root/source4/smb_server/smb/nttrans.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. nttrans_setup_reply
  2. nttrans_create_send
  3. nttrans_create
  4. nttrans_query_sec_desc_send
  5. nttrans_query_sec_desc
  6. nttrans_set_sec_desc
  7. nttrans_rename
  8. nttrans_ioctl_send
  9. nttrans_ioctl
  10. nttrans_notify_change_send
  11. nttrans_notify_change
  12. nttrans_backend
  13. reply_nttrans_send
  14. reply_nttrans_continue
  15. reply_nttrans_complete
  16. smbsrv_reply_nttrans
  17. smbsrv_reply_nttranss

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    NT transaction handling
   4    Copyright (C) Andrew Tridgell 2003
   5    Copyright (C) James J Myers 2003 <myersjj@samba.org>
   6 
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11    
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16    
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 /*
  21    This file handles the parsing of transact2 requests
  22 */
  23 
  24 #include "includes.h"
  25 #include "smb_server/smb_server.h"
  26 #include "ntvfs/ntvfs.h"
  27 #include "libcli/raw/libcliraw.h"
  28 #include "libcli/raw/raw_proto.h"
  29 #include "librpc/gen_ndr/ndr_security.h"
  30 
  31 /*
  32   hold the state of a nttrans op while in progress. Needed to allow for async backend
  33   functions.
  34 */
  35 struct nttrans_op {
  36         struct smb_nttrans *trans;
  37         NTSTATUS (*send_fn)(struct nttrans_op *);
  38         void *op_info;
  39 };
  40 
  41 
  42 /* setup a nttrans reply, given the data and params sizes */
  43 static NTSTATUS nttrans_setup_reply(struct nttrans_op *op, 
     /* [<][>][^][v][top][bottom][index][help] */
  44                                     struct smb_nttrans *trans,
  45                                     uint32_t param_size, uint32_t data_size,
  46                                     uint8_t setup_count)
  47 {
  48         trans->out.setup_count = setup_count;
  49         if (setup_count != 0) {
  50                 trans->out.setup = talloc_zero_array(op, uint8_t, setup_count*2);
  51                 NT_STATUS_HAVE_NO_MEMORY(trans->out.setup);
  52         }
  53         trans->out.params = data_blob_talloc(op, NULL, param_size);
  54         if (param_size != 0) {
  55                 NT_STATUS_HAVE_NO_MEMORY(trans->out.params.data);
  56         }
  57         trans->out.data = data_blob_talloc(op, NULL, data_size);
  58         if (data_size != 0) {
  59                 NT_STATUS_HAVE_NO_MEMORY(trans->out.data.data);
  60         }
  61         return NT_STATUS_OK;
  62 }
  63 
  64 /*
  65   send a nttrans create reply
  66 */
  67 static NTSTATUS nttrans_create_send(struct nttrans_op *op)
     /* [<][>][^][v][top][bottom][index][help] */
  68 {
  69         union smb_open *io = talloc_get_type(op->op_info, union smb_open);
  70         uint8_t *params;
  71         NTSTATUS status;
  72 
  73         status = nttrans_setup_reply(op, op->trans, 69, 0, 0);
  74         NT_STATUS_NOT_OK_RETURN(status);
  75         params = op->trans->out.params.data;
  76 
  77         SSVAL(params,        0, io->ntcreatex.out.oplock_level);
  78         smbsrv_push_fnum(params, 2, io->ntcreatex.out.file.ntvfs);
  79         SIVAL(params,        4, io->ntcreatex.out.create_action);
  80         SIVAL(params,        8, 0); /* ea error offset */
  81         push_nttime(params, 12, io->ntcreatex.out.create_time);
  82         push_nttime(params, 20, io->ntcreatex.out.access_time);
  83         push_nttime(params, 28, io->ntcreatex.out.write_time);
  84         push_nttime(params, 36, io->ntcreatex.out.change_time);
  85         SIVAL(params,       44, io->ntcreatex.out.attrib);
  86         SBVAL(params,       48, io->ntcreatex.out.alloc_size);
  87         SBVAL(params,       56, io->ntcreatex.out.size);
  88         SSVAL(params,       64, io->ntcreatex.out.file_type);
  89         SSVAL(params,       66, io->ntcreatex.out.ipc_state);
  90         SCVAL(params,       68, io->ntcreatex.out.is_directory);
  91 
  92         return NT_STATUS_OK;
  93 }
  94 
  95 /* 
  96    parse NTTRANS_CREATE request
  97  */
  98 static NTSTATUS nttrans_create(struct smbsrv_request *req, 
     /* [<][>][^][v][top][bottom][index][help] */
  99                                struct nttrans_op *op)
 100 {
