Internal fn to set security descriptors.
****************************************************************************/
-static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
- uint32 security_info_sent)
+NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+ uint32_t security_info_sent)
{
SEC_DESC *psd = NULL;
NTSTATUS status;
SOFF_T(p,0,file_len);
p += 8;
if (flags & EXTENDED_RESPONSE_REQUIRED) {
- SSVAL(p,2,0x7);
+ uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG);
+ size_t num_names = 0;
+ unsigned int num_streams;
+ struct stream_struct *streams = NULL;
+
+ /* Do we have any EA's ? */
+ status = get_ea_names_from_file(ctx, conn, fsp,
+ smb_fname->base_name, NULL, &num_names);
+ if (NT_STATUS_IS_OK(status) && num_names) {
+ file_status &= ~NO_EAS;
+ }
+ status = SMB_VFS_STREAMINFO(conn, NULL, smb_fname->base_name, ctx,
+ &num_streams, &streams);
+ /* There is always one stream, ::$DATA. */
+ if (NT_STATUS_IS_OK(status) && num_streams > 1) {
+ file_status &= ~NO_SUBSTREAMS;
+ }
+ TALLOC_FREE(streams);
+ SSVAL(p,2,file_status);
}
p += 4;
SCVAL(p,0,fsp->is_directory ? 1 : 0);
remove_pending_change_notify_requests_by_mid(req->mid);
remove_pending_lock_requests_by_mid(req->mid);
- DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid));
+ DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n",
+ (unsigned long long)req->mid));
END_PROFILE(SMBntcancel);
return;
/****************************************************************************
Reply to query a security descriptor.
+ Callable from SMB2 and SMB2.
+ If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with
+ the required size.
+****************************************************************************/
+
+NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
+ TALLOC_CTX *mem_ctx,
+ files_struct *fsp,
+ uint32_t security_info_wanted,
+ uint32_t max_data_count,
+ uint8_t **ppmarshalled_sd,
+ size_t *psd_size)
+{
+ NTSTATUS status;
+ SEC_DESC *psd = NULL;
+
+ /*
+ * Get the permissions to return.
+ */
+
+ if (!lp_nt_acl_support(SNUM(conn))) {
+ status = get_null_nt_acl(mem_ctx, &psd);
+ } else {
+ status = SMB_VFS_FGET_NT_ACL(
+ fsp, security_info_wanted, &psd);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* If the SACL/DACL is NULL, but was requested, we mark that it is
+ * present in the reply to match Windows behavior */
+ if (psd->sacl == NULL &&
+ security_info_wanted & SACL_SECURITY_INFORMATION)
+ psd->type |= SEC_DESC_SACL_PRESENT;
+ if (psd->dacl == NULL &&
+ security_info_wanted & DACL_SECURITY_INFORMATION)
+ psd->type |= SEC_DESC_DACL_PRESENT;
+
+ *psd_size = ndr_size_security_descriptor(psd, NULL, 0);
+
+ DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n",
+ (unsigned long)*psd_size));
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("smbd_do_query_security_desc for file %s\n",
+ fsp_str_dbg(fsp)));
+ NDR_PRINT_DEBUG(security_descriptor, psd);
+ }
+
+ if (max_data_count < *psd_size) {
+ TALLOC_FREE(psd);
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
+ status = marshall_sec_desc(mem_ctx, psd,
+ ppmarshalled_sd, psd_size);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(psd);
+ return status;
+ }
+
+ TALLOC_FREE(psd);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ SMB1 reply to query a security descriptor.
****************************************************************************/
static void call_nt_transact_query_security_desc(connection_struct *conn,
{
char *params = *ppparams;
char *data = *ppdata;
- SEC_DESC *psd = NULL;
- size_t sd_size;
+ size_t sd_size = 0;
uint32 security_info_wanted;
files_struct *fsp = NULL;
NTSTATUS status;
- DATA_BLOB blob;
+ uint8_t *marshalled_sd = NULL;
if(parameter_count < 8) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
* Get the permissions to return.
