benny/wmic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

wmi-1.3.16 from opsview.com

Browse Source
This commit is contained in:
Are Casilla
2019-02-16 00:16:52 +01:00
parent 163fdd3d1b
commit 17b3af2911
2146 changed files with 678824 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Samba/source/ntvfs/ipc/README
+5
View File
@@ -0,0 +1,5 @@
This is the IPC$ backend for Samba. NTVFS operations that are made on
IPC$ shares are directed here by default. Most file operations
are not supported on IPC$ shares.
Samba/source/ntvfs/ipc/ipc.h
View File
Samba/source/ntvfs/ipc/ipc_rap.c
+462
View File
@@ -0,0 +1,462 @@
/*
Unix SMB/CIFS implementation.
RAP handlers
Copyright (C) Volker Lendecke 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "libcli/raw/interfaces.h"
#include "libcli/rap/rap.h"
#include "ntvfs/ipc/proto.h"
#include "librpc/ndr/libndr.h"
#define NERR_Success 0
#define NERR_badpass 86
#define NERR_notsupported 50
struct rap_string_heap {
TALLOC_CTX *mem_ctx;
int offset;
int num_strings;
const char **strings;
};
struct rap_heap_save {
int offset, num_strings;
};
static void rap_heap_save(struct rap_string_heap *heap,
struct rap_heap_save *save)
{
save->offset = heap->offset;
save->num_strings = heap->num_strings;
}
static void rap_heap_restore(struct rap_string_heap *heap,
struct rap_heap_save *save)
{
heap->offset = save->offset;
heap->num_strings = save->num_strings;
}
struct rap_call {
TALLOC_CTX *mem_ctx;
uint16_t callno;
const char *paramdesc;
const char *datadesc;
uint16_t status;
uint16_t convert;
uint16_t rcv_paramlen, rcv_datalen;
struct ndr_push *ndr_push_param;
struct ndr_push *ndr_push_data;
struct rap_string_heap *heap;
struct ndr_pull *ndr_pull_param;
struct ndr_pull *ndr_pull_data;
};
#define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
static struct rap_call *new_rap_srv_call(TALLOC_CTX *mem_ctx,
struct smb_trans2 *trans)
{
struct rap_call *call;
call = talloc(mem_ctx, struct rap_call);
if (call == NULL)
return NULL;
ZERO_STRUCTP(call);
call->mem_ctx = mem_ctx;
call->ndr_pull_param = ndr_pull_init_blob(&trans->in.params, mem_ctx);
call->ndr_pull_param->flags = RAPNDR_FLAGS;
call->ndr_pull_data = ndr_pull_init_blob(&trans->in.data, mem_ctx);
call->ndr_pull_data->flags = RAPNDR_FLAGS;
call->heap = talloc(mem_ctx, struct rap_string_heap);
if (call->heap == NULL)
return NULL;
ZERO_STRUCTP(call->heap);
call->heap->mem_ctx = mem_ctx;
return call;
}
static NTSTATUS rap_srv_pull_word(struct rap_call *call, uint16_t *result)
{
if (*call->paramdesc++ != 'W')
return NT_STATUS_INVALID_PARAMETER;
return ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, result);
}
static NTSTATUS rap_srv_pull_dword(struct rap_call *call, uint32_t *result)
{
if (*call->paramdesc++ != 'D')
return NT_STATUS_INVALID_PARAMETER;
return ndr_pull_uint32(call->ndr_pull_param, NDR_SCALARS, result);
}
static NTSTATUS rap_srv_pull_string(struct rap_call *call, const char **result)
{
char paramdesc = *call->paramdesc++;
if (paramdesc == 'O') {
*result = NULL;
return NT_STATUS_OK;
}
if (paramdesc != 'z')
return NT_STATUS_INVALID_PARAMETER;
return ndr_pull_string(call->ndr_pull_param, NDR_SCALARS, result);
}
static NTSTATUS rap_srv_pull_bufsize(struct rap_call *call, uint16_t *bufsize)
{
NTSTATUS result;
if ( (*call->paramdesc++ != 'r') || (*call->paramdesc++ != 'L') )
return NT_STATUS_INVALID_PARAMETER;
result = ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, bufsize);
if (!NT_STATUS_IS_OK(result))
return result;
call->heap->offset = *bufsize;
return NT_STATUS_OK;
}
static NTSTATUS rap_srv_pull_expect_multiple(struct rap_call *call)
{
