2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern BOOL global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 BOOL *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 BOOL start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, BOOL *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(const char *inbuf, uint16 smb_flags2, char *dest,
212 const char *src, size_t dest_len, size_t src_len,
213 int flags, NTSTATUS *err, BOOL *contains_wcard)
217 SMB_ASSERT(dest_len == sizeof(pstring));
221 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
224 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
225 dest_len, src_len, flags);
228 *contains_wcard = False;
230 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
232 * For a DFS path the function parse_dfs_path()
233 * will do the path processing, just make a copy.
239 if (lp_posix_pathnames()) {
240 *err = check_path_syntax_posix(dest);
242 *err = check_path_syntax_wcard(dest, contains_wcard);
248 /****************************************************************************
249 Pull a string and check the path - provide for error return.
250 ****************************************************************************/
252 size_t srvstr_get_path(const char *inbuf, uint16 smb_flags2, char *dest,
253 const char *src, size_t dest_len, size_t src_len,
254 int flags, NTSTATUS *err)
258 SMB_ASSERT(dest_len == sizeof(pstring));
262 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
265 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
266 dest_len, src_len, flags);
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(dest);
281 *err = check_path_syntax(dest);
287 /****************************************************************************
288 Check if we have a correct fsp pointing to a file. Replacement for the
290 ****************************************************************************/
292 BOOL check_fsp(connection_struct *conn, struct smb_request *req,
293 files_struct *fsp, struct current_user *user)
295 if (!(fsp) || !(conn)) {
296 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
299 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
300 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
303 if ((fsp)->is_directory) {
304 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
307 if ((fsp)->fh->fd == -1) {
308 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
311 (fsp)->num_smb_operations++;
315 /****************************************************************************
316 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
317 ****************************************************************************/
319 BOOL fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
320 files_struct *fsp, struct current_user *user)
322 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
323 && (current_user.vuid==(fsp)->vuid)) {
327 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
331 /****************************************************************************
332 Reply to a (netbios-level) special message.
333 ****************************************************************************/
335 void reply_special(char *inbuf)
337 int msg_type = CVAL(inbuf,0);
338 int msg_flags = CVAL(inbuf,1);
343 * We only really use 4 bytes of the outbuf, but for the smb_setlen
344 * calculation & friends (send_smb uses that) we need the full smb
347 char outbuf[smb_size];
349 static BOOL already_got_session = False;
353 memset(outbuf, '\0', sizeof(outbuf));
355 smb_setlen(inbuf,outbuf,0);
358 case 0x81: /* session request */
360 if (already_got_session) {
361 exit_server_cleanly("multiple session request not permitted");
364 SCVAL(outbuf,0,0x82);
366 if (name_len(inbuf+4) > 50 ||
367 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
368 DEBUG(0,("Invalid name length in session request\n"));
371 name_extract(inbuf,4,name1);
372 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
373 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
376 set_local_machine_name(name1, True);
377 set_remote_machine_name(name2, True);
379 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
380 get_local_machine_name(), get_remote_machine_name(),
383 if (name_type == 'R') {
384 /* We are being asked for a pathworks session ---
386 SCVAL(outbuf, 0,0x83);
390 /* only add the client's machine name to the list
391 of possibly valid usernames if we are operating
392 in share mode security */
393 if (lp_security() == SEC_SHARE) {
394 add_session_user(get_remote_machine_name());
397 reload_services(True);
400 already_got_session = True;
403 case 0x89: /* session keepalive request
404 (some old clients produce this?) */
405 SCVAL(outbuf,0,SMBkeepalive);
409 case 0x82: /* positive session response */
410 case 0x83: /* negative session response */
411 case 0x84: /* retarget session response */
412 DEBUG(0,("Unexpected session response\n"));
415 case SMBkeepalive: /* session keepalive */
420 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
421 msg_type, msg_flags));
423 send_smb(smbd_server_fd(), outbuf);
427 /****************************************************************************
429 conn POINTER CAN BE NULL HERE !
430 ****************************************************************************/
432 int reply_tcon(connection_struct *conn,
433 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
437 char *service_buf = NULL;
438 char *password = NULL;
441 uint16 vuid = SVAL(inbuf,smb_uid);
445 DATA_BLOB password_blob;
447 START_PROFILE(SMBtcon);
449 ctx = talloc_init("reply_tcon");
451 END_PROFILE(SMBtcon);
452 return ERROR_NT(NT_STATUS_NO_MEMORY);
455 p = smb_buf(inbuf)+1;
456 p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
457 &service_buf, p, STR_TERMINATE) + 1;
458 pwlen = srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
459 &password, p, STR_TERMINATE) + 1;
461 p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
462 &dev, p, STR_TERMINATE) + 1;
464 if (service_buf == NULL || password == NULL || dev == NULL) {
466 END_PROFILE(SMBtcon);
467 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
469 p = strrchr_m(service_buf,'\\');
473 service = service_buf;
476 password_blob = data_blob(password, pwlen+1);
478 conn = make_connection(service,password_blob,dev,vuid,&nt_status);
480 data_blob_clear_free(&password_blob);
484 END_PROFILE(SMBtcon);
485 return ERROR_NT(nt_status);
488 outsize = set_message(inbuf,outbuf,2,0,True);
489 SSVAL(outbuf,smb_vwv0,max_recv);
490 SSVAL(outbuf,smb_vwv1,conn->cnum);
491 SSVAL(outbuf,smb_tid,conn->cnum);
493 DEBUG(3,("tcon service=%s cnum=%d\n",
494 service, conn->cnum));
496 END_PROFILE(SMBtcon);
501 /****************************************************************************
502 Reply to a tcon and X.
503 conn POINTER CAN BE NULL HERE !
504 ****************************************************************************/
506 void reply_tcon_and_X(connection_struct *conn, struct smb_request *req)
508 char *service = NULL;
511 TALLOC_CTX *ctx = NULL;
512 /* what the cleint thinks the device is */
513 char *client_devicetype = NULL;
514 /* what the server tells the client the share represents */
515 const char *server_devicetype;
522 START_PROFILE(SMBtconX);
525 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
526 END_PROFILE(SMBtconX);
530 passlen = SVAL(req->inbuf,smb_vwv3);
531 tcon_flags = SVAL(req->inbuf,smb_vwv2);
533 /* we might have to close an old one */
534 if ((tcon_flags & 0x1) && conn) {
535 close_cnum(conn,req->vuid);
538 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
539 reply_doserror(req, ERRDOS, ERRbuftoosmall);
540 END_PROFILE(SMBtconX);
544 if (global_encrypted_passwords_negotiated) {
545 password = data_blob(smb_buf(req->inbuf),passlen);
546 if (lp_security() == SEC_SHARE) {
548 * Security = share always has a pad byte
549 * after the password.
551 p = smb_buf(req->inbuf) + passlen + 1;
553 p = smb_buf(req->inbuf) + passlen;
556 password = data_blob(smb_buf(req->inbuf),passlen+1);
557 /* Ensure correct termination */
558 password.data[passlen]=0;
559 p = smb_buf(req->inbuf) + passlen + 1;
562 ctx = talloc_init("reply_tcon_and_X");
564 data_blob_clear_free(&password);
565 reply_nterror(req, NT_STATUS_NO_MEMORY);
566 END_PROFILE(SMBtconX);
569 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
573 data_blob_clear_free(&password);
575 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
576 END_PROFILE(SMBtconX);
581 * the service name can be either: \\server\share
582 * or share directly like on the DELL PowerVault 705
585 q = strchr_m(path+2,'\\');
587 data_blob_clear_free(&password);
589 reply_doserror(req, ERRDOS, ERRnosuchshare);
590 END_PROFILE(SMBtconX);
598 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
599 &client_devicetype, p,
600 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
602 if (client_devicetype == NULL) {
603 data_blob_clear_free(&password);
605 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
606 END_PROFILE(SMBtconX);
610 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
612 conn = make_connection(service, password, client_devicetype,
613 req->vuid, &nt_status);
615 data_blob_clear_free(&password);
619 reply_nterror(req, nt_status);
620 END_PROFILE(SMBtconX);
625 server_devicetype = "IPC";
626 else if ( IS_PRINT(conn) )
627 server_devicetype = "LPT1:";
629 server_devicetype = "A:";
631 if (Protocol < PROTOCOL_NT1) {
632 reply_outbuf(req, 2, 0);
633 if (message_push_string(&req->outbuf, server_devicetype,
634 STR_TERMINATE|STR_ASCII) == -1) {
636 reply_nterror(req, NT_STATUS_NO_MEMORY);
637 END_PROFILE(SMBtconX);
641 /* NT sets the fstype of IPC$ to the null string */
642 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
644 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
645 /* Return permissions. */
649 reply_outbuf(req, 7, 0);
652 perm1 = FILE_ALL_ACCESS;
653 perm2 = FILE_ALL_ACCESS;
655 perm1 = CAN_WRITE(conn) ?
660 SIVAL(req->outbuf, smb_vwv3, perm1);
661 SIVAL(req->outbuf, smb_vwv5, perm2);
663 reply_outbuf(req, 3, 0);
666 if ((message_push_string(&req->outbuf, server_devicetype,
667 STR_TERMINATE|STR_ASCII) == -1)
668 || (message_push_string(&req->outbuf, fstype,
669 STR_TERMINATE) == -1)) {
671 reply_nterror(req, NT_STATUS_NO_MEMORY);
672 END_PROFILE(SMBtconX);
676 /* what does setting this bit do? It is set by NT4 and
677 may affect the ability to autorun mounted cdroms */
678 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
679 (lp_csc_policy(SNUM(conn)) << 2));
681 init_dfsroot(conn, req->inbuf, req->outbuf);
685 DEBUG(3,("tconX service=%s \n",
688 /* set the incoming and outgoing tid to the just created one */
689 SSVAL(req->inbuf,smb_tid,conn->cnum);
690 SSVAL(req->outbuf,smb_tid,conn->cnum);
693 END_PROFILE(SMBtconX);
695 chain_reply_new(req);
699 /****************************************************************************
700 Reply to an unknown type.
701 ****************************************************************************/
703 int reply_unknown(char *inbuf,char *outbuf)
706 type = CVAL(inbuf,smb_com);
708 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
709 smb_fn_name(type), type, type));
711 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
714 void reply_unknown_new(struct smb_request *req, uint8 type)
716 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
717 smb_fn_name(type), type, type));
718 reply_doserror(req, ERRSRV, ERRunknownsmb);
722 /****************************************************************************
724 conn POINTER CAN BE NULL HERE !
725 ****************************************************************************/
727 int reply_ioctl(connection_struct *conn,
728 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
730 uint16 device = SVAL(inbuf,smb_vwv1);
731 uint16 function = SVAL(inbuf,smb_vwv2);
732 uint32 ioctl_code = (device << 16) + function;
733 int replysize, outsize;
735 START_PROFILE(SMBioctl);
737 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
739 switch (ioctl_code) {
740 case IOCTL_QUERY_JOB_INFO:
744 END_PROFILE(SMBioctl);
745 return(ERROR_DOS(ERRSRV,ERRnosupport));
748 outsize = set_message(inbuf,outbuf,8,replysize+1,True);
749 SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
750 SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
751 SSVAL(outbuf,smb_vwv6,52); /* Offset to data */
752 p = smb_buf(outbuf) + 1; /* Allow for alignment */
754 switch (ioctl_code) {
755 case IOCTL_QUERY_JOB_INFO:
757 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
759 END_PROFILE(SMBioctl);
760 return(UNIXERROR(ERRDOS,ERRbadfid));
762 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
763 srvstr_push(outbuf, SVAL(outbuf, smb_flg2), p+2,
765 STR_TERMINATE|STR_ASCII);
767 srvstr_push(outbuf, SVAL(outbuf, smb_flg2),
768 p+18, lp_servicename(SNUM(conn)),
769 13, STR_TERMINATE|STR_ASCII);
775 END_PROFILE(SMBioctl);
779 /****************************************************************************
780 Strange checkpath NTSTATUS mapping.
781 ****************************************************************************/
783 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
785 /* Strange DOS error code semantics only for checkpath... */
786 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
787 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
788 /* We need to map to ERRbadpath */
789 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
795 /****************************************************************************
796 Reply to a checkpath.
797 ****************************************************************************/
799 void reply_checkpath(connection_struct *conn, struct smb_request *req)
802 SMB_STRUCT_STAT sbuf;
805 START_PROFILE(SMBcheckpath);
807 srvstr_get_path((char *)req->inbuf, req->flags2, name,
808 smb_buf(req->inbuf) + 1, sizeof(name), 0,
809 STR_TERMINATE, &status);
810 if (!NT_STATUS_IS_OK(status)) {
811 status = map_checkpath_error((char *)req->inbuf, status);
812 reply_nterror(req, status);
813 END_PROFILE(SMBcheckpath);
817 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES, name);
818 if (!NT_STATUS_IS_OK(status)) {
819 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
820 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
822 END_PROFILE(SMBcheckpath);
828 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
830 status = unix_convert(conn, name, False, NULL, &sbuf);
831 if (!NT_STATUS_IS_OK(status)) {
835 status = check_name(conn, name);
836 if (!NT_STATUS_IS_OK(status)) {
837 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
841 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
842 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
843 status = map_nt_error_from_unix(errno);
847 if (!S_ISDIR(sbuf.st_mode)) {
848 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
850 END_PROFILE(SMBcheckpath);
854 reply_outbuf(req, 0, 0);
856 END_PROFILE(SMBcheckpath);
861 END_PROFILE(SMBcheckpath);
863 /* We special case this - as when a Windows machine
864 is parsing a path is steps through the components
865 one at a time - if a component fails it expects
866 ERRbadpath, not ERRbadfile.
868 status = map_checkpath_error((char *)req->inbuf, status);
869 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
871 * Windows returns different error codes if
872 * the parent directory is valid but not the
873 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
874 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
875 * if the path is invalid.
877 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
882 reply_nterror(req, status);
885 /****************************************************************************
887 ****************************************************************************/
889 void reply_getatr(connection_struct *conn, struct smb_request *req)
892 SMB_STRUCT_STAT sbuf;
899 START_PROFILE(SMBgetatr);
901 p = smb_buf(req->inbuf) + 1;
902 p += srvstr_get_path((char *)req->inbuf, req->flags2, fname, p,
903 sizeof(fname), 0, STR_TERMINATE, &status);
904 if (!NT_STATUS_IS_OK(status)) {
905 reply_nterror(req, status);
906 END_PROFILE(SMBgetatr);
910 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
912 if (!NT_STATUS_IS_OK(status)) {
913 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
914 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
916 END_PROFILE(SMBgetatr);
919 reply_nterror(req, status);
920 END_PROFILE(SMBgetatr);
924 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
925 under WfWg - weird! */
926 if (*fname == '\0') {
927 mode = aHIDDEN | aDIR;
928 if (!CAN_WRITE(conn)) {
934 status = unix_convert(conn, fname, False, NULL,&sbuf);
935 if (!NT_STATUS_IS_OK(status)) {
936 reply_nterror(req, status);
937 END_PROFILE(SMBgetatr);
940 status = check_name(conn, fname);
941 if (!NT_STATUS_IS_OK(status)) {
942 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
943 reply_nterror(req, status);
944 END_PROFILE(SMBgetatr);
947 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
948 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
949 reply_unixerror(req, ERRDOS,ERRbadfile);
950 END_PROFILE(SMBgetatr);
954 mode = dos_mode(conn,fname,&sbuf);
956 mtime = sbuf.st_mtime;
962 reply_outbuf(req, 10, 0);
964 SSVAL(req->outbuf,smb_vwv0,mode);
965 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
966 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
968 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
970 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
972 if (Protocol >= PROTOCOL_NT1) {
973 SSVAL(req->outbuf, smb_flg2,
974 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
977 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
979 END_PROFILE(SMBgetatr);
983 /****************************************************************************
985 ****************************************************************************/
987 void reply_setatr(connection_struct *conn, struct smb_request *req)
992 SMB_STRUCT_STAT sbuf;
996 START_PROFILE(SMBsetatr);
999 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1003 p = smb_buf(req->inbuf) + 1;
1004 p += srvstr_get_path((char *)req->inbuf, req->flags2, fname, p,
1005 sizeof(fname), 0, STR_TERMINATE, &status);
1006 if (!NT_STATUS_IS_OK(status)) {
1007 reply_nterror(req, status);
1008 END_PROFILE(SMBsetatr);
1012 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1014 if (!NT_STATUS_IS_OK(status)) {
1015 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1016 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1017 ERRSRV, ERRbadpath);
1018 END_PROFILE(SMBsetatr);
1021 reply_nterror(req, status);
1022 END_PROFILE(SMBsetatr);
1026 status = unix_convert(conn, fname, False, NULL, &sbuf);
1027 if (!NT_STATUS_IS_OK(status)) {
1028 reply_nterror(req, status);
1029 END_PROFILE(SMBsetatr);
1033 status = check_name(conn, fname);
1034 if (!NT_STATUS_IS_OK(status)) {
1035 reply_nterror(req, status);
1036 END_PROFILE(SMBsetatr);
1040 if (fname[0] == '.' && fname[1] == '\0') {
1042 * Not sure here is the right place to catch this
1043 * condition. Might be moved to somewhere else later -- vl
1045 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1046 END_PROFILE(SMBsetatr);
1050 mode = SVAL(req->inbuf,smb_vwv0);
1051 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1053 if (mode != FILE_ATTRIBUTE_NORMAL) {
1054 if (VALID_STAT_OF_DIR(sbuf))
1059 if (file_set_dosmode(conn,fname,mode,&sbuf,False) != 0) {
1060 reply_unixerror(req, ERRDOS, ERRnoaccess);
1061 END_PROFILE(SMBsetatr);
1066 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1067 reply_unixerror(req, ERRDOS, ERRnoaccess);
1068 END_PROFILE(SMBsetatr);
1072 reply_outbuf(req, 0, 0);
1074 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1076 END_PROFILE(SMBsetatr);
1080 /****************************************************************************
1082 ****************************************************************************/
1084 void reply_dskattr(connection_struct *conn, struct smb_request *req)
1086 SMB_BIG_UINT dfree,dsize,bsize;
1087 START_PROFILE(SMBdskattr);
1089 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1090 reply_unixerror(req, ERRHRD, ERRgeneral);
1091 END_PROFILE(SMBdskattr);
1095 reply_outbuf(req, 5, 0);
1097 if (Protocol <= PROTOCOL_LANMAN2) {
1098 double total_space, free_space;
1099 /* we need to scale this to a number that DOS6 can handle. We
1100 use floating point so we can handle large drives on systems
1101 that don't have 64 bit integers
1103 we end up displaying a maximum of 2G to DOS systems
1105 total_space = dsize * (double)bsize;
1106 free_space = dfree * (double)bsize;
1108 dsize = (total_space+63*512) / (64*512);
1109 dfree = (free_space+63*512) / (64*512);
1111 if (dsize > 0xFFFF) dsize = 0xFFFF;
1112 if (dfree > 0xFFFF) dfree = 0xFFFF;
1114 SSVAL(req->outbuf,smb_vwv0,dsize);
1115 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1116 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1117 SSVAL(req->outbuf,smb_vwv3,dfree);
1119 SSVAL(req->outbuf,smb_vwv0,dsize);
1120 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1121 SSVAL(req->outbuf,smb_vwv2,512);
1122 SSVAL(req->outbuf,smb_vwv3,dfree);
1125 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1127 END_PROFILE(SMBdskattr);
1131 /****************************************************************************
