2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 #include "smbd/globals.h"
30 #include "fake_file.h"
31 #include "../librpc/gen_ndr/cli_spoolss.h"
32 #include "rpc_client/cli_spoolss.h"
33 #include "rpc_client/init_spoolss.h"
35 /****************************************************************************
36 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
37 path or anything including wildcards.
38 We're assuming here that '/' is not the second byte in any multibyte char
39 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
41 ****************************************************************************/
43 /* Custom version for processing POSIX paths. */
44 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
46 static NTSTATUS check_path_syntax_internal(char *path,
48 bool *p_last_component_contains_wcard)
52 NTSTATUS ret = NT_STATUS_OK;
53 bool start_of_name_component = True;
54 bool stream_started = false;
56 *p_last_component_contains_wcard = False;
63 return NT_STATUS_OBJECT_NAME_INVALID;
66 return NT_STATUS_OBJECT_NAME_INVALID;
68 if (strchr_m(&s[1], ':')) {
69 return NT_STATUS_OBJECT_NAME_INVALID;
75 if ((*s == ':') && !posix_path && !stream_started) {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
85 stream_started = true;
86 start_of_name_component = false;
90 return NT_STATUS_OBJECT_NAME_INVALID;
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
108 start_of_name_component = True;
110 *p_last_component_contains_wcard = False;
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
119 * No mb char starts with '.' so we're safe checking the directory separator here.
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
128 /* Are we at the start ? Can't go back further if so. */
130 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
133 /* Go back one level... */
134 /* We know this is safe as '/' cannot be part of a mb sequence. */
135 /* NOTE - if this assumption is invalid we are not in good shape... */
136 /* Decrement d first as d points to the *next* char to write into. */
137 for (d--; d > path; d--) {
141 s += 2; /* Else go past the .. */
142 /* We're still at the start of a name component, just the previous one. */
145 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
157 if (*s <= 0x1f || *s == '|') {
158 return NT_STATUS_OBJECT_NAME_INVALID;
166 *p_last_component_contains_wcard = True;
175 /* Get the size of the next MB character. */
176 next_codepoint(s,&siz);
194 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
196 return NT_STATUS_INVALID_PARAMETER;
199 start_of_name_component = False;
207 /****************************************************************************
208 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
209 No wildcards allowed.
210 ****************************************************************************/
212 NTSTATUS check_path_syntax(char *path)
215 return check_path_syntax_internal(path, False, &ignore);
218 /****************************************************************************
219 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
220 Wildcards allowed - p_contains_wcard returns true if the last component contained
222 ****************************************************************************/
224 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
226 return check_path_syntax_internal(path, False, p_contains_wcard);
229 /****************************************************************************
230 Check the path for a POSIX client.
231 We're assuming here that '/' is not the second byte in any multibyte char
232 set (a safe assumption).
233 ****************************************************************************/
235 NTSTATUS check_path_syntax_posix(char *path)
238 return check_path_syntax_internal(path, True, &ignore);
241 /****************************************************************************
242 Pull a string and check the path allowing a wilcard - provide for error return.
243 ****************************************************************************/
245 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
246 const char *base_ptr,
253 bool *contains_wcard)
259 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
263 *err = NT_STATUS_INVALID_PARAMETER;
267 *contains_wcard = False;
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(*pp_dest);
281 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
287 /****************************************************************************
288 Pull a string and check the path - provide for error return.
289 ****************************************************************************/
291 size_t srvstr_get_path(TALLOC_CTX *ctx,
292 const char *base_ptr,
301 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
302 src_len, flags, err, &ignore);
305 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
306 char **pp_dest, const char *src, int flags,
307 NTSTATUS *err, bool *contains_wcard)
309 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
310 pp_dest, src, smbreq_bufrem(req, src),
311 flags, err, contains_wcard);
314 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
315 char **pp_dest, const char *src, int flags,
319 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
320 flags, err, &ignore);
323 /****************************************************************************
324 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
325 ****************************************************************************/
327 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
330 if ((fsp == NULL) || (conn == NULL)) {
331 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
334 if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) {
335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
341 /****************************************************************************
342 Check if we have a correct fsp pointing to a file.
343 ****************************************************************************/
345 bool check_fsp(connection_struct *conn, struct smb_request *req,
348 if (!check_fsp_open(conn, req, fsp)) {
351 if (fsp->is_directory) {
352 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
355 if (fsp->fh->fd == -1) {
356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
359 fsp->num_smb_operations++;
363 /****************************************************************************
364 Check if we have a correct fsp pointing to a quota fake file. Replacement for
365 the CHECK_NTQUOTA_HANDLE_OK macro.
366 ****************************************************************************/
368 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
371 if (!check_fsp_open(conn, req, fsp)) {
375 if (fsp->is_directory) {
379 if (fsp->fake_file_handle == NULL) {
383 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
387 if (fsp->fake_file_handle->private_data == NULL) {
394 static bool netbios_session_retarget(struct smbd_server_connection *sconn,
395 const char *name, int name_type)
398 char *trim_name_type;
399 const char *retarget_parm;
402 int retarget_type = 0x20;
403 int retarget_port = 139;
404 struct sockaddr_storage retarget_addr;
405 struct sockaddr_in *in_addr;
409 if (get_socket_port(sconn->sock) != 139) {
413 trim_name = talloc_strdup(talloc_tos(), name);
414 if (trim_name == NULL) {
417 trim_char(trim_name, ' ', ' ');
419 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
421 if (trim_name_type == NULL) {
425 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
426 trim_name_type, NULL);
427 if (retarget_parm == NULL) {
428 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
431 if (retarget_parm == NULL) {
435 retarget = talloc_strdup(trim_name, retarget_parm);
436 if (retarget == NULL) {
440 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
442 p = strchr(retarget, ':');
445 retarget_port = atoi(p);
448 p = strchr_m(retarget, '#');
451 sscanf(p, "%x", &retarget_type);
454 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
456 DEBUG(10, ("could not resolve %s\n", retarget));
460 if (retarget_addr.ss_family != AF_INET) {
461 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
465 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
467 _smb_setlen(outbuf, 6);
468 SCVAL(outbuf, 0, 0x84);
469 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
470 *(uint16_t *)(outbuf+8) = htons(retarget_port);
472 if (!srv_send_smb(sconn, (char *)outbuf, false, 0, false,
474 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
480 TALLOC_FREE(trim_name);
484 /****************************************************************************
485 Reply to a (netbios-level) special message.
486 ****************************************************************************/
488 void reply_special(struct smbd_server_connection *sconn, char *inbuf)
490 int msg_type = CVAL(inbuf,0);
491 int msg_flags = CVAL(inbuf,1);
493 char name_type1, name_type2;
496 * We only really use 4 bytes of the outbuf, but for the smb_setlen
497 * calculation & friends (srv_send_smb uses that) we need the full smb
500 char outbuf[smb_size];
504 memset(outbuf, '\0', sizeof(outbuf));
506 smb_setlen(outbuf,0);
509 case 0x81: /* session request */
511 if (sconn->nbt.got_session) {
512 exit_server_cleanly("multiple session request not permitted");
515 SCVAL(outbuf,0,0x82);
517 if (name_len(inbuf+4) > 50 ||
518 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
519 DEBUG(0,("Invalid name length in session request\n"));
522 name_type1 = name_extract(inbuf,4,name1);
523 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
524 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
525 name1, name_type1, name2, name_type2));
527 if (netbios_session_retarget(sconn, name1, name_type1)) {
528 exit_server_cleanly("retargeted client");
532 * Windows NT/2k uses "*SMBSERVER" and XP uses
533 * "*SMBSERV" arrggg!!!
535 if (strequal(name1, "*SMBSERVER ")
536 || strequal(name1, "*SMBSERV ")) {
537 fstrcpy(name1, sconn->client_id.addr);
540 set_local_machine_name(name1, True);
541 set_remote_machine_name(name2, True);
543 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
544 get_local_machine_name(), get_remote_machine_name(),
547 if (name_type2 == 'R') {
548 /* We are being asked for a pathworks session ---
550 SCVAL(outbuf, 0,0x83);
554 /* only add the client's machine name to the list
555 of possibly valid usernames if we are operating
556 in share mode security */
557 if (lp_security() == SEC_SHARE) {
558 add_session_user(sconn, get_remote_machine_name());
561 reload_services(sconn->msg_ctx, sconn->sock, True);
564 sconn->nbt.got_session = true;
567 case 0x89: /* session keepalive request
568 (some old clients produce this?) */
569 SCVAL(outbuf,0,SMBkeepalive);
573 case 0x82: /* positive session response */
574 case 0x83: /* negative session response */
575 case 0x84: /* retarget session response */
576 DEBUG(0,("Unexpected session response\n"));
579 case SMBkeepalive: /* session keepalive */
584 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
585 msg_type, msg_flags));
587 srv_send_smb(sconn, outbuf, false, 0, false, NULL);
591 /****************************************************************************
593 conn POINTER CAN BE NULL HERE !
594 ****************************************************************************/
596 void reply_tcon(struct smb_request *req)
598 connection_struct *conn = req->conn;
600 char *service_buf = NULL;
601 char *password = NULL;
606 DATA_BLOB password_blob;
607 TALLOC_CTX *ctx = talloc_tos();
608 struct smbd_server_connection *sconn = req->sconn;
610 START_PROFILE(SMBtcon);
612 if (req->buflen < 4) {
613 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
614 END_PROFILE(SMBtcon);
618 p = (const char *)req->buf + 1;
619 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
621 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
623 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
626 if (service_buf == NULL || password == NULL || dev == NULL) {
627 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
628 END_PROFILE(SMBtcon);
631 p = strrchr_m(service_buf,'\\');
635 service = service_buf;
638 password_blob = data_blob(password, pwlen+1);
640 conn = make_connection(sconn,service,password_blob,dev,
641 req->vuid,&nt_status);
644 data_blob_clear_free(&password_blob);
647 reply_nterror(req, nt_status);
648 END_PROFILE(SMBtcon);
652 reply_outbuf(req, 2, 0);
653 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
654 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
655 SSVAL(req->outbuf,smb_tid,conn->cnum);
657 DEBUG(3,("tcon service=%s cnum=%d\n",
658 service, conn->cnum));
660 END_PROFILE(SMBtcon);
664 /****************************************************************************
665 Reply to a tcon and X.
666 conn POINTER CAN BE NULL HERE !
667 ****************************************************************************/
669 void reply_tcon_and_X(struct smb_request *req)
671 connection_struct *conn = req->conn;
672 const char *service = NULL;
674 TALLOC_CTX *ctx = talloc_tos();
675 /* what the cleint thinks the device is */
676 char *client_devicetype = NULL;
677 /* what the server tells the client the share represents */
678 const char *server_devicetype;
684 struct smbd_server_connection *sconn = req->sconn;
686 START_PROFILE(SMBtconX);
689 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
690 END_PROFILE(SMBtconX);
694 passlen = SVAL(req->vwv+3, 0);
695 tcon_flags = SVAL(req->vwv+2, 0);
697 /* we might have to close an old one */
698 if ((tcon_flags & 0x1) && conn) {
699 close_cnum(conn,req->vuid);
704 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
705 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
706 END_PROFILE(SMBtconX);
710 if (sconn->smb1.negprot.encrypted_passwords) {
711 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
712 if (lp_security() == SEC_SHARE) {
714 * Security = share always has a pad byte
715 * after the password.
717 p = (const char *)req->buf + passlen + 1;
719 p = (const char *)req->buf + passlen;
722 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
723 /* Ensure correct termination */
724 password.data[passlen]=0;
725 p = (const char *)req->buf + passlen + 1;
728 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
731 data_blob_clear_free(&password);
732 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
733 END_PROFILE(SMBtconX);
738 * the service name can be either: \\server\share
739 * or share directly like on the DELL PowerVault 705
742 q = strchr_m(path+2,'\\');
744 data_blob_clear_free(&password);
745 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
746 END_PROFILE(SMBtconX);
754 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
755 &client_devicetype, p,
756 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
758 if (client_devicetype == NULL) {
759 data_blob_clear_free(&password);
760 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
761 END_PROFILE(SMBtconX);
765 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
767 conn = make_connection(sconn, service, password, client_devicetype,
768 req->vuid, &nt_status);
771 data_blob_clear_free(&password);
774 reply_nterror(req, nt_status);
775 END_PROFILE(SMBtconX);
780 server_devicetype = "IPC";
781 else if ( IS_PRINT(conn) )
782 server_devicetype = "LPT1:";
784 server_devicetype = "A:";
786 if (get_Protocol() < PROTOCOL_NT1) {
787 reply_outbuf(req, 2, 0);
788 if (message_push_string(&req->outbuf, server_devicetype,
789 STR_TERMINATE|STR_ASCII) == -1) {
790 reply_nterror(req, NT_STATUS_NO_MEMORY);
791 END_PROFILE(SMBtconX);
795 /* NT sets the fstype of IPC$ to the null string */
796 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
798 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
799 /* Return permissions. */
803 reply_outbuf(req, 7, 0);
806 perm1 = FILE_ALL_ACCESS;
807 perm2 = FILE_ALL_ACCESS;
809 perm1 = CAN_WRITE(conn) ?
814 SIVAL(req->outbuf, smb_vwv3, perm1);
815 SIVAL(req->outbuf, smb_vwv5, perm2);
817 reply_outbuf(req, 3, 0);
820 if ((message_push_string(&req->outbuf, server_devicetype,
821 STR_TERMINATE|STR_ASCII) == -1)
822 || (message_push_string(&req->outbuf, fstype,
823 STR_TERMINATE) == -1)) {
824 reply_nterror(req, NT_STATUS_NO_MEMORY);
825 END_PROFILE(SMBtconX);
829 /* what does setting this bit do? It is set by NT4 and
830 may affect the ability to autorun mounted cdroms */
831 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
832 (lp_csc_policy(SNUM(conn)) << 2));
834 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
835 DEBUG(2,("Serving %s as a Dfs root\n",
836 lp_servicename(SNUM(conn)) ));
837 SSVAL(req->outbuf, smb_vwv2,
838 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
843 DEBUG(3,("tconX service=%s \n",
846 /* set the incoming and outgoing tid to the just created one */
847 SSVAL(req->inbuf,smb_tid,conn->cnum);
848 SSVAL(req->outbuf,smb_tid,conn->cnum);
850 END_PROFILE(SMBtconX);
852 req->tid = conn->cnum;
857 /****************************************************************************
858 Reply to an unknown type.
859 ****************************************************************************/
861 void reply_unknown_new(struct smb_request *req, uint8 type)
863 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
864 smb_fn_name(type), type, type));
865 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
869 /****************************************************************************
871 conn POINTER CAN BE NULL HERE !
