2025-03-11 16:58:40 +03:00 · 2005-07-01 06:05:49 +00:00 · 2005-07-01 06:05:49 +00:00 · 66d6b1d578
commit 66d6b1d578
parent a9c3244503
3 changed files with 71 additions and 81 deletions
--- a/source/ntvfs/ipc/vfs_ipc.c
+++ b/source/ntvfs/ipc/vfs_ipc.c
@ -350,14 +350,14 @@ static NTSTATUS ipc_copy(struct ntvfs_module_context *ntvfs,
 	return NT_STATUS_ACCESS_DENIED;
 }

-static NTSTATUS ipc_readx_dcesrv_output(void *private_data, DATA_BLOB *output, size_t *nwritten)
+static NTSTATUS ipc_readx_dcesrv_output(void *private_data, DATA_BLOB *out, size_t *nwritten)
 {
 	DATA_BLOB *blob = private_data;

-	if (output->length < blob->length) {
-		blob->length = output->length;
+	if (out->length < blob->length) {
+		blob->length = out->length;
 	}
-	memcpy(blob->data, output->data, blob->length);
+	memcpy(blob->data, out->data, blob->length);
 	*nwritten = blob->length;
 	return NT_STATUS_OK;
 }
@ -616,33 +616,20 @@ static NTSTATUS ipc_search_close(struct ntvfs_module_context *ntvfs,
 	return NT_STATUS_ACCESS_DENIED;
 }

-struct ipctp_dcesrv_output {
-	struct smbsrv_request *req;
-	struct smb_trans2 *trans;
-};
-static NTSTATUS ipc_trans_dcesrv_output(void *private_data, DATA_BLOB *_output, size_t *nwritten)
+static NTSTATUS ipc_trans_dcesrv_output(void *private_data, DATA_BLOB *out, size_t *nwritten)
 {
 	NTSTATUS status = NT_STATUS_OK;
-	DATA_BLOB *output;
-	struct ipctp_dcesrv_output *ipctp = private_data;
+	DATA_BLOB *blob = private_data;

-	/*
-	 * do it the fast way without doing an extra memcpy()
-	 *
-	 * we need to reference the the DATA_BLOB itself,
-	 * because out->data isn't always a valid talloc pointer
-	 */
-	output = talloc_reference(ipctp->req, _output);
-	NT_STATUS_HAVE_NO_MEMORY(output);
-
-	if (output->length > ipctp->trans->in.max_data) {
+	if (out->length > blob->length) {
 		status = STATUS_BUFFER_OVERFLOW;
 	}

-	ipctp->trans->out.data.data	= output->data;
-	ipctp->trans->out.data.length	= MIN(ipctp->trans->in.max_data, output->length);
-
-	*nwritten = ipctp->trans->out.data.length;
+	if (out->length < blob->length) {
+		blob->length = out->length;
+	}
+	memcpy(blob->data, out->data, blob->length);
+	*nwritten = blob->length;
 	return status;
 }

@ -651,36 +638,38 @@ static NTSTATUS ipc_dcerpc_cmd(struct ntvfs_module_context *ntvfs,
 			       struct smbsrv_request *req, struct smb_trans2 *trans)
 {
 	struct pipe_state *p;
-	struct ipc_private *ipcp = ntvfs->private_data;
-	struct ipctp_dcesrv_output ipctp;
+	struct ipc_private *private = ntvfs->private_data;
 	NTSTATUS status;

 	/* the fnum is in setup[1] */
-	p = pipe_state_find(ipcp, trans->in.setup[1]);
-	if (!p) return NT_STATUS_INVALID_HANDLE;
+	p = pipe_state_find(private, trans->in.setup[1]);
+	if (!p) {
+		return NT_STATUS_INVALID_HANDLE;
+	}

