Changeset 751 for trunk/server/source3/smbd/smb2_tcon.c

Timestamp:

Nov 29, 2012, 1:59:04 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.9

File:

• trunk/server/source3/smbd/smb2_tcon.c (modified) (8 diffs)

trunk/server/source3/smbd/smb2_tcon.c

@@ -40 +40 @@
         uint8_t *outhdr;
         DATA_BLOB outbody;
-        size_t expected_body_size = 0x09;
-        size_t body_size;
         uint16_t in_path_offset;
         uint16_t in_path_length;
@@ -55 +53 @@
         bool ok;
 
-        if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-        }
-
+        status = smbd_smb2_request_verify_sizes(req, 0x09);
+        if (!NT_STATUS_IS_OK(status)) {
+                return smbd_smb2_request_error(req, status);
+        }
         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
-
-        body_size = SVAL(inbody, 0x00);
-        if (body_size != expected_body_size) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-        }
 
         in_path_offset = SVAL(inbody, 0x04);
         in_path_length = SVAL(inbody, 0x06);
 
-        if (in_path_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
+        if (in_path_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
         }
@@ -87 +80 @@
         if (!ok) {
                 return smbd_smb2_request_error(req, NT_STATUS_ILLEGAL_CHARACTER);
+        }
+
+        if (in_path_buffer.length == 0) {
+                in_path_string_size = 0;
+        }
+
+        if (strlen(in_path_string) != in_path_string_size) {
+                return smbd_smb2_request_error(req, NT_STATUS_BAD_NETWORK_NAME);
         }
 
@@ -228 +229 @@
         talloc_set_destructor(tcon, smbd_smb2_tcon_destructor);
 
-        compat_conn = make_connection_snum(req->sconn,
-                                        snum, req->session->compat_vuser,
+        compat_conn = make_connection_smb2(req->sconn,
+                                        tcon,
+                                        req->session->compat_vuser,
                                         data_blob_null, "???",
                                         &status);
@@ -237 +239 @@
         }
         tcon->compat_conn = talloc_move(tcon, &compat_conn);
-        tcon->compat_conn->cnum = tcon->tid;
 
         if (IS_PRINT(tcon->compat_conn)) {
@@ -281 +282 @@
 {
         const uint8_t *inhdr;
-        const uint8_t *outhdr;
         int i = req->current_idx;
+        uint32_t in_flags;
         uint32_t in_tid;
         void *p;
         struct smbd_smb2_tcon *tcon;
-        bool chained_fixup = false;
+
+        req->tcon = NULL;
 
         inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
 
+        in_flags = IVAL(inhdr, SMB2_HDR_FLAGS);
         in_tid = IVAL(inhdr, SMB2_HDR_TID);
 
-        if (in_tid == (0xFFFFFFFF)) {
-                if (req->async) {
-                        /*
-                         * async request - fill in tid from
-                         * already setup out.vector[].iov_base.
-                         */
-                        outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-                        in_tid = IVAL(outhdr, SMB2_HDR_TID);
-                } else if (i > 2) {
-                        /*
-                         * Chained request - fill in tid from
-                         * the previous request out.vector[].iov_base.
-                         */
-                        outhdr = (const uint8_t *)req->out.vector[i-3].iov_base;
-                        in_tid = IVAL(outhdr, SMB2_HDR_TID);
-                        chained_fixup = true;
-                }
-        }
+        if (in_flags & SMB2_HDR_FLAG_CHAINED) {
+                in_tid = req->last_tid;
+        }
+
+        req->last_tid = UINT32_MAX;
 
         /* lookup an existing session */
@@ -328 +318 @@
 
         req->tcon = tcon;
-
-        if (chained_fixup) {
-                /* Fix up our own outhdr. */
-                outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-                SIVAL(outhdr, SMB2_HDR_TID, in_tid);
-        }
+        req->last_tid = in_tid;
 
         return NT_STATUS_OK;
@@ -340 +325 @@
 NTSTATUS smbd_smb2_request_process_tdis(struct smbd_smb2_request *req)
 {
-        const uint8_t *inbody;
-        int i = req->current_idx;
+        NTSTATUS status;
         DATA_BLOB outbody;
-        size_t expected_body_size = 0x04;
-        size_t body_size;
-
-        if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-        }
-
-        inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
-
-        body_size = SVAL(inbody, 0x00);
-        if (body_size != expected_body_size) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+
+        status = smbd_smb2_request_verify_sizes(req, 0x04);
+        if (!NT_STATUS_IS_OK(status)) {
+                return smbd_smb2_request_error(req, status);
         }