1996-05-04 07:50:46 +00:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
1996-05-04 07:50:46 +00:00
Inter - process communication and named pipe handling
1998-01-22 13:27:43 +00:00
Copyright ( C ) Andrew Tridgell 1992 - 1998
1997-07-09 11:04:45 +00:00
SMB Version handling
1998-01-22 13:27:43 +00:00
Copyright ( C ) John H Terpstra 1995 - 1998
1996-05-04 07:50:46 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
/*
This file handles the named pipe and mailslot calls
in the SMBtrans protocol
*/
# include "includes.h"
1997-02-28 20:39:36 +00:00
extern int max_send ;
1996-05-04 07:50:46 +00:00
# define NERR_notsupported 50
1997-11-18 23:30:49 +00:00
extern int smb_read_error ;
1996-05-04 07:50:46 +00:00
1998-03-11 21:11:04 +00:00
/*******************************************************************
copies parameters and data , as needed , into the smb buffer
* both * the data and params sections should be aligned . this
is fudged in the rpc pipes by
at present , only the data section is . this may be a possible
cause of some of the ipc problems being experienced . lkcl26dec97
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-12-13 13:27:58 +00:00
1998-03-11 21:11:04 +00:00
static void copy_trans_params_and_data ( char * outbuf , int align ,
1999-12-13 13:27:58 +00:00
char * rparam , int param_offset , int param_len ,
char * rdata , int data_offset , int data_len )
1998-03-11 21:11:04 +00:00
{
1998-09-03 05:37:15 +00:00
char * copy_into = smb_buf ( outbuf ) + 1 ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
if ( param_len < 0 )
param_len = 0 ;
if ( data_len < 0 )
data_len = 0 ;
1998-03-11 21:11:04 +00:00
DEBUG ( 5 , ( " copy_trans_params_and_data: params[%d..%d] data[%d..%d] \n " ,
param_offset , param_offset + param_len ,
data_offset , data_offset + data_len ) ) ;
1999-12-13 13:27:58 +00:00
if ( param_len )
memcpy ( copy_into , & rparam [ param_offset ] , param_len ) ;
1998-03-11 21:11:04 +00:00
copy_into + = param_len + align ;
1999-12-13 13:27:58 +00:00
if ( data_len )
memcpy ( copy_into , & rdata [ data_offset ] , data_len ) ;
1998-03-11 21:11:04 +00:00
}
1996-05-04 07:50:46 +00:00
/****************************************************************************
1999-12-13 13:27:58 +00:00
Send a trans reply .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-04-19 07:00:22 +00:00
void send_trans_reply ( char * outbuf ,
1999-12-13 13:27:58 +00:00
char * rparam , int rparam_len ,
char * rdata , int rdata_len ,
BOOL buffer_too_large )
1996-05-04 07:50:46 +00:00
{
1998-03-11 21:11:04 +00:00
int this_ldata , this_lparam ;
1999-12-13 13:27:58 +00:00
int tot_data_sent = 0 ;
int tot_param_sent = 0 ;
1998-03-11 21:11:04 +00:00
int align ;
1999-12-13 13:27:58 +00:00
int ldata = rdata ? rdata_len : 0 ;
int lparam = rparam ? rparam_len : 0 ;
1998-03-11 21:11:04 +00:00
if ( buffer_too_large )
1999-12-13 13:27:58 +00:00
DEBUG ( 5 , ( " send_trans_reply: buffer %d too large \n " , ldata ) ) ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
this_lparam = MIN ( lparam , max_send - 500 ) ; /* hack */
this_ldata = MIN ( ldata , max_send - ( 500 + this_lparam ) ) ;
1996-05-04 07:50:46 +00:00
1998-09-03 05:37:15 +00:00
align = ( ( this_lparam ) % 4 ) ;
1996-05-04 07:50:46 +00:00
2001-08-27 08:19:43 +00:00
if ( buffer_too_large ) {
2003-10-21 23:14:41 +00:00
ERROR_BOTH ( STATUS_BUFFER_OVERFLOW , ERRDOS , ERRmoredata ) ;
1998-03-11 21:11:04 +00:00
}
2001-08-27 08:19:43 +00:00
set_message ( outbuf , 10 , 1 + align + this_ldata + this_lparam , True ) ;
1998-03-11 21:11:04 +00:00
copy_trans_params_and_data ( outbuf , align ,
1999-12-13 13:27:58 +00:00
rparam , tot_param_sent , this_lparam ,
rdata , tot_data_sent , this_ldata ) ;
1998-03-11 21:11:04 +00:00
SSVAL ( outbuf , smb_vwv0 , lparam ) ;
SSVAL ( outbuf , smb_vwv1 , ldata ) ;
