2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 #include "smbd/globals.h"
30 #include "fake_file.h"
31 #include "../librpc/gen_ndr/cli_spoolss.h"
32 #include "rpc_client/cli_spoolss.h"
33 #include "rpc_client/init_spoolss.h"
34 #include "rpc_server/rpc_ncacn_np.h"
35 #include "libcli/security/security.h"
37 /****************************************************************************
38 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
39 path or anything including wildcards.
40 We're assuming here that '/' is not the second byte in any multibyte char
41 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
43 ****************************************************************************/
45 /* Custom version for processing POSIX paths. */
46 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
48 static NTSTATUS check_path_syntax_internal(char *path,
50 bool *p_last_component_contains_wcard)
54 NTSTATUS ret = NT_STATUS_OK;
55 bool start_of_name_component = True;
56 bool stream_started = false;
58 *p_last_component_contains_wcard = False;
65 return NT_STATUS_OBJECT_NAME_INVALID;
68 return NT_STATUS_OBJECT_NAME_INVALID;
70 if (strchr_m(&s[1], ':')) {
71 return NT_STATUS_OBJECT_NAME_INVALID;
77 if ((*s == ':') && !posix_path && !stream_started) {
78 if (*p_last_component_contains_wcard) {
79 return NT_STATUS_OBJECT_NAME_INVALID;
81 /* Stream names allow more characters than file names.
82 We're overloading posix_path here to allow a wider
83 range of characters. If stream_started is true this
84 is still a Windows path even if posix_path is true.
87 stream_started = true;
88 start_of_name_component = false;
92 return NT_STATUS_OBJECT_NAME_INVALID;
96 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
98 * Safe to assume is not the second part of a mb char
99 * as this is handled below.
101 /* Eat multiple '/' or '\\' */
102 while (IS_PATH_SEP(*s,posix_path)) {
105 if ((d != path) && (*s != '\0')) {
106 /* We only care about non-leading or trailing '/' or '\\' */
110 start_of_name_component = True;
112 *p_last_component_contains_wcard = False;
116 if (start_of_name_component) {
117 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
118 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
121 * No mb char starts with '.' so we're safe checking the directory separator here.
124 /* If we just added a '/' - delete it */
125 if ((d > path) && (*(d-1) == '/')) {
130 /* Are we at the start ? Can't go back further if so. */
132 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
135 /* Go back one level... */
136 /* We know this is safe as '/' cannot be part of a mb sequence. */
137 /* NOTE - if this assumption is invalid we are not in good shape... */
138 /* Decrement d first as d points to the *next* char to write into. */
139 for (d--; d > path; d--) {
143 s += 2; /* Else go past the .. */
144 /* We're still at the start of a name component, just the previous one. */
147 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
159 if (*s <= 0x1f || *s == '|') {
160 return NT_STATUS_OBJECT_NAME_INVALID;
168 *p_last_component_contains_wcard = True;
177 /* Get the size of the next MB character. */
178 next_codepoint(s,&siz);
196 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
198 return NT_STATUS_INVALID_PARAMETER;
201 start_of_name_component = False;
209 /****************************************************************************
210 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
211 No wildcards allowed.
212 ****************************************************************************/
214 NTSTATUS check_path_syntax(char *path)
217 return check_path_syntax_internal(path, False, &ignore);
220 /****************************************************************************
221 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
222 Wildcards allowed - p_contains_wcard returns true if the last component contained
224 ****************************************************************************/
226 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
228 return check_path_syntax_internal(path, False, p_contains_wcard);
231 /****************************************************************************
232 Check the path for a POSIX client.
233 We're assuming here that '/' is not the second byte in any multibyte char
234 set (a safe assumption).
235 ****************************************************************************/
237 NTSTATUS check_path_syntax_posix(char *path)
240 return check_path_syntax_internal(path, True, &ignore);
243 /****************************************************************************
244 Pull a string and check the path allowing a wilcard - provide for error return.
245 ****************************************************************************/
247 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
248 const char *base_ptr,
255 bool *contains_wcard)
261 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
265 *err = NT_STATUS_INVALID_PARAMETER;
269 *contains_wcard = False;
271 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
273 * For a DFS path the function parse_dfs_path()
274 * will do the path processing, just make a copy.
280 if (lp_posix_pathnames()) {
281 *err = check_path_syntax_posix(*pp_dest);
283 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
289 /****************************************************************************
290 Pull a string and check the path - provide for error return.
291 ****************************************************************************/
293 size_t srvstr_get_path(TALLOC_CTX *ctx,
294 const char *base_ptr,
303 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
304 src_len, flags, err, &ignore);
307 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
308 char **pp_dest, const char *src, int flags,
309 NTSTATUS *err, bool *contains_wcard)
311 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
312 pp_dest, src, smbreq_bufrem(req, src),
313 flags, err, contains_wcard);
316 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
317 char **pp_dest, const char *src, int flags,
321 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
322 flags, err, &ignore);
325 /****************************************************************************
326 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
327 ****************************************************************************/
329 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
332 if ((fsp == NULL) || (conn == NULL)) {
333 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) {
337 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
343 /****************************************************************************
344 Check if we have a correct fsp pointing to a file.
345 ****************************************************************************/
347 bool check_fsp(connection_struct *conn, struct smb_request *req,
350 if (!check_fsp_open(conn, req, fsp)) {
353 if (fsp->is_directory) {
354 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
357 if (fsp->fh->fd == -1) {
358 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
361 fsp->num_smb_operations++;
365 /****************************************************************************
366 Check if we have a correct fsp pointing to a quota fake file. Replacement for
367 the CHECK_NTQUOTA_HANDLE_OK macro.
368 ****************************************************************************/
370 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
373 if (!check_fsp_open(conn, req, fsp)) {
377 if (fsp->is_directory) {
381 if (fsp->fake_file_handle == NULL) {
385 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
389 if (fsp->fake_file_handle->private_data == NULL) {
396 static bool netbios_session_retarget(struct smbd_server_connection *sconn,
397 const char *name, int name_type)
400 char *trim_name_type;
401 const char *retarget_parm;
404 int retarget_type = 0x20;
405 int retarget_port = 139;
406 struct sockaddr_storage retarget_addr;
407 struct sockaddr_in *in_addr;
411 if (get_socket_port(sconn->sock) != 139) {
415 trim_name = talloc_strdup(talloc_tos(), name);
416 if (trim_name == NULL) {
419 trim_char(trim_name, ' ', ' ');
421 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
423 if (trim_name_type == NULL) {
427 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
428 trim_name_type, NULL);
429 if (retarget_parm == NULL) {
430 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
433 if (retarget_parm == NULL) {
437 retarget = talloc_strdup(trim_name, retarget_parm);
438 if (retarget == NULL) {
442 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
444 p = strchr(retarget, ':');
447 retarget_port = atoi(p);
450 p = strchr_m(retarget, '#');
453 sscanf(p, "%x", &retarget_type);
456 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
458 DEBUG(10, ("could not resolve %s\n", retarget));
462 if (retarget_addr.ss_family != AF_INET) {
463 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
467 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
469 _smb_setlen(outbuf, 6);
470 SCVAL(outbuf, 0, 0x84);
471 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
472 *(uint16_t *)(outbuf+8) = htons(retarget_port);
474 if (!srv_send_smb(sconn, (char *)outbuf, false, 0, false,
476 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
482 TALLOC_FREE(trim_name);
486 /****************************************************************************
487 Reply to a (netbios-level) special message.
488 ****************************************************************************/
490 void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inbuf_size)
492 int msg_type = CVAL(inbuf,0);
493 int msg_flags = CVAL(inbuf,1);
495 * We only really use 4 bytes of the outbuf, but for the smb_setlen
496 * calculation & friends (srv_send_smb uses that) we need the full smb
499 char outbuf[smb_size];
501 memset(outbuf, '\0', sizeof(outbuf));
503 smb_setlen(outbuf,0);
506 case 0x81: /* session request */
508 /* inbuf_size is guarenteed to be at least 4. */
510 int name_type1, name_type2;
511 int name_len1, name_len2;
515 if (sconn->nbt.got_session) {
516 exit_server_cleanly("multiple session request not permitted");
519 SCVAL(outbuf,0,0x82);
522 /* inbuf_size is guaranteed to be at least 4. */
523 name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
524 if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
525 DEBUG(0,("Invalid name length in session request\n"));
528 name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
529 if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
530 DEBUG(0,("Invalid name length in session request\n"));
534 name_type1 = name_extract((unsigned char *)inbuf,
535 inbuf_size,(unsigned int)4,name1);
536 name_type2 = name_extract((unsigned char *)inbuf,
537 inbuf_size,(unsigned int)(4 + name_len1),name2);
539 if (name_type1 == -1 || name_type2 == -1) {
540 DEBUG(0,("Invalid name type in session request\n"));
544 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
545 name1, name_type1, name2, name_type2));
547 if (netbios_session_retarget(sconn, name1, name_type1)) {
548 exit_server_cleanly("retargeted client");
552 * Windows NT/2k uses "*SMBSERVER" and XP uses
553 * "*SMBSERV" arrggg!!!
555 if (strequal(name1, "*SMBSERVER ")
556 || strequal(name1, "*SMBSERV ")) {
557 fstrcpy(name1, sconn->client_id.addr);
560 set_local_machine_name(name1, True);
561 set_remote_machine_name(name2, True);
563 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
564 get_local_machine_name(), get_remote_machine_name(),
567 if (name_type2 == 'R') {
568 /* We are being asked for a pathworks session ---
570 SCVAL(outbuf, 0,0x83);
574 /* only add the client's machine name to the list
575 of possibly valid usernames if we are operating
576 in share mode security */
577 if (lp_security() == SEC_SHARE) {
578 add_session_user(sconn, get_remote_machine_name());
581 reload_services(sconn->msg_ctx, sconn->sock, True);
584 sconn->nbt.got_session = true;
588 case 0x89: /* session keepalive request
589 (some old clients produce this?) */
590 SCVAL(outbuf,0,SMBkeepalive);
594 case 0x82: /* positive session response */
595 case 0x83: /* negative session response */
596 case 0x84: /* retarget session response */
597 DEBUG(0,("Unexpected session response\n"));
600 case SMBkeepalive: /* session keepalive */
605 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
606 msg_type, msg_flags));
608 srv_send_smb(sconn, outbuf, false, 0, false, NULL);
612 /****************************************************************************
614 conn POINTER CAN BE NULL HERE !
615 ****************************************************************************/
617 void reply_tcon(struct smb_request *req)
619 connection_struct *conn = req->conn;
621 char *service_buf = NULL;
622 char *password = NULL;
627 DATA_BLOB password_blob;
628 TALLOC_CTX *ctx = talloc_tos();
629 struct smbd_server_connection *sconn = req->sconn;
631 START_PROFILE(SMBtcon);
633 if (req->buflen < 4) {
634 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
635 END_PROFILE(SMBtcon);
639 p = (const char *)req->buf + 1;
640 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
642 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
644 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
647 if (service_buf == NULL || password == NULL || dev == NULL) {
648 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
649 END_PROFILE(SMBtcon);
652 p = strrchr_m(service_buf,'\\');
656 service = service_buf;
659 password_blob = data_blob(password, pwlen+1);
661 conn = make_connection(sconn,service,password_blob,dev,
662 req->vuid,&nt_status);
665 data_blob_clear_free(&password_blob);
668 reply_nterror(req, nt_status);
669 END_PROFILE(SMBtcon);
673 reply_outbuf(req, 2, 0);
674 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
675 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
676 SSVAL(req->outbuf,smb_tid,conn->cnum);
678 DEBUG(3,("tcon service=%s cnum=%d\n",
679 service, conn->cnum));
681 END_PROFILE(SMBtcon);
685 /****************************************************************************
686 Reply to a tcon and X.
687 conn POINTER CAN BE NULL HERE !
688 ****************************************************************************/
690 void reply_tcon_and_X(struct smb_request *req)
692 connection_struct *conn = req->conn;
693 const char *service = NULL;
695 TALLOC_CTX *ctx = talloc_tos();
696 /* what the cleint thinks the device is */
697 char *client_devicetype = NULL;
698 /* what the server tells the client the share represents */
699 const char *server_devicetype;
705 struct smbd_server_connection *sconn = req->sconn;
707 START_PROFILE(SMBtconX);
710 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
711 END_PROFILE(SMBtconX);
715 passlen = SVAL(req->vwv+3, 0);
716 tcon_flags = SVAL(req->vwv+2, 0);
718 /* we might have to close an old one */
719 if ((tcon_flags & 0x1) && conn) {
720 close_cnum(conn,req->vuid);
725 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
726 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
727 END_PROFILE(SMBtconX);
731 if (sconn->smb1.negprot.encrypted_passwords) {
732 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
733 if (lp_security() == SEC_SHARE) {
735 * Security = share always has a pad byte
736 * after the password.
738 p = (const char *)req->buf + passlen + 1;
740 p = (const char *)req->buf + passlen;
743 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
744 /* Ensure correct termination */
745 password.data[passlen]=0;
746 p = (const char *)req->buf + passlen + 1;
749 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
752 data_blob_clear_free(&password);
753 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
754 END_PROFILE(SMBtconX);
759 * the service name can be either: \\server\share
760 * or share directly like on the DELL PowerVault 705
763 q = strchr_m(path+2,'\\');
765 data_blob_clear_free(&password);
766 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
767 END_PROFILE(SMBtconX);
775 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
776 &client_devicetype, p,
777 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
779 if (client_devicetype == NULL) {
780 data_blob_clear_free(&password);
781 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
782 END_PROFILE(SMBtconX);
786 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
788 conn = make_connection(sconn, service, password, client_devicetype,
789 req->vuid, &nt_status);
792 data_blob_clear_free(&password);
795 reply_nterror(req, nt_status);
796 END_PROFILE(SMBtconX);
801 server_devicetype = "IPC";
802 else if ( IS_PRINT(conn) )
803 server_devicetype = "LPT1:";
805 server_devicetype = "A:";
807 if (get_Protocol() < PROTOCOL_NT1) {
808 reply_outbuf(req, 2, 0);
809 if (message_push_string(&req->outbuf, server_devicetype,
810 STR_TERMINATE|STR_ASCII) == -1) {
811 reply_nterror(req, NT_STATUS_NO_MEMORY);
812 END_PROFILE(SMBtconX);
816 /* NT sets the fstype of IPC$ to the null string */
817 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
819 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
820 /* Return permissions. */
824 reply_outbuf(req, 7, 0);
827 perm1 = FILE_ALL_ACCESS;
828 perm2 = FILE_ALL_ACCESS;
830 perm1 = CAN_WRITE(conn) ?
835 SIVAL(req->outbuf, smb_vwv3, perm1);
836 SIVAL(req->outbuf, smb_vwv5, perm2);
838 reply_outbuf(req, 3, 0);
841 if ((message_push_string(&req->outbuf, server_devicetype,
842 STR_TERMINATE|STR_ASCII) == -1)
843 || (message_push_string(&req->outbuf, fstype,
844 STR_TERMINATE) == -1)) {
845 reply_nterror(req, NT_STATUS_NO_MEMORY);
846 END_PROFILE(SMBtconX);
850 /* what does setting this bit do? It is set by NT4 and
851 may affect the ability to autorun mounted cdroms */
852 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
853 (lp_csc_policy(SNUM(conn)) << 2));
855 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
856 DEBUG(2,("Serving %s as a Dfs root\n",
857 lp_servicename(SNUM(conn)) ));
858 SSVAL(req->outbuf, smb_vwv2,
859 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
864 DEBUG(3,("tconX service=%s \n",
867 /* set the incoming and outgoing tid to the just created one */
868 SSVAL(req->inbuf,smb_tid,conn->cnum);
869 SSVAL(req->outbuf,smb_tid,conn->cnum);
871 END_PROFILE(SMBtconX);
873 req->tid = conn->cnum;
878 /****************************************************************************
879 Reply to an unknown type.
880 ****************************************************************************/
882 void reply_unknown_new(struct smb_request *req, uint8 type)
884 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
885 smb_fn_name(type), type, type));
886 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
890 /****************************************************************************
892 conn POINTER CAN BE NULL HERE !
893 ****************************************************************************/
895 void reply_ioctl(struct smb_request *req)
897 connection_struct *conn = req->conn;
904 START_PROFILE(SMBioctl);
907 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
908 END_PROFILE(SMBioctl);
912 device = SVAL(req->vwv+1, 0);
913 function = SVAL(req->vwv+2, 0);
914 ioctl_code = (device << 16) + function;
916 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
918 switch (ioctl_code) {
919 case IOCTL_QUERY_JOB_INFO:
923 reply_force_doserror(req, ERRSRV, ERRnosupport);
924 END_PROFILE(SMBioctl);
928 reply_outbuf(req, 8, replysize+1);
929 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
930 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
931 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
932 p = smb_buf(req->outbuf);
933 memset(p, '\0', replysize+1); /* valgrind-safe. */
934 p += 1; /* Allow for alignment */
936 switch (ioctl_code) {
937 case IOCTL_QUERY_JOB_INFO:
939 files_struct *fsp = file_fsp(
940 req, SVAL(req->vwv+0, 0));
942 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
943 END_PROFILE(SMBioctl);
947 if (fsp->print_file) {
948 SSVAL(p, 0, fsp->print_file->rap_jobid);
952 srvstr_push((char *)req->outbuf, req->flags2, p+2,
954 STR_TERMINATE|STR_ASCII);
956 srvstr_push((char *)req->outbuf, req->flags2,
957 p+18, lp_servicename(SNUM(conn)),
958 13, STR_TERMINATE|STR_ASCII);
966 END_PROFILE(SMBioctl);
970 /****************************************************************************
971 Strange checkpath NTSTATUS mapping.
972 ****************************************************************************/
974 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
976 /* Strange DOS error code semantics only for checkpath... */
977 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
978 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
979 /* We need to map to ERRbadpath */
980 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
986 /****************************************************************************
987 Reply to a checkpath.
988 ****************************************************************************/
990 void reply_checkpath(struct smb_request *req)
992 connection_struct *conn = req->conn;
993 struct smb_filename *smb_fname = NULL;
996 TALLOC_CTX *ctx = talloc_tos();
998 START_PROFILE(SMBcheckpath);
1000 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
1001 STR_TERMINATE, &status);
1003 if (!NT_STATUS_IS_OK(status)) {
1004 status = map_checkpath_error(req->flags2, status);
1005 reply_nterror(req, status);
1006 END_PROFILE(SMBcheckpath);
1010 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
1012 status = filename_convert(ctx,
1014 req->flags2 & FLAGS2_DFS_PATHNAMES,
1020 if (!NT_STATUS_IS_OK(status)) {
1021 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1022 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1023 ERRSRV, ERRbadpath);
1024 END_PROFILE(SMBcheckpath);
1030 if (!VALID_STAT(smb_fname->st) &&
1031 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1032 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1033 smb_fname_str_dbg(smb_fname), strerror(errno)));
1034 status = map_nt_error_from_unix(errno);
1038 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1039 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1040 ERRDOS, ERRbadpath);
1044 reply_outbuf(req, 0, 0);
1047 /* We special case this - as when a Windows machine
1048 is parsing a path is steps through the components
1049 one at a time - if a component fails it expects
1050 ERRbadpath, not ERRbadfile.
1052 status = map_checkpath_error(req->flags2, status);
1053 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1055 * Windows returns different error codes if
1056 * the parent directory is valid but not the
1057 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1058 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1059 * if the path is invalid.
