2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2004.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
33 unsigned int smb_echo_count = 0;
34 extern uint32 global_client_caps;
36 extern struct current_user current_user;
37 extern BOOL global_encrypted_passwords_negotiated;
39 /****************************************************************************
40 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 NTSTATUS check_path_syntax(pstring destname, const pstring srcname)
49 const char *s = srcname;
50 NTSTATUS ret = NT_STATUS_OK;
51 BOOL start_of_name_component = True;
52 unsigned int num_bad_components = 0;
55 if (IS_DIRECTORY_SEP(*s)) {
57 * Safe to assume is not the second part of a mb char as this is handled below.
59 /* Eat multiple '/' or '\\' */
60 while (IS_DIRECTORY_SEP(*s)) {
63 if ((d != destname) && (*s != '\0')) {
64 /* We only care about non-leading or trailing '/' or '\\' */
68 start_of_name_component = True;
72 if (start_of_name_component) {
73 if ((s[0] == '.') && (s[1] == '.') && (IS_DIRECTORY_SEP(s[2]) || s[2] == '\0')) {
74 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
77 * No mb char starts with '.' so we're safe checking the directory separator here.
80 /* If we just added a '/' - delete it */
81 if ((d > destname) && (*(d-1) == '/')) {
86 /* Are we at the start ? Can't go back further if so. */
88 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
91 /* Go back one level... */
92 /* We know this is safe as '/' cannot be part of a mb sequence. */
93 /* NOTE - if this assumption is invalid we are not in good shape... */
94 /* Decrement d first as d points to the *next* char to write into. */
95 for (d--; d > destname; d--) {
99 s += 2; /* Else go past the .. */
100 /* We're still at the start of a name component, just the previous one. */
102 if (num_bad_components) {
103 /* Hmmm. Should we only decrement the bad_components if
104 we're removing a bad component ? Need to check this. JRA. */
105 num_bad_components--;
110 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_DIRECTORY_SEP(s[1]))) {
111 /* Component of pathname can't be "." only. */
112 ret = NT_STATUS_OBJECT_NAME_INVALID;
113 num_bad_components++;
121 return NT_STATUS_OBJECT_NAME_INVALID;
129 return NT_STATUS_OBJECT_NAME_INVALID;
136 /* Get the size of the next MB character. */
137 next_codepoint(s,&siz);
155 DEBUG(0,("check_path_syntax: character length assumptions invalid !\n"));
157 return NT_STATUS_INVALID_PARAMETER;
160 if (start_of_name_component && num_bad_components) {
161 num_bad_components++;
163 start_of_name_component = False;
166 if (NT_STATUS_EQUAL(ret, NT_STATUS_OBJECT_NAME_INVALID)) {
167 if (num_bad_components > 1) {
168 ret = NT_STATUS_OBJECT_PATH_NOT_FOUND;
176 /****************************************************************************
177 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
178 path or anything including wildcards.
179 We're assuming here that '/' is not the second byte in any multibyte char
180 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
182 ****************************************************************************/
184 NTSTATUS check_path_syntax_wcard(pstring destname, const pstring srcname, BOOL *p_contains_wcard)
187 const char *s = srcname;
188 NTSTATUS ret = NT_STATUS_OK;
189 BOOL start_of_name_component = True;
190 unsigned int num_bad_components = 0;
192 *p_contains_wcard = False;
195 if (IS_DIRECTORY_SEP(*s)) {
197 * Safe to assume is not the second part of a mb char as this is handled below.
199 /* Eat multiple '/' or '\\' */
200 while (IS_DIRECTORY_SEP(*s)) {
203 if ((d != destname) && (*s != '\0')) {
204 /* We only care about non-leading or trailing '/' or '\\' */
208 start_of_name_component = True;
212 if (start_of_name_component) {
213 if ((s[0] == '.') && (s[1] == '.') && (IS_DIRECTORY_SEP(s[2]) || s[2] == '\0')) {
214 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
217 * No mb char starts with '.' so we're safe checking the directory separator here.
220 /* If we just added a '/' - delete it */
221 if ((d > destname) && (*(d-1) == '/')) {
226 /* Are we at the start ? Can't go back further if so. */
228 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
231 /* Go back one level... */
232 /* We know this is safe as '/' cannot be part of a mb sequence. */
233 /* NOTE - if this assumption is invalid we are not in good shape... */
234 /* Decrement d first as d points to the *next* char to write into. */
235 for (d--; d > destname; d--) {
239 s += 2; /* Else go past the .. */
240 /* We're still at the start of a name component, just the previous one. */
242 if (num_bad_components) {
243 /* Hmmm. Should we only decrement the bad_components if
244 we're removing a bad component ? Need to check this. JRA. */
245 num_bad_components--;
250 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_DIRECTORY_SEP(s[1]))) {
251 /* Component of pathname can't be "." only. */
252 ret = NT_STATUS_OBJECT_NAME_INVALID;
253 num_bad_components++;
261 return NT_STATUS_OBJECT_NAME_INVALID;
263 if (!*p_contains_wcard) {
270 *p_contains_wcard = True;
279 /* Get the size of the next MB character. */
280 next_codepoint(s,&siz);
298 DEBUG(0,("check_path_syntax_wcard: character length assumptions invalid !\n"));
300 return NT_STATUS_INVALID_PARAMETER;
303 if (start_of_name_component && num_bad_components) {
304 num_bad_components++;
306 start_of_name_component = False;
309 if (NT_STATUS_EQUAL(ret, NT_STATUS_OBJECT_NAME_INVALID)) {
310 /* For some strange reason being called from findfirst changes
311 the num_components number to cause the error return to change. JRA. */
312 if (num_bad_components > 2) {
313 ret = NT_STATUS_OBJECT_PATH_NOT_FOUND;
321 /****************************************************************************
322 Check the path for a POSIX client.
323 We're assuming here that '/' is not the second byte in any multibyte char
324 set (a safe assumption).
325 ****************************************************************************/
327 NTSTATUS check_path_syntax_posix(pstring destname, const pstring srcname)
330 const char *s = srcname;
331 NTSTATUS ret = NT_STATUS_OK;
332 BOOL start_of_name_component = True;
337 * Safe to assume is not the second part of a mb char as this is handled below.
339 /* Eat multiple '/' or '\\' */
343 if ((d != destname) && (*s != '\0')) {
344 /* We only care about non-leading or trailing '/' */
348 start_of_name_component = True;
352 if (start_of_name_component) {
353 if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) {
354 /* Uh oh - "/../" or "/..\0" ! */
357 * No mb char starts with '.' so we're safe checking the directory separator here.
360 /* If we just added a '/' - delete it */
361 if ((d > destname) && (*(d-1) == '/')) {
366 /* Are we at the start ? Can't go back further if so. */
368 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
371 /* Go back one level... */
372 /* We know this is safe as '/' cannot be part of a mb sequence. */
373 /* NOTE - if this assumption is invalid we are not in good shape... */
374 /* Decrement d first as d points to the *next* char to write into. */
375 for (d--; d > destname; d--) {
379 s += 2; /* Else go past the .. */
382 } else if ((s[0] == '.') && ((s[1] == '\0') || (s[1] == '/'))) {
393 /* Get the size of the next MB character. */
394 next_codepoint(s,&siz);
412 DEBUG(0,("check_path_syntax_posix: character length assumptions invalid !\n"));
414 return NT_STATUS_INVALID_PARAMETER;
417 start_of_name_component = False;
424 /****************************************************************************
425 Pull a string and check the path allowing a wilcard - provide for error return.
426 ****************************************************************************/
428 size_t srvstr_get_path_wcard(char *inbuf, char *dest, const char *src, size_t dest_len, size_t src_len, int flags,
429 NTSTATUS *err, BOOL *contains_wcard)
432 char *tmppath_ptr = tmppath;
435 SMB_ASSERT(dest_len == sizeof(pstring));
439 ret = srvstr_pull_buf( inbuf, tmppath_ptr, src, dest_len, flags);
441 ret = srvstr_pull( inbuf, tmppath_ptr, src, dest_len, src_len, flags);
444 *contains_wcard = False;
446 if (lp_posix_pathnames()) {
447 *err = check_path_syntax_posix(dest, tmppath);
449 *err = check_path_syntax_wcard(dest, tmppath, contains_wcard);
455 /****************************************************************************
456 Pull a string and check the path - provide for error return.
457 ****************************************************************************/
459 size_t srvstr_get_path(char *inbuf, char *dest, const char *src, size_t dest_len, size_t src_len, int flags, NTSTATUS *err)
462 char *tmppath_ptr = tmppath;
465 SMB_ASSERT(dest_len == sizeof(pstring));
469 ret = srvstr_pull_buf( inbuf, tmppath_ptr, src, dest_len, flags);
471 ret = srvstr_pull( inbuf, tmppath_ptr, src, dest_len, src_len, flags);
473 if (lp_posix_pathnames()) {
474 *err = check_path_syntax_posix(dest, tmppath);
476 *err = check_path_syntax(dest, tmppath);
482 /****************************************************************************
483 Reply to a special message.
484 ****************************************************************************/
486 int reply_special(char *inbuf,char *outbuf)
489 int msg_type = CVAL(inbuf,0);
490 int msg_flags = CVAL(inbuf,1);
494 static BOOL already_got_session = False;
498 memset(outbuf,'\0',smb_size);
500 smb_setlen(outbuf,0);
503 case 0x81: /* session request */
505 if (already_got_session) {
506 exit_server_cleanly("multiple session request not permitted");
509 SCVAL(outbuf,0,0x82);
511 if (name_len(inbuf+4) > 50 ||
512 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
513 DEBUG(0,("Invalid name length in session request\n"));
516 name_extract(inbuf,4,name1);
517 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
518 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
521 set_local_machine_name(name1, True);
522 set_remote_machine_name(name2, True);
524 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
525 get_local_machine_name(), get_remote_machine_name(),
528 if (name_type == 'R') {
529 /* We are being asked for a pathworks session ---
531 SCVAL(outbuf, 0,0x83);
535 /* only add the client's machine name to the list
536 of possibly valid usernames if we are operating
537 in share mode security */
538 if (lp_security() == SEC_SHARE) {
539 add_session_user(get_remote_machine_name());
542 reload_services(True);
545 already_got_session = True;
548 case 0x89: /* session keepalive request
549 (some old clients produce this?) */
550 SCVAL(outbuf,0,SMBkeepalive);
554 case 0x82: /* positive session response */
555 case 0x83: /* negative session response */
556 case 0x84: /* retarget session response */
557 DEBUG(0,("Unexpected session response\n"));
560 case SMBkeepalive: /* session keepalive */
565 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
566 msg_type, msg_flags));
571 /****************************************************************************
573 conn POINTER CAN BE NULL HERE !
574 ****************************************************************************/
576 int reply_tcon(connection_struct *conn,
577 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
584 uint16 vuid = SVAL(inbuf,smb_uid);
588 DATA_BLOB password_blob;
590 START_PROFILE(SMBtcon);
592 *service_buf = *password = *dev = 0;
594 p = smb_buf(inbuf)+1;
595 p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1;
596 pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1;
598 p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1;
600 p = strrchr_m(service_buf,'\\');
604 service = service_buf;
607 password_blob = data_blob(password, pwlen+1);
609 conn = make_connection(service,password_blob,dev,vuid,&nt_status);
611 data_blob_clear_free(&password_blob);
614 END_PROFILE(SMBtcon);
615 return ERROR_NT(nt_status);
618 outsize = set_message(outbuf,2,0,True);
619 SSVAL(outbuf,smb_vwv0,max_recv);
620 SSVAL(outbuf,smb_vwv1,conn->cnum);
621 SSVAL(outbuf,smb_tid,conn->cnum);
623 DEBUG(3,("tcon service=%s cnum=%d\n",
624 service, conn->cnum));
626 END_PROFILE(SMBtcon);
630 /****************************************************************************
631 Reply to a tcon and X.
632 conn POINTER CAN BE NULL HERE !
633 ****************************************************************************/
635 int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
640 /* what the cleint thinks the device is */
641 fstring client_devicetype;
642 /* what the server tells the client the share represents */
643 const char *server_devicetype;
645 uint16 vuid = SVAL(inbuf,smb_uid);
646 int passlen = SVAL(inbuf,smb_vwv3);
650 START_PROFILE(SMBtconX);
652 *service = *client_devicetype = 0;
654 /* we might have to close an old one */
655 if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
656 close_cnum(conn,vuid);
659 if (passlen > MAX_PASS_LEN) {
660 return ERROR_DOS(ERRDOS,ERRbuftoosmall);
663 if (global_encrypted_passwords_negotiated) {
664 password = data_blob(smb_buf(inbuf),passlen);
666 password = data_blob(smb_buf(inbuf),passlen+1);
667 /* Ensure correct termination */
668 password.data[passlen]=0;
671 p = smb_buf(inbuf) + passlen;
672 p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE);
675 * the service name can be either: \\server\share
676 * or share directly like on the DELL PowerVault 705
679 q = strchr_m(path+2,'\\');
681 END_PROFILE(SMBtconX);
682 return(ERROR_DOS(ERRDOS,ERRnosuchshare));
684 fstrcpy(service,q+1);
687 fstrcpy(service,path);
689 p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII);
691 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
693 conn = make_connection(service,password,client_devicetype,vuid,&nt_status);
695 data_blob_clear_free(&password);
698 END_PROFILE(SMBtconX);
699 return ERROR_NT(nt_status);
703 server_devicetype = "IPC";
704 else if ( IS_PRINT(conn) )
705 server_devicetype = "LPT1:";
707 server_devicetype = "A:";
709 if (Protocol < PROTOCOL_NT1) {
710 set_message(outbuf,2,0,True);
712 p += srvstr_push(outbuf, p, server_devicetype, -1,
713 STR_TERMINATE|STR_ASCII);
714 set_message_end(outbuf,p);
716 /* NT sets the fstype of IPC$ to the null string */
717 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
719 set_message(outbuf,3,0,True);
722 p += srvstr_push(outbuf, p, server_devicetype, -1,
723 STR_TERMINATE|STR_ASCII);
724 p += srvstr_push(outbuf, p, fstype, -1,
727 set_message_end(outbuf,p);
729 /* what does setting this bit do? It is set by NT4 and
730 may affect the ability to autorun mounted cdroms */
731 SSVAL(outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
732 (lp_csc_policy(SNUM(conn)) << 2));
734 init_dfsroot(conn, inbuf, outbuf);
738 DEBUG(3,("tconX service=%s \n",
741 /* set the incoming and outgoing tid to the just created one */
742 SSVAL(inbuf,smb_tid,conn->cnum);
743 SSVAL(outbuf,smb_tid,conn->cnum);
745 END_PROFILE(SMBtconX);
746 return chain_reply(inbuf,outbuf,length,bufsize);
749 /****************************************************************************
750 Reply to an unknown type.
751 ****************************************************************************/
753 int reply_unknown(char *inbuf,char *outbuf)
756 type = CVAL(inbuf,smb_com);
758 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
759 smb_fn_name(type), type, type));
761 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
764 /****************************************************************************
766 conn POINTER CAN BE NULL HERE !
767 ****************************************************************************/
769 int reply_ioctl(connection_struct *conn,
770 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
772 uint16 device = SVAL(inbuf,smb_vwv1);
773 uint16 function = SVAL(inbuf,smb_vwv2);
774 uint32 ioctl_code = (device << 16) + function;
775 int replysize, outsize;
777 START_PROFILE(SMBioctl);
779 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
781 switch (ioctl_code) {
782 case IOCTL_QUERY_JOB_INFO:
786 END_PROFILE(SMBioctl);
787 return(ERROR_DOS(ERRSRV,ERRnosupport));
790 outsize = set_message(outbuf,8,replysize+1,True);
791 SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
792 SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
793 SSVAL(outbuf,smb_vwv6,52); /* Offset to data */
794 p = smb_buf(outbuf) + 1; /* Allow for alignment */
796 switch (ioctl_code) {
797 case IOCTL_QUERY_JOB_INFO:
799 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
801 END_PROFILE(SMBioctl);
802 return(UNIXERROR(ERRDOS,ERRbadfid));
804 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
805 srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII);
807 srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII);
813 END_PROFILE(SMBioctl);
817 /****************************************************************************
819 ****************************************************************************/
821 int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
826 BOOL bad_path = False;
827 SMB_STRUCT_STAT sbuf;
830 START_PROFILE(SMBchkpth);
832 srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status);
833 if (!NT_STATUS_IS_OK(status)) {
834 END_PROFILE(SMBchkpth);
836 /* Strange DOS error code semantics only for chkpth... */
837 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
838 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
839 /* We need to map to ERRbadpath */
840 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
843 return ERROR_NT(status);
846 RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
848 unix_convert(name,conn,0,&bad_path,&sbuf);
850 END_PROFILE(SMBchkpth);
851 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
854 if (check_name(name,conn)) {
855 if (VALID_STAT(sbuf) || SMB_VFS_STAT(conn,name,&sbuf) == 0)
856 if (!(ok = S_ISDIR(sbuf.st_mode))) {
857 END_PROFILE(SMBchkpth);
858 return ERROR_BOTH(NT_STATUS_NOT_A_DIRECTORY,ERRDOS,ERRbadpath);
863 /* We special case this - as when a Windows machine
864 is parsing a path is steps through the components
865 one at a time - if a component fails it expects
866 ERRbadpath, not ERRbadfile.
868 if(errno == ENOENT) {
870 * Windows returns different error codes if
871 * the parent directory is valid but not the
872 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
873 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
874 * if the path is invalid. This is different from set_bad_path_error()
875 * in the non-NT error case.