872 ****************************************************************************/
874 void reply_ioctl(struct smb_request *req)
876 connection_struct *conn = req->conn;
883 START_PROFILE(SMBioctl);
886 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
887 END_PROFILE(SMBioctl);
891 device = SVAL(req->vwv+1, 0);
892 function = SVAL(req->vwv+2, 0);
893 ioctl_code = (device << 16) + function;
895 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
897 switch (ioctl_code) {
898 case IOCTL_QUERY_JOB_INFO:
902 reply_force_doserror(req, ERRSRV, ERRnosupport);
903 END_PROFILE(SMBioctl);
907 reply_outbuf(req, 8, replysize+1);
908 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
909 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
910 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
911 p = smb_buf(req->outbuf);
912 memset(p, '\0', replysize+1); /* valgrind-safe. */
913 p += 1; /* Allow for alignment */
915 switch (ioctl_code) {
916 case IOCTL_QUERY_JOB_INFO:
918 files_struct *fsp = file_fsp(
919 req, SVAL(req->vwv+0, 0));
921 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
922 END_PROFILE(SMBioctl);
926 if (fsp->print_file) {
927 SSVAL(p, 0, fsp->print_file->rap_jobid);
931 srvstr_push((char *)req->outbuf, req->flags2, p+2,
933 STR_TERMINATE|STR_ASCII);
935 srvstr_push((char *)req->outbuf, req->flags2,
936 p+18, lp_servicename(SNUM(conn)),
937 13, STR_TERMINATE|STR_ASCII);
945 END_PROFILE(SMBioctl);
949 /****************************************************************************
950 Strange checkpath NTSTATUS mapping.
951 ****************************************************************************/
953 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
955 /* Strange DOS error code semantics only for checkpath... */
956 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
957 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
958 /* We need to map to ERRbadpath */
959 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
965 /****************************************************************************
966 Reply to a checkpath.
967 ****************************************************************************/
969 void reply_checkpath(struct smb_request *req)
971 connection_struct *conn = req->conn;
972 struct smb_filename *smb_fname = NULL;
975 TALLOC_CTX *ctx = talloc_tos();
977 START_PROFILE(SMBcheckpath);
979 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
980 STR_TERMINATE, &status);
982 if (!NT_STATUS_IS_OK(status)) {
983 status = map_checkpath_error(req->flags2, status);
984 reply_nterror(req, status);
985 END_PROFILE(SMBcheckpath);
989 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
991 status = filename_convert(ctx,
993 req->flags2 & FLAGS2_DFS_PATHNAMES,
999 if (!NT_STATUS_IS_OK(status)) {
1000 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1001 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1002 ERRSRV, ERRbadpath);
1003 END_PROFILE(SMBcheckpath);
1009 if (!VALID_STAT(smb_fname->st) &&
1010 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1011 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1012 smb_fname_str_dbg(smb_fname), strerror(errno)));
1013 status = map_nt_error_from_unix(errno);
1017 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1018 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1019 ERRDOS, ERRbadpath);
1023 reply_outbuf(req, 0, 0);
1026 /* We special case this - as when a Windows machine
1027 is parsing a path is steps through the components
1028 one at a time - if a component fails it expects
1029 ERRbadpath, not ERRbadfile.
1031 status = map_checkpath_error(req->flags2, status);
1032 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1034 * Windows returns different error codes if
1035 * the parent directory is valid but not the
1036 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1037 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1038 * if the path is invalid.
1040 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1041 ERRDOS, ERRbadpath);
1045 reply_nterror(req, status);
1048 TALLOC_FREE(smb_fname);
1049 END_PROFILE(SMBcheckpath);
1053 /****************************************************************************
1055 ****************************************************************************/
1057 void reply_getatr(struct smb_request *req)
1059 connection_struct *conn = req->conn;
1060 struct smb_filename *smb_fname = NULL;
1067 TALLOC_CTX *ctx = talloc_tos();
1068 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1070 START_PROFILE(SMBgetatr);
1072 p = (const char *)req->buf + 1;
1073 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1074 if (!NT_STATUS_IS_OK(status)) {
1075 reply_nterror(req, status);
1079 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1080 under WfWg - weird! */
1081 if (*fname == '\0') {
1082 mode = aHIDDEN | aDIR;
1083 if (!CAN_WRITE(conn)) {
1089 status = filename_convert(ctx,
1091 req->flags2 & FLAGS2_DFS_PATHNAMES,
1096 if (!NT_STATUS_IS_OK(status)) {
1097 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1098 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1099 ERRSRV, ERRbadpath);
1102 reply_nterror(req, status);
1105 if (!VALID_STAT(smb_fname->st) &&
1106 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1107 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1108 smb_fname_str_dbg(smb_fname),
1110 reply_nterror(req, map_nt_error_from_unix(errno));
1114 mode = dos_mode(conn, smb_fname);
1115 size = smb_fname->st.st_ex_size;
1117 if (ask_sharemode) {
1118 struct timespec write_time_ts;
1119 struct file_id fileid;
1121 ZERO_STRUCT(write_time_ts);
1122 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1123 get_file_infos(fileid, NULL, &write_time_ts);
1124 if (!null_timespec(write_time_ts)) {
1125 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1129 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1135 reply_outbuf(req, 10, 0);
1137 SSVAL(req->outbuf,smb_vwv0,mode);
1138 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1139 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1141 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1143 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1145 if (get_Protocol() >= PROTOCOL_NT1) {
1146 SSVAL(req->outbuf, smb_flg2,
1147 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1150 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1151 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1154 TALLOC_FREE(smb_fname);
1156 END_PROFILE(SMBgetatr);
1160 /****************************************************************************
1162 ****************************************************************************/
1164 void reply_setatr(struct smb_request *req)
1166 struct smb_file_time ft;
1167 connection_struct *conn = req->conn;
1168 struct smb_filename *smb_fname = NULL;
1174 TALLOC_CTX *ctx = talloc_tos();
1176 START_PROFILE(SMBsetatr);
1181 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1185 p = (const char *)req->buf + 1;
1186 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1187 if (!NT_STATUS_IS_OK(status)) {
1188 reply_nterror(req, status);
1192 status = filename_convert(ctx,
1194 req->flags2 & FLAGS2_DFS_PATHNAMES,
1199 if (!NT_STATUS_IS_OK(status)) {
1200 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1201 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1202 ERRSRV, ERRbadpath);
1205 reply_nterror(req, status);
1209 if (smb_fname->base_name[0] == '.' &&
1210 smb_fname->base_name[1] == '\0') {
1212 * Not sure here is the right place to catch this
1213 * condition. Might be moved to somewhere else later -- vl
1215 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1219 mode = SVAL(req->vwv+0, 0);
1220 mtime = srv_make_unix_date3(req->vwv+1);
1222 ft.mtime = convert_time_t_to_timespec(mtime);
1223 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1224 if (!NT_STATUS_IS_OK(status)) {
1225 reply_nterror(req, status);
1229 if (mode != FILE_ATTRIBUTE_NORMAL) {
1230 if (VALID_STAT_OF_DIR(smb_fname->st))
1235 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1237 reply_nterror(req, map_nt_error_from_unix(errno));
1242 reply_outbuf(req, 0, 0);
1244 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1247 TALLOC_FREE(smb_fname);
1248 END_PROFILE(SMBsetatr);
1252 /****************************************************************************
1254 ****************************************************************************/
1256 void reply_dskattr(struct smb_request *req)
1258 connection_struct *conn = req->conn;
1259 uint64_t dfree,dsize,bsize;
1260 START_PROFILE(SMBdskattr);
1262 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1263 reply_nterror(req, map_nt_error_from_unix(errno));
1264 END_PROFILE(SMBdskattr);
1268 reply_outbuf(req, 5, 0);
1270 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1271 double total_space, free_space;
1272 /* we need to scale this to a number that DOS6 can handle. We
1273 use floating point so we can handle large drives on systems
1274 that don't have 64 bit integers
1276 we end up displaying a maximum of 2G to DOS systems
1278 total_space = dsize * (double)bsize;
1279 free_space = dfree * (double)bsize;
1281 dsize = (uint64_t)((total_space+63*512) / (64*512));
1282 dfree = (uint64_t)((free_space+63*512) / (64*512));
1284 if (dsize > 0xFFFF) dsize = 0xFFFF;
1285 if (dfree > 0xFFFF) dfree = 0xFFFF;
1287 SSVAL(req->outbuf,smb_vwv0,dsize);
1288 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1289 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1290 SSVAL(req->outbuf,smb_vwv3,dfree);
1292 SSVAL(req->outbuf,smb_vwv0,dsize);
1293 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1294 SSVAL(req->outbuf,smb_vwv2,512);
1295 SSVAL(req->outbuf,smb_vwv3,dfree);
1298 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1300 END_PROFILE(SMBdskattr);
1305 * Utility function to split the filename from the directory.
1307 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1308 char **fname_dir_out,
1309 char **fname_mask_out)
1311 const char *p = NULL;
1312 char *fname_dir = NULL;
1313 char *fname_mask = NULL;
1315 p = strrchr_m(fname_in, '/');
1317 fname_dir = talloc_strdup(ctx, ".");
1318 fname_mask = talloc_strdup(ctx, fname_in);
1320 fname_dir = talloc_strndup(ctx, fname_in,
1321 PTR_DIFF(p, fname_in));
1322 fname_mask = talloc_strdup(ctx, p+1);
1325 if (!fname_dir || !fname_mask) {
1326 TALLOC_FREE(fname_dir);
1327 TALLOC_FREE(fname_mask);
1328 return NT_STATUS_NO_MEMORY;
1331 *fname_dir_out = fname_dir;
1332 *fname_mask_out = fname_mask;
1333 return NT_STATUS_OK;
1336 /****************************************************************************
1338 Can be called from SMBsearch, SMBffirst or SMBfunique.
1339 ****************************************************************************/
1341 void reply_search(struct smb_request *req)
1343 connection_struct *conn = req->conn;
1345 const char *mask = NULL;
1346 char *directory = NULL;
1347 struct smb_filename *smb_fname = NULL;
1351 struct timespec date;
1353 unsigned int numentries = 0;
1354 unsigned int maxentries = 0;
1355 bool finished = False;
1360 bool check_descend = False;
1361 bool expect_close = False;
1363 bool mask_contains_wcard = False;
1364 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1365 TALLOC_CTX *ctx = talloc_tos();
1366 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1367 struct dptr_struct *dirptr = NULL;
1368 struct smbd_server_connection *sconn = req->sconn;
1370 START_PROFILE(SMBsearch);
1373 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1377 if (lp_posix_pathnames()) {
1378 reply_unknown_new(req, req->cmd);
1382 /* If we were called as SMBffirst then we must expect close. */
1383 if(req->cmd == SMBffirst) {
1384 expect_close = True;
1387 reply_outbuf(req, 1, 3);
1388 maxentries = SVAL(req->vwv+0, 0);
1389 dirtype = SVAL(req->vwv+1, 0);
1390 p = (const char *)req->buf + 1;
1391 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1392 &nt_status, &mask_contains_wcard);
1393 if (!NT_STATUS_IS_OK(nt_status)) {
1394 reply_nterror(req, nt_status);
1399 status_len = SVAL(p, 0);
1402 /* dirtype &= ~aDIR; */
1404 if (status_len == 0) {
1405 nt_status = filename_convert(ctx, conn,
1406 req->flags2 & FLAGS2_DFS_PATHNAMES,
1408 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1409 &mask_contains_wcard,
1411 if (!NT_STATUS_IS_OK(nt_status)) {
1412 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1413 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1414 ERRSRV, ERRbadpath);
1417 reply_nterror(req, nt_status);
1421 directory = smb_fname->base_name;
1423 p = strrchr_m(directory,'/');
1424 if ((p != NULL) && (*directory != '/')) {
1426 directory = talloc_strndup(ctx, directory,
1427 PTR_DIFF(p, directory));
1430 directory = talloc_strdup(ctx,".");
1434 reply_nterror(req, NT_STATUS_NO_MEMORY);
1438 memset((char *)status,'\0',21);
1439 SCVAL(status,0,(dirtype & 0x1F));
1441 nt_status = dptr_create(conn,
1447 mask_contains_wcard,
1450 if (!NT_STATUS_IS_OK(nt_status)) {
1451 reply_nterror(req, nt_status);
1454 dptr_num = dptr_dnum(dirptr);
1457 const char *dirpath;
1459 memcpy(status,p,21);
1460 status_dirtype = CVAL(status,0) & 0x1F;
1461 if (status_dirtype != (dirtype & 0x1F)) {
1462 dirtype = status_dirtype;
1465 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1469 dirpath = dptr_path(sconn, dptr_num);
1470 directory = talloc_strdup(ctx, dirpath);
1472 reply_nterror(req, NT_STATUS_NO_MEMORY);
1476 mask = dptr_wcard(sconn, dptr_num);
1481 * For a 'continue' search we have no string. So
1482 * check from the initial saved string.
1484 mask_contains_wcard = ms_has_wild(mask);
1485 dirtype = dptr_attr(sconn, dptr_num);
1488 DEBUG(4,("dptr_num is %d\n",dptr_num));
1490 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1491 dptr_init_search_op(dirptr);
1493 if ((dirtype&0x1F) == aVOLID) {
1494 char buf[DIR_STRUCT_SIZE];
1495 memcpy(buf,status,21);
1496 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1497 0,aVOLID,0,!allow_long_path_components)) {
1498 reply_nterror(req, NT_STATUS_NO_MEMORY);
1501 dptr_fill(sconn, buf+12,dptr_num);
1502 if (dptr_zero(buf+12) && (status_len==0)) {
1507 if (message_push_blob(&req->outbuf,
1508 data_blob_const(buf, sizeof(buf)))
1510 reply_nterror(req, NT_STATUS_NO_MEMORY);
1518 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1521 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1522 directory,lp_dontdescend(SNUM(conn))));
1523 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1524 check_descend = True;
1527 for (i=numentries;(i<maxentries) && !finished;i++) {
1528 finished = !get_dir_entry(ctx,
1539 char buf[DIR_STRUCT_SIZE];
1540 memcpy(buf,status,21);
1541 if (!make_dir_struct(ctx,
1547 convert_timespec_to_time_t(date),
1548 !allow_long_path_components)) {
1549 reply_nterror(req, NT_STATUS_NO_MEMORY);
1552 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1555 if (message_push_blob(&req->outbuf,
1556 data_blob_const(buf, sizeof(buf)))
1558 reply_nterror(req, NT_STATUS_NO_MEMORY);
1568 /* If we were called as SMBffirst with smb_search_id == NULL
1569 and no entries were found then return error and close dirptr
1572 if (numentries == 0) {
1573 dptr_close(sconn, &dptr_num);
1574 } else if(expect_close && status_len == 0) {
1575 /* Close the dptr - we know it's gone */
1576 dptr_close(sconn, &dptr_num);
1579 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1580 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1581 dptr_close(sconn, &dptr_num);
1584 if ((numentries == 0) && !mask_contains_wcard) {
1585 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1589 SSVAL(req->outbuf,smb_vwv0,numentries);
1590 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1591 SCVAL(smb_buf(req->outbuf),0,5);
1592 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1594 /* The replies here are never long name. */
1595 SSVAL(req->outbuf, smb_flg2,
1596 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1597 if (!allow_long_path_components) {
1598 SSVAL(req->outbuf, smb_flg2,
1599 SVAL(req->outbuf, smb_flg2)
1600 & (~FLAGS2_LONG_PATH_COMPONENTS));
1603 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1604 SSVAL(req->outbuf, smb_flg2,
1605 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1607 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1608 smb_fn_name(req->cmd),
1615 TALLOC_FREE(directory);
1616 TALLOC_FREE(smb_fname);
1617 END_PROFILE(SMBsearch);
1621 /****************************************************************************
