summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/nterr.h1
-rw-r--r--source4/libcli/smb2/smb2_calls.h4
-rw-r--r--source4/libcli/smb2/transport.c7
-rw-r--r--source4/librpc/rpc/dcerpc_smb2.c11
4 files changed, 19 insertions, 4 deletions
diff --git a/source4/include/nterr.h b/source4/include/nterr.h
index bfeb63169c..08e3fa2db0 100644
--- a/source4/include/nterr.h
+++ b/source4/include/nterr.h
@@ -34,6 +34,7 @@
#define STATUS_INVALID_EA_FLAG NT_STATUS(0x80000015)
#define NT_STATUS_NO_MORE_ENTRIES NT_STATUS(0x8000001a)
+#define STATUS_PENDING NT_STATUS(0x0103)
#define STATUS_MORE_ENTRIES NT_STATUS(0x0105)
#define STATUS_SOME_UNMAPPED NT_STATUS(0x0107)
#define ERROR_INVALID_PARAMETER NT_STATUS(0x0057)
diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h
index 07f74ca229..e0a78937d5 100644
--- a/source4/libcli/smb2/smb2_calls.h
+++ b/source4/libcli/smb2/smb2_calls.h
@@ -304,9 +304,11 @@ struct smb2_find {
} out;
};
+#define SMB2_TRANS_PIPE_FLAGS 0x0011c017 /* what are these? */
+
struct smb2_trans {
struct {
- uint32_t unknown1;
+ uint32_t pipe_flags;
struct smb2_handle handle;
uint32_t unknown2;
uint32_t max_response_size;
diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c
index 04767fa634..02ac587636 100644
--- a/source4/libcli/smb2/transport.c
+++ b/source4/libcli/smb2/transport.c
@@ -185,6 +185,13 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
+ if (NT_STATUS_EQUAL(req->status, STATUS_PENDING)) {
+ /* the server has helpfully told us that this request is still being
+ processed. how useful :) */
+ talloc_free(buffer);
+ return NT_STATUS_OK;
+ }
+
buffer_code = SVAL(req->in.body, 0);
req->in.dynamic = NULL;
dynamic_size = req->in.body_size - (buffer_code & ~1);
diff --git a/source4/librpc/rpc/dcerpc_smb2.c b/source4/librpc/rpc/dcerpc_smb2.c
index 56d568a663..d733ab4713 100644
--- a/source4/librpc/rpc/dcerpc_smb2.c
+++ b/source4/librpc/rpc/dcerpc_smb2.c
@@ -104,6 +104,9 @@ static void smb2_read_callback(struct smb2_request *req)
ZERO_STRUCT(io);
io.in.length = MIN(state->c->srv_max_xmit_frag,
frag_length - state->data.length);
+ if (io.in.length < 16) {
+ io.in.length = 16;
+ }
io.in.handle = smb->handle;
req = smb2_read_send(smb->tree, &io);
@@ -228,9 +231,9 @@ static NTSTATUS smb2_send_trans_request(struct dcerpc_connection *c, DATA_BLOB *
state->c = c;
ZERO_STRUCT(io);
- io.in.unknown1 = 0x0011c017;
+ io.in.pipe_flags = SMB2_TRANS_PIPE_FLAGS;
io.in.handle = smb->handle;
- io.in.max_response_size = 0x10000;
+ io.in.max_response_size = 0x1000;
io.in.flags = 1;
io.in.out = *blob;
@@ -383,7 +386,9 @@ struct composite_context *dcerpc_pipe_open_smb2_send(struct dcerpc_connection *c
NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
io.in.open_disposition = NTCREATEX_DISP_OPEN;
- io.in.create_options = 0x400040;
+ io.in.create_options =
+ NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
+ NTCREATEX_OPTIONS_UNKNOWN_400000;
io.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
if ((strncasecmp(pipe_name, "/pipe/", 6) == 0) ||