summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/fake_file.h3
-rw-r--r--source3/include/ntdomain.h1
-rw-r--r--source3/include/proto.h12
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c98
-rw-r--r--source3/smbd/ipc.c90
-rw-r--r--source3/smbd/nttrans.c17
-rw-r--r--source3/smbd/pipes.c78
-rw-r--r--source3/smbd/reply.c7
-rw-r--r--source3/smbd/trans2.c6
9 files changed, 208 insertions, 104 deletions
diff --git a/source3/include/fake_file.h b/source3/include/fake_file.h
index 93da106030..c4b271f85d 100644
--- a/source3/include/fake_file.h
+++ b/source3/include/fake_file.h
@@ -22,7 +22,8 @@
enum FAKE_FILE_TYPE {
FAKE_FILE_TYPE_NONE = 0,
- FAKE_FILE_TYPE_QUOTA
+ FAKE_FILE_TYPE_QUOTA,
+ FAKE_FILE_TYPE_NAMED_PIPE
};
/*
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index de0a313609..60bbf500bc 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -317,6 +317,7 @@ typedef struct smb_np_struct {
* is stored in np_state, above.
*/
struct pipes_struct *(*namedpipe_create)(
+ TALLOC_CTX *mem_ctx,
const char *pipe_name,
const char *client_address,
struct auth_serversupplied_info *server_info,
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 66eb1b0fac..a3e78d751d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -8705,7 +8705,8 @@ bool close_rpc_pipe_hnd(smb_np_struct *p);
void pipe_close_conn(connection_struct *conn);
smb_np_struct *get_rpc_pipe_p(uint16 pnum);
smb_np_struct *get_rpc_pipe(int pnum);
-struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name,
+struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
+ const char *pipe_name,
const char *client_address,
struct auth_serversupplied_info *server_info,
uint16_t vuid);
@@ -8713,6 +8714,15 @@ ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data, size_t n,
bool *is_data_outstanding);
ssize_t write_to_internal_pipe(struct pipes_struct *p, char *data, size_t n);
+bool fsp_is_np(struct files_struct *fsp);
+NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn,
+ const char *name, struct files_struct **pfsp);
+NTSTATUS np_write(struct files_struct *fsp, uint8_t *data, size_t len,
+ ssize_t *nwritten);
+NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len,
+ ssize_t *nread, bool *is_data_outstanding);
+
+
/* The following definitions come from rpc_server/srv_samr_nt.c */
NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r);
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index c55e328705..632514dffe 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -208,7 +208,8 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name,
p->namedpipe_read = read_from_internal_pipe;
p->namedpipe_write = write_to_internal_pipe;
- p->np_state = p->namedpipe_create(pipe_name, conn->client_address,
+ p->np_state = p->namedpipe_create(NULL, pipe_name,
+ conn->client_address,
conn->server_info, vuid);
if (p->np_state == NULL) {
@@ -258,7 +259,8 @@ smb_np_struct *open_rpc_pipe_p(const char *pipe_name,
Make an internal namedpipes structure
****************************************************************************/
-struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name,
+struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
+ const char *pipe_name,
const char *client_address,
struct auth_serversupplied_info *server_info,
uint16_t vuid)
@@ -267,7 +269,7 @@ struct pipes_struct *make_internal_rpc_pipe_p(const char *pipe_name,
DEBUG(4,("Create pipe requested %s\n", pipe_name));
- p = TALLOC_ZERO_P(NULL, pipes_struct);
+ p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
if (!p) {
DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
@@ -1244,3 +1246,93 @@ smb_np_struct *get_rpc_pipe(int pnum)
return NULL;
}
+
+bool fsp_is_np(struct files_struct *fsp)
+{
+ return ((fsp != NULL)
+ && (fsp->fake_file_handle != NULL)
+ && (fsp->fake_file_handle->type == FAKE_FILE_TYPE_NAMED_PIPE));
+}
+
+NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn,
+ const char *name, struct files_struct **pfsp)
