diff options
-rw-r--r-- | source3/include/fake_file.h | 3 | ||||
-rw-r--r-- | source3/include/ntdomain.h | 1 | ||||
-rw-r--r-- | source3/include/proto.h | 12 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 98 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 90 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 17 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 78 | ||||
-rw-r--r-- | source3/smbd/reply.c | 7 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 6 |
9 files changed, 208 insertions, 104 deletions
diff --git a/source3/include/fake_file.h b/source3/include/fake_file.h index 93da106030..c4b271f85d 100644 --- a/source3/include/fake_file.h +++ b/source3/include/fake_file.h @@ -22,7 +22,8 @@ enum FAKE_FILE_TYPE { FAKE_FILE_TYPE_NONE = 0, - FAKE_FILE_TYPE_QUOTA + FAKE_FILE_TYPE_QUOTA, + FAKE_FILE_TYPE_NAMED_PIPE }; /* diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index de0a313609..60bbf500bc 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -317,6 +317,7 @@ typedef struct smb_np_struct { * is stored in np_state, above. */ struct pipes_struct *(*namedpipe_create)( + TALLOC_CTX *mem_ctx, const char *pipe_name, const char *client_address, struct auth_serversupplied_info *server_info, diff --git a/source3/include/proto.h b/source3/include/proto.h index 66eb1b0fac..a3e78d751d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8705,7 +8705,8 @@ bool close_rpc_pipe_hnd(smb_np_struct *p); void pipe_close_conn(connection_struct *conn); smb_np_struct *get_rpc_pipe_p(uint16 pnum); smb_np_struct *get_rpc_pipe(int pnum); -struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name, +struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, + const char *pipe_name, const char *client_address, struct auth_serversupplied_info *server_info, uint16_t vuid); @@ -8713,6 +8714,15 @@ ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data, size_t n, bool *is_data_outstanding); ssize_t write_to_internal_pipe(struct pipes_struct *p, char *data, size_t n); +bool fsp_is_np(struct files_struct *fsp); +NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, + const char *name, struct files_struct **pfsp); +NTSTATUS np_write(struct files_struct *fsp, uint8_t *data, size_t len, + ssize_t *nwritten); +NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len, + ssize_t *nread, bool *is_data_outstanding); + + /* The following definitions come from rpc_server/srv_samr_nt.c */ NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r); diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index c55e328705..632514dffe 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -208,7 +208,8 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, p->namedpipe_read = read_from_internal_pipe; p->namedpipe_write = write_to_internal_pipe; - p->np_state = p->namedpipe_create(pipe_name, conn->client_address, + p->np_state = p->namedpipe_create(NULL, pipe_name, + conn->client_address, conn->server_info, vuid); if (p->np_state == NULL) { @@ -258,7 +259,8 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name, Make an internal namedpipes structure ****************************************************************************/ -struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name, +struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, + const char *pipe_name, const char *client_address, struct auth_serversupplied_info *server_info, uint16_t vuid) @@ -267,7 +269,7 @@ struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name, DEBUG(4,("Create pipe requested %s\n", pipe_name)); - p = TALLOC_ZERO_P(NULL, pipes_struct); + p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct); if (!p) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); @@ -1244,3 +1246,93 @@ smb_np_struct *get_rpc_pipe(int pnum) return NULL; } + +bool fsp_is_np(struct files_struct *fsp) +{ + return ((fsp != NULL) + && (fsp->fake_file_handle != NULL) + && (fsp->fake_file_handle->type == FAKE_FILE_TYPE_NAMED_PIPE)); +} + +NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, + const char *name, struct files_struct **pfsp) +{ + NTSTATUS status; + struct files_struct *fsp; + struct pipes_struct *p; + + status = file_new(smb_req, conn, &fsp); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("file_new failed: %s\n", nt_errstr(status))); + return status; + } + + fsp->conn = conn; + fsp->fh->fd = -1; + fsp->vuid = smb_req->vuid; + fsp->can_lock = false; + fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA; + string_set(&fsp->fsp_name, name); + + fsp->fake_file_handle = talloc(NULL, struct fake_file_handle); + if (fsp->fake_file_handle == NULL) { + file_free(smb_req, fsp); + return NT_STATUS_NO_MEMORY; + } + fsp->fake_file_handle->type = FAKE_FILE_TYPE_NAMED_PIPE; + + p = make_internal_rpc_pipe_p(fsp->fake_file_handle, name, + conn->client_address, conn->server_info, + smb_req->vuid); + if (p == NULL) { + file_free(smb_req, fsp); + return NT_STATUS_PIPE_NOT_AVAILABLE; + } + fsp->fake_file_handle->private_data = p; + + *pfsp = fsp; + + return NT_STATUS_OK; +} + +NTSTATUS np_write(struct files_struct *fsp, uint8_t *data, size_t len, + ssize_t *nwritten) +{ + struct pipes_struct *p; + + if (!fsp_is_np(fsp)) { + return NT_STATUS_INVALID_HANDLE; + } + + p = talloc_get_type_abort( + fsp->fake_file_handle->private_data, struct pipes_struct); + + DEBUG(6, ("np_write: %x name: %s len: %d\n", (int)fsp->fnum, + fsp->fsp_name, (int)len)); + dump_data(50, data, len); + + *nwritten = write_to_internal_pipe(p, (char *)data, len); + + return ((*nwritten) >= 0) + ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR; +} + +NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len, + ssize_t *nread, bool *is_data_outstanding) +{ + struct pipes_struct *p; + + if (!fsp_is_np(fsp)) { + return NT_STATUS_INVALID_HANDLE; + } + + p = talloc_get_type_abort( + fsp->fake_file_handle->private_data, struct pipes_struct); + + *nread = read_from_internal_pipe(p, (char *)data, len, + is_data_outstanding); + + return ((*nread) >= 0) + ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR; + +} diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a824ab7fd3..0ce226809e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -194,11 +194,15 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req, smb_np_struct *p) +static void api_rpc_trans_reply(connection_struct *conn, + struct smb_request *req, + files_struct *fsp, + int max_trans_reply) { bool is_data_outstanding; - char *rdata = (char *)SMB_MALLOC(p->max_trans_reply); - int data_len; + uint8_t *rdata = SMB_MALLOC_ARRAY(uint8_t, max_trans_reply); + ssize_t data_len; + NTSTATUS status; if(rdata == NULL) { DEBUG(0,("api_rpc_trans_reply: malloc fail.\n")); @@ -206,14 +210,15 @@ static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req return; } - if((data_len = read_from_pipe( p, rdata, p->max_trans_reply, - &is_data_outstanding)) < 0) { + status = np_read(fsp, rdata, max_trans_reply, &data_len, + &is_data_outstanding); + if (!NT_STATUS_IS_OK(status)) { SAFE_FREE(rdata); api_no_reply(conn,req); return; } - send_trans_reply(conn, req->inbuf, NULL, 0, rdata, data_len, + send_trans_reply(conn, req->inbuf, NULL, 0, (char *)rdata, data_len, is_data_outstanding); SAFE_FREE(rdata); return; @@ -223,25 +228,18 @@ static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req WaitNamedPipeHandleState ****************************************************************************/ -static void api_WNPHS(connection_struct *conn, struct smb_request *req, smb_np_struct *p, - char *param, int param_len) +static void api_WNPHS(connection_struct *conn, struct smb_request *req, + struct files_struct *fsp, char *param, int param_len) { - uint16 priority; - if (!param || param_len < 2) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); return; } - priority = SVAL(param,0); - DEBUG(4,("WaitNamedPipeHandleState