SSVAL ( outbuf , smb_vwv3 , this_lparam ) ;
1998-09-03 05:37:15 +00:00
SSVAL ( outbuf , smb_vwv4 , smb_offset ( smb_buf ( outbuf ) + 1 , outbuf ) ) ;
1998-03-11 21:11:04 +00:00
SSVAL ( outbuf , smb_vwv5 , 0 ) ;
SSVAL ( outbuf , smb_vwv6 , this_ldata ) ;
1998-09-03 05:37:15 +00:00
SSVAL ( outbuf , smb_vwv7 , smb_offset ( smb_buf ( outbuf ) + 1 + this_lparam + align , outbuf ) ) ;
1998-03-11 21:11:04 +00:00
SSVAL ( outbuf , smb_vwv8 , 0 ) ;
1999-12-13 13:27:58 +00:00
SSVAL ( outbuf , smb_vwv9 , 0 ) ;
1998-03-11 21:11:04 +00:00
show_msg ( outbuf ) ;
2001-06-09 01:38:54 +00:00
if ( ! send_smb ( smbd_server_fd ( ) , outbuf ) )
2001-11-05 00:02:38 +00:00
exit_server ( " send_trans_reply: send_smb failed. " ) ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
tot_data_sent = this_ldata ;
tot_param_sent = this_lparam ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
while ( tot_data_sent < ldata | | tot_param_sent < lparam )
1998-03-11 21:11:04 +00:00
{
1999-12-13 13:27:58 +00:00
this_lparam = MIN ( lparam - tot_param_sent , max_send - 500 ) ; /* hack */
this_ldata = MIN ( ldata - tot_data_sent , max_send - ( 500 + this_lparam ) ) ;
if ( this_lparam < 0 )
this_lparam = 0 ;
if ( this_ldata < 0 )
this_ldata = 0 ;
1998-03-11 21:11:04 +00:00
align = ( this_lparam % 4 ) ;
1998-09-03 05:37:15 +00:00
set_message ( outbuf , 10 , 1 + this_ldata + this_lparam + align , False ) ;
1998-03-11 21:11:04 +00:00
copy_trans_params_and_data ( outbuf , align ,
2003-04-14 03:48:26 +00:00
rparam , tot_param_sent , this_lparam ,
rdata , tot_data_sent , this_ldata ) ;
1998-03-11 21:11:04 +00:00
SSVAL ( outbuf , smb_vwv3 , this_lparam ) ;
1998-09-03 05:37:15 +00:00
SSVAL ( outbuf , smb_vwv4 , smb_offset ( smb_buf ( outbuf ) + 1 , outbuf ) ) ;
1999-12-13 13:27:58 +00:00
SSVAL ( outbuf , smb_vwv5 , tot_param_sent ) ;
1998-03-11 21:11:04 +00:00
SSVAL ( outbuf , smb_vwv6 , this_ldata ) ;
1998-09-03 05:37:15 +00:00
SSVAL ( outbuf , smb_vwv7 , smb_offset ( smb_buf ( outbuf ) + 1 + this_lparam + align , outbuf ) ) ;
1999-12-13 13:27:58 +00:00
SSVAL ( outbuf , smb_vwv8 , tot_data_sent ) ;
1998-03-11 21:11:04 +00:00
SSVAL ( outbuf , smb_vwv9 , 0 ) ;
show_msg ( outbuf ) ;
2001-06-09 01:38:54 +00:00
if ( ! send_smb ( smbd_server_fd ( ) , outbuf ) )
2001-11-05 00:02:38 +00:00
exit_server ( " send_trans_reply: send_smb failed. " ) ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
tot_data_sent + = this_ldata ;
tot_param_sent + = this_lparam ;
1998-03-11 21:11:04 +00:00
}
1996-05-04 07:50:46 +00:00
}
1999-12-13 13:27:58 +00:00
/****************************************************************************
Start the first part of an RPC reply which began with an SMBtrans request .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-01-20 02:40:05 +00:00
static BOOL api_rpc_trans_reply ( char * outbuf , smb_np_struct * p )
1998-03-11 21:11:04 +00:00
{
2002-01-20 02:40:05 +00:00
BOOL is_data_outstanding ;
2005-06-24 20:25:18 +00:00
char * rdata = ( char * ) SMB_MALLOC ( p - > max_trans_reply ) ;
1999-12-13 13:27:58 +00:00
int data_len ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
if ( rdata = = NULL ) {
DEBUG ( 0 , ( " api_rpc_trans_reply: malloc fail. \n " ) ) ;
return False ;
1998-03-11 21:11:04 +00:00
}
1999-12-13 13:27:58 +00:00
2002-01-20 02:40:05 +00:00
if ( ( data_len = read_from_pipe ( p , rdata , p - > max_trans_reply ,
& is_data_outstanding ) ) < 0 ) {
2001-09-17 11:25:41 +00:00
SAFE_FREE ( rdata ) ;
1999-12-13 13:27:58 +00:00
return False ;
}
2002-01-20 02:40:05 +00:00
send_trans_reply ( outbuf , NULL , 0 , rdata , data_len , is_data_outstanding ) ;
1999-12-13 13:27:58 +00:00
2001-09-17 11:25:41 +00:00
SAFE_FREE ( rdata ) ;
1999-12-13 13:27:58 +00:00
return True ;
1998-03-11 21:11:04 +00:00
}
1998-10-15 05:47:29 +00:00
/****************************************************************************
