From 2d80a96120a5fe2fe726f00746d36d85044c4bdb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 19 Apr 2007 22:40:32 +0000 Subject: r22391: Looks bigger than it is. Make "inbuf" available to all callers of smb_setlen (via set_message() calls). This will allow the server to reflect back the correct encryption context. Jeremy. --- source/include/smb_macros.h | 12 +-- source/lib/util.c | 16 ++-- source/libsmb/cliconnect.c | 22 +++--- source/libsmb/clidgram.c | 2 +- source/libsmb/clientgen.c | 4 +- source/libsmb/clifile.c | 44 +++++------ source/libsmb/clilist.c | 4 +- source/libsmb/climessage.c | 6 +- source/libsmb/clioplock.c | 2 +- source/libsmb/cliprint.c | 4 +- source/libsmb/clireadwrite.c | 10 +-- source/libsmb/clitrans.c | 8 +- source/libsmb/smb_seal.c | 4 +- source/nmbd/nmbd_packets.c | 2 +- source/smbd/aio.c | 2 +- source/smbd/blocking.c | 6 +- source/smbd/error.c | 12 +-- source/smbd/ipc.c | 179 ++++++++++++++++++++++++++++++------------- source/smbd/lanman.c | 24 ++++-- source/smbd/message.c | 8 +- source/smbd/negprot.c | 14 ++-- source/smbd/notify.c | 5 +- source/smbd/nttrans.c | 56 ++++++++------ source/smbd/oplock.c | 2 +- source/smbd/pipes.c | 12 +-- source/smbd/process.c | 6 +- source/smbd/reply.c | 124 +++++++++++++++--------------- source/smbd/sesssetup.c | 25 +++--- source/smbd/trans2.c | 41 +++++----- 29 files changed, 378 insertions(+), 278 deletions(-) diff --git a/source/include/smb_macros.h b/source/include/smb_macros.h index 2b596d3c6b8..4a49ef3ed4f 100644 --- a/source/include/smb_macros.h +++ b/source/include/smb_macros.h @@ -162,15 +162,15 @@ #define HAS_CACHED_ERROR(fsp) ((fsp)->wbmpx_ptr && \ (fsp)->wbmpx_ptr->wr_discard) /* Macro to turn the cached error into an error packet */ -#define CACHED_ERROR(fsp) cached_error_packet(outbuf,fsp,__LINE__,__FILE__) +#define CACHED_ERROR(fsp) cached_error_packet(inbuf,outbuf,fsp,__LINE__,__FILE__) -#define ERROR_DOS(class,code) error_packet(outbuf,class,code,NT_STATUS_OK,__LINE__,__FILE__) -#define ERROR_NT(status) error_packet(outbuf,0,0,status,__LINE__,__FILE__) -#define ERROR_FORCE_NT(status) error_packet(outbuf,-1,-1,status,__LINE__,__FILE__) -#define ERROR_BOTH(status,class,code) error_packet(outbuf,class,code,status,__LINE__,__FILE__) +#define ERROR_DOS(class,code) error_packet(inbuf,outbuf,class,code,NT_STATUS_OK,__LINE__,__FILE__) +#define ERROR_NT(status) error_packet(inbuf,outbuf,0,0,status,__LINE__,__FILE__) +#define ERROR_FORCE_NT(status) error_packet(inbuf,outbuf,-1,-1,status,__LINE__,__FILE__) +#define ERROR_BOTH(status,class,code) error_packet(inbuf,outbuf,class,code,status,__LINE__,__FILE__) /* this is how errors are generated */ -#define UNIXERROR(defclass,deferror) unix_error_packet(outbuf,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__) +#define UNIXERROR(defclass,deferror) unix_error_packet(inbuf,outbuf,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__) /* these are the datagram types */ #define DGRAM_DIRECT_UNIQUE 0x10 diff --git a/source/lib/util.c b/source/lib/util.c index bb92466a05b..a9065816cff 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -533,7 +533,7 @@ void smb_set_enclen(char *buf,int len,uint16 enc_ctx_num) Set the length and marker of an smb packet. ********************************************************************/ -void smb_setlen(char *buf,int len,const char *frombuf) +void smb_setlen(const char *frombuf, char *buf, int len) { _smb_setlen(buf,len); @@ -553,14 +553,14 @@ void smb_setlen(char *buf,int len,const char *frombuf) Setup the word count and byte count for a smb message. ********************************************************************/ -int set_message(char *buf,int num_words,int num_bytes,BOOL zero) +int set_message(const char *frombuf, char *buf,int num_words,int num_bytes,BOOL zero) { if (zero && (num_words || num_bytes)) { memset(buf + smb_size,'\0',num_words*2 + num_bytes); } SCVAL(buf,smb_wct,num_words); SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes); - smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4, NULL); + smb_setlen(frombuf, buf,smb_size + num_words*2 + num_bytes - 4); return (smb_size + num_words*2 + num_bytes); } @@ -568,11 +568,11 @@ int set_message(char *buf,int num_words,int num_bytes,BOOL zero) Setup only the byte count for a smb message. ********************************************************************/ -int set_message_bcc(char *buf,int num_bytes) +int set_message_bcc(const char *frombuf, char *buf,int num_bytes) { int num_words = CVAL(buf,smb_wct); SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes); - smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4, NULL); + smb_setlen(frombuf, buf,smb_size + num_words*2 + num_bytes - 4); return (smb_size + num_words*2 + num_bytes); } @@ -581,9 +581,11 @@ int set_message_bcc(char *buf,int num_bytes) message as a marker. ********************************************************************/ -int set_message_end(void *outbuf,void *end_ptr) +int set_message_end(const char *frombuf, void *outbuf,void *end_ptr) { - return set_message_bcc((char *)outbuf,PTR_DIFF(end_ptr,smb_buf((char *)outbuf))); + return set_message_bcc(frombuf, + (char *)outbuf, + PTR_DIFF(end_ptr,smb_buf((char *)outbuf))); } /******************************************************************* diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c index dff098cd011..cc2a7304be0 100644 --- a/source/libsmb/cliconnect.c +++ b/source/libsmb/cliconnect.c @@ -99,7 +99,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, /* send a session setup command */ memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,10, 0, True); + set_message(NULL,cli->outbuf,10, 0, True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); @@ -169,7 +169,7 @@ static NTSTATUS cli_session_setup_guest(struct cli_state *cli) uint32 capabilities = cli_session_setup_capabilities(cli); memset(cli->outbuf, '\0', smb_size); - set_message(cli->outbuf,13,0,True); + set_message(NULL,cli->outbuf,13,0,True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); @@ -229,7 +229,7 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli, fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING); memset(cli->outbuf, '\0', smb_size); - set_message(cli->outbuf,13,0,True); + set_message(NULL,cli->outbuf,13,0,True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); @@ -378,7 +378,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, /* send a session setup command */ memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,13,0,True); + set_message(NULL,cli->outbuf,13,0,True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); @@ -458,7 +458,7 @@ static BOOL cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob) /* send a session setup command */ memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,12,0,True); + set_message(NULL,cli->outbuf,12,0,True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); @@ -982,7 +982,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, BOOL cli_ulogoff(struct cli_state *cli) { memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,2,0,True); + set_message(NULL,cli->outbuf,2,0,True); SCVAL(cli->outbuf,smb_com,SMBulogoffX); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,0xFF); @@ -1059,7 +1059,7 @@ BOOL cli_send_tconX(struct cli_state *cli, slprintf(fullshare, sizeof(fullshare)-1, "\\\\%s\\%s", cli->desthost, share); - set_message(cli->outbuf,4, 0, True); + set_message(NULL,cli->outbuf,4, 0, True); SCVAL(cli->outbuf,smb_com,SMBtconX); cli_setup_packet(cli); @@ -1110,7 +1110,7 @@ BOOL cli_send_tconX(struct cli_state *cli, BOOL cli_tdis(struct cli_state *cli) { memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,0,0,True); + set_message(NULL,cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBtdis); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); @@ -1142,7 +1142,7 @@ void cli_negprot_send(struct cli_state *cli) memset(cli->outbuf,'\0',smb_size); /* setup the protocol strings */ - set_message(cli->outbuf,0,0,True); + set_message(NULL,cli->outbuf,0,0,True); p = smb_buf(cli->outbuf); for (numprots=0; @@ -1182,7 +1182,7 @@ BOOL cli_negprot(struct cli_state *cli) numprots++) plength += strlen(prots[numprots].name)+2; - set_message(cli->outbuf,0,plength,True); + set_message(NULL,cli->outbuf,0,plength,True); p = smb_buf(cli->outbuf); for (numprots=0; @@ -1716,7 +1716,7 @@ NTSTATUS cli_raw_tcon(struct cli_state *cli, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf, 0, 0, True); + set_message(NULL,cli->outbuf, 0, 0, True); SCVAL(cli->outbuf,smb_com,SMBtcon); cli_setup_packet(cli); diff --git a/source/libsmb/clidgram.c b/source/libsmb/clidgram.c index 83ea81ddf1e..2f64b2c05de 100644 --- a/source/libsmb/clidgram.c +++ b/source/libsmb/clidgram.c @@ -72,7 +72,7 @@ BOOL cli_send_mailslot(BOOL unique, const char *mailslot, /* Setup the smb part. */ ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */ memcpy(tmp,ptr,4); - set_message(ptr,17,strlen(mailslot) + 1 + len,True); + set_message(NULL,ptr,17,strlen(mailslot) + 1 + len,True); memcpy(ptr,tmp,4); SCVAL(ptr,smb_com,SMBtrans); diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c index de575e83a21..e1dacb39216 100644 --- a/source/libsmb/clientgen.c +++ b/source/libsmb/clientgen.c @@ -298,7 +298,7 @@ void cli_setup_packet(struct cli_state *cli) void cli_setup_bcc(struct cli_state *cli, void *p) { - set_message_bcc(cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf))); + set_message_bcc(NULL,cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf))); } /**************************************************************************** @@ -584,7 +584,7 @@ BOOL cli_echo(struct cli_state *cli, unsigned char *data, size_t length) SMB_ASSERT(length < 1024); memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,1,length,True); + set_message(NULL,cli->outbuf,1,length,True); SCVAL(cli->outbuf,smb_com,SMBecho); SSVAL(cli->outbuf,smb_tid,65535); SSVAL(cli->outbuf,smb_vwv0,1); diff --git a/source/libsmb/clifile.c b/source/libsmb/clifile.c index ce2081a81e1..ad6029f2243 100644 --- a/source/libsmb/clifile.c +++ b/source/libsmb/clifile.c @@ -390,7 +390,7 @@ BOOL cli_rename(struct cli_state *cli, const char *fname_src, const char *fname_ memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,1, 0, True); + set_message(NULL,cli->outbuf,1, 0, True); SCVAL(cli->outbuf,smb_com,SMBmv); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -427,7 +427,7 @@ BOOL cli_ntrename(struct cli_state *cli, const char *fname_src, const char *fnam memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf, 4, 0, True); + set_message(NULL,cli->outbuf, 4, 0, True); SCVAL(cli->outbuf,smb_com,SMBntrename); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -465,7 +465,7 @@ BOOL cli_nt_hardlink(struct cli_state *cli, const char *fname_src, const char *f memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf, 4, 0, True); + set_message(NULL,cli->outbuf, 4, 0, True); SCVAL(cli->outbuf,smb_com,SMBntrename); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -503,7 +503,7 @@ BOOL cli_unlink_full(struct cli_state *cli, const char *fname, uint16 attrs) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,1, 0,True); + set_message(NULL,cli->outbuf,1, 0,True); SCVAL(cli->outbuf,smb_com,SMBunlink); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -548,7 +548,7 @@ BOOL cli_mkdir(struct cli_state *cli, const char *dname) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,0, 0,True); + set_message(NULL,cli->outbuf,0, 0,True); SCVAL(cli->outbuf,smb_com,SMBmkdir); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -583,7 +583,7 @@ BOOL cli_rmdir(struct cli_state *cli, const char *dname) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,0, 0, True); + set_message(NULL,cli->outbuf,0, 0, True); SCVAL(cli->outbuf,smb_com,SMBrmdir); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -665,7 +665,7 @@ int cli_nt_create_full(struct cli_state *cli, const char *fname, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,24,0,True); + set_message(NULL,cli->outbuf,24,0,True); SCVAL(cli->outbuf,smb_com,SMBntcreateX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -759,7 +759,7 @@ int cli_open(struct cli_state *cli, const char *fname, int flags, int share_mode memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,15,0,True); + set_message(NULL,cli->outbuf,15,0,True); SCVAL(cli->outbuf,smb_com,SMBopenX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -806,7 +806,7 @@ BOOL cli_close(struct cli_state *cli, int fnum) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,3,0,True); + set_message(NULL,cli->outbuf,3,0,True); SCVAL(cli->outbuf,smb_com,SMBclose); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -838,7 +838,7 @@ NTSTATUS cli_locktype(struct cli_state *cli, int fnum, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0', smb_size); - set_message(cli->outbuf,8,0,True); + set_message(NULL,cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -890,7 +890,7 @@ BOOL cli_lock(struct cli_state *cli, int fnum, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0', smb_size); - set_message(cli->outbuf,8,0,True); + set_message(NULL,cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -943,7 +943,7 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,8,0,True); + set_message(NULL,cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -995,7 +995,7 @@ BOOL cli_lock64(struct cli_state *cli, int fnum, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0', smb_size); - set_message(cli->outbuf,8,0,True); + set_message(NULL,cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -1050,7 +1050,7 @@ BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_ memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,8,0,True); + set_message(NULL,cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -1197,7 +1197,7 @@ BOOL cli_getattrE(struct cli_state *cli, int fd, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,1,0,True); + set_message(NULL,cli->outbuf,1,0,True); SCVAL(cli->outbuf,smb_com,SMBgetattrE); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -1249,7 +1249,7 @@ BOOL cli_getatr(struct cli_state *cli, const char *fname, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,0,0,True); + set_message(NULL,cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBgetatr); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -1301,7 +1301,7 @@ BOOL cli_setattrE(struct cli_state *cli, int fd, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,7,0,True); + set_message(NULL,cli->outbuf,7,0,True); SCVAL(cli->outbuf,smb_com,SMBsetattrE); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -1340,7 +1340,7 @@ BOOL cli_setatr(struct cli_state *cli, const char *fname, uint16 attr, time_t t) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,8,0,True); + set_message(NULL,cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBsetatr); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -1382,7 +1382,7 @@ BOOL cli_chkpath(struct cli_state *cli, const char *path) *path2 = '\\'; memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,0,0,True); + set_message(NULL,cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBcheckpath); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); @@ -1409,7 +1409,7 @@ BOOL cli_chkpath(struct cli_state *cli, const char *path) BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail) { memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,0,0,True); + set_message(NULL,cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBdskattr); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); @@ -1438,7 +1438,7 @@ int cli_ctemp(struct cli_state *cli, const char *path, char **tmp_path) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,3,0,True); + set_message(NULL,cli->outbuf,3,0,True); SCVAL(cli->outbuf,smb_com,SMBctemp); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -1488,7 +1488,7 @@ NTSTATUS cli_raw_ioctl(struct cli_state *cli, int fnum, uint32 code, DATA_BLOB * memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf, 3, 0, True); + set_message(NULL,cli->outbuf, 3, 0, True); SCVAL(cli->outbuf,smb_com,SMBioctl); cli_setup_packet(cli); diff --git a/source/libsmb/clilist.c b/source/libsmb/clilist.c index 3e76cd47754..8290a577422 100644 --- a/source/libsmb/clilist.c +++ b/source/libsmb/clilist.c @@ -418,7 +418,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,2,0,True); + set_message(NULL,cli->outbuf,2,0,True); SCVAL(cli->outbuf,smb_com,SMBsearch); @@ -475,7 +475,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,2,0,True); + set_message(NULL,cli->outbuf,2,0,True); SCVAL(cli->outbuf,smb_com,SMBfclose); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); diff --git a/source/libsmb/climessage.c b/source/libsmb/climessage.c index 1aa659c1ba3..6850c4b8dff 100644 --- a/source/libsmb/climessage.c +++ b/source/libsmb/climessage.c @@ -30,7 +30,7 @@ int cli_message_start_build(struct cli_state *cli, char *host, char *username) /* construct a SMBsendstrt command */ memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,0,0,True); + set_message(NULL,cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBsendstrt); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); @@ -75,7 +75,7 @@ int cli_message_text_build(struct cli_state *cli, char *msg, int len, int grp) char *p; memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,1,0,True); + set_message(NULL,cli->outbuf,1,0,True); SCVAL(cli->outbuf,smb_com,SMBsendtxt); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); @@ -125,7 +125,7 @@ int cli_message_end_build(struct cli_state *cli, int grp) char *p; memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,1,0,True); + set_message(NULL,cli->outbuf,1,0,True); SCVAL(cli->outbuf,smb_com,SMBsendend); SSVAL(cli->outbuf,smb_tid,cli->cnum); diff --git a/source/libsmb/clioplock.c b/source/libsmb/clioplock.c index 037d7147dbb..c08bde02480 100644 --- a/source/libsmb/clioplock.c +++ b/source/libsmb/clioplock.c @@ -32,7 +32,7 @@ BOOL cli_oplock_ack(struct cli_state *cli, int fnum, unsigned char level) cli->outbuf = buf; memset(buf,'\0',smb_size); - set_message(buf,8,0,True); + set_message(NULL,buf,8,0,True); SCVAL(buf,smb_com,SMBlockingX); SSVAL(buf,smb_tid, cli->cnum); diff --git a/source/libsmb/cliprint.c b/source/libsmb/cliprint.c index cb04e0ddcc7..b09fb38906f 100644 --- a/source/libsmb/cliprint.c +++ b/source/libsmb/cliprint.c @@ -194,7 +194,7 @@ int cli_spl_open(struct cli_state *cli, const char *fname, int flags, int share_ memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,15,0,True); + set_message(NULL,cli->outbuf,15,0,True); SCVAL(cli->outbuf,smb_com,SMBsplopen); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -241,7 +241,7 @@ BOOL cli_spl_close(struct cli_state *cli, int fnum) memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,3,0,True); + set_message(NULL,cli->outbuf,3,0,True); SCVAL(cli->outbuf,smb_com,SMBsplclose); SSVAL(cli->outbuf,smb_tid,cli->cnum); diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c index 02fa804f41f..1c72cb2942c 100644 --- a/source/libsmb/clireadwrite.c +++ b/source/libsmb/clireadwrite.c @@ -35,7 +35,7 @@ static BOOL cli_issue_read(struct cli_state *cli, int fnum, off_t offset, if ((SMB_BIG_UINT)offset >> 32) bigoffset = True; - set_message(cli->outbuf,bigoffset ? 12 : 10,0,True); + set_message(NULL,cli->outbuf,bigoffset ? 