diff options
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/ipc.c | 12 | ||||
| -rw-r--r-- | source3/smbd/pipes.c | 47 | ||||
| -rw-r--r-- | source3/smbd/process.c | 2 | ||||
| -rw-r--r-- | source3/smbd/reply.c | 4 |
4 files changed, 62 insertions, 3 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ebb3c11da8..f2831ce888 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3159,6 +3159,7 @@ static struct api_cmd api_fd_commands[] = static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) { BOOL ntlmssp_auth = False; + uint16 assoc_gid; fstring ack_pipe_name; int i = 0; @@ -3214,10 +3215,19 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) /*** do the bind ack first ***/ /***/ + if (ntlmssp_auth) + { + assoc_gid = 0x7a77; + } + else + { + assoc_gid = p->hdr_rb.bba.assoc_gid; + } + make_rpc_hdr_ba(&p->hdr_ba, p->hdr_rb.bba.max_tsize, p->hdr_rb.bba.max_rsize, - p->hdr_rb.bba.assoc_gid, + assoc_gid, ack_pipe_name, 0x1, 0x0, 0x0, &(p->hdr_rb.transfer)); diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 15d395b29a..00eec4e0e3 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -106,6 +106,50 @@ int reply_open_pipe_and_X(connection_struct *conn, /**************************************************************************** + reply to a write and X + + This code is basically stolen from reply_write_and_X with some + wrinkles to handle pipes. +****************************************************************************/ +int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) +{ + pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + uint32 smb_offs = IVAL(inbuf,smb_vwv3); + size_t numtowrite = SVAL(inbuf,smb_vwv10); + BOOL write_through = BITSETW(inbuf+smb_vwv7, 0); + int nwritten = -1; + int smb_doff = SVAL(inbuf, smb_vwv11); + char *data; + + if (!p) return(ERROR(ERRDOS,ERRbadfid)); + + data = smb_buf(inbuf) + smb_doff; + + if (numtowrite == 0) + { + nwritten = 0; + } + else + { + nwritten = write_pipe(p, data, numtowrite); + } + + if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) + { + return (UNIXERROR(ERRDOS,ERRnoaccess)); + } + + set_message(outbuf,6,0,True); + + SSVAL(outbuf,smb_vwv2,nwritten); + + DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", + p->pnum, nwritten)); + + return chain_reply(inbuf,outbuf,length,bufsize); +} + +/**************************************************************************** reply to a read and X This code is basically stolen from reply_read_and_X with some @@ -134,11 +178,12 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize) SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf)); SSVAL(smb_buf(outbuf),-2,nread); - DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n", + DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n", p->pnum, smb_mincnt, smb_maxcnt, nread)); return chain_reply(inbuf,outbuf,length,bufsize); } + /**************************************************************************** reply to a close ****************************************************************************/ diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 656e2e99e1..6e1bdc941a 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -329,7 +329,7 @@ struct smb_message_struct {SMBopenX,"SMBopenX",reply_open_and_X,AS_USER | CAN_IPC | QUEUE_IN_OPLOCK }, {SMBreadX,"SMBreadX",reply_read_and_X,AS_USER | CAN_IPC }, - {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER}, + {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC }, {SMBlockingX,"SMBlockingX",reply_lockingX,AS_USER}, {SMBffirst,"SMBffirst",reply_search,AS_USER}, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 6dfff54a0f..7cbd0520d9 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2250,6 +2250,10 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng int smb_doff = SVAL(inbuf,smb_vwv11); char *data; + /* If it's an IPC, pass off the pipe handler. */ + if (IS_IPC(conn)) + return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize); + CHECK_FSP(fsp,conn); CHECK_WRITE(fsp); CHECK_ERROR(fsp); |