2 Unix SMB/Netbios implementation.
4 SMB NT transaction handling
5 Copyright (C) Jeremy Allison 1994-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
26 extern int smb_read_error;
27 extern int global_oplock_break;
28 extern BOOL case_sensitive;
29 extern BOOL case_preserve;
30 extern BOOL short_case_preserve;
32 static char *known_nt_pipes[] = {
50 /* Map generic permissions to file object specific permissions */
52 struct generic_mapping file_generic_mapping = {
59 /****************************************************************************
60 Send the required number of replies back.
61 We assume all fields other than the data fields are
62 set correctly for the type of call.
63 HACK ! Always assumes smb_setup field is zero.
64 ****************************************************************************/
66 static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_error, char *params,
67 int paramsize, char *pdata, int datasize)
70 int data_to_send = datasize;
71 int params_to_send = paramsize;
75 int params_sent_thistime, data_sent_thistime, total_sent_thistime;
76 int alignment_offset = 3;
77 int data_alignment_offset = 0;
80 * Initially set the wcnt area to be 18 - this is true for all
84 set_message(outbuf,18,0,True);
88 SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
94 * If there genuinely are no parameters or data to send just send
98 if(params_to_send == 0 && data_to_send == 0) {
99 if (!send_smb(smbd_server_fd(),outbuf))
100 exit_server("send_nt_replies: send_smb failed.\n");
105 * When sending params and data ensure that both are nicely aligned.
106 * Only do this alignment when there is also data to send - else
107 * can cause NT redirector problems.
110 if (((params_to_send % 4) != 0) && (data_to_send != 0))
111 data_alignment_offset = 4 - (params_to_send % 4);
114 * Space is bufsize minus Netbios over TCP header minus SMB header.
115 * The alignment_offset is to align the param bytes on a four byte
116 * boundary (2 bytes for data len, one byte pad).
117 * NT needs this to work correctly.
120 useable_space = bufsize - ((smb_buf(outbuf)+
121 alignment_offset+data_alignment_offset) -
125 * useable_space can never be more than max_send minus the
129 useable_space = MIN(useable_space,
130 max_send - (alignment_offset+data_alignment_offset));
133 while (params_to_send || data_to_send) {
136 * Calculate whether we will totally or partially fill this packet.
139 total_sent_thistime = params_to_send + data_to_send +
140 alignment_offset + data_alignment_offset;
143 * We can never send more than useable_space.
146 total_sent_thistime = MIN(total_sent_thistime, useable_space);
148 set_message(outbuf, 18, total_sent_thistime, True);
151 * Set total params and data to be sent.
154 SIVAL(outbuf,smb_ntr_TotalParameterCount,paramsize);
155 SIVAL(outbuf,smb_ntr_TotalDataCount,datasize);
158 * Calculate how many parameters and data we can fit into
159 * this packet. Parameters get precedence.
162 params_sent_thistime = MIN(params_to_send,useable_space);
163 data_sent_thistime = useable_space - params_sent_thistime;
164 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
166 SIVAL(outbuf,smb_ntr_ParameterCount,params_sent_thistime);
168 if(params_sent_thistime == 0) {
169 SIVAL(outbuf,smb_ntr_ParameterOffset,0);
170 SIVAL(outbuf,smb_ntr_ParameterDisplacement,0);
173 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
174 * parameter bytes, however the first 4 bytes of outbuf are
175 * the Netbios over TCP header. Thus use smb_base() to subtract
176 * them from the calculation.
179 SIVAL(outbuf,smb_ntr_ParameterOffset,
180 ((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
182 * Absolute displacement of param bytes sent in this packet.
185 SIVAL(outbuf,smb_ntr_ParameterDisplacement,pp - params);
189 * Deal with the data portion.
192 SIVAL(outbuf,smb_ntr_DataCount, data_sent_thistime);
194 if(data_sent_thistime == 0) {
195 SIVAL(outbuf,smb_ntr_DataOffset,0);
196 SIVAL(outbuf,smb_ntr_DataDisplacement, 0);
199 * The offset of the data bytes is the offset of the
200 * parameter bytes plus the number of parameters being sent this time.
203 SIVAL(outbuf,smb_ntr_DataOffset,((smb_buf(outbuf)+alignment_offset) -
204 smb_base(outbuf)) + params_sent_thistime + data_alignment_offset);
205 SIVAL(outbuf,smb_ntr_DataDisplacement, pd - pdata);
209 * Copy the param bytes into the packet.
212 if(params_sent_thistime)
213 memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
216 * Copy in the data bytes
219 if(data_sent_thistime)
220 memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+
221 data_alignment_offset,pd,data_sent_thistime);
223 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
224 params_sent_thistime, data_sent_thistime, useable_space));
225 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
226 params_to_send, data_to_send, paramsize, datasize));
228 /* Send the packet */
229 if (!send_smb(smbd_server_fd(),outbuf))
230 exit_server("send_nt_replies: send_smb failed.\n");
232 pp += params_sent_thistime;
233 pd += data_sent_thistime;
235 params_to_send -= params_sent_thistime;
236 data_to_send -= data_sent_thistime;
242 if(params_to_send < 0 || data_to_send < 0) {
243 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
244 params_to_send, data_to_send));
252 /****************************************************************************
254 ****************************************************************************/
256 static BOOL saved_case_sensitive;
257 static BOOL saved_case_preserve;
258 static BOOL saved_short_case_preserve;
260 /****************************************************************************
262 ****************************************************************************/
264 static void set_posix_case_semantics(uint32 file_attributes)
266 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
269 saved_case_sensitive = case_sensitive;
270 saved_case_preserve = case_preserve;
271 saved_short_case_preserve = short_case_preserve;
274 case_sensitive = True;
275 case_preserve = True;
276 short_case_preserve = True;
279 /****************************************************************************
280 Restore case semantics.
281 ****************************************************************************/
283 static void restore_case_semantics(uint32 file_attributes)
285 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
288 case_sensitive = saved_case_sensitive;
289 case_preserve = saved_case_preserve;
290 short_case_preserve = saved_short_case_preserve;
293 /****************************************************************************
