📄 fileserver.cpp
字号:
}
//
// Fetch a reserved param
if(FAILED(pTokenizer->GetDWORD(&ulReserved))) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV: SMB_Trans2_Query_Path_Information -- not enough memory in request -- sending back request for more"));
goto Error;
}
//
// Fetch the filename (STRING)
if(TRUE == pMyConnection->SupportsUnicode(pSMB->pInSMB)) {
WCHAR *pFileName = NULL;
if(FAILED(pTokenizer->GetUnicodeString(&pFileName))) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV-CRACKER: SMB_Trans2_Query_Path_Information -- couldnt find filename!!"));
dwRet = ERROR_CODE(STATUS_INTERNAL_ERROR);
goto Done;
}
FileName.append(pFileName);
} else {
CHAR *pFileName = NULL;
if(FAILED(pTokenizer->GetString(&pFileName))) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV-CRACKER: SMB_Trans2_Query_Path_Information -- couldnt find filename!!"));
dwRet = ERROR_CODE(STATUS_INTERNAL_ERROR);
goto Done;
}
//
// Check that we have the right string type
if(0x04 != *pFileName) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV-CRACKER: SMB_Trans2_Query_Path_Information -- invalid string type!"));
dwRet = ERROR_CODE(STATUS_INTERNAL_ERROR);
goto Done;
}
//
// Advance beyond the 0x04 header
pFileName ++;
FileName.append(pFileName);
}
//
// Find a share state and then get the file info
if(FAILED(pMyConnection->FindTIDState(usTid, pTIDState, SEC_READ)) || !pTIDState) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV: SMB_Trans2_Query_Path_Information -- couldnt find share state!!"));
goto Error;
}
if(FAILED(FullPath.append(pTIDState->GetShare()->GetDirectoryName()))) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV: SMB_Trans2_Query_Path_Information -- putting root on filename FAILED!!"));
goto Error;
}
if(FAILED(FullPath.append(FileName.GetString()))) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV: SMB_Trans2_Query_Path_Information -- putting file on filename FAILED!!"));
goto Error;
}
if(FAILED(pTIDState->GetShare()->IsValidPath(FullPath.GetString()))) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV: SMB_Trans2_Query_Path_Information -- someone may be hacking us!! failing request"));
ASSERT(FALSE);
goto Error;
}
//
// Find the file & fill in its values
hFileHand = FindFirstFile(FullPath.GetString(), &w32FindData);
if(INVALID_HANDLE_VALUE == hFileHand) {
TRACEMSG(ZONE_FILES, (L"SMBSRV: SMB_Trans2_Query_Path_Information -- could not find file %s (%d)!!", FullPath.GetString(), GetLastError()));
DWORD dwGLE = GetLastError();
//
// because we are using FFF it will give us NO_MORE_FILEs if the file doesnt
// exist, map this to file not found
if(ERROR_NO_MORE_FILES == dwGLE) {
dwRet = ERROR_CODE(STATUS_OBJECT_NAME_NOT_FOUND);
} else {
dwRet = ConvertGLEToError(dwGLE, pSMB);
}
goto ErrorSet;
}
FindClose(hFileHand);
switch(wLevel) {
case SMB_QUERY_FILE_EA_INFO_ID: //0x0103
{
SMB_QUERY_FILE_EA_INFO *pQueryResponse = NULL;
SMB_QUERY_FILE_EA_INFO QueryResponse;
if(FAILED(RAPI.ReserveParams(0, (BYTE**)&pQueryResponse)))
goto Error;
if(FAILED(RAPI.ReserveBlock(sizeof(SMB_QUERY_FILE_EA_INFO), (BYTE**)&pQueryResponse)))
goto Error;
QueryResponse.EASize = 0;
memcpy(pQueryResponse, &QueryResponse, sizeof(SMB_QUERY_FILE_EA_INFO));
dwRet = 0;
break;
}
case SMB_QUERY_FILE_STANDARD_INFO_ID: //0x0102
{
SMB_QUERY_FILE_STANDARD_INFO *pQueryResponse = NULL;
SMB_QUERY_FILE_STANDARD_INFO QueryResponse;
if(FAILED(RAPI.ReserveParams(0, (BYTE**)&pQueryResponse)))
goto Error;
