2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Jeremy Allison 2010
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "smbd/smbd.h"
25 #include "smbd/globals.h"
26 #include "../libcli/smb/smb_common.h"
27 #include "../librpc/gen_ndr/ndr_security.h"
28 #include "libcli/security/security.h"
29 #include "../lib/util/tevent_ntstatus.h"
31 #include "librpc/gen_ndr/open_files.h"
34 int map_smb2_oplock_levels_to_samba(uint8_t in_oplock_level)
36 switch(in_oplock_level) {
37 case SMB2_OPLOCK_LEVEL_NONE:
39 case SMB2_OPLOCK_LEVEL_II:
40 return LEVEL_II_OPLOCK;
41 case SMB2_OPLOCK_LEVEL_EXCLUSIVE:
42 return EXCLUSIVE_OPLOCK;
43 case SMB2_OPLOCK_LEVEL_BATCH:
45 case SMB2_OPLOCK_LEVEL_LEASE:
46 DEBUG(2,("map_smb2_oplock_levels_to_samba: "
47 "LEASE_OPLOCK_REQUESTED\n"));
50 DEBUG(2,("map_smb2_oplock_levels_to_samba: "
52 (unsigned int)in_oplock_level));
57 static uint8_t map_samba_oplock_levels_to_smb2(int oplock_type)
59 if (BATCH_OPLOCK_TYPE(oplock_type)) {
60 return SMB2_OPLOCK_LEVEL_BATCH;
61 } else if (EXCLUSIVE_OPLOCK_TYPE(oplock_type)) {
62 return SMB2_OPLOCK_LEVEL_EXCLUSIVE;
63 } else if (oplock_type == LEVEL_II_OPLOCK) {
65 * Don't use LEVEL_II_OPLOCK_TYPE here as
66 * this also includes FAKE_LEVEL_II_OPLOCKs
67 * which are internal only.
69 return SMB2_OPLOCK_LEVEL_II;
71 return SMB2_OPLOCK_LEVEL_NONE;
75 static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
76 struct tevent_context *ev,
77 struct smbd_smb2_request *smb2req,
78 uint8_t in_oplock_level,
79 uint32_t in_impersonation_level,
80 uint32_t in_desired_access,
81 uint32_t in_file_attributes,
82 uint32_t in_share_access,
83 uint32_t in_create_disposition,
84 uint32_t in_create_options,
86 struct smb2_create_blobs in_context_blobs);
87 static NTSTATUS smbd_smb2_create_recv(struct tevent_req *req,
89 uint8_t *out_oplock_level,
90 uint32_t *out_create_action,
91 NTTIME *out_creation_time,
92 NTTIME *out_last_access_time,
93 NTTIME *out_last_write_time,
94 NTTIME *out_change_time,
95 uint64_t *out_allocation_size,
96 uint64_t *out_end_of_file,
97 uint32_t *out_file_attributes,
98 uint64_t *out_file_id_persistent,
99 uint64_t *out_file_id_volatile,
100 struct smb2_create_blobs *out_context_blobs);
102 static void smbd_smb2_request_create_done(struct tevent_req *tsubreq);
103 NTSTATUS smbd_smb2_request_process_create(struct smbd_smb2_request *smb2req)
105 const uint8_t *inbody;
106 const struct iovec *indyniov;
107 int i = smb2req->current_idx;
108 uint8_t in_oplock_level;
109 uint32_t in_impersonation_level;
110 uint32_t in_desired_access;
111 uint32_t in_file_attributes;
112 uint32_t in_share_access;
113 uint32_t in_create_disposition;
114 uint32_t in_create_options;
115 uint16_t in_name_offset;
116 uint16_t in_name_length;
117 DATA_BLOB in_name_buffer;
118 char *in_name_string;
119 size_t in_name_string_size;
120 uint32_t name_offset = 0;
121 uint32_t name_available_length = 0;
122 uint32_t in_context_offset;
123 uint32_t in_context_length;
124 DATA_BLOB in_context_buffer;
125 struct smb2_create_blobs in_context_blobs;
126 uint32_t context_offset = 0;
127 uint32_t context_available_length = 0;
131 struct tevent_req *tsubreq;
133 status = smbd_smb2_request_verify_sizes(smb2req, 0x39);
134 if (!NT_STATUS_IS_OK(status)) {
135 return smbd_smb2_request_error(smb2req, status);
137 inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
139 in_oplock_level = CVAL(inbody, 0x03);
140 in_impersonation_level = IVAL(inbody, 0x04);
141 in_desired_access = IVAL(inbody, 0x18);
142 in_file_attributes = IVAL(inbody, 0x1C);
143 in_share_access = IVAL(inbody, 0x20);
144 in_create_disposition = IVAL(inbody, 0x24);
145 in_create_options = IVAL(inbody, 0x28);
146 in_name_offset = SVAL(inbody, 0x2C);
147 in_name_length = SVAL(inbody, 0x2E);
148 in_context_offset = IVAL(inbody, 0x30);
149 in_context_length = IVAL(inbody, 0x34);
152 * First check if the dynamic name and context buffers
153 * are correctly specified.