294 Utility function to map create disposition.
295 ****************************************************************************/
297 static int map_create_disposition( uint32 create_disposition)
301 switch( create_disposition ) {
303 /* create if not exist, fail if exist */
304 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL);
307 case FILE_OVERWRITE_IF:
308 /* create if not exist, trunc if exist */
309 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
312 /* fail if not exist, open if exists */
313 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN);
316 /* create if not exist, open if exists */
317 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_OPEN);
320 /* fail if not exist, truncate if exists */
321 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
324 DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n",
325 create_disposition ));
329 DEBUG(10,("map_create_disposition: Mapped create_disposition %lx to %x\n",
330 (unsigned long)create_disposition, ret ));
335 /****************************************************************************
336 Utility function to map share modes.
337 ****************************************************************************/
339 static int map_share_mode( BOOL *pstat_open_only, char *fname,
340 uint32 desired_access, uint32 share_access, uint32 file_attributes)
342 int smb_open_mode = -1;
344 *pstat_open_only = False;
347 * Convert GENERIC bits to specific bits.
350 se_map_generic(&desired_access, &file_generic_mapping);
352 switch( desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA) ) {
354 smb_open_mode = DOS_OPEN_RDONLY;
356 case FILE_WRITE_DATA:
357 case FILE_APPEND_DATA:
358 case FILE_WRITE_DATA|FILE_APPEND_DATA:
359 smb_open_mode = DOS_OPEN_WRONLY;
361 case FILE_READ_DATA|FILE_WRITE_DATA:
362 case FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA:
363 case FILE_READ_DATA|FILE_APPEND_DATA:
364 smb_open_mode = DOS_OPEN_RDWR;
369 * NB. For DELETE_ACCESS we should really check the
370 * directory permissions, as that is what controls
371 * delete, and for WRITE_DAC_ACCESS we should really
372 * check the ownership, as that is what controls the
373 * chmod. Note that this is *NOT* a security hole (this
374 * note is for you, Andrew) as we are not *allowing*
375 * the access at this point, the actual unlink or
376 * chown or chmod call would do this. We are just helping
377 * clients out by telling them if they have a hope
378 * of any of this succeeding. POSIX acls may still
379 * deny the real call. JRA.
382 if (smb_open_mode == -1) {
384 if(desired_access == WRITE_DAC_ACCESS || desired_access == READ_CONTROL_ACCESS)
385 *pstat_open_only = True;
387 if(desired_access & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
388 FILE_EXECUTE|FILE_READ_ATTRIBUTES|
389 FILE_READ_EA|FILE_WRITE_EA|SYSTEM_SECURITY_ACCESS|
390 FILE_WRITE_ATTRIBUTES|READ_CONTROL_ACCESS)) {
391 smb_open_mode = DOS_OPEN_RDONLY;
392 } else if(desired_access == 0) {
395 * JRA - NT seems to sometimes send desired_access as zero. play it safe
396 * and map to a stat open.
399 *pstat_open_only = True;
400 smb_open_mode = DOS_OPEN_RDONLY;
403 DEBUG(0,("map_share_mode: Incorrect value %lx for desired_access to file %s\n",
404 (unsigned long)desired_access, fname));
410 * Set the special bit that means allow share delete.
411 * This is held outside the normal share mode bits at 1<<15.
415 if(share_access & FILE_SHARE_DELETE) {
416 smb_open_mode |= ALLOW_SHARE_DELETE;
417 DEBUG(10,("map_share_mode: FILE_SHARE_DELETE requested. open_mode = %x\n", smb_open_mode));
421 * We need to store the intent to open for Delete. This
422 * is what determines if a delete on close flag can be set.
423 * This is the wrong way (and place) to store this, but for 2.2 this
424 * is the only practical way. JRA.
427 if(desired_access & DELETE_ACCESS) {
428 smb_open_mode |= DELETE_ACCESS_REQUESTED;
429 DEBUG(10,("map_share_mode: DELETE_ACCESS requested. open_mode = %x\n", smb_open_mode));
432 /* Add in the requested share mode. */
433 switch( share_access & (FILE_SHARE_READ|FILE_SHARE_WRITE)) {
434 case FILE_SHARE_READ:
435 smb_open_mode |= SET_DENY_MODE(DENY_WRITE);
437 case FILE_SHARE_WRITE:
438 smb_open_mode |= SET_DENY_MODE(DENY_READ);
440 case (FILE_SHARE_READ|FILE_SHARE_WRITE):
441 smb_open_mode |= SET_DENY_MODE(DENY_NONE);
443 case FILE_SHARE_NONE:
444 smb_open_mode |= SET_DENY_MODE(DENY_ALL);
449 * Handle an O_SYNC request.
452 if(file_attributes & FILE_FLAG_WRITE_THROUGH)
453 smb_open_mode |= FILE_SYNC_OPENMODE;
455 DEBUG(10,("map_share_mode: Mapped desired access %lx, share access %lx, file attributes %lx \
456 to open_mode %x\n", (unsigned long)desired_access, (unsigned long)share_access,
457 (unsigned long)file_attributes, smb_open_mode ));
459 return smb_open_mode;
464 * This is a *disgusting* hack.
465 * This is *so* bad that even I'm embarrassed (and I
466 * have no shame). Here's the deal :
467 * Until we get the correct SPOOLSS code into smbd
468 * then when we're running with NT SMB support then
469 * NT makes this call with a level of zero, and then
470 * immediately follows it with an open request to
471 * the \\SRVSVC pipe. If we allow that open to
472 * succeed then NT barfs when it cannot open the
473 * \\SPOOLSS pipe immediately after and continually
474 * whines saying "Printer name is invalid" forever
475 * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC
476 * to fail, then NT downgrades to using the downlevel code
477 * and everything works as well as before. I hate
478 * myself for adding this code.... JRA.
