From 0e8fd3398771da2f016d72830179507f3edda51b Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Sat, 4 May 1996 07:50:46 +0000 Subject: Initial version imported to CVS (This used to be commit 291551d80711daab7b7581720bcd9a08d6096517) --- source3/smbd/ipc.c | 2779 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2779 insertions(+) create mode 100644 source3/smbd/ipc.c (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c new file mode 100644 index 0000000000..8852e57e8b --- /dev/null +++ b/source3/smbd/ipc.c @@ -0,0 +1,2779 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Inter-process communication and named pipe handling + Copyright (C) Andrew Tridgell 1992-1995 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +/* + This file handles the named pipe and mailslot calls + in the SMBtrans protocol + */ + +#include "includes.h" +#include "loadparm.h" +#include "pcap.h" + +#ifdef CHECK_TYPES +#undef CHECK_TYPES +#endif +#define CHECK_TYPES 0 + +extern int DEBUGLEVEL; +extern int maxxmit; +extern files_struct Files[]; +extern connection_struct Connections[]; + +extern fstring local_machine; + +#define NERR_Success 0 +#define NERR_badpass 86 +#define NERR_notsupported 50 + +#define NERR_BASE (2100) +#define NERR_BufTooSmall (NERR_BASE+23) +#define NERR_JobNotFound (NERR_BASE+51) +#define NERR_DestNotFound (NERR_BASE+52) +#define ERROR_INVALID_LEVEL 124 +#define ERROR_MORE_DATA 234 + +#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024)) + +#define ACCESS_READ 0x01 +#define ACCESS_WRITE 0x02 +#define ACCESS_CREATE 0x04 + +#define SHPWLEN 8 /* share password length */ +#define NNLEN 12 /* 8.3 net name length */ +#define SNLEN 15 /* service name length */ +#define QNLEN 12 /* queue name maximum length */ + +extern int Client; + +static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n) +{ + pstring buf; + int l; + + if (!src || !dst || !n || !(*dst)) return(0); + + StrnCpy(buf,src,sizeof(buf)/2); + string_sub(buf,"%S",lp_servicename(snum)); + standard_sub(cnum,buf); + StrnCpy(*dst,buf,*n); + l = strlen(*dst) + 1; + (*dst) += l; + (*n) -= l; + return l; +} + +static int CopyAndAdvance(char** dst, char* src, int* n) +{ + int l; + if (!src || !dst || !n || !(*dst)) return(0); + StrnCpy(*dst,src,*n); + l = strlen(*dst) + 1; + (*dst) += l; + (*n) -= l; + return l; +} + +static int StrlenExpanded(int cnum, int snum, char* s) +{ + pstring buf; + if (!s) return(0); + StrnCpy(buf,s,sizeof(buf)/2); + string_sub(buf,"%S",lp_servicename(snum)); + standard_sub(cnum,buf); + return strlen(buf) + 1; +} + +static char* Expand(int cnum, int snum, char* s) +{ + static pstring buf; + if (!s) return(NULL); + StrnCpy(buf,s,sizeof(buf)/2); + string_sub(buf,"%S",lp_servicename(snum)); + standard_sub(cnum,buf); + return &buf[0]; +} + +/******************************************************************* + check a API string for validity when we only need to check the prefix + ******************************************************************/ +static BOOL prefix_ok(char *str,char *prefix) +{ + return(strncmp(str,prefix,strlen(prefix)) == 0); +} + + +/**************************************************************************** + send a trans reply + ****************************************************************************/ +static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, + int ldata,int lparam,int lsetup) +{ + int i; + int this_ldata,this_lparam; + int tot_data=0,tot_param=0; + int align; + + this_lparam = MIN(lparam,maxxmit - (500+lsetup*SIZEOFWORD)); /* hack */ + this_ldata = MIN(ldata,maxxmit - (500+lsetup*SIZEOFWORD+this_lparam)); + + align = (this_lparam%4); + + set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); + if (this_lparam) + memcpy(smb_buf(outbuf),param,this_lparam); + if (this_ldata) + memcpy(smb_buf(outbuf)+this_lparam+align,data,this_ldata); + + SSVAL(outbuf,smb_vwv0,lparam); + SSVAL(outbuf,smb_vwv1,ldata); + SSVAL(outbuf,smb_vwv3,this_lparam); + SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf)); + SSVAL(outbuf,smb_vwv5,0); + SSVAL(outbuf,smb_vwv6,this_ldata); + SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf)); + SSVAL(outbuf,smb_vwv8,0); + SSVAL(outbuf,smb_vwv9,lsetup); + for (i=0;ibuflen; + int i; + + if (!p->format || !p->base) return(False); + + i = count * getlen(p->format); + if (p->subformat) i += subcount * getlen(p->subformat); + p->structbuf = p->base; + p->neededlen = 0; + p->usedlen = 0; + p->subcount = 0; + p->curpos = p->format; + if (i > n) { + i = n = 0; + p->errcode = NERR_BufTooSmall; + } + + p->errcode = NERR_Success; + p->buflen = i; + n -= i; + p->stringbuf = p->base + i; + p->stringlen = n; + return(p->errcode == NERR_Success); +} + +#ifdef __STDC__ +static int package(struct pack_desc* p, ...) +{ +#else +static int package(va_alist) +va_dcl +{ + struct pack_desc* p; +#endif + va_list args; + int needed=0, stringneeded; + char* str=NULL; + int is_string=0, stringused; + int32 temp; + +#ifdef __STDC__ + va_start(args,p); +#else + va_start(args); + p = va_arg(args,struct pack_desc *); +#endif + + if (!*p->curpos) { + if (!p->subcount) + p->curpos = p->format; + else { + p->curpos = p->subformat; + p->subcount--; + } + } +#if CHECK_TYPES + str = va_arg(args,char*); + if (strncmp(str,p->curpos,strlen(str)) != 0) { + DEBUG(2,("type error in package: %s instead of %*s\n",str, + strlen(str),p->curpos)); + va_end(args); +#if AJT + ajt_panic(); +#endif + return 0; + } +#endif + stringneeded = -1; + + if (!p->curpos) return(0); + + switch( *p->curpos++ ) { + case 'W': /* word (2 byte) */ + needed = 2; + temp = va_arg(args,int); + if (p->buflen >= needed) SSVAL(p->structbuf,0,temp); + break; + case 'N': /* count of substructures (word) at end */ + needed = 2; + p->subcount = va_arg(args,int); + if (p->buflen >= needed) SSVAL(p->structbuf,0,p->subcount); + break; + case 'D': /* double word (4 byte) */ + needed = 4; + temp = va_arg(args,int); + if (p->buflen >= needed) SIVAL(p->structbuf,0,temp); + break; + case 'B': /* byte (with optional counter) */ + needed = get_counter(&p->curpos); + { + char *s = va_arg(args,char*); + if (p->buflen >= needed) StrnCpy(p->structbuf,s?s:"",needed); + } + break; + case 'z': /* offset to zero terminated string (4 byte) */ + str = va_arg(args,char*); + stringneeded = (str ? strlen(str)+1 : 0); + is_string = 1; + break; + case 'l': /* offset to user data (4 byte) */ + str = va_arg(args,char*); + stringneeded = va_arg(args,int); + is_string = 0; + break; + case 'b': /* offset to data (with counter) (4 byte) */ + str = va_arg(args,char*); + stringneeded = get_counter(&p->curpos); + is_string = 0; + break; + } + va_end(args); + if (stringneeded >= 0) { + needed = 4; + if (p->buflen >= needed) { + stringused = stringneeded; + if (stringused > p->stringlen) { + stringused = (is_string ? p->stringlen : 0); + if (p->errcode == NERR_Success) p->errcode = ERROR_MORE_DATA; + } + if (!stringused) + SIVAL(p->structbuf,0,0); + else { + SIVAL(p->structbuf,0,PTR_DIFF(p->stringbuf,p->base)); + memcpy(p->stringbuf,str?str:"",stringused); + if (is_string) p->stringbuf[stringused-1] = '\0'; + p->stringbuf += stringused; + p->stringlen -= stringused; + p->usedlen += stringused; + } + } + p->neededlen += stringneeded; + } + p->neededlen += needed; + if (p->buflen >= needed) { + p->structbuf += needed; + p->buflen -= needed; + p->usedlen += needed; + } + else { + if (p->errcode == NERR_Success) p->errcode = NERR_BufTooSmall; + } + return 1; +} + +#if CHECK_TYPES +#define PACK(desc,t,v) package(desc,t,v,0,0,0,0) +#define PACKl(desc,t,v,l) package(desc,t,v,l,0,0,0,0) +#else +#define PACK(desc,t,v) package(desc,v) +#define PACKl(desc,t,v,l) package(desc,v,l) +#endif + +static void PACKI(struct pack_desc* desc,char *t,int v) +{ + PACK(desc,t,v); +} + +static void PACKS(struct pack_desc* desc,char *t,char *v) +{ + PACK(desc,t,v); +} + +static void PackDriverData(struct pack_desc* desc) +{ + char drivdata[4+4+32]; + SIVAL(drivdata,0,sizeof drivdata); /* cb */ + SIVAL(drivdata,4,1000); /* lVersion */ + memset(drivdata+8,0,32); /* szDeviceName */ + strcpy(drivdata+8,"NULL"); + PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */ +} + +static int check_printq_info(struct pack_desc* desc, + int uLevel, const char* id1, const char* id2) +{ + desc->subformat = NULL; + switch( uLevel ) { + case 0: + desc->format = "B13"; + break; + case 1: + desc->format = "B13BWWWzzzzzWW"; + break; + case 2: + desc->format = "B13BWWWzzzzzWN"; + desc->subformat = "WB21BB16B10zWWzDDz"; + break; + case 3: + desc->format = "zWWWWzzzzWWzzl"; + break; + case 4: + desc->format = "zWWWWzzzzWNzzl"; + desc->subformat = "WWzWWDDzz"; + break; + case 5: + desc->format = "z"; + break; + default: return False; + } + if (strcmp(desc->format,id1) != 0) return False; + if (desc->subformat && strcmp(desc->subformat,id2) != 0) return False; + return True; +} + +static void fill_printjob_info(int cnum, int snum, int uLevel, + struct pack_desc* desc, + print_queue_struct* queue, int n) +{ + time_t t = queue->time; + + /* the client expects localtime */ + t += GMT_TO_LOCAL*TimeDiff(t); + + PACKI(desc,"W",((snum%0xFF)<<8) | (queue->job%0xFF)); /* uJobId */ + if (uLevel == 1) { + PACKS(desc,"B21",queue->user); /* szUserName */ + PACKS(desc,"B",""); /* pad */ + PACKS(desc,"B16",""); /* szNotifyName */ + PACKS(desc,"B10","PM_Q_RAW"); /* szDataType */ + PACKS(desc,"z",""); /* pszParms */ + PACKI(desc,"W",n+1); /* uPosition */ + PACKI(desc,"W",queue->status); /* fsStatus */ + PACKS(desc,"z",""); /* pszStatus */ + PACKI(desc,"D",queue->time); /* ulSubmitted */ + PACKI(desc,"D",queue->size); /* ulSize */ + PACKS(desc,"z",queue->file); /* pszComment */ + } + if (uLevel == 2 || uLevel == 3) { + PACKI(desc,"W",queue->priority); /* uPriority */ + PACKS(desc,"z",queue->user); /* pszUserName */ + PACKI(desc,"W",n+1); /* uPosition */ + PACKI(desc,"W",queue->status); /* fsStatus */ + PACKI(desc,"D",queue->time); /* ulSubmitted */ + PACKI(desc,"D",queue->size); /* ulSize */ + PACKS(desc,"z","Samba"); /* pszComment */ + PACKS(desc,"z",queue->file); /* pszDocument */ + if (uLevel == 3) { + PACKS(desc,"z",""); /* pszNotifyName */ + PACKS(desc,"z","PM_Q_RAW"); /* pszDataType */ + PACKS(desc,"z",""); /* pszParms */ + PACKS(desc,"z",""); /* pszStatus */ + PACKS(desc,"z",SERVICE(snum)); /* pszQueue */ + PACKS(desc,"z","lpd"); /* pszQProcName */ + PACKS(desc,"z",""); /* pszQProcParms */ + PACKS(desc,"z","NULL"); /* pszDriverName */ + PackDriverData(desc); /* pDriverData */ + PACKS(desc,"z",""); /* pszPrinterName */ + } + } +} + +static void fill_printq_info(int cnum, int snum, int uLevel, + struct pack_desc* desc, + int count, print_queue_struct* queue, + print_status_struct* status) +{ + if (uLevel < 3) { + PACKS(desc,"B13",SERVICE(snum)); + } else { + PACKS(desc,"z",Expand(cnum,snum,SERVICE(snum))); + } + if (uLevel == 1 || uLevel == 2) { + PACKS(desc,"B",""); /* alignment */ + PACKI(desc,"W",5); /* priority */ + PACKI(desc,"W",0); /* start time */ + PACKI(desc,"W",0); /* until time */ + PACKS(desc,"z",""); /* pSepFile */ + PACKS(desc,"z","lpd"); /* pPrProc */ + PACKS(desc,"z",SERVICE(snum)); /* pDestinations */ + PACKS(desc,"z",""); /* pParms */ + if (snum < 0) { + PACKS(desc,"z","UNKNOWN PRINTER"); + PACKI(desc,"W",LPSTAT_ERROR); + } + else if (!status || !status->message[0]) { + PACKS(desc,"z",Expand(cnum,snum,lp_comment(snum))); + PACKI(desc,"W",LPSTAT_OK); /* status */ + } else { + PACKS(desc,"z",status->message); + PACKI(desc,"W",status->status); /* status */ + } + PACKI(desc,(uLevel == 1 ? "W" : "N"),count); + } + if (uLevel == 3 || uLevel == 4) { + PACKI(desc,"W",5); /* uPriority */ + PACKI(desc,"W",0); /* uStarttime */ + PACKI(desc,"W",0); /* uUntiltime */ + PACKI(desc,"W",5); /* pad1 */ + PACKS(desc,"z",""); /* pszSepFile */ + PACKS(desc,"z","lpd"); /* pszPrProc */ + PACKS(desc,"z",""); /* pszParms */ + if (!status || !status->message[0]) { + PACKS(desc,"z",Expand(cnum,snum,lp_comment(snum))); /* pszComment */ + PACKI(desc,"W",LPSTAT_OK); /* fsStatus */ + } else { + PACKS(desc,"z",status->message); /* pszComment */ + PACKI(desc,"W",status->status); /* fsStatus */ + } + PACKI(desc,(uLevel == 3 ? "W" : "N"),count); /* cJobs */ + PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */ + PACKS(desc,"z","NULL"); /* pszDriverName */ + PackDriverData(desc); /* pDriverData */ + } + if (uLevel == 2 || uLevel == 4) { + int i; + for (i=0;i gave %d entries\n",SERVICE(snum),count)); +} + +static BOOL api_DosPrintQGetInfo(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + char *QueueName = p; + int uLevel,cbBuf; + int count=0; + int snum; + char* str3; + struct pack_desc desc; + print_queue_struct *queue=NULL; + print_status_struct status; + + bzero(&status,sizeof(status)); + bzero(&desc,sizeof(desc)); + + p = skip_string(p,1); + uLevel = SVAL(p,0); + cbBuf = SVAL(p,2); + str3 = p + 4; + + if ((p = strchr(QueueName,'%'))) *p = 0; + + DEBUG(3,("PrintQueue uLevel=%d name=%s\n",uLevel,QueueName)); + + /* check it's a supported varient */ + if (!prefix_ok(str1,"zWrLh")) return False; + if (!check_printq_info(&desc,uLevel,str2,str3)) return False; + + snum = lp_servicenumber(QueueName); + if (snum < 0 && pcap_printername_ok(QueueName,NULL)) { + int pnum = lp_servicenumber(PRINTERS_NAME); + if (pnum >= 0) { + lp_add_printer(QueueName,pnum); + snum = lp_servicenumber(QueueName); + } + } + + if (snum < 0 || !VALID_SNUM(snum)) return(False); + + count = get_printqueue(snum,cnum,&queue,&status); + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + if (init_package(&desc,1,count)) { + desc.subcount = count; + fill_printq_info(cnum,snum,uLevel,&desc,count,queue,&status); + } + + *rdata_len = desc.usedlen; + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,desc.neededlen); + + DEBUG(4,("printqgetinfo: errorcode %d\n",desc.errcode)); + + if (queue) free(queue); + + return(True); +} + + +/**************************************************************************** + view list of all print jobs on all queues + ****************************************************************************/ +static BOOL api_DosPrintQEnum(int cnum, int uid, char* param, char* data, + int mdrcnt, int mprcnt, + char **rdata, char** rparam, + int *rdata_len, int *rparam_len) +{ + char *param_format = param+2; + char *output_format1 = skip_string(param_format,1); + char *p = skip_string(output_format1,1); + int uLevel = SVAL(p,0); + char *output_format2 = p + 4; + int services = lp_numservices(); + int i, n; + struct pack_desc desc; + print_queue_struct **queue = NULL; + print_status_struct *status = NULL; + int* subcntarr = NULL; + int queuecnt, subcnt=0, succnt=0; + + bzero(&desc,sizeof(desc)); + + DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel)); + + if (prefix_ok(param_format,"WrLeh")) return False; + if (!check_printq_info(&desc,uLevel,output_format1,output_format2)) + return False; + queuecnt = 0; + for (i = 0; i < services; i++) + if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) + queuecnt++; + if (uLevel > 0) { + queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*)); + memset(queue,0,queuecnt*sizeof(print_queue_struct*)); + status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct)); + memset(status,0,queuecnt*sizeof(print_status_struct)); + subcntarr = (int*)malloc(queuecnt*sizeof(int)); + subcnt = 0; + n = 0; + for (i = 0; i < services; i++) + if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { + subcntarr[n] = get_printqueue(i,cnum,&queue[n],&status[n]); + subcnt += subcntarr[n]; + n++; + } + } + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + + if (init_package(&desc,queuecnt,subcnt)) { + n = 0; + succnt = 0; + for (i = 0; i < services; i++) + if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { + fill_printq_info(cnum,i,uLevel,&desc,subcntarr[n],queue[n],&status[n]); + n++; + if (desc.errcode == NERR_Success) succnt = n; + } + } + + if (subcntarr) free(subcntarr); + + *rdata_len = desc.usedlen; + *rparam_len = 8; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,succnt); + SSVAL(*rparam,6,queuecnt); + + for (i = 0; i < queuecnt; i++) { + if (queue && queue[i]) free(queue[i]); + } + + if (queue) free(queue); + if (status) free(status); + + return True; +} + +/**************************************************************************** + get info level for a server list query + ****************************************************************************/ +static BOOL check_server_info(int uLevel, char* id) +{ + switch( uLevel ) { + case 0: + if (strcmp(id,"B16") != 0) return False; + break; + case 1: + if (strcmp(id,"B16BBDz") != 0) return False; + break; + default: + return False; + } + return True; +} + +/* used for server information: client, nameserv and ipc */ +struct srv_info_struct +{ + fstring name; + uint32 type; + fstring comment; + fstring domain; /* used ONLY in ipc.c NOT namework.c */ + BOOL server_added; /* used ONLY in ipc.c NOT namework.c */ +}; + +/******************************************************************* + filter out unwanted server info + ******************************************************************/ +static BOOL filter_server_info(struct srv_info_struct *server, + char *domain) +{ + if (*domain) + return(strequal(domain, server->domain)); + + return (True); /* be indiscriminate: get all servers! */ +} + +/******************************************************************* + find server in the files saved by nmbd. Return True if we find it. + ******************************************************************/ +static BOOL find_server(struct srv_info_struct *servers, int num_servers, + char *domain, char *name) +{ + int count; + + if (!servers || num_servers == 0) return (False); + + for (count = 0; count < num_servers; count++) { + struct srv_info_struct *s; + + s = &servers[count]; + + if (strequal(name, s->name)) { + StrnCpy(domain, s->domain, sizeof(pstring)-1); + return (True); + } + } + return (False); +} + + +/******************************************************************* + get server info lists from the files saved by nmbd. Return the + number of entries + ******************************************************************/ +static int get_server_info(uint32 servertype, + struct srv_info_struct **servers) +{ + FILE *f; + pstring fname; + int count=0; + int alloced=0; + pstring line; + + strcpy(fname,lp_lockdir()); + trim_string(fname,NULL,"/"); + strcat(fname,"/"); + strcat(fname,SERVER_LIST); + + f = fopen(fname,"r"); + + if (!f) { + DEBUG(4,("Can't open %s - %s\n",fname,strerror(errno))); + return(0); + } + if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; + + while (!feof(f)) + { + fstring stype; + struct srv_info_struct *s; + char *ptr = line; + *ptr = 0; + + fgets(line,sizeof(line)-1,f); + if (!*line) continue; + + if (count == alloced) { + alloced += 10; + (*servers) = (struct srv_info_struct *) + Realloc(*servers,sizeof(**servers)*alloced); + if (!(*servers)) return(0); + bzero((char *)((*servers)+count),sizeof(**servers)*(alloced-count)); + } + s = &(*servers)[count]; + + s->server_added = True; + + if (!next_token(&ptr,s->name , NULL)) continue; + if (!next_token(&ptr,stype , NULL)) continue; + if (!next_token(&ptr,s->comment, NULL)) continue; + if (!next_token(&ptr,s->domain , NULL)) { + /* this allows us to cop with an old nmbd */ + strcpy(s->domain,my_workgroup()); + } + + if (sscanf(stype,"%X",&s->type) != 1) continue; + + /* doesn't match up: don't want it */ + if (!(servertype & s->type)) continue; + + /* server entry is a domain, we haven't asked for domains: don't want it */ + if ((s->type&SV_TYPE_DOMAIN_ENUM) && !(servertype&SV_TYPE_DOMAIN_ENUM)) + continue; + + DEBUG(4,("Server %20s %8x %25s %15s\n", + s->name, stype, s->comment, s->domain)); + + count++; + } + + fclose(f); + return(count); +} + +/******************************************************************* + fill in a server info structure + ******************************************************************/ +static int fill_srv_info(struct srv_info_struct *service, + int uLevel, char **buf, int *buflen, + char **stringbuf, int *stringspace, char *baseaddr) +{ + int struct_len; + char* p; + char* p2; + int l2; + int len; + + switch (uLevel) { + case 0: struct_len = 16; break; + case 1: struct_len = 26; break; + default: return -1; + } + + if (!buf) + { + len = 0; + switch (uLevel) + { + case 1: + len = strlen(service->comment)+1; + break; + } + + if (buflen) *buflen = struct_len; + if (stringspace) *stringspace = len; + return struct_len + len; + } + + len = struct_len; + p = *buf; + if (*buflen < struct_len) return -1; + if (stringbuf) + { + p2 = *stringbuf; + l2 = *stringspace; + } + else + { + p2 = p + struct_len; + l2 = *buflen - struct_len; + } + if (!baseaddr) baseaddr = p; + + switch (uLevel) + { + case 0: + StrnCpy(p,service->name,15); + break; + + case 1: + StrnCpy(p,service->name,15); + SIVAL(p,18,service->type); + SIVAL(p,22,PTR_DIFF(p2,baseaddr)); + len += CopyAndAdvance(&p2,service->comment,&l2); + break; + } + + if (stringbuf) + { + *buf = p + struct_len; + *buflen -= struct_len; + *stringbuf = p2; + *stringspace = l2; + } + else + { + *buf = p2; + *buflen -= len; + } + return len; +} + + +/**************************************************************************** + view list of servers available (or possibly domains). The info is + extracted from lists saved by nmbd on the local host + ****************************************************************************/ +static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, + int mdrcnt, int mprcnt, char **rdata, + char **rparam, int *rdata_len, int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel = SVAL(p,0); + int buf_len = SVAL(p,2); + uint32 servertype = IVAL(p,4); + char *p2; + int data_len, fixed_len, string_len; + int f_len, s_len; + struct srv_info_struct *servers=NULL; + int counted=0,total=0; + int i; + fstring domain; + BOOL domain_request = (servertype & SV_TYPE_DOMAIN_ENUM) && + !(servertype == SV_TYPE_ALL); + + domain[0] = 0; + p += 8; + + if (!prefix_ok(str1,"WrLehD")) return False; + if (!check_server_info(uLevel,str2)) return False; + + DEBUG(4, ("server request level: %s\n", str2)); + + if (strcmp(str1, "WrLehDO") == 0) + { + /* asking for servers. we will have to work out which workgroup was + requested, as we maintain lists for multiple workgroups */ + } + else if (strcmp(str1, "WrLehDz") == 0) + { + /* asking for a specific workgroup */ + StrnCpy(domain, p, sizeof(fstring)-1); + } + + if (lp_browse_list()) + { + total = get_server_info(servertype,&servers); + } + + if (!domain[0] && !domain_request) { + extern fstring remote_machine; + /* must be a server request with an assumed domain. find a domain */ + + if (find_server(servers, total, domain, remote_machine)) { + DEBUG(4, ("No domain specified: using %s for %s\n", + domain, remote_machine)); + } else { + /* default to soemthing sensible */ + strcpy(domain,my_workgroup()); + } + } + + data_len = fixed_len = string_len = 0; + + for (i=0;i 0) len += StrlenExpanded(cnum,snum,lp_comment(snum)); + if (uLevel > 1) len += strlen(lp_pathname(snum)) + 1; + if (buflen) *buflen = struct_len; + if (stringspace) *stringspace = len; + return struct_len + len; + } + + len = struct_len; + p = *buf; + if ((*buflen) < struct_len) return -1; + if (stringbuf) + { + p2 = *stringbuf; + l2 = *stringspace; + } + else + { + p2 = p + struct_len; + l2 = (*buflen) - struct_len; + } + if (!baseaddr) baseaddr = p; + + StrnCpy(p,lp_servicename(snum),13); + + if (uLevel > 0) + { + int type; + CVAL(p,13) = 0; + type = STYPE_DISKTREE; + if (lp_print_ok(snum)) type = STYPE_PRINTQ; + if (strequal("IPC$",lp_servicename(snum))) type = STYPE_IPC; + SSVAL(p,14,type); /* device type */ + SIVAL(p,16,PTR_DIFF(p2,baseaddr)); + len += CopyExpanded(cnum,snum,&p2,lp_comment(snum),&l2); + } + + if (uLevel > 1) + { + SSVAL(p,20,ACCESS_READ|ACCESS_WRITE|ACCESS_CREATE); /* permissions */ + SSVALS(p,22,-1); /* max uses */ + SSVAL(p,24,1); /* current uses */ + SIVAL(p,26,PTR_DIFF(p2,baseaddr)); /* local pathname */ + len += CopyAndAdvance(&p2,lp_pathname(snum),&l2); + memset(p+30,0,SHPWLEN+2); /* passwd (reserved), pad field */ + } + + if (uLevel > 2) + { + memset(p+40,0,SHPWLEN+2); + SSVAL(p,50,0); + SIVAL(p,52,0); + SSVAL(p,56,0); + SSVAL(p,58,0); + SIVAL(p,60,0); + SSVAL(p,64,0); + SSVAL(p,66,0); + } + + if (stringbuf) + { + (*buf) = p + struct_len; + (*buflen) -= struct_len; + (*stringbuf) = p2; + (*stringspace) = l2; + } + else + { + (*buf) = p2; + (*buflen) -= len; + } + return len; +} + +static BOOL api_RNetShareGetInfo(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *netname = skip_string(str2,1); + char *p = skip_string(netname,1); + int uLevel = SVAL(p,0); + int snum = find_service(netname); + + if (snum < 0) return False; + + /* check it's a supported varient */ + if (!prefix_ok(str1,"zWrLh")) return False; + if (!check_share_info(uLevel,str2)) return False; + + *rdata = REALLOC(*rdata,mdrcnt); + p = *rdata; + *rdata_len = fill_share_info(cnum,snum,uLevel,&p,&mdrcnt,0,0,0); + if (*rdata_len < 0) return False; + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,4,*rdata_len); + + return(True); +} + +/**************************************************************************** + view list of shares available + ****************************************************************************/ +static BOOL api_RNetShareEnum(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel = SVAL(p,0); + int buf_len = SVAL(p,2); + char *p2; + int count=lp_numservices(); + int total=0,counted=0; + int i; + int data_len, fixed_len, string_len; + int f_len, s_len; + + if (!prefix_ok(str1,"WrLeh")) return False; + if (!check_share_info(uLevel,str2)) return False; + + data_len = fixed_len = string_len = 0; + for (i=0;itm_hour; + CVAL(p,9) = t->tm_min; + CVAL(p,10) = t->tm_sec; + CVAL(p,11) = 0; /* hundredths of seconds */ + SSVALS(p,12,TimeDiff(unixdate)/60); /* timezone in minutes from GMT */ + SSVAL(p,14,10000); /* timer interval in 0.0001 of sec */ + CVAL(p,16) = t->tm_mday; + CVAL(p,17) = t->tm_mon + 1; + SSVAL(p,18,1900+t->tm_year); + CVAL(p,20) = t->tm_wday; + } + + + return(True); +} + +/**************************************************************************** + set the user password + ****************************************************************************/ +static BOOL api_SetUserPassword(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *p = skip_string(param+2,2); + fstring user; + fstring pass1,pass2; + + strcpy(user,p); + + p = skip_string(p,1); + + StrnCpy(pass1,p,16); + StrnCpy(pass2,p+16,16); + + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); + + *rdata_len = 0; + + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + + DEBUG(3,("Set password for <%s>\n",user)); + + if (!password_ok(user,pass1,strlen(pass1),NULL,False) || + !chgpasswd(user,pass1,pass2)) + SSVAL(*rparam,0,NERR_badpass); + + bzero(pass1,sizeof(fstring)); + bzero(pass2,sizeof(fstring)); + + return(True); +} + +/**************************************************************************** + delete a print job + Form: <> + ****************************************************************************/ +static BOOL api_RDosPrintJobDel(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + int function = SVAL(param,0); + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int jobid = (SVAL(p,0)&0xFF); /* the snum and jobid are encoded + by the print queue api */ + int snum = (SVAL(p,0)>>8); + int i, count; + + + /* check it's a supported varient */ + if (!(strcsequal(str1,"W") && strcsequal(str2,""))) + return(False); + + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); + + *rdata_len = 0; + + SSVAL(*rparam,0,NERR_Success); + + if (snum >= 0 && VALID_SNUM(snum)) + { + print_queue_struct *queue=NULL; + lpq_reset(snum); + count = get_printqueue(snum,cnum,&queue,NULL); + + for (i=0;i= 0) { + lp_add_printer(QueueName,pnum); + snum = lp_servicenumber(QueueName); + } + } + + if (snum >= 0 && VALID_SNUM(snum)) { + print_queue_struct *queue=NULL; + int i, count; + lpq_reset(snum); + + count = get_printqueue(snum,cnum,&queue,NULL); + for (i = 0; i < count; i++) + del_printqueue(cnum,snum,queue[i].job); + + if (queue) free(queue); + } + + DEBUG(3,("Print queue purge, queue=%s\n",QueueName)); + + return(True); +} + + +/**************************************************************************** + set the property of a print job (undocumented?) + ? function = 0xb -> set name of print job + ? function = 0x6 -> move print job up/down + Form: + or +****************************************************************************/ +static int check_printjob_info(struct pack_desc* desc, + int uLevel, char* id) +{ + desc->subformat = NULL; + switch( uLevel ) { + case 0: desc->format = "W"; break; + case 1: desc->format = "WB21BB16B10zWWzDDz"; break; + case 2: desc->format = "WWzWWDDzz"; break; + case 3: desc->format = "WWzWWDDzzzzzzzzzzlz"; break; + default: return False; + } + if (strcmp(desc->format,id) != 0) return False; + return True; +} + +static BOOL api_PrintJobInfo(int cnum,int uid,char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + struct pack_desc desc; + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int jobid = (SVAL(p,0)&0xFF); /* the snum and jobid are encoded + by the print queue api */ + int snum = (SVAL(p,0)>>8); + int uLevel = SVAL(p,2); + int function = SVAL(p,4); /* what is this ?? */ + int i; + char *s = data; + + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); + + *rdata_len = 0; + + /* check it's a supported varient */ + if ((strcmp(str1,"WWsTP")) || (!check_printjob_info(&desc,uLevel,str2))) + return(False); + + switch (function) { + case 0x6: /* change job place in the queue, data gives the new place */ + if (snum >= 0 && VALID_SNUM(snum)) + { + print_queue_struct *queue=NULL; + int count; + + lpq_reset(snum); + count = get_printqueue(snum,cnum,&queue,NULL); + for (i=0;i place ) /* move up */; + } +#endif + desc.errcode=NERR_notsupported; /* not yet supported */ + if (queue) free(queue); + } + } + else desc.errcode=NERR_JobNotFound; + break; + case 0xb: /* change print job name, data gives the name */ + /* jobid, snum should be zero */ + if (isalpha(*s)) + { + pstring name; + int l = 0; + while (l<64 && *s) + { + if (isalnum(*s) || strchr("-._",*s)) + name[l++] = *s; + s++; + } + name[l] = 0; + + DEBUG(3,("Setting print name to %s\n",name)); + + for (i=0;i 0) + { + struct srv_info_struct *servers=NULL; + int i,count; + pstring comment; + uint32 servertype=SV_TYPE_SERVER_UNIX|SV_TYPE_WORKSTATION| + SV_TYPE_SERVER|SV_TYPE_TIME_SOURCE; + + strcpy(comment,lp_serverstring()); + + if ((count=get_server_info(SV_TYPE_ALL,&servers))>0) { + for (i=0;i 1) + { + return False; /* not yet implemented */ + } + + *rdata_len = PTR_DIFF(p2,*rdata); + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,4,*rdata_len); + + return(True); +} + + +/**************************************************************************** + get info about the server + ****************************************************************************/ +static BOOL api_NetWkstaGetInfo(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + char *p2; + extern pstring sesssetup_user; + int level = SVAL(p,0); + + DEBUG(4,("NetWkstaGetInfo level %d\n",level)); + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + + /* check it's a supported varient */ + if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) + return(False); + + *rdata_len = mdrcnt + 1024; + *rdata = REALLOC(*rdata,*rdata_len); + + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + + p = *rdata; + p2 = p + 22; + + SIVAL(p,0,PTR_DIFF(p2,*rdata)); + strcpy(p2,local_machine); + p2 = skip_string(p2,1); + p += 4; + + SIVAL(p,0,PTR_DIFF(p2,*rdata)); + strcpy(p2,sesssetup_user); + p2 = skip_string(p2,1); + p += 4; + + SIVAL(p,0,PTR_DIFF(p2,*rdata)); + strcpy(p2,my_workgroup()); + p2 = skip_string(p2,1); + p += 4; + + SCVAL(p,0,2); /* major version?? */ + SCVAL(p,1,1); /* minor version?? */ + p += 2; + + SIVAL(p,0,PTR_DIFF(p2,*rdata)); + strcpy(p2,my_workgroup()); /* login domain?? */ + p2 = skip_string(p2,1); + p += 4; + + SIVAL(p,0,PTR_DIFF(p2,*rdata)); + strcpy(p2,""); + p2 = skip_string(p2,1); + p += 4; + + *rdata_len = PTR_DIFF(p2,*rdata); + + SSVAL(*rparam,4,*rdata_len); + + return(True); +} + + +/**************************************************************************** + get info about a user + ****************************************************************************/ + +#define USER_PRIV_GUEST 0 +#define USER_PRIV_USER 1 +#define USER_PRIV_ADMIN 2 + +static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *UserName = skip_string(str2,1); + char *p = skip_string(UserName,1); + int uLevel = SVAL(p,0); + char *p2; + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + + /* check it's a supported varient */ + if (strcmp(str1,"zWrLh") != 0) return False; + switch( uLevel ) { + case 0: p2 = "B21"; break; + case 1: p2 = "B21BB16DWzzWz"; break; + case 2: p2 = "B21BB16DWzzWzDzzzzDDDDWb21WWzWW"; break; + case 10: p2 = "B21Bzzz"; break; + case 11: p2 = "B21BzzzWDDzzDDWWzWzDWb21W"; break; + default: return False; + } + if (strcmp(p2,str2) != 0) return False; + + *rdata_len = mdrcnt + 1024; + *rdata = REALLOC(*rdata,*rdata_len); + + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + + p = *rdata; + p2 = p + 86; + + memset(p,0,21); + strcpy(p,UserName); + if (uLevel > 0) { + SCVAL(p,21,0); + *p2 = 0; + if (uLevel >= 10) { + SIVAL(p,22,PTR_DIFF(p2,p)); /* comment */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,26,PTR_DIFF(p2,p)); /* user_comment */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,30,PTR_DIFF(p2,p)); /* full name */ + strcpy(p2,""); + p2 = skip_string(p2,1); + } + if (uLevel == 11) { /* modelled after NTAS 3.51 reply */ + SSVAL(p,34,USER_PRIV_USER); /* user privilege */ + SIVAL(p,36,0); /* auth flags */ + SIVALS(p,40,-1); /* password age */ + SIVAL(p,44,PTR_DIFF(p2,p)); /* home dir */ + strcpy(p2,"\\\\%L\\HOMES"); + standard_sub_basic(p2); + p2 = skip_string(p2,1); + SIVAL(p,48,PTR_DIFF(p2,p)); /* parms */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,52,0); /* last logon */ + SIVAL(p,56,0); /* last logoff */ + SSVALS(p,60,-1); /* bad pw counts */ + SSVALS(p,62,-1); /* num logons */ + SIVAL(p,64,PTR_DIFF(p2,p)); /* logon server */ + strcpy(p2,"\\\\*"); + p2 = skip_string(p2,1); + SSVAL(p,68,0); /* country code */ + + SIVAL(p,70,PTR_DIFF(p2,p)); /* workstations */ + strcpy(p2,""); + p2 = skip_string(p2,1); + + SIVALS(p,74,-1); /* max storage */ + SSVAL(p,78,168); /* units per week */ + SIVAL(p,80,PTR_DIFF(p2,p)); /* logon hours */ + memset(p2,-1,21); + SCVAL(p2,21,0); /* fix zero termination */ + p2 = skip_string(p2,1); + + SSVAL(p,84,0); /* code page */ + } + if (uLevel == 1 || uLevel == 2) { + memset(p+22,' ',16); /* password */ + SIVALS(p,38,-1); /* password age */ + SSVAL(p,42,USER_PRIV_ADMIN); /* user privilege */ + SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ + strcpy(p2,"\\\\%L\\HOMES"); + standard_sub_basic(p2); + p2 = skip_string(p2,1); + SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ + *p2++ = 0; + SSVAL(p,52,0); /* flags */ + SIVAL(p,54,0); /* script_path */ + if (uLevel == 2) { + SIVAL(p,60,0); /* auth_flags */ + SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,68,0); /* urs_comment */ + SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,76,0); /* workstations */ + SIVAL(p,80,0); /* last_logon */ + SIVAL(p,84,0); /* last_logoff */ + SIVALS(p,88,-1); /* acct_expires */ + SIVALS(p,92,-1); /* max_storage */ + SSVAL(p,96,168); /* units_per_week */ + SIVAL(p,98,PTR_DIFF(p2,*rdata)); /* logon_hours */ + memset(p2,-1,21); + p2 += 21; + SSVALS(p,102,-1); /* bad_pw_count */ + SSVALS(p,104,-1); /* num_logons */ + SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ + strcpy(p2,"\\\\%L"); + standard_sub_basic(p2); + p2 = skip_string(p2,1); + SSVAL(p,110,49); /* country_code */ + SSVAL(p,112,860); /* code page */ + } + } + } + + *rdata_len = PTR_DIFF(p2,*rdata); + + SSVAL(*rparam,4,*rdata_len); /* is this right?? */ + + return(True); +} + + +/******************************************************************* + get groups that a user is a member of + ******************************************************************/ +static BOOL api_NetUserGetGroups(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *UserName = skip_string(str2,1); + char *p = skip_string(UserName,1); + int uLevel = SVAL(p,0); + char *p2; + int count=0; + + *rparam_len = 8; + *rparam = REALLOC(*rparam,*rparam_len); + + /* check it's a supported varient */ + if (strcmp(str1,"zWrLeh") != 0) return False; + switch( uLevel ) { + case 0: p2 = "B21"; break; + default: return False; + } + if (strcmp(p2,str2) != 0) return False; + + *rdata_len = mdrcnt + 1024; + *rdata = REALLOC(*rdata,*rdata_len); + + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + + p = *rdata; + + /* XXXX we need a real SAM database some day */ + strcpy(p,"Users"); p += 21; count++; + strcpy(p,"Domain Users"); p += 21; count++; + strcpy(p,"Guests"); p += 21; count++; + strcpy(p,"Domain Guests"); p += 21; count++; + + *rdata_len = PTR_DIFF(p,*rdata); + + SSVAL(*rparam,4,count); /* is this right?? */ + SSVAL(*rparam,6,count); /* is this right?? */ + + return(True); +} + + +static BOOL api_WWkstaUserLogon(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel; + struct pack_desc desc; + char* name; + + uLevel = SVAL(p,0); + name = p + 2; + + bzero(&desc,sizeof(desc)); + + DEBUG(3,("WWkstaUserLogon uLevel=%d name=%s\n",uLevel,name)); + + /* check it's a supported varient */ + if (strcmp(str1,"OOWb54WrLh") != 0) return False; + if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False; + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + desc.subformat = NULL; + desc.format = str2; + + + + if (init_package(&desc,1,0)) { + PACKI(&desc,"W",0); /* code */ + PACKS(&desc,"B21",name); /* eff. name */ + PACKS(&desc,"B",""); /* pad */ + PACKI(&desc,"W", + Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + PACKI(&desc,"D",0); /* auth flags XXX */ + PACKI(&desc,"W",0); /* num logons */ + PACKI(&desc,"W",0); /* bad pw count */ + PACKI(&desc,"D",-1); /* last logon */ + PACKI(&desc,"D",-1); /* last logoff */ + PACKI(&desc,"D",-1); /* logoff time */ + PACKI(&desc,"D",-1); /* kickoff time */ + PACKI(&desc,"D",0); /* password age */ + PACKI(&desc,"D",0); /* password can change */ + PACKI(&desc,"D",-1); /* password must change */ + { + fstring mypath; + strcpy(mypath,"\\\\"); + strcat(mypath,local_machine); + strupper(mypath); + PACKS(&desc,"z",mypath); /* computer */ + } + PACKS(&desc,"z",my_workgroup());/* domain */ + PACKS(&desc,"z",lp_logon_script()); /* script path */ + PACKI(&desc,"D",0); /* reserved */ + } + + *rdata_len = desc.usedlen; + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,desc.neededlen); + + DEBUG(4,("WWkstaUserLogon: errorcode %d\n",desc.errcode)); + return(True); +} + + +/**************************************************************************** + api_WAccessGetUserPerms + ****************************************************************************/ +static BOOL api_WAccessGetUserPerms(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *user = skip_string(str2,1); + char *resource = skip_string(user,1); + + DEBUG(3,("WAccessGetUserPerms user=%s resource=%s\n",user,resource)); + + /* check it's a supported varient */ + if (strcmp(str1,"zzh") != 0) return False; + if (strcmp(str2,"") != 0) return False; + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,0); /* errorcode */ + SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,4,0x7f); /* permission flags */ + + return(True); +} + +/**************************************************************************** + api_WPrintJobEnumerate + ****************************************************************************/ +static BOOL api_WPrintJobGetInfo(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uJobId = SVAL(p,0); + int uLevel,cbBuf; + int count; + int i; + int snum; + int job; + struct pack_desc desc; + print_queue_struct *queue=NULL; + print_status_struct status; + + uLevel = SVAL(p,2); + cbBuf = SVAL(p,4); + + bzero(&desc,sizeof(desc)); + bzero(&status,sizeof(status)); + + DEBUG(3,("WPrintJobGetInfo uLevel=%d uJobId=0x%X\n",uLevel,uJobId)); + + /* check it's a supported varient */ + if (strcmp(str1,"WWrLh") != 0) return False; + if (!check_printjob_info(&desc,uLevel,str2)) return False; + + snum = (unsigned int)uJobId >> 8; /*## valid serice number??*/ + job = uJobId & 0xFF; + + if (snum < 0 || !VALID_SNUM(snum)) return(False); + + count = get_printqueue(snum,cnum,&queue,&status); + for (i = 0; i < count; i++) { + if ((queue[i].job % 0xFF) == job) break; + } + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + + if (init_package(&desc,1,0)) { + if (i < count) { + fill_printjob_info(cnum,snum,uLevel,&desc,&queue[i],i); + *rdata_len = desc.usedlen; + } + else { + desc.errcode = NERR_JobNotFound; + *rdata_len = 0; + } + } + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,desc.neededlen); + + if (queue) free(queue); + + DEBUG(4,("WPrintJobGetInfo: errorcode %d\n",desc.errcode)); + return(True); +} + +static BOOL api_WPrintJobEnumerate(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + char* name = p; + int uLevel,cbBuf; + int count; + int i, succnt=0; + int snum; + struct pack_desc desc; + print_queue_struct *queue=NULL; + print_status_struct status; + + bzero(&desc,sizeof(desc)); + bzero(&status,sizeof(status)); + + p = skip_string(p,1); + uLevel = SVAL(p,0); + cbBuf = SVAL(p,2); + + DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name)); + + /* check it's a supported varient */ + if (strcmp(str1,"zWrLeh") != 0) return False; + if (uLevel > 2) return False; /* defined only for uLevel 0,1,2 */ + if (!check_printjob_info(&desc,uLevel,str2)) return False; + + snum = lp_servicenumber(name); + if (snum < 0 && pcap_printername_ok(name,NULL)) { + int pnum = lp_servicenumber(PRINTERS_NAME); + if (pnum >= 0) { + lp_add_printer(name,pnum); + snum = lp_servicenumber(name); + } + } + + if (snum < 0 || !VALID_SNUM(snum)) return(False); + + count = get_printqueue(snum,cnum,&queue,&status); + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + + if (init_package(&desc,count,0)) { + succnt = 0; + for (i = 0; i < count; i++) { + fill_printjob_info(cnum,snum,uLevel,&desc,&queue[i],i); + if (desc.errcode == NERR_Success) succnt = i+1; + } + } + + *rdata_len = desc.usedlen; + + *rparam_len = 8; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,succnt); + SSVAL(*rparam,6,count); + + if (queue) free(queue); + + DEBUG(4,("WPrintJobEnumerate: errorcode %d\n",desc.errcode)); + return(True); +} + +static int check_printdest_info(struct pack_desc* desc, + int uLevel, char* id) +{ + desc->subformat = NULL; + switch( uLevel ) { + case 0: desc->format = "B9"; break; + case 1: desc->format = "B9B21WWzW"; break; + case 2: desc->format = "z"; break; + case 3: desc->format = "zzzWWzzzWW"; break; + default: return False; + } + if (strcmp(desc->format,id) != 0) return False; + return True; +} + +static void fill_printdest_info(int cnum, int snum, int uLevel, + struct pack_desc* desc) +{ + char buf[100]; + strcpy(buf,SERVICE(snum)); + strupper(buf); + if (uLevel <= 1) { + PACKS(desc,"B9",buf); /* szName */ + if (uLevel == 1) { + PACKS(desc,"B21",""); /* szUserName */ + PACKI(desc,"W",0); /* uJobId */ + PACKI(desc,"W",0); /* fsStatus */ + PACKS(desc,"z",""); /* pszStatus */ + PACKI(desc,"W",0); /* time */ + } + } + if (uLevel == 2 || uLevel == 3) { + PACKS(desc,"z",buf); /* pszPrinterName */ + if (uLevel == 3) { + PACKS(desc,"z",""); /* pszUserName */ + PACKS(desc,"z",""); /* pszLogAddr */ + PACKI(desc,"W",0); /* uJobId */ + PACKI(desc,"W",0); /* fsStatus */ + PACKS(desc,"z",""); /* pszStatus */ + PACKS(desc,"z",""); /* pszComment */ + PACKS(desc,"z","NULL"); /* pszDrivers */ + PACKI(desc,"W",0); /* time */ + PACKI(desc,"W",0); /* pad1 */ + } + } +} + +static BOOL api_WPrintDestGetInfo(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + char* PrinterName = p; + int uLevel,cbBuf; + struct pack_desc desc; + int snum; + + bzero(&desc,sizeof(desc)); + + p = skip_string(p,1); + uLevel = SVAL(p,0); + cbBuf = SVAL(p,2); + + DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName)); + + /* check it's a supported varient */ + if (strcmp(str1,"zWrLh") != 0) return False; + if (!check_printdest_info(&desc,uLevel,str2)) return False; + + snum = lp_servicenumber(PrinterName); + if (snum < 0 && pcap_printername_ok(PrinterName,NULL)) { + int pnum = lp_servicenumber(PRINTERS_NAME); + if (pnum >= 0) { + lp_add_printer(PrinterName,pnum); + snum = lp_servicenumber(PrinterName); + } + } + + if (snum < 0) { + *rdata_len = 0; + desc.errcode = NERR_DestNotFound; + desc.neededlen = 0; + } + else { + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + if (init_package(&desc,1,0)) { + fill_printdest_info(cnum,snum,uLevel,&desc); + } + *rdata_len = desc.usedlen; + } + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,desc.neededlen); + + DEBUG(4,("WPrintDestGetInfo: errorcode %d\n",desc.errcode)); + return(True); +} + +static BOOL api_WPrintDestEnum(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel,cbBuf; + int queuecnt; + int i, n, succnt=0; + struct pack_desc desc; + int services = lp_numservices(); + + bzero(&desc,sizeof(desc)); + + uLevel = SVAL(p,0); + cbBuf = SVAL(p,2); + + DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel)); + + /* check it's a supported varient */ + if (strcmp(str1,"WrLeh") != 0) return False; + if (!check_printdest_info(&desc,uLevel,str2)) return False; + + queuecnt = 0; + for (i = 0; i < services; i++) + if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) + queuecnt++; + + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + if (init_package(&desc,queuecnt,0)) { + succnt = 0; + n = 0; + for (i = 0; i < services; i++) { + if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { + fill_printdest_info(cnum,i,uLevel,&desc); + n++; + if (desc.errcode == NERR_Success) succnt = n; + } + } + } + + *rdata_len = desc.usedlen; + + *rparam_len = 8; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,succnt); + SSVAL(*rparam,6,queuecnt); + + DEBUG(4,("WPrintDestEnumerate: errorcode %d\n",desc.errcode)); + return(True); +} + +static BOOL api_WPrintDriverEnum(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel,cbBuf; + int succnt; + struct pack_desc desc; + + bzero(&desc,sizeof(desc)); + + uLevel = SVAL(p,0); + cbBuf = SVAL(p,2); + + DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel)); + + /* check it's a supported varient */ + if (strcmp(str1,"WrLeh") != 0) return False; + if (uLevel != 0 || strcmp(str2,"B41") != 0) return False; + + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + if (init_package(&desc,1,0)) { + PACKS(&desc,"B41","NULL"); + } + + succnt = (desc.errcode == NERR_Success ? 1 : 0); + + *rdata_len = desc.usedlen; + + *rparam_len = 8; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,succnt); + SSVAL(*rparam,6,1); + + DEBUG(4,("WPrintDriverEnum: errorcode %d\n",desc.errcode)); + return(True); +} + +static BOOL api_WPrintQProcEnum(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel,cbBuf; + int succnt; + struct pack_desc desc; + + bzero(&desc,sizeof(desc)); + + uLevel = SVAL(p,0); + cbBuf = SVAL(p,2); + + DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel)); + + /* check it's a supported varient */ + if (strcmp(str1,"WrLeh") != 0) return False; + if (uLevel != 0 || strcmp(str2,"B13") != 0) return False; + + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + desc.base = *rdata; + desc.buflen = mdrcnt; + desc.format = str2; + if (init_package(&desc,1,0)) { + PACKS(&desc,"B13","lpd"); + } + + succnt = (desc.errcode == NERR_Success ? 1 : 0); + + *rdata_len = desc.usedlen; + + *rparam_len = 8; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,succnt); + SSVAL(*rparam,6,1); + + DEBUG(4,("WPrintQProcEnum: errorcode %d\n",desc.errcode)); + return(True); +} + +static BOOL api_WPrintPortEnum(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel,cbBuf; + int succnt; + struct pack_desc desc; + + bzero(&desc,sizeof(desc)); + + uLevel = SVAL(p,0); + cbBuf = SVAL(p,2); + + DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel)); + + /* check it's a supported varient */ + if (strcmp(str1,"WrLeh") != 0) return False; + if (uLevel != 0 || strcmp(str2,"B9") != 0) return False; + + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + bzero(&desc,sizeof(desc)); + desc.base = *rdata; + desc.buflen = mdrcnt; + desc.format = str2; + if (init_package(&desc,1,0)) { + PACKS(&desc,"B13","lp0"); + } + + succnt = (desc.errcode == NERR_Success ? 1 : 0); + + *rdata_len = desc.usedlen; + + *rparam_len = 8; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,succnt); + SSVAL(*rparam,6,1); + + DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode)); + return(True); +} + +/**************************************************************************** + the buffer was too small + ****************************************************************************/ +static BOOL api_TooSmall(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + *rparam_len = MIN(*rparam_len,mprcnt); + *rparam = REALLOC(*rparam,*rparam_len); + + *rdata_len = 0; + + SSVAL(*rparam,0,NERR_BufTooSmall); + + DEBUG(3,("Supplied buffer too small in API command\n")); + + return(True); +} + + +/**************************************************************************** + the request is not supported + ****************************************************************************/ +static BOOL api_Unsupported(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); + + *rdata_len = 0; + + SSVAL(*rparam,0,NERR_notsupported); + SSVAL(*rparam,2,0); /* converter word */ + + DEBUG(3,("Unsupported API command\n")); + + return(True); +} + + + + +struct +{ + char *name; + int id; + BOOL (*fn)(); + int flags; +} api_commands[] = { + {"RNetShareEnum", 0, api_RNetShareEnum,0}, + {"RNetShareGetInfo", 1, api_RNetShareGetInfo,0}, + {"RNetServerGetInfo", 13, api_RNetServerGetInfo,0}, + {"RNetUserGetInfo", 56, api_RNetUserGetInfo,0}, + {"NetUserGetGroups", 59, api_NetUserGetGroups,0}, + {"NetWkstaGetInfo", 63, api_NetWkstaGetInfo,0}, + {"DosPrintQEnum", 69, api_DosPrintQEnum,0}, + {"DosPrintQGetInfo", 70, api_DosPrintQGetInfo,0}, + {"WPrintJobEnumerate",76, api_WPrintJobEnumerate,0}, + {"WPrintJobGetInfo", 77, api_WPrintJobGetInfo,0}, + {"RDosPrintJobDel", 81, api_RDosPrintJobDel,0}, + {"RDosPrintJobPause", 82, api_RDosPrintJobDel,0}, + {"RDosPrintJobResume",83, api_RDosPrintJobDel,0}, + {"WPrintDestEnum", 84, api_WPrintDestEnum,0}, + {"WPrintDestGetInfo", 85, api_WPrintDestGetInfo,0}, + {"NetRemoteTOD", 91, api_NetRemoteTOD,0}, + {"WPrintQueuePurge", 103, api_WPrintQueuePurge,0}, + {"NetServerEnum", 104, api_RNetServerEnum,0}, + {"WAccessGetUserPerms",105, api_WAccessGetUserPerms,0}, + {"SetUserPassword", 115, api_SetUserPassword,0}, + {"WWkstaUserLogon", 132, api_WWkstaUserLogon,0}, + {"PrintJobInfo", 147, api_PrintJobInfo,0}, + {"WPrintDriverEnum", 205, api_WPrintDriverEnum,0}, + {"WPrintQProcEnum", 206, api_WPrintQProcEnum,0}, + {"WPrintPortEnum", 207, api_WPrintPortEnum,0}, + {NULL, -1, api_Unsupported,0}}; + + +/**************************************************************************** + handle remote api calls + ****************************************************************************/ +static int api_reply(int cnum,int uid,char *outbuf,char *data,char *params, + int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +{ + int api_command = SVAL(params,0); + char *rdata = NULL; + char *rparam = NULL; + int rdata_len = 0; + int rparam_len = 0; + BOOL reply=False; + int i; + + DEBUG(3,("Got API command %d of form <%s> <%s> (tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n", + api_command,params+2,skip_string(params+2,1), + tdscnt,tpscnt,mdrcnt,mprcnt)); + + for (i=0;api_commands[i].name;i++) + if (api_commands[i].id == api_command && api_commands[i].fn) + { + DEBUG(3,("Doing %s\n",api_commands[i].name)); + break; + } + + rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); + rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); + + reply = api_commands[i].fn(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + + + if (rdata_len > mdrcnt || + rparam_len > mprcnt) + { + reply = api_TooSmall(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + } + + + /* if we get False back then it's actually unsupported */ + if (!reply) + api_Unsupported(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + + + + /* now send the reply */ + send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0); + + if (rdata) + free(rdata); + if (rparam) + free(rparam); + + return(-1); +} + +/**************************************************************************** + handle named pipe commands + ****************************************************************************/ +static int named_pipe(int cnum,int uid, char *outbuf,char *name, + uint16 *setup,char *data,char *params, + int suwcnt,int tdscnt,int tpscnt, + int msrcnt,int mdrcnt,int mprcnt) +{ + + if (strequal(name,"LANMAN")) + return(api_reply(cnum,uid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt)); + + DEBUG(3,("named pipe command on <%s> 0x%X setup1=%d\n", + name,(int)setup[0],(int)setup[1])); + + return(0); +} + + +/**************************************************************************** + reply to a SMBtrans + ****************************************************************************/ +int reply_trans(char *inbuf,char *outbuf) +{ + fstring name; + + char *data=NULL,*params=NULL; + uint16 *setup=NULL; + + int outsize = 0; + int cnum = SVAL(inbuf,smb_tid); + int uid = SVAL(inbuf,smb_uid); + + int tpscnt = SVAL(inbuf,smb_vwv0); + int tdscnt = SVAL(inbuf,smb_vwv1); + int mprcnt = SVAL(inbuf,smb_vwv2); + int mdrcnt = SVAL(inbuf,smb_vwv3); + int msrcnt = CVAL(inbuf,smb_vwv4); + BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0); + BOOL one_way = BITSETW(inbuf+smb_vwv5,1); + int pscnt = SVAL(inbuf,smb_vwv9); + int psoff = SVAL(inbuf,smb_vwv10); + int dscnt = SVAL(inbuf,smb_vwv11); + int dsoff = SVAL(inbuf,smb_vwv12); + int suwcnt = CVAL(inbuf,smb_vwv13); + + StrnCpy(name,smb_buf(inbuf),sizeof(name)-1); + + if (tdscnt) + { + data = (char *)malloc(tdscnt); + memcpy(data,smb_base(inbuf)+dsoff,dscnt); + } + if (tpscnt) + { + params = (char *)malloc(tpscnt); + memcpy(params,smb_base(inbuf)+psoff,pscnt); + } + + if (suwcnt) + { + int i; + setup = (uint16 *)malloc(suwcnt*sizeof(setup[0])); + for (i=0;i data=%d params=%d setup=%d\n",name,tdscnt,tpscnt,suwcnt)); + + + if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0) + outsize = named_pipe(cnum,uid,outbuf,name+strlen("\\PIPE\\"),setup,data,params, + suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); + + + if (data) free(data); + if (params) free(params); + if (setup) free(setup); + + if (close_on_completion) + close_cnum(cnum,uid); + + if (one_way) + return(-1); + + if (outsize == 0) + return(ERROR(ERRSRV,ERRnosupport)); + + return(outsize); +} + + -- cgit From 6bbd0d7b69ea9e27b1020833227aca196e14a75d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 4 May 1996 10:43:29 +0000 Subject: use the new issafe() macro instead of isalnum() and strchr() (This used to be commit 79c65e66f8034d21b6c90fcdbd76601657f3c447) --- source3/smbd/ipc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8852e57e8b..34210f2db7 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1551,8 +1551,7 @@ static BOOL api_PrintJobInfo(int cnum,int uid,char *param,char *data, int l = 0; while (l<64 && *s) { - if (isalnum(*s) || strchr("-._",*s)) - name[l++] = *s; + if (issafe(*s)) name[l++] = *s; s++; } name[l] = 0; -- cgit From 58734631b4233ec08b7a262587e400792f31f185 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 31 May 1996 15:13:29 +0000 Subject: Lots of changes! - add faq info on NT printer handling - add "delete readonly" option to help rcs users - add stuff to man pages on new printer options - add "proxy name resolution" option - add "command string" -c option to smbclient (thanks Ken) - split time functions into time.c - rearrange the quotas stuff a bit and fix some bugs - complete rehash of the time handling code thanks to Paul Eggert - fix nmblookup output a bit - add plp print queue parsing from Bertrand Wallrich (This used to be commit 635b56f19c817527c52e9bbde31faa6a8a47777b) --- source3/smbd/ipc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 34210f2db7..3b2c55dc46 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -467,7 +467,7 @@ static void fill_printjob_info(int cnum, int snum, int uLevel, time_t t = queue->time; /* the client expects localtime */ - t += GMT_TO_LOCAL*TimeDiff(t); + t -= TimeDiff(t); PACKI(desc,"W",((snum%0xFF)<<8) | (queue->job%0xFF)); /* uJobId */ if (uLevel == 1) { @@ -479,7 +479,7 @@ static void fill_printjob_info(int cnum, int snum, int uLevel, PACKI(desc,"W",n+1); /* uPosition */ PACKI(desc,"W",queue->status); /* fsStatus */ PACKS(desc,"z",""); /* pszStatus */ - PACKI(desc,"D",queue->time); /* ulSubmitted */ + PACKI(desc,"D",t); /* ulSubmitted */ PACKI(desc,"D",queue->size); /* ulSize */ PACKS(desc,"z",queue->file); /* pszComment */ } @@ -488,7 +488,7 @@ static void fill_printjob_info(int cnum, int snum, int uLevel, PACKS(desc,"z",queue->user); /* pszUserName */ PACKI(desc,"W",n+1); /* uPosition */ PACKI(desc,"W",queue->status); /* fsStatus */ - PACKI(desc,"D",queue->time); /* ulSubmitted */ + PACKI(desc,"D",t); /* ulSubmitted */ PACKI(desc,"D",queue->size); /* ulSize */ PACKS(desc,"z","Samba"); /* pszComment */ PACKS(desc,"z",queue->file); /* pszDocument */ @@ -1289,7 +1289,7 @@ static BOOL api_NetRemoteTOD(int cnum,int uid, char *param,char *data, /* the client expects to get localtime, not GMT, in this bit (I think, this needs testing) */ - t = LocalTime(&unixdate,GMT_TO_LOCAL); + t = LocalTime(&unixdate); SIVAL(p,4,0); /* msecs ? */ CVAL(p,8) = t->tm_hour; -- cgit From 81e398963dbaed9c6661c336fe98329098576b94 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 1 Jun 1996 15:25:30 +0000 Subject: - moved the uid handling to uid.c - added setfsuid() support (for Linux) - started adding some of Lukes changes, just the loadparm and ipc ones so far (This used to be commit 72543810ce3eb5ea7b141f957edf38b4c46b1ea4) --- source3/smbd/ipc.c | 217 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 135 insertions(+), 82 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3b2c55dc46..25979d72f5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -751,44 +751,64 @@ struct srv_info_struct filter out unwanted server info ******************************************************************/ static BOOL filter_server_info(struct srv_info_struct *server, - char *domain) + BOOL domains, + char *domain, uint32 request) { - if (*domain) - return(strequal(domain, server->domain)); - - return (True); /* be indiscriminate: get all servers! */ -} - -/******************************************************************* - find server in the files saved by nmbd. Return True if we find it. - ******************************************************************/ -static BOOL find_server(struct srv_info_struct *servers, int num_servers, - char *domain, char *name) -{ - int count; - - if (!servers || num_servers == 0) return (False); - - for (count = 0; count < num_servers; count++) { - struct srv_info_struct *s; - - s = &servers[count]; - - if (strequal(name, s->name)) { - StrnCpy(domain, s->domain, sizeof(pstring)-1); - return (True); + if (*domain == 0) + { + if (strequal(lp_workgroup(), server->domain)) { + return True; + } + else if (domains) + { + DEBUG(4,("primary domain:reject %8x %s %s\n",request,server->name,server->domain)); + return False; + } + else if ((request & SV_TYPE_DOMAIN_ENUM) && + (server->type & SV_TYPE_DOMAIN_ENUM)) + { + DEBUG(4,("rej:DOM %8x: %s %s\n",server->type,server->name,server->domain)); + return False; + } + + return True; + } + else + { + if (strequal(domain, server->domain)) + { + /* + if (request == SV_TYPE_LOCAL_LIST_ONLY && + !(server->type & SV_TYPE_LOCAL_LIST_ONLY)) + { + DEBUG(4,("rej:LOC %8x: ok %s %s\n",request,server->name,server->domain)); + return False; + } + */ + if ((request == (SV_TYPE_LOCAL_LIST_ONLY|SV_TYPE_DOMAIN_ENUM)) && + !(server->type&SV_TYPE_DOMAIN_ENUM)) + { + DEBUG(4,("rej:LOCDOM %8x: ok %s %s\n",request,server->name,server->domain)); + return False; + } + + return True; + } + else if (!domains) + { + DEBUG(4,("domain:%s %s %s\n",domain,server->name,server->domain)); + return False; + } + return True; } - } - return (False); } - /******************************************************************* get server info lists from the files saved by nmbd. Return the number of entries ******************************************************************/ static int get_server_info(uint32 servertype, - struct srv_info_struct **servers) + struct srv_info_struct **servers, BOOL domains, char *domain) { FILE *f; pstring fname; @@ -807,18 +827,23 @@ static int get_server_info(uint32 servertype, DEBUG(4,("Can't open %s - %s\n",fname,strerror(errno))); return(0); } + + /* request for everything is code for request all servers */ if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; + DEBUG(4, ("Servertype search: %8x domains:%s\n", servertype,BOOLSTR(domains))); + while (!feof(f)) { fstring stype; struct srv_info_struct *s; char *ptr = line; + BOOL ok = True; *ptr = 0; fgets(line,sizeof(line)-1,f); if (!*line) continue; - + if (count == alloced) { alloced += 10; (*servers) = (struct srv_info_struct *) @@ -827,32 +852,52 @@ static int get_server_info(uint32 servertype, bzero((char *)((*servers)+count),sizeof(**servers)*(alloced-count)); } s = &(*servers)[count]; - - s->server_added = True; - + if (!next_token(&ptr,s->name , NULL)) continue; if (!next_token(&ptr,stype , NULL)) continue; if (!next_token(&ptr,s->comment, NULL)) continue; if (!next_token(&ptr,s->domain , NULL)) { - /* this allows us to cop with an old nmbd */ + /* this allows us to cope with an old nmbd */ strcpy(s->domain,my_workgroup()); } - - if (sscanf(stype,"%X",&s->type) != 1) continue; - + + if (sscanf(stype,"%X",&s->type) != 1) { DEBUG(4,("r:host file ")); ok = False; } + /* doesn't match up: don't want it */ - if (!(servertype & s->type)) continue; - - /* server entry is a domain, we haven't asked for domains: don't want it */ - if ((s->type&SV_TYPE_DOMAIN_ENUM) && !(servertype&SV_TYPE_DOMAIN_ENUM)) - continue; - - DEBUG(4,("Server %20s %8x %25s %15s\n", - s->name, stype, s->comment, s->domain)); - - count++; + if (!(servertype & s->type)) { DEBUG(4,("r:serv type ")); ok = False; } + + if ((servertype == ~SV_TYPE_DOMAIN_ENUM) && + (s->type & SV_TYPE_DOMAIN_ENUM)) + { + DEBUG(4,("s:all x dom ")); + ok = False; + } + + if (domains && !(domain && *domain && strequal(domain, s->domain))) + { + if (!(s->type & SV_TYPE_DOMAIN_ENUM)) + { + DEBUG(4,("r:dom enum ")); + ok = False; + } + } + + if (ok) + { + DEBUG(4,("**SV** %20s %8x %25s %15s\n", + s->name, s->type, s->comment, s->domain)); + + s->type |= SV_TYPE_LOCAL_LIST_ONLY; + s->server_added = True; + count++; + } + else + { + DEBUG(4,("%20s %8x %25s %15s\n", + s->name, s->type, s->comment, s->domain)); + } } - + fclose(f); return(count); } @@ -957,8 +1002,14 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, int counted=0,total=0; int i; fstring domain; - BOOL domain_request = (servertype & SV_TYPE_DOMAIN_ENUM) && - !(servertype == SV_TYPE_ALL); + BOOL domains; + BOOL domain_request; + BOOL local_request = servertype & SV_TYPE_LOCAL_LIST_ONLY; + + /*if (servertype == SV_TYPE_ALL) servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY);*/ + if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; + + domain_request = servertype & SV_TYPE_DOMAIN_ENUM; domain[0] = 0; p += 8; @@ -966,49 +1017,46 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, if (!prefix_ok(str1,"WrLehD")) return False; if (!check_server_info(uLevel,str2)) return False; - DEBUG(4, ("server request level: %s\n", str2)); + DEBUG(4, ("server request level: %s %8x ", str2, servertype)); + DEBUG(4, ("domains_req:%s ", BOOLSTR(domain_request))); + DEBUG(4, ("local_only:%s\n", BOOLSTR(local_request))); if (strcmp(str1, "WrLehDO") == 0) { - /* asking for servers. we will have to work out which workgroup was - requested, as we maintain lists for multiple workgroups */ + domains = False; } else if (strcmp(str1, "WrLehDz") == 0) { - /* asking for a specific workgroup */ + domains = True; StrnCpy(domain, p, sizeof(fstring)-1); } if (lp_browse_list()) { - total = get_server_info(servertype,&servers); - } - - if (!domain[0] && !domain_request) { - extern fstring remote_machine; - /* must be a server request with an assumed domain. find a domain */ - - if (find_server(servers, total, domain, remote_machine)) { - DEBUG(4, ("No domain specified: using %s for %s\n", - domain, remote_machine)); - } else { - /* default to soemthing sensible */ - strcpy(domain,my_workgroup()); - } + total = get_server_info(servertype,&servers,domains,domain); } data_len = fixed_len = string_len = 0; - for (i=0;iname, s->type, s->comment, s->domain)); + + if (data_len <= buf_len) + { + counted++; + fixed_len += f_len; + string_len += s_len; + } + } } + } *rdata_len = fixed_len + string_len; *rdata = REALLOC(*rdata,*rdata_len); @@ -1021,10 +1069,15 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, { int count2 = counted; - for (i = 0; i < total && count2;i++) { - if (filter_server_info(&servers[i],domain)) { - fill_srv_info(&servers[i],uLevel,&p,&f_len,&p2,&s_len,*rdata); - count2--; + for (i = 0; i < total && count2;i++) + { + struct srv_info_struct *s = &servers[i]; + if (filter_server_info(s,domains,domain,local_request|domain_request)) + { + fill_srv_info(s,uLevel,&p,&f_len,&p2,&s_len,*rdata); + DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", + s->name, s->type, s->comment, s->domain)); + count2--; } } } @@ -1657,7 +1710,7 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, strcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,False,NULL))>0) { for (i=0;i Date: Thu, 6 Jun 1996 11:43:09 +0000 Subject: - added interface.c and removed all the references to myip, bcast_ip and Netmask, instead replacing them with calls to routines in interface.c - got rid of old MAXINT define - added code to ensure we only return one entry for each name in the ipc enum routines - added new_only option to add_netbios_entry() to prevent overwriting of important names - minor time handling fixup (This used to be commit 7ed71b73ae745da099072eee36fc2700d1d91407) --- source3/smbd/ipc.c | 63 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 20 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 25979d72f5..916b0fb88e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -808,7 +808,8 @@ static BOOL filter_server_info(struct srv_info_struct *server, number of entries ******************************************************************/ static int get_server_info(uint32 servertype, - struct srv_info_struct **servers, BOOL domains, char *domain) + struct srv_info_struct **servers, BOOL domains, + char *domain) { FILE *f; pstring fname; @@ -831,7 +832,7 @@ static int get_server_info(uint32 servertype, /* request for everything is code for request all servers */ if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; - DEBUG(4, ("Servertype search: %8x domains:%s\n", servertype,BOOLSTR(domains))); + DEBUG(4,("Servertype search: %8x domains:%s\n",servertype,BOOLSTR(domains))); while (!feof(f)) { @@ -861,10 +862,16 @@ static int get_server_info(uint32 servertype, strcpy(s->domain,my_workgroup()); } - if (sscanf(stype,"%X",&s->type) != 1) { DEBUG(4,("r:host file ")); ok = False; } + if (sscanf(stype,"%X",&s->type) != 1) { + DEBUG(4,("r:host file ")); + ok = False; + } /* doesn't match up: don't want it */ - if (!(servertype & s->type)) { DEBUG(4,("r:serv type ")); ok = False; } + if (!(servertype & s->type)) { + DEBUG(4,("r:serv type ")); + ok = False; + } if ((servertype == ~SV_TYPE_DOMAIN_ENUM) && (s->type & SV_TYPE_DOMAIN_ENUM)) @@ -902,6 +909,7 @@ static int get_server_info(uint32 servertype, return(count); } + /******************************************************************* fill in a server info structure ******************************************************************/ @@ -981,6 +989,11 @@ static int fill_srv_info(struct srv_info_struct *service, } +static BOOL srv_comp(struct srv_info_struct *s1,struct srv_info_struct *s2) +{ + return(strcmp(s1->name,s2->name)); +} + /**************************************************************************** view list of servers available (or possibly domains). The info is extracted from lists saved by nmbd on the local host @@ -1038,23 +1051,30 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, data_len = fixed_len = string_len = 0; + qsort(servers,total,sizeof(servers[0]),QSORT_CAST srv_comp); + { + char *lastname=NULL; + for (i=0;iname, s->type, s->comment, s->domain)); - - if (data_len <= buf_len) + if (filter_server_info(s,domains,domain, + local_request|domain_request)) + { + if (lastname && strequal(lastname,s->name)) continue; + lastname = s->name; + data_len += fill_srv_info(s,uLevel,0,&f_len,0,&s_len,0); + DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", + s->name, s->type, s->comment, s->domain)); + + if (data_len <= buf_len) { counted++; fixed_len += f_len; string_len += s_len; } - } + } } } @@ -1068,18 +1088,21 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, s_len = string_len; { + char *lastname=NULL; int count2 = counted; for (i = 0; i < total && count2;i++) - { - struct srv_info_struct *s = &servers[i]; - if (filter_server_info(s,domains,domain,local_request|domain_request)) { - fill_srv_info(s,uLevel,&p,&f_len,&p2,&s_len,*rdata); - DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", - s->name, s->type, s->comment, s->domain)); - count2--; + struct srv_info_struct *s = &servers[i]; + if (filter_server_info(s,domains,domain,local_request|domain_request)) + { + if (lastname && strequal(lastname,s->name)) continue; + lastname = s->name; + fill_srv_info(s,uLevel,&p,&f_len,&p2,&s_len,*rdata); + DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", + s->name, s->type, s->comment, s->domain)); + count2--; + } } - } } *rparam_len = 8; -- cgit From 7e3b4a1c0df1434eb3d02f93c736ce065f9898d8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 10 Jun 1996 04:38:24 +0000 Subject: got rid of a lot of redundent header files as we now globally generate prototypes automatically using "make proto". This is much less prone to error than the old method of manually adding prototypes (This used to be commit b551dc98f7cc194a5fc2e67a4ebae7fd67a01bbc) --- source3/smbd/ipc.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 916b0fb88e..594e067ddd 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -24,8 +24,6 @@ */ #include "includes.h" -#include "loadparm.h" -#include "pcap.h" #ifdef CHECK_TYPES #undef CHECK_TYPES -- cgit From a521fe8a274c8a043cf77641dd4160fdef803533 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 10 Jun 1996 05:16:19 +0000 Subject: a cleanup of the receive_smb() usage, adding timeouts in some places also added paranoid code in the main process() loop of smbd to detect when smbd is looping uselessly. This should stop the "smbd is chewing lots of cpu" reports (This used to be commit 8e9dce34d50d673cb50531f0c4c7672ce2522cef) --- source3/smbd/ipc.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 594e067ddd..415c939bf3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2790,12 +2790,9 @@ int reply_trans(char *inbuf,char *outbuf) while (pscnt < tpscnt || dscnt < tdscnt) { int pcnt,poff,dcnt,doff,pdisp,ddisp; - - receive_smb(Client,inbuf, 0); - show_msg(inbuf); - - /* Ensure this is still a trans packet (sanity check) */ - if(CVAL(inbuf, smb_com) != SMBtrans) + + if (!receive_smb(Client,inbuf, SMB_SECONDARY_WAIT*1000) || + CVAL(inbuf, smb_com) != SMBtrans) { DEBUG(2,("Invalid secondary trans2 packet\n")); if (params) free(params); @@ -2803,6 +2800,8 @@ int reply_trans(char *inbuf,char *outbuf) if (setup) free(setup); return(ERROR(ERRSRV,ERRerror)); } + + show_msg(inbuf); tpscnt = SVAL(inbuf,smb_vwv0); tdscnt = SVAL(inbuf,smb_vwv1); -- cgit From 601281a43bb84f62485929a974c44b69f5c19884 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Mon, 1 Jul 1996 18:54:02 +0000 Subject: patch to fix NetServerEnum with multiple workgroup lists kindly supplied. it works for him. needs testing. (This used to be commit 546c49080707c0cbaa6bfc928102d52826867592) --- source3/smbd/ipc.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 415c939bf3..c5c87ea07f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -747,32 +747,45 @@ struct srv_info_struct /******************************************************************* filter out unwanted server info + This function returns True if the entry is wanted. ******************************************************************/ static BOOL filter_server_info(struct srv_info_struct *server, BOOL domains, char *domain, uint32 request) { + /* If no domain was specified, */ if (*domain == 0) { + /* If entry's domain matches this server's domain, + accept this entry. */ if (strequal(lp_workgroup(), server->domain)) { return True; } + + /* If specific domain requested, reject this entry. */ else if (domains) { DEBUG(4,("primary domain:reject %8x %s %s\n",request,server->name,server->domain)); return False; } + + /* If the request was for a list of domain enumerators, + we don't care what domain this entry is in as long + as it is a domain enumerator. */ else if ((request & SV_TYPE_DOMAIN_ENUM) && (server->type & SV_TYPE_DOMAIN_ENUM)) { - DEBUG(4,("rej:DOM %8x: %s %s\n",server->type,server->name,server->domain)); - return False; + return True; } - return True; + DEBUG(4,("wrong domain: %8x: %s %s\n",server->type,server->name,server->domain)); + return False; } + + /* If a domain name was specified, */ else { + /* If this entry is in the requested domain, */ if (strequal(domain, server->domain)) { /* @@ -792,11 +805,15 @@ static BOOL filter_server_info(struct srv_info_struct *server, return True; } + + /* If the user didn't pick a domain, + (I don't think this can happen.) */ else if (!domains) { DEBUG(4,("domain:%s %s %s\n",domain,server->name,server->domain)); return False; } + return True; } } @@ -871,6 +888,7 @@ static int get_server_info(uint32 servertype, ok = False; } + /* If all server, reject DOMIAN_ENUM entries? */ if ((servertype == ~SV_TYPE_DOMAIN_ENUM) && (s->type & SV_TYPE_DOMAIN_ENUM)) { @@ -878,6 +896,8 @@ static int get_server_info(uint32 servertype, ok = False; } + /* If a domain is specified, reject all except the + domain enumerators for the specified domain. */ if (domains && !(domain && *domain && strequal(domain, s->domain))) { if (!(s->type & SV_TYPE_DOMAIN_ENUM)) @@ -1035,11 +1055,13 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, if (strcmp(str1, "WrLehDO") == 0) { domains = False; + DEBUG(4, ("all domains\n")); } else if (strcmp(str1, "WrLehDz") == 0) { domains = True; StrnCpy(domain, p, sizeof(fstring)-1); + DEBUG(4, ("domains must match \"%s\"\n", domains)); } if (lp_browse_list()) @@ -1051,6 +1073,7 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, qsort(servers,total,sizeof(servers[0]),QSORT_CAST srv_comp); + /* A dry run */ { char *lastname=NULL; @@ -1085,6 +1108,7 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, f_len = fixed_len; s_len = string_len; + /* the real thing */ { char *lastname=NULL; int count2 = counted; -- cgit From 7812ff08135318e74f5c286fe4773de8d1423969 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Thu, 4 Jul 1996 19:19:26 +0000 Subject: modified become_master() to a state-based system. becoming a master is now performed in stages: wait for each NetBIOS name to be successfully registered before proceeding to the next stage. tied implicit name registration and release (broadcast method) to the same piece of code as explicit method (via WINS server). created special_browser_name() function that checks __MSBROWSE__ name: this name is ignored by WINS servers apparently. fixed likely incompatibility between refresh_my_names() and add_my_names(). (netbios entries were unlikely to be refreshed). NOTE: none of these changes have been tested. at all. lkcl (This used to be commit 7719fb06524a66ce5e3f30f3152ddb1e200c97f3) --- source3/smbd/ipc.c | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c5c87ea07f..415c939bf3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -747,45 +747,32 @@ struct srv_info_struct /******************************************************************* filter out unwanted server info - This function returns True if the entry is wanted. ******************************************************************/ static BOOL filter_server_info(struct srv_info_struct *server, BOOL domains, char *domain, uint32 request) { - /* If no domain was specified, */ if (*domain == 0) { - /* If entry's domain matches this server's domain, - accept this entry. */ if (strequal(lp_workgroup(), server->domain)) { return True; } - - /* If specific domain requested, reject this entry. */ else if (domains) { DEBUG(4,("primary domain:reject %8x %s %s\n",request,server->name,server->domain)); return False; } - - /* If the request was for a list of domain enumerators, - we don't care what domain this entry is in as long - as it is a domain enumerator. */ else if ((request & SV_TYPE_DOMAIN_ENUM) && (server->type & SV_TYPE_DOMAIN_ENUM)) { - return True; + DEBUG(4,("rej:DOM %8x: %s %s\n",server->type,server->name,server->domain)); + return False; } - DEBUG(4,("wrong domain: %8x: %s %s\n",server->type,server->name,server->domain)); - return False; + return True; } - - /* If a domain name was specified, */ else { - /* If this entry is in the requested domain, */ if (strequal(domain, server->domain)) { /* @@ -805,15 +792,11 @@ static BOOL filter_server_info(struct srv_info_struct *server, return True; } - - /* If the user didn't pick a domain, - (I don't think this can happen.) */ else if (!domains) { DEBUG(4,("domain:%s %s %s\n",domain,server->name,server->domain)); return False; } - return True; } } @@ -888,7 +871,6 @@ static int get_server_info(uint32 servertype, ok = False; } - /* If all server, reject DOMIAN_ENUM entries? */ if ((servertype == ~SV_TYPE_DOMAIN_ENUM) && (s->type & SV_TYPE_DOMAIN_ENUM)) { @@ -896,8 +878,6 @@ static int get_server_info(uint32 servertype, ok = False; } - /* If a domain is specified, reject all except the - domain enumerators for the specified domain. */ if (domains && !(domain && *domain && strequal(domain, s->domain))) { if (!(s->type & SV_TYPE_DOMAIN_ENUM)) @@ -1055,13 +1035,11 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, if (strcmp(str1, "WrLehDO") == 0) { domains = False; - DEBUG(4, ("all domains\n")); } else if (strcmp(str1, "WrLehDz") == 0) { domains = True; StrnCpy(domain, p, sizeof(fstring)-1); - DEBUG(4, ("domains must match \"%s\"\n", domains)); } if (lp_browse_list()) @@ -1073,7 +1051,6 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, qsort(servers,total,sizeof(servers[0]),QSORT_CAST srv_comp); - /* A dry run */ { char *lastname=NULL; @@ -1108,7 +1085,6 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, f_len = fixed_len; s_len = string_len; - /* the real thing */ { char *lastname=NULL; int count2 = counted; -- cgit From e5a0619c2839d45b00446c3af3f30599f3f3c5fa Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Wed, 10 Jul 1996 18:48:49 +0000 Subject: updated docs to match code mods from last two or three updates. done some more commenting of code to match docs. sorted some bugs. ipc BOOL domains was uninitialised. lkcl (This used to be commit cb43ce7bc08fa43a6ce49e0937f13afec5dce67b) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 415c939bf3..0f00e3ec21 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1013,7 +1013,7 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, int counted=0,total=0; int i; fstring domain; - BOOL domains; + BOOL domains = False; BOOL domain_request; BOOL local_request = servertype & SV_TYPE_LOCAL_LIST_ONLY; -- cgit From 25b30c08dce8c04b7b98c02ac1de61d7aa76798f Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Wed, 17 Jul 1996 18:33:36 +0000 Subject: lots of changes to nmbd lkcl (This used to be commit 45d3b2644733333c657c48a69719fec72881f7df) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0f00e3ec21..415c939bf3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1013,7 +1013,7 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, int counted=0,total=0; int i; fstring domain; - BOOL domains = False; + BOOL domains; BOOL domain_request; BOOL local_request = servertype & SV_TYPE_LOCAL_LIST_ONLY; -- cgit From 02b98a8965a60a7c3394835ff01074fc88ffbb89 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Fri, 9 Aug 1996 18:05:34 +0000 Subject: applying login updates from jim@oxfordcc.co.uk, sent in by lewis2@server.uwindsor.ca. rest of this patch to follow. bug in interface.c - uninitialised pointer. nmbd has 0x20 as well as 0x0 NetBIOS name when lmhosts entry is added. lkcl (This used to be commit 2b9475cc5fda4b272f19c4f168d3f00363c8042b) --- source3/smbd/ipc.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 415c939bf3..f4f1807922 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -59,6 +59,9 @@ extern fstring local_machine; #define SNLEN 15 /* service name length */ #define QNLEN 12 /* queue name maximum length */ +#define MAJOR_VERSION 2 +#define MINOR_VERSION 0 + extern int Client; static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n) @@ -1406,14 +1409,16 @@ static BOOL api_SetUserPassword(int cnum,int uid, char *param,char *data, *rdata_len = 0; - SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,0,NERR_badpass); SSVAL(*rparam,2,0); /* converter word */ DEBUG(3,("Set password for <%s>\n",user)); - if (!password_ok(user,pass1,strlen(pass1),NULL,False) || - !chgpasswd(user,pass1,pass2)) - SSVAL(*rparam,0,NERR_badpass); + if (password_ok(user,pass1,strlen(pass1),NULL,False) && + chgpasswd(user,pass1,pass2)) + { + SSVAL(*rparam,0,NERR_Success); + } bzero(pass1,sizeof(fstring)); bzero(pass2,sizeof(fstring)); @@ -1740,9 +1745,10 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, } if (servers) free(servers); - SCVAL(p,0,2); /* version_major */ - SCVAL(p,1,0); /* version_minor */ + SCVAL(p,0,MAJOR_VERSION); + SCVAL(p,1,MINOR_VERSION); SIVAL(p,2,servertype); + if (mdrcnt == struct_len) { SIVAL(p,6,0); } else { @@ -1817,8 +1823,8 @@ static BOOL api_NetWkstaGetInfo(int cnum,int uid, char *param,char *data, p2 = skip_string(p2,1); p += 4; - SCVAL(p,0,2); /* major version?? */ - SCVAL(p,1,1); /* minor version?? */ + SCVAL(p,0,MAJOR_VERSION); + SCVAL(p,1,MINOR_VERSION); p += 2; SIVAL(p,0,PTR_DIFF(p2,*rdata)); -- cgit From 396311075cc808278e6dd8469e3ac7eb7e7498c7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 13 Aug 1996 08:57:55 +0000 Subject: - sequent-ptx support from bressler@iftccu.ca.boeing.com (Rick Bressler) - machten support from Trevor Strohman (trev@figment.tenon.com) - added qinfo command to client as part of drag-and-drop printer support for win95 from David Chappell He also added the "printer driver" option - use sigblock() on more systems and use sigsetmask(0) instead of sigunblock() as its more portable. This beats a problem with zombies on heavilily loaded systems. - added internals.doc written by David Chappell into the source tree - get rid of PRINT_COMMAND options from local.h as they are no longer relevent - new kanji code from Fujita - don't set the recursion_available flag on queries in nmbd - fix a potential bug with pointer subtraction in printing.c - got rid of error_count code as the real fix (the EOF problem) is now in (This used to be commit aa6f8b04d125b5bc00f267abf72b800228aabf7d) --- source3/smbd/ipc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f4f1807922..0a54936cd0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -190,12 +190,6 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, } } - - -/**************************************************************************** - get a print queue - ****************************************************************************/ - struct pack_desc { char* format; /* formatstring for structure */ char* subformat; /* subformat for structure */ @@ -419,6 +413,11 @@ static void PACKS(struct pack_desc* desc,char *t,char *v) PACK(desc,t,v); } + +/**************************************************************************** + get a print queue + ****************************************************************************/ + static void PackDriverData(struct pack_desc* desc) { char drivdata[4+4+32]; @@ -546,7 +545,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, PACKI(desc,"W",0); /* uUntiltime */ PACKI(desc,"W",5); /* pad1 */ PACKS(desc,"z",""); /* pszSepFile */ - PACKS(desc,"z","lpd"); /* pszPrProc */ + PACKS(desc,"z","WinPrint"); /* pszPrProc */ PACKS(desc,"z",""); /* pszParms */ if (!status || !status->message[0]) { PACKS(desc,"z",Expand(cnum,snum,lp_comment(snum))); /* pszComment */ @@ -557,7 +556,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, } PACKI(desc,(uLevel == 3 ? "W" : "N"),count); /* cJobs */ PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */ - PACKS(desc,"z","NULL"); /* pszDriverName */ + PACKS(desc,"z",lp_printerdriver(snum)); /* pszDriverName */ PackDriverData(desc); /* pDriverData */ } if (uLevel == 2 || uLevel == 4) { @@ -594,6 +593,7 @@ static BOOL api_DosPrintQGetInfo(int cnum,int uid, char *param,char *data, cbBuf = SVAL(p,2); str3 = p + 4; + /* remove any trailing username */ if ((p = strchr(QueueName,'%'))) *p = 0; DEBUG(3,("PrintQueue uLevel=%d name=%s\n",uLevel,QueueName)); -- cgit From 6475a9157464b132decbae2aee0f001a364c0dbe Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 14 Aug 1996 15:01:09 +0000 Subject: fixed an obvious bug that meant that DosPrintQEnum could never work. Now we'll see if it works after this fix ... (This used to be commit 9735d7e8e2978ce17a001d7d5766faf382ff5788) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0a54936cd0..5b3939e98c 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -663,7 +663,7 @@ static BOOL api_DosPrintQEnum(int cnum, int uid, char* param, char* data, DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel)); - if (prefix_ok(param_format,"WrLeh")) return False; + if (!prefix_ok(param_format,"WrLeh")) return False; if (!check_printq_info(&desc,uLevel,output_format1,output_format2)) return False; queuecnt = 0; -- cgit From 47673b32ed4a907b380b70d5f4f366ba8be301d2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 15 Aug 1996 15:11:34 +0000 Subject: - added FAST_SHARE_MODES code - added some named pipe code from Jim (This used to be commit c94866e9e44ea1eb72da06bc65ef1c032ae8e0c9) --- source3/smbd/ipc.c | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 105 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 5b3939e98c..39b8f3f089 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -59,11 +59,21 @@ extern fstring local_machine; #define SNLEN 15 /* service name length */ #define QNLEN 12 /* queue name maximum length */ -#define MAJOR_VERSION 2 +#define MAJOR_VERSION 4 #define MINOR_VERSION 0 extern int Client; +static BOOL api_Unsupported(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len); +static BOOL api_TooSmall(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len); + + static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n) { pstring buf; @@ -1906,7 +1916,8 @@ static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data, p2 = skip_string(p2,1); } if (uLevel == 11) { /* modelled after NTAS 3.51 reply */ - SSVAL(p,34,USER_PRIV_USER); /* user privilege */ + SSVAL(p,34, + Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,36,0); /* auth flags */ SIVALS(p,40,-1); /* password age */ SIVAL(p,44,PTR_DIFF(p2,p)); /* home dir */ @@ -1941,7 +1952,8 @@ static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data, if (uLevel == 1 || uLevel == 2) { memset(p+22,' ',16); /* password */ SIVALS(p,38,-1); /* password age */ - SSVAL(p,42,USER_PRIV_ADMIN); /* user privilege */ + SSVAL(p,42, + Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ strcpy(p2,"\\\\%L\\HOMES"); standard_sub_basic(p2); @@ -2577,6 +2589,92 @@ static BOOL api_WPrintPortEnum(int cnum,int uid, char *param,char *data, return(True); } + +struct +{ + char * name; + char * pipename; + int subcommand; + BOOL (*fn) (); +} api_fd_commands [] = + { + { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, + { "TransactNmPipe", "lsarpc", 0x26, api_LsarpcTNP }, + { NULL, NULL, -1, api_Unsupported } + }; + +/**************************************************************************** + handle remote api calls delivered to a named pipe already opened. + ****************************************************************************/ +static int api_fd_reply(int cnum,int uid,char *outbuf, + uint16 *setup,char *data,char *params, + int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +{ + char *rdata = NULL; + char *rparam = NULL; + int rdata_len = 0; + int rparam_len = 0; + BOOL reply=False; + int i; + int fd; + int subcommand; + + /* First find out the name of this file. */ + if (suwcnt != 2) + { + DEBUG(0,("Unexpected named pipe transaction.