155 * Note: That we don't check if the name and context buffers
159 dyn_offset = SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len;
161 if (in_name_offset == 0 && in_name_length == 0) {
164 } else if (in_name_offset < dyn_offset) {
165 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
167 name_offset = in_name_offset - dyn_offset;
170 indyniov = &smb2req->in.vector[i+2];
172 if (name_offset > indyniov->iov_len) {
173 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
176 name_available_length = indyniov->iov_len - name_offset;
178 if (in_name_length > name_available_length) {
179 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
182 in_name_buffer.data = (uint8_t *)indyniov->iov_base + name_offset;
183 in_name_buffer.length = in_name_length;
185 if (in_context_offset == 0 && in_context_length == 0) {
188 } else if (in_context_offset < dyn_offset) {
189 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
191 context_offset = in_context_offset - dyn_offset;
194 if (context_offset > indyniov->iov_len) {
195 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
198 context_available_length = indyniov->iov_len - context_offset;
200 if (in_context_length > context_available_length) {
201 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
204 in_context_buffer.data = (uint8_t *)indyniov->iov_base +
206 in_context_buffer.length = in_context_length;
209 * Now interpret the name and context buffers
212 ok = convert_string_talloc(smb2req, CH_UTF16, CH_UNIX,
214 in_name_buffer.length,
216 &in_name_string_size);
218 return smbd_smb2_request_error(smb2req, NT_STATUS_ILLEGAL_CHARACTER);
221 if (in_name_buffer.length == 0) {
222 in_name_string_size = 0;
225 if (strlen(in_name_string) != in_name_string_size) {
226 return smbd_smb2_request_error(smb2req, NT_STATUS_OBJECT_NAME_INVALID);
229 ZERO_STRUCT(in_context_blobs);
230 status = smb2_create_blob_parse(smb2req, in_context_buffer, &in_context_blobs);
231 if (!NT_STATUS_IS_OK(status)) {
232 return smbd_smb2_request_error(smb2req, status);
235 tsubreq = smbd_smb2_create_send(smb2req,
236 smb2req->sconn->ev_ctx,
239 in_impersonation_level,
243 in_create_disposition,
247 if (tsubreq == NULL) {
248 smb2req->subreq = NULL;
249 return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
251 tevent_req_set_callback(tsubreq, smbd_smb2_request_create_done, smb2req);
254 * For now we keep the logic that we do not send STATUS_PENDING
255 * for sharing violations, so we just wait 2 seconds.
257 * TODO: we need more tests for this.
259 return smbd_smb2_request_pending_queue(smb2req, tsubreq, 2000000);
262 static uint64_t get_mid_from_smb2req(struct smbd_smb2_request *smb2req)
264 uint8_t *reqhdr = (uint8_t *)smb2req->out.vector[smb2req->current_idx].iov_base;
265 return BVAL(reqhdr, SMB2_HDR_MESSAGE_ID);
268 static void smbd_smb2_request_create_done(struct tevent_req *tsubreq)
270 struct smbd_smb2_request *smb2req = tevent_req_callback_data(tsubreq,
271 struct smbd_smb2_request);
274 uint8_t out_oplock_level = 0;
275 uint32_t out_create_action = 0;
276 NTTIME out_creation_time = 0;
277 NTTIME out_last_access_time = 0;
278 NTTIME out_last_write_time = 0;
279 NTTIME out_change_time = 0;
280 uint64_t out_allocation_size = 0;
281 uint64_t out_end_of_file = 0;
282 uint32_t out_file_attributes = 0;
283 uint64_t out_file_id_persistent = 0;
284 uint64_t out_file_id_volatile = 0;
285 struct smb2_create_blobs out_context_blobs;
286 DATA_BLOB out_context_buffer;
287 uint16_t out_context_buffer_offset = 0;
289 NTSTATUS error; /* transport error */
291 if (smb2req->cancelled) {
292 uint64_t mid = get_mid_from_smb2req(smb2req);
293 DEBUG(10,("smbd_smb2_request_create_done: cancelled mid %llu\n",
294 (unsigned long long)mid ));
295 error = smbd_smb2_request_error(smb2req, NT_STATUS_CANCELLED);
296 if (!NT_STATUS_IS_OK(error)) {
297 smbd_server_connection_terminate(smb2req->sconn,
304 status = smbd_smb2_create_recv(tsubreq,
309 &out_last_access_time,
310 &out_last_write_time,
312 &out_allocation_size,
314 &out_file_attributes,
315 &out_file_id_persistent,
316 &out_file_id_volatile,
318 if (!NT_STATUS_IS_OK(status)) {
319 error = smbd_smb2_request_error(smb2req, status);
320 if (!NT_STATUS_IS_OK(error)) {
321 smbd_server_connection_terminate(smb2req->sconn,
328 status = smb2_create_blob_push(smb2req, &out_context_buffer, out_context_blobs);
329 if (!NT_STATUS_IS_OK(status)) {
330 error = smbd_smb2_request_error(smb2req, status);
331 if (!NT_STATUS_IS_OK(error)) {
332 smbd_server_connection_terminate(smb2req->sconn,
339 if (out_context_buffer.length > 0) {
340 out_context_buffer_offset = SMB2_HDR_BODY + 0x58;
343 outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x58);
344 if (outbody.data == NULL) {
345 error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
