fill in unknown fields in SMB2 READ call

(This used to be commit 9b686c138037f613da15168d0722786e00f023e5)

4 files changed, 31 insertions, 13 deletions

diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 3965c58204..61441b2cdc 100644
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -1706,19 +1706,27 @@ union smb_read {
 
 			/* static body buffer 48 (0x30) bytes */
 			/* uint16_t buffer_code;  0x31 = 0x30 + 1 */
-			uint16_t _pad;
+			uint8_t _pad;
+			uint8_t reserved;
 			uint32_t length;
 			uint64_t offset;
 			/* struct smb2_handle handle; */
-			uint64_t unknown1; /* 0x0000000000000000 */
-			uint64_t unknown2; /* 0x0000000000000000 */
+			uint32_t min_count;
+			uint32_t channel;
+			uint32_t remaining;
+			/* the docs give no indication of what
+			   these channel variables are for */
+			uint16_t channel_offset;
+			uint16_t channel_length;
 		} in;
 		struct {
 			/* static body buffer 16 (0x10) bytes */
 			/* uint16_t buffer_code;  0x11 = 0x10 + 1 */
-			/* uint16_t data_ofs; */
+			/* uint8_t data_ofs; */
+			/* uint8_t reserved; */
 			/* uint32_t data_size; */
-			uint64_t unknown1; /* 0x0000000000000000 */
+			uint32_t remaining;
+			uint32_t reserved;
 
 			/* dynamic body */
 			DATA_BLOB data;
diff --git a/source4/libcli/smb2/read.c b/source4/libcli/smb2/read.c
index b61f918481..9d40e32a4d 100644
--- a/source4/libcli/smb2/read.c
+++ b/source4/libcli/smb2/read.c
@@ -33,12 +33,16 @@ struct smb2_request *smb2_read_send(struct smb2_tree *tree, struct smb2_read *io
 	req = smb2_request_init_tree(tree, SMB2_OP_READ, 0x30, true, 0);
 	if (req == NULL) return NULL;
 
-	SSVAL(req->out.body, 0x02, 0); /* pad */
+	SCVAL(req->out.body, 0x02, 0); /* pad */
+	SCVAL(req->out.body, 0x03, 0); /* reserved */
 	SIVAL(req->out.body, 0x04, io->in.length);
 	SBVAL(req->out.body, 0x08, io->in.offset);
 	smb2_push_handle(req->out.body+0x10, &io->in.file.handle);
-	SBVAL(req->out.body, 0x20, io->in.unknown1);
-	SBVAL(req->out.body, 0x28, io->in.unknown2);
+	SIVAL(req->out.body, 0x20, io->in.min_count);
+	SIVAL(req->out.body, 0x24, io->in.channel);
+	SIVAL(req->out.body, 0x28, io->in.remaining);
+	SSVAL(req->out.body, 0x2C, io->in.channel_offset);
+	SSVAL(req->out.body, 0x2E, io->in.channel_length);
 
 	smb2_transport_send(req);
 
@@ -67,7 +71,8 @@ NTSTATUS smb2_read_recv(struct smb2_request *req,
 		return status;
 	}
 
-	io->out.unknown1 = BVAL(req->in.body, 0x08);
+	io->out.remaining = IVAL(req->in.body, 0x08);
+	io->out.reserved  = IVAL(req->in.body, 0x0C);
 
 	return smb2_request_destroy(req);
 }
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index e1a86c07c0..fee3269eaf 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -1214,7 +1214,8 @@ static NTSTATUS ntvfs_map_read_finish(struct ntvfs_module_context *ntvfs,
 		break;
 	case RAW_READ_SMB2:
 		rd->smb2.out.data.length= rd2->generic.out.nread;
-		rd->smb2.out.unknown1	= 0;
+		rd->smb2.out.remaining	= 0;
+		rd->smb2.out.reserved	= 0;
 		break;
 	default:
 		return NT_STATUS_INVALID_LEVEL;
diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c
index 0e3df56b42..8f8b4e771c 100644
--- a/source4/smb_server/smb2/fileio.c
+++ b/source4/smb_server/smb2/fileio.c
@@ -167,7 +167,8 @@ static void smb2srv_read_send(struct ntvfs_request *ntvfs)
 
 	/* TODO: avoid the memcpy */
 	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, io->smb2.out.data));
-	SBVAL(req->out.body,	0x08,	io->smb2.out.unknown1);
+	SIVAL(req->out.body,	0x08,	io->smb2.out.remaining);
+	SIVAL(req->out.body,	0x0C,	io->smb2.out.reserved);
 
 	smb2srv_send_reply(req);
 }
@@ -185,8 +186,11 @@ void smb2srv_read_recv(struct smb2srv_request *req)
 	io->smb2.in.length		= IVAL(req->in.body, 0x04);
 	io->smb2.in.offset		= BVAL(req->in.body, 0x08);
 	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x10);
-	io->smb2.in.unknown1		= BVAL(req->in.body, 0x20);
-	io->smb2.in.unknown2		= BVAL(req->in.body, 0x28);
+	io->smb2.in.min_count		= IVAL(req->in.body, 0x20);
+	io->smb2.in.channel		= IVAL(req->in.body, 0x24);
+	io->smb2.in.remaining		= IVAL(req->in.body, 0x28);
+	io->smb2.in.channel_offset      = SVAL(req->in.body, 0x2C);
+	io->smb2.in.channel_length      = SVAL(req->in.body, 0x2E);
 
 	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);