2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 extern uint32 global_client_caps;
34 extern bool global_encrypted_passwords_negotiated;
36 /****************************************************************************
37 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
38 path or anything including wildcards.
39 We're assuming here that '/' is not the second byte in any multibyte char
40 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
42 ****************************************************************************/
44 /* Custom version for processing POSIX paths. */
45 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
47 static NTSTATUS check_path_syntax_internal(char *path,
49 bool *p_last_component_contains_wcard)
53 NTSTATUS ret = NT_STATUS_OK;
54 bool start_of_name_component = True;
55 bool stream_started = false;
57 *p_last_component_contains_wcard = False;
64 return NT_STATUS_OBJECT_NAME_INVALID;
67 return NT_STATUS_OBJECT_NAME_INVALID;
69 if (strchr_m(&s[1], ':')) {
70 return NT_STATUS_OBJECT_NAME_INVALID;
72 if (StrCaseCmp(s, ":$DATA") != 0) {
73 return NT_STATUS_INVALID_PARAMETER;
79 if (!stream_started && *s == ':') {
80 if (*p_last_component_contains_wcard) {
81 return NT_STATUS_OBJECT_NAME_INVALID;
83 /* stream names allow more characters than file names */
84 stream_started = true;
85 start_of_name_component = false;
89 return NT_STATUS_OBJECT_NAME_INVALID;
93 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
95 * Safe to assume is not the second part of a mb char
96 * as this is handled below.
98 /* Eat multiple '/' or '\\' */
99 while (IS_PATH_SEP(*s,posix_path)) {
102 if ((d != path) && (*s != '\0')) {
103 /* We only care about non-leading or trailing '/' or '\\' */
107 start_of_name_component = True;
109 *p_last_component_contains_wcard = False;
113 if (start_of_name_component) {
114 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
115 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
118 * No mb char starts with '.' so we're safe checking the directory separator here.
121 /* If we just added a '/' - delete it */
122 if ((d > path) && (*(d-1) == '/')) {
127 /* Are we at the start ? Can't go back further if so. */
129 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
132 /* Go back one level... */
133 /* We know this is safe as '/' cannot be part of a mb sequence. */
134 /* NOTE - if this assumption is invalid we are not in good shape... */
135 /* Decrement d first as d points to the *next* char to write into. */
136 for (d--; d > path; d--) {
140 s += 2; /* Else go past the .. */
141 /* We're still at the start of a name component, just the previous one. */
144 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
156 if (*s <= 0x1f || *s == '|') {
157 return NT_STATUS_OBJECT_NAME_INVALID;
165 *p_last_component_contains_wcard = True;
174 /* Get the size of the next MB character. */
175 next_codepoint(s,&siz);
193 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
195 return NT_STATUS_INVALID_PARAMETER;
198 start_of_name_component = False;
206 /****************************************************************************
207 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
208 No wildcards allowed.
209 ****************************************************************************/
211 NTSTATUS check_path_syntax(char *path)
214 return check_path_syntax_internal(path, False, &ignore);
217 /****************************************************************************
218 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
219 Wildcards allowed - p_contains_wcard returns true if the last component contained
221 ****************************************************************************/
223 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
225 return check_path_syntax_internal(path, False, p_contains_wcard);
228 /****************************************************************************
229 Check the path for a POSIX client.
230 We're assuming here that '/' is not the second byte in any multibyte char
231 set (a safe assumption).
232 ****************************************************************************/
234 NTSTATUS check_path_syntax_posix(char *path)
237 return check_path_syntax_internal(path, True, &ignore);
240 /****************************************************************************
241 Pull a string and check the path allowing a wilcard - provide for error return.
242 ****************************************************************************/
244 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
245 const char *base_ptr,
252 bool *contains_wcard)
258 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
262 *err = NT_STATUS_INVALID_PARAMETER;
266 *contains_wcard = False;
268 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
270 * For a DFS path the function parse_dfs_path()
271 * will do the path processing, just make a copy.
277 if (lp_posix_pathnames()) {
278 *err = check_path_syntax_posix(*pp_dest);
280 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
286 /****************************************************************************
287 Pull a string and check the path - provide for error return.
288 ****************************************************************************/
290 size_t srvstr_get_path(TALLOC_CTX *ctx,
291 const char *base_ptr,
300 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
301 src_len, flags, err, &ignore);
304 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
305 char **pp_dest, const char *src, int flags,
306 NTSTATUS *err, bool *contains_wcard)
308 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
309 pp_dest, src, smbreq_bufrem(req, src),
310 flags, err, contains_wcard);
313 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
314 char **pp_dest, const char *src, int flags,
318 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
319 flags, err, &ignore);
322 /****************************************************************************
323 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
324 ****************************************************************************/
326 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
329 if (!(fsp) || !(conn)) {
330 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
333 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
334 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
340 /****************************************************************************
341 Check if we have a correct fsp pointing to a file.
342 ****************************************************************************/
344 bool check_fsp(connection_struct *conn, struct smb_request *req,
347 if (!check_fsp_open(conn, req, fsp)) {
350 if ((fsp)->is_directory) {
351 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
354 if ((fsp)->fh->fd == -1) {
355 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
358 (fsp)->num_smb_operations++;
362 /****************************************************************************
363 Check if we have a correct fsp pointing to a quota fake file. Replacement for
364 the CHECK_NTQUOTA_HANDLE_OK macro.
365 ****************************************************************************/
367 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
370 if (!check_fsp_open(conn, req, fsp)) {
374 if (fsp->is_directory) {
378 if (fsp->fake_file_handle == NULL) {
382 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
386 if (fsp->fake_file_handle->private_data == NULL) {
393 /****************************************************************************
394 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
395 ****************************************************************************/
397 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
400 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
401 && (req->vuid == (fsp)->vuid)) {
405 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
409 /****************************************************************************
410 Reply to a (netbios-level) special message.
411 ****************************************************************************/
413 void reply_special(char *inbuf)
415 int msg_type = CVAL(inbuf,0);
416 int msg_flags = CVAL(inbuf,1);
421 * We only really use 4 bytes of the outbuf, but for the smb_setlen
422 * calculation & friends (srv_send_smb uses that) we need the full smb
425 char outbuf[smb_size];
427 static bool already_got_session = False;
431 memset(outbuf, '\0', sizeof(outbuf));
433 smb_setlen(outbuf,0);
436 case 0x81: /* session request */
438 if (already_got_session) {
439 exit_server_cleanly("multiple session request not permitted");
442 SCVAL(outbuf,0,0x82);
444 if (name_len(inbuf+4) > 50 ||
445 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
446 DEBUG(0,("Invalid name length in session request\n"));
449 name_extract(inbuf,4,name1);
450 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
451 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
454 set_local_machine_name(name1, True);
455 set_remote_machine_name(name2, True);
457 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
458 get_local_machine_name(), get_remote_machine_name(),
461 if (name_type == 'R') {
462 /* We are being asked for a pathworks session ---
464 SCVAL(outbuf, 0,0x83);
468 /* only add the client's machine name to the list
469 of possibly valid usernames if we are operating
470 in share mode security */
471 if (lp_security() == SEC_SHARE) {
472 add_session_user(get_remote_machine_name());
475 reload_services(True);
478 already_got_session = True;
481 case 0x89: /* session keepalive request
482 (some old clients produce this?) */
483 SCVAL(outbuf,0,SMBkeepalive);
487 case 0x82: /* positive session response */
488 case 0x83: /* negative session response */
489 case 0x84: /* retarget session response */
490 DEBUG(0,("Unexpected session response\n"));
493 case SMBkeepalive: /* session keepalive */
498 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
499 msg_type, msg_flags));
501 srv_send_smb(smbd_server_fd(), outbuf, false);
505 /****************************************************************************
507 conn POINTER CAN BE NULL HERE !
508 ****************************************************************************/
510 void reply_tcon(struct smb_request *req)
512 connection_struct *conn = req->conn;
514 char *service_buf = NULL;
515 char *password = NULL;
520 DATA_BLOB password_blob;
521 TALLOC_CTX *ctx = talloc_tos();
523 START_PROFILE(SMBtcon);
525 if (req->buflen < 4) {
526 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
527 END_PROFILE(SMBtcon);
531 p = (const char *)req->buf + 1;
532 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
534 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
536 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
539 if (service_buf == NULL || password == NULL || dev == NULL) {
540 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
541 END_PROFILE(SMBtcon);
544 p = strrchr_m(service_buf,'\\');
548 service = service_buf;
551 password_blob = data_blob(password, pwlen+1);
553 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
556 data_blob_clear_free(&password_blob);
559 reply_nterror(req, nt_status);
560 END_PROFILE(SMBtcon);
564 reply_outbuf(req, 2, 0);
565 SSVAL(req->outbuf,smb_vwv0,max_recv);
566 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
567 SSVAL(req->outbuf,smb_tid,conn->cnum);
569 DEBUG(3,("tcon service=%s cnum=%d\n",
570 service, conn->cnum));
572 END_PROFILE(SMBtcon);
576 /****************************************************************************
577 Reply to a tcon and X.
578 conn POINTER CAN BE NULL HERE !
579 ****************************************************************************/
581 void reply_tcon_and_X(struct smb_request *req)
583 connection_struct *conn = req->conn;
584 const char *service = NULL;
586 TALLOC_CTX *ctx = talloc_tos();
587 /* what the cleint thinks the device is */
588 char *client_devicetype = NULL;
589 /* what the server tells the client the share represents */
590 const char *server_devicetype;
597 START_PROFILE(SMBtconX);
600 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
601 END_PROFILE(SMBtconX);
605 passlen = SVAL(req->vwv+3, 0);
606 tcon_flags = SVAL(req->vwv+2, 0);
608 /* we might have to close an old one */
609 if ((tcon_flags & 0x1) && conn) {
610 close_cnum(conn,req->vuid);
615 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
616 reply_doserror(req, ERRDOS, ERRbuftoosmall);
617 END_PROFILE(SMBtconX);
621 if (global_encrypted_passwords_negotiated) {
622 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
623 if (lp_security() == SEC_SHARE) {
625 * Security = share always has a pad byte
626 * after the password.
628 p = (const char *)req->buf + passlen + 1;
630 p = (const char *)req->buf + passlen;
633 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
634 /* Ensure correct termination */
635 password.data[passlen]=0;
636 p = (const char *)req->buf + passlen + 1;
639 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
642 data_blob_clear_free(&password);
643 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
644 END_PROFILE(SMBtconX);
649 * the service name can be either: \\server\share
650 * or share directly like on the DELL PowerVault 705
653 q = strchr_m(path+2,'\\');
655 data_blob_clear_free(&password);
656 reply_doserror(req, ERRDOS, ERRnosuchshare);
657 END_PROFILE(SMBtconX);
665 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
666 &client_devicetype, p,
667 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
669 if (client_devicetype == NULL) {
670 data_blob_clear_free(&password);
671 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
672 END_PROFILE(SMBtconX);
676 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
678 conn = make_connection(service, password, client_devicetype,
679 req->vuid, &nt_status);
682 data_blob_clear_free(&password);
685 reply_nterror(req, nt_status);
686 END_PROFILE(SMBtconX);
691 server_devicetype = "IPC";
692 else if ( IS_PRINT(conn) )
693 server_devicetype = "LPT1:";
695 server_devicetype = "A:";
697 if (Protocol < PROTOCOL_NT1) {
698 reply_outbuf(req, 2, 0);
699 if (message_push_string(&req->outbuf, server_devicetype,
700 STR_TERMINATE|STR_ASCII) == -1) {
701 reply_nterror(req, NT_STATUS_NO_MEMORY);
702 END_PROFILE(SMBtconX);
706 /* NT sets the fstype of IPC$ to the null string */
707 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
709 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
710 /* Return permissions. */
714 reply_outbuf(req, 7, 0);
717 perm1 = FILE_ALL_ACCESS;
718 perm2 = FILE_ALL_ACCESS;
720 perm1 = CAN_WRITE(conn) ?
725 SIVAL(req->outbuf, smb_vwv3, perm1);
726 SIVAL(req->outbuf, smb_vwv5, perm2);
728 reply_outbuf(req, 3, 0);
731 if ((message_push_string(&req->outbuf, server_devicetype,
732 STR_TERMINATE|STR_ASCII) == -1)
733 || (message_push_string(&req->outbuf, fstype,
734 STR_TERMINATE) == -1)) {
735 reply_nterror(req, NT_STATUS_NO_MEMORY);
736 END_PROFILE(SMBtconX);
740 /* what does setting this bit do? It is set by NT4 and
741 may affect the ability to autorun mounted cdroms */
742 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
743 (lp_csc_policy(SNUM(conn)) << 2));
745 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
746 DEBUG(2,("Serving %s as a Dfs root\n",
747 lp_servicename(SNUM(conn)) ));
748 SSVAL(req->outbuf, smb_vwv2,
749 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
754 DEBUG(3,("tconX service=%s \n",
757 /* set the incoming and outgoing tid to the just created one */
758 SSVAL(req->inbuf,smb_tid,conn->cnum);
759 SSVAL(req->outbuf,smb_tid,conn->cnum);
761 END_PROFILE(SMBtconX);
767 /****************************************************************************
768 Reply to an unknown type.
769 ****************************************************************************/
771 void reply_unknown_new(struct smb_request *req, uint8 type)
773 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
774 smb_fn_name(type), type, type));
775 reply_doserror(req, ERRSRV, ERRunknownsmb);
779 /****************************************************************************
781 conn POINTER CAN BE NULL HERE !
782 ****************************************************************************/
784 void reply_ioctl(struct smb_request *req)
786 connection_struct *conn = req->conn;
793 START_PROFILE(SMBioctl);
796 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
797 END_PROFILE(SMBioctl);
801 device = SVAL(req->vwv+1, 0);
802 function = SVAL(req->vwv+2, 0);
803 ioctl_code = (device << 16) + function;
805 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
807 switch (ioctl_code) {
808 case IOCTL_QUERY_JOB_INFO:
812 reply_doserror(req, ERRSRV, ERRnosupport);
813 END_PROFILE(SMBioctl);
817 reply_outbuf(req, 8, replysize+1);
818 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
819 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
820 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
821 p = smb_buf(req->outbuf);
822 memset(p, '\0', replysize+1); /* valgrind-safe. */
823 p += 1; /* Allow for alignment */
825 switch (ioctl_code) {
826 case IOCTL_QUERY_JOB_INFO:
828 files_struct *fsp = file_fsp(
829 req, SVAL(req->vwv+0, 0));
831 reply_doserror(req, ERRDOS, ERRbadfid);
832 END_PROFILE(SMBioctl);
835 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
836 srvstr_push((char *)req->outbuf, req->flags2, p+2,
838 STR_TERMINATE|STR_ASCII);
840 srvstr_push((char *)req->outbuf, req->flags2,
841 p+18, lp_servicename(SNUM(conn)),
842 13, STR_TERMINATE|STR_ASCII);
850 END_PROFILE(SMBioctl);
854 /****************************************************************************
855 Strange checkpath NTSTATUS mapping.
856 ****************************************************************************/
858 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
860 /* Strange DOS error code semantics only for checkpath... */
861 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
862 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
863 /* We need to map to ERRbadpath */
864 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
870 /****************************************************************************
871 Reply to a checkpath.
872 ****************************************************************************/
874 void reply_checkpath(struct smb_request *req)
876 connection_struct *conn = req->conn;
878 SMB_STRUCT_STAT sbuf;
880 TALLOC_CTX *ctx = talloc_tos();
882 START_PROFILE(SMBcheckpath);
884 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
885 STR_TERMINATE, &status);
887 if (!NT_STATUS_IS_OK(status)) {
888 status = map_checkpath_error(req->flags2, status);
889 reply_nterror(req, status);
890 END_PROFILE(SMBcheckpath);
894 status = resolve_dfspath(ctx, conn,
895 req->flags2 & FLAGS2_DFS_PATHNAMES,
898 if (!NT_STATUS_IS_OK(status)) {
899 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
900 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
902 END_PROFILE(SMBcheckpath);
908 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
910 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
911 if (!NT_STATUS_IS_OK(status)) {
915 status = check_name(conn, name);
916 if (!NT_STATUS_IS_OK(status)) {
917 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
921 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
922 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
923 status = map_nt_error_from_unix(errno);
927 if (!S_ISDIR(sbuf.st_mode)) {
928 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
930 END_PROFILE(SMBcheckpath);
934 reply_outbuf(req, 0, 0);
936 END_PROFILE(SMBcheckpath);
941 END_PROFILE(SMBcheckpath);
943 /* We special case this - as when a Windows machine
944 is parsing a path is steps through the components
945 one at a time - if a component fails it expects
946 ERRbadpath, not ERRbadfile.
948 status = map_checkpath_error(req->flags2, status);
949 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
951 * Windows returns different error codes if
952 * the parent directory is valid but not the
953 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
954 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
955 * if the path is invalid.