 101         struct smb_nttrans *trans = op->trans;
 102         union smb_open *io;
 103         uint16_t fname_len;
 104         uint32_t sd_length, ea_length;
 105         NTSTATUS status;
 106         uint8_t *params;
 107         enum ndr_err_code ndr_err;
 108 
 109         if (trans->in.params.length < 54) {
 110                 return NT_STATUS_INVALID_PARAMETER;
 111         }
 112 
 113         /* parse the request */
 114         io = talloc(op, union smb_open);
 115         NT_STATUS_HAVE_NO_MEMORY(io);
 116 
 117         io->ntcreatex.level = RAW_OPEN_NTTRANS_CREATE;
 118 
 119         params = trans->in.params.data;
 120 
 121         io->ntcreatex.in.flags            = IVAL(params,  0);
 122         io->ntcreatex.in.root_fid         = IVAL(params,  4);
 123         io->ntcreatex.in.access_mask      = IVAL(params,  8);
 124         io->ntcreatex.in.alloc_size       = BVAL(params, 12);
 125         io->ntcreatex.in.file_attr        = IVAL(params, 20);
 126         io->ntcreatex.in.share_access     = IVAL(params, 24);
 127         io->ntcreatex.in.open_disposition = IVAL(params, 28);
 128         io->ntcreatex.in.create_options   = IVAL(params, 32);
 129         sd_length                         = IVAL(params, 36);
 130         ea_length                         = IVAL(params, 40);
 131         fname_len                         = IVAL(params, 44);
 132         io->ntcreatex.in.impersonation    = IVAL(params, 48);
 133         io->ntcreatex.in.security_flags   = CVAL(params, 52);
 134         io->ntcreatex.in.sec_desc         = NULL;
 135         io->ntcreatex.in.ea_list          = NULL;
 136         io->ntcreatex.in.query_maximal_access = false;
 137 
 138         req_pull_string(&req->in.bufinfo, &io->ntcreatex.in.fname, 
 139                         params + 53, 
 140                         MIN(fname_len+1, trans->in.params.length - 53),
 141                         STR_NO_RANGE_CHECK | STR_TERMINATE);
 142         if (!io->ntcreatex.in.fname) {
 143                 return NT_STATUS_INVALID_PARAMETER;
 144         }
 145 
 146         if (sd_length > trans->in.data.length ||
 147             ea_length > trans->in.data.length ||
 148             (sd_length+ea_length) > trans->in.data.length) {
 149                 return NT_STATUS_INVALID_PARAMETER;
 150         }
 151 
 152         /* this call has an optional security descriptor */
 153         if (sd_length != 0) {
 154                 DATA_BLOB blob;
 155                 blob.data = trans->in.data.data;
 156                 blob.length = sd_length;
 157                 io->ntcreatex.in.sec_desc = talloc(io, struct security_descriptor);
 158                 if (io->ntcreatex.in.sec_desc == NULL) {
 159                         return NT_STATUS_NO_MEMORY;
 160                 }
 161                 ndr_err = ndr_pull_struct_blob(&blob, io, NULL,
 162                                                io->ntcreatex.in.sec_desc,
 163                                                (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
 164                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 165                         return ndr_map_error2ntstatus(ndr_err);
 166                 }
 167         }
 168 
 169         /* and an optional ea_list */
 170         if (ea_length > 4) {
 171                 DATA_BLOB blob;
 172                 blob.data = trans->in.data.data + sd_length;
 173                 blob.length = ea_length;
 174                 io->ntcreatex.in.ea_list = talloc(io, struct smb_ea_list);
 175                 if (io->ntcreatex.in.ea_list == NULL) {
 176                         return NT_STATUS_NO_MEMORY;
 177                 }
 178 
 179                 status = ea_pull_list_chained(&blob, io, 
 180                                               &io->ntcreatex.in.ea_list->num_eas,
 181                                               &io->ntcreatex.in.ea_list->eas);
 182                 if (!NT_STATUS_IS_OK(status)) {
 183                         return status;
 184                 }
 185         }
 186 
 187         op->send_fn = nttrans_create_send;
 188         op->op_info = io;
 189 
 190         return ntvfs_open(req->ntvfs, io);
 191 }
 192 
 193 
 194 /* 
 195    send NTTRANS_QUERY_SEC_DESC reply
 196  */
