*/
#include "includes.h"
+#include "system/filesys.h"
+#include "smbd/smbd.h"
+#include "smbd/globals.h"
+#include "fake_file.h"
+#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "passdb/lookup_sid.h"
+#include "auth.h"
+#include "smbprofile.h"
+#include "libsmb/libsmb.h"
-extern int max_send;
-extern enum protocol_types Protocol;
extern const struct generic_mapping file_generic_mapping;
static char *nttrans_realloc(char **ptr, size_t size)
HACK ! Always assumes smb_setup field is zero.
****************************************************************************/
-void send_nt_replies(connection_struct *conn,
- struct smb_request *req, NTSTATUS nt_error,
- char *params, int paramsize,
- char *pdata, int datasize)
+static void send_nt_replies(connection_struct *conn,
+ struct smb_request *req, NTSTATUS nt_error,
+ char *params, int paramsize,
+ char *pdata, int datasize)
{
int data_to_send = datasize;
int params_to_send = paramsize;
char *pp = params;
char *pd = pdata;
int params_sent_thistime, data_sent_thistime, total_sent_thistime;
- int alignment_offset = 3;
+ int alignment_offset = 1;
int data_alignment_offset = 0;
+ struct smbd_server_connection *sconn = req->sconn;
+ int max_send = sconn->smb1.sessions.max_send;
/*
* If there genuinely are no parameters or data to send just send
if(params_to_send == 0 && data_to_send == 0) {
reply_outbuf(req, 18, 0);
+ if (NT_STATUS_V(nt_error)) {
+ error_packet_set((char *)req->outbuf,
+ 0, 0, nt_error,
+ __LINE__,__FILE__);
+ }
show_msg((char *)req->outbuf);
+ if (!srv_send_smb(sconn,
+ (char *)req->outbuf,
+ true, req->seqnum+1,
+ IS_CONN_ENCRYPTED(conn),
+ &req->pcd)) {
+ exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
+ }
+ TALLOC_FREE(req->outbuf);
return;
}
total_sent_thistime + alignment_offset
+ data_alignment_offset);
- /*
- * We might have had SMBnttranss in req->inbuf, fix that.
- */
- SCVAL(req->outbuf, smb_com, SMBnttrans);
-
/*
* Set total params and data to be sent.
*/
/* Send the packet */
show_msg((char *)req->outbuf);
- if (!srv_send_smb(smbd_server_fd(),
+ if (!srv_send_smb(sconn,
(char *)req->outbuf,
- IS_CONN_ENCRYPTED(conn))) {
+ true, req->seqnum+1,
+ IS_CONN_ENCRYPTED(conn),
+ &req->pcd)) {
exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
}
}
}
-/****************************************************************************
- Is it an NTFS stream name ?
- An NTFS file name is <path>.<extention>:<stream name>:<stream type>
- $DATA can be used as both a stream name and a stream type. A missing stream
- name or type implies $DATA.
-****************************************************************************/
-
-bool is_ntfs_stream_name(const char *fname)
-{
- if (lp_posix_pathnames()) {
- return False;
- }
- return (strchr_m(fname, ':') != NULL) ? True : False;
-}
-
/****************************************************************************
Reply to an NT create and X call on a pipe
****************************************************************************/
static void nt_open_pipe(char *fname, connection_struct *conn,
- struct smb_request *req, int *ppnum)
+ struct smb_request *req, uint16_t *ppnum)
{
files_struct *fsp;
NTSTATUS status;
DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
- /* Strip \\ off the name. */
- fname++;
+ /* Strip \\ off the name if present. */
+ while (fname[0] == '\\') {
+ fname++;
+ }
- status = np_open(req, conn, fname, &fsp);
+ status = open_np_file(req, fname, &fsp);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
struct smb_request *req)
{
char *fname = NULL;
- int pnum = -1;
+ uint16_t pnum = FNUM_FIELD_INVALID;
char *p = NULL;
uint32 flags = IVAL(req->vwv+3, 1);
TALLOC_CTX *ctx = talloc_tos();
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* This is very strange. We
* return 50 words, but only set
- * the wcnt to 42 ? It's definately
+ * the wcnt to 42 ? It's definitely
* what happens on the wire....
*/
reply_outbuf(req, 50, 0);
reply_outbuf(req, 34, 0);
}
+ SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
+ SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
+
p = (char *)req->outbuf + smb_vwv2;
p++;
SSVAL(p,0,pnum);
}
DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
+}
+
+struct case_semantics_state {
+ connection_struct *conn;
+ bool case_sensitive;
+ bool case_preserve;
+ bool short_case_preserve;
+};
- chain_reply(req);
+/****************************************************************************
+ Restore case semantics.
+****************************************************************************/
+
+static int restore_case_semantics(struct case_semantics_state *state)
+{
+ state->conn->case_sensitive = state->case_sensitive;
+ state->conn->case_preserve = state->case_preserve;
+ state->conn->short_case_preserve = state->short_case_preserve;
+ return 0;
+}
+
+/****************************************************************************
+ Save case semantics.
+****************************************************************************/
+
+static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
+ connection_struct *conn)
+{
+ struct case_semantics_state *result;
+
+ if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
+ return NULL;
+ }
+
+ result->conn = conn;
+ result->case_sensitive = conn->case_sensitive;
+ result->case_preserve = conn->case_preserve;
+ result->short_case_preserve = conn->short_case_preserve;
+
+ /* Set to POSIX. */
+ conn->case_sensitive = True;
+ conn->case_preserve = True;
+ conn->short_case_preserve = True;
+
+ talloc_set_destructor(result, restore_case_semantics);
+
+ return result;
}
/****************************************************************************
void reply_ntcreate_and_X(struct smb_request *req)
{
connection_struct *conn = req->conn;
+ struct smb_filename *smb_fname = NULL;
char *fname = NULL;
uint32 flags;
uint32 access_mask;
/* Breakout the oplock request bits so we can set the
reply bits separately. */
uint32 fattr=0;
- SMB_OFF_T file_len = 0;
- SMB_STRUCT_STAT sbuf;
+ off_t file_len = 0;
int info = 0;
files_struct *fsp = NULL;
char *p = NULL;
+ struct timespec create_timespec;
struct timespec c_timespec;
struct timespec a_timespec;
struct timespec m_timespec;
+ struct timespec write_time_ts;
NTSTATUS status;
int oplock_request;
uint8_t oplock_granted = NO_OPLOCK_RETURN;
+ struct case_semantics_state *case_state = NULL;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntcreateX);
if (req->wct < 24) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
+ goto out;
}
flags = IVAL(req->vwv+3, 1);
create_options = IVAL(req->vwv+19, 1);
root_dir_fid = (uint16)IVAL(req->vwv+5, 1);
- allocation_size = (uint64_t)IVAL(req->vwv+9, 1);
-#ifdef LARGE_SMB_OFF_T
- allocation_size |= (((uint64_t)IVAL(req->vwv+11, 1)) << 32);
-#endif
+ allocation_size = BVAL(req->vwv+9, 1);
srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
- END_PROFILE(SMBntcreateX);
- return;
+ goto out;
}
DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
if (IS_IPC(conn)) {
if (lp_nt_pipe_support()) {
do_ntcreate_pipe_open(conn, req);
- END_PROFILE(SMBntcreateX);
- return;
+ goto out;
}
- reply_doserror(req, ERRDOS, ERRnoaccess);
- END_PROFILE(SMBntcreateX);
- return;
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ goto out;
}
oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
? BATCH_OPLOCK : 0;
}
- status = create_file(conn, req, root_dir_fid, fname,
- access_mask, share_access, create_disposition,
- create_options, file_attributes, oplock_request,
- allocation_size, NULL, NULL, &fsp, &info, &sbuf);
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ status = filename_convert(ctx,
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ 0,
+ NULL,
+ &smb_fname);
+
+ TALLOC_FREE(case_state);
if (!NT_STATUS_IS_OK(status)) {
- if (open_was_deferred(req->mid)) {
- /* We have re-scheduled this call, no error. */
- END_PROFILE(SMBntcreateX);
- return;
- }
- if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
- reply_botherror(req, status, ERRDOS, ERRfilexists);
+ if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
+ reply_botherror(req,
+ NT_STATUS_PATH_NOT_COVERED,
+ ERRSRV, ERRbadpath);
+ goto out;
}
- else {
- reply_nterror(req, status);
+ reply_nterror(req, status);
+ goto out;
+ }
+
+ /*
+ * Bug #6898 - clients using Windows opens should
+ * never be able to set this attribute into the
+ * VFS.
