ipc.c

samba-3.0.22.tar.gz 编译smb服务器的源码

		/* dce/rpc command */
		reply = write_to_pipe(p, data, tdscnt);
		if (reply)
			reply = api_rpc_trans_reply(outbuf, p);
		break;
	case TRANSACT_WAITNAMEDPIPEHANDLESTATE:
		/* Wait Named Pipe Handle state */
		reply = api_WNPHS(outbuf, p, params, tpscnt);
		break;
	case TRANSACT_SETNAMEDPIPEHANDLESTATE:
		/* Set Named Pipe Handle state */
		reply = api_SNPHS(outbuf, p, params, tpscnt);
		break;
	default:
		return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
	}

	if (!reply)
		return api_no_reply(outbuf, mdrcnt);

	return -1;
}

/****************************************************************************
  handle named pipe commands
  ****************************************************************************/
static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *name,
		      uint16 *setup,char *data,char *params,
		      int suwcnt,int tdscnt,int tpscnt,
		      int msrcnt,int mdrcnt,int mprcnt)
{
	DEBUG(3,("named pipe command on <%s> name\n", name));

	if (strequal(name,"LANMAN"))
		return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt);

	if (strequal(name,"WKSSVC") ||
	    strequal(name,"SRVSVC") ||
	    strequal(name,"WINREG") ||
	    strequal(name,"SAMR") ||
	    strequal(name,"LSARPC"))
	{
		DEBUG(4,("named pipe command from Win95 (wow!)\n"));
		return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt);
	}

	if (strlen(name) < 1)
		return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt);

	if (setup)
		DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1]));

	return 0;
}


/****************************************************************************
 Reply to a SMBtrans.
 ****************************************************************************/

int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize)
{
	fstring name;
	int name_offset = 0;
	char *data=NULL,*params=NULL;
	uint16 *setup=NULL;
	int outsize = 0;
	uint16 vuid = SVAL(inbuf,smb_uid);
	unsigned int tpscnt = SVAL(inbuf,smb_vwv0);
	unsigned int tdscnt = SVAL(inbuf,smb_vwv1);
	unsigned int mprcnt = SVAL(inbuf,smb_vwv2);
	unsigned int mdrcnt = SVAL(inbuf,smb_vwv3);
	unsigned int msrcnt = CVAL(inbuf,smb_vwv4);
	BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0);
	BOOL one_way = BITSETW(inbuf+smb_vwv5,1);
	unsigned int pscnt = SVAL(inbuf,smb_vwv9);
	unsigned int psoff = SVAL(inbuf,smb_vwv10);
	unsigned int dscnt = SVAL(inbuf,smb_vwv11);
	unsigned int dsoff = SVAL(inbuf,smb_vwv12);
	unsigned int suwcnt = CVAL(inbuf,smb_vwv13);
	fstring local_machine_name;
	START_PROFILE(SMBtrans);

	memset(name, '\0',sizeof(name));
	srvstr_pull_buf(inbuf, name, smb_buf(inbuf), sizeof(name), STR_TERMINATE);

	if (dscnt > tdscnt || pscnt > tpscnt)
		goto bad_param;
  
	if (tdscnt)  {
		if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) {
			DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
			END_PROFILE(SMBtrans);
			return(ERROR_DOS(ERRDOS,ERRnomem));
		} 
		if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
			goto bad_param;
		if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) ||
				(smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf)))
			goto bad_param;

		memcpy(data,smb_base(inbuf)+dsoff,dscnt);
	}

	if (tpscnt) {
		if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) {
			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
			SAFE_FREE(data);
			END_PROFILE(SMBtrans);
			return(ERROR_DOS(ERRDOS,ERRnomem));
		} 
		if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
			goto bad_param;
		if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) ||
				(smb_base(inbuf)+psoff+pscnt < smb_base(inbuf)))
			goto bad_param;

		memcpy(params,smb_base(inbuf)+psoff,pscnt);
	}

	if (suwcnt) {
		unsigned int i;
		if((setup = SMB_MALLOC_ARRAY(uint16,suwcnt)) == NULL) {
			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
			SAFE_FREE(data);
			SAFE_FREE(params);
			END_PROFILE(SMBtrans);
			return(ERROR_DOS(ERRDOS,ERRnomem));
		} 
		if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size)
			goto bad_param;
		if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD)))
			goto bad_param;

		for (i=0;i<suwcnt;i++)
			setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
	}


	srv_signing_trans_start(SVAL(inbuf,smb_mid));

	if (pscnt < tpscnt || dscnt < tdscnt) {
		/* We need to send an interim response then receive the rest
		   of the parameter/data bytes */
		outsize = set_message(outbuf,0,0,True);
		show_msg(outbuf);
		srv_signing_trans_stop();
		if (!send_smb(smbd_server_fd(),outbuf))
			exit_server("reply_trans: send_smb failed.");
	}