877 END_PROFILE(SMBchkpth);
878 return ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpath);
881 END_PROFILE(SMBchkpth);
882 return(UNIXERROR(ERRDOS,ERRbadpath));
885 outsize = set_message(outbuf,0,0,False);
886 DEBUG(3,("chkpth %s mode=%d\n", name, (int)SVAL(inbuf,smb_vwv0)));
888 END_PROFILE(SMBchkpth);
892 /****************************************************************************
894 ****************************************************************************/
896 int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
900 SMB_STRUCT_STAT sbuf;
905 BOOL bad_path = False;
909 START_PROFILE(SMBgetatr);
911 p = smb_buf(inbuf) + 1;
912 p += srvstr_get_path(inbuf, fname, p, sizeof(fname), 0, STR_TERMINATE, &status);
913 if (!NT_STATUS_IS_OK(status)) {
914 END_PROFILE(SMBgetatr);
915 return ERROR_NT(status);
918 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
920 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
921 under WfWg - weird! */
923 mode = aHIDDEN | aDIR;
924 if (!CAN_WRITE(conn))
930 unix_convert(fname,conn,0,&bad_path,&sbuf);
932 END_PROFILE(SMBgetatr);
933 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
935 if (check_name(fname,conn)) {
936 if (VALID_STAT(sbuf) || SMB_VFS_STAT(conn,fname,&sbuf) == 0) {
937 mode = dos_mode(conn,fname,&sbuf);
939 mtime = sbuf.st_mtime;
944 DEBUG(3,("stat of %s failed (%s)\n",fname,strerror(errno)));
950 END_PROFILE(SMBgetatr);
951 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadfile);
954 outsize = set_message(outbuf,10,0,True);
956 SSVAL(outbuf,smb_vwv0,mode);
957 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
958 srv_put_dos_date3(outbuf,smb_vwv1,mtime & ~1);
960 srv_put_dos_date3(outbuf,smb_vwv1,mtime);
962 SIVAL(outbuf,smb_vwv3,(uint32)size);
964 if (Protocol >= PROTOCOL_NT1) {
965 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
968 DEBUG( 3, ( "getatr name=%s mode=%d size=%d\n", fname, mode, (uint32)size ) );
970 END_PROFILE(SMBgetatr);
974 /****************************************************************************
976 ****************************************************************************/
978 int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
985 SMB_STRUCT_STAT sbuf;
986 BOOL bad_path = False;
990 START_PROFILE(SMBsetatr);
992 p = smb_buf(inbuf) + 1;
993 p += srvstr_get_path(inbuf, fname, p, sizeof(fname), 0, STR_TERMINATE, &status);
994 if (!NT_STATUS_IS_OK(status)) {
995 END_PROFILE(SMBsetatr);
996 return ERROR_NT(status);
999 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1001 unix_convert(fname,conn,0,&bad_path,&sbuf);
1003 END_PROFILE(SMBsetatr);
1004 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1007 if (fname[0] == '.' && fname[1] == '\0') {
1009 * Not sure here is the right place to catch this
1010 * condition. Might be moved to somewhere else later -- vl
1012 END_PROFILE(SMBsetatr);
1013 return ERROR_NT(NT_STATUS_ACCESS_DENIED);
1016 mode = SVAL(inbuf,smb_vwv0);
1017 mtime = srv_make_unix_date3(inbuf+smb_vwv1);
1019 if (mode != FILE_ATTRIBUTE_NORMAL) {
1020 if (VALID_STAT_OF_DIR(sbuf))
1025 if (check_name(fname,conn)) {
1026 ok = (file_set_dosmode(conn,fname,mode,&sbuf,False) == 0);
1033 ok = set_filetime(conn,fname,mtime);
1036 END_PROFILE(SMBsetatr);
1037 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRnoaccess);
1040 outsize = set_message(outbuf,0,0,False);
1042 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1044 END_PROFILE(SMBsetatr);
1048 /****************************************************************************
1050 ****************************************************************************/
1052 int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1055 SMB_BIG_UINT dfree,dsize,bsize;
1056 START_PROFILE(SMBdskattr);
1058 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1059 END_PROFILE(SMBdskattr);
1060 return(UNIXERROR(ERRHRD,ERRgeneral));
1063 outsize = set_message(outbuf,5,0,True);
1065 if (Protocol <= PROTOCOL_LANMAN2) {
1066 double total_space, free_space;
1067 /* we need to scale this to a number that DOS6 can handle. We
1068 use floating point so we can handle large drives on systems
1069 that don't have 64 bit integers
1071 we end up displaying a maximum of 2G to DOS systems
1073 total_space = dsize * (double)bsize;
1074 free_space = dfree * (double)bsize;
1076 dsize = (total_space+63*512) / (64*512);
1077 dfree = (free_space+63*512) / (64*512);
1079 if (dsize > 0xFFFF) dsize = 0xFFFF;
1080 if (dfree > 0xFFFF) dfree = 0xFFFF;
1082 SSVAL(outbuf,smb_vwv0,dsize);
1083 SSVAL(outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1084 SSVAL(outbuf,smb_vwv2,512); /* and this must be 512 */
1085 SSVAL(outbuf,smb_vwv3,dfree);
1087 SSVAL(outbuf,smb_vwv0,dsize);
1088 SSVAL(outbuf,smb_vwv1,bsize/512);
1089 SSVAL(outbuf,smb_vwv2,512);
1090 SSVAL(outbuf,smb_vwv3,dfree);
1093 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1095 END_PROFILE(SMBdskattr);
1099 /****************************************************************************
1101 Can be called from SMBsearch, SMBffirst or SMBfunique.
1102 ****************************************************************************/
1104 int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1114 unsigned int numentries = 0;
1115 unsigned int maxentries = 0;
1116 BOOL finished = False;
1123 BOOL check_descend = False;
1124 BOOL expect_close = False;
1125 BOOL can_open = True;
1126 BOOL bad_path = False;
1128 BOOL mask_contains_wcard = False;
1129 BOOL allow_long_path_components = (SVAL(inbuf,smb_flg2) & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1131 START_PROFILE(SMBsearch);
1133 if (lp_posix_pathnames()) {
1134 END_PROFILE(SMBsearch);
1135 return reply_unknown(inbuf, outbuf);
1138 *mask = *directory = *fname = 0;
1140 /* If we were called as SMBffirst then we must expect close. */
1141 if(CVAL(inbuf,smb_com) == SMBffirst)
1142 expect_close = True;
1144 outsize = set_message(outbuf,1,3,True);
1145 maxentries = SVAL(inbuf,smb_vwv0);
1146 dirtype = SVAL(inbuf,smb_vwv1);
1147 p = smb_buf(inbuf) + 1;
1148 p += srvstr_get_path_wcard(inbuf, path, p, sizeof(path), 0, STR_TERMINATE, &nt_status, &mask_contains_wcard);
1149 if (!NT_STATUS_IS_OK(nt_status)) {
1150 END_PROFILE(SMBsearch);
1151 return ERROR_NT(nt_status);
1154 RESOLVE_DFSPATH_WCARD(path, conn, inbuf, outbuf);
1157 status_len = SVAL(p, 0);
1160 /* dirtype &= ~aDIR; */
1162 if (status_len == 0) {
1163 SMB_STRUCT_STAT sbuf;
1166 pstrcpy(directory,path);
1168 unix_convert(directory,conn,0,&bad_path,&sbuf);
1171 if (!check_name(directory,conn))
1174 p = strrchr_m(dir2,'/');
1183 p = strrchr_m(directory,'/');
1189 if (strlen(directory) == 0)
1190 pstrcpy(directory,".");
1191 memset((char *)status,'\0',21);
1192 SCVAL(status,0,(dirtype & 0x1F));
1196 memcpy(status,p,21);
1197 status_dirtype = CVAL(status,0) & 0x1F;
1198 if (status_dirtype != (dirtype & 0x1F))
1199 dirtype = status_dirtype;
1201 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1204 string_set(&conn->dirpath,dptr_path(dptr_num));
1205 pstrcpy(mask, dptr_wcard(dptr_num));
1209 p = smb_buf(outbuf) + 3;
1212 if (status_len == 0) {
1213 dptr_num = dptr_create(conn,directory,True,expect_close,SVAL(inbuf,smb_pid), mask, mask_contains_wcard, dirtype);
1215 if(dptr_num == -2) {
1216 END_PROFILE(SMBsearch);
1217 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRnofids);
1219 END_PROFILE(SMBsearch);
1220 return ERROR_DOS(ERRDOS,ERRnofids);
1223 dirtype = dptr_attr(dptr_num);
1226 DEBUG(4,("dptr_num is %d\n",dptr_num));
1229 if ((dirtype&0x1F) == aVOLID) {
1230 memcpy(p,status,21);
1231 make_dir_struct(p,"???????????",volume_label(SNUM(conn)),
1232 0,aVOLID,0,!allow_long_path_components);
1233 dptr_fill(p+12,dptr_num);
1234 if (dptr_zero(p+12) && (status_len==0))
1238 p += DIR_STRUCT_SIZE;
1241 maxentries = MIN(maxentries, ((BUFFER_SIZE - (p - outbuf))/DIR_STRUCT_SIZE));
1243 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1244 conn->dirpath,lp_dontdescend(SNUM(conn))));
1245 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True))
1246 check_descend = True;
1248 for (i=numentries;(i<maxentries) && !finished;i++) {
1249 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1251 memcpy(p,status,21);
1252 make_dir_struct(p,mask,fname,size, mode,date,
1253 !allow_long_path_components);
1254 if (!dptr_fill(p+12,dptr_num)) {
1258 p += DIR_STRUCT_SIZE;
1268 /* If we were called as SMBffirst with smb_search_id == NULL
1269 and no entries were found then return error and close dirptr
1272 if (numentries == 0 || !ok) {
1273 dptr_close(&dptr_num);
1274 } else if(ok && expect_close && status_len == 0) {
1275 /* Close the dptr - we know it's gone */
1276 dptr_close(&dptr_num);
1279 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1280 if(dptr_num >= 0 && CVAL(inbuf,smb_com) == SMBfunique) {
1281 dptr_close(&dptr_num);
1284 if ((numentries == 0) && !mask_contains_wcard) {
1285 return ERROR_BOTH(STATUS_NO_MORE_FILES,ERRDOS,ERRnofiles);
1288 SSVAL(outbuf,smb_vwv0,numentries);
1289 SSVAL(outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1290 SCVAL(smb_buf(outbuf),0,5);
1291 SSVAL(smb_buf(outbuf),1,numentries*DIR_STRUCT_SIZE);
1293 /* The replies here are never long name. */
1294 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1295 if (!allow_long_path_components) {
1296 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_LONG_PATH_COMPONENTS));
1299 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1300 SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1302 outsize += DIR_STRUCT_SIZE*numentries;
1303 smb_setlen(outbuf,outsize - 4);
1305 if ((! *directory) && dptr_path(dptr_num))
1306 slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
1308 DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1309 smb_fn_name(CVAL(inbuf,smb_com)),
1310 mask, directory, dirtype, numentries, maxentries ) );
1312 END_PROFILE(SMBsearch);
1316 /****************************************************************************
1317 Reply to a fclose (stop directory search).
1318 ****************************************************************************/
1320 int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1329 BOOL path_contains_wcard = False;
1331 START_PROFILE(SMBfclose);
1333 if (lp_posix_pathnames()) {
1334 END_PROFILE(SMBfclose);
1335 return reply_unknown(inbuf, outbuf);
1338 outsize = set_message(outbuf,1,0,True);
1339 p = smb_buf(inbuf) + 1;
1340 p += srvstr_get_path_wcard(inbuf, path, p, sizeof(path), 0, STR_TERMINATE, &err, &path_contains_wcard);
1341 if (!NT_STATUS_IS_OK(err)) {
1342 END_PROFILE(SMBfclose);
1343 return ERROR_NT(err);
1346 status_len = SVAL(p,0);
1349 if (status_len == 0) {
1350 END_PROFILE(SMBfclose);
1351 return ERROR_DOS(ERRSRV,ERRsrverror);
1354 memcpy(status,p,21);
1356 if(dptr_fetch(status+12,&dptr_num)) {
1357 /* Close the dptr - we know it's gone */
1358 dptr_close(&dptr_num);
1361 SSVAL(outbuf,smb_vwv0,0);
1363 DEBUG(3,("search close\n"));
1365 END_PROFILE(SMBfclose);
1369 /****************************************************************************
1371 ****************************************************************************/
1373 int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1381 SMB_STRUCT_STAT sbuf;
1382 BOOL bad_path = False;
1384 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1386 uint32 dos_attr = SVAL(inbuf,smb_vwv1);
1389 uint32 create_disposition;
1390 uint32 create_options = 0;
1392 START_PROFILE(SMBopen);
1394 deny_mode = SVAL(inbuf,smb_vwv0);
1396 srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), 0, STR_TERMINATE, &status);
1397 if (!NT_STATUS_IS_OK(status)) {
1398 END_PROFILE(SMBopen);
1399 return ERROR_NT(status);
1402 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1404 unix_convert(fname,conn,0,&bad_path,&sbuf);
1406 END_PROFILE(SMBopen);
1407 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1410 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1411 &access_mask, &share_mode, &create_disposition, &create_options)) {
1412 END_PROFILE(SMBopen);
1413 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1416 status = open_file_ntcreate(conn,fname,&sbuf,
1425 if (!NT_STATUS_IS_OK(status)) {
1426 END_PROFILE(SMBopen);
1427 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1428 /* We have re-scheduled this call. */
1431 return ERROR_NT(status);
1434 size = sbuf.st_size;
1435 fattr = dos_mode(conn,fname,&sbuf);
1436 mtime = sbuf.st_mtime;
1439 DEBUG(3,("attempt to open a directory %s\n",fname));
1440 close_file(fsp,ERROR_CLOSE);
1441 END_PROFILE(SMBopen);
1442 return ERROR_DOS(ERRDOS,ERRnoaccess);
1445 outsize = set_message(outbuf,7,0,True);
1446 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1447 SSVAL(outbuf,smb_vwv1,fattr);
1448 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1449 srv_put_dos_date3(outbuf,smb_vwv2,mtime & ~1);
1451 srv_put_dos_date3(outbuf,smb_vwv2,mtime);
1453 SIVAL(outbuf,smb_vwv4,(uint32)size);
1454 SSVAL(outbuf,smb_vwv6,deny_mode);
1456 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1457 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1460 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1461 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1463 END_PROFILE(SMBopen);
1467 /****************************************************************************
1468 Reply to an open and X.
1469 ****************************************************************************/
1471 int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1474 uint16 open_flags = SVAL(inbuf,smb_vwv2);
1475 int deny_mode = SVAL(inbuf,smb_vwv3);
1476 uint32 smb_attr = SVAL(inbuf,smb_vwv5);
1477 /* Breakout the oplock request bits so we can set the
1478 reply bits separately. */
1479 int ex_oplock_request = EXTENDED_OPLOCK_REQUEST(inbuf);
1480 int core_oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1481 int oplock_request = ex_oplock_request | core_oplock_request;
1483 int smb_sattr = SVAL(inbuf,smb_vwv4);
1484 uint32 smb_time = make_unix_date3(inbuf+smb_vwv6);
1486 int smb_ofun = SVAL(inbuf,smb_vwv8);
1489 SMB_STRUCT_STAT sbuf;
1491 BOOL bad_path = False;
1494 SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv9);
1495 ssize_t retval = -1;
1498 uint32 create_disposition;
1499 uint32 create_options = 0;
1501 START_PROFILE(SMBopenX);
1503 /* If it's an IPC, pass off the pipe handler. */
1505 if (lp_nt_pipe_support()) {
1506 END_PROFILE(SMBopenX);
1507 return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize);
1509 END_PROFILE(SMBopenX);
1510 return ERROR_DOS(ERRSRV,ERRaccess);
1514 /* XXXX we need to handle passed times, sattr and flags */
1515 srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, &status);
1516 if (!NT_STATUS_IS_OK(status)) {
1517 END_PROFILE(SMBopenX);
1518 return ERROR_NT(status);
1521 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1523 unix_convert(fname,conn,0,&bad_path,&sbuf);
1525 END_PROFILE(SMBopenX);
1526 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1529 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1532 &create_disposition,
1534 END_PROFILE(SMBopenX);
1535 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1538 status = open_file_ntcreate(conn,fname,&sbuf,
1547 if (!NT_STATUS_IS_OK(status)) {
1548 END_PROFILE(SMBopenX);
1549 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1550 /* We have re-scheduled this call. */
1553 return ERROR_NT(status);
1556 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1557 if the file is truncated or created. */
1558 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1559 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1560 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1561 close_file(fsp,ERROR_CLOSE);
1562 END_PROFILE(SMBopenX);
1563 return ERROR_NT(NT_STATUS_DISK_FULL);
1565 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1567 close_file(fsp,ERROR_CLOSE);
1568 END_PROFILE(SMBopenX);
1569 return ERROR_NT(NT_STATUS_DISK_FULL);
1571 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1574 fattr = dos_mode(conn,fname,&sbuf);
1575 mtime = sbuf.st_mtime;
1577 close_file(fsp,ERROR_CLOSE);
1578 END_PROFILE(SMBopenX);
1579 return ERROR_DOS(ERRDOS,ERRnoaccess);
1582 /* If the caller set the extended oplock request bit
1583 and we granted one (by whatever means) - set the
1584 correct bit for extended oplock reply.
