2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 extern enum protocol_types Protocol;
32 /****************************************************************************
33 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
34 path or anything including wildcards.
35 We're assuming here that '/' is not the second byte in any multibyte char
36 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
38 ****************************************************************************/
40 /* Custom version for processing POSIX paths. */
41 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
43 static NTSTATUS check_path_syntax_internal(char *path,
45 bool *p_last_component_contains_wcard)
49 bool start_of_name_component = True;
50 bool stream_started = false;
51 bool check_quota = false;
53 *p_last_component_contains_wcard = False;
60 return NT_STATUS_OBJECT_NAME_INVALID;
63 return NT_STATUS_OBJECT_NAME_INVALID;
65 if (strchr_m(&s[1], ':')) {
66 return NT_STATUS_OBJECT_NAME_INVALID;
68 if (StrCaseCmp(s, ":$DATA") != 0) {
75 if (!posix_path && !stream_started && *s == ':') {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
85 stream_started = true;
86 start_of_name_component = false;
90 return NT_STATUS_OBJECT_NAME_INVALID;
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
108 start_of_name_component = True;
110 *p_last_component_contains_wcard = False;
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
119 * No mb char starts with '.' so we're safe checking the directory separator here.
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
128 /* Are we at the start ? Can't go back further if so. */
130 return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
132 /* Go back one level... */
133 /* We know this is safe as '/' cannot be part of a mb sequence. */
134 /* NOTE - if this assumption is invalid we are not in good shape... */
135 /* Decrement d first as d points to the *next* char to write into. */
136 for (d--; d > path; d--) {
140 s += 2; /* Else go past the .. */
141 /* We're still at the start of a name component, just the previous one. */
144 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
156 if (*s <= 0x1f || *s == '|') {
157 return NT_STATUS_OBJECT_NAME_INVALID;
165 *p_last_component_contains_wcard = True;
174 /* Get the size of the next MB character. */
175 next_codepoint(s,&siz);
193 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
195 return NT_STATUS_INVALID_PARAMETER;
198 start_of_name_component = False;
204 if (StrCaseCmp(path, FAKE_FILE_NAME_QUOTA_UNIX) != 0) {
205 return NT_STATUS_INVALID_PARAMETER;
212 /****************************************************************************
213 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
214 No wildcards allowed.
215 ****************************************************************************/
217 NTSTATUS check_path_syntax(char *path)
220 return check_path_syntax_internal(path, False, &ignore);
223 /****************************************************************************
224 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
225 Wildcards allowed - p_contains_wcard returns true if the last component contained
227 ****************************************************************************/
229 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
231 return check_path_syntax_internal(path, False, p_contains_wcard);
234 /****************************************************************************
235 Check the path for a POSIX client.
236 We're assuming here that '/' is not the second byte in any multibyte char
237 set (a safe assumption).
238 ****************************************************************************/
240 NTSTATUS check_path_syntax_posix(char *path)
243 return check_path_syntax_internal(path, True, &ignore);
246 /****************************************************************************
247 Pull a string and check the path allowing a wilcard - provide for error return.
248 ****************************************************************************/
250 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
251 const char *base_ptr,
258 bool *contains_wcard)
264 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
268 *err = NT_STATUS_INVALID_PARAMETER;
272 *contains_wcard = False;
274 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
276 * For a DFS path the function parse_dfs_path()
277 * will do the path processing, just make a copy.
283 if (lp_posix_pathnames()) {
284 *err = check_path_syntax_posix(*pp_dest);
286 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
292 /****************************************************************************
293 Pull a string and check the path - provide for error return.
294 ****************************************************************************/
296 size_t srvstr_get_path(TALLOC_CTX *ctx,
297 const char *base_ptr,
306 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
307 src_len, flags, err, &ignore);
310 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
311 char **pp_dest, const char *src, int flags,
312 NTSTATUS *err, bool *contains_wcard)
314 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
315 pp_dest, src, smbreq_bufrem(req, src),
316 flags, err, contains_wcard);
319 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
320 char **pp_dest, const char *src, int flags,
324 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
325 flags, err, &ignore);
328 /****************************************************************************
329 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
330 ****************************************************************************/
332 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
335 if (!(fsp) || !(conn)) {
336 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
339 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
340 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
346 /****************************************************************************
347 Check if we have a correct fsp pointing to a file.
348 ****************************************************************************/
350 bool check_fsp(connection_struct *conn, struct smb_request *req,
353 if (!check_fsp_open(conn, req, fsp)) {
356 if ((fsp)->is_directory) {
357 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
360 if ((fsp)->fh->fd == -1) {
361 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
364 (fsp)->num_smb_operations++;
368 /****************************************************************************
369 Check if we have a correct fsp pointing to a quota fake file. Replacement for
370 the CHECK_NTQUOTA_HANDLE_OK macro.
371 ****************************************************************************/
373 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
376 if (!check_fsp_open(conn, req, fsp)) {
380 if (fsp->is_directory) {
384 if (fsp->fake_file_handle == NULL) {
388 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
392 if (fsp->fake_file_handle->private_data == NULL) {
399 /****************************************************************************
400 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
401 ****************************************************************************/
403 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
406 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
407 && (req->vuid == (fsp)->vuid)) {
411 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
415 /****************************************************************************
416 Reply to a (netbios-level) special message.
417 ****************************************************************************/
419 void reply_special(char *inbuf)
421 int msg_type = CVAL(inbuf,0);
422 int msg_flags = CVAL(inbuf,1);
427 * We only really use 4 bytes of the outbuf, but for the smb_setlen
428 * calculation & friends (srv_send_smb uses that) we need the full smb
431 char outbuf[smb_size];
435 memset(outbuf, '\0', sizeof(outbuf));
437 smb_setlen(outbuf,0);
440 case 0x81: /* session request */
442 if (already_got_session) {
443 exit_server_cleanly("multiple session request not permitted");
446 SCVAL(outbuf,0,0x82);
448 if (name_len(inbuf+4) > 50 ||
449 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
450 DEBUG(0,("Invalid name length in session request\n"));
453 name_extract(inbuf,4,name1);
454 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
455 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
458 set_local_machine_name(name1, True);
459 set_remote_machine_name(name2, True);
461 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
462 get_local_machine_name(), get_remote_machine_name(),
465 if (name_type == 'R') {
466 /* We are being asked for a pathworks session ---
468 SCVAL(outbuf, 0,0x83);
472 /* only add the client's machine name to the list
473 of possibly valid usernames if we are operating
474 in share mode security */
475 if (lp_security() == SEC_SHARE) {
476 add_session_user(get_remote_machine_name());
479 reload_services(True);
482 already_got_session = True;
485 case 0x89: /* session keepalive request
486 (some old clients produce this?) */
487 SCVAL(outbuf,0,SMBkeepalive);
491 case 0x82: /* positive session response */
492 case 0x83: /* negative session response */
493 case 0x84: /* retarget session response */
494 DEBUG(0,("Unexpected session response\n"));
497 case SMBkeepalive: /* session keepalive */
502 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
503 msg_type, msg_flags));
505 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
509 /****************************************************************************
511 conn POINTER CAN BE NULL HERE !
512 ****************************************************************************/
514 void reply_tcon(struct smb_request *req)
516 connection_struct *conn = req->conn;
518 char *service_buf = NULL;
519 char *password = NULL;
524 DATA_BLOB password_blob;
525 TALLOC_CTX *ctx = talloc_tos();
527 START_PROFILE(SMBtcon);
529 if (req->buflen < 4) {
530 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
531 END_PROFILE(SMBtcon);
535 p = (const char *)req->buf + 1;
536 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
538 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
540 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
543 if (service_buf == NULL || password == NULL || dev == NULL) {
544 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
545 END_PROFILE(SMBtcon);
548 p = strrchr_m(service_buf,'\\');
552 service = service_buf;
555 password_blob = data_blob(password, pwlen+1);
557 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
560 data_blob_clear_free(&password_blob);
563 reply_nterror(req, nt_status);
564 END_PROFILE(SMBtcon);
568 reply_outbuf(req, 2, 0);
569 SSVAL(req->outbuf,smb_vwv0,max_recv);
570 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
571 SSVAL(req->outbuf,smb_tid,conn->cnum);
573 DEBUG(3,("tcon service=%s cnum=%d\n",
574 service, conn->cnum));
576 END_PROFILE(SMBtcon);
580 /****************************************************************************
581 Reply to a tcon and X.
582 conn POINTER CAN BE NULL HERE !
583 ****************************************************************************/
585 void reply_tcon_and_X(struct smb_request *req)
587 connection_struct *conn = req->conn;
588 const char *service = NULL;
590 TALLOC_CTX *ctx = talloc_tos();
591 /* what the cleint thinks the device is */
592 char *client_devicetype = NULL;
593 /* what the server tells the client the share represents */
594 const char *server_devicetype;
601 START_PROFILE(SMBtconX);
604 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
605 END_PROFILE(SMBtconX);
609 passlen = SVAL(req->vwv+3, 0);
610 tcon_flags = SVAL(req->vwv+2, 0);
612 /* we might have to close an old one */
613 if ((tcon_flags & 0x1) && conn) {
614 close_cnum(conn,req->vuid);
619 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
620 reply_doserror(req, ERRDOS, ERRbuftoosmall);
621 END_PROFILE(SMBtconX);
625 if (global_encrypted_passwords_negotiated) {
626 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
627 if (lp_security() == SEC_SHARE) {
629 * Security = share always has a pad byte
630 * after the password.
632 p = (const char *)req->buf + passlen + 1;
634 p = (const char *)req->buf + passlen;
637 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
638 /* Ensure correct termination */
639 password.data[passlen]=0;
640 p = (const char *)req->buf + passlen + 1;
643 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
646 data_blob_clear_free(&password);
647 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
648 END_PROFILE(SMBtconX);
653 * the service name can be either: \\server\share
654 * or share directly like on the DELL PowerVault 705
657 q = strchr_m(path+2,'\\');
659 data_blob_clear_free(&password);
660 reply_doserror(req, ERRDOS, ERRnosuchshare);
661 END_PROFILE(SMBtconX);
669 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
670 &client_devicetype, p,
671 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
673 if (client_devicetype == NULL) {
674 data_blob_clear_free(&password);
675 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
676 END_PROFILE(SMBtconX);
680 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
682 conn = make_connection(service, password, client_devicetype,
683 req->vuid, &nt_status);
686 data_blob_clear_free(&password);
689 reply_nterror(req, nt_status);
690 END_PROFILE(SMBtconX);
695 server_devicetype = "IPC";
696 else if ( IS_PRINT(conn) )
697 server_devicetype = "LPT1:";
699 server_devicetype = "A:";
701 if (Protocol < PROTOCOL_NT1) {
702 reply_outbuf(req, 2, 0);
703 if (message_push_string(&req->outbuf, server_devicetype,
704 STR_TERMINATE|STR_ASCII) == -1) {
705 reply_nterror(req, NT_STATUS_NO_MEMORY);
706 END_PROFILE(SMBtconX);
710 /* NT sets the fstype of IPC$ to the null string */
711 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
713 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
714 /* Return permissions. */
718 reply_outbuf(req, 7, 0);
721 perm1 = FILE_ALL_ACCESS;
722 perm2 = FILE_ALL_ACCESS;
724 perm1 = CAN_WRITE(conn) ?
729 SIVAL(req->outbuf, smb_vwv3, perm1);
730 SIVAL(req->outbuf, smb_vwv5, perm2);
732 reply_outbuf(req, 3, 0);
735 if ((message_push_string(&req->outbuf, server_devicetype,
736 STR_TERMINATE|STR_ASCII) == -1)
737 || (message_push_string(&req->outbuf, fstype,
738 STR_TERMINATE) == -1)) {
739 reply_nterror(req, NT_STATUS_NO_MEMORY);
740 END_PROFILE(SMBtconX);
744 /* what does setting this bit do? It is set by NT4 and
745 may affect the ability to autorun mounted cdroms */
746 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
747 (lp_csc_policy(SNUM(conn)) << 2));
749 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
750 DEBUG(2,("Serving %s as a Dfs root\n",
751 lp_servicename(SNUM(conn)) ));
752 SSVAL(req->outbuf, smb_vwv2,
753 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
758 DEBUG(3,("tconX service=%s \n",
761 /* set the incoming and outgoing tid to the just created one */
762 SSVAL(req->inbuf,smb_tid,conn->cnum);
763 SSVAL(req->outbuf,smb_tid,conn->cnum);
765 END_PROFILE(SMBtconX);
767 req->tid = conn->cnum;
772 /****************************************************************************
773 Reply to an unknown type.
774 ****************************************************************************/
776 void reply_unknown_new(struct smb_request *req, uint8 type)
778 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
779 smb_fn_name(type), type, type));
780 reply_doserror(req, ERRSRV, ERRunknownsmb);
784 /****************************************************************************
786 conn POINTER CAN BE NULL HERE !
787 ****************************************************************************/
789 void reply_ioctl(struct smb_request *req)
791 connection_struct *conn = req->conn;
798 START_PROFILE(SMBioctl);
801 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
802 END_PROFILE(SMBioctl);
806 device = SVAL(req->vwv+1, 0);
807 function = SVAL(req->vwv+2, 0);
808 ioctl_code = (device << 16) + function;
810 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
812 switch (ioctl_code) {
813 case IOCTL_QUERY_JOB_INFO:
817 reply_doserror(req, ERRSRV, ERRnosupport);
818 END_PROFILE(SMBioctl);
822 reply_outbuf(req, 8, replysize+1);
823 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
824 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
825 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
826 p = smb_buf(req->outbuf);
827 memset(p, '\0', replysize+1); /* valgrind-safe. */
828 p += 1; /* Allow for alignment */
830 switch (ioctl_code) {
831 case IOCTL_QUERY_JOB_INFO:
833 files_struct *fsp = file_fsp(
834 req, SVAL(req->vwv+0, 0));
836 reply_doserror(req, ERRDOS, ERRbadfid);
837 END_PROFILE(SMBioctl);
840 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
841 srvstr_push((char *)req->outbuf, req->flags2, p+2,
843 STR_TERMINATE|STR_ASCII);
845 srvstr_push((char *)req->outbuf, req->flags2,
846 p+18, lp_servicename(SNUM(conn)),
847 13, STR_TERMINATE|STR_ASCII);
855 END_PROFILE(SMBioctl);
859 /****************************************************************************
860 Strange checkpath NTSTATUS mapping.
861 ****************************************************************************/
863 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
865 /* Strange DOS error code semantics only for checkpath... */
866 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
867 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
868 /* We need to map to ERRbadpath */
869 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
875 /****************************************************************************
876 Reply to a checkpath.
877 ****************************************************************************/
879 void reply_checkpath(struct smb_request *req)
881 connection_struct *conn = req->conn;
883 SMB_STRUCT_STAT sbuf;
885 TALLOC_CTX *ctx = talloc_tos();
887 START_PROFILE(SMBcheckpath);
889 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
890 STR_TERMINATE, &status);
892 if (!NT_STATUS_IS_OK(status)) {
893 status = map_checkpath_error(req->flags2, status);
894 reply_nterror(req, status);
895 END_PROFILE(SMBcheckpath);
899 status = resolve_dfspath(ctx, conn,
900 req->flags2 & FLAGS2_DFS_PATHNAMES,
903 if (!NT_STATUS_IS_OK(status)) {
904 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
905 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
907 END_PROFILE(SMBcheckpath);
913 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
915 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
916 if (!NT_STATUS_IS_OK(status)) {
920 status = check_name(conn, name);
921 if (!NT_STATUS_IS_OK(status)) {
922 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
926 if (!VALID_STAT(sbuf)) {
929 if (lp_posix_pathnames()) {
930 ret = SMB_VFS_LSTAT(conn,name,&sbuf);
932 ret = SMB_VFS_STAT(conn,name,&sbuf);
935 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
936 status = map_nt_error_from_unix(errno);
941 if (!S_ISDIR(sbuf.st_ex_mode)) {
942 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
944 END_PROFILE(SMBcheckpath);
948 reply_outbuf(req, 0, 0);
950 END_PROFILE(SMBcheckpath);
955 END_PROFILE(SMBcheckpath);
957 /* We special case this - as when a Windows machine
958 is parsing a path is steps through the components
959 one at a time - if a component fails it expects
960 ERRbadpath, not ERRbadfile.
962 status = map_checkpath_error(req->flags2, status);
963 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
965 * Windows returns different error codes if
966 * the parent directory is valid but not the
967 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
968 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
969 * if the path is invalid.