-	/*
-	 * just to be sure we doesn't have something uninitialized
-	 * the real work is done in the dcesrv_output() callback
-	 */
-	trans->out.data = data_blob(NULL, 0);
+	trans->out.data = data_blob_talloc(req, NULL, trans->in.max_data);
+	if (!trans->out.data.data) {
+		return NT_STATUS_NO_MEMORY;
+	}

 	/* pass the data to the dcerpc server. Note that we don't
 	   expect this to fail, and things like NDR faults are not
 	   reported at this stage. Those sorts of errors happen in the
 	   dcesrv_output stage */
 	status = dcesrv_input(p->dce_conn, &trans->in.data);
-	NT_STATUS_NOT_OK_RETURN(status);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}

 	/*
 	  now ask the dcerpc system for some output. This doesn't yet handle
-	  async calls. Again, we only expect NT_STATUS_OK or STATUS_BUFFER_OVERFLOW.
-	  If the call fails then the error is encoded at the dcerpc level
+	  async calls. Again, we only expect NT_STATUS_OK. If the call fails then
+	  the error is encoded at the dcerpc level
 	*/
-	ipctp.req	= req;
-	ipctp.trans	= trans;
-	status = dcesrv_output(p->dce_conn, &ipctp, ipc_trans_dcesrv_output);
-	NT_STATUS_IS_ERR_RETURN(status);
+	status = dcesrv_output(p->dce_conn, &trans->out.data, ipc_trans_dcesrv_output);
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}

 	trans->out.setup_count = 0;
 	trans->out.setup = NULL;
--- a/source/rpc_server/dcerpc_server.c
+++ b/source/rpc_server/dcerpc_server.c
@ -399,15 +399,16 @@ static NTSTATUS dcesrv_fault(struct dcesrv_call_state *call, uint32_t fault_code
 	pkt.u.fault.status = fault_code;

 	rep = talloc(call, struct dcesrv_call_reply);
-	NT_STATUS_HAVE_NO_MEMORY(rep);
+	if (!rep) {
+		return NT_STATUS_NO_MEMORY;
+	}

-	rep->data = talloc(call, DATA_BLOB);
-	NT_STATUS_HAVE_NO_MEMORY(rep->data);
+	status = ncacn_push_auth(&rep->data, call, &pkt, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}

-	status = ncacn_push_auth(rep->data, call, &pkt, NULL);
-	NT_STATUS_NOT_OK_RETURN(status);
-
-	dcerpc_set_frag_length(rep->data, rep->data->length);
+	dcerpc_set_frag_length(&rep->data, rep->data.length);

 	DLIST_ADD_END(call->replies, rep, struct dcesrv_call_reply *);
 	DLIST_ADD_END(call->conn->call_list, call, struct dcesrv_call_state *);
@ -435,15 +436,16 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
 	pkt.u.bind_nak.num_versions = 0;

 	rep = talloc(call, struct dcesrv_call_reply);
-	NT_STATUS_HAVE_NO_MEMORY(rep);
+	if (!rep) {
+		return NT_STATUS_NO_MEMORY;
+	}

-	rep->data = talloc(call, DATA_BLOB);
-	NT_STATUS_HAVE_NO_MEMORY(rep->data);
+	status = ncacn_push_auth(&rep->data, call, &pkt, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}

-	status = ncacn_push_auth(rep->data, call, &pkt, NULL);
-	NT_STATUS_NOT_OK_RETURN(status);
-
-	dcerpc_set_frag_length(rep->data, rep->data->length);
+	dcerpc_set_frag_length(&rep->data, rep->data.length);

 	DLIST_ADD_END(call->replies, rep, struct dcesrv_call_reply *);
 	DLIST_ADD_END(call->conn->call_list, call, struct dcesrv_call_state *);
@ -569,16 +571,17 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
 	}

 	rep = talloc(call, struct dcesrv_call_reply);
-	NT_STATUS_HAVE_NO_MEMORY(rep);
+	if (!rep) {
+		return NT_STATUS_NO_MEMORY;
+	}

