summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-12-01 00:18:29 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:46:53 -0500
commit6615907b94eb2395ddf907e92a543ff0525b9d02 (patch)
treeb95434fb1798f78ac2753cd55e4b2da19ea26fde
parenta9cdc6321ac1aeafae6200afefd12f83c5786868 (diff)
downloadsamba-6615907b94eb2395ddf907e92a543ff0525b9d02.tar.gz
samba-6615907b94eb2395ddf907e92a543ff0525b9d02.tar.bz2
samba-6615907b94eb2395ddf907e92a543ff0525b9d02.zip
r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and that
it only appeared to be like a SMBtrans request as it was being called with function 0x11c017 which is "named pipe read write" I wonder if this means we could do DCE/RPC over SMB using ntioctl calls as well? (This used to be commit f2b8857797328be64b0b85e875ae6d108e2aeaaa)
-rw-r--r--source4/include/ioctl.h3
-rw-r--r--source4/include/structs.h2
-rw-r--r--source4/libcli/smb2/config.mk2
-rw-r--r--source4/libcli/smb2/ioctl.c (renamed from source4/libcli/smb2/trans.c)26
-rw-r--r--source4/libcli/smb2/smb2.h3
-rw-r--r--source4/libcli/smb2/smb2_calls.h8
-rw-r--r--source4/librpc/rpc/dcerpc_smb2.c13
7 files changed, 30 insertions, 27 deletions
diff --git a/source4/include/ioctl.h b/source4/include/ioctl.h
index 1c08a58d76..cd658c121b 100644
--- a/source4/include/ioctl.h
+++ b/source4/include/ioctl.h
@@ -28,3 +28,6 @@
#define FSCTL_FILESYSTEM 0x90000
#define FSCTL_SET_SPARSE (FSCTL_FILESYSTEM | (49<<2))
#define FSCTL_REQUEST_BATCH_OPLOCK (FSCTL_FILESYSTEM | (2<<2))
+
+#define FSCTL_NAMED_PIPE 0x110000
+#define FSCTL_NAMED_PIPE_READ_WRITE (FSCTL_NAMED_PIPE | 0xc017)
diff --git a/source4/include/structs.h b/source4/include/structs.h
index f593be6b84..34127c58ca 100644
--- a/source4/include/structs.h
+++ b/source4/include/structs.h
@@ -356,6 +356,6 @@ struct smb2_setinfo;
struct smb2_read;
struct smb2_write;
struct smb2_find;
-struct smb2_trans;
+struct smb2_ioctl;
struct smb2_flush;
struct smb2_handle;
diff --git a/source4/libcli/smb2/config.mk b/source4/libcli/smb2/config.mk
index fdb28cfa78..a5b7ce2f38 100644
--- a/source4/libcli/smb2/config.mk
+++ b/source4/libcli/smb2/config.mk
@@ -13,7 +13,7 @@ OBJ_FILES = \
read.o \
setinfo.o \
find.o \
- trans.o \
+ ioctl.o \
logoff.o \
tdis.o \
flush.o \
diff --git a/source4/libcli/smb2/trans.c b/source4/libcli/smb2/ioctl.c
index de4ff1d827..26f2bffbc1 100644
--- a/source4/libcli/smb2/trans.c
+++ b/source4/libcli/smb2/ioctl.c
@@ -1,7 +1,7 @@
/*
Unix SMB/CIFS implementation.
- SMB2 client trans call
+ SMB2 client ioctl call
Copyright (C) Andrew Tridgell 2005
@@ -26,19 +26,19 @@
#include "libcli/smb2/smb2_calls.h"
/*
- send a trans request
+ send a ioctl request
*/
-struct smb2_request *smb2_trans_send(struct smb2_tree *tree, struct smb2_trans *io)
+struct smb2_request *smb2_ioctl_send(struct smb2_tree *tree, struct smb2_ioctl *io)
{
NTSTATUS status;
struct smb2_request *req;
- req = smb2_request_init_tree(tree, SMB2_OP_TRANS, 0x38,
+ req = smb2_request_init_tree(tree, SMB2_OP_IOCTL, 0x38,
io->in.in.length+io->in.out.length);
if (req == NULL) return NULL;
SSVAL(req->out.body, 0x02, io->in._pad);
- SIVAL(req->out.body, 0x04, io->in.pipe_flags);
+ SIVAL(req->out.body, 0x04, io->in.function);
smb2_push_handle(req->out.body+0x08, &io->in.handle);
status = smb2_push_o32s32_blob(&req->out, 0x18, io->in.out);
@@ -65,10 +65,10 @@ struct smb2_request *smb2_trans_send(struct smb2_tree *tree, struct smb2_trans *
/*
- recv a trans reply
+ recv a ioctl reply
*/
-NTSTATUS smb2_trans_recv(struct smb2_request *req,
- TALLOC_CTX *mem_ctx, struct smb2_trans *io)
+NTSTATUS smb2_ioctl_recv(struct smb2_request *req,
+ TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
{
NTSTATUS status;
@@ -80,7 +80,7 @@ NTSTATUS smb2_trans_recv(struct smb2_request *req,
SMB2_CHECK_PACKET_RECV(req, 0x30, True);