\n")); + return(-1); + } + + /* Get the file handle and hence the file name. */ + fd = setup[1]; + subcommand = setup[0]; + + DEBUG(3,("Got API command %d on pipe %s ",subcommand,Files[fd].name)); + DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n", + tdscnt,tpscnt,mdrcnt,mprcnt)); + + for (i=0;api_fd_commands[i].name;i++) + if (strequal(api_fd_commands[i].pipename, Files[fd].name) && + api_fd_commands[i].subcommand == subcommand && + api_fd_commands[i].fn) + { + DEBUG(3,("Doing %s\n",api_fd_commands[i].name)); + break; + } + + rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); + rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); + + reply = api_fd_commands[i].fn(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + + if (rdata_len > mdrcnt || + rparam_len > mprcnt) + { + reply = api_TooSmall(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + } + + + /* if we get False back then it's actually unsupported */ + if (!reply) + api_Unsupported(cnum,uid,params,data,mdrcnt,mprcnt, + &rdata,&rparam,&rdata_len,&rparam_len); + + /* now send the reply */ + send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0); + + if (rdata) + free(rdata); + if (rparam) + free(rparam); + + return(-1); +} + + + /**************************************************************************** the buffer was too small ****************************************************************************/ @@ -2727,6 +2825,10 @@ static int named_pipe(int cnum,int uid, char *outbuf,char *name, if (strequal(name,"LANMAN")) return(api_reply(cnum,uid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt)); +if (strlen(name) < 1) + return(api_fd_reply(cnum,uid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt)); + + DEBUG(3,("named pipe command on <%s> 0x%X setup1=%d\n", name,(int)setup[0],(int)setup[1])); -- cgit From 28177ca73bdbe3f8fb17a608db3df1a39e0e37a4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 17 Aug 1996 11:37:44 +0000 Subject: - added support for Amiga-unix (based on BSD I think) - changed the order of PROGS and SPROGS in Makefile (SPROGS first) - another 64 bit cleanup (for INADDR_NONE) - added paranoia code in DirCacheAdd() to detect looping - fixed important DirCache flush bug - rewrote the NetServerEnum code after I found it could return servers from multiple workgroups at once, and this could cause browsing havoc. Now a null workgroup query is equivalent to a query for the servers primary workgroup - got rid of my_workgroup() - got rid of "workgroup = *" comment in Makefile. We no longer support a workgroup of *, users must set the workgroup explicitly - the wins.dat file was being stored in a different format to what it was being loaded in - this could cause havoc. fixed. - uppercase our netbios name and the workgroup name at startup - if accept fails in main loop when running as a daemon then continue, don't just exit! - don't use ./ on smbclient in smbtar - better code to detect if a process exists (This used to be commit ec3d53963064b50ff33e8eff47812aac82f164ba) --- source3/smbd/ipc.c | 145 +++++++++++++---------------------------------------- 1 file changed, 34 insertions(+), 111 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 39b8f3f089..78a9807769 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -748,78 +748,22 @@ static BOOL check_server_info(int uLevel, char* id) return True; } -/* used for server information: client, nameserv and ipc */ struct srv_info_struct { fstring name; uint32 type; fstring comment; - fstring domain; /* used ONLY in ipc.c NOT namework.c */ - BOOL server_added; /* used ONLY in ipc.c NOT namework.c */ + fstring domain; + BOOL server_added; }; -/******************************************************************* - filter out unwanted server info - ******************************************************************/ -static BOOL filter_server_info(struct srv_info_struct *server, - BOOL domains, - char *domain, uint32 request) -{ - if (*domain == 0) - { - if (strequal(lp_workgroup(), server->domain)) { - return True; - } - else if (domains) - { - DEBUG(4,("primary domain:reject %8x %s %s\n",request,server->name,server->domain)); - return False; - } - else if ((request & SV_TYPE_DOMAIN_ENUM) && - (server->type & SV_TYPE_DOMAIN_ENUM)) - { - DEBUG(4,("rej:DOM %8x: %s %s\n",server->type,server->name,server->domain)); - return False; - } - - return True; - } - else - { - if (strequal(domain, server->domain)) - { - /* - if (request == SV_TYPE_LOCAL_LIST_ONLY && - !(server->type & SV_TYPE_LOCAL_LIST_ONLY)) - { - DEBUG(4,("rej:LOC %8x: ok %s %s\n",request,server->name,server->domain)); - return False; - } - */ - if ((request == (SV_TYPE_LOCAL_LIST_ONLY|SV_TYPE_DOMAIN_ENUM)) && - !(server->type&SV_TYPE_DOMAIN_ENUM)) - { - DEBUG(4,("rej:LOCDOM %8x: ok %s %s\n",request,server->name,server->domain)); - return False; - } - - return True; - } - else if (!domains) - { - DEBUG(4,("domain:%s %s %s\n",domain,server->name,server->domain)); - return False; - } - return True; - } -} /******************************************************************* get server info lists from the files saved by nmbd. Return the number of entries ******************************************************************/ static int get_server_info(uint32 servertype, - struct srv_info_struct **servers, BOOL domains, + struct srv_info_struct **servers, char *domain) { FILE *f; @@ -843,7 +787,7 @@ static int get_server_info(uint32 servertype, /* request for everything is code for request all servers */ if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; - DEBUG(4,("Servertype search: %8x domains:%s\n",servertype,BOOLSTR(domains))); + DEBUG(4,("Servertype search: %8x\n",servertype)); while (!feof(f)) { @@ -870,7 +814,7 @@ static int get_server_info(uint32 servertype, if (!next_token(&ptr,s->comment, NULL)) continue; if (!next_token(&ptr,s->domain , NULL)) { /* this allows us to cope with an old nmbd */ - strcpy(s->domain,my_workgroup()); + strcpy(s->domain,lp_workgroup()); } if (sscanf(stype,"%X",&s->type) != 1) { @@ -884,20 +828,16 @@ static int get_server_info(uint32 servertype, ok = False; } - if ((servertype == ~SV_TYPE_DOMAIN_ENUM) && + if ((servertype & SV_TYPE_DOMAIN_ENUM) != (s->type & SV_TYPE_DOMAIN_ENUM)) { - DEBUG(4,("s:all x dom ")); + DEBUG(4,("s: dom mismatch ")); ok = False; } - if (domains && !(domain && *domain && strequal(domain, s->domain))) + if (!strequal(domain, s->domain) && !(servertype & SV_TYPE_DOMAIN_ENUM)) { - if (!(s->type & SV_TYPE_DOMAIN_ENUM)) - { - DEBUG(4,("r:dom enum ")); - ok = False; - } + ok = False; } if (ok) @@ -905,7 +845,6 @@ static int get_server_info(uint32 servertype, DEBUG(4,("**SV** %20s %8x %25s %15s\n", s->name, s->type, s->comment, s->domain)); - s->type |= SV_TYPE_LOCAL_LIST_ONLY; s->server_added = True; count++; } @@ -1026,16 +965,13 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, int counted=0,total=0; int i; fstring domain; - BOOL domains; BOOL domain_request; BOOL local_request = servertype & SV_TYPE_LOCAL_LIST_ONLY; - /*if (servertype == SV_TYPE_ALL) servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY);*/ if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; - domain_request = servertype & SV_TYPE_DOMAIN_ENUM; + domain_request = ((servertype & SV_TYPE_DOMAIN_ENUM) != 0); - domain[0] = 0; p += 8; if (!prefix_ok(str1,"WrLehD")) return False; @@ -1045,20 +981,14 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, DEBUG(4, ("domains_req:%s ", BOOLSTR(domain_request))); DEBUG(4, ("local_only:%s\n", BOOLSTR(local_request))); - if (strcmp(str1, "WrLehDO") == 0) - { - domains = False; - } - else if (strcmp(str1, "WrLehDz") == 0) - { - domains = True; + if (strcmp(str1, "WrLehDz") == 0) { StrnCpy(domain, p, sizeof(fstring)-1); + } else { + StrnCpy(domain, lp_workgroup(), sizeof(fstring)-1); } if (lp_browse_list()) - { - total = get_server_info(servertype,&servers,domains,domain); - } + total = get_server_info(servertype,&servers,domain); data_len = fixed_len = string_len = 0; @@ -1070,21 +1000,17 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, for (i=0;iname)) continue; + lastname = s->name; + data_len += fill_srv_info(s,uLevel,0,&f_len,0,&s_len,0); + DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", + s->name, s->type, s->comment, s->domain)); + + if (data_len <= buf_len) { - if (lastname && strequal(lastname,s->name)) continue; - lastname = s->name; - data_len += fill_srv_info(s,uLevel,0,&f_len,0,&s_len,0); - DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", - s->name, s->type, s->comment, s->domain)); - - if (data_len <= buf_len) - { - counted++; - fixed_len += f_len; - string_len += s_len; - } + counted++; + fixed_len += f_len; + string_len += s_len; } } } @@ -1104,15 +1030,12 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, for (i = 0; i < total && count2;i++) { struct srv_info_struct *s = &servers[i]; - if (filter_server_info(s,domains,domain,local_request|domain_request)) - { - if (lastname && strequal(lastname,s->name)) continue; - lastname = s->name; - fill_srv_info(s,uLevel,&p,&f_len,&p2,&s_len,*rdata); - DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", - s->name, s->type, s->comment, s->domain)); - count2--; - } + if (lastname && strequal(lastname,s->name)) continue; + lastname = s->name; + fill_srv_info(s,uLevel,&p,&f_len,&p2,&s_len,*rdata); + DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", + s->name, s->type, s->comment, s->domain)); + count2--; } } @@ -1746,7 +1669,7 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, strcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers,False,NULL))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) { for (i=0;i Date: Tue, 20 Aug 1996 15:45:16 +0000 Subject: - fix a bug in NetServerEnum where counted and total were not counted correctly if there were multiple instances of a name. This led to the infamous "not enough memory" error when browsing (but this isn't the only cause of that message) - fix a triple-chaining bug which affected OpenX following a TconX - fix a serious nmbd bug that meant nmdb would answer packets that it wasn't supposed to, causing havoc with browse lists. - never time out SELF packets. This is an interim fix until I find out why nmbd thought they should be timed out. (This used to be commit 2960c3908c2c3b01a1f2b77def60350018d298e1) --- source3/smbd/ipc.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 78a9807769..9da7c993dd 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -963,7 +963,7 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, int f_len, s_len; struct srv_info_struct *servers=NULL; int counted=0,total=0; - int i; + int i,missed; fstring domain; BOOL domain_request; BOOL local_request = servertype & SV_TYPE_LOCAL_LIST_ONLY; @@ -991,6 +991,7 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, total = get_server_info(servertype,&servers,domain); data_len = fixed_len = string_len = 0; + missed = 0; qsort(servers,total,sizeof(servers[0]),QSORT_CAST srv_comp); @@ -1006,12 +1007,13 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", s->name, s->type, s->comment, s->domain)); - if (data_len <= buf_len) - { + if (data_len <= buf_len) { counted++; fixed_len += f_len; string_len += s_len; - } + } else { + missed++; + } } } @@ -1044,12 +1046,12 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); - SSVAL(*rparam,6,total); + SSVAL(*rparam,6,counted+missed); if (servers) free(servers); DEBUG(3,("NetServerEnum domain = %s uLevel=%d counted=%d total=%d\n", - domain,uLevel,counted,total)); + domain,uLevel,counted,counted+missed)); return(True); } -- cgit From b5a64bb74056fad43afedcb05d29000618170ef4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 21 Aug 1996 06:09:00 +0000 Subject: - new handling of ST_TYPE bits, they are now consolidated much more in DFLT_SERVER_TYPE in nameserv.h - got rid of a lot of spurious domain controller stuff. Samba is not a domain controller yet, but it can be a domain master. We were claiming to be a domain controller in some packets which may have caused problems - don't do preferred master startups on the WINS pseudo-net - don't do election requests on the WINS pseudo-net - fix a nasty bug in become_non_master() which wiped out the bits in remove_type before using them. The result was that samba didn't like losing its master status. - changed the logic in the election packet handling to enable us to become a non-master whenever we receive a winning election frame, even if we aren't expecting it - get another packet from the socket in nmbd when we reject one of our own packets, this stops us from going into the packet reading code too often and makes nmbd much snappier - always remove a name immediately when we try to release it, don't wait for the lack of response from the network, otherwise we will end up replying to name that we don't really own. We still send the dereg packets, we just don't wait for them to time out. (This used to be commit eb84f2f342375439d94481a0ccf47c9593544e32) --- source3/smbd/ipc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9da7c993dd..87df699e29 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1666,8 +1666,7 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, struct srv_info_struct *servers=NULL; int i,count; pstring comment; - uint32 servertype=SV_TYPE_SERVER_UNIX|SV_TYPE_WORKSTATION| - SV_TYPE_SERVER|SV_TYPE_TIME_SOURCE; + uint32 servertype=DFLT_SERVER_TYPE; strcpy(comment,lp_serverstring()); -- cgit From da0761ac0dfd8eab9d889abcf37ace79aae04ebd Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Wed, 21 Aug 1996 08:11:03 +0000 Subject: JHT ==> Upgraded Samba to Windows NT Server version 4.1 Just to keep ahead of the pack. Note: Really only done to differntiate our version ID from existing SMB Servers. (This used to be commit 6636c7b5b8e8a4ccf7f39450011ed864049a7cd1) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 87df699e29..920284fc9f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -60,7 +60,7 @@ extern fstring local_machine; #define QNLEN 12 /* queue name maximum length */ #define MAJOR_VERSION 4 -#define MINOR_VERSION 0 +#define MINOR_VERSION 1 extern int Client; -- cgit From 3d088fd65e3e49949dfd98b464ad6e08f6115099 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 21 Aug 1996 14:15:09 +0000 Subject: - fix a bug handling readraw packets that caused the timeout to be 30 milliseconds instead of 30 seconds as was intended. Thanks to Paul Nelson for finding this bug. (This used to be commit 78f62c83be5df6b66aa0b5e83b2d290f97ce53c2) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 920284fc9f..dd9b9661ae 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2823,7 +2823,7 @@ int reply_trans(char *inbuf,char *outbuf) { int pcnt,poff,dcnt,doff,pdisp,ddisp; - if (!receive_smb(Client,inbuf, SMB_SECONDARY_WAIT*1000) || + if (!receive_smb(Client,inbuf, SMB_SECONDARY_WAIT) || CVAL(inbuf, smb_com) != SMBtrans) { DEBUG(2,("Invalid secondary trans2 packet\n")); -- cgit From 5945be9718b8ea56c8dde99729c0ec0e56080fee Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Fri, 23 Aug 1996 10:17:30 +0000 Subject: - fixed bugs in nmb response packet checking. - added multiple workgroup code - samba can register under different (unique) NetBIOS aliases, one per workgroup it joins. lkcl (This used to be commit f24e341e7e4d8726b98d3a0f83b24f61817fe536) --- source3/smbd/ipc.c | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index dd9b9661ae..916d7e3cc4 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -983,8 +983,26 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, if (strcmp(str1, "WrLehDz") == 0) { StrnCpy(domain, p, sizeof(fstring)-1); - } else { - StrnCpy(domain, lp_workgroup(), sizeof(fstring)-1); + } + else + { + /* a server will connect to us under one of samba's NetBIOS + name aliases, and by not giving us a domain name it + assumes we know which domain it's talking about. + do a look-up for the workgroup name against the name + the host connected to us as. + */ + + char *work_alias; + char host_alias[16]; + + StrnCpy(host_alias, local_machine, 15); + work_alias = conf_alias_to_workgroup(host_alias); /* look-up */ + + DEBUG(4,("host alias: %s work_alias: %s\n", + host_alias, work_alias)); + if (work_alias) + StrnCpy(domain, work_alias, sizeof(fstring)-1); } if (lp_browse_list()) @@ -1668,9 +1686,23 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, pstring comment; uint32 servertype=DFLT_SERVER_TYPE; + char *work_alias; + char host_alias[16]; + char domain[16]; + + StrnCpy(host_alias, local_machine, 15); + work_alias = conf_alias_to_workgroup(host_alias); /* look-up */ + + DEBUG(4,("host alias: %s work_alias: %s\n", + host_alias, work_alias)); + if (work_alias) + StrnCpy(domain, work_alias, sizeof(fstring)-1); + else + *domain = 0; + strcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,domain))>0) { for (i=0;i Date: Sat, 24 Aug 1996 01:41:46 +0000 Subject: removed all of lukes recent changes. I need to do a p2 release but can't test the multi group changes. I also found that some of lukes changes wiped out some recent bug fixes. Is your CVS tree ok luke? (This used to be commit 8b7fe224bce64803d55ae279fa61ef3ebbbb0241) --- source3/smbd/ipc.c | 38 +++----------------------------------- 1 file changed, 3 insertions(+), 35 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 916d7e3cc4..dd9b9661ae 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -983,26 +983,8 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, if (strcmp(str1, "WrLehDz") == 0) { StrnCpy(domain, p, sizeof(fstring)-1); - } - else - { - /* a server will connect to us under one of samba's NetBIOS - name aliases, and by not giving us a domain name it - assumes we know which domain it's talking about. - do a look-up for the workgroup name against the name - the host connected to us as. - */ - - char *work_alias; - char host_alias[16]; - - StrnCpy(host_alias, local_machine, 15); - work_alias = conf_alias_to_workgroup(host_alias); /* look-up */ - - DEBUG(4,("host alias: %s work_alias: %s\n", - host_alias, work_alias)); - if (work_alias) - StrnCpy(domain, work_alias, sizeof(fstring)-1); + } else { + StrnCpy(domain, lp_workgroup(), sizeof(fstring)-1); } if (lp_browse_list()) @@ -1686,23 +1668,9 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, pstring comment; uint32 servertype=DFLT_SERVER_TYPE; - char *work_alias; - char host_alias[16]; - char domain[16]; - - StrnCpy(host_alias, local_machine, 15); - work_alias = conf_alias_to_workgroup(host_alias); /* look-up */ - - DEBUG(4,("host alias: %s work_alias: %s\n", - host_alias, work_alias)); - if (work_alias) - StrnCpy(domain, work_alias, sizeof(fstring)-1); - else - *domain = 0; - strcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers,domain))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) { for (i=0;i Date: Wed, 2 Oct 1996 14:09:22 +0000 Subject: - a huge pile of changes from Luke which implement the browse.conf stuff and also fix a pile of nmbd bugs. Unfortunately I found it very hard to disentangle the new features from the bug fixes so I am putting in the new code. I hope this is the last big pile of changes to the 1.9.16 series! (This used to be commit 20b6203dac4bbb43e4e7bea0b214496d76d679d9) --- source3/smbd/ipc.c | 61 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 49 insertions(+), 12 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index dd9b9661ae..580aa446b6 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -439,7 +439,7 @@ static void PackDriverData(struct pack_desc* desc) } static int check_printq_info(struct pack_desc* desc, - int uLevel, const char* id1, const char* id2) + int uLevel, char *id1, const char* id2) { desc->subformat = NULL; switch( uLevel ) { @@ -812,10 +812,7 @@ static int get_server_info(uint32 servertype, if (!next_token(&ptr,s->name , NULL)) continue; if (!next_token(&ptr,stype , NULL)) continue; if (!next_token(&ptr,s->comment, NULL)) continue; - if (!next_token(&ptr,s->domain , NULL)) { - /* this allows us to cope with an old nmbd */ - strcpy(s->domain,lp_workgroup()); - } + if (!next_token(&ptr,s->domain , NULL)) continue; if (sscanf(stype,"%X",&s->type) != 1) { DEBUG(4,("r:host file ")); @@ -983,8 +980,22 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, if (strcmp(str1, "WrLehDz") == 0) { StrnCpy(domain, p, sizeof(fstring)-1); - } else { - StrnCpy(domain, lp_workgroup(), sizeof(fstring)-1); + } + else + { + /* a server will connect to us under one of samba's NetBIOS + name aliases, and by not giving us a domain name it + assumes we know which domain it's talking about. + do a look-up for the workgroup name against the name + the host connected to us as. + */ + + char *work_alias; + + work_alias = conf_alias_to_workgroup(local_machine); /* look-up */ + + if (work_alias) + StrnCpy(domain, work_alias, sizeof(fstring)-1); } if (lp_browse_list()) @@ -1349,7 +1360,7 @@ static BOOL api_SetUserPassword(int cnum,int uid, char *param,char *data, DEBUG(3,("Set password for <%s>\n",user)); - if (password_ok(user,pass1,strlen(pass1),NULL,False) && + if (password_ok(user,pass1,strlen(pass1),NULL) && chgpasswd(user,pass1,pass2)) { SSVAL(*rparam,0,NERR_Success); @@ -1668,9 +1679,19 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, pstring comment; uint32 servertype=DFLT_SERVER_TYPE; + char *work_alias; + char domain[16]; + + work_alias = conf_alias_to_workgroup(local_machine); /* look-up */ + + if (work_alias) + StrnCpy(domain, work_alias, sizeof(fstring)-1); + else + *domain = 0; + strcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,domain))>0) { for (i=0;i Date: Wed, 2 Oct 1996 15:41:30 +0000 Subject: backout all the changes to nmbd. The 1.9.16 tree is now back to 1.9.16p2 as far as nmbd is concerned apart from a small change that fixes the announce type in two places. (This used to be commit 45e66a69d320024877c8b13f12b21bf895e04410) --- source3/smbd/ipc.c | 57 ++++++++++-------------------------------------------- 1 file changed, 10 insertions(+), 47 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 580aa446b6..8e81134de5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -812,7 +812,10 @@ static int get_server_info(uint32 servertype, if (!next_token(&ptr,s->name , NULL)) continue; if (!next_token(&ptr,stype , NULL)) continue; if (!next_token(&ptr,s->comment, NULL)) continue; - if (!next_token(&ptr,s->domain , NULL)) continue; + if (!next_token(&ptr,s->domain , NULL)) { + /* this allows us to cope with an old nmbd */ + strcpy(s->domain,lp_workgroup()); + } if (sscanf(stype,"%X",&s->type) != 1) { DEBUG(4,("r:host file ")); @@ -980,22 +983,8 @@ static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, if (strcmp(str1, "WrLehDz") == 0) { StrnCpy(domain, p, sizeof(fstring)-1); - } - else - { - /* a server will connect to us under one of samba's NetBIOS - name aliases, and by not giving us a domain name it - assumes we know which domain it's talking about. - do a look-up for the workgroup name against the name - the host connected to us as. - */ - - char *work_alias; - - work_alias = conf_alias_to_workgroup(local_machine); /* look-up */ - - if (work_alias) - StrnCpy(domain, work_alias, sizeof(fstring)-1); + } else { + StrnCpy(domain, lp_workgroup(), sizeof(fstring)-1); } if (lp_browse_list()) @@ -1679,19 +1668,9 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, pstring comment; uint32 servertype=DFLT_SERVER_TYPE; - char *work_alias; - char domain[16]; - - work_alias = conf_alias_to_workgroup(local_machine); /* look-up */ - - if (work_alias) - StrnCpy(domain, work_alias, sizeof(fstring)-1); - else - *domain = 0; - strcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers,domain))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) { for (i=0;i Date: Fri, 25 Oct 1996 20:10:53 +0000 Subject: Changed definitions of prototypes to take uint16 vuid's not int uid's. Part of the change for Samba to return an index+offset into the registered users table rather than a raw unix uid. Added casts to required prototypes for function pointers in tables. jra@cygnus.com (This used to be commit ec2a3a1cf2220f6aace004d1808352f8e62a5616) --- source3/smbd/ipc.c | 138 ++++++++++++++++++++++++++--------------------------- 1 file changed, 69 insertions(+), 69 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8e81134de5..be500cb40d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -64,11 +64,11 @@ extern fstring local_machine; extern int Client; -static BOOL api_Unsupported(int cnum,int uid, char *param,char *data, +static BOOL api_Unsupported(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len); -static BOOL api_TooSmall(int cnum,int uid, char *param,char *data, +static BOOL api_TooSmall(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len); @@ -578,7 +578,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",SERVICE(snum),count)); } -static BOOL api_DosPrintQGetInfo(int cnum,int uid, char *param,char *data, +static BOOL api_DosPrintQGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -651,7 +651,7 @@ static BOOL api_DosPrintQGetInfo(int cnum,int uid, char *param,char *data, /**************************************************************************** view list of all print jobs on all queues ****************************************************************************/ -static BOOL api_DosPrintQEnum(int cnum, int uid, char* param, char* data, +static BOOL api_DosPrintQEnum(int cnum, uint16 vuid, char* param, char* data, int mdrcnt, int mprcnt, char **rdata, char** rparam, int *rdata_len, int *rparam_len) @@ -948,7 +948,7 @@ static BOOL srv_comp(struct srv_info_struct *s1,struct srv_info_struct *s2) view list of servers available (or possibly domains). The info is extracted from lists saved by nmbd on the local host ****************************************************************************/ -static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data, +static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, int mdrcnt, int mprcnt, char **rdata, char **rparam, int *rdata_len, int *rparam_len) { @@ -1175,7 +1175,7 @@ static int fill_share_info(int cnum, int snum, int uLevel, return len; } -static BOOL api_RNetShareGetInfo(int cnum,int uid, char *param,char *data, +static BOOL api_RNetShareGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1210,7 +1210,7 @@ static BOOL api_RNetShareGetInfo(int cnum,int uid, char *param,char *data, /**************************************************************************** view list of shares available ****************************************************************************/ -static BOOL api_RNetShareEnum(int cnum,int uid, char *param,char *data, +static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1274,7 +1274,7 @@ static BOOL api_RNetShareEnum(int cnum,int uid, char *param,char *data, /**************************************************************************** get the time of day info ****************************************************************************/ -static BOOL api_NetRemoteTOD(int cnum,int uid, char *param,char *data, +static BOOL api_NetRemoteTOD(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1323,7 +1323,7 @@ static BOOL api_NetRemoteTOD(int cnum,int uid, char *param,char *data, /**************************************************************************** set the user password ****************************************************************************/ -static BOOL api_SetUserPassword(int cnum,int uid, char *param,char *data, +static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1365,7 +1365,7 @@ static BOOL api_SetUserPassword(int cnum,int uid, char *param,char *data, delete a print job Form: <> ****************************************************************************/ -static BOOL api_RDosPrintJobDel(int cnum,int uid, char *param,char *data, +static BOOL api_RDosPrintJobDel(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1427,7 +1427,7 @@ static BOOL api_RDosPrintJobDel(int cnum,int uid, char *param,char *data, return(True); } -static BOOL api_WPrintQueuePurge(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintQueuePurge(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1498,7 +1498,7 @@ static int check_printjob_info(struct pack_desc* desc, return True; } -static BOOL api_PrintJobInfo(int cnum,int uid,char *param,char *data, +static BOOL api_PrintJobInfo(int cnum,uint16 vuid,char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1579,7 +1579,7 @@ static BOOL api_PrintJobInfo(int cnum,int uid,char *param,char *data, GetWd(wd); unbecome_user(); - if (!become_user(Files[i].cnum,uid) || + if (!become_user(Files[i].cnum,vuid) || !become_service(Files[i].cnum,True)) break; @@ -1605,7 +1605,7 @@ static BOOL api_PrintJobInfo(int cnum,int uid,char *param,char *data, /**************************************************************************** get info about the server ****************************************************************************/ -static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, +static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1712,7 +1712,7 @@ static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data, /**************************************************************************** get info about the server ****************************************************************************/ -static BOOL api_NetWkstaGetInfo(int cnum,int uid, char *param,char *data, +static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1787,7 +1787,7 @@ static BOOL api_NetWkstaGetInfo(int cnum,int uid, char *param,char *data, #define USER_PRIV_USER 1 #define USER_PRIV_ADMIN 2 -static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data, +static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1927,7 +1927,7 @@ static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data, /******************************************************************* get groups that a user is a member of ******************************************************************/ -static BOOL api_NetUserGetGroups(int cnum,int uid, char *param,char *data, +static BOOL api_NetUserGetGroups(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1974,7 +1974,7 @@ static BOOL api_NetUserGetGroups(int cnum,int uid, char *param,char *data, } -static BOOL api_WWkstaUserLogon(int cnum,int uid, char *param,char *data, +static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2047,7 +2047,7 @@ static BOOL api_WWkstaUserLogon(int cnum,int uid, char *param,char *data, /**************************************************************************** api_WAccessGetUserPerms ****************************************************************************/ -static BOOL api_WAccessGetUserPerms(int cnum,int uid, char *param,char *data, +static BOOL api_WAccessGetUserPerms(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2075,7 +2075,7 @@ static BOOL api_WAccessGetUserPerms(int cnum,int uid, char *param,char *data, /**************************************************************************** api_WPrintJobEnumerate ****************************************************************************/ -static BOOL api_WPrintJobGetInfo(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintJobGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2141,7 +2141,7 @@ static BOOL api_WPrintJobGetInfo(int cnum,int uid, char *param,char *data, return(True); } -static BOOL api_WPrintJobEnumerate(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintJobEnumerate(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2258,7 +2258,7 @@ static void fill_printdest_info(int cnum, int snum, int uLevel, } } -static BOOL api_WPrintDestGetInfo(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintDestGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2317,7 +2317,7 @@ static BOOL api_WPrintDestGetInfo(int cnum,int uid, char *param,char *data, return(True); } -static BOOL api_WPrintDestEnum(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintDestEnum(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2375,7 +2375,7 @@ static BOOL api_WPrintDestEnum(int cnum,int uid, char *param,char *data, return(True); } -static BOOL api_WPrintDriverEnum(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintDriverEnum(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2420,7 +2420,7 @@ static BOOL api_WPrintDriverEnum(int cnum,int uid, char *param,char *data, return(True); } -static BOOL api_WPrintQProcEnum(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintQProcEnum(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2466,7 +2466,7 @@ static BOOL api_WPrintQProcEnum(int cnum,int uid, char *param,char *data, return(True); } -static BOOL api_WPrintPortEnum(int cnum,int uid, char *param,char *data, +static BOOL api_WPrintPortEnum(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2524,13 +2524,13 @@ struct { { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, { "TransactNmPipe", "lsarpc", 0x26, api_LsarpcTNP }, - { NULL, NULL, -1, api_Unsupported } + { NULL, NULL, -1, (BOOL (*)())api_Unsupported } }; /**************************************************************************** handle remote api calls delivered to a named pipe already opened. ****************************************************************************/ -static int api_fd_reply(int cnum,int uid,char *outbuf, +static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, uint16 *setup,char *data,char *params, int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { @@ -2570,20 +2570,20 @@ static int api_fd_reply(int cnum,int uid,char *outbuf, rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); - reply = api_fd_commands[i].fn(cnum,uid,params,data,mdrcnt,mprcnt, + reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); if (rdata_len > mdrcnt || rparam_len > mprcnt) { - reply = api_TooSmall(cnum,uid,params,data,mdrcnt,mprcnt, + reply = api_TooSmall(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); } /* if we get False back then it's actually unsupported */ if (!reply) - api_Unsupported(cnum,uid,params,data,mdrcnt,mprcnt, + api_Unsupported(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); /* now send the reply */ @@ -2602,7 +2602,7 @@ static int api_fd_reply(int cnum,int uid,char *outbuf, /**************************************************************************** the buffer was too small ****************************************************************************/ -static BOOL api_TooSmall(int cnum,int uid, char *param,char *data, +static BOOL api_TooSmall(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2623,7 +2623,7 @@ static BOOL api_TooSmall(int cnum,int uid, char *param,char *data, /**************************************************************************** the request is not supported ****************************************************************************/ -static BOOL api_Unsupported(int cnum,int uid, char *param,char *data, +static BOOL api_Unsupported(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2651,38 +2651,38 @@ struct BOOL (*fn)(); int flags; } api_commands[] = { - {"RNetShareEnum", 0, api_RNetShareEnum,0}, - {"RNetShareGetInfo", 1, api_RNetShareGetInfo,0}, - {"RNetServerGetInfo", 13, api_RNetServerGetInfo,0}, - {"RNetUserGetInfo", 56, api_RNetUserGetInfo,0}, - {"NetUserGetGroups", 59, api_NetUserGetGroups,0}, - {"NetWkstaGetInfo", 63, api_NetWkstaGetInfo,0}, - {"DosPrintQEnum", 69, api_DosPrintQEnum,0}, - {"DosPrintQGetInfo", 70, api_DosPrintQGetInfo,0}, - {"WPrintJobEnumerate",76, api_WPrintJobEnumerate,0}, - {"WPrintJobGetInfo", 77, api_WPrintJobGetInfo,0}, - {"RDosPrintJobDel", 81, api_RDosPrintJobDel,0}, - {"RDosPrintJobPause", 82, api_RDosPrintJobDel,0}, - {"RDosPrintJobResume",83, api_RDosPrintJobDel,0}, - {"WPrintDestEnum", 84, api_WPrintDestEnum,0}, - {"WPrintDestGetInfo", 85, api_WPrintDestGetInfo,0}, - {"NetRemoteTOD", 91, api_NetRemoteTOD,0}, - {"WPrintQueuePurge", 103, api_WPrintQueuePurge,0}, - {"NetServerEnum", 104, api_RNetServerEnum,0}, - {"WAccessGetUserPerms",105, api_WAccessGetUserPerms,0}, - {"SetUserPassword", 115, api_SetUserPassword,0}, - {"WWkstaUserLogon", 132, api_WWkstaUserLogon,0}, - {"PrintJobInfo", 147, api_PrintJobInfo,0}, - {"WPrintDriverEnum", 205, api_WPrintDriverEnum,0}, - {"WPrintQProcEnum", 206, api_WPrintQProcEnum,0}, - {"WPrintPortEnum", 207, api_WPrintPortEnum,0}, - {NULL, -1, api_Unsupported,0}}; + {"RNetShareEnum", 0, (BOOL (*)())api_RNetShareEnum,0}, + {"RNetShareGetInfo", 1, (BOOL (*)())api_RNetShareGetInfo,0}, + {"RNetServerGetInfo", 13, (BOOL (*)())api_RNetServerGetInfo,0}, + {"RNetUserGetInfo", 56, (BOOL (*)())api_RNetUserGetInfo,0}, + {"NetUserGetGroups", 59, (BOOL (*)())api_NetUserGetGroups,0}, + {"NetWkstaGetInfo", 63, (BOOL (*)())api_NetWkstaGetInfo,0}, + {"DosPrintQEnum", 69, (BOOL (*)())api_DosPrintQEnum,0}, + {"DosPrintQGetInfo", 70, (BOOL (*)())api_DosPrintQGetInfo,0}, + {"WPrintJobEnumerate",76, (BOOL (*)())api_WPrintJobEnumerate,0}, + {"WPrintJobGetInfo", 77, (BOOL (*)())api_WPrintJobGetInfo,0}, + {"RDosPrintJobDel", 81, (BOOL (*)())api_RDosPrintJobDel,0}, + {"RDosPrintJobPause", 82, (BOOL (*)())api_RDosPrintJobDel,0}, + {"RDosPrintJobResume",83, (BOOL (*)())api_RDosPrintJobDel,0}, + {"WPrintDestEnum", 84, (BOOL (*)())api_WPrintDestEnum,0}, + {"WPrintDestGetInfo", 85, (BOOL (*)())api_WPrintDestGetInfo,0}, + {"NetRemoteTOD", 91, (BOOL (*)())api_NetRemoteTOD,0}, + {"WPrintQueuePurge", 103, (BOOL (*)())api_WPrintQueuePurge,0}, + {"NetServerEnum", 104, (BOOL (*)())api_RNetServerEnum,0}, + {"WAccessGetUserPerms",105, (BOOL (*)())api_WAccessGetUserPerms,0}, + {"SetUserPassword", 115, (BOOL (*)())api_SetUserPassword,0}, + {"WWkstaUserLogon", 132, (BOOL (*)())api_WWkstaUserLogon,0}, + {"PrintJobInfo", 147, (BOOL (*)())api_PrintJobInfo,0}, + {"WPrintDriverEnum", 205, (BOOL (*)())api_WPrintDriverEnum,0}, + {"WPrintQProcEnum", 206, (BOOL (*)())api_WPrintQProcEnum,0}, + {"WPrintPortEnum", 207, (BOOL (*)())api_WPrintPortEnum,0}, + {NULL, -1, (BOOL (*)())api_Unsupported,0}}; /**************************************************************************** handle remote api calls ****************************************************************************/ -static int api_reply(int cnum,int uid,char *outbuf,char *data,char *params, +static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params, int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { int api_command = SVAL(params,0); @@ -2707,21 +2707,21 @@ static int api_reply(int cnum,int uid,char *outbuf,char *data,char *params, rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); - reply = api_commands[i].fn(cnum,uid,params,data,mdrcnt,mprcnt, + reply = api_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); if (rdata_len > mdrcnt || rparam_len > mprcnt) { - reply = api_TooSmall(cnum,uid,params,data,mdrcnt,mprcnt, + reply = api_TooSmall(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); } /* if we get False back then it's actually unsupported */ if (!reply) - api_Unsupported(cnum,uid,params,data,mdrcnt,mprcnt, + api_Unsupported(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); @@ -2740,17 +2740,17 @@ static int api_reply(int cnum,int uid,char *outbuf,char *data,char *params, /**************************************************************************** handle named pipe commands ****************************************************************************/ -static int named_pipe(int cnum,int uid, char *outbuf,char *name, +static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name, uint16 *setup,char *data,char *params, int suwcnt,int tdscnt,int tpscnt, int msrcnt,int mdrcnt,int mprcnt) { if (strequal(name,"LANMAN")) - return(api_reply(cnum,uid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt)); + return(api_reply(cnum,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt)); if (strlen(name) < 1) - return(api_fd_reply(cnum,uid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt)); + return(api_fd_reply(cnum,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt)); DEBUG(3,("named pipe command on <%s> 0x%X setup1=%d\n", @@ -2772,7 +2772,7 @@ int reply_trans(char *inbuf,char *outbuf) int outsize = 0; int cnum = SVAL(inbuf,smb_tid); - int uid = SVAL(inbuf,smb_uid); + uint16 vuid = SVAL(inbuf,smb_uid); int tpscnt = SVAL(inbuf,smb_vwv0); int tdscnt = SVAL(inbuf,smb_vwv1); @@ -2860,7 +2860,7 @@ int reply_trans(char *inbuf,char *outbuf) if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0) - outsize = named_pipe(cnum,uid,outbuf,name+strlen("\\PIPE\\"),setup,data,params, + outsize = named_pipe(cnum,vuid,outbuf,name+strlen("\\PIPE\\"),setup,data,params, suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); @@ -2869,7 +2869,7 @@ int reply_trans(char *inbuf,char *outbuf) if (setup) free(setup); if (close_on_completion) - close_cnum(cnum,uid); + close_cnum(cnum,vuid); if (one_way) return(-1); -- cgit From 98bf10bc5df6eb1c3b71d51cc60ef4bf25f57d97 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Sun, 2 Feb 1997 18:12:36 +0000 Subject: util.c: StrCaseCmp and StrnCaseCmp terminated incorrectly, giving false answers when a string was partially identical. this issue is still outstanding, and needs to be investigated further. loadparm.c: added lp_logon_path() parameter. ipc.c: in NetUserGetInfo, lp_logon_path() can be returned instead of always specifying \\SAMBA_SERVER\HOMES (which may not necessarily exist). it is now possible to specify lp_logon_path() as \\ARBITRARY_SERVER\%U, just like NT server can. the default is \\SAMBA_SERVER\HOMES, just like it used to be. lkcl (This used to be commit d5b6ad7cb87d6b1a9342f027ac4f57ffdb54b4f3) --- source3/smbd/ipc.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index be500cb40d..1bb1322b5d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1845,8 +1845,15 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,36,0); /* auth flags */ SIVALS(p,40,-1); /* password age */ SIVAL(p,44,PTR_DIFF(p2,p)); /* home dir */ - strcpy(p2,"\\\\%L\\HOMES"); - standard_sub_basic(p2); + if (*lp_logon_path()) + { + strcpy(p2,lp_logon_path()); + } + else + { + strcpy(p2,"\\\\%L\\HOMES"); + standard_sub_basic(p2); + } p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,p)); /* parms */ strcpy(p2,""); @@ -1879,8 +1886,15 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SSVAL(p,42, Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - strcpy(p2,"\\\\%L\\HOMES"); - standard_sub_basic(p2); + if (*lp_logon_path()) + { + strcpy(p2,lp_logon_path()); + } + else + { + strcpy(p2,"\\\\%L\\HOMES"); + standard_sub_basic(p2); + } p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; -- cgit From da0a56a278232bad50ea0dd05de3b06299d66234 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Fri, 28 Feb 1997 20:39:36 +0000 Subject: Split maxxmit parameter into two : max_send (auto configured by the connecting client, as per CIFS4) and max_recv, which can be configured as the old maxxmit was. Fixes problems with NT directory listings when maxxmit is set very small. jra@cygnus.com (This used to be commit c2d5d1040a933987a0c39545bb5bf8e2fc400a87) --- source3/smbd/ipc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1bb1322b5d..ccb2f3dd52 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -31,7 +31,7 @@ #define CHECK_TYPES 0 extern int DEBUGLEVEL; -extern int maxxmit; +extern int max_send; extern files_struct Files[]; extern connection_struct Connections[]; @@ -142,8 +142,8 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, int tot_data=0,tot_param=0; int align; - this_lparam = MIN(lparam,maxxmit - (500+lsetup*SIZEOFWORD)); /* hack */ - this_ldata = MIN(ldata,maxxmit - (500+lsetup*SIZEOFWORD+this_lparam)); + this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ + this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); align = (this_lparam%4); @@ -173,8 +173,8 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, while (tot_data < ldata || tot_param < lparam) { - this_lparam = MIN(lparam-tot_param,maxxmit - 500); /* hack */ - this_ldata = MIN(ldata-tot_data,maxxmit - (500+this_lparam)); + this_lparam = MIN(lparam-tot_param,max_send - 500); /* hack */ + this_ldata = MIN(ldata-tot_data,max_send - (500+this_lparam)); align = (this_lparam%4); -- cgit From b581d0324098f12a5bcb1941e698339a84e44a93 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Sun, 9 Mar 1997 14:58:22 +0000 Subject: 1) updated ipc.c NetUserGetInfo - load \\%L\%U instead of \\%L\HOMES because the share must be browseable by a w95 client 2) send_mailslot_reply - unique or group datagram argument added. 3) netlogon.c - rewrote response packet to do the right thing for w95. 4) server.c reply_nt1() - added OEMDomainstring to the end. 5) (deep breath) reworked the nmbd-browsing code a little bit. i discovered two months ago that becoming a primary domain controller (and domain master browser) is done independently of becoming a backup domain controller (logon server) is done independently of becoming a local master browser. therefore, three sets of state-machines (instead of just one) are in place - each of which is responsible for taking samba through the required stages to become: a logon server; a domain master browser; and a local master browser. each of these three things can occur independently on each interface, _including_ the wins pseudo-interface. the only slight caveat is that the wins pseudo-interface, by virtue of _not_ being a broadcast interface, does _not_ register as a local master browser with the wins server, as this doesn't make sense. lkcl (This used to be commit 88c6a00c3c1b430307f512986185b5ed7aea7181) --- source3/smbd/ipc.c | 472 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 324 insertions(+), 148 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ccb2f3dd52..9f8369912c 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1,3 +1,4 @@ + /* Unix SMB/Netbios implementation. Version 1.9. @@ -1672,7 +1673,8 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) { for (i=0;i 0) { - SCVAL(p,21,0); - *p2 = 0; - if (uLevel >= 10) { - SIVAL(p,22,PTR_DIFF(p2,p)); /* comment */ - strcpy(p2,""); - p2 = skip_string(p2,1); - SIVAL(p,26,PTR_DIFF(p2,p)); /* user_comment */ - strcpy(p2,""); - p2 = skip_string(p2,1); - SIVAL(p,30,PTR_DIFF(p2,p)); /* full name */ - strcpy(p2,""); - p2 = skip_string(p2,1); - } - if (uLevel == 11) { /* modelled after NTAS 3.51 reply */ - SSVAL(p,34, - Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); - SIVAL(p,36,0); /* auth flags */ - SIVALS(p,40,-1); /* password age */ - SIVAL(p,44,PTR_DIFF(p2,p)); /* home dir */ - if (*lp_logon_path()) - { - strcpy(p2,lp_logon_path()); - } - else - { - strcpy(p2,"\\\\%L\\HOMES"); - standard_sub_basic(p2); - } - p2 = skip_string(p2,1); - SIVAL(p,48,PTR_DIFF(p2,p)); /* parms */ - strcpy(p2,""); - p2 = skip_string(p2,1); - SIVAL(p,52,0); /* last logon */ - SIVAL(p,56,0); /* last logoff */ - SSVALS(p,60,-1); /* bad pw counts */ - SSVALS(p,62,-1); /* num logons */ - SIVAL(p,64,PTR_DIFF(p2,p)); /* logon server */ - strcpy(p2,"\\\\*"); - p2 = skip_string(p2,1); - SSVAL(p,68,0); /* country code */ - - SIVAL(p,70,PTR_DIFF(p2,p)); /* workstations */ - strcpy(p2,""); - p2 = skip_string(p2,1); - - SIVALS(p,74,-1); /* max storage */ - SSVAL(p,78,168); /* units per week */ - SIVAL(p,80,PTR_DIFF(p2,p)); /* logon hours */ - memset(p2,-1,21); - SCVAL(p2,21,0); /* fix zero termination */ - p2 = skip_string(p2,1); - - SSVAL(p,84,0); /* code page */ - } - if (uLevel == 1 || uLevel == 2) { - memset(p+22,' ',16); /* password */ - SIVALS(p,38,-1); /* password age */ - SSVAL(p,42, - Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); - SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - if (*lp_logon_path()) - { - strcpy(p2,lp_logon_path()); - } - else - { - strcpy(p2,"\\\\%L\\HOMES"); - standard_sub_basic(p2); - } - p2 = skip_string(p2,1); - SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ - *p2++ = 0; - SSVAL(p,52,0); /* flags */ - SIVAL(p,54,0); /* script_path */ - if (uLevel == 2) { - SIVAL(p,60,0); /* auth_flags */ - SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ - strcpy(p2,""); - p2 = skip_string(p2,1); - SIVAL(p,68,0); /* urs_comment */ - SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ - strcpy(p2,""); - p2 = skip_string(p2,1); - SIVAL(p,76,0); /* workstations */ - SIVAL(p,80,0); /* last_logon */ - SIVAL(p,84,0); /* last_logoff */ - SIVALS(p,88,-1); /* acct_expires */ - SIVALS(p,92,-1); /* max_storage */ - SSVAL(p,96,168); /* units_per_week */ - SIVAL(p,98,PTR_DIFF(p2,*rdata)); /* logon_hours */ - memset(p2,-1,21); - p2 += 21; - SSVALS(p,102,-1); /* bad_pw_count */ - SSVALS(p,104,-1); /* num_logons */ - SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ - strcpy(p2,"\\\\%L"); - standard_sub_basic(p2); - p2 = skip_string(p2,1); - SSVAL(p,110,49); /* country_code */ - SSVAL(p,112,860); /* code page */ - } - } - } + if (uLevel > 0) + { + SCVAL(p,usri11_pad,0); /* padding - 1 byte */ + *p2 = 0; + } + if (uLevel >= 10) + { + SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */ + strcpy(p2,"Comment"); + p2 = skip_string(p2,1); + + SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */ + strcpy(p2,"UserComment"); + p2 = skip_string(p2,1); + + /* EEK! the cifsrap.txt doesn't have this in!!!! */ + SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ +#if 0 + strcpy(p2,"FullName"); +#endif + strcpy(p2,UserName); /* suggest copying the user name, for now... */ + p2 = skip_string(p2,1); + } + if (uLevel == 11) /* modelled after NTAS 3.51 reply */ + { + SSVAL(p,usri11_priv,Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ + SIVALS(p,usri11_password_age,0xffffffff); /* password age */ + SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ + if (*lp_logon_path()) + { + strcpy(p2,lp_logon_path()); + } + else + { + strcpy(p2,"\\\\%L\\%U"); + } + standard_sub_basic(p2); + p2 = skip_string(p2,1); + SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,usri11_last_logon,0); /* last logon */ + SIVAL(p,usri11_last_logoff,0); /* last logoff */ + SSVALS(p,usri11_bad_pw_count,0xffffffff); /* bad pw counts */ + SSVALS(p,usri11_num_logons,0xffffffff); /* num logons */ + SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */ + strcpy(p2,"\\\\*"); + p2 = skip_string(p2,1); + SSVAL(p,usri11_country_code,0); /* country code */ + + SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */ + strcpy(p2,""); + p2 = skip_string(p2,1); + + SIVALS(p,usri11_max_storage,0xffffffff); /* max storage */ + SSVAL(p,usri11_units_per_week,168); /* units per week */ + SIVAL(p,usri11_logon_hours,PTR_DIFF(p2,p)); /* logon hours */ + + /* a simple way to get logon hours at all times. */ + memset(p2,0xff,21); + SCVAL(p2,21,0); /* fix zero termination */ + p2 = skip_string(p2,1); + + SSVAL(p,usri11_code_page,0); /* code page */ + } + if (uLevel == 1 || uLevel == 2) + { + memset(p+22,' ',16); /* password */ + SIVALS(p,38,-1); /* password age */ + SSVAL(p,42, + Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ + if (*lp_logon_path()) + { + strcpy(p2,lp_logon_path()); + } + else + { + strcpy(p2,"\\\\%L\\%U"); + } + standard_sub_basic(p2); + p2 = skip_string(p2,1); + SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ + *p2++ = 0; + SSVAL(p,52,0); /* flags */ + SIVAL(p,54,0); /* script_path */ + if (uLevel == 2) + { + SIVAL(p,60,0); /* auth_flags */ + SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,68,0); /* urs_comment */ + SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ + strcpy(p2,""); + p2 = skip_string(p2,1); + SIVAL(p,76,0); /* workstations */ + SIVAL(p,80,0); /* last_logon */ + SIVAL(p,84,0); /* last_logoff */ + SIVALS(p,88,-1); /* acct_expires */ + SIVALS(p,92,-1); /* max_storage */ + SSVAL(p,96,168); /* units_per_week */ + SIVAL(p,98,PTR_DIFF(p2,*rdata)); /* logon_hours */ + memset(p2,-1,21); + p2 += 21; + SSVALS(p,102,-1); /* bad_pw_count */ + SSVALS(p,104,-1); /* num_logons */ + SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ + strcpy(p2,"\\\\%L"); + standard_sub_basic(p2); + p2 = skip_string(p2,1); + SSVAL(p,110,49); /* country_code */ + SSVAL(p,112,860); /* code page */ + } + } - *rdata_len = PTR_DIFF(p2,*rdata); + *rdata_len = PTR_DIFF(p2,*rdata); - SSVAL(*rparam,4,*rdata_len); /* is this right?? */ + SSVAL(*rparam,4,*rdata_len); /* is this right?? */ - return(True); + return(True); } - /******************************************************************* get groups that a user is a member of ******************************************************************/ @@ -2016,9 +2193,8 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, desc.subformat = NULL; desc.format = str2; - - - if (init_package(&desc,1,0)) { + if (init_package(&desc,1,0)) + { PACKI(&desc,"W",0); /* code */ PACKS(&desc,"B21",name); /* eff. name */ PACKS(&desc,"B",""); /* pad */ @@ -2027,7 +2203,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, PACKI(&desc,"D",0); /* auth flags XXX */ PACKI(&desc,"W",0); /* num logons */ PACKI(&desc,"W",0); /* bad pw count */ - PACKI(&desc,"D",-1); /* last logon */ + PACKI(&desc,"D",0); /* last logon */ PACKI(&desc,"D",-1); /* last logoff */ PACKI(&desc,"D",-1); /* logoff time */ PACKI(&desc,"D",-1); /* kickoff time */ @@ -2043,7 +2219,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, } PACKS(&desc,"z",lp_workgroup());/* domain */ PACKS(&desc,"z",lp_logon_script()); /* script path */ - PACKI(&desc,"D",0); /* reserved */ + PACKI(&desc,"D",0x00000000); /* reserved */ } *rdata_len = desc.usedlen; -- cgit From aaba4712c8dbf61043d9fe6e1d6773bbd835e3b2 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Sat, 15 Mar 1997 14:47:00 +0000 Subject: JHT ===> Moved MAJOR_VERSION and MINOR_VERSION defines to smb.h Made version info consistent in ipc.c and nameannounce.c Added define for BROWSER_ELECTION_VALUE and BROWSER_CONSTANT (see do_announce_host() in nameannounce.c). Sniffing with the latest bloodhound I found that the byte range occupied by the BROWSER_ELECTION_VALUE is interpreted depending on the type of announcement being made. In a Local_Master_Announcement it is BROWSER_ELECTION_VALUE but in both Workgroup_Announcement and Host_Announcement this is seen as Comment_String_Pointer. What does this mean? We need to know? (This used to be commit 86b0018cc7e246910a9a621b2bf379f782506a08) --- source3/smbd/ipc.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9f8369912c..3a2df56b3e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -60,9 +60,6 @@ extern fstring local_machine; #define SNLEN 15 /* service name length */ #define QNLEN 12 /* queue name maximum length */ -#define MAJOR_VERSION 4 -#define MINOR_VERSION 1 - extern int Client; static BOOL api_Unsupported(int cnum,uint16 vuid, char *param,char *data, -- cgit From 121c81e3d68f1748f114a2530a9eb67f7f658fda Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Wed, 7 May 1997 17:56:46 +0000 Subject: added automount home directory support. contributed by simeon@bangor.co.uk and a mini bug-fix by rob.nacarrato@sheridanc.on.ca reads in an entry from the auto.home file for the user when they log in, and mounts their home directory as the default path for the [homes] service. i might add this as to the %substitution system, so that you can specify subdirectories for the user profiles, mainly. lkcl (This used to be commit 0bb6acc358243c49e19de9d5cc95f5124ac11b7c) --- source3/smbd/ipc.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3a2df56b3e..9a80a8d062 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1947,6 +1947,7 @@ There is no auxiliary data in the response. #define AF_OP_SERVER 2 #define AF_OP_ACCOUNTS 3 + static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, @@ -1959,10 +1960,17 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, int uLevel = SVAL(p,0); char *p2; - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + /* get NIS home of a previously validated user - simeon */ + user_struct *vuser = get_valid_user_struct(vuid); + DEBUG(3,(" Username of UID %d is %s\n", vuser->uid, vuser->name)); + #if (defined(NETGROUP) && defined(AUTOMOUNT)) + DEBUG(3,(" HOMESHR for %s is %s\n", vuser->name, vuser->home_share)); + #endif - /* check it's a supported varient */ + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + + /* check it's a supported variant */ if (strcmp(str1,"zWrLh") != 0) return False; switch( uLevel ) { @@ -2005,12 +2013,10 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, /* EEK! the cifsrap.txt doesn't have this in!!!! */ SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ -#if 0 - strcpy(p2,"FullName"); -#endif - strcpy(p2,UserName); /* suggest copying the user name, for now... */ + strcpy(p2,vuser->real_name); /* simeon */ p2 = skip_string(p2,1); } + if (uLevel == 11) /* modelled after NTAS 3.51 reply */ { SSVAL(p,usri11_priv,Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); @@ -2023,7 +2029,11 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, } else { +#if (defined(NETGROUP) && defined(AUTOMOUNT)) + strcpy(p2, vuser->home_share); +#else strcpy(p2,"\\\\%L\\%U"); +#endif } standard_sub_basic(p2); p2 = skip_string(p2,1); @@ -2067,7 +2077,11 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, } else { +#if (defined(NETGROUP) && defined(AUTOMOUNT)) + strcpy(p2, vuser->home_share); +#else strcpy(p2,"\\\\%L\\%U"); +#endif } standard_sub_basic(p2); p2 = skip_string(p2,1); @@ -2079,7 +2093,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, { SIVAL(p,60,0); /* auth_flags */ SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ - strcpy(p2,""); + strcpy(p2,vuser->real_name); /* simeon */ p2 = skip_string(p2,1); SIVAL(p,68,0); /* urs_comment */ SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ @@ -3066,5 +3080,3 @@ int reply_trans(char *inbuf,char *outbuf) return(outsize); } - - -- cgit From 0f1f0ceb9519368188f695e18e2341ccfd1b2d15 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Thu, 8 May 1997 01:14:17 +0000 Subject: 'The mother of all checkins' :-). Jeremy Allison (jallison@whistle.com) Wed May 7 1997: Update for 1.9.17alpha1 release - 'browsefix release' designed to make browsing across subnets work. byteorder.h: Updated copyright to 1997. charcnv.c: Updated copyright to 1997. charset.c Updated copyright to 1997. charset.h Updated copyright to 1997. client.c Updated copyright to 1997. clientutil.c Updated copyright to 1997. dir.c Updated copyright to 1997. fault.c Updated copyright to 1997. includes.h Updated copyright to 1997. interface.c Updated copyright to 1997. ipc.c Updated copyright to 1997. kanji.c Updated copyright to 1997. kanji.h Updated copyright to 1997. loadparm.c Updated copyright to 1997. locking.c Updated copyright to 1997. mangle.c Updated copyright to 1997. message.c Updated copyright to 1997. nameannounce.c Made use of WINS subnet explicit. Added reset_announce_timer() so announcement can be made immediately when we become a master. Expanded code to do sync with dmb. namebrowse.c Removed redundent checks for AM_MASTER in sync code. Made use of WINS subnet explicit. namedbname.c Made use of WINS subnet explicit. namedbresp.c Made use of WINS subnet explicit. namedbserver.c Made use of WINS subnet explicit. namedbsubnet.c Explicitly add workgroup to WINS subnet when we become a dmb. Made use of WINS subnet explicit. namedbwork.c Made use of WINS subnet explicit. Removed redundent check_work_servertype() function. nameelect.c Explicitly add workgroup to WINS subnet when we become a master browser. Made use of WINS subnet explicit. namelogon.c Updated copyright to 1997. namepacket.c Updated copyright to 1997. namequery.c Updated copyright to 1997. nameresp.c Made use of WINS subnet explicit. Made nmbd fail if configured as master browser and one exists already. nameserv.c Made use of WINS subnet explicit. Remove redundent logon server and domain master code. nameserv.h Add emumerate subnet macros. nameservreply.c Made use of WINS subnet explicit. nameservresp.c Updated copyright to 1997. namework.c Made use of WINS subnet explicit. Updated code to add sync browser entries to add subnet parameter. nmbd.c Added sanity check for misconfigured nmbd. nmblib.c Updated copyright to 1997. nmblookup.c Updated copyright to 1997. nmbsync.c Removed redundent AM_ANY_MASTER check. params.c Updated copyright to 1997. password.c Updated copyright to 1997. pipes.c Updated copyright to 1997. predict.c Updated copyright to 1997. printing.c Updated copyright to 1997. proto.h Changed protos for new nmbd code. quotas.c Updated copyright to 1997. replace.c Updated copyright to 1997. reply.c Updated copyright to 1997. server.c Updated copyright to 1997. shmem.c Updated copyright to 1997. smb.h Updated copyright to 1997. smbencrypt.c Updated copyright to 1997. smbpasswd.c Updated copyright to 1997. smbrun.c Updated copyright to 1997. status.c Updated copyright to 1997. system.c Updated copyright to 1997. testparm.c Updated copyright to 1997. testprns.c Updated copyright to 1997. time.c Updated copyright to 1997. trans2.c Updated copyright to 1997. trans2.h Updated copyright to 1997. uid.c Updated copyright to 1997. username.c Updated copyright to 1997. util.c Updated copyright to 1997. version.h Changed to 1.9.17alpha1. (This used to be commit cf23a155a1315f50d488794a2caf88402bf3e3e6) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9a80a8d062..1f1ac8600a 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3,7 +3,7 @@ Unix SMB/Netbios implementation. Version 1.9. Inter-process communication and named pipe handling - Copyright (C) Andrew Tridgell 1992-1995 + Copyright (C) Andrew Tridgell 1992-1997 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From aa864415c5183c948fe9ae221023d40265c38013 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Tue, 20 May 1997 00:32:51 +0000 Subject: dir.c: Fixed double slash issue. includes.h: Changed to ifdef FAST_SHARE_MODES. ipc.c: Changed lp_workgroup() to myworkgroup. loadparm.c: Added new shared mem parameters. Added Luke's fix. locking.c: Rewrite to do share modes better (both fast and slow modes). nameannounce.c: Changed lp_workgroup() to myworkgroup. Added Luke's fix. nameconf.c: Changed lp_workgroup() to myworkgroup. namedbname.c: Improved debug. namedbserver.c: Changed lp_workgroup() to myworkgroup. namedbsubnet.c: Added Luke's fix - rewritten somewhat. namedbwork.c: Changed lp_workgroup() to myworkgroup. nameelect.c: Added Luke's fix - rewritten somewhat. nameresp.c: Stoped shadowing global. nameserv.c: Added Luke's fix - Improved debug. nameservreply.c: Improved debug. namework.c: Changed lp_workgroup() to myworkgroup. nmbd.c: Added Luke's fix - Changed lp_workgroup() to myworkgroup. pipes.c: Changed lp_workgroup() to myworkgroup. proto.h: Added Luke's fix, added smb_shm_ proto's. reply.c: Changed lp_workgroup() to myworkgroup. server.c: Rewrite to do share modes better (both fast and slow modes). shmem.c: Rewrite to do share modes better (both fast and slow modes). smb.h: Rewrite to do share modes better (both fast and slow modes). status.c: Rewrite to do share modes better (both fast and slow modes). trans2.c: Fixed double slash issue. util.c: Tidied up, created myworkgroup. Jeremy Allison (jallison@whistle.com). (This used to be commit 2a1711eaaf08bb6776770cd3c96b3010f431a677) --- source3/smbd/ipc.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1f1ac8600a..8b9fb485ae 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -37,6 +37,7 @@ extern files_struct Files[]; extern connection_struct Connections[]; extern fstring local_machine; +extern fstring myworkgroup; #define NERR_Success 0 #define NERR_badpass 86 @@ -812,7 +813,7 @@ static int get_server_info(uint32 servertype, if (!next_token(&ptr,s->comment, NULL)) continue; if (!next_token(&ptr,s->domain , NULL)) { /* this allows us to cope with an old nmbd */ - strcpy(s->domain,lp_workgroup()); + strcpy(s->domain,myworkgroup); } if (sscanf(stype,"%X",&s->type) != 1) { @@ -982,7 +983,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, if (strcmp(str1, "WrLehDz") == 0) { StrnCpy(domain, p, sizeof(fstring)-1); } else { - StrnCpy(domain, lp_workgroup(), sizeof(fstring)-1); + StrnCpy(domain, myworkgroup, sizeof(fstring)-1); } if (lp_browse_list()) @@ -1668,7 +1669,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, strcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers,lp_workgroup()))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,myworkgroup))>0) { for (i=0;i Date: Wed, 11 Jun 1997 01:03:06 +0000 Subject: Makefile: Added quoata changes for Linux from Thorvald Natvig Makefile.RPM: Added quoata changes for Linux from Thorvald Natvig charset.c: Large changes to add multiple client code pages. charset.h: Changed charset_initialise() proto. client.c: Fixed message sending bug. Changed charset_initialise(). ipc.c: Fixed #ifdef compile problems. loadparm.c: Added "client code page" option. nmbd.c: Changed charset_initialise(). Fixed lmhosts read. nmblookup.c: Changed charset_initialise(). proto.h: Added lp_client_code_page(void). quotas.c: Added quoata changes for Linux from Thorvald Natvig reply.c: Changed debug level. Made SMBecho ignore tid. server.c: Changed charset_initialise(). smb.h: Added DEFAULT_CLIENT_CODE_PAGE as 850. smbpasswd.c: Changed charset_initialise(). status.c: Changed charset_initialise(). testparm.c: Changed charset_initialise(). testprns.c: Changed charset_initialise(). Jeremy Allison (jallison@whistle.com) (This used to be commit 957025bace1bcff34d21a6caeca498e85abccb23) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8b9fb485ae..6b3953e6c8 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1964,9 +1964,9 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, /* get NIS home of a previously validated user - simeon */ user_struct *vuser = get_valid_user_struct(vuid); DEBUG(3,(" Username of UID %d is %s\n", vuser->uid, vuser->name)); - #if (defined(NETGROUP) && defined(AUTOMOUNT)) +#if (defined(NETGROUP) && defined(AUTOMOUNT)) DEBUG(3,(" HOMESHR for %s is %s\n", vuser->name, vuser->home_share)); - #endif +#endif *rparam_len = 6; *rparam = REALLOC(*rparam,*rparam_len); -- cgit From fb1429c1970bc123e191f0cb7cc764faf4b86998 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Tue, 1 Jul 1997 01:19:13 +0000 Subject: client.c: New print queue query code from Jeff C. Foster " ipc.c: Added code for returning restricted lists of servers. loadparm.c: Changed default for force create mode to 000. Changed default maxmux to 50 to comply with NT. locking.c: Fixed silly crash bug with slow share mode code. nameannounce.c: Added code for returning restricted lists of servers. namedbserver.c: Added code for returning restricted lists of servers. nameelect.c: Added code for returning restricted lists of servers. namework.c: Added code for returning restricted lists of servers. nmbsync.c: Added code for returning restricted lists of servers. server.c: Added quota fix Albrecht Gebhardt smb.h: Added define for COPYBUF_SIZE. system.c: Rename across filesystems Patch from Warren Birnbaum util.c: Minor fix for warning. (This used to be commit 1c6e433caa22813a699c9766847886eb59755f8b) --- source3/smbd/ipc.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6b3953e6c8..7922e41623 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -770,6 +770,7 @@ static int get_server_info(uint32 servertype, int count=0; int alloced=0; pstring line; + BOOL local_list_only; strcpy(fname,lp_lockdir()); trim_string(fname,NULL,"/"); @@ -784,7 +785,10 @@ static int get_server_info(uint32 servertype, } /* request for everything is code for request all servers */ - if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; + if (servertype == SV_TYPE_ALL) + servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY); + + local_list_only = (servertype & SV_TYPE_LOCAL_LIST_ONLY); DEBUG(4,("Servertype search: %8x\n",servertype)); @@ -821,6 +825,14 @@ static int get_server_info(uint32 servertype, ok = False; } + /* Filter the servers/domains we return based on what was asked for. */ + + /* Check to see if we are being asked for a local list only. */ + if(local_list_only && ((s->type & SV_TYPE_LOCAL_LIST_ONLY) == 0)) { + DEBUG(4,("r: local list only")); + ok = False; + } + /* doesn't match up: don't want it */ if (!(servertype & s->type)) { DEBUG(4,("r:serv type ")); @@ -839,6 +851,9 @@ static int get_server_info(uint32 servertype, ok = False; } + /* We should never return a server type with a SV_TYPE_LOCAL_LIST_ONLY set. */ + s->type &= ~SV_TYPE_LOCAL_LIST_ONLY; + if (ok) { DEBUG(4,("**SV** %20s %8x %25s %15s\n", -- cgit From cec799512da39b880a80449952a30c255d7eb972 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Wed, 9 Jul 1997 11:04:45 +0000 Subject: JHT ==> Added copyright notations for my works. This is regretably needed! (This used to be commit c80111cdf54218f23b230dc91bd6d814e6a4afcc) --- source3/smbd/ipc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7922e41623..17bdd3ca66 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1,9 +1,11 @@ - /* Unix SMB/Netbios implementation. Version 1.9. Inter-process communication and named pipe handling Copyright (C) Andrew Tridgell 1992-1997 + + SMB Version handling + Copyright (C) John H Terpstra 1995-1997 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From 75bbf35a8626ea30ac31546d0ceb9e2801ab7eae Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Wed, 30 Jul 1997 19:17:51 +0000 Subject: client.c: Minor change to cast parameters for DEC unix. clientutil.c: Minor change to cast parameters for DEC unix. ipc.c: Fixes to parameterise the stuff John wants. loadparm.c: Fixes to parameterise the stuff John wants. nameannounce.c: Fixes to parameterise the stuff John wants. namedbwork.c: Fixes to parameterise the stuff John wants. nameserv.h: Fixes to parameterise the stuff John wants. proto.h: Fixes to parameterise the stuff John wants. smb.h: Fixes to parameterise the stuff John wants. util.c: tidy. Jeremy (jallison@whistle.com) (This used to be commit 9fbca2594ba775450d5dca13cbce257b4362ca66) --- source3/smbd/ipc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 17bdd3ca66..89dd9f511b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1682,7 +1682,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, struct srv_info_struct *servers=NULL; int i,count; pstring comment; - uint32 servertype=DFLT_SERVER_TYPE; + uint32 servertype= lp_default_server_announce(); strcpy(comment,lp_serverstring()); @@ -1696,8 +1696,8 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, } if (servers) free(servers); - SCVAL(p,0,MAJOR_VERSION); - SCVAL(p,1,MINOR_VERSION); + SCVAL(p,0,lp_major_announce_version()); + SCVAL(p,1,lp_minor_announce_version()); SIVAL(p,2,servertype); if (mdrcnt == struct_len) { @@ -1777,8 +1777,8 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data, p2 = skip_string(p2,1); p += 4; - SCVAL(p,0,MAJOR_VERSION); /* system version - e.g 4 in 4.1 */ - SCVAL(p,1,MINOR_VERSION); /* system version - e.g .1 in 4.1 */ + SCVAL(p,0,lp_major_announce_version()); /* system version - e.g 4 in 4.1 */ + SCVAL(p,1,lp_minor_announce_version()); /* system version - e.g .1 in 4.1 */ p += 2; SIVAL(p,0,PTR_DIFF(p2,*rdata)); -- cgit From b65fdef1ba6a9a0a27da724a8324a6f2804759cf Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Wed, 13 Aug 1997 20:16:32 +0000 Subject: includes.h: Fixed S_IFLNK for old DEC ultrix. ipc.c: Finally :-) fixed responses to NetServerEnum2 when SV_TYPE_ALL given. Jeremy (jallison@whistle.com) (This used to be commit 1dc37c83506a434840a04c49e423cd9d2223fab4) --- source3/smbd/ipc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 89dd9f511b..d6d2f289aa 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -982,11 +982,17 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, int i,missed; fstring domain; BOOL domain_request; - BOOL local_request = servertype & SV_TYPE_LOCAL_LIST_ONLY; + BOOL local_request; - if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM; + /* If someone sets all the bits they don't really mean to set + DOMAIN_ENUM and LOCAL_LIST_ONLY, they just want all the + known servers. */ + + if (servertype == SV_TYPE_ALL) + servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY); domain_request = ((servertype & SV_TYPE_DOMAIN_ENUM) != 0); + local_request = ((servertype & SV_TYPE_LOCAL_LIST_ONLY) != 0); p += 8; -- cgit From e9269c67a59ffa741123cb2ce3ab8dfb97136dec Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Tue, 19 Aug 1997 19:22:26 +0000 Subject: Makefile: Changed for HPUX10 tidyup. includes.h: Changed for HPUX10 tidyup. ipc.c: Fixed bug where getting local server list from NT browsers would fail. nmbsync.c: Fixed bug where getting local server list from NT browsers would fail. proto.h: Changed for crash bug on SCO with USE_MMAP. quotas.c: Added OSF quotas (patch from Bret Giddings ). Rolled back solaris uid change - I think it was wrong. reply.c: Changed for crash bug on SCO with USE_MMAP. server.c: Removed Lukes changes. Changed for crash bug on SCO with USE_MMAP. smb.h: Changed for crash bug on SCO with USE_MMAP. smbpasswd.c:Fixed crash bug with Lukes changes. uid.c: Removed Lukes changes. util.c: Fixed I18N bug with extended char filenames and widelinks = no. Jeremy (jallison@whistle.com) (This used to be commit bf1c79f7fd7f9beec4f9f4e58337cadceeb1cb38) --- source3/smbd/ipc.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index d6d2f289aa..e21021c0ac 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -991,6 +991,15 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, if (servertype == SV_TYPE_ALL) servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY); + /* If someone sets SV_TYPE_LOCAL_LIST_ONLY but hasn't set + any other bit (they may just set this bit on it's own) they + want all the locally seen servers. However this bit can be + set on its own so set the requested servers to be + ALL - DOMAIN_ENUM. */ + + if ((servertype & SV_TYPE_LOCAL_LIST_ONLY) && !(servertype & SV_TYPE_DOMAIN_ENUM)) + servertype = SV_TYPE_ALL & ~(SV_TYPE_DOMAIN_ENUM); + domain_request = ((servertype & SV_TYPE_DOMAIN_ENUM) != 0); local_request = ((servertype & SV_TYPE_LOCAL_LIST_ONLY) != 0); -- cgit From f434139087ea45ed1eb578267843943b0f04c94c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 31 Aug 1997 02:18:59 +0000 Subject: fixed a bug in the printjob encoding/decoding. We weren't doing it for the print_ functions in reply.c, with the effect that you couldn't cancel print jobs from smbclient or from older dos clients. we now use a couple of utility functions printjob_encode() and printjob_decode() rather than sticking the bitops inline in each place. also fixed a bunch of places that used foo%0xFF rather than foo&0xFF Note that this isn't really me doing the commit, it can't be as I'm working on my thesis ... (This used to be commit 3556763be3acbf01c967ee9717943dd44163fb9f) --- source3/smbd/ipc.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e21021c0ac..55e293d7ff 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -480,7 +480,7 @@ static void fill_printjob_info(int cnum, int snum, int uLevel, /* the client expects localtime */ t -= TimeDiff(t); - PACKI(desc,"W",((snum%0xFF)<<8) | (queue->job%0xFF)); /* uJobId */ + PACKI(desc,"W",printjob_encode(snum, queue->job)); /* uJobId */ if (uLevel == 1) { PACKS(desc,"B21",queue->user); /* szUserName */ PACKS(desc,"B",""); /* pad */ @@ -1405,11 +1405,10 @@ static BOOL api_RDosPrintJobDel(int cnum,uint16 vuid, char *param,char *data, char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int jobid = (SVAL(p,0)&0xFF); /* the snum and jobid are encoded - by the print queue api */ - int snum = (SVAL(p,0)>>8); + int jobid, snum; int i, count; + printjob_decode(SVAL(p,0), &snum, &jobid); /* check it's a supported varient */ if (!(strcsequal(str1,"W") && strcsequal(str2,""))) @@ -1429,7 +1428,7 @@ static BOOL api_RDosPrintJobDel(int cnum,uint16 vuid, char *param,char *data, count = get_printqueue(snum,cnum,&queue,NULL); for (i=0;i>8); + int jobid, snum; int uLevel = SVAL(p,2); int function = SVAL(p,4); /* what is this ?? */ int i; char *s = data; + + printjob_decode(SVAL(p,0), &snum, &jobid); *rparam_len = 4; *rparam = REALLOC(*rparam,*rparam_len); @@ -1565,7 +1564,7 @@ static BOOL api_PrintJobInfo(int cnum,uint16 vuid,char *param,char *data, lpq_reset(snum); count = get_printqueue(snum,cnum,&queue,NULL); for (i=0;i> 8; /*## valid serice number??*/ - job = uJobId & 0xFF; + printjob_decode(SVAL(p,0), &snum, &job); if (snum < 0 || !VALID_SNUM(snum)) return(False); count = get_printqueue(snum,cnum,&queue,&status); for (i = 0; i < count; i++) { - if ((queue[i].job % 0xFF) == job) break; + if ((queue[i].job & 0xFF) == job) break; } if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); desc.base = *rdata; -- cgit From 33a003de4056532be0c9a199d4857b9da1b18034 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 14 Sep 1997 16:37:18 +0000 Subject: This commit does 3 main things: 1) put the encryption code in by default, with no #ifdef. It is still disabled by default so you need to add "encrypt passwords = yes" in smb.conf but at least all binaries will have it. 2) cleanup the kanji code so it compiles with no warnings 3) get rid of lots of uses of ugly non-portable C code. The main offender being things like "register" but also remove uses of the "const" keyword as there are compilers out there that don't support it and even those that do often complain about its usage. Users don't like warnings :-( There is still some work to do. We need to replace the md4 code with our own implementation. The current code (from rfc1186) is PD but is not very portable. The new RFC (rfc1320) is more portable but adds copyright restrictions. I'll do a from-scratch MD4 soon. We also need to test that what I've implemented is portable. It should be, but I'm too tired right now to test it on anything other than intel linux. (This used to be commit db917c62c14315afe6f0745a8097c1bca25cbf07) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 55e293d7ff..794bc7bb8e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -440,7 +440,7 @@ static void PackDriverData(struct pack_desc* desc) } static int check_printq_info(struct pack_desc* desc, - int uLevel, char *id1, const char* id2) + int uLevel, char *id1, char *id2) { desc->subformat = NULL; switch( uLevel ) { -- cgit From a8064b0f00f78d04d7e1969ebfbd01fbc55943c6 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Wed, 17 Sep 1997 13:53:59 +0000 Subject: JHT ===> Changed behaviour of logon script processing so that all macros can be used in the logon script parameter definition in the smb.conf Globals section. This fixes a problem reported by Jacco de Leeuw where OS/2 does not see the %u variable. Jacco suggested using %U but we really do want the user for the netlogon share session. If this does not do the trick - well we eat our hat! Yeh! (This used to be commit a7716b2e70606e447094509116455ea53fe8bf64) --- source3/smbd/ipc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 794bc7bb8e..ced3a2009d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2219,6 +2219,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, int uLevel; struct pack_desc desc; char* name; + char* logon_script; uLevel = SVAL(p,0); name = p + 2; @@ -2261,7 +2262,14 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, PACKS(&desc,"z",mypath); /* computer */ } PACKS(&desc,"z",myworkgroup);/* domain */ - PACKS(&desc,"z",lp_logon_script()); /* script path */ + +/* JHT - By calling lp_logon_script() and standard_sub() we have */ +/* made sure all macros are fully substituted and available */ + logon_script = lp_logon_script(); + standard_sub( cnum, logon_script ); + PACKS(&desc,"z", logon_script); /* script path */ +/* End of JHT mods */ + PACKI(&desc,"D",0x00000000); /* reserved */ } -- cgit From cef59090bb2fd3f8a9efd1a453cb90264b891d58 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 1997 18:55:29 +0000 Subject: Adding Andrews buffer overflow fixes into the main branch. Jeremy (jallison@whistle.com) (This used to be commit e7eb1f044d3101679dc7a118820ea5efe0cd837c) --- source3/smbd/ipc.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ced3a2009d..b9355c4ec0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -774,7 +774,7 @@ static int get_server_info(uint32 servertype, pstring line; BOOL local_list_only; - strcpy(fname,lp_lockdir()); + pstrcpy(fname,lp_lockdir()); trim_string(fname,NULL,"/"); strcat(fname,"/"); strcat(fname,SERVER_LIST); @@ -1363,7 +1363,7 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, fstring user; fstring pass1,pass2; - strcpy(user,p); + fstrcpy(user,p); p = skip_string(p,1); @@ -1698,14 +1698,14 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, pstring comment; uint32 servertype= lp_default_server_announce(); - strcpy(comment,lp_serverstring()); + pstrcpy(comment,lp_serverstring()); if ((count=get_server_info(SV_TYPE_ALL,&servers,myworkgroup))>0) { for (i=0;i 0) { @@ -2043,9 +2043,9 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, strcpy(p2,"UserComment"); p2 = skip_string(p2,1); - /* EEK! the cifsrap.txt doesn't have this in!!!! */ + /* EEK! the cifsrap.txt doesn't have this in!!!! */ SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ - strcpy(p2,vuser->real_name); /* simeon */ + strcpy(p2,vuser->real_name); /* simeon */ p2 = skip_string(p2,1); } @@ -2062,7 +2062,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, else { #if (defined(NETGROUP) && defined(AUTOMOUNT)) - strcpy(p2, vuser->home_share); + strcpy(p2, vuser->home_share); #else strcpy(p2,"\\\\%L\\%U"); #endif @@ -2469,7 +2469,8 @@ static void fill_printdest_info(int cnum, int snum, int uLevel, struct pack_desc* desc) { char buf[100]; - strcpy(buf,SERVICE(snum)); + strncpy(buf,SERVICE(snum),sizeof(buf)-1); + buf[sizeof(buf)-1] = 0; strupper(buf); if (uLevel <= 1) { PACKS(desc,"B9",buf); /* szName */ @@ -3026,7 +3027,11 @@ int reply_trans(char *inbuf,char *outbuf) int dsoff = SVAL(inbuf,smb_vwv12); int suwcnt = CVAL(inbuf,smb_vwv13); - StrnCpy(name,smb_buf(inbuf),sizeof(name)-1); + fstrcpy(name,smb_buf(inbuf)); + + if (dscnt > tdscnt || pscnt > tpscnt) { + exit_server("invalid trans parameters\n"); + } if (tdscnt) { @@ -3088,6 +3093,10 @@ int reply_trans(char *inbuf,char *outbuf) pscnt += pcnt; dscnt += dcnt; + if (dscnt > tdscnt || pscnt > tpscnt) { + exit_server("invalid trans parameters\n"); + } + if (pcnt) memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt); if (dcnt) -- cgit From b0bdb42bd12905f5a6990b1cdc5d33fc4a3063a5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Oct 1997 00:21:39 +0000 Subject: ipc.c: Added ERROR_MORE_DATA error if client buffer too small. server.c: Allow admin_user on read only shares. I think this is safe but it needs looking at. Jeremy (jallison@whistle.com) (This used to be commit cc50955a2760f1de7e80b91408a7c0806f6eb44c) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b9355c4ec0..6da9562c9f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1074,7 +1074,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, *rparam_len = 8; *rparam = REALLOC(*rparam,*rparam_len); - SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERROR_MORE_DATA)); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); SSVAL(*rparam,6,counted+missed); -- cgit From 3dd03e4bb7af903eae162648bbf51da04fa68200 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 9 Oct 1997 16:14:53 +0000 Subject: added #ifdef NTDOMAIN. added call to api_ntLsarpc instead of api_Lsarpc in ipc.c iff NTDOMAIN is defined. (This used to be commit 7bc4c4c27bf18ce3f632d230dc919ea341b5abb0) --- source3/smbd/ipc.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6da9562c9f..28cdb22889 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2763,7 +2763,11 @@ struct } api_fd_commands [] = { { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, +#ifdef NTDOMAIN + { "TransactNmPipe", "lsarpc", 0x26, api_ntLsarpcTNP }, +#else { "TransactNmPipe", "lsarpc", 0x26, api_LsarpcTNP }, +#endif { NULL, NULL, -1, (BOOL (*)())api_Unsupported } }; -- cgit From b94ddf082d73249e3ad1590ee24a5c9c33a15e94 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 10 Oct 1997 16:40:23 +0000 Subject: ipc.c : #if NTDOMAIN call to api_netlogRPC #endif lsaparse.c : renamed lsa_io_q_auth2 to lsa_io_q_auth_2. pipes.c : added api_lsa_reply_auth_2() and api_netlogRPC. proto.h : the usual. (This used to be commit e2e1979b6215080593728942d414a273505877df) --- source3/smbd/ipc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 28cdb22889..6b255dd405 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2765,6 +2765,8 @@ struct { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, #ifdef NTDOMAIN { "TransactNmPipe", "lsarpc", 0x26, api_ntLsarpcTNP }, + { "TransactNmPipe", "NETLOGON", 0x26, api_netlogrpcTNP }, + { "SetNmdPpHndState", "NETLOGON", 1, api_netlogrpcTNP }, #else { "TransactNmPipe", "lsarpc", 0x26, api_LsarpcTNP }, #endif -- cgit From 60575a888aebec898fdaf0f6c0c8269607b2571f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 12 Oct 1997 14:17:55 +0000 Subject: ipc.c: debugging info. found that data = NULL because of short packet length indicated from the ntlsaRPC pipe _royally_ stuffs NT's packet handling. maybe this should go down as a service denial bug to the ntbugtraq list. pipes.c lsaparse.c smbparse.c : added more debug stuff. added length of header to data_len in MSRPC fragment_length field (0x18 bytes short) which caused the above bug from NT 4.0. oops. (This used to be commit a6f8de6815e0b85bb23b302980730501ac0b87e5) --- source3/smbd/ipc.