1133 Can be called from SMBsearch, SMBffirst or SMBfunique.
1134 ****************************************************************************/
1136 int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1146 unsigned int numentries = 0;
1147 unsigned int maxentries = 0;
1148 BOOL finished = False;
1154 BOOL check_descend = False;
1155 BOOL expect_close = False;
1157 BOOL mask_contains_wcard = False;
1158 BOOL allow_long_path_components = (SVAL(inbuf,smb_flg2) & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1160 START_PROFILE(SMBsearch);
1162 if (lp_posix_pathnames()) {
1163 END_PROFILE(SMBsearch);
1164 return reply_unknown(inbuf, outbuf);
1167 *mask = *directory = *fname = 0;
1169 /* If we were called as SMBffirst then we must expect close. */
1170 if(CVAL(inbuf,smb_com) == SMBffirst) {
1171 expect_close = True;
1174 outsize = set_message(inbuf,outbuf,1,3,True);
1175 maxentries = SVAL(inbuf,smb_vwv0);
1176 dirtype = SVAL(inbuf,smb_vwv1);
1177 p = smb_buf(inbuf) + 1;
1178 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), path, p,
1179 sizeof(path), 0, STR_TERMINATE, &nt_status,
1180 &mask_contains_wcard);
1181 if (!NT_STATUS_IS_OK(nt_status)) {
1182 END_PROFILE(SMBsearch);
1183 return ERROR_NT(nt_status);
1186 nt_status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, path, &mask_contains_wcard);
1187 if (!NT_STATUS_IS_OK(nt_status)) {
1188 END_PROFILE(SMBsearch);
1189 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1190 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
1192 return ERROR_NT(nt_status);
1196 status_len = SVAL(p, 0);
1199 /* dirtype &= ~aDIR; */
1201 if (status_len == 0) {
1202 SMB_STRUCT_STAT sbuf;
1204 pstrcpy(directory,path);
1205 nt_status = unix_convert(conn, directory, True, NULL, &sbuf);
1206 if (!NT_STATUS_IS_OK(nt_status)) {
1207 END_PROFILE(SMBsearch);
1208 return ERROR_NT(nt_status);
1211 nt_status = check_name(conn, directory);
1212 if (!NT_STATUS_IS_OK(nt_status)) {
1213 END_PROFILE(SMBsearch);
1214 return ERROR_NT(nt_status);
1217 p = strrchr_m(directory,'/');
1219 pstrcpy(mask,directory);
1220 pstrcpy(directory,".");
1226 if (*directory == '\0') {
1227 pstrcpy(directory,".");
1229 memset((char *)status,'\0',21);
1230 SCVAL(status,0,(dirtype & 0x1F));
1234 memcpy(status,p,21);
1235 status_dirtype = CVAL(status,0) & 0x1F;
1236 if (status_dirtype != (dirtype & 0x1F)) {
1237 dirtype = status_dirtype;
1240 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1241 if (!conn->dirptr) {
1244 string_set(&conn->dirpath,dptr_path(dptr_num));
1245 pstrcpy(mask, dptr_wcard(dptr_num));
1247 * For a 'continue' search we have no string. So
1248 * check from the initial saved string.
1250 mask_contains_wcard = ms_has_wild(mask);
1253 p = smb_buf(outbuf) + 3;
1255 if (status_len == 0) {
1256 nt_status = dptr_create(conn,
1260 SVAL(inbuf,smb_pid),
1262 mask_contains_wcard,
1265 if (!NT_STATUS_IS_OK(nt_status)) {
1266 return ERROR_NT(nt_status);
1268 dptr_num = dptr_dnum(conn->dirptr);
1270 dirtype = dptr_attr(dptr_num);
1273 DEBUG(4,("dptr_num is %d\n",dptr_num));
1275 if ((dirtype&0x1F) == aVOLID) {
1276 memcpy(p,status,21);
1277 make_dir_struct(p,"???????????",volume_label(SNUM(conn)),
1278 0,aVOLID,0,!allow_long_path_components);
1279 dptr_fill(p+12,dptr_num);
1280 if (dptr_zero(p+12) && (status_len==0)) {
1285 p += DIR_STRUCT_SIZE;
1288 maxentries = MIN(maxentries, ((BUFFER_SIZE - (p - outbuf))/DIR_STRUCT_SIZE));
1290 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1291 conn->dirpath,lp_dontdescend(SNUM(conn))));
1292 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1293 check_descend = True;
1296 for (i=numentries;(i<maxentries) && !finished;i++) {
1297 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1299 memcpy(p,status,21);
1300 make_dir_struct(p,mask,fname,size, mode,date,
1301 !allow_long_path_components);
1302 if (!dptr_fill(p+12,dptr_num)) {
1306 p += DIR_STRUCT_SIZE;
1313 /* If we were called as SMBffirst with smb_search_id == NULL
1314 and no entries were found then return error and close dirptr
1317 if (numentries == 0) {
1318 dptr_close(&dptr_num);
1319 } else if(expect_close && status_len == 0) {
1320 /* Close the dptr - we know it's gone */
1321 dptr_close(&dptr_num);
1324 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1325 if(dptr_num >= 0 && CVAL(inbuf,smb_com) == SMBfunique) {
1326 dptr_close(&dptr_num);
1329 if ((numentries == 0) && !mask_contains_wcard) {
1330 return ERROR_BOTH(STATUS_NO_MORE_FILES,ERRDOS,ERRnofiles);
1333 SSVAL(outbuf,smb_vwv0,numentries);
1334 SSVAL(outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1335 SCVAL(smb_buf(outbuf),0,5);
1336 SSVAL(smb_buf(outbuf),1,numentries*DIR_STRUCT_SIZE);
1338 /* The replies here are never long name. */
1339 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1340 if (!allow_long_path_components) {
1341 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_LONG_PATH_COMPONENTS));
1344 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1345 SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1347 outsize += DIR_STRUCT_SIZE*numentries;
1348 smb_setlen(inbuf,outbuf,outsize - 4);
1350 if ((! *directory) && dptr_path(dptr_num))
1351 slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
1353 DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1354 smb_fn_name(CVAL(inbuf,smb_com)),
1355 mask, directory, dirtype, numentries, maxentries ) );
1357 END_PROFILE(SMBsearch);
1361 /****************************************************************************
1362 Reply to a fclose (stop directory search).
1363 ****************************************************************************/
1365 int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1374 BOOL path_contains_wcard = False;
1376 START_PROFILE(SMBfclose);
1378 if (lp_posix_pathnames()) {
1379 END_PROFILE(SMBfclose);
1380 return reply_unknown(inbuf, outbuf);
1383 outsize = set_message(inbuf,outbuf,1,0,True);
1384 p = smb_buf(inbuf) + 1;
1385 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), path, p,
1386 sizeof(path), 0, STR_TERMINATE, &err,
1387 &path_contains_wcard);
1388 if (!NT_STATUS_IS_OK(err)) {
1389 END_PROFILE(SMBfclose);
1390 return ERROR_NT(err);
1393 status_len = SVAL(p,0);
1396 if (status_len == 0) {
1397 END_PROFILE(SMBfclose);
1398 return ERROR_DOS(ERRSRV,ERRsrverror);
1401 memcpy(status,p,21);
1403 if(dptr_fetch(status+12,&dptr_num)) {
1404 /* Close the dptr - we know it's gone */
1405 dptr_close(&dptr_num);
1408 SSVAL(outbuf,smb_vwv0,0);
1410 DEBUG(3,("search close\n"));
1412 END_PROFILE(SMBfclose);
1416 /****************************************************************************
1418 ****************************************************************************/
1420 void reply_open(connection_struct *conn, struct smb_request *req)
1427 SMB_STRUCT_STAT sbuf;
1434 uint32 create_disposition;
1435 uint32 create_options = 0;
1438 START_PROFILE(SMBopen);
1441 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1442 END_PROFILE(SMBopen);
1446 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1447 deny_mode = SVAL(req->inbuf,smb_vwv0);
1448 dos_attr = SVAL(req->inbuf,smb_vwv1);
1450 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1451 smb_buf(req->inbuf)+1, sizeof(fname), 0,
1452 STR_TERMINATE, &status);
1453 if (!NT_STATUS_IS_OK(status)) {
1454 reply_nterror(req, status);
1455 END_PROFILE(SMBopen);
1459 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1461 if (!NT_STATUS_IS_OK(status)) {
1462 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1463 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1464 ERRSRV, ERRbadpath);
1465 END_PROFILE(SMBopen);
1468 reply_nterror(req, status);
1469 END_PROFILE(SMBopen);
1473 status = unix_convert(conn, fname, False, NULL, &sbuf);
1474 if (!NT_STATUS_IS_OK(status)) {
1475 reply_nterror(req, status);
1476 END_PROFILE(SMBopen);
1480 status = check_name(conn, fname);
1481 if (!NT_STATUS_IS_OK(status)) {
1482 reply_nterror(req, status);
1483 END_PROFILE(SMBopen);
1487 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1488 &access_mask, &share_mode, &create_disposition, &create_options)) {
1489 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1490 END_PROFILE(SMBopen);
1494 status = open_file_ntcreate(conn, req, fname, &sbuf,
1503 if (!NT_STATUS_IS_OK(status)) {
1504 if (open_was_deferred(req->mid)) {
1505 /* We have re-scheduled this call. */
1506 END_PROFILE(SMBopen);
1509 reply_nterror(req, status);
1510 END_PROFILE(SMBopen);
1514 size = sbuf.st_size;
1515 fattr = dos_mode(conn,fname,&sbuf);
1516 mtime = sbuf.st_mtime;
1519 DEBUG(3,("attempt to open a directory %s\n",fname));
1520 close_file(fsp,ERROR_CLOSE);
1521 reply_doserror(req, ERRDOS,ERRnoaccess);
1522 END_PROFILE(SMBopen);
1526 reply_outbuf(req, 7, 0);
1527 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1528 SSVAL(req->outbuf,smb_vwv1,fattr);
1529 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1530 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1532 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1534 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1535 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1537 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1538 SCVAL(req->outbuf,smb_flg,
1539 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1542 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1543 SCVAL(req->outbuf,smb_flg,
1544 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1546 END_PROFILE(SMBopen);
1550 /****************************************************************************
1551 Reply to an open and X.
1552 ****************************************************************************/
1554 void reply_open_and_X(connection_struct *conn, struct smb_request *req)
1560 /* Breakout the oplock request bits so we can set the
1561 reply bits separately. */
1562 int ex_oplock_request;
1563 int core_oplock_request;
1566 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1567 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1572 SMB_STRUCT_STAT sbuf;
1576 SMB_BIG_UINT allocation_size;
1577 ssize_t retval = -1;
1580 uint32 create_disposition;
1581 uint32 create_options = 0;
1583 START_PROFILE(SMBopenX);
1585 if (req->wct < 15) {
1586 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1587 END_PROFILE(SMBopenX);
1591 open_flags = SVAL(req->inbuf,smb_vwv2);
1592 deny_mode = SVAL(req->inbuf,smb_vwv3);
1593 smb_attr = SVAL(req->inbuf,smb_vwv5);
1594 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1595 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1596 oplock_request = ex_oplock_request | core_oplock_request;
1597 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1598 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1600 /* If it's an IPC, pass off the pipe handler. */
1602 if (lp_nt_pipe_support()) {
1603 reply_open_pipe_and_X(conn, req);
1605 reply_doserror(req, ERRSRV, ERRaccess);
1607 END_PROFILE(SMBopenX);
1611 /* XXXX we need to handle passed times, sattr and flags */
1612 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1613 smb_buf(req->inbuf), sizeof(fname), 0, STR_TERMINATE,
1615 if (!NT_STATUS_IS_OK(status)) {
1616 reply_nterror(req, status);
1617 END_PROFILE(SMBopenX);
1621 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1623 if (!NT_STATUS_IS_OK(status)) {
1624 END_PROFILE(SMBopenX);
1625 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1626 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1627 ERRSRV, ERRbadpath);
1630 reply_nterror(req, status);
1634 status = unix_convert(conn, fname, False, NULL, &sbuf);
1635 if (!NT_STATUS_IS_OK(status)) {
1636 reply_nterror(req, status);
1637 END_PROFILE(SMBopenX);
1641 status = check_name(conn, fname);
1642 if (!NT_STATUS_IS_OK(status)) {
1643 reply_nterror(req, status);
1644 END_PROFILE(SMBopenX);
1648 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1651 &create_disposition,
1653 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1654 END_PROFILE(SMBopenX);
1658 status = open_file_ntcreate(conn, req, fname, &sbuf,
1667 if (!NT_STATUS_IS_OK(status)) {
1668 END_PROFILE(SMBopenX);
1669 if (open_was_deferred(req->mid)) {
1670 /* We have re-scheduled this call. */
1673 reply_nterror(req, status);
1677 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1678 if the file is truncated or created. */
1679 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1680 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1681 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1682 close_file(fsp,ERROR_CLOSE);
1683 reply_nterror(req, NT_STATUS_DISK_FULL);
1684 END_PROFILE(SMBopenX);
1687 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1689 close_file(fsp,ERROR_CLOSE);
1690 reply_nterror(req, NT_STATUS_DISK_FULL);
1691 END_PROFILE(SMBopenX);
1694 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1697 fattr = dos_mode(conn,fname,&sbuf);
1698 mtime = sbuf.st_mtime;
1700 close_file(fsp,ERROR_CLOSE);
1701 reply_doserror(req, ERRDOS, ERRnoaccess);
1702 END_PROFILE(SMBopenX);
1706 /* If the caller set the extended oplock request bit
1707 and we granted one (by whatever means) - set the
1708 correct bit for extended oplock reply.
1711 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1712 smb_action |= EXTENDED_OPLOCK_GRANTED;
1715 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1716 smb_action |= EXTENDED_OPLOCK_GRANTED;
1719 /* If the caller set the core oplock request bit
1720 and we granted one (by whatever means) - set the
1721 correct bit for core oplock reply.
1724 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1725 reply_outbuf(req, 19, 0);
1727 reply_outbuf(req, 15, 0);
1730 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1731 SCVAL(req->outbuf, smb_flg,
1732 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1735 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1736 SCVAL(req->outbuf, smb_flg,
1737 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1740 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1741 SSVAL(req->outbuf,smb_vwv3,fattr);
1742 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1743 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1745 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1747 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1748 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1749 SSVAL(req->outbuf,smb_vwv11,smb_action);
1751 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1752 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1755 END_PROFILE(SMBopenX);
1756 chain_reply_new(req);
1760 /****************************************************************************
1761 Reply to a SMBulogoffX.
1762 conn POINTER CAN BE NULL HERE !