io->out._pad = SVAL(req->in.body, 0x02);
- io->out.pipe_flags = IVAL(req->in.body, 0x04);
+ io->out.function = IVAL(req->in.body, 0x04);
smb2_pull_handle(req->in.body+0x08, &io->out.handle);
status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x18, &io->out.in);
@@ -102,10 +102,10 @@ NTSTATUS smb2_trans_recv(struct smb2_request *req,
}
/*
- sync trans request
+ sync ioctl request
*/
-NTSTATUS smb2_trans(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, struct smb2_trans *io)
+NTSTATUS smb2_ioctl(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
{
- struct smb2_request *req = smb2_trans_send(tree, io);
- return smb2_trans_recv(req, mem_ctx, io);
+ struct smb2_request *req = smb2_ioctl_send(tree, io);
+ return smb2_ioctl_recv(req, mem_ctx, io);
}
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
index d12725f70f..ceafacf9d4 100644
--- a/source4/libcli/smb2/smb2.h
+++ b/source4/libcli/smb2/smb2.h
@@ -167,7 +167,8 @@ struct smb2_request {
#define SMB2_OP_FLUSH 0x07
#define SMB2_OP_READ 0x08
#define SMB2_OP_WRITE 0x09
-#define SMB2_OP_TRANS 0x0b
+#define SMB2_OP_LOCK 0x0a
+#define SMB2_OP_IOCTL 0x0b
#define SMB2_OP_CANCEL 0x0c
#define SMB2_OP_KEEPALIVE 0x0d
#define SMB2_OP_FIND 0x0e
diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h
index 03f65d947e..08e765ad60 100644
--- a/source4/libcli/smb2/smb2_calls.h
+++ b/source4/libcli/smb2/smb2_calls.h
@@ -316,14 +316,12 @@ struct smb2_find {
} out;
};
-#define SMB2_TRANS_PIPE_FLAGS 0x0011c017 /* what are these? */
-
-struct smb2_trans {
+struct smb2_ioctl {
struct {
/* static body buffer 56 (0x38) bytes */
/* uint16_t buffer_code; 0x39 = 0x38 + 1 */
uint16_t _pad;
- uint32_t pipe_flags;
+ uint32_t function;
struct smb2_handle handle;
/* uint32_t out_ofs; */
/* uint32_t out_size; */
@@ -342,7 +340,7 @@ struct smb2_trans {
/* static body buffer 48 (0x30) bytes */
/* uint16_t buffer_code; 0x31 = 0x30 + 1 */
uint16_t _pad;
- uint32_t pipe_flags;
+ uint32_t function;
struct smb2_handle handle;
/* uint32_t in_ofs; */
/* uint32_t in_size; */
diff --git a/source4/librpc/rpc/dcerpc_smb2.c b/source4/librpc/rpc/dcerpc_smb2.c
index d733ab4713..46e11d4edd 100644
--- a/source4/librpc/rpc/dcerpc_smb2.c
+++ b/source4/librpc/rpc/dcerpc_smb2.c
@@ -26,6 +26,7 @@
#include "libcli/composite/composite.h"
#include "libcli/smb2/smb2.h"
#include "libcli/smb2/smb2_calls.h"
+#include "ioctl.h"
/* transport private information used by SMB2 pipe transport */
struct smb2_private {
@@ -191,9 +192,9 @@ static void smb2_trans_callback(struct smb2_request *req)
struct smb2_trans_state);
struct dcerpc_connection *c = state->c;
NTSTATUS status;
- struct smb2_trans io;
+ struct smb2_ioctl io;
- status = smb2_trans_recv(req, state, &io);
+ status = smb2_ioctl_recv(req, state, &io);
if (NT_STATUS_IS_ERR(status)) {
pipe_dead(c, status);
return;
@@ -213,13 +214,13 @@ static void smb2_trans_callback(struct smb2_request *req)
}
/*
- send a SMBtrans style request
+ send a SMBtrans style request, using a named pipe read_write fsctl
*/
static NTSTATUS smb2_send_trans_request(struct dcerpc_connection *c, DATA_BLOB *blob)
{
struct smb2_private *smb = talloc_get_type(c->transport.private,
struct smb2_private);
- struct smb2_trans io;
+ struct smb2_ioctl io;
struct smb2_trans_state *state;
struct smb2_request *req;
@@ -231,13 +232,13 @@ static NTSTATUS smb2_send_trans_request(struct dcerpc_connection *c, DATA_BLOB *
state->c = c;
ZERO_STRUCT(io);
- io.in.pipe_flags = SMB2_TRANS_PIPE_FLAGS;
+ io.in.function = FSCTL_NAMED_PIPE_READ_WRITE;
io.in.handle = smb->handle;
io.in.max_response_size = 0x1000;
io.in.flags = 1;
io.in.out = *blob;
- req = smb2_trans_send(smb->tree, &io);
+ req = smb2_ioctl_send(smb->tree, &io);
if (req == NULL) {
talloc_free(state);
return NT_STATUS_NO_MEMORY;