/**
* Copy constructor.
*
* @param pkt SMB packet buffer.
* @param len Length of packet to be copied
*/
public SMBSrvPacket(SMBSrvPacket pkt, int len) {
// Create a packet buffer of the same size
m_smbbuf = new byte[pkt.getBuffer().length];
// Copy the data from the specified packet
System.arraycopy(pkt.getBuffer(), 0, m_smbbuf, 0, len);
}
/**
* Process a special IPC$ file close request.
*
* @param sess SMBSrvSession
* @param smbPkt SMBSrvPacket
* @exception IOException
* @exception SMBSrvException
*/
protected static void procIPCFileClose(SMBSrvSession sess, SMBSrvPacket smbPkt)
throws IOException, SMBSrvException {
// Check that the received packet looks like a valid file close request
if (smbPkt.checkPacketIsValid(3, 0) == false) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.SRVUnrecognizedCommand, SMBStatus.ErrSrv);
return;
}
// Get the tree id from the received packet and validate that it is a valid
// connection id.
TreeConnection conn = sess.findTreeConnection(smbPkt);
if (conn == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.DOSInvalidDrive, SMBStatus.ErrDos);
return;
}
// Get the file id from the request
int fid = smbPkt.getParameter(0);
DCEPipeFile netFile = (DCEPipeFile) conn.findFile(fid);
if (netFile == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.DOSInvalidHandle, SMBStatus.ErrDos);
return;
}
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln("IPC$ File close [" + smbPkt.getTreeId() + "] fid=" + fid);
// Remove the file from the connections list of open files
conn.removeFile(fid, sess);
// Build the close file response
smbPkt.setParameterCount(0);
smbPkt.setByteCount(0);
// Send the response packet
sess.sendResponseSMB(smbPkt);
}
/**
* Process an IPC pipe file write andX request
*
* @param sess SMBSrvSession
* @param smbPkt SMBSrvPacket
* @exception IOException
* @exception SMBSrvException
*/
protected static void procIPCFileWriteAndX(SMBSrvSession sess, SMBSrvPacket smbPkt)
throws IOException, SMBSrvException {
// Check if the received packet is a valid write andX request
if (smbPkt.checkPacketIsValid(12, 0) == false) {
// Invalid request
sess.sendErrorResponseSMB(smbPkt, SMBStatus.SRVUnrecognizedCommand, SMBStatus.ErrSrv);
return;
}
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln("IPC$ File Write AndX");
// Pass the write request the DCE/RPC handler
DCERPCHandler.processDCERPCRequest(sess, smbPkt);
}
/**
* Add a deferred session/packet, whilst an oplock break is in progress
*
* @param deferredSess SMBSrvSession
* @param deferredPkt SMBSrvPacket
* @exception DeferFailedException If the session/packet cannot be deferred
*/
public void addDeferredSession(SMBSrvSession deferredSess, SMBSrvPacket deferredPkt)
throws DeferFailedException {
// Allocate the deferred request list, if required
if (m_deferredRequests == null) {
synchronized (this) {
if (m_deferredRequests == null)
m_deferredRequests = new ArrayList<DeferredRequest>(MaxDeferredRequests);
}
}
// Add the request to the list if there are spare slots
synchronized (m_deferredRequests) {
if (m_deferredRequests.size() < MaxDeferredRequests) {
// Add the deferred request to the list
m_deferredRequests.add(new DeferredRequest(deferredSess, deferredPkt));
// Update the deferred processing count for the CIFS packet
deferredPkt.incrementDeferredCount();
// Set the time that the oplock break was sent to the client, if this is the first deferred
// request
if (m_deferredRequests.size() == 1) m_oplockBreakTime = System.currentTimeMillis();
// DEBUG
if (Debug.EnableDbg && deferredSess.hasDebug(SMBSrvSession.DBG_OPLOCK))
Debug.println(
"Added deferred request, list=" + m_deferredRequests.size() + ", oplock=" + this);
} else throw new DeferFailedException("No more deferred slots available on oplock");
}
}
/**
* Process a \PIPE\LANMAN transaction request.