957 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
962 reply_nterror(req, status);
965 /****************************************************************************
967 ****************************************************************************/
969 void reply_getatr(struct smb_request *req)
971 connection_struct *conn = req->conn;
973 SMB_STRUCT_STAT sbuf;
979 TALLOC_CTX *ctx = talloc_tos();
981 START_PROFILE(SMBgetatr);
983 p = (const char *)req->buf + 1;
984 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
985 if (!NT_STATUS_IS_OK(status)) {
986 reply_nterror(req, status);
987 END_PROFILE(SMBgetatr);
991 status = resolve_dfspath(ctx, conn,
992 req->flags2 & FLAGS2_DFS_PATHNAMES,
995 if (!NT_STATUS_IS_OK(status)) {
996 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
997 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
999 END_PROFILE(SMBgetatr);
1002 reply_nterror(req, status);
1003 END_PROFILE(SMBgetatr);
1007 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1008 under WfWg - weird! */
1009 if (*fname == '\0') {
1010 mode = aHIDDEN | aDIR;
1011 if (!CAN_WRITE(conn)) {
1017 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1018 if (!NT_STATUS_IS_OK(status)) {
1019 reply_nterror(req, status);
1020 END_PROFILE(SMBgetatr);
1023 status = check_name(conn, fname);
1024 if (!NT_STATUS_IS_OK(status)) {
1025 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1026 reply_nterror(req, status);
1027 END_PROFILE(SMBgetatr);
1030 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1031 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1032 reply_unixerror(req, ERRDOS,ERRbadfile);
1033 END_PROFILE(SMBgetatr);
1037 mode = dos_mode(conn,fname,&sbuf);
1038 size = sbuf.st_size;
1039 mtime = sbuf.st_mtime;
1045 reply_outbuf(req, 10, 0);
1047 SSVAL(req->outbuf,smb_vwv0,mode);
1048 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1049 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1051 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1053 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1055 if (Protocol >= PROTOCOL_NT1) {
1056 SSVAL(req->outbuf, smb_flg2,
1057 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1060 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1062 END_PROFILE(SMBgetatr);
1066 /****************************************************************************
1068 ****************************************************************************/
1070 void reply_setatr(struct smb_request *req)
1072 struct timespec ts[2];
1073 connection_struct *conn = req->conn;
1077 SMB_STRUCT_STAT sbuf;
1080 TALLOC_CTX *ctx = talloc_tos();
1082 START_PROFILE(SMBsetatr);
1087 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1091 p = (const char *)req->buf + 1;
1092 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1093 if (!NT_STATUS_IS_OK(status)) {
1094 reply_nterror(req, status);
1095 END_PROFILE(SMBsetatr);
1099 status = resolve_dfspath(ctx, conn,
1100 req->flags2 & FLAGS2_DFS_PATHNAMES,
1103 if (!NT_STATUS_IS_OK(status)) {
1104 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1105 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1106 ERRSRV, ERRbadpath);
1107 END_PROFILE(SMBsetatr);
1110 reply_nterror(req, status);
1111 END_PROFILE(SMBsetatr);
1115 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1116 if (!NT_STATUS_IS_OK(status)) {
1117 reply_nterror(req, status);
1118 END_PROFILE(SMBsetatr);
1122 status = check_name(conn, fname);
1123 if (!NT_STATUS_IS_OK(status)) {
1124 reply_nterror(req, status);
1125 END_PROFILE(SMBsetatr);
1129 if (fname[0] == '.' && fname[1] == '\0') {
1131 * Not sure here is the right place to catch this
1132 * condition. Might be moved to somewhere else later -- vl
1134 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1135 END_PROFILE(SMBsetatr);
1139 mode = SVAL(req->vwv+0, 0);
1140 mtime = srv_make_unix_date3(req->vwv+1);
1142 ts[1] = convert_time_t_to_timespec(mtime);
1143 status = smb_set_file_time(conn, NULL, fname,
1145 if (!NT_STATUS_IS_OK(status)) {
1146 reply_unixerror(req, ERRDOS, ERRnoaccess);
1147 END_PROFILE(SMBsetatr);
1151 if (mode != FILE_ATTRIBUTE_NORMAL) {
1152 if (VALID_STAT_OF_DIR(sbuf))
1157 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1158 reply_unixerror(req, ERRDOS, ERRnoaccess);
1159 END_PROFILE(SMBsetatr);
1164 reply_outbuf(req, 0, 0);
1166 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1168 END_PROFILE(SMBsetatr);
1172 /****************************************************************************
1174 ****************************************************************************/
1176 void reply_dskattr(struct smb_request *req)
1178 connection_struct *conn = req->conn;
1179 uint64_t dfree,dsize,bsize;
1180 START_PROFILE(SMBdskattr);
1182 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1183 reply_unixerror(req, ERRHRD, ERRgeneral);
1184 END_PROFILE(SMBdskattr);
1188 reply_outbuf(req, 5, 0);
1190 if (Protocol <= PROTOCOL_LANMAN2) {
1191 double total_space, free_space;
1192 /* we need to scale this to a number that DOS6 can handle. We
1193 use floating point so we can handle large drives on systems
1194 that don't have 64 bit integers
1196 we end up displaying a maximum of 2G to DOS systems
1198 total_space = dsize * (double)bsize;
1199 free_space = dfree * (double)bsize;
1201 dsize = (uint64_t)((total_space+63*512) / (64*512));
1202 dfree = (uint64_t)((free_space+63*512) / (64*512));
1204 if (dsize > 0xFFFF) dsize = 0xFFFF;
1205 if (dfree > 0xFFFF) dfree = 0xFFFF;
1207 SSVAL(req->outbuf,smb_vwv0,dsize);
1208 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1209 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1210 SSVAL(req->outbuf,smb_vwv3,dfree);
1212 SSVAL(req->outbuf,smb_vwv0,dsize);
1213 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1214 SSVAL(req->outbuf,smb_vwv2,512);
1215 SSVAL(req->outbuf,smb_vwv3,dfree);
1218 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1220 END_PROFILE(SMBdskattr);
1224 /****************************************************************************
1226 Can be called from SMBsearch, SMBffirst or SMBfunique.
1227 ****************************************************************************/
1229 void reply_search(struct smb_request *req)
1231 connection_struct *conn = req->conn;
1232 const char *mask = NULL;
1233 char *directory = NULL;
1239 unsigned int numentries = 0;
1240 unsigned int maxentries = 0;
1241 bool finished = False;
1247 bool check_descend = False;
1248 bool expect_close = False;
1250 bool mask_contains_wcard = False;
1251 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1252 TALLOC_CTX *ctx = talloc_tos();
1253 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1255 START_PROFILE(SMBsearch);
1258 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1259 END_PROFILE(SMBsearch);
1263 if (lp_posix_pathnames()) {
1264 reply_unknown_new(req, req->cmd);
1265 END_PROFILE(SMBsearch);
1269 /* If we were called as SMBffirst then we must expect close. */
1270 if(req->cmd == SMBffirst) {
1271 expect_close = True;
1274 reply_outbuf(req, 1, 3);
1275 maxentries = SVAL(req->vwv+0, 0);
1276 dirtype = SVAL(req->vwv+1, 0);
1277 p = (const char *)req->buf + 1;
1278 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1279 &nt_status, &mask_contains_wcard);
1280 if (!NT_STATUS_IS_OK(nt_status)) {
1281 reply_nterror(req, nt_status);
1282 END_PROFILE(SMBsearch);
1286 nt_status = resolve_dfspath_wcard(ctx, conn,
1287 req->flags2 & FLAGS2_DFS_PATHNAMES,
1290 &mask_contains_wcard);
1291 if (!NT_STATUS_IS_OK(nt_status)) {
1292 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1293 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1294 ERRSRV, ERRbadpath);
1295 END_PROFILE(SMBsearch);
1298 reply_nterror(req, nt_status);
1299 END_PROFILE(SMBsearch);
1304 status_len = SVAL(p, 0);
1307 /* dirtype &= ~aDIR; */
1309 if (status_len == 0) {
1310 SMB_STRUCT_STAT sbuf;
1312 nt_status = unix_convert(ctx, conn, path, True,
1313 &directory, NULL, &sbuf);
1314 if (!NT_STATUS_IS_OK(nt_status)) {
1315 reply_nterror(req, nt_status);
1316 END_PROFILE(SMBsearch);
1320 nt_status = check_name(conn, directory);
1321 if (!NT_STATUS_IS_OK(nt_status)) {
1322 reply_nterror(req, nt_status);
1323 END_PROFILE(SMBsearch);
1327 p = strrchr_m(directory,'/');
1328 if ((p != NULL) && (*directory != '/')) {
1330 directory = talloc_strndup(ctx, directory,
1331 PTR_DIFF(p, directory));
1334 directory = talloc_strdup(ctx,".");
1338 reply_nterror(req, NT_STATUS_NO_MEMORY);
1339 END_PROFILE(SMBsearch);
1343 memset((char *)status,'\0',21);
1344 SCVAL(status,0,(dirtype & 0x1F));
1346 nt_status = dptr_create(conn,
1352 mask_contains_wcard,
1355 if (!NT_STATUS_IS_OK(nt_status)) {
1356 reply_nterror(req, nt_status);
1357 END_PROFILE(SMBsearch);
1360 dptr_num = dptr_dnum(conn->dirptr);
1364 memcpy(status,p,21);
1365 status_dirtype = CVAL(status,0) & 0x1F;
1366 if (status_dirtype != (dirtype & 0x1F)) {
1367 dirtype = status_dirtype;
1370 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1371 if (!conn->dirptr) {
1374 string_set(&conn->dirpath,dptr_path(dptr_num));
1375 mask = dptr_wcard(dptr_num);
1380 * For a 'continue' search we have no string. So
1381 * check from the initial saved string.
1383 mask_contains_wcard = ms_has_wild(mask);
1384 dirtype = dptr_attr(dptr_num);
1387 DEBUG(4,("dptr_num is %d\n",dptr_num));
1389 if ((dirtype&0x1F) == aVOLID) {
1390 char buf[DIR_STRUCT_SIZE];
1391 memcpy(buf,status,21);
1392 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1393 0,aVOLID,0,!allow_long_path_components)) {
1394 reply_nterror(req, NT_STATUS_NO_MEMORY);
1395 END_PROFILE(SMBsearch);
1398 dptr_fill(buf+12,dptr_num);
1399 if (dptr_zero(buf+12) && (status_len==0)) {
1404 if (message_push_blob(&req->outbuf,
1405 data_blob_const(buf, sizeof(buf)))
1407 reply_nterror(req, NT_STATUS_NO_MEMORY);
1408 END_PROFILE(SMBsearch);
1416 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1419 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1420 conn->dirpath,lp_dontdescend(SNUM(conn))));
1421 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1422 check_descend = True;
1425 for (i=numentries;(i<maxentries) && !finished;i++) {
1426 finished = !get_dir_entry(ctx,
1437 char buf[DIR_STRUCT_SIZE];
1438 memcpy(buf,status,21);
1439 if (!make_dir_struct(ctx,
1446 !allow_long_path_components)) {
1447 reply_nterror(req, NT_STATUS_NO_MEMORY);
1448 END_PROFILE(SMBsearch);
1451 if (!dptr_fill(buf+12,dptr_num)) {
1454 if (message_push_blob(&req->outbuf,
1455 data_blob_const(buf, sizeof(buf)))
1457 reply_nterror(req, NT_STATUS_NO_MEMORY);
1458 END_PROFILE(SMBsearch);
1468 /* If we were called as SMBffirst with smb_search_id == NULL
1469 and no entries were found then return error and close dirptr
1472 if (numentries == 0) {
1473 dptr_close(&dptr_num);
1474 } else if(expect_close && status_len == 0) {
1475 /* Close the dptr - we know it's gone */
1476 dptr_close(&dptr_num);
1479 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1480 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1481 dptr_close(&dptr_num);
1484 if ((numentries == 0) && !mask_contains_wcard) {
1485 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1486 END_PROFILE(SMBsearch);
1490 SSVAL(req->outbuf,smb_vwv0,numentries);
1491 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1492 SCVAL(smb_buf(req->outbuf),0,5);
1493 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1495 /* The replies here are never long name. */
1496 SSVAL(req->outbuf, smb_flg2,
1497 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1498 if (!allow_long_path_components) {
1499 SSVAL(req->outbuf, smb_flg2,
1500 SVAL(req->outbuf, smb_flg2)
1501 & (~FLAGS2_LONG_PATH_COMPONENTS));
1504 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1505 SSVAL(req->outbuf, smb_flg2,
1506 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1509 directory = dptr_path(dptr_num);
1512 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1513 smb_fn_name(req->cmd),
1515 directory ? directory : "./",
1520 END_PROFILE(SMBsearch);
1524 /****************************************************************************
1525 Reply to a fclose (stop directory search).
1526 ****************************************************************************/
1528 void reply_fclose(struct smb_request *req)
1536 bool path_contains_wcard = False;
1537 TALLOC_CTX *ctx = talloc_tos();
1539 START_PROFILE(SMBfclose);
1541 if (lp_posix_pathnames()) {
1542 reply_unknown_new(req, req->cmd);
1543 END_PROFILE(SMBfclose);
1547 p = (const char *)req->buf + 1;
1548 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1549 &err, &path_contains_wcard);
1550 if (!NT_STATUS_IS_OK(err)) {
1551 reply_nterror(req, err);
1552 END_PROFILE(SMBfclose);
1556 status_len = SVAL(p,0);
1559 if (status_len == 0) {
1560 reply_doserror(req, ERRSRV, ERRsrverror);
1561 END_PROFILE(SMBfclose);
1565 memcpy(status,p,21);
1567 if(dptr_fetch(status+12,&dptr_num)) {
1568 /* Close the dptr - we know it's gone */
1569 dptr_close(&dptr_num);
1572 reply_outbuf(req, 1, 0);
1573 SSVAL(req->outbuf,smb_vwv0,0);
1575 DEBUG(3,("search close\n"));
1577 END_PROFILE(SMBfclose);
1581 /****************************************************************************
1583 ****************************************************************************/
1585 void reply_open(struct smb_request *req)
1587 connection_struct *conn = req->conn;
1593 SMB_STRUCT_STAT sbuf;
1600 uint32 create_disposition;
1601 uint32 create_options = 0;
1603 TALLOC_CTX *ctx = talloc_tos();
1605 START_PROFILE(SMBopen);
1608 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1609 END_PROFILE(SMBopen);
1613 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1614 deny_mode = SVAL(req->vwv+0, 0);
1615 dos_attr = SVAL(req->vwv+1, 0);
1617 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1618 STR_TERMINATE, &status);
1619 if (!NT_STATUS_IS_OK(status)) {
1620 reply_nterror(req, status);
1621 END_PROFILE(SMBopen);
1625 if (!map_open_params_to_ntcreate(
1626 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1627 &share_mode, &create_disposition, &create_options)) {
1628 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1629 END_PROFILE(SMBopen);
1633 status = SMB_VFS_CREATE_FILE(
1636 0, /* root_dir_fid */
1638 true, /* is_dos_path */
1639 access_mask, /* access_mask */
1640 share_mode, /* share_access */
1641 create_disposition, /* create_disposition*/
1642 create_options, /* create_options */
1643 dos_attr, /* file_attributes */
1644 oplock_request, /* oplock_request */
1645 0, /* allocation_size */
1652 if (!NT_STATUS_IS_OK(status)) {
1653 if (open_was_deferred(req->mid)) {
1654 /* We have re-scheduled this call. */
1655 END_PROFILE(SMBopen);
1658 reply_openerror(req, status);
1659 END_PROFILE(SMBopen);
1663 size = sbuf.st_size;
1664 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1665 mtime = sbuf.st_mtime;
1668 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1669 close_file(req, fsp, ERROR_CLOSE);
1670 reply_doserror(req, ERRDOS,ERRnoaccess);
1671 END_PROFILE(SMBopen);
1675 reply_outbuf(req, 7, 0);
1676 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1677 SSVAL(req->outbuf,smb_vwv1,fattr);
1678 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1679 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1681 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1683 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1684 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1686 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1687 SCVAL(req->outbuf,smb_flg,
1688 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1691 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1692 SCVAL(req->outbuf,smb_flg,
1693 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1695 END_PROFILE(SMBopen);
1699 /****************************************************************************
1700 Reply to an open and X.
1701 ****************************************************************************/
1703 void reply_open_and_X(struct smb_request *req)
1705 connection_struct *conn = req->conn;
1710 /* Breakout the oplock request bits so we can set the
1711 reply bits separately. */
1712 int ex_oplock_request;
1713 int core_oplock_request;
1716 int smb_sattr = SVAL(req->vwv+4, 0);
1717 uint32 smb_time = make_unix_date3(req->vwv+6);
1722 SMB_STRUCT_STAT sbuf;
1726 uint64_t allocation_size;
1727 ssize_t retval = -1;
1730 uint32 create_disposition;
1731 uint32 create_options = 0;
1732 TALLOC_CTX *ctx = talloc_tos();
1734 START_PROFILE(SMBopenX);
1736 if (req->wct < 15) {
1737 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1738 END_PROFILE(SMBopenX);
1742 open_flags = SVAL(req->vwv+2, 0);
1743 deny_mode = SVAL(req->vwv+3, 0);
1744 smb_attr = SVAL(req->vwv+5, 0);
1745 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1746 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1747 oplock_request = ex_oplock_request | core_oplock_request;
1748 smb_ofun = SVAL(req->vwv+8, 0);
1749 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1751 /* If it's an IPC, pass off the pipe handler. */
1753 if (lp_nt_pipe_support()) {
1754 reply_open_pipe_and_X(conn, req);
1756 reply_doserror(req, ERRSRV, ERRaccess);
1758 END_PROFILE(SMBopenX);
1762 /* XXXX we need to handle passed times, sattr and flags */
1763 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1764 STR_TERMINATE, &status);
1765 if (!NT_STATUS_IS_OK(status)) {
1766 reply_nterror(req, status);
1767 END_PROFILE(SMBopenX);
1771 if (!map_open_params_to_ntcreate(
1772 fname, deny_mode, smb_ofun, &access_mask,
1773 &share_mode, &create_disposition, &create_options)) {
1774 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1775 END_PROFILE(SMBopenX);
1779 status = SMB_VFS_CREATE_FILE(
1782 0, /* root_dir_fid */
1784 true, /* is_dos_path */
1785 access_mask, /* access_mask */
1786 share_mode, /* share_access */
1787 create_disposition, /* create_disposition*/
1788 create_options, /* create_options */
1789 smb_attr, /* file_attributes */
1790 oplock_request, /* oplock_request */
1791 0, /* allocation_size */
1795 &smb_action, /* pinfo */
1798 if (!NT_STATUS_IS_OK(status)) {
1799 END_PROFILE(SMBopenX);
1800 if (open_was_deferred(req->mid)) {
1801 /* We have re-scheduled this call. */
1804 reply_openerror(req, status);
1808 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1809 if the file is truncated or created. */
1810 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1811 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1812 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1813 close_file(req, fsp, ERROR_CLOSE);
1814 reply_nterror(req, NT_STATUS_DISK_FULL);
1815 END_PROFILE(SMBopenX);
1818 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1820 close_file(req, fsp, ERROR_CLOSE);
1821 reply_nterror(req, NT_STATUS_DISK_FULL);
1822 END_PROFILE(SMBopenX);
1825 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1828 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1829 mtime = sbuf.st_mtime;
1831 close_file(req, fsp, ERROR_CLOSE);
1832 reply_doserror(req, ERRDOS, ERRnoaccess);
1833 END_PROFILE(SMBopenX);
1837 /* If the caller set the extended oplock request bit
1838 and we granted one (by whatever means) - set the
1839 correct bit for extended oplock reply.
1842 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1843 smb_action |= EXTENDED_OPLOCK_GRANTED;
1846 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1847 smb_action |= EXTENDED_OPLOCK_GRANTED;
1850 /* If the caller set the core oplock request bit
1851 and we granted one (by whatever means) - set the
1852 correct bit for core oplock reply.
