summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/pipes.c45
-rw-r--r--source3/smbd/reply.c47
2 files changed, 49 insertions, 43 deletions
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 24e0f47001..cf12b4be4d 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -183,26 +183,29 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize)
wrinkles to handle pipes.
****************************************************************************/
-int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+void reply_pipe_write_and_X(struct smb_request *req)
{
- smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv2));
- uint16 vuid = SVAL(inbuf,smb_uid);
- size_t numtowrite = SVAL(inbuf,smb_vwv10);
+ smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2));
+ size_t numtowrite = SVAL(req->inbuf,smb_vwv10);
int nwritten = -1;
- int smb_doff = SVAL(inbuf, smb_vwv11);
- BOOL pipe_start_message_raw = ((SVAL(inbuf, smb_vwv7) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) ==
- (PIPE_START_MESSAGE|PIPE_RAW_MODE));
+ int smb_doff = SVAL(req->inbuf, smb_vwv11);
+ BOOL pipe_start_message_raw =
+ ((SVAL(req->inbuf, smb_vwv7)
+ & (PIPE_START_MESSAGE|PIPE_RAW_MODE))
+ == (PIPE_START_MESSAGE|PIPE_RAW_MODE));
char *data;
if (!p) {
- return(ERROR_DOS(ERRDOS,ERRbadfid));
+ reply_doserror(req, ERRDOS, ERRbadfid);
+ return;
}
- if (p->vuid != vuid) {
- return ERROR_NT(NT_STATUS_INVALID_HANDLE);
+ if (p->vuid != req->vuid) {
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
+ return;
}
- data = smb_base(inbuf) + smb_doff;
+ data = smb_base(req->inbuf) + smb_doff;
if (numtowrite == 0) {
nwritten = 0;
@@ -214,9 +217,12 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize)
* them (we don't trust the client). JRA.
*/
if(numtowrite < 2) {
- DEBUG(0,("reply_pipe_write_and_X: start of message set and not enough data sent.(%u)\n",
- (unsigned int)numtowrite ));
- return (UNIXERROR(ERRDOS,ERRnoaccess));
+ DEBUG(0,("reply_pipe_write_and_X: start of "
+ "message set and not enough data "
+ "sent.(%u)\n",
+ (unsigned int)numtowrite ));
+ reply_unixerror(req, ERRDOS, ERRnoaccess);
+ return;
}
data += 2;
@@ -226,17 +232,18 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize)
}
if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) {
- return (UNIXERROR(ERRDOS,ERRnoaccess));
+ reply_unixerror(req, ERRDOS,ERRnoaccess);
+ return;
}
-
- set_message(inbuf,outbuf,6,0,True);
+
+ reply_outbuf(req, 6, 0);
nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten);
- SSVAL(outbuf,smb_vwv2,nwritten);
+ SSVAL(req->outbuf,smb_vwv2,nwritten);
DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten));
- return chain_reply(inbuf,&outbuf,length,bufsize);
+ chain_reply_new(req);
}
/****************************************************************************
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 30b90a6459..e4fbc839ff 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3289,35 +3289,39 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req)
START_PROFILE(SMBwriteX);
- if (!reply_prep_legacy(req, &inbuf, &outbuf, &length, &bufsize)) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
+ if ((req->wct != 12) && (req->wct != 14)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBwriteX);
return;
}
- if ((CVAL(inbuf, smb_wct) != 12) && (CVAL(inbuf, smb_wct) != 14)) {
- reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ numtowrite = SVAL(req->inbuf,smb_vwv10);
+ smb_doff = SVAL(req->inbuf,smb_vwv11);
+ smblen = smb_len(req->inbuf);
+ large_writeX = ((req->wct == 14) && (smblen > 0xFFFF));
+
+ /* Deal with possible LARGE_WRITEX */
+ if (large_writeX) {
+ numtowrite |= ((((size_t)SVAL(req->inbuf,smb_vwv9)) & 1 )<<16);
+ }
+
+ if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
+ reply_doserror(req, ERRDOS, ERRbadmem);
END_PROFILE(SMBwriteX);
return;
}
- fsp = file_fsp(SVAL(inbuf,smb_vwv2));
- startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
- numtowrite = SVAL(inbuf,smb_vwv10);
- write_through = BITSETW(inbuf+smb_vwv7,0);
- smb_doff = SVAL(inbuf,smb_vwv11);
- smblen = smb_len(inbuf);
- large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
-
/* If it's an IPC, pass off the pipe handler. */
if (IS_IPC(conn)) {
- reply_post_legacy(
- req,
- reply_pipe_write_and_X(inbuf,outbuf,length,bufsize));
+ reply_pipe_write_and_X(req);
END_PROFILE(SMBwriteX);
return;
}
+ fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
+ startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
+ write_through = BITSETW(req->inbuf+smb_vwv7,0);
+
if (!check_fsp(conn, req, fsp, &current_user)) {
END_PROFILE(SMBwriteX);
return;
@@ -3329,19 +3333,14 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req)
return;
}
- set_message(inbuf, outbuf, 6, 0, True);
-
- /* Deal with possible LARGE_WRITEX */
- if (large_writeX) {
- numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
- }
-
- if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
- reply_doserror(req, ERRDOS, ERRbadmem);
+ if (!reply_prep_legacy(req, &inbuf, &outbuf, &length, &bufsize)) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBwriteX);
return;
}
+ set_message(inbuf, outbuf, 6, 0, True);
+
data = smb_base(inbuf) + smb_doff;
if(CVAL(inbuf,smb_wct) == 14) {