root/source4/smb_server/smb2/receive.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. smb2srv_setup_bufinfo
  2. smb2srv_request_destructor
  3. smb2srv_request_deny_destructor
  4. smb2srv_init_request
  5. smb2srv_setup_reply
  6. smb2srv_chain_reply
  7. smb2srv_send_reply
  8. smb2srv_send_error
  9. smb2srv_reply
  10. smbsrv_recv_smb2_request
  11. smb2srv_init_pending
  12. smb2srv_queue_pending
  13. smb2srv_cancel_recv
  14. smbsrv_init_smb2_connection

   1 /* 
   2    Unix SMB2 implementation.
   3    
   4    Copyright (C) Andrew Tridgell        2005
   5    Copyright (C) Stefan Metzmacher      2005
   6    
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11    
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16    
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 
  21 #include "includes.h"
  22 #include "system/time.h"
  23 #include "libcli/smb2/smb2.h"
  24 #include "libcli/smb2/smb2_calls.h"
  25 #include "smb_server/smb_server.h"
  26 #include "smb_server/service_smb_proto.h"
  27 #include "smb_server/smb2/smb2_server.h"
  28 #include "smbd/service_stream.h"
  29 #include "lib/stream/packet.h"
  30 #include "ntvfs/ntvfs.h"
  31 #include "param/param.h"
  32 #include "auth/gensec/gensec.h"
  33 #include "auth/auth.h"
  34 
  35 
  36 /* fill in the bufinfo */
  37 void smb2srv_setup_bufinfo(struct smb2srv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
  38 {
  39         req->in.bufinfo.mem_ctx    = req;
  40         req->in.bufinfo.flags      = BUFINFO_FLAG_UNICODE | BUFINFO_FLAG_SMB2;
  41         req->in.bufinfo.align_base = req->in.buffer;
  42         if (req->in.dynamic) {
  43                 req->in.bufinfo.data       = req->in.dynamic;
  44                 req->in.bufinfo.data_size  = req->in.body_size - req->in.body_fixed;
  45         } else {
  46                 req->in.bufinfo.data       = NULL;
  47                 req->in.bufinfo.data_size  = 0;
  48         }
  49 }
  50 
  51 static int smb2srv_request_destructor(struct smb2srv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
  52 {
  53         DLIST_REMOVE(req->smb_conn->requests2.list, req);
  54         if (req->pending_id) {
  55                 idr_remove(req->smb_conn->requests2.idtree_req, req->pending_id);
  56         }
  57         return 0;
  58 }
  59 
  60 static int smb2srv_request_deny_destructor(struct smb2srv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
  61 {
  62         return -1;
  63 }
  64 
  65 struct smb2srv_request *smb2srv_init_request(struct smbsrv_connection *smb_conn)
     /* [<][>][^][v][top][bottom][index][help] */
  66 {
  67         struct smb2srv_request *req;
  68 
  69         req = talloc_zero(smb_conn, struct smb2srv_request);
  70         if (!req) return NULL;
  71 
  72         req->smb_conn = smb_conn;
  73 
  74         talloc_set_destructor(req, smb2srv_request_destructor);
  75 
  76         return req;
  77 }
  78 
  79 NTSTATUS smb2srv_setup_reply(struct smb2srv_request *req, uint16_t body_fixed_size,
     /* [<][>][^][v][top][bottom][index][help] */
  80                              bool body_dynamic_present, uint32_t body_dynamic_size)
  81 {
  82         uint32_t flags = SMB2_HDR_FLAG_REDIRECT;
  83         uint32_t pid = IVAL(req->in.hdr, SMB2_HDR_PID);
  84         uint32_t tid = IVAL(req->in.hdr, SMB2_HDR_TID);
  85 
  86         if (req->pending_id) {
  87                 flags |= SMB2_HDR_FLAG_ASYNC;
  88                 pid = req->pending_id;
  89                 tid = 0;
  90         }
  91 
  92         if (body_dynamic_present) {
  93                 if (body_dynamic_size == 0) {
  94                         body_dynamic_size = 1;
  95                 }
  96         } else {
  97                 body_dynamic_size = 0;
  98         }
  99 
 100         req->out.size           = SMB2_HDR_BODY+NBT_HDR_SIZE+body_fixed_size;
 101 
 102         req->out.allocated      = req->out.size + body_dynamic_size;
 103         req->out.buffer         = talloc_array(req, uint8_t, 