if ( (*call->paramdesc++ != 'e') || (*call->paramdesc++ != 'h') )
return NT_STATUS_INVALID_PARAMETER;
return NT_STATUS_OK;
}
static NTSTATUS rap_push_string(struct ndr_push *data_push,
struct rap_string_heap *heap,
const char *str)
{
size_t space;
if (str == NULL)
str = "";
space = strlen(str)+1;
if (heap->offset < space)
return NT_STATUS_BUFFER_TOO_SMALL;
heap->offset -= space;
NDR_CHECK(ndr_push_uint16(data_push, NDR_SCALARS, heap->offset));
NDR_CHECK(ndr_push_uint16(data_push, NDR_SCALARS, 0));
heap->strings = talloc_realloc(heap->mem_ctx,
heap->strings,
const char *,
heap->num_strings + 1);
if (heap->strings == NULL)
return NT_STATUS_NO_MEMORY;
heap->strings[heap->num_strings] = str;
heap->num_strings += 1;
return NT_STATUS_OK;
}
#define NDR_OK(call) do { result = call; \
if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) \
goto buffer_overflow; \
if (!NT_STATUS_IS_OK(result)) \
goto done; \
} while (0)
static NTSTATUS _rap_netshareenum(struct rap_call *call)
{
struct rap_NetShareEnum r;
NTSTATUS result;
NDR_OK(rap_srv_pull_word(call, &r.in.level));
NDR_OK(rap_srv_pull_bufsize(call, &r.in.bufsize));
NDR_OK(rap_srv_pull_expect_multiple(call));
switch(r.in.level) {
case 0:
if (strcmp(call->datadesc, "B13") != 0)
return NT_STATUS_INVALID_PARAMETER;
break;
case 1:
if (strcmp(call->datadesc, "B13BWz") != 0)
return NT_STATUS_INVALID_PARAMETER;
break;
default:
return NT_STATUS_INVALID_PARAMETER;
break;
}
result = rap_netshareenum(call, &r);
if (!NT_STATUS_IS_OK(result))
return result;
for (r.out.count = 0; r.out.count < r.out.available; r.out.count++) {
int i = r.out.count;
struct ndr_push_save data_save;
struct rap_heap_save heap_save;
ndr_push_save(call->ndr_push_data, &data_save);
rap_heap_save(call->heap, &heap_save);
switch(r.in.level) {
case 0:
NDR_OK(ndr_push_bytes(call->ndr_push_data,
(const uint8_t *)r.out.info[i].info0.name,
sizeof(r.out.info[i].info0.name)));
break;
case 1:
NDR_OK(ndr_push_bytes(call->ndr_push_data,
(const uint8_t *)r.out.info[i].info1.name,
sizeof(r.out.info[i].info1.name)));
NDR_OK(ndr_push_uint8(call->ndr_push_data,
NDR_SCALARS, r.out.info[i].info1.pad));
NDR_OK(ndr_push_uint16(call->ndr_push_data,
NDR_SCALARS, r.out.info[i].info1.type));
NDR_OK(rap_push_string(call->ndr_push_data,
call->heap,
r.out.info[i].info1.comment));
break;
}
if (call->ndr_push_data->offset > call->heap->offset) {
buffer_overflow:
ndr_push_restore(call->ndr_push_data, &data_save);
rap_heap_restore(call->heap, &heap_save);
break;
}
}
call->status = r.out.status;
NDR_CHECK(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.count));
NDR_CHECK(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.available));
result = NT_STATUS_OK;
done:
return result;
}
static NTSTATUS _rap_netserverenum2(struct rap_call *call)
{
struct rap_NetServerEnum2 r;
NTSTATUS result;
NDR_OK(rap_srv_pull_word(call, &r.in.level));
NDR_OK(rap_srv_pull_bufsize(call, &r.in.bufsize));
NDR_OK(rap_srv_pull_expect_multiple(call));
NDR_OK(rap_srv_pull_dword(call, &r.in.servertype));
NDR_OK(rap_srv_pull_string(call, &r.in.domain));
switch(r.in.level) {
case 0:
if (strcmp(call->datadesc, "B16") != 0)
return NT_STATUS_INVALID_PARAMETER;
break;
case 1:
if (strcmp(call->datadesc, "B16BBDz") != 0)
return NT_STATUS_INVALID_PARAMETER;
break;
default:
return NT_STATUS_INVALID_PARAMETER;
break;
}
result = rap_netserverenum2(call, &r);
if (!NT_STATUS_IS_OK(result))
return result;
for (r.out.count = 0; r.out.count < r.out.available; r.out.count++) {
int i = r.out.count;
struct ndr_push_save data_save;
struct rap_heap_save heap_save;
ndr_push_save(call->ndr_push_data, &data_save);
rap_heap_save(call->heap, &heap_save);
