static BOOL cli_session_setup_plaintext(struct cli_state *cli, const char *user, const char *pass, const char *workgroup) { uint32 capabilities = cli_session_setup_capabilities(cli); fstring pword; int passlen; char *p; passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE|STR_CONVERT); set_message(cli->outbuf,13,0,True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE); SSVAL(cli->outbuf,smb_vwv3,2); SSVAL(cli->outbuf,smb_vwv4,cli->pid); SIVAL(cli->outbuf,smb_vwv5,cli->sesskey); SSVAL(cli->outbuf,smb_vwv7,passlen); SSVAL(cli->outbuf,smb_vwv8,0); SIVAL(cli->outbuf,smb_vwv11,capabilities); p = smb_buf(cli->outbuf); memcpy(p, pword, passlen); p += passlen; p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_CONVERT); /* username */ p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_CONVERT); /* workgroup */ p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE|STR_CONVERT); p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE|STR_CONVERT); cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; show_msg(cli->inbuf); if (cli_is_error(cli)) { return False; } cli->vuid = SVAL(cli->inbuf,smb_uid); p = smb_buf(cli->inbuf); p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE); p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE); p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE); fstrcpy(cli->user_name, user); return True; }
BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout, enum brl_type lock_type) { char *p; int saved_timeout = cli->timeout; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0', smb_size); set_message(cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,fnum); SCVAL(cli->outbuf,smb_vwv3,(lock_type == READ_LOCK? 1 : 0)); SIVALS(cli->outbuf, smb_vwv4, timeout); SSVAL(cli->outbuf,smb_vwv6,0); SSVAL(cli->outbuf,smb_vwv7,1); p = smb_buf(cli->outbuf); SSVAL(p, 0, cli->pid); SIVAL(p, 2, offset); SIVAL(p, 6, len); p += 10; cli_setup_bcc(cli, p); cli_send_smb(cli); if (timeout != 0) { cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout*2 + 5*1000); } if (!cli_receive_smb(cli)) { cli->timeout = saved_timeout; return False; } cli->timeout = saved_timeout; if (cli_is_error(cli)) { return False; } return True; }
BOOL cli_tdis(struct cli_state *cli) { memset(cli->outbuf,'\0',smb_size); set_message(cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBtdis); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; return !cli_is_error(cli); }
BOOL cli_ulogoff(struct cli_state *cli) { memset(cli->outbuf,'\0',smb_size); set_message(cli->outbuf,2,0,True); SCVAL(cli->outbuf,smb_com,SMBulogoffX); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */ cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; return !cli_is_error(cli); }
int cli_ctemp(struct cli_state *cli, const char *path, char **tmp_path) { int len; char *p; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,3,0,True); SCVAL(cli->outbuf,smb_com,SMBctemp); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,0); SIVALS(cli->outbuf,smb_vwv1,-1); p = smb_buf(cli->outbuf); *p++ = 4; p += clistr_push(cli, p, path, -1, STR_TERMINATE); cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return -1; } if (cli_is_error(cli)) { return -1; } /* despite the spec, the result has a -1, followed by length, followed by name */ p = smb_buf(cli->inbuf); p += 4; len = smb_buflen(cli->inbuf) - 4; if (len <= 0) return -1; if (tmp_path) { pstring path2; clistr_pull(cli, path2, p, sizeof(path2), len, STR_ASCII); *tmp_path = strdup(path2); } return SVAL(cli->inbuf,smb_vwv0); }
BOOL cli_message_start(struct cli_state *cli, char *host, char *username, int *grp) { cli_message_start_build(cli, host, username); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_is_error(cli)) return False; *grp = SVAL(cli->inbuf,smb_vwv0); return True; }
/**************************************************************************** send a lock with a specified locktype this is used for testing LOCKING_ANDX_CANCEL_LOCK ****************************************************************************/ NTSTATUS cli_locktype(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout, unsigned char locktype) { char *p; int saved_timeout = cli->timeout; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0', smb_size); set_message(cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,fnum); SCVAL(cli->outbuf,smb_vwv3,locktype); SIVALS(cli->outbuf, smb_vwv4, timeout); SSVAL(cli->outbuf,smb_vwv6,0); SSVAL(cli->outbuf,smb_vwv7,1); p = smb_buf(cli->outbuf); SSVAL(p, 0, cli->pid); SIVAL(p, 2, offset); SIVAL(p, 6, len); p += 10; cli_setup_bcc(cli, p); cli_send_smb(cli); if (timeout != 0) { cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 2*1000); } if (!cli_receive_smb(cli)) { cli->timeout = saved_timeout; return NT_STATUS_UNSUCCESSFUL; } cli->timeout = saved_timeout; return cli_nt_error(cli); }