WaitNamedPipeHandleState
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-12-13 13:27:58 +00:00
2002-01-20 02:40:05 +00:00
static BOOL api_WNPHS ( char * outbuf , smb_np_struct * p , char * param , int param_len )
1998-10-15 05:47:29 +00:00
{
uint16 priority ;
1999-12-13 13:27:58 +00:00
if ( ! param | | param_len < 2 )
return False ;
1998-10-15 05:47:29 +00:00
1999-12-13 13:27:58 +00:00
priority = SVAL ( param , 0 ) ;
1998-10-15 05:47:29 +00:00
DEBUG ( 4 , ( " WaitNamedPipeHandleState priority %x \n " , priority ) ) ;
1999-12-13 13:27:58 +00:00
if ( wait_rpc_pipe_hnd_state ( p , priority ) ) {
1998-10-15 05:47:29 +00:00
/* now send the reply */
1999-12-13 13:27:58 +00:00
send_trans_reply ( outbuf , NULL , 0 , NULL , 0 , False ) ;
1998-10-15 05:47:29 +00:00
return True ;
}
return False ;
}
1998-03-11 21:11:04 +00:00
/****************************************************************************
SetNamedPipeHandleState
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-12-13 13:27:58 +00:00
2002-01-20 02:40:05 +00:00
static BOOL api_SNPHS ( char * outbuf , smb_np_struct * p , char * param , int param_len )
1998-03-11 21:11:04 +00:00
{
uint16 id ;
1999-12-13 13:27:58 +00:00
if ( ! param | | param_len < 2 )
return False ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
id = SVAL ( param , 0 ) ;
1998-10-15 05:47:29 +00:00
DEBUG ( 4 , ( " SetNamedPipeHandleState to code %x \n " , id ) ) ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
if ( set_rpc_pipe_hnd_state ( p , id ) ) {
1998-03-11 21:11:04 +00:00
/* now send the reply */
1999-12-13 13:27:58 +00:00
send_trans_reply ( outbuf , NULL , 0 , NULL , 0 , False ) ;
1998-03-11 21:11:04 +00:00
return True ;
}
return False ;
1996-08-15 15:11:34 +00:00
}
1998-03-11 21:11:04 +00:00
/****************************************************************************
1999-12-13 13:27:58 +00:00
When no reply is generated , indicate unsupported .
1998-03-11 21:11:04 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-12-13 13:27:58 +00:00
1998-03-11 21:11:04 +00:00
static BOOL api_no_reply ( char * outbuf , int max_rdata_len )
{
1999-12-13 13:27:58 +00:00
char rparam [ 4 ] ;
1998-03-11 21:11:04 +00:00
/* unsupported */
1999-12-13 13:27:58 +00:00
SSVAL ( rparam , 0 , NERR_notsupported ) ;
SSVAL ( rparam , 2 , 0 ) ; /* converter word */
1998-03-11 21:11:04 +00:00
DEBUG ( 3 , ( " Unsupported API fd command \n " ) ) ;
/* now send the reply */
1999-12-13 13:27:58 +00:00
send_trans_reply ( outbuf , rparam , 4 , NULL , 0 , False ) ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
return - 1 ;
1998-03-11 21:11:04 +00:00
}
/****************************************************************************
1999-12-13 13:27:58 +00:00
Handle remote api calls delivered to a named pipe already opened .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-08-14 17:38:29 +00:00
static int api_fd_reply ( connection_struct * conn , uint16 vuid , char * outbuf ,
1998-03-11 21:11:04 +00:00
uint16 * setup , char * data , char * params ,
int suwcnt , int tdscnt , int tpscnt , int mdrcnt , int mprcnt )
{
1999-12-13 13:27:58 +00:00
BOOL reply = False ;
2002-01-20 02:40:05 +00:00
smb_np_struct * p = NULL ;
1999-12-13 13:27:58 +00:00
int pnum ;
int subcommand ;
1998-03-11 21:11:04 +00:00
DEBUG ( 5 , ( " api_fd_reply \n " ) ) ;
/* First find out the name of this file. */
1999-12-13 13:27:58 +00:00
if ( suwcnt ! = 2 ) {
1998-03-11 21:11:04 +00:00
DEBUG ( 0 , ( " Unexpected named pipe transaction. \n " ) ) ;
2005-01-18 22:40:49 +00:00
return ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
1998-03-11 21:11:04 +00:00
}
/* Get the file handle and hence the file name. */
1999-12-13 13:27:58 +00:00
/*
* NB . The setup array has already been transformed
* via SVAL and so is in gost byte order .
