diff options
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/clitrans.c | 341 |
1 files changed, 0 insertions, 341 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index 4379e1480a..bd3fe2d813 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -351,347 +351,6 @@ bool cli_receive_trans(struct cli_state *cli,int trans, return ret; } -/**************************************************************************** - Send a SMB nttrans request. -****************************************************************************/ - -bool cli_send_nt_trans(struct cli_state *cli, - int function, - int flags, - uint16 *setup, unsigned int lsetup, unsigned int msetup, - char *param, unsigned int lparam, unsigned int mparam, - char *data, unsigned int ldata, unsigned int mdata) -{ - unsigned int i; - unsigned int this_ldata,this_lparam; - unsigned int tot_data=0,tot_param=0; - uint16 mid; - char *outdata,*outparam; - - this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */ - this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam)); - - memset(cli->outbuf,'\0',smb_size); - cli_set_message(cli->outbuf,19+lsetup,0,True); - SCVAL(cli->outbuf,smb_com,SMBnttrans); - SSVAL(cli->outbuf,smb_tid, cli->cnum); - cli_setup_packet(cli); - - /* - * Save the mid we're using. We need this for finding - * signing replies. - */ - - mid = cli->mid; - - outparam = smb_buf(cli->outbuf)+3; - outdata = outparam+this_lparam; - - /* primary request */ - SCVAL(cli->outbuf,smb_nt_MaxSetupCount,msetup); - SCVAL(cli->outbuf,smb_nt_Flags,flags); - SIVAL(cli->outbuf,smb_nt_TotalParameterCount, lparam); - SIVAL(cli->outbuf,smb_nt_TotalDataCount, ldata); - SIVAL(cli->outbuf,smb_nt_MaxParameterCount, mparam); - SIVAL(cli->outbuf,smb_nt_MaxDataCount, mdata); - SIVAL(cli->outbuf,smb_nt_ParameterCount, this_lparam); - SIVAL(cli->outbuf,smb_nt_ParameterOffset, smb_offset(outparam,cli->outbuf)); - SIVAL(cli->outbuf,smb_nt_DataCount, this_ldata); - SIVAL(cli->outbuf,smb_nt_DataOffset, smb_offset(outdata,cli->outbuf)); - SIVAL(cli->outbuf,smb_nt_SetupCount, lsetup); - SIVAL(cli->outbuf,smb_nt_Function, function); - for (i=0;i<lsetup;i++) /* setup[] */ - SSVAL(cli->outbuf,smb_nt_SetupStart+i*2,setup[i]); - - if (this_lparam) /* param[] */ - memcpy(outparam,param,this_lparam); - if (this_ldata) /* data[] */ - memcpy(outdata,data,this_ldata); - - cli_setup_bcc(cli, outdata+this_ldata); - - show_msg(cli->outbuf); - if (!cli_send_smb(cli)) { - return False; - } - - cli_state_seqnum_persistent(cli, mid); - - if (this_ldata < ldata || this_lparam < lparam) { - /* receive interim response */ - if (!cli_receive_smb(cli) || cli_is_error(cli)) { - cli_state_seqnum_remove(cli, mid); - return(False); - } - - tot_data = this_ldata; - tot_param = this_lparam; - - while (tot_data < ldata || tot_param < lparam) { - this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ - this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); - - cli_set_message(cli->outbuf,18,0,True); - SCVAL(cli->outbuf,smb_com,SMBnttranss); - - /* XXX - these should probably be aligned */ - outparam = smb_buf(cli->outbuf); - outdata = outparam+this_lparam; - - /* secondary request */ - SIVAL(cli->outbuf,smb_nts_TotalParameterCount,lparam); - SIVAL(cli->outbuf,smb_nts_TotalDataCount,ldata); - SIVAL(cli->outbuf,smb_nts_ParameterCount,this_lparam); - SIVAL(cli->outbuf,smb_nts_ParameterOffset,smb_offset(outparam,cli->outbuf)); - SIVAL(cli->outbuf,smb_nts_ParameterDisplacement,tot_param); - SIVAL(cli->outbuf,smb_nts_DataCount,this_ldata); - SIVAL(cli->outbuf,smb_nts_DataOffset,smb_offset(outdata,cli->outbuf)); - SIVAL(cli->outbuf,smb_nts_DataDisplacement,tot_data); - if (this_lparam) /* param[] */ - memcpy(outparam,param+tot_param,this_lparam); - if (this_ldata) /* data[] */ - memcpy(outdata,data+tot_data,this_ldata); - cli_setup_bcc(cli, outdata+this_ldata); - - show_msg(cli->outbuf); - - cli->mid = mid; - if (!cli_send_smb(cli)) { - cli_state_seqnum_remove(cli, mid); - return False; - } - - tot_data += this_ldata; - tot_param += this_lparam; - } - } - - return(True); -} - -/**************************************************************************** - Receive a SMB nttrans response allocating the necessary memory. -****************************************************************************/ - -bool cli_receive_nt_trans(struct cli_state *cli, - char **param, unsigned int *param_len, - char **data, unsigned int *data_len) -{ - unsigned int total_data=0; - unsigned int total_param=0; - unsigned int this_data,this_param; - uint8 eclass; - uint32 ecode; - bool ret = False; - uint16_t mid; - - *data_len = *param_len = 0; - - mid = SVAL(cli->outbuf,smb_mid); - - if (!cli_receive_smb(cli)) { - cli_state_seqnum_remove(cli, mid); - return False; - } - - show_msg(cli->inbuf); - - /* sanity check */ - if (CVAL(cli->inbuf,smb_com) != SMBnttrans) { - DEBUG(0,("Expected SMBnttrans response, got command 0x%02x\n", - CVAL(cli->inbuf,smb_com))); - cli_state_seqnum_remove(cli, mid); - return(False); - } - - /* - * An NT RPC pipe call can return ERRDOS, ERRmoredata - * to a trans call. This is not an error and should not - * be treated as such. - */ - if (cli_is_dos_error(cli)) { - cli_dos_error(cli, &eclass, &ecode); - if (!