9 shares give rpc error

Jeremy Allison jeremy at valinux.com
Tue Apr 4 19:00:07 GMT 2000

don_mccall at hp.com wrote:
> Hi giulioo,
> The problem is not, I think with the number of shares, but with the
> number of characters that the sharenames and the share comments add up
> to.
> We appear to be deciding that the data will all fit into the 1024
> buffer that we can return with the SMB 0x25 reply, and we are not
> setting the smb_flg2 to let the client know that it needs to do an
> SMBReadX to get the rest of the data.  The caller of the rpc on the
> client side then must try to parse the fields we have returned in the
> 1024 buffer, and realizes that it is incomplete; in fact, what happens
> is if the amount of information needing to be returned is about 16 bytes
> LESS than 1024, all will be well, as there are a couple of parameters
> that need to be tagged onto the end of the sharename/comment
> datastructure, and this will allow room for it.  If the amount of
> information is Greater than 1024, we are STILL ok, because then we set a
> flag that tells the client he needs to get the rest of the info with a
> Heres where we stuff the error,count and total parameters at the end of
> the databuffer for the reply to the enum rpc:
>  *rparam_len = 8;
>   *rparam = REALLOC(*rparam,*rparam_len);
>   SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
>   SSVAL(*rparam,2,0);
>   SSVAL(*rparam,4,counted);
>   SSVAL(*rparam,6,total);
> I wasn't able to take the time to track down specifically where we
> miscalculate and do NOT take this extra 8 words into account... Maybe
> Jeremy or one of you other team members can take a look.

Well, this is for the old RAP rpc mechanism of returning
share enums. Samba 2.0.5 and above also support the NT
DCE/RPC method of returning share info, which is the
"use SMBreadX if data too large" method. In the RAP method
Samba never stores the data to return across multiple trans/readX
calls - this is done only in the DCE/RPC case. I think
you are confusing the two methods here.

In 2.0.7 this code has been completely re-written to allow
arbitrary size read/writes down a DCE/RPC pipe so data can
be returned in any read call.

If anyone can reproduce this problem with 2.0.6 or (especially)
2.0.7pre3 I'd like to know about it.



Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba mailing list