if(FAILED(RAPI.ReserveBlock(sizeof(SMB_QUERY_FILE_STANDARD_INFO), (BYTE**)&pQueryResponse)))
goto Error;
QueryResponse.AllocationSize.LowPart= w32FindData.nFileSizeLow;
QueryResponse.AllocationSize.HighPart= w32FindData.nFileSizeHigh;
QueryResponse.EndofFile.LowPart= w32FindData.nFileSizeLow;
QueryResponse.EndofFile.HighPart= w32FindData.nFileSizeHigh;
QueryResponse.NumberOfLinks = 0;
QueryResponse.DeletePending = FALSE;
QueryResponse.Directory = (w32FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)?TRUE:FALSE;
memcpy(pQueryResponse, &QueryResponse, sizeof(SMB_QUERY_FILE_STANDARD_INFO));
dwRet = 0;
break;
}
case SMB_QUERY_FILE_BASIC_INFO_ID: //0x0101
{
SMB_FILE_BASIC_INFO *pQueryResponse = NULL;
SMB_FILE_BASIC_INFO QueryResponse;
WORD attributes;
if(FAILED(RAPI.ReserveParams(0, (BYTE**)&pQueryResponse)))
goto Error;
if(FAILED(RAPI.ReserveBlock(sizeof(SMB_FILE_BASIC_INFO), (BYTE**)&pQueryResponse)))
goto Error;
attributes = Win32AttributeToDos(w32FindData.dwFileAttributes);
QueryResponse.CreationTime.LowPart = w32FindData.ftCreationTime.dwLowDateTime;
QueryResponse.CreationTime.HighPart = w32FindData.ftCreationTime.dwHighDateTime;
QueryResponse.LastAccessTime.LowPart = w32FindData.ftLastAccessTime.dwLowDateTime;
QueryResponse.LastAccessTime.HighPart = w32FindData.ftLastAccessTime.dwHighDateTime;
QueryResponse.LastWriteTime.LowPart = w32FindData.ftLastWriteTime.dwLowDateTime;
QueryResponse.LastWriteTime.HighPart = w32FindData.ftLastWriteTime.dwHighDateTime;
QueryResponse.ChangeTime.LowPart = w32FindData.ftLastWriteTime.dwLowDateTime;
QueryResponse.ChangeTime.HighPart = w32FindData.ftLastWriteTime.dwHighDateTime;
QueryResponse.Attributes = attributes;
memcpy(pQueryResponse, &QueryResponse, sizeof(SMB_FILE_BASIC_INFO));
dwRet = 0;
break;
}
case SMB_QUERY_FILE_ALL_INFO_ID: //0x0107
{
SMB_QUERY_FILE_ALL_INFO QueryResponse;
SMB_QUERY_FILE_ALL_INFO *pQueryResponse = NULL;
WORD attributes;
ULONG ulFileOffset = 0;
UINT uiFileNameLen = 0;
ce::smart_ptr<FileObject> pMyFile = NULL;
BYTE *pFileName = NULL;
if(FAILED(RAPI.ReserveParams(0, (BYTE**)&pQueryResponse)))
goto Error;
if(FAILED(RAPI.ReserveBlock(sizeof(SMB_QUERY_FILE_ALL_INFO), (BYTE**)&pQueryResponse)))
goto Error;
StringConverter myString;
myString.append(w32FindData.cFileName);
pFileName = myString.NewSTRING(&uiFileNameLen, pMyConnection->SupportsUnicode(pSMB->pInSMB));
if(NULL == pFileName) {
StringConverter myString;
myString.append(L"");
pFileName = myString.NewSTRING(&uiFileNameLen, pMyConnection->SupportsUnicode(pSMB->pInSMB));
}
attributes = Win32AttributeToDos(w32FindData.dwFileAttributes);
QueryResponse.CreationTime.LowPart = w32FindData.ftCreationTime.dwLowDateTime;
QueryResponse.CreationTime.HighPart = w32FindData.ftCreationTime.dwHighDateTime;
QueryResponse.LastAccessTime.LowPart = w32FindData.ftLastAccessTime.dwLowDateTime;
QueryResponse.LastAccessTime.HighPart = w32FindData.ftLastAccessTime.dwHighDateTime;
QueryResponse.LastWriteTime.LowPart = w32FindData.ftLastWriteTime.dwLowDateTime;
QueryResponse.LastWriteTime.HighPart = w32FindData.ftLastWriteTime.dwHighDateTime;
QueryResponse.ChangeTime.LowPart = w32FindData.ftLastWriteTime.dwLowDateTime;
QueryResponse.ChangeTime.HighPart = w32FindData.ftLastWriteTime.dwHighDateTime;
QueryResponse.Attributes = attributes;
QueryResponse.AllocationSize.HighPart = w32FindData.nFileSizeHigh;
QueryResponse.AllocationSize.LowPart = w32FindData.nFileSizeLow;
//
//BUGBUG: dont know what these ARE!