(eclass == ERRDOS && ecode == ERRmoredata)) { - goto out; - } - } - - /* - * Likewise for NT_STATUS_BUFFER_TOO_SMALL - */ - if (cli_is_nt_error(cli)) { - if (!NT_STATUS_EQUAL(cli_nt_error(cli), - NT_STATUS_BUFFER_TOO_SMALL)) { - goto out; - } - } - - /* parse out the lengths */ - total_data = IVAL(cli->inbuf,smb_ntr_TotalDataCount); - total_param = IVAL(cli->inbuf,smb_ntr_TotalParameterCount); - /* Only allow 16 megs. */ - if (total_param > 16*1024*1024) { - DEBUG(0,("cli_receive_nt_trans: param buffer too large %d\n", - total_param)); - goto out; - } - if (total_data > 16*1024*1024) { - DEBUG(0,("cli_receive_nt_trans: data buffer too large %d\n", - total_data)); - goto out; - } - - /* allocate it */ - if (total_data) { - /* We know adding 2 is safe as total_data is less - * than 16mb (above). */ - *data = (char *)SMB_REALLOC(*data,total_data+2); - if (!(*data)) { - DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data)); - goto out; - } - } - - if (total_param) { - /* We know adding 2 is safe as total_param is less - * than 16mb (above). */ - *param = (char *)SMB_REALLOC(*param,total_param+2); - if (!(*param)) { - DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param)); - goto out; - } - } - - while (1) { - this_data = SVAL(cli->inbuf,smb_ntr_DataCount); - this_param = SVAL(cli->inbuf,smb_ntr_ParameterCount); - - if (this_data + *data_len > total_data || - this_param + *param_len > total_param) { - DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - goto out; - } - - if (this_data + *data_len < this_data || - this_data + *data_len < *data_len || - this_param + *param_len < this_param || - this_param + *param_len < *param_len) { - DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - goto out; - } - - if (this_data) { - unsigned int data_offset_out = SVAL(cli->inbuf,smb_ntr_DataDisplacement); - unsigned int data_offset_in = SVAL(cli->inbuf,smb_ntr_DataOffset); - - if (data_offset_out > total_data || - data_offset_out + this_data > total_data || - data_offset_out + this_data < data_offset_out || - data_offset_out + this_data < this_data) { - DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - goto out; - } - if (data_offset_in > cli->bufsize || - data_offset_in + this_data > cli->bufsize || - data_offset_in + this_data < data_offset_in || - data_offset_in + this_data < this_data) { - DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - goto out; - } - - memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data); - } - - if (this_param) { - unsigned int param_offset_out = SVAL(cli->inbuf,smb_ntr_ParameterDisplacement); - unsigned int param_offset_in = SVAL(cli->inbuf,smb_ntr_ParameterOffset); - - if (param_offset_out > total_param || - param_offset_out + this_param > total_param || - param_offset_out + this_param < param_offset_out || - param_offset_out + this_param < this_param) { - DEBUG(1,("Param overflow in cli_receive_nt_trans\n")); - goto out; - } - if (param_offset_in > cli->bufsize || - param_offset_in + this_param > cli->bufsize || - param_offset_in + this_param < param_offset_in || - param_offset_in + this_param < this_param) { - DEBUG(1,("Param overflow in cli_receive_nt_trans\n")); - goto out; - } - - memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param); - } - - *data_len += this_data; - *param_len += this_param; - - if (total_data <= *data_len && total_param <= *param_len) { - ret = True; - break; - } - - if (!cli_receive_smb(cli)) { - goto out; - } - - show_msg(cli->inbuf); - - /* sanity check */ - if (CVAL(cli->inbuf,smb_com) != SMBnttrans) { - DEBUG(0,("Expected SMBnttrans response, got command 0x%02x\n", - CVAL(cli->inbuf,smb_com))); - goto out; - } - if (cli_is_dos_error(cli)) { - cli_dos_error(cli, &eclass, &ecode); - if(!(eclass == ERRDOS && ecode == ERRmoredata)) { - goto out; - } - } - /* - * Likewise for NT_STATUS_BUFFER_TOO_SMALL - */ - if (cli_is_nt_error(cli)) { - if (!NT_STATUS_EQUAL(cli_nt_error(cli), - NT_STATUS_BUFFER_TOO_SMALL)) { - goto out; - } - } - - /* parse out the total lengths again - they can shrink! */ - if (IVAL(cli->inbuf,smb_ntr_TotalDataCount) < total_data) - total_data = IVAL(cli->inbuf,smb_ntr_TotalDataCount); - if (IVAL(cli->inbuf,smb_ntr_TotalParameterCount) < total_param) - total_param = IVAL(cli->inbuf,smb_ntr_TotalParameterCount); - - if (total_data <= *data_len && total_param <= *param_len) { - ret = True; - break; - } - } - - out: - - cli_state_seqnum_remove(cli, mid); - - if (ret) { - /* Ensure the last 2 bytes of param and data are 2 null - * bytes. These are malloc'ed, but not included in any - * length counts. This allows cli_XX string reading functions - * to safely null terminate. */ - if (total_data) { - SSVAL(*data,total_data,0); - } - if (total_param) { - SSVAL(*param,total_param,0); - } - } - - return ret; -} - struct trans_recvblob { uint8_t *data; uint32_t max, total, received; |