root/source3/smbd/pipes.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. open_np_file
  2. reply_open_pipe_and_X
  3. reply_pipe_write
  4. pipe_write_done
  5. reply_pipe_write_and_X
  6. pipe_write_andx_done
  7. reply_pipe_read_and_X
  8. pipe_read_andx_done

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    Pipe SMB reply routines
   4    Copyright (C) Andrew Tridgell 1992-1998
   5    Copyright (C) Luke Kenneth Casson Leighton 1996-1998
   6    Copyright (C) Paul Ashton  1997-1998.
   7    Copyright (C) Jeremy Allison 2005.
   8    
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13    
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18    
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 /*
  23    This file handles reply_ calls on named pipes that the server
  24    makes to handle specific protocols
  25 */
  26 
  27 
  28 #include "includes.h"
  29 
  30 #define PIPE            "\\PIPE\\"
  31 #define PIPELEN         strlen(PIPE)
  32 
  33 #define MAX_PIPE_NAME_LEN       24
  34 
  35 NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
     /* [<][>][^][v][top][bottom][index][help] */
  36                       struct files_struct **pfsp)
  37 {
  38         struct connection_struct *conn = smb_req->conn;
  39         struct files_struct *fsp;
  40         NTSTATUS status;
  41 
  42         status = file_new(smb_req, conn, &fsp);
  43         if (!NT_STATUS_IS_OK(status)) {
  44                 DEBUG(0, ("file_new failed: %s\n", nt_errstr(status)));
  45                 return status;
  46         }
  47 
  48         fsp->conn = conn;
  49         fsp->fh->fd = -1;
  50         fsp->vuid = smb_req->vuid;
  51         fsp->can_lock = false;
  52         fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
  53         string_set(&fsp->fsp_name, name);
  54 
  55         status = np_open(NULL, name, conn->client_address,
  56                          conn->server_info, &fsp->fake_file_handle);
  57         if (!NT_STATUS_IS_OK(status)) {
  58                 DEBUG(10, ("np_open(%s) returned %s\n", name,
  59                            nt_errstr(status)));
  60                 file_free(smb_req, fsp);
  61                 return status;
  62         }
  63 
  64         *pfsp = fsp;
  65 
  66         return NT_STATUS_OK;
  67 }
  68 
  69 /****************************************************************************
  70  Reply to an open and X on a named pipe.
  71  This code is basically stolen from reply_open_and_X with some
  72  wrinkles to handle pipes.
  73 ****************************************************************************/
  74 
  75 void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
  76 {
  77         const char *fname = NULL;
  78         char *pipe_name = NULL;
  79         files_struct *fsp;
  80         TALLOC_CTX *ctx = talloc_tos();
  81         NTSTATUS status;
  82 
  83         /* XXXX we need to handle passed times, sattr and flags */
  84         srvstr_pull_req_talloc(ctx, req, &pipe_name, req->buf, STR_TERMINATE);
  85         if (!pipe_name) {
  86                 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
  87                                 ERRDOS, ERRbadpipe);
  88                 return;
  89         }
  90 
  91         /* If the name doesn't start \PIPE\ then this is directed */
  92         /* at a mailslot or something we really, really don't understand, */
  93         /* not just something we really don't understand. */
  94         if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) {
  95                 reply_doserror(req, ERRSRV, ERRaccess);
  96                 return;
  97         }
  98 
  99         DEBUG(4,("Opening pipe %s.\n", pipe_name));
 100 
 101         /* Strip \PIPE\ off the name. */
 102         fname = pipe_name + PIPELEN;
 103 
 104 #if 0
 105         /*
 106          * Hack for NT printers... JRA.
