svn commit: samba r24361 - in branches/SAMBA_3_2/source/smbd: .

Mon Aug 13 14:29:45 GMT 2007

Author: vlendec
Date: 2007-08-13 14:29:44 +0000 (Mon, 13 Aug 2007)
New Revision: 24361

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24361

Log:
Push reply_prep_legacy down in reply_nttrans[s]
Modified:
   branches/SAMBA_3_2/source/smbd/nttrans.c


Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===================================================================

--- branches/SAMBA_3_2/source/smbd/nttrans.c	2007-08-13 13:05:17 UTC (rev 24360)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c	2007-08-13 14:29:44 UTC (rev 24361)
@@ -3188,23 +3188,18 @@
 
 	START_PROFILE(SMBnttrans);
 
-	if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) {
-		reply_nterror(req, NT_STATUS_NO_MEMORY);
-		END_PROFILE(SMBnttrans);
-		return;
-	}
-
-	if (CVAL(inbuf, smb_wct) < 19) {
+	if (req->wct < 19) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 		END_PROFILE(SMBnttrans);
 		return;
 	}
 
-	pscnt = IVAL(inbuf,smb_nt_ParameterCount);
-	psoff = IVAL(inbuf,smb_nt_ParameterOffset);
-	dscnt = IVAL(inbuf,smb_nt_DataCount);
-	dsoff = IVAL(inbuf,smb_nt_DataOffset);
-	function_code = SVAL( inbuf, smb_nt_Function);
+	size = smb_len(req->inbuf) + 4;
+	pscnt = IVAL(req->inbuf,smb_nt_ParameterCount);
+	psoff = IVAL(req->inbuf,smb_nt_ParameterOffset);
+	dscnt = IVAL(req->inbuf,smb_nt_DataCount);
+	dsoff = IVAL(req->inbuf,smb_nt_DataOffset);
+	function_code = SVAL(req->inbuf, smb_nt_Function);
 
 	if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
 		reply_doserror(req, ERRSRV, ERRaccess);
@@ -3212,7 +3207,7 @@
 		return;
 	}
 
-	result = allow_new_trans(conn->pending_trans, SVAL(inbuf, smb_mid));
+	result = allow_new_trans(conn->pending_trans, req->mid);
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result)));
 		reply_nterror(req, result);
@@ -3228,17 +3223,17 @@
 
 	state->cmd = SMBnttrans;
 
-	state->mid = SVAL(inbuf,smb_mid);
-	state->vuid = SVAL(inbuf,smb_uid);
-	state->total_data = IVAL(inbuf, smb_nt_TotalDataCount);
+	state->mid = req->mid;
+	state->vuid = req->vuid;
+	state->total_data = IVAL(req->inbuf, smb_nt_TotalDataCount);
 	state->data = NULL;
-	state->total_param = IVAL(inbuf, smb_nt_TotalParameterCount);
+	state->total_param = IVAL(req->inbuf, smb_nt_TotalParameterCount);
 	state->param = NULL;
-	state->max_data_return = IVAL(inbuf,smb_nt_MaxDataCount);	
-	state->max_param_return = IVAL(inbuf,smb_nt_MaxParameterCount);
+	state->max_data_return = IVAL(req->inbuf,smb_nt_MaxDataCount);
+	state->max_param_return = IVAL(req->inbuf,smb_nt_MaxParameterCount);
 
 	/* setup count is in *words* */
-	state->setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); 
+	state->setup_count = 2*CVAL(req->inbuf,smb_nt_SetupCount);
 	state->setup = NULL;
 	state->call = function_code;
 
@@ -3247,9 +3242,9 @@
 	 * state->setup_count.  Ensure this is so as a sanity check.
 	 */
 
-	if(CVAL(inbuf, smb_wct) != 19 + (state->setup_count/2)) {
+	if(req->wct != 19 + (state->setup_count/2)) {
 		DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
-			CVAL(inbuf, smb_wct), 19 + (state->setup_count/2)));
+			 req->wct, 19 + (state->setup_count/2)));
 		goto bad_param;
 	}
 
@@ -3277,11 +3272,12 @@
 		} 
 		if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
 			goto bad_param;
-		if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) ||
-		    (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf)))
+		if ((smb_base(req->inbuf)+dsoff+dscnt
+		     > (char *)req->inbuf + size) ||
+		    (smb_base(req->inbuf)+dsoff+dscnt < smb_base(req->inbuf)))
 			goto bad_param;
 
-		memcpy(state->data,smb_base(inbuf)+dsoff,dscnt);
+		memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt);
 	}
 
 	if (state->total_param) {
@@ -3298,11 +3294,12 @@
 		} 
 		if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
 			goto bad_param;
-		if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) ||
-		    (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf)))
+		if ((smb_base(req->inbuf)+psoff+pscnt
+		     > (char *)req->inbuf + size) ||
+		    (smb_base(req->inbuf)+psoff+pscnt < smb_base(req->inbuf)))
 			goto bad_param;
 
-		memcpy(state->param,smb_base(inbuf)+psoff,pscnt);
+		memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt);
 	}
 
 	state->received_data  = dscnt;
@@ -3330,10 +3327,17 @@
 			goto bad_param;
 		}
 
-		memcpy( state->setup, &inbuf[smb_nt_SetupStart], state->setup_count);
+		memcpy( state->setup, &req->inbuf[smb_nt_SetupStart],
+			state->setup_count);
 		dump_data(10, (uint8 *)state->setup, state->setup_count);
 	}
 