1061 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1062 ERRDOS, ERRbadpath);
1066 reply_nterror(req, status);
1069 TALLOC_FREE(smb_fname);
1070 END_PROFILE(SMBcheckpath);
1074 /****************************************************************************
1076 ****************************************************************************/
1078 void reply_getatr(struct smb_request *req)
1080 connection_struct *conn = req->conn;
1081 struct smb_filename *smb_fname = NULL;
1088 TALLOC_CTX *ctx = talloc_tos();
1089 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1091 START_PROFILE(SMBgetatr);
1093 p = (const char *)req->buf + 1;
1094 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1095 if (!NT_STATUS_IS_OK(status)) {
1096 reply_nterror(req, status);
1100 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1101 under WfWg - weird! */
1102 if (*fname == '\0') {
1103 mode = aHIDDEN | aDIR;
1104 if (!CAN_WRITE(conn)) {
1110 status = filename_convert(ctx,
1112 req->flags2 & FLAGS2_DFS_PATHNAMES,
1117 if (!NT_STATUS_IS_OK(status)) {
1118 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1119 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1120 ERRSRV, ERRbadpath);
1123 reply_nterror(req, status);
1126 if (!VALID_STAT(smb_fname->st) &&
1127 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1128 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1129 smb_fname_str_dbg(smb_fname),
1131 reply_nterror(req, map_nt_error_from_unix(errno));
1135 mode = dos_mode(conn, smb_fname);
1136 size = smb_fname->st.st_ex_size;
1138 if (ask_sharemode) {
1139 struct timespec write_time_ts;
1140 struct file_id fileid;
1142 ZERO_STRUCT(write_time_ts);
1143 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1144 get_file_infos(fileid, NULL, &write_time_ts);
1145 if (!null_timespec(write_time_ts)) {
1146 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1150 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1156 reply_outbuf(req, 10, 0);
1158 SSVAL(req->outbuf,smb_vwv0,mode);
1159 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1160 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1162 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1164 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1166 if (get_Protocol() >= PROTOCOL_NT1) {
1167 SSVAL(req->outbuf, smb_flg2,
1168 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1171 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1172 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1175 TALLOC_FREE(smb_fname);
1177 END_PROFILE(SMBgetatr);
1181 /****************************************************************************
1183 ****************************************************************************/
1185 void reply_setatr(struct smb_request *req)
1187 struct smb_file_time ft;
1188 connection_struct *conn = req->conn;
1189 struct smb_filename *smb_fname = NULL;
1195 TALLOC_CTX *ctx = talloc_tos();
1197 START_PROFILE(SMBsetatr);
1202 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1206 p = (const char *)req->buf + 1;
1207 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1208 if (!NT_STATUS_IS_OK(status)) {
1209 reply_nterror(req, status);
1213 status = filename_convert(ctx,
1215 req->flags2 & FLAGS2_DFS_PATHNAMES,
1220 if (!NT_STATUS_IS_OK(status)) {
1221 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1222 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1223 ERRSRV, ERRbadpath);
1226 reply_nterror(req, status);
1230 if (smb_fname->base_name[0] == '.' &&
1231 smb_fname->base_name[1] == '\0') {
1233 * Not sure here is the right place to catch this
1234 * condition. Might be moved to somewhere else later -- vl
1236 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1240 mode = SVAL(req->vwv+0, 0);
1241 mtime = srv_make_unix_date3(req->vwv+1);
1243 ft.mtime = convert_time_t_to_timespec(mtime);
1244 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1245 if (!NT_STATUS_IS_OK(status)) {
1246 reply_nterror(req, status);
1250 if (mode != FILE_ATTRIBUTE_NORMAL) {
1251 if (VALID_STAT_OF_DIR(smb_fname->st))
1256 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1258 reply_nterror(req, map_nt_error_from_unix(errno));
1263 reply_outbuf(req, 0, 0);
1265 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1268 TALLOC_FREE(smb_fname);
1269 END_PROFILE(SMBsetatr);
1273 /****************************************************************************
1275 ****************************************************************************/
1277 void reply_dskattr(struct smb_request *req)
1279 connection_struct *conn = req->conn;
1280 uint64_t dfree,dsize,bsize;
1281 START_PROFILE(SMBdskattr);
1283 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1284 reply_nterror(req, map_nt_error_from_unix(errno));
1285 END_PROFILE(SMBdskattr);
1289 reply_outbuf(req, 5, 0);
1291 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1292 double total_space, free_space;
1293 /* we need to scale this to a number that DOS6 can handle. We
1294 use floating point so we can handle large drives on systems
1295 that don't have 64 bit integers
1297 we end up displaying a maximum of 2G to DOS systems
1299 total_space = dsize * (double)bsize;
1300 free_space = dfree * (double)bsize;
1302 dsize = (uint64_t)((total_space+63*512) / (64*512));
1303 dfree = (uint64_t)((free_space+63*512) / (64*512));
1305 if (dsize > 0xFFFF) dsize = 0xFFFF;
1306 if (dfree > 0xFFFF) dfree = 0xFFFF;
1308 SSVAL(req->outbuf,smb_vwv0,dsize);
1309 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1310 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1311 SSVAL(req->outbuf,smb_vwv3,dfree);
1313 SSVAL(req->outbuf,smb_vwv0,dsize);
1314 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1315 SSVAL(req->outbuf,smb_vwv2,512);
1316 SSVAL(req->outbuf,smb_vwv3,dfree);
1319 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1321 END_PROFILE(SMBdskattr);
1326 * Utility function to split the filename from the directory.
1328 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1329 char **fname_dir_out,
1330 char **fname_mask_out)
1332 const char *p = NULL;
1333 char *fname_dir = NULL;
1334 char *fname_mask = NULL;
1336 p = strrchr_m(fname_in, '/');
1338 fname_dir = talloc_strdup(ctx, ".");
1339 fname_mask = talloc_strdup(ctx, fname_in);
1341 fname_dir = talloc_strndup(ctx, fname_in,
1342 PTR_DIFF(p, fname_in));
1343 fname_mask = talloc_strdup(ctx, p+1);
1346 if (!fname_dir || !fname_mask) {
1347 TALLOC_FREE(fname_dir);
1348 TALLOC_FREE(fname_mask);
1349 return NT_STATUS_NO_MEMORY;
1352 *fname_dir_out = fname_dir;
1353 *fname_mask_out = fname_mask;
1354 return NT_STATUS_OK;
1357 /****************************************************************************
1359 Can be called from SMBsearch, SMBffirst or SMBfunique.
1360 ****************************************************************************/
1362 void reply_search(struct smb_request *req)
1364 connection_struct *conn = req->conn;
1366 const char *mask = NULL;
1367 char *directory = NULL;
1368 struct smb_filename *smb_fname = NULL;
1372 struct timespec date;
1374 unsigned int numentries = 0;
1375 unsigned int maxentries = 0;
1376 bool finished = False;
1381 bool check_descend = False;
1382 bool expect_close = False;
1384 bool mask_contains_wcard = False;
1385 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1386 TALLOC_CTX *ctx = talloc_tos();
1387 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1388 struct dptr_struct *dirptr = NULL;
1389 struct smbd_server_connection *sconn = req->sconn;
1391 START_PROFILE(SMBsearch);
1394 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1398 if (lp_posix_pathnames()) {
1399 reply_unknown_new(req, req->cmd);
1403 /* If we were called as SMBffirst then we must expect close. */
1404 if(req->cmd == SMBffirst) {
1405 expect_close = True;
1408 reply_outbuf(req, 1, 3);
1409 maxentries = SVAL(req->vwv+0, 0);
1410 dirtype = SVAL(req->vwv+1, 0);
1411 p = (const char *)req->buf + 1;
1412 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1413 &nt_status, &mask_contains_wcard);
1414 if (!NT_STATUS_IS_OK(nt_status)) {
1415 reply_nterror(req, nt_status);
1420 status_len = SVAL(p, 0);
1423 /* dirtype &= ~aDIR; */
1425 if (status_len == 0) {
1426 nt_status = filename_convert(ctx, conn,
1427 req->flags2 & FLAGS2_DFS_PATHNAMES,
1429 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1430 &mask_contains_wcard,
1432 if (!NT_STATUS_IS_OK(nt_status)) {
1433 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1434 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1435 ERRSRV, ERRbadpath);
1438 reply_nterror(req, nt_status);
1442 directory = smb_fname->base_name;
1444 p = strrchr_m(directory,'/');
1445 if ((p != NULL) && (*directory != '/')) {
1447 directory = talloc_strndup(ctx, directory,
1448 PTR_DIFF(p, directory));
1451 directory = talloc_strdup(ctx,".");
1455 reply_nterror(req, NT_STATUS_NO_MEMORY);
1459 memset((char *)status,'\0',21);
1460 SCVAL(status,0,(dirtype & 0x1F));
1462 nt_status = dptr_create(conn,
1468 mask_contains_wcard,
1471 if (!NT_STATUS_IS_OK(nt_status)) {
1472 reply_nterror(req, nt_status);
1475 dptr_num = dptr_dnum(dirptr);
1478 const char *dirpath;
1480 memcpy(status,p,21);
1481 status_dirtype = CVAL(status,0) & 0x1F;
1482 if (status_dirtype != (dirtype & 0x1F)) {
1483 dirtype = status_dirtype;
1486 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1490 dirpath = dptr_path(sconn, dptr_num);
1491 directory = talloc_strdup(ctx, dirpath);
1493 reply_nterror(req, NT_STATUS_NO_MEMORY);
1497 mask = dptr_wcard(sconn, dptr_num);
1502 * For a 'continue' search we have no string. So
1503 * check from the initial saved string.
1505 mask_contains_wcard = ms_has_wild(mask);
1506 dirtype = dptr_attr(sconn, dptr_num);
1509 DEBUG(4,("dptr_num is %d\n",dptr_num));
1511 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1512 dptr_init_search_op(dirptr);
1514 if ((dirtype&0x1F) == aVOLID) {
1515 char buf[DIR_STRUCT_SIZE];
1516 memcpy(buf,status,21);
1517 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1518 0,aVOLID,0,!allow_long_path_components)) {
1519 reply_nterror(req, NT_STATUS_NO_MEMORY);
1522 dptr_fill(sconn, buf+12,dptr_num);
1523 if (dptr_zero(buf+12) && (status_len==0)) {
1528 if (message_push_blob(&req->outbuf,
1529 data_blob_const(buf, sizeof(buf)))
1531 reply_nterror(req, NT_STATUS_NO_MEMORY);
1539 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1542 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1543 directory,lp_dontdescend(SNUM(conn))));
1544 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1545 check_descend = True;
1548 for (i=numentries;(i<maxentries) && !finished;i++) {
1549 finished = !get_dir_entry(ctx,
1560 char buf[DIR_STRUCT_SIZE];
1561 memcpy(buf,status,21);
1562 if (!make_dir_struct(ctx,
1568 convert_timespec_to_time_t(date),
1569 !allow_long_path_components)) {
1570 reply_nterror(req, NT_STATUS_NO_MEMORY);
1573 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1576 if (message_push_blob(&req->outbuf,
1577 data_blob_const(buf, sizeof(buf)))
1579 reply_nterror(req, NT_STATUS_NO_MEMORY);
1589 /* If we were called as SMBffirst with smb_search_id == NULL
1590 and no entries were found then return error and close dirptr
1593 if (numentries == 0) {
1594 dptr_close(sconn, &dptr_num);
1595 } else if(expect_close && status_len == 0) {
1596 /* Close the dptr - we know it's gone */
1597 dptr_close(sconn, &dptr_num);
1600 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1601 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1602 dptr_close(sconn, &dptr_num);
1605 if ((numentries == 0) && !mask_contains_wcard) {
1606 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1610 SSVAL(req->outbuf,smb_vwv0,numentries);
1611 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1612 SCVAL(smb_buf(req->outbuf),0,5);
1613 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1615 /* The replies here are never long name. */
1616 SSVAL(req->outbuf, smb_flg2,
1617 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1618 if (!allow_long_path_components) {
1619 SSVAL(req->outbuf, smb_flg2,
1620 SVAL(req->outbuf, smb_flg2)
1621 & (~FLAGS2_LONG_PATH_COMPONENTS));
1624 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1625 SSVAL(req->outbuf, smb_flg2,
1626 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1628 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1629 smb_fn_name(req->cmd),
1636 TALLOC_FREE(directory);
1637 TALLOC_FREE(smb_fname);
1638 END_PROFILE(SMBsearch);
1642 /****************************************************************************
1643 Reply to a fclose (stop directory search).
1644 ****************************************************************************/
1646 void reply_fclose(struct smb_request *req)
1654 bool path_contains_wcard = False;
1655 TALLOC_CTX *ctx = talloc_tos();
1656 struct smbd_server_connection *sconn = req->sconn;
1658 START_PROFILE(SMBfclose);
1660 if (lp_posix_pathnames()) {
1661 reply_unknown_new(req, req->cmd);
1662 END_PROFILE(SMBfclose);
1666 p = (const char *)req->buf + 1;
1667 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1668 &err, &path_contains_wcard);
1669 if (!NT_STATUS_IS_OK(err)) {
1670 reply_nterror(req, err);
1671 END_PROFILE(SMBfclose);
1675 status_len = SVAL(p,0);
1678 if (status_len == 0) {
1679 reply_force_doserror(req, ERRSRV, ERRsrverror);
1680 END_PROFILE(SMBfclose);
1684 memcpy(status,p,21);
1686 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1687 /* Close the dptr - we know it's gone */
1688 dptr_close(sconn, &dptr_num);
1691 reply_outbuf(req, 1, 0);
1692 SSVAL(req->outbuf,smb_vwv0,0);
1694 DEBUG(3,("search close\n"));
1696 END_PROFILE(SMBfclose);
1700 /****************************************************************************
1702 ****************************************************************************/
1704 void reply_open(struct smb_request *req)
1706 connection_struct *conn = req->conn;
1707 struct smb_filename *smb_fname = NULL;
1719 uint32 create_disposition;
1720 uint32 create_options = 0;
1721 uint32_t private_flags = 0;
1723 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1724 TALLOC_CTX *ctx = talloc_tos();
1726 START_PROFILE(SMBopen);
1729 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1733 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1734 deny_mode = SVAL(req->vwv+0, 0);
1735 dos_attr = SVAL(req->vwv+1, 0);
1737 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1738 STR_TERMINATE, &status);
1739 if (!NT_STATUS_IS_OK(status)) {
1740 reply_nterror(req, status);
1744 status = filename_convert(ctx,
1746 req->flags2 & FLAGS2_DFS_PATHNAMES,
1751 if (!NT_STATUS_IS_OK(status)) {
1752 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1753 reply_botherror(req,
1754 NT_STATUS_PATH_NOT_COVERED,
1755 ERRSRV, ERRbadpath);
1758 reply_nterror(req, status);
1762 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1763 OPENX_FILE_EXISTS_OPEN, &access_mask,
1764 &share_mode, &create_disposition,
1765 &create_options, &private_flags)) {
1766 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1770 status = SMB_VFS_CREATE_FILE(
1773 0, /* root_dir_fid */
1774 smb_fname, /* fname */
1775 access_mask, /* access_mask */
1776 share_mode, /* share_access */
1777 create_disposition, /* create_disposition*/
1778 create_options, /* create_options */
1779 dos_attr, /* file_attributes */
1780 oplock_request, /* oplock_request */
1781 0, /* allocation_size */
1788 if (!NT_STATUS_IS_OK(status)) {
1789 if (open_was_deferred(req->mid)) {
1790 /* We have re-scheduled this call. */
1793 reply_openerror(req, status);
1797 size = smb_fname->st.st_ex_size;
1798 fattr = dos_mode(conn, smb_fname);
1800 /* Deal with other possible opens having a modified
1802 if (ask_sharemode) {
1803 struct timespec write_time_ts;
1805 ZERO_STRUCT(write_time_ts);
1806 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1807 if (!null_timespec(write_time_ts)) {
1808 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1812 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1815 DEBUG(3,("attempt to open a directory %s\n",
1817 close_file(req, fsp, ERROR_CLOSE);
1818 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1819 ERRDOS, ERRnoaccess);
1823 reply_outbuf(req, 7, 0);
1824 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1825 SSVAL(req->outbuf,smb_vwv1,fattr);
1826 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1827 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1829 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1831 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1832 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1834 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1835 SCVAL(req->outbuf,smb_flg,
1836 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1839 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1840 SCVAL(req->outbuf,smb_flg,
1841 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1844 TALLOC_FREE(smb_fname);
1845 END_PROFILE(SMBopen);
1849 /****************************************************************************
1850 Reply to an open and X.
1851 ****************************************************************************/
1853 void reply_open_and_X(struct smb_request *req)
1855 connection_struct *conn = req->conn;
1856 struct smb_filename *smb_fname = NULL;
1861 /* Breakout the oplock request bits so we can set the
1862 reply bits separately. */
1863 int ex_oplock_request;
1864 int core_oplock_request;
1867 int smb_sattr = SVAL(req->vwv+4, 0);
1868 uint32 smb_time = make_unix_date3(req->vwv+6);
1876 uint64_t allocation_size;
1877 ssize_t retval = -1;
1880 uint32 create_disposition;
1881 uint32 create_options = 0;
1882 uint32_t private_flags = 0;
1883 TALLOC_CTX *ctx = talloc_tos();
1885 START_PROFILE(SMBopenX);
1887 if (req->wct < 15) {
1888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1892 open_flags = SVAL(req->vwv+2, 0);
1893 deny_mode = SVAL(req->vwv+3, 0);
1894 smb_attr = SVAL(req->vwv+5, 0);
1895 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1896 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1897 oplock_request = ex_oplock_request | core_oplock_request;
1898 smb_ofun = SVAL(req->vwv+8, 0);
1899 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1901 /* If it's an IPC, pass off the pipe handler. */
1903 if (lp_nt_pipe_support()) {
1904 reply_open_pipe_and_X(conn, req);
1906 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1911 /* XXXX we need to handle passed times, sattr and flags */
1912 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1913 STR_TERMINATE, &status);
1914 if (!NT_STATUS_IS_OK(status)) {
1915 reply_nterror(req, status);
1919 status = filename_convert(ctx,
1921 req->flags2 & FLAGS2_DFS_PATHNAMES,
1926 if (!NT_STATUS_IS_OK(status)) {
1927 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1928 reply_botherror(req,
1929 NT_STATUS_PATH_NOT_COVERED,
1930 ERRSRV, ERRbadpath);
1933 reply_nterror(req, status);
1937 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1938 &access_mask, &share_mode,
1939 &create_disposition,
1942 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1946 status = SMB_VFS_CREATE_FILE(
1949 0, /* root_dir_fid */
1950 smb_fname, /* fname */
1951 access_mask, /* access_mask */
1952 share_mode, /* share_access */
1953 create_disposition, /* create_disposition*/
1954 create_options, /* create_options */
1955 smb_attr, /* file_attributes */
1956 oplock_request, /* oplock_request */
1957 0, /* allocation_size */
1962 &smb_action); /* pinfo */
1964 if (!NT_STATUS_IS_OK(status)) {
1965 if (open_was_deferred(req->mid)) {
1966 /* We have re-scheduled this call. */
1969 reply_openerror(req, status);
1973 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1974 if the file is truncated or created. */
1975 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1976 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1977 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1978 close_file(req, fsp, ERROR_CLOSE);
1979 reply_nterror(req, NT_STATUS_DISK_FULL);
1982 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1984 close_file(req, fsp, ERROR_CLOSE);
1985 reply_nterror(req, NT_STATUS_DISK_FULL);
1988 smb_fname->st.st_ex_size =
1989 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1992 fattr = dos_mode(conn, smb_fname);
1993 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1995 close_file(req, fsp, ERROR_CLOSE);
1996 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2000 /* If the caller set the extended oplock request bit
2001 and we granted one (by whatever means) - set the
2002 correct bit for extended oplock reply.
2005 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2006 smb_action |= EXTENDED_OPLOCK_GRANTED;
2009 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2010 smb_action |= EXTENDED_OPLOCK_GRANTED;
2013 /* If the caller set the core oplock request bit
2014 and we granted one (by whatever means) - set the
2015 correct bit for core oplock reply.