1622 Reply to a fclose (stop directory search).
1623 ****************************************************************************/
1625 void reply_fclose(struct smb_request *req)
1633 bool path_contains_wcard = False;
1634 TALLOC_CTX *ctx = talloc_tos();
1635 struct smbd_server_connection *sconn = req->sconn;
1637 START_PROFILE(SMBfclose);
1639 if (lp_posix_pathnames()) {
1640 reply_unknown_new(req, req->cmd);
1641 END_PROFILE(SMBfclose);
1645 p = (const char *)req->buf + 1;
1646 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1647 &err, &path_contains_wcard);
1648 if (!NT_STATUS_IS_OK(err)) {
1649 reply_nterror(req, err);
1650 END_PROFILE(SMBfclose);
1654 status_len = SVAL(p,0);
1657 if (status_len == 0) {
1658 reply_force_doserror(req, ERRSRV, ERRsrverror);
1659 END_PROFILE(SMBfclose);
1663 memcpy(status,p,21);
1665 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1666 /* Close the dptr - we know it's gone */
1667 dptr_close(sconn, &dptr_num);
1670 reply_outbuf(req, 1, 0);
1671 SSVAL(req->outbuf,smb_vwv0,0);
1673 DEBUG(3,("search close\n"));
1675 END_PROFILE(SMBfclose);
1679 /****************************************************************************
1681 ****************************************************************************/
1683 void reply_open(struct smb_request *req)
1685 connection_struct *conn = req->conn;
1686 struct smb_filename *smb_fname = NULL;
1698 uint32 create_disposition;
1699 uint32 create_options = 0;
1700 uint32_t private_flags = 0;
1702 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1703 TALLOC_CTX *ctx = talloc_tos();
1705 START_PROFILE(SMBopen);
1708 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1712 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1713 deny_mode = SVAL(req->vwv+0, 0);
1714 dos_attr = SVAL(req->vwv+1, 0);
1716 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1717 STR_TERMINATE, &status);
1718 if (!NT_STATUS_IS_OK(status)) {
1719 reply_nterror(req, status);
1723 status = filename_convert(ctx,
1725 req->flags2 & FLAGS2_DFS_PATHNAMES,
1730 if (!NT_STATUS_IS_OK(status)) {
1731 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1732 reply_botherror(req,
1733 NT_STATUS_PATH_NOT_COVERED,
1734 ERRSRV, ERRbadpath);
1737 reply_nterror(req, status);
1741 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1742 OPENX_FILE_EXISTS_OPEN, &access_mask,
1743 &share_mode, &create_disposition,
1744 &create_options, &private_flags)) {
1745 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1749 status = SMB_VFS_CREATE_FILE(
1752 0, /* root_dir_fid */
1753 smb_fname, /* fname */
1754 access_mask, /* access_mask */
1755 share_mode, /* share_access */
1756 create_disposition, /* create_disposition*/
1757 create_options, /* create_options */
1758 dos_attr, /* file_attributes */
1759 oplock_request, /* oplock_request */
1760 0, /* allocation_size */
1767 if (!NT_STATUS_IS_OK(status)) {
1768 if (open_was_deferred(req->mid)) {
1769 /* We have re-scheduled this call. */
1772 reply_openerror(req, status);
1776 size = smb_fname->st.st_ex_size;
1777 fattr = dos_mode(conn, smb_fname);
1779 /* Deal with other possible opens having a modified
1781 if (ask_sharemode) {
1782 struct timespec write_time_ts;
1784 ZERO_STRUCT(write_time_ts);
1785 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1786 if (!null_timespec(write_time_ts)) {
1787 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1791 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1794 DEBUG(3,("attempt to open a directory %s\n",
1796 close_file(req, fsp, ERROR_CLOSE);
1797 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1798 ERRDOS, ERRnoaccess);
1802 reply_outbuf(req, 7, 0);
1803 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1804 SSVAL(req->outbuf,smb_vwv1,fattr);
1805 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1806 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1808 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1810 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1811 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1813 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1814 SCVAL(req->outbuf,smb_flg,
1815 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1818 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1819 SCVAL(req->outbuf,smb_flg,
1820 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1823 TALLOC_FREE(smb_fname);
1824 END_PROFILE(SMBopen);
1828 /****************************************************************************
1829 Reply to an open and X.
1830 ****************************************************************************/
1832 void reply_open_and_X(struct smb_request *req)
1834 connection_struct *conn = req->conn;
1835 struct smb_filename *smb_fname = NULL;
1840 /* Breakout the oplock request bits so we can set the
1841 reply bits separately. */
1842 int ex_oplock_request;
1843 int core_oplock_request;
1846 int smb_sattr = SVAL(req->vwv+4, 0);
1847 uint32 smb_time = make_unix_date3(req->vwv+6);
1855 uint64_t allocation_size;
1856 ssize_t retval = -1;
1859 uint32 create_disposition;
1860 uint32 create_options = 0;
1861 uint32_t private_flags = 0;
1862 TALLOC_CTX *ctx = talloc_tos();
1864 START_PROFILE(SMBopenX);
1866 if (req->wct < 15) {
1867 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1871 open_flags = SVAL(req->vwv+2, 0);
1872 deny_mode = SVAL(req->vwv+3, 0);
1873 smb_attr = SVAL(req->vwv+5, 0);
1874 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1875 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1876 oplock_request = ex_oplock_request | core_oplock_request;
1877 smb_ofun = SVAL(req->vwv+8, 0);
1878 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1880 /* If it's an IPC, pass off the pipe handler. */
1882 if (lp_nt_pipe_support()) {
1883 reply_open_pipe_and_X(conn, req);
1885 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1890 /* XXXX we need to handle passed times, sattr and flags */
1891 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1892 STR_TERMINATE, &status);
1893 if (!NT_STATUS_IS_OK(status)) {
1894 reply_nterror(req, status);
1898 status = filename_convert(ctx,
1900 req->flags2 & FLAGS2_DFS_PATHNAMES,
1905 if (!NT_STATUS_IS_OK(status)) {
1906 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1907 reply_botherror(req,
1908 NT_STATUS_PATH_NOT_COVERED,
1909 ERRSRV, ERRbadpath);
1912 reply_nterror(req, status);
1916 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1917 &access_mask, &share_mode,
1918 &create_disposition,
1921 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1925 status = SMB_VFS_CREATE_FILE(
1928 0, /* root_dir_fid */
1929 smb_fname, /* fname */
1930 access_mask, /* access_mask */
1931 share_mode, /* share_access */
1932 create_disposition, /* create_disposition*/
1933 create_options, /* create_options */
1934 smb_attr, /* file_attributes */
1935 oplock_request, /* oplock_request */
1936 0, /* allocation_size */
1941 &smb_action); /* pinfo */
1943 if (!NT_STATUS_IS_OK(status)) {
1944 if (open_was_deferred(req->mid)) {
1945 /* We have re-scheduled this call. */
1948 reply_openerror(req, status);
1952 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1953 if the file is truncated or created. */
1954 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1955 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1956 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1957 close_file(req, fsp, ERROR_CLOSE);
1958 reply_nterror(req, NT_STATUS_DISK_FULL);
1961 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1963 close_file(req, fsp, ERROR_CLOSE);
1964 reply_nterror(req, NT_STATUS_DISK_FULL);
1967 smb_fname->st.st_ex_size =
1968 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1971 fattr = dos_mode(conn, smb_fname);
1972 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1974 close_file(req, fsp, ERROR_CLOSE);
1975 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1979 /* If the caller set the extended oplock request bit
1980 and we granted one (by whatever means) - set the
1981 correct bit for extended oplock reply.
1984 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1985 smb_action |= EXTENDED_OPLOCK_GRANTED;
1988 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1989 smb_action |= EXTENDED_OPLOCK_GRANTED;
1992 /* If the caller set the core oplock request bit
1993 and we granted one (by whatever means) - set the
1994 correct bit for core oplock reply.
1997 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1998 reply_outbuf(req, 19, 0);
2000 reply_outbuf(req, 15, 0);
2003 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2004 SCVAL(req->outbuf, smb_flg,
2005 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2008 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2009 SCVAL(req->outbuf, smb_flg,
2010 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2013 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2014 SSVAL(req->outbuf,smb_vwv3,fattr);
2015 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2016 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2018 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2020 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2021 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2022 SSVAL(req->outbuf,smb_vwv11,smb_action);
2024 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2025 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2030 TALLOC_FREE(smb_fname);
2031 END_PROFILE(SMBopenX);
2035 /****************************************************************************
2036 Reply to a SMBulogoffX.
2037 ****************************************************************************/
2039 void reply_ulogoffX(struct smb_request *req)
2041 struct smbd_server_connection *sconn = req->sconn;
2044 START_PROFILE(SMBulogoffX);
2046 vuser = get_valid_user_struct(sconn, req->vuid);
2049 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2053 /* in user level security we are supposed to close any files
2054 open by this user */
2055 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2056 file_close_user(req->vuid);
2059 invalidate_vuid(sconn, req->vuid);
2061 reply_outbuf(req, 2, 0);
2063 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2065 END_PROFILE(SMBulogoffX);
2066 req->vuid = UID_FIELD_INVALID;
2070 /****************************************************************************
2071 Reply to a mknew or a create.
2072 ****************************************************************************/
2074 void reply_mknew(struct smb_request *req)
2076 connection_struct *conn = req->conn;
2077 struct smb_filename *smb_fname = NULL;
2080 struct smb_file_time ft;
2082 int oplock_request = 0;
2084 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2085 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2086 uint32 create_disposition;
2087 uint32 create_options = 0;
2088 TALLOC_CTX *ctx = talloc_tos();
2090 START_PROFILE(SMBcreate);
2094 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2098 fattr = SVAL(req->vwv+0, 0);
2099 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2102 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2104 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2105 STR_TERMINATE, &status);
2106 if (!NT_STATUS_IS_OK(status)) {
2107 reply_nterror(req, status);
2111 status = filename_convert(ctx,
2113 req->flags2 & FLAGS2_DFS_PATHNAMES,
2118 if (!NT_STATUS_IS_OK(status)) {
2119 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2120 reply_botherror(req,
2121 NT_STATUS_PATH_NOT_COVERED,
2122 ERRSRV, ERRbadpath);
2125 reply_nterror(req, status);
2129 if (fattr & aVOLID) {
2130 DEBUG(0,("Attempt to create file (%s) with volid set - "
2131 "please report this\n",
2132 smb_fname_str_dbg(smb_fname)));
2135 if(req->cmd == SMBmknew) {
2136 /* We should fail if file exists. */
2137 create_disposition = FILE_CREATE;
2139 /* Create if file doesn't exist, truncate if it does. */
2140 create_disposition = FILE_OVERWRITE_IF;
2143 status = SMB_VFS_CREATE_FILE(
2146 0, /* root_dir_fid */
2147 smb_fname, /* fname */
2148 access_mask, /* access_mask */
2149 share_mode, /* share_access */
2150 create_disposition, /* create_disposition*/
2151 create_options, /* create_options */
2152 fattr, /* file_attributes */
2153 oplock_request, /* oplock_request */
2154 0, /* allocation_size */
2155 0, /* private_flags */
2161 if (!NT_STATUS_IS_OK(status)) {
2162 if (open_was_deferred(req->mid)) {
2163 /* We have re-scheduled this call. */
2166 reply_openerror(req, status);
2170 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2171 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2172 if (!NT_STATUS_IS_OK(status)) {
2173 END_PROFILE(SMBcreate);
2177 reply_outbuf(req, 1, 0);
2178 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2180 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2181 SCVAL(req->outbuf,smb_flg,
2182 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2185 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2186 SCVAL(req->outbuf,smb_flg,
2187 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2190 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2191 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2192 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2193 (unsigned int)fattr));
2196 TALLOC_FREE(smb_fname);
2197 END_PROFILE(SMBcreate);
2201 /****************************************************************************
2202 Reply to a create temporary file.
2203 ****************************************************************************/
2205 void reply_ctemp(struct smb_request *req)
2207 connection_struct *conn = req->conn;
2208 struct smb_filename *smb_fname = NULL;
2216 TALLOC_CTX *ctx = talloc_tos();
2218 START_PROFILE(SMBctemp);
2221 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2225 fattr = SVAL(req->vwv+0, 0);
2226 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2228 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2229 STR_TERMINATE, &status);
2230 if (!NT_STATUS_IS_OK(status)) {
2231 reply_nterror(req, status);
2235 fname = talloc_asprintf(ctx,
2239 fname = talloc_strdup(ctx, "TMXXXXXX");
2243 reply_nterror(req, NT_STATUS_NO_MEMORY);
2247 status = filename_convert(ctx, conn,
2248 req->flags2 & FLAGS2_DFS_PATHNAMES,
2253 if (!NT_STATUS_IS_OK(status)) {
2254 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2255 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2256 ERRSRV, ERRbadpath);
2259 reply_nterror(req, status);
2263 tmpfd = mkstemp(smb_fname->base_name);
2265 reply_nterror(req, map_nt_error_from_unix(errno));
2269 SMB_VFS_STAT(conn, smb_fname);
2271 /* We should fail if file does not exist. */
2272 status = SMB_VFS_CREATE_FILE(
2275 0, /* root_dir_fid */
2276 smb_fname, /* fname */
2277 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2278 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2279 FILE_OPEN, /* create_disposition*/
2280 0, /* create_options */
2281 fattr, /* file_attributes */
2282 oplock_request, /* oplock_request */
2283 0, /* allocation_size */
2284 0, /* private_flags */
2290 /* close fd from mkstemp() */
2293 if (!NT_STATUS_IS_OK(status)) {
2294 if (open_was_deferred(req->mid)) {
2295 /* We have re-scheduled this call. */
2298 reply_openerror(req, status);
2302 reply_outbuf(req, 1, 0);
2303 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2305 /* the returned filename is relative to the directory */
2306 s = strrchr_m(fsp->fsp_name->base_name, '/');
2308 s = fsp->fsp_name->base_name;
2314 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2315 thing in the byte section. JRA */
2316 SSVALS(p, 0, -1); /* what is this? not in spec */
2318 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2320 reply_nterror(req, NT_STATUS_NO_MEMORY);
2324 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2325 SCVAL(req->outbuf, smb_flg,
2326 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2329 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2330 SCVAL(req->outbuf, smb_flg,
2331 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2334 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2335 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2336 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2338 TALLOC_FREE(smb_fname);