 104                                                req->out.allocated);
 105         NT_STATUS_HAVE_NO_MEMORY(req->out.buffer);
 106 
 107         req->out.hdr            = req->out.buffer       + NBT_HDR_SIZE;
 108         req->out.body           = req->out.hdr          + SMB2_HDR_BODY;
 109         req->out.body_fixed     = body_fixed_size;
 110         req->out.body_size      = body_fixed_size;
 111         req->out.dynamic        = (body_dynamic_size ? req->out.body + body_fixed_size : NULL);
 112 
 113         SIVAL(req->out.hdr, 0,                          SMB2_MAGIC);
 114         SSVAL(req->out.hdr, SMB2_HDR_LENGTH,            SMB2_HDR_BODY);
 115         SSVAL(req->out.hdr, SMB2_HDR_EPOCH,             0);
 116         SIVAL(req->out.hdr, SMB2_HDR_STATUS,            NT_STATUS_V(req->status));
 117         SSVAL(req->out.hdr, SMB2_HDR_OPCODE,            SVAL(req->in.hdr, SMB2_HDR_OPCODE));
 118         SSVAL(req->out.hdr, SMB2_HDR_CREDIT,            0x0001);
 119         SIVAL(req->out.hdr, SMB2_HDR_FLAGS,             flags);
 120         SIVAL(req->out.hdr, SMB2_HDR_NEXT_COMMAND,      0);
 121         SBVAL(req->out.hdr, SMB2_HDR_MESSAGE_ID,        req->seqnum);
 122         SIVAL(req->out.hdr, SMB2_HDR_PID,               pid);
 123         SIVAL(req->out.hdr, SMB2_HDR_TID,               tid);
 124         SBVAL(req->out.hdr, SMB2_HDR_SESSION_ID,        BVAL(req->in.hdr, SMB2_HDR_SESSION_ID));
 125         memset(req->out.hdr+SMB2_HDR_SIGNATURE, 0, 16);
 126 
 127         /* set the length of the fixed body part and +1 if there's a dynamic part also */
 128         SSVAL(req->out.body, 0, body_fixed_size + (body_dynamic_size?1:0));
 129 
 130         /* 
 131          * if we have a dynamic part, make sure the first byte
 132          * which is always be part of the packet is initialized
 133          */
 134         if (body_dynamic_size) {
 135                 req->out.size += 1;
 136                 SCVAL(req->out.dynamic, 0, 0);
 137         }
 138 
 139         return NT_STATUS_OK;
 140 }
 141 
 142 static NTSTATUS smb2srv_reply(struct smb2srv_request *req);
 143 
 144 static void smb2srv_chain_reply(struct smb2srv_request *p_req)
     /* [<][>][^][v][top][bottom][index][help] */
 145 {
 146         NTSTATUS status;
 147         struct smb2srv_request *req;
 148         uint32_t chain_offset;
 149         uint32_t protocol_version;
 150         uint16_t buffer_code;
 151         uint32_t dynamic_size;
 152 
 153         chain_offset = p_req->chain_offset;
 154         p_req->chain_offset = 0;
 155 
 156         if (p_req->in.size < (NBT_HDR_SIZE + chain_offset + SMB2_MIN_SIZE_NO_BODY)) {
 157                 DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X\n",
 158                         chain_offset));
 159                 smbsrv_terminate_connection(p_req->smb_conn, "Invalid SMB2 chained packet");
 160                 return;
 161         }
 162 
 163         protocol_version = IVAL(p_req->in.buffer, NBT_HDR_SIZE + chain_offset);
 164         if (protocol_version != SMB2_MAGIC) {
 165                 DEBUG(2,("Invalid SMB chained packet: protocol prefix: 0x%08X\n",
 166                          protocol_version));
 167                 smbsrv_terminate_connection(p_req->smb_conn, "NON-SMB2 chained packet");
 168                 return;
 169         }
 170 
 171         req = smb2srv_init_request(p_req->smb_conn);
 172         if (!req) {
 173                 smbsrv_terminate_connection(p_req->smb_conn, "SMB2 chained packet - no memory");
 174                 return;
 175         }
 176 
 177         req->in.buffer          = talloc_steal(req, p_req->in.buffer);
 178         req->in.size            = p_req->in.size;
 179         req->request_time       = p_req->request_time;
 180         req->in.allocated       = req->in.size;
 181 
 182         req->in.hdr             = req->in.buffer+ NBT_HDR_SIZE + chain_offset;
 183         req->in.body            = req->in.hdr   + SMB2_HDR_BODY;