1587 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1588 smb_action |= EXTENDED_OPLOCK_GRANTED;
1591 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1592 smb_action |= EXTENDED_OPLOCK_GRANTED;
1595 /* If the caller set the core oplock request bit
1596 and we granted one (by whatever means) - set the
1597 correct bit for core oplock reply.
1600 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1601 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1604 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1605 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1608 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1609 set_message(outbuf,19,0,True);
1611 set_message(outbuf,15,0,True);
1613 SSVAL(outbuf,smb_vwv2,fsp->fnum);
1614 SSVAL(outbuf,smb_vwv3,fattr);
1615 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1616 srv_put_dos_date3(outbuf,smb_vwv4,mtime & ~1);
1618 srv_put_dos_date3(outbuf,smb_vwv4,mtime);
1620 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
1621 SSVAL(outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1622 SSVAL(outbuf,smb_vwv11,smb_action);
1624 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1625 SIVAL(outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1628 END_PROFILE(SMBopenX);
1629 return chain_reply(inbuf,outbuf,length,bufsize);
1632 /****************************************************************************
1633 Reply to a SMBulogoffX.
1634 conn POINTER CAN BE NULL HERE !
1635 ****************************************************************************/
1637 int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1639 uint16 vuid = SVAL(inbuf,smb_uid);
1640 user_struct *vuser = get_valid_user_struct(vuid);
1641 START_PROFILE(SMBulogoffX);
1644 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n", vuid));
1646 /* in user level security we are supposed to close any files
1647 open by this user */
1648 if ((vuser != 0) && (lp_security() != SEC_SHARE))
1649 file_close_user(vuid);
1651 invalidate_vuid(vuid);
1653 set_message(outbuf,2,0,True);
1655 DEBUG( 3, ( "ulogoffX vuid=%d\n", vuid ) );
1657 END_PROFILE(SMBulogoffX);
1658 return chain_reply(inbuf,outbuf,length,bufsize);
1661 /****************************************************************************
1662 Reply to a mknew or a create.
1663 ****************************************************************************/
1665 int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1670 uint32 fattr = SVAL(inbuf,smb_vwv0);
1671 struct utimbuf times;
1672 BOOL bad_path = False;
1674 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1675 SMB_STRUCT_STAT sbuf;
1677 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1678 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1679 uint32 create_disposition;
1680 uint32 create_options = 0;
1682 START_PROFILE(SMBcreate);
1684 com = SVAL(inbuf,smb_com);
1686 times.modtime = srv_make_unix_date3(inbuf + smb_vwv1);
1688 srvstr_get_path(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), 0, STR_TERMINATE, &status);
1689 if (!NT_STATUS_IS_OK(status)) {
1690 END_PROFILE(SMBcreate);
1691 return ERROR_NT(status);
1694 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1696 unix_convert(fname,conn,0,&bad_path,&sbuf);
1698 END_PROFILE(SMBcreate);
1699 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1702 if (fattr & aVOLID) {
1703 DEBUG(0,("Attempt to create file (%s) with volid set - please report this\n",fname));
1706 if(com == SMBmknew) {
1707 /* We should fail if file exists. */
1708 create_disposition = FILE_CREATE;
1710 /* Create if file doesn't exist, truncate if it does. */
1711 create_disposition = FILE_OVERWRITE_IF;
1714 /* Open file using ntcreate. */
1715 status = open_file_ntcreate(conn,fname,&sbuf,
1724 if (!NT_STATUS_IS_OK(status)) {
1725 END_PROFILE(SMBcreate);
1726 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1727 /* We have re-scheduled this call. */
1730 return ERROR_NT(status);
1733 times.actime = sbuf.st_atime;
1734 file_utime(conn, fname, ×);
1736 outsize = set_message(outbuf,1,0,True);
1737 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1739 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1740 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1743 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1744 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1747 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1748 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n", fname, fsp->fh->fd, (unsigned int)fattr ) );
1750 END_PROFILE(SMBcreate);
1754 /****************************************************************************
1755 Reply to a create temporary file.
1756 ****************************************************************************/
1758 int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1762 uint32 fattr = SVAL(inbuf,smb_vwv0);
1763 BOOL bad_path = False;
1765 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1767 SMB_STRUCT_STAT sbuf;
1770 unsigned int namelen;
1772 START_PROFILE(SMBctemp);
1774 srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), 0, STR_TERMINATE, &status);
1775 if (!NT_STATUS_IS_OK(status)) {
1776 END_PROFILE(SMBctemp);
1777 return ERROR_NT(status);
1780 pstrcat(fname,"/TMXXXXXX");
1782 pstrcat(fname,"TMXXXXXX");
1785 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1787 unix_convert(fname,conn,0,&bad_path,&sbuf);
1789 END_PROFILE(SMBctemp);
1790 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1793 tmpfd = smb_mkstemp(fname);
1795 END_PROFILE(SMBctemp);
1796 return(UNIXERROR(ERRDOS,ERRnoaccess));
1799 SMB_VFS_STAT(conn,fname,&sbuf);
1801 /* We should fail if file does not exist. */
1802 status = open_file_ntcreate(conn,fname,&sbuf,
1803 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
1804 FILE_SHARE_READ|FILE_SHARE_WRITE,
1811 /* close fd from smb_mkstemp() */
1814 if (!NT_STATUS_IS_OK(status)) {
1815 END_PROFILE(SMBctemp);
1816 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1817 /* We have re-scheduled this call. */
1820 return ERROR_NT(status);
1823 outsize = set_message(outbuf,1,0,True);
1824 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1826 /* the returned filename is relative to the directory */
1827 s = strrchr_m(fname, '/');
1834 p = smb_buf(outbuf);
1836 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
1837 thing in the byte section. JRA */
1838 SSVALS(p, 0, -1); /* what is this? not in spec */
1840 namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);
1842 outsize = set_message_end(outbuf, p);
1844 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1845 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1848 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1849 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1852 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
1853 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
1854 (unsigned int)sbuf.st_mode ) );
1856 END_PROFILE(SMBctemp);
1860 /*******************************************************************
1861 Check if a user is allowed to rename a file.
1862 ********************************************************************/
1864 static NTSTATUS can_rename(connection_struct *conn, char *fname, uint16 dirtype, SMB_STRUCT_STAT *pst)
1870 if (!CAN_WRITE(conn)) {
1871 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1874 fmode = dos_mode(conn,fname,pst);
1875 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
1876 return NT_STATUS_NO_SUCH_FILE;
1879 if (S_ISDIR(pst->st_mode)) {
1880 return NT_STATUS_OK;
1883 status = open_file_ntcreate(conn, fname, pst,
1885 FILE_SHARE_READ|FILE_SHARE_WRITE,
1888 FILE_ATTRIBUTE_NORMAL,
1892 if (!NT_STATUS_IS_OK(status)) {
1895 close_file(fsp,NORMAL_CLOSE);
1896 return NT_STATUS_OK;
1899 /*******************************************************************
1900 Check if a user is allowed to delete a file.
1901 ********************************************************************/
1903 static NTSTATUS can_delete(connection_struct *conn, char *fname,
1904 uint32 dirtype, BOOL bad_path)
1906 SMB_STRUCT_STAT sbuf;
1911 DEBUG(10,("can_delete: %s, dirtype = %d\n", fname, dirtype ));
1913 if (!CAN_WRITE(conn)) {
1914 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1917 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
1918 if(errno == ENOENT) {
1920 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1922 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1925 return map_nt_error_from_unix(errno);
1928 fattr = dos_mode(conn,fname,&sbuf);
1930 /* Can't delete a directory. */
1932 return NT_STATUS_FILE_IS_A_DIRECTORY;
1936 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
1937 return NT_STATUS_OBJECT_NAME_INVALID;
1938 #endif /* JRATEST */
1940 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
1942 On a Windows share, a file with read-only dosmode can be opened with
1943 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
1944 fails with NT_STATUS_CANNOT_DELETE error.
1946 This semantic causes a problem that a user can not
1947 rename a file with read-only dosmode on a Samba share
1948 from a Windows command prompt (i.e. cmd.exe, but can rename
1949 from Windows Explorer).
1952 if (!lp_delete_readonly(SNUM(conn))) {
1953 if (fattr & aRONLY) {
1954 return NT_STATUS_CANNOT_DELETE;
1957 if ((fattr & ~dirtype) & (aHIDDEN | aSYSTEM)) {
1958 return NT_STATUS_NO_SUCH_FILE;
1961 /* On open checks the open itself will check the share mode, so
1962 don't do it here as we'll get it wrong. */
1964 status = open_file_ntcreate(conn, fname, &sbuf,
1969 FILE_ATTRIBUTE_NORMAL,
1973 if (NT_STATUS_IS_OK(status)) {
1974 close_file(fsp,NORMAL_CLOSE);
1979 /****************************************************************************
1980 The guts of the unlink command, split out so it may be called by the NT SMB
1982 ****************************************************************************/
1984 NTSTATUS unlink_internals(connection_struct *conn, uint32 dirtype, char *name, BOOL has_wild)
1990 NTSTATUS error = NT_STATUS_OK;
1991 BOOL bad_path = False;
1993 SMB_STRUCT_STAT sbuf;
1995 *directory = *mask = 0;
1997 rc = unix_convert(name,conn,0,&bad_path,&sbuf);
1999 p = strrchr_m(name,'/');
2001 pstrcpy(directory,".");
2005 pstrcpy(directory,name);
2010 * We should only check the mangled cache
2011 * here if unix_convert failed. This means
2012 * that the path in 'mask' doesn't exist
2013 * on the file system and so we need to look
2014 * for a possible mangle. This patch from
2015 * Tine Smukavec <valentin.smukavec@hermes.si>.
2018 if (!rc && mangle_is_mangled(mask,conn->params))
2019 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
2022 pstrcat(directory,"/");
2023 pstrcat(directory,mask);
2024 error = can_delete(conn,directory,dirtype,bad_path);
2025 if (!NT_STATUS_IS_OK(error))
2028 if (SMB_VFS_UNLINK(conn,directory) == 0) {
2032 struct smb_Dir *dir_hnd = NULL;
2035 if (strequal(mask,"????????.???"))
2038 if (check_name(directory,conn))
2039 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2041 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2042 the pattern matches against the long name, otherwise the short name
2043 We don't implement this yet XXXX
2048 error = NT_STATUS_NO_SUCH_FILE;
2050 while ((dname = ReadDirName(dir_hnd, &offset))) {
2053 BOOL sys_direntry = False;
2054 pstrcpy(fname,dname);
2056 if (!is_visible_file(conn, directory, dname, &st, True)) {
2060 /* Quick check for "." and ".." */
2061 if (fname[0] == '.') {
2062 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2063 if (dirtype & FILE_ATTRIBUTE_DIRECTORY) {
2064 sys_direntry = True;
2071 if(!mask_match(fname, mask, conn->case_sensitive))
2075 error = NT_STATUS_OBJECT_NAME_INVALID;
2076 DEBUG(3,("unlink_internals: system directory delete denied [%s] mask [%s]\n",
2081 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2082 error = can_delete(conn, fname, dirtype,
2084 if (!NT_STATUS_IS_OK(error)) {
2087 if (SMB_VFS_UNLINK(conn,fname) == 0)
2089 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",fname));
2095 if (count == 0 && NT_STATUS_IS_OK(error)) {
2096 error = map_nt_error_from_unix(errno);
2102 /****************************************************************************
2104 ****************************************************************************/
2106 int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
2113 BOOL path_contains_wcard = False;
2115 START_PROFILE(SMBunlink);
2117 dirtype = SVAL(inbuf,smb_vwv0);
2119 srvstr_get_path_wcard(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status, &path_contains_wcard);
2120 if (!NT_STATUS_IS_OK(status)) {
2121 END_PROFILE(SMBunlink);
2122 return ERROR_NT(status);
2125 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
2127 DEBUG(3,("reply_unlink : %s\n",name));
2129 status = unlink_internals(conn, dirtype, name, path_contains_wcard);
2130 if (!NT_STATUS_IS_OK(status)) {
2131 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
2132 /* We have re-scheduled this call. */
2135 return ERROR_NT(status);
2139 * Win2k needs a changenotify request response before it will
2140 * update after a rename..
2142 process_pending_change_notify_queue((time_t)0);
2144 outsize = set_message(outbuf,0,0,False);
2146 END_PROFILE(SMBunlink);
2150 /****************************************************************************
2152 ****************************************************************************/
2154 static void fail_readraw(void)
2157 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2159 exit_server_cleanly(errstr);
2162 #if defined(WITH_SENDFILE)
2163 /****************************************************************************
2164 Fake (read/write) sendfile. Returns -1 on read or write fail.
2165 ****************************************************************************/
2167 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos, size_t nread, char *buf, int bufsize)
2171 /* Paranioa check... */
2172 if (nread > bufsize) {
2177 ret = read_file(fsp,buf,startpos,nread);
2183 /* If we had a short read, fill with zeros. */
2185 memset(buf, '\0', nread - ret);
2188 if (write_data(smbd_server_fd(),buf,nread) != nread) {
2192 return (ssize_t)nread;
2196 /****************************************************************************
2197 Use sendfile in readbraw.
2198 ****************************************************************************/
2200 void send_file_readbraw(connection_struct *conn, files_struct *fsp, SMB_OFF_T startpos, size_t nread,
2201 ssize_t mincount, char *outbuf, int out_buffsize)
2205 #if defined(WITH_SENDFILE)
2207 * We can only use sendfile on a non-chained packet
2208 * but we can use on a non-oplocked file. tridge proved this
2209 * on a train in Germany :-). JRA.
2210 * reply_readbraw has already checked the length.
2213 if ( (chain_size == 0) && (nread > 0) &&
2214 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2217 _smb_setlen(outbuf,nread);
2218 header.data = (uint8 *)outbuf;
2222 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, nread) == -1) {
2223 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2224 if (errno == ENOSYS) {
2225 goto normal_readbraw;
2229 * Special hack for broken Linux with no working sendfile. If we
2230 * return EINTR we sent the header but not the rest of the data.
2231 * Fake this up by doing read/write calls.
2233 if (errno == EINTR) {
2234 /* Ensure we don't do this again. */
2235 set_use_sendfile(SNUM(conn), False);
2236 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2238 if (fake_sendfile(fsp, startpos, nread, outbuf + 4, out_buffsize - 4) == -1) {
2239 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2240 fsp->fsp_name, strerror(errno) ));
2241 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2246 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2247 fsp->fsp_name, strerror(errno) ));
2248 exit_server_cleanly("send_file_readbraw sendfile failed");
2258 ret = read_file(fsp,outbuf+4,startpos,nread);
2259 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2268 _smb_setlen(outbuf,ret);
2269 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2273 /****************************************************************************
2274 Reply to a readbraw (core+ protocol).
2275 ****************************************************************************/
2277 int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int out_buffsize)
2279 ssize_t maxcount,mincount;
2282 char *header = outbuf;
2284 START_PROFILE(SMBreadbraw);
2286 if (srv_is_signing_active()) {
2287 exit_server_cleanly("reply_readbraw: SMB signing is active - raw reads/writes are disallowed.");
2291 * Special check if an oplock break has been issued
2292 * and the readraw request croses on the wire, we must
2293 * return a zero length response here.
2296 fsp = file_fsp(inbuf,smb_vwv0);
2298 if (!FNUM_OK(fsp,conn) || !fsp->can_read) {
2300 * fsp could be NULL here so use the value from the packet. JRA.
2302 DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",(int)SVAL(inbuf,smb_vwv0)));
2303 _smb_setlen(header,0);
2304 if (write_data(smbd_server_fd(),header,4) != 4)
2306 END_PROFILE(SMBreadbraw);
2310 CHECK_FSP(fsp,conn);
2312 flush_write_cache(fsp, READRAW_FLUSH);
2314 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
2315 if(CVAL(inbuf,smb_wct) == 10) {
2317 * This is a large offset (64 bit) read.
2319 #ifdef LARGE_SMB_OFF_T
2321 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv8)) << 32);
2323 #else /* !LARGE_SMB_OFF_T */
2326 * Ensure we haven't been sent a >32 bit offset.