priority %x\n", priority)); + DEBUG(4,("WaitNamedPipeHandleState priority %x\n", + (int)SVAL(param,0))); - if (wait_rpc_pipe_hnd_state(p, priority)) { - /* now send the reply */ - send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); - return; - } - api_no_reply(conn,req); + send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); } @@ -249,25 +247,17 @@ static void api_WNPHS(connection_struct *conn, struct smb_request *req, smb_np_s SetNamedPipeHandleState ****************************************************************************/ -static void api_SNPHS(connection_struct *conn, struct smb_request *req, smb_np_struct *p, - char *param, int param_len) +static void api_SNPHS(connection_struct *conn, struct smb_request *req, + struct files_struct *fsp, char *param, int param_len) { - uint16 id; - if (!param || param_len < 2) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); return; } - id = SVAL(param,0); - DEBUG(4,("SetNamedPipeHandleState to code %x\n", id)); + DEBUG(4,("SetNamedPipeHandleState to code %x\n", (int)SVAL(param,0))); - if (set_rpc_pipe_hnd_state(p, id)) { - /* now send the reply */ - send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); - return; - } - api_no_reply(conn,req); + send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); } @@ -297,14 +287,14 @@ static void api_no_reply(connection_struct *conn, struct smb_request *req) static void api_fd_reply(connection_struct *conn, uint16 vuid, struct smb_request *req, - uint16 *setup, char *data, char *params, + uint16 *setup, uint8_t *data, char *params, int suwcnt, int tdscnt, int tpscnt, int mdrcnt, int mprcnt) { - bool reply = False; - smb_np_struct *p = NULL; + struct files_struct *fsp; int pnum; int subcommand; + NTSTATUS status; DEBUG(5,("api_fd_reply\n")); @@ -323,7 +313,9 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, pnum = ((int)setup[1]) & 0xFFFF; subcommand = ((int)setup[0]) & 0xFFFF; - if(!(p = get_rpc_pipe(pnum))) { + fsp = file_fsp(req, pnum); + + if (!fsp_is_np(fsp)) { if (subcommand == TRANSACT_WAITNAMEDPIPEHANDLESTATE) { /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ @@ -338,37 +330,37 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, return; } - if (vuid != p->vuid) { + if (vuid != fsp->vuid) { DEBUG(1, ("Got pipe request (pnum %x) using invalid VUID %d, " - "expected %d\n", pnum, vuid, p->vuid)); + "expected %d\n", pnum, vuid, fsp->vuid)); reply_nterror(req, NT_STATUS_INVALID_HANDLE); return; } - DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", + subcommand, fsp->fsp_name, pnum)); - /* record maximum data length that can be transmitted in an SMBtrans */ - p->max_trans_reply = mdrcnt; - - DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply)); + DEBUG(10, ("api_fd_reply: p:%p max_trans_reply: %d\n", fsp, mdrcnt)); switch (subcommand) { - case TRANSACT_DCERPCCMD: + case TRANSACT_DCERPCCMD: { /* dce/rpc command */ - reply = write_to_pipe(p, data, tdscnt); - if (!reply) { + ssize_t nwritten; + status = np_write(fsp, data, tdscnt, &nwritten); + if (!NT_STATUS_IS_OK(status)) { api_no_reply(conn, req); return; } - api_rpc_trans_reply(conn, req, p); + api_rpc_trans_reply(conn, req, fsp, mdrcnt); break; + } case TRANSACT_WAITNAMEDPIPEHANDLESTATE: /* Wait Named Pipe Handle state */ - api_WNPHS(conn, req, p, params, tpscnt); + api_WNPHS(conn, req, fsp, params, tpscnt); break; case TRANSACT_SETNAMEDPIPEHANDLESTATE: /* Set Named Pipe Handle state */ - api_SNPHS(conn, req, p, params, tpscnt); + api_SNPHS(conn, req, fsp, params, tpscnt); break; default: reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -406,7 +398,7 @@ static void named_pipe(connection_struct *conn, uint16 vuid, DEBUG(4,("named pipe command from Win95 (wow!)