NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req)
{
struct smbXsrv_connection *xconn = req->xconn;
NTSTATUS status;
const uint8_t *inbody;
uint16_t in_data_offset;
uint32_t in_data_length;
DATA_BLOB in_data_buffer;
uint64_t in_offset;
uint64_t in_file_id_persistent;
uint64_t in_file_id_volatile;
struct files_struct *in_fsp;
uint32_t in_flags;
size_t in_dyn_len = 0;
uint8_t *in_dyn_ptr = NULL;
struct tevent_req *subreq;
status = smbd_smb2_request_verify_sizes(req, 0x31);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
inbody = SMBD_SMB2_IN_BODY_PTR(req);
in_data_offset = SVAL(inbody, 0x02);
in_data_length = IVAL(inbody, 0x04);
in_offset = BVAL(inbody, 0x08);
in_file_id_persistent = BVAL(inbody, 0x10);
in_file_id_volatile = BVAL(inbody, 0x18);
in_flags = IVAL(inbody, 0x2C);
if (in_data_offset != (SMB2_HDR_BODY + SMBD_SMB2_IN_BODY_LEN(req))) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
if (req->smb1req != NULL && req->smb1req->unread_bytes > 0) {
in_dyn_ptr = NULL;
in_dyn_len = req->smb1req->unread_bytes;
} else {
in_dyn_ptr = SMBD_SMB2_IN_DYN_PTR(req);
in_dyn_len = SMBD_SMB2_IN_DYN_LEN(req);
}
if (in_data_length > in_dyn_len) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
/* check the max write size */
if (in_data_length > xconn->smb2.server.max_write) {
DEBUG(2,("smbd_smb2_request_process_write : "
"client ignored max write :%s: 0x%08X: 0x%08X\n",
__location__, in_data_length, xconn->smb2.server.max_write));
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
/*
* Note: that in_dyn_ptr is NULL for the recvfile case.
*/
in_data_buffer.data = in_dyn_ptr;
in_data_buffer.length = in_data_length;
status = smbd_smb2_request_verify_creditcharge(req, in_data_length);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile);
if (in_fsp == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
}
subreq = smbd_smb2_write_send(req, req->sconn->ev_ctx,
req, in_fsp,
in_data_buffer,
in_offset,
in_flags);
if (subreq == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
tevent_req_set_callback(subreq, smbd_smb2_request_write_done, req);
return smbd_smb2_request_pending_queue(req, subreq, 500);
}
NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req)
{
NTSTATUS status;
const uint8_t *inhdr;
const uint8_t *inbody;
int i = req->current_idx;
uint32_t in_smbpid;
uint16_t in_data_offset;
uint32_t in_data_length;
DATA_BLOB in_data_buffer;
uint64_t in_offset;
uint64_t in_file_id_persistent;
uint64_t in_file_id_volatile;
struct files_struct *in_fsp;
uint32_t in_flags;
struct tevent_req *subreq;
status = smbd_smb2_request_verify_sizes(req, 0x31);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
in_smbpid = IVAL(inhdr, SMB2_HDR_PID);
in_data_offset = SVAL(inbody, 0x02);
in_data_length = IVAL(inbody, 0x04);
in_offset = BVAL(inbody, 0x08);
in_file_id_persistent = BVAL(inbody, 0x10);
in_file_id_volatile = BVAL(inbody, 0x18);
in_flags = IVAL(inbody, 0x2C);
if (in_data_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
if (in_data_length > req->in.vector[i+2].iov_len) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
/* check the max write size */
if (in_data_length > req->sconn->smb2.max_write) {
DEBUG(2,("smbd_smb2_request_process_write : "
"client ignored max write :%s: 0x%08X: 0x%08X\n",
__location__, in_data_length, req->sconn->smb2.max_write));
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
in_data_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
in_data_buffer.length = in_data_length;
in_fsp = file_fsp_smb2(req, in_file_id_persistent, in_file_id_volatile);
if (in_fsp == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
}
subreq = smbd_smb2_write_send(req, req->sconn->smb2.event_ctx,
req, in_fsp,
in_smbpid,
in_data_buffer,
in_offset,
in_flags);
if (subreq == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
tevent_req_set_callback(subreq, smbd_smb2_request_write_done, req);
return smbd_smb2_request_pending_queue(req, subreq);
}