1855 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1856 reply_outbuf(req, 19, 0);
1858 reply_outbuf(req, 15, 0);
1861 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1862 SCVAL(req->outbuf, smb_flg,
1863 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1866 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1867 SCVAL(req->outbuf, smb_flg,
1868 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1871 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1872 SSVAL(req->outbuf,smb_vwv3,fattr);
1873 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1874 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1876 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1878 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1879 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1880 SSVAL(req->outbuf,smb_vwv11,smb_action);
1882 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1883 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1886 END_PROFILE(SMBopenX);
1891 /****************************************************************************
1892 Reply to a SMBulogoffX.
1893 ****************************************************************************/
1895 void reply_ulogoffX(struct smb_request *req)
1899 START_PROFILE(SMBulogoffX);
1901 vuser = get_valid_user_struct(req->vuid);
1904 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1908 /* in user level security we are supposed to close any files
1909 open by this user */
1910 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1911 file_close_user(req->vuid);
1914 invalidate_vuid(req->vuid);
1916 reply_outbuf(req, 2, 0);
1918 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1920 END_PROFILE(SMBulogoffX);
1924 /****************************************************************************
1925 Reply to a mknew or a create.
1926 ****************************************************************************/
1928 void reply_mknew(struct smb_request *req)
1930 connection_struct *conn = req->conn;
1933 struct timespec ts[2];
1935 int oplock_request = 0;
1936 SMB_STRUCT_STAT sbuf;
1938 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1939 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1940 uint32 create_disposition;
1941 uint32 create_options = 0;
1942 TALLOC_CTX *ctx = talloc_tos();
1944 START_PROFILE(SMBcreate);
1947 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1948 END_PROFILE(SMBcreate);
1952 fattr = SVAL(req->vwv+0, 0);
1953 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1955 ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1958 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1959 STR_TERMINATE, &status);
1960 if (!NT_STATUS_IS_OK(status)) {
1961 reply_nterror(req, status);
1962 END_PROFILE(SMBcreate);
1966 if (fattr & aVOLID) {
1967 DEBUG(0,("Attempt to create file (%s) with volid set - "
1968 "please report this\n", fname));
1971 if(req->cmd == SMBmknew) {
1972 /* We should fail if file exists. */
1973 create_disposition = FILE_CREATE;
1975 /* Create if file doesn't exist, truncate if it does. */
1976 create_disposition = FILE_OVERWRITE_IF;
1979 status = SMB_VFS_CREATE_FILE(
1982 0, /* root_dir_fid */
1984 true, /* is_dos_path */
1985 access_mask, /* access_mask */
1986 share_mode, /* share_access */
1987 create_disposition, /* create_disposition*/
1988 create_options, /* create_options */
1989 fattr, /* file_attributes */
1990 oplock_request, /* oplock_request */
1991 0, /* allocation_size */
1998 if (!NT_STATUS_IS_OK(status)) {
1999 END_PROFILE(SMBcreate);
2000 if (open_was_deferred(req->mid)) {
2001 /* We have re-scheduled this call. */
2004 reply_openerror(req, status);
2008 ts[0] = get_atimespec(&sbuf); /* atime. */
2009 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, ts, true);
2010 if (!NT_STATUS_IS_OK(status)) {
2011 END_PROFILE(SMBcreate);
2012 reply_openerror(req, status);
2016 reply_outbuf(req, 1, 0);
2017 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2019 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2020 SCVAL(req->outbuf,smb_flg,
2021 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2024 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2025 SCVAL(req->outbuf,smb_flg,
2026 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2029 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2030 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2031 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2033 END_PROFILE(SMBcreate);
2037 /****************************************************************************
2038 Reply to a create temporary file.
2039 ****************************************************************************/
2041 void reply_ctemp(struct smb_request *req)
2043 connection_struct *conn = req->conn;
2049 SMB_STRUCT_STAT sbuf;
2052 TALLOC_CTX *ctx = talloc_tos();
2054 START_PROFILE(SMBctemp);
2057 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2058 END_PROFILE(SMBctemp);
2062 fattr = SVAL(req->vwv+0, 0);
2063 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2065 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2066 STR_TERMINATE, &status);
2067 if (!NT_STATUS_IS_OK(status)) {
2068 reply_nterror(req, status);
2069 END_PROFILE(SMBctemp);
2073 fname = talloc_asprintf(ctx,
2077 fname = talloc_strdup(ctx, "TMXXXXXX");
2081 reply_nterror(req, NT_STATUS_NO_MEMORY);
2082 END_PROFILE(SMBctemp);
2086 status = resolve_dfspath(ctx, conn,
2087 req->flags2 & FLAGS2_DFS_PATHNAMES,
2090 if (!NT_STATUS_IS_OK(status)) {
2091 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2092 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2093 ERRSRV, ERRbadpath);
2094 END_PROFILE(SMBctemp);
2097 reply_nterror(req, status);
2098 END_PROFILE(SMBctemp);
2102 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2103 if (!NT_STATUS_IS_OK(status)) {
2104 reply_nterror(req, status);
2105 END_PROFILE(SMBctemp);
2109 status = check_name(conn, fname);
2110 if (!NT_STATUS_IS_OK(status)) {
2111 reply_nterror(req, status);
2112 END_PROFILE(SMBctemp);
2116 tmpfd = smb_mkstemp(fname);
2118 reply_unixerror(req, ERRDOS, ERRnoaccess);
2119 END_PROFILE(SMBctemp);
2123 SMB_VFS_STAT(conn,fname,&sbuf);
2125 /* We should fail if file does not exist. */
2126 status = open_file_ntcreate(conn, req, fname, &sbuf,
2127 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2128 FILE_SHARE_READ|FILE_SHARE_WRITE,
2135 /* close fd from smb_mkstemp() */
2138 if (!NT_STATUS_IS_OK(status)) {
2139 if (open_was_deferred(req->mid)) {
2140 /* We have re-scheduled this call. */
2141 END_PROFILE(SMBctemp);
2144 reply_openerror(req, status);
2145 END_PROFILE(SMBctemp);
2149 reply_outbuf(req, 1, 0);
2150 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2152 /* the returned filename is relative to the directory */
2153 s = strrchr_m(fsp->fsp_name, '/');
2161 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2162 thing in the byte section. JRA */
2163 SSVALS(p, 0, -1); /* what is this? not in spec */
2165 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2167 reply_nterror(req, NT_STATUS_NO_MEMORY);
2168 END_PROFILE(SMBctemp);
2172 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2173 SCVAL(req->outbuf, smb_flg,
2174 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2177 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2178 SCVAL(req->outbuf, smb_flg,
2179 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2182 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2183 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2184 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2186 END_PROFILE(SMBctemp);
2190 /*******************************************************************
2191 Check if a user is allowed to rename a file.
2192 ********************************************************************/
2194 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2195 uint16 dirtype, SMB_STRUCT_STAT *pst)
2199 if (!CAN_WRITE(conn)) {
2200 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2203 fmode = dos_mode(conn, fsp->fsp_name, pst);
2204 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2205 return NT_STATUS_NO_SUCH_FILE;
2208 if (S_ISDIR(pst->st_mode)) {
2209 return NT_STATUS_OK;
2212 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2213 return NT_STATUS_OK;
2216 return NT_STATUS_ACCESS_DENIED;
2219 /*******************************************************************
2220 * unlink a file with all relevant access checks
2221 *******************************************************************/
2223 static NTSTATUS do_unlink(connection_struct *conn,
2224 struct smb_request *req,
2228 SMB_STRUCT_STAT sbuf;
2231 uint32 dirtype_orig = dirtype;
2234 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2236 if (!CAN_WRITE(conn)) {
2237 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2240 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2241 return map_nt_error_from_unix(errno);
2244 fattr = dos_mode(conn,fname,&sbuf);
2246 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2247 dirtype = aDIR|aARCH|aRONLY;
2250 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2252 return NT_STATUS_NO_SUCH_FILE;
2255 if (!dir_check_ftype(conn, fattr, dirtype)) {
2257 return NT_STATUS_FILE_IS_A_DIRECTORY;
2259 return NT_STATUS_NO_SUCH_FILE;
2262 if (dirtype_orig & 0x8000) {
2263 /* These will never be set for POSIX. */
2264 return NT_STATUS_NO_SUCH_FILE;
2268 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2269 return NT_STATUS_FILE_IS_A_DIRECTORY;
2272 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2273 return NT_STATUS_NO_SUCH_FILE;
2276 if (dirtype & 0xFF00) {
2277 /* These will never be set for POSIX. */
2278 return NT_STATUS_NO_SUCH_FILE;
2283 return NT_STATUS_NO_SUCH_FILE;
2286 /* Can't delete a directory. */
2288 return NT_STATUS_FILE_IS_A_DIRECTORY;
2293 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2294 return NT_STATUS_OBJECT_NAME_INVALID;
2295 #endif /* JRATEST */
2297 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2299 On a Windows share, a file with read-only dosmode can be opened with
2300 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2301 fails with NT_STATUS_CANNOT_DELETE error.
2303 This semantic causes a problem that a user can not
2304 rename a file with read-only dosmode on a Samba share
2305 from a Windows command prompt (i.e. cmd.exe, but can rename
2306 from Windows Explorer).
2309 if (!lp_delete_readonly(SNUM(conn))) {
2310 if (fattr & aRONLY) {
2311 return NT_STATUS_CANNOT_DELETE;
2315 /* On open checks the open itself will check the share mode, so
2316 don't do it here as we'll get it wrong. */
2318 status = create_file_unixpath
2322 DELETE_ACCESS, /* access_mask */
2323 FILE_SHARE_NONE, /* share_access */
2324 FILE_OPEN, /* create_disposition*/
2325 FILE_NON_DIRECTORY_FILE, /* create_options */
2326 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2327 0, /* oplock_request */
2328 0, /* allocation_size */
2335 if (!NT_STATUS_IS_OK(status)) {
2336 DEBUG(10, ("create_file_unixpath failed: %s\n",
2337 nt_errstr(status)));
2341 /* The set is across all open files on this dev/inode pair. */
2342 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2343 close_file(req, fsp, NORMAL_CLOSE);
2344 return NT_STATUS_ACCESS_DENIED;
2347 return close_file(req, fsp, NORMAL_CLOSE);
2350 /****************************************************************************
2351 The guts of the unlink command, split out so it may be called by the NT SMB
2353 ****************************************************************************/
2355 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2356 uint32 dirtype, const char *name_in, bool has_wild)
2358 const char *directory = NULL;
2363 NTSTATUS status = NT_STATUS_OK;
2364 SMB_STRUCT_STAT sbuf;
2365 TALLOC_CTX *ctx = talloc_tos();
2367 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2368 if (!NT_STATUS_IS_OK(status)) {
2372 p = strrchr_m(name,'/');
2374 directory = talloc_strdup(ctx, ".");
2376 return NT_STATUS_NO_MEMORY;
2386 * We should only check the mangled cache
2387 * here if unix_convert failed. This means
2388 * that the path in 'mask' doesn't exist
2389 * on the file system and so we need to look
2390 * for a possible mangle. This patch from
2391 * Tine Smukavec <valentin.smukavec@hermes.si>.
2394 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2395 char *new_mask = NULL;
2396 mangle_lookup_name_from_8_3(ctx,
2406 directory = talloc_asprintf(ctx,
2411 return NT_STATUS_NO_MEMORY;
2414 dirtype = FILE_ATTRIBUTE_NORMAL;
2417 status = check_name(conn, directory);
2418 if (!NT_STATUS_IS_OK(status)) {
2422 status = do_unlink(conn, req, directory, dirtype);
2423 if (!NT_STATUS_IS_OK(status)) {
2429 struct smb_Dir *dir_hnd = NULL;
2433 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2434 return NT_STATUS_OBJECT_NAME_INVALID;
2437 if (strequal(mask,"????????.???")) {
2442 status = check_name(conn, directory);
2443 if (!NT_STATUS_IS_OK(status)) {
2447 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2449 if (dir_hnd == NULL) {
2450 return map_nt_error_from_unix(errno);
2453 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2454 the pattern matches against the long name, otherwise the short name
2455 We don't implement this yet XXXX
2458 status = NT_STATUS_NO_SUCH_FILE;
2460 while ((dname = ReadDirName(dir_hnd, &offset))) {
2464 if (!is_visible_file(conn, directory, dname, &st, True)) {
2468 /* Quick check for "." and ".." */
2469 if (ISDOT(dname) || ISDOTDOT(dname)) {
2473 if(!mask_match(dname, mask, conn->case_sensitive)) {
2477 fname = talloc_asprintf(ctx, "%s/%s",
2481 return NT_STATUS_NO_MEMORY;
2484 status = check_name(conn, fname);
2485 if (!NT_STATUS_IS_OK(status)) {
2486 TALLOC_FREE(dir_hnd);
2490 status = do_unlink(conn, req, fname, dirtype);
2491 if (!NT_STATUS_IS_OK(status)) {
2497 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2502 TALLOC_FREE(dir_hnd);
2505 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2506 status = map_nt_error_from_unix(errno);
2512 /****************************************************************************
2514 ****************************************************************************/
2516 void reply_unlink(struct smb_request *req)
2518 connection_struct *conn = req->conn;
2522 bool path_contains_wcard = False;
2523 TALLOC_CTX *ctx = talloc_tos();
2525 START_PROFILE(SMBunlink);
2528 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2529 END_PROFILE(SMBunlink);
2533 dirtype = SVAL(req->vwv+0, 0);
2535 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2536 STR_TERMINATE, &status,
2537 &path_contains_wcard);
2538 if (!NT_STATUS_IS_OK(status)) {
2539 reply_nterror(req, status);
2540 END_PROFILE(SMBunlink);
2544 status = resolve_dfspath_wcard(ctx, conn,
2545 req->flags2 & FLAGS2_DFS_PATHNAMES,
2548 &path_contains_wcard);
2549 if (!NT_STATUS_IS_OK(status)) {
2550 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2551 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2552 ERRSRV, ERRbadpath);
2553 END_PROFILE(SMBunlink);
2556 reply_nterror(req, status);
2557 END_PROFILE(SMBunlink);
2561 DEBUG(3,("reply_unlink : %s\n",name));
2563 status = unlink_internals(conn, req, dirtype, name,
2564 path_contains_wcard);
2565 if (!NT_STATUS_IS_OK(status)) {
2566 if (open_was_deferred(req->mid)) {
2567 /* We have re-scheduled this call. */
2568 END_PROFILE(SMBunlink);
2571 reply_nterror(req, status);
2572 END_PROFILE(SMBunlink);
2576 reply_outbuf(req, 0, 0);
2577 END_PROFILE(SMBunlink);
2582 /****************************************************************************
2584 ****************************************************************************/
2586 static void fail_readraw(void)
2588 const char *errstr = talloc_asprintf(talloc_tos(),
2589 "FAIL ! reply_readbraw: socket write fail (%s)",
2594 exit_server_cleanly(errstr);
2597 /****************************************************************************
2598 Fake (read/write) sendfile. Returns -1 on read or write fail.
2599 ****************************************************************************/
2601 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2605 size_t tosend = nread;
2612 bufsize = MIN(nread, 65536);
2614 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2618 while (tosend > 0) {
2622 if (tosend > bufsize) {
2627 ret = read_file(fsp,buf,startpos,cur_read);
2633 /* If we had a short read, fill with zeros. */
2634 if (ret < cur_read) {
2635 memset(buf, '\0', cur_read - ret);
2638 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2643 startpos += cur_read;
2647 return (ssize_t)nread;
2650 /****************************************************************************
2651 Return a readbraw error (4 bytes of zero).
2652 ****************************************************************************/
2654 static void reply_readbraw_error(void)
2658 if (write_data(smbd_server_fd(),header,4) != 4) {
2663 /****************************************************************************
2664 Use sendfile in readbraw.
2665 ****************************************************************************/
2667 void send_file_readbraw(connection_struct *conn,
2673 char *outbuf = NULL;
2676 #if defined(WITH_SENDFILE)
2678 * We can only use sendfile on a non-chained packet
2679 * but we can use on a non-oplocked file. tridge proved this
2680 * on a train in Germany :-). JRA.
2681 * reply_readbraw has already checked the length.
2684 if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) &&
2685 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2687 DATA_BLOB header_blob;
2689 _smb_setlen(header,nread);
2690 header_blob = data_blob_const(header, 4);
2692 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2693 &header_blob, startpos, nread) == -1) {
2694 /* Returning ENOSYS means no data at all was sent.
2695 * Do this as a normal read. */
2696 if (errno == ENOSYS) {
2697 goto normal_readbraw;
2701 * Special hack for broken Linux with no working sendfile. If we
2702 * return EINTR we sent the header but not the rest of the data.
2703 * Fake this up by doing read/write calls.
2705 if (errno == EINTR) {
2706 /* Ensure we don't do this again. */
2707 set_use_sendfile(SNUM(conn), False);
2708 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2710 if (fake_sendfile(fsp, startpos, nread) == -1) {
2711 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2712 fsp->fsp_name, strerror(errno) ));
2713 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2718 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2719 fsp->fsp_name, strerror(errno) ));
2720 exit_server_cleanly("send_file_readbraw sendfile failed");
2729 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2731 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2732 (unsigned)(nread+4)));
2733 reply_readbraw_error();
2738 ret = read_file(fsp,outbuf+4,startpos,nread);
2739 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2748 _smb_setlen(outbuf,ret);
2749 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2752 TALLOC_FREE(outbuf);
2755 /****************************************************************************
2756 Reply to a readbraw (core+ protocol).
2757 ****************************************************************************/
2759 void reply_readbraw(struct smb_request *req)
2761 connection_struct *conn = req->conn;
2762 ssize_t maxcount,mincount;
2769 START_PROFILE(SMBreadbraw);
2771 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2772 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2773 "raw reads/writes are disallowed.");
2777 reply_readbraw_error();
2778 END_PROFILE(SMBreadbraw);
2783 * Special check if an oplock break has been issued
2784 * and the readraw request croses on the wire, we must
2785 * return a zero length response here.
2788 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2791 * We have to do a check_fsp by hand here, as
2792 * we must always return 4 zero bytes on error,
2796 if (!fsp || !conn || conn != fsp->conn ||
2797 req->vuid != fsp->vuid ||
2798 fsp->is_directory || fsp->fh->fd == -1) {
2800 * fsp could be NULL here so use the value from the packet. JRA.
