From 6d34ab056f70d85c3207696fac4fbb9e7f437b14 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 18 Nov 2005 13:30:18 +0000 Subject: r11786: move all SMB protocol specific stuff to smb_server/smb/ metze (This used to be commit 5fea278cb65076cea71bb6c921e51c4feffc37d7) --- source4/smb_server/smb/request.c | 675 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 675 insertions(+) create mode 100644 source4/smb_server/smb/request.c (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c new file mode 100644 index 0000000000..5491089c8e --- /dev/null +++ b/source4/smb_server/smb/request.c @@ -0,0 +1,675 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Andrew Tridgell 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + this file implements functions for manipulating the 'struct smbsrv_request' structure in smbd +*/ + +#include "includes.h" +#include "lib/events/events.h" +#include "dlinklist.h" +#include "smb_server/smb_server.h" +#include "smbd/service_stream.h" +#include "lib/stream/packet.h" + + +/* we over allocate the data buffer to prevent too many realloc calls */ +#define REQ_OVER_ALLOCATION 0 + +/* destroy a request structure */ +void req_destroy(struct smbsrv_request *req) +{ + /* ahh, its so nice to destroy a complex structure in such a + * simple way! */ + talloc_free(req); +} + +/**************************************************************************** +construct a basic request packet, mostly used to construct async packets +such as change notify and oplock break requests +****************************************************************************/ +struct smbsrv_request *init_smb_request(struct smbsrv_connection *smb_conn) +{ + struct smbsrv_request *req; + + req = talloc(smb_conn, struct smbsrv_request); + if (!req) { + return NULL; + } + + ZERO_STRUCTP(req); + + /* setup the request context */ + req->smb_conn = smb_conn; + + req->async_states = talloc(req, struct ntvfs_async_state); + if (!req->async_states) { + talloc_free(req); + return NULL; + } + req->async_states->state = 0; + + return req; +} + + +/* + setup a chained reply in req->out with the given word count and initial data buffer size. +*/ +static void req_setup_chain_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) +{ + uint32_t chain_base_size = req->out.size; + + /* we need room for the wct value, the words, the buffer length and the buffer */ + req->out.size += 1 + VWV(wct) + 2 + buflen; + + /* over allocate by a small amount */ + req->out.allocated = req->out.size + REQ_OVER_ALLOCATION; + + req->out.buffer = talloc_realloc(req, req->out.buffer, + uint8_t, req->out.allocated); + if (!req->out.buffer) { + smbsrv_terminate_connection(req->smb_conn, "allocation failed"); + return; + } + + req->out.hdr = req->out.buffer + NBT_HDR_SIZE; + req->out.vwv = req->out.buffer + chain_base_size + 1; + req->out.wct = wct; + req->out.data = req->out.vwv + VWV(wct) + 2; + req->out.data_size = buflen; + req->out.ptr = req->out.data; + + SCVAL(req->out.buffer, chain_base_size, wct); + SSVAL(req->out.vwv, VWV(wct), buflen); +} + + +/* + setup a reply in req->out with the given word count and initial data buffer size. + the caller will then fill in the command words and data before calling req_send_reply() to + send the reply on its way +*/ +void req_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) +{ + uint16_t flags2; + + if (req->chain_count != 0) { + req_setup_chain_reply(req, wct, buflen); + return; + } + + req->out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + wct*2 + buflen; + + /* over allocate by a small amount */ + req->out.allocated = req->out.size + REQ_OVER_ALLOCATION; + + req->out.buffer = talloc_size(req, req->out.allocated); + if (!req->out.buffer) { + smbsrv_terminate_connection(req->smb_conn, "allocation failed"); + return; + } + + flags2 = FLAGS2_LONG_PATH_COMPONENTS | + FLAGS2_EXTENDED_ATTRIBUTES | + FLAGS2_IS_LONG_NAME; + flags2 |= (req->flags2 & (FLAGS2_UNICODE_STRINGS|FLAGS2_EXTENDED_SECURITY)); + if (req->smb_conn->negotiate.client_caps & CAP_STATUS32) { + flags2 |= FLAGS2_32_BIT_ERROR_CODES; + } + + req->out.hdr = req->out.buffer + NBT_HDR_SIZE; + req->out.vwv = req->out.hdr + HDR_VWV; + req->out.wct = wct; + req->out.data = req->out.vwv + VWV(wct) + 2; + req->out.data_size = buflen; + req->out.ptr = req->out.data; + + SIVAL(req->out.hdr, HDR_RCLS, 0); + + SCVAL(req->out.hdr, HDR_WCT, wct); + SSVAL(req->out.vwv, VWV(wct), buflen); + + memcpy(req->out.hdr, "\377SMB", 4); + SCVAL(req->out.hdr,HDR_FLG, FLAG_REPLY | FLAG_CASELESS_PATHNAMES); + SSVAL(req->out.hdr,HDR_FLG2, flags2); + SSVAL(req->out.hdr,HDR_PIDHIGH,0); + memset(req->out.hdr + HDR_SS_FIELD, 0, 10); + + if (req->in.hdr) { + /* copy the cmd, tid, pid, uid and mid from the request */ + SCVAL(req->out.hdr,HDR_COM,CVAL(req->in.hdr,HDR_COM)); + SSVAL(req->out.hdr,HDR_TID,SVAL(req->in.hdr,HDR_TID)); + SSVAL(req->out.hdr,HDR_PID,SVAL(req->in.hdr,HDR_PID)); + SSVAL(req->out.hdr,HDR_UID,SVAL(req->in.hdr,HDR_UID)); + SSVAL(req->out.hdr,HDR_MID,SVAL(req->in.hdr,HDR_MID)); + } else { + SSVAL(req->out.hdr,HDR_TID,0); + SSVAL(req->out.hdr,HDR_PID,0); + SSVAL(req->out.hdr,HDR_UID,0); + SSVAL(req->out.hdr,HDR_MID,0); + } +} + + +/* + setup a copy of a request, used when the server needs to send + more than one reply for a single request packet +*/ +struct smbsrv_request *req_setup_secondary(struct smbsrv_request *old_req) +{ + struct smbsrv_request *req; + ptrdiff_t diff; + + req = talloc_memdup(old_req, old_req, sizeof(struct smbsrv_request)); + if (req == NULL) { + return NULL; + } + + req->out.buffer = talloc_memdup(req, req->out.buffer, req->out.allocated); + if (req->out.buffer == NULL) { + talloc_free(req); + return NULL; + } + + diff = req->out.buffer - old_req->out.buffer; + + req->out.hdr += diff; + req->out.vwv += diff; + req->out.data += diff; + req->out.ptr += diff; + + return req; +} + +/* + work out the maximum data size we will allow for this reply, given + the negotiated max_xmit. The basic reply packet must be setup before + this call + + note that this is deliberately a signed integer reply +*/ +int req_max_data(struct smbsrv_request *req) +{ + int ret; + ret = req->smb_conn->negotiate.max_send; + ret -= PTR_DIFF(req->out.data, req->out.hdr); + if (ret < 0) ret = 0; + return ret; +} + + +/* + grow the allocation of the data buffer portion of a reply + packet. Note that as this can reallocate the packet buffer this + invalidates any local pointers into the packet. + + To cope with this req->out.ptr is supplied. This will be updated to + point at the same offset into the packet as before this call +*/ +static void req_grow_allocation(struct smbsrv_request *req, uint_t new_size) +{ + int delta; + uint8_t *buf2; + + delta = new_size - req->out.data_size; + if (delta + req->out.size <= req->out.allocated) { + /* it fits in the preallocation */ + return; + } + + /* we need to realloc */ + req->out.allocated = req->out.size + delta + REQ_OVER_ALLOCATION; + buf2 = talloc_realloc(req, req->out.buffer, uint8_t, req->out.allocated); + if (buf2 == NULL) { + smb_panic("out of memory in req_grow_allocation"); + } + + if (buf2 == req->out.buffer) { + /* the malloc library gave us the same pointer */ + return; + } + + /* update the pointers into the packet */ + req->out.data = buf2 + PTR_DIFF(req->out.data, req->out.buffer); + req->out.ptr = buf2 + PTR_DIFF(req->out.ptr, req->out.buffer); + req->out.vwv = buf2 + PTR_DIFF(req->out.vwv, req->out.buffer); + req->out.hdr = buf2 + PTR_DIFF(req->out.hdr, req->out.buffer); + + req->out.buffer = buf2; +} + + +/* + grow the data buffer portion of a reply packet. Note that as this + can reallocate the packet buffer this invalidates any local pointers + into the packet. + + To cope with this req->out.ptr is supplied. This will be updated to + point at the same offset into the packet as before this call +*/ +void req_grow_data(struct smbsrv_request *req, uint_t new_size) +{ + int delta; + + if (!