971 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
976 reply_nterror(req, status);
979 /****************************************************************************
981 ****************************************************************************/
983 void reply_getatr(struct smb_request *req)
985 connection_struct *conn = req->conn;
987 SMB_STRUCT_STAT sbuf;
993 TALLOC_CTX *ctx = talloc_tos();
995 START_PROFILE(SMBgetatr);
997 p = (const char *)req->buf + 1;
998 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
999 if (!NT_STATUS_IS_OK(status)) {
1000 reply_nterror(req, status);
1001 END_PROFILE(SMBgetatr);
1005 status = resolve_dfspath(ctx, conn,
1006 req->flags2 & FLAGS2_DFS_PATHNAMES,
1009 if (!NT_STATUS_IS_OK(status)) {
1010 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1011 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1012 ERRSRV, ERRbadpath);
1013 END_PROFILE(SMBgetatr);
1016 reply_nterror(req, status);
1017 END_PROFILE(SMBgetatr);
1021 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1022 under WfWg - weird! */
1023 if (*fname == '\0') {
1024 mode = aHIDDEN | aDIR;
1025 if (!CAN_WRITE(conn)) {
1031 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1032 if (!NT_STATUS_IS_OK(status)) {
1033 reply_nterror(req, status);
1034 END_PROFILE(SMBgetatr);
1037 status = check_name(conn, fname);
1038 if (!NT_STATUS_IS_OK(status)) {
1039 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1040 reply_nterror(req, status);
1041 END_PROFILE(SMBgetatr);
1044 if (!VALID_STAT(sbuf)) {
1047 if (lp_posix_pathnames()) {
1048 ret = SMB_VFS_LSTAT(conn,fname,&sbuf);
1050 ret = SMB_VFS_STAT(conn,fname,&sbuf);
1053 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1054 reply_unixerror(req, ERRDOS,ERRbadfile);
1055 END_PROFILE(SMBgetatr);
1060 mode = dos_mode(conn,fname,&sbuf);
1061 size = sbuf.st_ex_size;
1062 mtime = convert_timespec_to_time_t(sbuf.st_ex_mtime);
1063 mode = dos_mode(conn, fname, &sbuf);
1064 size = sbuf.st_ex_size;
1071 reply_outbuf(req, 10, 0);
1073 SSVAL(req->outbuf,smb_vwv0,mode);
1074 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1075 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1077 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1079 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1081 if (Protocol >= PROTOCOL_NT1) {
1082 SSVAL(req->outbuf, smb_flg2,
1083 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1086 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1088 END_PROFILE(SMBgetatr);
1092 /****************************************************************************
1094 ****************************************************************************/
1096 void reply_setatr(struct smb_request *req)
1098 struct smb_file_time ft;
1099 connection_struct *conn = req->conn;
1103 SMB_STRUCT_STAT sbuf;
1106 TALLOC_CTX *ctx = talloc_tos();
1108 START_PROFILE(SMBsetatr);
1113 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1117 p = (const char *)req->buf + 1;
1118 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1119 if (!NT_STATUS_IS_OK(status)) {
1120 reply_nterror(req, status);
1121 END_PROFILE(SMBsetatr);
1125 status = resolve_dfspath(ctx, conn,
1126 req->flags2 & FLAGS2_DFS_PATHNAMES,
1129 if (!NT_STATUS_IS_OK(status)) {
1130 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1131 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1132 ERRSRV, ERRbadpath);
1133 END_PROFILE(SMBsetatr);
1136 reply_nterror(req, status);
1137 END_PROFILE(SMBsetatr);
1141 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1142 if (!NT_STATUS_IS_OK(status)) {
1143 reply_nterror(req, status);
1144 END_PROFILE(SMBsetatr);
1148 status = check_name(conn, fname);
1149 if (!NT_STATUS_IS_OK(status)) {
1150 reply_nterror(req, status);
1151 END_PROFILE(SMBsetatr);
1155 if (fname[0] == '.' && fname[1] == '\0') {
1157 * Not sure here is the right place to catch this
1158 * condition. Might be moved to somewhere else later -- vl
1160 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1161 END_PROFILE(SMBsetatr);
1165 mode = SVAL(req->vwv+0, 0);
1166 mtime = srv_make_unix_date3(req->vwv+1);
1168 ft.mtime = convert_time_t_to_timespec(mtime);
1169 status = smb_set_file_time(conn, NULL, fname,
1171 if (!NT_STATUS_IS_OK(status)) {
1172 reply_unixerror(req, ERRDOS, ERRnoaccess);
1173 END_PROFILE(SMBsetatr);
1177 if (mode != FILE_ATTRIBUTE_NORMAL) {
1178 if (VALID_STAT_OF_DIR(sbuf))
1183 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1184 reply_unixerror(req, ERRDOS, ERRnoaccess);
1185 END_PROFILE(SMBsetatr);
1190 reply_outbuf(req, 0, 0);
1192 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1194 END_PROFILE(SMBsetatr);
1198 /****************************************************************************
1200 ****************************************************************************/
1202 void reply_dskattr(struct smb_request *req)
1204 connection_struct *conn = req->conn;
1205 uint64_t dfree,dsize,bsize;
1206 START_PROFILE(SMBdskattr);
1208 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1209 reply_unixerror(req, ERRHRD, ERRgeneral);
1210 END_PROFILE(SMBdskattr);
1214 reply_outbuf(req, 5, 0);
1216 if (Protocol <= PROTOCOL_LANMAN2) {
1217 double total_space, free_space;
1218 /* we need to scale this to a number that DOS6 can handle. We
1219 use floating point so we can handle large drives on systems
1220 that don't have 64 bit integers
1222 we end up displaying a maximum of 2G to DOS systems
1224 total_space = dsize * (double)bsize;
1225 free_space = dfree * (double)bsize;
1227 dsize = (uint64_t)((total_space+63*512) / (64*512));
1228 dfree = (uint64_t)((free_space+63*512) / (64*512));
1230 if (dsize > 0xFFFF) dsize = 0xFFFF;
1231 if (dfree > 0xFFFF) dfree = 0xFFFF;
1233 SSVAL(req->outbuf,smb_vwv0,dsize);
1234 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1235 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1236 SSVAL(req->outbuf,smb_vwv3,dfree);
1238 SSVAL(req->outbuf,smb_vwv0,dsize);
1239 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1240 SSVAL(req->outbuf,smb_vwv2,512);
1241 SSVAL(req->outbuf,smb_vwv3,dfree);
1244 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1246 END_PROFILE(SMBdskattr);
1250 /****************************************************************************
1252 Can be called from SMBsearch, SMBffirst or SMBfunique.
1253 ****************************************************************************/
1255 void reply_search(struct smb_request *req)
1257 connection_struct *conn = req->conn;
1258 const char *mask = NULL;
1259 char *directory = NULL;
1263 struct timespec date;
1265 unsigned int numentries = 0;
1266 unsigned int maxentries = 0;
1267 bool finished = False;
1273 bool check_descend = False;
1274 bool expect_close = False;
1276 bool mask_contains_wcard = False;
1277 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1278 TALLOC_CTX *ctx = talloc_tos();
1279 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1281 START_PROFILE(SMBsearch);
1284 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1285 END_PROFILE(SMBsearch);
1289 if (lp_posix_pathnames()) {
1290 reply_unknown_new(req, req->cmd);
1291 END_PROFILE(SMBsearch);
1295 /* If we were called as SMBffirst then we must expect close. */
1296 if(req->cmd == SMBffirst) {
1297 expect_close = True;
1300 reply_outbuf(req, 1, 3);
1301 maxentries = SVAL(req->vwv+0, 0);
1302 dirtype = SVAL(req->vwv+1, 0);
1303 p = (const char *)req->buf + 1;
1304 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1305 &nt_status, &mask_contains_wcard);
1306 if (!NT_STATUS_IS_OK(nt_status)) {
1307 reply_nterror(req, nt_status);
1308 END_PROFILE(SMBsearch);
1312 nt_status = resolve_dfspath_wcard(ctx, conn,
1313 req->flags2 & FLAGS2_DFS_PATHNAMES,
1316 &mask_contains_wcard);
1317 if (!NT_STATUS_IS_OK(nt_status)) {
1318 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1319 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1320 ERRSRV, ERRbadpath);
1321 END_PROFILE(SMBsearch);
1324 reply_nterror(req, nt_status);
1325 END_PROFILE(SMBsearch);
1330 status_len = SVAL(p, 0);
1333 /* dirtype &= ~aDIR; */
1335 if (status_len == 0) {
1336 SMB_STRUCT_STAT sbuf;
1338 nt_status = unix_convert(ctx, conn, path, True,
1339 &directory, NULL, &sbuf);
1340 if (!NT_STATUS_IS_OK(nt_status)) {
1341 reply_nterror(req, nt_status);
1342 END_PROFILE(SMBsearch);
1346 nt_status = check_name(conn, directory);
1347 if (!NT_STATUS_IS_OK(nt_status)) {
1348 reply_nterror(req, nt_status);
1349 END_PROFILE(SMBsearch);
1353 p = strrchr_m(directory,'/');
1354 if ((p != NULL) && (*directory != '/')) {
1356 directory = talloc_strndup(ctx, directory,
1357 PTR_DIFF(p, directory));
1360 directory = talloc_strdup(ctx,".");
1364 reply_nterror(req, NT_STATUS_NO_MEMORY);
1365 END_PROFILE(SMBsearch);
1369 memset((char *)status,'\0',21);
1370 SCVAL(status,0,(dirtype & 0x1F));
1372 nt_status = dptr_create(conn,
1378 mask_contains_wcard,
1381 if (!NT_STATUS_IS_OK(nt_status)) {
1382 reply_nterror(req, nt_status);
1383 END_PROFILE(SMBsearch);
1386 dptr_num = dptr_dnum(conn->dirptr);
1390 memcpy(status,p,21);
1391 status_dirtype = CVAL(status,0) & 0x1F;
1392 if (status_dirtype != (dirtype & 0x1F)) {
1393 dirtype = status_dirtype;
1396 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1397 if (!conn->dirptr) {
1400 string_set(&conn->dirpath,dptr_path(dptr_num));
1401 mask = dptr_wcard(dptr_num);
1406 * For a 'continue' search we have no string. So
1407 * check from the initial saved string.
1409 mask_contains_wcard = ms_has_wild(mask);
1410 dirtype = dptr_attr(dptr_num);
1413 DEBUG(4,("dptr_num is %d\n",dptr_num));
1415 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1416 dptr_init_search_op(conn->dirptr);
1418 if ((dirtype&0x1F) == aVOLID) {
1419 char buf[DIR_STRUCT_SIZE];
1420 memcpy(buf,status,21);
1421 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1422 0,aVOLID,0,!allow_long_path_components)) {
1423 reply_nterror(req, NT_STATUS_NO_MEMORY);
1424 END_PROFILE(SMBsearch);
1427 dptr_fill(buf+12,dptr_num);
1428 if (dptr_zero(buf+12) && (status_len==0)) {
1433 if (message_push_blob(&req->outbuf,
1434 data_blob_const(buf, sizeof(buf)))
1436 reply_nterror(req, NT_STATUS_NO_MEMORY);
1437 END_PROFILE(SMBsearch);
1445 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1448 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1449 conn->dirpath,lp_dontdescend(SNUM(conn))));
1450 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1451 check_descend = True;
1454 for (i=numentries;(i<maxentries) && !finished;i++) {
1455 finished = !get_dir_entry(ctx,
1466 char buf[DIR_STRUCT_SIZE];
1467 memcpy(buf,status,21);
1468 if (!make_dir_struct(ctx,
1474 convert_timespec_to_time_t(date),
1475 !allow_long_path_components)) {
1476 reply_nterror(req, NT_STATUS_NO_MEMORY);
1477 END_PROFILE(SMBsearch);
1480 if (!dptr_fill(buf+12,dptr_num)) {
1483 if (message_push_blob(&req->outbuf,
1484 data_blob_const(buf, sizeof(buf)))
1486 reply_nterror(req, NT_STATUS_NO_MEMORY);
1487 END_PROFILE(SMBsearch);
1497 /* If we were called as SMBffirst with smb_search_id == NULL
1498 and no entries were found then return error and close dirptr
1501 if (numentries == 0) {
1502 dptr_close(&dptr_num);
1503 } else if(expect_close && status_len == 0) {
1504 /* Close the dptr - we know it's gone */
1505 dptr_close(&dptr_num);
1508 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1509 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1510 dptr_close(&dptr_num);
1513 if ((numentries == 0) && !mask_contains_wcard) {
1514 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1515 END_PROFILE(SMBsearch);
1519 SSVAL(req->outbuf,smb_vwv0,numentries);
1520 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1521 SCVAL(smb_buf(req->outbuf),0,5);
1522 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1524 /* The replies here are never long name. */
1525 SSVAL(req->outbuf, smb_flg2,
1526 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1527 if (!allow_long_path_components) {
1528 SSVAL(req->outbuf, smb_flg2,
1529 SVAL(req->outbuf, smb_flg2)
1530 & (~FLAGS2_LONG_PATH_COMPONENTS));
1533 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1534 SSVAL(req->outbuf, smb_flg2,
1535 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1538 directory = dptr_path(dptr_num);
1541 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1542 smb_fn_name(req->cmd),
1544 directory ? directory : "./",
1549 END_PROFILE(SMBsearch);
1553 /****************************************************************************
1554 Reply to a fclose (stop directory search).
1555 ****************************************************************************/
1557 void reply_fclose(struct smb_request *req)
1565 bool path_contains_wcard = False;
1566 TALLOC_CTX *ctx = talloc_tos();
1568 START_PROFILE(SMBfclose);
1570 if (lp_posix_pathnames()) {
1571 reply_unknown_new(req, req->cmd);
1572 END_PROFILE(SMBfclose);
1576 p = (const char *)req->buf + 1;
1577 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1578 &err, &path_contains_wcard);
1579 if (!NT_STATUS_IS_OK(err)) {
1580 reply_nterror(req, err);
1581 END_PROFILE(SMBfclose);
1585 status_len = SVAL(p,0);
1588 if (status_len == 0) {
1589 reply_doserror(req, ERRSRV, ERRsrverror);
1590 END_PROFILE(SMBfclose);
1594 memcpy(status,p,21);
1596 if(dptr_fetch(status+12,&dptr_num)) {
1597 /* Close the dptr - we know it's gone */
1598 dptr_close(&dptr_num);
1601 reply_outbuf(req, 1, 0);
1602 SSVAL(req->outbuf,smb_vwv0,0);
1604 DEBUG(3,("search close\n"));
1606 END_PROFILE(SMBfclose);
1610 /****************************************************************************
1612 ****************************************************************************/
1614 void reply_open(struct smb_request *req)
1616 connection_struct *conn = req->conn;
1622 SMB_STRUCT_STAT sbuf;
1629 uint32 create_disposition;
1630 uint32 create_options = 0;
1632 TALLOC_CTX *ctx = talloc_tos();
1634 START_PROFILE(SMBopen);
1636 SET_STAT_INVALID(sbuf);
1639 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1640 END_PROFILE(SMBopen);
1644 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1645 deny_mode = SVAL(req->vwv+0, 0);
1646 dos_attr = SVAL(req->vwv+1, 0);
1648 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1649 STR_TERMINATE, &status);
1650 if (!NT_STATUS_IS_OK(status)) {
1651 reply_nterror(req, status);
1652 END_PROFILE(SMBopen);
1656 if (!map_open_params_to_ntcreate(
1657 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1658 &share_mode, &create_disposition, &create_options)) {
1659 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1660 END_PROFILE(SMBopen);
1664 status = SMB_VFS_CREATE_FILE(
1667 0, /* root_dir_fid */
1669 CFF_DOS_PATH, /* create_file_flags */
1670 access_mask, /* access_mask */
1671 share_mode, /* share_access */
1672 create_disposition, /* create_disposition*/
1673 create_options, /* create_options */
1674 dos_attr, /* file_attributes */
1675 oplock_request, /* oplock_request */
1676 0, /* allocation_size */
1683 if (!NT_STATUS_IS_OK(status)) {
1684 if (open_was_deferred(req->mid)) {
1685 /* We have re-scheduled this call. */
1686 END_PROFILE(SMBopen);
1689 reply_openerror(req, status);
1690 END_PROFILE(SMBopen);
1694 size = sbuf.st_ex_size;
1695 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1696 mtime = convert_timespec_to_time_t(sbuf.st_ex_mtime);
1699 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1700 close_file(req, fsp, ERROR_CLOSE);
1701 reply_doserror(req, ERRDOS,ERRnoaccess);
1702 END_PROFILE(SMBopen);
1706 reply_outbuf(req, 7, 0);
1707 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1708 SSVAL(req->outbuf,smb_vwv1,fattr);
1709 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1710 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1712 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1714 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1715 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1717 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1718 SCVAL(req->outbuf,smb_flg,
1719 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1722 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1723 SCVAL(req->outbuf,smb_flg,
1724 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1726 END_PROFILE(SMBopen);
1730 /****************************************************************************
1731 Reply to an open and X.
1732 ****************************************************************************/
1734 void reply_open_and_X(struct smb_request *req)
1736 connection_struct *conn = req->conn;
1741 /* Breakout the oplock request bits so we can set the
1742 reply bits separately. */
1743 int ex_oplock_request;
1744 int core_oplock_request;
1747 int smb_sattr = SVAL(req->vwv+4, 0);
1748 uint32 smb_time = make_unix_date3(req->vwv+6);
1753 SMB_STRUCT_STAT sbuf;
1757 uint64_t allocation_size;
1758 ssize_t retval = -1;
1761 uint32 create_disposition;
1762 uint32 create_options = 0;
1763 TALLOC_CTX *ctx = talloc_tos();
1765 START_PROFILE(SMBopenX);
1767 if (req->wct < 15) {
1768 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1769 END_PROFILE(SMBopenX);
1773 SET_STAT_INVALID(sbuf);
1775 open_flags = SVAL(req->vwv+2, 0);
1776 deny_mode = SVAL(req->vwv+3, 0);
1777 smb_attr = SVAL(req->vwv+5, 0);
1778 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1779 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1780 oplock_request = ex_oplock_request | core_oplock_request;
1781 smb_ofun = SVAL(req->vwv+8, 0);
1782 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1784 /* If it's an IPC, pass off the pipe handler. */
1786 if (lp_nt_pipe_support()) {
1787 reply_open_pipe_and_X(conn, req);
1789 reply_doserror(req, ERRSRV, ERRaccess);
1791 END_PROFILE(SMBopenX);
1795 /* XXXX we need to handle passed times, sattr and flags */
1796 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1797 STR_TERMINATE, &status);
1798 if (!NT_STATUS_IS_OK(status)) {
1799 reply_nterror(req, status);
1800 END_PROFILE(SMBopenX);
1804 if (!map_open_params_to_ntcreate(
1805 fname, deny_mode, smb_ofun, &access_mask,
1806 &share_mode, &create_disposition, &create_options)) {
1807 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1808 END_PROFILE(SMBopenX);
1812 status = SMB_VFS_CREATE_FILE(
1815 0, /* root_dir_fid */
1817 CFF_DOS_PATH, /* create_file_flags */
1818 access_mask, /* access_mask */
1819 share_mode, /* share_access */
1820 create_disposition, /* create_disposition*/
1821 create_options, /* create_options */
1822 smb_attr, /* file_attributes */
1823 oplock_request, /* oplock_request */
1824 0, /* allocation_size */
1828 &smb_action, /* pinfo */
1831 if (!NT_STATUS_IS_OK(status)) {
1832 END_PROFILE(SMBopenX);
1833 if (open_was_deferred(req->mid)) {
1834 /* We have re-scheduled this call. */
1837 reply_openerror(req, status);
1841 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1842 if the file is truncated or created. */
1843 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1844 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1845 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1846 close_file(req, fsp, ERROR_CLOSE);
1847 reply_nterror(req, NT_STATUS_DISK_FULL);
1848 END_PROFILE(SMBopenX);
1851 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1853 close_file(req, fsp, ERROR_CLOSE);
1854 reply_nterror(req, NT_STATUS_DISK_FULL);
1855 END_PROFILE(SMBopenX);
1858 sbuf.st_ex_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf);
1861 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1862 mtime = convert_timespec_to_time_t(sbuf.st_ex_mtime);
1864 close_file(req, fsp, ERROR_CLOSE);
1865 reply_doserror(req, ERRDOS, ERRnoaccess);
1866 END_PROFILE(SMBopenX);
1870 /* If the caller set the extended oplock request bit
1871 and we granted one (by whatever means) - set the
1872 correct bit for extended oplock reply.
1875 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1876 smb_action |= EXTENDED_OPLOCK_GRANTED;
1879 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1880 smb_action |= EXTENDED_OPLOCK_GRANTED;
1883 /* If the caller set the core oplock request bit
1884 and we granted one (by whatever means) - set the
1885 correct bit for core oplock reply.