2339 END_PROFILE(SMBctemp);
2343 /*******************************************************************
2344 Check if a user is allowed to rename a file.
2345 ********************************************************************/
2347 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2352 if (!CAN_WRITE(conn)) {
2353 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2356 fmode = dos_mode(conn, fsp->fsp_name);
2357 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2358 return NT_STATUS_NO_SUCH_FILE;
2361 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2362 if (fsp->posix_open) {
2363 return NT_STATUS_OK;
2366 /* If no pathnames are open below this
2367 directory, allow the rename. */
2369 if (file_find_subpath(fsp)) {
2370 return NT_STATUS_ACCESS_DENIED;
2372 return NT_STATUS_OK;
2375 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2376 return NT_STATUS_OK;
2379 return NT_STATUS_ACCESS_DENIED;
2382 /*******************************************************************
2383 * unlink a file with all relevant access checks
2384 *******************************************************************/
2386 static NTSTATUS do_unlink(connection_struct *conn,
2387 struct smb_request *req,
2388 struct smb_filename *smb_fname,
2393 uint32 dirtype_orig = dirtype;
2396 bool posix_paths = lp_posix_pathnames();
2398 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2399 smb_fname_str_dbg(smb_fname),
2402 if (!CAN_WRITE(conn)) {
2403 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2407 ret = SMB_VFS_LSTAT(conn, smb_fname);
2409 ret = SMB_VFS_STAT(conn, smb_fname);
2412 return map_nt_error_from_unix(errno);
2415 fattr = dos_mode(conn, smb_fname);
2417 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2418 dirtype = aDIR|aARCH|aRONLY;
2421 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2423 return NT_STATUS_NO_SUCH_FILE;
2426 if (!dir_check_ftype(conn, fattr, dirtype)) {
2428 return NT_STATUS_FILE_IS_A_DIRECTORY;
2430 return NT_STATUS_NO_SUCH_FILE;
2433 if (dirtype_orig & 0x8000) {
2434 /* These will never be set for POSIX. */
2435 return NT_STATUS_NO_SUCH_FILE;
2439 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2440 return NT_STATUS_FILE_IS_A_DIRECTORY;
2443 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2444 return NT_STATUS_NO_SUCH_FILE;
2447 if (dirtype & 0xFF00) {
2448 /* These will never be set for POSIX. */
2449 return NT_STATUS_NO_SUCH_FILE;
2454 return NT_STATUS_NO_SUCH_FILE;
2457 /* Can't delete a directory. */
2459 return NT_STATUS_FILE_IS_A_DIRECTORY;
2464 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2465 return NT_STATUS_OBJECT_NAME_INVALID;
2466 #endif /* JRATEST */
2468 /* On open checks the open itself will check the share mode, so
2469 don't do it here as we'll get it wrong. */
2471 status = SMB_VFS_CREATE_FILE
2474 0, /* root_dir_fid */
2475 smb_fname, /* fname */
2476 DELETE_ACCESS, /* access_mask */
2477 FILE_SHARE_NONE, /* share_access */
2478 FILE_OPEN, /* create_disposition*/
2479 FILE_NON_DIRECTORY_FILE, /* create_options */
2480 /* file_attributes */
2481 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2482 FILE_ATTRIBUTE_NORMAL,
2483 0, /* oplock_request */
2484 0, /* allocation_size */
2485 0, /* private_flags */
2491 if (!NT_STATUS_IS_OK(status)) {
2492 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2493 nt_errstr(status)));
2497 status = can_set_delete_on_close(fsp, fattr);
2498 if (!NT_STATUS_IS_OK(status)) {
2499 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2501 smb_fname_str_dbg(smb_fname),
2502 nt_errstr(status)));
2503 close_file(req, fsp, NORMAL_CLOSE);
2507 /* The set is across all open files on this dev/inode pair. */
2508 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2509 close_file(req, fsp, NORMAL_CLOSE);
2510 return NT_STATUS_ACCESS_DENIED;
2513 return close_file(req, fsp, NORMAL_CLOSE);
2516 /****************************************************************************
2517 The guts of the unlink command, split out so it may be called by the NT SMB
2519 ****************************************************************************/
2521 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2522 uint32 dirtype, struct smb_filename *smb_fname,
2525 char *fname_dir = NULL;
2526 char *fname_mask = NULL;
2528 NTSTATUS status = NT_STATUS_OK;
2529 TALLOC_CTX *ctx = talloc_tos();
2531 /* Split up the directory from the filename/mask. */
2532 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2533 &fname_dir, &fname_mask);
2534 if (!NT_STATUS_IS_OK(status)) {
2539 * We should only check the mangled cache
2540 * here if unix_convert failed. This means
2541 * that the path in 'mask' doesn't exist
2542 * on the file system and so we need to look
2543 * for a possible mangle. This patch from
2544 * Tine Smukavec <valentin.smukavec@hermes.si>.
2547 if (!VALID_STAT(smb_fname->st) &&
2548 mangle_is_mangled(fname_mask, conn->params)) {
2549 char *new_mask = NULL;
2550 mangle_lookup_name_from_8_3(ctx, fname_mask,
2551 &new_mask, conn->params);
2553 TALLOC_FREE(fname_mask);
2554 fname_mask = new_mask;
2561 * Only one file needs to be unlinked. Append the mask back
2562 * onto the directory.
2564 TALLOC_FREE(smb_fname->base_name);
2565 smb_fname->base_name = talloc_asprintf(smb_fname,
2569 if (!smb_fname->base_name) {
2570 status = NT_STATUS_NO_MEMORY;
2574 dirtype = FILE_ATTRIBUTE_NORMAL;
2577 status = check_name(conn, smb_fname->base_name);
2578 if (!NT_STATUS_IS_OK(status)) {
2582 status = do_unlink(conn, req, smb_fname, dirtype);
2583 if (!NT_STATUS_IS_OK(status)) {
2589 struct smb_Dir *dir_hnd = NULL;
2591 const char *dname = NULL;
2592 char *talloced = NULL;
2594 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2595 status = NT_STATUS_OBJECT_NAME_INVALID;
2599 if (strequal(fname_mask,"????????.???")) {
2600 TALLOC_FREE(fname_mask);
2601 fname_mask = talloc_strdup(ctx, "*");
2603 status = NT_STATUS_NO_MEMORY;
2608 status = check_name(conn, fname_dir);
2609 if (!NT_STATUS_IS_OK(status)) {
2613 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2615 if (dir_hnd == NULL) {
2616 status = map_nt_error_from_unix(errno);
2620 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2621 the pattern matches against the long name, otherwise the short name
2622 We don't implement this yet XXXX
2625 status = NT_STATUS_NO_SUCH_FILE;
2627 while ((dname = ReadDirName(dir_hnd, &offset,
2628 &smb_fname->st, &talloced))) {
2629 TALLOC_CTX *frame = talloc_stackframe();
2631 if (!is_visible_file(conn, fname_dir, dname,
2632 &smb_fname->st, true)) {
2634 TALLOC_FREE(talloced);
2638 /* Quick check for "." and ".." */
2639 if (ISDOT(dname) || ISDOTDOT(dname)) {
2641 TALLOC_FREE(talloced);
2645 if(!mask_match(dname, fname_mask,
2646 conn->case_sensitive)) {
2648 TALLOC_FREE(talloced);
2652 TALLOC_FREE(smb_fname->base_name);
2653 smb_fname->base_name =
2654 talloc_asprintf(smb_fname, "%s/%s",
2657 if (!smb_fname->base_name) {
2658 TALLOC_FREE(dir_hnd);
2659 status = NT_STATUS_NO_MEMORY;
2661 TALLOC_FREE(talloced);
2665 status = check_name(conn, smb_fname->base_name);
2666 if (!NT_STATUS_IS_OK(status)) {
2667 TALLOC_FREE(dir_hnd);
2669 TALLOC_FREE(talloced);
2673 status = do_unlink(conn, req, smb_fname, dirtype);
2674 if (!NT_STATUS_IS_OK(status)) {
2676 TALLOC_FREE(talloced);
2681 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2682 smb_fname->base_name));
2685 TALLOC_FREE(talloced);
2687 TALLOC_FREE(dir_hnd);
2690 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2691 status = map_nt_error_from_unix(errno);
2695 TALLOC_FREE(fname_dir);
2696 TALLOC_FREE(fname_mask);
2700 /****************************************************************************
2702 ****************************************************************************/
2704 void reply_unlink(struct smb_request *req)
2706 connection_struct *conn = req->conn;
2708 struct smb_filename *smb_fname = NULL;
2711 bool path_contains_wcard = False;
2712 TALLOC_CTX *ctx = talloc_tos();
2714 START_PROFILE(SMBunlink);
2717 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2721 dirtype = SVAL(req->vwv+0, 0);
2723 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2724 STR_TERMINATE, &status,
2725 &path_contains_wcard);
2726 if (!NT_STATUS_IS_OK(status)) {
2727 reply_nterror(req, status);
2731 status = filename_convert(ctx, conn,
2732 req->flags2 & FLAGS2_DFS_PATHNAMES,
2734 UCF_COND_ALLOW_WCARD_LCOMP,
2735 &path_contains_wcard,
2737 if (!NT_STATUS_IS_OK(status)) {
2738 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2739 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2740 ERRSRV, ERRbadpath);
2743 reply_nterror(req, status);
2747 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2749 status = unlink_internals(conn, req, dirtype, smb_fname,
2750 path_contains_wcard);
2751 if (!NT_STATUS_IS_OK(status)) {
2752 if (open_was_deferred(req->mid)) {
2753 /* We have re-scheduled this call. */
2756 reply_nterror(req, status);
2760 reply_outbuf(req, 0, 0);
2762 TALLOC_FREE(smb_fname);
2763 END_PROFILE(SMBunlink);
2767 /****************************************************************************
2769 ****************************************************************************/
2771 static void fail_readraw(void)
2773 const char *errstr = talloc_asprintf(talloc_tos(),
2774 "FAIL ! reply_readbraw: socket write fail (%s)",
2779 exit_server_cleanly(errstr);
2782 /****************************************************************************
2783 Fake (read/write) sendfile. Returns -1 on read or write fail.
2784 ****************************************************************************/
2786 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2790 size_t tosend = nread;
2797 bufsize = MIN(nread, 65536);
2799 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2803 while (tosend > 0) {
2807 if (tosend > bufsize) {
2812 ret = read_file(fsp,buf,startpos,cur_read);
2818 /* If we had a short read, fill with zeros. */
2819 if (ret < cur_read) {
2820 memset(buf + ret, '\0', cur_read - ret);
2823 if (write_data(fsp->conn->sconn->sock, buf, cur_read)
2825 char addr[INET6_ADDRSTRLEN];
2827 * Try and give an error message saying what
2830 DEBUG(0, ("write_data failed for client %s. "
2832 get_peer_addr(fsp->conn->sconn->sock, addr,
2839 startpos += cur_read;
2843 return (ssize_t)nread;
2846 #if defined(WITH_SENDFILE)
2847 /****************************************************************************
2848 Deal with the case of sendfile reading less bytes from the file than
2849 requested. Fill with zeros (all we can do).
2850 ****************************************************************************/
2852 static void sendfile_short_send(files_struct *fsp,
2857 #define SHORT_SEND_BUFSIZE 1024
2858 if (nread < headersize) {
2859 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2860 "header for file %s (%s). Terminating\n",
2861 fsp_str_dbg(fsp), strerror(errno)));
2862 exit_server_cleanly("sendfile_short_send failed");
2865 nread -= headersize;
2867 if (nread < smb_maxcnt) {
2868 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2870 exit_server_cleanly("sendfile_short_send: "
2874 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2875 "with zeros !\n", fsp_str_dbg(fsp)));
2877 while (nread < smb_maxcnt) {
2879 * We asked for the real file size and told sendfile
2880 * to not go beyond the end of the file. But it can
2881 * happen that in between our fstat call and the
2882 * sendfile call the file was truncated. This is very
2883 * bad because we have already announced the larger
2884 * number of bytes to the client.
2886 * The best we can do now is to send 0-bytes, just as
2887 * a read from a hole in a sparse file would do.
2889 * This should happen rarely enough that I don't care
2890 * about efficiency here :-)
2894 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2895 if (write_data(fsp->conn->sconn->sock, buf, to_write)
2897 char addr[INET6_ADDRSTRLEN];
2899 * Try and give an error message saying what
2902 DEBUG(0, ("write_data failed for client %s. "
2905 fsp->conn->sconn->sock, addr,
2908 exit_server_cleanly("sendfile_short_send: "
2909 "write_data failed");
2916 #endif /* defined WITH_SENDFILE */
2918 /****************************************************************************
2919 Return a readbraw error (4 bytes of zero).
2920 ****************************************************************************/
2922 static void reply_readbraw_error(struct smbd_server_connection *sconn)
2928 smbd_lock_socket(sconn);
2929 if (write_data(sconn->sock,header,4) != 4) {
2930 char addr[INET6_ADDRSTRLEN];
2932 * Try and give an error message saying what
2935 DEBUG(0, ("write_data failed for client %s. "
2937 get_peer_addr(sconn->sock, addr, sizeof(addr)),
2942 smbd_unlock_socket(sconn);
2945 /****************************************************************************
2946 Use sendfile in readbraw.
2947 ****************************************************************************/
2949 static void send_file_readbraw(connection_struct *conn,
2950 struct smb_request *req,
2956 struct smbd_server_connection *sconn = req->sconn;
2957 char *outbuf = NULL;
2960 #if defined(WITH_SENDFILE)
2962 * We can only use sendfile on a non-chained packet
2963 * but we can use on a non-oplocked file. tridge proved this
2964 * on a train in Germany :-). JRA.
2965 * reply_readbraw has already checked the length.
2968 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2969 (fsp->wcp == NULL) &&
2970 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
2971 ssize_t sendfile_read = -1;
2973 DATA_BLOB header_blob;
2975 _smb_setlen(header,nread);
2976 header_blob = data_blob_const(header, 4);
2978 sendfile_read = SMB_VFS_SENDFILE(sconn->sock, fsp,
2979 &header_blob, startpos,
2981 if (sendfile_read == -1) {
2982 /* Returning ENOSYS means no data at all was sent.
2983 * Do this as a normal read. */
2984 if (errno == ENOSYS) {
2985 goto normal_readbraw;
2989 * Special hack for broken Linux with no working sendfile. If we
2990 * return EINTR we sent the header but not the rest of the data.
2991 * Fake this up by doing read/write calls.
2993 if (errno == EINTR) {
2994 /* Ensure we don't do this again. */
2995 set_use_sendfile(SNUM(conn), False);
2996 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2998 if (fake_sendfile(fsp, startpos, nread) == -1) {
2999 DEBUG(0,("send_file_readbraw: "
3000 "fake_sendfile failed for "
3004 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
3009 DEBUG(0,("send_file_readbraw: sendfile failed for "
3010 "file %s (%s). Terminating\n",
3011 fsp_str_dbg(fsp), strerror(errno)));
3012 exit_server_cleanly("send_file_readbraw sendfile failed");
3013 } else if (sendfile_read == 0) {
3015 * Some sendfile implementations return 0 to indicate
3016 * that there was a short read, but nothing was
3017 * actually written to the socket. In this case,
3018 * fallback to the normal read path so the header gets
3019 * the correct byte count.
3021 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
3022 "bytes falling back to the normal read: "
3023 "%s\n", fsp_str_dbg(fsp)));
3024 goto normal_readbraw;
3027 /* Deal with possible short send. */
3028 if (sendfile_read != 4+nread) {
3029 sendfile_short_send(fsp, sendfile_read, 4, nread);
3037 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
3039 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
3040 (unsigned)(nread+4)));
3041 reply_readbraw_error(sconn);
3046 ret = read_file(fsp,outbuf+4,startpos,nread);
3047 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3056 _smb_setlen(outbuf,ret);
3057 if (write_data(sconn->sock, outbuf, 4+ret) != 4+ret) {
3058 char addr[INET6_ADDRSTRLEN];
3060 * Try and give an error message saying what
3063 DEBUG(0, ("write_data failed for client %s. "
3065 get_peer_addr(fsp->conn->sconn->sock, addr,
3072 TALLOC_FREE(outbuf);
3075 /****************************************************************************
3076 Reply to a readbraw (core+ protocol).
3077 ****************************************************************************/
3079 void reply_readbraw(struct smb_request *req)
3081 connection_struct *conn = req->conn;
3082 struct smbd_server_connection *sconn = req->sconn;
3083 ssize_t maxcount,mincount;
3087 struct lock_struct lock;
3090 START_PROFILE(SMBreadbraw);
3092 if (srv_is_signing_active(sconn) ||
3093 is_encrypted_packet(req->inbuf)) {
3094 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3095 "raw reads/writes are disallowed.");
3099 reply_readbraw_error(sconn);
3100 END_PROFILE(SMBreadbraw);
3104 if (sconn->smb1.echo_handler.trusted_fde) {
3105 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3106 "'async smb echo handler = yes'\n"));
3107 reply_readbraw_error(sconn);
3108 END_PROFILE(SMBreadbraw);
3113 * Special check if an oplock break has been issued
3114 * and the readraw request croses on the wire, we must
3115 * return a zero length response here.
3118 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3121 * We have to do a check_fsp by hand here, as
3122 * we must always return 4 zero bytes on error,
3126 if (!fsp || !conn || conn != fsp->conn ||
3127 req->vuid != fsp->vuid ||
3128 fsp->is_directory || fsp->fh->fd == -1) {
3130 * fsp could be NULL here so use the value from the packet. JRA.