2802 DEBUG(3,("reply_readbraw: fnum %d not valid "
2804 (int)SVAL(req->vwv+0, 0)));
2805 reply_readbraw_error();
2806 END_PROFILE(SMBreadbraw);
2810 /* Do a "by hand" version of CHECK_READ. */
2811 if (!(fsp->can_read ||
2812 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2813 (fsp->access_mask & FILE_EXECUTE)))) {
2814 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2815 (int)SVAL(req->vwv+0, 0)));
2816 reply_readbraw_error();
2817 END_PROFILE(SMBreadbraw);
2821 flush_write_cache(fsp, READRAW_FLUSH);
2823 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2824 if(req->wct == 10) {
2826 * This is a large offset (64 bit) read.
2828 #ifdef LARGE_SMB_OFF_T
2830 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2832 #else /* !LARGE_SMB_OFF_T */
2835 * Ensure we haven't been sent a >32 bit offset.
2838 if(IVAL(req->vwv+8, 0) != 0) {
2839 DEBUG(0,("reply_readbraw: large offset "
2840 "(%x << 32) used and we don't support "
2841 "64 bit offsets.\n",
2842 (unsigned int)IVAL(req->vwv+8, 0) ));
2843 reply_readbraw_error();
2844 END_PROFILE(SMBreadbraw);
2848 #endif /* LARGE_SMB_OFF_T */
2851 DEBUG(0,("reply_readbraw: negative 64 bit "
2852 "readraw offset (%.0f) !\n",
2853 (double)startpos ));
2854 reply_readbraw_error();
2855 END_PROFILE(SMBreadbraw);
2860 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
2861 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
2863 /* ensure we don't overrun the packet size */
2864 maxcount = MIN(65535,maxcount);
2866 if (is_locked(fsp,(uint32)req->smbpid,
2870 reply_readbraw_error();
2871 END_PROFILE(SMBreadbraw);
2875 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2879 if (startpos >= size) {
2882 nread = MIN(maxcount,(size - startpos));
2885 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2886 if (nread < mincount)
2890 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2891 "min=%lu nread=%lu\n",
2892 fsp->fnum, (double)startpos,
2893 (unsigned long)maxcount,
2894 (unsigned long)mincount,
2895 (unsigned long)nread ) );
2897 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2899 DEBUG(5,("reply_readbraw finished\n"));
2900 END_PROFILE(SMBreadbraw);
2904 #define DBGC_CLASS DBGC_LOCKING
2906 /****************************************************************************
2907 Reply to a lockread (core+ protocol).
2908 ****************************************************************************/
2910 void reply_lockread(struct smb_request *req)
2912 connection_struct *conn = req->conn;
2919 struct byte_range_lock *br_lck = NULL;
2922 START_PROFILE(SMBlockread);
2925 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2926 END_PROFILE(SMBlockread);
2930 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2932 if (!check_fsp(conn, req, fsp)) {
2933 END_PROFILE(SMBlockread);
2937 if (!CHECK_READ(fsp,req)) {
2938 reply_doserror(req, ERRDOS, ERRbadaccess);
2939 END_PROFILE(SMBlockread);
2943 release_level_2_oplocks_on_change(fsp);
2945 numtoread = SVAL(req->vwv+1, 0);
2946 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
2948 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2950 reply_outbuf(req, 5, numtoread + 3);
2952 data = smb_buf(req->outbuf) + 3;
2955 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2956 * protocol request that predates the read/write lock concept.
2957 * Thus instead of asking for a read lock here we need to ask
2958 * for a write lock. JRA.
2959 * Note that the requested lock size is unaffected by max_recv.
2962 br_lck = do_lock(smbd_messaging_context(),
2965 (uint64_t)numtoread,
2969 False, /* Non-blocking lock. */
2972 TALLOC_FREE(br_lck);
2974 if (NT_STATUS_V(status)) {
2975 reply_nterror(req, status);
2976 END_PROFILE(SMBlockread);
2981 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2984 if (numtoread > max_recv) {
2985 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2986 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2987 (unsigned int)numtoread, (unsigned int)max_recv ));
2988 numtoread = MIN(numtoread,max_recv);
2990 nread = read_file(fsp,data,startpos,numtoread);
2993 reply_unixerror(req, ERRDOS, ERRnoaccess);
2994 END_PROFILE(SMBlockread);
2998 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3000 SSVAL(req->outbuf,smb_vwv0,nread);
3001 SSVAL(req->outbuf,smb_vwv5,nread+3);
3002 p = smb_buf(req->outbuf);
3003 SCVAL(p,0,0); /* pad byte. */
3006 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3007 fsp->fnum, (int)numtoread, (int)nread));
3009 END_PROFILE(SMBlockread);
3014 #define DBGC_CLASS DBGC_ALL
3016 /****************************************************************************
3018 ****************************************************************************/
3020 void reply_read(struct smb_request *req)
3022 connection_struct *conn = req->conn;
3030 START_PROFILE(SMBread);
3033 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3034 END_PROFILE(SMBread);
3038 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3040 if (!check_fsp(conn, req, fsp)) {
3041 END_PROFILE(SMBread);
3045 if (!CHECK_READ(fsp,req)) {
3046 reply_doserror(req, ERRDOS, ERRbadaccess);
3047 END_PROFILE(SMBread);
3051 numtoread = SVAL(req->vwv+1, 0);
3052 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3054 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3057 * The requested read size cannot be greater than max_recv. JRA.
3059 if (numtoread > max_recv) {
3060 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3061 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3062 (unsigned int)numtoread, (unsigned int)max_recv ));
3063 numtoread = MIN(numtoread,max_recv);
3066 reply_outbuf(req, 5, numtoread+3);
3068 data = smb_buf(req->outbuf) + 3;
3070 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtoread,
3071 (uint64_t)startpos, READ_LOCK)) {
3072 reply_doserror(req, ERRDOS,ERRlock);
3073 END_PROFILE(SMBread);
3078 nread = read_file(fsp,data,startpos,numtoread);
3081 reply_unixerror(req, ERRDOS,ERRnoaccess);
3082 END_PROFILE(SMBread);
3086 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3088 SSVAL(req->outbuf,smb_vwv0,nread);
3089 SSVAL(req->outbuf,smb_vwv5,nread+3);
3090 SCVAL(smb_buf(req->outbuf),0,1);
3091 SSVAL(smb_buf(req->outbuf),1,nread);
3093 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3094 fsp->fnum, (int)numtoread, (int)nread ) );
3096 END_PROFILE(SMBread);
3100 /****************************************************************************
3102 ****************************************************************************/
3104 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3109 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3110 data = smb_buf(outbuf);
3112 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3114 SCVAL(outbuf,smb_vwv0,0xFF);
3115 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3116 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3117 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3118 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3119 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3120 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3121 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3125 /****************************************************************************
3126 Reply to a read and X - possibly using sendfile.
3127 ****************************************************************************/
3129 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3130 files_struct *fsp, SMB_OFF_T startpos,
3133 SMB_STRUCT_STAT sbuf;
3136 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3137 reply_unixerror(req, ERRDOS, ERRnoaccess);
3141 if (startpos > sbuf.st_size) {
3143 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3144 smb_maxcnt = (sbuf.st_size - startpos);
3147 if (smb_maxcnt == 0) {
3151 #if defined(WITH_SENDFILE)
3153 * We can only use sendfile on a non-chained packet
3154 * but we can use on a non-oplocked file. tridge proved this
3155 * on a train in Germany :-). JRA.
3158 if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) &&
3159 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3160 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3161 uint8 headerbuf[smb_size + 12 * 2];
3165 * Set up the packet header before send. We
3166 * assume here the sendfile will work (get the
3167 * correct amount of data).
3170 header = data_blob_const(headerbuf, sizeof(headerbuf));
3172 construct_reply_common_req(req, (char *)headerbuf);
3173 setup_readX_header((char *)headerbuf, smb_maxcnt);
3175 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3176 /* Returning ENOSYS or EINVAL means no data at all was sent.
3177 Do this as a normal read. */
3178 if (errno == ENOSYS || errno == EINVAL) {
3183 * Special hack for broken Linux with no working sendfile. If we
3184 * return EINTR we sent the header but not the rest of the data.
3185 * Fake this up by doing read/write calls.
3188 if (errno == EINTR) {
3189 /* Ensure we don't do this again. */
3190 set_use_sendfile(SNUM(conn), False);
3191 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3192 nread = fake_sendfile(fsp, startpos,
3195 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3196 fsp->fsp_name, strerror(errno) ));
3197 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3199 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3200 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3201 /* No outbuf here means successful sendfile. */
3202 TALLOC_FREE(req->outbuf);
3206 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3207 fsp->fsp_name, strerror(errno) ));
3208 exit_server_cleanly("send_file_readX sendfile failed");
3211 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3212 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3213 /* No outbuf here means successful sendfile. */
3214 TALLOC_FREE(req->outbuf);
3221 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3222 uint8 headerbuf[smb_size + 2*12];
3224 construct_reply_common_req(req, (char *)headerbuf);
3225 setup_readX_header((char *)headerbuf, smb_maxcnt);
3227 /* Send out the header. */
3228 if (write_data(smbd_server_fd(), (char *)headerbuf,
3229 sizeof(headerbuf)) != sizeof(headerbuf)) {
3230 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3231 fsp->fsp_name, strerror(errno) ));
3232 exit_server_cleanly("send_file_readX sendfile failed");
3234 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3236 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3237 fsp->fsp_name, strerror(errno) ));
3238 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3240 TALLOC_FREE(req->outbuf);
3244 reply_outbuf(req, 12, smb_maxcnt);
3246 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3248 reply_unixerror(req, ERRDOS, ERRnoaccess);
3252 setup_readX_header((char *)req->outbuf, nread);
3254 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3255 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3260 /****************************************************************************
3261 Reply to a read and X.
3262 ****************************************************************************/
3264 void reply_read_and_X(struct smb_request *req)
3266 connection_struct *conn = req->conn;
3270 bool big_readX = False;
3272 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3275 START_PROFILE(SMBreadX);
3277 if ((req->wct != 10) && (req->wct != 12)) {
3278 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3282 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3283 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3284 smb_maxcnt = SVAL(req->vwv+5, 0);
3286 /* If it's an IPC, pass off the pipe handler. */
3288 reply_pipe_read_and_X(req);
3289 END_PROFILE(SMBreadX);
3293 if (!check_fsp(conn, req, fsp)) {
3294 END_PROFILE(SMBreadX);
3298 if (!CHECK_READ(fsp,req)) {
3299 reply_doserror(req, ERRDOS,ERRbadaccess);
3300 END_PROFILE(SMBreadX);
3304 if (global_client_caps & CAP_LARGE_READX) {
3305 size_t upper_size = SVAL(req->vwv+7, 0);
3306 smb_maxcnt |= (upper_size<<16);
3307 if (upper_size > 1) {
3308 /* Can't do this on a chained packet. */
3309 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3310 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3311 END_PROFILE(SMBreadX);
3314 /* We currently don't do this on signed or sealed data. */
3315 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3316 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3317 END_PROFILE(SMBreadX);
3320 /* Is there room in the reply for this data ? */
3321 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3323 NT_STATUS_INVALID_PARAMETER);
3324 END_PROFILE(SMBreadX);
3331 if (req->wct == 12) {
3332 #ifdef LARGE_SMB_OFF_T
3334 * This is a large offset (64 bit) read.
3336 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3338 #else /* !LARGE_SMB_OFF_T */
3341 * Ensure we haven't been sent a >32 bit offset.
3344 if(IVAL(req->vwv+10, 0) != 0) {
3345 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3346 "used and we don't support 64 bit offsets.\n",
3347 (unsigned int)IVAL(req->vwv+10, 0) ));
3348 END_PROFILE(SMBreadX);
3349 reply_doserror(req, ERRDOS, ERRbadaccess);
3353 #endif /* LARGE_SMB_OFF_T */
3357 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)smb_maxcnt,
3358 (uint64_t)startpos, READ_LOCK)) {
3359 END_PROFILE(SMBreadX);
3360 reply_doserror(req, ERRDOS, ERRlock);
3365 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3366 END_PROFILE(SMBreadX);
3370 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3372 END_PROFILE(SMBreadX);
3376 /****************************************************************************
3377 Error replies to writebraw must have smb_wct == 1. Fix this up.
3378 ****************************************************************************/
3380 void error_to_writebrawerr(struct smb_request *req)
3382 uint8 *old_outbuf = req->outbuf;
3384 reply_outbuf(req, 1, 0);
3386 memcpy(req->outbuf, old_outbuf, smb_size);
3387 TALLOC_FREE(old_outbuf);
3390 /****************************************************************************
3391 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3392 ****************************************************************************/
3394 void reply_writebraw(struct smb_request *req)
3396 connection_struct *conn = req->conn;
3399 ssize_t total_written=0;
3400 size_t numtowrite=0;
3408 START_PROFILE(SMBwritebraw);
3411 * If we ever reply with an error, it must have the SMB command
3412 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3415 SCVAL(req->inbuf,smb_com,SMBwritec);
3417 if (srv_is_signing_active()) {
3418 END_PROFILE(SMBwritebraw);
3419 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3420 "raw reads/writes are disallowed.");
3423 if (req->wct < 12) {
3424 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3425 error_to_writebrawerr(req);
3426 END_PROFILE(SMBwritebraw);
3430 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3431 if (!check_fsp(conn, req, fsp)) {
3432 error_to_writebrawerr(req);
3433 END_PROFILE(SMBwritebraw);
3437 if (!CHECK_WRITE(fsp)) {
3438 reply_doserror(req, ERRDOS, ERRbadaccess);
3439 error_to_writebrawerr(req);
3440 END_PROFILE(SMBwritebraw);
3444 tcount = IVAL(req->vwv+1, 0);
3445 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3446 write_through = BITSETW(req->vwv+7,0);
3448 /* We have to deal with slightly different formats depending
3449 on whether we are using the core+ or lanman1.0 protocol */
3451 if(Protocol <= PROTOCOL_COREPLUS) {
3452 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3453 data = smb_buf(req->inbuf);
3455 numtowrite = SVAL(req->vwv+10, 0);
3456 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3459 /* Ensure we don't write bytes past the end of this packet. */
3460 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3461 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3462 error_to_writebrawerr(req);
3463 END_PROFILE(SMBwritebraw);
3467 if (is_locked(fsp,(uint32)req->smbpid,(uint64_t)tcount,
3468 (uint64_t)startpos, WRITE_LOCK)) {
3469 reply_doserror(req, ERRDOS, ERRlock);
3470 error_to_writebrawerr(req);
3471 END_PROFILE(SMBwritebraw);
3476 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3479 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3480 "wrote=%d sync=%d\n",
3481 fsp->fnum, (double)startpos, (int)numtowrite,
3482 (int)nwritten, (int)write_through));
3484 if (nwritten < (ssize_t)numtowrite) {
3485 reply_unixerror(req, ERRHRD, ERRdiskfull);
3486 error_to_writebrawerr(req);
3487 END_PROFILE(SMBwritebraw);
3491 total_written = nwritten;
3493 /* Allocate a buffer of 64k + length. */
3494 buf = TALLOC_ARRAY(NULL, char, 65540);
3496 reply_doserror(req, ERRDOS, ERRnomem);
3497 error_to_writebrawerr(req);
3498 END_PROFILE(SMBwritebraw);
3502 /* Return a SMBwritebraw message to the redirector to tell
3503 * it to send more bytes */
3505 memcpy(buf, req->inbuf, smb_size);
3506 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3507 SCVAL(buf,smb_com,SMBwritebraw);
3508 SSVALS(buf,smb_vwv0,0xFFFF);
3510 if (!srv_send_smb(smbd_server_fd(),
3512 IS_CONN_ENCRYPTED(conn))) {
3513 exit_server_cleanly("reply_writebraw: srv_send_smb "
3517 /* Now read the raw data into the buffer and write it */
3518 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3520 if (!NT_STATUS_IS_OK(status)) {
3521 exit_server_cleanly("secondary writebraw failed");
3524 /* Set up outbuf to return the correct size */
3525 reply_outbuf(req, 1, 0);
3527 if (numtowrite != 0) {
3529 if (numtowrite > 0xFFFF) {
3530 DEBUG(0,("reply_writebraw: Oversize secondary write "
3531 "raw requested (%u). Terminating\n",
3532 (unsigned int)numtowrite ));
3533 exit_server_cleanly("secondary writebraw failed");
3536 if (tcount > nwritten+numtowrite) {
3537 DEBUG(3,("reply_writebraw: Client overestimated the "
3539 (int)tcount,(int)nwritten,(int)numtowrite));
3542 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3544 if (!NT_STATUS_IS_OK(status)) {
3545 DEBUG(0,("reply_writebraw: Oversize secondary write "
3546 "raw read failed (%s). Terminating\n",
3547 nt_errstr(status)));
3548 exit_server_cleanly("secondary writebraw failed");
3551 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3552 if (nwritten == -1) {
3554 reply_unixerror(req, ERRHRD, ERRdiskfull);
3555 error_to_writebrawerr(req);
3556 END_PROFILE(SMBwritebraw);
3560 if (nwritten < (ssize_t)numtowrite) {
3561 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3562 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3566 total_written += nwritten;
3571 SSVAL(req->outbuf,smb_vwv0,total_written);
3573 status = sync_file(conn, fsp, write_through);
3574 if (!NT_STATUS_IS_OK(status)) {
3575 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3576 fsp->fsp_name, nt_errstr(status) ));
3577 reply_nterror(req, status);
3578 error_to_writebrawerr(req);
3579 END_PROFILE(SMBwritebraw);
3583 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3585 fsp->fnum, (double)startpos, (int)numtowrite,
3586 (int)total_written));
3588 /* We won't return a status if write through is not selected - this
3589 * follows what WfWg does */
3590 END_PROFILE(SMBwritebraw);
3592 if (!write_through && total_written==tcount) {
3594 #if RABBIT_PELLET_FIX
3596 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3597 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3600 if (!send_keepalive(smbd_server_fd())) {
3601 exit_server_cleanly("reply_writebraw: send of "
3602 "keepalive failed");
3605 TALLOC_FREE(req->outbuf);
3611 #define DBGC_CLASS DBGC_LOCKING
3613 /****************************************************************************