1888 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1889 reply_outbuf(req, 19, 0);
1891 reply_outbuf(req, 15, 0);
1894 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1895 SCVAL(req->outbuf, smb_flg,
1896 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1899 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1900 SCVAL(req->outbuf, smb_flg,
1901 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1904 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1905 SSVAL(req->outbuf,smb_vwv3,fattr);
1906 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1907 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1909 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1911 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_ex_size);
1912 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1913 SSVAL(req->outbuf,smb_vwv11,smb_action);
1915 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1916 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1919 END_PROFILE(SMBopenX);
1924 /****************************************************************************
1925 Reply to a SMBulogoffX.
1926 ****************************************************************************/
1928 void reply_ulogoffX(struct smb_request *req)
1932 START_PROFILE(SMBulogoffX);
1934 vuser = get_valid_user_struct(req->vuid);
1937 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1941 /* in user level security we are supposed to close any files
1942 open by this user */
1943 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1944 file_close_user(req->vuid);
1947 invalidate_vuid(req->vuid);
1949 reply_outbuf(req, 2, 0);
1951 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1953 END_PROFILE(SMBulogoffX);
1954 req->vuid = UID_FIELD_INVALID;
1958 /****************************************************************************
1959 Reply to a mknew or a create.
1960 ****************************************************************************/
1962 void reply_mknew(struct smb_request *req)
1964 connection_struct *conn = req->conn;
1967 struct smb_file_time ft;
1969 int oplock_request = 0;
1970 SMB_STRUCT_STAT sbuf;
1972 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1973 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1974 uint32 create_disposition;
1975 uint32 create_options = 0;
1976 TALLOC_CTX *ctx = talloc_tos();
1978 START_PROFILE(SMBcreate);
1980 SET_STAT_INVALID(sbuf);
1983 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1984 END_PROFILE(SMBcreate);
1988 fattr = SVAL(req->vwv+0, 0);
1989 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1992 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1994 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1995 STR_TERMINATE, &status);
1996 if (!NT_STATUS_IS_OK(status)) {
1997 reply_nterror(req, status);
1998 END_PROFILE(SMBcreate);
2002 if (fattr & aVOLID) {
2003 DEBUG(0,("Attempt to create file (%s) with volid set - "
2004 "please report this\n", fname));
2007 if(req->cmd == SMBmknew) {
2008 /* We should fail if file exists. */
2009 create_disposition = FILE_CREATE;
2011 /* Create if file doesn't exist, truncate if it does. */
2012 create_disposition = FILE_OVERWRITE_IF;
2015 status = SMB_VFS_CREATE_FILE(
2018 0, /* root_dir_fid */
2020 CFF_DOS_PATH, /* create_file_flags */
2021 access_mask, /* access_mask */
2022 share_mode, /* share_access */
2023 create_disposition, /* create_disposition*/
2024 create_options, /* create_options */
2025 fattr, /* file_attributes */
2026 oplock_request, /* oplock_request */
2027 0, /* allocation_size */
2034 if (!NT_STATUS_IS_OK(status)) {
2035 END_PROFILE(SMBcreate);
2036 if (open_was_deferred(req->mid)) {
2037 /* We have re-scheduled this call. */
2040 reply_openerror(req, status);
2044 ft.atime = sbuf.st_ex_atime; /* atime. */
2045 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, &ft, true);
2046 if (!NT_STATUS_IS_OK(status)) {
2047 END_PROFILE(SMBcreate);
2048 reply_openerror(req, status);
2052 reply_outbuf(req, 1, 0);
2053 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2055 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2056 SCVAL(req->outbuf,smb_flg,
2057 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2060 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2061 SCVAL(req->outbuf,smb_flg,
2062 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2065 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2066 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2067 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2069 END_PROFILE(SMBcreate);
2073 /****************************************************************************
2074 Reply to a create temporary file.
2075 ****************************************************************************/
2077 void reply_ctemp(struct smb_request *req)
2079 connection_struct *conn = req->conn;
2085 SMB_STRUCT_STAT sbuf;
2088 TALLOC_CTX *ctx = talloc_tos();
2090 START_PROFILE(SMBctemp);
2093 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2094 END_PROFILE(SMBctemp);
2098 fattr = SVAL(req->vwv+0, 0);
2099 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2101 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2102 STR_TERMINATE, &status);
2103 if (!NT_STATUS_IS_OK(status)) {
2104 reply_nterror(req, status);
2105 END_PROFILE(SMBctemp);
2109 fname = talloc_asprintf(ctx,
2113 fname = talloc_strdup(ctx, "TMXXXXXX");
2117 reply_nterror(req, NT_STATUS_NO_MEMORY);
2118 END_PROFILE(SMBctemp);
2122 status = resolve_dfspath(ctx, conn,
2123 req->flags2 & FLAGS2_DFS_PATHNAMES,
2126 if (!NT_STATUS_IS_OK(status)) {
2127 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2128 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2129 ERRSRV, ERRbadpath);
2130 END_PROFILE(SMBctemp);
2133 reply_nterror(req, status);
2134 END_PROFILE(SMBctemp);
2138 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2139 if (!NT_STATUS_IS_OK(status)) {
2140 reply_nterror(req, status);
2141 END_PROFILE(SMBctemp);
2145 status = check_name(conn, fname);
2146 if (!NT_STATUS_IS_OK(status)) {
2147 reply_nterror(req, status);
2148 END_PROFILE(SMBctemp);
2152 tmpfd = smb_mkstemp(fname);
2154 reply_unixerror(req, ERRDOS, ERRnoaccess);
2155 END_PROFILE(SMBctemp);
2159 SET_STAT_INVALID(sbuf);
2160 SMB_VFS_STAT(conn,fname,&sbuf);
2162 /* We should fail if file does not exist. */
2163 status = SMB_VFS_CREATE_FILE(
2166 0, /* root_dir_fid */
2168 0, /* create_file_flags */
2169 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2170 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2171 FILE_OPEN, /* create_disposition*/
2172 0, /* create_options */
2173 fattr, /* file_attributes */
2174 oplock_request, /* oplock_request */
2175 0, /* allocation_size */
2182 /* close fd from smb_mkstemp() */
2185 if (!NT_STATUS_IS_OK(status)) {
2186 if (open_was_deferred(req->mid)) {
2187 /* We have re-scheduled this call. */
2188 END_PROFILE(SMBctemp);
2191 reply_openerror(req, status);
2192 END_PROFILE(SMBctemp);
2196 reply_outbuf(req, 1, 0);
2197 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2199 /* the returned filename is relative to the directory */
2200 s = strrchr_m(fsp->fsp_name, '/');
2208 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2209 thing in the byte section. JRA */
2210 SSVALS(p, 0, -1); /* what is this? not in spec */
2212 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2214 reply_nterror(req, NT_STATUS_NO_MEMORY);
2215 END_PROFILE(SMBctemp);
2219 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2220 SCVAL(req->outbuf, smb_flg,
2221 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2224 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2225 SCVAL(req->outbuf, smb_flg,
2226 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2229 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2230 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2231 fsp->fh->fd, (unsigned int)sbuf.st_ex_mode ) );
2233 END_PROFILE(SMBctemp);
2237 /*******************************************************************
2238 Check if a user is allowed to rename a file.
2239 ********************************************************************/
2241 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2242 uint16 dirtype, SMB_STRUCT_STAT *pst)
2246 if (!CAN_WRITE(conn)) {
2247 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2250 fmode = dos_mode(conn, fsp->fsp_name, pst);
2251 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2252 return NT_STATUS_NO_SUCH_FILE;
2255 if (S_ISDIR(pst->st_ex_mode)) {
2256 if (fsp->posix_open) {
2257 return NT_STATUS_OK;
2260 /* If no pathnames are open below this
2261 directory, allow the rename. */
2263 if (file_find_subpath(fsp)) {
2264 return NT_STATUS_ACCESS_DENIED;
2266 return NT_STATUS_OK;
2269 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2270 return NT_STATUS_OK;
2273 return NT_STATUS_ACCESS_DENIED;
2276 /*******************************************************************
2277 * unlink a file with all relevant access checks
2278 *******************************************************************/
2280 static NTSTATUS do_unlink(connection_struct *conn,
2281 struct smb_request *req,
2285 SMB_STRUCT_STAT sbuf;
2288 uint32 dirtype_orig = dirtype;
2289 bool posix_paths = lp_posix_pathnames();
2293 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2295 if (!CAN_WRITE(conn)) {
2296 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2300 ret = SMB_VFS_LSTAT(conn,fname,&sbuf);
2302 ret = SMB_VFS_STAT(conn,fname,&sbuf);
2305 return map_nt_error_from_unix(errno);
2308 fattr = dos_mode(conn,fname,&sbuf);
2310 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2311 dirtype = aDIR|aARCH|aRONLY;
2314 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2316 return NT_STATUS_NO_SUCH_FILE;
2319 if (!dir_check_ftype(conn, fattr, dirtype)) {
2321 return NT_STATUS_FILE_IS_A_DIRECTORY;
2323 return NT_STATUS_NO_SUCH_FILE;
2326 if (dirtype_orig & 0x8000) {
2327 /* These will never be set for POSIX. */
2328 return NT_STATUS_NO_SUCH_FILE;
2332 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2333 return NT_STATUS_FILE_IS_A_DIRECTORY;
2336 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2337 return NT_STATUS_NO_SUCH_FILE;
2340 if (dirtype & 0xFF00) {
2341 /* These will never be set for POSIX. */
2342 return NT_STATUS_NO_SUCH_FILE;
2347 return NT_STATUS_NO_SUCH_FILE;
2350 /* Can't delete a directory. */
2352 return NT_STATUS_FILE_IS_A_DIRECTORY;
2357 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2358 return NT_STATUS_OBJECT_NAME_INVALID;
2359 #endif /* JRATEST */
2361 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2363 On a Windows share, a file with read-only dosmode can be opened with
2364 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2365 fails with NT_STATUS_CANNOT_DELETE error.
2367 This semantic causes a problem that a user can not
2368 rename a file with read-only dosmode on a Samba share
2369 from a Windows command prompt (i.e. cmd.exe, but can rename
2370 from Windows Explorer).
2373 if (!lp_delete_readonly(SNUM(conn))) {
2374 if (fattr & aRONLY) {
2375 return NT_STATUS_CANNOT_DELETE;
2379 /* On open checks the open itself will check the share mode, so
2380 don't do it here as we'll get it wrong. */
2382 status = SMB_VFS_CREATE_FILE
2385 0, /* root_dir_fid */
2387 0, /* create_file_flags */
2388 DELETE_ACCESS, /* access_mask */
2389 FILE_SHARE_NONE, /* share_access */
2390 FILE_OPEN, /* create_disposition*/
2391 FILE_NON_DIRECTORY_FILE, /* create_options */
2392 /* file_attributes */
2393 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2394 FILE_ATTRIBUTE_NORMAL,
2395 0, /* oplock_request */
2396 0, /* allocation_size */
2403 if (!NT_STATUS_IS_OK(status)) {
2404 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2405 nt_errstr(status)));
2409 /* The set is across all open files on this dev/inode pair. */
2410 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2411 close_file(req, fsp, NORMAL_CLOSE);
2412 return NT_STATUS_ACCESS_DENIED;
2415 return close_file(req, fsp, NORMAL_CLOSE);
2418 /****************************************************************************
2419 The guts of the unlink command, split out so it may be called by the NT SMB
2421 ****************************************************************************/
2423 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2424 uint32 dirtype, const char *name_in, bool has_wild)
2426 const char *directory = NULL;
2431 NTSTATUS status = NT_STATUS_OK;
2432 SMB_STRUCT_STAT sbuf, st;
2433 TALLOC_CTX *ctx = talloc_tos();
2435 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2436 if (!NT_STATUS_IS_OK(status)) {
2440 p = strrchr_m(name,'/');
2442 directory = talloc_strdup(ctx, ".");
2444 return NT_STATUS_NO_MEMORY;
2454 * We should only check the mangled cache
2455 * here if unix_convert failed. This means
2456 * that the path in 'mask' doesn't exist
2457 * on the file system and so we need to look
2458 * for a possible mangle. This patch from
2459 * Tine Smukavec <valentin.smukavec@hermes.si>.
2462 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2463 char *new_mask = NULL;
2464 mangle_lookup_name_from_8_3(ctx,
2474 directory = talloc_asprintf(ctx,
2479 return NT_STATUS_NO_MEMORY;
2482 dirtype = FILE_ATTRIBUTE_NORMAL;
2485 status = check_name(conn, directory);
2486 if (!NT_STATUS_IS_OK(status)) {
2490 status = do_unlink(conn, req, directory, dirtype);
2491 if (!NT_STATUS_IS_OK(status)) {
2497 struct smb_Dir *dir_hnd = NULL;
2501 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2502 return NT_STATUS_OBJECT_NAME_INVALID;
2505 if (strequal(mask,"????????.???")) {
2510 status = check_name(conn, directory);
2511 if (!NT_STATUS_IS_OK(status)) {
2515 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2517 if (dir_hnd == NULL) {
2518 return map_nt_error_from_unix(errno);
2521 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2522 the pattern matches against the long name, otherwise the short name
2523 We don't implement this yet XXXX
2526 status = NT_STATUS_NO_SUCH_FILE;
2528 while ((dname = ReadDirName(dir_hnd, &offset, &st))) {
2531 if (!is_visible_file(conn, directory, dname, &st,
2537 /* Quick check for "." and ".." */
2538 if (ISDOT(dname) || ISDOTDOT(dname)) {
2542 if(!mask_match(dname, mask, conn->case_sensitive)) {
2546 fname = talloc_asprintf(ctx, "%s/%s",
2550 return NT_STATUS_NO_MEMORY;
2553 status = check_name(conn, fname);
2554 if (!NT_STATUS_IS_OK(status)) {
2555 TALLOC_FREE(dir_hnd);
2559 status = do_unlink(conn, req, fname, dirtype);
2560 if (!NT_STATUS_IS_OK(status)) {
2566 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2571 TALLOC_FREE(dir_hnd);
2574 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2575 status = map_nt_error_from_unix(errno);
2581 /****************************************************************************
2583 ****************************************************************************/
2585 void reply_unlink(struct smb_request *req)
2587 connection_struct *conn = req->conn;
2591 bool path_contains_wcard = False;
2592 TALLOC_CTX *ctx = talloc_tos();
2594 START_PROFILE(SMBunlink);
2597 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2598 END_PROFILE(SMBunlink);
2602 dirtype = SVAL(req->vwv+0, 0);
2604 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2605 STR_TERMINATE, &status,
2606 &path_contains_wcard);
2607 if (!NT_STATUS_IS_OK(status)) {
2608 reply_nterror(req, status);
2609 END_PROFILE(SMBunlink);
2613 status = resolve_dfspath_wcard(ctx, conn,
2614 req->flags2 & FLAGS2_DFS_PATHNAMES,
2617 &path_contains_wcard);
2618 if (!NT_STATUS_IS_OK(status)) {
2619 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2620 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2621 ERRSRV, ERRbadpath);
2622 END_PROFILE(SMBunlink);
2625 reply_nterror(req, status);
2626 END_PROFILE(SMBunlink);
2630 DEBUG(3,("reply_unlink : %s\n",name));
2632 status = unlink_internals(conn, req, dirtype, name,
2633 path_contains_wcard);
2634 if (!NT_STATUS_IS_OK(status)) {
2635 if (open_was_deferred(req->mid)) {
2636 /* We have re-scheduled this call. */
2637 END_PROFILE(SMBunlink);
2640 reply_nterror(req, status);
2641 END_PROFILE(SMBunlink);
2645 reply_outbuf(req, 0, 0);
2646 END_PROFILE(SMBunlink);
2651 /****************************************************************************
2653 ****************************************************************************/
2655 static void fail_readraw(void)
2657 const char *errstr = talloc_asprintf(talloc_tos(),
2658 "FAIL ! reply_readbraw: socket write fail (%s)",
2663 exit_server_cleanly(errstr);
2666 /****************************************************************************
2667 Fake (read/write) sendfile. Returns -1 on read or write fail.
2668 ****************************************************************************/
2670 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2674 size_t tosend = nread;
2681 bufsize = MIN(nread, 65536);
2683 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2687 while (tosend > 0) {
2691 if (tosend > bufsize) {
2696 ret = read_file(fsp,buf,startpos,cur_read);
2702 /* If we had a short read, fill with zeros. */
2703 if (ret < cur_read) {
2704 memset(buf + ret, '\0', cur_read - ret);
2707 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2712 startpos += cur_read;
2716 return (ssize_t)nread;
2719 #if defined(WITH_SENDFILE)
2720 /****************************************************************************
2721 Deal with the case of sendfile reading less bytes from the file than
2722 requested. Fill with zeros (all we can do).
2723 ****************************************************************************/
2725 static void sendfile_short_send(files_struct *fsp,
2730 #define SHORT_SEND_BUFSIZE 1024
2731 if (nread < headersize) {
2732 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2733 "header for file %s (%s). Terminating\n",
2734 fsp->fsp_name, strerror(errno) ));
2735 exit_server_cleanly("sendfile_short_send failed");
2738 nread -= headersize;
2740 if (nread < smb_maxcnt) {
2741 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2743 exit_server_cleanly("sendfile_short_send: "
2747 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2748 "with zeros !\n", fsp->fsp_name));
2750 while (nread < smb_maxcnt) {
2752 * We asked for the real file size and told sendfile
2753 * to not go beyond the end of the file. But it can
2754 * happen that in between our fstat call and the
2755 * sendfile call the file was truncated. This is very
2756 * bad because we have already announced the larger
2757 * number of bytes to the client.
2759 * The best we can do now is to send 0-bytes, just as
2760 * a read from a hole in a sparse file would do.
2762 * This should happen rarely enough that I don't care
2763 * about efficiency here :-)
2767 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2768 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2769 exit_server_cleanly("sendfile_short_send: "
2770 "write_data failed");
2777 #endif /* defined WITH_SENDFILE */
2779 /****************************************************************************
2780 Return a readbraw error (4 bytes of zero).
2781 ****************************************************************************/
2783 static void reply_readbraw_error(void)
2790 ok = smbd_lock_socket(smbd_server_conn);
2792 exit_server_cleanly("failed to lock socket");
2794 if (write_data(smbd_server_fd(),header,4) != 4) {
2797 ok = smbd_unlock_socket(smbd_server_conn);
2799 exit_server_cleanly("failed to unlock socket");
2803 /****************************************************************************
2804 Use sendfile in readbraw.
2805 ****************************************************************************/
2807 static void send_file_readbraw(connection_struct *conn,
2808 struct smb_request *req,
2814 char *outbuf = NULL;
2817 #if defined(WITH_SENDFILE)
2819 * We can only use sendfile on a non-chained packet
2820 * but we can use on a non-oplocked file. tridge proved this
2821 * on a train in Germany :-). JRA.
2822 * reply_readbraw has already checked the length.
2825 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2826 (fsp->wcp == NULL) &&
2827 lp_use_sendfile(SNUM(conn), smbd_server_conn->signing_state) ) {
2828 ssize_t sendfile_read = -1;
2830 DATA_BLOB header_blob;
2832 _smb_setlen(header,nread);
2833 header_blob = data_blob_const(header, 4);
2835 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2836 &header_blob, startpos, nread)) == -1) {
2837 /* Returning ENOSYS means no data at all was sent.
2838 * Do this as a normal read. */
2839 if (errno == ENOSYS) {
2840 goto normal_readbraw;
2844 * Special hack for broken Linux with no working sendfile. If we
2845 * return EINTR we sent the header but not the rest of the data.
2846 * Fake this up by doing read/write calls.
2848 if (errno == EINTR) {
2849 /* Ensure we don't do this again. */
2850 set_use_sendfile(SNUM(conn), False);
2851 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2853 if (fake_sendfile(fsp, startpos, nread) == -1) {
2854 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2855 fsp->fsp_name, strerror(errno) ));
2856 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2861 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2862 fsp->fsp_name, strerror(errno) ));
2863 exit_server_cleanly("send_file_readbraw sendfile failed");
2864 } else if (sendfile_read == 0) {
2866 * Some sendfile implementations return 0 to indicate
2867 * that there was a short read, but nothing was
2868 * actually written to the socket. In this case,
2869 * fallback to the normal read path so the header gets
2870 * the correct byte count.