1763 ****************************************************************************/
1765 void reply_ulogoffX(connection_struct *conn, struct smb_request *req)
1769 START_PROFILE(SMBulogoffX);
1771 vuser = get_valid_user_struct(req->vuid);
1774 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1778 /* in user level security we are supposed to close any files
1779 open by this user */
1780 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1781 file_close_user(req->vuid);
1784 invalidate_vuid(req->vuid);
1786 reply_outbuf(req, 2, 0);
1788 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1790 END_PROFILE(SMBulogoffX);
1791 chain_reply_new(req);
1794 /****************************************************************************
1795 Reply to a mknew or a create.
1796 ****************************************************************************/
1798 void reply_mknew(connection_struct *conn, struct smb_request *req)
1803 struct timespec ts[2];
1805 int oplock_request = 0;
1806 SMB_STRUCT_STAT sbuf;
1808 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1809 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1810 uint32 create_disposition;
1811 uint32 create_options = 0;
1813 START_PROFILE(SMBcreate);
1816 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1817 END_PROFILE(SMBcreate);
1821 fattr = SVAL(req->inbuf,smb_vwv0);
1822 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1823 com = SVAL(req->inbuf,smb_com);
1825 ts[1] =convert_time_t_to_timespec(
1826 srv_make_unix_date3(req->inbuf + smb_vwv1));
1829 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1830 smb_buf(req->inbuf) + 1, sizeof(fname), 0,
1831 STR_TERMINATE, &status);
1832 if (!NT_STATUS_IS_OK(status)) {
1833 reply_nterror(req, status);
1834 END_PROFILE(SMBcreate);
1838 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1840 if (!NT_STATUS_IS_OK(status)) {
1841 END_PROFILE(SMBcreate);
1842 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1843 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1844 ERRSRV, ERRbadpath);
1847 reply_nterror(req, status);
1851 status = unix_convert(conn, fname, False, NULL, &sbuf);
1852 if (!NT_STATUS_IS_OK(status)) {
1853 reply_nterror(req, status);
1854 END_PROFILE(SMBcreate);
1858 status = check_name(conn, fname);
1859 if (!NT_STATUS_IS_OK(status)) {
1860 reply_nterror(req, status);
1861 END_PROFILE(SMBcreate);
1865 if (fattr & aVOLID) {
1866 DEBUG(0,("Attempt to create file (%s) with volid set - "
1867 "please report this\n", fname));
1870 if(com == SMBmknew) {
1871 /* We should fail if file exists. */
1872 create_disposition = FILE_CREATE;
1874 /* Create if file doesn't exist, truncate if it does. */
1875 create_disposition = FILE_OVERWRITE_IF;
1878 /* Open file using ntcreate. */
1879 status = open_file_ntcreate(conn, req, fname, &sbuf,
1888 if (!NT_STATUS_IS_OK(status)) {
1889 END_PROFILE(SMBcreate);
1890 if (open_was_deferred(req->mid)) {
1891 /* We have re-scheduled this call. */
1894 reply_nterror(req, status);
1898 ts[0] = get_atimespec(&sbuf); /* atime. */
1899 file_ntimes(conn, fname, ts);
1901 reply_outbuf(req, 1, 0);
1903 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1905 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1906 SCVAL(req->outbuf,smb_flg,
1907 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1910 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1911 SCVAL(req->outbuf,smb_flg,
1912 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1915 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1916 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
1917 fname, fsp->fh->fd, (unsigned int)fattr ) );
1919 END_PROFILE(SMBcreate);
1923 /****************************************************************************
1924 Reply to a create temporary file.
1925 ****************************************************************************/
1927 void reply_ctemp(connection_struct *conn, struct smb_request *req)
1934 SMB_STRUCT_STAT sbuf;
1938 START_PROFILE(SMBctemp);
1941 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1942 END_PROFILE(SMBctemp);
1946 fattr = SVAL(req->inbuf,smb_vwv0);
1947 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1949 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1950 smb_buf(req->inbuf)+1, sizeof(fname), 0, STR_TERMINATE,
1952 if (!NT_STATUS_IS_OK(status)) {
1953 reply_nterror(req, status);
1954 END_PROFILE(SMBctemp);
1958 pstrcat(fname,"/TMXXXXXX");
1960 pstrcat(fname,"TMXXXXXX");
1963 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1965 if (!NT_STATUS_IS_OK(status)) {
1966 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1967 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1968 ERRSRV, ERRbadpath);
1969 END_PROFILE(SMBctemp);
1972 reply_nterror(req, status);
1973 END_PROFILE(SMBctemp);
1977 status = unix_convert(conn, fname, False, NULL, &sbuf);
1978 if (!NT_STATUS_IS_OK(status)) {
1979 reply_nterror(req, status);
1980 END_PROFILE(SMBctemp);
1984 status = check_name(conn, fname);
1985 if (!NT_STATUS_IS_OK(status)) {
1986 reply_nterror(req, status);
1987 END_PROFILE(SMBctemp);
1991 tmpfd = smb_mkstemp(fname);
1993 reply_unixerror(req, ERRDOS, ERRnoaccess);
1994 END_PROFILE(SMBctemp);
1998 SMB_VFS_STAT(conn,fname,&sbuf);
2000 /* We should fail if file does not exist. */
2001 status = open_file_ntcreate(conn, req, fname, &sbuf,
2002 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2003 FILE_SHARE_READ|FILE_SHARE_WRITE,
2010 /* close fd from smb_mkstemp() */
2013 if (!NT_STATUS_IS_OK(status)) {
2014 if (open_was_deferred(req->mid)) {
2015 /* We have re-scheduled this call. */
2016 END_PROFILE(SMBctemp);
2019 reply_nterror(req, status);
2020 END_PROFILE(SMBctemp);
2024 reply_outbuf(req, 1, 0);
2025 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2027 /* the returned filename is relative to the directory */
2028 s = strrchr_m(fname, '/');
2036 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2037 thing in the byte section. JRA */
2038 SSVALS(p, 0, -1); /* what is this? not in spec */
2040 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2042 reply_nterror(req, NT_STATUS_NO_MEMORY);
2043 END_PROFILE(SMBctemp);
2047 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2048 SCVAL(req->outbuf, smb_flg,
2049 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2052 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2053 SCVAL(req->outbuf, smb_flg,
2054 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2057 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2058 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2059 (unsigned int)sbuf.st_mode ) );
2061 END_PROFILE(SMBctemp);
2065 /*******************************************************************
2066 Check if a user is allowed to rename a file.
2067 ********************************************************************/
2069 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2070 uint16 dirtype, SMB_STRUCT_STAT *pst)
2074 if (!CAN_WRITE(conn)) {
2075 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2078 fmode = dos_mode(conn, fsp->fsp_name, pst);
2079 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2080 return NT_STATUS_NO_SUCH_FILE;
2083 if (S_ISDIR(pst->st_mode)) {
2084 return NT_STATUS_OK;
2087 if (fsp->access_mask & DELETE_ACCESS) {
2088 return NT_STATUS_OK;
2091 return NT_STATUS_ACCESS_DENIED;
2094 /*******************************************************************
2095 * unlink a file with all relevant access checks
2096 *******************************************************************/
2098 static NTSTATUS do_unlink(connection_struct *conn, struct smb_request *req,
2099 char *fname, uint32 dirtype)
2101 SMB_STRUCT_STAT sbuf;
2104 uint32 dirtype_orig = dirtype;
2107 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2109 if (!CAN_WRITE(conn)) {
2110 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2113 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2114 return map_nt_error_from_unix(errno);
2117 fattr = dos_mode(conn,fname,&sbuf);
2119 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2120 dirtype = aDIR|aARCH|aRONLY;
2123 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2125 return NT_STATUS_NO_SUCH_FILE;
2128 if (!dir_check_ftype(conn, fattr, dirtype)) {
2130 return NT_STATUS_FILE_IS_A_DIRECTORY;
2132 return NT_STATUS_NO_SUCH_FILE;
2135 if (dirtype_orig & 0x8000) {
2136 /* These will never be set for POSIX. */
2137 return NT_STATUS_NO_SUCH_FILE;
2141 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2142 return NT_STATUS_FILE_IS_A_DIRECTORY;
2145 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2146 return NT_STATUS_NO_SUCH_FILE;
2149 if (dirtype & 0xFF00) {
2150 /* These will never be set for POSIX. */
2151 return NT_STATUS_NO_SUCH_FILE;
2156 return NT_STATUS_NO_SUCH_FILE;
2159 /* Can't delete a directory. */
2161 return NT_STATUS_FILE_IS_A_DIRECTORY;
2166 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2167 return NT_STATUS_OBJECT_NAME_INVALID;
2168 #endif /* JRATEST */
2170 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2172 On a Windows share, a file with read-only dosmode can be opened with
2173 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2174 fails with NT_STATUS_CANNOT_DELETE error.
2176 This semantic causes a problem that a user can not
2177 rename a file with read-only dosmode on a Samba share
2178 from a Windows command prompt (i.e. cmd.exe, but can rename
2179 from Windows Explorer).
2182 if (!lp_delete_readonly(SNUM(conn))) {
2183 if (fattr & aRONLY) {
2184 return NT_STATUS_CANNOT_DELETE;
2188 /* On open checks the open itself will check the share mode, so
2189 don't do it here as we'll get it wrong. */
2191 status = open_file_ntcreate(conn, req, fname, &sbuf,
2196 FILE_ATTRIBUTE_NORMAL,
2197 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2200 if (!NT_STATUS_IS_OK(status)) {
2201 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2202 nt_errstr(status)));
2206 /* The set is across all open files on this dev/inode pair. */
2207 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2208 close_file(fsp, NORMAL_CLOSE);
2209 return NT_STATUS_ACCESS_DENIED;
2212 return close_file(fsp,NORMAL_CLOSE);
2215 /****************************************************************************
2216 The guts of the unlink command, split out so it may be called by the NT SMB
2218 ****************************************************************************/
2220 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2221 uint32 dirtype, char *name, BOOL has_wild)
2227 NTSTATUS status = NT_STATUS_OK;
2228 SMB_STRUCT_STAT sbuf;
2230 *directory = *mask = 0;
2232 status = unix_convert(conn, name, has_wild, NULL, &sbuf);
2233 if (!NT_STATUS_IS_OK(status)) {
2237 p = strrchr_m(name,'/');
2239 pstrcpy(directory,".");
2243 pstrcpy(directory,name);
2248 * We should only check the mangled cache
2249 * here if unix_convert failed. This means
2250 * that the path in 'mask' doesn't exist
2251 * on the file system and so we need to look
2252 * for a possible mangle. This patch from
2253 * Tine Smukavec <valentin.smukavec@hermes.si>.
2256 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params))
2257 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
2260 pstrcat(directory,"/");
2261 pstrcat(directory,mask);
2263 dirtype = FILE_ATTRIBUTE_NORMAL;
2266 status = check_name(conn, directory);
2267 if (!NT_STATUS_IS_OK(status)) {
2271 status = do_unlink(conn, req, directory, dirtype);
2272 if (!NT_STATUS_IS_OK(status)) {
2278 struct smb_Dir *dir_hnd = NULL;
2282 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2283 return NT_STATUS_OBJECT_NAME_INVALID;
2286 if (strequal(mask,"????????.???")) {
2290 status = check_name(conn, directory);
2291 if (!NT_STATUS_IS_OK(status)) {
2295 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2296 if (dir_hnd == NULL) {
2297 return map_nt_error_from_unix(errno);
2300 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2301 the pattern matches against the long name, otherwise the short name
2302 We don't implement this yet XXXX
2305 status = NT_STATUS_NO_SUCH_FILE;
2307 while ((dname = ReadDirName(dir_hnd, &offset))) {
2310 pstrcpy(fname,dname);
2312 if (!is_visible_file(conn, directory, dname, &st, True)) {
2316 /* Quick check for "." and ".." */
2317 if (fname[0] == '.') {
2318 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2323 if(!mask_match(fname, mask, conn->case_sensitive)) {
2327 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2329 status = check_name(conn, fname);
2330 if (!NT_STATUS_IS_OK(status)) {
2335 status = do_unlink(conn, req, fname, dirtype);
2336 if (!NT_STATUS_IS_OK(status)) {
2341 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2347 if (count == 0 && NT_STATUS_IS_OK(status)) {
2348 status = map_nt_error_from_unix(errno);
2354 /****************************************************************************
2356 ****************************************************************************/
2358 void reply_unlink(connection_struct *conn, struct smb_request *req)
2363 BOOL path_contains_wcard = False;
2365 START_PROFILE(SMBunlink);
2368 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2369 END_PROFILE(SMBunlink);
2373 dirtype = SVAL(req->inbuf,smb_vwv0);
2375 srvstr_get_path_wcard((char *)req->inbuf, req->flags2, name,
2376 smb_buf(req->inbuf) + 1, sizeof(name), 0,
2377 STR_TERMINATE, &status, &path_contains_wcard);
2378 if (!NT_STATUS_IS_OK(status)) {
2379 reply_nterror(req, status);
2380 END_PROFILE(SMBunlink);
2384 status = resolve_dfspath_wcard(conn,
2385 req->flags2 & FLAGS2_DFS_PATHNAMES,
2386 name, &path_contains_wcard);
2387 if (!NT_STATUS_IS_OK(status)) {
2388 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2389 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2390 ERRSRV, ERRbadpath);
2391 END_PROFILE(SMBunlink);
2394 reply_nterror(req, status);
2395 END_PROFILE(SMBunlink);
2399 DEBUG(3,("reply_unlink : %s\n",name));
2401 status = unlink_internals(conn, req, dirtype, name,
2402 path_contains_wcard);
2403 if (!NT_STATUS_IS_OK(status)) {
2404 if (open_was_deferred(req->mid)) {
2405 /* We have re-scheduled this call. */
2406 END_PROFILE(SMBunlink);
2409 reply_nterror(req, status);
2410 END_PROFILE(SMBunlink);
2414 reply_outbuf(req, 0, 0);
2415 END_PROFILE(SMBunlink);
2420 /****************************************************************************
2422 ****************************************************************************/
2424 static void fail_readraw(void)
2427 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2429 exit_server_cleanly(errstr);
2432 /****************************************************************************
2433 Fake (read/write) sendfile. Returns -1 on read or write fail.
2434 ****************************************************************************/
2436 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2440 size_t tosend = nread;
2447 bufsize = MIN(nread, 65536);
2449 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2453 while (tosend > 0) {
2457 if (tosend > bufsize) {
2462 ret = read_file(fsp,buf,startpos,cur_read);
2468 /* If we had a short read, fill with zeros. */
2469 if (ret < cur_read) {
2470 memset(buf, '\0', cur_read - ret);
2473 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2478 startpos += cur_read;
2482 return (ssize_t)nread;
2485 /****************************************************************************
2486 Return a readbraw error (4 bytes of zero).
2487 ****************************************************************************/
2489 static void reply_readbraw_error(void)
2493 if (write_data(smbd_server_fd(),header,4) != 4) {
2498 /****************************************************************************
2499 Use sendfile in readbraw.
2500 ****************************************************************************/
2502 void send_file_readbraw(connection_struct *conn,
2508 char *outbuf = NULL;
2511 #if defined(WITH_SENDFILE)
2513 * We can only use sendfile on a non-chained packet
2514 * but we can use on a non-oplocked file. tridge proved this
2515 * on a train in Germany :-). JRA.
2516 * reply_readbraw has already checked the length.
2519 if ( (chain_size == 0) && (nread > 0) &&
2520 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2522 DATA_BLOB header_blob;
2524 _smb_setlen(header,nread);
2525 header_blob = data_blob_const(header, 4);
2527 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd,
2528 &header_blob, startpos, nread) == -1) {
2529 /* Returning ENOSYS means no data at all was sent.
2530 * Do this as a normal read. */
2531 if (errno == ENOSYS) {
2532 goto normal_readbraw;
2536 * Special hack for broken Linux with no working sendfile. If we
2537 * return EINTR we sent the header but not the rest of the data.
2538 * Fake this up by doing read/write calls.
2540 if (errno == EINTR) {
2541 /* Ensure we don't do this again. */
2542 set_use_sendfile(SNUM(conn), False);
2543 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2545 if (fake_sendfile(fsp, startpos, nread) == -1) {
2546 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2547 fsp->fsp_name, strerror(errno) ));
2548 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2553 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2554 fsp->fsp_name, strerror(errno) ));
2555 exit_server_cleanly("send_file_readbraw sendfile failed");
2564 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2566 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2567 (unsigned)(nread+4)));
2568 reply_readbraw_error();
2573 ret = read_file(fsp,outbuf+4,startpos,nread);
2574 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2583 _smb_setlen(outbuf,ret);
2584 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2587 TALLOC_FREE(outbuf);
2590 /****************************************************************************
2591 Reply to a readbraw (core+ protocol).
2592 ****************************************************************************/
2594 void reply_readbraw(connection_struct *conn, struct smb_request *req)
2596 ssize_t maxcount,mincount;
2603 START_PROFILE(SMBreadbraw);
2605 if (srv_is_signing_active()) {
2606 exit_server_cleanly("reply_readbraw: SMB signing is active - "
2607 "raw reads/writes are disallowed.");
2611 reply_readbraw_error();
2612 END_PROFILE(SMBreadbraw);
2617 * Special check if an oplock break has been issued
2618 * and the readraw request croses on the wire, we must
2619 * return a zero length response here.
2622 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2625 * We have to do a check_fsp by hand here, as
2626 * we must always return 4 zero bytes on error,
2630 if (!fsp || !conn || conn != fsp->conn ||
2631 current_user.vuid != fsp->vuid ||
2632 fsp->is_directory || fsp->fh->fd == -1) {
2634 * fsp could be NULL here so use the value from the packet. JRA.
2636 DEBUG(3,("reply_readbraw: fnum %d not valid "
2638 (int)SVAL(req->inbuf,smb_vwv0)));
2639 reply_readbraw_error();
2640 END_PROFILE(SMBreadbraw);
2644 /* Do a "by hand" version of CHECK_READ. */
2645 if (!(fsp->can_read ||
2646 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2647 (fsp->access_mask & FILE_EXECUTE)))) {
2648 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2649 (int)SVAL(req->inbuf,smb_vwv0)));
2650 reply_readbraw_error();
2651 END_PROFILE(SMBreadbraw);
2655 flush_write_cache(fsp, READRAW_FLUSH);
2657 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2658 if(req->wct == 10) {
2660 * This is a large offset (64 bit) read.
2662 #ifdef LARGE_SMB_OFF_T
2664 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2666 #else /* !LARGE_SMB_OFF_T */
2669 * Ensure we haven't been sent a >32 bit offset.
