8 files changed, 228 insertions, 8 deletions
diff --git a/source4/include/structs.h b/source4/include/structs.h
index 7c92b66d52..e104eac1ab 100644
--- a/source4/include/structs.h
+++ b/source4/include/structs.h
@@ -341,5 +341,6 @@ struct smb2_negprot;
 struct smb2_session_setup;
 struct smb2_tree;
 struct smb2_tree_connect;
+struct smb2_create;
 
 
diff --git a/source4/libcli/smb2/config.mk b/source4/libcli/smb2/config.mk
index 63cb6c6140..f3acd06955 100644
--- a/source4/libcli/smb2/config.mk
+++ b/source4/libcli/smb2/config.mk
@@ -4,5 +4,6 @@ OBJ_FILES = \
 	request.o \
 	negprot.o \
 	session.o \
-	tcon.o
+	tcon.o \
+	create.o
 REQUIRED_SUBSYSTEMS = LIBCLI_RAW LIBPACKET
diff --git a/source4/libcli/smb2/create.c b/source4/libcli/smb2/create.c
new file mode 100644
index 0000000000..dbb4d4b974
--- /dev/null
+++ b/source4/libcli/smb2/create.c
@@ -0,0 +1,124 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   SMB2 client tree handling
+
+   Copyright (C) Andrew Tridgell 2005
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/smb2/smb2.h"
+#include "libcli/smb2/smb2_calls.h"
+
+/*
+  send a create request
+*/
+struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create *io)
+{
+	struct smb2_request *req;
+	NTSTATUS status;
+	DATA_BLOB path;
+	uint8_t *ptr;
+
+	status = smb2_string_blob(tree, io->in.fname, &path);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
+
+	req = smb2_request_init_tree(tree, SMB2_OP_CREATE, 0x50 + path.length);
+	if (req == NULL) return NULL;
+
+	SIVAL(req->out.body, 0x00, io->in.unknown1);
+	SIVAL(req->out.body, 0x04, io->in.unknown2);
+	SIVAL(req->out.body, 0x08, io->in.unknown3[0]);
+	SIVAL(req->out.body, 0x0C, io->in.unknown3[1]);
+	SIVAL(req->out.body, 0x10, io->in.unknown3[2]);
+	SIVAL(req->out.body, 0x14, io->in.unknown3[3]);
+	SIVAL(req->out.body, 0x18, io->in.access_mask);
+	SIVAL(req->out.body, 0x1C, io->in.file_attr);
+	SIVAL(req->out.body, 0x20, io->in.unknown4);
+	SIVAL(req->out.body, 0x24, io->in.open_disposition);
+	SIVAL(req->out.body, 0x28, io->in.unknown5);
+
+	SSVAL(req->out.body, 0x2C, 0x40+0x38); /* offset to fname */
+	SSVAL(req->out.body, 0x2E, path.length);
+	SIVAL(req->out.body, 0x30, 0x40+0x38+path.length); /* offset to 2nd buffer? */
+
+	SIVAL(req->out.body, 0x34, io->in.unknown6);
+
+	memcpy(req->out.body+0x38, path.data, path.length);
+
+	ptr = req->out.body+0x38+path.length;
+
+	SIVAL(ptr, 0x00, io->in.unknown7);
+	SIVAL(ptr, 0x04, io->in.unknown8);
+	SIVAL(ptr, 0x08, io->in.unknown9);
+	SIVAL(ptr, 0x0C, io->in.unknown10);
+	SIVAL(ptr, 0x10, io->in.unknown11);
+
+	data_blob_free(&path);
+
+	smb2_transport_send(req);
+
+	return req;
+}
+
+
+/*
+  recv a create reply
+*/
+NTSTATUS smb2_create_recv(struct smb2_request *req, struct smb2_create *io)
+{
+	int i;
+	if (!smb2_request_receive(req) || 
+	    smb2_request_is_error(req)) {
+		return smb2_request_destroy(req);
+	}
+
+	if (req->in.body_size < 0x54) {
+		printf("body size %d\n", req->in.body_size);
+		return NT_STATUS_BUFFER_TOO_SMALL;
+	}
+
+	io->out.unknown1 = IVAL(req->in.body, 0x00);
+	io->out.unknown2 = IVAL(req->in.body, 0x04);
+	io->out.create_time = smbcli_pull_nttime(req->in.body, 0x08);
+	io->out.access_time = smbcli_pull_nttime(req->in.body, 0x10);
+	io->out.write_time  = smbcli_pull_nttime(req->in.body, 0x18);
+	io->out.change_time = smbcli_pull_nttime(req->in.body, 0x20);
+	io->out.unknown3 = IVAL(req->in.body, 0x24);
+	io->out.unknown4 = IVAL(req->in.body, 0x28);
+	io->out.unknown5 = IVAL(req->in.body, 0x2C);
+	io->out.unknown6 = IVAL(req->in.body, 0x30);
+	io->out.unknown7 = IVAL(req->in.body, 0x34);
+	memcpy(io->out.handle.data, req->in.body+0x38, 20);
+	for (i=0;i<2;i++) {
+		io->out.unknown8[i] = IVAL(req->in.body, 0x4C + i*4);
+	}
+
+	return smb2_request_destroy(req);
+}
+
+/*
+  sync create request
+*/
+NTSTATUS smb2_create(struct smb2_tree *tree, struct smb2_create *io)
+{
+	struct smb2_request *req = smb2_create_send(tree, io);
+	return smb2_create_recv(req, io);
+}
diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c
index 7e25de99a8..108cf0ca55 100644
--- a/source4/libcli/smb2/request.c
+++ b/source4/libcli/smb2/request.c
@@ -76,6 +76,22 @@ struct smb2_request *smb2_request_init(struct smb2_transport *transport,
 	return req;
 }
 
