diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/aio.c | 24 | ||||
-rw-r--r-- | source3/smbd/blocking.c | 2 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 66 | ||||
-rw-r--r-- | source3/smbd/lanman.c | 2 | ||||
-rw-r--r-- | source3/smbd/mangle.c | 2 | ||||
-rw-r--r-- | source3/smbd/message.c | 26 | ||||
-rw-r--r-- | source3/smbd/negprot.c | 12 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 86 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 24 | ||||
-rw-r--r-- | source3/smbd/process.c | 8 | ||||
-rw-r--r-- | source3/smbd/reply.c | 419 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 59 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 58 |
13 files changed, 359 insertions, 429 deletions
diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index c3fd0a2bc0..4ed574cec7 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -221,6 +221,7 @@ bool schedule_aio_read_and_X(connection_struct *conn, SMB_STRUCT_AIOCB *a; size_t bufsize; size_t min_aio_read_size = lp_aio_read_size(SNUM(conn)); + int ret; if (fsp->base_fsp != NULL) { /* No AIO on streams yet */ @@ -240,7 +241,7 @@ bool schedule_aio_read_and_X(connection_struct *conn, /* Only do this on non-chained and non-chaining reads not using the * write cache. */ - if (chain_size !=0 || (CVAL(req->inbuf,smb_vwv0) != 0xFF) + if (chain_size !=0 || (CVAL(req->vwv+0, 0) != 0xFF) || (lp_write_cache_size(SNUM(conn)) != 0) ) { return False; } @@ -279,14 +280,15 @@ bool schedule_aio_read_and_X(connection_struct *conn, a->aio_sigevent.sigev_value.sival_int = aio_ex->mid; become_root(); - if (SMB_VFS_AIO_READ(fsp,a) == -1) { + ret = SMB_VFS_AIO_READ(fsp, a); + unbecome_root(); + + if (ret == -1) { DEBUG(0,("schedule_aio_read_and_X: aio_read failed. " "Error %s\n", strerror(errno) )); delete_aio_ex(aio_ex); - unbecome_root(); return False; } - unbecome_root(); DEBUG(10,("schedule_aio_read_and_X: scheduled aio_read for file %s, " "offset %.0f, len = %u (mid = %u)\n", @@ -311,8 +313,9 @@ bool schedule_aio_write_and_X(connection_struct *conn, struct aio_extra *aio_ex; SMB_STRUCT_AIOCB *a; size_t inbufsize, outbufsize; - bool write_through = BITSETW(req->inbuf+smb_vwv7,0); + bool write_through = BITSETW(req->vwv+7,0); size_t min_aio_write_size = lp_aio_write_size(SNUM(conn)); + int ret; if (fsp->base_fsp != NULL) { /* No AIO on streams yet */ @@ -332,7 +335,7 @@ bool schedule_aio_write_and_X(connection_struct *conn, /* Only do this on non-chained and non-chaining reads not using the * write cache. */ - if (chain_size !=0 || (CVAL(req->inbuf,smb_vwv0) != 0xFF) + if (chain_size !=0 || (CVAL(req->vwv+0, 0) != 0xFF) || (lp_write_cache_size(SNUM(conn)) != 0) ) { return False; } @@ -380,15 +383,16 @@ bool schedule_aio_write_and_X(connection_struct *conn, a->aio_sigevent.sigev_value.sival_int = aio_ex->mid; become_root(); - if (SMB_VFS_AIO_WRITE(fsp,a) == -1) { + ret = SMB_VFS_AIO_WRITE(fsp, a); + unbecome_root(); + + if (ret == -1) { DEBUG(3,("schedule_aio_wrote_and_X: aio_write failed. " "Error %s\n", strerror(errno) )); delete_aio_ex(aio_ex); - unbecome_root(); return False; } - unbecome_root(); - + release_level_2_oplocks_on_change(fsp); if (!write_through && !lp_syncalways(SNUM(fsp->conn)) diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 14ce237ab8..a232249c8b 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -190,7 +190,7 @@ bool push_blocking_lock_request( struct byte_range_lock *br_lck, return False; } - blr->com_type = CVAL(req->inbuf,smb_com); + blr->com_type = req->cmd; blr->fsp = fsp; if (lock_timeout == -1) { blr->expire_time.tv_sec = 0; diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index d11c8c7cd5..b9460e5211 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -81,7 +81,8 @@ static void copy_trans_params_and_data(char *outbuf, int align, Send a trans reply. ****************************************************************************/ -void send_trans_reply(connection_struct *conn, const uint8_t *inbuf, +void send_trans_reply(connection_struct *conn, + struct smb_request *req, char *rparam, int rparam_len, char *rdata, int rdata_len, bool buffer_too_large) @@ -103,7 +104,7 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf, align = ((this_lparam)%4); - if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf, + if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf, 10, 1+align+this_ldata+this_lparam)) { smb_panic("could not allocate outbuf"); } @@ -154,7 +155,7 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf, align = (this_lparam%4); - if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf, + if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf, 10, 1+align+this_ldata+this_lparam)) { smb_panic("could not allocate outbuf"); } @@ -218,7 +219,7 @@ static void api_rpc_trans_reply(connection_struct *conn, return; } - send_trans_reply(conn, req->inbuf, NULL, 0, (char *)rdata, data_len, + send_trans_reply(conn, req, NULL, 0, (char *)rdata, data_len, is_data_outstanding); SAFE_FREE(rdata); return; @@ -239,7 +240,7 @@ static void api_WNPHS(connection_struct *conn, struct smb_request *req, DEBUG(4,("WaitNamedPipeHandleState priority %x\n", (int)SVAL(param,0))); - send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req, NULL, 0, NULL, 0, False); } @@ -257,7 +258,7 @@ static void api_SNPHS(connection_struct *conn, struct smb_request *req, DEBUG(4,("SetNamedPipeHandleState to code %x\n", (int)SVAL(param,0))); - send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req, NULL, 0, NULL, 0, False); } @@ -276,7 +277,7 @@ static void api_no_reply(connection_struct *conn, struct smb_request *req) DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply(conn, req->inbuf, rparam, 4, NULL, 0, False); + send_trans_reply(conn, req, rparam, 4, NULL, 0, False); return; } @@ -320,8 +321,7 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); - send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, - False); + send_trans_reply(conn, req, NULL, 0, NULL, 0, False); return; } @@ -506,10 +506,10 @@ void reply_trans(struct smb_request *req) size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); - dsoff = SVAL(req->inbuf, smb_dsoff); - dscnt = SVAL(req->inbuf, smb_dscnt); - psoff = SVAL(req->inbuf, smb_psoff); - pscnt = SVAL(req->inbuf, smb_pscnt); + dsoff = SVAL(req->vwv+12, 0); + dscnt = SVAL(req->vwv+11, 0); + psoff = SVAL(req->vwv+10, 0); + pscnt = SVAL(req->vwv+9, 0); result = allow_new_trans(conn->pending_trans, req->mid); if (!NT_STATUS_IS_OK(result)) { @@ -531,20 +531,20 @@ void reply_trans(struct smb_request *req) state->mid = req->mid; state->vuid = req->vuid; - state->setup_count = CVAL(req->inbuf, smb_suwcnt); + state->setup_count = CVAL(req->vwv+13, 0); state->setup = NULL; - state->total_param = SVAL(req->inbuf, smb_tpscnt); + state->total_param = SVAL(req->vwv+0, 0); state->param = NULL; - state->total_data = SVAL(req->inbuf, smb_tdscnt); + state->total_data = SVAL(req->vwv+1, 0); state->data = NULL; - state->max_param_return = SVAL(req->inbuf, smb_mprcnt); - state->max_data_return = SVAL(req->inbuf, smb_mdrcnt); - state->max_setup_return = CVAL(req->inbuf, smb_msrcnt); - state->close_on_completion = BITSETW(req->inbuf+smb_vwv5,0); - state->one_way = BITSETW(req->inbuf+smb_vwv5,1); + state->max_param_return = SVAL(req->vwv+2, 0); + state->max_data_return = SVAL(req->vwv+3, 0); + state->max_setup_return = CVAL(req->vwv+4, 0); + state->close_on_completion = BITSETW(req->vwv+5, 0); + state->one_way = BITSETW(req->vwv+5, 