summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/aio.c24
-rw-r--r--source3/smbd/blocking.c2
-rw-r--r--source3/smbd/ipc.c66
-rw-r--r--source3/smbd/lanman.c2
-rw-r--r--source3/smbd/mangle.c2
-rw-r--r--source3/smbd/message.c26
-rw-r--r--source3/smbd/negprot.c12
-rw-r--r--source3/smbd/nttrans.c86
-rw-r--r--source3/smbd/pipes.c24
-rw-r--r--source3/smbd/process.c8
-rw-r--r--source3/smbd/reply.c419
-rw-r--r--source3/smbd/sesssetup.c59
-rw-r--r--source3/smbd/trans2.c58
13 files changed, 359 insertions, 429 deletions
diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index c3fd0a2bc0..4ed574cec7 100644
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -221,6 +221,7 @@ bool schedule_aio_read_and_X(connection_struct *conn,
SMB_STRUCT_AIOCB *a;
size_t bufsize;
size_t min_aio_read_size = lp_aio_read_size(SNUM(conn));
+ int ret;
if (fsp->base_fsp != NULL) {
/* No AIO on streams yet */
@@ -240,7 +241,7 @@ bool schedule_aio_read_and_X(connection_struct *conn,
/* Only do this on non-chained and non-chaining reads not using the
* write cache. */
- if (chain_size !=0 || (CVAL(req->inbuf,smb_vwv0) != 0xFF)
+ if (chain_size !=0 || (CVAL(req->vwv+0, 0) != 0xFF)
|| (lp_write_cache_size(SNUM(conn)) != 0) ) {
return False;
}
@@ -279,14 +280,15 @@ bool schedule_aio_read_and_X(connection_struct *conn,
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
become_root();
- if (SMB_VFS_AIO_READ(fsp,a) == -1) {
+ ret = SMB_VFS_AIO_READ(fsp, a);
+ unbecome_root();
+
+ if (ret == -1) {
DEBUG(0,("schedule_aio_read_and_X: aio_read failed. "
"Error %s\n", strerror(errno) ));
delete_aio_ex(aio_ex);
- unbecome_root();
return False;
}
- unbecome_root();
DEBUG(10,("schedule_aio_read_and_X: scheduled aio_read for file %s, "
"offset %.0f, len = %u (mid = %u)\n",
@@ -311,8 +313,9 @@ bool schedule_aio_write_and_X(connection_struct *conn,
struct aio_extra *aio_ex;
SMB_STRUCT_AIOCB *a;
size_t inbufsize, outbufsize;
- bool write_through = BITSETW(req->inbuf+smb_vwv7,0);
+ bool write_through = BITSETW(req->vwv+7,0);
size_t min_aio_write_size = lp_aio_write_size(SNUM(conn));
+ int ret;
if (fsp->base_fsp != NULL) {
/* No AIO on streams yet */
@@ -332,7 +335,7 @@ bool schedule_aio_write_and_X(connection_struct *conn,
/* Only do this on non-chained and non-chaining reads not using the
* write cache. */
- if (chain_size !=0 || (CVAL(req->inbuf,smb_vwv0) != 0xFF)
+ if (chain_size !=0 || (CVAL(req->vwv+0, 0) != 0xFF)
|| (lp_write_cache_size(SNUM(conn)) != 0) ) {
return False;
}
@@ -380,15 +383,16 @@ bool schedule_aio_write_and_X(connection_struct *conn,
a->aio_sigevent.sigev_value.sival_int = aio_ex->mid;
become_root();
- if (SMB_VFS_AIO_WRITE(fsp,a) == -1) {
+ ret = SMB_VFS_AIO_WRITE(fsp, a);
+ unbecome_root();
+
+ if (ret == -1) {
DEBUG(3,("schedule_aio_wrote_and_X: aio_write failed. "
"Error %s\n", strerror(errno) ));
delete_aio_ex(aio_ex);
- unbecome_root();
return False;
}
- unbecome_root();
-
+
release_level_2_oplocks_on_change(fsp);
if (!write_through && !lp_syncalways(SNUM(fsp->conn))
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 14ce237ab8..a232249c8b 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -190,7 +190,7 @@ bool push_blocking_lock_request( struct byte_range_lock *br_lck,
return False;
}
- blr->com_type = CVAL(req->inbuf,smb_com);
+ blr->com_type = req->cmd;
blr->fsp = fsp;
if (lock_timeout == -1) {
blr->expire_time.tv_sec = 0;
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index d11c8c7cd5..b9460e5211 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -81,7 +81,8 @@ static void copy_trans_params_and_data(char *outbuf, int align,
Send a trans reply.
****************************************************************************/
-void send_trans_reply(connection_struct *conn, const uint8_t *inbuf,
+void send_trans_reply(connection_struct *conn,
+ struct smb_request *req,
char *rparam, int rparam_len,
char *rdata, int rdata_len,
bool buffer_too_large)
@@ -103,7 +104,7 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf,
align = ((this_lparam)%4);
- if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf,
+ if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf,
10, 1+align+this_ldata+this_lparam)) {
smb_panic("could not allocate outbuf");
}
@@ -154,7 +155,7 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf,
align = (this_lparam%4);
- if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf,
+ if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf,
10, 1+align+this_ldata+this_lparam)) {
smb_panic("could not allocate outbuf");
}
@@ -218,7 +219,7 @@ static void api_rpc_trans_reply(connection_struct *conn,
return;
}
- send_trans_reply(conn, req->inbuf, NULL, 0, (char *)rdata, data_len,
+ send_trans_reply(conn, req, NULL, 0, (char *)rdata, data_len,
is_data_outstanding);
SAFE_FREE(rdata);
return;
@@ -239,7 +240,7 @@ static void api_WNPHS(connection_struct *conn, struct smb_request *req,
DEBUG(4,("WaitNamedPipeHandleState priority %x\n",
(int)SVAL(param,0)));
- send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
+ send_trans_reply(conn, req, NULL, 0, NULL, 0, False);
}
@@ -257,7 +258,7 @@ static void api_SNPHS(connection_struct *conn, struct smb_request *req,
DEBUG(4,("SetNamedPipeHandleState to code %x\n", (int)SVAL(param,0)));
- send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
+ send_trans_reply(conn, req, NULL, 0, NULL, 0, False);
}
@@ -276,7 +277,7 @@ static void api_no_reply(connection_struct *conn, struct smb_request *req)
DEBUG(3,("Unsupported API fd command\n"));
/* now send the reply */
- send_trans_reply(conn, req->inbuf, rparam, 4, NULL, 0, False);
+ send_trans_reply(conn, req, rparam, 4, NULL, 0, False);
return;
}
@@ -320,8 +321,7 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid,
/* Win9x does this call with a unicode pipe name, not a pnum. */
/* Just return success for now... */
DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n"));
- send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0,
- False);
+ send_trans_reply(conn, req, NULL, 0, NULL, 0, False);
return;
}
@@ -506,10 +506,10 @@ void reply_trans(struct smb_request *req)
size = smb_len(req->inbuf) + 4;
av_size = smb_len(req->inbuf);
- dsoff = SVAL(req->inbuf, smb_dsoff);
- dscnt = SVAL(req->inbuf, smb_dscnt);
- psoff = SVAL(req->inbuf, smb_psoff);
- pscnt = SVAL(req->inbuf, smb_pscnt);
+ dsoff = SVAL(req->vwv+12, 0);
+ dscnt = SVAL(req->vwv+11, 0);
+ psoff = SVAL(req->vwv+10, 0);
+ pscnt = SVAL(req->vwv+9, 0);
result = allow_new_trans(conn->pending_trans, req->mid);
if (!NT_STATUS_IS_OK(result)) {
@@ -531,20 +531,20 @@ void reply_trans(struct smb_request *req)
state->mid = req->mid;
state->vuid = req->vuid;
- state->setup_count = CVAL(req->inbuf, smb_suwcnt);
+ state->setup_count = CVAL(req->vwv+13, 0);
state->setup = NULL;
- state->total_param = SVAL(req->inbuf, smb_tpscnt);
+ state->total_param = SVAL(req->vwv+0, 0);
state->param = NULL;
- state->total_data = SVAL(req->inbuf, smb_tdscnt);
+ state->total_data = SVAL(req->vwv+1, 0);
state->data = NULL;
