summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/structs.h1
-rw-r--r--source4/libcli/smb2/config.mk3
-rw-r--r--source4/libcli/smb2/create.c124
-rw-r--r--source4/libcli/smb2/request.c16
-rw-r--r--source4/libcli/smb2/smb2.h2
-rw-r--r--source4/libcli/smb2/smb2_calls.h47
-rw-r--r--source4/libcli/smb2/tcon.c5
-rw-r--r--source4/torture/smb2/connect.c38
8 files changed, 228 insertions, 8 deletions
diff --git a/source4/include/structs.h b/source4/include/structs.h
index 7c92b66d52..e104eac1ab 100644
--- a/source4/include/structs.h
+++ b/source4/include/structs.h
@@ -341,5 +341,6 @@ struct smb2_negprot;
struct smb2_session_setup;
struct smb2_tree;
struct smb2_tree_connect;
+struct smb2_create;
diff --git a/source4/libcli/smb2/config.mk b/source4/libcli/smb2/config.mk
index 63cb6c6140..f3acd06955 100644
--- a/source4/libcli/smb2/config.mk
+++ b/source4/libcli/smb2/config.mk
@@ -4,5 +4,6 @@ OBJ_FILES = \
request.o \
negprot.o \
session.o \
- tcon.o
+ tcon.o \
+ create.o
REQUIRED_SUBSYSTEMS = LIBCLI_RAW LIBPACKET
diff --git a/source4/libcli/smb2/create.c b/source4/libcli/smb2/create.c
new file mode 100644
index 0000000000..dbb4d4b974
--- /dev/null
+++ b/source4/libcli/smb2/create.c
@@ -0,0 +1,124 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ SMB2 client tree handling
+
+ Copyright (C) Andrew Tridgell 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+ send a create request
+*/
+struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create *io)
+{
+ struct smb2_request *req;
+ NTSTATUS status;
+ DATA_BLOB path;
+ uint8_t *ptr;
+
+ status = smb2_string_blob(tree, io->in.fname, &path);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
+ }
+
+ req = smb2_request_init_tree(tree, SMB2_OP_CREATE, 0x50 + path.length);
+ if (req == NULL) return NULL;
+
+ SIVAL(req->out.body, 0x00, io->in.unknown1);
+ SIVAL(req->out.body, 0x04, io->in.unknown2);
+ SIVAL(req->out.body, 0x08, io->in.unknown3[0]);
+ SIVAL(req->out.body, 0x0C, io->in.unknown3[1]);
+ SIVAL(req->out.body, 0x10, io->in.unknown3[2]);
+ SIVAL(req->out.body, 0x14, io->in.unknown3[3]);
+ SIVAL(req->out.body, 0x18, io->in.access_mask);
+ SIVAL(req->out.body, 0x1C, io->in.file_attr);
+ SIVAL(req->out.body, 0x20, io->in.unknown4);
+ SIVAL(req->out.body, 0x24, io->in.open_disposition);
+ SIVAL(req->out.body, 0x28, io->in.unknown5);
+
+ SSVAL(req->out.body, 0x2C, 0x40+0x38); /* offset to fname */
+ SSVAL(req->out.body, 0x2E, path.length);
+ SIVAL(req->out.body, 0x30, 0x40+0x38+path.length); /* offset to 2nd buffer? */
+
+ SIVAL(req->out.body, 0x34, io->in.unknown6);
+
+ memcpy(req->out.body+0x38, path.data, path.length);
+
+ ptr = req->out.body+0x38+path.length;
+
+ SIVAL(ptr, 0x00, io->in.unknown7);
+ SIVAL(ptr, 0x04, io->in.unknown8);
+ SIVAL(ptr, 0x08, io->in.unknown9);
+ SIVAL(ptr, 0x0C, io->in.unknown10);
+ SIVAL(ptr, 0x10, io->in.unknown11);
+
+ data_blob_free(&path);
+
+ smb2_transport_send(req);
+
+ return req;
+}
+
+
+/*
+ recv a create reply
+*/
+NTSTATUS smb2_create_recv(struct smb2_request *req, struct smb2_create *io)
+{
+ int i;
+ if (!smb2_request_receive(req) ||
+ smb2_request_is_error(req)) {
+ return smb2_request_destroy(req);
+ }
+
