diff options
-rw-r--r-- | source3/smbd/smb2_ioctl.c | 42 |
1 files changed, 12 insertions, 30 deletions
diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c index 0d17407cf3..7710a9ebb2 100644 --- a/source3/smbd/smb2_ioctl.c +++ b/source3/smbd/smb2_ioctl.c @@ -30,8 +30,8 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, + struct files_struct *in_fsp, uint32_t in_ctl_code, - uint64_t in_file_id_volatile, DATA_BLOB in_input, uint32_t in_max_output, uint32_t in_flags); @@ -54,6 +54,7 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req) uint32_t in_ctl_code; uint64_t in_file_id_persistent; uint64_t in_file_id_volatile; + struct files_struct *in_fsp = NULL; uint32_t in_input_offset; uint32_t in_input_length; DATA_BLOB in_input_buffer = data_blob_null; @@ -206,19 +207,17 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req) } break; default: - if (req->compat_chain_fsp) { - /* skip check */ - } else if (in_file_id_persistent != in_file_id_volatile) { + in_fsp = file_fsp_smb2(req, in_file_id_persistent, + in_file_id_volatile); + if (in_fsp == NULL) { return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED); } break; } - subreq = smbd_smb2_ioctl_send(req, - req->sconn->ev_ctx, - req, + subreq = smbd_smb2_ioctl_send(req, req->sconn->ev_ctx, + req, in_fsp, in_ctl_code, - in_file_id_volatile, in_input_buffer, in_max_output_length, in_flags); @@ -347,8 +346,8 @@ static void smbd_smb2_ioctl_pipe_read_done(struct tevent_req *subreq); static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbd_smb2_request *smb2req, + struct files_struct *fsp, uint32_t in_ctl_code, - uint64_t in_file_id_volatile, DATA_BLOB in_input, uint32_t in_max_output, uint32_t in_flags) @@ -356,7 +355,6 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx, struct tevent_req *req; struct smbd_smb2_ioctl_state *state; struct smb_request *smbreq; - files_struct *fsp = NULL; struct tevent_req *subreq; req = tevent_req_create(mem_ctx, &state, @@ -366,14 +364,15 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx, } state->smb2req = smb2req; state->smbreq = NULL; - state->fsp = NULL; + state->fsp = fsp; state->in_input = in_input; state->in_max_output = in_max_output; state->out_output = data_blob_null; - DEBUG(10, ("smbd_smb2_ioctl: ctl_code[0x%08x] file_id[0x%016llX]\n", + DEBUG(10, ("smbd_smb2_ioctl: ctl_code[0x%08x] %s fnum[%d]\n", (unsigned)in_ctl_code, - (unsigned long long)in_file_id_volatile)); + fsp ? fsp_str_dbg(fsp) : "<no handle>", + fsp ? fsp->fnum : -1)); smbreq = smbd_smb2_fake_smb_request(smb2req); if (tevent_req_nomem(smbreq, req)) { @@ -381,23 +380,6 @@ static struct tevent_req *smbd_smb2_ioctl_send(TALLOC_CTX *mem_ctx, } state->smbreq = smbreq; - if (in_file_id_volatile != UINT64_MAX) { - fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile); - if (fsp == NULL) { - tevent_req_nterror(req, NT_STATUS_FILE_CLOSED); - return tevent_req_post(req, ev); - } - if (smbreq->conn != fsp->conn) { - tevent_req_nterror(req, NT_STATUS_FILE_CLOSED); - return tevent_req_post(req, ev); - } - if (smb2req->session->vuid != fsp->vuid) { - tevent_req_nterror(req, NT_STATUS_FILE_CLOSED); - return tevent_req_post(req, ev); - } - state->fsp = fsp; - } - switch (in_ctl_code) { case 0x00060194: /* FSCTL_DFS_GET_REFERRALS */ { |