summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h14
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c87
-rw-r--r--source3/smbd/ipc.c13
-rw-r--r--source3/smbd/nttrans.c2
-rw-r--r--source3/smbd/pipes.c54
5 files changed, 99 insertions, 71 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 71ad259085..e3d93494ff 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6226,11 +6226,13 @@ pipes_struct *get_next_internal_pipe(pipes_struct *p);
void init_rpc_pipe_hnd(void);
bool fsp_is_np(struct files_struct *fsp);
-NTSTATUS np_open(struct smb_request *smb_req, const char *name,
- struct files_struct **pfsp);
-NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len,
- ssize_t *nwritten);
-NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len,
+NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name,
+ const char *client_address,
+ struct auth_serversupplied_info *server_info,
+ struct fake_file_handle **phandle);
+NTSTATUS np_write(struct fake_file_handle *handle, const uint8_t *data,
+ size_t len, ssize_t *nwritten);
+NTSTATUS np_read(struct fake_file_handle *handle, uint8_t *data, size_t len,
ssize_t *nread, bool *is_data_outstanding);
/* The following definitions come from rpc_server/srv_samr_util.c */
@@ -7068,6 +7070,8 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password,
/* The following definitions come from smbd/pipes.c */
+NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
+ struct files_struct **pfsp);
void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req);
void reply_pipe_write(struct smb_request *req);
void reply_pipe_write_and_X(struct smb_request *req);
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index e574f0387d..cbb6a8f4bf 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -1075,92 +1075,69 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
return NULL;
}
-NTSTATUS np_open(struct smb_request *smb_req, const char *name,
- struct files_struct **pfsp)
+NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name,
+ const char *client_address,
+ struct auth_serversupplied_info *server_info,
+ struct fake_file_handle **phandle)
{
- struct connection_struct *conn = smb_req->conn;
- NTSTATUS status;
- struct files_struct *fsp;
const char **proxy_list;
+ struct fake_file_handle *handle;
- proxy_list = lp_parm_string_list(SNUM(conn), "np", "proxy", NULL);
-
- status = file_new(smb_req, conn, &fsp);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("file_new failed: %s\n", nt_errstr(status)));
- return status;
- }
-
- fsp->conn = conn;
- fsp->fh->fd = -1;
- fsp->vuid = smb_req->vuid;
- fsp->can_lock = false;
- fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
- string_set(&fsp->fsp_name, name);
+ proxy_list = lp_parm_string_list(-1, "np", "proxy", NULL);
- fsp->fake_file_handle = talloc(NULL, struct fake_file_handle);
- if (fsp->fake_file_handle == NULL) {
- file_free(smb_req, fsp);
+ handle = talloc(mem_ctx, struct fake_file_handle);
+ if (handle == NULL) {
return NT_STATUS_NO_MEMORY;
}
if ((proxy_list != NULL) && str_list_check_ci(proxy_list, name)) {
struct np_proxy_state *p;
- p = make_external_rpc_pipe_p(fsp->fake_file_handle, name,
- conn->server_info);
+ p = make_external_rpc_pipe_p(handle, name, server_info);
- fsp->fake_file_handle->type = FAKE_FILE_TYPE_NAMED_PIPE_PROXY;
- fsp->fake_file_handle->private_data = p;
+ handle->type = FAKE_FILE_TYPE_NAMED_PIPE_PROXY;
+ handle->private_data = p;
} else {
struct pipes_struct *p;
if (!is_known_pipename(name)) {
- file_free(smb_req, fsp);
+ TALLOC_FREE(handle);
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- p = make_internal_rpc_pipe_p(fsp->fake_file_handle, name,
- conn->client_address,
- conn->server_info);
+ p = make_internal_rpc_pipe_p(handle, name, client_address,
+ server_info);
- fsp->fake_file_handle->type = FAKE_FILE_TYPE_NAMED_PIPE;
- fsp->fake_file_handle->private_data = p;
+ handle->type = FAKE_FILE_TYPE_NAMED_PIPE;
+ handle->private_data = p;
}
- if (fsp->fake_file_handle->private_data == NULL) {
- file_free(smb_req, fsp);
+ if (handle->private_data == NULL) {
+ TALLOC_FREE(handle);
return NT_STATUS_PIPE_NOT_AVAILABLE;
}
- *pfsp = fsp;
+ *phandle = handle;
return NT_STATUS_OK;
}
-NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len,
- ssize_t *nwritten)
+NTSTATUS np_write(struct fake_file_handle *handle, const uint8_t *data,
+ size_t len, ssize_t *nwritten)
{
- if (!fsp_is_np(fsp)) {
- return NT_STATUS_INVALID_HANDLE;
- }
-
- DEBUG(6, ("np_write: %x name: %s len: %d\n", (int)fsp->fnum,
- fsp->fsp_name, (int)len));
+ DEBUG(6, ("np_write: len: %d\n", (int)len));
dump_data(50, data, len);
- switch (fsp->fake_file_handle->type) {
+ switch (handle->type) {
case FAKE_FILE_TYPE_NAMED_PIPE: {
struct pipes_struct *p = talloc_get_type_abort(
- fsp->fake_file_handle->private_data,
- struct pipes_struct);
+ handle->private_data, struct pipes_struct);
*nwritten = write_to_internal_pipe(p, (char *)data, len);
break;
}
case FAKE_FILE_TYPE_NAMED_PIPE_PROXY: {
struct np_proxy_state *p = talloc_get_type_abort(
- fsp->fake_file_handle->private_data,
- struct np_proxy_state);