+{
+ NTSTATUS status;
+ struct files_struct *fsp;
+ struct pipes_struct *p;
+
+ status = file_new(smb_req, conn, &fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("file_new failed: %s\n", nt_errstr(status)));
+ return status;
+ }
+
+ fsp->conn = conn;
+ fsp->fh->fd = -1;
+ fsp->vuid = smb_req->vuid;
+ fsp->can_lock = false;
+ fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
+ string_set(&fsp->fsp_name, name);
+
+ fsp->fake_file_handle = talloc(NULL, struct fake_file_handle);
+ if (fsp->fake_file_handle == NULL) {
+ file_free(smb_req, fsp);
+ return NT_STATUS_NO_MEMORY;
+ }
+ fsp->fake_file_handle->type = FAKE_FILE_TYPE_NAMED_PIPE;
+
+ p = make_internal_rpc_pipe_p(fsp->fake_file_handle, name,
+ conn->client_address, conn->server_info,
+ smb_req->vuid);
+ if (p == NULL) {
+ file_free(smb_req, fsp);
+ return NT_STATUS_PIPE_NOT_AVAILABLE;
+ }
+ fsp->fake_file_handle->private_data = p;
+
+ *pfsp = fsp;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS np_write(struct files_struct *fsp, uint8_t *data, size_t len,
+ ssize_t *nwritten)
+{
+ struct pipes_struct *p;
+
+ if (!fsp_is_np(fsp)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ p = talloc_get_type_abort(
+ fsp->fake_file_handle->private_data, struct pipes_struct);
+
+ DEBUG(6, ("np_write: %x name: %s len: %d\n", (int)fsp->fnum,
+ fsp->fsp_name, (int)len));
+ dump_data(50, data, len);
+
+ *nwritten = write_to_internal_pipe(p, (char *)data, len);
+
+ return ((*nwritten) >= 0)
+ ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;
+}
+
+NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len,
+ ssize_t *nread, bool *is_data_outstanding)
+{
+ struct pipes_struct *p;
+
+ if (!fsp_is_np(fsp)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ p = talloc_get_type_abort(
+ fsp->fake_file_handle->private_data, struct pipes_struct);
+
+ *nread = read_from_internal_pipe(p, (char *)data, len,
+ is_data_outstanding);
+
+ return ((*nread) >= 0)
+ ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;
+
+}
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index a824ab7fd3..0ce226809e 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -194,11 +194,15 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf,
Start the first part of an RPC reply which began with an SMBtrans request.
****************************************************************************/
-static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req, smb_np_struct *p)
+static void api_rpc_trans_reply(connection_struct *conn,
+ struct smb_request *req,
+ files_struct *fsp,
+ int max_trans_reply)
{
bool is_data_outstanding;
- char *rdata = (char *)SMB_MALLOC(p->max_trans_reply);
- int data_len;
+ uint8_t *rdata = SMB_MALLOC_ARRAY(uint8_t, max_trans_reply);
+ ssize_t data_len;
+ NTSTATUS status;
if(rdata == NULL) {
DEBUG(0,("api_rpc_trans_reply: malloc fail.\n"));
@@ -206,14 +210,15 @@ static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req
return;
}
- if((data_len = read_from_pipe( p, rdata, p->max_trans_reply,
- &is_data_outstanding)) < 0) {
+ status = np_read(fsp, rdata, max_trans_reply, &data_len,
+ &is_data_outstanding);
+ if (!NT_STATUS_IS_OK(status)) {
SAFE_FREE(rdata);
api_no_reply(conn,req);
return;
}
- send_trans_reply(conn, req->inbuf, NULL, 0, rdata, data_len,
+ send_trans_reply(conn, req->inbuf, NULL, 0, (char *)rdata, data_len,
is_data_outstanding);
SAFE_FREE(rdata);
return;
@@ -223,25 +228,18 @@ static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req
WaitNamedPipeHandleState
****************************************************************************/
-static void api_WNPHS(connection_struct *conn, struct smb_request *req, smb_np_struct *p,
- char *param, int param_len)
+static void api_WNPHS(connection_struct *conn, struct smb_request *req,
+ struct files_struct *fsp, char *param, int param_len)
{
- uint16 priority;
-
if (!param || param_len < 2) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
