summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/smb.h1
-rw-r--r--source4/smb_server/nttrans.c8
-rw-r--r--source4/smb_server/reply.c8
-rw-r--r--source4/smb_server/request.c6
-rw-r--r--source4/smb_server/trans2.c8
5 files changed, 8 insertions, 23 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h
index 16af58db7d..46b2dd03ca 100644
--- a/source4/include/smb.h
+++ b/source4/include/smb.h
@@ -607,7 +607,6 @@ typedef struct nt_user_token {
/* a set of flags to control handling of request structures */
-#define REQ_CONTROL_PROTECTED (1<<0) /* don't destroy this request */
#define REQ_CONTROL_LARGE (1<<1) /* allow replies larger than max_xmit */
#define REQ_CONTROL_ASYNC (1<<2) /* the backend will answer this one later */
diff --git a/source4/smb_server/nttrans.c b/source4/smb_server/nttrans.c
index bd8c49c594..683e9e3386 100644
--- a/source4/smb_server/nttrans.c
+++ b/source4/smb_server/nttrans.c
@@ -198,8 +198,6 @@ void reply_nttrans(struct smbsrv_request *req)
params = trans.out.params.data;
data = trans.out.data.data;
- req->control_flags |= REQ_CONTROL_PROTECTED;
-
/* we need to divide up the reply into chunks that fit into
the negotiated buffer size */
do {
@@ -254,9 +252,9 @@ void reply_nttrans(struct smbsrv_request *req)
params += this_param;
data += this_data;
- /* if this is the last chunk then the request can be destroyed */
- if (params_left == 0 && data_left == 0) {
- req->control_flags &= ~REQ_CONTROL_PROTECTED;
+ /* don't destroy unless this is the last segment */
+ if (params_left != 0 || data_left != 0) {
+ talloc_increase_ref_count(req);
}
req_send_reply(req);
diff --git a/source4/smb_server/reply.c b/source4/smb_server/reply.c
index 801327f086..72c7c20a11 100644
--- a/source4/smb_server/reply.c
+++ b/source4/smb_server/reply.c
@@ -1332,13 +1332,9 @@ void reply_echo(struct smbsrv_request *req)
memcpy(req->out.data, req->in.data, req->in.data_size);
- /* we need to make sure the request isn't destroyed till the
- * last packet */
- req->control_flags |= REQ_CONTROL_PROTECTED;
-
for (i=1; i <= count;i++) {
- if (i == count) {
- req->control_flags &= ~REQ_CONTROL_PROTECTED;
+ if (i != count) {
+ talloc_increase_ref_count(req);
}
SSVAL(req->out.vwv, VWV(0), i);
diff --git a/source4/smb_server/request.c b/source4/smb_server/request.c
index 15e821b32b..3d78c0a55d 100644
--- a/source4/smb_server/request.c
+++ b/source4/smb_server/request.c
@@ -30,12 +30,6 @@
/* destroy a request structure */
void req_destroy(struct smbsrv_request *req)
{
- /* the request might be marked protected. This is done by the
- * SMBecho code for example */
- if (req->control_flags & REQ_CONTROL_PROTECTED) {
- return;
- }
-
/* ahh, its so nice to destroy a complex structure in such a
* simple way! */
talloc_free(req);
diff --git a/source4/smb_server/trans2.c b/source4/smb_server/trans2.c
index a5033f9b56..e681c9fe29 100644
--- a/source4/smb_server/trans2.c
+++ b/source4/smb_server/trans2.c
@@ -1323,8 +1323,6 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command)
params = trans.out.params.data;
data = trans.out.data.data;
- req->control_flags |= REQ_CONTROL_PROTECTED;
-
/* we need to divide up the reply into chunks that fit into
the negotiated buffer size */
do {
@@ -1384,9 +1382,9 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command)
params += this_param;
data += this_data;
- /* if this is the last chunk then the request can be destroyed */
- if (params_left == 0 && data_left == 0) {
- req->control_flags &= ~REQ_CONTROL_PROTECTED;
+ /* don't destroy unless this is the last chunk */
+ if (params_left != 0 || data_left != 0) {
+ talloc_increase_ref_count(req);
}
req_send_reply(req);