diff options
| author | Stefan Metzmacher <metze@samba.org> | 2005-11-16 11:01:15 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:46:20 -0500 |
| commit | e9eb56068573d89f8ce45f08220ca870b3daa669 (patch) | |
| tree | 49e99d6c86f3e921c6b6a06570a6d7799f5064f7 /source4/libcli/smb2/write.c | |
| parent | 43fa1b6dbd5e03251572fb6c2ee7c7f59f413c7d (diff) | |
| download | samba-e9eb56068573d89f8ce45f08220ca870b3daa669.tar.gz samba-e9eb56068573d89f8ce45f08220ca870b3daa669.tar.bz2 samba-e9eb56068573d89f8ce45f08220ca870b3daa669.zip | |
r11741: - the buffer code (first 2 bytes in the SMB2 body) seem to be the length
of the fixed body part, and +1 if there's a dynamic part
- there're 3 types of dynamic blobs
with uint16_t offset/uint16_t size
with uint16_t offset/uint32_t size
with uint32_t offset/uint32_t size /* aligned to 8 bytes */
- strings are transmitted in UTF-16 with no termination and
packet into a uint16/uint16 blob
metze
(This used to be commit 79103c51e5c752fbdb4d25a0047b65002828df89)
Diffstat (limited to 'source4/libcli/smb2/write.c')
| -rw-r--r-- | source4/libcli/smb2/write.c | 27 |
1 files changed, 12 insertions, 15 deletions
diff --git a/source4/libcli/smb2/write.c b/source4/libcli/smb2/write.c index a8e644f2d1..0b28b820ec 100644 --- a/source4/libcli/smb2/write.c +++ b/source4/libcli/smb2/write.c @@ -33,21 +33,21 @@ struct smb2_request *smb2_write_send(struct smb2_tree *tree, struct smb2_write * NTSTATUS status; struct smb2_request *req; - req = smb2_request_init_tree(tree, SMB2_OP_WRITE, io->in.data.length + 0x30); + req = smb2_request_init_tree(tree, SMB2_OP_WRITE, 0x30, io->in.data.length); if (req == NULL) return NULL; - SSVAL(req->out.body, 0x00, io->in.buffer_code); - SSVAL(req->out.body, 0x02, req->out.body+0x30 - req->out.hdr); - SIVAL(req->out.body, 0x04, io->in.data.length); - SBVAL(req->out.body, 0x08, io->in.offset); - smb2_put_handle(req->out.body+0x10, &io->in.handle); - memcpy(req->out.body+0x20, io->in._pad, 0x10); - - status = smb2_push_blob(&req->out, req->out.body+0x30, io->in.data); + status = smb2_push_o16s32_blob(&req->out, req->out.body+0x02, io->in.data); if (!NT_STATUS_IS_OK(status)) { + talloc_free(req); return NULL; } + SBVAL(req->out.body, 0x08, io->in.offset); + smb2_push_handle(req->out.body+0x10, &io->in.handle); + + SBVAL(req->out.body, 0x20, io->in.unknown1); + SBVAL(req->out.body, 0x28, io->in.unknown2); + smb2_transport_send(req); return req; @@ -64,15 +64,12 @@ NTSTATUS smb2_write_recv(struct smb2_request *req, struct smb2_write *io) return smb2_request_destroy(req); } - if (req->in.body_size < 17) { - return NT_STATUS_BUFFER_TOO_SMALL; - } - - SMB2_CHECK_BUFFER_CODE(req, 0x11); + SMB2_CHECK_PACKET_RECV(req, 0x11, False); io->out._pad = SVAL(req->in.body, 0x02); io->out.nwritten = IVAL(req->in.body, 0x04); - memcpy(io->out.unknown, req->in.body+0x08, 9); + io->out.unknown1 = BVAL(req->in.body, 0x08); + io->out._bug = CVAL(req->in.body, 0x10); return smb2_request_destroy(req); } |