2672 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2673 DEBUG(0,("reply_readbraw: large offset "
2674 "(%x << 32) used and we don't support "
2675 "64 bit offsets.\n",
2676 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2677 reply_readbraw_error();
2678 END_PROFILE(SMBreadbraw);
2682 #endif /* LARGE_SMB_OFF_T */
2685 DEBUG(0,("reply_readbraw: negative 64 bit "
2686 "readraw offset (%.0f) !\n",
2687 (double)startpos ));
2688 reply_readbraw_error();
2689 END_PROFILE(SMBreadbraw);
2694 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2695 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2697 /* ensure we don't overrun the packet size */
2698 maxcount = MIN(65535,maxcount);
2700 if (is_locked(fsp,(uint32)req->smbpid,
2701 (SMB_BIG_UINT)maxcount,
2702 (SMB_BIG_UINT)startpos,
2704 reply_readbraw_error();
2705 END_PROFILE(SMBreadbraw);
2709 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2713 if (startpos >= size) {
2716 nread = MIN(maxcount,(size - startpos));
2719 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2720 if (nread < mincount)
2724 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2725 "min=%lu nread=%lu\n",
2726 fsp->fnum, (double)startpos,
2727 (unsigned long)maxcount,
2728 (unsigned long)mincount,
2729 (unsigned long)nread ) );
2731 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2733 DEBUG(5,("reply_readbraw finished\n"));
2734 END_PROFILE(SMBreadbraw);
2738 #define DBGC_CLASS DBGC_LOCKING
2740 /****************************************************************************
2741 Reply to a lockread (core+ protocol).
2742 ****************************************************************************/
2744 int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz)
2752 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
2753 struct byte_range_lock *br_lck = NULL;
2754 START_PROFILE(SMBlockread);
2756 CHECK_FSP(fsp,conn);
2757 if (!CHECK_READ(fsp,inbuf)) {
2758 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2761 release_level_2_oplocks_on_change(fsp);
2763 numtoread = SVAL(inbuf,smb_vwv1);
2764 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2766 outsize = set_message(inbuf,outbuf,5,3,True);
2767 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2768 data = smb_buf(outbuf) + 3;
2771 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2772 * protocol request that predates the read/write lock concept.
2773 * Thus instead of asking for a read lock here we need to ask
2774 * for a write lock. JRA.
2775 * Note that the requested lock size is unaffected by max_recv.
2778 br_lck = do_lock(smbd_messaging_context(),
2780 (uint32)SVAL(inbuf,smb_pid),
2781 (SMB_BIG_UINT)numtoread,
2782 (SMB_BIG_UINT)startpos,
2785 False, /* Non-blocking lock. */
2788 TALLOC_FREE(br_lck);
2790 if (NT_STATUS_V(status)) {
2791 END_PROFILE(SMBlockread);
2792 return ERROR_NT(status);
2796 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2799 if (numtoread > max_recv) {
2800 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2801 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2802 (unsigned int)numtoread, (unsigned int)max_recv ));
2803 numtoread = MIN(numtoread,max_recv);
2805 nread = read_file(fsp,data,startpos,numtoread);
2808 END_PROFILE(SMBlockread);
2809 return(UNIXERROR(ERRDOS,ERRnoaccess));
2813 SSVAL(outbuf,smb_vwv0,nread);
2814 SSVAL(outbuf,smb_vwv5,nread+3);
2815 SSVAL(smb_buf(outbuf),1,nread);
2817 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2818 fsp->fnum, (int)numtoread, (int)nread));
2820 END_PROFILE(SMBlockread);
2825 #define DBGC_CLASS DBGC_ALL
2827 /****************************************************************************
2829 ****************************************************************************/
2831 void reply_read(connection_struct *conn, struct smb_request *req)
2840 START_PROFILE(SMBread);
2843 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2844 END_PROFILE(SMBread);
2848 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2850 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2851 END_PROFILE(SMBread);
2855 if (!CHECK_READ(fsp,req->inbuf)) {
2856 reply_doserror(req, ERRDOS, ERRbadaccess);
2857 END_PROFILE(SMBread);
2861 numtoread = SVAL(req->inbuf,smb_vwv1);
2862 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2864 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2867 * The requested read size cannot be greater than max_recv. JRA.
2869 if (numtoread > max_recv) {
2870 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
2871 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2872 (unsigned int)numtoread, (unsigned int)max_recv ));
2873 numtoread = MIN(numtoread,max_recv);
2876 reply_outbuf(req, 5, numtoread+3);
2878 data = smb_buf(req->outbuf) + 3;
2880 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
2881 (SMB_BIG_UINT)startpos, READ_LOCK)) {
2882 reply_doserror(req, ERRDOS,ERRlock);
2883 END_PROFILE(SMBread);
2888 nread = read_file(fsp,data,startpos,numtoread);
2891 reply_unixerror(req, ERRDOS,ERRnoaccess);
2892 END_PROFILE(SMBread);
2896 set_message(NULL, (char *)req->outbuf, 5, nread+3, False);
2898 SSVAL(req->outbuf,smb_vwv0,nread);
2899 SSVAL(req->outbuf,smb_vwv5,nread+3);
2900 SCVAL(smb_buf(req->outbuf),0,1);
2901 SSVAL(smb_buf(req->outbuf),1,nread);
2903 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
2904 fsp->fnum, (int)numtoread, (int)nread ) );
2906 END_PROFILE(SMBread);
2910 /****************************************************************************
2912 ****************************************************************************/
2914 static int setup_readX_header(const uint8 *inbuf, uint8 *outbuf,
2920 outsize = set_message((char *)inbuf, (char *)outbuf,12,smb_maxcnt,
2922 data = smb_buf(outbuf);
2924 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2925 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
2926 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2927 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
2928 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
2929 SCVAL(outbuf,smb_vwv0,0xFF);
2930 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
2931 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
2935 /****************************************************************************
2936 Reply to a read and X - possibly using sendfile.
2937 ****************************************************************************/
2939 static void send_file_readX(connection_struct *conn, struct smb_request *req,
2940 files_struct *fsp, SMB_OFF_T startpos,
2943 SMB_STRUCT_STAT sbuf;
2946 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
2947 reply_unixerror(req, ERRDOS, ERRnoaccess);
2951 if (startpos > sbuf.st_size) {
2953 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
2954 smb_maxcnt = (sbuf.st_size - startpos);
2957 if (smb_maxcnt == 0) {
2961 #if defined(WITH_SENDFILE)
2963 * We can only use sendfile on a non-chained packet
2964 * but we can use on a non-oplocked file. tridge proved this
2965 * on a train in Germany :-). JRA.
2968 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
2969 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
2970 uint8 headerbuf[smb_size + 12 * 2];
2974 * Set up the packet header before send. We
2975 * assume here the sendfile will work (get the
2976 * correct amount of data).
2979 header = data_blob_const(headerbuf, sizeof(headerbuf));
2981 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
2982 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
2984 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
2985 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2986 if (errno == ENOSYS) {
2991 * Special hack for broken Linux with no working sendfile. If we
2992 * return EINTR we sent the header but not the rest of the data.
2993 * Fake this up by doing read/write calls.
2996 if (errno == EINTR) {
2997 /* Ensure we don't do this again. */
2998 set_use_sendfile(SNUM(conn), False);
2999 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3000 nread = fake_sendfile(fsp, startpos,
3003 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3004 fsp->fsp_name, strerror(errno) ));
3005 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3007 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3008 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3009 /* No outbuf here means successful sendfile. */
3010 TALLOC_FREE(req->outbuf);
3014 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3015 fsp->fsp_name, strerror(errno) ));
3016 exit_server_cleanly("send_file_readX sendfile failed");
3019 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3020 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3021 /* No outbuf here means successful sendfile. */
3022 TALLOC_FREE(req->outbuf);
3030 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3031 uint8 headerbuf[smb_size + 2*12];
3033 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3034 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
3036 /* Send out the header. */
3037 if (write_data(smbd_server_fd(), (char *)headerbuf,
3038 sizeof(headerbuf)) != sizeof(headerbuf)) {
3039 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3040 fsp->fsp_name, strerror(errno) ));
3041 exit_server_cleanly("send_file_readX sendfile failed");
3043 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3045 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3046 fsp->fsp_name, strerror(errno) ));
3047 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3049 TALLOC_FREE(req->outbuf);
3052 reply_outbuf(req, 12, smb_maxcnt);
3054 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3057 reply_unixerror(req, ERRDOS, ERRnoaccess);
3061 setup_readX_header(req->inbuf, req->outbuf, nread);
3063 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3064 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3066 chain_reply_new(req);
3072 /****************************************************************************
3073 Reply to a read and X.
3074 ****************************************************************************/
3076 void reply_read_and_X(connection_struct *conn, struct smb_request *req)
3081 BOOL big_readX = False;
3083 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3086 START_PROFILE(SMBreadX);
3088 if ((req->wct != 10) && (req->wct != 12)) {
3089 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3093 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3094 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3095 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3097 /* If it's an IPC, pass off the pipe handler. */
3099 reply_pipe_read_and_X(req);
3100 END_PROFILE(SMBreadX);
3104 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3105 END_PROFILE(SMBreadX);
3109 if (!CHECK_READ(fsp,req->inbuf)) {
3110 reply_doserror(req, ERRDOS,ERRbadaccess);
3111 END_PROFILE(SMBreadX);
3115 if (global_client_caps & CAP_LARGE_READX) {
3116 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3117 smb_maxcnt |= (upper_size<<16);
3118 if (upper_size > 1) {
3119 /* Can't do this on a chained packet. */
3120 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3121 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3122 END_PROFILE(SMBreadX);
3125 /* We currently don't do this on signed or sealed data. */
3126 if (srv_is_signing_active() || srv_encryption_on()) {
3127 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3128 END_PROFILE(SMBreadX);
3131 /* Is there room in the reply for this data ? */
3132 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3134 NT_STATUS_INVALID_PARAMETER);
3135 END_PROFILE(SMBreadX);
3142 if (req->wct == 12) {
3143 #ifdef LARGE_SMB_OFF_T
3145 * This is a large offset (64 bit) read.
3147 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3149 #else /* !LARGE_SMB_OFF_T */
3152 * Ensure we haven't been sent a >32 bit offset.
3155 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3156 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3157 "used and we don't support 64 bit offsets.\n",
3158 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3159 END_PROFILE(SMBreadX);
3160 reply_doserror(req, ERRDOS, ERRbadaccess);
3164 #endif /* LARGE_SMB_OFF_T */
3168 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3169 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3170 END_PROFILE(SMBreadX);
3171 reply_doserror(req, ERRDOS, ERRlock);
3176 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3177 END_PROFILE(SMBreadX);
3178 reply_post_legacy(req, -1);
3182 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3184 END_PROFILE(SMBreadX);
3188 /****************************************************************************
3189 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3190 ****************************************************************************/
3192 int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3195 ssize_t total_written=0;
3196 size_t numtowrite=0;
3201 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3204 START_PROFILE(SMBwritebraw);
3206 if (srv_is_signing_active()) {
3207 exit_server_cleanly("reply_writebraw: SMB signing is active - raw reads/writes are disallowed.");
3210 CHECK_FSP(fsp,conn);
3211 if (!CHECK_WRITE(fsp)) {
3212 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3215 tcount = IVAL(inbuf,smb_vwv1);
3216 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
3217 write_through = BITSETW(inbuf+smb_vwv7,0);
3219 /* We have to deal with slightly different formats depending
3220 on whether we are using the core+ or lanman1.0 protocol */
3222 if(Protocol <= PROTOCOL_COREPLUS) {
3223 numtowrite = SVAL(smb_buf(inbuf),-2);
3224 data = smb_buf(inbuf);
3226 numtowrite = SVAL(inbuf,smb_vwv10);
3227 data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
3230 /* force the error type */
3231 SCVAL(inbuf,smb_com,SMBwritec);
3232 SCVAL(outbuf,smb_com,SMBwritec);
3234 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3235 END_PROFILE(SMBwritebraw);
3236 return(ERROR_DOS(ERRDOS,ERRlock));
3240 nwritten = write_file(fsp,data,startpos,numtowrite);
3242 DEBUG(3,("writebraw1 fnum=%d start=%.0f num=%d wrote=%d sync=%d\n",
3243 fsp->fnum, (double)startpos, (int)numtowrite, (int)nwritten, (int)write_through));
3245 if (nwritten < (ssize_t)numtowrite) {
3246 END_PROFILE(SMBwritebraw);
3247 return(UNIXERROR(ERRHRD,ERRdiskfull));
3250 total_written = nwritten;
3252 /* Return a message to the redirector to tell it to send more bytes */
3253 SCVAL(outbuf,smb_com,SMBwritebraw);
3254 SSVALS(outbuf,smb_vwv0,-1);
3255 outsize = set_message(inbuf,outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3257 if (!send_smb(smbd_server_fd(),outbuf))
3258 exit_server_cleanly("reply_writebraw: send_smb failed.");
3260 /* Now read the raw data into the buffer and write it */
3261 if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
3262 exit_server_cleanly("secondary writebraw failed");
3265 /* Even though this is not an smb message, smb_len returns the generic length of an smb message */
3266 numtowrite = smb_len(inbuf);
3268 /* Set up outbuf to return the correct return */
3269 outsize = set_message(inbuf,outbuf,1,0,True);
3270 SCVAL(outbuf,smb_com,SMBwritec);
3272 if (numtowrite != 0) {
3274 if (numtowrite > BUFFER_SIZE) {
3275 DEBUG(0,("reply_writebraw: Oversize secondary write raw requested (%u). Terminating\n",
3276 (unsigned int)numtowrite ));
3277 exit_server_cleanly("secondary writebraw failed");
3280 if (tcount > nwritten+numtowrite) {
3281 DEBUG(3,("Client overestimated the write %d %d %d\n",
3282 (int)tcount,(int)nwritten,(int)numtowrite));
3285 if (read_data( smbd_server_fd(), inbuf+4, numtowrite) != numtowrite ) {
3286 DEBUG(0,("reply_writebraw: Oversize secondary write raw read failed (%s). Terminating\n",
3288 exit_server_cleanly("secondary writebraw failed");
3291 nwritten = write_file(fsp,inbuf+4,startpos+nwritten,numtowrite);
3292 if (nwritten == -1) {
3293 END_PROFILE(SMBwritebraw);
3294 return(UNIXERROR(ERRHRD,ERRdiskfull));
3297 if (nwritten < (ssize_t)numtowrite) {
3298 SCVAL(outbuf,smb_rcls,ERRHRD);
3299 SSVAL(outbuf,smb_err,ERRdiskfull);
3303 total_written += nwritten;
3306 SSVAL(outbuf,smb_vwv0,total_written);
3308 status = sync_file(conn, fsp, write_through);
3309 if (!NT_STATUS_IS_OK(status)) {
3310 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3311 fsp->fsp_name, nt_errstr(status) ));
3312 END_PROFILE(SMBwritebraw);
3313 return ERROR_NT(status);
3316 DEBUG(3,("writebraw2 fnum=%d start=%.0f num=%d wrote=%d\n",
3317 fsp->fnum, (double)startpos, (int)numtowrite,(int)total_written));
3319 /* we won't return a status if write through is not selected - this follows what WfWg does */
3320 END_PROFILE(SMBwritebraw);
3321 if (!write_through && total_written==tcount) {
3323 #if RABBIT_PELLET_FIX
3325 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3326 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
3328 if (!send_keepalive(smbd_server_fd()))
3329 exit_server_cleanly("reply_writebraw: send of keepalive failed");
3338 #define DBGC_CLASS DBGC_LOCKING
3340 /****************************************************************************
3341 Reply to a writeunlock (core+).
3342 ****************************************************************************/
3344 int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf,
3345 int size, int dum_buffsize)
3347 ssize_t nwritten = -1;
3351 NTSTATUS status = NT_STATUS_OK;
3352 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3354 START_PROFILE(SMBwriteunlock);
3356 CHECK_FSP(fsp,conn);
3357 if (!CHECK_WRITE(fsp)) {
3358 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3361 numtowrite = SVAL(inbuf,smb_vwv1);
3362 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3363 data = smb_buf(inbuf) + 3;
3365 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3366 END_PROFILE(SMBwriteunlock);
3367 return ERROR_DOS(ERRDOS,ERRlock);
3370 /* The special X/Open SMB protocol handling of
3371 zero length writes is *NOT* done for
3373 if(numtowrite == 0) {
3376 nwritten = write_file(fsp,data,startpos,numtowrite);
3379 status = sync_file(conn, fsp, False /* write through */);
3380 if (!NT_STATUS_IS_OK(status)) {
3381 END_PROFILE(SMBwriteunlock);
3382 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3383 fsp->fsp_name, nt_errstr(status) ));
3384 return ERROR_NT(status);
3387 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3388 END_PROFILE(SMBwriteunlock);
3389 return(UNIXERROR(ERRHRD,ERRdiskfull));
3393 status = do_unlock(smbd_messaging_context(),
3395 (uint32)SVAL(inbuf,smb_pid),
3396 (SMB_BIG_UINT)numtowrite,
3397 (SMB_BIG_UINT)startpos,
3400 if (NT_STATUS_V(status)) {
3401 END_PROFILE(SMBwriteunlock);
3402 return ERROR_NT(status);
3406 outsize = set_message(inbuf,outbuf,1,0,True);
3408 SSVAL(outbuf,smb_vwv0,nwritten);
3410 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3411 fsp->fnum, (int)numtowrite, (int)nwritten));
3413 END_PROFILE(SMBwriteunlock);
3418 #define DBGC_CLASS DBGC_ALL
3420 /****************************************************************************
3422 ****************************************************************************/
3424 void reply_write(connection_struct *conn, struct smb_request *req)
3427 ssize_t nwritten = -1;
3433 START_PROFILE(SMBwrite);
3436 END_PROFILE(SMBwrite);
3437 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3441 /* If it's an IPC, pass off the pipe handler. */
3443 reply_pipe_write(req);
3444 END_PROFILE(SMBwrite);
3448 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3450 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3454 if (!CHECK_WRITE(fsp)) {
3455 reply_doserror(req, ERRDOS, ERRbadaccess);
3456 END_PROFILE(SMBwrite);
3460 numtowrite = SVAL(req->inbuf,smb_vwv1);
3461 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3462 data = smb_buf(req->inbuf) + 3;
3464 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3465 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3466 reply_doserror(req, ERRDOS, ERRlock);
3467 END_PROFILE(SMBwrite);
3472 * X/Open SMB protocol says that if smb_vwv1 is
3473 * zero then the file size should be extended or
3474 * truncated to the size given in smb_vwv[2-3].