3614 Reply to a writeunlock (core+).
3615 ****************************************************************************/
3617 void reply_writeunlock(struct smb_request *req)
3619 connection_struct *conn = req->conn;
3620 ssize_t nwritten = -1;
3624 NTSTATUS status = NT_STATUS_OK;
3627 START_PROFILE(SMBwriteunlock);
3630 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3631 END_PROFILE(SMBwriteunlock);
3635 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3637 if (!check_fsp(conn, req, fsp)) {
3638 END_PROFILE(SMBwriteunlock);
3642 if (!CHECK_WRITE(fsp)) {
3643 reply_doserror(req, ERRDOS,ERRbadaccess);
3644 END_PROFILE(SMBwriteunlock);
3648 numtowrite = SVAL(req->vwv+1, 0);
3649 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3650 data = (const char *)req->buf + 3;
3653 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3654 (uint64_t)startpos, WRITE_LOCK)) {
3655 reply_doserror(req, ERRDOS, ERRlock);
3656 END_PROFILE(SMBwriteunlock);
3660 /* The special X/Open SMB protocol handling of
3661 zero length writes is *NOT* done for
3663 if(numtowrite == 0) {
3666 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3669 status = sync_file(conn, fsp, False /* write through */);
3670 if (!NT_STATUS_IS_OK(status)) {
3671 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3672 fsp->fsp_name, nt_errstr(status) ));
3673 reply_nterror(req, status);
3674 END_PROFILE(SMBwriteunlock);
3678 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3679 reply_unixerror(req, ERRHRD, ERRdiskfull);
3680 END_PROFILE(SMBwriteunlock);
3685 status = do_unlock(smbd_messaging_context(),
3688 (uint64_t)numtowrite,
3692 if (NT_STATUS_V(status)) {
3693 reply_nterror(req, status);
3694 END_PROFILE(SMBwriteunlock);
3699 reply_outbuf(req, 1, 0);
3701 SSVAL(req->outbuf,smb_vwv0,nwritten);
3703 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3704 fsp->fnum, (int)numtowrite, (int)nwritten));
3706 END_PROFILE(SMBwriteunlock);
3711 #define DBGC_CLASS DBGC_ALL
3713 /****************************************************************************
3715 ****************************************************************************/
3717 void reply_write(struct smb_request *req)
3719 connection_struct *conn = req->conn;
3721 ssize_t nwritten = -1;
3727 START_PROFILE(SMBwrite);
3730 END_PROFILE(SMBwrite);
3731 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3735 /* If it's an IPC, pass off the pipe handler. */
3737 reply_pipe_write(req);
3738 END_PROFILE(SMBwrite);
3742 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3744 if (!check_fsp(conn, req, fsp)) {
3745 END_PROFILE(SMBwrite);
3749 if (!CHECK_WRITE(fsp)) {
3750 reply_doserror(req, ERRDOS, ERRbadaccess);
3751 END_PROFILE(SMBwrite);
3755 numtowrite = SVAL(req->vwv+1, 0);
3756 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3757 data = (const char *)req->buf + 3;
3759 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3760 (uint64_t)startpos, WRITE_LOCK)) {
3761 reply_doserror(req, ERRDOS, ERRlock);
3762 END_PROFILE(SMBwrite);
3767 * X/Open SMB protocol says that if smb_vwv1 is
3768 * zero then the file size should be extended or
3769 * truncated to the size given in smb_vwv[2-3].
3772 if(numtowrite == 0) {
3774 * This is actually an allocate call, and set EOF. JRA.
3776 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3778 reply_nterror(req, NT_STATUS_DISK_FULL);
3779 END_PROFILE(SMBwrite);
3782 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3784 reply_nterror(req, NT_STATUS_DISK_FULL);
3785 END_PROFILE(SMBwrite);
3788 trigger_write_time_update_immediate(fsp);
3790 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3793 status = sync_file(conn, fsp, False);
3794 if (!NT_STATUS_IS_OK(status)) {
3795 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3796 fsp->fsp_name, nt_errstr(status) ));
3797 reply_nterror(req, status);
3798 END_PROFILE(SMBwrite);
3802 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3803 reply_unixerror(req, ERRHRD, ERRdiskfull);
3804 END_PROFILE(SMBwrite);
3808 reply_outbuf(req, 1, 0);
3810 SSVAL(req->outbuf,smb_vwv0,nwritten);
3812 if (nwritten < (ssize_t)numtowrite) {
3813 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3814 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3817 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3819 END_PROFILE(SMBwrite);
3823 /****************************************************************************
3824 Ensure a buffer is a valid writeX for recvfile purposes.
3825 ****************************************************************************/
3827 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3828 (2*14) + /* word count (including bcc) */ \
3831 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3834 connection_struct *conn = NULL;
3835 unsigned int doff = 0;
3836 size_t len = smb_len_large(inbuf);
3838 if (is_encrypted_packet(inbuf)) {
3839 /* Can't do this on encrypted
3844 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3848 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3849 CVAL(inbuf,smb_wct) != 14) {
3850 DEBUG(10,("is_valid_writeX_buffer: chained or "
3851 "invalid word length.\n"));
3855 conn = conn_find(SVAL(inbuf, smb_tid));
3857 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3861 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3864 doff = SVAL(inbuf,smb_vwv11);
3866 numtowrite = SVAL(inbuf,smb_vwv10);
3868 if (len > doff && len - doff > 0xFFFF) {
3869 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3872 if (numtowrite == 0) {
3873 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3877 /* Ensure the sizes match up. */
3878 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3879 /* no pad byte...old smbclient :-( */
3880 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3882 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3886 if (len - doff != numtowrite) {
3887 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3888 "len = %u, doff = %u, numtowrite = %u\n",
3891 (unsigned int)numtowrite ));
3895 DEBUG(10,("is_valid_writeX_buffer: true "
3896 "len = %u, doff = %u, numtowrite = %u\n",
3899 (unsigned int)numtowrite ));
3904 /****************************************************************************
3905 Reply to a write and X.
3906 ****************************************************************************/
3908 void reply_write_and_X(struct smb_request *req)
3910 connection_struct *conn = req->conn;
3916 unsigned int smb_doff;
3917 unsigned int smblen;
3921 START_PROFILE(SMBwriteX);
3923 if ((req->wct != 12) && (req->wct != 14)) {
3924 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3925 END_PROFILE(SMBwriteX);
3929 numtowrite = SVAL(req->vwv+10, 0);
3930 smb_doff = SVAL(req->vwv+11, 0);
3931 smblen = smb_len(req->inbuf);
3933 if (req->unread_bytes > 0xFFFF ||
3934 (smblen > smb_doff &&
3935 smblen - smb_doff > 0xFFFF)) {
3936 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
3939 if (req->unread_bytes) {
3940 /* Can't do a recvfile write on IPC$ */
3942 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3943 END_PROFILE(SMBwriteX);
3946 if (numtowrite != req->unread_bytes) {
3947 reply_doserror(req, ERRDOS, ERRbadmem);
3948 END_PROFILE(SMBwriteX);
3952 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3953 smb_doff + numtowrite > smblen) {
3954 reply_doserror(req, ERRDOS, ERRbadmem);
3955 END_PROFILE(SMBwriteX);
3960 /* If it's an IPC, pass off the pipe handler. */
3962 if (req->unread_bytes) {
3963 reply_doserror(req, ERRDOS, ERRbadmem);
3964 END_PROFILE(SMBwriteX);
3967 reply_pipe_write_and_X(req);
3968 END_PROFILE(SMBwriteX);
3972 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3973 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3974 write_through = BITSETW(req->vwv+7,0);
3976 if (!check_fsp(conn, req, fsp)) {
3977 END_PROFILE(SMBwriteX);
3981 if (!CHECK_WRITE(fsp)) {
3982 reply_doserror(req, ERRDOS, ERRbadaccess);
3983 END_PROFILE(SMBwriteX);
3987 data = smb_base(req->inbuf) + smb_doff;
3989 if(req->wct == 14) {
3990 #ifdef LARGE_SMB_OFF_T
3992 * This is a large offset (64 bit) write.
3994 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
3996 #else /* !LARGE_SMB_OFF_T */
3999 * Ensure we haven't been sent a >32 bit offset.
4002 if(IVAL(req->vwv+12, 0) != 0) {
4003 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4004 "used and we don't support 64 bit offsets.\n",
4005 (unsigned int)IVAL(req->vwv+12, 0) ));
4006 reply_doserror(req, ERRDOS, ERRbadaccess);
4007 END_PROFILE(SMBwriteX);
4011 #endif /* LARGE_SMB_OFF_T */
4014 if (is_locked(fsp,(uint32)req->smbpid,
4015 (uint64_t)numtowrite,
4016 (uint64_t)startpos, WRITE_LOCK)) {
4017 reply_doserror(req, ERRDOS, ERRlock);
4018 END_PROFILE(SMBwriteX);
4022 /* X/Open SMB protocol says that, unlike SMBwrite
4023 if the length is zero then NO truncation is
4024 done, just a write of zero. To truncate a file,
4027 if(numtowrite == 0) {
4031 if ((req->unread_bytes == 0) &&
4032 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4034 END_PROFILE(SMBwriteX);
4038 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4041 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4042 reply_unixerror(req, ERRHRD, ERRdiskfull);
4043 END_PROFILE(SMBwriteX);
4047 reply_outbuf(req, 6, 0);
4048 SSVAL(req->outbuf,smb_vwv2,nwritten);
4049 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4051 if (nwritten < (ssize_t)numtowrite) {
4052 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4053 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4056 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4057 fsp->fnum, (int)numtowrite, (int)nwritten));
4059 status = sync_file(conn, fsp, write_through);
4060 if (!NT_STATUS_IS_OK(status)) {
4061 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4062 fsp->fsp_name, nt_errstr(status) ));
4063 reply_nterror(req, status);
4064 END_PROFILE(SMBwriteX);
4068 END_PROFILE(SMBwriteX);
4073 /****************************************************************************
4075 ****************************************************************************/
4077 void reply_lseek(struct smb_request *req)
4079 connection_struct *conn = req->conn;
4085 START_PROFILE(SMBlseek);
4088 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4089 END_PROFILE(SMBlseek);
4093 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4095 if (!check_fsp(conn, req, fsp)) {
4099 flush_write_cache(fsp, SEEK_FLUSH);
4101 mode = SVAL(req->vwv+1, 0) & 3;
4102 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4103 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4112 res = fsp->fh->pos + startpos;
4123 if (umode == SEEK_END) {
4124 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4125 if(errno == EINVAL) {
4126 SMB_OFF_T current_pos = startpos;
4127 SMB_STRUCT_STAT sbuf;
4129 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4130 reply_unixerror(req, ERRDOS,
4132 END_PROFILE(SMBlseek);
4136 current_pos += sbuf.st_size;
4138 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4143 reply_unixerror(req, ERRDOS, ERRnoaccess);
4144 END_PROFILE(SMBlseek);
4151 reply_outbuf(req, 2, 0);
4152 SIVAL(req->outbuf,smb_vwv0,res);
4154 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4155 fsp->fnum, (double)startpos, (double)res, mode));
4157 END_PROFILE(SMBlseek);
4161 /****************************************************************************
4163 ****************************************************************************/
4165 void reply_flush(struct smb_request *req)
4167 connection_struct *conn = req->conn;
4171 START_PROFILE(SMBflush);
4174 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4178 fnum = SVAL(req->vwv+0, 0);
4179 fsp = file_fsp(req, fnum);
4181 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4186 file_sync_all(conn);
4188 NTSTATUS status = sync_file(conn, fsp, True);
4189 if (!NT_STATUS_IS_OK(status)) {
4190 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4191 fsp->fsp_name, nt_errstr(status) ));
4192 reply_nterror(req, status);
4193 END_PROFILE(SMBflush);
4198 reply_outbuf(req, 0, 0);
4200 DEBUG(3,("flush\n"));
4201 END_PROFILE(SMBflush);
4205 /****************************************************************************
4207 conn POINTER CAN BE NULL HERE !
4208 ****************************************************************************/
4210 void reply_exit(struct smb_request *req)
4212 START_PROFILE(SMBexit);
4214 file_close_pid(req->smbpid, req->vuid);
4216 reply_outbuf(req, 0, 0);
4218 DEBUG(3,("exit\n"));
4220 END_PROFILE(SMBexit);
4224 /****************************************************************************
4225 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4226 ****************************************************************************/
4228 void reply_close(struct smb_request *req)
4230 connection_struct *conn = req->conn;
4231 NTSTATUS status = NT_STATUS_OK;
4232 files_struct *fsp = NULL;
4233 START_PROFILE(SMBclose);
4236 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4237 END_PROFILE(SMBclose);
4241 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4244 * We can only use check_fsp if we know it's not a directory.
4247 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4248 reply_doserror(req, ERRDOS, ERRbadfid);
4249 END_PROFILE(SMBclose);
4253 if(fsp->is_directory) {
4255 * Special case - close NT SMB directory handle.
4257 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4258 status = close_file(req, fsp, NORMAL_CLOSE);
4262 * Close ordinary file.
4265 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4266 fsp->fh->fd, fsp->fnum,
4267 conn->num_files_open));
4270 * Take care of any time sent in the close.
4273 t = srv_make_unix_date3(req->vwv+1);
4274 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4277 * close_file() returns the unix errno if an error
4278 * was detected on close - normally this is due to
4279 * a disk full error. If not then it was probably an I/O error.
4282 status = close_file(req, fsp, NORMAL_CLOSE);
4285 if (!NT_STATUS_IS_OK(status)) {
4286 reply_nterror(req, status);
4287 END_PROFILE(SMBclose);
4291 reply_outbuf(req, 0, 0);
4292 END_PROFILE(SMBclose);
4296 /****************************************************************************
4297 Reply to a writeclose (Core+ protocol).
4298 ****************************************************************************/
4300 void reply_writeclose(struct smb_request *req)
4302 connection_struct *conn = req->conn;
4304 ssize_t nwritten = -1;
4305 NTSTATUS close_status = NT_STATUS_OK;
4308 struct timespec mtime;
4311 START_PROFILE(SMBwriteclose);
4314 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4315 END_PROFILE(SMBwriteclose);
4319 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4321 if (!check_fsp(conn, req, fsp)) {
4322 END_PROFILE(SMBwriteclose);
4325 if (!CHECK_WRITE(fsp)) {
4326 reply_doserror(req, ERRDOS,ERRbadaccess);
4327 END_PROFILE(SMBwriteclose);
4331 numtowrite = SVAL(req->vwv+1, 0);
4332 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4333 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4334 data = (const char *)req->buf + 1;
4337 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
4338 (uint64_t)startpos, WRITE_LOCK)) {
4339 reply_doserror(req, ERRDOS,ERRlock);
4340 END_PROFILE(SMBwriteclose);
4344 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4346 set_close_write_time(fsp, mtime);
4349 * More insanity. W2K only closes the file if writelen > 0.
4354 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4356 close_status = close_file(req, fsp, NORMAL_CLOSE);
4359 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4360 fsp->fnum, (int)numtowrite, (int)nwritten,
4361 conn->num_files_open));
4363 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4364 reply_doserror(req, ERRHRD, ERRdiskfull);
4365 END_PROFILE(SMBwriteclose);
4369 if(!NT_STATUS_IS_OK(close_status)) {
4370 reply_nterror(req, close_status);
4371 END_PROFILE(SMBwriteclose);
4375 reply_outbuf(req, 1, 0);
4377 SSVAL(req->outbuf,smb_vwv0,nwritten);
4378 END_PROFILE(SMBwriteclose);
4383 #define DBGC_CLASS DBGC_LOCKING
4385 /****************************************************************************
4387 ****************************************************************************/
4389 void reply_lock(struct smb_request *req)
4391 connection_struct *conn = req->conn;
4392 uint64_t count,offset;
4395 struct byte_range_lock *br_lck = NULL;
4397 START_PROFILE(SMBlock);
4400 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4401 END_PROFILE(SMBlock);
4405 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4407 if (!check_fsp(conn, req, fsp)) {
4408 END_PROFILE(SMBlock);
4412 release_level_2_oplocks_on_change(fsp);
4414 count = (uint64_t)IVAL(req->vwv+1, 0);
4415 offset = (uint64_t)IVAL(req->vwv+3, 0);
4417 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4418 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4420 br_lck = do_lock(smbd_messaging_context(),
4427 False, /* Non-blocking lock. */
4431 TALLOC_FREE(br_lck);
4433 if (NT_STATUS_V(status)) {
4434 reply_nterror(req, status);
4435 END_PROFILE(SMBlock);
4439 reply_outbuf(req, 0, 0);
4441 END_PROFILE(SMBlock);
4445 /****************************************************************************
4447 ****************************************************************************/
4449 void reply_unlock(struct smb_request *req)
4451 connection_struct *conn = req->conn;
4452 uint64_t count,offset;
4456 START_PROFILE(SMBunlock);
4459 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4460 END_PROFILE(SMBunlock);
4464 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4466 if (!check_fsp(conn, req, fsp)) {
4467 END_PROFILE(SMBunlock);
4471 count = (uint64_t)IVAL(req->vwv+1, 0);
4472 offset = (uint64_t)IVAL(req->vwv+3, 0);
4474 status = do_unlock(smbd_messaging_context(),
4481 if (NT_STATUS_V(status)) {
4482 reply_nterror(req, status);
4483 END_PROFILE(SMBunlock);
4487 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4488 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4490 reply_outbuf(req, 0, 0);
4492 END_PROFILE(SMBunlock);
4497 #define DBGC_CLASS DBGC_ALL
4499 /****************************************************************************
4501 conn POINTER CAN BE NULL HERE !
4502 ****************************************************************************/
4504 void reply_tdis(struct smb_request *req)
4506 connection_struct *conn = req->conn;
4507 START_PROFILE(SMBtdis);
4510 DEBUG(4,("Invalid connection in tdis\n"));
4511 reply_doserror(req, ERRSRV, ERRinvnid);
4512 END_PROFILE(SMBtdis);
4518 close_cnum(conn,req->vuid);
4521 reply_outbuf(req, 0, 0);
4522 END_PROFILE(SMBtdis);
4526 /****************************************************************************
4528 conn POINTER CAN BE NULL HERE !