2018 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2019 reply_outbuf(req, 19, 0);
2021 reply_outbuf(req, 15, 0);
2024 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2025 SCVAL(req->outbuf, smb_flg,
2026 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2029 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2030 SCVAL(req->outbuf, smb_flg,
2031 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2034 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2035 SSVAL(req->outbuf,smb_vwv3,fattr);
2036 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2037 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2039 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2041 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2042 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2043 SSVAL(req->outbuf,smb_vwv11,smb_action);
2045 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2046 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2051 TALLOC_FREE(smb_fname);
2052 END_PROFILE(SMBopenX);
2056 /****************************************************************************
2057 Reply to a SMBulogoffX.
2058 ****************************************************************************/
2060 void reply_ulogoffX(struct smb_request *req)
2062 struct smbd_server_connection *sconn = req->sconn;
2065 START_PROFILE(SMBulogoffX);
2067 vuser = get_valid_user_struct(sconn, req->vuid);
2070 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2074 /* in user level security we are supposed to close any files
2075 open by this user */
2076 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2077 file_close_user(sconn, req->vuid);
2080 invalidate_vuid(sconn, req->vuid);
2082 reply_outbuf(req, 2, 0);
2084 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2086 END_PROFILE(SMBulogoffX);
2087 req->vuid = UID_FIELD_INVALID;
2091 /****************************************************************************
2092 Reply to a mknew or a create.
2093 ****************************************************************************/
2095 void reply_mknew(struct smb_request *req)
2097 connection_struct *conn = req->conn;
2098 struct smb_filename *smb_fname = NULL;
2101 struct smb_file_time ft;
2103 int oplock_request = 0;
2105 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2106 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2107 uint32 create_disposition;
2108 uint32 create_options = 0;
2109 TALLOC_CTX *ctx = talloc_tos();
2111 START_PROFILE(SMBcreate);
2115 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2119 fattr = SVAL(req->vwv+0, 0);
2120 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2123 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2125 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2126 STR_TERMINATE, &status);
2127 if (!NT_STATUS_IS_OK(status)) {
2128 reply_nterror(req, status);
2132 status = filename_convert(ctx,
2134 req->flags2 & FLAGS2_DFS_PATHNAMES,
2139 if (!NT_STATUS_IS_OK(status)) {
2140 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2141 reply_botherror(req,
2142 NT_STATUS_PATH_NOT_COVERED,
2143 ERRSRV, ERRbadpath);
2146 reply_nterror(req, status);
2150 if (fattr & aVOLID) {
2151 DEBUG(0,("Attempt to create file (%s) with volid set - "
2152 "please report this\n",
2153 smb_fname_str_dbg(smb_fname)));
2156 if(req->cmd == SMBmknew) {
2157 /* We should fail if file exists. */
2158 create_disposition = FILE_CREATE;
2160 /* Create if file doesn't exist, truncate if it does. */
2161 create_disposition = FILE_OVERWRITE_IF;
2164 status = SMB_VFS_CREATE_FILE(
2167 0, /* root_dir_fid */
2168 smb_fname, /* fname */
2169 access_mask, /* access_mask */
2170 share_mode, /* share_access */
2171 create_disposition, /* create_disposition*/
2172 create_options, /* create_options */
2173 fattr, /* file_attributes */
2174 oplock_request, /* oplock_request */
2175 0, /* allocation_size */
2176 0, /* private_flags */
2182 if (!NT_STATUS_IS_OK(status)) {
2183 if (open_was_deferred(req->mid)) {
2184 /* We have re-scheduled this call. */
2187 reply_openerror(req, status);
2191 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2192 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2193 if (!NT_STATUS_IS_OK(status)) {
2194 END_PROFILE(SMBcreate);
2198 reply_outbuf(req, 1, 0);
2199 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2201 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2202 SCVAL(req->outbuf,smb_flg,
2203 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2206 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2207 SCVAL(req->outbuf,smb_flg,
2208 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2211 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2212 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2213 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2214 (unsigned int)fattr));
2217 TALLOC_FREE(smb_fname);
2218 END_PROFILE(SMBcreate);
2222 /****************************************************************************
2223 Reply to a create temporary file.
2224 ****************************************************************************/
2226 void reply_ctemp(struct smb_request *req)
2228 connection_struct *conn = req->conn;
2229 struct smb_filename *smb_fname = NULL;
2237 TALLOC_CTX *ctx = talloc_tos();
2239 START_PROFILE(SMBctemp);
2242 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2246 fattr = SVAL(req->vwv+0, 0);
2247 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2249 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2250 STR_TERMINATE, &status);
2251 if (!NT_STATUS_IS_OK(status)) {
2252 reply_nterror(req, status);
2256 fname = talloc_asprintf(ctx,
2260 fname = talloc_strdup(ctx, "TMXXXXXX");
2264 reply_nterror(req, NT_STATUS_NO_MEMORY);
2268 status = filename_convert(ctx, conn,
2269 req->flags2 & FLAGS2_DFS_PATHNAMES,
2274 if (!NT_STATUS_IS_OK(status)) {
2275 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2276 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2277 ERRSRV, ERRbadpath);
2280 reply_nterror(req, status);
2284 tmpfd = mkstemp(smb_fname->base_name);
2286 reply_nterror(req, map_nt_error_from_unix(errno));
2290 SMB_VFS_STAT(conn, smb_fname);
2292 /* We should fail if file does not exist. */
2293 status = SMB_VFS_CREATE_FILE(
2296 0, /* root_dir_fid */
2297 smb_fname, /* fname */
2298 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2299 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2300 FILE_OPEN, /* create_disposition*/
2301 0, /* create_options */
2302 fattr, /* file_attributes */
2303 oplock_request, /* oplock_request */
2304 0, /* allocation_size */
2305 0, /* private_flags */
2311 /* close fd from mkstemp() */
2314 if (!NT_STATUS_IS_OK(status)) {
2315 if (open_was_deferred(req->mid)) {
2316 /* We have re-scheduled this call. */
2319 reply_openerror(req, status);
2323 reply_outbuf(req, 1, 0);
2324 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2326 /* the returned filename is relative to the directory */
2327 s = strrchr_m(fsp->fsp_name->base_name, '/');
2329 s = fsp->fsp_name->base_name;
2335 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2336 thing in the byte section. JRA */
2337 SSVALS(p, 0, -1); /* what is this? not in spec */
2339 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2341 reply_nterror(req, NT_STATUS_NO_MEMORY);
2345 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2346 SCVAL(req->outbuf, smb_flg,
2347 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2350 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2351 SCVAL(req->outbuf, smb_flg,
2352 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2355 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2356 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2357 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2359 TALLOC_FREE(smb_fname);
2360 END_PROFILE(SMBctemp);
2364 /*******************************************************************
2365 Check if a user is allowed to rename a file.
2366 ********************************************************************/
2368 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2373 if (!CAN_WRITE(conn)) {
2374 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2377 fmode = dos_mode(conn, fsp->fsp_name);
2378 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2379 return NT_STATUS_NO_SUCH_FILE;
2382 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2383 if (fsp->posix_open) {
2384 return NT_STATUS_OK;
2387 /* If no pathnames are open below this
2388 directory, allow the rename. */
2390 if (file_find_subpath(fsp)) {
2391 return NT_STATUS_ACCESS_DENIED;
2393 return NT_STATUS_OK;
2396 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2397 return NT_STATUS_OK;
2400 return NT_STATUS_ACCESS_DENIED;
2403 /*******************************************************************
2404 * unlink a file with all relevant access checks
2405 *******************************************************************/
2407 static NTSTATUS do_unlink(connection_struct *conn,
2408 struct smb_request *req,
2409 struct smb_filename *smb_fname,
2414 uint32 dirtype_orig = dirtype;
2417 bool posix_paths = lp_posix_pathnames();
2419 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2420 smb_fname_str_dbg(smb_fname),
2423 if (!CAN_WRITE(conn)) {
2424 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2428 ret = SMB_VFS_LSTAT(conn, smb_fname);
2430 ret = SMB_VFS_STAT(conn, smb_fname);
2433 return map_nt_error_from_unix(errno);
2436 fattr = dos_mode(conn, smb_fname);
2438 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2439 dirtype = aDIR|aARCH|aRONLY;
2442 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2444 return NT_STATUS_NO_SUCH_FILE;
2447 if (!dir_check_ftype(conn, fattr, dirtype)) {
2449 return NT_STATUS_FILE_IS_A_DIRECTORY;
2451 return NT_STATUS_NO_SUCH_FILE;
2454 if (dirtype_orig & 0x8000) {
2455 /* These will never be set for POSIX. */
2456 return NT_STATUS_NO_SUCH_FILE;
2460 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2461 return NT_STATUS_FILE_IS_A_DIRECTORY;
2464 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2465 return NT_STATUS_NO_SUCH_FILE;
2468 if (dirtype & 0xFF00) {
2469 /* These will never be set for POSIX. */
2470 return NT_STATUS_NO_SUCH_FILE;
2475 return NT_STATUS_NO_SUCH_FILE;
2478 /* Can't delete a directory. */
2480 return NT_STATUS_FILE_IS_A_DIRECTORY;
2485 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2486 return NT_STATUS_OBJECT_NAME_INVALID;
2487 #endif /* JRATEST */
2489 /* On open checks the open itself will check the share mode, so
2490 don't do it here as we'll get it wrong. */
2492 status = SMB_VFS_CREATE_FILE
2495 0, /* root_dir_fid */
2496 smb_fname, /* fname */
2497 DELETE_ACCESS, /* access_mask */
2498 FILE_SHARE_NONE, /* share_access */
2499 FILE_OPEN, /* create_disposition*/
2500 FILE_NON_DIRECTORY_FILE, /* create_options */
2501 /* file_attributes */
2502 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2503 FILE_ATTRIBUTE_NORMAL,
2504 0, /* oplock_request */
2505 0, /* allocation_size */
2506 0, /* private_flags */
2512 if (!NT_STATUS_IS_OK(status)) {
2513 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2514 nt_errstr(status)));
2518 status = can_set_delete_on_close(fsp, fattr);
2519 if (!NT_STATUS_IS_OK(status)) {
2520 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2522 smb_fname_str_dbg(smb_fname),
2523 nt_errstr(status)));
2524 close_file(req, fsp, NORMAL_CLOSE);
2528 /* The set is across all open files on this dev/inode pair. */
2529 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2530 close_file(req, fsp, NORMAL_CLOSE);
2531 return NT_STATUS_ACCESS_DENIED;
2534 return close_file(req, fsp, NORMAL_CLOSE);
2537 /****************************************************************************
2538 The guts of the unlink command, split out so it may be called by the NT SMB
2540 ****************************************************************************/
2542 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2543 uint32 dirtype, struct smb_filename *smb_fname,
2546 char *fname_dir = NULL;
2547 char *fname_mask = NULL;
2549 NTSTATUS status = NT_STATUS_OK;
2550 TALLOC_CTX *ctx = talloc_tos();
2552 /* Split up the directory from the filename/mask. */
2553 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2554 &fname_dir, &fname_mask);
2555 if (!NT_STATUS_IS_OK(status)) {
2560 * We should only check the mangled cache
2561 * here if unix_convert failed. This means
2562 * that the path in 'mask' doesn't exist
2563 * on the file system and so we need to look
2564 * for a possible mangle. This patch from
2565 * Tine Smukavec <valentin.smukavec@hermes.si>.
2568 if (!VALID_STAT(smb_fname->st) &&
2569 mangle_is_mangled(fname_mask, conn->params)) {
2570 char *new_mask = NULL;
2571 mangle_lookup_name_from_8_3(ctx, fname_mask,
2572 &new_mask, conn->params);
2574 TALLOC_FREE(fname_mask);
2575 fname_mask = new_mask;
2582 * Only one file needs to be unlinked. Append the mask back
2583 * onto the directory.
2585 TALLOC_FREE(smb_fname->base_name);
2586 smb_fname->base_name = talloc_asprintf(smb_fname,
2590 if (!smb_fname->base_name) {
2591 status = NT_STATUS_NO_MEMORY;
2595 dirtype = FILE_ATTRIBUTE_NORMAL;
2598 status = check_name(conn, smb_fname->base_name);
2599 if (!NT_STATUS_IS_OK(status)) {
2603 status = do_unlink(conn, req, smb_fname, dirtype);
2604 if (!NT_STATUS_IS_OK(status)) {
2610 struct smb_Dir *dir_hnd = NULL;
2612 const char *dname = NULL;
2613 char *talloced = NULL;
2615 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2616 status = NT_STATUS_OBJECT_NAME_INVALID;
2620 if (strequal(fname_mask,"????????.???")) {
2621 TALLOC_FREE(fname_mask);
2622 fname_mask = talloc_strdup(ctx, "*");
2624 status = NT_STATUS_NO_MEMORY;
2629 status = check_name(conn, fname_dir);
2630 if (!NT_STATUS_IS_OK(status)) {
2634 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2636 if (dir_hnd == NULL) {
2637 status = map_nt_error_from_unix(errno);
2641 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2642 the pattern matches against the long name, otherwise the short name
2643 We don't implement this yet XXXX
2646 status = NT_STATUS_NO_SUCH_FILE;
2648 while ((dname = ReadDirName(dir_hnd, &offset,
2649 &smb_fname->st, &talloced))) {
2650 TALLOC_CTX *frame = talloc_stackframe();
2652 if (!is_visible_file(conn, fname_dir, dname,
2653 &smb_fname->st, true)) {
2655 TALLOC_FREE(talloced);
2659 /* Quick check for "." and ".." */
2660 if (ISDOT(dname) || ISDOTDOT(dname)) {
2662 TALLOC_FREE(talloced);
2666 if(!mask_match(dname, fname_mask,
2667 conn->case_sensitive)) {
2669 TALLOC_FREE(talloced);
2673 TALLOC_FREE(smb_fname->base_name);
2674 smb_fname->base_name =
2675 talloc_asprintf(smb_fname, "%s/%s",
2678 if (!smb_fname->base_name) {
2679 TALLOC_FREE(dir_hnd);
2680 status = NT_STATUS_NO_MEMORY;
2682 TALLOC_FREE(talloced);
2686 status = check_name(conn, smb_fname->base_name);
2687 if (!NT_STATUS_IS_OK(status)) {
2688 TALLOC_FREE(dir_hnd);
2690 TALLOC_FREE(talloced);
2694 status = do_unlink(conn, req, smb_fname, dirtype);
2695 if (!NT_STATUS_IS_OK(status)) {
2697 TALLOC_FREE(talloced);
2702 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2703 smb_fname->base_name));
2706 TALLOC_FREE(talloced);
2708 TALLOC_FREE(dir_hnd);
2711 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2712 status = map_nt_error_from_unix(errno);
2716 TALLOC_FREE(fname_dir);
2717 TALLOC_FREE(fname_mask);
2721 /****************************************************************************
2723 ****************************************************************************/
2725 void reply_unlink(struct smb_request *req)
2727 connection_struct *conn = req->conn;
2729 struct smb_filename *smb_fname = NULL;
2732 bool path_contains_wcard = False;
2733 TALLOC_CTX *ctx = talloc_tos();
2735 START_PROFILE(SMBunlink);
2738 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2742 dirtype = SVAL(req->vwv+0, 0);
2744 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2745 STR_TERMINATE, &status,
2746 &path_contains_wcard);
2747 if (!NT_STATUS_IS_OK(status)) {
2748 reply_nterror(req, status);
2752 status = filename_convert(ctx, conn,
2753 req->flags2 & FLAGS2_DFS_PATHNAMES,
2755 UCF_COND_ALLOW_WCARD_LCOMP,
2756 &path_contains_wcard,
2758 if (!NT_STATUS_IS_OK(status)) {
2759 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2760 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2761 ERRSRV, ERRbadpath);
2764 reply_nterror(req, status);
2768 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2770 status = unlink_internals(conn, req, dirtype, smb_fname,
2771 path_contains_wcard);
2772 if (!NT_STATUS_IS_OK(status)) {
2773 if (open_was_deferred(req->mid)) {
2774 /* We have re-scheduled this call. */
2777 reply_nterror(req, status);
2781 reply_outbuf(req, 0, 0);
2783 TALLOC_FREE(smb_fname);
2784 END_PROFILE(SMBunlink);
2788 /****************************************************************************
2790 ****************************************************************************/
2792 static void fail_readraw(void)
2794 const char *errstr = talloc_asprintf(talloc_tos(),
2795 "FAIL ! reply_readbraw: socket write fail (%s)",
2800 exit_server_cleanly(errstr);
2803 /****************************************************************************
2804 Fake (read/write) sendfile. Returns -1 on read or write fail.
2805 ****************************************************************************/
2807 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2811 size_t tosend = nread;
2818 bufsize = MIN(nread, 65536);
2820 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2824 while (tosend > 0) {
2828 if (tosend > bufsize) {
2833 ret = read_file(fsp,buf,startpos,cur_read);
2839 /* If we had a short read, fill with zeros. */
2840 if (ret < cur_read) {
2841 memset(buf + ret, '\0', cur_read - ret);
2844 if (write_data(fsp->conn->sconn->sock, buf, cur_read)
2846 char addr[INET6_ADDRSTRLEN];
2848 * Try and give an error message saying what
2851 DEBUG(0, ("write_data failed for client %s. "
2853 get_peer_addr(fsp->conn->sconn->sock, addr,
2860 startpos += cur_read;
2864 return (ssize_t)nread;
2867 /****************************************************************************
2868 Deal with the case of sendfile reading less bytes from the file than
2869 requested. Fill with zeros (all we can do).
2870 ****************************************************************************/
2872 static void sendfile_short_send(files_struct *fsp,
2877 #define SHORT_SEND_BUFSIZE 1024
2878 if (nread < headersize) {
2879 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2880 "header for file %s (%s). Terminating\n",
2881 fsp_str_dbg(fsp), strerror(errno)));
2882 exit_server_cleanly("sendfile_short_send failed");
2885 nread -= headersize;
2887 if (nread < smb_maxcnt) {
2888 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2890 exit_server_cleanly("sendfile_short_send: "
2894 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2895 "with zeros !\n", fsp_str_dbg(fsp)));
2897 while (nread < smb_maxcnt) {
2899 * We asked for the real file size and told sendfile
2900 * to not go beyond the end of the file. But it can
2901 * happen that in between our fstat call and the
2902 * sendfile call the file was truncated. This is very
2903 * bad because we have already announced the larger
2904 * number of bytes to the client.
2906 * The best we can do now is to send 0-bytes, just as
2907 * a read from a hole in a sparse file would do.
2909 * This should happen rarely enough that I don't care
2910 * about efficiency here :-)
2914 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2915 if (write_data(fsp->conn->sconn->sock, buf, to_write)
2917 char addr[INET6_ADDRSTRLEN];
2919 * Try and give an error message saying what
2922 DEBUG(0, ("write_data failed for client %s. "
2925 fsp->conn->sconn->sock, addr,
2928 exit_server_cleanly("sendfile_short_send: "
2929 "write_data failed");
2937 /****************************************************************************
2938 Return a readbraw error (4 bytes of zero).
2939 ****************************************************************************/
2941 static void reply_readbraw_error(struct smbd_server_connection *sconn)
2947 smbd_lock_socket(sconn);
2948 if (write_data(sconn->sock,header,4) != 4) {
2949 char addr[INET6_ADDRSTRLEN];
2951 * Try and give an error message saying what
2954 DEBUG(0, ("write_data failed for client %s. "
2956 get_peer_addr(sconn->sock, addr, sizeof(addr)),
2961 smbd_unlock_socket(sconn);
2964 /****************************************************************************
2965 Use sendfile in readbraw.
2966 ****************************************************************************/
2968 static void send_file_readbraw(connection_struct *conn,
2969 struct smb_request *req,
2975 struct smbd_server_connection *sconn = req->sconn;
2976 char *outbuf = NULL;
2980 * We can only use sendfile on a non-chained packet
2981 * but we can use on a non-oplocked file. tridge proved this
2982 * on a train in Germany :-). JRA.
2983 * reply_readbraw has already checked the length.
2986 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2987 (fsp->wcp == NULL) &&
2988 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
2989 ssize_t sendfile_read = -1;
2991 DATA_BLOB header_blob;
2993 _smb_setlen(header,nread);
2994 header_blob = data_blob_const(header, 4);
2996 sendfile_read = SMB_VFS_SENDFILE(sconn->sock, fsp,
2997 &header_blob, startpos,
2999 if (sendfile_read == -1) {
3000 /* Returning ENOSYS means no data at all was sent.
3001 * Do this as a normal read. */
3002 if (errno == ENOSYS) {
3003 goto normal_readbraw;
3007 * Special hack for broken Linux with no working sendfile. If we
3008 * return EINTR we sent the header but not the rest of the data.
3009 * Fake this up by doing read/write calls.
3011 if (errno == EINTR) {
3012 /* Ensure we don't do this again. */
3013 set_use_sendfile(SNUM(conn), False);
3014 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
3016 if (fake_sendfile(fsp, startpos, nread) == -1) {
3017 DEBUG(0,("send_file_readbraw: "
3018 "fake_sendfile failed for "
3022 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
3027 DEBUG(0,("send_file_readbraw: sendfile failed for "
3028 "file %s (%s). Terminating\n",
3029 fsp_str_dbg(fsp), strerror(errno)));
3030 exit_server_cleanly("send_file_readbraw sendfile failed");
3031 } else if (sendfile_read == 0) {
3033 * Some sendfile implementations return 0 to indicate
3034 * that there was a short read, but nothing was
3035 * actually written to the socket. In this case,
3036 * fallback to the normal read path so the header gets
3037 * the correct byte count.