346 if (!NT_STATUS_IS_OK(error)) {
347 smbd_server_connection_terminate(smb2req->sconn,
354 SSVAL(outbody.data, 0x00, 0x58 + 1); /* struct size */
355 SCVAL(outbody.data, 0x02,
356 out_oplock_level); /* oplock level */
357 SCVAL(outbody.data, 0x03, 0); /* reserved */
358 SIVAL(outbody.data, 0x04,
359 out_create_action); /* create action */
360 SBVAL(outbody.data, 0x08,
361 out_creation_time); /* creation time */
362 SBVAL(outbody.data, 0x10,
363 out_last_access_time); /* last access time */
364 SBVAL(outbody.data, 0x18,
365 out_last_write_time); /* last write time */
366 SBVAL(outbody.data, 0x20,
367 out_change_time); /* change time */
368 SBVAL(outbody.data, 0x28,
369 out_allocation_size); /* allocation size */
370 SBVAL(outbody.data, 0x30,
371 out_end_of_file); /* end of file */
372 SIVAL(outbody.data, 0x38,
373 out_file_attributes); /* file attributes */
374 SIVAL(outbody.data, 0x3C, 0); /* reserved */
375 SBVAL(outbody.data, 0x40,
376 out_file_id_persistent); /* file id (persistent) */
377 SBVAL(outbody.data, 0x48,
378 out_file_id_volatile); /* file id (volatile) */
379 SIVAL(outbody.data, 0x50,
380 out_context_buffer_offset); /* create contexts offset */
381 SIVAL(outbody.data, 0x54,
382 out_context_buffer.length); /* create contexts length */
384 outdyn = out_context_buffer;
386 error = smbd_smb2_request_done(smb2req, outbody, &outdyn);
387 if (!NT_STATUS_IS_OK(error)) {
388 smbd_server_connection_terminate(smb2req->sconn,
395 * TODO: needs to be moved - copied from source3/smbd/files.c
397 static unsigned long get_gen_count(struct smbd_server_connection *sconn)
399 sconn->file_gen_counter += 1;
400 if (sconn->file_gen_counter == 0) {
401 sconn->file_gen_counter += 1;
404 return sconn->file_gen_counter;
407 static NTSTATUS new_durable_reconnect_fsp(struct smbXsrv_open *op,
408 struct connection_struct *conn,
409 struct smb_filename *smb_fname,
413 NTSTATUS status = NT_STATUS_NO_MEMORY;
414 files_struct *fsp = NULL;
415 TALLOC_CTX *frame = talloc_stackframe();
416 struct smbd_server_connection *sconn = op->connection->sconn;
418 fsp = talloc_zero(frame, struct files_struct);
424 * This can't be a child of fsp because the file_handle can be ref'd
425 * when doing a dos/fcb open, which will then share the file_handle
426 * across multiple fsps.
428 fsp->fh = talloc_zero(frame, struct fd_handle);
429 if (fsp->fh == NULL) {
433 fsp->fh->ref_count = 1;
435 fsp->fh->gen_id = get_gen_count(sconn);
439 status = fsp_set_smb_fname(fsp, smb_fname);
440 if (!NT_STATUS_IS_OK(status)) {
448 talloc_steal(mem_ctx, fsp);
449 talloc_steal(mem_ctx, fsp->fh);
452 status = NT_STATUS_OK;
459 static NTSTATUS smb2_create_durable_reconnect(struct smbXsrv_open *op,
460 struct connection_struct *conn,
461 struct smb_request *smb1req,
462 struct smb_filename *smb_fname,
466 struct share_mode_lock *sharemode_lock;
467 files_struct *fsp = NULL;
470 DEBUG(0, ("OBNOX - durable_reconnect enter: (%s:%s)\n", __location__, __FUNCTION__));
472 /* 1. check entry in locking.tdb */
475 * Q: fetch with lock right away?
478 sharemode_lock = fetch_share_mode_unlocked(mem_ctx,
479 op->global->backend_file_id);
481 sharemode_lock = get_existing_share_mode_lock(mem_ctx,
482 op->global->backend_file_id);
483 if (sharemode_lock == NULL) {
484 /* TODO: use/create other fetch func with better error code */
485 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
488 if (sharemode_lock->data->num_share_modes == 0) {
489 /* should not happen? internal error? */
490 return NT_STATUS_INTERNAL_DB_ERROR;
493 if (sharemode_lock->data->num_share_modes > 1) {
495 * It can't be durable if there is more than one handle
498 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
501 if (serverid_exists(&sharemode_lock->data->share_modes[0].pid)) {
503 * server still exists
504 * TODO: check whether session exists
505 * (could have been a session_logoff())
507 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
510 /* 2. proceed with opening file */
513 * refetch with lock and update the pid // fetch with lock right away above
516 talloc_free(sharemode_lock);
517 sharemode_lock = get_share_mode_lock(mem_ctx,
518 op->global->backend_file_id);
519 if (sharemode_lock == NULL) {
520 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
524 sharemode_lock->data->share_modes[0].pid =
525 messaging_server_id(op->connection->sconn->msg_ctx);
528 * circumstances seems ok, do the open
530 status = new_durable_reconnect_fsp(op, conn, smb_fname, conn, &fsp);
531 if (!NT_STATUS_IS_OK(status)) {
535 DEBUG(0, ("OBNOX - durable_reconnect: new fsp created (%s:%s)\n", __location__, __FUNCTION__));
537 fsp->fh->fd = SMB_VFS_OPEN(conn,
540 sharemode_lock->data->share_modes[0].flags,
542 if (fsp->fh->fd == -1) {