switch(r.in.level) {
case 0:
NDR_OK(ndr_push_bytes(call->ndr_push_data,
(const uint8_t *)r.out.info[i].info0.name,
sizeof(r.out.info[i].info0.name)));
break;
case 1:
NDR_OK(ndr_push_bytes(call->ndr_push_data,
(const uint8_t *)r.out.info[i].info1.name,
sizeof(r.out.info[i].info1.name)));
NDR_OK(ndr_push_uint8(call->ndr_push_data,
NDR_SCALARS, r.out.info[i].info1.version_major));
NDR_OK(ndr_push_uint8(call->ndr_push_data,
NDR_SCALARS, r.out.info[i].info1.version_minor));
NDR_OK(ndr_push_uint32(call->ndr_push_data,
NDR_SCALARS, r.out.info[i].info1.servertype));
NDR_OK(rap_push_string(call->ndr_push_data,
call->heap,
r.out.info[i].info1.comment));
break;
}
if (call->ndr_push_data->offset > call->heap->offset) {
buffer_overflow:
ndr_push_restore(call->ndr_push_data, &data_save);
rap_heap_restore(call->heap, &heap_save);
break;
}
}
call->status = r.out.status;
NDR_CHECK(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.count));
NDR_CHECK(ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, r.out.available));
result = NT_STATUS_OK;
done:
return result;
}
static NTSTATUS api_Unsupported(struct rap_call *call)
{
call->status = NERR_notsupported;
call->convert = 0;
return NT_STATUS_OK;
}
static const struct
{
const char *name;
int id;
NTSTATUS (*fn)(struct rap_call *call);
} api_commands[] = {
{"NetShareEnum", RAP_WshareEnum, _rap_netshareenum },
{"NetServerEnum2", RAP_NetServerEnum2, _rap_netserverenum2 },
{NULL, -1, api_Unsupported}
};
NTSTATUS ipc_rap_call(TALLOC_CTX *mem_ctx, struct smb_trans2 *trans)
{
int i;
NTSTATUS result;
struct rap_call *call;
DATA_BLOB result_param, result_data;
struct ndr_push *final_param;
struct ndr_push *final_data;
call = new_rap_srv_call(mem_ctx, trans);
if (call == NULL)
return NT_STATUS_NO_MEMORY;
NDR_CHECK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &call->callno));
NDR_CHECK(ndr_pull_string(call->ndr_pull_param, NDR_SCALARS,
&call->paramdesc));
NDR_CHECK(ndr_pull_string(call->ndr_pull_param, NDR_SCALARS,
&call->datadesc));
call->ndr_push_param = ndr_push_init_ctx(call);
call->ndr_push_data = ndr_push_init_ctx(call);
if ((call->ndr_push_param == NULL) || (call->ndr_push_data == NULL))
return NT_STATUS_NO_MEMORY;
call->ndr_push_param->flags = RAPNDR_FLAGS;
call->ndr_push_data->flags = RAPNDR_FLAGS;
result = NT_STATUS_INVALID_SYSTEM_SERVICE;
for (i=0; api_commands[i].name != NULL; i++) {
if (api_commands[i].id == call->callno) {
DEBUG(5, ("Running RAP call %s\n",
api_commands[i].name));
result = api_commands[i].fn(call);
break;
}
}
if (!NT_STATUS_IS_OK(result))
return result;
result_param = ndr_push_blob(call->ndr_push_param);
result_data = ndr_push_blob(call->ndr_push_data);
final_param = ndr_push_init_ctx(call);
final_data = ndr_push_init_ctx(call);
if ((final_param == NULL) || (final_data == NULL))
return NT_STATUS_NO_MEMORY;
final_param->flags = RAPNDR_FLAGS;
final_data->flags = RAPNDR_FLAGS;
NDR_CHECK(ndr_push_uint16(final_param, NDR_SCALARS, call->status));
NDR_CHECK(ndr_push_uint16(final_param,
NDR_SCALARS, call->heap->offset - result_data.length));
NDR_CHECK(ndr_push_bytes(final_param, result_param.data,
result_param.length));
NDR_CHECK(ndr_push_bytes(final_data, result_data.data,
result_data.length));
for (i=call->heap->num_strings-1; i>=0; i--)
NDR_CHECK(ndr_push_string(final_data, NDR_SCALARS,
call->heap->strings[i]));
trans->out.setup_count = 0;
trans->out.setup = NULL;
trans->out.params = ndr_push_blob(final_param);
trans->out.data = ndr_push_blob(final_data);
return result;
}
Samba/source/ntvfs/ipc/np_echo.c
View File
Samba/source/ntvfs/ipc/rap_server.c
+83
View File
@@ -0,0 +1,83 @@
/*
Unix SMB/CIFS implementation.