\n")); api_fd_reply(conn, vuid, req, - setup, data, params, + setup, (uint8_t *)data, params, suwcnt, tdscnt, tpscnt, mdrcnt, mprcnt); return; @@ -414,7 +406,7 @@ static void named_pipe(connection_struct *conn, uint16 vuid, if (strlen(name) < 1) { api_fd_reply(conn, vuid, req, - setup, data, + setup, (uint8_t *)data, params, suwcnt, tdscnt, tpscnt, mdrcnt, mprcnt); return; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 6361f7949a..c5e4dc3dfb 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -268,7 +268,8 @@ bool is_ntfs_stream_name(const char *fname) static void nt_open_pipe(char *fname, connection_struct *conn, struct smb_request *req, int *ppnum) { - smb_np_struct *p = NULL; + files_struct *fsp; + NTSTATUS status; DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname)); @@ -285,19 +286,13 @@ static void nt_open_pipe(char *fname, connection_struct *conn, DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname)); - p = open_rpc_pipe_p(fname, conn, req->vuid); - if (!p) { - reply_doserror(req, ERRSRV, ERRnofids); + status = np_open(req, conn, fname, &fsp); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); return; } - /* TODO: Add pipe to db */ - - if ( !store_pipe_opendb( p ) ) { - DEBUG(3,("nt_open_pipe: failed to store %s pipe open.\n", fname)); - } - - *ppnum = p->pnum; + *ppnum = fsp->fnum; return; } diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 4fdcdcc557..16d8ed1c11 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -54,9 +54,10 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) { const char *fname = NULL; char *pipe_name = NULL; - smb_np_struct *p; + files_struct *fsp; int size=0,fmode=0,mtime=0,rmode=0; TALLOC_CTX *ctx = talloc_tos(); + NTSTATUS status; /* XXXX we need to handle passed times, sattr and flags */ srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &pipe_name, @@ -101,9 +102,9 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) /* can be opened and add it in after the open. */ DEBUG(3,("Known pipe %s opening.\n",fname)); - p = open_rpc_pipe_p(fname, conn, req->vuid); - if (!p) { - reply_doserror(req, ERRSRV, ERRnofids); + status = np_open(req, conn, fname, &fsp); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); return; } @@ -119,7 +120,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) rmode = 1; } - SSVAL(req->outbuf,smb_vwv2, p->pnum); + SSVAL(req->outbuf,smb_vwv2, fsp->fnum); SSVAL(req->outbuf,smb_vwv3,fmode); srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime); SIVAL(req->outbuf,smb_vwv6,size); @@ -136,27 +137,32 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) void reply_pipe_write(struct smb_request *req) { - smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv0)); + files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); size_t numtowrite = SVAL(req->inbuf,smb_vwv1); - int nwritten; - char *data; + ssize_t nwritten; + uint8_t *data; - if (!p) { + if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); return; } - if (p->vuid != req->vuid) { + if (fsp->vuid != req->vuid) { reply_nterror(req, NT_STATUS_INVALID_HANDLE); return; } - data = smb_buf(req->inbuf) + 3; + data = (uint8_t *)smb_buf(req->inbuf) + 3; if (numtowrite == 0) { nwritten = 0; } else { - nwritten = write_to_pipe(p, data, numtowrite); + NTSTATUS status; + status = np_write(fsp, data, numtowrite, &nwritten); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + return; + } } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { @@ -168,7 +174,8 @@ void reply_pipe_write(struct smb_request *req) SSVAL(req->outbuf,smb_vwv0,nwritten); - DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten)); + DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", fsp->fnum, + (int)nwritten)); return; } @@ -182,31 +189,33 @@ void reply_pipe_write(struct smb_request *req) void reply_pipe_write_and_X(struct smb_request *req) { - smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2)); + files_struct *fsp = file_fsp(req, SVAL(req->inbuf, smb_vwv2)); size_t numtowrite = SVAL(req->inbuf,smb_vwv10); - int nwritten = -1; + ssize_t nwritten; int