2329 if(IVAL(inbuf,smb_vwv8) != 0) {
2330 DEBUG(0,("readbraw - large offset (%x << 32) used and we don't support \
2331 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv8) ));
2332 _smb_setlen(header,0);
2333 if (write_data(smbd_server_fd(),header,4) != 4)
2335 END_PROFILE(SMBreadbraw);
2339 #endif /* LARGE_SMB_OFF_T */
2342 DEBUG(0,("readbraw - negative 64 bit readraw offset (%.0f) !\n", (double)startpos ));
2343 _smb_setlen(header,0);
2344 if (write_data(smbd_server_fd(),header,4) != 4)
2346 END_PROFILE(SMBreadbraw);
2350 maxcount = (SVAL(inbuf,smb_vwv3) & 0xFFFF);
2351 mincount = (SVAL(inbuf,smb_vwv4) & 0xFFFF);
2353 /* ensure we don't overrun the packet size */
2354 maxcount = MIN(65535,maxcount);
2356 if (!is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2360 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2364 if (startpos >= size) {
2367 nread = MIN(maxcount,(size - startpos));
2371 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2372 if (nread < mincount)
2376 DEBUG( 3, ( "readbraw fnum=%d start=%.0f max=%lu min=%lu nread=%lu\n", fsp->fnum, (double)startpos,
2377 (unsigned long)maxcount, (unsigned long)mincount, (unsigned long)nread ) );
2379 send_file_readbraw(conn, fsp, startpos, nread, mincount, outbuf, out_buffsize);
2381 DEBUG(5,("readbraw finished\n"));
2382 END_PROFILE(SMBreadbraw);
2387 #define DBGC_CLASS DBGC_LOCKING
2389 /****************************************************************************
2390 Reply to a lockread (core+ protocol).
2391 ****************************************************************************/
2393 int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz)
2401 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2402 struct byte_range_lock *br_lck = NULL;
2403 START_PROFILE(SMBlockread);
2405 CHECK_FSP(fsp,conn);
2406 if (!CHECK_READ(fsp,inbuf)) {
2407 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2410 release_level_2_oplocks_on_change(fsp);
2412 numtoread = SVAL(inbuf,smb_vwv1);
2413 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2415 outsize = set_message(outbuf,5,3,True);
2416 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2417 data = smb_buf(outbuf) + 3;
2420 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2421 * protocol request that predates the read/write lock concept.
2422 * Thus instead of asking for a read lock here we need to ask
2423 * for a write lock. JRA.
2424 * Note that the requested lock size is unaffected by max_recv.
2427 br_lck = do_lock(fsp,
2428 (uint32)SVAL(inbuf,smb_pid),
2429 (SMB_BIG_UINT)numtoread,
2430 (SMB_BIG_UINT)startpos,
2433 False, /* Non-blocking lock. */
2435 TALLOC_FREE(br_lck);
2437 if (NT_STATUS_V(status)) {
2438 END_PROFILE(SMBlockread);
2439 return ERROR_NT(status);
2443 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2446 if (numtoread > max_recv) {
2447 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2448 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2449 (unsigned int)numtoread, (unsigned int)max_recv ));
2450 numtoread = MIN(numtoread,max_recv);
2452 nread = read_file(fsp,data,startpos,numtoread);
2455 END_PROFILE(SMBlockread);
2456 return(UNIXERROR(ERRDOS,ERRnoaccess));
2460 SSVAL(outbuf,smb_vwv0,nread);
2461 SSVAL(outbuf,smb_vwv5,nread+3);
2462 SSVAL(smb_buf(outbuf),1,nread);
2464 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2465 fsp->fnum, (int)numtoread, (int)nread));
2467 END_PROFILE(SMBlockread);
2472 #define DBGC_CLASS DBGC_ALL
2474 /****************************************************************************
2476 ****************************************************************************/
2478 int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2485 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2486 START_PROFILE(SMBread);
2488 CHECK_FSP(fsp,conn);
2489 if (!CHECK_READ(fsp,inbuf)) {
2490 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2493 numtoread = SVAL(inbuf,smb_vwv1);
2494 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2496 outsize = set_message(outbuf,5,3,True);
2497 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2499 * The requested read size cannot be greater than max_recv. JRA.
2501 if (numtoread > max_recv) {
2502 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
2503 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2504 (unsigned int)numtoread, (unsigned int)max_recv ));
2505 numtoread = MIN(numtoread,max_recv);
2508 data = smb_buf(outbuf) + 3;
2510 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2511 END_PROFILE(SMBread);
2512 return ERROR_DOS(ERRDOS,ERRlock);
2516 nread = read_file(fsp,data,startpos,numtoread);
2519 END_PROFILE(SMBread);
2520 return(UNIXERROR(ERRDOS,ERRnoaccess));
2524 SSVAL(outbuf,smb_vwv0,nread);
2525 SSVAL(outbuf,smb_vwv5,nread+3);
2526 SCVAL(smb_buf(outbuf),0,1);
2527 SSVAL(smb_buf(outbuf),1,nread);
2529 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
2530 fsp->fnum, (int)numtoread, (int)nread ) );
2532 END_PROFILE(SMBread);
2536 /****************************************************************************
2537 Reply to a read and X - possibly using sendfile.
2538 ****************************************************************************/
2540 int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length, int len_outbuf,
2541 files_struct *fsp, SMB_OFF_T startpos, size_t smb_maxcnt)
2545 char *data = smb_buf(outbuf);
2547 #if defined(WITH_SENDFILE)
2549 * We can only use sendfile on a non-chained packet
2550 * but we can use on a non-oplocked file. tridge proved this
2551 * on a train in Germany :-). JRA.
2554 if ((chain_size == 0) && (CVAL(inbuf,smb_vwv0) == 0xFF) &&
2555 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
2556 SMB_STRUCT_STAT sbuf;
2559 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1)
2560 return(UNIXERROR(ERRDOS,ERRnoaccess));
2562 if (startpos > sbuf.st_size)
2565 if (smb_maxcnt > (sbuf.st_size - startpos))
2566 smb_maxcnt = (sbuf.st_size - startpos);
2568 if (smb_maxcnt == 0)
2572 * Set up the packet header before send. We
2573 * assume here the sendfile will work (get the
2574 * correct amount of data).
2577 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2578 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
2579 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2580 SSVAL(outbuf,smb_vwv7,((smb_maxcnt >> 16) & 1));
2581 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
2582 SCVAL(outbuf,smb_vwv0,0xFF);
2583 set_message(outbuf,12,smb_maxcnt,False);
2584 header.data = (uint8 *)outbuf;
2585 header.length = data - outbuf;
2588 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
2589 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2590 if (errno == ENOSYS) {
2595 * Special hack for broken Linux with no working sendfile. If we
2596 * return EINTR we sent the header but not the rest of the data.
2597 * Fake this up by doing read/write calls.
2600 if (errno == EINTR) {
2601 /* Ensure we don't do this again. */
2602 set_use_sendfile(SNUM(conn), False);
2603 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
2605 if ((nread = fake_sendfile(fsp, startpos, smb_maxcnt, data,
2606 len_outbuf - (data-outbuf))) == -1) {
2607 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
2608 fsp->fsp_name, strerror(errno) ));
2609 exit_server_cleanly("send_file_readX: fake_sendfile failed");
2611 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
2612 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2613 /* Returning -1 here means successful sendfile. */
2617 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
2618 fsp->fsp_name, strerror(errno) ));
2619 exit_server_cleanly("send_file_readX sendfile failed");
2622 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
2623 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2624 /* Returning -1 here means successful sendfile. */
2632 nread = read_file(fsp,data,startpos,smb_maxcnt);
2635 return(UNIXERROR(ERRDOS,ERRnoaccess));
2638 outsize = set_message(outbuf,12,nread,False);
2639 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2640 SSVAL(outbuf,smb_vwv5,nread);
2641 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2642 SSVAL(outbuf,smb_vwv7,((nread >> 16) & 1));
2643 SSVAL(smb_buf(outbuf),-2,nread);
2645 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
2646 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2648 /* Returning the number of bytes we want to send back - including header. */
2652 /****************************************************************************
2653 Reply to a read and X.
2654 ****************************************************************************/
2656 int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
2658 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
2659 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2661 size_t smb_maxcnt = SVAL(inbuf,smb_vwv5);
2663 size_t smb_mincnt = SVAL(inbuf,smb_vwv6);
2666 START_PROFILE(SMBreadX);
2668 /* If it's an IPC, pass off the pipe handler. */
2670 END_PROFILE(SMBreadX);
2671 return reply_pipe_read_and_X(inbuf,outbuf,length,bufsize);
2674 CHECK_FSP(fsp,conn);
2675 if (!CHECK_READ(fsp,inbuf)) {
2676 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2679 set_message(outbuf,12,0,True);
2681 if (global_client_caps & CAP_LARGE_READX) {
2682 if (SVAL(inbuf,smb_vwv7) == 1) {
2683 smb_maxcnt |= (1<<16);
2685 if (smb_maxcnt > BUFFER_SIZE) {
2686 DEBUG(0,("reply_read_and_X - read too large (%u) for reply buffer %u\n",
2687 (unsigned int)smb_maxcnt, (unsigned int)BUFFER_SIZE));
2688 END_PROFILE(SMBreadX);
2689 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
2693 if(CVAL(inbuf,smb_wct) == 12) {
2694 #ifdef LARGE_SMB_OFF_T
2696 * This is a large offset (64 bit) read.
2698 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv10)) << 32);
2700 #else /* !LARGE_SMB_OFF_T */
2703 * Ensure we haven't been sent a >32 bit offset.
2706 if(IVAL(inbuf,smb_vwv10) != 0) {
2707 DEBUG(0,("reply_read_and_X - large offset (%x << 32) used and we don't support \
2708 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv10) ));
2709 END_PROFILE(SMBreadX);
2710 return ERROR_DOS(ERRDOS,ERRbadaccess);
2713 #endif /* LARGE_SMB_OFF_T */
2717 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)smb_maxcnt,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2718 END_PROFILE(SMBreadX);
2719 return ERROR_DOS(ERRDOS,ERRlock);
2722 if (schedule_aio_read_and_X(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt)) {
2723 END_PROFILE(SMBreadX);
2727 nread = send_file_readX(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt);
2729 nread = chain_reply(inbuf,outbuf,length,bufsize);
2731 END_PROFILE(SMBreadX);
2735 /****************************************************************************
2736 Reply to a writebraw (core+ or LANMAN1.0 protocol).
2737 ****************************************************************************/
2739 int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2742 ssize_t total_written=0;
2743 size_t numtowrite=0;
2748 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2750 START_PROFILE(SMBwritebraw);
2752 if (srv_is_signing_active()) {
2753 exit_server_cleanly("reply_writebraw: SMB signing is active - raw reads/writes are disallowed.");
2756 CHECK_FSP(fsp,conn);
2757 if (!CHECK_WRITE(fsp)) {
2758 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2761 tcount = IVAL(inbuf,smb_vwv1);
2762 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2763 write_through = BITSETW(inbuf+smb_vwv7,0);
2765 /* We have to deal with slightly different formats depending
2766 on whether we are using the core+ or lanman1.0 protocol */
2768 if(Protocol <= PROTOCOL_COREPLUS) {
2769 numtowrite = SVAL(smb_buf(inbuf),-2);
2770 data = smb_buf(inbuf);
2772 numtowrite = SVAL(inbuf,smb_vwv10);
2773 data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
2776 /* force the error type */
2777 SCVAL(inbuf,smb_com,SMBwritec);
2778 SCVAL(outbuf,smb_com,SMBwritec);
2780 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2781 END_PROFILE(SMBwritebraw);
2782 return(ERROR_DOS(ERRDOS,ERRlock));
2786 nwritten = write_file(fsp,data,startpos,numtowrite);
2788 DEBUG(3,("writebraw1 fnum=%d start=%.0f num=%d wrote=%d sync=%d\n",
2789 fsp->fnum, (double)startpos, (int)numtowrite, (int)nwritten, (int)write_through));
2791 if (nwritten < (ssize_t)numtowrite) {
2792 END_PROFILE(SMBwritebraw);
2793 return(UNIXERROR(ERRHRD,ERRdiskfull));
2796 total_written = nwritten;
2798 /* Return a message to the redirector to tell it to send more bytes */
2799 SCVAL(outbuf,smb_com,SMBwritebraw);
2800 SSVALS(outbuf,smb_vwv0,-1);
2801 outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
2803 if (!send_smb(smbd_server_fd(),outbuf))
2804 exit_server_cleanly("reply_writebraw: send_smb failed.");
2806 /* Now read the raw data into the buffer and write it */
2807 if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
2808 exit_server_cleanly("secondary writebraw failed");
2811 /* Even though this is not an smb message, smb_len returns the generic length of an smb message */
2812 numtowrite = smb_len(inbuf);
2814 /* Set up outbuf to return the correct return */
2815 outsize = set_message(outbuf,1,0,True);
2816 SCVAL(outbuf,smb_com,SMBwritec);
2818 if (numtowrite != 0) {
2820 if (numtowrite > BUFFER_SIZE) {
2821 DEBUG(0,("reply_writebraw: Oversize secondary write raw requested (%u). Terminating\n",
2822 (unsigned int)numtowrite ));
2823 exit_server_cleanly("secondary writebraw failed");
2826 if (tcount > nwritten+numtowrite) {
2827 DEBUG(3,("Client overestimated the write %d %d %d\n",
2828 (int)tcount,(int)nwritten,(int)numtowrite));
2831 if (read_data( smbd_server_fd(), inbuf+4, numtowrite) != numtowrite ) {
2832 DEBUG(0,("reply_writebraw: Oversize secondary write raw read failed (%s). Terminating\n",
2834 exit_server_cleanly("secondary writebraw failed");
2837 nwritten = write_file(fsp,inbuf+4,startpos+nwritten,numtowrite);
2838 if (nwritten == -1) {
2839 END_PROFILE(SMBwritebraw);
2840 return(UNIXERROR(ERRHRD,ERRdiskfull));
2843 if (nwritten < (ssize_t)numtowrite) {
2844 SCVAL(outbuf,smb_rcls,ERRHRD);
2845 SSVAL(outbuf,smb_err,ERRdiskfull);
2849 total_written += nwritten;
2852 SSVAL(outbuf,smb_vwv0,total_written);
2854 sync_file(conn, fsp, write_through);
2856 DEBUG(3,("writebraw2 fnum=%d start=%.0f num=%d wrote=%d\n",
2857 fsp->fnum, (double)startpos, (int)numtowrite,(int)total_written));
2859 /* we won't return a status if write through is not selected - this follows what WfWg does */
2860 END_PROFILE(SMBwritebraw);
2861 if (!write_through && total_written==tcount) {
2863 #if RABBIT_PELLET_FIX
2865 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
2866 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
2868 if (!send_keepalive(smbd_server_fd()))
2869 exit_server_cleanly("reply_writebraw: send of keepalive failed");
2878 #define DBGC_CLASS DBGC_LOCKING
2880 /****************************************************************************
2881 Reply to a writeunlock (core+).
2882 ****************************************************************************/
2884 int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf,
2885 int size, int dum_buffsize)
2887 ssize_t nwritten = -1;
2891 NTSTATUS status = NT_STATUS_OK;
2892 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2894 START_PROFILE(SMBwriteunlock);
2896 CHECK_FSP(fsp,conn);
2897 if (!CHECK_WRITE(fsp)) {
2898 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2901 numtowrite = SVAL(inbuf,smb_vwv1);
2902 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2903 data = smb_buf(inbuf) + 3;
2905 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2906 END_PROFILE(SMBwriteunlock);
2907 return ERROR_DOS(ERRDOS,ERRlock);
2910 /* The special X/Open SMB protocol handling of
2911 zero length writes is *NOT* done for
2913 if(numtowrite == 0) {
2916 nwritten = write_file(fsp,data,startpos,numtowrite);
2919 sync_file(conn, fsp, False /* write through */);
2921 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
2922 END_PROFILE(SMBwriteunlock);
2923 return(UNIXERROR(ERRHRD,ERRdiskfull));
2927 status = do_unlock(fsp,
2928 (uint32)SVAL(inbuf,smb_pid),
2929 (SMB_BIG_UINT)numtowrite,
2930 (SMB_BIG_UINT)startpos,
2933 if (NT_STATUS_V(status)) {
2934 END_PROFILE(SMBwriteunlock);
2935 return ERROR_NT(status);
2939 outsize = set_message(outbuf,1,0,True);
2941 SSVAL(outbuf,smb_vwv0,nwritten);
2943 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
2944 fsp->fnum, (int)numtowrite, (int)nwritten));
2946 END_PROFILE(SMBwriteunlock);
2951 #define DBGC_CLASS DBGC_ALL
2953 /****************************************************************************
2955 ****************************************************************************/
2957 int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int dum_buffsize)
2960 ssize_t nwritten = -1;
2963 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2965 START_PROFILE(SMBwrite);
2967 /* If it's an IPC, pass off the pipe handler. */
2969 END_PROFILE(SMBwrite);
2970 return reply_pipe_write(inbuf,outbuf,size,dum_buffsize);
2973 CHECK_FSP(fsp,conn);
2974 if (!CHECK_WRITE(fsp)) {
2975 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2978 numtowrite = SVAL(inbuf,smb_vwv1);
2979 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2980 data = smb_buf(inbuf) + 3;
2982 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2983 END_PROFILE(SMBwrite);
2984 return ERROR_DOS(ERRDOS,ERRlock);
2988 * X/Open SMB protocol says that if smb_vwv1 is
2989 * zero then the file size should be extended or
2990 * truncated to the size given in smb_vwv[2-3].
2993 if(numtowrite == 0) {
2995 * This is actually an allocate call, and set EOF. JRA.