3039 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
3040 "bytes falling back to the normal read: "
3041 "%s\n", fsp_str_dbg(fsp)));
3042 goto normal_readbraw;
3045 /* Deal with possible short send. */
3046 if (sendfile_read != 4+nread) {
3047 sendfile_short_send(fsp, sendfile_read, 4, nread);
3054 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
3056 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
3057 (unsigned)(nread+4)));
3058 reply_readbraw_error(sconn);
3063 ret = read_file(fsp,outbuf+4,startpos,nread);
3064 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3073 _smb_setlen(outbuf,ret);
3074 if (write_data(sconn->sock, outbuf, 4+ret) != 4+ret) {
3075 char addr[INET6_ADDRSTRLEN];
3077 * Try and give an error message saying what
3080 DEBUG(0, ("write_data failed for client %s. "
3082 get_peer_addr(fsp->conn->sconn->sock, addr,
3089 TALLOC_FREE(outbuf);
3092 /****************************************************************************
3093 Reply to a readbraw (core+ protocol).
3094 ****************************************************************************/
3096 void reply_readbraw(struct smb_request *req)
3098 connection_struct *conn = req->conn;
3099 struct smbd_server_connection *sconn = req->sconn;
3100 ssize_t maxcount,mincount;
3104 struct lock_struct lock;
3107 START_PROFILE(SMBreadbraw);
3109 if (srv_is_signing_active(sconn) ||
3110 is_encrypted_packet(req->inbuf)) {
3111 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3112 "raw reads/writes are disallowed.");
3116 reply_readbraw_error(sconn);
3117 END_PROFILE(SMBreadbraw);
3121 if (sconn->smb1.echo_handler.trusted_fde) {
3122 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3123 "'async smb echo handler = yes'\n"));
3124 reply_readbraw_error(sconn);
3125 END_PROFILE(SMBreadbraw);
3130 * Special check if an oplock break has been issued
3131 * and the readraw request croses on the wire, we must
3132 * return a zero length response here.
3135 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3138 * We have to do a check_fsp by hand here, as
3139 * we must always return 4 zero bytes on error,
3143 if (!fsp || !conn || conn != fsp->conn ||
3144 req->vuid != fsp->vuid ||
3145 fsp->is_directory || fsp->fh->fd == -1) {
3147 * fsp could be NULL here so use the value from the packet. JRA.
3149 DEBUG(3,("reply_readbraw: fnum %d not valid "
3151 (int)SVAL(req->vwv+0, 0)));
3152 reply_readbraw_error(sconn);
3153 END_PROFILE(SMBreadbraw);
3157 /* Do a "by hand" version of CHECK_READ. */
3158 if (!(fsp->can_read ||
3159 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3160 (fsp->access_mask & FILE_EXECUTE)))) {
3161 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3162 (int)SVAL(req->vwv+0, 0)));
3163 reply_readbraw_error(sconn);
3164 END_PROFILE(SMBreadbraw);
3168 flush_write_cache(fsp, READRAW_FLUSH);
3170 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3171 if(req->wct == 10) {
3173 * This is a large offset (64 bit) read.
3175 #ifdef LARGE_SMB_OFF_T
3177 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3179 #else /* !LARGE_SMB_OFF_T */
3182 * Ensure we haven't been sent a >32 bit offset.
3185 if(IVAL(req->vwv+8, 0) != 0) {
3186 DEBUG(0,("reply_readbraw: large offset "
3187 "(%x << 32) used and we don't support "
3188 "64 bit offsets.\n",
3189 (unsigned int)IVAL(req->vwv+8, 0) ));
3190 reply_readbraw_error();
3191 END_PROFILE(SMBreadbraw);
3195 #endif /* LARGE_SMB_OFF_T */
3198 DEBUG(0,("reply_readbraw: negative 64 bit "
3199 "readraw offset (%.0f) !\n",
3200 (double)startpos ));
3201 reply_readbraw_error(sconn);
3202 END_PROFILE(SMBreadbraw);
3207 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3208 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3210 /* ensure we don't overrun the packet size */
3211 maxcount = MIN(65535,maxcount);
3213 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3214 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3217 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3218 reply_readbraw_error(sconn);
3219 END_PROFILE(SMBreadbraw);
3223 if (fsp_stat(fsp) == 0) {
3224 size = fsp->fsp_name->st.st_ex_size;
3227 if (startpos >= size) {
3230 nread = MIN(maxcount,(size - startpos));
3233 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3234 if (nread < mincount)
3238 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3239 "min=%lu nread=%lu\n",
3240 fsp->fnum, (double)startpos,
3241 (unsigned long)maxcount,
3242 (unsigned long)mincount,
3243 (unsigned long)nread ) );
3245 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3247 DEBUG(5,("reply_readbraw finished\n"));
3249 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3251 END_PROFILE(SMBreadbraw);
3256 #define DBGC_CLASS DBGC_LOCKING
3258 /****************************************************************************
3259 Reply to a lockread (core+ protocol).
3260 ****************************************************************************/
3262 void reply_lockread(struct smb_request *req)
3264 connection_struct *conn = req->conn;
3271 struct byte_range_lock *br_lck = NULL;
3273 struct smbd_server_connection *sconn = req->sconn;
3275 START_PROFILE(SMBlockread);
3278 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3279 END_PROFILE(SMBlockread);
3283 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3285 if (!check_fsp(conn, req, fsp)) {
3286 END_PROFILE(SMBlockread);
3290 if (!CHECK_READ(fsp,req)) {
3291 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3292 END_PROFILE(SMBlockread);
3296 numtoread = SVAL(req->vwv+1, 0);
3297 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3299 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3301 reply_outbuf(req, 5, numtoread + 3);
3303 data = smb_buf(req->outbuf) + 3;
3306 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3307 * protocol request that predates the read/write lock concept.
3308 * Thus instead of asking for a read lock here we need to ask
3309 * for a write lock. JRA.
3310 * Note that the requested lock size is unaffected by max_recv.
3313 br_lck = do_lock(req->sconn->msg_ctx,
3315 (uint64_t)req->smbpid,
3316 (uint64_t)numtoread,
3320 False, /* Non-blocking lock. */
3324 TALLOC_FREE(br_lck);
3326 if (NT_STATUS_V(status)) {
3327 reply_nterror(req, status);
3328 END_PROFILE(SMBlockread);
3333 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3336 if (numtoread > sconn->smb1.negprot.max_recv) {
3337 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3338 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3339 (unsigned int)numtoread,
3340 (unsigned int)sconn->smb1.negprot.max_recv));
3341 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3343 nread = read_file(fsp,data,startpos,numtoread);
3346 reply_nterror(req, map_nt_error_from_unix(errno));
3347 END_PROFILE(SMBlockread);
3351 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3353 SSVAL(req->outbuf,smb_vwv0,nread);
3354 SSVAL(req->outbuf,smb_vwv5,nread+3);
3355 p = smb_buf(req->outbuf);
3356 SCVAL(p,0,0); /* pad byte. */
3359 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3360 fsp->fnum, (int)numtoread, (int)nread));
3362 END_PROFILE(SMBlockread);
3367 #define DBGC_CLASS DBGC_ALL
3369 /****************************************************************************
3371 ****************************************************************************/
3373 void reply_read(struct smb_request *req)
3375 connection_struct *conn = req->conn;
3382 struct lock_struct lock;
3383 struct smbd_server_connection *sconn = req->sconn;
3385 START_PROFILE(SMBread);
3388 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3389 END_PROFILE(SMBread);
3393 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3395 if (!check_fsp(conn, req, fsp)) {
3396 END_PROFILE(SMBread);
3400 if (!CHECK_READ(fsp,req)) {
3401 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3402 END_PROFILE(SMBread);
3406 numtoread = SVAL(req->vwv+1, 0);
3407 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3409 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3412 * The requested read size cannot be greater than max_recv. JRA.
3414 if (numtoread > sconn->smb1.negprot.max_recv) {
3415 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3416 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3417 (unsigned int)numtoread,
3418 (unsigned int)sconn->smb1.negprot.max_recv));
3419 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3422 reply_outbuf(req, 5, numtoread+3);
3424 data = smb_buf(req->outbuf) + 3;
3426 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3427 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3430 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3431 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3432 END_PROFILE(SMBread);
3437 nread = read_file(fsp,data,startpos,numtoread);
3440 reply_nterror(req, map_nt_error_from_unix(errno));
3444 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3446 SSVAL(req->outbuf,smb_vwv0,nread);
3447 SSVAL(req->outbuf,smb_vwv5,nread+3);
3448 SCVAL(smb_buf(req->outbuf),0,1);
3449 SSVAL(smb_buf(req->outbuf),1,nread);
3451 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3452 fsp->fnum, (int)numtoread, (int)nread ) );
3455 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3457 END_PROFILE(SMBread);
3461 /****************************************************************************
3463 ****************************************************************************/
3465 static int setup_readX_header(struct smb_request *req, char *outbuf,
3471 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3472 data = smb_buf(outbuf);
3474 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3476 SCVAL(outbuf,smb_vwv0,0xFF);
3477 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3478 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3479 SSVAL(outbuf,smb_vwv6,
3481 + 1 /* the wct field */
3482 + 12 * sizeof(uint16_t) /* vwv */
3483 + 2); /* the buflen field */
3484 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3485 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3486 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3487 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3491 /****************************************************************************
3492 Reply to a read and X - possibly using sendfile.
3493 ****************************************************************************/
3495 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3496 files_struct *fsp, SMB_OFF_T startpos,
3500 struct lock_struct lock;
3501 int saved_errno = 0;
3503 if(fsp_stat(fsp) == -1) {
3504 reply_nterror(req, map_nt_error_from_unix(errno));
3508 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3509 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3512 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3513 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3517 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3518 (startpos > fsp->fsp_name->st.st_ex_size)
3519 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3521 * We already know that we would do a short read, so don't
3522 * try the sendfile() path.
3524 goto nosendfile_read;
3528 * We can only use sendfile on a non-chained packet
3529 * but we can use on a non-oplocked file. tridge proved this
3530 * on a train in Germany :-). JRA.
3533 if (!req_is_in_chain(req) &&
3534 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3535 (fsp->wcp == NULL) &&
3536 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3537 uint8 headerbuf[smb_size + 12 * 2];
3541 * Set up the packet header before send. We
3542 * assume here the sendfile will work (get the
3543 * correct amount of data).
3546 header = data_blob_const(headerbuf, sizeof(headerbuf));
3548 construct_reply_common_req(req, (char *)headerbuf);
3549 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3551 nread = SMB_VFS_SENDFILE(req->sconn->sock, fsp, &header,
3552 startpos, smb_maxcnt);
3554 /* Returning ENOSYS means no data at all was sent.
3555 Do this as a normal read. */
3556 if (errno == ENOSYS) {
3561 * Special hack for broken Linux with no working sendfile. If we
3562 * return EINTR we sent the header but not the rest of the data.
3563 * Fake this up by doing read/write calls.
3566 if (errno == EINTR) {
3567 /* Ensure we don't do this again. */
3568 set_use_sendfile(SNUM(conn), False);
3569 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3570 nread = fake_sendfile(fsp, startpos,
3573 DEBUG(0,("send_file_readX: "
3574 "fake_sendfile failed for "
3578 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3580 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3581 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3582 /* No outbuf here means successful sendfile. */
3586 DEBUG(0,("send_file_readX: sendfile failed for file "
3587 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3589 exit_server_cleanly("send_file_readX sendfile failed");
3590 } else if (nread == 0) {
3592 * Some sendfile implementations return 0 to indicate
3593 * that there was a short read, but nothing was
3594 * actually written to the socket. In this case,
3595 * fallback to the normal read path so the header gets
3596 * the correct byte count.
3598 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3599 "falling back to the normal read: %s\n",
3604 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3605 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3607 /* Deal with possible short send. */
3608 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3609 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3611 /* No outbuf here means successful sendfile. */
3612 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3613 SMB_PERFCOUNT_END(&req->pcd);
3619 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3620 uint8 headerbuf[smb_size + 2*12];
3622 construct_reply_common_req(req, (char *)headerbuf);
3623 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3625 /* Send out the header. */
3626 if (write_data(req->sconn->sock, (char *)headerbuf,
3627 sizeof(headerbuf)) != sizeof(headerbuf)) {
3629 char addr[INET6_ADDRSTRLEN];
3631 * Try and give an error message saying what
3634 DEBUG(0, ("write_data failed for client %s. "
3636 get_peer_addr(req->sconn->sock, addr,
3640 DEBUG(0,("send_file_readX: write_data failed for file "
3641 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3643 exit_server_cleanly("send_file_readX sendfile failed");
3645 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3647 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3648 "file %s (%s).\n", fsp_str_dbg(fsp),
3650 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3657 reply_outbuf(req, 12, smb_maxcnt);
3659 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3660 saved_errno = errno;
3662 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3665 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3669 setup_readX_header(req, (char *)req->outbuf, nread);
3671 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3672 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3678 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3679 TALLOC_FREE(req->outbuf);
3683 /****************************************************************************
3684 Reply to a read and X.
3685 ****************************************************************************/
3687 void reply_read_and_X(struct smb_request *req)
3689 connection_struct *conn = req->conn;
3693 bool big_readX = False;
3695 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3698 START_PROFILE(SMBreadX);
3700 if ((req->wct != 10) && (req->wct != 12)) {
3701 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3705 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3706 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3707 smb_maxcnt = SVAL(req->vwv+5, 0);
3709 /* If it's an IPC, pass off the pipe handler. */
3711 reply_pipe_read_and_X(req);
3712 END_PROFILE(SMBreadX);
3716 if (!check_fsp(conn, req, fsp)) {
3717 END_PROFILE(SMBreadX);
3721 if (!CHECK_READ(fsp,req)) {
3722 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3723 END_PROFILE(SMBreadX);
3727 if (global_client_caps & CAP_LARGE_READX) {
3728 size_t upper_size = SVAL(req->vwv+7, 0);
3729 smb_maxcnt |= (upper_size<<16);
3730 if (upper_size > 1) {
3731 /* Can't do this on a chained packet. */
3732 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3733 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3734 END_PROFILE(SMBreadX);
3737 /* We currently don't do this on signed or sealed data. */
3738 if (srv_is_signing_active(req->sconn) ||
3739 is_encrypted_packet(req->inbuf)) {
3740 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3741 END_PROFILE(SMBreadX);
3744 /* Is there room in the reply for this data ? */
3745 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3747 NT_STATUS_INVALID_PARAMETER);
3748 END_PROFILE(SMBreadX);
3755 if (req->wct == 12) {
3756 #ifdef LARGE_SMB_OFF_T
3758 * This is a large offset (64 bit) read.
3760 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3762 #else /* !LARGE_SMB_OFF_T */
3765 * Ensure we haven't been sent a >32 bit offset.
3768 if(IVAL(req->vwv+10, 0) != 0) {
3769 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3770 "used and we don't support 64 bit offsets.\n",
3771 (unsigned int)IVAL(req->vwv+10, 0) ));
3772 END_PROFILE(SMBreadX);
3773 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3777 #endif /* LARGE_SMB_OFF_T */
3782 NTSTATUS status = schedule_aio_read_and_X(conn,
3787 if (NT_STATUS_IS_OK(status)) {
3788 /* Read scheduled - we're done. */
3791 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
3792 /* Real error - report to client. */
3793 END_PROFILE(SMBreadX);
3794 reply_nterror(req, status);
3797 /* NT_STATUS_RETRY - fall back to sync read. */
3800 smbd_lock_socket(req->sconn);
3801 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3802 smbd_unlock_socket(req->sconn);
3805 END_PROFILE(SMBreadX);
3809 /****************************************************************************
3810 Error replies to writebraw must have smb_wct == 1. Fix this up.
3811 ****************************************************************************/
3813 void error_to_writebrawerr(struct smb_request *req)
3815 uint8 *old_outbuf = req->outbuf;
3817 reply_outbuf(req, 1, 0);
3819 memcpy(req->outbuf, old_outbuf, smb_size);
3820 TALLOC_FREE(old_outbuf);
3823 /****************************************************************************
3824 Read 4 bytes of a smb packet and return the smb length of the packet.
3825 Store the result in the buffer. This version of the function will
3826 never return a session keepalive (length of zero).
3827 Timeout is in milliseconds.
3828 ****************************************************************************/
3830 static NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
3833 uint8_t msgtype = SMBkeepalive;
3835 while (msgtype == SMBkeepalive) {
3838 status = read_smb_length_return_keepalive(fd, inbuf, timeout,
3840 if (!NT_STATUS_IS_OK(status)) {
3841 char addr[INET6_ADDRSTRLEN];
3842 /* Try and give an error message
3843 * saying what client failed. */
3844 DEBUG(0, ("read_fd_with_timeout failed for "
3845 "client %s read error = %s.\n",
3846 get_peer_addr(fd,addr,sizeof(addr)),
3847 nt_errstr(status)));
3851 msgtype = CVAL(inbuf, 0);
3854 DEBUG(10,("read_smb_length: got smb length of %lu\n",
3855 (unsigned long)len));
3857 return NT_STATUS_OK;
3860 /****************************************************************************
3861 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3862 ****************************************************************************/
3864 void reply_writebraw(struct smb_request *req)
3866 connection_struct *conn = req->conn;
3869 ssize_t total_written=0;
3870 size_t numtowrite=0;
3876 struct lock_struct lock;
3879 START_PROFILE(SMBwritebraw);
3882 * If we ever reply with an error, it must have the SMB command
3883 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3886 SCVAL(req->inbuf,smb_com,SMBwritec);
3888 if (srv_is_signing_active(req->sconn)) {
3889 END_PROFILE(SMBwritebraw);
3890 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3891 "raw reads/writes are disallowed.");
3894 if (req->wct < 12) {
3895 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3896 error_to_writebrawerr(req);
3897 END_PROFILE(SMBwritebraw);
3901 if (req->sconn->smb1.echo_handler.trusted_fde) {
3902 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
3903 "'async smb echo handler = yes'\n"));
3904 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3905 error_to_writebrawerr(req);
3906 END_PROFILE(SMBwritebraw);
3910 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3911 if (!check_fsp(conn, req, fsp)) {
3912 error_to_writebrawerr(req);
3913 END_PROFILE(SMBwritebraw);
3917 if (!CHECK_WRITE(fsp)) {
3918 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3919 error_to_writebrawerr(req);
3920 END_PROFILE(SMBwritebraw);
3924 tcount = IVAL(req->vwv+1, 0);
3925 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3926 write_through = BITSETW(req->vwv+7,0);
3928 /* We have to deal with slightly different formats depending
3929 on whether we are using the core+ or lanman1.0 protocol */
3931 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3932 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3933 data = smb_buf(req->inbuf);
3935 numtowrite = SVAL(req->vwv+10, 0);
3936 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3939 /* Ensure we don't write bytes past the end of this packet. */
3940 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3941 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3942 error_to_writebrawerr(req);
3943 END_PROFILE(SMBwritebraw);
3947 if (!fsp->print_file) {
3948 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3949 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3952 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3953 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3954 error_to_writebrawerr(req);
3955 END_PROFILE(SMBwritebraw);
3961 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3964 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3965 "wrote=%d sync=%d\n",
3966 fsp->fnum, (double)startpos, (int)numtowrite,
3967 (int)nwritten, (int)write_through));
3969 if (nwritten < (ssize_t)numtowrite) {
3970 reply_nterror(req, NT_STATUS_DISK_FULL);
3971 error_to_writebrawerr(req);
3975 total_written = nwritten;
3977 /* Allocate a buffer of 64k + length. */
3978 buf = TALLOC_ARRAY(NULL, char, 65540);
3980 reply_nterror(req, NT_STATUS_NO_MEMORY);
3981 error_to_writebrawerr(req);
3985 /* Return a SMBwritebraw message to the redirector to tell
3986 * it to send more bytes */
3988 memcpy(buf, req->inbuf, smb_size);
3989 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
3990 SCVAL(buf,smb_com,SMBwritebraw);
3991 SSVALS(buf,smb_vwv0,0xFFFF);
3993 if (!srv_send_smb(req->sconn,
3995 false, 0, /* no signing */
3996 IS_CONN_ENCRYPTED(conn),
3998 exit_server_cleanly("reply_writebraw: srv_send_smb "
4002 /* Now read the raw data into the buffer and write it */
4003 status = read_smb_length(req->sconn->sock, buf, SMB_SECONDARY_WAIT,
4005 if (!NT_STATUS_IS_OK(status)) {
4006 exit_server_cleanly("secondary writebraw failed");
4009 /* Set up outbuf to return the correct size */
4010 reply_outbuf(req, 1, 0);
4012 if (numtowrite != 0) {
4014 if (numtowrite > 0xFFFF) {
4015 DEBUG(0,("reply_writebraw: Oversize secondary write "
4016 "raw requested (%u). Terminating\n",
4017 (unsigned int)numtowrite ));
4018 exit_server_cleanly("secondary writebraw failed");
4021 if (tcount > nwritten+numtowrite) {
4022 DEBUG(3,("reply_writebraw: Client overestimated the "
4024 (int)tcount,(int)nwritten,(int)numtowrite));
4027 status = read_data(req->sconn->sock, buf+4, numtowrite);
4029 if (!NT_STATUS_IS_OK(status)) {
4030 char addr[INET6_ADDRSTRLEN];
4031 /* Try and give an error message
4032 * saying what client failed. */
4033 DEBUG(0, ("reply_writebraw: Oversize secondary write "
4034 "raw read failed (%s) for client %s. "
4035 "Terminating\n", nt_errstr(status),
4036 get_peer_addr(req->sconn->sock, addr,
4038 exit_server_cleanly("secondary writebraw failed");
4041 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
4042 if (nwritten == -1) {
4044 reply_nterror(req, map_nt_error_from_unix(errno));
4045 error_to_writebrawerr(req);
4049 if (nwritten < (ssize_t)numtowrite) {
4050 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4051 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4055 total_written += nwritten;
4060 SSVAL(req->outbuf,smb_vwv0,total_written);
4062 status = sync_file(conn, fsp, write_through);
4063 if (!NT_STATUS_IS_OK(status)) {
4064 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
4065 fsp_str_dbg(fsp), nt_errstr(status)));
4066 reply_nterror(req, status);
4067 error_to_writebrawerr(req);
4071 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
4073 fsp->fnum, (double)startpos, (int)numtowrite,
4074 (int)total_written));
4076 if (!fsp->print_file) {
4077 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4080 /* We won't return a status if write through is not selected - this
4081 * follows what WfWg does */
4082 END_PROFILE(SMBwritebraw);
4084 if (!write_through && total_written==tcount) {
4086 #if RABBIT_PELLET_FIX
4088 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
4089 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
4092 if (!send_keepalive(req->sconn->sock)) {
4093 exit_server_cleanly("reply_writebraw: send of "
4094 "keepalive failed");
4097 TALLOC_FREE(req->outbuf);
4102 if (!fsp->print_file) {
4103 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4106 END_PROFILE(SMBwritebraw);
4111 #define DBGC_CLASS DBGC_LOCKING
4113 /****************************************************************************