 184         req->in.body_size       = req->in.size  - (NBT_HDR_SIZE+ chain_offset + SMB2_HDR_BODY);
 185         req->in.dynamic         = NULL;
 186 
 187         req->seqnum             = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
 188 
 189         if (req->in.body_size < 2) {
 190                 /* error handling for this is different for negprot to 
 191                    other packet types */
 192                 uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
 193                 if (opcode == SMB2_OP_NEGPROT) {
 194                         smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");                    
 195                 } else {
 196                         smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
 197                 }
 198         }
 199 
 200         buffer_code             = SVAL(req->in.body, 0);
 201         req->in.body_fixed      = (buffer_code & ~1);
 202         dynamic_size            = req->in.body_size - req->in.body_fixed;
 203 
 204         if (dynamic_size != 0 && (buffer_code & 1)) {
 205                 req->in.dynamic = req->in.body + req->in.body_fixed;
 206                 if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
 207                         DEBUG(1,("SMB2 chained request invalid dynamic size 0x%x\n", 
 208                                  dynamic_size));
 209                         smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
 210                         return;
 211                 }
 212         }
 213 
 214         smb2srv_setup_bufinfo(req);
 215 
 216         if (p_req->chained_file_handle) {
 217                 memcpy(req->_chained_file_handle,
 218                        p_req->_chained_file_handle,
 219                        sizeof(req->_chained_file_handle));
 220                 req->chained_file_handle = req->_chained_file_handle;
 221         }
 222 
 223         /* 
 224          * TODO: - make sure the length field is 64
 225          *       - make sure it's a request
 226          */
 227 
 228         status = smb2srv_reply(req);
 229         if (!NT_STATUS_IS_OK(status)) {
 230                 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
 231                 talloc_free(req);
 232                 return;
 233         }
 234 }
 235 
 236 void smb2srv_send_reply(struct smb2srv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 237 {
 238         DATA_BLOB blob;
 239         NTSTATUS status;
 240 
 241         if (req->smb_conn->connection->event.fde == NULL) {
 242                 /* the socket has been destroyed - no point trying to send a reply! */
 243                 talloc_free(req);
 244                 return;
 245         }
 246 
 247         if (req->out.size > NBT_HDR_SIZE) {
 248                 _smb2_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE);
 249         }
 250 
 251         /* if signing is active on the session then sign the packet */
 252         if (req->is_signed) {
 253                 status = smb2_sign_message(&req->out, 
 254                                            req->session->session_info->session_key);
 255                 if (!NT_STATUS_IS_OK(status)) {
 256                         smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
 257                         return;
 258                 }               
 259         }
 260 
 261 
 262         blob = data_blob_const(req->out.buffer, req->out.size);
 263         status = packet_send(req->smb_conn->packet, blob);
 264         if (!NT_STATUS_IS_OK(status)) {
 265                 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
 266         }
 267         if (req->chain_offset) {
 268                 smb2srv_chain_reply(req);
 269                 return;
 270         }
 271         talloc_free(req);
 272 }
 273 
 274 void smb2srv_send_error(struct smb2srv_request *req, NTSTATUS error)
     /* [<][>][^][v][top][bottom][index][help] */
 275 {
 276         NTSTATUS status;
 277 
 278         if (req->smb_conn->connection->event.fde == NULL) {
