static void reply_corep(struct smb_request *req, uint16 choice) { reply_outbuf(req, 1, 0); SSVAL(req->outbuf, smb_vwv0, choice); set_Protocol(PROTOCOL_CORE); }
static void reply_lockingX_success(struct blocking_lock_record *blr) { struct smb_request *req = blr->req; reply_outbuf(req, 2, 0); SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */ SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */ /* * As this message is a lockingX call we must handle * any following chained message correctly. * This is normally handled in construct_reply(), * but as that calls switch_message, we can't use * that here and must set up the chain info manually. */ if (!srv_send_smb(req->sconn, (char *)req->outbuf, true, req->seqnum+1, IS_CONN_ENCRYPTED(req->conn)||req->encrypted, &req->pcd)) { exit_server_cleanly("construct_reply: srv_send_smb failed."); } TALLOC_FREE(req->outbuf); }
static void reply_lockingX_success(struct blocking_lock_record *blr) { reply_outbuf(blr->req, 2, 0); /* * As this message is a lockingX call we must handle * any following chained message correctly. * This is normally handled in construct_reply(), * but as that calls switch_message, we can't use * that here and must set up the chain info manually. */ chain_reply(blr->req); TALLOC_FREE(blr->req->outbuf); }
static void reply_coreplus(struct smb_request *req, uint16 choice) { int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); reply_outbuf(req, 13, 0); SSVAL(req->outbuf,smb_vwv0,choice); SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support readbraw and writebraw (possibly) */ /* Reply, SMBlockread, SMBwritelock supported. */ SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); SSVAL(req->outbuf,smb_vwv1,0x1); /* user level security, don't * encrypt */ set_Protocol(PROTOCOL_COREPLUS); }
static void reply_lanman1(struct smb_request *req, uint16 choice) { int secword=0; time_t t = time(NULL); struct smbd_server_connection *sconn = req->sconn; uint16_t raw; if (lp_async_smb_echo_handler()) { raw = 0; } else { raw = (lp_read_raw()?1:0) | (lp_write_raw()?2:0); } sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords(); secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0); SSVAL(req->outbuf,smb_vwv0,choice); SSVAL(req->outbuf,smb_vwv1,secword); /* Create a token value and add it to the outgoing packet. */ if (sconn->smb1.negprot.encrypted_passwords) { get_challenge(sconn, (uint8 *)smb_buf(req->outbuf)); SSVAL(req->outbuf,smb_vwv11, 8); } smbXsrv_connection_init_tables(req->sconn->conn, PROTOCOL_LANMAN1); /* Reply, SMBlockread, SMBwritelock supported. */ SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); SSVAL(req->outbuf,smb_vwv2, sconn->smb1.negprot.max_recv); SSVAL(req->outbuf,smb_vwv3, lp_max_mux()); /* maxmux */ SSVAL(req->outbuf,smb_vwv4, 1); SSVAL(req->outbuf,smb_vwv5, raw); /* tell redirector we support readbraw writebraw (possibly) */ SIVAL(req->outbuf,smb_vwv6, getpid()); SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60); srv_put_dos_date((char *)req->outbuf,smb_vwv8,t); return; }
void reply_pipe_read_and_X(struct smb_request *req) { smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2)); int smb_maxcnt = SVAL(req->inbuf,smb_vwv5); int smb_mincnt = SVAL(req->inbuf,smb_vwv6); int nread = -1; char *data; bool unused; /* we don't use the offset given to use for pipe reads. This is deliberate, instead we always return the next lump of data on the pipe */ #if 0 uint32 smb_offs = IVAL(req->inbuf,smb_vwv3); #endif if (!p) { reply_doserror(req, ERRDOS, ERRbadfid); return; } reply_outbuf(req, 12, smb_maxcnt); data = smb_buf(req->outbuf); nread = read_from_pipe(p, data, smb_maxcnt, &unused); if (nread < 0) { reply_doserror(req, ERRDOS, ERRnoaccess); return; } srv_set_message((char *)req->outbuf, 12, nread, False); SSVAL(req->outbuf,smb_vwv5,nread); SSVAL(req->outbuf,smb_vwv6,smb_offset(data,req->outbuf)); SSVAL(smb_buf(req->outbuf),-2,nread); DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n", p->pnum, smb_mincnt, smb_maxcnt, nread)); chain_reply(req); }
