NTSTATUS
SrvProcessLogoffAndX(
PSRV_EXEC_CONTEXT pExecContext
)
{
NTSTATUS ntStatus = 0;
PLWIO_SRV_CONNECTION pConnection = pExecContext->pConnection;
PSRV_PROTOCOL_EXEC_CONTEXT pCtxProtocol = pExecContext->pProtocolContext;
PSRV_EXEC_CONTEXT_SMB_V1 pCtxSmb1 = pCtxProtocol->pSmb1Context;
ULONG iMsg = pCtxSmb1->iMsg;
PSRV_MESSAGE_SMB_V1 pSmbRequest = &pCtxSmb1->pRequests[iMsg];
PSRV_MESSAGE_SMB_V1 pSmbResponse = &pCtxSmb1->pResponses[iMsg];
PLOGOFF_RESPONSE_HEADER pResponseHeader = NULL; // Do not free
PBYTE pOutBuffer = pSmbResponse->pBuffer;
ULONG ulBytesAvailable = pSmbResponse->ulBytesAvailable;
ULONG ulOffset = 0;
ULONG ulTotalBytesUsed = 0;
PLWIO_SRV_SESSION pSession = NULL;
ntStatus = SrvConnectionFindSession(
pConnection,
pSmbRequest->pHeader->uid,
&pSession);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = SrvSetStatSessionInfo(pExecContext, pSession);
BAIL_ON_NT_STATUS(ntStatus);
SRV_LOG_DEBUG(
pExecContext->pLogContext,
SMB_PROTOCOL_VERSION_1,
pSmbRequest->pHeader->command,
"Logging off session: command(%u),uid(%u),mid(%u),pid(%u),tid(%u)",
pSmbRequest->pHeader->command,
pSmbRequest->pHeader->uid,
pSmbRequest->pHeader->mid,
SMB_V1_GET_PROCESS_ID(pSmbRequest->pHeader),
pSmbRequest->pHeader->tid);
SrvSessionRundown(pSession);
if (!pSmbResponse->ulSerialNum)
{
ntStatus = SrvMarshalHeader_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_LOGOFF_ANDX,
STATUS_SUCCESS,
TRUE,
pConnection->serverProperties.Capabilities,
pSmbRequest->pHeader->tid,
SMB_V1_GET_PROCESS_ID(pSmbRequest->pHeader),
pSmbRequest->pHeader->uid,
pSmbRequest->pHeader->mid,
pConnection->serverProperties.bRequireSecuritySignatures,
&pSmbResponse->pHeader,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
else
{
ntStatus = SrvMarshalHeaderAndX_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_LOGOFF_ANDX,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
BAIL_ON_NT_STATUS(ntStatus);
pOutBuffer += pSmbResponse->usHeaderSize;
ulOffset += pSmbResponse->usHeaderSize;
ulBytesAvailable -= pSmbResponse->usHeaderSize;
ulTotalBytesUsed += pSmbResponse->usHeaderSize;
*pSmbResponse->pWordCount = 2;
if (ulBytesAvailable < sizeof(LOGOFF_RESPONSE_HEADER))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
BAIL_ON_NT_STATUS(ntStatus);
}
pResponseHeader = (PLOGOFF_RESPONSE_HEADER)pOutBuffer;
// pOutBuffer += sizeof(LOGOFF_RESPONSE_HEADER);
// ulOffset += sizeof(LOGOFF_RESPONSE_HEADER);
// ulBytesAvailable -= sizeof(LOGOFF_RESPONSE_HEADER);
ulTotalBytesUsed += sizeof(LOGOFF_RESPONSE_HEADER);
pResponseHeader->byteCount = 0;
pSmbResponse->ulMessageSize = ulTotalBytesUsed;
cleanup:
if (pSession)
{
SrvSessionRelease(pSession);