 279                 /* the socket has been destroyed - no point trying to send an error! */
 280                 talloc_free(req);
 281                 return;
 282         }
 283 
 284         status = smb2srv_setup_reply(req, 8, true, 0);
 285         if (!NT_STATUS_IS_OK(status)) {
 286                 smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
 287                 talloc_free(req);
 288                 return;
 289         }
 290 
 291         SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(error));
 292 
 293         SSVAL(req->out.body, 0x02, 0);
 294         SIVAL(req->out.body, 0x04, 0);
 295 
 296         smb2srv_send_reply(req);
 297 }
 298 
 299 static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 300 {
 301         uint16_t opcode;
 302         uint32_t tid;
 303         uint64_t uid;
 304         uint32_t flags;
 305 
 306         if (SVAL(req->in.hdr, SMB2_HDR_LENGTH) != SMB2_HDR_BODY) {
 307                 smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 header length");
 308                 return NT_STATUS_INVALID_PARAMETER;
 309         }
 310         opcode                  = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
 311         req->chain_offset       = IVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND);
 312         req->seqnum             = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
 313         tid                     = IVAL(req->in.hdr, SMB2_HDR_TID);
 314         uid                     = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID);
 315         flags                   = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
 316 
 317         if (req->smb_conn->highest_smb2_seqnum != 0 &&
 318             req->seqnum <= req->smb_conn->highest_smb2_seqnum) {
 319                 smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 sequence number");
 320                 return NT_STATUS_INVALID_PARAMETER;
 321         }
 322         req->smb_conn->highest_smb2_seqnum = req->seqnum;
 323         
 324         req->session    = smbsrv_session_find(req->smb_conn, uid, req->request_time);
 325         req->tcon       = smbsrv_smb2_tcon_find(req->session, tid, req->request_time);
 326 
 327         errno = 0;
 328 
 329         /* supporting signing is mandatory in SMB2, and is per-packet. So we 
 330            should check the signature on any incoming packet that is signed, and 
 331            should give a signed reply to any signed request */
 332         if (flags & SMB2_HDR_FLAG_SIGNED) {
 333                 NTSTATUS status;
 334 
 335                 if (!req->session) goto nosession;
 336 
 337                 req->is_signed = true;
 338                 status = smb2_check_signature(&req->in, 
 339                                               req->session->session_info->session_key);
 340                 if (!NT_STATUS_IS_OK(status)) {
 341                         smb2srv_send_error(req, status);
 342                         return NT_STATUS_OK;                    
 343                 }
 344         } else if (req->session && req->session->smb2_signing.active) {
 345                 /* we require signing and this request was not signed */
 346                 smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);
 347                 return NT_STATUS_OK;                                    
 348         }
 349 
 350         /* TODO: check the seqnum */
 351 
 352         switch (opcode) {
 353         case SMB2_OP_NEGPROT:
 354                 smb2srv_negprot_recv(req);
 355                 return NT_STATUS_OK;
 356         case SMB2_OP_SESSSETUP:
 357                 smb2srv_sesssetup_recv(req);
 358                 return NT_STATUS_OK;
 359         case SMB2_OP_LOGOFF:
 360                 if (!req->session) goto nosession;
 361                 smb2srv_logoff_recv(req);
 362                 return NT_STATUS_OK;
 363         case SMB2_OP_TCON:
 364                 if (!req->session) goto nosession;
