r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and that

it only appeared to be like a SMBtrans request as it was being called
with function 0x11c017 which is "named pipe read write"

I wonder if this means we could do DCE/RPC over SMB using ntioctl
calls as well?
(This used to be commit f2b8857797328be64b0b85e875ae6d108e2aeaaa)

1 files changed, 111 insertions, 0 deletions

diff --git a/source4/libcli/smb2/ioctl.c b/source4/libcli/smb2/ioctl.c
new file mode 100644
index 0000000000..26f2bffbc1
--- /dev/null
+++ b/source4/libcli/smb2/ioctl.c
@@ -0,0 +1,111 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client ioctl call
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a ioctl request
+*/
+struct smb2_request *smb2_ioctl_send(struct smb2_tree *tree, struct smb2_ioctl *io)
+{
+	NTSTATUS status;
+	struct smb2_request *req;
+
+	req = smb2_request_init_tree(tree, SMB2_OP_IOCTL, 0x38, 
+				     io->in.in.length+io->in.out.length);
+	if (req == NULL) return NULL;
+
+	SSVAL(req->out.body, 0x02, io->in._pad);
+	SIVAL(req->out.body, 0x04, io->in.function);
+	smb2_push_handle(req->out.body+0x08, &io->in.handle);
+
+	status = smb2_push_o32s32_blob(&req->out, 0x18, io->in.out);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	SIVAL(req->out.body, 0x20, io->in.unknown2);
+
+	status = smb2_push_o32s32_blob(&req->out, 0x24, io->in.in);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(req);
+		return NULL;
+	}
+
+	SIVAL(req->out.body, 0x2C, io->in.max_response_size);
+	SBVAL(req->out.body, 0x30, io->in.flags);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a ioctl reply
+*/
+NTSTATUS smb2_ioctl_recv(struct smb2_request *req, 
+			 TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
+{
+	NTSTATUS status;
+
+	if (!smb2_request_receive(req) || 
+	    smb2_request_is_error(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	SMB2_CHECK_PACKET_RECV(req, 0x30, True);
+
+	io->out._pad       = SVAL(req->in.body, 0x02);
+	io->out.function   = IVAL(req->in.body, 0x04);
+	smb2_pull_handle(req->in.body+0x08, &io->out.handle);
+
+	status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x18, &io->out.in);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_request_destroy(req);
+		return status;
+	}
+
+	status = smb2_pull_o32s32_blob(&req->in, mem_ctx, req->in.body+0x20, &io->out.out);
+	if (!NT_STATUS_IS_OK(status)) {
+		smb2_request_destroy(req);
+		return status;
+	}
+
+	io->out.unknown2 = IVAL(req->in.body, 0x28);
+	io->out.unknown3 = IVAL(req->in.body, 0x2C);
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync ioctl request
+*/
+NTSTATUS smb2_ioctl(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, struct smb2_ioctl *io)
+{
+	struct smb2_request *req = smb2_ioctl_send(tree, io);
+	return smb2_ioctl_recv(req, mem_ctx, io);
+}