	/* receive the rest of the trans packet */
	while (pscnt < tpscnt || dscnt < tdscnt) {
		BOOL ret;
		unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
      
		ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);

		/*
		 * The sequence number for the trans reply is always
		 * based on the last secondary received.
		 */

		srv_signing_trans_start(SVAL(inbuf,smb_mid));

		if ((ret && (CVAL(inbuf, smb_com) != SMBtranss)) || !ret) {
			if(ret) {
				DEBUG(0,("reply_trans: Invalid secondary trans packet\n"));
			} else {
				DEBUG(0,("reply_trans: %s in getting secondary trans response.\n",
					 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
			}
			SAFE_FREE(params);
			SAFE_FREE(data);
			SAFE_FREE(setup);
			END_PROFILE(SMBtrans);
			srv_signing_trans_stop();
			return(ERROR_DOS(ERRSRV,ERRerror));
		}

		show_msg(inbuf);
      
		/* Revise total_params and total_data in case they have changed downwards */
		if (SVAL(inbuf,smb_vwv0) < tpscnt)
			tpscnt = SVAL(inbuf,smb_vwv0);
		if (SVAL(inbuf,smb_vwv1) < tdscnt)
			tdscnt = SVAL(inbuf,smb_vwv1);

		pcnt = SVAL(inbuf,smb_vwv2);
		poff = SVAL(inbuf,smb_vwv3);
		pdisp = SVAL(inbuf,smb_vwv4);
		
		dcnt = SVAL(inbuf,smb_vwv5);
		doff = SVAL(inbuf,smb_vwv6);
		ddisp = SVAL(inbuf,smb_vwv7);
		
		pscnt += pcnt;
		dscnt += dcnt;
		
		if (dscnt > tdscnt || pscnt > tpscnt)
			goto bad_param;
		
		if (pcnt) {
			if (pdisp+pcnt > tpscnt)
				goto bad_param;
			if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
				goto bad_param;
			if (pdisp > tpscnt)
				goto bad_param;
			if ((smb_base(inbuf) + poff + pcnt >= inbuf + bufsize) ||
					(smb_base(inbuf) + poff + pcnt < smb_base(inbuf)))
				goto bad_param;
			if (params + pdisp < params)
				goto bad_param;

			memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
		}

		if (dcnt) {
			if (ddisp+dcnt > tdscnt)
				goto bad_param;
			if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
				goto bad_param;
			if (ddisp > tdscnt)
				goto bad_param;
			if ((smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) ||
					(smb_base(inbuf) + doff + dcnt < smb_base(inbuf)))
				goto bad_param;
			if (data + ddisp < data)
				goto bad_param;

			memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);      
		}
	}

	DEBUG(3,("trans <%s> data=%u params=%u setup=%u\n",
		 name,tdscnt,tpscnt,suwcnt));

	/*
	 * WinCE wierdness....
	 */

	fstrcpy( local_machine_name, get_local_machine_name() );

	if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine_name, strlen(local_machine_name)) == 0) &&
			(name[strlen(local_machine_name)+1] == '\\'))
		name_offset = strlen(local_machine_name)+1;

	if (strnequal(&name[name_offset], "\\PIPE", strlen("\\PIPE"))) {
		name_offset += strlen("\\PIPE");

		/* Win9x weirdness.  When talking to a unicode server Win9x
		   only sends \PIPE instead of \PIPE\ */

		if (name[name_offset] == '\\')
			name_offset++;

		DEBUG(5,("calling named_pipe\n"));
		outsize = named_pipe(conn,vuid,outbuf,
				     name+name_offset,setup,data,params,
				     suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt);
	} else {
		DEBUG(3,("invalid pipe name\n"));
		outsize = 0;
	}

	
	SAFE_FREE(data);
	SAFE_FREE(params);
	SAFE_FREE(setup);
	
	srv_signing_trans_stop();

	if (close_on_completion)
		close_cnum(conn,vuid);

	if (one_way) {
		END_PROFILE(SMBtrans);
		return(-1);
	}
	
	if (outsize == 0) {
		END_PROFILE(SMBtrans);
		return(ERROR_DOS(ERRSRV,ERRnosupport));
	}
	
	END_PROFILE(SMBtrans);
	return(outsize);


  bad_param:

	srv_signing_trans_stop();
	DEBUG(0,("reply_trans: invalid trans parameters\n"));
	SAFE_FREE(data);
	SAFE_FREE(params);
	SAFE_FREE(setup);
	END_PROFILE(SMBtrans);
	return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}