summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-09-23 17:18:14 +0200
committerStefan Metzmacher <metze@samba.org>2011-10-13 01:59:05 +0200
commit40ea66c5dda91ba3f74bed7db1ce02f6c8b4ffeb (patch)
tree69e62fb96a417294f56afedb2bfad9d4b651d530
parent77f739f03a32965b676d97a6f082bb3e023014ef (diff)
downloadsamba-40ea66c5dda91ba3f74bed7db1ce02f6c8b4ffeb.tar.gz
samba-40ea66c5dda91ba3f74bed7db1ce02f6c8b4ffeb.tar.bz2
samba-40ea66c5dda91ba3f74bed7db1ce02f6c8b4ffeb.zip
s3:smb2_server: remember the max_{trans,read,write} sizes we negotiated (bug #8473)
We should enforce the negotiated max sizes instead of the lp_smb2_max_*() sizes. metze
-rw-r--r--source3/smbd/globals.h3
-rw-r--r--source3/smbd/smb2_find.c2
-rw-r--r--source3/smbd/smb2_negprot.c4
-rw-r--r--source3/smbd/smb2_notify.c2
-rw-r--r--source3/smbd/smb2_read.c4
-rw-r--r--source3/smbd/smb2_write.c5
6 files changed, 12 insertions, 8 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 4d954534dc..7095790b7c 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -610,6 +610,9 @@ struct smbd_server_connection {
uint64_t seqnum_low;
uint32_t credits_granted;
uint32_t max_credits;
+ uint32_t max_trans;
+ uint32_t max_read;
+ uint32_t max_write;
struct bitmap *credits_bitmap;
bool compound_related_in_progress;
} smb2;
diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
index 509b9d6ecd..e64db24d02 100644
--- a/source3/smbd/smb2_find.c
+++ b/source3/smbd/smb2_find.c
@@ -281,7 +281,7 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- if (in_output_buffer_length > lp_smb2_max_trans()) {
+ if (in_output_buffer_length > smb2req->sconn->smb2.max_trans) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
return tevent_req_post(req, ev);
}
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index c5ac2d553a..1733728c5f 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -101,7 +101,6 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
uint32_t max_read = lp_smb2_max_read();
uint32_t max_write = lp_smb2_max_write();
-
status = smbd_smb2_request_verify_sizes(req, 0x24);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
@@ -245,6 +244,9 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
outdyn = security_buffer;
req->sconn->using_smb2 = true;
+ req->sconn->smb2.max_trans = max_trans;
+ req->sconn->smb2.max_read = max_read;
+ req->sconn->smb2.max_write = max_write;
return smbd_smb2_request_done(req, outbody, &outdyn);
}
diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c
index a8b1eb433a..49c6a54497 100644
--- a/source3/smbd/smb2_notify.c
+++ b/source3/smbd/smb2_notify.c
@@ -73,7 +73,7 @@ NTSTATUS smbd_smb2_request_process_notify(struct smbd_smb2_request *req)
* 0x00010000 is what Windows 7 uses,
* Windows 2008 uses 0x00080000
*/
- if (in_output_buffer_length > lp_smb2_max_trans()) {
+ if (in_output_buffer_length > req->sconn->smb2.max_trans) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c
index 99f6e7a91f..405e82d0f7 100644
--- a/source3/smbd/smb2_read.c
+++ b/source3/smbd/smb2_read.c
@@ -74,9 +74,9 @@ NTSTATUS smbd_smb2_request_process_read(struct smbd_smb2_request *req)
in_remaining_bytes = IVAL(inbody, 0x28);
/* check the max read size */
- if (in_length > lp_smb2_max_read()) {
+ if (in_length > req->sconn->smb2.max_read) {
DEBUG(0,("here:%s: 0x%08X: 0x%08X\n",
- __location__, in_length, lp_smb2_max_read()));
+ __location__, in_length, req->sconn->smb2.max_read));
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}
diff --git a/source3/smbd/smb2_write.c b/source3/smbd/smb2_write.c
index b47f8a02a1..e95b967608 100644
--- a/source3/smbd/smb2_write.c
+++ b/source3/smbd/smb2_write.c
@@ -78,11 +78,10 @@ NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req)
}
/* check the max write size */
- if (in_data_length > lp_smb2_max_write()) {
- /* This is a warning. */
+ if (in_data_length > req->sconn->smb2.max_write) {
DEBUG(2,("smbd_smb2_request_process_write : "
"client ignored max write :%s: 0x%08X: 0x%08X\n",
- __location__, in_data_length, lp_smb2_max_write()));
+ __location__, in_data_length, req->sconn->smb2.max_write));
#if 0
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
#endif