3132 DEBUG(3,("reply_readbraw: fnum %d not valid "
3134 (int)SVAL(req->vwv+0, 0)));
3135 reply_readbraw_error(sconn);
3136 END_PROFILE(SMBreadbraw);
3140 /* Do a "by hand" version of CHECK_READ. */
3141 if (!(fsp->can_read ||
3142 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3143 (fsp->access_mask & FILE_EXECUTE)))) {
3144 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3145 (int)SVAL(req->vwv+0, 0)));
3146 reply_readbraw_error(sconn);
3147 END_PROFILE(SMBreadbraw);
3151 flush_write_cache(fsp, READRAW_FLUSH);
3153 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3154 if(req->wct == 10) {
3156 * This is a large offset (64 bit) read.
3158 #ifdef LARGE_SMB_OFF_T
3160 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3162 #else /* !LARGE_SMB_OFF_T */
3165 * Ensure we haven't been sent a >32 bit offset.
3168 if(IVAL(req->vwv+8, 0) != 0) {
3169 DEBUG(0,("reply_readbraw: large offset "
3170 "(%x << 32) used and we don't support "
3171 "64 bit offsets.\n",
3172 (unsigned int)IVAL(req->vwv+8, 0) ));
3173 reply_readbraw_error();
3174 END_PROFILE(SMBreadbraw);
3178 #endif /* LARGE_SMB_OFF_T */
3181 DEBUG(0,("reply_readbraw: negative 64 bit "
3182 "readraw offset (%.0f) !\n",
3183 (double)startpos ));
3184 reply_readbraw_error(sconn);
3185 END_PROFILE(SMBreadbraw);
3190 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3191 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3193 /* ensure we don't overrun the packet size */
3194 maxcount = MIN(65535,maxcount);
3196 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3197 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3200 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3201 reply_readbraw_error(sconn);
3202 END_PROFILE(SMBreadbraw);
3206 if (fsp_stat(fsp) == 0) {
3207 size = fsp->fsp_name->st.st_ex_size;
3210 if (startpos >= size) {
3213 nread = MIN(maxcount,(size - startpos));
3216 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3217 if (nread < mincount)
3221 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3222 "min=%lu nread=%lu\n",
3223 fsp->fnum, (double)startpos,
3224 (unsigned long)maxcount,
3225 (unsigned long)mincount,
3226 (unsigned long)nread ) );
3228 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3230 DEBUG(5,("reply_readbraw finished\n"));
3232 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3234 END_PROFILE(SMBreadbraw);
3239 #define DBGC_CLASS DBGC_LOCKING
3241 /****************************************************************************
3242 Reply to a lockread (core+ protocol).
3243 ****************************************************************************/
3245 void reply_lockread(struct smb_request *req)
3247 connection_struct *conn = req->conn;
3254 struct byte_range_lock *br_lck = NULL;
3256 struct smbd_server_connection *sconn = req->sconn;
3258 START_PROFILE(SMBlockread);
3261 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3262 END_PROFILE(SMBlockread);
3266 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3268 if (!check_fsp(conn, req, fsp)) {
3269 END_PROFILE(SMBlockread);
3273 if (!CHECK_READ(fsp,req)) {
3274 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3275 END_PROFILE(SMBlockread);
3279 numtoread = SVAL(req->vwv+1, 0);
3280 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3282 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3284 reply_outbuf(req, 5, numtoread + 3);
3286 data = smb_buf(req->outbuf) + 3;
3289 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3290 * protocol request that predates the read/write lock concept.
3291 * Thus instead of asking for a read lock here we need to ask
3292 * for a write lock. JRA.
3293 * Note that the requested lock size is unaffected by max_recv.
3296 br_lck = do_lock(req->sconn->msg_ctx,
3298 (uint64_t)req->smbpid,
3299 (uint64_t)numtoread,
3303 False, /* Non-blocking lock. */
3307 TALLOC_FREE(br_lck);
3309 if (NT_STATUS_V(status)) {
3310 reply_nterror(req, status);
3311 END_PROFILE(SMBlockread);
3316 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3319 if (numtoread > sconn->smb1.negprot.max_recv) {
3320 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3321 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3322 (unsigned int)numtoread,
3323 (unsigned int)sconn->smb1.negprot.max_recv));
3324 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3326 nread = read_file(fsp,data,startpos,numtoread);
3329 reply_nterror(req, map_nt_error_from_unix(errno));
3330 END_PROFILE(SMBlockread);
3334 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3336 SSVAL(req->outbuf,smb_vwv0,nread);
3337 SSVAL(req->outbuf,smb_vwv5,nread+3);
3338 p = smb_buf(req->outbuf);
3339 SCVAL(p,0,0); /* pad byte. */
3342 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3343 fsp->fnum, (int)numtoread, (int)nread));
3345 END_PROFILE(SMBlockread);
3350 #define DBGC_CLASS DBGC_ALL
3352 /****************************************************************************
3354 ****************************************************************************/
3356 void reply_read(struct smb_request *req)
3358 connection_struct *conn = req->conn;
3365 struct lock_struct lock;
3366 struct smbd_server_connection *sconn = req->sconn;
3368 START_PROFILE(SMBread);
3371 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3372 END_PROFILE(SMBread);
3376 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3378 if (!check_fsp(conn, req, fsp)) {
3379 END_PROFILE(SMBread);
3383 if (!CHECK_READ(fsp,req)) {
3384 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3385 END_PROFILE(SMBread);
3389 numtoread = SVAL(req->vwv+1, 0);
3390 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3392 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3395 * The requested read size cannot be greater than max_recv. JRA.
3397 if (numtoread > sconn->smb1.negprot.max_recv) {
3398 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3399 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3400 (unsigned int)numtoread,
3401 (unsigned int)sconn->smb1.negprot.max_recv));
3402 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3405 reply_outbuf(req, 5, numtoread+3);
3407 data = smb_buf(req->outbuf) + 3;
3409 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3410 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3413 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3414 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3415 END_PROFILE(SMBread);
3420 nread = read_file(fsp,data,startpos,numtoread);
3423 reply_nterror(req, map_nt_error_from_unix(errno));
3427 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3429 SSVAL(req->outbuf,smb_vwv0,nread);
3430 SSVAL(req->outbuf,smb_vwv5,nread+3);
3431 SCVAL(smb_buf(req->outbuf),0,1);
3432 SSVAL(smb_buf(req->outbuf),1,nread);
3434 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3435 fsp->fnum, (int)numtoread, (int)nread ) );
3438 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3440 END_PROFILE(SMBread);
3444 /****************************************************************************
3446 ****************************************************************************/
3448 static int setup_readX_header(struct smb_request *req, char *outbuf,
3454 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3455 data = smb_buf(outbuf);
3457 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3459 SCVAL(outbuf,smb_vwv0,0xFF);
3460 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3461 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3462 SSVAL(outbuf,smb_vwv6,
3464 + 1 /* the wct field */
3465 + 12 * sizeof(uint16_t) /* vwv */
3466 + 2); /* the buflen field */
3467 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3468 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3469 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3470 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3474 /****************************************************************************
3475 Reply to a read and X - possibly using sendfile.
3476 ****************************************************************************/
3478 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3479 files_struct *fsp, SMB_OFF_T startpos,
3483 struct lock_struct lock;
3484 int saved_errno = 0;
3486 if(fsp_stat(fsp) == -1) {
3487 reply_nterror(req, map_nt_error_from_unix(errno));
3491 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3492 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3495 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3496 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3500 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3501 (startpos > fsp->fsp_name->st.st_ex_size)
3502 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3504 * We already know that we would do a short read, so don't
3505 * try the sendfile() path.
3507 goto nosendfile_read;
3510 #if defined(WITH_SENDFILE)
3512 * We can only use sendfile on a non-chained packet
3513 * but we can use on a non-oplocked file. tridge proved this
3514 * on a train in Germany :-). JRA.
3517 if (!req_is_in_chain(req) &&
3518 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3519 (fsp->wcp == NULL) &&
3520 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3521 uint8 headerbuf[smb_size + 12 * 2];
3525 * Set up the packet header before send. We
3526 * assume here the sendfile will work (get the
3527 * correct amount of data).
3530 header = data_blob_const(headerbuf, sizeof(headerbuf));
3532 construct_reply_common_req(req, (char *)headerbuf);
3533 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3535 nread = SMB_VFS_SENDFILE(req->sconn->sock, fsp, &header,
3536 startpos, smb_maxcnt);
3538 /* Returning ENOSYS means no data at all was sent.
3539 Do this as a normal read. */
3540 if (errno == ENOSYS) {
3545 * Special hack for broken Linux with no working sendfile. If we
3546 * return EINTR we sent the header but not the rest of the data.
3547 * Fake this up by doing read/write calls.
3550 if (errno == EINTR) {
3551 /* Ensure we don't do this again. */
3552 set_use_sendfile(SNUM(conn), False);
3553 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3554 nread = fake_sendfile(fsp, startpos,
3557 DEBUG(0,("send_file_readX: "
3558 "fake_sendfile failed for "
3562 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3564 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3565 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3566 /* No outbuf here means successful sendfile. */
3570 DEBUG(0,("send_file_readX: sendfile failed for file "
3571 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3573 exit_server_cleanly("send_file_readX sendfile failed");
3574 } else if (nread == 0) {
3576 * Some sendfile implementations return 0 to indicate
3577 * that there was a short read, but nothing was
3578 * actually written to the socket. In this case,
3579 * fallback to the normal read path so the header gets
3580 * the correct byte count.
3582 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3583 "falling back to the normal read: %s\n",
3588 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3589 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3591 /* Deal with possible short send. */
3592 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3593 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3595 /* No outbuf here means successful sendfile. */
3596 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3597 SMB_PERFCOUNT_END(&req->pcd);
3605 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3606 uint8 headerbuf[smb_size + 2*12];
3608 construct_reply_common_req(req, (char *)headerbuf);
3609 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3611 /* Send out the header. */
3612 if (write_data(req->sconn->sock, (char *)headerbuf,
3613 sizeof(headerbuf)) != sizeof(headerbuf)) {
3615 char addr[INET6_ADDRSTRLEN];
3617 * Try and give an error message saying what
3620 DEBUG(0, ("write_data failed for client %s. "
3622 get_peer_addr(req->sconn->sock, addr,
3626 DEBUG(0,("send_file_readX: write_data failed for file "
3627 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3629 exit_server_cleanly("send_file_readX sendfile failed");
3631 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3633 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3634 "file %s (%s).\n", fsp_str_dbg(fsp),
3636 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3643 reply_outbuf(req, 12, smb_maxcnt);
3645 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3646 saved_errno = errno;
3648 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3651 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3655 setup_readX_header(req, (char *)req->outbuf, nread);
3657 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3658 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3664 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3665 TALLOC_FREE(req->outbuf);
3669 /****************************************************************************
3670 Reply to a read and X.
3671 ****************************************************************************/
3673 void reply_read_and_X(struct smb_request *req)
3675 connection_struct *conn = req->conn;
3679 bool big_readX = False;
3681 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3684 START_PROFILE(SMBreadX);
3686 if ((req->wct != 10) && (req->wct != 12)) {
3687 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3691 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3692 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3693 smb_maxcnt = SVAL(req->vwv+5, 0);
3695 /* If it's an IPC, pass off the pipe handler. */
3697 reply_pipe_read_and_X(req);
3698 END_PROFILE(SMBreadX);
3702 if (!check_fsp(conn, req, fsp)) {
3703 END_PROFILE(SMBreadX);
3707 if (!CHECK_READ(fsp,req)) {
3708 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3709 END_PROFILE(SMBreadX);
3713 if (global_client_caps & CAP_LARGE_READX) {
3714 size_t upper_size = SVAL(req->vwv+7, 0);
3715 smb_maxcnt |= (upper_size<<16);
3716 if (upper_size > 1) {
3717 /* Can't do this on a chained packet. */
3718 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3719 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3720 END_PROFILE(SMBreadX);
3723 /* We currently don't do this on signed or sealed data. */
3724 if (srv_is_signing_active(req->sconn) ||
3725 is_encrypted_packet(req->inbuf)) {
3726 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3727 END_PROFILE(SMBreadX);
3730 /* Is there room in the reply for this data ? */
3731 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3733 NT_STATUS_INVALID_PARAMETER);
3734 END_PROFILE(SMBreadX);
3741 if (req->wct == 12) {
3742 #ifdef LARGE_SMB_OFF_T
3744 * This is a large offset (64 bit) read.
3746 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3748 #else /* !LARGE_SMB_OFF_T */
3751 * Ensure we haven't been sent a >32 bit offset.
3754 if(IVAL(req->vwv+10, 0) != 0) {
3755 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3756 "used and we don't support 64 bit offsets.\n",
3757 (unsigned int)IVAL(req->vwv+10, 0) ));
3758 END_PROFILE(SMBreadX);
3759 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3763 #endif /* LARGE_SMB_OFF_T */
3768 NTSTATUS status = schedule_aio_read_and_X(conn,
3773 if (NT_STATUS_IS_OK(status)) {
3774 /* Read scheduled - we're done. */
3777 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
3778 /* Real error - report to client. */
3779 END_PROFILE(SMBreadX);
3780 reply_nterror(req, status);
3783 /* NT_STATUS_RETRY - fall back to sync read. */
3786 smbd_lock_socket(req->sconn);
3787 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3788 smbd_unlock_socket(req->sconn);
3791 END_PROFILE(SMBreadX);
3795 /****************************************************************************
3796 Error replies to writebraw must have smb_wct == 1. Fix this up.
3797 ****************************************************************************/
3799 void error_to_writebrawerr(struct smb_request *req)
3801 uint8 *old_outbuf = req->outbuf;
3803 reply_outbuf(req, 1, 0);
3805 memcpy(req->outbuf, old_outbuf, smb_size);
3806 TALLOC_FREE(old_outbuf);
3809 /****************************************************************************
3810 Read 4 bytes of a smb packet and return the smb length of the packet.
3811 Store the result in the buffer. This version of the function will
3812 never return a session keepalive (length of zero).
