summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/nttrans.c74
-rw-r--r--source3/smbd/process.c4
2 files changed, 55 insertions, 23 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 566e03008f..b9b7a3c2eb 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -3172,8 +3172,7 @@ static int handle_nttrans(connection_struct *conn,
Reply to a SMBNTtrans.
****************************************************************************/
-int reply_nttrans(connection_struct *conn,
- char *inbuf,char *outbuf,int size,int bufsize)
+void reply_nttrans(connection_struct *conn, struct smb_request *req)
{
int outsize = 0;
uint32 pscnt;
@@ -3184,11 +3183,21 @@ int reply_nttrans(connection_struct *conn,
NTSTATUS result;
struct trans_state *state;
+ char *inbuf, *outbuf;
+ int size, bufsize;
+
START_PROFILE(SMBnttrans);
+ if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBnttrans);
+ return;
+ }
+
if (CVAL(inbuf, smb_wct) < 19) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttrans);
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return;
}
pscnt = IVAL(inbuf,smb_nt_ParameterCount);
@@ -3198,20 +3207,23 @@ int reply_nttrans(connection_struct *conn,
function_code = SVAL( inbuf, smb_nt_Function);
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
+ reply_doserror(req, ERRSRV, ERRaccess);
END_PROFILE(SMBnttrans);
- return ERROR_DOS(ERRSRV,ERRaccess);
+ return;
}
result = allow_new_trans(conn->pending_trans, SVAL(inbuf, smb_mid));
if (!NT_STATUS_IS_OK(result)) {
DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result)));
+ reply_nterror(req, result);
END_PROFILE(SMBnttrans);
- return ERROR_NT(result);
+ return;
}
if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
+ reply_doserror(req, ERRSRV, ERRaccess);
END_PROFILE(SMBnttrans);
- return ERROR_DOS(ERRSRV,ERRaccess);
+ return;
}
state->cmd = SMBnttrans;
@@ -3244,8 +3256,9 @@ int reply_nttrans(connection_struct *conn,
/* Don't allow more than 128mb for each value. */
if ((state->total_data > (1024*1024*128)) ||
(state->total_param > (1024*1024*128))) {
+ reply_doserror(req, ERRDOS, ERRnomem);
END_PROFILE(SMBnttrans);
- return ERROR_DOS(ERRDOS,ERRnomem);
+ return;
}
if ((dscnt > state->total_data) || (pscnt > state->total_param))
@@ -3258,8 +3271,9 @@ int reply_nttrans(connection_struct *conn,
DEBUG(0,("reply_nttrans: data malloc fail for %u "
"bytes !\n", (unsigned int)state->total_data));
TALLOC_FREE(state);
+ reply_doserror(req, ERRDOS, ERRnomem);
END_PROFILE(SMBnttrans);
- return(ERROR_DOS(ERRDOS,ERRnomem));
+ return;
}
if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
goto bad_param;
@@ -3278,8 +3292,9 @@ int reply_nttrans(connection_struct *conn,
"bytes !\n", (unsigned int)state->total_param));
SAFE_FREE(state->data);
TALLOC_FREE(state);
+ reply_doserror(req, ERRDOS, ERRnomem);
END_PROFILE(SMBnttrans);
- return(ERROR_DOS(ERRDOS,ERRnomem));
+ return;
}
if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
goto bad_param;
@@ -3302,8 +3317,9 @@ int reply_nttrans(connection_struct *conn,
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
+ reply_doserror(req, ERRDOS, ERRnomem);
END_PROFILE(SMBnttrans);
- return ERROR_DOS(ERRDOS,ERRnomem);
+ return;
}
if ((smb_nt_SetupStart + state->setup_count < smb_nt_SetupStart) ||
@@ -3325,8 +3341,9 @@ int reply_nttrans(connection_struct *conn,
SAFE_FREE(state->param);
SAFE_FREE(state->data);
TALLOC_FREE(state);
+ reply_post_legacy(req, outsize);
END_PROFILE(SMBnttrans);
- return outsize;
+ return;
}
DLIST_ADD(conn->pending_trans, state);
@@ -3336,7 +3353,8 @@ int reply_nttrans(connection_struct *conn,
outsize = set_message(inbuf,outbuf,0,0,False);
show_msg(outbuf);
END_PROFILE(SMBnttrans);
- return outsize;
+ reply_post_legacy(req, outsize);
+ return;
bad_param:
@@ -3344,28 +3362,38 @@ int reply_nttrans(connection_struct *conn,
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttrans);
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return;
}
/****************************************************************************
Reply to a SMBnttranss
****************************************************************************/
-int reply_nttranss(connection_struct *conn, char *inbuf,char *outbuf,
- int size,int bufsize)
+void reply_nttranss(connection_struct *conn, struct smb_request *req)
{
int outsize = 0;
unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
struct trans_state *state;
+ char *inbuf, *outbuf;
+ int size, bufsize;
+
START_PROFILE(SMBnttranss);
+ if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBnttrans);
+ return;
+ }
+
show_msg(inbuf);
if (CVAL(inbuf, smb_wct) < 18) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttranss);
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return;
}
for (state = conn->pending_trans; state != NULL;
@@ -3376,8 +3404,9 @@ int reply_nttranss(connection_struct *conn, char *inbuf,char *outbuf,
}
if ((state == NULL) || (state->cmd != SMBnttrans)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttranss);
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return;
}
/* Revise state->total_param and state->total_data in case they have
@@ -3441,7 +3470,7 @@ int reply_nttranss(connection_struct *conn, char *inbuf,char *outbuf,
if ((state->received_param < state->total_param) ||
(state->received_data < state->total_data)) {
END_PROFILE(SMBnttranss);
- return -1;
+ return;
}
/* construct_reply_common has done us the favor to pre-fill the
@@ -3458,12 +3487,14 @@ int reply_nttranss(connection_struct *conn, char *inbuf,char *outbuf,
TALLOC_FREE(state);
if (outsize == 0) {
+ reply_doserror(req, ERRSRV, ERRnosupport);
END_PROFILE(SMBnttranss);
- return(ERROR_DOS(ERRSRV,ERRnosupport));
+ return;
}
+ reply_post_legacy(req, outsize);
END_PROFILE(SMBnttranss);
- return(outsize);
+ return;
bad_param:
@@ -3472,6 +3503,7 @@ int reply_nttranss(connection_struct *conn, char *inbuf,char *outbuf,
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttranss);
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return;
}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c59ee2c200..93c6be8c2f 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -850,8 +850,8 @@ static const struct smb_message_struct {
/* 0x9d */ { NULL, NULL, NULL, 0 },
/* 0x9e */ { NULL, NULL, NULL, 0 },
/* 0x9f */ { NULL, NULL, NULL, 0 },
-/* 0xa0 */ { "SMBnttrans", reply_nttrans,NULL, AS_USER | CAN_IPC },
-/* 0xa1 */ { "SMBnttranss", reply_nttranss,NULL, AS_USER | CAN_IPC },
+/* 0xa0 */ { "SMBnttrans", NULL,reply_nttrans, AS_USER | CAN_IPC },
+/* 0xa1 */ { "SMBnttranss", NULL,reply_nttranss, AS_USER | CAN_IPC },
/* 0xa2 */ { "SMBntcreateX", NULL,reply_ntcreate_and_X, AS_USER | CAN_IPC },
/* 0xa3 */ { NULL, NULL, NULL, 0 },
/* 0xa4 */ { "SMBntcancel", NULL,reply_ntcancel, 0 },