*
* @param tbuf Transaction setup, parameter and data buffers
* @param sess SMB server session that received the transaction.
* @param trans Packet to use for reply
* @return true if the transaction has been handled, else false.
* @exception java.io.IOException The exception description.
* @exception org.alfresco.aifs.smb.SMBSrvException The exception description.
*/
public static final boolean processRequest(
TransactBuffer tbuf, SMBSrvSession sess, SMBSrvPacket trans)
throws IOException, SMBSrvException {
// Create a transaction packet
SMBSrvTransPacket tpkt = new SMBSrvTransPacket(trans.getBuffer());
// Get the transaction command code, parameter descriptor and data descriptor strings from
// the parameter block.
DataBuffer paramBuf = tbuf.getParameterBuffer();
int cmd = paramBuf.getShort();
String prmDesc = paramBuf.getString(false);
String dataDesc = paramBuf.getString(false);
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln(
"\\PIPE\\LANMAN\\ transact request, cmd="
+ cmd
+ ", prm="
+ prmDesc
+ ", data="
+ dataDesc);
// Call the required transaction handler
boolean processed = false;
switch (cmd) {
// Share
case PacketType.RAPShareEnum:
processed = procNetShareEnum(sess, tbuf, prmDesc, dataDesc, tpkt);
break;
// Get share information
case PacketType.RAPShareGetInfo:
processed = procNetShareGetInfo(sess, tbuf, prmDesc, dataDesc, tpkt);
break;
// Workstation information
case PacketType.RAPWkstaGetInfo:
processed = procNetWkstaGetInfo(sess, tbuf, prmDesc, dataDesc, tpkt);
break;
// Server information
case PacketType.RAPServerGetInfo:
processed = procNetServerGetInfo(sess, tbuf, prmDesc, dataDesc, tpkt);
break;
// Print queue information
case PacketType.NetPrintQGetInfo:
processed = procNetPrintQGetInfo(sess, tbuf, prmDesc, dataDesc, tpkt);
break;
// No handler
default:
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln(
"No handler for \\PIPE\\LANMAN\\ request, cmd="
+ cmd
+ ", prm="
+ prmDesc
+ ", data="
+ dataDesc);
break;
}
// Check if the transaction packet has allocated an associated packet from the pool, we need to
// copy the associated packet
// to the outer request packet so that it is released back to the pool.
if (tpkt.hasAssociatedPacket()) {
Debug.println(
"[SMB] PipeLanManHandler allocated associated packet, len="
+ tpkt.getAssociatedPacket().getBufferLength());
// Copy the associated packet to the outer request packet
trans.setAssociatedPacket(tpkt.getAssociatedPacket());
tpkt.setAssociatedPacket(null);
}
// Return the transaction processed status
return processed;
}
/**
* Process a transact2 query file information (via handle) request.
*
* @param sess SMBSrvSession
* @param vc VirtualCircuit
* @param tbuf Transaction request details
* @param smbPkt SMBSrvPacket
* @exception IOException
* @exception SMBSrvException
*/
protected static final void procTrans2QueryFile(
SMBSrvSession sess, VirtualCircuit vc, SrvTransactBuffer tbuf, SMBSrvPacket smbPkt)
throws IOException, SMBSrvException {
// Get the tree connection details
int treeId = tbuf.getTreeId();
TreeConnection conn = vc.findConnection(treeId);
if (conn == null) {
sess.sendErrorResponseSMB(
smbPkt, SMBStatus.NTInvalidParameter, SMBStatus.DOSInvalidDrive, SMBStatus.ErrDos);
return;
}
// Check if the user has the required access permission
if (conn.hasReadAccess() == false) {
// User does not have the required access rights
sess.sendErrorResponseSMB(
smbPkt, SMBStatus.NTAccessDenied, SMBStatus.DOSAccessDenied, SMBStatus.ErrDos);
return;
}
// Get the file id and query path information level
DataBuffer paramBuf = tbuf.getParameterBuffer();
int fid = paramBuf.getShort();
int infoLevl = paramBuf.getShort();
// Get the file details via the file id
NetworkFile netFile = conn.findFile(fid);
if (netFile == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.DOSInvalidHandle, SMBStatus.ErrDos);
return;
}
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln(
"IPC$ Query File - level=0x"
+ Integer.toHexString(infoLevl)
+ ", fid="
+ fid
+ ", name="
+ netFile.getFullName());
// Access the shared device disk interface
try {
// Set the return parameter count, so that the data area position can be calculated.