 197 static NTSTATUS nttrans_query_sec_desc_send(struct nttrans_op *op)
     /* [<][>][^][v][top][bottom][index][help] */
 198 {
 199         union smb_fileinfo *io = talloc_get_type(op->op_info, union smb_fileinfo);
 200         uint8_t *params;
 201         NTSTATUS status;
 202         enum ndr_err_code ndr_err;
 203 
 204         status = nttrans_setup_reply(op, op->trans, 4, 0, 0);
 205         NT_STATUS_NOT_OK_RETURN(status);
 206         params = op->trans->out.params.data;
 207 
 208         ndr_err = ndr_push_struct_blob(&op->trans->out.data, op, NULL,
 209                                        io->query_secdesc.out.sd,
 210                                        (ndr_push_flags_fn_t)ndr_push_security_descriptor);
 211         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 212                 return ndr_map_error2ntstatus(ndr_err);
 213         }
 214 
 215         SIVAL(params, 0, op->trans->out.data.length);
 216 
 217         return NT_STATUS_OK;
 218 }
 219 
 220 /* 
 221    parse NTTRANS_QUERY_SEC_DESC request
 222  */
 223 static NTSTATUS nttrans_query_sec_desc(struct smbsrv_request *req, 
     /* [<][>][^][v][top][bottom][index][help] */
 224                                        struct nttrans_op *op)
 225 {
 226         struct smb_nttrans *trans = op->trans;
 227         union smb_fileinfo *io;
 228 
 229         if (trans->in.params.length < 8) {
 230                 return NT_STATUS_INVALID_PARAMETER;
 231         }
 232 
 233         /* parse the request */
 234         io = talloc(op, union smb_fileinfo);
 235         NT_STATUS_HAVE_NO_MEMORY(io);
 236 
 237         io->query_secdesc.level            = RAW_FILEINFO_SEC_DESC;
 238         io->query_secdesc.in.file.ntvfs    = smbsrv_pull_fnum(req, trans->in.params.data, 0);
 239         io->query_secdesc.in.secinfo_flags = IVAL(trans->in.params.data, 4);
 240 
 241         op->op_info = io;
 242         op->send_fn = nttrans_query_sec_desc_send;
 243 
 244         SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(io->query_secdesc.in.file.ntvfs);
 245         return ntvfs_qfileinfo(req->ntvfs, io);
 246 }
 247 
 248 
 249 /* 
 250    parse NTTRANS_SET_SEC_DESC request
 251  */
 252 static NTSTATUS nttrans_set_sec_desc(struct smbsrv_request *req, 
     /* [<][>][^][v][top][bottom][index][help] */
 253                                      struct nttrans_op *op)
 254 {
 255         struct smb_nttrans *trans = op->trans;
 256         union smb_setfileinfo *io;
 257         enum ndr_err_code ndr_err;
 258 
 259         if (trans->in.params.length < 8) {
 260                 return NT_STATUS_INVALID_PARAMETER;
 261         }
 262 
 263         /* parse the request */
 264         io = talloc(req, union smb_setfileinfo);
 265         NT_STATUS_HAVE_NO_MEMORY(io);
 266 
 267         io->set_secdesc.level            = RAW_SFILEINFO_SEC_DESC;
 268         io->set_secdesc.in.file.ntvfs    = smbsrv_pull_fnum(req, trans->in.params.data, 0);
 269         io->set_secdesc.in.secinfo_flags = IVAL(trans->in.params.data, 4);
 270 
 271         io->set_secdesc.in.sd = talloc(io, struct security_descriptor);
 272         NT_STATUS_HAVE_NO_MEMORY(io->set_secdesc.in.sd);
 273 
 274         ndr_err = ndr_pull_struct_blob(&trans->in.data, req, NULL,
 275                                        io->set_secdesc.in.sd,
 276                                        (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
 277         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 278                 return ndr_map_error2ntstatus(ndr_err);
 279         }
 280 
 281         SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(io->set_secdesc.in.file.ntvfs);
 282         return ntvfs_setfileinfo(req->ntvfs, io);
 283 }
 284 
 285 
 286 /* parse NTTRANS_RENAME request
 287  */
 288 static NTSTATUS nttrans_rename(struct smbsrv_request *req, 
     /* [<][>][^][v][top][bottom][index][help] */
 289                                struct nttrans_op *op)
 290 {
 291         struct smb_nttrans *trans = op->trans;
 292         union smb_rename *io;
 293 
 294         if (trans->in.params.length < 5) {
 295                 return NT_STATUS_INVALID_PARAMETER;
 296         }
 297 
 298         /* parse the request */
 299         io = talloc(req, union smb_rename);
 300         NT_STATUS_HAVE_NO_MEMORY(io);