 365                 smb2srv_tcon_recv(req);
 366                 return NT_STATUS_OK;
 367         case SMB2_OP_TDIS:
 368                 if (!req->session) goto nosession;
 369                 if (!req->tcon) goto notcon;
 370                 smb2srv_tdis_recv(req);
 371                 return NT_STATUS_OK;
 372         case SMB2_OP_CREATE:
 373                 if (!req->session) goto nosession;
 374                 if (!req->tcon) goto notcon;
 375                 smb2srv_create_recv(req);
 376                 return NT_STATUS_OK;
 377         case SMB2_OP_CLOSE:
 378                 if (!req->session) goto nosession;
 379                 if (!req->tcon) goto notcon;
 380                 smb2srv_close_recv(req);
 381                 return NT_STATUS_OK;
 382         case SMB2_OP_FLUSH:
 383                 if (!req->session) goto nosession;
 384                 if (!req->tcon) goto notcon;
 385                 smb2srv_flush_recv(req);
 386                 return NT_STATUS_OK;
 387         case SMB2_OP_READ:
 388                 if (!req->session) goto nosession;
 389                 if (!req->tcon) goto notcon;
 390                 smb2srv_read_recv(req);
 391                 return NT_STATUS_OK;
 392         case SMB2_OP_WRITE:
 393                 if (!req->session) goto nosession;
 394                 if (!req->tcon) goto notcon;
 395                 smb2srv_write_recv(req);
 396                 return NT_STATUS_OK;
 397         case SMB2_OP_LOCK:
 398                 if (!req->session) goto nosession;
 399                 if (!req->tcon) goto notcon;
 400                 smb2srv_lock_recv(req);
 401                 return NT_STATUS_OK;
 402         case SMB2_OP_IOCTL:
 403                 if (!req->session) goto nosession;
 404                 if (!req->tcon) goto notcon;
 405                 smb2srv_ioctl_recv(req);
 406                 return NT_STATUS_OK;
 407         case SMB2_OP_CANCEL:
 408                 smb2srv_cancel_recv(req);
 409                 return NT_STATUS_OK;
 410         case SMB2_OP_KEEPALIVE:
 411                 smb2srv_keepalive_recv(req);
 412                 return NT_STATUS_OK;
 413         case SMB2_OP_FIND:
 414                 if (!req->session) goto nosession;
 415                 if (!req->tcon) goto notcon;
 416                 smb2srv_find_recv(req);
 417                 return NT_STATUS_OK;
 418         case SMB2_OP_NOTIFY:
 419                 if (!req->session) goto nosession;
 420                 if (!req->tcon) goto notcon;
 421                 smb2srv_notify_recv(req);
 422                 return NT_STATUS_OK;
 423         case SMB2_OP_GETINFO:
 424                 if (!req->session) goto nosession;
 425                 if (!req->tcon) goto notcon;
 426                 smb2srv_getinfo_recv(req);
 427                 return NT_STATUS_OK;
 428         case SMB2_OP_SETINFO:
 429                 if (!req->session) goto nosession;
 430                 if (!req->tcon) goto notcon;
 431                 smb2srv_setinfo_recv(req);
 432                 return NT_STATUS_OK;
 433         case SMB2_OP_BREAK:
 434                 if (!req->session) goto nosession;
 435                 if (!req->tcon) goto notcon;
 436                 smb2srv_break_recv(req);
 437                 return NT_STATUS_OK;
 438         }
 439 
 440         DEBUG(1,("Invalid SMB2 opcode: 0x%04X\n", opcode));
 441         smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 opcode");
 442         return NT_STATUS_OK;
 443 
 444 nosession:
 445         smb2srv_send_error(req, NT_STATUS_USER_SESSION_DELETED);
 446         return NT_STATUS_OK;
 447 notcon:
 448         smb2srv_send_error(req, NT_STATUS_NETWORK_NAME_DELETED);
 449         return NT_STATUS_OK;
 450 }
 451 
 452 NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
     /* [<][>][^][v][top][bottom][index][help] */
 453 {
 454         struct smbsrv_connection *smb_conn = talloc_get_type(private_data, struct smbsrv_connection);
 455         struct smb2srv_request *req;
