diff options
author | Jeremy Allison <jra@samba.org> | 2008-11-11 10:20:24 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-11-11 10:20:24 -0800 |
commit | 4f2635b729e636e123afacb0970c3d49343b3e90 (patch) | |
tree | 76d632982f23f08b23593af78614e9414dbbac2c /source3/smbd/reply.c | |
parent | 8cb23a6b2950d7419767845b6097470f76f348a7 (diff) | |
parent | 2e6bf03e519e180a1ee672dc9c9171d9e0cd114f (diff) | |
download | samba-4f2635b729e636e123afacb0970c3d49343b3e90.tar.gz samba-4f2635b729e636e123afacb0970c3d49343b3e90.tar.bz2 samba-4f2635b729e636e123afacb0970c3d49343b3e90.zip |
Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba
Diffstat (limited to 'source3/smbd/reply.c')
-rw-r--r-- | source3/smbd/reply.c | 592 |
1 files changed, 253 insertions, 339 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 25480c6e3b..be39fd464d 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -208,7 +208,7 @@ NTSTATUS check_path_syntax_posix(char *path) ****************************************************************************/ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx, - const char *inbuf, + const char *base_ptr, uint16 smb_flags2, char **pp_dest, const char *src, @@ -221,22 +221,8 @@ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx, *pp_dest = NULL; - if (src_len == 0) { - ret = srvstr_pull_buf_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - flags); - } else { - ret = srvstr_pull_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - src_len, - flags); - } + ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src, + src_len, flags); if (!*pp_dest) { *err = NT_STATUS_INVALID_PARAMETER; @@ -268,7 +254,7 @@ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx, ****************************************************************************/ size_t srvstr_get_path(TALLOC_CTX *ctx, - const char *inbuf, + const char *base_ptr, uint16 smb_flags2, char **pp_dest, const char *src, @@ -276,48 +262,27 @@ size_t srvstr_get_path(TALLOC_CTX *ctx, int flags, NTSTATUS *err) { - size_t ret; - - *pp_dest = NULL; - - if (src_len == 0) { - ret = srvstr_pull_buf_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - flags); - } else { - ret = srvstr_pull_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - src_len, - flags); - } - - if (!*pp_dest) { - *err = NT_STATUS_INVALID_PARAMETER; - return ret; - } - - if (smb_flags2 & FLAGS2_DFS_PATHNAMES) { - /* - * For a DFS path the function parse_dfs_path() - * will do the path processing, just make a copy. - */ - *err = NT_STATUS_OK; - return ret; - } + bool ignore; + return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src, + src_len, flags, err, &ignore); +} - if (lp_posix_pathnames()) { - *err = check_path_syntax_posix(*pp_dest); - } else { - *err = check_path_syntax(*pp_dest); - } +size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req, + char **pp_dest, const char *src, int flags, + NTSTATUS *err, bool *contains_wcard) +{ + return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2, + pp_dest, src, smbreq_bufrem(req, src), + flags, err, contains_wcard); +} - return ret; +size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req, + char **pp_dest, const char *src, int flags, + NTSTATUS *err) +{ + bool ignore; + return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src, + flags, err, &ignore); } /**************************************************************************** @@ -517,26 +482,25 @@ void reply_tcon(struct smb_request *req) char *dev = NULL; int pwlen=0; NTSTATUS nt_status; - char *p; + const char *p; DATA_BLOB password_blob; TALLOC_CTX *ctx = talloc_tos(); START_PROFILE(SMBtcon); - if (smb_buflen(req->inbuf) < 4) { + if (req->buflen < 4) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtcon); return; } - p = smb_buf(req->inbuf)+1; - p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, - &service_buf, p, STR_TERMINATE) + 1; - pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, - &password, p, STR_TERMINATE) + 1; - p += pwlen; - p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, - &dev, p, STR_TERMINATE) + 1; + p = (const char *)req->buf + 1; + p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE); + p += 1; + pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE); + p += pwlen+1; + p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE); + p += 1; if (service_buf == NULL || password == NULL || dev == NULL) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -583,7 +547,7 @@ void reply_tcon(struct smb_request *req) void reply_tcon_and_X(struct smb_request *req) { connection_struct *conn = req->conn; - char *service = NULL; + const char *service = NULL; DATA_BLOB password; TALLOC_CTX *ctx = talloc_tos(); /* what the cleint thinks the device is */ @@ -593,7 +557,7 @@ void reply_tcon_and_X(struct smb_request *req) NTSTATUS nt_status; int passlen; char *path = NULL; - char *p, *q; + const char *p, *q; uint16 tcon_flags; START_PROFILE(SMBtconX); @@ -604,8 +568,8 @@ void reply_tcon_and_X(struct smb_request *req) return; } - passlen = SVAL(req->inbuf,smb_vwv3); - tcon_flags = SVAL(req->inbuf,smb_vwv2); + passlen = SVAL(req->vwv+3, 0); + tcon_flags = SVAL(req->vwv+2, 0); /* we might have to close an old one */ if ((tcon_flags & 0x1) && conn) { @@ -614,34 +578,31 @@ void reply_tcon_and_X(struct smb_request *req) conn = NULL; } - if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) { + if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) { reply_doserror(req, ERRDOS, ERRbuftoosmall); END_PROFILE(SMBtconX); return; } if (global_encrypted_passwords_negotiated) { - password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf), - passlen); + password = data_blob_talloc(talloc_tos(), req->buf, passlen); if (lp_security() == SEC_SHARE) { /* * Security = share always has a pad byte * after the password. */ - p = smb_buf(req->inbuf) + passlen + 1; + p = (const char *)req->buf + passlen + 1; } else { - p = smb_buf(req->inbuf) + passlen; + p = (const char *)req->buf + passlen; } } else { - password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf), - passlen+1); + password = data_blob_talloc(talloc_tos(), req->buf, passlen+1); /* Ensure correct termination */ password.data[passlen]=0; - p = smb_buf(req->inbuf) + passlen + 1; + p = (const char *)req->buf + passlen + 1; } - p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p, - STR_TERMINATE); + p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE); if (path == NULL) { data_blob_clear_free(&password); @@ -669,7 +630,7 @@ void reply_tcon_and_X(struct smb_request *req) p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2, &client_devicetype, p, - MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII); + MIN(6, smbreq_bufrem(req, p)), STR_ASCII); if (client_devicetype == NULL) { data_blob_clear_free(&password); @@ -803,8 +764,8 @@ void reply_ioctl(struct smb_request *req) return; } - device = SVAL(req->inbuf,smb_vwv1); - function = SVAL(req->inbuf,smb_vwv2); + device = SVAL(req->vwv+1, 0); + function = SVAL(req->vwv+2, 0); ioctl_code = (device << 16) + function; DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code)); @@ -831,7 +792,7 @@ void reply_ioctl(struct smb_request *req) case IOCTL_QUERY_JOB_INFO: { files_struct *fsp = file_fsp( - req, SVAL(req->inbuf, smb_vwv0)); + req, SVAL(req->vwv+0, 0)); if (!fsp) { reply_doserror(req, ERRDOS, ERRbadfid); END_PROFILE(SMBioctl); @@ -860,10 +821,10 @@ void reply_ioctl(struct smb_request *req) Strange checkpath NTSTATUS mapping. ****************************************************************************/ -static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status) +static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status) { /* Strange DOS error code semantics only for checkpath... */ - if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) { + if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) { if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) { /* We need to map to ERRbadpath */ return NT_STATUS_OBJECT_PATH_NOT_FOUND; @@ -886,11 +847,11 @@ void reply_checkpath(struct smb_request *req) START_PROFILE(SMBcheckpath); - srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name, - smb_buf(req->inbuf) + 1, 0, - STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1, + STR_TERMINATE, &status); + if (!NT_STATUS_IS_OK(status)) { - status = map_checkpath_error((char *)req->inbuf, status); + status = map_checkpath_error(req->flags2, status); reply_nterror(req, status); END_PROFILE(SMBcheckpath); return; @@ -910,7 +871,7 @@ void reply_checkpath(struct smb_request *req) goto path_err; } - DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0))); + DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0))); status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf); if (!NT_STATUS_IS_OK(status)) { @@ -950,7 +911,7 @@ void reply_checkpath(struct smb_request *req) one at a time - if a component fails it expects ERRbadpath, not ERRbadfile. */ - status = map_checkpath_error((char *)req->inbuf, status); + status = map_checkpath_error(req->flags2, status); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { /* * Windows returns different error codes if @@ -979,15 +940,14 @@ void reply_getatr(struct smb_request *req) int mode=0; SMB_OFF_T size=0; time_t mtime=0; - char *p; + const char *p; NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); START_PROFILE(SMBgetatr); - p = smb_buf(req->inbuf) + 1; - p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p, - 0, STR_TERMINATE, &status); + p = (const char *)req->buf + 1; + p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBgetatr); @@ -1081,7 +1041,7 @@ void reply_setatr(struct smb_request *req) int mode; time_t mtime; SMB_STRUCT_STAT sbuf; - char *p; + const char *p; NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); @@ -1094,9 +1054,8 @@ void reply_setatr(struct