- state->max_param_return = SVAL(req->inbuf, smb_mprcnt);
- state->max_data_return = SVAL(req->inbuf, smb_mdrcnt);
- state->max_setup_return = CVAL(req->inbuf, smb_msrcnt);
- state->close_on_completion = BITSETW(req->inbuf+smb_vwv5,0);
- state->one_way = BITSETW(req->inbuf+smb_vwv5,1);
+ state->max_param_return = SVAL(req->vwv+2, 0);
+ state->max_data_return = SVAL(req->vwv+3, 0);
+ state->max_setup_return = CVAL(req->vwv+4, 0);
+ state->close_on_completion = BITSETW(req->vwv+5, 0);
+ state->one_way = BITSETW(req->vwv+5, 1);
- srvstr_pull_buf_talloc(state, req->inbuf, req->flags2, &state->name,
- req->buf, STR_TERMINATE);
+ srvstr_pull_req_talloc(state, req, &state->name, req->buf,
+ STR_TERMINATE);
if ((dscnt > state->total_data) || (pscnt > state->total_param) ||
!state->name)
@@ -710,20 +710,20 @@ void reply_transs(struct smb_request *req)
/* Revise total_params and total_data in case they have changed
* downwards */
- if (SVAL(req->inbuf, smb_vwv0) < state->total_param)
- state->total_param = SVAL(req->inbuf,smb_vwv0);
- if (SVAL(req->inbuf, smb_vwv1) < state->total_data)
- state->total_data = SVAL(req->inbuf,smb_vwv1);
+ if (SVAL(req->vwv+0, 0) < state->total_param)
+ state->total_param = SVAL(req->vwv+0, 0);
+ if (SVAL(req->vwv+1, 0) < state->total_data)
+ state->total_data = SVAL(req->vwv+1, 0);
av_size = smb_len(req->inbuf);
- pcnt = SVAL(req->inbuf, smb_spscnt);
- poff = SVAL(req->inbuf, smb_spsoff);
- pdisp = SVAL(req->inbuf, smb_spsdisp);
+ pcnt = SVAL(req->vwv+2, 0);
+ poff = SVAL(req->vwv+3, 0);
+ pdisp = SVAL(req->vwv+4, 0);
- dcnt = SVAL(req->inbuf, smb_sdscnt);
- doff = SVAL(req->inbuf, smb_sdsoff);
- ddisp = SVAL(req->inbuf, smb_sdsdisp);
+ dcnt = SVAL(req->vwv+5, 0);
+ doff = SVAL(req->vwv+6, 0);
+ ddisp = SVAL(req->vwv+7, 0);
state->received_param += pcnt;
state->received_data += dcnt;
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 0c866da706..6ed3ce2c87 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -4632,7 +4632,7 @@ void api_reply(connection_struct *conn, uint16 vuid,
/* If api_Unsupported returns false we can't return anything. */
if (reply) {
- send_trans_reply(conn, req->inbuf, rparam, rparam_len,
+ send_trans_reply(conn, req, rparam, rparam_len,
rdata, rdata_len, False);
}
diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c
index 360692c546..4d4d0dc5af 100644
--- a/source3/smbd/mangle.c
+++ b/source3/smbd/mangle.c
@@ -140,7 +140,7 @@ bool name_to_8_3(const char *in,
/* name mangling can be disabled for speed, in which case
we just truncate the string */
if (!lp_manglednames(p)) {
- safe_strcpy(out,in,12);
+ strlcpy(out, in, 13);
return True;
}
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index 6977b586df..65eaeca777 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -154,17 +154,15 @@ void reply_sends(struct smb_request *req)
state = talloc(talloc_tos(), struct msg_state);
p = (const char *)req->buf + 1;
- p += srvstr_pull_buf_talloc(
- state, (char *)req->inbuf, req->flags2, &state->from, p,
- STR_ASCII|STR_TERMINATE) + 1;
- p += srvstr_pull_buf_talloc(
- state, (char *)req->inbuf, req->flags2, &state->to, p,
- STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_req_talloc(
+ state, req, &state->from, p, STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_req_talloc(
+ state, req, &state->to, p, STR_ASCII|STR_TERMINATE) + 1;
msg = p;
len = SVAL(msg,0);
- len = MIN(len, smb_bufrem(req->inbuf, msg+2));
+ len = MIN(len, smbreq_bufrem(req, msg+2));
state->msg = talloc_array(state, char, len);
@@ -212,12 +210,12 @@ void reply_sendstrt(struct smb_request *req)
}
p = (const char *)req->buf+1;
- p += srvstr_pull_buf_talloc(
- smbd_msg_state, (char *)req->inbuf, req->flags2,
- &smbd_msg_state->from, p, STR_ASCII|STR_TERMINATE) + 1;
- p += srvstr_pull_buf_talloc(
- smbd_msg_state, (char *)req->inbuf, req->flags2,
- &smbd_msg_state->to, p, STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_req_talloc(
+ smbd_msg_state, req, &smbd_msg_state->from, p,
+ STR_ASCII|STR_TERMINATE) + 1;
+ p += srvstr_pull_req_talloc(
+ smbd_msg_state, req, &smbd_msg_state->to, p,
+ STR_ASCII|STR_TERMINATE) + 1;
DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", smbd_msg_state->from,
smbd_msg_state->to ) );
@@ -258,7 +256,7 @@ void reply_sendtxt(struct smb_request *req)
old_len = talloc_get_size(smbd_msg_state->msg);
- len = MIN(SVAL(msg, 0), smb_bufrem(req->inbuf, msg+2));
+ len = MIN(SVAL(msg, 0), smbreq_bufrem(req, msg+2));
tmp = TALLOC_REALLOC_ARRAY(smbd_msg_state, smbd_msg_state->msg,
char, old_len + len);
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 1fe0193e00..43fdc1d608 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -507,7 +507,6 @@ static const struct {
void reply_negprot(struct smb_request *req)
{
- size_t size = smb_len(req->inbuf) + 4;
int choice= -1;
int protocol;
const char *p;
@@ -527,7 +526,14 @@ void reply_negprot(struct smb_request *req)
}
done_negprot = True;
- if (req->inbuf[size-1] != '\0') {
+ if (req->buflen == 0) {
+ DEBUG(0, ("negprot got no protocols\n"));
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBnegprot);
+ return;
+ }
+
+ if (req->buf[req->buflen-1] != '\0') {
DEBUG(0, ("negprot protocols not 0-terminated\n"));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnegprot);
@@ -539,7 +545,7 @@ void reply_negprot(struct smb_request *req)
num_cliprotos = 0;
cliprotos = NULL;
- while (smb_bufrem(req->inbuf, p) > 0) {
+ while (smbreq_bufrem(req, p) > 0) {
char **tmp;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index dace8f6d8c..f711b588c5 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -304,11 +304,10 @@ static void do_ntcreate_pipe_open(connection_struct *conn,
char *fname = NULL;
int pnum = -1;
char *p = NULL;
- uint32 flags = IVAL(req->inbuf,smb_ntcreate_Flags);
+ uint32 flags = IVAL(req->vwv+3, 1);
TALLOC_CTX *ctx = talloc_tos();
- srvstr_pull_buf_talloc(ctx, (char *)req->inbuf, req->flags2, &fname,
- req->buf, STR_TERMINATE);
+ srvstr_pull_req_talloc(ctx, req, &fname, req->buf, STR_TERMINATE);
if (!fname) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
@@ -408,24 +407,21 @@ void reply_ntcreate_and_X(struct smb_request *req)
return;
}
- flags = IVAL(req->inbuf,smb_ntcreate_Flags);
- access_mask = IVAL(req->inbuf,smb_ntcreate_DesiredAccess);
- file_attributes = IVAL(req->inbuf,smb_ntcreate_FileAttributes);
- share_access = IVAL(req->inbuf,smb_ntcreate_ShareAccess);
- create_disposition = IVAL(req->inbuf,smb_ntcreate_CreateDisposition);
- create_options = IVAL(req->inbuf,smb_ntcreate_CreateOptions);
- root_dir_fid = (uint16)IVAL(req->inbuf,smb_ntcreate_RootDirectoryFid);
+ flags = IVAL(req->vwv+3, 1);
+ access_mask = IVAL(req->vwv+7, 1);
+ file_attributes = IVAL(req->vwv+13, 1);
+ share_access = IVAL(req->vwv+15, 1);
+ create_disposition = IVAL(req->vwv+17, 1);
+ create_options = IVAL(req->vwv+19, 1);
+ root_dir_fid = (uint16)IVAL(req->vwv+5, 1);
- allocation_size = (uint64_t)IVAL(req->inbuf,
- smb_ntcreate_AllocationSize);
+ allocation_size = (uint64_t)IVAL(req->vwv+9, 1);