 107          */
 108         if(should_fail_next_srvsvc_open(fname)) {
 109                 reply_doserror(req, ERRSRV, ERRaccess);
 110                 return;
 111         }
 112 #endif
 113 
 114         status = open_np_file(req, fname, &fsp);
 115         if (!NT_STATUS_IS_OK(status)) {
 116                 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
 117                         reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
 118                                         ERRDOS, ERRbadpipe);
 119                         return;
 120                 }
 121                 reply_nterror(req, status);
 122                 return;
 123         }
 124 
 125         /* Prepare the reply */
 126         reply_outbuf(req, 15, 0);
 127 
 128         /* Mark the opened file as an existing named pipe in message mode. */
 129         SSVAL(req->outbuf,smb_vwv9,2);
 130         SSVAL(req->outbuf,smb_vwv10,0xc700);
 131 
 132         SSVAL(req->outbuf, smb_vwv2, fsp->fnum);
 133         SSVAL(req->outbuf, smb_vwv3, 0);        /* fmode */
 134         srv_put_dos_date3((char *)req->outbuf, smb_vwv4, 0);    /* mtime */
 135         SIVAL(req->outbuf, smb_vwv6, 0);        /* size */
 136         SSVAL(req->outbuf, smb_vwv8, 0);        /* rmode */
 137         SSVAL(req->outbuf, smb_vwv11, 0x0001);
 138 
 139         chain_reply(req);
 140         return;
 141 }
 142 
 143 /****************************************************************************
 144  Reply to a write on a pipe.
 145 ****************************************************************************/
 146 
 147 struct pipe_write_state {
 148         size_t numtowrite;
 149 };
 150 
 151 static void pipe_write_done(struct tevent_req *subreq);
 152 
 153 void reply_pipe_write(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 154 {
 155         files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0));
 156         const uint8_t *data;
 157         struct pipe_write_state *state;
 158         struct tevent_req *subreq;
 159 
 160         if (!fsp_is_np(fsp)) {
 161                 reply_doserror(req, ERRDOS, ERRbadfid);
 162                 return;
 163         }
 164 
 165         if (fsp->vuid != req->vuid) {
 166                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
 167                 return;
 168         }
 169 
 170         state = talloc(req, struct pipe_write_state);
 171         if (state == NULL) {
 172                 reply_nterror(req, NT_STATUS_NO_MEMORY);
 173                 return;
 174         }
 175         req->async_priv = state;
 176 
 177         state->numtowrite = SVAL(req->vwv+1, 0);
 178 
 179         data = req->buf + 3;
 180 
 181         DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", (int)fsp->fnum,
 182                   fsp->fsp_name, (int)state->numtowrite));
 183 
 184         subreq = np_write_send(state, smbd_event_context(),
 185                                fsp->fake_file_handle, data, state->numtowrite);
 186         if (subreq == NULL) {
 187                 TALLOC_FREE(state);
 188                 reply_nterror(req, NT_STATUS_NO_MEMORY);
 189                 return;
 190         }
 191         tevent_req_set_callback(subreq, pipe_write_done,
 192                                 talloc_move(req->conn, &req));
 193 }
 194 
 195 static void pipe_write_done(struct tevent_req *subreq)
     /* [<][>][^][v][top][bottom][index][help] */
 196 {
 197         struct smb_request *req = tevent_req_callback_data(
 198                 subreq, struct smb_request);
 199         struct pipe_write_state *state = talloc_get_type_abort(
 200                 req->async_priv, struct pipe_write_state);
 201         NTSTATUS status;
 202         ssize_t nwritten = -1;
 203 
 204         status = np_write_recv(subreq, &nwritten);
 205         TALLOC_FREE(subreq);
 206         if ((nwritten == 0 && state->numtowrite != 0) || (nwritten < 0)) {
 207                 reply_unixerror(req, ERRDOS, ERRnoaccess);
 208                 goto send;
 209         }
 210 
 211         reply_outbuf(req, 1, 0);
 212 
 213         SSVAL(req->outbuf,smb_vwv0,nwritten);
 214 
 215         DEBUG(3,("write-IPC nwritten=%d\n", (int)nwritten));
 216 
 217  send:
 218         if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf,
 219                           IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
 220                           &req->pcd)) {
 221                 exit_server_cleanly("construct_reply: srv_send_smb failed.");
 222         }
 223         TALLOC_FREE(req);
 224 }
 225 
 226 /****************************************************************************
 227  Reply to a write and X.
 228 
 229  This code is basically stolen from reply_write_and_X with some
 230  wrinkles to handle pipes.
