Ignore:
Timestamp:
Nov 24, 2016, 1:14:11 PM (9 years ago)
Author:
Silvan Scherrer
Message:

Samba Server: update vendor to version 4.4.3

File:
1 edited

Legend:

Unmodified
Added
Removed

  • vendor/current/source3/smbd/pipes.c

    r740 r988  
    1 /* 
     1/*
    22   Unix SMB/CIFS implementation.
    33   Pipe SMB reply routines
     
    66   Copyright (C) Paul Ashton  1997-1998.
    77   Copyright (C) Jeremy Allison 2005.
    8    
     8
    99   This program is free software; you can redistribute it and/or modify
    1010   it under the terms of the GNU General Public License as published by
    1111   the Free Software Foundation; either version 3 of the License, or
    1212   (at your option) any later version.
    13    
     13
    1414   This program is distributed in the hope that it will be useful,
    1515   but WITHOUT ANY WARRANTY; without even the implied warranty of
    1616   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    1717   GNU General Public License for more details.
    18    
     18
    1919   You should have received a copy of the GNU General Public License
    2020   along with this program.  If not, see <http://www.gnu.org/licenses/>.
     
    3232#include "rpc_server/srv_pipe_hnd.h"
    3333
    34 #define PIPE            "\\PIPE\\"
    35 #define PIPELEN         strlen(PIPE)
    36 
    37 #define MAX_PIPE_NAME_LEN       24
    38 
    3934NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
    4035                      struct files_struct **pfsp)
     
    5752        fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
    5853
    59         status = create_synthetic_smb_fname(talloc_tos(), name, NULL, NULL,
    60                                             &smb_fname);
    61                 if (!NT_STATUS_IS_OK(status)) {
     54        smb_fname = synthetic_smb_fname(talloc_tos(), name, NULL, NULL);
     55        if (smb_fname == NULL) {
    6256                file_free(smb_req, fsp);
    63                 return status;
     57                return NT_STATUS_NO_MEMORY;
    6458        }
    6559        status = fsp_set_smb_fname(fsp, smb_fname);
     
    7367                         conn->sconn->local_address,
    7468                         conn->sconn->remote_address,
    75                          &conn->sconn->client_id,
    7669                         conn->session_info,
     70                         conn->sconn->ev_ctx,
    7771                         conn->sconn->msg_ctx,
    7872                         &fsp->fake_file_handle);
     
    114108        /* at a mailslot or something we really, really don't understand, */
    115109        /* not just something we really don't understand. */
    116         if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) {
    117                 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
    118                 return;
    119         }
    120 
    121         DEBUG(4,("Opening pipe %s.\n", pipe_name));
    122 
    123         /* Strip \PIPE\ off the name. */
    124         fname = pipe_name + PIPELEN;
     110
     111#define PIPE            "PIPE\\"
     112#define PIPELEN         strlen(PIPE)
     113
     114        fname = pipe_name;
     115        while (fname[0] == '\\') {
     116                fname++;
     117        }
     118        if (!strnequal(fname, PIPE, PIPELEN)) {
     119                reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
     120                return;
     121        }
     122        fname += PIPELEN;
     123        while (fname[0] == '\\') {
     124                fname++;
     125        }
     126
     127        DEBUG(4,("Opening pipe %s => %s.\n", pipe_name, fname));
    125128
    126129#if 0
     
    148151        reply_outbuf(req, 15, 0);
    149152
     153        SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
     154        SSVAL(req->outbuf, smb_vwv1, 0);    /* no andx offset */
     155
    150156        /* Mark the opened file as an existing named pipe in message mode. */
    151157        SSVAL(req->outbuf,smb_vwv9,2);
     
    158164        SSVAL(req->outbuf, smb_vwv8, 0);        /* rmode */
    159165        SSVAL(req->outbuf, smb_vwv11, 0x0001);
    160 
    161         chain_reply(req);
    162         return;
    163166}
    164167
     
    201204        data = req->buf + 3;
    202205
    203         DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", (int)fsp->fnum,
     206        DEBUG(6, ("reply_pipe_write: %s, name: %s len: %d\n", fsp_fnum_dbg(fsp),
    204207                  fsp_str_dbg(fsp), (int)state->numtowrite));
    205208
    206         subreq = np_write_send(state, smbd_event_context(),
     209        subreq = np_write_send(state, req->sconn->ev_ctx,
    207210                               fsp->fake_file_handle, data, state->numtowrite);
    208211        if (subreq == NULL) {
     
    244247
    245248 send:
    246         if (!srv_send_smb(req->sconn, (char *)req->outbuf,
     249        if (!srv_send_smb(req->xconn, (char *)req->outbuf,
    247250                          true, req->seqnum+1,
    248251                          IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
     