2872 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2873 "bytes falling back to the normal read: "
2874 "%s\n", fsp->fsp_name));
2875 goto normal_readbraw;
2878 /* Deal with possible short send. */
2879 if (sendfile_read != 4+nread) {
2880 sendfile_short_send(fsp, sendfile_read, 4, nread);
2888 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2890 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2891 (unsigned)(nread+4)));
2892 reply_readbraw_error();
2897 ret = read_file(fsp,outbuf+4,startpos,nread);
2898 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2907 _smb_setlen(outbuf,ret);
2908 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2911 TALLOC_FREE(outbuf);
2914 /****************************************************************************
2915 Reply to a readbraw (core+ protocol).
2916 ****************************************************************************/
2918 void reply_readbraw(struct smb_request *req)
2920 connection_struct *conn = req->conn;
2921 ssize_t maxcount,mincount;
2925 struct lock_struct lock;
2929 START_PROFILE(SMBreadbraw);
2931 if (srv_is_signing_active(smbd_server_conn) ||
2932 is_encrypted_packet(req->inbuf)) {
2933 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2934 "raw reads/writes are disallowed.");
2938 reply_readbraw_error();
2939 END_PROFILE(SMBreadbraw);
2944 * Special check if an oplock break has been issued
2945 * and the readraw request croses on the wire, we must
2946 * return a zero length response here.
2949 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2952 * We have to do a check_fsp by hand here, as
2953 * we must always return 4 zero bytes on error,
2957 if (!fsp || !conn || conn != fsp->conn ||
2958 req->vuid != fsp->vuid ||
2959 fsp->is_directory || fsp->fh->fd == -1) {
2961 * fsp could be NULL here so use the value from the packet. JRA.
2963 DEBUG(3,("reply_readbraw: fnum %d not valid "
2965 (int)SVAL(req->vwv+0, 0)));
2966 reply_readbraw_error();
2967 END_PROFILE(SMBreadbraw);
2971 /* Do a "by hand" version of CHECK_READ. */
2972 if (!(fsp->can_read ||
2973 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2974 (fsp->access_mask & FILE_EXECUTE)))) {
2975 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2976 (int)SVAL(req->vwv+0, 0)));
2977 reply_readbraw_error();
2978 END_PROFILE(SMBreadbraw);
2982 flush_write_cache(fsp, READRAW_FLUSH);
2984 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2985 if(req->wct == 10) {
2987 * This is a large offset (64 bit) read.
2989 #ifdef LARGE_SMB_OFF_T
2991 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2993 #else /* !LARGE_SMB_OFF_T */
2996 * Ensure we haven't been sent a >32 bit offset.
2999 if(IVAL(req->vwv+8, 0) != 0) {
3000 DEBUG(0,("reply_readbraw: large offset "
3001 "(%x << 32) used and we don't support "
3002 "64 bit offsets.\n",
3003 (unsigned int)IVAL(req->vwv+8, 0) ));
3004 reply_readbraw_error();
3005 END_PROFILE(SMBreadbraw);
3009 #endif /* LARGE_SMB_OFF_T */
3012 DEBUG(0,("reply_readbraw: negative 64 bit "
3013 "readraw offset (%.0f) !\n",
3014 (double)startpos ));
3015 reply_readbraw_error();
3016 END_PROFILE(SMBreadbraw);
3021 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3022 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3024 /* ensure we don't overrun the packet size */
3025 maxcount = MIN(65535,maxcount);
3027 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3028 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3031 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3032 reply_readbraw_error();
3033 END_PROFILE(SMBreadbraw);
3037 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
3038 size = st.st_ex_size;
3041 if (startpos >= size) {
3044 nread = MIN(maxcount,(size - startpos));
3047 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3048 if (nread < mincount)
3052 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3053 "min=%lu nread=%lu\n",
3054 fsp->fnum, (double)startpos,
3055 (unsigned long)maxcount,
3056 (unsigned long)mincount,
3057 (unsigned long)nread ) );
3059 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3061 DEBUG(5,("reply_readbraw finished\n"));
3063 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3065 END_PROFILE(SMBreadbraw);
3070 #define DBGC_CLASS DBGC_LOCKING
3072 /****************************************************************************
3073 Reply to a lockread (core+ protocol).
3074 ****************************************************************************/
3076 void reply_lockread(struct smb_request *req)
3078 connection_struct *conn = req->conn;
3085 struct byte_range_lock *br_lck = NULL;
3088 START_PROFILE(SMBlockread);
3091 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3092 END_PROFILE(SMBlockread);
3096 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3098 if (!check_fsp(conn, req, fsp)) {
3099 END_PROFILE(SMBlockread);
3103 if (!CHECK_READ(fsp,req)) {
3104 reply_doserror(req, ERRDOS, ERRbadaccess);
3105 END_PROFILE(SMBlockread);
3109 numtoread = SVAL(req->vwv+1, 0);
3110 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3112 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3114 reply_outbuf(req, 5, numtoread + 3);
3116 data = smb_buf(req->outbuf) + 3;
3119 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3120 * protocol request that predates the read/write lock concept.
3121 * Thus instead of asking for a read lock here we need to ask
3122 * for a write lock. JRA.
3123 * Note that the requested lock size is unaffected by max_recv.
3126 br_lck = do_lock(smbd_messaging_context(),
3129 (uint64_t)numtoread,
3133 False, /* Non-blocking lock. */
3137 TALLOC_FREE(br_lck);
3139 if (NT_STATUS_V(status)) {
3140 reply_nterror(req, status);
3141 END_PROFILE(SMBlockread);
3146 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3149 if (numtoread > max_recv) {
3150 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3151 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3152 (unsigned int)numtoread, (unsigned int)max_recv ));
3153 numtoread = MIN(numtoread,max_recv);
3155 nread = read_file(fsp,data,startpos,numtoread);
3158 reply_unixerror(req, ERRDOS, ERRnoaccess);
3159 END_PROFILE(SMBlockread);
3163 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3165 SSVAL(req->outbuf,smb_vwv0,nread);
3166 SSVAL(req->outbuf,smb_vwv5,nread+3);
3167 p = smb_buf(req->outbuf);
3168 SCVAL(p,0,0); /* pad byte. */
3171 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3172 fsp->fnum, (int)numtoread, (int)nread));
3174 END_PROFILE(SMBlockread);
3179 #define DBGC_CLASS DBGC_ALL
3181 /****************************************************************************
3183 ****************************************************************************/
3185 void reply_read(struct smb_request *req)
3187 connection_struct *conn = req->conn;
3194 struct lock_struct lock;
3196 START_PROFILE(SMBread);
3199 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3200 END_PROFILE(SMBread);
3204 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3206 if (!check_fsp(conn, req, fsp)) {
3207 END_PROFILE(SMBread);
3211 if (!CHECK_READ(fsp,req)) {
3212 reply_doserror(req, ERRDOS, ERRbadaccess);
3213 END_PROFILE(SMBread);
3217 numtoread = SVAL(req->vwv+1, 0);
3218 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3220 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3223 * The requested read size cannot be greater than max_recv. JRA.
3225 if (numtoread > max_recv) {
3226 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3227 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3228 (unsigned int)numtoread, (unsigned int)max_recv ));
3229 numtoread = MIN(numtoread,max_recv);
3232 reply_outbuf(req, 5, numtoread+3);
3234 data = smb_buf(req->outbuf) + 3;
3236 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3237 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3240 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3241 reply_doserror(req, ERRDOS,ERRlock);
3242 END_PROFILE(SMBread);
3247 nread = read_file(fsp,data,startpos,numtoread);
3250 reply_unixerror(req, ERRDOS,ERRnoaccess);
3254 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3256 SSVAL(req->outbuf,smb_vwv0,nread);
3257 SSVAL(req->outbuf,smb_vwv5,nread+3);
3258 SCVAL(smb_buf(req->outbuf),0,1);
3259 SSVAL(smb_buf(req->outbuf),1,nread);
3261 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3262 fsp->fnum, (int)numtoread, (int)nread ) );
3265 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3267 END_PROFILE(SMBread);
3271 /****************************************************************************
3273 ****************************************************************************/
3275 static int setup_readX_header(struct smb_request *req, char *outbuf,
3281 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3282 data = smb_buf(outbuf);
3284 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3286 SCVAL(outbuf,smb_vwv0,0xFF);
3287 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3288 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3289 SSVAL(outbuf,smb_vwv6,
3291 + 1 /* the wct field */
3292 + 12 * sizeof(uint16_t) /* vwv */
3293 + 2); /* the buflen field */
3294 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3295 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3296 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3297 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3301 /****************************************************************************
3302 Reply to a read and X - possibly using sendfile.
3303 ****************************************************************************/
3305 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3306 files_struct *fsp, SMB_OFF_T startpos,
3309 SMB_STRUCT_STAT sbuf;
3311 struct lock_struct lock;
3313 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3314 reply_unixerror(req, ERRDOS, ERRnoaccess);
3318 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3319 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3322 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3323 reply_doserror(req, ERRDOS, ERRlock);
3327 if (!S_ISREG(sbuf.st_ex_mode) || (startpos > sbuf.st_ex_size)
3328 || (smb_maxcnt > (sbuf.st_ex_size - startpos))) {
3330 * We already know that we would do a short read, so don't
3331 * try the sendfile() path.
3333 goto nosendfile_read;
3336 if (smbd_server_conn->smb1.echo_handler.trusted_fde) {
3337 goto nosendfile_read;
3340 #if defined(WITH_SENDFILE)
3342 * We can only use sendfile on a non-chained packet
3343 * but we can use on a non-oplocked file. tridge proved this
3344 * on a train in Germany :-). JRA.
3347 if (!req_is_in_chain(req) &&
3348 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3349 (fsp->wcp == NULL) &&
3350 lp_use_sendfile(SNUM(conn), smbd_server_conn->signing_state) ) {
3351 uint8 headerbuf[smb_size + 12 * 2];
3355 * Set up the packet header before send. We
3356 * assume here the sendfile will work (get the
3357 * correct amount of data).
3360 header = data_blob_const(headerbuf, sizeof(headerbuf));
3362 construct_reply_common_req(req, (char *)headerbuf);
3363 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3365 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3366 /* Returning ENOSYS means no data at all was sent.
3367 Do this as a normal read. */
3368 if (errno == ENOSYS) {
3373 * Special hack for broken Linux with no working sendfile. If we
3374 * return EINTR we sent the header but not the rest of the data.
3375 * Fake this up by doing read/write calls.
3378 if (errno == EINTR) {
3379 /* Ensure we don't do this again. */
3380 set_use_sendfile(SNUM(conn), False);
3381 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3382 nread = fake_sendfile(fsp, startpos,
3385 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3386 fsp->fsp_name, strerror(errno) ));
3387 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3389 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3390 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3391 /* No outbuf here means successful sendfile. */
3395 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3396 fsp->fsp_name, strerror(errno) ));
3397 exit_server_cleanly("send_file_readX sendfile failed");
3398 } else if (nread == 0) {
3400 * Some sendfile implementations return 0 to indicate
3401 * that there was a short read, but nothing was
3402 * actually written to the socket. In this case,
3403 * fallback to the normal read path so the header gets
3404 * the correct byte count.
3406 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3407 "falling back to the normal read: %s\n",
3412 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3413 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3415 /* Deal with possible short send. */
3416 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3417 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3419 /* No outbuf here means successful sendfile. */
3420 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3421 SMB_PERFCOUNT_END(&req->pcd);
3429 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3430 uint8 headerbuf[smb_size + 2*12];
3432 construct_reply_common_req(req, (char *)headerbuf);
3433 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3435 /* Send out the header. */
3436 if (write_data(smbd_server_fd(), (char *)headerbuf,
3437 sizeof(headerbuf)) != sizeof(headerbuf)) {
3438 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3439 fsp->fsp_name, strerror(errno) ));
3440 exit_server_cleanly("send_file_readX sendfile failed");
3442 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3444 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3445 fsp->fsp_name, strerror(errno) ));
3446 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3453 reply_outbuf(req, 12, smb_maxcnt);
3455 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3457 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3460 reply_unixerror(req, ERRDOS, ERRnoaccess);
3464 setup_readX_header(req, (char *)req->outbuf, nread);
3466 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3467 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3473 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3474 TALLOC_FREE(req->outbuf);
3478 /****************************************************************************
3479 Reply to a read and X.
3480 ****************************************************************************/
3482 void reply_read_and_X(struct smb_request *req)
3484 connection_struct *conn = req->conn;
3488 bool big_readX = False;
3490 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3493 START_PROFILE(SMBreadX);
3495 if ((req->wct != 10) && (req->wct != 12)) {
3496 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3500 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3501 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3502 smb_maxcnt = SVAL(req->vwv+5, 0);
3504 /* If it's an IPC, pass off the pipe handler. */
3506 reply_pipe_read_and_X(req);
3507 END_PROFILE(SMBreadX);
3511 if (!check_fsp(conn, req, fsp)) {
3512 END_PROFILE(SMBreadX);
3516 if (!CHECK_READ(fsp,req)) {
3517 reply_doserror(req, ERRDOS,ERRbadaccess);
3518 END_PROFILE(SMBreadX);
3522 if (global_client_caps & CAP_LARGE_READX) {
3523 size_t upper_size = SVAL(req->vwv+7, 0);
3524 smb_maxcnt |= (upper_size<<16);
3525 if (upper_size > 1) {
3526 /* Can't do this on a chained packet. */
3527 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3528 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3529 END_PROFILE(SMBreadX);
3532 /* We currently don't do this on signed or sealed data. */
3533 if (srv_is_signing_active(smbd_server_conn) ||
3534 is_encrypted_packet(req->inbuf)) {
3535 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3536 END_PROFILE(SMBreadX);
3539 /* Is there room in the reply for this data ? */
3540 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3542 NT_STATUS_INVALID_PARAMETER);
3543 END_PROFILE(SMBreadX);
3550 if (req->wct == 12) {
3551 #ifdef LARGE_SMB_OFF_T
3553 * This is a large offset (64 bit) read.
3555 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3557 #else /* !LARGE_SMB_OFF_T */
3560 * Ensure we haven't been sent a >32 bit offset.
3563 if(IVAL(req->vwv+10, 0) != 0) {
3564 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3565 "used and we don't support 64 bit offsets.\n",
3566 (unsigned int)IVAL(req->vwv+10, 0) ));
3567 END_PROFILE(SMBreadX);
3568 reply_doserror(req, ERRDOS, ERRbadaccess);
3572 #endif /* LARGE_SMB_OFF_T */
3577 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3581 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3584 END_PROFILE(SMBreadX);
3588 /****************************************************************************
3589 Error replies to writebraw must have smb_wct == 1. Fix this up.
3590 ****************************************************************************/
3592 void error_to_writebrawerr(struct smb_request *req)
3594 uint8 *old_outbuf = req->outbuf;
3596 reply_outbuf(req, 1, 0);
3598 memcpy(req->outbuf, old_outbuf, smb_size);
3599 TALLOC_FREE(old_outbuf);
3602 /****************************************************************************
3603 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3604 ****************************************************************************/
3606 void reply_writebraw(struct smb_request *req)
3608 connection_struct *conn = req->conn;
3611 ssize_t total_written=0;
3612 size_t numtowrite=0;
3618 struct lock_struct lock;
3621 START_PROFILE(SMBwritebraw);
3624 * If we ever reply with an error, it must have the SMB command
3625 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3628 SCVAL(req->inbuf,smb_com,SMBwritec);
3630 if (srv_is_signing_active(smbd_server_conn)) {
3631 END_PROFILE(SMBwritebraw);
3632 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3633 "raw reads/writes are disallowed.");
3636 if (req->wct < 12) {
3637 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3638 error_to_writebrawerr(req);
3639 END_PROFILE(SMBwritebraw);
3643 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3644 if (!check_fsp(conn, req, fsp)) {
3645 error_to_writebrawerr(req);
3646 END_PROFILE(SMBwritebraw);
3650 if (!CHECK_WRITE(fsp)) {
3651 reply_doserror(req, ERRDOS, ERRbadaccess);
3652 error_to_writebrawerr(req);
3653 END_PROFILE(SMBwritebraw);
3657 tcount = IVAL(req->vwv+1, 0);
3658 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3659 write_through = BITSETW(req->vwv+7,0);
3661 /* We have to deal with slightly different formats depending
3662 on whether we are using the core+ or lanman1.0 protocol */
3664 if(Protocol <= PROTOCOL_COREPLUS) {
3665 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3666 data = smb_buf(req->inbuf);
3668 numtowrite = SVAL(req->vwv+10, 0);
3669 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3672 /* Ensure we don't write bytes past the end of this packet. */
3673 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3674 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3675 error_to_writebrawerr(req);
3676 END_PROFILE(SMBwritebraw);
3680 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3681 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3684 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3685 reply_doserror(req, ERRDOS, ERRlock);
3686 error_to_writebrawerr(req);
3687 END_PROFILE(SMBwritebraw);
3692 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3695 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3696 "wrote=%d sync=%d\n",
3697 fsp->fnum, (double)startpos, (int)numtowrite,
3698 (int)nwritten, (int)write_through));
3700 if (nwritten < (ssize_t)numtowrite) {
3701 reply_unixerror(req, ERRHRD, ERRdiskfull);
3702 error_to_writebrawerr(req);
3706 total_written = nwritten;
3708 /* Allocate a buffer of 64k + length. */
3709 buf = TALLOC_ARRAY(NULL, char, 65540);
3711 reply_doserror(req, ERRDOS, ERRnomem);
3712 error_to_writebrawerr(req);
3716 /* Return a SMBwritebraw message to the redirector to tell
3717 * it to send more bytes */
3719 memcpy(buf, req->inbuf, smb_size);
3720 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3721 SCVAL(buf,smb_com,SMBwritebraw);
3722 SSVALS(buf,smb_vwv0,0xFFFF);
3724 if (!srv_send_smb(smbd_server_fd(),
3726 false, 0, /* no signing */
3727 IS_CONN_ENCRYPTED(conn),
3729 exit_server_cleanly("reply_writebraw: srv_send_smb "
3733 /* Now read the raw data into the buffer and write it */
3734 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3736 if (!NT_STATUS_IS_OK(status)) {
3737 exit_server_cleanly("secondary writebraw failed");
3740 /* Set up outbuf to return the correct size */
3741 reply_outbuf(req, 1, 0);
3743 if (numtowrite != 0) {
3745 if (numtowrite > 0xFFFF) {
3746 DEBUG(0,("reply_writebraw: Oversize secondary write "
3747 "raw requested (%u). Terminating\n",
3748 (unsigned int)numtowrite ));
3749 exit_server_cleanly("secondary writebraw failed");
3752 if (tcount > nwritten+numtowrite) {
3753 DEBUG(3,("reply_writebraw: Client overestimated the "
3755 (int)tcount,(int)nwritten,(int)numtowrite));
3758 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3760 if (!NT_STATUS_IS_OK(status)) {
3761 DEBUG(0,("reply_writebraw: Oversize secondary write "
3762 "raw read failed (%s). Terminating\n",
3763 nt_errstr(status)));
3764 exit_server_cleanly("secondary writebraw failed");
3767 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3768 if (nwritten == -1) {
3770 reply_unixerror(req, ERRHRD, ERRdiskfull);
3771 error_to_writebrawerr(req);
3775 if (nwritten < (ssize_t)numtowrite) {
3776 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3777 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3781 total_written += nwritten;
3786 SSVAL(req->outbuf,smb_vwv0,total_written);
3788 status = sync_file(conn, fsp, write_through);
3789 if (!NT_STATUS_IS_OK(status)) {
3790 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3791 fsp->fsp_name, nt_errstr(status) ));
3792 reply_nterror(req, status);
3793 error_to_writebrawerr(req);
3797 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3799 fsp->fnum, (double)startpos, (int)numtowrite,
3800 (int)total_written));
3802 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3804 /* We won't return a status if write through is not selected - this
3805 * follows what WfWg does */
3806 END_PROFILE(SMBwritebraw);
3808 if (!write_through && total_written==tcount) {
3810 #if RABBIT_PELLET_FIX
3812 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3813 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3816 if (!send_keepalive(smbd_server_fd())) {
3817 exit_server_cleanly("reply_writebraw: send of "
3818 "keepalive failed");
3821 TALLOC_FREE(req->outbuf);
3826 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3828 END_PROFILE(SMBwritebraw);
3833 #define DBGC_CLASS DBGC_LOCKING
3835 /****************************************************************************
