diff options
-rw-r--r-- | source/lib/msrpc-client.c | 2 | ||||
-rw-r--r-- | source/msrpc/msrpcd_process.c | 8 | ||||
-rw-r--r-- | source/rpc_client/cli_pipe.c | 26 | ||||
-rw-r--r-- | source/rpc_parse/parse_prs.c | 17 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe.c | 6 | ||||
-rw-r--r-- | source/smbd/ipc.c | 8 |
6 files changed, 40 insertions, 27 deletions
diff --git a/source/lib/msrpc-client.c b/source/lib/msrpc-client.c index ed7ed14c662..972cb591f7b 100644 --- a/source/lib/msrpc-client.c +++ b/source/lib/msrpc-client.c @@ -87,6 +87,8 @@ BOOL msrpc_receive_prs(struct msrpc_state *msrpc, prs_struct *ps) memcpy(data, smb_base(msrpc->inbuf), len); + prs_debug_out(ps, "msrpc_receive_prs", 200); + return True; } diff --git a/source/msrpc/msrpcd_process.c b/source/msrpc/msrpcd_process.c index d5e2f2846aa..42d3c3eec46 100644 --- a/source/msrpc/msrpcd_process.c +++ b/source/msrpc/msrpcd_process.c @@ -152,12 +152,8 @@ static int do_message(pipes_struct *p, { static int pid= -1; - prs_struct pd; int outsize = -1; - /* make a static data parsing structure from the api_fd_reply data */ - prs_create(&pd, smb_base(inbuf), smb_len(inbuf), 4, True); - if (pid == -1) pid = getpid(); @@ -176,10 +172,6 @@ static int do_message(pipes_struct *p, DEBUG(10,("do_message: returned %d bytes\n", outsize)); - /* DO NOT free pd with prs_free_data because the memory it - * uses is inbuf, which is not controlled by this function - */ - return outsize; } diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index 638c626cb4a..2595bfcd4ce 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -291,6 +291,7 @@ static BOOL create_request_pdu(struct cli_connection *con, prs_struct hdr_auth; prs_struct auth_verf; int data_len; + int frag_len; int auth_len; BOOL auth_verify; BOOL auth_seal; @@ -322,10 +323,10 @@ static BOOL create_request_pdu(struct cli_connection *con, (*data_end) += data_len; /* happen to know that NTLMSSP authentication verifier is 16 bytes */ - data_len = data_len + auth_len + (auth_verify ? 8 : 0) + 0x18; + frag_len = data_len + auth_len + (auth_verify ? 8 : 0) + 0x18; prs_init(&data_t , 0 , 4, False); - prs_init(&hdr , data_len, 4, False); + prs_init(&hdr , frag_len, 4, False); prs_init(&hdr_auth , 8 , 4, False); prs_init(&auth_verf, auth_len, 4, False); @@ -333,12 +334,12 @@ static BOOL create_request_pdu(struct cli_connection *con, data_t.end = data_t.data_size; data_t.offset = data_t.data_size; - create_rpc_request(&hdr, op_num, flags, data_len, auth_len); + create_rpc_request(&hdr, op_num, flags, frag_len, auth_len); if (auth_seal) { - crc32 = crc32_calc_buffer(data_len, d); - NTLMSSPcalc_ap(nt, (uchar*)d, data_len); + crc32 = crc32_calc_buffer(frag_len, d); + NTLMSSPcalc_ap(nt, (uchar*)d, frag_len); } if (auth_seal || auth_verify) @@ -371,8 +372,8 @@ static BOOL create_request_pdu(struct cli_connection *con, prs_link(&hdr, &data_t, NULL ); } - DEBUG(100,("data_len: 0x%x data_calc_len: 0x%x\n", - data_len, prs_buf_len(&data_t))); + DEBUG(100,("frag_len: 0x%x data_len: 0x%x data_calc_len: 0x%x\n", + frag_len, data_len, prs_buf_len(&data_t))); if (data_len != prs_buf_len(&data_t)) { @@ -384,9 +385,14 @@ static BOOL create_request_pdu(struct cli_connection *con, return False; } + DEBUG(100,("create_request_pdu: %d\n", __LINE__)); + /* this is all a hack */ - prs_init(dataa, data_len, 4, False); - prs_buf_copy(dataa->data, &hdr, 0, data_len); + prs_init(dataa, prs_buf_len(&hdr), 4, False); + prs_debug_out(dataa, "create_request_pdu", 200); + prs_buf_copy(dataa->data, &hdr, 0, frag_len); + + DEBUG(100,("create_request_pdu: %d\n", __LINE__)); prs_free_data(&hdr_auth ); prs_free_data(&auth_verf); @@ -463,6 +469,7 @@ BOOL rpc_api_pipe_bind(struct cli_connection *con, prs_struct *data, prs_struct } DEBUG(6,("cli_pipe: fragment first and last both set\n")); + return True; } @@ -507,6 +514,7 @@ BOOL rpc_api_pipe_req(struct cli_connection *con, uint8 opnum, } DEBUG(10,("rpc_api_pipe_req: end: %d\n", data_end)); + dbgflush(); if (!rpc_api_send_rcv_pdu(con, &data_t, &rpdu)) { diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index a9ebe6ec79e..c5887cd7a12 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -37,14 +37,17 @@ void prs_debug(prs_struct *ps, int depth, char *desc, char *fn_name) /******************************************************************* debug a parse structure ********************************************************************/ -void prs_debug_out(prs_struct *ps, char *msg, int level) +void prs_debug_out(const prs_struct *ps, char *msg, int level) { CHECK_STRUCT(ps); DEBUG(level,("%s ps: io %s align %d offset %d err %d data %p len %d\n", msg, BOOLSTR(ps->io), ps->align, ps->offset, ps->error, ps->data, prs_buf_len(ps))); - dump_data(level, ps->data, prs_buf_len(ps)); + if (ps->data != NULL) + { + dump_data(level, ps->data, prs_buf_len(ps)); + } } /******************************************************************* @@ -80,6 +83,9 @@ void prs_init(prs_struct *ps, uint32 size, uint8 align, BOOL io) ********************************************************************/ void prs_create(prs_struct *ps, char *data, uint32 size, uint8 align, BOOL io) { + DEBUG(200,("prs_create: data:%p size:%d align:%d io:%s\n", + data, size, align, BOOLSTR(io))); + prs_init(ps, 0, align, io); ps->data = data; ps->data_size = size; @@ -185,6 +191,8 @@ BOOL prs_buf_copy(char *copy_into, const prs_struct *buf, DEBUG(200,("prs_struct_copy: data[%d..%d] offset %d len %d\n", buf->start, data_len, offset, len)); + prs_debug_out(bcp, "prs_struct_copy", 200); + /* there's probably an off-by-one bug, here, and i haven't even tested the code :-) */ while (offset < end && ((q = prs_data(bcp, offset)) != NULL)) { @@ -397,12 +405,9 @@ void prs_align(prs_struct *ps) ********************************************************************/ BOOL prs_grow(prs_struct *ps, uint32 new_size) { - BOOL ret; CHECK_STRUCT(ps); if (ps->error) return False; - ret = prs_grow_data(ps, ps->io, new_size, False); - prs_debug_out(ps, "prs_grow", 200); - return ret; + return prs_grow_data(ps, ps->io, new_size, False); } /******************************************************************* diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index a8df40fad5d..3c7b2774e9d 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -948,6 +948,10 @@ static BOOL rpc_redir_local(rpcsrv_struct *l, prs_struct *req, prs_struct *resp, if (reply) { /* flatten the data into a single pdu */ + DEBUG(200,("rpc_redir_local: %d\n", __LINE__)); + prs_init(resp, 0, 4, False); + prs_debug_out(resp , "redir_local resp", 200); + prs_debug_out(&l->rhdr, "send_rcv rhdr", 200); reply = prs_copy(resp, &l->rhdr); } @@ -973,6 +977,8 @@ BOOL rpc_send_and_rcv_pdu(pipes_struct *p) BOOL ret = create_rpc_reply(p->l, p->l->rdata_offset); /* flatten the data into a single pdu */ if (!ret) return False; + prs_debug_out(&p->rsmb_pdu, "send_rcv rsmb_pdu", 200); + prs_debug_out(&p->l->rhdr , "send_rcv rhdr", 200); return prs_copy(&p->rsmb_pdu, &p->l->rhdr); } else diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index 45004d3ad27..facc0d26139 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -3123,6 +3123,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, static void api_rpc_trans_reply(char *outbuf, pipes_struct *p) { + prs_debug_out(&p->rsmb_pdu, "api_rpc_trans_reply", 200); send_trans_reply(outbuf, &p->rsmb_pdu, NULL, NULL, 0, p->file_offset); if (prs_buf_len(&p->rsmb_pdu) <= p->file_offset) @@ -3423,16 +3424,15 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); - prs_create(&rdata_buf , rdata , rdata_len , 0, False); prs_create(&rparam_buf, rparam, rparam_len, 0, False); /* now send the reply */ send_trans_reply(outbuf, &rdata_buf, &rparam_buf, NULL, 0, 0); - prs_free_data(&rdata_buf); - prs_free_data(&rparam_buf); - + prs_free_data(&rdata_buf ); + prs_free_data(&rparam_buf); + return(-1); } |