summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/ipc.c15
-rw-r--r--source3/smbd/pipes.c171
-rw-r--r--source3/smbd/reply.c5
3 files changed, 111 insertions, 80 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 0d57b1ecfe..b525f06046 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -2903,7 +2903,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf,
int i;
int fd;
int subcommand;
- pstring pipe_name;
+ char *pipe_name;
DEBUG(5,("api_fd_reply\n"));
/* First find out the name of this file. */
@@ -2916,14 +2916,11 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf,
/* Get the file handle and hence the file name. */
fd = setup[1];
subcommand = setup[0];
- if (fd >= 0 && fd < MAX_OPEN_FILES)
- {
- pstrcpy(pipe_name, Files[fd].name);
- }
- else
+ pipe_name = get_pipe_name(fd);
+
+ if (pipe_name == NULL)
{
- pipe_name[0] = 0;
- DEBUG(1,("api_fd_reply: INVALID FILE HANDLE: %x\n", fd));
+ DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", fd));
}
DEBUG(3,("Got API command %d on pipe %s (fd %x)",
@@ -2946,7 +2943,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf,
rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024);
#ifdef NTDOMAIN
- if (data != NULL && api_fd_commands[i].subcommand != -1)
+ if (data != NULL && api_fd_commands[i].subcommand == 0x26)
{
RPC_HDR hdr;
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 901d7e682a..990b25cb0a 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -37,18 +37,34 @@
/* look in server.c for some explanation of these variables */
extern int Protocol;
extern int DEBUGLEVEL;
-extern int chain_fnum;
extern char magic_char;
-extern connection_struct Connections[];
-extern files_struct Files[];
+static int chain_pnum = -1;
extern BOOL case_sensitive;
extern pstring sesssetup_user;
extern int Client;
extern fstring myworkgroup;
-/* this macro should always be used to extract an fnum (smb_fid) from
-a packet to ensure chaining works correctly */
-#define GETFNUM(buf,where) (chain_fnum!= -1?chain_fnum:SVAL(buf,where))
+#ifndef MAX_OPEN_PIPES
+#define MAX_OPEN_PIPES 50
+#endif
+
+static struct
+{
+ int cnum;
+ BOOL open;
+ fstring name;
+
+} Pipes[MAX_OPEN_PIPES];
+
+#define VALID_PNUM(pnum) (((pnum) >= 0) && ((pnum) < MAX_OPEN_PIPES))
+#define OPEN_PNUM(pnum) (VALID_PNUM(pnum) && Pipes[pnum].open)
+#define PNUM_OK(pnum,c) (OPEN_PNUM(pnum) && (c)==Pipes[pnum].cnum)
+
+#define CHECK_PNUM(pnum,c) if (!PNUM_OK(pnum,c)) \
+ return(ERROR(ERRDOS,ERRbadfid))
+/* this macro should always be used to extract an pnum (smb_fid) from
+ a packet to ensure chaining works correctly */
+#define GETPNUM(buf,where) (chain_pnum!= -1?chain_pnum:SVAL(buf,where))
char * known_pipes [] =
{
@@ -61,13 +77,50 @@ char * known_pipes [] =
};
/****************************************************************************
- reply to an open and X on a named pipe
+ find first available file slot
+****************************************************************************/
+static int find_free_pipe(void )
+{
+ int i;
+ /* we start at 1 here for an obscure reason I can't now remember,
+ but I think is important :-) */
+ for (i = 1; i < MAX_OPEN_PIPES; i++)
+ if (!Pipes[i].open)
+ return(i);
- In fact what we do is to open a regular file with the same name in
- /tmp. This can then be closed as normal. Reading and writing won't
- make much sense, but will do *something*. The real reason for this
- support is to be able to do transactions on them (well, on lsarpc
- for domain login purposes...).
+ DEBUG(1,("ERROR! Out of pipe structures - perhaps increase MAX_OPEN_PIPES?\n"));
+
+ return(-1);
+}
+
+/****************************************************************************
+ gets the name of a pipe
+****************************************************************************/
+char *get_pipe_name(int pnum)
+{
+ DEBUG(6,("get_pipe_name: "));
+
+ if (VALID_PNUM(pnum - 0x800))
+ {
+ DEBUG(6,("name: %s cnum: %d open: %s ",
+ Pipes[pnum - 0x800].name,
+ Pipes[pnum - 0x800].cnum,
+ BOOLSTR(Pipes[pnum - 0x800].open)));
+ }
+ if (OPEN_PNUM(pnum - 0x800))
+ {
+ DEBUG(6,("OK\n"));
+ return Pipes[pnum - 0x800].name;
+ }
+ else
+ {
+ DEBUG(6,("NOT\n"));
+ return NULL;
+ }
+}
+
+/****************************************************************************
+ reply to an open and X on a named pipe
This code is basically stolen from reply_open_and_X with some
wrinkles to handle pipes.