*/
pnum = ( ( int ) setup [ 1 ] ) & 0xFFFF ;
subcommand = ( ( int ) setup [ 0 ] ) & 0xFFFF ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
if ( ! ( p = get_rpc_pipe ( pnum ) ) ) {
2003-10-21 23:14:41 +00:00
if ( subcommand = = TRANSACT_WAITNAMEDPIPEHANDLESTATE ) {
/* Win9x does this call with a unicode pipe name, not a pnum. */
/* Just return success for now... */
DEBUG ( 3 , ( " Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name \n " ) ) ;
send_trans_reply ( outbuf , NULL , 0 , NULL , 0 , False ) ;
return - 1 ;
}
1999-12-13 13:27:58 +00:00
DEBUG ( 1 , ( " api_fd_reply: INVALID PIPE HANDLE: %x \n " , pnum ) ) ;
2005-01-18 22:40:49 +00:00
return ERROR_NT ( NT_STATUS_INVALID_HANDLE ) ;
1999-12-13 13:27:58 +00:00
}
1998-03-11 21:11:04 +00:00
2006-05-27 21:38:54 +00:00
if ( vuid ! = p - > vuid ) {
DEBUG ( 1 , ( " Got pipe request (pnum %x) using invalid VUID %d, "
" expected %d \n " , pnum , vuid , p - > vuid ) ) ;
return ERROR_NT ( NT_STATUS_INVALID_HANDLE ) ;
}
2004-03-09 21:47:49 +00:00
DEBUG ( 3 , ( " Got API command 0x%x on pipe \" %s \" (pnum %x) \n " , subcommand , p - > name , pnum ) ) ;
1998-03-11 21:11:04 +00:00
1999-12-13 13:27:58 +00:00
/* record maximum data length that can be transmitted in an SMBtrans */
p - > max_trans_reply = mdrcnt ;
1998-04-10 18:21:16 +00:00
1999-12-13 13:27:58 +00:00
DEBUG ( 10 , ( " api_fd_reply: p:%p max_trans_reply: %d \n " , p , p - > max_trans_reply ) ) ;
switch ( subcommand ) {
2002-11-07 14:46:24 +00:00
case TRANSACT_DCERPCCMD :
2000-03-09 21:45:16 +00:00
/* dce/rpc command */
reply = write_to_pipe ( p , data , tdscnt ) ;
1999-12-13 13:27:58 +00:00
if ( reply )
2000-03-09 21:45:16 +00:00
reply = api_rpc_trans_reply ( outbuf , p ) ;
1999-12-13 13:27:58 +00:00
break ;
2002-11-07 14:46:24 +00:00
case TRANSACT_WAITNAMEDPIPEHANDLESTATE :
1999-12-13 13:27:58 +00:00
/* Wait Named Pipe Handle state */
reply = api_WNPHS ( outbuf , p , params , tpscnt ) ;
break ;
2002-11-07 14:46:24 +00:00
case TRANSACT_SETNAMEDPIPEHANDLESTATE :
1999-12-13 13:27:58 +00:00
/* Set Named Pipe Handle state */
reply = api_SNPHS ( outbuf , p , params , tpscnt ) ;
break ;
2005-01-18 22:40:49 +00:00
default :
return ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
1998-03-11 21:11:04 +00:00
}
if ( ! reply )
return api_no_reply ( outbuf , mdrcnt ) ;
1999-12-13 13:27:58 +00:00
1998-03-11 21:11:04 +00:00
return - 1 ;
}
1996-08-15 15:11:34 +00:00
1996-05-04 07:50:46 +00:00
/****************************************************************************
handle named pipe commands
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-08-14 17:38:29 +00:00
static int named_pipe ( connection_struct * conn , uint16 vuid , char * outbuf , char * name ,
1996-05-04 07:50:46 +00:00
uint16 * setup , char * data , char * params ,
int suwcnt , int tdscnt , int tpscnt ,
int msrcnt , int mdrcnt , int mprcnt )
{
1997-10-24 13:15:34 +00:00
DEBUG ( 3 , ( " named pipe command on <%s> name \n " , name ) ) ;
1996-05-04 07:50:46 +00:00
1997-10-22 18:37:43 +00:00
if ( strequal ( name , " LANMAN " ) )
1998-08-14 17:38:29 +00:00
return api_reply ( conn , vuid , outbuf , data , params , tdscnt , tpscnt , mdrcnt , mprcnt ) ;
1996-05-04 07:50:46 +00:00
1998-10-15 05:47:29 +00:00
if ( strequal ( name , " WKSSVC " ) | |
strequal ( name , " SRVSVC " ) | |
strequal ( name , " WINREG " ) | |
strequal ( name , " SAMR " ) | |
strequal ( name , " LSARPC " ) )
{