RAP handlers
Copyright (C) Volker Lendecke 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "param/share.h"
#include "libcli/rap/rap.h"
#include "librpc/gen_ndr/srvsvc.h"
#include "rpc_server/common/common.h"
/* At this moment these are just dummy functions, but you might get the
* idea. */
NTSTATUS rap_netshareenum(TALLOC_CTX *mem_ctx,
struct rap_NetShareEnum *r)
{
NTSTATUS nterr;
const char **snames;
struct share_context *sctx;
struct share_config *scfg;
int i, j, count;
r->out.status = 0;
r->out.available = 0;
r->out.info = NULL;
nterr = share_get_context(mem_ctx, &sctx);
if (!NT_STATUS_IS_OK(nterr)) {
return nterr;
}
nterr = share_list_all(mem_ctx, sctx, &count, &snames);
if (!NT_STATUS_IS_OK(nterr)) {
return nterr;
}
r->out.available = count;
r->out.info = talloc_array(mem_ctx,
union rap_shareenum_info, r->out.available);
for (i = 0, j = 0; i < r->out.available; i++) {
if (!NT_STATUS_IS_OK(share_get_config(mem_ctx, sctx, snames[i], &scfg))) {
DEBUG(3, ("WARNING: Service [%s] disappeared after enumeration!\n", snames[i]));
continue;
}
strncpy(r->out.info[j].info1.name,
snames[i],
sizeof(r->out.info[0].info1.name));
r->out.info[i].info1.pad = 0;
r->out.info[i].info1.type = dcesrv_common_get_share_type(mem_ctx, NULL, scfg);
r->out.info[i].info1.comment = talloc_strdup(mem_ctx, share_string_option(scfg, SHARE_COMMENT, ""));
talloc_free(scfg);
j++;
}
r->out.available = j;
return NT_STATUS_OK;
}
NTSTATUS rap_netserverenum2(TALLOC_CTX *mem_ctx,
struct rap_NetServerEnum2 *r)
{
r->out.status = 0;
r->out.available = 0;
return NT_STATUS_OK;
}
Samba/source/ntvfs/ipc/vfs_ipc.c
+913
View File
@@ -0,0 +1,913 @@
/*
Unix SMB/CIFS implementation.
default IPC$ NTVFS backend
Copyright (C) Andrew Tridgell 2003
Copyright (C) Stefan (metze) Metzmacher 2004-2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/*
this implements the IPC$ backend, called by the NTVFS subsystem to
handle requests on IPC$ shares
*/
#include "includes.h"
#include "lib/util/dlinklist.h"
#include "ntvfs/ntvfs.h"
#include "libcli/rap/rap.h"
#include "ntvfs/ipc/proto.h"
#include "rpc_server/dcerpc_server.h"
#include "libcli/raw/ioctl.h"
/* this is the private structure used to keep the state of an open
ipc$ connection. It needs to keep information about all open
pipes */
struct ipc_private {
struct ntvfs_module_context *ntvfs;
struct dcesrv_context *dcesrv;
/* a list of open pipes */
struct pipe_state {
struct pipe_state *next, *prev;
struct ipc_private *private;
const char *pipe_name;
struct ntvfs_handle *handle;
struct dcesrv_connection *dce_conn;
uint16_t ipc_state;
} *pipe_list;
};
/*
find a open pipe give a file handle
*/
static struct pipe_state *pipe_state_find(struct ipc_private *private, struct ntvfs_handle *handle)
{
struct pipe_state *s;
void *p;
p = ntvfs_handle_get_backend_data(handle, private->ntvfs);
if (!p) return NULL;
s = talloc_get_type(p, struct pipe_state);
if (!s) return NULL;
return s;
}
/*
find a open pipe give a wire fnum
*/
static struct pipe_state *pipe_state_find_key(struct ipc_private *private, struct ntvfs_request *req, const DATA_BLOB *key)
{
struct ntvfs_handle *h;
h = ntvfs_handle_search_by_wire_key(private->ntvfs, req, key);
if (!h) return NULL;
return pipe_state_find(private, h);
}
/*
connect to a share - always works
*/
static NTSTATUS ipc_connect(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, const char *sharename)
{
NTSTATUS status;
struct ipc_private *private;
ntvfs->ctx->fs_type = talloc_strdup(ntvfs->ctx, "IPC");
NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->fs_type);
ntvfs->ctx->dev_type = talloc_strdup(ntvfs->ctx, "IPC");
NT_STATUS_HAVE_NO_MEMORY(ntvfs->ctx->dev_type);
/* prepare the private state for this connection */
private = talloc(ntvfs, struct ipc_private);
NT_STATUS_HAVE_NO_MEMORY(private);
ntvfs->private_data = private;
private->ntvfs = ntvfs;
private->pipe_list = NULL;
/* setup the DCERPC server subsystem */
status = dcesrv_init_ipc_context(private, &private->dcesrv);
NT_STATUS_NOT_OK_RETURN(status);
return NT_STATUS_OK;
}
/*
disconnect from a share
*/
static NTSTATUS ipc_disconnect(struct ntvfs_module_context *ntvfs)
{
return NT_STATUS_OK;
}
/*
delete a file
*/
static NTSTATUS ipc_unlink(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req,
union smb_unlink *unl)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