1); - srvstr_pull_buf_talloc(state, req->inbuf, req->flags2, &state->name, - req->buf, STR_TERMINATE); + srvstr_pull_req_talloc(state, req, &state->name, req->buf, + STR_TERMINATE); if ((dscnt > state->total_data) || (pscnt > state->total_param) || !state->name) @@ -710,20 +710,20 @@ void reply_transs(struct smb_request *req) /* Revise total_params and total_data in case they have changed * downwards */ - if (SVAL(req->inbuf, smb_vwv0) < state->total_param) - state->total_param = SVAL(req->inbuf,smb_vwv0); - if (SVAL(req->inbuf, smb_vwv1) < state->total_data) - state->total_data = SVAL(req->inbuf,smb_vwv1); + if (SVAL(req->vwv+0, 0) < state->total_param) + state->total_param = SVAL(req->vwv+0, 0); + if (SVAL(req->vwv+1, 0) < state->total_data) + state->total_data = SVAL(req->vwv+1, 0); av_size = smb_len(req->inbuf); - pcnt = SVAL(req->inbuf, smb_spscnt); - poff = SVAL(req->inbuf, smb_spsoff); - pdisp = SVAL(req->inbuf, smb_spsdisp); + pcnt = SVAL(req->vwv+2, 0); + poff = SVAL(req->vwv+3, 0); + pdisp = SVAL(req->vwv+4, 0); - dcnt = SVAL(req->inbuf, smb_sdscnt); - doff = SVAL(req->inbuf, smb_sdsoff); - ddisp = SVAL(req->inbuf, smb_sdsdisp); + dcnt = SVAL(req->vwv+5, 0); + doff = SVAL(req->vwv+6, 0); + ddisp = SVAL(req->vwv+7, 0); state->received_param += pcnt; state->received_data += dcnt; diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 0c866da706..6ed3ce2c87 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -4632,7 +4632,7 @@ void api_reply(connection_struct *conn, uint16 vuid, /* If api_Unsupported returns false we can't return anything. */ if (reply) { - send_trans_reply(conn, req->inbuf, rparam, rparam_len, + send_trans_reply(conn, req, rparam, rparam_len, rdata, rdata_len, False); } diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c index 360692c546..4d4d0dc5af 100644 --- a/source3/smbd/mangle.c +++ b/source3/smbd/mangle.c @@ -140,7 +140,7 @@ bool name_to_8_3(const char *in, /* name mangling can be disabled for speed, in which case we just truncate the string */ if (!lp_manglednames(p)) { - safe_strcpy(out,in,12); + strlcpy(out, in, 13); return True; } diff --git a/source3/smbd/message.c b/source3/smbd/message.c index 6977b586df..65eaeca777 100644 --- a/source3/smbd/message.c +++ b/source3/smbd/message.c @@ -154,17 +154,15 @@ void reply_sends(struct smb_request *req) state = talloc(talloc_tos(), struct msg_state); p = (const char *)req->buf + 1; - p += srvstr_pull_buf_talloc( - state, (char *)req->inbuf, req->flags2, &state->from, p, - STR_ASCII|STR_TERMINATE) + 1; - p += srvstr_pull_buf_talloc( - state, (char *)req->inbuf, req->flags2, &state->to, p, - STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_req_talloc( + state, req, &state->from, p, STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_req_talloc( + state, req, &state->to, p, STR_ASCII|STR_TERMINATE) + 1; msg = p; len = SVAL(msg,0); - len = MIN(len, smb_bufrem(req->inbuf, msg+2)); + len = MIN(len, smbreq_bufrem(req, msg+2)); state->msg = talloc_array(state, char, len); @@ -212,12 +210,12 @@ void reply_sendstrt(struct smb_request *req) } p = (const char *)req->buf+1; - p += srvstr_pull_buf_talloc( - smbd_msg_state, (char *)req->inbuf, req->flags2, - &smbd_msg_state->from, p, STR_ASCII|STR_TERMINATE) + 1; - p += srvstr_pull_buf_talloc( - smbd_msg_state, (char *)req->inbuf, req->flags2, - &smbd_msg_state->to, p, STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_req_talloc( + smbd_msg_state, req, &smbd_msg_state->from, p, + STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_req_talloc( + smbd_msg_state, req, &smbd_msg_state->to, p, + STR_ASCII|STR_TERMINATE) + 1; DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", smbd_msg_state->from, smbd_msg_state->to ) ); @@ -258,7 +256,7 @@ void reply_sendtxt(struct smb_request *req) old_len = talloc_get_size(smbd_msg_state->msg); - len = MIN(SVAL(msg, 0), smb_bufrem(req->inbuf, msg+2)); + len = MIN(SVAL(msg, 0), smbreq_bufrem(req, msg+2)); tmp = TALLOC_REALLOC_ARRAY(smbd_msg_state, smbd_msg_state->msg, char, old_len + len); diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 1fe0193e00..43fdc1d608 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -507,7 +507,6 @@ static const struct { void reply_negprot(struct smb_request *req) { - size_t size = smb_len(req->inbuf) + 4; int choice= -1; int protocol; const char *p; @@ -527,7 +526,14 @@ void reply_negprot(struct smb_request *req) } done_negprot = True; - if (req->inbuf[size-1] != '\0') { + if (req->buflen == 0) { + DEBUG(0, ("negprot got no protocols\n")); + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + END_PROFILE(SMBnegprot); + return; + } + + if (req->buf[req->buflen-1] != '\0') { DEBUG(0, ("negprot protocols not 0-terminated\n")); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBnegprot); @@ -539,7 +545,7 @@ void reply_negprot(struct smb_request *req) num_cliprotos = 0; cliprotos = NULL; - while (smb_bufrem(req->inbuf, p) > 0) { + while (smbreq_bufrem(req, p) > 0) { char **tmp; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index dace8f6d8c..f711b588c5 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -304,11 +304,10 @@ static void do_ntcreate_pipe_open(connection_struct *conn, char *fname = NULL; int pnum = -1; char *p = NULL; - uint32 flags = IVAL(req->inbuf,smb_ntcreate_Flags); + uint32 flags = IVAL(req->vwv+3, 1); TALLOC_CTX *ctx = talloc_tos(); - srvstr_pull_buf_talloc(ctx, (char *)req->inbuf, req->flags2, &fname, - req->buf, STR_TERMINATE); + srvstr_pull_req_talloc(ctx, req, &fname, req->buf, STR_TERMINATE); if (!fname) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, @@ -408,24 +407,21 @@ void reply_ntcreate_and_X(struct smb_request *req) return; } - flags = IVAL(req->inbuf,smb_ntcreate_Flags); - access_mask = IVAL(req->inbuf,smb_ntcreate_DesiredAccess); - file_attributes = IVAL(req->inbuf,smb_ntcreate_FileAttributes); - share_access = IVAL(req->inbuf,smb_ntcreate_ShareAccess); - create_disposition = IVAL(req->inbuf,smb_ntcreate_CreateDisposition); - create_options = IVAL(req->inbuf,smb_ntcreate_CreateOptions); - root_dir_fid = (uint16)IVAL(req->inbuf,smb_ntcreate_RootDirectoryFid); + flags = IVAL(req->vwv+3, 1); + access_mask = IVAL(req->vwv+7, 1); + file_attributes = IVAL(req->vwv+13, 1); + share_access = IVAL(req->vwv+15, 1); + create_disposition = IVAL(req->vwv+17, 1); + create_options = IVAL(req->vwv+19, 1); + root_dir_fid = (uint16)IVAL(req->vwv+5, 1); - allocation_size = (uint64_t)IVAL(req->inbuf, - smb_ntcreate_AllocationSize); + allocation_size = (uint64_t)IVAL(req->vwv+9, 1); #ifdef LARGE_SMB_OFF_T - allocation_size |= (((uint64_t)IVAL( - req->inbuf, - smb_ntcreate_AllocationSize + 4)) << 32); + allocation_size |= (((uint64_t)IVAL(req->vwv+11, 1)) << 32); #endif - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - (const char *)req->buf, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); @@ -1244,13 +1240,12 @@ void reply_ntrename(struct smb_request *req) return; } - attrs = SVAL(req->inbuf,smb_vwv0); - rename_type = SVAL(req->inbuf,smb_vwv1); + attrs = SVAL(req->vwv+0, 0); + rename_type = SVAL(req->vwv+1, 0); p = (const char *)req->buf + 1; - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &oldname, p, - 0, STR_TERMINATE, &status, - &src_has_wcard); + p += srvstr_get_path_req_wcard(ctx, req, &oldname, p, STR_TERMINATE, + &status, &src_has_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBntrename); @@ -1271,9 +1266,8 @@ void reply_ntrename(struct smb_request *req) } p++; - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p, - 