+ */
+ file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
+
+ status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ req, /* req */
+ root_dir_fid, /* root_dir_fid */
+ smb_fname, /* fname */
+ access_mask, /* access_mask */
+ share_access, /* share_access */
+ create_disposition, /* create_disposition*/
+ create_options, /* create_options */
+ file_attributes, /* file_attributes */
+ oplock_request, /* oplock_request */
+ allocation_size, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ &info); /* pinfo */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ if (open_was_deferred(req->sconn, req->mid)) {
+ /* We have re-scheduled this call, no error. */
+ goto out;
}
- END_PROFILE(SMBntcreateX);
- return;
+ reply_openerror(req, status);
+ goto out;
}
+ /* Ensure we're pointing at the correct stat struct. */
+ TALLOC_FREE(smb_fname);
+ smb_fname = fsp->fsp_name;
+
/*
* If the caller set the extended oplock request bit
* and we granted one (by whatever means) - set the
oplock_granted = NO_OPLOCK_RETURN;
}
- file_len = sbuf.st_size;
- fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
- if (fattr == 0) {
- fattr = FILE_ATTRIBUTE_NORMAL;
- }
+ file_len = smb_fname->st.st_ex_size;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* This is very strange. We
* return 50 words, but only set
- * the wcnt to 42 ? It's definately
+ * the wcnt to 42 ? It's definitely
* what happens on the wire....
*/
reply_outbuf(req, 50, 0);
reply_outbuf(req, 34, 0);
}
+ SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
+ SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
+
p = (char *)req->outbuf + smb_vwv2;
SCVAL(p, 0, oplock_granted);
}
p += 4;
+ fattr = dos_mode(conn, smb_fname);
+ if (fattr == 0) {
+ fattr = FILE_ATTRIBUTE_NORMAL;
+ }
+
+ /* Deal with other possible opens having a modified
+ write time. JRA. */
+ ZERO_STRUCT(write_time_ts);
+ get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
+ if (!null_timespec(write_time_ts)) {
+ update_stat_ex_mtime(&smb_fname->st, write_time_ts);
+ }
+
/* Create time. */
- c_timespec = get_create_timespec(
- &sbuf,lp_fake_dir_create_times(SNUM(conn)));
- a_timespec = get_atimespec(&sbuf);
- m_timespec = get_mtimespec(&sbuf);
+ create_timespec = get_create_timespec(conn, fsp, smb_fname);
+ a_timespec = smb_fname->st.st_ex_atime;
+ m_timespec = smb_fname->st.st_ex_mtime;
+ c_timespec = get_change_timespec(conn, fsp, smb_fname);
if (lp_dos_filetime_resolution(SNUM(conn))) {
- dos_filetime_timespec(&c_timespec);
+ dos_filetime_timespec(&create_timespec);
dos_filetime_timespec(&a_timespec);
dos_filetime_timespec(&m_timespec);
+ dos_filetime_timespec(&c_timespec);
}
- put_long_date_timespec(p, c_timespec); /* create time. */
+ put_long_date_timespec(conn->ts_res, p, create_timespec); /* create time. */
p += 8;
- put_long_date_timespec(p, a_timespec); /* access time */
+ put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
p += 8;
- put_long_date_timespec(p, m_timespec); /* write time */
+ put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
p += 8;
- put_long_date_timespec(p, m_timespec); /* change time */
+ put_long_date_timespec(conn->ts_res, p, c_timespec); /* change time */
p += 8;
SIVAL(p,0,fattr); /* File Attributes. */
p += 4;
- SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf));
+ SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&smb_fname->st));
p += 8;
SOFF_T(p,0,file_len);
p += 8;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
- SSVAL(p,2,0x7);
+ uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG);
+ size_t num_names = 0;
+ unsigned int num_streams = 0;
+ struct stream_struct *streams = NULL;
+
+ /* Do we have any EA's ? */
+ status = get_ea_names_from_file(ctx, conn, fsp,
+ smb_fname->base_name, NULL, &num_names);
+ if (NT_STATUS_IS_OK(status) && num_names) {
+ file_status &= ~NO_EAS;
+ }
+ status = vfs_streaminfo(conn, NULL, smb_fname->base_name, ctx,
+ &num_streams, &streams);
+ /* There is always one stream, ::$DATA. */
+ if (NT_STATUS_IS_OK(status) && num_streams > 1) {
+ file_status &= ~NO_SUBSTREAMS;
+ }
+ TALLOC_FREE(streams);
+ SSVAL(p,2,file_status);
}
p += 4;
SCVAL(p,0,fsp->is_directory ? 1 : 0);
if (flags & EXTENDED_RESPONSE_REQUIRED) {
uint32 perms = 0;
p += 25;
- if (fsp->is_directory
- || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
+ if (fsp->is_directory ||
+ can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
perms = FILE_GENERIC_READ|FILE_EXECUTE;
SIVAL(p,0,perms);
}
- DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n",
- fsp->fnum, fsp->fsp_name));
+ DEBUG(5,("reply_ntcreate_and_X: %s, open name = %s\n",
+ fsp_fnum_dbg(fsp), smb_fname_str_dbg(smb_fname)));
- chain_reply(req);
+ out:
END_PROFILE(SMBntcreateX);
return;
}
{
char *fname = NULL;
char *params = *ppparams;
- int pnum = -1;
+ uint16_t pnum = FNUM_FIELD_INVALID;
char *p = NULL;
NTSTATUS status;
size_t param_len;
if(parameter_count < 54) {
DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count));
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
}
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
return;
}
+/*********************************************************************
+ Windows seems to do canonicalization of inheritance bits. Do the
+ same.
+*********************************************************************/
+
+static void canonicalize_inheritance_bits(struct security_descriptor *psd)
+{
+ bool set_auto_inherited = false;
+
+ /*
+ * We need to filter out the
+ * SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
+ * bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
+ * as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
+ * when an ACE is inherited. Otherwise we zero these bits out.
+ * See:
+ *
+ * http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
+ *
+ * for details.
+ */
+
+ if ((psd->type & (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ))
+ == (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
+ set_auto_inherited = true;
+ }
+
+ psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ);
+ if (set_auto_inherited) {
+ psd->type |= SEC_DESC_DACL_AUTO_INHERITED;
+ }
+}
+
/****************************************************************************
Internal fn to set security descriptors.
****************************************************************************/
-static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
- uint32 security_info_sent)
+NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
+ uint32_t security_info_sent)
{
- SEC_DESC *psd = NULL;
NTSTATUS status;
- if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
- return NT_STATUS_OK;
+ if (!CAN_WRITE(fsp->conn)) {
+ return NT_STATUS_ACCESS_DENIED;
}
- status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ if (!lp_nt_acl_support(SNUM(fsp->conn))) {
+ return NT_STATUS_OK;
}
if (psd->owner_sid == NULL) {
- security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_OWNER;
}
if (psd->group_sid == NULL) {
- security_info_sent &= ~GROUP_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_GROUP;
}
- /* Convert all the generic bits. */
- security_acl_map_generic(psd->dacl, &file_generic_mapping);
- security_acl_map_generic(psd->sacl, &file_generic_mapping);
+ /* Ensure we have at least one thing set. */
+ if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
+ if (security_info_sent & SECINFO_LABEL) {
+ /* Only consider SECINFO_LABEL if no other
+ bits are set. Just like W2K3 we don't
+ store this. */
+ return NT_STATUS_OK;
+ }
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Ensure we have the rights to do this. */
+ if (security_info_sent & SECINFO_OWNER) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (security_info_sent & SECINFO_GROUP) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (security_info_sent & SECINFO_DACL) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* Convert all the generic bits. */
+ if (psd->dacl) {
+ security_acl_map_generic(psd->dacl, &file_generic_mapping);
+ }
+ }
+
+ if (security_info_sent & SECINFO_SACL) {
+ if (!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* Convert all the generic bits. */
+ if (psd->sacl) {
+ security_acl_map_generic(psd->sacl, &file_generic_mapping);
+ }
+ }
+
+ canonicalize_inheritance_bits(psd);
if (DEBUGLEVEL >= 10) {
- DEBUG(10,("set_sd for file %s\n", fsp->fsp_name ));
+ DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor, psd);
}
return status;
}
+/****************************************************************************
+ Internal fn to set security descriptors from a data blob.