2997 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
2999 END_PROFILE(SMBwrite);
3000 return ERROR_NT(NT_STATUS_DISK_FULL);
3002 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3004 END_PROFILE(SMBwrite);
3005 return ERROR_NT(NT_STATUS_DISK_FULL);
3008 nwritten = write_file(fsp,data,startpos,numtowrite);
3010 sync_file(conn, fsp, False);
3012 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3013 END_PROFILE(SMBwrite);
3014 return(UNIXERROR(ERRHRD,ERRdiskfull));
3017 outsize = set_message(outbuf,1,0,True);
3019 SSVAL(outbuf,smb_vwv0,nwritten);
3021 if (nwritten < (ssize_t)numtowrite) {
3022 SCVAL(outbuf,smb_rcls,ERRHRD);
3023 SSVAL(outbuf,smb_err,ERRdiskfull);
3026 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3028 END_PROFILE(SMBwrite);
3032 /****************************************************************************
3033 Reply to a write and X.
3034 ****************************************************************************/
3036 int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
3038 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
3039 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
3040 size_t numtowrite = SVAL(inbuf,smb_vwv10);
3041 BOOL write_through = BITSETW(inbuf+smb_vwv7,0);
3042 ssize_t nwritten = -1;
3043 unsigned int smb_doff = SVAL(inbuf,smb_vwv11);
3044 unsigned int smblen = smb_len(inbuf);
3046 BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
3047 START_PROFILE(SMBwriteX);
3049 /* If it's an IPC, pass off the pipe handler. */
3051 END_PROFILE(SMBwriteX);
3052 return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize);
3055 CHECK_FSP(fsp,conn);
3056 if (!CHECK_WRITE(fsp)) {
3057 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3060 set_message(outbuf,6,0,True);
3062 /* Deal with possible LARGE_WRITEX */
3064 numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
3067 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3068 END_PROFILE(SMBwriteX);
3069 return ERROR_DOS(ERRDOS,ERRbadmem);
3072 data = smb_base(inbuf) + smb_doff;
3074 if(CVAL(inbuf,smb_wct) == 14) {
3075 #ifdef LARGE_SMB_OFF_T
3077 * This is a large offset (64 bit) write.
3079 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv12)) << 32);
3081 #else /* !LARGE_SMB_OFF_T */
3084 * Ensure we haven't been sent a >32 bit offset.
3087 if(IVAL(inbuf,smb_vwv12) != 0) {
3088 DEBUG(0,("reply_write_and_X - large offset (%x << 32) used and we don't support \
3089 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv12) ));
3090 END_PROFILE(SMBwriteX);
3091 return ERROR_DOS(ERRDOS,ERRbadaccess);
3094 #endif /* LARGE_SMB_OFF_T */
3097 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3098 END_PROFILE(SMBwriteX);
3099 return ERROR_DOS(ERRDOS,ERRlock);
3102 /* X/Open SMB protocol says that, unlike SMBwrite
3103 if the length is zero then NO truncation is
3104 done, just a write of zero. To truncate a file,
3107 if(numtowrite == 0) {
3111 if (schedule_aio_write_and_X(conn, inbuf, outbuf, length, bufsize,
3112 fsp,data,startpos,numtowrite)) {
3113 END_PROFILE(SMBwriteX);
3117 nwritten = write_file(fsp,data,startpos,numtowrite);
3120 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3121 END_PROFILE(SMBwriteX);
3122 return(UNIXERROR(ERRHRD,ERRdiskfull));
3125 SSVAL(outbuf,smb_vwv2,nwritten);
3127 SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1);
3129 if (nwritten < (ssize_t)numtowrite) {
3130 SCVAL(outbuf,smb_rcls,ERRHRD);
3131 SSVAL(outbuf,smb_err,ERRdiskfull);
3134 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3135 fsp->fnum, (int)numtowrite, (int)nwritten));
3137 sync_file(conn, fsp, write_through);
3139 END_PROFILE(SMBwriteX);
3140 return chain_reply(inbuf,outbuf,length,bufsize);
3143 /****************************************************************************
3145 ****************************************************************************/
3147 int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3153 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3154 START_PROFILE(SMBlseek);
3156 CHECK_FSP(fsp,conn);
3158 flush_write_cache(fsp, SEEK_FLUSH);
3160 mode = SVAL(inbuf,smb_vwv1) & 3;
3161 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3162 startpos = (SMB_OFF_T)IVALS(inbuf,smb_vwv2);
3171 res = fsp->fh->pos + startpos;
3182 if (umode == SEEK_END) {
3183 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
3184 if(errno == EINVAL) {
3185 SMB_OFF_T current_pos = startpos;
3186 SMB_STRUCT_STAT sbuf;
3188 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3189 END_PROFILE(SMBlseek);
3190 return(UNIXERROR(ERRDOS,ERRnoaccess));
3193 current_pos += sbuf.st_size;
3195 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
3200 END_PROFILE(SMBlseek);
3201 return(UNIXERROR(ERRDOS,ERRnoaccess));
3207 outsize = set_message(outbuf,2,0,True);
3208 SIVAL(outbuf,smb_vwv0,res);
3210 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
3211 fsp->fnum, (double)startpos, (double)res, mode));
3213 END_PROFILE(SMBlseek);
3217 /****************************************************************************
3219 ****************************************************************************/
3221 int reply_flush(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3223 int outsize = set_message(outbuf,0,0,False);
3224 uint16 fnum = SVAL(inbuf,smb_vwv0);
3225 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3226 START_PROFILE(SMBflush);
3229 CHECK_FSP(fsp,conn);
3232 file_sync_all(conn);
3234 sync_file(conn,fsp, True);
3237 DEBUG(3,("flush\n"));
3238 END_PROFILE(SMBflush);
3242 /****************************************************************************
3244 conn POINTER CAN BE NULL HERE !
3245 ****************************************************************************/
3247 int reply_exit(connection_struct *conn,
3248 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3251 START_PROFILE(SMBexit);
3253 file_close_pid(SVAL(inbuf,smb_pid),SVAL(inbuf,smb_uid));
3255 outsize = set_message(outbuf,0,0,False);
3257 DEBUG(3,("exit\n"));
3259 END_PROFILE(SMBexit);
3263 /****************************************************************************
3264 Reply to a close - has to deal with closing a directory opened by NT SMB's.
3265 ****************************************************************************/
3267 int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size,
3272 int32 eclass = 0, err = 0;
3273 files_struct *fsp = NULL;
3274 START_PROFILE(SMBclose);
3276 outsize = set_message(outbuf,0,0,False);
3278 /* If it's an IPC, pass off to the pipe handler. */
3280 END_PROFILE(SMBclose);
3281 return reply_pipe_close(conn, inbuf,outbuf);
3284 fsp = file_fsp(inbuf,smb_vwv0);
3287 * We can only use CHECK_FSP if we know it's not a directory.
3290 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
3291 END_PROFILE(SMBclose);
3292 return ERROR_DOS(ERRDOS,ERRbadfid);
3295 if(fsp->is_directory) {
3297 * Special case - close NT SMB directory handle.
3299 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
3300 close_file(fsp,NORMAL_CLOSE);
3303 * Close ordinary file.
3307 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
3308 fsp->fh->fd, fsp->fnum,
3309 conn->num_files_open));
3312 * Take care of any time sent in the close.
3315 mtime = srv_make_unix_date3(inbuf+smb_vwv1);
3316 fsp_set_pending_modtime(fsp, mtime);
3319 * close_file() returns the unix errno if an error
3320 * was detected on close - normally this is due to
3321 * a disk full error. If not then it was probably an I/O error.
3324 if((close_err = close_file(fsp,NORMAL_CLOSE)) != 0) {
3326 END_PROFILE(SMBclose);
3327 return (UNIXERROR(ERRHRD,ERRgeneral));
3331 /* We have a cached error */
3333 END_PROFILE(SMBclose);
3334 return ERROR_DOS(eclass,err);
3337 END_PROFILE(SMBclose);
3341 /****************************************************************************
3342 Reply to a writeclose (Core+ protocol).
3343 ****************************************************************************/
3345 int reply_writeclose(connection_struct *conn,
3346 char *inbuf,char *outbuf, int size, int dum_buffsize)
3349 ssize_t nwritten = -1;
3355 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3356 START_PROFILE(SMBwriteclose);
3358 CHECK_FSP(fsp,conn);
3359 if (!CHECK_WRITE(fsp)) {
3360 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3363 numtowrite = SVAL(inbuf,smb_vwv1);
3364 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3365 mtime = srv_make_unix_date3(inbuf+smb_vwv4);
3366 data = smb_buf(inbuf) + 1;
3368 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3369 END_PROFILE(SMBwriteclose);
3370 return ERROR_DOS(ERRDOS,ERRlock);
3373 nwritten = write_file(fsp,data,startpos,numtowrite);
3375 set_filetime(conn, fsp->fsp_name,mtime);
3378 * More insanity. W2K only closes the file if writelen > 0.
3383 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
3385 close_err = close_file(fsp,NORMAL_CLOSE);
3388 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
3389 fsp->fnum, (int)numtowrite, (int)nwritten,
3390 conn->num_files_open));
3392 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3393 END_PROFILE(SMBwriteclose);
3394 return(UNIXERROR(ERRHRD,ERRdiskfull));
3397 if(close_err != 0) {
3399 END_PROFILE(SMBwriteclose);
3400 return(UNIXERROR(ERRHRD,ERRgeneral));
3403 outsize = set_message(outbuf,1,0,True);
3405 SSVAL(outbuf,smb_vwv0,nwritten);
3406 END_PROFILE(SMBwriteclose);
3411 #define DBGC_CLASS DBGC_LOCKING
3413 /****************************************************************************
3415 ****************************************************************************/
3417 int reply_lock(connection_struct *conn,
3418 char *inbuf,char *outbuf, int length, int dum_buffsize)
3420 int outsize = set_message(outbuf,0,0,False);
3421 SMB_BIG_UINT count,offset;
3423 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3424 struct byte_range_lock *br_lck = NULL;
3426 START_PROFILE(SMBlock);
3428 CHECK_FSP(fsp,conn);
3430 release_level_2_oplocks_on_change(fsp);
3432 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3433 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3435 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3436 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
3438 br_lck = do_lock(fsp,
3439 (uint32)SVAL(inbuf,smb_pid),
3444 False, /* Non-blocking lock. */
3447 TALLOC_FREE(br_lck);
3449 if (NT_STATUS_V(status)) {
3450 END_PROFILE(SMBlock);
3451 return ERROR_NT(status);
3454 END_PROFILE(SMBlock);
3458 /****************************************************************************
3460 ****************************************************************************/
3462 int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size,
3465 int outsize = set_message(outbuf,0,0,False);
3466 SMB_BIG_UINT count,offset;
3468 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3469 START_PROFILE(SMBunlock);
3471 CHECK_FSP(fsp,conn);
3473 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3474 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3476 status = do_unlock(fsp,
3477 (uint32)SVAL(inbuf,smb_pid),
3482 if (NT_STATUS_V(status)) {
3483 END_PROFILE(SMBunlock);
3484 return ERROR_NT(status);
3487 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3488 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
3490 END_PROFILE(SMBunlock);
3495 #define DBGC_CLASS DBGC_ALL
3497 /****************************************************************************
3499 conn POINTER CAN BE NULL HERE !
3500 ****************************************************************************/
3502 int reply_tdis(connection_struct *conn,
3503 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3505 int outsize = set_message(outbuf,0,0,False);
3507 START_PROFILE(SMBtdis);
3509 vuid = SVAL(inbuf,smb_uid);
3512 DEBUG(4,("Invalid connection in tdis\n"));
3513 END_PROFILE(SMBtdis);
3514 return ERROR_DOS(ERRSRV,ERRinvnid);
3519 close_cnum(conn,vuid);
3521 END_PROFILE(SMBtdis);
3525 /****************************************************************************
3527 conn POINTER CAN BE NULL HERE !
3528 ****************************************************************************/
3530 int reply_echo(connection_struct *conn,
3531 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3533 int smb_reverb = SVAL(inbuf,smb_vwv0);
3535 unsigned int data_len = smb_buflen(inbuf);
3536 int outsize = set_message(outbuf,1,data_len,True);
3537 START_PROFILE(SMBecho);
3539 if (data_len > BUFFER_SIZE) {
3540 DEBUG(0,("reply_echo: data_len too large.\n"));
3541 END_PROFILE(SMBecho);
3545 /* copy any incoming data back out */
3547 memcpy(smb_buf(outbuf),smb_buf(inbuf),data_len);
3549 if (smb_reverb > 100) {
3550 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
3554 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
3555 SSVAL(outbuf,smb_vwv0,seq_num);
3557 smb_setlen(outbuf,outsize - 4);
3560 if (!send_smb(smbd_server_fd(),outbuf))
3561 exit_server_cleanly("reply_echo: send_smb failed.");
3564 DEBUG(3,("echo %d times\n", smb_reverb));
3568 END_PROFILE(SMBecho);
3572 /****************************************************************************
3573 Reply to a printopen.
3574 ****************************************************************************/
3576 int reply_printopen(connection_struct *conn,
3577 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3583 START_PROFILE(SMBsplopen);
3585 if (!CAN_PRINT(conn)) {
3586 END_PROFILE(SMBsplopen);
3587 return ERROR_DOS(ERRDOS,ERRnoaccess);
3590 /* Open for exclusive use, write only. */
3591 status = print_fsp_open(conn, NULL, &fsp);
3593 if (!NT_STATUS_IS_OK(status)) {
3594 END_PROFILE(SMBsplopen);
3595 return(ERROR_NT(status));
3598 outsize = set_message(outbuf,1,0,True);
3599 SSVAL(outbuf,smb_vwv0,fsp->fnum);
3601 DEBUG(3,("openprint fd=%d fnum=%d\n",
3602 fsp->fh->fd, fsp->fnum));
3604 END_PROFILE(SMBsplopen);
3608 /****************************************************************************
3609 Reply to a printclose.
3610 ****************************************************************************/
3612 int reply_printclose(connection_struct *conn,
3613 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3615 int outsize = set_message(outbuf,0,0,False);
3616 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3618 START_PROFILE(SMBsplclose);
3620 CHECK_FSP(fsp,conn);
3622 if (!CAN_PRINT(conn)) {
3623 END_PROFILE(SMBsplclose);
3624 return ERROR_NT(NT_STATUS_DOS(ERRSRV, ERRerror));
3627 DEBUG(3,("printclose fd=%d fnum=%d\n",
3628 fsp->fh->fd,fsp->fnum));
3630 close_err = close_file(fsp,NORMAL_CLOSE);
3632 if(close_err != 0) {
3634 END_PROFILE(SMBsplclose);
3635 return(UNIXERROR(ERRHRD,ERRgeneral));
3638 END_PROFILE(SMBsplclose);
3642 /****************************************************************************
3643 Reply to a printqueue.
3644 ****************************************************************************/
3646 int reply_printqueue(connection_struct *conn,
3647 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3649 int outsize = set_message(outbuf,2,3,True);
3650 int max_count = SVAL(inbuf,smb_vwv0);
3651 int start_index = SVAL(inbuf,smb_vwv1);
3652 START_PROFILE(SMBsplretq);
3654 /* we used to allow the client to get the cnum wrong, but that
3655 is really quite gross and only worked when there was only
3656 one printer - I think we should now only accept it if they
3657 get it right (tridge) */
3658 if (!CAN_PRINT(conn)) {
3659 END_PROFILE(SMBsplretq);
3660 return ERROR_DOS(ERRDOS,ERRnoaccess);
3663 SSVAL(outbuf,smb_vwv0,0);
3664 SSVAL(outbuf,smb_vwv1,0);
3665 SCVAL(smb_buf(outbuf),0,1);
3666 SSVAL(smb_buf(outbuf),1,0);
3668 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
3669 start_index, max_count));
3672 print_queue_struct *queue = NULL;
3673 print_status_struct status;
3674 char *p = smb_buf(outbuf) + 3;
3675 int count = print_queue_status(SNUM(conn), &queue, &status);
3676 int num_to_get = ABS(max_count);
3677 int first = (max_count>0?start_index:start_index+max_count+1);
3683 num_to_get = MIN(num_to_get,count-first);
3686 for (i=first;i<first+num_to_get;i++) {
3687 srv_put_dos_date2(p,0,queue[i].time);
3688 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
3689 SSVAL(p,5, queue[i].job);
3690 SIVAL(p,7,queue[i].size);
3692 srvstr_push(outbuf, p+12, queue[i].fs_user, 16, STR_ASCII);
3697 outsize = set_message(outbuf,2,28*count+3,False);
3698 SSVAL(outbuf,smb_vwv0,count);
3699 SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1));
3700 SCVAL(smb_buf(outbuf),0,1);
3701 SSVAL(smb_buf(outbuf),1,28*count);
3706 DEBUG(3,("%d entries returned in queue\n",count));
3709 END_PROFILE(SMBsplretq);
3713 /****************************************************************************
3714 Reply to a printwrite.
3715 ****************************************************************************/
3717 int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3720 int outsize = set_message(outbuf,0,0,False);
3722 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3724 START_PROFILE(SMBsplwr);
3726 if (!CAN_PRINT(conn)) {
3727 END_PROFILE(SMBsplwr);
3728 return ERROR_DOS(ERRDOS,ERRnoaccess);
3731 CHECK_FSP(fsp,conn);
3732 if (!CHECK_WRITE(fsp)) {
3733 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3736 numtowrite = SVAL(smb_buf(inbuf),1);
3737 data = smb_buf(inbuf) + 3;
3739 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
3740 END_PROFILE(SMBsplwr);
3741 return(UNIXERROR(ERRHRD,ERRdiskfull));
3744 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
3746 END_PROFILE(SMBsplwr);
3750 /****************************************************************************
3752 ****************************************************************************/
3754 int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3759 BOOL bad_path = False;
3760 SMB_STRUCT_STAT sbuf;
3762 START_PROFILE(SMBmkdir);
3764 srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, &status);
3765 if (!NT_STATUS_IS_OK(status)) {
3766 END_PROFILE(SMBmkdir);
3767 return ERROR_NT(status);
3770 RESOLVE_DFSPATH(directory, conn, inbuf, outbuf);
3772 unix_convert(directory,conn,0,&bad_path,&sbuf);
3774 END_PROFILE(SMBmkdir);
3775 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
3778 status = create_directory(conn, directory);
3780 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
3782 if (!NT_STATUS_IS_OK(status)) {
3784 if (!use_nt_status()
3785 && NT_STATUS_EQUAL(status,
3786 NT_STATUS_OBJECT_NAME_COLLISION)) {
3788 * Yes, in the DOS error code case we get a
3789 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
3790 * samba4 torture test.