DEBUG ( 4 , ( " named pipe command from Win95 (wow!) \n " ) ) ;
return api_fd_reply ( conn , vuid , outbuf , setup , data , params , suwcnt , tdscnt , tpscnt , mdrcnt , mprcnt ) ;
}
1997-10-22 18:37:43 +00:00
if ( strlen ( name ) < 1 )
1998-08-14 17:38:29 +00:00
return api_fd_reply ( conn , vuid , outbuf , setup , data , params , suwcnt , tdscnt , tpscnt , mdrcnt , mprcnt ) ;
1996-08-15 15:11:34 +00:00
1997-10-22 18:37:43 +00:00
if ( setup )
DEBUG ( 3 , ( " unknown named pipe: setup 0x%X setup1=%d \n " , ( int ) setup [ 0 ] , ( int ) setup [ 1 ] ) ) ;
1996-08-15 15:11:34 +00:00
1997-10-22 18:37:43 +00:00
return 0 ;
1996-05-04 07:50:46 +00:00
}
2006-04-10 15:33:04 +00:00
static NTSTATUS handle_trans ( connection_struct * conn ,
struct trans_state * state ,
char * outbuf , int * outsize )
{
char * local_machine_name ;
int name_offset = 0 ;
DEBUG ( 3 , ( " trans <%s> data=%u params=%u setup=%u \n " ,
2006-06-16 01:30:42 +00:00
state - > name , ( unsigned int ) state - > total_data , ( unsigned int ) state - > total_param ,
( unsigned int ) state - > setup_count ) ) ;
2006-04-10 15:33:04 +00:00
/*
* WinCE wierdness . . . .
*/
local_machine_name = talloc_asprintf ( state , " \\ %s \\ " ,
get_local_machine_name ( ) ) ;
if ( local_machine_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
if ( strnequal ( state - > name , local_machine_name ,
strlen ( local_machine_name ) ) ) {
name_offset = strlen ( local_machine_name ) - 1 ;
}
if ( ! strnequal ( & state - > name [ name_offset ] , " \\ PIPE " ,
strlen ( " \\ PIPE " ) ) ) {
return NT_STATUS_NOT_SUPPORTED ;
}
name_offset + = strlen ( " \\ PIPE " ) ;
/* Win9x weirdness. When talking to a unicode server Win9x
only sends \ PIPE instead of \ PIPE \ */
if ( state - > name [ name_offset ] = = ' \\ ' )
name_offset + + ;
DEBUG ( 5 , ( " calling named_pipe \n " ) ) ;
* outsize = named_pipe ( conn , state - > vuid , outbuf ,
state - > name + name_offset ,
state - > setup , state - > data ,
state - > param ,
state - > setup_count , state - > total_data ,
state - > total_param ,
state - > max_setup_return ,
state - > max_data_return ,
state - > max_param_return ) ;
if ( * outsize = = 0 ) {
return NT_STATUS_NOT_SUPPORTED ;
}
if ( state - > close_on_completion )
close_cnum ( conn , state - > vuid ) ;
return NT_STATUS_OK ;
}
1996-05-04 07:50:46 +00:00
/****************************************************************************
1999-12-13 13:27:58 +00:00
Reply to a SMBtrans .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-04-10 15:33:04 +00:00
int reply_trans ( connection_struct * conn , char * inbuf , char * outbuf ,
int size , int bufsize )
1998-08-14 17:38:29 +00:00
{
int outsize = 0 ;
2006-04-10 15:33:04 +00:00
unsigned int dsoff = SVAL ( inbuf , smb_dsoff ) ;
unsigned int dscnt = SVAL ( inbuf , smb_dscnt ) ;
unsigned int psoff = SVAL ( inbuf , smb_psoff ) ;
unsigned int pscnt = SVAL ( inbuf , smb_pscnt ) ;
struct trans_state * state ;
NTSTATUS result ;
2000-10-11 05:31:39 +00:00
START_PROFILE ( SMBtrans ) ;
1998-08-14 17:38:29 +00:00
2006-04-26 09:43:39 +00:00
result = allow_new_trans ( conn - > pending_trans , SVAL ( inbuf , smb_mid ) ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
2006-04-10 15:33:04 +00:00
DEBUG ( 2 , ( " Got invalid trans request: %s \n " ,
nt_errstr ( result ) ) ) ;
END_PROFILE ( SMBtrans ) ;
return ERROR_NT ( result ) ;
}
1998-08-14 17:38:29 +00:00
2006-04-10 15:33:04 +00:00
if ( ( state = TALLOC_P ( NULL , struct trans_state ) ) = = NULL ) {