480 * The HACK_FAIL_TIME define allows only a 2
481 * second window for this to occur, just in
485 static BOOL fail_next_srvsvc = False;
486 static time_t fail_time;
487 #define HACK_FAIL_TIME 2 /* In seconds. */
489 void fail_next_srvsvc_open(void)
491 /* Check client is WinNT proper; Win2K doesn't like Jeremy's hack - matty */
492 if (get_remote_arch() != RA_WINNT)
495 fail_next_srvsvc = True;
496 fail_time = time(NULL);
497 DEBUG(10,("fail_next_srvsvc_open: setting up timeout close of \\srvsvc pipe for print fix.\n"));
501 * HACK alert.... see above - JRA.
504 BOOL should_fail_next_srvsvc_open(const char *pipename)
507 DEBUG(10,("should_fail_next_srvsvc_open: fail = %d, pipe = %s\n",
508 (int)fail_next_srvsvc, pipename));
510 if(fail_next_srvsvc && (time(NULL) > fail_time + HACK_FAIL_TIME)) {
511 fail_next_srvsvc = False;
512 fail_time = (time_t)0;
513 DEBUG(10,("should_fail_next_srvsvc_open: End of timeout close of \\srvsvc pipe for print fix.\n"));
516 if(fail_next_srvsvc && strequal(pipename, "srvsvc")) {
517 fail_next_srvsvc = False;
518 DEBUG(10,("should_fail_next_srvsvc_open: Deliberately failing open of \\srvsvc pipe for print fix.\n"));
525 /****************************************************************************
526 Reply to an NT create and X call on a pipe.
527 ****************************************************************************/
528 static int nt_open_pipe(char *fname, connection_struct *conn,
529 char *inbuf, char *outbuf, int *ppnum)
531 pipes_struct *p = NULL;
533 uint16 vuid = SVAL(inbuf, smb_uid);
536 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
538 /* See if it is one we want to handle. */
539 for( i = 0; known_nt_pipes[i]; i++ )
540 if( strequal(fname,known_nt_pipes[i]))
543 if ( known_nt_pipes[i] == NULL )
544 return(ERROR(ERRSRV,ERRaccess));
546 /* Strip \\ off the name. */
550 if(should_fail_next_srvsvc_open(fname))
551 return (ERROR(ERRSRV,ERRaccess));
554 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
556 p = open_rpc_pipe_p(fname, conn, vuid);
558 return(ERROR(ERRSRV,ERRnofids));
565 /****************************************************************************
566 Reply to an NT create and X call for pipes.
567 ****************************************************************************/
569 static int do_ntcreate_pipe_open(connection_struct *conn,
570 char *inbuf,char *outbuf,int length,int bufsize)
577 srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE|STR_CONVERT);
579 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
583 * Deal with pipe return.
586 set_message(outbuf,34,0,True);
588 p = outbuf + smb_vwv2;
592 SIVAL(p,0,FILE_WAS_OPENED);
595 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
598 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
600 SSVAL(p,2, 0x5FF); /* ? */
602 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
604 return chain_reply(inbuf,outbuf,length,bufsize);
607 /****************************************************************************
608 Reply to an NT create and X call.
609 ****************************************************************************/
611 int reply_ntcreate_and_X(connection_struct *conn,
612 char *inbuf,char *outbuf,int length,int bufsize)
616 uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
617 uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess);
618 uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
619 uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
620 uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
621 uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
622 uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
625 int smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
626 /* Breakout the oplock request bits so we can set the
627 reply bits separately. */
628 int oplock_request = 0;
631 SMB_OFF_T file_len = 0;
632 SMB_STRUCT_STAT sbuf;
634 BOOL bad_path = False;
635 files_struct *fsp=NULL;
637 BOOL stat_open_only = False;
639 START_PROFILE(SMBntcreateX);
641 /* If it's an IPC, use the pipe handler. */
644 if (lp_nt_pipe_support()) {
645 END_PROFILE(SMBntcreateX);
646 return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize);
648 END_PROFILE(SMBntcreateX);
649 return(ERROR(ERRDOS,ERRbadaccess));
655 * We need to construct the open_and_X ofun value from the
656 * NT values, as that's what our code is structured to accept.
659 if((smb_ofun = map_create_disposition( create_disposition )) == -1) {
660 END_PROFILE(SMBntcreateX);
661 return(ERROR(ERRDOS,ERRbadaccess));
668 if(root_dir_fid != 0) {
670 * This filename is relative to a directory fid.
672 files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid);
676 END_PROFILE(SMBntcreateX);
677 return(ERROR(ERRDOS,ERRbadfid));
680 if(!dir_fsp->is_directory) {
682 * Check to see if this is a mac fork of some kind.
685 srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE|STR_CONVERT);
687 if( strchr(fname, ':')) {
688 SSVAL(outbuf, smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
689 END_PROFILE(SMBntcreateX);
690 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND));
692 END_PROFILE(SMBntcreateX);
693 return(ERROR(ERRDOS,ERRbadfid));
697 * Copy in the base directory name.
700 pstrcpy( fname, dir_fsp->fsp_name );
701 dir_name_len = strlen(fname);
704 * Ensure it ends in a '\'.
707 if(fname[dir_name_len-1] != '\\' && fname[dir_name_len-1] != '/') {
708 pstrcat(fname, "\\");
712 srvstr_pull(inbuf, &fname[dir_name_len], smb_buf(inbuf), sizeof(fname)-dir_name_len,
713 -1, STR_TERMINATE|STR_CONVERT);
715 srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname),
716 -1, STR_TERMINATE|STR_CONVERT);
720 * Now contruct the smb_open_mode value from the filename,
721 * desired access and the share access.
723 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
725 if((smb_open_mode = map_share_mode(&stat_open_only, fname, desired_access,
727 file_attributes)) == -1) {
728 END_PROFILE(SMBntcreateX);
729 return(ERROR(ERRDOS,ERRbadaccess));
732 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
733 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
736 * Ordinary file or directory.
740 * Check if POSIX semantics are wanted.