 231 ****************************************************************************/
 232 
 233 struct pipe_write_andx_state {
 234         bool pipe_start_message_raw;
 235         size_t numtowrite;
 236 };
 237 
 238 static void pipe_write_andx_done(struct tevent_req *subreq);
 239 
 240 void reply_pipe_write_and_X(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 241 {
 242         files_struct *fsp = file_fsp(req, SVAL(req->vwv+2, 0));
 243         int smb_doff = SVAL(req->vwv+11, 0);
 244         uint8_t *data;
 245         struct pipe_write_andx_state *state;
 246         struct tevent_req *subreq;
 247 
 248         if (!fsp_is_np(fsp)) {
 249                 reply_doserror(req, ERRDOS, ERRbadfid);
 250                 return;
 251         }
 252 
 253         if (fsp->vuid != req->vuid) {
 254                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
 255                 return;
 256         }
 257 
 258         state = talloc(req, struct pipe_write_andx_state);
 259         if (state == NULL) {
 260                 reply_nterror(req, NT_STATUS_NO_MEMORY);
 261                 return;
 262         }
 263         req->async_priv = state;
 264 
 265         state->numtowrite = SVAL(req->vwv+10, 0);
 266         state->pipe_start_message_raw =
 267                 ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE))
 268                  == (PIPE_START_MESSAGE|PIPE_RAW_MODE));
 269 
 270         DEBUG(6, ("reply_pipe_write_and_X: %x name: %s len: %d\n",
 271                   (int)fsp->fnum, fsp->fsp_name, (int)state->numtowrite));
 272 
 273         data = (uint8_t *)smb_base(req->inbuf) + smb_doff;
 274 
 275         if (state->pipe_start_message_raw) {
 276                 /*
 277                  * For the start of a message in named pipe byte mode,
 278                  * the first two bytes are a length-of-pdu field. Ignore
 279                  * them (we don't trust the client). JRA.
 280                  */
 281                 if (state->numtowrite < 2) {
 282                         DEBUG(0,("reply_pipe_write_and_X: start of message "
 283                                  "set and not enough data sent.(%u)\n",
 284                                  (unsigned int)state->numtowrite ));
 285                         reply_unixerror(req, ERRDOS, ERRnoaccess);
 286                         return;
 287                 }
 288 
 289                 data += 2;
 290                 state->numtowrite -= 2;
 291         }
 292 
 293         subreq = np_write_send(state, smbd_event_context(),
 294                                fsp->fake_file_handle, data, state->numtowrite);
 295         if (subreq == NULL) {
 296                 TALLOC_FREE(state);
 297                 reply_nterror(req, NT_STATUS_NO_MEMORY);
 298                 return;
 299         }
 300         tevent_req_set_callback(subreq, pipe_write_andx_done,
 301                                 talloc_move(req->conn, &req));
 302 }
 303 
 304 static void pipe_write_andx_done(struct tevent_req *subreq)
     /* [<][>][^][v][top][bottom][index][help] */
 305 {
 306         struct smb_request *req = tevent_req_callback_data(
 307                 subreq, struct smb_request);
 308         struct pipe_write_andx_state *state = talloc_get_type_abort(
 309                 req->async_priv, struct pipe_write_andx_state);
 310         NTSTATUS status;
 311         ssize_t nwritten = -1;
 312 
 313         status = np_write_recv(subreq, &nwritten);
 314         TALLOC_FREE(subreq);
 315         if (!NT_STATUS_IS_OK(status) || (nwritten != state->numtowrite)) {
 316                 reply_unixerror(req, ERRDOS,ERRnoaccess);
 317                 goto done;
 318         }
 319 
 320         reply_outbuf(req, 6, 0);
 321 
 322         nwritten = (state->pipe_start_message_raw ? nwritten + 2 : nwritten);
 323         SSVAL(req->outbuf,smb_vwv2,nwritten);
 324 
 325         DEBUG(3,("writeX-IPC nwritten=%d\n", (int)nwritten));
 326 
 327  done:
 328         chain_reply(req);
 329         /*
 330          * We must free here as the ownership of req was
 331          * moved to the connection struct in reply_pipe_write_and_X().
 332          */
 333         TALLOC_FREE(req);
 334 }
 335 
 336 /****************************************************************************
 337  Reply to a read and X.
 338  This code is basically stolen from reply_read_and_X with some
 339  wrinkles to handle pipes.