check if a directory exists
*/
static NTSTATUS ipc_chkpath(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req,
union smb_chkpath *cp)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
return info on a pathname
*/
static NTSTATUS ipc_qpathinfo(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_fileinfo *info)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
set info on a pathname
*/
static NTSTATUS ipc_setpathinfo(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_setfileinfo *st)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
destroy a open pipe structure
*/
static int ipc_fd_destructor(struct pipe_state *p)
{
DLIST_REMOVE(p->private->pipe_list, p);
return 0;
}
static struct socket_address *ipc_get_my_addr(struct dcesrv_connection *dce_conn, TALLOC_CTX *mem_ctx)
{
struct ipc_private *private = dce_conn->transport.private_data;
return ntvfs_get_my_addr(private->ntvfs, mem_ctx);
}
static struct socket_address *ipc_get_peer_addr(struct dcesrv_connection *dce_conn, TALLOC_CTX *mem_ctx)
{
struct ipc_private *private = dce_conn->transport.private_data;
return ntvfs_get_peer_addr(private->ntvfs, mem_ctx);
}
/*
open a file backend - used for MSRPC pipes
*/
static NTSTATUS ipc_open_generic(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, const char *fname,
struct pipe_state **ps)
{
struct pipe_state *p;
NTSTATUS status;
struct dcerpc_binding *ep_description;
struct ipc_private *private = ntvfs->private_data;
struct ntvfs_handle *h;
status = ntvfs_handle_new(ntvfs, req, &h);
NT_STATUS_NOT_OK_RETURN(status);
p = talloc(h, struct pipe_state);
NT_STATUS_HAVE_NO_MEMORY(p);
ep_description = talloc(req, struct dcerpc_binding);
NT_STATUS_HAVE_NO_MEMORY(ep_description);
while (fname[0] == '\\') fname++;
p->pipe_name = talloc_asprintf(p, "\\pipe\\%s", fname);
NT_STATUS_HAVE_NO_MEMORY(p->pipe_name);
p->handle = h;
p->ipc_state = 0x5ff;
/*
we're all set, now ask the dcerpc server subsystem to open the
endpoint. At this stage the pipe isn't bound, so we don't
know what interface the user actually wants, just that they want
one of the interfaces attached to this pipe endpoint.
*/
ep_description->transport = NCACN_NP;
ep_description->endpoint = talloc_reference(ep_description, p->pipe_name);
/* The session info is refcount-increased in the
* dcesrv_endpoint_search_connect() function
*/
status = dcesrv_endpoint_search_connect(private->dcesrv,
p,
ep_description,
h->session_info,
ntvfs->ctx->event_ctx,
ntvfs->ctx->msg_ctx,
ntvfs->ctx->server_id,
0,
&p->dce_conn);
NT_STATUS_NOT_OK_RETURN(status);
p->dce_conn->transport.private_data = private;
p->dce_conn->transport.report_output_data = NULL;
p->dce_conn->transport.get_my_addr = ipc_get_my_addr;
p->dce_conn->transport.get_peer_addr = ipc_get_peer_addr;
DLIST_ADD(private->pipe_list, p);
p->private = private;
talloc_set_destructor(p, ipc_fd_destructor);
status = ntvfs_handle_set_backend_data(h, private->ntvfs, p);
NT_STATUS_NOT_OK_RETURN(status);
*ps = p;
return NT_STATUS_OK;
}
/*
open a file with ntcreatex - used for MSRPC pipes
*/
static NTSTATUS ipc_open_ntcreatex(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_open *oi)
{
struct pipe_state *p;
NTSTATUS status;
status = ipc_open_generic(ntvfs, req, oi->ntcreatex.in.fname, &p);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
ZERO_STRUCT(oi->ntcreatex.out);
oi->ntcreatex.out.file.ntvfs= p->handle;
oi->ntcreatex.out.ipc_state = p->ipc_state;
oi->ntcreatex.out.file_type = FILE_TYPE_MESSAGE_MODE_PIPE;
return status;
}
/*
open a file with openx - used for MSRPC pipes
*/
static NTSTATUS ipc_open_openx(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_open *oi)
{
struct pipe_state *p;
NTSTATUS status;
const char *fname = oi->openx.in.fname;
status = ipc_open_generic(ntvfs, req, fname, &p);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
ZERO_STRUCT(oi->openx.out);
oi->openx.out.file.ntvfs= p->handle;
oi->openx.out.ftype = 2;
oi->openx.out.devstate = p->ipc_state;
return status;
}
/*
open a file with SMB2 Create - used for MSRPC pipes
*/
static NTSTATUS ipc_open_smb2(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_open *oi)
{
struct pipe_state *p;
NTSTATUS status;
status = ipc_open_generic(ntvfs, req, oi->smb2.in.fname, &p);
NT_STATUS_NOT_OK_RETURN(status);
