diff options
-rw-r--r-- | source4/include/smb.h | 1 | ||||
-rw-r--r-- | source4/smb_server/nttrans.c | 8 | ||||
-rw-r--r-- | source4/smb_server/reply.c | 8 | ||||
-rw-r--r-- | source4/smb_server/request.c | 6 | ||||
-rw-r--r-- | source4/smb_server/trans2.c | 8 |
5 files changed, 8 insertions, 23 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h index 16af58db7d..46b2dd03ca 100644 --- a/source4/include/smb.h +++ b/source4/include/smb.h @@ -607,7 +607,6 @@ typedef struct nt_user_token { /* a set of flags to control handling of request structures */ -#define REQ_CONTROL_PROTECTED (1<<0) /* don't destroy this request */ #define REQ_CONTROL_LARGE (1<<1) /* allow replies larger than max_xmit */ #define REQ_CONTROL_ASYNC (1<<2) /* the backend will answer this one later */ diff --git a/source4/smb_server/nttrans.c b/source4/smb_server/nttrans.c index bd8c49c594..683e9e3386 100644 --- a/source4/smb_server/nttrans.c +++ b/source4/smb_server/nttrans.c @@ -198,8 +198,6 @@ void reply_nttrans(struct smbsrv_request *req) params = trans.out.params.data; data = trans.out.data.data; - req->control_flags |= REQ_CONTROL_PROTECTED; - /* we need to divide up the reply into chunks that fit into the negotiated buffer size */ do { @@ -254,9 +252,9 @@ void reply_nttrans(struct smbsrv_request *req) params += this_param; data += this_data; - /* if this is the last chunk then the request can be destroyed */ - if (params_left == 0 && data_left == 0) { - req->control_flags &= ~REQ_CONTROL_PROTECTED; + /* don't destroy unless this is the last segment */ + if (params_left != 0 || data_left != 0) { + talloc_increase_ref_count(req); } req_send_reply(req); diff --git a/source4/smb_server/reply.c b/source4/smb_server/reply.c index 801327f086..72c7c20a11 100644 --- a/source4/smb_server/reply.c +++ b/source4/smb_server/reply.c @@ -1332,13 +1332,9 @@ void reply_echo(struct smbsrv_request *req) memcpy(req->out.data, req->in.data, req->in.data_size); - /* we need to make sure the request isn't destroyed till the - * last packet */ - req->control_flags |= REQ_CONTROL_PROTECTED; - for (i=1; i <= count;i++) { - if (i == count) { - req->control_flags &= ~REQ_CONTROL_PROTECTED; + if (i != count) { + talloc_increase_ref_count(req); } SSVAL(req->out.vwv, VWV(0), i); diff --git a/source4/smb_server/request.c b/source4/smb_server/request.c index 15e821b32b..3d78c0a55d 100644 --- a/source4/smb_server/request.c +++ b/source4/smb_server/request.c @@ -30,12 +30,6 @@ /* destroy a request structure */ void req_destroy(struct smbsrv_request *req) { - /* the request might be marked protected. This is done by the - * SMBecho code for example */ - if (req->control_flags & REQ_CONTROL_PROTECTED) { - return; - } - /* ahh, its so nice to destroy a complex structure in such a * simple way! */ talloc_free(req); diff --git a/source4/smb_server/trans2.c b/source4/smb_server/trans2.c index a5033f9b56..e681c9fe29 100644 --- a/source4/smb_server/trans2.c +++ b/source4/smb_server/trans2.c @@ -1323,8 +1323,6 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command) params = trans.out.params.data; data = trans.out.data.data; - req->control_flags |= REQ_CONTROL_PROTECTED; - /* we need to divide up the reply into chunks that fit into the negotiated buffer size */ do { @@ -1384,9 +1382,9 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command) params += this_param; data += this_data; - /* if this is the last chunk then the request can be destroyed */ - if (params_left == 0 && data_left == 0) { - req->control_flags &= ~REQ_CONTROL_PROTECTED; + /* don't destroy unless this is the last chunk */ + if (params_left != 0 || data_left != 0) { + talloc_increase_ref_count(req); } req_send_reply(req); |