diff options
-rw-r--r-- | source3/smbd/process.c | 2 | ||||
-rw-r--r-- | source3/smbd/reply.c | 32 |
2 files changed, 23 insertions, 11 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index e05a941542..e0da594450 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -702,7 +702,7 @@ static const struct smb_message_struct { /* 0x09 */ { "SMBsetatr",NULL,reply_setatr,AS_USER | NEED_WRITE}, /* 0x0a */ { "SMBread",NULL,reply_read,AS_USER}, /* 0x0b */ { "SMBwrite",NULL,reply_write,AS_USER | CAN_IPC }, -/* 0x0c */ { "SMBlock",reply_lock,NULL,AS_USER}, +/* 0x0c */ { "SMBlock",NULL,reply_lock,AS_USER}, /* 0x0d */ { "SMBunlock",reply_unlock,NULL,AS_USER}, /* 0x0e */ { "SMBctemp",NULL,reply_ctemp,AS_USER }, /* 0x0f */ { "SMBmknew",NULL,reply_mknew,AS_USER}, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 37d13bfa96..00b3e514c6 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -3974,30 +3974,39 @@ int reply_writeclose(connection_struct *conn, Reply to a lock. ****************************************************************************/ -int reply_lock(connection_struct *conn, - char *inbuf,char *outbuf, int length, int dum_buffsize) +void reply_lock(connection_struct *conn, struct smb_request *req) { - int outsize = set_message(inbuf,outbuf,0,0,False); SMB_BIG_UINT count,offset; NTSTATUS status; - files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0)); + files_struct *fsp; struct byte_range_lock *br_lck = NULL; START_PROFILE(SMBlock); - CHECK_FSP(fsp,conn); + if (req->wct < 5) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + END_PROFILE(SMBlock); + return; + } + + fsp = file_fsp(SVAL(req->inbuf,smb_vwv0)); + + if (!check_fsp(conn, req, fsp, ¤t_user)) { + END_PROFILE(SMBlock); + return; + } release_level_2_oplocks_on_change(fsp); - count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1); - offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3); + count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1); + offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3); DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n", fsp->fh->fd, fsp->fnum, (double)offset, (double)count)); br_lck = do_lock(smbd_messaging_context(), fsp, - (uint32)SVAL(inbuf,smb_pid), + req->smbpid, count, offset, WRITE_LOCK, @@ -4009,12 +4018,15 @@ int reply_lock(connection_struct *conn, TALLOC_FREE(br_lck); if (NT_STATUS_V(status)) { + reply_nterror(req, status); END_PROFILE(SMBlock); - return ERROR_NT(status); + return; } + reply_outbuf(req, 0, 0); + END_PROFILE(SMBlock); - return(outsize); + return; } /**************************************************************************** |