smbPkt.setParameterCount(10);
// Pack the file information into the data area of the transaction reply
byte[] buf = smbPkt.getBuffer();
int prmPos = DataPacker.longwordAlign(smbPkt.getByteOffset());
int dataPos = prmPos + 4;
// Pack the return parametes, EA error offset
smbPkt.setPosition(prmPos);
smbPkt.packWord(0);
// Create a data buffer using the SMB packet. The response should always fit into a
// single reply packet.
DataBuffer replyBuf = new DataBuffer(buf, dataPos, buf.length - dataPos);
// Build the file information from the network file details
FileInfo fileInfo =
new FileInfo(netFile.getName(), netFile.getFileSize(), netFile.getFileAttributes());
fileInfo.setAccessDateTime(netFile.getAccessDate());
fileInfo.setCreationDateTime(netFile.getCreationDate());
fileInfo.setModifyDateTime(netFile.getModifyDate());
fileInfo.setChangeDateTime(netFile.getModifyDate());
fileInfo.setFileId(netFile.getFileId());
// Set the file allocation size, looks like it is used as the pipe buffer size
fileInfo.setAllocationSize(4096L);
// Pack the file information into the return data packet
int dataLen = QueryInfoPacker.packInfo(fileInfo, replyBuf, infoLevl, true);
// Check if any data was packed, if not then the information level is not supported
if (dataLen == 0) {
sess.sendErrorResponseSMB(
smbPkt, SMBStatus.NTInvalidParameter, SMBStatus.SRVNonSpecificError, SMBStatus.ErrSrv);
return;
}
SMBSrvTransPacket.initTransactReply(smbPkt, 2, prmPos, dataLen, dataPos);
smbPkt.setByteCount(replyBuf.getPosition() - smbPkt.getByteOffset());
// Send the transact reply
sess.sendResponseSMB(smbPkt);
} catch (FileNotFoundException ex) {
// Requested file does not exist
sess.sendErrorResponseSMB(
smbPkt, SMBStatus.NTObjectNotFound, SMBStatus.DOSFileNotFound, SMBStatus.ErrDos);
return;
} catch (PathNotFoundException ex) {
// Requested path does not exist
sess.sendErrorResponseSMB(
smbPkt, SMBStatus.NTObjectPathNotFound, SMBStatus.DOSFileNotFound, SMBStatus.ErrDos);
return;
} catch (UnsupportedInfoLevelException ex) {
// Requested information level is not supported
sess.sendErrorResponseSMB(
smbPkt, SMBStatus.NTInvalidParameter, SMBStatus.SRVNonSpecificError, SMBStatus.ErrSrv);
return;
} catch (DiskOfflineException ex) {
// Filesystem is offline
sess.sendErrorResponseSMB(
smbPkt, SMBStatus.NTObjectPathNotFound, SMBStatus.HRDDriveNotReady, SMBStatus.ErrHrd);
}
}
/**
* Process a request made on the IPC$ remote admin named pipe.
*
* @param sess SMBSrvSession
* @param smbPkt SMBSrvPacket
* @exception IOException
* @exception SMBSrvException
*/
public static void processIPCRequest(SMBSrvSession sess, SMBSrvPacket smbPkt)
throws IOException, SMBSrvException {
// Get the tree id from the received packet and validate that it is a valid
// connection id.