(req->control_flags & REQ_CONTROL_LARGE) && new_size > req_max_data(req)) { + smb_panic("reply buffer too large!"); + } + + req_grow_allocation(req, new_size); + + delta = new_size - req->out.data_size; + + req->out.size += delta; + req->out.data_size += delta; + + /* set the BCC to the new data size */ + SSVAL(req->out.vwv, VWV(req->out.wct), new_size); +} + +/* + send a reply and destroy the request buffer + + note that this only looks at req->out.buffer and req->out.size, allowing manually + constructed packets to be sent +*/ +void req_send_reply_nosign(struct smbsrv_request *req) +{ + DATA_BLOB blob; + NTSTATUS status; + + if (req->out.size > NBT_HDR_SIZE) { + _smb_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE); + } + + blob = data_blob_const(req->out.buffer, req->out.size); + status = packet_send(req->smb_conn->packet, blob); + if (!NT_STATUS_IS_OK(status)) { + smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); + } + req_destroy(req); +} + +/* + possibly sign a message then send a reply and destroy the request buffer + + note that this only looks at req->out.buffer and req->out.size, allowing manually + constructed packets to be sent +*/ +void req_send_reply(struct smbsrv_request *req) +{ + req_sign_packet(req); + + req_send_reply_nosign(req); +} + + + +/* + construct and send an error packet with a forced DOS error code + this is needed to match win2000 behaviour for some parts of the protocol +*/ +void req_reply_dos_error(struct smbsrv_request *req, uint8_t eclass, uint16_t ecode) +{ + /* if the basic packet hasn't been setup yet then do it now */ + if (req->out.buffer == NULL) { + req_setup_reply(req, 0, 0); + } + + SCVAL(req->out.hdr, HDR_RCLS, eclass); + SSVAL(req->out.hdr, HDR_ERR, ecode); + SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) & ~FLAGS2_32_BIT_ERROR_CODES); + req_send_reply(req); +} + +/* + setup the header of a reply to include an NTSTATUS code +*/ +void req_setup_error(struct smbsrv_request *req, NTSTATUS status) +{ + if (!req->smb_conn->config.nt_status_support || !(req->smb_conn->negotiate.client_caps & CAP_STATUS32)) { + /* convert to DOS error codes */ + uint8_t eclass; + uint32_t ecode; + ntstatus_to_dos(status, &eclass, &ecode); + SCVAL(req->out.hdr, HDR_RCLS, eclass); + SSVAL(req->out.hdr, HDR_ERR, ecode); + SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) & ~FLAGS2_32_BIT_ERROR_CODES); + return; + } + + if (NT_STATUS_IS_DOS(status)) { + /* its a encoded DOS error, using the reserved range */ + SSVAL(req->out.hdr, HDR_RCLS, NT_STATUS_DOS_CLASS(status)); + SSVAL(req->out.hdr, HDR_ERR, NT_STATUS_DOS_CODE(status)); + SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) & ~FLAGS2_32_BIT_ERROR_CODES); + } else { + SIVAL(req->out.hdr, HDR_RCLS, NT_STATUS_V(status)); + SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) | FLAGS2_32_BIT_ERROR_CODES); + } +} + +/* + construct and send an error packet, then destroy the request + auto-converts to DOS error format when appropriate +*/ +void req_reply_error(struct smbsrv_request *req, NTSTATUS status) +{ + if (req->smb_conn->connection->event.fde == NULL) { + /* the socket has been destroyed - no point trying to send an error! */ + talloc_free(req); + return; + } + req_setup_reply(req, 0, 0); + + /* error returns never have any data */ + req_grow_data(req, 0); + + req_setup_error(req, status); + req_send_reply(req); +} + + +/* + push a string into the data portion of the request packet, growing it if necessary + this gets quite tricky - please be very careful to cover all cases when modifying this + + if dest is NULL, then put the string at the end of the data portion of the packet + + if dest_len is -1 then no limit applies +*/ +size_t req_push_str(struct smbsrv_request *req, uint8_t *dest, const char *str, int dest_len, uint_t flags) +{ + size_t len; + uint_t grow_size; + uint8_t *buf0; + const int max_bytes_per_char = 3; + + if (!(flags & (STR_ASCII|STR_UNICODE))) { + flags |= (req->flags2 & FLAGS2_UNICODE_STRINGS) ? STR_UNICODE : STR_ASCII; + } + + if (dest == NULL) { + dest = req->out.data + req->out.data_size; + } + + if (dest_len != -1) { + len = dest_len; + } else { + len = (strlen(str)+2) * max_bytes_per_char; + } + + grow_size = len + PTR_DIFF(dest, req->out.data); + buf0 = req->out.buffer; + + req_grow_allocation(req, grow_size); + + if (buf0 != req->out.buffer) { + dest = req->out.buffer + PTR_DIFF(dest, buf0); + } + + len = push_string(dest, str, len, flags); + + grow_size = len + PTR_DIFF(dest, req->out.data); + + if (grow_size > req->out.data_size) { + req_grow_data(req, grow_size); + } + + return len; +} + +/* + append raw bytes into the data portion of the request packet + return the number of bytes added +*/ +size_t req_append_bytes(struct smbsrv_request *req, + const uint8_t *bytes, size_t byte_len) +{ + req_grow_allocation(req, byte_len + req->out.data_size); + memcpy(req->out.data + req->out.data_size, bytes, byte_len); + req_grow_data(req, byte_len + req->out.data_size); + return byte_len; +} +/* + append variable block (type 5 buffer) into the data portion of the request packet + return the number of bytes added +*/ +size_t req_append_var_block(struct smbsrv_request *req, + const uint8_t *bytes, uint16_t byte_len) +{ + req_grow_allocation(req, byte_len + 3 + req->out.data_size); + SCVAL(req->out.data + req->out.data_size, 0, 5); + SSVAL(req->out.data + req->out.data_size, 1, byte_len); /* add field length */ + if (byte_len > 0) { + memcpy(req->out.data + req->out.data_size + 3, bytes, byte_len); + } + req_grow_data(req, byte_len + 3 + req->out.data_size); + return byte_len + 3; +} +/* + pull a UCS2 string from a request packet, returning a talloced unix string + + the string length is limited by the 3 things: + - the data size in the request (end of packet) + - the passed 'byte_len' if it is not -1 + - the end of string (null termination) + + Note that 'byte_len' is the number of bytes in the packet + + on failure zero is returned and *dest is set to NULL, otherwise the number + of bytes consumed in the packet is returned +*/ +static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const uint8_t *src, int byte_len, uint_t flags) +{ + int src_len, src_len2, alignment=0; + ssize_t ret; + char *dest2; + + if (!