BOOL cli_getattrE(struct cli_state *cli, int fd, uint16 *attr, SMB_BIG_UINT *size, time_t *c_time, time_t *a_time, time_t *m_time) { memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,1,0,True); SCVAL(cli->outbuf,smb_com,SMBgetattrE); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,fd); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_is_error(cli)) { return False; } if (size) { *size = IVAL(cli->inbuf, smb_vwv6); } if (attr) { *attr = SVAL(cli->inbuf,smb_vwv10); } if (c_time) { *c_time = make_unix_date3(cli->inbuf+smb_vwv0); } if (a_time) { *a_time = make_unix_date3(cli->inbuf+smb_vwv2); } if (m_time) { *m_time = make_unix_date3(cli->inbuf+smb_vwv4); } return True; }
/**************************************************************************** write to a file using a SMBwrite and not bypassing 0 byte writes ****************************************************************************/ ssize_t cli_smbwrite(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size1) { char *p; ssize_t total = 0; do { size_t size = MIN(size1, cli->max_xmit - 48); memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,5, 3 + size,True); CVAL(cli->outbuf,smb_com) = SMBwrite; SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,fnum); SSVAL(cli->outbuf,smb_vwv1,size); SIVAL(cli->outbuf,smb_vwv2,offset); SSVAL(cli->outbuf,smb_vwv4,0); p = smb_buf(cli->outbuf); *p++ = 1; SSVAL(p, 0, size); memcpy(p+2, buf, size); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return -1; } if (CVAL(cli->inbuf,smb_rcls) != 0) { return -1; } size = SVAL(cli->inbuf,smb_vwv0); if (size == 0) break; size1 -= size; total += size; } while (size1); return total; }
BOOL cli_getatr(struct cli_state *cli, const char *fname, uint16 *attr, size_t *size, time_t *t) { char *p; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBgetatr); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); p = smb_buf(cli->outbuf); *p++ = 4; p += clistr_push(cli, p, fname, -1, STR_TERMINATE); cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_is_error(cli)) { return False; } if (size) { *size = IVAL(cli->inbuf, smb_vwv3); } if (t) { *t = make_unix_date3(cli->inbuf+smb_vwv1); } if (attr) { *attr = SVAL(cli->inbuf,smb_vwv0); } return True; }
BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail) { memset(cli->outbuf,'\0',smb_size); set_message(cli->outbuf,0,0,True); SCVAL(cli->outbuf,smb_com,SMBdskattr); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } *bsize = SVAL(cli->inbuf,smb_vwv1)*SVAL(cli->inbuf,smb_vwv2); *total = SVAL(cli->inbuf,smb_vwv0); *avail = SVAL(cli->inbuf,smb_vwv3); return True; }
BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_UINT len) { char *p; if (! (cli->capabilities & CAP_LARGE_FILES)) { return cli_unlock(cli, fnum, offset, len); } memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,fnum); SCVAL(cli->outbuf,smb_vwv3,LOCKING_ANDX_LARGE_FILES); SIVALS(cli->outbuf, smb_vwv4, 0); SSVAL(cli->outbuf,smb_vwv6,1); SSVAL(cli->outbuf,smb_vwv7,0); p = smb_buf(cli->outbuf); SIVAL(p, 0, cli->pid); SOFF_T_R(p, 4, offset); SOFF_T_R(p, 12, len); p += 20; cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_is_error(cli)) { return False; } return True; }
BOOL cli_close(struct cli_state *cli, int fnum) { memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,3,0,True); SCVAL(cli->outbuf,smb_com,SMBclose); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,fnum); SIVALS(cli->outbuf,smb_vwv1,-1); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } return !cli_is_error(cli); }
/**************************************************************************** start a message sequence ****************************************************************************/ BOOL cli_message_start(struct cli_state *cli, char *host, char *username, int *grp) { return False; #if 0 char *p; /* send a SMBsendstrt command */ memset(cli->outbuf,'\0',smb_size); set_message(cli->outbuf,0,0,True); CVAL(cli->outbuf,smb_com) = SMBsendstrt; SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); p = smb_buf(cli->outbuf); *p++ = 4; pstrcpy(p,username); unix_to_dos(p,True); p = skip_string(p,1); *p++ = 4; pstrcpy(p,host); unix_to_dos(p,True); p = skip_string(p,1); set_message(cli->outbuf,0,PTR_DIFF(p,smb_buf(cli->outbuf)),False); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_error(cli, NULL, NULL, NULL)) return False; *grp = SVAL(cli->inbuf,smb_vwv0); return True; #endif }
BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len) { char *p; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,8,0,True); SCVAL(cli->outbuf,smb_com,SMBlockingX); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,fnum); SCVAL(cli->outbuf,smb_vwv3,0); SIVALS(cli->outbuf, smb_vwv4, 0); SSVAL(cli->outbuf,smb_vwv6,1); SSVAL(cli->outbuf,smb_vwv7,0); p = smb_buf(cli->outbuf); SSVAL(p, 0, cli->pid); SIVAL(p, 2, offset); SIVAL(p, 6, len); p += 10; cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_is_error(cli)) { return False; } return True; }
BOOL cli_setattrE(struct cli_state *cli, int fd, time_t c_time, time_t a_time, time_t m_time) { char *p; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,7,0,True); SCVAL(cli->outbuf,smb_com,SMBsetattrE); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0, fd); cli_put_dos_date2(cli, cli->outbuf,smb_vwv1, c_time); cli_put_dos_date2(cli, cli->outbuf,smb_vwv3, a_time); cli_put_dos_date2(cli, cli->outbuf,smb_vwv5, m_time); p = smb_buf(cli->outbuf); *p++ = 4; cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_is_error(cli)) { return False; } return True; }