 301 
 302         io->nttrans.level               = RAW_RENAME_NTTRANS;
 303         io->nttrans.in.file.ntvfs       = smbsrv_pull_fnum(req, trans->in.params.data, 0);
 304         io->nttrans.in.flags            = SVAL(trans->in.params.data, 2);
 305 
 306         smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 4,
 307                                 &io->nttrans.in.new_name,
 308                                 STR_TERMINATE);
 309         if (!io->nttrans.in.new_name) {
 310                 return NT_STATUS_INVALID_PARAMETER;
 311         }
 312 
 313         SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(io->nttrans.in.file.ntvfs);
 314         return ntvfs_rename(req->ntvfs, io);
 315 }
 316 
 317 /* 
 318    parse NTTRANS_IOCTL send
 319  */
 320 static NTSTATUS nttrans_ioctl_send(struct nttrans_op *op)
     /* [<][>][^][v][top][bottom][index][help] */
 321 {
 322         union smb_ioctl *info = talloc_get_type(op->op_info, union smb_ioctl);
 323         NTSTATUS status;
 324 
 325         /* 
 326          * we pass 0 as data_count here,
 327          * because we reuse the DATA_BLOB from the smb_ioctl
 328          * struct
 329          */
 330         status = nttrans_setup_reply(op, op->trans, 0, 0, 1);
 331         NT_STATUS_NOT_OK_RETURN(status);
 332 
 333         op->trans->out.setup[0]         = 0;
 334         op->trans->out.data             = info->ntioctl.out.blob;
 335 
 336         return NT_STATUS_OK;
 337 }
 338 
 339 
 340 /* 
 341    parse NTTRANS_IOCTL request
 342  */
 343 static NTSTATUS nttrans_ioctl(struct smbsrv_request *req, 
     /* [<][>][^][v][top][bottom][index][help] */
 344                               struct nttrans_op *op)
 345 {
 346         struct smb_nttrans *trans = op->trans;
 347         union smb_ioctl *nt;
 348 
 349         /* should have at least 4 setup words */
 350         if (trans->in.setup_count != 4) {
 351                 return NT_STATUS_INVALID_PARAMETER;
 352         }
 353 
 354         nt = talloc(op, union smb_ioctl);
 355         NT_STATUS_HAVE_NO_MEMORY(nt);
 356         
 357         nt->ntioctl.level               = RAW_IOCTL_NTIOCTL;
 358         nt->ntioctl.in.function         = IVAL(trans->in.setup, 0);
 359         nt->ntioctl.in.file.ntvfs       = smbsrv_pull_fnum(req, (uint8_t *)trans->in.setup, 4);
 360         nt->ntioctl.in.fsctl            = CVAL(trans->in.setup, 6);
 361         nt->ntioctl.in.filter           = CVAL(trans->in.setup, 7);
 362         nt->ntioctl.in.max_data         = trans->in.max_data;
 363         nt->ntioctl.in.blob             = trans->in.data;
 364 
 365         op->op_info = nt;
 366         op->send_fn = nttrans_ioctl_send;
 367 
 368         SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(nt->ntioctl.in.file.ntvfs);
 369         return ntvfs_ioctl(req->ntvfs, nt);
 370 }
 371 
 372 
 373 /* 
 374    send NTTRANS_NOTIFY_CHANGE reply
 375  */
 376 static NTSTATUS nttrans_notify_change_send(struct nttrans_op *op)
     /* [<][>][^][v][top][bottom][index][help] */
 377 {
 378         union smb_notify *info = talloc_get_type(op->op_info, union smb_notify);
 379         size_t size = 0;
 380         int i;
 381         NTSTATUS status;
 382         uint8_t *p;
 383 #define MAX_BYTES_PER_CHAR 3
 384         
 385         /* work out how big the reply buffer could be */
 386         for (i=0;i<info->nttrans.out.num_changes;i++) {
 387                 size += 12 + 3 + (1+strlen(info->nttrans.out.changes[i].name.s)) * MAX_BYTES_PER_CHAR;
 388         }
 389 
 390         status = nttrans_setup_reply(op, op->trans, size, 0, 0);
 391         NT_STATUS_NOT_OK_RETURN(status);
 392         p = op->trans->out.params.data;
 393 
 394         /* construct the changes buffer */
 395         for (i=0;i<info->nttrans.out.num_changes;i++) {
 396                 uint32_t ofs;
 397                 ssize_t len;
 398 
 399                 SIVAL(p, 4, info->nttrans.out.changes[i].action);
 400                 len = push_string(p + 12, info->nttrans.out.changes[i].name.s, 
 401                                   op->trans->out.params.length - 
 402                                   (p+12 - op->trans->out.params.data), STR_UNICODE);
 403                 SIVAL(p, 8, len);
 404 
 405                 ofs = len + 12;
 406 