+	if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) {
+		reply_nterror(req, NT_STATUS_NO_MEMORY);
+		END_PROFILE(SMBnttrans);
+		return;
+	}
+
 	if ((state->received_data == state->total_data) &&
 	    (state->received_param == state->total_param)) {
 		outsize = handle_nttrans(conn, state, inbuf, outbuf,
@@ -3382,15 +3386,9 @@
 
 	START_PROFILE(SMBnttranss);
 
-	if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) {
-		reply_nterror(req, NT_STATUS_NO_MEMORY);
-		END_PROFILE(SMBnttranss);
-		return;
-	}
+	show_msg((char *)req->inbuf);
 
-	show_msg(inbuf);
-
-	if (CVAL(inbuf, smb_wct) < 18) {
+	if (req->wct < 18) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 		END_PROFILE(SMBnttranss);
 		return;
@@ -3398,7 +3396,7 @@
 
 	for (state = conn->pending_trans; state != NULL;
 	     state = state->next) {
-		if (state->mid == SVAL(inbuf,smb_mid)) {
+		if (state->mid == req->mid) {
 			break;
 		}
 	}
@@ -3411,21 +3409,25 @@
 
 	/* Revise state->total_param and state->total_data in case they have
 	   changed downwards */
-	if (IVAL(inbuf, smb_nts_TotalParameterCount) < state->total_param) {
-		state->total_param = IVAL(inbuf, smb_nts_TotalParameterCount);
+	if (IVAL(req->inbuf, smb_nts_TotalParameterCount)
+	    < state->total_param) {
+		state->total_param = IVAL(req->inbuf,
+					  smb_nts_TotalParameterCount);
 	}
-	if (IVAL(inbuf, smb_nts_TotalDataCount) < state->total_data) {
-		state->total_data = IVAL(inbuf, smb_nts_TotalDataCount);
+	if (IVAL(req->inbuf, smb_nts_TotalDataCount) < state->total_data) {
+		state->total_data = IVAL(req->inbuf, smb_nts_TotalDataCount);
 	}
 
-	pcnt = IVAL(inbuf,smb_nts_ParameterCount);
-	poff = IVAL(inbuf, smb_nts_ParameterOffset);
-	pdisp = IVAL(inbuf, smb_nts_ParameterDisplacement);
+	size = smb_len(req->inbuf) + 4;
 
-	dcnt = IVAL(inbuf, smb_nts_DataCount);
-	ddisp = IVAL(inbuf, smb_nts_DataDisplacement);
-	doff = IVAL(inbuf, smb_nts_DataOffset);
+	pcnt = IVAL(req->inbuf,smb_nts_ParameterCount);
+	poff = IVAL(req->inbuf, smb_nts_ParameterOffset);
+	pdisp = IVAL(req->inbuf, smb_nts_ParameterDisplacement);
 
+	dcnt = IVAL(req->inbuf, smb_nts_DataCount);
+	ddisp = IVAL(req->inbuf, smb_nts_DataDisplacement);
+	doff = IVAL(req->inbuf, smb_nts_DataOffset);
+
 	state->received_param += pcnt;
 	state->received_data += dcnt;
 		
@@ -3440,13 +3442,15 @@
 			goto bad_param;
 		if (pdisp > state->total_param)
 			goto bad_param;
-		if ((smb_base(inbuf) + poff + pcnt > inbuf + size) ||
-		    (smb_base(inbuf) + poff + pcnt < smb_base(inbuf)))
+		if ((smb_base(req->inbuf) + poff + pcnt
+		     > (char *)req->inbuf + size) ||
+		    (smb_base(req->inbuf) + poff + pcnt
+		     < smb_base(req->inbuf)))
 			goto bad_param;
 		if (state->param + pdisp < state->param)
 			goto bad_param;
 
-		memcpy(state->param+pdisp,smb_base(inbuf)+poff,
+		memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,
 		       pcnt);
 	}
 
@@ -3457,13 +3461,14 @@
 			goto bad_param;
 		if (ddisp > state->total_data)
 			goto bad_param;
-		if ((smb_base(inbuf) + doff + dcnt > inbuf + size) ||
+		if ((smb_base(inbuf) + doff + dcnt
+		     > (char *)req->inbuf + size) ||
 		    (smb_base(inbuf) + doff + dcnt < smb_base(inbuf)))
 			goto bad_param;
 		if (state->data + ddisp < state->data)
 			goto bad_param;
 
-		memcpy(state->data+ddisp, smb_base(inbuf)+doff,
+		memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,
 		       dcnt);      
 	}
 
@@ -3473,6 +3478,12 @@
 		return;
 	}
 
+	if (!reply_prep_legacy(req, &inbuf, &outbuf, &size, &bufsize)) {
+		reply_nterror(req, NT_STATUS_NO_MEMORY);
+		END_PROFILE(SMBnttrans);
+		return;
+	}
+
 	/* construct_reply_common has done us the favor to pre-fill the
 	 * command field with SMBnttranss which is wrong :-)
 	 */