#ifdef LARGE_SMB_OFF_T
- allocation_size |= (((uint64_t)IVAL(
- req->inbuf,
- smb_ntcreate_AllocationSize + 4)) << 32);
+ allocation_size |= (((uint64_t)IVAL(req->vwv+11, 1)) << 32);
#endif
- srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
- (const char *)req->buf, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
+ STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
@@ -1244,13 +1240,12 @@ void reply_ntrename(struct smb_request *req)
return;
}
- attrs = SVAL(req->inbuf,smb_vwv0);
- rename_type = SVAL(req->inbuf,smb_vwv1);
+ attrs = SVAL(req->vwv+0, 0);
+ rename_type = SVAL(req->vwv+1, 0);
p = (const char *)req->buf + 1;
- p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &oldname, p,
- 0, STR_TERMINATE, &status,
- &src_has_wcard);
+ p += srvstr_get_path_req_wcard(ctx, req, &oldname, p, STR_TERMINATE,
+ &status, &src_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBntrename);
@@ -1271,9 +1266,8 @@ void reply_ntrename(struct smb_request *req)
}
p++;
- p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
- 0, STR_TERMINATE, &status,
- &dest_has_wcard);
+ p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
+ &status, &dest_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBntrename);
@@ -2538,11 +2532,11 @@ void reply_nttrans(struct smb_request *req)
size = smb_len(req->inbuf) + 4;
av_size = smb_len(req->inbuf);
- pscnt = IVAL(req->inbuf,smb_nt_ParameterCount);
- psoff = IVAL(req->inbuf,smb_nt_ParameterOffset);
- dscnt = IVAL(req->inbuf,smb_nt_DataCount);
- dsoff = IVAL(req->inbuf,smb_nt_DataOffset);
- function_code = SVAL(req->inbuf, smb_nt_Function);
+ pscnt = IVAL(req->vwv+9, 1);
+ psoff = IVAL(req->vwv+11, 1);
+ dscnt = IVAL(req->vwv+13, 1);
+ dsoff = IVAL(req->vwv+15, 1);
+ function_code = SVAL(req->vwv+18, 0);
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
reply_doserror(req, ERRSRV, ERRaccess);
@@ -2568,15 +2562,15 @@ void reply_nttrans(struct smb_request *req)
state->mid = req->mid;
state->vuid = req->vuid;
- state->total_data = IVAL(req->inbuf, smb_nt_TotalDataCount);
+ state->total_data = IVAL(req->vwv+3, 1);
state->data = NULL;
- state->total_param = IVAL(req->inbuf, smb_nt_TotalParameterCount);
+ state->total_param = IVAL(req->vwv+1, 1);
state->param = NULL;
- state->max_data_return = IVAL(req->inbuf,smb_nt_MaxDataCount);
- state->max_param_return = IVAL(req->inbuf,smb_nt_MaxParameterCount);
+ state->max_data_return = IVAL(req->vwv+7, 1);
+ state->max_param_return = IVAL(req->vwv+5, 1);
/* setup count is in *words* */
- state->setup_count = 2*CVAL(req->inbuf,smb_nt_SetupCount);
+ state->setup_count = 2*CVAL(req->vwv+17, 1);
state->setup = NULL;
state->call = function_code;
@@ -2763,25 +2757,23 @@ void reply_nttranss(struct smb_request *req)
/* Revise state->total_param and state->total_data in case they have
changed downwards */
- if (IVAL(req->inbuf, smb_nts_TotalParameterCount)
- < state->total_param) {
- state->total_param = IVAL(req->inbuf,
- smb_nts_TotalParameterCount);
+ if (IVAL(req->vwv+1, 1) < state->total_param) {
+ state->total_param = IVAL(req->vwv+1, 1);
}
- if (IVAL(req->inbuf, smb_nts_TotalDataCount) < state->total_data) {
- state->total_data = IVAL(req->inbuf, smb_nts_TotalDataCount);
+ if (IVAL(req->vwv+3, 1) < state->total_data) {
+ state->total_data = IVAL(req->vwv+3, 1);
}
size = smb_len(req->inbuf) + 4;
av_size = smb_len(req->inbuf);
- pcnt = IVAL(req->inbuf,smb_nts_ParameterCount);
- poff = IVAL(req->inbuf, smb_nts_ParameterOffset);
- pdisp = IVAL(req->inbuf, smb_nts_ParameterDisplacement);
+ pcnt = IVAL(req->vwv+5, 1);
+ poff = IVAL(req->vwv+7, 1);
+ pdisp = IVAL(req->vwv+9, 1);
- dcnt = IVAL(req->inbuf, smb_nts_DataCount);
- ddisp = IVAL(req->inbuf, smb_nts_DataDisplacement);
- doff = IVAL(req->inbuf, smb_nts_DataOffset);
+ dcnt = IVAL(req->vwv+11, 1);
+ doff = IVAL(req->vwv+13, 1);
+ ddisp = IVAL(req->vwv+15, 1);
state->received_param += pcnt;
state->received_data += dcnt;
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 2ce60c762e..b52b1b02d0 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -48,8 +48,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
NTSTATUS status;
/* XXXX we need to handle passed times, sattr and flags */
- srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &pipe_name,
- req->buf, STR_TERMINATE);
+ srvstr_pull_req_talloc(ctx, req, &pipe_name, req->buf, STR_TERMINATE);
if (!pipe_name) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
ERRDOS, ERRbadpipe);
@@ -119,8 +118,8 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
void reply_pipe_write(struct smb_request *req)
{
- files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
- size_t numtowrite = SVAL(req->inbuf,smb_vwv1);
+ files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0));
+ size_t numtowrite = SVAL(req->vwv+1, 0);
ssize_t nwritten;
const uint8_t *data;
@@ -171,13 +170,12 @@ void reply_pipe_write(struct smb_request *req)
void reply_pipe_write_and_X(struct smb_request *req)
{
- files_struct *fsp = file_fsp(req, SVAL(req->inbuf, smb_vwv2));
- size_t numtowrite = SVAL(req->inbuf,smb_vwv10);
+ files_struct *fsp = file_fsp(req, SVAL(req->vwv+2, 0));
+ size_t numtowrite = SVAL(req->vwv+10, 0);
ssize_t nwritten;
- int smb_doff = SVAL(req->inbuf, smb_vwv11);
+ int smb_doff = SVAL(req->vwv+11, 0);
bool pipe_start_message_raw =
- ((SVAL(req->inbuf, smb_vwv7)
- & (PIPE_START_MESSAGE|PIPE_RAW_MODE))
+ ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE))
== (PIPE_START_MESSAGE|PIPE_RAW_MODE));
uint8_t *data;
@@ -247,9 +245,9 @@ void reply_pipe_write_and_X(struct smb_request *req)
void reply_pipe_read_and_X(struct smb_request *req)
{
- files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
- int smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
- int smb_mincnt = SVAL(req->inbuf,smb_vwv6);
+ files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0));
+ int smb_maxcnt = SVAL(req->vwv+5, 0);
+ int smb_mincnt = SVAL(req->vwv+6, 0);
ssize_t nread;
uint8_t *data;
bool unused;
@@ -259,7 +257,7 @@ void reply_pipe_read_and_X(struct smb_request *req)
is deliberate, instead we always return the next lump of
data on the pipe */
#if 0
- uint32 smb_offs = IVAL(req->inbuf,smb_vwv3);
+ uint32 smb_offs = IVAL(req->vwv+3, 0);
#endif
if (!fsp_is_np(fsp)) {
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index bd665f3868..215ae20077 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -369,12 +369,14 @@ void init_smb_request(struct smb_request *req,
(unsigned int)req_size ));
exit_server_cleanly("Invalid SMB request");
}
+ req->cmd = CVAL(inbuf, smb_com);
req->flags2 = SVAL(inbuf, smb_flg2);
req->smbpid = SVAL(inbuf, smb_pid);
req->mid = SVAL(inbuf, smb_mid);
req->vuid = SVAL(inbuf, smb_uid);
req->tid = SVAL(inbuf, smb_tid);
req->wct = CVAL(inbuf, smb_wct);
+ req->vwv = (uint16_t *)(inbuf+smb_vwv);
req->buflen = smb_buflen(inbuf);
req->buf = (const uint8_t *)smb_buf(inbuf);
req->unread_bytes = unread_bytes;
@@ -1450,8 +1452,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
/* encrypted required from now on. */