+/*
+    initialise a smb2 request for tree operations
+*/
+struct smb2_request *smb2_request_init_tree(struct smb2_tree *tree, 
+					    uint16_t opcode, uint32_t body_size)
+{
+	struct smb2_request *req = smb2_request_init(tree->session->transport, opcode, 
+						     body_size);
+	if (req == NULL) return NULL;
+
+	SBVAL(req->out.hdr,  SMB2_HDR_UID, tree->session->uid);
+	SIVAL(req->out.hdr,  SMB2_HDR_TID, tree->tid);
+
+	return req;	
+}
+
 /* destroy a request structure and return final status */
 NTSTATUS smb2_request_destroy(struct smb2_request *req)
 {
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
index 353f9687d7..76f00cc573 100644
--- a/source4/libcli/smb2/smb2.h
+++ b/source4/libcli/smb2/smb2.h
@@ -56,7 +56,7 @@ struct smb2_transport {
 */
 struct smb2_tree {
 	struct smb2_session *session;
-	uint64_t tid;
+	uint32_t tid;
 };
 
 /*
diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h
index 523f314cbf..8b68751df3 100644
--- a/source4/libcli/smb2/smb2_calls.h
+++ b/source4/libcli/smb2/smb2_calls.h
@@ -71,6 +71,51 @@ struct smb2_tree_connect {
 		uint32_t unknown2; /* 0x00 */
 		uint32_t unknown3; /* 0x00 */
 		uint32_t unknown4; /* 0x1f01ff */ /* capabilities?? */
-		uint64_t tid;
+		uint32_t tid;
 	} out;
 };
+
+/*
+  file handles in SMB2 are 20 bytes, like RPC handles
+*/
+struct smb2_handle {
+	uint8_t data[20];
+};
+
+struct smb2_create {
+	struct {
+		uint32_t unknown1; /* 0x09000039 */
+		uint32_t unknown2; /* 2 */
+		uint32_t unknown3[4];
+		uint32_t access_mask;
+		uint32_t file_attr;
+		uint32_t unknown4;
+		uint32_t open_disposition;
+		uint32_t unknown5;
+		/* ofs/len of name here, 16 bits */
+		uint32_t unknown6;
+		const char *fname;
+		uint32_t unknown7;
+		uint32_t unknown8;
+		uint32_t unknown9;
+		uint32_t unknown10;
+		uint64_t unknown11;
+	} in;
+
+	struct {
+		uint32_t unknown1;
+		uint32_t unknown2;
+		NTTIME   create_time;
+		NTTIME   access_time;
+		NTTIME   write_time;
+		NTTIME   change_time;
+		uint32_t unknown3;
+		uint32_t unknown4;
+		uint32_t unknown5;
+		uint32_t unknown6;
+		uint32_t unknown7;
+		struct smb2_handle handle;
+		uint32_t unknown8[2];
+	} out;
+};
+
diff --git a/source4/libcli/smb2/tcon.c b/source4/libcli/smb2/tcon.c
index 7b13750cfe..b339d6473e 100644
--- a/source4/libcli/smb2/tcon.c
+++ b/source4/libcli/smb2/tcon.c
@@ -67,6 +67,7 @@ struct smb2_request *smb2_tree_connect_send(struct smb2_tree *tree,
 	SBVAL(req->out.hdr,  SMB2_HDR_UID, tree->session->uid);
 	SIVAL(req->out.body, 0x00, io->in.unknown1);
 	status = smb2_push_ofs_blob(req, req->out.body+0x04, path);
+	data_blob_free(&path);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(req);
 		return NULL;
@@ -92,7 +93,7 @@ NTSTATUS smb2_tree_connect_recv(struct smb2_request *req, struct smb2_tree_conne
 		return NT_STATUS_BUFFER_TOO_SMALL;
 	}
 
