s3:smbd: add comment about returning STATUS_BUFFER_OVERFLOW in pipe_read_andx_done()

[metze/samba/wip.git] / source3 / smbd / pipes.c
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c

index 2686cf41d93a30137e44c260270a49f66bf323bd..aff5f5349596c49269e0216d7d60406a41a56c5d 100644 (file)
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -37,6 +37,7 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
  {
         struct connection_struct *conn = smb_req->conn;
         struct files_struct *fsp;
+       struct smb_filename *smb_fname = NULL;
         NTSTATUS status;
  
         status = file_new(smb_req, conn, &fsp);
@@ -50,7 +51,19 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
         fsp->vuid = smb_req->vuid;
         fsp->can_lock = false;
         fsp->access_mask = FILE_READ_DATA | FILE_WRITE_DATA;
-       string_set(&fsp->fsp_name, name);
+
+       status = create_synthetic_smb_fname(talloc_tos(), name, NULL, NULL,
+                                           &smb_fname);
+               if (!NT_STATUS_IS_OK(status)) {
+               file_free(smb_req, fsp);
+               return status;
+       }
+       status = fsp_set_smb_fname(fsp, smb_fname);
+       TALLOC_FREE(smb_fname);
+       if (!NT_STATUS_IS_OK(status)) {
+               file_free(smb_req, fsp);
+               return status;
+       }
  
         status = np_open(NULL, name, conn->client_address,
                          conn->server_info, &fsp->fake_file_handle);
@@ -92,7 +105,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
         /* at a mailslot or something we really, really don't understand, */
         /* not just something we really don't understand. */
         if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 ) {
-               reply_doserror(req, ERRSRV, ERRaccess);
+               reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                 return;
         }
  
@@ -106,7 +119,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req)
          * Hack for NT printers... JRA.
          */
         if(should_fail_next_srvsvc_open(fname)) {
-               reply_doserror(req, ERRSRV, ERRaccess);
+               reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                 return;
         }
  #endif
@@ -158,7 +171,7 @@ void reply_pipe_write(struct smb_request *req)
         struct tevent_req *subreq;
  
         if (!fsp_is_np(fsp)) {
-               reply_doserror(req, ERRDOS, ERRbadfid);
+               reply_nterror(req, NT_STATUS_INVALID_HANDLE);
                 return;
         }
  
@@ -179,7 +192,7 @@ void reply_pipe_write(struct smb_request *req)
         data = req->buf + 3;
  
         DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", (int)fsp->fnum,
-                 fsp->fsp_name, (int)state->numtowrite));
+                 fsp_str_dbg(fsp), (int)state->numtowrite));
  
         subreq = np_write_send(state, smbd_event_context(),
                                fsp->fake_file_handle, data, state->numtowrite);
@@ -203,8 +216,14 @@ static void pipe_write_done(struct tevent_req *subreq)
  
         status = np_write_recv(subreq, &nwritten);
         TALLOC_FREE(subreq);
-       if ((nwritten == 0 && state->numtowrite != 0) || (nwritten < 0)) {
-               reply_unixerror(req, ERRDOS, ERRnoaccess);
+       if (nwritten < 0) {
+               reply_nterror(req, status);
+               goto send;
+       }
+
+       /* Looks bogus to me now. Needs to be removed ? JRA. */
+       if ((nwritten == 0 && state->numtowrite != 0)) {
+               reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                 goto send;
         }
  
@@ -216,6 +235,7 @@ static void pipe_write_done(struct tevent_req *subreq)
  
   send:
         if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf,
+                         true, req->seqnum+1,
                           IS_CONN_ENCRYPTED(req->conn)||req->encrypted,
                           &req->pcd)) {
                 exit_server_cleanly("construct_reply: srv_send_smb failed.");
@@ -246,7 +266,7 @@ void reply_pipe_write_and_X(struct smb_request *req)
         struct tevent_req *subreq;
  
         if (!fsp_is_np(fsp)) {
-               reply_doserror(req, ERRDOS, ERRbadfid);
+               reply_nterror(req, NT_STATUS_INVALID_HANDLE);
                 return;
         }
  
@@ -268,7 +288,7 @@ void reply_pipe_write_and_X(struct smb_request *req)
                  == (PIPE_START_MESSAGE|PIPE_RAW_MODE));
  
         DEBUG(6, ("reply_pipe_write_and_X: %x name: %s len: %d\n",
-                 (int)fsp->fnum, fsp->fsp_name, (int)state->numtowrite));
+                 (int)fsp->fnum, fsp_str_dbg(fsp), (int)state->numtowrite));
  
         data = (uint8_t *)smb_base(req->inbuf) + smb_doff;
  
@@ -282,7 +302,7 @@ void reply_pipe_write_and_X(struct smb_request *req)
                         DEBUG(0,("reply_pipe_write_and_X: start of message "
                                  "set and not enough data sent.(%u)\n",
                                  (unsigned int)state->numtowrite ));
-                       reply_unixerror(req, ERRDOS, ERRnoaccess);
+                       reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
                         return;
                 }
  
@@ -312,8 +332,15 @@ static void pipe_write_andx_done(struct tevent_req *subreq)
  
         status = np_write_recv(subreq, &nwritten);
         TALLOC_FREE(subreq);
-       if (!NT_STATUS_IS_OK(status) || (nwritten != state->numtowrite)) {
-               reply_unixerror(req, ERRDOS,ERRnoaccess);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               reply_nterror(req, status);
+               goto done;
+       }
+
+       /* Looks bogus to me now. Is this error message correct ? JRA. */
+       if (nwritten != state->numtowrite) {
+               reply_nterror(req, NT_STATUS_ACCESS_DENIED);
                 goto done;
         }
  
@@ -326,6 +353,11 @@ static void pipe_write_andx_done(struct tevent_req *subreq)
  
   done:
         chain_reply(req);
+       /*
+        * We must free here as the ownership of req was
+        * moved to the connection struct in reply_pipe_write_and_X().
+        */
+       TALLOC_FREE(req);
  }
  
  /****************************************************************************
@@ -357,7 +389,7 @@ void reply_pipe_read_and_X(struct smb_request *req)
  #endif
  
         if (!fsp_is_np(fsp)) {
-               reply_doserror(req, ERRDOS, ERRbadfid);
+               reply_nterror(req, NT_STATUS_INVALID_HANDLE);
                 return;
         }
  
@@ -417,7 +449,21 @@ static void pipe_read_andx_done(struct tevent_req *subreq)
         state->outbuf = NULL;
  
         srv_set_message((char *)req->outbuf, 12, nread, False);
-  
+
+#if 0
+       /*
+        * we should return STATUS_BUFFER_OVERFLOW if there's
+        * out standing data.
+        *
+        * But we can't enable it yet, as it has bad interactions
+        * with fixup_chain_error_packet() in chain_reply().
+        */
+       if (is_data_outstanding) {
+               error_packet_set((char *)req->outbuf, ERRDOS, ERRmoredata,
+                                STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__);
+       }
+#endif
+
         SSVAL(req->outbuf,smb_vwv5,nread);
         SSVAL(req->outbuf,smb_vwv6,
               req_wct_ofs(req)
@@ -431,4 +477,9 @@ static void pipe_read_andx_done(struct tevent_req *subreq)
  
   done:
         chain_reply(req);
+       /*
+        * We must free here as the ownership of req was
+        * moved to the connection struct in reply_pipe_read_and_X().
+        */
+       TALLOC_FREE(req);
  }