*/
- if (!lp_nt_acl_support(SNUM(conn))) {
- status = get_null_nt_acl(talloc_tos(), &psd);
- } else {
- status = SMB_VFS_FGET_NT_ACL(
- fsp, security_info_wanted, &psd);
- }
+ status = smbd_do_query_security_desc(conn,
+ talloc_tos(),
+ fsp,
+ security_info_wanted,
+ max_data_count,
+ &marshalled_sd,
+ &sd_size);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
+ SIVAL(params,0,(uint32_t)sd_size);
+ send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
+ params, 4, NULL, 0);
+ return;
+ }
+
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
- /* If the SACL/DACL is NULL, but was requested, we mark that it is
- * present in the reply to match Windows behavior */
- if (psd->sacl == NULL &&
- security_info_wanted & SACL_SECURITY_INFORMATION)
- psd->type |= SEC_DESC_SACL_PRESENT;
- if (psd->dacl == NULL &&
- security_info_wanted & DACL_SECURITY_INFORMATION)
- psd->type |= SEC_DESC_DACL_PRESENT;
-
- sd_size = ndr_size_security_descriptor(psd, NULL, 0);
-
- DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
-
- if (DEBUGLEVEL >= 10) {
- DEBUG(10,("call_nt_transact_query_security_desc for file %s\n",
- fsp_str_dbg(fsp)));
- NDR_PRINT_DEBUG(security_descriptor, psd);
- }
+ SMB_ASSERT(sd_size > 0);
- SIVAL(params,0,(uint32)sd_size);
+ SIVAL(params,0,(uint32_t)sd_size);
if (max_data_count < sd_size) {
send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
- params, 4, *ppdata, 0);
+ params, 4, NULL, 0);
return;
}
/*
- * Allocate the data we will point this at.
+ * Allocate the data we will return.
*/
data = nttrans_realloc(ppdata, sd_size);
return;
}
- status = marshall_sec_desc(talloc_tos(), psd,
- &blob.data, &blob.length);
-
- if (!NT_STATUS_IS_OK(status)) {
- reply_nterror(req, status);
- return;
- }
-
- SMB_ASSERT(sd_size == blob.length);
- memcpy(data, blob.data, sd_size);
+ memcpy(data, marshalled_sd, sd_size);
send_nt_replies(conn, req, NT_STATUS_OK, params, 4, data, (int)sd_size);
send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
return;
}
+ case FSCTL_QUERY_ALLOCATED_RANGES:
+ {
+ /* FIXME: This is just a dummy reply, telling that all of the
+ * file is allocated. MKS cp needs that.
+ * Adding the real allocated ranges via FIEMAP on Linux
+ * and SEEK_DATA/SEEK_HOLE on Solaris is needed to make
+ * this FSCTL correct for sparse files.
+ */
+ NTSTATUS status;
+ uint64_t offset, length;
+
+ if (!fsp_belongs_conn(conn, req, fsp)) {
+ return;
+ }
+
+ if (data_count != 16) {
+ DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: data_count(%u) != 16 is invalid!\n",
+ data_count));
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ if (max_data_count < 16) {
+ DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: max_data_count(%u) < 16 is invalid!\n",
+ max_data_count));
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ offset = BVAL(pdata,0);
+ length = BVAL(pdata,8);
+
+ if (offset + length < offset) {
+ /* No 64-bit integer wrap. */
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ status = vfs_stat_fsp(fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
+
+ if (offset > fsp->fsp_name->st.st_ex_size ||
+ fsp->fsp_name->st.st_ex_size == 0 ||
+ length == 0) {
+ send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
+ } else {
+ uint64_t end = offset + length;
+ end = MIN(end, fsp->fsp_name->st.st_ex_size);
+ SBVAL(pdata,0,0);
+ SBVAL(pdata,8,end);
+ send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0,
+ pdata, 16);
+ }
+ return;
+ }
default:
if (!logged_ioctl_message) {
logged_ioctl_message = true; /* Only print this once... */