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6b255dd405..b314d41679 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2801,30 +2801,35 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, subcommand = setup[0]; DEBUG(3,("Got API command %d on pipe %s ",subcommand,Files[fd].name)); - DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n", - tdscnt,tpscnt,mdrcnt,mprcnt)); + DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n", + tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid)); for (i=0;api_fd_commands[i].name;i++) + { if (strequal(api_fd_commands[i].pipename, Files[fd].name) && - api_fd_commands[i].subcommand == subcommand && - api_fd_commands[i].fn) - { - DEBUG(3,("Doing %s\n",api_fd_commands[i].name)); - break; - } + api_fd_commands[i].subcommand == subcommand && + api_fd_commands[i].fn) + { + DEBUG(3,("Doing %s\n",api_fd_commands[i].name)); + break; + } + } - rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); + rdata = (char *)malloc(1024); if (rdata ) bzero(rdata ,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); + DEBUG(10,("calling api_fd_command\n")); + reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); - if (rdata_len > mdrcnt || - rparam_len > mprcnt) - { - reply = api_TooSmall(cnum,vuid,params,data,mdrcnt,mprcnt, + DEBUG(10,("called api_fd_command\n")); + + if (rdata_len > mdrcnt || rparam_len > mprcnt) + { + reply = api_TooSmall(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); - } + } /* if we get False back then it's actually unsupported */ -- cgit From db20ab9bbdcc8fbfa81883c2d0c952386820de4c Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 12 Oct 1997 19:02:55 +0000 Subject: getting somewhere. ipc.c : removed srvsvc pipe reference: have to do that. pipes.c lsaparse.c smbparse.c : more debugging info. looks a bit like netmon output. (This used to be commit e02aa88e25ae6d4da7953aaff04ff2ae9a656d05) --- source3/smbd/ipc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b314d41679..468d34e157 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2762,13 +2762,14 @@ struct BOOL (*fn) (); } api_fd_commands [] = { - { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, #ifdef NTDOMAIN + { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, + { "SetNmdPpHndState", "NETLOGON", 1, api_LsarpcSNPHS }, { "TransactNmPipe", "lsarpc", 0x26, api_ntLsarpcTNP }, { "TransactNmPipe", "NETLOGON", 0x26, api_netlogrpcTNP }, - { "SetNmdPpHndState", "NETLOGON", 1, api_netlogrpcTNP }, #else - { "TransactNmPipe", "lsarpc", 0x26, api_LsarpcTNP }, + { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, + { "TransactNmPipe" , "lsarpc", 0x26, api_LsarpcTNP }, #endif { NULL, NULL, -1, (BOOL (*)())api_Unsupported } }; -- cgit From df4afea583a8b53aca46e15dcc75bba1af731f9f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 15 Oct 1997 16:51:03 +0000 Subject: added srvsvc basic pipe, straight from paul's code. does NETSHAREENUM and NETSERVERGETINFO. (This used to be commit 96b17b829fc787c15cd366eca604c09d68b5b900) --- source3/smbd/ipc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 468d34e157..c29e8656b1 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2764,8 +2764,10 @@ struct { #ifdef NTDOMAIN { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, + { "SetNmdPpHndState", "srvsvc", 1, api_LsarpcSNPHS }, { "SetNmdPpHndState", "NETLOGON", 1, api_LsarpcSNPHS }, { "TransactNmPipe", "lsarpc", 0x26, api_ntLsarpcTNP }, + { "TransactNmPipe", "srvsvc", 0x26, api_srvsvcTNP }, { "TransactNmPipe", "NETLOGON", 0x26, api_netlogrpcTNP }, #else { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, -- cgit From 359d42c08d012b3e1c1bc6ac1071f8add706ba35 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 15 Oct 1997 21:53:59 +0000 Subject: ipc.c: Adding Andrews become_root code to the main branch. locking.c: Adding Andrews become_root code to the main branch. pipes.c: Fixing the close_file issue. proto.h: The usual. reply.c: Move smb_pass into NTDOMAIN defined code. Fixing the close_file issue. server.c: Fixing the close_file issue. trans2.c: Fixing the close_file issue. uid.c: Adding Andrews become_root code to the main branch. Jeremy (jallison@whistle.com) (This used to be commit 16fd4337f79ce33f91050c96c4a566221c5d9126) --- source3/smbd/ipc.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c29e8656b1..142f139d26 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1602,6 +1602,8 @@ static BOOL api_PrintJobInfo(int cnum,uint16 vuid,char *param,char *data, DEBUG(3,("Setting print name to %s\n",name)); + become_root(True); + for (i=0;i Date: Mon, 20 Oct 1997 12:10:58 +0000 Subject: util.c password.c : added automount_server() function which, if -DAUTOMOUNT is in use, returns the server name of the NIS auto.map entry. otherwise, it returns local_server. added use of automount_server() for a new substitution %N for NIS home server. this defaults, via automount_server(), to the same functionality as %L if -DAUTOMOUNT is not used. removed vuser->home_share. moved code that grabbed the servername into the separate function automount_server(). loadparm.c : created "logon drive" (default of "") created "logon home" (default of "\\%N\%U") changed default of "logon path" from NULL to "\\%N\%U\profile". ipc.c pipenetlog.c : use lp_logon_drive(), lp_logon_home() and lp_logon_path() in their now easier-to-use form (don't have to check if *lp_logon_path() and manually substitute a default of \\%L\%U and do a standard_sub_basic() on the result, because the default automatically does this. (This used to be commit c6c28a4c3c9010ff9d5eac4bad091189a786d5a0) --- source3/smbd/ipc.c | 31 ++----------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 142f139d26..466781c58c 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1999,9 +1999,6 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, /* get NIS home of a previously validated user - simeon */ user_struct *vuser = get_valid_user_struct(vuid); DEBUG(3,(" Username of UID %d is %s\n", vuser->uid, vuser->name)); -#if (defined(NETGROUP) && defined(AUTOMOUNT)) - DEBUG(3,(" HOMESHR for %s is %s\n", vuser->name, vuser->home_share)); -#endif *rparam_len = 6; *rparam = REALLOC(*rparam,*rparam_len); @@ -2059,19 +2056,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,0xffffffff); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - if (*lp_logon_path()) - { - strcpy(p2,lp_logon_path()); - } - else - { -#if (defined(NETGROUP) && defined(AUTOMOUNT)) - strcpy(p2, vuser->home_share); -#else - strcpy(p2,"\\\\%L\\%U"); -#endif - } - standard_sub_basic(p2); + strcpy(p2, lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ strcpy(p2,""); @@ -2107,19 +2092,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SSVAL(p,42, Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - if (*lp_logon_path()) - { - strcpy(p2,lp_logon_path()); - } - else - { -#if (defined(NETGROUP) && defined(AUTOMOUNT)) - strcpy(p2, vuser->home_share); -#else - strcpy(p2,"\\\\%L\\%U"); -#endif - } - standard_sub_basic(p2); + strcpy(p2,lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; -- cgit From ea92c8d3f1acb87426e0fa21568cfce433d9c838 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 21 Oct 1997 09:09:55 +0000 Subject: add some debug info (This used to be commit b22fa0d7e3d1158112e03f93a22232e719fe6003) --- source3/smbd/ipc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 466781c58c..4f6c85de9f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2002,6 +2002,8 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, *rparam_len = 6; *rparam = REALLOC(*rparam,*rparam_len); + + DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel)); /* check it's a supported variant */ if (strcmp(str1,"zWrLh") != 0) return False; -- cgit From efe9b26a7b08cc9ea02cad32a847f71773a6edc4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 21 Oct 1997 18:25:14 +0000 Subject: loadparm.c : added "domain admin users" parameter added "domain guest users" parameter these two complement the "domain groups" parameter. the "domain groups" parameter should be for your own groups, and well-known aliases. util.c : added ability to do "domain groups = power_users admin_users backup_ops" which are well-known RID aliases, not well-known RID groups. pipenetlog.c : combine the "domain admin users"; "domain guest users" and "domain groups" parameters to give an array of RID groups to include in the SAM Logon response. ipc.c smb.h : moved REALLOC() into smb.h added RID #defines. proto.h: usual. (This used to be commit f2554f231d1f59f30224adcc02b2b3ca4c24e0dd) --- source3/smbd/ipc.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 4f6c85de9f..efae39889d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -52,8 +52,6 @@ extern fstring myworkgroup; #define ERROR_INVALID_LEVEL 124 #define ERROR_MORE_DATA 234 -#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024)) - #define ACCESS_READ 0x01 #define ACCESS_WRITE 0x02 #define ACCESS_CREATE 0x04 -- cgit From d38aba33afefc5791c1a672f5786bf2d8da8dda8 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 22 Oct 1997 18:37:43 +0000 Subject: client.c : send to \PIPE\ not \PIPE\NETLOGON. ipc.c : fstring name not being bzero'd caused problems when calling named_pipe(). (This used to be commit 2393c49b0509b8ce021f0acfba135219cd753cf9) --- source3/smbd/ipc.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index efae39889d..01502573fc 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2769,6 +2769,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, int fd; int subcommand; + DEBUG(5,("api_fd_reply\n")); /* First find out the name of this file. */ if (suwcnt != 2) { @@ -2976,18 +2977,24 @@ static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name, int suwcnt,int tdscnt,int tpscnt, int msrcnt,int mdrcnt,int mprcnt) { + DEBUG(3,("named pipe command on <%s> name\n")); - if (strequal(name,"LANMAN")) - return(api_reply(cnum,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt)); + if (strequal(name,"LANMAN")) + { + return api_reply(cnum,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt); + } -if (strlen(name) < 1) - return(api_fd_reply(cnum,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt)); + if (strlen(name) < 1) + { + return api_fd_reply(cnum,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); + } + if (setup) + { + DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1])); + } - DEBUG(3,("named pipe command on <%s> 0x%X setup1=%d\n", - name,(int)setup[0],(int)setup[1])); - - return(0); + return 0; } @@ -3018,6 +3025,7 @@ int reply_trans(char *inbuf,char *outbuf) int dsoff = SVAL(inbuf,smb_vwv12); int suwcnt = CVAL(inbuf,smb_vwv13); + bzero(name, sizeof(name)); fstrcpy(name,smb_buf(inbuf)); if (dscnt > tdscnt || pscnt > tpscnt) { @@ -3096,11 +3104,18 @@ int reply_trans(char *inbuf,char *outbuf) DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",name,tdscnt,tpscnt,suwcnt)); - if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0) + { + DEBUG(5,("calling named_pipe\n")); outsize = named_pipe(cnum,vuid,outbuf,name+strlen("\\PIPE\\"),setup,data,params, suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); + } + else + { + DEBUG(3,("invalid pipe name\n")); + outsize = 0; + } if (data) free(data); -- cgit From 203c93e9221bfa71a00165f251695cafb92f035b Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 23 Oct 1997 16:17:07 +0000 Subject: general sorting out, from crashes generated by do_lsa_req_chal() in client.c trying to set up the data parameters etc and not understanding what's going on. in api_netlogTNP, added smb_io_rpc_hdr() call to decode the header received (and in this instance, generated by do_lsa_req_chal()). and then noticed that it's two bytes out. but i don't know how to do "byte parameters" and it's not the same format as the LSA_REQCHAL received from nt workstations. agh! (This used to be commit 0cc8ce43e1d54b44237bb525f4cf6b77e7ca3ced) --- source3/smbd/ipc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 01502573fc..ebfa564f6e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2781,7 +2781,8 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, fd = setup[1]; subcommand = setup[0]; - DEBUG(3,("Got API command %d on pipe %s ",subcommand,Files[fd].name)); + DEBUG(3,("Got API command %d on pipe %s (fd %x)", + subcommand,Files[fd].name, fd)); DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n", tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid)); -- cgit From a12f04753348e6d52df1f9a2359794deacfc9007 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 24 Oct 1997 13:15:34 +0000 Subject: nterr.c : added a structure that wraps nt errors as strings and enums, so we can do a smb_nt_error() function. Makefile ntclient.c : added ntclient.c, broken out nt domain stuff into a separate file. getting fed up of compile-times and size of client.c. fixed the do_lsa_req_chal() function. made it read the response, and return the challenge credentials received from the server. next stop: do_lsa_auth_2(). client.c : removed nt domain logon functions into a separate file. pipenetlog.c pipentlsa.c pipesrvsvc.c smbparse.c : i'd broken the offsets of the RPC_HDR while trying to sort out the nt client code. fixed it again. added some robustness stuff. util.c : the unistrn2() function was null-terminating the string at one character too many. (This used to be commit 39cec7f698c4461aee05cfbb213879fbd486117d) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ebfa564f6e..61b282fd42 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2978,7 +2978,7 @@ static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name, int suwcnt,int tdscnt,int tpscnt, int msrcnt,int mdrcnt,int mprcnt) { - DEBUG(3,("named pipe command on <%s> name\n")); + DEBUG(3,("named pipe command on <%s> name\n", name)); if (strequal(name,"LANMAN")) { -- cgit From 390c1f3c4d3136b454fa5eb8681fa9ca34eaacc2 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 25 Oct 1997 10:58:18 +0000 Subject: Makefile : adding bits for new nt domain code byteorder.h : trying to get macros right, and not to crash on SUNOS5... client.c : added #ifdef NTDOMAIN, and created do_nt_login() function. don't want to have to recompile client.c unless absolutely necessary. credentials.c : moved deal_with_creds() [possibly inappropriately] into credentials.c ipc.c reply.c server.c uid.c : attempting to make (un)become_root() functions calleable from smbclient. this is a little tricky: smbclient might have to be another setuid root program, immediately setuid'ing to non-root, so that we can reset-uid to root to get at the smbpasswd file. or, have a secure pipe mechanism to smbd to grab smbpasswd entries. or the like. smbdes.c smbencrypt.c : created a function to generate lm and nt owf hashes. lsaparse.c ntclient.c smbparse.c : added nt client LSA_AUTH2 code. it works, too! pipenetlog.c pipentlsa.c pipesrvsvc.c : simplification. code-shuffling. getting that damn offset right for the opcode in RPC_HDR. smb.h : changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL. we might need to store the server times as well. proto.h : the usual. (This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07) --- source3/smbd/ipc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 61b282fd42..9c9c183a14 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1606,11 +1606,12 @@ static BOOL api_PrintJobInfo(int cnum,uint16 vuid,char *param,char *data, if (Files[i].open && Files[i].print_file) { pstring wd; + int fcnum = Files[i].cnum; GetWd(wd); unbecome_user(); - if (!become_user(Files[i].cnum,vuid) || - !become_service(Files[i].cnum,True)) + if (!become_user(&Connections[fcnum], fcnum,vuid) || + !become_service(fcnum,True)) break; if (sys_rename(Files[i].name,name) == 0) -- cgit From f868196c1db2e4559960a1ded81afad7dd873beb Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 27 Oct 1997 16:14:29 +0000 Subject: checks against file handle in api_fd_reply(). i don't know what error message should be returned, so i just let it fall through to sending an "api_unsupported" (This used to be commit 85d132da6756da0904fe894ea617b84e38e610ff) --- source3/smbd/ipc.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9c9c183a14..0354b4ecbe 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2765,10 +2765,13 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, char *rparam = NULL; int rdata_len = 0; int rparam_len = 0; - BOOL reply=False; + + BOOL reply = False; + int i; int fd; int subcommand; + pstring pipe_name; DEBUG(5,("api_fd_reply\n")); /* First find out the name of this file. */ @@ -2781,19 +2784,28 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, /* Get the file handle and hence the file name. */ fd = setup[1]; subcommand = setup[0]; - + if (fd >= 0 && fd < MAX_OPEN_FILES) + { + pstrcpy(pipe_name, Files[fd].name); + } + else + { + pipe_name[0] = 0; + DEBUG(1,("api_fd_reply: INVALID FILE HANDLE: %x\n", fd)); + } + DEBUG(3,("Got API command %d on pipe %s (fd %x)", - subcommand,Files[fd].name, fd)); + subcommand, pipe_name, fd)); DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n", tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid)); - for (i=0;api_fd_commands[i].name;i++) + for (i = 0; api_fd_commands[i].name; i++) { - if (strequal(api_fd_commands[i].pipename, Files[fd].name) && + if (strequal(api_fd_commands[i].pipename, pipe_name) && api_fd_commands[i].subcommand == subcommand && api_fd_commands[i].fn) { - DEBUG(3,("Doing %s\n",api_fd_commands[i].name)); + DEBUG(3,("Doing %s\n", api_fd_commands[i].name)); break; } } -- cgit From 8f0316bdbcba996d40ac152a9ac076a18b5dd7ec Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 28 Oct 1997 19:32:59 +0000 Subject: Adding Windows 95 printer driver code donated by Jean-Francois.Micouleau@utc.fr. New program, make_printerdef, plus two new parameters : [global] "printer driver file" [local] "printer driver location" Jeremy. (This used to be commit 9a5b42e6b3e7a35d56f81e9428fc747246e2fc5c) --- source3/smbd/ipc.c | 139 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 133 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0354b4ecbe..65f85719ae 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -462,6 +462,10 @@ static int check_printq_info(struct pack_desc* desc, case 5: desc->format = "z"; break; + case 52: + desc->format = "WzzzzzzzzN"; + desc->subformat = "z"; + break; default: return False; } if (strcmp(desc->format,id1) != 0) return False; @@ -521,11 +525,18 @@ static void fill_printq_info(int cnum, int snum, int uLevel, int count, print_queue_struct* queue, print_status_struct* status) { - if (uLevel < 3) { - PACKS(desc,"B13",SERVICE(snum)); - } else { - PACKS(desc,"z",Expand(cnum,snum,SERVICE(snum))); + switch (uLevel) { + case 1: + case 2: + PACKS(desc,"B13",SERVICE(snum)); + break; + case 3: + case 4: + case 5: + PACKS(desc,"z",Expand(cnum,snum,SERVICE(snum))); + break; } + if (uLevel == 1 || uLevel == 2) { PACKS(desc,"B",""); /* alignment */ PACKI(desc,"W",5); /* priority */ @@ -573,10 +584,119 @@ static void fill_printq_info(int cnum, int snum, int uLevel, for (i=0;i gave %d entries\n",SERVICE(snum),count)); } +/* This function returns the number of file for a given driver */ +int get_printerdrivernumber(int snum) +{ + int i=0,ok=0; + pstring tok; + char *p,*q; + FILE *f; + pstring fname; + + strcpy(fname,lp_driverfile()); + + DEBUG(4,("In get_printerdrivernumber: %s\n",fname)); + f=fopen(fname,"r"); + if (!f) { + DEBUG(0,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno))); + return(0); + } + + p=(char *)malloc(8192*sizeof(char)); + q=p; /* need it to free memory because p change ! */ + + /* lookup the long printer driver name in the file description */ + while (!feof(f) && !ok) + { + fgets(p,8191,f); + next_token(&p,tok,":"); + if(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))) ok=1; + } + + if (ok) { + /* skip 2 fields */ + next_token(&p,tok,":"); /* short name */ + next_token(&p,tok,":"); /* driver name */ + /* count the number of files */ + while (next_token(&p,tok,",")) + i++; + } + fclose(f); + free(q); + + return(i); +} + static BOOL api_DosPrintQGetInfo(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, @@ -622,7 +742,14 @@ static BOOL api_DosPrintQGetInfo(int cnum,uint16 vuid, char *param,char *data, if (snum < 0 || !VALID_SNUM(snum)) return(False); - count = get_printqueue(snum,cnum,&queue,&status); + if (uLevel==52) + { + count = get_printerdrivernumber(snum); + DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count)); + } + else + count = get_printqueue(snum,cnum,&queue,&status); + if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; -- cgit From fe0a702322bdf3c76a517e2fd7e92a05219c49dd Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 29 Oct 1997 00:04:14 +0000 Subject: byteorder.h : added mode for printing debug array data as chars not uint8/16/32s. only really useful for (uint8) strings or (uint16) unicode strings lsaparse.c smbparse.c smb.h : rpc bind and rpc bind ack structures and parsing and creation functions. ipc.c pipes.c pipenetlog.c pipentlsa.c pipesrvsvc.c : using rpc bind / bind ack parsing routines instead of incorrect use of api_LsarpcTNP1 function. ntclient.c : creation of do_rpc_bind() function. THAT'S IT, FOLKS! (This used to be commit 21c89e2f17c51939fd6b53dddbe3072419eb0db2) --- source3/smbd/ipc.c | 48 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 65f85719ae..b7939f2461 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2893,7 +2893,8 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, int rdata_len = 0; int rparam_len = 0; - BOOL reply = False; + BOOL reply = False; + BOOL bind_req = False; int i; int fd; @@ -2940,12 +2941,49 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, rdata = (char *)malloc(1024); if (rdata ) bzero(rdata ,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); - DEBUG(10,("calling api_fd_command\n")); +#ifdef NTDOMAIN + if (api_fd_commands[i].subcommand != -1) + { + RPC_HDR hdr; + char *q = smb_io_rpc_hdr(True, &hdr, data, data, 4, 0); + + if ((bind_req = ((q != NULL) && (hdr.pkt_type == RPC_BIND)))) + { + RPC_HDR_RB hdr_rb; + + char *p = smb_io_rpc_hdr_rb(True, &hdr_rb, q, data, 4, 0); + + if ((bind_req = (p != NULL))) + { + RPC_HDR_BA hdr_ba; + make_rpc_hdr_ba(&hdr_ba, + hdr_rb.bba.max_tsize, hdr_rb.bba.max_rsize, hdr_rb.bba.assoc_gid, + api_fd_commands[i].pipename, + 0x1, 0x0, 0x0, + &(hdr_rb.transfer)); + + p = smb_io_rpc_hdr_ba(False, &hdr_ba, rdata + 0x10, rdata, 4, 0); + + rdata_len = PTR_DIFF(p, rdata); + + make_rpc_hdr(&hdr, RPC_BINDACK, hdr.call_id, rdata_len); - reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt, + p = smb_io_rpc_hdr(False, &hdr, rdata, rdata, 4, 0); + + reply = (p != NULL); + } + } + } +#endif + + if (!bind_req) + { + DEBUG(10,("calling api_fd_command\n")); + + reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); - - DEBUG(10,("called api_fd_command\n")); + DEBUG(10,("called api_fd_command\n")); + } if (rdata_len > mdrcnt || rparam_len > mprcnt) { -- cgit From b925b3d20c8e85c7b65a0ad599248443ae12905c Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 29 Oct 1997 01:05:46 +0000 Subject: added frag field to make_rpc_hdr() function (This used to be commit 6b0e51929495582bc48a4d5fba24aa7c1f7caaf6) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b7939f2461..aa1d2d5c4f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2966,7 +2966,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, rdata_len = PTR_DIFF(p, rdata); - make_rpc_hdr(&hdr, RPC_BINDACK, hdr.call_id, rdata_len); + make_rpc_hdr(&hdr, RPC_BINDACK, 0x0, hdr.call_id, rdata_len); p = smb_io_rpc_hdr(False, &hdr, rdata, rdata, 4, 0); -- cgit From 0db5b8fdc97d24bdfadefb9b043df614644c578a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 29 Oct 1997 14:34:17 +0000 Subject: ipc.c : bind ack should contain \PIPE\pipename not just pipename. ntclientpipe.c : sanity in bind ack: pipe name checks; transfer syntax checks; reason checks. (This used to be commit c2e2197e9d87795bda0198247c7bb132fe586fc1) --- source3/smbd/ipc.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index aa1d2d5c4f..c2cfc15a21 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2945,20 +2945,31 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, if (api_fd_commands[i].subcommand != -1) { RPC_HDR hdr; + + /* process the rpc header */ char *q = smb_io_rpc_hdr(True, &hdr, data, data, 4, 0); + /* bind request received */ if ((bind_req = ((q != NULL) && (hdr.pkt_type == RPC_BIND)))) { RPC_HDR_RB hdr_rb; + /* decode the bind request */ char *p = smb_io_rpc_hdr_rb(True, &hdr_rb, q, data, 4, 0); if ((bind_req = (p != NULL))) { RPC_HDR_BA hdr_ba; + fstring ack_pipe_name; + + /* name has to be \PIPE\xxxxx */ + strcpy(ack_pipe_name, "\\PIPE\\"); + strcat(ack_pipe_name, api_fd_commands[i].pipename); + + /* make a bind acknowledgement */ make_rpc_hdr_ba(&hdr_ba, hdr_rb.bba.max_tsize, hdr_rb.bba.max_rsize, hdr_rb.bba.assoc_gid, - api_fd_commands[i].pipename, + ack_pipe_name, 0x1, 0x0, 0x0, &(hdr_rb.transfer)); -- cgit From 520878fd1f440a7313cedb4827bdc81454d94d20 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 29 Oct 1997 19:05:34 +0000 Subject: ipc.c ntclientpipe.c: response to Bind Acknowledgment needs a lookup table for the PIPE string (secondary address in RPC_HDR_BA structure). smbparse.c util.c : interesting problem, i think caused by us typecasting a uint16* buffer to char*. found on a SPARC. (This used to be commit 420408ee83902faa6cf871f26e93ad5efb483727) --- source3/smbd/ipc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c2cfc15a21..088ecfbddd 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2862,23 +2862,27 @@ static BOOL api_WPrintPortEnum(int cnum,uint16 vuid, char *param,char *data, struct { char * name; - char * pipename; + char * pipe_clnt_name; +#ifdef NTDOMAIN + char * pipe_srv_name; +#endif int subcommand; BOOL (*fn) (); } api_fd_commands [] = { #ifdef NTDOMAIN - { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, - { "SetNmdPpHndState", "srvsvc", 1, api_LsarpcSNPHS }, - { "SetNmdPpHndState", "NETLOGON", 1, api_LsarpcSNPHS }, - { "TransactNmPipe", "lsarpc", 0x26, api_ntLsarpcTNP }, - { "TransactNmPipe", "srvsvc", 0x26, api_srvsvcTNP }, - { "TransactNmPipe", "NETLOGON", 0x26, api_netlogrpcTNP }, + { "SetNmdPpHndState", "lsarpc", "lsass", 1, api_LsarpcSNPHS }, + { "SetNmdPpHndState", "srvsvc", "lsass", 1, api_LsarpcSNPHS }, + { "SetNmdPpHndState", "NETLOGON", "NETLOGON", 1, api_LsarpcSNPHS }, + { "TransactNmPipe", "lsarpc", "lsass", 0x26, api_ntLsarpcTNP }, + { "TransactNmPipe", "srvsvc", "lsass", 0x26, api_srvsvcTNP }, + { "TransactNmPipe", "NETLOGON", "NETLOGON", 0x26, api_netlogrpcTNP }, + { NULL, NULL, NULL, -1, (BOOL (*)())api_Unsupported } #else { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, { "TransactNmPipe" , "lsarpc", 0x26, api_LsarpcTNP }, -#endif { NULL, NULL, -1, (BOOL (*)())api_Unsupported } +#endif }; /**************************************************************************** @@ -2929,7 +2933,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, for (i = 0; api_fd_commands[i].name; i++) { - if (strequal(api_fd_commands[i].pipename, pipe_name) && + if (strequal(api_fd_commands[i].pipe_clnt_name, pipe_name) && api_fd_commands[i].subcommand == subcommand && api_fd_commands[i].fn) { @@ -2964,7 +2968,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, /* name has to be \PIPE\xxxxx */ strcpy(ack_pipe_name, "\\PIPE\\"); - strcat(ack_pipe_name, api_fd_commands[i].pipename); + strcat(ack_pipe_name, api_fd_commands[i].pipe_srv_name); /* make a bind acknowledgement */ make_rpc_hdr_ba(&hdr_ba, -- cgit From 1337b6170376ea690994e18ebb67137d6ab001e8 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 29 Oct 1997 20:08:09 +0000 Subject: zero data parameter being passed to smb_io_rpc_hdr(), which couldn't cope. (This used to be commit c0137cd8fe1362beef9ce879cc558869bdf2edfa) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 088ecfbddd..0d57b1ecfe 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2946,7 +2946,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); #ifdef NTDOMAIN - if (api_fd_commands[i].subcommand != -1) + if (data != NULL && api_fd_commands[i].subcommand != -1) { RPC_HDR hdr; -- cgit From a275e5d4e16142a9924f8b97980f364a80df3b64 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 30 Oct 1997 01:05:13 +0000 Subject: removed mechanism that created actual files NETLOGON, lsarpc and the like, which are pipes on the IPC$ connection. created mechanism to record pipe names in a separate pipes_struct. it is planned to expand this, to return sensible things like interface structures, and policy handles (RPC_IFACE and LSA_POL_HND). and the like. (This used to be commit 33cce5fac0e2f818a19a6c4e6a797ef44f3b5c75) --- source3/smbd/ipc.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0d57b1ecfe..b525f06046 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2903,7 +2903,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, int i; int fd; int subcommand; - pstring pipe_name; + char *pipe_name; DEBUG(5,("api_fd_reply\n")); /* First find out the name of this file. */ @@ -2916,14 +2916,11 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, /* Get the file handle and hence the file name. */ fd = setup[1]; subcommand = setup[0]; - if (fd >= 0 && fd < MAX_OPEN_FILES) - { - pstrcpy(pipe_name, Files[fd].name); - } - else + pipe_name = get_pipe_name(fd); + + if (pipe_name == NULL) { - pipe_name[0] = 0; - DEBUG(1,("api_fd_reply: INVALID FILE HANDLE: %x\n", fd)); + DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", fd)); } DEBUG(3,("Got API command %d on pipe %s (fd %x)", @@ -2946,7 +2943,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); #ifdef NTDOMAIN - if (data != NULL && api_fd_commands[i].subcommand != -1) + if (data != NULL && api_fd_commands[i].subcommand == 0x26) { RPC_HDR hdr; -- cgit From 739a730637b8320dce85c12686a4d4647990824d Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 30 Oct 1997 17:08:42 +0000 Subject: Makefile: simply adding pipes.o to SMBDOBJ3. rpc_pipes/pipe_hnd.c : created pipe handles module. pipes.c server.c : use of pipe_hnd functions in SMBopenX and SMBclose, on the IPC$ pipe. (This used to be commit ada256b5e3b9fb0db988e3be7d47943e7c19b3fb) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b525f06046..a42baea80a 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2916,7 +2916,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, /* Get the file handle and hence the file name. */ fd = setup[1]; subcommand = setup[0]; - pipe_name = get_pipe_name(fd); + pipe_name = get_rpc_pipe_hnd_name(fd); if (pipe_name == NULL) { -- cgit From 55e2dc7c6f4378adfdcbd166b2680096a3e4a5a4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 30 Oct 1997 21:51:15 +0000 Subject: storing pipe name state (from set named pipe handle state call) in the pipes array. (This used to be commit 5335d5cdc4659f4676958f0399e2de29a117c133) --- source3/smbd/ipc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a42baea80a..1943129ba6 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2871,15 +2871,11 @@ struct } api_fd_commands [] = { #ifdef NTDOMAIN - { "SetNmdPpHndState", "lsarpc", "lsass", 1, api_LsarpcSNPHS }, - { "SetNmdPpHndState", "srvsvc", "lsass", 1, api_LsarpcSNPHS }, - { "SetNmdPpHndState", "NETLOGON", "NETLOGON", 1, api_LsarpcSNPHS }, { "TransactNmPipe", "lsarpc", "lsass", 0x26, api_ntLsarpcTNP }, { "TransactNmPipe", "srvsvc", "lsass", 0x26, api_srvsvcTNP }, { "TransactNmPipe", "NETLOGON", "NETLOGON", 0x26, api_netlogrpcTNP }, { NULL, NULL, NULL, -1, (BOOL (*)())api_Unsupported } #else - { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, { "TransactNmPipe" , "lsarpc", 0x26, api_LsarpcTNP }, { NULL, NULL, -1, (BOOL (*)())api_Unsupported } #endif @@ -2899,6 +2895,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, BOOL reply = False; BOOL bind_req = False; + BOOL set_nphs = False; int i; int fd; @@ -2943,6 +2940,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); #ifdef NTDOMAIN + /* RPC Pipe command 0x26. */ if (data != NULL && api_fd_commands[i].subcommand == 0x26) { RPC_HDR hdr; @@ -2988,7 +2986,14 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, } #endif - if (!bind_req) + /* Set Named Pipe Handle state */ + if (subcommand == 0x1) + { + set_nphs = True; + reply = api_LsarpcSNPHS(fd, cnum, params); + } + + if (!bind_req && !set_nphs) { DEBUG(10,("calling api_fd_command\n")); @@ -3003,19 +3008,18 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, &rdata,&rparam,&rdata_len,&rparam_len); } - /* if we get False back then it's actually unsupported */ if (!reply) + { api_Unsupported(cnum,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); + } /* now send the reply */ send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0); - if (rdata) - free(rdata); - if (rparam) - free(rparam); + if (rdata ) free(rdata ); + if (rparam) free(rparam); return(-1); } -- cgit From bd529d7a83c35be233baca09bc79aa911ad443ce Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 6 Nov 1997 23:03:58 +0000 Subject: following a cvs error, i am rewriting this monster-commit. with bad grace. Modified Files: --------------- Makefile: adding extra files ipc.c : send_trans_reply() - alignment issue. this makes the alignment the same as that in NT. this should be looked at by people who understand the SMB stuff better than i. api_fd_commands[] - added samr and wkssvc pipes. loadparm.c : lp_domain_controller() changed to mean "samba is a domain controller". it's a "yes/no" parameter, now. no, it isn't used _anywhere_. namedbwork.c nameelect.c : if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the host _and_ workgroup announcements. yes, you must do both: nt does. namelogon.c : important NETLOGON bug in SAMLOGON request parsing, which may be the source of some people's problems with logging on to the Samba PDC. password.c : get_smbpwnam() renamed to get_smbpwd_entry(). pipes.c : added samr and wkssvc pipes. proto.h : usual. can we actually _remove_ proto.h from the cvs tree, and have it as one of the Makefile dependencies, or something? reply.c : get_smbpwnam() renamed to get_smbpwd_entry() - also changed response error code when logging in from a WORKSTATION$ account. yes, paul is right: we need to know when to return the right error code, and why. server.c : added call to reset_chain_pnum(). #ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy, you'd be proud: i did a compile without NTDOMAIN, and caught a link error for this function. smb.h : defines and structures for samr and wkssvc pipes. smbpass.c : modified get_smbpwnam() to get_smbpwd_entry() and it now takes two arguments. one for the name; if this is null, it looks up by smb_userid instead. oh, by the way, smb_userids are actually domain relative ids (RIDs). concatenate a RID with the domain SID, and you have an internet globally unique way of identifying a user. we're using RIDs in the wrong way.... added mod_smbpwnam() function. this was based on code in smbpasswd.c rpc_pipes/lsaparse.c : added enum trusted domain parsing. this is incomplete: i need a packet trace to write it properly. rpc_pipes/pipe_hnd.c : added reset_chain_pnum() function. rpc_pipes/pipenetlog.c : get_smbpwnam() function renamed to get_smbpwd_entry(). arcfour() issues. removed capability of get_md4pw() function to automatically add workstation accounts. this should either be done using smbpasswd -add MACHINE$, or by using \PIPE\samr. rpc_pipes/pipe_util.c : create_pol_hnd() - creates a unique LSA Policy Handle. overkill function: uses a 64 bit sequence number; current unix time and the smbd pid. rpc_pipes/smbparse.c : arcfour() issues. smb_io_unistr2() should advance by uni_str_len not uni_max_len. smb_io_smb_hdr_rb() - request bind uses uint16 for the context id, and uint8 for the num_syntaxes. oops, i put these both as uint32s. Added Files: ------------ rpc_pipes/lsa_hnd.c : on the samr pipe, allocate and associate an LSA Policy Handle with a SID. you receive queries with the LSA Policy Handle, and have to turn this back into a SID in order to answer the query... rpc_pipes/pipesamr.c rpc_pipes/samrparse.c \PIPE\samr processing. samr i presume is the SAM Replication pipe. rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c \PIPE\wkssvc processing. the Workstation Service pipe? holy cow. (This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f) --- source3/smbd/ipc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1943129ba6..ce14ccd9bc 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -144,7 +144,7 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); - align = (this_lparam%4); + align = (this_lparam%4)+1; set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); if (this_lparam) @@ -2872,7 +2872,9 @@ struct { #ifdef NTDOMAIN { "TransactNmPipe", "lsarpc", "lsass", 0x26, api_ntLsarpcTNP }, + { "TransactNmPipe", "samr", "lsass", 0x26, api_samrTNP }, { "TransactNmPipe", "srvsvc", "lsass", 0x26, api_srvsvcTNP }, + { "TransactNmPipe", "wkssvc", "ntsvcs", 0x26, api_wkssvcTNP }, { "TransactNmPipe", "NETLOGON", "NETLOGON", 0x26, api_netlogrpcTNP }, { NULL, NULL, NULL, -1, (BOOL (*)())api_Unsupported } #else -- cgit From 36e5b646d9d6f40b44a9c851c5f8caa499eb2237 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 1997 23:34:51 +0000 Subject: ipc.c: Changing back arbitrary alignment change until I know *why* luke changed it. proto.h: The usual. uid.c: Fix crash bug when attaching with smbclient -mCORE. A vuid pointer was being used when it was null. Jeremy. (This used to be commit ff94f97cf2b0f62cbbddbfd3d126df7f4d649334) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ce14ccd9bc..604cf24d8f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -144,7 +144,7 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); - align = (this_lparam%4)+1; + align = (this_lparam%4); set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); if (this_lparam) -- cgit From b9c6add64536e855156a00e32e5288486114e66e Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 7 Nov 1997 03:28:43 +0000 Subject: ipc.c : added a #define around the alignment thing: it's a way to stop NetMonitor from decoding your packets!!!! proto.h : usual. reply.c : added what i believe to be the correct error messages for getting correct domain joining. smb.h : some guesses at good names of the SAMR_XXXX functions. sorting out the SAMR_LOOKUP_RIDS function. this is *not* the same as the LSA_LOOKUP_RIDS function, unless paul accidentally put it on the ntlsa pipe by mistake, instead of the samr pipe :-) rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c : moved creation and allocation of unique policy handles into this module. rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c : SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the LSA_LOOKUP_RIDS function. but i know that there are subtle discrepancies. (This used to be commit 6bc07b0b4193e28b13a675fece8d9d6b365a7eb0) --- source3/smbd/ipc.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 604cf24d8f..741290d2a2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -144,7 +144,12 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); +#ifdef CONFUSE_NETMONITOR_MSRPC_DECODING + /* if you don't want Net Monitor to decode your packets, do this!!! */ + align = ((this_lparam+1)%4); +#else align = (this_lparam%4); +#endif set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); if (this_lparam) -- cgit From 689ed3481d491e247fac8fb57a0bd78bfa216c2a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Nov 1997 23:30:49 +0000 Subject: ipc.c: Changed reply_trans to use receive_next_smb() to cope with local message processing. reply.c: Added check to reply_lockingX for chain after oplock break. server.c: Added receive_next_smb(). trans2.c: Changed reply_trans2 to use receive_next_smb() to cope with local message processing. (This used to be commit f4ae644e13f2c4479dfc94c77c0a8295edf54086) --- source3/smbd/ipc.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 741290d2a2..c862ff3b38 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -62,6 +62,8 @@ extern fstring myworkgroup; #define QNLEN 12 /* queue name maximum length */ extern int Client; +extern int oplock_sock; +extern int smb_read_error; static BOOL api_Unsupported(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, @@ -3203,7 +3205,7 @@ static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name, /**************************************************************************** reply to a SMBtrans ****************************************************************************/ -int reply_trans(char *inbuf,char *outbuf) +int reply_trans(char *inbuf,char *outbuf, int size, int bufsize) { fstring name; @@ -3266,12 +3268,18 @@ int reply_trans(char *inbuf,char *outbuf) /* receive the rest of the trans packet */ while (pscnt < tpscnt || dscnt < tdscnt) { + BOOL ret; int pcnt,poff,dcnt,doff,pdisp,ddisp; - if (!receive_smb(Client,inbuf, SMB_SECONDARY_WAIT) || - CVAL(inbuf, smb_com) != SMBtrans) + ret = receive_next_smb(Client,oplock_sock,inbuf,bufsize,SMB_SECONDARY_WAIT); + + if ((ret && (CVAL(inbuf, smb_com) != SMBtrans)) || !ret) { - DEBUG(2,("Invalid secondary trans2 packet\n")); + if(ret) + DEBUG(0,("reply_trans: Invalid secondary trans packet\n")); + else + DEBUG(0,("reply_trans: %s in getting secondary trans response.\n", + (smb_read_error == READ_ERROR) ? "error" : "timeout" )); if (params) free(params); if (data) free(data); if (setup) free(setup); -- cgit From ec8e33cde691a6591bcd9846308ba7e6bd1cd882 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 29 Nov 1997 13:29:13 +0000 Subject: use -1 not 0xffffffff in SIVALS() macros use the same process_exists() code on all systems (it's probably faster anyway) (This used to be commit 901b95aa77ac1ecc45823c23fb4e1d9da8dc8318) --- source3/smbd/ipc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c862ff3b38..50ad831eb3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2189,7 +2189,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, { SSVAL(p,usri11_priv,Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ - SIVALS(p,usri11_password_age,0xffffffff); /* password age */ + SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ strcpy(p2, lp_logon_path()); p2 = skip_string(p2,1); @@ -2198,8 +2198,8 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, p2 = skip_string(p2,1); SIVAL(p,usri11_last_logon,0); /* last logon */ SIVAL(p,usri11_last_logoff,0); /* last logoff */ - SSVALS(p,usri11_bad_pw_count,0xffffffff); /* bad pw counts */ - SSVALS(p,usri11_num_logons,0xffffffff); /* num logons */ + SSVALS(p,usri11_bad_pw_count,-1); /* bad pw counts */ + SSVALS(p,usri11_num_logons,-1); /* num logons */ SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */ strcpy(p2,"\\\\*"); p2 = skip_string(p2,1); @@ -2209,7 +2209,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, strcpy(p2,""); p2 = skip_string(p2,1); - SIVALS(p,usri11_max_storage,0xffffffff); /* max storage */ + SIVALS(p,usri11_max_storage,-1); /* max storage */ SSVAL(p,usri11_units_per_week,168); /* units per week */ SIVAL(p,usri11_logon_hours,PTR_DIFF(p2,p)); /* logon hours */ -- cgit From 0a5073e985847acac11979771bdc04308a903107 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Thu, 1 Jan 1998 13:55:28 +0000 Subject: fixes to make_printerdef.c to generate a correct printers.def file changes to ipc.c to use new printers.def file (This used to be commit 52e275c4ccc1b7f0c2ef8d12d28065898a1c89c9) --- source3/smbd/ipc.c | 49 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 12 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 50ad831eb3..af1c928ba2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -594,7 +594,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, if (uLevel==52) { int i,ok=0; - pstring tok,driver,short_name; + pstring tok,driver,datafile, langmon, helpfile, datatype; char *p,*q; FILE *f; pstring fname; @@ -621,33 +621,58 @@ static void fill_printq_info(int cnum, int snum, int uLevel, fclose(f); - next_token(&p,short_name,":"); - next_token(&p,driver,":"); + next_token(&p,driver,":"); /* driver file name */ + next_token(&p,datafile,":"); /* data file name */ +/* + * for the next tokens - which may be empty - I have to check for empty + * tokens first because the next_token function will skip all empty + * token fields + */ + if (*p == ':') { + *helpfile = '\0'; + p++; + }else + next_token(&p,helpfile,":"); /* help file */ + if (*p == ':') { + *langmon = '\0'; + p++; + }else + next_token(&p,langmon,":"); /* language monitor */ + + next_token(&p,datatype,":"); /* default data type */ PACKI(desc,"W",0x0400); /* don't know */ - PACKS(desc,"z",lp_printerdriver(snum)); /* long printer name */ + PACKS(desc,"z",lp_printerdriver(snum)); /* long printer name */ if (ok) { - PACKS(desc,"z",driver); /* Driver Name */ - PACKS(desc,"z",short_name); /* short printer name */ + PACKS(desc,"z",driver); /* Driverfile Name */ + PACKS(desc,"z",datafile); /* Datafile name */ + PACKS(desc,"z",langmon); /* language monitor */ DEBUG(3,("Driver:%s:\n",driver)); - DEBUG(3,("short name:%s:\n",short_name)); + DEBUG(3,("Data File:%s:\n",datafile)); + DEBUG(3,("Language Monitor:%s:\n",langmon)); } else { PACKS(desc,"z",""); PACKS(desc,"z",""); + PACKS(desc,"z",""); } - PACKS(desc,"z",""); PACKS(desc,"z",lp_driverlocation(snum)); /* share to retrieve files */ - PACKS(desc,"z","EMF"); - PACKS(desc,"z",""); - if (ok) + if (ok) { + PACKS(desc,"z",datatype); /* default data type */ + PACKS(desc,"z",helpfile); /* helpfile name */ PACKS(desc,"z",driver); /* driver name */ - else + DEBUG(3,("Data Type:%s:\n",datatype)); + DEBUG(3,("Help File:%s:\n",helpfile)); + } + else { + PACKS(desc,"z","RAW"); PACKS(desc,"z",""); + PACKS(desc,"z",""); + } PACKI(desc,"N",count); /* number of files to copy */ for (i=0;i Date: Fri, 2 Jan 1998 13:33:20 +0000 Subject: fix printer driver rpc to prevent core dumps. (This used to be commit 0c82d139e3eb20a00016df30f33835ab5150ecea) --- source3/smbd/ipc.c | 138 ++++++++++++++++++++++++++++------------------------- 1 file changed, 73 insertions(+), 65 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index af1c928ba2..994e0b293b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -594,16 +594,17 @@ static void fill_printq_info(int cnum, int snum, int uLevel, if (uLevel==52) { int i,ok=0; - pstring tok,driver,datafile, langmon, helpfile, datatype; + pstring tok,driver,datafile,langmon,helpfile,datatype; char *p,*q; FILE *f; pstring fname; strcpy(fname,lp_driverfile()); - f=fopen(fname,"r"); if (!f) { - DEBUG(0,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno))); + DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno))); + desc->errcode=NERR_notsupported; + return; } p=(char *)malloc(8192*sizeof(char)); @@ -613,80 +614,80 @@ static void fill_printq_info(int cnum, int snum, int uLevel, /* lookup the long printer driver name in the file description */ while (f && !feof(f) && !ok) { + p = q; /* reset string pointer */ fgets(p,8191,f); p[strlen(p)-1]='\0'; - next_token(&p,tok,":"); - if(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))) ok=1; + if (next_token(&p,tok,":") && + (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) + ok=1; } - fclose(f); - next_token(&p,driver,":"); /* driver file name */ - next_token(&p,datafile,":"); /* data file name */ -/* - * for the next tokens - which may be empty - I have to check for empty - * tokens first because the next_token function will skip all empty - * token fields - */ - if (*p == ':') { - *helpfile = '\0'; - p++; - }else - next_token(&p,helpfile,":"); /* help file */ - if (*p == ':') { - *langmon = '\0'; - p++; - }else - next_token(&p,langmon,":"); /* language monitor */ - - next_token(&p,datatype,":"); /* default data type */ - - PACKI(desc,"W",0x0400); /* don't know */ - PACKS(desc,"z",lp_printerdriver(snum)); /* long printer name */ + /* driver file name */ + if (ok && !next_token(&p,driver,":")) ok = 0; + /* data file name */ + if (ok && !next_token(&p,datafile,":")) ok = 0; + /* + * for the next tokens - which may be empty - I have to check for empty + * tokens first because the next_token function will skip all empty + * token fields + */ + if (ok) { + /* help file */ + if (*p == ':') { + *helpfile = '\0'; + p++; + } else if (!next_token(&p,helpfile,":")) ok = 0; + } - if (ok) - { + if (ok) { + /* language monitor */ + if (*p == ':') { + *langmon = '\0'; + p++; + } else if (!next_token(&p,langmon,":")) ok = 0; + } + + /* default data type */ + if (ok && !next_token(&p,datatype,":")) ok = 0; + + if (ok) { + PACKI(desc,"W",0x0400); /* don't know */ + PACKS(desc,"z",lp_printerdriver(snum)); /* long printer name */ PACKS(desc,"z",driver); /* Driverfile Name */ PACKS(desc,"z",datafile); /* Datafile name */ PACKS(desc,"z",langmon); /* language monitor */ + PACKS(desc,"z",lp_driverlocation(snum)); /* share to retrieve files */ + PACKS(desc,"z",datatype); /* default data type */ + PACKS(desc,"z",helpfile); /* helpfile name */ + PACKS(desc,"z",driver); /* driver name */ DEBUG(3,("Driver:%s:\n",driver)); DEBUG(3,("Data File:%s:\n",datafile)); DEBUG(3,("Language Monitor:%s:\n",langmon)); - } - else - { - PACKS(desc,"z",""); - PACKS(desc,"z",""); - PACKS(desc,"z",""); - } - - PACKS(desc,"z",lp_driverlocation(snum)); /* share to retrieve files */ - if (ok) { - PACKS(desc,"z",datatype); /* default data type */ - PACKS(desc,"z",helpfile); /* helpfile name */ - PACKS(desc,"z",driver); /* driver name */ DEBUG(3,("Data Type:%s:\n",datatype)); DEBUG(3,("Help File:%s:\n",helpfile)); - } - else { - PACKS(desc,"z","RAW"); - PACKS(desc,"z",""); - PACKS(desc,"z",""); - } - PACKI(desc,"N",count); /* number of files to copy */ - for (i=0;i gave %d entries\n", + SERVICE(snum),count)); + } else { + DEBUG(3,("fill_printq_info: Can't supply driver files\n")); + desc->errcode=NERR_notsupported; } free(q); } - - DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",SERVICE(snum),count)); } -/* This function returns the number of file for a given driver */ +/* This function returns the number of files for a given driver */ int get_printerdrivernumber(int snum) { int i=0,ok=0; @@ -700,7 +701,7 @@ int get_printerdrivernumber(int snum) DEBUG(4,("In get_printerdrivernumber: %s\n",fname)); f=fopen(fname,"r"); if (!f) { - DEBUG(0,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno))); + DEBUG(3,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno))); return(0); } @@ -710,20 +711,27 @@ int get_printerdrivernumber(int snum) /* lookup the long printer driver name in the file description */ while (!feof(f) && !ok) { + p = q; /* reset string pointer */ fgets(p,8191,f); - next_token(&p,tok,":"); - if(!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))) ok=1; + if (next_token(&p,tok,":") && + (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) + ok=1; } + fclose(f); if (ok) { - /* skip 2 fields */ - next_token(&p,tok,":"); /* short name */ - next_token(&p,tok,":"); /* driver name */ + /* skip 5 fields */ + i = 5; + while (*p && i) { + if (*p++ == ':') i--; + } + if (!*p || i) + return(0); + /* count the number of files */ while (next_token(&p,tok,",")) i++; } - fclose(f); free(q); return(i); -- cgit From 5c6525003c4070f4fdbb4513601bee7abc6d8bf5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 10 Jan 1998 08:11:15 +0000 Subject: ipc.c: Fixed problem where we were not returning 'buffer too small' when NT sends up a mdrcnt of zero. Jeremy. (This used to be commit 2a75519b8592948b2f35ecca040bd3f88bf89be5) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 994e0b293b..ee2aec8c22 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -283,8 +283,8 @@ static BOOL init_package(struct pack_desc* p, int count, int subcount) i = n = 0; p->errcode = NERR_BufTooSmall; } - - p->errcode = NERR_Success; + else + p->errcode = NERR_Success; p->buflen = i; n -= i; p->stringbuf = p->base + i; -- cgit From 1ea8ceac458501719a055700902d456304c4ee0a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 17 Jan 1998 07:08:21 +0000 Subject: charcnv.c: Added codepage 866 support onto the file system. Patch from Max Khon . chgpasswd.c: Allow old RAP change password to work with encrypted passwords. Samba can now allow Windows 95/NT clients to securely change the Lanman password ! (But not the NT hash - that gets lost). ipc.c: smbdes.c: smbpass.c: Support for the above. server.c: #ifdef'ed out fix for NT redirector bug. util.c: Fix NIS bug with server name. Jeremy. (This used to be commit cd9fad92d0316e5a0007ba3c5668906dc2f011f1) --- source3/smbd/ipc.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ee2aec8c22..e3db823a9d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1141,7 +1141,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, uint32 servertype = IVAL(p,4); char *p2; int data_len, fixed_len, string_len; - int f_len, s_len; + int f_len = 0, s_len = 0; struct srv_info_struct *servers=NULL; int counted=0,total=0; int i,missed; @@ -1421,7 +1421,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, int total=0,counted=0; int i; int data_len, fixed_len, string_len; - int f_len, s_len; + int f_len = 0, s_len = 0; if (!prefix_ok(str1,"WrLeh")) return False; if (!check_share_info(uLevel,str2)) return False; @@ -1532,8 +1532,8 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, p = skip_string(p,1); - StrnCpy(pass1,p,16); - StrnCpy(pass2,p+16,16); + memcpy(pass1,p,16); + memcpy(pass2,p+16,16); *rparam_len = 4; *rparam = REALLOC(*rparam,*rparam_len); @@ -1545,12 +1545,34 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, DEBUG(3,("Set password for <%s>\n",user)); + /* + * Attempt the plaintext password change first. + * Older versions of Windows seem to do this. + */ + if (password_ok(user,pass1,strlen(pass1),NULL) && chgpasswd(user,pass1,pass2)) { SSVAL(*rparam,0,NERR_Success); } + /* + * If the plaintext change failed, attempt + * the encrypted. NT will generate this + * after trying the samr method. + */ + + if(SVAL(*rparam,0) != NERR_Success) + { + struct smb_passwd *smbpw = NULL; + + if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &smbpw) && + change_lanman_password(smbpw,(unsigned char *)pass1,(unsigned char *)pass2)) + { + SSVAL(*rparam,0,NERR_Success); + } + } + bzero(pass1,sizeof(fstring)); bzero(pass2,sizeof(fstring)); -- cgit From 55f400bd84f26027f5ec9b7fa06b22895de7557c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 22 Jan 1998 13:27:43 +0000 Subject: This is *not* a big change (although it looks like one). This is merely updating the Copyright statements from 1997 to 1998. It's a once a year thing :-). NO OTHER CHANGES WERE MADE. Jeremy. (This used to be commit b9c16977231efb274e08856f7f3f4408dad6d96c) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e3db823a9d..048dab8b3e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2,10 +2,10 @@ Unix SMB/Netbios implementation. Version 1.9. Inter-process communication and named pipe handling - Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Andrew Tridgell 1992-1998 SMB Version handling - Copyright (C) John H Terpstra 1995-1997 + Copyright (C) John H Terpstra 1995-1998 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From fdeea341ed1bae670382e45eb731db1b5838ad21 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Mar 1998 21:11:04 +0000 Subject: "For I have laboured mightily on Luke's code, and hath broken all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7) --- source3/smbd/ipc.c | 669 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 460 insertions(+), 209 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 048dab8b3e..bbeeb21e96 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -27,6 +27,7 @@ */ #include "includes.h" +#include "nterr.h" #ifdef CHECK_TYPES #undef CHECK_TYPES @@ -131,79 +132,128 @@ static BOOL prefix_ok(char *str,char *prefix) return(strncmp(str,prefix,strlen(prefix)) == 0); } +/******************************************************************* + copies parameters and data, as needed, into the smb buffer + + *both* the data and params sections should be aligned. this + is fudged in the rpc pipes by + at present, only the data section is. this may be a possible + cause of some of the ipc problems being experienced. lkcl26dec97 + + ******************************************************************/ +static void copy_trans_params_and_data(char *outbuf, int align, + struct mem_buf *rparam, struct mem_buf *rdata, + int param_offset, int data_offset, + int param_len, int data_len) +{ + char *copy_into = smb_buf(outbuf); + + DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n", + param_offset, param_offset + param_len, + data_offset , data_offset + data_len)); + + if (param_len) mem_buf_copy(copy_into, rparam, param_offset, param_len); + copy_into += param_len + align; + if (data_len ) mem_buf_copy(copy_into, rdata , data_offset , data_len); +} /**************************************************************************** send a trans reply ****************************************************************************/ -static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, - int ldata,int lparam,int lsetup) +static void send_trans_reply(char *outbuf, + struct mem_buf *rdata, + struct mem_buf *rparam, + uint16 *setup, int lsetup, int max_data_ret) { - int i; - int this_ldata,this_lparam; - int tot_data=0,tot_param=0; - int align; + int i; + int this_ldata,this_lparam; + int tot_data=0,tot_param=0; + int align; + + int ldata = rdata ? mem_buf_len(rdata ) : 0; + int lparam = rparam ? mem_buf_len(rparam) : 0; - this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ - this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); + BOOL buffer_too_large = max_data_ret ? ldata > max_data_ret : False; + + if (buffer_too_large) + { + DEBUG(5,("send_trans_reply: buffer %d too large %d\n", ldata, max_data_ret)); + ldata = max_data_ret; + } + + this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ + this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); #ifdef CONFUSE_NETMONITOR_MSRPC_DECODING - /* if you don't want Net Monitor to decode your packets, do this!!! */ - align = ((this_lparam+1)%4); + /* if you don't want Net Monitor to decode your packets, do this!!! */ + align = ((this_lparam+1)%4); #else - align = (this_lparam%4); + align = (this_lparam%4); #endif - set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); - if (this_lparam) - memcpy(smb_buf(outbuf),param,this_lparam); - if (this_ldata) - memcpy(smb_buf(outbuf)+this_lparam+align,data,this_ldata); - - SSVAL(outbuf,smb_vwv0,lparam); - SSVAL(outbuf,smb_vwv1,ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf)); - SSVAL(outbuf,smb_vwv5,0); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf)); - SSVAL(outbuf,smb_vwv8,0); - SSVAL(outbuf,smb_vwv9,lsetup); - for (i=0;iuid, vuser->name)); + if(vuser != NULL) + DEBUG(3,(" Username of UID %d is %s\n", vuser->uid, vuser->name)); *rparam_len = 6; *rparam = REALLOC(*rparam,*rparam_len); @@ -2236,7 +2322,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, /* EEK! the cifsrap.txt doesn't have this in!!!! */ SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ - strcpy(p2,vuser->real_name); /* simeon */ + strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); p2 = skip_string(p2,1); } @@ -2292,7 +2378,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, { SIVAL(p,60,0); /* auth_flags */ SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ - strcpy(p2,vuser->real_name); /* simeon */ + strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); p2 = skip_string(p2,1); SIVAL(p,68,0); /* urs_comment */ SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ @@ -2920,175 +3006,331 @@ static BOOL api_WPrintPortEnum(int cnum,uint16 vuid, char *param,char *data, return(True); } - -struct +struct api_cmd { - char * name; char * pipe_clnt_name; -#ifdef NTDOMAIN char * pipe_srv_name; -#endif - int subcommand; - BOOL (*fn) (); -} api_fd_commands [] = - { -#ifdef NTDOMAIN - { "TransactNmPipe", "lsarpc", "lsass", 0x26, api_ntLsarpcTNP }, - { "TransactNmPipe", "samr", "lsass", 0x26, api_samrTNP }, - { "TransactNmPipe", "srvsvc", "lsass", 0x26, api_srvsvcTNP }, - { "TransactNmPipe", "wkssvc", "ntsvcs", 0x26, api_wkssvcTNP }, - { "TransactNmPipe", "NETLOGON", "NETLOGON", 0x26, api_netlogrpcTNP }, - { NULL, NULL, NULL, -1, (BOOL (*)())api_Unsupported } -#else - { "TransactNmPipe" , "lsarpc", 0x26, api_LsarpcTNP }, - { NULL, NULL, -1, (BOOL (*)())api_Unsupported } -#endif - }; + BOOL (*fn) (pipes_struct *, prs_struct *); +}; -/**************************************************************************** - handle remote api calls delivered to a named pipe already opened. - ****************************************************************************/ -static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, - uint16 *setup,char *data,char *params, - int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +static struct api_cmd api_fd_commands[] = { - char *rdata = NULL; - char *rparam = NULL; - int rdata_len = 0; - int rparam_len = 0; + { "lsarpc", "lsass", api_ntlsa_rpc }, + { "samr", "lsass", api_samr_rpc }, + { "srvsvc", "ntsvcs", api_srvsvc_rpc }, + { "wkssvc", "ntsvcs", api_wkssvc_rpc }, + { "NETLOGON", "lsass", api_netlog_rpc }, + { "winreg", "winreg", api_reg_rpc }, + { NULL, NULL, NULL } +}; - BOOL reply = False; - BOOL bind_req = False; - BOOL set_nphs = False; +static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) +{ + BOOL ntlmssp_auth = False; + fstring ack_pipe_name; + int i = 0; - int i; - int fd; - int subcommand; - char *pipe_name; - - DEBUG(5,("api_fd_reply\n")); - /* First find out the name of this file. */ - if (suwcnt != 2) - { - DEBUG(0,("Unexpected named pipe transaction.\n")); - return(-1); - } - - /* Get the file handle and hence the file name. */ - fd = setup[1]; - subcommand = setup[0]; - pipe_name = get_rpc_pipe_hnd_name(fd); + DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__)); - if (pipe_name == NULL) - { - DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", fd)); - } + for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) + { + if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) && + api_fd_commands[i].fn != NULL) + { + DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n", + api_fd_commands[i].pipe_clnt_name, + api_fd_commands[i].pipe_srv_name)); + fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name); + break; + } + } - DEBUG(3,("Got API command %d on pipe %s (fd %x)", - subcommand, pipe_name, fd)); - DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n", - tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid)); - - for (i = 0; api_fd_commands[i].name; i++) - { - if (strequal(api_fd_commands[i].pipe_clnt_name, pipe_name) && - api_fd_commands[i].subcommand == subcommand && - api_fd_commands[i].fn) - { - DEBUG(3,("Doing %s\n", api_fd_commands[i].name)); - break; - } - } - - rdata = (char *)malloc(1024); if (rdata ) bzero(rdata ,1024); - rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); - -#ifdef NTDOMAIN - /* RPC Pipe command 0x26. */ - if (data != NULL && api_fd_commands[i].subcommand == 0x26) - { - RPC_HDR hdr; + if (api_fd_commands[i].fn == NULL) return False; - /* process the rpc header */ - char *q = smb_io_rpc_hdr(True, &hdr, data, data, 4, 0); - - /* bind request received */ - if ((bind_req = ((q != NULL) && (hdr.pkt_type == RPC_BIND)))) - { - RPC_HDR_RB hdr_rb; + /* decode the bind request */ + smb_io_rpc_hdr_rb("", &p->hdr_rb, pd, 0); - /* decode the bind request */ - char *p = smb_io_rpc_hdr_rb(True, &hdr_rb, q, data, 4, 0); + if (pd->offset == 0) return False; - if ((bind_req = (p != NULL))) - { - RPC_HDR_BA hdr_ba; - fstring ack_pipe_name; + if (p->hdr.auth_len != 0) + { + /* decode the authentication verifier */ + smb_io_rpc_auth_ntlmssp_req("", &p->ntlmssp_req, pd, 0); - /* name has to be \PIPE\xxxxx */ - strcpy(ack_pipe_name, "\\PIPE\\"); - strcat(ack_pipe_name, api_fd_commands[i].pipe_srv_name); + if (pd->offset == 0) return False; - /* make a bind acknowledgement */ - make_rpc_hdr_ba(&hdr_ba, - hdr_rb.bba.max_tsize, hdr_rb.bba.max_rsize, hdr_rb.bba.assoc_gid, - ack_pipe_name, - 0x1, 0x0, 0x0, - &(hdr_rb.transfer)); + /* ignore the version number for now */ + ntlmssp_auth = strequal(p->ntlmssp_req.ntlmssp_str, "NTLMSSP"); + } - p = smb_io_rpc_hdr_ba(False, &hdr_ba, rdata + 0x10, rdata, 4, 0); + /* name has to be \PIPE\xxxxx */ + strcpy(ack_pipe_name, "\\PIPE\\"); + strcat(ack_pipe_name, p->pipe_srv_name); - rdata_len = PTR_DIFF(p, rdata); + DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__)); - make_rpc_hdr(&hdr, RPC_BINDACK, 0x0, hdr.call_id, rdata_len); + prs_init(&(p->rdata), 1024, 4, 0, False); + prs_init(&(p->rhdr ), 0x10, 4, 0, False); + prs_init(&(p->rauth), 1024, 4, 0, False); - p = smb_io_rpc_hdr(False, &hdr, rdata, rdata, 4, 0); - - reply = (p != NULL); - } - } - } -#endif + /***/ + /*** do the bind ack first ***/ + /***/ - /* Set Named Pipe Handle state */ - if (subcommand == 0x1) - { - set_nphs = True; - reply = api_LsarpcSNPHS(fd, cnum, params); - } + make_rpc_hdr_ba(&p->hdr_ba, + p->hdr_rb.bba.max_tsize, + p->hdr_rb.bba.max_rsize, + p->hdr_rb.bba.assoc_gid, + ack_pipe_name, + 0x1, 0x0, 0x0, + &(p->hdr_rb.transfer)); - if (!bind_req && !set_nphs) - { - DEBUG(10,("calling api_fd_command\n")); + smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0); + mem_realloc_data(p->rdata.data, p->rdata.offset); - reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt, - &rdata,&rparam,&rdata_len,&rparam_len); - DEBUG(10,("called api_fd_command\n")); - } + /***/ + /*** now the authentication ***/ + /***/ - if (rdata_len > mdrcnt || rparam_len > mprcnt) - { - reply = api_TooSmall(cnum,vuid,params,data,mdrcnt,mprcnt, - &rdata,&rparam,&rdata_len,&rparam_len); - } - - /* if we get False back then it's actually unsupported */ - if (!reply) - { - api_Unsupported(cnum,vuid,params,data,mdrcnt,mprcnt, - &rdata,&rparam,&rdata_len,&rparam_len); - } - - /* now send the reply */ - send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0); - - if (rdata ) free(rdata ); - if (rparam) free(rparam); - - return(-1); + if (ntlmssp_auth) + { + uint8 data[16]; + bzero(data, sizeof(data)); /* first 8 bytes are non-zero */ + + make_rpc_auth_ntlmssp_resp(&p->ntlmssp_resp, + 0x0a, 0x06, 0, + "NTLMSSP", 2, + 0x00000000, 0x0000b2b3, 0x000082b1, + data); + smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, &p->rauth, 0); + mem_realloc_data(p->rauth.data, p->rauth.offset); + } + + /***/ + /*** then do the header, now we know the length ***/ + /***/ + + make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST, + p->hdr.call_id, + p->rdata.offset + p->rauth.offset, + p->rauth.offset); + + smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0); + mem_realloc_data(p->rhdr.data, p->rdata.offset); + + /***/ + /*** link rpc header, bind acknowledgment and authentication responses ***/ + /***/ + + p->rhdr.data->offset.start = 0; + p->rhdr.data->offset.end = p->rhdr.offset; + p->rhdr.data->next = p->rdata.data; + + if (ntlmssp_auth) + { + p->rdata.data->offset.start = p->rhdr.offset; + p->rdata.data->offset.end = p->rhdr.offset + p->rdata.offset; + p->rdata.data->next = p->rauth.data; + + p->rauth.data->offset.start = p->rhdr.offset + p->rdata.offset; + p->rauth.data->offset.end = p->rhdr.offset + p->rauth.offset + p->rdata.offset; + p->rauth.data->next = NULL; + } + else + { + p->rdata.data->offset.start = p->rhdr.offset; + p->rdata.data->offset.end = p->rhdr.offset + p->rdata.offset; + p->rdata.data->next = NULL; + } + + return True; } +static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd) +{ + int i = 0; + + for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) + { + if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) && + api_fd_commands[i].fn != NULL) + { + DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name)); + return api_fd_commands[i].fn(p, pd); + } + } + return False; +} +static BOOL api_dce_rpc_command(char *outbuf, + pipes_struct *p, + prs_struct *pd) +{ + BOOL reply = False; + if (pd->data == NULL) return False; + + /* process the rpc header */ + smb_io_rpc_hdr("", &p->hdr, pd, 0); + + if (pd->offset == 0) return False; + + switch (p->hdr.pkt_type) + { + case RPC_BIND : + { + reply = api_pipe_bind_req(p, pd); + break; + } + case RPC_REQUEST: + { + reply = api_pipe_request (p, pd); + break; + } + } + + if (reply) + { + /* now send the reply */ + send_trans_reply(outbuf, p->rhdr.data, NULL, NULL, 0, p->max_rdata_len); + + if (mem_buf_len(p->rhdr.data) <= p->max_rdata_len) + { + /* all of data was sent: no need to wait for SMBreadX calls */ + mem_free_data(p->rhdr .data); + mem_free_data(p->rdata.data); + } + } + + return reply; +} + +/**************************************************************************** + SetNamedPipeHandleState +****************************************************************************/ +static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param) +{ + uint16 id; + + if (!param) return False; + + id = param[0] + (param[1] << 8); + DEBUG(4,("lsarpc SetNamedPipeHandleState to code %x\n", id)); + + if (set_rpc_pipe_hnd_state(p, id)) + { + /* now send the reply */ + send_trans_reply(outbuf, NULL, NULL, NULL, 0, p->max_rdata_len); + + return True; + } + return False; +} + + +/**************************************************************************** + when no reply is generated, indicate unsupported. + ****************************************************************************/ +static BOOL api_no_reply(char *outbuf, int max_rdata_len) +{ + struct mem_buf rparam; + + mem_init(&rparam, 0); + mem_alloc_data(&rparam, 4); + + rparam.offset.start = 0; + rparam.offset.end = 4; + + /* unsupported */ + SSVAL(rparam.data,0,NERR_notsupported); + SSVAL(rparam.data,2,0); /* converter word */ + + DEBUG(3,("Unsupported API fd command\n")); + + /* now send the reply */ + send_trans_reply(outbuf, NULL, &rparam, NULL, 0, max_rdata_len); + + mem_free_data(&rparam); + + return(-1); +} + +/**************************************************************************** + handle remote api calls delivered to a named pipe already opened. + ****************************************************************************/ +static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, + uint16 *setup,char *data,char *params, + int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +{ + BOOL reply = False; + + int pnum; + int subcommand; + pipes_struct *p = NULL; + prs_struct pd; + struct mem_buf data_buf; + + DEBUG(5,("api_fd_reply\n")); + + /* fake up a data buffer from the api_fd_reply data parameters */ + mem_create(&data_buf, data, tdscnt, 0, False); + data_buf.offset.start = 0; + data_buf.offset.end = tdscnt; + + /* fake up a parsing structure */ + pd.data = &data_buf; + pd.align = 4; + pd.io = True; + pd.offset = 0; + + /* First find out the name of this file. */ + if (suwcnt != 2) + { + DEBUG(0,("Unexpected named pipe transaction.\n")); + return(-1); + } + + /* Get the file handle and hence the file name. */ + pnum = setup[1]; + subcommand = setup[0]; + get_rpc_pipe(pnum, &p); + + if (p != NULL) + { + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)", + subcommand, p->name, pnum)); + DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n", + tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid)); + + /* record maximum data length that can be transmitted in an SMBtrans */ + p->max_rdata_len = mdrcnt; + + switch (subcommand) + { + case 0x26: + { + /* dce/rpc command */ + reply = api_dce_rpc_command(outbuf, p, &pd); + break; + } + case 0x01: + { + /* Set Named Pipe Handle state */ + reply = api_SNPHS(outbuf, p, params); + break; + } + } + } + else + { + DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); + } + + if (!reply) + { + return api_no_reply(outbuf, mdrcnt); + } + return -1; +} /**************************************************************************** the buffer was too small @@ -3145,6 +3387,7 @@ struct {"RNetShareEnum", 0, (BOOL (*)())api_RNetShareEnum,0}, {"RNetShareGetInfo", 1, (BOOL (*)())api_RNetShareGetInfo,0}, {"RNetServerGetInfo", 13, (BOOL (*)())api_RNetServerGetInfo,0}, + {"RNetGroupGetUsers", 52, (BOOL (*)())api_RNetGroupGetUsers,0}, {"RNetUserGetInfo", 56, (BOOL (*)())api_RNetUserGetInfo,0}, {"NetUserGetGroups", 59, (BOOL (*)())api_NetUserGetGroups,0}, {"NetWkstaGetInfo", 63, (BOOL (*)())api_NetWkstaGetInfo,0}, @@ -3177,6 +3420,8 @@ static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params, int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { int api_command = SVAL(params,0); + struct mem_buf rdata_buf; + struct mem_buf rparam_buf; char *rdata = NULL; char *rparam = NULL; int rdata_len = 0; @@ -3216,14 +3461,20 @@ static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params, &rdata,&rparam,&rdata_len,&rparam_len); + mem_create(&rdata_buf , rdata , rdata_len , 0, False); + mem_create(&rparam_buf, rparam, rparam_len, 0, False); + + rdata_buf.offset.start = 0; + rdata_buf.offset.end = rdata_len; + + rparam_buf.offset.start = 0; + rparam_buf.offset.end = rparam_len; /* now send the reply */ - send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0); + send_trans_reply(outbuf, &rdata_buf, &rparam_buf, NULL, 0, 0); - if (rdata) - free(rdata); - if (rparam) - free(rparam); + if (rdata ) free(rdata); + if (rparam) free(rparam); return(-1); } -- cgit From da050244c305c1e03e2f3fb2ac02f6bc93ad47ca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 18 Mar 1998 19:07:53 +0000 Subject: Added SamOEMChangePassword functionality. Jeremy. (This used to be commit e02e3bcbbd4333113dde7bef47763fb229148007) --- source3/smbd/ipc.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bbeeb21e96..89b3e36f52 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1662,6 +1662,65 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, return(True); } +/**************************************************************************** + Set the user password (SamOEM version - gets plaintext). +****************************************************************************/ + +static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + fstring user; + fstring new_passwd; + struct smb_passwd *smbpw = NULL; + char *p = param + 2; + + *rparam_len = 2; + *rparam = REALLOC(*rparam,*rparam_len); + + *rdata_len = 0; + + SSVAL(*rparam,0,NERR_badpass); + + /* + * Check the parameter definition is correct. + */ + if(!strequal(param + 2, "zsT")) { + DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %sn\n", param + 2)); + return False; + } + p = skip_string(p, 1); + + if(!strequal(p, "B516B16")) { + DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %sn\n", p)); + return False; + } + p = skip_string(p,1); + + fstrcpy(user,p); + p = skip_string(p,1); + + if(check_oem_password( user, data, &smbpw, new_passwd, sizeof(new_passwd)) == False) { + return True; + } + + /* + * At this point we have the new case-sensitive plaintext + * password in the fstring new_passwd. If we wanted to synchronise + * with UNIX passwords we would call a UNIX password changing + * function here. However it would have to be done as root + * as the plaintext of the old users password is not + * available. JRA. + */ + + if(change_oem_password( smbpw, new_passwd)) { + SSVAL(*rparam,0,NERR_Success); + } + + return(True); +} + /**************************************************************************** delete a print job Form: <> @@ -3410,6 +3469,7 @@ struct {"WPrintDriverEnum", 205, (BOOL (*)())api_WPrintDriverEnum,0}, {"WPrintQProcEnum", 206, (BOOL (*)())api_WPrintQProcEnum,0}, {"WPrintPortEnum", 207, (BOOL (*)())api_WPrintPortEnum,0}, + {"SamOEMChangePassword", 214, (BOOL (*)())api_SamOEMChangePassword,0}, {NULL, -1, (BOOL (*)())api_Unsupported,0}}; -- cgit From 5d7c8375e4ffb017ef0f9eed7e619e533b3e8d12 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 24 Mar 1998 00:37:53 +0000 Subject: clientgen.c ipc.c smbpasswd.c: Fixes for warnings (from Herb). quotas.c: Linux quota fix. util.c: Ensure smb_read_error is zero in all calls that can set it. lib/rpc/include/rpc_misc.h lib/rpc/include/rpc_netlogon.h lib/rpc/parse/parse_misc.c lib/rpc/parse/parse_net.c lib/rpc/server/srv_netlog.c : Modify Luke's code to call SamOEMhash(). Jeremy. (This used to be commit 7f749708383b8b36c3f23a5fbc5cbdf39bc8e555) --- source3/smbd/ipc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 89b3e36f52..4798188454 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1701,7 +1701,8 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat fstrcpy(user,p); p = skip_string(p,1); - if(check_oem_password( user, data, &smbpw, new_passwd, sizeof(new_passwd)) == False) { + if(check_oem_password( user, (unsigned char *)data, &smbpw, + new_passwd, (int)sizeof(new_passwd)) == False) { return True; } -- cgit From a4156f9b50c81fe40823cd8e32ec990690d3884c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 27 Mar 1998 19:59:14 +0000 Subject: chgpasswd.c, ipc.c, loadparm.c: Added boolean "unix password sync" parameter which allows the new change password code to change the unix password also. Defaults to OFF. includes.h: Added termios.h to FreeBSD to allow password changing. namequery.c: Fixed missing name parameters to debug statements. Jeremy. (This used to be commit 4ac50c0f0aa5af084ddad89b1f9baf6c2c1ddcb8) --- source3/smbd/ipc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 4798188454..f38a76d74a 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1634,7 +1634,7 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, */ if (password_ok(user,pass1,strlen(pass1),NULL) && - chgpasswd(user,pass1,pass2)) + chgpasswd(user,pass1,pass2,False)) { SSVAL(*rparam,0,NERR_Success); } @@ -1714,6 +1714,9 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat * as the plaintext of the old users password is not * available. JRA. */ + + if(lp_unix_password_sync()) + chgpasswd(user,"", new_passwd, True); if(change_oem_password( smbpw, new_passwd)) { SSVAL(*rparam,0,NERR_Success); -- cgit From 1af95effe96284c30c0f3f1782677e8f1873ceca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Apr 1998 19:12:22 +0000 Subject: Fix to stop Windows 95 spinning on print queue requests when it gets an error message it doesn't understand. Jeremy. (This used to be commit 838e2fe2f76b20f34309c2322e3bd60817fef1fd) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f38a76d74a..6d0a8d55dd 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -456,7 +456,7 @@ va_dcl p->usedlen += needed; } else { - if (p->errcode == NERR_Success) p->errcode = NERR_BufTooSmall; + if (p->errcode == NERR_Success) p->errcode = ERROR_MORE_DATA; } return 1; } -- cgit From e300c0346ff92035ff9568b55b34469193e29769 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Apr 1998 18:21:16 +0000 Subject: includes.h: Moved HPUX undefine of SEMMSL to where it actually does something. ipc.c: Added Luke's debug statement. locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that need it (not sure what these are yet). membuffer.c ntdomain.h proto.h lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c: Re-merge of Luke's NTDOM changes 'cos he's a lazy git with carpel tunnel syndrome :-). Jeremy. (This used to be commit 52e3966fbcf7b5fbdbc7cbe9ac0b453ab5bf3217) --- source3/smbd/ipc.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6d0a8d55dd..62951219bf 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3367,6 +3367,9 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, /* record maximum data length that can be transmitted in an SMBtrans */ p->max_rdata_len = mdrcnt; + DEBUG(10,("api_fd_reply: p:%p max_rdata_len: %d\n", + p, p->max_rdata_len)); + switch (subcommand) { case 0x26: -- cgit From cac6a060af598bf94e6414b06e7365ec51ca360e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 13 Apr 1998 19:24:06 +0000 Subject: Changes to allow Samba to be compiled with -Wstrict-prototypes with gcc. (Not a big change although it looks like it :-). Jeremy. (This used to be commit cd2613c57261456485fe4eeecfda209ada70de8e) --- source3/smbd/ipc.c | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 62951219bf..e4ddcbec69 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3447,37 +3447,37 @@ struct { char *name; int id; - BOOL (*fn)(); + BOOL (*fn)(int,uint16,char *,char *,int,int,char **,char **,int *,int *); int flags; } api_commands[] = { - {"RNetShareEnum", 0, (BOOL (*)())api_RNetShareEnum,0}, - {"RNetShareGetInfo", 1, (BOOL (*)())api_RNetShareGetInfo,0}, - {"RNetServerGetInfo", 13, (BOOL (*)())api_RNetServerGetInfo,0}, - {"RNetGroupGetUsers", 52, (BOOL (*)())api_RNetGroupGetUsers,0}, - {"RNetUserGetInfo", 56, (BOOL (*)())api_RNetUserGetInfo,0}, - {"NetUserGetGroups", 59, (BOOL (*)())api_NetUserGetGroups,0}, - {"NetWkstaGetInfo", 63, (BOOL (*)())api_NetWkstaGetInfo,0}, - {"DosPrintQEnum", 69, (BOOL (*)())api_DosPrintQEnum,0}, - {"DosPrintQGetInfo", 70, (BOOL (*)())api_DosPrintQGetInfo,0}, - {"WPrintJobEnumerate",76, (BOOL (*)())api_WPrintJobEnumerate,0}, - {"WPrintJobGetInfo", 77, (BOOL (*)())api_WPrintJobGetInfo,0}, - {"RDosPrintJobDel", 81, (BOOL (*)())api_RDosPrintJobDel,0}, - {"RDosPrintJobPause", 82, (BOOL (*)())api_RDosPrintJobDel,0}, - {"RDosPrintJobResume",83, (BOOL (*)())api_RDosPrintJobDel,0}, - {"WPrintDestEnum", 84, (BOOL (*)())api_WPrintDestEnum,0}, - {"WPrintDestGetInfo", 85, (BOOL (*)())api_WPrintDestGetInfo,0}, - {"NetRemoteTOD", 91, (BOOL (*)())api_NetRemoteTOD,0}, - {"WPrintQueuePurge", 103, (BOOL (*)())api_WPrintQueuePurge,0}, - {"NetServerEnum", 104, (BOOL (*)())api_RNetServerEnum,0}, - {"WAccessGetUserPerms",105, (BOOL (*)())api_WAccessGetUserPerms,0}, - {"SetUserPassword", 115, (BOOL (*)())api_SetUserPassword,0}, - {"WWkstaUserLogon", 132, (BOOL (*)())api_WWkstaUserLogon,0}, - {"PrintJobInfo", 147, (BOOL (*)())api_PrintJobInfo,0}, - {"WPrintDriverEnum", 205, (BOOL (*)())api_WPrintDriverEnum,0}, - {"WPrintQProcEnum", 206, (BOOL (*)())api_WPrintQProcEnum,0}, - {"WPrintPortEnum", 207, (BOOL (*)())api_WPrintPortEnum,0}, - {"SamOEMChangePassword", 214, (BOOL (*)())api_SamOEMChangePassword,0}, - {NULL, -1, (BOOL (*)())api_Unsupported,0}}; + {"RNetShareEnum", 0, api_RNetShareEnum,0}, + {"RNetShareGetInfo", 1, api_RNetShareGetInfo,0}, + {"RNetServerGetInfo", 13, api_RNetServerGetInfo,0}, + {"RNetGroupGetUsers", 52, api_RNetGroupGetUsers,0}, + {"RNetUserGetInfo", 56, api_RNetUserGetInfo,0}, + {"NetUserGetGroups", 59, api_NetUserGetGroups,0}, + {"NetWkstaGetInfo", 63, api_NetWkstaGetInfo,0}, + {"DosPrintQEnum", 69, api_DosPrintQEnum,0}, + {"DosPrintQGetInfo", 70, api_DosPrintQGetInfo,0}, + {"WPrintJobEnumerate",76, api_WPrintJobEnumerate,0}, + {"WPrintJobGetInfo", 77, api_WPrintJobGetInfo,0}, + {"RDosPrintJobDel", 81, api_RDosPrintJobDel,0}, + {"RDosPrintJobPause", 82, api_RDosPrintJobDel,0}, + {"RDosPrintJobResume",83, api_RDosPrintJobDel,0}, + {"WPrintDestEnum", 84, api_WPrintDestEnum,0}, + {"WPrintDestGetInfo", 85, api_WPrintDestGetInfo,0}, + {"NetRemoteTOD", 91, api_NetRemoteTOD,0}, + {"WPrintQueuePurge", 103, api_WPrintQueuePurge,0}, + {"NetServerEnum", 104, api_RNetServerEnum,0}, + {"WAccessGetUserPerms",105, api_WAccessGetUserPerms,0}, + {"SetUserPassword", 115, api_SetUserPassword,0}, + {"WWkstaUserLogon", 132, api_WWkstaUserLogon,0}, + {"PrintJobInfo", 147, api_PrintJobInfo,0}, + {"WPrintDriverEnum", 205, api_WPrintDriverEnum,0}, + {"WPrintQProcEnum", 206, api_WPrintQProcEnum,0}, + {"WPrintPortEnum", 207, api_WPrintPortEnum,0}, + {"SamOEMChangePassword", 214, api_SamOEMChangePassword,0}, + {NULL, -1, api_Unsupported,0}}; /**************************************************************************** -- cgit From 041a292c439189206f1c35de94893dd51a1fda33 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 15 Apr 1998 20:00:41 +0000 Subject: ipc.c: Fix for printer queue spinning with Win95. nmbd.c: Fix for always overwriting log despite append setting. smb.h: Addition of last time password changed entry to account info. smbpass.c: Changes to support last time changed field in smbpasswd file. smbpasswd.c: Changes to support last time changed field in smbpasswd file. util.c: Fix for always overwriting log despite append setting. Jeremy. (This used to be commit eb4fe9ecdf539209efab07dc992447ea7370cf93) --- source3/smbd/ipc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e4ddcbec69..7cf4d6f5b8 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -330,8 +330,9 @@ static BOOL init_package(struct pack_desc* p, int count, int subcount) p->subcount = 0; p->curpos = p->format; if (i > n) { + p->neededlen = i; i = n = 0; - p->errcode = NERR_BufTooSmall; + p->errcode = ERROR_MORE_DATA; } else p->errcode = NERR_Success; -- cgit From 76d3bc36a5ce13d2a7bd08f9c18b2cfd0ab0210f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 21 Apr 1998 02:36:37 +0000 Subject: put server-side long dce/rpc code in main branch. (This used to be commit 2e1a08b28c1c0c9ea988a09067cd149926f25c69) --- source3/smbd/ipc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7cf4d6f5b8..74ae115217 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3255,9 +3255,9 @@ static BOOL api_dce_rpc_command(char *outbuf, if (reply) { /* now send the reply */ - send_trans_reply(outbuf, p->rhdr.data, NULL, NULL, 0, p->max_rdata_len); + send_trans_reply(outbuf, p->rhdr.data, NULL, NULL, 0, p->file_offset); - if (mem_buf_len(p->rhdr.data) <= p->max_rdata_len) + if (mem_buf_len(p->rhdr.data) <= p->file_offset) { /* all of data was sent: no need to wait for SMBreadX calls */ mem_free_data(p->rhdr .data); @@ -3283,7 +3283,7 @@ static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param) if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply(outbuf, NULL, NULL, NULL, 0, p->max_rdata_len); + send_trans_reply(outbuf, NULL, NULL, NULL, 0, p->file_offset); return True; } @@ -3366,10 +3366,10 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid)); /* record maximum data length that can be transmitted in an SMBtrans */ - p->max_rdata_len = mdrcnt; + p->file_offset = mdrcnt; - DEBUG(10,("api_fd_reply: p:%p max_rdata_len: %d\n", - p, p->max_rdata_len)); + DEBUG(10,("api_fd_reply: p:%p file_offset: %d\n", + p, p->file_offset)); switch (subcommand) { -- cgit From e7ac86607c80912e55ac7179b100cea22749c16f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 25 Apr 1998 01:12:08 +0000 Subject: This looks like a big change but really isn't. It is changing the global variables "myname" and "myworkgroup" to "global_myname" and "global_myworkgroup" respectively. This is to make it very explicit when we are messing with a global (don't ask - it makes the domain client code much clearer :-). Jeremy. (This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0) --- source3/smbd/ipc.