0, STR_TERMINATE, &status, - &dest_has_wcard); + p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE, + &status, &dest_has_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBntrename); @@ -2538,11 +2532,11 @@ void reply_nttrans(struct smb_request *req) size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); - pscnt = IVAL(req->inbuf,smb_nt_ParameterCount); - psoff = IVAL(req->inbuf,smb_nt_ParameterOffset); - dscnt = IVAL(req->inbuf,smb_nt_DataCount); - dsoff = IVAL(req->inbuf,smb_nt_DataOffset); - function_code = SVAL(req->inbuf, smb_nt_Function); + pscnt = IVAL(req->vwv+9, 1); + psoff = IVAL(req->vwv+11, 1); + dscnt = IVAL(req->vwv+13, 1); + dsoff = IVAL(req->vwv+15, 1); + function_code = SVAL(req->vwv+18, 0); if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) { reply_doserror(req, ERRSRV, ERRaccess); @@ -2568,15 +2562,15 @@ void reply_nttrans(struct smb_request *req) state->mid = req->mid; state->vuid = req->vuid; - state->total_data = IVAL(req->inbuf, smb_nt_TotalDataCount); + state->total_data = IVAL(req->vwv+3, 1); state->data = NULL; - state->total_param = IVAL(req->inbuf, smb_nt_TotalParameterCount); + state->total_param = IVAL(req->vwv+1, 1); state->param = NULL; - state->max_data_return = IVAL(req->inbuf,smb_nt_MaxDataCount); - state->max_param_return = IVAL(req->inbuf,smb_nt_MaxParameterCount); + state->max_data_return = IVAL(req->vwv+7, 1); + state->max_param_return = IVAL(req->vwv+5, 1); /* setup count is in *words* */ - state->setup_count = 2*CVAL(req->inbuf,smb_nt_SetupCount); + state->setup_count = 2*CVAL(req->vwv+17, 1); state->setup = NULL; state->call = function_code; @@ -2763,25 +2757,23 @@ void reply_nttranss(struct smb_request *req) /* Revise state->total_param and state->total_data in case they have changed downwards */ - if (IVAL(req->inbuf, smb_nts_TotalParameterCount) - < state->total_param) { - state->total_param = IVAL(req->inbuf, - smb_nts_TotalParameterCount); + if (IVAL(req->vwv+1, 1) < state->total_param) { + state->total_param = IVAL(req->vwv+1, 1); } - if (IVAL(req->inbuf, smb_nts_TotalDataCount) < state->total_data) { - state->total_data = IVAL(req->inbuf, smb_nts_TotalDataCount); + if (IVAL(req->vwv+3, 1) < state->total_data) { + state->total_data = IVAL(req->vwv+3, 1); } size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); - pcnt = IVAL(req->inbuf,smb_nts_ParameterCount); - poff = IVAL(req->inbuf, smb_nts_ParameterOffset); - pdisp = IVAL(req->inbuf, smb_nts_ParameterDisplacement); + pcnt = IVAL(req->vwv+5, 1); + poff = IVAL(req->vwv+7, 1); + pdisp = IVAL(req->vwv+9, 1); - dcnt = IVAL(req->inbuf, smb_nts_DataCount); - ddisp = IVAL(req->inbuf, smb_nts_DataDisplacement); - doff = IVAL(req->inbuf, smb_nts_DataOffset); + dcnt = IVAL(req->vwv+11, 1); + doff = IVAL(req->vwv+13, 1); + ddisp = IVAL(req->vwv+15, 1); state->received_param += pcnt; state->received_data += dcnt; diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 2ce60c762e..b52b1b02d0 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -48,8 +48,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) NTSTATUS status; /* XXXX we need to handle passed times, sattr and flags */ - srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &pipe_name, - req->buf, STR_TERMINATE); + srvstr_pull_req_talloc(ctx, req, &pipe_name, req->buf, STR_TERMINATE); if (!pipe_name) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, ERRDOS, ERRbadpipe); @@ -119,8 +118,8 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) void reply_pipe_write(struct smb_request *req) { - files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); - size_t numtowrite = SVAL(req->inbuf,smb_vwv1); + files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0)); + size_t numtowrite = SVAL(req->vwv+1, 0); ssize_t nwritten; const uint8_t *data; @@ -171,13 +170,12 @@ void reply_pipe_write(struct smb_request *req) void reply_pipe_write_and_X(struct smb_request *req) { - files_struct *fsp = file_fsp(req, SVAL(req->inbuf, smb_vwv2)); - size_t numtowrite = SVAL(req->inbuf,smb_vwv10); + files_struct *fsp = file_fsp(req, SVAL(req->vwv+2, 0)); + size_t numtowrite = SVAL(req->vwv+10, 0); ssize_t nwritten; - int smb_doff = SVAL(req->inbuf, smb_vwv11); + int smb_doff = SVAL(req->vwv+11, 0); bool pipe_start_message_raw = - ((SVAL(req->inbuf, smb_vwv7) - & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) + ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) == (PIPE_START_MESSAGE|PIPE_RAW_MODE)); uint8_t *data; @@ -247,9 +245,9 @@ void reply_pipe_write_and_X(struct smb_request *req) void reply_pipe_read_and_X(struct smb_request *req) { - files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); - int smb_maxcnt = SVAL(req->inbuf,smb_vwv5); - int smb_mincnt = SVAL(req->inbuf,smb_vwv6); + files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0)); + int smb_maxcnt = SVAL(req->vwv+5, 0); + int smb_mincnt = SVAL(req->vwv+6, 0); ssize_t nread; uint8_t *data; bool unused; @@ -259,7 +257,7 @@ void reply_pipe_read_and_X(struct smb_request *req) is deliberate, instead we always return the next lump of data on the pipe */ #if 0 - uint32 smb_offs = IVAL(req->inbuf,smb_vwv3); + uint32 smb_offs = IVAL(req->vwv+3, 0); #endif if (!fsp_is_np(fsp)) { diff --git a/source3/smbd/process.c b/source3/smbd/process.c index bd665f3868..215ae20077 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -369,12 +369,14 @@ void init_smb_request(struct smb_request *req, (unsigned int)req_size )); exit_server_cleanly("Invalid SMB request"); } + req->cmd = CVAL(inbuf, smb_com); req->flags2 = SVAL(inbuf, smb_flg2); req->smbpid = SVAL(inbuf, smb_pid); req->mid = SVAL(inbuf, smb_mid); req->vuid = SVAL(inbuf, smb_uid); req->tid = SVAL(inbuf, smb_tid); req->wct = CVAL(inbuf, smb_wct); + req->vwv = (uint16_t *)(inbuf+smb_vwv); req->buflen = smb_buflen(inbuf); req->buf = (const uint8_t *)smb_buf(inbuf); req->unread_bytes = unread_bytes; @@ -1450,8 +1452,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in /* encrypted required from now on. */ conn->encrypt_level = Required; } else if (ENCRYPTION_REQUIRED(conn)) { - uint8 com = CVAL(req->inbuf,smb_com); - if (com != SMBtrans2 && com != SMBtranss2) { + if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) { exit_server_cleanly("encryption required " "on connection"); return conn; @@ -1486,7 +1487,6 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted) { - uint8 type = CVAL(inbuf,smb_com); connection_struct *conn; struct smb_request *req; @@ -1497,7 +1497,7 @@ static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool enc } init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted); - conn = switch_message(type, req, size); + conn = switch_message(req->cmd, req, size); if (req->unread_bytes) { /* writeX failed. drain socket. */ diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index a9c489cef4..7b5ed8feb4 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -208,7 +208,7 @@ NTSTATUS check_path_syntax_posix(char *path) ****************************************************************************/ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx, - const char *inbuf, + const char *base_ptr, uint16 smb_flags2, char **pp_dest, const char *src, @@ -221,22 +221,8 @@ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx, *pp_dest = NULL; - if (src_len == 0) { - ret = srvstr_pull_buf_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - flags); - } else { - ret = srvstr_pull_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - src_len, - flags); - } + ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src, + src_len, flags); if (!