+****************************************************************************/
+
+NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+ uint32_t security_info_sent)
+{
+ struct security_descriptor *psd = NULL;
+ NTSTATUS status;
+
+ if (sd_len == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return set_sd(fsp, psd, security_info_sent);
+}
+
/****************************************************************************
Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
****************************************************************************/
-static struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
+struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
{
struct ea_list *ea_list_head = NULL;
size_t offset = 0;
if (next_offset == 0) {
break;
}
+
+ /* Integer wrap protection for the increment. */
+ if (offset + next_offset < offset) {
+ break;
+ }
+
offset += next_offset;
+
+ /* Integer wrap protection for while loop. */
+ if (offset + 4 < offset) {
+ break;
+ }
+
}
return ea_list_head;
char **ppdata, uint32 data_count,
uint32 max_data_count)
{
+ struct smb_filename *smb_fname = NULL;
char *fname = NULL;
char *params = *ppparams;
char *data = *ppdata;
/* Breakout the oplock request bits so we can set the reply bits separately. */
uint32 fattr=0;
- SMB_OFF_T file_len = 0;
- SMB_STRUCT_STAT sbuf;
+ off_t file_len = 0;
int info = 0;
files_struct *fsp = NULL;
char *p = NULL;
struct security_descriptor *sd = NULL;
uint32 ea_len;
uint16 root_dir_fid;
+ struct timespec create_timespec;
struct timespec c_timespec;
struct timespec a_timespec;
struct timespec m_timespec;
+ struct timespec write_time_ts;
struct ea_list *ea_list = NULL;
NTSTATUS status;
size_t param_len;
uint64_t allocation_size;
int oplock_request;
uint8_t oplock_granted;
+ struct case_semantics_state *case_state = NULL;
TALLOC_CTX *ctx = talloc_tos();
DEBUG(5,("call_nt_transact_create\n"));
ppsetup, setup_count,
ppparams, parameter_count,
ppdata, data_count);
- return;
+ goto out;
}
- reply_doserror(req, ERRDOS, ERRnoaccess);
- return;
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ goto out;
}
/*
if(parameter_count < 54) {
DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
+ goto out;
}
flags = IVAL(params,0);
sd_len = IVAL(params,36);
ea_len = IVAL(params,40);
root_dir_fid = (uint16)IVAL(params,4);
- allocation_size = (uint64_t)IVAL(params,12);
-#ifdef LARGE_SMB_OFF_T
- allocation_size |= (((uint64_t)IVAL(params,16)) << 32);
-#endif
+ allocation_size = BVAL(params,12);
/*
* we need to remove ignored bits when they come directly from the client
"%u, data_count = %u\n", (unsigned int)ea_len,
(unsigned int)sd_len, (unsigned int)data_count));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
+ goto out;
}
if (sd_len) {
"unmarshall_sec_desc failed: %s\n",
nt_errstr(status)));
reply_nterror(req, status);
- return;
+ goto out;
}
}
"EA's not supported.\n",
(unsigned int)ea_len));
reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
- return;
+ goto out;
}
if (ea_len < 10) {
"too small (should be more than 10)\n",
(unsigned int)ea_len ));
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
+ goto out;
}
/* We have already checked that ea_len <= data_count here. */
ea_len);
if (ea_list == NULL) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
+ goto out;
}
}
STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
- return;
+ goto out;
+ }
+
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ status = filename_convert(ctx,
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ 0,
+ NULL,
+ &smb_fname);
+
+ TALLOC_FREE(case_state);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
+ reply_botherror(req,
+ NT_STATUS_PATH_NOT_COVERED,
+ ERRSRV, ERRbadpath);
+ goto out;
+ }
+ reply_nterror(req, status);
+ goto out;
}
oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
? BATCH_OPLOCK : 0;
}
- status = create_file(conn, req, root_dir_fid, fname,
- access_mask, share_access, create_disposition,
- create_options, file_attributes, oplock_request,
- allocation_size, sd, ea_list, &fsp, &info, &sbuf);
+ /*
+ * Bug #6898 - clients using Windows opens should
+ * never be able to set this attribute into the
+ * VFS.
+ */
+ file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
+
+ status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ req, /* req */
+ root_dir_fid, /* root_dir_fid */
+ smb_fname, /* fname */
+ access_mask, /* access_mask */
+ share_access, /* share_access */
+ create_disposition, /* create_disposition*/
+ create_options, /* create_options */
+ file_attributes, /* file_attributes */
+ oplock_request, /* oplock_request */
+ allocation_size, /* allocation_size */
+ 0, /* private_flags */
+ sd, /* sd */
+ ea_list, /* ea_list */
+ &fsp, /* result */
+ &info); /* pinfo */
if(!NT_STATUS_IS_OK(status)) {
- if (open_was_deferred(req->mid)) {
+ if (open_was_deferred(req->sconn, req->mid)) {
/* We have re-scheduled this call, no error. */
return;
}
reply_openerror(req, status);
- return;
+ goto out;
}
+ /* Ensure we're pointing at the correct stat struct. */
+ TALLOC_FREE(smb_fname);
+ smb_fname = fsp->fsp_name;
+
/*
* If the caller set the extended oplock request bit
* and we granted one (by whatever means) - set the
oplock_granted = NO_OPLOCK_RETURN;
}
- file_len = sbuf.st_size;
- fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
- if (fattr == 0) {
- fattr = FILE_ATTRIBUTE_NORMAL;
- }
+ file_len = smb_fname->st.st_ex_size;
/* Realloc the size of parameters and data we will return */
if (flags & EXTENDED_RESPONSE_REQUIRED) {
}
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
- return;
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
}
p = params;
}
p += 8;
+ fattr = dos_mode(conn, smb_fname);
+ if (fattr == 0) {
+ fattr = FILE_ATTRIBUTE_NORMAL;
+ }
+
+ /* Deal with other possible opens having a modified
+ write time. JRA. */
+ ZERO_STRUCT(write_time_ts);
+ get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
+ if (!null_timespec(write_time_ts)) {
+ update_stat_ex_mtime(&smb_fname->st, write_time_ts);
+ }
+
/* Create time. */
- c_timespec = get_create_timespec(
- &sbuf,lp_fake_dir_create_times(SNUM(conn)));
- a_timespec = get_atimespec(&sbuf);
- m_timespec = get_mtimespec(&sbuf);
+ create_timespec = get_create_timespec(conn, fsp, smb_fname);
+ a_timespec = smb_fname->st.st_ex_atime;
+ m_timespec = smb_fname->st.st_ex_mtime;
+ c_timespec = get_change_timespec(conn, fsp, smb_fname);
if (lp_dos_filetime_resolution(SNUM(conn))) {
- dos_filetime_timespec(&c_timespec);
+ dos_filetime_timespec(&create_timespec);
dos_filetime_timespec(&a_timespec);
dos_filetime_timespec(&m_timespec);
+ dos_filetime_timespec(&c_timespec);
}
- put_long_date_timespec(p, c_timespec); /* create time. */
+ put_long_date_timespec(conn->ts_res, p, create_timespec); /* create time. */
p += 8;
- put_long_date_timespec(p, a_timespec); /* access time */
+ put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
p += 8;
- put_long_date_timespec(p, m_timespec); /* write time */
+ put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
p += 8;
- put_long_date_timespec(p, m_timespec); /* change time */
+ put_long_date_timespec(conn->ts_res, p, c_timespec); /* change time */
p += 8;
SIVAL(p,0,fattr); /* File Attributes. */
p += 4;
- SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf));
+ SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st));
p += 8;
SOFF_T(p,0,file_len);
p += 8;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
- SSVAL(p,2,0x7);
+ uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG);
+ size_t num_names = 0;
+ unsigned int num_streams = 0;
+ struct stream_struct *streams = NULL;
+
+ /* Do we have any EA's ? */
+ status = get_ea_names_from_file(ctx, conn, fsp,
+ smb_fname->base_name, NULL, &num_names);
+ if (NT_STATUS_IS_OK(status) && num_names) {
+ file_status &= ~NO_EAS;
+ }
+ status = vfs_streaminfo(conn, NULL, smb_fname->base_name, ctx,
+ &num_streams, &streams);
+ /* There is always one stream, ::$DATA. */
+ if (NT_STATUS_IS_OK(status) && num_streams > 1) {
+ file_status &= ~NO_SUBSTREAMS;
+ }
+ TALLOC_FREE(streams);
+ SSVAL(p,2,file_status);
}
p += 4;
