diff options
-rw-r--r-- | source4/include/structs.h | 1 | ||||
-rw-r--r-- | source4/libcli/smb2/config.mk | 3 | ||||
-rw-r--r-- | source4/libcli/smb2/create.c | 124 | ||||
-rw-r--r-- | source4/libcli/smb2/request.c | 16 | ||||
-rw-r--r-- | source4/libcli/smb2/smb2.h | 2 | ||||
-rw-r--r-- | source4/libcli/smb2/smb2_calls.h | 47 | ||||
-rw-r--r-- | source4/libcli/smb2/tcon.c | 5 | ||||
-rw-r--r-- | source4/torture/smb2/connect.c | 38 |
8 files changed, 228 insertions, 8 deletions
diff --git a/source4/include/structs.h b/source4/include/structs.h index 7c92b66d52..e104eac1ab 100644 --- a/source4/include/structs.h +++ b/source4/include/structs.h @@ -341,5 +341,6 @@ struct smb2_negprot; struct smb2_session_setup; struct smb2_tree; struct smb2_tree_connect; +struct smb2_create; diff --git a/source4/libcli/smb2/config.mk b/source4/libcli/smb2/config.mk index 63cb6c6140..f3acd06955 100644 --- a/source4/libcli/smb2/config.mk +++ b/source4/libcli/smb2/config.mk @@ -4,5 +4,6 @@ OBJ_FILES = \ request.o \ negprot.o \ session.o \ - tcon.o + tcon.o \ + create.o REQUIRED_SUBSYSTEMS = LIBCLI_RAW LIBPACKET diff --git a/source4/libcli/smb2/create.c b/source4/libcli/smb2/create.c new file mode 100644 index 0000000000..dbb4d4b974 --- /dev/null +++ b/source4/libcli/smb2/create.c @@ -0,0 +1,124 @@ +/* + Unix SMB/CIFS implementation. + + SMB2 client tree handling + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "libcli/raw/libcliraw.h" +#include "libcli/smb2/smb2.h" +#include "libcli/smb2/smb2_calls.h" + +/* + send a create request +*/ +struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create *io) +{ + struct smb2_request *req; + NTSTATUS status; + DATA_BLOB path; + uint8_t *ptr; + + status = smb2_string_blob(tree, io->in.fname, &path); + if (!NT_STATUS_IS_OK(status)) { + return NULL; + } + + req = smb2_request_init_tree(tree, SMB2_OP_CREATE, 0x50 + path.length); + if (req == NULL) return NULL; + + SIVAL(req->out.body, 0x00, io->in.unknown1); + SIVAL(req->out.body, 0x04, io->in.unknown2); + SIVAL(req->out.body, 0x08, io->in.unknown3[0]); + SIVAL(req->out.body, 0x0C, io->in.unknown3[1]); + SIVAL(req->out.body, 0x10, io->in.unknown3[2]); + SIVAL(req->out.body, 0x14, io->in.unknown3[3]); + SIVAL(req->out.body, 0x18, io->in.access_mask); + SIVAL(req->out.body, 0x1C, io->in.file_attr); + SIVAL(req->out.body, 0x20, io->in.unknown4); + SIVAL(req->out.body, 0x24, io->in.open_disposition); + SIVAL(req->out.body, 0x28, io->in.unknown5); + + SSVAL(req->out.body, 0x2C, 0x40+0x38); /* offset to fname */ + SSVAL(req->out.body, 0x2E, path.length); + SIVAL(req->out.body, 0x30, 0x40+0x38+path.length); /* offset to 2nd buffer? */ + + SIVAL(req->out.body, 0x34, io->in.unknown6); + + memcpy(req->out.body+0x38, path.data, path.length); + + ptr = req->out.body+0x38+path.length; + + SIVAL(ptr, 0x00, io->in.unknown7); + SIVAL(ptr, 0x04, io->in.unknown8); + SIVAL(ptr, 0x08, io->in.unknown9); + SIVAL(ptr, 0x0C, io->in.unknown10); + SIVAL(ptr, 0x10, io->in.unknown11); + + data_blob_free(&path); + + smb2_transport_send(req); + + return req; +} + + +/* + recv a create reply +*/ +NTSTATUS smb2_create_recv(struct smb2_request *req, struct smb2_create *io) +{ + int i; + if (!smb2_request_receive(req) || + smb2_request_is_error(req)) { + return smb2_request_destroy(req); + } + + if (req->in.body_size < 0x54) { + printf("body size %d\n", req->in.body_size); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + io->out.unknown1 = IVAL(req->in.body, 0x00); + io->out.unknown2 = IVAL(req->in.body, 0x04); + io->out.create_time = smbcli_pull_nttime(req->in.body, 0x08); + io->out.access_time = smbcli_pull_nttime(req->in.body, 0x10); + io->out.write_time = smbcli_pull_nttime(req->in.body, 0x18); + io->out.change_time = smbcli_pull_nttime(req->in.body, 0x20); + io->out.unknown3 = IVAL(req->in.body, 0x24); + io->out.unknown4 = IVAL(req->in.body, 0x28); + io->out.unknown5 = IVAL(req->in.body, 0x2C); + io->out.unknown6 = IVAL(req->in.body, 0x30); + io->out.unknown7 = IVAL(req->in.body, 0x34); + memcpy(io->out.handle.data, req->in.body+0x38, 20); + for (i=0;i<2;i++) { + io->out.unknown8[i] = IVAL(req->in.body, 0x4C + i*4); + } + + return smb2_request_destroy(req); +} + +/* + sync create request +*/ +NTSTATUS smb2_create(struct smb2_tree *tree, struct smb2_create *io) +{ + struct smb2_request *req = smb2_create_send(tree, io); + return smb2_create_recv(req, io); +} diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c index 7e25de99a8..108cf0ca55 100644 --- a/source4/libcli/smb2/request.c +++ b/source4/libcli/smb2/request.c @@ -76,6 +76,22 @@ struct smb2_request *smb2_request_init(struct smb2_transport *transport, return req; } +/* + initialise a smb2 request for tree operations +*/ +struct smb2_request *smb2_request_init_tree(struct smb2_tree *tree, + uint16_t opcode, uint32_t body_size) +{ + struct smb2_request *req = smb2_request_init(tree->session->transport, opcode, + body_size); + if (req == NULL) return NULL; + + SBVAL(req->out.hdr, SMB2_HDR_UID, tree->session->uid); + SIVAL(req->out.hdr, SMB2_HDR_TID, tree->tid); + + return req; +} + /* destroy a request structure and return final status */ NTSTATUS smb2_request_destroy(struct smb2_request *req) { diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index 353f9687d7..76f00cc573 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -56,7 +56,7 @@ struct smb2_transport { */ struct smb2_tree { struct smb2_session *session; - uint64_t tid; + uint32_t tid; }; /* diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h index 523f314cbf..8b68751df3 100644 --- a/source4/libcli/smb2/smb2_calls.h +++ b/source4/libcli/smb2/smb2_calls.h @@ -71,6 +71,51 @@ struct smb2_tree_connect { uint32_t unknown2; /* 0x00 */ uint32_t unknown3; /* 0x00 */ uint32_t unknown4; /* 0x1f01ff */ /* capabilities?? */ - uint64_t tid; + uint32_t tid; } out; }; + +/* + file handles in SMB2 are 20 bytes, like RPC handles +*/ +struct smb2_handle { + uint8_t data[20]; +}; + +struct smb2_create { + struct { + uint32_t unknown1; /* 0x09000039 */ + uint32_t unknown2; /* 2 */ + uint32_t unknown3[4]; + uint32_t access_mask; + uint32_t file_attr; + uint32_t unknown4; + uint32_t open_disposition; + uint32_t unknown5; + /* ofs/len of name here, 16 bits */ + uint32_t unknown6; + const char *fname; + uint32_t unknown7; + uint32_t unknown8; + uint32_t unknown9; + uint32_t unknown10; + uint64_t unknown11; + } in; + + struct { + uint32_t unknown1; + uint32_t unknown2; + NTTIME create_time; + NTTIME access_time; + NTTIME write_time; + NTTIME change_time; + uint32_t unknown3; + uint32_t unknown4; + uint32_t unknown5; + uint32_t unknown6; + uint32_t unknown7; + struct smb2_handle handle; + uint32_t unknown8[2]; + } out; +}; + diff --git a/source4/libcli/smb2/tcon.c b/source4/libcli/smb2/tcon.c index 7b13750cfe..b339d6473e 100644 --- a/source4/libcli/smb2/tcon.c +++ b/source4/libcli/smb2/tcon.c @@ -67,6 +67,7 @@ struct smb2_request *smb2_tree_connect_send(struct smb2_tree *tree, SBVAL(req->out.hdr, SMB2_HDR_UID, tree->session->uid); SIVAL(req->out.body, 0x00, io->in.unknown1); status = smb2_push_ofs_blob(req, req->out.body+0x04, path); + data_blob_free(&path); if (!NT_STATUS_IS_OK(status)) { talloc_free(req); return NULL; @@ -92,7 +93,7 @@ NTSTATUS smb2_tree_connect_recv(struct smb2_request *req, struct smb2_tree_conne return NT_STATUS_BUFFER_TOO_SMALL; } - io->out.tid = BVAL(req->in.hdr, SMB2_HDR_TID); + io->out.tid = IVAL(req->in.hdr, SMB2_HDR_TID); io->out.unknown1 = IVAL(req->in.body, 0x00); io->out.unknown2 = IVAL(req->in.body, 0x04); @@ -103,7 +104,7 @@ NTSTATUS smb2_tree_connect_recv(struct smb2_request *req, struct smb2_tree_conne } /* - sync session setup request + sync tree connect request */ NTSTATUS smb2_tree_connect(struct smb2_tree *tree, struct smb2_tree_connect *io) { diff --git a/source4/torture/smb2/connect.c b/source4/torture/smb2/connect.c index 39131a74f2..955df4c890 100644 --- a/source4/torture/smb2/connect.c +++ b/source4/torture/smb2/connect.c @@ -188,11 +188,40 @@ static struct smb2_tree *torture_smb2_tree(struct smb2_session *session, return NULL; } - printf("Tree connect gave tid = 0x%016llx\n", io.out.tid); + printf("Tree connect gave tid = 0x%x\n", io.out.tid); + + tree->tid = io.out.tid; return tree; } +/* + send a create +*/ +static struct smb2_handle torture_smb2_create(struct smb2_tree *tree, + const char *fname) +{ + struct smb2_create io; + NTSTATUS status; + + ZERO_STRUCT(io); + io.in.unknown1 = 0x09000039; + io.in.access_mask = SEC_RIGHTS_FILE_ALL; + io.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF; + io.in.fname = fname; + status = smb2_create(tree, &io); + if (!NT_STATUS_IS_OK(status)) { + printf("create failed - %s\n", nt_errstr(status)); + return io.out.handle; + } + + printf("Open gave handle:\n"); + dump_data(0, io.out.handle.data, 20); + + return io.out.handle; +} + /* basic testing of SMB2 connection calls */ @@ -205,12 +234,15 @@ BOOL torture_smb2_connect(void) const char *host = lp_parm_string(-1, "torture", "host"); const char *share = lp_parm_string(-1, "torture", "share"); struct cli_credentials *credentials = cmdline_credentials; + struct smb2_handle h; transport = torture_smb2_negprot(mem_ctx, host); session = torture_smb2_session(transport, credentials); - session = torture_smb2_session(transport, credentials); - tree = torture_smb2_tree(session, share); tree = torture_smb2_tree(session, share); + h = torture_smb2_create(tree, "test2.dat"); + h = torture_smb2_create(tree, "test3.dat"); + h = torture_smb2_create(tree, "test4.dat"); + h = torture_smb2_create(tree, "test5.dat"); talloc_free(mem_ctx); |