*pp_dest) { *err = NT_STATUS_INVALID_PARAMETER; @@ -268,7 +254,7 @@ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx, ****************************************************************************/ size_t srvstr_get_path(TALLOC_CTX *ctx, - const char *inbuf, + const char *base_ptr, uint16 smb_flags2, char **pp_dest, const char *src, @@ -276,48 +262,27 @@ size_t srvstr_get_path(TALLOC_CTX *ctx, int flags, NTSTATUS *err) { - size_t ret; - - *pp_dest = NULL; - - if (src_len == 0) { - ret = srvstr_pull_buf_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - flags); - } else { - ret = srvstr_pull_talloc(ctx, - inbuf, - smb_flags2, - pp_dest, - src, - src_len, - flags); - } - - if (!*pp_dest) { - *err = NT_STATUS_INVALID_PARAMETER; - return ret; - } - - if (smb_flags2 & FLAGS2_DFS_PATHNAMES) { - /* - * For a DFS path the function parse_dfs_path() - * will do the path processing, just make a copy. - */ - *err = NT_STATUS_OK; - return ret; - } + bool ignore; + return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src, + src_len, flags, err, &ignore); +} - if (lp_posix_pathnames()) { - *err = check_path_syntax_posix(*pp_dest); - } else { - *err = check_path_syntax(*pp_dest); - } +size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req, + char **pp_dest, const char *src, int flags, + NTSTATUS *err, bool *contains_wcard) +{ + return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2, + pp_dest, src, smbreq_bufrem(req, src), + flags, err, contains_wcard); +} - return ret; +size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req, + char **pp_dest, const char *src, int flags, + NTSTATUS *err) +{ + bool ignore; + return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src, + flags, err, &ignore); } /**************************************************************************** @@ -530,13 +495,12 @@ void reply_tcon(struct smb_request *req) } p = (const char *)req->buf + 1; - p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, - &service_buf, p, STR_TERMINATE) + 1; - pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, - &password, p, STR_TERMINATE) + 1; - p += pwlen; - p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, - &dev, p, STR_TERMINATE) + 1; + p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE); + p += 1; + pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE); + p += pwlen+1; + p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE); + p += 1; if (service_buf == NULL || password == NULL || dev == NULL) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -604,8 +568,8 @@ void reply_tcon_and_X(struct smb_request *req) return; } - passlen = SVAL(req->inbuf,smb_vwv3); - tcon_flags = SVAL(req->inbuf,smb_vwv2); + passlen = SVAL(req->vwv+3, 0); + tcon_flags = SVAL(req->vwv+2, 0); /* we might have to close an old one */ if ((tcon_flags & 0x1) && conn) { @@ -638,8 +602,7 @@ void reply_tcon_and_X(struct smb_request *req) p = (const char *)req->buf + passlen + 1; } - p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p, - STR_TERMINATE); + p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE); if (path == NULL) { data_blob_clear_free(&password); @@ -667,7 +630,7 @@ void reply_tcon_and_X(struct smb_request *req) p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2, &client_devicetype, p, - MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII); + MIN(6, smbreq_bufrem(req, p)), STR_ASCII); if (client_devicetype == NULL) { data_blob_clear_free(&password); @@ -801,8 +764,8 @@ void reply_ioctl(struct smb_request *req) return; } - device = SVAL(req->inbuf,smb_vwv1); - function = SVAL(req->inbuf,smb_vwv2); + device = SVAL(req->vwv+1, 0); + function = SVAL(req->vwv+2, 0); ioctl_code = (device << 16) + function; DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code)); @@ -829,7 +792,7 @@ void reply_ioctl(struct smb_request *req) case IOCTL_QUERY_JOB_INFO: { files_struct *fsp = file_fsp( - req, SVAL(req->inbuf, smb_vwv0)); + req, SVAL(req->vwv+0, 0)); if (!fsp) { reply_doserror(req, ERRDOS, ERRbadfid); END_PROFILE(SMBioctl); @@ -858,10 +821,10 @@ void reply_ioctl(struct smb_request *req) Strange checkpath NTSTATUS mapping. ****************************************************************************/ -static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status) +static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status) { /* Strange DOS error code semantics only for checkpath... */ - if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) { + if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) { if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) { /* We need to map to ERRbadpath */ return NT_STATUS_OBJECT_PATH_NOT_FOUND; @@ -884,10 +847,11 @@ void reply_checkpath(struct smb_request *req) START_PROFILE(SMBcheckpath); - srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name, - (const char *)req->buf + 1, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1, + STR_TERMINATE, &status); + if (!NT_STATUS_IS_OK(status)) { - status = map_checkpath_error((char *)req->inbuf, status); + status = map_checkpath_error(req->flags2, status); reply_nterror(req, status); END_PROFILE(SMBcheckpath); return; @@ -907,7 +871,7 @@ void reply_checkpath(struct smb_request *req) goto path_err; } - DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0))); + DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0))); status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf); if (!NT_STATUS_IS_OK(status)) { @@ -947,7 +911,7 @@ void reply_checkpath(struct smb_request *req) one at a time - if a component fails it expects ERRbadpath, not ERRbadfile. */ - status = map_checkpath_error((char *)req->inbuf, status); + status = map_checkpath_error(req->flags2, status); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { /* * Windows returns different error codes if @@ -983,8 +947,7 @@ void reply_getatr(struct smb_request *req) START_PROFILE(SMBgetatr); p = (const char *)req->buf + 1; - p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p, - 0, STR_TERMINATE, &status); + p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBgetatr); @@ -1092,8 +1055,7 @@ void reply_setatr(struct smb_request *req) } p = (const char *)req->buf + 1; - p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p, - 0, STR_TERMINATE, &status); + p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBsetatr); @@ -1140,8 +1102,8 @@ void reply_setatr(struct smb_request *req) return; } - mode = SVAL(req->inbuf,smb_vwv0); - mtime = srv_make_unix_date3(req->inbuf+smb_vwv1); + mode = SVAL(req->vwv+0, 0); + mtime = srv_make_unix_date3(req->vwv+1); ts[1] = convert_time_t_to_timespec(mtime); status = smb_set_file_time(conn, NULL, fname, @@ -1265,29 +1227,22 @@ void reply_search(struct smb_request *req) } if (lp_posix_pathnames()) { - reply_unknown_new(req, CVAL(req->inbuf, smb_com)); + reply_unknown_new(req, req->cmd); END_PROFILE(SMBsearch); return; } /* If we were called as SMBffirst then we must expect close. */ - if(CVAL(req->inbuf,smb_com) == SMBffirst) { + if(req->cmd == SMBffirst) { expect_close = True; } reply_outbuf(req, 1, 3); - maxentries = SVAL(req->inbuf,smb_vwv0); - dirtype = SVAL(req->inbuf,smb_vwv1); + maxentries = SVAL(req->vwv+0, 0); + dirtype = SVAL(req->vwv+1, 0); p = (const char *)req->buf + 1; - p += srvstr_get_path_wcard(ctx, - (char *)req->inbuf, - req->flags2, - &path, - p, - 0, - STR_TERMINATE, - &nt_status, - &mask_contains_wcard); + p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE, + &nt_status, &mask_contains_wcard); if (!NT_STATUS_IS_OK(nt_status)) { reply_nterror(req, nt_status); END_PROFILE(SMBsearch); @@ -1488,7 +1443,7 @@ void reply_search(struct smb_request *req) } /* If we were called as SMBfunique, then we can close the dirptr now ! */ - if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) { + if(dptr_num >= 0 && req->cmd == SMBfunique) { dptr_close(&dptr_num); } @@ -1521,7 +1476,7 @@ void reply_search(struct smb_request *req) } DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n", - smb_fn_name(CVAL(req->inbuf,smb_com)), + smb_fn_name(req->cmd), mask, directory ? directory : "./", dirtype, @@ -1550,21 +1505,14 @@ void reply_fclose(struct smb_request *req) START_PROFILE(SMBfclose); if (lp_posix_pathnames()) { - reply_unknown_new(req, CVAL(req->inbuf, smb_com)); + reply_unknown_new(req, req->cmd); END_PROFILE(SMBfclose); return; } p = (const char *)req->buf + 1; - p += srvstr_get_path_wcard(ctx, - (char *)req->inbuf, - req->flags2, - &path, - p, - 0, - STR_TERMINATE, - &err, - &path_contains_wcard); + p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE, + &err, &path_contains_wcard); if (!NT_STATUS_IS_OK(err)) { reply_nterror(req, err); END_PROFILE(SMBfclose); @@ -1629,11 +1577,11 @@ void reply_open(struct smb_request *req) } oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); - deny_mode = SVAL(req->inbuf,smb_vwv0); - dos_attr = SVAL(req->inbuf,smb_vwv1); + deny_mode = SVAL(req->vwv+0, 0); + dos_attr = SVAL(req->vwv+1, 0); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - (const char *)req->buf+1, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBopen); @@ -1729,8 +1677,8 @@ void reply_open_and_X(struct smb_request *req) int core_oplock_request; int oplock_request; #if 0 - int smb_sattr = SVAL(req->inbuf,smb_vwv4); - uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6); + int smb_sattr = SVAL(req->vwv+4, 0); + uint32 smb_time = make_unix_date3(req->vwv+6); #endif int smb_ofun; uint32 fattr=0; @@ -1755,14 +1703,14 @@ void reply_open_and_X(struct smb_request *req) return; } - open_flags = SVAL(req->inbuf,smb_vwv2); - deny_mode = SVAL(req->inbuf,smb_vwv3); - smb_attr = SVAL(req->inbuf,smb_vwv5); + open_flags = SVAL(req->vwv+2, 0); + deny_mode = SVAL(req->vwv+3, 0); + smb_attr = SVAL(req->vwv+5, 0); ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf); core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); oplock_request = ex_oplock_request | core_oplock_request; - smb_ofun = SVAL(req->inbuf,smb_vwv8); - allocation_size = (uint64_t)IVAL(req->inbuf,smb_vwv9); + smb_ofun = SVAL(req->vwv+8, 0); + allocation_size = (uint64_t)IVAL(req->vwv+9, 0); /* If it's an IPC, pass off the pipe handler. */ if (IS_IPC(conn)) { @@ -1776,8 +1724,8 @@ void reply_open_and_X(struct smb_request *req) } /* XXXX we need to handle passed times, sattr and flags */ - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - (const char *)req->buf, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBopenX); @@ -1943,7 +1891,6 @@ void reply_mknew(struct smb_request *req) { connection_struct *conn = req->conn; char *fname = NULL; - int com; uint32 fattr = 0; struct timespec ts[2]; files_struct *fsp; @@ -1964,16 +1911,14 @@ void reply_mknew(struct smb_request *req) return; } - fattr = SVAL(req->inbuf,smb_vwv0); + fattr = SVAL(req->vwv+0, 0); oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); - com = SVAL(req->inbuf,smb_com); - ts[1] =convert_time_t_to_timespec( - srv_make_unix_date3(req->inbuf + smb_vwv1)); + ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1)); /* mtime. */ - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - (const char *)req->buf + 1, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBcreate); @@ -1985,7 +1930,7 @@ void reply_mknew(struct smb_request *req) "please report this\n", fname)); } - if(com == SMBmknew) { + if(req->cmd == SMBmknew) { /* We should fail if file exists. */ create_disposition = FILE_CREATE; } else { @@ -2074,11 +2019,11 @@ void reply_ctemp(struct smb_request *req) return; } - fattr = SVAL(req->inbuf,smb_vwv0); + fattr = SVAL(req->vwv+0, 0); oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, - (const char *)req->buf+1, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBctemp); @@ -2545,11 +2490,11 @@ void reply_unlink(struct smb_request *req) return; } - dirtype = SVAL(req->inbuf,smb_vwv0); + dirtype = SVAL(req->vwv+0, 0); - srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, - (const char *)req->buf + 1, 0, STR_TERMINATE, - &status, &path_contains_wcard); + srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1, + STR_TERMINATE, &status, + &path_contains_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBunlink); @@ -2800,7 +2745,7 @@ void reply_readbraw(struct smb_request *req) * return a zero length response here. */ - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); /* * We have to do a check_fsp by hand here, as @@ -2816,7 +2761,7 @@ void reply_readbraw(struct smb_request *req) */ DEBUG(3,("reply_readbraw: fnum %d not valid " "- cache prime?\n", - (int)SVAL(req->inbuf,smb_vwv0))); + (int)SVAL(req->vwv+0, 0))); reply_readbraw_error(); END_PROFILE(SMBreadbraw); return; @@ -2827,7 +2772,7 @@ void reply_readbraw(struct smb_request *req) ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && (fsp->access_mask & FILE_EXECUTE)))) { DEBUG(3,("reply_readbraw: fnum %d not readable.\n", - (int)SVAL(req->inbuf,smb_vwv0))); + (int)SVAL(req->vwv+0, 0))); reply_readbraw_error(); END_PROFILE(SMBreadbraw); return; @@ -2835,14 +2780,14 @@ void reply_readbraw(struct smb_request *req) flush_write_cache(fsp, READRAW_FLUSH); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0); if(req->wct == 10) { /* * This is a large offset (64 bit) read. */ #ifdef LARGE_SMB_OFF_T - startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32); + startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32); #else /* !LARGE_SMB_OFF_T */ @@ -2850,11 +2795,11 @@ void reply_readbraw(struct smb_request *req) * Ensure we haven't been sent a >32 bit offset. */ - if(IVAL(req->inbuf,smb_vwv8) != 0) { + if(IVAL(req->vwv+8, 0) != 0) { DEBUG(0,("reply_readbraw: large offset " "(%x << 32) used and we don't support " "64 bit offsets.\n", - (unsigned int)IVAL(req->inbuf,smb_vwv8) )); + (unsigned int)IVAL(req->vwv+8, 0) )); reply_readbraw_error(); END_PROFILE(SMBreadbraw); return; @@ -2872,8 +2817,8 @@ void reply_readbraw(struct smb_request *req) } } - maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF); - mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF); + maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF); + mincount = (SVAL(req->vwv+4, 0) & 0xFFFF); /* ensure we don't overrun the packet size */ maxcount = MIN(65535,maxcount); @@ -2942,7 +2887,7 @@ void reply_lockread(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBlockread); @@ -2957,8 +2902,8 @@ void reply_lockread(struct smb_request *req) release_level_2_oplocks_on_change(fsp); - numtoread = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); + numtoread = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread); @@ -3050,7 +2995,7 @@ void reply_read(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBread); @@ -3063,8 +3008,8 @@ void reply_read(struct smb_request *req) return; } - numtoread = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); + numtoread = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); numtoread = MIN(BUFFER_SIZE-outsize,numtoread); @@ -3170,7 +3115,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req, * on a train in Germany :-). JRA. */ - if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) && + if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) && !