DEBUG ( 0 , ( " talloc failed \n " ) ) ;
END_PROFILE ( SMBtrans ) ;
return ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
}
state - > cmd = SMBtrans ;
state - > mid = SVAL ( inbuf , smb_mid ) ;
state - > vuid = SVAL ( inbuf , smb_uid ) ;
state - > setup_count = CVAL ( inbuf , smb_suwcnt ) ;
state - > total_param = SVAL ( inbuf , smb_tpscnt ) ;
state - > param = NULL ;
state - > total_data = SVAL ( inbuf , smb_tdscnt ) ;
state - > data = NULL ;
state - > max_param_return = SVAL ( inbuf , smb_mprcnt ) ;
state - > max_data_return = SVAL ( inbuf , smb_mdrcnt ) ;
state - > max_setup_return = CVAL ( inbuf , smb_msrcnt ) ;
state - > close_on_completion = BITSETW ( inbuf + smb_vwv5 , 0 ) ;
state - > one_way = BITSETW ( inbuf + smb_vwv5 , 1 ) ;
memset ( state - > name , ' \0 ' , sizeof ( state - > name ) ) ;
srvstr_pull_buf ( inbuf , state - > name , smb_buf ( inbuf ) ,
sizeof ( state - > name ) , STR_TERMINATE ) ;
if ( ( dscnt > state - > total_data ) | | ( pscnt > state - > total_param ) )
2003-03-07 00:30:47 +00:00
goto bad_param ;
2006-04-10 15:33:04 +00:00
if ( state - > total_data ) {
/* Can't use talloc here, the core routines do realloc on the
* params and data . */
state - > data = SMB_MALLOC ( state - > total_data ) ;
if ( state - > data = = NULL ) {
DEBUG ( 0 , ( " reply_trans: data malloc fail for %u "
2006-06-16 01:30:42 +00:00
" bytes ! \n " , ( unsigned int ) state - > total_data ) ) ;
2006-04-10 15:33:04 +00:00
TALLOC_FREE ( state ) ;
2000-10-11 05:31:39 +00:00
END_PROFILE ( SMBtrans ) ;
2001-08-27 08:19:43 +00:00
return ( ERROR_DOS ( ERRDOS , ERRnomem ) ) ;
1998-10-08 06:49:00 +00:00
}
2003-03-07 00:30:47 +00:00
if ( ( dsoff + dscnt < dsoff ) | | ( dsoff + dscnt < dscnt ) )
goto bad_param ;
2003-10-16 20:44:43 +00:00
if ( ( smb_base ( inbuf ) + dsoff + dscnt > inbuf + size ) | |
2006-04-10 15:33:04 +00:00
( smb_base ( inbuf ) + dsoff + dscnt < smb_base ( inbuf ) ) )
2003-03-07 00:30:47 +00:00
goto bad_param ;
2006-04-10 15:33:04 +00:00
memcpy ( state - > data , smb_base ( inbuf ) + dsoff , dscnt ) ;
1998-08-14 17:38:29 +00:00
}
1996-05-04 07:50:46 +00:00
2006-04-10 15:33:04 +00:00
if ( state - > total_param ) {
/* Can't use talloc here, the core routines do realloc on the
* params and data . */
state - > param = SMB_MALLOC ( state - > total_param ) ;
if ( state - > param = = NULL ) {
DEBUG ( 0 , ( " reply_trans: param malloc fail for %u "
2006-06-16 01:30:42 +00:00
" bytes ! \n " , ( unsigned int ) state - > total_param ) ) ;
2006-04-10 15:33:04 +00:00
SAFE_FREE ( state - > data ) ;
TALLOC_FREE ( state ) ;
2000-10-11 05:31:39 +00:00
END_PROFILE ( SMBtrans ) ;
2001-08-27 08:19:43 +00:00
return ( ERROR_DOS ( ERRDOS , ERRnomem ) ) ;
1998-10-08 06:49:00 +00:00
}
2003-03-07 00:30:47 +00:00
if ( ( psoff + pscnt < psoff ) | | ( psoff + pscnt < pscnt ) )
2003-10-16 20:44:43 +00:00
goto bad_param ;
if ( ( smb_base ( inbuf ) + psoff + pscnt > inbuf + size ) | |
2006-04-10 15:33:04 +00:00
( smb_base ( inbuf ) + psoff + pscnt < smb_base ( inbuf ) ) )
2003-03-07 00:30:47 +00:00
goto bad_param ;
2006-04-10 15:33:04 +00:00
memcpy ( state - > param , smb_base ( inbuf ) + psoff , pscnt ) ;
1998-08-14 17:38:29 +00:00
}
1996-05-04 07:50:46 +00:00
2006-04-10 15:33:04 +00:00
state - > received_data = dscnt ;
state - > received_param = pscnt ;
if ( state - > setup_count ) {
2003-03-18 11:18:27 +00:00
unsigned int i ;
2006-04-10 15:33:04 +00:00
if ( ( state - > setup = TALLOC_ARRAY (