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 74ae115217..e3dcda9004 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -40,7 +40,7 @@ extern files_struct Files[]; extern connection_struct Connections[]; extern fstring local_machine; -extern fstring myworkgroup; +extern fstring global_myworkgroup; #define NERR_Success 0 #define NERR_badpass 86 @@ -1035,7 +1035,7 @@ static int get_server_info(uint32 servertype, if (!next_token(&ptr,s->comment, NULL)) continue; if (!next_token(&ptr,s->domain , NULL)) { /* this allows us to cope with an old nmbd */ - strcpy(s->domain,myworkgroup); + strcpy(s->domain,global_myworkgroup); } if (sscanf(stype,"%X",&s->type) != 1) { @@ -1231,7 +1231,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, if (strcmp(str1, "WrLehDz") == 0) { StrnCpy(domain, p, sizeof(fstring)-1); } else { - StrnCpy(domain, myworkgroup, sizeof(fstring)-1); + StrnCpy(domain, global_myworkgroup, sizeof(fstring)-1); } if (lp_browse_list()) @@ -2039,7 +2039,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, pstrcpy(comment,lp_serverstring()); - if ((count=get_server_info(SV_TYPE_ALL,&servers,myworkgroup))>0) { + if ((count=get_server_info(SV_TYPE_ALL,&servers,global_myworkgroup))>0) { for (i=0;i Date: Thu, 30 Apr 1998 01:39:22 +0000 Subject: Added patch from Bruce Tenison to allow encrypted passwords to be stored over time, allowing a smbpasswd file migration. Adds new parameter "update encrypted". Will also add to 1.9.18 branch. Docs update to follow. Jeremy. (This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e3dcda9004..2f9cc00dc9 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1719,7 +1719,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat if(lp_unix_password_sync()) chgpasswd(user,"", new_passwd, True); - if(change_oem_password( smbpw, new_passwd)) { + if(change_oem_password( smbpw, new_passwd, False)) { SSVAL(*rparam,0,NERR_Success); } -- cgit From 19f76f391b97b405879fd8574e711a6d59e4e60c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 5 May 1998 19:24:32 +0000 Subject: genrand.c: SGI compile warning fix. ipc.c: Fix for duplicate printer names being long. loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c protects us. nmbd_logonnames.c: nmbd_namequery.c: nmbd_namerelease.c: Debug messages fix. password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call. reply.c: SGI compile warning fix. server.c Debug messages fix. smbpass.c: Fix for incorrect pointer. Jeremy. (This used to be commit 567d3f838988cafab4770fce1cf68b73085e6c71) --- source3/smbd/ipc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 2f9cc00dc9..3bdff29621 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -669,6 +669,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, fgets(p,8191,f); p[strlen(p)-1]='\0'; if (next_token(&p,tok,":") && + (strlen(lp_printerdriver(snum)) == strlen(tok)) && (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) ok=1; } -- cgit From a2bddb20ed078c3e1b9cb60a7420b3d107898f52 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 6 May 1998 01:34:51 +0000 Subject: Fixes for the %U and %G problems people have reported. Essentially, multiple session_setup_and_X's may be done to an smbd. As there is only one global variable containing the requested connection name (sessionsetup_user), then any subsequent sessionsetups overwrite this name (causing %U and %G to get the wrong name). This is particularly common when an NT client does a null session setup to get a browse list after the user has connected, but before a share has been mounted. These changes store the requested_name in the vuid structure (so this only really works for user level and above security) and copies this name back into the global variable before the standard_sub call. Jeremy. (This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b) --- source3/smbd/ipc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3bdff29621..13a8d1347f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -85,7 +85,7 @@ static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n) StrnCpy(buf,src,sizeof(buf)/2); string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf); + standard_sub(cnum,buf,UID_FIELD_INVALID); StrnCpy(*dst,buf,*n); l = strlen(*dst) + 1; (*dst) += l; @@ -110,7 +110,7 @@ static int StrlenExpanded(int cnum, int snum, char* s) if (!s) return(0); StrnCpy(buf,s,sizeof(buf)/2); string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf); + standard_sub(cnum,buf,UID_FIELD_INVALID); return strlen(buf) + 1; } @@ -120,7 +120,7 @@ static char* Expand(int cnum, int snum, char* s) if (!s) return(NULL); StrnCpy(buf,s,sizeof(buf)/2); string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf); + standard_sub(cnum,buf,UID_FIELD_INVALID); return &buf[0]; } @@ -2058,7 +2058,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,6,0); } else { SIVAL(p,6,PTR_DIFF(p2,*rdata)); - standard_sub(cnum,comment); + standard_sub(cnum,comment,vuid); StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0)); p2 = skip_string(p2,1); } @@ -2584,7 +2584,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, /* JHT - By calling lp_logon_script() and standard_sub() we have */ /* made sure all macros are fully substituted and available */ logon_script = lp_logon_script(); - standard_sub( cnum, logon_script ); + standard_sub( cnum, logon_script, vuid ); PACKS(&desc,"z", logon_script); /* script path */ /* End of JHT mods */ -- cgit From d8d9f7723337c267a8740750fe19a6387cfbb1f6 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 7 May 1998 18:19:05 +0000 Subject: created "passdb.c" which is an interface point to (at present) either smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106) --- source3/smbd/ipc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 13a8d1347f..48c0277165 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1649,10 +1649,10 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, if(SVAL(*rparam,0) != NERR_Success) { - struct smb_passwd *smbpw = NULL; + struct smb_passwd *sampw = NULL; - if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &smbpw) && - change_lanman_password(smbpw,(unsigned char *)pass1,(unsigned char *)pass2)) + if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) && + change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2)) { SSVAL(*rparam,0,NERR_Success); } @@ -1675,7 +1675,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat { fstring user; fstring new_passwd; - struct smb_passwd *smbpw = NULL; + struct smb_passwd *sampw = NULL; char *p = param + 2; *rparam_len = 2; @@ -1703,7 +1703,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat fstrcpy(user,p); p = skip_string(p,1); - if(check_oem_password( user, (unsigned char *)data, &smbpw, + if(check_oem_password( user, (unsigned char *)data, &sampw, new_passwd, (int)sizeof(new_passwd)) == False) { return True; } @@ -1720,7 +1720,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat if(lp_unix_password_sync()) chgpasswd(user,"", new_passwd, True); - if(change_oem_password( smbpw, new_passwd, False)) { + if(change_oem_password( sampw, new_passwd, False)) { SSVAL(*rparam,0,NERR_Success); } -- cgit From 01df1ed95f880a671ead7bc92b3bcff01a2e2dc0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 May 1998 19:04:14 +0000 Subject: This should (hopefully :-) be the final fix for the %U %G substitution problem.... smbpass.c: Removed Luke's dire warning - as some of the functions in here *need* to be called externally :-). Jeremy. (This used to be commit 1fd8d12ca414066acec71b33eb8a13e16c2acd3a) --- source3/smbd/ipc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 48c0277165..8be9c10a13 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -85,7 +85,7 @@ static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n) StrnCpy(buf,src,sizeof(buf)/2); string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf,UID_FIELD_INVALID); + standard_sub(cnum,buf); StrnCpy(*dst,buf,*n); l = strlen(*dst) + 1; (*dst) += l; @@ -110,7 +110,7 @@ static int StrlenExpanded(int cnum, int snum, char* s) if (!s) return(0); StrnCpy(buf,s,sizeof(buf)/2); string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf,UID_FIELD_INVALID); + standard_sub(cnum,buf); return strlen(buf) + 1; } @@ -120,7 +120,7 @@ static char* Expand(int cnum, int snum, char* s) if (!s) return(NULL); StrnCpy(buf,s,sizeof(buf)/2); string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf,UID_FIELD_INVALID); + standard_sub(cnum,buf); return &buf[0]; } @@ -2058,7 +2058,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,6,0); } else { SIVAL(p,6,PTR_DIFF(p2,*rdata)); - standard_sub(cnum,comment,vuid); + standard_sub(cnum,comment); StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0)); p2 = skip_string(p2,1); } @@ -2584,7 +2584,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, /* JHT - By calling lp_logon_script() and standard_sub() we have */ /* made sure all macros are fully substituted and available */ logon_script = lp_logon_script(); - standard_sub( cnum, logon_script, vuid ); + standard_sub( cnum, logon_script ); PACKS(&desc,"z", logon_script); /* script path */ /* End of JHT mods */ -- cgit From f888868f46a5418bac9ab528497136c152895305 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 May 1998 00:55:32 +0000 Subject: This is a security audit change of the main source. It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb) --- source3/smbd/ipc.c | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8be9c10a13..7b82894c7f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -491,7 +491,7 @@ static void PackDriverData(struct pack_desc* desc) SIVAL(drivdata,0,sizeof drivdata); /* cb */ SIVAL(drivdata,4,1000); /* lVersion */ memset(drivdata+8,0,32); /* szDeviceName */ - strcpy(drivdata+8,"NULL"); + pstrcpy(drivdata+8,"NULL"); PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */ } @@ -650,7 +650,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, FILE *f; pstring fname; - strcpy(fname,lp_driverfile()); + pstrcpy(fname,lp_driverfile()); f=fopen(fname,"r"); if (!f) { DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno))); @@ -748,7 +748,7 @@ int get_printerdrivernumber(int snum) FILE *f; pstring fname; - strcpy(fname,lp_driverfile()); + pstrcpy(fname,lp_driverfile()); DEBUG(4,("In get_printerdrivernumber: %s\n",fname)); f=fopen(fname,"r"); @@ -993,8 +993,8 @@ static int get_server_info(uint32 servertype, pstrcpy(fname,lp_lockdir()); trim_string(fname,NULL,"/"); - strcat(fname,"/"); - strcat(fname,SERVER_LIST); + pstrcat(fname,"/"); + pstrcat(fname,SERVER_LIST); f = fopen(fname,"r"); @@ -1036,7 +1036,7 @@ static int get_server_info(uint32 servertype, if (!next_token(&ptr,s->comment, NULL)) continue; if (!next_token(&ptr,s->domain , NULL)) { /* this allows us to cope with an old nmbd */ - strcpy(s->domain,global_myworkgroup); + pstrcpy(s->domain,global_myworkgroup); } if (sscanf(stype,"%X",&s->type) != 1) { @@ -2115,18 +2115,18 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* host name */ - strcpy(p2,local_machine); + pstrcpy(p2,local_machine); strupper(p2); p2 = skip_string(p2,1); p += 4; SIVAL(p,0,PTR_DIFF(p2,*rdata)); - strcpy(p2,sesssetup_user); + pstrcpy(p2,sesssetup_user); p2 = skip_string(p2,1); p += 4; SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */ - strcpy(p2,global_myworkgroup); + pstrcpy(p2,global_myworkgroup); strupper(p2); p2 = skip_string(p2,1); p += 4; @@ -2136,12 +2136,12 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data, p += 2; SIVAL(p,0,PTR_DIFF(p2,*rdata)); - strcpy(p2,global_myworkgroup); /* don't know. login domain?? */ + pstrcpy(p2,global_myworkgroup); /* don't know. login domain?? */ p2 = skip_string(p2,1); p += 4; SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* don't know */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); p += 4; @@ -2378,16 +2378,16 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, if (uLevel >= 10) { SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */ - strcpy(p2,"Comment"); + pstrcpy(p2,"Comment"); p2 = skip_string(p2,1); SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */ - strcpy(p2,"UserComment"); + pstrcpy(p2,"UserComment"); p2 = skip_string(p2,1); /* EEK! the cifsrap.txt doesn't have this in!!!! */ SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ - strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); + pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); p2 = skip_string(p2,1); } @@ -2397,22 +2397,22 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - strcpy(p2, lp_logon_path()); + pstrcpy(p2, lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); SIVAL(p,usri11_last_logon,0); /* last logon */ SIVAL(p,usri11_last_logoff,0); /* last logoff */ SSVALS(p,usri11_bad_pw_count,-1); /* bad pw counts */ SSVALS(p,usri11_num_logons,-1); /* num logons */ SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */ - strcpy(p2,"\\\\*"); + pstrcpy(p2,"\\\\*"); p2 = skip_string(p2,1); SSVAL(p,usri11_country_code,0); /* country code */ SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); SIVALS(p,usri11_max_storage,-1); /* max storage */ @@ -2433,7 +2433,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SSVAL(p,42, Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - strcpy(p2,lp_logon_path()); + pstrcpy(p2,lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; @@ -2443,11 +2443,11 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, { SIVAL(p,60,0); /* auth_flags */ SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ - strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); + pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); p2 = skip_string(p2,1); SIVAL(p,68,0); /* urs_comment */ SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ - strcpy(p2,""); + pstrcpy(p2,""); p2 = skip_string(p2,1); SIVAL(p,76,0); /* workstations */ SIVAL(p,80,0); /* last_logon */ @@ -2461,7 +2461,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, SSVALS(p,102,-1); /* bad_pw_count */ SSVALS(p,104,-1); /* num_logons */ SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ - strcpy(p2,"\\\\%L"); + pstrcpy(p2,"\\\\%L"); standard_sub_basic(p2); p2 = skip_string(p2,1); SSVAL(p,110,49); /* country_code */ @@ -2512,10 +2512,10 @@ static BOOL api_NetUserGetGroups(int cnum,uint16 vuid, char *param,char *data, p = *rdata; /* XXXX we need a real SAM database some day */ - strcpy(p,"Users"); p += 21; count++; - strcpy(p,"Domain Users"); p += 21; count++; - strcpy(p,"Guests"); p += 21; count++; - strcpy(p,"Domain Guests"); p += 21; count++; + pstrcpy(p,"Users"); p += 21; count++; + pstrcpy(p,"Domain Users"); p += 21; count++; + pstrcpy(p,"Guests"); p += 21; count++; + pstrcpy(p,"Domain Guests"); p += 21; count++; *rdata_len = PTR_DIFF(p,*rdata); @@ -2574,8 +2574,8 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, PACKI(&desc,"D",-1); /* password must change */ { fstring mypath; - strcpy(mypath,"\\\\"); - strcat(mypath,local_machine); + fstrcpy(mypath,"\\\\"); + fstrcat(mypath,local_machine); strupper(mypath); PACKS(&desc,"z",mypath); /* computer */ } @@ -3129,8 +3129,8 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) } /* name has to be \PIPE\xxxxx */ - strcpy(ack_pipe_name, "\\PIPE\\"); - strcat(ack_pipe_name, p->pipe_srv_name); + fstrcpy(ack_pipe_name, "\\PIPE\\"); + fstrcat(ack_pipe_name, p->pipe_srv_name); DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__)); -- cgit From a4276507e43487f47445eab11d4ac1b080b3270e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 14 May 1998 01:30:40 +0000 Subject: chgpasswd.c: Added comments to #ifdefs ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5) --- source3/smbd/ipc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7b82894c7f..132fdb30ef 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1677,6 +1677,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat fstring new_passwd; struct smb_passwd *sampw = NULL; char *p = param + 2; + int ret = True; *rparam_len = 2; *rparam = REALLOC(*rparam,*rparam_len); @@ -1718,9 +1719,9 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat */ if(lp_unix_password_sync()) - chgpasswd(user,"", new_passwd, True); + ret = chgpasswd(user,"", new_passwd, True); - if(change_oem_password( sampw, new_passwd, False)) { + if(ret && change_oem_password( sampw, new_passwd, False)) { SSVAL(*rparam,0,NERR_Success); } -- cgit From c435955b02c7fc227b9475ff73c62e080d34a1af Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 3 Jun 1998 01:04:45 +0000 Subject: ipc.c: Fix bug where we don't return the correct error code when client gives a too-small buffer for share info. Fix from Gil Kloepfer smb.h: server.c: Fix for a nastly little security problem with multi-user Windows NT servers and Samba where the contents of the open-file cache can end up being served out to users who shouldn't have access. This is some *seriously* ugly code. Jeremy. (This used to be commit 05c85df3c7da982085615e5a1db6c71e164db4f5) --- source3/smbd/ipc.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 132fdb30ef..8def6d4908 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1504,6 +1504,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, char *p2; int count=lp_numservices(); int total=0,counted=0; + BOOL missed = False; int i; int data_len, fixed_len, string_len; int f_len = 0, s_len = 0; @@ -1514,16 +1515,18 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, data_len = fixed_len = string_len = 0; for (i=0;i Date: Thu, 4 Jun 1998 18:49:13 +0000 Subject: client.c: Allowed client to proceed even if it gets error 234 (more data available) when scanning server/workgroup/share lists. ipc.c: Removed redundent definition of ERROR_MORE_DATA (234) we already have ERRmoredata in smb.h Jeremy. (This used to be commit ae3510e9fb309be343e245d8460c1ceb8164077b) --- source3/smbd/ipc.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8def6d4908..a9e0bec3ed 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -51,7 +51,6 @@ extern fstring global_myworkgroup; #define NERR_JobNotFound (NERR_BASE+51) #define NERR_DestNotFound (NERR_BASE+52) #define ERROR_INVALID_LEVEL 124 -#define ERROR_MORE_DATA 234 #define ACCESS_READ 0x01 #define ACCESS_WRITE 0x02 @@ -332,7 +331,7 @@ static BOOL init_package(struct pack_desc* p, int count, int subcount) if (i > n) { p->neededlen = i; i = n = 0; - p->errcode = ERROR_MORE_DATA; + p->errcode = ERRmoredata; } else p->errcode = NERR_Success; @@ -435,7 +434,7 @@ va_dcl stringused = stringneeded; if (stringused > p->stringlen) { stringused = (is_string ? p->stringlen : 0); - if (p->errcode == NERR_Success) p->errcode = ERROR_MORE_DATA; + if (p->errcode == NERR_Success) p->errcode = ERRmoredata; } if (!stringused) SIVAL(p->structbuf,0,0); @@ -457,7 +456,7 @@ va_dcl p->usedlen += needed; } else { - if (p->errcode == NERR_Success) p->errcode = ERROR_MORE_DATA; + if (p->errcode == NERR_Success) p->errcode = ERRmoredata; } return 1; } @@ -1291,7 +1290,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, *rparam_len = 8; *rparam = REALLOC(*rparam,*rparam_len); - SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERROR_MORE_DATA)); + SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata)); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); SSVAL(*rparam,6,counted+missed); @@ -1542,7 +1541,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, *rparam_len = 8; *rparam = REALLOC(*rparam,*rparam_len); - SSVAL(*rparam,0,missed ? ERROR_MORE_DATA : NERR_Success); + SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); SSVAL(*rparam,6,total); -- cgit From 72bf410b6e9b85f8fbff7f6175661829bef35f62 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Jun 1998 19:45:13 +0000 Subject: De-coupled the mapping of a Windows to UNIX username from the Get_Pwnam username case conversion wrapper. It is now (very) explicit where we are mapping between an incoming Windows username, and when we are doing a UNIX password entry lookup, which may change the case of the given username. This makes things *much* clearer (IMHO:-) and will ease the adding of the 'groupname map' parameter, and the addition of the special 'jeremy' mode for Samba where unix users will not be needed. (We must think of a better name for it :-). Jeremy. (This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de) --- source3/smbd/ipc.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a9e0bec3ed..f92e376575 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1632,6 +1632,18 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, DEBUG(3,("Set password for <%s>\n",user)); + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + map_username(user); + + /* + * Do any UNIX username case mangling. + */ + (void)Get_Pwnam( user, True); + /* * Attempt the plaintext password change first. * Older versions of Windows seem to do this. @@ -1706,6 +1718,20 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat fstrcpy(user,p); p = skip_string(p,1); + DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user)); + + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + map_username(user); + + /* + * Do any UNIX username case mangling. + */ + (void)Get_Pwnam( user, True); + if(check_oem_password( user, (unsigned char *)data, &sampw, new_passwd, (int)sizeof(new_passwd)) == False) { return True; -- cgit From 9a735eb7e25d8bf6c5be7775d89436034ea6be8a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 Jun 1998 03:08:23 +0000 Subject: ipc.c: map_username is now a BOOL function. reply.c: map_username is now a BOOL function. server.c: Added capability to do map_username on service names when looking for a home directory. That's what the original code would do. lib/rpc/server/srv_util.c: Changed domain_ to builtin_ for BUILTIN aliases. username.c: Work in progress on groupname map parameter. Jeremy (This used to be commit fa95fae5eed95aff64f0a01825477610a101bbc7) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f92e376575..9c48951e35 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1637,7 +1637,7 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, * function. */ - map_username(user); + (void)map_username(user); /* * Do any UNIX username case mangling. @@ -1725,7 +1725,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat * function. */ - map_username(user); + (void)map_username(user); /* * Do any UNIX username case mangling. -- cgit From f1cd3cb54c6495db2a91c473f91c78d24622d98e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 16 Jul 1998 00:06:29 +0000 Subject: Makefile: Added CC=gcc to DGUX on Intel. Comment from ross@filmworks.com. ipc.c: loadparm.c: printing.c: Added code from to implement print queue pausing. New parameters are "queuepause command" and "queueresume command". util.c: Added fix for mount options in autmount map. lib/rpc/include/rpc_misc.h: Removed duplicate pipe names for Jean-Francois. Jeremy. (This used to be commit 559a9bf2bbdeae3e76ba9178779cd3a9537c4e91) --- source3/smbd/ipc.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9c48951e35..cbacca3b83 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1821,11 +1821,15 @@ static BOOL api_RDosPrintJobDel(int cnum,uint16 vuid, char *param,char *data, return(True); } +/**************************************************************************** + Purge a print queue - or pause or resume it. + ****************************************************************************/ static BOOL api_WPrintQueuePurge(int cnum,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { + int function = SVAL(param,0); char *str1 = param+2; char *str2 = skip_string(str1,1); char *QueueName = skip_string(str2,1); @@ -1853,19 +1857,30 @@ static BOOL api_WPrintQueuePurge(int cnum,uint16 vuid, char *param,char *data, } if (snum >= 0 && VALID_SNUM(snum)) { - print_queue_struct *queue=NULL; - int i, count; lpq_reset(snum); - count = get_printqueue(snum,cnum,&queue,NULL); - for (i = 0; i < count; i++) - del_printqueue(cnum,snum,queue[i].job); - - if (queue) free(queue); + switch (function) { + case 74: /* Pause queue */ + case 75: /* Resume queue */ + status_printqueue(cnum,snum,(function==74?LPSTAT_STOPPED:LPSTAT_OK)); + DEBUG(3,("Print queue %s, queue=%s\n", + (function==74?"pause":"resume"),QueueName)); + break; + case 103: /* Purge */ + { + print_queue_struct *queue=NULL; + int i, count; + count = get_printqueue(snum,cnum,&queue,NULL); + for (i = 0; i < count; i++) + del_printqueue(cnum,snum,queue[i].job); + + if (queue) free(queue); + DEBUG(3,("Print queue purge, queue=%s\n",QueueName)); + break; + } + } } - DEBUG(3,("Print queue purge, queue=%s\n",QueueName)); - return(True); } @@ -3490,6 +3505,8 @@ struct {"NetWkstaGetInfo", 63, api_NetWkstaGetInfo,0}, {"DosPrintQEnum", 69, api_DosPrintQEnum,0}, {"DosPrintQGetInfo", 70, api_DosPrintQGetInfo,0}, + {"WPrintQueuePause", 74, api_WPrintQueuePurge,0}, + {"WPrintQueueResume", 75, api_WPrintQueuePurge,0}, {"WPrintJobEnumerate",76, api_WPrintJobEnumerate,0}, {"WPrintJobGetInfo", 77, api_WPrintJobGetInfo,0}, {"RDosPrintJobDel", 81, api_RDosPrintJobDel,0}, -- cgit From f5866fd4ba8da9acde87c7f9da8f1a242540e287 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 22 Jul 1998 13:59:19 +0000 Subject: Fixed bug found by Richard Sharpe. After increasing files_struct size by MAX_OPEN_DIRECTORIES for nttrans I forgot to update the code that enumerates the array. Created new MAX_FNUMS in local.h, changed all code that iterates through the files_struct array to use this. (sorry Richard). Jeremy. (This used to be commit 339b10222269d71c7a493cc08b7b1bfd35fd55fc) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index cbacca3b83..8b06fc91a3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1983,7 +1983,7 @@ static BOOL api_PrintJobInfo(int cnum,uint16 vuid,char *param,char *data, become_root(True); - for (i=0;i Date: Wed, 29 Jul 1998 03:08:05 +0000 Subject: merge from the autoconf2 branch to the main branch (This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8b06fc91a3..adc3fcdcb5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -342,7 +342,7 @@ static BOOL init_package(struct pack_desc* p, int count, int subcount) return(p->errcode == NERR_Success); } -#ifdef __STDC__ +#ifdef HAVE_STDARG_H static int package(struct pack_desc* p, ...) { #else @@ -357,7 +357,7 @@ va_dcl int is_string=0, stringused; int32 temp; -#ifdef __STDC__ +#ifdef HAVE_STDARG_H va_start(args,p); #else va_start(args); -- cgit From 35f815d2786ec1bd99676f62ff5e636e81809e51 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 9 Aug 1998 13:25:34 +0000 Subject: this gets smbd compiling and linking correctly with the new layout. (This used to be commit d08fa39cec5c71a9034dbf4241fc7e195f1bbaa5) --- source3/smbd/ipc.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index adc3fcdcb5..f1467a7f8a 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3694,18 +3694,18 @@ int reply_trans(char *inbuf,char *outbuf, int size, int bufsize) ret = receive_next_smb(Client,oplock_sock,inbuf,bufsize,SMB_SECONDARY_WAIT); - if ((ret && (CVAL(inbuf, smb_com) != SMBtrans)) || !ret) - { - if(ret) - DEBUG(0,("reply_trans: Invalid secondary trans packet\n")); - else - DEBUG(0,("reply_trans: %s in getting secondary trans response.\n", - (smb_read_error == READ_ERROR) ? "error" : "timeout" )); - if (params) free(params); - if (data) free(data); - if (setup) free(setup); - return(ERROR(ERRSRV,ERRerror)); - } + if ((ret && (CVAL(inbuf, smb_com) != SMBtrans)) || !ret) { + if(ret) { + DEBUG(0,("reply_trans: Invalid secondary trans packet\n")); + } else { + DEBUG(0,("reply_trans: %s in getting secondary trans response.\n", + (smb_read_error == READ_ERROR) ? "error" : "timeout" )); + } + if (params) free(params); + if (data) free(data); + if (setup) free(setup); + return(ERROR(ERRSRV,ERRerror)); + } show_msg(inbuf); -- cgit From b9623ab59e813131b1ed3f51616a46e719d59c21 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 14 Aug 1998 17:38:29 +0000 Subject: this is the bug change to using connection_struct* instead of cnum. Connections[] is now a local array in server.c I might have broken something with this change. In particular the oplock code is suspect and some .dll files aren't being oplocked when I expected them to be. I'll look at it after I've got some sleep. (This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6) --- source3/smbd/ipc.c | 460 ++++++++++++++++++++++++++--------------------------- 1 file changed, 226 insertions(+), 234 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f1467a7f8a..a72b442735 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -37,7 +37,6 @@ extern int DEBUGLEVEL; extern int max_send; extern files_struct Files[]; -extern connection_struct Connections[]; extern fstring local_machine; extern fstring global_myworkgroup; @@ -65,31 +64,32 @@ extern int Client; extern int oplock_sock; extern int smb_read_error; -static BOOL api_Unsupported(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len); -static BOOL api_TooSmall(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len); -static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n) +static int CopyExpanded(connection_struct *conn, + int snum, char** dst, char* src, int* n) { - pstring buf; - int l; + pstring buf; + int l; - if (!src || !dst || !n || !(*dst)) return(0); + if (!src || !dst || !n || !(*dst)) return(0); - StrnCpy(buf,src,sizeof(buf)/2); - string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf); - StrnCpy(*dst,buf,*n); - l = strlen(*dst) + 1; - (*dst) += l; - (*n) -= l; - return l; + StrnCpy(buf,src,sizeof(buf)/2); + string_sub(buf,"%S",lp_servicename(snum)); + standard_sub(conn,buf); + StrnCpy(*dst,buf,*n); + l = strlen(*dst) + 1; + (*dst) += l; + (*n) -= l; + return l; } static int CopyAndAdvance(char** dst, char* src, int* n) @@ -103,24 +103,24 @@ static int CopyAndAdvance(char** dst, char* src, int* n) return l; } -static int StrlenExpanded(int cnum, int snum, char* s) +static int StrlenExpanded(connection_struct *conn, int snum, char* s) { - pstring buf; - if (!s) return(0); - StrnCpy(buf,s,sizeof(buf)/2); - string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf); - return strlen(buf) + 1; + pstring buf; + if (!s) return(0); + StrnCpy(buf,s,sizeof(buf)/2); + string_sub(buf,"%S",lp_servicename(snum)); + standard_sub(conn,buf); + return strlen(buf) + 1; } -static char* Expand(int cnum, int snum, char* s) +static char* Expand(connection_struct *conn, int snum, char* s) { - static pstring buf; - if (!s) return(NULL); - StrnCpy(buf,s,sizeof(buf)/2); - string_sub(buf,"%S",lp_servicename(snum)); - standard_sub(cnum,buf); - return &buf[0]; + static pstring buf; + if (!s) return(NULL); + StrnCpy(buf,s,sizeof(buf)/2); + string_sub(buf,"%S",lp_servicename(snum)); + standard_sub(conn,buf); + return &buf[0]; } /******************************************************************* @@ -530,7 +530,7 @@ static int check_printq_info(struct pack_desc* desc, return True; } -static void fill_printjob_info(int cnum, int snum, int uLevel, +static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, struct pack_desc* desc, print_queue_struct* queue, int n) { @@ -577,7 +577,7 @@ static void fill_printjob_info(int cnum, int snum, int uLevel, } } -static void fill_printq_info(int cnum, int snum, int uLevel, +static void fill_printq_info(connection_struct *conn, int snum, int uLevel, struct pack_desc* desc, int count, print_queue_struct* queue, print_status_struct* status) @@ -590,7 +590,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, case 3: case 4: case 5: - PACKS(desc,"z",Expand(cnum,snum,SERVICE(snum))); + PACKS(desc,"z",Expand(conn,snum,SERVICE(snum))); break; } @@ -608,7 +608,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, PACKI(desc,"W",LPSTAT_ERROR); } else if (!status || !status->message[0]) { - PACKS(desc,"z",Expand(cnum,snum,lp_comment(snum))); + PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); PACKI(desc,"W",LPSTAT_OK); /* status */ } else { PACKS(desc,"z",status->message); @@ -625,7 +625,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, PACKS(desc,"z","WinPrint"); /* pszPrProc */ PACKS(desc,"z",""); /* pszParms */ if (!status || !status->message[0]) { - PACKS(desc,"z",Expand(cnum,snum,lp_comment(snum))); /* pszComment */ + PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); /* pszComment */ PACKI(desc,"W",LPSTAT_OK); /* fsStatus */ } else { PACKS(desc,"z",status->message); /* pszComment */ @@ -639,7 +639,7 @@ static void fill_printq_info(int cnum, int snum, int uLevel, if (uLevel == 2 || uLevel == 4) { int i; for (i=0;i 0) *rdata = REALLOC(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; if (init_package(&desc,1,count)) { desc.subcount = count; - fill_printq_info(cnum,snum,uLevel,&desc,count,queue,&status); + fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status); } *rdata_len = desc.usedlen; @@ -868,7 +869,7 @@ static BOOL api_DosPrintQGetInfo(int cnum,uint16 vuid, char *param,char *data, /**************************************************************************** view list of all print jobs on all queues ****************************************************************************/ -static BOOL api_DosPrintQEnum(int cnum, uint16 vuid, char* param, char* data, +static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, char* data, int mdrcnt, int mprcnt, char **rdata, char** rparam, int *rdata_len, int *rparam_len) @@ -907,7 +908,7 @@ static BOOL api_DosPrintQEnum(int cnum, uint16 vuid, char* param, char* data, n = 0; for (i = 0; i < services; i++) if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { - subcntarr[n] = get_printqueue(i,cnum,&queue[n],&status[n]); + subcntarr[n] = get_printqueue(i, conn,&queue[n],&status[n]); subcnt += subcntarr[n]; n++; } @@ -921,7 +922,7 @@ static BOOL api_DosPrintQEnum(int cnum, uint16 vuid, char* param, char* data, succnt = 0; for (i = 0; i < services; i++) if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { - fill_printq_info(cnum,i,uLevel,&desc,subcntarr[n],queue[n],&status[n]); + fill_printq_info(conn,i,uLevel,&desc,subcntarr[n],queue[n],&status[n]); n++; if (desc.errcode == NERR_Success) succnt = n; } @@ -1180,7 +1181,7 @@ static BOOL srv_comp(struct srv_info_struct *s1,struct srv_info_struct *s2) view list of servers available (or possibly domains). The info is extracted from lists saved by nmbd on the local host ****************************************************************************/ -static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, +static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param, char *data, int mdrcnt, int mprcnt, char **rdata, char **rparam, int *rdata_len, int *rparam_len) { @@ -1306,7 +1307,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data, /**************************************************************************** command 0x34 - suspected of being a "Lookup Names" stub api ****************************************************************************/ -static BOOL api_RNetGroupGetUsers(int cnum, uint16 vuid, char *param, char *data, +static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *param, char *data, int mdrcnt, int mprcnt, char **rdata, char **rparam, int *rdata_len, int *rparam_len) { @@ -1360,7 +1361,7 @@ static BOOL check_share_info(int uLevel, char* id) return True; } -static int fill_share_info(int cnum, int snum, int uLevel, +static int fill_share_info(connection_struct *conn, int snum, int uLevel, char** buf, int* buflen, char** stringbuf, int* stringspace, char* baseaddr) { @@ -1382,7 +1383,7 @@ static int fill_share_info(int cnum, int snum, int uLevel, if (!buf) { len = 0; - if (uLevel > 0) len += StrlenExpanded(cnum,snum,lp_comment(snum)); + if (uLevel > 0) len += StrlenExpanded(conn,snum,lp_comment(snum)); if (uLevel > 1) len += strlen(lp_pathname(snum)) + 1; if (buflen) *buflen = struct_len; if (stringspace) *stringspace = len; @@ -1415,7 +1416,7 @@ static int fill_share_info(int cnum, int snum, int uLevel, if (strequal("IPC$",lp_servicename(snum))) type = STYPE_IPC; SSVAL(p,14,type); /* device type */ SIVAL(p,16,PTR_DIFF(p2,baseaddr)); - len += CopyExpanded(cnum,snum,&p2,lp_comment(snum),&l2); + len += CopyExpanded(conn,snum,&p2,lp_comment(snum),&l2); } if (uLevel > 1) @@ -1455,7 +1456,7 @@ static int fill_share_info(int cnum, int snum, int uLevel, return len; } -static BOOL api_RNetShareGetInfo(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1475,7 +1476,7 @@ static BOOL api_RNetShareGetInfo(int cnum,uint16 vuid, char *param,char *data, *rdata = REALLOC(*rdata,mdrcnt); p = *rdata; - *rdata_len = fill_share_info(cnum,snum,uLevel,&p,&mdrcnt,0,0,0); + *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0); if (*rdata_len < 0) return False; *rparam_len = 6; @@ -1490,7 +1491,7 @@ static BOOL api_RNetShareGetInfo(int cnum,uint16 vuid, char *param,char *data, /**************************************************************************** view list of shares available ****************************************************************************/ -static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_RNetShareEnum(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1516,7 +1517,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, if (lp_browseable(i) && lp_snum_ok(i)) { total++; - data_len += fill_share_info(cnum,i,uLevel,0,&f_len,0,&s_len,0); + data_len += fill_share_info(conn,i,uLevel,0,&f_len,0,&s_len,0); if (data_len <= buf_len) { counted++; @@ -1536,7 +1537,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, s_len = string_len; for (i = 0; i < count;i++) if (lp_browseable(i) && lp_snum_ok(i)) - if (fill_share_info(cnum,i,uLevel,&p,&f_len,&p2,&s_len,*rdata) < 0) + if (fill_share_info(conn,i,uLevel,&p,&f_len,&p2,&s_len,*rdata) < 0) break; *rparam_len = 8; @@ -1557,7 +1558,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data, /**************************************************************************** get the time of day info ****************************************************************************/ -static BOOL api_NetRemoteTOD(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1606,7 +1607,7 @@ static BOOL api_NetRemoteTOD(int cnum,uint16 vuid, char *param,char *data, /**************************************************************************** set the user password ****************************************************************************/ -static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1682,7 +1683,7 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, Set the user password (SamOEM version - gets plaintext). ****************************************************************************/ -static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1760,7 +1761,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat delete a print job Form: <> ****************************************************************************/ -static BOOL api_RDosPrintJobDel(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1789,7 +1790,7 @@ static BOOL api_RDosPrintJobDel(int cnum,uint16 vuid, char *param,char *data, { print_queue_struct *queue=NULL; lpq_reset(snum); - count = get_printqueue(snum,cnum,&queue,NULL); + count = get_printqueue(snum,conn,&queue,NULL); for (i=0;iadmin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ @@ -2475,7 +2477,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, memset(p+22,' ',16); /* password */ SIVALS(p,38,-1); /* password age */ SSVAL(p,42, - Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ pstrcpy(p2,lp_logon_path()); p2 = skip_string(p2,1); @@ -2523,7 +2525,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data, /******************************************************************* get groups that a user is a member of ******************************************************************/ -static BOOL api_NetUserGetGroups(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2570,7 +2572,7 @@ static BOOL api_NetUserGetGroups(int cnum,uint16 vuid, char *param,char *data, } -static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2605,7 +2607,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, PACKS(&desc,"B21",name); /* eff. name */ PACKS(&desc,"B",""); /* pad */ PACKI(&desc,"W", - Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); PACKI(&desc,"D",0); /* auth flags XXX */ PACKI(&desc,"W",0); /* num logons */ PACKI(&desc,"W",0); /* bad pw count */ @@ -2628,7 +2630,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, /* JHT - By calling lp_logon_script() and standard_sub() we have */ /* made sure all macros are fully substituted and available */ logon_script = lp_logon_script(); - standard_sub( cnum, logon_script ); + standard_sub( conn, logon_script ); PACKS(&desc,"z", logon_script); /* script path */ /* End of JHT mods */ @@ -2650,7 +2652,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data, /**************************************************************************** api_WAccessGetUserPerms ****************************************************************************/ -static BOOL api_WAccessGetUserPerms(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2678,7 +2680,7 @@ static BOOL api_WAccessGetUserPerms(int cnum,uint16 vuid, char *param,char *data /**************************************************************************** api_WPrintJobEnumerate ****************************************************************************/ -static BOOL api_WPrintJobGetInfo(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2711,7 +2713,7 @@ static BOOL api_WPrintJobGetInfo(int cnum,uint16 vuid, char *param,char *data, if (snum < 0 || !VALID_SNUM(snum)) return(False); - count = get_printqueue(snum,cnum,&queue,&status); + count = get_printqueue(snum,conn,&queue,&status); for (i = 0; i < count; i++) { if ((queue[i].job & 0xFF) == job) break; } @@ -2721,7 +2723,7 @@ static BOOL api_WPrintJobGetInfo(int cnum,uint16 vuid, char *param,char *data, if (init_package(&desc,1,0)) { if (i < count) { - fill_printjob_info(cnum,snum,uLevel,&desc,&queue[i],i); + fill_printjob_info(conn,snum,uLevel,&desc,&queue[i],i); *rdata_len = desc.usedlen; } else { @@ -2742,7 +2744,7 @@ static BOOL api_WPrintJobGetInfo(int cnum,uint16 vuid, char *param,char *data, return(True); } -static BOOL api_WPrintJobEnumerate(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2784,7 +2786,7 @@ static BOOL api_WPrintJobEnumerate(int cnum,uint16 vuid, char *param,char *data, if (snum < 0 || !VALID_SNUM(snum)) return(False); - count = get_printqueue(snum,cnum,&queue,&status); + count = get_printqueue(snum,conn,&queue,&status); if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; @@ -2792,7 +2794,7 @@ static BOOL api_WPrintJobEnumerate(int cnum,uint16 vuid, char *param,char *data, if (init_package(&desc,count,0)) { succnt = 0; for (i = 0; i < count; i++) { - fill_printjob_info(cnum,snum,uLevel,&desc,&queue[i],i); + fill_printjob_info(conn,snum,uLevel,&desc,&queue[i],i); if (desc.errcode == NERR_Success) succnt = i+1; } } @@ -2827,7 +2829,7 @@ static int check_printdest_info(struct pack_desc* desc, return True; } -static void fill_printdest_info(int cnum, int snum, int uLevel, +static void fill_printdest_info(connection_struct *conn, int snum, int uLevel, struct pack_desc* desc) { char buf[100]; @@ -2860,7 +2862,7 @@ static void fill_printdest_info(int cnum, int snum, int uLevel, } } -static BOOL api_WPrintDestGetInfo(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2904,7 +2906,7 @@ static BOOL api_WPrintDestGetInfo(int cnum,uint16 vuid, char *param,char *data, desc.base = *rdata; desc.buflen = mdrcnt; if (init_package(&desc,1,0)) { - fill_printdest_info(cnum,snum,uLevel,&desc); + fill_printdest_info(conn,snum,uLevel,&desc); } *rdata_len = desc.usedlen; } @@ -2919,7 +2921,7 @@ static BOOL api_WPrintDestGetInfo(int cnum,uint16 vuid, char *param,char *data, return(True); } -static BOOL api_WPrintDestEnum(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -2957,7 +2959,7 @@ static BOOL api_WPrintDestEnum(int cnum,uint16 vuid, char *param,char *data, n = 0; for (i = 0; i < services; i++) { if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { - fill_printdest_info(cnum,i,uLevel,&desc); + fill_printdest_info(conn,i,uLevel,&desc); n++; if (desc.errcode == NERR_Success) succnt = n; } @@ -2977,7 +2979,7 @@ static BOOL api_WPrintDestEnum(int cnum,uint16 vuid, char *param,char *data, return(True); } -static BOOL api_WPrintDriverEnum(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -3022,7 +3024,7 @@ static BOOL api_WPrintDriverEnum(int cnum,uint16 vuid, char *param,char *data, return(True); } -static BOOL api_WPrintQProcEnum(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -3068,7 +3070,7 @@ static BOOL api_WPrintQProcEnum(int cnum,uint16 vuid, char *param,char *data, return(True); } -static BOOL api_WPrintPortEnum(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -3366,7 +3368,7 @@ static BOOL api_no_reply(char *outbuf, int max_rdata_len) /**************************************************************************** handle remote api calls delivered to a named pipe already opened. ****************************************************************************/ -static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, +static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, uint16 *setup,char *data,char *params, int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { @@ -3407,8 +3409,6 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, { DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)", subcommand, p->name, pnum)); - DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n", - tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid)); /* record maximum data length that can be transmitted in an SMBtrans */ p->file_offset = mdrcnt; @@ -3447,7 +3447,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, /**************************************************************************** the buffer was too small ****************************************************************************/ -static BOOL api_TooSmall(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -3468,7 +3468,7 @@ static BOOL api_TooSmall(int cnum,uint16 vuid, char *param,char *data, /**************************************************************************** the request is not supported ****************************************************************************/ -static BOOL api_Unsupported(int cnum,uint16 vuid, char *param,char *data, +static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -3493,7 +3493,8 @@ struct { char *name; int id; - BOOL (*fn)(int,uint16,char *,char *,int,int,char **,char **,int *,int *); + BOOL (*fn)(connection_struct *,uint16,char *,char *, + int,int,char **,char **,int *,int *); int flags; } api_commands[] = { {"RNetShareEnum", 0, api_RNetShareEnum,0}, @@ -3531,7 +3532,7 @@ struct /**************************************************************************** handle remote api calls ****************************************************************************/ -static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params, +static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *params, int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { int api_command = SVAL(params,0); @@ -3558,21 +3559,21 @@ static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params, rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); - reply = api_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt, + reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); if (rdata_len > mdrcnt || rparam_len > mprcnt) { - reply = api_TooSmall(cnum,vuid,params,data,mdrcnt,mprcnt, + reply = api_TooSmall(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); } /* if we get False back then it's actually unsupported */ if (!reply) - api_Unsupported(cnum,vuid,params,data,mdrcnt,mprcnt, + api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); @@ -3597,7 +3598,7 @@ static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params, /**************************************************************************** handle named pipe commands ****************************************************************************/ -static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name, +static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *name, uint16 *setup,char *data,char *params, int suwcnt,int tdscnt,int tpscnt, int msrcnt,int mdrcnt,int mprcnt) @@ -3606,12 +3607,12 @@ static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name, if (strequal(name,"LANMAN")) { - return api_reply(cnum,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt); + return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt); } if (strlen(name) < 1) { - return api_fd_reply(cnum,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); + return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); } if (setup) @@ -3626,141 +3627,132 @@ static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name, /**************************************************************************** reply to a SMBtrans ****************************************************************************/ -int reply_trans(char *inbuf,char *outbuf, int size, int bufsize) -{ - fstring name; - - char *data=NULL,*params=NULL; - uint16 *setup=NULL; - - int outsize = 0; - int cnum = SVAL(inbuf,smb_tid); - uint16 vuid = SVAL(inbuf,smb_uid); - - int tpscnt = SVAL(inbuf,smb_vwv0); - int tdscnt = SVAL(inbuf,smb_vwv1); - int mprcnt = SVAL(inbuf,smb_vwv2); - int mdrcnt = SVAL(inbuf,smb_vwv3); - int msrcnt = CVAL(inbuf,smb_vwv4); - BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0); - BOOL one_way = BITSETW(inbuf+smb_vwv5,1); - int pscnt = SVAL(inbuf,smb_vwv9); - int psoff = SVAL(inbuf,smb_vwv10); - int dscnt = SVAL(inbuf,smb_vwv11); - int dsoff = SVAL(inbuf,smb_vwv12); - int suwcnt = CVAL(inbuf,smb_vwv13); - - bzero(name, sizeof(name)); - fstrcpy(name,smb_buf(inbuf)); - - if (dscnt > tdscnt || pscnt > tpscnt) { - exit_server("invalid trans parameters\n"); - } +int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize) +{ + fstring name; + + char *data=NULL,*params=NULL; + uint16 *setup=NULL; + int outsize = 0; + uint16 vuid = SVAL(inbuf,smb_uid); + int tpscnt = SVAL(inbuf,smb_vwv0); + int tdscnt = SVAL(inbuf,smb_vwv1); + int mprcnt = SVAL(inbuf,smb_vwv2); + int mdrcnt = SVAL(inbuf,smb_vwv3); + int msrcnt = CVAL(inbuf,smb_vwv4); + BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0); + BOOL one_way = BITSETW(inbuf+smb_vwv5,1); + int pscnt = SVAL(inbuf,smb_vwv9); + int psoff = SVAL(inbuf,smb_vwv10); + int dscnt = SVAL(inbuf,smb_vwv11); + int dsoff = SVAL(inbuf,smb_vwv12); + int suwcnt = CVAL(inbuf,smb_vwv13); + + bzero(name, sizeof(name)); + fstrcpy(name,smb_buf(inbuf)); + + if (dscnt > tdscnt || pscnt > tpscnt) { + exit_server("invalid trans parameters\n"); + } - if (tdscnt) - { - data = (char *)malloc(tdscnt); - memcpy(data,smb_base(inbuf)+dsoff,dscnt); - } - if (tpscnt) - { - params = (char *)malloc(tpscnt); - memcpy(params,smb_base(inbuf)+psoff,pscnt); - } + if (tdscnt) { + data = (char *)malloc(tdscnt); + memcpy(data,smb_base(inbuf)+dsoff,dscnt); + } - if (suwcnt) - { - int i; - setup = (uint16 *)malloc(suwcnt*sizeof(setup[0])); - for (i=0;i tdscnt || pscnt > tpscnt) { - exit_server("invalid trans parameters\n"); - } - - if (pcnt) - memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt); - if (dcnt) - memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt); - } - - - DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",name,tdscnt,tpscnt,suwcnt)); - - if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0) - { - DEBUG(5,("calling named_pipe\n")); - outsize = named_pipe(cnum,vuid,outbuf,name+strlen("\\PIPE\\"),setup,data,params, - suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); - } - else - { - DEBUG(3,("invalid pipe name\n")); - outsize = 0; - } - - - if (data) free(data); - if (params) free(params); - if (setup) free(setup); - - if (close_on_completion) - close_cnum(cnum,vuid); + tpscnt = SVAL(inbuf,smb_vwv0); + tdscnt = SVAL(inbuf,smb_vwv1); + + pcnt = SVAL(inbuf,smb_vwv2); + poff = SVAL(inbuf,smb_vwv3); + pdisp = SVAL(inbuf,smb_vwv4); + + dcnt = SVAL(inbuf,smb_vwv5); + doff = SVAL(inbuf,smb_vwv6); + ddisp = SVAL(inbuf,smb_vwv7); + + pscnt += pcnt; + dscnt += dcnt; + + if (dscnt > tdscnt || pscnt > tpscnt) { + exit_server("invalid trans parameters\n"); + } + + if (pcnt) + memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt); + if (dcnt) + memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt); + } + + + DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n", + name,tdscnt,tpscnt,suwcnt)); + + if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0) { + DEBUG(5,("calling named_pipe\n")); + outsize = named_pipe(conn,vuid,outbuf,name+strlen("\\PIPE\\"),setup,data,params, + suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); + } else { + DEBUG(3,("invalid pipe name\n")); + outsize = 0; + } - if (one_way) - return(-1); - - if (outsize == 0) - return(ERROR(ERRSRV,ERRnosupport)); + + if (data) free(data); + if (params) free(params); + if (setup) free(setup); + + if (close_on_completion) + close_cnum(conn,vuid); - return(outsize); + if (one_way) + return(-1); + + if (outsize == 0) + return(ERROR(ERRSRV,ERRnosupport)); + + return(outsize); } -- cgit From e13aeea928dd89373cfaf3916c96f853c1227884 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 15 Aug 1998 01:19:26 +0000 Subject: configure: Changes for extra headers. configure.in: Source for header changes. client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile. include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers. include/includes.h: Headers for the above. include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int). lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/debug.c: Fixed signal functs. lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile. libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem_sysv.c: Fixed error messages in sysV stuff. nmbd/asyncdns.c: Fixed signal functs. nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/nttrans.c: Fixed fsp code path. smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem. smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/trans2.c: Fixed core dump bug. smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile. Jeremy. (This used to be commit 1b9cbcd02e575dc0a95fa589f720df30a4acc46b) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a72b442735..63495f0479 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -274,7 +274,7 @@ static int get_counter(char** p) { int i, n; if (!p || !(*p)) return(1); - if (!isdigit(**p)) return 1; + if (!isdigit((int)**p)) return 1; for (n = 0;;) { i = **p; if (isdigit(i)) @@ -1969,7 +1969,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha break; case 0xb: /* change print job name, data gives the name */ /* jobid, snum should be zero */ - if (isalpha(*s)) + if (isalpha((int)*s)) { pstring name; int l = 0; -- cgit From 127655cc888ac40332d4e8e5b94aab03f5120aae Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 15 Aug 1998 07:27:34 +0000 Subject: this checkin gets rid of the global Files[] array and makes it local in files.c it should now be faily easy to expand the default MAX_OPEN_FILES to many thousands. (This used to be commit b088c804f98908eb02f05ab2f2e8a61691a0a582) --- source3/smbd/ipc.c | 174 ++++++++++++++++++++++++++--------------------------- 1 file changed, 85 insertions(+), 89 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 63495f0479..ae225956a2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -36,7 +36,6 @@ extern int DEBUGLEVEL; extern int max_send; -extern files_struct Files[]; extern fstring local_machine; extern fstring global_myworkgroup; @@ -1913,108 +1912,105 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - struct pack_desc desc; - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int jobid, snum; - int uLevel = SVAL(p,2); - int function = SVAL(p,4); /* what is this ?? */ - int i; - char *s = data; + struct pack_desc desc; + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int jobid, snum; + int uLevel = SVAL(p,2); + int function = SVAL(p,4); /* what is this ?? */ + int i; + char *s = data; + files_struct *fsp; - printjob_decode(SVAL(p,0), &snum, &jobid); + printjob_decode(SVAL(p,0), &snum, &jobid); - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); - *rdata_len = 0; - - /* check it's a supported varient */ - if ((strcmp(str1,"WWsTP")) || (!check_printjob_info(&desc,uLevel,str2))) - return(False); + *rdata_len = 0; + + /* check it's a supported varient */ + if ((strcmp(str1,"WWsTP")) || + (!check_printjob_info(&desc,uLevel,str2))) + return(False); - switch (function) { - case 0x6: /* change job place in the queue, data gives the new place */ - if (snum >= 0 && VALID_SNUM(snum)) - { - print_queue_struct *queue=NULL; - int count; + switch (function) { + case 0x6: /* change job place in the queue, + data gives the new place */ + if (snum >= 0 && VALID_SNUM(snum)) { + print_queue_struct *queue=NULL; + int count; - lpq_reset(snum); - count = get_printqueue(snum,conn,&queue,NULL); - for (i=0;i place ) /* move up */; - } + { + int place= SVAL(data,0); + /* we currently have no way of + doing this. Can any unix do it? */ + if (i < place) /* move down */; + else if (i > place ) /* move up */; + } #endif - desc.errcode=NERR_notsupported; /* not yet supported */ - if (queue) free(queue); - } - } - else desc.errcode=NERR_JobNotFound; - break; - case 0xb: /* change print job name, data gives the name */ - /* jobid, snum should be zero */ - if (isalpha((int)*s)) - { - pstring name; - int l = 0; - while (l<64 && *s) - { - if (issafe(*s)) name[l++] = *s; - s++; - } - name[l] = 0; + desc.errcode=NERR_notsupported; /* not yet + supported */ + if (queue) free(queue); + } + } else { + desc.errcode=NERR_JobNotFound; + } + break; + + case 0xb: /* change print job name, data gives the name */ + /* jobid, snum should be zero */ + if (isalpha((int)*s)) { + pstring name; + int l = 0; + while (l<64 && *s) { + if (issafe(*s)) name[l++] = *s; + s++; + } + name[l] = 0; - DEBUG(3,("Setting print name to %s\n",name)); + DEBUG(3,("Setting print name to %s\n",name)); - become_root(True); - - for (i=0;iconn; + unbecome_user(); - if (!become_user(fconn,vuid) || - !become_service(fconn,True)) - break; + if (!become_user(fconn,vuid) || + !become_service(fconn,True)) + break; - if (sys_rename(Files[i].fsp_name,name) == 0) { - string_set(&Files[i].fsp_name,name); - } - break; - } + if (sys_rename(fsp->fsp_name,name) == 0) { + string_set(&fsp->fsp_name,name); + } + break; + } + } + desc.errcode=NERR_Success; + break; - unbecome_root(True); - } - desc.errcode=NERR_Success; - - break; - default: /* not implemented */ - return False; - } + default: /* not implemented */ + return False; + } - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); /* converter word */ - - return(True); + SSVALS(*rparam,0,desc.errcode); + SSVAL(*rparam,2,0); /* converter word */ + + return(True); } -- cgit From b590b27b45725993335c6c1f110bf1a9bb56513b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 16 Aug 1998 06:20:18 +0000 Subject: - some tidying up in files.c - handle null fsp in DEBUG() at end of reply_ntcreate_and_X(). Jeremy, can you fix this properly? - get snum right in print queue code in ipc.c (it was broken by my connections_struct changes). (This used to be commit b3dd3785751db2d5d0a80ffac9c3df01c9909891) --- source3/smbd/ipc.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ae225956a2..be7fb8d8e3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -833,20 +833,19 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, if (snum < 0 || !VALID_SNUM(snum)) return(False); - if (uLevel==52) - { - count = get_printerdrivernumber(snum); - DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count)); + if (uLevel==52) { + count = get_printerdrivernumber(snum); + DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count)); } else { - count = get_printqueue(SNUM(conn), conn,&queue,&status); + count = get_printqueue(snum, conn,&queue,&status); } if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; if (init_package(&desc,1,count)) { - desc.subcount = count; - fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status); + desc.subcount = count; + fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status); } *rdata_len = desc.usedlen; -- cgit From f2d538a105a61ce6d2852700fc328e15ac158827 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Aug 1998 03:06:20 +0000 Subject: some cleanups from the conversion of Pipes[] to a linked list. I also removed most cases where a pnum is used and substituted a pipes_struct*. in files.c I added a offset of 0x1000 to all file handles on the wire. This makes it much less likely that bad parsing will give us the wrong field. (This used to be commit 8bc2627ff28d340db65bfa017daca2dc291d5ef7) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index be7fb8d8e3..1a6fb3366a 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3398,7 +3398,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, /* Get the file handle and hence the file name. */ pnum = setup[1]; subcommand = setup[0]; - get_rpc_pipe(pnum, &p); + p = get_rpc_pipe(pnum); if (p != NULL) { -- cgit From 038e3433d39337f736b7b69ac1e6212e9f8e5406 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 21 Aug 1998 11:37:40 +0000 Subject: added new smb.conf option "panic action". see my samba-technical explanation. (This used to be commit c6899df44c34088a4d2bf1edc840320b0ba7e32e) --- source3/smbd/ipc.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1a6fb3366a..eb0abc37c0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -377,9 +377,7 @@ va_dcl DEBUG(2,("type error in package: %s instead of %*s\n",str, strlen(str),p->curpos)); va_end(args); -#if AJT - ajt_panic(); -#endif + smb_panic("invalid types in ipc"); return 0; } #endif -- cgit From 3f3f47b0bd8d089120d267cfad1976db95cd8ebe Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 22 Aug 1998 02:54:21 +0000 Subject: added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberally in the rpc code. (This used to be commit e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795) --- source3/smbd/ipc.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index eb0abc37c0..46fb6a22ff 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -373,13 +373,7 @@ va_dcl } #if CHECK_TYPES str = va_arg(args,char*); - if (strncmp(str,p->curpos,strlen(str)) != 0) { - DEBUG(2,("type error in package: %s instead of %*s\n",str, - strlen(str),p->curpos)); - va_end(args); - smb_panic("invalid types in ipc"); - return 0; - } + ASSERT(strncmp(str,p->curpos,strlen(str)) == 0); #endif stringneeded = -1; -- cgit From 8afc9c80ac11649f06e5517d819dbf201c941acb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 24 Aug 1998 21:49:10 +0000 Subject: Changed ASSERT macros to SMB_ASSERT macros as some systems already have an ASSERT macro defined. Jeremy. (This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 46fb6a22ff..70c2668d92 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -373,7 +373,7 @@ va_dcl } #if CHECK_TYPES str = va_arg(args,char*); - ASSERT(strncmp(str,p->curpos,strlen(str)) == 0); + SMB_ASSERT(strncmp(str,p->curpos,strlen(str)) == 0); #endif stringneeded = -1; -- cgit From 61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 31 Aug 1998 03:11:42 +0000 Subject: bounds check next_token() to prevent possible buffer overflows (This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3) --- source3/smbd/ipc.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 70c2668d92..7c0a51f785 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -658,7 +658,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, p = q; /* reset string pointer */ fgets(p,8191,f); p[strlen(p)-1]='\0'; - if (next_token(&p,tok,":") && + if (next_token(&p,tok,":",sizeof(tok)) && (strlen(lp_printerdriver(snum)) == strlen(tok)) && (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) ok=1; @@ -666,9 +666,9 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, fclose(f); /* driver file name */ - if (ok && !next_token(&p,driver,":")) ok = 0; + if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0; /* data file name */ - if (ok && !next_token(&p,datafile,":")) ok = 0; + if (ok && !next_token(&p,datafile,":",sizeof(datafile))) ok = 0; /* * for the next tokens - which may be empty - I have to check for empty * tokens first because the next_token function will skip all empty @@ -679,7 +679,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, if (*p == ':') { *helpfile = '\0'; p++; - } else if (!next_token(&p,helpfile,":")) ok = 0; + } else if (!next_token(&p,helpfile,":",sizeof(helpfile))) ok = 0; } if (ok) { @@ -687,11 +687,11 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, if (*p == ':') { *langmon = '\0'; p++; - } else if (!next_token(&p,langmon,":")) ok = 0; + } else if (!next_token(&p,langmon,":",sizeof(langmon))) ok = 0; } /* default data type */ - if (ok && !next_token(&p,datatype,":")) ok = 0; + if (ok && !next_token(&p,datatype,":",sizeof(datatype))) ok = 0; if (ok) { PACKI(desc,"W",0x0400); /* don't know */ @@ -714,7 +714,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, /* no need to check return value here - it was already tested in * get_printerdrivernumber */ - next_token(&p,tok,","); + next_token(&p,tok,",",sizeof(tok)); PACKS(desc,"z",tok); /* driver files to copy */ DEBUG(3,("file:%s:\n",tok)); } @@ -755,7 +755,7 @@ int get_printerdrivernumber(int snum) { p = q; /* reset string pointer */ fgets(p,8191,f); - if (next_token(&p,tok,":") && + if (next_token(&p,tok,":",sizeof(tok)) && (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) ok=1; } @@ -771,7 +771,7 @@ int get_printerdrivernumber(int snum) return(0); /* count the number of files */ - while (next_token(&p,tok,",")) + while (next_token(&p,tok,",",sizeof(tok))) i++; } free(q); @@ -1021,10 +1021,10 @@ static int get_server_info(uint32 servertype, } s = &(*servers)[count]; - if (!next_token(&ptr,s->name , NULL)) continue; - if (!next_token(&ptr,stype , NULL)) continue; - if (!next_token(&ptr,s->comment, NULL)) continue; - if (!next_token(&ptr,s->domain , NULL)) { + if (!next_token(&ptr,s->name , NULL, sizeof(s->name))) continue; + if (!next_token(&ptr,stype , NULL, sizeof(stype))) continue; + if (!next_token(&ptr,s->comment, NULL, sizeof(s->comment))) continue; + if (!next_token(&ptr,s->domain , NULL, sizeof(s->domain))) { /* this allows us to cope with an old nmbd */ pstrcpy(s->domain,global_myworkgroup); } -- cgit From 18556274139cc5a00593471bd745354d98a35303 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 1 Sep 1998 20:11:54 +0000 Subject: More abstraction of file system data types, to move to a 64 bit file interface for the NT SMB's. Created a new define, SMB_STRUCT_STAT that currently is defined to be struct stat - this wil change to a user defined type containing 64 bit info when the correct wrappers are written for 64 bit stat(), fstat() and lstat() calls. Also changed all sys_xxxx() calls that were previously just wrappers to the same call prefixed by a dos_to_unix() call into dos_xxxx() calls. This makes it explicit when a pathname translation is being done, and when it is not. Now, all sys_xxx() calls are meant to be wrappers to mask OS differences, and not silently converting filenames on the fly. Jeremy. (This used to be commit 28aa182dbffaa4ffd86047e608400de4b26e80eb) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7c0a51f785..e3b39e6eb2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1985,7 +1985,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha !become_service(fconn,True)) break; - if (sys_rename(fsp->fsp_name,name) == 0) { + if (dos_rename(fsp->fsp_name,name) == 0) { string_set(&fsp->fsp_name,name); } break; -- cgit From 4acd373e5bbd615141ceb5fb3c4a588a5b4581d7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 3 Sep 1998 05:37:15 +0000 Subject: changed the SMBtrans reply code to align at the same alignment as observed from NT. We were aligning the data before but not the parameters. This aligns both. This change may break some other parts of ipc.c if we have relied on the alignment somewhere, so if you think this broke something then let me know. (This used to be commit d252d331015b7606618ba1422bb669da003da293) --- source3/smbd/ipc.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e3b39e6eb2..048afe35cd 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -144,7 +144,7 @@ static void copy_trans_params_and_data(char *outbuf, int align, int param_offset, int data_offset, int param_len, int data_len) { - char *copy_into = smb_buf(outbuf); + char *copy_into = smb_buf(outbuf)+1; DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n", param_offset, param_offset + param_len, @@ -182,14 +182,9 @@ static void send_trans_reply(char *outbuf, this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); -#ifdef CONFUSE_NETMONITOR_MSRPC_DECODING - /* if you don't want Net Monitor to decode your packets, do this!!! */ - align = ((this_lparam+1)%4); -#else - align = (this_lparam%4); -#endif + align = ((this_lparam)%4); - set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); + set_message(outbuf,10+lsetup,1+align+this_ldata+this_lparam,True); if (buffer_too_large) { @@ -206,10 +201,10 @@ static void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv0,lparam); SSVAL(outbuf,smb_vwv1,ldata); SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf)); + SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); SSVAL(outbuf,smb_vwv5,0); SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf)); + SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); SSVAL(outbuf,smb_vwv8,0); SSVAL(outbuf,smb_vwv9,lsetup); @@ -231,7 +226,7 @@ static void send_trans_reply(char *outbuf, align = (this_lparam%4); - set_message(outbuf,10,this_ldata+this_lparam+align,False); + set_message(outbuf,10,1+this_ldata+this_lparam+align,False); copy_trans_params_and_data(outbuf, align, rparam , rdata, @@ -239,10 +234,10 @@ static void send_trans_reply(char *outbuf, this_lparam, this_ldata); SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf)); + SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); SSVAL(outbuf,smb_vwv5,tot_param); SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf)); + SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); SSVAL(outbuf,smb_vwv8,tot_data); SSVAL(outbuf,smb_vwv9,0); -- cgit From e9ea36e4d2270bd7d32da12ef6d6e2299641582d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 5 Sep 1998 05:07:05 +0000 Subject: tridge the destroyer returns! prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 048afe35cd..8f7b1a9e15 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -725,7 +725,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, } /* This function returns the number of files for a given driver */ -int get_printerdrivernumber(int snum) +static int get_printerdrivernumber(int snum) { int i=0,ok=0; pstring tok; -- cgit From 519a6d5f0ed0d81cf739394c1c8c305f8ae43c87 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 7 Sep 1998 17:01:52 +0000 Subject: added 0x10 to the frag length in the "bind ack". (This used to be commit 46301b1d2161317f56049934a9e7b658447b2c76) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8f7b1a9e15..61d9aa8bdd 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3205,7 +3205,7 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST, p->hdr.call_id, - p->rdata.offset + p->rauth.offset, + p->rdata.offset + p->rauth.offset + 0x10, p->rauth.offset); smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0); -- cgit From ac9b687cc2496409e1c8d86393812faf94ec7550 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 17 Sep 1998 19:16:12 +0000 Subject: configure configure.in: Added tests for fseek64 and ftell64. config.h.in: Added fseek64 and ftell64. includes.h: Added definition of SMB_BIG_INTEGER. smb.h: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. access.c: Tidyup of dbug statement. system.c: Added sys_fseek and sys_ftell. Changed mode calls to use mode_t. asyncdns.c: Tidyup of comment. loadparm.c: Tidyup of set_default_server_announce_type() function definition. ldap.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. nispass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpassfile.c: Use sys_fseek(). chgpasswd.c: Tidyup of debug statement. dosmode.c: Changed mode calls to use mode_t. ipc.c: Removal of dead code. nttrans.c: Changed mode calls to use mode_t. open.c: Changed mode calls to use mode_t. pipes.c: Removal of dead code. reply.c: Removal of dead code. trans2.c: Removal of dead code. Changed mode calls to use mode_t. Jeremy. (This used to be commit c381d32e3dc23fe887408016cae821aceb30da2c) --- source3/smbd/ipc.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 61d9aa8bdd..ce300dc810 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -784,7 +784,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); char *QueueName = p; - int uLevel,cbBuf; + int uLevel; int count=0; int snum; char* str3; @@ -797,7 +797,6 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, p = skip_string(p,1); uLevel = SVAL(p,0); - cbBuf = SVAL(p,2); str3 = p + 4; /* remove any trailing username */ @@ -2670,7 +2669,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int uLevel,cbBuf; + int uLevel; int count; int i; int snum; @@ -2680,7 +2679,6 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para print_status_struct status; uLevel = SVAL(p,2); - cbBuf = SVAL(p,4); bzero(&desc,sizeof(desc)); bzero(&status,sizeof(status)); @@ -2735,7 +2733,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); char* name = p; - int uLevel,cbBuf; + int uLevel; int count; int i, succnt=0; int snum; @@ -2748,7 +2746,6 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa p = skip_string(p,1); uLevel = SVAL(p,0); - cbBuf = SVAL(p,2); DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name)); @@ -2853,7 +2850,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); char* PrinterName = p; - int uLevel,cbBuf; + int uLevel; struct pack_desc desc; int snum; @@ -2861,7 +2858,6 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par p = skip_string(p,1); uLevel = SVAL(p,0); - cbBuf = SVAL(p,2); DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName)); @@ -2911,7 +2907,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int uLevel,cbBuf; + int uLevel; int queuecnt; int i, n, succnt=0; struct pack_desc desc; @@ -2920,7 +2916,6 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, bzero(&desc,sizeof(desc)); uLevel = SVAL(p,0); - cbBuf = SVAL(p,2); DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel)); @@ -2969,14 +2964,13 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int uLevel,cbBuf; + int uLevel; int succnt; struct pack_desc desc; bzero(&desc,sizeof(desc)); uLevel = SVAL(p,0); - cbBuf = SVAL(p,2); DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel)); @@ -3014,14 +3008,13 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int uLevel,cbBuf; + int uLevel; int succnt; struct pack_desc desc; bzero(&desc,sizeof(desc)); uLevel = SVAL(p,0); - cbBuf = SVAL(p,2); DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel)); @@ -3060,14 +3053,13 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int uLevel,cbBuf; + int uLevel; int succnt; struct pack_desc desc; bzero(&desc,sizeof(desc)); uLevel = SVAL(p,0); - cbBuf = SVAL(p,2); DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel)); -- cgit From aab2fe021643417854451c65e564932f4ac25f10 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 23 Sep 1998 01:48:45 +0000 Subject: First cut at kernel oplocks. This should have no effect unless runnin on a machine that supports them in autoconf. Move various functions out of lib/util.c into smbd/process.c and smbd/oplock.c where they belong. Jeremy. (This used to be commit c3c5e13f85c97939746070132dad941e79c546fb) --- source3/smbd/ipc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ce300dc810..22fd318f63 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -60,7 +60,6 @@ extern fstring global_myworkgroup; #define QNLEN 12 /* queue name maximum length */ extern int Client; -extern int oplock_sock; extern int smb_read_error; static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, @@ -3660,7 +3659,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int BOOL ret; int pcnt,poff,dcnt,doff,pdisp,ddisp; - ret = receive_next_smb(Client,oplock_sock,inbuf,bufsize,SMB_SECONDARY_WAIT); + ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); if ((ret && (CVAL(inbuf, smb_com) != SMBtrans)) || !ret) { if(ret) { -- cgit From 008fd973097303ac984cd7c004e3dea67d54813d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 28 Sep 1998 23:55:09 +0000 Subject: Fixed problems found in lint pass over the old code by . These were the problems that still existed in the 2.0 branch. Jeremy. (This used to be commit 3fd28812f75f2311a114ff905143634e3bbb1fac) --- source3/smbd/ipc.c | 54 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 10 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 22fd318f63..ec126c89ff 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -642,7 +642,13 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, return; } - p=(char *)malloc(8192*sizeof(char)); + if((p=(char *)malloc(8192*sizeof(char))) == NULL) { + DEBUG(0,("fill_printq_info: malloc fail !\n")); + desc->errcode=NERR_notsupported; + fclose(f); + return; + } + bzero(p, 8192*sizeof(char)); q=p; @@ -741,7 +747,12 @@ static int get_printerdrivernumber(int snum) return(0); } - p=(char *)malloc(8192*sizeof(char)); + if((p=(char *)malloc(8192*sizeof(char))) == NULL) { + DEBUG(3,("get_printerdrivernumber: malloc fail !\n")); + fclose(f); + return 0; + } + q=p; /* need it to free memory because p change ! */ /* lookup the long printer driver name in the file description */ @@ -882,11 +893,20 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) queuecnt++; if (uLevel > 0) { - queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*)); + if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) { + DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); + return False; + } memset(queue,0,queuecnt*sizeof(print_queue_struct*)); - status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct)); + if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) { + DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); + return False; + } memset(status,0,queuecnt*sizeof(print_status_struct)); - subcntarr = (int*)malloc(queuecnt*sizeof(int)); + if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) { + DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); + return False; + } subcnt = 0; n = 0; for (i = 0; i < services; i++) @@ -3525,13 +3545,18 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data for (i=0;api_commands[i].name;i++) if (api_commands[i].id == api_command && api_commands[i].fn) { - DEBUG(3,("Doing %s\n",api_commands[i].name)); - break; + DEBUG(3,("Doing %s\n",api_commands[i].name)); + break; } rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); + if(!rdata || !rparam) { + DEBUG(0,("api_reply: malloc fail !\n")); + return -1; + } + reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); @@ -3629,18 +3654,27 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (tdscnt) { - data = (char *)malloc(tdscnt); + if((data = (char *)malloc(tdscnt)) == NULL) { + DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); + return(ERROR(ERRDOS,ERRnomem)); + } memcpy(data,smb_base(inbuf)+dsoff,dscnt); } if (tpscnt) { - params = (char *)malloc(tpscnt); + if((params = (char *)malloc(tpscnt)) == NULL) { + DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); + return(ERROR(ERRDOS,ERRnomem)); + } memcpy(params,smb_base(inbuf)+psoff,pscnt); } if (suwcnt) { int i; - setup = (uint16 *)malloc(suwcnt*sizeof(setup[0])); + if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { + DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", suwcnt * sizeof(uint16))); + return(ERROR(ERRDOS,ERRnomem)); + } for (i=0;i Date: Tue, 29 Sep 1998 20:24:17 +0000 Subject: Got very strict about the differences and uses of uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ec126c89ff..db6ee62f91 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2383,7 +2383,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param Don't depend on vuser being non-null !!. JRA */ user_struct *vuser = get_valid_user_struct(vuid); if(vuser != NULL) - DEBUG(3,(" Username of UID %d is %s\n", vuser->uid, vuser->name)); + DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->uid, vuser->name)); *rparam_len = 6; *rparam = REALLOC(*rparam,*rparam_len); -- cgit From c07b2bdf9032c870f7f50a9671e8d9fb0a56739a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 6 Oct 1998 22:03:04 +0000 Subject: dce/rpc (This used to be commit eb279cabd059603b6c8d9b74e4fd31c4ffe87593) --- source3/smbd/ipc.c | 80 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 60 insertions(+), 20 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index db6ee62f91..ebb3c11da8 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3110,6 +3110,34 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, return(True); } +static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) +{ + /* receive a negotiate; send a challenge; receive a response */ + switch (p->auth_verifier.msg_type) + { + case NTLMSSP_NEGOTIATE: + { + smb_io_rpc_auth_ntlmssp_neg("", &p->ntlmssp_neg, pd, 0); + break; + } + case NTLMSSP_AUTH: + { + smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0); + break; + } + default: + { + /* NTLMSSP expected: unexpected message type */ + DEBUG(3,("unexpected message type in NTLMSSP %d\n", + p->auth_verifier.msg_type)); + return False; + break; + } + } + + return (pd->offset != 0); +} + struct api_cmd { char * pipe_clnt_name; @@ -3159,12 +3187,16 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) if (p->hdr.auth_len != 0) { /* decode the authentication verifier */ - smb_io_rpc_auth_ntlmssp_req("", &p->ntlmssp_req, pd, 0); + smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0); if (pd->offset == 0) return False; - /* ignore the version number for now */ - ntlmssp_auth = strequal(p->ntlmssp_req.ntlmssp_str, "NTLMSSP"); + ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP"); + + if (ntlmssp_auth) + { + if (!api_pipe_ntlmssp(p, pd)) return False; + } } /* name has to be \PIPE\xxxxx */ @@ -3176,18 +3208,19 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) prs_init(&(p->rdata), 1024, 4, 0, False); prs_init(&(p->rhdr ), 0x10, 4, 0, False); prs_init(&(p->rauth), 1024, 4, 0, False); + prs_init(&(p->rntlm), 1024, 4, 0, False); /***/ /*** do the bind ack first ***/ /***/ make_rpc_hdr_ba(&p->hdr_ba, - p->hdr_rb.bba.max_tsize, + p->hdr_rb.bba.max_tsize, p->hdr_rb.bba.max_rsize, p->hdr_rb.bba.assoc_gid, - ack_pipe_name, - 0x1, 0x0, 0x0, - &(p->hdr_rb.transfer)); + ack_pipe_name, + 0x1, 0x0, 0x0, + &(p->hdr_rb.transfer)); smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0); mem_realloc_data(p->rdata.data, p->rdata.offset); @@ -3198,16 +3231,19 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) if (ntlmssp_auth) { - uint8 data[16]; - bzero(data, sizeof(data)); /* first 8 bytes are non-zero */ - - make_rpc_auth_ntlmssp_resp(&p->ntlmssp_resp, - 0x0a, 0x06, 0, - "NTLMSSP", 2, - 0x00000000, 0x0000b2b3, 0x000082b1, - data); - smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, &p->rauth, 0); + uint8 challenge[8]; + generate_random_buffer(challenge, 8, False); + + make_rpc_auth_verifier(&p->auth_verifier, + 0x0a, 0x06, 0, + "NTLMSSP", NTLMSSP_CHALLENGE); + smb_io_rpc_auth_verifier("", &p->auth_verifier, &p->rauth, 0); mem_realloc_data(p->rauth.data, p->rauth.offset); + + make_rpc_auth_ntlmssp_chal(&p->ntlmssp_chal, + 0x000082b1, challenge); + smb_io_rpc_auth_ntlmssp_chal("", &p->ntlmssp_chal, &p->rntlm, 0); + mem_realloc_data(p->rntlm.data, p->rntlm.offset); } /***/ @@ -3216,8 +3252,8 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST, p->hdr.call_id, - p->rdata.offset + p->rauth.offset + 0x10, - p->rauth.offset); + p->rdata.offset + p->rauth.offset + p->rntlm.offset + 0x10, + p->rauth.offset + p->rntlm.offset); smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0); mem_realloc_data(p->rhdr.data, p->rdata.offset); @@ -3237,8 +3273,12 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) p->rdata.data->next = p->rauth.data; p->rauth.data->offset.start = p->rhdr.offset + p->rdata.offset; - p->rauth.data->offset.end = p->rhdr.offset + p->rauth.offset + p->rdata.offset; - p->rauth.data->next = NULL; + p->rauth.data->offset.end = p->rhdr.offset + p->rdata.offset + p->rauth.offset; + p->rauth.data->next = p->rntlm.data; + + p->rntlm.data->offset.start = p->rhdr.offset + p->rdata.offset + p->rauth.offset; + p->rntlm.data->offset.end = p->rhdr.offset + p->rdata.offset + p->rauth.offset + p->rntlm.offset; + p->rntlm.data->next = NULL; } else { -- cgit From 2fef8f2e87f61043e3f1a2cf7d1f2a4ff9f119ff Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 7 Oct 1998 15:22:49 +0000 Subject: dce/rpc (This used to be commit 34afa638f6f7bb145ec094510ac58f7a22dfc3aa) --- source3/smbd/ipc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ebb3c11da8..f2831ce888 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3159,6 +3159,7 @@ static struct api_cmd api_fd_commands[] = static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) { BOOL ntlmssp_auth = False; + uint16 assoc_gid; fstring ack_pipe_name; int i = 0; @@ -3214,10 +3215,19 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) /*** do the bind ack first ***/ /***/ + if (ntlmssp_auth) + { + assoc_gid = 0x7a77; + } + else + { + assoc_gid = p->hdr_rb.bba.assoc_gid; + } + make_rpc_hdr_ba(&p->hdr_ba, p->hdr_rb.bba.max_tsize, p->hdr_rb.bba.max_rsize, - p->hdr_rb.bba.assoc_gid, + assoc_gid, ack_pipe_name, 0x1, 0x0, 0x0, &(p->hdr_rb.transfer)); -- cgit From 4c172b5575600d05f7cb15e15d0d981f920697b5 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 7 Oct 1998 16:45:44 +0000 Subject: return False _and_ a break in a switch statement. (This used to be commit e3f0f1ad9c2b81fd3489d858a9a98338001538c5) --- source3/smbd/ipc.