summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/ipc.c4
-rw-r--r--source3/smbd/message.c12
-rw-r--r--source3/smbd/nttrans.c3
-rw-r--r--source3/smbd/pipes.c3
-rw-r--r--source3/smbd/reply.c27
-rw-r--r--source3/smbd/sesssetup.c43
-rw-r--r--source3/smbd/trans2.c6
7 files changed, 65 insertions, 33 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 6b647fc72b..ce26b53e1b 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -543,8 +543,8 @@ int reply_trans(connection_struct *conn,
state->one_way = BITSETW(inbuf+smb_vwv5,1);
memset(state->name, '\0',sizeof(state->name));
- srvstr_pull_buf(inbuf, state->name, smb_buf(inbuf),
- sizeof(state->name), STR_TERMINATE);
+ srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), state->name,
+ smb_buf(inbuf), sizeof(state->name), STR_TERMINATE);
if ((dscnt > state->total_data) || (pscnt > state->total_param))
goto bad_param;
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index e6a5015276..f390e539b0 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -134,8 +134,10 @@ int reply_sends(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
outsize = set_message(inbuf,outbuf,0,0,True);
p = smb_buf(inbuf)+1;
- p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1;
- p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p,
+ sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p,
+ sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1;
msg = p;
@@ -176,8 +178,10 @@ int reply_sendstrt(connection_struct *conn, char *inbuf,char *outbuf, int dum_si
msgpos = 0;
p = smb_buf(inbuf)+1;
- p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1;
- p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p,
+ sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p,
+ sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1;
DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) );
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 7e17e3b938..782c90cba1 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -382,7 +382,8 @@ static int do_ntcreate_pipe_open(connection_struct *conn,
char *p = NULL;
uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
- srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE);
+ srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), fname, smb_buf(inbuf),
+ sizeof(fname), STR_TERMINATE);
if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) {
return ret;
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index aba2fe69c5..1da2f0c22f 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -65,7 +65,8 @@ int reply_open_pipe_and_X(connection_struct *conn,
int i;
/* XXXX we need to handle passed times, sattr and flags */
- srvstr_pull_buf(inbuf, pipe_name, smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE);
+ srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), pipe_name,
+ smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE);
/* If the name doesn't start \PIPE\ then this is directed */
/* at a mailslot or something we really, really don't understand, */
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 76265ed464..ac06f2fd6d 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -218,9 +218,11 @@ size_t srvstr_get_path_wcard(char *inbuf, char *dest, const char *src, size_t de
#endif
if (src_len == 0) {
- ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags);
+ ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src,
+ dest_len, flags);
} else {
- ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags);
+ ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src,
+ dest_len, src_len, flags);
}
*contains_wcard = False;
@@ -255,9 +257,11 @@ size_t srvstr_get_path(char *inbuf, char *dest, const char *src, size_t dest_len
#endif
if (src_len == 0) {
- ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags);
+ ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src,
+ dest_len, flags);
} else {
- ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags);
+ ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src,
+ dest_len, src_len, flags);
}
if (SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) {
@@ -391,10 +395,13 @@ int reply_tcon(connection_struct *conn,
*service_buf = *password = *dev = 0;
p = smb_buf(inbuf)+1;
- p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1;
- pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1;
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), service_buf, p,
+ sizeof(service_buf), STR_TERMINATE) + 1;
+ pwlen = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), password, p,
+ sizeof(password), STR_TERMINATE) + 1;
p += pwlen;
- p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1;
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dev, p, sizeof(dev),
+ STR_TERMINATE) + 1;
p = strrchr_m(service_buf,'\\');
if (p) {
@@ -478,7 +485,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