3477 if(numtowrite == 0) {
3479 * This is actually an allocate call, and set EOF. JRA.
3481 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3483 reply_nterror(req, NT_STATUS_DISK_FULL);
3484 END_PROFILE(SMBwrite);
3487 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3489 reply_nterror(req, NT_STATUS_DISK_FULL);
3490 END_PROFILE(SMBwrite);
3494 nwritten = write_file(fsp,data,startpos,numtowrite);
3496 status = sync_file(conn, fsp, False);
3497 if (!NT_STATUS_IS_OK(status)) {
3498 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3499 fsp->fsp_name, nt_errstr(status) ));
3500 reply_nterror(req, status);
3501 END_PROFILE(SMBwrite);
3505 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3506 reply_unixerror(req, ERRHRD, ERRdiskfull);
3507 END_PROFILE(SMBwrite);
3511 reply_outbuf(req, 1, 0);
3513 SSVAL(req->outbuf,smb_vwv0,nwritten);
3515 if (nwritten < (ssize_t)numtowrite) {
3516 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3517 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3520 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3522 END_PROFILE(SMBwrite);
3526 /****************************************************************************
3527 Reply to a write and X.
3528 ****************************************************************************/
3530 void reply_write_and_X(connection_struct *conn, struct smb_request *req)
3537 unsigned int smb_doff;
3538 unsigned int smblen;
3543 START_PROFILE(SMBwriteX);
3545 if ((req->wct != 12) && (req->wct != 14)) {
3546 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3547 END_PROFILE(SMBwriteX);
3551 numtowrite = SVAL(req->inbuf,smb_vwv10);
3552 smb_doff = SVAL(req->inbuf,smb_vwv11);
3553 smblen = smb_len(req->inbuf);
3554 large_writeX = ((req->wct == 14) && (smblen > 0xFFFF));
3556 /* Deal with possible LARGE_WRITEX */
3558 numtowrite |= ((((size_t)SVAL(req->inbuf,smb_vwv9)) & 1 )<<16);
3561 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3562 reply_doserror(req, ERRDOS, ERRbadmem);
3563 END_PROFILE(SMBwriteX);
3567 /* If it's an IPC, pass off the pipe handler. */
3569 reply_pipe_write_and_X(req);
3570 END_PROFILE(SMBwriteX);
3574 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3575 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3576 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3578 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3579 END_PROFILE(SMBwriteX);
3583 if (!CHECK_WRITE(fsp)) {
3584 reply_doserror(req, ERRDOS, ERRbadaccess);
3585 END_PROFILE(SMBwriteX);
3589 data = smb_base(req->inbuf) + smb_doff;
3591 if(req->wct == 14) {
3592 #ifdef LARGE_SMB_OFF_T
3594 * This is a large offset (64 bit) write.
3596 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3598 #else /* !LARGE_SMB_OFF_T */
3601 * Ensure we haven't been sent a >32 bit offset.
3604 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3605 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3606 "used and we don't support 64 bit offsets.\n",
3607 (unsigned int)IVAL(inbuf,smb_vwv12) ));
3608 reply_doserror(req, ERRDOS, ERRbadaccess);
3609 END_PROFILE(SMBwriteX);
3613 #endif /* LARGE_SMB_OFF_T */
3616 if (is_locked(fsp,(uint32)req->smbpid,
3617 (SMB_BIG_UINT)numtowrite,
3618 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3619 reply_doserror(req, ERRDOS, ERRlock);
3620 END_PROFILE(SMBwriteX);
3624 /* X/Open SMB protocol says that, unlike SMBwrite
3625 if the length is zero then NO truncation is
3626 done, just a write of zero. To truncate a file,
3629 if(numtowrite == 0) {
3633 if (schedule_aio_write_and_X(conn, req, fsp, data, startpos,
3635 END_PROFILE(SMBwriteX);
3639 nwritten = write_file(fsp,data,startpos,numtowrite);
3642 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3643 reply_unixerror(req, ERRHRD, ERRdiskfull);
3644 END_PROFILE(SMBwriteX);
3648 reply_outbuf(req, 6, 0);
3649 SSVAL(req->outbuf,smb_vwv2,nwritten);
3651 SSVAL(req->outbuf,smb_vwv4,(nwritten>>16)&1);
3653 if (nwritten < (ssize_t)numtowrite) {
3654 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3655 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3658 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3659 fsp->fnum, (int)numtowrite, (int)nwritten));
3661 status = sync_file(conn, fsp, write_through);
3662 if (!NT_STATUS_IS_OK(status)) {
3663 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
3664 fsp->fsp_name, nt_errstr(status) ));
3665 reply_nterror(req, status);
3666 END_PROFILE(SMBwriteX);
3670 END_PROFILE(SMBwriteX);
3671 chain_reply_new(req);
3675 /****************************************************************************
3677 ****************************************************************************/
3679 void reply_lseek(connection_struct *conn, struct smb_request *req)
3686 START_PROFILE(SMBlseek);
3689 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3690 END_PROFILE(SMBlseek);
3694 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3696 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3700 flush_write_cache(fsp, SEEK_FLUSH);
3702 mode = SVAL(req->inbuf,smb_vwv1) & 3;
3703 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3704 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
3713 res = fsp->fh->pos + startpos;
3724 if (umode == SEEK_END) {
3725 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
3726 if(errno == EINVAL) {
3727 SMB_OFF_T current_pos = startpos;
3728 SMB_STRUCT_STAT sbuf;
3730 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3731 reply_unixerror(req, ERRDOS,
3733 END_PROFILE(SMBlseek);
3737 current_pos += sbuf.st_size;
3739 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
3744 reply_unixerror(req, ERRDOS, ERRnoaccess);
3745 END_PROFILE(SMBlseek);
3752 reply_outbuf(req, 2, 0);
3753 SIVAL(req->outbuf,smb_vwv0,res);
3755 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
3756 fsp->fnum, (double)startpos, (double)res, mode));
3758 END_PROFILE(SMBlseek);
3762 /****************************************************************************
3764 ****************************************************************************/
3766 void reply_flush(connection_struct *conn, struct smb_request *req)
3771 START_PROFILE(SMBflush);
3774 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3778 fnum = SVAL(req->inbuf,smb_vwv0);
3779 fsp = file_fsp(fnum);
3781 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
3786 file_sync_all(conn);
3788 NTSTATUS status = sync_file(conn, fsp, True);
3789 if (!NT_STATUS_IS_OK(status)) {
3790 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
3791 fsp->fsp_name, nt_errstr(status) ));
3792 reply_nterror(req, status);
3793 END_PROFILE(SMBflush);
3798 reply_outbuf(req, 0, 0);
3800 DEBUG(3,("flush\n"));
3801 END_PROFILE(SMBflush);
3805 /****************************************************************************
3807 conn POINTER CAN BE NULL HERE !
3808 ****************************************************************************/
3810 void reply_exit(connection_struct *conn, struct smb_request *req)
3812 START_PROFILE(SMBexit);
3814 file_close_pid(req->smbpid, req->vuid);
3816 reply_outbuf(req, 0, 0);
3818 DEBUG(3,("exit\n"));
3820 END_PROFILE(SMBexit);
3824 /****************************************************************************
3825 Reply to a close - has to deal with closing a directory opened by NT SMB's.
3826 ****************************************************************************/
3828 void reply_close(connection_struct *conn, struct smb_request *req)
3830 NTSTATUS status = NT_STATUS_OK;
3831 files_struct *fsp = NULL;
3832 START_PROFILE(SMBclose);
3835 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3836 END_PROFILE(SMBclose);
3840 /* If it's an IPC, pass off to the pipe handler. */
3842 reply_pipe_close(conn, req);
3843 END_PROFILE(SMBclose);
3847 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3850 * We can only use CHECK_FSP if we know it's not a directory.
3853 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
3854 reply_doserror(req, ERRDOS, ERRbadfid);
3855 END_PROFILE(SMBclose);
3859 if(fsp->is_directory) {
3861 * Special case - close NT SMB directory handle.
3863 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
3864 status = close_file(fsp,NORMAL_CLOSE);
3867 * Close ordinary file.
3870 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
3871 fsp->fh->fd, fsp->fnum,
3872 conn->num_files_open));
3875 * Take care of any time sent in the close.
3878 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
3879 srv_make_unix_date3(
3880 req->inbuf+smb_vwv1)));
3883 * close_file() returns the unix errno if an error
3884 * was detected on close - normally this is due to
3885 * a disk full error. If not then it was probably an I/O error.
3888 status = close_file(fsp,NORMAL_CLOSE);
3891 if (!NT_STATUS_IS_OK(status)) {
3892 reply_nterror(req, status);
3893 END_PROFILE(SMBclose);
3897 reply_outbuf(req, 0, 0);
3898 END_PROFILE(SMBclose);
3902 /****************************************************************************
3903 Reply to a writeclose (Core+ protocol).
3904 ****************************************************************************/
3906 void reply_writeclose(connection_struct *conn, struct smb_request *req)
3909 ssize_t nwritten = -1;
3910 NTSTATUS close_status = NT_STATUS_OK;
3913 struct timespec mtime;
3916 START_PROFILE(SMBwriteclose);
3919 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3920 END_PROFILE(SMBwriteclose);
3924 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3926 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3927 END_PROFILE(SMBwriteclose);
3930 if (!CHECK_WRITE(fsp)) {
3931 reply_doserror(req, ERRDOS,ERRbadaccess);
3932 END_PROFILE(SMBwriteclose);
3936 numtowrite = SVAL(req->inbuf,smb_vwv1);
3937 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3938 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
3939 req->inbuf+smb_vwv4));
3940 data = smb_buf(req->inbuf) + 1;
3943 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3944 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3945 reply_doserror(req, ERRDOS,ERRlock);
3946 END_PROFILE(SMBwriteclose);
3950 nwritten = write_file(fsp,data,startpos,numtowrite);
3952 set_filetime(conn, fsp->fsp_name, mtime);
3955 * More insanity. W2K only closes the file if writelen > 0.
3960 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
3962 close_status = close_file(fsp,NORMAL_CLOSE);
3965 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
3966 fsp->fnum, (int)numtowrite, (int)nwritten,
3967 conn->num_files_open));
3969 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3970 reply_doserror(req, ERRHRD, ERRdiskfull);
3971 END_PROFILE(SMBwriteclose);
3975 if(!NT_STATUS_IS_OK(close_status)) {
3976 reply_nterror(req, close_status);
3977 END_PROFILE(SMBwriteclose);
3981 reply_outbuf(req, 1, 0);
3983 SSVAL(req->outbuf,smb_vwv0,nwritten);
3984 END_PROFILE(SMBwriteclose);
3989 #define DBGC_CLASS DBGC_LOCKING
3991 /****************************************************************************
3993 ****************************************************************************/
3995 void reply_lock(connection_struct *conn, struct smb_request *req)
3997 SMB_BIG_UINT count,offset;
4000 struct byte_range_lock *br_lck = NULL;
4002 START_PROFILE(SMBlock);
4005 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4006 END_PROFILE(SMBlock);
4010 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4012 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4013 END_PROFILE(SMBlock);
4017 release_level_2_oplocks_on_change(fsp);
4019 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4020 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4022 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4023 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4025 br_lck = do_lock(smbd_messaging_context(),
4032 False, /* Non-blocking lock. */
4036 TALLOC_FREE(br_lck);
4038 if (NT_STATUS_V(status)) {
4039 reply_nterror(req, status);
4040 END_PROFILE(SMBlock);
4044 reply_outbuf(req, 0, 0);
4046 END_PROFILE(SMBlock);
4050 /****************************************************************************
4052 ****************************************************************************/
4054 void reply_unlock(connection_struct *conn, struct smb_request *req)
4056 SMB_BIG_UINT count,offset;
4060 START_PROFILE(SMBunlock);
4063 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4064 END_PROFILE(SMBunlock);
4068 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4070 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4071 END_PROFILE(SMBunlock);
4075 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4076 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4078 status = do_unlock(smbd_messaging_context(),
4085 if (NT_STATUS_V(status)) {
4086 reply_nterror(req, status);
4087 END_PROFILE(SMBunlock);
4091 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4092 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4094 reply_outbuf(req, 0, 0);
4096 END_PROFILE(SMBunlock);
4101 #define DBGC_CLASS DBGC_ALL
4103 /****************************************************************************
4105 conn POINTER CAN BE NULL HERE !
4106 ****************************************************************************/
4108 void reply_tdis(connection_struct *conn, struct smb_request *req)
4110 START_PROFILE(SMBtdis);
4113 DEBUG(4,("Invalid connection in tdis\n"));
4114 reply_doserror(req, ERRSRV, ERRinvnid);
4115 END_PROFILE(SMBtdis);
4121 close_cnum(conn,req->vuid);
4123 reply_outbuf(req, 0, 0);
4124 END_PROFILE(SMBtdis);
4128 /****************************************************************************
4130 conn POINTER CAN BE NULL HERE !
4131 ****************************************************************************/
4133 void reply_echo(connection_struct *conn, struct smb_request *req)
4137 unsigned int data_len = smb_buflen(req->inbuf);
4139 START_PROFILE(SMBecho);
4142 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4143 END_PROFILE(SMBecho);
4147 if (data_len > BUFFER_SIZE) {
4148 DEBUG(0,("reply_echo: data_len too large.\n"));
4149 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4150 END_PROFILE(SMBecho);
4154 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4156 reply_outbuf(req, 1, data_len);
4158 /* copy any incoming data back out */
4160 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4163 if (smb_reverb > 100) {
4164 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4168 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4169 SSVAL(req->outbuf,smb_vwv0,seq_num);
4171 show_msg((char *)req->outbuf);
4172 if (!send_smb(smbd_server_fd(),(char *)req->outbuf))
4173 exit_server_cleanly("reply_echo: send_smb failed.");
4176 DEBUG(3,("echo %d times\n", smb_reverb));
4178 TALLOC_FREE(req->outbuf);
4182 END_PROFILE(SMBecho);
4186 /****************************************************************************
4187 Reply to a printopen.
4188 ****************************************************************************/
4190 void reply_printopen(connection_struct *conn, struct smb_request *req)
4195 START_PROFILE(SMBsplopen);
4198 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4199 END_PROFILE(SMBsplopen);
4203 if (!CAN_PRINT(conn)) {
4204 reply_doserror(req, ERRDOS, ERRnoaccess);
4205 END_PROFILE(SMBsplopen);
4209 /* Open for exclusive use, write only. */
4210 status = print_fsp_open(conn, NULL, &fsp);
4212 if (!NT_STATUS_IS_OK(status)) {
4213 reply_nterror(req, status);
4214 END_PROFILE(SMBsplopen);
4218 reply_outbuf(req, 1, 0);
4219 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4221 DEBUG(3,("openprint fd=%d fnum=%d\n",
4222 fsp->fh->fd, fsp->fnum));
4224 END_PROFILE(SMBsplopen);
4228 /****************************************************************************
4229 Reply to a printclose.
4230 ****************************************************************************/
4232 void reply_printclose(connection_struct *conn, struct smb_request *req)
4237 START_PROFILE(SMBsplclose);
4240 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4241 END_PROFILE(SMBsplclose);
4245 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4247 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4248 END_PROFILE(SMBsplclose);
4252 if (!CAN_PRINT(conn)) {
4253 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4254 END_PROFILE(SMBsplclose);
4258 DEBUG(3,("printclose fd=%d fnum=%d\n",
4259 fsp->fh->fd,fsp->fnum));
4261 status = close_file(fsp,NORMAL_CLOSE);
4263 if(!NT_STATUS_IS_OK(status)) {
4264 reply_nterror(req, status);
4265 END_PROFILE(SMBsplclose);
4269 END_PROFILE(SMBsplclose);
4273 /****************************************************************************
4274 Reply to a printqueue.
4275 ****************************************************************************/
4277 void reply_printqueue(connection_struct *conn, struct smb_request *req)
4282 START_PROFILE(SMBsplretq);
4285 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4286 END_PROFILE(SMBsplretq);
4290 max_count = SVAL(req->inbuf,smb_vwv0);
4291 start_index = SVAL(req->inbuf,smb_vwv1);
4293 /* we used to allow the client to get the cnum wrong, but that
4294 is really quite gross and only worked when there was only
4295 one printer - I think we should now only accept it if they
4296 get it right (tridge) */
4297 if (!CAN_PRINT(conn)) {
4298 reply_doserror(req, ERRDOS, ERRnoaccess);
4299 END_PROFILE(SMBsplretq);
4303 reply_outbuf(req, 2, 3);
4304 SSVAL(req->outbuf,smb_vwv0,0);
4305 SSVAL(req->outbuf,smb_vwv1,0);
4306 SCVAL(smb_buf(req->outbuf),0,1);
4307 SSVAL(smb_buf(req->outbuf),1,0);
4309 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4310 start_index, max_count));
4313 print_queue_struct *queue = NULL;
4314 print_status_struct status;
4315 int count = print_queue_status(SNUM(conn), &queue, &status);
4316 int num_to_get = ABS(max_count);
4317 int first = (max_count>0?start_index:start_index+max_count+1);
4323 num_to_get = MIN(num_to_get,count-first);
4326 for (i=first;i<first+num_to_get;i++) {
4330 srv_put_dos_date2(p,0,queue[i].time);
4331 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4332 SSVAL(p,5, queue[i].job);
4333 SIVAL(p,7,queue[i].size);
4335 srvstr_push(blob, req->flags2, p+12,
4336 queue[i].fs_user, 16, STR_ASCII);
4338 if (message_push_blob(
4341 blob, sizeof(blob))) == -1) {
4342 reply_nterror(req, NT_STATUS_NO_MEMORY);
4343 END_PROFILE(SMBsplretq);
4349 SSVAL(req->outbuf,smb_vwv0,count);
4350 SSVAL(req->outbuf,smb_vwv1,
4351 (max_count>0?first+count:first-1));
4352 SCVAL(smb_buf(req->outbuf),0,1);
4353 SSVAL(smb_buf(req->outbuf),1,28*count);
4358 DEBUG(3,("%d entries returned in queue\n",count));
4361 END_PROFILE(SMBsplretq);
4365 /****************************************************************************
