summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/libcli/raw/interfaces.h6
-rw-r--r--source4/libcli/smb2/flush.c6
-rw-r--r--source4/smb_server/smb2/fileio.c7
-rw-r--r--source4/torture/gentest_smb2.c46
4 files changed, 47 insertions, 18 deletions
diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 149b91916a..3370021d48 100644
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -2156,8 +2156,12 @@ union smb_flush {
enum smb_flush_level level;
struct {
union smb_handle file;
- uint32_t unknown;
+ uint16_t reserved1;
+ uint32_t reserved2;
} in;
+ struct {
+ uint16_t reserved;
+ } out;
} smb2;
};
diff --git a/source4/libcli/smb2/flush.c b/source4/libcli/smb2/flush.c
index 116068ed6e..577d1ba1ba 100644
--- a/source4/libcli/smb2/flush.c
+++ b/source4/libcli/smb2/flush.c
@@ -33,8 +33,8 @@ struct smb2_request *smb2_flush_send(struct smb2_tree *tree, struct smb2_flush *
req = smb2_request_init_tree(tree, SMB2_OP_FLUSH, 0x18, false, 0);
if (req == NULL) return NULL;
- SSVAL(req->out.body, 0x02, 0); /* pad? */
- SIVAL(req->out.body, 0x04, io->in.unknown);
+ SSVAL(req->out.body, 0x02, io->in.reserved1);
+ SIVAL(req->out.body, 0x04, io->in.reserved2);
smb2_push_handle(req->out.body+0x08, &io->in.file.handle);
smb2_transport_send(req);
@@ -55,6 +55,8 @@ NTSTATUS smb2_flush_recv(struct smb2_request *req, struct smb2_flush *io)
SMB2_CHECK_PACKET_RECV(req, 0x04, false);
+ io->out.reserved = SVAL(req->in.body, 0x02);
+
return smb2_request_destroy(req);
}
diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c
index 0feb259038..5ab217bbfd 100644
--- a/source4/smb_server/smb2/fileio.c
+++ b/source4/smb_server/smb2/fileio.c
@@ -135,7 +135,7 @@ static void smb2srv_flush_send(struct ntvfs_request *ntvfs)
SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_flush);
SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, false, 0));
- SSVAL(req->out.body, 0x02, 0);
+ SSVAL(req->out.body, 0x02, io->smb2.out.reserved);
smb2srv_send_reply(req);
}
@@ -143,15 +143,14 @@ static void smb2srv_flush_send(struct ntvfs_request *ntvfs)
void smb2srv_flush_recv(struct smb2srv_request *req)
{
union smb_flush *io;
- uint16_t _pad;
SMB2SRV_CHECK_BODY_SIZE(req, 0x18, false);
SMB2SRV_TALLOC_IO_PTR(io, union smb_flush);
SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_flush_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->smb2.level = RAW_FLUSH_SMB2;
- _pad = SVAL(req->in.body, 0x02);
- io->smb2.in.unknown = IVAL(req->in.body, 0x04);
+ io->smb2.in.reserved1 = SVAL(req->in.body, 0x02);
+ io->smb2.in.reserved2 = IVAL(req->in.body, 0x04);
io->smb2.in.file.ntvfs = smb2srv_pull_handle(req, req->in.body, 0x08);
SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
diff --git a/source4/torture/gentest_smb2.c b/source4/torture/gentest_smb2.c
index 68e9e2c20b..fc6dbcbb9a 100644
--- a/source4/torture/gentest_smb2.c
+++ b/source4/torture/gentest_smb2.c
@@ -349,8 +349,8 @@ static uint16_t gen_fnum(int instance)