/**************************************************************************** end a message ****************************************************************************/ BOOL cli_message_end(struct cli_state *cli, int grp) { return False; #if 0 memset(cli->outbuf,'\0',smb_size); set_message(cli->outbuf,1,0,True); CVAL(cli->outbuf,smb_com) = SMBsendend; SSVAL(cli->outbuf,smb_tid,cli->cnum); SSVAL(cli->outbuf,smb_vwv0,grp); cli_setup_packet(cli); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return False; } if (cli_error(cli, NULL, NULL, NULL)) return False; return True; #endif }
bool cli_send_nt_trans(struct cli_state *cli, int function, int flags, uint16 *setup, unsigned int lsetup, unsigned int msetup, char *param, unsigned int lparam, unsigned int mparam, char *data, unsigned int ldata, unsigned int mdata) { unsigned int i; unsigned int this_ldata,this_lparam; unsigned int tot_data=0,tot_param=0; uint16 mid; char *outdata,*outparam; this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */ this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam)); memset(cli->outbuf,'\0',smb_size); cli_set_message(cli->outbuf,19+lsetup,0,True); SCVAL(cli->outbuf,smb_com,SMBnttrans); SSVAL(cli->outbuf,smb_tid, cli->cnum); cli_setup_packet(cli); /* * Save the mid we're using. We need this for finding * signing replies. */ mid = cli->mid; outparam = smb_buf(cli->outbuf)+3; outdata = outparam+this_lparam; /* primary request */ SCVAL(cli->outbuf,smb_nt_MaxSetupCount,msetup); SCVAL(cli->outbuf,smb_nt_Flags,flags); SIVAL(cli->outbuf,smb_nt_TotalParameterCount, lparam); SIVAL(cli->outbuf,smb_nt_TotalDataCount, ldata); SIVAL(cli->outbuf,smb_nt_MaxParameterCount, mparam); SIVAL(cli->outbuf,smb_nt_MaxDataCount, mdata); SIVAL(cli->outbuf,smb_nt_ParameterCount, this_lparam); SIVAL(cli->outbuf,smb_nt_ParameterOffset, smb_offset(outparam,cli->outbuf)); SIVAL(cli->outbuf,smb_nt_DataCount, this_ldata); SIVAL(cli->outbuf,smb_nt_DataOffset, smb_offset(outdata,cli->outbuf)); SIVAL(cli->outbuf,smb_nt_SetupCount, lsetup); SIVAL(cli->outbuf,smb_nt_Function, function); for (i=0;i<lsetup;i++) /* setup[] */ SSVAL(cli->outbuf,smb_nt_SetupStart+i*2,setup[i]); if (this_lparam) /* param[] */ memcpy(outparam,param,this_lparam); if (this_ldata) /* data[] */ memcpy(outdata,data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); show_msg(cli->outbuf); if (!cli_send_smb(cli)) { return False; } cli_state_seqnum_persistent(cli, mid); if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { cli_state_seqnum_remove(cli, mid); return(False); } tot_data = this_ldata; tot_param = this_lparam; while (tot_data < ldata || tot_param < lparam) { this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); cli_set_message(cli->outbuf,18,0,True); SCVAL(cli->outbuf,smb_com,SMBnttranss); /* XXX - these should probably be aligned */ outparam = smb_buf(cli->outbuf); outdata = outparam+this_lparam; /* secondary request */ SIVAL(cli->outbuf,smb_nts_TotalParameterCount,lparam); SIVAL(cli->outbuf,smb_nts_TotalDataCount,ldata); SIVAL(cli->outbuf,smb_nts_ParameterCount,this_lparam); SIVAL(cli->outbuf,smb_nts_ParameterOffset,smb_offset(outparam,cli->outbuf)); SIVAL(cli->outbuf,smb_nts_ParameterDisplacement,tot_param); SIVAL(cli->outbuf,smb_nts_DataCount,this_ldata); SIVAL(cli->outbuf,smb_nts_DataOffset,smb_offset(outdata,cli->outbuf)); SIVAL(cli->outbuf,smb_nts_DataDisplacement,tot_data); if (this_lparam) /* param[] */ memcpy(outparam,param+tot_param,this_lparam); if (this_ldata) /* data[] */ memcpy(outdata,data+tot_data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); show_msg(cli->outbuf); cli->mid = mid; if (!cli_send_smb(cli)) { cli_state_seqnum_remove(cli, mid); return False; } tot_data += this_ldata; tot_param += this_lparam; } } return(True); }
static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user, const char *pass, int passlen, const char *ntpass, int ntpasslen, const char *workgroup) { uint32 capabilities = cli_session_setup_capabilities(cli); fstring pword, ntpword; char *p; if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) { return False; } if (passlen != 24) { /* non encrypted password supplied. */ passlen = 24; ntpasslen = 24; clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE|STR_CONVERT); clistr_push(cli, ntpword, ntpass, sizeof(ntpword), STR_TERMINATE|STR_CONVERT); SMBencrypt((uchar *)pword,cli->cryptkey,(uchar *)pword); SMBNTencrypt((uchar *)ntpword,cli->cryptkey,(uchar *)ntpword); } else { memcpy(pword, pass, passlen); memcpy(ntpword, ntpass, ntpasslen); } /* send a session setup command */ memset(cli->outbuf,'\0',smb_size); set_message(cli->outbuf,13,0,True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE); SSVAL(cli->outbuf,smb_vwv3,2); SSVAL(cli->outbuf,smb_vwv4,cli->pid); SIVAL(cli->outbuf,smb_vwv5,cli->sesskey); SSVAL(cli->outbuf,smb_vwv7,passlen); SSVAL(cli->outbuf,smb_vwv8,ntpasslen); SIVAL(cli->outbuf,smb_vwv11,capabilities); p = smb_buf(cli->outbuf); memcpy(p,pword,passlen); p += passlen; memcpy(p,ntpword,ntpasslen); p += ntpasslen; p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER|STR_CONVERT); p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER|STR_CONVERT); p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE|STR_CONVERT); p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE|STR_CONVERT); cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; show_msg(cli->inbuf); if (cli_is_error(cli)) { return False; } /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); p = smb_buf(cli->inbuf); p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE); p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE); p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE); fstrcpy(cli->user_name, user); return True; }