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f2831ce888..c0ce190023 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3131,7 +3131,6 @@ static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) DEBUG(3,("unexpected message type in NTLMSSP %d\n", p->auth_verifier.msg_type)); return False; - break; } } -- cgit From 48b31ae44fb2a1961bd738b0b3e7a986259168a2 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 7 Oct 1998 21:42:24 +0000 Subject: dce/rpc (This used to be commit 6677b888bdb45df00646eb7cc13005b9465ff971) --- source3/smbd/ipc.c | 251 +++-------------------------------------------------- 1 file changed, 11 insertions(+), 240 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c0ce190023..c647a5de3e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3110,251 +3110,18 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, return(True); } -static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) -{ - /* receive a negotiate; send a challenge; receive a response */ - switch (p->auth_verifier.msg_type) - { - case NTLMSSP_NEGOTIATE: - { - smb_io_rpc_auth_ntlmssp_neg("", &p->ntlmssp_neg, pd, 0); - break; - } - case NTLMSSP_AUTH: - { - smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0); - break; - } - default: - { - /* NTLMSSP expected: unexpected message type */ - DEBUG(3,("unexpected message type in NTLMSSP %d\n", - p->auth_verifier.msg_type)); - return False; - } - } - - return (pd->offset != 0); -} - -struct api_cmd -{ - char * pipe_clnt_name; - char * pipe_srv_name; - BOOL (*fn) (pipes_struct *, prs_struct *); -}; - -static struct api_cmd api_fd_commands[] = -{ - { "lsarpc", "lsass", api_ntlsa_rpc }, - { "samr", "lsass", api_samr_rpc }, - { "srvsvc", "ntsvcs", api_srvsvc_rpc }, - { "wkssvc", "ntsvcs", api_wkssvc_rpc }, - { "NETLOGON", "lsass", api_netlog_rpc }, - { "winreg", "winreg", api_reg_rpc }, - { NULL, NULL, NULL } -}; - -static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) -{ - BOOL ntlmssp_auth = False; - uint16 assoc_gid; - fstring ack_pipe_name; - int i = 0; - - DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__)); - - for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) - { - if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) && - api_fd_commands[i].fn != NULL) - { - DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n", - api_fd_commands[i].pipe_clnt_name, - api_fd_commands[i].pipe_srv_name)); - fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name); - break; - } - } - - if (api_fd_commands[i].fn == NULL) return False; - - /* decode the bind request */ - smb_io_rpc_hdr_rb("", &p->hdr_rb, pd, 0); - - if (pd->offset == 0) return False; - - if (p->hdr.auth_len != 0) - { - /* decode the authentication verifier */ - smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0); - - if (pd->offset == 0) return False; - - ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP"); - - if (ntlmssp_auth) - { - if (!api_pipe_ntlmssp(p, pd)) return False; - } - } - - /* name has to be \PIPE\xxxxx */ - fstrcpy(ack_pipe_name, "\\PIPE\\"); - fstrcat(ack_pipe_name, p->pipe_srv_name); - - DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__)); - - prs_init(&(p->rdata), 1024, 4, 0, False); - prs_init(&(p->rhdr ), 0x10, 4, 0, False); - prs_init(&(p->rauth), 1024, 4, 0, False); - prs_init(&(p->rntlm), 1024, 4, 0, False); - - /***/ - /*** do the bind ack first ***/ - /***/ - - if (ntlmssp_auth) - { - assoc_gid = 0x7a77; - } - else - { - assoc_gid = p->hdr_rb.bba.assoc_gid; - } - - make_rpc_hdr_ba(&p->hdr_ba, - p->hdr_rb.bba.max_tsize, - p->hdr_rb.bba.max_rsize, - assoc_gid, - ack_pipe_name, - 0x1, 0x0, 0x0, - &(p->hdr_rb.transfer)); - - smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0); - mem_realloc_data(p->rdata.data, p->rdata.offset); - - /***/ - /*** now the authentication ***/ - /***/ - - if (ntlmssp_auth) - { - uint8 challenge[8]; - generate_random_buffer(challenge, 8, False); - - make_rpc_auth_verifier(&p->auth_verifier, - 0x0a, 0x06, 0, - "NTLMSSP", NTLMSSP_CHALLENGE); - smb_io_rpc_auth_verifier("", &p->auth_verifier, &p->rauth, 0); - mem_realloc_data(p->rauth.data, p->rauth.offset); - - make_rpc_auth_ntlmssp_chal(&p->ntlmssp_chal, - 0x000082b1, challenge); - smb_io_rpc_auth_ntlmssp_chal("", &p->ntlmssp_chal, &p->rntlm, 0); - mem_realloc_data(p->rntlm.data, p->rntlm.offset); - } - - /***/ - /*** then do the header, now we know the length ***/ - /***/ - - make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST, - p->hdr.call_id, - p->rdata.offset + p->rauth.offset + p->rntlm.offset + 0x10, - p->rauth.offset + p->rntlm.offset); - - smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0); - mem_realloc_data(p->rhdr.data, p->rdata.offset); - - /***/ - /*** link rpc header, bind acknowledgment and authentication responses ***/ - /***/ - - p->rhdr.data->offset.start = 0; - p->rhdr.data->offset.end = p->rhdr.offset; - p->rhdr.data->next = p->rdata.data; - - if (ntlmssp_auth) - { - p->rdata.data->offset.start = p->rhdr.offset; - p->rdata.data->offset.end = p->rhdr.offset + p->rdata.offset; - p->rdata.data->next = p->rauth.data; - - p->rauth.data->offset.start = p->rhdr.offset + p->rdata.offset; - p->rauth.data->offset.end = p->rhdr.offset + p->rdata.offset + p->rauth.offset; - p->rauth.data->next = p->rntlm.data; - - p->rntlm.data->offset.start = p->rhdr.offset + p->rdata.offset + p->rauth.offset; - p->rntlm.data->offset.end = p->rhdr.offset + p->rdata.offset + p->rauth.offset + p->rntlm.offset; - p->rntlm.data->next = NULL; - } - else - { - p->rdata.data->offset.start = p->rhdr.offset; - p->rdata.data->offset.end = p->rhdr.offset + p->rdata.offset; - p->rdata.data->next = NULL; - } - - return True; -} - -static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd) -{ - int i = 0; - - for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) - { - if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) && - api_fd_commands[i].fn != NULL) - { - DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name)); - return api_fd_commands[i].fn(p, pd); - } - } - return False; -} - -static BOOL api_dce_rpc_command(char *outbuf, +static void api_rpc_trans_reply(char *outbuf, pipes_struct *p, prs_struct *pd) { - BOOL reply = False; - if (pd->data == NULL) return False; - - /* process the rpc header */ - smb_io_rpc_hdr("", &p->hdr, pd, 0); - - if (pd->offset == 0) return False; + send_trans_reply(outbuf, p->rhdr.data, NULL, NULL, 0, p->file_offset); - switch (p->hdr.pkt_type) + if (mem_buf_len(p->rhdr.data) <= p->file_offset) { - case RPC_BIND : - { - reply = api_pipe_bind_req(p, pd); - break; - } - case RPC_REQUEST: - { - reply = api_pipe_request (p, pd); - break; - } + /* all of data was sent: no need to wait for SMBreadX calls */ + mem_free_data(p->rhdr .data); + mem_free_data(p->rdata.data); } - - if (reply) - { - /* now send the reply */ - send_trans_reply(outbuf, p->rhdr.data, NULL, NULL, 0, p->file_offset); - - if (mem_buf_len(p->rhdr.data) <= p->file_offset) - { - /* all of data was sent: no need to wait for SMBreadX calls */ - mem_free_data(p->rhdr .data); - mem_free_data(p->rdata.data); - } - } - - return reply; } /**************************************************************************** @@ -3463,7 +3230,11 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, case 0x26: { /* dce/rpc command */ - reply = api_dce_rpc_command(outbuf, p, &pd); + reply = rpc_command(p, &pd); + if (reply) + { + api_rpc_trans_reply(outbuf, p, &pd); + } break; } case 0x01: -- cgit From a813f38e2dc894b548c23dea2bef98cef7d4f4e9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 8 Oct 1998 06:49:00 +0000 Subject: - don't generate 0 params in torture - handle 0 params in ipc.c (This used to be commit c0dc8e87f0d56444a8ddff0817a94065ca295847) --- source3/smbd/ipc.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c647a5de3e..0c4d0d5bfe 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3348,7 +3348,7 @@ struct static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *params, int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { - int api_command = SVAL(params,0); + int api_command; struct mem_buf rdata_buf; struct mem_buf rparam_buf; char *rdata = NULL; @@ -3358,8 +3358,14 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data BOOL reply=False; int i; + SMB_ASSERT(params != 0); + + api_command = SVAL(params,0); + DEBUG(3,("Got API command %d of form <%s> <%s> (tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n", - api_command,params+2,skip_string(params+2,1), + api_command, + params+2, + skip_string(params+2,1), tdscnt,tpscnt,mdrcnt,mprcnt)); for (i=0;api_commands[i].name;i++) @@ -3448,7 +3454,6 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize) { fstring name; - char *data=NULL,*params=NULL; uint16 *setup=NULL; int outsize = 0; @@ -3475,17 +3480,17 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (tdscnt) { if((data = (char *)malloc(tdscnt)) == NULL) { - DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); - return(ERROR(ERRDOS,ERRnomem)); - } + DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); + return(ERROR(ERRDOS,ERRnomem)); + } memcpy(data,smb_base(inbuf)+dsoff,dscnt); } if (tpscnt) { if((params = (char *)malloc(tpscnt)) == NULL) { - DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); - return(ERROR(ERRDOS,ERRnomem)); - } + DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); + return(ERROR(ERRDOS,ERRnomem)); + } memcpy(params,smb_base(inbuf)+psoff,pscnt); } @@ -3560,7 +3565,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0) { DEBUG(5,("calling named_pipe\n")); - outsize = named_pipe(conn,vuid,outbuf,name+strlen("\\PIPE\\"),setup,data,params, + outsize = named_pipe(conn,vuid,outbuf, + name+strlen("\\PIPE\\"),setup,data,params, suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); } else { DEBUG(3,("invalid pipe name\n")); -- cgit From fc7d3e4caa7650c02ef36fff83b64b06050f66b1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 15 Oct 1998 00:55:17 +0000 Subject: config: Fix crypt prototype on RedHat Linux. include/includes.h: Fix crypt prototype on RedHat Linux. smbd/fileio.c: Fix mmap bug found by WinCE client. smbd/ipc.c: Fix WinCE wierdness with pipes being opened as \server\pipe\lanman smbd/password.c: Fix encrypted null passwords. Jeremy. (This used to be commit 475992730c0ecbf31c09b3518df2f0354cec61da) --- source3/smbd/ipc.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0c4d0d5bfe..646ac83331 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3454,6 +3454,7 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize) { fstring name; + int name_offset = 0; char *data=NULL,*params=NULL; uint16 *setup=NULL; int outsize = 0; @@ -3563,10 +3564,19 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n", name,tdscnt,tpscnt,suwcnt)); - if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0) { + /* + * WinCE wierdness.... + */ + + if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine, + strlen(local_machine)) == 0)) { + name_offset = strlen(local_machine)+1; + } + + if (strncmp(&name[name_offset],"\\PIPE\\",strlen("\\PIPE\\")) == 0) { DEBUG(5,("calling named_pipe\n")); outsize = named_pipe(conn,vuid,outbuf, - name+strlen("\\PIPE\\"),setup,data,params, + name+name_offset+strlen("\\PIPE\\"),setup,data,params, suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); } else { DEBUG(3,("invalid pipe name\n")); -- cgit From a42afcdcc7ab9aa9ed193ae36d3dbb10843447f0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 15 Oct 1998 05:47:29 +0000 Subject: bug-fixing against: AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655) --- source3/smbd/ipc.c | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 646ac83331..bfd618f325 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3124,6 +3124,29 @@ static void api_rpc_trans_reply(char *outbuf, } } +/**************************************************************************** + WaitNamedPipeHandleState +****************************************************************************/ +static BOOL api_WNPHS(char *outbuf, pipes_struct *p, char *param) +{ + uint16 priority; + + if (!param) return False; + + priority = param[0] + (param[1] << 8); + DEBUG(4,("WaitNamedPipeHandleState priority %x\n", priority)); + + if (wait_rpc_pipe_hnd_state(p, priority)) + { + /* now send the reply */ + send_trans_reply(outbuf, NULL, NULL, NULL, 0, p->file_offset); + + return True; + } + return False; +} + + /**************************************************************************** SetNamedPipeHandleState ****************************************************************************/ @@ -3134,7 +3157,7 @@ static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param) if (!param) return False; id = param[0] + (param[1] << 8); - DEBUG(4,("lsarpc SetNamedPipeHandleState to code %x\n", id)); + DEBUG(4,("SetNamedPipeHandleState to code %x\n", id)); if (set_rpc_pipe_hnd_state(p, id)) { @@ -3237,6 +3260,12 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, } break; } + case 0x53: + { + /* Wait Named Pipe Handle state */ + reply = api_WNPHS(outbuf, p, params); + break; + } case 0x01: { /* Set Named Pipe Handle state */ @@ -3434,6 +3463,16 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt); } + if (strequal(name,"WKSSVC") || + strequal(name,"SRVSVC") || + strequal(name,"WINREG") || + strequal(name,"SAMR") || + strequal(name,"LSARPC")) + { + DEBUG(4,("named pipe command from Win95 (wow!)\n")); + return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); + } + if (strlen(name) < 1) { return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); -- cgit From 97f0c9d55014db221fdceaaf07318ae9df9688a1 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 16 Oct 1998 21:36:19 +0000 Subject: made pass_check_smb() available for dce/rpc use. (This used to be commit 95e8a910c5d9ba0ef57669fb1256eaa932e0bb09) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bfd618f325..df04cd82a0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1653,7 +1653,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param * Older versions of Windows seem to do this. */ - if (password_ok(user,pass1,strlen(pass1),NULL) && + if (password_ok(user, pass1,strlen(pass1),NULL) && chgpasswd(user,pass1,pass2,False)) { SSVAL(*rparam,0,NERR_Success); -- cgit From 01de6030843f5f402dee8bf72f564a91ae8437ca Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 19 Oct 1998 17:32:10 +0000 Subject: - dce/rpc code - removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3) --- source3/smbd/ipc.c | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index df04cd82a0..2b8b8698db 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1692,11 +1692,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * int *rdata_len,int *rparam_len) { fstring user; - fstring new_passwd; - struct smb_passwd *sampw = NULL; char *p = param + 2; - int ret = True; - *rparam_len = 2; *rparam = REALLOC(*rparam,*rparam_len); @@ -1736,24 +1732,8 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * */ (void)Get_Pwnam( user, True); - if(check_oem_password( user, (unsigned char *)data, &sampw, - new_passwd, (int)sizeof(new_passwd)) == False) { - return True; - } - - /* - * At this point we have the new case-sensitive plaintext - * password in the fstring new_passwd. If we wanted to synchronise - * with UNIX passwords we would call a UNIX password changing - * function here. However it would have to be done as root - * as the plaintext of the old users password is not - * available. JRA. - */ - - if(lp_unix_password_sync()) - ret = chgpasswd(user,"", new_passwd, True); - - if(ret && change_oem_password( sampw, new_passwd, False)) { + if (pass_oem_change(user, (uchar*) data, &data[516], NULL, NULL)) + { SSVAL(*rparam,0,NERR_Success); } -- cgit From 1ebeb54932de01323356e8201d465656b8723d46 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 20 Oct 1998 18:27:49 +0000 Subject: some quite important bug-fixes i missed because i transferred the wrong smb.tgz file from my portable. particularly the call to mem_data followed by a realloc of that data in cli_pipe.c's rpc_read() function. smbd responses now use p->rdata_i which is a faked-up pointer into p->rdata's response data. rdata can be very long; rdata_i is limited to point to no more than max_tsize - 0x18 in length. this will make it an almost trivial task to add the encrypted rpc headers after rdata_i, and mem_buf_copy will cope admirably with rhdr chained to rdata_i chained to auth_verifier etc etc... (This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a) --- source3/smbd/ipc.c | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 2b8b8698db..3e697a59ce 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3101,6 +3101,7 @@ static void api_rpc_trans_reply(char *outbuf, /* all of data was sent: no need to wait for SMBreadX calls */ mem_free_data(p->rhdr .data); mem_free_data(p->rdata.data); + mem_free_data(p->rdata_i.data); } } @@ -3190,20 +3191,12 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, int subcommand; pipes_struct *p = NULL; prs_struct pd; - struct mem_buf data_buf; DEBUG(5,("api_fd_reply\n")); - /* fake up a data buffer from the api_fd_reply data parameters */ - mem_create(&data_buf, data, tdscnt, 0, False); - data_buf.offset.start = 0; - data_buf.offset.end = tdscnt; - - /* fake up a parsing structure */ - pd.data = &data_buf; - pd.align = 4; - pd.io = True; - pd.offset = 0; + /* make a static data parsing structure from the api_fd_reply data */ + prs_init(&pd, 0, 4, True, 0); + mem_create(pd.data, data, 0, tdscnt, 0, False); /* First find out the name of this file. */ if (suwcnt != 2) @@ -3259,6 +3252,8 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); } + mem_free_data(pd.data); + if (!reply) { return api_no_reply(outbuf, mdrcnt); @@ -3410,14 +3405,8 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data &rdata,&rparam,&rdata_len,&rparam_len); - mem_create(&rdata_buf , rdata , rdata_len , 0, False); - mem_create(&rparam_buf, rparam, rparam_len, 0, False); - - rdata_buf.offset.start = 0; - rdata_buf.offset.end = rdata_len; - - rparam_buf.offset.start = 0; - rparam_buf.offset.end = rparam_len; + mem_create(&rdata_buf , rdata , 0, rdata_len , 0, False); + mem_create(&rparam_buf, rparam, 0, rparam_len, 0, False); /* now send the reply */ send_trans_reply(outbuf, &rdata_buf, &rparam_buf, NULL, 0, 0); -- cgit From 89087385fe1da642ff80d0558c72817c276f631b Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 20 Oct 1998 22:25:52 +0000 Subject: dce/rpc. bug-fix in ipc.c (introduced today :) (This used to be commit 48ff3e2429964404c8bf33ef625791147913a3c0) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3e697a59ce..249c286ec7 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3195,7 +3195,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, DEBUG(5,("api_fd_reply\n")); /* make a static data parsing structure from the api_fd_reply data */ - prs_init(&pd, 0, 4, True, 0); + prs_init(&pd, 0, 4, 0, True); mem_create(pd.data, data, 0, tdscnt, 0, False); /* First find out the name of this file. */ -- cgit From 477350638399b8ff264100c7832c14df719055f3 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 21 Oct 1998 16:28:44 +0000 Subject: signed / unsigned issues (This used to be commit bd2fc6bb85739cb8e7ed2254e2a553486daed054) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 249c286ec7..4e4eeb40ca 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1732,7 +1732,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * */ (void)Get_Pwnam( user, True); - if (pass_oem_change(user, (uchar*) data, &data[516], NULL, NULL)) + if (pass_oem_change(user, (uchar*) data, (uchar*)(&data[516]), NULL, NULL)) { SSVAL(*rparam,0,NERR_Success); } -- cgit From 6e3af45afe237790f1d7cd94ab2b22e1ca772157 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 21 Oct 1998 16:58:34 +0000 Subject: Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn mode. smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh ! smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles. Jeremy. (This used to be commit 0b44d27d0b5cc3948a6c2d78370ccddf1a84cd80) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 4e4eeb40ca..112a79b5ca 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1732,7 +1732,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * */ (void)Get_Pwnam( user, True); - if (pass_oem_change(user, (uchar*) data, (uchar*)(&data[516]), NULL, NULL)) + if (pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL)) { SSVAL(*rparam,0,NERR_Success); } -- cgit From 1c753388d3b9a659272b6b04e0c365eb821b6c73 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 22 Oct 1998 17:26:44 +0000 Subject: extern fstring global_myworkgroup should be a pstring (This used to be commit 89f6e05ce4cc21fd2e3c0e416e49383f7b56d1ea) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 112a79b5ca..d359bc3500 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -37,8 +37,8 @@ extern int DEBUGLEVEL; extern int max_send; -extern fstring local_machine; -extern fstring global_myworkgroup; +extern pstring local_machine; +extern pstring global_myworkgroup; #define NERR_Success 0 #define NERR_badpass 86 -- cgit From 80f920181f8d2d58bd3b341aac57de0c71e21374 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 22 Oct 1998 18:51:16 +0000 Subject: server/srv_samr.c smbd/ipc.c: Changed global_myworkgroup back to fstring (as it is everywhere else). smbwrapper/smbsh.c: For IRIX n32 binaries, set _RLDN32_LIST not _RLD32_LIST. Exec users preferred shell is SHELL environment variable is set. tests/fcntl_lock.c: Added sys/types.h for systems that need this. Jeremy. (This used to be commit 50413d0d819d4f13e760ca8439c5bdde0898d63e) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index d359bc3500..d9ef53e70f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -38,7 +38,7 @@ extern int DEBUGLEVEL; extern int max_send; extern pstring local_machine; -extern pstring global_myworkgroup; +extern fstring global_myworkgroup; #define NERR_Success 0 #define NERR_badpass 86 -- cgit From 5d6ed11ef3c860c95ae7b3a855b0ddb123bd9737 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 23 Oct 1998 00:58:28 +0000 Subject: include/smb.h: Added #defines for lots of things - makes our code a *lot* easier to read. lib/util.c: Fixed Luke's set_first_token() function - should return void. smbd/close.c: Move delete_on_close into file_fd_struct structure. smbd/ipc.c: Changed local_machine back to fstring. smbd/nttrans.c: Use defines for mapping share modes. smbd/open.c: Move delete_on_close into file_fd_struct structure, added code for ALLOW_SHARE_DELETE. smbd/reply.c: Use defines for mapping share modes. smbd/trans2.c: Move delete_on_close into file_fd_struct structure. Jeremy. (This used to be commit 8e1ce307bd6a9056b4a95fe6f52ff42dc6e03a08) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index d9ef53e70f..112a79b5ca 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -37,7 +37,7 @@ extern int DEBUGLEVEL; extern int max_send; -extern pstring local_machine; +extern fstring local_machine; extern fstring global_myworkgroup; #define NERR_Success 0 -- cgit From 16a243ec5efe0fed8a6934442e87f57c635e4703 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Nov 1998 17:42:36 +0000 Subject: Fixed two debug prints. Jeremy. (This used to be commit 74530677d5301abd2da5bcdcb1fde6e6f903ad70) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 112a79b5ca..eed5a71401 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1704,13 +1704,13 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * * Check the parameter definition is correct. */ if(!strequal(param + 2, "zsT")) { - DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %sn\n", param + 2)); + DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", param + 2)); return False; } p = skip_string(p, 1); if(!strequal(p, "B516B16")) { - DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %sn\n", p)); + DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %s\n", p)); return False; } p = skip_string(p,1); -- cgit From 768761820e8d7481c586c4e0ab4ac7cb36d18c4b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 17 Nov 1998 20:50:07 +0000 Subject: Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls. Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac) --- source3/smbd/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index eed5a71401..d5ff7ddf28 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -635,7 +635,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, pstring fname; pstrcpy(fname,lp_driverfile()); - f=fopen(fname,"r"); + f=sys_fopen(fname,"r"); if (!f) { DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno))); desc->errcode=NERR_notsupported; @@ -741,7 +741,7 @@ static int get_printerdrivernumber(int snum) pstrcpy(fname,lp_driverfile()); DEBUG(4,("In get_printerdrivernumber: %s\n",fname)); - f=fopen(fname,"r"); + f=sys_fopen(fname,"r"); if (!f) { DEBUG(3,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno))); return(0); @@ -999,7 +999,7 @@ static int get_server_info(uint32 servertype, pstrcat(fname,"/"); pstrcat(fname,SERVER_LIST); - f = fopen(fname,"r"); + f = sys_fopen(fname,"r"); if (!f) { DEBUG(4,("Can't open %s - %s\n",fname,strerror(errno))); -- cgit From 17590be23d342259578d87c3d9310824863a5137 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 19 Nov 1998 22:37:33 +0000 Subject: Sync up with 2.0 code. Added HPUX autoconf changes. Added "gross hack" printer code. Jeremy. (This used to be commit 1ef6d3bd63722afe9c376793a6ea72046d1a0602) --- source3/smbd/ipc.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index d5ff7ddf28..41892504ad 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -842,6 +842,26 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, if (init_package(&desc,1,count)) { desc.subcount = count; fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status); + } else if(uLevel == 0) { + /* + * This is a *disgusting* hack. + * This is *so* bad that even I'm embarrassed (and I + * have no shame). Here's the deal : + * Until we get the correct SPOOLSS code into smbd + * then when we're running with NT SMB support then + * NT makes this call with a level of zero, and then + * immediately follows it with an open request to + * the \\SRVSVC pipe. If we allow that open to + * succeed then NT barfs when it cannot open the + * \\SPOOLSS pipe immediately after and continually + * whines saying "Printer name is invalid" forever + * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC + * to fail, then NT downgrades to using the downlevel code + * and everything works as well as before. I hate + * myself for adding this code.... JRA. + */ + + fail_next_srvsvc_open(); } *rdata_len = desc.usedlen; -- cgit From 96983a13bac8276590024b37149b7bf3e80477dd Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 9 Feb 1999 21:42:39 +0000 Subject: when multiple independent large rpc calls come in on the same pipe, prev_pdu_file_offset was not being re-initialised to zero. (This used to be commit fcaa1214412f5a417a648d4da5c4332f75f59f57) --- source3/smbd/ipc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 41892504ad..31ae8e6fc0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3236,7 +3236,8 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, subcommand, p->name, pnum)); /* record maximum data length that can be transmitted in an SMBtrans */ - p->file_offset = mdrcnt; + p->file_offset = mdrcnt; + p->prev_pdu_file_offset = 0; DEBUG(10,("api_fd_reply: p:%p file_offset: %d\n", p, p->file_offset)); -- cgit From 05f772b431f9c77a2fb37736fc4f801d84cac365 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Wed, 24 Feb 1999 01:52:30 +0000 Subject: Win9x user level security. * Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e) --- source3/smbd/ipc.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 31ae8e6fc0..c8c3b52194 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -187,9 +187,13 @@ static void send_trans_reply(char *outbuf, if (buffer_too_large) { +#if 0 /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); SIVAL(outbuf, smb_rcls, 0x80000000 | NT_STATUS_ACCESS_VIOLATION); +#endif + SCVAL(outbuf, smb_rcls, ERRDOS); + SSVAL(outbuf, smb_err, ERRmoredata); } copy_trans_params_and_data(outbuf, align, -- cgit From 869f9860ebe86a864daacd40115d432e55eebd68 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Wed, 24 Feb 1999 19:08:43 +0000 Subject: Return either STATUS_BUFFER_OVERFLOW or ERRDOS/ERRmoredata depending on whether the client supports 32-bit error codes. (This used to be commit cb5428308d6978f7bd76c1b878dd4a43135a274d) --- source3/smbd/ipc.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c8c3b52194..a4d452b2a8 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -61,6 +61,7 @@ extern fstring global_myworkgroup; extern int Client; extern int smb_read_error; +extern uint32 global_client_caps; static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, @@ -187,13 +188,15 @@ static void send_trans_reply(char *outbuf, if (buffer_too_large) { -#if 0 - /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ - SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); - SIVAL(outbuf, smb_rcls, 0x80000000 | NT_STATUS_ACCESS_VIOLATION); -#endif - SCVAL(outbuf, smb_rcls, ERRDOS); - SSVAL(outbuf, smb_err, ERRmoredata); + if (global_client_caps & CAP_STATUS32) + { + /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ + SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); + SIVAL(outbuf, smb_rcls, 0x80000005); /* STATUS_BUFFER_OVERFLOW */ + } else { + SCVAL(outbuf, smb_rcls, ERRDOS); + SSVAL(outbuf, smb_err, ERRmoredata); + } } copy_trans_params_and_data(outbuf, align, -- cgit From 43a460075a39148060d4193fcb9c62bfa4acc737 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 25 Mar 1999 13:54:31 +0000 Subject: SAM database "set user info". ---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a4d452b2a8..5001b16b35 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1680,7 +1680,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param * Older versions of Windows seem to do this. */ - if (password_ok(user, pass1,strlen(pass1),NULL) && + if (password_ok(user, pass1,strlen(pass1),NULL, NULL) && chgpasswd(user,pass1,pass2,False)) { SSVAL(*rparam,0,NERR_Success); -- cgit From 6d5ef2e92995df1cbf5cd3d7c6a33fe55cedb311 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 4 Apr 1999 06:25:13 +0000 Subject: Use VFS operations for file I/O. (This used to be commit cfddbdb62485256a947a30e04c753200451cbe1c) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 5001b16b35..cdbb4416af 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2005,7 +2005,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha !become_service(fconn,True)) break; - if (dos_rename(fsp->fsp_name,name) == 0) { + if (conn->vfs_ops.rename(dos_to_unix(fsp->fsp_name,False),name) == 0) { string_set(&fsp->fsp_name,name); } break; -- cgit From dde759352fb8b097f20c680ac954708af2a86443 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 13 Aug 1999 19:35:33 +0000 Subject: pnum should be a uint16. (This used to be commit 41cb8b0ba071ef73bf00130ec863b592c16d359a) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index cdbb4416af..5a0bf6ac07 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3214,8 +3214,8 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, { BOOL reply = False; - int pnum; - int subcommand; + uint16 pnum; + uint16 subcommand; pipes_struct *p = NULL; prs_struct pd; -- cgit From ed5fbd743be07a3c6e1a3879df283d0222ef0eb5 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Mon, 27 Sep 1999 13:12:55 +0000 Subject: don't leak printer handles, don't coredump when adding forms, and a small non obvious memory leak in the rpc buffers J.F. (This used to be commit bee11f8889378b9f1cc6e2818fd0f8dd7ddcf10d) --- source3/smbd/ipc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 5a0bf6ac07..10c859d266 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3128,7 +3128,10 @@ static void api_rpc_trans_reply(char *outbuf, /* all of data was sent: no need to wait for SMBreadX calls */ mem_free_data(p->rhdr .data); mem_free_data(p->rdata.data); - mem_free_data(p->rdata_i.data); + mem_free_data(p->rdata_i.data); + mem_free_data(p->rauth.data); + mem_free_data(p->rverf.data); + mem_free_data(p->rntlm.data); } } @@ -3281,7 +3284,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, } mem_free_data(pd.data); - + if (!reply) { return api_no_reply(outbuf, mdrcnt); -- cgit From b231d2fafaff8dc67ef2dbaec778f716524d4f6a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 15 Nov 1999 22:11:10 +0000 Subject: - added DCE/RPC "fault" PDU support. - disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be re-enabled but to be replaced with a better mechanism. - added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is sending DCE/RPC over SMBwrite not SMBwriteX. (This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e) --- source3/smbd/ipc.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 10c859d266..a3e7932529 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3127,11 +3127,12 @@ static void api_rpc_trans_reply(char *outbuf, { /* all of data was sent: no need to wait for SMBreadX calls */ mem_free_data(p->rhdr .data); - mem_free_data(p->rdata.data); + mem_free_data(p->rfault .data); + mem_free_data(p->rdata .data); mem_free_data(p->rdata_i.data); - mem_free_data(p->rauth.data); - mem_free_data(p->rverf.data); - mem_free_data(p->rntlm.data); + mem_free_data(p->rauth .data); + mem_free_data(p->rverf .data); + mem_free_data(p->rntlm .data); } } -- cgit From 0ce128e3550794d4dbbd1def00e87c020f72c992 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 12 Dec 1999 01:25:49 +0000 Subject: delineation between smb and msrpc more marked. smbd now constructs pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d) --- source3/smbd/ipc.c | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a3e7932529..eeb367bcb5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3118,21 +3118,14 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, } static void api_rpc_trans_reply(char *outbuf, - pipes_struct *p, - prs_struct *pd) + pipes_struct *p) { - send_trans_reply(outbuf, p->rhdr.data, NULL, NULL, 0, p->file_offset); + send_trans_reply(outbuf, p->rsmb_pdu.data, NULL, NULL, 0, p->file_offset); - if (mem_buf_len(p->rhdr.data) <= p->file_offset) + if (mem_buf_len(p->rsmb_pdu.data) <= p->file_offset) { /* all of data was sent: no need to wait for SMBreadX calls */ - mem_free_data(p->rhdr .data); - mem_free_data(p->rfault .data); - mem_free_data(p->rdata .data); - mem_free_data(p->rdata_i.data); - mem_free_data(p->rauth .data); - mem_free_data(p->rverf .data); - mem_free_data(p->rntlm .data); + mem_free_data(p->rsmb_pdu.data); } } @@ -3221,14 +3214,9 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, uint16 pnum; uint16 subcommand; pipes_struct *p = NULL; - prs_struct pd; DEBUG(5,("api_fd_reply\n")); - /* make a static data parsing structure from the api_fd_reply data */ - prs_init(&pd, 0, 4, 0, True); - mem_create(pd.data, data, 0, tdscnt, 0, False); - /* First find out the name of this file. */ if (suwcnt != 2) { @@ -3257,11 +3245,10 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, { case 0x26: { - /* dce/rpc command */ - reply = rpc_command(p, &pd); + reply = rpc_to_smb(p, data, tdscnt); if (reply) { - api_rpc_trans_reply(outbuf, p, &pd); + api_rpc_trans_reply(outbuf, p); } break; } @@ -3284,8 +3271,6 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); } - mem_free_data(pd.data); - if (!reply) { return api_no_reply(outbuf, mdrcnt); -- cgit From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:27:58 +0000 Subject: first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154) --- source3/smbd/ipc.c | 493 ++++++++++++++++++++++++++++------------------------- 1 file changed, 262 insertions(+), 231 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index eeb367bcb5..4e9418fa94 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -61,7 +61,6 @@ extern fstring global_myworkgroup; extern int Client; extern int smb_read_error; -extern uint32 global_client_caps; static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, @@ -82,7 +81,7 @@ static int CopyExpanded(connection_struct *conn, if (!src || !dst || !n || !(*dst)) return(0); StrnCpy(buf,src,sizeof(buf)/2); - string_sub(buf,"%S",lp_servicename(snum)); + pstring_sub(buf,"%S",lp_servicename(snum)); standard_sub(conn,buf); StrnCpy(*dst,buf,*n); l = strlen(*dst) + 1; @@ -95,7 +94,7 @@ static int CopyAndAdvance(char** dst, char* src, int* n) { int l; if (!src || !dst || !n || !(*dst)) return(0); - StrnCpy(*dst,src,*n); + StrnCpy(*dst,src,*n-1); l = strlen(*dst) + 1; (*dst) += l; (*n) -= l; @@ -107,7 +106,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char* s) pstring buf; if (!s) return(0); StrnCpy(buf,s,sizeof(buf)/2); - string_sub(buf,"%S",lp_servicename(snum)); + pstring_sub(buf,"%S",lp_servicename(snum)); standard_sub(conn,buf); return strlen(buf) + 1; } @@ -117,7 +116,7 @@ static char* Expand(connection_struct *conn, int snum, char* s) static pstring buf; if (!s) return(NULL); StrnCpy(buf,s,sizeof(buf)/2); - string_sub(buf,"%S",lp_servicename(snum)); + pstring_sub(buf,"%S",lp_servicename(snum)); standard_sub(conn,buf); return &buf[0]; } @@ -139,70 +138,69 @@ static BOOL prefix_ok(char *str,char *prefix) cause of some of the ipc problems being experienced. lkcl26dec97 ******************************************************************/ + static void copy_trans_params_and_data(char *outbuf, int align, - struct mem_buf *rparam, struct mem_buf *rdata, - int param_offset, int data_offset, - int param_len, int data_len) + char *rparam, int param_offset, int param_len, + char *rdata, int data_offset, int data_len) { char *copy_into = smb_buf(outbuf)+1; + if(param_len < 0) + param_len = 0; + + if(data_len < 0) + data_len = 0; + DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n", param_offset, param_offset + param_len, data_offset , data_offset + data_len)); - if (param_len) mem_buf_copy(copy_into, rparam, param_offset, param_len); + if (param_len) + memcpy(copy_into, &rparam[param_offset], param_len); + copy_into += param_len + align; - if (data_len ) mem_buf_copy(copy_into, rdata , data_offset , data_len); + + if (data_len ) + memcpy(copy_into, &rdata[data_offset], data_len); } /**************************************************************************** - send a trans reply - ****************************************************************************/ + Send a trans reply. + ****************************************************************************/ + static void send_trans_reply(char *outbuf, - struct mem_buf *rdata, - struct mem_buf *rparam, - uint16 *setup, int lsetup, int max_data_ret) + char *rparam, int rparam_len, + char *rdata, int rdata_len, + BOOL buffer_too_large) { - int i; int this_ldata,this_lparam; - int tot_data=0,tot_param=0; + int tot_data_sent = 0; + int tot_param_sent = 0; int align; - int ldata = rdata ? mem_buf_len(rdata ) : 0; - int lparam = rparam ? mem_buf_len(rparam) : 0; - - BOOL buffer_too_large = max_data_ret ? ldata > max_data_ret : False; + int ldata = rdata ? rdata_len : 0; + int lparam = rparam ? rparam_len : 0; if (buffer_too_large) - { - DEBUG(5,("send_trans_reply: buffer %d too large %d\n", ldata, max_data_ret)); - ldata = max_data_ret; - } + DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata )); - this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ - this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); + this_lparam = MIN(lparam,max_send - 500); /* hack */ + this_ldata = MIN(ldata,max_send - (500+this_lparam)); align = ((this_lparam)%4); - set_message(outbuf,10+lsetup,1+align+this_ldata+this_lparam,True); + set_message(outbuf,10,1+align+this_ldata+this_lparam,True); if (buffer_too_large) { - if (global_client_caps & CAP_STATUS32) - { - /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ - SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); - SIVAL(outbuf, smb_rcls, 0x80000005); /* STATUS_BUFFER_OVERFLOW */ - } else { - SCVAL(outbuf, smb_rcls, ERRDOS); - SSVAL(outbuf, smb_err, ERRmoredata); - } + /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ + SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); + SIVAL(outbuf, smb_rcls, 0x80000000 | NT_STATUS_ACCESS_VIOLATION); } copy_trans_params_and_data(outbuf, align, - rparam , rdata, - tot_param , tot_data, - this_lparam, this_ldata); + rparam, tot_param_sent, this_lparam, + rdata, tot_data_sent, this_ldata); SSVAL(outbuf,smb_vwv0,lparam); SSVAL(outbuf,smb_vwv1,ldata); @@ -212,46 +210,46 @@ static void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv6,this_ldata); SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); SSVAL(outbuf,smb_vwv8,0); - SSVAL(outbuf,smb_vwv9,lsetup); - - for (i=0;icurpos) return(0); + if (!p->curpos) { + va_end(args); + return(0); + } switch( *p->curpos++ ) { case 'W': /* word (2 byte) */ @@ -400,7 +401,7 @@ va_dcl needed = get_counter(&p->curpos); { char *s = va_arg(args,char*); - if (p->buflen >= needed) StrnCpy(p->structbuf,s?s:"",needed); + if (p->buflen >= needed) StrnCpy(p->structbuf,s?s:"",needed-1); } break; case 'z': /* offset to zero terminated string (4 byte) */ @@ -656,7 +657,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, return; } - bzero(p, 8192*sizeof(char)); + memset(p, '\0',8192*sizeof(char)); q=p; /* lookup the long printer driver name in the file description */ @@ -809,8 +810,8 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, print_queue_struct *queue=NULL; print_status_struct status; - bzero(&status,sizeof(status)); - bzero(&desc,sizeof(desc)); + memset((char *)&status,'\0',sizeof(status)); + memset((char *)&desc,'\0',sizeof(desc)); p = skip_string(p,1); uLevel = SVAL(p,0); @@ -823,7 +824,20 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, /* check it's a supported varient */ if (!prefix_ok(str1,"zWrLh")) return False; - if (!check_printq_info(&desc,uLevel,str2,str3)) return False; + if (!check_printq_info(&desc,uLevel,str2,str3)) { + /* + * Patch from Scott Moomaw + * to return the 'invalid info level' error if an + * unknown level was requested. + */ + *rdata_len = 0; + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,ERROR_INVALID_LEVEL); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,0); + return(True); + } snum = lp_servicenumber(QueueName); if (snum < 0 && pcap_printername_ok(QueueName,NULL)) { @@ -908,13 +922,26 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, int* subcntarr = NULL; int queuecnt, subcnt=0, succnt=0; - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel)); if (!prefix_ok(param_format,"WrLeh")) return False; - if (!check_printq_info(&desc,uLevel,output_format1,output_format2)) - return False; + if (!check_printq_info(&desc,uLevel,output_format1,output_format2)) { + /* + * Patch from Scott Moomaw + * to return the 'invalid info level' error if an + * unknown level was requested. + */ + *rdata_len = 0; + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVALS(*rparam,0,ERROR_INVALID_LEVEL); + SSVAL(*rparam,2,0); + SSVAL(*rparam,4,0); + return(True); + } + queuecnt = 0; for (i = 0; i < services; i++) if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) @@ -1057,7 +1084,7 @@ static int get_server_info(uint32 servertype, (*servers) = (struct srv_info_struct *) Realloc(*servers,sizeof(**servers)*alloced); if (!(*servers)) return(0); - bzero((char *)((*servers)+count),sizeof(**servers)*(alloced-count)); + memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count)); } s = &(*servers)[count]; @@ -1297,7 +1324,7 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param *rdata_len = fixed_len + string_len; *rdata = REALLOC(*rdata,*rdata_len); - bzero(*rdata,*rdata_len); + memset(*rdata,'\0',*rdata_len); p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */ p = *rdata; @@ -1355,7 +1382,6 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa if (!prefix_ok(str1,"zWrLeh")) return False; *rdata_len = 0; - *rdata = NULL; *rparam_len = 8; *rparam = REALLOC(*rparam,*rparam_len); @@ -1650,6 +1676,8 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param p = skip_string(p,1); + memset(pass1,'\0',sizeof(pass1)); + memset(pass2,'\0',sizeof(pass2)); memcpy(pass1,p,16); memcpy(pass2,p+16,16); @@ -1680,7 +1708,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param * Older versions of Windows seem to do this. */ - if (password_ok(user, pass1,strlen(pass1),NULL, NULL) && + if (password_ok(user, pass1,strlen(pass1),NULL) && chgpasswd(user,pass1,pass2,False)) { SSVAL(*rparam,0,NERR_Success); @@ -1703,8 +1731,8 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param } } - bzero(pass1,sizeof(fstring)); - bzero(pass2,sizeof(fstring)); + memset((char *)pass1,'\0',sizeof(fstring)); + memset((char *)pass2,'\0',sizeof(fstring)); return(True); } @@ -2005,7 +2033,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha !become_service(fconn,True)) break; - if (conn->vfs_ops.rename(dos_to_unix(fsp->fsp_name,False),name) == 0) { + if (dos_rename(fsp->fsp_name,name) == 0) { string_set(&fsp->fsp_name,name); } break; @@ -2091,7 +2119,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par pstring comment; uint32 servertype= lp_default_server_announce(); - pstrcpy(comment,lp_serverstring()); + pstrcpy(comment,string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH)); if ((count=get_server_info(SV_TYPE_ALL,&servers,global_myworkgroup))>0) { for (i=0;iadmin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - pstrcpy(p2,lp_logon_path()); + pstrcpy(p2,lp_logon_home()); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; SSVAL(p,52,0); /* flags */ - SIVAL(p,54,0); /* script_path */ + SIVAL(p,54,PTR_DIFF(p2,*rdata)); /* script_path */ + pstrcpy(p2,lp_logon_script()); + standard_sub( conn, p2 ); + p2 = skip_string(p2,1); if (uLevel == 2) { SIVAL(p,60,0); /* auth_flags */ @@ -2590,12 +2621,11 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param int uLevel; struct pack_desc desc; char* name; - char* logon_script; uLevel = SVAL(p,0); name = p + 2; - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); DEBUG(3,("WWkstaUserLogon uLevel=%d name=%s\n",uLevel,name)); @@ -2636,9 +2666,12 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param /* JHT - By calling lp_logon_script() and standard_sub() we have */ /* made sure all macros are fully substituted and available */ - logon_script = lp_logon_script(); - standard_sub( conn, logon_script ); - PACKS(&desc,"z", logon_script); /* script path */ + { + pstring logon_script; + pstrcpy(logon_script,lp_logon_script()); + standard_sub( conn, logon_script ); + PACKS(&desc,"z", logon_script); /* script path */ + } /* End of JHT mods */ PACKI(&desc,"D",0x00000000); /* reserved */ @@ -2706,8 +2739,8 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para uLevel = SVAL(p,2); - bzero(&desc,sizeof(desc)); - bzero(&status,sizeof(status)); + memset((char *)&desc,'\0',sizeof(desc)); + memset((char *)&status,'\0',sizeof(status)); DEBUG(3,("WPrintJobGetInfo uLevel=%d uJobId=0x%X\n",uLevel,SVAL(p,0))); @@ -2767,8 +2800,8 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa print_queue_struct *queue=NULL; print_status_struct status; - bzero(&desc,sizeof(desc)); - bzero(&status,sizeof(status)); + memset((char *)&desc,'\0',sizeof(desc)); + memset((char *)&status,'\0',sizeof(status)); p = skip_string(p,1); uLevel = SVAL(p,0); @@ -2880,7 +2913,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par struct pack_desc desc; int snum; - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); p = skip_string(p,1); uLevel = SVAL(p,0); @@ -2939,7 +2972,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, struct pack_desc desc; int services = lp_numservices(); - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); uLevel = SVAL(p,0); @@ -2994,7 +3027,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para int succnt; struct pack_desc desc; - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); uLevel = SVAL(p,0); @@ -3038,7 +3071,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param int succnt; struct pack_desc desc; - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); uLevel = SVAL(p,0); @@ -3083,7 +3116,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, int succnt; struct pack_desc desc; - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); uLevel = SVAL(p,0); @@ -3094,7 +3127,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, if (uLevel != 0 || strcmp(str2,"B9") != 0) return False; if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - bzero(&desc,sizeof(desc)); + memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; desc.buflen = mdrcnt; desc.format = str2; @@ -3117,35 +3150,48 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, return(True); } -static void api_rpc_trans_reply(char *outbuf, - pipes_struct *p) +/**************************************************************************** + Start the first part of an RPC reply which began with an SMBtrans request. +****************************************************************************/ + +static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) { - send_trans_reply(outbuf, p->rsmb_pdu.data, NULL, NULL, 0, p->file_offset); + char *rdata = malloc(p->max_trans_reply); + int data_len; - if (mem_buf_len(p->rsmb_pdu.data) <= p->file_offset) - { - /* all of data was sent: no need to wait for SMBreadX calls */ - mem_free_data(p->rsmb_pdu.data); + if(rdata == NULL) { + DEBUG(0,("api_rpc_trans_reply: malloc fail.\n")); + return False; } + + if((data_len = read_from_pipe( p, rdata, p->max_trans_reply)) < 0) { + free(rdata); + return False; + } + + send_trans_reply(outbuf, NULL, 0, rdata, data_len, (int)prs_offset(&p->rdata) > data_len); + + free(rdata); + return True; } /**************************************************************************** WaitNamedPipeHandleState ****************************************************************************/ -static BOOL api_WNPHS(char *outbuf, pipes_struct *p, char *param) + +static BOOL api_WNPHS(char *outbuf, pipes_struct *p, char *param, int param_len) { uint16 priority; - if (!param) return False; + if (!param || param_len < 2) + return False; - priority = param[0] + (param[1] << 8); + priority = SVAL(param,0); DEBUG(4,("WaitNamedPipeHandleState priority %x\n", priority)); - if (wait_rpc_pipe_hnd_state(p, priority)) - { + if (wait_rpc_pipe_hnd_state(p, priority)) { /* now send the reply */ - send_trans_reply(outbuf, NULL, NULL, NULL, 0, p->file_offset); - + send_trans_reply(outbuf, NULL, 0, NULL, 0, False); return True; } return False; @@ -3155,20 +3201,20 @@ static BOOL api_WNPHS(char *outbuf, pipes_struct *p, char *param) /**************************************************************************** SetNamedPipeHandleState ****************************************************************************/ -static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param) + +static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param, int param_len) { uint16 id; - if (!param) return False; + if (!param || param_len < 2) + return False; - id = param[0] + (param[1] << 8); + id = SVAL(param,0); DEBUG(4,("SetNamedPipeHandleState to code %x\n", id)); - if (set_rpc_pipe_hnd_state(p, id)) - { + if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply(outbuf, NULL, NULL, NULL, 0, p->file_offset); - + send_trans_reply(outbuf, NULL, 0, NULL, 0, False); return True; } return False; @@ -3176,111 +3222,93 @@ static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param) /**************************************************************************** - when no reply is generated, indicate unsupported. + When no reply is generated, indicate unsupported. ****************************************************************************/ + static BOOL api_no_reply(char *outbuf, int max_rdata_len) { - struct mem_buf rparam; - - mem_init(&rparam, 0); - mem_alloc_data(&rparam, 4); - - rparam.offset.start = 0; - rparam.offset.end = 4; + char rparam[4]; /* unsupported */ - SSVAL(rparam.data,0,NERR_notsupported); - SSVAL(rparam.data,2,0); /* converter word */ + SSVAL(rparam,0,NERR_notsupported); + SSVAL(rparam,2,0); /* converter word */ DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply(outbuf, NULL, &rparam, NULL, 0, max_rdata_len); - - mem_free_data(&rparam); + send_trans_reply(outbuf, rparam, 4, NULL, 0, False); - return(-1); + return -1; } /**************************************************************************** - handle remote api calls delivered to a named pipe already opened. - ****************************************************************************/ + Handle remote api calls delivered to a named pipe already opened. + ****************************************************************************/ + static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, uint16 *setup,char *data,char *params, int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { - BOOL reply = False; - - uint16 pnum; - uint16 subcommand; + BOOL reply = False; pipes_struct *p = NULL; + int pnum; + int subcommand; DEBUG(5,("api_fd_reply\n")); /* First find out the name of this file. */ - if (suwcnt != 2) - { + if (suwcnt != 2) { DEBUG(0,("Unexpected named pipe transaction.\n")); return(-1); } /* Get the file handle and hence the file name. */ - pnum = setup[1]; - subcommand = setup[0]; - p = get_rpc_pipe(pnum); + /* + * NB. The setup array has already been transformed + * via SVAL and so is in gost byte order. + */ + pnum = ((int)setup[1]) & 0xFFFF; + subcommand = ((int)setup[0]) & 0xFFFF; - if (p != NULL) - { - DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)", - subcommand, p->name, pnum)); + if(!(p = get_rpc_pipe(pnum))) { + DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); + return api_no_reply(outbuf, mdrcnt); + } - /* record maximum data length that can be transmitted in an SMBtrans */ - p->file_offset = mdrcnt; - p->prev_pdu_file_offset = 0; + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)", subcommand, p->name, pnum)); - DEBUG(10,("api_fd_reply: p:%p file_offset: %d\n", - p, p->file_offset)); + /* record maximum data length that can be transmitted in an SMBtrans */ + p->max_trans_reply = mdrcnt; - switch (subcommand) - { - case 0x26: - { - reply = rpc_to_smb(p, data, tdscnt); - if (reply) - { - api_rpc_trans_reply(outbuf, p); - } - break; - } - case 0x53: - { - /* Wait Named Pipe Handle state */ - reply = api_WNPHS(outbuf, p, params); - break; - } - case 0x01: - { - /* Set Named Pipe Handle state */ - reply = api_SNPHS(outbuf, p, params); - break; - } - } - } - else - { - DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); + DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply)); + + switch (subcommand) { + case 0x26: + /* dce/rpc command */ + reply = rpc_command(p, data, tdscnt); + if (reply) + reply = api_rpc_trans_reply(outbuf, p); + break; + case 0x53: + /* Wait Named Pipe Handle state */ + reply = api_WNPHS(outbuf, p, params, tpscnt); + break; + case 0x01: + /* Set Named Pipe Handle state */ + reply = api_SNPHS(outbuf, p, params, tpscnt); + break; } if (!reply) - { return api_no_reply(outbuf, mdrcnt); - } + return -1; } /**************************************************************************** - the buffer was too small - ****************************************************************************/ + The buffer was too small + ****************************************************************************/ + static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, @@ -3300,8 +3328,9 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char * /**************************************************************************** - the request is not supported - ****************************************************************************/ + The request is not supported + ****************************************************************************/ + static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, @@ -3364,14 +3393,13 @@ struct /**************************************************************************** - handle remote api calls - ****************************************************************************/ + Handle remote api calls + ****************************************************************************/ + static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *params, int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { int api_command; - struct mem_buf rdata_buf; - struct mem_buf rparam_buf; char *rdata = NULL; char *rparam = NULL; int rdata_len = 0; @@ -3379,7 +3407,10 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data BOOL reply=False; int i; - SMB_ASSERT(params != 0); + if (!params) { + DEBUG(0,("ERROR: NULL params in api_reply()\n")); + return 0; + } api_command = SVAL(params,0); @@ -3389,15 +3420,20 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data skip_string(params+2,1), tdscnt,tpscnt,mdrcnt,mprcnt)); - for (i=0;api_commands[i].name;i++) - if (api_commands[i].id == api_command && api_commands[i].fn) - { + for (i=0;api_commands[i].name;i++) { + if (api_commands[i].id == api_command && api_commands[i].fn) { DEBUG(3,("Doing %s\n",api_commands[i].name)); break; - } + } + } - rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); - rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); + rdata = (char *)malloc(1024); + if (rdata) + memset(rdata,'\0',1024); + + rparam = (char *)malloc(1024); + if (rparam) + memset(rparam,'\0',1024); if(!rdata || !rparam) { DEBUG(0,("api_reply: malloc fail !\n")); @@ -3409,29 +3445,24 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data if (rdata_len > mdrcnt || - rparam_len > mprcnt) - { + rparam_len > mprcnt) { reply = api_TooSmall(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); - } - + } /* if we get False back then it's actually unsupported */ if (!reply) api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); - - mem_create(&rdata_buf , rdata , 0, rdata_len , 0, False); - mem_create(&rparam_buf, rparam, 0, rparam_len, 0, False); - - /* now send the reply */ - send_trans_reply(outbuf, &rdata_buf, &rparam_buf, NULL, 0, 0); + send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False); - if (rdata ) free(rdata); - if (rparam) free(rparam); + if (rdata ) + free(rdata); + if (rparam) + free(rparam); - return(-1); + return -1; } /**************************************************************************** @@ -3445,9 +3476,7 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na DEBUG(3,("named pipe command on <%s> name\n", name)); if (strequal(name,"LANMAN")) - { return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt); - } if (strequal(name,"WKSSVC") || strequal(name,"SRVSVC") || @@ -3460,26 +3489,23 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na } if (strlen(name) < 1) - { return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); - } if (setup) - { DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1])); - } return 0; } /**************************************************************************** - reply to a SMBtrans - ****************************************************************************/ + Reply to a SMBtrans. + ****************************************************************************/ + int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize) { fstring name; - int name_offset = 0; + int name_offset = 0; char *data=NULL,*params=NULL; uint16 *setup=NULL; int outsize = 0; @@ -3497,7 +3523,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int int dsoff = SVAL(inbuf,smb_vwv12); int suwcnt = CVAL(inbuf,smb_vwv13); - bzero(name, sizeof(name)); + memset(name, '\0',sizeof(name)); fstrcpy(name,smb_buf(inbuf)); if (dscnt > tdscnt || pscnt > tpscnt) { @@ -3523,7 +3549,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (suwcnt) { int i; if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { - DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", suwcnt * sizeof(uint16))); + DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16)))); return(ERROR(ERRDOS,ERRnomem)); } for (i=0;i data=%d params=%d setup=%d\n", name,tdscnt,tpscnt,suwcnt)); - /* - * WinCE wierdness.... - */ + /* + * WinCE wierdness.... + */ - if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine, - strlen(local_machine)) == 0)) { - name_offset = strlen(local_machine)+1; - } + if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine, strlen(local_machine)) == 0) && + (name[strlen(local_machine)+1] == '\\')) + name_offset = strlen(local_machine)+1; if (strncmp(&name[name_offset],"\\PIPE\\",strlen("\\PIPE\\")) == 0) { DEBUG(5,("calling named_pipe\n")); @@ -3609,9 +3637,12 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } - if (data) free(data); - if (params) free(params); - if (setup) free(setup); + if (data) + free(data); + if (params) + free(params); + if (setup) + free(setup); if (close_on_completion) close_cnum(conn,vuid); -- cgit From fbd17c8dafeefac788f4bc1c41045726825f513f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 3 Jan 2000 19:19:48 +0000 Subject: simple mods to add msrpc pipe redirection. default behaviour: fall back to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8) --- source3/smbd/ipc.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 4e9418fa94..cb4127aee4 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3154,11 +3154,20 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) +static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p, + char *redir_data, int redir_len) { - char *rdata = malloc(p->max_trans_reply); + char *rdata; int data_len; + if (redir_data != NULL) + { + send_trans_reply(outbuf, NULL, 0, redir_data, redir_len, + redir_len > p->max_trans_reply); + return True; + } + + rdata = malloc(p->max_trans_reply); if(rdata == NULL) { DEBUG(0,("api_rpc_trans_reply: malloc fail.\n")); return False; @@ -3284,11 +3293,23 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, switch (subcommand) { case 0x26: - /* dce/rpc command */ - reply = rpc_command(p, data, tdscnt); + { + char *rdata = NULL; + int rlen = mdrcnt; + + if (p->m) + { + reply = readwrite_pipe(p, data, tdscnt, &rdata, &rlen); + } + else + { + /* dce/rpc command */ + reply = rpc_command(p, data, tdscnt); + } if (reply) - reply = api_rpc_trans_reply(outbuf, p); + reply = api_rpc_trans_reply(outbuf, p, rdata, rlen); break; + } case 0x53: /* Wait Named Pipe Handle state */ reply = api_WNPHS(outbuf, p, params, tpscnt); -- cgit From c4914e2202c17dd37b88c63446c14f7eb5f94d56 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 5 Jan 2000 19:59:42 +0000 Subject: client/client.c: I18N fixes. smbd/dir.c: Reformatting comments. smbd/ipc.c: New password change code for Win98. Jeremy. (This used to be commit 9e90122afd1b6a7cf38660fc3bc3aa8e526bf08b) --- source3/smbd/ipc.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 92 insertions(+), 9 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index cb4127aee4..086a4bfa0b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1660,9 +1660,53 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch return(True); } +/*********************************************************** + Code to check a plaintext password against smbpasswd entries. +***********************************************************/ + +static BOOL check_plaintext_password(char *user,char *old_passwd, + int old_passwd_size, struct smb_passwd **psmbpw) +{ + struct smb_passwd *smbpw = NULL; + uchar old_pw[16],old_ntpw[16]; + + become_root(False); + *psmbpw = smbpw = getsmbpwnam(user); + unbecome_root(False); + + if (smbpw == NULL) { + DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n")); + return False; + } + + if (smbpw->acct_ctrl & ACB_DISABLED) { + DEBUG(0,("check_plaintext_password: account %s disabled.\n", user)); + return(False); + } + + nt_lm_owf_gen(old_passwd,old_ntpw,old_pw); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("check_plaintext_password: smbpw->smb_nt_passwd \n")); + dump_data(100,smbpw->smb_nt_passwd,16); + DEBUG(100,("check_plaintext_password: old_ntpw \n")); + dump_data(100,old_ntpw,16); + DEBUG(100,("check_plaintext_password: smbpw->smb_passwd \n")); + dump_data(100,smbpw->smb_passwd,16); + DEBUG(100,("check_plaintext_password: old_pw\n")); + dump_data(100,old_pw,16); +#endif + + if(memcmp(smbpw->smb_nt_passwd,old_ntpw,16) && memcmp(smbpw->smb_passwd,old_pw,16)) + return(False); + else + return(True); +} + /**************************************************************************** - set the user password - ****************************************************************************/ + Set the user password. +*****************************************************************************/ + static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, @@ -1704,20 +1748,59 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param (void)Get_Pwnam( user, True); /* - * Attempt the plaintext password change first. - * Older versions of Windows seem to do this. + * Attempt to verify the old password against smbpasswd entries + * Win98 clients send old and new password in plaintext for this call. */ - if (password_ok(user, pass1,strlen(pass1),NULL) && - chgpasswd(user,pass1,pass2,False)) { - SSVAL(*rparam,0,NERR_Success); + fstring saved_pass2; + struct smb_passwd *smbpw = NULL; + + /* + * Save the new password as change_oem_password overwrites it + * with zeros. + */ + + fstrcpy(saved_pass2, pass2); + + if (check_plaintext_password(user,pass1,strlen(pass1),&smbpw) && + change_oem_password(smbpw,pass2,False)) + { + SSVAL(*rparam,0,NERR_Success); + + /* + * If unix password sync was requested, attempt to change + * the /etc/passwd database also. Return failure if this cannot + * be done. + */ + + if(lp_unix_password_sync() && !chgpasswd(user,pass1,saved_pass2,False)) + SSVAL(*rparam,0,NERR_badpass); + } + } + + /* + * If the above failed, attempt the plaintext password change. + * This tests against the /etc/passwd database only. + */ + + if(SVAL(*rparam,0) != NERR_Success) + { + if (password_ok(user, pass1,strlen(pass1),NULL) && + chgpasswd(user,pass1,pass2,False)) + { + SSVAL(*rparam,0,NERR_Success); + } } /* * If the plaintext change failed, attempt - * the encrypted. NT will generate this - * after trying the samr method. + * the old encrypted method. NT will generate this + * after trying the samr method. Note that this + * method is done as a last resort as this + * password change method loses the NT password hash + * and cannot change the UNIX password as no plaintext + * is received. */ if(SVAL(*rparam,0) != NERR_Success) -- cgit From 5983a77020a27dd6d7591107070e5167833727d2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 5 Jan 2000 23:46:47 +0000 Subject: Moved check_plaintext_password() into smbd/chgpasswd.c from smbd/ipc.c. configure configure.in include/config.h.in: Added autoconf code for Luke's UNIX domain sockets code. Jeremy. (This used to be commit 210d61db08136122f51a93428607fccd582c9e7d) --- source3/smbd/ipc.c | 43 ------------------------------------------- 1 file changed, 43 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 086a4bfa0b..737b364c6b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1660,49 +1660,6 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch return(True); } -/*********************************************************** - Code to check a plaintext password against smbpasswd entries. -***********************************************************/ - -static BOOL check_plaintext_password(char *user,char *old_passwd, - int old_passwd_size, struct smb_passwd **psmbpw) -{ - struct smb_passwd *smbpw = NULL; - uchar old_pw[16],old_ntpw[16]; - - become_root(False); - *psmbpw = smbpw = getsmbpwnam(user); - unbecome_root(False); - - if (smbpw == NULL) { - DEBUG(0,("check_plaintext_password: getsmbpwnam returned NULL\n")); - return False; - } - - if (smbpw->acct_ctrl & ACB_DISABLED) { - DEBUG(0,("check_plaintext_password: account %s disabled.\n", user)); - return(False); - } - - nt_lm_owf_gen(old_passwd,old_ntpw,old_pw); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("check_plaintext_password: smbpw->smb_nt_passwd \n")); - dump_data(100,smbpw->smb_nt_passwd,16); - DEBUG(100,("check_plaintext_password: old_ntpw \n")); - dump_data(100,old_ntpw,16); - DEBUG(100,("check_plaintext_password: smbpw->smb_passwd \n")); - dump_data(100,smbpw->smb_passwd,16); - DEBUG(100,("check_plaintext_password: old_pw\n")); - dump_data(100,old_pw,16); -#endif - - if(memcmp(smbpw->smb_nt_passwd,old_ntpw,16) && memcmp(smbpw->smb_passwd,old_pw,16)) - return(False); - else - return(True); -} - /**************************************************************************** Set the user password. *****************************************************************************/ -- cgit From 16bb009dbbe6302febf3848cee61e9927eeb0fb5 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 3 Feb 2000 05:17:25 +0000 Subject: Mega-VFS merge. Yeah baby! Synopsis: change every disk access function to work through a vfs_ops structure contained in the connection_struct. (This used to be commit 3aad500c0fb61232ed3431ff4b743b5d18ec852f) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 737b364c6b..3e16dba4f5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2073,7 +2073,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha !become_service(fconn,True)) break; - if (dos_rename(fsp->fsp_name,name) == 0) { + if (fsp->conn->vfs_ops.rename(fsp->fsp_name,name) == 0) { string_set(&fsp->fsp_name,name); } break; -- cgit From ae7696117e81bb469fa71f9bc880f6b5aac0724e Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 3 Feb 2000 23:08:24 +0000 Subject: Put back lots of missing calls to dos_to_unix(). Thanks to aono@cc.osaka-kyoiku.ac.jp (Tomoki AONO) (This used to be commit 176c405d2702a4245561ff56c8eac3c754a0dea3) --- source3/smbd/ipc.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3e16dba4f5..b5a6e4ba90 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2055,6 +2055,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha if (isalpha((int)*s)) { pstring name; int l = 0; + while (l<64 && *s) { if (issafe(*s)) name[l++] = *s; s++; @@ -2066,17 +2067,23 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha fsp = file_find_print(); if (fsp) { - connection_struct *fconn = fsp->conn; - unbecome_user(); - - if (!become_user(fconn,vuid) || - !become_service(fconn,True)) - break; + pstring zfrom,zto; + connection_struct *fconn = fsp->conn; + + unbecome_user(); - if (fsp->conn->vfs_ops.rename(fsp->fsp_name,name) == 0) { - string_set(&fsp->fsp_name,name); - } - break; + if (!become_user(fconn,vuid) || + !become_service(fconn,True)) + break; + + pstrcpy(zfrom, dos_to_unix(fsp->fsp_name,False)); + pstrcpy(zto, dos_to_unix(name,False)); + + if (fsp->conn->vfs_ops.rename(zfrom,zto) == 0) { + string_set(&fsp->fsp_name,name); + } + + break; } } desc.errcode=NERR_Success; -- cgit From 9db96b7646aa36aa5b4ff309419235fe20bef78a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 23 Feb 2000 02:02:33 +0000 Subject: lib/system.c: Fixed gcc warnings. nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0. Others - preparing for multiple pdu write code. Jeremy. (This used to be commit 9f879ec396230deba34fbe5e82d8a65f92137c54) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b5a6e4ba90..5ee70e7d94 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3225,7 +3225,7 @@ static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p, return False; } - send_trans_reply(outbuf, NULL, 0, rdata, data_len, (int)prs_offset(&p->rdata) > data_len); + send_trans_reply(outbuf, NULL, 0, rdata, data_len, (int)prs_offset(&p->out_data.rdata) > data_len); free(rdata); return True; -- cgit From 6bb92a6d38db41a11e80c4369623d137763f0f52 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 9 Mar 2000 21:45:16 +0000 Subject: Big update moving the multi-pdu support from 2.0.x into HEAD for JF and the printer functions. Also tidied up some header includes and got the order right so you can now do a : make proto make clean make Jeremy. (This used to be commit 833cd9fba92e4ad5297b235d108dd2be8c17079b) --- source3/smbd/ipc.c | 31 +++++-------------------------- 1 file changed, 5 insertions(+), 26 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 5ee70e7d94..d42c2727d4 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3201,20 +3201,11 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p, - char *redir_data, int redir_len) +static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) { - char *rdata; + char *rdata = malloc(p->max_trans_reply); int data_len; - if (redir_data != NULL) - { - send_trans_reply(outbuf, NULL, 0, redir_data, redir_len, - redir_len > p->max_trans_reply); - return True; - } - - rdata = malloc(p->max_trans_reply); if(rdata == NULL) { DEBUG(0,("api_rpc_trans_reply: malloc fail.\n")); return False; @@ -3340,23 +3331,11 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, switch (subcommand) { case 0x26: - { - char *rdata = NULL; - int rlen = mdrcnt; - - if (p->m) - { - reply = readwrite_pipe(p, data, tdscnt, &rdata, &rlen); - } - else - { - /* dce/rpc command */ - reply = rpc_command(p, data, tdscnt); - } + /* dce/rpc command */ + reply = write_to_pipe(p, data, tdscnt); if (reply) - reply = api_rpc_trans_reply(outbuf, p, rdata, rlen); + reply = api_rpc_trans_reply(outbuf, p); break; - } case 0x53: /* Wait Named Pipe Handle state */ reply = api_WNPHS(outbuf, p, params, tpscnt); -- cgit From e0ebb76a7453c07c16e8f736233226a774ab58e8 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 10 Mar 2000 17:12:24 +0000 Subject: getprinter level 0: was to short, found most of the fields, undocumented, undecoded, nothing in MSDN, but now it works :-) cleanup of error codes. fixed some dfs declarations function. J.F. (This used to be commit 87da4404aba29a2ebd999886e4c06958c96d3e05) --- source3/smbd/ipc.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index d42c2727d4..fc05811ccf 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -48,7 +48,6 @@ extern fstring global_myworkgroup; #define NERR_BufTooSmall (NERR_BASE+23) #define NERR_JobNotFound (NERR_BASE+51) #define NERR_DestNotFound (NERR_BASE+52) -#define ERROR_INVALID_LEVEL 124 #define ACCESS_READ 0x01 #define ACCESS_WRITE 0x02 -- cgit From 0d9d264625e482f55b2c5b76d7aa7d989529dd07 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Mar 2000 22:19:58 +0000 Subject: Fixed bug found by JF where if the amount of data to return in the prs_struct was small enough to pass the SMBtrans max data test we weren't setting the "more data needed" error. I was fogetting the RPC_HEADER_LEN.... I now check the correct length (current pdu staging area length). More printer spool enum stuff works now. This bug does not affect TNG. Jeremy. (This used to be commit 1c9d2c016a78b0ed11dc68adeabb709903444837) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index fc05811ccf..271b0e253b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -3215,7 +3215,7 @@ static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) return False; } - send_trans_reply(outbuf, NULL, 0, rdata, data_len, (int)prs_offset(&p->out_data.rdata) > data_len); + send_trans_reply(outbuf, NULL, 0, rdata, data_len, p->out_data.current_pdu_len > data_len); free(rdata); return True; -- cgit From 2fa922611bf7160e2c1ce80c11b50006448bf98d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 11 Apr 2000 13:55:53 +0000 Subject: finally got sick of the "extern int Client" code and the stupid assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3) --- source3/smbd/ipc.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 271b0e253b..46ef677f38 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -58,7 +58,6 @@ extern fstring global_myworkgroup; #define SNLEN 15 /* service name length */ #define QNLEN 12 /* queue name maximum length */ -extern int Client; extern int smb_read_error; static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, @@ -212,7 +211,7 @@ static void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv9,0); show_msg(outbuf); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -245,7 +244,7 @@ static void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv9,0); show_msg(outbuf); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); tot_data_sent += this_ldata; tot_param_sent += this_lparam; @@ -3608,7 +3607,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int of the parameter/data bytes */ outsize = set_message(outbuf,0,0,True); show_msg(outbuf); - send_smb(Client,outbuf); + send_smb(smbd_server_fd(),outbuf); } /* receive the rest of the trans packet */ -- cgit From 54de56a1be8ede7476c741cd1631ad1ac8107fcc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 16 Apr 2000 06:22:31 +0000 Subject: the changes to the main smb code ------------ The following series of commits are for the new tdb based printing backend. This completely replaces our old printing backend. Major changes include: - all print ops are now done in printing/*.c rather than scattered all over the place - system job ids are decoupled from SMB job ids - the lpq parsers don't need to be nearly so smart, they only need to parse the filename, the status and system job id - we can store lots more info about a job, including the full job name - the queue cache control is much better I also added a new utility routine file_lines_load() that loads a text file and parses it into lines. This is used in out lpq parsing and I also want to use it to replace all of our fgets() based code in other places. (This used to be commit d870542c2884510bd45fd5b54ff2157434d53f4c) --- source3/smbd/ipc.c | 639 ++++++++++++++++++++++++----------------------------- 1 file changed, 292 insertions(+), 347 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 46ef677f38..5c923acd49 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -290,6 +290,9 @@ static int getlen(char* p) case 'W': /* word (2 byte) */ n += 2; break; + case 'K': /* status word? (2 byte) */ + n += 2; + break; case 'N': /* count of substructures (word) at end */ n += 2; break; @@ -385,6 +388,11 @@ va_dcl temp = va_arg(args,int); if (p->buflen >= needed) SSVAL(p->structbuf,0,temp); break; + case 'K': /* status word? (2 byte) */ + needed = 2; + temp = va_arg(args,int); + if (p->buflen >= needed) SSVAL(p->structbuf,0,temp); + break; case 'N': /* count of substructures (word) at end */ needed = 2; p->subcount = va_arg(args,int); @@ -474,7 +482,6 @@ static void PACKS(struct pack_desc* desc,char *t,char *v) /**************************************************************************** get a print queue ****************************************************************************/ - static void PackDriverData(struct pack_desc* desc) { char drivdata[4+4+32]; @@ -510,6 +517,9 @@ static int check_printq_info(struct pack_desc* desc, case 5: desc->format = "z"; break; + case 51: + desc->format = "K"; + break; case 52: desc->format = "WzzzzzzzzN"; desc->subformat = "z"; @@ -530,7 +540,7 @@ static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, /* the client expects localtime */ t -= TimeDiff(t); - PACKI(desc,"W",printjob_encode(snum, queue->job)); /* uJobId */ + PACKI(desc,"W",queue->job); /* uJobId */ if (uLevel == 1) { PACKS(desc,"B21",queue->user); /* szUserName */ PACKS(desc,"B",""); /* pad */ @@ -568,171 +578,187 @@ static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, } } + +static void fill_printq_info_52(connection_struct *conn, int snum, int uLevel, + struct pack_desc* desc, + int count, print_queue_struct* queue, + print_status_struct* status) +{ + int i,ok=0; + pstring tok,driver,datafile,langmon,helpfile,datatype; + char *p,*q; + FILE *f; + pstring fname; + + pstrcpy(fname,lp_driverfile()); + f=sys_fopen(fname,"r"); + if (!f) { + DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno))); + desc->errcode=NERR_notsupported; + return; + } + + if((p=(char *)malloc(8192*sizeof(char))) == NULL) { + DEBUG(0,("fill_printq_info: malloc fail !\n")); + desc->errcode=NERR_notsupported; + fclose(f); + return; + } + + memset(p, '\0',8192*sizeof(char)); + q=p; + + /* lookup the long printer driver name in the file + description */ + while (f && !feof(f) && !ok) { + p = q; /* reset string pointer */ + fgets(p,8191,f); + p[strlen(p)-1]='\0'; + if (next_token(&p,tok,":",sizeof(tok)) && + (strlen(lp_printerdriver(snum)) == strlen(tok)) && + (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) + ok=1; + } + fclose(f); + + /* driver file name */ + if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0; + /* data file name */ + if (ok && !next_token(&p,datafile,":",sizeof(datafile))) ok = 0; + /* + * for the next tokens - which may be empty - I have + * to check for empty tokens first because the + * next_token function will skip all empty token + * fields */ + if (ok) { + /* help file */ + if (*p == ':') { + *helpfile = '\0'; + p++; + } else if (!next_token(&p,helpfile,":",sizeof(helpfile))) ok = 0; + } + + if (ok) { + /* language monitor */ + if (*p == ':') { + *langmon = '\0'; + p++; + } else if (!next_token(&p,langmon,":",sizeof(langmon))) + ok = 0; + } + + /* default data type */ + if (ok && !next_token(&p,datatype,":",sizeof(datatype))) + ok = 0; + + if (ok) { + PACKI(desc,"W",0x0400); /* don't know */ + PACKS(desc,"z",lp_printerdriver(snum)); /* long printer name */ + PACKS(desc,"z",driver); /* Driverfile Name */ + PACKS(desc,"z",datafile); /* Datafile name */ + PACKS(desc,"z",langmon); /* language monitor */ + PACKS(desc,"z",lp_driverlocation(snum)); /* share to retrieve files */ + PACKS(desc,"z",datatype); /* default data type */ + PACKS(desc,"z",helpfile); /* helpfile name */ + PACKS(desc,"z",driver); /* driver name */ + DEBUG(3,("Driver:%s:\n",driver)); + DEBUG(3,("Data File:%s:\n",datafile)); + DEBUG(3,("Language Monitor:%s:\n",langmon)); + DEBUG(3,("Data Type:%s:\n",datatype)); + DEBUG(3,("Help File:%s:\n",helpfile)); + PACKI(desc,"N",count); /* number of files to copy */ + for (i=0;i gave %d entries\n", + SERVICE(snum),count)); + } else { + DEBUG(3,("fill_printq_info: Can't supply driver files\n")); + desc->errcode=NERR_notsupported; + } + free(q); +} + + static void fill_printq_info(connection_struct *conn, int snum, int uLevel, struct pack_desc* desc, int count, print_queue_struct* queue, print_status_struct* status) { - switch (uLevel) { - case 1: - case 2: - PACKS(desc,"B13",SERVICE(snum)); - break; - case 3: - case 4: - case 5: - PACKS(desc,"z",Expand(conn,snum,SERVICE(snum))); - break; - } - - if (uLevel == 1 || uLevel == 2) { - PACKS(desc,"B",""); /* alignment */ - PACKI(desc,"W",5); /* priority */ - PACKI(desc,"W",0); /* start time */ - PACKI(desc,"W",0); /* until time */ - PACKS(desc,"z",""); /* pSepFile */ - PACKS(desc,"z","lpd"); /* pPrProc */ - PACKS(desc,"z",SERVICE(snum)); /* pDestinations */ - PACKS(desc,"z",""); /* pParms */ - if (snum < 0) { - PACKS(desc,"z","UNKNOWN PRINTER"); - PACKI(desc,"W",LPSTAT_ERROR); - } - else if (!status || !status->message[0]) { - PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); - PACKI(desc,"W",LPSTAT_OK); /* status */ - } else { - PACKS(desc,"z",status->message); - PACKI(desc,"W",status->status); /* status */ - } - PACKI(desc,(uLevel == 1 ? "W" : "N"),count); - } - if (uLevel == 3 || uLevel == 4) { - PACKI(desc,"W",5); /* uPriority */ - PACKI(desc,"W",0); /* uStarttime */ - PACKI(desc,"W",0); /* uUntiltime */ - PACKI(desc,"W",5); /* pad1 */ - PACKS(desc,"z",""); /* pszSepFile */ - PACKS(desc,"z","WinPrint"); /* pszPrProc */ - PACKS(desc,"z",""); /* pszParms */ - if (!status || !status->message[0]) { - PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); /* pszComment */ - PACKI(desc,"W",LPSTAT_OK); /* fsStatus */ - } else { - PACKS(desc,"z",status->message); /* pszComment */ - PACKI(desc,"W",status->status); /* fsStatus */ - } - PACKI(desc,(uLevel == 3 ? "W" : "N"),count); /* cJobs */ - PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */ - PACKS(desc,"z",lp_printerdriver(snum)); /* pszDriverName */ - PackDriverData(desc); /* pDriverData */ - } - if (uLevel == 2 || uLevel == 4) { - int i; - for (i=0;ierrcode=NERR_notsupported; - return; - } - - if((p=(char *)malloc(8192*sizeof(char))) == NULL) { - DEBUG(0,("fill_printq_info: malloc fail !\n")); - desc->errcode=NERR_notsupported; - fclose(f); - return; - } - - memset(p, '\0',8192*sizeof(char)); - q=p; - - /* lookup the long printer driver name in the file description */ - while (f && !feof(f) && !ok) - { - p = q; /* reset string pointer */ - fgets(p,8191,f); - p[strlen(p)-1]='\0'; - if (next_token(&p,tok,":",sizeof(tok)) && - (strlen(lp_printerdriver(snum)) == strlen(tok)) && - (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) - ok=1; - } - fclose(f); + switch (uLevel) { + case 1: + case 2: + PACKS(desc,"B13",SERVICE(snum)); + break; + case 3: + case 4: + case 5: + PACKS(desc,"z",Expand(conn,snum,SERVICE(snum))); + break; + case 51: + PACKI(desc,"K",status->status); + break; + } - /* driver file name */ - if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0; - /* data file name */ - if (ok && !next_token(&p,datafile,":",sizeof(datafile))) ok = 0; - /* - * for the next tokens - which may be empty - I have to check for empty - * tokens first because the next_token function will skip all empty - * token fields - */ - if (ok) { - /* help file */ - if (*p == ':') { - *helpfile = '\0'; - p++; - } else if (!next_token(&p,helpfile,":",sizeof(helpfile))) ok = 0; - } + if (uLevel == 1 || uLevel == 2) { + PACKS(desc,"B",""); /* alignment */ + PACKI(desc,"W",5); /* priority */ + PACKI(desc,"W",0); /* start time */ + PACKI(desc,"W",0); /* until time */ + PACKS(desc,"z",""); /* pSepFile */ + PACKS(desc,"z","lpd"); /* pPrProc */ + PACKS(desc,"z",SERVICE(snum)); /* pDestinations */ + PACKS(desc,"z",""); /* pParms */ + if (snum < 0) { + PACKS(desc,"z","UNKNOWN PRINTER"); + PACKI(desc,"W",LPSTAT_ERROR); + } + else if (!status || !status->message[0]) { + PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); + PACKI(desc,"W",LPSTAT_OK); /* status */ + } else { + PACKS(desc,"z",status->message); + PACKI(desc,"W",status->status); /* status */ + } + PACKI(desc,(uLevel == 1 ? "W" : "N"),count); + } - if (ok) { - /* language monitor */ - if (*p == ':') { - *langmon = '\0'; - p++; - } else if (!next_token(&p,langmon,":",sizeof(langmon))) ok = 0; - } + if (uLevel == 3 || uLevel == 4) { + PACKI(desc,"W",5); /* uPriority */ + PACKI(desc,"W",0); /* uStarttime */ + PACKI(desc,"W",0); /* uUntiltime */ + PACKI(desc,"W",5); /* pad1 */ + PACKS(desc,"z",""); /* pszSepFile */ + PACKS(desc,"z","WinPrint"); /* pszPrProc */ + PACKS(desc,"z",""); /* pszParms */ + if (!status || !status->message[0]) { + PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); /* pszComment */ + PACKI(desc,"W",LPSTAT_OK); /* fsStatus */ + } else { + PACKS(desc,"z",status->message); /* pszComment */ + PACKI(desc,"W",status->status); /* fsStatus */ + } + PACKI(desc,(uLevel == 3 ? "W" : "N"),count); /* cJobs */ + PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */ + PACKS(desc,"z",lp_printerdriver(snum)); /* pszDriverName */ + PackDriverData(desc); /* pDriverData */ + } - /* default data type */ - if (ok && !next_token(&p,datatype,":",sizeof(datatype))) ok = 0; - - if (ok) { - PACKI(desc,"W",0x0400); /* don't know */ - PACKS(desc,"z",lp_printerdriver(snum)); /* long printer name */ - PACKS(desc,"z",driver); /* Driverfile Name */ - PACKS(desc,"z",datafile); /* Datafile name */ - PACKS(desc,"z",langmon); /* language monitor */ - PACKS(desc,"z",lp_driverlocation(snum)); /* share to retrieve files */ - PACKS(desc,"z",datatype); /* default data type */ - PACKS(desc,"z",helpfile); /* helpfile name */ - PACKS(desc,"z",driver); /* driver name */ - DEBUG(3,("Driver:%s:\n",driver)); - DEBUG(3,("Data File:%s:\n",datafile)); - DEBUG(3,("Language Monitor:%s:\n",langmon)); - DEBUG(3,("Data Type:%s:\n",datatype)); - DEBUG(3,("Help File:%s:\n",helpfile)); - PACKI(desc,"N",count); /* number of files to copy */ - for (i=0;i gave %d entries\n", - SERVICE(snum),count)); - } else { - DEBUG(3,("fill_printq_info: Can't supply driver files\n")); - desc->errcode=NERR_notsupported; - } - free(q); - } + if (uLevel==52) { + fill_printq_info_52(conn, snum, uLevel, desc, count, queue, status); + } } /* This function returns the number of files for a given driver */ @@ -852,7 +878,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, count = get_printerdrivernumber(snum); DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count)); } else { - count = get_printqueue(snum, conn,&queue,&status); + count = print_queue_status(snum, &queue,&status); } if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); @@ -963,7 +989,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, n = 0; for (i = 0; i < services; i++) if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { - subcntarr[n] = get_printqueue(i, conn,&queue[n],&status[n]); + subcntarr[n] = print_queue_status(i, &queue[n],&status[n]); subcnt += subcntarr[n]; n++; } @@ -1842,60 +1868,46 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - int function = SVAL(param,0); - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int jobid, snum; - int i, count; - - printjob_decode(SVAL(p,0), &snum, &jobid); - - /* check it's a supported varient */ - if (!