3836 Reply to a writeunlock (core+).
3837 ****************************************************************************/
3839 void reply_writeunlock(struct smb_request *req)
3841 connection_struct *conn = req->conn;
3842 ssize_t nwritten = -1;
3846 NTSTATUS status = NT_STATUS_OK;
3848 struct lock_struct lock;
3850 START_PROFILE(SMBwriteunlock);
3853 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3854 END_PROFILE(SMBwriteunlock);
3858 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3860 if (!check_fsp(conn, req, fsp)) {
3861 END_PROFILE(SMBwriteunlock);
3865 if (!CHECK_WRITE(fsp)) {
3866 reply_doserror(req, ERRDOS,ERRbadaccess);
3867 END_PROFILE(SMBwriteunlock);
3871 numtowrite = SVAL(req->vwv+1, 0);
3872 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3873 data = (const char *)req->buf + 3;
3876 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3877 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3880 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3881 reply_doserror(req, ERRDOS, ERRlock);
3882 END_PROFILE(SMBwriteunlock);
3887 /* The special X/Open SMB protocol handling of
3888 zero length writes is *NOT* done for
3890 if(numtowrite == 0) {
3893 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3896 status = sync_file(conn, fsp, False /* write through */);
3897 if (!NT_STATUS_IS_OK(status)) {
3898 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3899 fsp->fsp_name, nt_errstr(status) ));
3900 reply_nterror(req, status);
3904 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3905 reply_unixerror(req, ERRHRD, ERRdiskfull);
3910 status = do_unlock(smbd_messaging_context(),
3913 (uint64_t)numtowrite,
3917 if (NT_STATUS_V(status)) {
3918 reply_nterror(req, status);
3923 reply_outbuf(req, 1, 0);
3925 SSVAL(req->outbuf,smb_vwv0,nwritten);
3927 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3928 fsp->fnum, (int)numtowrite, (int)nwritten));
3932 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3935 END_PROFILE(SMBwriteunlock);
3940 #define DBGC_CLASS DBGC_ALL
3942 /****************************************************************************
3944 ****************************************************************************/
3946 void reply_write(struct smb_request *req)
3948 connection_struct *conn = req->conn;
3950 ssize_t nwritten = -1;
3954 struct lock_struct lock;
3957 START_PROFILE(SMBwrite);
3960 END_PROFILE(SMBwrite);
3961 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3965 /* If it's an IPC, pass off the pipe handler. */
3967 reply_pipe_write(req);
3968 END_PROFILE(SMBwrite);
3972 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3974 if (!check_fsp(conn, req, fsp)) {
3975 END_PROFILE(SMBwrite);
3979 if (!CHECK_WRITE(fsp)) {
3980 reply_doserror(req, ERRDOS, ERRbadaccess);
3981 END_PROFILE(SMBwrite);
3985 numtowrite = SVAL(req->vwv+1, 0);
3986 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3987 data = (const char *)req->buf + 3;
3989 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3990 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3993 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3994 reply_doserror(req, ERRDOS, ERRlock);
3995 END_PROFILE(SMBwrite);
4000 * X/Open SMB protocol says that if smb_vwv1 is
4001 * zero then the file size should be extended or
4002 * truncated to the size given in smb_vwv[2-3].
4005 if(numtowrite == 0) {
4007 * This is actually an allocate call, and set EOF. JRA.
4009 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4011 reply_nterror(req, NT_STATUS_DISK_FULL);
4014 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4016 reply_nterror(req, NT_STATUS_DISK_FULL);
4019 trigger_write_time_update_immediate(fsp);
4021 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4024 status = sync_file(conn, fsp, False);
4025 if (!NT_STATUS_IS_OK(status)) {
4026 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4027 fsp->fsp_name, nt_errstr(status) ));
4028 reply_nterror(req, status);
4032 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4033 reply_unixerror(req, ERRHRD, ERRdiskfull);
4037 reply_outbuf(req, 1, 0);
4039 SSVAL(req->outbuf,smb_vwv0,nwritten);
4041 if (nwritten < (ssize_t)numtowrite) {
4042 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4043 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4046 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4049 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4051 END_PROFILE(SMBwrite);
4055 /****************************************************************************
4056 Ensure a buffer is a valid writeX for recvfile purposes.
4057 ****************************************************************************/
4059 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4060 (2*14) + /* word count (including bcc) */ \
4063 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4066 connection_struct *conn = NULL;
4067 unsigned int doff = 0;
4068 size_t len = smb_len_large(inbuf);
4070 if (is_encrypted_packet(inbuf)) {
4071 /* Can't do this on encrypted
4076 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4080 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4081 CVAL(inbuf,smb_wct) != 14) {
4082 DEBUG(10,("is_valid_writeX_buffer: chained or "
4083 "invalid word length.\n"));
4087 conn = conn_find(SVAL(inbuf, smb_tid));
4089 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4093 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4096 if (IS_PRINT(conn)) {
4097 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4100 doff = SVAL(inbuf,smb_vwv11);
4102 numtowrite = SVAL(inbuf,smb_vwv10);
4104 if (len > doff && len - doff > 0xFFFF) {
4105 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4108 if (numtowrite == 0) {
4109 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4113 /* Ensure the sizes match up. */
4114 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4115 /* no pad byte...old smbclient :-( */
4116 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4118 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4122 if (len - doff != numtowrite) {
4123 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4124 "len = %u, doff = %u, numtowrite = %u\n",
4127 (unsigned int)numtowrite ));
4131 DEBUG(10,("is_valid_writeX_buffer: true "
4132 "len = %u, doff = %u, numtowrite = %u\n",
4135 (unsigned int)numtowrite ));
4140 /****************************************************************************
4141 Reply to a write and X.
4142 ****************************************************************************/
4144 void reply_write_and_X(struct smb_request *req)
4146 connection_struct *conn = req->conn;
4148 struct lock_struct lock;
4153 unsigned int smb_doff;
4154 unsigned int smblen;
4158 START_PROFILE(SMBwriteX);
4160 if ((req->wct != 12) && (req->wct != 14)) {
4161 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4162 END_PROFILE(SMBwriteX);
4166 numtowrite = SVAL(req->vwv+10, 0);
4167 smb_doff = SVAL(req->vwv+11, 0);
4168 smblen = smb_len(req->inbuf);
4170 if (req->unread_bytes > 0xFFFF ||
4171 (smblen > smb_doff &&
4172 smblen - smb_doff > 0xFFFF)) {
4173 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4176 if (req->unread_bytes) {
4177 /* Can't do a recvfile write on IPC$ */
4179 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4180 END_PROFILE(SMBwriteX);
4183 if (numtowrite != req->unread_bytes) {
4184 reply_doserror(req, ERRDOS, ERRbadmem);
4185 END_PROFILE(SMBwriteX);
4189 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4190 smb_doff + numtowrite > smblen) {
4191 reply_doserror(req, ERRDOS, ERRbadmem);
4192 END_PROFILE(SMBwriteX);
4197 /* If it's an IPC, pass off the pipe handler. */
4199 if (req->unread_bytes) {
4200 reply_doserror(req, ERRDOS, ERRbadmem);
4201 END_PROFILE(SMBwriteX);
4204 reply_pipe_write_and_X(req);
4205 END_PROFILE(SMBwriteX);
4209 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4210 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4211 write_through = BITSETW(req->vwv+7,0);
4213 if (!check_fsp(conn, req, fsp)) {
4214 END_PROFILE(SMBwriteX);
4218 if (!CHECK_WRITE(fsp)) {
4219 reply_doserror(req, ERRDOS, ERRbadaccess);
4220 END_PROFILE(SMBwriteX);
4224 data = smb_base(req->inbuf) + smb_doff;
4226 if(req->wct == 14) {
4227 #ifdef LARGE_SMB_OFF_T
4229 * This is a large offset (64 bit) write.
4231 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4233 #else /* !LARGE_SMB_OFF_T */
4236 * Ensure we haven't been sent a >32 bit offset.
4239 if(IVAL(req->vwv+12, 0) != 0) {
4240 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4241 "used and we don't support 64 bit offsets.\n",
4242 (unsigned int)IVAL(req->vwv+12, 0) ));
4243 reply_doserror(req, ERRDOS, ERRbadaccess);
4244 END_PROFILE(SMBwriteX);
4248 #endif /* LARGE_SMB_OFF_T */
4251 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4252 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4255 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4256 reply_doserror(req, ERRDOS, ERRlock);
4257 END_PROFILE(SMBwriteX);
4261 /* X/Open SMB protocol says that, unlike SMBwrite
4262 if the length is zero then NO truncation is
4263 done, just a write of zero. To truncate a file,
4266 if(numtowrite == 0) {
4270 if ((req->unread_bytes == 0) &&
4271 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4276 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4279 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4280 reply_unixerror(req, ERRHRD, ERRdiskfull);
4284 reply_outbuf(req, 6, 0);
4285 SSVAL(req->outbuf,smb_vwv2,nwritten);
4286 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4288 if (nwritten < (ssize_t)numtowrite) {
4289 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4290 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4293 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4294 fsp->fnum, (int)numtowrite, (int)nwritten));
4296 status = sync_file(conn, fsp, write_through);
4297 if (!NT_STATUS_IS_OK(status)) {
4298 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4299 fsp->fsp_name, nt_errstr(status) ));
4300 reply_nterror(req, status);
4304 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4306 END_PROFILE(SMBwriteX);
4311 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4313 END_PROFILE(SMBwriteX);
4317 /****************************************************************************
4319 ****************************************************************************/
4321 void reply_lseek(struct smb_request *req)
4323 connection_struct *conn = req->conn;
4329 START_PROFILE(SMBlseek);
4332 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4333 END_PROFILE(SMBlseek);
4337 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4339 if (!check_fsp(conn, req, fsp)) {
4343 flush_write_cache(fsp, SEEK_FLUSH);
4345 mode = SVAL(req->vwv+1, 0) & 3;
4346 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4347 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4356 res = fsp->fh->pos + startpos;
4367 if (umode == SEEK_END) {
4368 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4369 if(errno == EINVAL) {
4370 SMB_OFF_T current_pos = startpos;
4371 SMB_STRUCT_STAT sbuf;
4373 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4374 reply_unixerror(req, ERRDOS,
4376 END_PROFILE(SMBlseek);
4380 current_pos += sbuf.st_ex_size;
4382 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4387 reply_unixerror(req, ERRDOS, ERRnoaccess);
4388 END_PROFILE(SMBlseek);
4395 reply_outbuf(req, 2, 0);
4396 SIVAL(req->outbuf,smb_vwv0,res);
4398 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4399 fsp->fnum, (double)startpos, (double)res, mode));
4401 END_PROFILE(SMBlseek);
4405 /****************************************************************************
4407 ****************************************************************************/
4409 void reply_flush(struct smb_request *req)
4411 connection_struct *conn = req->conn;
4415 START_PROFILE(SMBflush);
4418 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4422 fnum = SVAL(req->vwv+0, 0);
4423 fsp = file_fsp(req, fnum);
4425 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4430 file_sync_all(conn);
4432 NTSTATUS status = sync_file(conn, fsp, True);
4433 if (!NT_STATUS_IS_OK(status)) {
4434 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4435 fsp->fsp_name, nt_errstr(status) ));
4436 reply_nterror(req, status);
4437 END_PROFILE(SMBflush);
4442 reply_outbuf(req, 0, 0);
4444 DEBUG(3,("flush\n"));
4445 END_PROFILE(SMBflush);
4449 /****************************************************************************
4451 conn POINTER CAN BE NULL HERE !
4452 ****************************************************************************/
4454 void reply_exit(struct smb_request *req)
4456 START_PROFILE(SMBexit);
4458 file_close_pid(req->smbpid, req->vuid);
4460 reply_outbuf(req, 0, 0);
4462 DEBUG(3,("exit\n"));
4464 END_PROFILE(SMBexit);
4468 /****************************************************************************
4469 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4470 ****************************************************************************/
4472 void reply_close(struct smb_request *req)
4474 connection_struct *conn = req->conn;
4475 NTSTATUS status = NT_STATUS_OK;
4476 files_struct *fsp = NULL;
4477 START_PROFILE(SMBclose);
4480 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4481 END_PROFILE(SMBclose);
4485 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4488 * We can only use check_fsp if we know it's not a directory.
4491 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4492 reply_doserror(req, ERRDOS, ERRbadfid);
4493 END_PROFILE(SMBclose);
4497 if(fsp->is_directory) {
4499 * Special case - close NT SMB directory handle.
4501 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4502 status = close_file(req, fsp, NORMAL_CLOSE);
4506 * Close ordinary file.
4509 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4510 fsp->fh->fd, fsp->fnum,
4511 conn->num_files_open));
4514 * Take care of any time sent in the close.
4517 t = srv_make_unix_date3(req->vwv+1);
4518 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4521 * close_file() returns the unix errno if an error
4522 * was detected on close - normally this is due to
4523 * a disk full error. If not then it was probably an I/O error.
4526 status = close_file(req, fsp, NORMAL_CLOSE);
4529 if (!NT_STATUS_IS_OK(status)) {
4530 reply_nterror(req, status);
4531 END_PROFILE(SMBclose);
4535 reply_outbuf(req, 0, 0);
4536 END_PROFILE(SMBclose);
4540 /****************************************************************************
4541 Reply to a writeclose (Core+ protocol).
4542 ****************************************************************************/
4544 void reply_writeclose(struct smb_request *req)
4546 connection_struct *conn = req->conn;
4548 ssize_t nwritten = -1;
4549 NTSTATUS close_status = NT_STATUS_OK;
4552 struct timespec mtime;
4554 struct lock_struct lock;
4556 START_PROFILE(SMBwriteclose);
4559 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4560 END_PROFILE(SMBwriteclose);
4564 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4566 if (!check_fsp(conn, req, fsp)) {
4567 END_PROFILE(SMBwriteclose);
4570 if (!CHECK_WRITE(fsp)) {
4571 reply_doserror(req, ERRDOS,ERRbadaccess);
4572 END_PROFILE(SMBwriteclose);
4576 numtowrite = SVAL(req->vwv+1, 0);
4577 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4578 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4579 data = (const char *)req->buf + 1;
4582 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4583 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4586 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4587 reply_doserror(req, ERRDOS,ERRlock);
4588 END_PROFILE(SMBwriteclose);
4593 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4595 set_close_write_time(fsp, mtime);
4598 * More insanity. W2K only closes the file if writelen > 0.
4603 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4605 close_status = close_file(req, fsp, NORMAL_CLOSE);
4608 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4609 fsp->fnum, (int)numtowrite, (int)nwritten,
4610 conn->num_files_open));
4612 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4613 reply_doserror(req, ERRHRD, ERRdiskfull);
4617 if(!NT_STATUS_IS_OK(close_status)) {
4618 reply_nterror(req, close_status);
4622 reply_outbuf(req, 1, 0);
4624 SSVAL(req->outbuf,smb_vwv0,nwritten);
4628 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4631 END_PROFILE(SMBwriteclose);
4636 #define DBGC_CLASS DBGC_LOCKING
4638 /****************************************************************************
4640 ****************************************************************************/
4642 void reply_lock(struct smb_request *req)
4644 connection_struct *conn = req->conn;
4645 uint64_t count,offset;
4648 struct byte_range_lock *br_lck = NULL;
4650 START_PROFILE(SMBlock);
4653 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4654 END_PROFILE(SMBlock);
4658 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4660 if (!check_fsp(conn, req, fsp)) {
4661 END_PROFILE(SMBlock);
4665 count = (uint64_t)IVAL(req->vwv+1, 0);
4666 offset = (uint64_t)IVAL(req->vwv+3, 0);
4668 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4669 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4671 br_lck = do_lock(smbd_messaging_context(),
4678 False, /* Non-blocking lock. */
4683 TALLOC_FREE(br_lck);
4685 if (NT_STATUS_V(status)) {
4686 reply_nterror(req, status);
4687 END_PROFILE(SMBlock);
4691 reply_outbuf(req, 0, 0);
4693 END_PROFILE(SMBlock);
4697 /****************************************************************************
4699 ****************************************************************************/
4701 void reply_unlock(struct smb_request *req)
4703 connection_struct *conn = req->conn;
4704 uint64_t count,offset;
4708 START_PROFILE(SMBunlock);
4711 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4712 END_PROFILE(SMBunlock);
4716 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4718 if (!check_fsp(conn, req, fsp)) {
4719 END_PROFILE(SMBunlock);
4723 count = (uint64_t)IVAL(req->vwv+1, 0);
4724 offset = (uint64_t)IVAL(req->vwv+3, 0);
4726 status = do_unlock(smbd_messaging_context(),
4733 if (NT_STATUS_V(status)) {
4734 reply_nterror(req, status);
4735 END_PROFILE(SMBunlock);
4739 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4740 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4742 reply_outbuf(req, 0, 0);
4744 END_PROFILE(SMBunlock);
4749 #define DBGC_CLASS DBGC_ALL
4751 /****************************************************************************
4753 conn POINTER CAN BE NULL HERE !
4754 ****************************************************************************/
4756 void reply_tdis(struct smb_request *req)
4758 connection_struct *conn = req->conn;
4759 START_PROFILE(SMBtdis);
4762 DEBUG(4,("Invalid connection in tdis\n"));
4763 reply_doserror(req, ERRSRV, ERRinvnid);
4764 END_PROFILE(SMBtdis);
4770 close_cnum(conn,req->vuid);
4773 reply_outbuf(req, 0, 0);
4774 END_PROFILE(SMBtdis);
4778 /****************************************************************************
4780 conn POINTER CAN BE NULL HERE !