743 set_posix_case_semantics(file_attributes);
745 unix_convert(fname,conn,0,&bad_path,&sbuf);
747 unixmode = unix_mode(conn,smb_attr | aARCH, fname);
750 * If it's a request for a directory open, deal with it separately.
753 if(create_options & FILE_DIRECTORY_FILE) {
756 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
758 restore_case_semantics(file_attributes);
761 if((errno == ENOENT) && bad_path) {
762 unix_ERR_class = ERRDOS;
763 unix_ERR_code = ERRbadpath;
765 END_PROFILE(SMBntcreateX);
766 return(UNIXERROR(ERRDOS,ERRnoaccess));
770 * Ordinary file case.
773 /* NB. We have a potential bug here. If we
774 * cause an oplock break to ourselves, then we
775 * could end up processing filename related
776 * SMB requests whilst we await the oplock
777 * break response. As we may have changed the
778 * filename case semantics to be POSIX-like,
779 * this could mean a filename request could
780 * fail when it should succeed. This is a rare
781 * condition, but eventually we must arrange
782 * to restore the correct case semantics
783 * before issuing an oplock break request to
784 * our client. JRA. */
786 fsp = open_file_shared(conn,fname,&sbuf,smb_open_mode,
787 smb_ofun,unixmode, oplock_request,&rmode,&smb_action);
790 /* We cheat here. There are two cases we
791 * care about. One is a directory rename,
792 * where the NT client will attempt to
793 * open the source directory for
794 * DELETE access. Note that when the
795 * NT client does this it does *not*
796 * set the directory bit in the
797 * request packet. This is translated
798 * into a read/write open
799 * request. POSIX states that any open
800 * for write request on a directory
801 * will generate an EISDIR error, so
802 * we can catch this here and open a
803 * pseudo handle that is flagged as a
804 * directory. The second is an open
805 * for a permissions read only, which
806 * we handle in the open_file_stat case. JRA.
809 if(errno == EISDIR) {
812 * Fail the open if it was explicitly a non-directory file.
815 if (create_options & FILE_NON_DIRECTORY_FILE) {
816 restore_case_semantics(file_attributes);
817 SSVAL(outbuf, smb_flg2,
818 SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
819 END_PROFILE(SMBntcreateX);
820 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY));
824 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
827 restore_case_semantics(file_attributes);
828 if((errno == ENOENT) && bad_path) {
829 unix_ERR_class = ERRDOS;
830 unix_ERR_code = ERRbadpath;
832 END_PROFILE(SMBntcreateX);
833 return(UNIXERROR(ERRDOS,ERRnoaccess));
836 } else if (((errno == EACCES) || (errno == EROFS)) && stat_open_only) {
838 } else if (errno == EACCES && stat_open_only) {
841 * We couldn't open normally and all we want
842 * are the permissions. Try and do a stat open.
847 fsp = open_file_stat(conn,fname,&sbuf,smb_open_mode,&smb_action);
850 restore_case_semantics(file_attributes);
851 END_PROFILE(SMBntcreateX);
852 return(UNIXERROR(ERRDOS,ERRnoaccess));
857 if((errno == ENOENT) && bad_path) {
858 unix_ERR_class = ERRDOS;
859 unix_ERR_code = ERRbadpath;
862 restore_case_semantics(file_attributes);
864 END_PROFILE(SMBntcreateX);
865 return(UNIXERROR(ERRDOS,ERRnoaccess));
870 restore_case_semantics(file_attributes);
872 file_len = sbuf.st_size;
873 fmode = dos_mode(conn,fname,&sbuf);
875 fmode = FILE_ATTRIBUTE_NORMAL;
876 if (!fsp->is_directory && (fmode & aDIR)) {
877 close_file(fsp,False);
878 END_PROFILE(SMBntcreateX);
879 return(ERROR(ERRDOS,ERRnoaccess));
883 * If the caller set the extended oplock request bit
884 * and we granted one (by whatever means) - set the
885 * correct bit for extended oplock reply.
888 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
889 smb_action |= EXTENDED_OPLOCK_GRANTED;
891 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
892 smb_action |= EXTENDED_OPLOCK_GRANTED;
894 set_message(outbuf,34,0,True);
896 p = outbuf + smb_vwv2;
899 * Currently as we don't support level II oplocks we just report
900 * exclusive & batch here.
903 if (smb_action & EXTENDED_OPLOCK_GRANTED)
904 SCVAL(p,0, BATCH_OPLOCK_RETURN);
905 else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
906 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
908 SCVAL(p,0,NO_OPLOCK_RETURN);
911 SSVAL(p,0,fsp->fnum);
913 SIVAL(p,0,smb_action);
917 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
919 if (lp_dos_filetime_resolution(SNUM(conn))) {
926 put_long_date(p,c_time);
928 put_long_date(p,sbuf.st_atime); /* access time */
930 put_long_date(p,sbuf.st_mtime); /* write time */
932 put_long_date(p,sbuf.st_mtime); /* change time */
934 SIVAL(p,0,fmode); /* File Attributes. */
936 SOFF_T(p, 0, file_len);
938 SOFF_T(p,0,file_len);
940 SCVAL(p,0,fsp->is_directory ? 1 : 0);
942 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
944 result = chain_reply(inbuf,outbuf,length,bufsize);
945 END_PROFILE(SMBntcreateX);
949 /****************************************************************************
950 Reply to a NT_TRANSACT_CREATE call to open a pipe.
951 ****************************************************************************/
953 static int do_nt_transact_create_pipe( connection_struct *conn,
954 char *inbuf, char *outbuf, int length,
955 int bufsize, char **ppsetup, char **ppparams,
959 int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
960 char *params = *ppparams;
966 * Ensure minimum number of parameters sent.
