search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
This commit was manufactured by cvs2svn to create branch 'SAMBA_2_2'.
[Samba.git] / source / smbd / ipc.c
blob5ade6672093f38a95a5c01b102989eb8ad367be6
1 #define OLD_NTDOMAIN 1
2 /*
3 Unix SMB/Netbios implementation.
4 Version 1.9.
5 Inter-process communication and named pipe handling
6 Copyright (C) Andrew Tridgell 1992-1998
7
8 SMB Version handling
9 Copyright (C) John H Terpstra 1995-1998
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25 /*
26 This file handles the named pipe and mailslot calls
27 in the SMBtrans protocol
28 */
29
30 #include "includes.h"
31
32 extern int DEBUGLEVEL;
33 extern int max_send;
34
35 extern fstring local_machine;
36
37 #define NERR_notsupported 50
38
39 extern int smb_read_error;
40
41 /*******************************************************************
42 copies parameters and data, as needed, into the smb buffer
43
44 *both* the data and params sections should be aligned. this
45 is fudged in the rpc pipes by
46 at present, only the data section is. this may be a possible
47 cause of some of the ipc problems being experienced. lkcl26dec97
48
49 ******************************************************************/
50
51 static void copy_trans_params_and_data(char *outbuf, int align,
52 char *rparam, int param_offset, int param_len,
53 char *rdata, int data_offset, int data_len)
54 {
55 char *copy_into = smb_buf(outbuf)+1;
56
57 if(param_len < 0)
58 param_len = 0;
59
60 if(data_len < 0)
61 data_len = 0;
62
63 DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n",
64 param_offset, param_offset + param_len,
65 data_offset , data_offset + data_len));
66
67 if (param_len)
68 memcpy(copy_into, &rparam[param_offset], param_len);
69
70 copy_into += param_len + align;
71
72 if (data_len )
73 memcpy(copy_into, &rdata[data_offset], data_len);
74 }
75
76 /****************************************************************************
77 Send a trans reply.
78 ****************************************************************************/
79
80 void send_trans_reply(char *outbuf,
81 char *rparam, int rparam_len,
82 char *rdata, int rdata_len,
83 BOOL buffer_too_large)
84 {
85 int this_ldata,this_lparam;
86 int tot_data_sent = 0;
87 int tot_param_sent = 0;
88 int align;
89
90 int ldata = rdata ? rdata_len : 0;
91 int lparam = rparam ? rparam_len : 0;
92
93 if (buffer_too_large)
94 DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata ));
95
96 this_lparam = MIN(lparam,max_send - 500); /* hack */
97 this_ldata = MIN(ldata,max_send - (500+this_lparam));
98
99 align = ((this_lparam)%4);
100
101 set_message(outbuf,10,1+align+this_ldata+this_lparam,True);
102
103 if (buffer_too_large)
104 {
105 /* issue a buffer size warning. on a DCE/RPC pipe, expect an SMBreadX... */
106 SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
107 SIVAL(outbuf, smb_rcls, 0x80000000 | STATUS_BUFFER_OVERFLOW);
108 }
109
110 copy_trans_params_and_data(outbuf, align,
111 rparam, tot_param_sent, this_lparam,
112 rdata, tot_data_sent, this_ldata);
113
114 SSVAL(outbuf,smb_vwv0,lparam);
115 SSVAL(outbuf,smb_vwv1,ldata);
116 SSVAL(outbuf,smb_vwv3,this_lparam);
117 SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
118 SSVAL(outbuf,smb_vwv5,0);
119 SSVAL(outbuf,smb_vwv6,this_ldata);
120 SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf));
121 SSVAL(outbuf,smb_vwv8,0);
122 SSVAL(outbuf,smb_vwv9,0);
123
124 show_msg(outbuf);
125 send_smb(smbd_server_fd(),outbuf);
126
127 tot_data_sent = this_ldata;
128 tot_param_sent = this_lparam;
129
130 while (tot_data_sent < ldata || tot_param_sent < lparam)
131 {
132 this_lparam = MIN(lparam-tot_param_sent, max_send - 500); /* hack */
133 this_ldata = MIN(ldata -tot_data_sent, max_send - (500+this_lparam));
134
135 if(this_lparam < 0)
136 this_lparam = 0;
137
138 if(this_ldata < 0)
139 this_ldata = 0;
140
141 align = (this_lparam%4);
142
143 set_message(outbuf,10,1+this_ldata+this_lparam+align,False);
144
145 copy_trans_params_and_data(outbuf, align,
146 rparam, tot_param_sent, this_lparam,
147 rdata, tot_data_sent, this_ldata);
148
149 SSVAL(outbuf,smb_vwv3,this_lparam);
150 SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
151 SSVAL(outbuf,smb_vwv5,tot_param_sent);
152 SSVAL(outbuf,smb_vwv6,this_ldata);
153 SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf));
154 SSVAL(outbuf,smb_vwv8,tot_data_sent);
155 SSVAL(outbuf,smb_vwv9,0);
156
157 show_msg(outbuf);
158 send_smb(smbd_server_fd(),outbuf);
159
160 tot_data_sent += this_ldata;
161 tot_param_sent += this_lparam;
162 }
163 }
164
165 /****************************************************************************
