = tstream_readv_pdu_queue_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ goto reply;
+ }
+
+ status = NT_STATUS_OK;
+ if (state->next_vector.remaining > 0) {
+ status = STATUS_BUFFER_OVERFLOW;
+ }
+
+ io->smb2.out.out.length = ret;
+
+reply:
+ req->async_states->status = status;
+ req->async_states->send_fn(req);
+}
+
+/*
+ ioctl interface
+*/
+static NTSTATUS ipc_ioctl(struct ntvfs_module_context *ntvfs,
+ struct ntvfs_request *req, union smb_ioctl *io)
+{
+ switch (io->generic.level) {
+ case RAW_IOCTL_SMB2:
+ return ipc_ioctl_smb2(ntvfs, req, io);
+
+ case RAW_IOCTL_SMB2_NO_HANDLE:
+ return NT_STATUS_FS_DRIVER_REQUIRED;
+
+ default:
+ return NT_STATUS_ACCESS_DENIED;
+ }
+}
+
+
+/*
+ initialise the IPC backend, registering ourselves with the ntvfs subsystem
+ */
+NTSTATUS ntvfs_ipc_init(TALLOC_CTX *ctx)
+{
+ NTSTATUS ret;
+ struct ntvfs_ops ops;
+ NTVFS_CURRENT_CRITICAL_SIZES(vers);
+
+ ZERO_STRUCT(ops);
+
+ /* fill in the name and type */
+ ops.name = "default";
+ ops.type = NTVFS_IPC;
+
+ /* fill in all the operations */
+ ops.connect_fn = ipc_connect;
+ ops.disconnect_fn = ipc_disconnect;
+ ops.unlink_fn = ipc_unlink;
+ ops.chkpath_fn = ipc_chkpath;
+ ops.qpathinfo_fn = ipc_qpathinfo;
+ ops.setpathinfo_fn = ipc_setpathinfo;
+ ops.open_fn = ipc_open;
+ ops.mkdir_fn = ipc_mkdir;
+ ops.rmdir_fn = ipc_rmdir;
+ ops.rename_fn = ipc_rename;
+ ops.copy_fn = ipc_copy;
+ ops.ioctl_fn = ipc_ioctl;
+ ops.read_fn = ipc_read;
+ ops.write_fn = ipc_write;
+ ops.seek_fn = ipc_seek;
+ ops.flush_fn = ipc_flush;
+ ops.close_fn = ipc_close;
+ ops.exit_fn = ipc_exit;
+ ops.lock_fn = ipc_lock;
+ ops.setfileinfo_fn = ipc_setfileinfo;
+ ops.qfileinfo_fn = ipc_qfileinfo;
+ ops.fsinfo_fn = ipc_fsinfo;
+ ops.lpq_fn = ipc_lpq;
+ ops.search_first_fn = ipc_search_first;
+ ops.search_next_fn = ipc_search_next;
+ ops.search_close_fn = ipc_search_close;
+ ops.trans_fn = ipc_trans;
+ ops.logoff_fn = ipc_logoff;
+ ops.async_setup_fn = ipc_async_setup;
+ ops.cancel_fn = ipc_cancel;
+
+ /* register ourselves with the NTVFS subsystem. */
+ ret = ntvfs_register(&ops, &vers);
+
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(0,("Failed to register IPC backend!\n"));
+ return ret;
+ }
+
+ return ret;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 07:07:14 +0000