969 if(total_parameter_count < 54) {
970 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
971 return(ERROR(ERRDOS,ERRbadaccess));
974 srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE|STR_CONVERT);
976 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
979 /* Realloc the size of parameters and data we will return */
980 params = Realloc(*ppparams, 69);
982 return(ERROR(ERRDOS,ERRnomem));
986 memset((char *)params,'\0',69);
989 SCVAL(p,0,NO_OPLOCK_RETURN);
994 SIVAL(p,0,FILE_WAS_OPENED);
998 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
1001 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
1003 SSVAL(p,2, 0x5FF); /* ? */
1005 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
1007 /* Send the required number of replies */
1008 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 69, *ppdata, 0);
1013 /****************************************************************************
1014 Internal fn to set security descriptors.
1015 ****************************************************************************/
1017 static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint security_info_sent, int *pdef_class,uint32 *pdef_code)
1020 SEC_DESC *psd = NULL;
1021 TALLOC_CTX *mem_ctx;
1025 *pdef_class = ERRDOS;
1026 *pdef_code = ERRbadaccess;
1031 * Init the parse struct we will unmarshall from.
1034 if ((mem_ctx = talloc_init()) == NULL) {
1035 DEBUG(0,("set_sd: talloc_init failed.\n"));
1036 *pdef_class = ERRDOS;
1037 *pdef_code = ERRnomem;
1041 prs_init(&pd, 0, mem_ctx, UNMARSHALL);
1044 * Setup the prs_struct to point at the memory we just
1048 prs_give_memory( &pd, data, sd_len, False);
1051 * Finally, unmarshall from the data buffer.
1054 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1055 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
1057 * Return access denied for want of a better error message..
1059 talloc_destroy(mem_ctx);
1060 *pdef_class = ERRDOS;
1061 *pdef_code = ERRnomem;
1065 if (psd->off_owner_sid==0)
1066 security_info_sent &= ~OWNER_SECURITY_INFORMATION;
1067 if (psd->off_grp_sid==0)
1068 security_info_sent &= ~GROUP_SECURITY_INFORMATION;
1069 if (psd->off_sacl==0)
1070 security_info_sent &= ~SACL_SECURITY_INFORMATION;
1071 if (psd->off_dacl==0)
1072 security_info_sent &= ~DACL_SECURITY_INFORMATION;
1074 ret = fsp->conn->vfs_ops.fset_nt_acl( fsp, fsp->fd, security_info_sent, psd);
1077 talloc_destroy(mem_ctx);
1078 *pdef_class = ERRDOS;
1079 *pdef_code = ERRnoaccess;
1083 talloc_destroy(mem_ctx);
1090 /****************************************************************************
1091 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1092 ****************************************************************************/
1094 static int call_nt_transact_create(connection_struct *conn,
1095 char *inbuf, char *outbuf, int length,
1096 int bufsize, char **ppsetup, char **ppparams,
1100 char *params = *ppparams;
1101 char *data = *ppdata;
1102 int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
1103 /* Breakout the oplock request bits so we can set the
1104 reply bits separately. */
1105 int oplock_request = 0;
1107 int fmode=0,rmode=0;
1108 SMB_OFF_T file_len = 0;
1109 SMB_STRUCT_STAT sbuf;
1111 BOOL bad_path = False;
1112 files_struct *fsp = NULL;
1114 BOOL stat_open_only = False;
1116 uint32 desired_access;
1117 uint32 file_attributes;
1118 uint32 share_access;
1119 uint32 create_disposition;
1120 uint32 create_options;
1122 uint16 root_dir_fid;
1130 DEBUG(5,("call_nt_transact_create\n"));
1133 * If it's an IPC, use the pipe handler.
1137 if (lp_nt_pipe_support())
1138 return do_nt_transact_create_pipe(conn, inbuf, outbuf, length,
1139 bufsize, ppsetup, ppparams, ppdata);
1141 return(ERROR(ERRDOS,ERRbadaccess));
1145 * Ensure minimum number of parameters sent.
1148 if(total_parameter_count < 54) {
1149 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
1150 return(ERROR(ERRDOS,ERRbadaccess));
1153 flags = IVAL(params,0);
1154 desired_access = IVAL(params,8);
1155 file_attributes = IVAL(params,20);
1156 share_access = IVAL(params,24);
1157 create_disposition = IVAL(params,28);
1158 create_options = IVAL(params,32);
1159 sd_len = IVAL(params,36);
1160 root_dir_fid = (uint16)IVAL(params,4);
1161 smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
1164 * We need to construct the open_and_X ofun value from the
1165 * NT values, as that's what our code is structured to accept.
1168 if((smb_ofun = map_create_disposition( create_disposition )) == -1)
1169 return(ERROR(ERRDOS,ERRbadmem));
1172 * Get the file name.
1175 if(root_dir_fid != 0) {
1177 * This filename is relative to a directory fid.
1180 files_struct *dir_fsp = file_fsp(params,4);
1181 size_t dir_name_len;
1184 return(ERROR(ERRDOS,ERRbadfid));
1186 if(!dir_fsp->is_directory) {
1188 * Check to see if this is a mac fork of some kind.
1191 srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE|STR_CONVERT);
1193 if( strchr(fname, ':')) {
1194 SSVAL(outbuf, smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
1195 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND));
1198 return(ERROR(ERRDOS,ERRbadfid));
1202 * Copy in the base directory name.
1205 pstrcpy( fname, dir_fsp->fsp_name );
1206 dir_name_len = strlen(fname);
1209 * Ensure it ends in a '\'.
1212 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
1213 pstrcat(fname, "\\");
1217 srvstr_pull(inbuf, &fname[dir_name_len], params+53, sizeof(fname)-dir_name_len,
1218 -1, STR_TERMINATE|STR_CONVERT);
1220 srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE|STR_CONVERT);
1224 * Now contruct the smb_open_mode value from the desired access
1225 * and the share access.
1228 if((smb_open_mode = map_share_mode( &stat_open_only, fname, desired_access,
1229 share_access, file_attributes)) == -1)
1230 return(ERROR(ERRDOS,ERRbadaccess));
1232 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1233 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
1236 * Check if POSIX semantics are wanted.