4529 ****************************************************************************/
4531 void reply_echo(struct smb_request *req)
4533 connection_struct *conn = req->conn;
4537 START_PROFILE(SMBecho);
4540 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4541 END_PROFILE(SMBecho);
4545 smb_reverb = SVAL(req->vwv+0, 0);
4547 reply_outbuf(req, 1, req->buflen);
4549 /* copy any incoming data back out */
4550 if (req->buflen > 0) {
4551 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4554 if (smb_reverb > 100) {
4555 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4559 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4560 SSVAL(req->outbuf,smb_vwv0,seq_num);
4562 show_msg((char *)req->outbuf);
4563 if (!srv_send_smb(smbd_server_fd(),
4564 (char *)req->outbuf,
4565 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4566 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4569 DEBUG(3,("echo %d times\n", smb_reverb));
4571 TALLOC_FREE(req->outbuf);
4573 END_PROFILE(SMBecho);
4577 /****************************************************************************
4578 Reply to a printopen.
4579 ****************************************************************************/
4581 void reply_printopen(struct smb_request *req)
4583 connection_struct *conn = req->conn;
4587 START_PROFILE(SMBsplopen);
4590 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4591 END_PROFILE(SMBsplopen);
4595 if (!CAN_PRINT(conn)) {
4596 reply_doserror(req, ERRDOS, ERRnoaccess);
4597 END_PROFILE(SMBsplopen);
4601 status = file_new(req, conn, &fsp);
4602 if(!NT_STATUS_IS_OK(status)) {
4603 reply_nterror(req, status);
4604 END_PROFILE(SMBsplopen);
4608 /* Open for exclusive use, write only. */
4609 status = print_fsp_open(req, conn, NULL, req->vuid, fsp);
4611 if (!NT_STATUS_IS_OK(status)) {
4612 reply_nterror(req, status);
4613 END_PROFILE(SMBsplopen);
4617 reply_outbuf(req, 1, 0);
4618 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4620 DEBUG(3,("openprint fd=%d fnum=%d\n",
4621 fsp->fh->fd, fsp->fnum));
4623 END_PROFILE(SMBsplopen);
4627 /****************************************************************************
4628 Reply to a printclose.
4629 ****************************************************************************/
4631 void reply_printclose(struct smb_request *req)
4633 connection_struct *conn = req->conn;
4637 START_PROFILE(SMBsplclose);
4640 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4641 END_PROFILE(SMBsplclose);
4645 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4647 if (!check_fsp(conn, req, fsp)) {
4648 END_PROFILE(SMBsplclose);
4652 if (!CAN_PRINT(conn)) {
4653 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4654 END_PROFILE(SMBsplclose);
4658 DEBUG(3,("printclose fd=%d fnum=%d\n",
4659 fsp->fh->fd,fsp->fnum));
4661 status = close_file(req, fsp, NORMAL_CLOSE);
4663 if(!NT_STATUS_IS_OK(status)) {
4664 reply_nterror(req, status);
4665 END_PROFILE(SMBsplclose);
4669 reply_outbuf(req, 0, 0);
4671 END_PROFILE(SMBsplclose);
4675 /****************************************************************************
4676 Reply to a printqueue.
4677 ****************************************************************************/
4679 void reply_printqueue(struct smb_request *req)
4681 connection_struct *conn = req->conn;
4685 START_PROFILE(SMBsplretq);
4688 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4689 END_PROFILE(SMBsplretq);
4693 max_count = SVAL(req->vwv+0, 0);
4694 start_index = SVAL(req->vwv+1, 0);
4696 /* we used to allow the client to get the cnum wrong, but that
4697 is really quite gross and only worked when there was only
4698 one printer - I think we should now only accept it if they
4699 get it right (tridge) */
4700 if (!CAN_PRINT(conn)) {
4701 reply_doserror(req, ERRDOS, ERRnoaccess);
4702 END_PROFILE(SMBsplretq);
4706 reply_outbuf(req, 2, 3);
4707 SSVAL(req->outbuf,smb_vwv0,0);
4708 SSVAL(req->outbuf,smb_vwv1,0);
4709 SCVAL(smb_buf(req->outbuf),0,1);
4710 SSVAL(smb_buf(req->outbuf),1,0);
4712 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4713 start_index, max_count));
4716 print_queue_struct *queue = NULL;
4717 print_status_struct status;
4718 int count = print_queue_status(SNUM(conn), &queue, &status);
4719 int num_to_get = ABS(max_count);
4720 int first = (max_count>0?start_index:start_index+max_count+1);
4726 num_to_get = MIN(num_to_get,count-first);
4729 for (i=first;i<first+num_to_get;i++) {
4733 srv_put_dos_date2(p,0,queue[i].time);
4734 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4735 SSVAL(p,5, queue[i].job);
4736 SIVAL(p,7,queue[i].size);
4738 srvstr_push(blob, req->flags2, p+12,
4739 queue[i].fs_user, 16, STR_ASCII);
4741 if (message_push_blob(
4744 blob, sizeof(blob))) == -1) {
4745 reply_nterror(req, NT_STATUS_NO_MEMORY);
4746 END_PROFILE(SMBsplretq);
4752 SSVAL(req->outbuf,smb_vwv0,count);
4753 SSVAL(req->outbuf,smb_vwv1,
4754 (max_count>0?first+count:first-1));
4755 SCVAL(smb_buf(req->outbuf),0,1);
4756 SSVAL(smb_buf(req->outbuf),1,28*count);
4761 DEBUG(3,("%d entries returned in queue\n",count));
4764 END_PROFILE(SMBsplretq);
4768 /****************************************************************************
4769 Reply to a printwrite.
4770 ****************************************************************************/
4772 void reply_printwrite(struct smb_request *req)
4774 connection_struct *conn = req->conn;
4779 START_PROFILE(SMBsplwr);
4782 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4783 END_PROFILE(SMBsplwr);
4787 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4789 if (!check_fsp(conn, req, fsp)) {
4790 END_PROFILE(SMBsplwr);
4794 if (!CAN_PRINT(conn)) {
4795 reply_doserror(req, ERRDOS, ERRnoaccess);
4796 END_PROFILE(SMBsplwr);
4800 if (!CHECK_WRITE(fsp)) {
4801 reply_doserror(req, ERRDOS, ERRbadaccess);
4802 END_PROFILE(SMBsplwr);
4806 numtowrite = SVAL(req->buf, 1);
4808 if (req->buflen < numtowrite + 3) {
4809 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4810 END_PROFILE(SMBsplwr);
4814 data = (const char *)req->buf + 3;
4816 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4817 reply_unixerror(req, ERRHRD, ERRdiskfull);
4818 END_PROFILE(SMBsplwr);
4822 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4824 END_PROFILE(SMBsplwr);
4828 /****************************************************************************
4830 ****************************************************************************/
4832 void reply_mkdir(struct smb_request *req)
4834 connection_struct *conn = req->conn;
4835 char *directory = NULL;
4837 SMB_STRUCT_STAT sbuf;
4838 TALLOC_CTX *ctx = talloc_tos();
4840 START_PROFILE(SMBmkdir);
4842 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
4843 STR_TERMINATE, &status);
4844 if (!NT_STATUS_IS_OK(status)) {
4845 reply_nterror(req, status);
4846 END_PROFILE(SMBmkdir);
4850 status = resolve_dfspath(ctx, conn,
4851 req->flags2 & FLAGS2_DFS_PATHNAMES,
4854 if (!NT_STATUS_IS_OK(status)) {
4855 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4856 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4857 ERRSRV, ERRbadpath);
4858 END_PROFILE(SMBmkdir);
4861 reply_nterror(req, status);
4862 END_PROFILE(SMBmkdir);
4866 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4867 if (!NT_STATUS_IS_OK(status)) {
4868 reply_nterror(req, status);
4869 END_PROFILE(SMBmkdir);
4873 status = check_name(conn, directory);
4874 if (!NT_STATUS_IS_OK(status)) {
4875 reply_nterror(req, status);
4876 END_PROFILE(SMBmkdir);
4880 status = create_directory(conn, req, directory);
4882 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4884 if (!NT_STATUS_IS_OK(status)) {
4886 if (!use_nt_status()
4887 && NT_STATUS_EQUAL(status,
4888 NT_STATUS_OBJECT_NAME_COLLISION)) {
4890 * Yes, in the DOS error code case we get a
4891 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4892 * samba4 torture test.
4894 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4897 reply_nterror(req, status);
4898 END_PROFILE(SMBmkdir);
4902 reply_outbuf(req, 0, 0);
4904 DEBUG( 3, ( "mkdir %s\n", directory ) );
4906 END_PROFILE(SMBmkdir);
4910 /****************************************************************************
4911 Static function used by reply_rmdir to delete an entire directory
4912 tree recursively. Return True on ok, False on fail.
4913 ****************************************************************************/
4915 static bool recursive_rmdir(TALLOC_CTX *ctx,
4916 connection_struct *conn,
4919 const char *dname = NULL;
4922 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4928 while((dname = ReadDirName(dir_hnd, &offset))) {
4929 char *fullname = NULL;
4932 if (ISDOT(dname) || ISDOTDOT(dname)) {
4936 if (!is_visible_file(conn, directory, dname, &st, False)) {
4940 /* Construct the full name. */
4941 fullname = talloc_asprintf(ctx,
4951 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4956 if(st.st_mode & S_IFDIR) {
4957 if(!recursive_rmdir(ctx, conn, fullname)) {
4961 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4965 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4969 TALLOC_FREE(fullname);
4971 TALLOC_FREE(dir_hnd);
4975 /****************************************************************************
4976 The internals of the rmdir code - called elsewhere.
4977 ****************************************************************************/
4979 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4980 connection_struct *conn,
4981 const char *directory)
4986 /* Might be a symlink. */
4987 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4988 return map_nt_error_from_unix(errno);
4991 if (S_ISLNK(st.st_mode)) {
4992 /* Is what it points to a directory ? */
4993 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4994 return map_nt_error_from_unix(errno);
4996 if (!(S_ISDIR(st.st_mode))) {
4997 return NT_STATUS_NOT_A_DIRECTORY;
4999 ret = SMB_VFS_UNLINK(conn,directory);
5001 ret = SMB_VFS_RMDIR(conn,directory);
5004 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5005 FILE_NOTIFY_CHANGE_DIR_NAME,
5007 return NT_STATUS_OK;
5010 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5012 * Check to see if the only thing in this directory are
5013 * vetoed files/directories. If so then delete them and
5014 * retry. If we fail to delete any of them (and we *don't*
5015 * do a recursive delete) then fail the rmdir.
5019 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5020 directory, NULL, 0);
5022 if(dir_hnd == NULL) {
5027 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5028 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5030 if (!is_visible_file(conn, directory, dname, &st, False))
5032 if(!IS_VETO_PATH(conn, dname)) {
5033 TALLOC_FREE(dir_hnd);
5039 /* We only have veto files/directories.
5040 * Are we allowed to delete them ? */
5042 if(!lp_recursive_veto_delete(SNUM(conn))) {
5043 TALLOC_FREE(dir_hnd);
5048 /* Do a recursive delete. */
5049 RewindDir(dir_hnd,&dirpos);
5050 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5051 char *fullname = NULL;
5053 if (ISDOT(dname) || ISDOTDOT(dname)) {
5056 if (!is_visible_file(conn, directory, dname, &st, False)) {
5060 fullname = talloc_asprintf(ctx,
5070 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5073 if(st.st_mode & S_IFDIR) {
5074 if(!recursive_rmdir(ctx, conn, fullname)) {
5077 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5080 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5083 TALLOC_FREE(fullname);
5085 TALLOC_FREE(dir_hnd);
5086 /* Retry the rmdir */
5087 ret = SMB_VFS_RMDIR(conn,directory);
5093 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5094 "%s\n", directory,strerror(errno)));
5095 return map_nt_error_from_unix(errno);
5098 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5099 FILE_NOTIFY_CHANGE_DIR_NAME,
5102 return NT_STATUS_OK;
5105 /****************************************************************************
5107 ****************************************************************************/
5109 void reply_rmdir(struct smb_request *req)
5111 connection_struct *conn = req->conn;
5112 char *directory = NULL;
5113 SMB_STRUCT_STAT sbuf;
5115 TALLOC_CTX *ctx = talloc_tos();
5117 START_PROFILE(SMBrmdir);
5119 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5120 STR_TERMINATE, &status);
5121 if (!NT_STATUS_IS_OK(status)) {
5122 reply_nterror(req, status);
5123 END_PROFILE(SMBrmdir);
5127 status = resolve_dfspath(ctx, conn,
5128 req->flags2 & FLAGS2_DFS_PATHNAMES,
5131 if (!NT_STATUS_IS_OK(status)) {
5132 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5133 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5134 ERRSRV, ERRbadpath);
5135 END_PROFILE(SMBrmdir);
5138 reply_nterror(req, status);
5139 END_PROFILE(SMBrmdir);
5143 status = unix_convert(ctx, conn, directory, False, &directory,
5145 if (!NT_STATUS_IS_OK(status)) {
5146 reply_nterror(req, status);
5147 END_PROFILE(SMBrmdir);
5151 status = check_name(conn, directory);
5152 if (!NT_STATUS_IS_OK(status)) {
5153 reply_nterror(req, status);
5154 END_PROFILE(SMBrmdir);
5158 dptr_closepath(directory, req->smbpid);
5159 status = rmdir_internals(ctx, conn, directory);
5160 if (!NT_STATUS_IS_OK(status)) {
5161 reply_nterror(req, status);
5162 END_PROFILE(SMBrmdir);
5166 reply_outbuf(req, 0, 0);
5168 DEBUG( 3, ( "rmdir %s\n", directory ) );
5170 END_PROFILE(SMBrmdir);
5174 /*******************************************************************
5175 Resolve wildcards in a filename rename.
5176 ********************************************************************/
5178 static bool resolve_wildcards(TALLOC_CTX *ctx,
5183 char *name2_copy = NULL;
5188 char *p,*p2, *pname1, *pname2;
5190 name2_copy = talloc_strdup(ctx, name2);
5195 pname1 = strrchr_m(name1,'/');
5196 pname2 = strrchr_m(name2_copy,'/');
5198 if (!pname1 || !pname2) {
5202 /* Truncate the copy of name2 at the last '/' */
5205 /* Now go past the '/' */
5209 root1 = talloc_strdup(ctx, pname1);
5210 root2 = talloc_strdup(ctx, pname2);
5212 if (!root1 || !root2) {
5216 p = strrchr_m(root1,'.');
5219 ext1 = talloc_strdup(ctx, p+1);
5221 ext1 = talloc_strdup(ctx, "");
5223 p = strrchr_m(root2,'.');
5226 ext2 = talloc_strdup(ctx, p+1);
5228 ext2 = talloc_strdup(ctx, "");
5231 if (!ext1 || !ext2) {
5239 /* Hmmm. Should this be mb-aware ? */
5242 } else if (*p2 == '*') {
5244 root2 = talloc_asprintf(ctx, "%s%s",
5263 /* Hmmm. Should this be mb-aware ? */
5266 } else if (*p2 == '*') {
5268 ext2 = talloc_asprintf(ctx, "%s%s",
5284 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5289 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5301 /****************************************************************************
5302 Ensure open files have their names updated. Updated to notify other smbd's
5304 ****************************************************************************/
5306 static void rename_open_files(connection_struct *conn,
5307 struct share_mode_lock *lck,
5308 const char *newname)
5311 bool did_rename = False;
5313 for(fsp = file_find_di_first(lck->id); fsp;
5314 fsp = file_find_di_next(fsp)) {
5315 /* fsp_name is a relative path under the fsp. To change this for other
5316 sharepaths we need to manipulate relative paths. */
5317 /* TODO - create the absolute path and manipulate the newname
5318 relative to the sharepath. */
5319 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5322 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5323 fsp->fnum, file_id_string_tos(&fsp->file_id),
5324 fsp->fsp_name, newname ));
5325 string_set(&fsp->fsp_name, newname);
5330 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5331 file_id_string_tos(&lck->id), newname ));
5334 /* Send messages to all smbd's (not ourself) that the name has changed. */
5335 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5339 /****************************************************************************
5340 We need to check if the source path is a parent directory of the destination
5341 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5342 refuse the rename with a sharing violation. Under UNIX the above call can
5343 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5344 probably need to check that the client is a Windows one before disallowing
5345 this as a UNIX client (one with UNIX extensions) can know the source is a
5346 symlink and make this decision intelligently. Found by an excellent bug
5347 report from <AndyLiebman@aol.com>.
5348 ****************************************************************************/
5350 static bool rename_path_prefix_equal(const char *src, const char *dest)
5352 const char *psrc = src;
5353 const char *pdst = dest;
5356 if (psrc[0] == '.' && psrc[1] == '/') {
5359 if (pdst[0] == '.' && pdst[1] == '/') {
5362 if ((slen = strlen(psrc)) > strlen(pdst)) {
5365 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5369 * Do the notify calls from a rename
5372 static void notify_rename(connection_struct *conn, bool is_dir,
5373 const char *oldpath, const char *newpath)
5375 char *olddir, *newdir;
5376 const char *oldname, *newname;
5379 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5380 : FILE_NOTIFY_CHANGE_FILE_NAME;
5382 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5383 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5384 TALLOC_FREE(olddir);
5388 if (strcmp(olddir, newdir) == 0) {
5389 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5390 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5393 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5394 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5396 TALLOC_FREE(olddir);
5397 TALLOC_FREE(newdir);
5399 /* this is a strange one. w2k3 gives an additional event for
5400 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5401 files, but not directories */
5403 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5404 FILE_NOTIFY_CHANGE_ATTRIBUTES
5405 |FILE_NOTIFY_CHANGE_CREATION,
5410 /****************************************************************************
5411 Rename an open file - given an fsp.
5412 ****************************************************************************/
5414 NTSTATUS rename_internals_fsp(connection_struct *conn,
5417 const char *newname_last_component,
5419 bool replace_if_exists)
5421 TALLOC_CTX *ctx = talloc_tos();
5422 SMB_STRUCT_STAT sbuf, sbuf1;
5423 NTSTATUS status = NT_STATUS_OK;
5424 struct share_mode_lock *lck = NULL;
5429 status = check_name(conn, newname);
5430 if (!NT_STATUS_IS_OK(status)) {
5434 /* Ensure newname contains a '/' */
5435 if(strrchr_m(newname,'/') == 0) {
5436 newname = talloc_asprintf(ctx,
5440 return NT_STATUS_NO_MEMORY;
5445 * Check for special case with case preserving and not
5446 * case sensitive. If the old last component differs from the original
5447 * last component only by case, then we should allow
5448 * the rename (user is trying to change the case of the
5452 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5453 strequal(newname, fsp->fsp_name)) {
5455 char *newname_modified_last_component = NULL;
5458 * Get the last component of the modified name.
