NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req) { struct smbXsrv_connection *xconn = req->xconn; NTSTATUS status; const uint8_t *inbody; uint16_t in_data_offset; uint32_t in_data_length; DATA_BLOB in_data_buffer; uint64_t in_offset; uint64_t in_file_id_persistent; uint64_t in_file_id_volatile; struct files_struct *in_fsp; uint32_t in_flags; size_t in_dyn_len = 0; uint8_t *in_dyn_ptr = NULL; struct tevent_req *subreq; status = smbd_smb2_request_verify_sizes(req, 0x31); if (!NT_STATUS_IS_OK(status)) { return smbd_smb2_request_error(req, status); } inbody = SMBD_SMB2_IN_BODY_PTR(req); in_data_offset = SVAL(inbody, 0x02); in_data_length = IVAL(inbody, 0x04); in_offset = BVAL(inbody, 0x08); in_file_id_persistent = BVAL(inbody, 0x10); in_file_id_volatile = BVAL(inbody, 0x18); in_flags = IVAL(inbody, 0x2C); if (in_data_offset != (SMB2_HDR_BODY + SMBD_SMB2_IN_BODY_LEN(req))) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } if (req->smb1req != NULL && req->smb1req->unread_bytes > 0) { in_dyn_ptr = NULL; in_dyn_len = req->smb1req->unread_bytes; } else { in_dyn_ptr = SMBD_SMB2_IN_DYN_PTR(req); in_dyn_len = SMBD_SMB2_IN_DYN_LEN(req); } if (in_data_length > in_dyn_len) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } /* check the max write size */ if (in_data_length > xconn->smb2.server.max_write) { DEBUG(2,("smbd_smb2_request_process_write : " "client ignored max write :%s: 0x%08X: 0x%08X\n", __location__, in_data_length, xconn->smb2.server.max_write)); return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } /* * Note: that in_dyn_ptr is NULL for the recvfile case. */ in_data_buffer.data = in_dyn_ptr; in_data_buffer.length = in_data_length; status = smbd_smb2_request_verify_creditcharge(req, in_data_length); if (!NT_STATUS_IS_OK(status)) { return smbd_smb2_request_error(req, status); } in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile); if (in_fsp == NULL) { return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED); } subreq = smbd_smb2_write_send(req, req->sconn->ev_ctx, req, in_fsp, in_data_buffer, in_offset, in_flags); if (subreq == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } tevent_req_set_callback(subreq, smbd_smb2_request_write_done, req); return smbd_smb2_request_pending_queue(req, subreq, 500); }
NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req) { NTSTATUS status; const uint8_t *inhdr; const uint8_t *inbody; int i = req->current_idx; uint32_t in_smbpid; uint16_t in_data_offset; uint32_t in_data_length; DATA_BLOB in_data_buffer; uint64_t in_offset; uint64_t in_file_id_persistent; uint64_t in_file_id_volatile; struct files_struct *in_fsp; uint32_t in_flags; struct tevent_req *subreq; status = smbd_smb2_request_verify_sizes(req, 0x31); if (!NT_STATUS_IS_OK(status)) { return smbd_smb2_request_error(req, status); } inhdr = (const uint8_t *)req->in.vector[i+0].iov_base; inbody = (const uint8_t *)req->in.vector[i+1].iov_base; in_smbpid = IVAL(inhdr, SMB2_HDR_PID); in_data_offset = SVAL(inbody, 0x02); in_data_length = IVAL(inbody, 0x04); in_offset = BVAL(inbody, 0x08); in_file_id_persistent = BVAL(inbody, 0x10); in_file_id_volatile = BVAL(inbody, 0x18); in_flags = IVAL(inbody, 0x2C); if (in_data_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } if (in_data_length > req->in.vector[i+2].iov_len) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } /* check the max write size */ if (in_data_length > req->sconn->smb2.max_write) { DEBUG(2,("smbd_smb2_request_process_write : " "client ignored max write :%s: 0x%08X: 0x%08X\n", __location__, in_data_length, req->sconn->smb2.max_write)); return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } in_data_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base; in_data_buffer.length = in_data_length; in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile); if (in_fsp == NULL) { return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED); } subreq = smbd_smb2_write_send(req, req->sconn->smb2.event_ctx, req, in_fsp, in_smbpid, in_data_buffer, in_offset, in_flags); if (subreq == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } tevent_req_set_callback(subreq, smbd_smb2_request_write_done, req); return smbd_smb2_request_pending_queue(req, subreq); }