TreeConnection conn = sess.findTreeConnection(smbPkt);
if (conn == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.DOSInvalidDrive, SMBStatus.ErrDos);
return;
}
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln(
"IPC$ Request [" + smbPkt.getTreeId() + "] - cmd = " + smbPkt.getPacketTypeString());
// Determine the SMB command
switch (smbPkt.getCommand()) {
// Open file request
case PacketType.OpenAndX:
case PacketType.OpenFile:
procIPCFileOpen(sess, smbPkt);
break;
// Read file request
case PacketType.ReadFile:
procIPCFileRead(sess, smbPkt);
break;
// Read AndX file request
case PacketType.ReadAndX:
procIPCFileReadAndX(sess, smbPkt);
break;
// Write file request
case PacketType.WriteFile:
procIPCFileWrite(sess, smbPkt);
break;
// Write AndX file request
case PacketType.WriteAndX:
procIPCFileWriteAndX(sess, smbPkt);
break;
// Close file request
case PacketType.CloseFile:
procIPCFileClose(sess, smbPkt);
break;
// NT create andX request
case PacketType.NTCreateAndX:
procNTCreateAndX(sess, smbPkt);
break;
// Default, respond with an unsupported function error.
default:
sess.sendErrorResponseSMB(smbPkt, SMBStatus.SRVUnrecognizedCommand, SMBStatus.ErrSrv);
break;
}
}
/**
* Process an NT create andX request
*
* @param sess SMBSrvSession
* @param smbPkt SMBSrvPacket
* @exception IOException
* @exception SMBSrvException
*/
protected static void procNTCreateAndX(SMBSrvSession sess, SMBSrvPacket smbPkt)
throws IOException, SMBSrvException {
// Get the tree id from the received packet and validate that it is a valid
// connection id.
TreeConnection conn = sess.findTreeConnection(smbPkt);
if (conn == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.NTInvalidParameter, SMBStatus.NTErr);
return;
}
// Extract the NT create andX parameters
NTParameterPacker prms = new NTParameterPacker(smbPkt.getBuffer(), SMBSrvPacket.PARAMWORDS + 5);
int nameLen = prms.unpackWord();
int flags = prms.unpackInt();
int rootFID = prms.unpackInt();
int accessMask = prms.unpackInt();
long allocSize = prms.unpackLong();
int attrib = prms.unpackInt();
int shrAccess = prms.unpackInt();
int createDisp = prms.unpackInt();
int createOptn = prms.unpackInt();
int impersonLev = prms.unpackInt();
int secFlags = prms.unpackByte();
// Extract the filename string
int pos = DataPacker.wordAlign(smbPkt.getByteOffset());
String fileName = DataPacker.getUnicodeString(smbPkt.getBuffer(), pos, nameLen);
if (fileName == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.NTInvalidParameter, SMBStatus.NTErr);
return;
}
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln(
"NT Create AndX ["
+ smbPkt.getTreeId()
+ "] name="
+ fileName
+ ", flags=0x"
+ Integer.toHexString(flags)
+ ", attr=0x"
+ Integer.toHexString(attrib)
+ ", allocSize="
+ allocSize);
// Check if the pipe name is a short or long name
if (fileName.startsWith("\\PIPE") == false) fileName = "\\PIPE" + fileName;
// Check if the requested IPC$ file is valid
int pipeType = DCEPipeType.getNameAsType(fileName);
if (pipeType == -1) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.NTObjectNotFound, SMBStatus.NTErr);
return;
}
// Check if there is a handler for the pipe file
if (DCEPipeHandler.getHandlerForType(pipeType) == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.NTAccessDenied, SMBStatus.NTErr);
return;
}
// Create a network file for the special pipe
DCEPipeFile pipeFile = new DCEPipeFile(pipeType);
pipeFile.setGrantedAccess(NetworkFile.READWRITE);
// Add the file to the list of open files for this tree connection
int fid = -1;
try {
fid = conn.addFile(pipeFile, sess);
} catch (TooManyFilesException ex) {
// Too many files are open on this connection, cannot open any more files.