SCVAL(p,0,fsp->is_directory ? 1 : 0);
if (flags & EXTENDED_RESPONSE_REQUIRED) {
uint32 perms = 0;
p += 25;
- if (fsp->is_directory
- || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
+ if (fsp->is_directory ||
+ can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
perms = FILE_GENERIC_READ|FILE_EXECUTE;
SIVAL(p,0,perms);
}
- DEBUG(5,("call_nt_transact_create: open name = %s\n", fsp->fsp_name));
+ DEBUG(5,("call_nt_transact_create: open name = %s\n",
+ smb_fname_str_dbg(smb_fname)));
/* Send the required number of replies */
send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
-
+ out:
return;
}
*/
START_PROFILE(SMBntcancel);
- remove_pending_change_notify_requests_by_mid(req->mid);
- remove_pending_lock_requests_by_mid(req->mid);
- srv_cancel_sign_response(req->mid);
+ srv_cancel_sign_response(req->sconn);
+ remove_pending_change_notify_requests_by_mid(req->sconn, req->mid);
+ remove_pending_lock_requests_by_mid_smb1(req->sconn, req->mid);
- DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid));
+ DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n",
+ (unsigned long long)req->mid));
END_PROFILE(SMBntcancel);
return;
static NTSTATUS copy_internals(TALLOC_CTX *ctx,
connection_struct *conn,
struct smb_request *req,
- const char *oldname_in,
- const char *newname_in,
+ struct smb_filename *smb_fname_src,
+ struct smb_filename *smb_fname_dst,
uint32 attrs)
{
- SMB_STRUCT_STAT sbuf1, sbuf2;
- char *oldname = NULL;
- char *newname = NULL;
- char *last_component_oldname = NULL;
- char *last_component_newname = NULL;
files_struct *fsp1,*fsp2;
uint32 fattr;
int info;
- SMB_OFF_T ret=-1;
+ off_t ret=-1;
NTSTATUS status = NT_STATUS_OK;
-
- ZERO_STRUCT(sbuf1);
- ZERO_STRUCT(sbuf2);
+ char *parent;
if (!CAN_WRITE(conn)) {
- return NT_STATUS_MEDIA_WRITE_PROTECTED;
- }
-
- status = unix_convert(ctx, conn, oldname_in, False, &oldname,
- &last_component_oldname, &sbuf1);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = check_name(conn, oldname);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ status = NT_STATUS_MEDIA_WRITE_PROTECTED;
+ goto out;
}
/* Source must already exist. */
- if (!VALID_STAT(sbuf1)) {
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- }
- /* Ensure attributes match. */
- fattr = dos_mode(conn,oldname,&sbuf1);
- if ((fattr & ~attrs) & (aHIDDEN | aSYSTEM)) {
- return NT_STATUS_NO_SUCH_FILE;
+ if (!VALID_STAT(smb_fname_src->st)) {
+ status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ goto out;
}
- status = unix_convert(ctx, conn, newname_in, False, &newname,
- &last_component_newname, &sbuf2);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = check_name(conn, newname);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ /* Ensure attributes match. */
+ fattr = dos_mode(conn, smb_fname_src);
+ if ((fattr & ~attrs) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
+ status = NT_STATUS_NO_SUCH_FILE;
+ goto out;
}
- /* Disallow if newname already exists. */
- if (VALID_STAT(sbuf2)) {
- return NT_STATUS_OBJECT_NAME_COLLISION;
+ /* Disallow if dst file already exists. */
+ if (VALID_STAT(smb_fname_dst->st)) {
+ status = NT_STATUS_OBJECT_NAME_COLLISION;
+ goto out;
}
/* No links from a directory. */
- if (S_ISDIR(sbuf1.st_mode)) {
- return NT_STATUS_FILE_IS_A_DIRECTORY;
- }
-
- /* Ensure this is within the share. */
- status = check_reduced_name(conn, oldname);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
+ status = NT_STATUS_FILE_IS_A_DIRECTORY;
+ goto out;
}
DEBUG(10,("copy_internals: doing file copy %s to %s\n",
- oldname, newname));
-
- status = open_file_ntcreate(conn, req, oldname, &sbuf1,
- FILE_READ_DATA, /* Read-only. */
- FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
- FILE_OPEN,
- 0, /* No create options. */
- FILE_ATTRIBUTE_NORMAL,
- NO_OPLOCK,
- &info, &fsp1);
+ smb_fname_str_dbg(smb_fname_src),
+ smb_fname_str_dbg(smb_fname_dst)));
+
+ status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ req, /* req */
+ 0, /* root_dir_fid */
+ smb_fname_src, /* fname */
+ FILE_READ_DATA|FILE_READ_ATTRIBUTES|
+ FILE_READ_EA, /* access_mask */
+ (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
+ FILE_SHARE_DELETE),
+ FILE_OPEN, /* create_disposition*/
+ 0, /* create_options */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes */
+ NO_OPLOCK, /* oplock_request */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp1, /* result */
+ &info); /* pinfo */
if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = open_file_ntcreate(conn, req, newname, &sbuf2,
- FILE_WRITE_DATA, /* Read-only. */
- FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
- FILE_CREATE,
- 0, /* No create options. */
- fattr,
- NO_OPLOCK,
- &info, &fsp2);
+ goto out;
+ }
+
+ status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ req, /* req */
+ 0, /* root_dir_fid */
+ smb_fname_dst, /* fname */
+ FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|
+ FILE_WRITE_EA, /* access_mask */
+ (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
+ FILE_SHARE_DELETE),
+ FILE_CREATE, /* create_disposition*/
+ 0, /* create_options */
+ fattr, /* file_attributes */
+ NO_OPLOCK, /* oplock_request */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp2, /* result */
+ &info); /* pinfo */
if (!NT_STATUS_IS_OK(status)) {
close_file(NULL, fsp1, ERROR_CLOSE);
- return status;
+ goto out;
}
- if (sbuf1.st_size) {
- ret = vfs_transfer_file(fsp1, fsp2, sbuf1.st_size);
+ if (smb_fname_src->st.st_ex_size) {
+ ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
}
/*
close_file(NULL, fsp1, NORMAL_CLOSE);
/* Ensure the modtime is set correctly on the destination file. */
- set_close_write_time(fsp2, get_mtimespec(&sbuf1));
+ set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
status = close_file(NULL, fsp2, NORMAL_CLOSE);
- /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it
+ /* Grrr. We have to do this as open_file_ntcreate adds FILE_ATTRIBUTE_ARCHIVE when it
creates the file. This isn't the correct thing to do in the copy
case. JRA */
- file_set_dosmode(conn, newname, fattr, &sbuf2,
- parent_dirname(newname),false);
-
- if (ret < (SMB_OFF_T)sbuf1.st_size) {
- return NT_STATUS_DISK_FULL;
+ if (!parent_dirname(talloc_tos(), smb_fname_dst->base_name, &parent,
+ NULL)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
}
+ file_set_dosmode(conn, smb_fname_dst, fattr, parent, false);
+ TALLOC_FREE(parent);
+ if (ret < (off_t)smb_fname_src->st.st_ex_size) {
+ status = NT_STATUS_DISK_FULL;
+ goto out;
+ }
+ out:
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
- nt_errstr(status), oldname, newname));
+ nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
+ smb_fname_str_dbg(smb_fname_dst)));
}
+
return status;
}
void reply_ntrename(struct smb_request *req)
{
connection_struct *conn = req->conn;
+ struct smb_filename *smb_fname_old = NULL;
+ struct smb_filename *smb_fname_new = NULL;
char *oldname = NULL;
char *newname = NULL;
const char *p;
bool src_has_wcard = False;
bool dest_has_wcard = False;
uint32 attrs;
+ uint32_t ucf_flags_src = 0;
+ uint32_t ucf_flags_dst = 0;
uint16 rename_type;
TALLOC_CTX *ctx = talloc_tos();
+ bool stream_rename = false;
START_PROFILE(SMBntrename);
if (req->wct < 4) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
attrs = SVAL(req->vwv+0, 0);
&status, &src_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
- END_PROFILE(SMBntrename);
- return;
- }
-
- if( is_ntfs_stream_name(oldname)) {
- /* Can't rename a stream. */
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
if (ms_has_wild(oldname)) {
reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
p++;
&status, &dest_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
- status = resolve_dfspath(ctx, conn,
- req->flags2 & FLAGS2_DFS_PATHNAMES,
- oldname,
- &oldname);
+ if (!lp_posix_pathnames()) {
+ /* The newname must begin with a ':' if the
+ oldname contains a ':'. */
+ if (strchr_m(oldname, ':')) {
+ if (newname[0] != ':') {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ goto out;
+ }
+ stream_rename = true;
+ }
+ }
+
+ /*
+ * If this is a rename operation, allow wildcards and save the
+ * destination's last component.