166 Start the first part of an RPC reply which began with an SMBtrans request.
167 ****************************************************************************/
168
169 static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p)
170 {
171 char *rdata = malloc(p->max_trans_reply);
172 int data_len;
173
174 if(rdata == NULL) {
175 DEBUG(0,("api_rpc_trans_reply: malloc fail.\n"));
176 return False;
177 }
178
179 if((data_len = read_from_pipe( p, rdata, p->max_trans_reply)) < 0) {
180 free(rdata);
181 return False;
182 }
183
184 send_trans_reply(outbuf, NULL, 0, rdata, data_len, p->out_data.current_pdu_len > data_len);
185
186 free(rdata);
187 return True;
188 }
189
190 /****************************************************************************
191 WaitNamedPipeHandleState
192 ****************************************************************************/
193
194 static BOOL api_WNPHS(char *outbuf, pipes_struct *p, char *param, int param_len)
195 {
196 uint16 priority;
197
198 if (!param || param_len < 2)
199 return False;
200
201 priority = SVAL(param,0);
202 DEBUG(4,("WaitNamedPipeHandleState priority %x\n", priority));
203
204 if (wait_rpc_pipe_hnd_state(p, priority)) {
205 /* now send the reply */
206 send_trans_reply(outbuf, NULL, 0, NULL, 0, False);
207 return True;
208 }
209 return False;
210 }
211
212
213 /****************************************************************************
214 SetNamedPipeHandleState
215 ****************************************************************************/
216
217 static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param, int param_len)
218 {
219 uint16 id;
220
221 if (!param || param_len < 2)
222 return False;
223
224 id = SVAL(param,0);
225 DEBUG(4,("SetNamedPipeHandleState to code %x\n", id));
226
227 if (set_rpc_pipe_hnd_state(p, id)) {
228 /* now send the reply */
229 send_trans_reply(outbuf, NULL, 0, NULL, 0, False);
230 return True;
231 }
232 return False;
233 }
234
235
236 /****************************************************************************
237 When no reply is generated, indicate unsupported.
238 ****************************************************************************/
239
240 static BOOL api_no_reply(char *outbuf, int max_rdata_len)
241 {
242 char rparam[4];
243
244 /* unsupported */
245 SSVAL(rparam,0,NERR_notsupported);
246 SSVAL(rparam,2,0); /* converter word */
247
248 DEBUG(3,("Unsupported API fd command\n"));
249
250 /* now send the reply */
251 send_trans_reply(outbuf, rparam, 4, NULL, 0, False);
252
253 return -1;
254 }
255
256 /****************************************************************************
257 Handle remote api calls delivered to a named pipe already opened.
258 ****************************************************************************/
259
260 static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf,
261 uint16 *setup,char *data,char *params,
262 int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt)
263 {
264 BOOL reply = False;
265 pipes_struct *p = NULL;
266 int pnum;
267 int subcommand;
268
269 DEBUG(5,("api_fd_reply\n"));
270
271 /* First find out the name of this file. */
272 if (suwcnt != 2) {
273 DEBUG(0,("Unexpected named pipe transaction.\n"));
274 return(-1);
275 }
276
277 /* Get the file handle and hence the file name. */
278 /*
279 * NB. The setup array has already been transformed
280 * via SVAL and so is in gost byte order.