 456         struct timeval cur_time = timeval_current();
 457         uint32_t protocol_version;
 458         uint16_t buffer_code;
 459         uint32_t dynamic_size;
 460 
 461         smb_conn->statistics.last_request_time = cur_time;
 462 
 463         /* see if its a special NBT packet */
 464         if (CVAL(blob.data,0) != 0) {
 465                 DEBUG(2,("Special NBT packet on SMB2 connection"));
 466                 smbsrv_terminate_connection(smb_conn, "Special NBT packet on SMB2 connection");
 467                 return NT_STATUS_OK;
 468         }
 469 
 470         if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE_NO_BODY)) {
 471                 DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob.length));
 472                 smbsrv_terminate_connection(smb_conn, "Invalid SMB2 packet");
 473                 return NT_STATUS_OK;
 474         }
 475 
 476         protocol_version = IVAL(blob.data, NBT_HDR_SIZE);
 477         if (protocol_version != SMB2_MAGIC) {
 478                 DEBUG(2,("Invalid SMB packet: protocol prefix: 0x%08X\n",
 479                          protocol_version));
 480                 smbsrv_terminate_connection(smb_conn, "NON-SMB2 packet");
 481                 return NT_STATUS_OK;
 482         }
 483 
 484         req = smb2srv_init_request(smb_conn);
 485         NT_STATUS_HAVE_NO_MEMORY(req);
 486 
 487         req->in.buffer          = talloc_steal(req, blob.data);
 488         req->in.size            = blob.length;
 489         req->request_time       = cur_time;
 490         req->in.allocated       = req->in.size;
 491 
 492         req->in.hdr             = req->in.buffer+ NBT_HDR_SIZE;
 493         req->in.body            = req->in.hdr   + SMB2_HDR_BODY;
 494         req->in.body_size       = req->in.size  - (SMB2_HDR_BODY+NBT_HDR_SIZE);
 495         req->in.dynamic         = NULL;
 496 
 497         req->seqnum             = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
 498 
 499         if (req->in.body_size < 2) {
 500                 /* error handling for this is different for negprot to 
 501                    other packet types */
 502                 uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
 503                 if (opcode == SMB2_OP_NEGPROT) {
 504                         smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");                    
 505                 } else {
 506                         smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
 507                 }
 508         }
 509 
 510         buffer_code             = SVAL(req->in.body, 0);
 511         req->in.body_fixed      = (buffer_code & ~1);
 512         dynamic_size            = req->in.body_size - req->in.body_fixed;
 513 
 514         if (dynamic_size != 0 && (buffer_code & 1)) {
 515                 req->in.dynamic = req->in.body + req->in.body_fixed;
 516                 if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
 517                         DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n", 
 518                                  dynamic_size));
 519                         smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
 520                         return NT_STATUS_OK;
 521                 }
 522         }
 523 
 524         smb2srv_setup_bufinfo(req);
 525 
 526         /* 
 527          * TODO: - make sure the length field is 64
 528          *       - make sure it's a request
 529          */
 530 
 531         return smb2srv_reply(req);
 532 }
 533 
 534 static NTSTATUS smb2srv_init_pending(struct smbsrv_connection *smb_conn)
     /* [<][>][^][v][top][bottom][index][help] */
 535 {
 536         smb_conn->requests2.idtree_req = idr_init(smb_conn);
 537         NT_STATUS_HAVE_NO_MEMORY(smb_conn->requests2.idtree_req);
 538         smb_conn->requests2.idtree_limit        = 0x00FFFFFF & (UINT32_MAX - 1);
 539         smb_conn->requests2.list                = NULL;
 540 
 541         return NT_STATUS_OK;
 542 }
 543 