+ */
+ if (rename_type == RENAME_FLAG_RENAME) {
+ ucf_flags_src = UCF_COND_ALLOW_WCARD_LCOMP;
+ ucf_flags_dst = UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP;
+ }
+
+ /* rename_internals() calls unix_convert(), so don't call it here. */
+ status = filename_convert(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ oldname,
+ ucf_flags_src,
+ NULL,
+ &smb_fname_old);
if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
- reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
+ if (NT_STATUS_EQUAL(status,
+ NT_STATUS_PATH_NOT_COVERED)) {
+ reply_botherror(req,
+ NT_STATUS_PATH_NOT_COVERED,
ERRSRV, ERRbadpath);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
reply_nterror(req, status);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
- status = resolve_dfspath(ctx, conn,
- req->flags2 & FLAGS2_DFS_PATHNAMES,
- newname,
- &newname);
+ status = filename_convert(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ newname,
+ ucf_flags_dst,
+ &dest_has_wcard,
+ &smb_fname_new);
if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
- reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
+ if (NT_STATUS_EQUAL(status,
+ NT_STATUS_PATH_NOT_COVERED)) {
+ reply_botherror(req,
+ NT_STATUS_PATH_NOT_COVERED,
ERRSRV, ERRbadpath);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
reply_nterror(req, status);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
- DEBUG(3,("reply_ntrename : %s -> %s\n",oldname,newname));
+ if (stream_rename) {
+ /* smb_fname_new must be the same as smb_fname_old. */
+ TALLOC_FREE(smb_fname_new->base_name);
+ smb_fname_new->base_name = talloc_strdup(smb_fname_new,
+ smb_fname_old->base_name);
+ if (!smb_fname_new->base_name) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ DEBUG(3,("reply_ntrename: %s -> %s\n",
+ smb_fname_str_dbg(smb_fname_old),
+ smb_fname_str_dbg(smb_fname_new)));
switch(rename_type) {
case RENAME_FLAG_RENAME:
- status = rename_internals(ctx, conn, req, oldname,
- newname, attrs, False, src_has_wcard,
- dest_has_wcard, DELETE_ACCESS);
+ status = rename_internals(ctx, conn, req,
+ smb_fname_old, smb_fname_new,
+ attrs, False, src_has_wcard,
+ dest_has_wcard,
+ DELETE_ACCESS);
break;
case RENAME_FLAG_HARD_LINK:
if (src_has_wcard || dest_has_wcard) {
/* No wildcards. */
status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
} else {
- status = hardlink_internals(ctx,
- conn,
- oldname,
- newname);
+ status = hardlink_internals(ctx, conn,
+ req,
+ false,
+ smb_fname_old,
+ smb_fname_new);
}
break;
case RENAME_FLAG_COPY:
/* No wildcards. */
status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
} else {
- status = copy_internals(ctx, conn, req, oldname,
- newname, attrs);
+ status = copy_internals(ctx, conn, req,
+ smb_fname_old,
+ smb_fname_new,
+ attrs);
}
break;
case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
}
if (!NT_STATUS_IS_OK(status)) {
- if (open_was_deferred(req->mid)) {
+ if (open_was_deferred(req->sconn, req->mid)) {
/* We have re-scheduled this call. */
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
reply_nterror(req, status);
- END_PROFILE(SMBntrename);
- return;
+ goto out;
}
reply_outbuf(req, 0, 0);
-
+ out:
END_PROFILE(SMBntrename);
return;
}
don't allow a directory to be opened.
****************************************************************************/
+static void smbd_smb1_notify_reply(struct smb_request *req,
+ NTSTATUS error_code,
+ uint8_t *buf, size_t len)
+{
+ send_nt_replies(req->conn, req, error_code, (char *)buf, len, NULL, 0);
+}
+
static void call_nt_transact_notify_change(connection_struct *conn,
struct smb_request *req,
uint16 **ppsetup,
bool recursive;
if(setup_count < 6) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
DEBUG(3,("call_nt_transact_notify_change\n"));
if(!fsp) {
- reply_doserror(req, ERRDOS, ERRbadfid);
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
DEBUG(3,("call_nt_transact_notify_change: notify change "
"called on %s, filter = %s, recursive = %d\n",
- fsp->fsp_name, filter_string, recursive));
+ fsp_str_dbg(fsp), filter_string, recursive));
TALLOC_FREE(filter_string);
}
}
}
- if (fsp->notify->num_changes != 0) {
+ if (change_notify_fsp_has_changes(fsp)) {
/*
* We've got changes pending, respond immediately
* here.
*/
- change_notify_reply(fsp->conn, req, max_param_count,
- fsp->notify);
+ change_notify_reply(req,
+ NT_STATUS_OK,
+ max_param_count,
+ fsp->notify,
+ smbd_smb1_notify_reply);
/*
* change_notify_reply() above has independently sent its
status = change_notify_add_request(req,
max_param_count,
filter,
- recursive, fsp);
+ recursive, fsp,
+ smbd_smb1_notify_reply);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
}
TALLOC_CTX *ctx = talloc_tos();
if(parameter_count < 5) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
DEBUG(3,("nt transact rename from = %s, to = %s ignored!\n",
- fsp->fsp_name, new_name));
+ fsp_str_dbg(fsp), new_name));
return;
}
Fake up a completely empty SD.
*******************************************************************************/
-static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, struct security_descriptor **ppsd)
{
size_t sd_size;
/****************************************************************************
Reply to query a security descriptor.
+ Callable from SMB2 and SMB2.
+ If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with
+ the required size.
+****************************************************************************/
+
+NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
+ TALLOC_CTX *mem_ctx,
+ files_struct *fsp,
+ uint32_t security_info_wanted,
+ uint32_t max_data_count,
+ uint8_t **ppmarshalled_sd,
+ size_t *psd_size)
+{
+ NTSTATUS status;
+ struct security_descriptor *psd = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /*
+ * Get the permissions to return.