 407                 if (ofs & 3) {
 408                         int pad = 4 - (ofs & 3);
 409                         memset(p+ofs, 0, pad);
 410                         ofs += pad;
 411                 }
 412 
 413                 if (i == info->nttrans.out.num_changes-1) {
 414                         SIVAL(p, 0, 0);
 415                 } else {
 416                         SIVAL(p, 0, ofs);
 417                 }
 418 
 419                 p += ofs;
 420         }
 421 
 422         op->trans->out.params.length = p - op->trans->out.params.data;
 423 
 424         return NT_STATUS_OK;
 425 }
 426 
 427 /* 
 428    parse NTTRANS_NOTIFY_CHANGE request
 429  */
 430 static NTSTATUS nttrans_notify_change(struct smbsrv_request *req, 
     /* [<][>][^][v][top][bottom][index][help] */
 431                                       struct nttrans_op *op)
 432 {
 433         struct smb_nttrans *trans = op->trans;
 434         union smb_notify *info;
 435 
 436         /* should have at least 4 setup words */
 437         if (trans->in.setup_count != 4) {
 438                 return NT_STATUS_INVALID_PARAMETER;
 439         }
 440 
 441         info = talloc(op, union smb_notify);
 442         NT_STATUS_HAVE_NO_MEMORY(info);
 443 
 444         info->nttrans.level                     = RAW_NOTIFY_NTTRANS;
 445         info->nttrans.in.completion_filter      = IVAL(trans->in.setup, 0);
 446         info->nttrans.in.file.ntvfs             = smbsrv_pull_fnum(req, (uint8_t *)trans->in.setup, 4);
 447         info->nttrans.in.recursive              = SVAL(trans->in.setup, 6);
 448         info->nttrans.in.buffer_size            = trans->in.max_param;
 449 
 450         op->op_info = info;
 451         op->send_fn = nttrans_notify_change_send;
 452 
 453         SMBSRV_CHECK_FILE_HANDLE_NTSTATUS(info->nttrans.in.file.ntvfs);
 454         return ntvfs_notify(req->ntvfs, info);
 455 }
 456 
 457 /*
 458   backend for nttrans requests
 459 */
 460 static NTSTATUS nttrans_backend(struct smbsrv_request *req, 
     /* [<][>][^][v][top][bottom][index][help] */
 461                                 struct nttrans_op *op)
 462 {
 463         /* the nttrans command is in function */
 464         switch (op->trans->in.function) {
 465         case NT_TRANSACT_CREATE:
 466                 return nttrans_create(req, op);
 467         case NT_TRANSACT_IOCTL:
 468                 return nttrans_ioctl(req, op);
 469         case NT_TRANSACT_RENAME:
 470                 return nttrans_rename(req, op);
 471         case NT_TRANSACT_QUERY_SECURITY_DESC:
 472                 return nttrans_query_sec_desc(req, op);
 473         case NT_TRANSACT_SET_SECURITY_DESC:
 474                 return nttrans_set_sec_desc(req, op);
 475         case NT_TRANSACT_NOTIFY_CHANGE:
 476                 return nttrans_notify_change(req, op);
 477         }
 478 
 479         /* an unknown nttrans command */
 480         return NT_STATUS_DOS(ERRSRV, ERRerror);
 481 }
 482 
 483 
 484 static void reply_nttrans_send(struct ntvfs_request *ntvfs)
     /* [<][>][^][v][top][bottom][index][help] */
 485 {
 486         struct smbsrv_request *req;
 487         uint32_t params_left, data_left;
 488         uint8_t *params, *data;
 489         struct smb_nttrans *trans;
 490         struct nttrans_op *op;
 491 
 492         SMBSRV_CHECK_ASYNC_STATUS(op, struct nttrans_op);
 493 
 494         trans = op->trans;
 495 
 496         /* if this function needs work to form the nttrans reply buffer, then
 497            call that now */
 498         if (op->send_fn != NULL) {
 499                 NTSTATUS status;
 500                 status = op->send_fn(op);
 501                 if (!NT_STATUS_IS_OK(status)) {
 502                         smbsrv_send_error(req, status);
 503                         return;
 504                 }
 505         }
 506 
 507         smbsrv_setup_reply(req, 18 + trans->out.setup_count, 0);
 508 
 509         /* note that we don't check the max_setup count (matching w2k3
 510            behaviour) */
 511 
 512         if (trans->out.params.length > trans->in.max_param) {
 513                 smbsrv_setup_error(req, NT_STATUS_BUFFER_TOO_SMALL);
 514                 trans->out.params.length = trans->in.max_param;
 515         }
 516         if (trans->out.data.length > trans->in.max_data) {