- priority = SVAL(param,0);
- DEBUG(4,("WaitNamedPipeHandleState priority %x\n", priority));
+ DEBUG(4,("WaitNamedPipeHandleState priority %x\n",
+ (int)SVAL(param,0)));
- if (wait_rpc_pipe_hnd_state(p, priority)) {
- /* now send the reply */
- send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
- return;
- }
- api_no_reply(conn,req);
+ send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
}
@@ -249,25 +247,17 @@ static void api_WNPHS(connection_struct *conn, struct smb_request *req, smb_np_s
SetNamedPipeHandleState
****************************************************************************/
-static void api_SNPHS(connection_struct *conn, struct smb_request *req, smb_np_struct *p,
- char *param, int param_len)
+static void api_SNPHS(connection_struct *conn, struct smb_request *req,
+ struct files_struct *fsp, char *param, int param_len)
{
- uint16 id;
-
if (!param || param_len < 2) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
- id = SVAL(param,0);
- DEBUG(4,("SetNamedPipeHandleState to code %x\n", id));
+ DEBUG(4,("SetNamedPipeHandleState to code %x\n", (int)SVAL(param,0)));
- if (set_rpc_pipe_hnd_state(p, id)) {
- /* now send the reply */
- send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
- return;
- }
- api_no_reply(conn,req);
+ send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
}
@@ -297,14 +287,14 @@ static void api_no_reply(connection_struct *conn, struct smb_request *req)
static void api_fd_reply(connection_struct *conn, uint16 vuid,
struct smb_request *req,
- uint16 *setup, char *data, char *params,
+ uint16 *setup, uint8_t *data, char *params,
int suwcnt, int tdscnt, int tpscnt,
int mdrcnt, int mprcnt)
{
- bool reply = False;
- smb_np_struct *p = NULL;
+ struct files_struct *fsp;
int pnum;
int subcommand;
+ NTSTATUS status;
DEBUG(5,("api_fd_reply\n"));
@@ -323,7 +313,9 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid,
pnum = ((int)setup[1]) & 0xFFFF;
subcommand = ((int)setup[0]) & 0xFFFF;
- if(!(p = get_rpc_pipe(pnum))) {
+ fsp = file_fsp(req, pnum);
+
+ if (!fsp_is_np(fsp)) {
if (subcommand == TRANSACT_WAITNAMEDPIPEHANDLESTATE) {
/* Win9x does this call with a unicode pipe name, not a pnum. */
/* Just return success for now... */
@@ -338,37 +330,37 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid,
return;
}
- if (vuid != p->vuid) {
+ if (vuid != fsp->vuid) {
DEBUG(1, ("Got pipe request (pnum %x) using invalid VUID %d, "
- "expected %d\n", pnum, vuid, p->vuid));
+ "expected %d\n", pnum, vuid, fsp->vuid));
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
- DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum));
+ DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n",
+ subcommand, fsp->fsp_name, pnum));
- /* record maximum data length that can be transmitted in an SMBtrans */
- p->max_trans_reply = mdrcnt;
-
- DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply));
+ DEBUG(10, ("api_fd_reply: p:%p max_trans_reply: %d\n", fsp, mdrcnt));
switch (subcommand) {
- case TRANSACT_DCERPCCMD:
+ case TRANSACT_DCERPCCMD: {
/* dce/rpc command */
- reply = write_to_pipe(p, data, tdscnt);
- if (!reply) {
+ ssize_t nwritten;
+ status = np_write(fsp, data, tdscnt, &nwritten);
+ if (!NT_STATUS_IS_OK(status)) {
api_no_reply(conn, req);
return;
}
- api_rpc_trans_reply(conn, req, p);
+ api_rpc_trans_reply(conn, req, fsp, mdrcnt);
break;
+ }
case TRANSACT_WAITNAMEDPIPEHANDLESTATE:
/* Wait Named Pipe Handle state */
- api_WNPHS(conn, req, p, params, tpscnt);
+ api_WNPHS(conn, req, fsp, params, tpscnt);
break;
case TRANSACT_SETNAMEDPIPEHANDLESTATE:
/* Set Named Pipe Handle state */
- api_SNPHS(conn, req, p, params, tpscnt);
+ api_SNPHS(conn, req, fsp, params, tpscnt);
break;
default:
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -406,7 +398,7 @@ static void named_pipe(connection_struct *conn, uint16 vuid,
DEBUG(4,("named pipe command from Win95 (wow!)\n"));
api_fd_reply(conn, vuid, req,
- setup, data, params,