}
return ntStatus;
error:
if (ulTotalBytesUsed)
{
pSmbResponse->pHeader = NULL;
pSmbResponse->pAndXHeader = NULL;
memset(pSmbResponse->pBuffer, 0, ulTotalBytesUsed);
}
pSmbResponse->ulMessageSize = 0;
goto cleanup;
}
static
NTSTATUS
SrvMarshallEchoResponse(
PSRV_EXEC_CONTEXT pExecContext,
PBYTE pEchoBlob,
USHORT usEchoBlobLength
)
{
NTSTATUS ntStatus = 0;
PSRV_PROTOCOL_EXEC_CONTEXT pCtxProtocol = pExecContext->pProtocolContext;
PSRV_EXEC_CONTEXT_SMB_V1 pCtxSmb1 = pCtxProtocol->pSmb1Context;
ULONG iMsg = pCtxSmb1->iMsg;
PSRV_MESSAGE_SMB_V1 pSmbRequest = &pCtxSmb1->pRequests[iMsg];
PSRV_MESSAGE_SMB_V1 pSmbResponse = &pCtxSmb1->pResponses[iMsg];
PECHO_RESPONSE_HEADER pResponseHeader = NULL; // Do not free
PBYTE pOutBuffer = pSmbResponse->pBuffer;
ULONG ulBytesAvailable = pSmbResponse->ulBytesAvailable;
ULONG ulOffset = 0;
USHORT usBytesUsed = 0;
ULONG ulTotalBytesUsed = 0;
PCSTR pMinEchoBlob = "lwio";
if (!pSmbResponse->ulSerialNum)
{
ntStatus = SrvMarshalHeader_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_ECHO,
STATUS_SUCCESS,
TRUE,
pExecContext->pConnection->serverProperties.Capabilities,
pSmbRequest->pHeader->tid,
SMB_V1_GET_PROCESS_ID(pSmbRequest->pHeader),
pSmbRequest->pHeader->uid,
pSmbRequest->pHeader->mid,
FALSE,
&pSmbResponse->pHeader,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
else
{
ntStatus = SrvMarshalHeaderAndX_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_ECHO,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
BAIL_ON_NT_STATUS(ntStatus);
pOutBuffer += pSmbResponse->usHeaderSize;
ulOffset += pSmbResponse->usHeaderSize;
ulBytesAvailable -= pSmbResponse->usHeaderSize;
ulTotalBytesUsed += pSmbResponse->usHeaderSize;
*pSmbResponse->pWordCount = 1;
if (ulBytesAvailable < sizeof(ECHO_RESPONSE_HEADER))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
BAIL_ON_NT_STATUS(ntStatus);
}
pResponseHeader = (PECHO_RESPONSE_HEADER)pOutBuffer;
pOutBuffer += sizeof(ECHO_RESPONSE_HEADER);
ulOffset += sizeof(ECHO_RESPONSE_HEADER);
ulBytesAvailable -= sizeof(ECHO_RESPONSE_HEADER);
ulTotalBytesUsed += sizeof(ECHO_RESPONSE_HEADER);
ntStatus = WireMarshallEchoResponseData(
pOutBuffer,
ulBytesAvailable,
(usEchoBlobLength > 4 ? pEchoBlob : (PBYTE)pMinEchoBlob),
(usEchoBlobLength > 4 ? usEchoBlobLength : strlen(pMinEchoBlob)),
&usBytesUsed);
BAIL_ON_NT_STATUS(ntStatus);
pResponseHeader->sequenceNumber = 0;
pResponseHeader->byteCount = (USHORT)usBytesUsed;
// pOutBuffer += usBytesUsed;
// ulOffset += usBytesUsed;
// ulBytesAvailable -= usBytesUsed;
ulTotalBytesUsed += usBytesUsed;
pSmbResponse->ulMessageSize = ulTotalBytesUsed;
cleanup:
return ntStatus;
error:
if (ulTotalBytesUsed)