3813 Timeout is in milliseconds.
3814 ****************************************************************************/
3816 static NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
3819 uint8_t msgtype = SMBkeepalive;
3821 while (msgtype == SMBkeepalive) {
3824 status = read_smb_length_return_keepalive(fd, inbuf, timeout,
3826 if (!NT_STATUS_IS_OK(status)) {
3827 char addr[INET6_ADDRSTRLEN];
3828 /* Try and give an error message
3829 * saying what client failed. */
3830 DEBUG(0, ("read_fd_with_timeout failed for "
3831 "client %s read error = %s.\n",
3832 get_peer_addr(fd,addr,sizeof(addr)),
3833 nt_errstr(status)));
3837 msgtype = CVAL(inbuf, 0);
3840 DEBUG(10,("read_smb_length: got smb length of %lu\n",
3841 (unsigned long)len));
3843 return NT_STATUS_OK;
3846 /****************************************************************************
3847 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3848 ****************************************************************************/
3850 void reply_writebraw(struct smb_request *req)
3852 connection_struct *conn = req->conn;
3855 ssize_t total_written=0;
3856 size_t numtowrite=0;
3862 struct lock_struct lock;
3865 START_PROFILE(SMBwritebraw);
3868 * If we ever reply with an error, it must have the SMB command
3869 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3872 SCVAL(req->inbuf,smb_com,SMBwritec);
3874 if (srv_is_signing_active(req->sconn)) {
3875 END_PROFILE(SMBwritebraw);
3876 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3877 "raw reads/writes are disallowed.");
3880 if (req->wct < 12) {
3881 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3882 error_to_writebrawerr(req);
3883 END_PROFILE(SMBwritebraw);
3887 if (req->sconn->smb1.echo_handler.trusted_fde) {
3888 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
3889 "'async smb echo handler = yes'\n"));
3890 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3891 error_to_writebrawerr(req);
3892 END_PROFILE(SMBwritebraw);
3896 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3897 if (!check_fsp(conn, req, fsp)) {
3898 error_to_writebrawerr(req);
3899 END_PROFILE(SMBwritebraw);
3903 if (!CHECK_WRITE(fsp)) {
3904 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3905 error_to_writebrawerr(req);
3906 END_PROFILE(SMBwritebraw);
3910 tcount = IVAL(req->vwv+1, 0);
3911 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3912 write_through = BITSETW(req->vwv+7,0);
3914 /* We have to deal with slightly different formats depending
3915 on whether we are using the core+ or lanman1.0 protocol */
3917 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3918 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3919 data = smb_buf(req->inbuf);
3921 numtowrite = SVAL(req->vwv+10, 0);
3922 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3925 /* Ensure we don't write bytes past the end of this packet. */
3926 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3927 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3928 error_to_writebrawerr(req);
3929 END_PROFILE(SMBwritebraw);
3933 if (!fsp->print_file) {
3934 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3935 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3938 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3939 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3940 error_to_writebrawerr(req);
3941 END_PROFILE(SMBwritebraw);
3947 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3950 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3951 "wrote=%d sync=%d\n",
3952 fsp->fnum, (double)startpos, (int)numtowrite,
3953 (int)nwritten, (int)write_through));
3955 if (nwritten < (ssize_t)numtowrite) {
3956 reply_nterror(req, NT_STATUS_DISK_FULL);
3957 error_to_writebrawerr(req);
3961 total_written = nwritten;
3963 /* Allocate a buffer of 64k + length. */
3964 buf = TALLOC_ARRAY(NULL, char, 65540);
3966 reply_nterror(req, NT_STATUS_NO_MEMORY);
3967 error_to_writebrawerr(req);
3971 /* Return a SMBwritebraw message to the redirector to tell
3972 * it to send more bytes */
3974 memcpy(buf, req->inbuf, smb_size);
3975 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
3976 SCVAL(buf,smb_com,SMBwritebraw);
3977 SSVALS(buf,smb_vwv0,0xFFFF);
3979 if (!srv_send_smb(req->sconn,
3981 false, 0, /* no signing */
3982 IS_CONN_ENCRYPTED(conn),
3984 exit_server_cleanly("reply_writebraw: srv_send_smb "
3988 /* Now read the raw data into the buffer and write it */
3989 status = read_smb_length(req->sconn->sock, buf, SMB_SECONDARY_WAIT,
3991 if (!NT_STATUS_IS_OK(status)) {
3992 exit_server_cleanly("secondary writebraw failed");
3995 /* Set up outbuf to return the correct size */
3996 reply_outbuf(req, 1, 0);
3998 if (numtowrite != 0) {
4000 if (numtowrite > 0xFFFF) {
4001 DEBUG(0,("reply_writebraw: Oversize secondary write "
4002 "raw requested (%u). Terminating\n",
4003 (unsigned int)numtowrite ));
4004 exit_server_cleanly("secondary writebraw failed");
4007 if (tcount > nwritten+numtowrite) {
4008 DEBUG(3,("reply_writebraw: Client overestimated the "
4010 (int)tcount,(int)nwritten,(int)numtowrite));
4013 status = read_data(req->sconn->sock, buf+4, numtowrite);
4015 if (!NT_STATUS_IS_OK(status)) {
4016 char addr[INET6_ADDRSTRLEN];
4017 /* Try and give an error message
4018 * saying what client failed. */
4019 DEBUG(0, ("reply_writebraw: Oversize secondary write "
4020 "raw read failed (%s) for client %s. "
4021 "Terminating\n", nt_errstr(status),
4022 get_peer_addr(req->sconn->sock, addr,
4024 exit_server_cleanly("secondary writebraw failed");
4027 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
4028 if (nwritten == -1) {
4030 reply_nterror(req, map_nt_error_from_unix(errno));
4031 error_to_writebrawerr(req);
4035 if (nwritten < (ssize_t)numtowrite) {
4036 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4037 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4041 total_written += nwritten;
4046 SSVAL(req->outbuf,smb_vwv0,total_written);
4048 status = sync_file(conn, fsp, write_through);
4049 if (!NT_STATUS_IS_OK(status)) {
4050 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
4051 fsp_str_dbg(fsp), nt_errstr(status)));
4052 reply_nterror(req, status);
4053 error_to_writebrawerr(req);
4057 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
4059 fsp->fnum, (double)startpos, (int)numtowrite,
4060 (int)total_written));
4062 if (!fsp->print_file) {
4063 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4066 /* We won't return a status if write through is not selected - this
4067 * follows what WfWg does */
4068 END_PROFILE(SMBwritebraw);
4070 if (!write_through && total_written==tcount) {
4072 #if RABBIT_PELLET_FIX
4074 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
4075 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
4078 if (!send_keepalive(req->sconn->sock)) {
4079 exit_server_cleanly("reply_writebraw: send of "
4080 "keepalive failed");
4083 TALLOC_FREE(req->outbuf);
4088 if (!fsp->print_file) {
4089 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4092 END_PROFILE(SMBwritebraw);
4097 #define DBGC_CLASS DBGC_LOCKING
4099 /****************************************************************************
4100 Reply to a writeunlock (core+).
4101 ****************************************************************************/
4103 void reply_writeunlock(struct smb_request *req)
4105 connection_struct *conn = req->conn;
4106 ssize_t nwritten = -1;
4110 NTSTATUS status = NT_STATUS_OK;
4112 struct lock_struct lock;
4113 int saved_errno = 0;
4115 START_PROFILE(SMBwriteunlock);
4118 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4119 END_PROFILE(SMBwriteunlock);
4123 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4125 if (!check_fsp(conn, req, fsp)) {
4126 END_PROFILE(SMBwriteunlock);
4130 if (!CHECK_WRITE(fsp)) {
4131 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4132 END_PROFILE(SMBwriteunlock);
4136 numtowrite = SVAL(req->vwv+1, 0);
4137 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4138 data = (const char *)req->buf + 3;
4140 if (!fsp->print_file && numtowrite > 0) {
4141 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4142 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4145 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4146 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4147 END_PROFILE(SMBwriteunlock);
4152 /* The special X/Open SMB protocol handling of
4153 zero length writes is *NOT* done for
4155 if(numtowrite == 0) {
4158 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4159 saved_errno = errno;
4162 status = sync_file(conn, fsp, False /* write through */);
4163 if (!NT_STATUS_IS_OK(status)) {
4164 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4165 fsp_str_dbg(fsp), nt_errstr(status)));
4166 reply_nterror(req, status);
4171 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4175 if((nwritten < numtowrite) && (numtowrite != 0)) {
4176 reply_nterror(req, NT_STATUS_DISK_FULL);
4180 if (numtowrite && !fsp->print_file) {
4181 status = do_unlock(req->sconn->msg_ctx,
4183 (uint64_t)req->smbpid,
4184 (uint64_t)numtowrite,
4188 if (NT_STATUS_V(status)) {
4189 reply_nterror(req, status);
4194 reply_outbuf(req, 1, 0);
4196 SSVAL(req->outbuf,smb_vwv0,nwritten);
4198 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4199 fsp->fnum, (int)numtowrite, (int)nwritten));
4202 if (numtowrite && !fsp->print_file) {
4203 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4206 END_PROFILE(SMBwriteunlock);
4211 #define DBGC_CLASS DBGC_ALL
4213 /****************************************************************************
4215 ****************************************************************************/
4217 void reply_write(struct smb_request *req)
4219 connection_struct *conn = req->conn;
4221 ssize_t nwritten = -1;
4225 struct lock_struct lock;
4227 int saved_errno = 0;
4229 START_PROFILE(SMBwrite);
4232 END_PROFILE(SMBwrite);
4233 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4237 /* If it's an IPC, pass off the pipe handler. */
4239 reply_pipe_write(req);
4240 END_PROFILE(SMBwrite);
4244 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4246 if (!check_fsp(conn, req, fsp)) {
4247 END_PROFILE(SMBwrite);
4251 if (!CHECK_WRITE(fsp)) {
4252 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4253 END_PROFILE(SMBwrite);
4257 numtowrite = SVAL(req->vwv+1, 0);
4258 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4259 data = (const char *)req->buf + 3;
4261 if (!fsp->print_file) {
4262 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4263 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4266 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4267 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4268 END_PROFILE(SMBwrite);
4274 * X/Open SMB protocol says that if smb_vwv1 is
4275 * zero then the file size should be extended or
4276 * truncated to the size given in smb_vwv[2-3].
4279 if(numtowrite == 0) {
4281 * This is actually an allocate call, and set EOF. JRA.
4283 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4285 reply_nterror(req, NT_STATUS_DISK_FULL);
4288 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4290 reply_nterror(req, NT_STATUS_DISK_FULL);
4293 trigger_write_time_update_immediate(fsp);
4295 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4298 status = sync_file(conn, fsp, False);
4299 if (!NT_STATUS_IS_OK(status)) {
4300 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4301 fsp_str_dbg(fsp), nt_errstr(status)));
4302 reply_nterror(req, status);
4307 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4311 if((nwritten == 0) && (numtowrite != 0)) {
4312 reply_nterror(req, NT_STATUS_DISK_FULL);
4316 reply_outbuf(req, 1, 0);
4318 SSVAL(req->outbuf,smb_vwv0,nwritten);
4320 if (nwritten < (ssize_t)numtowrite) {
4321 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4322 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4325 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4328 if (!fsp->print_file) {
4329 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4332 END_PROFILE(SMBwrite);
4336 /****************************************************************************
4337 Ensure a buffer is a valid writeX for recvfile purposes.
4338 ****************************************************************************/
4340 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4341 (2*14) + /* word count (including bcc) */ \
4344 bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
4345 const uint8_t *inbuf)
4348 connection_struct *conn = NULL;
4349 unsigned int doff = 0;
4350 size_t len = smb_len_large(inbuf);
4352 if (is_encrypted_packet(inbuf)) {
4353 /* Can't do this on encrypted
4358 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4362 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4363 CVAL(inbuf,smb_wct) != 14) {
4364 DEBUG(10,("is_valid_writeX_buffer: chained or "
4365 "invalid word length.\n"));
4369 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4371 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4375 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4378 if (IS_PRINT(conn)) {
4379 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4382 doff = SVAL(inbuf,smb_vwv11);
4384 numtowrite = SVAL(inbuf,smb_vwv10);
4386 if (len > doff && len - doff > 0xFFFF) {
4387 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4390 if (numtowrite == 0) {
4391 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4395 /* Ensure the sizes match up. */
4396 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4397 /* no pad byte...old smbclient :-( */
4398 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4400 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4404 if (len - doff != numtowrite) {
4405 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4406 "len = %u, doff = %u, numtowrite = %u\n",
4409 (unsigned int)numtowrite ));
4413 DEBUG(10,("is_valid_writeX_buffer: true "
4414 "len = %u, doff = %u, numtowrite = %u\n",
4417 (unsigned int)numtowrite ));
4422 /****************************************************************************
4423 Reply to a write and X.
4424 ****************************************************************************/
4426 void reply_write_and_X(struct smb_request *req)
4428 connection_struct *conn = req->conn;
4430 struct lock_struct lock;
4435 unsigned int smb_doff;
4436 unsigned int smblen;
4439 int saved_errno = 0;
4441 START_PROFILE(SMBwriteX);
4443 if ((req->wct != 12) && (req->wct != 14)) {
4444 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4445 END_PROFILE(SMBwriteX);
4449 numtowrite = SVAL(req->vwv+10, 0);
4450 smb_doff = SVAL(req->vwv+11, 0);
4451 smblen = smb_len(req->inbuf);
4453 if (req->unread_bytes > 0xFFFF ||
4454 (smblen > smb_doff &&
4455 smblen - smb_doff > 0xFFFF)) {
4456 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4459 if (req->unread_bytes) {
4460 /* Can't do a recvfile write on IPC$ */
4462 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4463 END_PROFILE(SMBwriteX);
4466 if (numtowrite != req->unread_bytes) {
4467 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4468 END_PROFILE(SMBwriteX);
4472 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4473 smb_doff + numtowrite > smblen) {
4474 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4475 END_PROFILE(SMBwriteX);
4480 /* If it's an IPC, pass off the pipe handler. */
4482 if (req->unread_bytes) {
4483 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4484 END_PROFILE(SMBwriteX);
4487 reply_pipe_write_and_X(req);
4488 END_PROFILE(SMBwriteX);
4492 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4493 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4494 write_through = BITSETW(req->vwv+7,0);
4496 if (!check_fsp(conn, req, fsp)) {
4497 END_PROFILE(SMBwriteX);
4501 if (!CHECK_WRITE(fsp)) {
4502 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4503 END_PROFILE(SMBwriteX);
4507 data = smb_base(req->inbuf) + smb_doff;
4509 if(req->wct == 14) {
4510 #ifdef LARGE_SMB_OFF_T
4512 * This is a large offset (64 bit) write.
4514 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4516 #else /* !LARGE_SMB_OFF_T */
4519 * Ensure we haven't been sent a >32 bit offset.
4522 if(IVAL(req->vwv+12, 0) != 0) {
4523 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4524 "used and we don't support 64 bit offsets.\n",
4525 (unsigned int)IVAL(req->vwv+12, 0) ));
4526 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4527 END_PROFILE(SMBwriteX);
4531 #endif /* LARGE_SMB_OFF_T */
4534 /* X/Open SMB protocol says that, unlike SMBwrite
4535 if the length is zero then NO truncation is
4536 done, just a write of zero. To truncate a file,
4539 if(numtowrite == 0) {
4542 if (req->unread_bytes == 0) {
4543 status = schedule_aio_write_and_X(conn,
4550 if (NT_STATUS_IS_OK(status)) {
4551 /* write scheduled - we're done. */
4554 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4555 /* Real error - report to client. */
4556 reply_nterror(req, status);
4559 /* NT_STATUS_RETRY - fall through to sync write. */
4562 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4563 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4566 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4567 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4571 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4572 saved_errno = errno;
4574 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4578 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4582 if((nwritten == 0) && (numtowrite != 0)) {
4583 reply_nterror(req, NT_STATUS_DISK_FULL);
4587 reply_outbuf(req, 6, 0);
4588 SSVAL(req->outbuf,smb_vwv2,nwritten);
4589 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4591 if (nwritten < (ssize_t)numtowrite) {
4592 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4593 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4596 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4597 fsp->fnum, (int)numtowrite, (int)nwritten));
4599 status = sync_file(conn, fsp, write_through);
4600 if (!NT_STATUS_IS_OK(status)) {
4601 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4602 fsp_str_dbg(fsp), nt_errstr(status)));
4603 reply_nterror(req, status);
4607 END_PROFILE(SMBwriteX);
4612 END_PROFILE(SMBwriteX);
4616 /****************************************************************************
4618 ****************************************************************************/
4620 void reply_lseek(struct smb_request *req)
4622 connection_struct *conn = req->conn;
4628 START_PROFILE(SMBlseek);
4631 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4632 END_PROFILE(SMBlseek);
4636 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4638 if (!check_fsp(conn, req, fsp)) {
4642 flush_write_cache(fsp, SEEK_FLUSH);
4644 mode = SVAL(req->vwv+1, 0) & 3;
4645 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4646 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4655 res = fsp->fh->pos + startpos;
4666 if (umode == SEEK_END) {
4667 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4668 if(errno == EINVAL) {
4669 SMB_OFF_T current_pos = startpos;
4671 if(fsp_stat(fsp) == -1) {
4673 map_nt_error_from_unix(errno));
4674 END_PROFILE(SMBlseek);
4678 current_pos += fsp->fsp_name->st.st_ex_size;
4680 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4685 reply_nterror(req, map_nt_error_from_unix(errno));
4686 END_PROFILE(SMBlseek);
4693 reply_outbuf(req, 2, 0);
4694 SIVAL(req->outbuf,smb_vwv0,res);
4696 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4697 fsp->fnum, (double)startpos, (double)res, mode));
4699 END_PROFILE(SMBlseek);
4703 /****************************************************************************
4705 ****************************************************************************/
4707 void reply_flush(struct smb_request *req)
4709 connection_struct *conn = req->conn;
4713 START_PROFILE(SMBflush);
4716 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4720 fnum = SVAL(req->vwv+0, 0);
4721 fsp = file_fsp(req, fnum);
4723 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4728 file_sync_all(conn);
4730 NTSTATUS status = sync_file(conn, fsp, True);
4731 if (!NT_STATUS_IS_OK(status)) {
4732 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4733 fsp_str_dbg(fsp), nt_errstr(status)));
4734 reply_nterror(req, status);
4735 END_PROFILE(SMBflush);
4740 reply_outbuf(req, 0, 0);
4742 DEBUG(3,("flush\n"));
4743 END_PROFILE(SMBflush);
4747 /****************************************************************************
4749 conn POINTER CAN BE NULL HERE !