sess.sendErrorResponseSMB(smbPkt, SMBStatus.Win32InvalidHandle, SMBStatus.NTErr);
return;
}
// Build the NT create andX response
boolean extendedResponse = (flags & WinNT.ExtendedResponse) != 0;
smbPkt.setParameterCount(extendedResponse ? 42 : 34);
prms.reset(smbPkt.getBuffer(), SMBSrvPacket.PARAMWORDS + 4);
prms.packByte(0);
prms.packWord(fid);
prms.packInt(0x0001); // File existed and was opened
prms.packLong(0); // Creation time
prms.packLong(0); // Last access time
prms.packLong(0); // Last write time
prms.packLong(0); // Change time
prms.packInt(0x0080); // File attributes
prms.packLong(4096); // Allocation size
prms.packLong(0); // End of file
prms.packWord(2); // File type - named pipe, message mode
prms.packByte(0xFF); // Pipe instancing count
prms.packByte(0x05); // IPC state bits
prms.packByte(0); // directory flag
// Pack the extra extended response area, if requested
if (extendedResponse == true) {
// 22 byte block of zeroes
prms.packLong(0);
prms.packLong(0);
prms.packInt(0);
prms.packWord(0);
// Pack the permissions
prms.packInt(0x1F01FF);
// 6 byte block of zeroes
prms.packInt(0);
prms.packWord(0);
}
smbPkt.setByteCount(0);
smbPkt.setAndXCommand(0xFF);
smbPkt.setParameter(1, smbPkt.getLength()); // AndX offset
// Send the response packet
sess.sendResponseSMB(smbPkt);
}
/**
* Process a special IPC$ file open request.
*
* @param sess SMBSrvSession
* @param smbPkt SMBSrvPacket
* @exception IOException
* @exception SMBSrvException
*/
protected static void procIPCFileOpen(SMBSrvSession sess, SMBSrvPacket smbPkt)
throws IOException, SMBSrvException {
// Get the data bytes position and length
int dataPos = smbPkt.getByteOffset();
int dataLen = smbPkt.getByteCount();
byte[] buf = smbPkt.getBuffer();
// Extract the filename string
String fileName = DataPacker.getString(buf, dataPos, dataLen);
// Debug
if (Debug.EnableInfo && sess.hasDebug(SMBSrvSession.DBG_IPC))
sess.debugPrintln("IPC$ Open file = " + fileName);
// Check if the requested IPC$ file is valid
int pipeType = DCEPipeType.getNameAsType(fileName);
if (pipeType == -1) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.DOSFileNotFound, SMBStatus.ErrDos);
return;
}
// Get the tree connection details
TreeConnection conn = sess.findTreeConnection(smbPkt);
if (conn == null) {
sess.sendErrorResponseSMB(smbPkt, SMBStatus.SRVInvalidTID, SMBStatus.ErrSrv);
return;
}
// Create a network file for the special pipe
DCEPipeFile pipeFile = new DCEPipeFile(pipeType);
pipeFile.setGrantedAccess(NetworkFile.READWRITE);
// Add the file to the list of open files for this tree connection
int fid = -1;
try {
fid = conn.addFile(pipeFile, sess);
} catch (TooManyFilesException ex) {
// Too many files are open on this connection, cannot open any more files.
sess.sendErrorResponseSMB(smbPkt, SMBStatus.DOSTooManyOpenFiles, SMBStatus.ErrDos);
return;
}
// Build the open file response
smbPkt.setParameterCount(15);
smbPkt.setAndXCommand(0xFF);
smbPkt.setParameter(1, 0); // AndX offset
smbPkt.setParameter(2, fid);
smbPkt.setParameter(3, 0); // file attributes
smbPkt.setParameter(4, 0); // last write time
smbPkt.setParameter(5, 0); // last write date
smbPkt.setParameterLong(6, 0); // file size
smbPkt.setParameter(8, 0);
smbPkt.setParameter(9, 0);
smbPkt.setParameter(10, 0); // named pipe state
smbPkt.setParameter(11, 0);
smbPkt.setParameter(12, 0); // server FID (long)
smbPkt.setParameter(13, 0);
smbPkt.setParameter(14, 0);
smbPkt.setByteCount(0);
// Send the response packet
sess.sendResponseSMB(smbPkt);
}