conn->encrypt_level = Required;
} else if (ENCRYPTION_REQUIRED(conn)) {
- uint8 com = CVAL(req->inbuf,smb_com);
- if (com != SMBtrans2 && com != SMBtranss2) {
+ if (req->cmd != SMBtrans2 && req->cmd != SMBtranss2) {
exit_server_cleanly("encryption required "
"on connection");
return conn;
@@ -1486,7 +1487,6 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
{
- uint8 type = CVAL(inbuf,smb_com);
connection_struct *conn;
struct smb_request *req;
@@ -1497,7 +1497,7 @@ static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool enc
}
init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
- conn = switch_message(type, req, size);
+ conn = switch_message(req->cmd, req, size);
if (req->unread_bytes) {
/* writeX failed. drain socket. */
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index a9c489cef4..7b5ed8feb4 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -208,7 +208,7 @@ NTSTATUS check_path_syntax_posix(char *path)
****************************************************************************/
size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
- const char *inbuf,
+ const char *base_ptr,
uint16 smb_flags2,
char **pp_dest,
const char *src,
@@ -221,22 +221,8 @@ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
*pp_dest = NULL;
- if (src_len == 0) {
- ret = srvstr_pull_buf_talloc(ctx,
- inbuf,
- smb_flags2,
- pp_dest,
- src,
- flags);
- } else {
- ret = srvstr_pull_talloc(ctx,
- inbuf,
- smb_flags2,
- pp_dest,
- src,
- src_len,
- flags);
- }
+ ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
+ src_len, flags);
if (!*pp_dest) {
*err = NT_STATUS_INVALID_PARAMETER;
@@ -268,7 +254,7 @@ size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
****************************************************************************/
size_t srvstr_get_path(TALLOC_CTX *ctx,
- const char *inbuf,
+ const char *base_ptr,
uint16 smb_flags2,
char **pp_dest,
const char *src,
@@ -276,48 +262,27 @@ size_t srvstr_get_path(TALLOC_CTX *ctx,
int flags,
NTSTATUS *err)
{
- size_t ret;
-
- *pp_dest = NULL;
-
- if (src_len == 0) {
- ret = srvstr_pull_buf_talloc(ctx,
- inbuf,
- smb_flags2,
- pp_dest,
- src,
- flags);
- } else {
- ret = srvstr_pull_talloc(ctx,
- inbuf,
- smb_flags2,
- pp_dest,
- src,
- src_len,
- flags);
- }
-
- if (!*pp_dest) {
- *err = NT_STATUS_INVALID_PARAMETER;
- return ret;
- }
-
- if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
- /*
- * For a DFS path the function parse_dfs_path()
- * will do the path processing, just make a copy.
- */
- *err = NT_STATUS_OK;
- return ret;
- }
+ bool ignore;
+ return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
+ src_len, flags, err, &ignore);
+}
- if (lp_posix_pathnames()) {
- *err = check_path_syntax_posix(*pp_dest);
- } else {
- *err = check_path_syntax(*pp_dest);
- }
+size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
+ char **pp_dest, const char *src, int flags,
+ NTSTATUS *err, bool *contains_wcard)
+{
+ return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
+ pp_dest, src, smbreq_bufrem(req, src),
+ flags, err, contains_wcard);
+}
- return ret;
+size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
+ char **pp_dest, const char *src, int flags,
+ NTSTATUS *err)
+{
+ bool ignore;
+ return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
+ flags, err, &ignore);
}
/****************************************************************************
@@ -530,13 +495,12 @@ void reply_tcon(struct smb_request *req)
}
p = (const char *)req->buf + 1;
- p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
- &service_buf, p, STR_TERMINATE) + 1;
- pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
- &password, p, STR_TERMINATE) + 1;
- p += pwlen;
- p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
- &dev, p, STR_TERMINATE) + 1;
+ p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
+ p += 1;
+ pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
+ p += pwlen+1;
+ p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
+ p += 1;
if (service_buf == NULL || password == NULL || dev == NULL) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -604,8 +568,8 @@ void reply_tcon_and_X(struct smb_request *req)
return;
}
- passlen = SVAL(req->inbuf,smb_vwv3);
- tcon_flags = SVAL(req->inbuf,smb_vwv2);
+ passlen = SVAL(req->vwv+3, 0);
+ tcon_flags = SVAL(req->vwv+2, 0);
/* we might have to close an old one */
if ((tcon_flags & 0x1) && conn) {
@@ -638,8 +602,7 @@ void reply_tcon_and_X(struct smb_request *req)
p = (const char *)req->buf + passlen + 1;
}
- p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
- STR_TERMINATE);
+ p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
if (path == NULL) {
data_blob_clear_free(&password);
@@ -667,7 +630,7 @@ void reply_tcon_and_X(struct smb_request *req)
p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
&client_devicetype, p,
- MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
+ MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
if (client_devicetype == NULL) {
data_blob_clear_free(&password);
@@ -801,8 +764,8 @@ void reply_ioctl(struct smb_request *req)
return;
}
- device = SVAL(req->inbuf,smb_vwv1);
- function = SVAL(req->inbuf,smb_vwv2);
+ device = SVAL(req->vwv+1, 0);
+ function = SVAL(req->vwv+2, 0);
ioctl_code = (device << 16) + function;
DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
@@ -829,7 +792,7 @@ void reply_ioctl(struct smb_request *req)
case IOCTL_QUERY_JOB_INFO:
{
files_struct *fsp = file_fsp(
- req, SVAL(req->inbuf, smb_vwv0));
+ req, SVAL(req->vwv+0, 0));
if (!fsp) {
reply_doserror(req, ERRDOS, ERRbadfid);
END_PROFILE(SMBioctl);
@@ -858,10 +821,10 @@ void reply_ioctl(struct smb_request *req)
Strange checkpath NTSTATUS mapping.
****************************************************************************/
-static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
+static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
{
/* Strange DOS error code semantics only for checkpath... */
- if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
+ if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
/* We need to map to ERRbadpath */
return NT_STATUS_OBJECT_PATH_NOT_FOUND;
@@ -884,10 +847,11 @@ void reply_checkpath(struct smb_request *req)
START_PROFILE(SMBcheckpath);
- srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
- (const char *)req->buf + 1, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
+ STR_TERMINATE, &status);
+
if (!NT_STATUS_IS_OK(status)) {
- status = map_checkpath_error((char *)req->inbuf, status);
+ status = map_checkpath_error(req->flags2, status);
reply_nterror(req, status);
END_PROFILE(SMBcheckpath);
return;
@@ -907,7 +871,7 @@ void reply_checkpath(struct smb_request *req)
goto path_err;
}
- DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
+ DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
if (!NT_STATUS_IS_OK(status)) {
@@ -947,7 +911,7 @@ void reply_checkpath(struct smb_request *req)
one at a time - if a component fails it expects
ERRbadpath, not ERRbadfile.