12 : 10,0,True); SCVAL(cli->outbuf,smb_com,SMBreadX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -176,7 +176,7 @@ static BOOL cli_issue_readraw(struct cli_state *cli, int fnum, off_t offset, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,10,0,True); + set_message(NULL,cli->outbuf,10,0,True); SCVAL(cli->outbuf,smb_com,SMBreadbraw); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -285,9 +285,9 @@ static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset, } if (large_writex) - set_message(cli->outbuf,14,0,True); + set_message(NULL,cli->outbuf,14,0,True); else - set_message(cli->outbuf,12,0,True); + set_message(NULL,cli->outbuf,12,0,True); SCVAL(cli->outbuf,smb_com,SMBwriteX); SSVAL(cli->outbuf,smb_tid,cli->cnum); @@ -399,7 +399,7 @@ ssize_t cli_smbwrite(struct cli_state *cli, memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); - set_message(cli->outbuf,5, 0,True); + set_message(NULL,cli->outbuf,5, 0,True); SCVAL(cli->outbuf,smb_com,SMBwrite); SSVAL(cli->outbuf,smb_tid,cli->cnum); diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c index 33fddae2023..3e3ebc1ce1e 100644 --- a/source/libsmb/clitrans.c +++ b/source/libsmb/clitrans.c @@ -44,7 +44,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans, this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam)); memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,14+lsetup,0,True); + set_message(NULL,cli->outbuf,14+lsetup,0,True); SCVAL(cli->outbuf,smb_com,trans); SSVAL(cli->outbuf,smb_tid, cli->cnum); cli_setup_packet(cli); @@ -113,7 +113,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans, this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); - set_message(cli->outbuf,trans==SMBtrans?8:9,0,True); + set_message(NULL,cli->outbuf,trans==SMBtrans?8:9,0,True); SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2)); outparam = smb_buf(cli->outbuf); @@ -352,7 +352,7 @@ BOOL cli_send_nt_trans(struct cli_state *cli, this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam)); memset(cli->outbuf,'\0',smb_size); - set_message(cli->outbuf,19+lsetup,0,True); + set_message(NULL,cli->outbuf,19+lsetup,0,True); SCVAL(cli->outbuf,smb_com,SMBnttrans); SSVAL(cli->outbuf,smb_tid, cli->cnum); cli_setup_packet(cli); @@ -413,7 +413,7 @@ BOOL cli_send_nt_trans(struct cli_state *cli, this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); - set_message(cli->outbuf,18,0,True); + set_message(NULL,cli->outbuf,18,0,True); SCVAL(cli->outbuf,smb_com,SMBnttranss); /* XXX - these should probably be aligned */ diff --git a/source/libsmb/smb_seal.c b/source/libsmb/smb_seal.c index 2e3e2f4ce3c..dde69570ab5 100644 --- a/source/libsmb/smb_seal.c +++ b/source/libsmb/smb_seal.c @@ -95,7 +95,7 @@ NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) memcpy(buf + 8, inbuf + 8 + NTLMSSP_SIG_SIZE, data_len); /* Reset the length. */ - smb_setlen(buf, data_len + 4, inbuf); + smb_setlen(inbuf, buf, data_len + 4); SAFE_FREE(inbuf); return NT_STATUS_OK; @@ -204,7 +204,7 @@ static NTSTATUS common_gss_decrypt_buffer(struct smb_tran_enc_state_gss *gss_sta } memcpy(buf + 8, out_buf.value, out_buf.length); - smb_setlen(buf, out_buf.length + 4, out_buf.value); + smb_setlen(out_buf.value, buf, out_buf.length + 4); gss_release_buffer(&minor, &out_buf); return NT_STATUS_OK; diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c index 87a38b9d2a1..d34beb7ff61 100644 --- a/source/nmbd/nmbd_packets.c +++ b/source/nmbd/nmbd_packets.c @@ -1886,7 +1886,7 @@ BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf, size_t len, /* Setup the smb part. */ ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */ memcpy(tmp,ptr,4); - set_message(ptr,17,strlen(mailslot) + 1 + len,True); + set_message(NULL,ptr,17,strlen(mailslot) + 1 + len,True); memcpy(ptr,tmp,4); SCVAL(ptr,smb_com,SMBtrans); diff --git a/source/smbd/aio.c b/source/smbd/aio.c index 6b403e1e365..0d4760a2665 100644 --- a/source/smbd/aio.c +++ b/source/smbd/aio.c @@ -418,7 +418,7 @@ static int handle_aio_read_complete(struct aio_extra *aio_ex) aio_ex->acb.aio_nbytes, (int)nread ) ); } - smb_setlen(outbuf,outsize - 4,aio_ex->inbuf); + smb_setlen(aio_ex->inbuf,outbuf,outsize - 4); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) { exit_server_cleanly("handle_aio_read_complete: send_smb " diff --git a/source/smbd/blocking.c b/source/smbd/blocking.c index 58953bac11d..d0caa29597d 100644 --- a/source/smbd/blocking.c +++ b/source/smbd/blocking.c @@ -240,7 +240,7 @@ BOOL push_blocking_lock_request( struct byte_range_lock *br_lck, static void send_blocking_reply(char *outbuf, int outsize, const char *inbuf) { if(outsize > 4) { - smb_setlen(outbuf,outsize - 4, inbuf); + smb_setlen(inbuf, outbuf,outsize - 4); } if (!send_smb(smbd_server_fd(),outbuf)) { @@ -260,7 +260,7 @@ static void reply_lockingX_success(blocking_lock_record *blr) int outsize = 0; construct_reply_common(inbuf, outbuf); - set_message(outbuf,2,0,True); + set_message(inbuf,outbuf,2,0,True); /* * As this message is a lockingX call we must handle @@ -525,7 +525,7 @@ static BOOL process_trans2(blocking_lock_record *blr) SCVAL(outbuf,smb_com,SMBtrans2); SSVAL(params,0,0); /* Fake up max_data_bytes here - we know it fits. */ - send_trans2_replies(outbuf, max_send, params, 2, NULL, 0, 0xffff); + send_trans2_replies(inbuf, outbuf, max_send, params, 2, NULL, 0, 0xffff); return True; } diff --git a/source/smbd/error.c b/source/smbd/error.c index 0860b7d1d91..dc35c0fa648 100644 --- a/source/smbd/error.c +++ b/source/smbd/error.c @@ -29,7 +29,7 @@ extern uint32 global_client_caps; Create an error packet from a cached error. ****************************************************************************/ -int cached_error_packet(char *outbuf,files_struct *fsp,int line,const char *file) +int cached_error_packet(const char *inbuf,char *outbuf,files_struct *fsp,int line,const char *file) { write_bmpx_struct *wbmpx = fsp->wbmpx_ptr; int32 eclass = wbmpx->wr_errclass; @@ -38,14 +38,14 @@ int cached_error_packet(char *outbuf,files_struct *fsp,int line,const char *file /* We can now delete the auxiliary struct */ SAFE_FREE(fsp->wbmpx_ptr); - return error_packet(outbuf,eclass,err,ntstatus,line,file); + return error_packet(inbuf,outbuf,eclass,err,ntstatus,line,file); } /**************************************************************************** Create an error packet from errno. ****************************************************************************/ -int unix_error_packet(char *outbuf,int def_class,uint32 def_code, NTSTATUS def_status, int line, const char *file) +int unix_error_packet(const char *inbuf,char *outbuf,int def_class,uint32 def_code, NTSTATUS def_status, int line, const char *file) { int eclass=def_class; int ecode=def_code; @@ -66,7 +66,7 @@ int unix_error_packet(char *outbuf,int def_class,uint32 def_code, NTSTATUS def_s } } - return error_packet(outbuf,eclass,ecode,ntstatus,line,file); + return error_packet(inbuf,outbuf,eclass,ecode,ntstatus,line,file); } BOOL use_nt_status(void) @@ -126,9 +126,9 @@ void error_packet_set(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatu } } -int error_packet(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, int line, const char *file) +int error_packet(const char *inbuf, char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, int line, const char *file) { - int outsize = set_message(outbuf,0,0,True); + int outsize = set_message(inbuf,outbuf,0,0,True); error_packet_set(outbuf, eclass, ecode, ntstatus, line, file); return outsize; } diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index 6e5ff9f0359..6b647fc72b6 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -72,10 +72,13 @@ static void copy_trans_params_and_data(char *outbuf, int align, Send a trans reply. ****************************************************************************/ -void send_trans_reply(char *outbuf, - char *rparam, int rparam_len, - char *rdata, int rdata_len, - BOOL buffer_too_large) +void send_trans_reply(const char *inbuf, + char *outbuf, + char *rparam, + int rparam_len, + char *rdata, + int rdata_len, + BOOL buffer_too_large) { int this_ldata,this_lparam; int tot_data_sent = 0; @@ -97,11 +100,11 @@ void send_trans_reply(char *outbuf, ERROR_BOTH(STATUS_BUFFER_OVERFLOW,ERRDOS,ERRmoredata); } - set_message(outbuf,10,1+align+this_ldata+this_lparam,True); + set_message(inbuf,outbuf,10,1+align+this_ldata+this_lparam,True); copy_trans_params_and_data(outbuf, align, - rparam, tot_param_sent, this_lparam, - rdata, tot_data_sent, this_ldata); + rparam, tot_param_sent, this_lparam, + rdata, tot_data_sent, this_ldata); SSVAL(outbuf,smb_vwv0,lparam); SSVAL(outbuf,smb_vwv1,ldata); @@ -133,7 +136,7 @@ void send_trans_reply(char *outbuf, align = (this_lparam%4); - set_message(outbuf,10,1+this_ldata+this_lparam+align,False); + set_message(inbuf,outbuf,10,1+this_ldata+this_lparam+align,False); copy_trans_params_and_data(outbuf, align, rparam, tot_param_sent, this_lparam, @@ -160,7 +163,9 @@ void send_trans_reply(char *outbuf, Start the first part of an RPC reply which began with an SMBtrans request. ****************************************************************************/ -static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) +static BOOL api_rpc_trans_reply(const char *inbuf, + char *outbuf, + smb_np_struct *p) { BOOL is_data_outstanding; char *rdata = (char *)SMB_MALLOC(p->max_trans_reply); @@ -177,7 +182,7 @@ static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) return False; } - send_trans_reply(outbuf, NULL, 0, rdata, data_len, is_data_outstanding); + send_trans_reply(inbuf, outbuf, NULL, 0, rdata, data_len, is_data_outstanding); SAFE_FREE(rdata); return True; @@ -187,7 +192,11 @@ static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) WaitNamedPipeHandleState ****************************************************************************/ -static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len) +static BOOL api_WNPHS(const char *inbuf, + char *outbuf, + smb_np_struct *p, + char *param, + int param_len) { uint16 priority; @@ -199,7 +208,7 @@ static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len if (wait_rpc_pipe_hnd_state(p, priority)) { /* now send the reply */ - send_trans_reply(outbuf, NULL, 0, NULL, 0, False); + send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); return