4366 Reply to a printwrite.
4367 ****************************************************************************/
4369 void reply_printwrite(connection_struct *conn, struct smb_request *req)
4375 START_PROFILE(SMBsplwr);
4378 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4379 END_PROFILE(SMBsplwr);
4383 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4385 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4386 END_PROFILE(SMBsplwr);
4390 if (!CAN_PRINT(conn)) {
4391 reply_doserror(req, ERRDOS, ERRnoaccess);
4392 END_PROFILE(SMBsplwr);
4396 if (!CHECK_WRITE(fsp)) {
4397 reply_doserror(req, ERRDOS, ERRbadaccess);
4398 END_PROFILE(SMBsplwr);
4402 numtowrite = SVAL(smb_buf(req->inbuf),1);
4404 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4405 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4406 END_PROFILE(SMBsplwr);
4410 data = smb_buf(req->inbuf) + 3;
4412 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
4413 reply_unixerror(req, ERRHRD, ERRdiskfull);
4414 END_PROFILE(SMBsplwr);
4418 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4420 END_PROFILE(SMBsplwr);
4424 /****************************************************************************
4426 ****************************************************************************/
4428 void reply_mkdir(connection_struct *conn, struct smb_request *req)
4432 SMB_STRUCT_STAT sbuf;
4434 START_PROFILE(SMBmkdir);
4436 srvstr_get_path((char *)req->inbuf, req->flags2, directory,
4437 smb_buf(req->inbuf) + 1, sizeof(directory), 0,
4438 STR_TERMINATE, &status);
4439 if (!NT_STATUS_IS_OK(status)) {
4440 reply_nterror(req, status);
4441 END_PROFILE(SMBmkdir);
4445 status = resolve_dfspath(conn,
4446 req->flags2 & FLAGS2_DFS_PATHNAMES,
4448 if (!NT_STATUS_IS_OK(status)) {
4449 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4450 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4451 ERRSRV, ERRbadpath);
4452 END_PROFILE(SMBmkdir);
4455 reply_nterror(req, status);
4456 END_PROFILE(SMBmkdir);
4460 status = unix_convert(conn, directory, False, NULL, &sbuf);
4461 if (!NT_STATUS_IS_OK(status)) {
4462 reply_nterror(req, status);
4463 END_PROFILE(SMBmkdir);
4467 status = check_name(conn, directory);
4468 if (!NT_STATUS_IS_OK(status)) {
4469 reply_nterror(req, status);
4470 END_PROFILE(SMBmkdir);
4474 status = create_directory(conn, directory);
4476 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4478 if (!NT_STATUS_IS_OK(status)) {
4480 if (!use_nt_status()
4481 && NT_STATUS_EQUAL(status,
4482 NT_STATUS_OBJECT_NAME_COLLISION)) {
4484 * Yes, in the DOS error code case we get a
4485 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4486 * samba4 torture test.
4488 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4491 reply_nterror(req, status);
4492 END_PROFILE(SMBmkdir);
4496 reply_outbuf(req, 0, 0);
4498 DEBUG( 3, ( "mkdir %s\n", directory ) );
4500 END_PROFILE(SMBmkdir);
4504 /****************************************************************************
4505 Static function used by reply_rmdir to delete an entire directory
4506 tree recursively. Return True on ok, False on fail.
4507 ****************************************************************************/
4509 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
4511 const char *dname = NULL;
4514 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4519 while((dname = ReadDirName(dir_hnd, &offset))) {
4523 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4526 if (!is_visible_file(conn, directory, dname, &st, False))
4529 /* Construct the full name. */
4530 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4536 pstrcpy(fullname, directory);
4537 pstrcat(fullname, "/");
4538 pstrcat(fullname, dname);
4540 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4545 if(st.st_mode & S_IFDIR) {
4546 if(!recursive_rmdir(conn, fullname)) {
4550 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4554 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4563 /****************************************************************************
4564 The internals of the rmdir code - called elsewhere.
4565 ****************************************************************************/
4567 NTSTATUS rmdir_internals(connection_struct *conn, const char *directory)
4572 /* Might be a symlink. */
4573 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4574 return map_nt_error_from_unix(errno);
4577 if (S_ISLNK(st.st_mode)) {
4578 /* Is what it points to a directory ? */
4579 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4580 return map_nt_error_from_unix(errno);
4582 if (!(S_ISDIR(st.st_mode))) {
4583 return NT_STATUS_NOT_A_DIRECTORY;
4585 ret = SMB_VFS_UNLINK(conn,directory);
4587 ret = SMB_VFS_RMDIR(conn,directory);
4590 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4591 FILE_NOTIFY_CHANGE_DIR_NAME,
4593 return NT_STATUS_OK;
4596 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4598 * Check to see if the only thing in this directory are
4599 * vetoed files/directories. If so then delete them and
4600 * retry. If we fail to delete any of them (and we *don't*
4601 * do a recursive delete) then fail the rmdir.
4605 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4607 if(dir_hnd == NULL) {
4612 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4613 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4615 if (!is_visible_file(conn, directory, dname, &st, False))
4617 if(!IS_VETO_PATH(conn, dname)) {
4624 /* We only have veto files/directories. Recursive delete. */
4626 RewindDir(dir_hnd,&dirpos);
4627 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4630 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4632 if (!is_visible_file(conn, directory, dname, &st, False))
4635 /* Construct the full name. */
4636 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4641 pstrcpy(fullname, directory);
4642 pstrcat(fullname, "/");
4643 pstrcat(fullname, dname);
4645 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
4647 if(st.st_mode & S_IFDIR) {
4648 if(lp_recursive_veto_delete(SNUM(conn))) {
4649 if(!recursive_rmdir(conn, fullname))
4652 if(SMB_VFS_RMDIR(conn,fullname) != 0)
4654 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
4658 /* Retry the rmdir */
4659 ret = SMB_VFS_RMDIR(conn,directory);
4665 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
4666 "%s\n", directory,strerror(errno)));
4667 return map_nt_error_from_unix(errno);
4670 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4671 FILE_NOTIFY_CHANGE_DIR_NAME,
4674 return NT_STATUS_OK;
4677 /****************************************************************************
4679 ****************************************************************************/
4681 void reply_rmdir(connection_struct *conn, struct smb_request *req)
4684 SMB_STRUCT_STAT sbuf;
4686 START_PROFILE(SMBrmdir);
4688 srvstr_get_path((char *)req->inbuf, req->flags2, directory,
4689 smb_buf(req->inbuf) + 1, sizeof(directory), 0,
4690 STR_TERMINATE, &status);
4691 if (!NT_STATUS_IS_OK(status)) {
4692 reply_nterror(req, status);
4693 END_PROFILE(SMBrmdir);
4697 status = resolve_dfspath(conn,
4698 req->flags2 & FLAGS2_DFS_PATHNAMES,
4700 if (!NT_STATUS_IS_OK(status)) {
4701 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4702 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4703 ERRSRV, ERRbadpath);
4704 END_PROFILE(SMBrmdir);
4707 reply_nterror(req, status);
4708 END_PROFILE(SMBrmdir);
4712 status = unix_convert(conn, directory, False, NULL, &sbuf);
4713 if (!NT_STATUS_IS_OK(status)) {
4714 reply_nterror(req, status);
4715 END_PROFILE(SMBrmdir);
4719 status = check_name(conn, directory);
4720 if (!NT_STATUS_IS_OK(status)) {
4721 reply_nterror(req, status);
4722 END_PROFILE(SMBrmdir);
4726 dptr_closepath(directory, req->smbpid);
4727 status = rmdir_internals(conn, directory);
4728 if (!NT_STATUS_IS_OK(status)) {
4729 reply_nterror(req, status);
4730 END_PROFILE(SMBrmdir);
4734 reply_outbuf(req, 0, 0);
4736 DEBUG( 3, ( "rmdir %s\n", directory ) );
4738 END_PROFILE(SMBrmdir);
4742 /*******************************************************************
4743 Resolve wildcards in a filename rename.
4744 Note that name is in UNIX charset and thus potentially can be more
4745 than fstring buffer (255 bytes) especially in default UTF-8 case.
4746 Therefore, we use pstring inside and all calls should ensure that
4747 name2 is at least pstring-long (they do already)
4748 ********************************************************************/
4750 static BOOL resolve_wildcards(const char *name1, char *name2)
4752 pstring root1,root2;
4754 char *p,*p2, *pname1, *pname2;
4755 int available_space, actual_space;
4757 pname1 = strrchr_m(name1,'/');
4758 pname2 = strrchr_m(name2,'/');
4760 if (!pname1 || !pname2)
4763 pstrcpy(root1,pname1);
4764 pstrcpy(root2,pname2);
4765 p = strrchr_m(root1,'.');
4772 p = strrchr_m(root2,'.');
4786 } else if (*p2 == '*') {
4802 } else if (*p2 == '*') {
4812 available_space = sizeof(pstring) - PTR_DIFF(pname2, name2);
4815 actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
4816 if (actual_space >= available_space - 1) {
4817 DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n",
4818 actual_space - available_space));
4821 pstrcpy_base(pname2, root2, name2);
4827 /****************************************************************************
4828 Ensure open files have their names updated. Updated to notify other smbd's
4830 ****************************************************************************/
4832 static void rename_open_files(connection_struct *conn,
4833 struct share_mode_lock *lck,
4834 const char *newname)
4837 BOOL did_rename = False;
4839 for(fsp = file_find_di_first(lck->id); fsp;
4840 fsp = file_find_di_next(fsp)) {
4841 /* fsp_name is a relative path under the fsp. To change this for other
4842 sharepaths we need to manipulate relative paths. */
4843 /* TODO - create the absolute path and manipulate the newname
4844 relative to the sharepath. */
4845 if (fsp->conn != conn) {
4848 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
4849 fsp->fnum, file_id_static_string(&fsp->file_id),
4850 fsp->fsp_name, newname ));
4851 string_set(&fsp->fsp_name, newname);
4856 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
4857 file_id_static_string(&lck->id), newname ));
4860 /* Send messages to all smbd's (not ourself) that the name has changed. */
4861 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
4865 /****************************************************************************
4866 We need to check if the source path is a parent directory of the destination
4867 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
4868 refuse the rename with a sharing violation. Under UNIX the above call can
4869 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
4870 probably need to check that the client is a Windows one before disallowing
4871 this as a UNIX client (one with UNIX extensions) can know the source is a
4872 symlink and make this decision intelligently. Found by an excellent bug
4873 report from <AndyLiebman@aol.com>.
4874 ****************************************************************************/
4876 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
4878 const char *psrc = src;
4879 const char *pdst = dest;
4882 if (psrc[0] == '.' && psrc[1] == '/') {
4885 if (pdst[0] == '.' && pdst[1] == '/') {
4888 if ((slen = strlen(psrc)) > strlen(pdst)) {
4891 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
4895 * Do the notify calls from a rename
4898 static void notify_rename(connection_struct *conn, BOOL is_dir,
4899 const char *oldpath, const char *newpath)
4901 char *olddir, *newdir;
4902 const char *oldname, *newname;
4905 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
4906 : FILE_NOTIFY_CHANGE_FILE_NAME;
4908 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
4909 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
4910 TALLOC_FREE(olddir);
4914 if (strcmp(olddir, newdir) == 0) {
4915 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
4916 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
4919 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
4920 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
4922 TALLOC_FREE(olddir);
4923 TALLOC_FREE(newdir);
4925 /* this is a strange one. w2k3 gives an additional event for
4926 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
4927 files, but not directories */
4929 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
4930 FILE_NOTIFY_CHANGE_ATTRIBUTES
4931 |FILE_NOTIFY_CHANGE_CREATION,
4936 /****************************************************************************
4937 Rename an open file - given an fsp.
4938 ****************************************************************************/
4940 NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, pstring newname, uint32 attrs, BOOL replace_if_exists)
4942 SMB_STRUCT_STAT sbuf, sbuf1;
4943 pstring newname_last_component;
4944 NTSTATUS status = NT_STATUS_OK;
4945 struct share_mode_lock *lck = NULL;
4950 status = unix_convert(conn, newname, False, newname_last_component, &sbuf);
4952 /* If an error we expect this to be NT_STATUS_OBJECT_PATH_NOT_FOUND */
4954 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(NT_STATUS_OBJECT_PATH_NOT_FOUND, status)) {
4958 status = check_name(conn, newname);
4959 if (!NT_STATUS_IS_OK(status)) {
4963 /* Ensure newname contains a '/' */
4964 if(strrchr_m(newname,'/') == 0) {
4967 pstrcpy(tmpstr, "./");
4968 pstrcat(tmpstr, newname);
4969 pstrcpy(newname, tmpstr);
4973 * Check for special case with case preserving and not
4974 * case sensitive. If the old last component differs from the original
4975 * last component only by case, then we should allow
4976 * the rename (user is trying to change the case of the
4980 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
4981 strequal(newname, fsp->fsp_name)) {
4983 pstring newname_modified_last_component;
4986 * Get the last component of the modified name.
4987 * Note that we guarantee that newname contains a '/'
4990 p = strrchr_m(newname,'/');
4991 pstrcpy(newname_modified_last_component,p+1);
4993 if(strcsequal(newname_modified_last_component,
4994 newname_last_component) == False) {
4996 * Replace the modified last component with
4999 pstrcpy(p+1, newname_last_component);
5004 * If the src and dest names are identical - including case,
5005 * don't do the rename, just return success.
5008 if (strcsequal(fsp->fsp_name, newname)) {
5009 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5011 return NT_STATUS_OK;
5015 * Have vfs_object_exist also fill sbuf1
5017 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5019 if(!replace_if_exists && dst_exists) {
5020 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5021 fsp->fsp_name,newname));
5022 return NT_STATUS_OBJECT_NAME_COLLISION;
5026 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5027 files_struct *dst_fsp = file_find_di_first(fileid);
5029 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5030 return NT_STATUS_ACCESS_DENIED;
5034 /* Ensure we have a valid stat struct for the source. */
5035 if (fsp->fh->fd != -1) {
5036 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) == -1) {
5037 return map_nt_error_from_unix(errno);
5040 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5041 return map_nt_error_from_unix(errno);
5045 status = can_rename(conn, fsp, attrs, &sbuf);
5047 if (!NT_STATUS_IS_OK(status)) {
5048 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5049 nt_errstr(status), fsp->fsp_name,newname));
5050 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5051 status = NT_STATUS_ACCESS_DENIED;
5055 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5056 return NT_STATUS_ACCESS_DENIED;
5059 lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
5062 * We have the file open ourselves, so not being able to get the
5063 * corresponding share mode lock is a fatal error.
5066 SMB_ASSERT(lck != NULL);
5068 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5069 uint32 create_options = fsp->fh->private_options;
5071 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5072 fsp->fsp_name,newname));
5074 rename_open_files(conn, lck, newname);
5076 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5079 * A rename acts as a new file create w.r.t. allowing an initial delete
5080 * on close, probably because in Windows there is a new handle to the
5081 * new file. If initial delete on close was requested but not
5082 * originally set, we need to set it here. This is probably not 100% correct,
5083 * but will work for the CIFSFS client which in non-posix mode
5084 * depends on these semantics. JRA.
5087 set_allow_initial_delete_on_close(lck, fsp, True);
5089 if (create_options & FILE_DELETE_ON_CLOSE) {
5090 status = can_set_delete_on_close(fsp, True, 0);
5092 if (NT_STATUS_IS_OK(status)) {
5093 /* Note that here we set the *inital* delete on close flag,
5094 * not the regular one. The magic gets handled in close. */
5095 fsp->initial_delete_on_close = True;
5099 return NT_STATUS_OK;
5104 if (errno == ENOTDIR || errno == EISDIR) {
5105 status = NT_STATUS_OBJECT_NAME_COLLISION;
5107 status = map_nt_error_from_unix(errno);
5110 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5111 nt_errstr(status), fsp->fsp_name,newname));
5116 /****************************************************************************
5117 The guts of the rename command, split out so it may be called by the NT SMB
5119 ****************************************************************************/
5121 NTSTATUS rename_internals(connection_struct *conn, struct smb_request *req,
5125 BOOL replace_if_exists,
5131 pstring last_component_src;
5132 pstring last_component_dest;
5135 NTSTATUS status = NT_STATUS_OK;
5136 SMB_STRUCT_STAT sbuf1, sbuf2;
5137 struct smb_Dir *dir_hnd = NULL;
5142 *directory = *mask = 0;
5147 status = unix_convert(conn, name, src_has_wild, last_component_src, &sbuf1);
5148 if (!NT_STATUS_IS_OK(status)) {
5152 status = unix_convert(conn, newname, dest_has_wild, last_component_dest, &sbuf2);
5153 if (!NT_STATUS_IS_OK(status)) {
5158 * Split the old name into directory and last component
5159 * strings. Note that unix_convert may have stripped off a
5160 * leading ./ from both name and newname if the rename is
5161 * at the root of the share. We need to make sure either both
5162 * name and newname contain a / character or neither of them do
5163 * as this is checked in resolve_wildcards().
5166 p = strrchr_m(name,'/');
5168 pstrcpy(directory,".");
5172 pstrcpy(directory,name);
5174 *p = '/'; /* Replace needed for exceptional test below. */
5178 * We should only check the mangled cache
5179 * here if unix_convert failed. This means
5180 * that the path in 'mask' doesn't exist
5181 * on the file system and so we need to look
5182 * for a possible mangle. This patch from
5183 * Tine Smukavec <valentin.smukavec@hermes.si>.
5186 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5187 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
5190 if (!src_has_wild) {
5194 * No wildcards - just process the one file.