smb_request *req) return; } - p = smb_buf(req->inbuf) + 1; - p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p, - 0, STR_TERMINATE, &status); + p = (const char *)req->buf + 1; + p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBsetatr); @@ -1143,8 +1102,8 @@ void reply_setatr(struct smb_request *req) return; } - mode = SVAL(req->inbuf,smb_vwv0); - mtime = srv_make_unix_date3(req->inbuf+smb_vwv1); + mode = SVAL(req->vwv+0, 0); + mtime = srv_make_unix_date3(req->vwv+1); ts[1] = convert_time_t_to_timespec(mtime); status = smb_set_file_time(conn, NULL, fname, @@ -1236,7 +1195,7 @@ void reply_dskattr(struct smb_request *req) void reply_search(struct smb_request *req) { connection_struct *conn = req->conn; - char *mask = NULL; + const char *mask = NULL; char *directory = NULL; char *fname = NULL; SMB_OFF_T size; @@ -1246,7 +1205,7 @@ void reply_search(struct smb_request *req) unsigned int numentries = 0; unsigned int maxentries = 0; bool finished = False; - char *p; + const char *p; int status_len; char *path = NULL; char status[21]; @@ -1268,29 +1227,22 @@ void reply_search(struct smb_request *req) } if (lp_posix_pathnames()) { - reply_unknown_new(req, CVAL(req->inbuf, smb_com)); + reply_unknown_new(req, req->cmd); END_PROFILE(SMBsearch); return; } /* If we were called as SMBffirst then we must expect close. */ - if(CVAL(req->inbuf,smb_com) == SMBffirst) { + if(req->cmd == SMBffirst) { expect_close = True; } reply_outbuf(req, 1, 3); - maxentries = SVAL(req->inbuf,smb_vwv0); - dirtype = SVAL(req->inbuf,smb_vwv1); - p = smb_buf(req->inbuf) + 1; - p += srvstr_get_path_wcard(ctx, - (char *)req->inbuf, - req->flags2, - &path, - p, - 0, - STR_TERMINATE, - &nt_status, - &mask_contains_wcard); + maxentries = SVAL(req->vwv+0, 0); + dirtype = SVAL(req->vwv+1, 0); + p = (const char *)req->buf + 1; + p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE, + &nt_status, &mask_contains_wcard); if (!NT_STATUS_IS_OK(nt_status)) { reply_nterror(req, nt_status); END_PROFILE(SMBsearch); @@ -1339,27 +1291,21 @@ void reply_search(struct smb_request *req) } p = strrchr_m(directory,'/'); - if (!p) { + if ((p != NULL) && (*directory != '/')) { + mask = p + 1; + directory = talloc_strndup(ctx, directory, + PTR_DIFF(p, directory)); + } else { mask = directory; directory = talloc_strdup(ctx,"."); - if (!directory) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBsearch); - return; - } - } else { - *p = 0; - mask = p+1; } - if (*directory == '\0') { - directory = talloc_strdup(ctx,"."); - if (!directory) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBsearch); - return; - } + if (!directory) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBsearch); + return; } + memset((char *)status,'\0',21); SCVAL(status,0,(dirtype & 0x1F)); @@ -1497,7 +1443,7 @@ void reply_search(struct smb_request *req) } /* If we were called as SMBfunique, then we can close the dirptr now ! */ - if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) { + if(dptr_num >= 0 && req->cmd == SMBfunique) { dptr_close(&dptr_num); } @@ -1530,7 +1476,7 @@ void reply_search(struct smb_request *req) } DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n", - smb_fn_name(CVAL(req->inbuf,smb_com)), + smb_fn_name(req->cmd), mask, directory ? directory : "./", dirtype, @@ -1550,7 +1496,7 @@ void reply_fclose(struct smb_request *req) int status_len; char status[21]; int dptr_num= -2; - char *p; + const char *p; char *path = NULL; NTSTATUS err; bool path_contains_wcard = False; @@ -1559,21 +1505,14 @@ void reply_fclose(struct smb_request *req) START_PROFILE(SMBfclose); if (lp_posix_pathnames()) { - reply_unknown_new(req, CVAL(req->inbuf, smb_com)); + reply_unknown_new(req, req->cmd); END_PROFILE(SMBfclose); return; } - p = smb_buf(req->inbuf) + 1; - p += srvstr_get_path_wcard(ctx, - (char *)req->inbuf, - req->flags2, - &path, - p, - 0, - STR_TERMINATE, - &err, - &path_contains_wcard); + p = (const char *)req->buf + 1; + p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE, + &err, &path_contains_wcard); if (!NT_STATUS_IS_OK(err)) { reply_nterror(req, err); END_PROFILE(SMBfclose); @@ -1638,12 +1577,11 @@ void reply_open(struct smb_request *req) } oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); - deny_mode = SVAL(req->inbuf,smb_vwv0); - dos_attr = SVAL(req->inbuf,smb_vwv1); + deny_mode = SVAL(req->vwv+0, 0); + dos_attr = SVAL(req->vwv+1, 0); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - smb_buf(req->inbuf)+1, 0, - STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBopen); @@ -1739,8 +1677,8 @@ void reply_open_and_X(struct smb_request *req) int core_oplock_request; int oplock_request; #if 0 - int smb_sattr = SVAL(req->inbuf,smb_vwv4); - uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6); + int smb_sattr = SVAL(req->vwv+4, 0); + uint32 smb_time = make_unix_date3(req->vwv+6); #endif int smb_ofun; uint32 fattr=0; @@ -1765,14 +1703,14 @@ void