static BOOL cli_session_setup_lanman2(struct cli_state *cli, const char *user, const char *pass, int passlen) { fstring pword; char *p; if (passlen > sizeof(pword)-1) { return False; } /* if in share level security then don't send a password now */ if (!(cli->sec_mode & 1)) { passlen = 0; } if (passlen > 0 && (cli->sec_mode & 2) && passlen != 24) { /* Encrypted mode needed, and non encrypted password supplied. */ passlen = 24; clistr_push(cli, pword, pass, -1, STR_CONVERT|STR_TERMINATE); SMBencrypt((uchar *)pword,cli->cryptkey,(uchar *)pword); } else if ((cli->sec_mode & 2) && passlen == 24) { /* Encrypted mode needed, and encrypted password supplied. */ memcpy(pword, pass, passlen); } else if (passlen > 0) { /* Plaintext mode needed, assume plaintext supplied. */ passlen = clistr_push(cli, pword, pass, -1, STR_CONVERT|STR_TERMINATE); } /* send a session setup command */ memset(cli->outbuf,'\0',smb_size); set_message(cli->outbuf,10, 0, True); SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit); SSVAL(cli->outbuf,smb_vwv3,2); SSVAL(cli->outbuf,smb_vwv4,1); SIVAL(cli->outbuf,smb_vwv5,cli->sesskey); SSVAL(cli->outbuf,smb_vwv7,passlen); p = smb_buf(cli->outbuf); memcpy(p,pword,passlen); p += passlen; p += clistr_push(cli, p, user, -1, STR_TERMINATE); cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; show_msg(cli->inbuf); if (cli_is_error(cli)) { return False; } /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); fstrcpy(cli->user_name, user); return True; }
BOOL cli_send_tconX(struct cli_state *cli, const char *share, const char *dev, const char *pass, int passlen) { fstring fullshare, pword, dos_pword; char *p; memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); fstrcpy(cli->share, share); /* in user level security don't send a password now */ if (cli->sec_mode & 1) { passlen = 1; pass = ""; } if ((cli->sec_mode & 2) && *pass && passlen != 24) { /* * Non-encrypted passwords - convert to DOS codepage before encryption. */ passlen = 24; clistr_push(cli, dos_pword, pass, -1, STR_CONVERT|STR_TERMINATE); SMBencrypt((uchar *)dos_pword,cli->cryptkey,(uchar *)pword); } else { if((cli->sec_mode & 3) == 0) { /* * Non-encrypted passwords - convert to DOS codepage before using. */ passlen = clistr_push(cli, pword, pass, -1, STR_CONVERT|STR_TERMINATE); } else { memcpy(pword, pass, passlen); } } slprintf(fullshare, sizeof(fullshare)-1, "\\\\%s\\%s", cli->desthost, share); set_message(cli->outbuf,4, 0, True); SCVAL(cli->outbuf,smb_com,SMBtconX); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv3,passlen); p = smb_buf(cli->outbuf); memcpy(p,pword,passlen); p += passlen; p += clistr_push(cli, p, fullshare, -1, STR_CONVERT|STR_TERMINATE|STR_UPPER); fstrcpy(p, dev); p += strlen(dev)+1; cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; if (cli_is_error(cli)) { return False; } fstrcpy(cli->dev, "A:"); if (cli->protocol >= PROTOCOL_NT1) { clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE); } if (strcasecmp(share,"IPC$")==0) { fstrcpy(cli->dev, "IPC"); } /* only grab the device if we have a recent protocol level */ if (cli->protocol >= PROTOCOL_NT1 && smb_buflen(cli->inbuf) == 3) { /* almost certainly win95 - enable bug fixes */ cli->win95 = True; } cli->cnum = SVAL(cli->inbuf,smb_tid); return True; }
BOOL cli_negprot(struct cli_state *cli) { char *p; int numprots; int plength; memset(cli->outbuf,'\0',smb_size); /* setup the protocol strings */ for (plength=0,numprots=0; prots[numprots].name && prots[numprots].prot<=cli->protocol; numprots++) plength += strlen(prots[numprots].name)+2; set_message(cli->outbuf,0,plength,True); p = smb_buf(cli->outbuf); for (numprots=0; prots[numprots].name && prots[numprots].prot<=cli->protocol; numprots++) { *p++ = 2; p += clistr_push(cli, p, prots[numprots].name, -1, STR_CONVERT|STR_TERMINATE); } SCVAL(cli->outbuf,smb_com,SMBnegprot); cli_setup_packet(cli); SCVAL(smb_buf(cli->outbuf),0,2); cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; show_msg(cli->inbuf); if (cli_is_error(cli) || ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) { return(False); } cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot; if (cli->protocol >= PROTOCOL_NT1) { /* NT protocol */ cli->sec_mode = CVAL(cli->inbuf,smb_vwv1); cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1); cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1); cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1); cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1); cli->serverzone *= 60; /* this time arrives in real GMT */ cli->servertime = interpret_long_date(cli->inbuf+smb_vwv11+1); memcpy(cli->cryptkey,smb_buf(cli->inbuf),8); cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1); if (cli->capabilities & CAP_RAW_MODE) { cli->readbraw_supported = True; cli->writebraw_supported = True; } /* work out if they sent us a workgroup */ if (smb_buflen(cli->inbuf) > 8) { clistr_pull(cli, cli->server_domain, smb_buf(cli->inbuf)+8, sizeof(cli->server_domain), smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN); } } else if (cli->protocol >= PROTOCOL_LANMAN1) { cli->sec_mode = SVAL(cli->inbuf,smb_vwv1); cli->max_xmit = SVAL(cli->inbuf,smb_vwv2); cli->sesskey = IVAL(cli->inbuf,smb_vwv6); cli->serverzone = SVALS(cli->inbuf,smb_vwv10); cli->serverzone *= 60; /* this time is converted to GMT by make_unix_date */ cli->servertime = make_unix_date(cli->inbuf+smb_vwv8); cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0); cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0); memcpy(cli->cryptkey,smb_buf(cli->inbuf),8); } else { /* the old core protocol */ cli->sec_mode = 0; cli->serverzone = TimeDiff(time(NULL)); } cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE); /* a way to force ascii SMB */ if (getenv("CLI_FORCE_ASCII")) { cli->capabilities &= ~CAP_UNICODE; } return True; }
BOOL cli_session_request(struct cli_state *cli, struct nmb_name *calling, struct nmb_name *called) { char *p; int len = 4; extern pstring user_socket_options; /* 445 doesn't have session request */ if (cli->port == 445) return True; /* send a session request (RFC 1002) */ memcpy(&(cli->calling), calling, sizeof(*calling)); memcpy(&(cli->called ), called , sizeof(*called )); /* put in the destination name */ p = cli->outbuf+len; name_mangle(cli->called .name, p, cli->called .name_type); len += name_len(p); /* and my name */ p = cli->outbuf+len; name_mangle(cli->calling.name, p, cli->calling.name_type); len += name_len(p); /* setup the packet length * Remove four bytes from the length count, since the length * field in the NBT Session Service header counts the number * of bytes which follow. The cli_send_smb() function knows * about this and accounts for those four bytes. * CRH. */ len -= 4; _smb_setlen(cli->outbuf,len); SCVAL(cli->outbuf,0,0x81); #ifdef WITH_SSL retry: #endif /* WITH_SSL */ cli_send_smb(cli); DEBUG(5,("Sent session request\n")); if (!cli_receive_smb(cli)) return False; if (CVAL(cli->inbuf,0) == 0x84) { /* C. Hoch 9/14/95 Start */ /* For information, here is the response structure. * We do the byte-twiddling to for portability. struct RetargetResponse{ unsigned char type; unsigned char flags; int16 length; int32 ip_addr; int16 port; }; */ int port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9); /* SESSION RETARGET */ putip((char *)&cli->dest_ip,cli->inbuf+4); cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT); if (cli->fd == -1) return False; DEBUG(3,("Retargeted\n")); set_socket_options(cli->fd,user_socket_options); /* Try again */ { static int depth; BOOL ret; if (depth > 4) { DEBUG(0,("Retarget recursion - failing\n")); return False; } depth++; ret = cli_session_request(cli, calling, called); depth--; return ret; } } /* C. Hoch 9/14/95 End */ #ifdef WITH_SSL if (CVAL(cli->inbuf,0) == 0x83 && CVAL(cli->inbuf,4) == 0x8e){ /* use ssl */ if (!sslutil_fd_is_ssl(cli->fd)){ if (sslutil_connect(cli->fd) == 0) goto retry; } } #endif /* WITH_SSL */ if (CVAL(cli->inbuf,0) != 0x82) { /* This is the wrong place to put the error... JRA. */ cli->rap_error = CVAL(cli->inbuf,4); return False; } return(True); }
bool cli_receive_trans(struct cli_state *cli,int trans, char **param, unsigned int *param_len, char **data, unsigned int *data_len) { unsigned int total_data=0; unsigned int total_param=0; unsigned int this_data,this_param; NTSTATUS status; bool ret = False; uint16_t mid; *data_len = *param_len = 0; mid = SVAL(cli->outbuf,smb_mid); if (!cli_receive_smb(cli)) { cli_state_seqnum_remove(cli, mid); return False; } show_msg(cli->inbuf); /* sanity check */ if (CVAL(cli->inbuf,smb_com) != trans) { DEBUG(0,("Expected %s response, got command 0x%02x\n", trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(cli->inbuf,smb_com))); cli_state_seqnum_remove(cli, mid); return False; } /* * An NT RPC pipe call can return ERRDOS, ERRmoredata * to a trans call. This is not an error and should not * be treated as such. Note that STATUS_NO_MORE_FILES is * returned when a trans2 findfirst/next finishes. * When setting up an encrypted transport we can also * see NT_STATUS_MORE_PROCESSING_REQUIRED here. * * Vista returns NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT if the folder * "<share>/Users/All Users" is enumerated. This is a special pseudo * folder, and the response does not have parameters (nor a parameter * length). */ status = cli_nt_error(cli); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES) || NT_STATUS_EQUAL(status,NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) { goto out; } } /* parse out the lengths */ total_data = SVAL(cli->inbuf,smb_tdrcnt); total_param = SVAL(cli->inbuf,smb_tprcnt); /* allocate it */ if (total_data!=0) { /* We know adding 2 is safe as total_data is an * SVAL <= 0xFFFF. */ *data = (char *)SMB_REALLOC(*data,total_data+2); if (!