4781 ****************************************************************************/
4783 void reply_echo(struct smb_request *req)
4785 connection_struct *conn = req->conn;
4786 struct smb_perfcount_data local_pcd;
4787 struct smb_perfcount_data *cur_pcd;
4791 START_PROFILE(SMBecho);
4793 smb_init_perfcount_data(&local_pcd);
4796 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4797 END_PROFILE(SMBecho);
4801 smb_reverb = SVAL(req->vwv+0, 0);
4803 reply_outbuf(req, 1, req->buflen);
4805 /* copy any incoming data back out */
4806 if (req->buflen > 0) {
4807 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4810 if (smb_reverb > 100) {
4811 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4815 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4817 /* this makes sure we catch the request pcd */
4818 if (seq_num == smb_reverb) {
4819 cur_pcd = &req->pcd;
4821 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4822 cur_pcd = &local_pcd;
4825 SSVAL(req->outbuf,smb_vwv0,seq_num);
4827 show_msg((char *)req->outbuf);
4828 if (!srv_send_smb(smbd_server_fd(),
4829 (char *)req->outbuf,
4830 true, req->seqnum+1,
4831 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4833 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4836 DEBUG(3,("echo %d times\n", smb_reverb));
4838 TALLOC_FREE(req->outbuf);
4840 END_PROFILE(SMBecho);
4844 /****************************************************************************
4845 Reply to a printopen.
4846 ****************************************************************************/
4848 void reply_printopen(struct smb_request *req)
4850 connection_struct *conn = req->conn;
4852 SMB_STRUCT_STAT sbuf;
4855 START_PROFILE(SMBsplopen);
4858 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4859 END_PROFILE(SMBsplopen);
4863 if (!CAN_PRINT(conn)) {
4864 reply_doserror(req, ERRDOS, ERRnoaccess);
4865 END_PROFILE(SMBsplopen);
4869 status = file_new(req, conn, &fsp);
4870 if(!NT_STATUS_IS_OK(status)) {
4871 reply_nterror(req, status);
4872 END_PROFILE(SMBsplopen);
4876 /* Open for exclusive use, write only. */
4877 status = print_fsp_open(req, conn, NULL, req->vuid, fsp, &sbuf);
4879 if (!NT_STATUS_IS_OK(status)) {
4880 reply_nterror(req, status);
4881 END_PROFILE(SMBsplopen);
4885 reply_outbuf(req, 1, 0);
4886 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4888 DEBUG(3,("openprint fd=%d fnum=%d\n",
4889 fsp->fh->fd, fsp->fnum));
4891 END_PROFILE(SMBsplopen);
4895 /****************************************************************************
4896 Reply to a printclose.
4897 ****************************************************************************/
4899 void reply_printclose(struct smb_request *req)
4901 connection_struct *conn = req->conn;
4905 START_PROFILE(SMBsplclose);
4908 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4909 END_PROFILE(SMBsplclose);
4913 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4915 if (!check_fsp(conn, req, fsp)) {
4916 END_PROFILE(SMBsplclose);
4920 if (!CAN_PRINT(conn)) {
4921 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4922 END_PROFILE(SMBsplclose);
4926 DEBUG(3,("printclose fd=%d fnum=%d\n",
4927 fsp->fh->fd,fsp->fnum));
4929 status = close_file(req, fsp, NORMAL_CLOSE);
4931 if(!NT_STATUS_IS_OK(status)) {
4932 reply_nterror(req, status);
4933 END_PROFILE(SMBsplclose);
4937 reply_outbuf(req, 0, 0);
4939 END_PROFILE(SMBsplclose);
4943 /****************************************************************************
4944 Reply to a printqueue.
4945 ****************************************************************************/
4947 void reply_printqueue(struct smb_request *req)
4949 connection_struct *conn = req->conn;
4953 START_PROFILE(SMBsplretq);
4956 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4957 END_PROFILE(SMBsplretq);
4961 max_count = SVAL(req->vwv+0, 0);
4962 start_index = SVAL(req->vwv+1, 0);
4964 /* we used to allow the client to get the cnum wrong, but that
4965 is really quite gross and only worked when there was only
4966 one printer - I think we should now only accept it if they
4967 get it right (tridge) */
4968 if (!CAN_PRINT(conn)) {
4969 reply_doserror(req, ERRDOS, ERRnoaccess);
4970 END_PROFILE(SMBsplretq);
4974 reply_outbuf(req, 2, 3);
4975 SSVAL(req->outbuf,smb_vwv0,0);
4976 SSVAL(req->outbuf,smb_vwv1,0);
4977 SCVAL(smb_buf(req->outbuf),0,1);
4978 SSVAL(smb_buf(req->outbuf),1,0);
4980 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4981 start_index, max_count));
4984 print_queue_struct *queue = NULL;
4985 print_status_struct status;
4986 int count = print_queue_status(SNUM(conn), &queue, &status);
4987 int num_to_get = ABS(max_count);
4988 int first = (max_count>0?start_index:start_index+max_count+1);
4994 num_to_get = MIN(num_to_get,count-first);
4997 for (i=first;i<first+num_to_get;i++) {
5001 srv_put_dos_date2(p,0,queue[i].time);
5002 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5003 SSVAL(p,5, queue[i].job);
5004 SIVAL(p,7,queue[i].size);
5006 srvstr_push(blob, req->flags2, p+12,
5007 queue[i].fs_user, 16, STR_ASCII);
5009 if (message_push_blob(
5012 blob, sizeof(blob))) == -1) {
5013 reply_nterror(req, NT_STATUS_NO_MEMORY);
5014 END_PROFILE(SMBsplretq);
5020 SSVAL(req->outbuf,smb_vwv0,count);
5021 SSVAL(req->outbuf,smb_vwv1,
5022 (max_count>0?first+count:first-1));
5023 SCVAL(smb_buf(req->outbuf),0,1);
5024 SSVAL(smb_buf(req->outbuf),1,28*count);
5029 DEBUG(3,("%d entries returned in queue\n",count));
5032 END_PROFILE(SMBsplretq);
5036 /****************************************************************************
5037 Reply to a printwrite.
5038 ****************************************************************************/
5040 void reply_printwrite(struct smb_request *req)
5042 connection_struct *conn = req->conn;
5047 START_PROFILE(SMBsplwr);
5050 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5051 END_PROFILE(SMBsplwr);
5055 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5057 if (!check_fsp(conn, req, fsp)) {
5058 END_PROFILE(SMBsplwr);
5062 if (!CAN_PRINT(conn)) {
5063 reply_doserror(req, ERRDOS, ERRnoaccess);
5064 END_PROFILE(SMBsplwr);
5068 if (!CHECK_WRITE(fsp)) {
5069 reply_doserror(req, ERRDOS, ERRbadaccess);
5070 END_PROFILE(SMBsplwr);
5074 numtowrite = SVAL(req->buf, 1);
5076 if (req->buflen < numtowrite + 3) {
5077 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5078 END_PROFILE(SMBsplwr);
5082 data = (const char *)req->buf + 3;
5084 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5085 reply_unixerror(req, ERRHRD, ERRdiskfull);
5086 END_PROFILE(SMBsplwr);
5090 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5092 END_PROFILE(SMBsplwr);
5096 /****************************************************************************
5098 ****************************************************************************/
5100 void reply_mkdir(struct smb_request *req)
5102 connection_struct *conn = req->conn;
5103 char *directory = NULL;
5105 SMB_STRUCT_STAT sbuf;
5106 TALLOC_CTX *ctx = talloc_tos();
5108 START_PROFILE(SMBmkdir);
5110 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5111 STR_TERMINATE, &status);
5112 if (!NT_STATUS_IS_OK(status)) {
5113 reply_nterror(req, status);
5114 END_PROFILE(SMBmkdir);
5118 status = resolve_dfspath(ctx, conn,
5119 req->flags2 & FLAGS2_DFS_PATHNAMES,
5122 if (!NT_STATUS_IS_OK(status)) {
5123 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5124 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5125 ERRSRV, ERRbadpath);
5126 END_PROFILE(SMBmkdir);
5129 reply_nterror(req, status);
5130 END_PROFILE(SMBmkdir);
5134 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
5135 if (!NT_STATUS_IS_OK(status)) {
5136 reply_nterror(req, status);
5137 END_PROFILE(SMBmkdir);
5141 status = check_name(conn, directory);
5142 if (!NT_STATUS_IS_OK(status)) {
5143 reply_nterror(req, status);
5144 END_PROFILE(SMBmkdir);
5148 status = create_directory(conn, req, directory);
5150 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5152 if (!NT_STATUS_IS_OK(status)) {
5154 if (!use_nt_status()
5155 && NT_STATUS_EQUAL(status,
5156 NT_STATUS_OBJECT_NAME_COLLISION)) {
5158 * Yes, in the DOS error code case we get a
5159 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5160 * samba4 torture test.
5162 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5165 reply_nterror(req, status);
5166 END_PROFILE(SMBmkdir);
5170 reply_outbuf(req, 0, 0);
5172 DEBUG( 3, ( "mkdir %s\n", directory ) );
5174 END_PROFILE(SMBmkdir);
5178 /****************************************************************************
5179 Static function used by reply_rmdir to delete an entire directory
5180 tree recursively. Return True on ok, False on fail.
5181 ****************************************************************************/
5183 static bool recursive_rmdir(TALLOC_CTX *ctx,
5184 connection_struct *conn,
5187 const char *dname = NULL;
5191 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
5197 while((dname = ReadDirName(dir_hnd, &offset, &st))) {
5198 char *fullname = NULL;
5200 if (ISDOT(dname) || ISDOTDOT(dname)) {
5204 if (!is_visible_file(conn, directory, dname, &st, False)) {
5208 /* Construct the full name. */
5209 fullname = talloc_asprintf(ctx,
5219 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5224 if(st.st_ex_mode & S_IFDIR) {
5225 if(!recursive_rmdir(ctx, conn, fullname)) {
5229 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5233 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5237 TALLOC_FREE(fullname);
5239 TALLOC_FREE(dir_hnd);
5243 /****************************************************************************
5244 The internals of the rmdir code - called elsewhere.
5245 ****************************************************************************/
5247 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5248 connection_struct *conn,
5249 const char *directory)
5254 /* Might be a symlink. */
5255 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
5256 return map_nt_error_from_unix(errno);
5259 if (S_ISLNK(st.st_ex_mode)) {
5260 /* Is what it points to a directory ? */
5261 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
5262 return map_nt_error_from_unix(errno);
5264 if (!(S_ISDIR(st.st_ex_mode))) {
5265 return NT_STATUS_NOT_A_DIRECTORY;
5267 ret = SMB_VFS_UNLINK(conn,directory);
5269 ret = SMB_VFS_RMDIR(conn,directory);
5272 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5273 FILE_NOTIFY_CHANGE_DIR_NAME,
5275 return NT_STATUS_OK;
5278 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5280 * Check to see if the only thing in this directory are
5281 * vetoed files/directories. If so then delete them and
5282 * retry. If we fail to delete any of them (and we *don't*
5283 * do a recursive delete) then fail the rmdir.
5287 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5288 directory, NULL, 0);
5290 if(dir_hnd == NULL) {
5295 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5296 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5298 if (!is_visible_file(conn, directory, dname, &st, False))
5300 if(!IS_VETO_PATH(conn, dname)) {
5301 TALLOC_FREE(dir_hnd);
5307 /* We only have veto files/directories.
5308 * Are we allowed to delete them ? */
5310 if(!lp_recursive_veto_delete(SNUM(conn))) {
5311 TALLOC_FREE(dir_hnd);
5316 /* Do a recursive delete. */
5317 RewindDir(dir_hnd,&dirpos);
5318 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5319 char *fullname = NULL;
5321 if (ISDOT(dname) || ISDOTDOT(dname)) {
5324 if (!is_visible_file(conn, directory, dname, &st, False)) {
5328 fullname = talloc_asprintf(ctx,
5338 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5341 if(st.st_ex_mode & S_IFDIR) {
5342 if(!recursive_rmdir(ctx, conn, fullname)) {
5345 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5348 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5351 TALLOC_FREE(fullname);
5353 TALLOC_FREE(dir_hnd);
5354 /* Retry the rmdir */
5355 ret = SMB_VFS_RMDIR(conn,directory);
5361 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5362 "%s\n", directory,strerror(errno)));
5363 return map_nt_error_from_unix(errno);
5366 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5367 FILE_NOTIFY_CHANGE_DIR_NAME,
5370 return NT_STATUS_OK;
5373 /****************************************************************************
5375 ****************************************************************************/
5377 void reply_rmdir(struct smb_request *req)
5379 connection_struct *conn = req->conn;
5380 char *directory = NULL;
5381 SMB_STRUCT_STAT sbuf;
5383 TALLOC_CTX *ctx = talloc_tos();
5385 START_PROFILE(SMBrmdir);
5387 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5388 STR_TERMINATE, &status);
5389 if (!NT_STATUS_IS_OK(status)) {
5390 reply_nterror(req, status);
5391 END_PROFILE(SMBrmdir);
5395 status = resolve_dfspath(ctx, conn,
5396 req->flags2 & FLAGS2_DFS_PATHNAMES,
5399 if (!NT_STATUS_IS_OK(status)) {
5400 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5401 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5402 ERRSRV, ERRbadpath);
5403 END_PROFILE(SMBrmdir);
5406 reply_nterror(req, status);
5407 END_PROFILE(SMBrmdir);
5411 status = unix_convert(ctx, conn, directory, False, &directory,
5413 if (!NT_STATUS_IS_OK(status)) {
5414 reply_nterror(req, status);
5415 END_PROFILE(SMBrmdir);
5419 status = check_name(conn, directory);
5420 if (!NT_STATUS_IS_OK(status)) {
5421 reply_nterror(req, status);
5422 END_PROFILE(SMBrmdir);
5426 dptr_closepath(directory, req->smbpid);
5427 status = rmdir_internals(ctx, conn, directory);
5428 if (!NT_STATUS_IS_OK(status)) {
5429 reply_nterror(req, status);
5430 END_PROFILE(SMBrmdir);
5434 reply_outbuf(req, 0, 0);
5436 DEBUG( 3, ( "rmdir %s\n", directory ) );
5438 END_PROFILE(SMBrmdir);
5442 /*******************************************************************
5443 Resolve wildcards in a filename rename.
5444 ********************************************************************/
5446 static bool resolve_wildcards(TALLOC_CTX *ctx,
5451 char *name2_copy = NULL;
5456 char *p,*p2, *pname1, *pname2;
5458 name2_copy = talloc_strdup(ctx, name2);
5463 pname1 = strrchr_m(name1,'/');
5464 pname2 = strrchr_m(name2_copy,'/');
5466 if (!pname1 || !pname2) {
5470 /* Truncate the copy of name2 at the last '/' */
5473 /* Now go past the '/' */
5477 root1 = talloc_strdup(ctx, pname1);
5478 root2 = talloc_strdup(ctx, pname2);
5480 if (!root1 || !root2) {
5484 p = strrchr_m(root1,'.');
5487 ext1 = talloc_strdup(ctx, p+1);
5489 ext1 = talloc_strdup(ctx, "");
5491 p = strrchr_m(root2,'.');
5494 ext2 = talloc_strdup(ctx, p+1);
5496 ext2 = talloc_strdup(ctx, "");
5499 if (!ext1 || !ext2) {
5507 /* Hmmm. Should this be mb-aware ? */
5510 } else if (*p2 == '*') {
5512 root2 = talloc_asprintf(ctx, "%s%s",
5531 /* Hmmm. Should this be mb-aware ? */
5534 } else if (*p2 == '*') {
5536 ext2 = talloc_asprintf(ctx, "%s%s",
5552 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5557 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5569 /****************************************************************************
5570 Ensure open files have their names updated. Updated to notify other smbd's
5572 ****************************************************************************/
5574 static void rename_open_files(connection_struct *conn,
5575 struct share_mode_lock *lck,
5576 const char *newname)
5579 bool did_rename = False;
5581 for(fsp = file_find_di_first(lck->id); fsp;
5582 fsp = file_find_di_next(fsp)) {
5583 /* fsp_name is a relative path under the fsp. To change this for other
5584 sharepaths we need to manipulate relative paths. */
5585 /* TODO - create the absolute path and manipulate the newname
5586 relative to the sharepath. */
5587 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5590 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5591 fsp->fnum, file_id_string_tos(&fsp->file_id),
5592 fsp->fsp_name, newname ));
5593 string_set(&fsp->fsp_name, newname);
5598 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5599 file_id_string_tos(&lck->id), newname ));
5602 /* Send messages to all smbd's (not ourself) that the name has changed. */
5603 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5607 /****************************************************************************
5608 We need to check if the source path is a parent directory of the destination
5609 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5610 refuse the rename with a sharing violation. Under UNIX the above call can
5611 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5612 probably need to check that the client is a Windows one before disallowing
5613 this as a UNIX client (one with UNIX extensions) can know the source is a
5614 symlink and make this decision intelligently. Found by an excellent bug
5615 report from <AndyLiebman@aol.com>.
5616 ****************************************************************************/
5618 static bool rename_path_prefix_equal(const char *src, const char *dest)
5620 const char *psrc = src;
5621 const char *pdst = dest;
5624 if (psrc[0] == '.' && psrc[1] == '/') {
5627 if (pdst[0] == '.' && pdst[1] == '/') {
5630 if ((slen = strlen(psrc)) > strlen(pdst)) {
5633 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5637 * Do the notify calls from a rename
5640 static void notify_rename(connection_struct *conn, bool is_dir,
5641 const char *oldpath, const char *newpath)
5643 char *olddir, *newdir;
5644 const char *oldname, *newname;
5647 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5648 : FILE_NOTIFY_CHANGE_FILE_NAME;
5650 if (!parent_dirname(talloc_tos(), oldpath, &olddir, &oldname)
5651 || !parent_dirname(talloc_tos(), newpath, &newdir, &newname)) {
5652 TALLOC_FREE(olddir);
5656 if (strcmp(olddir, newdir) == 0) {
5657 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5658 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5661 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5662 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5664 TALLOC_FREE(olddir);
5665 TALLOC_FREE(newdir);
5667 /* this is a strange one. w2k3 gives an additional event for
5668 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5669 files, but not directories */
5671 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5672 FILE_NOTIFY_CHANGE_ATTRIBUTES
5673 |FILE_NOTIFY_CHANGE_CREATION,
5678 /****************************************************************************
5679 Rename an open file - given an fsp.
5680 ****************************************************************************/
5682 NTSTATUS rename_internals_fsp(connection_struct *conn,
5685 const char *newname_last_component,
5687 bool replace_if_exists)
5689 TALLOC_CTX *ctx = talloc_tos();
5690 SMB_STRUCT_STAT sbuf, sbuf1;
5691 NTSTATUS status = NT_STATUS_OK;
5692 struct share_mode_lock *lck = NULL;
5693 bool dst_exists, old_is_stream, new_is_stream;
5697 status = check_name(conn, newname);
5698 if (!NT_STATUS_IS_OK(status)) {
5702 /* Ensure newname contains a '/' */
5703 if(strrchr_m(newname,'/') == 0) {
5704 newname = talloc_asprintf(ctx,
5708 return NT_STATUS_NO_MEMORY;
5713 * Check for special case with case preserving and not
5714 * case sensitive. If the old last component differs from the original
5715 * last component only by case, then we should allow
5716 * the rename (user is trying to change the case of the
5720 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5721 strequal(newname, fsp->fsp_name)) {
5723 char *newname_modified_last_component = NULL;
5726 * Get the last component of the modified name.
