diff options
-rw-r--r-- | source3/smbd/process.c | 2 | ||||
-rw-r--r-- | source3/smbd/reply.c | 35 |
2 files changed, 25 insertions, 12 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index e0da594450..64e41ff155 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -703,7 +703,7 @@ static const struct smb_message_struct { /* 0x0a */ { "SMBread",NULL,reply_read,AS_USER}, /* 0x0b */ { "SMBwrite",NULL,reply_write,AS_USER | CAN_IPC }, /* 0x0c */ { "SMBlock",NULL,reply_lock,AS_USER}, -/* 0x0d */ { "SMBunlock",reply_unlock,NULL,AS_USER}, +/* 0x0d */ { "SMBunlock",NULL,reply_unlock,AS_USER}, /* 0x0e */ { "SMBctemp",NULL,reply_ctemp,AS_USER }, /* 0x0f */ { "SMBmknew",NULL,reply_mknew,AS_USER}, /* 0x10 */ { "SMBcheckpath",NULL,reply_checkpath,AS_USER}, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 00b3e514c6..e16d8d4f6b 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -4033,37 +4033,50 @@ void reply_lock(connection_struct *conn, struct smb_request *req) Reply to a unlock. ****************************************************************************/ -int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size, - int dum_buffsize) +void reply_unlock(connection_struct *conn, struct smb_request *req) { - int outsize = set_message(inbuf,outbuf,0,0,False); SMB_BIG_UINT count,offset; NTSTATUS status; - files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0)); + files_struct *fsp; + START_PROFILE(SMBunlock); - CHECK_FSP(fsp,conn); + if (req->wct < 5) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + END_PROFILE(SMBunlock); + return; + } + + fsp = file_fsp(SVAL(req->inbuf,smb_vwv0)); + + if (!check_fsp(conn, req, fsp, ¤t_user)) { + END_PROFILE(SMBunlock); + return; + } - count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1); - offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3); + count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1); + offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3); status = do_unlock(smbd_messaging_context(), fsp, - (uint32)SVAL(inbuf,smb_pid), + req->smbpid, count, offset, WINDOWS_LOCK); if (NT_STATUS_V(status)) { + reply_nterror(req, status); END_PROFILE(SMBunlock); - return ERROR_NT(status); + return; } DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n", fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) ); - + + reply_outbuf(req, 0, 0); + END_PROFILE(SMBunlock); - return(outsize); + return; } #undef DBGC_CLASS |