543 status = map_nt_error_from_unix(errno);
547 /* - release the sharemode lock: this writes the changes */
548 talloc_free(sharemode_lock);
550 fsp->file_id = op->global->backend_file_id;
551 fsp->initial_allocation_size = 0;//TODO
552 fsp->file_pid = 0;//smb1req->pid;
553 fsp->vuid = smb1req->vuid;//
554 //fsp->open_time = 0;//from->open_time;
555 fsp->access_mask = sharemode_lock->data->share_modes[0].access_mask;
556 fsp->share_access = sharemode_lock->data->share_modes[0].share_access;
557 //fsp->oplock_type = sharemode_lock->data->share_modes[0].oplock_type;
558 fsp->can_lock = true;//from->can_lock;
559 fsp->can_read = (fsp->access_mask & (FILE_READ_DATA)) ? True : False;
560 if (!CAN_WRITE(conn)) {
561 fsp->can_write = False;
563 fsp->can_write = (fsp->access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ? True : False;
565 fsp->modified = false;//from->modified;
566 fsp->is_directory = false;//from->is_directory;
567 fsp->aio_write_behind = false;//from->aio_write_behind;
569 /* Q: do this in fsp creation? */
577 * ... think about seek()
582 struct smbd_smb2_create_state {
583 struct smbd_smb2_request *smb2req;
584 struct smb_request *smb1req;
585 struct timed_event *te;
586 struct tevent_immediate *im;
587 struct timeval request_time;
589 DATA_BLOB private_data;
590 uint8_t out_oplock_level;
591 uint32_t out_create_action;
592 NTTIME out_creation_time;
593 NTTIME out_last_access_time;
594 NTTIME out_last_write_time;
595 NTTIME out_change_time;
596 uint64_t out_allocation_size;
597 uint64_t out_end_of_file;
598 uint32_t out_file_attributes;
599 uint64_t out_file_id_persistent;
600 uint64_t out_file_id_volatile;
601 struct smb2_create_blobs out_context_blobs;
604 static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
605 struct tevent_context *ev,
606 struct smbd_smb2_request *smb2req,
607 uint8_t in_oplock_level,
608 uint32_t in_impersonation_level,
609 uint32_t in_desired_access,
610 uint32_t in_file_attributes,
611 uint32_t in_share_access,
612 uint32_t in_create_disposition,
613 uint32_t in_create_options,
615 struct smb2_create_blobs in_context_blobs)
617 struct tevent_req *req = NULL;
618 struct smbd_smb2_create_state *state = NULL;
620 struct smb_request *smb1req = NULL;
621 files_struct *result = NULL;
623 struct timespec write_time_ts;
624 struct smb2_create_blobs out_context_blobs;
625 int requested_oplock_level;
626 bool do_durable_reconnect = false;
627 struct smbXsrv_open *op = NULL;
629 ZERO_STRUCT(out_context_blobs);
631 if(lp_fake_oplocks(SNUM(smb2req->tcon->compat_conn))) {
632 requested_oplock_level = SMB2_OPLOCK_LEVEL_NONE;
634 requested_oplock_level = in_oplock_level;
638 if (smb2req->subreq == NULL) {
639 /* New create call. */
640 req = tevent_req_create(mem_ctx, &state,
641 struct smbd_smb2_create_state);
645 state->smb2req = smb2req;
647 smb1req = smbd_smb2_fake_smb_request(smb2req);
648 if (tevent_req_nomem(smb1req, req)) {
649 return tevent_req_post(req, ev);
651 state->smb1req = smb1req;
652 smb2req->subreq = req;
653 DEBUG(10,("smbd_smb2_create: name[%s]\n",
656 /* Re-entrant create call. */
657 req = smb2req->subreq;
658 state = tevent_req_data(req,
659 struct smbd_smb2_create_state);
660 smb1req = state->smb1req;
661 DEBUG(10,("smbd_smb2_create_send: reentrant for file %s\n",
665 if (IS_IPC(smb1req->conn)) {
666 const char *pipe_name = in_name;
668 if (!lp_nt_pipe_support()) {
669 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
670 return tevent_req_post(req, ev);
673 /* Strip \\ off the name. */
674 if (pipe_name[0] == '\\') {
678 status = open_np_file(smb1req, pipe_name, &result);
679 if (!NT_STATUS_IS_OK(status)) {
680 tevent_req_nterror(req, status);
681 return tevent_req_post(req, ev);
683 info = FILE_WAS_OPENED;
684 } else if (CAN_PRINT(smb1req->conn)) {
685 status = file_new(smb1req, smb1req->conn, &result);
686 if(!NT_STATUS_IS_OK(status)) {
687 tevent_req_nterror(req, status);
688 return tevent_req_post(req, ev);
691 status = print_spool_open(result, in_name,
693 if (!NT_STATUS_IS_OK(status)) {
694 file_free(smb1req, result);
695 tevent_req_nterror(req, status);
696 return tevent_req_post(req, ev);
698 info = FILE_WAS_CREATED;
701 struct smb_filename *smb_fname = NULL;
702 struct smb2_create_blob *exta = NULL;
703 struct ea_list *ea_list = NULL;
704 struct smb2_create_blob *mxac = NULL;
705 NTTIME max_access_time = 0;
706 struct smb2_create_blob *secd = NULL;
707 struct security_descriptor *sec_desc = NULL;
708 struct smb2_create_blob *dhnq = NULL;
709 struct smb2_create_blob *dhnc = NULL;
710 struct smb2_create_blob *alsi = NULL;
711 uint64_t allocation_size = 0;
712 struct smb2_create_blob *twrp = NULL;
713 struct smb2_create_blob *qfid = NULL;
715 exta = smb2_create_blob_find(&in_context_blobs,
716 SMB2_CREATE_TAG_EXTA);