p = smb_buf(inbuf) + passlen + 1;
}
- p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE);
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), path, p,
+ sizeof(path), STR_TERMINATE);
/*
* the service name can be either: \\server\share
@@ -495,7 +503,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
else
fstrcpy(service,path);
- p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII);
+ p += srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), client_devicetype, p,
+ sizeof(client_devicetype), 6, STR_ASCII);
DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 22c598a654..3ed338bda7 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1057,9 +1057,12 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
#endif
p2 = inbuf + smb_vwv13 + data_blob_len;
- p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE);
- p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE);
- p2 += srvstr_pull_buf(inbuf, primary_domain, p2, sizeof(primary_domain), STR_TERMINATE);
+ p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os, p2,
+ sizeof(native_os), STR_TERMINATE);
+ p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_lanman, p2,
+ sizeof(native_lanman), STR_TERMINATE);
+ p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), primary_domain, p2,
+ sizeof(primary_domain), STR_TERMINATE);
DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n",
native_os, native_lanman, primary_domain));
@@ -1283,7 +1286,9 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
plaintext_password.data[passlen1] = 0;
}
- srvstr_pull_buf(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), STR_TERMINATE);
+ srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user,
+ smb_buf(inbuf)+passlen1, sizeof(user),
+ STR_TERMINATE);
*domain = 0;
} else {
@@ -1363,21 +1368,28 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
if (unic && (passlen2 == 0) && passlen1) {
/* Only a ascii plaintext password was sent. */
- srvstr_pull(inbuf, pass, smb_buf(inbuf), sizeof(pass),
- passlen1, STR_TERMINATE|STR_ASCII);
+ srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass,
+ smb_buf(inbuf), sizeof(pass),
+ passlen1, STR_TERMINATE|STR_ASCII);
} else {
- srvstr_pull(inbuf, pass, smb_buf(inbuf),
- sizeof(pass), unic ? passlen2 : passlen1,
- STR_TERMINATE);
+ srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass,
+ smb_buf(inbuf), sizeof(pass),
+ unic ? passlen2 : passlen1,
+ STR_TERMINATE);
}
plaintext_password = data_blob(pass, strlen(pass)+1);
}
p += passlen1 + passlen2;
- p += srvstr_pull_buf(inbuf, user, p, sizeof(user), STR_TERMINATE);
- p += srvstr_pull_buf(inbuf, domain, p, sizeof(domain), STR_TERMINATE);
- p += srvstr_pull_buf(inbuf, native_os, p, sizeof(native_os), STR_TERMINATE);
- p += srvstr_pull_buf(inbuf, native_lanman, p, sizeof(native_lanman), STR_TERMINATE);
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user, p,
+ sizeof(user), STR_TERMINATE);
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), domain, p,
+ sizeof(domain), STR_TERMINATE);
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os,
+ p, sizeof(native_os), STR_TERMINATE);
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2),
+ native_lanman, p, sizeof(native_lanman),
+ STR_TERMINATE);
/* not documented or decoded by Ethereal but there is one more string
in the extra bytes which is the same as the PrimaryDomain when using
@@ -1387,7 +1399,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
byte_count = SVAL(inbuf, smb_vwv13);
if ( PTR_DIFF(p, save_p) < byte_count)
- p += srvstr_pull_buf(inbuf, primary_domain, p, sizeof(primary_domain), STR_TERMINATE);
+ p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2),
+ primary_domain, p,
+ sizeof(primary_domain),
+ STR_TERMINATE);
else
fstrcpy( primary_domain, "null" );
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 8d4f505e09..2219ebd1c1 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -4530,7 +4530,8 @@ static NTSTATUS smb_set_file_unix_link(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
- srvstr_pull(inbuf, link_target, pdata, sizeof(link_target), total_data, STR_TERMINATE);
+ srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), link_target, pdata,
+ sizeof(link_target), total_data, STR_TERMINATE);
/* !widelinks forces the target path to be within the share. */
/* This means we can interpret the target as a pathname. */
@@ -6366,7 +6367,8 @@ static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, char*
if(!lp_host_msdfs())
return ERROR_DOS(ERRDOS,ERRbadfunc);
- srvstr_pull(inbuf, pathname, &params[2], sizeof(pathname), total_params - 2, STR_TERMINATE);
+ srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pathname, &params[2],
+ sizeof(pathname), total_params - 2, STR_TERMINATE);
if((reply_size = setup_dfs_referral(conn, pathname,max_referral_level,ppdata,&status)) < 0)
return ERROR_NT(status);