4750 ****************************************************************************/
4752 void reply_exit(struct smb_request *req)
4754 START_PROFILE(SMBexit);
4756 file_close_pid(req->smbpid, req->vuid);
4758 reply_outbuf(req, 0, 0);
4760 DEBUG(3,("exit\n"));
4762 END_PROFILE(SMBexit);
4766 /****************************************************************************
4767 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4768 ****************************************************************************/
4770 void reply_close(struct smb_request *req)
4772 connection_struct *conn = req->conn;
4773 NTSTATUS status = NT_STATUS_OK;
4774 files_struct *fsp = NULL;
4775 START_PROFILE(SMBclose);
4778 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4779 END_PROFILE(SMBclose);
4783 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4786 * We can only use check_fsp if we know it's not a directory.
4789 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4790 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
4791 END_PROFILE(SMBclose);
4795 if(fsp->is_directory) {
4797 * Special case - close NT SMB directory handle.
4799 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4800 status = close_file(req, fsp, NORMAL_CLOSE);
4804 * Close ordinary file.
4807 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4808 fsp->fh->fd, fsp->fnum,
4809 conn->num_files_open));
4812 * Take care of any time sent in the close.
4815 t = srv_make_unix_date3(req->vwv+1);
4816 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4819 * close_file() returns the unix errno if an error
4820 * was detected on close - normally this is due to
4821 * a disk full error. If not then it was probably an I/O error.
4824 status = close_file(req, fsp, NORMAL_CLOSE);
4827 if (!NT_STATUS_IS_OK(status)) {
4828 reply_nterror(req, status);
4829 END_PROFILE(SMBclose);
4833 reply_outbuf(req, 0, 0);
4834 END_PROFILE(SMBclose);
4838 /****************************************************************************
4839 Reply to a writeclose (Core+ protocol).
4840 ****************************************************************************/
4842 void reply_writeclose(struct smb_request *req)
4844 connection_struct *conn = req->conn;
4846 ssize_t nwritten = -1;
4847 NTSTATUS close_status = NT_STATUS_OK;
4850 struct timespec mtime;
4852 struct lock_struct lock;
4854 START_PROFILE(SMBwriteclose);
4857 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4858 END_PROFILE(SMBwriteclose);
4862 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4864 if (!check_fsp(conn, req, fsp)) {
4865 END_PROFILE(SMBwriteclose);
4868 if (!CHECK_WRITE(fsp)) {
4869 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4870 END_PROFILE(SMBwriteclose);
4874 numtowrite = SVAL(req->vwv+1, 0);
4875 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4876 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4877 data = (const char *)req->buf + 1;
4879 if (!fsp->print_file) {
4880 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4881 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4884 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4885 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4886 END_PROFILE(SMBwriteclose);
4891 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4893 set_close_write_time(fsp, mtime);
4896 * More insanity. W2K only closes the file if writelen > 0.
4901 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4902 "file %s\n", fsp_str_dbg(fsp)));
4903 close_status = close_file(req, fsp, NORMAL_CLOSE);
4906 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4907 fsp->fnum, (int)numtowrite, (int)nwritten,
4908 conn->num_files_open));
4910 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4911 reply_nterror(req, NT_STATUS_DISK_FULL);
4915 if(!NT_STATUS_IS_OK(close_status)) {
4916 reply_nterror(req, close_status);
4920 reply_outbuf(req, 1, 0);
4922 SSVAL(req->outbuf,smb_vwv0,nwritten);
4925 if (numtowrite && !fsp->print_file) {
4926 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4929 END_PROFILE(SMBwriteclose);
4934 #define DBGC_CLASS DBGC_LOCKING
4936 /****************************************************************************
4938 ****************************************************************************/
4940 void reply_lock(struct smb_request *req)
4942 connection_struct *conn = req->conn;
4943 uint64_t count,offset;
4946 struct byte_range_lock *br_lck = NULL;
4948 START_PROFILE(SMBlock);
4951 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4952 END_PROFILE(SMBlock);
4956 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4958 if (!check_fsp(conn, req, fsp)) {
4959 END_PROFILE(SMBlock);
4963 count = (uint64_t)IVAL(req->vwv+1, 0);
4964 offset = (uint64_t)IVAL(req->vwv+3, 0);
4966 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4967 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4969 br_lck = do_lock(req->sconn->msg_ctx,
4971 (uint64_t)req->smbpid,
4976 False, /* Non-blocking lock. */
4981 TALLOC_FREE(br_lck);
4983 if (NT_STATUS_V(status)) {
4984 reply_nterror(req, status);
4985 END_PROFILE(SMBlock);
4989 reply_outbuf(req, 0, 0);
4991 END_PROFILE(SMBlock);
4995 /****************************************************************************
4997 ****************************************************************************/
4999 void reply_unlock(struct smb_request *req)
5001 connection_struct *conn = req->conn;
5002 uint64_t count,offset;
5006 START_PROFILE(SMBunlock);
5009 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5010 END_PROFILE(SMBunlock);
5014 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5016 if (!check_fsp(conn, req, fsp)) {
5017 END_PROFILE(SMBunlock);
5021 count = (uint64_t)IVAL(req->vwv+1, 0);
5022 offset = (uint64_t)IVAL(req->vwv+3, 0);
5024 status = do_unlock(req->sconn->msg_ctx,
5026 (uint64_t)req->smbpid,
5031 if (NT_STATUS_V(status)) {
5032 reply_nterror(req, status);
5033 END_PROFILE(SMBunlock);
5037 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
5038 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
5040 reply_outbuf(req, 0, 0);
5042 END_PROFILE(SMBunlock);
5047 #define DBGC_CLASS DBGC_ALL
5049 /****************************************************************************
5051 conn POINTER CAN BE NULL HERE !
5052 ****************************************************************************/
5054 void reply_tdis(struct smb_request *req)
5056 connection_struct *conn = req->conn;
5057 START_PROFILE(SMBtdis);
5060 DEBUG(4,("Invalid connection in tdis\n"));
5061 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
5062 END_PROFILE(SMBtdis);
5068 close_cnum(conn,req->vuid);
5071 reply_outbuf(req, 0, 0);
5072 END_PROFILE(SMBtdis);
5076 /****************************************************************************
5078 conn POINTER CAN BE NULL HERE !
5079 ****************************************************************************/
5081 void reply_echo(struct smb_request *req)
5083 connection_struct *conn = req->conn;
5084 struct smb_perfcount_data local_pcd;
5085 struct smb_perfcount_data *cur_pcd;
5089 START_PROFILE(SMBecho);
5091 smb_init_perfcount_data(&local_pcd);
5094 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5095 END_PROFILE(SMBecho);
5099 smb_reverb = SVAL(req->vwv+0, 0);
5101 reply_outbuf(req, 1, req->buflen);
5103 /* copy any incoming data back out */
5104 if (req->buflen > 0) {
5105 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5108 if (smb_reverb > 100) {
5109 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5113 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5115 /* this makes sure we catch the request pcd */
5116 if (seq_num == smb_reverb) {
5117 cur_pcd = &req->pcd;
5119 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5120 cur_pcd = &local_pcd;
5123 SSVAL(req->outbuf,smb_vwv0,seq_num);
5125 show_msg((char *)req->outbuf);
5126 if (!srv_send_smb(req->sconn,
5127 (char *)req->outbuf,
5128 true, req->seqnum+1,
5129 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5131 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5134 DEBUG(3,("echo %d times\n", smb_reverb));
5136 TALLOC_FREE(req->outbuf);
5138 END_PROFILE(SMBecho);
5142 /****************************************************************************
5143 Reply to a printopen.
5144 ****************************************************************************/
5146 void reply_printopen(struct smb_request *req)
5148 connection_struct *conn = req->conn;
5152 START_PROFILE(SMBsplopen);
5155 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5156 END_PROFILE(SMBsplopen);
5160 if (!CAN_PRINT(conn)) {
5161 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5162 END_PROFILE(SMBsplopen);
5166 status = file_new(req, conn, &fsp);
5167 if(!NT_STATUS_IS_OK(status)) {
5168 reply_nterror(req, status);
5169 END_PROFILE(SMBsplopen);
5173 /* Open for exclusive use, write only. */
5174 status = print_spool_open(fsp, NULL, req->vuid);
5176 if (!NT_STATUS_IS_OK(status)) {
5177 file_free(req, fsp);
5178 reply_nterror(req, status);
5179 END_PROFILE(SMBsplopen);
5183 reply_outbuf(req, 1, 0);
5184 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5186 DEBUG(3,("openprint fd=%d fnum=%d\n",
5187 fsp->fh->fd, fsp->fnum));
5189 END_PROFILE(SMBsplopen);
5193 /****************************************************************************
5194 Reply to a printclose.
5195 ****************************************************************************/
5197 void reply_printclose(struct smb_request *req)
5199 connection_struct *conn = req->conn;
5203 START_PROFILE(SMBsplclose);
5206 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5207 END_PROFILE(SMBsplclose);
5211 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5213 if (!check_fsp(conn, req, fsp)) {
5214 END_PROFILE(SMBsplclose);
5218 if (!CAN_PRINT(conn)) {
5219 reply_force_doserror(req, ERRSRV, ERRerror);
5220 END_PROFILE(SMBsplclose);
5224 DEBUG(3,("printclose fd=%d fnum=%d\n",
5225 fsp->fh->fd,fsp->fnum));
5227 status = close_file(req, fsp, NORMAL_CLOSE);
5229 if(!NT_STATUS_IS_OK(status)) {
5230 reply_nterror(req, status);
5231 END_PROFILE(SMBsplclose);
5235 reply_outbuf(req, 0, 0);
5237 END_PROFILE(SMBsplclose);
5241 /****************************************************************************
5242 Reply to a printqueue.
5243 ****************************************************************************/
5245 void reply_printqueue(struct smb_request *req)
5247 connection_struct *conn = req->conn;
5251 START_PROFILE(SMBsplretq);
5254 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5255 END_PROFILE(SMBsplretq);
5259 max_count = SVAL(req->vwv+0, 0);
5260 start_index = SVAL(req->vwv+1, 0);
5262 /* we used to allow the client to get the cnum wrong, but that
5263 is really quite gross and only worked when there was only
5264 one printer - I think we should now only accept it if they
5265 get it right (tridge) */
5266 if (!CAN_PRINT(conn)) {
5267 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5268 END_PROFILE(SMBsplretq);
5272 reply_outbuf(req, 2, 3);
5273 SSVAL(req->outbuf,smb_vwv0,0);
5274 SSVAL(req->outbuf,smb_vwv1,0);
5275 SCVAL(smb_buf(req->outbuf),0,1);
5276 SSVAL(smb_buf(req->outbuf),1,0);
5278 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5279 start_index, max_count));
5282 TALLOC_CTX *mem_ctx = talloc_tos();
5285 const char *sharename = lp_servicename(SNUM(conn));
5286 struct rpc_pipe_client *cli = NULL;
5287 struct policy_handle handle;
5288 struct spoolss_DevmodeContainer devmode_ctr;
5289 union spoolss_JobInfo *info;
5291 uint32_t num_to_get;
5295 ZERO_STRUCT(handle);
5297 status = rpc_pipe_open_interface(conn,
5298 &ndr_table_spoolss.syntax_id,
5300 &conn->sconn->client_id,
5301 conn->sconn->msg_ctx,
5303 if (!NT_STATUS_IS_OK(status)) {
5304 DEBUG(0, ("reply_printqueue: "
5305 "could not connect to spoolss: %s\n",
5306 nt_errstr(status)));
5307 reply_nterror(req, status);
5311 ZERO_STRUCT(devmode_ctr);
5313 status = rpccli_spoolss_OpenPrinter(cli, mem_ctx,
5316 SEC_FLAG_MAXIMUM_ALLOWED,
5319 if (!NT_STATUS_IS_OK(status)) {
5320 reply_nterror(req, status);
5323 if (!W_ERROR_IS_OK(werr)) {
5324 reply_nterror(req, werror_to_ntstatus(werr));
5328 werr = rpccli_spoolss_enumjobs(cli, mem_ctx,
5336 if (!W_ERROR_IS_OK(werr)) {
5337 reply_nterror(req, werror_to_ntstatus(werr));
5341 if (max_count > 0) {
5342 first = start_index;
5344 first = start_index + max_count + 1;
5347 if (first >= count) {
5350 num_to_get = first + MIN(ABS(max_count), count - first);
5353 for (i = first; i < num_to_get; i++) {
5356 time_t qtime = spoolss_Time_to_time_t(&info[i].info2.submitted);
5358 uint16_t qrapjobid = pjobid_to_rap(sharename,
5359 info[i].info2.job_id);
5361 if (info[i].info2.status == JOB_STATUS_PRINTING) {
5367 srv_put_dos_date2(p, 0, qtime);
5368 SCVAL(p, 4, qstatus);
5369 SSVAL(p, 5, qrapjobid);
5370 SIVAL(p, 7, info[i].info2.size);
5372 srvstr_push(blob, req->flags2, p+12,
5373 info[i].info2.notify_name, 16, STR_ASCII);
5375 if (message_push_blob(
5378 blob, sizeof(blob))) == -1) {
5379 reply_nterror(req, NT_STATUS_NO_MEMORY);
5385 SSVAL(req->outbuf,smb_vwv0,count);
5386 SSVAL(req->outbuf,smb_vwv1,
5387 (max_count>0?first+count:first-1));
5388 SCVAL(smb_buf(req->outbuf),0,1);
5389 SSVAL(smb_buf(req->outbuf),1,28*count);
5393 DEBUG(3, ("%u entries returned in queue\n",
5397 if (cli && is_valid_policy_hnd(&handle)) {
5398 rpccli_spoolss_ClosePrinter(cli, mem_ctx, &handle, NULL);
5403 END_PROFILE(SMBsplretq);
5407 /****************************************************************************
5408 Reply to a printwrite.
5409 ****************************************************************************/
5411 void reply_printwrite(struct smb_request *req)
5413 connection_struct *conn = req->conn;
5418 START_PROFILE(SMBsplwr);
5421 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5422 END_PROFILE(SMBsplwr);
5426 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5428 if (!check_fsp(conn, req, fsp)) {
5429 END_PROFILE(SMBsplwr);
5433 if (!fsp->print_file) {
5434 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5435 END_PROFILE(SMBsplwr);
5439 if (!CHECK_WRITE(fsp)) {
5440 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5441 END_PROFILE(SMBsplwr);
5445 numtowrite = SVAL(req->buf, 1);
5447 if (req->buflen < numtowrite + 3) {
5448 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5449 END_PROFILE(SMBsplwr);
5453 data = (const char *)req->buf + 3;
5455 if (write_file(req,fsp,data,(SMB_OFF_T)-1,numtowrite) != numtowrite) {
5456 reply_nterror(req, map_nt_error_from_unix(errno));
5457 END_PROFILE(SMBsplwr);
5461 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5463 END_PROFILE(SMBsplwr);
5467 /****************************************************************************
5469 ****************************************************************************/
5471 void reply_mkdir(struct smb_request *req)
5473 connection_struct *conn = req->conn;
5474 struct smb_filename *smb_dname = NULL;
5475 char *directory = NULL;
5477 TALLOC_CTX *ctx = talloc_tos();
5479 START_PROFILE(SMBmkdir);
5481 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5482 STR_TERMINATE, &status);
5483 if (!NT_STATUS_IS_OK(status)) {
5484 reply_nterror(req, status);
5488 status = filename_convert(ctx, conn,
5489 req->flags2 & FLAGS2_DFS_PATHNAMES,
5494 if (!NT_STATUS_IS_OK(status)) {
5495 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5496 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5497 ERRSRV, ERRbadpath);
5500 reply_nterror(req, status);
5504 status = create_directory(conn, req, smb_dname);
5506 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5508 if (!NT_STATUS_IS_OK(status)) {
5510 if (!use_nt_status()
5511 && NT_STATUS_EQUAL(status,
5512 NT_STATUS_OBJECT_NAME_COLLISION)) {
5514 * Yes, in the DOS error code case we get a
5515 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5516 * samba4 torture test.