void reply_pipe_close(connection_struct *conn, struct smb_request *req) { smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv0)); if (!p) { reply_doserror(req, ERRDOS, ERRbadfid); return; } DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum)); if (!close_rpc_pipe_hnd(p)) { reply_doserror(req, ERRDOS, ERRbadfid); return; } /* TODO: REMOVE PIPE FROM DB */ reply_outbuf(req, 0, 0); return; }
static void reply_lanman2(struct smb_request *req, uint16 choice) { int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0); int secword=0; time_t t = time(NULL); struct smbd_server_connection *sconn = req->sconn; sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords(); if (lp_security()>=SEC_USER) { secword |= NEGOTIATE_SECURITY_USER_LEVEL; } if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0); SSVAL(req->outbuf,smb_vwv0,choice); SSVAL(req->outbuf,smb_vwv1,secword); SIVAL(req->outbuf,smb_vwv6,sys_getpid()); /* Create a token value and add it to the outgoing packet. */ if (sconn->smb1.negprot.encrypted_passwords) { get_challenge(sconn, (uint8 *)smb_buf(req->outbuf)); SSVAL(req->outbuf,smb_vwv11, 8); } set_Protocol(PROTOCOL_LANMAN2); /* Reply, SMBlockread, SMBwritelock supported. */ SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD); SSVAL(req->outbuf,smb_vwv2,sconn->smb1.negprot.max_recv); SSVAL(req->outbuf,smb_vwv3,lp_maxmux()); SSVAL(req->outbuf,smb_vwv4,1); SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */ SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60); srv_put_dos_date((char *)req->outbuf,smb_vwv8,t); }
void reply_pipe_write(struct smb_request *req) { smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv0)); size_t numtowrite = SVAL(req->inbuf,smb_vwv1); int nwritten; char *data; if (!p) { reply_doserror(req, ERRDOS, ERRbadfid); return; } if (p->vuid != req->vuid) { reply_nterror(req, NT_STATUS_INVALID_HANDLE); return; } data = smb_buf(req->inbuf) + 3; if (numtowrite == 0) { nwritten = 0; } else { nwritten = write_to_pipe(p, data, numtowrite); } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { reply_unixerror(req, ERRDOS, ERRnoaccess); return; } reply_outbuf(req, 1, 0); SSVAL(req->outbuf,smb_vwv0,nwritten); DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten)); return; }
void send_trans_reply(connection_struct *conn, struct smb_request *req, char *rparam, int rparam_len, char *rdata, int rdata_len, bool buffer_too_large) { int this_ldata,this_lparam; int tot_data_sent = 0; int tot_param_sent = 0; int align; int ldata = rdata ? rdata_len : 0; int lparam = rparam ? rparam_len : 0; struct smbd_server_connection *sconn = req->sconn; int max_send = sconn->smb1.sessions.max_send; if (buffer_too_large) DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata )); this_lparam = MIN(lparam,max_send - 500); /* hack */ this_ldata = MIN(ldata,max_send - (500+this_lparam)); align = ((this_lparam)%4); reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); /* * We might have SMBtranss in req which was transferred to the outbuf, * fix that. */ SCVAL(req->outbuf, smb_com, SMBtrans); copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); SSVAL(req->outbuf,smb_vwv0,lparam); SSVAL(req->outbuf,smb_vwv1,ldata); SSVAL(req->outbuf,smb_vwv3,this_lparam); SSVAL(req->outbuf,smb_vwv4, smb_offset(smb_buf(req->outbuf)+1, req->outbuf)); SSVAL(req->outbuf,smb_vwv5,0); SSVAL(req->outbuf,smb_vwv6,this_ldata); SSVAL(req->outbuf,smb_vwv7, smb_offset(smb_buf(req->outbuf)+1+this_lparam+align, req->outbuf)); SSVAL(req->outbuf,smb_vwv8,0); SSVAL(req->outbuf,smb_vwv9,0); if (buffer_too_large) { error_packet_set((char *)req->outbuf, ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } show_msg((char *)req->outbuf); if (!srv_send_smb(sconn, (char *)req->outbuf, true, req->seqnum+1, IS_CONN_ENCRYPTED(conn), &req->pcd)) { exit_server_cleanly("send_trans_reply: srv_send_smb