1239 set_posix_case_semantics(file_attributes);
1241 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1243 unix_convert(fname,conn,0,&bad_path,&sbuf);
1245 unixmode = unix_mode(conn,smb_attr | aARCH, fname);
1248 * If it's a request for a directory open, deal with it separately.
1251 if(create_options & FILE_DIRECTORY_FILE) {
1256 * We will get a create directory here if the Win32
1257 * app specified a security descriptor in the
1258 * CreateDirectory() call.
1261 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
1264 restore_case_semantics(file_attributes);
1265 if((errno == ENOENT) && bad_path) {
1266 unix_ERR_class = ERRDOS;
1267 unix_ERR_code = ERRbadpath;
1269 return(UNIXERROR(ERRDOS,ERRnoaccess));
1275 * Ordinary file case.
1278 fsp = open_file_shared(conn,fname,&sbuf,smb_open_mode,smb_ofun,unixmode,
1279 oplock_request,&rmode,&smb_action);
1283 if(errno == EISDIR) {
1286 * Fail the open if it was explicitly a non-directory file.
1289 if (create_options & FILE_NON_DIRECTORY_FILE) {
1290 restore_case_semantics(file_attributes);
1291 SSVAL(outbuf, smb_flg2,
1292 SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
1293 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY));
1297 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
1300 restore_case_semantics(file_attributes);
1301 if((errno == ENOENT) && bad_path) {
1302 unix_ERR_class = ERRDOS;
1303 unix_ERR_code = ERRbadpath;
1305 return(UNIXERROR(ERRDOS,ERRnoaccess));
1308 } else if (((errno == EACCES) || (errno == EROFS)) && stat_open_only) {
1310 } else if (errno == EACCES && stat_open_only) {
1314 * We couldn't open normally and all we want
1315 * are the permissions. Try and do a stat open.
1320 fsp = open_file_stat(conn,fname,&sbuf,smb_open_mode,&smb_action);
1323 restore_case_semantics(file_attributes);
1324 return(UNIXERROR(ERRDOS,ERRnoaccess));
1328 if((errno == ENOENT) && bad_path) {
1329 unix_ERR_class = ERRDOS;
1330 unix_ERR_code = ERRbadpath;
1333 restore_case_semantics(file_attributes);
1335 return(UNIXERROR(ERRDOS,ERRnoaccess));
1339 file_len = sbuf.st_size;
1340 fmode = dos_mode(conn,fname,&sbuf);
1342 fmode = FILE_ATTRIBUTE_NORMAL;
1345 close_file(fsp,False);
1346 restore_case_semantics(file_attributes);
1347 return(ERROR(ERRDOS,ERRnoaccess));
1351 * If the caller set the extended oplock request bit
1352 * and we granted one (by whatever means) - set the
1353 * correct bit for extended oplock reply.
1356 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
1357 smb_action |= EXTENDED_OPLOCK_GRANTED;
1359 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
1360 smb_action |= EXTENDED_OPLOCK_GRANTED;
1364 * Now try and apply the desired SD.
1367 if (!set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION, &error_class, &error_code)) {
1368 close_file(fsp,False);
1369 restore_case_semantics(file_attributes);
1370 return(ERROR(error_class, error_code));
1373 restore_case_semantics(file_attributes);
1375 /* Realloc the size of parameters and data we will return */
1376 params = Realloc(*ppparams, 69);
1378 return(ERROR(ERRDOS,ERRnomem));
1382 memset((char *)params,'\0',69);
1385 if (smb_action & EXTENDED_OPLOCK_GRANTED)
1386 SCVAL(p,0, BATCH_OPLOCK_RETURN);
1387 else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
1388 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
1390 SCVAL(p,0,NO_OPLOCK_RETURN);
1393 SSVAL(p,0,fsp->fnum);
1395 SIVAL(p,0,smb_action);
1399 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
1401 if (lp_dos_filetime_resolution(SNUM(conn))) {
1403 sbuf.st_atime &= ~1;
1404 sbuf.st_mtime &= ~1;
1405 sbuf.st_mtime &= ~1;
1408 put_long_date(p,c_time);
1410 put_long_date(p,sbuf.st_atime); /* access time */
1412 put_long_date(p,sbuf.st_mtime); /* write time */
1414 put_long_date(p,sbuf.st_mtime); /* change time */
1416 SIVAL(p,0,fmode); /* File Attributes. */
1418 SOFF_T(p,0,file_len);
1420 SOFF_T(p,0,file_len);
1422 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
1424 /* Send the required number of replies */
1425 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 69, *ppdata, 0);
1430 /****************************************************************************
1431 Reply to a NT CANCEL request.
1432 ****************************************************************************/
1433 int reply_ntcancel(connection_struct *conn,
1434 char *inbuf,char *outbuf,int length,int bufsize)
1437 * Go through and cancel any pending change notifies.
1440 int mid = SVAL(inbuf,smb_mid);
1441 START_PROFILE(SMBntcancel);
1442 remove_pending_change_notify_requests_by_mid(mid);
1443 remove_pending_lock_requests_by_mid(mid);
1445 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid));
1447 END_PROFILE(SMBntcancel);
1451 /****************************************************************************
1452 Reply to an unsolicited SMBNTtranss - just ignore it!
1453 ****************************************************************************/
1454 int reply_nttranss(connection_struct *conn,
1455 char *inbuf,char *outbuf,int length,int bufsize)
1457 START_PROFILE(SMBnttranss);
1458 DEBUG(4,("Ignoring nttranss of length %d\n",length));
1459 END_PROFILE(SMBnttranss);
1463 /****************************************************************************
1464 Reply to a notify change - queue the request and
1465 don't allow a directory to be opened.