smb_doff = SVAL(req->inbuf, smb_vwv11); bool pipe_start_message_raw = ((SVAL(req->inbuf, smb_vwv7) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) == (PIPE_START_MESSAGE|PIPE_RAW_MODE)); - char *data; + uint8_t *data; - if (!p) { + if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); return; } - if (p->vuid != req->vuid) { + if (fsp->vuid != req->vuid) { reply_nterror(req, NT_STATUS_INVALID_HANDLE); return; } - data = smb_base(req->inbuf) + smb_doff; + data = (uint8_t *)smb_base(req->inbuf) + smb_doff; if (numtowrite == 0) { nwritten = 0; } else { + NTSTATUS status; + if(pipe_start_message_raw) { /* * For the start of a message in named pipe byte mode, @@ -225,7 +234,11 @@ void reply_pipe_write_and_X(struct smb_request *req) data += 2; numtowrite -= 2; } - nwritten = write_to_pipe(p, data, numtowrite); + status = np_write(fsp, data, numtowrite, &nwritten); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + return; + } } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { @@ -238,7 +251,8 @@ void reply_pipe_write_and_X(struct smb_request *req) nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten); SSVAL(req->outbuf,smb_vwv2,nwritten); - DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten)); + DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", fsp->fnum, + (int)nwritten)); chain_reply(req); } @@ -251,12 +265,13 @@ void reply_pipe_write_and_X(struct smb_request *req) void reply_pipe_read_and_X(struct smb_request *req) { - smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2)); + files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); int smb_maxcnt = SVAL(req->inbuf,smb_vwv5); int smb_mincnt = SVAL(req->inbuf,smb_vwv6); - int nread = -1; - char *data; + ssize_t nread; + uint8_t *data; bool unused; + NTSTATUS status; /* we don't use the offset given to use for pipe reads. This is deliberate, instead we always return the next lump of @@ -265,18 +280,23 @@ void reply_pipe_read_and_X(struct smb_request *req) uint32 smb_offs = IVAL(req->inbuf,smb_vwv3); #endif - if (!p) { + if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); return; } + if (fsp->vuid != req->vuid) { + reply_nterror(req, NT_STATUS_INVALID_HANDLE); + return; + } + reply_outbuf(req, 12, smb_maxcnt); - data = smb_buf(req->outbuf); + data = (uint8_t *)smb_buf(req->outbuf); - nread = read_from_pipe(p, data, smb_maxcnt, &unused); + status = np_read(fsp, data, smb_maxcnt, &nread, &unused); - if (nread < 0) { + if (!NT_STATUS_IS_OK(status)) { reply_doserror(req, ERRDOS, ERRnoaccess); return; } @@ -288,7 +308,7 @@ void reply_pipe_read_and_X(struct smb_request *req) SSVAL(smb_buf(req->outbuf),-2,nread); DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n", - p->pnum, smb_mincnt, smb_maxcnt, nread)); + fsp->fnum, smb_mincnt, smb_maxcnt, (int)nread)); chain_reply(req); } diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 0f38a4986f..368fc808e8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -4261,13 +4261,6 @@ void reply_close(struct smb_request *req) return; } - /* If it's an IPC, pass off to the pipe handler. */ - if (IS_IPC(conn)) { - reply_pipe_close(conn, req); - END_PROFILE(SMBclose); - return; - } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); /* diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index a82c2920df..124171ae10 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3754,7 +3754,7 @@ static void call_trans2qpipeinfo(connection_struct *conn, unsigned int data_size = 0; unsigned int param_size = 2; uint16 info_level; - smb_np_struct *p_pipe = NULL; + files_struct *fsp; if (!params) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -3766,8 +3766,8 @@ static void call_trans2qpipeinfo(connection_struct *conn, return; } - p_pipe = get_rpc_pipe_p(SVAL(params,0)); - if (p_pipe == NULL) { + fsp = file_fsp(req, SVAL(params,0)); + if (!fsp_is_np(fsp)) { reply_nterror(req, NT_STATUS_INVALID_HANDLE); return; } |