failed."); } TALLOC_FREE(req->outbuf); tot_data_sent = this_ldata; tot_param_sent = this_lparam; while (tot_data_sent < ldata || tot_param_sent < lparam) { this_lparam = MIN(lparam-tot_param_sent, max_send - 500); /* hack */ this_ldata = MIN(ldata -tot_data_sent, max_send - (500+this_lparam)); if(this_lparam < 0) this_lparam = 0; if(this_ldata < 0) this_ldata = 0; align = (this_lparam%4); reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); /* * We might have SMBtranss in req which was transferred to the * outbuf, fix that. */ SCVAL(req->outbuf, smb_com, SMBtrans); copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); SSVAL(req->outbuf,smb_vwv0,lparam); SSVAL(req->outbuf,smb_vwv1,ldata); SSVAL(req->outbuf,smb_vwv3,this_lparam); SSVAL(req->outbuf,smb_vwv4, smb_offset(smb_buf(req->outbuf)+1,req->outbuf)); SSVAL(req->outbuf,smb_vwv5,tot_param_sent); SSVAL(req->outbuf,smb_vwv6,this_ldata); SSVAL(req->outbuf,smb_vwv7, smb_offset(smb_buf(req->outbuf)+1+this_lparam+align, req->outbuf)); SSVAL(req->outbuf,smb_vwv8,tot_data_sent); SSVAL(req->outbuf,smb_vwv9,0); if (buffer_too_large) { error_packet_set((char *)req->outbuf, ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } show_msg((char *)req->outbuf); if (!srv_send_smb(sconn, (char *)req->outbuf, true, req->seqnum+1, IS_CONN_ENCRYPTED(conn), &req->pcd)) exit_server_cleanly("send_trans_reply: srv_send_smb " "failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; TALLOC_FREE(req->outbuf); } }
void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) { const char *fname = NULL; char *pipe_name = NULL; files_struct *fsp; TALLOC_CTX *ctx = talloc_tos(); NTSTATUS status; /* XXXX we need to handle passed times, sattr and flags */ srvstr_pull_req_talloc(ctx, req, &pipe_name, req->buf, STR_TERMINATE); if (!pipe_name) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, ERRDOS, ERRbadpipe); return; } /* If the name doesn't start \PIPE\ then this is directed */ /* at a mailslot or something we really, really don't understand, */ /* not just something we really don't understand. */ if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) { reply_doserror(req, ERRSRV, ERRaccess); return; } DEBUG(4,("Opening pipe %s.\n", pipe_name)); /* Strip \PIPE\ off the name. */ fname = pipe_name + PIPELEN; #if 0 /* * Hack for NT printers... JRA. */ if(should_fail_next_srvsvc_open(fname)) { reply_doserror(req, ERRSRV, ERRaccess); return; } #endif status = open_np_file(req, fname, &fsp); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, ERRDOS, ERRbadpipe); return; } reply_nterror(req, status); return; } /* Prepare the reply */ reply_outbuf(req, 15, 0); /* Mark the opened file as an existing named pipe in message mode. */ SSVAL(req->outbuf,smb_vwv9,2); SSVAL(req->outbuf,smb_vwv10,0xc700); SSVAL(req->outbuf, smb_vwv2, fsp->fnum); SSVAL(req->outbuf, smb_vwv3, 0); /* fmode */ srv_put_dos_date3((char *)req->outbuf, smb_vwv4, 0); /* mtime */ SIVAL(req->outbuf, smb_vwv6, 0); /* size */ SSVAL(req->outbuf, smb_vwv8, 0); /* rmode */ SSVAL(req->outbuf, smb_vwv11, 0x0001); chain_reply(req); return; }
void reply_negprot(struct smb_request *req) { int choice= -1; int chosen_level = -1; int protocol; const char *p; int arch = ARCH_ALL; int num_cliprotos; char **cliprotos; int i; size_t converted_size; struct smbd_server_connection *sconn = req->sconn; START_PROFILE(SMBnegprot); if (sconn->smb1.negprot.done) { END_PROFILE(SMBnegprot); exit_server_cleanly("multiple negprot's are not permitted"); } sconn->smb1.negprot.done = true; if (req->buflen == 0) { DEBUG(0, ("negprot got no protocols\n")); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBnegprot); return; } if (req->buf[req->buflen-1] != '\0') { DEBUG(0, ("negprot protocols not 0-terminated\n")); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBnegprot); return; } p = (const char *)req->buf + 1; num_cliprotos = 0; cliprotos = NULL; while (smbreq_bufrem(req, p) > 0) { char **tmp; tmp = talloc_realloc(talloc_tos(), cliprotos, char *, num_cliprotos+1); if (tmp == NULL) { DEBUG(0, ("talloc failed\n")); TALLOC_FREE(cliprotos); reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBnegprot); return; } cliprotos = tmp; if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p, &converted_size)) { DEBUG(0, ("pull_ascii_talloc failed\n")); TALLOC_FREE(cliprotos); reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBnegprot); return; } DEBUG(3, ("Requested protocol [%s]\n", cliprotos[num_cliprotos])); num_cliprotos += 1; p += strlen(p) + 2; } for (i=0; i<num_cliprotos; i++) { if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K ); else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) arch &= ( ARCH_WFWG | ARCH_WIN95 ); else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) arch &= ( ARCH_WFWG | ARCH_WIN95 ); else if (strcsequal(cliprotos[i], "NT LM 0.12")) arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K | ARCH_CIFSFS); else if (strcsequal(cliprotos[i], "SMB 2.001")) arch = ARCH_VISTA; else if (strcsequal(cliprotos[i], "LANMAN2.1")) arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 ); else if (strcsequal(cliprotos[i], "LM1.2X002")) arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 ); else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) arch &= ARCH_WINNT; else if (strcsequal(cliprotos[i], "XENIX CORE")) arch &= ( ARCH_WINNT | ARCH_OS2 ); else if (strcsequal(cliprotos[i], "Samba")) { arch = ARCH_SAMBA; break; } else if (strcsequal(cliprotos[i], "POSIX 2")) { arch = ARCH_CIFSFS; break; } } /* CIFSFS can send one arch only, NT LM 0.12. */ if (i == 1 && (arch & ARCH_CIFSFS)) { arch = ARCH_CIFSFS; } switch ( arch ) { case ARCH_CIFSFS: set_remote_arch(RA_CIFSFS); break; case ARCH_SAMBA: set_remote_arch(RA_SAMBA); break; case ARCH_WFWG: set_remote_arch(RA_WFWG); break; case ARCH_WIN95: set_remote_arch(RA_WIN95); break; case ARCH_WINNT: if(req->flags2 == FLAGS2_WIN2K_SIGNATURE) set_remote_arch(RA_WIN2K); else set_remote_arch(RA_WINNT); break; case ARCH_WIN2K: /* Vista may have been set in the negprot so don't override it here */ if ( get_remote_arch() != RA_VISTA ) set_remote_arch(RA_WIN2K); break; case ARCH_VISTA: set_remote_arch(RA_VISTA); break; case ARCH_OS2: set_remote_arch(RA_OS2); break; default: set_remote_arch(RA_UNKNOWN); break; } /* possibly reload - change of architecture */ reload_services(sconn, conn_snum_used, true); /* moved from the netbios session setup code since we don't have that when the client connects to port 445. Of course there is a small window where we are listening to messages -- jerry */ serverid_register(messaging_server_id(sconn->msg_ctx), FLAG_MSG_GENERAL|FLAG_MSG_SMBD |FLAG_MSG_PRINT_GENERAL); /* Check for protocols, most desirable first */ for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) { i = 0; if ((supported_protocols[protocol].protocol_level <= lp_server_max_protocol()) && (supported_protocols[protocol].protocol_level >= lp_server_min_protocol())) while (i < num_cliprotos) { if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) { choice = i; chosen_level = supported_protocols[protocol].protocol_level; } i++; } if(choice != -1) break; } if(choice != -1) { fstrcpy(remote_proto,supported_protocols[protocol].short_name); reload_services(sconn, conn_snum_used, true); supported_protocols[protocol].proto_reply_fn(req, choice); DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name)); } else { DEBUG(0,("No protocol supported !\n")); reply_outbuf(req, 1, 0); SSVAL(req->outbuf, smb_vwv0, choice); } DEBUG( 5, ( "negprot index=%d\n", choice ) ); if ((lp_server_signing() == SMB_SIGNING_REQUIRED) && (chosen_level < PROTOCOL_NT1)) { exit_server_cleanly("SMB signing is required and " "client negotiated a downlevel protocol"); } TALLOC_FREE(cliprotos); if (lp_async_smb_echo_handler() && (chosen_level < PROTOCOL_SMB2_02) && !fork_echo_handler(sconn)) { exit_server("Failed to fork echo handler"); } END_PROFILE(SMBnegprot); return; }