reply_open_and_X(struct smb_request *req) return; } - open_flags = SVAL(req->inbuf,smb_vwv2); - deny_mode = SVAL(req->inbuf,smb_vwv3); - smb_attr = SVAL(req->inbuf,smb_vwv5); + open_flags = SVAL(req->vwv+2, 0); + deny_mode = SVAL(req->vwv+3, 0); + smb_attr = SVAL(req->vwv+5, 0); ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf); core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); oplock_request = ex_oplock_request | core_oplock_request; - smb_ofun = SVAL(req->inbuf,smb_vwv8); - allocation_size = (uint64_t)IVAL(req->inbuf,smb_vwv9); + smb_ofun = SVAL(req->vwv+8, 0); + allocation_size = (uint64_t)IVAL(req->vwv+9, 0); /* If it's an IPC, pass off the pipe handler. */ if (IS_IPC(conn)) { @@ -1786,9 +1724,8 @@ void reply_open_and_X(struct smb_request *req) } /* XXXX we need to handle passed times, sattr and flags */ - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - smb_buf(req->inbuf), 0, STR_TERMINATE, - &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBopenX); @@ -1954,7 +1891,6 @@ void reply_mknew(struct smb_request *req) { connection_struct *conn = req->conn; char *fname = NULL; - int com; uint32 fattr = 0; struct timespec ts[2]; files_struct *fsp; @@ -1975,17 +1911,14 @@ void reply_mknew(struct smb_request *req) return; } - fattr = SVAL(req->inbuf,smb_vwv0); + fattr = SVAL(req->vwv+0, 0); oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); - com = SVAL(req->inbuf,smb_com); - ts[1] =convert_time_t_to_timespec( - srv_make_unix_date3(req->inbuf + smb_vwv1)); + ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1)); /* mtime. */ - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - smb_buf(req->inbuf) + 1, 0, - STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBcreate); @@ -1997,7 +1930,7 @@ void reply_mknew(struct smb_request *req) "please report this\n", fname)); } - if(com == SMBmknew) { + if(req->cmd == SMBmknew) { /* We should fail if file exists. */ create_disposition = FILE_CREATE; } else { @@ -2086,12 +2019,11 @@ void reply_ctemp(struct smb_request *req) return; } - fattr = SVAL(req->inbuf,smb_vwv0); + fattr = SVAL(req->vwv+0, 0); oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - smb_buf(req->inbuf)+1, 0, STR_TERMINATE, - &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBctemp); @@ -2558,11 +2490,11 @@ void reply_unlink(struct smb_request *req) return; } - dirtype = SVAL(req->inbuf,smb_vwv0); + dirtype = SVAL(req->vwv+0, 0); - srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, - smb_buf(req->inbuf) + 1, 0, - STR_TERMINATE, &status, &path_contains_wcard); + srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1, + STR_TERMINATE, &status, + &path_contains_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBunlink); @@ -2813,7 +2745,7 @@ void reply_readbraw(struct smb_request *req) * return a zero length response here. */ - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); /* * We have to do a check_fsp by hand here, as @@ -2829,7 +2761,7 @@ void reply_readbraw(struct smb_request *req) */ DEBUG(3,("reply_readbraw: fnum %d not valid " "- cache prime?\n", - (int)SVAL(req->inbuf,smb_vwv0))); + (int)SVAL(req->vwv+0, 0))); reply_readbraw_error(); END_PROFILE(SMBreadbraw); return; @@ -2840,7 +2772,7 @@ void reply_readbraw(struct smb_request *req) ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && (fsp->access_mask & FILE_EXECUTE)))) { DEBUG(3,("reply_readbraw: fnum %d not readable.\n", - (int)SVAL(req->inbuf,smb_vwv0))); + (int)SVAL(req->vwv+0, 0))); reply_readbraw_error(); END_PROFILE(SMBreadbraw); return; @@ -2848,14 +2780,14 @@ void reply_readbraw(struct smb_request *req) flush_write_cache(fsp, READRAW_FLUSH); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0); if(req->wct == 10) { /* * This is a large offset (64 bit) read. */ #ifdef LARGE_SMB_OFF_T - startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32); + startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32); #else /* !LARGE_SMB_OFF_T */ @@ -2863,11 +2795,11 @@ void reply_readbraw(struct smb_request *req) * Ensure we haven't been sent a >32 bit offset. */ - if(IVAL(req->inbuf,smb_vwv8) != 0) { + if(IVAL(req->vwv+8, 0) != 0) { DEBUG(0,("reply_readbraw: large offset " "(%x << 32) used and we don't support " "64 bit offsets.