union smb_open op;
struct smb_trans2 tr;
union smb_write wr;
- union smb_write wr_raw;
union smb_read rd;
- union smb_read rd_raw;
union smb_close cl;
int fnum;
uint8_t cmd_buf[256*8];
uint16_t setup[2];
- struct smbcli_request *reqs[5];
- uint32_t i;
- uint8_t raw_bytes[2+20];
+ struct smbcli_request *reqs[4];
uint8_t zero20[20];
ZERO_STRUCT(zero20);
NPECHO_BUF_SETUP_CMD(cmd_buf,21, NPECHO_CMD_WRITE, 20);
NPECHO_BUF_SETUP_CMD(cmd_buf,22, NPECHO_CMD_WRITE, 20);
NPECHO_BUF_SETUP_CMD(cmd_buf,23, NPECHO_CMD_SLEEP, 300);
- NPECHO_BUF_SETUP_CMD(cmd_buf,24, NPECHO_CMD_READ, 20);
- NPECHO_BUF_SETUP_CMD(cmd_buf,25, NPECHO_CMD_READ, 20);
- NPECHO_BUF_SETUP_CMD(cmd_buf,26, NPECHO_CMD_SLEEP, 300);
- NPECHO_BUF_SETUP_CMD(cmd_buf,27, NPECHO_CMD_WRITE, 20);
- NPECHO_BUF_SETUP_CMD(cmd_buf,28, NPECHO_CMD_SLEEP, 300);
setup[0] = TRANSACT_DCERPCCMD;
setup[1] = fnum;
tr.in.setup_count = 2;
tr.in.setup = setup;
tr.in.params = data_blob(NULL, 0);
- tr.in.data = data_blob_const(cmd_buf, 29*NPECHO_BUF_CMD_SIZE);
+ tr.in.data = data_blob_const(cmd_buf, 24*NPECHO_BUF_CMD_SIZE);
tr.in.max_setup = 0;
tr.in.max_param = 0;
tr.in.max_data = 4;
status = smb_raw_read_recv(reqs[3], &rd);
CHECK_STATUS(status, NT_STATUS_OK);
-//#define PIPE_RAW_MODE 0x4
-//#define PIPE_START_MESSAGE 0x8
- ZERO_STRUCT(wr_raw);
- wr_raw.writex.level = RAW_WRITE_WRITEX;
- wr_raw.writex.in.file.fnum = fnum;
- wr_raw.writex.in.wmode = PIPE_RAW_MODE;
- wr_raw.writex.in.remaining = 0;
- wr_raw.writex.in.offset = 0;
- wr_raw.writex.in.count = sizeof(raw_bytes);
- wr_raw.writex.in.data = raw_bytes;
-
- SSVAL(raw_bytes, 0, 0xFFFF);
- for (i=0; i < (sizeof(raw_bytes) - 2); i++) {
- raw_bytes[2+i] = i;
- }
-
- ZERO_STRUCT(rd);
- rd_raw.readx.level = RAW_READ_READX;
- rd_raw.readx.in.file.fnum = fnum;
- rd_raw.readx.in.maxcnt = sizeof(zero20);
- rd_raw.readx.in.mincnt = sizeof(zero20);
- rd_raw.readx.in.offset = 0;
- rd_raw.readx.in.read_for_execute = false;
- rd_raw.readx.in.remaining = 20;
- rd_raw.readx.out.data = zero20;
-
- torture_comment(tctx, "do write(raw_mode le), read\n");
- SSVAL(raw_bytes, 0, sizeof(raw_bytes) - 2);
- reqs[0] = smb_raw_write_send(cli->tree, &wr_raw);
-
- status = smb_raw_write_recv(reqs[0], &wr_raw);
- CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRerror));
-
- torture_comment(tctx, "do write(raw_mode be), read\n");
- RSSVAL(raw_bytes, 0, sizeof(raw_bytes) - 2);
- reqs[0] = smb_raw_write_send(cli->tree, &wr_raw);
-
- status = smb_raw_write_recv(reqs[0], &wr_raw);
- CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV, ERRerror));
-
-
- torture_comment(tctx, "do write, write(half), write(half), read(half), read(half)\n");
- reqs[0] = smb_raw_write_send(cli->tree, &wr);
- SSVAL(raw_bytes, 0, 0xFFFF);
- SSVAL(raw_bytes, 0, 0x8765);
- //SSVAL(raw_bytes, 0, sizeof(raw_bytes) - 2 + 5);
- wr_raw.writex.in.wmode = PIPE_START_MESSAGE | PIPE_RAW_MODE;
- wr_raw.writex.in.remaining = 20;
- wr_raw.writex.in.offset = 0x8765;
- wr_raw.writex.in.count = 12;
- wr_raw.writex.in.data = raw_bytes;
- reqs[1] = smb_raw_write_send(cli->tree, &wr_raw);
- wr_raw.writex.in.wmode = PIPE_RAW_MODE | 0x02;
- wr_raw.writex.in.remaining = 0x8765;
- wr_raw.writex.in.offset = 0x1234;
- wr_raw.writex.in.count = 10;
- wr_raw.writex.in.data = raw_bytes + 12;
- reqs[2] = smb_raw_write_send(cli->tree, &wr_raw);
- rd_raw.readx.in.maxcnt = 10;
- rd_raw.readx.in.mincnt = 10;
- rd_raw.readx.in.offset = 7870;
- rd_raw.readx.in.read_for_execute = false;
- rd_raw.readx.in.remaining = 0x8765;
- rd_raw.readx.out.data = zero20;
- reqs[3] = smb_raw_read_send(cli->tree, &rd_raw);
- rd_raw.readx.in.maxcnt = 10;
- rd_raw.readx.in.mincnt = 10;
- rd_raw.readx.in.offset = 5560;
- rd_raw.readx.in.read_for_execute = false;
- rd_raw.readx.in.remaining = 0x1234;
- rd_raw.readx.out.data = zero20;
- reqs[4] = smb_raw_read_send(cli->tree, &rd_raw);
-
- status = smb_raw_write_recv(reqs[0], &wr);
- CHECK_STATUS(status, NT_STATUS_OK);
- status = smb_raw_write_recv(reqs[1], &wr_raw);
- CHECK_STATUS(status, NT_STATUS_OK);
- status = smb_raw_write_recv(reqs[2], &wr_raw);
- CHECK_STATUS(status, NT_STATUS_OK);
- status = smb_raw_read_recv(reqs[3], &rd_raw);
- CHECK_STATUS(status, STATUS_BUFFER_OVERFLOW);
- status = smb_raw_read_recv(reqs[4], &rd_raw);
- CHECK_STATUS(status, NT_STATUS_OK);
-
torture_comment(tctx, "close message mode named pipe\n");
ZERO_STRUCT(cl);
cl.close.level = RAW_CLOSE_CLOSE;