static void reply_nt1(struct smb_request *req, uint16 choice) { /* dual names + lock_and_read + nt SMBs + remote API calls */ int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ| CAP_LEVEL_II_OPLOCKS; int secword=0; bool negotiate_spnego = False; struct timespec ts; ssize_t ret; struct smbd_server_connection *sconn = req->sconn; bool signing_enabled = false; bool signing_required = false; sconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords(); /* Check the flags field to see if this is Vista. WinXP sets it and Vista does not. But we have to distinguish from NT which doesn't set it either. */ if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) && ((req->flags2 & FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED) == 0) ) { if (get_remote_arch() != RA_SAMBA) { set_remote_arch( RA_VISTA ); } } reply_outbuf(req,17,0); /* do spnego in user level security if the client supports it and we can do encrypted passwords */ if (sconn->smb1.negprot.encrypted_passwords && lp_use_spnego() && (req->flags2 & FLAGS2_EXTENDED_SECURITY)) { negotiate_spnego = True; capabilities |= CAP_EXTENDED_SECURITY; add_to_common_flags2(FLAGS2_EXTENDED_SECURITY); /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply (already partially constructed. */ SSVAL(req->outbuf, smb_flg2, req->flags2 | FLAGS2_EXTENDED_SECURITY); } capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS; if (lp_unicode()) { capabilities |= CAP_UNICODE; } if (lp_unix_extensions()) { capabilities |= CAP_UNIX; } if (lp_large_readwrite()) capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS; capabilities |= CAP_LARGE_FILES; if (!lp_async_smb_echo_handler() && lp_read_raw() && lp_write_raw()) capabilities |= CAP_RAW_MODE; if (lp_nt_status_support()) capabilities |= CAP_STATUS32; if (lp_host_msdfs()) capabilities |= CAP_DFS; secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (sconn->smb1.negprot.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } signing_enabled = smb_signing_is_allowed(req->sconn->smb1.signing_state); signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state); if (signing_enabled) { secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; /* No raw mode with smb signing. */ capabilities &= ~CAP_RAW_MODE; if (signing_required) { secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED; } } SSVAL(req->outbuf,smb_vwv0,choice); SCVAL(req->outbuf,smb_vwv1,secword); smbXsrv_connection_init_tables(req->sconn->conn, PROTOCOL_NT1); SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */ SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */ SIVAL(req->outbuf,smb_vwv3+1, sconn->smb1.negprot.max_recv); /* max buffer. LOTS! */ SIVAL(req->outbuf,smb_vwv5+1, 0x10000); /* raw size. full 64k */ SIVAL(req->outbuf,smb_vwv7+1, getpid()); /* session key */ SIVAL(req->outbuf,smb_vwv9+1, capabilities); /* capabilities */ clock_gettime(CLOCK_REALTIME,&ts); put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts); SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60); if (!negotiate_spnego) { /* Create a token value and add it to the outgoing packet. */ if (sconn->smb1.negprot.encrypted_passwords) { uint8 chal[8]; /* note that we do not send a challenge at all if we are using plaintext */ get_challenge(sconn, chal); ret = message_push_blob( &req->outbuf, data_blob_const(chal, sizeof(chal))); if (ret == -1) { DEBUG(0, ("Could not push challenge\n")); reply_nterror(req, NT_STATUS_NO_MEMORY); return; } SCVAL(req->outbuf, smb_vwv16+1, ret); } ret = message_push_string(&req->outbuf, lp_workgroup(), STR_UNICODE|STR_TERMINATE |STR_NOALIGN); if (ret == -1) { DEBUG(0, ("Could not push workgroup string\n")); reply_nterror(req, NT_STATUS_NO_MEMORY); return; } ret = message_push_string(&req->outbuf, lp_netbios_name(), STR_UNICODE|STR_TERMINATE |STR_NOALIGN); if (ret == -1) { DEBUG(0, ("Could not push netbios name string\n")); reply_nterror(req, NT_STATUS_NO_MEMORY); return; } DEBUG(3,("not using SPNEGO\n")); } else { DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn); if (spnego_blob.data == NULL) { reply_nterror(req, NT_STATUS_NO_MEMORY); return; } ret = message_push_blob(&req->outbuf, spnego_blob); if (ret == -1) { DEBUG(0, ("Could not push spnego blob\n")); reply_nterror(req, NT_STATUS_NO_MEMORY); return; } data_blob_free(&spnego_blob); SCVAL(req->outbuf,smb_vwv16+1, 0); DEBUG(3,("using SPNEGO\n")); } return; }