5459 * Note that we guarantee that newname contains a '/'
5462 p = strrchr_m(newname,'/');
5463 newname_modified_last_component = talloc_strdup(ctx,
5465 if (!newname_modified_last_component) {
5466 return NT_STATUS_NO_MEMORY;
5469 if(strcsequal(newname_modified_last_component,
5470 newname_last_component) == False) {
5472 * Replace the modified last component with
5475 *p = '\0'; /* Truncate at the '/' */
5476 newname = talloc_asprintf(ctx,
5479 newname_last_component);
5484 * If the src and dest names are identical - including case,
5485 * don't do the rename, just return success.
5488 if (strcsequal(fsp->fsp_name, newname)) {
5489 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5491 return NT_STATUS_OK;
5495 * Have vfs_object_exist also fill sbuf1
5497 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5499 if(!replace_if_exists && dst_exists) {
5500 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5501 fsp->fsp_name,newname));
5502 return NT_STATUS_OBJECT_NAME_COLLISION;
5505 if(replace_if_exists && dst_exists) {
5506 if (is_ntfs_stream_name(newname)) {
5507 return NT_STATUS_INVALID_PARAMETER;
5512 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5513 files_struct *dst_fsp = file_find_di_first(fileid);
5515 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5516 return NT_STATUS_ACCESS_DENIED;
5520 /* Ensure we have a valid stat struct for the source. */
5521 if (fsp->fh->fd != -1) {
5522 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5523 return map_nt_error_from_unix(errno);
5526 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5527 return map_nt_error_from_unix(errno);
5531 status = can_rename(conn, fsp, attrs, &sbuf);
5533 if (!NT_STATUS_IS_OK(status)) {
5534 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5535 nt_errstr(status), fsp->fsp_name,newname));
5536 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5537 status = NT_STATUS_ACCESS_DENIED;
5541 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5542 return NT_STATUS_ACCESS_DENIED;
5545 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5549 * We have the file open ourselves, so not being able to get the
5550 * corresponding share mode lock is a fatal error.
5553 SMB_ASSERT(lck != NULL);
5555 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5556 uint32 create_options = fsp->fh->private_options;
5558 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5559 fsp->fsp_name,newname));
5561 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5563 rename_open_files(conn, lck, newname);
5566 * A rename acts as a new file create w.r.t. allowing an initial delete
5567 * on close, probably because in Windows there is a new handle to the
5568 * new file. If initial delete on close was requested but not
5569 * originally set, we need to set it here. This is probably not 100% correct,
5570 * but will work for the CIFSFS client which in non-posix mode
5571 * depends on these semantics. JRA.
5574 set_allow_initial_delete_on_close(lck, fsp, True);
5576 if (create_options & FILE_DELETE_ON_CLOSE) {
5577 status = can_set_delete_on_close(fsp, True, 0);
5579 if (NT_STATUS_IS_OK(status)) {
5580 /* Note that here we set the *inital* delete on close flag,
5581 * not the regular one. The magic gets handled in close. */
5582 fsp->initial_delete_on_close = True;
5586 return NT_STATUS_OK;
5591 if (errno == ENOTDIR || errno == EISDIR) {
5592 status = NT_STATUS_OBJECT_NAME_COLLISION;
5594 status = map_nt_error_from_unix(errno);
5597 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5598 nt_errstr(status), fsp->fsp_name,newname));
5603 /****************************************************************************
5604 The guts of the rename command, split out so it may be called by the NT SMB
5606 ****************************************************************************/
5608 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5609 connection_struct *conn,
5610 struct smb_request *req,
5611 const char *name_in,
5612 const char *newname_in,
5614 bool replace_if_exists,
5617 uint32_t access_mask)
5619 char *directory = NULL;
5621 char *last_component_src = NULL;
5622 char *last_component_dest = NULL;
5624 char *newname = NULL;
5627 NTSTATUS status = NT_STATUS_OK;
5628 SMB_STRUCT_STAT sbuf1, sbuf2;
5629 struct smb_Dir *dir_hnd = NULL;
5636 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5637 &last_component_src, &sbuf1);
5638 if (!NT_STATUS_IS_OK(status)) {
5642 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5643 &last_component_dest, &sbuf2);
5644 if (!NT_STATUS_IS_OK(status)) {
5649 * Split the old name into directory and last component
5650 * strings. Note that unix_convert may have stripped off a
5651 * leading ./ from both name and newname if the rename is
5652 * at the root of the share. We need to make sure either both
5653 * name and newname contain a / character or neither of them do
5654 * as this is checked in resolve_wildcards().
5657 p = strrchr_m(name,'/');
5659 directory = talloc_strdup(ctx, ".");
5661 return NT_STATUS_NO_MEMORY;
5666 directory = talloc_strdup(ctx, name);
5668 return NT_STATUS_NO_MEMORY;
5671 *p = '/'; /* Replace needed for exceptional test below. */
5675 * We should only check the mangled cache
5676 * here if unix_convert failed. This means
5677 * that the path in 'mask' doesn't exist
5678 * on the file system and so we need to look
5679 * for a possible mangle. This patch from
5680 * Tine Smukavec <valentin.smukavec@hermes.si>.
5683 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5684 char *new_mask = NULL;
5685 mangle_lookup_name_from_8_3(ctx,
5694 if (!src_has_wild) {
5698 * No wildcards - just process the one file.
5700 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5702 /* Add a terminating '/' to the directory name. */
5703 directory = talloc_asprintf_append(directory,
5707 return NT_STATUS_NO_MEMORY;
5710 /* Ensure newname contains a '/' also */
5711 if(strrchr_m(newname,'/') == 0) {
5712 newname = talloc_asprintf(ctx,
5716 return NT_STATUS_NO_MEMORY;
5720 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5721 "case_preserve = %d, short case preserve = %d, "
5722 "directory = %s, newname = %s, "
5723 "last_component_dest = %s, is_8_3 = %d\n",
5724 conn->case_sensitive, conn->case_preserve,
5725 conn->short_case_preserve, directory,
5726 newname, last_component_dest, is_short_name));
5728 /* The dest name still may have wildcards. */
5729 if (dest_has_wild) {
5730 char *mod_newname = NULL;
5731 if (!resolve_wildcards(ctx,
5732 directory,newname,&mod_newname)) {
5733 DEBUG(6, ("rename_internals: resolve_wildcards "
5737 return NT_STATUS_NO_MEMORY;
5739 newname = mod_newname;
5743 SMB_VFS_STAT(conn, directory, &sbuf1);
5745 status = S_ISDIR(sbuf1.st_mode) ?
5746 open_directory(conn, req, directory, &sbuf1,
5748 FILE_SHARE_READ|FILE_SHARE_WRITE,
5749 FILE_OPEN, 0, 0, NULL,
5751 : open_file_ntcreate(conn, req, directory, &sbuf1,
5753 FILE_SHARE_READ|FILE_SHARE_WRITE,
5754 FILE_OPEN, 0, 0, 0, NULL,
5757 if (!NT_STATUS_IS_OK(status)) {
5758 DEBUG(3, ("Could not open rename source %s: %s\n",
5759 directory, nt_errstr(status)));
5763 status = rename_internals_fsp(conn, fsp, newname,
5764 last_component_dest,
5765 attrs, replace_if_exists);
5767 close_file(req, fsp, NORMAL_CLOSE);
5769 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5770 nt_errstr(status), directory,newname));
5776 * Wildcards - process each file that matches.
5778 if (strequal(mask,"????????.???")) {
5783 status = check_name(conn, directory);
5784 if (!NT_STATUS_IS_OK(status)) {
5788 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5789 if (dir_hnd == NULL) {
5790 return map_nt_error_from_unix(errno);
5793 status = NT_STATUS_NO_SUCH_FILE;
5795 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5796 * - gentest fix. JRA
5799 while ((dname = ReadDirName(dir_hnd, &offset))) {
5800 files_struct *fsp = NULL;
5802 char *destname = NULL;
5803 bool sysdir_entry = False;
5805 /* Quick check for "." and ".." */
5806 if (ISDOT(dname) || ISDOTDOT(dname)) {
5808 sysdir_entry = True;
5814 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5818 if(!mask_match(dname, mask, conn->case_sensitive)) {
5823 status = NT_STATUS_OBJECT_NAME_INVALID;
5827 fname = talloc_asprintf(ctx,
5832 return NT_STATUS_NO_MEMORY;
5835 if (!resolve_wildcards(ctx,
5836 fname,newname,&destname)) {
5837 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5843 return NT_STATUS_NO_MEMORY;
5847 SMB_VFS_STAT(conn, fname, &sbuf1);
5849 status = S_ISDIR(sbuf1.st_mode) ?
5850 open_directory(conn, req, fname, &sbuf1,
5852 FILE_SHARE_READ|FILE_SHARE_WRITE,
5853 FILE_OPEN, 0, 0, NULL,
5855 : open_file_ntcreate(conn, req, fname, &sbuf1,
5857 FILE_SHARE_READ|FILE_SHARE_WRITE,
5858 FILE_OPEN, 0, 0, 0, NULL,
5861 if (!NT_STATUS_IS_OK(status)) {
5862 DEBUG(3,("rename_internals: open_file_ntcreate "
5863 "returned %s rename %s -> %s\n",
5864 nt_errstr(status), directory, newname));
5868 status = rename_internals_fsp(conn, fsp, destname, dname,
5869 attrs, replace_if_exists);
5871 close_file(req, fsp, NORMAL_CLOSE);
5873 if (!NT_STATUS_IS_OK(status)) {
5874 DEBUG(3, ("rename_internals_fsp returned %s for "
5875 "rename %s -> %s\n", nt_errstr(status),
5876 directory, newname));
5882 DEBUG(3,("rename_internals: doing rename on %s -> "
5883 "%s\n",fname,destname));
5886 TALLOC_FREE(destname);
5888 TALLOC_FREE(dir_hnd);
5890 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
5891 status = map_nt_error_from_unix(errno);
5897 /****************************************************************************
5899 ****************************************************************************/
5901 void reply_mv(struct smb_request *req)
5903 connection_struct *conn = req->conn;
5905 char *newname = NULL;
5909 bool src_has_wcard = False;
5910 bool dest_has_wcard = False;
5911 TALLOC_CTX *ctx = talloc_tos();
5913 START_PROFILE(SMBmv);
5916 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5921 attrs = SVAL(req->vwv+0, 0);
5923 p = (const char *)req->buf + 1;
5924 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
5925 &status, &src_has_wcard);
5926 if (!NT_STATUS_IS_OK(status)) {
5927 reply_nterror(req, status);
5932 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
5933 &status, &dest_has_wcard);
5934 if (!NT_STATUS_IS_OK(status)) {
5935 reply_nterror(req, status);
5940 status = resolve_dfspath_wcard(ctx, conn,
5941 req->flags2 & FLAGS2_DFS_PATHNAMES,
5945 if (!NT_STATUS_IS_OK(status)) {
5946 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5947 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5948 ERRSRV, ERRbadpath);
5952 reply_nterror(req, status);
5957 status = resolve_dfspath_wcard(ctx, conn,
5958 req->flags2 & FLAGS2_DFS_PATHNAMES,
5962 if (!NT_STATUS_IS_OK(status)) {
5963 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5964 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5965 ERRSRV, ERRbadpath);
5969 reply_nterror(req, status);
5974 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5976 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5977 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
5978 if (!NT_STATUS_IS_OK(status)) {
5979 if (open_was_deferred(req->mid)) {
5980 /* We have re-scheduled this call. */
5984 reply_nterror(req, status);
5989 reply_outbuf(req, 0, 0);
5995 /*******************************************************************
5996 Copy a file as part of a reply_copy.
5997 ******************************************************************/
6000 * TODO: check error codes on all callers
6003 NTSTATUS copy_file(TALLOC_CTX *ctx,
6004 connection_struct *conn,
6009 bool target_is_directory)
6011 SMB_STRUCT_STAT src_sbuf, sbuf2;
6013 files_struct *fsp1,*fsp2;
6016 uint32 new_create_disposition;
6019 dest = talloc_strdup(ctx, dest1);
6021 return NT_STATUS_NO_MEMORY;
6023 if (target_is_directory) {
6024 const char *p = strrchr_m(src,'/');
6030 dest = talloc_asprintf_append(dest,
6034 return NT_STATUS_NO_MEMORY;
6038 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6040 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6043 if (!target_is_directory && count) {
6044 new_create_disposition = FILE_OPEN;
6046 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6047 NULL, NULL, &new_create_disposition, NULL)) {
6049 return NT_STATUS_INVALID_PARAMETER;
6053 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6055 FILE_SHARE_READ|FILE_SHARE_WRITE,
6058 FILE_ATTRIBUTE_NORMAL,
6062 if (!NT_STATUS_IS_OK(status)) {
6067 dosattrs = dos_mode(conn, src, &src_sbuf);
6068 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6069 ZERO_STRUCTP(&sbuf2);
6072 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6074 FILE_SHARE_READ|FILE_SHARE_WRITE,
6075 new_create_disposition,
6083 if (!NT_STATUS_IS_OK(status)) {
6084 close_file(NULL, fsp1, ERROR_CLOSE);
6088 if ((ofun&3) == 1) {
6089 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6090 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6092 * Stop the copy from occurring.
6095 src_sbuf.st_size = 0;
6099 if (src_sbuf.st_size) {
6100 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6103 close_file(NULL, fsp1, NORMAL_CLOSE);
6105 /* Ensure the modtime is set correctly on the destination file. */
6106 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6109 * As we are opening fsp1 read-only we only expect
6110 * an error on close on fsp2 if we are out of space.
6111 * Thus we don't look at the error return from the
6114 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6116 if (!NT_STATUS_IS_OK(status)) {
6120 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6121 return NT_STATUS_DISK_FULL;
6124 return NT_STATUS_OK;
6127 /****************************************************************************
6128 Reply to a file copy.
6129 ****************************************************************************/
6131 void reply_copy(struct smb_request *req)
6133 connection_struct *conn = req->conn;
6135 char *newname = NULL;
6136 char *directory = NULL;
6137 const char *mask = NULL;
6138 const char mask_star[] = "*";
6141 int error = ERRnoaccess;
6146 bool target_is_directory=False;
6147 bool source_has_wild = False;
6148 bool dest_has_wild = False;
6149 SMB_STRUCT_STAT sbuf1, sbuf2;
6151 TALLOC_CTX *ctx = talloc_tos();
6153 START_PROFILE(SMBcopy);
6156 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6157 END_PROFILE(SMBcopy);
6161 tid2 = SVAL(req->vwv+0, 0);
6162 ofun = SVAL(req->vwv+1, 0);
6163 flags = SVAL(req->vwv+2, 0);
6165 p = (const char *)req->buf;
6166 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6167 &status, &source_has_wild);
6168 if (!NT_STATUS_IS_OK(status)) {
6169 reply_nterror(req, status);
6170 END_PROFILE(SMBcopy);
6173 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6174 &status, &dest_has_wild);
6175 if (!NT_STATUS_IS_OK(status)) {
6176 reply_nterror(req, status);
6177 END_PROFILE(SMBcopy);
6181 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6183 if (tid2 != conn->cnum) {
6184 /* can't currently handle inter share copies XXXX */
6185 DEBUG(3,("Rejecting inter-share copy\n"));
6186 reply_doserror(req, ERRSRV, ERRinvdevice);
6187 END_PROFILE(SMBcopy);
6191 status = resolve_dfspath_wcard(ctx, conn,
6192 req->flags2 & FLAGS2_DFS_PATHNAMES,
6196 if (!NT_STATUS_IS_OK(status)) {
6197 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6198 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6199 ERRSRV, ERRbadpath);
6200 END_PROFILE(SMBcopy);
6203 reply_nterror(req, status);
6204 END_PROFILE(SMBcopy);
6208 status = resolve_dfspath_wcard(ctx, conn,
6209 req->flags2 & FLAGS2_DFS_PATHNAMES,
6213 if (!NT_STATUS_IS_OK(status)) {
6214 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6215 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6216 ERRSRV, ERRbadpath);
6217 END_PROFILE(SMBcopy);
6220 reply_nterror(req, status);
6221 END_PROFILE(SMBcopy);
6225 status = unix_convert(ctx, conn, name, source_has_wild,
6226 &name, NULL, &sbuf1);
6227 if (!NT_STATUS_IS_OK(status)) {
6228 reply_nterror(req, status);
6229 END_PROFILE(SMBcopy);
6233 status = unix_convert(ctx, conn, newname, dest_has_wild,
6234 &newname, NULL, &sbuf2);
6235 if (!NT_STATUS_IS_OK(status)) {
6236 reply_nterror(req, status);
6237 END_PROFILE(SMBcopy);
6241 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6243 if ((flags&1) && target_is_directory) {
6244 reply_doserror(req, ERRDOS, ERRbadfile);
6245 END_PROFILE(SMBcopy);
6249 if ((flags&2) && !target_is_directory) {
6250 reply_doserror(req, ERRDOS, ERRbadpath);
6251 END_PROFILE(SMBcopy);
6255 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6256 /* wants a tree copy! XXXX */
6257 DEBUG(3,("Rejecting tree copy\n"));
6258 reply_doserror(req, ERRSRV, ERRerror);
6259 END_PROFILE(SMBcopy);
6263 p = strrchr_m(name,'/');
6265 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6268 directory = talloc_strdup(ctx, "./");
6273 reply_nterror(req, NT_STATUS_NO_MEMORY);
6274 END_PROFILE(SMBcopy);
6279 * We should only check the mangled cache
6280 * here if unix_convert failed. This means
6281 * that the path in 'mask' doesn't exist
6282 * on the file system and so we need to look
6283 * for a possible mangle. This patch from
6284 * Tine Smukavec <valentin.smukavec@hermes.si>.
