Convert SMB and SMB2 code to use a common buffer handling structure

This converts our SMB and SMB2 code to use a common structure "struct
request_bufinfo" for information on the buffer bounds of a packet,
alignment information and string handling. This allows us to use a
common backend for SMB and SMB2 code, while still using all the same
string and blob handling functions.

Up to now we had been passing a NULL req handle into these common
routines from the SMB2 side of the server, which meant that we failed
any operation which did a bounds checked string extraction (such as a
RenameInformation setinfo call, which is what Vista uses for renaming
files)

There is still some more work to be done on this - for example we can
now remove many of the SMB2 specific buffer handling functions that we
had, and use the SMB ones.
(This used to be commit ca6d9be6cb6a403a81b18fa6e9a6a0518d7f0f68)

4 files changed, 25 insertions, 1 deletions

diff --git a/source4/smb_server/smb2/fileinfo.c b/source4/smb_server/smb2/fileinfo.c
index 00c455e351..e375b7308f 100644
--- a/source4/smb_server/smb2/fileinfo.c
+++ b/source4/smb_server/smb2/fileinfo.c
@@ -268,7 +268,7 @@ static NTSTATUS smb2srv_setinfo_file(struct smb2srv_setinfo_op *op, uint8_t smb2
 
 	status = smbsrv_pull_passthru_sfileinfo(io, io->generic.level, io,
 						&op->info->in.blob,
-						STR_UNICODE, NULL);
+						STR_UNICODE, &op->req->in.bufinfo);
 	NT_STATUS_NOT_OK_RETURN(status);
 
 	return ntvfs_setfileinfo(op->req->ntvfs, io);
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index 7c295c05ab..578eadbe8f 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -238,6 +238,8 @@ void smb2srv_reply_smb_negprot(struct smbsrv_request *smb_req)
 	req->in.body_size = body_fixed_size;
 	req->in.dynamic   = NULL;
 
+	smb2srv_setup_bufinfo(req);
+
 	SIVAL(req->in.hdr, 0,				SMB2_MAGIC);
 	SSVAL(req->in.hdr, SMB2_HDR_LENGTH,		SMB2_HDR_BODY);
 	SSVAL(req->in.hdr, SMB2_HDR_EPOCH,		0);
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 393b3f0cc5..58070065fc 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -30,6 +30,22 @@
 #include "ntvfs/ntvfs.h"
 #include "param/param.h"
 
+
+/* fill in the bufinfo */
+void smb2srv_setup_bufinfo(struct smb2srv_request *req)
+{
+	req->in.bufinfo.mem_ctx    = req;
+	req->in.bufinfo.unicode    = true;
+	req->in.bufinfo.align_base = req->in.buffer;
+	if (req->in.dynamic) {
+		req->in.bufinfo.data       = req->in.dynamic;
+		req->in.bufinfo.data_size  = req->in.body_size - req->in.body_fixed;
+	} else {
+		req->in.bufinfo.data       = NULL;
+		req->in.bufinfo.data_size  = 0;
+	}
+}
+
 static int smb2srv_request_destructor(struct smb2srv_request *req)
 {
 	DLIST_REMOVE(req->smb_conn->requests2.list, req);
@@ -180,6 +196,8 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 		}
 	}
 
+	smb2srv_setup_bufinfo(req);
+
 	if (p_req->chained_file_handle) {
 		memcpy(req->_chained_file_handle,
 		       p_req->_chained_file_handle,
@@ -430,6 +448,8 @@ NTSTATUS smbsrv_recv_smb2_request(void *private, DATA_BLOB blob)
 		}
 	}
 
+	smb2srv_setup_bufinfo(req);
+
 	/* 
 	 * TODO: - make sure the length field is 64
 	 *       - make sure it's a request
diff --git a/source4/smb_server/smb2/tcon.c b/source4/smb_server/smb2/tcon.c
index b375ce6b4b..50094b806d 100644
--- a/source4/smb_server/smb2/tcon.c
+++ b/source4/smb_server/smb2/tcon.c
@@ -55,6 +55,8 @@ static NTSTATUS smb2srv_send_oplock_break(void *p, struct ntvfs_handle *h, uint8
 
 	req->seqnum		= UINT64_MAX;
 
+	smb2srv_setup_bufinfo(req);
+
 	SIVAL(req->in.hdr, 0,				SMB2_MAGIC);
 	SSVAL(req->in.hdr, SMB2_HDR_LENGTH,		SMB2_HDR_BODY);
 	SSVAL(req->in.hdr, SMB2_HDR_EPOCH,		0);