1466 ****************************************************************************/
1467 static int call_nt_transact_notify_change(connection_struct *conn,
1468 char *inbuf, char *outbuf, int length,
1471 char **ppparams, char **ppdata)
1473 char *setup = *ppsetup;
1477 fsp = file_fsp(setup,4);
1478 flags = IVAL(setup, 0);
1480 DEBUG(3,("call_nt_transact_notify_change\n"));
1483 return(ERROR(ERRDOS,ERRbadfid));
1485 if((!fsp->is_directory) || (conn != fsp->conn))
1486 return(ERROR(ERRDOS,ERRbadfid));
1488 if (!change_notify_set(inbuf, fsp, conn, flags)) {
1489 return(UNIXERROR(ERRDOS,ERRbadfid));
1492 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
1493 name = %s\n", fsp->fsp_name ));
1498 /****************************************************************************
1499 Reply to an NT transact rename command.
1500 ****************************************************************************/
1502 static int call_nt_transact_rename(connection_struct *conn,
1503 char *inbuf, char *outbuf, int length,
1505 char **ppsetup, char **ppparams, char **ppdata)
1507 char *params = *ppparams;
1509 files_struct *fsp = file_fsp(params, 0);
1510 BOOL replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
1513 CHECK_FSP(fsp, conn);
1514 srvstr_pull(inbuf, new_name, params+4, sizeof(new_name), -1, STR_TERMINATE|STR_CONVERT);
1516 outsize = rename_internals(conn, inbuf, outbuf, fsp->fsp_name,
1517 new_name, replace_if_exists);
1520 * Rename was successful.
1522 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
1524 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
1525 fsp->fsp_name, new_name));
1530 * Win2k needs a changenotify request response before it will
1531 * update after a rename..
1534 process_pending_change_notify_queue((time_t)0);
1541 /****************************************************************************
1542 Reply to query a security descriptor - currently this is not implemented (it
1543 is planned to be though). Right now it just returns the same thing NT would
1544 when queried on a FAT filesystem. JRA.
1545 ****************************************************************************/
1547 static int call_nt_transact_query_security_desc(connection_struct *conn,
1548 char *inbuf, char *outbuf,
1549 int length, int bufsize,
1550 char **ppsetup, char **ppparams, char **ppdata)
1552 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
1553 char *params = *ppparams;
1554 char *data = *ppdata;
1556 SEC_DESC *psd = NULL;
1558 TALLOC_CTX *mem_ctx;
1560 files_struct *fsp = file_fsp(params,0);
1563 return(ERROR(ERRDOS,ERRbadfid));
1565 DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp->fsp_name ));
1567 params = Realloc(*ppparams, 4);
1569 return(ERROR(ERRDOS,ERRnomem));
1574 * Get the permissions to return.
1577 if((sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd)) == 0)
1578 return(UNIXERROR(ERRDOS,ERRnoaccess));
1580 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size));
1582 SIVAL(params,0,(uint32)sd_size);
1584 if(max_data_count < sd_size) {
1586 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL,
1587 params, 4, *ppdata, 0);
1592 * Allocate the data we will point this at.
1595 data = Realloc(*ppdata, sd_size);
1597 return(ERROR(ERRDOS,ERRnomem));
1602 memset(data, '\0', sd_size);
1605 * Init the parse struct we will marshall into.
1608 if ((mem_ctx = talloc_init()) == NULL) {
1609 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
1610 return(ERROR(ERRDOS,ERRnomem));
1613 prs_init(&pd, 0, mem_ctx, MARSHALL);
1616 * Setup the prs_struct to point at the memory we just
1620 prs_give_memory( &pd, data, (uint32)sd_size, False);
1623 * Finally, linearize into the outgoing buffer.
1626 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1627 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
1628 security descriptor.\n"));
1630 * Return access denied for want of a better error message..
1632 talloc_destroy(mem_ctx);
1633 return(UNIXERROR(ERRDOS,ERRnoaccess));
1637 * Now we can delete the security descriptor.
1640 talloc_destroy(mem_ctx);
1642 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 4, data, (int)sd_size);
1646 /****************************************************************************
1647 Reply to set a security descriptor. Map to UNIX perms.
1648 ****************************************************************************/
1650 static int call_nt_transact_set_security_desc(connection_struct *conn,
1651 char *inbuf, char *outbuf, int length,
1652 int bufsize, char **ppsetup,
1653 char **ppparams, char **ppdata)
1655 uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
1656 char *params= *ppparams;
1657 char *data = *ppdata;
1658 uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
1659 files_struct *fsp = NULL;
1660 uint32 security_info_sent = 0;
1664 if(!lp_nt_acl_support())
1665 return(UNIXERROR(ERRDOS,ERRnoaccess));
1667 if(total_parameter_count < 8)
1668 return(ERROR(ERRDOS,ERRbadfunc));
1670 if((fsp = file_fsp(params,0)) == NULL)
1671 return(ERROR(ERRDOS,ERRbadfid));
1673 security_info_sent = IVAL(params,4);
1675 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
1676 (unsigned int)security_info_sent ));
1678 if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code))
1679 return (ERROR(error_class, error_code));
1681 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
1685 /****************************************************************************
1686 Reply to IOCTL - not implemented - no plans.
1687 ****************************************************************************/
1688 static int call_nt_transact_ioctl(connection_struct *conn,
1689 char *inbuf, char *outbuf, int length,
1691 char **ppsetup, char **ppparams, char **ppdata)
1693 static BOOL logged_message = False;
1695 if(!logged_message) {
1696 DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
1697 logged_message = True; /* Only print this once... */
1699 return(ERROR(ERRSRV,ERRnosupport));
1702 /****************************************************************************
1703 Reply to a SMBNTtrans.
1704 ****************************************************************************/
1705 int reply_nttrans(connection_struct *conn,
1706 char *inbuf,char *outbuf,int length,int bufsize)
1709 #if 0 /* Not used. */
1710 uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount);
1711 uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount);
1712 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
1713 #endif /* Not used. */
1714 uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount);
1715 uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount);
1716 uint32 parameter_count = IVAL(inbuf,smb_nt_ParameterCount);
1717 uint32 parameter_offset = IVAL(inbuf,smb_nt_ParameterOffset);
1718 uint32 data_count = IVAL(inbuf,smb_nt_DataCount);
1719 uint32 data_offset = IVAL(inbuf,smb_nt_DataOffset);
1720 uint16 setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); /* setup count is in *words* */
1721 uint16 function_code = SVAL( inbuf, smb_nt_Function);
1722 char *params = NULL, *data = NULL, *setup = NULL;
1723 uint32 num_params_sofar, num_data_sofar;
1724 START_PROFILE(SMBnttrans);
1726 if(global_oplock_break && (function_code == NT_TRANSACT_CREATE)) {
1728 * Queue this open message as we are the process of an oplock break.