(*data)) { DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n")); goto out; } } if (total_param!=0) { /* We know adding 2 is safe as total_param is an * SVAL <= 0xFFFF. */ *param = (char *)SMB_REALLOC(*param,total_param+2); if (!(*param)) { DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n")); goto out; } } for (;;) { this_data = SVAL(cli->inbuf,smb_drcnt); this_param = SVAL(cli->inbuf,smb_prcnt); if (this_data + *data_len > total_data || this_param + *param_len > total_param) { DEBUG(1,("Data overflow in cli_receive_trans\n")); goto out; } if (this_data + *data_len < this_data || this_data + *data_len < *data_len || this_param + *param_len < this_param || this_param + *param_len < *param_len) { DEBUG(1,("Data overflow in cli_receive_trans\n")); goto out; } if (this_data) { unsigned int data_offset_out = SVAL(cli->inbuf,smb_drdisp); unsigned int data_offset_in = SVAL(cli->inbuf,smb_droff); if (data_offset_out > total_data || data_offset_out + this_data > total_data || data_offset_out + this_data < data_offset_out || data_offset_out + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_trans\n")); goto out; } if (data_offset_in > cli->bufsize || data_offset_in + this_data > cli->bufsize || data_offset_in + this_data < data_offset_in || data_offset_in + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_trans\n")); goto out; } memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data); } if (this_param) { unsigned int param_offset_out = SVAL(cli->inbuf,smb_prdisp); unsigned int param_offset_in = SVAL(cli->inbuf,smb_proff); if (param_offset_out > total_param || param_offset_out + this_param > total_param || param_offset_out + this_param < param_offset_out || param_offset_out + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_trans\n")); goto out; } if (param_offset_in > cli->bufsize || param_offset_in + this_param > cli->bufsize || param_offset_in + this_param < param_offset_in || param_offset_in + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_trans\n")); goto out; } memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param); } *data_len += this_data; *param_len += this_param; if (total_data <= *data_len && total_param <= *param_len) { ret = True; break; } if (!cli_receive_smb(cli)) { goto out; } show_msg(cli->inbuf); /* sanity check */ if (CVAL(cli->inbuf,smb_com) != trans) { DEBUG(0,("Expected %s response, got command 0x%02x\n", trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(cli->inbuf,smb_com))); goto out; } if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { if (NT_STATUS_IS_ERR(cli_nt_error(cli))) { goto out; } } /* parse out the total lengths again - they can shrink! */ if (SVAL(cli->inbuf,smb_tdrcnt) < total_data) total_data = SVAL(cli->inbuf,smb_tdrcnt); if (SVAL(cli->inbuf,smb_tprcnt) < total_param) total_param = SVAL(cli->inbuf,smb_tprcnt); if (total_data <= *data_len && total_param <= *param_len) { ret = True; break; } } out: cli_state_seqnum_remove(cli, mid); if (ret) { /* Ensure the last 2 bytes of param and data are 2 null * bytes. These are malloc'ed, but not included in any * length counts. This allows cli_XX string reading functions * to safely null terminate. */ if (total_data) { SSVAL(*data,total_data,0); } if (total_param) { SSVAL(*param,total_param,0); } } return ret; }
int cli_open(struct cli_state *cli, const char *fname, int flags, int share_mode) { char *p; unsigned openfn=0; unsigned accessmode=0; if (flags & O_CREAT) openfn |= (1<<4); if (!(flags & O_EXCL)) { if (flags & O_TRUNC) openfn |= (1<<1); else openfn |= (1<<0); } accessmode = (share_mode<<4); if ((flags & O_ACCMODE) == O_RDWR) { accessmode |= 2; } else if ((flags & O_ACCMODE) == O_WRONLY) { accessmode |= 1; } #if defined(O_SYNC) if ((flags & O_SYNC) == O_SYNC) { accessmode |= (1<<14); } #endif /* O_SYNC */ if (share_mode == DENY_FCB) { accessmode = 0xFF; } memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,15,0,True); SCVAL(cli->outbuf,smb_com,SMBopenX); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */ SSVAL(cli->outbuf,smb_vwv3,accessmode); SSVAL(cli->outbuf,smb_vwv4,aSYSTEM | aHIDDEN); SSVAL(cli->outbuf,smb_vwv5,0); SSVAL(cli->outbuf,smb_vwv8,openfn); if (cli->use_oplocks) { /* if using oplocks then ask for a batch oplock via core and extended methods */ SCVAL(cli->outbuf,smb_flg, CVAL(cli->outbuf,smb_flg)| FLAG_REQUEST_OPLOCK|FLAG_REQUEST_BATCH_OPLOCK); SSVAL(cli->outbuf,smb_vwv2,SVAL(cli->outbuf,smb_vwv2) | 6); } p = smb_buf(cli->outbuf); p += clistr_push(cli, p, fname, -1, STR_TERMINATE); cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) { return -1; } if (cli_is_error(cli)) { return -1; } return SVAL(cli->inbuf,smb_vwv2); }