state , uint16 , state - > setup_count ) ) = = NULL ) {
DEBUG ( 0 , ( " reply_trans: setup malloc fail for %u "
" bytes ! \n " , ( unsigned int )
( state - > setup_count * sizeof ( uint16 ) ) ) ) ;
TALLOC_FREE ( state ) ;
2003-03-07 00:30:47 +00:00
END_PROFILE ( SMBtrans ) ;
return ( ERROR_DOS ( ERRDOS , ERRnomem ) ) ;
}
2006-04-10 15:33:04 +00:00
if ( inbuf + smb_vwv14 + ( state - > setup_count * SIZEOFWORD ) >
inbuf + size )
2003-03-07 00:30:47 +00:00
goto bad_param ;
2006-04-10 15:33:04 +00:00
if ( ( smb_vwv14 + ( state - > setup_count * SIZEOFWORD ) < smb_vwv14 ) | |
( smb_vwv14 + ( state - > setup_count * SIZEOFWORD ) <
( state - > setup_count * SIZEOFWORD ) ) )
2003-03-07 00:30:47 +00:00
goto bad_param ;
2006-04-10 15:33:04 +00:00
for ( i = 0 ; i < state - > setup_count ; i + + )
state - > setup [ i ] = SVAL ( inbuf , smb_vwv14 + i * SIZEOFWORD ) ;
1998-08-14 17:38:29 +00:00
}
1996-05-04 07:50:46 +00:00
2006-04-10 15:33:04 +00:00
state - > received_param = pscnt ;
1996-05-04 07:50:46 +00:00
2006-04-10 15:33:04 +00:00
if ( ( state - > received_param = = state - > total_param ) & &
( state - > received_data = = state - > total_data ) ) {
2003-08-02 03:06:07 +00:00
2006-04-10 15:33:04 +00:00
result = handle_trans ( conn , state , outbuf , & outsize ) ;
SAFE_FREE ( state - > data ) ;
SAFE_FREE ( state - > param ) ;
TALLOC_FREE ( state ) ;
1996-06-10 05:16:19 +00:00
2006-04-10 15:33:04 +00:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2000-10-11 05:31:39 +00:00
END_PROFILE ( SMBtrans ) ;
2006-04-10 15:33:04 +00:00
return ERROR_NT ( result ) ;
1998-08-14 17:38:29 +00:00
}
1996-05-04 07:50:46 +00:00
2006-04-10 15:33:04 +00:00
if ( outsize = = 0 ) {
END_PROFILE ( SMBtrans ) ;
return ERROR_NT ( NT_STATUS_INTERNAL_ERROR ) ;
2003-03-07 00:30:47 +00:00
}
2006-04-10 15:33:04 +00:00
END_PROFILE ( SMBtrans ) ;
return outsize ;
1998-08-14 17:38:29 +00:00
}
2003-08-02 07:07:38 +00:00
2006-04-10 15:33:04 +00:00
DLIST_ADD ( conn - > pending_trans , state ) ;
2003-08-02 07:07:38 +00:00
2006-04-10 15:33:04 +00:00
/* We need to send an interim response then receive the rest
of the parameter / data bytes */
outsize = set_message ( outbuf , 0 , 0 , True ) ;
show_msg ( outbuf ) ;
END_PROFILE ( SMBtrans ) ;
return outsize ;
1998-10-15 00:55:17 +00:00
2006-04-10 15:33:04 +00:00
bad_param :
2005-02-01 20:43:14 +00:00
2006-04-10 15:33:04 +00:00
DEBUG ( 0 , ( " reply_trans: invalid trans parameters \n " ) ) ;
SAFE_FREE ( state - > data ) ;
SAFE_FREE ( state - > param ) ;
TALLOC_FREE ( state ) ;
END_PROFILE ( SMBtrans ) ;
return ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
}
/****************************************************************************
Reply to a secondary SMBtrans .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
int reply_transs ( connection_struct * conn , char * inbuf , char * outbuf ,
int size , int bufsize )
{
int outsize = 0 ;
unsigned int pcnt , poff , dcnt , doff , pdisp , ddisp ;
struct trans_state * state ;
NTSTATUS result ;
START_PROFILE ( SMBtranss ) ;
show_msg ( inbuf ) ;
for ( state = conn - > pending_trans ; state ! = NULL ;
state = state - > next ) {
if ( state - > mid = = SVAL ( inbuf , smb_mid ) ) {
break ;
}
2006-03-07 19:52:26 +00:00
}
2006-04-10 15:33:04 +00:00
if ( ( state = = NULL ) | | ( state - > cmd ! = SMBtrans ) ) {
END_PROFILE ( SMBtranss ) ;
return ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-03-07 19:52:26 +00:00