True; } return False; @@ -210,7 +219,11 @@ static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len SetNamedPipeHandleState ****************************************************************************/ -static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len) +static BOOL api_SNPHS(const char *inbuf, + char *outbuf, + smb_np_struct *p, + char *param, + int param_len) { uint16 id; @@ -222,7 +235,7 @@ static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len if (set_rpc_pipe_hnd_state(p, id)) { /* now send the reply */ - send_trans_reply(outbuf, NULL, 0, NULL, 0, False); + send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); return True; } return False; @@ -233,7 +246,7 @@ static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len When no reply is generated, indicate unsupported. ****************************************************************************/ -static BOOL api_no_reply(char *outbuf, int max_rdata_len) +static BOOL api_no_reply(const char *inbuf, char *outbuf, int max_rdata_len) { char rparam[4]; @@ -244,7 +257,7 @@ static BOOL api_no_reply(char *outbuf, int max_rdata_len) DEBUG(3,("Unsupported API fd command\n")); /* now send the reply */ - send_trans_reply(outbuf, rparam, 4, NULL, 0, False); + send_trans_reply(inbuf, outbuf, rparam, 4, NULL, 0, False); return -1; } @@ -253,9 +266,18 @@ static BOOL api_no_reply(char *outbuf, int max_rdata_len) Handle remote api calls delivered to a named pipe already opened. ****************************************************************************/ -static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, - uint16 *setup,char *data,char *params, - int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +static int api_fd_reply(connection_struct *conn, + uint16 vuid, + const char *inbuf, + char *outbuf, + uint16 *setup, + char *data, + char *params, + int suwcnt, + int tdscnt, + int tpscnt, + int mdrcnt, + int mprcnt) { BOOL reply = False; smb_np_struct *p = NULL; @@ -283,7 +305,7 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, /* Win9x does this call with a unicode pipe name, not a pnum. */ /* Just return success for now... */ DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n")); - send_trans_reply(outbuf, NULL, 0, NULL, 0, False); + send_trans_reply(inbuf, outbuf, NULL, 0, NULL, 0, False); return -1; } @@ -309,51 +331,94 @@ static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf, /* dce/rpc command */ reply = write_to_pipe(p, data, tdscnt); if (reply) - reply = api_rpc_trans_reply(outbuf, p); + reply = api_rpc_trans_reply(inbuf, outbuf, p); break; case TRANSACT_WAITNAMEDPIPEHANDLESTATE: /* Wait Named Pipe Handle state */ - reply = api_WNPHS(outbuf, p, params, tpscnt); + reply = api_WNPHS(inbuf, outbuf, p, params, tpscnt); break; case TRANSACT_SETNAMEDPIPEHANDLESTATE: /* Set Named Pipe Handle state */ - reply = api_SNPHS(outbuf, p, params, tpscnt); + reply = api_SNPHS(inbuf, outbuf, p, params, tpscnt); break; default: return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (!reply) - return api_no_reply(outbuf, mdrcnt); + return api_no_reply(inbuf, outbuf, mdrcnt); return -1; } /**************************************************************************** - handle named pipe commands - ****************************************************************************/ -static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *name, - uint16 *setup,char *data,char *params, - int suwcnt,int tdscnt,int tpscnt, - int msrcnt,int mdrcnt,int mprcnt) + Handle named pipe commands. +****************************************************************************/ + +static int named_pipe(connection_struct *conn, + uint16 vuid, + const char *inbuf, + char *outbuf, + char *name, + uint16 *setup, + char *data, + char *params, + int suwcnt, + int tdscnt, + int tpscnt, + int msrcnt, + int mdrcnt, + int mprcnt) { DEBUG(3,("named pipe command on <%s> name\n", name)); - if (strequal(name,"LANMAN")) - return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt); + if (strequal(name,"LANMAN")) { + return api_reply(conn, + vuid, + inbuf, + outbuf, + data, + params, + tdscnt, + tpscnt, + mdrcnt, + mprcnt); + } if (strequal(name,"WKSSVC") || strequal(name,"SRVSVC") || strequal(name,"WINREG") || strequal(name,"SAMR") || - strequal(name,"LSARPC")) - { + strequal(name,"LSARPC")) { DEBUG(4,("named pipe command from Win95 (wow!)\n")); - return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); + return api_fd_reply(conn, + vuid, + inbuf, + outbuf, + setup, + data, + params, + suwcnt, + tdscnt, + tpscnt, + mdrcnt, + mprcnt); } - if (strlen(name) < 1) - return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt); + if (strlen(name) < 1) { + return api_fd_reply(conn, + vuid, + inbuf, + outbuf, + setup, + data, + params, + suwcnt, + tdscnt, + tpscnt, + mdrcnt, + mprcnt); + } if (setup) DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1])); @@ -362,8 +427,10 @@ static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *na } static NTSTATUS handle_trans(connection_struct *conn, - struct trans_state *state, - char *outbuf, int *outsize) + struct trans_state *state, + const char *inbuf, + char *outbuf, + int *outsize) { char *local_machine_name; int name_offset = 0; @@ -402,15 +469,18 @@ static NTSTATUS handle_trans(connection_struct *conn, name_offset++; DEBUG(5,("calling named_pipe\n")); - *outsize = named_pipe(conn, state->vuid, outbuf, - state->name+name_offset, - state->setup,state->data, - state->param, - state->setup_count,state->total_data, - state->total_param, - state->max_setup_return, - state->max_data_return, - state->max_param_return); + *outsize = named_pipe(conn, + state->vuid, + inbuf, + outbuf, + state->name+name_offset, + state->setup,state->data, + state->param, + state->setup_count,state->total_data, + state->total_param, + state->max_setup_return, + state->max_data_return, + state->max_param_return); if (*outsize == 0) { return NT_STATUS_NOT_SUPPORTED; @@ -426,8 +496,11 @@ static NTSTATUS handle_trans(connection_struct *conn, Reply to a SMBtrans. ****************************************************************************/ -int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, - int size, int bufsize) +int reply_trans(connection_struct *conn, + char *inbuf, + char *outbuf, + int size, + int bufsize) { int outsize = 0; unsigned int dsoff = SVAL(inbuf, smb_dsoff); @@ -552,7 +625,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, if ((state->received_param == state->total_param) && (state->received_data == state->total_data)) { - result = handle_trans(conn, state, outbuf, &outsize); + result = handle_trans(conn, state, inbuf, outbuf, &outsize); SAFE_FREE(state->data); SAFE_FREE(state->param); @@ -576,7 +649,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, /* We need to send an interim response then receive the rest of the parameter/data bytes */ - outsize = set_message(outbuf,0,0,True); + outsize = set_message(inbuf,outbuf,0,0,True); show_msg(outbuf); END_PROFILE(SMBtrans); return outsize; @@ -687,7 +760,7 @@ int reply_transs(connection_struct *conn, char *inbuf,char *outbuf, */ SCVAL(outbuf,smb_com,SMBtrans); - result = handle_trans(conn, state, outbuf, &outsize); + result = handle_trans(conn, state, inbuf, outbuf, &outsize); DLIST_REMOVE(conn->pending_trans, state); SAFE_FREE(state->data); diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index 15e02845212..cd2750d7595 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -4360,11 +4360,19 @@ static const struct { /**************************************************************************** - Handle remote api calls - ****************************************************************************/ + Handle remote api calls. +****************************************************************************/ -int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *params, - int tdscnt,int tpscnt,int mdrcnt,int mprcnt) +int api_reply(connection_struct *conn, + uint16 vuid, + const char *inbuf, + char *outbuf, + char *data, + char *params, + int tdscnt, + int tpscnt, + int mdrcnt, + int mprcnt) { int api_command; char *rdata = NULL; @@ -4457,7 +4465,13 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char * /* If api_Unsupported returns false we can't return anything. */ if (reply) { - send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False); + send_trans_reply(inbuf, + outbuf, + rparam, + rparam_len, + rdata, + rdata_len, + False); } SAFE_FREE(rdata); diff --git a/source/smbd/message.c b/source/smbd/message.c index fd53e60c141..e6a5015276c 100644 --- a/source/smbd/message.c +++ b/source/smbd/message.c @@ -131,7 +131,7 @@ int reply_sends(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, return(ERROR_DOS(ERRSRV,ERRmsgoff)); } - outsize = set_message(outbuf,0,0,True); + outsize = set_message(inbuf,outbuf,0,0,True); p = smb_buf(inbuf)+1; p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; @@ -170,7 +170,7 @@ int reply_sendstrt(connection_struct *conn, char *inbuf,char *outbuf, int dum_si return(ERROR_DOS(ERRSRV,ERRmsgoff)); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); memset(msgbuf,'\0',sizeof(msgbuf)); msgpos = 0; @@ -202,7 +202,7 @@ int reply_sendtxt(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz return(ERROR_DOS(ERRSRV,ERRmsgoff)); } - outsize = set_message(outbuf,0,0,True); + outsize = set_message(inbuf,outbuf,0,0,True); msg = smb_buf(inbuf) + 1; @@ -233,7 +233,7 @@ int reply_sendend(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz return(ERROR_DOS(ERRSRV,ERRmsgoff)); } - outsize = set_message(outbuf,0,0,True); + outsize = set_message(inbuf,outbuf,0,0,True); DEBUG(3,("SMBsendend\n")); diff --git a/source/smbd/negprot.c b/source/smbd/negprot.c index e1df08579d2..1722c81d2aa 100644 --- a/source/smbd/negprot.c +++ b/source/smbd/negprot.c @@ -56,7 +56,7 @@ static void get_challenge(char buff[8]) static int reply_corep(char *inbuf, char *outbuf) { - int outsize = set_message(outbuf,1,0,True); + int outsize = set_message(inbuf,outbuf,1,0,True); Protocol = PROTOCOL_CORE; @@ -70,7 +70,7 @@ static int reply_corep(char *inbuf, char *outbuf) static int reply_coreplus(char *inbuf, char *outbuf) { int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); - int outsize = set_message(outbuf,13,0,True); + int outsize = set_message(inbuf,outbuf,13,0,True); SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support readbraw and writebraw (possibly) */ /* Reply, SMBlockread, SMBwritelock supported. */ @@ -99,7 +99,7 @@ static int reply_lanman1(char *inbuf, char *outbuf) if (global_encrypted_passwords_negotiated) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; - set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True); + set_message(inbuf,outbuf,13,global_encrypted_passwords_negotiated?8:0,True); SSVAL(outbuf,smb_vwv1,secword); /* Create a token value and add it to the outgoing packet. */ if (global_encrypted_passwords_negotiated) { @@ -141,7 +141,7 @@ static int reply_lanman2(char *inbuf, char *outbuf) if (global_encrypted_passwords_negotiated) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; - set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True); + set_message(inbuf,outbuf,13,global_encrypted_passwords_negotiated?8:0,True); SSVAL(outbuf,smb_vwv1,secword); SIVAL(outbuf,smb_vwv6,sys_getpid()); @@ -325,7 +325,7 @@ static int reply_nt1(char *inbuf, char *outbuf) } } - set_message(outbuf,17,0,True); + set_message(inbuf,outbuf,17,0,True); SCVAL(outbuf,smb_vwv1,secword); @@ -369,7 +369,7 @@ static int reply_nt1(char *inbuf, char *outbuf) } SSVAL(outbuf,smb_vwv17, p - q); /* length of challenge+domain strings */ - set_message_end(outbuf, p); + set_message_end(inbuf,outbuf, p); return (smb_len(outbuf)+4); } @@ -485,7 +485,7 @@ int reply_negprot(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { - int outsize = set_message(outbuf,1,0,True); + int outsize = set_message(inbuf,outbuf,1,0,True); int Index=0; int choice= -1; int protocol; diff --git a/source/smbd/notify.c b/source/smbd/notify.c index cf60720bc74..d18bbb180f4 100644 --- a/source/smbd/notify.c +++ b/source/smbd/notify.c @@ -107,6 +107,7 @@ static BOOL notify_marshall_changes(int num_changes, static void change_notify_reply_packet(const char *request_buf, NTSTATUS error_code) { + const char *inbuf = request_buf; char outbuf[smb_size+38]; memset(outbuf, '\0', sizeof(outbuf)); @@ -118,7 +119,7 @@ static void change_notify_reply_packet(const char *request_buf, * Seems NT needs a transact command with an error code * in it. This is a longer packet than a simple error. */ - set_message(outbuf,18,0,False); + set_message(inbuf,outbuf,18,0,False); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) @@ -161,7 +162,7 @@ void change_notify_reply(const char *request_buf, uint32 max_param_count, construct_reply_common(request_buf, outbuf); - if (send_nt_replies(outbuf, buflen, NT_STATUS_OK, prs_data_p(&ps), + if (send_nt_replies(request_buf, outbuf, buflen, NT_STATUS_OK, prs_data_p(&ps), prs_offset(&ps), NULL, 0) == -1) { exit_server("change_notify_reply_packet: send_smb failed."); } diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 94de1c709cf..fa9828ae03a 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -68,8 +68,14 @@ static char *nttrans_realloc(char **ptr, size_t size) HACK ! Always assumes smb_setup field is zero. ****************************************************************************/ -int send_nt_replies(char *outbuf, int bufsize, NTSTATUS nt_error, - char *params, int paramsize, char *pdata, int datasize) +int send_nt_replies(const char *inbuf, + char *outbuf, + int bufsize, + NTSTATUS nt_error, + char *params, + int paramsize, + char *pdata, + int datasize) { int data_to_send = datasize; int params_to_send = paramsize; @@ -85,7 +91,7 @@ int send_nt_replies(char *outbuf, int bufsize, NTSTATUS nt_error, * transNT replies. */ - set_message(outbuf,18,0,True); + set_message(inbuf,outbuf,18,0,True); if (NT_STATUS_V(nt_error)) { ERROR_NT(nt_error); @@ -149,7 +155,7 @@ int send_nt_replies(char *outbuf, int bufsize, NTSTATUS nt_error, total_sent_thistime = MIN(total_sent_thistime, useable_space); - set_message(outbuf, 18, total_sent_thistime, True); + set_message(inbuf,outbuf, 18, total_sent_thistime, True); /* * Set total params and data to be sent. @@ -392,10 +398,10 @@ static int do_ntcreate_pipe_open(connection_struct *conn, * the wcnt to 42 ? It's definately * what happens on the wire.... */ - set_message(outbuf,50,0,True); + set_message(inbuf,outbuf,50,0,True); SCVAL(outbuf,smb_wct,42); } else { - set_message(outbuf,34,0,True); + set_message(inbuf,outbuf,34,0,True); } p = outbuf + smb_vwv2; @@ -454,7 +460,7 @@ int reply_ntcreate_and_X_quota(connection_struct *conn, return ERROR_NT(status); } - set_message(outbuf,34,0,True); + set_message(inbuf,outbuf,34,0,True); p = outbuf + smb_vwv2; @@ -876,10 +882,10 @@ int reply_ntcreate_and_X(connection_struct *conn, * the wcnt to 42 ? It's definately * what happens on the wire.... */ - set_message(outbuf,50,0,True); + set_message(inbuf,outbuf,50,0,True); SCVAL(outbuf,smb_wct,42); } else { - set_message(outbuf,34,0,True); + set_message(inbuf,outbuf,34,0,True); } p = outbuf + smb_vwv2; @@ -1042,7 +1048,7 @@ static int do_nt_transact_create_pipe( connection_struct *conn, char *inbuf, cha DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname)); /* Send the required number of replies */ - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, params, param_len, *ppdata, 0); + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, param_len, *ppdata, 0); return -1; } @@ -1637,7 +1643,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o DEBUG(5,("call_nt_transact_create: open name = %s\n", fname)); /* Send the required number of replies */ - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, params, param_len, *ppdata, 0); + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, param_len, *ppdata, 0); return -1; } @@ -1898,7 +1904,7 @@ int reply_ntrename(connection_struct *conn, return ERROR_NT(status); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); END_PROFILE(SMBntrename); return(outsize); @@ -2045,7 +2051,7 @@ static int call_nt_transact_rename(connection_struct *conn, char *inbuf, char *o /* * Rename was successful. */ - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n", fsp->fsp_name, new_name)); @@ -2133,7 +2139,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn, char *i if(max_data_count < sd_size) { - send_nt_replies(outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL, params, 4, *ppdata, 0); talloc_destroy(mem_ctx); return -1; @@ -2182,7 +2188,7 @@ security descriptor.\n")); talloc_destroy(mem_ctx); - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, params, 4, data, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 4, data, (int)sd_size); return -1; } @@ -2229,7 +2235,7 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, char *inb done: - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); return -1; } @@ -2275,7 +2281,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou so we can know if we need to pre-allocate or not */ DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum)); - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); return -1; @@ -2285,7 +2291,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou */ DEBUG(10,("FSCTL_0x000900C0: called on FID[0x%04X](but not implemented)\n",fidnum)); - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); return -1; @@ -2295,7 +2301,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou */ DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum)); - send_nt_replies(outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, NULL, 0, NULL, 0); return -1; @@ -2305,7 +2311,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou */ DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum)); - send_nt_replies(outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, NULL, 0, NULL, 0); return -1; @@ -2419,7 +2425,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou talloc_destroy(shadow_data->mem_ctx); - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, NULL, 0, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, pdata, data_count); return -1; @@ -2472,7 +2478,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou */ /* this works for now... */ - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, NULL, 0, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); return -1; } @@ -2739,7 +2745,7 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, break; } - send_nt_replies(outbuf, bufsize, nt_status, params, param_len, + send_nt_replies(inbuf, outbuf, bufsize, nt_status, params, param_len, pdata, data_len); return -1; @@ -2857,7 +2863,7 @@ static int call_nt_transact_set_user_quota(connection_struct *conn, char *inbuf, return ERROR_DOS(ERRSRV,ERRerror); } - send_nt_replies(outbuf, bufsize, NT_STATUS_OK, params, param_len, + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, param_len, pdata, data_len); return -1; @@ -3141,7 +3147,7 @@ int reply_nttrans(connection_struct *conn, /* We need to send an interim response then receive the rest of the parameter/data bytes */ - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); show_msg(outbuf); END_PROFILE(SMBnttrans); return outsize; diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index 423d6b3a999..26ee52b797c 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -259,7 +259,7 @@ static char *new_break_smb_message(TALLOC_CTX *mem_ctx, } memset(result,'\0',smb_size); - set_message(result,8,0,True); + set_message(NULL,result,8,0,True); SCVAL(result,smb_com,SMBlockingX); SSVAL(result,smb_tid,fsp->conn->cnum); SSVAL(result,smb_pid,0xFFFF); diff --git a/source/smbd/pipes.c b/source/smbd/pipes.c index 52660da2ffe..bec2f19f86b 100644 --- a/source/smbd/pipes.c +++ b/source/smbd/pipes.c @@ -108,7 +108,7 @@ int reply_open_pipe_and_X(connection_struct *conn, } /* Prepare the reply */ - set_message(outbuf,15,0,True); + set_message(inbuf,outbuf,15,0,True); /* Mark the opened file as an existing named pipe in message mode. */ SSVAL(outbuf,smb_vwv9,2); @@ -162,7 +162,7 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) return (UNIXERROR(ERRDOS,ERRnoaccess)); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,nwritten); @@ -224,7 +224,7 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) return (UNIXERROR(ERRDOS,ERRnoaccess)); } - set_message(outbuf,6,0,True); + set_message(inbuf,outbuf,6,0,True); nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten); SSVAL(outbuf,smb_vwv2,nwritten); @@ -260,7 +260,7 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize) return(ERROR_DOS(ERRDOS,ERRbadfid)); } - set_message(outbuf,12,0,True); + set_message(inbuf,outbuf,12,0,True); data = smb_buf(outbuf); nread = read_from_pipe(p, data, smb_maxcnt, &unused); @@ -277,7 +277,7 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize) p->pnum, smb_mincnt, smb_maxcnt, nread)); /* Ensure we set up the message length to include the data length read. */ - set_message_bcc(outbuf,nread); + set_message_bcc(inbuf,outbuf,nread); return chain_reply(inbuf,outbuf,length,bufsize); } @@ -288,7 +288,7 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize) int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf) { smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0); - int outsize = set_message(outbuf,0,0,True); + int outsize = set_message(inbuf,outbuf,0,0,True); if (!p) { return(ERROR_DOS(ERRDOS,ERRbadfid)); diff --git a/source/smbd/process.c b/source/smbd/process.c index c6bcfb73946..ff1170f552c 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -1040,7 +1040,7 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) outsize += chain_size; if(outsize > 4) { - smb_setlen(outbuf,outsize - 4, inbuf); + smb_setlen(inbuf,outbuf,outsize - 4); } return(outsize); } @@ -1129,7 +1129,7 @@ void remove_from_common_flags2(uint32 v) void construct_reply_common(const char *inbuf, char *outbuf) { - set_message(outbuf,0,0,False); + set_message(inbuf,outbuf,0,0,False); SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com)); SIVAL(outbuf,smb_rcls,0); @@ -1220,7 +1220,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize) } /* And set it in the header. */ - smb_setlen(inbuf2, new_size, inbuf); + smb_setlen(inbuf, inbuf2, new_size); /* create the out buffer */ construct_reply_common(inbuf2, outbuf2); diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 1b6f861cb8a..bf739aa6432 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -303,7 +303,7 @@ int reply_special(char *inbuf,char *outbuf) memset(outbuf,'\0',smb_size); - smb_setlen(outbuf,0,inbuf); + smb_setlen(inbuf,outbuf,0); switch (msg_type) { case 0x81: /* session request */ @@ -421,7 +421,7 @@ int reply_tcon(connection_struct *conn, return ERROR_NT(nt_status); } - outsize = set_message(outbuf,2,0,True); + outsize = set_message(inbuf,outbuf,2,0,True); SSVAL(outbuf,smb_vwv0,max_recv); SSVAL(outbuf,smb_vwv1,conn->cnum); SSVAL(outbuf,smb_tid,conn->cnum); @@ -523,11 +523,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt server_devicetype = "A:"; if (Protocol < PROTOCOL_NT1) { - set_message(outbuf,2,0,True); + set_message(inbuf,outbuf,2,0,True); p = smb_buf(outbuf); p += srvstr_push(outbuf, p, server_devicetype, -1, STR_TERMINATE|STR_ASCII); - set_message_end(outbuf,p); + set_message_end(inbuf,outbuf,p); } else { /* NT sets the fstype of IPC$ to the null string */ const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn)); @@ -537,7 +537,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt uint32 perm1 = 0; uint32 perm2 = 0; - set_message(outbuf,7,0,True); + set_message(inbuf,outbuf,7,0,True); if (IS_IPC(conn)) { perm1 = FILE_ALL_ACCESS; @@ -551,7 +551,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt SIVAL(outbuf, smb_vwv3, perm1); SIVAL(outbuf, smb_vwv5, perm2); } else { - set_message(outbuf,3,0,True); + set_message(inbuf,outbuf,3,0,True); } p = smb_buf(outbuf); @@ -560,7 +560,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt p += srvstr_push(outbuf, p, fstype, -1, STR_TERMINATE); - set_message_end(outbuf,p); + set_message_end(inbuf,outbuf,p); /* what does setting this bit do? It is set by NT4 and may affect the ability to autorun mounted cdroms */ @@ -623,7 +623,7 @@ int reply_ioctl(connection_struct *conn, return(ERROR_DOS(ERRSRV,ERRnosupport)); } - outsize = set_message(outbuf,8,replysize+1,True); + outsize = set_message(inbuf,outbuf,8,replysize+1,True); SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */ SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */ SSVAL(outbuf,smb_vwv6,52); /* Offset to data */ @@ -719,7 +719,7 @@ int reply_checkpath(connection_struct *conn, char *inbuf,char *outbuf, int dum_s return ERROR_BOTH(NT_STATUS_NOT_A_DIRECTORY,ERRDOS,ERRbadpath); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); END_PROFILE(SMBcheckpath); return outsize; @@ -815,7 +815,7 @@ int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size } } - outsize = set_message(outbuf,10,0,True); + outsize = set_message(inbuf,outbuf,10,0,True); SSVAL(outbuf,smb_vwv0,mode); if(lp_dos_filetime_resolution(SNUM(conn)) ) { @@ -908,7 +908,7 @@ int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size return UNIXERROR(ERRDOS, ERRnoaccess); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) ); @@ -931,7 +931,7 @@ int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz return(UNIXERROR(ERRHRD,ERRgeneral)); } - outsize = set_message(outbuf,5,0,True); + outsize = set_message(inbuf,outbuf,5,0,True); if (Protocol <= PROTOCOL_LANMAN2) { double total_space, free_space; @@ -1010,7 +1010,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size expect_close = True; } - outsize = set_message(outbuf,1,3,True); + outsize = set_message(inbuf,outbuf,1,3,True); maxentries = SVAL(inbuf,smb_vwv0); dirtype = SVAL(inbuf,smb_vwv1); p = smb_buf(inbuf) + 1; @@ -1182,7 +1182,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS))); outsize += DIR_STRUCT_SIZE*numentries; - smb_setlen(outbuf,outsize - 4,inbuf); + smb_setlen(inbuf,outbuf,outsize - 4); if ((! *directory) && dptr_path(dptr_num)) slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); @@ -1217,7 +1217,7 @@ int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size return reply_unknown(inbuf, outbuf); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); p = smb_buf(inbuf) + 1; p += srvstr_get_path_wcard(inbuf, path, p, sizeof(path), 0, STR_TERMINATE, &err, &path_contains_wcard); if (!NT_STATUS_IS_OK(err)) { @@ -1336,7 +1336,7 @@ int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, return ERROR_DOS(ERRDOS,ERRnoaccess); } - outsize = set_message(outbuf,7,0,True); + outsize = set_message(inbuf,outbuf,7,0,True); SSVAL(outbuf,smb_vwv0,fsp->fnum); SSVAL(outbuf,smb_vwv1,fattr); if(lp_dos_filetime_resolution(SNUM(conn)) ) { @@ -1512,9 +1512,9 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt } if (open_flags & EXTENDED_RESPONSE_REQUIRED) { - set_message(outbuf,19,0,True); + set_message(inbuf,outbuf,19,0,True); } else { - set_message(outbuf,15,0,True); + set_message(inbuf,outbuf,15,0,True); } SSVAL(outbuf,smb_vwv2,fsp->fnum); SSVAL(outbuf,smb_vwv3,fattr); @@ -1556,7 +1556,7 @@ int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length, invalidate_vuid(vuid); - set_message(outbuf,2,0,True); + set_message(inbuf,outbuf,2,0,True); DEBUG( 3, ( "ulogoffX vuid=%d\n", vuid ) ); @@ -1651,7 +1651,7 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, ts[0] = get_atimespec(&sbuf); /* atime. */ file_ntimes(conn, fname, ts); - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,fsp->fnum); if (oplock_request && lp_fake_oplocks(SNUM(conn))) { @@ -1750,7 +1750,7 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, return ERROR_NT(status); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,fsp->fnum); /* the returned filename is relative to the directory */ @@ -1769,7 +1769,7 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, #endif namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE); p += namelen; - outsize = set_message_end(outbuf, p); + outsize = set_message_end(inbuf,outbuf, p); if (oplock_request && lp_fake_oplocks(SNUM(conn))) { SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED); @@ -2131,7 +2131,7 @@ int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size return ERROR_NT(status); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); END_PROFILE(SMBunlink); return outsize; @@ -2402,7 +2402,7 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length numtoread = SVAL(inbuf,smb_vwv1); startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); - outsize = set_message(outbuf,5,3,True); + outsize = set_message(inbuf,outbuf,5,3,True); numtoread = MIN(BUFFER_SIZE-outsize,numtoread); data = smb_buf(outbuf) + 3; @@ -2483,7 +2483,7 @@ int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int numtoread = SVAL(inbuf,smb_vwv1); startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); - outsize = set_message(outbuf,5,3,True); + outsize = set_message(inbuf,outbuf,5,3,True); numtoread = MIN(BUFFER_SIZE-outsize,numtoread); /* * The requested read size cannot be greater than max_recv. JRA. @@ -2570,7 +2570,7 @@ int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length SSVAL(outbuf,smb_vwv7,((smb_maxcnt >> 16) & 1)); SSVAL(smb_buf(outbuf),-2,smb_maxcnt); SCVAL(outbuf,smb_vwv0,0xFF); - set_message(outbuf,12,smb_maxcnt,False); + set_message(inbuf,outbuf,12,smb_maxcnt,False); header.data = (uint8 *)outbuf; header.length = data - outbuf; header.free = NULL; @@ -2625,7 +2625,7 @@ int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length return(UNIXERROR(ERRDOS,ERRnoaccess)); } - outsize = set_message(outbuf,12,nread,False); + outsize = set_message(inbuf,outbuf,12,nread,False); SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */ SSVAL(outbuf,smb_vwv5,nread); SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf)); @@ -2666,7 +2666,7 @@ int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt return(ERROR_DOS(ERRDOS,ERRbadaccess)); } - set_message(outbuf,12,0,True); + set_message(inbuf,outbuf,12,0,True); if (global_client_caps & CAP_LARGE_READX) { if (SVAL(inbuf,smb_vwv7) == 1) { @@ -2790,7 +2790,7 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, /* Return a message to the redirector to tell it to send more bytes */ SCVAL(outbuf,smb_com,SMBwritebraw); SSVALS(outbuf,smb_vwv0,-1); - outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True); + outsize = set_message(inbuf,outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) exit_server_cleanly("reply_writebraw: send_smb failed."); @@ -2804,7 +2804,7 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, numtowrite = smb_len(inbuf); /* Set up outbuf to return the correct return */ - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SCVAL(outbuf,smb_com,SMBwritec); if (numtowrite != 0) { @@ -2928,7 +2928,7 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, } } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,nwritten); @@ -3006,7 +3006,7 @@ int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int d return(UNIXERROR(ERRHRD,ERRdiskfull)); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,nwritten); @@ -3049,7 +3049,7 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng return(ERROR_DOS(ERRDOS,ERRbadaccess)); } - set_message(outbuf,6,0,True); + set_message(inbuf,outbuf,6,0,True); /* Deal with possible LARGE_WRITEX */ if (large_writeX) { @@ -3196,7 +3196,7 @@ int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int fsp->fh->pos = res; - outsize = set_message(outbuf,2,0,True); + outsize = set_message(inbuf,outbuf,2,0,True); SIVAL(outbuf,smb_vwv0,res); DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n", @@ -3212,7 +3212,7 @@ int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int int reply_flush(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize) { - int outsize = set_message(outbuf,0,0,False); + int outsize = set_message(inbuf,outbuf,0,0,False); uint16 fnum = SVAL(inbuf,smb_vwv0); files_struct *fsp = file_fsp(inbuf,smb_vwv0); START_PROFILE(SMBflush); @@ -3244,7 +3244,7 @@ int reply_exit(connection_struct *conn, file_close_pid(SVAL(inbuf,smb_pid),SVAL(inbuf,smb_uid)); - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); DEBUG(3,("exit\n")); @@ -3264,7 +3264,7 @@ int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size, files_struct *fsp = NULL; START_PROFILE(SMBclose); - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); /* If it's an IPC, pass off to the pipe handler. */ if (IS_IPC(conn)) { @@ -3384,7 +3384,7 @@ int reply_writeclose(connection_struct *conn, return ERROR_NT(close_status); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,nwritten); END_PROFILE(SMBwriteclose); @@ -3401,7 +3401,7 @@ int reply_writeclose(connection_struct *conn, int reply_lock(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsize) { - int outsize = set_message(outbuf,0,0,False); + int outsize = set_message(inbuf,outbuf,0,0,False); SMB_BIG_UINT count,offset; NTSTATUS status; files_struct *fsp = file_fsp(inbuf,smb_vwv0); @@ -3446,7 +3446,7 @@ int reply_lock(connection_struct *conn, int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize) { - int outsize = set_message(outbuf,0,0,False); + int outsize = set_message(inbuf,outbuf,0,0,False); SMB_BIG_UINT count,offset; NTSTATUS status; files_struct *fsp = file_fsp(inbuf,smb_vwv0); @@ -3486,7 +3486,7 @@ int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size, int reply_tdis(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { - int outsize = set_message(outbuf,0,0,False); + int outsize = set_message(inbuf,outbuf,0,0,False); uint16 vuid; START_PROFILE(SMBtdis); @@ -3517,7 +3517,7 @@ int reply_echo(connection_struct *conn, int smb_reverb = SVAL(inbuf,smb_vwv0); int seq_num; unsigned int data_len = smb_buflen(inbuf); - int outsize = set_message(outbuf,1,data_len,True); + int outsize = set_message(inbuf,outbuf,1,data_len,True); START_PROFILE(SMBecho); if (data_len > BUFFER_SIZE) { @@ -3538,7 +3538,7 @@ int reply_echo(connection_struct *conn, for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) { SSVAL(outbuf,smb_vwv0,seq_num); - smb_setlen(outbuf,outsize - 4,inbuf); + smb_setlen(inbuf,outbuf,outsize - 4); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) @@ -3579,7 +3579,7 @@ int reply_printopen(connection_struct *conn, return(ERROR_NT(status)); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,fsp->fnum); DEBUG(3,("openprint fd=%d fnum=%d\n", @@ -3596,7 +3596,7 @@ int reply_printopen(connection_struct *conn, int reply_printclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { - int outsize = set_message(outbuf,0,0,False); + int outsize = set_message(inbuf,outbuf,0,0,False); files_struct *fsp = file_fsp(inbuf,smb_vwv0); NTSTATUS status; START_PROFILE(SMBsplclose); @@ -3629,7 +3629,7 @@ int reply_printclose(connection_struct *conn, int reply_printqueue(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { - int outsize = set_message(outbuf,2,3,True); + int outsize = set_message(inbuf,outbuf,2,3,True); int max_count = SVAL(inbuf,smb_vwv0); int start_index = SVAL(inbuf,smb_vwv1); START_PROFILE(SMBsplretq); @@ -3677,7 +3677,7 @@ int reply_printqueue(connection_struct *conn, } if (count > 0) { - outsize = set_message(outbuf,2,28*count+3,False); + outsize = set_message(inbuf,outbuf,2,28*count+3,False); SSVAL(outbuf,smb_vwv0,count); SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1)); SCVAL(smb_buf(outbuf),0,1); @@ -3700,7 +3700,7 @@ int reply_printqueue(connection_struct *conn, int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { int numtowrite; - int outsize = set_message(outbuf,0,0,False); + int outsize = set_message(inbuf,outbuf,0,0,False); char *data; files_struct *fsp = file_fsp(inbuf,smb_vwv0); @@ -3791,7 +3791,7 @@ int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, return ERROR_NT(status); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); DEBUG( 3, ( "mkdir %s ret=%d\n", directory, outsize ) ); @@ -4002,7 +4002,7 @@ int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, return ERROR_NT(status); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); DEBUG( 3, ( "rmdir %s\n", directory ) ); @@ -4763,7 +4763,7 @@ int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, return ERROR_NT(status); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); END_PROFILE(SMBmv); return(outsize); @@ -5110,7 +5110,7 @@ int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, return ERROR_DOS(ERRDOS,error); } - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,count); END_PROFILE(SMBcopy); @@ -5159,7 +5159,7 @@ int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size set_conn_connectpath(conn,newdir); } - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); SCVAL(outbuf,smb_reh,CVAL(inbuf,smb_reh)); DEBUG(3,("setdir %s\n", newdir)); @@ -5605,7 +5605,7 @@ int reply_lockingX(connection_struct *conn, char *inbuf, char *outbuf, return ERROR_NT(status); } - set_message(outbuf,2,0,True); + set_message(inbuf,outbuf,2,0,True); DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n", fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks)); @@ -5641,7 +5641,7 @@ int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length, return ERROR_DOS(ERRSRV,ERRuseSTD); } - outsize = set_message(outbuf,8,0,True); + outsize = set_message(inbuf,outbuf,8,0,True); CHECK_FSP(fsp,conn); if (!CHECK_READ(fsp,inbuf)) { @@ -5677,7 +5677,7 @@ int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length, if (nread < (ssize_t)N) tcount = total_read + nread; - set_message(outbuf,8,nread+pad,False); + set_message(inbuf,outbuf,8,nread+pad,False); SIVAL(outbuf,smb_vwv0,startpos); SSVAL(outbuf,smb_vwv2,tcount); SSVAL(outbuf,smb_vwv6,nread); @@ -5706,7 +5706,7 @@ int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, files_struct *fsp = file_fsp(inbuf,smb_vwv0); START_PROFILE(SMBsetattrE); - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf,outbuf,0,0,False); if(!fsp || (fsp->conn != conn)) { END_PROFILE(SMBsetattrE); @@ -5837,7 +5837,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, SMBwritebmpx */ SCVAL(outbuf,smb_com,SMBwriteBmpx); - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */ @@ -5846,13 +5846,13 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, if (write_through && tcount==nwritten) { /* We need to send both a primary and a secondary response */ - smb_setlen(outbuf,outsize - 4,inbuf); + smb_setlen(inbuf,outbuf,outsize - 4); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) exit_server_cleanly("reply_writebmpx: send_smb failed."); /* Now the secondary */ - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SCVAL(outbuf,smb_com,SMBwritec); SSVAL(outbuf,smb_vwv0,nwritten); } @@ -5938,7 +5938,7 @@ int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz wbms->wr_total_written += nwritten; if(wbms->wr_total_written >= tcount) { if (write_through) { - outsize = set_message(outbuf,1,0,True); + outsize = set_message(inbuf,outbuf,1,0,True); SSVAL(outbuf,smb_vwv0,wbms->wr_total_written); send_response = True; } @@ -5968,7 +5968,7 @@ int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, files_struct *fsp = file_fsp(inbuf,smb_vwv0); START_PROFILE(SMBgetattrE); - outsize = set_message(outbuf,11,0,True); + outsize = set_message(inbuf,outbuf,11,0,True); if(!fsp || (fsp->conn != conn)) { END_PROFILE(SMBgetattrE); diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c index 