717 mxac = smb2_create_blob_find(&in_context_blobs,
718 SMB2_CREATE_TAG_MXAC);
719 secd = smb2_create_blob_find(&in_context_blobs,
720 SMB2_CREATE_TAG_SECD);
721 dhnq = smb2_create_blob_find(&in_context_blobs,
722 SMB2_CREATE_TAG_DHNQ);
723 dhnc = smb2_create_blob_find(&in_context_blobs,
724 SMB2_CREATE_TAG_DHNC);
725 alsi = smb2_create_blob_find(&in_context_blobs,
726 SMB2_CREATE_TAG_ALSI);
727 twrp = smb2_create_blob_find(&in_context_blobs,
728 SMB2_CREATE_TAG_TWRP);
729 qfid = smb2_create_blob_find(&in_context_blobs,
730 SMB2_CREATE_TAG_QFID);
732 fname = talloc_strdup(state, in_name);
733 if (tevent_req_nomem(fname, req)) {
734 return tevent_req_post(req, ev);
739 tevent_req_nterror(req,NT_STATUS_OBJECT_NAME_NOT_FOUND);
740 return tevent_req_post(req, ev);
743 ea_list = read_nttrans_ea_list(mem_ctx,
744 (const char *)exta->data.data, exta->data.length);
746 DEBUG(10,("smbd_smb2_create_send: read_ea_name_list failed.\n"));
747 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
748 return tevent_req_post(req, ev);
754 tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
755 return tevent_req_post(req, ev);
758 if (mxac->data.length == 0) {
760 } else if (mxac->data.length == 8) {
761 max_access_time = BVAL(mxac->data.data, 0);
763 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
764 return tevent_req_post(req, ev);
769 enum ndr_err_code ndr_err;
772 tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
773 return tevent_req_post(req, ev);
776 sec_desc = talloc_zero(state, struct security_descriptor);
777 if (tevent_req_nomem(sec_desc, req)) {
778 return tevent_req_post(req, ev);
781 ndr_err = ndr_pull_struct_blob(&secd->data,
783 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
784 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
785 DEBUG(2,("ndr_pull_security_descriptor failed: %s\n",
786 ndr_errstr(ndr_err)));
787 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
788 return tevent_req_post(req, ev);
794 tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
795 return tevent_req_post(req, ev);
798 if (dhnq->data.length != 16) {
799 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
800 return tevent_req_post(req, ev);
803 * durable handle request is processed below.
808 uint64_t persistent_id;
810 DEBUG(0, ("OBNOX - dhnc found (%s:%s)\n", __location__, __FUNCTION__));
812 if (dhnc->data.length != 16) {
813 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
814 return tevent_req_post(req, ev);
817 persistent_id = BVAL(dhnc->data.data, 0);
819 status = smb2srv_open_recreate(smb2req->sconn->conn,
822 if (!NT_STATUS_IS_OK(status)) {
823 tevent_req_nterror(req, status);
824 return tevent_req_post(req, ev);
827 /* TODO: needed? or is successful global_lookup enough?) */
829 if (!op->global->durable) {
831 tevent_req_nterror(req,
832 NT_STATUS_OBJECT_NAME_NOT_FOUND);
833 return tevent_req_post(req, ev);
836 do_durable_reconnect = true;
841 tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
842 return tevent_req_post(req, ev);
845 if (alsi->data.length != 8) {
846 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
847 return tevent_req_post(req, ev);
849 allocation_size = BVAL(alsi->data.data, 0);
858 tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
859 return tevent_req_post(req, ev);
862 if (twrp->data.length != 8) {
863 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
864 return tevent_req_post(req, ev);
867 nttime = BVAL(twrp->data.data, 0);
868 t = nt_time_to_unix(nttime);
872 fname = talloc_asprintf(state,
873 "@GMT-%04u.%02u.%02u-%02u.%02u.%02u\\%s",
881 if (tevent_req_nomem(fname, req)) {
882 return tevent_req_post(req, ev);
887 if (qfid->data.length != 0) {
888 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
889 return tevent_req_post(req, ev);
893 /* these are ignored for SMB2 */
894 in_create_options &= ~(0x10);/* NTCREATEX_OPTIONS_SYNC_ALERT */
895 in_create_options &= ~(0x20);/* NTCREATEX_OPTIONS_ASYNC_ALERT */
898 * For a DFS path the function parse_dfs_path()
899 * will do the path processing.
902 if (!(smb1req->flags2 & FLAGS2_DFS_PATHNAMES)) {
903 /* convert '\\' into '/' */
904 status = check_path_syntax(fname);
905 if (!NT_STATUS_IS_OK(status)) {
906 tevent_req_nterror(req, status);
907 return tevent_req_post(req, ev);
911 status = filename_convert(req,
913 smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
915 0, /* unix_convert flags */
916 NULL, /* ppath_contains_wcards */
918 if (!NT_STATUS_IS_OK(status)) {
919 tevent_req_nterror(req, status);
920 return tevent_req_post(req, ev);
923 in_file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
925 DEBUG(5, ("%s: open execution phase\n", __FUNCTION__));
928 * For the backend file open procedure, there are
929 * two possible modes: durable_reconnect or not.