*/
- status = map_checkpath_error((char *)req->inbuf, status);
+ status = map_checkpath_error(req->flags2, status);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
/*
* Windows returns different error codes if
@@ -983,8 +947,7 @@ void reply_getatr(struct smb_request *req)
START_PROFILE(SMBgetatr);
p = (const char *)req->buf + 1;
- p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
- 0, STR_TERMINATE, &status);
+ p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBgetatr);
@@ -1092,8 +1055,7 @@ void reply_setatr(struct smb_request *req)
}
p = (const char *)req->buf + 1;
- p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
- 0, STR_TERMINATE, &status);
+ p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBsetatr);
@@ -1140,8 +1102,8 @@ void reply_setatr(struct smb_request *req)
return;
}
- mode = SVAL(req->inbuf,smb_vwv0);
- mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
+ mode = SVAL(req->vwv+0, 0);
+ mtime = srv_make_unix_date3(req->vwv+1);
ts[1] = convert_time_t_to_timespec(mtime);
status = smb_set_file_time(conn, NULL, fname,
@@ -1265,29 +1227,22 @@ void reply_search(struct smb_request *req)
}
if (lp_posix_pathnames()) {
- reply_unknown_new(req, CVAL(req->inbuf, smb_com));
+ reply_unknown_new(req, req->cmd);
END_PROFILE(SMBsearch);
return;
}
/* If we were called as SMBffirst then we must expect close. */
- if(CVAL(req->inbuf,smb_com) == SMBffirst) {
+ if(req->cmd == SMBffirst) {
expect_close = True;
}
reply_outbuf(req, 1, 3);
- maxentries = SVAL(req->inbuf,smb_vwv0);
- dirtype = SVAL(req->inbuf,smb_vwv1);
+ maxentries = SVAL(req->vwv+0, 0);
+ dirtype = SVAL(req->vwv+1, 0);
p = (const char *)req->buf + 1;
- p += srvstr_get_path_wcard(ctx,
- (char *)req->inbuf,
- req->flags2,
- &path,
- p,
- 0,
- STR_TERMINATE,
- &nt_status,
- &mask_contains_wcard);
+ p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
+ &nt_status, &mask_contains_wcard);
if (!NT_STATUS_IS_OK(nt_status)) {
reply_nterror(req, nt_status);
END_PROFILE(SMBsearch);
@@ -1488,7 +1443,7 @@ void reply_search(struct smb_request *req)
}
/* If we were called as SMBfunique, then we can close the dirptr now ! */
- if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
+ if(dptr_num >= 0 && req->cmd == SMBfunique) {
dptr_close(&dptr_num);
}
@@ -1521,7 +1476,7 @@ void reply_search(struct smb_request *req)
}
DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
- smb_fn_name(CVAL(req->inbuf,smb_com)),
+ smb_fn_name(req->cmd),
mask,
directory ? directory : "./",
dirtype,
@@ -1550,21 +1505,14 @@ void reply_fclose(struct smb_request *req)
START_PROFILE(SMBfclose);
if (lp_posix_pathnames()) {
- reply_unknown_new(req, CVAL(req->inbuf, smb_com));
+ reply_unknown_new(req, req->cmd);
END_PROFILE(SMBfclose);
return;
}
p = (const char *)req->buf + 1;
- p += srvstr_get_path_wcard(ctx,
- (char *)req->inbuf,
- req->flags2,
- &path,
- p,
- 0,
- STR_TERMINATE,
- &err,
- &path_contains_wcard);
+ p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
+ &err, &path_contains_wcard);
if (!NT_STATUS_IS_OK(err)) {
reply_nterror(req, err);
END_PROFILE(SMBfclose);
@@ -1629,11 +1577,11 @@ void reply_open(struct smb_request *req)
}
oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
- deny_mode = SVAL(req->inbuf,smb_vwv0);
- dos_attr = SVAL(req->inbuf,smb_vwv1);
+ deny_mode = SVAL(req->vwv+0, 0);
+ dos_attr = SVAL(req->vwv+1, 0);
- srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
- (const char *)req->buf+1, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
+ STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBopen);
@@ -1729,8 +1677,8 @@ void reply_open_and_X(struct smb_request *req)
int core_oplock_request;
int oplock_request;
#if 0
- int smb_sattr = SVAL(req->inbuf,smb_vwv4);
- uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
+ int smb_sattr = SVAL(req->vwv+4, 0);
+ uint32 smb_time = make_unix_date3(req->vwv+6);
#endif
int smb_ofun;
uint32 fattr=0;
@@ -1755,14 +1703,14 @@ void reply_open_and_X(struct smb_request *req)
return;
}
- open_flags = SVAL(req->inbuf,smb_vwv2);
- deny_mode = SVAL(req->inbuf,smb_vwv3);
- smb_attr = SVAL(req->inbuf,smb_vwv5);
+ open_flags = SVAL(req->vwv+2, 0);
+ deny_mode = SVAL(req->vwv+3, 0);
+ smb_attr = SVAL(req->vwv+5, 0);
ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
oplock_request = ex_oplock_request | core_oplock_request;
- smb_ofun = SVAL(req->inbuf,smb_vwv8);
- allocation_size = (uint64_t)IVAL(req->inbuf,smb_vwv9);
+ smb_ofun = SVAL(req->vwv+8, 0);
+ allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
/* If it's an IPC, pass off the pipe handler. */
if (IS_IPC(conn)) {
@@ -1776,8 +1724,8 @@ void reply_open_and_X(struct smb_request *req)
}
/* XXXX we need to handle passed times, sattr and flags */
- srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
- (const char *)req->buf, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
+ STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBopenX);
@@ -1943,7 +1891,6 @@ void reply_mknew(struct smb_request *req)
{
connection_struct *conn = req->conn;
char *fname = NULL;
- int com;
uint32 fattr = 0;
struct timespec ts[2];
files_struct *fsp;
@@ -1964,16 +1911,14 @@ void reply_mknew(struct smb_request *req)
return;
}
- fattr = SVAL(req->inbuf,smb_vwv0);
+ fattr = SVAL(req->vwv+0, 0);
oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
- com = SVAL(req->inbuf,smb_com);
- ts[1] =convert_time_t_to_timespec(
- srv_make_unix_date3(req->inbuf + smb_vwv1));
+ ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
/* mtime. */
- srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
- (const char *)req->buf + 1, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
+ STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBcreate);
@@ -1985,7 +1930,7 @@ void reply_mknew(struct smb_request *req)
"please report this\n", fname));
}
- if(com == SMBmknew) {
+ if(req->cmd == SMBmknew) {
/* We should fail if file exists. */
create_disposition = FILE_CREATE;
} else {
@@ -2074,11 +2019,11 @@ void reply_ctemp(struct smb_request *req)
return;
}
- fattr = SVAL(req->inbuf,smb_vwv0);
+ fattr = SVAL(req->vwv+0, 0);
oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
- srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
- (const char *)req->buf+1, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
+ STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBctemp);
@@ -2545,11 +2490,11 @@ void reply_unlink(struct smb_request *req)
return;
}
- dirtype = SVAL(req->inbuf,smb_vwv0);
+ dirtype = SVAL(req->vwv+0, 0);
- srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
- (const char *)req->buf + 1, 0, STR_TERMINATE,
- &status, &path_contains_wcard);
+ srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
+ STR_TERMINATE, &status,
+ &path_contains_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBunlink);
@@ -2800,7 +2745,7 @@ void reply_readbraw(struct smb_request *req)
* return a zero length response here.
*/
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
/*
* We have to do a check_fsp by hand here, as
@@ -2816,7 +2761,7 @@ void reply_readbraw(struct smb_request *req)
*/
DEBUG(3,("reply_readbraw: fnum %d not valid "
"- cache prime?\n",
- (int)SVAL(req->inbuf,smb_vwv0)));
+ (int)SVAL(req->vwv+0, 0)));
reply_readbraw_error();
END_PROFILE(SMBreadbraw);
return;
@@ -2827,7 +2772,7 @@ void reply_readbraw(struct smb_request *req)
((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
(fsp->access_mask & FILE_EXECUTE)))) {
DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
- (int)SVAL(req->inbuf,smb_vwv0)));
+ (int)SVAL(req->vwv+0, 0)));
reply_readbraw_error();
END_PROFILE(SMBreadbraw);
return;
@@ -2835,14 +2780,14 @@ void reply_readbraw(struct smb_request *req)
flush_write_cache(fsp, READRAW_FLUSH);
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
if(req->wct == 10) {
/*
* This is a large offset (64 bit) read.
*/
#ifdef LARGE_SMB_OFF_T
- startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
+ startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
#else /* !LARGE_SMB_OFF_T */
@@ -2850,11 +2795,11 @@ void reply_readbraw(struct smb_request *req)
* Ensure we haven't been sent a >32 bit offset.
*/
- if(IVAL(req->inbuf,smb_vwv8) != 0) {
+ if(IVAL(req->vwv+8, 0) != 0) {
DEBUG(0,("reply_readbraw: large offset "
"(%x << 32) used and we don't support "
"64 bit offsets.\n",
- (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
+ (unsigned int)IVAL(req->vwv+8, 0) ));
reply_readbraw_error();
END_PROFILE(SMBreadbraw);
return;
@@ -2872,8 +2817,8 @@ void reply_readbraw(struct smb_request *req)
}
}
- maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
- mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
+ maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
+ mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
/* ensure we don't overrun the packet size */
maxcount = MIN(65535,maxcount);
@@ -2942,7 +2887,7 @@ void reply_lockread(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBlockread);
@@ -2957,8 +2902,8 @@ void reply_lockread(struct smb_request *req)
release_level_2_oplocks_on_change(fsp);
- numtoread = SVAL(req->inbuf,smb_vwv1);
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
+ numtoread = SVAL(req->vwv+1, 0);
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
@@ -3050,7 +2995,7 @@ void reply_read(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBread);
@@ -3063,8 +3008,8 @@ void reply_read(struct smb_request *req)
return;
}
- numtoread = SVAL(req->inbuf,smb_vwv1);
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
+ numtoread = SVAL(req->vwv+1, 0);
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
@@ -3170,7 +3115,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
* on a train in Germany :-). JRA.