oi->smb2.out.file.ntvfs = p->handle;
oi->smb2.out.oplock_flags = oi->smb2.in.oplock_flags;
oi->smb2.out.create_action = NTCREATEX_ACTION_EXISTED;
oi->smb2.out.create_time = 0;
oi->smb2.out.access_time = 0;
oi->smb2.out.write_time = 0;
oi->smb2.out.change_time = 0;
oi->smb2.out.alloc_size = 4096;
oi->smb2.out.size = 0;
oi->smb2.out.file_attr = FILE_ATTRIBUTE_NORMAL;
oi->smb2.out._pad = 0;
oi->smb2.out.blob = data_blob(NULL, 0);
return status;
}
/*
open a file - used for MSRPC pipes
*/
static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_open *oi)
{
NTSTATUS status;
switch (oi->generic.level) {
case RAW_OPEN_NTCREATEX:
status = ipc_open_ntcreatex(ntvfs, req, oi);
break;
case RAW_OPEN_OPENX:
status = ipc_open_openx(ntvfs, req, oi);
break;
case RAW_OPEN_SMB2:
status = ipc_open_smb2(ntvfs, req, oi);
break;
default:
status = NT_STATUS_NOT_SUPPORTED;
break;
}
return status;
}
/*
create a directory
*/
static NTSTATUS ipc_mkdir(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_mkdir *md)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
remove a directory
*/
static NTSTATUS ipc_rmdir(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, struct smb_rmdir *rd)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
rename a set of files
*/
static NTSTATUS ipc_rename(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_rename *ren)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
copy a set of files
*/
static NTSTATUS ipc_copy(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, struct smb_copy *cp)
{
return NT_STATUS_ACCESS_DENIED;
}
static NTSTATUS ipc_readx_dcesrv_output(void *private_data, DATA_BLOB *out, size_t *nwritten)
{
DATA_BLOB *blob = private_data;
if (out->length < blob->length) {
blob->length = out->length;
}
memcpy(blob->data, out->data, blob->length);
*nwritten = blob->length;
return NT_STATUS_OK;
}
/*
read from a file
*/
static NTSTATUS ipc_read(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_read *rd)
{
struct ipc_private *private = ntvfs->private_data;
DATA_BLOB data;
struct pipe_state *p;
NTSTATUS status = NT_STATUS_OK;
if (rd->generic.level != RAW_READ_GENERIC) {
return ntvfs_map_read(ntvfs, req, rd);
}
p = pipe_state_find(private, rd->readx.in.file.ntvfs);
if (!p) {
return NT_STATUS_INVALID_HANDLE;
}
data.length = rd->readx.in.maxcnt;
data.data = rd->readx.out.data;
if (data.length > UINT16_MAX) {
data.length = UINT16_MAX;
}
if (data.length != 0) {
status = dcesrv_output(p->dce_conn, &data, ipc_readx_dcesrv_output);
if (NT_STATUS_IS_ERR(status)) {
return status;
}
}
rd->readx.out.remaining = 0;
rd->readx.out.compaction_mode = 0;
rd->readx.out.nread = data.length;
return status;
}
/*
write to a file
*/
static NTSTATUS ipc_write(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_write *wr)
{
struct ipc_private *private = ntvfs->private_data;
DATA_BLOB data;
struct pipe_state *p;
NTSTATUS status;
if (wr->generic.level != RAW_WRITE_GENERIC) {
return ntvfs_map_write(ntvfs, req, wr);
}
data.data = discard_const_p(void, wr->writex.in.data);
data.length = wr->writex.in.count;
p = pipe_state_find(private, wr->writex.in.file.ntvfs);
if (!p) {
return NT_STATUS_INVALID_HANDLE;
}
status = dcesrv_input(p->dce_conn, &data);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
wr->writex.out.nwritten = data.length;
wr->writex.out.remaining = 0;
return NT_STATUS_OK;
}
/*
seek in a file
*/
static NTSTATUS ipc_seek(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req,
union smb_seek *io)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
flush a file
*/
static NTSTATUS ipc_flush(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req,
union smb_flush *io)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
close a file
*/
static NTSTATUS ipc_close(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_close *io)
{
struct ipc_private *private = ntvfs->private_data;
struct pipe_state *p;
if (io->generic.level != RAW_CLOSE_CLOSE) {
return ntvfs_map_close(ntvfs, req, io);
}
p = pipe_state_find(private, io->close.in.file.ntvfs);
if (!p) {
return NT_STATUS_INVALID_HANDLE;
}
talloc_free(p);
return NT_STATUS_OK;
}
/*
exit - closing files
*/
static NTSTATUS ipc_exit(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req)
{
struct ipc_private *private = ntvfs->private_data;
struct pipe_state *p, *next;