(flags & STR_NOALIGN) && ucs2_align(req->in.buffer, src, flags)) { + src++; + alignment=1; + if (byte_len != -1) { + byte_len--; + } + } + + if (flags & STR_NO_RANGE_CHECK) { + src_len = byte_len; + } else { + src_len = req->in.data_size - PTR_DIFF(src, req->in.data); + if (byte_len != -1 && src_len > byte_len) { + src_len = byte_len; + } + } + + if (src_len < 0) { + *dest = NULL; + return 0; + } + + src_len2 = utf16_len_n(src, src_len); + if (src_len2 == 0) { + *dest = talloc_strdup(req, ""); + return src_len2 + alignment; + } + + ret = convert_string_talloc(req, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2); + + if (ret == -1) { + *dest = NULL; + return 0; + } + *dest = dest2; + + return src_len2 + alignment; +} + +/* + pull a ascii string from a request packet, returning a talloced string + + the string length is limited by the 3 things: + - the data size in the request (end of packet) + - the passed 'byte_len' if it is not -1 + - the end of string (null termination) + + Note that 'byte_len' is the number of bytes in the packet + + on failure zero is returned and *dest is set to NULL, otherwise the number + of bytes consumed in the packet is returned +*/ +static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, const uint8_t *src, int byte_len, uint_t flags) +{ + int src_len, src_len2; + ssize_t ret; + char *dest2; + + if (flags & STR_NO_RANGE_CHECK) { + src_len = byte_len; + } else { + src_len = req->in.data_size - PTR_DIFF(src, req->in.data); + if (src_len < 0) { + *dest = NULL; + return 0; + } + if (byte_len != -1 && src_len > byte_len) { + src_len = byte_len; + } + } + + src_len2 = strnlen((const char *)src, src_len); + if (src_len2 <= src_len - 1) { + /* include the termination if we didn't reach the end of the packet */ + src_len2++; + } + + ret = convert_string_talloc(req, CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2); + + if (ret == -1) { + *dest = NULL; + return 0; + } + *dest = dest2; + + return src_len2; +} + +/* + pull a string from a request packet, returning a talloced string + + the string length is limited by the 3 things: + - the data size in the request (end of packet) + - the passed 'byte_len' if it is not -1 + - the end of string (null termination) + + Note that 'byte_len' is the number of bytes in the packet + + on failure zero is returned and *dest is set to NULL, otherwise the number + of bytes consumed in the packet is returned +*/ +size_t req_pull_string(struct smbsrv_request *req, const char **dest, const uint8_t *src, int byte_len, uint_t flags) +{ + if (!(flags & STR_ASCII) && + (((flags & STR_UNICODE) || (req->flags2 & FLAGS2_UNICODE_STRINGS)))) { + return req_pull_ucs2(req, dest, src, byte_len, flags); + } + + return req_pull_ascii(req, dest, src, byte_len, flags); +} + + +/* + pull a ASCII4 string buffer from a request packet, returning a talloced string + + an ASCII4 buffer is a null terminated string that has a prefix + of the character 0x4. It tends to be used in older parts of the protocol. + + on failure *dest is set to the zero length string. This seems to + match win2000 behaviour +*/ +size_t req_pull_ascii4(struct smbsrv_request *req, const char **dest, const uint8_t *src, uint_t flags) +{ + ssize_t ret; + + if (PTR_DIFF(src, req->in.data) + 1 > req->in.data_size) { + /* win2000 treats this as the NULL string! */ + (*dest) = talloc_strdup(req, ""); + return 0; + } + + /* this consumes the 0x4 byte. We don't check whether the byte + is actually 0x4 or not. This matches win2000 server + behaviour */ + src++; + + ret = req_pull_string(req, dest, src, -1, flags); + if (ret == -1) { + (*dest) = talloc_strdup(req, ""); + return 1; + } + + return ret + 1; +} + +/* + pull a DATA_BLOB from a request packet, returning a talloced blob + + return False if any part is outside the data portion of the packet +*/ +BOOL req_pull_blob(struct smbsrv_request *req, const uint8_t *src, int len, DATA_BLOB *blob) +{ + if (len != 0 && req_data_oob(req, src, len)) { + return False; + } + + (*blob) = data_blob_talloc(req, src, len); + + return True; +} + +/* check that a lump of data in a request is within the bounds of the data section of + the packet */ +BOOL req_data_oob(struct smbsrv_request *req, const uint8_t *ptr, uint32_t count) +{ + if (count == 0) { + return False; + } + + /* be careful with wraparound! */ + if (ptr < req->in.data || + ptr >= req->in.data + req->in.data_size || + count > req->in.data_size || + ptr + count > req->in.data + req->in.data_size) { + return True; + } + return False; +} + + +/* + pull an open file handle from a packet, taking account of the chained_fnum +*/ +uint16_t req_fnum(struct smbsrv_request *req, const uint8_t *base, uint_t offset) +{ + if (req->chained_fnum != -1) { + return req->chained_fnum; + } + return SVAL(base, offset); +} -- cgit From 0a3c167f6bcf08b2204ca49831ca49eef73dcbf4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 27 Dec 2005 22:51:30 +0000 Subject: r12528: Add seperate proto headers for ntvfs, tdr, smb_server and nbt_server. (This used to be commit 87f665a1d5ba74289974bf9d8f9441c162e6f1b1) --- source4/smb_server/smb/request.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 5491089c8e..08e3eb74a5 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -28,6 +28,7 @@ #include "smb_server/smb_server.h" #include "smbd/service_stream.h" #include "lib/stream/packet.h" +#include "ntvfs/ntvfs.h" /* we over allocate the data buffer to prevent too many realloc calls */ -- cgit From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 Dec 2005 13:16:54 +0000 Subject: r12608: Remove some unused #include lines. (This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981) --- source4/smb_server/smb/request.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 08e3eb74a5..3879cadebe 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -23,8 +23,6 @@ */ #include "includes.h" -#include "lib/events/events.h" -#include "dlinklist.h" #include "smb_server/smb_server.h" #include "smbd/service_stream.h" #include "lib/stream/packet.h" -- cgit From 36098dfda91df75f1d05631a4c9006e73d3c4d29 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Feb 2006 09:50:07 +0000 Subject: r13620: initialize the CMD with 0 too metze (This used to be commit 7cf1423bc850aca93453d337b49ba593a034000d) --- source4/smb_server/smb/request.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 3879cadebe..60970fbd9c 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -160,6 +160,7 @@ void req_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) SSVAL(req->out.hdr,HDR_UID,SVAL(req->in.hdr,HDR_UID)); SSVAL(req->out.hdr,HDR_MID,SVAL(req->in.hdr,HDR_MID)); } else { + SCVAL(req->out.hdr,HDR_COM,0); SSVAL(req->out.hdr,HDR_TID,0); SSVAL(req->out.hdr,HDR_PID,0); SSVAL(req->out.hdr,HDR_UID,0); -- cgit From 72d8e34ddca55f3799d8fad0eebd51a52d3f9623 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 6 Mar 2006 13:12:48 +0000 Subject: r13856: fixed a misleading comment (This used to be commit af6606fe987fd8ef15e3ed03e71e92e7a7484ce7) --- source4/smb_server/smb/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 60970fbd9c..eb56c9ba17 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -609,7 +609,7 @@ size_t req_pull_ascii4(struct smbsrv_request *req, const char **dest, const uint ssize_t ret; if (PTR_DIFF(src, req->in.data) + 1 > req->in.data_size) { - /* win2000 treats this as the NULL string! */ + /* win2000 treats this as the empty string! */ (*dest) = talloc_strdup(req, ""); return 0; } -- cgit From 0533fed85adefc9aa74b6d5ae6b4293fb9c11d6a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Mar 2006 15:38:07 +0000 Subject: r13868: remove useless talloc_free() wrapper metze (This used to be commit bd3162e6a7f154630c2d88be70ce19e8dd977133) --- source4/smb_server/smb/request.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index eb56c9ba17..f8b58fefab 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -32,14 +32,6 @@ /* we over allocate the data buffer to prevent too many realloc calls */ #define REQ_OVER_ALLOCATION 0 -/* destroy a request structure */ -void req_destroy(struct smbsrv_request *req) -{ - /* ahh, its so nice to destroy a complex structure in such a - * simple way! */ - talloc_free(req); -} - /**************************************************************************** construct a basic request packet, mostly used to construct async packets such as change notify and oplock break requests @@ -304,7 +296,7 @@ void req_send_reply_nosign(struct smbsrv_request *req) if (!NT_STATUS_IS_OK(status)) { smbsrv_terminate_connection(req->smb_conn, nt_errstr(status)); } - req_destroy(req); + talloc_free(req); } /* -- cgit From a0e66eac7d8ff337b77e078038d0b23a25b22ee7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Mar 2006 16:19:27 +0000 Subject: r13870: prefix more functions with smbsrv_ metze (This used to be commit e6275db7b926d3660ad4a0f40041a5129001427a) --- source4/smb_server/smb/request.