2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2003
6 Copyright (C) Andrew Tridgell 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 open a rpc connection to a named pipe
29 NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe *p,
30 const char *pipe_name,
31 const char *pipe_uuid,
39 asprintf(&name, "\\%s", pipe_name);
41 return NT_STATUS_NO_MEMORY;
44 io.ntcreatex.level = RAW_OPEN_NTCREATEX;
45 io.ntcreatex.in.flags = 0;
46 io.ntcreatex.in.root_fid = 0;
47 io.ntcreatex.in.access_mask =
48 STD_RIGHT_READ_CONTROL_ACCESS |
49 SA_RIGHT_FILE_WRITE_ATTRIBUTES |
50 SA_RIGHT_FILE_WRITE_EA |
51 GENERIC_RIGHTS_FILE_READ |
52 GENERIC_RIGHTS_FILE_WRITE;
53 io.ntcreatex.in.file_attr = 0;
54 io.ntcreatex.in.alloc_size = 0;
55 io.ntcreatex.in.share_access =
56 NTCREATEX_SHARE_ACCESS_READ |
57 NTCREATEX_SHARE_ACCESS_WRITE;
58 io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
59 io.ntcreatex.in.create_options = 0;
60 io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
61 io.ntcreatex.in.security_flags = 0;
62 io.ntcreatex.in.fname = name;
64 mem_ctx = talloc_init("torture_rpc_connection");
66 return NT_STATUS_NO_MEMORY;
68 status = smb_raw_open(p->tree, mem_ctx, &io);
70 talloc_destroy(mem_ctx);
72 if (!NT_STATUS_IS_OK(status)) {
76 p->fnum = io.ntcreatex.out.fnum;
78 /* bind to the pipe, using the pipe_name as the key */
79 status = dcerpc_bind_byuuid(p, pipe_uuid, pipe_version);
81 if (!NT_STATUS_IS_OK(status)) {
83 c.close.level = RAW_CLOSE_CLOSE;
84 c.close.in.fnum = p->fnum;
85 c.close.in.write_time = 0;
86 smb_raw_close(p->tree, &c);
93 struct cli_request *dcerpc_raw_send(struct dcerpc_pipe *p, DATA_BLOB *blob)
95 struct smb_trans2 trans;
97 struct cli_request *req;
100 mem_ctx = talloc_init("dcerpc_raw_send");
101 if (!mem_ctx) return NULL;
103 trans.in.data = *blob;
104 trans.in.params = data_blob(NULL, 0);
106 setup[0] = TRANSACT_DCERPCCMD;
109 trans.in.max_param = 0;
110 trans.in.max_data = 0x8000;
111 trans.in.max_setup = 0;
112 trans.in.setup_count = 2;
114 trans.in.timeout = 0;
115 trans.in.setup = setup;
116 trans.in.trans_name = "\\PIPE\\";
118 req = smb_raw_trans_send(p->tree, &trans);
120 talloc_destroy(mem_ctx);
126 NTSTATUS dcerpc_raw_recv(struct dcerpc_pipe *p,
127 struct cli_request *req,
131 struct smb_trans2 trans;
136 status = smb_raw_trans_recv(req, mem_ctx, &trans);
137 /* STATUS_BUFFER_OVERFLOW means that there is more data
138 available via SMBreadX */
139 if (!NT_STATUS_IS_OK(status) &&
140 !NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
144 payload = trans.out.data;
146 if (trans.out.data.length < 16 ||
147 !NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
151 /* we might have recieved a partial fragment, in which case we
152 need to pull the rest of it */
153 frag_length = SVAL(payload.data, 8);
154 if (frag_length <= payload.length) {
158 /* make sure the payload can hold the whole fragment */
159 payload.data = talloc_realloc(mem_ctx, payload.data, frag_length);
161 return NT_STATUS_NO_MEMORY;
164 /* the rest of the data is available via SMBreadX */
165 while (frag_length > payload.length) {
169 n = frag_length - payload.length;
174 io.generic.level = RAW_READ_READX;
175 io.readx.in.fnum = p->fnum;
176 io.readx.in.mincnt = n;
177 io.readx.in.maxcnt = n;
178 io.readx.in.offset = 0;
179 io.readx.in.remaining = 0;
180 io.readx.out.data = payload.data + payload.length;
181 status = smb_raw_read(p->tree, &io);
182 if (!NT_STATUS_IS_OK(status) &&
183 !NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
187 n = io.readx.out.nread;
189 status = NT_STATUS_UNSUCCESSFUL;
195 /* if the SMBreadX returns NT_STATUS_OK then there
196 isn't any more data to be read */
197 if (NT_STATUS_IS_OK(status)) {
210 NTSTATUS dcerpc_raw_packet(struct dcerpc_pipe *p,
212 DATA_BLOB *request_blob,
213 DATA_BLOB *reply_blob)
215 struct cli_request *req;
216 req = dcerpc_raw_send(p, request_blob);
217 return dcerpc_raw_recv(p, req, mem_ctx, reply_blob);
222 retrieve a secondary pdu from a pipe
224 NTSTATUS dcerpc_raw_packet_secondary(struct dcerpc_pipe *p,
233 *blob = data_blob_talloc(mem_ctx, NULL, n);
235 return NT_STATUS_NO_MEMORY;
238 io.generic.level = RAW_READ_READX;
239 io.readx.in.fnum = p->fnum;
240 io.readx.in.mincnt = n;
241 io.readx.in.maxcnt = n;
242 io.readx.in.offset = 0;
243 io.readx.in.remaining = 0;
244 io.readx.out.data = blob->data;
246 status = smb_raw_read(p->tree, &io);
247 if (!NT_STATUS_IS_OK(status) &&
248 !NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
252 blob->length = io.readx.out.nread;
254 if (blob->length < 16) {
258 frag_length = SVAL(blob->data, 8);
259 if (frag_length <= blob->length) {
263 blob->data = talloc_realloc(mem_ctx, blob->data, frag_length);
265 return NT_STATUS_NO_MEMORY;
268 while (frag_length > blob->length &&
269 NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
271 n = frag_length - blob->length;
276 io.readx.in.mincnt = n;
277 io.readx.in.maxcnt = n;
278 io.readx.out.data = blob->data + blob->length;
279 status = smb_raw_read(p->tree, &io);
281 if (!NT_STATUS_IS_OK(status) &&
282 !NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
286 n = io.readx.out.nread;
295 send an initial pdu in a multi-pdu sequence
297 NTSTATUS dcerpc_raw_packet_initial(struct dcerpc_pipe *p,
304 io.generic.level = RAW_WRITE_WRITEX;
305 io.writex.in.fnum = p->fnum;
306 io.writex.in.offset = 0;
307 io.writex.in.wmode = PIPE_START_MESSAGE;
308 io.writex.in.remaining = blob->length;
309 io.writex.in.count = blob->length;
310 io.writex.in.data = blob->data;
312 status = smb_raw_write(p->tree, &io);
313 if (NT_STATUS_IS_OK(status)) {
317 /* make sure it accepted it all */
318 if (io.writex.out.nwritten != blob->length) {
319 return NT_STATUS_UNSUCCESSFUL;