4114 Reply to a writeunlock (core+).
4115 ****************************************************************************/
4117 void reply_writeunlock(struct smb_request *req)
4119 connection_struct *conn = req->conn;
4120 ssize_t nwritten = -1;
4124 NTSTATUS status = NT_STATUS_OK;
4126 struct lock_struct lock;
4127 int saved_errno = 0;
4129 START_PROFILE(SMBwriteunlock);
4132 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4133 END_PROFILE(SMBwriteunlock);
4137 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4139 if (!check_fsp(conn, req, fsp)) {
4140 END_PROFILE(SMBwriteunlock);
4144 if (!CHECK_WRITE(fsp)) {
4145 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4146 END_PROFILE(SMBwriteunlock);
4150 numtowrite = SVAL(req->vwv+1, 0);
4151 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4152 data = (const char *)req->buf + 3;
4154 if (!fsp->print_file && numtowrite > 0) {
4155 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4156 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4159 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4160 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4161 END_PROFILE(SMBwriteunlock);
4166 /* The special X/Open SMB protocol handling of
4167 zero length writes is *NOT* done for
4169 if(numtowrite == 0) {
4172 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4173 saved_errno = errno;
4176 status = sync_file(conn, fsp, False /* write through */);
4177 if (!NT_STATUS_IS_OK(status)) {
4178 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4179 fsp_str_dbg(fsp), nt_errstr(status)));
4180 reply_nterror(req, status);
4185 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4189 if((nwritten < numtowrite) && (numtowrite != 0)) {
4190 reply_nterror(req, NT_STATUS_DISK_FULL);
4194 if (numtowrite && !fsp->print_file) {
4195 status = do_unlock(req->sconn->msg_ctx,
4197 (uint64_t)req->smbpid,
4198 (uint64_t)numtowrite,
4202 if (NT_STATUS_V(status)) {
4203 reply_nterror(req, status);
4208 reply_outbuf(req, 1, 0);
4210 SSVAL(req->outbuf,smb_vwv0,nwritten);
4212 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4213 fsp->fnum, (int)numtowrite, (int)nwritten));
4216 if (numtowrite && !fsp->print_file) {
4217 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4220 END_PROFILE(SMBwriteunlock);
4225 #define DBGC_CLASS DBGC_ALL
4227 /****************************************************************************
4229 ****************************************************************************/
4231 void reply_write(struct smb_request *req)
4233 connection_struct *conn = req->conn;
4235 ssize_t nwritten = -1;
4239 struct lock_struct lock;
4241 int saved_errno = 0;
4243 START_PROFILE(SMBwrite);
4246 END_PROFILE(SMBwrite);
4247 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4251 /* If it's an IPC, pass off the pipe handler. */
4253 reply_pipe_write(req);
4254 END_PROFILE(SMBwrite);
4258 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4260 if (!check_fsp(conn, req, fsp)) {
4261 END_PROFILE(SMBwrite);
4265 if (!CHECK_WRITE(fsp)) {
4266 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4267 END_PROFILE(SMBwrite);
4271 numtowrite = SVAL(req->vwv+1, 0);
4272 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4273 data = (const char *)req->buf + 3;
4275 if (!fsp->print_file) {
4276 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4277 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4280 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4281 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4282 END_PROFILE(SMBwrite);
4288 * X/Open SMB protocol says that if smb_vwv1 is
4289 * zero then the file size should be extended or
4290 * truncated to the size given in smb_vwv[2-3].
4293 if(numtowrite == 0) {
4295 * This is actually an allocate call, and set EOF. JRA.
4297 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4299 reply_nterror(req, NT_STATUS_DISK_FULL);
4302 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4304 reply_nterror(req, NT_STATUS_DISK_FULL);
4307 trigger_write_time_update_immediate(fsp);
4309 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4312 status = sync_file(conn, fsp, False);
4313 if (!NT_STATUS_IS_OK(status)) {
4314 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4315 fsp_str_dbg(fsp), nt_errstr(status)));
4316 reply_nterror(req, status);
4321 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4325 if((nwritten == 0) && (numtowrite != 0)) {
4326 reply_nterror(req, NT_STATUS_DISK_FULL);
4330 reply_outbuf(req, 1, 0);
4332 SSVAL(req->outbuf,smb_vwv0,nwritten);
4334 if (nwritten < (ssize_t)numtowrite) {
4335 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4336 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4339 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4342 if (!fsp->print_file) {
4343 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4346 END_PROFILE(SMBwrite);
4350 /****************************************************************************
4351 Ensure a buffer is a valid writeX for recvfile purposes.
4352 ****************************************************************************/
4354 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4355 (2*14) + /* word count (including bcc) */ \
4358 bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
4359 const uint8_t *inbuf)
4362 connection_struct *conn = NULL;
4363 unsigned int doff = 0;
4364 size_t len = smb_len_large(inbuf);
4366 if (is_encrypted_packet(inbuf)) {
4367 /* Can't do this on encrypted
4372 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4376 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4377 CVAL(inbuf,smb_wct) != 14) {
4378 DEBUG(10,("is_valid_writeX_buffer: chained or "
4379 "invalid word length.\n"));
4383 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4385 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4389 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4392 if (IS_PRINT(conn)) {
4393 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4396 doff = SVAL(inbuf,smb_vwv11);
4398 numtowrite = SVAL(inbuf,smb_vwv10);
4400 if (len > doff && len - doff > 0xFFFF) {
4401 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4404 if (numtowrite == 0) {
4405 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4409 /* Ensure the sizes match up. */
4410 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4411 /* no pad byte...old smbclient :-( */
4412 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4414 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4418 if (len - doff != numtowrite) {
4419 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4420 "len = %u, doff = %u, numtowrite = %u\n",
4423 (unsigned int)numtowrite ));
4427 DEBUG(10,("is_valid_writeX_buffer: true "
4428 "len = %u, doff = %u, numtowrite = %u\n",
4431 (unsigned int)numtowrite ));
4436 /****************************************************************************
4437 Reply to a write and X.
4438 ****************************************************************************/
4440 void reply_write_and_X(struct smb_request *req)
4442 connection_struct *conn = req->conn;
4444 struct lock_struct lock;
4449 unsigned int smb_doff;
4450 unsigned int smblen;
4453 int saved_errno = 0;
4455 START_PROFILE(SMBwriteX);
4457 if ((req->wct != 12) && (req->wct != 14)) {
4458 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4459 END_PROFILE(SMBwriteX);
4463 numtowrite = SVAL(req->vwv+10, 0);
4464 smb_doff = SVAL(req->vwv+11, 0);
4465 smblen = smb_len(req->inbuf);
4467 if (req->unread_bytes > 0xFFFF ||
4468 (smblen > smb_doff &&
4469 smblen - smb_doff > 0xFFFF)) {
4470 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4473 if (req->unread_bytes) {
4474 /* Can't do a recvfile write on IPC$ */
4476 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4477 END_PROFILE(SMBwriteX);
4480 if (numtowrite != req->unread_bytes) {
4481 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4482 END_PROFILE(SMBwriteX);
4486 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4487 smb_doff + numtowrite > smblen) {
4488 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4489 END_PROFILE(SMBwriteX);
4494 /* If it's an IPC, pass off the pipe handler. */
4496 if (req->unread_bytes) {
4497 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4498 END_PROFILE(SMBwriteX);
4501 reply_pipe_write_and_X(req);
4502 END_PROFILE(SMBwriteX);
4506 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4507 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4508 write_through = BITSETW(req->vwv+7,0);
4510 if (!check_fsp(conn, req, fsp)) {
4511 END_PROFILE(SMBwriteX);
4515 if (!CHECK_WRITE(fsp)) {
4516 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4517 END_PROFILE(SMBwriteX);
4521 data = smb_base(req->inbuf) + smb_doff;
4523 if(req->wct == 14) {
4524 #ifdef LARGE_SMB_OFF_T
4526 * This is a large offset (64 bit) write.
4528 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4530 #else /* !LARGE_SMB_OFF_T */
4533 * Ensure we haven't been sent a >32 bit offset.
4536 if(IVAL(req->vwv+12, 0) != 0) {
4537 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4538 "used and we don't support 64 bit offsets.\n",
4539 (unsigned int)IVAL(req->vwv+12, 0) ));
4540 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4541 END_PROFILE(SMBwriteX);
4545 #endif /* LARGE_SMB_OFF_T */
4548 /* X/Open SMB protocol says that, unlike SMBwrite
4549 if the length is zero then NO truncation is
4550 done, just a write of zero. To truncate a file,
4553 if(numtowrite == 0) {
4556 if (req->unread_bytes == 0) {
4557 status = schedule_aio_write_and_X(conn,
4564 if (NT_STATUS_IS_OK(status)) {
4565 /* write scheduled - we're done. */
4568 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4569 /* Real error - report to client. */
4570 reply_nterror(req, status);
4573 /* NT_STATUS_RETRY - fall through to sync write. */
4576 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4577 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4580 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4581 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4585 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4586 saved_errno = errno;
4588 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4592 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4596 if((nwritten == 0) && (numtowrite != 0)) {
4597 reply_nterror(req, NT_STATUS_DISK_FULL);
4601 reply_outbuf(req, 6, 0);
4602 SSVAL(req->outbuf,smb_vwv2,nwritten);
4603 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4605 if (nwritten < (ssize_t)numtowrite) {
4606 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4607 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4610 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4611 fsp->fnum, (int)numtowrite, (int)nwritten));
4613 status = sync_file(conn, fsp, write_through);
4614 if (!NT_STATUS_IS_OK(status)) {
4615 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4616 fsp_str_dbg(fsp), nt_errstr(status)));
4617 reply_nterror(req, status);
4621 END_PROFILE(SMBwriteX);
4626 END_PROFILE(SMBwriteX);
4630 /****************************************************************************
4632 ****************************************************************************/
4634 void reply_lseek(struct smb_request *req)
4636 connection_struct *conn = req->conn;
4642 START_PROFILE(SMBlseek);
4645 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4646 END_PROFILE(SMBlseek);
4650 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4652 if (!check_fsp(conn, req, fsp)) {
4656 flush_write_cache(fsp, SEEK_FLUSH);
4658 mode = SVAL(req->vwv+1, 0) & 3;
4659 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4660 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4669 res = fsp->fh->pos + startpos;
4680 if (umode == SEEK_END) {
4681 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4682 if(errno == EINVAL) {
4683 SMB_OFF_T current_pos = startpos;
4685 if(fsp_stat(fsp) == -1) {
4687 map_nt_error_from_unix(errno));
4688 END_PROFILE(SMBlseek);
4692 current_pos += fsp->fsp_name->st.st_ex_size;
4694 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4699 reply_nterror(req, map_nt_error_from_unix(errno));
4700 END_PROFILE(SMBlseek);
4707 reply_outbuf(req, 2, 0);
4708 SIVAL(req->outbuf,smb_vwv0,res);
4710 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4711 fsp->fnum, (double)startpos, (double)res, mode));
4713 END_PROFILE(SMBlseek);
4717 /****************************************************************************
4719 ****************************************************************************/
4721 void reply_flush(struct smb_request *req)
4723 connection_struct *conn = req->conn;
4727 START_PROFILE(SMBflush);
4730 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4734 fnum = SVAL(req->vwv+0, 0);
4735 fsp = file_fsp(req, fnum);
4737 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4742 file_sync_all(conn);
4744 NTSTATUS status = sync_file(conn, fsp, True);
4745 if (!NT_STATUS_IS_OK(status)) {
4746 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4747 fsp_str_dbg(fsp), nt_errstr(status)));
4748 reply_nterror(req, status);
4749 END_PROFILE(SMBflush);
4754 reply_outbuf(req, 0, 0);
4756 DEBUG(3,("flush\n"));
4757 END_PROFILE(SMBflush);
4761 /****************************************************************************
4763 conn POINTER CAN BE NULL HERE !
4764 ****************************************************************************/
4766 void reply_exit(struct smb_request *req)
4768 START_PROFILE(SMBexit);
4770 file_close_pid(req->sconn, req->smbpid, req->vuid);
4772 reply_outbuf(req, 0, 0);
4774 DEBUG(3,("exit\n"));
4776 END_PROFILE(SMBexit);
4780 /****************************************************************************
4781 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4782 ****************************************************************************/
4784 void reply_close(struct smb_request *req)
4786 connection_struct *conn = req->conn;
4787 NTSTATUS status = NT_STATUS_OK;
4788 files_struct *fsp = NULL;
4789 START_PROFILE(SMBclose);
4792 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4793 END_PROFILE(SMBclose);
4797 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4800 * We can only use check_fsp if we know it's not a directory.
4803 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4804 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
4805 END_PROFILE(SMBclose);
4809 if(fsp->is_directory) {
4811 * Special case - close NT SMB directory handle.
4813 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4814 status = close_file(req, fsp, NORMAL_CLOSE);
4818 * Close ordinary file.
4821 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4822 fsp->fh->fd, fsp->fnum,
4823 conn->num_files_open));
4826 * Take care of any time sent in the close.
4829 t = srv_make_unix_date3(req->vwv+1);
4830 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4833 * close_file() returns the unix errno if an error
4834 * was detected on close - normally this is due to
4835 * a disk full error. If not then it was probably an I/O error.
4838 status = close_file(req, fsp, NORMAL_CLOSE);
4841 if (!NT_STATUS_IS_OK(status)) {
4842 reply_nterror(req, status);
4843 END_PROFILE(SMBclose);
4847 reply_outbuf(req, 0, 0);
4848 END_PROFILE(SMBclose);
4852 /****************************************************************************
4853 Reply to a writeclose (Core+ protocol).
4854 ****************************************************************************/
4856 void reply_writeclose(struct smb_request *req)
4858 connection_struct *conn = req->conn;
4860 ssize_t nwritten = -1;
4861 NTSTATUS close_status = NT_STATUS_OK;
4864 struct timespec mtime;
4866 struct lock_struct lock;
4868 START_PROFILE(SMBwriteclose);
4871 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4872 END_PROFILE(SMBwriteclose);
4876 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4878 if (!check_fsp(conn, req, fsp)) {
4879 END_PROFILE(SMBwriteclose);
4882 if (!CHECK_WRITE(fsp)) {
4883 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4884 END_PROFILE(SMBwriteclose);
4888 numtowrite = SVAL(req->vwv+1, 0);
4889 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4890 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4891 data = (const char *)req->buf + 1;
4893 if (!fsp->print_file) {
4894 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4895 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4898 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4899 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4900 END_PROFILE(SMBwriteclose);
4905 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4907 set_close_write_time(fsp, mtime);
4910 * More insanity. W2K only closes the file if writelen > 0.
4915 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4916 "file %s\n", fsp_str_dbg(fsp)));
4917 close_status = close_file(req, fsp, NORMAL_CLOSE);
4920 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4921 fsp->fnum, (int)numtowrite, (int)nwritten,
4922 conn->num_files_open));
4924 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4925 reply_nterror(req, NT_STATUS_DISK_FULL);
4929 if(!NT_STATUS_IS_OK(close_status)) {
4930 reply_nterror(req, close_status);
4934 reply_outbuf(req, 1, 0);
4936 SSVAL(req->outbuf,smb_vwv0,nwritten);
4939 if (numtowrite && !fsp->print_file) {
4940 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4943 END_PROFILE(SMBwriteclose);
4948 #define DBGC_CLASS DBGC_LOCKING
4950 /****************************************************************************
4952 ****************************************************************************/
4954 void reply_lock(struct smb_request *req)
4956 connection_struct *conn = req->conn;
4957 uint64_t count,offset;
4960 struct byte_range_lock *br_lck = NULL;
4962 START_PROFILE(SMBlock);
4965 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4966 END_PROFILE(SMBlock);
4970 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4972 if (!check_fsp(conn, req, fsp)) {
4973 END_PROFILE(SMBlock);
4977 count = (uint64_t)IVAL(req->vwv+1, 0);
4978 offset = (uint64_t)IVAL(req->vwv+3, 0);
4980 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4981 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4983 br_lck = do_lock(req->sconn->msg_ctx,
4985 (uint64_t)req->smbpid,
4990 False, /* Non-blocking lock. */
4995 TALLOC_FREE(br_lck);
4997 if (NT_STATUS_V(status)) {
4998 reply_nterror(req, status);
4999 END_PROFILE(SMBlock);
5003 reply_outbuf(req, 0, 0);
5005 END_PROFILE(SMBlock);
5009 /****************************************************************************
5011 ****************************************************************************/
5013 void reply_unlock(struct smb_request *req)
5015 connection_struct *conn = req->conn;
5016 uint64_t count,offset;
5020 START_PROFILE(SMBunlock);
5023 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5024 END_PROFILE(SMBunlock);
5028 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5030 if (!check_fsp(conn, req, fsp)) {
5031 END_PROFILE(SMBunlock);
5035 count = (uint64_t)IVAL(req->vwv+1, 0);
5036 offset = (uint64_t)IVAL(req->vwv+3, 0);
5038 status = do_unlock(req->sconn->msg_ctx,
5040 (uint64_t)req->smbpid,
5045 if (NT_STATUS_V(status)) {
5046 reply_nterror(req, status);
5047 END_PROFILE(SMBunlock);
5051 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
5052 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
5054 reply_outbuf(req, 0, 0);
5056 END_PROFILE(SMBunlock);
5061 #define DBGC_CLASS DBGC_ALL
5063 /****************************************************************************
5065 conn POINTER CAN BE NULL HERE !
5066 ****************************************************************************/
5068 void reply_tdis(struct smb_request *req)
5070 connection_struct *conn = req->conn;
5071 START_PROFILE(SMBtdis);
5074 DEBUG(4,("Invalid connection in tdis\n"));
5075 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
5076 END_PROFILE(SMBtdis);
5082 close_cnum(conn,req->vuid);
5085 reply_outbuf(req, 0, 0);
5086 END_PROFILE(SMBtdis);
5090 /****************************************************************************
5092 conn POINTER CAN BE NULL HERE !