 517                 smbsrv_setup_error(req, NT_STATUS_BUFFER_TOO_SMALL);
 518                 trans->out.data.length = trans->in.max_data;
 519         }
 520 
 521         params_left = trans->out.params.length;
 522         data_left   = trans->out.data.length;
 523         params      = trans->out.params.data;
 524         data        = trans->out.data.data;
 525 
 526         /* we need to divide up the reply into chunks that fit into
 527            the negotiated buffer size */
 528         do {
 529                 uint32_t this_data, this_param, max_bytes;
 530                 uint_t align1 = 1, align2 = (params_left ? 2 : 0);
 531                 struct smbsrv_request *this_req;
 532 
 533                 max_bytes = req_max_data(req) - (align1 + align2);
 534 
 535                 this_param = params_left;
 536                 if (this_param > max_bytes) {
 537                         this_param = max_bytes;
 538                 }
 539                 max_bytes -= this_param;
 540 
 541                 this_data = data_left;
 542                 if (this_data > max_bytes) {
 543                         this_data = max_bytes;
 544                 }
 545 
 546                 /* don't destroy unless this is the last chunk */
 547                 if (params_left - this_param != 0 || 
 548                     data_left - this_data != 0) {
 549                         this_req = smbsrv_setup_secondary_request(req);
 550                 } else {
 551                         this_req = req;
 552                 }
 553 
 554                 req_grow_data(this_req, this_param + this_data + (align1 + align2));
 555 
 556                 SSVAL(this_req->out.vwv, 0, 0); /* reserved */
 557                 SCVAL(this_req->out.vwv, 2, 0); /* reserved */
 558                 SIVAL(this_req->out.vwv, 3, trans->out.params.length);
 559                 SIVAL(this_req->out.vwv, 7, trans->out.data.length);
 560 
 561                 SIVAL(this_req->out.vwv, 11, this_param);
 562                 SIVAL(this_req->out.vwv, 15, align1 + PTR_DIFF(this_req->out.data, this_req->out.hdr));
 563                 SIVAL(this_req->out.vwv, 19, PTR_DIFF(params, trans->out.params.data));
 564 
 565                 SIVAL(this_req->out.vwv, 23, this_data);
 566                 SIVAL(this_req->out.vwv, 27, align1 + align2 + 
 567                       PTR_DIFF(this_req->out.data + this_param, this_req->out.hdr));
 568                 SIVAL(this_req->out.vwv, 31, PTR_DIFF(data, trans->out.data.data));
 569 
 570                 SCVAL(this_req->out.vwv, 35, trans->out.setup_count);
 571                 memcpy((char *)(this_req->out.vwv) + VWV(18), trans->out.setup,
 572                        sizeof(uint16_t) * trans->out.setup_count);
 573                 memset(this_req->out.data, 0, align1);
 574                 if (this_param != 0) {
 575                         memcpy(this_req->out.data + align1, params, this_param);
 576                 }
 577                 memset(this_req->out.data+this_param+align1, 0, align2);
 578                 if (this_data != 0) {
 579                         memcpy(this_req->out.data+this_param+align1+align2, 
 580                                data, this_data);
 581                 }
 582 
 583                 params_left -= this_param;
 584                 data_left -= this_data;
 585                 params += this_param;
 586                 data += this_data;
 587 
 588                 smbsrv_send_reply(this_req);
 589         } while (params_left != 0 || data_left != 0);
 590 }
 591 
 592 /*
 593   send a continue request
 594 */
 595 static void reply_nttrans_continue(struct smbsrv_request *req, struct smb_nttrans *trans)
     /* [<][>][^][v][top][bottom][index][help] */
 596 {
 597         struct smbsrv_request *req2;
 598         struct smbsrv_trans_partial *tp;
 599         int count;
 600 
 601         /* make sure they don't flood us */
 602         for (count=0,tp=req->smb_conn->trans_partial;tp;tp=tp->next) count++;
 603         if (count > 100) {
 604                 smbsrv_send_error(req, NT_STATUS_INSUFFICIENT_RESOURCES);
 605                 return;
 606         }
 607 
 608         tp = talloc(req, struct smbsrv_trans_partial);
 609 
 610         tp->req = req;