+ if (req->in.body_size < 0x54) {
+ printf("body size %d\n", req->in.body_size);
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
+ io->out.unknown1 = IVAL(req->in.body, 0x00);
+ io->out.unknown2 = IVAL(req->in.body, 0x04);
+ io->out.create_time = smbcli_pull_nttime(req->in.body, 0x08);
+ io->out.access_time = smbcli_pull_nttime(req->in.body, 0x10);
+ io->out.write_time = smbcli_pull_nttime(req->in.body, 0x18);
+ io->out.change_time = smbcli_pull_nttime(req->in.body, 0x20);
+ io->out.unknown3 = IVAL(req->in.body, 0x24);
+ io->out.unknown4 = IVAL(req->in.body, 0x28);
+ io->out.unknown5 = IVAL(req->in.body, 0x2C);
+ io->out.unknown6 = IVAL(req->in.body, 0x30);
+ io->out.unknown7 = IVAL(req->in.body, 0x34);
+ memcpy(io->out.handle.data, req->in.body+0x38, 20);
+ for (i=0;i<2;i++) {
+ io->out.unknown8[i] = IVAL(req->in.body, 0x4C + i*4);
+ }
+
+ return smb2_request_destroy(req);
+}
+
+/*
+ sync create request
+*/
+NTSTATUS smb2_create(struct smb2_tree *tree, struct smb2_create *io)
+{
+ struct smb2_request *req = smb2_create_send(tree, io);
+ return smb2_create_recv(req, io);
+}
diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c
index 7e25de99a8..108cf0ca55 100644
--- a/source4/libcli/smb2/request.c
+++ b/source4/libcli/smb2/request.c
@@ -76,6 +76,22 @@ struct smb2_request *smb2_request_init(struct smb2_transport *transport,
return req;
}
+/*
+ initialise a smb2 request for tree operations
+*/
+struct smb2_request *smb2_request_init_tree(struct smb2_tree *tree,
+ uint16_t opcode, uint32_t body_size)
+{
+ struct smb2_request *req = smb2_request_init(tree->session->transport, opcode,
+ body_size);
+ if (req == NULL) return NULL;
+
+ SBVAL(req->out.hdr, SMB2_HDR_UID, tree->session->uid);
+ SIVAL(req->out.hdr, SMB2_HDR_TID, tree->tid);
+
+ return req;
+}
+
/* destroy a request structure and return final status */
NTSTATUS smb2_request_destroy(struct smb2_request *req)
{
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
index 353f9687d7..76f00cc573 100644
--- a/source4/libcli/smb2/smb2.h
+++ b/source4/libcli/smb2/smb2.h
@@ -56,7 +56,7 @@ struct smb2_transport {
*/
struct smb2_tree {
struct smb2_session *session;
- uint64_t tid;
+ uint32_t tid;
};
/*
diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h
index 523f314cbf..8b68751df3 100644
--- a/source4/libcli/smb2/smb2_calls.h
+++ b/source4/libcli/smb2/smb2_calls.h
@@ -71,6 +71,51 @@ struct smb2_tree_connect {
uint32_t unknown2; /* 0x00 */
uint32_t unknown3; /* 0x00 */
uint32_t unknown4; /* 0x1f01ff */ /* capabilities?? */
- uint64_t tid;
+ uint32_t tid;
} out;
};
+
+/*
+ file handles in SMB2 are 20 bytes, like RPC handles
+*/
+struct smb2_handle {
+ uint8_t data[20];
+};
+
+struct smb2_create {
+ struct {
+ uint32_t unknown1; /* 0x09000039 */
+ uint32_t unknown2; /* 2 */
+ uint32_t unknown3[4];
+ uint32_t access_mask;
+ uint32_t file_attr;
+ uint32_t unknown4;
+ uint32_t open_disposition;
+ uint32_t unknown5;
+ /* ofs/len of name here, 16 bits */
+ uint32_t unknown6;
+ const char *fname;
+ uint32_t unknown7;
+ uint32_t unknown8;
+ uint32_t unknown9;
+ uint32_t unknown10;
+ uint64_t unknown11;
+ } in;
+
+ struct {
+ uint32_t unknown1;
+ uint32_t unknown2;