*/
- if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
+ if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) &&
!is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
uint8 headerbuf[smb_size + 12 * 2];
@@ -3284,7 +3229,7 @@ void reply_read_and_X(struct smb_request *req)
size_t smb_maxcnt;
bool big_readX = False;
#if 0
- size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
+ size_t smb_mincnt = SVAL(req->vwv+6, 0);
#endif
START_PROFILE(SMBreadX);
@@ -3294,9 +3239,9 @@ void reply_read_and_X(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2));
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
- smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
+ fsp = file_fsp(req, SVAL(req->vwv+2, 0));
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
+ smb_maxcnt = SVAL(req->vwv+5, 0);
/* If it's an IPC, pass off the pipe handler. */
if (IS_IPC(conn)) {
@@ -3317,11 +3262,11 @@ void reply_read_and_X(struct smb_request *req)
}
if (global_client_caps & CAP_LARGE_READX) {
- size_t upper_size = SVAL(req->inbuf,smb_vwv7);
+ size_t upper_size = SVAL(req->vwv+7, 0);
smb_maxcnt |= (upper_size<<16);
if (upper_size > 1) {
/* Can't do this on a chained packet. */
- if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
+ if ((CVAL(req->vwv+0, 0) != 0xFF)) {
reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
END_PROFILE(SMBreadX);
return;
@@ -3348,7 +3293,7 @@ void reply_read_and_X(struct smb_request *req)
/*
* This is a large offset (64 bit) read.
*/
- startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
+ startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
#else /* !LARGE_SMB_OFF_T */
@@ -3356,10 +3301,10 @@ void reply_read_and_X(struct smb_request *req)
* Ensure we haven't been sent a >32 bit offset.
*/
- if(IVAL(req->inbuf,smb_vwv10) != 0) {
+ if(IVAL(req->vwv+10, 0) != 0) {
DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
"used and we don't support 64 bit offsets.\n",
- (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
+ (unsigned int)IVAL(req->vwv+10, 0) ));
END_PROFILE(SMBreadX);
reply_doserror(req, ERRDOS, ERRbadaccess);
return;
@@ -3442,7 +3387,7 @@ void reply_writebraw(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
error_to_writebrawerr(req);
END_PROFILE(SMBwritebraw);
@@ -3456,9 +3401,9 @@ void reply_writebraw(struct smb_request *req)
return;
}
- tcount = IVAL(req->inbuf,smb_vwv1);
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
- write_through = BITSETW(req->inbuf+smb_vwv7,0);
+ tcount = IVAL(req->vwv+1, 0);
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
+ write_through = BITSETW(req->vwv+7,0);
/* We have to deal with slightly different formats depending
on whether we are using the core+ or lanman1.0 protocol */
@@ -3467,8 +3412,8 @@ void reply_writebraw(struct smb_request *req)
numtowrite = SVAL(smb_buf(req->inbuf),-2);
data = smb_buf(req->inbuf);
} else {
- numtowrite = SVAL(req->inbuf,smb_vwv10);
- data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
+ numtowrite = SVAL(req->vwv+10, 0);
+ data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
}
/* Ensure we don't write bytes past the end of this packet. */
@@ -3647,7 +3592,7 @@ void reply_writeunlock(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBwriteunlock);
@@ -3660,8 +3605,8 @@ void reply_writeunlock(struct smb_request *req)
return;
}
- numtowrite = SVAL(req->inbuf,smb_vwv1);
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
+ numtowrite = SVAL(req->vwv+1, 0);
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
data = (const char *)req->buf + 3;
if (numtowrite
@@ -3754,7 +3699,7 @@ void reply_write(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBwrite);
@@ -3767,8 +3712,8 @@ void reply_write(struct smb_request *req)
return;
}
- numtowrite = SVAL(req->inbuf,smb_vwv1);
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
+ numtowrite = SVAL(req->vwv+1, 0);
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
data = (const char *)req->buf + 3;
if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
@@ -3941,14 +3886,14 @@ void reply_write_and_X(struct smb_request *req)
return;
}
- numtowrite = SVAL(req->inbuf,smb_vwv10);
- smb_doff = SVAL(req->inbuf,smb_vwv11);
+ numtowrite = SVAL(req->vwv+10, 0);
+ smb_doff = SVAL(req->vwv+11, 0);
smblen = smb_len(req->inbuf);
if (req->unread_bytes > 0xFFFF ||
(smblen > smb_doff &&
smblen - smb_doff > 0xFFFF)) {
- numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
+ numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
}
if (req->unread_bytes) {
@@ -3984,9 +3929,9 @@ void reply_write_and_X(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2));
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
- write_through = BITSETW(req->inbuf+smb_vwv7,0);
+ fsp = file_fsp(req, SVAL(req->vwv+2, 0));
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
+ write_through = BITSETW(req->vwv+7,0);
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBwriteX);
@@ -4006,7 +3951,7 @@ void reply_write_and_X(struct smb_request *req)
/*
* This is a large offset (64 bit) write.
*/
- startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
+ startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
#else /* !LARGE_SMB_OFF_T */
@@ -4014,10 +3959,10 @@ void reply_write_and_X(struct smb_request *req)
* Ensure we haven't been sent a >32 bit offset.
*/
- if(IVAL(req->inbuf,smb_vwv12) != 0) {
+ if(IVAL(req->vwv+12, 0) != 0) {
DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
"used and we don't support 64 bit offsets.\n",
- (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
+ (unsigned int)IVAL(req->vwv+12, 0) ));
reply_doserror(req, ERRDOS, ERRbadaccess);
END_PROFILE(SMBwriteX);
return;
@@ -4105,7 +4050,7 @@ void reply_lseek(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
return;
@@ -4113,9 +4058,9 @@ void reply_lseek(struct smb_request *req)
flush_write_cache(fsp, SEEK_FLUSH);
- mode = SVAL(req->inbuf,smb_vwv1) & 3;
+ mode = SVAL(req->vwv+1, 0) & 3;
/* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
- startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
+ startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
switch (mode) {
case 0:
@@ -4190,7 +4135,7 @@ void reply_flush(struct smb_request *req)
return;
}
- fnum = SVAL(req->inbuf,smb_vwv0);
+ fnum = SVAL(req->vwv+0, 0);
fsp = file_fsp(req, fnum);
if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
@@ -4253,7 +4198,7 @@ void reply_close(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
/*
* We can only use check_fsp if we know it's not a directory.
@@ -4285,7 +4230,7 @@ void reply_close(struct smb_request *req)
* Take care of any time sent in the close.