+ setup, (uint8_t *)data, params,
suwcnt, tdscnt, tpscnt,
mdrcnt, mprcnt);
return;
@@ -414,7 +406,7 @@ static void named_pipe(connection_struct *conn, uint16 vuid,
if (strlen(name) < 1) {
api_fd_reply(conn, vuid, req,
- setup, data,
+ setup, (uint8_t *)data,
params, suwcnt, tdscnt,
tpscnt, mdrcnt, mprcnt);
return;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 6361f7949a..c5e4dc3dfb 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -268,7 +268,8 @@ bool is_ntfs_stream_name(const char *fname)
static void nt_open_pipe(char *fname, connection_struct *conn,
struct smb_request *req, int *ppnum)
{
- smb_np_struct *p = NULL;
+ files_struct *fsp;
+ NTSTATUS status;
DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
@@ -285,19 +286,13 @@ static void nt_open_pipe(char *fname, connection_struct *conn,
DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
- p = open_rpc_pipe_p(fname, conn, req->vuid);
- if (!p) {
- reply_doserror(req, ERRSRV, ERRnofids);
+ status = np_open(req, conn, fname, &fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
return;
}
- /* TODO: Add pipe to db */
-
- if ( !store_pipe_opendb( p ) ) {
- DEBUG(3,("nt_open_pipe: failed to store %s pipe open.\n", fname));
- }
-
- *ppnum = p->pnum;
+ *ppnum = fsp->fnum;
return;
}
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 4fdcdcc557..16d8ed1c11 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -54,9 +54,10 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
{
const char *fname = NULL;
char *pipe_name = NULL;
- smb_np_struct *p;
+ files_struct *fsp;
int size=0,fmode=0,mtime=0,rmode=0;
TALLOC_CTX *ctx = talloc_tos();
+ NTSTATUS status;
/* XXXX we need to handle passed times, sattr and flags */
srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &pipe_name,
@@ -101,9 +102,9 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
/* can be opened and add it in after the open. */
DEBUG(3,("Known pipe %s opening.\n",fname));
- p = open_rpc_pipe_p(fname, conn, req->vuid);
- if (!p) {
- reply_doserror(req, ERRSRV, ERRnofids);
+ status = np_open(req, conn, fname, &fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
return;
}
@@ -119,7 +120,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
rmode = 1;
}
- SSVAL(req->outbuf,smb_vwv2, p->pnum);
+ SSVAL(req->outbuf,smb_vwv2, fsp->fnum);
SSVAL(req->outbuf,smb_vwv3,fmode);
srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
SIVAL(req->outbuf,smb_vwv6,size);
@@ -136,27 +137,32 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
void reply_pipe_write(struct smb_request *req)
{
- smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv0));
+ files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
size_t numtowrite = SVAL(req->inbuf,smb_vwv1);
- int nwritten;
- char *data;
+ ssize_t nwritten;
+ uint8_t *data;
- if (!p) {
+ if (!fsp_is_np(fsp)) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
- if (p->vuid != req->vuid) {
+ if (fsp->vuid != req->vuid) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
- data = smb_buf(req->inbuf) + 3;
+ data = (uint8_t *)smb_buf(req->inbuf) + 3;
if (numtowrite == 0) {
nwritten = 0;
} else {
- nwritten = write_to_pipe(p, data, numtowrite);
+ NTSTATUS status;
+ status = np_write(fsp, data, numtowrite, &nwritten);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
}
if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) {
@@ -168,7 +174,8 @@ void reply_pipe_write(struct smb_request *req)
SSVAL(req->outbuf,smb_vwv0,nwritten);
- DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten));
+ DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", fsp->fnum,
+ (int)nwritten));
return;
}
@@ -182,31 +189,33 @@ void reply_pipe_write(struct smb_request *req)
void reply_pipe_write_and_X(struct smb_request *req)
{
- smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2));
+ files_struct *fsp = file_fsp(req, SVAL(req->inbuf, smb_vwv2));
size_t numtowrite = SVAL(req->inbuf,smb_vwv10);
- int nwritten = -1;