5093 ****************************************************************************/
5095 void reply_echo(struct smb_request *req)
5097 connection_struct *conn = req->conn;
5098 struct smb_perfcount_data local_pcd;
5099 struct smb_perfcount_data *cur_pcd;
5103 START_PROFILE(SMBecho);
5105 smb_init_perfcount_data(&local_pcd);
5108 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5109 END_PROFILE(SMBecho);
5113 smb_reverb = SVAL(req->vwv+0, 0);
5115 reply_outbuf(req, 1, req->buflen);
5117 /* copy any incoming data back out */
5118 if (req->buflen > 0) {
5119 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5122 if (smb_reverb > 100) {
5123 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5127 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5129 /* this makes sure we catch the request pcd */
5130 if (seq_num == smb_reverb) {
5131 cur_pcd = &req->pcd;
5133 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5134 cur_pcd = &local_pcd;
5137 SSVAL(req->outbuf,smb_vwv0,seq_num);
5139 show_msg((char *)req->outbuf);
5140 if (!srv_send_smb(req->sconn,
5141 (char *)req->outbuf,
5142 true, req->seqnum+1,
5143 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5145 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5148 DEBUG(3,("echo %d times\n", smb_reverb));
5150 TALLOC_FREE(req->outbuf);
5152 END_PROFILE(SMBecho);
5156 /****************************************************************************
5157 Reply to a printopen.
5158 ****************************************************************************/
5160 void reply_printopen(struct smb_request *req)
5162 connection_struct *conn = req->conn;
5166 START_PROFILE(SMBsplopen);
5169 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5170 END_PROFILE(SMBsplopen);
5174 if (!CAN_PRINT(conn)) {
5175 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5176 END_PROFILE(SMBsplopen);
5180 status = file_new(req, conn, &fsp);
5181 if(!NT_STATUS_IS_OK(status)) {
5182 reply_nterror(req, status);
5183 END_PROFILE(SMBsplopen);
5187 /* Open for exclusive use, write only. */
5188 status = print_spool_open(fsp, NULL, req->vuid);
5190 if (!NT_STATUS_IS_OK(status)) {
5191 file_free(req, fsp);
5192 reply_nterror(req, status);
5193 END_PROFILE(SMBsplopen);
5197 reply_outbuf(req, 1, 0);
5198 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5200 DEBUG(3,("openprint fd=%d fnum=%d\n",
5201 fsp->fh->fd, fsp->fnum));
5203 END_PROFILE(SMBsplopen);
5207 /****************************************************************************
5208 Reply to a printclose.
5209 ****************************************************************************/
5211 void reply_printclose(struct smb_request *req)
5213 connection_struct *conn = req->conn;
5217 START_PROFILE(SMBsplclose);
5220 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5221 END_PROFILE(SMBsplclose);
5225 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5227 if (!check_fsp(conn, req, fsp)) {
5228 END_PROFILE(SMBsplclose);
5232 if (!CAN_PRINT(conn)) {
5233 reply_force_doserror(req, ERRSRV, ERRerror);
5234 END_PROFILE(SMBsplclose);
5238 DEBUG(3,("printclose fd=%d fnum=%d\n",
5239 fsp->fh->fd,fsp->fnum));
5241 status = close_file(req, fsp, NORMAL_CLOSE);
5243 if(!NT_STATUS_IS_OK(status)) {
5244 reply_nterror(req, status);
5245 END_PROFILE(SMBsplclose);
5249 reply_outbuf(req, 0, 0);
5251 END_PROFILE(SMBsplclose);
5255 /****************************************************************************
5256 Reply to a printqueue.
5257 ****************************************************************************/
5259 void reply_printqueue(struct smb_request *req)
5261 connection_struct *conn = req->conn;
5265 START_PROFILE(SMBsplretq);
5268 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5269 END_PROFILE(SMBsplretq);
5273 max_count = SVAL(req->vwv+0, 0);
5274 start_index = SVAL(req->vwv+1, 0);
5276 /* we used to allow the client to get the cnum wrong, but that
5277 is really quite gross and only worked when there was only
5278 one printer - I think we should now only accept it if they
5279 get it right (tridge) */
5280 if (!CAN_PRINT(conn)) {
5281 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5282 END_PROFILE(SMBsplretq);
5286 reply_outbuf(req, 2, 3);
5287 SSVAL(req->outbuf,smb_vwv0,0);
5288 SSVAL(req->outbuf,smb_vwv1,0);
5289 SCVAL(smb_buf(req->outbuf),0,1);
5290 SSVAL(smb_buf(req->outbuf),1,0);
5292 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5293 start_index, max_count));
5296 TALLOC_CTX *mem_ctx = talloc_tos();
5299 const char *sharename = lp_servicename(SNUM(conn));
5300 struct rpc_pipe_client *cli = NULL;
5301 struct policy_handle handle;
5302 struct spoolss_DevmodeContainer devmode_ctr;
5303 union spoolss_JobInfo *info;
5305 uint32_t num_to_get;
5309 ZERO_STRUCT(handle);
5311 status = rpc_pipe_open_interface(conn,
5312 &ndr_table_spoolss.syntax_id,
5314 &conn->sconn->client_id,
5315 conn->sconn->msg_ctx,
5317 if (!NT_STATUS_IS_OK(status)) {
5318 DEBUG(0, ("reply_printqueue: "
5319 "could not connect to spoolss: %s\n",
5320 nt_errstr(status)));
5321 reply_nterror(req, status);
5325 ZERO_STRUCT(devmode_ctr);
5327 status = rpccli_spoolss_OpenPrinter(cli, mem_ctx,
5330 SEC_FLAG_MAXIMUM_ALLOWED,
5333 if (!NT_STATUS_IS_OK(status)) {
5334 reply_nterror(req, status);
5337 if (!W_ERROR_IS_OK(werr)) {
5338 reply_nterror(req, werror_to_ntstatus(werr));
5342 werr = rpccli_spoolss_enumjobs(cli, mem_ctx,
5350 if (!W_ERROR_IS_OK(werr)) {
5351 reply_nterror(req, werror_to_ntstatus(werr));
5355 if (max_count > 0) {
5356 first = start_index;
5358 first = start_index + max_count + 1;
5361 if (first >= count) {
5364 num_to_get = first + MIN(ABS(max_count), count - first);
5367 for (i = first; i < num_to_get; i++) {
5370 time_t qtime = spoolss_Time_to_time_t(&info[i].info2.submitted);
5372 uint16_t qrapjobid = pjobid_to_rap(sharename,
5373 info[i].info2.job_id);
5375 if (info[i].info2.status == JOB_STATUS_PRINTING) {
5381 srv_put_dos_date2(p, 0, qtime);
5382 SCVAL(p, 4, qstatus);
5383 SSVAL(p, 5, qrapjobid);
5384 SIVAL(p, 7, info[i].info2.size);
5386 srvstr_push(blob, req->flags2, p+12,
5387 info[i].info2.notify_name, 16, STR_ASCII);
5389 if (message_push_blob(
5392 blob, sizeof(blob))) == -1) {
5393 reply_nterror(req, NT_STATUS_NO_MEMORY);
5399 SSVAL(req->outbuf,smb_vwv0,count);
5400 SSVAL(req->outbuf,smb_vwv1,
5401 (max_count>0?first+count:first-1));
5402 SCVAL(smb_buf(req->outbuf),0,1);
5403 SSVAL(smb_buf(req->outbuf),1,28*count);
5407 DEBUG(3, ("%u entries returned in queue\n",
5411 if (cli && is_valid_policy_hnd(&handle)) {
5412 rpccli_spoolss_ClosePrinter(cli, mem_ctx, &handle, NULL);
5417 END_PROFILE(SMBsplretq);
5421 /****************************************************************************
5422 Reply to a printwrite.
5423 ****************************************************************************/
5425 void reply_printwrite(struct smb_request *req)
5427 connection_struct *conn = req->conn;
5432 START_PROFILE(SMBsplwr);
5435 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5436 END_PROFILE(SMBsplwr);
5440 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5442 if (!check_fsp(conn, req, fsp)) {
5443 END_PROFILE(SMBsplwr);
5447 if (!fsp->print_file) {
5448 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5449 END_PROFILE(SMBsplwr);
5453 if (!CHECK_WRITE(fsp)) {
5454 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5455 END_PROFILE(SMBsplwr);
5459 numtowrite = SVAL(req->buf, 1);
5461 if (req->buflen < numtowrite + 3) {
5462 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5463 END_PROFILE(SMBsplwr);
5467 data = (const char *)req->buf + 3;
5469 if (write_file(req,fsp,data,(SMB_OFF_T)-1,numtowrite) != numtowrite) {
5470 reply_nterror(req, map_nt_error_from_unix(errno));
5471 END_PROFILE(SMBsplwr);
5475 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5477 END_PROFILE(SMBsplwr);
5481 /****************************************************************************
5483 ****************************************************************************/
5485 void reply_mkdir(struct smb_request *req)
5487 connection_struct *conn = req->conn;
5488 struct smb_filename *smb_dname = NULL;
5489 char *directory = NULL;
5491 TALLOC_CTX *ctx = talloc_tos();
5493 START_PROFILE(SMBmkdir);
5495 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5496 STR_TERMINATE, &status);
5497 if (!NT_STATUS_IS_OK(status)) {
5498 reply_nterror(req, status);
5502 status = filename_convert(ctx, conn,
5503 req->flags2 & FLAGS2_DFS_PATHNAMES,
5508 if (!NT_STATUS_IS_OK(status)) {
5509 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5510 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5511 ERRSRV, ERRbadpath);
5514 reply_nterror(req, status);
5518 status = create_directory(conn, req, smb_dname);
5520 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5522 if (!NT_STATUS_IS_OK(status)) {
5524 if (!use_nt_status()
5525 && NT_STATUS_EQUAL(status,
5526 NT_STATUS_OBJECT_NAME_COLLISION)) {
5528 * Yes, in the DOS error code case we get a
5529 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5530 * samba4 torture test.
5532 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5535 reply_nterror(req, status);
5539 reply_outbuf(req, 0, 0);
5541 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5543 TALLOC_FREE(smb_dname);
5544 END_PROFILE(SMBmkdir);
5548 /****************************************************************************
5550 ****************************************************************************/
5552 void reply_rmdir(struct smb_request *req)
5554 connection_struct *conn = req->conn;
5555 struct smb_filename *smb_dname = NULL;
5556 char *directory = NULL;
5558 TALLOC_CTX *ctx = talloc_tos();
5559 files_struct *fsp = NULL;
5561 struct smbd_server_connection *sconn = req->sconn;
5563 START_PROFILE(SMBrmdir);
5565 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5566 STR_TERMINATE, &status);
5567 if (!NT_STATUS_IS_OK(status)) {
5568 reply_nterror(req, status);
5572 status = filename_convert(ctx, conn,
5573 req->flags2 & FLAGS2_DFS_PATHNAMES,
5578 if (!NT_STATUS_IS_OK(status)) {
5579 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5580 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5581 ERRSRV, ERRbadpath);
5584 reply_nterror(req, status);
5588 if (is_ntfs_stream_smb_fname(smb_dname)) {
5589 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5593 status = SMB_VFS_CREATE_FILE(
5596 0, /* root_dir_fid */
5597 smb_dname, /* fname */
5598 DELETE_ACCESS, /* access_mask */
5599 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5601 FILE_OPEN, /* create_disposition*/
5602 FILE_DIRECTORY_FILE, /* create_options */
5603 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5604 0, /* oplock_request */
5605 0, /* allocation_size */
5606 0, /* private_flags */
5612 if (!NT_STATUS_IS_OK(status)) {
5613 if (open_was_deferred(req->mid)) {
5614 /* We have re-scheduled this call. */
5617 reply_nterror(req, status);
5621 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5622 if (!NT_STATUS_IS_OK(status)) {
5623 close_file(req, fsp, ERROR_CLOSE);
5624 reply_nterror(req, status);
5628 if (!set_delete_on_close(fsp, true, &conn->server_info->utok)) {
5629 close_file(req, fsp, ERROR_CLOSE);
5630 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5634 status = close_file(req, fsp, NORMAL_CLOSE);
5635 if (!NT_STATUS_IS_OK(status)) {
5636 reply_nterror(req, status);
5638 reply_outbuf(req, 0, 0);
5641 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5643 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5645 TALLOC_FREE(smb_dname);
5646 END_PROFILE(SMBrmdir);
5650 /*******************************************************************
5651 Resolve wildcards in a filename rename.
5652 ********************************************************************/
5654 static bool resolve_wildcards(TALLOC_CTX *ctx,
5659 char *name2_copy = NULL;
5664 char *p,*p2, *pname1, *pname2;
5666 name2_copy = talloc_strdup(ctx, name2);
5671 pname1 = strrchr_m(name1,'/');
5672 pname2 = strrchr_m(name2_copy,'/');
5674 if (!pname1 || !pname2) {
5678 /* Truncate the copy of name2 at the last '/' */
5681 /* Now go past the '/' */
5685 root1 = talloc_strdup(ctx, pname1);
5686 root2 = talloc_strdup(ctx, pname2);
5688 if (!root1 || !root2) {
5692 p = strrchr_m(root1,'.');
5695 ext1 = talloc_strdup(ctx, p+1);
5697 ext1 = talloc_strdup(ctx, "");
5699 p = strrchr_m(root2,'.');
5702 ext2 = talloc_strdup(ctx, p+1);
5704 ext2 = talloc_strdup(ctx, "");
5707 if (!ext1 || !ext2) {
5715 /* Hmmm. Should this be mb-aware ? */
5718 } else if (*p2 == '*') {
5720 root2 = talloc_asprintf(ctx, "%s%s",
5739 /* Hmmm. Should this be mb-aware ? */
5742 } else if (*p2 == '*') {
5744 ext2 = talloc_asprintf(ctx, "%s%s",
5760 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5765 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5777 /****************************************************************************
5778 Ensure open files have their names updated. Updated to notify other smbd's
5780 ****************************************************************************/
5782 static void rename_open_files(connection_struct *conn,
5783 struct share_mode_lock *lck,
5784 const struct smb_filename *smb_fname_dst)
5787 bool did_rename = False;
5790 for(fsp = file_find_di_first(conn->sconn, lck->id); fsp;
5791 fsp = file_find_di_next(fsp)) {
5792 /* fsp_name is a relative path under the fsp. To change this for other
5793 sharepaths we need to manipulate relative paths. */
5794 /* TODO - create the absolute path and manipulate the newname
5795 relative to the sharepath. */
5796 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5799 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5800 "(file_id %s) from %s -> %s\n", fsp->fnum,
5801 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5802 smb_fname_str_dbg(smb_fname_dst)));
5804 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5805 if (NT_STATUS_IS_OK(status)) {
5811 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5812 "for %s\n", file_id_string_tos(&lck->id),
5813 smb_fname_str_dbg(smb_fname_dst)));
5816 /* Send messages to all smbd's (not ourself) that the name has changed. */
5817 rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
5822 /****************************************************************************
5823 We need to check if the source path is a parent directory of the destination
5824 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5825 refuse the rename with a sharing violation. Under UNIX the above call can
5826 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5827 probably need to check that the client is a Windows one before disallowing
5828 this as a UNIX client (one with UNIX extensions) can know the source is a
5829 symlink and make this decision intelligently. Found by an excellent bug
5830 report from <AndyLiebman@aol.com>.
5831 ****************************************************************************/
5833 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5834 const struct smb_filename *smb_fname_dst)
5836 const char *psrc = smb_fname_src->base_name;
5837 const char *pdst = smb_fname_dst->base_name;
5840 if (psrc[0] == '.' && psrc[1] == '/') {
5843 if (pdst[0] == '.' && pdst[1] == '/') {
5846 if ((slen = strlen(psrc)) > strlen(pdst)) {
5849 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5853 * Do the notify calls from a rename
5856 static void notify_rename(connection_struct *conn, bool is_dir,
5857 const struct smb_filename *smb_fname_src,
5858 const struct smb_filename *smb_fname_dst)
5860 char *parent_dir_src = NULL;
5861 char *parent_dir_dst = NULL;
5864 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5865 : FILE_NOTIFY_CHANGE_FILE_NAME;
5867 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5868 &parent_dir_src, NULL) ||
5869 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5870 &parent_dir_dst, NULL)) {
5874 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5875 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5876 smb_fname_src->base_name);
5877 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5878 smb_fname_dst->base_name);
5881 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5882 smb_fname_src->base_name);
5883 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5884 smb_fname_dst->base_name);
5887 /* this is a strange one. w2k3 gives an additional event for
5888 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5889 files, but not directories */
5891 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5892 FILE_NOTIFY_CHANGE_ATTRIBUTES
5893 |FILE_NOTIFY_CHANGE_CREATION,
5894 smb_fname_dst->base_name);
5897 TALLOC_FREE(parent_dir_src);
5898 TALLOC_FREE(parent_dir_dst);
5901 /****************************************************************************
5902 Rename an open file - given an fsp.
5903 ****************************************************************************/
5905 NTSTATUS rename_internals_fsp(connection_struct *conn,
5907 const struct smb_filename *smb_fname_dst_in,
5909 bool replace_if_exists)
5911 TALLOC_CTX *ctx = talloc_tos();
5912 struct smb_filename *smb_fname_dst = NULL;
5913 NTSTATUS status = NT_STATUS_OK;
5914 struct share_mode_lock *lck = NULL;
5915 bool dst_exists, old_is_stream, new_is_stream;
5917 status = check_name(conn, smb_fname_dst_in->base_name);
5918 if (!NT_STATUS_IS_OK(status)) {
5922 /* Make a copy of the dst smb_fname structs */
5924 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5925 if (!NT_STATUS_IS_OK(status)) {
5929 /* Ensure the dst smb_fname contains a '/' */
5930 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5932 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5933 smb_fname_dst->base_name);
5935 status = NT_STATUS_NO_MEMORY;
5938 TALLOC_FREE(smb_fname_dst->base_name);
5939 smb_fname_dst->base_name = tmp;
5943 * Check for special case with case preserving and not
5944 * case sensitive. If the old last component differs from the original
5945 * last component only by case, then we should allow
5946 * the rename (user is trying to change the case of the
5949 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5950 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5951 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
5953 char *fname_dst_lcomp_base_mod = NULL;
5954 struct smb_filename *smb_fname_orig_lcomp = NULL;
5957 * Get the last component of the destination name. Note that
5958 * we guarantee that destination name contains a '/' character
5961 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5962 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5963 if (!fname_dst_lcomp_base_mod) {
5964 status = NT_STATUS_NO_MEMORY;
5969 * Create an smb_filename struct using the original last
5970 * component of the destination.
5972 status = create_synthetic_smb_fname_split(ctx,
5973 smb_fname_dst->original_lcomp, NULL,
5974 &smb_fname_orig_lcomp);
5975 if (!NT_STATUS_IS_OK(status)) {
5976 TALLOC_FREE(fname_dst_lcomp_base_mod);
5980 /* If the base names only differ by case, use original. */
5981 if(!strcsequal(fname_dst_lcomp_base_mod,
5982 smb_fname_orig_lcomp->base_name)) {
5985 * Replace the modified last component with the
5988 *last_slash = '\0'; /* Truncate at the '/' */
5989 tmp = talloc_asprintf(smb_fname_dst,
5991 smb_fname_dst->base_name,
5992 smb_fname_orig_lcomp->base_name);
5994 status = NT_STATUS_NO_MEMORY;
5995 TALLOC_FREE(fname_dst_lcomp_base_mod);
5996 TALLOC_FREE(smb_fname_orig_lcomp);
5999 TALLOC_FREE(smb_fname_dst->base_name);
6000 smb_fname_dst->base_name = tmp;
6003 /* If the stream_names only differ by case, use original. */
6004 if(!strcsequal(smb_fname_dst->stream_name,
6005 smb_fname_orig_lcomp->stream_name)) {
6007 /* Use the original stream. */
6008 tmp = talloc_strdup(smb_fname_dst,
6009 smb_fname_orig_lcomp->stream_name);
6011 status = NT_STATUS_NO_MEMORY;
6012 TALLOC_FREE(fname_dst_lcomp_base_mod);
6013 TALLOC_FREE(smb_fname_orig_lcomp);
6016 TALLOC_FREE(smb_fname_dst->stream_name);
6017 smb_fname_dst->stream_name = tmp;
6019 TALLOC_FREE(fname_dst_lcomp_base_mod);
6020 TALLOC_FREE(smb_fname_orig_lcomp);
6024 * If the src and dest names are identical - including case,
6025 * don't do the rename, just return success.
6028 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6029 strcsequal(fsp->fsp_name->stream_name,
6030 smb_fname_dst->stream_name)) {
6031 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
6032 "- returning success\n",
6033 smb_fname_str_dbg(smb_fname_dst)));
6034 status = NT_STATUS_OK;
6038 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
6039 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
6041 /* Return the correct error code if both names aren't streams. */
6042 if (!old_is_stream && new_is_stream) {
6043 status = NT_STATUS_OBJECT_NAME_INVALID;
6047 if (old_is_stream && !new_is_stream) {
6048 status = NT_STATUS_INVALID_PARAMETER;
6052 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6054 if(!replace_if_exists && dst_exists) {
6055 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6056 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6057 smb_fname_str_dbg(smb_fname_dst)));
6058 status = NT_STATUS_OBJECT_NAME_COLLISION;
6063 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6064 &smb_fname_dst->st);
6065 files_struct *dst_fsp = file_find_di_first(conn->sconn,
6067 /* The file can be open when renaming a stream */
6068 if (dst_fsp && !new_is_stream) {
6069 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6070 status = NT_STATUS_ACCESS_DENIED;
6075 /* Ensure we have a valid stat struct for the source. */
6076 status = vfs_stat_fsp(fsp);
6077 if (!NT_STATUS_IS_OK(status)) {
6081 status = can_rename(conn, fsp, attrs);
6083 if (!NT_STATUS_IS_OK(status)) {
6084 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6085 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6086 smb_fname_str_dbg(smb_fname_dst)));
6087 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6088 status = NT_STATUS_ACCESS_DENIED;
6092 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6093 status = NT_STATUS_ACCESS_DENIED;
6096 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
6100 * We have the file open ourselves, so not being able to get the
6101 * corresponding share mode lock is a fatal error.