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index f8b58fefab..4b501ad973 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -36,7 +36,7 @@ construct a basic request packet, mostly used to construct async packets such as change notify and oplock break requests ****************************************************************************/ -struct smbsrv_request *init_smb_request(struct smbsrv_connection *smb_conn) +struct smbsrv_request *smbsrv_init_request(struct smbsrv_connection *smb_conn) { struct smbsrv_request *req; @@ -98,7 +98,7 @@ static void req_setup_chain_reply(struct smbsrv_request *req, uint_t wct, uint_t the caller will then fill in the command words and data before calling req_send_reply() to send the reply on its way */ -void req_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) +void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) { uint16_t flags2; @@ -165,7 +165,7 @@ void req_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) setup a copy of a request, used when the server needs to send more than one reply for a single request packet */ -struct smbsrv_request *req_setup_secondary(struct smbsrv_request *old_req) +struct smbsrv_request *smbsrv_setup_secondary_request(struct smbsrv_request *old_req) { struct smbsrv_request *req; ptrdiff_t diff; @@ -282,7 +282,7 @@ void req_grow_data(struct smbsrv_request *req, uint_t new_size) note that this only looks at req->out.buffer and req->out.size, allowing manually constructed packets to be sent */ -void req_send_reply_nosign(struct smbsrv_request *req) +void smbsrv_send_reply_nosign(struct smbsrv_request *req) { DATA_BLOB blob; NTSTATUS status; @@ -305,11 +305,11 @@ void req_send_reply_nosign(struct smbsrv_request *req) note that this only looks at req->out.buffer and req->out.size, allowing manually constructed packets to be sent */ -void req_send_reply(struct smbsrv_request *req) +void smbsrv_send_reply(struct smbsrv_request *req) { - req_sign_packet(req); + smbsrv_sign_packet(req); - req_send_reply_nosign(req); + smbsrv_send_reply_nosign(req); } @@ -318,23 +318,23 @@ void req_send_reply(struct smbsrv_request *req) construct and send an error packet with a forced DOS error code this is needed to match win2000 behaviour for some parts of the protocol */ -void req_reply_dos_error(struct smbsrv_request *req, uint8_t eclass, uint16_t ecode) +void smbsrv_send_dos_error(struct smbsrv_request *req, uint8_t eclass, uint16_t ecode) { /* if the basic packet hasn't been setup yet then do it now */ if (req->out.buffer == NULL) { - req_setup_reply(req, 0, 0); + smbsrv_setup_reply(req, 0, 0); } SCVAL(req->out.hdr, HDR_RCLS, eclass); SSVAL(req->out.hdr, HDR_ERR, ecode); SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) & ~FLAGS2_32_BIT_ERROR_CODES); - req_send_reply(req); + smbsrv_send_reply(req); } /* setup the header of a reply to include an NTSTATUS code */ -void req_setup_error(struct smbsrv_request *req, NTSTATUS status) +void smbsrv_setup_error(struct smbsrv_request *req, NTSTATUS status) { if (!req->smb_conn->config.nt_status_support || !(req->smb_conn->negotiate.client_caps & CAP_STATUS32)) { /* convert to DOS error codes */ @@ -362,20 +362,20 @@ void req_setup_error(struct smbsrv_request *req, NTSTATUS status) construct and send an error packet, then destroy the request auto-converts to DOS error format when appropriate */ -void req_reply_error(struct smbsrv_request *req, NTSTATUS status) +void smbsrv_send_error(struct smbsrv_request *req, NTSTATUS status) { if (req->smb_conn->connection->event.fde == NULL) { /* the socket has been destroyed - no point trying to send an error! */ talloc_free(req); return; } - req_setup_reply(req, 0, 0); + smbsrv_setup_reply(req, 0, 0); /* error returns never have any data */ req_grow_data(req, 0); - req_setup_error(req, status); - req_send_reply(req); + smbsrv_setup_error(req, status); + smbsrv_send_reply(req); } -- cgit From edd5b847bcd5a75770ea9de7ac1c419de8bc76ba Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Mar 2006 18:29:48 +0000 Subject: r13877: remove smbsrv_send_dos_error() and use smbsrv_send_error(..,NT_STATUS_DOS()) metze (This used to be commit 60d7920527cd0e4142427fa59b9e617d99e3d984) --- source4/smb_server/smb/request.c | 19 ------------------- 1 file changed, 19 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 4b501ad973..cc72b412e7 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -312,25 +312,6 @@ void smbsrv_send_reply(struct smbsrv_request *req) smbsrv_send_reply_nosign(req); } - - -/* - construct and send an error packet with a forced DOS error code - this is needed to match win2000 behaviour for some parts of the protocol -*/ -void smbsrv_send_dos_error(struct smbsrv_request *req, uint8_t eclass, uint16_t ecode) -{ - /* if the basic packet hasn't been setup yet then do it now */ - if (req->out.buffer == NULL) { - smbsrv_setup_reply(req, 0, 0); - } - - SCVAL(req->out.hdr, HDR_RCLS, eclass); - SSVAL(req->out.hdr, HDR_ERR, ecode); - SSVAL(req->out.hdr, HDR_FLG2, SVAL(req->out.hdr, HDR_FLG2) & ~FLAGS2_32_BIT_ERROR_CODES); - smbsrv_send_reply(req); -} - /* setup the header of a reply to include an NTSTATUS code */ -- cgit From d3087451c4ec25171ba956fe2cd4e1d0f64f7edc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 16 Mar 2006 18:54:19 +0000 Subject: r14487: split smbsrv_request into two parts, one will be moved to ntvfs_request but I don't to get the commit to large, to I'll do this tomorrow... metze (This used to be commit 10e627032d7d04f1ebf6efed248c426614f5aa6f) --- source4/smb_server/smb/request.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index cc72b412e7..1a3ff23b93 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -40,13 +40,11 @@ struct smbsrv_request *smbsrv_init_request(struct smbsrv_connection *smb_conn) { struct smbsrv_request *req; - req = talloc(smb_conn, struct smbsrv_request); + req = talloc_zero(smb_conn, struct smbsrv_request); if (!req) { return NULL; } - ZERO_STRUCTP(req); - /* setup the request context */ req->smb_conn = smb_conn; -- cgit From 8437d5b8913d949b844448d84a003896f9694b94 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 17 Mar 2006 17:20:54 +0000 Subject: r14526: fix the size of the output buffer, we need 1 byte for the Word count now smbsrv_setup_reply() and req_setup_chain_reply() do the same thing tridge: can you please check if this is correct, I wonder why we don't got valgrind errors... as the over allocation is disabled currently metze (This used to be commit 3441a4a74fb324a4dfbca13219df4c55ebcfbf6c) --- source4/smb_server/smb/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 1a3ff23b93..a08a2f6c20 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -105,7 +105,7 @@ void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) return; } - req->out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + wct*2 + buflen; + req->out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + 1 + VWV(wct) + 2 + buflen; /* over allocate by a small amount */ req->out.allocated = req->out.size + REQ_OVER_ALLOCATION; -- cgit From 027208806feaae02822aa22af01a09d1d044551b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 18 Mar 2006 08:12:35 +0000 Subject: r14538: ok, I have better used make valgrindtest my self... the 3 bytes for WordCount and ByteCount are included in MIN_SMB_SIZE... metze (This used to be commit 4ff3fb35e88643a4637bfca032a6505f9dce3843) --- source4/smb_server/smb/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index a08a2f6c20..1c09d5ccb2 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -105,7 +105,7 @@ void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) return; } - req->out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + 1 + VWV(wct) + 2 + buflen; + req->out.size = NBT_HDR_SIZE + MIN_SMB_SIZE + VWV(wct) + buflen; /* over allocate by a small amount */ req->out.allocated = req->out.size + REQ_OVER_ALLOCATION; -- cgit From 61fa658ebcaf2856d543d376b120932ad5a082f0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 18 Mar 2006 11:10:21 +0000 Subject: r14541: separate smbsrv_request and ntvfs_request, with this it's now possible to write a ntvfs_test programm like the vfstest in samba3 also smb2 support will be possible later metze (This used to be commit 7253153691e35cd206346fbd4e9b9f95c042f602) --- source4/smb_server/smb/request.