1731 DEBUG(2,("reply_nttrans: queueing message NT_TRANSACT_CREATE \
1732 due to being in oplock break state.\n" ));
1734 push_oplock_pending_smb_message( inbuf, length);
1735 END_PROFILE(SMBnttrans);
1739 if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
1740 END_PROFILE(SMBnttrans);
1741 return (ERROR(ERRSRV,ERRaccess));
1744 outsize = set_message(outbuf,0,0,True);
1747 * All nttrans messages we handle have smb_wct == 19 + setup_count.
1748 * Ensure this is so as a sanity check.
1751 if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) {
1752 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
1753 CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
1754 END_PROFILE(SMBnttrans);
1755 return(ERROR(ERRSRV,ERRerror));
1758 /* Allocate the space for the setup, the maximum needed parameters and data */
1761 setup = (char *)malloc(setup_count);
1762 if (total_parameter_count > 0)
1763 params = (char *)malloc(total_parameter_count);
1764 if (total_data_count > 0)
1765 data = (char *)malloc(total_data_count);
1767 if ((total_parameter_count && !params) || (total_data_count && !data) ||
1768 (setup_count && !setup)) {
1772 DEBUG(0,("reply_nttrans : Out of memory\n"));
1773 END_PROFILE(SMBnttrans);
1774 return(ERROR(ERRDOS,ERRnomem));
1777 /* Copy the param and data bytes sent with this request into
1778 the params buffer */
1779 num_params_sofar = parameter_count;
1780 num_data_sofar = data_count;
1782 if (parameter_count > total_parameter_count || data_count > total_data_count)
1783 exit_server("reply_nttrans: invalid sizes in packet.\n");
1786 memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
1787 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
1788 dump_data(10, setup, setup_count);
1791 memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
1792 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
1793 dump_data(10, params, parameter_count);
1796 memcpy( data, smb_base(inbuf) + data_offset, data_count);
1797 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
1798 dump_data(10, data, data_count);
1801 if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
1802 /* We need to send an interim response then receive the rest
1803 of the parameter/data bytes */
1804 outsize = set_message(outbuf,0,0,True);
1805 if (!send_smb(smbd_server_fd(),outbuf))
1806 exit_server("reply_nttrans: send_smb failed.\n");
1808 while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
1811 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
1813 if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
1814 outsize = set_message(outbuf,0,0,True);
1816 DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
1818 DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
1819 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
1827 END_PROFILE(SMBnttrans);
1828 return(ERROR(ERRSRV,ERRerror));
1831 /* Revise total_params and total_data in case they have changed downwards */
1832 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
1833 total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
1834 num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
1835 num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
1836 if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
1837 exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
1839 memcpy( ¶ms[ IVAL(inbuf, smb_nts_ParameterDisplacement)],
1840 smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
1841 memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
1842 smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
1846 if (Protocol >= PROTOCOL_NT1) {
1847 SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | 0x40); /* IS_LONG_NAME */
1850 /* Now we must call the relevant NT_TRANS function */
1851 switch(function_code) {
1852 case NT_TRANSACT_CREATE:
1853 START_PROFILE_NESTED(NT_transact_create);
1854 outsize = call_nt_transact_create(conn, inbuf, outbuf, length, bufsize,
1855 &setup, ¶ms, &data);
1856 END_PROFILE_NESTED(NT_transact_create);
1858 case NT_TRANSACT_IOCTL:
1859 START_PROFILE_NESTED(NT_transact_ioctl);
1860 outsize = call_nt_transact_ioctl(conn,
1861 inbuf, outbuf, length, bufsize,
1862 &setup, ¶ms, &data);
1863 END_PROFILE_NESTED(NT_transact_ioctl);
1865 case NT_TRANSACT_SET_SECURITY_DESC:
1866 START_PROFILE_NESTED(NT_transact_set_security_desc);
1867 outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf,
1869 &setup, ¶ms, &data);
1870 END_PROFILE_NESTED(NT_transact_set_security_desc);
1872 case NT_TRANSACT_NOTIFY_CHANGE:
1873 START_PROFILE_NESTED(NT_transact_notify_change);
1874 outsize = call_nt_transact_notify_change(conn, inbuf, outbuf,
1876 &setup, ¶ms, &data);
1877 END_PROFILE_NESTED(NT_transact_notify_change);
1879 case NT_TRANSACT_RENAME:
1880 START_PROFILE_NESTED(NT_transact_rename);
1881 outsize = call_nt_transact_rename(conn, inbuf, outbuf, length,
1883 &setup, ¶ms, &data);
1884 END_PROFILE_NESTED(NT_transact_rename);
1887 case NT_TRANSACT_QUERY_SECURITY_DESC:
1888 START_PROFILE_NESTED(NT_transact_query_security_desc);
1889 outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf,
1891 &setup, ¶ms, &data);
1892 END_PROFILE_NESTED(NT_transact_query_security_desc);
1895 /* Error in request */
1896 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code));
1903 END_PROFILE(SMBnttrans);
1904 return (ERROR(ERRSRV,ERRerror));
1907 /* As we do not know how many data packets will need to be
1908 returned here the various call_nt_transact_xxxx calls
1909 must send their own. Thus a call_nt_transact_xxxx routine only
1910 returns a value other than -1 when it wants to send
1920 END_PROFILE(SMBnttrans);
1921 return outsize; /* If a correct response was needed the call_nt_transact_xxxx
1922 calls have already sent it. If outsize != -1 then it is
1923 returning an error packet. */
git.samba.org / samba.git / blob