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) && lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) { uint8 headerbuf[smb_size + 12 * 2]; @@ -3284,7 +3229,7 @@ void reply_read_and_X(struct smb_request *req) size_t smb_maxcnt; bool big_readX = False; #if 0 - size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6); + size_t smb_mincnt = SVAL(req->vwv+6, 0); #endif START_PROFILE(SMBreadX); @@ -3294,9 +3239,9 @@ void reply_read_and_X(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2)); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3); - smb_maxcnt = SVAL(req->inbuf,smb_vwv5); + fsp = file_fsp(req, SVAL(req->vwv+2, 0)); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0); + smb_maxcnt = SVAL(req->vwv+5, 0); /* If it's an IPC, pass off the pipe handler. */ if (IS_IPC(conn)) { @@ -3317,11 +3262,11 @@ void reply_read_and_X(struct smb_request *req) } if (global_client_caps & CAP_LARGE_READX) { - size_t upper_size = SVAL(req->inbuf,smb_vwv7); + size_t upper_size = SVAL(req->vwv+7, 0); smb_maxcnt |= (upper_size<<16); if (upper_size > 1) { /* Can't do this on a chained packet. */ - if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) { + if ((CVAL(req->vwv+0, 0) != 0xFF)) { reply_nterror(req, NT_STATUS_NOT_SUPPORTED); END_PROFILE(SMBreadX); return; @@ -3348,7 +3293,7 @@ void reply_read_and_X(struct smb_request *req) /* * This is a large offset (64 bit) read. */ - startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32); + startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32); #else /* !LARGE_SMB_OFF_T */ @@ -3356,10 +3301,10 @@ void reply_read_and_X(struct smb_request *req) * Ensure we haven't been sent a >32 bit offset. */ - if(IVAL(req->inbuf,smb_vwv10) != 0) { + if(IVAL(req->vwv+10, 0) != 0) { DEBUG(0,("reply_read_and_X - large offset (%x << 32) " "used and we don't support 64 bit offsets.\n", - (unsigned int)IVAL(req->inbuf,smb_vwv10) )); + (unsigned int)IVAL(req->vwv+10, 0) )); END_PROFILE(SMBreadX); reply_doserror(req, ERRDOS, ERRbadaccess); return; @@ -3442,7 +3387,7 @@ void reply_writebraw(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { error_to_writebrawerr(req); END_PROFILE(SMBwritebraw); @@ -3456,9 +3401,9 @@ void reply_writebraw(struct smb_request *req) return; } - tcount = IVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3); - write_through = BITSETW(req->inbuf+smb_vwv7,0); + tcount = IVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0); + write_through = BITSETW(req->vwv+7,0); /* We have to deal with slightly different formats depending on whether we are using the core+ or lanman1.0 protocol */ @@ -3467,8 +3412,8 @@ void reply_writebraw(struct smb_request *req) numtowrite = SVAL(smb_buf(req->inbuf),-2); data = smb_buf(req->inbuf); } else { - numtowrite = SVAL(req->inbuf,smb_vwv10); - data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11); + numtowrite = SVAL(req->vwv+10, 0); + data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0); } /* Ensure we don't write bytes past the end of this packet. */ @@ -3647,7 +3592,7 @@ void reply_writeunlock(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwriteunlock); @@ -3660,8 +3605,8 @@ void reply_writeunlock(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); + numtowrite = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); data = (const char *)req->buf + 3; if (numtowrite @@ -3754,7 +3699,7 @@ void reply_write(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwrite); @@ -3767,8 +3712,8 @@ void reply_write(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); + numtowrite = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); data = (const char *)req->buf + 3; if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite, @@ -3941,14 +3886,14 @@ void reply_write_and_X(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv10); - smb_doff = SVAL(req->inbuf,smb_vwv11); + numtowrite = SVAL(req->vwv+10, 0); + smb_doff = SVAL(req->vwv+11, 0); smblen = smb_len(req->inbuf); if (req->unread_bytes > 0xFFFF || (smblen > smb_doff && smblen - smb_doff > 0xFFFF)) { - numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16); + numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16); } if (req->unread_bytes) { @@ -3984,9 +3929,9 @@ void reply_write_and_X(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2)); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3); - write_through = BITSETW(req->inbuf+smb_vwv7,0); + fsp = file_fsp(req, SVAL(req->vwv+2, 0)); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0); + write_through = BITSETW(req->vwv+7,0); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwriteX); @@ -4006,7 +3951,7 @@ void reply_write_and_X(struct smb_request *req) /* * This is a large offset (64 bit) write. */ - startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32); + startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32); #else /* !LARGE_SMB_OFF_T */ @@ -4014,10 +3959,10 @@ void reply_write_and_X(struct smb_request *req) * Ensure we haven't been sent a >32 bit offset. */ - if(IVAL(req->inbuf,smb_vwv12) != 0) { + if(IVAL(req->vwv+12, 0) != 0) { DEBUG(0,("reply_write_and_X - large offset (%x << 32) " "used and we don't support 64 bit offsets.\n", - (unsigned int)IVAL(req->inbuf,smb_vwv12) )); + (unsigned int)IVAL(req->vwv+12, 0) )); reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBwriteX); return; @@ -4105,7 +4050,7 @@ void reply_lseek(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { return; @@ -4113,9 +4058,9 @@ void reply_lseek(struct smb_request *req) flush_write_cache(fsp, SEEK_FLUSH); - mode = SVAL(req->inbuf,smb_vwv1) & 3; + mode = SVAL(req->vwv+1, 0) & 3; /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */ - startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2); + startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0); switch (mode) { case 0: @@ -4190,7 +4135,7 @@ void reply_flush(struct smb_request *req) return; } - fnum = SVAL(req->inbuf,smb_vwv0); + fnum = SVAL(req->vwv+0, 0); fsp = file_fsp(req, fnum); if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) { @@ -4253,7 +4198,7 @@ void reply_close(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); /* * We can only use check_fsp if we know it's not a directory. @@ -4285,7 +4230,7 @@ void reply_close(struct smb_request *req) * Take care of any time sent in the close. */ - t = srv_make_unix_date3(req->inbuf+smb_vwv1); + t = srv_make_unix_date3(req->vwv+1); set_close_write_time(fsp, convert_time_t_to_timespec(t)); /* @@ -4331,7 +4276,7 @@ void reply_writeclose(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBwriteclose); @@ -4343,10 +4288,9 @@ void reply_writeclose(struct smb_request *req) return; } - numtowrite = SVAL(req->inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); - mtime = convert_time_t_to_timespec(srv_make_unix_date3( - req->inbuf+smb_vwv4)); + numtowrite = SVAL(req->vwv+1, 0); + startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0); + mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4)); data = (const char *)req->buf + 1; if (numtowrite @@ -4418,7 +4362,7 @@ void reply_lock(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBlock); @@ -4427,8 +4371,8 @@ void reply_lock(struct smb_request *req) release_level_2_oplocks_on_change(fsp); - count = (uint64_t)IVAL(req->inbuf,smb_vwv1); - offset = (uint64_t)IVAL(req->inbuf,smb_vwv3); + count = (uint64_t)IVAL(req->vwv+1, 0); + offset = (uint64_t)IVAL(req->vwv+3, 0); DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n", fsp->fh->fd, fsp->fnum, (double)offset, (double)count)); @@ -4477,15 +4421,15 @@ void reply_unlock(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBunlock); return; } - count = (uint64_t)IVAL(req->inbuf,smb_vwv1); - offset = (uint64_t)IVAL(req->inbuf,smb_vwv3); + count = (uint64_t)IVAL(req->vwv+1, 0); + offset = (uint64_t)IVAL(req->vwv+3, 0); status = do_unlock(smbd_messaging_context(), fsp, @@ -4558,7 +4502,7 @@ void reply_echo(struct smb_request *req) return; } - smb_reverb = SVAL(req->inbuf,smb_vwv0); + smb_reverb = SVAL(req->vwv+0, 0); reply_outbuf(req, 1, req->buflen); @@ -4651,7 +4595,7 @@ void reply_printclose(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBsplclose); @@ -4699,8 +4643,8 @@ void reply_printqueue(struct smb_request *req) return; } - max_count = SVAL(req->inbuf,smb_vwv0); - start_index = SVAL(req->inbuf,smb_vwv1); + max_count = SVAL(req->vwv+0, 0); + start_index = SVAL(req->vwv+1, 0); /* we used to allow the client to get the cnum wrong, but that is really quite gross and only worked when there was only @@ -4793,7 +4737,7 @@ void reply_printwrite(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if (!check_fsp(conn, req, fsp)) { END_PROFILE(SMBsplwr); @@ -4848,8 +4792,8 @@ void reply_mkdir(struct smb_request *req) START_PROFILE(SMBmkdir); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory, - (const char *)req->buf + 1, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBmkdir); @@ -5118,8 +5062,8 @@ void reply_rmdir(struct smb_request *req) START_PROFILE(SMBrmdir); - srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory, - (const char *)req->buf + 1, 0, STR_TERMINATE, &status); + srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1, + STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBrmdir); @@ -5914,21 +5858,19 @@ void reply_mv(struct smb_request *req) return; } - attrs = SVAL(req->inbuf,smb_vwv0); + attrs = SVAL(req->vwv+0, 0); p = (const char *)req->buf + 1; - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p, - 0, STR_TERMINATE, &status, - &src_has_wcard); + p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE, + &status, &src_has_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBmv); return; } p++; - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p, - 0, STR_TERMINATE, &status, - &dest_has_wcard); + p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE, + &status, &dest_has_wcard); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBmv); @@ -6156,22 +6098,20 @@ void reply_copy(struct smb_request *req) return; } - tid2 = SVAL(req->inbuf,smb_vwv0); - ofun = SVAL(req->inbuf,smb_vwv1); - flags = SVAL(req->inbuf,smb_vwv2); + tid2 = SVAL(req->vwv+0, 0); + ofun = SVAL(req->vwv+1, 0); + flags = SVAL(req->vwv+2, 0); p = (const char *)req->buf; - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p, - 0, STR_TERMINATE, &status, - &source_has_wild); + p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE, + &status, &source_has_wild); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBcopy); return; } - p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p, - 0, STR_TERMINATE, &status, - &dest_has_wild); + p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE, + &status, &dest_has_wild); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); END_PROFILE(SMBcopy); @@ -6617,12 +6557,12 @@ void reply_lockingX(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2)); - locktype = CVAL(req->inbuf,smb_vwv3); - oplocklevel = CVAL(req->inbuf,smb_vwv3+1); - num_ulocks = SVAL(req->inbuf,smb_vwv6); - num_locks = SVAL(req->inbuf,smb_vwv7); - lock_timeout = IVAL(req->inbuf,smb_vwv4); + fsp = file_fsp(req, SVAL(req->vwv+2, 0)); + locktype = CVAL(req->vwv+3, 0); + oplocklevel = CVAL(req->vwv+3, 1); + num_ulocks = SVAL(req->vwv+6, 0); + num_locks = SVAL(req->vwv+7, 0); + lock_timeout = IVAL(req->vwv+4, 0); large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False; if (!check_fsp(conn, req, fsp)) { @@ -6704,11 +6644,10 @@ void reply_lockingX(struct smb_request *req) if (num_locks == 0 && num_ulocks == 0) { /* Sanity check - ensure a pure oplock break is not a chained request. */ - if(CVAL(req->inbuf,smb_vwv0) != 0xff) + if(CVAL(req->vwv+0, 0) != 0xff) DEBUG(0,("reply_lockingX: Error : pure oplock " "break is a chained %d request !\n", - (unsigned int)CVAL(req->inbuf, - smb_vwv0) )); + (unsigned int)CVAL(req->vwv+0, 0))); END_PROFILE(SMBlockingX); return; } @@ -6993,7 +6932,7 @@ void reply_setattrE(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if(!fsp || (fsp->conn != conn)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -7008,9 +6947,9 @@ void reply_setattrE(struct smb_request *req) */ ts[0] = convert_time_t_to_timespec( - srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */ + srv_make_unix_date2(req->vwv+3)); /* atime. */ ts[1] = convert_time_t_to_timespec( - srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */ + srv_make_unix_date2(req->vwv+5)); /* mtime. */ reply_outbuf(req, 0, 0); @@ -7104,7 +7043,7 @@ void reply_getattrE(struct smb_request *req) return; } - fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0)); + fsp = file_fsp(req, SVAL(req->vwv+0, 0)); if(!fsp || (fsp->conn != conn)) { reply_doserror(req, ERRDOS, ERRbadfid); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 4123783eda..fde6cdc160 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1169,18 +1169,17 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) const char *native_lanman; const char *primary_domain; const char *p2; - uint16 data_blob_len = SVAL(req->inbuf, smb_vwv7); + uint16 data_blob_len = SVAL(req->vwv+7, 0); enum remote_arch_types ra_type = get_remote_arch(); int vuid = SVAL(req->inbuf,smb_uid); user_struct *vuser = NULL; NTSTATUS status = NT_STATUS_OK; uint16 smbpid = req->smbpid; - uint16 smb_flag2 = req->flags2; DEBUG(3,("Doing spnego session setup\n")); if (global_client_caps == 0) { - global_client_caps = IVAL(req->inbuf,smb_vwv10); + global_client_caps = IVAL(req->vwv+10, 0); if (!(global_client_caps & CAP_STATUS32)) { remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES); @@ -1196,7 +1195,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) return; } - bufrem = smb_bufrem(req->inbuf, p); + bufrem = smbreq_bufrem(req, p); /* pull the spnego blob */ blob1 = data_blob(p, MIN(bufrem, data_blob_len)); @@ -1206,16 +1205,16 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) p2 = (char *)req->inbuf + smb_vwv13 + data_blob_len; - p2 += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, smb_flag2, - &tmp, p2, STR_TERMINATE); + p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2, + STR_TERMINATE); native_os = tmp ? tmp : ""; - p2 += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, smb_flag2, - &tmp, p2, STR_TERMINATE); + p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2, + STR_TERMINATE); native_lanman = tmp ? tmp : ""; - p2 += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, smb_flag2, - &tmp, p2,STR_TERMINATE); + p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2, + STR_TERMINATE); primary_domain = tmp ? tmp : ""; DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n", @@ -1439,7 +1438,7 @@ void reply_sesssetup_and_X(struct smb_request *req) return; } - if (SVAL(req->inbuf,smb_vwv4) == 0) { + if (SVAL(req->vwv+4, 0) == 0) { setup_new_vc_session(); } @@ -1448,10 +1447,10 @@ void reply_sesssetup_and_X(struct smb_request *req) return; } - smb_bufsize = SVAL(req->inbuf,smb_vwv2); + smb_bufsize = SVAL(req->vwv+2, 0); if (Protocol < PROTOCOL_NT1) { - uint16 passlen1 = SVAL(req->inbuf,smb_vwv7); + uint16 passlen1 = SVAL(req->vwv+7, 0); /* Never do NT status codes with protocols before NT1 as we * don't get client caps. */ @@ -1472,16 +1471,15 @@ void reply_sesssetup_and_X(struct smb_request *req) plaintext_password.data[passlen1] = 0; } - srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, req->flags2, - &tmp, req->buf + passlen1, - STR_TERMINATE); + srvstr_pull_req_talloc(talloc_tos(), req, &tmp, + req->buf + passlen1, STR_TERMINATE); user = tmp ? tmp : ""; domain = ""; } else { - uint16 passlen1 = SVAL(req->inbuf,smb_vwv7); - uint16 passlen2 = SVAL(req->inbuf,smb_vwv8); + uint16 passlen1 = SVAL(req->vwv+7, 0); + uint16 passlen2 = SVAL(req->vwv+8, 0); enum remote_arch_types ra_type = get_remote_arch(); const uint8_t *p = req->buf; const uint8_t *save_p = req->buf; @@ -1489,7 +1487,7 @@ void reply_sesssetup_and_X(struct smb_request *req) if(global_client_caps == 0) { - global_client_caps = IVAL(req->inbuf,smb_vwv11); + global_client_caps = IVAL(req->vwv+11, 0); if (!(global_client_caps & CAP_STATUS32)) { remove_from_common_flags2( @@ -1531,7 +1529,7 @@ void reply_sesssetup_and_X(struct smb_request *req) /* check for nasty tricks */ if (passlen1 > MAX_PASS_LEN - || passlen1 > smb_bufrem(req->inbuf, p)) { + || passlen1 > smbreq_bufrem(req, p)) { reply_nterror(req, nt_status_squash( NT_STATUS_INVALID_PARAMETER)); END_PROFILE(SMBsesssetupX); @@ -1539,7 +1537,7 @@ void reply_sesssetup_and_X(struct smb_request *req) } if (passlen2 > MAX_PASS_LEN - || passlen2 > smb_bufrem(req->inbuf, p+passlen1)) { + || passlen2 > smbreq_bufrem(req, p+passlen1)) { reply_nterror(req, nt_status_squash( NT_STATUS_INVALID_PARAMETER)); END_PROFILE(SMBsesssetupX); @@ -1592,23 +1590,19 @@ void reply_sesssetup_and_X(struct smb_request *req) p += passlen1 + passlen2; - p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, - req->flags2, &tmp, p, + p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p, STR_TERMINATE); user = tmp ? tmp : ""; - p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, - req->flags2, &tmp, p, + p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p, STR_TERMINATE); domain = tmp ? tmp : ""; - p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, - req->flags2, &tmp, p, + p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p, STR_TERMINATE); native_os = tmp ? tmp : ""; - p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, - req->flags2, &tmp, p, + p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p, STR_TERMINATE); native_lanman = tmp ? tmp : ""; @@ -1619,10 +1613,9 @@ void reply_sesssetup_and_X(struct smb_request *req) * Windows 9x does not include a string here at all so we have * to check if we have any extra bytes left */ - byte_count = SVAL(req->inbuf, smb_vwv13); + byte_count = SVAL(req->vwv+13, 0); if ( PTR_DIFF(p, save_p) < byte_count) { - p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, - req->flags2, &tmp, p, + p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p, STR_TERMINATE); primary_domain = tmp ? tmp : ""; } else { @@ -1642,7 +1635,7 @@ void reply_sesssetup_and_X(struct smb_request *req) } - if (SVAL(req->inbuf,smb_vwv4) == 0) { + if (SVAL(req->vwv+4, 0) == 0) { setup_new_vc_session(); } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index a450a56e72..9e150018ef 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2183,7 +2183,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n", - smb_fn_name(CVAL(req->inbuf,smb_com)), + smb_fn_name(req->cmd), mask, directory, dirtype, numentries ) ); /* @@ -2481,7 +2481,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n", - smb_fn_name(CVAL(req->inbuf,smb_com)), + smb_fn_name(req->cmd), mask, directory, dirtype, numentries ) ); /* Check if we can close the dirptr */ @@ -3118,7 +3118,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned max_data_bytes); DEBUG( 4, ( "%s info_level = %d\n", - smb_fn_name(CVAL(req->inbuf,smb_com)), info_level) ); + smb_fn_name(req->cmd), info_level) ); return; } @@ -7254,7 +7254,7 @@ static void call_trans2ioctl(connection_struct *conn, unsigned int max_data_bytes) { char *pdata = *ppdata; - files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv15)); + files_struct *fsp = file_fsp(req, SVAL(req->vwv+15, 0)); /* check for an invalid fid before proceeding */ @@ -7307,7 +7307,7 @@ void reply_findclose(struct smb_request *req) return; } - dptr_num = SVALS(req->inbuf,smb_vwv0); + dptr_num = SVALS(req->vwv+0, 0); DEBUG(3,("reply_findclose, dptr_num = %d\n", dptr_num)); @@ -7337,7 +7337,7 @@ void reply_findnclose(struct smb_request *req) return; } - dptr_num = SVAL(req->inbuf,smb_vwv0); + dptr_num = SVAL(req->vwv+0, 0); DEBUG(3,("reply_findnclose, dptr_num = %d\n", dptr_num)); @@ -7540,11 +7540,11 @@ void reply_trans2(struct smb_request *req) return; } - dsoff = SVAL(req->inbuf, smb_dsoff); - dscnt = SVAL(req->inbuf, smb_dscnt); - psoff = SVAL(req->inbuf, smb_psoff); - pscnt = SVAL(req->inbuf, smb_pscnt); - tran_call = SVAL(req->inbuf, smb_setup0); + dsoff = SVAL(req->vwv+12, 0); + dscnt = SVAL(req->vwv+11, 0); + psoff = SVAL(req->vwv+10, 0); + pscnt = SVAL(req->vwv+9, 0); + tran_call = SVAL(req->vwv+14, 0); size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); @@ -7584,17 +7584,17 @@ void reply_trans2(struct smb_request *req) state->mid = req->mid; state->vuid = req->vuid; - state->setup_count = SVAL(req->inbuf, smb_suwcnt); + state->setup_count = SVAL(req->vwv+13, 0); state->setup = NULL; - state->total_param = SVAL(req->inbuf, smb_tpscnt); + state->total_param = SVAL(req->vwv+0, 0); state->param = NULL; - state->total_data = SVAL(req->inbuf, smb_tdscnt); + state->total_data = SVAL(req->vwv+1, 0); state->data = NULL; - state->max_param_return = SVAL(req->inbuf, smb_mprcnt); - state->max_data_return = SVAL(req->inbuf, smb_mdrcnt); - state->max_setup_return = SVAL(req->inbuf, smb_msrcnt); - state->close_on_completion = BITSETW(req->inbuf+smb_vwv5,0); - state->one_way = BITSETW(req->inbuf+smb_vwv5,1); + state->max_param_return = SVAL(req->vwv+2, 0); + state->max_data_return = SVAL(req->vwv+3, 0); + state->max_setup_return = SVAL(req->vwv+4, 0); + state->close_on_completion = BITSETW(req->vwv+5, 0); + state->one_way = BITSETW(req->vwv+5, 1); state->call = tran_call; @@ -7758,18 +7758,18 @@ void reply_transs2(struct smb_request *req) /* Revise state->total_param and state->total_data in case they have changed downwards */ - if (SVAL(req->inbuf, smb_tpscnt) < state->total_param) - state->total_param = SVAL(req->inbuf, smb_tpscnt); - if (SVAL(req->inbuf, smb_tdscnt) < state->total_data) - state->total_data = SVAL(req->inbuf, smb_tdscnt); + if (SVAL(req->vwv+0, 0) < state->total_param) + state->total_param = SVAL(req->vwv+0, 0); + if (SVAL(req->vwv+1, 0) < state->total_data) + state->total_data = SVAL(req->vwv+1, 0); - pcnt = SVAL(req->inbuf, smb_spscnt); - poff = SVAL(req->inbuf, smb_spsoff); - pdisp = SVAL(req->inbuf, smb_spsdisp); + pcnt = SVAL(req->vwv+2, 0); + poff = SVAL(req->vwv+3, 0); + pdisp = SVAL(req->vwv+4, 0); - dcnt = SVAL(req->inbuf, smb_sdscnt); - doff = SVAL(req->inbuf, smb_sdsoff); - ddisp = SVAL(req->inbuf, smb_sdsdisp); + dcnt = SVAL(req->vwv+5, 0); + doff = SVAL(req->vwv+6, 0); + ddisp = SVAL(req->vwv+7, 0); state->received_param += pcnt; state->received_data += dcnt; |