931 if (do_durable_reconnect) {
932 status = smb2_create_durable_reconnect(op,
939 DEBUG(0, ("OBNOX - durable_reconnect result: %s (%s:%s)\n", nt_errstr(status), __location__, __FUNCTION__));
941 if (!NT_STATUS_IS_OK(status)) {
942 tevent_req_nterror(req, status);
943 return tevent_req_post(req, ev);
946 status = SMB_VFS_CREATE_FILE(smb1req->conn,
948 0, /* root_dir_fid */
952 in_create_disposition,
955 map_smb2_oplock_levels_to_samba(requested_oplock_level),
957 0, /* private_flags */
962 if (!NT_STATUS_IS_OK(status)) {
963 if (open_was_deferred(smb1req->sconn, smb1req->mid)) {
966 tevent_req_nterror(req, status);
967 return tevent_req_post(req, ev);
971 DEBUG(5, ("%s: response construction phase\n", __FUNCTION__));
974 NTTIME last_write_time;
976 unix_timespec_to_nt_time(&last_write_time,
977 result->fsp_name->st.st_ex_mtime);
978 if (last_write_time != max_access_time) {
980 uint32_t max_access_granted;
981 DATA_BLOB blob = data_blob_const(p, sizeof(p));
983 status = smbd_calculate_access_mask(smb1req->conn,
985 SEC_FLAG_MAXIMUM_ALLOWED,
986 &max_access_granted);
988 SIVAL(p, 0, NT_STATUS_V(status));
989 SIVAL(p, 4, max_access_granted);
991 status = smb2_create_blob_add(state,
993 SMB2_CREATE_TAG_MXAC,
995 if (!NT_STATUS_IS_OK(status)) {
996 tevent_req_nterror(req, status);
997 return tevent_req_post(req, ev);
1003 * windows creates a dhnc response blob upon dbnc request.
1004 * this seems to contradict the documentation, though
1007 if (dhnc || (dhnq && BATCH_OPLOCK_TYPE(result->oplock_type))) {
1009 DATA_BLOB blob = data_blob_const(p, sizeof(p));
1011 DEBUG(0, ("OBNOX - constructing a dhnq response blob (%s: %s)\n", __location__, __FUNCTION__));
1013 result->smbXsrv->global->backend_file_id = result->file_id;
1014 result->smbXsrv->global->durable = true;
1016 status = smbXsrv_open_update(result->smbXsrv);
1017 if (!NT_STATUS_IS_OK(status)) {
1018 tevent_req_nterror(req, status);
1019 return tevent_req_post(req, ev);
1024 status = smb2_create_blob_add(state, &out_context_blobs,
1025 SMB2_CREATE_TAG_DHNQ,
1027 if (!NT_STATUS_IS_OK(status)) {
1028 tevent_req_nterror(req, status);
1029 return tevent_req_post(req, ev);
1035 uint64_t file_index = get_FileIndex(result->conn,
1036 &result->fsp_name->st);
1037 DATA_BLOB blob = data_blob_const(p, sizeof(p));
1041 /* From conversations with Microsoft engineers at
1042 the MS plugfest. The first 8 bytes are the "volume index"
1043 == inode, the second 8 bytes are the "volume id",
1044 == dev. This will be updated in the SMB2 doc. */
1045 SBVAL(p, 0, file_index);
1046 SIVAL(p, 8, result->fsp_name->st.st_ex_dev);/* FileIndexHigh */
1048 status = smb2_create_blob_add(state, &out_context_blobs,
1049 SMB2_CREATE_TAG_QFID,
1051 if (!NT_STATUS_IS_OK(status)) {
1052 tevent_req_nterror(req, status);
1053 return tevent_req_post(req, ev);
1058 smb2req->compat_chain_fsp = smb1req->chain_fsp;
1060 if(lp_fake_oplocks(SNUM(smb2req->tcon->compat_conn))) {
1061 state->out_oplock_level = in_oplock_level;
1063 state->out_oplock_level = map_samba_oplock_levels_to_smb2(result->oplock_type);
1066 if ((in_create_disposition == FILE_SUPERSEDE)
1067 && (info == FILE_WAS_OVERWRITTEN)) {
1068 state->out_create_action = FILE_WAS_SUPERSEDED;
1070 state->out_create_action = info;
1072 state->out_file_attributes = dos_mode(result->conn,
1074 /* Deal with other possible opens having a modified
1076 ZERO_STRUCT(write_time_ts);
1077 get_file_infos(result->file_id, 0, NULL, &write_time_ts);
1078 if (!null_timespec(write_time_ts)) {
1079 update_stat_ex_mtime(&result->fsp_name->st, write_time_ts);
1082 unix_timespec_to_nt_time(&state->out_creation_time,
1083 get_create_timespec(smb1req->conn, result,
1085 unix_timespec_to_nt_time(&state->out_last_access_time,
1086 result->fsp_name->st.st_ex_atime);
1087 unix_timespec_to_nt_time(&state->out_last_write_time,
1088 result->fsp_name->st.st_ex_mtime);
1089 unix_timespec_to_nt_time(&state->out_change_time,
1090 get_change_timespec(smb1req->conn, result,
1092 state->out_allocation_size =
1093 SMB_VFS_GET_ALLOC_SIZE(smb1req->conn, result,
1094 &(result->fsp_name->st));
1095 state->out_end_of_file = result->fsp_name->st.st_ex_size;
1096 if (state->out_file_attributes == 0) {
1097 state->out_file_attributes = FILE_ATTRIBUTE_NORMAL;
1100 state->out_file_id_persistent = result->smbXsrv->global->open_persistent_id;
1101 state->out_file_id_volatile = result->smbXsrv->global->open_volatile_id;
1102 state->out_context_blobs = out_context_blobs;
1104 tevent_req_done(req);
1105 return tevent_req_post(req, ev);
