diff options
author | Luke Leighton <lkcl@samba.org> | 1998-10-20 18:27:49 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-10-20 18:27:49 +0000 |
commit | 1ebeb54932de01323356e8201d465656b8723d46 (patch) | |
tree | da41300fe2d31576f3efc0041739626b618fbb66 /source3/rpc_server | |
parent | 476d0fd23682452d0d9f56ff2e166243d74cfdbc (diff) | |
download | samba-1ebeb54932de01323356e8201d465656b8723d46.tar.gz samba-1ebeb54932de01323356e8201d465656b8723d46.tar.bz2 samba-1ebeb54932de01323356e8201d465656b8723d46.zip |
some quite important bug-fixes i missed because i transferred the wrong
smb.tgz file from my portable.
particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.
smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data. rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length. this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 10 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 31 |
2 files changed, 23 insertions, 18 deletions
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index d5c99b89c4..54ecbf707e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -3,8 +3,8 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -175,7 +175,7 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) dump_data(50, data, n); /* fake up a data buffer from the write_pipe data parameters */ - mem_create(&data_buf, data, n, 0, False); + mem_create(&data_buf, data, 0, n, 0, False); data_buf.offset.start = 0; data_buf.offset.end = n; @@ -196,7 +196,7 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) this function is called, the start of the data could possibly have been read by an SMBtrans (file_offset != 0). - calling create_rpc_request() here is a fudge. the data should already + calling create_rpc_reply() here is a fudge. the data should already have been prepared into arrays of headers + data stream sections. ****************************************************************************/ @@ -268,8 +268,6 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) mem_buf_copy(data, p->rhdr.data, 0, 0x18); data += 0x18; - p->frag_len_left = p->hdr.frag_len; - p->next_frag_start += p->hdr.frag_len; p->hdr_offsets += 0x18; } } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 7ddc2da5d1..59db0bed2c 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -165,6 +165,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids) BOOL create_rpc_reply(pipes_struct *p, uint32 data_start, uint32 data_end) { + char *data; + uint32 data_len; + DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n", data_start, data_end, p->hdr_ba.bba.max_tsize)); @@ -197,6 +200,8 @@ BOOL create_rpc_reply(pipes_struct *p, p->hdr.frag_len = p->hdr_ba.bba.max_tsize; } + data_len = p->hdr.frag_len; + p->rhdr.data->offset.start = 0; p->rhdr.data->offset.end = 0x18; @@ -205,6 +210,20 @@ BOOL create_rpc_reply(pipes_struct *p, smb_io_rpc_hdr ("hdr", &(p->hdr ), &(p->rhdr), 0); smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0); + p->frag_len_left = p->hdr.frag_len - p->file_offset; + p->next_frag_start = p->hdr.frag_len; + + /* don't use rdata: use rdata_i instead, which moves... */ + /* make a pointer to the rdata data. NOT A COPY */ + + prs_init(&p->rdata_i, 0, p->rdata.align, p->rdata.data->margin, p->rdata.io); + data = mem_data(&(p->rdata.data), data_start); + mem_create(p->rdata_i.data, data, data_start, data_len, 0, False); + + /* set up the data chain */ + prs_link(NULL , &p->rhdr , &p->rdata_i); + prs_link(&p->rhdr, &p->rdata_i, NULL ); + return p->rhdr.data != NULL && p->rhdr.offset == 0x18; } @@ -703,18 +722,6 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds return False; } - p->frag_len_left = p->hdr.frag_len - p->file_offset; - p->next_frag_start = p->hdr.frag_len; - - /* set up the data chain */ - p->rhdr.data->offset.start = 0; - p->rhdr.data->offset.end = p->rhdr.offset; - p->rhdr.data->next = p->rdata.data; - - p->rdata.data->offset.start = p->rhdr.data->offset.end; - p->rdata.data->offset.end = p->rhdr.data->offset.end + p->rdata.offset; - p->rdata.data->next = NULL; - return True; } |