5727 * Note that we guarantee that newname contains a '/'
5730 p = strrchr_m(newname,'/');
5731 newname_modified_last_component = talloc_strdup(ctx,
5733 if (!newname_modified_last_component) {
5734 return NT_STATUS_NO_MEMORY;
5737 if(strcsequal(newname_modified_last_component,
5738 newname_last_component) == False) {
5740 * Replace the modified last component with
5743 *p = '\0'; /* Truncate at the '/' */
5744 newname = talloc_asprintf(ctx,
5747 newname_last_component);
5752 * If the src and dest names are identical - including case,
5753 * don't do the rename, just return success.
5756 if (strcsequal(fsp->fsp_name, newname)) {
5757 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5759 return NT_STATUS_OK;
5762 old_is_stream = is_ntfs_stream_name(fsp->fsp_name);
5763 new_is_stream = is_ntfs_stream_name(newname);
5765 /* Return the correct error code if both names aren't streams. */
5766 if (!old_is_stream && new_is_stream) {
5767 return NT_STATUS_OBJECT_NAME_INVALID;
5770 if (old_is_stream && !new_is_stream) {
5771 return NT_STATUS_INVALID_PARAMETER;
5775 * Have vfs_object_exist also fill sbuf1
5777 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5779 if(!replace_if_exists && dst_exists) {
5780 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5781 fsp->fsp_name,newname));
5782 return NT_STATUS_OBJECT_NAME_COLLISION;
5786 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5787 files_struct *dst_fsp = file_find_di_first(fileid);
5788 /* The file can be open when renaming a stream */
5789 if (dst_fsp && !new_is_stream) {
5790 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5791 return NT_STATUS_ACCESS_DENIED;
5795 /* Ensure we have a valid stat struct for the source. */
5796 if (fsp->fh->fd != -1) {
5797 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5798 return map_nt_error_from_unix(errno);
5802 if (fsp->posix_open) {
5803 ret = SMB_VFS_LSTAT(conn,fsp->fsp_name,&sbuf);
5805 ret = SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf);
5808 return map_nt_error_from_unix(errno);
5812 status = can_rename(conn, fsp, attrs, &sbuf);
5814 if (!NT_STATUS_IS_OK(status)) {
5815 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5816 nt_errstr(status), fsp->fsp_name,newname));
5817 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5818 status = NT_STATUS_ACCESS_DENIED;
5822 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5823 return NT_STATUS_ACCESS_DENIED;
5826 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5830 * We have the file open ourselves, so not being able to get the
5831 * corresponding share mode lock is a fatal error.
5834 SMB_ASSERT(lck != NULL);
5836 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5837 uint32 create_options = fsp->fh->private_options;
5839 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5840 fsp->fsp_name,newname));
5842 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5844 rename_open_files(conn, lck, newname);
5847 * A rename acts as a new file create w.r.t. allowing an initial delete
5848 * on close, probably because in Windows there is a new handle to the
5849 * new file. If initial delete on close was requested but not
5850 * originally set, we need to set it here. This is probably not 100% correct,
5851 * but will work for the CIFSFS client which in non-posix mode
5852 * depends on these semantics. JRA.
5855 if (create_options & FILE_DELETE_ON_CLOSE) {
5856 status = can_set_delete_on_close(fsp, True, 0);
5858 if (NT_STATUS_IS_OK(status)) {
5859 /* Note that here we set the *inital* delete on close flag,
5860 * not the regular one. The magic gets handled in close. */
5861 fsp->initial_delete_on_close = True;
5865 return NT_STATUS_OK;
5870 if (errno == ENOTDIR || errno == EISDIR) {
5871 status = NT_STATUS_OBJECT_NAME_COLLISION;
5873 status = map_nt_error_from_unix(errno);
5876 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5877 nt_errstr(status), fsp->fsp_name,newname));
5882 /****************************************************************************
5883 The guts of the rename command, split out so it may be called by the NT SMB
5885 ****************************************************************************/
5887 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5888 connection_struct *conn,
5889 struct smb_request *req,
5890 const char *name_in,
5891 const char *newname_in,
5893 bool replace_if_exists,
5896 uint32_t access_mask)
5898 char *directory = NULL;
5900 char *last_component_src = NULL;
5901 char *last_component_dest = NULL;
5903 char *newname = NULL;
5906 NTSTATUS status = NT_STATUS_OK;
5907 SMB_STRUCT_STAT sbuf1, sbuf2;
5908 struct smb_Dir *dir_hnd = NULL;
5911 int create_options = 0;
5912 bool posix_pathnames = lp_posix_pathnames();
5917 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5918 &last_component_src, &sbuf1);
5919 if (!NT_STATUS_IS_OK(status)) {
5923 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5924 &last_component_dest, &sbuf2);
5925 if (!NT_STATUS_IS_OK(status)) {
5930 * Split the old name into directory and last component
5931 * strings. Note that unix_convert may have stripped off a
5932 * leading ./ from both name and newname if the rename is
5933 * at the root of the share. We need to make sure either both
5934 * name and newname contain a / character or neither of them do
5935 * as this is checked in resolve_wildcards().
5938 p = strrchr_m(name,'/');
5940 directory = talloc_strdup(ctx, ".");
5942 return NT_STATUS_NO_MEMORY;
5947 directory = talloc_strdup(ctx, name);
5949 return NT_STATUS_NO_MEMORY;
5952 *p = '/'; /* Replace needed for exceptional test below. */
5956 * We should only check the mangled cache
5957 * here if unix_convert failed. This means
5958 * that the path in 'mask' doesn't exist
5959 * on the file system and so we need to look
5960 * for a possible mangle. This patch from
5961 * Tine Smukavec <valentin.smukavec@hermes.si>.
5964 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5965 char *new_mask = NULL;
5966 mangle_lookup_name_from_8_3(ctx,
5975 if (!src_has_wild) {
5979 * No wildcards - just process the one file.
5981 /* Add a terminating '/' to the directory name. */
5982 directory = talloc_asprintf_append(directory,
5986 return NT_STATUS_NO_MEMORY;
5989 /* Ensure newname contains a '/' also */
5990 if(strrchr_m(newname,'/') == 0) {
5991 newname = talloc_asprintf(ctx,
5995 return NT_STATUS_NO_MEMORY;
5999 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6000 "case_preserve = %d, short case preserve = %d, "
6001 "directory = %s, newname = %s, "
6002 "last_component_dest = %s\n",
6003 conn->case_sensitive, conn->case_preserve,
6004 conn->short_case_preserve, directory,
6005 newname, last_component_dest));
6007 /* The dest name still may have wildcards. */
6008 if (dest_has_wild) {
6009 char *mod_newname = NULL;
6010 if (!resolve_wildcards(ctx,
6011 directory,newname,&mod_newname)) {
6012 DEBUG(6, ("rename_internals: resolve_wildcards "
6016 return NT_STATUS_NO_MEMORY;
6018 newname = mod_newname;
6022 if (posix_pathnames) {
6023 SMB_VFS_LSTAT(conn, directory, &sbuf1);
6025 SMB_VFS_STAT(conn, directory, &sbuf1);
6028 if (S_ISDIR(sbuf1.st_ex_mode)) {
6029 create_options |= FILE_DIRECTORY_FILE;
6032 status = SMB_VFS_CREATE_FILE(
6035 0, /* root_dir_fid */
6036 directory, /* fname */
6037 0, /* create_file_flags */
6038 access_mask, /* access_mask */
6039 (FILE_SHARE_READ | /* share_access */
6041 FILE_OPEN, /* create_disposition*/
6042 create_options, /* create_options */
6043 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6044 0, /* oplock_request */
6045 0, /* allocation_size */
6050 &sbuf1); /* psbuf */
6052 if (!NT_STATUS_IS_OK(status)) {
6053 DEBUG(3, ("Could not open rename source %s: %s\n",
6054 directory, nt_errstr(status)));
6058 status = rename_internals_fsp(conn, fsp, newname,
6059 last_component_dest,
6060 attrs, replace_if_exists);
6062 close_file(req, fsp, NORMAL_CLOSE);
6064 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6065 nt_errstr(status), directory,newname));
6071 * Wildcards - process each file that matches.
6073 if (strequal(mask,"????????.???")) {
6078 status = check_name(conn, directory);
6079 if (!NT_STATUS_IS_OK(status)) {
6083 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
6084 if (dir_hnd == NULL) {
6085 return map_nt_error_from_unix(errno);
6088 status = NT_STATUS_NO_SUCH_FILE;
6090 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6091 * - gentest fix. JRA
6094 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6095 files_struct *fsp = NULL;
6097 char *destname = NULL;
6098 bool sysdir_entry = False;
6100 /* Quick check for "." and ".." */
6101 if (ISDOT(dname) || ISDOTDOT(dname)) {
6103 sysdir_entry = True;
6109 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6113 if(!mask_match(dname, mask, conn->case_sensitive)) {
6118 status = NT_STATUS_OBJECT_NAME_INVALID;
6122 fname = talloc_asprintf(ctx,
6127 return NT_STATUS_NO_MEMORY;
6130 if (!resolve_wildcards(ctx,
6131 fname,newname,&destname)) {
6132 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6138 return NT_STATUS_NO_MEMORY;
6142 if (posix_pathnames) {
6143 SMB_VFS_LSTAT(conn, fname, &sbuf1);
6145 SMB_VFS_STAT(conn, fname, &sbuf1);
6150 if (S_ISDIR(sbuf1.st_ex_mode)) {
6151 create_options |= FILE_DIRECTORY_FILE;
6154 status = SMB_VFS_CREATE_FILE(
6157 0, /* root_dir_fid */
6159 0, /* create_file_flags */
6160 access_mask, /* access_mask */
6161 (FILE_SHARE_READ | /* share_access */
6163 FILE_OPEN, /* create_disposition*/
6164 create_options, /* create_options */
6165 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6166 0, /* oplock_request */
6167 0, /* allocation_size */
6172 &sbuf1); /* psbuf */
6174 if (!NT_STATUS_IS_OK(status)) {
6175 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6176 "returned %s rename %s -> %s\n",
6177 nt_errstr(status), directory, newname));
6181 status = rename_internals_fsp(conn, fsp, destname, dname,
6182 attrs, replace_if_exists);
6184 close_file(req, fsp, NORMAL_CLOSE);
6186 if (!NT_STATUS_IS_OK(status)) {
6187 DEBUG(3, ("rename_internals_fsp returned %s for "
6188 "rename %s -> %s\n", nt_errstr(status),
6189 directory, newname));
6195 DEBUG(3,("rename_internals: doing rename on %s -> "
6196 "%s\n",fname,destname));
6199 TALLOC_FREE(destname);
6201 TALLOC_FREE(dir_hnd);
6203 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6204 status = map_nt_error_from_unix(errno);
6210 /****************************************************************************
6212 ****************************************************************************/
6214 void reply_mv(struct smb_request *req)
6216 connection_struct *conn = req->conn;
6218 char *newname = NULL;
6222 bool src_has_wcard = False;
6223 bool dest_has_wcard = False;
6224 TALLOC_CTX *ctx = talloc_tos();
6226 START_PROFILE(SMBmv);
6229 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6234 attrs = SVAL(req->vwv+0, 0);
6236 p = (const char *)req->buf + 1;
6237 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6238 &status, &src_has_wcard);
6239 if (!NT_STATUS_IS_OK(status)) {
6240 reply_nterror(req, status);
6245 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6246 &status, &dest_has_wcard);
6247 if (!NT_STATUS_IS_OK(status)) {
6248 reply_nterror(req, status);
6253 status = resolve_dfspath_wcard(ctx, conn,
6254 req->flags2 & FLAGS2_DFS_PATHNAMES,
6258 if (!NT_STATUS_IS_OK(status)) {
6259 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6260 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6261 ERRSRV, ERRbadpath);
6265 reply_nterror(req, status);
6270 status = resolve_dfspath_wcard(ctx, conn,
6271 req->flags2 & FLAGS2_DFS_PATHNAMES,
6275 if (!NT_STATUS_IS_OK(status)) {
6276 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6277 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6278 ERRSRV, ERRbadpath);
6282 reply_nterror(req, status);
6287 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
6289 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
6290 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
6291 if (!NT_STATUS_IS_OK(status)) {
6292 if (open_was_deferred(req->mid)) {
6293 /* We have re-scheduled this call. */
6297 reply_nterror(req, status);
6302 reply_outbuf(req, 0, 0);
6308 /*******************************************************************
6309 Copy a file as part of a reply_copy.
6310 ******************************************************************/
6313 * TODO: check error codes on all callers
6316 NTSTATUS copy_file(TALLOC_CTX *ctx,
6317 connection_struct *conn,
6322 bool target_is_directory)
6324 SMB_STRUCT_STAT src_sbuf, sbuf2;
6326 files_struct *fsp1,*fsp2;
6329 uint32 new_create_disposition;
6332 dest = talloc_strdup(ctx, dest1);
6334 return NT_STATUS_NO_MEMORY;
6336 if (target_is_directory) {
6337 const char *p = strrchr_m(src,'/');
6343 dest = talloc_asprintf_append(dest,
6347 return NT_STATUS_NO_MEMORY;
6351 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6353 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6356 if (!target_is_directory && count) {
6357 new_create_disposition = FILE_OPEN;
6359 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6360 NULL, NULL, &new_create_disposition, NULL)) {
6362 return NT_STATUS_INVALID_PARAMETER;
6366 status = SMB_VFS_CREATE_FILE(
6369 0, /* root_dir_fid */
6371 0, /* create_file_flags */
6372 FILE_GENERIC_READ, /* access_mask */
6373 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6374 FILE_OPEN, /* create_disposition*/
6375 0, /* create_options */
6376 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6377 INTERNAL_OPEN_ONLY, /* oplock_request */
6378 0, /* allocation_size */
6383 &src_sbuf); /* psbuf */
6385 if (!NT_STATUS_IS_OK(status)) {
6390 dosattrs = dos_mode(conn, src, &src_sbuf);
6391 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6392 ZERO_STRUCTP(&sbuf2);
6395 status = SMB_VFS_CREATE_FILE(
6398 0, /* root_dir_fid */
6400 0, /* create_file_flags */
6401 FILE_GENERIC_WRITE, /* access_mask */
6402 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6403 new_create_disposition, /* create_disposition*/
6404 0, /* create_options */
6405 dosattrs, /* file_attributes */
6406 INTERNAL_OPEN_ONLY, /* oplock_request */
6407 0, /* allocation_size */
6412 &sbuf2); /* psbuf */
6416 if (!NT_STATUS_IS_OK(status)) {
6417 close_file(NULL, fsp1, ERROR_CLOSE);
6421 if ((ofun&3) == 1) {
6422 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6423 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6425 * Stop the copy from occurring.
6428 src_sbuf.st_ex_size = 0;
6432 if (src_sbuf.st_ex_size) {
6433 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_ex_size);
6436 close_file(NULL, fsp1, NORMAL_CLOSE);
6438 /* Ensure the modtime is set correctly on the destination file. */
6439 set_close_write_time(fsp2, src_sbuf.st_ex_mtime);
6442 * As we are opening fsp1 read-only we only expect
6443 * an error on close on fsp2 if we are out of space.
6444 * Thus we don't look at the error return from the
6447 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6449 if (!NT_STATUS_IS_OK(status)) {
6453 if (ret != (SMB_OFF_T)src_sbuf.st_ex_size) {
6454 return NT_STATUS_DISK_FULL;
6457 return NT_STATUS_OK;
6460 /****************************************************************************
6461 Reply to a file copy.
6462 ****************************************************************************/
6464 void reply_copy(struct smb_request *req)
6466 connection_struct *conn = req->conn;
6468 char *newname = NULL;
6469 char *directory = NULL;
6470 const char *mask = NULL;
6471 const char mask_star[] = "*";
6474 int error = ERRnoaccess;
6479 bool target_is_directory=False;
6480 bool source_has_wild = False;
6481 bool dest_has_wild = False;
6482 SMB_STRUCT_STAT sbuf1, sbuf2;
6484 TALLOC_CTX *ctx = talloc_tos();
6486 START_PROFILE(SMBcopy);
6489 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6490 END_PROFILE(SMBcopy);
6494 tid2 = SVAL(req->vwv+0, 0);
6495 ofun = SVAL(req->vwv+1, 0);
6496 flags = SVAL(req->vwv+2, 0);
6498 p = (const char *)req->buf;
6499 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6500 &status, &source_has_wild);
6501 if (!NT_STATUS_IS_OK(status)) {
6502 reply_nterror(req, status);
6503 END_PROFILE(SMBcopy);
6506 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6507 &status, &dest_has_wild);
6508 if (!NT_STATUS_IS_OK(status)) {
6509 reply_nterror(req, status);
6510 END_PROFILE(SMBcopy);
6514 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6516 if (tid2 != conn->cnum) {
6517 /* can't currently handle inter share copies XXXX */
6518 DEBUG(3,("Rejecting inter-share copy\n"));
6519 reply_doserror(req, ERRSRV, ERRinvdevice);
6520 END_PROFILE(SMBcopy);
6524 status = resolve_dfspath_wcard(ctx, conn,
6525 req->flags2 & FLAGS2_DFS_PATHNAMES,
6529 if (!NT_STATUS_IS_OK(status)) {
6530 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6531 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6532 ERRSRV, ERRbadpath);
6533 END_PROFILE(SMBcopy);
6536 reply_nterror(req, status);
6537 END_PROFILE(SMBcopy);
6541 status = resolve_dfspath_wcard(ctx, conn,
6542 req->flags2 & FLAGS2_DFS_PATHNAMES,
6546 if (!NT_STATUS_IS_OK(status)) {
6547 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6548 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6549 ERRSRV, ERRbadpath);
6550 END_PROFILE(SMBcopy);
6553 reply_nterror(req, status);
6554 END_PROFILE(SMBcopy);
6558 status = unix_convert(ctx, conn, name, source_has_wild,
6559 &name, NULL, &sbuf1);
6560 if (!NT_STATUS_IS_OK(status)) {
6561 reply_nterror(req, status);
6562 END_PROFILE(SMBcopy);
6566 status = unix_convert(ctx, conn, newname, dest_has_wild,
6567 &newname, NULL, &sbuf2);
6568 if (!NT_STATUS_IS_OK(status)) {
6569 reply_nterror(req, status);
6570 END_PROFILE(SMBcopy);
6574 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6576 if ((flags&1) && target_is_directory) {
6577 reply_doserror(req, ERRDOS, ERRbadfile);
6578 END_PROFILE(SMBcopy);
6582 if ((flags&2) && !target_is_directory) {
6583 reply_doserror(req, ERRDOS, ERRbadpath);
6584 END_PROFILE(SMBcopy);
6588 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6589 /* wants a tree copy! XXXX */
6590 DEBUG(3,("Rejecting tree copy\n"));
6591 reply_doserror(req, ERRSRV, ERRerror);
6592 END_PROFILE(SMBcopy);
6596 p = strrchr_m(name,'/');
6598 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6601 directory = talloc_strdup(ctx, "./");
6606 reply_nterror(req, NT_STATUS_NO_MEMORY);
6607 END_PROFILE(SMBcopy);
6612 * We should only check the mangled cache
6613 * here if unix_convert failed. This means
6614 * that the path in 'mask' doesn't exist
6615 * on the file system and so we need to look
6616 * for a possible mangle. This patch from
6617 * Tine Smukavec <valentin.smukavec@hermes.si>.