*/
- t = srv_make_unix_date3(req->inbuf+smb_vwv1);
+ t = srv_make_unix_date3(req->vwv+1);
set_close_write_time(fsp, convert_time_t_to_timespec(t));
/*
@@ -4331,7 +4276,7 @@ void reply_writeclose(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBwriteclose);
@@ -4343,10 +4288,9 @@ void reply_writeclose(struct smb_request *req)
return;
}
- numtowrite = SVAL(req->inbuf,smb_vwv1);
- startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
- mtime = convert_time_t_to_timespec(srv_make_unix_date3(
- req->inbuf+smb_vwv4));
+ numtowrite = SVAL(req->vwv+1, 0);
+ startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
+ mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
data = (const char *)req->buf + 1;
if (numtowrite
@@ -4418,7 +4362,7 @@ void reply_lock(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBlock);
@@ -4427,8 +4371,8 @@ void reply_lock(struct smb_request *req)
release_level_2_oplocks_on_change(fsp);
- count = (uint64_t)IVAL(req->inbuf,smb_vwv1);
- offset = (uint64_t)IVAL(req->inbuf,smb_vwv3);
+ count = (uint64_t)IVAL(req->vwv+1, 0);
+ offset = (uint64_t)IVAL(req->vwv+3, 0);
DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
@@ -4477,15 +4421,15 @@ void reply_unlock(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBunlock);
return;
}
- count = (uint64_t)IVAL(req->inbuf,smb_vwv1);
- offset = (uint64_t)IVAL(req->inbuf,smb_vwv3);
+ count = (uint64_t)IVAL(req->vwv+1, 0);
+ offset = (uint64_t)IVAL(req->vwv+3, 0);
status = do_unlock(smbd_messaging_context(),
fsp,
@@ -4558,7 +4502,7 @@ void reply_echo(struct smb_request *req)
return;
}
- smb_reverb = SVAL(req->inbuf,smb_vwv0);
+ smb_reverb = SVAL(req->vwv+0, 0);
reply_outbuf(req, 1, req->buflen);
@@ -4651,7 +4595,7 @@ void reply_printclose(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBsplclose);
@@ -4699,8 +4643,8 @@ void reply_printqueue(struct smb_request *req)
return;
}
- max_count = SVAL(req->inbuf,smb_vwv0);
- start_index = SVAL(req->inbuf,smb_vwv1);
+ max_count = SVAL(req->vwv+0, 0);
+ start_index = SVAL(req->vwv+1, 0);
/* we used to allow the client to get the cnum wrong, but that
is really quite gross and only worked when there was only
@@ -4793,7 +4737,7 @@ void reply_printwrite(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if (!check_fsp(conn, req, fsp)) {
END_PROFILE(SMBsplwr);
@@ -4848,8 +4792,8 @@ void reply_mkdir(struct smb_request *req)
START_PROFILE(SMBmkdir);
- srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
- (const char *)req->buf + 1, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
+ STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBmkdir);
@@ -5118,8 +5062,8 @@ void reply_rmdir(struct smb_request *req)
START_PROFILE(SMBrmdir);
- srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
- (const char *)req->buf + 1, 0, STR_TERMINATE, &status);
+ srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
+ STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBrmdir);
@@ -5914,21 +5858,19 @@ void reply_mv(struct smb_request *req)
return;
}
- attrs = SVAL(req->inbuf,smb_vwv0);
+ attrs = SVAL(req->vwv+0, 0);
p = (const char *)req->buf + 1;
- p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
- 0, STR_TERMINATE, &status,
- &src_has_wcard);
+ p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
+ &status, &src_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBmv);
return;
}
p++;
- p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
- 0, STR_TERMINATE, &status,
- &dest_has_wcard);
+ p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
+ &status, &dest_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBmv);
@@ -6156,22 +6098,20 @@ void reply_copy(struct smb_request *req)
return;
}
- tid2 = SVAL(req->inbuf,smb_vwv0);
- ofun = SVAL(req->inbuf,smb_vwv1);
- flags = SVAL(req->inbuf,smb_vwv2);
+ tid2 = SVAL(req->vwv+0, 0);
+ ofun = SVAL(req->vwv+1, 0);
+ flags = SVAL(req->vwv+2, 0);
p = (const char *)req->buf;
- p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
- 0, STR_TERMINATE, &status,
- &source_has_wild);
+ p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
+ &status, &source_has_wild);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBcopy);
return;
}
- p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
- 0, STR_TERMINATE, &status,
- &dest_has_wild);
+ p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
+ &status, &dest_has_wild);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBcopy);
@@ -6617,12 +6557,12 @@ void reply_lockingX(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv2));
- locktype = CVAL(req->inbuf,smb_vwv3);
- oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
- num_ulocks = SVAL(req->inbuf,smb_vwv6);
- num_locks = SVAL(req->inbuf,smb_vwv7);
- lock_timeout = IVAL(req->inbuf,smb_vwv4);
+ fsp = file_fsp(req, SVAL(req->vwv+2, 0));
+ locktype = CVAL(req->vwv+3, 0);
+ oplocklevel = CVAL(req->vwv+3, 1);
+ num_ulocks = SVAL(req->vwv+6, 0);
+ num_locks = SVAL(req->vwv+7, 0);
+ lock_timeout = IVAL(req->vwv+4, 0);
large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
if (!check_fsp(conn, req, fsp)) {
@@ -6704,11 +6644,10 @@ void reply_lockingX(struct smb_request *req)
if (num_locks == 0 && num_ulocks == 0) {
/* Sanity check - ensure a pure oplock break is not a
chained request. */
- if(CVAL(req->inbuf,smb_vwv0) != 0xff)
+ if(CVAL(req->vwv+0, 0) != 0xff)
DEBUG(0,("reply_lockingX: Error : pure oplock "
"break is a chained %d request !\n",
- (unsigned int)CVAL(req->inbuf,
- smb_vwv0) ));
+ (unsigned int)CVAL(req->vwv+0, 0)));
END_PROFILE(SMBlockingX);
return;
}
@@ -6993,7 +6932,7 @@ void reply_setattrE(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if(!fsp || (fsp->conn != conn)) {
reply_doserror(req, ERRDOS, ERRbadfid);
@@ -7008,9 +6947,9 @@ void reply_setattrE(struct smb_request *req)
*/
ts[0] = convert_time_t_to_timespec(
- srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
+ srv_make_unix_date2(req->vwv+3)); /* atime. */
ts[1] = convert_time_t_to_timespec(
- srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
+ srv_make_unix_date2(req->vwv+5)); /* mtime. */
reply_outbuf(req, 0, 0);
@@ -7104,7 +7043,7 @@ void reply_getattrE(struct smb_request *req)
return;
}
- fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv0));
+ fsp = file_fsp(req, SVAL(req->vwv+0, 0));
if(!fsp || (fsp->conn != conn)) {
reply_doserror(req, ERRDOS, ERRbadfid);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 4123783eda..fde6cdc160 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1169,18 +1169,17 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
const char *native_lanman;
const char *primary_domain;
const char *p2;
- uint16 data_blob_len = SVAL(req->inbuf, smb_vwv7);
+ uint16 data_blob_len = SVAL(req->vwv+7, 0);
enum remote_arch_types ra_type = get_remote_arch();
int vuid = SVAL(req->inbuf,smb_uid);
user_struct *vuser = NULL;
NTSTATUS status = NT_STATUS_OK;
uint16 smbpid = req->smbpid;
- uint16 smb_flag2 = req->flags2;
DEBUG(3,("Doing spnego session setup\n"));
if (global_client_caps == 0) {
- global_client_caps = IVAL(req->inbuf,smb_vwv10);
+ global_client_caps = IVAL(req->vwv+10, 0);
if (!(global_client_caps & CAP_STATUS32)) {
remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
@@ -1196,7 +1195,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
return;
}
- bufrem = smb_bufrem(req->inbuf, p);
+ bufrem = smbreq_bufrem(req, p);
/* pull the spnego blob */
blob1 = data_blob(p, MIN(bufrem, data_blob_len));
@@ -1206,16 +1205,16 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
p2 = (char *)req->inbuf + smb_vwv13 + data_blob_len;
- p2 += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, smb_flag2,
- &tmp, p2, STR_TERMINATE);
+ p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ STR_TERMINATE);
native_os = tmp ? tmp : "";
- p2 += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, smb_flag2,
- &tmp, p2, STR_TERMINATE);
+ p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ STR_TERMINATE);