{
pSmbResponse->pHeader = NULL;
pSmbResponse->pAndXHeader = NULL;
memset(pSmbResponse->pBuffer, 0, ulTotalBytesUsed);
}
pSmbResponse->ulMessageSize = 0;
goto cleanup;
}
NTSTATUS
SrvBuildSetInfoResponse(
PSRV_EXEC_CONTEXT pExecContext
)
{
NTSTATUS ntStatus = 0;
PLWIO_SRV_CONNECTION pConnection = pExecContext->pConnection;
PSRV_PROTOCOL_EXEC_CONTEXT pCtxProtocol = pExecContext->pProtocolContext;
PSRV_EXEC_CONTEXT_SMB_V1 pCtxSmb1 = pCtxProtocol->pSmb1Context;
ULONG iMsg = pCtxSmb1->iMsg;
PSRV_MESSAGE_SMB_V1 pSmbRequest = &pCtxSmb1->pRequests[iMsg];
PSRV_MESSAGE_SMB_V1 pSmbResponse = &pCtxSmb1->pResponses[iMsg];
PBYTE pOutBuffer = pSmbResponse->pBuffer;
ULONG ulBytesAvailable = pSmbResponse->ulBytesAvailable;
ULONG ulOffset = 0;
USHORT usBytesUsed = 0;
ULONG ulTotalBytesUsed = 0;
PUSHORT pSetup = NULL;
BYTE setupCount = 0;
USHORT usParams = 0;
USHORT usDataOffset = 0;
USHORT usParameterOffset = 0;
if (!pSmbResponse->ulSerialNum)
{
ntStatus = SrvMarshalHeader_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_TRANSACTION2,
STATUS_SUCCESS,
TRUE,
pConnection->serverProperties.Capabilities,
pCtxSmb1->pTree->tid,
SMB_V1_GET_PROCESS_ID(pSmbRequest->pHeader),
pCtxSmb1->pSession->uid,
pSmbRequest->pHeader->mid,
pConnection->serverProperties.bRequireSecuritySignatures,
&pSmbResponse->pHeader,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
else
{
ntStatus = SrvMarshalHeaderAndX_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_TRANSACTION2,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
BAIL_ON_NT_STATUS(ntStatus);
pOutBuffer += pSmbResponse->usHeaderSize;
ulOffset += pSmbResponse->usHeaderSize;
ulBytesAvailable -= pSmbResponse->usHeaderSize;
ulTotalBytesUsed += pSmbResponse->usHeaderSize;
*pSmbResponse->pWordCount = 10 + setupCount;
ntStatus = WireMarshallTransaction2Response(
pOutBuffer,
ulBytesAvailable,
ulOffset,
pSetup,
setupCount,
(PBYTE)&usParams,
sizeof(usParams),
NULL,
0,
&usDataOffset,
&usParameterOffset,
&usBytesUsed);
BAIL_ON_NT_STATUS(ntStatus);
// pOutBuffer += usBytesUsed;
// ulOffset += usBytesUsed;
// ulBytesAvailable -= usBytesUsed;
ulTotalBytesUsed += usBytesUsed;
pSmbResponse->ulMessageSize = ulTotalBytesUsed;
cleanup:
return ntStatus;
error:
if (ulTotalBytesUsed)
{
pSmbResponse->pHeader = NULL;
pSmbResponse->pAndXHeader = NULL;
memset(pSmbResponse->pBuffer, 0, ulTotalBytesUsed);
}
pSmbResponse->ulMessageSize = 0;
goto cleanup;
}
NTSTATUS
SrvBuildNegotiateResponse_SMB_V1_NTLM_0_12(
IN PLWIO_SRV_CONNECTION pConnection,
IN PSMB_PACKET pSmbRequest,
IN SMB_PROTOCOL_DIALECT Dialect,
IN USHORT idxDialect,
OUT PSMB_PACKET* ppSmbResponse
)
{
NTSTATUS ntStatus = 0;