(strcsequal(str1,"W") && strcsequal(str2,""))) - return(False); - - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + int function = SVAL(param,0); + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int jobid, errcode; - *rdata_len = 0; + jobid = SVAL(p,0); - SSVAL(*rparam,0,NERR_Success); + /* check it's a supported varient */ + if (!(strcsequal(str1,"W") && strcsequal(str2,""))) + return(False); - if (snum >= 0 && VALID_SNUM(snum)) - { - print_queue_struct *queue=NULL; - lpq_reset(snum); - count = get_printqueue(snum,conn,&queue,NULL); - - for (i=0;i= 0) { - lp_add_printer(QueueName,pnum); - snum = lp_servicenumber(QueueName); - } - } + switch (function) { + case 74: /* Pause queue */ + if (print_queue_pause(snum)) errcode = NERR_Success; + break; + case 75: /* Resume queue */ + if (print_queue_resume(snum)) errcode = NERR_Success; + break; + case 103: /* Purge */ + if (print_queue_purge(snum)) errcode = NERR_Success; + break; + } - if (snum >= 0 && VALID_SNUM(snum)) { - lpq_reset(snum); - - switch (function) { - case 74: /* Pause queue */ - case 75: /* Resume queue */ - status_printqueue(conn,snum,(function==74?LPSTAT_STOPPED:LPSTAT_OK)); - DEBUG(3,("Print queue %s, queue=%s\n", - (function==74?"pause":"resume"),QueueName)); - break; - case 103: /* Purge */ - { - print_queue_struct *queue=NULL; - int i, count; - count = get_printqueue(snum,conn,&queue,NULL); - for (i = 0; i < count; i++) - del_printqueue(conn,snum,queue[i].job); - - if (queue) free(queue); - DEBUG(3,("Print queue purge, queue=%s\n",QueueName)); - break; - } - } - } + out: + SSVAL(*rparam,0,errcode); + SSVAL(*rparam,2,0); /* converter word */ - return(True); + return(True); } @@ -1972,16 +1970,16 @@ static BOOL api_WPrintQueuePurge(connection_struct *conn,uint16 vuid, char *para static int check_printjob_info(struct pack_desc* desc, int uLevel, char* id) { - desc->subformat = NULL; - switch( uLevel ) { - case 0: desc->format = "W"; break; - case 1: desc->format = "WB21BB16B10zWWzDDz"; break; - case 2: desc->format = "WWzWWDDzz"; break; - case 3: desc->format = "WWzWWDDzzzzzzzzzzlz"; break; - default: return False; - } - if (strcmp(desc->format,id) != 0) return False; - return True; + desc->subformat = NULL; + switch( uLevel ) { + case 0: desc->format = "W"; break; + case 1: desc->format = "WB21BB16B10zWWzDDz"; break; + case 2: desc->format = "WWzWWDDzz"; break; + case 3: desc->format = "WWzWWDDzzzzzzzzzzlz"; break; + default: return False; + } + if (strcmp(desc->format,id) != 0) return False; + return True; } static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,char *data, @@ -1993,15 +1991,12 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha char *str1 = param+2; char *str2 = skip_string(str1,1); char *p = skip_string(str2,1); - int jobid, snum; + int jobid; int uLevel = SVAL(p,2); - int function = SVAL(p,4); /* what is this ?? */ - int i; - char *s = data; - files_struct *fsp; + int function = SVAL(p,4); + int place, errcode; - printjob_decode(SVAL(p,0), &snum, &jobid); - + jobid = SVAL(p,0); *rparam_len = 4; *rparam = REALLOC(*rparam,*rparam_len); @@ -2011,87 +2006,37 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha if ((strcmp(str1,"WWsTP")) || (!check_printjob_info(&desc,uLevel,str2))) return(False); - + + if (!print_job_exists(jobid)) { + errcode=NERR_JobNotFound; + goto out; + } + + errcode = NERR_notsupported; + switch (function) { - case 0x6: /* change job place in the queue, - data gives the new place */ - if (snum >= 0 && VALID_SNUM(snum)) { - print_queue_struct *queue=NULL; - int count; - - lpq_reset(snum); - count = get_printqueue(snum,conn,&queue,NULL); - for (i=0;i place ) /* move up */; - } -#endif - desc.errcode=NERR_notsupported; /* not yet - supported */ - if (queue) free(queue); - } - } else { - desc.errcode=NERR_JobNotFound; + case 0x6: + /* change job place in the queue, + data gives the new place */ + place = SVAL(data,0); + if (print_job_set_place(jobid, place)) { + errcode=NERR_Success; } break; - case 0xb: /* change print job name, data gives the name */ - /* jobid, snum should be zero */ - if (isalpha((int)*s)) { - pstring name; - int l = 0; - - while (l<64 && *s) { - if (issafe(*s)) name[l++] = *s; - s++; - } - name[l] = 0; - - DEBUG(3,("Setting print name to %s\n",name)); - - fsp = file_find_print(); - - if (fsp) { - pstring zfrom,zto; - connection_struct *fconn = fsp->conn; - - unbecome_user(); - - if (!become_user(fconn,vuid) || - !become_service(fconn,True)) - break; - - pstrcpy(zfrom, dos_to_unix(fsp->fsp_name,False)); - pstrcpy(zto, dos_to_unix(name,False)); - - if (fsp->conn->vfs_ops.rename(zfrom,zto) == 0) { - string_set(&fsp->fsp_name,name); - } - - break; - } + case 0xb: + /* change print job name, data gives the name */ + if (print_job_set_name(jobid, data)) { + errcode=NERR_Success; } - desc.errcode=NERR_Success; break; - default: /* not implemented */ + default: return False; } - - SSVALS(*rparam,0,desc.errcode); + + out: + SSVALS(*rparam,0,errcode); SSVAL(*rparam,2,0); /* converter word */ return(True); @@ -2793,13 +2738,13 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para if (strcmp(str1,"WWrLh") != 0) return False; if (!check_printjob_info(&desc,uLevel,str2)) return False; - printjob_decode(SVAL(p,0), &snum, &job); + job = SVAL(p,0); if (snum < 0 || !VALID_SNUM(snum)) return(False); - count = get_printqueue(snum,conn,&queue,&status); + count = print_queue_status(snum,&queue,&status); for (i = 0; i < count; i++) { - if ((queue[i].job & 0xFF) == job) break; + if (queue[i].job == job) break; } if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); desc.base = *rdata; @@ -2869,7 +2814,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa if (snum < 0 || !VALID_SNUM(snum)) return(False); - count = get_printqueue(snum,conn,&queue,&status); + count = print_queue_status(snum,&queue,&status); if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; -- cgit From 99acf45fa42f0fea2860f7aa0cd93fec90049f0f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 16 Apr 2000 07:28:36 +0000 Subject: added helper fns to change from internal status codes to nt spoolss codes (This used to be commit 8af879b3f513e7e8ca5f63848d22824b05e68398) --- source3/smbd/ipc.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 5c923acd49..055b8344bb 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -531,6 +531,42 @@ static int check_printq_info(struct pack_desc* desc, return True; } +/* turn a print job status into a on the wire status + right now these are complete guesses - need to fill them in (tridge) +*/ +static int printj_status(int v) +{ + switch (v) { + case LPQ_QUEUED: + return 0; + case LPQ_PAUSED: + return 1; + case LPQ_SPOOLING: + return 2; + case LPQ_PRINTING: + return 3; + } + return 4; +} + +/* turn a print queue status into a on the wire status + right now these are complete guesses - need to fill them in (tridge) +*/ +static int printq_status(int v) +{ + switch (v) { + case LPQ_QUEUED: + return 0; + case LPQ_PAUSED: + return 1; + case LPQ_SPOOLING: + return 2; + case LPQ_PRINTING: + return 3; + } + return 4; +} + static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, struct pack_desc* desc, print_queue_struct* queue, int n) @@ -548,7 +584,7 @@ static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, PACKS(desc,"B10","PM_Q_RAW"); /* szDataType */ PACKS(desc,"z",""); /* pszParms */ PACKI(desc,"W",n+1); /* uPosition */ - PACKI(desc,"W",queue->status); /* fsStatus */ + PACKI(desc,"W",printj_status(queue->status)); /* fsStatus */ PACKS(desc,"z",""); /* pszStatus */ PACKI(desc,"D",t); /* ulSubmitted */ PACKI(desc,"D",queue->size); /* ulSize */ @@ -558,7 +594,7 @@ static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, PACKI(desc,"W",queue->priority); /* uPriority */ PACKS(desc,"z",queue->user); /* pszUserName */ PACKI(desc,"W",n+1); /* uPosition */ - PACKI(desc,"W",queue->status); /* fsStatus */ + PACKI(desc,"W",printj_status(queue->status)); /* fsStatus */ PACKI(desc,"D",t); /* ulSubmitted */ PACKI(desc,"D",queue->size); /* ulSize */ PACKS(desc,"z","Samba"); /* pszComment */ @@ -702,7 +738,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, PACKS(desc,"z",Expand(conn,snum,SERVICE(snum))); break; case 51: - PACKI(desc,"K",status->status); + PACKI(desc,"K",printq_status(status->status)); break; } @@ -724,7 +760,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, PACKI(desc,"W",LPSTAT_OK); /* status */ } else { PACKS(desc,"z",status->message); - PACKI(desc,"W",status->status); /* status */ + PACKI(desc,"W",printq_status(status->status)); /* status */ } PACKI(desc,(uLevel == 1 ? "W" : "N"),count); } @@ -742,7 +778,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, PACKI(desc,"W",LPSTAT_OK); /* fsStatus */ } else { PACKS(desc,"z",status->message); /* pszComment */ - PACKI(desc,"W",status->status); /* fsStatus */ + PACKI(desc,"W",printq_status(status->status)); /* fsStatus */ } PACKI(desc,(uLevel == 3 ? "W" : "N"),count); /* cJobs */ PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */ -- cgit From 2c80622a946a0e2ffe4b4b4ad3d3f5a203bdb0f3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 16 Apr 2000 07:38:45 +0000 Subject: use some symbolic names for print queue status (This used to be commit e8418ab73667e011b15e00a844240723ff4a8cd6) --- source3/smbd/ipc.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 055b8344bb..4f87d632d2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -531,6 +531,16 @@ static int check_printq_info(struct pack_desc* desc, return True; } + +#define JOB_STATUS_QUEUED 0 +#define JOB_STATUS_PAUSED 1 +#define JOB_STATUS_SPOOLING 2 +#define JOB_STATUS_PRINTING 3 +#define JOB_STATUS_PRINTED 4 + +#define QUEUE_STATUS_PAUSED 1 +#define QUEUE_STATUS_ERROR 2 + /* turn a print job status into a on the wire status right now these are complete guesses - need to fill them in (tridge) */ @@ -538,15 +548,15 @@ static int printj_status(int v) { switch (v) { case LPQ_QUEUED: - return 0; + return JOB_STATUS_QUEUED; case LPQ_PAUSED: - return 1; + return JOB_STATUS_PAUSED; case LPQ_SPOOLING: - return 2; + return JOB_STATUS_SPOOLING; case LPQ_PRINTING: - return 3; + return JOB_STATUS_PRINTING; } - return 4; + return 0; } /* turn a print queue status into a on the wire status @@ -558,13 +568,9 @@ static int printq_status(int v) case LPQ_QUEUED: return 0; case LPQ_PAUSED: - return 1; - case LPQ_SPOOLING: - return 2; - case LPQ_PRINTING: - return 3; + return QUEUE_STATUS_PAUSED; } - return 4; + return QUEUE_STATUS_ERROR; } static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, -- cgit From d79a8c68d6ea2288dc8574f994bb281c2a784cf8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 16 Apr 2000 08:04:06 +0000 Subject: removed old comments (This used to be commit 9f49d17d4cf904034ce3718626450dc25541b420) --- source3/smbd/ipc.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 4f87d632d2..205d00b803 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -542,7 +542,6 @@ static int check_printq_info(struct pack_desc* desc, #define QUEUE_STATUS_ERROR 2 /* turn a print job status into a on the wire status - right now these are complete guesses - need to fill them in (tridge) */ static int printj_status(int v) { @@ -560,7 +559,6 @@ static int printj_status(int v) } /* turn a print queue status into a on the wire status - right now these are complete guesses - need to fill them in (tridge) */ static int printq_status(int v) { -- cgit From 19f946ba6fe442544ac9b0f71bcd33112fc79995 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 16 Apr 2000 11:00:21 +0000 Subject: converted a bunch more functions to use a fd instead of a FILE* to support some of this I added the following functions in util_file.c file_lines_pload : load lines from a pipe file_pload : load a pipe into memory (This used to be commit a09470817c5b21dba42f9ef4ce5e8b768a254c0b) --- source3/smbd/ipc.c | 150 +++++++++++++++++++++-------------------------------- 1 file changed, 59 insertions(+), 91 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 205d00b803..17aa83b72b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -626,40 +626,29 @@ static void fill_printq_info_52(connection_struct *conn, int snum, int uLevel, { int i,ok=0; pstring tok,driver,datafile,langmon,helpfile,datatype; - char *p,*q; - FILE *f; - pstring fname; + char *p; + char **lines, *line; - pstrcpy(fname,lp_driverfile()); - f=sys_fopen(fname,"r"); - if (!f) { - DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno))); + lines = file_lines_load(lp_driverfile(),NULL); + if (!lines) { + DEBUG(3,("fill_printq_info: Can't open %s - %s\n", + lp_driverfile(),strerror(errno))); desc->errcode=NERR_notsupported; return; } - if((p=(char *)malloc(8192*sizeof(char))) == NULL) { - DEBUG(0,("fill_printq_info: malloc fail !\n")); - desc->errcode=NERR_notsupported; - fclose(f); - return; - } - - memset(p, '\0',8192*sizeof(char)); - q=p; - /* lookup the long printer driver name in the file description */ - while (f && !feof(f) && !ok) { - p = q; /* reset string pointer */ - fgets(p,8191,f); - p[strlen(p)-1]='\0'; + for (i=0;lines[i] && !ok;i++) { + p = lines[i]; if (next_token(&p,tok,":",sizeof(tok)) && (strlen(lp_printerdriver(snum)) == strlen(tok)) && (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) ok=1; } - fclose(f); + line = strdup(p); + p = line; + file_lines_free(lines); /* driver file name */ if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0; @@ -722,7 +711,7 @@ static void fill_printq_info_52(connection_struct *conn, int snum, int uLevel, DEBUG(3,("fill_printq_info: Can't supply driver files\n")); desc->errcode=NERR_notsupported; } - free(q); + free(line); } @@ -804,56 +793,45 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, /* This function returns the number of files for a given driver */ static int get_printerdrivernumber(int snum) { - int i=0,ok=0; - pstring tok; - char *p,*q; - FILE *f; - pstring fname; - - pstrcpy(fname,lp_driverfile()); - - DEBUG(4,("In get_printerdrivernumber: %s\n",fname)); - f=sys_fopen(fname,"r"); - if (!f) { - DEBUG(3,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno))); - return(0); - } - - if((p=(char *)malloc(8192*sizeof(char))) == NULL) { - DEBUG(3,("get_printerdrivernumber: malloc fail !\n")); - fclose(f); - return 0; - } - - q=p; /* need it to free memory because p change ! */ - - /* lookup the long printer driver name in the file description */ - while (!feof(f) && !ok) - { - p = q; /* reset string pointer */ - fgets(p,8191,f); - if (next_token(&p,tok,":",sizeof(tok)) && - (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) - ok=1; - } - fclose(f); - - if (ok) { - /* skip 5 fields */ - i = 5; - while (*p && i) { - if (*p++ == ':') i--; - } - if (!*p || i) - return(0); + int i=0,ok=0; + pstring tok; + char *p; + char **lines, *line; - /* count the number of files */ - while (next_token(&p,tok,",",sizeof(tok))) - i++; - } - free(q); - - return(i); + lines = file_lines_load(lp_driverfile(), NULL); + if (!lines) { + DEBUG(3,("get_printerdrivernumber: Can't open %s - %s\n", + lp_driverfile(),strerror(errno))); + return(0); + } + + /* lookup the long printer driver name in the file description */ + for (i=0;lines[i] && !ok; i++) { + p = lines[i]; + if (next_token(&p,tok,":",sizeof(tok)) && + (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) + ok=1; + } + line = strdup(p); + p = line; + file_lines_free(lines); + + if (ok) { + /* skip 5 fields */ + i = 5; + while (*p && i) { + if (*p++ == ':') i--; + } + if (!*p || i) + return(0); + + /* count the number of files */ + while (next_token(&p,tok,",",sizeof(tok))) + i++; + } + free(line); + + return(i); } static BOOL api_DosPrintQGetInfo(connection_struct *conn, @@ -1105,22 +1083,15 @@ static int get_server_info(uint32 servertype, struct srv_info_struct **servers, char *domain) { - FILE *f; - pstring fname; int count=0; int alloced=0; - pstring line; + char **lines; BOOL local_list_only; + int i; - pstrcpy(fname,lp_lockdir()); - trim_string(fname,NULL,"/"); - pstrcat(fname,"/"); - pstrcat(fname,SERVER_LIST); - - f = sys_fopen(fname,"r"); - - if (!f) { - DEBUG(4,("Can't open %s - %s\n",fname,strerror(errno))); + lines = file_lines_load(lock_path(SERVER_LIST), NULL); + if (!lines) { + DEBUG(4,("Can't open %s - %s\n",lock_path(SERVER_LIST),strerror(errno))); return(0); } @@ -1132,16 +1103,13 @@ static int get_server_info(uint32 servertype, DEBUG(4,("Servertype search: %8x\n",servertype)); - while (!feof(f)) - { + for (i=0;lines[i];i++) { fstring stype; struct srv_info_struct *s; - char *ptr = line; + char *ptr = lines[i]; BOOL ok = True; - *ptr = 0; - fgets(line,sizeof(line)-1,f); - if (!*line) continue; + if (!*ptr) continue; if (count == alloced) { alloced += 10; @@ -1209,7 +1177,7 @@ static int get_server_info(uint32 servertype, } } - fclose(f); + file_lines_free(lines); return(count); } -- cgit From 612682354fa978d7b883028b3aace52a2882adca Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Apr 2000 04:01:16 +0000 Subject: - got rid of the "passive" option - cleaned up the standard_sub_*() calls a lot (This used to be commit 2c2d95d77d3667eaa9252506a82b9054b0d0e01c) --- source3/smbd/ipc.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 17aa83b72b..64ec05b017 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -80,7 +80,7 @@ static int CopyExpanded(connection_struct *conn, StrnCpy(buf,src,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub(conn,buf); + standard_sub_conn(conn,buf); StrnCpy(*dst,buf,*n); l = strlen(*dst) + 1; (*dst) += l; @@ -105,7 +105,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char* s) if (!s) return(0); StrnCpy(buf,s,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub(conn,buf); + standard_sub_conn(conn,buf); return strlen(buf) + 1; } @@ -115,7 +115,7 @@ static char* Expand(connection_struct *conn, int snum, char* s) if (!s) return(NULL); StrnCpy(buf,s,sizeof(buf)/2); pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub(conn,buf); + standard_sub_conn(conn,buf); return &buf[0]; } @@ -2137,7 +2137,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par SIVAL(p,6,0); } else { SIVAL(p,6,PTR_DIFF(p2,*rdata)); - standard_sub(conn,comment); + standard_sub_conn(conn,comment); StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0)); p2 = skip_string(p2,1); } @@ -2519,7 +2519,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SSVAL(p,52,0); /* flags */ SIVAL(p,54,PTR_DIFF(p2,*rdata)); /* script_path */ pstrcpy(p2,lp_logon_script()); - standard_sub( conn, p2 ); + standard_sub_conn( conn, p2 ); p2 = skip_string(p2,1); if (uLevel == 2) { @@ -2544,7 +2544,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SSVALS(p,104,-1); /* num_logons */ SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ pstrcpy(p2,"\\\\%L"); - standard_sub_basic(p2); + standard_sub_conn(conn, p2); p2 = skip_string(p2,1); SSVAL(p,110,49); /* country_code */ SSVAL(p,112,860); /* code page */ @@ -2667,7 +2667,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param { pstring logon_script; pstrcpy(logon_script,lp_logon_script()); - standard_sub( conn, logon_script ); + standard_sub_conn( conn, logon_script ); PACKS(&desc,"z", logon_script); /* script path */ } /* End of JHT mods */ -- cgit From 59f992f12de9a0c6a0bc30f8953b324699623a03 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Apr 2000 07:00:22 +0000 Subject: patch from luke to split out lanman code from ipc.c into lanman.c (This used to be commit 95246a8432e04bcdeed962d1a6112dfd90518941) --- source3/smbd/ipc.c | 3330 ++-------------------------------------------------- 1 file changed, 92 insertions(+), 3238 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 64ec05b017..f87423c9ca 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -29,3123 +29,137 @@ #include "includes.h" #include "nterr.h" -#ifdef CHECK_TYPES -#undef CHECK_TYPES -#endif -#define CHECK_TYPES 0 - -extern int DEBUGLEVEL; -extern int max_send; - -extern fstring local_machine; -extern fstring global_myworkgroup; - -#define NERR_Success 0 -#define NERR_badpass 86 -#define NERR_notsupported 50 - -#define NERR_BASE (2100) -#define NERR_BufTooSmall (NERR_BASE+23) -#define NERR_JobNotFound (NERR_BASE+51) -#define NERR_DestNotFound (NERR_BASE+52) - -#define ACCESS_READ 0x01 -#define ACCESS_WRITE 0x02 -#define ACCESS_CREATE 0x04 - -#define SHPWLEN 8 /* share password length */ -#define NNLEN 12 /* 8.3 net name length */ -#define SNLEN 15 /* service name length */ -#define QNLEN 12 /* queue name maximum length */ - -extern int smb_read_error; - -static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len); -static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len); - - -static int CopyExpanded(connection_struct *conn, - int snum, char** dst, char* src, int* n) -{ - pstring buf; - int l; - - if (!src || !dst || !n || !(*dst)) return(0); - - StrnCpy(buf,src,sizeof(buf)/2); - pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); - StrnCpy(*dst,buf,*n); - l = strlen(*dst) + 1; - (*dst) += l; - (*n) -= l; - return l; -} - -static int CopyAndAdvance(char** dst, char* src, int* n) -{ - int l; - if (!src || !dst || !n || !(*dst)) return(0); - StrnCpy(*dst,src,*n-1); - l = strlen(*dst) + 1; - (*dst) += l; - (*n) -= l; - return l; -} - -static int StrlenExpanded(connection_struct *conn, int snum, char* s) -{ - pstring buf; - if (!s) return(0); - StrnCpy(buf,s,sizeof(buf)/2); - pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); - return strlen(buf) + 1; -} - -static char* Expand(connection_struct *conn, int snum, char* s) -{ - static pstring buf; - if (!s) return(NULL); - StrnCpy(buf,s,sizeof(buf)/2); - pstring_sub(buf,"%S",lp_servicename(snum)); - standard_sub_conn(conn,buf); - return &buf[0]; -} - -/******************************************************************* - check a API string for validity when we only need to check the prefix - ******************************************************************/ -static BOOL prefix_ok(char *str,char *prefix) -{ - return(strncmp(str,prefix,strlen(prefix)) == 0); -} - -/******************************************************************* - copies parameters and data, as needed, into the smb buffer - - *both* the data and params sections should be aligned. this - is fudged in the rpc pipes by - at present, only the data section is. this may be a possible - cause of some of the ipc problems being experienced. lkcl26dec97 - - ******************************************************************/ - -static void copy_trans_params_and_data(char *outbuf, int align, - char *rparam, int param_offset, int param_len, - char *rdata, int data_offset, int data_len) -{ - char *copy_into = smb_buf(outbuf)+1; - - if(param_len < 0) - param_len = 0; - - if(data_len < 0) - data_len = 0; - - DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n", - param_offset, param_offset + param_len, - data_offset , data_offset + data_len)); - - if (param_len) - memcpy(copy_into, &rparam[param_offset], param_len); - - copy_into += param_len + align; - - if (data_len ) - memcpy(copy_into, &rdata[data_offset], data_len); -} - -/**************************************************************************** - Send a trans reply. - ****************************************************************************/ - -static void send_trans_reply(char *outbuf, - char *rparam, int rparam_len, - char *rdata, int rdata_len, - BOOL buffer_too_large) -{ - int this_ldata,this_lparam; - int tot_data_sent = 0; - int tot_param_sent = 0; - int align; - - int ldata = rdata ? rdata_len : 0; - int lparam = rparam ? rparam_len : 0; - - if (buffer_too_large) - DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata )); - - this_lparam = MIN(lparam,max_send - 500); /* hack */ - this_ldata = MIN(ldata,max_send - (500+this_lparam)); - - align = ((this_lparam)%4); - - set_message(outbuf,10,1+align+this_ldata+this_lparam,True); - - if (buffer_too_large) - { - /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ - SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); - SIVAL(outbuf, smb_rcls, 0x80000000 | NT_STATUS_ACCESS_VIOLATION); - } - - copy_trans_params_and_data(outbuf, align, - rparam, tot_param_sent, this_lparam, - rdata, tot_data_sent, this_ldata); - - SSVAL(outbuf,smb_vwv0,lparam); - SSVAL(outbuf,smb_vwv1,ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,0); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); - SSVAL(outbuf,smb_vwv8,0); - SSVAL(outbuf,smb_vwv9,0); - - show_msg(outbuf); - send_smb(smbd_server_fd(),outbuf); - - tot_data_sent = this_ldata; - tot_param_sent = this_lparam; - - while (tot_data_sent < ldata || tot_param_sent < lparam) - { - this_lparam = MIN(lparam-tot_param_sent, max_send - 500); /* hack */ - this_ldata = MIN(ldata -tot_data_sent, max_send - (500+this_lparam)); - - if(this_lparam < 0) - this_lparam = 0; - - if(this_ldata < 0) - this_ldata = 0; - - align = (this_lparam%4); - - set_message(outbuf,10,1+this_ldata+this_lparam+align,False); - - copy_trans_params_and_data(outbuf, align, - rparam, tot_param_sent, this_lparam, - rdata, tot_data_sent, this_ldata); - - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,tot_param_sent); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); - SSVAL(outbuf,smb_vwv8,tot_data_sent); - SSVAL(outbuf,smb_vwv9,0); - - show_msg(outbuf); - send_smb(smbd_server_fd(),outbuf); - - tot_data_sent += this_ldata; - tot_param_sent += this_lparam; - } -} - -struct pack_desc { - char* format; /* formatstring for structure */ - char* subformat; /* subformat for structure */ - char* base; /* baseaddress of buffer */ - int buflen; /* remaining size for fixed part; on init: length of base */ - int subcount; /* count of substructures */ - char* structbuf; /* pointer into buffer for remaining fixed part */ - int stringlen; /* remaining size for variable part */ - char* stringbuf; /* pointer into buffer for remaining variable part */ - int neededlen; /* total needed size */ - int usedlen; /* total used size (usedlen <= neededlen and usedlen <= buflen) */ - char* curpos; /* current position; pointer into format or subformat */ - int errcode; -}; - -static int get_counter(char** p) -{ - int i, n; - if (!p || !(*p)) return(1); - if (!isdigit((int)**p)) return 1; - for (n = 0;;) { - i = **p; - if (isdigit(i)) - n = 10 * n + (i - '0'); - else - return n; - (*p)++; - } -} - -static int getlen(char* p) -{ - int n = 0; - if (!p) return(0); - while (*p) { - switch( *p++ ) { - case 'W': /* word (2 byte) */ - n += 2; - break; - case 'K': /* status word? (2 byte) */ - n += 2; - break; - case 'N': /* count of substructures (word) at end */ - n += 2; - break; - case 'D': /* double word (4 byte) */ - case 'z': /* offset to zero terminated string (4 byte) */ - case 'l': /* offset to user data (4 byte) */ - n += 4; - break; - case 'b': /* offset to data (with counter) (4 byte) */ - n += 4; - get_counter(&p); - break; - case 'B': /* byte (with optional counter) */ - n += get_counter(&p); - break; - } - } - return n; -} - -static BOOL init_package(struct pack_desc* p, int count, int subcount) -{ - int n = p->buflen; - int i; - - if (!p->format || !p->base) return(False); - - i = count * getlen(p->format); - if (p->subformat) i += subcount * getlen(p->subformat); - p->structbuf = p->base; - p->neededlen = 0; - p->usedlen = 0; - p->subcount = 0; - p->curpos = p->format; - if (i > n) { - p->neededlen = i; - i = n = 0; - p->errcode = ERRmoredata; - } - else - p->errcode = NERR_Success; - p->buflen = i; - n -= i; - p->stringbuf = p->base + i; - p->stringlen = n; - return(p->errcode == NERR_Success); -} - -#ifdef HAVE_STDARG_H -static int package(struct pack_desc* p, ...) -{ -#else -static int package(va_alist) -va_dcl -{ - struct pack_desc* p; -#endif - va_list args; - int needed=0, stringneeded; - char* str=NULL; - int is_string=0, stringused; - int32 temp; - -#ifdef HAVE_STDARG_H - va_start(args,p); -#else - va_start(args); - p = va_arg(args,struct pack_desc *); -#endif - - if (!*p->curpos) { - if (!p->subcount) - p->curpos = p->format; - else { - p->curpos = p->subformat; - p->subcount--; - } - } -#if CHECK_TYPES - str = va_arg(args,char*); - SMB_ASSERT(strncmp(str,p->curpos,strlen(str)) == 0); -#endif - stringneeded = -1; - - if (!p->curpos) { - va_end(args); - return(0); - } - - switch( *p->curpos++ ) { - case 'W': /* word (2 byte) */ - needed = 2; - temp = va_arg(args,int); - if (p->buflen >= needed) SSVAL(p->structbuf,0,temp); - break; - case 'K': /* status word? (2 byte) */ - needed = 2; - temp = va_arg(args,int); - if (p->buflen >= needed) SSVAL(p->structbuf,0,temp); - break; - case 'N': /* count of substructures (word) at end */ - needed = 2; - p->subcount = va_arg(args,int); - if (p->buflen >= needed) SSVAL(p->structbuf,0,p->subcount); - break; - case 'D': /* double word (4 byte) */ - needed = 4; - temp = va_arg(args,int); - if (p->buflen >= needed) SIVAL(p->structbuf,0,temp); - break; - case 'B': /* byte (with optional counter) */ - needed = get_counter(&p->curpos); - { - char *s = va_arg(args,char*); - if (p->buflen >= needed) StrnCpy(p->structbuf,s?s:"",needed-1); - } - break; - case 'z': /* offset to zero terminated string (4 byte) */ - str = va_arg(args,char*); - stringneeded = (str ? strlen(str)+1 : 0); - is_string = 1; - break; - case 'l': /* offset to user data (4 byte) */ - str = va_arg(args,char*); - stringneeded = va_arg(args,int); - is_string = 0; - break; - case 'b': /* offset to data (with counter) (4 byte) */ - str = va_arg(args,char*); - stringneeded = get_counter(&p->curpos); - is_string = 0; - break; - } - va_end(args); - if (stringneeded >= 0) { - needed = 4; - if (p->buflen >= needed) { - stringused = stringneeded; - if (stringused > p->stringlen) { - stringused = (is_string ? p->stringlen : 0); - if (p->errcode == NERR_Success) p->errcode = ERRmoredata; - } - if (!stringused) - SIVAL(p->structbuf,0,0); - else { - SIVAL(p->structbuf,0,PTR_DIFF(p->stringbuf,p->base)); - memcpy(p->stringbuf,str?str:"",stringused); - if (is_string) p->stringbuf[stringused-1] = '\0'; - p->stringbuf += stringused; - p->stringlen -= stringused; - p->usedlen += stringused; - } - } - p->neededlen += stringneeded; - } - p->neededlen += needed; - if (p->buflen >= needed) { - p->structbuf += needed; - p->buflen -= needed; - p->usedlen += needed; - } - else { - if (p->errcode == NERR_Success) p->errcode = ERRmoredata; - } - return 1; -} - -#if CHECK_TYPES -#define PACK(desc,t,v) package(desc,t,v,0,0,0,0) -#define PACKl(desc,t,v,l) package(desc,t,v,l,0,0,0,0) -#else -#define PACK(desc,t,v) package(desc,v) -#define PACKl(desc,t,v,l) package(desc,v,l) -#endif - -static void PACKI(struct pack_desc* desc,char *t,int v) -{ - PACK(desc,t,v); -} - -static void PACKS(struct pack_desc* desc,char *t,char *v) -{ - PACK(desc,t,v); -} - - -/**************************************************************************** - get a print queue - ****************************************************************************/ -static void PackDriverData(struct pack_desc* desc) -{ - char drivdata[4+4+32]; - SIVAL(drivdata,0,sizeof drivdata); /* cb */ - SIVAL(drivdata,4,1000); /* lVersion */ - memset(drivdata+8,0,32); /* szDeviceName */ - pstrcpy(drivdata+8,"NULL"); - PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */ -} - -static int check_printq_info(struct pack_desc* desc, - int uLevel, char *id1, char *id2) -{ - desc->subformat = NULL; - switch( uLevel ) { - case 0: - desc->format = "B13"; - break; - case 1: - desc->format = "B13BWWWzzzzzWW"; - break; - case 2: - desc->format = "B13BWWWzzzzzWN"; - desc->subformat = "WB21BB16B10zWWzDDz"; - break; - case 3: - desc->format = "zWWWWzzzzWWzzl"; - break; - case 4: - desc->format = "zWWWWzzzzWNzzl"; - desc->subformat = "WWzWWDDzz"; - break; - case 5: - desc->format = "z"; - break; - case 51: - desc->format = "K"; - break; - case 52: - desc->format = "WzzzzzzzzN"; - desc->subformat = "z"; - break; - default: return False; - } - if (strcmp(desc->format,id1) != 0) return False; - if (desc->subformat && strcmp(desc->subformat,id2) != 0) return False; - return True; -} - - -#define JOB_STATUS_QUEUED 0 -#define JOB_STATUS_PAUSED 1 -#define JOB_STATUS_SPOOLING 2 -#define JOB_STATUS_PRINTING 3 -#define JOB_STATUS_PRINTED 4 - -#define QUEUE_STATUS_PAUSED 1 -#define QUEUE_STATUS_ERROR 2 - -/* turn a print job status into a on the wire status -*/ -static int printj_status(int v) -{ - switch (v) { - case LPQ_QUEUED: - return JOB_STATUS_QUEUED; - case LPQ_PAUSED: - return JOB_STATUS_PAUSED; - case LPQ_SPOOLING: - return JOB_STATUS_SPOOLING; - case LPQ_PRINTING: - return JOB_STATUS_PRINTING; - } - return 0; -} - -/* turn a print queue status into a on the wire status -*/ -static int printq_status(int v) -{ - switch (v) { - case LPQ_QUEUED: - return 0; - case LPQ_PAUSED: - return QUEUE_STATUS_PAUSED; - } - return QUEUE_STATUS_ERROR; -} - -static void fill_printjob_info(connection_struct *conn, int snum, int uLevel, - struct pack_desc* desc, - print_queue_struct* queue, int n) -{ - time_t t = queue->time; - - /* the client expects localtime */ - t -= TimeDiff(t); - - PACKI(desc,"W",queue->job); /* uJobId */ - if (uLevel == 1) { - PACKS(desc,"B21",queue->user); /* szUserName */ - PACKS(desc,"B",""); /* pad */ - PACKS(desc,"B16",""); /* szNotifyName */ - PACKS(desc,"B10","PM_Q_RAW"); /* szDataType */ - PACKS(desc,"z",""); /* pszParms */ - PACKI(desc,"W",n+1); /* uPosition */ - PACKI(desc,"W",printj_status(queue->status)); /* fsStatus */ - PACKS(desc,"z",""); /* pszStatus */ - PACKI(desc,"D",t); /* ulSubmitted */ - PACKI(desc,"D",queue->size); /* ulSize */ - PACKS(desc,"z",queue->file); /* pszComment */ - } - if (uLevel == 2 || uLevel == 3) { - PACKI(desc,"W",queue->priority); /* uPriority */ - PACKS(desc,"z",queue->user); /* pszUserName */ - PACKI(desc,"W",n+1); /* uPosition */ - PACKI(desc,"W",printj_status(queue->status)); /* fsStatus */ - PACKI(desc,"D",t); /* ulSubmitted */ - PACKI(desc,"D",queue->size); /* ulSize */ - PACKS(desc,"z","Samba"); /* pszComment */ - PACKS(desc,"z",queue->file); /* pszDocument */ - if (uLevel == 3) { - PACKS(desc,"z",""); /* pszNotifyName */ - PACKS(desc,"z","PM_Q_RAW"); /* pszDataType */ - PACKS(desc,"z",""); /* pszParms */ - PACKS(desc,"z",""); /* pszStatus */ - PACKS(desc,"z",SERVICE(snum)); /* pszQueue */ - PACKS(desc,"z","lpd"); /* pszQProcName */ - PACKS(desc,"z",""); /* pszQProcParms */ - PACKS(desc,"z","NULL"); /* pszDriverName */ - PackDriverData(desc); /* pDriverData */ - PACKS(desc,"z",""); /* pszPrinterName */ - } - } -} - - -static void fill_printq_info_52(connection_struct *conn, int snum, int uLevel, - struct pack_desc* desc, - int count, print_queue_struct* queue, - print_status_struct* status) -{ - int i,ok=0; - pstring tok,driver,datafile,langmon,helpfile,datatype; - char *p; - char **lines, *line; - - lines = file_lines_load(lp_driverfile(),NULL); - if (!lines) { - DEBUG(3,("fill_printq_info: Can't open %s - %s\n", - lp_driverfile(),strerror(errno))); - desc->errcode=NERR_notsupported; - return; - } - - /* lookup the long printer driver name in the file - description */ - for (i=0;lines[i] && !ok;i++) { - p = lines[i]; - if (next_token(&p,tok,":",sizeof(tok)) && - (strlen(lp_printerdriver(snum)) == strlen(tok)) && - (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) - ok=1; - } - line = strdup(p); - p = line; - file_lines_free(lines); - - /* driver file name */ - if (ok && !next_token(&p,driver,":",sizeof(driver))) ok = 0; - /* data file name */ - if (ok && !next_token(&p,datafile,":",sizeof(datafile))) ok = 0; - /* - * for the next tokens - which may be empty - I have - * to check for empty tokens first because the - * next_token function will skip all empty token - * fields */ - if (ok) { - /* help file */ - if (*p == ':') { - *helpfile = '\0'; - p++; - } else if (!next_token(&p,helpfile,":",sizeof(helpfile))) ok = 0; - } - - if (ok) { - /* language monitor */ - if (*p == ':') { - *langmon = '\0'; - p++; - } else if (!next_token(&p,langmon,":",sizeof(langmon))) - ok = 0; - } - - /* default data type */ - if (ok && !next_token(&p,datatype,":",sizeof(datatype))) - ok = 0; - - if (ok) { - PACKI(desc,"W",0x0400); /* don't know */ - PACKS(desc,"z",lp_printerdriver(snum)); /* long printer name */ - PACKS(desc,"z",driver); /* Driverfile Name */ - PACKS(desc,"z",datafile); /* Datafile name */ - PACKS(desc,"z",langmon); /* language monitor */ - PACKS(desc,"z",lp_driverlocation(snum)); /* share to retrieve files */ - PACKS(desc,"z",datatype); /* default data type */ - PACKS(desc,"z",helpfile); /* helpfile name */ - PACKS(desc,"z",driver); /* driver name */ - DEBUG(3,("Driver:%s:\n",driver)); - DEBUG(3,("Data File:%s:\n",datafile)); - DEBUG(3,("Language Monitor:%s:\n",langmon)); - DEBUG(3,("Data Type:%s:\n",datatype)); - DEBUG(3,("Help File:%s:\n",helpfile)); - PACKI(desc,"N",count); /* number of files to copy */ - for (i=0;i gave %d entries\n", - SERVICE(snum),count)); - } else { - DEBUG(3,("fill_printq_info: Can't supply driver files\n")); - desc->errcode=NERR_notsupported; - } - free(line); -} - - -static void fill_printq_info(connection_struct *conn, int snum, int uLevel, - struct pack_desc* desc, - int count, print_queue_struct* queue, - print_status_struct* status) -{ - switch (uLevel) { - case 1: - case 2: - PACKS(desc,"B13",SERVICE(snum)); - break; - case 3: - case 4: - case 5: - PACKS(desc,"z",Expand(conn,snum,SERVICE(snum))); - break; - case 51: - PACKI(desc,"K",printq_status(status->status)); - break; - } - - if (uLevel == 1 || uLevel == 2) { - PACKS(desc,"B",""); /* alignment */ - PACKI(desc,"W",5); /* priority */ - PACKI(desc,"W",0); /* start time */ - PACKI(desc,"W",0); /* until time */ - PACKS(desc,"z",""); /* pSepFile */ - PACKS(desc,"z","lpd"); /* pPrProc */ - PACKS(desc,"z",SERVICE(snum)); /* pDestinations */ - PACKS(desc,"z",""); /* pParms */ - if (snum < 0) { - PACKS(desc,"z","UNKNOWN PRINTER"); - PACKI(desc,"W",LPSTAT_ERROR); - } - else if (!status || !status->message[0]) { - PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); - PACKI(desc,"W",LPSTAT_OK); /* status */ - } else { - PACKS(desc,"z",status->message); - PACKI(desc,"W",printq_status(status->status)); /* status */ - } - PACKI(desc,(uLevel == 1 ? "W" : "N"),count); - } - - if (uLevel == 3 || uLevel == 4) { - PACKI(desc,"W",5); /* uPriority */ - PACKI(desc,"W",0); /* uStarttime */ - PACKI(desc,"W",0); /* uUntiltime */ - PACKI(desc,"W",5); /* pad1 */ - PACKS(desc,"z",""); /* pszSepFile */ - PACKS(desc,"z","WinPrint"); /* pszPrProc */ - PACKS(desc,"z",""); /* pszParms */ - if (!status || !status->message[0]) { - PACKS(desc,"z",Expand(conn,snum,lp_comment(snum))); /* pszComment */ - PACKI(desc,"W",LPSTAT_OK); /* fsStatus */ - } else { - PACKS(desc,"z",status->message); /* pszComment */ - PACKI(desc,"W",printq_status(status->status)); /* fsStatus */ - } - PACKI(desc,(uLevel == 3 ? "W" : "N"),count); /* cJobs */ - PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */ - PACKS(desc,"z",lp_printerdriver(snum)); /* pszDriverName */ - PackDriverData(desc); /* pDriverData */ - } - - if (uLevel == 2 || uLevel == 4) { - int i; - for (i=0;i - * to return the 'invalid info level' error if an - * unknown level was requested. - */ - *rdata_len = 0; - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,ERROR_INVALID_LEVEL); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,0); - return(True); - } - - snum = lp_servicenumber(QueueName); - if (snum < 0 && pcap_printername_ok(QueueName,NULL)) { - int pnum = lp_servicenumber(PRINTERS_NAME); - if (pnum >= 0) { - lp_add_printer(QueueName,pnum); - snum = lp_servicenumber(QueueName); - } - } - - if (snum < 0 || !VALID_SNUM(snum)) return(False); - - if (uLevel==52) { - count = get_printerdrivernumber(snum); - DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count)); - } else { - count = print_queue_status(snum, &queue,&status); - } - - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - if (init_package(&desc,1,count)) { - desc.subcount = count; - fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status); - } else if(uLevel == 0) { - /* - * This is a *disgusting* hack. - * This is *so* bad that even I'm embarrassed (and I - * have no shame). Here's the deal : - * Until we get the correct SPOOLSS code into smbd - * then when we're running with NT SMB support then - * NT makes this call with a level of zero, and then - * immediately follows it with an open request to - * the \\SRVSVC pipe. If we allow that open to - * succeed then NT barfs when it cannot open the - * \\SPOOLSS pipe immediately after and continually - * whines saying "Printer name is invalid" forever - * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC - * to fail, then NT downgrades to using the downlevel code - * and everything works as well as before. I hate - * myself for adding this code.... JRA. - */ - - fail_next_srvsvc_open(); - } - - *rdata_len = desc.usedlen; - - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,desc.neededlen); - - DEBUG(4,("printqgetinfo: errorcode %d\n",desc.errcode)); - - if (queue) free(queue); - - return(True); -} - - -/**************************************************************************** - view list of all print jobs on all queues - ****************************************************************************/ -static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, char* data, - int mdrcnt, int mprcnt, - char **rdata, char** rparam, - int *rdata_len, int *rparam_len) -{ - char *param_format = param+2; - char *output_format1 = skip_string(param_format,1); - char *p = skip_string(output_format1,1); - int uLevel = SVAL(p,0); - char *output_format2 = p + 4; - int services = lp_numservices(); - int i, n; - struct pack_desc desc; - print_queue_struct **queue = NULL; - print_status_struct *status = NULL; - int* subcntarr = NULL; - int queuecnt, subcnt=0, succnt=0; - - memset((char *)&desc,'\0',sizeof(desc)); - - DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel)); - - if (!prefix_ok(param_format,"WrLeh")) return False; - if (!check_printq_info(&desc,uLevel,output_format1,output_format2)) { - /* - * Patch from Scott Moomaw - * to return the 'invalid info level' error if an - * unknown level was requested. - */ - *rdata_len = 0; - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,ERROR_INVALID_LEVEL); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,0); - return(True); - } - - queuecnt = 0; - for (i = 0; i < services; i++) - if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) - queuecnt++; - if (uLevel > 0) { - if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) { - DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); - return False; - } - memset(queue,0,queuecnt*sizeof(print_queue_struct*)); - if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) { - DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); - return False; - } - memset(status,0,queuecnt*sizeof(print_status_struct)); - if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) { - DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); - return False; - } - subcnt = 0; - n = 0; - for (i = 0; i < services; i++) - if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { - subcntarr[n] = print_queue_status(i, &queue[n],&status[n]); - subcnt += subcntarr[n]; - n++; - } - } - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - - if (init_package(&desc,queuecnt,subcnt)) { - n = 0; - succnt = 0; - for (i = 0; i < services; i++) - if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { - fill_printq_info(conn,i,uLevel,&desc,subcntarr[n],queue[n],&status[n]); - n++; - if (desc.errcode == NERR_Success) succnt = n; - } - } - - if (subcntarr) free(subcntarr); - - *rdata_len = desc.usedlen; - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,succnt); - SSVAL(*rparam,6,queuecnt); - - for (i = 0; i < queuecnt; i++) { - if (queue && queue[i]) free(queue[i]); - } - - if (queue) free(queue); - if (status) free(status); - - return True; -} - -/**************************************************************************** - get info level for a server list query - ****************************************************************************/ -static BOOL check_server_info(int uLevel, char* id) -{ - switch( uLevel ) { - case 0: - if (strcmp(id,"B16") != 0) return False; - break; - case 1: - if (strcmp(id,"B16BBDz") != 0) return False; - break; - default: - return False; - } - return True; -} - -struct srv_info_struct -{ - fstring name; - uint32 type; - fstring comment; - fstring domain; - BOOL server_added; -}; - - -/******************************************************************* - get server info lists from the files saved by nmbd. Return the - number of entries - ******************************************************************/ -static int get_server_info(uint32 servertype, - struct srv_info_struct **servers, - char *domain) -{ - int count=0; - int alloced=0; - char **lines; - BOOL local_list_only; - int i; - - lines = file_lines_load(lock_path(SERVER_LIST), NULL); - if (!lines) { - DEBUG(4,("Can't open %s - %s\n",lock_path(SERVER_LIST),strerror(errno))); - return(0); - } - - /* request for everything is code for request all servers */ - if (servertype == SV_TYPE_ALL) - servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY); - - local_list_only = (servertype & SV_TYPE_LOCAL_LIST_ONLY); - - DEBUG(4,("Servertype search: %8x\n",servertype)); - - for (i=0;lines[i];i++) { - fstring stype; - struct srv_info_struct *s; - char *ptr = lines[i]; - BOOL ok = True; - - if (!*ptr) continue; - - if (count == alloced) { - alloced += 10; - (*servers) = (struct srv_info_struct *) - Realloc(*servers,sizeof(**servers)*alloced); - if (!(*servers)) return(0); - memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count)); - } - s = &(*servers)[count]; - - if (!next_token(&ptr,s->name , NULL, sizeof(s->name))) continue; - if (!next_token(&ptr,stype , NULL, sizeof(stype))) continue; - if (!next_token(&ptr,s->comment, NULL, sizeof(s->comment))) continue; - if (!next_token(&ptr,s->domain , NULL, sizeof(s->domain))) { - /* this allows us to cope with an old nmbd */ - pstrcpy(s->domain,global_myworkgroup); - } - - if (sscanf(stype,"%X",&s->type) != 1) { - DEBUG(4,("r:host file ")); - ok = False; - } - - /* Filter the servers/domains we return based on what was asked for. */ - - /* Check to see if we are being asked for a local list only. */ - if(local_list_only && ((s->type & SV_TYPE_LOCAL_LIST_ONLY) == 0)) { - DEBUG(4,("r: local list only")); - ok = False; - } - - /* doesn't match up: don't want it */ - if (!(servertype & s->type)) { - DEBUG(4,("r:serv type ")); - ok = False; - } - - if ((servertype & SV_TYPE_DOMAIN_ENUM) != - (s->type & SV_TYPE_DOMAIN_ENUM)) - { - DEBUG(4,("s: dom mismatch ")); - ok = False; - } - - if (!strequal(domain, s->domain) && !(servertype & SV_TYPE_DOMAIN_ENUM)) - { - ok = False; - } - - /* We should never return a server type with a SV_TYPE_LOCAL_LIST_ONLY set. */ - s->type &= ~SV_TYPE_LOCAL_LIST_ONLY; - - if (ok) - { - DEBUG(4,("**SV** %20s %8x %25s %15s\n", - s->name, s->type, s->comment, s->domain)); - - s->server_added = True; - count++; - } - else - { - DEBUG(4,("%20s %8x %25s %15s\n", - s->name, s->type, s->comment, s->domain)); - } - } - - file_lines_free(lines); - return(count); -} - - -/******************************************************************* - fill in a server info structure - ******************************************************************/ -static int fill_srv_info(struct srv_info_struct *service, - int uLevel, char **buf, int *buflen, - char **stringbuf, int *stringspace, char *baseaddr) -{ - int struct_len; - char* p; - char* p2; - int l2; - int len; - - switch (uLevel) { - case 0: struct_len = 16; break; - case 1: struct_len = 26; break; - default: return -1; - } - - if (!buf) - { - len = 0; - switch (uLevel) - { - case 1: - len = strlen(service->comment)+1; - break; - } - - if (buflen) *buflen = struct_len; - if (stringspace) *stringspace = len; - return struct_len + len; - } - - len = struct_len; - p = *buf; - if (*buflen < struct_len) return -1; - if (stringbuf) - { - p2 = *stringbuf; - l2 = *stringspace; - } - else - { - p2 = p + struct_len; - l2 = *buflen - struct_len; - } - if (!baseaddr) baseaddr = p; - - switch (uLevel) - { - case 0: - StrnCpy(p,service->name,15); - break; - - case 1: - StrnCpy(p,service->name,15); - SIVAL(p,18,service->type); - SIVAL(p,22,PTR_DIFF(p2,baseaddr)); - len += CopyAndAdvance(&p2,service->comment,&l2); - break; - } - - if (stringbuf) - { - *buf = p + struct_len; - *buflen -= struct_len; - *stringbuf = p2; - *stringspace = l2; - } - else - { - *buf = p2; - *buflen -= len; - } - return len; -} - - -static BOOL srv_comp(struct srv_info_struct *s1,struct srv_info_struct *s2) -{ - return(strcmp(s1->name,s2->name)); -} - -/**************************************************************************** - view list of servers available (or possibly domains). The info is - extracted from lists saved by nmbd on the local host - ****************************************************************************/ -static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param, char *data, - int mdrcnt, int mprcnt, char **rdata, - char **rparam, int *rdata_len, int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - int buf_len = SVAL(p,2); - uint32 servertype = IVAL(p,4); - char *p2; - int data_len, fixed_len, string_len; - int f_len = 0, s_len = 0; - struct srv_info_struct *servers=NULL; - int counted=0,total=0; - int i,missed; - fstring domain; - BOOL domain_request; - BOOL local_request; - - /* If someone sets all the bits they don't really mean to set - DOMAIN_ENUM and LOCAL_LIST_ONLY, they just want all the - known servers. */ - - if (servertype == SV_TYPE_ALL) - servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY); - - /* If someone sets SV_TYPE_LOCAL_LIST_ONLY but hasn't set - any other bit (they may just set this bit on it's own) they - want all the locally seen servers. However this bit can be - set on its own so set the requested servers to be - ALL - DOMAIN_ENUM. */ - - if ((servertype & SV_TYPE_LOCAL_LIST_ONLY) && !(servertype & SV_TYPE_DOMAIN_ENUM)) - servertype = SV_TYPE_ALL & ~(SV_TYPE_DOMAIN_ENUM); - - domain_request = ((servertype & SV_TYPE_DOMAIN_ENUM) != 0); - local_request = ((servertype & SV_TYPE_LOCAL_LIST_ONLY) != 0); - - p += 8; - - if (!prefix_ok(str1,"WrLehD")) return False; - if (!check_server_info(uLevel,str2)) return False; - - DEBUG(4, ("server request level: %s %8x ", str2, servertype)); - DEBUG(4, ("domains_req:%s ", BOOLSTR(domain_request))); - DEBUG(4, ("local_only:%s\n", BOOLSTR(local_request))); - - if (strcmp(str1, "WrLehDz") == 0) { - StrnCpy(domain, p, sizeof(fstring)-1); - } else { - StrnCpy(domain, global_myworkgroup, sizeof(fstring)-1); - } - - if (lp_browse_list()) - total = get_server_info(servertype,&servers,domain); - - data_len = fixed_len = string_len = 0; - missed = 0; - - qsort(servers,total,sizeof(servers[0]),QSORT_CAST srv_comp); - - { - char *lastname=NULL; - - for (i=0;iname)) continue; - lastname = s->name; - data_len += fill_srv_info(s,uLevel,0,&f_len,0,&s_len,0); - DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", - s->name, s->type, s->comment, s->domain)); - - if (data_len <= buf_len) { - counted++; - fixed_len += f_len; - string_len += s_len; - } else { - missed++; - } - } - } - - *rdata_len = fixed_len + string_len; - *rdata = REALLOC(*rdata,*rdata_len); - memset(*rdata,'\0',*rdata_len); - - p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */ - p = *rdata; - f_len = fixed_len; - s_len = string_len; - - { - char *lastname=NULL; - int count2 = counted; - for (i = 0; i < total && count2;i++) - { - struct srv_info_struct *s = &servers[i]; - if (lastname && strequal(lastname,s->name)) continue; - lastname = s->name; - fill_srv_info(s,uLevel,&p,&f_len,&p2,&s_len,*rdata); - DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n", - s->name, s->type, s->comment, s->domain)); - count2--; - } - } - - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata)); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,counted); - SSVAL(*rparam,6,counted+missed); - - if (servers) free(servers); - - DEBUG(3,("NetServerEnum domain = %s uLevel=%d counted=%d total=%d\n", - domain,uLevel,counted,counted+missed)); - - return(True); -} - -/**************************************************************************** - command 0x34 - suspected of being a "Lookup Names" stub api - ****************************************************************************/ -static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *param, char *data, - int mdrcnt, int mprcnt, char **rdata, - char **rparam, int *rdata_len, int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - int buf_len = SVAL(p,2); - int counted=0; - int missed=0; - - DEBUG(5,("RNetGroupGetUsers: %s %s %s %d %d\n", - str1, str2, p, uLevel, buf_len)); - - if (!prefix_ok(str1,"zWrLeh")) return False; - - *rdata_len = 0; - - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - - SSVAL(*rparam,0,0x08AC); /* informational warning message */ - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,counted); - SSVAL(*rparam,6,counted+missed); - - return(True); -} - -/**************************************************************************** - get info about a share - ****************************************************************************/ -static BOOL check_share_info(int uLevel, char* id) -{ - switch( uLevel ) { - case 0: - if (strcmp(id,"B13") != 0) return False; - break; - case 1: - if (strcmp(id,"B13BWz") != 0) return False; - break; - case 2: - if (strcmp(id,"B13BWzWWWzB9B") != 0) return False; - break; - case 91: - if (strcmp(id,"B13BWzWWWzB9BB9BWzWWzWW") != 0) return False; - break; - default: return False; - } - return True; -} - -static int fill_share_info(connection_struct *conn, int snum, int uLevel, - char** buf, int* buflen, - char** stringbuf, int* stringspace, char* baseaddr) -{ - int struct_len; - char* p; - char* p2; - int l2; - int len; - - switch( uLevel ) { - case 0: struct_len = 13; break; - case 1: struct_len = 20; break; - case 2: struct_len = 40; break; - case 91: struct_len = 68; break; - default: return -1; - } - - - if (!buf) - { - len = 0; - if (uLevel > 0) len += StrlenExpanded(conn,snum,lp_comment(snum)); - if (uLevel > 1) len += strlen(lp_pathname(snum)) + 1; - if (buflen) *buflen = struct_len; - if (stringspace) *stringspace = len; - return struct_len + len; - } - - len = struct_len; - p = *buf; - if ((*buflen) < struct_len) return -1; - if (stringbuf) - { - p2 = *stringbuf; - l2 = *stringspace; - } - else - { - p2 = p + struct_len; - l2 = (*buflen) - struct_len; - } - if (!baseaddr) baseaddr = p; - - StrnCpy(p,lp_servicename(snum),13); - - if (uLevel > 0) - { - int type; - CVAL(p,13) = 0; - type = STYPE_DISKTREE; - if (lp_print_ok(snum)) type = STYPE_PRINTQ; - if (strequal("IPC$",lp_servicename(snum))) type = STYPE_IPC; - SSVAL(p,14,type); /* device type */ - SIVAL(p,16,PTR_DIFF(p2,baseaddr)); - len += CopyExpanded(conn,snum,&p2,lp_comment(snum),&l2); - } - - if (uLevel > 1) - { - SSVAL(p,20,ACCESS_READ|ACCESS_WRITE|ACCESS_CREATE); /* permissions */ - SSVALS(p,22,-1); /* max uses */ - SSVAL(p,24,1); /* current uses */ - SIVAL(p,26,PTR_DIFF(p2,baseaddr)); /* local pathname */ - len += CopyAndAdvance(&p2,lp_pathname(snum),&l2); - memset(p+30,0,SHPWLEN+2); /* passwd (reserved), pad field */ - } - - if (uLevel > 2) - { - memset(p+40,0,SHPWLEN+2); - SSVAL(p,50,0); - SIVAL(p,52,0); - SSVAL(p,56,0); - SSVAL(p,58,0); - SIVAL(p,60,0); - SSVAL(p,64,0); - SSVAL(p,66,0); - } - - if (stringbuf) - { - (*buf) = p + struct_len; - (*buflen) -= struct_len; - (*stringbuf) = p2; - (*stringspace) = l2; - } - else - { - (*buf) = p2; - (*buflen) -= len; - } - return len; -} - -static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *netname = skip_string(str2,1); - char *p = skip_string(netname,1); - int uLevel = SVAL(p,0); - int snum = find_service(netname); - - if (snum < 0) return False; - - /* check it's a supported varient */ - if (!prefix_ok(str1,"zWrLh")) return False; - if (!check_share_info(uLevel,str2)) return False; - - *rdata = REALLOC(*rdata,mdrcnt); - p = *rdata; - *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0); - if (*rdata_len < 0) return False; - - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - SSVAL(*rparam,4,*rdata_len); - - return(True); -} - -/**************************************************************************** - view list of shares available - ****************************************************************************/ -static BOOL api_RNetShareEnum(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - int buf_len = SVAL(p,2); - char *p2; - int count=lp_numservices(); - int total=0,counted=0; - BOOL missed = False; - int i; - int data_len, fixed_len, string_len; - int f_len = 0, s_len = 0; - - if (!prefix_ok(str1,"WrLeh")) return False; - if (!check_share_info(uLevel,str2)) return False; - - data_len = fixed_len = string_len = 0; - for (i=0;itm_hour; - CVAL(p,9) = t->tm_min; - CVAL(p,10) = t->tm_sec; - CVAL(p,11) = 0; /* hundredths of seconds */ - SSVALS(p,12,TimeDiff(unixdate)/60); /* timezone in minutes from GMT */ - SSVAL(p,14,10000); /* timer interval in 0.0001 of sec */ - CVAL(p,16) = t->tm_mday; - CVAL(p,17) = t->tm_mon + 1; - SSVAL(p,18,1900+t->tm_year); - CVAL(p,20) = t->tm_wday; - } - - - return(True); -} - -/**************************************************************************** - Set the user password. -*****************************************************************************/ - -static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *p = skip_string(param+2,2); - fstring user; - fstring pass1,pass2; - - fstrcpy(user,p); - - p = skip_string(p,1); - - memset(pass1,'\0',sizeof(pass1)); - memset(pass2,'\0',sizeof(pass2)); - memcpy(pass1,p,16); - memcpy(pass2,p+16,16); - - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); - - *rdata_len = 0; - - SSVAL(*rparam,0,NERR_badpass); - SSVAL(*rparam,2,0); /* converter word */ - - DEBUG(3,("Set password for <%s>\n",user)); - - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam( user, True); - - /* - * Attempt to verify the old password against smbpasswd entries - * Win98 clients send old and new password in plaintext for this call. - */ - - { - fstring saved_pass2; - struct smb_passwd *smbpw = NULL; - - /* - * Save the new password as change_oem_password overwrites it - * with zeros. - */ - - fstrcpy(saved_pass2, pass2); - - if (check_plaintext_password(user,pass1,strlen(pass1),&smbpw) && - change_oem_password(smbpw,pass2,False)) - { - SSVAL(*rparam,0,NERR_Success); - - /* - * If unix password sync was requested, attempt to change - * the /etc/passwd database also. Return failure if this cannot - * be done. - */ - - if(lp_unix_password_sync() && !chgpasswd(user,pass1,saved_pass2,False)) - SSVAL(*rparam,0,NERR_badpass); - } - } - - /* - * If the above failed, attempt the plaintext password change. - * This tests against the /etc/passwd database only. - */ - - if(SVAL(*rparam,0) != NERR_Success) - { - if (password_ok(user, pass1,strlen(pass1),NULL) && - chgpasswd(user,pass1,pass2,False)) - { - SSVAL(*rparam,0,NERR_Success); - } - } - - /* - * If the plaintext change failed, attempt - * the old encrypted method. NT will generate this - * after trying the samr method. Note that this - * method is done as a last resort as this - * password change method loses the NT password hash - * and cannot change the UNIX password as no plaintext - * is received. - */ - - if(SVAL(*rparam,0) != NERR_Success) - { - struct smb_passwd *sampw = NULL; - - if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) && - change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2)) - { - SSVAL(*rparam,0,NERR_Success); - } - } - - memset((char *)pass1,'\0',sizeof(fstring)); - memset((char *)pass2,'\0',sizeof(fstring)); - - return(True); -} - -/**************************************************************************** - Set the user password (SamOEM version - gets plaintext). -****************************************************************************/ - -static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - fstring user; - char *p = param + 2; - *rparam_len = 2; - *rparam = REALLOC(*rparam,*rparam_len); - - *rdata_len = 0; - - SSVAL(*rparam,0,NERR_badpass); - - /* - * Check the parameter definition is correct. - */ - if(!strequal(param + 2, "zsT")) { - DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", param + 2)); - return False; - } - p = skip_string(p, 1); - - if(!strequal(p, "B516B16")) { - DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %s\n", p)); - return False; - } - p = skip_string(p,1); - - fstrcpy(user,p); - p = skip_string(p,1); - - DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user)); - - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam( user, True); - - if (pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL)) - { - SSVAL(*rparam,0,NERR_Success); - } - - return(True); -} - -/**************************************************************************** - delete a print job - Form: <> - ****************************************************************************/ -static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - int function = SVAL(param,0); - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int jobid, errcode; - - jobid = SVAL(p,0); - - /* check it's a supported varient */ - if (!(strcsequal(str1,"W") && strcsequal(str2,""))) - return(False); - - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); - *rdata_len = 0; - - if (!print_job_exists(jobid)) { - errcode = NERR_JobNotFound; - goto out; - } - - errcode = NERR_notsupported; - - switch (function) { - case 81: /* delete */ - if (print_job_delete(jobid)) errcode = NERR_Success; - break; - case 82: /* pause */ - if (print_job_pause(jobid)) errcode = NERR_Success; - break; - case 83: /* resume */ - if (print_job_resume(jobid)) errcode = NERR_Success; - break; - } - - out: - SSVAL(*rparam,0,errcode); - SSVAL(*rparam,2,0); /* converter word */ - - return(True); -} - -/**************************************************************************** - Purge a print queue - or pause or resume it. - ****************************************************************************/ -static BOOL api_WPrintQueuePurge(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - int function = SVAL(param,0); - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *QueueName = skip_string(str2,1); - int errcode = NERR_notsupported; - int snum; - - /* check it's a supported varient */ - if (!(strcsequal(str1,"z") && strcsequal(str2,""))) - return(False); - - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); - *rdata_len = 0; - - snum = print_queue_snum(QueueName); - - if (snum == -1) { - errcode = NERR_JobNotFound; - goto out; - } - - switch (function) { - case 74: /* Pause queue */ - if (print_queue_pause(snum)) errcode = NERR_Success; - break; - case 75: /* Resume queue */ - if (print_queue_resume(snum)) errcode = NERR_Success; - break; - case 103: /* Purge */ - if (print_queue_purge(snum)) errcode = NERR_Success; - break; - } - - out: - SSVAL(*rparam,0,errcode); - SSVAL(*rparam,2,0); /* converter word */ - - return(True); -} - - -/**************************************************************************** - set the property of a print job (undocumented?) - ? function = 0xb -> set name of print job - ? function = 0x6 -> move print job up/down - Form: - or -****************************************************************************/ -static int check_printjob_info(struct pack_desc* desc, - int uLevel, char* id) -{ - desc->subformat = NULL; - switch( uLevel ) { - case 0: desc->format = "W"; break; - case 1: desc->format = "WB21BB16B10zWWzDDz"; break; - case 2: desc->format = "WWzWWDDzz"; break; - case 3: desc->format = "WWzWWDDzzzzzzzzzzlz"; break; - default: return False; - } - if (strcmp(desc->format,id) != 0) return False; - return True; -} - -static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - struct pack_desc desc; - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int jobid; - int uLevel = SVAL(p,2); - int function = SVAL(p,4); - int place, errcode; - - jobid = SVAL(p,0); - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); - - *rdata_len = 0; - - /* check it's a supported varient */ - if ((strcmp(str1,"WWsTP")) || - (!check_printjob_info(&desc,uLevel,str2))) - return(False); - - if (!print_job_exists(jobid)) { - errcode=NERR_JobNotFound; - goto out; - } - - errcode = NERR_notsupported; - - switch (function) { - case 0x6: - /* change job place in the queue, - data gives the new place */ - place = SVAL(data,0); - if (print_job_set_place(jobid, place)) { - errcode=NERR_Success; - } - break; - - case 0xb: - /* change print job name, data gives the name */ - if (print_job_set_name(jobid, data)) { - errcode=NERR_Success; - } - break; - - default: - return False; - } - - out: - SSVALS(*rparam,0,errcode); - SSVAL(*rparam,2,0); /* converter word */ - - return(True); -} - - -/**************************************************************************** - get info about the server - ****************************************************************************/ -static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - char *p2; - int struct_len; - - DEBUG(4,("NetServerGetInfo level %d\n",uLevel)); - - /* check it's a supported varient */ - if (!prefix_ok(str1,"WrLh")) return False; - switch( uLevel ) { - case 0: - if (strcmp(str2,"B16") != 0) return False; - struct_len = 16; - break; - case 1: - if (strcmp(str2,"B16BBDz") != 0) return False; - struct_len = 26; - break; - case 2: - if (strcmp(str2,"B16BBDzDDDWWzWWWWWWWBB21zWWWWWWWWWWWWWWWWWWWWWWz") - != 0) return False; - struct_len = 134; - break; - case 3: - if (strcmp(str2,"B16BBDzDDDWWzWWWWWWWBB21zWWWWWWWWWWWWWWWWWWWWWWzDWz") - != 0) return False; - struct_len = 144; - break; - case 20: - if (strcmp(str2,"DN") != 0) return False; - struct_len = 6; - break; - case 50: - if (strcmp(str2,"B16BBDzWWzzz") != 0) return False; - struct_len = 42; - break; - default: return False; - } - - *rdata_len = mdrcnt; - *rdata = REALLOC(*rdata,*rdata_len); - - p = *rdata; - p2 = p + struct_len; - if (uLevel != 20) { - StrnCpy(p,local_machine,16); - strupper(p); - } - p += 16; - if (uLevel > 0) - { - struct srv_info_struct *servers=NULL; - int i,count; - pstring comment; - uint32 servertype= lp_default_server_announce(); - - pstrcpy(comment,string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH)); - - if ((count=get_server_info(SV_TYPE_ALL,&servers,global_myworkgroup))>0) { - for (i=0;i 1) - { - return False; /* not yet implemented */ - } - - *rdata_len = PTR_DIFF(p2,*rdata); - - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - SSVAL(*rparam,4,*rdata_len); - - return(True); -} - - -/**************************************************************************** - get info about the server - ****************************************************************************/ -static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - char *p2; - extern pstring sesssetup_user; - int level = SVAL(p,0); - - DEBUG(4,("NetWkstaGetInfo level %d\n",level)); - - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - - /* check it's a supported varient */ - if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) - return(False); - - *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); - - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - - p = *rdata; - p2 = p + 22; - - - SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* host name */ - pstrcpy(p2,local_machine); - strupper(p2); - p2 = skip_string(p2,1); - p += 4; - - SIVAL(p,0,PTR_DIFF(p2,*rdata)); - pstrcpy(p2,sesssetup_user); - p2 = skip_string(p2,1); - p += 4; - - SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */ - pstrcpy(p2,global_myworkgroup); - strupper(p2); - p2 = skip_string(p2,1); - p += 4; - - SCVAL(p,0,lp_major_announce_version()); /* system version - e.g 4 in 4.1 */ - SCVAL(p,1,lp_minor_announce_version()); /* system version - e.g .1 in 4.1 */ - p += 2; - - SIVAL(p,0,PTR_DIFF(p2,*rdata)); - pstrcpy(p2,global_myworkgroup); /* don't know. login domain?? */ - p2 = skip_string(p2,1); - p += 4; - - SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* don't know */ - pstrcpy(p2,""); - p2 = skip_string(p2,1); - p += 4; - - *rdata_len = PTR_DIFF(p2,*rdata); - - SSVAL(*rparam,4,*rdata_len); - - return(True); -} - -/**************************************************************************** - get info about a user - - struct user_info_11 { - char usri11_name[21]; 0-20 - char usri11_pad; 21 - char *usri11_comment; 22-25 - char *usri11_usr_comment; 26-29 - unsigned short usri11_priv; 30-31 - unsigned long usri11_auth_flags; 32-35 - long usri11_password_age; 36-39 - char *usri11_homedir; 40-43 - char *usri11_parms; 44-47 - long usri11_last_logon; 48-51 - long usri11_last_logoff; 52-55 - unsigned short usri11_bad_pw_count; 56-57 - unsigned short usri11_num_logons; 58-59 - char *usri11_logon_server; 60-63 - unsigned short usri11_country_code; 64-65 - char *usri11_workstations; 66-69 - unsigned long usri11_max_storage; 70-73 - unsigned short usri11_units_per_week; 74-75 - unsigned char *usri11_logon_hours; 76-79 - unsigned short usri11_code_page; 80-81 - }; - -where: - - usri11_name specifies the user name for which information is retireved - - usri11_pad aligns the next data structure element to a word boundary - - usri11_comment is a null terminated ASCII comment - - usri11_user_comment is a null terminated ASCII comment about the user - - usri11_priv specifies the level of the privilege assigned to the user. - The possible values are: - -Name Value Description -USER_PRIV_GUEST 0 Guest privilege -USER_PRIV_USER 1 User privilege -USER_PRV_ADMIN 2 Administrator privilege - - usri11_auth_flags specifies the account operator privileges. The - possible values are: - -Name Value Description -AF_OP_PRINT 0 Print operator - - -Leach, Naik [Page 28] - - -INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997 - - -AF_OP_COMM 1 Communications operator -AF_OP_SERVER 2 Server operator -AF_OP_ACCOUNTS 3 Accounts operator - - - usri11_password_age specifies how many seconds have elapsed since the - password was last changed. - - usri11_home_dir points to a null terminated ASCII string that contains - the path name of the user's home directory. - - usri11_parms points to a null terminated ASCII string that is set - aside for use by applications. - - usri11_last_logon specifies the time when the user last logged on. - This value is stored as the number of seconds elapsed since - 00:00:00, January 1, 1970. - - usri11_last_logoff specifies the time when the user last logged off. - This value is stored as the number of seconds elapsed since - 00:00:00, January 1, 1970. A value of 0 means the last logoff - time is unknown. - - usri11_bad_pw_count specifies the number of incorrect passwords - entered since the last successful logon. - - usri11_log1_num_logons specifies the number of times this user has - logged on. A value of -1 means the number of logons is unknown. - - usri11_logon_server points to a null terminated ASCII string that - contains the name of the server to which logon requests are sent. - A null string indicates logon requests should be sent to the - domain controller. - - usri11_country_code specifies the country code for the user's language - of choice. - - usri11_workstations points to a null terminated ASCII string that - contains the names of workstations the user may log on from. - There may be up to 8 workstations, with the names separated by - commas. A null strings indicates there are no restrictions. - - usri11_max_storage specifies the maximum amount of disk space the user - can occupy. A value of 0xffffffff indicates there are no - restrictions. - - usri11_units_per_week specifies the equal number of time units into - which a week is divided. This value must be equal to 168. - - usri11_logon_hours points to a 21 byte (168 bits) string that - specifies the time during which the user can log on. Each bit - represents one unique hour in a week. The first bit (bit 0, word - 0) is Sunday, 0:00 to 0:59, the second bit (bit 1, word 0) is - - - -Leach, Naik [Page 29] - - -INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997 - - - Sunday, 1:00 to 1:59 and so on. A null pointer indicates there - are no restrictions. - - usri11_code_page specifies the code page for the user's language of - choice - -All of the pointers in this data structure need to be treated -specially. The pointer is a 32 bit pointer. The higher 16 bits need -to be ignored. The converter word returned in the parameters section -needs to be subtracted from the lower 16 bits to calculate an offset -into the return buffer where this ASCII string resides. - -There is no auxiliary data in the response. - - ****************************************************************************/ - -#define usri11_name 0 -#define usri11_pad 21 -#define usri11_comment 22 -#define usri11_usr_comment 26 -#define usri11_full_name 30 -#define usri11_priv 34 -#define usri11_auth_flags 36 -#define usri11_password_age 40 -#define usri11_homedir 44 -#define usri11_parms 48 -#define usri11_last_logon 52 -#define usri11_last_logoff 56 -#define usri11_bad_pw_count 60 -#define usri11_num_logons 62 -#define usri11_logon_server 64 -#define usri11_country_code 68 -#define usri11_workstations 70 -#define usri11_max_storage 74 -#define usri11_units_per_week 78 -#define usri11_logon_hours 80 -#define usri11_code_page 84 -#define usri11_end 86 - -#define USER_PRIV_GUEST 0 -#define USER_PRIV_USER 1 -#define USER_PRIV_ADMIN 2 - -#define AF_OP_PRINT 0 -#define AF_OP_COMM 1 -#define AF_OP_SERVER 2 -#define AF_OP_ACCOUNTS 3 - - -static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *UserName = skip_string(str2,1); - char *p = skip_string(UserName,1); - int uLevel = SVAL(p,0); - char *p2; - - /* get NIS home of a previously validated user - simeon */ - /* With share level security vuid will always be zero. - Don't depend on vuser being non-null !!. JRA */ - user_struct *vuser = get_valid_user_struct(vuid); - if(vuser != NULL) - DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->uid, vuser->name)); - - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - - DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel)); - - /* check it's a supported variant */ - if (strcmp(str1,"zWrLh") != 0) return False; - switch( uLevel ) - { - case 0: p2 = "B21"; break; - case 1: p2 = "B21BB16DWzzWz"; break; - case 2: p2 = "B21BB16DWzzWzDzzzzDDDDWb21WWzWW"; break; - case 10: p2 = "B21Bzzz"; break; - case 11: p2 = "B21BzzzWDDzzDDWWzWzDWb21W"; break; - default: return False; - } - - if (strcmp(p2,str2) != 0) return False; - - *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); - - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - - p = *rdata; - p2 = p + usri11_end; - - memset(p,0,21); - fstrcpy(p+usri11_name,UserName); /* 21 bytes - user name */ - - if (uLevel > 0) - { - SCVAL(p,usri11_pad,0); /* padding - 1 byte */ - *p2 = 0; - } - if (uLevel >= 10) - { - SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */ - pstrcpy(p2,"Comment"); - p2 = skip_string(p2,1); - - SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */ - pstrcpy(p2,"UserComment"); - p2 = skip_string(p2,1); - - /* EEK! the cifsrap.txt doesn't have this in!!!! */ - SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ - pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); - p2 = skip_string(p2,1); - } - - if (uLevel == 11) /* modelled after NTAS 3.51 reply */ - { - SSVAL(p,usri11_priv,conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); - SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ - SIVALS(p,usri11_password_age,-1); /* password age */ - SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - pstrcpy(p2, lp_logon_home()); - p2 = skip_string(p2,1); - SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ - pstrcpy(p2,""); - p2 = skip_string(p2,1); - SIVAL(p,usri11_last_logon,0); /* last logon */ - SIVAL(p,usri11_last_logoff,0); /* last logoff */ - SSVALS(p,usri11_bad_pw_count,-1); /* bad pw counts */ - SSVALS(p,usri11_num_logons,-1); /* num logons */ - SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */ - pstrcpy(p2,"\\\\*"); - p2 = skip_string(p2,1); - SSVAL(p,usri11_country_code,0); /* country code */ - - SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */ - pstrcpy(p2,""); - p2 = skip_string(p2,1); - - SIVALS(p,usri11_max_storage,-1); /* max storage */ - SSVAL(p,usri11_units_per_week,168); /* units per week */ - SIVAL(p,usri11_logon_hours,PTR_DIFF(p2,p)); /* logon hours */ - - /* a simple way to get logon hours at all times. */ - memset(p2,0xff,21); - SCVAL(p2,21,0); /* fix zero termination */ - p2 = skip_string(p2,1); - - SSVAL(p,usri11_code_page,0); /* code page */ - } - if (uLevel == 1 || uLevel == 2) - { - memset(p+22,' ',16); /* password */ - SIVALS(p,38,-1); /* password age */ - SSVAL(p,42, - conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); - SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - pstrcpy(p2,lp_logon_home()); - p2 = skip_string(p2,1); - SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ - *p2++ = 0; - SSVAL(p,52,0); /* flags */ - SIVAL(p,54,PTR_DIFF(p2,*rdata)); /* script_path */ - pstrcpy(p2,lp_logon_script()); - standard_sub_conn( conn, p2 ); - p2 = skip_string(p2,1); - if (uLevel == 2) - { - SIVAL(p,60,0); /* auth_flags */ - SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ - pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); - p2 = skip_string(p2,1); - SIVAL(p,68,0); /* urs_comment */ - SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ - pstrcpy(p2,""); - p2 = skip_string(p2,1); - SIVAL(p,76,0); /* workstations */ - SIVAL(p,80,0); /* last_logon */ - SIVAL(p,84,0); /* last_logoff */ - SIVALS(p,88,-1); /* acct_expires */ - SIVALS(p,92,-1); /* max_storage */ - SSVAL(p,96,168); /* units_per_week */ - SIVAL(p,98,PTR_DIFF(p2,*rdata)); /* logon_hours */ - memset(p2,-1,21); - p2 += 21; - SSVALS(p,102,-1); /* bad_pw_count */ - SSVALS(p,104,-1); /* num_logons */ - SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ - pstrcpy(p2,"\\\\%L"); - standard_sub_conn(conn, p2); - p2 = skip_string(p2,1); - SSVAL(p,110,49); /* country_code */ - SSVAL(p,112,860); /* code page */ - } - } +extern int DEBUGLEVEL; +extern int max_send; - *rdata_len = PTR_DIFF(p2,*rdata); +extern fstring local_machine; - SSVAL(*rparam,4,*rdata_len); /* is this right?? */ +#define NERR_notsupported 50 - return(True); -} +extern int smb_read_error; /******************************************************************* - get groups that a user is a member of - ******************************************************************/ -static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *UserName = skip_string(str2,1); - char *p = skip_string(UserName,1); - int uLevel = SVAL(p,0); - char *p2; - int count=0; - - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - - /* check it's a supported varient */ - if (strcmp(str1,"zWrLeh") != 0) return False; - switch( uLevel ) { - case 0: p2 = "B21"; break; - default: return False; - } - if (strcmp(p2,str2) != 0) return False; - - *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); - - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - - p = *rdata; - - /* XXXX we need a real SAM database some day */ - pstrcpy(p,"Users"); p += 21; count++; - pstrcpy(p,"Domain Users"); p += 21; count++; - pstrcpy(p,"Guests"); p += 21; count++; - pstrcpy(p,"Domain Guests"); p += 21; count++; - - *rdata_len = PTR_DIFF(p,*rdata); - - SSVAL(*rparam,4,count); /* is this right?? */ - SSVAL(*rparam,6,count); /* is this right?? */ + copies parameters and data, as needed, into the smb buffer - return(True); -} + *both* the data and params sections should be aligned. this + is fudged in the rpc pipes by + at present, only the data section is. this may be a possible + cause of some of the ipc problems being experienced. lkcl26dec97 + ******************************************************************/ -static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) +static void copy_trans_params_and_data(char *outbuf, int align, + char *rparam, int param_offset, int param_len, + char *rdata, int data_offset, int data_len) { - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel; - struct pack_desc desc; - char* name; - - uLevel = SVAL(p,0); - name = p + 2; - - memset((char *)&desc,'\0',sizeof(desc)); - - DEBUG(3,("WWkstaUserLogon uLevel=%d name=%s\n",uLevel,name)); - - /* check it's a supported varient */ - if (strcmp(str1,"OOWb54WrLh") != 0) return False; - if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - desc.subformat = NULL; - desc.format = str2; - - if (init_package(&desc,1,0)) - { - PACKI(&desc,"W",0); /* code */ - PACKS(&desc,"B21",name); /* eff. name */ - PACKS(&desc,"B",""); /* pad */ - PACKI(&desc,"W", - conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); - PACKI(&desc,"D",0); /* auth flags XXX */ - PACKI(&desc,"W",0); /* num logons */ - PACKI(&desc,"W",0); /* bad pw count */ - PACKI(&desc,"D",0); /* last logon */ - PACKI(&desc,"D",-1); /* last logoff */ - PACKI(&desc,"D",-1); /* logoff time */ - PACKI(&desc,"D",-1); /* kickoff time */ - PACKI(&desc,"D",0); /* password age */ - PACKI(&desc,"D",0); /* password can change */ - PACKI(&desc,"D",-1); /* password must change */ - { - fstring mypath; - fstrcpy(mypath,"\\\\"); - fstrcat(mypath,local_machine); - strupper(mypath); - PACKS(&desc,"z",mypath); /* computer */ - } - PACKS(&desc,"z",global_myworkgroup);/* domain */ - -/* JHT - By calling lp_logon_script() and standard_sub() we have */ -/* made sure all macros are fully substituted and available */ - { - pstring logon_script; - pstrcpy(logon_script,lp_logon_script()); - standard_sub_conn( conn, logon_script ); - PACKS(&desc,"z", logon_script); /* script path */ - } -/* End of JHT mods */ - - PACKI(&desc,"D",0x00000000); /* reserved */ - } - - *rdata_len = desc.usedlen; - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,desc.neededlen); - - DEBUG(4,("WWkstaUserLogon: errorcode %d\n",desc.errcode)); - return(True); -} + char *copy_into = smb_buf(outbuf)+1; + if(param_len < 0) + param_len = 0; -/**************************************************************************** - api_WAccessGetUserPerms - ****************************************************************************/ -static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *user = skip_string(str2,1); - char *resource = skip_string(user,1); + if(data_len < 0) + data_len = 0; - DEBUG(3,("WAccessGetUserPerms user=%s resource=%s\n",user,resource)); + DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n", + param_offset, param_offset + param_len, + data_offset , data_offset + data_len)); - /* check it's a supported varient */ - if (strcmp(str1,"zzh") != 0) return False; - if (strcmp(str2,"") != 0) return False; + if (param_len) + memcpy(copy_into, &rparam[param_offset], param_len); - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,0); /* errorcode */ - SSVAL(*rparam,2,0); /* converter word */ - SSVAL(*rparam,4,0x7f); /* permission flags */ + copy_into += param_len + align; - return(True); + if (data_len ) + memcpy(copy_into, &rdata[data_offset], data_len); } /**************************************************************************** - api_WPrintJobEnumerate - ****************************************************************************/ -static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel; - int count; - int i; - int snum; - int job; - struct pack_desc desc; - print_queue_struct *queue=NULL; - print_status_struct status; - - uLevel = SVAL(p,2); - - memset((char *)&desc,'\0',sizeof(desc)); - memset((char *)&status,'\0',sizeof(status)); - - DEBUG(3,("WPrintJobGetInfo uLevel=%d uJobId=0x%X\n",uLevel,SVAL(p,0))); - - /* check it's a supported varient */ - if (strcmp(str1,"WWrLh") != 0) return False; - if (!check_printjob_info(&desc,uLevel,str2)) return False; - - job = SVAL(p,0); - - if (snum < 0 || !VALID_SNUM(snum)) return(False); - - count = print_queue_status(snum,&queue,&status); - for (i = 0; i < count; i++) { - if (queue[i].job == job) break; - } - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - - if (init_package(&desc,1,0)) { - if (i < count) { - fill_printjob_info(conn,snum,uLevel,&desc,&queue[i],i); - *rdata_len = desc.usedlen; - } - else { - desc.errcode = NERR_JobNotFound; - *rdata_len = 0; - } - } - - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,desc.neededlen); - - if (queue) free(queue); - - DEBUG(4,("WPrintJobGetInfo: errorcode %d\n",desc.errcode)); - return(True); -} - -static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - char* name = p; - int uLevel; - int count; - int i, succnt=0; - int snum; - struct pack_desc desc; - print_queue_struct *queue=NULL; - print_status_struct status; - - memset((char *)&desc,'\0',sizeof(desc)); - memset((char *)&status,'\0',sizeof(status)); - - p = skip_string(p,1); - uLevel = SVAL(p,0); - - DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name)); - - /* check it's a supported varient */ - if (strcmp(str1,"zWrLeh") != 0) return False; - if (uLevel > 2) return False; /* defined only for uLevel 0,1,2 */ - if (!check_printjob_info(&desc,uLevel,str2)) return False; - - snum = lp_servicenumber(name); - if (snum < 0 && pcap_printername_ok(name,NULL)) { - int pnum = lp_servicenumber(PRINTERS_NAME); - if (pnum >= 0) { - lp_add_printer(name,pnum); - snum = lp_servicenumber(name); - } - } - - if (snum < 0 || !VALID_SNUM(snum)) return(False); - - count = print_queue_status(snum,&queue,&status); - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - - if (init_package(&desc,count,0)) { - succnt = 0; - for (i = 0; i < count; i++) { - fill_printjob_info(conn,snum,uLevel,&desc,&queue[i],i); - if (desc.errcode == NERR_Success) succnt = i+1; - } - } - - *rdata_len = desc.usedlen; - - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,succnt); - SSVAL(*rparam,6,count); - - if (queue) free(queue); - - DEBUG(4,("WPrintJobEnumerate: errorcode %d\n",desc.errcode)); - return(True); -} - -static int check_printdest_info(struct pack_desc* desc, - int uLevel, char* id) -{ - desc->subformat = NULL; - switch( uLevel ) { - case 0: desc->format = "B9"; break; - case 1: desc->format = "B9B21WWzW"; break; - case 2: desc->format = "z"; break; - case 3: desc->format = "zzzWWzzzWW"; break; - default: return False; - } - if (strcmp(desc->format,id) != 0) return False; - return True; -} - -static void fill_printdest_info(connection_struct *conn, int snum, int uLevel, - struct pack_desc* desc) -{ - char buf[100]; - strncpy(buf,SERVICE(snum),sizeof(buf)-1); - buf[sizeof(buf)-1] = 0; - strupper(buf); - if (uLevel <= 1) { - PACKS(desc,"B9",buf); /* szName */ - if (uLevel == 1) { - PACKS(desc,"B21",""); /* szUserName */ - PACKI(desc,"W",0); /* uJobId */ - PACKI(desc,"W",0); /* fsStatus */ - PACKS(desc,"z",""); /* pszStatus */ - PACKI(desc,"W",0); /* time */ - } - } - if (uLevel == 2 || uLevel == 3) { - PACKS(desc,"z",buf); /* pszPrinterName */ - if (uLevel == 3) { - PACKS(desc,"z",""); /* pszUserName */ - PACKS(desc,"z",""); /* pszLogAddr */ - PACKI(desc,"W",0); /* uJobId */ - PACKI(desc,"W",0); /* fsStatus */ - PACKS(desc,"z",""); /* pszStatus */ - PACKS(desc,"z",""); /* pszComment */ - PACKS(desc,"z","NULL"); /* pszDrivers */ - PACKI(desc,"W",0); /* time */ - PACKI(desc,"W",0); /* pad1 */ - } - } -} - -static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - char* PrinterName = p; - int uLevel; - struct pack_desc desc; - int snum; - - memset((char *)&desc,'\0',sizeof(desc)); - - p = skip_string(p,1); - uLevel = SVAL(p,0); - - DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName)); - - /* check it's a supported varient */ - if (strcmp(str1,"zWrLh") != 0) return False; - if (!check_printdest_info(&desc,uLevel,str2)) return False; - - snum = lp_servicenumber(PrinterName); - if (snum < 0 && pcap_printername_ok(PrinterName,NULL)) { - int pnum = lp_servicenumber(PRINTERS_NAME); - if (pnum >= 0) { - lp_add_printer(PrinterName,pnum); - snum = lp_servicenumber(PrinterName); - } - } - - if (snum < 0) { - *rdata_len = 0; - desc.errcode = NERR_DestNotFound; - desc.neededlen = 0; - } - else { - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - if (init_package(&desc,1,0)) { - fill_printdest_info(conn,snum,uLevel,&desc); - } - *rdata_len = desc.usedlen; - } - - *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,desc.neededlen); - - DEBUG(4,("WPrintDestGetInfo: errorcode %d\n",desc.errcode)); - return(True); -} - -static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel; - int queuecnt; - int i, n, succnt=0; - struct pack_desc desc; - int services = lp_numservices(); - - memset((char *)&desc,'\0',sizeof(desc)); - - uLevel = SVAL(p,0); - - DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel)); - - /* check it's a supported varient */ - if (strcmp(str1,"WrLeh") != 0) return False; - if (!check_printdest_info(&desc,uLevel,str2)) return False; - - queuecnt = 0; - for (i = 0; i < services; i++) - if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) - queuecnt++; - - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - if (init_package(&desc,queuecnt,0)) { - succnt = 0; - n = 0; - for (i = 0; i < services; i++) { - if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) { - fill_printdest_info(conn,i,uLevel,&desc); - n++; - if (desc.errcode == NERR_Success) succnt = n; - } - } - } - - *rdata_len = desc.usedlen; - - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,succnt); - SSVAL(*rparam,6,queuecnt); - - DEBUG(4,("WPrintDestEnumerate: errorcode %d\n",desc.errcode)); - return(True); -} - -static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel; - int succnt; - struct pack_desc desc; - - memset((char *)&desc,'\0',sizeof(desc)); - - uLevel = SVAL(p,0); - - DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel)); - - /* check it's a supported varient */ - if (strcmp(str1,"WrLeh") != 0) return False; - if (uLevel != 0 || strcmp(str2,"B41") != 0) return False; - - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - if (init_package(&desc,1,0)) { - PACKS(&desc,"B41","NULL"); - } - - succnt = (desc.errcode == NERR_Success ? 