+ */
+
+ if ((security_info_wanted & SECINFO_SACL) &&
+ !(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+ DEBUG(10, ("Access to SACL denied.\n"));
+ TALLOC_FREE(frame);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) &&
+ !(fsp->access_mask & SEC_STD_READ_CONTROL)) {
+ DEBUG(10, ("Access to DACL, OWNER, or GROUP denied.\n"));
+ TALLOC_FREE(frame);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
+ SECINFO_GROUP|SECINFO_SACL)) {
+ /* Don't return SECINFO_LABEL if anything else was
+ requested. See bug #8458. */
+ security_info_wanted &= ~SECINFO_LABEL;
+ }
+
+ if (!lp_nt_acl_support(SNUM(conn))) {
+ status = get_null_nt_acl(frame, &psd);
+ } else if (security_info_wanted & SECINFO_LABEL) {
+ /* Like W2K3 return a null object. */
+ status = get_null_nt_acl(frame, &psd);
+ } else {
+ status = SMB_VFS_FGET_NT_ACL(
+ fsp, security_info_wanted, frame, &psd);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ if (!(security_info_wanted & SECINFO_OWNER)) {
+ psd->owner_sid = NULL;
+ }
+ if (!(security_info_wanted & SECINFO_GROUP)) {
+ psd->group_sid = NULL;
+ }
+ if (!(security_info_wanted & SECINFO_DACL)) {
+ psd->type &= ~SEC_DESC_DACL_PRESENT;
+ psd->dacl = NULL;
+ }
+ if (!(security_info_wanted & SECINFO_SACL)) {
+ psd->type &= ~SEC_DESC_SACL_PRESENT;
+ psd->sacl = NULL;
+ }
+
+ /* If the SACL/DACL is NULL, but was requested, we mark that it is
+ * present in the reply to match Windows behavior */
+ if (psd->sacl == NULL &&
+ security_info_wanted & SECINFO_SACL)
+ psd->type |= SEC_DESC_SACL_PRESENT;
+ if (psd->dacl == NULL &&
+ security_info_wanted & SECINFO_DACL)
+ psd->type |= SEC_DESC_DACL_PRESENT;
+
+ if (security_info_wanted & SECINFO_LABEL) {
+ /* Like W2K3 return a null object. */
+ psd->owner_sid = NULL;
+ psd->group_sid = NULL;
+ psd->dacl = NULL;
+ psd->sacl = NULL;
+ psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
+ }
+
+ *psd_size = ndr_size_security_descriptor(psd, 0);
+
+ DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n",
+ (unsigned long)*psd_size));
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("smbd_do_query_security_desc for file %s\n",
+ fsp_str_dbg(fsp)));
+ NDR_PRINT_DEBUG(security_descriptor, psd);
+ }
+
+ if (max_data_count < *psd_size) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
+ status = marshall_sec_desc(mem_ctx, psd,
+ ppmarshalled_sd, psd_size);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ SMB1 reply to query a security descriptor.
****************************************************************************/
static void call_nt_transact_query_security_desc(connection_struct *conn,
{
char *params = *ppparams;
char *data = *ppdata;
- SEC_DESC *psd = NULL;
- size_t sd_size;
+ size_t sd_size = 0;
uint32 security_info_wanted;
files_struct *fsp = NULL;
NTSTATUS status;
- DATA_BLOB blob;
+ uint8_t *marshalled_sd = NULL;
if(parameter_count < 8) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
fsp = file_fsp(req, SVAL(params,0));
if(!fsp) {
- reply_doserror(req, ERRDOS, ERRbadfid);
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
security_info_wanted = IVAL(params,4);
- DEBUG(3,("call_nt_transact_query_security_desc: file = %s, info_wanted = 0x%x\n", fsp->fsp_name,
- (unsigned int)security_info_wanted ));
+ DEBUG(3,("call_nt_transact_query_security_desc: file = %s, "
+ "info_wanted = 0x%x\n", fsp_str_dbg(fsp),
+ (unsigned int)security_info_wanted));
params = nttrans_realloc(ppparams, 4);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
* Get the permissions to return.
*/
- if (!lp_nt_acl_support(SNUM(conn))) {
- status = get_null_nt_acl(talloc_tos(), &psd);
- } else {
- status = SMB_VFS_FGET_NT_ACL(
- fsp, security_info_wanted, &psd);
- }
+ status = smbd_do_query_security_desc(conn,
+ talloc_tos(),
+ fsp,
+ security_info_wanted,
+ max_data_count,
+ &marshalled_sd,
+ &sd_size);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
+ SIVAL(params,0,(uint32_t)sd_size);
+ send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
+ params, 4, NULL, 0);
+ return;
+ }
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
- sd_size = ndr_size_security_descriptor(psd, 0);
-
- DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
+ SMB_ASSERT(sd_size > 0);
- if (DEBUGLEVEL >= 10) {
- DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name));
- NDR_PRINT_DEBUG(security_descriptor, psd);
- }
-
- SIVAL(params,0,(uint32)sd_size);
+ SIVAL(params,0,(uint32_t)sd_size);
if (max_data_count < sd_size) {
send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
- params, 4, *ppdata, 0);
+ params, 4, NULL, 0);
return;
}
/*
- * Allocate the data we will point this at.
+ * Allocate the data we will return.
*/
data = nttrans_realloc(ppdata, sd_size);
if(data == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
- return;
- }
-
- status = marshall_sec_desc(talloc_tos(), psd,
- &blob.data, &blob.length);
-
- if (!NT_STATUS_IS_OK(status)) {
- reply_nterror(req, status);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
- SMB_ASSERT(sd_size == blob.length);
- memcpy(data, blob.data, sd_size);
+ memcpy(data, marshalled_sd, sd_size);
send_nt_replies(conn, req, NT_STATUS_OK, params, 4, data, (int)sd_size);
NTSTATUS status;
if(parameter_count < 8) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
if((fsp = file_fsp(req, SVAL(params,0))) == NULL) {
- reply_doserror(req, ERRDOS, ERRbadfid);
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
+ return;
+ }
+
+ if (!CAN_WRITE(fsp->conn)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
security_info_sent = IVAL(params,4);
- DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
- (unsigned int)security_info_sent ));
+ DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n",
+ fsp_str_dbg(fsp), (unsigned int)security_info_sent));
if (data_count == 0) {
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
- status = set_sd(fsp, (uint8 *)data, data_count, security_info_sent);
+ status = set_sd_blob(fsp, (uint8 *)data, data_count, security_info_sent);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
char **ppdata, uint32 data_count,
uint32 max_data_count)
{
+ NTSTATUS status;
uint32 function;
uint16 fidnum;
files_struct *fsp;
uint8 isFSctl;
uint8 compfilter;
- static bool logged_message;
+ char *out_data = NULL;
+ uint32 out_data_len = 0;
char *pdata = *ppdata;
+ TALLOC_CTX *ctx = talloc_tos();
if (setup_count != 8) {
DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count));
isFSctl = CVAL(*ppsetup, 6);
compfilter = CVAL(*ppsetup, 7);
- DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
+ DEBUG(10, ("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
function, fidnum, isFSctl, compfilter));
fsp=file_fsp(req, fidnum);
- /* this check is done in each implemented function case for now
- because I don't want to break anything... --metze
- FSP_BELONGS_CONN(fsp,conn);*/
-
- switch (function) {
- case FSCTL_SET_SPARSE:
- /* pretend this succeeded - tho strictly we should
- mark the file sparse (if the local fs supports it)
- so we can know if we need to pre-allocate or not */
-
- DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum));
- send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
- return;
-
- case FSCTL_CREATE_OR_GET_OBJECT_ID:
- {
- unsigned char objid[16];
-
- /* This should return the object-id on this file.
- * I think I'll make this be the inode+dev. JRA.
- */
-
- DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum));
- if (!fsp_belongs_conn(conn, req, fsp)) {
- return;
- }
-
- data_count = 64;
- pdata = nttrans_realloc(ppdata, data_count);
- if (pdata == NULL) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
- push_file_id_16(pdata, &fsp->file_id);
- memcpy(pdata+16,create_volume_objectid(conn,objid),16);
- push_file_id_16(pdata+32, &fsp->file_id);
- send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0,
- pdata, data_count);
+ /*
+ * We don't really implement IOCTLs, especially on files.
+ */
+ if (!isFSctl) {
+ DEBUG(10, ("isFSctl: 0x%02X indicates IOCTL, not FSCTL!\n",
+ isFSctl));
+ reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
return;
}
- case FSCTL_GET_REPARSE_POINT:
- /* pretend this fail - my winXP does it like this
- * --metze
- */
-
- DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
- reply_nterror(req, NT_STATUS_NOT_A_REPARSE_POINT);
- return;
-
- case FSCTL_SET_REPARSE_POINT:
- /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case.