6620 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6621 char *new_mask = NULL;
6622 mangle_lookup_name_from_8_3(ctx,
6631 if (!source_has_wild) {
6632 directory = talloc_asprintf_append(directory,
6635 if (dest_has_wild) {
6636 char *mod_newname = NULL;
6637 if (!resolve_wildcards(ctx,
6638 directory,newname,&mod_newname)) {
6639 reply_nterror(req, NT_STATUS_NO_MEMORY);
6640 END_PROFILE(SMBcopy);
6643 newname = mod_newname;
6646 status = check_name(conn, directory);
6647 if (!NT_STATUS_IS_OK(status)) {
6648 reply_nterror(req, status);
6649 END_PROFILE(SMBcopy);
6653 status = check_name(conn, newname);
6654 if (!NT_STATUS_IS_OK(status)) {
6655 reply_nterror(req, status);
6656 END_PROFILE(SMBcopy);
6660 status = copy_file(ctx,conn,directory,newname,ofun,
6661 count,target_is_directory);
6663 if(!NT_STATUS_IS_OK(status)) {
6664 reply_nterror(req, status);
6665 END_PROFILE(SMBcopy);
6671 struct smb_Dir *dir_hnd = NULL;
6672 const char *dname = NULL;
6675 if (strequal(mask,"????????.???")) {
6679 status = check_name(conn, directory);
6680 if (!NT_STATUS_IS_OK(status)) {
6681 reply_nterror(req, status);
6682 END_PROFILE(SMBcopy);
6686 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6687 if (dir_hnd == NULL) {
6688 status = map_nt_error_from_unix(errno);
6689 reply_nterror(req, status);
6690 END_PROFILE(SMBcopy);
6696 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6697 char *destname = NULL;
6700 if (ISDOT(dname) || ISDOTDOT(dname)) {
6704 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6708 if(!mask_match(dname, mask, conn->case_sensitive)) {
6712 error = ERRnoaccess;
6713 fname = talloc_asprintf(ctx,
6718 TALLOC_FREE(dir_hnd);
6719 reply_nterror(req, NT_STATUS_NO_MEMORY);
6720 END_PROFILE(SMBcopy);
6724 if (!resolve_wildcards(ctx,
6725 fname,newname,&destname)) {
6729 TALLOC_FREE(dir_hnd);
6730 reply_nterror(req, NT_STATUS_NO_MEMORY);
6731 END_PROFILE(SMBcopy);
6735 status = check_name(conn, fname);
6736 if (!NT_STATUS_IS_OK(status)) {
6737 TALLOC_FREE(dir_hnd);
6738 reply_nterror(req, status);
6739 END_PROFILE(SMBcopy);
6743 status = check_name(conn, destname);
6744 if (!NT_STATUS_IS_OK(status)) {
6745 TALLOC_FREE(dir_hnd);
6746 reply_nterror(req, status);
6747 END_PROFILE(SMBcopy);
6751 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6753 status = copy_file(ctx,conn,fname,destname,ofun,
6754 count,target_is_directory);
6755 if (NT_STATUS_IS_OK(status)) {
6759 TALLOC_FREE(destname);
6761 TALLOC_FREE(dir_hnd);
6766 /* Error on close... */
6768 reply_unixerror(req, ERRHRD, ERRgeneral);
6769 END_PROFILE(SMBcopy);
6773 reply_doserror(req, ERRDOS, error);
6774 END_PROFILE(SMBcopy);
6778 reply_outbuf(req, 1, 0);
6779 SSVAL(req->outbuf,smb_vwv0,count);
6781 END_PROFILE(SMBcopy);
6786 #define DBGC_CLASS DBGC_LOCKING
6788 /****************************************************************************
6789 Get a lock pid, dealing with large count requests.
6790 ****************************************************************************/
6792 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6793 bool large_file_format)
6795 if(!large_file_format)
6796 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6798 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6801 /****************************************************************************
6802 Get a lock count, dealing with large count requests.
6803 ****************************************************************************/
6805 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6806 bool large_file_format)
6810 if(!large_file_format) {
6811 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6814 #if defined(HAVE_LONGLONG)
6815 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6816 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6817 #else /* HAVE_LONGLONG */
6820 * NT4.x seems to be broken in that it sends large file (64 bit)
6821 * lockingX calls even if the CAP_LARGE_FILES was *not*
6822 * negotiated. For boxes without large unsigned ints truncate the
6823 * lock count by dropping the top 32 bits.
6826 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6827 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6828 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6829 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6830 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6833 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6834 #endif /* HAVE_LONGLONG */
6840 #if !defined(HAVE_LONGLONG)
6841 /****************************************************************************
6842 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6843 ****************************************************************************/
6845 static uint32 map_lock_offset(uint32 high, uint32 low)
6849 uint32 highcopy = high;
6852 * Try and find out how many significant bits there are in high.
6855 for(i = 0; highcopy; i++)
6859 * We use 31 bits not 32 here as POSIX
6860 * lock offsets may not be negative.
6863 mask = (~0) << (31 - i);
6866 return 0; /* Fail. */
6872 #endif /* !defined(HAVE_LONGLONG) */
6874 /****************************************************************************
6875 Get a lock offset, dealing with large offset requests.
6876 ****************************************************************************/
6878 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6879 bool large_file_format, bool *err)
6881 uint64_t offset = 0;
6885 if(!large_file_format) {
6886 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6889 #if defined(HAVE_LONGLONG)
6890 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6891 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6892 #else /* HAVE_LONGLONG */
6895 * NT4.x seems to be broken in that it sends large file (64 bit)
6896 * lockingX calls even if the CAP_LARGE_FILES was *not*
6897 * negotiated. For boxes without large unsigned ints mangle the
6898 * lock offset by mapping the top 32 bits onto the lower 32.
6901 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6902 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6903 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6906 if((new_low = map_lock_offset(high, low)) == 0) {
6908 return (uint64_t)-1;
6911 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6912 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6913 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6914 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6917 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6918 #endif /* HAVE_LONGLONG */
6924 /****************************************************************************
6925 Reply to a lockingX request.
6926 ****************************************************************************/
6928 void reply_lockingX(struct smb_request *req)
6930 connection_struct *conn = req->conn;
6932 unsigned char locktype;
6933 unsigned char oplocklevel;
6936 uint64_t count = 0, offset = 0;
6940 const uint8_t *data;
6941 bool large_file_format;
6943 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6945 START_PROFILE(SMBlockingX);
6948 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6949 END_PROFILE(SMBlockingX);
6953 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6954 locktype = CVAL(req->vwv+3, 0);
6955 oplocklevel = CVAL(req->vwv+3, 1);
6956 num_ulocks = SVAL(req->vwv+6, 0);
6957 num_locks = SVAL(req->vwv+7, 0);
6958 lock_timeout = IVAL(req->vwv+4, 0);
6959 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6961 if (!check_fsp(conn, req, fsp)) {
6962 END_PROFILE(SMBlockingX);
6968 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6969 /* we don't support these - and CANCEL_LOCK makes w2k
6970 and XP reboot so I don't really want to be
6971 compatible! (tridge) */
6972 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6973 END_PROFILE(SMBlockingX);
6977 /* Check if this is an oplock break on a file
6978 we have granted an oplock on.
6980 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6981 /* Client can insist on breaking to none. */
6982 bool break_to_none = (oplocklevel == 0);
6985 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6986 "for fnum = %d\n", (unsigned int)oplocklevel,
6990 * Make sure we have granted an exclusive or batch oplock on
6994 if (fsp->oplock_type == 0) {
6996 /* The Samba4 nbench simulator doesn't understand
6997 the difference between break to level2 and break
6998 to none from level2 - it sends oplock break
6999 replies in both cases. Don't keep logging an error
7000 message here - just ignore it. JRA. */
7002 DEBUG(5,("reply_lockingX: Error : oplock break from "
7003 "client for fnum = %d (oplock=%d) and no "
7004 "oplock granted on this file (%s).\n",
7005 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
7007 /* if this is a pure oplock break request then don't
7009 if (num_locks == 0 && num_ulocks == 0) {
7010 END_PROFILE(SMBlockingX);
7013 END_PROFILE(SMBlockingX);
7014 reply_doserror(req, ERRDOS, ERRlock);
7019 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7021 result = remove_oplock(fsp);
7023 result = downgrade_oplock(fsp);
7027 DEBUG(0, ("reply_lockingX: error in removing "
7028 "oplock on file %s\n", fsp->fsp_name));
7029 /* Hmmm. Is this panic justified? */
7030 smb_panic("internal tdb error");
7033 reply_to_oplock_break_requests(fsp);
7035 /* if this is a pure oplock break request then don't send a
7037 if (num_locks == 0 && num_ulocks == 0) {
7038 /* Sanity check - ensure a pure oplock break is not a
7040 if(CVAL(req->vwv+0, 0) != 0xff)
7041 DEBUG(0,("reply_lockingX: Error : pure oplock "
7042 "break is a chained %d request !\n",
7043 (unsigned int)CVAL(req->vwv+0, 0)));
7044 END_PROFILE(SMBlockingX);
7050 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7051 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7052 END_PROFILE(SMBlockingX);
7056 /* Data now points at the beginning of the list
7057 of smb_unlkrng structs */
7058 for(i = 0; i < (int)num_ulocks; i++) {
7059 lock_pid = get_lock_pid( data, i, large_file_format);
7060 count = get_lock_count( data, i, large_file_format);
7061 offset = get_lock_offset( data, i, large_file_format, &err);
7064 * There is no error code marked "stupid client bug".... :-).
7067 END_PROFILE(SMBlockingX);
7068 reply_doserror(req, ERRDOS, ERRnoaccess);
7072 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
7073 "pid %u, file %s\n", (double)offset, (double)count,
7074 (unsigned int)lock_pid, fsp->fsp_name ));
7076 status = do_unlock(smbd_messaging_context(),
7083 DEBUG(10, ("reply_lockingX: unlock returned %s\n",
7084 nt_errstr(status)));
7086 if (NT_STATUS_V(status)) {
7087 END_PROFILE(SMBlockingX);
7088 reply_nterror(req, status);
7093 /* Setup the timeout in seconds. */
7095 if (!lp_blocking_locks(SNUM(conn))) {
7099 /* Now do any requested locks */
7100 data += ((large_file_format ? 20 : 10)*num_ulocks);
7102 /* Data now points at the beginning of the list
7103 of smb_lkrng structs */
7105 for(i = 0; i < (int)num_locks; i++) {
7106 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
7107 READ_LOCK:WRITE_LOCK);
7108 lock_pid = get_lock_pid( data, i, large_file_format);
7109 count = get_lock_count( data, i, large_file_format);
7110 offset = get_lock_offset( data, i, large_file_format, &err);
7113 * There is no error code marked "stupid client bug".... :-).
7116 END_PROFILE(SMBlockingX);
7117 reply_doserror(req, ERRDOS, ERRnoaccess);
7121 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
7122 "%u, file %s timeout = %d\n", (double)offset,
7123 (double)count, (unsigned int)lock_pid,
7124 fsp->fsp_name, (int)lock_timeout ));
7126 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7127 struct blocking_lock_record *blr = NULL;
7129 if (lp_blocking_locks(SNUM(conn))) {
7131 /* Schedule a message to ourselves to
7132 remove the blocking lock record and
7133 return the right error. */
7135 blr = blocking_lock_cancel(fsp,
7141 NT_STATUS_FILE_LOCK_CONFLICT);
7143 END_PROFILE(SMBlockingX);
7148 ERRcancelviolation));
7152 /* Remove a matching pending lock. */
7153 status = do_lock_cancel(fsp,
7160 bool blocking_lock = lock_timeout ? True : False;
7161 bool defer_lock = False;
7162 struct byte_range_lock *br_lck;
7163 uint32 block_smbpid;
7165 br_lck = do_lock(smbd_messaging_context(),
7177 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7178 /* Windows internal resolution for blocking locks seems
7179 to be about 200ms... Don't wait for less than that. JRA. */
7180 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
7181 lock_timeout = lp_lock_spin_time();
7186 /* This heuristic seems to match W2K3 very well. If a
7187 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7188 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7189 far as I can tell. Replacement for do_lock_spin(). JRA. */
7191 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7192 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7194 lock_timeout = lp_lock_spin_time();
7197 if (br_lck && defer_lock) {
7199 * A blocking lock was requested. Package up
7200 * this smb into a queued request and push it
7201 * onto the blocking lock queue.
7203 if(push_blocking_lock_request(br_lck,
7214 TALLOC_FREE(br_lck);
7215 END_PROFILE(SMBlockingX);
7220 TALLOC_FREE(br_lck);
7223 if (NT_STATUS_V(status)) {
7228 /* If any of the above locks failed, then we must unlock
7229 all of the previous locks (X/Open spec). */
7230 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7232 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7233 i = -1; /* we want to skip the for loop */
7237 * Ensure we don't do a remove on the lock that just failed,
7238 * as under POSIX rules, if we have a lock already there, we
7239 * will delete it (and we shouldn't) .....
7241 for(i--; i >= 0; i--) {
7242 lock_pid = get_lock_pid( data, i, large_file_format);
7243 count = get_lock_count( data, i, large_file_format);
7244 offset = get_lock_offset( data, i, large_file_format,
7248 * There is no error code marked "stupid client
7252 END_PROFILE(SMBlockingX);
7253 reply_doserror(req, ERRDOS, ERRnoaccess);
7257 do_unlock(smbd_messaging_context(),
7264 END_PROFILE(SMBlockingX);
7265 reply_nterror(req, status);
7269 reply_outbuf(req, 2, 0);
7271 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7272 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7274 END_PROFILE(SMBlockingX);
7279 #define DBGC_CLASS DBGC_ALL
7281 /****************************************************************************
7282 Reply to a SMBreadbmpx (read block multiplex) request.
7283 Always reply with an error, if someone has a platform really needs this,
7284 please contact vl@samba.org
7285 ****************************************************************************/
7287 void reply_readbmpx(struct smb_request *req)
7289 START_PROFILE(SMBreadBmpx);
7290 reply_doserror(req, ERRSRV, ERRuseSTD);
7291 END_PROFILE(SMBreadBmpx);
7295 /****************************************************************************
7296 Reply to a SMBreadbs (read block multiplex secondary) request.
7297 Always reply with an error, if someone has a platform really needs this,
7298 please contact vl@samba.org
7299 ****************************************************************************/
7301 void reply_readbs(struct smb_request *req)
7303 START_PROFILE(SMBreadBs);
7304 reply_doserror(req, ERRSRV, ERRuseSTD);
7305 END_PROFILE(SMBreadBs);
7309 /****************************************************************************
7310 Reply to a SMBsetattrE.
7311 ****************************************************************************/
7313 void reply_setattrE(struct smb_request *req)
7315 connection_struct *conn = req->conn;
7316 struct smb_file_time ft;
7318 SMB_STRUCT_STAT sbuf;
7321 START_PROFILE(SMBsetattrE);
7325 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7326 END_PROFILE(SMBsetattrE);
7330 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7332 if(!fsp || (fsp->conn != conn)) {
7333 reply_doserror(req, ERRDOS, ERRbadfid);
7334 END_PROFILE(SMBsetattrE);
7340 * Convert the DOS times into unix times.
7343 ft.atime = convert_time_t_to_timespec(
7344 srv_make_unix_date2(req->vwv+3));
7345 ft.mtime = convert_time_t_to_timespec(
7346 srv_make_unix_date2(req->vwv+5));
7347 ft.create_time = convert_time_t_to_timespec(
7348 srv_make_unix_date2(req->vwv+1));
7350 reply_outbuf(req, 0, 0);
7353 * Patch from Ray Frush <frush@engr.colostate.edu>
7354 * Sometimes times are sent as zero - ignore them.
7357 /* Ensure we have a valid stat struct for the source. */
7358 if (fsp->fh->fd != -1) {
7359 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7360 status = map_nt_error_from_unix(errno);
7361 reply_nterror(req, status);
7362 END_PROFILE(SMBsetattrE);
7368 if (fsp->posix_open) {
7369 ret = SMB_VFS_LSTAT(conn, fsp->fsp_name, &sbuf);
7371 ret = SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf);
7374 status = map_nt_error_from_unix(errno);
7375 reply_nterror(req, status);
7376 END_PROFILE(SMBsetattrE);
7381 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7383 if (!NT_STATUS_IS_OK(status)) {
7384 reply_doserror(req, ERRDOS, ERRnoaccess);
7385 END_PROFILE(SMBsetattrE);
7389 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7392 (unsigned int)ft.atime.tv_sec,
7393 (unsigned int)ft.mtime.tv_sec,
7394 (unsigned int)ft.create_time.tv_sec
7397 END_PROFILE(SMBsetattrE);
7402 /* Back from the dead for OS/2..... JRA. */
7404 /****************************************************************************
7405 Reply to a SMBwritebmpx (write block multiplex primary) request.
7406 Always reply with an error, if someone has a platform really needs this,
7407 please contact vl@samba.org
7408 ****************************************************************************/
7410 void reply_writebmpx(struct smb_request *req)
7412 START_PROFILE(SMBwriteBmpx);
7413 reply_doserror(req, ERRSRV, ERRuseSTD);
7414 END_PROFILE(SMBwriteBmpx);
7418 /****************************************************************************
7419 Reply to a SMBwritebs (write block multiplex secondary) request.
7420 Always reply with an error, if someone has a platform really needs this,
7421 please contact vl@samba.org
7422 ****************************************************************************/
7424 void reply_writebs(struct smb_request *req)
7426 START_PROFILE(SMBwriteBs);
7427 reply_doserror(req, ERRSRV, ERRuseSTD);
7428 END_PROFILE(SMBwriteBs);
7432 /****************************************************************************
7433 Reply to a SMBgetattrE.
7434 ****************************************************************************/
7436 void reply_getattrE(struct smb_request *req)
7438 connection_struct *conn = req->conn;
7439 SMB_STRUCT_STAT sbuf;
7442 struct timespec create_ts;
7444 START_PROFILE(SMBgetattrE);
7447 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7448 END_PROFILE(SMBgetattrE);
7452 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7454 if(!fsp || (fsp->conn != conn)) {
7455 reply_doserror(req, ERRDOS, ERRbadfid);
7456 END_PROFILE(SMBgetattrE);
7460 /* Do an fstat on this file */
7461 if(fsp_stat(fsp, &sbuf)) {
7462 reply_unixerror(req, ERRDOS, ERRnoaccess);
7463 END_PROFILE(SMBgetattrE);
7467 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7470 * Convert the times into dos times. Set create
7471 * date to be last modify date as UNIX doesn't save
7475 reply_outbuf(req, 11, 0);
7477 create_ts = sbuf.st_ex_btime;
7478 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7479 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7480 convert_timespec_to_time_t(sbuf.st_ex_atime));
7481 /* Should we check pending modtime here ? JRA */
7482 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7483 convert_timespec_to_time_t(sbuf.st_ex_mtime));
7486 SIVAL(req->outbuf, smb_vwv6, 0);
7487 SIVAL(req->outbuf, smb_vwv8, 0);
7489 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf);
7490 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_ex_size);
7491 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7493 SSVAL(req->outbuf,smb_vwv10, mode);
7495 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7497 END_PROFILE(SMBgetattrE);