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 1c09d5ccb2..e858b2b787 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -48,13 +48,6 @@ struct smbsrv_request *smbsrv_init_request(struct smbsrv_connection *smb_conn) /* setup the request context */ req->smb_conn = smb_conn; - req->async_states = talloc(req, struct ntvfs_async_state); - if (!req->async_states) { - talloc_free(req); - return NULL; - } - req->async_states->state = 0; - return req; } @@ -259,7 +252,7 @@ void req_grow_data(struct smbsrv_request *req, uint_t new_size) { int delta; - if (!(req->control_flags & REQ_CONTROL_LARGE) && new_size > req_max_data(req)) { + if (!(req->control_flags & SMBSRV_REQ_CONTROL_LARGE) && new_size > req_max_data(req)) { smb_panic("reply buffer too large!"); } -- cgit From 09a6f728a3bd3cad5707e2e1b106c77281555618 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 6 Apr 2006 02:03:19 +0000 Subject: r14937: fix a crash that can be caused by a notify triggering during a share disconnect (This used to be commit 85d70f1c150b6c8370deeb188dbf9e87c8b8d7ac) --- source4/smb_server/smb/request.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index e858b2b787..f266ab587b 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -278,6 +278,11 @@ void smbsrv_send_reply_nosign(struct smbsrv_request *req) DATA_BLOB blob; NTSTATUS status; + if (req->smb_conn->connection->event.fde == NULL) { + /* we are in the process of shutting down this connection */ + return; + } + if (req->out.size > NBT_HDR_SIZE) { _smb_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE); } -- cgit From 0eddf14b307e905663b95296aa695a10d3fb90f7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 24 Apr 2006 09:36:09 +0000 Subject: r15191: Avoid uint_t as it's not standard. (This used to be commit 7af59357b94e3819415b3a9257be0ced745ce130) --- source4/smb_server/smb/request.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index f266ab587b..3c5b8c10c7 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -89,7 +89,7 @@ static void req_setup_chain_reply(struct smbsrv_request *req, uint_t wct, uint_t the caller will then fill in the command words and data before calling req_send_reply() to send the reply on its way */ -void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen) +void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, size_t buflen) { uint16_t flags2; @@ -248,7 +248,7 @@ static void req_grow_allocation(struct smbsrv_request *req, uint_t new_size) To cope with this req->out.ptr is supplied. This will be updated to point at the same offset into the packet as before this call */ -void req_grow_data(struct smbsrv_request *req, uint_t new_size) +void req_grow_data(struct smbsrv_request *req, size_t new_size) { int delta; @@ -364,7 +364,7 @@ void smbsrv_send_error(struct smbsrv_request *req, NTSTATUS status) if dest_len is -1 then no limit applies */ -size_t req_push_str(struct smbsrv_request *req, uint8_t *dest, const char *str, int dest_len, uint_t flags) +size_t req_push_str(struct smbsrv_request *req, uint8_t *dest, const char *str, int dest_len, size_t flags) { size_t len; uint_t grow_size; -- cgit From bc141c795767cc765731c607f1fb047811da6e03 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Apr 2006 01:55:17 +0000 Subject: r15304: Fix smbd build, more updates on getting --enable-dso to build again (This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944) --- source4/smb_server/smb/request.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 3c5b8c10c7..21f89f40f9 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -24,6 +24,7 @@ #include "includes.h" #include "smb_server/smb_server.h" +#include "smb_server/service_smb_proto.h" #include "smbd/service_stream.h" #include "lib/stream/packet.h" #include "ntvfs/ntvfs.h" -- cgit From 9ef33f5f5c786b83311ca088357fb2f0aa72fc9e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 20 May 2006 08:15:22 +0000 Subject: r15734: This is a major change to the NTVFS subsystem: - to use a struct ntvfs_handle instead of a uint16_t fnum. (to make it independend from the frontend protocol) - the allocation of handles now is provided by the frontend (smbsrv_*) via callbacks and not by each backend module - this also makes sure that file handles are only passed to the ntvfs subsystem when the tcon and session matches, so modules can rely on this and need to check this. - this allows multiple modules in the ntvfs module chain to allocate file handles. This can be used for virtual files like "\\$Extend\\$Quota:$Q:$INDEX_ALLOCATION"... - also this will make SMB2 with 128 bit file handles possible metze (This used to be commit 287fc1c22d670f6e568014b420f7f4cb31dc7958) --- source4/smb_server/smb/request.c | 92 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 1 deletion(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 21f89f40f9..2896a44d29 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -636,10 +636,100 @@ BOOL req_data_oob(struct smbsrv_request *req, const uint8_t *ptr, uint32_t count /* pull an open file handle from a packet, taking account of the chained_fnum */ -uint16_t req_fnum(struct smbsrv_request *req, const uint8_t *base, uint_t offset) +static uint16_t req_fnum(struct smbsrv_request *req, const uint8_t *base, uint_t offset) { if (req->chained_fnum != -1) { return req->chained_fnum; } return SVAL(base, offset); } + +struct ntvfs_handle *smbsrv_pull_fnum(struct smbsrv_request *req, const uint8_t *base, uint_t offset) +{ + struct smbsrv_handle *handle; + uint16_t fnum = req_fnum(req, base, offset); + + handle = smbsrv_smb_handle_find(req->tcon, fnum, req->request_time); + if (!handle) { + return NULL; + } + + return handle->ntvfs; +} + +void smbsrv_push_fnum(uint8_t *base, uint_t offset, struct ntvfs_handle *ntvfs) +{ + struct smbsrv_handle *handle = talloc_get_type(ntvfs->frontend_data.private_data, + struct smbsrv_handle); + SSVAL(base, offset, handle->hid); +} + +NTSTATUS smbsrv_handle_create_new(void *private_data, struct ntvfs_request *ntvfs, struct ntvfs_handle **_h) +{ + struct smbsrv_request *req = talloc_get_type(ntvfs->frontend_data.private_data, + struct smbsrv_request); + struct smbsrv_handle *handle; + struct ntvfs_handle *h; + + handle = smbsrv_handle_new(req); + if (!handle) return NT_STATUS_INSUFFICIENT_RESOURCES; + + h = talloc_zero(handle, struct ntvfs_handle); + if (!h) goto nomem; + + /* + * note: we don't set handle->ntvfs yet, + * this will be done by smbsrv_handle_make_valid() + * this makes sure the handle is invalid for clients + * until the ntvfs subsystem has made it valid + */ + h->ctx = ntvfs->ctx; + h->session_info = ntvfs->session_info; + h->smbpid = ntvfs->smbpid; + + h->frontend_data.private_data = handle; + + *_h = h; + return NT_STATUS_OK; +nomem: + talloc_free(handle); + return NT_STATUS_NO_MEMORY; +} + +NTSTATUS