void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) { const char *fname = NULL; char *pipe_name = NULL; smb_np_struct *p; int size=0,fmode=0,mtime=0,rmode=0; int i; TALLOC_CTX *ctx = talloc_tos(); /* XXXX we need to handle passed times, sattr and flags */ srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &pipe_name, smb_buf(req->inbuf), STR_TERMINATE); if (!pipe_name) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, ERRDOS, ERRbadpipe); return; } /* If the name doesn't start \PIPE\ then this is directed */ /* at a mailslot or something we really, really don't understand, */ /* not just something we really don't understand. */ if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) { reply_doserror(req, ERRSRV, ERRaccess); return; } DEBUG(4,("Opening pipe %s.\n", pipe_name)); /* See if it is one we want to handle. */ for( i = 0; pipe_names[i].client_pipe ; i++ ) { if( strequal(pipe_name,pipe_names[i].client_pipe)) { break; } } if (pipe_names[i].client_pipe == NULL) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, ERRDOS, ERRbadpipe); return; } /* Strip \PIPE\ off the name. */ fname = pipe_name + PIPELEN; #if 0 /* * Hack for NT printers... JRA. */ if(should_fail_next_srvsvc_open(fname)) { reply_doserror(req, ERRSRV, ERRaccess); return; } #endif /* Known pipes arrive with DIR attribs. Remove it so a regular file */ /* can be opened and add it in after the open. */ DEBUG(3,("Known pipe %s opening.\n",fname)); p = open_rpc_pipe_p(fname, conn, req->vuid); if (!p) { reply_doserror(req, ERRSRV, ERRnofids); return; } /* Prepare the reply */ reply_outbuf(req, 15, 0); /* Mark the opened file as an existing named pipe in message mode. */ SSVAL(req->outbuf,smb_vwv9,2); SSVAL(req->outbuf,smb_vwv10,0xc700); if (rmode == 2) { DEBUG(4,("Resetting open result to open from create.\n")); rmode = 1; } SSVAL(req->outbuf,smb_vwv2, p->pnum); SSVAL(req->outbuf,smb_vwv3,fmode); srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime); SIVAL(req->outbuf,smb_vwv6,size); SSVAL(req->outbuf,smb_vwv8,rmode); SSVAL(req->outbuf,smb_vwv11,0x0001); chain_reply(req); return; }
void reply_pipe_write_and_X(struct smb_request *req) { smb_np_struct *p = get_rpc_pipe_p(SVAL(req->inbuf,smb_vwv2)); size_t numtowrite = SVAL(req->inbuf,smb_vwv10); int nwritten = -1; int smb_doff = SVAL(req->inbuf, smb_vwv11); bool pipe_start_message_raw = ((SVAL(req->inbuf, smb_vwv7) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) == (PIPE_START_MESSAGE|PIPE_RAW_MODE)); char *data; if (!p) { reply_doserror(req, ERRDOS, ERRbadfid); return; } if (p->vuid != req->vuid) { reply_nterror(req, NT_STATUS_INVALID_HANDLE); return; } data = smb_base(req->inbuf) + smb_doff; if (numtowrite == 0) { nwritten = 0; } else { if(pipe_start_message_raw) { /* * For the start of a message in named pipe byte mode, * the first two bytes are a length-of-pdu field. Ignore * them (we don't trust the client). JRA. */ if(numtowrite < 2) { DEBUG(0,("reply_pipe_write_and_X: start of " "message set and not enough data " "sent.(%u)\n", (unsigned int)numtowrite )); reply_unixerror(req, ERRDOS, ERRnoaccess); return; } data += 2; numtowrite -= 2; } nwritten = write_to_pipe(p, data, numtowrite); } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { reply_unixerror(req, ERRDOS,ERRnoaccess); return; } reply_outbuf(req, 6, 0); nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten); SSVAL(req->outbuf,smb_vwv2,nwritten); DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", p->pnum, nwritten)); chain_reply(req); }