 611         tp->u.nttrans = trans;
 612         tp->command = SMBnttrans;
 613 
 614         DLIST_ADD(req->smb_conn->trans_partial, tp);
 615         talloc_set_destructor(tp, smbsrv_trans_partial_destructor);
 616 
 617         req2 = smbsrv_setup_secondary_request(req);
 618 
 619         /* send a 'please continue' reply */
 620         smbsrv_setup_reply(req2, 0, 0);
 621         smbsrv_send_reply(req2);
 622 }
 623 
 624 
 625 /*
 626   answer a reconstructed trans request
 627 */
 628 static void reply_nttrans_complete(struct smbsrv_request *req, struct smb_nttrans *trans)
     /* [<][>][^][v][top][bottom][index][help] */
 629 {
 630         struct nttrans_op *op;
 631 
 632         SMBSRV_TALLOC_IO_PTR(op, struct nttrans_op);
 633         SMBSRV_SETUP_NTVFS_REQUEST(reply_nttrans_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
 634 
 635         op->trans       = trans;
 636         op->op_info     = NULL;
 637         op->send_fn     = NULL;
 638 
 639         /* its a full request, give it to the backend */
 640         ZERO_STRUCT(trans->out);
 641         SMBSRV_CALL_NTVFS_BACKEND(nttrans_backend(req, op));
 642 }
 643 
 644 
 645 /****************************************************************************
 646  Reply to an SMBnttrans request
 647 ****************************************************************************/
 648 void smbsrv_reply_nttrans(struct smbsrv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 649 {
 650         struct smb_nttrans *trans;
 651         uint32_t param_ofs, data_ofs;
 652         uint32_t param_count, data_count;
 653         uint32_t param_total, data_total;
 654 
 655         /* parse request */
 656         if (req->in.wct < 19) {
 657                 smbsrv_send_error(req, NT_STATUS_FOOBAR);
 658                 return;
 659         }
 660 
 661         trans = talloc(req, struct smb_nttrans);
 662         if (trans == NULL) {
 663                 smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
 664                 return;
 665         }
 666 
 667         trans->in.max_setup  = CVAL(req->in.vwv, 0);
 668         param_total          = IVAL(req->in.vwv, 3);
 669         data_total           = IVAL(req->in.vwv, 7);
 670         trans->in.max_param  = IVAL(req->in.vwv, 11);
 671         trans->in.max_data   = IVAL(req->in.vwv, 15);
 672         param_count          = IVAL(req->in.vwv, 19);
 673         param_ofs            = IVAL(req->in.vwv, 23);
 674         data_count           = IVAL(req->in.vwv, 27);
 675         data_ofs             = IVAL(req->in.vwv, 31);
 676         trans->in.setup_count= CVAL(req->in.vwv, 35);
 677         trans->in.function   = SVAL(req->in.vwv, 36);
 678 
 679         if (req->in.wct != 19 + trans->in.setup_count) {
 680                 smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
 681                 return;
 682         }
 683 
 684         /* parse out the setup words */
 685         trans->in.setup = talloc_array(req, uint8_t, trans->in.setup_count*2);
 686         if (!trans->in.setup) {
 687                 smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
 688                 return;
 689         }
 690         memcpy(trans->in.setup, (char *)(req->in.vwv) + VWV(19),
 691                sizeof(uint16_t) * trans->in.setup_count);
 692 
 693         if (!req_pull_blob(&req->in.bufinfo, req->in.hdr + param_ofs, param_count, &trans->in.params) ||
 694             !req_pull_blob(&req->in.bufinfo, req->in.hdr + data_ofs, data_count, &trans->in.data)) {
 695                 smbsrv_send_error(req, NT_STATUS_FOOBAR);
 696                 return;
 697         }
 698 
 699         /* is it a partial request? if so, then send a 'send more' message */
 700         if (param_total > param_count || data_total > data_count) {
 701                 reply_nttrans_continue(req, trans);
 702                 return;
 703         }
 704 
 705         reply_nttrans_complete(req, trans);
 706 }
 707 
 708 
 709 /****************************************************************************
 710  Reply to an SMBnttranss request
 711 ****************************************************************************/
 712 void smbsrv_reply_nttranss(struct smbsrv_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 713 {
 714         struct smbsrv_trans_partial *tp;