5196 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
5198 /* Add a terminating '/' to the directory name. */
5199 pstrcat(directory,"/");
5200 pstrcat(directory,mask);
5202 /* Ensure newname contains a '/' also */
5203 if(strrchr_m(newname,'/') == 0) {
5206 pstrcpy(tmpstr, "./");
5207 pstrcat(tmpstr, newname);
5208 pstrcpy(newname, tmpstr);
5211 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5212 "case_preserve = %d, short case preserve = %d, "
5213 "directory = %s, newname = %s, "
5214 "last_component_dest = %s, is_8_3 = %d\n",
5215 conn->case_sensitive, conn->case_preserve,
5216 conn->short_case_preserve, directory,
5217 newname, last_component_dest, is_short_name));
5219 /* The dest name still may have wildcards. */
5220 if (dest_has_wild) {
5221 if (!resolve_wildcards(directory,newname)) {
5222 DEBUG(6, ("rename_internals: resolve_wildcards %s %s failed\n",
5223 directory,newname));
5224 return NT_STATUS_NO_MEMORY;
5229 SMB_VFS_STAT(conn, directory, &sbuf1);
5231 status = S_ISDIR(sbuf1.st_mode) ?
5232 open_directory(conn, req, directory, &sbuf1,
5234 FILE_SHARE_READ|FILE_SHARE_WRITE,
5235 FILE_OPEN, 0, 0, NULL,
5237 : open_file_ntcreate(conn, req, directory, &sbuf1,
5239 FILE_SHARE_READ|FILE_SHARE_WRITE,
5240 FILE_OPEN, 0, 0, 0, NULL,
5243 if (!NT_STATUS_IS_OK(status)) {
5244 DEBUG(3, ("Could not open rename source %s: %s\n",
5245 directory, nt_errstr(status)));
5249 status = rename_internals_fsp(conn, fsp, newname, attrs,
5252 close_file(fsp, NORMAL_CLOSE);
5254 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5255 nt_errstr(status), directory,newname));
5261 * Wildcards - process each file that matches.
5263 if (strequal(mask,"????????.???")) {
5267 status = check_name(conn, directory);
5268 if (!NT_STATUS_IS_OK(status)) {
5272 dir_hnd = OpenDir(conn, directory, mask, attrs);
5273 if (dir_hnd == NULL) {
5274 return map_nt_error_from_unix(errno);
5277 status = NT_STATUS_NO_SUCH_FILE;
5279 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5280 * - gentest fix. JRA
5283 while ((dname = ReadDirName(dir_hnd, &offset))) {
5286 BOOL sysdir_entry = False;
5288 pstrcpy(fname,dname);
5290 /* Quick check for "." and ".." */
5291 if (fname[0] == '.') {
5292 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
5294 sysdir_entry = True;
5301 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5305 if(!mask_match(fname, mask, conn->case_sensitive)) {
5310 status = NT_STATUS_OBJECT_NAME_INVALID;
5314 slprintf(fname, sizeof(fname)-1, "%s/%s", directory, dname);
5316 pstrcpy(destname,newname);
5318 if (!resolve_wildcards(fname,destname)) {
5319 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5325 SMB_VFS_STAT(conn, fname, &sbuf1);
5327 status = S_ISDIR(sbuf1.st_mode) ?
5328 open_directory(conn, req, fname, &sbuf1,
5330 FILE_SHARE_READ|FILE_SHARE_WRITE,
5331 FILE_OPEN, 0, 0, NULL,
5333 : open_file_ntcreate(conn, req, fname, &sbuf1,
5335 FILE_SHARE_READ|FILE_SHARE_WRITE,
5336 FILE_OPEN, 0, 0, 0, NULL,
5339 if (!NT_STATUS_IS_OK(status)) {
5340 DEBUG(3,("rename_internals: open_file_ntcreate "
5341 "returned %s rename %s -> %s\n",
5342 nt_errstr(status), directory, newname));
5346 status = rename_internals_fsp(conn, fsp, destname, attrs,
5349 close_file(fsp, NORMAL_CLOSE);
5351 if (!NT_STATUS_IS_OK(status)) {
5352 DEBUG(3, ("rename_internals_fsp returned %s for "
5353 "rename %s -> %s\n", nt_errstr(status),
5354 directory, newname));
5360 DEBUG(3,("rename_internals: doing rename on %s -> "
5361 "%s\n",fname,destname));
5365 if (count == 0 && NT_STATUS_IS_OK(status)) {
5366 status = map_nt_error_from_unix(errno);
5372 /****************************************************************************
5374 ****************************************************************************/
5376 void reply_mv(connection_struct *conn, struct smb_request *req)
5383 BOOL src_has_wcard = False;
5384 BOOL dest_has_wcard = False;
5386 START_PROFILE(SMBmv);
5389 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5394 attrs = SVAL(req->inbuf,smb_vwv0);
5396 p = smb_buf(req->inbuf) + 1;
5397 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, name, p,
5398 sizeof(name), 0, STR_TERMINATE, &status,
5400 if (!NT_STATUS_IS_OK(status)) {
5401 reply_nterror(req, status);
5406 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, newname, p,
5407 sizeof(newname), 0, STR_TERMINATE, &status,
5409 if (!NT_STATUS_IS_OK(status)) {
5410 reply_nterror(req, status);
5415 status = resolve_dfspath_wcard(conn,
5416 req->flags2 & FLAGS2_DFS_PATHNAMES,
5417 name, &src_has_wcard);
5418 if (!NT_STATUS_IS_OK(status)) {
5419 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5420 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5421 ERRSRV, ERRbadpath);
5425 reply_nterror(req, status);
5430 status = resolve_dfspath_wcard(conn,
5431 req->flags2 & FLAGS2_DFS_PATHNAMES,
5432 newname, &dest_has_wcard);
5433 if (!NT_STATUS_IS_OK(status)) {
5434 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5435 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5436 ERRSRV, ERRbadpath);
5440 reply_nterror(req, status);
5445 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5447 status = rename_internals(conn, req, name, newname, attrs, False,
5448 src_has_wcard, dest_has_wcard);
5449 if (!NT_STATUS_IS_OK(status)) {
5450 if (open_was_deferred(req->mid)) {
5451 /* We have re-scheduled this call. */
5455 reply_nterror(req, status);
5460 reply_outbuf(req, 0, 0);
5466 /*******************************************************************
5467 Copy a file as part of a reply_copy.
5468 ******************************************************************/
5471 * TODO: check error codes on all callers
5474 NTSTATUS copy_file(connection_struct *conn,
5479 BOOL target_is_directory)
5481 SMB_STRUCT_STAT src_sbuf, sbuf2;
5483 files_struct *fsp1,*fsp2;
5486 uint32 new_create_disposition;
5489 pstrcpy(dest,dest1);
5490 if (target_is_directory) {
5491 char *p = strrchr_m(src,'/');
5501 if (!vfs_file_exist(conn,src,&src_sbuf)) {
5502 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
5505 if (!target_is_directory && count) {
5506 new_create_disposition = FILE_OPEN;
5508 if (!map_open_params_to_ntcreate(dest1,0,ofun,
5509 NULL, NULL, &new_create_disposition, NULL)) {
5510 return NT_STATUS_INVALID_PARAMETER;
5514 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
5516 FILE_SHARE_READ|FILE_SHARE_WRITE,
5519 FILE_ATTRIBUTE_NORMAL,
5523 if (!NT_STATUS_IS_OK(status)) {
5527 dosattrs = dos_mode(conn, src, &src_sbuf);
5528 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
5529 ZERO_STRUCTP(&sbuf2);
5532 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
5534 FILE_SHARE_READ|FILE_SHARE_WRITE,
5535 new_create_disposition,
5541 if (!NT_STATUS_IS_OK(status)) {
5542 close_file(fsp1,ERROR_CLOSE);
5546 if ((ofun&3) == 1) {
5547 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
5548 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
5550 * Stop the copy from occurring.
5553 src_sbuf.st_size = 0;
5557 if (src_sbuf.st_size) {
5558 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
5561 close_file(fsp1,NORMAL_CLOSE);
5563 /* Ensure the modtime is set correctly on the destination file. */
5564 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
5567 * As we are opening fsp1 read-only we only expect
5568 * an error on close on fsp2 if we are out of space.
5569 * Thus we don't look at the error return from the
5572 status = close_file(fsp2,NORMAL_CLOSE);
5574 if (!NT_STATUS_IS_OK(status)) {
5578 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
5579 return NT_STATUS_DISK_FULL;
5582 return NT_STATUS_OK;
5585 /****************************************************************************
5586 Reply to a file copy.
5587 ****************************************************************************/
5589 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5594 pstring mask,newname;
5597 int error = ERRnoaccess;
5599 int tid2 = SVAL(inbuf,smb_vwv0);
5600 int ofun = SVAL(inbuf,smb_vwv1);
5601 int flags = SVAL(inbuf,smb_vwv2);
5602 BOOL target_is_directory=False;
5603 BOOL source_has_wild = False;
5604 BOOL dest_has_wild = False;
5605 SMB_STRUCT_STAT sbuf1, sbuf2;
5607 START_PROFILE(SMBcopy);
5609 *directory = *mask = 0;
5612 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), name, p,
5613 sizeof(name), 0, STR_TERMINATE, &status,
5615 if (!NT_STATUS_IS_OK(status)) {
5616 END_PROFILE(SMBcopy);
5617 return ERROR_NT(status);
5619 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), newname, p,
5620 sizeof(newname), 0, STR_TERMINATE, &status,
5622 if (!NT_STATUS_IS_OK(status)) {
5623 END_PROFILE(SMBcopy);
5624 return ERROR_NT(status);
5627 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
5629 if (tid2 != conn->cnum) {
5630 /* can't currently handle inter share copies XXXX */
5631 DEBUG(3,("Rejecting inter-share copy\n"));
5632 END_PROFILE(SMBcopy);
5633 return ERROR_DOS(ERRSRV,ERRinvdevice);
5636 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, name, &source_has_wild);
5637 if (!NT_STATUS_IS_OK(status)) {
5638 END_PROFILE(SMBcopy);
5639 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5640 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5642 return ERROR_NT(status);
5645 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, newname, &dest_has_wild);
5646 if (!NT_STATUS_IS_OK(status)) {
5647 END_PROFILE(SMBcopy);
5648 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5649 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5651 return ERROR_NT(status);
5654 status = unix_convert(conn, name, source_has_wild, NULL, &sbuf1);
5655 if (!NT_STATUS_IS_OK(status)) {
5656 END_PROFILE(SMBcopy);
5657 return ERROR_NT(status);
5660 status = unix_convert(conn, newname, dest_has_wild, NULL, &sbuf2);
5661 if (!NT_STATUS_IS_OK(status)) {
5662 END_PROFILE(SMBcopy);
5663 return ERROR_NT(status);
5666 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
5668 if ((flags&1) && target_is_directory) {
5669 END_PROFILE(SMBcopy);
5670 return ERROR_DOS(ERRDOS,ERRbadfile);
5673 if ((flags&2) && !target_is_directory) {
5674 END_PROFILE(SMBcopy);
5675 return ERROR_DOS(ERRDOS,ERRbadpath);
5678 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
5679 /* wants a tree copy! XXXX */
5680 DEBUG(3,("Rejecting tree copy\n"));
5681 END_PROFILE(SMBcopy);
5682 return ERROR_DOS(ERRSRV,ERRerror);
5685 p = strrchr_m(name,'/');
5687 pstrcpy(directory,"./");
5691 pstrcpy(directory,name);
5696 * We should only check the mangled cache
5697 * here if unix_convert failed. This means
5698 * that the path in 'mask' doesn't exist
5699 * on the file system and so we need to look
5700 * for a possible mangle. This patch from
5701 * Tine Smukavec <valentin.smukavec@hermes.si>.
5704 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5705 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
5708 if (!source_has_wild) {
5709 pstrcat(directory,"/");
5710 pstrcat(directory,mask);
5711 if (dest_has_wild) {
5712 if (!resolve_wildcards(directory,newname)) {
5713 END_PROFILE(SMBcopy);
5714 return ERROR_NT(NT_STATUS_NO_MEMORY);
5718 status = check_name(conn, directory);
5719 if (!NT_STATUS_IS_OK(status)) {
5720 return ERROR_NT(status);
5723 status = check_name(conn, newname);
5724 if (!NT_STATUS_IS_OK(status)) {
5725 return ERROR_NT(status);
5728 status = copy_file(conn,directory,newname,ofun,
5729 count,target_is_directory);
5731 if(!NT_STATUS_IS_OK(status)) {
5732 END_PROFILE(SMBcopy);
5733 return ERROR_NT(status);
5738 struct smb_Dir *dir_hnd = NULL;
5743 if (strequal(mask,"????????.???"))
5746 status = check_name(conn, directory);
5747 if (!NT_STATUS_IS_OK(status)) {
5748 return ERROR_NT(status);
5751 dir_hnd = OpenDir(conn, directory, mask, 0);
5752 if (dir_hnd == NULL) {
5753 status = map_nt_error_from_unix(errno);
5754 return ERROR_NT(status);
5759 while ((dname = ReadDirName(dir_hnd, &offset))) {
5761 pstrcpy(fname,dname);
5763 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5767 if(!mask_match(fname, mask, conn->case_sensitive)) {
5771 error = ERRnoaccess;
5772 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
5773 pstrcpy(destname,newname);
5774 if (!resolve_wildcards(fname,destname)) {
5778 status = check_name(conn, fname);
5779 if (!NT_STATUS_IS_OK(status)) {
5780 return ERROR_NT(status);
5783 status = check_name(conn, destname);
5784 if (!NT_STATUS_IS_OK(status)) {
5785 return ERROR_NT(status);
5788 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
5790 status = copy_file(conn,fname,destname,ofun,
5791 count,target_is_directory);
5792 if (NT_STATUS_IS_OK(status)) {
5801 /* Error on close... */
5803 END_PROFILE(SMBcopy);
5804 return(UNIXERROR(ERRHRD,ERRgeneral));
5807 END_PROFILE(SMBcopy);
5808 return ERROR_DOS(ERRDOS,error);
5811 outsize = set_message(inbuf,outbuf,1,0,True);
5812 SSVAL(outbuf,smb_vwv0,count);
5814 END_PROFILE(SMBcopy);
5819 #define DBGC_CLASS DBGC_LOCKING
5821 /****************************************************************************
5822 Get a lock pid, dealing with large count requests.
5823 ****************************************************************************/
5825 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
5827 if(!large_file_format)
5828 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
5830 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
5833 /****************************************************************************
5834 Get a lock count, dealing with large count requests.
5835 ****************************************************************************/
5837 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
5839 SMB_BIG_UINT count = 0;
5841 if(!large_file_format) {
5842 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
5845 #if defined(HAVE_LONGLONG)
5846 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
5847 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
5848 #else /* HAVE_LONGLONG */
5851 * NT4.x seems to be broken in that it sends large file (64 bit)
5852 * lockingX calls even if the CAP_LARGE_FILES was *not*
5853 * negotiated. For boxes without large unsigned ints truncate the
5854 * lock count by dropping the top 32 bits.
5857 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
5858 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
5859 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
5860 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
5861 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
5864 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
5865 #endif /* HAVE_LONGLONG */
5871 #if !defined(HAVE_LONGLONG)
5872 /****************************************************************************
5873 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
5874 ****************************************************************************/
5876 static uint32 map_lock_offset(uint32 high, uint32 low)
5880 uint32 highcopy = high;
5883 * Try and find out how many significant bits there are in high.
5886 for(i = 0; highcopy; i++)
5890 * We use 31 bits not 32 here as POSIX
5891 * lock offsets may not be negative.
5894 mask = (~0) << (31 - i);
5897 return 0; /* Fail. */
5903 #endif /* !defined(HAVE_LONGLONG) */
5905 /****************************************************************************
5906 Get a lock offset, dealing with large offset requests.
5907 ****************************************************************************/
5909 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
5911 SMB_BIG_UINT offset = 0;
5915 if(!large_file_format) {
5916 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
5919 #if defined(HAVE_LONGLONG)
5920 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
5921 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
5922 #else /* HAVE_LONGLONG */
5925 * NT4.x seems to be broken in that it sends large file (64 bit)
5926 * lockingX calls even if the CAP_LARGE_FILES was *not*
5927 * negotiated. For boxes without large unsigned ints mangle the
5928 * lock offset by mapping the top 32 bits onto the lower 32.
5931 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
5932 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5933 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
5936 if((new_low = map_lock_offset(high, low)) == 0) {
5938 return (SMB_BIG_UINT)-1;
5941 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
5942 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
5943 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
5944 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
5947 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5948 #endif /* HAVE_LONGLONG */
5954 /****************************************************************************
5955 Reply to a lockingX request.
5956 ****************************************************************************/
5958 void reply_lockingX(connection_struct *conn, struct smb_request *req)
5961 unsigned char locktype;
5962 unsigned char oplocklevel;
5965 SMB_BIG_UINT count = 0, offset = 0;
5970 BOOL large_file_format;
5972 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5974 START_PROFILE(SMBlockingX);
5977 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5978 END_PROFILE(SMBlockingX);
5982 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
5983 locktype = CVAL(req->inbuf,smb_vwv3);
5984 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
5985 num_ulocks = SVAL(req->inbuf,smb_vwv6);
5986 num_locks = SVAL(req->inbuf,smb_vwv7);
5987 lock_timeout = IVAL(req->inbuf,smb_vwv4);
5988 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
5990 if (!check_fsp(conn, req, fsp, ¤t_user)) {
5991 END_PROFILE(SMBlockingX);
5995 data = smb_buf(req->inbuf);
5997 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
5998 /* we don't support these - and CANCEL_LOCK makes w2k
5999 and XP reboot so I don't really want to be
6000 compatible! (tridge) */
6001 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6002 END_PROFILE(SMBlockingX);
6006 /* Check if this is an oplock break on a file
6007 we have granted an oplock on.