- * --metze
- */
-
- DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
- reply_nterror(req, NT_STATUS_NOT_A_REPARSE_POINT);
+ /* Has to be for an open file! */
+ if (!check_fsp_open(conn, req, fsp)) {
return;
+ }
- case FSCTL_GET_SHADOW_COPY_DATA: /* don't know if this name is right...*/
- {
- /*
- * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
- * and return their volume names. If max_data_count is 16, then it is just
- * asking for the number of volumes and length of the combined names.
- *
- * pdata is the data allocated by our caller, but that uses
- * total_data_count (which is 0 in our case) rather than max_data_count.
- * Allocate the correct amount and return the pointer to let
- * it be deallocated when we return.
- */
- SHADOW_COPY_DATA *shadow_data = NULL;
- TALLOC_CTX *shadow_mem_ctx = NULL;
- bool labels = False;
- uint32 labels_data_count = 0;
- uint32 i;
- char *cur_pdata;
-
- if (!fsp_belongs_conn(conn, req, fsp)) {
- return;
- }
-
- if (max_data_count < 16) {
- DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
- max_data_count));
- reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
- }
-
- if (max_data_count > 16) {
- labels = True;
- }
-
- shadow_mem_ctx = talloc_init("SHADOW_COPY_DATA");
- if (shadow_mem_ctx == NULL) {
- DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
-
- shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
- if (shadow_data == NULL) {
- DEBUG(0,("TALLOC_ZERO() failed!\n"));
- talloc_destroy(shadow_mem_ctx);
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
-
- shadow_data->mem_ctx = shadow_mem_ctx;
-
- /*
- * Call the VFS routine to actually do the work.
- */
- if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) {
- talloc_destroy(shadow_data->mem_ctx);
- if (errno == ENOSYS) {
- DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n",
- conn->connectpath));
- reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
- return;
- } else {
- DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n",
- conn->connectpath));
- reply_nterror(req, NT_STATUS_UNSUCCESSFUL);
- return;
- }
- }
-
- labels_data_count = (shadow_data->num_volumes*2*sizeof(SHADOW_COPY_LABEL))+2;
-
- if (!labels) {
- data_count = 16;
- } else {
- data_count = 12+labels_data_count+4;
- }
-
- if (max_data_count<data_count) {
- DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
- max_data_count,data_count));
- talloc_destroy(shadow_data->mem_ctx);
- reply_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
- return;
- }
-
- pdata = nttrans_realloc(ppdata, data_count);
- if (pdata == NULL) {
- talloc_destroy(shadow_data->mem_ctx);
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
-
- cur_pdata = pdata;
-
- /* num_volumes 4 bytes */
- SIVAL(pdata,0,shadow_data->num_volumes);
-
- if (labels) {
- /* num_labels 4 bytes */
- SIVAL(pdata,4,shadow_data->num_volumes);
- }
-
- /* needed_data_count 4 bytes */
- SIVAL(pdata,8,labels_data_count);
-
- cur_pdata+=12;
-
- DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
- shadow_data->num_volumes,fsp->fsp_name));
- if (labels && shadow_data->labels) {
- for (i=0;i<shadow_data->num_volumes;i++) {
- srvstr_push(pdata, req->flags2,
- cur_pdata, shadow_data->labels[i],
- 2*sizeof(SHADOW_COPY_LABEL),
- STR_UNICODE|STR_TERMINATE);
- cur_pdata+=2*sizeof(SHADOW_COPY_LABEL);
- DEBUGADD(10,("Label[%u]: '%s'\n",i,shadow_data->labels[i]));
- }
- }
-
- talloc_destroy(shadow_data->mem_ctx);
-
- send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0,
- pdata, data_count);
-
- return;
- }
-
- case FSCTL_FIND_FILES_BY_SID: /* I hope this name is right */
- {
- /* pretend this succeeded -
- *
- * we have to send back a list with all files owned by this SID
- *
- * but I have to check that --metze
- */
- DOM_SID sid;
- uid_t uid;
- size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
-
- DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
-
- if (!fsp_belongs_conn(conn, req, fsp)) {
- return;
- }
-
- /* unknown 4 bytes: this is not the length of the sid :-( */
- /*unknown = IVAL(pdata,0);*/
-
- sid_parse(pdata+4,sid_len,&sid);
- DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
-
- if (!sid_to_uid(&sid, &uid)) {
- DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
- sid_string_dbg(&sid),
- (unsigned long)sid_len));
- uid = (-1);
- }
-
- /* we can take a look at the find source :-)
- *
- * find ./ -uid $uid -name '*' is what we need here
- *
- *
- * and send 4bytes len and then NULL terminated unicode strings
- * for each file
- *
- * but I don't know how to deal with the paged results
- * (maybe we can hang the result anywhere in the fsp struct)
- *
- * we don't send all files at once
- * and at the next we should *not* start from the beginning,
- * so we have to cache the result
- *
- * --metze
- */
+ SMB_PERFCOUNT_SET_IOCTL(&req->pcd, function);
- /* this works for now... */
- send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
- return;
- }
- default:
- if (!logged_message) {
- logged_message = True; /* Only print this once... */
- DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n",
- function));
- }
+ /*
+ * out_data might be allocated by the VFS module, but talloc should be
+ * used, and should be cleaned up when the request ends.
+ */
+ status = SMB_VFS_FSCTL(fsp,
+ ctx,
+ function,
+ req->flags2,
+ (uint8_t *)pdata,
+ data_count,
+ (uint8_t **)&out_data,
+ max_data_count,
+ &out_data_len);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ } else {
+ send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, out_data, out_data_len);
}
-
- reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
}
files_struct *fsp = NULL;
uint16 level = 0;
size_t sid_len;
- DOM_SID sid;
+ struct dom_sid sid;
bool start_enum = True;
SMB_NTQUOTA_STRUCT qt;
SMB_NTQUOTA_LIST *tmp_list;
ZERO_STRUCT(qt);
/* access check */
- if (conn->server_info->utok.uid != 0) {
+ if (get_current_uid(conn) != 0) {
DEBUG(1,("get_user_quota: access_denied service [%s] user "
- "[%s]\n", lp_servicename(SNUM(conn)),
- conn->server_info->unix_name));
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ "[%s]\n", lp_servicename(talloc_tos(), SNUM(conn)),
+ conn->session_info->unix_info->unix_name));
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
if (parameter_count < 4) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count));
- reply_doserror(req, ERRDOS, ERRinvalidparam);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
}
if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0) {
- reply_doserror(req, ERRSRV, ERRerror);
+ reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
if(pdata == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
if (data_count < 8) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
sid_len = IVAL(pdata,4);
/* Ensure this is less than 1mb. */
if (sid_len > (1024*1024)) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
if (data_count < 8+sid_len) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
break;
}
- sid_parse(pdata+8,sid_len,&sid);
+ if (!sid_parse(pdata+8,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
ZERO_STRUCT(qt);
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
pdata = nttrans_realloc(ppdata, data_len);
if(pdata == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
break;
default:
- DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp->fnum,level));
- reply_doserror(req, ERRSRV, ERRerror);
+ DEBUG(0, ("do_nt_transact_get_user_quota: %s: unknown "
+ "level 0x%04hX\n",
+ fsp_fnum_dbg(fsp), level));
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
