From aed93a238e13247945073921d91408c91ae210c3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 21 May 2008 22:51:21 +1000 Subject: fixed SMB2 flush call, and added flush to gentest_smb2 (This used to be commit c52fe1fe1c77636d87355d3c4baa66e052fe9008) --- source4/libcli/raw/interfaces.h | 6 +++++- source4/libcli/smb2/flush.c | 6 ++++-- source4/smb_server/smb2/fileio.c | 7 +++--- source4/torture/gentest_smb2.c | 46 ++++++++++++++++++++++++++++++---------- 4 files changed, 47 insertions(+), 18 deletions(-) diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index 149b91916a..3370021d48 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -2156,8 +2156,12 @@ union smb_flush { enum smb_flush_level level; struct { union smb_handle file; - uint32_t unknown; + uint16_t reserved1; + uint32_t reserved2; } in; + struct { + uint16_t reserved; + } out; } smb2; }; diff --git a/source4/libcli/smb2/flush.c b/source4/libcli/smb2/flush.c index 116068ed6e..577d1ba1ba 100644 --- a/source4/libcli/smb2/flush.c +++ b/source4/libcli/smb2/flush.c @@ -33,8 +33,8 @@ struct smb2_request *smb2_flush_send(struct smb2_tree *tree, struct smb2_flush * req = smb2_request_init_tree(tree, SMB2_OP_FLUSH, 0x18, false, 0); if (req == NULL) return NULL; - SSVAL(req->out.body, 0x02, 0); /* pad? */ - SIVAL(req->out.body, 0x04, io->in.unknown); + SSVAL(req->out.body, 0x02, io->in.reserved1); + SIVAL(req->out.body, 0x04, io->in.reserved2); smb2_push_handle(req->out.body+0x08, &io->in.file.handle); smb2_transport_send(req); @@ -55,6 +55,8 @@ NTSTATUS smb2_flush_recv(struct smb2_request *req, struct smb2_flush *io) SMB2_CHECK_PACKET_RECV(req, 0x04, false); + io->out.reserved = SVAL(req->in.body, 0x02); + return smb2_request_destroy(req); } diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c index 0feb259038..5ab217bbfd 100644 --- a/source4/smb_server/smb2/fileio.c +++ b/source4/smb_server/smb2/fileio.c @@ -135,7 +135,7 @@ static void smb2srv_flush_send(struct ntvfs_request *ntvfs) SMB2SRV_CHECK_ASYNC_STATUS(io, union smb_flush); SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x04, false, 0)); - SSVAL(req->out.body, 0x02, 0); + SSVAL(req->out.body, 0x02, io->smb2.out.reserved); smb2srv_send_reply(req); } @@ -143,15 +143,14 @@ static void smb2srv_flush_send(struct ntvfs_request *ntvfs) void smb2srv_flush_recv(struct smb2srv_request *req) { union smb_flush *io; - uint16_t _pad; SMB2SRV_CHECK_BODY_SIZE(req, 0x18, false); SMB2SRV_TALLOC_IO_PTR(io, union smb_flush); SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_flush_send, NTVFS_ASYNC_STATE_MAY_ASYNC); io->smb2.level = RAW_FLUSH_SMB2; - _pad = SVAL(req->in.body, 0x02); - io->smb2.in.unknown = IVAL(req->in.body, 0x04); + io->smb2.in.reserved1 = SVAL(req->in.body, 0x02); + io->smb2.in.reserved2 = IVAL(req->in.body, 0x04); io->smb2.in.file.ntvfs = smb2srv_pull_handle(req, req->in.body, 0x08); SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs); diff --git a/source4/torture/gentest_smb2.c b/source4/torture/gentest_smb2.c index 