+ handle->private_data, struct np_proxy_state);
*nwritten = write_data(p->fd, (char *)data, len);
break;
}
@@ -1173,26 +1150,20 @@ NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len,
? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;
}
-NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len,
+NTSTATUS np_read(struct fake_file_handle *handle, uint8_t *data, size_t len,
ssize_t *nread, bool *is_data_outstanding)
{
- if (!fsp_is_np(fsp)) {
- return NT_STATUS_INVALID_HANDLE;
- }
-
- switch (fsp->fake_file_handle->type) {
+ switch (handle->type) {
case FAKE_FILE_TYPE_NAMED_PIPE: {
struct pipes_struct *p = talloc_get_type_abort(
- fsp->fake_file_handle->private_data,
- struct pipes_struct);
+ handle->private_data, struct pipes_struct);
*nread = read_from_internal_pipe(p, (char *)data, len,
is_data_outstanding);
break;
}
case FAKE_FILE_TYPE_NAMED_PIPE_PROXY: {
struct np_proxy_state *p = talloc_get_type_abort(
- fsp->fake_file_handle->private_data,
- struct np_proxy_state);
+ handle->private_data, struct np_proxy_state);
int available = 0;
*nread = sys_read(p->fd, (char *)data, len);
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index fabc8393ce..7c150561b1 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -220,8 +220,14 @@ static void api_rpc_trans_reply(connection_struct *conn,
return;
}
- status = np_read(fsp, rdata, max_trans_reply, &data_len,
- &is_data_outstanding);
+ if (!fsp_is_np(fsp)) {
+ SAFE_FREE(rdata);
+ api_no_reply(conn,req);
+ return;
+ }
+
+ status = np_read(fsp->fake_file_handle, rdata, max_trans_reply,
+ &data_len, &is_data_outstanding);
if (!NT_STATUS_IS_OK(status)) {
SAFE_FREE(rdata);
api_no_reply(conn,req);
@@ -355,7 +361,8 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid,
case TRANSACT_DCERPCCMD: {
/* dce/rpc command */
ssize_t nwritten;
- status = np_write(fsp, data, tdscnt, &nwritten);
+ status = np_write(fsp->fake_file_handle, data, tdscnt,
+ &nwritten);
if (!NT_STATUS_IS_OK(status)) {
api_no_reply(conn, req);
return;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 63b4776fbc..1ee3edbdbe 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -316,7 +316,7 @@ static void nt_open_pipe(char *fname, connection_struct *conn,
/* Strip \\ off the name. */
fname++;
- status = np_open(req, fname, &fsp);
+ status = open_np_file(req, fname, &fsp);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 4841882cc3..b148cff045 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -32,6 +32,40 @@
#define MAX_PIPE_NAME_LEN 24
+NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
+ struct files_struct **pfsp)
+{
+ struct connection_struct *conn = smb_req->conn;
+ struct files_struct *fsp;
+ NTSTATUS status;
+
+ status = file_new(smb_req, conn, &fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("file_new failed: %s\n", nt_errstr(status)));
+ return status;
+ }
+
+ fsp->conn = conn;
+ fsp->fh->fd = -1;
+ fsp->vuid = smb_req->vuid;
+ fsp->can_lock = false;
+ fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
+ string_set(&fsp->fsp_name, name);
+
+ status = np_open(NULL, name, conn->client_address,
+ conn->server_info, &fsp->fake_file_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("np_open(%s) returned %s\n", name,
+ nt_errstr(status)));
+ file_free(smb_req, fsp);
+ return status;
+ }
+
+ *pfsp = fsp;
+
+ return NT_STATUS_OK;
+}
+
/****************************************************************************
Reply to an open and X on a named pipe.
This code is basically stolen from reply_open_and_X with some
@@ -77,7 +111,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
}
#endif
- status = np_open(req, fname, &fsp);
+ status = open_np_file(req, fname, &fsp);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
@@ -133,7 +167,14 @@ void reply_pipe_write(struct smb_request *req)
nwritten = 0;
} else {
NTSTATUS status;
- status = np_write(fsp, data, numtowrite, &nwritten);
+ if (!fsp_is_np(fsp)) {
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
+ return;
+ }
+ DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n",
+ (int)fsp->fnum, fsp->fsp_name, (int)numtowrite));
+ status = np_write(fsp->fake_file_handle, data, numtowrite,
+ &nwritten);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
@@ -183,6 +224,9 @@ void reply_pipe_write_and_X(struct smb_request *req)
return;
}
+ DEBUG(6, ("reply_pipe_write_and_X: %x name: %s len: %d\n",
+ (int)fsp->fnum, fsp->fsp_name, (int)numtowrite));
+
data = (uint8_t *)smb_base(req->inbuf) + smb_doff;
if (numtowrite == 0) {
@@ -208,7 +252,8 @@ void reply_pipe_write_and_X(struct smb_request *req)
data += 2;
numtowrite -= 2;
}
- status = np_write(fsp, data, numtowrite, &nwritten);
+ status = np_write(fsp->fake_file_handle, data, numtowrite,
+ &nwritten);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
@@ -268,7 +313,8 @@ void reply_pipe_read_and_X(struct smb_request *req)
data = (uint8_t *)smb_buf(req->outbuf);
- status = np_read(fsp, data, smb_maxcnt, &nread, &unused);
+ status = np_read(fsp->fake_file_handle, data, smb_maxcnt, &nread,
+ &unused);
if (!NT_STATUS_IS_OK(status)) {
reply_doserror(req, ERRDOS, ERRnoaccess);