NEGOTIATE_RESPONSE_HEADER* pResponseHeader = NULL;
time_t curTime = 0L;
LONG64 llUTCTime = 0LL;
uint16_t byteCount = 0;
uint8_t* pDataCursor = NULL;
PSRV_PROPERTIES pServerProperties = &pConnection->serverProperties;
PSMB_PACKET pSmbResponse = NULL;
PWSTR pwszHostname = NULL;
ntStatus = SMBPacketAllocate(
pConnection->hPacketAllocator,
&pSmbResponse);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = SMBPacketBufferAllocate(
pConnection->hPacketAllocator,
(64 * 1024) + 4096,
&pSmbResponse->pRawBuffer,
&pSmbResponse->bufferLen);
BAIL_ON_NT_STATUS(ntStatus);
if ((pSmbRequest->pSMBHeader->flags2 & FLAG2_EXT_SEC) == 0)
{
pServerProperties->Capabilities &= ~CAP_EXTENDED_SECURITY;
}
ntStatus = SMBPacketMarshallHeader(
pSmbResponse->pRawBuffer,
pSmbResponse->bufferLen,
COM_NEGOTIATE,
0,
TRUE,
pSmbRequest->pSMBHeader->tid,
SMB_V1_GET_PROCESS_ID(pSmbRequest->pSMBHeader),
0,
pSmbRequest->pSMBHeader->mid,
FALSE,
pSmbResponse);
BAIL_ON_NT_STATUS(ntStatus);
if ((pServerProperties->Capabilities & CAP_EXTENDED_SECURITY) == 0)
{
pSmbResponse->pSMBHeader->flags2 &= ~FLAG2_EXT_SEC;
}
pSmbResponse->pSMBHeader->wordCount = 17;
pResponseHeader = (NEGOTIATE_RESPONSE_HEADER*)pSmbResponse->pParams;
pSmbResponse->pData = pSmbResponse->pParams + sizeof(NEGOTIATE_RESPONSE_HEADER);
pSmbResponse->bufferUsed += sizeof(NEGOTIATE_RESPONSE_HEADER);
pResponseHeader->dialectIndex = idxDialect;
pResponseHeader->securityMode = 0;
if (pServerProperties->preferredSecurityMode == SMB_SECURITY_MODE_USER)
{
pResponseHeader->securityMode |= 0x1; // User level security
}
if (pServerProperties->bEncryptPasswords)
{
pResponseHeader->securityMode |= 0x2;
}
if (pServerProperties->bEnableSecuritySignatures)
{
pResponseHeader->securityMode |= 0x4;
}
if (pServerProperties->bRequireSecuritySignatures)
{
pResponseHeader->securityMode |= 0x8;
}
pResponseHeader->maxMpxCount = pServerProperties->MaxMpxCount;
pResponseHeader->maxNumberVcs = pServerProperties->MaxNumberVCs;
pResponseHeader->maxBufferSize = pServerProperties->MaxBufferSize;
pResponseHeader->maxRawSize = pServerProperties->MaxRawSize;
pResponseHeader->sessionKey = 0;
pResponseHeader->capabilities = pServerProperties->Capabilities;
curTime = time(NULL);
ntStatus = WireSMBUTimeToTimeZone(curTime, &pResponseHeader->serverTimeZone);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = WireSMBUTimetoNTTime(curTime, FALSE, &llUTCTime);
BAIL_ON_NT_STATUS(ntStatus);
pResponseHeader->systemTimeLow = llUTCTime & 0xFFFFFFFFLL;
pResponseHeader->systemTimeHigh = (llUTCTime & 0xFFFFFFFF00000000LL) >> 32;
pDataCursor = pSmbResponse->pData;
if (pResponseHeader->capabilities & CAP_EXTENDED_SECURITY)
{