+ ssize_t nwritten;
int smb_doff = SVAL(req->inbuf, smb_vwv11);
bool pipe_start_message_raw =
((SVAL(req->inbuf, smb_vwv7)
& (PIPE_START_MESSAGE|PIPE_RAW_MODE))
== (PIPE_START_MESSAGE|PIPE_RAW_MODE));
- char *data;
+ uint8_t *data;
- if (!p) {
+ if (!fsp_is_np(fsp)) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
- if (p->vuid != req->vuid) {
+ if (fsp->vuid != req->vuid) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
- data = smb_base(req->inbuf) + smb_doff;
+ data = (uint8_t *)smb_base(req->inbuf) + smb_doff;
if (numtowrite == 0) {
nwritten = 0;
} else {
+ NTSTATUS status;
+
if(pipe_start_message_raw) {
/*
* For the start of a message in named pipe byte mode,
@@ -225,7 +234,11 @@ void reply_pipe_write_and_X(struct smb_request *req)
data += 2;
numtowrite -= 2;
}
- nwritten = write_to_pipe(p, data, numtowrite);
+ status = np_write(fsp, data, numtowrite, &nwritten);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
}
if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) {
@@ -238,7 +251,8 @@ void reply_pipe_write_and_X(struct smb_request *req)
nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten);
SSVAL(req->outbuf,smb_vwv2,nwritten);
- DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten));
+ DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", fsp->fnum,
+ (int)nwritten));
chain_reply(req);
}
@@ -251,12 +265,13 @@ void reply_pipe_write_and_X(struct smb_request *req)
void reply_pipe_read_and_X(struct smb_request *req)
{
- smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2));
+ files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
int smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
int smb_mincnt = SVAL(req->inbuf,smb_vwv6);
- int nread = -1;
- char *data;
+ ssize_t nread;
+ uint8_t *data;
bool unused;
+ NTSTATUS status;
/* we don't use the offset given to use for pipe reads. This
is deliberate, instead we always return the next lump of
@@ -265,18 +280,23 @@ void reply_pipe_read_and_X(struct smb_request *req)
uint32 smb_offs = IVAL(req->inbuf,smb_vwv3);
#endif
- if (!p) {
+ if (!fsp_is_np(fsp)) {
reply_doserror(req, ERRDOS, ERRbadfid);
return;
}
+ if (fsp->vuid != req->vuid) {
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
+ return;
+ }
+
reply_outbuf(req, 12, smb_maxcnt);
- data = smb_buf(req->outbuf);
+ data = (uint8_t *)smb_buf(req->outbuf);
- nread = read_from_pipe(p, data, smb_maxcnt, &unused);
+ status = np_read(fsp, data, smb_maxcnt, &nread, &unused);
- if (nread < 0) {
+ if (!NT_STATUS_IS_OK(status)) {
reply_doserror(req, ERRDOS, ERRnoaccess);
return;
}
@@ -288,7 +308,7 @@ void reply_pipe_read_and_X(struct smb_request *req)
SSVAL(smb_buf(req->outbuf),-2,nread);
DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n",
- p->pnum, smb_mincnt, smb_maxcnt, nread));
+ fsp->fnum, smb_mincnt, smb_maxcnt, (int)nread));
chain_reply(req);
}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 0f38a4986f..368fc808e8 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4261,13 +4261,6 @@ void reply_close(struct smb_request *req)
return;
}
- /* If it's an IPC, pass off to the pipe handler. */
- if (IS_IPC(conn)) {
- reply_pipe_close(conn, req);
- END_PROFILE(SMBclose);
- return;
- }
-
fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
/*
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index a82c2920df..124171ae10 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3754,7 +3754,7 @@ static void call_trans2qpipeinfo(connection_struct *conn,
unsigned int data_size = 0;
unsigned int param_size = 2;
uint16 info_level;
- smb_np_struct *p_pipe = NULL;
+ files_struct *fsp;
if (!params) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -3766,8 +3766,8 @@ static void call_trans2qpipeinfo(connection_struct *conn,
return;
}
- p_pipe = get_rpc_pipe_p(SVAL(params,0));
- if (p_pipe == NULL) {
+ fsp = file_fsp(req, SVAL(params,0));
+ if (!fsp_is_np(fsp)) {
reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}