1 : 0); - - *rdata_len = desc.usedlen; - - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,succnt); - SSVAL(*rparam,6,1); - - DEBUG(4,("WPrintDriverEnum: errorcode %d\n",desc.errcode)); - return(True); -} + Send a trans reply. + ****************************************************************************/ -static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) +void send_trans_reply(char *outbuf, + char *rparam, int rparam_len, + char *rdata, int rdata_len, + BOOL buffer_too_large) { - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel; - int succnt; - struct pack_desc desc; + int this_ldata,this_lparam; + int tot_data_sent = 0; + int tot_param_sent = 0; + int align; - memset((char *)&desc,'\0',sizeof(desc)); + int ldata = rdata ? rdata_len : 0; + int lparam = rparam ? rparam_len : 0; - uLevel = SVAL(p,0); + if (buffer_too_large) + DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata )); - DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel)); + this_lparam = MIN(lparam,max_send - 500); /* hack */ + this_ldata = MIN(ldata,max_send - (500+this_lparam)); - /* check it's a supported varient */ - if (strcmp(str1,"WrLeh") != 0) return False; - if (uLevel != 0 || strcmp(str2,"B13") != 0) return False; + align = ((this_lparam)%4); - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - desc.base = *rdata; - desc.buflen = mdrcnt; - desc.format = str2; - if (init_package(&desc,1,0)) { - PACKS(&desc,"B13","lpd"); - } + set_message(outbuf,10,1+align+this_ldata+this_lparam,True); - succnt = (desc.errcode == NERR_Success ? 1 : 0); + if (buffer_too_large) + { + /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ + SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); + SIVAL(outbuf, smb_rcls, 0x80000000 | NT_STATUS_ACCESS_VIOLATION); + } - *rdata_len = desc.usedlen; + copy_trans_params_and_data(outbuf, align, + rparam, tot_param_sent, this_lparam, + rdata, tot_data_sent, this_ldata); - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,succnt); - SSVAL(*rparam,6,1); + SSVAL(outbuf,smb_vwv0,lparam); + SSVAL(outbuf,smb_vwv1,ldata); + SSVAL(outbuf,smb_vwv3,this_lparam); + SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); + SSVAL(outbuf,smb_vwv5,0); + SSVAL(outbuf,smb_vwv6,this_ldata); + SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); + SSVAL(outbuf,smb_vwv8,0); + SSVAL(outbuf,smb_vwv9,0); - DEBUG(4,("WPrintQProcEnum: errorcode %d\n",desc.errcode)); - return(True); -} + show_msg(outbuf); + send_smb(smbd_server_fd(),outbuf); -static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel; - int succnt; - struct pack_desc desc; + tot_data_sent = this_ldata; + tot_param_sent = this_lparam; - memset((char *)&desc,'\0',sizeof(desc)); + while (tot_data_sent < ldata || tot_param_sent < lparam) + { + this_lparam = MIN(lparam-tot_param_sent, max_send - 500); /* hack */ + this_ldata = MIN(ldata -tot_data_sent, max_send - (500+this_lparam)); - uLevel = SVAL(p,0); + if(this_lparam < 0) + this_lparam = 0; - DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel)); + if(this_ldata < 0) + this_ldata = 0; - /* check it's a supported varient */ - if (strcmp(str1,"WrLeh") != 0) return False; - if (uLevel != 0 || strcmp(str2,"B9") != 0) return False; + align = (this_lparam%4); - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); - memset((char *)&desc,'\0',sizeof(desc)); - desc.base = *rdata; - desc.buflen = mdrcnt; - desc.format = str2; - if (init_package(&desc,1,0)) { - PACKS(&desc,"B13","lp0"); - } + set_message(outbuf,10,1+this_ldata+this_lparam+align,False); - succnt = (desc.errcode == NERR_Success ? 1 : 0); + copy_trans_params_and_data(outbuf, align, + rparam, tot_param_sent, this_lparam, + rdata, tot_data_sent, this_ldata); - *rdata_len = desc.usedlen; + SSVAL(outbuf,smb_vwv3,this_lparam); + SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); + SSVAL(outbuf,smb_vwv5,tot_param_sent); + SSVAL(outbuf,smb_vwv6,this_ldata); + SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); + SSVAL(outbuf,smb_vwv8,tot_data_sent); + SSVAL(outbuf,smb_vwv9,0); - *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); - SSVALS(*rparam,0,desc.errcode); - SSVAL(*rparam,2,0); - SSVAL(*rparam,4,succnt); - SSVAL(*rparam,6,1); + show_msg(outbuf); + send_smb(smbd_server_fd(),outbuf); - DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode)); - return(True); + tot_data_sent += this_ldata; + tot_param_sent += this_lparam; + } } /**************************************************************************** @@ -3303,166 +317,6 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, return -1; } -/**************************************************************************** - The buffer was too small - ****************************************************************************/ - -static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - *rparam_len = MIN(*rparam_len,mprcnt); - *rparam = REALLOC(*rparam,*rparam_len); - - *rdata_len = 0; - - SSVAL(*rparam,0,NERR_BufTooSmall); - - DEBUG(3,("Supplied buffer too small in API command\n")); - - return(True); -} - - -/**************************************************************************** - The request is not supported - ****************************************************************************/ - -static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data, - int mdrcnt,int mprcnt, - char **rdata,char **rparam, - int *rdata_len,int *rparam_len) -{ - *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); - - *rdata_len = 0; - - SSVAL(*rparam,0,NERR_notsupported); - SSVAL(*rparam,2,0); /* converter word */ - - DEBUG(3,("Unsupported API command\n")); - - return(True); -} - - - - -struct -{ - char *name; - int id; - BOOL (*fn)(connection_struct *,uint16,char *,char *, - int,int,char **,char **,int *,int *); - int flags; -} api_commands[] = { - {"RNetShareEnum", 0, api_RNetShareEnum,0}, - {"RNetShareGetInfo", 1, api_RNetShareGetInfo,0}, - {"RNetServerGetInfo", 13, api_RNetServerGetInfo,0}, - {"RNetGroupGetUsers", 52, api_RNetGroupGetUsers,0}, - {"RNetUserGetInfo", 56, api_RNetUserGetInfo,0}, - {"NetUserGetGroups", 59, api_NetUserGetGroups,0}, - {"NetWkstaGetInfo", 63, api_NetWkstaGetInfo,0}, - {"DosPrintQEnum", 69, api_DosPrintQEnum,0}, - {"DosPrintQGetInfo", 70, api_DosPrintQGetInfo,0}, - {"WPrintQueuePause", 74, api_WPrintQueuePurge,0}, - {"WPrintQueueResume", 75, api_WPrintQueuePurge,0}, - {"WPrintJobEnumerate",76, api_WPrintJobEnumerate,0}, - {"WPrintJobGetInfo", 77, api_WPrintJobGetInfo,0}, - {"RDosPrintJobDel", 81, api_RDosPrintJobDel,0}, - {"RDosPrintJobPause", 82, api_RDosPrintJobDel,0}, - {"RDosPrintJobResume",83, api_RDosPrintJobDel,0}, - {"WPrintDestEnum", 84, api_WPrintDestEnum,0}, - {"WPrintDestGetInfo", 85, api_WPrintDestGetInfo,0}, - {"NetRemoteTOD", 91, api_NetRemoteTOD,0}, - {"WPrintQueuePurge", 103, api_WPrintQueuePurge,0}, - {"NetServerEnum", 104, api_RNetServerEnum,0}, - {"WAccessGetUserPerms",105, api_WAccessGetUserPerms,0}, - {"SetUserPassword", 115, api_SetUserPassword,0}, - {"WWkstaUserLogon", 132, api_WWkstaUserLogon,0}, - {"PrintJobInfo", 147, api_PrintJobInfo,0}, - {"WPrintDriverEnum", 205, api_WPrintDriverEnum,0}, - {"WPrintQProcEnum", 206, api_WPrintQProcEnum,0}, - {"WPrintPortEnum", 207, api_WPrintPortEnum,0}, - {"SamOEMChangePassword", 214, api_SamOEMChangePassword,0}, - {NULL, -1, api_Unsupported,0}}; - - -/**************************************************************************** - Handle remote api calls - ****************************************************************************/ - -static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *params, - int tdscnt,int tpscnt,int mdrcnt,int mprcnt) -{ - int api_command; - char *rdata = NULL; - char *rparam = NULL; - int rdata_len = 0; - int rparam_len = 0; - BOOL reply=False; - int i; - - if (!params) { - DEBUG(0,("ERROR: NULL params in api_reply()\n")); - return 0; - } - - api_command = SVAL(params,0); - - DEBUG(3,("Got API command %d of form <%s> <%s> (tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n", - api_command, - params+2, - skip_string(params+2,1), - tdscnt,tpscnt,mdrcnt,mprcnt)); - - for (i=0;api_commands[i].name;i++) { - if (api_commands[i].id == api_command && api_commands[i].fn) { - DEBUG(3,("Doing %s\n",api_commands[i].name)); - break; - } - } - - rdata = (char *)malloc(1024); - if (rdata) - memset(rdata,'\0',1024); - - rparam = (char *)malloc(1024); - if (rparam) - memset(rparam,'\0',1024); - - if(!rdata || !rparam) { - DEBUG(0,("api_reply: malloc fail !\n")); - return -1; - } - - reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt, - &rdata,&rparam,&rdata_len,&rparam_len); - - - if (rdata_len > mdrcnt || - rparam_len > mprcnt) { - reply = api_TooSmall(conn,vuid,params,data,mdrcnt,mprcnt, - &rdata,&rparam,&rdata_len,&rparam_len); - } - - /* if we get False back then it's actually unsupported */ - if (!reply) - api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, - &rdata,&rparam,&rdata_len,&rparam_len); - - send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False); - - if (rdata ) - free(rdata); - if (rparam) - free(rparam); - - return -1; -} - /**************************************************************************** handle named pipe commands ****************************************************************************/ -- cgit From 00e3fe132476fcaed0f4b9bbe74b0a6559c39df0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 25 Apr 2000 14:06:57 +0000 Subject: moved trans2.h and nterr.h into includes.h with all our other includes (This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37) --- source3/smbd/ipc.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f87423c9ca..73addda086 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -27,7 +27,6 @@ */ #include "includes.h" -#include "nterr.h" extern int DEBUGLEVEL; extern int max_send; -- cgit From 49a0e6d5989656c1b3c9c063a20308ca4ee5d73b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 10 May 2000 10:41:59 +0000 Subject: more merging voodoo this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610) --- source3/smbd/ipc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 73addda086..30ac8932aa 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1,3 +1,4 @@ +#define OLD_NTDOMAIN 1 /* Unix SMB/Netbios implementation. Version 1.9. @@ -506,3 +507,4 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int return(outsize); } +#undef OLD_NTDOMAIN -- cgit From 60c04512a0af1656447eeb489452a13adbbd91d4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 12 May 2000 05:25:22 +0000 Subject: fixed error code for buffer_too_large in trans reply (This used to be commit a0a556a36b8ad0f14f97a1b7ccc5d429bf8f950e) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 30ac8932aa..a8c1502e94 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -104,7 +104,7 @@ void send_trans_reply(char *outbuf, { /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); - SIVAL(outbuf, smb_rcls, 0x80000000 | NT_STATUS_ACCESS_VIOLATION); + SIVAL(outbuf, smb_rcls, 0x80000000 | STATUS_BUFFER_OVERFLOW); } copy_trans_params_and_data(outbuf, align, -- cgit From 8719c27726d3412edd0781beb956f48f76a62fb6 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Wed, 11 Oct 2000 05:31:39 +0000 Subject: changes to sync with 2.2. tree .cvsignore remove config.h - not in this directory include/profile.h profile changes lib/messages.c added message to return debug level libsmb/clierror.c cast to get rid of compiler warning libsmb/smbencrypt.c cast to get rid of compiler warning profile/profile.c add flush profile stats changes for profile struct rpc_parse/parse_samr.c fix for compiler warning rpc_server/srv_samr.c cast to get rid of compiler warning smbd/ipc.c profile stats message.c profile stats smbd/negprot.c profile stats smbd/nttrans.c profile stats smbd/trans2.c profile stats utils/smbcontrol.c new flush stats command (This used to be commit bbb24daa25dca4e4b6b1f8942cd84ee3aa1bed8e) --- source3/smbd/ipc.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a8c1502e94..5ade667209 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -374,6 +374,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int int dscnt = SVAL(inbuf,smb_vwv11); int dsoff = SVAL(inbuf,smb_vwv12); int suwcnt = CVAL(inbuf,smb_vwv13); + START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); fstrcpy(name,smb_buf(inbuf)); @@ -385,6 +386,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (tdscnt) { if((data = (char *)malloc(tdscnt)) == NULL) { DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); + END_PROFILE(SMBtrans); return(ERROR(ERRDOS,ERRnomem)); } memcpy(data,smb_base(inbuf)+dsoff,dscnt); @@ -393,6 +395,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (tpscnt) { if((params = (char *)malloc(tpscnt)) == NULL) { DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); + END_PROFILE(SMBtrans); return(ERROR(ERRDOS,ERRnomem)); } memcpy(params,smb_base(inbuf)+psoff,pscnt); @@ -402,6 +405,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int int i; if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16)))); + END_PROFILE(SMBtrans); return(ERROR(ERRDOS,ERRnomem)); } for (i=0;i Date: Sun, 11 Mar 2001 00:32:10 +0000 Subject: Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549) --- source3/smbd/ipc.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 5ade667209..3b9e34b4d7 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* Unix SMB/Netbios implementation. Version 1.9. @@ -517,4 +516,3 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int END_PROFILE(SMBtrans); return(outsize); } -#undef OLD_NTDOMAIN -- cgit From 23e5cf060d282c9ba9bdf49884ce23a13b285aac Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 13 Mar 2001 00:55:19 +0000 Subject: this patch does a number of things: - removes SMB_ALIGNMENT. That macro caused all sorts of problems with getting unicode aligned right in sub-protocols (such as SMBtrans and SMBtrans2). I believe the performance reasons for having SMB_ALIGNMENT has gone away with the new variants of the SMB protocol anyway, as newer commands tend to have their own internal alignment. - fix the locations where we set smb_flg2 to absolute values. We must never do this if we want a hope of coping with unicode. - add initial support for unicode on the wire in smbd. Currently enabled using SMBD_USE_UNICODE environment variable. (This used to be commit b98b1435e9d8f8622444c9ff33082977e661f16b) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3b9e34b4d7..3cc9aca99e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -102,7 +102,7 @@ void send_trans_reply(char *outbuf, if (buffer_too_large) { /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ - SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); + SIVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); SIVAL(outbuf, smb_rcls, 0x80000000 | STATUS_BUFFER_OVERFLOW); } @@ -376,7 +376,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); - fstrcpy(name,smb_buf(inbuf)); + srvstr_pull(inbuf, name, smb_buf(inbuf), sizeof(name), -1, STR_TERMINATE|STR_CONVERT); if (dscnt > tdscnt || pscnt > tpscnt) { exit_server("invalid trans parameters\n"); -- cgit From 88028299c6f059399383f69125eff3b797236c40 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Mar 2001 23:16:39 +0000 Subject: Fix from Jim McDonough of IBM for using Win9x user manager. Jeremy. (This used to be commit f1839d469e1fc6054b407bd8c4d7c505d4212b45) --- source3/smbd/ipc.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3cc9aca99e..1418d3444f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -36,6 +36,7 @@ extern fstring local_machine; #define NERR_notsupported 50 extern int smb_read_error; +extern uint32 global_client_caps; /******************************************************************* copies parameters and data, as needed, into the smb buffer @@ -102,8 +103,14 @@ void send_trans_reply(char *outbuf, if (buffer_too_large) { /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ - SIVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); - SIVAL(outbuf, smb_rcls, 0x80000000 | STATUS_BUFFER_OVERFLOW); + if (!(global_client_caps & (CAP_NT_SMBS | CAP_STATUS32 ))) { + /* Win9x version. */ + SSVAL(outbuf, smb_err, ERRmoredata); + SCVAL(outbuf, smb_rcls, ERRDOS); + } else { + SIVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); + SIVAL(outbuf, smb_rcls, 0x80000000 | STATUS_BUFFER_OVERFLOW); + } } copy_trans_params_and_data(outbuf, align, -- cgit From f63ee18c684af33342de2c5757f9fdf0b7d84997 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Jun 2001 01:38:54 +0000 Subject: *Wonderful* patch from Andrew Bartlett that will help ensure tdb's are cleaned on clients abending connections. Thanks Andrew ! Jeremy. (This used to be commit 1b3977c5367a0b713b194f369abd9872ae01ac2a) --- source3/smbd/ipc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1418d3444f..efad2d27c0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -128,7 +128,8 @@ void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv9,0); show_msg(outbuf); - send_smb(smbd_server_fd(),outbuf); + if (!send_smb(smbd_server_fd(),outbuf)) + exit_server("send_trans_reply: send_smb failed.\n"); tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -161,7 +162,8 @@ void send_trans_reply(char *outbuf, SSVAL(outbuf,smb_vwv9,0); show_msg(outbuf); - send_smb(smbd_server_fd(),outbuf); + if (!send_smb(smbd_server_fd(),outbuf)) + exit_server("send_trans_reply: send_smb failed.\n"); tot_data_sent += this_ldata; tot_param_sent += this_lparam; @@ -424,7 +426,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int of the parameter/data bytes */ outsize = set_message(outbuf,0,0,True); show_msg(outbuf); - send_smb(smbd_server_fd(),outbuf); + if (!send_smb(smbd_server_fd(),outbuf)) + exit_server("reply_trans: send_smb failed.\n"); } /* receive the rest of the trans packet */ -- cgit From f83f2cd4fa3a610a92b17ac8006390cdd1f7ca94 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 29 Jun 2001 01:58:48 +0000 Subject: Win9x weirdness. When setting the named pipe handle state on a Unicode server, Win9x only sends \PIPE instead of \PIPE\. Looks suspiciously like an off-by one bug in the Win9x dce/rpc pipe code. (This used to be commit b4a9079833c261705e18fdcaab752cb5292a078f) --- source3/smbd/ipc.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index efad2d27c0..eb6ccb4fce 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -492,10 +492,18 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int (name[strlen(local_machine)+1] == '\\')) name_offset = strlen(local_machine)+1; - if (strncmp(&name[name_offset],"\\PIPE\\",strlen("\\PIPE\\")) == 0) { + if (strnequal(&name[name_offset], "\\PIPE", strlen("\\PIPE"))) { + name_offset += strlen("\\PIPE"); + + /* Win9x weirdness. When talking to a unicode server Win9x + only sends \PIPE instead of \PIPE\ */ + + if (name[name_offset] == '\\') + name_offset++; + DEBUG(5,("calling named_pipe\n")); outsize = named_pipe(conn,vuid,outbuf, - name+name_offset+strlen("\\PIPE\\"),setup,data,params, + name+name_offset,setup,data,params, suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); } else { DEBUG(3,("invalid pipe name\n")); -- cgit From 87fbb7092b8f8b2f0db0f361c3d625e19de57cd9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:15:53 +0000 Subject: The big character set handling changeover! This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index eb6ccb4fce..e853112bfe 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -385,7 +385,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); - srvstr_pull(inbuf, name, smb_buf(inbuf), sizeof(name), -1, STR_TERMINATE|STR_CONVERT); + srvstr_pull(inbuf, name, smb_buf(inbuf), sizeof(name), -1, STR_TERMINATE); if (dscnt > tdscnt || pscnt > tpscnt) { exit_server("invalid trans parameters\n"); -- cgit From e8e98c9ea0690e3acf1126b50882e59e1056c7b3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Aug 2001 08:19:43 +0000 Subject: converted smbd to use NTSTATUS by default major changes include: - added NSTATUS type - added automatic mapping between dos and nt error codes - changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT() these calls auto-translate to the client error code system - got rid of the cached error code and the writebmpx code We eventually will need to also: - get rid of BOOL, so we don't lose error info - replace all ERROR_DOS() calls with ERROR_NT() calls but that is too much for one night (This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518) --- source3/smbd/ipc.c | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e853112bfe..a323261d88 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -36,7 +36,6 @@ extern fstring local_machine; #define NERR_notsupported 50 extern int smb_read_error; -extern uint32 global_client_caps; /******************************************************************* copies parameters and data, as needed, into the smb buffer @@ -98,21 +97,12 @@ void send_trans_reply(char *outbuf, align = ((this_lparam)%4); - set_message(outbuf,10,1+align+this_ldata+this_lparam,True); - - if (buffer_too_large) - { - /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */ - if (!(global_client_caps & (CAP_NT_SMBS | CAP_STATUS32 ))) { - /* Win9x version. */ - SSVAL(outbuf, smb_err, ERRmoredata); - SCVAL(outbuf, smb_rcls, ERRDOS); - } else { - SIVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); - SIVAL(outbuf, smb_rcls, 0x80000000 | STATUS_BUFFER_OVERFLOW); - } + if (buffer_too_large) { + ERROR_NT(STATUS_BUFFER_OVERFLOW); } + set_message(outbuf,10,1+align+this_ldata+this_lparam,True); + copy_trans_params_and_data(outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); @@ -395,7 +385,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if((data = (char *)malloc(tdscnt)) == NULL) { DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); END_PROFILE(SMBtrans); - return(ERROR(ERRDOS,ERRnomem)); + return(ERROR_DOS(ERRDOS,ERRnomem)); } memcpy(data,smb_base(inbuf)+dsoff,dscnt); } @@ -404,7 +394,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if((params = (char *)malloc(tpscnt)) == NULL) { DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); END_PROFILE(SMBtrans); - return(ERROR(ERRDOS,ERRnomem)); + return(ERROR_DOS(ERRDOS,ERRnomem)); } memcpy(params,smb_base(inbuf)+psoff,pscnt); } @@ -414,7 +404,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16)))); END_PROFILE(SMBtrans); - return(ERROR(ERRDOS,ERRnomem)); + return(ERROR_DOS(ERRDOS,ERRnomem)); } for (i=0;i Date: Mon, 17 Sep 2001 11:25:41 +0000 Subject: move to SAFE_FREE() (This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74) --- source3/smbd/ipc.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a323261d88..b1af01ff4c 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -175,13 +175,13 @@ static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) } if((data_len = read_from_pipe( p, rdata, p->max_trans_reply)) < 0) { - free(rdata); + SAFE_FREE(rdata); return False; } send_trans_reply(outbuf, NULL, 0, rdata, data_len, p->out_data.current_pdu_len > data_len); - free(rdata); + SAFE_FREE(rdata); return True; } @@ -434,12 +434,9 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int DEBUG(0,("reply_trans: %s in getting secondary trans response.\n", (smb_read_error == READ_ERROR) ? "error" : "timeout" )); } - if (params) - free(params); - if (data) - free(data); - if (setup) - free(setup); + SAFE_FREE(params); + SAFE_FREE(data); + SAFE_FREE(setup); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRSRV,ERRerror)); } @@ -501,12 +498,9 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } - if (data) - free(data); - if (params) - free(params); - if (setup) - free(setup); + SAFE_FREE(data); + SAFE_FREE(params); + SAFE_FREE(setup); if (close_on_completion) close_cnum(conn,vuid); -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/smbd/ipc.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b1af01ff4c..93a69255c0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -28,7 +28,6 @@ #include "includes.h" -extern int DEBUGLEVEL; extern int max_send; extern fstring local_machine; -- cgit From d876260d885ad991526544756609ea38e4867028 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 5 Nov 2001 00:02:38 +0000 Subject: Don't put a \n on the end of the arg to exit_server() (This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e) --- source3/smbd/ipc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 93a69255c0..4047ffa8d7 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -118,7 +118,7 @@ void send_trans_reply(char *outbuf, show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("send_trans_reply: send_smb failed.\n"); + exit_server("send_trans_reply: send_smb failed."); tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -152,7 +152,7 @@ void send_trans_reply(char *outbuf, show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("send_trans_reply: send_smb failed.\n"); + exit_server("send_trans_reply: send_smb failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; @@ -377,7 +377,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int srvstr_pull(inbuf, name, smb_buf(inbuf), sizeof(name), -1, STR_TERMINATE); if (dscnt > tdscnt || pscnt > tpscnt) { - exit_server("invalid trans parameters\n"); + exit_server("invalid trans parameters"); } if (tdscnt) { @@ -416,7 +416,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int outsize = set_message(outbuf,0,0,True); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("reply_trans: send_smb failed.\n"); + exit_server("reply_trans: send_smb failed."); } /* receive the rest of the trans packet */ @@ -457,7 +457,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int dscnt += dcnt; if (dscnt > tdscnt || pscnt > tpscnt) { - exit_server("invalid trans parameters\n"); + exit_server("invalid trans parameters"); } if (pcnt) -- cgit From bb6af711b8f9a525b74198abbe7f1c37014ca6f7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 20 Jan 2002 02:40:05 +0000 Subject: This is the current patch from Luke Leighton to add a degree of seperation betwen reading/writing the raw NamedPipe SMB packets and the matching operations inside smbd's RPC components. This patch is designed for no change in behaviour, and my tests hold that to be true. This patch does however allow for the future loadable modules interface to specify function pointers in replacement of the fixed state. The pipes_struct has been split into two peices, with smb_np_struct taking the information that should be generic to where the data ends up. Some other minor changes are made: we get another small helper function in util_sock.c and some of the original code has better failure debugs and variable use. (As per on-list comments). Andrew Bartlett (This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489) --- source3/smbd/ipc.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 4047ffa8d7..f84f3048e9 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -163,8 +163,9 @@ void send_trans_reply(char *outbuf, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) +static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) { + BOOL is_data_outstanding; char *rdata = malloc(p->max_trans_reply); int data_len; @@ -173,12 +174,13 @@ static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) return False; } - if((data_len = read_from_pipe( p, rdata, p->max_trans_reply)) < 0) { + if((data_len = read_from_pipe( p, rdata, p->max_trans_reply, + &is_data_outstanding)) < 0) { SAFE_FREE(rdata); return False; } - send_trans_reply(outbuf, NULL, 0, rdata, data_len, p->out_data.current_pdu_len > data_len); + send_trans_reply(outbuf, NULL, 0, rdata, data_len, is_data_outstanding); SAFE_FREE(rdata); return True; @@ -188,7 +190,7 @@ static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p) WaitNamedPipeHandleState ****************************************************************************/ -static BOOL api_WNPHS(char *outbuf, pipes_struct *p, char *param, int param_len) +static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len) { uint16 priority; @@ -211,7 +213,7 @@ static BOOL api_WNPHS(char *outbuf, pipes_struct *p, char *param, int param_len) SetNamedPipeHandleState ****************************************************************************/ -static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param, int param_len) +static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len) { uint16 id; @@ -259,7 +261,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) { BOOL reply = False; - pipes_struct *p = NULL; + smb_np_struct *p = NULL; int pnum; int subcommand; -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/smbd/ipc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f84f3048e9..c2f3b7b2f0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. Inter-process communication and named pipe handling Copyright (C) Andrew Tridgell 1992-1998 -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c2f3b7b2f0..91b221968f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -375,7 +375,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); - srvstr_pull(inbuf, name, smb_buf(inbuf), sizeof(name), -1, STR_TERMINATE); + srvstr_pull_buf(inbuf, name, smb_buf(inbuf), sizeof(name), STR_TERMINATE); if (dscnt > tdscnt || pscnt > tpscnt) { exit_server("invalid trans parameters"); -- cgit From 1486559181b6c0dd2a02bf05115d5903e2489367 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 7 Nov 2002 14:46:24 +0000 Subject: Stop using hardcoded smbtrans subcommands (This used to be commit 117077b172acbdf0e059feb0d598e99cec481291) --- source3/smbd/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 91b221968f..7fe02dbccf 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -293,17 +293,17 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply)); switch (subcommand) { - case 0x26: + case TRANSACT_DCERPCCMD: /* dce/rpc command */ reply = write_to_pipe(p, data, tdscnt); if (reply) reply = api_rpc_trans_reply(outbuf, p); break; - case 0x53: + case TRANSACT_WAITNAMEDPIPEHANDLESTATE: /* Wait Named Pipe Handle state */ reply = api_WNPHS(outbuf, p, params, tpscnt); break; - case 0x01: + case TRANSACT_SETNAMEDPIPEHANDLESTATE: /* Set Named Pipe Handle state */ reply = api_SNPHS(outbuf, p, params, tpscnt); break; -- cgit From 442a55b6b480a9d594ee0641f46b838cdc209377 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 Mar 2003 00:30:47 +0000 Subject: Found at Connectathon, .NET RC1 arranges trans/trans2/nttrans parameters differently to W2K, cope with this. Jeremy. (This used to be commit 5e2755508f08ecf561348d4edf0a4064732c5213) --- source3/smbd/ipc.c | 101 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 74 insertions(+), 27 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7fe02dbccf..08337c2901 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -360,52 +360,66 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int uint16 *setup=NULL; int outsize = 0; uint16 vuid = SVAL(inbuf,smb_uid); - int tpscnt = SVAL(inbuf,smb_vwv0); - int tdscnt = SVAL(inbuf,smb_vwv1); - int mprcnt = SVAL(inbuf,smb_vwv2); - int mdrcnt = SVAL(inbuf,smb_vwv3); - int msrcnt = CVAL(inbuf,smb_vwv4); + unsigned int tpscnt = SVAL(inbuf,smb_vwv0); + unsigned int tdscnt = SVAL(inbuf,smb_vwv1); + unsigned int mprcnt = SVAL(inbuf,smb_vwv2); + unsigned int mdrcnt = SVAL(inbuf,smb_vwv3); + unsigned int msrcnt = CVAL(inbuf,smb_vwv4); BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0); BOOL one_way = BITSETW(inbuf+smb_vwv5,1); - int pscnt = SVAL(inbuf,smb_vwv9); - int psoff = SVAL(inbuf,smb_vwv10); - int dscnt = SVAL(inbuf,smb_vwv11); - int dsoff = SVAL(inbuf,smb_vwv12); - int suwcnt = CVAL(inbuf,smb_vwv13); + unsigned int pscnt = SVAL(inbuf,smb_vwv9); + unsigned int psoff = SVAL(inbuf,smb_vwv10); + unsigned int dscnt = SVAL(inbuf,smb_vwv11); + unsigned int dsoff = SVAL(inbuf,smb_vwv12); + unsigned int suwcnt = CVAL(inbuf,smb_vwv13); START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); srvstr_pull_buf(inbuf, name, smb_buf(inbuf), sizeof(name), STR_TERMINATE); - if (dscnt > tdscnt || pscnt > tpscnt) { - exit_server("invalid trans parameters"); - } + if (dscnt > tdscnt || pscnt > tpscnt) + goto bad_param; if (tdscnt) { if((data = (char *)malloc(tdscnt)) == NULL) { - DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); + DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt)); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } + if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) + goto bad_param; + if (smb_base(inbuf)+dsoff+dscnt > inbuf + size) + goto bad_param; + memcpy(data,smb_base(inbuf)+dsoff,dscnt); } if (tpscnt) { if((params = (char *)malloc(tpscnt)) == NULL) { - DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); + DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } + if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) + goto bad_param; + if (smb_base(inbuf)+psoff+pscnt > inbuf + size) + goto bad_param; + memcpy(params,smb_base(inbuf)+psoff,pscnt); } if (suwcnt) { int i; if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { - DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16)))); - END_PROFILE(SMBtrans); - return(ERROR_DOS(ERRDOS,ERRnomem)); - } + DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); + END_PROFILE(SMBtrans); + return(ERROR_DOS(ERRDOS,ERRnomem)); + } + if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size) + goto bad_param; + if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD))) + goto bad_param; + for (i=0;i tdscnt || pscnt > tpscnt) { - exit_server("invalid trans parameters"); - } + if (dscnt > tdscnt || pscnt > tpscnt) + goto bad_param; - if (pcnt) + if (pcnt) { + if (pdisp+pcnt >= tpscnt) + goto bad_param; + if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) + goto bad_param; + if (smb_base(inbuf) + poff + pcnt >= inbuf + bufsize) + goto bad_param; + if (params + pdisp < params) + goto bad_param; + memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt); - if (dcnt) + } + + if (dcnt) { + if (ddisp+dcnt >= tdscnt) + goto bad_param; + if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) + goto bad_param; + if (smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) + goto bad_param; + if (data + ddisp < data) + goto bad_param; + memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt); + } } @@ -517,4 +554,14 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int END_PROFILE(SMBtrans); return(outsize); + + + bad_param: + + DEBUG(0,("reply_trans: invalid trans parameters\n")); + SAFE_FREE(data); + SAFE_FREE(params); + SAFE_FREE(setup); + END_PROFILE(SMBtrans); + return ERROR_DOS(ERRDOS,ERRinvalidparam); } -- cgit From 97d25a7374e03b4411debe0d9301326ab2df709f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 Mar 2003 00:35:24 +0000 Subject: Fix noticed by Corny.Bondad@hp.com. Ensure we free up memory on error exit. Jeremy. (This used to be commit 05a8a61af83a6d85ddbb70749c8cd0abe9eb8180) --- source3/smbd/ipc.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 08337c2901..67c5da01f3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -397,6 +397,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (tpscnt) { if((params = (char *)malloc(tpscnt)) == NULL) { DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); + SAFE_FREE(data); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } @@ -412,6 +413,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int int i; if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); + SAFE_FREE(data); + SAFE_FREE(params); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } -- cgit From 2fd693e13e8168210eb991392f011cf4e1983376 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 Mar 2003 23:34:51 +0000 Subject: Use ERROR_NT, not ERROR_DOS as Andrew Bartlett pointed out. Jeremy. (This used to be commit 723e9ee31cc1f5eb4b7aefefd58f7f13d0abda05) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 67c5da01f3..da30ec7440 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -566,5 +566,5 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int SAFE_FREE(params); SAFE_FREE(setup); END_PROFILE(SMBtrans); - return ERROR_DOS(ERRDOS,ERRinvalidparam); + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } -- cgit From 834da49f63976c9c39b0d976e9cbc981a80821e4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Mar 2003 20:58:10 +0000 Subject: We use unsigned now, so use %u. Jeremy. (This used to be commit 65c2a361a4a3461ccbed9b5c968f95281295faab) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index da30ec7440..c8bb0c2505 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -508,7 +508,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } - DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n", + DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", name,tdscnt,tpscnt,suwcnt)); /* -- cgit From 5452ecebc7d89fac6e1047b92b77be47fe85914c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 18 Mar 2003 11:18:27 +0000 Subject: Merge signed/unsigned fix from HEAD. (This used to be commit 196628432130f826505187a27207a7b947e034cf) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c8bb0c2505..c4a12ab531 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -410,7 +410,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (suwcnt) { - int i; + unsigned int i; if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); SAFE_FREE(data); -- cgit From bdb7a74419356f4b6064d928636c8f295e8b7230 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 14 Apr 2003 03:48:26 +0000 Subject: Whitespace syncup. (This used to be commit 8fe5bab565cdcf498e4d0f5cca31f799d249e3b3) --- source3/smbd/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c4a12ab531..85e28f5d17 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -138,9 +138,9 @@ void send_trans_reply(char *outbuf, set_message(outbuf,10,1+this_ldata+this_lparam+align,False); copy_trans_params_and_data(outbuf, align, - rparam, tot_param_sent, this_lparam, - rdata, tot_data_sent, this_ldata); - + rparam, tot_param_sent, this_lparam, + rdata, tot_data_sent, this_ldata); + SSVAL(outbuf,smb_vwv3,this_lparam); SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); SSVAL(outbuf,smb_vwv5,tot_param_sent); -- cgit From 760e58cf807e099b450c83fbdb8d393d53b9dca3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 2 Aug 2003 03:06:07 +0000 Subject: Add the same signing code to the server. Ensure we use identical session numbers and MIDs when in trans/trans2/nttrans code. Jeremy. (This used to be commit 901544b29b4d815709b3dbad3012f1d2c419d904) --- source3/smbd/ipc.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 85e28f5d17..f0b5c4a92f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -428,6 +428,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } + srv_signing_trans_start(SVAL(inbuf,smb_mid)); + if (pscnt < tpscnt || dscnt < tdscnt) { /* We need to send an interim response then receive the rest of the parameter/data bytes */ @@ -455,6 +457,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int SAFE_FREE(data); SAFE_FREE(setup); END_PROFILE(SMBtrans); + srv_signing_trans_stop(); return(ERROR_DOS(ERRSRV,ERRerror)); } @@ -542,6 +545,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int SAFE_FREE(params); SAFE_FREE(setup); + srv_signing_trans_stop(); + if (close_on_completion) close_cnum(conn,vuid); @@ -561,6 +566,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bad_param: + srv_signing_trans_stop(); DEBUG(0,("reply_trans: invalid trans parameters\n")); SAFE_FREE(data); SAFE_FREE(params); -- cgit From 099bd33a9999718e6cfe6cb387c8845805b67284 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 2 Aug 2003 07:07:38 +0000 Subject: More fixes for client and server side signing. Ensure sequence numbers are updated correctly on returning an error for server trans streams. Ensure we turn off client trans streams on error. Jeremy. (This used to be commit 3a789cb7f01115c37404e5a696de363287cb0e5f) --- source3/smbd/ipc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f0b5c4a92f..39072f9b91 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -509,11 +509,10 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt); } } - - + DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", name,tdscnt,tpscnt,suwcnt)); - + /* * WinCE wierdness.... */ -- cgit From 450bc69ab36aff1e3011beaacced84de1a57a72a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 16 Oct 2003 20:44:43 +0000 Subject: Tidyup wrap checking. Jeremy. (This used to be commit 41d1870a51c259f0cf17caf59928a3b38b21ea11) --- source3/smbd/ipc.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 39072f9b91..9bdd02b059 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -388,7 +388,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) goto bad_param; - if (smb_base(inbuf)+dsoff+dscnt > inbuf + size) + if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) || + (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf))) goto bad_param; memcpy(data,smb_base(inbuf)+dsoff,dscnt); @@ -402,8 +403,9 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int return(ERROR_DOS(ERRDOS,ERRnomem)); } if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) - goto bad_param; - if (smb_base(inbuf)+psoff+pscnt > inbuf + size) + goto bad_param; + if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || + (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))); goto bad_param; memcpy(params,smb_base(inbuf)+psoff,pscnt); @@ -487,8 +489,11 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (pdisp+pcnt >= tpscnt) goto bad_param; if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) - goto bad_param; - if (smb_base(inbuf) + poff + pcnt >= inbuf + bufsize) + goto bad_param; + if (pdisp > tpscnt) + goto bad_param; + if ((smb_base(inbuf) + poff + pcnt >= inbuf + bufsize) || + (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (params + pdisp < params) goto bad_param; @@ -501,7 +506,10 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) goto bad_param; - if (smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) + if (ddisp > tdscnt) + goto bad_param; + if ((smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) || + (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (data + ddisp < data) goto bad_param; -- cgit From 8c4e25a331bb9e72374202378340b2acd525adce Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 17 Oct 2003 21:19:15 +0000 Subject: Typo broke win9x logins. Jeremy. (This used to be commit 4e00cad645635af66b62c6a5568264a09cf340f3) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9bdd02b059..bc828d2e8e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -405,7 +405,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) goto bad_param; if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || - (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))); + (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))) goto bad_param; memcpy(params,smb_base(inbuf)+psoff,pscnt); -- cgit From 5114dee2716f9703f2eee07a891d77a15f4b6a82 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 21 Oct 2003 23:14:41 +0000 Subject: Fix for bug #64, Win9x Nexus tools not working against Samba3.0. Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata. Jeremy. (This used to be commit 7eaae388b35cb3d20cdd968b00d65c88fcee5878) --- source3/smbd/ipc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bc828d2e8e..86d982b022 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -96,7 +96,7 @@ void send_trans_reply(char *outbuf, align = ((this_lparam)%4); if (buffer_too_large) { - ERROR_NT(STATUS_BUFFER_OVERFLOW); + ERROR_BOTH(STATUS_BUFFER_OVERFLOW,ERRDOS,ERRmoredata); } set_message(outbuf,10,1+align+this_ldata+this_lparam,True); @@ -281,6 +281,14 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, subcommand = ((int)setup[0]) & 0xFFFF; if(!(p = get_rpc_pipe(pnum))) { + if (subcommand == TRANSACT_WAITNAMEDPIPEHANDLESTATE) { + /* Win9x does this call with a unicode pipe name, not a pnum. */ + /* Just return success for now... */ + DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); + send_trans_reply(outbuf, NULL, 0, NULL, 0, False); + return -1; + } + DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); return api_no_reply(outbuf, mdrcnt); } -- cgit From 570f2b73b4c0088fea929bcb6beb1a17b3c1aba3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 1 Dec 2003 06:53:10 +0000 Subject: Ensure the server can cope with multiple secondary trans requests when signing is turned on. Jeremy. (This used to be commit 206464a748a59b1d485d4d3d0cb4d257d60fbd00) --- source3/smbd/ipc.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 86d982b022..dd92cc4e4d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -445,6 +445,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int of the parameter/data bytes */ outsize = set_message(outbuf,0,0,True); show_msg(outbuf); + srv_signing_trans_stop(); if (!send_smb(smbd_server_fd(),outbuf)) exit_server("reply_trans: send_smb failed."); } @@ -456,6 +457,13 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); + /* + * The sequence number for the trans reply is always + * based on the last secondary received. + */ + + srv_signing_trans_start(SVAL(inbuf,smb_mid)); + if ((ret && (CVAL(inbuf, smb_com) != SMBtranss)) || !ret) { if(ret) { DEBUG(0,("reply_trans: Invalid secondary trans packet\n")); -- cgit From addfc95df264a4af55516620d79c995e8279793d Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Tue, 9 Mar 2004 21:47:49 +0000 Subject: Yet another '\n' termination of debug message. rafal (This used to be commit 3e57c2c6850655da77e25de4cb047cc27741ca9c) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index dd92cc4e4d..e5465b902c 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -293,7 +293,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, return api_no_reply(outbuf, mdrcnt); } - DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)", subcommand, p->name, pnum)); + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); /* record maximum data length that can be transmitted in an SMBtrans */ p->max_trans_reply = mdrcnt; -- cgit From 17c8907d9c2a89a1f3d271aa58a5d4494a0d4653 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Nov 2004 20:37:14 +0000 Subject: r3666: Generalise fix for trans and nttrans multi-fragment requests. Jeremy (This used to be commit 10b2489e3b2345a8532098523ebcebb73665a76f) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e5465b902c..35e670c9fa 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -502,7 +502,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if (pcnt) { - if (pdisp+pcnt >= tpscnt) + if (pdisp+pcnt > tpscnt) goto bad_param; if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) goto bad_param; @@ -518,7 +518,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (dcnt) { - if (ddisp+dcnt >= tdscnt) + if (ddisp+dcnt > tdscnt) goto bad_param; if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) goto bad_param; -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/smbd/ipc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 35e670c9fa..9fcd39b500 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -165,7 +165,7 @@ void send_trans_reply(char *outbuf, static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) { BOOL is_data_outstanding; - char *rdata = malloc(p->max_trans_reply); + char *rdata = SMB_MALLOC(p->max_trans_reply); int data_len; if(rdata == NULL) { @@ -389,7 +389,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if (tdscnt) { - if((data = (char *)malloc(tdscnt)) == NULL) { + if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) { DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt)); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); @@ -404,7 +404,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (tpscnt) { - if((params = (char *)malloc(tpscnt)) == NULL) { + if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) { DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); SAFE_FREE(data); END_PROFILE(SMBtrans); @@ -421,7 +421,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (suwcnt) { unsigned int i; - if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { + if((setup = SMB_MALLOC_ARRAY(uint16,suwcnt)) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); SAFE_FREE(data); SAFE_FREE(params); -- cgit From d33c5aa71fb42a0fe87281812af7508bbc2a2f51 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Jan 2005 22:40:49 +0000 Subject: r4830: Fix for problem noticed by Guy Harris , return correct DOS/NT error code on transact named pipe on closed pipe handle. Jeremy. (This used to be commit 599c281464fa96725c3ee6dd3c5ee03ea81314ea) --- source3/smbd/ipc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9fcd39b500..3f21a2ac6a 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -269,7 +269,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, /* First find out the name of this file. */ if (suwcnt != 2) { DEBUG(0,("Unexpected named pipe transaction.\n")); - return(-1); + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } /* Get the file handle and hence the file name. */ @@ -290,7 +290,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, } DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); - return api_no_reply(outbuf, mdrcnt); + return ERROR_NT(NT_STATUS_INVALID_HANDLE); } DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); @@ -315,6 +315,8 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, /* Set Named Pipe Handle state */ reply = api_SNPHS(outbuf, p, params, tpscnt); break; + default: + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (!reply) -- cgit From c1b9243c2892220b906df86d7b021d1bf18571b6 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Feb 2005 20:43:14 +0000 Subject: r5165: BUG 2295: always use get_local_machine_name() rather than digging in the gloval variable 'local_machine' (This used to be commit 6a6e4af46a5c0a693a3dd9d558a4d1c1e5d72d95) --- source3/smbd/ipc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3f21a2ac6a..e3f6521fba 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -29,8 +29,6 @@ extern int max_send; -extern fstring local_machine; - #define NERR_notsupported 50 extern int smb_read_error; @@ -382,6 +380,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int unsigned int dscnt = SVAL(inbuf,smb_vwv11); unsigned int dsoff = SVAL(inbuf,smb_vwv12); unsigned int suwcnt = CVAL(inbuf,smb_vwv13); + fstring local_machine_name; START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); @@ -543,9 +542,11 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int * WinCE wierdness.... */ - if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine, strlen(local_machine)) == 0) && - (name[strlen(local_machine)+1] == '\\')) - name_offset = strlen(local_machine)+1; + fstrcpy( local_machine_name, get_local_machine_name() ); + + if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine_name, strlen(local_machine_name)) == 0) && + (name[strlen(local_machine_name)+1] == '\\')) + name_offset = strlen(local_machine_name)+1; if (strnequal(&name[name_offset], "\\PIPE", strlen("\\PIPE"))) { name_offset += strlen("\\PIPE"); -- cgit From 19ca97a70f6b7b41d251eaa76e4d3c980c6eedff Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 24 Jun 2005 20:25:18 +0000 Subject: r7882: Looks like a large patch - but what it actually does is make Samba safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e3f6521fba..86c6d056a0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -163,7 +163,7 @@ void send_trans_reply(char *outbuf, static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) { BOOL is_data_outstanding; - char *rdata = SMB_MALLOC(p->max_trans_reply); + char *rdata = (char *)SMB_MALLOC(p->max_trans_reply); int data_len; if(rdata == NULL) { -- cgit From 33c9fbab1278302dde1b0daf7ce6ac3462dc930c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 7 Mar 2006 19:52:26 +0000 Subject: r13980: Fix Coverity bug # 63. Jeremy, could you take a look at this? Thanks, Volker (This used to be commit 49043a756dfa6a973d5605f42068df351a4a9ab5) --- source3/smbd/ipc.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 86c6d056a0..77746cb12f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -380,7 +380,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int unsigned int dscnt = SVAL(inbuf,smb_vwv11); unsigned int dsoff = SVAL(inbuf,smb_vwv12); unsigned int suwcnt = CVAL(inbuf,smb_vwv13); - fstring local_machine_name; + char *local_machine_name; START_PROFILE(SMBtrans); memset(name, '\0',sizeof(name)); @@ -542,11 +542,22 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int * WinCE wierdness.... */ - fstrcpy( local_machine_name, get_local_machine_name() ); + asprintf(&local_machine_name, "\\%s\\", get_local_machine_name()); - if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine_name, strlen(local_machine_name)) == 0) && - (name[strlen(local_machine_name)+1] == '\\')) - name_offset = strlen(local_machine_name)+1; + if (local_machine_name == NULL) { + srv_signing_trans_stop(); + SAFE_FREE(data); + SAFE_FREE(params); + SAFE_FREE(setup); + END_PROFILE(SMBtrans); + return ERROR_NT(NT_STATUS_NO_MEMORY); + } + + if (strnequal(name, local_machine_name, strlen(local_machine_name))) { + name_offset = strlen(local_machine_name)-1; + } + + SAFE_FREE(local_machine_name); if (strnequal(&name[name_offset], "\\PIPE", strlen("\\PIPE"))) { name_offset += strlen("\\PIPE"); -- cgit From 872d3cea871264eed0159f49fba8621dd357ef1d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 1 Apr 2006 18:22:31 +0000 Subject: r14849: Fix >= that should be >. Too strict condition checked by Volker. Jeremy. (This used to be commit 9a763da07385bf9af437cab8dd680f2e13fca3c3) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 77746cb12f..427b6ae214 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -509,7 +509,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if (pdisp > tpscnt) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt >= inbuf + bufsize) || + if ((smb_base(inbuf) + poff + pcnt > inbuf + bufsize) || (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (params + pdisp < params) @@ -525,7 +525,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if (ddisp > tdscnt) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) || + if ((smb_base(inbuf) + doff + dcnt > inbuf + bufsize) || (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (data + ddisp < data) -- cgit From 22dbd67708f1651a2341d70ce576fac360affccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Apr 2006 15:33:04 +0000 Subject: r15018: Merge Volker's ipc/trans2/nttrans changes over into 3.0. Also merge the new POSIX lock code - this is not enabled unless -DDEVELOPER is defined. This doesn't yet map onto underlying system POSIX locks. Updates vfs to allow lock queries. Jeremy. (This used to be commit 08e52ead03304ff04229e1bfe544ff40e2564fc7) --- source3/smbd/ipc.c | 452 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 271 insertions(+), 181 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 427b6ae214..1b5a5f39c7 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -355,259 +355,349 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na return 0; } +static NTSTATUS handle_trans(connection_struct *conn, + struct trans_state *state, + char *outbuf, int *outsize) +{ + char *local_machine_name; + int name_offset = 0; + + DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", + state->name,state->total_data,state->total_param, + state->setup_count)); + + /* + * WinCE wierdness.... + */ + + local_machine_name = talloc_asprintf(state, "\\%s\\", + get_local_machine_name()); + + if (local_machine_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (strnequal(state->name, local_machine_name, + strlen(local_machine_name))) { + name_offset = strlen(local_machine_name)-1; + } + + if (!strnequal(&state->name[name_offset], "\\PIPE", + strlen("\\PIPE"))) { + return NT_STATUS_NOT_SUPPORTED; + } + + name_offset += strlen("\\PIPE"); + + /* Win9x weirdness. When talking to a unicode server Win9x + only sends \PIPE instead of \PIPE\ */ + + if (state->name[name_offset] == '\\') + name_offset++; + + DEBUG(5,("calling named_pipe\n")); + *outsize = named_pipe(conn, state->vuid, outbuf, + state->name+name_offset, + state->setup,state->data, + state->param, + state->setup_count,state->total_data, + state->total_param, + state->max_setup_return, + state->max_data_return, + state->max_param_return); + + if (*outsize == 0) { + return NT_STATUS_NOT_SUPPORTED; + } + + if (state->close_on_completion) + close_cnum(conn,state->vuid); + + return NT_STATUS_OK; +} /**************************************************************************** Reply to a SMBtrans. ****************************************************************************/ -int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize) +int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, + int size, int bufsize) { - fstring name; - int name_offset = 0; - char *data=NULL,*params=NULL; - uint16 *setup=NULL; int outsize = 0; - uint16 vuid = SVAL(inbuf,smb_uid); - unsigned int tpscnt = SVAL(inbuf,smb_vwv0); - unsigned int tdscnt = SVAL(inbuf,smb_vwv1); - unsigned int mprcnt = SVAL(inbuf,smb_vwv2); - unsigned int mdrcnt = SVAL(inbuf,smb_vwv3); - unsigned int msrcnt = CVAL(inbuf,smb_vwv4); - BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0); - BOOL one_way = BITSETW(inbuf+smb_vwv5,1); - unsigned int pscnt = SVAL(inbuf,smb_vwv9); - unsigned int psoff = SVAL(inbuf,smb_vwv10); - unsigned int dscnt = SVAL(inbuf,smb_vwv11); - unsigned int dsoff = SVAL(inbuf,smb_vwv12); - unsigned int suwcnt = CVAL(inbuf,smb_vwv13); - char *local_machine_name; + unsigned int dsoff = SVAL(inbuf, smb_dsoff); + unsigned int dscnt = SVAL(inbuf, smb_dscnt); + unsigned int psoff = SVAL(inbuf, smb_psoff); + unsigned int pscnt = SVAL(inbuf, smb_pscnt); + struct trans_state *state; + NTSTATUS result; + START_PROFILE(SMBtrans); - memset(name, '\0',sizeof(name)); - srvstr_pull_buf(inbuf, name, smb_buf(inbuf), sizeof(name), STR_TERMINATE); + if (!NT_STATUS_IS_OK(allow_new_trans(conn->pending_trans, + SVAL(inbuf, smb_mid)))) { + DEBUG(2, ("Got invalid trans request: %s\n", + nt_errstr(result))); + END_PROFILE(SMBtrans); + return ERROR_NT(result); + } - if (dscnt > tdscnt || pscnt > tpscnt) + if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) { + DEBUG(0, ("talloc failed\n")); + END_PROFILE(SMBtrans); + return ERROR_NT(NT_STATUS_NO_MEMORY); + } + + state->cmd = SMBtrans; + + state->mid = SVAL(inbuf, smb_mid); + state->vuid = SVAL(inbuf, smb_uid); + state->setup_count = CVAL(inbuf, smb_suwcnt); + state->total_param = SVAL(inbuf, smb_tpscnt); + state->param = NULL; + state->total_data = SVAL(inbuf, smb_tdscnt); + state->data = NULL; + state->max_param_return = SVAL(inbuf, smb_mprcnt); + state->max_data_return = SVAL(inbuf, smb_mdrcnt); + state->max_setup_return = CVAL(inbuf, smb_msrcnt); + state->close_on_completion = BITSETW(inbuf+smb_vwv5,0); + state->one_way = BITSETW(inbuf+smb_vwv5,1); + + memset(state->name, '\0',sizeof(state->name)); + srvstr_pull_buf(inbuf, state->name, smb_buf(inbuf), + sizeof(state->name), STR_TERMINATE); + + if ((dscnt > state->total_data) || (pscnt > state->total_param)) goto bad_param; - - if (tdscnt) { - if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) { - DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt)); + + if (state->total_data) { + /* Can't use talloc here, the core routines do realloc on the + * params and data. */ + state->data = SMB_MALLOC(state->total_data); + if (state->data == NULL) { + DEBUG(0,("reply_trans: data malloc fail for %u " + "bytes !\n", state->total_data)); + TALLOC_FREE(state); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) goto bad_param; if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) || - (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf))) + (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf))) goto bad_param; - memcpy(data,smb_base(inbuf)+dsoff,dscnt); + memcpy(state->data,smb_base(inbuf)+dsoff,dscnt); } - if (tpscnt) { - if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) { - DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); - SAFE_FREE(data); + if (state->total_param) { + /* Can't use talloc here, the core routines do realloc on the + * params and data. */ + state->param = SMB_MALLOC(state->total_param); + if (state->param == NULL) { + DEBUG(0,("reply_trans: param malloc fail for %u " + "bytes !\n", state->total_param)); + SAFE_FREE(state->data); + TALLOC_FREE(state); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) goto bad_param; if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || - (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))) + (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))) goto bad_param; - memcpy(params,smb_base(inbuf)+psoff,pscnt); + memcpy(state->param,smb_base(inbuf)+psoff,pscnt); } - if (suwcnt) { + state->received_data = dscnt; + state->received_param = pscnt; + + if (state->setup_count) { unsigned int i; - if((setup = SMB_MALLOC_ARRAY(uint16,suwcnt)) == NULL) { - DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); - SAFE_FREE(data); - SAFE_FREE(params); + if((state->setup = TALLOC_ARRAY( + state, uint16, state->setup_count)) == NULL) { + DEBUG(0,("reply_trans: setup malloc fail for %u " + "bytes !\n", (unsigned int) + (state->setup_count * sizeof(uint16)))); + TALLOC_FREE(state); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } - if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size) + if (inbuf+smb_vwv14+(state->setup_count*SIZEOFWORD) > + inbuf + size) goto bad_param; - if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD))) + if ((smb_vwv14+(state->setup_count*SIZEOFWORD) < smb_vwv14) || + (smb_vwv14+(state->setup_count*SIZEOFWORD) < + (state->setup_count*SIZEOFWORD))) goto bad_param; - for (i=0;isetup_count;i++) + state->setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD); } + state->received_param = pscnt; - srv_signing_trans_start(SVAL(inbuf,smb_mid)); + if ((state->received_param == state->total_param) && + (state->received_data == state->total_data)) { - if (pscnt < tpscnt || dscnt < tdscnt) { - /* We need to send an interim response then receive the rest - of the parameter/data bytes */ - outsize = set_message(outbuf,0,0,True); - show_msg(outbuf); - srv_signing_trans_stop(); - if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("reply_trans: send_smb failed."); - } + result = handle_trans(conn, state, outbuf, &outsize); + + SAFE_FREE(state->data); + SAFE_FREE(state->param); + TALLOC_FREE(state); - /* receive the rest of the trans packet */ - while (pscnt < tpscnt || dscnt < tdscnt) { - BOOL ret; - unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; - - ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); - - /* - * The sequence number for the trans reply is always - * based on the last secondary received. - */ - - srv_signing_trans_start(SVAL(inbuf,smb_mid)); - - if ((ret && (CVAL(inbuf, smb_com) != SMBtranss)) || !ret) { - if(ret) { - DEBUG(0,("reply_trans: Invalid secondary trans packet\n")); - } else { - DEBUG(0,("reply_trans: %s in getting secondary trans response.\n", - (smb_read_error == READ_ERROR) ? "error" : "timeout" )); - } - SAFE_FREE(params); - SAFE_FREE(data); - SAFE_FREE(setup); + if (!NT_STATUS_IS_OK(result)) { END_PROFILE(SMBtrans); - srv_signing_trans_stop(); - return(ERROR_DOS(ERRSRV,ERRerror)); + return ERROR_NT(result); } - show_msg(inbuf); - - /* Revise total_params and total_data in case they have changed downwards */ - if (SVAL(inbuf,smb_vwv0) < tpscnt) - tpscnt = SVAL(inbuf,smb_vwv0); - if (SVAL(inbuf,smb_vwv1) < tdscnt) - tdscnt = SVAL(inbuf,smb_vwv1); - - pcnt = SVAL(inbuf,smb_vwv2); - poff = SVAL(inbuf,smb_vwv3); - pdisp = SVAL(inbuf,smb_vwv4); - - dcnt = SVAL(inbuf,smb_vwv5); - doff = SVAL(inbuf,smb_vwv6); - ddisp = SVAL(inbuf,smb_vwv7); - - pscnt += pcnt; - dscnt += dcnt; - - if (dscnt > tdscnt || pscnt > tpscnt) - goto bad_param; - - if (pcnt) { - if (pdisp+pcnt > tpscnt) - goto bad_param; - if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) - goto bad_param; - if (pdisp > tpscnt) - goto bad_param; - if ((smb_base(inbuf) + poff + pcnt > inbuf + bufsize) || - (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) - goto bad_param; - if (params + pdisp < params) - goto bad_param; - - memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt); + if (outsize == 0) { + END_PROFILE(SMBtrans); + return ERROR_NT(NT_STATUS_INTERNAL_ERROR); } - if (dcnt) { - if (ddisp+dcnt > tdscnt) - goto bad_param; - if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) - goto bad_param; - if (ddisp > tdscnt) - goto bad_param; - if ((smb_base(inbuf) + doff + dcnt > inbuf + bufsize) || - (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) - goto bad_param; - if (data + ddisp < data) - goto bad_param; - - memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt); - } + END_PROFILE(SMBtrans); + return outsize; } - DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", - name,tdscnt,tpscnt,suwcnt)); + DLIST_ADD(conn->pending_trans, state); - /* - * WinCE wierdness.... - */ + /* We need to send an interim response then receive the rest + of the parameter/data bytes */ + outsize = set_message(outbuf,0,0,True); + show_msg(outbuf); + END_PROFILE(SMBtrans); + return outsize; - asprintf(&local_machine_name, "\\%s\\", get_local_machine_name()); + bad_param: - if (local_machine_name == NULL) { - srv_signing_trans_stop(); - SAFE_FREE(data); - SAFE_FREE(params); - SAFE_FREE(setup); - END_PROFILE(SMBtrans); - return ERROR_NT(NT_STATUS_NO_MEMORY); + DEBUG(0,("reply_trans: invalid trans parameters\n")); + SAFE_FREE(state->data); + SAFE_FREE(state->param); + TALLOC_FREE(state); + END_PROFILE(SMBtrans); + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); +} + +/**************************************************************************** + Reply to a secondary SMBtrans. + ****************************************************************************/ + +int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, + int size, int bufsize) +{ + int outsize = 0; + unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; + struct trans_state *state; + NTSTATUS result; + + START_PROFILE(SMBtranss); + + show_msg(inbuf); + + for (state = conn->pending_trans; state != NULL; + state = state->next) { + if (state->mid == SVAL(inbuf,smb_mid)) { + break; + } } - if (strnequal(name, local_machine_name, strlen(local_machine_name))) { - name_offset = strlen(local_machine_name)-1; + if ((state == NULL) || (state->cmd != SMBtrans)) { + END_PROFILE(SMBtranss); + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } - SAFE_FREE(local_machine_name); + /* Revise total_params and total_data in case they have changed + * downwards */ - if (strnequal(&name[name_offset], "\\PIPE", strlen("\\PIPE"))) { - name_offset += strlen("\\PIPE"); + if (SVAL(inbuf, smb_vwv0) < state->total_param) + state->total_param = SVAL(inbuf,smb_vwv0); + if (SVAL(inbuf, smb_vwv1) < state->total_data) + state->total_data = SVAL(inbuf,smb_vwv1); - /* Win9x weirdness. When talking to a unicode server Win9x - only sends \PIPE instead of \PIPE\ */ + pcnt = SVAL(inbuf, smb_spscnt); + poff = SVAL(inbuf, smb_spsoff); + pdisp = SVAL(inbuf, smb_spsdisp); - if (name[name_offset] == '\\') - name_offset++; + dcnt = SVAL(inbuf, smb_sdscnt); + doff = SVAL(inbuf, smb_sdsoff); + ddisp = SVAL(inbuf, smb_sdsdisp); - DEBUG(5,("calling named_pipe\n")); - outsize = named_pipe(conn,vuid,outbuf, - name+name_offset,setup,data,params, - suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt); - } else { - DEBUG(3,("invalid pipe name\n")); - outsize = 0; + state->received_param += pcnt; + state->received_data += dcnt; + + if ((state->received_data > state->total_data) || + (state->received_param > state->total_param)) + goto bad_param; + + if (pcnt) { + if (pdisp+pcnt > state->total_param) + goto bad_param; + if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) + goto bad_param; + if (pdisp > state->total_param) + goto bad_param; + if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || + (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) + goto bad_param; + if (state->param + pdisp < state->param) + goto bad_param; + + memcpy(state->param+pdisp,smb_base(inbuf)+poff, + pcnt); } - - SAFE_FREE(data); - SAFE_FREE(params); - SAFE_FREE(setup); - - srv_signing_trans_stop(); + if (dcnt) { + if (ddisp+dcnt > state->total_data) + goto bad_param; + if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) + goto bad_param; + if (ddisp > state->total_data) + goto bad_param; + if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || + (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) + goto bad_param; + if (state->data + ddisp < state->data) + goto bad_param; - if (close_on_completion) - close_cnum(conn,vuid); + memcpy(state->data+ddisp, smb_base(inbuf)+doff, + dcnt); + } - if (one_way) { - END_PROFILE(SMBtrans); - return(-1); + if ((state->received_param < state->total_param) || + (state->received_data < state->total_data)) { + END_PROFILE(SMBtranss); + return -1; } - - if (outsize == 0) { - END_PROFILE(SMBtrans); + + /* construct_reply_common has done us the favor to pre-fill the + * command field with SMBtranss which is wrong :-) + */ + SCVAL(outbuf,smb_com,SMBtrans); + + result = handle_trans(conn, state, outbuf, &outsize); + + DLIST_REMOVE(conn->pending_trans, state); + SAFE_FREE(state->data); + SAFE_FREE(state->param); + TALLOC_FREE(state); + + if ((outsize == 0) || !NT_STATUS_IS_OK(result)) { + END_PROFILE(SMBtranss); return(ERROR_DOS(ERRSRV,ERRnosupport)); } - END_PROFILE(SMBtrans); + END_PROFILE(SMBtranss); return(outsize); - bad_param: - srv_signing_trans_stop(); - DEBUG(0,("reply_trans: invalid trans parameters\n")); - SAFE_FREE(data); - SAFE_FREE(params); - SAFE_FREE(setup); - END_PROFILE(SMBtrans); + DEBUG(0,("reply_transs: invalid trans parameters\n")); + DLIST_REMOVE(conn->pending_trans, state); + SAFE_FREE(state->data); + SAFE_FREE(state->param); + TALLOC_FREE(state); + END_PROFILE(SMBtranss); return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } -- cgit From 1ca61f4748283bdc9d30ddec3ec812fb830b6ac4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Apr 2006 09:43:39 +0000 Subject: r15266: Fix bug 3720. I wonder why -O1 compiles did not catch this... Thanks to Jason Mader for reporting this. Volker (This used to be commit 3e616c3272ba76a2d135f7c51ceb44461ad165ad) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1b5a5f39c7..7f9505606c 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -433,8 +433,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, START_PROFILE(SMBtrans); - if (!NT_STATUS_IS_OK(allow_new_trans(conn->pending_trans, - SVAL(inbuf, smb_mid)))) { + result = allow_new_trans(conn->pending_trans, SVAL(inbuf, smb_mid)); + if (!NT_STATUS_IS_OK(result)) { DEBUG(2, ("Got invalid trans request: %s\n", nt_errstr(result))); END_PROFILE(SMBtrans); -- cgit From 263b01ecb9a09c80c3b519c5ec4e52437ace9da0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 27 May 2006 21:38:54 +0000 Subject: r15911: Make us survive rpc-authcontext committed next (This used to be commit c24bfdce625782637b5f4d11a5117ef795ddfc2f) --- source3/smbd/ipc.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7f9505606c..3250387909 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -291,6 +291,12 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, return ERROR_NT(NT_STATUS_INVALID_HANDLE); } + if (vuid != p->vuid) { + DEBUG(1, ("Got pipe request (pnum %x) using invalid VUID %d, " + "expected %d\n", pnum, vuid, p->vuid)); + return ERROR_NT(NT_STATUS_INVALID_HANDLE); + } + DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); /* record maximum data length that can be transmitted in an SMBtrans */ -- cgit From 9bcaf47c635ab92d7c171278180f33f6c72c6b57 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Jun 2006 01:30:42 +0000 Subject: r16275: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsigned int in a format string. Jeremy. (This used to be commit 952547471f03bd2da1eda0247471b17aa1ff15de) --- source3/smbd/ipc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3250387909..e6dfc6506a 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -369,8 +369,8 @@ static NTSTATUS handle_trans(connection_struct *conn, int name_offset = 0; DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", - state->name,state->total_data,state->total_param, - state->setup_count)); + state->name,(unsigned int)state->total_data,(unsigned int)state->total_param, + (unsigned int)state->setup_count)); /* * WinCE wierdness.... @@ -481,7 +481,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, state->data = SMB_MALLOC(state->total_data); if (state->data == NULL) { DEBUG(0,("reply_trans: data malloc fail for %u " - "bytes !\n", state->total_data)); + "bytes !\n", (unsigned int)state->total_data)); TALLOC_FREE(state); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); @@ -501,7 +501,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, state->param = SMB_MALLOC(state->total_param); if (state->param == NULL) { DEBUG(0,("reply_trans: param malloc fail for %u " - "bytes !\n", state->total_param)); + "bytes !\n", (unsigned int)state->total_param)); SAFE_FREE(state->data); TALLOC_FREE(state); END_PROFILE(SMBtrans); -- cgit From e23781b3b304d1e69ad80af5ae9c0ed8d02cf996 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Jul 2006 16:36:56 +0000 Subject: r17316: More C++ warnings -- 456 left (This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e6dfc6506a..08381524c0 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -478,7 +478,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, if (state->total_data) { /* Can't use talloc here, the core routines do realloc on the * params and data. */ - state->data = SMB_MALLOC(state->total_data); + state->data = (char *)SMB_MALLOC(state->total_data); if (state->data == NULL) { DEBUG(0,("reply_trans: data malloc fail for %u " "bytes !\n", (unsigned int)state->total_data)); @@ -498,7 +498,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, if (state->total_param) { /* Can't use talloc here, the core routines do realloc on the * params and data. */ - state->param = SMB_MALLOC(state->total_param); + state->param = (char *)SMB_MALLOC(state->total_param); if (state->param == NULL) { DEBUG(0,("reply_trans: param malloc fail for %u " "bytes !\n", (unsigned int)state->total_param)); -- cgit From d29722e378011e6085e007e1e6c39a9f002eb2fe Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 Dec 2006 00:49:12 +0000 Subject: r20178: Ensure we allocate the intermediate trans structs off conn->mem_ctx, not the null context so we can safefy free everything on conn close. Should fix possible memleak. Jeremy. (This used to be commit b33bde7b39953e171f05cdb53b6345ee3a9ec6e7) --- source3/smbd/ipc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 08381524c0..9d347a430b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -447,7 +447,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_NT(result); } - if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) { + if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) { DEBUG(0, ("talloc failed\n")); END_PROFILE(SMBtrans); return ERROR_NT(NT_STATUS_NO_MEMORY); @@ -458,6 +458,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, state->mid = SVAL(inbuf, smb_mid); state->vuid = SVAL(inbuf, smb_uid); state->setup_count = CVAL(inbuf, smb_suwcnt); + state->setup = NULL; state->total_param = SVAL(inbuf, smb_tpscnt); state->param = NULL; state->total_data = SVAL(inbuf, smb_tdscnt); -- cgit From 5bb49b08f3d79ef9ee17dbbd64ce90dc438d96df Mon Sep 17 00:00:00 2001 From: James Peach Date: Mon, 18 Dec 2006 04:25:21 +0000 Subject: r20237: Replace exit_server with exit_server_cleanly where appropriate. All send_smb failures should be clean exits. All times when we exit as a matter of policy should also be clean exits. (This used to be commit d6382092e72120a3c89ffe81975e8898d454bf06) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9d347a430b..ca128d29d9 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -115,7 +115,7 @@ void send_trans_reply(char *outbuf, show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("send_trans_reply: send_smb failed."); + exit_server_cleanly("send_trans_reply: send_smb failed."); tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -149,7 +149,7 @@ void send_trans_reply(char *outbuf, show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) - exit_server("send_trans_reply: send_smb failed."); + exit_server_cleanly("send_trans_reply: send_smb failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; -- cgit From 2498a973acba0d7500a7cd6501928161bc0ed31b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 3 Apr 2007 14:16:56 +0000 Subject: r22059: Over-allocate and NULL out 100 bytes for lanman.c. Volker (This used to be commit 0eea6b84cec7e2a3fc1f784d5a9b162f71cc8a02) --- source3/smbd/ipc.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ca128d29d9..6e5ff9f035 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -478,8 +478,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, if (state->total_data) { /* Can't use talloc here, the core routines do realloc on the - * params and data. */ - state->data = (char *)SMB_MALLOC(state->total_data); + * params and data. Out of paranoia, 100 bytes too many. */ + state->data = (char *)SMB_MALLOC(state->total_data+100); if (state->data == NULL) { DEBUG(0,("reply_trans: data malloc fail for %u " "bytes !\n", (unsigned int)state->total_data)); @@ -487,6 +487,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } + /* null-terminate the slack space */ + memset(&state->data[state->total_data], 0, 100); if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) goto bad_param; if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) || @@ -498,8 +500,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, if (state->total_param) { /* Can't use talloc here, the core routines do realloc on the - * params and data. */ - state->param = (char *)SMB_MALLOC(state->total_param); + * params and data. Out of paranoia, 100 bytes too many */ + state->param = (char *)SMB_MALLOC(state->total_param+100); if (state->param == NULL) { DEBUG(0,("reply_trans: param malloc fail for %u " "bytes !\n", (unsigned int)state->total_param)); @@ -508,6 +510,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); } + /* null-terminate the slack space */ + memset(&state->param[state->total_param], 0, 100); if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) goto bad_param; if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || -- cgit From 0829e1ad1c3646efecf50729f493b9ee72ef0517 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 19 Apr 2007 22:40:32 +0000 Subject: r22391: Looks bigger than it is. Make "inbuf" available to all callers of smb_setlen (via set_message() calls). This will allow the server to reflect back the correct encryption context. Jeremy. (This used to be commit 2d80a96120a5fe2fe726f00746d36d85044c4bdb) --- source3/smbd/ipc.c | 179 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 126 insertions(+), 53 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6e5ff9f035..6b647fc72b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -72,10 +72,13 @@ static void copy_trans_params_and_data(char *outbuf, int align, Send a trans reply. ****************************************************************************/ -void send_trans_reply(char *outbuf, - char *rparam, int rparam_len, - char *rdata, int rdata_len, - BOOL buffer_too_large) +void send_trans_reply(const char *inbuf, + char *outbuf, + char *rparam, + int rparam_len, + char *rdata, + int rdata_len, + BOOL buffer_too_large) { int this_ldata,this_lparam; int tot_data_sent = 0; @@ -97,11 +100,11 @@ void send_trans_reply(char *outbuf, ERROR_BOTH(STATUS_BUFFER_OVERFLOW,ERRDOS,ERRmoredata); } - set_message(outbuf,10,1+align+this_ldata+this_lparam,True); + set_message(inbuf,outbuf,10,1+align+this_ldata+this_lparam,True); copy_trans_params_and_data(outbuf, align, - rparam, tot_param_sent, this_lparam, - rdata, tot_data_sent, this_ldata); + rparam, tot_param_sent, this_lparam, + rdata, tot_data_sent, this_ldata); SSVAL(outbuf,smb_vwv0,lparam); SSVAL(outbuf,smb_vwv1,ldata); @@ -133,7 +136,7 @@ void send_trans_reply(char *outbuf, align = (this_lparam%4); - set_message(outbuf,10,1+this_ldata+this_lparam+align,False); + set_message(inbuf,outbuf,10,1+this_ldata+this_lparam+align,False); copy_trans_params_and_data(outbuf, align, rparam, tot_param_sent, this_lparam, @@ -160,7 +163,9 @@ void send_trans_reply(char *outbuf, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) +static BOOL api_rpc_trans_reply(const char *inbuf, + char *outbuf, + smb_np_struct *p) { BOOL is_data_outstanding; char *rdata = (char *)SMB_MALLOC(p->max_trans_reply); @@ -177,7 +182,7 @@ static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) return False; } - send_trans_reply(outbuf, NULL, 0, rdata, data_len, is_data_outstanding); + send_trans_reply(inbuf, outbuf, NULL, 0, rdata, data_len, is_data_outstanding); SAFE_FREE(rdata); return True; @@ -187,7 +192,11 @@ static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) WaitNamedPipeHandleState ****************************************************************************/ -static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len) +static BOOL api_WNPHS(const char *inbuf, + char *outbuf, + smb_np_struct *p, + char *param, + int param_len) { uint16 priority; @@ -199,7 +208,7 @@ static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len if (wait_rpc_pipe_hnd_state(p, priority)) { /* now send the reply */ - send_trans_reply(outbuf, NULL, 0, NULL, 0, False); + send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); return True; } return False; @@ -210,7 +219,11 @@ static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len SetNamedPipeHandleState ****************************************************************************/ -static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len) +static BOOL api_SNPHS(const char *inbuf, + char *outbuf, + smb_np_struct *p, + char *param, + int param_len) { uint16 id; @@ -222,7 +235,7 @@ static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply(outbuf, NULL, 0, NULL, 0, False); + send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); return True; } return False; @@ -233,7 +246,7 @@ static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len When no reply is generated, indicate unsupported. ****************************************************************************/ -static BOOL api_no_reply(char *outbuf, int max_rdata_len) +static BOOL api_no_reply(const char *inbuf, char *outbuf, int max_rdata_len) { char rparam[4]; @@ -244,7 +257,7 @@ static BOOL api_no_reply(char *outbuf, int max_rdata_len) DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply(outbuf, rparam, 4, NULL, 0, False); + send_trans_reply(inbuf, outbuf, rparam, 4, NULL, 0, False); return -1; } @@ -253,9 +266,18 @@ static BOOL api_no_reply(char *outbuf, int max_rdata_len) Handle remote api calls delivered to a named pipe already opened. ****************************************************************************/ -static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, - uint16 *setup,char *data,char *params, - int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +static int api_fd_reply(connection_struct *conn, + uint16 vuid, + const char *inbuf, + char *outbuf, + uint16 *setup, + char *data, + char *params, + int suwcnt, + int tdscnt, + int tpscnt, + int mdrcnt, + int mprcnt) { BOOL reply = False; smb_np_struct *p = NULL; @@ -283,7 +305,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); - send_trans_reply(outbuf, NULL, 0, NULL, 0, False); + send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); return -1; } @@ -309,51 +331,94 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, /* dce/rpc command */ reply = write_to_pipe(p, data, tdscnt); if (reply) - reply = api_rpc_trans_reply(outbuf, p); + reply = api_rpc_trans_reply(inbuf, outbuf, p); break; case TRANSACT_WAITNAMEDPIPEHANDLESTATE: /* Wait Named Pipe Handle state */ - reply = api_WNPHS(outbuf, p, params, tpscnt); + reply = api_WNPHS(inbuf, outbuf, p, params, tpscnt); break; case TRANSACT_SETNAMEDPIPEHANDLESTATE: /* Set Named Pipe Handle state */ - reply = api_SNPHS(outbuf, p, params, tpscnt); + reply = api_SNPHS(inbuf, outbuf, p, params, tpscnt); break; default: return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (!reply) - return api_no_reply(outbuf, mdrcnt); + return api_no_reply(inbuf, outbuf, mdrcnt); return -1; } /**************************************************************************** - handle named pipe commands - ****************************************************************************/ -static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *name, - uint16 *setup,char *data,char *params, - int suwcnt,int tdscnt,int tpscnt, - int msrcnt,int mdrcnt,int mprcnt) + Handle named pipe commands. +****************************************************************************/ + +static int named_pipe(connection_struct *conn, + uint16 vuid, + const char *inbuf, + char *outbuf, + char *name, + uint16 *setup, + char *data, + char *params, + int suwcnt, + int tdscnt, + int tpscnt, + int msrcnt, + int mdrcnt, + int mprcnt) { DEBUG(3,("named pipe command on <%s> name\n", name)); - if (strequal(name,"LANMAN")) - return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt); + if (strequal(name,"LANMAN")) { + return api_reply(conn, + vuid, + inbuf, + outbuf, + data, + params, + tdscnt, + tpscnt, + mdrcnt, + mprcnt); + } if (strequal(name,"WKSSVC") || strequal(name,"SRVSVC") || strequal(name,"WINREG") || strequal(name,"SAMR") || - strequal(name,"LSARPC")) - { + strequal(name,"LSARPC")) { DEBUG(4,("named pipe command from Win95 (wow!)