PBYTE pNegHintsBlob = NULL; /* Do not free */
ULONG ulNegHintsLength = 0;
pResponseHeader->encryptionKeyLength = 0;
memcpy(pDataCursor, pServerProperties->GUID, sizeof(pServerProperties->GUID));
pDataCursor += sizeof(pServerProperties->GUID);
byteCount += sizeof(pServerProperties->GUID);
ntStatus = SrvGssNegHints(&pNegHintsBlob, &ulNegHintsLength);
/* Microsoft clients ignore the security blob on the neg prot response
so don't fail here if we can't get a negHintsBlob */
if (ntStatus == STATUS_SUCCESS)
{
memcpy(pDataCursor, pNegHintsBlob, ulNegHintsLength);
pDataCursor += ulNegHintsLength;
byteCount += ulNegHintsLength;
}
}
else
{
WCHAR wszWorkgroup[] = SRV_NATIVE_DOMAIN_W;
CHAR szHostname[HOST_NAME_MAX];
PWSTR pwszDomain = pConnection->clientProperties.pwszNativeDomain;
if (!pwszDomain)
{
pwszDomain = &wszWorkgroup[0];
}
if (gethostname(szHostname, HOST_NAME_MAX) == -1)
{
ntStatus = LwErrnoToNtStatus(errno);
BAIL_ON_NT_STATUS(ntStatus);
}
pResponseHeader->encryptionKeyLength =
sizeof(pConnection->ServerChallenge);
// Generate challenge and remember it in connection
if (!RAND_bytes( pConnection->ServerChallenge,
sizeof(pConnection->ServerChallenge)))
{
ntStatus = STATUS_INTERNAL_ERROR;
BAIL_ON_NT_STATUS(ntStatus);
}
RtlCopyMemory(pDataCursor, &pConnection->ServerChallenge,
sizeof(pConnection->ServerChallenge));
pDataCursor += sizeof(pConnection->ServerChallenge);
byteCount += sizeof(pConnection->ServerChallenge);
// Add domain name
{
size_t sDomainLen = (wc16slen(pwszDomain)+1) * sizeof(wchar16_t);
RtlCopyMemory(pDataCursor, pwszDomain, sDomainLen);
pDataCursor += sDomainLen;
byteCount += sDomainLen;
}
// Add hostname
{
size_t sHostnameLen = 0;
ntStatus = SrvMbsToWc16s(szHostname, &pwszHostname);
BAIL_ON_NT_STATUS(ntStatus);
sHostnameLen = (wc16slen(pwszHostname)+1) * sizeof(wchar16_t);
RtlCopyMemory(pDataCursor, pwszHostname, sHostnameLen);
pDataCursor += sHostnameLen;
byteCount += sHostnameLen;
}
}
pResponseHeader->byteCount = byteCount;
pSmbResponse->bufferUsed += byteCount;
ntStatus = SMBPacketMarshallFooter(pSmbResponse);
BAIL_ON_NT_STATUS(ntStatus);
*ppSmbResponse = pSmbResponse;
cleanup:
SRV_SAFE_FREE_MEMORY(pwszHostname);
return ntStatus;
error:
*ppSmbResponse = NULL;
if (pSmbResponse)
{
SMBPacketRelease(pConnection->hPacketAllocator, pSmbResponse);
}
goto cleanup;
}
static
NTSTATUS
SrvBuildOpenResponse(
PSRV_EXEC_CONTEXT pExecContext
)
{
NTSTATUS ntStatus = 0;
PLWIO_SRV_CONNECTION pConnection = pExecContext->pConnection;
PSRV_PROTOCOL_EXEC_CONTEXT pCtxProtocol = pExecContext->pProtocolContext;
PSRV_EXEC_CONTEXT_SMB_V1 pCtxSmb1 = pCtxProtocol->pSmb1Context;
ULONG iMsg = pCtxSmb1->iMsg;