smbsrv_handle_make_valid(void *private_data, struct ntvfs_handle *h) +{ + struct smbsrv_tcon *tcon = talloc_get_type(private_data, struct smbsrv_tcon); + struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data, + struct smbsrv_handle); + /* this tells the frontend that the handle is valid */ + handle->ntvfs = h; + /* this moves the smbsrv_request to the smbsrv_tcon memory context */ + talloc_steal(tcon, handle); + return NT_STATUS_OK; +} + +void smbsrv_handle_destroy(void *private_data, struct ntvfs_handle *h) +{ + struct smbsrv_handle *handle = talloc_get_type(h->frontend_data.private_data, + struct smbsrv_handle); + talloc_free(handle); +} + +struct ntvfs_handle *smbsrv_handle_search_by_wire_key(void *private_data, struct ntvfs_request *ntvfs, const DATA_BLOB *key) +{ + struct smbsrv_request *req = talloc_get_type(ntvfs->frontend_data.private_data, + struct smbsrv_request); + + if (key->length != 2) return NULL; + + return smbsrv_pull_fnum(req, key->data, 0); +} + +DATA_BLOB smbsrv_handle_get_wire_key(void *private_data, struct ntvfs_handle *handle, TALLOC_CTX *mem_ctx) +{ + uint8_t key[2]; + + smbsrv_push_fnum(key, 0, handle); + + return data_blob_talloc(mem_ctx, key, sizeof(key)); +} -- cgit From 3cb64219e2cd492d25931f5442cbd484d6930950 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 20 May 2006 16:48:29 +0000 Subject: r15751: thanks to talloc_get_type() I noticed that I used smbsrv_request in the smb2srv code metze (This used to be commit 6c304a1a5f5dc6b2d3774682303874444a59b07d) --- source4/smb_server/smb/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 2896a44d29..a08ae46852 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -671,7 +671,7 @@ NTSTATUS smbsrv_handle_create_new(void *private_data, struct ntvfs_request *ntvf struct smbsrv_handle *handle; struct ntvfs_handle *h; - handle = smbsrv_handle_new(req); + handle = smbsrv_handle_new(req->session, req->tcon, req, req->request_time); if (!handle) return NT_STATUS_INSUFFICIENT_RESOURCES; h = talloc_zero(handle, struct ntvfs_handle); -- cgit From 3b36a857980b1f9fa5a6be0253e85c975f35c13f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 11 Jul 2006 18:15:42 +0000 Subject: r16950: remove the smb mid from the ntvfs layer and keep a list of pending requests on the smbsrv_connection, to be able to match then on ntcancel metze (This used to be commit 04f0d3d03179b6060fd013b867d13caa92ec6460) --- source4/smb_server/smb/request.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index a08ae46852..fc7d060ea8 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -33,6 +33,12 @@ /* we over allocate the data buffer to prevent too many realloc calls */ #define REQ_OVER_ALLOCATION 0 +static int smbsrv_request_destructor(struct smbsrv_request *req) +{ + DLIST_REMOVE(req->smb_conn->requests, req); + return 0; +} + /**************************************************************************** construct a basic request packet, mostly used to construct async packets such as change notify and oplock break requests @@ -49,6 +55,8 @@ struct smbsrv_request *smbsrv_init_request(struct smbsrv_connection *smb_conn) /* setup the request context */ req->smb_conn = smb_conn; + talloc_set_destructor(req, smbsrv_request_destructor); + return req; } -- cgit From 39b7ae11ace37241e4d9b710a85b3428ac234219 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Jul 2006 15:46:36 +0000 Subject: r17012: don't try to send any data when the socket is gone already... (fixes crash bugs) metze (This used to be commit b7418aec33033577de2420c70a8b94a2fb7901dd) --- source4/smb_server/smb/request.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index fc7d060ea8..00bed16fc4 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -289,6 +289,7 @@ void smbsrv_send_reply_nosign(struct smbsrv_request *req) if (req->smb_conn->connection->event.fde == NULL) { /* we are in the process of shutting down this connection */ + talloc_free(req); return; } @@ -312,6 +313,11 @@ void smbsrv_send_reply_nosign(struct smbsrv_request *req) */ void smbsrv_send_reply(struct smbsrv_request *req) { + if (req->smb_conn->connection->event.fde == NULL) { + /* we are in the process of shutting down this connection */ + talloc_free(req); + return; + } smbsrv_sign_packet(req); smbsrv_send_reply_nosign(req); -- cgit From 2c4eece60489fa3d0d7aba1c1c3eec84750461fb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 1 Aug 2006 10:42:03 +0000 Subject: r17361: check that file handles are only accessable by the correct session in the SMB frontend server metze (This used to be commit 8a5bc18c5a3fa01848c02fdd855f35d6402866f3) --- source4/smb_server/smb/request.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 00bed16fc4..7ceceecb5f 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -668,6 +668,17 @@ struct ntvfs_handle *smbsrv_pull_fnum(struct smbsrv_request *req, const uint8_t return NULL; } + /* + * For SMB tcons and sessions can be mixed! + * But we need to make sure that file handles + * are only accessed by the opening session! + * + * So check if the handle is valid for the given session! + */ + if (handle->session != req->session) { + return NULL; + } + return handle->ntvfs; } -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/smb_server/smb/request.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 7ceceecb5f..b882e8d5c8 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* -- cgit From 0c56f8dac31c51a42dedf2a1da9fd76896855b19 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:10:49 +0000 Subject: r25551: Convert to standard bool type. (This used to be commit c9651e2c5c078edee7b91085e936a93625c8d708) --- source4/smb_server/smb/request.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index b882e8d5c8..da8d1e2d05 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -614,25 +614,25 @@ size_t req_pull_ascii4(struct smbsrv_request *req, const char **dest, const uint /* pull a DATA_BLOB from a request packet, returning a talloced blob - return False if any part is outside the data portion of the packet + return false if any part is outside the data portion of the packet */ -BOOL req_pull_blob(struct smbsrv_request *req, const uint8_t *src, int len, DATA_BLOB *blob) +bool req_pull_blob(struct smbsrv_request *req, const uint8_t *src, int len, DATA_BLOB *blob) { if (len != 0 && req_data_oob(req, src, len)) { - return False; + return false; } (*blob) = data_blob_talloc(req, src, len); - return True; + return true; } /* check that a lump of data in a request is within the bounds of the data section of the packet */ -BOOL req_data_oob(struct smbsrv_request *req, const uint8_t *ptr, uint32_t count) +bool req_data_oob(struct smbsrv_request *req, const uint8_t *ptr, uint32_t count) { if (count == 0) { - return False; + return false; } /* be careful with wraparound! */ @@ -640,9 +640,9 @@ BOOL req_data_oob(struct smbsrv_request *req, const uint8_t *ptr, uint32_t count ptr >= req->in.data + req->in.data_size || count > req->in.data_size || ptr + count > req->in.data + req->in.data_size) { - return True; + return true; } - return False; + return false; } -- cgit From 39ee38d9c1aabf4db065b433d067d0da053d7d61 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 6 Dec 2007 17:52:23 +0100 Subject: r26316: Use contexts for conversion functions. (This used to be commit f6420d933b5b011d428974f3a2a57edf19e6f482) --- source4/smb_server/smb/request.