for (p=private->pipe_list; p; p=next) {
next = p->next;
if (p->handle->session_info == req->session_info &&
p->handle->smbpid == req->smbpid) {
talloc_free(p);
}
}
return NT_STATUS_OK;
}
/*
logoff - closing files open by the user
*/
static NTSTATUS ipc_logoff(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req)
{
struct ipc_private *private = ntvfs->private_data;
struct pipe_state *p, *next;
for (p=private->pipe_list; p; p=next) {
next = p->next;
if (p->handle->session_info == req->session_info) {
talloc_free(p);
}
}
return NT_STATUS_OK;
}
/*
setup for an async call
*/
static NTSTATUS ipc_async_setup(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req,
void *private)
{
return NT_STATUS_OK;
}
/*
cancel an async call
*/
static NTSTATUS ipc_cancel(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req)
{
return NT_STATUS_UNSUCCESSFUL;
}
/*
lock a byte range
*/
static NTSTATUS ipc_lock(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_lock *lck)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
set info on a open file
*/
static NTSTATUS ipc_setfileinfo(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_setfileinfo *info)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
query info on a open file
*/
static NTSTATUS ipc_qfileinfo(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_fileinfo *info)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
return filesystem info
*/
static NTSTATUS ipc_fsinfo(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_fsinfo *fs)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
return print queue info
*/
static NTSTATUS ipc_lpq(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_lpq *lpq)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
list files in a directory matching a wildcard pattern
*/
static NTSTATUS ipc_search_first(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_search_first *io,
void *search_private,
BOOL (*callback)(void *, union smb_search_data *))
{
return NT_STATUS_ACCESS_DENIED;
}
/*
continue listing files in a directory
*/
static NTSTATUS ipc_search_next(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_search_next *io,
void *search_private,
BOOL (*callback)(void *, union smb_search_data *))
{
return NT_STATUS_ACCESS_DENIED;
}
/*
end listing files in a directory
*/
static NTSTATUS ipc_search_close(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_search_close *io)
{
return NT_STATUS_ACCESS_DENIED;
}
static NTSTATUS ipc_trans_dcesrv_output(void *private_data, DATA_BLOB *out, size_t *nwritten)
{
NTSTATUS status = NT_STATUS_OK;
DATA_BLOB *blob = private_data;
if (out->length > blob->length) {
status = STATUS_BUFFER_OVERFLOW;
}
if (out->length < blob->length) {
blob->length = out->length;
}
memcpy(blob->data, out->data, blob->length);
*nwritten = blob->length;
return status;
}
/* SMBtrans - handle a DCERPC command */
static NTSTATUS ipc_dcerpc_cmd(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, struct smb_trans2 *trans)
{
struct pipe_state *p;
struct ipc_private *private = ntvfs->private_data;
NTSTATUS status;
DATA_BLOB fnum_key;
uint16_t fnum;
/*
* the fnum is in setup[1], a 16 bit value
* the setup[*] values are already in host byteorder
* but ntvfs_handle_search_by_wire_key() expects
* network byteorder
*/
SSVAL(&fnum, 0, trans->in.setup[1]);
fnum_key = data_blob_const(&fnum, 2);
p = pipe_state_find_key(private, req, &fnum_key);
if (!p) {
return NT_STATUS_INVALID_HANDLE;
}
trans->out.data = data_blob_talloc(req, NULL, trans->in.max_data);
if (!trans->out.data.data) {
return NT_STATUS_NO_MEMORY;
}
/* pass the data to the dcerpc server. Note that we don't
expect this to fail, and things like NDR faults are not
reported at this stage. Those sorts of errors happen in the
dcesrv_output stage */
status = dcesrv_input(p->dce_conn, &trans->in.data);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/*
now ask the dcerpc system for some output. This doesn't yet handle
async calls. Again, we only expect NT_STATUS_OK. If the call fails then
the error is encoded at the dcerpc level
*/
status = dcesrv_output(p->dce_conn, &trans->out.data, ipc_trans_dcesrv_output);
if (NT_STATUS_IS_ERR(status)) {
return status;
}
trans->out.setup_count = 0;
trans->out.setup = NULL;
trans->out.params = data_blob(NULL, 0);
return status;