    271274        files_struct *fsp = file_fsp(req, SVAL(req->vwv+2, 0));
    272275        int smb_doff = SVAL(req->vwv+11, 0);
    273         uint8_t *data;
     276        const uint8_t *data;
    274277        struct pipe_write_andx_state *state;
    275278        struct tevent_req *subreq;
     
    297300                 == (PIPE_START_MESSAGE|PIPE_RAW_MODE));
    298301
    299         DEBUG(6, ("reply_pipe_write_and_X: %x name: %s len: %d\n",
    300                   (int)fsp->fnum, fsp_str_dbg(fsp), (int)state->numtowrite));
    301 
    302         data = (uint8_t *)smb_base(req->inbuf) + smb_doff;
     302        DEBUG(6, ("reply_pipe_write_and_X: %s, name: %s len: %d\n",
     303                  fsp_fnum_dbg(fsp), fsp_str_dbg(fsp), (int)state->numtowrite));
     304
     305        data = (const uint8_t *)smb_base(req->inbuf) + smb_doff;
    303306
    304307        if (state->pipe_start_message_raw) {
     
    320323        }
    321324
    322         subreq = np_write_send(state, smbd_event_context(),
     325        subreq = np_write_send(state, req->sconn->ev_ctx,
    323326                               fsp->fake_file_handle, data, state->numtowrite);
    324327        if (subreq == NULL) {
     
    356359        reply_outbuf(req, 6, 0);
    357360
     361        SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
     362        SSVAL(req->outbuf, smb_vwv1, 0);    /* no andx offset */
     363
    358364        nwritten = (state->pipe_start_message_raw ? nwritten + 2 : nwritten);
    359365        SSVAL(req->outbuf,smb_vwv2,nwritten);
     
    362368
    363369 done:
    364         chain_reply(req);
    365370        /*
    366371         * We must free here as the ownership of req was
    367372         * moved to the connection struct in reply_pipe_write_and_X().
    368373         */
    369         TALLOC_FREE(req);
     374        smb_request_done(req);
    370375}
    371376
     
    395400           data on the pipe */
    396401#if 0
    397         uint32 smb_offs = IVAL(req->vwv+3, 0);
     402        uint32_t smb_offs = IVAL(req->vwv+3, 0);
    398403#endif
    399404
     
    418423        state->smb_mincnt = SVAL(req->vwv+6, 0);
    419424
    420         reply_outbuf(req, 12, state->smb_maxcnt);
    421         data = (uint8_t *)smb_buf(req->outbuf);
     425        reply_outbuf(req, 12, state->smb_maxcnt + 1 /* padding byte */);
     426        SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
     427        SSVAL(req->outbuf, smb_vwv1, 0);    /* no andx offset */
     428        SCVAL(smb_buf(req->outbuf), 0, 0); /* padding byte */
     429
     430        data = (uint8_t *)smb_buf(req->outbuf) + 1 /* padding byte */;
    422431
    423432        /*
     
    427436        req->outbuf = NULL;
    428437
    429         subreq = np_read_send(state, smbd_event_context(),
     438        subreq = np_read_send(state, req->sconn->ev_ctx,
    430439                              fsp->fake_file_handle, data,
    431440                              state->smb_maxcnt);
     
    451460        TALLOC_FREE(subreq);
    452461        if (!NT_STATUS_IS_OK(status)) {
     462                NTSTATUS old = status;
     463                status = nt_status_np_pipe(old);
    453464                reply_nterror(req, status);
    454465                goto done;
     
    458469        state->outbuf = NULL;
    459470
    460         srv_set_message((char *)req->outbuf, 12, nread, False);
     471        srv_set_message((char *)req->outbuf, 12, nread + 1 /* padding byte */,
     472                        false);
    461473
    462474#if 0
     
    476488        SSVAL(req->outbuf,smb_vwv5,nread);
    477489        SSVAL(req->outbuf,smb_vwv6,
    478               req_wct_ofs(req)
     490              (smb_wct - 4)     /* offset from smb header to wct */
    479491              + 1               /* the wct field */
    480492              + 12 * sizeof(uint16_t) /* vwv */
    481               + 2);             /* the buflen field */
     493              + 2               /* the buflen field */
     494              + 1);             /* padding byte */
    482495        SSVAL(req->outbuf,smb_vwv11,state->smb_maxcnt);
    483  
     496
    484497        DEBUG(3,("readX-IPC min=%d max=%d nread=%d\n",
    485498                 state->smb_mincnt, state->smb_maxcnt, (int)nread));
    486499
    487500 done:
    488         chain_reply(req);
    489501        /*
    490502         * We must free here as the ownership of req was
    491503         * moved to the connection struct in reply_pipe_read_and_X().
    492504         */
    493         TALLOC_FREE(req);
    494 }
     505        smb_request_done(req);
     506}
Note: See TracChangeset for help on using the changeset viewer.