s3:smbd: fix max_buffer handling of initial notify requests

[samba.git] / source3 / smbd / smb2_notify.c

diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c
index 228346eb989e7d78a9ed0fe7a99c652c798462aa..68429b7b766a324f61ac45047aec6d238a81a2e7 100644 (file)
--- a/source3/smbd/smb2_notify.c
+++ b/source3/smbd/smb2_notify.c
@@ -25,6 +25,9 @@
 #include "../libcli/smb/smb_common.h"
 #include "../lib/util/tevent_ntstatus.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SMB2
+
 struct smbd_smb2_notify_state {
        struct smbd_smb2_request *smb2req;
        struct smb_request *smbreq;
@@ -48,6 +51,7 @@ static NTSTATUS smbd_smb2_notify_recv(struct tevent_req *req,
 static void smbd_smb2_request_notify_done(struct tevent_req *subreq);
 NTSTATUS smbd_smb2_request_process_notify(struct smbd_smb2_request *req)
 {
+       struct smbXsrv_connection *xconn = req->xconn;
        NTSTATUS status;
        const uint8_t *inbody;
        uint16_t in_flags;
@@ -74,7 +78,7 @@ NTSTATUS smbd_smb2_request_process_notify(struct smbd_smb2_request *req)
         * 0x00010000 is what Windows 7 uses,
         * Windows 2008 uses 0x00080000
         */
-       if (in_output_buffer_length > req->sconn->smb2.max_trans) {
+       if (in_output_buffer_length > xconn->smb2.server.max_trans) {
                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
        }
 
@@ -121,7 +125,7 @@ static void smbd_smb2_request_notify_done(struct tevent_req *subreq)
        if (!NT_STATUS_IS_OK(status)) {
                error = smbd_smb2_request_error(req, status);
                if (!NT_STATUS_IS_OK(error)) {
-                       smbd_server_connection_terminate(req->sconn,
+                       smbd_server_connection_terminate(req->xconn,
                                                         nt_errstr(error));
                        return;
                }
@@ -130,11 +134,11 @@ static void smbd_smb2_request_notify_done(struct tevent_req *subreq)
 
        out_output_buffer_offset = SMB2_HDR_BODY + 0x08;
 
-       outbody = data_blob_talloc(req->out.vector, NULL, 0x08);
+       outbody = smbd_smb2_generate_outbody(req, 0x08);
        if (outbody.data == NULL) {
                error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
                if (!NT_STATUS_IS_OK(error)) {
-                       smbd_server_connection_terminate(req->sconn,
+                       smbd_server_connection_terminate(req->xconn,
                                                         nt_errstr(error));
                        return;
                }
@@ -151,7 +155,7 @@ static void smbd_smb2_request_notify_done(struct tevent_req *subreq)
 
        error = smbd_smb2_request_done(req, outbody, &outdyn);
        if (!NT_STATUS_IS_OK(error)) {
-               smbd_server_connection_terminate(req->sconn,
+               smbd_server_connection_terminate(req->xconn,
                                                 nt_errstr(error));
                return;
        }
@@ -259,6 +263,7 @@ static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx,
        if (fsp->notify == NULL) {
 
                status = change_notify_create(fsp,
+                                             in_output_buffer_length,
                                              in_completion_filter,
                                              recursive);
                if (!NT_STATUS_IS_OK(status)) {
@@ -320,6 +325,7 @@ static struct tevent_req *smbd_smb2_notify_send(TALLOC_CTX *mem_ctx,
        /* allow this request to be canceled */
        tevent_req_set_cancel_fn(req, smbd_smb2_notify_cancel);
 
+       SMBPROFILE_IOBYTES_ASYNC_SET_IDLE(state->smb2req->profile);
        return req;
 }
 
@@ -336,6 +342,8 @@ static void smbd_smb2_notify_reply(struct smb_request *smbreq,
                return;
        }
 
+       SMBPROFILE_IOBYTES_ASYNC_SET_BUSY(state->smb2req->profile);
+
        state->status = error_code;
        if (!NT_STATUS_IS_OK(error_code)) {
                /* nothing */