summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/process.c2
-rw-r--r--source3/smbd/reply.c54
2 files changed, 26 insertions, 30 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index e64a18a196..bf86603924 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -802,7 +802,7 @@ static const struct smb_message_struct {
/* 0x6d */ { NULL, NULL, NULL, 0 },
/* 0x6e */ { NULL, NULL, NULL, 0 },
/* 0x6f */ { NULL, NULL, NULL, 0 },
-/* 0x70 */ { "SMBtcon",reply_tcon,NULL,0},
+/* 0x70 */ { "SMBtcon",NULL,reply_tcon,0},
/* 0x71 */ { "SMBtdis",NULL,reply_tdis,DO_CHDIR},
/* 0x72 */ { "SMBnegprot",NULL,reply_negprot,0},
/* 0x73 */ { "SMBsesssetupX",NULL,reply_sesssetup_and_X,0},
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index c7040278a5..a95f2ec87e 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -429,16 +429,12 @@ void reply_special(char *inbuf)
conn POINTER CAN BE NULL HERE !
****************************************************************************/
-int reply_tcon(connection_struct *conn,
- char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
+void reply_tcon(connection_struct *conn, struct smb_request *req)
{
- TALLOC_CTX *ctx;
const char *service;
char *service_buf = NULL;
char *password = NULL;
char *dev = NULL;
- int outsize = 0;
- uint16 vuid = SVAL(inbuf,smb_uid);
int pwlen=0;
NTSTATUS nt_status;
char *p;
@@ -446,25 +442,26 @@ int reply_tcon(connection_struct *conn,
START_PROFILE(SMBtcon);
- ctx = talloc_init("reply_tcon");
- if (!ctx) {
- END_PROFILE(SMBtcon);
- return ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- p = smb_buf(inbuf)+1;
- p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
- &service_buf, p, STR_TERMINATE) + 1;
- pwlen = srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
- &password, p, STR_TERMINATE) + 1;
+ /********************************************************************
+ * Warning! I'm not sure that the inbuf length check is actually
+ * correct here. -- vl
+ *
+ * Jeremy, please check and remove this comment :-)
+ ********************************************************************/
+
+ p = smb_buf(req->inbuf)+1;
+ p += srvstr_pull_buf_talloc(req, req->inbuf, req->flags2,
+ &service_buf, p, STR_TERMINATE) + 1;
+ pwlen = srvstr_pull_buf_talloc(req, req->inbuf, req->flags2,
+ &password, p, STR_TERMINATE) + 1;
p += pwlen;
- p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
- &dev, p, STR_TERMINATE) + 1;
+ p += srvstr_pull_buf_talloc(req, req->inbuf, req->flags2,
+ &dev, p, STR_TERMINATE) + 1;
if (service_buf == NULL || password == NULL || dev == NULL) {
- TALLOC_FREE(ctx);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBtcon);
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ return;
}
p = strrchr_m(service_buf,'\\');
if (p) {
@@ -475,27 +472,26 @@ int reply_tcon(connection_struct *conn,
password_blob = data_blob(password, pwlen+1);
- conn = make_connection(service,password_blob,dev,vuid,&nt_status);
+ conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
data_blob_clear_free(&password_blob);
if (!conn) {
- TALLOC_FREE(ctx);
+ reply_nterror(req, nt_status);
END_PROFILE(SMBtcon);
- return ERROR_NT(nt_status);
+ return;
}
- outsize = set_message(inbuf,outbuf,2,0,True);
- SSVAL(outbuf,smb_vwv0,max_recv);
- SSVAL(outbuf,smb_vwv1,conn->cnum);
- SSVAL(outbuf,smb_tid,conn->cnum);
+ reply_outbuf(req, 2, 0);
+ SSVAL(req->outbuf,smb_vwv0,max_recv);
+ SSVAL(req->outbuf,smb_vwv1,conn->cnum);
+ SSVAL(req->outbuf,smb_tid,conn->cnum);
DEBUG(3,("tcon service=%s cnum=%d\n",
service, conn->cnum));
END_PROFILE(SMBtcon);
- TALLOC_FREE(ctx);
- return(outsize);
+ return;
}
/****************************************************************************