6287 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6288 char *new_mask = NULL;
6289 mangle_lookup_name_from_8_3(ctx,
6298 if (!source_has_wild) {
6299 directory = talloc_asprintf_append(directory,
6302 if (dest_has_wild) {
6303 char *mod_newname = NULL;
6304 if (!resolve_wildcards(ctx,
6305 directory,newname,&mod_newname)) {
6306 reply_nterror(req, NT_STATUS_NO_MEMORY);
6307 END_PROFILE(SMBcopy);
6310 newname = mod_newname;
6313 status = check_name(conn, directory);
6314 if (!NT_STATUS_IS_OK(status)) {
6315 reply_nterror(req, status);
6316 END_PROFILE(SMBcopy);
6320 status = check_name(conn, newname);
6321 if (!NT_STATUS_IS_OK(status)) {
6322 reply_nterror(req, status);
6323 END_PROFILE(SMBcopy);
6327 status = copy_file(ctx,conn,directory,newname,ofun,
6328 count,target_is_directory);
6330 if(!NT_STATUS_IS_OK(status)) {
6331 reply_nterror(req, status);
6332 END_PROFILE(SMBcopy);
6338 struct smb_Dir *dir_hnd = NULL;
6339 const char *dname = NULL;
6342 if (strequal(mask,"????????.???")) {
6346 status = check_name(conn, directory);
6347 if (!NT_STATUS_IS_OK(status)) {
6348 reply_nterror(req, status);
6349 END_PROFILE(SMBcopy);
6353 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6354 if (dir_hnd == NULL) {
6355 status = map_nt_error_from_unix(errno);
6356 reply_nterror(req, status);
6357 END_PROFILE(SMBcopy);
6363 while ((dname = ReadDirName(dir_hnd, &offset))) {
6364 char *destname = NULL;
6367 if (ISDOT(dname) || ISDOTDOT(dname)) {
6371 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6375 if(!mask_match(dname, mask, conn->case_sensitive)) {
6379 error = ERRnoaccess;
6380 fname = talloc_asprintf(ctx,
6385 TALLOC_FREE(dir_hnd);
6386 reply_nterror(req, NT_STATUS_NO_MEMORY);
6387 END_PROFILE(SMBcopy);
6391 if (!resolve_wildcards(ctx,
6392 fname,newname,&destname)) {
6396 TALLOC_FREE(dir_hnd);
6397 reply_nterror(req, NT_STATUS_NO_MEMORY);
6398 END_PROFILE(SMBcopy);
6402 status = check_name(conn, fname);
6403 if (!NT_STATUS_IS_OK(status)) {
6404 TALLOC_FREE(dir_hnd);
6405 reply_nterror(req, status);
6406 END_PROFILE(SMBcopy);
6410 status = check_name(conn, destname);
6411 if (!NT_STATUS_IS_OK(status)) {
6412 TALLOC_FREE(dir_hnd);
6413 reply_nterror(req, status);
6414 END_PROFILE(SMBcopy);
6418 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6420 status = copy_file(ctx,conn,fname,destname,ofun,
6421 count,target_is_directory);
6422 if (NT_STATUS_IS_OK(status)) {
6426 TALLOC_FREE(destname);
6428 TALLOC_FREE(dir_hnd);
6433 /* Error on close... */
6435 reply_unixerror(req, ERRHRD, ERRgeneral);
6436 END_PROFILE(SMBcopy);
6440 reply_doserror(req, ERRDOS, error);
6441 END_PROFILE(SMBcopy);
6445 reply_outbuf(req, 1, 0);
6446 SSVAL(req->outbuf,smb_vwv0,count);
6448 END_PROFILE(SMBcopy);
6453 #define DBGC_CLASS DBGC_LOCKING
6455 /****************************************************************************
6456 Get a lock pid, dealing with large count requests.
6457 ****************************************************************************/
6459 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6460 bool large_file_format)
6462 if(!large_file_format)
6463 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6465 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6468 /****************************************************************************
6469 Get a lock count, dealing with large count requests.
6470 ****************************************************************************/
6472 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6473 bool large_file_format)
6477 if(!large_file_format) {
6478 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6481 #if defined(HAVE_LONGLONG)
6482 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6483 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6484 #else /* HAVE_LONGLONG */
6487 * NT4.x seems to be broken in that it sends large file (64 bit)
6488 * lockingX calls even if the CAP_LARGE_FILES was *not*
6489 * negotiated. For boxes without large unsigned ints truncate the
6490 * lock count by dropping the top 32 bits.
6493 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6494 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6495 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6496 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6497 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6500 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6501 #endif /* HAVE_LONGLONG */
6507 #if !defined(HAVE_LONGLONG)
6508 /****************************************************************************
6509 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6510 ****************************************************************************/
6512 static uint32 map_lock_offset(uint32 high, uint32 low)
6516 uint32 highcopy = high;
6519 * Try and find out how many significant bits there are in high.
6522 for(i = 0; highcopy; i++)
6526 * We use 31 bits not 32 here as POSIX
6527 * lock offsets may not be negative.
6530 mask = (~0) << (31 - i);
6533 return 0; /* Fail. */
6539 #endif /* !defined(HAVE_LONGLONG) */
6541 /****************************************************************************
6542 Get a lock offset, dealing with large offset requests.
6543 ****************************************************************************/
6545 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6546 bool large_file_format, bool *err)
6548 uint64_t offset = 0;
6552 if(!large_file_format) {
6553 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6556 #if defined(HAVE_LONGLONG)
6557 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6558 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6559 #else /* HAVE_LONGLONG */
6562 * NT4.x seems to be broken in that it sends large file (64 bit)
6563 * lockingX calls even if the CAP_LARGE_FILES was *not*
6564 * negotiated. For boxes without large unsigned ints mangle the
6565 * lock offset by mapping the top 32 bits onto the lower 32.
6568 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6569 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6570 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6573 if((new_low = map_lock_offset(high, low)) == 0) {
6575 return (uint64_t)-1;
6578 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6579 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6580 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6581 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6584 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6585 #endif /* HAVE_LONGLONG */
6591 /****************************************************************************
6592 Reply to a lockingX request.
6593 ****************************************************************************/
6595 void reply_lockingX(struct smb_request *req)
6597 connection_struct *conn = req->conn;
6599 unsigned char locktype;
6600 unsigned char oplocklevel;
6603 uint64_t count = 0, offset = 0;
6607 const uint8_t *data;
6608 bool large_file_format;
6610 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6612 START_PROFILE(SMBlockingX);
6615 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6616 END_PROFILE(SMBlockingX);
6620 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6621 locktype = CVAL(req->vwv+3, 0);
6622 oplocklevel = CVAL(req->vwv+3, 1);
6623 num_ulocks = SVAL(req->vwv+6, 0);
6624 num_locks = SVAL(req->vwv+7, 0);
6625 lock_timeout = IVAL(req->vwv+4, 0);
6626 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6628 if (!check_fsp(conn, req, fsp)) {
6629 END_PROFILE(SMBlockingX);
6635 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6636 /* we don't support these - and CANCEL_LOCK makes w2k
6637 and XP reboot so I don't really want to be
6638 compatible! (tridge) */
6639 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6640 END_PROFILE(SMBlockingX);
6644 /* Check if this is an oplock break on a file
6645 we have granted an oplock on.
6647 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6648 /* Client can insist on breaking to none. */
6649 bool break_to_none = (oplocklevel == 0);
6652 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6653 "for fnum = %d\n", (unsigned int)oplocklevel,
6657 * Make sure we have granted an exclusive or batch oplock on
6661 if (fsp->oplock_type == 0) {
6663 /* The Samba4 nbench simulator doesn't understand
6664 the difference between break to level2 and break
6665 to none from level2 - it sends oplock break
6666 replies in both cases. Don't keep logging an error
6667 message here - just ignore it. JRA. */
6669 DEBUG(5,("reply_lockingX: Error : oplock break from "
6670 "client for fnum = %d (oplock=%d) and no "
6671 "oplock granted on this file (%s).\n",
6672 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6674 /* if this is a pure oplock break request then don't
6676 if (num_locks == 0 && num_ulocks == 0) {
6677 END_PROFILE(SMBlockingX);
6680 END_PROFILE(SMBlockingX);
6681 reply_doserror(req, ERRDOS, ERRlock);
6686 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6688 result = remove_oplock(fsp);
6690 result = downgrade_oplock(fsp);
6694 DEBUG(0, ("reply_lockingX: error in removing "
6695 "oplock on file %s\n", fsp->fsp_name));
6696 /* Hmmm. Is this panic justified? */
6697 smb_panic("internal tdb error");
6700 reply_to_oplock_break_requests(fsp);
6702 /* if this is a pure oplock break request then don't send a
6704 if (num_locks == 0 && num_ulocks == 0) {
6705 /* Sanity check - ensure a pure oplock break is not a
6707 if(CVAL(req->vwv+0, 0) != 0xff)
6708 DEBUG(0,("reply_lockingX: Error : pure oplock "
6709 "break is a chained %d request !\n",
6710 (unsigned int)CVAL(req->vwv+0, 0)));
6711 END_PROFILE(SMBlockingX);
6717 * We do this check *after* we have checked this is not a oplock break
6718 * response message. JRA.
6721 release_level_2_oplocks_on_change(fsp);
6724 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6725 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6726 END_PROFILE(SMBlockingX);
6730 /* Data now points at the beginning of the list
6731 of smb_unlkrng structs */
6732 for(i = 0; i < (int)num_ulocks; i++) {
6733 lock_pid = get_lock_pid( data, i, large_file_format);
6734 count = get_lock_count( data, i, large_file_format);
6735 offset = get_lock_offset( data, i, large_file_format, &err);
6738 * There is no error code marked "stupid client bug".... :-).
6741 END_PROFILE(SMBlockingX);
6742 reply_doserror(req, ERRDOS, ERRnoaccess);
6746 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6747 "pid %u, file %s\n", (double)offset, (double)count,
6748 (unsigned int)lock_pid, fsp->fsp_name ));
6750 status = do_unlock(smbd_messaging_context(),
6757 if (NT_STATUS_V(status)) {
6758 END_PROFILE(SMBlockingX);
6759 reply_nterror(req, status);
6764 /* Setup the timeout in seconds. */
6766 if (!lp_blocking_locks(SNUM(conn))) {
6770 /* Now do any requested locks */
6771 data += ((large_file_format ? 20 : 10)*num_ulocks);
6773 /* Data now points at the beginning of the list
6774 of smb_lkrng structs */
6776 for(i = 0; i < (int)num_locks; i++) {
6777 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6778 READ_LOCK:WRITE_LOCK);
6779 lock_pid = get_lock_pid( data, i, large_file_format);
6780 count = get_lock_count( data, i, large_file_format);
6781 offset = get_lock_offset( data, i, large_file_format, &err);
6784 * There is no error code marked "stupid client bug".... :-).
6787 END_PROFILE(SMBlockingX);
6788 reply_doserror(req, ERRDOS, ERRnoaccess);
6792 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6793 "%u, file %s timeout = %d\n", (double)offset,
6794 (double)count, (unsigned int)lock_pid,
6795 fsp->fsp_name, (int)lock_timeout ));
6797 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6798 if (lp_blocking_locks(SNUM(conn))) {
6800 /* Schedule a message to ourselves to
6801 remove the blocking lock record and
6802 return the right error. */
6804 if (!blocking_lock_cancel(fsp,
6810 NT_STATUS_FILE_LOCK_CONFLICT)) {
6811 END_PROFILE(SMBlockingX);
6816 ERRcancelviolation));
6820 /* Remove a matching pending lock. */
6821 status = do_lock_cancel(fsp,
6827 bool blocking_lock = lock_timeout ? True : False;
6828 bool defer_lock = False;
6829 struct byte_range_lock *br_lck;
6830 uint32 block_smbpid;
6832 br_lck = do_lock(smbd_messaging_context(),
6843 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6844 /* Windows internal resolution for blocking locks seems
6845 to be about 200ms... Don't wait for less than that. JRA. */
6846 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6847 lock_timeout = lp_lock_spin_time();
6852 /* This heuristic seems to match W2K3 very well. If a
6853 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6854 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6855 far as I can tell. Replacement for do_lock_spin(). JRA. */
6857 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6858 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6860 lock_timeout = lp_lock_spin_time();
6863 if (br_lck && defer_lock) {
6865 * A blocking lock was requested. Package up
6866 * this smb into a queued request and push it
6867 * onto the blocking lock queue.
6869 if(push_blocking_lock_request(br_lck,
6880 TALLOC_FREE(br_lck);
6881 END_PROFILE(SMBlockingX);
6886 TALLOC_FREE(br_lck);
6889 if (NT_STATUS_V(status)) {
6890 END_PROFILE(SMBlockingX);
6891 reply_nterror(req, status);
6896 /* If any of the above locks failed, then we must unlock
6897 all of the previous locks (X/Open spec). */
6899 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6903 * Ensure we don't do a remove on the lock that just failed,
6904 * as under POSIX rules, if we have a lock already there, we
6905 * will delete it (and we shouldn't) .....
6907 for(i--; i >= 0; i--) {
6908 lock_pid = get_lock_pid( data, i, large_file_format);
6909 count = get_lock_count( data, i, large_file_format);
6910 offset = get_lock_offset( data, i, large_file_format,
6914 * There is no error code marked "stupid client
6918 END_PROFILE(SMBlockingX);
6919 reply_doserror(req, ERRDOS, ERRnoaccess);
6923 do_unlock(smbd_messaging_context(),
6930 END_PROFILE(SMBlockingX);
6931 reply_nterror(req, status);
6935 reply_outbuf(req, 2, 0);
6937 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6938 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6940 END_PROFILE(SMBlockingX);
6945 #define DBGC_CLASS DBGC_ALL
6947 /****************************************************************************
6948 Reply to a SMBreadbmpx (read block multiplex) request.
6949 Always reply with an error, if someone has a platform really needs this,
6950 please contact vl@samba.org
6951 ****************************************************************************/
6953 void reply_readbmpx(struct smb_request *req)
6955 START_PROFILE(SMBreadBmpx);
6956 reply_doserror(req, ERRSRV, ERRuseSTD);
6957 END_PROFILE(SMBreadBmpx);
6961 /****************************************************************************
6962 Reply to a SMBreadbs (read block multiplex secondary) request.
6963 Always reply with an error, if someone has a platform really needs this,
6964 please contact vl@samba.org
6965 ****************************************************************************/
6967 void reply_readbs(struct smb_request *req)
6969 START_PROFILE(SMBreadBs);
6970 reply_doserror(req, ERRSRV, ERRuseSTD);
6971 END_PROFILE(SMBreadBs);
6975 /****************************************************************************
6976 Reply to a SMBsetattrE.
6977 ****************************************************************************/
6979 void reply_setattrE(struct smb_request *req)
6981 connection_struct *conn = req->conn;
6982 struct timespec ts[2];
6984 SMB_STRUCT_STAT sbuf;
6987 START_PROFILE(SMBsetattrE);
6990 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6991 END_PROFILE(SMBsetattrE);
6995 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
6997 if(!fsp || (fsp->conn != conn)) {
6998 reply_doserror(req, ERRDOS, ERRbadfid);
6999 END_PROFILE(SMBsetattrE);
7005 * Convert the DOS times into unix times. Ignore create
7006 * time as UNIX can't set this.
7009 ts[0] = convert_time_t_to_timespec(
7010 srv_make_unix_date2(req->vwv+3)); /* atime. */
7011 ts[1] = convert_time_t_to_timespec(
7012 srv_make_unix_date2(req->vwv+5)); /* mtime. */
7014 reply_outbuf(req, 0, 0);
7017 * Patch from Ray Frush <frush@engr.colostate.edu>
7018 * Sometimes times are sent as zero - ignore them.
7021 /* Ensure we have a valid stat struct for the source. */
7022 if (fsp->fh->fd != -1) {
7023 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7024 status = map_nt_error_from_unix(errno);
7025 reply_nterror(req, status);
7026 END_PROFILE(SMBsetattrE);
7030 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) {
7031 status = map_nt_error_from_unix(errno);
7032 reply_nterror(req, status);
7033 END_PROFILE(SMBsetattrE);
7038 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7040 if (!NT_STATUS_IS_OK(status)) {
7041 reply_doserror(req, ERRDOS, ERRnoaccess);
7042 END_PROFILE(SMBsetattrE);
7046 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7048 (unsigned int)ts[0].tv_sec,
7049 (unsigned int)ts[1].tv_sec));
7051 END_PROFILE(SMBsetattrE);
7056 /* Back from the dead for OS/2..... JRA. */
7058 /****************************************************************************
7059 Reply to a SMBwritebmpx (write block multiplex primary) request.
7060 Always reply with an error, if someone has a platform really needs this,
7061 please contact vl@samba.org
7062 ****************************************************************************/
7064 void reply_writebmpx(struct smb_request *req)
7066 START_PROFILE(SMBwriteBmpx);
7067 reply_doserror(req, ERRSRV, ERRuseSTD);
7068 END_PROFILE(SMBwriteBmpx);
7072 /****************************************************************************
7073 Reply to a SMBwritebs (write block multiplex secondary) request.
7074 Always reply with an error, if someone has a platform really needs this,
7075 please contact vl@samba.org
7076 ****************************************************************************/
7078 void reply_writebs(struct smb_request *req)
7080 START_PROFILE(SMBwriteBs);
7081 reply_doserror(req, ERRSRV, ERRuseSTD);
7082 END_PROFILE(SMBwriteBs);
7086 /****************************************************************************
7087 Reply to a SMBgetattrE.
7088 ****************************************************************************/
7090 void reply_getattrE(struct smb_request *req)
7092 connection_struct *conn = req->conn;
7093 SMB_STRUCT_STAT sbuf;
7096 struct timespec create_ts;
7098 START_PROFILE(SMBgetattrE);
7101 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7102 END_PROFILE(SMBgetattrE);
7106 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7108 if(!fsp || (fsp->conn != conn)) {
7109 reply_doserror(req, ERRDOS, ERRbadfid);
7110 END_PROFILE(SMBgetattrE);
7114 /* Do an fstat on this file */
7115 if(fsp_stat(fsp, &sbuf)) {
7116 reply_unixerror(req, ERRDOS, ERRnoaccess);
7117 END_PROFILE(SMBgetattrE);
7121 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7124 * Convert the times into dos times. Set create
7125 * date to be last modify date as UNIX doesn't save
7129 reply_outbuf(req, 11, 0);
7131 create_ts = get_create_timespec(&sbuf,
7132 lp_fake_dir_create_times(SNUM(conn)));
7133 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7134 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7135 /* Should we check pending modtime here ? JRA */
7136 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7139 SIVAL(req->outbuf, smb_vwv6, 0);
7140 SIVAL(req->outbuf, smb_vwv8, 0);
7142 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7143 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7144 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7146 SSVAL(req->outbuf,smb_vwv10, mode);
7148 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7150 END_PROFILE(SMBgetattrE);