 544 NTSTATUS smb2srv_queue_pending(struct smb2srv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 545 {
 546         NTSTATUS status;
 547         bool signing_used = false;
 548         int id;
 549 
 550         if (req->pending_id) {
 551                 return NT_STATUS_INTERNAL_ERROR;
 552         }
 553 
 554         id = idr_get_new_above(req->smb_conn->requests2.idtree_req, req, 
 555                                1, req->smb_conn->requests2.idtree_limit);
 556         if (id == -1) {
 557                 return NT_STATUS_INSUFFICIENT_RESOURCES;
 558         }
 559 
 560         DLIST_ADD_END(req->smb_conn->requests2.list, req, struct smb2srv_request *);
 561         req->pending_id = id;
 562 
 563         if (req->smb_conn->connection->event.fde == NULL) {
 564                 /* the socket has been destroyed - no point trying to send an error! */
 565                 return NT_STATUS_REMOTE_DISCONNECT;
 566         }
 567 
 568         talloc_set_destructor(req, smb2srv_request_deny_destructor);
 569 
 570         status = smb2srv_setup_reply(req, 8, true, 0);
 571         if (!NT_STATUS_IS_OK(status)) {
 572                 return status;
 573         }
 574 
 575         SIVAL(req->out.hdr, SMB2_HDR_STATUS, NT_STATUS_V(STATUS_PENDING));
 576 
 577         SSVAL(req->out.body, 0x02, 0);
 578         SIVAL(req->out.body, 0x04, 0);
 579 
 580         /* if the real reply will be signed set the signed flags, but don't sign */
 581         if (req->is_signed) {
 582                 SIVAL(req->out.hdr, SMB2_HDR_FLAGS, IVAL(req->out.hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED);
 583                 signing_used = req->is_signed;
 584                 req->is_signed = false;
 585         }
 586 
 587         smb2srv_send_reply(req);
 588 
 589         req->is_signed = signing_used;
 590 
 591         talloc_set_destructor(req, smb2srv_request_destructor);
 592         return NT_STATUS_OK;
 593 }
 594 
 595 void smb2srv_cancel_recv(struct smb2srv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 596 {
 597         uint32_t pending_id;
 598         uint32_t flags;
 599         void *p;
 600         struct smb2srv_request *r;
 601 
 602         if (!req->session) goto done;
 603 
 604         flags           = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
 605         pending_id      = IVAL(req->in.hdr, SMB2_HDR_PID);
 606 
 607         if (!(flags & SMB2_HDR_FLAG_ASYNC)) {
 608                 /* TODO: what to do here? */
 609                 goto done;
 610         }
 611  
 612         p = idr_find(req->smb_conn->requests2.idtree_req, pending_id);
 613         if (!p) goto done;
 614 
 615         r = talloc_get_type(p, struct smb2srv_request);
 616         if (!r) goto done;
 617 
 618         if (!r->ntvfs) goto done;
 619 
 620         ntvfs_cancel(r->ntvfs);
 621 
 622 done:
 623         /* we never generate a reply for a SMB2 Cancel */
 624         talloc_free(req);
 625 }
 626 
 627 /*
 628  * init the SMB2 protocol related stuff
 629  */
 630 NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
     /* [<][>][^][v][top][bottom][index][help] */
 631 {
 632         NTSTATUS status;
 633 
 634         /* now initialise a few default values associated with this smb socket */
 635         smb_conn->negotiate.max_send = 0xFFFF;
 636 
 637         /* this is the size that w2k uses, and it appears to be important for
 638            good performance */
 639         smb_conn->negotiate.max_recv = lp_max_xmit(smb_conn->lp_ctx);
 640 
 641         smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
 642 
 643         smb_conn->config.security = SEC_USER;
 644         smb_conn->config.nt_status_support = true;
 645 
 646         status = smbsrv_init_sessions(smb_conn, UINT64_MAX);
 647         NT_STATUS_NOT_OK_RETURN(status);
 648 
 649         status = smb2srv_init_pending(smb_conn);
 650         NT_STATUS_NOT_OK_RETURN(status);
 651 
 652         return NT_STATUS_OK;
 653         
 654 }

/* [<][>][^][v][top][bottom][index][help] */