-	rep->data = talloc(call, DATA_BLOB);
-	NT_STATUS_HAVE_NO_MEMORY(rep->data);
+	status = ncacn_push_auth(&rep->data, call, &pkt, 
+				  call->conn->auth_state.auth_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}

-	status = ncacn_push_auth(rep->data, call, &pkt, 
-				 call->conn->auth_state.auth_info);
-	NT_STATUS_NOT_OK_RETURN(status);
-
-	dcerpc_set_frag_length(rep->data, rep->data->length);
+	dcerpc_set_frag_length(&rep->data, rep->data.length);

 	DLIST_ADD_END(call->replies, rep, struct dcesrv_call_reply *);
 	DLIST_ADD_END(call->conn->call_list, call, struct dcesrv_call_state *);
@ -710,16 +713,17 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
 	}

 	rep = talloc(call, struct dcesrv_call_reply);
-	NT_STATUS_HAVE_NO_MEMORY(rep);
+	if (!rep) {
+		return NT_STATUS_NO_MEMORY;
+	}

-	rep->data = talloc(call, DATA_BLOB);
-	NT_STATUS_HAVE_NO_MEMORY(rep->data);
+	status = ncacn_push_auth(&rep->data, call, &pkt, 
+				  call->conn->auth_state.auth_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}

-	status = ncacn_push_auth(rep->data, call, &pkt, 
-				 call->conn->auth_state.auth_info);
-	NT_STATUS_IS_OK_RETURN(status);
-
-	dcerpc_set_frag_length(rep->data, rep->data->length);
+	dcerpc_set_frag_length(&rep->data, rep->data.length);

 	DLIST_ADD_END(call->replies, rep, struct dcesrv_call_reply *);
 	DLIST_ADD_END(call->conn->call_list, call, struct dcesrv_call_state *);
@ -840,9 +844,6 @@ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
 		rep = talloc(call, struct dcesrv_call_reply);
 		NT_STATUS_HAVE_NO_MEMORY(rep);

-		rep->data = talloc(call, DATA_BLOB);
-		NT_STATUS_HAVE_NO_MEMORY(rep->data);
-
 		length = stub.length;
 		if (length + DCERPC_RESPONSE_LENGTH > call->conn->cli_max_recv_frag) {
 			/* the 32 is to cope with signing data */
@ -868,11 +869,11 @@ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
 		pkt.u.response.stub_and_verifier.data = stub.data;
 		pkt.u.response.stub_and_verifier.length = length;

-		if (!dcesrv_auth_response(call, rep->data, &pkt)) {
+		if (!dcesrv_auth_response(call, &rep->data, &pkt)) {
 			return dcesrv_fault(call, DCERPC_FAULT_OTHER);		
 		}

-		dcerpc_set_frag_length(rep->data, rep->data->length);
+		dcerpc_set_frag_length(&rep->data, rep->data.length);

 		DLIST_ADD_END(call->replies, rep, struct dcesrv_call_reply *);
 		
@ -1126,13 +1127,13 @@ NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn,
 	}
 	rep = call->replies;

-	status = write_fn(private_data, rep->data, &nwritten);
+	status = write_fn(private_data, &rep->data, &nwritten);
 	NT_STATUS_IS_ERR_RETURN(status);

-	rep->data->length -= nwritten;
-	rep->data->data += nwritten;
+	rep->data.length -= nwritten;
+	rep->data.data += nwritten;

-	if (rep->data->length == 0) {
+	if (rep->data.length == 0) {
 		/* we're done with this section of the call */
 		DLIST_REMOVE(call->replies, rep);
 	}
--- a/source/rpc_server/dcerpc_server.h
+++ b/source/rpc_server/dcerpc_server.h
@ -104,7 +104,7 @@ struct dcesrv_call_state {

 	struct dcesrv_call_reply {
 		struct dcesrv_call_reply *next, *prev;
-		DATA_BLOB *data;
+		DATA_BLOB data;
 	} *replies;

 	/* this is used by the boilerplate code to generate DCERPC faults */