\n")); - return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); + return api_fd_reply(conn, + vuid, + inbuf, + outbuf, + setup, + data, + params, + suwcnt, + tdscnt, + tpscnt, + mdrcnt, + mprcnt); } - if (strlen(name) < 1) - return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); + if (strlen(name) < 1) { + return api_fd_reply(conn, + vuid, + inbuf, + outbuf, + setup, + data, + params, + suwcnt, + tdscnt, + tpscnt, + mdrcnt, + mprcnt); + } if (setup) DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1])); @@ -362,8 +427,10 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na } static NTSTATUS handle_trans(connection_struct *conn, - struct trans_state *state, - char *outbuf, int *outsize) + struct trans_state *state, + const char *inbuf, + char *outbuf, + int *outsize) { char *local_machine_name; int name_offset = 0; @@ -402,15 +469,18 @@ static NTSTATUS handle_trans(connection_struct *conn, name_offset++; DEBUG(5,("calling named_pipe\n")); - *outsize = named_pipe(conn, state->vuid, outbuf, - state->name+name_offset, - state->setup,state->data, - state->param, - state->setup_count,state->total_data, - state->total_param, - state->max_setup_return, - state->max_data_return, - state->max_param_return); + *outsize = named_pipe(conn, + state->vuid, + inbuf, + outbuf, + state->name+name_offset, + state->setup,state->data, + state->param, + state->setup_count,state->total_data, + state->total_param, + state->max_setup_return, + state->max_data_return, + state->max_param_return); if (*outsize == 0) { return NT_STATUS_NOT_SUPPORTED; @@ -426,8 +496,11 @@ static NTSTATUS handle_trans(connection_struct *conn, Reply to a SMBtrans. ****************************************************************************/ -int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, - int size, int bufsize) +int reply_trans(connection_struct *conn, + char *inbuf, + char *outbuf, + int size, + int bufsize) { int outsize = 0; unsigned int dsoff = SVAL(inbuf, smb_dsoff); @@ -552,7 +625,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, if ((state->received_param == state->total_param) && (state->received_data == state->total_data)) { - result = handle_trans(conn, state, outbuf, &outsize); + result = handle_trans(conn, state, inbuf, outbuf, &outsize); SAFE_FREE(state->data); SAFE_FREE(state->param); @@ -576,7 +649,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, /* We need to send an interim response then receive the rest of the parameter/data bytes */ - outsize = set_message(outbuf,0,0,True); + outsize = set_message(inbuf,outbuf,0,0,True); show_msg(outbuf); END_PROFILE(SMBtrans); return outsize; @@ -687,7 +760,7 @@ int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, */ SCVAL(outbuf,smb_com,SMBtrans); - result = handle_trans(conn, state, outbuf, &outsize); + result = handle_trans(conn, state, inbuf, outbuf, &outsize); DLIST_REMOVE(conn->pending_trans, state); SAFE_FREE(state->data); -- cgit From fcda5b589633b96415890c569bf23e3e284e0916 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 5 Jul 2007 16:33:37 +0000 Subject: r23726: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The next checkin will pull this up to srvstr_get_path. At that point we can get more independent of the inbuf, the base_ptr in pull_string will only be used to satisfy UCS2 alignment constraints. (This used to be commit 836782b07bf133e9b2598c4a089f1c810e4c7754) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6b647fc72b..ce26b53e1b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -543,8 +543,8 @@ int reply_trans(connection_struct *conn, state->one_way = BITSETW(inbuf+smb_vwv5,1); memset(state->name, '\0',sizeof(state->name)); - srvstr_pull_buf(inbuf, state->name, smb_buf(inbuf), - sizeof(state->name), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), state->name, + smb_buf(inbuf), sizeof(state->name), STR_TERMINATE); if ((dscnt > state->total_data) || (pscnt > state->total_param)) goto bad_param; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ce26b53e1b..ed617dc399 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/smbd/ipc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ed617dc399..c2b780ae74 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* This file handles the named pipe and mailslot calls -- cgit From 0ff8556f8b9e641c6e9e06857d72f4cd28a186fb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 11 Jul 2007 06:18:32 +0000 Subject: r23823: Memory leak fix from Atsushi Nakabayashi Thanks! Volker (This used to be commit 17b875ae5bab9473f0f896e63fff4a65588c2fb8) --- source3/smbd/ipc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c2b780ae74..769147926f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -603,6 +603,8 @@ int reply_trans(connection_struct *conn, DEBUG(0,("reply_trans: setup malloc fail for %u " "bytes !\n", (unsigned int) (state->setup_count * sizeof(uint16)))); + SAFE_FREE(state->data); + SAFE_FREE(state->param); TALLOC_FREE(state); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); -- cgit From bf160bb6211fa1ca68c17f54290ce4cbb5dbb263 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Aug 2007 20:28:46 +0000 Subject: r24224: Check wct in reply_trans (This used to be commit fc8759e63ccec7f1cfb9f1d0ecd0f19a496e4153) --- source3/smbd/ipc.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 769147926f..2e6b03fb94 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -502,15 +502,25 @@ int reply_trans(connection_struct *conn, int bufsize) { int outsize = 0; - unsigned int dsoff = SVAL(inbuf, smb_dsoff); - unsigned int dscnt = SVAL(inbuf, smb_dscnt); - unsigned int psoff = SVAL(inbuf, smb_psoff); - unsigned int pscnt = SVAL(inbuf, smb_pscnt); + unsigned int dsoff; + unsigned int dscnt; + unsigned int psoff; + unsigned int pscnt; struct trans_state *state; NTSTATUS result; START_PROFILE(SMBtrans); + if (SVAL(inbuf, smb_wct) < 10) { + END_PROFILE(SMBtrans); + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } + + dsoff = SVAL(inbuf, smb_dsoff); + dscnt = SVAL(inbuf, smb_dscnt); + psoff = SVAL(inbuf, smb_psoff); + pscnt = SVAL(inbuf, smb_pscnt); + result = allow_new_trans(conn->pending_trans, SVAL(inbuf, smb_mid)); if (!NT_STATUS_IS_OK(result)) { DEBUG(2, ("Got invalid trans request: %s\n", @@ -681,6 +691,11 @@ int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, show_msg(inbuf); + if (SVAL(inbuf, smb_wct) < 10) { + END_PROFILE(SMBtranss); + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } + for (state = conn->pending_trans; state != NULL; state = state->next) { if (state->mid == SVAL(inbuf,smb_mid)) { -- cgit From 133ef281c08b3c0f35b57d935e343674d69b39b3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 08:04:11 +0000 Subject: r24229: Push allocating InBuffer/OutBuffer into reply_transs (This used to be commit 39a7809aa4c34bb26178589245c419df44796e22) --- source3/smbd/ipc.c | 50 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 18 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 2e6b03fb94..8ded5754fb 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -495,11 +495,7 @@ static NTSTATUS handle_trans(connection_struct *conn, Reply to a SMBtrans. ****************************************************************************/ -int reply_trans(connection_struct *conn, - char *inbuf, - char *outbuf, - int size, - int bufsize) +void reply_trans(connection_struct *conn, struct smb_request *req) { int outsize = 0; unsigned int dsoff; @@ -508,12 +504,21 @@ int reply_trans(connection_struct *conn, unsigned int pscnt; struct trans_state *state; NTSTATUS result; + char *inbuf, *outbuf; + int size, bufsize; START_PROFILE(SMBtrans); + if (!(reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize))) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBtrans); + return; + } + if (SVAL(inbuf, smb_wct) < 10) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtrans); - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + return; } dsoff = SVAL(inbuf, smb_dsoff); @@ -525,14 +530,16 @@ int reply_trans(connection_struct *conn, if (!NT_STATUS_IS_OK(result)) { DEBUG(2, ("Got invalid trans request: %s\n", nt_errstr(result))); + reply_nterror(req, result); END_PROFILE(SMBtrans); - return ERROR_NT(result); + return; } if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) { DEBUG(0, ("talloc failed\n")); + reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBtrans); - return ERROR_NT(NT_STATUS_NO_MEMORY); + return; } state->cmd = SMBtrans; @@ -566,8 +573,9 @@ int reply_trans(connection_struct *conn, DEBUG(0,("reply_trans: data malloc fail for %u " "bytes !\n", (unsigned int)state->total_data)); TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBtrans); - return(ERROR_DOS(ERRDOS,ERRnomem)); + return; } /* null-terminate the slack space */ memset(&state->data[state->total_data], 0, 100); @@ -589,8 +597,9 @@ int reply_trans(connection_struct *conn, "bytes !\n", (unsigned int)state->total_param)); SAFE_FREE(state->data); TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBtrans); - return(ERROR_DOS(ERRDOS,ERRnomem)); + return; } /* null-terminate the slack space */ memset(&state->param[state->total_param], 0, 100); @@ -616,8 +625,9 @@ int reply_trans(connection_struct *conn, SAFE_FREE(state->data); SAFE_FREE(state->param); TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBtrans); - return(ERROR_DOS(ERRDOS,ERRnomem)); + return; } if (inbuf+smb_vwv14+(state->setup_count*SIZEOFWORD) > inbuf + size) @@ -643,27 +653,30 @@ int reply_trans(connection_struct *conn, TALLOC_FREE(state); if (!NT_STATUS_IS_OK(result)) { + reply_nterror(req, result); END_PROFILE(SMBtrans); - return ERROR_NT(result); + return; } if (outsize == 0) { + reply_nterror(req, NT_STATUS_INTERNAL_ERROR); END_PROFILE(SMBtrans); - return ERROR_NT(NT_STATUS_INTERNAL_ERROR); + return; } END_PROFILE(SMBtrans); - return outsize; + reply_post_legacy(req, outsize); + return; } DLIST_ADD(conn->pending_trans, state); /* We need to send an interim response then receive the rest of the parameter/data bytes */ - outsize = set_message(inbuf,outbuf,0,0,True); - show_msg(outbuf); + reply_outbuf(req, 0, 0); + show_msg((char *)req->outbuf); END_PROFILE(SMBtrans); - return outsize; + return; bad_param: @@ -672,7 +685,8 @@ int reply_trans(connection_struct *conn, SAFE_FREE(state->param); TALLOC_FREE(state); END_PROFILE(SMBtrans); - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; } /**************************************************************************** -- cgit From f1822fe737f700ffcf9b7afc32e96725b5c69e99 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 08:31:41 +0000 Subject: r24230: Push down reply_prep_legacy in reply_trans The last checkin was for reply_trans, not reply_transs (This used to be commit 50a2bfd9e04d51aa5e3ae9d6620a98eeb158b6ea) --- source3/smbd/ipc.c | 114 +++++++++++++++++++++++++++++------------------------ 1 file changed, 62 insertions(+), 52 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8ded5754fb..8b80d8bcc4 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -509,24 +509,19 @@ void reply_trans(connection_struct *conn, struct smb_request *req) START_PROFILE(SMBtrans); - if (!(reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize))) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBtrans); - return; - } - - if (SVAL(inbuf, smb_wct) < 10) { + if (SVAL(req->inbuf, smb_wct) < 10) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtrans); return; } - dsoff = SVAL(inbuf, smb_dsoff); - dscnt = SVAL(inbuf, smb_dscnt); - psoff = SVAL(inbuf, smb_psoff); - pscnt = SVAL(inbuf, smb_pscnt); + size = smb_len(req->inbuf) + 4; + dsoff = SVAL(req->inbuf, smb_dsoff); + dscnt = SVAL(req->inbuf, smb_dscnt); + psoff = SVAL(req->inbuf, smb_psoff); + pscnt = SVAL(req->inbuf, smb_pscnt); - result = allow_new_trans(conn->pending_trans, SVAL(inbuf, smb_mid)); + result = allow_new_trans(conn->pending_trans, req->mid); if (!NT_STATUS_IS_OK(result)) { DEBUG(2, ("Got invalid trans request: %s\n", nt_errstr(result))); @@ -544,23 +539,24 @@ void reply_trans(connection_struct *conn, struct smb_request *req) state->cmd = SMBtrans; - state->mid = SVAL(inbuf, smb_mid); - state->vuid = SVAL(inbuf, smb_uid); - state->setup_count = CVAL(inbuf, smb_suwcnt); + state->mid = req->mid; + state->vuid = req->vuid; + state->setup_count = CVAL(req->inbuf, smb_suwcnt); state->setup = NULL; - state->total_param = SVAL(inbuf, smb_tpscnt); + state->total_param = SVAL(req->inbuf, smb_tpscnt); state->param = NULL; - state->total_data = SVAL(inbuf, smb_tdscnt); + state->total_data = SVAL(req->inbuf, smb_tdscnt); state->data = NULL; - state->max_param_return = SVAL(inbuf, smb_mprcnt); - state->max_data_return = SVAL(inbuf, smb_mdrcnt); - state->max_setup_return = CVAL(inbuf, smb_msrcnt); - state->close_on_completion = BITSETW(inbuf+smb_vwv5,0); - state->one_way = BITSETW(inbuf+smb_vwv5,1); + state->max_param_return = SVAL(req->inbuf, smb_mprcnt); + state->max_data_return = SVAL(req->inbuf, smb_mdrcnt); + state->max_setup_return = CVAL(req->inbuf, smb_msrcnt); + state->close_on_completion = BITSETW(req->inbuf+smb_vwv5,0); + state->one_way = BITSETW(req->inbuf+smb_vwv5,1); memset(state->name, '\0',sizeof(state->name)); - srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), state->name, - smb_buf(inbuf), sizeof(state->name), STR_TERMINATE); + srvstr_pull_buf(req->inbuf, req->flags2, state->name, + smb_buf(req->inbuf), sizeof(state->name), + STR_TERMINATE); if ((dscnt > state->total_data) || (pscnt > state->total_param)) goto bad_param; @@ -581,11 +577,12 @@ void reply_trans(connection_struct *conn, struct smb_request *req) memset(&state->data[state->total_data], 0, 100); if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) goto bad_param; - if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) || - (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf))) + if ((smb_base(req->inbuf)+dsoff+dscnt + > (char *)req->inbuf + size) || + (smb_base(req->inbuf)+dsoff+dscnt < smb_base(req->inbuf))) goto bad_param; - memcpy(state->data,smb_base(inbuf)+dsoff,dscnt); + memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } if (state->total_param) { @@ -605,11 +602,12 @@ void reply_trans(connection_struct *conn, struct smb_request *req) memset(&state->param[state->total_param], 0, 100); if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) goto bad_param; - if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || - (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))) + if ((smb_base(req->inbuf)+psoff+pscnt + > (char *)req->inbuf + size) || + (smb_base(req->inbuf)+psoff+pscnt < smb_base(req->inbuf))) goto bad_param; - memcpy(state->param,smb_base(inbuf)+psoff,pscnt); + memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } state->received_data = dscnt; @@ -629,8 +627,8 @@ void reply_trans(connection_struct *conn, struct smb_request *req) END_PROFILE(SMBtrans); return; } - if (inbuf+smb_vwv14+(state->setup_count*SIZEOFWORD) > - inbuf + size) + if (req->inbuf+smb_vwv14+(state->setup_count*SIZEOFWORD) > + req->inbuf + size) goto bad_param; if ((smb_vwv14+(state->setup_count*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(state->setup_count*SIZEOFWORD) < @@ -638,43 +636,55 @@ void reply_trans(connection_struct *conn, struct smb_request *req) goto bad_param; for (i=0;isetup_count;i++) - state->setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD); + state->setup[i] = SVAL(req->inbuf, + smb_vwv14+i*SIZEOFWORD); } state->received_param = pscnt; - if ((state->received_param == state->total_param) && - (state->received_data == state->total_data)) { + if ((state->received_param != state->total_param) || + (state->received_data != state->total_data)) { + DLIST_ADD(conn->pending_trans, state); - result = handle_trans(conn, state, inbuf, outbuf, &outsize); + /* We need to send an interim response then receive the rest + of the parameter/data bytes */ + reply_outbuf(req, 0, 0); + show_msg((char *)req->outbuf); + END_PROFILE(SMBtrans); + return; + } + if (!(reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize))) { SAFE_FREE(state->data); SAFE_FREE(state->param); TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBtrans); + return; + } - if (!NT_STATUS_IS_OK(result)) { - reply_nterror(req, result); - END_PROFILE(SMBtrans); - return; - } + result = handle_trans(conn, state, inbuf, outbuf, &outsize); - if (outsize == 0) { - reply_nterror(req, NT_STATUS_INTERNAL_ERROR); - END_PROFILE(SMBtrans); - return; - } + if (NT_STATUS_IS_OK(result)) { + reply_post_legacy(req, outsize); + } + SAFE_FREE(state->data); + SAFE_FREE(state->param); + TALLOC_FREE(state); + + if (!NT_STATUS_IS_OK(result)) { + reply_nterror(req, result); END_PROFILE(SMBtrans); - reply_post_legacy(req, outsize); return; } - DLIST_ADD(conn->pending_trans, state); + if (outsize == 0) { + reply_nterror(req, NT_STATUS_INTERNAL_ERROR); + END_PROFILE(SMBtrans); + return; + } - /* We need to send an interim response then receive the rest - of the parameter/data bytes */ - reply_outbuf(req, 0, 0); - show_msg((char *)req->outbuf); END_PROFILE(SMBtrans); return; -- cgit From 1d3c1de502bdb925fbe83714e65c37984d63ee52 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 08:47:09 +0000 Subject: r24231: Push allocating InBuffer/OutBuffer into reply_transs (This used to be commit 74ae19cca6dd15b65deffbf464cfd0e485da8611) --- source3/smbd/ipc.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 8b80d8bcc4..17c27b9957 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -703,21 +703,29 @@ void reply_trans(connection_struct *conn, struct smb_request *req) Reply to a secondary SMBtrans. ****************************************************************************/ -int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, - int size, int bufsize) +void reply_transs(connection_struct *conn, struct smb_request *req) { int outsize = 0; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; NTSTATUS result; + char *inbuf, *outbuf; + int size, bufsize; START_PROFILE(SMBtranss); + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBtranss); + return; + } + show_msg(inbuf); - if (SVAL(inbuf, smb_wct) < 10) { + if (req->wct < 10) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtranss); - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + return; } for (state = conn->pending_trans; state != NULL; @@ -728,8 +736,9 @@ int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, } if ((state == NULL) || (state->cmd != SMBtrans)) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtranss); - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + return; } /* Revise total_params and total_data in case they have changed @@ -792,7 +801,7 @@ int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, if ((state->received_param < state->total_param) || (state->received_data < state->total_data)) { END_PROFILE(SMBtranss); - return -1; + return; } /* construct_reply_common has done us the favor to pre-fill the @@ -808,12 +817,13 @@ int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, TALLOC_FREE(state); if ((outsize == 0) || !NT_STATUS_IS_OK(result)) { + reply_doserror(req, ERRSRV, ERRnosupport); END_PROFILE(SMBtranss); - return(ERROR_DOS(ERRSRV,ERRnosupport)); + return; } END_PROFILE(SMBtranss); - return(outsize); + return; bad_param: @@ -822,6 +832,7 @@ int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, SAFE_FREE(state->data); SAFE_FREE(state->param); TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtranss); - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + return; } -- cgit From 0cfea6de67493ce4496f6fbbb1bc14b486831111 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 09:01:15 +0000 Subject: r24232: Push down reply_prep_legacy inside reply_transs (This used to be commit 511f8bc030a9a16c2e793ce5d06577608e101de4) --- source3/smbd/ipc.c | 60 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 25 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 17c27b9957..3df740f9cf 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -714,13 +714,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req) START_PROFILE(SMBtranss); - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBtranss); - return; - } - - show_msg(inbuf); + show_msg((char *)req->inbuf); if (req->wct < 10) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -730,7 +724,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req) for (state = conn->pending_trans; state != NULL; state = state->next) { - if (state->mid == SVAL(inbuf,smb_mid)) { + if (state->mid == req->mid) { break; } } @@ -744,18 +738,20 @@ void reply_transs(connection_struct *conn, struct smb_request *req) /* Revise total_params and total_data in case they have changed * downwards */ - if (SVAL(inbuf, smb_vwv0) < state->total_param) - state->total_param = SVAL(inbuf,smb_vwv0); - if (SVAL(inbuf, smb_vwv1) < state->total_data) - state->total_data = SVAL(inbuf,smb_vwv1); + if (SVAL(req->inbuf, smb_vwv0) < state->total_param) + state->total_param = SVAL(req->inbuf,smb_vwv0); + if (SVAL(req->inbuf, smb_vwv1) < state->total_data) + state->total_data = SVAL(req->inbuf,smb_vwv1); + + size = smb_len(req->inbuf) + 4; - pcnt = SVAL(inbuf, smb_spscnt); - poff = SVAL(inbuf, smb_spsoff); - pdisp = SVAL(inbuf, smb_spsdisp); + pcnt = SVAL(req->inbuf, smb_spscnt); + poff = SVAL(req->inbuf, smb_spsoff); + pdisp = SVAL(req->inbuf, smb_spsdisp); - dcnt = SVAL(inbuf, smb_sdscnt); - doff = SVAL(inbuf, smb_sdsoff); - ddisp = SVAL(inbuf, smb_sdsdisp); + dcnt = SVAL(req->inbuf, smb_sdscnt); + doff = SVAL(req->inbuf, smb_sdsoff); + ddisp = SVAL(req->inbuf, smb_sdsdisp); state->received_param += pcnt; state->received_data += dcnt; @@ -771,13 +767,15 @@ void reply_transs(connection_struct *conn, struct smb_request *req) goto bad_param; if (pdisp > state->total_param) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || - (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) + if ((smb_base(req->inbuf) + poff + pcnt + > (char *)req->inbuf + size) || + (smb_base(req->inbuf) + poff + pcnt + < smb_base(req->inbuf))) goto bad_param; if (state->param + pdisp < state->param) goto bad_param; - memcpy(state->param+pdisp,smb_base(inbuf)+poff, + memcpy(state->param+pdisp,smb_base(req->inbuf)+poff, pcnt); } @@ -788,13 +786,15 @@ void reply_transs(connection_struct *conn, struct smb_request *req) goto bad_param; if (ddisp > state->total_data) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || - (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) + if ((smb_base(req->inbuf) + doff + dcnt + > (char *)inbuf + size) || + (smb_base(req->inbuf) + doff + dcnt + < smb_base(req->inbuf))) goto bad_param; if (state->data + ddisp < state->data) goto bad_param; - memcpy(state->data+ddisp, smb_base(inbuf)+doff, + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, dcnt); } @@ -804,13 +804,23 @@ void reply_transs(connection_struct *conn, struct smb_request *req) return; } + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBtranss); + return; + } + /* construct_reply_common has done us the favor to pre-fill the * command field with SMBtranss which is wrong :-) */ - SCVAL(outbuf,smb_com,SMBtrans); + SCVAL(req->outbuf,smb_com,SMBtrans); result = handle_trans(conn, state, inbuf, outbuf, &outsize); + if (NT_STATUS_IS_OK(result)) { + reply_post_legacy(req, outsize); + } + DLIST_REMOVE(conn->pending_trans, state); SAFE_FREE(state->data); SAFE_FREE(state->param); -- cgit From e41528c3f498640800bb3c773f01e27105963bdf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 09:18:14 +0000 Subject: r24233: Push reply_prep_legacy into handle_trans (This used to be commit dc27c3c668f86d008c27b8a749f5726287ba54a5) --- source3/smbd/ipc.c | 50 ++++++++++++++++---------------------------------- 1 file changed, 16 insertions(+), 34 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3df740f9cf..1dab5dbe56 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -426,18 +426,23 @@ static int named_pipe(connection_struct *conn, } static NTSTATUS handle_trans(connection_struct *conn, - struct trans_state *state, - const char *inbuf, - char *outbuf, - int *outsize) + struct smb_request *req, + struct trans_state *state, + int *outsize) { char *local_machine_name; int name_offset = 0; + char *inbuf, *outbuf; + int size, bufsize; DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", state->name,(unsigned int)state->total_data,(unsigned int)state->total_param, (unsigned int)state->setup_count)); + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { + return NT_STATUS_NO_MEMORY; + } + /* * WinCE wierdness.... */ @@ -488,6 +493,8 @@ static NTSTATUS handle_trans(connection_struct *conn, if (state->close_on_completion) close_cnum(conn,state->vuid); + reply_post_legacy(req, *outsize); + return NT_STATUS_OK; } @@ -504,8 +511,7 @@ void reply_trans(connection_struct *conn, struct smb_request *req) unsigned int pscnt; struct trans_state *state; NTSTATUS result; - char *inbuf, *outbuf; - int size, bufsize; + int size; START_PROFILE(SMBtrans); @@ -654,20 +660,7 @@ void reply_trans(connection_struct *conn, struct smb_request *req) return; } - if (!(reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize))) { - SAFE_FREE(state->data); - SAFE_FREE(state->param); - TALLOC_FREE(state); - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBtrans); - return; - } - - result = handle_trans(conn, state, inbuf, outbuf, &outsize); - - if (NT_STATUS_IS_OK(result)) { - reply_post_legacy(req, outsize); - } + result = handle_trans(conn, req, state, &outsize); SAFE_FREE(state->data); SAFE_FREE(state->param); @@ -709,8 +702,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req) unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; NTSTATUS result; - char *inbuf, *outbuf; - int size, bufsize; + int size; START_PROFILE(SMBtranss); @@ -787,7 +779,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req) if (ddisp > state->total_data) goto bad_param; if ((smb_base(req->inbuf) + doff + dcnt - > (char *)inbuf + size) || + > (char *)req->inbuf + size) || (smb_base(req->inbuf) + doff + dcnt < smb_base(req->inbuf))) goto bad_param; @@ -804,22 +796,12 @@ void reply_transs(connection_struct *conn, struct smb_request *req) return; } - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBtranss); - return; - } - /* construct_reply_common has done us the favor to pre-fill the * command field with SMBtranss which is wrong :-) */ SCVAL(req->outbuf,smb_com,SMBtrans); - result = handle_trans(conn, state, inbuf, outbuf, &outsize); - - if (NT_STATUS_IS_OK(result)) { - reply_post_legacy(req, outsize); - } + result = handle_trans(conn, req, state, &outsize); DLIST_REMOVE(conn->pending_trans, state); SAFE_FREE(state->data); -- cgit From abc519ff43fc71b3353704227d1941285062a256 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 09:19:21 +0000 Subject: r24234: Reformatting -- SCNR (This used to be commit 040d6d5db6d929f1612b1b0dc762b7f55c956740) --- source3/smbd/ipc.c | 69 ++++++++++++++++-------------------------------------- 1 file changed, 20 insertions(+), 49 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1dab5dbe56..c56d167806 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -354,34 +354,20 @@ static int api_fd_reply(connection_struct *conn, Handle named pipe commands. ****************************************************************************/ -static int named_pipe(connection_struct *conn, - uint16 vuid, - const char *inbuf, - char *outbuf, - char *name, - uint16 *setup, - char *data, - char *params, - int suwcnt, - int tdscnt, - int tpscnt, - int msrcnt, - int mdrcnt, - int mprcnt) +static int named_pipe(connection_struct *conn, uint16 vuid, + const char *inbuf, char *outbuf, + char *name, uint16 *setup, + char *data, char *params, + int suwcnt, int tdscnt,int tpscnt, + int msrcnt, int mdrcnt, int mprcnt) { DEBUG(3,("named pipe command on <%s> name\n", name)); if (strequal(name,"LANMAN")) { - return api_reply(conn, - vuid, - inbuf, - outbuf, - data, - params, - tdscnt, - tpscnt, - mdrcnt, - mprcnt); + return api_reply(conn, vuid, inbuf, outbuf, + data, params, + tdscnt, tpscnt, + mdrcnt, mprcnt); } if (strequal(name,"WKSSVC") || @@ -390,37 +376,22 @@ static int named_pipe(connection_struct *conn, strequal(name,"SAMR") || strequal(name,"LSARPC")) { DEBUG(4,("named pipe command from Win95 (wow!)\n")); - return api_fd_reply(conn, - vuid, - inbuf, - outbuf, - setup, - data, - params, - suwcnt, - tdscnt, - tpscnt, - mdrcnt, - mprcnt); + return api_fd_reply(conn, vuid, inbuf, outbuf, + setup, data, params, + suwcnt, tdscnt, tpscnt, + mdrcnt, mprcnt); } if (strlen(name) < 1) { - return api_fd_reply(conn, - vuid, - inbuf, - outbuf, - setup, - data, - params, - suwcnt, - tdscnt, - tpscnt, - mdrcnt, - mprcnt); + return api_fd_reply(conn, vuid, inbuf, outbuf, + setup, data, + params, suwcnt, tdscnt, + tpscnt, mdrcnt, mprcnt); } if (setup) - DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1])); + DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", + (int)setup[0],(int)setup[1])); return 0; } -- cgit From 3bb9f20bc3df85d8c099999dbc2c372eac245c28 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 09:46:17 +0000 Subject: r24235: Make handle_trans reply to errors itself (This used to be commit 06d0c74b74754c55f4c8ef0899bda08476e7dd4b) --- source3/smbd/ipc.c | 76 +++++++++++++++++++++--------------------------------- 1 file changed, 29 insertions(+), 47 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c56d167806..51403cd8b2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -396,22 +396,22 @@ static int named_pipe(connection_struct *conn, uint16 vuid, return 0; } -static NTSTATUS handle_trans(connection_struct *conn, - struct smb_request *req, - struct trans_state *state, - int *outsize) +static void handle_trans(connection_struct *conn, struct smb_request *req, + struct trans_state *state) { char *local_machine_name; int name_offset = 0; char *inbuf, *outbuf; int size, bufsize; + int outsize; DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", state->name,(unsigned int)state->total_data,(unsigned int)state->total_param, (unsigned int)state->setup_count)); if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - return NT_STATUS_NO_MEMORY; + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; } /* @@ -422,7 +422,8 @@ static NTSTATUS handle_trans(connection_struct *conn, get_local_machine_name()); if (local_machine_name == NULL) { - return NT_STATUS_NO_MEMORY; + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; } if (strnequal(state->name, local_machine_name, @@ -432,7 +433,8 @@ static NTSTATUS handle_trans(connection_struct *conn, if (!strnequal(&state->name[name_offset], "\\PIPE", strlen("\\PIPE"))) { - return NT_STATUS_NOT_SUPPORTED; + reply_nterror(req, NT_STATUS_NOT_SUPPORTED); + return; } name_offset += strlen("\\PIPE"); @@ -444,29 +446,30 @@ static NTSTATUS handle_trans(connection_struct *conn, name_offset++; DEBUG(5,("calling named_pipe\n")); - *outsize = named_pipe(conn, - state->vuid, - inbuf, - outbuf, - state->name+name_offset, - state->setup,state->data, - state->param, - state->setup_count,state->total_data, - state->total_param, - state->max_setup_return, - state->max_data_return, - state->max_param_return); - - if (*outsize == 0) { - return NT_STATUS_NOT_SUPPORTED; + outsize = named_pipe(conn, + state->vuid, + inbuf, + outbuf, + state->name+name_offset, + state->setup,state->data, + state->param, + state->setup_count,state->total_data, + state->total_param, + state->max_setup_return, + state->max_data_return, + state->max_param_return); + + if (outsize == 0) { + reply_nterror(req, NT_STATUS_NOT_SUPPORTED); + return; } if (state->close_on_completion) close_cnum(conn,state->vuid); - reply_post_legacy(req, *outsize); + reply_post_legacy(req, outsize); - return NT_STATUS_OK; + return; } /**************************************************************************** @@ -475,7 +478,6 @@ static NTSTATUS handle_trans(connection_struct *conn, void reply_trans(connection_struct *conn, struct smb_request *req) { - int outsize = 0; unsigned int dsoff; unsigned int dscnt; unsigned int psoff; @@ -631,24 +633,12 @@ void reply_trans(connection_struct *conn, struct smb_request *req) return; } - result = handle_trans(conn, req, state, &outsize); + handle_trans(conn, req, state); SAFE_FREE(state->data); SAFE_FREE(state->param); TALLOC_FREE(state); - if (!NT_STATUS_IS_OK(result)) { - reply_nterror(req, result); - END_PROFILE(SMBtrans); - return; - } - - if (outsize == 0) { - reply_nterror(req, NT_STATUS_INTERNAL_ERROR); - END_PROFILE(SMBtrans); - return; - } - END_PROFILE(SMBtrans); return; @@ -669,10 +659,8 @@ void reply_trans(connection_struct *conn, struct smb_request *req) void reply_transs(connection_struct *conn, struct smb_request *req) { - int outsize = 0; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - NTSTATUS result; int size; START_PROFILE(SMBtranss); @@ -772,19 +760,13 @@ void reply_transs(connection_struct *conn, struct smb_request *req) */ SCVAL(req->outbuf,smb_com,SMBtrans); - result = handle_trans(conn, req, state, &outsize); + handle_trans(conn, req, state); DLIST_REMOVE(conn->pending_trans, state); SAFE_FREE(state->data); SAFE_FREE(state->param); TALLOC_FREE(state); - if ((outsize == 0) || !NT_STATUS_IS_OK(result)) { - reply_doserror(req, ERRSRV, ERRnosupport); - END_PROFILE(SMBtranss); - return; - } - END_PROFILE(SMBtranss); return; -- cgit From 97a817dceb2906e9d4d63979f9f7619fb12a03a1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 10:01:58 +0000 Subject: r24236: Push reply_prep_legacy() into named_pipe() (This used to be commit b38f9347e81364d224e5ca00609099a74410e99c) --- source3/smbd/ipc.c | 92 +++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 46 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 51403cd8b2..9140ea66ac 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -354,20 +354,31 @@ static int api_fd_reply(connection_struct *conn, Handle named pipe commands. ****************************************************************************/ -static int named_pipe(connection_struct *conn, uint16 vuid, - const char *inbuf, char *outbuf, - char *name, uint16 *setup, - char *data, char *params, - int suwcnt, int tdscnt,int tpscnt, - int msrcnt, int mdrcnt, int mprcnt) +static void named_pipe(connection_struct *conn, uint16 vuid, + struct smb_request *req, + char *name, uint16 *setup, + char *data, char *params, + int suwcnt, int tdscnt,int tpscnt, + int msrcnt, int mdrcnt, int mprcnt) { + char *inbuf, *outbuf; + int size, bufsize; + DEBUG(3,("named pipe command on <%s> name\n", name)); + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + if (strequal(name,"LANMAN")) { - return api_reply(conn, vuid, inbuf, outbuf, - data, params, - tdscnt, tpscnt, - mdrcnt, mprcnt); + reply_post_legacy( + req, + api_reply(conn, vuid, inbuf, outbuf, + data, params, + tdscnt, tpscnt, + mdrcnt, mprcnt)); + return; } if (strequal(name,"WKSSVC") || @@ -376,24 +387,31 @@ static int named_pipe(connection_struct *conn, uint16 vuid, strequal(name,"SAMR") || strequal(name,"LSARPC")) { DEBUG(4,("named pipe command from Win95 (wow!)\n")); - return api_fd_reply(conn, vuid, inbuf, outbuf, - setup, data, params, - suwcnt, tdscnt, tpscnt, - mdrcnt, mprcnt); + reply_post_legacy( + req, + api_fd_reply(conn, vuid, inbuf, outbuf, + setup, data, params, + suwcnt, tdscnt, tpscnt, + mdrcnt, mprcnt)); + return; } if (strlen(name) < 1) { - return api_fd_reply(conn, vuid, inbuf, outbuf, - setup, data, - params, suwcnt, tdscnt, - tpscnt, mdrcnt, mprcnt); + reply_post_legacy( + req, + api_fd_reply(conn, vuid, inbuf, outbuf, + setup, data, + params, suwcnt, tdscnt, + tpscnt, mdrcnt, mprcnt)); + return; } if (setup) DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1])); - return 0; + reply_nterror(req, NT_STATUS_NOT_SUPPORTED); + return; } static void handle_trans(connection_struct *conn, struct smb_request *req, @@ -401,19 +419,11 @@ static void handle_trans(connection_struct *conn, struct smb_request *req, { char *local_machine_name; int name_offset = 0; - char *inbuf, *outbuf; - int size, bufsize; - int outsize; DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n", state->name,(unsigned int)state->total_data,(unsigned int)state->total_param, (unsigned int)state->setup_count)); - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - /* * WinCE wierdness.... */ @@ -446,29 +456,19 @@ static void handle_trans(connection_struct *conn, struct smb_request *req, name_offset++; DEBUG(5,("calling named_pipe\n")); - outsize = named_pipe(conn, - state->vuid, - inbuf, - outbuf, - state->name+name_offset, - state->setup,state->data, - state->param, - state->setup_count,state->total_data, - state->total_param, - state->max_setup_return, - state->max_data_return, - state->max_param_return); - - if (outsize == 0) { - reply_nterror(req, NT_STATUS_NOT_SUPPORTED); - return; - } + named_pipe(conn, state->vuid, req, + state->name+name_offset, + state->setup,state->data, + state->param, + state->setup_count,state->total_data, + state->total_param, + state->max_setup_return, + state->max_data_return, + state->max_param_return); if (state->close_on_completion) close_cnum(conn,state->vuid); - reply_post_legacy(req, outsize); - return; } -- cgit From d57a88a9948017bc9a1b5a12307e8e974425e39b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 10:04:11 +0000 Subject: r24237: Add send_trans_reply_new (This used to be commit f0598b3ca0ee04e31855c3e54f3198e6fd968737) --- source3/smbd/ipc.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 9140ea66ac..157aff20c1 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -158,6 +158,24 @@ void send_trans_reply(const char *inbuf, } } +void send_trans_reply_new(struct smb_request *req, + char *rparam, int rparam_len, + char *rdata, int rdata_len, + BOOL buffer_too_large) +{ + char *inbuf, *outbuf; + int size, buflength; + + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &buflength)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + + send_trans_reply(inbuf, outbuf, rparam, rparam_len, + rdata, rdata_len, buffer_too_large); + reply_post_legacy(req, -1); +} + /**************************************************************************** Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -- cgit From bcd0bf8e5e52d8f09e43aa74be55cafcb8e2cb59 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 10:17:58 +0000 Subject: r24238: Push down reply_prep_legacy one level (This used to be commit a6a2d97facf95c7997f3d12457f2811b3b7bde1b) --- source3/smbd/ipc.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 157aff20c1..e238a3cc12 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -379,17 +379,17 @@ static void named_pipe(connection_struct *conn, uint16 vuid, int suwcnt, int tdscnt,int tpscnt, int msrcnt, int mdrcnt, int mprcnt) { - char *inbuf, *outbuf; - int size, bufsize; - DEBUG(3,("named pipe command on <%s> name\n", name)); - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - if (strequal(name,"LANMAN")) { + char *inbuf, *outbuf; + int size, bufsize; + + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + reply_post_legacy( req, api_reply(conn, vuid, inbuf, outbuf, @@ -404,7 +404,16 @@ static void named_pipe(connection_struct *conn, uint16 vuid, strequal(name,"WINREG") || strequal(name,"SAMR") || strequal(name,"LSARPC")) { + char *inbuf, *outbuf; + int size, bufsize; + DEBUG(4,("named pipe command from Win95 (wow!)\n")); + + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + reply_post_legacy( req, api_fd_reply(conn, vuid, inbuf, outbuf, @@ -415,6 +424,14 @@ static void named_pipe(connection_struct *conn, uint16 vuid, } if (strlen(name) < 1) { + char *inbuf, *outbuf; + int size, bufsize; + + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + reply_post_legacy( req, api_fd_reply(conn, vuid, inbuf, outbuf, -- cgit From fbe15d8db9fc06c9ad6565f15da58dbb7027ce35 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 10:28:12 +0000 Subject: r24239: Push reply_prep_legacy into api_fd_reply (This used to be commit e2a96497928ab959e36639fef2d493640bb6e951) --- source3/smbd/ipc.c | 89 +++++++++++++++++++++++------------------------------- 1 file changed, 38 insertions(+), 51 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index e238a3cc12..a190a59996 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -263,7 +263,7 @@ static BOOL api_SNPHS(const char *inbuf, When no reply is generated, indicate unsupported. ****************************************************************************/ -static BOOL api_no_reply(const char *inbuf, char *outbuf, int max_rdata_len) +static void api_no_reply(struct smb_request *req) { char rparam[4]; @@ -274,39 +274,35 @@ static BOOL api_no_reply(const char *inbuf, char *outbuf, int max_rdata_len) DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply(inbuf, outbuf, rparam, 4, NULL, 0, False); + send_trans_reply_new(req, rparam, 4, NULL, 0, False); - return -1; + return; } /**************************************************************************** Handle remote api calls delivered to a named pipe already opened. ****************************************************************************/ -static int api_fd_reply(connection_struct *conn, - uint16 vuid, - const char *inbuf, - char *outbuf, - uint16 *setup, - char *data, - char *params, - int suwcnt, - int tdscnt, - int tpscnt, - int mdrcnt, - int mprcnt) +static void api_fd_reply(connection_struct *conn, uint16 vuid, + struct smb_request *req, + uint16 *setup, char *data, char *params, + int suwcnt, int tdscnt, int tpscnt, + int mdrcnt, int mprcnt) { BOOL reply = False; smb_np_struct *p = NULL; int pnum; int subcommand; + char *inbuf, *outbuf; + int size, buflength; DEBUG(5,("api_fd_reply\n")); /* First find out the name of this file. */ if (suwcnt != 2) { DEBUG(0,("Unexpected named pipe transaction.\n")); - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; } /* Get the file handle and hence the file name. */ @@ -322,18 +318,20 @@ static int api_fd_reply(connection_struct *conn, /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); - send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); - return -1; + send_trans_reply_new(req, NULL, 0, NULL, 0, False); + return; } DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum)); - return ERROR_NT(NT_STATUS_INVALID_HANDLE); + reply_nterror(req, NT_STATUS_INVALID_HANDLE); + return; } if (vuid != p->vuid) { DEBUG(1, ("Got pipe request (pnum %x) using invalid VUID %d, " "expected %d\n", pnum, vuid, p->vuid)); - return ERROR_NT(NT_STATUS_INVALID_HANDLE); + reply_nterror(req, NT_STATUS_INVALID_HANDLE); + return; } DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)\n", subcommand, p->name, pnum)); @@ -343,6 +341,11 @@ static int api_fd_reply(connection_struct *conn, DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply)); + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &buflength)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + switch (subcommand) { case TRANSACT_DCERPCCMD: /* dce/rpc command */ @@ -359,13 +362,16 @@ static int api_fd_reply(connection_struct *conn, reply = api_SNPHS(inbuf, outbuf, p, params, tpscnt); break; default: - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; } - if (!reply) - return api_no_reply(inbuf, outbuf, mdrcnt); + if (!reply) { + api_no_reply(req); + return; + } - return -1; + reply_post_legacy(req, -1); } /**************************************************************************** @@ -404,40 +410,21 @@ static void named_pipe(connection_struct *conn, uint16 vuid, strequal(name,"WINREG") || strequal(name,"SAMR") || strequal(name,"LSARPC")) { - char *inbuf, *outbuf; - int size, bufsize; DEBUG(4,("named pipe command from Win95 (wow!)\n")); - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - - reply_post_legacy( - req, - api_fd_reply(conn, vuid, inbuf, outbuf, - setup, data, params, - suwcnt, tdscnt, tpscnt, - mdrcnt, mprcnt)); + api_fd_reply(conn, vuid, req, + setup, data, params, + suwcnt, tdscnt, tpscnt, + mdrcnt, mprcnt); return; } if (strlen(name) < 1) { - char *inbuf, *outbuf; - int size, bufsize; - - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - - reply_post_legacy( - req, - api_fd_reply(conn, vuid, inbuf, outbuf, - setup, data, - params, suwcnt, tdscnt, - tpscnt, mdrcnt, mprcnt)); + api_fd_reply(conn, vuid, req, + setup, data, + params, suwcnt, tdscnt, + tpscnt, mdrcnt, mprcnt); return; } -- cgit From b8de67a2f2ef7334a77aa3b71752658c4555191d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 10:37:08 +0000 Subject: r24240: Push down reply_prep_legacy one level inside api_fd_reply (This used to be commit 0bb95639d6b49b18f2a7f1131f54239355097119) --- source3/smbd/ipc.c | 73 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 54 insertions(+), 19 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a190a59996..ddc42c408e 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -293,8 +293,6 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, smb_np_struct *p = NULL; int pnum; int subcommand; - char *inbuf, *outbuf; - int size, buflength; DEBUG(5,("api_fd_reply\n")); @@ -341,37 +339,74 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply)); - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &buflength)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - switch (subcommand) { - case TRANSACT_DCERPCCMD: + case TRANSACT_DCERPCCMD: { + + char *inbuf, *outbuf; + int size, buflength; + + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, + &buflength)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + /* dce/rpc command */ reply = write_to_pipe(p, data, tdscnt); if (reply) reply = api_rpc_trans_reply(inbuf, outbuf, p); + + if (!reply) { + api_no_reply(req); + return; + } + reply_post_legacy(req, -1); break; - case TRANSACT_WAITNAMEDPIPEHANDLESTATE: + } + case TRANSACT_WAITNAMEDPIPEHANDLESTATE: { + + char *inbuf, *outbuf; + int size, buflength; + + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, + &buflength)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + /* Wait Named Pipe Handle state */ - reply = api_WNPHS(inbuf, outbuf, p, params, tpscnt); + if (!api_WNPHS(inbuf, outbuf, p, params, tpscnt)) { + api_no_reply(req); + return; + } + + reply_post_legacy(req, -1); break; - case TRANSACT_SETNAMEDPIPEHANDLESTATE: + } + case TRANSACT_SETNAMEDPIPEHANDLESTATE: { + + char *inbuf, *outbuf; + int size, buflength; + + if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, + &buflength)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + /* Set Named Pipe Handle state */ - reply = api_SNPHS(inbuf, outbuf, p, params, tpscnt); + if (!api_SNPHS(inbuf, outbuf, p, params, tpscnt)) { + api_no_reply(req); + return; + } + + reply_post_legacy(req, -1); break; + } default: reply_nterror(req, NT_STATUS_INVALID_PARAMETER); return; } - - if (!reply) { - api_no_reply(req); - return; - } - - reply_post_legacy(req, -1); } /**************************************************************************** -- cgit From 40f6afcea2dc2341682ce2dc1bc9082342c46d06 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 10:48:35 +0000 Subject: r24241: Remove reply_prep_legacy from api_WNPHS and api_SNPHS (This used to be commit 8702450e91943b1097ae3c8979d60b6962a69632) --- source3/smbd/ipc.c | 80 ++++++++++++++++-------------------------------------- 1 file changed, 23 insertions(+), 57 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index ddc42c408e..bea4f77450 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -30,7 +30,7 @@ extern int max_send; #define NERR_notsupported 50 -extern int smb_read_error; +static void api_no_reply(struct smb_request *req); /******************************************************************* copies parameters and data, as needed, into the smb buffer @@ -209,26 +209,25 @@ static BOOL api_rpc_trans_reply(const char *inbuf, WaitNamedPipeHandleState ****************************************************************************/ -static BOOL api_WNPHS(const char *inbuf, - char *outbuf, - smb_np_struct *p, - char *param, - int param_len) +static void api_WNPHS(struct smb_request *req, smb_np_struct *p, + char *param, int param_len) { uint16 priority; - if (!param || param_len < 2) - return False; + if (!param || param_len < 2) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; + } priority = SVAL(param,0); DEBUG(4,("WaitNamedPipeHandleState priority %x\n", priority)); if (wait_rpc_pipe_hnd_state(p, priority)) { /* now send the reply */ - send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); - return True; + send_trans_reply_new(req, NULL, 0, NULL, 0, False); + return; } - return False; + api_no_reply(req); } @@ -236,26 +235,25 @@ static BOOL api_WNPHS(const char *inbuf, SetNamedPipeHandleState ****************************************************************************/ -static BOOL api_SNPHS(const char *inbuf, - char *outbuf, - smb_np_struct *p, - char *param, - int param_len) +static void api_SNPHS(struct smb_request *req, smb_np_struct *p, + char *param, int param_len) { uint16 id; - if (!param || param_len < 2) - return False; + if (!param || param_len < 2) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; + } id = SVAL(param,0); DEBUG(4,("SetNamedPipeHandleState to code %x\n", id)); if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); - return True; + send_trans_reply_new(req, NULL, 0, NULL, 0, False); + return; } - return False; + api_no_reply(req); } @@ -363,46 +361,14 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, reply_post_legacy(req, -1); break; } - case TRANSACT_WAITNAMEDPIPEHANDLESTATE: { - - char *inbuf, *outbuf; - int size, buflength; - - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, - &buflength)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - + case TRANSACT_WAITNAMEDPIPEHANDLESTATE: /* Wait Named Pipe Handle state */ - if (!api_WNPHS(inbuf, outbuf, p, params, tpscnt)) { - api_no_reply(req); - return; - } - - reply_post_legacy(req, -1); + api_WNPHS(req, p, params, tpscnt); break; - } - case TRANSACT_SETNAMEDPIPEHANDLESTATE: { - - char *inbuf, *outbuf; - int size, buflength; - - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, - &buflength)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - + case TRANSACT_SETNAMEDPIPEHANDLESTATE: /* Set Named Pipe Handle state */ - if (!api_SNPHS(inbuf, outbuf, p, params, tpscnt)) { - api_no_reply(req); - return; - } - - reply_post_legacy(req, -1); + api_SNPHS(req, p, params, tpscnt); break; - } default: reply_nterror(req, NT_STATUS_INVALID_PARAMETER); return; -- cgit From 43a77ab149f154961113f05296815af50c0274da Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 10:57:04 +0000 Subject: r24242: Remove reply_prep_legacy from api_rpc_trans_reply (This used to be commit 160f65946af9b3e1609b0efb211edc81514fb36f) --- source3/smbd/ipc.c | 34 ++++++++++------------------------ 1 file changed, 10 insertions(+), 24 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bea4f77450..3b26ded71f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -180,9 +180,7 @@ void send_trans_reply_new(struct smb_request *req, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static BOOL api_rpc_trans_reply(const char *inbuf, - char *outbuf, - smb_np_struct *p) +static void api_rpc_trans_reply(struct smb_request *req, smb_np_struct *p) { BOOL is_data_outstanding; char *rdata = (char *)SMB_MALLOC(p->max_trans_reply); @@ -190,19 +188,21 @@ static BOOL api_rpc_trans_reply(const char *inbuf, if(rdata == NULL) { DEBUG(0,("api_rpc_trans_reply: malloc fail.\n")); - return False; + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; } if((data_len = read_from_pipe( p, rdata, p->max_trans_reply, &is_data_outstanding)) < 0) { SAFE_FREE(rdata); - return False; + api_no_reply(req); + return; } - send_trans_reply(inbuf, outbuf, NULL, 0, rdata, data_len, is_data_outstanding); - + send_trans_reply_new(req, NULL, 0, rdata, data_len, + is_data_outstanding); SAFE_FREE(rdata); - return True; + return; } /**************************************************************************** @@ -338,29 +338,15 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply)); switch (subcommand) { - case TRANSACT_DCERPCCMD: { - - char *inbuf, *outbuf; - int size, buflength; - - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, - &buflength)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - + case TRANSACT_DCERPCCMD: /* dce/rpc command */ reply = write_to_pipe(p, data, tdscnt); - if (reply) - reply = api_rpc_trans_reply(inbuf, outbuf, p); - if (!reply) { api_no_reply(req); return; } - reply_post_legacy(req, -1); + api_rpc_trans_reply(req, p); break; - } case TRANSACT_WAITNAMEDPIPEHANDLESTATE: /* Wait Named Pipe Handle state */ api_WNPHS(req, p, params, tpscnt); -- cgit From d274724ebbbce15abe2c5cd73fca94453dfc2a84 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 11:19:24 +0000 Subject: r24243: Remove reply_prep_legacy from api_reply (This used to be commit b01664b43b0bd94bb59dec57480d2be954a7298a) --- source3/smbd/ipc.c | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 3b26ded71f..f865af2fc7 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -375,20 +375,10 @@ static void named_pipe(connection_struct *conn, uint16 vuid, DEBUG(3,("named pipe command on <%s> name\n", name)); if (strequal(name,"LANMAN")) { - char *inbuf, *outbuf; - int size, bufsize; - - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - - reply_post_legacy( - req, - api_reply(conn, vuid, inbuf, outbuf, - data, params, - tdscnt, tpscnt, - mdrcnt, mprcnt)); + api_reply(conn, vuid, req, + data, params, + tdscnt, tpscnt, + mdrcnt, mprcnt); return; } -- cgit From b0ed26faf088d921e876f3a850c3e146514cc7e8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Aug 2007 11:34:57 +0000 Subject: r24244: Complete the conversion of reply_trans[s] Remove reply_prep/post_legacy from send_trans_replies (This used to be commit c08366f840ead5aba7199cf0b058587055b4d98e) --- source3/smbd/ipc.c | 125 +++++++++++++++++++++++++++-------------------------- 1 file changed, 63 insertions(+), 62 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f865af2fc7..b13c18a590 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -46,7 +46,7 @@ static void copy_trans_params_and_data(char *outbuf, int align, char *rparam, int param_offset, int param_len, char *rdata, int data_offset, int data_len) { - char *copy_into = smb_buf(outbuf)+1; + char *copy_into = smb_buf(outbuf); if(param_len < 0) param_len = 0; @@ -58,6 +58,10 @@ static void copy_trans_params_and_data(char *outbuf, int align, param_offset, param_offset + param_len, data_offset , data_offset + data_len)); + *copy_into = '\0'; + + copy_into += 1; + if (param_len) memcpy(copy_into, &rparam[param_offset], param_len); @@ -71,13 +75,10 @@ static void copy_trans_params_and_data(char *outbuf, int align, Send a trans reply. ****************************************************************************/ -void send_trans_reply(const char *inbuf, - char *outbuf, - char *rparam, - int rparam_len, - char *rdata, - int rdata_len, - BOOL buffer_too_large) +void send_trans_reply(struct smb_request *req, + char *rparam, int rparam_len, + char *rdata, int rdata_len, + BOOL buffer_too_large) { int this_ldata,this_lparam; int tot_data_sent = 0; @@ -95,30 +96,38 @@ void send_trans_reply(const char *inbuf, align = ((this_lparam)%4); - if (buffer_too_large) { - ERROR_BOTH(STATUS_BUFFER_OVERFLOW,ERRDOS,ERRmoredata); - } - - set_message(inbuf,outbuf,10,1+align+this_ldata+this_lparam,True); + reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); - copy_trans_params_and_data(outbuf, align, + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(outbuf,smb_vwv0,lparam); - SSVAL(outbuf,smb_vwv1,ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,0); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); - SSVAL(outbuf,smb_vwv8,0); - SSVAL(outbuf,smb_vwv9,0); - - show_msg(outbuf); - if (!send_smb(smbd_server_fd(),outbuf)) + SSVAL(req->outbuf,smb_vwv0,lparam); + SSVAL(req->outbuf,smb_vwv1,ldata); + SSVAL(req->outbuf,smb_vwv3,this_lparam); + SSVAL(req->outbuf,smb_vwv4,smb_offset(smb_buf(req->outbuf)+1, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv5,0); + SSVAL(req->outbuf,smb_vwv6,this_ldata); + SSVAL(req->outbuf,smb_vwv7,smb_offset(smb_buf(req->outbuf)+1+ + this_lparam+align, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv8,0); + SSVAL(req->outbuf,smb_vwv9,0); + + if (buffer_too_large) { + error_packet_set((char *)req->outbuf, + ERRDOS, ERRmoredata, + STATUS_BUFFER_OVERFLOW, + __LINE__, __FILE__); + } + + show_msg((char *)req->outbuf); + if (!send_smb(smbd_server_fd(),(char *)req->outbuf)) exit_server_cleanly("send_trans_reply: send_smb failed."); + TALLOC_FREE(req->outbuf); + tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -135,47 +144,40 @@ void send_trans_reply(const char *inbuf, align = (this_lparam%4); - set_message(inbuf,outbuf,10,1+this_ldata+this_lparam+align,False); + reply_outbuf(req, 10, 1+this_ldata+this_lparam+align); - copy_trans_params_and_data(outbuf, align, + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,tot_param_sent); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf)); - SSVAL(outbuf,smb_vwv8,tot_data_sent); - SSVAL(outbuf,smb_vwv9,0); - - show_msg(outbuf); - if (!send_smb(smbd_server_fd(),outbuf)) + SSVAL(req->outbuf,smb_vwv3,this_lparam); + SSVAL(req->outbuf,smb_vwv4,smb_offset(smb_buf(req->outbuf)+1, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv5,tot_param_sent); + SSVAL(req->outbuf,smb_vwv6,this_ldata); + SSVAL(req->outbuf,smb_vwv7,smb_offset(smb_buf(req->outbuf)+1+ + this_lparam+align, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv8,tot_data_sent); + SSVAL(req->outbuf,smb_vwv9,0); + + if (buffer_too_large) { + error_packet_set((char *)req->outbuf, + ERRDOS, ERRmoredata, + STATUS_BUFFER_OVERFLOW, + __LINE__, __FILE__); + } + + show_msg((char *)req->outbuf); + if (!send_smb(smbd_server_fd(), (char *)req->outbuf)) exit_server_cleanly("send_trans_reply: send_smb failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; + TALLOC_FREE(req->outbuf); } } -void send_trans_reply_new(struct smb_request *req, - char *rparam, int rparam_len, - char *rdata, int rdata_len, - BOOL buffer_too_large) -{ - char *inbuf, *outbuf; - int size, buflength; - - if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &buflength)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - - send_trans_reply(inbuf, outbuf, rparam, rparam_len, - rdata, rdata_len, buffer_too_large); - reply_post_legacy(req, -1); -} - /**************************************************************************** Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ @@ -199,8 +201,7 @@ static void api_rpc_trans_reply(struct smb_request *req, smb_np_struct *p) return; } - send_trans_reply_new(req, NULL, 0, rdata, data_len, - is_data_outstanding); + send_trans_reply(req, NULL, 0, rdata, data_len, is_data_outstanding); SAFE_FREE(rdata); return; } @@ -224,7 +225,7 @@ static void api_WNPHS(struct smb_request *req, smb_np_struct *p, if (wait_rpc_pipe_hnd_state(p, priority)) { /* now send the reply */ - send_trans_reply_new(req, NULL, 0, NULL, 0, False); + send_trans_reply(req, NULL, 0, NULL, 0, False); return; } api_no_reply(req); @@ -250,7 +251,7 @@ static void api_SNPHS(struct smb_request *req, smb_np_struct *p, if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply_new(req, NULL, 0, NULL, 0, False); + send_trans_reply(req, NULL, 0, NULL, 0, False); return; } api_no_reply(req); @@ -272,7 +273,7 @@ static void api_no_reply(struct smb_request *req) DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply_new(req, rparam, 4, NULL, 0, False); + send_trans_reply(req, rparam, 4, NULL, 0, False); return; } @@ -314,7 +315,7 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); - send_trans_reply_new(req, NULL, 0, NULL, 0, False); + send_trans_reply(req, NULL, 0, NULL, 0, False); return; } -- cgit From 23998e1da83c77c16ff4d33529b8dab38005b001 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 10 Aug 2007 21:34:55 +0000 Subject: r24320: Fix the wct checks in reply_trans2 and the reply_trans calls No idea what I've been smoking here. Thanks to Stefan for closely looking (This used to be commit 708f5af2e8c10d9a0d0027e3c31fa23689e746b8) --- source3/smbd/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b13c18a590..2403706929 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -488,7 +488,7 @@ void reply_trans(connection_struct *conn, struct smb_request *req) START_PROFILE(SMBtrans); - if (SVAL(req->inbuf, smb_wct) < 10) { + if (req->wct < 14) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtrans); return; @@ -667,7 +667,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req) show_msg((char *)req->inbuf); - if (req->wct < 10) { + if (req->wct < 8) { reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtranss); return; -- cgit From 327ca9167ed28d2207444a93424cadef79d166b5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Sep 2007 19:27:34 +0000 Subject: r25103: Ensure we don't return unwritten memory (valgrind caught). Jeremy. (This used to be commit b3f0d39d11fa18b7bfef6cec88efaf4a2be2d6e0) --- source3/smbd/ipc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 2403706929..0709acc756 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -54,9 +54,10 @@ static void copy_trans_params_and_data(char *outbuf, int align, if(data_len < 0) data_len = 0; - DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n", + DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d] (align %d)\n", param_offset, param_offset + param_len, - data_offset , data_offset + data_len)); + data_offset , data_offset + data_len, + align)); *copy_into = '\0'; @@ -65,7 +66,12 @@ static void copy_trans_params_and_data(char *outbuf, int align, if (param_len) memcpy(copy_into, &rparam[param_offset], param_len); - copy_into += param_len + align; + copy_into += param_len; + if (align) { + memset(copy_into, '\0', align); + } + + copy_into += align; if (data_len ) memcpy(copy_into, &rdata[data_offset], data_len); -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/smbd/ipc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0709acc756..0360417c56 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -84,7 +84,7 @@ static void copy_trans_params_and_data(char *outbuf, int align, void send_trans_reply(struct smb_request *req, char *rparam, int rparam_len, char *rdata, int rdata_len, - BOOL buffer_too_large) + bool buffer_too_large) { int this_ldata,this_lparam; int tot_data_sent = 0; @@ -190,7 +190,7 @@ void send_trans_reply(struct smb_request *req, static void api_rpc_trans_reply(struct smb_request *req, smb_np_struct *p) { - BOOL is_data_outstanding; + bool is_data_outstanding; char *rdata = (char *)SMB_MALLOC(p->max_trans_reply); int data_len; @@ -294,7 +294,7 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, int suwcnt, int tdscnt, int tpscnt, int mdrcnt, int mprcnt) { - BOOL reply = False; + bool reply = False; smb_np_struct *p = NULL; int pnum; int subcommand; -- cgit From 0e9a1c24a067832b2d3962e851001767973643d8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 4 Dec 2007 12:53:21 -0800 Subject: Fix crash bug with vl's new trans handling in old transs calls. Make this look like the (working) transs2 handling (replace inbuf, not write to outbuf - outbuf isn't allocated yet so you get a null deref). Jeremy. (This used to be commit f04e37a630f8e7538d670d34db4ea7fc7c0b50a3) --- source3/smbd/ipc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0360417c56..eed293d50d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -752,7 +752,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req) goto bad_param; memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + dcnt); } if ((state->received_param < state->total_param) || @@ -761,10 +761,11 @@ void reply_transs(connection_struct *conn, struct smb_request *req) return; } - /* construct_reply_common has done us the favor to pre-fill the - * command field with SMBtranss which is wrong :-) - */ - SCVAL(req->outbuf,smb_com,SMBtrans); + /* + * construct_reply_common will copy smb_com from inbuf to + * outbuf. SMBtranss is wrong here. + */ + SCVAL(req->inbuf,smb_com,SMBtrans); handle_trans(conn, req, state); -- cgit From 09fcb233a30e65b4b42f36ce38f70ddd0dfc4746 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Dec 2007 15:31:05 -0800 Subject: Don't need an fstring here, we can talloc. Jeremy. (This used to be commit 3f6cc826378729c9157ea68e7cf5c7b584bbb585) --- source3/smbd/ipc.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index eed293d50d..f28016ccb3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -374,7 +374,7 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, static void named_pipe(connection_struct *conn, uint16 vuid, struct smb_request *req, - char *name, uint16 *setup, + const char *name, uint16 *setup, char *data, char *params, int suwcnt, int tdscnt,int tpscnt, int msrcnt, int mdrcnt, int mprcnt) @@ -452,7 +452,7 @@ static void handle_trans(connection_struct *conn, struct smb_request *req, reply_nterror(req, NT_STATUS_NOT_SUPPORTED); return; } - + name_offset += strlen("\\PIPE"); /* Win9x weirdness. When talking to a unicode server Win9x @@ -538,12 +538,11 @@ void reply_trans(connection_struct *conn, struct smb_request *req) state->close_on_completion = BITSETW(req->inbuf+smb_vwv5,0); state->one_way = BITSETW(req->inbuf+smb_vwv5,1); - memset(state->name, '\0',sizeof(state->name)); - srvstr_pull_buf(req->inbuf, req->flags2, state->name, - smb_buf(req->inbuf), sizeof(state->name), - STR_TERMINATE); - - if ((dscnt > state->total_data) || (pscnt > state->total_param)) + srvstr_pull_buf_talloc(state, req->inbuf, req->flags2, &state->name, + smb_buf(req->inbuf), STR_TERMINATE); + + if ((dscnt > state->total_data) || (pscnt > state->total_param) || + !state->name) goto bad_param; if (state->total_data) { @@ -557,7 +556,7 @@ void reply_trans(connection_struct *conn, struct smb_request *req) reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBtrans); return; - } + } /* null-terminate the slack space */ memset(&state->data[state->total_data], 0, 100); if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) -- cgit From 9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Jan 2008 12:56:23 -0800 Subject: Refactor the crypto code after a very helpful conversation with Volker. Mostly making sure we have data on the incoming packet type, not stored in the smb header. Jeremy. (This used to be commit c4e5a505043965eec77b5bb9bc60957e8f3b97c8) --- source3/smbd/ipc.c | 53 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 23 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f28016ccb3..a89f5cbbfe 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -30,7 +30,7 @@ extern int max_send; #define NERR_notsupported 50 -static void api_no_reply(struct smb_request *req); +static void api_no_reply(connection_struct *conn, struct smb_request *req); /******************************************************************* copies parameters and data, as needed, into the smb buffer @@ -81,7 +81,8 @@ static void copy_trans_params_and_data(char *outbuf, int align, Send a trans reply. ****************************************************************************/ -void send_trans_reply(struct smb_request *req, +void send_trans_reply(connection_struct *conn, + struct smb_request *req, char *rparam, int rparam_len, char *rdata, int rdata_len, bool buffer_too_large) @@ -129,8 +130,10 @@ void send_trans_reply(struct smb_request *req, } show_msg((char *)req->outbuf); - if (!send_smb(smbd_server_fd(),(char *)req->outbuf)) - exit_server_cleanly("send_trans_reply: send_smb failed."); + if (!srv_send_smb(smbd_server_fd(), + (char *)req->outbuf, + IS_CONN_ENCRYPTED(conn))) + exit_server_cleanly("send_trans_reply: srv_send_smb failed."); TALLOC_FREE(req->outbuf); @@ -175,8 +178,10 @@ void send_trans_reply(struct smb_request *req, } show_msg((char *)req->outbuf); - if (!send_smb(smbd_server_fd(), (char *)req->outbuf)) - exit_server_cleanly("send_trans_reply: send_smb failed."); + if (!srv_send_smb(smbd_server_fd(), + (char *)req->outbuf, + IS_CONN_ENCRYPTED(conn))) + exit_server_cleanly("send_trans_reply: srv_send_smb failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; @@ -188,7 +193,7 @@ void send_trans_reply(struct smb_request *req, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static void api_rpc_trans_reply(struct smb_request *req, smb_np_struct *p) +static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req, smb_np_struct *p) { bool is_data_outstanding; char *rdata = (char *)SMB_MALLOC(p->max_trans_reply); @@ -203,11 +208,11 @@ static void api_rpc_trans_reply(struct smb_request *req, smb_np_struct *p) if((data_len = read_from_pipe( p, rdata, p->max_trans_reply, &is_data_outstanding)) < 0) { SAFE_FREE(rdata); - api_no_reply(req); + api_no_reply(conn,req); return; } - send_trans_reply(req, NULL, 0, rdata, data_len, is_data_outstanding); + send_trans_reply(conn, req, NULL, 0, rdata, data_len, is_data_outstanding); SAFE_FREE(rdata); return; } @@ -216,7 +221,7 @@ static void api_rpc_trans_reply(struct smb_request *req, smb_np_struct *p) WaitNamedPipeHandleState ****************************************************************************/ -static void api_WNPHS(struct smb_request *req, smb_np_struct *p, +static void api_WNPHS(connection_struct *conn, struct smb_request *req, smb_np_struct *p, char *param, int param_len) { uint16 priority; @@ -231,10 +236,10 @@ static void api_WNPHS(struct smb_request *req, smb_np_struct *p, if (wait_rpc_pipe_hnd_state(p, priority)) { /* now send the reply */ - send_trans_reply(req, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req, NULL, 0, NULL, 0, False); return; } - api_no_reply(req); + api_no_reply(conn,req); } @@ -242,7 +247,7 @@ static void api_WNPHS(struct smb_request *req, smb_np_struct *p, SetNamedPipeHandleState ****************************************************************************/ -static void api_SNPHS(struct smb_request *req, smb_np_struct *p, +static void api_SNPHS(connection_struct *conn, struct smb_request *req, smb_np_struct *p, char *param, int param_len) { uint16 id; @@ -257,10 +262,10 @@ static void api_SNPHS(struct smb_request *req, smb_np_struct *p, if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply(req, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req, NULL, 0, NULL, 0, False); return; } - api_no_reply(req); + api_no_reply(conn,req); } @@ -268,7 +273,7 @@ static void api_SNPHS(struct smb_request *req, smb_np_struct *p, When no reply is generated, indicate unsupported. ****************************************************************************/ -static void api_no_reply(struct smb_request *req) +static void api_no_reply(connection_struct *conn, struct smb_request *req) { char rparam[4]; @@ -279,7 +284,7 @@ static void api_no_reply(struct smb_request *req) DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply(req, rparam, 4, NULL, 0, False); + send_trans_reply(conn, req, rparam, 4, NULL, 0, False); return; } @@ -321,7 +326,7 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); - send_trans_reply(req, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req, NULL, 0, NULL, 0, False); return; } @@ -349,18 +354,18 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, /* dce/rpc command */ reply = write_to_pipe(p, data, tdscnt); if (!reply) { - api_no_reply(req); + api_no_reply(conn, req); return; } - api_rpc_trans_reply(req, p); + api_rpc_trans_reply(conn, req, p); break; case TRANSACT_WAITNAMEDPIPEHANDLESTATE: /* Wait Named Pipe Handle state */ - api_WNPHS(req, p, params, tpscnt); + api_WNPHS(conn, req, p, params, tpscnt); break; case TRANSACT_SETNAMEDPIPEHANDLESTATE: /* Set Named Pipe Handle state */ - api_SNPHS(req, p, params, tpscnt); + api_SNPHS(conn, req, p, params, tpscnt); break; default: reply_nterror(req, NT_STATUS_INVALID_PARAMETER); @@ -472,8 +477,10 @@ static void handle_trans(connection_struct *conn, struct smb_request *req, state->max_data_return, state->max_param_return); - if (state->close_on_completion) + if (state->close_on_completion) { close_cnum(conn,state->vuid); + req->conn = NULL; + } return; } -- cgit From 29562987c393ef7e908aa02ee7ba00a83f3db520 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Jan 2008 15:37:24 -0800 Subject: Now conn is part of smb_request, we don't need it as an extra parameter. This cleans up quite a few places we were passing it around without needing it. Jeremy. (This used to be commit 8f36def18e9f980e8db522e1de41e80cfd5f466e) --- source3/smbd/ipc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a89f5cbbfe..68a13d692f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -489,8 +489,9 @@ static void handle_trans(connection_struct *conn, struct smb_request *req, Reply to a SMBtrans. ****************************************************************************/ -void reply_trans(connection_struct *conn, struct smb_request *req) +void reply_trans(struct smb_request *req) { + connection_struct *conn = req->conn; unsigned int dsoff; unsigned int dscnt; unsigned int psoff; @@ -669,8 +670,9 @@ void reply_trans(connection_struct *conn, struct smb_request *req) Reply to a secondary SMBtrans. ****************************************************************************/ -void reply_transs(connection_struct *conn, struct smb_request *req) +void reply_transs(struct smb_request *req) { + connection_struct *conn = req->conn; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; int size; -- cgit From 86e59c50f1c92c9dc8dd6ab35c5b5436c29151dc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 7 Apr 2008 21:11:16 -0700 Subject: Rewrite the wrap checks to deal with gcc 4.x optimisations. Karolin, please pull once Volker has reviewed. Thanks. Jeremy. (This used to be commit 09852899cadc48abe2f2651ecbceaf881198e648) --- source3/smbd/ipc.c | 78 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 33 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 68a13d692f..6961a5caf1 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -498,7 +498,8 @@ void reply_trans(struct smb_request *req) unsigned int pscnt; struct trans_state *state; NTSTATUS result; - int size; + unsigned int size; + unsigned int av_size; START_PROFILE(SMBtrans); @@ -509,6 +510,7 @@ void reply_trans(struct smb_request *req) } size = smb_len(req->inbuf) + 4; + av_size = smb_len(req->inbuf); dsoff = SVAL(req->inbuf, smb_dsoff); dscnt = SVAL(req->inbuf, smb_dscnt); psoff = SVAL(req->inbuf, smb_psoff); @@ -567,12 +569,17 @@ void reply_trans(struct smb_request *req) } /* null-terminate the slack space */ memset(&state->data[state->total_data], 0, 100); - if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) + + if (dscnt > state->total_data || + dsoff+dscnt < dsoff) { goto bad_param; - if ((smb_base(req->inbuf)+dsoff+dscnt - > (char *)req->inbuf + size) || - (smb_base(req->inbuf)+dsoff+dscnt < smb_base(req->inbuf))) + } + + if (dsoff > av_size || + dscnt > av_size || + dsoff+dscnt > av_size) { goto bad_param; + } memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } @@ -592,12 +599,17 @@ void reply_trans(struct smb_request *req) } /* null-terminate the slack space */ memset(&state->param[state->total_param], 0, 100); - if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) + + if (pscnt > state->total_param || + psoff+pscnt < psoff) { goto bad_param; - if ((smb_base(req->inbuf)+psoff+pscnt - > (char *)req->inbuf + size) || - (smb_base(req->inbuf)+psoff+pscnt < smb_base(req->inbuf))) + } + + if (psoff > av_size || + pscnt > av_size || + psoff+pscnt > av_size) { goto bad_param; + } memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } @@ -675,7 +687,7 @@ void reply_transs(struct smb_request *req) connection_struct *conn = req->conn; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - int size; + unsigned int av_size; START_PROFILE(SMBtranss); @@ -708,7 +720,7 @@ void reply_transs(struct smb_request *req) if (SVAL(req->inbuf, smb_vwv1) < state->total_data) state->total_data = SVAL(req->inbuf,smb_vwv1); - size = smb_len(req->inbuf) + 4; + av_size = smb_len(req->inbuf); pcnt = SVAL(req->inbuf, smb_spscnt); poff = SVAL(req->inbuf, smb_spsoff); @@ -726,38 +738,38 @@ void reply_transs(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp+pcnt > state->total_param) - goto bad_param; - if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) - goto bad_param; - if (pdisp > state->total_param) + if (pdisp > state->total_param || + pcnt > state->total_param || + pdisp+pcnt > state->total_param || + pdisp+pcnt < pdisp) { goto bad_param; - if ((smb_base(req->inbuf) + poff + pcnt - > (char *)req->inbuf + size) || - (smb_base(req->inbuf) + poff + pcnt - < smb_base(req->inbuf))) - goto bad_param; - if (state->param + pdisp < state->param) + } + + if (poff > av_size || + pcnt > av_size || + poff+pcnt > av_size || + poff+pcnt < poff) { goto bad_param; + } memcpy(state->param+pdisp,smb_base(req->inbuf)+poff, pcnt); } if (dcnt) { - if (ddisp+dcnt > state->total_data) - goto bad_param; - if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) + if (ddisp > state->total_data || + dcnt > state->total_data || + ddisp+dcnt > state->total_data || + ddisp+dcnt < ddisp) { goto bad_param; - if (ddisp > state->total_data) - goto bad_param; - if ((smb_base(req->inbuf) + doff + dcnt - > (char *)req->inbuf + size) || - (smb_base(req->inbuf) + doff + dcnt - < smb_base(req->inbuf))) - goto bad_param; - if (state->data + ddisp < state->data) + } + + if (ddisp > av_size || + dcnt > av_size || + ddisp+dcnt > av_size || + ddisp+dcnt < ddisp) { goto bad_param; + } memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, dcnt); -- cgit From d62563342e8c83d67dbcfb0c4b8e2ed886742006 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 28 Apr 2008 10:31:49 +0200 Subject: Remove connection_struct->mem_ctx, connection_struct is its own parent (This used to be commit 559180f7d30606d1999399d954ceedc798c669a4) --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6961a5caf1..59a5dfdd3f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -525,7 +525,7 @@ void reply_trans(struct smb_request *req) return; } - if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) { + if ((state = TALLOC_P(conn, struct trans_state)) == NULL) { DEBUG(0, ("talloc failed\n")); reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBtrans); -- cgit From cf9665016f70aff9a5d6ec7ab427e469f43dbfc6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 2 Apr 2008 15:55:10 +0200 Subject: Let send_trans_reply work on only the inbuf It does not really need the whole smb_request (This used to be commit d3facf4cbdb2915168e91d64c2d8320f67524df8) --- source3/smbd/ipc.c | 107 +++++++++++++++++++++++++++-------------------------- 1 file changed, 55 insertions(+), 52 deletions(-) (limited to 'source3/smbd/ipc.c') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 59a5dfdd3f..f4c45999ba 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -81,8 +81,7 @@ static void copy_trans_params_and_data(char *outbuf, int align, Send a trans reply. ****************************************************************************/ -void send_trans_reply(connection_struct *conn, - struct smb_request *req, +void send_trans_reply(connection_struct *conn, const uint8_t *inbuf, char *rparam, int rparam_len, char *rdata, int rdata_len, bool buffer_too_large) @@ -91,6 +90,7 @@ void send_trans_reply(connection_struct *conn, int tot_data_sent = 0; int tot_param_sent = 0; int align; + char *outbuf; int ldata = rdata ? rdata_len : 0; int lparam = rparam ? rparam_len : 0; @@ -103,47 +103,48 @@ void send_trans_reply(connection_struct *conn, align = ((this_lparam)%4); - reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); + if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf, + 10, 1+align+this_ldata+this_lparam)) { + smb_panic("could not allocate outbuf"); + } - copy_trans_params_and_data((char *)req->outbuf, align, + copy_trans_params_and_data(outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(req->outbuf,smb_vwv0,lparam); - SSVAL(req->outbuf,smb_vwv1,ldata); - SSVAL(req->outbuf,smb_vwv3,this_lparam); - SSVAL(req->outbuf,smb_vwv4,smb_offset(smb_buf(req->outbuf)+1, - req->outbuf)); - SSVAL(req->outbuf,smb_vwv5,0); - SSVAL(req->outbuf,smb_vwv6,this_ldata); - SSVAL(req->outbuf,smb_vwv7,smb_offset(smb_buf(req->outbuf)+1+ - this_lparam+align, - req->outbuf)); - SSVAL(req->outbuf,smb_vwv8,0); - SSVAL(req->outbuf,smb_vwv9,0); + SSVAL(outbuf,smb_vwv0,lparam); + SSVAL(outbuf,smb_vwv1,ldata); + SSVAL(outbuf,smb_vwv3,this_lparam); + SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); + SSVAL(outbuf,smb_vwv5,0); + SSVAL(outbuf,smb_vwv6,this_ldata); + SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align, + outbuf)); + SSVAL(outbuf,smb_vwv8,0); + SSVAL(outbuf,smb_vwv9,0); if (buffer_too_large) { - error_packet_set((char *)req->outbuf, - ERRDOS, ERRmoredata, - STATUS_BUFFER_OVERFLOW, - __LINE__, __FILE__); + error_packet_set((char *)outbuf, ERRDOS, ERRmoredata, + STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } - show_msg((char *)req->outbuf); - if (!srv_send_smb(smbd_server_fd(), - (char *)req->outbuf, - IS_CONN_ENCRYPTED(conn))) + show_msg(outbuf); + if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, + IS_CONN_ENCRYPTED(conn))) { exit_server_cleanly("send_trans_reply: srv_send_smb failed."); + } - TALLOC_FREE(req->outbuf); + TALLOC_FREE(outbuf); tot_data_sent = this_ldata; tot_param_sent = this_lparam; while (tot_data_sent < ldata || tot_param_sent < lparam) { - this_lparam = MIN(lparam-tot_param_sent, max_send - 500); /* hack */ - this_ldata = MIN(ldata -tot_data_sent, max_send - (500+this_lparam)); + this_lparam = MIN(lparam-tot_param_sent, + max_send - 500); /* hack */ + this_ldata = MIN(ldata -tot_data_sent, + max_send - (500+this_lparam)); if(this_lparam < 0) this_lparam = 0; @@ -153,39 +154,39 @@ void send_trans_reply(connection_struct *conn, align = (this_lparam%4); - reply_outbuf(req, 10, 1+this_ldata+this_lparam+align); + if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf, + 10, 1+align+this_ldata+this_lparam)) { + smb_panic("could not allocate outbuf"); + } - copy_trans_params_and_data((char *)req->outbuf, align, + copy_trans_params_and_data(outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(req->outbuf,smb_vwv3,this_lparam); - SSVAL(req->outbuf,smb_vwv4,smb_offset(smb_buf(req->outbuf)+1, - req->outbuf)); - SSVAL(req->outbuf,smb_vwv5,tot_param_sent); - SSVAL(req->outbuf,smb_vwv6,this_ldata); - SSVAL(req->outbuf,smb_vwv7,smb_offset(smb_buf(req->outbuf)+1+ - this_lparam+align, - req->outbuf)); - SSVAL(req->outbuf,smb_vwv8,tot_data_sent); - SSVAL(req->outbuf,smb_vwv9,0); + SSVAL(outbuf,smb_vwv3,this_lparam); + SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); + SSVAL(outbuf,smb_vwv5,tot_param_sent); + SSVAL(outbuf,smb_vwv6,this_ldata); + SSVAL(outbuf,smb_vwv7, + smb_offset(smb_buf(outbuf)+1+this_lparam+align, outbuf)); + SSVAL(outbuf,smb_vwv8,tot_data_sent); + SSVAL(outbuf,smb_vwv9,0); if (buffer_too_large) { - error_packet_set((char *)req->outbuf, - ERRDOS, ERRmoredata, + error_packet_set(outbuf, ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } - show_msg((char *)req->outbuf); - if (!srv_send_smb(smbd_server_fd(), - (char *)req->outbuf, - IS_CONN_ENCRYPTED(conn))) - exit_server_cleanly("send_trans_reply: srv_send_smb failed."); + show_msg(outbuf); + if (!srv_send_smb(smbd_server_fd(), outbuf, + IS_CONN_ENCRYPTED(conn))) + exit_server_cleanly("send_trans_reply: srv_send_smb " + "failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; - TALLOC_FREE(req->outbuf); + TALLOC_FREE(outbuf); } } @@ -212,7 +213,8 @@ static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req return; } - send_trans_reply(conn, req, NULL, 0, rdata, data_len, is_data_outstanding); + send_trans_reply(conn, req->inbuf, NULL, 0, rdata, data_len, + is_data_outstanding); SAFE_FREE(rdata); return; } @@ -236,7 +238,7 @@ static void api_WNPHS(connection_struct *conn, struct smb_request *req, smb_np_s if (wait_rpc_pipe_hnd_state(p, priority)) { /* now send the reply */ - send_trans_reply(conn, req, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); return; } api_no_reply(conn,req); @@ -262,7 +264,7 @@ static void api_SNPHS(connection_struct *conn, struct smb_request *req, smb_np_s if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply(conn, req, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False); return; } api_no_reply(conn,req); @@ -284,7 +286,7 @@ static void api_no_reply(connection_struct *conn, struct smb_request *req) DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply(conn, req, rparam, 4, NULL, 0, False); + send_trans_reply(conn, req->inbuf, rparam, 4, NULL, 0, False); return; } @@ -326,7 +328,8 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); - send_trans_reply(conn, req, NULL, 0, NULL, 0, False); + send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, + False); return; } -- cgit