*/
static uint16_t gen_fnum_close(int instance)
{
- if (num_open_handles < 3) {
- if (gen_chance(80)) return BAD_HANDLE;
+ if (num_open_handles < 5) {
+ if (gen_chance(90)) return BAD_HANDLE;
}
return gen_fnum(instance);
@@ -573,8 +573,8 @@ static uint32_t gen_ntcreatex_flags(void)
*/
static uint32_t gen_access_mask(void)
{
- if (gen_chance(50)) return SEC_FLAG_MAXIMUM_ALLOWED;
- if (gen_chance(20)) return SEC_FILE_ALL;
+ if (gen_chance(70)) return SEC_FLAG_MAXIMUM_ALLOWED;
+ if (gen_chance(70)) return SEC_FILE_ALL;
return gen_bits_mask(0xFFFFFFFF);
}
@@ -593,6 +593,7 @@ static uint32_t gen_create_options(void)
*/
static uint32_t gen_open_disp(void)
{
+ if (gen_chance(50)) return NTCREATEX_DISP_OPEN_IF;
if (gen_chance(10)) return gen_bits_mask(0xFFFFFFFF);
return gen_int_range(0, 5);
}
@@ -1002,20 +1003,20 @@ again:
/*
generate ntcreatex operations
*/
-static bool handler_ntcreatex(int instance)
+static bool handler_create(int instance)
{
struct smb2_create parm[NSERVERS];
NTSTATUS status[NSERVERS];
ZERO_STRUCT(parm[0]);
- parm[0].in.security_flags = gen_bits_levels(3, 70, 0x0, 70, 0x3, 100, 0xFF);
- parm[0].in.oplock_level = gen_bits_levels(3, 70, 0x0, 70, 0x9, 100, 0xFF);
- parm[0].in.impersonation_level = gen_bits_levels(3, 70, 0x0, 70, 0x3, 100, 0xFFFFFFFF);
- parm[0].in.create_flags = gen_bits_levels(2, 80, 0x0, 100, 0xFFFFFFFF);
+ parm[0].in.security_flags = gen_bits_levels(3, 90, 0x0, 70, 0x3, 100, 0xFF);
+ parm[0].in.oplock_level = gen_bits_levels(3, 90, 0x0, 70, 0x9, 100, 0xFF);
+ parm[0].in.impersonation_level = gen_bits_levels(3, 90, 0x0, 70, 0x3, 100, 0xFFFFFFFF);
+ parm[0].in.create_flags = gen_bits_levels(2, 90, 0x0, 100, 0xFFFFFFFF);
if (gen_chance(2)) {
parm[0].in.create_flags |= gen_bits_mask(0xFFFFFFFF);
}
- parm[0].in.reserved = gen_bits_levels(2, 80, 0x0, 100, 0xFFFFFFFF);
+ parm[0].in.reserved = gen_bits_levels(2, 95, 0x0, 100, 0xFFFFFFFF);
if (gen_chance(2)) {
parm[0].in.reserved |= gen_bits_mask(0xFFFFFFFF);
}
@@ -1171,6 +1172,28 @@ static bool handler_lock(int instance)
return true;
}
+/*
+ generate flush operations
+*/
+static bool handler_flush(int instance)
+{
+ struct smb2_flush parm[NSERVERS];
+ NTSTATUS status[NSERVERS];
+
+ ZERO_STRUCT(parm[0]);
+ parm[0].in.file.handle.data[0] = gen_fnum(instance);
+ parm[0].in.reserved1 = gen_bits_mask2(0x0, 0xFFFF);
+ parm[0].in.reserved2 = gen_bits_mask2(0x0, 0xFFFFFFFF);
+
+ GEN_COPY_PARM;
+ GEN_SET_FNUM(in.file.handle);
+ GEN_CALL(smb2_flush(tree, &parm[i]));
+
+ CHECK_EQUAL(out.reserved);
+
+ return true;
+}
+
#if 0
/*
@@ -1577,11 +1600,12 @@ static struct {
bool (*handler)(int instance);
int count, success_count;
} gen_ops[] = {
- {"NTCREATEX", handler_ntcreatex},
+ {"CREATE", handler_create},
{"CLOSE", handler_close},
{"READ", handler_read},
{"WRITE", handler_write},
{"LOCK", handler_lock},
+ {"FLUSH", handler_flush},
};
generated by cgit (git 2.34.1) at 2024-07-05 10:16:12 +0000