break;
}
int data_len=0,param_len=0;
SMB_NTQUOTA_STRUCT qt;
size_t sid_len;
- DOM_SID sid;
+ struct dom_sid sid;
files_struct *fsp = NULL;
ZERO_STRUCT(qt);
/* access check */
- if (conn->server_info->utok.uid != 0) {
+ if (get_current_uid(conn) != 0) {
DEBUG(1,("set_user_quota: access_denied service [%s] user "
- "[%s]\n", lp_servicename(SNUM(conn)),
- conn->server_info->unix_name));
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ "[%s]\n", lp_servicename(talloc_tos(), SNUM(conn)),
+ conn->session_info->unix_info->unix_name));
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
if (parameter_count < 2) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count));
- reply_doserror(req, ERRDOS, ERRinvalidparam);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
if (data_count < 40) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* sid len */
sid_len = IVAL(pdata,4);
- if (data_count < 40+sid_len) {
+ if (data_count < 40+sid_len || (40+sid_len < sid_len)) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
*/
/* the used space 8 bytes (uint64_t)*/
- qt.usedspace = (uint64_t)IVAL(pdata,16);
-#ifdef LARGE_SMB_OFF_T
- qt.usedspace |= (((uint64_t)IVAL(pdata,20)) << 32);
-#else /* LARGE_SMB_OFF_T */
- if ((IVAL(pdata,20) != 0)&&
- ((qt.usedspace != 0xFFFFFFFF)||
- (IVAL(pdata,20)!=0xFFFFFFFF))) {
- /* more than 32 bits? */
- reply_doserror(req, ERRDOS, ERRunknownlevel);
- return;
- }
-#endif /* LARGE_SMB_OFF_T */
+ qt.usedspace = BVAL(pdata,16);
/* the soft quotas 8 bytes (uint64_t)*/
- qt.softlim = (uint64_t)IVAL(pdata,24);
-#ifdef LARGE_SMB_OFF_T
- qt.softlim |= (((uint64_t)IVAL(pdata,28)) << 32);
-#else /* LARGE_SMB_OFF_T */
- if ((IVAL(pdata,28) != 0)&&
- ((qt.softlim != 0xFFFFFFFF)||
- (IVAL(pdata,28)!=0xFFFFFFFF))) {
- /* more than 32 bits? */
- reply_doserror(req, ERRDOS, ERRunknownlevel);
- return;
- }
-#endif /* LARGE_SMB_OFF_T */
+ qt.softlim = BVAL(pdata,24);
/* the hard quotas 8 bytes (uint64_t)*/
- qt.hardlim = (uint64_t)IVAL(pdata,32);
-#ifdef LARGE_SMB_OFF_T
- qt.hardlim |= (((uint64_t)IVAL(pdata,36)) << 32);
-#else /* LARGE_SMB_OFF_T */
- if ((IVAL(pdata,36) != 0)&&
- ((qt.hardlim != 0xFFFFFFFF)||
- (IVAL(pdata,36)!=0xFFFFFFFF))) {
- /* more than 32 bits? */
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ qt.hardlim = BVAL(pdata,32);
+
+ if (!sid_parse(pdata+40,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
-#endif /* LARGE_SMB_OFF_T */
- sid_parse(pdata+40,sid_len,&sid);
DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
/* 44 unknown bytes left... */
if (vfs_set_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
- reply_doserror(req, ERRSRV, ERRerror);
+ reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
struct trans_state *state,
struct smb_request *req)
{
- if (Protocol >= PROTOCOL_NT1) {
+ if (get_Protocol() >= PROTOCOL_NT1) {
req->flags2 |= 0x40; /* IS_LONG_NAME */
- SSVAL(req->inbuf,smb_flg2,req->flags2);
+ SSVAL(discard_const_p(uint8_t, req->inbuf),smb_flg2,req->flags2);
}
+
+ SMB_PERFCOUNT_SET_SUBOP(&req->pcd, state->call);
+
/* Now we must call the relevant NT_TRANS function */
switch(state->call) {
case NT_TRANSACT_CREATE:
/* Error in request */
DEBUG(0,("handle_nttrans: Unknown request %d in "
"nttrans call\n", state->call));
- reply_doserror(req, ERRSRV, ERRerror);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
return;
uint16 function_code;
NTSTATUS result;
struct trans_state *state;
- uint32_t av_size;
START_PROFILE(SMBnttrans);
return;
}
- av_size = smb_len(req->inbuf);
pscnt = IVAL(req->vwv+9, 1);
psoff = IVAL(req->vwv+11, 1);
dscnt = IVAL(req->vwv+13, 1);
function_code = SVAL(req->vwv+18, 0);
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
- reply_doserror(req, ERRSRV, ERRaccess);
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
END_PROFILE(SMBnttrans);
return;
}
return;
}
- if ((state = TALLOC_P(conn, struct trans_state)) == NULL) {
- reply_doserror(req, ERRSRV, ERRaccess);
+ if ((state = talloc(conn, struct trans_state)) == NULL) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
/* Don't allow more than 128mb for each value. */
if ((state->total_data > (1024*1024*128)) ||
(state->total_param > (1024*1024*128))) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
goto bad_param;
if (state->total_data) {
+
+ if (trans_oob(state->total_data, 0, dscnt)
+ || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) {
+ goto bad_param;
+ }
+
/* Can't use talloc here, the core routines do realloc on the
* params and data. */
if ((state->data = (char *)SMB_MALLOC(state->total_data)) == NULL) {
DEBUG(0,("reply_nttrans: data malloc fail for %u "
"bytes !\n", (unsigned int)state->total_data));
TALLOC_FREE(state);
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
- if (dscnt > state->total_data ||
- dsoff+dscnt < dsoff) {
- goto bad_param;
- }
-
- if (dsoff > av_size ||
- dscnt > av_size ||
- dsoff+dscnt > av_size) {
- goto bad_param;
- }
-
memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt);
}
if (state->total_param) {
+
+ if (trans_oob(state->total_param, 0, pscnt)
+ || trans_oob(smb_len(req->inbuf), psoff, pscnt)) {
+ goto bad_param;
+ }
+
/* Can't use talloc here, the core routines do realloc on the
* params and data. */
if ((state->param = (char *)SMB_MALLOC(state->total_param)) == NULL) {
"bytes !\n", (unsigned int)state->total_param));
SAFE_FREE(state->data);
TALLOC_FREE(state);
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
- if (pscnt > state->total_param ||
- psoff+pscnt < psoff) {
- goto bad_param;
- }
-
- if (psoff > av_size ||
- pscnt > av_size ||
- psoff+pscnt > av_size) {
- goto bad_param;
- }
-
memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt);
}
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
connection_struct *conn = req->conn;
uint32_t pcnt,poff,dcnt,doff,pdisp,ddisp;
struct trans_state *state;
- uint32_t av_size;
- uint32_t size;
START_PROFILE(SMBnttranss);
- show_msg((char *)req->inbuf);
+ show_msg((const char *)req->inbuf);
+
+ /* Windows clients expect all replies to
+ an NT transact secondary (SMBnttranss 0xA1)
+ to have a command code of NT transact
+ (SMBnttrans 0xA0). See bug #8989 for details. */
+ req->cmd = SMBnttrans;
if (req->wct < 18) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
state->total_data = IVAL(req->vwv+3, 1);
}
- size = smb_len(req->inbuf) + 4;
- av_size = smb_len(req->inbuf);
-
pcnt = IVAL(req->vwv+5, 1);
poff = IVAL(req->vwv+7, 1);
pdisp = IVAL(req->vwv+9, 1);
goto bad_param;
if (pcnt) {
- if (pdisp > state->total_param ||
- pcnt > state->total_param ||
- pdisp+pcnt > state->total_param ||
- pdisp+pcnt < pdisp) {
- goto bad_param;
- }
-
- if (poff > av_size ||
- pcnt > av_size ||
- poff+pcnt > av_size ||
- poff+pcnt < poff) {
+ if (trans_oob(state->total_param, pdisp, pcnt)
+ || trans_oob(smb_len(req->inbuf), poff, pcnt)) {
goto bad_param;
}
-
- memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,
- pcnt);
+ memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,pcnt);
}
if (dcnt) {
- if (ddisp > state->total_data ||
- dcnt > state->total_data ||
- ddisp+dcnt > state->total_data ||
- ddisp+dcnt < ddisp) {
+ if (trans_oob(state->total_data, ddisp, dcnt)
+ || trans_oob(smb_len(req->inbuf), doff, dcnt)) {
goto bad_param;
}
-
- if (doff > av_size ||
- dcnt > av_size ||
- doff+dcnt > av_size ||
- doff+dcnt < doff) {
- goto bad_param;
- }
-
- memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,
- dcnt);
+ memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt);
}
if ((state->received_param < state->total_param) ||