\n", - (unsigned int)IVAL(req->inbuf,smb_vwv8) )); + (unsigned int)IVAL(req->vwv+8, 0) )); reply_readbraw_error(); END_PROFILE(SMBreadbraw); return; @@ -2885,8 +2817,8 @@ void reply_readbraw(struct smb_request *req) } } - maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF); - mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF); + maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF); + mincount = (SVAL(req->vwv+4, 0) & 0xFFFF); /* ensure we don't overrun the packet size */ maxcount = MIN(65535,maxcount); @@ -2955,14 +2887,14 @@ void reply_lockread(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBlockread); return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBlockread); return; @@ -2970,8 +2902,8 @@ void reply_lockread(struct smb_request *req) release_level_2_oplocks_on_change(fsp); - numtoread = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); + numtoread = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread); @@ -3063,21 +2995,21 @@ void reply_read(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBread); return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBread); return; } - numtoread = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); + numtoread = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); numtoread = MIN(BUFFER_SIZE-outsize,numtoread); @@ -3183,7 +3115,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req, * on a train in Germany :-). JRA. */ - if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) && + if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) && !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) && lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) { uint8 headerbuf[smb_size + 12 * 2]; @@ -3197,7 +3129,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req, header = data_blob_const(headerbuf, sizeof(headerbuf)); - construct_reply_common((char *)req->inbuf, (char *)headerbuf); + construct_reply_common_req(req, (char *)headerbuf); setup_readX_header((char *)headerbuf, smb_maxcnt); if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) { @@ -3249,7 +3181,7 @@ normal_read: if ((smb_maxcnt & 0xFF0000) > 0x10000) { uint8 headerbuf[smb_size + 2*12]; - construct_reply_common((char *)req->inbuf, (char *)headerbuf); + construct_reply_common_req(req, (char *)headerbuf); setup_readX_header((char *)headerbuf, smb_maxcnt); /* Send out the header. */ @@ -3297,7 +3229,7 @@ void reply_read_and_X(struct smb_request *req) size_t smb_maxcnt; bool big_readX = False; #if 0 - size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6); + size_t smb_mincnt = SVAL(req->vwv+6, 0); #endif START_PROFILE(SMBreadX); @@ -3307,9 +3239,9 @@ void reply_read_and_X(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2)); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3); - smb_maxcnt = SVAL(req->inbuf,smb_vwv5); + fsp = file_fsp(req, SVAL(req->vwv+2, 0)); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0); + smb_maxcnt = SVAL(req->vwv+5, 0); /* If it's an IPC, pass off the pipe handler. */ if (IS_IPC(conn)) { @@ -3323,18 +3255,18 @@ void reply_read_and_X(struct smb_request *req) return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS,ERRbadaccess); END_PROFILE(SMBreadX); return; } if (global_client_caps & CAP_LARGE_READX) { - size_t upper_size = SVAL(req->inbuf,smb_vwv7); + size_t upper_size = SVAL(req->vwv+7, 0); smb_maxcnt |= (upper_size<<16); if (upper_size > 1) { /* Can't do this on a chained packet. */ - if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) { + if ((CVAL(req->vwv+0, 0) != 0xFF)) { reply_nterror(req, NT_STATUS_NOT_SUPPORTED); END_PROFILE(SMBreadX); return; @@ -3361,7 +3293,7 @@ void reply_read_and_X(struct smb_request *req) /* * This is a large offset (64 bit) read. */ - startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32); + startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32); #else /* !LARGE_SMB_OFF_T */ @@ -3369,10 +3301,10 @@ void reply_read_and_X(struct smb_request *req) * Ensure we haven't been sent a >32 bit offset. */ - if(IVAL(req->inbuf,smb_vwv10) != 0) { + if(IVAL(req->vwv+10, 0) != 0) { DEBUG(0,("reply_read_and_X - large offset (%x << 32) " "used and we don't support 64 bit offsets.\n", - (unsigned int)IVAL(req->inbuf,smb_vwv10) )); + (unsigned int)IVAL(req->vwv+10, 0) )); END_PROFILE(SMBreadX); reply_doserror(req, ERRDOS, ERRbadaccess); return; @@ -3455,7 +3387,7 @@ void reply_writebraw(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { error_to_writebrawerr(req); END_PROFILE(SMBwritebraw); @@ -3469,9 +3401,9 @@ void reply_writebraw(struct smb_request *req) return; } - tcount = IVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3); - write_through = BITSETW(req->inbuf+smb_vwv7,0); + tcount = IVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0); + write_through = BITSETW(req->vwv+7,0); /* We have to deal with slightly different formats depending on whether we are using the core+ or lanman1.0 protocol */ @@ -3480,8 +3412,8 @@ void reply_writebraw(struct smb_request *req) numtowrite = SVAL(smb_buf(req->inbuf),-2); data = smb_buf(req->inbuf); } else { - numtowrite = SVAL(req->inbuf,smb_vwv10); - data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11); + numtowrite = SVAL(req->vwv+10, 0); + data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0); } /* Ensure we don't write bytes past the end of this packet. */ @@ -3648,7 +3580,7 @@ void reply_writeunlock(struct smb_request *req) ssize_t nwritten = -1; size_t numtowrite; SMB_OFF_T startpos; - char *data; + const char *data; NTSTATUS status = NT_STATUS_OK; files_struct *fsp; @@ -3660,7 +3592,7 @@ void reply_writeunlock(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwriteunlock); @@ -3673,9 +3605,9 @@ void reply_writeunlock(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); - data = smb_buf(req->inbuf) + 3; + numtowrite = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); + data = (const char *)req->buf + 3; if (numtowrite && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite, @@ -3748,7 +3680,7 @@ void reply_write(struct smb_request *req) size_t numtowrite; ssize_t nwritten = -1; SMB_OFF_T startpos; - char *data; + const char *data; files_struct *fsp; NTSTATUS status; @@ -3767,7 +3699,7 @@ void reply_write(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwrite); @@ -3780,9 +3712,9 @@ void reply_write(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); - data = smb_buf(req->inbuf) + 3; + numtowrite = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); + data = (const char *)req->buf + 3; if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite, (uint64_t)startpos, WRITE_LOCK)) { @@ -3954,14 +3886,14 @@ void reply_write_and_X(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv10); - smb_doff = SVAL(req->inbuf,smb_vwv11); + numtowrite = SVAL(req->vwv+10, 0); + smb_doff = SVAL(req->vwv+11, 0); smblen = smb_len(req->inbuf); if (req->unread_bytes > 0xFFFF || (smblen > smb_doff && smblen - smb_doff > 0xFFFF)) { - numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16); + numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16); } if (req->unread_bytes) { @@ -3997,9 +3929,9 @@ void reply_write_and_X(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2)); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3); - write_through = BITSETW(req->inbuf+smb_vwv7,0); + fsp = file_fsp(req, SVAL(req->vwv+2, 0)); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0); + write_through = BITSETW(req->vwv+7,0); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwriteX); @@ -4019,7 +3951,7 @@ void reply_write_and_X(struct smb_request *req) /* * This is a large offset (64 bit) write. */ - startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32); + startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32); #else /* !LARGE_SMB_OFF_T */ @@ -4027,10 +3959,10 @@ void reply_write_and_X(struct smb_request *req) * Ensure we haven't been sent a >32 bit offset. */ - if(IVAL(req->inbuf,smb_vwv12) != 0) { + if(IVAL(req->vwv+12, 0) != 0) { DEBUG(0,("reply_write_and_X - large offset (%x << 32) " "used and we don't support 64 bit offsets.\n", - (unsigned int)IVAL(req->inbuf,smb_vwv12) )); + (unsigned int)IVAL(req->vwv+12, 0) )); reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBwriteX); return; @@ -4118,7 +4050,7 @@ void reply_lseek(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { return; @@ -4126,9 +4058,9 @@ void reply_lseek(struct smb_request *req) flush_write_cache(fsp, SEEK_FLUSH); - mode = SVAL(req->inbuf,smb_vwv1) & 3; + mode = SVAL(req->vwv+1, 0) & 3; /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */ - startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2); + startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0); switch (mode) { case 0: @@ -4203,7 +4135,7 @@ void reply_flush(struct smb_request *req) return; } - fnum = SVAL(req->inbuf,smb_vwv0); + fnum = SVAL(req->vwv+0, 0); fsp = file_fsp(req, fnum); if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) { @@ -4266,7 +4198,7 @@ void reply_close(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); /* * We can only use check_fsp if we know it's not a directory. @@ -4298,7 +4230,7 @@ void reply_close(struct smb_request *req) * Take care of any time sent in the close. */ - t = srv_make_unix_date3(req->inbuf+smb_vwv1); + t = srv_make_unix_date3(req->vwv+1); set_close_write_time(fsp, convert_time_t_to_timespec(t)); /* @@ -4332,7 +4264,7 @@ void reply_writeclose(struct smb_request *req) ssize_t nwritten = -1; NTSTATUS close_status = NT_STATUS_OK; SMB_OFF_T startpos; - char *data; + const char *data; struct timespec mtime; files_struct *fsp; @@ -4344,7 +4276,7 @@ void reply_writeclose(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwriteclose); @@ -4356,11 +4288,10 @@ void reply_writeclose(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); - mtime = convert_time_t_to_timespec(srv_make_unix_date3( - req->inbuf+smb_vwv4)); - data = smb_buf(req->inbuf) + 1; + numtowrite = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); + mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4)); + data = (const char *)req->buf + 1; if (numtowrite && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite, @@ -4431,7 +4362,7 @@ void reply_lock(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBlock); @@ -4440,8 +4371,8 @@ void reply_lock(struct smb_request *req) release_level_2_oplocks_on_change(fsp); - count = (uint64_t)IVAL(req->inbuf,smb_vwv1); - offset = (uint64_t)IVAL(req->inbuf,smb_vwv3); + count = (uint64_t)IVAL(req->vwv+1, 0); + offset = (uint64_t)IVAL(req->vwv+3, 0); DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n", fsp->fh->fd, fsp->fnum, (double)offset, (double)count)); @@ -4490,15 +4421,15 @@ void reply_unlock(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBunlock); return; } - count = (uint64_t)IVAL(req->inbuf,smb_vwv1); - offset = (uint64_t)IVAL(req->inbuf,smb_vwv3); + count = (uint64_t)IVAL(req->vwv+1, 0); + offset = (uint64_t)IVAL(req->vwv+3, 0); status = do_unlock(smbd_messaging_context(), fsp, @@ -4562,7 +4493,6 @@ void reply_echo(struct smb_request *req) connection_struct *conn = req->conn; int smb_reverb; int seq_num; - unsigned int data_len = smb_buflen(req->inbuf); START_PROFILE(SMBecho); @@ -4572,20 +4502,13 @@ void reply_echo(struct smb_request *req) return; } - if (data_len > BUFFER_SIZE) { - DEBUG(0,("reply_echo: data_len too large.\n")); - reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES); - END_PROFILE(SMBecho); - return; - } + smb_reverb = SVAL(req->vwv+0, 0); - smb_reverb = SVAL(req->inbuf,smb_vwv0); - - reply_outbuf(req, 1, data_len); + reply_outbuf(req, 1, req->buflen); /* copy any incoming data back out */ - if (data_len > 0) { - memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len); + if (req->buflen > 0) { + memcpy(smb_buf(req->outbuf), req->buf, req->buflen); } if (smb_reverb > 100) { @@ -4672,7 +4595,7 @@ void reply_printclose(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBsplclose); @@ -4720,8 +4643,8 @@ void reply_printqueue(struct smb_request *req) return; } - max_count = SVAL(req->inbuf,smb_vwv0); - start_index = SVAL(req->inbuf,smb_vwv1); + max_count = SVAL(req->vwv+0, 0); + start_index = SVAL(req->vwv+1, 0); /* we used to allow the client to get the cnum wrong, but that is really quite gross and only worked when there was only @@ -4803,7 +4726,7 @@ void reply_printwrite(struct smb_request *req) { connection_struct *conn = req->conn; int numtowrite; - char *data; + const char *data; files_struct *fsp; START_PROFILE(SMBsplwr); @@ -4814,7 +4737,7 @@ void reply_printwrite(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBsplwr); @@ -4833,15 +4756,15 @@ void reply_printwrite(struct smb_request *req) return; } - numtowrite = SVAL(smb_buf(req->inbuf),1); + numtowrite = SVAL(req->buf, 1); - if (smb_buflen(req->inbuf) < numtowrite + 3) { + if (req->buflen < numtowrite + 3) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBsplwr); return; } - data = smb_buf(req->inbuf) + 3; + data = (const char *)req->buf + 3; if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) { reply_unixerror(req, ERRHRD, ERRdiskfull); @@ -4869,9 +4792,8 @@ void reply_mkdir(struct smb_request *req) START_PROFILE(SMBmkdir); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory, - smb_buf(req->inbuf) + 1, 0, - STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBmkdir); @@ -5140,9 +5062,8 @@ void reply_rmdir(struct smb_request *req) START_PROFILE(SMBrmdir); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory, - smb_buf(req->inbuf) + 1, 0, - STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBrmdir); @@ -5922,7 +5843,7 @@ void reply_mv(struct smb_request *req) connection_struct *conn = req->conn; char *name = NULL; char *newname = NULL; - char *p; + const char *p; uint32 attrs; NTSTATUS status; bool src_has_wcard = False; @@ -5937,21 +5858,19 @@ void reply_mv(struct smb_request *req) return; } - attrs = SVAL(req->inbuf,smb_vwv0); + attrs = SVAL(req->vwv+0, 0); - p = smb_buf(req->inbuf) + 1; - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p, - 0, STR_TERMINATE, &status, - &src_has_wcard); + p = (const char *)req->buf + 1; + p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE, + &status, &src_has_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBmv); return; } p++; - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p, - 0, STR_TERMINATE, &status, - &dest_has_wcard); + p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE, + &status, &dest_has_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBmv); @@ -6155,8 +6074,9 @@ void reply_copy(struct smb_request *req) char *name = NULL; char *newname = NULL; char *directory = NULL; - char *mask = NULL; - char *p; + const char *mask = NULL; + const char mask_star[] = "*"; + const char *p; int count=0; int error = ERRnoaccess; int err = 0; @@ -6178,22 +6098,20 @@ void reply_copy(struct smb_request *req) return; } - tid2 = SVAL(req->inbuf,smb_vwv0); - ofun = SVAL(req->inbuf,smb_vwv1); - flags = SVAL(req->inbuf,smb_vwv2); + tid2 = SVAL(req->vwv+0, 0); + ofun = SVAL(req->vwv+1, 0); + flags = SVAL(req->vwv+2, 0); - p = smb_buf(req->inbuf); - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p, - 0, STR_TERMINATE, &status, - &source_has_wild); + p = (const char *)req->buf; + p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE, + &status, &source_has_wild); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBcopy); return; } - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p, - 