}
2006-04-10 15:33:04 +00:00
/* Revise total_params and total_data in case they have changed
* downwards */
1998-10-15 00:55:17 +00:00
2006-04-10 15:33:04 +00:00
if ( SVAL ( inbuf , smb_vwv0 ) < state - > total_param )
state - > total_param = SVAL ( inbuf , smb_vwv0 ) ;
if ( SVAL ( inbuf , smb_vwv1 ) < state - > total_data )
state - > total_data = SVAL ( inbuf , smb_vwv1 ) ;
2001-06-29 01:58:48 +00:00
2006-04-10 15:33:04 +00:00
pcnt = SVAL ( inbuf , smb_spscnt ) ;
poff = SVAL ( inbuf , smb_spsoff ) ;
pdisp = SVAL ( inbuf , smb_spsdisp ) ;
2001-06-29 01:58:48 +00:00
2006-04-10 15:33:04 +00:00
dcnt = SVAL ( inbuf , smb_sdscnt ) ;
doff = SVAL ( inbuf , smb_sdsoff ) ;
ddisp = SVAL ( inbuf , smb_sdsdisp ) ;
2001-06-29 01:58:48 +00:00
2006-04-10 15:33:04 +00:00
state - > received_param + = pcnt ;
state - > received_data + = dcnt ;
if ( ( state - > received_data > state - > total_data ) | |
( state - > received_param > state - > total_param ) )
goto bad_param ;
if ( pcnt ) {
if ( pdisp + pcnt > state - > total_param )
goto bad_param ;
if ( ( pdisp + pcnt < pdisp ) | | ( pdisp + pcnt < pcnt ) )
goto bad_param ;
if ( pdisp > state - > total_param )
goto bad_param ;
if ( ( smb_base ( inbuf ) + poff + pcnt > inbuf + size ) | |
( smb_base ( inbuf ) + poff + pcnt < smb_base ( inbuf ) ) )
goto bad_param ;
if ( state - > param + pdisp < state - > param )
goto bad_param ;
memcpy ( state - > param + pdisp , smb_base ( inbuf ) + poff ,
pcnt ) ;
1998-08-14 17:38:29 +00:00
}
1996-05-04 07:50:46 +00:00
2006-04-10 15:33:04 +00:00
if ( dcnt ) {
if ( ddisp + dcnt > state - > total_data )
goto bad_param ;
if ( ( ddisp + dcnt < ddisp ) | | ( ddisp + dcnt < dcnt ) )
goto bad_param ;
if ( ddisp > state - > total_data )
goto bad_param ;
if ( ( smb_base ( inbuf ) + doff + dcnt > inbuf + size ) | |
( smb_base ( inbuf ) + doff + dcnt < smb_base ( inbuf ) ) )
goto bad_param ;
if ( state - > data + ddisp < state - > data )
goto bad_param ;
2003-08-02 03:06:07 +00:00
2006-04-10 15:33:04 +00:00
memcpy ( state - > data + ddisp , smb_base ( inbuf ) + doff ,
dcnt ) ;
}
1996-05-04 07:50:46 +00:00
2006-04-10 15:33:04 +00:00
if ( ( state - > received_param < state - > total_param ) | |
( state - > received_data < state - > total_data ) ) {
END_PROFILE ( SMBtranss ) ;
return - 1 ;
2000-10-11 05:31:39 +00:00
}
2006-04-10 15:33:04 +00:00
/* construct_reply_common has done us the favor to pre-fill the
* command field with SMBtranss which is wrong : - )
*/
SCVAL ( outbuf , smb_com , SMBtrans ) ;
result = handle_trans ( conn , state , outbuf , & outsize ) ;
DLIST_REMOVE ( conn - > pending_trans , state ) ;
SAFE_FREE ( state - > data ) ;
SAFE_FREE ( state - > param ) ;
TALLOC_FREE ( state ) ;
if ( ( outsize = = 0 ) | | ! NT_STATUS_IS_OK ( result ) ) {
END_PROFILE ( SMBtranss ) ;
2001-08-27 08:19:43 +00:00
return ( ERROR_DOS ( ERRSRV , ERRnosupport ) ) ;
2000-10-11 05:31:39 +00:00
}
1998-08-14 17:38:29 +00:00
2006-04-10 15:33:04 +00:00
END_PROFILE ( SMBtranss ) ;
1998-08-14 17:38:29 +00:00
return ( outsize ) ;
2003-03-07 00:30:47 +00:00
bad_param :
2006-04-10 15:33:04 +00:00
DEBUG ( 0 , ( " reply_transs: invalid trans parameters \n " ) ) ;
DLIST_REMOVE ( conn - > pending_trans , state ) ;
SAFE_FREE ( state - > data ) ;
SAFE_FREE ( state - > param ) ;
TALLOC_FREE ( state ) ;
END_PROFILE ( SMBtranss ) ;
2003-03-07 23:34:51 +00:00
return ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
1996-05-04 07:50:46 +00:00
}