281 */
282 pnum = ((int)setup[1]) & 0xFFFF;
283 subcommand = ((int)setup[0]) & 0xFFFF;
284
285 if(!(p = get_rpc_pipe(pnum))) {
286 DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum));
287 return api_no_reply(outbuf, mdrcnt);
288 }
289
290 DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)", subcommand, p->name, pnum));
291
292 /* record maximum data length that can be transmitted in an SMBtrans */
293 p->max_trans_reply = mdrcnt;
294
295 DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply));
296
297 switch (subcommand) {
298 case 0x26:
299 /* dce/rpc command */
300 reply = write_to_pipe(p, data, tdscnt);
301 if (reply)
302 reply = api_rpc_trans_reply(outbuf, p);
303 break;
304 case 0x53:
305 /* Wait Named Pipe Handle state */
306 reply = api_WNPHS(outbuf, p, params, tpscnt);
307 break;
308 case 0x01:
309 /* Set Named Pipe Handle state */
310 reply = api_SNPHS(outbuf, p, params, tpscnt);
311 break;
312 }
313
314 if (!reply)
315 return api_no_reply(outbuf, mdrcnt);
316
317 return -1;
318 }
319
320 /****************************************************************************
321 handle named pipe commands
322 ****************************************************************************/
323 static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *name,
324 uint16 *setup,char *data,char *params,
325 int suwcnt,int tdscnt,int tpscnt,
326 int msrcnt,int mdrcnt,int mprcnt)
327 {
328 DEBUG(3,("named pipe command on <%s> name\n", name));
329
330 if (strequal(name,"LANMAN"))
331 return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt);
332
333 if (strequal(name,"WKSSVC") ||
334 strequal(name,"SRVSVC") ||
335 strequal(name,"WINREG") ||
336 strequal(name,"SAMR") ||
337 strequal(name,"LSARPC"))
338 {
339 DEBUG(4,("named pipe command from Win95 (wow!)\n"));
340 return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt);
341 }
342
343 if (strlen(name) < 1)
344 return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt);
345
346 if (setup)
347 DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1]));
348
349 return 0;
350 }
351
352
353 /****************************************************************************
354 Reply to a SMBtrans.
355 ****************************************************************************/
356
357 int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize)
358 {
359 fstring name;
360 int name_offset = 0;
361 char *data=NULL,*params=NULL;
362 uint16 *setup=NULL;
363 int outsize = 0;
364 uint16 vuid = SVAL(inbuf,smb_uid);
365 int tpscnt = SVAL(inbuf,smb_vwv0);
366 int tdscnt = SVAL(inbuf,smb_vwv1);
367 int mprcnt = SVAL(inbuf,smb_vwv2);
368 int mdrcnt = SVAL(inbuf,smb_vwv3);
369 int msrcnt = CVAL(inbuf,smb_vwv4);
370 BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0);
371 BOOL one_way = BITSETW(inbuf+smb_vwv5,1);
372 int pscnt = SVAL(inbuf,smb_vwv9);
373 int psoff = SVAL(inbuf,smb_vwv10);
374 int dscnt = SVAL(inbuf,smb_vwv11);
375 int dsoff = SVAL(inbuf,smb_vwv12);
376 int suwcnt = CVAL(inbuf,smb_vwv13);
377 START_PROFILE(SMBtrans);
378
379 memset(name, '\0',sizeof(name));
380 fstrcpy(name,smb_buf(inbuf));
381
382 if (dscnt > tdscnt || pscnt > tpscnt) {
383 exit_server("invalid trans parameters\n");
384 }
385
386 if (tdscnt) {
387 if((data = (char *)malloc(tdscnt)) == NULL) {
388 DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
389 END_PROFILE(SMBtrans);