-	io->out.tid      = BVAL(req->in.hdr,  SMB2_HDR_TID);
+	io->out.tid      = IVAL(req->in.hdr,  SMB2_HDR_TID);
 
 	io->out.unknown1 = IVAL(req->in.body, 0x00);
 	io->out.unknown2 = IVAL(req->in.body, 0x04);
@@ -103,7 +104,7 @@ NTSTATUS smb2_tree_connect_recv(struct smb2_request *req, struct smb2_tree_conne
 }
 
 /*
-  sync session setup request
+  sync tree connect request
 */
 NTSTATUS smb2_tree_connect(struct smb2_tree *tree, struct smb2_tree_connect *io)
 {
diff --git a/source4/torture/smb2/connect.c b/source4/torture/smb2/connect.c
index 39131a74f2..955df4c890 100644
--- a/source4/torture/smb2/connect.c
+++ b/source4/torture/smb2/connect.c
@@ -188,11 +188,40 @@ static struct smb2_tree *torture_smb2_tree(struct smb2_session *session,
 		return NULL;
 	}
 	
-	printf("Tree connect gave tid = 0x%016llx\n", io.out.tid);
+	printf("Tree connect gave tid = 0x%x\n", io.out.tid);
+
+	tree->tid = io.out.tid;
 
 	return tree;
 }
 
+/*
+  send a create
+*/
+static struct smb2_handle torture_smb2_create(struct smb2_tree *tree, 
+					      const char *fname)
+{
+	struct smb2_create io;
+	NTSTATUS status;
+
+	ZERO_STRUCT(io);
+	io.in.unknown1 = 0x09000039;
+	io.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.in.file_attr   = FILE_ATTRIBUTE_NORMAL;
+	io.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
+	io.in.fname = fname;
+	status = smb2_create(tree, &io);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("create failed - %s\n", nt_errstr(status));
+		return io.out.handle;
+	}
+
+	printf("Open gave handle:\n");
+	dump_data(0, io.out.handle.data, 20);
+	
+	return io.out.handle;
+}
+
 /* 
    basic testing of SMB2 connection calls
 */
@@ -205,12 +234,15 @@ BOOL torture_smb2_connect(void)
 	const char *host = lp_parm_string(-1, "torture", "host");
 	const char *share = lp_parm_string(-1, "torture", "share");
 	struct cli_credentials *credentials = cmdline_credentials;
+	struct smb2_handle h;
 
 	transport = torture_smb2_negprot(mem_ctx, host);
 	session   = torture_smb2_session(transport, credentials);
-	session   = torture_smb2_session(transport, credentials);
-	tree      = torture_smb2_tree(session, share);
 	tree      = torture_smb2_tree(session, share);
+	h         = torture_smb2_create(tree, "test2.dat");
+	h         = torture_smb2_create(tree, "test3.dat");
+	h         = torture_smb2_create(tree, "test4.dat");
+	h         = torture_smb2_create(tree, "test5.dat");
 
 	talloc_free(mem_ctx);