3792 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
3795 END_PROFILE(SMBmkdir);
3796 return ERROR_NT(status);
3799 outsize = set_message(outbuf,0,0,False);
3801 DEBUG( 3, ( "mkdir %s ret=%d\n", directory, outsize ) );
3803 END_PROFILE(SMBmkdir);
3807 /****************************************************************************
3808 Static function used by reply_rmdir to delete an entire directory
3809 tree recursively. Return True on ok, False on fail.
3810 ****************************************************************************/
3812 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
3814 const char *dname = NULL;
3817 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
3822 while((dname = ReadDirName(dir_hnd, &offset))) {
3826 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3829 if (!is_visible_file(conn, directory, dname, &st, False))
3832 /* Construct the full name. */
3833 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
3839 pstrcpy(fullname, directory);
3840 pstrcat(fullname, "/");
3841 pstrcat(fullname, dname);
3843 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
3848 if(st.st_mode & S_IFDIR) {
3849 if(!recursive_rmdir(conn, fullname)) {
3853 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
3857 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
3866 /****************************************************************************
3867 The internals of the rmdir code - called elsewhere.
3868 ****************************************************************************/
3870 BOOL rmdir_internals(connection_struct *conn, const char *directory)
3875 ok = (SMB_VFS_RMDIR(conn,directory) == 0);
3876 if(!ok && ((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
3878 * Check to see if the only thing in this directory are
3879 * vetoed files/directories. If so then delete them and
3880 * retry. If we fail to delete any of them (and we *don't*
3881 * do a recursive delete) then fail the rmdir.
3885 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
3887 if(dir_hnd == NULL) {
3892 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
3893 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3895 if (!is_visible_file(conn, directory, dname, &st, False))
3897 if(!IS_VETO_PATH(conn, dname)) {
3904 /* We only have veto files/directories. Recursive delete. */
3906 RewindDir(dir_hnd,&dirpos);
3907 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
3910 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3912 if (!is_visible_file(conn, directory, dname, &st, False))
3915 /* Construct the full name. */
3916 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
3921 pstrcpy(fullname, directory);
3922 pstrcat(fullname, "/");
3923 pstrcat(fullname, dname);
3925 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
3927 if(st.st_mode & S_IFDIR) {
3928 if(lp_recursive_veto_delete(SNUM(conn))) {
3929 if(!recursive_rmdir(conn, fullname))
3932 if(SMB_VFS_RMDIR(conn,fullname) != 0)
3934 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
3938 /* Retry the rmdir */
3939 ok = (SMB_VFS_RMDIR(conn,directory) == 0);
3945 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
3946 "%s\n", directory,strerror(errno)));
3953 /****************************************************************************
3955 ****************************************************************************/
3957 int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3962 BOOL bad_path = False;
3963 SMB_STRUCT_STAT sbuf;
3965 START_PROFILE(SMBrmdir);
3967 srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, &status);
3968 if (!NT_STATUS_IS_OK(status)) {
3969 END_PROFILE(SMBrmdir);
3970 return ERROR_NT(status);
3973 RESOLVE_DFSPATH(directory, conn, inbuf, outbuf)
3975 unix_convert(directory,conn, NULL,&bad_path,&sbuf);
3977 END_PROFILE(SMBrmdir);
3978 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
3981 if (check_name(directory,conn)) {
3982 dptr_closepath(directory,SVAL(inbuf,smb_pid));
3983 ok = rmdir_internals(conn, directory);
3987 END_PROFILE(SMBrmdir);
3988 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRbadpath);
3991 outsize = set_message(outbuf,0,0,False);
3993 DEBUG( 3, ( "rmdir %s\n", directory ) );
3995 END_PROFILE(SMBrmdir);
3999 /*******************************************************************
4000 Resolve wildcards in a filename rename.
4001 Note that name is in UNIX charset and thus potentially can be more
4002 than fstring buffer (255 bytes) especially in default UTF-8 case.
4003 Therefore, we use pstring inside and all calls should ensure that
4004 name2 is at least pstring-long (they do already)
4005 ********************************************************************/
4007 static BOOL resolve_wildcards(const char *name1, char *name2)
4009 pstring root1,root2;
4011 char *p,*p2, *pname1, *pname2;
4012 int available_space, actual_space;
4015 pname1 = strrchr_m(name1,'/');
4016 pname2 = strrchr_m(name2,'/');
4018 if (!pname1 || !pname2)
4021 pstrcpy(root1,pname1);
4022 pstrcpy(root2,pname2);
4023 p = strrchr_m(root1,'.');
4030 p = strrchr_m(root2,'.');
4044 } else if (*p2 == '*') {
4060 } else if (*p2 == '*') {
4070 available_space = sizeof(pstring) - PTR_DIFF(pname2, name2);
4073 actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
4074 if (actual_space >= available_space - 1) {
4075 DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n",
4076 actual_space - available_space));
4079 pstrcpy_base(pname2, root2, name2);
4085 /****************************************************************************
4086 Ensure open files have their names updated. Updated to notify other smbd's
4088 ****************************************************************************/
4090 static void rename_open_files(connection_struct *conn, struct share_mode_lock *lck,
4091 SMB_DEV_T dev, SMB_INO_T inode, const char *newname)
4094 BOOL did_rename = False;
4096 for(fsp = file_find_di_first(dev, inode); fsp; fsp = file_find_di_next(fsp)) {
4097 /* fsp_name is a relative path under the fsp. To change this for other
4098 sharepaths we need to manipulate relative paths. */
4099 /* TODO - create the absolute path and manipulate the newname
4100 relative to the sharepath. */
4101 if (fsp->conn != conn) {
4104 DEBUG(10,("rename_open_files: renaming file fnum %d (dev = %x, inode = %.0f) from %s -> %s\n",
4105 fsp->fnum, (unsigned int)fsp->dev, (double)fsp->inode,
4106 fsp->fsp_name, newname ));
4107 string_set(&fsp->fsp_name, newname);
4112 DEBUG(10,("rename_open_files: no open files on dev %x, inode %.0f for %s\n",
4113 (unsigned int)dev, (double)inode, newname ));
4116 /* Send messages to all smbd's (not ourself) that the name has changed. */
4117 rename_share_filename(lck, conn->connectpath, newname);
4120 /****************************************************************************
4121 We need to check if the source path is a parent directory of the destination
4122 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
4123 refuse the rename with a sharing violation. Under UNIX the above call can
4124 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
4125 probably need to check that the client is a Windows one before disallowing
4126 this as a UNIX client (one with UNIX extensions) can know the source is a
4127 symlink and make this decision intelligently. Found by an excellent bug
4128 report from <AndyLiebman@aol.com>.
4129 ****************************************************************************/
4131 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
4133 const char *psrc = src;
4134 const char *pdst = dest;
4137 if (psrc[0] == '.' && psrc[1] == '/') {
4140 if (pdst[0] == '.' && pdst[1] == '/') {
4143 if ((slen = strlen(psrc)) > strlen(pdst)) {
4146 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
4149 /****************************************************************************
4150 Rename an open file - given an fsp.
4151 ****************************************************************************/
4153 NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, char *newname, uint32 attrs, BOOL replace_if_exists)
4155 SMB_STRUCT_STAT sbuf;
4156 BOOL bad_path = False;
4157 pstring newname_last_component;
4158 NTSTATUS error = NT_STATUS_OK;
4161 struct share_mode_lock *lck = NULL;
4164 rcdest = unix_convert(newname,conn,newname_last_component,&bad_path,&sbuf);
4166 /* Quick check for "." and ".." */
4167 if (!bad_path && newname_last_component[0] == '.') {
4168 if (!newname_last_component[1] || (newname_last_component[1] == '.' && !newname_last_component[2])) {
4169 return NT_STATUS_ACCESS_DENIED;
4172 if (!rcdest && bad_path) {
4173 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4176 /* Ensure newname contains a '/' */
4177 if(strrchr_m(newname,'/') == 0) {
4180 pstrcpy(tmpstr, "./");
4181 pstrcat(tmpstr, newname);
4182 pstrcpy(newname, tmpstr);
4186 * Check for special case with case preserving and not
4187 * case sensitive. If the old last component differs from the original
4188 * last component only by case, then we should allow
4189 * the rename (user is trying to change the case of the
4193 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
4194 strequal(newname, fsp->fsp_name)) {
4196 pstring newname_modified_last_component;
4199 * Get the last component of the modified name.
4200 * Note that we guarantee that newname contains a '/'
4203 p = strrchr_m(newname,'/');
4204 pstrcpy(newname_modified_last_component,p+1);
4206 if(strcsequal(newname_modified_last_component,
4207 newname_last_component) == False) {
4209 * Replace the modified last component with
4212 pstrcpy(p+1, newname_last_component);
4217 * If the src and dest names are identical - including case,
4218 * don't do the rename, just return success.
4221 if (strcsequal(fsp->fsp_name, newname)) {
4222 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
4224 return NT_STATUS_OK;
4227 dest_exists = vfs_object_exist(conn,newname,NULL);
4229 if(!replace_if_exists && dest_exists) {
4230 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
4231 fsp->fsp_name,newname));
4232 return NT_STATUS_OBJECT_NAME_COLLISION;
4235 error = can_rename(conn,newname,attrs,&sbuf);
4237 if (dest_exists && !NT_STATUS_IS_OK(error)) {
4238 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4239 nt_errstr(error), fsp->fsp_name,newname));
4240 if (NT_STATUS_EQUAL(error,NT_STATUS_SHARING_VIOLATION))
4241 error = NT_STATUS_ACCESS_DENIED;
4245 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
4246 return NT_STATUS_ACCESS_DENIED;
4249 lck = get_share_mode_lock(NULL, fsp->dev, fsp->inode, NULL, NULL);
4251 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
4252 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
4253 fsp->fsp_name,newname));
4254 rename_open_files(conn, lck, fsp->dev, fsp->inode, newname);
4256 return NT_STATUS_OK;
4261 if (errno == ENOTDIR || errno == EISDIR) {
4262 error = NT_STATUS_OBJECT_NAME_COLLISION;
4264 error = map_nt_error_from_unix(errno);
4267 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
4268 nt_errstr(error), fsp->fsp_name,newname));
4273 /****************************************************************************
4274 The guts of the rename command, split out so it may be called by the NT SMB
4276 ****************************************************************************/
4278 NTSTATUS rename_internals(connection_struct *conn, char *name, char *newname, uint32 attrs, BOOL replace_if_exists, BOOL has_wild)
4282 pstring last_component_src;
4283 pstring last_component_dest;
4285 BOOL bad_path_src = False;
4286 BOOL bad_path_dest = False;
4288 NTSTATUS error = NT_STATUS_OK;
4291 SMB_STRUCT_STAT sbuf1, sbuf2;
4292 struct share_mode_lock *lck = NULL;
4294 *directory = *mask = 0;
4299 rc = unix_convert(name,conn,last_component_src,&bad_path_src,&sbuf1);
4300 if (!rc && bad_path_src) {
4301 if (ms_has_wild(last_component_src))
4302 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4303 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4306 /* Quick check for "." and ".." */
4307 if (last_component_src[0] == '.') {
4308 if (!last_component_src[1] || (last_component_src[1] == '.' && !last_component_src[2])) {
4309 return NT_STATUS_OBJECT_NAME_INVALID;
4313 rcdest = unix_convert(newname,conn,last_component_dest,&bad_path_dest,&sbuf2);
4315 /* Quick check for "." and ".." */
4316 if (last_component_dest[0] == '.') {
4317 if (!last_component_dest[1] || (last_component_dest[1] == '.' && !last_component_dest[2])) {
4318 return NT_STATUS_OBJECT_NAME_INVALID;
4323 * Split the old name into directory and last component
4324 * strings. Note that unix_convert may have stripped off a
4325 * leading ./ from both name and newname if the rename is
4326 * at the root of the share. We need to make sure either both
4327 * name and newname contain a / character or neither of them do
4328 * as this is checked in resolve_wildcards().
4331 p = strrchr_m(name,'/');
4333 pstrcpy(directory,".");
4337 pstrcpy(directory,name);
4339 *p = '/'; /* Replace needed for exceptional test below. */
4343 * We should only check the mangled cache
4344 * here if unix_convert failed. This means
4345 * that the path in 'mask' doesn't exist
4346 * on the file system and so we need to look
4347 * for a possible mangle. This patch from
4348 * Tine Smukavec <valentin.smukavec@hermes.si>.
4351 if (!rc && mangle_is_mangled(mask, conn->params))
4352 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
4356 * No wildcards - just process the one file.
4358 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
4360 /* Add a terminating '/' to the directory name. */
4361 pstrcat(directory,"/");
4362 pstrcat(directory,mask);
4364 /* Ensure newname contains a '/' also */
4365 if(strrchr_m(newname,'/') == 0) {
4368 pstrcpy(tmpstr, "./");
4369 pstrcat(tmpstr, newname);
4370 pstrcpy(newname, tmpstr);
4373 DEBUG(3,("rename_internals: case_sensitive = %d, case_preserve = %d, short case preserve = %d, \
4374 directory = %s, newname = %s, last_component_dest = %s, is_8_3 = %d\n",
4375 conn->case_sensitive, conn->case_preserve, conn->short_case_preserve, directory,
4376 newname, last_component_dest, is_short_name));
4379 * Check for special case with case preserving and not
4380 * case sensitive, if directory and newname are identical,
4381 * and the old last component differs from the original
4382 * last component only by case, then we should allow
4383 * the rename (user is trying to change the case of the
4386 if((conn->case_sensitive == False) &&
4387 (((conn->case_preserve == True) &&
4388 (is_short_name == False)) ||
4389 ((conn->short_case_preserve == True) &&
4390 (is_short_name == True))) &&
4391 strcsequal(directory, newname)) {
4392 pstring modified_last_component;
4395 * Get the last component of the modified name.
4396 * Note that we guarantee that newname contains a '/'
4399 p = strrchr_m(newname,'/');
4400 pstrcpy(modified_last_component,p+1);
4402 if(strcsequal(modified_last_component,
4403 last_component_dest) == False) {
4405 * Replace the modified last component with
4408 pstrcpy(p+1, last_component_dest);
4412 resolve_wildcards(directory,newname);
4415 * The source object must exist.
4418 if (!vfs_object_exist(conn, directory, &sbuf1)) {
4419 DEBUG(3,("rename_internals: source doesn't exist doing rename %s -> %s\n",
4420 directory,newname));
4422 if (errno == ENOTDIR || errno == EISDIR || errno == ENOENT) {
4424 * Must return different errors depending on whether the parent
4425 * directory existed or not.
4428 p = strrchr_m(directory, '/');
4430 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4432 if (vfs_object_exist(conn, directory, NULL))
4433 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4434 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4436 error = map_nt_error_from_unix(errno);
4437 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4438 nt_errstr(error), directory,newname));
4443 if (!rcdest && bad_path_dest) {
4444 if (ms_has_wild(last_component_dest))
4445 return NT_STATUS_OBJECT_NAME_INVALID;
4446 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4449 error = can_rename(conn,directory,attrs,&sbuf1);
4451 if (!NT_STATUS_IS_OK(error)) {
4452 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4453 nt_errstr(error), directory,newname));
4458 * If the src and dest names are identical - including case,
4459 * don't do the rename, just return success.
