*/
#include "includes.h"
+#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "../libcli/smb/smb_common.h"
+#include "../lib/util/tevent_ntstatus.h"
static struct tevent_req *smbd_smb2_flush_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct smbd_smb2_request *smb2req,
- uint64_t in_file_id_volatile);
+ struct files_struct *fsp);
static NTSTATUS smbd_smb2_flush_recv(struct tevent_req *req);
static void smbd_smb2_request_flush_done(struct tevent_req *subreq);
NTSTATUS smbd_smb2_request_process_flush(struct smbd_smb2_request *req)
{
- const uint8_t *inhdr;
+ NTSTATUS status;
const uint8_t *inbody;
int i = req->current_idx;
- size_t expected_body_size = 0x18;
- size_t body_size;
uint64_t in_file_id_persistent;
uint64_t in_file_id_volatile;
+ struct files_struct *in_fsp;
struct tevent_req *subreq;
- inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
- if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
- return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+ status = smbd_smb2_request_verify_sizes(req, 0x18);
+ if (!NT_STATUS_IS_OK(status)) {
+ return smbd_smb2_request_error(req, status);
}
-
inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
- body_size = SVAL(inbody, 0x00);
- if (body_size != expected_body_size) {
- return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
- }
-
in_file_id_persistent = BVAL(inbody, 0x08);
in_file_id_volatile = BVAL(inbody, 0x10);
- if (req->compat_chain_fsp) {
- /* skip check */
- } else if (in_file_id_persistent != 0) {
+ in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile);
+ if (in_fsp == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
}
- subreq = smbd_smb2_flush_send(req,
- req->sconn->smb2.event_ctx,
- req,
- in_file_id_volatile);
+ subreq = smbd_smb2_flush_send(req, req->sconn->ev_ctx,
+ req, in_fsp);
if (subreq == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
tevent_req_set_callback(subreq, smbd_smb2_request_flush_done, req);
- if (tevent_req_is_in_progress(subreq)) {
- return smbd_smb2_request_pending_queue(req);
- }
-
- return NT_STATUS_OK;
+ return smbd_smb2_request_pending_queue(req, subreq, 500);
}
static void smbd_smb2_request_flush_done(struct tevent_req *subreq)
return;
}
- outbody = data_blob_talloc(req->out.vector, NULL, 0x10);
+ outbody = data_blob_talloc(req->out.vector, NULL, 0x04);
if (outbody.data == NULL) {
error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
if (!NT_STATUS_IS_OK(error)) {
static struct tevent_req *smbd_smb2_flush_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct smbd_smb2_request *smb2req,
- uint64_t in_file_id_volatile)
+ struct files_struct *fsp)
{
struct tevent_req *req;
struct smbd_smb2_flush_state *state;
NTSTATUS status;
struct smb_request *smbreq;
- files_struct *fsp;
req = tevent_req_create(mem_ctx, &state,
struct smbd_smb2_flush_state);
}
state->smb2req = smb2req;
- DEBUG(10,("smbd_smb2_flush: file_id[0x%016llX]\n",
- (unsigned long long)in_file_id_volatile));
+ DEBUG(10,("smbd_smb2_flush: %s - %s\n",
+ fsp_str_dbg(fsp), fsp_fnum_dbg(fsp)));
smbreq = smbd_smb2_fake_smb_request(smb2req);
if (tevent_req_nomem(smbreq, req)) {
return tevent_req_post(req, ev);
}
- fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile);
- if (fsp == NULL) {
- tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
- return tevent_req_post(req, ev);
- }
- if (smbreq->conn != fsp->conn) {
- tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
- return tevent_req_post(req, ev);
- }
- if (smb2req->session->vuid != fsp->vuid) {
- tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
- return tevent_req_post(req, ev);
- }
-
if (!CHECK_WRITE(fsp)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return tevent_req_post(req, ev);