 715         struct smb_nttrans *trans = NULL;
 716         uint32_t param_ofs, data_ofs;
 717         uint32_t param_count, data_count;
 718         uint32_t param_disp, data_disp;
 719         uint32_t param_total, data_total;
 720         DATA_BLOB params, data;
 721 
 722         /* parse request */
 723         if (req->in.wct != 18) {
 724                 smbsrv_send_error(req, NT_STATUS_DOS(ERRSRV, ERRerror));
 725                 return;
 726         }
 727 
 728         for (tp=req->smb_conn->trans_partial;tp;tp=tp->next) {
 729                 if (tp->command == SMBnttrans &&
 730                     SVAL(tp->req->in.hdr, HDR_MID) == SVAL(req->in.hdr, HDR_MID)) {
 731 /* TODO: check the VUID, PID and TID too? */
 732                         break;
 733                 }
 734         }
 735 
 736         if (tp == NULL) {
 737                 smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
 738                 return;
 739         }
 740 
 741         trans = tp->u.nttrans;
 742 
 743         param_total           = IVAL(req->in.vwv, 3);
 744         data_total            = IVAL(req->in.vwv, 7);
 745         param_count           = IVAL(req->in.vwv, 11);
 746         param_ofs             = IVAL(req->in.vwv, 15);
 747         param_disp            = IVAL(req->in.vwv, 19);
 748         data_count            = IVAL(req->in.vwv, 23);
 749         data_ofs              = IVAL(req->in.vwv, 27);
 750         data_disp             = IVAL(req->in.vwv, 31);
 751 
 752         if (!req_pull_blob(&req->in.bufinfo, req->in.hdr + param_ofs, param_count, &params) ||
 753             !req_pull_blob(&req->in.bufinfo, req->in.hdr + data_ofs, data_count, &data)) {
 754                 smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
 755                 return;
 756         }
 757 
 758         /* only allow contiguous requests */
 759         if ((param_count != 0 &&
 760              param_disp != trans->in.params.length) ||
 761             (data_count != 0 &&
 762              data_disp != trans->in.data.length)) {
 763                 smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER);
 764                 return;
 765         }
 766 
 767         /* add to the existing request */
 768         if (param_count != 0) {
 769                 trans->in.params.data = talloc_realloc(trans,
 770                                                        trans->in.params.data,
 771                                                        uint8_t,
 772                                                        param_disp + param_count);
 773                 if (trans->in.params.data == NULL) {
 774                         smbsrv_send_error(tp->req, NT_STATUS_NO_MEMORY);
 775                         return;
 776                 }
 777                 trans->in.params.length = param_disp + param_count;
 778         }
 779 
 780         if (data_count != 0) {
 781                 trans->in.data.data = talloc_realloc(trans,
 782                                                      trans->in.data.data,
 783                                                      uint8_t,
 784                                                      data_disp + data_count);
 785                 if (trans->in.data.data == NULL) {
 786                         smbsrv_send_error(tp->req, NT_STATUS_NO_MEMORY);
 787                         return;
 788                 }
 789                 trans->in.data.length = data_disp + data_count;
 790         }
 791 
 792         memcpy(trans->in.params.data + param_disp, params.data, params.length);
 793         memcpy(trans->in.data.data + data_disp, data.data, data.length);
 794 
 795         /* the sequence number of the reply is taken from the last secondary
 796            response */
 797         tp->req->seq_num = req->seq_num;
 798 
 799         /* we don't reply to Transs2 requests */
 800         talloc_free(req);
 801 
 802         if (trans->in.params.length == param_total &&
 803             trans->in.data.length == data_total) {
 804                 /* its now complete */
 805                 req = tp->req;
 806                 talloc_free(tp);
 807                 reply_nttrans_complete(req, trans);
 808         }
 809         return;
 810 }

/* [<][>][^][v][top][bottom][index][help] */