native_lanman = tmp ? tmp : "";
- p2 += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, smb_flag2,
- &tmp, p2,STR_TERMINATE);
+ p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
+ STR_TERMINATE);
primary_domain = tmp ? tmp : "";
DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n",
@@ -1439,7 +1438,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
return;
}
- if (SVAL(req->inbuf,smb_vwv4) == 0) {
+ if (SVAL(req->vwv+4, 0) == 0) {
setup_new_vc_session();
}
@@ -1448,10 +1447,10 @@ void reply_sesssetup_and_X(struct smb_request *req)
return;
}
- smb_bufsize = SVAL(req->inbuf,smb_vwv2);
+ smb_bufsize = SVAL(req->vwv+2, 0);
if (Protocol < PROTOCOL_NT1) {
- uint16 passlen1 = SVAL(req->inbuf,smb_vwv7);
+ uint16 passlen1 = SVAL(req->vwv+7, 0);
/* Never do NT status codes with protocols before NT1 as we
* don't get client caps. */
@@ -1472,16 +1471,15 @@ void reply_sesssetup_and_X(struct smb_request *req)
plaintext_password.data[passlen1] = 0;
}
- srvstr_pull_buf_talloc(talloc_tos(), req->inbuf, req->flags2,
- &tmp, req->buf + passlen1,
- STR_TERMINATE);
+ srvstr_pull_req_talloc(talloc_tos(), req, &tmp,
+ req->buf + passlen1, STR_TERMINATE);
user = tmp ? tmp : "";
domain = "";
} else {
- uint16 passlen1 = SVAL(req->inbuf,smb_vwv7);
- uint16 passlen2 = SVAL(req->inbuf,smb_vwv8);
+ uint16 passlen1 = SVAL(req->vwv+7, 0);
+ uint16 passlen2 = SVAL(req->vwv+8, 0);
enum remote_arch_types ra_type = get_remote_arch();
const uint8_t *p = req->buf;
const uint8_t *save_p = req->buf;
@@ -1489,7 +1487,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
if(global_client_caps == 0) {
- global_client_caps = IVAL(req->inbuf,smb_vwv11);
+ global_client_caps = IVAL(req->vwv+11, 0);
if (!(global_client_caps & CAP_STATUS32)) {
remove_from_common_flags2(
@@ -1531,7 +1529,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
/* check for nasty tricks */
if (passlen1 > MAX_PASS_LEN
- || passlen1 > smb_bufrem(req->inbuf, p)) {
+ || passlen1 > smbreq_bufrem(req, p)) {
reply_nterror(req, nt_status_squash(
NT_STATUS_INVALID_PARAMETER));
END_PROFILE(SMBsesssetupX);
@@ -1539,7 +1537,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
}
if (passlen2 > MAX_PASS_LEN
- || passlen2 > smb_bufrem(req->inbuf, p+passlen1)) {
+ || passlen2 > smbreq_bufrem(req, p+passlen1)) {
reply_nterror(req, nt_status_squash(
NT_STATUS_INVALID_PARAMETER));
END_PROFILE(SMBsesssetupX);
@@ -1592,23 +1590,19 @@ void reply_sesssetup_and_X(struct smb_request *req)
p += passlen1 + passlen2;
- p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf,
- req->flags2, &tmp, p,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
user = tmp ? tmp : "";
- p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf,
- req->flags2, &tmp, p,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
domain = tmp ? tmp : "";
- p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf,
- req->flags2, &tmp, p,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_os = tmp ? tmp : "";
- p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf,
- req->flags2, &tmp, p,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
native_lanman = tmp ? tmp : "";
@@ -1619,10 +1613,9 @@ void reply_sesssetup_and_X(struct smb_request *req)
* Windows 9x does not include a string here at all so we have
* to check if we have any extra bytes left */
- byte_count = SVAL(req->inbuf, smb_vwv13);
+ byte_count = SVAL(req->vwv+13, 0);
if ( PTR_DIFF(p, save_p) < byte_count) {
- p += srvstr_pull_buf_talloc(talloc_tos(), req->inbuf,
- req->flags2, &tmp, p,
+ p += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p,
STR_TERMINATE);
primary_domain = tmp ? tmp : "";
} else {
@@ -1642,7 +1635,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
}
- if (SVAL(req->inbuf,smb_vwv4) == 0) {
+ if (SVAL(req->vwv+4, 0) == 0) {
setup_new_vc_session();
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index a450a56e72..9e150018ef 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2183,7 +2183,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
- smb_fn_name(CVAL(req->inbuf,smb_com)),
+ smb_fn_name(req->cmd),
mask, directory, dirtype, numentries ) );
/*
@@ -2481,7 +2481,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
- smb_fn_name(CVAL(req->inbuf,smb_com)),
+ smb_fn_name(req->cmd),
mask, directory, dirtype, numentries ) );
/* Check if we can close the dirptr */
@@ -3118,7 +3118,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
max_data_bytes);
DEBUG( 4, ( "%s info_level = %d\n",
- smb_fn_name(CVAL(req->inbuf,smb_com)), info_level) );
+ smb_fn_name(req->cmd), info_level) );
return;
}
@@ -7254,7 +7254,7 @@ static void call_trans2ioctl(connection_struct *conn,
unsigned int max_data_bytes)
{
char *pdata = *ppdata;
- files_struct *fsp = file_fsp(req, SVAL(req->inbuf,smb_vwv15));
+ files_struct *fsp = file_fsp(req, SVAL(req->vwv+15, 0));
/* check for an invalid fid before proceeding */
@@ -7307,7 +7307,7 @@ void reply_findclose(struct smb_request *req)
return;
}
- dptr_num = SVALS(req->inbuf,smb_vwv0);
+ dptr_num = SVALS(req->vwv+0, 0);
DEBUG(3,("reply_findclose, dptr_num = %d\n", dptr_num));
@@ -7337,7 +7337,7 @@ void reply_findnclose(struct smb_request *req)
return;
}
- dptr_num = SVAL(req->inbuf,smb_vwv0);
+ dptr_num = SVAL(req->vwv+0, 0);
DEBUG(3,("reply_findnclose, dptr_num = %d\n", dptr_num));
@@ -7540,11 +7540,11 @@ void reply_trans2(struct smb_request *req)
return;
}
- dsoff = SVAL(req->inbuf, smb_dsoff);
- dscnt = SVAL(req->inbuf, smb_dscnt);
- psoff = SVAL(req->inbuf, smb_psoff);
- pscnt = SVAL(req->inbuf, smb_pscnt);
- tran_call = SVAL(req->inbuf, smb_setup0);
+ dsoff = SVAL(req->vwv+12, 0);
+ dscnt = SVAL(req->vwv+11, 0);
+ psoff = SVAL(req->vwv+10, 0);
+ pscnt = SVAL(req->vwv+9, 0);
+ tran_call = SVAL(req->vwv+14, 0);
size = smb_len(req->inbuf) + 4;
av_size = smb_len(req->inbuf);
@@ -7584,17 +7584,17 @@ void reply_trans2(struct smb_request *req)
state->mid = req->mid;
state->vuid = req->vuid;
- state->setup_count = SVAL(req->inbuf, smb_suwcnt);
+ state->setup_count = SVAL(req->vwv+13, 0);
state->setup = NULL;
- state->total_param = SVAL(req->inbuf, smb_tpscnt);
+ state->total_param = SVAL(req->vwv+0, 0);
state->param = NULL;
- state->total_data = SVAL(req->inbuf, smb_tdscnt);
+ state->total_data = SVAL(req->vwv+1, 0);
state->data = NULL;
- state->max_param_return = SVAL(req->inbuf, smb_mprcnt);
- state->max_data_return = SVAL(req->inbuf, smb_mdrcnt);
- state->max_setup_return = SVAL(req->inbuf, smb_msrcnt);
- state->close_on_completion = BITSETW(req->inbuf+smb_vwv5,0);
- state->one_way = BITSETW(req->inbuf+smb_vwv5,1);
+ state->max_param_return = SVAL(req->vwv+2, 0);
+ state->max_data_return = SVAL(req->vwv+3, 0);
+ state->max_setup_return = SVAL(req->vwv+4, 0);
+ state->close_on_completion = BITSETW(req->vwv+5, 0);
+ state->one_way = BITSETW(req->vwv+5, 1);
state->call = tran_call;
@@ -7758,18 +7758,18 @@ void reply_transs2(struct smb_request *req)
/* Revise state->total_param and state->total_data in case they have
changed downwards */
- if (SVAL(req->inbuf, smb_tpscnt) < state->total_param)
- state->total_param = SVAL(req->inbuf, smb_tpscnt);
- if (SVAL(req->inbuf, smb_tdscnt) < state->total_data)
- state->total_data = SVAL(req->inbuf, smb_tdscnt);
+ if (SVAL(req->vwv+0, 0) < state->total_param)
+ state->total_param = SVAL(req->vwv+0, 0);
+ if (SVAL(req->vwv+1, 0) < state->total_data)
+ state->total_data = SVAL(req->vwv+1, 0);
- pcnt = SVAL(req->inbuf, smb_spscnt);
- poff = SVAL(req->inbuf, smb_spsoff);
- pdisp = SVAL(req->inbuf, smb_spsdisp);
+ pcnt = SVAL(req->vwv+2, 0);
+ poff = SVAL(req->vwv+3, 0);
+ pdisp = SVAL(req->vwv+4, 0);
- dcnt = SVAL(req->inbuf, smb_sdscnt);
- doff = SVAL(req->inbuf, smb_sdsoff);
- ddisp = SVAL(req->inbuf, smb_sdsdisp);
+ dcnt = SVAL(req->vwv+5, 0);
+ doff = SVAL(req->vwv+6, 0);
+ ddisp = SVAL(req->vwv+7, 0);
state->received_param += pcnt;
state->received_data += dcnt;