4462 if (strcsequal(directory, newname)) {
4463 rename_open_files(conn, NULL, sbuf1.st_dev, sbuf1.st_ino, newname);
4464 DEBUG(3,("rename_internals: identical names in rename %s - returning success\n", directory));
4465 return NT_STATUS_OK;
4468 if(!replace_if_exists && vfs_object_exist(conn,newname,NULL)) {
4469 DEBUG(3,("rename_internals: dest exists doing rename %s -> %s\n",
4470 directory,newname));
4471 return NT_STATUS_OBJECT_NAME_COLLISION;
4474 if (rename_path_prefix_equal(directory, newname)) {
4475 return NT_STATUS_SHARING_VIOLATION;
4478 lck = get_share_mode_lock(NULL, sbuf1.st_dev, sbuf1.st_ino, NULL, NULL);
4480 if(SMB_VFS_RENAME(conn,directory, newname) == 0) {
4481 DEBUG(3,("rename_internals: succeeded doing rename on %s -> %s\n",
4482 directory,newname));
4483 rename_open_files(conn, lck, sbuf1.st_dev, sbuf1.st_ino, newname);
4485 return NT_STATUS_OK;
4489 if (errno == ENOTDIR || errno == EISDIR)
4490 error = NT_STATUS_OBJECT_NAME_COLLISION;
4492 error = map_nt_error_from_unix(errno);
4494 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4495 nt_errstr(error), directory,newname));
4500 * Wildcards - process each file that matches.
4502 struct smb_Dir *dir_hnd = NULL;
4506 if (strequal(mask,"????????.???"))
4509 if (check_name(directory,conn))
4510 dir_hnd = OpenDir(conn, directory, mask, attrs);
4514 error = NT_STATUS_NO_SUCH_FILE;
4515 /* Was error = NT_STATUS_OBJECT_NAME_NOT_FOUND; - gentest fix. JRA */
4517 while ((dname = ReadDirName(dir_hnd, &offset))) {
4519 BOOL sysdir_entry = False;
4521 pstrcpy(fname,dname);
4523 /* Quick check for "." and ".." */
4524 if (fname[0] == '.') {
4525 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
4527 sysdir_entry = True;
4534 if (!is_visible_file(conn, directory, dname, &sbuf1, False))
4537 if(!mask_match(fname, mask, conn->case_sensitive))
4541 error = NT_STATUS_OBJECT_NAME_INVALID;
4545 error = NT_STATUS_ACCESS_DENIED;
4546 slprintf(fname,sizeof(fname)-1,"%s/%s",directory,dname);
4547 if (!vfs_object_exist(conn, fname, &sbuf1)) {
4548 error = NT_STATUS_OBJECT_NAME_NOT_FOUND;
4549 DEBUG(6,("rename %s failed. Error %s\n", fname, nt_errstr(error)));
4552 error = can_rename(conn,fname,attrs,&sbuf1);
4553 if (!NT_STATUS_IS_OK(error)) {
4554 DEBUG(6,("rename %s refused\n", fname));
4557 pstrcpy(destname,newname);
4559 if (!resolve_wildcards(fname,destname)) {
4560 DEBUG(6,("resolve_wildcards %s %s failed\n",
4565 if (strcsequal(fname,destname)) {
4566 rename_open_files(conn, NULL, sbuf1.st_dev, sbuf1.st_ino, newname);
4567 DEBUG(3,("rename_internals: identical names in wildcard rename %s - success\n", fname));
4569 error = NT_STATUS_OK;
4573 if (!replace_if_exists &&
4574 vfs_file_exist(conn,destname, NULL)) {
4575 DEBUG(6,("file_exist %s\n", destname));
4576 error = NT_STATUS_OBJECT_NAME_COLLISION;
4580 if (rename_path_prefix_equal(fname, destname)) {
4581 return NT_STATUS_SHARING_VIOLATION;
4584 lck = get_share_mode_lock(NULL, sbuf1.st_dev, sbuf1.st_ino, NULL, NULL);
4586 if (!SMB_VFS_RENAME(conn,fname,destname)) {
4587 rename_open_files(conn, lck, sbuf1.st_dev, sbuf1.st_ino, newname);
4589 error = NT_STATUS_OK;
4592 DEBUG(3,("rename_internals: doing rename on %s -> %s\n",fname,destname));
4597 if (!NT_STATUS_EQUAL(error,NT_STATUS_NO_SUCH_FILE)) {
4598 if (!rcdest && bad_path_dest) {
4599 if (ms_has_wild(last_component_dest))
4600 return NT_STATUS_OBJECT_NAME_INVALID;
4601 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4606 if (count == 0 && NT_STATUS_IS_OK(error)) {
4607 error = map_nt_error_from_unix(errno);
4613 /****************************************************************************
4615 ****************************************************************************/
4617 int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
4624 uint32 attrs = SVAL(inbuf,smb_vwv0);
4626 BOOL path1_contains_wcard = False;
4627 BOOL path2_contains_wcard = False;
4629 START_PROFILE(SMBmv);
4631 p = smb_buf(inbuf) + 1;
4632 p += srvstr_get_path_wcard(inbuf, name, p, sizeof(name), 0, STR_TERMINATE, &status, &path1_contains_wcard);
4633 if (!NT_STATUS_IS_OK(status)) {
4635 return ERROR_NT(status);
4638 p += srvstr_get_path_wcard(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status, &path2_contains_wcard);
4639 if (!NT_STATUS_IS_OK(status)) {
4641 return ERROR_NT(status);
4644 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
4645 RESOLVE_DFSPATH_WCARD(newname, conn, inbuf, outbuf);
4647 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
4649 status = rename_internals(conn, name, newname, attrs, False, path1_contains_wcard);
4650 if (!NT_STATUS_IS_OK(status)) {
4652 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
4653 /* We have re-scheduled this call. */
4656 return ERROR_NT(status);
4660 * Win2k needs a changenotify request response before it will
4661 * update after a rename..
4663 process_pending_change_notify_queue((time_t)0);
4664 outsize = set_message(outbuf,0,0,False);
4670 /*******************************************************************
4671 Copy a file as part of a reply_copy.
4672 ******************************************************************/
4674 BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun,
4675 int count,BOOL target_is_directory, int *err_ret)
4677 SMB_STRUCT_STAT src_sbuf, sbuf2;
4679 files_struct *fsp1,*fsp2;
4682 uint32 new_create_disposition;
4687 pstrcpy(dest,dest1);
4688 if (target_is_directory) {
4689 char *p = strrchr_m(src,'/');
4699 if (!vfs_file_exist(conn,src,&src_sbuf)) {
4703 if (!target_is_directory && count) {
4704 new_create_disposition = FILE_OPEN;
4706 if (!map_open_params_to_ntcreate(dest1,0,ofun,
4707 NULL, NULL, &new_create_disposition, NULL)) {
4712 status = open_file_ntcreate(conn,src,&src_sbuf,
4714 FILE_SHARE_READ|FILE_SHARE_WRITE,
4717 FILE_ATTRIBUTE_NORMAL,
4721 if (!NT_STATUS_IS_OK(status)) {
4725 dosattrs = dos_mode(conn, src, &src_sbuf);
4726 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
4727 ZERO_STRUCTP(&sbuf2);
4730 status = open_file_ntcreate(conn,dest,&sbuf2,
4732 FILE_SHARE_READ|FILE_SHARE_WRITE,
4733 new_create_disposition,
4739 if (!NT_STATUS_IS_OK(status)) {
4740 close_file(fsp1,ERROR_CLOSE);
4744 if ((ofun&3) == 1) {
4745 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
4746 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
4748 * Stop the copy from occurring.
4751 src_sbuf.st_size = 0;
4755 if (src_sbuf.st_size) {
4756 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
4759 close_file(fsp1,NORMAL_CLOSE);
4761 /* Ensure the modtime is set correctly on the destination file. */
4762 fsp_set_pending_modtime( fsp2, src_sbuf.st_mtime);
4765 * As we are opening fsp1 read-only we only expect
4766 * an error on close on fsp2 if we are out of space.
4767 * Thus we don't look at the error return from the
4770 *err_ret = close_file(fsp2,NORMAL_CLOSE);
4772 return(ret == (SMB_OFF_T)src_sbuf.st_size);
4775 /****************************************************************************
4776 Reply to a file copy.
4777 ****************************************************************************/
4779 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4784 pstring mask,newname;
4787 int error = ERRnoaccess;
4791 int tid2 = SVAL(inbuf,smb_vwv0);
4792 int ofun = SVAL(inbuf,smb_vwv1);
4793 int flags = SVAL(inbuf,smb_vwv2);
4794 BOOL target_is_directory=False;
4795 BOOL bad_path1 = False;
4796 BOOL bad_path2 = False;
4797 BOOL path_contains_wcard1 = False;
4798 BOOL path_contains_wcard2 = False;
4800 SMB_STRUCT_STAT sbuf1, sbuf2;
4802 START_PROFILE(SMBcopy);
4804 *directory = *mask = 0;
4807 p += srvstr_get_path_wcard(inbuf, name, p, sizeof(name), 0, STR_TERMINATE, &status, &path_contains_wcard1);
4808 if (!NT_STATUS_IS_OK(status)) {
4809 END_PROFILE(SMBcopy);
4810 return ERROR_NT(status);
4812 p += srvstr_get_path_wcard(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status, &path_contains_wcard2);
4813 if (!NT_STATUS_IS_OK(status)) {
4814 END_PROFILE(SMBcopy);
4815 return ERROR_NT(status);
4818 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
4820 if (tid2 != conn->cnum) {
4821 /* can't currently handle inter share copies XXXX */
4822 DEBUG(3,("Rejecting inter-share copy\n"));
4823 END_PROFILE(SMBcopy);
4824 return ERROR_DOS(ERRSRV,ERRinvdevice);
4827 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
4828 RESOLVE_DFSPATH_WCARD(newname, conn, inbuf, outbuf);
4830 rc = unix_convert(name,conn,0,&bad_path1,&sbuf1);
4831 unix_convert(newname,conn,0,&bad_path2,&sbuf2);
4833 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
4835 if ((flags&1) && target_is_directory) {
4836 END_PROFILE(SMBcopy);
4837 return ERROR_DOS(ERRDOS,ERRbadfile);
4840 if ((flags&2) && !target_is_directory) {
4841 END_PROFILE(SMBcopy);
4842 return ERROR_DOS(ERRDOS,ERRbadpath);
4845 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
4846 /* wants a tree copy! XXXX */
4847 DEBUG(3,("Rejecting tree copy\n"));
4848 END_PROFILE(SMBcopy);
4849 return ERROR_DOS(ERRSRV,ERRerror);
4852 p = strrchr_m(name,'/');
4854 pstrcpy(directory,"./");
4858 pstrcpy(directory,name);
4863 * We should only check the mangled cache
4864 * here if unix_convert failed. This means
4865 * that the path in 'mask' doesn't exist
4866 * on the file system and so we need to look
4867 * for a possible mangle. This patch from
4868 * Tine Smukavec <valentin.smukavec@hermes.si>.
4871 if (!rc && mangle_is_mangled(mask, conn->params))
4872 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
4874 has_wild = path_contains_wcard1;
4877 pstrcat(directory,"/");
4878 pstrcat(directory,mask);
4879 if (resolve_wildcards(directory,newname) &&
4880 copy_file(directory,newname,conn,ofun, count,target_is_directory,&err))
4884 END_PROFILE(SMBcopy);
4885 return(UNIXERROR(ERRHRD,ERRgeneral));
4888 exists = vfs_file_exist(conn,directory,NULL);
4891 struct smb_Dir *dir_hnd = NULL;
4895 if (strequal(mask,"????????.???"))
4898 if (check_name(directory,conn))
4899 dir_hnd = OpenDir(conn, directory, mask, 0);
4905 while ((dname = ReadDirName(dir_hnd, &offset))) {
4907 pstrcpy(fname,dname);
4909 if (!is_visible_file(conn, directory, dname, &sbuf1, False))
4912 if(!mask_match(fname, mask, conn->case_sensitive))
4915 error = ERRnoaccess;
4916 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
4917 pstrcpy(destname,newname);
4918 if (resolve_wildcards(fname,destname) &&
4919 copy_file(fname,destname,conn,ofun,
4920 count,target_is_directory,&err))
4922 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname,destname));
4930 /* Error on close... */
4932 END_PROFILE(SMBcopy);
4933 return(UNIXERROR(ERRHRD,ERRgeneral));
4937 END_PROFILE(SMBcopy);
4938 return ERROR_DOS(ERRDOS,error);
4940 if((errno == ENOENT) && (bad_path1 || bad_path2) &&
4942 /* Samba 3.0.22 has ERRDOS/ERRbadpath in the
4943 * DOS error code case
4945 return ERROR_DOS(ERRDOS, ERRbadpath);
4947 END_PROFILE(SMBcopy);
4948 return(UNIXERROR(ERRDOS,error));
4952 outsize = set_message(outbuf,1,0,True);
4953 SSVAL(outbuf,smb_vwv0,count);
4955 END_PROFILE(SMBcopy);
4959 /****************************************************************************
4961 ****************************************************************************/
4963 int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4971 START_PROFILE(pathworks_setdir);
4974 if (!CAN_SETDIR(snum)) {
4975 END_PROFILE(pathworks_setdir);
4976 return ERROR_DOS(ERRDOS,ERRnoaccess);
4979 srvstr_get_path(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), 0, STR_TERMINATE, &status);
4980 if (!NT_STATUS_IS_OK(status)) {
4981 END_PROFILE(pathworks_setdir);
4982 return ERROR_NT(status);
4985 RESOLVE_DFSPATH(newdir, conn, inbuf, outbuf);
4987 if (strlen(newdir) == 0) {
4990 ok = vfs_directory_exist(conn,newdir,NULL);
4992 set_conn_connectpath(conn,newdir);
4996 END_PROFILE(pathworks_setdir);
4997 return ERROR_DOS(ERRDOS,ERRbadpath);
5000 outsize = set_message(outbuf,0,0,False);
5001 SCVAL(outbuf,smb_reh,CVAL(inbuf,smb_reh));
5003 DEBUG(3,("setdir %s\n", newdir));
5005 END_PROFILE(pathworks_setdir);
5010 #define DBGC_CLASS DBGC_LOCKING
5012 /****************************************************************************
5013 Get a lock pid, dealing with large count requests.
5014 ****************************************************************************/
5016 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
5018 if(!large_file_format)
5019 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
5021 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
5024 /****************************************************************************
5025 Get a lock count, dealing with large count requests.
5026 ****************************************************************************/
5028 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
5030 SMB_BIG_UINT count = 0;
5032 if(!large_file_format) {
5033 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
5036 #if defined(HAVE_LONGLONG)
5037 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
5038 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
5039 #else /* HAVE_LONGLONG */
5042 * NT4.x seems to be broken in that it sends large file (64 bit)
5043 * lockingX calls even if the CAP_LARGE_FILES was *not*
5044 * negotiated. For boxes without large unsigned ints truncate the
5045 * lock count by dropping the top 32 bits.
5048 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
5049 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
5050 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
5051 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
5052 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
5055 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
5056 #endif /* HAVE_LONGLONG */
5062 #if !defined(HAVE_LONGLONG)
5063 /****************************************************************************
5064 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
5065 ****************************************************************************/
5067 static uint32 map_lock_offset(uint32 high, uint32 low)
5071 uint32 highcopy = high;
5074 * Try and find out how many significant bits there are in high.
5077 for(i = 0; highcopy; i++)
5081 * We use 31 bits not 32 here as POSIX
5082 * lock offsets may not be negative.
5085 mask = (~0) << (31 - i);
5088 return 0; /* Fail. */
5094 #endif /* !defined(HAVE_LONGLONG) */
5096 /****************************************************************************
5097 Get a lock offset, dealing with large offset requests.
5098 ****************************************************************************/
5100 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
5102 SMB_BIG_UINT offset = 0;
5106 if(!large_file_format) {
5107 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
5110 #if defined(HAVE_LONGLONG)
5111 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
5112 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
5113 #else /* HAVE_LONGLONG */
5116 * NT4.x seems to be broken in that it sends large file (64 bit)
5117 * lockingX calls even if the CAP_LARGE_FILES was *not*
5118 * negotiated. For boxes without large unsigned ints mangle the
5119 * lock offset by mapping the top 32 bits onto the lower 32.
5122 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
5123 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5124 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
5127 if((new_low = map_lock_offset(high, low)) == 0) {
5129 return (SMB_BIG_UINT)-1;
5132 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
5133 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
5134 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
5135 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
5138 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5139 #endif /* HAVE_LONGLONG */
5145 /****************************************************************************
5146 Reply to a lockingX request.
5147 ****************************************************************************/
5149 int reply_lockingX(connection_struct *conn, char *inbuf, char *outbuf,
5150 int length, int bufsize)
5152 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
5153 unsigned char locktype = CVAL(inbuf,smb_vwv3);
5154 unsigned char oplocklevel = CVAL(inbuf,smb_vwv3+1);
5155 uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
5156 uint16 num_locks = SVAL(inbuf,smb_vwv7);
5157 SMB_BIG_UINT count = 0, offset = 0;
5159 int32 lock_timeout = IVAL(inbuf,smb_vwv4);
5162 BOOL large_file_format =
5163 (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
5165 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5167 START_PROFILE(SMBlockingX);
5169 CHECK_FSP(fsp,conn);
5171 data = smb_buf(inbuf);
5173 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
5174 /* we don't support these - and CANCEL_LOCK makes w2k
5175 and XP reboot so I don't really want to be
5176 compatible! (tridge) */
5177 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
5180 /* Check if this is an oplock break on a file
5181 we have granted an oplock on.