7b5528222ea..188b7bfb818 100644 --- a/source/smbd/sesssetup.c +++ b/source/smbd/sesssetup.c @@ -96,15 +96,18 @@ static void sessionsetup_start_signing_engine(const auth_serversupplied_info *se Send a security blob via a session setup reply. ****************************************************************************/ -static BOOL reply_sesssetup_blob(connection_struct *conn, char *outbuf, - DATA_BLOB blob, NTSTATUS nt_status) +static BOOL reply_sesssetup_blob(connection_struct *conn, + const char *inbuf, + char *outbuf, + DATA_BLOB blob, + NTSTATUS nt_status) { char *p; if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { ERROR_NT(nt_status_squash(nt_status)); } else { - set_message(outbuf,4,0,True); + set_message(inbuf,outbuf,4,0,True); nt_status = nt_status_squash(nt_status); SIVAL(outbuf, smb_rcls, NT_STATUS_V(nt_status)); @@ -118,7 +121,7 @@ static BOOL reply_sesssetup_blob(connection_struct *conn, char *outbuf, p += add_signature( outbuf, p ); - set_message_end(outbuf,p); + set_message_end(inbuf,outbuf,p); } show_msg(outbuf); @@ -292,7 +295,7 @@ static int reply_spnego_kerberos(connection_struct *conn, } ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep, TOK_ID_KRB_ERROR); response = spnego_gen_auth_response(&ap_rep_wrapped, ret, OID_KERBEROS5_OLD); - reply_sesssetup_blob(conn, outbuf, response, NT_STATUS_MORE_PROCESSING_REQUIRED); + reply_sesssetup_blob(conn, inbuf, outbuf, response, NT_STATUS_MORE_PROCESSING_REQUIRED); /* * In this one case we don't invalidate the intermediate vuid. @@ -520,7 +523,7 @@ static int reply_spnego_kerberos(connection_struct *conn, /* current_user_info is changed on new vuid */ reload_services( True ); - set_message(outbuf,4,0,True); + set_message(inbuf,outbuf,4,0,True); SSVAL(outbuf, smb_vwv3, 0); if (server_info->guest) { @@ -539,7 +542,7 @@ static int reply_spnego_kerberos(connection_struct *conn, ap_rep_wrapped = data_blob(NULL, 0); } response = spnego_gen_auth_response(&ap_rep_wrapped, ret, OID_KERBEROS5_OLD); - reply_sesssetup_blob(conn, outbuf, response, ret); + reply_sesssetup_blob(conn, inbuf, outbuf, response, ret); data_blob_free(&ap_rep); data_blob_free(&ap_rep_wrapped); @@ -593,7 +596,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out /* current_user_info is changed on new vuid */ reload_services( True ); - set_message(outbuf,4,0,True); + set_message(inbuf,outbuf,4,0,True); SSVAL(outbuf, smb_vwv3, 0); if (server_info->guest) { @@ -612,7 +615,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out response = *ntlmssp_blob; } - ret = reply_sesssetup_blob(conn, outbuf, response, nt_status); + ret = reply_sesssetup_blob(conn, inbuf, outbuf, response, nt_status); if (wrap) { data_blob_free(&response); } @@ -1513,11 +1516,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, data_blob_clear_free(&plaintext_password); /* it's ok - setup a reply */ - set_message(outbuf,3,0,True); + set_message(inbuf,outbuf,3,0,True); if (Protocol >= PROTOCOL_NT1) { char *p = smb_buf( outbuf ); p += add_signature( outbuf, p ); - set_message_end( outbuf, p ); + set_message_end(inbuf, outbuf, p ); /* perhaps grab OS version here?? */ } diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 8f1226c6660..12a9e193018 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -577,7 +577,8 @@ static struct ea_list *ea_list_union(struct ea_list *name_list, struct ea_list * HACK ! Always assumes smb_setup field is zero. ****************************************************************************/ -int send_trans2_replies(char *outbuf, +int send_trans2_replies(const char *inbuf, + char *outbuf, int bufsize, const char *params, int paramsize, @@ -602,7 +603,7 @@ int send_trans2_replies(char *outbuf, /* Initially set the wcnt area to be 10 - this is true for all trans2 replies */ - set_message(outbuf,10,0,True); + set_message(inbuf,outbuf,10,0,True); /* Modify the data_to_send and datasize and set the error if we're trying to send more than max_data_bytes. We still send @@ -657,7 +658,7 @@ int send_trans2_replies(char *outbuf, total_sent_thistime = MIN(total_sent_thistime, useable_space+ alignment_offset + data_alignment_offset); - set_message(outbuf, 10, total_sent_thistime, True); + set_message(inbuf, outbuf, 10, total_sent_thistime, True); /* Set total params and data to be sent */ SSVAL(outbuf,smb_tprcnt,paramsize); @@ -950,7 +951,7 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i } /* Send the required number of replies */ - send_trans2_replies(outbuf, bufsize, params, 30, *ppdata, 0, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 30, *ppdata, 0, max_data_bytes); return -1; } @@ -1929,7 +1930,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd SSVAL(params,6,0); /* Never an EA error */ SSVAL(params,8,last_entry_off); - send_trans2_replies( outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata), max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata), max_data_bytes); if ((! *directory) && dptr_path(dptr_num)) slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); @@ -2222,7 +2223,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd SSVAL(params,4,0); /* Never an EA error */ SSVAL(params,6,last_entry_off); - send_trans2_replies( outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata), max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata), max_data_bytes); if ((! *directory) && dptr_path(dptr_num)) slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); @@ -2703,7 +2704,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned } - send_trans2_replies( outbuf, bufsize, params, 0, pdata, data_len, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 0, pdata, data_len, max_data_bytes); DEBUG( 4, ( "%s info_level = %d\n", smb_fn_name(CVAL(inbuf,smb_com)), info_level) ); @@ -2804,7 +2805,7 @@ cap_low = 0x%x, cap_high = 0x%x\n", return ERROR_NT(status); } - send_trans2_replies(outbuf, bufsize, *pparams, param_len, *ppdata, data_len, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, *pparams, param_len, *ppdata, data_len, max_data_bytes); if (NT_STATUS_IS_OK(status)) { /* Server-side transport encryption is now *on*. */ @@ -2899,7 +2900,7 @@ cap_low = 0x%x, cap_high = 0x%x\n", * like windows do... * --metze */ - outsize = set_message(outbuf,10,0,True); + outsize = set_message(inbuf, outbuf,10,0,True); return outsize; } @@ -4018,7 +4019,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd return ERROR_NT(NT_STATUS_INVALID_LEVEL); } - send_trans2_replies(outbuf, bufsize, params, param_size, *ppdata, data_size, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, param_size, *ppdata, data_size, max_data_bytes); return(-1); } @@ -5692,7 +5693,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char DEBUG(3,("call_trans2setfilepathinfo: Cancelling print job (%s)\n", fsp->fsp_name )); SSVAL(params,0,0); - send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 2, *ppdata, 0, max_data_bytes); return(-1); } else return (UNIXERROR(ERRDOS,ERRbadpath)); @@ -6023,7 +6024,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char } SSVAL(params,0,0); - send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, data_return_size, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 2, *ppdata, data_return_size, max_data_bytes); return -1; } @@ -6122,7 +6123,7 @@ static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf, SSVAL(params,0,0); - send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 2, *ppdata, 0, max_data_bytes); return(-1); } @@ -6171,7 +6172,7 @@ static int call_trans2findnotifyfirst(connection_struct *conn, char *inbuf, char if(fnf_handle == 0) fnf_handle = 257; - send_trans2_replies(outbuf, bufsize, params, 6, *ppdata, 0, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 6, *ppdata, 0, max_data_bytes); return(-1); } @@ -6199,7 +6200,7 @@ static int call_trans2findnotifynext(connection_struct *conn, char *inbuf, char SSVAL(params,0,0); /* No changes */ SSVAL(params,2,0); /* No EA errors */ - send_trans2_replies(outbuf, bufsize, params, 4, *ppdata, 0, max_data_bytes); + send_trans2_replies(inbuf, outbuf, bufsize, params, 4, *ppdata, 0, max_data_bytes); return(-1); } @@ -6234,7 +6235,7 @@ static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, char* return ERROR_NT(status); SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_DFS_PATHNAMES); - send_trans2_replies(outbuf,bufsize,0,0,*ppdata,reply_size, max_data_bytes); + send_trans2_replies(inbuf, outbuf,bufsize,0,0,*ppdata,reply_size, max_data_bytes); return(-1); } @@ -6272,7 +6273,7 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, char* outbuf, SSVAL(pdata,0,fsp->rap_print_jobid); /* Job number */ srvstr_push( outbuf, pdata + 2, global_myname(), 15, STR_ASCII|STR_TERMINATE); /* Our NetBIOS name */ srvstr_push( outbuf, pdata+18, lp_servicename(SNUM(conn)), 13, STR_ASCII|STR_TERMINATE); /* Service name */ - send_trans2_replies(outbuf,bufsize,*pparams,0,*ppdata,32, max_data_bytes); + send_trans2_replies(inbuf, outbuf,bufsize,*pparams,0,*ppdata,32, max_data_bytes); return(-1); } else { DEBUG(2,("Unknown TRANS2_IOCTL\n")); @@ -6295,7 +6296,7 @@ int reply_findclose(connection_struct *conn, dptr_close(&dptr_num); - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf, outbuf,0,0,False); DEBUG(3,("SMBfindclose dptr_num = %d\n", dptr_num)); @@ -6322,7 +6323,7 @@ int reply_findnclose(connection_struct *conn, findnotifyfirst - so any dptr_num is ok here. Just ignore it. */ - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf, outbuf,0,0,False); DEBUG(3,("SMB_findnclose dptr_num = %d\n", dptr_num)); @@ -6640,7 +6641,7 @@ int reply_trans2(connection_struct *conn, char *inbuf,char *outbuf, /* We need to send an interim response then receive the rest of the parameter/data bytes */ - outsize = set_message(outbuf,0,0,False); + outsize = set_message(inbuf, outbuf,0,0,False); show_msg(outbuf); END_PROFILE(SMBtrans2); return outsize; -- cgit