6009 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6010 /* Client can insist on breaking to none. */
6011 BOOL break_to_none = (oplocklevel == 0);
6014 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6015 "for fnum = %d\n", (unsigned int)oplocklevel,
6019 * Make sure we have granted an exclusive or batch oplock on
6023 if (fsp->oplock_type == 0) {
6025 /* The Samba4 nbench simulator doesn't understand
6026 the difference between break to level2 and break
6027 to none from level2 - it sends oplock break
6028 replies in both cases. Don't keep logging an error
6029 message here - just ignore it. JRA. */
6031 DEBUG(5,("reply_lockingX: Error : oplock break from "
6032 "client for fnum = %d (oplock=%d) and no "
6033 "oplock granted on this file (%s).\n",
6034 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6036 /* if this is a pure oplock break request then don't
6038 if (num_locks == 0 && num_ulocks == 0) {
6039 END_PROFILE(SMBlockingX);
6040 reply_post_legacy(req, -1);
6043 END_PROFILE(SMBlockingX);
6044 reply_doserror(req, ERRDOS, ERRlock);
6049 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6051 result = remove_oplock(fsp);
6053 result = downgrade_oplock(fsp);
6057 DEBUG(0, ("reply_lockingX: error in removing "
6058 "oplock on file %s\n", fsp->fsp_name));
6059 /* Hmmm. Is this panic justified? */
6060 smb_panic("internal tdb error");
6063 reply_to_oplock_break_requests(fsp);
6065 /* if this is a pure oplock break request then don't send a
6067 if (num_locks == 0 && num_ulocks == 0) {
6068 /* Sanity check - ensure a pure oplock break is not a
6070 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6071 DEBUG(0,("reply_lockingX: Error : pure oplock "
6072 "break is a chained %d request !\n",
6073 (unsigned int)CVAL(req->inbuf,
6075 END_PROFILE(SMBlockingX);
6081 * We do this check *after* we have checked this is not a oplock break
6082 * response message. JRA.
6085 release_level_2_oplocks_on_change(fsp);
6087 if (smb_buflen(req->inbuf) <
6088 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6089 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6090 END_PROFILE(SMBlockingX);
6094 /* Data now points at the beginning of the list
6095 of smb_unlkrng structs */
6096 for(i = 0; i < (int)num_ulocks; i++) {
6097 lock_pid = get_lock_pid( data, i, large_file_format);
6098 count = get_lock_count( data, i, large_file_format);
6099 offset = get_lock_offset( data, i, large_file_format, &err);
6102 * There is no error code marked "stupid client bug".... :-).
6105 END_PROFILE(SMBlockingX);
6106 reply_doserror(req, ERRDOS, ERRnoaccess);
6110 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6111 "pid %u, file %s\n", (double)offset, (double)count,
6112 (unsigned int)lock_pid, fsp->fsp_name ));
6114 status = do_unlock(smbd_messaging_context(),
6121 if (NT_STATUS_V(status)) {
6122 END_PROFILE(SMBlockingX);
6123 reply_nterror(req, status);
6128 /* Setup the timeout in seconds. */
6130 if (!lp_blocking_locks(SNUM(conn))) {
6134 /* Now do any requested locks */
6135 data += ((large_file_format ? 20 : 10)*num_ulocks);
6137 /* Data now points at the beginning of the list
6138 of smb_lkrng structs */
6140 for(i = 0; i < (int)num_locks; i++) {
6141 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6142 READ_LOCK:WRITE_LOCK);
6143 lock_pid = get_lock_pid( data, i, large_file_format);
6144 count = get_lock_count( data, i, large_file_format);
6145 offset = get_lock_offset( data, i, large_file_format, &err);
6148 * There is no error code marked "stupid client bug".... :-).
6151 END_PROFILE(SMBlockingX);
6152 reply_doserror(req, ERRDOS, ERRnoaccess);
6156 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6157 "%u, file %s timeout = %d\n", (double)offset,
6158 (double)count, (unsigned int)lock_pid,
6159 fsp->fsp_name, (int)lock_timeout ));
6161 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6162 if (lp_blocking_locks(SNUM(conn))) {
6164 /* Schedule a message to ourselves to
6165 remove the blocking lock record and
6166 return the right error. */
6168 if (!blocking_lock_cancel(fsp,
6174 NT_STATUS_FILE_LOCK_CONFLICT)) {
6175 END_PROFILE(SMBlockingX);
6180 ERRcancelviolation));
6184 /* Remove a matching pending lock. */
6185 status = do_lock_cancel(fsp,
6191 BOOL blocking_lock = lock_timeout ? True : False;
6192 BOOL defer_lock = False;
6193 struct byte_range_lock *br_lck;
6194 uint32 block_smbpid;
6196 br_lck = do_lock(smbd_messaging_context(),
6207 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6208 /* Windows internal resolution for blocking locks seems
6209 to be about 200ms... Don't wait for less than that. JRA. */
6210 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6211 lock_timeout = lp_lock_spin_time();
6216 /* This heuristic seems to match W2K3 very well. If a
6217 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6218 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6219 far as I can tell. Replacement for do_lock_spin(). JRA. */
6221 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6222 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6224 lock_timeout = lp_lock_spin_time();
6227 if (br_lck && defer_lock) {
6229 * A blocking lock was requested. Package up
6230 * this smb into a queued request and push it
6231 * onto the blocking lock queue.
6233 if(push_blocking_lock_request(br_lck,
6235 smb_len(req->inbuf)+4,
6245 TALLOC_FREE(br_lck);
6246 END_PROFILE(SMBlockingX);
6247 reply_post_legacy(req, -1);
6252 TALLOC_FREE(br_lck);
6255 if (NT_STATUS_V(status)) {
6256 END_PROFILE(SMBlockingX);
6257 reply_nterror(req, status);
6262 /* If any of the above locks failed, then we must unlock
6263 all of the previous locks (X/Open spec). */
6265 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6269 * Ensure we don't do a remove on the lock that just failed,
6270 * as under POSIX rules, if we have a lock already there, we
6271 * will delete it (and we shouldn't) .....
6273 for(i--; i >= 0; i--) {
6274 lock_pid = get_lock_pid( data, i, large_file_format);
6275 count = get_lock_count( data, i, large_file_format);
6276 offset = get_lock_offset( data, i, large_file_format,
6280 * There is no error code marked "stupid client
6284 END_PROFILE(SMBlockingX);
6285 reply_doserror(req, ERRDOS, ERRnoaccess);
6289 do_unlock(smbd_messaging_context(),
6296 END_PROFILE(SMBlockingX);
6297 reply_nterror(req, status);
6301 reply_outbuf(req, 2, 0);
6303 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6304 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6306 END_PROFILE(SMBlockingX);
6307 chain_reply_new(req);
6311 #define DBGC_CLASS DBGC_ALL
6313 /****************************************************************************
6314 Reply to a SMBreadbmpx (read block multiplex) request.
6315 ****************************************************************************/
6317 int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
6328 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6329 START_PROFILE(SMBreadBmpx);
6331 /* this function doesn't seem to work - disable by default */
6332 if (!lp_readbmpx()) {
6333 END_PROFILE(SMBreadBmpx);
6334 return ERROR_DOS(ERRSRV,ERRuseSTD);
6337 outsize = set_message(inbuf,outbuf,8,0,True);
6339 CHECK_FSP(fsp,conn);
6340 if (!CHECK_READ(fsp,inbuf)) {
6341 return(ERROR_DOS(ERRDOS,ERRbadaccess));
6344 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
6345 maxcount = SVAL(inbuf,smb_vwv3);
6347 data = smb_buf(outbuf);
6348 pad = ((long)data)%4;
6353 max_per_packet = bufsize-(outsize+pad);
6357 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
6358 END_PROFILE(SMBreadBmpx);
6359 return ERROR_DOS(ERRDOS,ERRlock);
6363 size_t N = MIN(max_per_packet,tcount-total_read);
6365 nread = read_file(fsp,data,startpos,N);
6370 if (nread < (ssize_t)N)
6371 tcount = total_read + nread;
6373 set_message(inbuf,outbuf,8,nread+pad,False);
6374 SIVAL(outbuf,smb_vwv0,startpos);
6375 SSVAL(outbuf,smb_vwv2,tcount);
6376 SSVAL(outbuf,smb_vwv6,nread);
6377 SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
6380 if (!send_smb(smbd_server_fd(),outbuf))
6381 exit_server_cleanly("reply_readbmpx: send_smb failed.");
6383 total_read += nread;
6385 } while (total_read < (ssize_t)tcount);
6387 END_PROFILE(SMBreadBmpx);
6391 /****************************************************************************
6392 Reply to a SMBsetattrE.
6393 ****************************************************************************/
6395 int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
6397 struct timespec ts[2];
6399 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6400 START_PROFILE(SMBsetattrE);
6402 outsize = set_message(inbuf,outbuf,0,0,False);
6404 if(!fsp || (fsp->conn != conn)) {
6405 END_PROFILE(SMBsetattrE);
6406 return ERROR_DOS(ERRDOS,ERRbadfid);
6410 * Convert the DOS times into unix times. Ignore create
6411 * time as UNIX can't set this.
6414 ts[0] = convert_time_t_to_timespec(srv_make_unix_date2(inbuf+smb_vwv3)); /* atime. */
6415 ts[1] = convert_time_t_to_timespec(srv_make_unix_date2(inbuf+smb_vwv5)); /* mtime. */
6418 * Patch from Ray Frush <frush@engr.colostate.edu>
6419 * Sometimes times are sent as zero - ignore them.
6422 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6423 /* Ignore request */
6424 if( DEBUGLVL( 3 ) ) {
6425 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6426 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
6428 END_PROFILE(SMBsetattrE);
6430 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
6431 /* set modify time = to access time if modify time was unset */
6435 /* Set the date on this file */
6436 /* Should we set pending modtime here ? JRA */
6437 if(file_ntimes(conn, fsp->fsp_name, ts)) {
6438 END_PROFILE(SMBsetattrE);
6439 return ERROR_DOS(ERRDOS,ERRnoaccess);
6442 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
6444 (unsigned int)ts[0].tv_sec,
6445 (unsigned int)ts[1].tv_sec));
6447 END_PROFILE(SMBsetattrE);
6452 /* Back from the dead for OS/2..... JRA. */
6454 /****************************************************************************
6455 Reply to a SMBwritebmpx (write block multiplex primary) request.
6456 ****************************************************************************/
6458 int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
6461 ssize_t nwritten = -1;
6468 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6470 START_PROFILE(SMBwriteBmpx);
6472 CHECK_FSP(fsp,conn);
6473 if (!CHECK_WRITE(fsp)) {
6474 return(ERROR_DOS(ERRDOS,ERRbadaccess));
6476 if (HAS_CACHED_ERROR(fsp)) {
6477 return(CACHED_ERROR(fsp));
6480 tcount = SVAL(inbuf,smb_vwv1);
6481 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
6482 write_through = BITSETW(inbuf+smb_vwv7,0);
6483 numtowrite = SVAL(inbuf,smb_vwv10);
6484 smb_doff = SVAL(inbuf,smb_vwv11);
6486 data = smb_base(inbuf) + smb_doff;
6488 /* If this fails we need to send an SMBwriteC response,
6489 not an SMBwritebmpx - set this up now so we don't forget */
6490 SCVAL(outbuf,smb_com,SMBwritec);
6492 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK)) {
6493 END_PROFILE(SMBwriteBmpx);
6494 return(ERROR_DOS(ERRDOS,ERRlock));
6497 nwritten = write_file(fsp,data,startpos,numtowrite);
6499 status = sync_file(conn, fsp, write_through);
6500 if (!NT_STATUS_IS_OK(status)) {
6501 END_PROFILE(SMBwriteBmpx);
6502 DEBUG(5,("reply_writebmpx: sync_file for %s returned %s\n",
6503 fsp->fsp_name, nt_errstr(status) ));
6504 return ERROR_NT(status);
6507 if(nwritten < (ssize_t)numtowrite) {
6508 END_PROFILE(SMBwriteBmpx);
6509 return(UNIXERROR(ERRHRD,ERRdiskfull));
6512 /* If the maximum to be written to this file
6513 is greater than what we just wrote then set
6514 up a secondary struct to be attached to this
6515 fd, we will use this to cache error messages etc. */
6517 if((ssize_t)tcount > nwritten) {
6518 write_bmpx_struct *wbms;
6519 if(fsp->wbmpx_ptr != NULL)
6520 wbms = fsp->wbmpx_ptr; /* Use an existing struct */
6522 wbms = SMB_MALLOC_P(write_bmpx_struct);
6524 DEBUG(0,("Out of memory in reply_readmpx\n"));
6525 END_PROFILE(SMBwriteBmpx);
6526 return(ERROR_DOS(ERRSRV,ERRnoresource));
6528 wbms->wr_mode = write_through;
6529 wbms->wr_discard = False; /* No errors yet */
6530 wbms->wr_total_written = nwritten;
6531 wbms->wr_errclass = 0;
6533 fsp->wbmpx_ptr = wbms;
6536 /* We are returning successfully, set the message type back to
6538 SCVAL(outbuf,smb_com,SMBwriteBmpx);
6540 outsize = set_message(inbuf,outbuf,1,0,True);
6542 SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
6544 DEBUG( 3, ( "writebmpx fnum=%d num=%d wrote=%d\n",
6545 fsp->fnum, (int)numtowrite, (int)nwritten ) );
6547 if (write_through && tcount==nwritten) {
6548 /* We need to send both a primary and a secondary response */
6549 smb_setlen(inbuf,outbuf,outsize - 4);
6551 if (!send_smb(smbd_server_fd(),outbuf))
6552 exit_server_cleanly("reply_writebmpx: send_smb failed.");
6554 /* Now the secondary */
6555 outsize = set_message(inbuf,outbuf,1,0,True);
6556 SCVAL(outbuf,smb_com,SMBwritec);
6557 SSVAL(outbuf,smb_vwv0,nwritten);
6560 END_PROFILE(SMBwriteBmpx);
6564 /****************************************************************************
6565 Reply to a SMBwritebs (write block multiplex secondary) request.
6566 ****************************************************************************/
6568 int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
6571 ssize_t nwritten = -1;
6578 write_bmpx_struct *wbms;
6579 BOOL send_response = False;
6580 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6582 START_PROFILE(SMBwriteBs);
6584 CHECK_FSP(fsp,conn);
6585 if (!CHECK_WRITE(fsp)) {
6586 return(ERROR_DOS(ERRDOS,ERRbadaccess));
6589 tcount = SVAL(inbuf,smb_vwv1);
6590 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
6591 numtowrite = SVAL(inbuf,smb_vwv6);
6592 smb_doff = SVAL(inbuf,smb_vwv7);
6594 data = smb_base(inbuf) + smb_doff;
6596 /* We need to send an SMBwriteC response, not an SMBwritebs */
6597 SCVAL(outbuf,smb_com,SMBwritec);
6599 /* This fd should have an auxiliary struct attached,
6600 check that it does */
6601 wbms = fsp->wbmpx_ptr;
6603 END_PROFILE(SMBwriteBs);
6607 /* If write through is set we can return errors, else we must cache them */
6608 write_through = wbms->wr_mode;
6610 /* Check for an earlier error */
6611 if(wbms->wr_discard) {
6612 END_PROFILE(SMBwriteBs);
6613 return -1; /* Just discard the packet */
6616 nwritten = write_file(fsp,data,startpos,numtowrite);
6618 status = sync_file(conn, fsp, write_through);
6620 if (nwritten < (ssize_t)numtowrite || !NT_STATUS_IS_OK(status)) {
6622 /* We are returning an error - we can delete the aux struct */
6625 fsp->wbmpx_ptr = NULL;
6626 END_PROFILE(SMBwriteBs);
6627 return(ERROR_DOS(ERRHRD,ERRdiskfull));
6629 wbms->wr_errclass = ERRHRD;
6630 wbms->wr_error = ERRdiskfull;
6631 wbms->wr_status = NT_STATUS_DISK_FULL;
6632 wbms->wr_discard = True;
6633 END_PROFILE(SMBwriteBs);
6637 /* Increment the total written, if this matches tcount
6638 we can discard the auxiliary struct (hurrah !) and return a writeC */
6639 wbms->wr_total_written += nwritten;
6640 if(wbms->wr_total_written >= tcount) {
6641 if (write_through) {
6642 outsize = set_message(inbuf,outbuf,1,0,True);
6643 SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);
6644 send_response = True;
6648 fsp->wbmpx_ptr = NULL;
6652 END_PROFILE(SMBwriteBs);
6656 END_PROFILE(SMBwriteBs);
6660 /****************************************************************************
6661 Reply to a SMBgetattrE.
6662 ****************************************************************************/
6664 int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
6666 SMB_STRUCT_STAT sbuf;
6669 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6670 START_PROFILE(SMBgetattrE);
6672 outsize = set_message(inbuf,outbuf,11,0,True);
6674 if(!fsp || (fsp->conn != conn)) {
6675 END_PROFILE(SMBgetattrE);
6676 return ERROR_DOS(ERRDOS,ERRbadfid);
6679 /* Do an fstat on this file */
6680 if(fsp_stat(fsp, &sbuf)) {
6681 END_PROFILE(SMBgetattrE);
6682 return(UNIXERROR(ERRDOS,ERRnoaccess));
6685 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
6688 * Convert the times into dos times. Set create
6689 * date to be last modify date as UNIX doesn't save
6693 srv_put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
6694 srv_put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
6695 /* Should we check pending modtime here ? JRA */
6696 srv_put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
6699 SIVAL(outbuf,smb_vwv6,0);
6700 SIVAL(outbuf,smb_vwv8,0);
6702 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
6703 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
6704 SIVAL(outbuf,smb_vwv8,allocation_size);
6706 SSVAL(outbuf,smb_vwv10, mode);
6708 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
6710 END_PROFILE(SMBgetattrE);