bool cli_send_trans(struct cli_state *cli, int trans, const char *pipe_name, int fid, int flags, uint16 *setup, unsigned int lsetup, unsigned int msetup, const char *param, unsigned int lparam, unsigned int mparam, const char *data, unsigned int ldata, unsigned int mdata) { unsigned int i; unsigned int this_ldata,this_lparam; unsigned int tot_data=0,tot_param=0; char *outdata,*outparam; char *p; int pipe_name_len=0; uint16 mid; this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */ this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam)); memset(cli->outbuf,'\0',smb_size); cli_set_message(cli->outbuf,14+lsetup,0,True); SCVAL(cli->outbuf,smb_com,trans); SSVAL(cli->outbuf,smb_tid, cli->cnum); cli_setup_packet(cli); /* * Save the mid we're using. We need this for finding * signing replies. */ mid = cli->mid; if (pipe_name) { pipe_name_len = clistr_push(cli, smb_buf(cli->outbuf), pipe_name, -1, STR_TERMINATE); } outparam = smb_buf(cli->outbuf)+(trans==SMBtrans ? pipe_name_len : 3); outdata = outparam+this_lparam; /* primary request */ SSVAL(cli->outbuf,smb_tpscnt,lparam); /* tpscnt */ SSVAL(cli->outbuf,smb_tdscnt,ldata); /* tdscnt */ SSVAL(cli->outbuf,smb_mprcnt,mparam); /* mprcnt */ SSVAL(cli->outbuf,smb_mdrcnt,mdata); /* mdrcnt */ SCVAL(cli->outbuf,smb_msrcnt,msetup); /* msrcnt */ SSVAL(cli->outbuf,smb_flags,flags); /* flags */ SIVAL(cli->outbuf,smb_timeout,0); /* timeout */ SSVAL(cli->outbuf,smb_pscnt,this_lparam); /* pscnt */ SSVAL(cli->outbuf,smb_psoff,smb_offset(outparam,cli->outbuf)); /* psoff */ SSVAL(cli->outbuf,smb_dscnt,this_ldata); /* dscnt */ SSVAL(cli->outbuf,smb_dsoff,smb_offset(outdata,cli->outbuf)); /* dsoff */ SCVAL(cli->outbuf,smb_suwcnt,lsetup); /* suwcnt */ for (i=0;i<lsetup;i++) /* setup[] */ SSVAL(cli->outbuf,smb_setup+i*2,setup[i]); p = smb_buf(cli->outbuf); if (trans != SMBtrans) { *p++ = 0; /* put in a null smb_name */ *p++ = 'D'; *p++ = ' '; /* observed in OS/2 */ } if (this_lparam) /* param[] */ memcpy(outparam,param,this_lparam); if (this_ldata) /* data[] */ memcpy(outdata,data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); show_msg(cli->outbuf); if (!cli_send_smb(cli)) { return False; } cli_state_seqnum_persistent(cli, mid); if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { cli_state_seqnum_remove(cli, mid); return(False); } tot_data = this_ldata; tot_param = this_lparam; while (tot_data < ldata || tot_param < lparam) { this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True); SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2)); outparam = smb_buf(cli->outbuf); outdata = outparam+this_lparam; /* secondary request */ SSVAL(cli->outbuf,smb_tpscnt,lparam); /* tpscnt */ SSVAL(cli->outbuf,smb_tdscnt,ldata); /* tdscnt */ SSVAL(cli->outbuf,smb_spscnt,this_lparam); /* pscnt */ SSVAL(cli->outbuf,smb_spsoff,smb_offset(outparam,cli->outbuf)); /* psoff */ SSVAL(cli->outbuf,smb_spsdisp,tot_param); /* psdisp */ SSVAL(cli->outbuf,smb_sdscnt,this_ldata); /* dscnt */ SSVAL(cli->outbuf,smb_sdsoff,smb_offset(outdata,cli->outbuf)); /* dsoff */ SSVAL(cli->outbuf,smb_sdsdisp,tot_data); /* dsdisp */ if (trans==SMBtrans2) SSVALS(cli->outbuf,smb_sfid,fid); /* fid */ if (this_lparam) /* param[] */ memcpy(outparam,param+tot_param,this_lparam); if (this_ldata) /* data[] */ memcpy(outdata,data+tot_data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); show_msg(cli->outbuf); cli->mid = mid; if (!cli_send_smb(cli)) { cli_state_seqnum_remove(cli, mid); return False; } tot_data += this_ldata; tot_param += this_lparam; } } return(True); }
int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, void (*fn)(const char *, file_info *, const char *, void *), void *state) { char *p; int received = 0; BOOL first = True; char status[21]; int num_asked = (cli->max_xmit - 100)/DIR_STRUCT_SIZE; int num_received = 0; int i; char *dirlist = NULL; pstring mask; ZERO_ARRAY(status); pstrcpy(mask,Mask); while (1) { memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,2,0,True); SCVAL(cli->outbuf,smb_com,SMBsearch); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf,smb_vwv0,num_asked); SSVAL(cli->outbuf,smb_vwv1,attribute); p = smb_buf(cli->outbuf); *p++ = 4; p += clistr_push(cli, p, first?mask:"", -1, STR_TERMINATE); *p++ = 5; if (first) { SSVAL(p,0,0); p += 2; } else { SSVAL(p,0,21); p += 2; memcpy(p,status,21); p += 21; } cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) break; received = SVAL(cli->inbuf,smb_vwv0); if (received <= 0) break; first = False; dirlist = (char *)SMB_REALLOC( dirlist,(num_received + received)*DIR_STRUCT_SIZE); if (!dirlist) { DEBUG(0,("cli_list_old: failed to expand dirlist")); return 0; } p = smb_buf(cli->inbuf) + 3; memcpy(dirlist+num_received*DIR_STRUCT_SIZE, p,received*DIR_STRUCT_SIZE); memcpy(status,p + ((received-1)*DIR_STRUCT_SIZE),21); num_received += received; if (cli_is_error(cli)) break; } if (!first) { memset(cli->outbuf,'\0',smb_size); memset(cli->inbuf,'\0',smb_size); set_message(cli->outbuf,2,0,True); SCVAL(cli->outbuf,smb_com,SMBfclose); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); SSVAL(cli->outbuf, smb_vwv0, 0); /* find count? */ SSVAL(cli->outbuf, smb_vwv1, attribute); p = smb_buf(cli->outbuf); *p++ = 4; fstrcpy(p, ""); p += strlen(p) + 1; *p++ = 5; SSVAL(p, 0, 21); p += 2; memcpy(p,status,21); p += 21; cli_setup_bcc(cli, p); cli_send_smb(cli); if (!cli_receive_smb(cli)) { DEBUG(0,("Error closing search: %s\n",cli_errstr(cli))); } } for (p=dirlist,i=0;i<num_received;i++) { file_info finfo; p += interpret_short_filename(cli, p,&finfo); fn("\\", &finfo, Mask, state); } SAFE_FREE(dirlist); return(num_received); }
