Changeset 751 for trunk/server/source3/smbd/smb2_find.c

Timestamp:

Nov 29, 2012, 1:59:04 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.9

File:

• trunk/server/source3/smbd/smb2_find.c (modified) (11 diffs)

trunk/server/source3/smbd/smb2_find.c

@@ -29 +29 @@
                                               struct tevent_context *ev,
                                               struct smbd_smb2_request *smb2req,
+                                              struct files_struct *in_fsp,
                                               uint8_t in_file_info_class,
                                               uint8_t in_flags,
                                               uint32_t in_file_index,
-                                              uint64_t in_file_id_volatile,
                                               uint32_t in_output_buffer_length,
                                               const char *in_file_name);
@@ -42 +42 @@
 NTSTATUS smbd_smb2_request_process_find(struct smbd_smb2_request *req)
 {
-        const uint8_t *inhdr;
+        NTSTATUS status;
         const uint8_t *inbody;
         int i = req->current_idx;
-        size_t expected_body_size = 0x21;
-        size_t body_size;
         uint8_t in_file_info_class;
         uint8_t in_flags;
@@ -52 +50 @@
         uint64_t in_file_id_persistent;
         uint64_t in_file_id_volatile;
+        struct files_struct *in_fsp;
         uint16_t in_file_name_offset;
         uint16_t in_file_name_length;
@@ -61 +60 @@
         bool ok;
 
-        inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
-        if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-        }
-
+        status = smbd_smb2_request_verify_sizes(req, 0x21);
+        if (!NT_STATUS_IS_OK(status)) {
+                return smbd_smb2_request_error(req, status);
+        }
         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
-
-        body_size = SVAL(inbody, 0x00);
-        if (body_size != expected_body_size) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-        }
 
         in_file_info_class              = CVAL(inbody, 0x02);
@@ -85 +78 @@
                 /* This is ok */
         } else if (in_file_name_offset !=
-                   (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
+                   (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
         }
@@ -116 +109 @@
         }
 
-        if (req->compat_chain_fsp) {
-                /* skip check */
-        } else if (in_file_id_persistent != in_file_id_volatile) {
+        if (in_file_name_buffer.length == 0) {
+                in_file_name_string_size = 0;
+        }
+
+        if (strlen(in_file_name_string) != in_file_name_string_size) {
+                return smbd_smb2_request_error(req, NT_STATUS_OBJECT_NAME_INVALID);
+        }
+
+        in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile);
+        if (in_fsp == NULL) {
                 return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
         }
 
-        subreq = smbd_smb2_find_send(req,
-                                     req->sconn->smb2.event_ctx,
-                                     req,
+        subreq = smbd_smb2_find_send(req, req->sconn->smb2.event_ctx,
+                                     req, in_fsp,
                                      in_file_info_class,
                                      in_flags,
                                      in_file_index,
-                                     in_file_id_volatile,
                                      in_output_buffer_length,
                                      in_file_name_string);
@@ -208 +206 @@
                                               struct tevent_context *ev,
                                               struct smbd_smb2_request *smb2req,
+                                              struct files_struct *fsp,
                                               uint8_t in_file_info_class,
                                               uint8_t in_flags,
                                               uint32_t in_file_index,
-                                              uint64_t in_file_id_volatile,
                                               uint32_t in_output_buffer_length,
                                               const char *in_file_name)
@@ -219 +217 @@
         struct smb_request *smbreq;
         connection_struct *conn = smb2req->tcon->compat_conn;
-        files_struct *fsp;
         NTSTATUS status;
         NTSTATUS empty_status;
@@ -242 +239 @@
         state->out_output_buffer = data_blob_null;
 
-        DEBUG(10,("smbd_smb2_find_send: file_id[0x%016llX]\n",
-                  (unsigned long long)in_file_id_volatile));
+        DEBUG(10,("smbd_smb2_find_send: %s - fnum[%d]\n",
+                  fsp_str_dbg(fsp), fsp->fnum));
 
         smbreq = smbd_smb2_fake_smb_request(smb2req);
@@ -250 +247 @@
         }
 
-        fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile);
-        if (fsp == NULL) {
-                tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
-                return tevent_req_post(req, ev);
-        }
-        if (conn != fsp->conn) {
-                tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
-                return tevent_req_post(req, ev);
-        }
-        if (smb2req->session->vuid != fsp->vuid) {
-                tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
-                return tevent_req_post(req, ev);
-        }
-
         if (!fsp->is_directory) {
                 tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
@@ -282 +265 @@
         }
 
-        if (in_output_buffer_length > 0x10000) {
+        if (in_output_buffer_length > smb2req->sconn->smb2.max_trans) {
                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
                 return tevent_req_post(req, ev);