diff options
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/clifile.c | 2 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap_client.c | 5 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap_controls.c | 4 | ||||
-rw-r--r-- | source4/libcli/raw/interfaces.h | 54 | ||||
-rw-r--r-- | source4/libcli/raw/rawfile.c | 78 | ||||
-rw-r--r-- | source4/libcli/security/access_check.c | 8 | ||||
-rw-r--r-- | source4/libcli/security/object_tree.c | 6 | ||||
-rw-r--r-- | source4/libcli/smb2/util.c | 9 | ||||
-rw-r--r-- | source4/libcli/smb_composite/appendacl.c | 2 |
9 files changed, 154 insertions, 14 deletions
diff --git a/source4/libcli/clifile.c b/source4/libcli/clifile.c index 2cf174060b..b76bdc015f 100644 --- a/source4/libcli/clifile.c +++ b/source4/libcli/clifile.c @@ -241,7 +241,7 @@ int smbcli_nt_create_full(struct smbcli_tree *tree, const char *fname, open_parms.ntcreatex.level = RAW_OPEN_NTCREATEX; open_parms.ntcreatex.in.flags = CreatFlags; - open_parms.ntcreatex.in.root_fid = 0; + open_parms.ntcreatex.in.root_fid.fnum = 0; open_parms.ntcreatex.in.access_mask = DesiredAccess; open_parms.ntcreatex.in.file_attr = FileAttributes; open_parms.ntcreatex.in.alloc_size = 0; diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c index d278f407dc..eb53276936 100644 --- a/source4/libcli/ldap/ldap_client.c +++ b/source4/libcli/ldap/ldap_client.c @@ -338,7 +338,9 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con /* LDAPI connections are to localhost, so give the * local host name as the target for gensec's * DIGEST-MD5 mechanism */ - conn->host = talloc_asprintf(conn, "%s.%s", lp_netbios_name(conn->lp_ctx), lp_realm(conn->lp_ctx)); + conn->host = talloc_asprintf(conn, "%s.%s", + lp_netbios_name(conn->lp_ctx), + lp_dnsdomain(conn->lp_ctx)); if (composite_nomem(conn->host, state->ctx)) { return result; } @@ -403,7 +405,6 @@ static void ldap_connect_got_sock(struct composite_context *ctx, talloc_steal(conn, conn->sock); if (conn->ldaps) { struct socket_context *tls_socket; - struct socket_context *tmp_socket; char *cafile = lp_tls_cafile(conn->sock, conn->lp_ctx); if (!cafile || !*cafile) { diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c index aef775fab5..86493c81da 100644 --- a/source4/libcli/ldap/ldap_controls.c +++ b/source4/libcli/ldap/ldap_controls.c @@ -214,7 +214,7 @@ static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void *_out) return false; } - if (!asn1_read_Integer(data, &(lsdfc->secinfo_flags))) { + if (!asn1_read_Integer(data, (int *) &(lsdfc->secinfo_flags))) { return false; } @@ -248,7 +248,7 @@ static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void *_ou return false; } - if (!asn1_read_Integer(data, &(lsoc->search_options))) { + if (!asn1_read_Integer(data, (int *) &(lsoc->search_options))) { return false; } diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index 13217158cb..af2158cc16 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -1356,6 +1356,7 @@ enum smb_open_level { RAW_OPEN_T2OPEN, RAW_OPEN_NTTRANS_CREATE, RAW_OPEN_OPENX_READX, + RAW_OPEN_NTCREATEX_READX, RAW_OPEN_SMB2 }; @@ -1400,6 +1401,9 @@ union smb_open { case RAW_OPEN_OPENX_READX: \ file = &op->openxreadx.out.file; \ break; \ + case RAW_OPEN_NTCREATEX_READX: \ + file = &op->ntcreatexreadx.out.file; \ + break; \ case RAW_OPEN_SMB2: \ file = &op->smb2.out.file; \ break; \ @@ -1414,7 +1418,7 @@ union smb_open { enum smb_open_level level; struct { uint32_t flags; - uint32_t root_fid; + union smb_handle root_fid; uint32_t access_mask; uint64_t alloc_size; uint32_t file_attr; @@ -1619,6 +1623,54 @@ union smb_open { } out; } openxreadx; + /* chained NTCreateX/ReadX interface */ + struct { + enum smb_open_level level; + struct { + uint32_t flags; + union smb_handle root_fid; + uint32_t access_mask; + uint64_t alloc_size; + uint32_t file_attr; + uint32_t share_access; + uint32_t open_disposition; + uint32_t create_options; + uint32_t impersonation; + uint8_t security_flags; + /* NOTE: fname can also be a pointer to a + uint64_t file_id if create_options has the + NTCREATEX_OPTIONS_OPEN_BY_FILE_ID flag set */ + const char *fname; + + /* readx part */ + uint64_t offset; + uint16_t mincnt; + uint32_t maxcnt; + uint16_t remaining; + } in; + struct { + union smb_handle file; + uint8_t oplock_level; + uint32_t create_action; + NTTIME create_time; + NTTIME access_time; + NTTIME write_time; + NTTIME change_time; + uint32_t attrib; + uint64_t alloc_size; + uint64_t size; + uint16_t file_type; + uint16_t ipc_state; + uint8_t is_directory; + + /* readx part */ + uint8_t *data; + uint16_t remaining; + uint16_t compaction_mode; + uint16_t nread; + } out; + } ntcreatexreadx; + #define SMB2_CREATE_FLAG_REQUEST_OPLOCK 0x0100 #define SMB2_CREATE_FLAG_REQUEST_EXCLUSIVE_OPLOCK 0x0800 #define SMB2_CREATE_FLAG_GRANT_OPLOCK 0x0001 diff --git a/source4/libcli/raw/rawfile.c b/source4/libcli/raw/rawfile.c index 35d6b75c4d..b6849fef61 100644 --- a/source4/libcli/raw/rawfile.c +++ b/source4/libcli/raw/rawfile.c @@ -379,7 +379,7 @@ static struct smbcli_request *smb_raw_nttrans_create_send(struct smbcli_tree *tr params = nt.in.params.data; SIVAL(params, 0, parms->ntcreatex.in.flags); - SIVAL(params, 4, parms->ntcreatex.in.root_fid); + SIVAL(params, 4, parms->ntcreatex.in.root_fid.fnum); SIVAL(params, 8, parms->ntcreatex.in.access_mask); SBVAL(params, 12, parms->ntcreatex.in.alloc_size); SIVAL(params, 20, parms->ntcreatex.in.file_attr); @@ -564,7 +564,7 @@ _PUBLIC_ struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, unio SSVAL(req->out.vwv, VWV(1),0); SCVAL(req->out.vwv, VWV(2),0); /* padding */ SIVAL(req->out.vwv, 7, parms->ntcreatex.in.flags); - SIVAL(req->out.vwv, 11, parms->ntcreatex.in.root_fid); + SIVAL(req->out.vwv, 11, parms->ntcreatex.in.root_fid.fnum); SIVAL(req->out.vwv, 15, parms->ntcreatex.in.access_mask); SBVAL(req->out.vwv, 19, parms->ntcreatex.in.alloc_size); SIVAL(req->out.vwv, 27, parms->ntcreatex.in.file_attr); @@ -616,6 +616,45 @@ _PUBLIC_ struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, unio SIVAL(req->out.vwv, VWV(10),parms->openxreadx.in.offset>>32); } break; + + case RAW_OPEN_NTCREATEX_READX: + SETUP_REQUEST(SMBntcreateX, 24, 0); + SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE); + SSVAL(req->out.vwv, VWV(1),0); + SCVAL(req->out.vwv, VWV(2),0); /* padding */ + SIVAL(req->out.vwv, 7, parms->ntcreatexreadx.in.flags); + SIVAL(req->out.vwv, 11, parms->ntcreatexreadx.in.root_fid.fnum); + SIVAL(req->out.vwv, 15, parms->ntcreatexreadx.in.access_mask); + SBVAL(req->out.vwv, 19, parms->ntcreatexreadx.in.alloc_size); + SIVAL(req->out.vwv, 27, parms->ntcreatexreadx.in.file_attr); + SIVAL(req->out.vwv, 31, parms->ntcreatexreadx.in.share_access); + SIVAL(req->out.vwv, 35, parms->ntcreatexreadx.in.open_disposition); + SIVAL(req->out.vwv, 39, parms->ntcreatexreadx.in.create_options); + SIVAL(req->out.vwv, 43, parms->ntcreatexreadx.in.impersonation); + SCVAL(req->out.vwv, 47, parms->ntcreatexreadx.in.security_flags); + + smbcli_req_append_string_len(req, parms->ntcreatexreadx.in.fname, STR_TERMINATE, &len); + SSVAL(req->out.vwv, 5, len); + + if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) { + bigoffset = true; + } + + smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0); + + SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE); + SSVAL(req->out.vwv, VWV(1), 0); + SSVAL(req->out.vwv, VWV(2), 0); + SIVAL(req->out.vwv, VWV(3), parms->ntcreatexreadx.in.offset); + SSVAL(req->out.vwv, VWV(5), parms->ntcreatexreadx.in.maxcnt & 0xFFFF); + SSVAL(req->out.vwv, VWV(6), parms->ntcreatexreadx.in.mincnt); + SIVAL(req->out.vwv, VWV(7), parms->ntcreatexreadx.in.maxcnt >> 16); + SSVAL(req->out.vwv, VWV(9), parms->ntcreatexreadx.in.remaining); + if (bigoffset) { + SIVAL(req->out.vwv, VWV(10),parms->ntcreatexreadx.in.offset>>32); + } + break; + case RAW_OPEN_SMB2: return NULL; } @@ -753,6 +792,41 @@ _PUBLIC_ NTSTATUS smb_raw_open_recv(struct smbcli_request *req, TALLOC_CTX *mem_ req->status = NT_STATUS_BUFFER_TOO_SMALL; } break; + + case RAW_OPEN_NTCREATEX_READX: + SMBCLI_CHECK_MIN_WCT(req, 34); + parms->ntcreatexreadx.out.oplock_level = CVAL(req->in.vwv, 4); + parms->ntcreatexreadx.out.file.fnum = SVAL(req->in.vwv, 5); + parms->ntcreatexreadx.out.create_action = IVAL(req->in.vwv, 7); + parms->ntcreatexreadx.out.create_time = smbcli_pull_nttime(req->in.vwv, 11); + parms->ntcreatexreadx.out.access_time = smbcli_pull_nttime(req->in.vwv, 19); + parms->ntcreatexreadx.out.write_time = smbcli_pull_nttime(req->in.vwv, 27); + parms->ntcreatexreadx.out.change_time = smbcli_pull_nttime(req->in.vwv, 35); + parms->ntcreatexreadx.out.attrib = IVAL(req->in.vwv, 43); + parms->ntcreatexreadx.out.alloc_size = BVAL(req->in.vwv, 47); + parms->ntcreatexreadx.out.size = BVAL(req->in.vwv, 55); + parms->ntcreatexreadx.out.file_type = SVAL(req->in.vwv, 63); + parms->ntcreatexreadx.out.ipc_state = SVAL(req->in.vwv, 65); + parms->ntcreatexreadx.out.is_directory = CVAL(req->in.vwv, 67); + + status = smbcli_chained_advance(req); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + SMBCLI_CHECK_WCT(req, 12); + parms->ntcreatexreadx.out.remaining = SVAL(req->in.vwv, VWV(2)); + parms->ntcreatexreadx.out.compaction_mode = SVAL(req->in.vwv, VWV(3)); + parms->ntcreatexreadx.out.nread = SVAL(req->in.vwv, VWV(5)); + if (parms->ntcreatexreadx.out.nread > + MAX(parms->ntcreatexreadx.in.mincnt, parms->ntcreatexreadx.in.maxcnt) || + !smbcli_raw_pull_data(&req->in.bufinfo, req->in.hdr + SVAL(req->in.vwv, VWV(6)), + parms->ntcreatexreadx.out.nread, + parms->ntcreatexreadx.out.data)) { + req->status = NT_STATUS_BUFFER_TOO_SMALL; + } + break; + case RAW_OPEN_SMB2: req->status = NT_STATUS_INTERNAL_ERROR; break; diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 543b0f74c5..954c54c38b 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -125,9 +125,13 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, security_token_has_sid(token, sd->owner_sid)) { bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); } - if ((bits_remaining & SEC_STD_DELETE) && + if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) && security_token_has_privilege(token, SEC_PRIV_RESTORE)) { - bits_remaining &= ~SEC_STD_DELETE; + bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE); + } + if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) && + security_token_has_privilege(token, SEC_PRIV_BACKUP)) { + bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP); } if (sd->dacl == NULL) { diff --git a/source4/libcli/security/object_tree.c b/source4/libcli/security/object_tree.c index 8a90019a59..85b407913c 100644 --- a/source4/libcli/security/object_tree.c +++ b/source4/libcli/security/object_tree.c @@ -94,13 +94,13 @@ struct object_tree * get_object_tree_by_GUID(struct object_tree *root, /* Change the granted access per each ACE */ void object_tree_modify_access(struct object_tree *root, - uint32_t access) + uint32_t access_mask) { struct object_tree *p; if (root){ - root->remaining_access &= ~access; + root->remaining_access &= ~access_mask; } for (p = root->children; p != NULL; p = p->next) - object_tree_modify_access(p, access); + object_tree_modify_access(p, access_mask); } diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c index 8602c91a9f..9b8d6887b1 100644 --- a/source4/libcli/smb2/util.c +++ b/source4/libcli/smb2/util.c @@ -220,3 +220,12 @@ int smb2_deltree(struct smb2_tree *tree, const char *dname) return total_deleted; } + +/* + check if two SMB2 file handles are the same +*/ +bool smb2_util_handle_equal(const struct smb2_handle h1, + const struct smb2_handle h2) +{ + return (h1.data[0] == h2.data[0]) && (h1.data[1] == h2.data[1]); +} diff --git a/source4/libcli/smb_composite/appendacl.c b/source4/libcli/smb_composite/appendacl.c index 69ed62a106..c1a964f151 100644 --- a/source4/libcli/smb_composite/appendacl.c +++ b/source4/libcli/smb_composite/appendacl.c @@ -254,7 +254,7 @@ struct composite_context *smb_composite_appendacl_send(struct smbcli_tree *tree, if (state->io_open == NULL) goto failed; state->io_open->ntcreatex.level = RAW_OPEN_NTCREATEX; - state->io_open->ntcreatex.in.root_fid = 0; + state->io_open->ntcreatex.in.root_fid.fnum = 0; state->io_open->ntcreatex.in.flags = 0; state->io_open->ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; state->io_open->ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; |