bool cli_receive_nt_trans(struct cli_state *cli, char **param, unsigned int *param_len, char **data, unsigned int *data_len) { unsigned int total_data=0; unsigned int total_param=0; unsigned int this_data,this_param; uint8 eclass; uint32 ecode; bool ret = False; uint16_t mid; *data_len = *param_len = 0; mid = SVAL(cli->outbuf,smb_mid); if (!cli_receive_smb(cli)) { cli_state_seqnum_remove(cli, mid); return False; } show_msg(cli->inbuf); /* sanity check */ if (CVAL(cli->inbuf,smb_com) != SMBnttrans) { DEBUG(0,("Expected SMBnttrans response, got command 0x%02x\n", CVAL(cli->inbuf,smb_com))); cli_state_seqnum_remove(cli, mid); return(False); } /* * An NT RPC pipe call can return ERRDOS, ERRmoredata * to a trans call. This is not an error and should not * be treated as such. */ if (cli_is_dos_error(cli)) { cli_dos_error(cli, &eclass, &ecode); if (!(eclass == ERRDOS && ecode == ERRmoredata)) { goto out; } } /* * Likewise for NT_STATUS_BUFFER_TOO_SMALL */ if (cli_is_nt_error(cli)) { if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_BUFFER_TOO_SMALL)) { goto out; } } /* parse out the lengths */ total_data = IVAL(cli->inbuf,smb_ntr_TotalDataCount); total_param = IVAL(cli->inbuf,smb_ntr_TotalParameterCount); /* Only allow 16 megs. */ if (total_param > 16*1024*1024) { DEBUG(0,("cli_receive_nt_trans: param buffer too large %d\n", total_param)); goto out; } if (total_data > 16*1024*1024) { DEBUG(0,("cli_receive_nt_trans: data buffer too large %d\n", total_data)); goto out; } /* allocate it */ if (total_data) { /* We know adding 2 is safe as total_data is less * than 16mb (above). */ *data = (char *)SMB_REALLOC(*data,total_data+2); if (!(*data)) { DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data)); goto out; } } if (total_param) { /* We know adding 2 is safe as total_param is less * than 16mb (above). */ *param = (char *)SMB_REALLOC(*param,total_param+2); if (!(*param)) { DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param)); goto out; } } while (1) { this_data = SVAL(cli->inbuf,smb_ntr_DataCount); this_param = SVAL(cli->inbuf,smb_ntr_ParameterCount); if (this_data + *data_len > total_data || this_param + *param_len > total_param) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); goto out; } if (this_data + *data_len < this_data || this_data + *data_len < *data_len || this_param + *param_len < this_param || this_param + *param_len < *param_len) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); goto out; } if (this_data) { unsigned int data_offset_out = SVAL(cli->inbuf,smb_ntr_DataDisplacement); unsigned int data_offset_in = SVAL(cli->inbuf,smb_ntr_DataOffset); if (data_offset_out > total_data || data_offset_out + this_data > total_data || data_offset_out + this_data < data_offset_out || data_offset_out + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); goto out; } if (data_offset_in > cli->bufsize || data_offset_in + this_data > cli->bufsize || data_offset_in + this_data < data_offset_in || data_offset_in + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); goto out; } memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data); } if (this_param) { unsigned int param_offset_out = SVAL(cli->inbuf,smb_ntr_ParameterDisplacement); unsigned int param_offset_in = SVAL(cli->inbuf,smb_ntr_ParameterOffset); if (param_offset_out > total_param || param_offset_out + this_param > total_param || param_offset_out + this_param < param_offset_out || param_offset_out + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_nt_trans\n")); goto out; } if (param_offset_in > cli->bufsize || param_offset_in + this_param > cli->bufsize || param_offset_in + this_param < param_offset_in || param_offset_in + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_nt_trans\n")); goto out; } memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param); } *data_len += this_data; *param_len += this_param; if (total_data <= *data_len && total_param <= *param_len) { ret = True; break; } if (!cli_receive_smb(cli)) { goto out; } show_msg(cli->inbuf); /* sanity check */ if (CVAL(cli->inbuf,smb_com) != SMBnttrans) { DEBUG(0,("Expected SMBnttrans response, got command 0x%02x\n", CVAL(cli->inbuf,smb_com))); goto out; } if (cli_is_dos_error(cli)) { cli_dos_error(cli, &eclass, &ecode); if(!(eclass == ERRDOS && ecode == ERRmoredata)) { goto out; } } /* * Likewise for NT_STATUS_BUFFER_TOO_SMALL */ if (cli_is_nt_error(cli)) { if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_BUFFER_TOO_SMALL)) { goto out; } } /* parse out the total lengths again - they can shrink! */ if (IVAL(cli->inbuf,smb_ntr_TotalDataCount) < total_data) total_data = IVAL(cli->inbuf,smb_ntr_TotalDataCount); if (IVAL(cli->inbuf,smb_ntr_TotalParameterCount) < total_param) total_param = IVAL(cli->inbuf,smb_ntr_TotalParameterCount); if (total_data <= *data_len && total_param <= *param_len) { ret = True; break; } } out: cli_state_seqnum_remove(cli, mid); if (ret) { /* Ensure the last 2 bytes of param and data are 2 null * bytes. These are malloc'ed, but not included in any * length counts. This allows cli_XX string reading functions * to safely null terminate. */ if (total_data) { SSVAL(*data,total_data,0); } if (total_param) { SSVAL(*param,total_param,0); } } return ret; }