6104 SMB_ASSERT(lck != NULL);
6106 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6107 uint32 create_options = fsp->fh->private_options;
6109 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6110 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6111 smb_fname_str_dbg(smb_fname_dst)));
6113 if (!lp_posix_pathnames() &&
6114 (lp_map_archive(SNUM(conn)) ||
6115 lp_store_dos_attributes(SNUM(conn)))) {
6116 /* We must set the archive bit on the newly
6118 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
6119 uint32_t old_dosmode = dos_mode(conn,
6121 file_set_dosmode(conn,
6123 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
6129 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6132 rename_open_files(conn, lck, smb_fname_dst);
6135 * A rename acts as a new file create w.r.t. allowing an initial delete
6136 * on close, probably because in Windows there is a new handle to the
6137 * new file. If initial delete on close was requested but not
6138 * originally set, we need to set it here. This is probably not 100% correct,
6139 * but will work for the CIFSFS client which in non-posix mode
6140 * depends on these semantics. JRA.
6143 if (create_options & FILE_DELETE_ON_CLOSE) {
6144 status = can_set_delete_on_close(fsp, 0);
6146 if (NT_STATUS_IS_OK(status)) {
6147 /* Note that here we set the *inital* delete on close flag,
6148 * not the regular one. The magic gets handled in close. */
6149 fsp->initial_delete_on_close = True;
6153 status = NT_STATUS_OK;
6159 if (errno == ENOTDIR || errno == EISDIR) {
6160 status = NT_STATUS_OBJECT_NAME_COLLISION;
6162 status = map_nt_error_from_unix(errno);
6165 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6166 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6167 smb_fname_str_dbg(smb_fname_dst)));
6170 TALLOC_FREE(smb_fname_dst);
6175 /****************************************************************************
6176 The guts of the rename command, split out so it may be called by the NT SMB
6178 ****************************************************************************/
6180 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6181 connection_struct *conn,
6182 struct smb_request *req,
6183 struct smb_filename *smb_fname_src,
6184 struct smb_filename *smb_fname_dst,
6186 bool replace_if_exists,
6189 uint32_t access_mask)
6191 char *fname_src_dir = NULL;
6192 char *fname_src_mask = NULL;
6194 NTSTATUS status = NT_STATUS_OK;
6195 struct smb_Dir *dir_hnd = NULL;
6196 const char *dname = NULL;
6197 char *talloced = NULL;
6199 int create_options = 0;
6200 bool posix_pathnames = lp_posix_pathnames();
6203 * Split the old name into directory and last component
6204 * strings. Note that unix_convert may have stripped off a
6205 * leading ./ from both name and newname if the rename is
6206 * at the root of the share. We need to make sure either both
6207 * name and newname contain a / character or neither of them do
6208 * as this is checked in resolve_wildcards().
6211 /* Split up the directory from the filename/mask. */
6212 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6213 &fname_src_dir, &fname_src_mask);
6214 if (!NT_STATUS_IS_OK(status)) {
6215 status = NT_STATUS_NO_MEMORY;
6220 * We should only check the mangled cache
6221 * here if unix_convert failed. This means
6222 * that the path in 'mask' doesn't exist
6223 * on the file system and so we need to look
6224 * for a possible mangle. This patch from
6225 * Tine Smukavec <valentin.smukavec@hermes.si>.
6228 if (!VALID_STAT(smb_fname_src->st) &&
6229 mangle_is_mangled(fname_src_mask, conn->params)) {
6230 char *new_mask = NULL;
6231 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6234 TALLOC_FREE(fname_src_mask);
6235 fname_src_mask = new_mask;
6239 if (!src_has_wild) {
6243 * Only one file needs to be renamed. Append the mask back
6244 * onto the directory.
6246 TALLOC_FREE(smb_fname_src->base_name);
6247 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6251 if (!smb_fname_src->base_name) {
6252 status = NT_STATUS_NO_MEMORY;
6256 /* Ensure dst fname contains a '/' also */
6257 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
6259 tmp = talloc_asprintf(smb_fname_dst, "./%s",
6260 smb_fname_dst->base_name);
6262 status = NT_STATUS_NO_MEMORY;
6265 TALLOC_FREE(smb_fname_dst->base_name);
6266 smb_fname_dst->base_name = tmp;
6269 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6270 "case_preserve = %d, short case preserve = %d, "
6271 "directory = %s, newname = %s, "
6272 "last_component_dest = %s\n",
6273 conn->case_sensitive, conn->case_preserve,
6274 conn->short_case_preserve,
6275 smb_fname_str_dbg(smb_fname_src),
6276 smb_fname_str_dbg(smb_fname_dst),
6277 smb_fname_dst->original_lcomp));
6279 /* The dest name still may have wildcards. */
6280 if (dest_has_wild) {
6281 char *fname_dst_mod = NULL;
6282 if (!resolve_wildcards(smb_fname_dst,
6283 smb_fname_src->base_name,
6284 smb_fname_dst->base_name,
6286 DEBUG(6, ("rename_internals: resolve_wildcards "
6288 smb_fname_src->base_name,
6289 smb_fname_dst->base_name));
6290 status = NT_STATUS_NO_MEMORY;
6293 TALLOC_FREE(smb_fname_dst->base_name);
6294 smb_fname_dst->base_name = fname_dst_mod;
6297 ZERO_STRUCT(smb_fname_src->st);
6298 if (posix_pathnames) {
6299 SMB_VFS_LSTAT(conn, smb_fname_src);
6301 SMB_VFS_STAT(conn, smb_fname_src);
6304 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6305 create_options |= FILE_DIRECTORY_FILE;
6308 status = SMB_VFS_CREATE_FILE(
6311 0, /* root_dir_fid */
6312 smb_fname_src, /* fname */
6313 access_mask, /* access_mask */
6314 (FILE_SHARE_READ | /* share_access */
6316 FILE_OPEN, /* create_disposition*/
6317 create_options, /* create_options */
6318 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6319 0, /* oplock_request */
6320 0, /* allocation_size */
6321 0, /* private_flags */
6327 if (!NT_STATUS_IS_OK(status)) {
6328 DEBUG(3, ("Could not open rename source %s: %s\n",
6329 smb_fname_str_dbg(smb_fname_src),
6330 nt_errstr(status)));
6334 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6335 attrs, replace_if_exists);
6337 close_file(req, fsp, NORMAL_CLOSE);
6339 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6340 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6341 smb_fname_str_dbg(smb_fname_dst)));
6347 * Wildcards - process each file that matches.
6349 if (strequal(fname_src_mask, "????????.???")) {
6350 TALLOC_FREE(fname_src_mask);
6351 fname_src_mask = talloc_strdup(ctx, "*");
6352 if (!fname_src_mask) {
6353 status = NT_STATUS_NO_MEMORY;
6358 status = check_name(conn, fname_src_dir);
6359 if (!NT_STATUS_IS_OK(status)) {
6363 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6365 if (dir_hnd == NULL) {
6366 status = map_nt_error_from_unix(errno);
6370 status = NT_STATUS_NO_SUCH_FILE;
6372 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6373 * - gentest fix. JRA
6376 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6378 files_struct *fsp = NULL;
6379 char *destname = NULL;
6380 bool sysdir_entry = False;
6382 /* Quick check for "." and ".." */
6383 if (ISDOT(dname) || ISDOTDOT(dname)) {
6385 sysdir_entry = True;
6387 TALLOC_FREE(talloced);
6392 if (!is_visible_file(conn, fname_src_dir, dname,
6393 &smb_fname_src->st, false)) {
6394 TALLOC_FREE(talloced);
6398 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6399 TALLOC_FREE(talloced);
6404 status = NT_STATUS_OBJECT_NAME_INVALID;
6408 TALLOC_FREE(smb_fname_src->base_name);
6409 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6413 if (!smb_fname_src->base_name) {
6414 status = NT_STATUS_NO_MEMORY;
6418 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6419 smb_fname_dst->base_name,
6421 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6422 smb_fname_src->base_name, destname));
6423 TALLOC_FREE(talloced);
6427 status = NT_STATUS_NO_MEMORY;
6431 TALLOC_FREE(smb_fname_dst->base_name);
6432 smb_fname_dst->base_name = destname;
6434 ZERO_STRUCT(smb_fname_src->st);
6435 if (posix_pathnames) {
6436 SMB_VFS_LSTAT(conn, smb_fname_src);
6438 SMB_VFS_STAT(conn, smb_fname_src);
6443 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6444 create_options |= FILE_DIRECTORY_FILE;
6447 status = SMB_VFS_CREATE_FILE(
6450 0, /* root_dir_fid */
6451 smb_fname_src, /* fname */
6452 access_mask, /* access_mask */
6453 (FILE_SHARE_READ | /* share_access */
6455 FILE_OPEN, /* create_disposition*/
6456 create_options, /* create_options */
6457 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6458 0, /* oplock_request */
6459 0, /* allocation_size */
6460 0, /* private_flags */
6466 if (!NT_STATUS_IS_OK(status)) {
6467 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6468 "returned %s rename %s -> %s\n",
6470 smb_fname_str_dbg(smb_fname_src),
6471 smb_fname_str_dbg(smb_fname_dst)));
6475 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6477 if (!smb_fname_dst->original_lcomp) {
6478 status = NT_STATUS_NO_MEMORY;
6482 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6483 attrs, replace_if_exists);
6485 close_file(req, fsp, NORMAL_CLOSE);
6487 if (!NT_STATUS_IS_OK(status)) {
6488 DEBUG(3, ("rename_internals_fsp returned %s for "
6489 "rename %s -> %s\n", nt_errstr(status),
6490 smb_fname_str_dbg(smb_fname_src),
6491 smb_fname_str_dbg(smb_fname_dst)));
6497 DEBUG(3,("rename_internals: doing rename on %s -> "
6498 "%s\n", smb_fname_str_dbg(smb_fname_src),
6499 smb_fname_str_dbg(smb_fname_src)));
6500 TALLOC_FREE(talloced);
6502 TALLOC_FREE(dir_hnd);
6504 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6505 status = map_nt_error_from_unix(errno);
6509 TALLOC_FREE(talloced);
6510 TALLOC_FREE(fname_src_dir);
6511 TALLOC_FREE(fname_src_mask);
6515 /****************************************************************************
6517 ****************************************************************************/
6519 void reply_mv(struct smb_request *req)
6521 connection_struct *conn = req->conn;
6523 char *newname = NULL;
6527 bool src_has_wcard = False;
6528 bool dest_has_wcard = False;
6529 TALLOC_CTX *ctx = talloc_tos();
6530 struct smb_filename *smb_fname_src = NULL;
6531 struct smb_filename *smb_fname_dst = NULL;
6533 START_PROFILE(SMBmv);
6536 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6540 attrs = SVAL(req->vwv+0, 0);
6542 p = (const char *)req->buf + 1;
6543 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6544 &status, &src_has_wcard);
6545 if (!NT_STATUS_IS_OK(status)) {
6546 reply_nterror(req, status);
6550 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6551 &status, &dest_has_wcard);
6552 if (!NT_STATUS_IS_OK(status)) {
6553 reply_nterror(req, status);
6557 status = filename_convert(ctx,
6559 req->flags2 & FLAGS2_DFS_PATHNAMES,
6561 UCF_COND_ALLOW_WCARD_LCOMP,
6565 if (!NT_STATUS_IS_OK(status)) {
6566 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6567 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6568 ERRSRV, ERRbadpath);
6571 reply_nterror(req, status);
6575 status = filename_convert(ctx,
6577 req->flags2 & FLAGS2_DFS_PATHNAMES,
6579 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6583 if (!NT_STATUS_IS_OK(status)) {
6584 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6585 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6586 ERRSRV, ERRbadpath);
6589 reply_nterror(req, status);
6593 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6594 smb_fname_str_dbg(smb_fname_dst)));
6596 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6597 attrs, False, src_has_wcard, dest_has_wcard,
6599 if (!NT_STATUS_IS_OK(status)) {
6600 if (open_was_deferred(req->mid)) {
6601 /* We have re-scheduled this call. */
6604 reply_nterror(req, status);
6608 reply_outbuf(req, 0, 0);
6610 TALLOC_FREE(smb_fname_src);
6611 TALLOC_FREE(smb_fname_dst);
6616 /*******************************************************************
6617 Copy a file as part of a reply_copy.
6618 ******************************************************************/
6621 * TODO: check error codes on all callers
6624 NTSTATUS copy_file(TALLOC_CTX *ctx,
6625 connection_struct *conn,
6626 struct smb_filename *smb_fname_src,
6627 struct smb_filename *smb_fname_dst,
6630 bool target_is_directory)
6632 struct smb_filename *smb_fname_dst_tmp = NULL;
6634 files_struct *fsp1,*fsp2;
6636 uint32 new_create_disposition;
6640 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6641 if (!NT_STATUS_IS_OK(status)) {
6646 * If the target is a directory, extract the last component from the
6647 * src filename and append it to the dst filename
6649 if (target_is_directory) {
6652 /* dest/target can't be a stream if it's a directory. */
6653 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6655 p = strrchr_m(smb_fname_src->base_name,'/');
6659 p = smb_fname_src->base_name;
6661 smb_fname_dst_tmp->base_name =
6662 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6664 if (!smb_fname_dst_tmp->base_name) {
6665 status = NT_STATUS_NO_MEMORY;
6670 status = vfs_file_exist(conn, smb_fname_src);
6671 if (!NT_STATUS_IS_OK(status)) {
6675 if (!target_is_directory && count) {
6676 new_create_disposition = FILE_OPEN;
6678 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6680 &new_create_disposition,
6683 status = NT_STATUS_INVALID_PARAMETER;
6688 /* Open the src file for reading. */
6689 status = SMB_VFS_CREATE_FILE(
6692 0, /* root_dir_fid */
6693 smb_fname_src, /* fname */
6694 FILE_GENERIC_READ, /* access_mask */
6695 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6696 FILE_OPEN, /* create_disposition*/
6697 0, /* create_options */
6698 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6699 INTERNAL_OPEN_ONLY, /* oplock_request */
6700 0, /* allocation_size */
6701 0, /* private_flags */
6707 if (!NT_STATUS_IS_OK(status)) {
6711 dosattrs = dos_mode(conn, smb_fname_src);
6713 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6714 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6717 /* Open the dst file for writing. */
6718 status = SMB_VFS_CREATE_FILE(
6721 0, /* root_dir_fid */
6722 smb_fname_dst, /* fname */
6723 FILE_GENERIC_WRITE, /* access_mask */
6724 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6725 new_create_disposition, /* create_disposition*/
6726 0, /* create_options */
6727 dosattrs, /* file_attributes */
6728 INTERNAL_OPEN_ONLY, /* oplock_request */
6729 0, /* allocation_size */
6730 0, /* private_flags */
6736 if (!NT_STATUS_IS_OK(status)) {
6737 close_file(NULL, fsp1, ERROR_CLOSE);
6741 if ((ofun&3) == 1) {
6742 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6743 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6745 * Stop the copy from occurring.
6748 smb_fname_src->st.st_ex_size = 0;
6752 /* Do the actual copy. */
6753 if (smb_fname_src->st.st_ex_size) {
6754 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6757 close_file(NULL, fsp1, NORMAL_CLOSE);
6759 /* Ensure the modtime is set correctly on the destination file. */
6760 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6763 * As we are opening fsp1 read-only we only expect
6764 * an error on close on fsp2 if we are out of space.
6765 * Thus we don't look at the error return from the
6768 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6770 if (!NT_STATUS_IS_OK(status)) {
6774 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6775 status = NT_STATUS_DISK_FULL;
6779 status = NT_STATUS_OK;
6782 TALLOC_FREE(smb_fname_dst_tmp);
6786 /****************************************************************************
6787 Reply to a file copy.
6788 ****************************************************************************/
6790 void reply_copy(struct smb_request *req)
6792 connection_struct *conn = req->conn;
6793 struct smb_filename *smb_fname_src = NULL;
6794 struct smb_filename *smb_fname_dst = NULL;
6795 char *fname_src = NULL;
6796 char *fname_dst = NULL;
6797 char *fname_src_mask = NULL;
6798 char *fname_src_dir = NULL;
6801 int error = ERRnoaccess;
6805 bool target_is_directory=False;
6806 bool source_has_wild = False;
6807 bool dest_has_wild = False;
6809 TALLOC_CTX *ctx = talloc_tos();
6811 START_PROFILE(SMBcopy);
6814 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6818 tid2 = SVAL(req->vwv+0, 0);
6819 ofun = SVAL(req->vwv+1, 0);
6820 flags = SVAL(req->vwv+2, 0);
6822 p = (const char *)req->buf;
6823 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6824 &status, &source_has_wild);
6825 if (!NT_STATUS_IS_OK(status)) {
6826 reply_nterror(req, status);
6829 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6830 &status, &dest_has_wild);
6831 if (!NT_STATUS_IS_OK(status)) {
6832 reply_nterror(req, status);
6836 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6838 if (tid2 != conn->cnum) {
6839 /* can't currently handle inter share copies XXXX */
6840 DEBUG(3,("Rejecting inter-share copy\n"));
6841 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
6845 status = filename_convert(ctx, conn,
6846 req->flags2 & FLAGS2_DFS_PATHNAMES,
6848 UCF_COND_ALLOW_WCARD_LCOMP,
6851 if (!NT_STATUS_IS_OK(status)) {
6852 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6853 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6854 ERRSRV, ERRbadpath);
6857 reply_nterror(req, status);
6861 status = filename_convert(ctx, conn,
6862 req->flags2 & FLAGS2_DFS_PATHNAMES,
6864 UCF_COND_ALLOW_WCARD_LCOMP,
6867 if (!NT_STATUS_IS_OK(status)) {
6868 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6869 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6870 ERRSRV, ERRbadpath);
6873 reply_nterror(req, status);
6877 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6879 if ((flags&1) && target_is_directory) {
6880 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
6884 if ((flags&2) && !target_is_directory) {
6885 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
6889 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6890 /* wants a tree copy! XXXX */
6891 DEBUG(3,("Rejecting tree copy\n"));
6892 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6896 /* Split up the directory from the filename/mask. */
6897 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6898 &fname_src_dir, &fname_src_mask);
6899 if (!NT_STATUS_IS_OK(status)) {
6900 reply_nterror(req, NT_STATUS_NO_MEMORY);
6905 * We should only check the mangled cache
6906 * here if unix_convert failed. This means
6907 * that the path in 'mask' doesn't exist
6908 * on the file system and so we need to look
6909 * for a possible mangle. This patch from
6910 * Tine Smukavec <valentin.smukavec@hermes.si>.
6912 if (!VALID_STAT(smb_fname_src->st) &&
6913 mangle_is_mangled(fname_src_mask, conn->params)) {
6914 char *new_mask = NULL;
6915 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6916 &new_mask, conn->params);
6918 /* Use demangled name if one was successfully found. */
6920 TALLOC_FREE(fname_src_mask);
6921 fname_src_mask = new_mask;
6925 if (!source_has_wild) {
6928 * Only one file needs to be copied. Append the mask back onto
6931 TALLOC_FREE(smb_fname_src->base_name);
6932 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6936 if (!smb_fname_src->base_name) {
6937 reply_nterror(req, NT_STATUS_NO_MEMORY);
6941 if (dest_has_wild) {
6942 char *fname_dst_mod = NULL;
6943 if (!resolve_wildcards(smb_fname_dst,
6944 smb_fname_src->base_name,
6945 smb_fname_dst->base_name,
6947 reply_nterror(req, NT_STATUS_NO_MEMORY);
6950 TALLOC_FREE(smb_fname_dst->base_name);
6951 smb_fname_dst->base_name = fname_dst_mod;
6954 status = check_name(conn, smb_fname_src->base_name);
6955 if (!NT_STATUS_IS_OK(status)) {
6956 reply_nterror(req, status);
6960 status = check_name(conn, smb_fname_dst->base_name);
6961 if (!NT_STATUS_IS_OK(status)) {
6962 reply_nterror(req, status);
6966 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6967 ofun, count, target_is_directory);
6969 if(!NT_STATUS_IS_OK(status)) {
6970 reply_nterror(req, status);
6976 struct smb_Dir *dir_hnd = NULL;
6977 const char *dname = NULL;
6978 char *talloced = NULL;
6982 * There is a wildcard that requires us to actually read the
6983 * src dir and copy each file matching the mask to the dst.
6984 * Right now streams won't be copied, but this could
6985 * presumably be added with a nested loop for reach dir entry.
6987 SMB_ASSERT(!smb_fname_src->stream_name);
6988 SMB_ASSERT(!smb_fname_dst->stream_name);
6990 smb_fname_src->stream_name = NULL;
6991 smb_fname_dst->stream_name = NULL;
6993 if (strequal(fname_src_mask,"????????.???")) {
6994 TALLOC_FREE(fname_src_mask);
6995 fname_src_mask = talloc_strdup(ctx, "*");
6996 if (!fname_src_mask) {
6997 reply_nterror(req, NT_STATUS_NO_MEMORY);
7002 status = check_name(conn, fname_src_dir);
7003 if (!NT_STATUS_IS_OK(status)) {
7004 reply_nterror(req, status);
7008 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
7009 if (dir_hnd == NULL) {
7010 status = map_nt_error_from_unix(errno);
7011 reply_nterror(req, status);
7017 /* Iterate over the src dir copying each entry to the dst. */
7018 while ((dname = ReadDirName(dir_hnd, &offset,
7019 &smb_fname_src->st, &talloced))) {
7020 char *destname = NULL;
7022 if (ISDOT(dname) || ISDOTDOT(dname)) {
7023 TALLOC_FREE(talloced);
7027 if (!is_visible_file(conn, fname_src_dir, dname,
7028 &smb_fname_src->st, false)) {
7029 TALLOC_FREE(talloced);
7033 if(!mask_match(dname, fname_src_mask,
7034 conn->case_sensitive)) {
7035 TALLOC_FREE(talloced);
7039 error = ERRnoaccess;
7041 /* Get the src smb_fname struct setup. */
7042 TALLOC_FREE(smb_fname_src->base_name);
7043 smb_fname_src->base_name =
7044 talloc_asprintf(smb_fname_src, "%s/%s",
7045 fname_src_dir, dname);
7047 if (!smb_fname_src->base_name) {
7048 TALLOC_FREE(dir_hnd);
7049 TALLOC_FREE(talloced);
7050 reply_nterror(req, NT_STATUS_NO_MEMORY);
7054 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
7055 smb_fname_dst->base_name,
7057 TALLOC_FREE(talloced);
7061 TALLOC_FREE(dir_hnd);
7062 TALLOC_FREE(talloced);
7063 reply_nterror(req, NT_STATUS_NO_MEMORY);
7067 TALLOC_FREE(smb_fname_dst->base_name);
7068 smb_fname_dst->base_name = destname;
7070 status = check_name(conn, smb_fname_src->base_name);
7071 if (!NT_STATUS_IS_OK(status)) {
7072 TALLOC_FREE(dir_hnd);
7073 TALLOC_FREE(talloced);
7074 reply_nterror(req, status);
7078 status = check_name(conn, smb_fname_dst->base_name);
7079 if (!NT_STATUS_IS_OK(status)) {
7080 TALLOC_FREE(dir_hnd);
7081 TALLOC_FREE(talloced);
7082 reply_nterror(req, status);
7086 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7087 smb_fname_src->base_name,
7088 smb_fname_dst->base_name));
7090 status = copy_file(ctx, conn, smb_fname_src,
7091 smb_fname_dst, ofun, count,
7092 target_is_directory);
7093 if (NT_STATUS_IS_OK(status)) {
7097 TALLOC_FREE(talloced);
7099 TALLOC_FREE(dir_hnd);
7103 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
7107 reply_outbuf(req, 1, 0);
7108 SSVAL(req->outbuf,smb_vwv0,count);
7110 TALLOC_FREE(smb_fname_src);
7111 TALLOC_FREE(smb_fname_dst);
7112 TALLOC_FREE(fname_src);
7113 TALLOC_FREE(fname_dst);
7114 TALLOC_FREE(fname_src_mask);
7115 TALLOC_FREE(fname_src_dir);
7117 END_PROFILE(SMBcopy);
7122 #define DBGC_CLASS DBGC_LOCKING
7124 /****************************************************************************
7125 Get a lock pid, dealing with large count requests.
7126 ****************************************************************************/
7128 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
7129 bool large_file_format)
7131 if(!large_file_format)
7132 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
7134 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7137 /****************************************************************************
7138 Get a lock count, dealing with large count requests.
7139 ****************************************************************************/
7141 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7142 bool large_file_format)
7146 if(!large_file_format) {
7147 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7150 #if defined(HAVE_LONGLONG)
7151 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7152 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7153 #else /* HAVE_LONGLONG */
7156 * NT4.x seems to be broken in that it sends large file (64 bit)
7157 * lockingX calls even if the CAP_LARGE_FILES was *not*
7158 * negotiated. For boxes without large unsigned ints truncate the
7159 * lock count by dropping the top 32 bits.
7162 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7163 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7164 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7165 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7166 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7169 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7170 #endif /* HAVE_LONGLONG */
7176 #if !defined(HAVE_LONGLONG)
7177 /****************************************************************************
7178 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7179 ****************************************************************************/
7181 static uint32 map_lock_offset(uint32 high, uint32 low)
7185 uint32 highcopy = high;
7188 * Try and find out how many significant bits there are in high.
7191 for(i = 0; highcopy; i++)
7195 * We use 31 bits not 32 here as POSIX
7196 * lock offsets may not be negative.
7199 mask = (~0) << (31 - i);
7202 return 0; /* Fail. */
7208 #endif /* !defined(HAVE_LONGLONG) */
7210 /****************************************************************************
7211 Get a lock offset, dealing with large offset requests.
7212 ****************************************************************************/
7214 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7215 bool large_file_format, bool *err)
7217 uint64_t offset = 0;
7221 if(!large_file_format) {
7222 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7225 #if defined(HAVE_LONGLONG)
7226 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7227 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7228 #else /* HAVE_LONGLONG */
7231 * NT4.x seems to be broken in that it sends large file (64 bit)
7232 * lockingX calls even if the CAP_LARGE_FILES was *not*
7233 * negotiated. For boxes without large unsigned ints mangle the
7234 * lock offset by mapping the top 32 bits onto the lower 32.
7237 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7238 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7239 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7242 if((new_low = map_lock_offset(high, low)) == 0) {
7244 return (uint64_t)-1;
7247 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7248 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7249 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7250 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7253 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7254 #endif /* HAVE_LONGLONG */
7260 NTSTATUS smbd_do_locking(struct smb_request *req,
7264 uint16_t num_ulocks,
7265 struct smbd_lock_element *ulocks,
7267 struct smbd_lock_element *locks,
7270 connection_struct *conn = req->conn;
7272 NTSTATUS status = NT_STATUS_OK;
7276 /* Data now points at the beginning of the list
7277 of smb_unlkrng structs */
7278 for(i = 0; i < (int)num_ulocks; i++) {
7279 struct smbd_lock_element *e = &ulocks[i];
7281 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7282 "pid %u, file %s\n",
7285 (unsigned int)e->smblctx,
7288 if (e->brltype != UNLOCK_LOCK) {
7289 /* this can only happen with SMB2 */
7290 return NT_STATUS_INVALID_PARAMETER;
7293 status = do_unlock(req->sconn->msg_ctx,
7300 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7301 nt_errstr(status)));
7303 if (!NT_STATUS_IS_OK(status)) {
7308 /* Setup the timeout in seconds. */
7310 if (!lp_blocking_locks(SNUM(conn))) {
7314 /* Data now points at the beginning of the list
7315 of smb_lkrng structs */
7317 for(i = 0; i < (int)num_locks; i++) {
7318 struct smbd_lock_element *e = &locks[i];
7320 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7321 "%llu, file %s timeout = %d\n",
7324 (unsigned long long)e->smblctx,
7328 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7329 struct blocking_lock_record *blr = NULL;
7331 if (num_locks > 1) {
7333 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7334 * if the lock vector contains one entry. When given mutliple cancel
7335 * requests in a single PDU we expect the server to return an
7336 * error. Windows servers seem to accept the request but only
7337 * cancel the first lock.
7338 * JRA - Do what Windows does (tm) :-).
7342 /* MS-CIFS (2.2.4.32.1) behavior. */
7343 return NT_STATUS_DOS(ERRDOS,
7344 ERRcancelviolation);
7346 /* Windows behavior. */
7348 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7349 "cancel request\n"));
7355 if (lp_blocking_locks(SNUM(conn))) {
7357 /* Schedule a message to ourselves to
7358 remove the blocking lock record and
7359 return the right error. */
7361 blr = blocking_lock_cancel_smb1(fsp,
7367 NT_STATUS_FILE_LOCK_CONFLICT);
7369 return NT_STATUS_DOS(
7371 ERRcancelviolation);
7374 /* Remove a matching pending lock. */
7375 status = do_lock_cancel(fsp,
7382 bool blocking_lock = timeout ? true : false;
7383 bool defer_lock = false;
7384 struct byte_range_lock *br_lck;
7385 uint64_t block_smblctx;
7387 br_lck = do_lock(req->sconn->msg_ctx,
7399 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7400 /* Windows internal resolution for blocking locks seems
7401 to be about 200ms... Don't wait for less than that. JRA. */
7402 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7403 timeout = lp_lock_spin_time();
7408 /* If a lock sent with timeout of zero would fail, and
7409 * this lock has been requested multiple times,
7410 * according to brl_lock_failed() we convert this
7411 * request to a blocking lock with a timeout of between
7412 * 150 - 300 milliseconds.
7414 * If lp_lock_spin_time() has been set to 0, we skip
7415 * this blocking retry and fail immediately.
7417 * Replacement for do_lock_spin(). JRA. */
7419 if (!req->sconn->using_smb2 &&
7420 br_lck && lp_blocking_locks(SNUM(conn)) &&
7421 lp_lock_spin_time() && !blocking_lock &&
7422 NT_STATUS_EQUAL((status),
7423 NT_STATUS_FILE_LOCK_CONFLICT))
7426 timeout = lp_lock_spin_time();
7429 if (br_lck && defer_lock) {
7431 * A blocking lock was requested. Package up
7432 * this smb into a queued request and push it
7433 * onto the blocking lock queue.
7435 if(push_blocking_lock_request(br_lck,
7446 TALLOC_FREE(br_lck);
7448 return NT_STATUS_OK;
7452 TALLOC_FREE(br_lck);
7455 if (!NT_STATUS_IS_OK(status)) {
7460 /* If any of the above locks failed, then we must unlock
7461 all of the previous locks (X/Open spec). */
7463 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7465 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7466 i = -1; /* we want to skip the for loop */
7470 * Ensure we don't do a remove on the lock that just failed,
7471 * as under POSIX rules, if we have a lock already there, we
7472 * will delete it (and we shouldn't) .....
7474 for(i--; i >= 0; i--) {
7475 struct smbd_lock_element *e = &locks[i];
7477 do_unlock(req->sconn->msg_ctx,
7487 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7488 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7490 return NT_STATUS_OK;
7493 /****************************************************************************
7494 Reply to a lockingX request.
7495 ****************************************************************************/
7497 void reply_lockingX(struct smb_request *req)
7499 connection_struct *conn = req->conn;
7501 unsigned char locktype;
7502 unsigned char oplocklevel;
7507 const uint8_t *data;
7508 bool large_file_format;
7510 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7511 struct smbd_lock_element *ulocks;
7512 struct smbd_lock_element *locks;
7515 START_PROFILE(SMBlockingX);
7518 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7519 END_PROFILE(SMBlockingX);
7523 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7524 locktype = CVAL(req->vwv+3, 0);
7525 oplocklevel = CVAL(req->vwv+3, 1);
7526 num_ulocks = SVAL(req->vwv+6, 0);
7527 num_locks = SVAL(req->vwv+7, 0);
7528 lock_timeout = IVAL(req->vwv+4, 0);
7529 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7531 if (!check_fsp(conn, req, fsp)) {
7532 END_PROFILE(SMBlockingX);
7538 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7539 /* we don't support these - and CANCEL_LOCK makes w2k
7540 and XP reboot so I don't really want to be
7541 compatible! (tridge) */
7542 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7543 END_PROFILE(SMBlockingX);
7547 /* Check if this is an oplock break on a file
7548 we have granted an oplock on.
7550 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7551 /* Client can insist on breaking to none. */
7552 bool break_to_none = (oplocklevel == 0);
7555 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7556 "for fnum = %d\n", (unsigned int)oplocklevel,
7560 * Make sure we have granted an exclusive or batch oplock on
7564 if (fsp->oplock_type == 0) {
7566 /* The Samba4 nbench simulator doesn't understand
7567 the difference between break to level2 and break
7568 to none from level2 - it sends oplock break
7569 replies in both cases. Don't keep logging an error
7570 message here - just ignore it. JRA. */
7572 DEBUG(5,("reply_lockingX: Error : oplock break from "
7573 "client for fnum = %d (oplock=%d) and no "
7574 "oplock granted on this file (%s).\n",
7575 fsp->fnum, fsp->oplock_type,
7578 /* if this is a pure oplock break request then don't
7580 if (num_locks == 0 && num_ulocks == 0) {
7581 END_PROFILE(SMBlockingX);
7584 END_PROFILE(SMBlockingX);
7585 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7590 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7592 result = remove_oplock(fsp);
7594 result = downgrade_oplock(fsp);
7598 DEBUG(0, ("reply_lockingX: error in removing "
7599 "oplock on file %s\n", fsp_str_dbg(fsp)));
7600 /* Hmmm. Is this panic justified? */
7601 smb_panic("internal tdb error");
7604 reply_to_oplock_break_requests(fsp);
7606 /* if this is a pure oplock break request then don't send a
7608 if (num_locks == 0 && num_ulocks == 0) {
7609 /* Sanity check - ensure a pure oplock break is not a
7611 if(CVAL(req->vwv+0, 0) != 0xff)
7612 DEBUG(0,("reply_lockingX: Error : pure oplock "
7613 "break is a chained %d request !\n",
7614 (unsigned int)CVAL(req->vwv+0, 0)));
7615 END_PROFILE(SMBlockingX);
7621 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7622 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7623 END_PROFILE(SMBlockingX);
7627 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7628 if (ulocks == NULL) {
7629 reply_nterror(req, NT_STATUS_NO_MEMORY);
7630 END_PROFILE(SMBlockingX);
7634 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7635 if (locks == NULL) {
7636 reply_nterror(req, NT_STATUS_NO_MEMORY);
7637 END_PROFILE(SMBlockingX);
7641 /* Data now points at the beginning of the list
7642 of smb_unlkrng structs */
7643 for(i = 0; i < (int)num_ulocks; i++) {
7644 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
7645 ulocks[i].count = get_lock_count(data, i, large_file_format);
7646 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7647 ulocks[i].brltype = UNLOCK_LOCK;
7650 * There is no error code marked "stupid client bug".... :-).
7653 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7654 END_PROFILE(SMBlockingX);
7659 /* Now do any requested locks */
7660 data += ((large_file_format ? 20 : 10)*num_ulocks);
7662 /* Data now points at the beginning of the list
7663 of smb_lkrng structs */
7665 for(i = 0; i < (int)num_locks; i++) {
7666 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
7667 locks[i].count = get_lock_count(data, i, large_file_format);
7668 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7670 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7671 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7672 locks[i].brltype = PENDING_READ_LOCK;
7674 locks[i].brltype = READ_LOCK;
7677 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7678 locks[i].brltype = PENDING_WRITE_LOCK;
7680 locks[i].brltype = WRITE_LOCK;
7685 * There is no error code marked "stupid client bug".... :-).
7688 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7689 END_PROFILE(SMBlockingX);
7694 status = smbd_do_locking(req, fsp,
7695 locktype, lock_timeout,
7699 if (!NT_STATUS_IS_OK(status)) {
7700 END_PROFILE(SMBlockingX);
7701 reply_nterror(req, status);
7705 END_PROFILE(SMBlockingX);
7709 reply_outbuf(req, 2, 0);
7711 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7712 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7714 END_PROFILE(SMBlockingX);
7719 #define DBGC_CLASS DBGC_ALL
7721 /****************************************************************************
7722 Reply to a SMBreadbmpx (read block multiplex) request.
7723 Always reply with an error, if someone has a platform really needs this,
7724 please contact vl@samba.org
7725 ****************************************************************************/
7727 void reply_readbmpx(struct smb_request *req)
7729 START_PROFILE(SMBreadBmpx);
7730 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7731 END_PROFILE(SMBreadBmpx);
7735 /****************************************************************************
7736 Reply to a SMBreadbs (read block multiplex secondary) request.
7737 Always reply with an error, if someone has a platform really needs this,
7738 please contact vl@samba.org
7739 ****************************************************************************/
7741 void reply_readbs(struct smb_request *req)
7743 START_PROFILE(SMBreadBs);
7744 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7745 END_PROFILE(SMBreadBs);
7749 /****************************************************************************
7750 Reply to a SMBsetattrE.
7751 ****************************************************************************/
7753 void reply_setattrE(struct smb_request *req)
7755 connection_struct *conn = req->conn;
7756 struct smb_file_time ft;
7760 START_PROFILE(SMBsetattrE);
7764 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7768 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7770 if(!fsp || (fsp->conn != conn)) {
7771 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7776 * Convert the DOS times into unix times.
7779 ft.atime = convert_time_t_to_timespec(
7780 srv_make_unix_date2(req->vwv+3));
7781 ft.mtime = convert_time_t_to_timespec(
7782 srv_make_unix_date2(req->vwv+5));
7783 ft.create_time = convert_time_t_to_timespec(
7784 srv_make_unix_date2(req->vwv+1));
7786 reply_outbuf(req, 0, 0);
7789 * Patch from Ray Frush <frush@engr.colostate.edu>
7790 * Sometimes times are sent as zero - ignore them.
7793 /* Ensure we have a valid stat struct for the source. */
7794 status = vfs_stat_fsp(fsp);
7795 if (!NT_STATUS_IS_OK(status)) {
7796 reply_nterror(req, status);
7800 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7801 if (!NT_STATUS_IS_OK(status)) {
7802 reply_nterror(req, status);
7806 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7809 (unsigned int)ft.atime.tv_sec,
7810 (unsigned int)ft.mtime.tv_sec,
7811 (unsigned int)ft.create_time.tv_sec
7814 END_PROFILE(SMBsetattrE);
7819 /* Back from the dead for OS/2..... JRA. */
7821 /****************************************************************************
7822 Reply to a SMBwritebmpx (write block multiplex primary) request.
7823 Always reply with an error, if someone has a platform really needs this,
7824 please contact vl@samba.org
7825 ****************************************************************************/
7827 void reply_writebmpx(struct smb_request *req)
7829 START_PROFILE(SMBwriteBmpx);
7830 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7831 END_PROFILE(SMBwriteBmpx);
7835 /****************************************************************************
7836 Reply to a SMBwritebs (write block multiplex secondary) request.
7837 Always reply with an error, if someone has a platform really needs this,
7838 please contact vl@samba.org
7839 ****************************************************************************/
7841 void reply_writebs(struct smb_request *req)
7843 START_PROFILE(SMBwriteBs);
7844 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7845 END_PROFILE(SMBwriteBs);
7849 /****************************************************************************
7850 Reply to a SMBgetattrE.
7851 ****************************************************************************/
7853 void reply_getattrE(struct smb_request *req)
7855 connection_struct *conn = req->conn;
7858 struct timespec create_ts;
7860 START_PROFILE(SMBgetattrE);
7863 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7864 END_PROFILE(SMBgetattrE);
7868 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7870 if(!fsp || (fsp->conn != conn)) {
7871 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7872 END_PROFILE(SMBgetattrE);
7876 /* Do an fstat on this file */
7878 reply_nterror(req, map_nt_error_from_unix(errno));
7879 END_PROFILE(SMBgetattrE);
7883 mode = dos_mode(conn, fsp->fsp_name);
7886 * Convert the times into dos times. Set create
7887 * date to be last modify date as UNIX doesn't save
7891 reply_outbuf(req, 11, 0);
7893 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
7894 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7895 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7896 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
7897 /* Should we check pending modtime here ? JRA */
7898 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7899 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
7902 SIVAL(req->outbuf, smb_vwv6, 0);
7903 SIVAL(req->outbuf, smb_vwv8, 0);
7905 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
7906 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
7907 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7909 SSVAL(req->outbuf,smb_vwv10, mode);
7911 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7913 END_PROFILE(SMBgetattrE);