Changeset 751 for trunk/server/source3/smbd/smb2_create.c

Timestamp:

Nov 29, 2012, 1:59:04 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.9

File:

• trunk/server/source3/smbd/smb2_create.c (modified) (15 diffs)

trunk/server/source3/smbd/smb2_create.c

@@ -101 +101 @@
         const uint8_t *inbody;
         int i = smb2req->current_idx;
-        size_t expected_body_size = 0x39;
-        size_t body_size;
         uint8_t in_oplock_level;
         uint32_t in_impersonation_level;
@@ -128 +126 @@
         struct tevent_req *tsubreq;
 
-        if (smb2req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-                return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
-        }
-
+        status = smbd_smb2_request_verify_sizes(smb2req, 0x39);
+        if (!NT_STATUS_IS_OK(status)) {
+                return smbd_smb2_request_error(smb2req, status);
+        }
         inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
-
-        body_size = SVAL(inbody, 0x00);
-        if (body_size != expected_body_size) {
-                return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
-        }
 
         in_oplock_level         = CVAL(inbody, 0x03);
@@ -159 +152 @@
          */
 
-        dyn_offset = SMB2_HDR_BODY + (body_size & 0xFFFFFFFE);
+        dyn_offset = SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len;
 
         if (in_name_offset == 0 && in_name_length == 0) {
@@ -218 +211 @@
         if (!ok) {
                 return smbd_smb2_request_error(smb2req, NT_STATUS_ILLEGAL_CHARACTER);
+        }
+
+        if (in_name_buffer.length == 0) {
+                in_name_string_size = 0;
+        }
+
+        if (strlen(in_name_string) != in_name_string_size) {
+                return smbd_smb2_request_error(smb2req, NT_STATUS_OBJECT_NAME_INVALID);
         }
 
@@ -386 +387 @@
         struct smbd_smb2_request *smb2req;
         struct smb_request *smb1req;
+        bool open_was_deferred;
         struct timed_event *te;
         struct tevent_immediate *im;
@@ -538 +540 @@
                 if (exta) {
                         if (dhnc) {
-                                tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                                tevent_req_nterror(req,NT_STATUS_OBJECT_NAME_NOT_FOUND);
                                 return tevent_req_post(req, ev);
                         }
@@ -553 +555 @@
                 if (mxac) {
                         if (dhnc) {
-                                tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                                tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
                                 return tevent_req_post(req, ev);
                         }
@@ -571 +573 @@
 
                         if (dhnc) {
-                                tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                                tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
                                 return tevent_req_post(req, ev);
                         }
@@ -593 +595 @@
                 if (dhnq) {
                         if (dhnc) {
-                                tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                                tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
                                 return tevent_req_post(req, ev);
                         }
@@ -619 +621 @@
                 if (alsi) {
                         if (dhnc) {
-                                tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                                tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
                                 return tevent_req_post(req, ev);
                         }
@@ -636 +638 @@
 
                         if (dhnc) {
-                                tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                                tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
                                 return tevent_req_post(req, ev);
                         }
@@ -821 +823 @@
                                         result->fsp_name));
         state->out_allocation_size =
-                        result->fsp_name->st.st_ex_blksize *
-                        result->fsp_name->st.st_ex_blocks;
+                        SMB_VFS_GET_ALLOC_SIZE(smb1req->conn, result,
+                                               &(result->fsp_name->st));
         state->out_end_of_file = result->fsp_name->st.st_ex_size;
         if (state->out_file_attributes == 0) {
                 state->out_file_attributes = FILE_ATTRIBUTE_NORMAL;
         }
-        state->out_file_id_persistent = result->fnum;
+        state->out_file_id_persistent = fsp_persistent_id(result);
         state->out_file_id_volatile = result->fnum;
         state->out_context_blobs = out_context_blobs;
@@ -964 +966 @@
         }
         /* It's not in progress if there's no timeout event. */
-        if (!state->te) {
+        if (!state->open_was_deferred) {
                 return false;
         }
@@ -995 +997 @@
                 (unsigned long long)mid ));
 
+        state->open_was_deferred = false;
         /* Ensure we don't have any outstanding timer event. */
         TALLOC_FREE(state->te);
@@ -1238 +1241 @@
                                 true) ));
 
+        state->open_was_deferred = true;
         state->te = event_add_timed(smb2req->sconn->smb2.event_ctx,
                                 state,