68e9e2c20b..fc6dbcbb9a 100644 --- a/source4/torture/gentest_smb2.c +++ b/source4/torture/gentest_smb2.c @@ -349,8 +349,8 @@ static uint16_t gen_fnum(int instance) */ static uint16_t gen_fnum_close(int instance) { - if (num_open_handles < 3) { - if (gen_chance(80)) return BAD_HANDLE; + if (num_open_handles < 5) { + if (gen_chance(90)) return BAD_HANDLE; } return gen_fnum(instance); @@ -573,8 +573,8 @@ static uint32_t gen_ntcreatex_flags(void) */ static uint32_t gen_access_mask(void) { - if (gen_chance(50)) return SEC_FLAG_MAXIMUM_ALLOWED; - if (gen_chance(20)) return SEC_FILE_ALL; + if (gen_chance(70)) return SEC_FLAG_MAXIMUM_ALLOWED; + if (gen_chance(70)) return SEC_FILE_ALL; return gen_bits_mask(0xFFFFFFFF); } @@ -593,6 +593,7 @@ static uint32_t gen_create_options(void) */ static uint32_t gen_open_disp(void) { + if (gen_chance(50)) return NTCREATEX_DISP_OPEN_IF; if (gen_chance(10)) return gen_bits_mask(0xFFFFFFFF); return gen_int_range(0, 5); } @@ -1002,20 +1003,20 @@ again: /* generate ntcreatex operations */ -static bool handler_ntcreatex(int instance) +static bool handler_create(int instance) { struct smb2_create parm[NSERVERS]; NTSTATUS status[NSERVERS]; ZERO_STRUCT(parm[0]); - parm[0].in.security_flags = gen_bits_levels(3, 70, 0x0, 70, 0x3, 100, 0xFF); - parm[0].in.oplock_level = gen_bits_levels(3, 70, 0x0, 70, 0x9, 100, 0xFF); - parm[0].in.impersonation_level = gen_bits_levels(3, 70, 0x0, 70, 0x3, 100, 0xFFFFFFFF); - parm[0].in.create_flags = gen_bits_levels(2, 80, 0x0, 100, 0xFFFFFFFF); + parm[0].in.security_flags = gen_bits_levels(3, 90, 0x0, 70, 0x3, 100, 0xFF); + parm[0].in.oplock_level = gen_bits_levels(3, 90, 0x0, 70, 0x9, 100, 0xFF); + parm[0].in.impersonation_level = gen_bits_levels(3, 90, 0x0, 70, 0x3, 100, 0xFFFFFFFF); + parm[0].in.create_flags = gen_bits_levels(2, 90, 0x0, 100, 0xFFFFFFFF); if (gen_chance(2)) { parm[0].in.create_flags |= gen_bits_mask(0xFFFFFFFF); } - parm[0].in.reserved = gen_bits_levels(2, 80, 0x0, 100, 0xFFFFFFFF); + parm[0].in.reserved = gen_bits_levels(2, 95, 0x0, 100, 0xFFFFFFFF); if (gen_chance(2)) { parm[0].in.reserved |= gen_bits_mask(0xFFFFFFFF); } @@ -1171,6 +1172,28 @@ static bool handler_lock(int instance) return true; } +/* + generate flush operations +*/ +static bool handler_flush(int instance) +{ + struct smb2_flush parm[NSERVERS]; + NTSTATUS status[NSERVERS]; + + ZERO_STRUCT(parm[0]); + parm[0].in.file.handle.data[0] = gen_fnum(instance); + parm[0].in.reserved1 = gen_bits_mask2(0x0, 0xFFFF); + parm[0].in.reserved2 = gen_bits_mask2(0x0, 0xFFFFFFFF); + + GEN_COPY_PARM; + GEN_SET_FNUM(in.file.handle); + GEN_CALL(smb2_flush(tree, &parm[i])); + + CHECK_EQUAL(out.reserved); + + return true; +} + #if 0 /* @@ -1577,11 +1600,12 @@ static struct { bool (*handler)(int instance); int count, success_count; } gen_ops[] = { - {"NTCREATEX", handler_ntcreatex}, + {"CREATE", handler_create}, {"CLOSE", handler_close}, {"READ", handler_read}, {"WRITE", handler_write}, {"LOCK", handler_lock}, + {"FLUSH", handler_flush}, }; -- cgit