 340 ****************************************************************************/
 341 
 342 struct pipe_read_andx_state {
 343         uint8_t *outbuf;
 344         int smb_mincnt;
 345         int smb_maxcnt;
 346 };
 347 
 348 static void pipe_read_andx_done(struct tevent_req *subreq);
 349 
 350 void reply_pipe_read_and_X(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 351 {
 352         files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0));
 353         uint8_t *data;
 354         struct pipe_read_andx_state *state;
 355         struct tevent_req *subreq;
 356 
 357         /* we don't use the offset given to use for pipe reads. This
 358            is deliberate, instead we always return the next lump of
 359            data on the pipe */
 360 #if 0
 361         uint32 smb_offs = IVAL(req->vwv+3, 0);
 362 #endif
 363 
 364         if (!fsp_is_np(fsp)) {
 365                 reply_doserror(req, ERRDOS, ERRbadfid);
 366                 return;
 367         }
 368 
 369         if (fsp->vuid != req->vuid) {
 370                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
 371                 return;
 372         }
 373 
 374         state = talloc(req, struct pipe_read_andx_state);
 375         if (state == NULL) {
 376                 reply_nterror(req, NT_STATUS_NO_MEMORY);
 377                 return;
 378         }
 379         req->async_priv = state;
 380 
 381         state->smb_maxcnt = SVAL(req->vwv+5, 0);
 382         state->smb_mincnt = SVAL(req->vwv+6, 0);
 383 
 384         reply_outbuf(req, 12, state->smb_maxcnt);
 385         data = (uint8_t *)smb_buf(req->outbuf);
 386 
 387         /*
 388          * We have to tell the upper layers that we're async.
 389          */
 390         state->outbuf = req->outbuf;
 391         req->outbuf = NULL;
 392 
 393         subreq = np_read_send(state, smbd_event_context(),
 394                               fsp->fake_file_handle, data,
 395                               state->smb_maxcnt);
 396         if (subreq == NULL) {
 397                 reply_nterror(req, NT_STATUS_NO_MEMORY);
 398                 return;
 399         }
 400         tevent_req_set_callback(subreq, pipe_read_andx_done,
 401                                 talloc_move(req->conn, &req));
 402 }
 403 
 404 static void pipe_read_andx_done(struct tevent_req *subreq)
     /* [<][>][^][v][top][bottom][index][help] */
 405 {
 406         struct smb_request *req = tevent_req_callback_data(
 407                 subreq, struct smb_request);
 408         struct pipe_read_andx_state *state = talloc_get_type_abort(
 409                 req->async_priv, struct pipe_read_andx_state);
 410         NTSTATUS status;
 411         ssize_t nread;
 412         bool is_data_outstanding;
 413 
 414         status = np_read_recv(subreq, &nread, &is_data_outstanding);
 415         TALLOC_FREE(subreq);
 416         if (!NT_STATUS_IS_OK(status)) {
 417                 reply_nterror(req, status);
 418                 goto done;
 419         }
 420 
 421         req->outbuf = state->outbuf;
 422         state->outbuf = NULL;
 423 
 424         srv_set_message((char *)req->outbuf, 12, nread, False);
 425   
 426         SSVAL(req->outbuf,smb_vwv5,nread);
 427         SSVAL(req->outbuf,smb_vwv6,
 428               req_wct_ofs(req)
 429               + 1               /* the wct field */
 430               + 12 * sizeof(uint16_t) /* vwv */
 431               + 2);             /* the buflen field */
 432         SSVAL(req->outbuf,smb_vwv11,state->smb_maxcnt);
 433   
 434         DEBUG(3,("readX-IPC min=%d max=%d nread=%d\n",
 435                  state->smb_mincnt, state->smb_maxcnt, (int)nread));
 436 
 437  done:
 438         chain_reply(req);
 439         /*
 440          * We must free here as the ownership of req was
 441          * moved to the connection struct in reply_pipe_read_and_X().
 442          */
 443         TALLOC_FREE(req);
 444 }

/* [<][>][^][v][top][bottom][index][help] */