1108 static NTSTATUS smbd_smb2_create_recv(struct tevent_req *req,
1109 TALLOC_CTX *mem_ctx,
1110 uint8_t *out_oplock_level,
1111 uint32_t *out_create_action,
1112 NTTIME *out_creation_time,
1113 NTTIME *out_last_access_time,
1114 NTTIME *out_last_write_time,
1115 NTTIME *out_change_time,
1116 uint64_t *out_allocation_size,
1117 uint64_t *out_end_of_file,
1118 uint32_t *out_file_attributes,
1119 uint64_t *out_file_id_persistent,
1120 uint64_t *out_file_id_volatile,
1121 struct smb2_create_blobs *out_context_blobs)
1124 struct smbd_smb2_create_state *state = tevent_req_data(req,
1125 struct smbd_smb2_create_state);
1127 if (tevent_req_is_nterror(req, &status)) {
1128 tevent_req_received(req);
1132 *out_oplock_level = state->out_oplock_level;
1133 *out_create_action = state->out_create_action;
1134 *out_creation_time = state->out_creation_time;
1135 *out_last_access_time = state->out_last_access_time;
1136 *out_last_write_time = state->out_last_write_time;
1137 *out_change_time = state->out_change_time;
1138 *out_allocation_size = state->out_allocation_size;
1139 *out_end_of_file = state->out_end_of_file;
1140 *out_file_attributes = state->out_file_attributes;
1141 *out_file_id_persistent = state->out_file_id_persistent;
1142 *out_file_id_volatile = state->out_file_id_volatile;
1143 *out_context_blobs = state->out_context_blobs;
1145 talloc_steal(mem_ctx, state->out_context_blobs.blobs);
1147 tevent_req_received(req);
1148 return NT_STATUS_OK;
1151 /*********************************************************
1152 Code for dealing with deferred opens.
1153 *********************************************************/
1155 bool get_deferred_open_message_state_smb2(struct smbd_smb2_request *smb2req,
1156 struct timeval *p_request_time,
1159 struct smbd_smb2_create_state *state = NULL;
1160 struct tevent_req *req = NULL;
1165 if (smb2req->async_te == NULL) {
1168 req = smb2req->subreq;
1172 state = tevent_req_data(req, struct smbd_smb2_create_state);
1176 if (p_request_time) {
1177 *p_request_time = state->request_time;
1180 *pp_state = (void *)state->private_data.data;
1185 /*********************************************************
1186 Re-process this call early - requested by message or
1188 *********************************************************/
1190 static struct smbd_smb2_request *find_open_smb2req(
1191 struct smbd_server_connection *sconn, uint64_t mid)
1193 struct smbd_smb2_request *smb2req;
1195 for (smb2req = sconn->smb2.requests; smb2req; smb2req = smb2req->next) {
1196 uint64_t message_id;
1197 if (smb2req->subreq == NULL) {
1198 /* This message has been processed. */
1201 if (!tevent_req_is_in_progress(smb2req->subreq)) {
1202 /* This message has been processed. */
1205 message_id = get_mid_from_smb2req(smb2req);
1206 if (message_id == mid) {
1213 bool open_was_deferred_smb2(struct smbd_server_connection *sconn, uint64_t mid)
1215 struct smbd_smb2_create_state *state = NULL;
1216 struct smbd_smb2_request *smb2req;
1218 smb2req = find_open_smb2req(sconn, mid);
1221 DEBUG(10,("open_was_deferred_smb2: mid %llu smb2req == NULL\n",
1222 (unsigned long long)mid));
1225 if (!smb2req->subreq) {
1228 if (!tevent_req_is_in_progress(smb2req->subreq)) {
1231 state = tevent_req_data(smb2req->subreq,
1232 struct smbd_smb2_create_state);
1236 /* It's not in progress if there's no timeout event. */
1241 DEBUG(10,("open_was_deferred_smb2: mid = %llu\n",
1242 (unsigned long long)mid));
1247 static void remove_deferred_open_message_smb2_internal(struct smbd_smb2_request *smb2req,
1250 struct smbd_smb2_create_state *state = NULL;
1252 if (!smb2req->subreq) {
1255 if (!tevent_req_is_in_progress(smb2req->subreq)) {
1258 state = tevent_req_data(smb2req->subreq,
1259 struct smbd_smb2_create_state);
1264 DEBUG(10,("remove_deferred_open_message_smb2_internal: "
1266 (unsigned long long)mid ));
1268 /* Ensure we don't have any outstanding timer event. */
1269 TALLOC_FREE(state->te);
1270 /* Ensure we don't have any outstanding immediate event. */
1271 TALLOC_FREE(state->im);
1274 void remove_deferred_open_message_smb2(
1275 struct smbd_server_connection *sconn, uint64_t mid)
1277 struct smbd_smb2_request *smb2req;
1279 smb2req = find_open_smb2req(sconn, mid);
1282 DEBUG(10,("remove_deferred_open_message_smb2: "
1283 "can't find mid %llu\n",
1284 (unsigned long long)mid ));
1287 remove_deferred_open_message_smb2_internal(smb2req, mid);
1290 static void smbd_smb2_create_request_dispatch_immediate(struct tevent_context *ctx,
1291 struct tevent_immediate *im,
