2 Unix SMB/CIFS implementation.
3 Pipe SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Luke Kenneth Casson Leighton 1996-1998
6 Copyright (C) Paul Ashton 1997-1998.
7 Copyright (C) Jeremy Allison 2005.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles reply_ calls on named pipes that the server
24 makes to handle specific protocols
30 #define PIPE "\\PIPE\\"
31 #define PIPELEN strlen(PIPE)
33 #define MAX_PIPE_NAME_LEN 24
35 /****************************************************************************
36 Reply to an open and X on a named pipe.
37 This code is basically stolen from reply_open_and_X with some
38 wrinkles to handle pipes.
39 ****************************************************************************/
41 void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
43 const char *fname = NULL;
44 char *pipe_name = NULL;
46 TALLOC_CTX *ctx = talloc_tos();
49 /* XXXX we need to handle passed times, sattr and flags */
50 srvstr_pull_req_talloc(ctx, req, &pipe_name, req->buf, STR_TERMINATE);
52 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
57 /* If the name doesn't start \PIPE\ then this is directed */
58 /* at a mailslot or something we really, really don't understand, */
59 /* not just something we really don't understand. */
60 if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) {
61 reply_doserror(req, ERRSRV, ERRaccess);
65 DEBUG(4,("Opening pipe %s.\n", pipe_name));
67 /* Strip \PIPE\ off the name. */
68 fname = pipe_name + PIPELEN;
72 * Hack for NT printers... JRA.
74 if(should_fail_next_srvsvc_open(fname)) {
75 reply_doserror(req, ERRSRV, ERRaccess);
80 status = np_open(req, fname, &fsp);
81 if (!NT_STATUS_IS_OK(status)) {
82 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
83 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
87 reply_nterror(req, status);
91 /* Prepare the reply */
92 reply_outbuf(req, 15, 0);
94 /* Mark the opened file as an existing named pipe in message mode. */
95 SSVAL(req->outbuf,smb_vwv9,2);
96 SSVAL(req->outbuf,smb_vwv10,0xc700);
98 SSVAL(req->outbuf, smb_vwv2, fsp->fnum);
99 SSVAL(req->outbuf, smb_vwv3, 0); /* fmode */
100 srv_put_dos_date3((char *)req->outbuf, smb_vwv4, 0); /* mtime */
101 SIVAL(req->outbuf, smb_vwv6, 0); /* size */
102 SSVAL(req->outbuf, smb_vwv8, 0); /* rmode */
103 SSVAL(req->outbuf, smb_vwv11, 0x0001);
109 /****************************************************************************
110 Reply to a write on a pipe.
111 ****************************************************************************/
113 void reply_pipe_write(struct smb_request *req)
115 files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0));
116 size_t numtowrite = SVAL(req->vwv+1, 0);
120 if (!fsp_is_np(fsp)) {
121 reply_doserror(req, ERRDOS, ERRbadfid);
125 if (fsp->vuid != req->vuid) {
126 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
132 if (numtowrite == 0) {
136 status = np_write(fsp, data, numtowrite, &nwritten);
137 if (!NT_STATUS_IS_OK(status)) {
138 reply_nterror(req, status);
143 if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) {
144 reply_unixerror(req, ERRDOS, ERRnoaccess);
148 reply_outbuf(req, 1, 0);
150 SSVAL(req->outbuf,smb_vwv0,nwritten);
152 DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n", fsp->fnum,
158 /****************************************************************************
159 Reply to a write and X.
161 This code is basically stolen from reply_write_and_X with some
162 wrinkles to handle pipes.
163 ****************************************************************************/
165 void reply_pipe_write_and_X(struct smb_request *req)
167 files_struct *fsp = file_fsp(req, SVAL(req->vwv+2, 0));
168 size_t numtowrite = SVAL(req->vwv+10, 0);
170 int smb_doff = SVAL(req->vwv+11, 0);
171 bool pipe_start_message_raw =
172 ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE))
173 == (PIPE_START_MESSAGE|PIPE_RAW_MODE));
176 if (!fsp_is_np(fsp)) {
177 reply_doserror(req, ERRDOS, ERRbadfid);
181 if (fsp->vuid != req->vuid) {
182 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
186 data = (uint8_t *)smb_base(req->inbuf) + smb_doff;
188 if (numtowrite == 0) {
193 if(pipe_start_message_raw) {
195 * For the start of a message in named pipe byte mode,
196 * the first two bytes are a length-of-pdu field. Ignore
197 * them (we don't trust the client). JRA.
200 DEBUG(0,("reply_pipe_write_and_X: start of "
201 "message set and not enough data "
203 (unsigned int)numtowrite ));
204 reply_unixerror(req, ERRDOS, ERRnoaccess);
211 status = np_write(fsp, data, numtowrite, &nwritten);
212 if (!NT_STATUS_IS_OK(status)) {
213 reply_nterror(req, status);
218 if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) {
219 reply_unixerror(req, ERRDOS,ERRnoaccess);
223 reply_outbuf(req, 6, 0);
225 nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten);
226 SSVAL(req->outbuf,smb_vwv2,nwritten);
228 DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", fsp->fnum,
234 /****************************************************************************
235 Reply to a read and X.
236 This code is basically stolen from reply_read_and_X with some
237 wrinkles to handle pipes.
238 ****************************************************************************/
240 void reply_pipe_read_and_X(struct smb_request *req)
242 files_struct *fsp = file_fsp(req, SVAL(req->vwv+0, 0));
243 int smb_maxcnt = SVAL(req->vwv+5, 0);
244 int smb_mincnt = SVAL(req->vwv+6, 0);
250 /* we don't use the offset given to use for pipe reads. This
251 is deliberate, instead we always return the next lump of
254 uint32 smb_offs = IVAL(req->vwv+3, 0);
257 if (!fsp_is_np(fsp)) {
258 reply_doserror(req, ERRDOS, ERRbadfid);
262 if (fsp->vuid != req->vuid) {
263 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
267 reply_outbuf(req, 12, smb_maxcnt);
269 data = (uint8_t *)smb_buf(req->outbuf);
271 status = np_read(fsp, data, smb_maxcnt, &nread, &unused);
273 if (!NT_STATUS_IS_OK(status)) {
274 reply_doserror(req, ERRDOS, ERRnoaccess);
278 srv_set_message((char *)req->outbuf, 12, nread, False);
280 SSVAL(req->outbuf,smb_vwv5,nread);
281 SSVAL(req->outbuf,smb_vwv6,smb_offset(data,req->outbuf));
282 SSVAL(smb_buf(req->outbuf),-2,nread);
284 DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n",
285 fsp->fnum, smb_mincnt, smb_maxcnt, (int)nread));