@@ -76,21 +129,10 @@ int reply_open_pipe_and_X(char *inbuf,char *outbuf,int length,int bufsize)
{
pstring fname;
int cnum = SVAL(inbuf,smb_tid);
- int fnum = -1;
- int smb_mode = SVAL(inbuf,smb_vwv3);
- int smb_attr = SVAL(inbuf,smb_vwv5);
-#if 0
- int open_flags = SVAL(inbuf,smb_vwv2);
- int smb_sattr = SVAL(inbuf,smb_vwv4);
- uint32 smb_time = make_unix_date3(inbuf+smb_vwv6);
-#endif
+ int pnum = -1;
int smb_ofun = SVAL(inbuf,smb_vwv8);
- int unixmode;
int size=0,fmode=0,mtime=0,rmode=0;
- struct stat sbuf;
- int smb_action = 0;
int i;
- BOOL bad_path = False;
/* XXXX we need to handle passed times, sattr and flags */
pstrcpy(fname,smb_buf(inbuf));
@@ -117,80 +159,67 @@ int reply_open_pipe_and_X(char *inbuf,char *outbuf,int length,int bufsize)
/* Known pipes arrive with DIR attribs. Remove it so a regular file */
/* can be opened and add it in after the open. */
DEBUG(3,("Known pipe %s opening.\n",fname));
- smb_attr &= ~aDIR;
- Connections[cnum].read_only = 0;
smb_ofun |= 0x10; /* Add Create it not exists flag */
- unix_convert(fname,cnum,0,&bad_path);
-
- fnum = find_free_file();
- if (fnum < 0)
- return(ERROR(ERRSRV,ERRnofids));
-
- if (!check_name(fname,cnum))
- return(UNIXERROR(ERRDOS,ERRnoaccess));
-
- unixmode = unix_mode(cnum,smb_attr);
-
- open_file_shared(fnum,cnum,fname,smb_mode,smb_ofun,unixmode,
- 0, &rmode,&smb_action);
-
- if (!Files[fnum].open)
- {
- /* Change the error code if bad_path was set. */
- if((errno == ENOENT) && bad_path)
- {
- unix_ERR_class = ERRDOS;
- unix_ERR_code = ERRbadpath;
- }
- return(UNIXERROR(ERRDOS,ERRnoaccess));
- }
-
- if (fstat(Files[fnum].fd_ptr->fd,&sbuf) != 0) {
- close_file(fnum,False);
- return(ERROR(ERRDOS,ERRnoaccess));
- }
+ pnum = find_free_pipe();
+ if (pnum < 0) return(ERROR(ERRSRV,ERRnofids));
- size = sbuf.st_size;
- fmode = dos_mode(cnum,fname,&sbuf);
- mtime = sbuf.st_mtime;
- if (fmode & aDIR) {
- close_file(fnum,False);
- return(ERROR(ERRDOS,ERRnoaccess));
- }
+ Pipes[pnum].open = True;
+ Pipes[pnum].cnum = cnum;
+ fstrcpy(Pipes[pnum].name, fname);
/* Prepare the reply */
set_message(outbuf,15,0,True);
- /* Put things back the way they were. */
- Connections[cnum].read_only = 1;
-
/* Mark the opened file as an existing named pipe in message mode. */
SSVAL(outbuf,smb_vwv9,2);
SSVAL(outbuf,smb_vwv10,0xc700);
+
if (rmode == 2)
{
DEBUG(4,("Resetting open result to open from create.\n"));
rmode = 1;
}
- SSVAL(outbuf,smb_vwv2,fnum);
+ SSVAL(outbuf,smb_vwv2, pnum + 0x800); /* mark file handle up into high range */
SSVAL(outbuf,smb_vwv3,fmode);
put_dos_date3(outbuf,smb_vwv4,mtime);
SIVAL(outbuf,smb_vwv6,size);
SSVAL(outbuf,smb_vwv8,rmode);
- SSVAL(outbuf,smb_vwv11,smb_action);
-
- chain_fnum = fnum;
+ SSVAL(outbuf,smb_vwv11,0);
- DEBUG(4,("Opened pipe %s with handle %d, saved name %s.\n",
- fname, fnum, Files[fnum].name));
+ DEBUG(4,("Opened pipe %s with handle %x name %s.\n",
+ fname, pnum + 0x800, Pipes[pnum].name));
+ chain_pnum = pnum;
+
return chain_reply(inbuf,outbuf,length,bufsize);
}
/****************************************************************************
+ reply to a close
+****************************************************************************/
+int reply_pipe_close(char *inbuf,char *outbuf)
+{
+ int pnum = GETPNUM(inbuf,smb_vwv0);
+ int cnum = SVAL(inbuf,smb_tid);
+ int outsize = set_message(outbuf,0,0,True);
+
+ /* mapping is 0x800 up... */
+
+ CHECK_PNUM(pnum-0x800,cnum);
+
+ DEBUG(3,("%s Closed pipe name %s pnum=%d cnum=%d\n",
+ timestring(),Pipes[pnum-0x800].name, pnum,cnum));
+
+ Pipes[pnum-0x800].open = False;
+
+ return(outsize);
+}
+
+
+/****************************************************************************
api_LsarpcSNPHS
SetNamedPipeHandleState on \PIPE\lsarpc. We can't really do much here,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 9484f3b85f..46425861d4 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2283,7 +2283,12 @@ int reply_close(char *inbuf,char *outbuf)
cnum = SVAL(inbuf,smb_tid);
+ /* If it's an IPC, pass off to the pipe handler. */
+ if (IS_IPC(cnum))
+ return reply_pipe_close(inbuf,outbuf);
+
fnum = GETFNUM(inbuf,smb_vwv0);
+
CHECK_FNUM(fnum,cnum);
if(HAS_CACHED_ERROR(fnum)) {