PSRV_MESSAGE_SMB_V1 pSmbRequest = &pCtxSmb1->pRequests[iMsg];
PSRV_MESSAGE_SMB_V1 pSmbResponse = &pCtxSmb1->pResponses[iMsg];
POPEN_RESPONSE_HEADER pResponseHeader = NULL; // Do not free
PBYTE pOutBuffer = pSmbResponse->pBuffer;
ULONG ulBytesAvailable = pSmbResponse->ulBytesAvailable;
ULONG ulOffset = 0;
ULONG ulTotalBytesUsed = 0;
PSRV_OPEN_STATE_SMB_V1 pOpenState = NULL;
pOpenState = (PSRV_OPEN_STATE_SMB_V1)pCtxSmb1->hState;
if (!pSmbResponse->ulSerialNum)
{
ntStatus = SrvMarshalHeader_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_OPEN_ANDX,
STATUS_SUCCESS,
TRUE,
pConnection->serverProperties.Capabilities,
pOpenState->pTree->tid,
SMB_V1_GET_PROCESS_ID(pSmbRequest->pHeader),
pCtxSmb1->pSession->uid,
pSmbRequest->pHeader->mid,
pConnection->serverProperties.bRequireSecuritySignatures,
&pSmbResponse->pHeader,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
else
{
ntStatus = SrvMarshalHeaderAndX_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_OPEN_ANDX,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
BAIL_ON_NT_STATUS(ntStatus);
pOutBuffer += pSmbResponse->usHeaderSize;
ulOffset += pSmbResponse->usHeaderSize;
ulBytesAvailable -= pSmbResponse->usHeaderSize;
ulTotalBytesUsed += pSmbResponse->usHeaderSize;
*pSmbResponse->pWordCount = 15;
if (ulBytesAvailable < sizeof(OPEN_RESPONSE_HEADER))
{
ntStatus = STATUS_INVALID_BUFFER_SIZE;
BAIL_ON_NT_STATUS(ntStatus);
}
pResponseHeader = (POPEN_RESPONSE_HEADER)pOutBuffer;
// pOutBuffer += sizeof(OPEN_RESPONSE_HEADER);
// ulOffset += sizeof(OPEN_RESPONSE_HEADER);
// ulBytesAvailable -= sizeof(OPEN_RESPONSE_HEADER);
ulTotalBytesUsed += sizeof(OPEN_RESPONSE_HEADER);
pResponseHeader->usFid = pOpenState->pFile->fid;
pResponseHeader->ulServerFid = pOpenState->pFile->fid;
pResponseHeader->usOpenAction = pOpenState->ulCreateAction;
switch (pOpenState->ucOplockLevel)
{
case SMB_OPLOCK_LEVEL_I:
// file is opened only by this user at the current time
pResponseHeader->usOpenAction |= 0x8000;
break;
default:
pResponseHeader->usOpenAction &= ~0x8000;
break;
}
// TODO: Mirroring this field is close, but probably not exactly correct
pResponseHeader->usGrantedAccess = pOpenState->pRequestHeader->usDesiredAccess;
pResponseHeader->usFileAttributes = pOpenState->networkOpenInfo.FileAttributes;
ntStatus = WireNTTimeToSMBUTime(
pOpenState->networkOpenInfo.LastWriteTime,
&pResponseHeader->ulLastWriteTime);
BAIL_ON_NT_STATUS(ntStatus);
pResponseHeader->ulDataSize = SMB_MIN( UINT32_MAX,
pOpenState->networkOpenInfo.EndOfFile);
if (SrvTreeIsNamedPipe(pOpenState->pTree))
{
ntStatus = SrvMarshallPipeInfo(
pOpenState->pFilePipeInfo,
pOpenState->pFilePipeLocalInfo,
