From: David Mulder Date: Mon, 21 Mar 2022 19:15:19 +0000 (-0600) Subject: smbd: Move reply_transs2 to smb1_trans2.c X-Git-Tag: tevent-0.12.0~60 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97136a7a8aae819a34ebd6a595229c5313f2fcf3;p=thirdparty%2Fsamba.git smbd: Move reply_transs2 to smb1_trans2.c Signed-off-by: David Mulder Reviewed-by: Jeremy Allison --- diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 230ef07e169..b03ecc77915 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1110,7 +1110,6 @@ NTSTATUS smb_set_file_time(connection_struct *conn, bool setting_write_time); void reply_findclose(struct smb_request *req); void reply_findnclose(struct smb_request *req); -void reply_transs2(struct smb_request *req); enum perm_type { PERM_NEW_FILE, diff --git a/source3/smbd/smb1_trans2.c b/source3/smbd/smb1_trans2.c index bd14f592e89..3b0ca229450 100644 --- a/source3/smbd/smb1_trans2.c +++ b/source3/smbd/smb1_trans2.c @@ -2977,8 +2977,8 @@ static void call_trans2ioctl(connection_struct *conn, reply_nterror(req, NT_STATUS_NOT_IMPLEMENTED); } -void handle_trans2(connection_struct *conn, struct smb_request *req, - struct trans_state *state) +static void handle_trans2(connection_struct *conn, struct smb_request *req, + struct trans_state *state) { if (get_Protocol() >= PROTOCOL_NT1) { req->flags2 |= 0x40; /* IS_LONG_NAME */ @@ -3327,3 +3327,112 @@ void reply_trans2(struct smb_request *req) END_PROFILE(SMBtrans2); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); } + +/**************************************************************************** + Reply to a SMBtranss2 + ****************************************************************************/ + +void reply_transs2(struct smb_request *req) +{ + connection_struct *conn = req->conn; + unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; + struct trans_state *state; + + START_PROFILE(SMBtranss2); + + show_msg((const char *)req->inbuf); + + /* Windows clients expect all replies to + a transact secondary (SMBtranss2 0x33) + to have a command code of transact + (SMBtrans2 0x32). See bug #8989 + and also [MS-CIFS] section 2.2.4.47.2 + for details. + */ + req->cmd = SMBtrans2; + + if (req->wct < 8) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + END_PROFILE(SMBtranss2); + return; + } + + for (state = conn->pending_trans; state != NULL; + state = state->next) { + if (state->mid == req->mid) { + break; + } + } + + if ((state == NULL) || (state->cmd != SMBtrans2)) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + END_PROFILE(SMBtranss2); + return; + } + + /* Revise state->total_param and state->total_data in case they have + changed downwards */ + + if (SVAL(req->vwv+0, 0) < state->total_param) + state->total_param = SVAL(req->vwv+0, 0); + if (SVAL(req->vwv+1, 0) < state->total_data) + state->total_data = SVAL(req->vwv+1, 0); + + pcnt = SVAL(req->vwv+2, 0); + poff = SVAL(req->vwv+3, 0); + pdisp = SVAL(req->vwv+4, 0); + + dcnt = SVAL(req->vwv+5, 0); + doff = SVAL(req->vwv+6, 0); + ddisp = SVAL(req->vwv+7, 0); + + state->received_param += pcnt; + state->received_data += dcnt; + + if ((state->received_data > state->total_data) || + (state->received_param > state->total_param)) + goto bad_param; + + if (pcnt) { + if (smb_buffer_oob(state->total_param, pdisp, pcnt) + || smb_buffer_oob(smb_len(req->inbuf), poff, pcnt)) { + goto bad_param; + } + memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,pcnt); + } + + if (dcnt) { + if (smb_buffer_oob(state->total_data, ddisp, dcnt) + || smb_buffer_oob(smb_len(req->inbuf), doff, dcnt)) { + goto bad_param; + } + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); + } + + if ((state->received_param < state->total_param) || + (state->received_data < state->total_data)) { + END_PROFILE(SMBtranss2); + return; + } + + handle_trans2(conn, req, state); + + DLIST_REMOVE(conn->pending_trans, state); + SAFE_FREE(state->data); + SAFE_FREE(state->param); + TALLOC_FREE(state); + + END_PROFILE(SMBtranss2); + return; + + bad_param: + + DEBUG(0,("reply_transs2: invalid trans parameters\n")); + DLIST_REMOVE(conn->pending_trans, state); + SAFE_FREE(state->data); + SAFE_FREE(state->param); + TALLOC_FREE(state); + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + END_PROFILE(SMBtranss2); + return; +} diff --git a/source3/smbd/smb1_trans2.h b/source3/smbd/smb1_trans2.h index 2df8468ccaf..04f96ed499d 100644 --- a/source3/smbd/smb1_trans2.h +++ b/source3/smbd/smb1_trans2.h @@ -37,5 +37,4 @@ NTSTATUS smb_set_posix_lock(connection_struct *conn, int total_data, files_struct *fsp); void reply_trans2(struct smb_request *req); -void handle_trans2(connection_struct *conn, struct smb_request *req, - struct trans_state *state); +void reply_transs2(struct smb_request *req); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 2a379218d46..27bda1555f5 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7022,112 +7022,3 @@ void reply_findnclose(struct smb_request *req) END_PROFILE(SMBfindnclose); return; } - -/**************************************************************************** - Reply to a SMBtranss2 - ****************************************************************************/ - -void reply_transs2(struct smb_request *req) -{ - connection_struct *conn = req->conn; - unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; - struct trans_state *state; - - START_PROFILE(SMBtranss2); - - show_msg((const char *)req->inbuf); - - /* Windows clients expect all replies to - a transact secondary (SMBtranss2 0x33) - to have a command code of transact - (SMBtrans2 0x32). See bug #8989 - and also [MS-CIFS] section 2.2.4.47.2 - for details. - */ - req->cmd = SMBtrans2; - - if (req->wct < 8) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - END_PROFILE(SMBtranss2); - return; - } - - for (state = conn->pending_trans; state != NULL; - state = state->next) { - if (state->mid == req->mid) { - break; - } - } - - if ((state == NULL) || (state->cmd != SMBtrans2)) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - END_PROFILE(SMBtranss2); - return; - } - - /* Revise state->total_param and state->total_data in case they have - changed downwards */ - - if (SVAL(req->vwv+0, 0) < state->total_param) - state->total_param = SVAL(req->vwv+0, 0); - if (SVAL(req->vwv+1, 0) < state->total_data) - state->total_data = SVAL(req->vwv+1, 0); - - pcnt = SVAL(req->vwv+2, 0); - poff = SVAL(req->vwv+3, 0); - pdisp = SVAL(req->vwv+4, 0); - - dcnt = SVAL(req->vwv+5, 0); - doff = SVAL(req->vwv+6, 0); - ddisp = SVAL(req->vwv+7, 0); - - state->received_param += pcnt; - state->received_data += dcnt; - - if ((state->received_data > state->total_data) || - (state->received_param > state->total_param)) - goto bad_param; - - if (pcnt) { - if (smb_buffer_oob(state->total_param, pdisp, pcnt) - || smb_buffer_oob(smb_len(req->inbuf), poff, pcnt)) { - goto bad_param; - } - memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,pcnt); - } - - if (dcnt) { - if (smb_buffer_oob(state->total_data, ddisp, dcnt) - || smb_buffer_oob(smb_len(req->inbuf), doff, dcnt)) { - goto bad_param; - } - memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); - } - - if ((state->received_param < state->total_param) || - (state->received_data < state->total_data)) { - END_PROFILE(SMBtranss2); - return; - } - - handle_trans2(conn, req, state); - - DLIST_REMOVE(conn->pending_trans, state); - SAFE_FREE(state->data); - SAFE_FREE(state->param); - TALLOC_FREE(state); - - END_PROFILE(SMBtranss2); - return; - - bad_param: - - DEBUG(0,("reply_transs2: invalid trans parameters\n")); - DLIST_REMOVE(conn->pending_trans, state); - SAFE_FREE(state->data); - SAFE_FREE(state->param); - TALLOC_FREE(state); - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - END_PROFILE(SMBtranss2); - return; -}