1294 struct smbd_smb2_request *smb2req = talloc_get_type_abort(private_data,
1295 struct smbd_smb2_request);
1296 struct smbd_server_connection *sconn = smb2req->sconn;
1297 uint64_t mid = get_mid_from_smb2req(smb2req);
1300 DEBUG(10,("smbd_smb2_create_request_dispatch_immediate: "
1301 "re-dispatching mid %llu\n",
1302 (unsigned long long)mid ));
1304 status = smbd_smb2_request_dispatch(smb2req);
1305 if (!NT_STATUS_IS_OK(status)) {
1306 smbd_server_connection_terminate(sconn, nt_errstr(status));
1311 void schedule_deferred_open_message_smb2(
1312 struct smbd_server_connection *sconn, uint64_t mid)
1314 struct smbd_smb2_create_state *state = NULL;
1315 struct smbd_smb2_request *smb2req;
1317 smb2req = find_open_smb2req(sconn, mid);
1320 DEBUG(10,("schedule_deferred_open_message_smb2: "
1321 "can't find mid %llu\n",
1322 (unsigned long long)mid ));
1325 if (!smb2req->subreq) {
1328 if (!tevent_req_is_in_progress(smb2req->subreq)) {
1331 state = tevent_req_data(smb2req->subreq,
1332 struct smbd_smb2_create_state);
1337 /* Ensure we don't have any outstanding timer event. */
1338 TALLOC_FREE(state->te);
1339 /* Ensure we don't have any outstanding immediate event. */
1340 TALLOC_FREE(state->im);
1343 * This is subtle. We must null out the callback
1344 * before resheduling, else the first call to
1345 * tevent_req_nterror() causes the _receive()
1346 * function to be called, this causing tevent_req_post()
1349 tevent_req_set_callback(smb2req->subreq, NULL, NULL);
1351 state->im = tevent_create_immediate(smb2req);
1353 smbd_server_connection_terminate(smb2req->sconn,
1354 nt_errstr(NT_STATUS_NO_MEMORY));
1358 DEBUG(10,("schedule_deferred_open_message_smb2: "
1359 "re-processing mid %llu\n",
1360 (unsigned long long)mid ));
1362 tevent_schedule_immediate(state->im,
1363 smb2req->sconn->ev_ctx,
1364 smbd_smb2_create_request_dispatch_immediate,
1368 /*********************************************************
1369 Re-process this call.
1370 *********************************************************/
1372 static void smb2_deferred_open_timer(struct event_context *ev,
1373 struct timed_event *te,
1374 struct timeval _tval,
1378 struct smbd_smb2_create_state *state = NULL;
1379 struct smbd_smb2_request *smb2req = talloc_get_type(private_data,
1380 struct smbd_smb2_request);
1382 DEBUG(10,("smb2_deferred_open_timer: [idx=%d], %s\n",
1383 smb2req->current_idx,
1384 tevent_req_default_print(smb2req->subreq, talloc_tos()) ));
1386 state = tevent_req_data(smb2req->subreq,
1387 struct smbd_smb2_create_state);
1392 * Null this out, don't talloc_free. It will
1393 * be talloc_free'd by the tevent library when
1397 /* Ensure we don't have any outstanding immediate event. */
1398 TALLOC_FREE(state->im);
1401 * This is subtle. We must null out the callback
1402 * before resheduling, else the first call to
1403 * tevent_req_nterror() causes the _receive()
1404 * function to be called, this causing tevent_req_post()
1407 tevent_req_set_callback(smb2req->subreq, NULL, NULL);
1409 status = smbd_smb2_request_dispatch(smb2req);
1411 if (!NT_STATUS_IS_OK(status)) {
1412 smbd_server_connection_terminate(smb2req->sconn,
1417 static bool smbd_smb2_create_cancel(struct tevent_req *req)
1419 struct smbd_smb2_request *smb2req = NULL;
1420 struct smbd_smb2_create_state *state = tevent_req_data(req,
1421 struct smbd_smb2_create_state);
1428 if (!state->smb2req) {
1432 smb2req = state->smb2req;
1433 mid = get_mid_from_smb2req(smb2req);
1435 remove_deferred_open_entry(state->id, mid,
1436 messaging_server_id(smb2req->sconn->msg_ctx));
1437 remove_deferred_open_message_smb2_internal(smb2req, mid);
1438 smb2req->cancelled = true;
1440 tevent_req_done(req);
1444 bool push_deferred_open_message_smb2(struct smbd_smb2_request *smb2req,
1445 struct timeval request_time,
1446 struct timeval timeout,
1451 struct tevent_req *req = NULL;
1452 struct smbd_smb2_create_state *state = NULL;
1453 struct timeval end_time;
1458 req = smb2req->subreq;
1462 state = tevent_req_data(req, struct smbd_smb2_create_state);
1467 state->request_time = request_time;
1468 state->private_data = data_blob_talloc(state, private_data,
1470 if (!state->private_data.data) {
1474 /* Re-schedule us to retry on timer expiry. */
1475 end_time = timeval_sum(&request_time, &timeout);
1477 DEBUG(10,("push_deferred_open_message_smb2: "
1479 timeval_string(talloc_tos(),
1483 state->te = tevent_add_timer(smb2req->sconn->ev_ctx,
1486 smb2_deferred_open_timer,
1492 /* allow this request to be canceled */
1493 tevent_req_set_cancel_fn(req, smbd_smb2_create_cancel);