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index da8d1e2d05..cdeba02dd7 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -408,7 +408,7 @@ size_t req_push_str(struct smbsrv_request *req, uint8_t *dest, const char *str, dest = req->out.buffer + PTR_DIFF(dest, buf0); } - len = push_string(dest, str, len, flags); + len = push_string(global_smb_iconv_convenience, dest, str, len, flags); grow_size = len + PTR_DIFF(dest, req->out.data); @@ -447,7 +447,7 @@ size_t req_append_var_block(struct smbsrv_request *req, req_grow_data(req, byte_len + 3 + req->out.data_size); return byte_len + 3; } -/* +/** pull a UCS2 string from a request packet, returning a talloced unix string the string length is limited by the 3 things: @@ -494,7 +494,7 @@ static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const return src_len2 + alignment; } - ret = convert_string_talloc(req, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2); + ret = convert_string_talloc(req, global_smb_iconv_convenience, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2); if (ret == -1) { *dest = NULL; @@ -505,7 +505,7 @@ static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const return src_len2 + alignment; } -/* +/** pull a ascii string from a request packet, returning a talloced string the string length is limited by the 3 things: @@ -543,7 +543,7 @@ static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, cons src_len2++; } - ret = convert_string_talloc(req, CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2); + ret = convert_string_talloc(req, global_smb_iconv_convenience, CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2); if (ret == -1) { *dest = NULL; @@ -554,7 +554,7 @@ static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, cons return src_len2; } -/* +/** pull a string from a request packet, returning a talloced string the string length is limited by the 3 things: @@ -578,7 +578,7 @@ size_t req_pull_string(struct smbsrv_request *req, const char **dest, const uint } -/* +/** pull a ASCII4 string buffer from a request packet, returning a talloced string an ASCII4 buffer is a null terminated string that has a prefix @@ -611,7 +611,7 @@ size_t req_pull_ascii4(struct smbsrv_request *req, const char **dest, const uint return ret + 1; } -/* +/** pull a DATA_BLOB from a request packet, returning a talloced blob return false if any part is outside the data portion of the packet -- cgit From d891c0c74a03d797aed1c5ac0329fd9d1d78da63 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 13 Dec 2007 22:46:09 +0100 Subject: r26429: Avoid use of global_smb_iconv_convenience. (This used to be commit d37136b7abfbba75ef2e5ab855eb3382b9648b8c) --- source4/smb_server/smb/request.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index cdeba02dd7..8f6d664500 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -27,6 +27,7 @@ #include "smbd/service_stream.h" #include "lib/stream/packet.h" #include "ntvfs/ntvfs.h" +#include "param/param.h" /* we over allocate the data buffer to prevent too many realloc calls */ @@ -408,7 +409,7 @@ size_t req_push_str(struct smbsrv_request *req, uint8_t *dest, const char *str, dest = req->out.buffer + PTR_DIFF(dest, buf0); } - len = push_string(global_smb_iconv_convenience, dest, str, len, flags); + len = push_string(lp_iconv_convenience(global_loadparm), dest, str, len, flags); grow_size = len + PTR_DIFF(dest, req->out.data); @@ -494,7 +495,7 @@ static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const return src_len2 + alignment; } - ret = convert_string_talloc(req, global_smb_iconv_convenience, CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2); + ret = convert_string_talloc(req, lp_iconv_convenience(global_loadparm), CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2); if (ret == -1) { *dest = NULL; @@ -543,7 +544,7 @@ static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, cons src_len2++; } - ret = convert_string_talloc(req, global_smb_iconv_convenience, CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2); + ret = convert_string_talloc(req, lp_iconv_convenience(global_loadparm), CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2); if (ret == -1) { *dest = NULL; -- cgit From e870cfec9f3512b0f1bd3110d7b975652525e28a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Feb 2008 10:12:33 +1100 Subject: Convert SMB and SMB2 code to use a common buffer handling structure This converts our SMB and SMB2 code to use a common structure "struct request_bufinfo" for information on the buffer bounds of a packet, alignment information and string handling. This allows us to use a common backend for SMB and SMB2 code, while still using all the same string and blob handling functions. Up to now we had been passing a NULL req handle into these common routines from the SMB2 side of the server, which meant that we failed any operation which did a bounds checked string extraction (such as a RenameInformation setinfo call, which is what Vista uses for renaming files) There is still some more work to be done on this - for example we can now remove many of the SMB2 specific buffer handling functions that we had, and use the SMB ones. (This used to be commit ca6d9be6cb6a403a81b18fa6e9a6a0518d7f0f68) --- source4/smb_server/smb/request.c | 61 ++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 25 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 8f6d664500..724055499b 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -33,6 +33,17 @@ /* we over allocate the data buffer to prevent too many realloc calls */ #define REQ_OVER_ALLOCATION 0 +/* setup the bufinfo used for strings and range checking */ +void smbsrv_setup_bufinfo(struct smbsrv_request *req) +{ + req->in.bufinfo.mem_ctx = req; + req->in.bufinfo.unicode = (req->flags2 & FLAGS2_UNICODE_STRINGS)?true:false; + req->in.bufinfo.align_base = req->in.buffer; + req->in.bufinfo.data = req->in.data; + req->in.bufinfo.data_size = req->in.data_size; +} + + static int smbsrv_request_destructor(struct smbsrv_request *req) { DLIST_REMOVE(req->smb_conn->requests, req); @@ -461,13 +472,13 @@ size_t req_append_var_block(struct smbsrv_request *req, on failure zero is returned and *dest is set to NULL, otherwise the number of bytes consumed in the packet is returned */ -static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const uint8_t *src, int byte_len, uint_t flags) +static size_t req_pull_ucs2(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, uint_t flags) { int src_len, src_len2, alignment=0; ssize_t ret; char *dest2; - if (!(flags & STR_NOALIGN) && ucs2_align(req->in.buffer, src, flags)) { + if (!(flags & STR_NOALIGN) && ucs2_align(bufinfo->align_base, src, flags)) { src++; alignment=1; if (byte_len != -1) { @@ -478,7 +489,7 @@ static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const if (flags & STR_NO_RANGE_CHECK) { src_len = byte_len; } else { - src_len = req->in.data_size - PTR_DIFF(src, req->in.data); + src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data); if (byte_len != -1 && src_len > byte_len) { src_len = byte_len; } @@ -491,11 +502,11 @@ static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const src_len2 = utf16_len_n(src, src_len); if (src_len2 == 0) { - *dest = talloc_strdup(req, ""); + *dest = talloc_strdup(bufinfo->mem_ctx, ""); return src_len2 + alignment; } - ret = convert_string_talloc(req, lp_iconv_convenience(global_loadparm), CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2); + ret = convert_string_talloc(bufinfo->mem_ctx, lp_iconv_convenience(global_loadparm), CH_UTF16, CH_UNIX, src, src_len2, (void **)&dest2); if (ret == -1) { *dest = NULL; @@ -519,7 +530,7 @@ static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const on failure zero is returned and *dest is set to NULL, otherwise the number of bytes consumed in the packet is returned */ -static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, const uint8_t *src, int byte_len, uint_t flags) +static size_t req_pull_ascii(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, uint_t flags) { int src_len, src_len2; ssize_t ret; @@ -528,7 +539,7 @@ static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, cons if (flags & STR_NO_RANGE_CHECK) { src_len = byte_len; } else { - src_len = req->in.data_size - PTR_DIFF(src, req->in.data); + src_len = bufinfo->data_size - PTR_DIFF(src, bufinfo->data); if (src_len < 0) { *dest = NULL; return 0; @@ -544,7 +555,7 @@ static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, cons src_len2++; } - ret = convert_string_talloc(req, lp_iconv_convenience(global_loadparm), CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2); + ret = convert_string_talloc(bufinfo->mem_ctx, lp_iconv_convenience(global_loadparm), CH_DOS, CH_UNIX, src, src_len2, (void **)&dest2); if (ret == -1) { *dest = NULL; @@ -568,14 +579,14 @@ static size_t req_pull_ascii(struct smbsrv_request *req, const char **dest, cons on failure zero is returned and *dest is set to NULL, otherwise the number of bytes consumed in the packet is returned */ -size_t req_pull_string(struct smbsrv_request *req, const char **dest, const uint8_t *src, int byte_len, uint_t flags) +size_t req_pull_string(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, uint_t flags) { if (!(flags & STR_ASCII) && - (((flags & STR_UNICODE) || (req->flags2 & FLAGS2_UNICODE_STRINGS)))) { - return req_pull_ucs2(req, dest, src, byte_len, flags); + (((flags & STR_UNICODE) || bufinfo->unicode))) { + return req_pull_ucs2(bufinfo, dest, src, byte_len, flags); } - return req_pull_ascii(req, dest, src, byte_len, flags); + return req_pull_ascii(bufinfo, dest, src, byte_len, flags); } @@ -588,13 +599,13 @@ size_t req_pull_string(struct smbsrv_request *req, const char **dest, const uint on failure *dest is set to the zero length string. This seems to match win2000 behaviour */ -size_t req_pull_ascii4(struct smbsrv_request *req, const char **dest, const uint8_t *src, uint_t flags) +size_t req_pull_ascii4(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, uint_t flags) { ssize_t ret; - if (PTR_DIFF(src, req->in.data) + 1 > req->in.data_size) { + if (PTR_DIFF(src, bufinfo->data) + 1 > bufinfo->data_size) { /* win2000 treats this as the empty string! */ - (*dest) = talloc_strdup(req, ""); + (*dest) = talloc_strdup(bufinfo->mem_ctx, ""); return 0; } @@ -603,9 +614,9 @@ size_t req_pull_ascii4(struct smbsrv_request *req, const char **dest, const uint behaviour */ src++; - ret = req_pull_string(req, dest, src, -1, flags); + ret = req_pull_string(bufinfo, dest, src, -1, flags); if (ret == -1) { - (*dest) = talloc_strdup(req, ""); + (*dest) = talloc_strdup(bufinfo->mem_ctx, ""); return 1; } @@ -617,30 +628,30 @@ size_t req_pull_ascii4(struct smbsrv_request *req, const char **dest, const uint return false if any part is outside the data portion of the packet */ -bool req_pull_blob(struct smbsrv_request *req, const uint8_t *src, int len, DATA_BLOB *blob) +bool req_pull_blob(struct request_bufinfo *bufinfo, const uint8_t *src, int len, DATA_BLOB *blob) { - if (len != 0 && req_data_oob(req, src, len)) { + if (len != 0 && req_data_oob(bufinfo, src, len)) { return false; } - (*blob) = data_blob_talloc(req, src, len); + (*blob) = data_blob_talloc(bufinfo->mem_ctx, src, len); return true; } /* check that a lump of data in a request is within the bounds of the data section of the packet */ -bool req_data_oob(struct smbsrv_request *req, const uint8_t *ptr, uint32_t count) +bool req_data_oob(struct request_bufinfo *bufinfo, const uint8_t *ptr, uint32_t count) { if (count == 0) { return false; } /* be careful with wraparound! */ - if (ptr < req->in.data || - ptr >= req->in.data + req->in.data_size || - count > req->in.data_size || - ptr + count > req->in.data + req->in.data_size) { + if (ptr < bufinfo->data || + ptr >= bufinfo->data + bufinfo->data_size || + count > bufinfo->data_size || + ptr + count > bufinfo->data + bufinfo->data_size) { return true; } return false; -- cgit From 839ab724dc2d204bfbb0693aeed64f6f83a4266b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Feb 2008 12:30:31 +1100 Subject: Fixed SMB2 rename operations from Vista clients We needed a flag in bufinfo to mark packets as SMB2, as it seems that SMB2 uses a different format for the RenameInformation buffer than SMB does Also handle the fact that SMB2 clients give the full path to the target file in the rename, not a relative path (This used to be commit 52d7972d95ddc19d22a4187b4d4428a6c3ed32d5) --- source4/smb_server/smb/request.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 724055499b..d7f3793f23 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -37,7 +37,10 @@ void smbsrv_setup_bufinfo(struct smbsrv_request *req) { req->in.bufinfo.mem_ctx = req; - req->in.bufinfo.unicode = (req->flags2 & FLAGS2_UNICODE_STRINGS)?true:false; + req->in.bufinfo.flags = 0; + if (req->flags2 & FLAGS2_UNICODE_STRINGS) { + req->in.bufinfo.flags |= BUFINFO_FLAG_UNICODE; + } req->in.bufinfo.align_base = req->in.buffer; req->in.bufinfo.data = req->in.data; req->in.bufinfo.data_size = req->in.data_size; @@ -582,7 +585,7 @@ static size_t req_pull_ascii(struct request_bufinfo *bufinfo, const char **dest, size_t req_pull_string(struct request_bufinfo *bufinfo, const char **dest, const uint8_t *src, int byte_len, uint_t flags) { if (!(flags & STR_ASCII) && - (((flags & STR_UNICODE) || bufinfo->unicode))) { + (((flags & STR_UNICODE) || (bufinfo->flags & BUFINFO_FLAG_UNICODE)))) { return req_pull_ucs2(bufinfo, dest, src, byte_len, flags); } -- cgit From 10169a203019445e6d325a5c1559de3c73782237 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 21 Feb 2008 17:54:24 +0100 Subject: Remove more global_loadparm instance.s (This used to be commit a1280252ce924df69d911e597b7f65d8038abef9) --- source4/smb_server/smb/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index d7f3793f23..87073517dd 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -423,7 +423,7 @@ size_t req_push_str(struct smbsrv_request *req, uint8_t *dest, const char *str, dest = req->out.buffer + PTR_DIFF(dest, buf0); } - len = push_string(lp_iconv_convenience(global_loadparm), dest, str, len, flags); + len = push_string(lp_iconv_convenience(req->smb_conn->lp_ctx), dest, str, len, flags); grow_size = len + PTR_DIFF(dest, req->out.data); -- cgit From 11703b298685c9984a6a3c3a64eddb8a1a516b90 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 17 Apr 2008 15:20:39 +0200 Subject: fix the overflow/wrap checks in Samba4 for new gcc optimisation behavior The approach I have used is as set out in https://www.securecoding.cert.org/confluence/display/seccode/ARR38-C.+Do+not+add+or+subtract+an+integer+to+a+pointer+if+the+resulting+value+does+not+refer+to+an+element+within+the+array (This used to be commit 92d5fb531db39be655f0cbd2d75b5f675a0a4cfa) --- source4/smb_server/smb/request.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/smb_server/smb/request.c') diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index 87073517dd..c7fa2d7d8a 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -651,10 +651,10 @@ bool req_data_oob(struct request_bufinfo *bufinfo, const uint8_t *ptr, uint32_t } /* be careful with wraparound! */ - if (ptr < bufinfo->data || - ptr >= bufinfo->data + bufinfo->data_size || + if ((uintptr_t)ptr < (uintptr_t)bufinfo->data || + (uintptr_t)ptr >= (uintptr_t)bufinfo->data + bufinfo->data_size || count > bufinfo->data_size || - ptr + count > bufinfo->data + bufinfo->data_size) { + (uintptr_t)ptr + count > (uintptr_t)bufinfo->data + bufinfo->data_size) { return true; } return false; -- cgit