QueryResponse.EndOfFile.QuadPart = 0;
//LARGE_INTEGER EndOfFile;
QueryResponse.NumberOfLinks = 0;
//ULONG NumberOfLinks;
QueryResponse.DeletePending = FALSE;
QueryResponse.Directory = (attributes & FILE_ATTRIBUTE_DIRECTORY)?TRUE:FALSE;
QueryResponse.Index_Num.QuadPart = 0;
QueryResponse.EASize = 0; //we dont support extended attributes
QueryResponse.AccessFlags = QFI_FILE_READ_DATA |
QFI_FILE_WRITE_DATA |
QFI_FILE_APPEND_DATA |
QFI_FILE_READ_ATTRIBUTES |
QFI_FILE_WRITE_ATTRIBUTES |
QFI_DELETE;
QueryResponse.IndexNumber.QuadPart = 0;
QueryResponse.CurrentByteOffset.QuadPart = ulFileOffset;
QueryResponse.Mode = QFI_FILE_WRITE_THROUGH;
QueryResponse.AlignmentRequirement = 0;
QueryResponse.FileNameLength = uiFileNameLen;
memcpy(pQueryResponse, &QueryResponse, sizeof(SMB_QUERY_FILE_ALL_INFO));
BYTE *pFileInBlob = NULL;
if(FAILED(RAPI.ReserveBlock(uiFileNameLen, (BYTE**)&pFileInBlob)))
goto Error;
ASSERT(pFileInBlob == (BYTE*)(pQueryResponse+1));
memcpy(pFileInBlob, pFileName, uiFileNameLen);
break;
}
default:
TRACEMSG(ZONE_ERROR, (L"SMBSRV: TRANACT -- unknown Trans2 query for SMB_Trans2_Query_Path_Information %d", wLevel));
//
// Mark that we are using NT status codes
dwRet = ERROR_CODE(STATUS_INVALID_LEVEL);
goto ErrorSet;
}
dwRet = 0;
goto Done;
Error:
dwRet = ERROR_CODE(STATUS_INVALID_LEVEL);
ErrorSet:
{
BYTE *pTempBuf = (BYTE *)(pResponse+1);
*pTempBuf = 0;
*(pTempBuf+1) = 0;
*(pTempBuf+2) = 0;
*puiUsed = 3;
ASSERT(0 != dwRet);
}
Done:
//
// On error just return that error
if(0 != dwRet)
return dwRet;
//fill out response SMB
memset(pResponse, 0, sizeof(SMB_COM_TRANSACTION2_SERVER_RESPONSE));
//word count is 3 bytes (1=WordCount 2=ByteCount) less than the response
pResponse->WordCount = (sizeof(SMB_COM_TRANSACTION2_SERVER_RESPONSE) - 3) / sizeof(WORD);
pResponse->TotalParameterCount = RAPI.ParamBytesUsed();
pResponse->TotalDataCount = RAPI.DataBytesUsed();
pResponse->ParameterCount = RAPI.ParamBytesUsed();
pResponse->ParameterOffset = RAPI.ParamOffset((BYTE *)_pRawResponse->pSMBHeader);
pResponse->ParameterDisplacement = 0;
pResponse->DataCount = RAPI.DataBytesUsed();
pResponse->DataOffset = RAPI.DataOffset((BYTE *)_pRawResponse->pSMBHeader);
pResponse->DataDisplacement = 0;
pResponse->SetupCount = 0;
pResponse->ByteCount = RAPI.TotalBytesUsed();
ASSERT(10 == pResponse->WordCount);
//set the number of bytes we used
*puiUsed = RAPI.TotalBytesUsed() + sizeof(SMB_COM_TRANSACTION2_SERVER_RESPONSE);
return dwRet;
}
DWORD SMB_Trans2_Find_First(USHORT usTid,
SMB_COM_TRANSACTION2_CLIENT_REQUEST *pRequest,
StringTokenizer *pTokenizer,
SMB_PROCESS_CMD *_pRawResponse,
SMB_COM_TRANSACTION2_SERVER_RESPONSE *pResponse,
SMB_PACKET *pSMB,
UINT *puiUsed)
{
DWORD dwRet = 0;
SMB_TRANS2_FIND_FIRST2_CLIENT_REQUEST *pffRequest = NULL;
SMB_TRANS2_FIND_FIRST2_SERVER_RESPONSE *pffResponse = NULL;
StringConverter SearchString;
ce::smart_ptr<TIDState> pTIDState;
USHORT usSID = 0xFFFF;
SMB_FIND_FILE_BOTH_DIRECTORY_INFO_STRUCT *pPrevFile = NULL;
ce::smart_ptr<ActiveConnection> pMyConnection = NULL;
ULONG uiResumeKeySize = 0;
BOOL fUsingUnicode = FALSE;
HRESULT hr = E_FAIL;
RAPIBuilder MYRAPIBuilder((BYTE *)(pResponse+1),
_pRawResponse->uiDataSize-sizeof(SMB_COM_TRANSACTION2_SERVER_RESPONSE),
pRequest->MaxParameterCount,
pRequest->MaxDataCount);
//
// Make sure we have some memory to give an answer in
if(FAILED(MYRAPIBuilder.ReserveParams(sizeof(SMB_TRANS2_FIND_FIRST2_SERVER_RESPONSE), (BYTE**)&pffResponse))) {
TRACEMSG(ZONE_ERROR, (L"SMBSRV: TRANACT -- not enough memory in request -- sending back request for more"));
dwRet = ERROR_CODE(STATUS_INTERNAL_ERROR);
goto Done;
}
//
// Get the TRANS2 Find First 2 structure
if(FAILED(pTokenizer->GetByteArray((BYTE **)&pffRequest, sizeof(SMB_TRANS2_FIND_FIRST2_CLIENT_REQUEST)))) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -