2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 /****************************************************************************
31 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
32 path or anything including wildcards.
33 We're assuming here that '/' is not the second byte in any multibyte char
34 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
36 ****************************************************************************/
38 /* Custom version for processing POSIX paths. */
39 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
41 static NTSTATUS check_path_syntax_internal(char *path,
43 bool *p_last_component_contains_wcard)
47 NTSTATUS ret = NT_STATUS_OK;
48 bool start_of_name_component = True;
49 bool stream_started = false;
51 *p_last_component_contains_wcard = False;
58 return NT_STATUS_OBJECT_NAME_INVALID;
61 return NT_STATUS_OBJECT_NAME_INVALID;
63 if (strchr_m(&s[1], ':')) {
64 return NT_STATUS_OBJECT_NAME_INVALID;
70 if ((*s == ':') && !posix_path && !stream_started) {
71 if (*p_last_component_contains_wcard) {
72 return NT_STATUS_OBJECT_NAME_INVALID;
74 /* Stream names allow more characters than file names.
75 We're overloading posix_path here to allow a wider
76 range of characters. If stream_started is true this
77 is still a Windows path even if posix_path is true.
80 stream_started = true;
81 start_of_name_component = false;
85 return NT_STATUS_OBJECT_NAME_INVALID;
89 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
91 * Safe to assume is not the second part of a mb char
92 * as this is handled below.
94 /* Eat multiple '/' or '\\' */
95 while (IS_PATH_SEP(*s,posix_path)) {
98 if ((d != path) && (*s != '\0')) {
99 /* We only care about non-leading or trailing '/' or '\\' */
103 start_of_name_component = True;
105 *p_last_component_contains_wcard = False;
109 if (start_of_name_component) {
110 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
111 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
114 * No mb char starts with '.' so we're safe checking the directory separator here.
117 /* If we just added a '/' - delete it */
118 if ((d > path) && (*(d-1) == '/')) {
123 /* Are we at the start ? Can't go back further if so. */
125 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
128 /* Go back one level... */
129 /* We know this is safe as '/' cannot be part of a mb sequence. */
130 /* NOTE - if this assumption is invalid we are not in good shape... */
131 /* Decrement d first as d points to the *next* char to write into. */
132 for (d--; d > path; d--) {
136 s += 2; /* Else go past the .. */
137 /* We're still at the start of a name component, just the previous one. */
140 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
152 if (*s <= 0x1f || *s == '|') {
153 return NT_STATUS_OBJECT_NAME_INVALID;
161 *p_last_component_contains_wcard = True;
170 /* Get the size of the next MB character. */
171 next_codepoint(s,&siz);
189 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
191 return NT_STATUS_INVALID_PARAMETER;
194 start_of_name_component = False;
202 /****************************************************************************
203 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
204 No wildcards allowed.
205 ****************************************************************************/
207 NTSTATUS check_path_syntax(char *path)
210 return check_path_syntax_internal(path, False, &ignore);
213 /****************************************************************************
214 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
215 Wildcards allowed - p_contains_wcard returns true if the last component contained
217 ****************************************************************************/
219 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
221 return check_path_syntax_internal(path, False, p_contains_wcard);
224 /****************************************************************************
225 Check the path for a POSIX client.
226 We're assuming here that '/' is not the second byte in any multibyte char
227 set (a safe assumption).
228 ****************************************************************************/
230 NTSTATUS check_path_syntax_posix(char *path)
233 return check_path_syntax_internal(path, True, &ignore);
236 /****************************************************************************
237 Pull a string and check the path allowing a wilcard - provide for error return.
238 ****************************************************************************/
240 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
241 const char *base_ptr,
248 bool *contains_wcard)
254 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
258 *err = NT_STATUS_INVALID_PARAMETER;
262 *contains_wcard = False;
264 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
266 * For a DFS path the function parse_dfs_path()
267 * will do the path processing, just make a copy.
273 if (lp_posix_pathnames()) {
274 *err = check_path_syntax_posix(*pp_dest);
276 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 /****************************************************************************
283 Pull a string and check the path - provide for error return.
284 ****************************************************************************/
286 size_t srvstr_get_path(TALLOC_CTX *ctx,
287 const char *base_ptr,
296 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
297 src_len, flags, err, &ignore);
300 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
301 char **pp_dest, const char *src, int flags,
302 NTSTATUS *err, bool *contains_wcard)
304 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
305 pp_dest, src, smbreq_bufrem(req, src),
306 flags, err, contains_wcard);
309 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
310 char **pp_dest, const char *src, int flags,
314 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
315 flags, err, &ignore);
318 /****************************************************************************
319 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
320 ****************************************************************************/
322 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
325 if (!(fsp) || !(conn)) {
326 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
329 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
330 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 /****************************************************************************
337 Check if we have a correct fsp pointing to a file.
338 ****************************************************************************/
340 bool check_fsp(connection_struct *conn, struct smb_request *req,
343 if (!check_fsp_open(conn, req, fsp)) {
346 if ((fsp)->is_directory) {
347 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
350 if ((fsp)->fh->fd == -1) {
351 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
354 (fsp)->num_smb_operations++;
358 /****************************************************************************
359 Check if we have a correct fsp pointing to a quota fake file. Replacement for
360 the CHECK_NTQUOTA_HANDLE_OK macro.
361 ****************************************************************************/
363 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
366 if (!check_fsp_open(conn, req, fsp)) {
370 if (fsp->is_directory) {
374 if (fsp->fake_file_handle == NULL) {
378 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
382 if (fsp->fake_file_handle->private_data == NULL) {
389 /****************************************************************************
390 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
391 ****************************************************************************/
393 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
396 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
397 && (req->vuid == (fsp)->vuid)) {
401 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
405 static bool netbios_session_retarget(const char *name, int name_type)
408 char *trim_name_type;
409 const char *retarget_parm;
412 int retarget_type = 0x20;
413 int retarget_port = 139;
414 struct sockaddr_storage retarget_addr;
415 struct sockaddr_in *in_addr;
419 if (get_socket_port(smbd_server_fd()) != 139) {
423 trim_name = talloc_strdup(talloc_tos(), name);
424 if (trim_name == NULL) {
427 trim_char(trim_name, ' ', ' ');
429 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
431 if (trim_name_type == NULL) {
435 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
436 trim_name_type, NULL);
437 if (retarget_parm == NULL) {
438 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 if (retarget_parm == NULL) {
445 retarget = talloc_strdup(trim_name, retarget_parm);
446 if (retarget == NULL) {
450 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
452 p = strchr(retarget, ':');
455 retarget_port = atoi(p);
458 p = strchr_m(retarget, '#');
461 sscanf(p, "%x", &retarget_type);
464 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
466 DEBUG(10, ("could not resolve %s\n", retarget));
470 if (retarget_addr.ss_family != AF_INET) {
471 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
475 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
477 _smb_setlen(outbuf, 6);
478 SCVAL(outbuf, 0, 0x84);
479 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
480 *(uint16_t *)(outbuf+8) = htons(retarget_port);
482 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
484 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
490 TALLOC_FREE(trim_name);
494 /****************************************************************************
495 Reply to a (netbios-level) special message.
496 ****************************************************************************/
498 void reply_special(char *inbuf)
500 int msg_type = CVAL(inbuf,0);
501 int msg_flags = CVAL(inbuf,1);
503 char name_type1, name_type2;
504 struct smbd_server_connection *sconn = smbd_server_conn;
507 * We only really use 4 bytes of the outbuf, but for the smb_setlen
508 * calculation & friends (srv_send_smb uses that) we need the full smb
511 char outbuf[smb_size];
515 memset(outbuf, '\0', sizeof(outbuf));
517 smb_setlen(outbuf,0);
520 case 0x81: /* session request */
522 if (sconn->nbt.got_session) {
523 exit_server_cleanly("multiple session request not permitted");
526 SCVAL(outbuf,0,0x82);
528 if (name_len(inbuf+4) > 50 ||
529 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
530 DEBUG(0,("Invalid name length in session request\n"));
533 name_type1 = name_extract(inbuf,4,name1);
534 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
535 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
536 name1, name_type1, name2, name_type2));
538 if (netbios_session_retarget(name1, name_type1)) {
539 exit_server_cleanly("retargeted client");
542 set_local_machine_name(name1, True);
543 set_remote_machine_name(name2, True);
545 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
546 get_local_machine_name(), get_remote_machine_name(),
549 if (name_type2 == 'R') {
550 /* We are being asked for a pathworks session ---
552 SCVAL(outbuf, 0,0x83);
556 /* only add the client's machine name to the list
557 of possibly valid usernames if we are operating
558 in share mode security */
559 if (lp_security() == SEC_SHARE) {
560 add_session_user(sconn, get_remote_machine_name());
563 reload_services(True);
566 sconn->nbt.got_session = true;
569 case 0x89: /* session keepalive request
570 (some old clients produce this?) */
571 SCVAL(outbuf,0,SMBkeepalive);
575 case 0x82: /* positive session response */
576 case 0x83: /* negative session response */
577 case 0x84: /* retarget session response */
578 DEBUG(0,("Unexpected session response\n"));
581 case SMBkeepalive: /* session keepalive */
586 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
587 msg_type, msg_flags));
589 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
593 /****************************************************************************
595 conn POINTER CAN BE NULL HERE !
596 ****************************************************************************/
598 void reply_tcon(struct smb_request *req)
600 connection_struct *conn = req->conn;
602 char *service_buf = NULL;
603 char *password = NULL;
608 DATA_BLOB password_blob;
609 TALLOC_CTX *ctx = talloc_tos();
610 struct smbd_server_connection *sconn = smbd_server_conn;
612 START_PROFILE(SMBtcon);
614 if (req->buflen < 4) {
615 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
616 END_PROFILE(SMBtcon);
620 p = (const char *)req->buf + 1;
621 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
623 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
625 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
628 if (service_buf == NULL || password == NULL || dev == NULL) {
629 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
630 END_PROFILE(SMBtcon);
633 p = strrchr_m(service_buf,'\\');
637 service = service_buf;
640 password_blob = data_blob(password, pwlen+1);
642 conn = make_connection(sconn,service,password_blob,dev,
643 req->vuid,&nt_status);
646 data_blob_clear_free(&password_blob);
649 reply_nterror(req, nt_status);
650 END_PROFILE(SMBtcon);
654 reply_outbuf(req, 2, 0);
655 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
656 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
657 SSVAL(req->outbuf,smb_tid,conn->cnum);
659 DEBUG(3,("tcon service=%s cnum=%d\n",
660 service, conn->cnum));
662 END_PROFILE(SMBtcon);
666 /****************************************************************************
667 Reply to a tcon and X.
668 conn POINTER CAN BE NULL HERE !
669 ****************************************************************************/
671 void reply_tcon_and_X(struct smb_request *req)
673 connection_struct *conn = req->conn;
674 const char *service = NULL;
676 TALLOC_CTX *ctx = talloc_tos();
677 /* what the cleint thinks the device is */
678 char *client_devicetype = NULL;
679 /* what the server tells the client the share represents */
680 const char *server_devicetype;
686 struct smbd_server_connection *sconn = smbd_server_conn;
688 START_PROFILE(SMBtconX);
691 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
692 END_PROFILE(SMBtconX);
696 passlen = SVAL(req->vwv+3, 0);
697 tcon_flags = SVAL(req->vwv+2, 0);
699 /* we might have to close an old one */
700 if ((tcon_flags & 0x1) && conn) {
701 close_cnum(conn,req->vuid);
706 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
707 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
708 END_PROFILE(SMBtconX);
712 if (sconn->smb1.negprot.encrypted_passwords) {
713 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
714 if (lp_security() == SEC_SHARE) {
716 * Security = share always has a pad byte
717 * after the password.
719 p = (const char *)req->buf + passlen + 1;
721 p = (const char *)req->buf + passlen;
724 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
725 /* Ensure correct termination */
726 password.data[passlen]=0;
727 p = (const char *)req->buf + passlen + 1;
730 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
733 data_blob_clear_free(&password);
734 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
735 END_PROFILE(SMBtconX);
740 * the service name can be either: \\server\share
741 * or share directly like on the DELL PowerVault 705
744 q = strchr_m(path+2,'\\');
746 data_blob_clear_free(&password);
747 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
748 END_PROFILE(SMBtconX);
756 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
757 &client_devicetype, p,
758 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
760 if (client_devicetype == NULL) {
761 data_blob_clear_free(&password);
762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
763 END_PROFILE(SMBtconX);
767 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
769 conn = make_connection(sconn, service, password, client_devicetype,
770 req->vuid, &nt_status);
773 data_blob_clear_free(&password);
776 reply_nterror(req, nt_status);
777 END_PROFILE(SMBtconX);
782 server_devicetype = "IPC";
783 else if ( IS_PRINT(conn) )
784 server_devicetype = "LPT1:";
786 server_devicetype = "A:";
788 if (get_Protocol() < PROTOCOL_NT1) {
789 reply_outbuf(req, 2, 0);
790 if (message_push_string(&req->outbuf, server_devicetype,
791 STR_TERMINATE|STR_ASCII) == -1) {
792 reply_nterror(req, NT_STATUS_NO_MEMORY);
793 END_PROFILE(SMBtconX);
797 /* NT sets the fstype of IPC$ to the null string */
798 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
800 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
801 /* Return permissions. */
805 reply_outbuf(req, 7, 0);
808 perm1 = FILE_ALL_ACCESS;
809 perm2 = FILE_ALL_ACCESS;
811 perm1 = CAN_WRITE(conn) ?
816 SIVAL(req->outbuf, smb_vwv3, perm1);
817 SIVAL(req->outbuf, smb_vwv5, perm2);
819 reply_outbuf(req, 3, 0);
822 if ((message_push_string(&req->outbuf, server_devicetype,
823 STR_TERMINATE|STR_ASCII) == -1)
824 || (message_push_string(&req->outbuf, fstype,
825 STR_TERMINATE) == -1)) {
826 reply_nterror(req, NT_STATUS_NO_MEMORY);
827 END_PROFILE(SMBtconX);
831 /* what does setting this bit do? It is set by NT4 and
832 may affect the ability to autorun mounted cdroms */
833 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
834 (lp_csc_policy(SNUM(conn)) << 2));
836 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
837 DEBUG(2,("Serving %s as a Dfs root\n",
838 lp_servicename(SNUM(conn)) ));
839 SSVAL(req->outbuf, smb_vwv2,
840 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
845 DEBUG(3,("tconX service=%s \n",
848 /* set the incoming and outgoing tid to the just created one */
849 SSVAL(req->inbuf,smb_tid,conn->cnum);
850 SSVAL(req->outbuf,smb_tid,conn->cnum);
852 END_PROFILE(SMBtconX);
854 req->tid = conn->cnum;
859 /****************************************************************************
860 Reply to an unknown type.
861 ****************************************************************************/
863 void reply_unknown_new(struct smb_request *req, uint8 type)
865 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
866 smb_fn_name(type), type, type));
867 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
871 /****************************************************************************
873 conn POINTER CAN BE NULL HERE !
874 ****************************************************************************/
876 void reply_ioctl(struct smb_request *req)
878 connection_struct *conn = req->conn;
885 START_PROFILE(SMBioctl);
888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
889 END_PROFILE(SMBioctl);
893 device = SVAL(req->vwv+1, 0);
894 function = SVAL(req->vwv+2, 0);
895 ioctl_code = (device << 16) + function;
897 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
899 switch (ioctl_code) {
900 case IOCTL_QUERY_JOB_INFO:
904 reply_force_doserror(req, ERRSRV, ERRnosupport);
905 END_PROFILE(SMBioctl);
909 reply_outbuf(req, 8, replysize+1);
910 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
911 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
912 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
913 p = smb_buf(req->outbuf);
914 memset(p, '\0', replysize+1); /* valgrind-safe. */
915 p += 1; /* Allow for alignment */
917 switch (ioctl_code) {
918 case IOCTL_QUERY_JOB_INFO:
920 files_struct *fsp = file_fsp(
921 req, SVAL(req->vwv+0, 0));
923 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
924 END_PROFILE(SMBioctl);
927 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
928 srvstr_push((char *)req->outbuf, req->flags2, p+2,
930 STR_TERMINATE|STR_ASCII);
932 srvstr_push((char *)req->outbuf, req->flags2,
933 p+18, lp_servicename(SNUM(conn)),
934 13, STR_TERMINATE|STR_ASCII);
942 END_PROFILE(SMBioctl);
946 /****************************************************************************
947 Strange checkpath NTSTATUS mapping.
948 ****************************************************************************/
950 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
952 /* Strange DOS error code semantics only for checkpath... */
953 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
954 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
955 /* We need to map to ERRbadpath */
956 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
962 /****************************************************************************
963 Reply to a checkpath.
964 ****************************************************************************/
966 void reply_checkpath(struct smb_request *req)
968 connection_struct *conn = req->conn;
969 struct smb_filename *smb_fname = NULL;
972 TALLOC_CTX *ctx = talloc_tos();
974 START_PROFILE(SMBcheckpath);
976 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
977 STR_TERMINATE, &status);
979 if (!NT_STATUS_IS_OK(status)) {
980 status = map_checkpath_error(req->flags2, status);
981 reply_nterror(req, status);
982 END_PROFILE(SMBcheckpath);
986 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
988 status = filename_convert(ctx,
990 req->flags2 & FLAGS2_DFS_PATHNAMES,
996 if (!NT_STATUS_IS_OK(status)) {
997 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
998 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1000 END_PROFILE(SMBcheckpath);
1006 if (!VALID_STAT(smb_fname->st) &&
1007 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1008 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1009 smb_fname_str_dbg(smb_fname), strerror(errno)));
1010 status = map_nt_error_from_unix(errno);
1014 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1015 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1016 ERRDOS, ERRbadpath);
1020 reply_outbuf(req, 0, 0);
1023 /* We special case this - as when a Windows machine
1024 is parsing a path is steps through the components
1025 one at a time - if a component fails it expects
1026 ERRbadpath, not ERRbadfile.
1028 status = map_checkpath_error(req->flags2, status);
1029 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1031 * Windows returns different error codes if
1032 * the parent directory is valid but not the
1033 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1034 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1035 * if the path is invalid.
1037 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1038 ERRDOS, ERRbadpath);
1042 reply_nterror(req, status);
1045 TALLOC_FREE(smb_fname);
1046 END_PROFILE(SMBcheckpath);
1050 /****************************************************************************
1052 ****************************************************************************/
1054 void reply_getatr(struct smb_request *req)
1056 connection_struct *conn = req->conn;
1057 struct smb_filename *smb_fname = NULL;
1064 TALLOC_CTX *ctx = talloc_tos();
1065 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1067 START_PROFILE(SMBgetatr);
1069 p = (const char *)req->buf + 1;
1070 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1071 if (!NT_STATUS_IS_OK(status)) {
1072 reply_nterror(req, status);
1076 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1077 under WfWg - weird! */
1078 if (*fname == '\0') {
1079 mode = aHIDDEN | aDIR;
1080 if (!CAN_WRITE(conn)) {
1086 status = filename_convert(ctx,
1088 req->flags2 & FLAGS2_DFS_PATHNAMES,
1093 if (!NT_STATUS_IS_OK(status)) {
1094 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1095 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1096 ERRSRV, ERRbadpath);
1099 reply_nterror(req, status);
1102 if (!VALID_STAT(smb_fname->st) &&
1103 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1104 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1105 smb_fname_str_dbg(smb_fname),
1107 reply_nterror(req, map_nt_error_from_unix(errno));
1111 mode = dos_mode(conn, smb_fname);
1112 size = smb_fname->st.st_ex_size;
1114 if (ask_sharemode) {
1115 struct timespec write_time_ts;
1116 struct file_id fileid;
1118 ZERO_STRUCT(write_time_ts);
1119 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1120 get_file_infos(fileid, NULL, &write_time_ts);
1121 if (!null_timespec(write_time_ts)) {
1122 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1126 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1132 reply_outbuf(req, 10, 0);
1134 SSVAL(req->outbuf,smb_vwv0,mode);
1135 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1136 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1138 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1140 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1142 if (get_Protocol() >= PROTOCOL_NT1) {
1143 SSVAL(req->outbuf, smb_flg2,
1144 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1147 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1148 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1151 TALLOC_FREE(smb_fname);
1153 END_PROFILE(SMBgetatr);
1157 /****************************************************************************
1159 ****************************************************************************/
1161 void reply_setatr(struct smb_request *req)
1163 struct smb_file_time ft;
1164 connection_struct *conn = req->conn;
1165 struct smb_filename *smb_fname = NULL;
1171 TALLOC_CTX *ctx = talloc_tos();
1173 START_PROFILE(SMBsetatr);
1178 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1182 p = (const char *)req->buf + 1;
1183 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1184 if (!NT_STATUS_IS_OK(status)) {
1185 reply_nterror(req, status);
1189 status = filename_convert(ctx,
1191 req->flags2 & FLAGS2_DFS_PATHNAMES,
1196 if (!NT_STATUS_IS_OK(status)) {
1197 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1198 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1199 ERRSRV, ERRbadpath);
1202 reply_nterror(req, status);
1206 if (smb_fname->base_name[0] == '.' &&
1207 smb_fname->base_name[1] == '\0') {
1209 * Not sure here is the right place to catch this
1210 * condition. Might be moved to somewhere else later -- vl
1212 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1216 mode = SVAL(req->vwv+0, 0);
1217 mtime = srv_make_unix_date3(req->vwv+1);
1219 ft.mtime = convert_time_t_to_timespec(mtime);
1220 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1221 if (!NT_STATUS_IS_OK(status)) {
1222 reply_nterror(req, status);
1226 if (mode != FILE_ATTRIBUTE_NORMAL) {
1227 if (VALID_STAT_OF_DIR(smb_fname->st))
1232 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1234 reply_nterror(req, map_nt_error_from_unix(errno));
1239 reply_outbuf(req, 0, 0);
1241 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1244 TALLOC_FREE(smb_fname);
1245 END_PROFILE(SMBsetatr);
1249 /****************************************************************************
1251 ****************************************************************************/
1253 void reply_dskattr(struct smb_request *req)
1255 connection_struct *conn = req->conn;
1256 uint64_t dfree,dsize,bsize;
1257 START_PROFILE(SMBdskattr);
1259 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1260 reply_nterror(req, map_nt_error_from_unix(errno));
1261 END_PROFILE(SMBdskattr);
1265 reply_outbuf(req, 5, 0);
1267 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1268 double total_space, free_space;
1269 /* we need to scale this to a number that DOS6 can handle. We
1270 use floating point so we can handle large drives on systems
1271 that don't have 64 bit integers
1273 we end up displaying a maximum of 2G to DOS systems
1275 total_space = dsize * (double)bsize;
1276 free_space = dfree * (double)bsize;
1278 dsize = (uint64_t)((total_space+63*512) / (64*512));
1279 dfree = (uint64_t)((free_space+63*512) / (64*512));
1281 if (dsize > 0xFFFF) dsize = 0xFFFF;
1282 if (dfree > 0xFFFF) dfree = 0xFFFF;
1284 SSVAL(req->outbuf,smb_vwv0,dsize);
1285 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1286 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1287 SSVAL(req->outbuf,smb_vwv3,dfree);
1289 SSVAL(req->outbuf,smb_vwv0,dsize);
1290 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1291 SSVAL(req->outbuf,smb_vwv2,512);
1292 SSVAL(req->outbuf,smb_vwv3,dfree);
1295 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1297 END_PROFILE(SMBdskattr);
1302 * Utility function to split the filename from the directory.
1304 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1305 char **fname_dir_out,
1306 char **fname_mask_out)
1308 const char *p = NULL;
1309 char *fname_dir = NULL;
1310 char *fname_mask = NULL;
1312 p = strrchr_m(fname_in, '/');
1314 fname_dir = talloc_strdup(ctx, ".");
1315 fname_mask = talloc_strdup(ctx, fname_in);
1317 fname_dir = talloc_strndup(ctx, fname_in,
1318 PTR_DIFF(p, fname_in));
1319 fname_mask = talloc_strdup(ctx, p+1);
1322 if (!fname_dir || !fname_mask) {
1323 TALLOC_FREE(fname_dir);
1324 TALLOC_FREE(fname_mask);
1325 return NT_STATUS_NO_MEMORY;
1328 *fname_dir_out = fname_dir;
1329 *fname_mask_out = fname_mask;
1330 return NT_STATUS_OK;
1333 /****************************************************************************
1335 Can be called from SMBsearch, SMBffirst or SMBfunique.
1336 ****************************************************************************/
1338 void reply_search(struct smb_request *req)
1340 connection_struct *conn = req->conn;
1342 const char *mask = NULL;
1343 char *directory = NULL;
1344 struct smb_filename *smb_fname = NULL;
1348 struct timespec date;
1350 unsigned int numentries = 0;
1351 unsigned int maxentries = 0;
1352 bool finished = False;
1357 bool check_descend = False;
1358 bool expect_close = False;
1360 bool mask_contains_wcard = False;
1361 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1362 TALLOC_CTX *ctx = talloc_tos();
1363 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1364 struct dptr_struct *dirptr = NULL;
1365 struct smbd_server_connection *sconn = smbd_server_conn;
1367 START_PROFILE(SMBsearch);
1370 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1374 if (lp_posix_pathnames()) {
1375 reply_unknown_new(req, req->cmd);
1379 /* If we were called as SMBffirst then we must expect close. */
1380 if(req->cmd == SMBffirst) {
1381 expect_close = True;
1384 reply_outbuf(req, 1, 3);
1385 maxentries = SVAL(req->vwv+0, 0);
1386 dirtype = SVAL(req->vwv+1, 0);
1387 p = (const char *)req->buf + 1;
1388 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1389 &nt_status, &mask_contains_wcard);
1390 if (!NT_STATUS_IS_OK(nt_status)) {
1391 reply_nterror(req, nt_status);
1396 status_len = SVAL(p, 0);
1399 /* dirtype &= ~aDIR; */
1401 if (status_len == 0) {
1402 nt_status = filename_convert(ctx, conn,
1403 req->flags2 & FLAGS2_DFS_PATHNAMES,
1405 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1406 &mask_contains_wcard,
1408 if (!NT_STATUS_IS_OK(nt_status)) {
1409 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1410 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1411 ERRSRV, ERRbadpath);
1414 reply_nterror(req, nt_status);
1418 directory = smb_fname->base_name;
1420 p = strrchr_m(directory,'/');
1421 if ((p != NULL) && (*directory != '/')) {
1423 directory = talloc_strndup(ctx, directory,
1424 PTR_DIFF(p, directory));
1427 directory = talloc_strdup(ctx,".");
1431 reply_nterror(req, NT_STATUS_NO_MEMORY);
1435 memset((char *)status,'\0',21);
1436 SCVAL(status,0,(dirtype & 0x1F));
1438 nt_status = dptr_create(conn,
1444 mask_contains_wcard,
1447 if (!NT_STATUS_IS_OK(nt_status)) {
1448 reply_nterror(req, nt_status);
1451 dptr_num = dptr_dnum(dirptr);
1454 const char *dirpath;
1456 memcpy(status,p,21);
1457 status_dirtype = CVAL(status,0) & 0x1F;
1458 if (status_dirtype != (dirtype & 0x1F)) {
1459 dirtype = status_dirtype;
1462 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1466 dirpath = dptr_path(sconn, dptr_num);
1467 directory = talloc_strdup(ctx, dirpath);
1469 reply_nterror(req, NT_STATUS_NO_MEMORY);
1473 mask = dptr_wcard(sconn, dptr_num);
1478 * For a 'continue' search we have no string. So
1479 * check from the initial saved string.
1481 mask_contains_wcard = ms_has_wild(mask);
1482 dirtype = dptr_attr(sconn, dptr_num);
1485 DEBUG(4,("dptr_num is %d\n",dptr_num));
1487 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1488 dptr_init_search_op(dirptr);
1490 if ((dirtype&0x1F) == aVOLID) {
1491 char buf[DIR_STRUCT_SIZE];
1492 memcpy(buf,status,21);
1493 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1494 0,aVOLID,0,!allow_long_path_components)) {
1495 reply_nterror(req, NT_STATUS_NO_MEMORY);
1498 dptr_fill(sconn, buf+12,dptr_num);
1499 if (dptr_zero(buf+12) && (status_len==0)) {
1504 if (message_push_blob(&req->outbuf,
1505 data_blob_const(buf, sizeof(buf)))
1507 reply_nterror(req, NT_STATUS_NO_MEMORY);
1515 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1518 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1519 directory,lp_dontdescend(SNUM(conn))));
1520 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1521 check_descend = True;
1524 for (i=numentries;(i<maxentries) && !finished;i++) {
1525 finished = !get_dir_entry(ctx,
1536 char buf[DIR_STRUCT_SIZE];
1537 memcpy(buf,status,21);
1538 if (!make_dir_struct(ctx,
1544 convert_timespec_to_time_t(date),
1545 !allow_long_path_components)) {
1546 reply_nterror(req, NT_STATUS_NO_MEMORY);
1549 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1552 if (message_push_blob(&req->outbuf,
1553 data_blob_const(buf, sizeof(buf)))
1555 reply_nterror(req, NT_STATUS_NO_MEMORY);
1565 /* If we were called as SMBffirst with smb_search_id == NULL
1566 and no entries were found then return error and close dirptr
1569 if (numentries == 0) {
1570 dptr_close(sconn, &dptr_num);
1571 } else if(expect_close && status_len == 0) {
1572 /* Close the dptr - we know it's gone */
1573 dptr_close(sconn, &dptr_num);
1576 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1577 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1578 dptr_close(sconn, &dptr_num);
1581 if ((numentries == 0) && !mask_contains_wcard) {
1582 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1586 SSVAL(req->outbuf,smb_vwv0,numentries);
1587 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1588 SCVAL(smb_buf(req->outbuf),0,5);
1589 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1591 /* The replies here are never long name. */
1592 SSVAL(req->outbuf, smb_flg2,
1593 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1594 if (!allow_long_path_components) {
1595 SSVAL(req->outbuf, smb_flg2,
1596 SVAL(req->outbuf, smb_flg2)
1597 & (~FLAGS2_LONG_PATH_COMPONENTS));
1600 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1601 SSVAL(req->outbuf, smb_flg2,
1602 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1604 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1605 smb_fn_name(req->cmd),
1612 TALLOC_FREE(directory);
1613 TALLOC_FREE(smb_fname);
1614 END_PROFILE(SMBsearch);
1618 /****************************************************************************
1619 Reply to a fclose (stop directory search).
1620 ****************************************************************************/
1622 void reply_fclose(struct smb_request *req)
1630 bool path_contains_wcard = False;
1631 TALLOC_CTX *ctx = talloc_tos();
1632 struct smbd_server_connection *sconn = smbd_server_conn;
1634 START_PROFILE(SMBfclose);
1636 if (lp_posix_pathnames()) {
1637 reply_unknown_new(req, req->cmd);
1638 END_PROFILE(SMBfclose);
1642 p = (const char *)req->buf + 1;
1643 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1644 &err, &path_contains_wcard);
1645 if (!NT_STATUS_IS_OK(err)) {
1646 reply_nterror(req, err);
1647 END_PROFILE(SMBfclose);
1651 status_len = SVAL(p,0);
1654 if (status_len == 0) {
1655 reply_force_doserror(req, ERRSRV, ERRsrverror);
1656 END_PROFILE(SMBfclose);
1660 memcpy(status,p,21);
1662 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1663 /* Close the dptr - we know it's gone */
1664 dptr_close(sconn, &dptr_num);
1667 reply_outbuf(req, 1, 0);
1668 SSVAL(req->outbuf,smb_vwv0,0);
1670 DEBUG(3,("search close\n"));
1672 END_PROFILE(SMBfclose);
1676 /****************************************************************************
1678 ****************************************************************************/
1680 void reply_open(struct smb_request *req)
1682 connection_struct *conn = req->conn;
1683 struct smb_filename *smb_fname = NULL;
1695 uint32 create_disposition;
1696 uint32 create_options = 0;
1698 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1699 TALLOC_CTX *ctx = talloc_tos();
1701 START_PROFILE(SMBopen);
1704 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1708 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1709 deny_mode = SVAL(req->vwv+0, 0);
1710 dos_attr = SVAL(req->vwv+1, 0);
1712 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1713 STR_TERMINATE, &status);
1714 if (!NT_STATUS_IS_OK(status)) {
1715 reply_nterror(req, status);
1719 status = filename_convert(ctx,
1721 req->flags2 & FLAGS2_DFS_PATHNAMES,
1726 if (!NT_STATUS_IS_OK(status)) {
1727 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1728 reply_botherror(req,
1729 NT_STATUS_PATH_NOT_COVERED,
1730 ERRSRV, ERRbadpath);
1733 reply_nterror(req, status);
1737 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1738 OPENX_FILE_EXISTS_OPEN, &access_mask,
1739 &share_mode, &create_disposition,
1741 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1745 status = SMB_VFS_CREATE_FILE(
1748 0, /* root_dir_fid */
1749 smb_fname, /* fname */
1750 access_mask, /* access_mask */
1751 share_mode, /* share_access */
1752 create_disposition, /* create_disposition*/
1753 create_options, /* create_options */
1754 dos_attr, /* file_attributes */
1755 oplock_request, /* oplock_request */
1756 0, /* allocation_size */
1762 if (!NT_STATUS_IS_OK(status)) {
1763 if (open_was_deferred(req->mid)) {
1764 /* We have re-scheduled this call. */
1767 reply_openerror(req, status);
1771 size = smb_fname->st.st_ex_size;
1772 fattr = dos_mode(conn, smb_fname);
1774 /* Deal with other possible opens having a modified
1776 if (ask_sharemode) {
1777 struct timespec write_time_ts;
1779 ZERO_STRUCT(write_time_ts);
1780 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1781 if (!null_timespec(write_time_ts)) {
1782 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1786 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1789 DEBUG(3,("attempt to open a directory %s\n",
1791 close_file(req, fsp, ERROR_CLOSE);
1792 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1793 ERRDOS, ERRnoaccess);
1797 reply_outbuf(req, 7, 0);
1798 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1799 SSVAL(req->outbuf,smb_vwv1,fattr);
1800 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1801 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1803 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1805 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1806 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1808 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1809 SCVAL(req->outbuf,smb_flg,
1810 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1813 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1814 SCVAL(req->outbuf,smb_flg,
1815 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1818 TALLOC_FREE(smb_fname);
1819 END_PROFILE(SMBopen);
1823 /****************************************************************************
1824 Reply to an open and X.
1825 ****************************************************************************/
1827 void reply_open_and_X(struct smb_request *req)
1829 connection_struct *conn = req->conn;
1830 struct smb_filename *smb_fname = NULL;
1835 /* Breakout the oplock request bits so we can set the
1836 reply bits separately. */
1837 int ex_oplock_request;
1838 int core_oplock_request;
1841 int smb_sattr = SVAL(req->vwv+4, 0);
1842 uint32 smb_time = make_unix_date3(req->vwv+6);
1850 uint64_t allocation_size;
1851 ssize_t retval = -1;
1854 uint32 create_disposition;
1855 uint32 create_options = 0;
1856 TALLOC_CTX *ctx = talloc_tos();
1858 START_PROFILE(SMBopenX);
1860 if (req->wct < 15) {
1861 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1865 open_flags = SVAL(req->vwv+2, 0);
1866 deny_mode = SVAL(req->vwv+3, 0);
1867 smb_attr = SVAL(req->vwv+5, 0);
1868 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1869 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1870 oplock_request = ex_oplock_request | core_oplock_request;
1871 smb_ofun = SVAL(req->vwv+8, 0);
1872 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1874 /* If it's an IPC, pass off the pipe handler. */
1876 if (lp_nt_pipe_support()) {
1877 reply_open_pipe_and_X(conn, req);
1879 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1884 /* XXXX we need to handle passed times, sattr and flags */
1885 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1886 STR_TERMINATE, &status);
1887 if (!NT_STATUS_IS_OK(status)) {
1888 reply_nterror(req, status);
1892 status = filename_convert(ctx,
1894 req->flags2 & FLAGS2_DFS_PATHNAMES,
1899 if (!NT_STATUS_IS_OK(status)) {
1900 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1901 reply_botherror(req,
1902 NT_STATUS_PATH_NOT_COVERED,
1903 ERRSRV, ERRbadpath);
1906 reply_nterror(req, status);
1910 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1911 &access_mask, &share_mode,
1912 &create_disposition,
1914 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1918 status = SMB_VFS_CREATE_FILE(
1921 0, /* root_dir_fid */
1922 smb_fname, /* fname */
1923 access_mask, /* access_mask */
1924 share_mode, /* share_access */
1925 create_disposition, /* create_disposition*/
1926 create_options, /* create_options */
1927 smb_attr, /* file_attributes */
1928 oplock_request, /* oplock_request */
1929 0, /* allocation_size */
1933 &smb_action); /* pinfo */
1935 if (!NT_STATUS_IS_OK(status)) {
1936 if (open_was_deferred(req->mid)) {
1937 /* We have re-scheduled this call. */
1940 reply_openerror(req, status);
1944 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1945 if the file is truncated or created. */
1946 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1947 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1948 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1949 close_file(req, fsp, ERROR_CLOSE);
1950 reply_nterror(req, NT_STATUS_DISK_FULL);
1953 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1955 close_file(req, fsp, ERROR_CLOSE);
1956 reply_nterror(req, NT_STATUS_DISK_FULL);
1959 smb_fname->st.st_ex_size =
1960 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1963 fattr = dos_mode(conn, smb_fname);
1964 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1966 close_file(req, fsp, ERROR_CLOSE);
1967 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1971 /* If the caller set the extended oplock request bit
1972 and we granted one (by whatever means) - set the
1973 correct bit for extended oplock reply.
1976 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1977 smb_action |= EXTENDED_OPLOCK_GRANTED;
1980 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1981 smb_action |= EXTENDED_OPLOCK_GRANTED;
1984 /* If the caller set the core oplock request bit
1985 and we granted one (by whatever means) - set the
1986 correct bit for core oplock reply.
1989 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1990 reply_outbuf(req, 19, 0);
1992 reply_outbuf(req, 15, 0);
1995 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1996 SCVAL(req->outbuf, smb_flg,
1997 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2000 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2001 SCVAL(req->outbuf, smb_flg,
2002 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2005 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2006 SSVAL(req->outbuf,smb_vwv3,fattr);
2007 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2008 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2010 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2012 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2013 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2014 SSVAL(req->outbuf,smb_vwv11,smb_action);
2016 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2017 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
2022 TALLOC_FREE(smb_fname);
2023 END_PROFILE(SMBopenX);
2027 /****************************************************************************
2028 Reply to a SMBulogoffX.
2029 ****************************************************************************/
2031 void reply_ulogoffX(struct smb_request *req)
2033 struct smbd_server_connection *sconn = smbd_server_conn;
2036 START_PROFILE(SMBulogoffX);
2038 vuser = get_valid_user_struct(sconn, req->vuid);
2041 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2045 /* in user level security we are supposed to close any files
2046 open by this user */
2047 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2048 file_close_user(req->vuid);
2051 invalidate_vuid(sconn, req->vuid);
2053 reply_outbuf(req, 2, 0);
2055 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2057 END_PROFILE(SMBulogoffX);
2058 req->vuid = UID_FIELD_INVALID;
2062 /****************************************************************************
2063 Reply to a mknew or a create.
2064 ****************************************************************************/
2066 void reply_mknew(struct smb_request *req)
2068 connection_struct *conn = req->conn;
2069 struct smb_filename *smb_fname = NULL;
2072 struct smb_file_time ft;
2074 int oplock_request = 0;
2076 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2077 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2078 uint32 create_disposition;
2079 uint32 create_options = 0;
2080 TALLOC_CTX *ctx = talloc_tos();
2082 START_PROFILE(SMBcreate);
2086 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2090 fattr = SVAL(req->vwv+0, 0);
2091 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2094 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2096 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2097 STR_TERMINATE, &status);
2098 if (!NT_STATUS_IS_OK(status)) {
2099 reply_nterror(req, status);
2103 status = filename_convert(ctx,
2105 req->flags2 & FLAGS2_DFS_PATHNAMES,
2110 if (!NT_STATUS_IS_OK(status)) {
2111 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2112 reply_botherror(req,
2113 NT_STATUS_PATH_NOT_COVERED,
2114 ERRSRV, ERRbadpath);
2117 reply_nterror(req, status);
2121 if (fattr & aVOLID) {
2122 DEBUG(0,("Attempt to create file (%s) with volid set - "
2123 "please report this\n",
2124 smb_fname_str_dbg(smb_fname)));
2127 if(req->cmd == SMBmknew) {
2128 /* We should fail if file exists. */
2129 create_disposition = FILE_CREATE;
2131 /* Create if file doesn't exist, truncate if it does. */
2132 create_disposition = FILE_OVERWRITE_IF;
2135 status = SMB_VFS_CREATE_FILE(
2138 0, /* root_dir_fid */
2139 smb_fname, /* fname */
2140 access_mask, /* access_mask */
2141 share_mode, /* share_access */
2142 create_disposition, /* create_disposition*/
2143 create_options, /* create_options */
2144 fattr, /* file_attributes */
2145 oplock_request, /* oplock_request */
2146 0, /* allocation_size */
2152 if (!NT_STATUS_IS_OK(status)) {
2153 if (open_was_deferred(req->mid)) {
2154 /* We have re-scheduled this call. */
2157 reply_openerror(req, status);
2161 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2162 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2163 if (!NT_STATUS_IS_OK(status)) {
2164 END_PROFILE(SMBcreate);
2168 reply_outbuf(req, 1, 0);
2169 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2171 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2172 SCVAL(req->outbuf,smb_flg,
2173 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2176 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2177 SCVAL(req->outbuf,smb_flg,
2178 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2181 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2182 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2183 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2184 (unsigned int)fattr));
2187 TALLOC_FREE(smb_fname);
2188 END_PROFILE(SMBcreate);
2192 /****************************************************************************
2193 Reply to a create temporary file.
2194 ****************************************************************************/
2196 void reply_ctemp(struct smb_request *req)
2198 connection_struct *conn = req->conn;
2199 struct smb_filename *smb_fname = NULL;
2207 TALLOC_CTX *ctx = talloc_tos();
2209 START_PROFILE(SMBctemp);
2212 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2216 fattr = SVAL(req->vwv+0, 0);
2217 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2219 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2220 STR_TERMINATE, &status);
2221 if (!NT_STATUS_IS_OK(status)) {
2222 reply_nterror(req, status);
2226 fname = talloc_asprintf(ctx,
2230 fname = talloc_strdup(ctx, "TMXXXXXX");
2234 reply_nterror(req, NT_STATUS_NO_MEMORY);
2238 status = filename_convert(ctx, conn,
2239 req->flags2 & FLAGS2_DFS_PATHNAMES,
2244 if (!NT_STATUS_IS_OK(status)) {
2245 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2246 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2247 ERRSRV, ERRbadpath);
2250 reply_nterror(req, status);
2254 tmpfd = mkstemp(smb_fname->base_name);
2256 reply_nterror(req, map_nt_error_from_unix(errno));
2260 SMB_VFS_STAT(conn, smb_fname);
2262 /* We should fail if file does not exist. */
2263 status = SMB_VFS_CREATE_FILE(
2266 0, /* root_dir_fid */
2267 smb_fname, /* fname */
2268 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2269 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2270 FILE_OPEN, /* create_disposition*/
2271 0, /* create_options */
2272 fattr, /* file_attributes */
2273 oplock_request, /* oplock_request */
2274 0, /* allocation_size */
2280 /* close fd from mkstemp() */
2283 if (!NT_STATUS_IS_OK(status)) {
2284 if (open_was_deferred(req->mid)) {
2285 /* We have re-scheduled this call. */
2288 reply_openerror(req, status);
2292 reply_outbuf(req, 1, 0);
2293 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2295 /* the returned filename is relative to the directory */
2296 s = strrchr_m(fsp->fsp_name->base_name, '/');
2298 s = fsp->fsp_name->base_name;
2304 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2305 thing in the byte section. JRA */
2306 SSVALS(p, 0, -1); /* what is this? not in spec */
2308 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2310 reply_nterror(req, NT_STATUS_NO_MEMORY);
2314 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2315 SCVAL(req->outbuf, smb_flg,
2316 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2319 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2320 SCVAL(req->outbuf, smb_flg,
2321 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2324 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2325 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2326 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2328 TALLOC_FREE(smb_fname);
2329 END_PROFILE(SMBctemp);
2333 /*******************************************************************
2334 Check if a user is allowed to rename a file.
2335 ********************************************************************/
2337 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2342 if (!CAN_WRITE(conn)) {
2343 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2346 fmode = dos_mode(conn, fsp->fsp_name);
2347 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2348 return NT_STATUS_NO_SUCH_FILE;
2351 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2352 if (fsp->posix_open) {
2353 return NT_STATUS_OK;
2356 /* If no pathnames are open below this
2357 directory, allow the rename. */
2359 if (file_find_subpath(fsp)) {
2360 return NT_STATUS_ACCESS_DENIED;
2362 return NT_STATUS_OK;
2365 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2366 return NT_STATUS_OK;
2369 return NT_STATUS_ACCESS_DENIED;
2372 /*******************************************************************
2373 * unlink a file with all relevant access checks
2374 *******************************************************************/
2376 static NTSTATUS do_unlink(connection_struct *conn,
2377 struct smb_request *req,
2378 struct smb_filename *smb_fname,
2383 uint32 dirtype_orig = dirtype;
2386 bool posix_paths = lp_posix_pathnames();
2388 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2389 smb_fname_str_dbg(smb_fname),
2392 if (!CAN_WRITE(conn)) {
2393 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2397 ret = SMB_VFS_LSTAT(conn, smb_fname);
2399 ret = SMB_VFS_LSTAT(conn, smb_fname);
2402 return map_nt_error_from_unix(errno);
2405 fattr = dos_mode(conn, smb_fname);
2407 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2408 dirtype = aDIR|aARCH|aRONLY;
2411 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2413 return NT_STATUS_NO_SUCH_FILE;
2416 if (!dir_check_ftype(conn, fattr, dirtype)) {
2418 return NT_STATUS_FILE_IS_A_DIRECTORY;
2420 return NT_STATUS_NO_SUCH_FILE;
2423 if (dirtype_orig & 0x8000) {
2424 /* These will never be set for POSIX. */
2425 return NT_STATUS_NO_SUCH_FILE;
2429 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2430 return NT_STATUS_FILE_IS_A_DIRECTORY;
2433 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2434 return NT_STATUS_NO_SUCH_FILE;
2437 if (dirtype & 0xFF00) {
2438 /* These will never be set for POSIX. */
2439 return NT_STATUS_NO_SUCH_FILE;
2444 return NT_STATUS_NO_SUCH_FILE;
2447 /* Can't delete a directory. */
2449 return NT_STATUS_FILE_IS_A_DIRECTORY;
2454 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2455 return NT_STATUS_OBJECT_NAME_INVALID;
2456 #endif /* JRATEST */
2458 /* On open checks the open itself will check the share mode, so
2459 don't do it here as we'll get it wrong. */
2461 status = SMB_VFS_CREATE_FILE
2464 0, /* root_dir_fid */
2465 smb_fname, /* fname */
2466 DELETE_ACCESS, /* access_mask */
2467 FILE_SHARE_NONE, /* share_access */
2468 FILE_OPEN, /* create_disposition*/
2469 FILE_NON_DIRECTORY_FILE, /* create_options */
2470 /* file_attributes */
2471 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2472 FILE_ATTRIBUTE_NORMAL,
2473 0, /* oplock_request */
2474 0, /* allocation_size */
2480 if (!NT_STATUS_IS_OK(status)) {
2481 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2482 nt_errstr(status)));
2486 status = can_set_delete_on_close(fsp, fattr);
2487 if (!NT_STATUS_IS_OK(status)) {
2488 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2490 smb_fname_str_dbg(smb_fname),
2491 nt_errstr(status)));
2492 close_file(req, fsp, NORMAL_CLOSE);
2496 /* The set is across all open files on this dev/inode pair. */
2497 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2498 close_file(req, fsp, NORMAL_CLOSE);
2499 return NT_STATUS_ACCESS_DENIED;
2502 return close_file(req, fsp, NORMAL_CLOSE);
2505 /****************************************************************************
2506 The guts of the unlink command, split out so it may be called by the NT SMB
2508 ****************************************************************************/
2510 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2511 uint32 dirtype, struct smb_filename *smb_fname,
2514 char *fname_dir = NULL;
2515 char *fname_mask = NULL;
2517 NTSTATUS status = NT_STATUS_OK;
2518 TALLOC_CTX *ctx = talloc_tos();
2520 /* Split up the directory from the filename/mask. */
2521 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2522 &fname_dir, &fname_mask);
2523 if (!NT_STATUS_IS_OK(status)) {
2528 * We should only check the mangled cache
2529 * here if unix_convert failed. This means
2530 * that the path in 'mask' doesn't exist
2531 * on the file system and so we need to look
2532 * for a possible mangle. This patch from
2533 * Tine Smukavec <valentin.smukavec@hermes.si>.
2536 if (!VALID_STAT(smb_fname->st) &&
2537 mangle_is_mangled(fname_mask, conn->params)) {
2538 char *new_mask = NULL;
2539 mangle_lookup_name_from_8_3(ctx, fname_mask,
2540 &new_mask, conn->params);
2542 TALLOC_FREE(fname_mask);
2543 fname_mask = new_mask;
2550 * Only one file needs to be unlinked. Append the mask back
2551 * onto the directory.
2553 TALLOC_FREE(smb_fname->base_name);
2554 smb_fname->base_name = talloc_asprintf(smb_fname,
2558 if (!smb_fname->base_name) {
2559 status = NT_STATUS_NO_MEMORY;
2563 dirtype = FILE_ATTRIBUTE_NORMAL;
2566 status = check_name(conn, smb_fname->base_name);
2567 if (!NT_STATUS_IS_OK(status)) {
2571 status = do_unlink(conn, req, smb_fname, dirtype);
2572 if (!NT_STATUS_IS_OK(status)) {
2578 struct smb_Dir *dir_hnd = NULL;
2580 const char *dname = NULL;
2581 char *talloced = NULL;
2583 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2584 status = NT_STATUS_OBJECT_NAME_INVALID;
2588 if (strequal(fname_mask,"????????.???")) {
2589 TALLOC_FREE(fname_mask);
2590 fname_mask = talloc_strdup(ctx, "*");
2592 status = NT_STATUS_NO_MEMORY;
2597 status = check_name(conn, fname_dir);
2598 if (!NT_STATUS_IS_OK(status)) {
2602 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2604 if (dir_hnd == NULL) {
2605 status = map_nt_error_from_unix(errno);
2609 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2610 the pattern matches against the long name, otherwise the short name
2611 We don't implement this yet XXXX
2614 status = NT_STATUS_NO_SUCH_FILE;
2616 while ((dname = ReadDirName(dir_hnd, &offset,
2617 &smb_fname->st, &talloced))) {
2618 TALLOC_CTX *frame = talloc_stackframe();
2620 if (!is_visible_file(conn, fname_dir, dname,
2621 &smb_fname->st, true)) {
2623 TALLOC_FREE(talloced);
2627 /* Quick check for "." and ".." */
2628 if (ISDOT(dname) || ISDOTDOT(dname)) {
2630 TALLOC_FREE(talloced);
2634 if(!mask_match(dname, fname_mask,
2635 conn->case_sensitive)) {
2637 TALLOC_FREE(talloced);
2641 TALLOC_FREE(smb_fname->base_name);
2642 smb_fname->base_name =
2643 talloc_asprintf(smb_fname, "%s/%s",
2646 if (!smb_fname->base_name) {
2647 TALLOC_FREE(dir_hnd);
2648 status = NT_STATUS_NO_MEMORY;
2650 TALLOC_FREE(talloced);
2654 status = check_name(conn, smb_fname->base_name);
2655 if (!NT_STATUS_IS_OK(status)) {
2656 TALLOC_FREE(dir_hnd);
2658 TALLOC_FREE(talloced);
2662 status = do_unlink(conn, req, smb_fname, dirtype);
2663 if (!NT_STATUS_IS_OK(status)) {
2665 TALLOC_FREE(talloced);
2670 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2671 smb_fname->base_name));
2674 TALLOC_FREE(talloced);
2676 TALLOC_FREE(dir_hnd);
2679 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2680 status = map_nt_error_from_unix(errno);
2684 TALLOC_FREE(fname_dir);
2685 TALLOC_FREE(fname_mask);
2689 /****************************************************************************
2691 ****************************************************************************/
2693 void reply_unlink(struct smb_request *req)
2695 connection_struct *conn = req->conn;
2697 struct smb_filename *smb_fname = NULL;
2700 bool path_contains_wcard = False;
2701 TALLOC_CTX *ctx = talloc_tos();
2703 START_PROFILE(SMBunlink);
2706 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2710 dirtype = SVAL(req->vwv+0, 0);
2712 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2713 STR_TERMINATE, &status,
2714 &path_contains_wcard);
2715 if (!NT_STATUS_IS_OK(status)) {
2716 reply_nterror(req, status);
2720 status = filename_convert(ctx, conn,
2721 req->flags2 & FLAGS2_DFS_PATHNAMES,
2723 UCF_COND_ALLOW_WCARD_LCOMP,
2724 &path_contains_wcard,
2726 if (!NT_STATUS_IS_OK(status)) {
2727 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2728 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2729 ERRSRV, ERRbadpath);
2732 reply_nterror(req, status);
2736 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2738 status = unlink_internals(conn, req, dirtype, smb_fname,
2739 path_contains_wcard);
2740 if (!NT_STATUS_IS_OK(status)) {
2741 if (open_was_deferred(req->mid)) {
2742 /* We have re-scheduled this call. */
2745 reply_nterror(req, status);
2749 reply_outbuf(req, 0, 0);
2751 TALLOC_FREE(smb_fname);
2752 END_PROFILE(SMBunlink);
2756 /****************************************************************************
2758 ****************************************************************************/
2760 static void fail_readraw(void)
2762 const char *errstr = talloc_asprintf(talloc_tos(),
2763 "FAIL ! reply_readbraw: socket write fail (%s)",
2768 exit_server_cleanly(errstr);
2771 /****************************************************************************
2772 Fake (read/write) sendfile. Returns -1 on read or write fail.
2773 ****************************************************************************/
2775 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2779 size_t tosend = nread;
2786 bufsize = MIN(nread, 65536);
2788 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2792 while (tosend > 0) {
2796 if (tosend > bufsize) {
2801 ret = read_file(fsp,buf,startpos,cur_read);
2807 /* If we had a short read, fill with zeros. */
2808 if (ret < cur_read) {
2809 memset(buf + ret, '\0', cur_read - ret);
2812 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2817 startpos += cur_read;
2821 return (ssize_t)nread;
2824 #if defined(WITH_SENDFILE)
2825 /****************************************************************************
2826 Deal with the case of sendfile reading less bytes from the file than
2827 requested. Fill with zeros (all we can do).
2828 ****************************************************************************/
2830 static void sendfile_short_send(files_struct *fsp,
2835 #define SHORT_SEND_BUFSIZE 1024
2836 if (nread < headersize) {
2837 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2838 "header for file %s (%s). Terminating\n",
2839 fsp_str_dbg(fsp), strerror(errno)));
2840 exit_server_cleanly("sendfile_short_send failed");
2843 nread -= headersize;
2845 if (nread < smb_maxcnt) {
2846 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2848 exit_server_cleanly("sendfile_short_send: "
2852 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2853 "with zeros !\n", fsp_str_dbg(fsp)));
2855 while (nread < smb_maxcnt) {
2857 * We asked for the real file size and told sendfile
2858 * to not go beyond the end of the file. But it can
2859 * happen that in between our fstat call and the
2860 * sendfile call the file was truncated. This is very
2861 * bad because we have already announced the larger
2862 * number of bytes to the client.
2864 * The best we can do now is to send 0-bytes, just as
2865 * a read from a hole in a sparse file would do.
2867 * This should happen rarely enough that I don't care
2868 * about efficiency here :-)
2872 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2873 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2874 exit_server_cleanly("sendfile_short_send: "
2875 "write_data failed");
2882 #endif /* defined WITH_SENDFILE */
2884 /****************************************************************************
2885 Return a readbraw error (4 bytes of zero).
2886 ****************************************************************************/
2888 static void reply_readbraw_error(void)
2892 if (write_data(smbd_server_fd(),header,4) != 4) {
2897 /****************************************************************************
2898 Use sendfile in readbraw.
2899 ****************************************************************************/
2901 static void send_file_readbraw(connection_struct *conn,
2902 struct smb_request *req,
2908 char *outbuf = NULL;
2911 #if defined(WITH_SENDFILE)
2913 * We can only use sendfile on a non-chained packet
2914 * but we can use on a non-oplocked file. tridge proved this
2915 * on a train in Germany :-). JRA.
2916 * reply_readbraw has already checked the length.
2919 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2920 (fsp->wcp == NULL) &&
2921 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
2922 ssize_t sendfile_read = -1;
2924 DATA_BLOB header_blob;
2926 _smb_setlen(header,nread);
2927 header_blob = data_blob_const(header, 4);
2929 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2930 &header_blob, startpos, nread)) == -1) {
2931 /* Returning ENOSYS means no data at all was sent.
2932 * Do this as a normal read. */
2933 if (errno == ENOSYS) {
2934 goto normal_readbraw;
2938 * Special hack for broken Linux with no working sendfile. If we
2939 * return EINTR we sent the header but not the rest of the data.
2940 * Fake this up by doing read/write calls.
2942 if (errno == EINTR) {
2943 /* Ensure we don't do this again. */
2944 set_use_sendfile(SNUM(conn), False);
2945 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2947 if (fake_sendfile(fsp, startpos, nread) == -1) {
2948 DEBUG(0,("send_file_readbraw: "
2949 "fake_sendfile failed for "
2953 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2958 DEBUG(0,("send_file_readbraw: sendfile failed for "
2959 "file %s (%s). Terminating\n",
2960 fsp_str_dbg(fsp), strerror(errno)));
2961 exit_server_cleanly("send_file_readbraw sendfile failed");
2962 } else if (sendfile_read == 0) {
2964 * Some sendfile implementations return 0 to indicate
2965 * that there was a short read, but nothing was
2966 * actually written to the socket. In this case,
2967 * fallback to the normal read path so the header gets
2968 * the correct byte count.
2970 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2971 "bytes falling back to the normal read: "
2972 "%s\n", fsp_str_dbg(fsp)));
2973 goto normal_readbraw;
2976 /* Deal with possible short send. */
2977 if (sendfile_read != 4+nread) {
2978 sendfile_short_send(fsp, sendfile_read, 4, nread);
2986 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2988 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2989 (unsigned)(nread+4)));
2990 reply_readbraw_error();
2995 ret = read_file(fsp,outbuf+4,startpos,nread);
2996 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3005 _smb_setlen(outbuf,ret);
3006 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
3009 TALLOC_FREE(outbuf);
3012 /****************************************************************************
3013 Reply to a readbraw (core+ protocol).
3014 ****************************************************************************/
3016 void reply_readbraw(struct smb_request *req)
3018 connection_struct *conn = req->conn;
3019 ssize_t maxcount,mincount;
3023 struct lock_struct lock;
3026 START_PROFILE(SMBreadbraw);
3028 if (srv_is_signing_active(smbd_server_conn) ||
3029 is_encrypted_packet(req->inbuf)) {
3030 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3031 "raw reads/writes are disallowed.");
3035 reply_readbraw_error();
3036 END_PROFILE(SMBreadbraw);
3041 * Special check if an oplock break has been issued
3042 * and the readraw request croses on the wire, we must
3043 * return a zero length response here.
3046 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3049 * We have to do a check_fsp by hand here, as
3050 * we must always return 4 zero bytes on error,
3054 if (!fsp || !conn || conn != fsp->conn ||
3055 req->vuid != fsp->vuid ||
3056 fsp->is_directory || fsp->fh->fd == -1) {
3058 * fsp could be NULL here so use the value from the packet. JRA.
3060 DEBUG(3,("reply_readbraw: fnum %d not valid "
3062 (int)SVAL(req->vwv+0, 0)));
3063 reply_readbraw_error();
3064 END_PROFILE(SMBreadbraw);
3068 /* Do a "by hand" version of CHECK_READ. */
3069 if (!(fsp->can_read ||
3070 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3071 (fsp->access_mask & FILE_EXECUTE)))) {
3072 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3073 (int)SVAL(req->vwv+0, 0)));
3074 reply_readbraw_error();
3075 END_PROFILE(SMBreadbraw);
3079 flush_write_cache(fsp, READRAW_FLUSH);
3081 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3082 if(req->wct == 10) {
3084 * This is a large offset (64 bit) read.
3086 #ifdef LARGE_SMB_OFF_T
3088 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3090 #else /* !LARGE_SMB_OFF_T */
3093 * Ensure we haven't been sent a >32 bit offset.
3096 if(IVAL(req->vwv+8, 0) != 0) {
3097 DEBUG(0,("reply_readbraw: large offset "
3098 "(%x << 32) used and we don't support "
3099 "64 bit offsets.\n",
3100 (unsigned int)IVAL(req->vwv+8, 0) ));
3101 reply_readbraw_error();
3102 END_PROFILE(SMBreadbraw);
3106 #endif /* LARGE_SMB_OFF_T */
3109 DEBUG(0,("reply_readbraw: negative 64 bit "
3110 "readraw offset (%.0f) !\n",
3111 (double)startpos ));
3112 reply_readbraw_error();
3113 END_PROFILE(SMBreadbraw);
3118 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3119 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3121 /* ensure we don't overrun the packet size */
3122 maxcount = MIN(65535,maxcount);
3124 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3125 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3128 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3129 reply_readbraw_error();
3130 END_PROFILE(SMBreadbraw);
3134 if (fsp_stat(fsp) == 0) {
3135 size = fsp->fsp_name->st.st_ex_size;
3138 if (startpos >= size) {
3141 nread = MIN(maxcount,(size - startpos));
3144 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3145 if (nread < mincount)
3149 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3150 "min=%lu nread=%lu\n",
3151 fsp->fnum, (double)startpos,
3152 (unsigned long)maxcount,
3153 (unsigned long)mincount,
3154 (unsigned long)nread ) );
3156 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3158 DEBUG(5,("reply_readbraw finished\n"));
3160 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3162 END_PROFILE(SMBreadbraw);
3167 #define DBGC_CLASS DBGC_LOCKING
3169 /****************************************************************************
3170 Reply to a lockread (core+ protocol).
3171 ****************************************************************************/
3173 void reply_lockread(struct smb_request *req)
3175 connection_struct *conn = req->conn;
3182 struct byte_range_lock *br_lck = NULL;
3184 struct smbd_server_connection *sconn = smbd_server_conn;
3186 START_PROFILE(SMBlockread);
3189 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3190 END_PROFILE(SMBlockread);
3194 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3196 if (!check_fsp(conn, req, fsp)) {
3197 END_PROFILE(SMBlockread);
3201 if (!CHECK_READ(fsp,req)) {
3202 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3203 END_PROFILE(SMBlockread);
3207 numtoread = SVAL(req->vwv+1, 0);
3208 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3210 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3212 reply_outbuf(req, 5, numtoread + 3);
3214 data = smb_buf(req->outbuf) + 3;
3217 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3218 * protocol request that predates the read/write lock concept.
3219 * Thus instead of asking for a read lock here we need to ask
3220 * for a write lock. JRA.
3221 * Note that the requested lock size is unaffected by max_recv.
3224 br_lck = do_lock(smbd_messaging_context(),
3227 (uint64_t)numtoread,
3231 False, /* Non-blocking lock. */
3235 TALLOC_FREE(br_lck);
3237 if (NT_STATUS_V(status)) {
3238 reply_nterror(req, status);
3239 END_PROFILE(SMBlockread);
3244 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3247 if (numtoread > sconn->smb1.negprot.max_recv) {
3248 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3249 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3250 (unsigned int)numtoread,
3251 (unsigned int)sconn->smb1.negprot.max_recv));
3252 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3254 nread = read_file(fsp,data,startpos,numtoread);
3257 reply_nterror(req, map_nt_error_from_unix(errno));
3258 END_PROFILE(SMBlockread);
3262 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3264 SSVAL(req->outbuf,smb_vwv0,nread);
3265 SSVAL(req->outbuf,smb_vwv5,nread+3);
3266 p = smb_buf(req->outbuf);
3267 SCVAL(p,0,0); /* pad byte. */
3270 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3271 fsp->fnum, (int)numtoread, (int)nread));
3273 END_PROFILE(SMBlockread);
3278 #define DBGC_CLASS DBGC_ALL
3280 /****************************************************************************
3282 ****************************************************************************/
3284 void reply_read(struct smb_request *req)
3286 connection_struct *conn = req->conn;
3293 struct lock_struct lock;
3294 struct smbd_server_connection *sconn = smbd_server_conn;
3296 START_PROFILE(SMBread);
3299 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3300 END_PROFILE(SMBread);
3304 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3306 if (!check_fsp(conn, req, fsp)) {
3307 END_PROFILE(SMBread);
3311 if (!CHECK_READ(fsp,req)) {
3312 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3313 END_PROFILE(SMBread);
3317 numtoread = SVAL(req->vwv+1, 0);
3318 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3320 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3323 * The requested read size cannot be greater than max_recv. JRA.
3325 if (numtoread > sconn->smb1.negprot.max_recv) {
3326 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3327 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3328 (unsigned int)numtoread,
3329 (unsigned int)sconn->smb1.negprot.max_recv));
3330 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3333 reply_outbuf(req, 5, numtoread+3);
3335 data = smb_buf(req->outbuf) + 3;
3337 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3338 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3341 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3342 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3343 END_PROFILE(SMBread);
3348 nread = read_file(fsp,data,startpos,numtoread);
3351 reply_nterror(req, map_nt_error_from_unix(errno));
3355 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3357 SSVAL(req->outbuf,smb_vwv0,nread);
3358 SSVAL(req->outbuf,smb_vwv5,nread+3);
3359 SCVAL(smb_buf(req->outbuf),0,1);
3360 SSVAL(smb_buf(req->outbuf),1,nread);
3362 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3363 fsp->fnum, (int)numtoread, (int)nread ) );
3366 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3368 END_PROFILE(SMBread);
3372 /****************************************************************************
3374 ****************************************************************************/
3376 static int setup_readX_header(struct smb_request *req, char *outbuf,
3382 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3383 data = smb_buf(outbuf);
3385 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3387 SCVAL(outbuf,smb_vwv0,0xFF);
3388 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3389 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3390 SSVAL(outbuf,smb_vwv6,
3392 + 1 /* the wct field */
3393 + 12 * sizeof(uint16_t) /* vwv */
3394 + 2); /* the buflen field */
3395 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3396 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3397 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3398 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3402 /****************************************************************************
3403 Reply to a read and X - possibly using sendfile.
3404 ****************************************************************************/
3406 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3407 files_struct *fsp, SMB_OFF_T startpos,
3411 struct lock_struct lock;
3412 int saved_errno = 0;
3414 if(fsp_stat(fsp) == -1) {
3415 reply_nterror(req, map_nt_error_from_unix(errno));
3419 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3420 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3423 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3424 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3428 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3429 (startpos > fsp->fsp_name->st.st_ex_size)
3430 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3432 * We already know that we would do a short read, so don't
3433 * try the sendfile() path.
3435 goto nosendfile_read;
3438 #if defined(WITH_SENDFILE)
3440 * We can only use sendfile on a non-chained packet
3441 * but we can use on a non-oplocked file. tridge proved this
3442 * on a train in Germany :-). JRA.
3445 if (!req_is_in_chain(req) &&
3446 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3447 (fsp->wcp == NULL) &&
3448 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
3449 uint8 headerbuf[smb_size + 12 * 2];
3453 * Set up the packet header before send. We
3454 * assume here the sendfile will work (get the
3455 * correct amount of data).
3458 header = data_blob_const(headerbuf, sizeof(headerbuf));
3460 construct_reply_common_req(req, (char *)headerbuf);
3461 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3463 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3464 /* Returning ENOSYS means no data at all was sent.
3465 Do this as a normal read. */
3466 if (errno == ENOSYS) {
3471 * Special hack for broken Linux with no working sendfile. If we
3472 * return EINTR we sent the header but not the rest of the data.
3473 * Fake this up by doing read/write calls.
3476 if (errno == EINTR) {
3477 /* Ensure we don't do this again. */
3478 set_use_sendfile(SNUM(conn), False);
3479 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3480 nread = fake_sendfile(fsp, startpos,
3483 DEBUG(0,("send_file_readX: "
3484 "fake_sendfile failed for "
3488 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3490 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3491 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3492 /* No outbuf here means successful sendfile. */
3496 DEBUG(0,("send_file_readX: sendfile failed for file "
3497 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3499 exit_server_cleanly("send_file_readX sendfile failed");
3500 } else if (nread == 0) {
3502 * Some sendfile implementations return 0 to indicate
3503 * that there was a short read, but nothing was
3504 * actually written to the socket. In this case,
3505 * fallback to the normal read path so the header gets
3506 * the correct byte count.
3508 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3509 "falling back to the normal read: %s\n",
3514 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3515 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3517 /* Deal with possible short send. */
3518 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3519 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3521 /* No outbuf here means successful sendfile. */
3522 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3523 SMB_PERFCOUNT_END(&req->pcd);
3531 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3532 uint8 headerbuf[smb_size + 2*12];
3534 construct_reply_common_req(req, (char *)headerbuf);
3535 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3537 /* Send out the header. */
3538 if (write_data(smbd_server_fd(), (char *)headerbuf,
3539 sizeof(headerbuf)) != sizeof(headerbuf)) {
3540 DEBUG(0,("send_file_readX: write_data failed for file "
3541 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3543 exit_server_cleanly("send_file_readX sendfile failed");
3545 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3547 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3548 "file %s (%s).\n", fsp_str_dbg(fsp),
3550 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3557 reply_outbuf(req, 12, smb_maxcnt);
3559 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3560 saved_errno = errno;
3562 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3565 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3569 setup_readX_header(req, (char *)req->outbuf, nread);
3571 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3572 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3578 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3579 TALLOC_FREE(req->outbuf);
3583 /****************************************************************************
3584 Reply to a read and X.
3585 ****************************************************************************/
3587 void reply_read_and_X(struct smb_request *req)
3589 connection_struct *conn = req->conn;
3593 bool big_readX = False;
3595 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3598 START_PROFILE(SMBreadX);
3600 if ((req->wct != 10) && (req->wct != 12)) {
3601 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3605 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3606 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3607 smb_maxcnt = SVAL(req->vwv+5, 0);
3609 /* If it's an IPC, pass off the pipe handler. */
3611 reply_pipe_read_and_X(req);
3612 END_PROFILE(SMBreadX);
3616 if (!check_fsp(conn, req, fsp)) {
3617 END_PROFILE(SMBreadX);
3621 if (!CHECK_READ(fsp,req)) {
3622 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3623 END_PROFILE(SMBreadX);
3627 if (global_client_caps & CAP_LARGE_READX) {
3628 size_t upper_size = SVAL(req->vwv+7, 0);
3629 smb_maxcnt |= (upper_size<<16);
3630 if (upper_size > 1) {
3631 /* Can't do this on a chained packet. */
3632 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3633 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3634 END_PROFILE(SMBreadX);
3637 /* We currently don't do this on signed or sealed data. */
3638 if (srv_is_signing_active(smbd_server_conn) ||
3639 is_encrypted_packet(req->inbuf)) {
3640 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3641 END_PROFILE(SMBreadX);
3644 /* Is there room in the reply for this data ? */
3645 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3647 NT_STATUS_INVALID_PARAMETER);
3648 END_PROFILE(SMBreadX);
3655 if (req->wct == 12) {
3656 #ifdef LARGE_SMB_OFF_T
3658 * This is a large offset (64 bit) read.
3660 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3662 #else /* !LARGE_SMB_OFF_T */
3665 * Ensure we haven't been sent a >32 bit offset.
3668 if(IVAL(req->vwv+10, 0) != 0) {
3669 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3670 "used and we don't support 64 bit offsets.\n",
3671 (unsigned int)IVAL(req->vwv+10, 0) ));
3672 END_PROFILE(SMBreadX);
3673 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3677 #endif /* LARGE_SMB_OFF_T */
3682 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3686 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3689 END_PROFILE(SMBreadX);
3693 /****************************************************************************
3694 Error replies to writebraw must have smb_wct == 1. Fix this up.
3695 ****************************************************************************/
3697 void error_to_writebrawerr(struct smb_request *req)
3699 uint8 *old_outbuf = req->outbuf;
3701 reply_outbuf(req, 1, 0);
3703 memcpy(req->outbuf, old_outbuf, smb_size);
3704 TALLOC_FREE(old_outbuf);
3707 /****************************************************************************
3708 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3709 ****************************************************************************/
3711 void reply_writebraw(struct smb_request *req)
3713 connection_struct *conn = req->conn;
3716 ssize_t total_written=0;
3717 size_t numtowrite=0;
3723 struct lock_struct lock;
3726 START_PROFILE(SMBwritebraw);
3729 * If we ever reply with an error, it must have the SMB command
3730 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3733 SCVAL(req->inbuf,smb_com,SMBwritec);
3735 if (srv_is_signing_active(smbd_server_conn)) {
3736 END_PROFILE(SMBwritebraw);
3737 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3738 "raw reads/writes are disallowed.");
3741 if (req->wct < 12) {
3742 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3743 error_to_writebrawerr(req);
3744 END_PROFILE(SMBwritebraw);
3748 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3749 if (!check_fsp(conn, req, fsp)) {
3750 error_to_writebrawerr(req);
3751 END_PROFILE(SMBwritebraw);
3755 if (!CHECK_WRITE(fsp)) {
3756 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3757 error_to_writebrawerr(req);
3758 END_PROFILE(SMBwritebraw);
3762 tcount = IVAL(req->vwv+1, 0);
3763 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3764 write_through = BITSETW(req->vwv+7,0);
3766 /* We have to deal with slightly different formats depending
3767 on whether we are using the core+ or lanman1.0 protocol */
3769 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3770 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3771 data = smb_buf(req->inbuf);
3773 numtowrite = SVAL(req->vwv+10, 0);
3774 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3777 /* Ensure we don't write bytes past the end of this packet. */
3778 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3779 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3780 error_to_writebrawerr(req);
3781 END_PROFILE(SMBwritebraw);
3785 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3786 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3789 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3790 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3791 error_to_writebrawerr(req);
3792 END_PROFILE(SMBwritebraw);
3797 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3800 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3801 "wrote=%d sync=%d\n",
3802 fsp->fnum, (double)startpos, (int)numtowrite,
3803 (int)nwritten, (int)write_through));
3805 if (nwritten < (ssize_t)numtowrite) {
3806 reply_nterror(req, NT_STATUS_DISK_FULL);
3807 error_to_writebrawerr(req);
3811 total_written = nwritten;
3813 /* Allocate a buffer of 64k + length. */
3814 buf = TALLOC_ARRAY(NULL, char, 65540);
3816 reply_nterror(req, NT_STATUS_NO_MEMORY);
3817 error_to_writebrawerr(req);
3821 /* Return a SMBwritebraw message to the redirector to tell
3822 * it to send more bytes */
3824 memcpy(buf, req->inbuf, smb_size);
3825 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
3826 SCVAL(buf,smb_com,SMBwritebraw);
3827 SSVALS(buf,smb_vwv0,0xFFFF);
3829 if (!srv_send_smb(smbd_server_fd(),
3831 false, 0, /* no signing */
3832 IS_CONN_ENCRYPTED(conn),
3834 exit_server_cleanly("reply_writebraw: srv_send_smb "
3838 /* Now read the raw data into the buffer and write it */
3839 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3841 if (!NT_STATUS_IS_OK(status)) {
3842 exit_server_cleanly("secondary writebraw failed");
3845 /* Set up outbuf to return the correct size */
3846 reply_outbuf(req, 1, 0);
3848 if (numtowrite != 0) {
3850 if (numtowrite > 0xFFFF) {
3851 DEBUG(0,("reply_writebraw: Oversize secondary write "
3852 "raw requested (%u). Terminating\n",
3853 (unsigned int)numtowrite ));
3854 exit_server_cleanly("secondary writebraw failed");
3857 if (tcount > nwritten+numtowrite) {
3858 DEBUG(3,("reply_writebraw: Client overestimated the "
3860 (int)tcount,(int)nwritten,(int)numtowrite));
3863 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3865 if (!NT_STATUS_IS_OK(status)) {
3866 DEBUG(0,("reply_writebraw: Oversize secondary write "
3867 "raw read failed (%s). Terminating\n",
3868 nt_errstr(status)));
3869 exit_server_cleanly("secondary writebraw failed");
3872 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3873 if (nwritten == -1) {
3875 reply_nterror(req, map_nt_error_from_unix(errno));
3876 error_to_writebrawerr(req);
3880 if (nwritten < (ssize_t)numtowrite) {
3881 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3882 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3886 total_written += nwritten;
3891 SSVAL(req->outbuf,smb_vwv0,total_written);
3893 status = sync_file(conn, fsp, write_through);
3894 if (!NT_STATUS_IS_OK(status)) {
3895 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3896 fsp_str_dbg(fsp), nt_errstr(status)));
3897 reply_nterror(req, status);
3898 error_to_writebrawerr(req);
3902 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3904 fsp->fnum, (double)startpos, (int)numtowrite,
3905 (int)total_written));
3907 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3909 /* We won't return a status if write through is not selected - this
3910 * follows what WfWg does */
3911 END_PROFILE(SMBwritebraw);
3913 if (!write_through && total_written==tcount) {
3915 #if RABBIT_PELLET_FIX
3917 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3918 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3921 if (!send_keepalive(smbd_server_fd())) {
3922 exit_server_cleanly("reply_writebraw: send of "
3923 "keepalive failed");
3926 TALLOC_FREE(req->outbuf);
3931 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3933 END_PROFILE(SMBwritebraw);
3938 #define DBGC_CLASS DBGC_LOCKING
3940 /****************************************************************************
3941 Reply to a writeunlock (core+).
3942 ****************************************************************************/
3944 void reply_writeunlock(struct smb_request *req)
3946 connection_struct *conn = req->conn;
3947 ssize_t nwritten = -1;
3951 NTSTATUS status = NT_STATUS_OK;
3953 struct lock_struct lock;
3954 int saved_errno = 0;
3956 START_PROFILE(SMBwriteunlock);
3959 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3960 END_PROFILE(SMBwriteunlock);
3964 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3966 if (!check_fsp(conn, req, fsp)) {
3967 END_PROFILE(SMBwriteunlock);
3971 if (!CHECK_WRITE(fsp)) {
3972 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3973 END_PROFILE(SMBwriteunlock);
3977 numtowrite = SVAL(req->vwv+1, 0);
3978 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3979 data = (const char *)req->buf + 3;
3982 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3983 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3986 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3987 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3988 END_PROFILE(SMBwriteunlock);
3993 /* The special X/Open SMB protocol handling of
3994 zero length writes is *NOT* done for
3996 if(numtowrite == 0) {
3999 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4000 saved_errno = errno;
4003 status = sync_file(conn, fsp, False /* write through */);
4004 if (!NT_STATUS_IS_OK(status)) {
4005 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4006 fsp_str_dbg(fsp), nt_errstr(status)));
4007 reply_nterror(req, status);
4012 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4016 if((nwritten < numtowrite) && (numtowrite != 0)) {
4017 reply_nterror(req, NT_STATUS_DISK_FULL);
4022 status = do_unlock(smbd_messaging_context(),
4025 (uint64_t)numtowrite,
4029 if (NT_STATUS_V(status)) {
4030 reply_nterror(req, status);
4035 reply_outbuf(req, 1, 0);
4037 SSVAL(req->outbuf,smb_vwv0,nwritten);
4039 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4040 fsp->fnum, (int)numtowrite, (int)nwritten));
4044 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4047 END_PROFILE(SMBwriteunlock);
4052 #define DBGC_CLASS DBGC_ALL
4054 /****************************************************************************
4056 ****************************************************************************/
4058 void reply_write(struct smb_request *req)
4060 connection_struct *conn = req->conn;
4062 ssize_t nwritten = -1;
4066 struct lock_struct lock;
4068 int saved_errno = 0;
4070 START_PROFILE(SMBwrite);
4073 END_PROFILE(SMBwrite);
4074 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4078 /* If it's an IPC, pass off the pipe handler. */
4080 reply_pipe_write(req);
4081 END_PROFILE(SMBwrite);
4085 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4087 if (!check_fsp(conn, req, fsp)) {
4088 END_PROFILE(SMBwrite);
4092 if (!CHECK_WRITE(fsp)) {
4093 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4094 END_PROFILE(SMBwrite);
4098 numtowrite = SVAL(req->vwv+1, 0);
4099 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4100 data = (const char *)req->buf + 3;
4102 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4103 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4106 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4107 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4108 END_PROFILE(SMBwrite);
4113 * X/Open SMB protocol says that if smb_vwv1 is
4114 * zero then the file size should be extended or
4115 * truncated to the size given in smb_vwv[2-3].
4118 if(numtowrite == 0) {
4120 * This is actually an allocate call, and set EOF. JRA.
4122 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4124 reply_nterror(req, NT_STATUS_DISK_FULL);
4127 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4129 reply_nterror(req, NT_STATUS_DISK_FULL);
4132 trigger_write_time_update_immediate(fsp);
4134 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4137 status = sync_file(conn, fsp, False);
4138 if (!NT_STATUS_IS_OK(status)) {
4139 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4140 fsp_str_dbg(fsp), nt_errstr(status)));
4141 reply_nterror(req, status);
4146 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4150 if((nwritten == 0) && (numtowrite != 0)) {
4151 reply_nterror(req, NT_STATUS_DISK_FULL);
4155 reply_outbuf(req, 1, 0);
4157 SSVAL(req->outbuf,smb_vwv0,nwritten);
4159 if (nwritten < (ssize_t)numtowrite) {
4160 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4161 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4164 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4167 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4169 END_PROFILE(SMBwrite);
4173 /****************************************************************************
4174 Ensure a buffer is a valid writeX for recvfile purposes.
4175 ****************************************************************************/
4177 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4178 (2*14) + /* word count (including bcc) */ \
4181 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4184 connection_struct *conn = NULL;
4185 unsigned int doff = 0;
4186 size_t len = smb_len_large(inbuf);
4187 struct smbd_server_connection *sconn = smbd_server_conn;
4189 if (is_encrypted_packet(inbuf)) {
4190 /* Can't do this on encrypted
4195 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4199 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4200 CVAL(inbuf,smb_wct) != 14) {
4201 DEBUG(10,("is_valid_writeX_buffer: chained or "
4202 "invalid word length.\n"));
4206 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4208 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4212 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4215 if (IS_PRINT(conn)) {
4216 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4219 doff = SVAL(inbuf,smb_vwv11);
4221 numtowrite = SVAL(inbuf,smb_vwv10);
4223 if (len > doff && len - doff > 0xFFFF) {
4224 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4227 if (numtowrite == 0) {
4228 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4232 /* Ensure the sizes match up. */
4233 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4234 /* no pad byte...old smbclient :-( */
4235 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4237 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4241 if (len - doff != numtowrite) {
4242 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4243 "len = %u, doff = %u, numtowrite = %u\n",
4246 (unsigned int)numtowrite ));
4250 DEBUG(10,("is_valid_writeX_buffer: true "
4251 "len = %u, doff = %u, numtowrite = %u\n",
4254 (unsigned int)numtowrite ));
4259 /****************************************************************************
4260 Reply to a write and X.
4261 ****************************************************************************/
4263 void reply_write_and_X(struct smb_request *req)
4265 connection_struct *conn = req->conn;
4267 struct lock_struct lock;
4272 unsigned int smb_doff;
4273 unsigned int smblen;
4277 START_PROFILE(SMBwriteX);
4279 if ((req->wct != 12) && (req->wct != 14)) {
4280 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4281 END_PROFILE(SMBwriteX);
4285 numtowrite = SVAL(req->vwv+10, 0);
4286 smb_doff = SVAL(req->vwv+11, 0);
4287 smblen = smb_len(req->inbuf);
4289 if (req->unread_bytes > 0xFFFF ||
4290 (smblen > smb_doff &&
4291 smblen - smb_doff > 0xFFFF)) {
4292 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4295 if (req->unread_bytes) {
4296 /* Can't do a recvfile write on IPC$ */
4298 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4299 END_PROFILE(SMBwriteX);
4302 if (numtowrite != req->unread_bytes) {
4303 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4304 END_PROFILE(SMBwriteX);
4308 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4309 smb_doff + numtowrite > smblen) {
4310 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4311 END_PROFILE(SMBwriteX);
4316 /* If it's an IPC, pass off the pipe handler. */
4318 if (req->unread_bytes) {
4319 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4320 END_PROFILE(SMBwriteX);
4323 reply_pipe_write_and_X(req);
4324 END_PROFILE(SMBwriteX);
4328 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4329 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4330 write_through = BITSETW(req->vwv+7,0);
4332 if (!check_fsp(conn, req, fsp)) {
4333 END_PROFILE(SMBwriteX);
4337 if (!CHECK_WRITE(fsp)) {
4338 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4339 END_PROFILE(SMBwriteX);
4343 data = smb_base(req->inbuf) + smb_doff;
4345 if(req->wct == 14) {
4346 #ifdef LARGE_SMB_OFF_T
4348 * This is a large offset (64 bit) write.
4350 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4352 #else /* !LARGE_SMB_OFF_T */
4355 * Ensure we haven't been sent a >32 bit offset.
4358 if(IVAL(req->vwv+12, 0) != 0) {
4359 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4360 "used and we don't support 64 bit offsets.\n",
4361 (unsigned int)IVAL(req->vwv+12, 0) ));
4362 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4363 END_PROFILE(SMBwriteX);
4367 #endif /* LARGE_SMB_OFF_T */
4370 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4371 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4374 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4375 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4376 END_PROFILE(SMBwriteX);
4380 /* X/Open SMB protocol says that, unlike SMBwrite
4381 if the length is zero then NO truncation is
4382 done, just a write of zero. To truncate a file,
4385 if(numtowrite == 0) {
4389 if ((req->unread_bytes == 0) &&
4390 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4395 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4399 reply_nterror(req, map_nt_error_from_unix(errno));
4403 if((nwritten == 0) && (numtowrite != 0)) {
4404 reply_nterror(req, NT_STATUS_DISK_FULL);
4408 reply_outbuf(req, 6, 0);
4409 SSVAL(req->outbuf,smb_vwv2,nwritten);
4410 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4412 if (nwritten < (ssize_t)numtowrite) {
4413 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4414 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4417 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4418 fsp->fnum, (int)numtowrite, (int)nwritten));
4420 status = sync_file(conn, fsp, write_through);
4421 if (!NT_STATUS_IS_OK(status)) {
4422 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4423 fsp_str_dbg(fsp), nt_errstr(status)));
4424 reply_nterror(req, status);
4428 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4430 END_PROFILE(SMBwriteX);
4435 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4437 END_PROFILE(SMBwriteX);
4441 /****************************************************************************
4443 ****************************************************************************/
4445 void reply_lseek(struct smb_request *req)
4447 connection_struct *conn = req->conn;
4453 START_PROFILE(SMBlseek);
4456 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4457 END_PROFILE(SMBlseek);
4461 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4463 if (!check_fsp(conn, req, fsp)) {
4467 flush_write_cache(fsp, SEEK_FLUSH);
4469 mode = SVAL(req->vwv+1, 0) & 3;
4470 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4471 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4480 res = fsp->fh->pos + startpos;
4491 if (umode == SEEK_END) {
4492 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4493 if(errno == EINVAL) {
4494 SMB_OFF_T current_pos = startpos;
4496 if(fsp_stat(fsp) == -1) {
4498 map_nt_error_from_unix(errno));
4499 END_PROFILE(SMBlseek);
4503 current_pos += fsp->fsp_name->st.st_ex_size;
4505 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4510 reply_nterror(req, map_nt_error_from_unix(errno));
4511 END_PROFILE(SMBlseek);
4518 reply_outbuf(req, 2, 0);
4519 SIVAL(req->outbuf,smb_vwv0,res);
4521 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4522 fsp->fnum, (double)startpos, (double)res, mode));
4524 END_PROFILE(SMBlseek);
4528 /****************************************************************************
4530 ****************************************************************************/
4532 void reply_flush(struct smb_request *req)
4534 connection_struct *conn = req->conn;
4538 START_PROFILE(SMBflush);
4541 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4545 fnum = SVAL(req->vwv+0, 0);
4546 fsp = file_fsp(req, fnum);
4548 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4553 file_sync_all(conn);
4555 NTSTATUS status = sync_file(conn, fsp, True);
4556 if (!NT_STATUS_IS_OK(status)) {
4557 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4558 fsp_str_dbg(fsp), nt_errstr(status)));
4559 reply_nterror(req, status);
4560 END_PROFILE(SMBflush);
4565 reply_outbuf(req, 0, 0);
4567 DEBUG(3,("flush\n"));
4568 END_PROFILE(SMBflush);
4572 /****************************************************************************
4574 conn POINTER CAN BE NULL HERE !
4575 ****************************************************************************/
4577 void reply_exit(struct smb_request *req)
4579 START_PROFILE(SMBexit);
4581 file_close_pid(req->smbpid, req->vuid);
4583 reply_outbuf(req, 0, 0);
4585 DEBUG(3,("exit\n"));
4587 END_PROFILE(SMBexit);
4591 /****************************************************************************
4592 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4593 ****************************************************************************/
4595 void reply_close(struct smb_request *req)
4597 connection_struct *conn = req->conn;
4598 NTSTATUS status = NT_STATUS_OK;
4599 files_struct *fsp = NULL;
4600 START_PROFILE(SMBclose);
4603 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4604 END_PROFILE(SMBclose);
4608 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4611 * We can only use check_fsp if we know it's not a directory.
4614 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4615 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
4616 END_PROFILE(SMBclose);
4620 if(fsp->is_directory) {
4622 * Special case - close NT SMB directory handle.
4624 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4625 status = close_file(req, fsp, NORMAL_CLOSE);
4629 * Close ordinary file.
4632 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4633 fsp->fh->fd, fsp->fnum,
4634 conn->num_files_open));
4637 * Take care of any time sent in the close.
4640 t = srv_make_unix_date3(req->vwv+1);
4641 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4644 * close_file() returns the unix errno if an error
4645 * was detected on close - normally this is due to
4646 * a disk full error. If not then it was probably an I/O error.
4649 status = close_file(req, fsp, NORMAL_CLOSE);
4652 if (!NT_STATUS_IS_OK(status)) {
4653 reply_nterror(req, status);
4654 END_PROFILE(SMBclose);
4658 reply_outbuf(req, 0, 0);
4659 END_PROFILE(SMBclose);
4663 /****************************************************************************
4664 Reply to a writeclose (Core+ protocol).
4665 ****************************************************************************/
4667 void reply_writeclose(struct smb_request *req)
4669 connection_struct *conn = req->conn;
4671 ssize_t nwritten = -1;
4672 NTSTATUS close_status = NT_STATUS_OK;
4675 struct timespec mtime;
4677 struct lock_struct lock;
4679 START_PROFILE(SMBwriteclose);
4682 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4683 END_PROFILE(SMBwriteclose);
4687 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4689 if (!check_fsp(conn, req, fsp)) {
4690 END_PROFILE(SMBwriteclose);
4693 if (!CHECK_WRITE(fsp)) {
4694 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4695 END_PROFILE(SMBwriteclose);
4699 numtowrite = SVAL(req->vwv+1, 0);
4700 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4701 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4702 data = (const char *)req->buf + 1;
4705 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4706 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4709 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4710 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4711 END_PROFILE(SMBwriteclose);
4716 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4718 set_close_write_time(fsp, mtime);
4721 * More insanity. W2K only closes the file if writelen > 0.
4726 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4727 "file %s\n", fsp_str_dbg(fsp)));
4728 close_status = close_file(req, fsp, NORMAL_CLOSE);
4731 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4732 fsp->fnum, (int)numtowrite, (int)nwritten,
4733 conn->num_files_open));
4735 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4736 reply_nterror(req, NT_STATUS_DISK_FULL);
4740 if(!NT_STATUS_IS_OK(close_status)) {
4741 reply_nterror(req, close_status);
4745 reply_outbuf(req, 1, 0);
4747 SSVAL(req->outbuf,smb_vwv0,nwritten);
4751 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4754 END_PROFILE(SMBwriteclose);
4759 #define DBGC_CLASS DBGC_LOCKING
4761 /****************************************************************************
4763 ****************************************************************************/
4765 void reply_lock(struct smb_request *req)
4767 connection_struct *conn = req->conn;
4768 uint64_t count,offset;
4771 struct byte_range_lock *br_lck = NULL;
4773 START_PROFILE(SMBlock);
4776 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4777 END_PROFILE(SMBlock);
4781 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4783 if (!check_fsp(conn, req, fsp)) {
4784 END_PROFILE(SMBlock);
4788 count = (uint64_t)IVAL(req->vwv+1, 0);
4789 offset = (uint64_t)IVAL(req->vwv+3, 0);
4791 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4792 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4794 br_lck = do_lock(smbd_messaging_context(),
4801 False, /* Non-blocking lock. */
4806 TALLOC_FREE(br_lck);
4808 if (NT_STATUS_V(status)) {
4809 reply_nterror(req, status);
4810 END_PROFILE(SMBlock);
4814 reply_outbuf(req, 0, 0);
4816 END_PROFILE(SMBlock);
4820 /****************************************************************************
4822 ****************************************************************************/
4824 void reply_unlock(struct smb_request *req)
4826 connection_struct *conn = req->conn;
4827 uint64_t count,offset;
4831 START_PROFILE(SMBunlock);
4834 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4835 END_PROFILE(SMBunlock);
4839 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4841 if (!check_fsp(conn, req, fsp)) {
4842 END_PROFILE(SMBunlock);
4846 count = (uint64_t)IVAL(req->vwv+1, 0);
4847 offset = (uint64_t)IVAL(req->vwv+3, 0);
4849 status = do_unlock(smbd_messaging_context(),
4856 if (NT_STATUS_V(status)) {
4857 reply_nterror(req, status);
4858 END_PROFILE(SMBunlock);
4862 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4863 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4865 reply_outbuf(req, 0, 0);
4867 END_PROFILE(SMBunlock);
4872 #define DBGC_CLASS DBGC_ALL
4874 /****************************************************************************
4876 conn POINTER CAN BE NULL HERE !
4877 ****************************************************************************/
4879 void reply_tdis(struct smb_request *req)
4881 connection_struct *conn = req->conn;
4882 START_PROFILE(SMBtdis);
4885 DEBUG(4,("Invalid connection in tdis\n"));
4886 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
4887 END_PROFILE(SMBtdis);
4893 close_cnum(conn,req->vuid);
4896 reply_outbuf(req, 0, 0);
4897 END_PROFILE(SMBtdis);
4901 /****************************************************************************
4903 conn POINTER CAN BE NULL HERE !
4904 ****************************************************************************/
4906 void reply_echo(struct smb_request *req)
4908 connection_struct *conn = req->conn;
4909 struct smb_perfcount_data local_pcd;
4910 struct smb_perfcount_data *cur_pcd;
4914 START_PROFILE(SMBecho);
4916 smb_init_perfcount_data(&local_pcd);
4919 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4920 END_PROFILE(SMBecho);
4924 smb_reverb = SVAL(req->vwv+0, 0);
4926 reply_outbuf(req, 1, req->buflen);
4928 /* copy any incoming data back out */
4929 if (req->buflen > 0) {
4930 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4933 if (smb_reverb > 100) {
4934 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4938 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4940 /* this makes sure we catch the request pcd */
4941 if (seq_num == smb_reverb) {
4942 cur_pcd = &req->pcd;
4944 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4945 cur_pcd = &local_pcd;
4948 SSVAL(req->outbuf,smb_vwv0,seq_num);
4950 show_msg((char *)req->outbuf);
4951 if (!srv_send_smb(smbd_server_fd(),
4952 (char *)req->outbuf,
4953 true, req->seqnum+1,
4954 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4956 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4959 DEBUG(3,("echo %d times\n", smb_reverb));
4961 TALLOC_FREE(req->outbuf);
4963 END_PROFILE(SMBecho);
4967 /****************************************************************************
4968 Reply to a printopen.
4969 ****************************************************************************/
4971 void reply_printopen(struct smb_request *req)
4973 connection_struct *conn = req->conn;
4977 START_PROFILE(SMBsplopen);
4980 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4981 END_PROFILE(SMBsplopen);
4985 if (!CAN_PRINT(conn)) {
4986 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4987 END_PROFILE(SMBsplopen);
4991 status = file_new(req, conn, &fsp);
4992 if(!NT_STATUS_IS_OK(status)) {
4993 reply_nterror(req, status);
4994 END_PROFILE(SMBsplopen);
4998 /* Open for exclusive use, write only. */
4999 status = print_fsp_open(req, conn, NULL, req->vuid, fsp);
5001 if (!NT_STATUS_IS_OK(status)) {
5002 file_free(req, fsp);
5003 reply_nterror(req, status);
5004 END_PROFILE(SMBsplopen);
5008 reply_outbuf(req, 1, 0);
5009 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5011 DEBUG(3,("openprint fd=%d fnum=%d\n",
5012 fsp->fh->fd, fsp->fnum));
5014 END_PROFILE(SMBsplopen);
5018 /****************************************************************************
5019 Reply to a printclose.
5020 ****************************************************************************/
5022 void reply_printclose(struct smb_request *req)
5024 connection_struct *conn = req->conn;
5028 START_PROFILE(SMBsplclose);
5031 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5032 END_PROFILE(SMBsplclose);
5036 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5038 if (!check_fsp(conn, req, fsp)) {
5039 END_PROFILE(SMBsplclose);
5043 if (!CAN_PRINT(conn)) {
5044 reply_force_doserror(req, ERRSRV, ERRerror);
5045 END_PROFILE(SMBsplclose);
5049 DEBUG(3,("printclose fd=%d fnum=%d\n",
5050 fsp->fh->fd,fsp->fnum));
5052 status = close_file(req, fsp, NORMAL_CLOSE);
5054 if(!NT_STATUS_IS_OK(status)) {
5055 reply_nterror(req, status);
5056 END_PROFILE(SMBsplclose);
5060 reply_outbuf(req, 0, 0);
5062 END_PROFILE(SMBsplclose);
5066 /****************************************************************************
5067 Reply to a printqueue.
5068 ****************************************************************************/
5070 void reply_printqueue(struct smb_request *req)
5072 connection_struct *conn = req->conn;
5076 START_PROFILE(SMBsplretq);
5079 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5080 END_PROFILE(SMBsplretq);
5084 max_count = SVAL(req->vwv+0, 0);
5085 start_index = SVAL(req->vwv+1, 0);
5087 /* we used to allow the client to get the cnum wrong, but that
5088 is really quite gross and only worked when there was only
5089 one printer - I think we should now only accept it if they
5090 get it right (tridge) */
5091 if (!CAN_PRINT(conn)) {
5092 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5093 END_PROFILE(SMBsplretq);
5097 reply_outbuf(req, 2, 3);
5098 SSVAL(req->outbuf,smb_vwv0,0);
5099 SSVAL(req->outbuf,smb_vwv1,0);
5100 SCVAL(smb_buf(req->outbuf),0,1);
5101 SSVAL(smb_buf(req->outbuf),1,0);
5103 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5104 start_index, max_count));
5107 print_queue_struct *queue = NULL;
5108 print_status_struct status;
5109 int count = print_queue_status(SNUM(conn), &queue, &status);
5110 int num_to_get = ABS(max_count);
5111 int first = (max_count>0?start_index:start_index+max_count+1);
5117 num_to_get = MIN(num_to_get,count-first);
5120 for (i=first;i<first+num_to_get;i++) {
5124 srv_put_dos_date2(p,0,queue[i].time);
5125 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5126 SSVAL(p,5, queue[i].job);
5127 SIVAL(p,7,queue[i].size);
5129 srvstr_push(blob, req->flags2, p+12,
5130 queue[i].fs_user, 16, STR_ASCII);
5132 if (message_push_blob(
5135 blob, sizeof(blob))) == -1) {
5136 reply_nterror(req, NT_STATUS_NO_MEMORY);
5137 END_PROFILE(SMBsplretq);
5143 SSVAL(req->outbuf,smb_vwv0,count);
5144 SSVAL(req->outbuf,smb_vwv1,
5145 (max_count>0?first+count:first-1));
5146 SCVAL(smb_buf(req->outbuf),0,1);
5147 SSVAL(smb_buf(req->outbuf),1,28*count);
5152 DEBUG(3,("%d entries returned in queue\n",count));
5155 END_PROFILE(SMBsplretq);
5159 /****************************************************************************
5160 Reply to a printwrite.
5161 ****************************************************************************/
5163 void reply_printwrite(struct smb_request *req)
5165 connection_struct *conn = req->conn;
5170 START_PROFILE(SMBsplwr);
5173 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5174 END_PROFILE(SMBsplwr);
5178 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5180 if (!check_fsp(conn, req, fsp)) {
5181 END_PROFILE(SMBsplwr);
5185 if (!CAN_PRINT(conn)) {
5186 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5187 END_PROFILE(SMBsplwr);
5191 if (!CHECK_WRITE(fsp)) {
5192 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5193 END_PROFILE(SMBsplwr);
5197 numtowrite = SVAL(req->buf, 1);
5199 if (req->buflen < numtowrite + 3) {
5200 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5201 END_PROFILE(SMBsplwr);
5205 data = (const char *)req->buf + 3;
5207 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5208 reply_nterror(req, map_nt_error_from_unix(errno));
5209 END_PROFILE(SMBsplwr);
5213 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5215 END_PROFILE(SMBsplwr);
5219 /****************************************************************************
5221 ****************************************************************************/
5223 void reply_mkdir(struct smb_request *req)
5225 connection_struct *conn = req->conn;
5226 struct smb_filename *smb_dname = NULL;
5227 char *directory = NULL;
5229 TALLOC_CTX *ctx = talloc_tos();
5231 START_PROFILE(SMBmkdir);
5233 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5234 STR_TERMINATE, &status);
5235 if (!NT_STATUS_IS_OK(status)) {
5236 reply_nterror(req, status);
5240 status = filename_convert(ctx, conn,
5241 req->flags2 & FLAGS2_DFS_PATHNAMES,
5246 if (!NT_STATUS_IS_OK(status)) {
5247 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5248 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5249 ERRSRV, ERRbadpath);
5252 reply_nterror(req, status);
5256 status = create_directory(conn, req, smb_dname);
5258 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5260 if (!NT_STATUS_IS_OK(status)) {
5262 if (!use_nt_status()
5263 && NT_STATUS_EQUAL(status,
5264 NT_STATUS_OBJECT_NAME_COLLISION)) {
5266 * Yes, in the DOS error code case we get a
5267 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5268 * samba4 torture test.
5270 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5273 reply_nterror(req, status);
5277 reply_outbuf(req, 0, 0);
5279 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5281 TALLOC_FREE(smb_dname);
5282 END_PROFILE(SMBmkdir);
5286 /****************************************************************************
5288 ****************************************************************************/
5290 void reply_rmdir(struct smb_request *req)
5292 connection_struct *conn = req->conn;
5293 struct smb_filename *smb_dname = NULL;
5294 char *directory = NULL;
5296 TALLOC_CTX *ctx = talloc_tos();
5297 files_struct *fsp = NULL;
5299 struct smbd_server_connection *sconn = smbd_server_conn;
5301 START_PROFILE(SMBrmdir);
5303 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5304 STR_TERMINATE, &status);
5305 if (!NT_STATUS_IS_OK(status)) {
5306 reply_nterror(req, status);
5310 status = filename_convert(ctx, conn,
5311 req->flags2 & FLAGS2_DFS_PATHNAMES,
5316 if (!NT_STATUS_IS_OK(status)) {
5317 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5318 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5319 ERRSRV, ERRbadpath);
5322 reply_nterror(req, status);
5326 if (is_ntfs_stream_smb_fname(smb_dname)) {
5327 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5331 status = SMB_VFS_CREATE_FILE(
5334 0, /* root_dir_fid */
5335 smb_dname, /* fname */
5336 DELETE_ACCESS, /* access_mask */
5337 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5339 FILE_OPEN, /* create_disposition*/
5340 FILE_DIRECTORY_FILE, /* create_options */
5341 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5342 0, /* oplock_request */
5343 0, /* allocation_size */
5349 if (!NT_STATUS_IS_OK(status)) {
5350 if (open_was_deferred(req->mid)) {
5351 /* We have re-scheduled this call. */
5354 reply_nterror(req, status);
5358 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5359 if (!NT_STATUS_IS_OK(status)) {
5360 close_file(req, fsp, ERROR_CLOSE);
5361 reply_nterror(req, status);
5365 if (!set_delete_on_close(fsp, true, &conn->server_info->utok)) {
5366 close_file(req, fsp, ERROR_CLOSE);
5367 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5371 status = close_file(req, fsp, NORMAL_CLOSE);
5372 if (!NT_STATUS_IS_OK(status)) {
5373 reply_nterror(req, status);
5375 reply_outbuf(req, 0, 0);
5378 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5380 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5382 TALLOC_FREE(smb_dname);
5383 END_PROFILE(SMBrmdir);
5387 /*******************************************************************
5388 Resolve wildcards in a filename rename.
5389 ********************************************************************/
5391 static bool resolve_wildcards(TALLOC_CTX *ctx,
5396 char *name2_copy = NULL;
5401 char *p,*p2, *pname1, *pname2;
5403 name2_copy = talloc_strdup(ctx, name2);
5408 pname1 = strrchr_m(name1,'/');
5409 pname2 = strrchr_m(name2_copy,'/');
5411 if (!pname1 || !pname2) {
5415 /* Truncate the copy of name2 at the last '/' */
5418 /* Now go past the '/' */
5422 root1 = talloc_strdup(ctx, pname1);
5423 root2 = talloc_strdup(ctx, pname2);
5425 if (!root1 || !root2) {
5429 p = strrchr_m(root1,'.');
5432 ext1 = talloc_strdup(ctx, p+1);
5434 ext1 = talloc_strdup(ctx, "");
5436 p = strrchr_m(root2,'.');
5439 ext2 = talloc_strdup(ctx, p+1);
5441 ext2 = talloc_strdup(ctx, "");
5444 if (!ext1 || !ext2) {
5452 /* Hmmm. Should this be mb-aware ? */
5455 } else if (*p2 == '*') {
5457 root2 = talloc_asprintf(ctx, "%s%s",
5476 /* Hmmm. Should this be mb-aware ? */
5479 } else if (*p2 == '*') {
5481 ext2 = talloc_asprintf(ctx, "%s%s",
5497 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5502 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5514 /****************************************************************************
5515 Ensure open files have their names updated. Updated to notify other smbd's
5517 ****************************************************************************/
5519 static void rename_open_files(connection_struct *conn,
5520 struct share_mode_lock *lck,
5521 const struct smb_filename *smb_fname_dst)
5524 bool did_rename = False;
5527 for(fsp = file_find_di_first(lck->id); fsp;
5528 fsp = file_find_di_next(fsp)) {
5529 /* fsp_name is a relative path under the fsp. To change this for other
5530 sharepaths we need to manipulate relative paths. */
5531 /* TODO - create the absolute path and manipulate the newname
5532 relative to the sharepath. */
5533 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5536 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5537 "(file_id %s) from %s -> %s\n", fsp->fnum,
5538 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5539 smb_fname_str_dbg(smb_fname_dst)));
5541 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5542 if (NT_STATUS_IS_OK(status)) {
5548 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5549 "for %s\n", file_id_string_tos(&lck->id),
5550 smb_fname_str_dbg(smb_fname_dst)));
5553 /* Send messages to all smbd's (not ourself) that the name has changed. */
5554 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5559 /****************************************************************************
5560 We need to check if the source path is a parent directory of the destination
5561 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5562 refuse the rename with a sharing violation. Under UNIX the above call can
5563 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5564 probably need to check that the client is a Windows one before disallowing
5565 this as a UNIX client (one with UNIX extensions) can know the source is a
5566 symlink and make this decision intelligently. Found by an excellent bug
5567 report from <AndyLiebman@aol.com>.
5568 ****************************************************************************/
5570 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5571 const struct smb_filename *smb_fname_dst)
5573 const char *psrc = smb_fname_src->base_name;
5574 const char *pdst = smb_fname_dst->base_name;
5577 if (psrc[0] == '.' && psrc[1] == '/') {
5580 if (pdst[0] == '.' && pdst[1] == '/') {
5583 if ((slen = strlen(psrc)) > strlen(pdst)) {
5586 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5590 * Do the notify calls from a rename
5593 static void notify_rename(connection_struct *conn, bool is_dir,
5594 const struct smb_filename *smb_fname_src,
5595 const struct smb_filename *smb_fname_dst)
5597 char *parent_dir_src = NULL;
5598 char *parent_dir_dst = NULL;
5601 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5602 : FILE_NOTIFY_CHANGE_FILE_NAME;
5604 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5605 &parent_dir_src, NULL) ||
5606 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5607 &parent_dir_dst, NULL)) {
5611 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5612 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5613 smb_fname_src->base_name);
5614 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5615 smb_fname_dst->base_name);
5618 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5619 smb_fname_src->base_name);
5620 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5621 smb_fname_dst->base_name);
5624 /* this is a strange one. w2k3 gives an additional event for
5625 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5626 files, but not directories */
5628 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5629 FILE_NOTIFY_CHANGE_ATTRIBUTES
5630 |FILE_NOTIFY_CHANGE_CREATION,
5631 smb_fname_dst->base_name);
5634 TALLOC_FREE(parent_dir_src);
5635 TALLOC_FREE(parent_dir_dst);
5638 /****************************************************************************
5639 Rename an open file - given an fsp.
5640 ****************************************************************************/
5642 NTSTATUS rename_internals_fsp(connection_struct *conn,
5644 const struct smb_filename *smb_fname_dst_in,
5646 bool replace_if_exists)
5648 TALLOC_CTX *ctx = talloc_tos();
5649 struct smb_filename *smb_fname_dst = NULL;
5650 NTSTATUS status = NT_STATUS_OK;
5651 struct share_mode_lock *lck = NULL;
5652 bool dst_exists, old_is_stream, new_is_stream;
5654 status = check_name(conn, smb_fname_dst_in->base_name);
5655 if (!NT_STATUS_IS_OK(status)) {
5659 /* Make a copy of the dst smb_fname structs */
5661 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5662 if (!NT_STATUS_IS_OK(status)) {
5666 /* Ensure the dst smb_fname contains a '/' */
5667 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5669 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5670 smb_fname_dst->base_name);
5672 status = NT_STATUS_NO_MEMORY;
5675 TALLOC_FREE(smb_fname_dst->base_name);
5676 smb_fname_dst->base_name = tmp;
5680 * Check for special case with case preserving and not
5681 * case sensitive. If the old last component differs from the original
5682 * last component only by case, then we should allow
5683 * the rename (user is trying to change the case of the
5686 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5687 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5688 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
5690 char *fname_dst_lcomp_base_mod = NULL;
5691 struct smb_filename *smb_fname_orig_lcomp = NULL;
5694 * Get the last component of the destination name. Note that
5695 * we guarantee that destination name contains a '/' character
5698 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5699 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5700 if (!fname_dst_lcomp_base_mod) {
5701 status = NT_STATUS_NO_MEMORY;
5706 * Create an smb_filename struct using the original last
5707 * component of the destination.
5709 status = create_synthetic_smb_fname_split(ctx,
5710 smb_fname_dst->original_lcomp, NULL,
5711 &smb_fname_orig_lcomp);
5712 if (!NT_STATUS_IS_OK(status)) {
5713 TALLOC_FREE(fname_dst_lcomp_base_mod);
5717 /* If the base names only differ by case, use original. */
5718 if(!strcsequal(fname_dst_lcomp_base_mod,
5719 smb_fname_orig_lcomp->base_name)) {
5722 * Replace the modified last component with the
5725 *last_slash = '\0'; /* Truncate at the '/' */
5726 tmp = talloc_asprintf(smb_fname_dst,
5728 smb_fname_dst->base_name,
5729 smb_fname_orig_lcomp->base_name);
5731 status = NT_STATUS_NO_MEMORY;
5732 TALLOC_FREE(fname_dst_lcomp_base_mod);
5733 TALLOC_FREE(smb_fname_orig_lcomp);
5736 TALLOC_FREE(smb_fname_dst->base_name);
5737 smb_fname_dst->base_name = tmp;
5740 /* If the stream_names only differ by case, use original. */
5741 if(!strcsequal(smb_fname_dst->stream_name,
5742 smb_fname_orig_lcomp->stream_name)) {
5744 /* Use the original stream. */
5745 tmp = talloc_strdup(smb_fname_dst,
5746 smb_fname_orig_lcomp->stream_name);
5748 status = NT_STATUS_NO_MEMORY;
5749 TALLOC_FREE(fname_dst_lcomp_base_mod);
5750 TALLOC_FREE(smb_fname_orig_lcomp);
5753 TALLOC_FREE(smb_fname_dst->stream_name);
5754 smb_fname_dst->stream_name = tmp;
5756 TALLOC_FREE(fname_dst_lcomp_base_mod);
5757 TALLOC_FREE(smb_fname_orig_lcomp);
5761 * If the src and dest names are identical - including case,
5762 * don't do the rename, just return success.
5765 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5766 strcsequal(fsp->fsp_name->stream_name,
5767 smb_fname_dst->stream_name)) {
5768 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
5769 "- returning success\n",
5770 smb_fname_str_dbg(smb_fname_dst)));
5771 status = NT_STATUS_OK;
5775 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
5776 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
5778 /* Return the correct error code if both names aren't streams. */
5779 if (!old_is_stream && new_is_stream) {
5780 status = NT_STATUS_OBJECT_NAME_INVALID;
5784 if (old_is_stream && !new_is_stream) {
5785 status = NT_STATUS_INVALID_PARAMETER;
5789 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
5791 if(!replace_if_exists && dst_exists) {
5792 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
5793 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5794 smb_fname_str_dbg(smb_fname_dst)));
5795 status = NT_STATUS_OBJECT_NAME_COLLISION;
5800 struct file_id fileid = vfs_file_id_from_sbuf(conn,
5801 &smb_fname_dst->st);
5802 files_struct *dst_fsp = file_find_di_first(fileid);
5803 /* The file can be open when renaming a stream */
5804 if (dst_fsp && !new_is_stream) {
5805 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5806 status = NT_STATUS_ACCESS_DENIED;
5811 /* Ensure we have a valid stat struct for the source. */
5812 status = vfs_stat_fsp(fsp);
5813 if (!NT_STATUS_IS_OK(status)) {
5817 status = can_rename(conn, fsp, attrs);
5819 if (!NT_STATUS_IS_OK(status)) {
5820 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5821 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5822 smb_fname_str_dbg(smb_fname_dst)));
5823 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5824 status = NT_STATUS_ACCESS_DENIED;
5828 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
5829 status = NT_STATUS_ACCESS_DENIED;
5832 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5836 * We have the file open ourselves, so not being able to get the
5837 * corresponding share mode lock is a fatal error.
5840 SMB_ASSERT(lck != NULL);
5842 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
5843 uint32 create_options = fsp->fh->private_options;
5845 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
5846 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5847 smb_fname_str_dbg(smb_fname_dst)));
5849 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
5852 rename_open_files(conn, lck, smb_fname_dst);
5855 * A rename acts as a new file create w.r.t. allowing an initial delete
5856 * on close, probably because in Windows there is a new handle to the
5857 * new file. If initial delete on close was requested but not
5858 * originally set, we need to set it here. This is probably not 100% correct,
5859 * but will work for the CIFSFS client which in non-posix mode
5860 * depends on these semantics. JRA.
5863 if (create_options & FILE_DELETE_ON_CLOSE) {
5864 status = can_set_delete_on_close(fsp, 0);
5866 if (NT_STATUS_IS_OK(status)) {
5867 /* Note that here we set the *inital* delete on close flag,
5868 * not the regular one. The magic gets handled in close. */
5869 fsp->initial_delete_on_close = True;
5873 status = NT_STATUS_OK;
5879 if (errno == ENOTDIR || errno == EISDIR) {
5880 status = NT_STATUS_OBJECT_NAME_COLLISION;
5882 status = map_nt_error_from_unix(errno);
5885 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5886 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5887 smb_fname_str_dbg(smb_fname_dst)));
5890 TALLOC_FREE(smb_fname_dst);
5895 /****************************************************************************
5896 The guts of the rename command, split out so it may be called by the NT SMB
5898 ****************************************************************************/
5900 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5901 connection_struct *conn,
5902 struct smb_request *req,
5903 struct smb_filename *smb_fname_src,
5904 struct smb_filename *smb_fname_dst,
5906 bool replace_if_exists,
5909 uint32_t access_mask)
5911 char *fname_src_dir = NULL;
5912 char *fname_src_mask = NULL;
5914 NTSTATUS status = NT_STATUS_OK;
5915 struct smb_Dir *dir_hnd = NULL;
5916 const char *dname = NULL;
5917 char *talloced = NULL;
5919 int create_options = 0;
5920 bool posix_pathnames = lp_posix_pathnames();
5923 * Split the old name into directory and last component
5924 * strings. Note that unix_convert may have stripped off a
5925 * leading ./ from both name and newname if the rename is
5926 * at the root of the share. We need to make sure either both
5927 * name and newname contain a / character or neither of them do
5928 * as this is checked in resolve_wildcards().
5931 /* Split up the directory from the filename/mask. */
5932 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
5933 &fname_src_dir, &fname_src_mask);
5934 if (!NT_STATUS_IS_OK(status)) {
5935 status = NT_STATUS_NO_MEMORY;
5940 * We should only check the mangled cache
5941 * here if unix_convert failed. This means
5942 * that the path in 'mask' doesn't exist
5943 * on the file system and so we need to look
5944 * for a possible mangle. This patch from
5945 * Tine Smukavec <valentin.smukavec@hermes.si>.
5948 if (!VALID_STAT(smb_fname_src->st) &&
5949 mangle_is_mangled(fname_src_mask, conn->params)) {
5950 char *new_mask = NULL;
5951 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
5954 TALLOC_FREE(fname_src_mask);
5955 fname_src_mask = new_mask;
5959 if (!src_has_wild) {
5963 * Only one file needs to be renamed. Append the mask back
5964 * onto the directory.
5966 TALLOC_FREE(smb_fname_src->base_name);
5967 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
5971 if (!smb_fname_src->base_name) {
5972 status = NT_STATUS_NO_MEMORY;
5976 /* Ensure dst fname contains a '/' also */
5977 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
5979 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5980 smb_fname_dst->base_name);
5982 status = NT_STATUS_NO_MEMORY;
5985 TALLOC_FREE(smb_fname_dst->base_name);
5986 smb_fname_dst->base_name = tmp;
5989 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5990 "case_preserve = %d, short case preserve = %d, "
5991 "directory = %s, newname = %s, "
5992 "last_component_dest = %s\n",
5993 conn->case_sensitive, conn->case_preserve,
5994 conn->short_case_preserve,
5995 smb_fname_str_dbg(smb_fname_src),
5996 smb_fname_str_dbg(smb_fname_dst),
5997 smb_fname_dst->original_lcomp));
5999 /* The dest name still may have wildcards. */
6000 if (dest_has_wild) {
6001 char *fname_dst_mod = NULL;
6002 if (!resolve_wildcards(smb_fname_dst,
6003 smb_fname_src->base_name,
6004 smb_fname_dst->base_name,
6006 DEBUG(6, ("rename_internals: resolve_wildcards "
6008 smb_fname_src->base_name,
6009 smb_fname_dst->base_name));
6010 status = NT_STATUS_NO_MEMORY;
6013 TALLOC_FREE(smb_fname_dst->base_name);
6014 smb_fname_dst->base_name = fname_dst_mod;
6017 ZERO_STRUCT(smb_fname_src->st);
6018 if (posix_pathnames) {
6019 SMB_VFS_LSTAT(conn, smb_fname_src);
6021 SMB_VFS_STAT(conn, smb_fname_src);
6024 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6025 create_options |= FILE_DIRECTORY_FILE;
6028 status = SMB_VFS_CREATE_FILE(
6031 0, /* root_dir_fid */
6032 smb_fname_src, /* fname */
6033 access_mask, /* access_mask */
6034 (FILE_SHARE_READ | /* share_access */
6036 FILE_OPEN, /* create_disposition*/
6037 create_options, /* create_options */
6038 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6039 0, /* oplock_request */
6040 0, /* allocation_size */
6046 if (!NT_STATUS_IS_OK(status)) {
6047 DEBUG(3, ("Could not open rename source %s: %s\n",
6048 smb_fname_str_dbg(smb_fname_src),
6049 nt_errstr(status)));
6053 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6054 attrs, replace_if_exists);
6056 close_file(req, fsp, NORMAL_CLOSE);
6058 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6059 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6060 smb_fname_str_dbg(smb_fname_dst)));
6066 * Wildcards - process each file that matches.
6068 if (strequal(fname_src_mask, "????????.???")) {
6069 TALLOC_FREE(fname_src_mask);
6070 fname_src_mask = talloc_strdup(ctx, "*");
6071 if (!fname_src_mask) {
6072 status = NT_STATUS_NO_MEMORY;
6077 status = check_name(conn, fname_src_dir);
6078 if (!NT_STATUS_IS_OK(status)) {
6082 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6084 if (dir_hnd == NULL) {
6085 status = map_nt_error_from_unix(errno);
6089 status = NT_STATUS_NO_SUCH_FILE;
6091 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6092 * - gentest fix. JRA
6095 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6097 files_struct *fsp = NULL;
6098 char *destname = NULL;
6099 bool sysdir_entry = False;
6101 /* Quick check for "." and ".." */
6102 if (ISDOT(dname) || ISDOTDOT(dname)) {
6104 sysdir_entry = True;
6106 TALLOC_FREE(talloced);
6111 if (!is_visible_file(conn, fname_src_dir, dname,
6112 &smb_fname_src->st, false)) {
6113 TALLOC_FREE(talloced);
6117 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6118 TALLOC_FREE(talloced);
6123 status = NT_STATUS_OBJECT_NAME_INVALID;
6127 TALLOC_FREE(smb_fname_src->base_name);
6128 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6132 if (!smb_fname_src->base_name) {
6133 status = NT_STATUS_NO_MEMORY;
6137 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6138 smb_fname_dst->base_name,
6140 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6141 smb_fname_src->base_name, destname));
6142 TALLOC_FREE(talloced);
6146 status = NT_STATUS_NO_MEMORY;
6150 TALLOC_FREE(smb_fname_dst->base_name);
6151 smb_fname_dst->base_name = destname;
6153 ZERO_STRUCT(smb_fname_src->st);
6154 if (posix_pathnames) {
6155 SMB_VFS_LSTAT(conn, smb_fname_src);
6157 SMB_VFS_STAT(conn, smb_fname_src);
6162 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6163 create_options |= FILE_DIRECTORY_FILE;
6166 status = SMB_VFS_CREATE_FILE(
6169 0, /* root_dir_fid */
6170 smb_fname_src, /* fname */
6171 access_mask, /* access_mask */
6172 (FILE_SHARE_READ | /* share_access */
6174 FILE_OPEN, /* create_disposition*/
6175 create_options, /* create_options */
6176 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6177 0, /* oplock_request */
6178 0, /* allocation_size */
6184 if (!NT_STATUS_IS_OK(status)) {
6185 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6186 "returned %s rename %s -> %s\n",
6188 smb_fname_str_dbg(smb_fname_src),
6189 smb_fname_str_dbg(smb_fname_dst)));
6193 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6195 if (!smb_fname_dst->original_lcomp) {
6196 status = NT_STATUS_NO_MEMORY;
6200 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6201 attrs, replace_if_exists);
6203 close_file(req, fsp, NORMAL_CLOSE);
6205 if (!NT_STATUS_IS_OK(status)) {
6206 DEBUG(3, ("rename_internals_fsp returned %s for "
6207 "rename %s -> %s\n", nt_errstr(status),
6208 smb_fname_str_dbg(smb_fname_src),
6209 smb_fname_str_dbg(smb_fname_dst)));
6215 DEBUG(3,("rename_internals: doing rename on %s -> "
6216 "%s\n", smb_fname_str_dbg(smb_fname_src),
6217 smb_fname_str_dbg(smb_fname_src)));
6218 TALLOC_FREE(talloced);
6220 TALLOC_FREE(dir_hnd);
6222 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6223 status = map_nt_error_from_unix(errno);
6227 TALLOC_FREE(talloced);
6228 TALLOC_FREE(fname_src_dir);
6229 TALLOC_FREE(fname_src_mask);
6233 /****************************************************************************
6235 ****************************************************************************/
6237 void reply_mv(struct smb_request *req)
6239 connection_struct *conn = req->conn;
6241 char *newname = NULL;
6245 bool src_has_wcard = False;
6246 bool dest_has_wcard = False;
6247 TALLOC_CTX *ctx = talloc_tos();
6248 struct smb_filename *smb_fname_src = NULL;
6249 struct smb_filename *smb_fname_dst = NULL;
6251 START_PROFILE(SMBmv);
6254 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6258 attrs = SVAL(req->vwv+0, 0);
6260 p = (const char *)req->buf + 1;
6261 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6262 &status, &src_has_wcard);
6263 if (!NT_STATUS_IS_OK(status)) {
6264 reply_nterror(req, status);
6268 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6269 &status, &dest_has_wcard);
6270 if (!NT_STATUS_IS_OK(status)) {
6271 reply_nterror(req, status);
6275 status = filename_convert(ctx,
6277 req->flags2 & FLAGS2_DFS_PATHNAMES,
6279 UCF_COND_ALLOW_WCARD_LCOMP,
6283 if (!NT_STATUS_IS_OK(status)) {
6284 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6285 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6286 ERRSRV, ERRbadpath);
6289 reply_nterror(req, status);
6293 status = filename_convert(ctx,
6295 req->flags2 & FLAGS2_DFS_PATHNAMES,
6297 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6301 if (!NT_STATUS_IS_OK(status)) {
6302 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6303 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6304 ERRSRV, ERRbadpath);
6307 reply_nterror(req, status);
6311 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6312 smb_fname_str_dbg(smb_fname_dst)));
6314 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6315 attrs, False, src_has_wcard, dest_has_wcard,
6317 if (!NT_STATUS_IS_OK(status)) {
6318 if (open_was_deferred(req->mid)) {
6319 /* We have re-scheduled this call. */
6322 reply_nterror(req, status);
6326 reply_outbuf(req, 0, 0);
6328 TALLOC_FREE(smb_fname_src);
6329 TALLOC_FREE(smb_fname_dst);
6334 /*******************************************************************
6335 Copy a file as part of a reply_copy.
6336 ******************************************************************/
6339 * TODO: check error codes on all callers
6342 NTSTATUS copy_file(TALLOC_CTX *ctx,
6343 connection_struct *conn,
6344 struct smb_filename *smb_fname_src,
6345 struct smb_filename *smb_fname_dst,
6348 bool target_is_directory)
6350 struct smb_filename *smb_fname_dst_tmp = NULL;
6352 files_struct *fsp1,*fsp2;
6354 uint32 new_create_disposition;
6358 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6359 if (!NT_STATUS_IS_OK(status)) {
6364 * If the target is a directory, extract the last component from the
6365 * src filename and append it to the dst filename
6367 if (target_is_directory) {
6370 /* dest/target can't be a stream if it's a directory. */
6371 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6373 p = strrchr_m(smb_fname_src->base_name,'/');
6377 p = smb_fname_src->base_name;
6379 smb_fname_dst_tmp->base_name =
6380 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6382 if (!smb_fname_dst_tmp->base_name) {
6383 status = NT_STATUS_NO_MEMORY;
6388 status = vfs_file_exist(conn, smb_fname_src);
6389 if (!NT_STATUS_IS_OK(status)) {
6393 if (!target_is_directory && count) {
6394 new_create_disposition = FILE_OPEN;
6396 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6398 &new_create_disposition,
6400 status = NT_STATUS_INVALID_PARAMETER;
6405 /* Open the src file for reading. */
6406 status = SMB_VFS_CREATE_FILE(
6409 0, /* root_dir_fid */
6410 smb_fname_src, /* fname */
6411 FILE_GENERIC_READ, /* access_mask */
6412 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6413 FILE_OPEN, /* create_disposition*/
6414 0, /* create_options */
6415 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6416 INTERNAL_OPEN_ONLY, /* oplock_request */
6417 0, /* allocation_size */
6423 if (!NT_STATUS_IS_OK(status)) {
6427 dosattrs = dos_mode(conn, smb_fname_src);
6429 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6430 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6433 /* Open the dst file for writing. */
6434 status = SMB_VFS_CREATE_FILE(
6437 0, /* root_dir_fid */
6438 smb_fname_dst, /* fname */
6439 FILE_GENERIC_WRITE, /* access_mask */
6440 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6441 new_create_disposition, /* create_disposition*/
6442 0, /* create_options */
6443 dosattrs, /* file_attributes */
6444 INTERNAL_OPEN_ONLY, /* oplock_request */
6445 0, /* allocation_size */
6451 if (!NT_STATUS_IS_OK(status)) {
6452 close_file(NULL, fsp1, ERROR_CLOSE);
6456 if ((ofun&3) == 1) {
6457 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6458 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6460 * Stop the copy from occurring.
6463 smb_fname_src->st.st_ex_size = 0;
6467 /* Do the actual copy. */
6468 if (smb_fname_src->st.st_ex_size) {
6469 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6472 close_file(NULL, fsp1, NORMAL_CLOSE);
6474 /* Ensure the modtime is set correctly on the destination file. */
6475 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6478 * As we are opening fsp1 read-only we only expect
6479 * an error on close on fsp2 if we are out of space.
6480 * Thus we don't look at the error return from the
6483 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6485 if (!NT_STATUS_IS_OK(status)) {
6489 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6490 status = NT_STATUS_DISK_FULL;
6494 status = NT_STATUS_OK;
6497 TALLOC_FREE(smb_fname_dst_tmp);
6501 /****************************************************************************
6502 Reply to a file copy.
6503 ****************************************************************************/
6505 void reply_copy(struct smb_request *req)
6507 connection_struct *conn = req->conn;
6508 struct smb_filename *smb_fname_src = NULL;
6509 struct smb_filename *smb_fname_dst = NULL;
6510 char *fname_src = NULL;
6511 char *fname_dst = NULL;
6512 char *fname_src_mask = NULL;
6513 char *fname_src_dir = NULL;
6516 int error = ERRnoaccess;
6520 bool target_is_directory=False;
6521 bool source_has_wild = False;
6522 bool dest_has_wild = False;
6524 TALLOC_CTX *ctx = talloc_tos();
6526 START_PROFILE(SMBcopy);
6529 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6533 tid2 = SVAL(req->vwv+0, 0);
6534 ofun = SVAL(req->vwv+1, 0);
6535 flags = SVAL(req->vwv+2, 0);
6537 p = (const char *)req->buf;
6538 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6539 &status, &source_has_wild);
6540 if (!NT_STATUS_IS_OK(status)) {
6541 reply_nterror(req, status);
6544 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6545 &status, &dest_has_wild);
6546 if (!NT_STATUS_IS_OK(status)) {
6547 reply_nterror(req, status);
6551 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6553 if (tid2 != conn->cnum) {
6554 /* can't currently handle inter share copies XXXX */
6555 DEBUG(3,("Rejecting inter-share copy\n"));
6556 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
6560 status = filename_convert(ctx, conn,
6561 req->flags2 & FLAGS2_DFS_PATHNAMES,
6563 UCF_COND_ALLOW_WCARD_LCOMP,
6566 if (!NT_STATUS_IS_OK(status)) {
6567 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6568 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6569 ERRSRV, ERRbadpath);
6572 reply_nterror(req, status);
6576 status = filename_convert(ctx, conn,
6577 req->flags2 & FLAGS2_DFS_PATHNAMES,
6579 UCF_COND_ALLOW_WCARD_LCOMP,
6582 if (!NT_STATUS_IS_OK(status)) {
6583 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6584 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6585 ERRSRV, ERRbadpath);
6588 reply_nterror(req, status);
6592 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6594 if ((flags&1) && target_is_directory) {
6595 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
6599 if ((flags&2) && !target_is_directory) {
6600 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
6604 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6605 /* wants a tree copy! XXXX */
6606 DEBUG(3,("Rejecting tree copy\n"));
6607 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6611 /* Split up the directory from the filename/mask. */
6612 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6613 &fname_src_dir, &fname_src_mask);
6614 if (!NT_STATUS_IS_OK(status)) {
6615 reply_nterror(req, NT_STATUS_NO_MEMORY);
6620 * We should only check the mangled cache
6621 * here if unix_convert failed. This means
6622 * that the path in 'mask' doesn't exist
6623 * on the file system and so we need to look
6624 * for a possible mangle. This patch from
6625 * Tine Smukavec <valentin.smukavec@hermes.si>.
6627 if (!VALID_STAT(smb_fname_src->st) &&
6628 mangle_is_mangled(fname_src_mask, conn->params)) {
6629 char *new_mask = NULL;
6630 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6631 &new_mask, conn->params);
6633 /* Use demangled name if one was successfully found. */
6635 TALLOC_FREE(fname_src_mask);
6636 fname_src_mask = new_mask;
6640 if (!source_has_wild) {
6643 * Only one file needs to be copied. Append the mask back onto
6646 TALLOC_FREE(smb_fname_src->base_name);
6647 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6651 if (!smb_fname_src->base_name) {
6652 reply_nterror(req, NT_STATUS_NO_MEMORY);
6656 if (dest_has_wild) {
6657 char *fname_dst_mod = NULL;
6658 if (!resolve_wildcards(smb_fname_dst,
6659 smb_fname_src->base_name,
6660 smb_fname_dst->base_name,
6662 reply_nterror(req, NT_STATUS_NO_MEMORY);
6665 TALLOC_FREE(smb_fname_dst->base_name);
6666 smb_fname_dst->base_name = fname_dst_mod;
6669 status = check_name(conn, smb_fname_src->base_name);
6670 if (!NT_STATUS_IS_OK(status)) {
6671 reply_nterror(req, status);
6675 status = check_name(conn, smb_fname_dst->base_name);
6676 if (!NT_STATUS_IS_OK(status)) {
6677 reply_nterror(req, status);
6681 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6682 ofun, count, target_is_directory);
6684 if(!NT_STATUS_IS_OK(status)) {
6685 reply_nterror(req, status);
6691 struct smb_Dir *dir_hnd = NULL;
6692 const char *dname = NULL;
6693 char *talloced = NULL;
6697 * There is a wildcard that requires us to actually read the
6698 * src dir and copy each file matching the mask to the dst.
6699 * Right now streams won't be copied, but this could
6700 * presumably be added with a nested loop for reach dir entry.
6702 SMB_ASSERT(!smb_fname_src->stream_name);
6703 SMB_ASSERT(!smb_fname_dst->stream_name);
6705 smb_fname_src->stream_name = NULL;
6706 smb_fname_dst->stream_name = NULL;
6708 if (strequal(fname_src_mask,"????????.???")) {
6709 TALLOC_FREE(fname_src_mask);
6710 fname_src_mask = talloc_strdup(ctx, "*");
6711 if (!fname_src_mask) {
6712 reply_nterror(req, NT_STATUS_NO_MEMORY);
6717 status = check_name(conn, fname_src_dir);
6718 if (!NT_STATUS_IS_OK(status)) {
6719 reply_nterror(req, status);
6723 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6724 if (dir_hnd == NULL) {
6725 status = map_nt_error_from_unix(errno);
6726 reply_nterror(req, status);
6732 /* Iterate over the src dir copying each entry to the dst. */
6733 while ((dname = ReadDirName(dir_hnd, &offset,
6734 &smb_fname_src->st, &talloced))) {
6735 char *destname = NULL;
6737 if (ISDOT(dname) || ISDOTDOT(dname)) {
6738 TALLOC_FREE(talloced);
6742 if (!is_visible_file(conn, fname_src_dir, dname,
6743 &smb_fname_src->st, false)) {
6744 TALLOC_FREE(talloced);
6748 if(!mask_match(dname, fname_src_mask,
6749 conn->case_sensitive)) {
6750 TALLOC_FREE(talloced);
6754 error = ERRnoaccess;
6756 /* Get the src smb_fname struct setup. */
6757 TALLOC_FREE(smb_fname_src->base_name);
6758 smb_fname_src->base_name =
6759 talloc_asprintf(smb_fname_src, "%s/%s",
6760 fname_src_dir, dname);
6762 if (!smb_fname_src->base_name) {
6763 TALLOC_FREE(dir_hnd);
6764 TALLOC_FREE(talloced);
6765 reply_nterror(req, NT_STATUS_NO_MEMORY);
6769 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6770 smb_fname_dst->base_name,
6772 TALLOC_FREE(talloced);
6776 TALLOC_FREE(dir_hnd);
6777 TALLOC_FREE(talloced);
6778 reply_nterror(req, NT_STATUS_NO_MEMORY);
6782 TALLOC_FREE(smb_fname_dst->base_name);
6783 smb_fname_dst->base_name = destname;
6785 status = check_name(conn, smb_fname_src->base_name);
6786 if (!NT_STATUS_IS_OK(status)) {
6787 TALLOC_FREE(dir_hnd);
6788 TALLOC_FREE(talloced);
6789 reply_nterror(req, status);
6793 status = check_name(conn, smb_fname_dst->base_name);
6794 if (!NT_STATUS_IS_OK(status)) {
6795 TALLOC_FREE(dir_hnd);
6796 TALLOC_FREE(talloced);
6797 reply_nterror(req, status);
6801 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
6802 smb_fname_src->base_name,
6803 smb_fname_dst->base_name));
6805 status = copy_file(ctx, conn, smb_fname_src,
6806 smb_fname_dst, ofun, count,
6807 target_is_directory);
6808 if (NT_STATUS_IS_OK(status)) {
6812 TALLOC_FREE(talloced);
6814 TALLOC_FREE(dir_hnd);
6818 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
6822 reply_outbuf(req, 1, 0);
6823 SSVAL(req->outbuf,smb_vwv0,count);
6825 TALLOC_FREE(smb_fname_src);
6826 TALLOC_FREE(smb_fname_dst);
6827 TALLOC_FREE(fname_src);
6828 TALLOC_FREE(fname_dst);
6829 TALLOC_FREE(fname_src_mask);
6830 TALLOC_FREE(fname_src_dir);
6832 END_PROFILE(SMBcopy);
6837 #define DBGC_CLASS DBGC_LOCKING
6839 /****************************************************************************
6840 Get a lock pid, dealing with large count requests.
6841 ****************************************************************************/
6843 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6844 bool large_file_format)
6846 if(!large_file_format)
6847 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6849 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6852 /****************************************************************************
6853 Get a lock count, dealing with large count requests.
6854 ****************************************************************************/
6856 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6857 bool large_file_format)
6861 if(!large_file_format) {
6862 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6865 #if defined(HAVE_LONGLONG)
6866 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6867 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6868 #else /* HAVE_LONGLONG */
6871 * NT4.x seems to be broken in that it sends large file (64 bit)
6872 * lockingX calls even if the CAP_LARGE_FILES was *not*
6873 * negotiated. For boxes without large unsigned ints truncate the
6874 * lock count by dropping the top 32 bits.
6877 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6878 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6879 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6880 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6881 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6884 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6885 #endif /* HAVE_LONGLONG */
6891 #if !defined(HAVE_LONGLONG)
6892 /****************************************************************************
6893 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6894 ****************************************************************************/
6896 static uint32 map_lock_offset(uint32 high, uint32 low)
6900 uint32 highcopy = high;
6903 * Try and find out how many significant bits there are in high.
6906 for(i = 0; highcopy; i++)
6910 * We use 31 bits not 32 here as POSIX
6911 * lock offsets may not be negative.
6914 mask = (~0) << (31 - i);
6917 return 0; /* Fail. */
6923 #endif /* !defined(HAVE_LONGLONG) */
6925 /****************************************************************************
6926 Get a lock offset, dealing with large offset requests.
6927 ****************************************************************************/
6929 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6930 bool large_file_format, bool *err)
6932 uint64_t offset = 0;
6936 if(!large_file_format) {
6937 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6940 #if defined(HAVE_LONGLONG)
6941 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6942 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6943 #else /* HAVE_LONGLONG */
6946 * NT4.x seems to be broken in that it sends large file (64 bit)
6947 * lockingX calls even if the CAP_LARGE_FILES was *not*
6948 * negotiated. For boxes without large unsigned ints mangle the
6949 * lock offset by mapping the top 32 bits onto the lower 32.
6952 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6953 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6954 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6957 if((new_low = map_lock_offset(high, low)) == 0) {
6959 return (uint64_t)-1;
6962 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6963 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6964 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6965 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6968 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6969 #endif /* HAVE_LONGLONG */
6975 NTSTATUS smbd_do_locking(struct smb_request *req,
6979 uint16_t num_ulocks,
6980 struct smbd_lock_element *ulocks,
6982 struct smbd_lock_element *locks,
6985 connection_struct *conn = req->conn;
6987 NTSTATUS status = NT_STATUS_OK;
6991 /* Data now points at the beginning of the list
6992 of smb_unlkrng structs */
6993 for(i = 0; i < (int)num_ulocks; i++) {
6994 struct smbd_lock_element *e = &ulocks[i];
6996 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
6997 "pid %u, file %s\n",
7000 (unsigned int)e->smbpid,
7003 if (e->brltype != UNLOCK_LOCK) {
7004 /* this can only happen with SMB2 */
7005 return NT_STATUS_INVALID_PARAMETER;
7008 status = do_unlock(smbd_messaging_context(),
7015 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7016 nt_errstr(status)));
7018 if (!NT_STATUS_IS_OK(status)) {
7023 /* Setup the timeout in seconds. */
7025 if (!lp_blocking_locks(SNUM(conn))) {
7029 /* Data now points at the beginning of the list
7030 of smb_lkrng structs */
7032 for(i = 0; i < (int)num_locks; i++) {
7033 struct smbd_lock_element *e = &locks[i];
7035 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for pid "
7036 "%u, file %s timeout = %d\n",
7039 (unsigned int)e->smbpid,
7043 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7044 struct blocking_lock_record *blr = NULL;
7046 if (num_locks > 1) {
7048 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7049 * if the lock vector contains one entry. When given mutliple cancel
7050 * requests in a single PDU we expect the server to return an
7051 * error. Windows servers seem to accept the request but only
7052 * cancel the first lock.
7053 * JRA - Do what Windows does (tm) :-).
7057 /* MS-CIFS (2.2.4.32.1) behavior. */
7058 return NT_STATUS_DOS(ERRDOS,
7059 ERRcancelviolation);
7061 /* Windows behavior. */
7063 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7064 "cancel request\n"));
7070 if (lp_blocking_locks(SNUM(conn))) {
7072 /* Schedule a message to ourselves to
7073 remove the blocking lock record and
7074 return the right error. */
7076 blr = blocking_lock_cancel(fsp,
7082 NT_STATUS_FILE_LOCK_CONFLICT);
7084 return NT_STATUS_DOS(
7086 ERRcancelviolation);
7089 /* Remove a matching pending lock. */
7090 status = do_lock_cancel(fsp,
7097 bool blocking_lock = timeout ? true : false;
7098 bool defer_lock = false;
7099 struct byte_range_lock *br_lck;
7100 uint32_t block_smbpid;
7102 br_lck = do_lock(smbd_messaging_context(),
7114 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7115 /* Windows internal resolution for blocking locks seems
7116 to be about 200ms... Don't wait for less than that. JRA. */
7117 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7118 timeout = lp_lock_spin_time();
7123 /* This heuristic seems to match W2K3 very well. If a
7124 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7125 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7126 far as I can tell. Replacement for do_lock_spin(). JRA. */
7128 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7129 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7131 timeout = lp_lock_spin_time();
7134 if (br_lck && defer_lock) {
7136 * A blocking lock was requested. Package up
7137 * this smb into a queued request and push it
7138 * onto the blocking lock queue.
7140 if(push_blocking_lock_request(br_lck,
7151 TALLOC_FREE(br_lck);
7153 return NT_STATUS_OK;
7157 TALLOC_FREE(br_lck);
7160 if (!NT_STATUS_IS_OK(status)) {
7165 /* If any of the above locks failed, then we must unlock
7166 all of the previous locks (X/Open spec). */
7168 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7170 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7171 i = -1; /* we want to skip the for loop */
7175 * Ensure we don't do a remove on the lock that just failed,
7176 * as under POSIX rules, if we have a lock already there, we
7177 * will delete it (and we shouldn't) .....
7179 for(i--; i >= 0; i--) {
7180 struct smbd_lock_element *e = &locks[i];
7182 do_unlock(smbd_messaging_context(),
7192 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7193 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7195 return NT_STATUS_OK;
7198 /****************************************************************************
7199 Reply to a lockingX request.
7200 ****************************************************************************/
7202 void reply_lockingX(struct smb_request *req)
7204 connection_struct *conn = req->conn;
7206 unsigned char locktype;
7207 unsigned char oplocklevel;
7212 const uint8_t *data;
7213 bool large_file_format;
7215 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7216 struct smbd_lock_element *ulocks;
7217 struct smbd_lock_element *locks;
7220 START_PROFILE(SMBlockingX);
7223 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7224 END_PROFILE(SMBlockingX);
7228 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7229 locktype = CVAL(req->vwv+3, 0);
7230 oplocklevel = CVAL(req->vwv+3, 1);
7231 num_ulocks = SVAL(req->vwv+6, 0);
7232 num_locks = SVAL(req->vwv+7, 0);
7233 lock_timeout = IVAL(req->vwv+4, 0);
7234 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7236 if (!check_fsp(conn, req, fsp)) {
7237 END_PROFILE(SMBlockingX);
7243 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7244 /* we don't support these - and CANCEL_LOCK makes w2k
7245 and XP reboot so I don't really want to be
7246 compatible! (tridge) */
7247 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7248 END_PROFILE(SMBlockingX);
7252 /* Check if this is an oplock break on a file
7253 we have granted an oplock on.
7255 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7256 /* Client can insist on breaking to none. */
7257 bool break_to_none = (oplocklevel == 0);
7260 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7261 "for fnum = %d\n", (unsigned int)oplocklevel,
7265 * Make sure we have granted an exclusive or batch oplock on
7269 if (fsp->oplock_type == 0) {
7271 /* The Samba4 nbench simulator doesn't understand
7272 the difference between break to level2 and break
7273 to none from level2 - it sends oplock break
7274 replies in both cases. Don't keep logging an error
7275 message here - just ignore it. JRA. */
7277 DEBUG(5,("reply_lockingX: Error : oplock break from "
7278 "client for fnum = %d (oplock=%d) and no "
7279 "oplock granted on this file (%s).\n",
7280 fsp->fnum, fsp->oplock_type,
7283 /* if this is a pure oplock break request then don't
7285 if (num_locks == 0 && num_ulocks == 0) {
7286 END_PROFILE(SMBlockingX);
7289 END_PROFILE(SMBlockingX);
7290 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7295 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7297 result = remove_oplock(fsp);
7299 result = downgrade_oplock(fsp);
7303 DEBUG(0, ("reply_lockingX: error in removing "
7304 "oplock on file %s\n", fsp_str_dbg(fsp)));
7305 /* Hmmm. Is this panic justified? */
7306 smb_panic("internal tdb error");
7309 reply_to_oplock_break_requests(fsp);
7311 /* if this is a pure oplock break request then don't send a
7313 if (num_locks == 0 && num_ulocks == 0) {
7314 /* Sanity check - ensure a pure oplock break is not a
7316 if(CVAL(req->vwv+0, 0) != 0xff)
7317 DEBUG(0,("reply_lockingX: Error : pure oplock "
7318 "break is a chained %d request !\n",
7319 (unsigned int)CVAL(req->vwv+0, 0)));
7320 END_PROFILE(SMBlockingX);
7326 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7327 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7328 END_PROFILE(SMBlockingX);
7332 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7333 if (ulocks == NULL) {
7334 reply_nterror(req, NT_STATUS_NO_MEMORY);
7335 END_PROFILE(SMBlockingX);
7339 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7340 if (locks == NULL) {
7341 reply_nterror(req, NT_STATUS_NO_MEMORY);
7342 END_PROFILE(SMBlockingX);
7346 /* Data now points at the beginning of the list
7347 of smb_unlkrng structs */
7348 for(i = 0; i < (int)num_ulocks; i++) {
7349 ulocks[i].smbpid = get_lock_pid(data, i, large_file_format);
7350 ulocks[i].count = get_lock_count(data, i, large_file_format);
7351 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7352 ulocks[i].brltype = UNLOCK_LOCK;
7355 * There is no error code marked "stupid client bug".... :-).
7358 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7359 END_PROFILE(SMBlockingX);
7364 /* Now do any requested locks */
7365 data += ((large_file_format ? 20 : 10)*num_ulocks);
7367 /* Data now points at the beginning of the list
7368 of smb_lkrng structs */
7370 for(i = 0; i < (int)num_locks; i++) {
7371 locks[i].smbpid = get_lock_pid(data, i, large_file_format);
7372 locks[i].count = get_lock_count(data, i, large_file_format);
7373 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7375 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7376 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7377 locks[i].brltype = PENDING_READ_LOCK;
7379 locks[i].brltype = READ_LOCK;
7382 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7383 locks[i].brltype = PENDING_WRITE_LOCK;
7385 locks[i].brltype = WRITE_LOCK;
7390 * There is no error code marked "stupid client bug".... :-).
7393 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7394 END_PROFILE(SMBlockingX);
7399 status = smbd_do_locking(req, fsp,
7400 locktype, lock_timeout,
7404 if (!NT_STATUS_IS_OK(status)) {
7405 END_PROFILE(SMBlockingX);
7406 reply_nterror(req, status);
7410 END_PROFILE(SMBlockingX);
7414 reply_outbuf(req, 2, 0);
7416 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7417 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7419 END_PROFILE(SMBlockingX);
7424 #define DBGC_CLASS DBGC_ALL
7426 /****************************************************************************
7427 Reply to a SMBreadbmpx (read block multiplex) request.
7428 Always reply with an error, if someone has a platform really needs this,
7429 please contact vl@samba.org
7430 ****************************************************************************/
7432 void reply_readbmpx(struct smb_request *req)
7434 START_PROFILE(SMBreadBmpx);
7435 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7436 END_PROFILE(SMBreadBmpx);
7440 /****************************************************************************
7441 Reply to a SMBreadbs (read block multiplex secondary) request.
7442 Always reply with an error, if someone has a platform really needs this,
7443 please contact vl@samba.org
7444 ****************************************************************************/
7446 void reply_readbs(struct smb_request *req)
7448 START_PROFILE(SMBreadBs);
7449 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7450 END_PROFILE(SMBreadBs);
7454 /****************************************************************************
7455 Reply to a SMBsetattrE.
7456 ****************************************************************************/
7458 void reply_setattrE(struct smb_request *req)
7460 connection_struct *conn = req->conn;
7461 struct smb_file_time ft;
7465 START_PROFILE(SMBsetattrE);
7469 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7473 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7475 if(!fsp || (fsp->conn != conn)) {
7476 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7481 * Convert the DOS times into unix times.
7484 ft.atime = convert_time_t_to_timespec(
7485 srv_make_unix_date2(req->vwv+3));
7486 ft.mtime = convert_time_t_to_timespec(
7487 srv_make_unix_date2(req->vwv+5));
7488 ft.create_time = convert_time_t_to_timespec(
7489 srv_make_unix_date2(req->vwv+1));
7491 reply_outbuf(req, 0, 0);
7494 * Patch from Ray Frush <frush@engr.colostate.edu>
7495 * Sometimes times are sent as zero - ignore them.
7498 /* Ensure we have a valid stat struct for the source. */
7499 status = vfs_stat_fsp(fsp);
7500 if (!NT_STATUS_IS_OK(status)) {
7501 reply_nterror(req, status);
7505 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7506 if (!NT_STATUS_IS_OK(status)) {
7507 reply_nterror(req, status);
7511 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7514 (unsigned int)ft.atime.tv_sec,
7515 (unsigned int)ft.mtime.tv_sec,
7516 (unsigned int)ft.create_time.tv_sec
7519 END_PROFILE(SMBsetattrE);
7524 /* Back from the dead for OS/2..... JRA. */
7526 /****************************************************************************
7527 Reply to a SMBwritebmpx (write block multiplex primary) request.
7528 Always reply with an error, if someone has a platform really needs this,
7529 please contact vl@samba.org
7530 ****************************************************************************/
7532 void reply_writebmpx(struct smb_request *req)
7534 START_PROFILE(SMBwriteBmpx);
7535 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7536 END_PROFILE(SMBwriteBmpx);
7540 /****************************************************************************
7541 Reply to a SMBwritebs (write block multiplex secondary) request.
7542 Always reply with an error, if someone has a platform really needs this,
7543 please contact vl@samba.org
7544 ****************************************************************************/
7546 void reply_writebs(struct smb_request *req)
7548 START_PROFILE(SMBwriteBs);
7549 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7550 END_PROFILE(SMBwriteBs);
7554 /****************************************************************************
7555 Reply to a SMBgetattrE.
7556 ****************************************************************************/
7558 void reply_getattrE(struct smb_request *req)
7560 connection_struct *conn = req->conn;
7563 struct timespec create_ts;
7565 START_PROFILE(SMBgetattrE);
7568 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7569 END_PROFILE(SMBgetattrE);
7573 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7575 if(!fsp || (fsp->conn != conn)) {
7576 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7577 END_PROFILE(SMBgetattrE);
7581 /* Do an fstat on this file */
7583 reply_nterror(req, map_nt_error_from_unix(errno));
7584 END_PROFILE(SMBgetattrE);
7588 mode = dos_mode(conn, fsp->fsp_name);
7591 * Convert the times into dos times. Set create
7592 * date to be last modify date as UNIX doesn't save
7596 reply_outbuf(req, 11, 0);
7598 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
7599 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7600 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7601 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
7602 /* Should we check pending modtime here ? JRA */
7603 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7604 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
7607 SIVAL(req->outbuf, smb_vwv6, 0);
7608 SIVAL(req->outbuf, smb_vwv8, 0);
7610 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
7611 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
7612 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7614 SSVAL(req->outbuf,smb_vwv10, mode);
7616 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7618 END_PROFILE(SMBgetattrE);
git.samba.org / kamenim / samba.git / blob