5183 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
5184 /* Client can insist on breaking to none. */
5185 BOOL break_to_none = (oplocklevel == 0);
5188 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
5189 "for fnum = %d\n", (unsigned int)oplocklevel,
5193 * Make sure we have granted an exclusive or batch oplock on
5197 if (fsp->oplock_type == 0) {
5199 /* The Samba4 nbench simulator doesn't understand
5200 the difference between break to level2 and break
5201 to none from level2 - it sends oplock break
5202 replies in both cases. Don't keep logging an error
5203 message here - just ignore it. JRA. */
5205 DEBUG(5,("reply_lockingX: Error : oplock break from "
5206 "client for fnum = %d (oplock=%d) and no "
5207 "oplock granted on this file (%s).\n",
5208 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
5210 /* if this is a pure oplock break request then don't
5212 if (num_locks == 0 && num_ulocks == 0) {
5213 END_PROFILE(SMBlockingX);
5216 END_PROFILE(SMBlockingX);
5217 return ERROR_DOS(ERRDOS,ERRlock);
5221 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
5223 result = remove_oplock(fsp);
5225 result = downgrade_oplock(fsp);
5229 DEBUG(0, ("reply_lockingX: error in removing "
5230 "oplock on file %s\n", fsp->fsp_name));
5231 /* Hmmm. Is this panic justified? */
5232 smb_panic("internal tdb error");
5235 reply_to_oplock_break_requests(fsp);
5237 /* if this is a pure oplock break request then don't send a
5239 if (num_locks == 0 && num_ulocks == 0) {
5240 /* Sanity check - ensure a pure oplock break is not a
5242 if(CVAL(inbuf,smb_vwv0) != 0xff)
5243 DEBUG(0,("reply_lockingX: Error : pure oplock "
5244 "break is a chained %d request !\n",
5245 (unsigned int)CVAL(inbuf,smb_vwv0) ));
5246 END_PROFILE(SMBlockingX);
5252 * We do this check *after* we have checked this is not a oplock break
5253 * response message. JRA.
5256 release_level_2_oplocks_on_change(fsp);
5258 /* Data now points at the beginning of the list
5259 of smb_unlkrng structs */
5260 for(i = 0; i < (int)num_ulocks; i++) {
5261 lock_pid = get_lock_pid( data, i, large_file_format);
5262 count = get_lock_count( data, i, large_file_format);
5263 offset = get_lock_offset( data, i, large_file_format, &err);
5266 * There is no error code marked "stupid client bug".... :-).
5269 END_PROFILE(SMBlockingX);
5270 return ERROR_DOS(ERRDOS,ERRnoaccess);
5273 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
5274 "pid %u, file %s\n", (double)offset, (double)count,
5275 (unsigned int)lock_pid, fsp->fsp_name ));
5277 status = do_unlock(fsp,
5283 if (NT_STATUS_V(status)) {
5284 END_PROFILE(SMBlockingX);
5285 return ERROR_NT(status);
5289 /* Setup the timeout in seconds. */
5291 if (!lp_blocking_locks(SNUM(conn))) {
5295 /* Now do any requested locks */
5296 data += ((large_file_format ? 20 : 10)*num_ulocks);
5298 /* Data now points at the beginning of the list
5299 of smb_lkrng structs */
5301 for(i = 0; i < (int)num_locks; i++) {
5302 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
5303 READ_LOCK:WRITE_LOCK);
5304 lock_pid = get_lock_pid( data, i, large_file_format);
5305 count = get_lock_count( data, i, large_file_format);
5306 offset = get_lock_offset( data, i, large_file_format, &err);
5309 * There is no error code marked "stupid client bug".... :-).
5312 END_PROFILE(SMBlockingX);
5313 return ERROR_DOS(ERRDOS,ERRnoaccess);
5316 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
5317 "%u, file %s timeout = %d\n", (double)offset,
5318 (double)count, (unsigned int)lock_pid,
5319 fsp->fsp_name, (int)lock_timeout ));
5321 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
5322 if (lp_blocking_locks(SNUM(conn))) {
5324 /* Schedule a message to ourselves to
5325 remove the blocking lock record and
5326 return the right error. */
5328 if (!blocking_lock_cancel(fsp,
5334 NT_STATUS_FILE_LOCK_CONFLICT)) {
5335 END_PROFILE(SMBlockingX);
5336 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRcancelviolation));
5339 /* Remove a matching pending lock. */
5340 status = do_lock_cancel(fsp,
5346 BOOL blocking_lock = lock_timeout ? True : False;
5347 BOOL defer_lock = False;
5348 struct byte_range_lock *br_lck;
5350 br_lck = do_lock(fsp,
5359 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
5360 /* Windows internal resolution for blocking locks seems
5361 to be about 200ms... Don't wait for less than that. JRA. */
5362 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
5363 lock_timeout = lp_lock_spin_time();
5368 /* This heuristic seems to match W2K3 very well. If a
5369 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
5370 it pretends we asked for a timeout of between 150 - 300 milliseconds as
5371 far as I can tell. Replacement for do_lock_spin(). JRA. */
5373 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
5374 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
5376 lock_timeout = lp_lock_spin_time();
5379 if (br_lck && defer_lock) {
5381 * A blocking lock was requested. Package up
5382 * this smb into a queued request and push it
5383 * onto the blocking lock queue.
5385 if(push_blocking_lock_request(br_lck,
5395 TALLOC_FREE(br_lck);
5396 END_PROFILE(SMBlockingX);
5401 TALLOC_FREE(br_lck);
5404 if (NT_STATUS_V(status)) {
5405 END_PROFILE(SMBlockingX);
5406 return ERROR_NT(status);
5410 /* If any of the above locks failed, then we must unlock
5411 all of the previous locks (X/Open spec). */
5413 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
5417 * Ensure we don't do a remove on the lock that just failed,
5418 * as under POSIX rules, if we have a lock already there, we
5419 * will delete it (and we shouldn't) .....
5421 for(i--; i >= 0; i--) {
5422 lock_pid = get_lock_pid( data, i, large_file_format);
5423 count = get_lock_count( data, i, large_file_format);
5424 offset = get_lock_offset( data, i, large_file_format,
5428 * There is no error code marked "stupid client
5432 END_PROFILE(SMBlockingX);
5433 return ERROR_DOS(ERRDOS,ERRnoaccess);
5442 END_PROFILE(SMBlockingX);
5443 return ERROR_NT(status);
5446 set_message(outbuf,2,0,True);
5448 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
5449 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
5451 END_PROFILE(SMBlockingX);
5452 return chain_reply(inbuf,outbuf,length,bufsize);
5456 #define DBGC_CLASS DBGC_ALL
5458 /****************************************************************************
5459 Reply to a SMBreadbmpx (read block multiplex) request.
5460 ****************************************************************************/
5462 int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
5473 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5474 START_PROFILE(SMBreadBmpx);
5476 /* this function doesn't seem to work - disable by default */
5477 if (!lp_readbmpx()) {
5478 END_PROFILE(SMBreadBmpx);
5479 return ERROR_DOS(ERRSRV,ERRuseSTD);
5482 outsize = set_message(outbuf,8,0,True);
5484 CHECK_FSP(fsp,conn);
5485 if (!CHECK_READ(fsp,inbuf)) {
5486 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5489 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
5490 maxcount = SVAL(inbuf,smb_vwv3);
5492 data = smb_buf(outbuf);
5493 pad = ((long)data)%4;
5498 max_per_packet = bufsize-(outsize+pad);
5502 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
5503 END_PROFILE(SMBreadBmpx);
5504 return ERROR_DOS(ERRDOS,ERRlock);
5508 size_t N = MIN(max_per_packet,tcount-total_read);
5510 nread = read_file(fsp,data,startpos,N);
5515 if (nread < (ssize_t)N)
5516 tcount = total_read + nread;
5518 set_message(outbuf,8,nread+pad,False);
5519 SIVAL(outbuf,smb_vwv0,startpos);
5520 SSVAL(outbuf,smb_vwv2,tcount);
5521 SSVAL(outbuf,smb_vwv6,nread);
5522 SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
5525 if (!send_smb(smbd_server_fd(),outbuf))
5526 exit_server_cleanly("reply_readbmpx: send_smb failed.");
5528 total_read += nread;
5530 } while (total_read < (ssize_t)tcount);
5532 END_PROFILE(SMBreadBmpx);
5536 /****************************************************************************
5537 Reply to a SMBsetattrE.
5538 ****************************************************************************/
5540 int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5542 struct utimbuf unix_times;
5544 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5545 START_PROFILE(SMBsetattrE);
5547 outsize = set_message(outbuf,0,0,False);
5549 if(!fsp || (fsp->conn != conn)) {
5550 END_PROFILE(SMBsetattrE);
5551 return ERROR_DOS(ERRDOS,ERRbadfid);
5555 * Convert the DOS times into unix times. Ignore create
5556 * time as UNIX can't set this.
5559 unix_times.actime = srv_make_unix_date2(inbuf+smb_vwv3);
5560 unix_times.modtime = srv_make_unix_date2(inbuf+smb_vwv5);
5563 * Patch from Ray Frush <frush@engr.colostate.edu>
5564 * Sometimes times are sent as zero - ignore them.
5567 if (null_mtime(unix_times.actime) && null_mtime(unix_times.modtime)) {
5568 /* Ignore request */
5569 if( DEBUGLVL( 3 ) ) {
5570 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
5571 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
5573 END_PROFILE(SMBsetattrE);
5575 } else if (!null_mtime(unix_times.actime) && null_mtime(unix_times.modtime)) {
5576 /* set modify time = to access time if modify time was unset */
5577 unix_times.modtime = unix_times.actime;
5580 /* Set the date on this file */
5581 /* Should we set pending modtime here ? JRA */
5582 if(file_utime(conn, fsp->fsp_name, &unix_times)) {
5583 END_PROFILE(SMBsetattrE);
5584 return ERROR_DOS(ERRDOS,ERRnoaccess);
5587 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%d modtime=%d\n",
5588 fsp->fnum, (int)unix_times.actime, (int)unix_times.modtime ) );
5590 END_PROFILE(SMBsetattrE);
5595 /* Back from the dead for OS/2..... JRA. */
5597 /****************************************************************************
5598 Reply to a SMBwritebmpx (write block multiplex primary) request.
5599 ****************************************************************************/
5601 int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5604 ssize_t nwritten = -1;
5611 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5612 START_PROFILE(SMBwriteBmpx);
5614 CHECK_FSP(fsp,conn);
5615 if (!CHECK_WRITE(fsp)) {
5616 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5618 if (HAS_CACHED_ERROR(fsp)) {
5619 return(CACHED_ERROR(fsp));
5622 tcount = SVAL(inbuf,smb_vwv1);
5623 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
5624 write_through = BITSETW(inbuf+smb_vwv7,0);
5625 numtowrite = SVAL(inbuf,smb_vwv10);
5626 smb_doff = SVAL(inbuf,smb_vwv11);
5628 data = smb_base(inbuf) + smb_doff;
5630 /* If this fails we need to send an SMBwriteC response,
5631 not an SMBwritebmpx - set this up now so we don't forget */
5632 SCVAL(outbuf,smb_com,SMBwritec);
5634 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK)) {
5635 END_PROFILE(SMBwriteBmpx);
5636 return(ERROR_DOS(ERRDOS,ERRlock));
5639 nwritten = write_file(fsp,data,startpos,numtowrite);
5641 sync_file(conn, fsp, write_through);
5643 if(nwritten < (ssize_t)numtowrite) {
5644 END_PROFILE(SMBwriteBmpx);
5645 return(UNIXERROR(ERRHRD,ERRdiskfull));
5648 /* If the maximum to be written to this file
5649 is greater than what we just wrote then set
5650 up a secondary struct to be attached to this
5651 fd, we will use this to cache error messages etc. */
5653 if((ssize_t)tcount > nwritten) {
5654 write_bmpx_struct *wbms;
5655 if(fsp->wbmpx_ptr != NULL)
5656 wbms = fsp->wbmpx_ptr; /* Use an existing struct */
5658 wbms = SMB_MALLOC_P(write_bmpx_struct);
5660 DEBUG(0,("Out of memory in reply_readmpx\n"));
5661 END_PROFILE(SMBwriteBmpx);
5662 return(ERROR_DOS(ERRSRV,ERRnoresource));
5664 wbms->wr_mode = write_through;
5665 wbms->wr_discard = False; /* No errors yet */
5666 wbms->wr_total_written = nwritten;
5667 wbms->wr_errclass = 0;
5669 fsp->wbmpx_ptr = wbms;
5672 /* We are returning successfully, set the message type back to
5674 SCVAL(outbuf,smb_com,SMBwriteBmpx);
5676 outsize = set_message(outbuf,1,0,True);
5678 SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
5680 DEBUG( 3, ( "writebmpx fnum=%d num=%d wrote=%d\n",
5681 fsp->fnum, (int)numtowrite, (int)nwritten ) );
5683 if (write_through && tcount==nwritten) {
5684 /* We need to send both a primary and a secondary response */
5685 smb_setlen(outbuf,outsize - 4);
5687 if (!send_smb(smbd_server_fd(),outbuf))
5688 exit_server_cleanly("reply_writebmpx: send_smb failed.");
5690 /* Now the secondary */
5691 outsize = set_message(outbuf,1,0,True);
5692 SCVAL(outbuf,smb_com,SMBwritec);
5693 SSVAL(outbuf,smb_vwv0,nwritten);
5696 END_PROFILE(SMBwriteBmpx);
5700 /****************************************************************************
5701 Reply to a SMBwritebs (write block multiplex secondary) request.
5702 ****************************************************************************/
5704 int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5707 ssize_t nwritten = -1;
5714 write_bmpx_struct *wbms;
5715 BOOL send_response = False;
5716 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5717 START_PROFILE(SMBwriteBs);
5719 CHECK_FSP(fsp,conn);
5720 if (!CHECK_WRITE(fsp)) {
5721 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5724 tcount = SVAL(inbuf,smb_vwv1);
5725 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
5726 numtowrite = SVAL(inbuf,smb_vwv6);
5727 smb_doff = SVAL(inbuf,smb_vwv7);
5729 data = smb_base(inbuf) + smb_doff;
5731 /* We need to send an SMBwriteC response, not an SMBwritebs */
5732 SCVAL(outbuf,smb_com,SMBwritec);
5734 /* This fd should have an auxiliary struct attached,
5735 check that it does */
5736 wbms = fsp->wbmpx_ptr;
5738 END_PROFILE(SMBwriteBs);
5742 /* If write through is set we can return errors, else we must cache them */
5743 write_through = wbms->wr_mode;
5745 /* Check for an earlier error */
5746 if(wbms->wr_discard) {
5747 END_PROFILE(SMBwriteBs);
5748 return -1; /* Just discard the packet */
5751 nwritten = write_file(fsp,data,startpos,numtowrite);
5753 sync_file(conn, fsp, write_through);
5755 if (nwritten < (ssize_t)numtowrite) {
5757 /* We are returning an error - we can delete the aux struct */
5760 fsp->wbmpx_ptr = NULL;
5761 END_PROFILE(SMBwriteBs);
5762 return(ERROR_DOS(ERRHRD,ERRdiskfull));
5764 wbms->wr_errclass = ERRHRD;
5765 wbms->wr_error = ERRdiskfull;
5766 wbms->wr_status = NT_STATUS_DISK_FULL;
5767 wbms->wr_discard = True;
5768 END_PROFILE(SMBwriteBs);
5772 /* Increment the total written, if this matches tcount
5773 we can discard the auxiliary struct (hurrah !) and return a writeC */
5774 wbms->wr_total_written += nwritten;
5775 if(wbms->wr_total_written >= tcount) {
5776 if (write_through) {
5777 outsize = set_message(outbuf,1,0,True);
5778 SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);
5779 send_response = True;
5783 fsp->wbmpx_ptr = NULL;
5787 END_PROFILE(SMBwriteBs);
5791 END_PROFILE(SMBwriteBs);
5795 /****************************************************************************
5796 Reply to a SMBgetattrE.
5797 ****************************************************************************/
5799 int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5801 SMB_STRUCT_STAT sbuf;
5804 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5805 START_PROFILE(SMBgetattrE);
5807 outsize = set_message(outbuf,11,0,True);
5809 if(!fsp || (fsp->conn != conn)) {
5810 END_PROFILE(SMBgetattrE);
5811 return ERROR_DOS(ERRDOS,ERRbadfid);
5814 /* Do an fstat on this file */
5815 if(fsp_stat(fsp, &sbuf)) {
5816 END_PROFILE(SMBgetattrE);
5817 return(UNIXERROR(ERRDOS,ERRnoaccess));
5820 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
5823 * Convert the times into dos times. Set create
5824 * date to be last modify date as UNIX doesn't save
5828 srv_put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
5829 srv_put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
5830 /* Should we check pending modtime here ? JRA */
5831 srv_put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
5834 SIVAL(outbuf,smb_vwv6,0);
5835 SIVAL(outbuf,smb_vwv8,0);
5837 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
5838 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
5839 SIVAL(outbuf,smb_vwv8,allocation_size);
5841 SSVAL(outbuf,smb_vwv10, mode);
5843 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
5845 END_PROFILE(SMBgetattrE);