390 return(ERROR(ERRDOS,ERRnomem));
391 }
392 memcpy(data,smb_base(inbuf)+dsoff,dscnt);
393 }
394
395 if (tpscnt) {
396 if((params = (char *)malloc(tpscnt)) == NULL) {
397 DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
398 END_PROFILE(SMBtrans);
399 return(ERROR(ERRDOS,ERRnomem));
400 }
401 memcpy(params,smb_base(inbuf)+psoff,pscnt);
402 }
403
404 if (suwcnt) {
405 int i;
406 if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
407 DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16))));
408 END_PROFILE(SMBtrans);
409 return(ERROR(ERRDOS,ERRnomem));
410 }
411 for (i=0;i<suwcnt;i++)
412 setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
413 }
414
415
416 if (pscnt < tpscnt || dscnt < tdscnt) {
417 /* We need to send an interim response then receive the rest
418 of the parameter/data bytes */
419 outsize = set_message(outbuf,0,0,True);
420 show_msg(outbuf);
421 send_smb(smbd_server_fd(),outbuf);
422 }
423
424 /* receive the rest of the trans packet */
425 while (pscnt < tpscnt || dscnt < tdscnt) {
426 BOOL ret;
427 int pcnt,poff,dcnt,doff,pdisp,ddisp;
428
429 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
430
431 if ((ret && (CVAL(inbuf, smb_com) != SMBtranss)) || !ret) {
432 if(ret) {
433 DEBUG(0,("reply_trans: Invalid secondary trans packet\n"));
434 } else {
435 DEBUG(0,("reply_trans: %s in getting secondary trans response.\n",
436 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
437 }
438 if (params)
439 free(params);
440 if (data)
441 free(data);
442 if (setup)
443 free(setup);
444 END_PROFILE(SMBtrans);
445 return(ERROR(ERRSRV,ERRerror));
446 }
447
448 show_msg(inbuf);
449
450 tpscnt = SVAL(inbuf,smb_vwv0);
451 tdscnt = SVAL(inbuf,smb_vwv1);
452
453 pcnt = SVAL(inbuf,smb_vwv2);
454 poff = SVAL(inbuf,smb_vwv3);
455 pdisp = SVAL(inbuf,smb_vwv4);
456
457 dcnt = SVAL(inbuf,smb_vwv5);
458 doff = SVAL(inbuf,smb_vwv6);
459 ddisp = SVAL(inbuf,smb_vwv7);
460
461 pscnt += pcnt;
462 dscnt += dcnt;
463
464 if (dscnt > tdscnt || pscnt > tpscnt) {
465 exit_server("invalid trans parameters\n");
466 }
467
468 if (pcnt)
469 memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
470 if (dcnt)
471 memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);
472 }
473
474
475 DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",
476 name,tdscnt,tpscnt,suwcnt));
477
478 /*
479 * WinCE wierdness....
480 */
481
482 if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine, strlen(local_machine)) == 0) &&
483 (name[strlen(local_machine)+1] == '\\'))
484 name_offset = strlen(local_machine)+1;
485
486 if (strncmp(&name[name_offset],"\\PIPE\\",strlen("\\PIPE\\")) == 0) {
487 DEBUG(5,("calling named_pipe\n"));
488 outsize = named_pipe(conn,vuid,outbuf,
489 name+name_offset+strlen("\\PIPE\\"),setup,data,params,
490 suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt);
491 } else {
492 DEBUG(3,("invalid pipe name\n"));
493 outsize = 0;
494 }
495
496
497 if (data)
498 free(data);
499 if (params)
500 free(params);
501 if (setup)
502 free(setup);
503
504 if (close_on_completion)
505 close_cnum(conn,vuid);
506
507 if (one_way) {
508 END_PROFILE(SMBtrans);
509 return(-1);
510 }
511
512 if (outsize == 0) {
513 END_PROFILE(SMBtrans);
514 return(ERROR(ERRSRV,ERRnosupport));
515 }
516
517 END_PROFILE(SMBtrans);
518 return(outsize);
519 }
520 #undef OLD_NTDOMAIN
Samba GIT mirror