}
/* SMBtrans - set named pipe state */
static NTSTATUS ipc_set_nm_pipe_state(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, struct smb_trans2 *trans)
{
struct ipc_private *private = ntvfs->private_data;
struct pipe_state *p;
DATA_BLOB fnum_key;
/* the fnum is in setup[1] */
fnum_key = data_blob_const(&trans->in.setup[1], sizeof(trans->in.setup[1]));
p = pipe_state_find_key(private, req, &fnum_key);
if (!p) {
return NT_STATUS_INVALID_HANDLE;
}
if (trans->in.params.length != 2) {
return NT_STATUS_INVALID_PARAMETER;
}
p->ipc_state = SVAL(trans->in.params.data, 0);
trans->out.setup_count = 0;
trans->out.setup = NULL;
trans->out.params = data_blob(NULL, 0);
trans->out.data = data_blob(NULL, 0);
return NT_STATUS_OK;
}
/* SMBtrans - used to provide access to SMB pipes */
static NTSTATUS ipc_trans(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, struct smb_trans2 *trans)
{
NTSTATUS status;
if (strequal(trans->in.trans_name, "\\PIPE\\LANMAN"))
return ipc_rap_call(req, trans);
if (trans->in.setup_count != 2) {
return NT_STATUS_INVALID_PARAMETER;
}
switch (trans->in.setup[0]) {
case TRANSACT_SETNAMEDPIPEHANDLESTATE:
status = ipc_set_nm_pipe_state(ntvfs, req, trans);
break;
case TRANSACT_DCERPCCMD:
status = ipc_dcerpc_cmd(ntvfs, req, trans);
break;
default:
status = NT_STATUS_INVALID_PARAMETER;
break;
}
return status;
}
static NTSTATUS ipc_ioctl_smb2(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_ioctl *io)
{
struct pipe_state *p;
struct ipc_private *private = ntvfs->private_data;
NTSTATUS status;
switch (io->smb2.in.function) {
case FSCTL_NAMED_PIPE_READ_WRITE:
break;
default:
return NT_STATUS_FS_DRIVER_REQUIRED;
}
p = pipe_state_find(private, io->smb2.in.file.ntvfs);
if (!p) {
return NT_STATUS_INVALID_HANDLE;
}
io->smb2.out.out = data_blob_talloc(req, NULL, io->smb2.in.max_response_size);
NT_STATUS_HAVE_NO_MEMORY(io->smb2.out.out.data);
/* pass the data to the dcerpc server. Note that we don't
expect this to fail, and things like NDR faults are not
reported at this stage. Those sorts of errors happen in the
dcesrv_output stage */
status = dcesrv_input(p->dce_conn, &io->smb2.in.out);
NT_STATUS_NOT_OK_RETURN(status);
/*
now ask the dcerpc system for some output. This doesn't yet handle
async calls. Again, we only expect NT_STATUS_OK. If the call fails then
the error is encoded at the dcerpc level
*/
status = dcesrv_output(p->dce_conn, &io->smb2.out.out, ipc_trans_dcesrv_output);
NT_STATUS_IS_ERR_RETURN(status);
io->smb2.out._pad = 0;
io->smb2.out.function = io->smb2.in.function;
io->smb2.out.unknown2 = 0;
io->smb2.out.unknown3 = 0;
io->smb2.out.in = io->smb2.in.out;
return status;
}
/*
ioctl interface
*/
static NTSTATUS ipc_ioctl(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_ioctl *io)
{
switch (io->generic.level) {
case RAW_IOCTL_SMB2:
return ipc_ioctl_smb2(ntvfs, req, io);
case RAW_IOCTL_SMB2_NO_HANDLE:
return NT_STATUS_FS_DRIVER_REQUIRED;
default:
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_ACCESS_DENIED;
}
/*
initialialise the IPC backend, registering ourselves with the ntvfs subsystem
*/
NTSTATUS ntvfs_ipc_init(void)
{
NTSTATUS ret;
struct ntvfs_ops ops;
NTVFS_CURRENT_CRITICAL_SIZES(vers);
ZERO_STRUCT(ops);
/* fill in the name and type */
ops.name = "default";
ops.type = NTVFS_IPC;
/* fill in all the operations */
ops.connect = ipc_connect;
ops.disconnect = ipc_disconnect;
ops.unlink = ipc_unlink;
ops.chkpath = ipc_chkpath;
ops.qpathinfo = ipc_qpathinfo;
ops.setpathinfo = ipc_setpathinfo;
ops.open = ipc_open;
ops.mkdir = ipc_mkdir;
ops.rmdir = ipc_rmdir;
ops.rename = ipc_rename;
ops.copy = ipc_copy;
ops.ioctl = ipc_ioctl;
ops.read = ipc_read;
ops.write = ipc_write;
ops.seek = ipc_seek;
ops.flush = ipc_flush;
ops.close = ipc_close;
ops.exit = ipc_exit;
ops.lock = ipc_lock;
ops.setfileinfo = ipc_setfileinfo;
ops.qfileinfo = ipc_qfileinfo;
ops.fsinfo = ipc_fsinfo;
ops.lpq = ipc_lpq;
ops.search_first = ipc_search_first;
ops.search_next = ipc_search_next;
ops.search_close = ipc_search_close;
ops.trans = ipc_trans;
ops.logoff = ipc_logoff;
ops.async_setup = ipc_async_setup;
ops.cancel = ipc_cancel;
/* register ourselves with the NTVFS subsystem. */
ret = ntvfs_register(&ops, &vers);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register IPC backend!\n"));
return ret;
}
return ret;
}