+ NTTIME create_time;
+ NTTIME access_time;
+ NTTIME write_time;
+ NTTIME change_time;
+ uint32_t unknown3;
+ uint32_t unknown4;
+ uint32_t unknown5;
+ uint32_t unknown6;
+ uint32_t unknown7;
+ struct smb2_handle handle;
+ uint32_t unknown8[2];
+ } out;
+};
+
diff --git a/source4/libcli/smb2/tcon.c b/source4/libcli/smb2/tcon.c
index 7b13750cfe..b339d6473e 100644
--- a/source4/libcli/smb2/tcon.c
+++ b/source4/libcli/smb2/tcon.c
@@ -67,6 +67,7 @@ struct smb2_request *smb2_tree_connect_send(struct smb2_tree *tree,
SBVAL(req->out.hdr, SMB2_HDR_UID, tree->session->uid);
SIVAL(req->out.body, 0x00, io->in.unknown1);
status = smb2_push_ofs_blob(req, req->out.body+0x04, path);
+ data_blob_free(&path);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(req);
return NULL;
@@ -92,7 +93,7 @@ NTSTATUS smb2_tree_connect_recv(struct smb2_request *req, struct smb2_tree_conne
return NT_STATUS_BUFFER_TOO_SMALL;
}
- io->out.tid = BVAL(req->in.hdr, SMB2_HDR_TID);
+ io->out.tid = IVAL(req->in.hdr, SMB2_HDR_TID);
io->out.unknown1 = IVAL(req->in.body, 0x00);
io->out.unknown2 = IVAL(req->in.body, 0x04);
@@ -103,7 +104,7 @@ NTSTATUS smb2_tree_connect_recv(struct smb2_request *req, struct smb2_tree_conne
}
/*
- sync session setup request
+ sync tree connect request
*/
NTSTATUS smb2_tree_connect(struct smb2_tree *tree, struct smb2_tree_connect *io)
{
diff --git a/source4/torture/smb2/connect.c b/source4/torture/smb2/connect.c
index 39131a74f2..955df4c890 100644
--- a/source4/torture/smb2/connect.c
+++ b/source4/torture/smb2/connect.c
@@ -188,11 +188,40 @@ static struct smb2_tree *torture_smb2_tree(struct smb2_session *session,
return NULL;
}
- printf("Tree connect gave tid = 0x%016llx\n", io.out.tid);
+ printf("Tree connect gave tid = 0x%x\n", io.out.tid);
+
+ tree->tid = io.out.tid;
return tree;
}
+/*
+ send a create
+*/
+static struct smb2_handle torture_smb2_create(struct smb2_tree *tree,
+ const char *fname)
+{
+ struct smb2_create io;
+ NTSTATUS status;
+
+ ZERO_STRUCT(io);
+ io.in.unknown1 = 0x09000039;
+ io.in.access_mask = SEC_RIGHTS_FILE_ALL;
+ io.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+ io.in.fname = fname;
+ status = smb2_create(tree, &io);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("create failed - %s\n", nt_errstr(status));
+ return io.out.handle;
+ }
+
+ printf("Open gave handle:\n");
+ dump_data(0, io.out.handle.data, 20);
+
+ return io.out.handle;
+}
+
/*
basic testing of SMB2 connection calls
*/
@@ -205,12 +234,15 @@ BOOL torture_smb2_connect(void)
const char *host = lp_parm_string(-1, "torture", "host");
const char *share = lp_parm_string(-1, "torture", "share");
struct cli_credentials *credentials = cmdline_credentials;
+ struct smb2_handle h;
transport = torture_smb2_negprot(mem_ctx, host);
session = torture_smb2_session(transport, credentials);
- session = torture_smb2_session(transport, credentials);
- tree = torture_smb2_tree(session, share);
tree = torture_smb2_tree(session, share);
+ h = torture_smb2_create(tree, "test2.dat");
+ h = torture_smb2_create(tree, "test3.dat");
+ h = torture_smb2_create(tree, "test4.dat");
+ h = torture_smb2_create(tree, "test5.dat");
talloc_free(mem_ctx);