&pResponseHeader->usDeviceState);
BAIL_ON_NT_STATUS(ntStatus);
pResponseHeader->usFileType = (USHORT)pOpenState->filePipeInfo.ReadMode;
}
else
{
pResponseHeader->usFileType = 0;
pResponseHeader->usDeviceState = 0;
}
pResponseHeader->usReserved = 0;
pResponseHeader->usByteCount = 0;
pSmbResponse->ulMessageSize = ulTotalBytesUsed;
cleanup:
return ntStatus;
error:
if (ulTotalBytesUsed)
{
pSmbResponse->pHeader = NULL;
pSmbResponse->pAndXHeader = NULL;
memset(pSmbResponse->pBuffer, 0, ulTotalBytesUsed);
}
pSmbResponse->ulMessageSize = 0;
goto cleanup;
}
static
NTSTATUS
SrvBuildRenameResponse(
PSRV_EXEC_CONTEXT pExecContext
)
{
NTSTATUS ntStatus = 0;
PLWIO_SRV_CONNECTION pConnection = pExecContext->pConnection;
PSRV_PROTOCOL_EXEC_CONTEXT pCtxProtocol = pExecContext->pProtocolContext;
PSRV_EXEC_CONTEXT_SMB_V1 pCtxSmb1 = pCtxProtocol->pSmb1Context;
ULONG iMsg = pCtxSmb1->iMsg;
PSRV_MESSAGE_SMB_V1 pSmbRequest = &pCtxSmb1->pRequests[iMsg];
PSRV_MESSAGE_SMB_V1 pSmbResponse = &pCtxSmb1->pResponses[iMsg];
PSMB_RENAME_RESPONSE_HEADER pResponseHeader = NULL; // Do not free
PBYTE pOutBuffer = pSmbResponse->pBuffer;
ULONG ulBytesAvailable = pSmbResponse->ulBytesAvailable;
ULONG ulOffset = 0;
USHORT usBytesUsed = 0;
ULONG ulTotalBytesUsed = 0;
if (!pSmbResponse->ulSerialNum)
{
ntStatus = SrvMarshalHeader_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_RENAME,
STATUS_SUCCESS,
TRUE,
pCtxSmb1->pTree->tid,
SMB_V1_GET_PROCESS_ID(pSmbRequest->pHeader),
pCtxSmb1->pSession->uid,
pSmbRequest->pHeader->mid,
pConnection->serverProperties.bRequireSecuritySignatures,
&pSmbResponse->pHeader,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
else
{
ntStatus = SrvMarshalHeaderAndX_SMB_V1(
pOutBuffer,
ulOffset,
ulBytesAvailable,
COM_RENAME,
&pSmbResponse->pWordCount,
&pSmbResponse->pAndXHeader,
&pSmbResponse->usHeaderSize);
}
BAIL_ON_NT_STATUS(ntStatus);
pOutBuffer += pSmbResponse->usHeaderSize;
ulOffset += pSmbResponse->usHeaderSize;
ulBytesAvailable -= pSmbResponse->usHeaderSize;
ulTotalBytesUsed += pSmbResponse->usHeaderSize;
*pSmbResponse->pWordCount = 0;
ntStatus = WireMarshallRenameResponse(
pOutBuffer,
ulBytesAvailable,
ulOffset,
&pResponseHeader,
&usBytesUsed);
BAIL_ON_NT_STATUS(ntStatus);
// pOutBuffer += usBytesUsed;
// ulOffset += usBytesUsed;
// ulBytesAvailable -= usBytesUsed;
ulTotalBytesUsed += usBytesUsed;
pResponseHeader->usByteCount = 0;
pSmbResponse->ulMessageSize = ulTotalBytesUsed;
cleanup:
return ntStatus;
error:
if (ulTotalBytesUsed)
{
pSmbResponse->pHeader = NULL;
pSmbResponse->pAndXHeader = NULL;
memset(pSmbResponse->pBuffer, 0, ulTotalBytesUsed);
}
pSmbResponse->ulMessageSize = 0;
goto cleanup;
}