diff options
-rw-r--r-- | source3/smbd/process.c | 2 | ||||
-rw-r--r-- | source3/smbd/reply.c | 54 |
2 files changed, 37 insertions, 19 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 64e41ff155..6751272567 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -734,7 +734,7 @@ static const struct smb_message_struct { /* 0x29 */ { "SMBcopy",reply_copy,NULL,AS_USER | NEED_WRITE }, /* 0x2a */ { "SMBmove",NULL, NULL,AS_USER | NEED_WRITE }, /* 0x2b */ { "SMBecho",NULL,reply_echo,0}, -/* 0x2c */ { "SMBwriteclose",reply_writeclose,NULL,AS_USER}, +/* 0x2c */ { "SMBwriteclose",NULL,reply_writeclose,AS_USER}, /* 0x2d */ { "SMBopenX",NULL,reply_open_and_X,AS_USER | CAN_IPC }, /* 0x2e */ { "SMBreadX",NULL,reply_read_and_X,AS_USER | CAN_IPC }, /* 0x2f */ { "SMBwriteX",NULL,reply_write_and_X,AS_USER | CAN_IPC }, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 59a5caad1a..9313f3883c 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -3903,32 +3903,48 @@ void reply_close(connection_struct *conn, struct smb_request *req) Reply to a writeclose (Core+ protocol). ****************************************************************************/ -int reply_writeclose(connection_struct *conn, - char *inbuf,char *outbuf, int size, int dum_buffsize) +void reply_writeclose(connection_struct *conn, struct smb_request *req) { size_t numtowrite; ssize_t nwritten = -1; - int outsize = 0; NTSTATUS close_status = NT_STATUS_OK; SMB_OFF_T startpos; char *data; struct timespec mtime; - files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0)); + files_struct *fsp; + START_PROFILE(SMBwriteclose); - CHECK_FSP(fsp,conn); + if (req->wct < 6) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + END_PROFILE(SMBwriteclose); + return; + } + + fsp = file_fsp(SVAL(req->inbuf,smb_vwv0)); + + if (!check_fsp(conn, req, fsp, ¤t_user)) { + END_PROFILE(SMBwriteclose); + return; + } if (!CHECK_WRITE(fsp)) { - return(ERROR_DOS(ERRDOS,ERRbadaccess)); + reply_doserror(req, ERRDOS,ERRbadaccess); + END_PROFILE(SMBwriteclose); + return; } - numtowrite = SVAL(inbuf,smb_vwv1); - startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); - mtime = convert_time_t_to_timespec(srv_make_unix_date3(inbuf+smb_vwv4)); - data = smb_buf(inbuf) + 1; + numtowrite = SVAL(req->inbuf,smb_vwv1); + startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2); + mtime = convert_time_t_to_timespec(srv_make_unix_date3( + req->inbuf+smb_vwv4)); + data = smb_buf(req->inbuf) + 1; - if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) { + if (numtowrite + && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite, + (SMB_BIG_UINT)startpos, WRITE_LOCK)) { + reply_doserror(req, ERRDOS,ERRlock); END_PROFILE(SMBwriteclose); - return ERROR_DOS(ERRDOS,ERRlock); + return; } nwritten = write_file(fsp,data,startpos,numtowrite); @@ -3951,20 +3967,22 @@ int reply_writeclose(connection_struct *conn, conn->num_files_open)); if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) { + reply_doserror(req, ERRHRD, ERRdiskfull); END_PROFILE(SMBwriteclose); - return(UNIXERROR(ERRHRD,ERRdiskfull)); + return; } if(!NT_STATUS_IS_OK(close_status)) { + reply_nterror(req, close_status); END_PROFILE(SMBwriteclose); - return ERROR_NT(close_status); + return; } - - outsize = set_message(inbuf,outbuf,1,0,True); + + reply_outbuf(req, 1, 0); - SSVAL(outbuf,smb_vwv0,nwritten); + SSVAL(req->outbuf,smb_vwv0,nwritten); END_PROFILE(SMBwriteclose); - return(outsize); + return; } #undef DBGC_CLASS |