0, STR_TERMINATE, &status, - &dest_has_wild); + p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE, + &status, &dest_has_wild); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBcopy); @@ -6283,23 +6201,18 @@ void reply_copy(struct smb_request *req) } p = strrchr_m(name,'/'); - if (!p) { + if (p != NULL) { + directory = talloc_strndup(ctx, name, PTR_DIFF(p, name)); + mask = p+1; + } else { directory = talloc_strdup(ctx, "./"); - if (!directory) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBcopy); - return; - } mask = name; - } else { - *p = 0; - directory = talloc_strdup(ctx, name); - if (!directory) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBcopy); - return; - } - mask = p+1; + } + + if (!directory) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBcopy); + return; } /* @@ -6367,8 +6280,7 @@ void reply_copy(struct smb_request *req) long offset = 0; if (strequal(mask,"????????.???")) { - mask[0] = '*'; - mask[1] = '\0'; + mask = mask_star; } status = check_name(conn, directory); @@ -6484,7 +6396,8 @@ void reply_copy(struct smb_request *req) Get a lock pid, dealing with large count requests. ****************************************************************************/ -uint32 get_lock_pid( char *data, int data_offset, bool large_file_format) +uint32 get_lock_pid(const uint8_t *data, int data_offset, + bool large_file_format) { if(!large_file_format) return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset)); @@ -6496,7 +6409,8 @@ uint32 get_lock_pid( char *data, int data_offset, bool large_file_format) Get a lock count, dealing with large count requests. ****************************************************************************/ -uint64_t get_lock_count( char *data, int data_offset, bool large_file_format) +uint64_t get_lock_count(const uint8_t *data, int data_offset, + bool large_file_format) { uint64_t count = 0; @@ -6568,7 +6482,8 @@ static uint32 map_lock_offset(uint32 high, uint32 low) Get a lock offset, dealing with large offset requests. ****************************************************************************/ -uint64_t get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err) +uint64_t get_lock_offset(const uint8_t *data, int data_offset, + bool large_file_format, bool *err) { uint64_t offset = 0; @@ -6629,7 +6544,7 @@ void reply_lockingX(struct smb_request *req) uint32 lock_pid; int32 lock_timeout; int i; - char *data; + const uint8_t *data; bool large_file_format; bool err; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; @@ -6642,12 +6557,12 @@ void reply_lockingX(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2)); - locktype = CVAL(req->inbuf,smb_vwv3); - oplocklevel = CVAL(req->inbuf,smb_vwv3+1); - num_ulocks = SVAL(req->inbuf,smb_vwv6); - num_locks = SVAL(req->inbuf,smb_vwv7); - lock_timeout = IVAL(req->inbuf,smb_vwv4); + fsp = file_fsp(req, SVAL(req->vwv+2, 0)); + locktype = CVAL(req->vwv+3, 0); + oplocklevel = CVAL(req->vwv+3, 1); + num_ulocks = SVAL(req->vwv+6, 0); + num_locks = SVAL(req->vwv+7, 0); + lock_timeout = IVAL(req->vwv+4, 0); large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False; if (!check_fsp(conn, req, fsp)) { @@ -6655,7 +6570,7 @@ void reply_lockingX(struct smb_request *req) return; } - data = smb_buf(req->inbuf); + data = req->buf; if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) { /* we don't support these - and CANCEL_LOCK makes w2k @@ -6729,11 +6644,10 @@ void reply_lockingX(struct smb_request *req) if (num_locks == 0 && num_ulocks == 0) { /* Sanity check - ensure a pure oplock break is not a chained request. */ - if(CVAL(req->inbuf,smb_vwv0) != 0xff) + if(CVAL(req->vwv+0, 0) != 0xff) DEBUG(0,("reply_lockingX: Error : pure oplock " "break is a chained %d request !\n", - (unsigned int)CVAL(req->inbuf, - smb_vwv0) )); + (unsigned int)CVAL(req->vwv+0, 0))); END_PROFILE(SMBlockingX); return; } @@ -6746,7 +6660,7 @@ void reply_lockingX(struct smb_request *req) release_level_2_oplocks_on_change(fsp); - if (smb_buflen(req->inbuf) < + if (req->buflen < (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBlockingX); @@ -7018,7 +6932,7 @@ void reply_setattrE(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if(!fsp || (fsp->conn != conn)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -7033,9 +6947,9 @@ void reply_setattrE(struct smb_request *req) */ ts[0] = convert_time_t_to_timespec( - srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */ + srv_make_unix_date2(req->vwv+3)); /* atime. */ ts[1] = convert_time_t_to_timespec( - srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */ + srv_make_unix_date2(req->vwv+5)); /* mtime. */ reply_outbuf(req, 0, 0); @@ -7129,7 +7043,7 @@ void reply_getattrE(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if(!fsp || (fsp->conn != conn)) { reply_doserror(req, ERRDOS, ERRbadfid); |