5518 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5521 reply_nterror(req, status);
5525 reply_outbuf(req, 0, 0);
5527 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5529 TALLOC_FREE(smb_dname);
5530 END_PROFILE(SMBmkdir);
5534 /****************************************************************************
5536 ****************************************************************************/
5538 void reply_rmdir(struct smb_request *req)
5540 connection_struct *conn = req->conn;
5541 struct smb_filename *smb_dname = NULL;
5542 char *directory = NULL;
5544 TALLOC_CTX *ctx = talloc_tos();
5545 files_struct *fsp = NULL;
5547 struct smbd_server_connection *sconn = req->sconn;
5549 START_PROFILE(SMBrmdir);
5551 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5552 STR_TERMINATE, &status);
5553 if (!NT_STATUS_IS_OK(status)) {
5554 reply_nterror(req, status);
5558 status = filename_convert(ctx, conn,
5559 req->flags2 & FLAGS2_DFS_PATHNAMES,
5564 if (!NT_STATUS_IS_OK(status)) {
5565 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5566 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5567 ERRSRV, ERRbadpath);
5570 reply_nterror(req, status);
5574 if (is_ntfs_stream_smb_fname(smb_dname)) {
5575 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5579 status = SMB_VFS_CREATE_FILE(
5582 0, /* root_dir_fid */
5583 smb_dname, /* fname */
5584 DELETE_ACCESS, /* access_mask */
5585 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5587 FILE_OPEN, /* create_disposition*/
5588 FILE_DIRECTORY_FILE, /* create_options */
5589 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5590 0, /* oplock_request */
5591 0, /* allocation_size */
5592 0, /* private_flags */
5598 if (!NT_STATUS_IS_OK(status)) {
5599 if (open_was_deferred(req->mid)) {
5600 /* We have re-scheduled this call. */
5603 reply_nterror(req, status);
5607 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5608 if (!NT_STATUS_IS_OK(status)) {
5609 close_file(req, fsp, ERROR_CLOSE);
5610 reply_nterror(req, status);
5614 if (!set_delete_on_close(fsp, true, &conn->server_info->utok)) {
5615 close_file(req, fsp, ERROR_CLOSE);
5616 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5620 status = close_file(req, fsp, NORMAL_CLOSE);
5621 if (!NT_STATUS_IS_OK(status)) {
5622 reply_nterror(req, status);
5624 reply_outbuf(req, 0, 0);
5627 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5629 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5631 TALLOC_FREE(smb_dname);
5632 END_PROFILE(SMBrmdir);
5636 /*******************************************************************
5637 Resolve wildcards in a filename rename.
5638 ********************************************************************/
5640 static bool resolve_wildcards(TALLOC_CTX *ctx,
5645 char *name2_copy = NULL;
5650 char *p,*p2, *pname1, *pname2;
5652 name2_copy = talloc_strdup(ctx, name2);
5657 pname1 = strrchr_m(name1,'/');
5658 pname2 = strrchr_m(name2_copy,'/');
5660 if (!pname1 || !pname2) {
5664 /* Truncate the copy of name2 at the last '/' */
5667 /* Now go past the '/' */
5671 root1 = talloc_strdup(ctx, pname1);
5672 root2 = talloc_strdup(ctx, pname2);
5674 if (!root1 || !root2) {
5678 p = strrchr_m(root1,'.');
5681 ext1 = talloc_strdup(ctx, p+1);
5683 ext1 = talloc_strdup(ctx, "");
5685 p = strrchr_m(root2,'.');
5688 ext2 = talloc_strdup(ctx, p+1);
5690 ext2 = talloc_strdup(ctx, "");
5693 if (!ext1 || !ext2) {
5701 /* Hmmm. Should this be mb-aware ? */
5704 } else if (*p2 == '*') {
5706 root2 = talloc_asprintf(ctx, "%s%s",
5725 /* Hmmm. Should this be mb-aware ? */
5728 } else if (*p2 == '*') {
5730 ext2 = talloc_asprintf(ctx, "%s%s",
5746 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5751 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5763 /****************************************************************************
5764 Ensure open files have their names updated. Updated to notify other smbd's
5766 ****************************************************************************/
5768 static void rename_open_files(connection_struct *conn,
5769 struct share_mode_lock *lck,
5770 const struct smb_filename *smb_fname_dst)
5773 bool did_rename = False;
5776 for(fsp = file_find_di_first(lck->id); fsp;
5777 fsp = file_find_di_next(fsp)) {
5778 /* fsp_name is a relative path under the fsp. To change this for other
5779 sharepaths we need to manipulate relative paths. */
5780 /* TODO - create the absolute path and manipulate the newname
5781 relative to the sharepath. */
5782 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5785 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5786 "(file_id %s) from %s -> %s\n", fsp->fnum,
5787 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5788 smb_fname_str_dbg(smb_fname_dst)));
5790 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5791 if (NT_STATUS_IS_OK(status)) {
5797 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5798 "for %s\n", file_id_string_tos(&lck->id),
5799 smb_fname_str_dbg(smb_fname_dst)));
5802 /* Send messages to all smbd's (not ourself) that the name has changed. */
5803 rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
5808 /****************************************************************************
5809 We need to check if the source path is a parent directory of the destination
5810 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5811 refuse the rename with a sharing violation. Under UNIX the above call can
5812 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5813 probably need to check that the client is a Windows one before disallowing
5814 this as a UNIX client (one with UNIX extensions) can know the source is a
5815 symlink and make this decision intelligently. Found by an excellent bug
5816 report from <AndyLiebman@aol.com>.
5817 ****************************************************************************/
5819 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5820 const struct smb_filename *smb_fname_dst)
5822 const char *psrc = smb_fname_src->base_name;
5823 const char *pdst = smb_fname_dst->base_name;
5826 if (psrc[0] == '.' && psrc[1] == '/') {
5829 if (pdst[0] == '.' && pdst[1] == '/') {
5832 if ((slen = strlen(psrc)) > strlen(pdst)) {
5835 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5839 * Do the notify calls from a rename
5842 static void notify_rename(connection_struct *conn, bool is_dir,
5843 const struct smb_filename *smb_fname_src,
5844 const struct smb_filename *smb_fname_dst)
5846 char *parent_dir_src = NULL;
5847 char *parent_dir_dst = NULL;
5850 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5851 : FILE_NOTIFY_CHANGE_FILE_NAME;
5853 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5854 &parent_dir_src, NULL) ||
5855 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5856 &parent_dir_dst, NULL)) {
5860 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5861 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5862 smb_fname_src->base_name);
5863 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5864 smb_fname_dst->base_name);
5867 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5868 smb_fname_src->base_name);
5869 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5870 smb_fname_dst->base_name);
5873 /* this is a strange one. w2k3 gives an additional event for
5874 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5875 files, but not directories */
5877 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5878 FILE_NOTIFY_CHANGE_ATTRIBUTES
5879 |FILE_NOTIFY_CHANGE_CREATION,
5880 smb_fname_dst->base_name);
5883 TALLOC_FREE(parent_dir_src);
5884 TALLOC_FREE(parent_dir_dst);
5887 /****************************************************************************
5888 Rename an open file - given an fsp.
5889 ****************************************************************************/
5891 NTSTATUS rename_internals_fsp(connection_struct *conn,
5893 const struct smb_filename *smb_fname_dst_in,
5895 bool replace_if_exists)
5897 TALLOC_CTX *ctx = talloc_tos();
5898 struct smb_filename *smb_fname_dst = NULL;
5899 NTSTATUS status = NT_STATUS_OK;
5900 struct share_mode_lock *lck = NULL;
5901 bool dst_exists, old_is_stream, new_is_stream;
5903 status = check_name(conn, smb_fname_dst_in->base_name);
5904 if (!NT_STATUS_IS_OK(status)) {
5908 /* Make a copy of the dst smb_fname structs */
5910 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5911 if (!NT_STATUS_IS_OK(status)) {
5915 /* Ensure the dst smb_fname contains a '/' */
5916 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5918 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5919 smb_fname_dst->base_name);
5921 status = NT_STATUS_NO_MEMORY;
5924 TALLOC_FREE(smb_fname_dst->base_name);
5925 smb_fname_dst->base_name = tmp;
5929 * Check for special case with case preserving and not
5930 * case sensitive. If the old last component differs from the original
5931 * last component only by case, then we should allow
5932 * the rename (user is trying to change the case of the
5935 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5936 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5937 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
5939 char *fname_dst_lcomp_base_mod = NULL;
5940 struct smb_filename *smb_fname_orig_lcomp = NULL;
5943 * Get the last component of the destination name. Note that
5944 * we guarantee that destination name contains a '/' character
5947 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5948 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5949 if (!fname_dst_lcomp_base_mod) {
5950 status = NT_STATUS_NO_MEMORY;
5955 * Create an smb_filename struct using the original last
5956 * component of the destination.
5958 status = create_synthetic_smb_fname_split(ctx,
5959 smb_fname_dst->original_lcomp, NULL,
5960 &smb_fname_orig_lcomp);
5961 if (!NT_STATUS_IS_OK(status)) {
5962 TALLOC_FREE(fname_dst_lcomp_base_mod);
5966 /* If the base names only differ by case, use original. */
5967 if(!strcsequal(fname_dst_lcomp_base_mod,
5968 smb_fname_orig_lcomp->base_name)) {
5971 * Replace the modified last component with the
5974 *last_slash = '\0'; /* Truncate at the '/' */
5975 tmp = talloc_asprintf(smb_fname_dst,
5977 smb_fname_dst->base_name,
5978 smb_fname_orig_lcomp->base_name);
5980 status = NT_STATUS_NO_MEMORY;
5981 TALLOC_FREE(fname_dst_lcomp_base_mod);
5982 TALLOC_FREE(smb_fname_orig_lcomp);
5985 TALLOC_FREE(smb_fname_dst->base_name);
5986 smb_fname_dst->base_name = tmp;
5989 /* If the stream_names only differ by case, use original. */
5990 if(!strcsequal(smb_fname_dst->stream_name,
5991 smb_fname_orig_lcomp->stream_name)) {
5993 /* Use the original stream. */
5994 tmp = talloc_strdup(smb_fname_dst,
5995 smb_fname_orig_lcomp->stream_name);
5997 status = NT_STATUS_NO_MEMORY;
5998 TALLOC_FREE(fname_dst_lcomp_base_mod);
5999 TALLOC_FREE(smb_fname_orig_lcomp);
6002 TALLOC_FREE(smb_fname_dst->stream_name);
6003 smb_fname_dst->stream_name = tmp;
6005 TALLOC_FREE(fname_dst_lcomp_base_mod);
6006 TALLOC_FREE(smb_fname_orig_lcomp);
6010 * If the src and dest names are identical - including case,
6011 * don't do the rename, just return success.
6014 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6015 strcsequal(fsp->fsp_name->stream_name,
6016 smb_fname_dst->stream_name)) {
6017 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
6018 "- returning success\n",
6019 smb_fname_str_dbg(smb_fname_dst)));
6020 status = NT_STATUS_OK;
6024 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
6025 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
6027 /* Return the correct error code if both names aren't streams. */
6028 if (!old_is_stream && new_is_stream) {
6029 status = NT_STATUS_OBJECT_NAME_INVALID;
6033 if (old_is_stream && !new_is_stream) {
6034 status = NT_STATUS_INVALID_PARAMETER;
6038 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6040 if(!replace_if_exists && dst_exists) {
6041 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6042 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6043 smb_fname_str_dbg(smb_fname_dst)));
6044 status = NT_STATUS_OBJECT_NAME_COLLISION;
6049 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6050 &smb_fname_dst->st);
6051 files_struct *dst_fsp = file_find_di_first(fileid);
6052 /* The file can be open when renaming a stream */
6053 if (dst_fsp && !new_is_stream) {
6054 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6055 status = NT_STATUS_ACCESS_DENIED;
6060 /* Ensure we have a valid stat struct for the source. */
6061 status = vfs_stat_fsp(fsp);
6062 if (!NT_STATUS_IS_OK(status)) {
6066 status = can_rename(conn, fsp, attrs);
6068 if (!NT_STATUS_IS_OK(status)) {
6069 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6070 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6071 smb_fname_str_dbg(smb_fname_dst)));
6072 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6073 status = NT_STATUS_ACCESS_DENIED;
6077 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6078 status = NT_STATUS_ACCESS_DENIED;
6081 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
6085 * We have the file open ourselves, so not being able to get the
6086 * corresponding share mode lock is a fatal error.
6089 SMB_ASSERT(lck != NULL);
6091 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6092 uint32 create_options = fsp->fh->private_options;
6094 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6095 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6096 smb_fname_str_dbg(smb_fname_dst)));
6098 if (lp_map_archive(SNUM(conn)) ||
6099 lp_store_dos_attributes(SNUM(conn))) {
6100 /* We must set the archive bit on the newly
6102 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
6103 uint32_t old_dosmode = dos_mode(conn,
6105 file_set_dosmode(conn,
6107 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
6113 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6116 rename_open_files(conn, lck, smb_fname_dst);
6119 * A rename acts as a new file create w.r.t. allowing an initial delete
6120 * on close, probably because in Windows there is a new handle to the
6121 * new file. If initial delete on close was requested but not
6122 * originally set, we need to set it here. This is probably not 100% correct,
6123 * but will work for the CIFSFS client which in non-posix mode
6124 * depends on these semantics. JRA.
6127 if (create_options & FILE_DELETE_ON_CLOSE) {
6128 status = can_set_delete_on_close(fsp, 0);
6130 if (NT_STATUS_IS_OK(status)) {
6131 /* Note that here we set the *inital* delete on close flag,
6132 * not the regular one. The magic gets handled in close. */
6133 fsp->initial_delete_on_close = True;
6137 status = NT_STATUS_OK;
6143 if (errno == ENOTDIR || errno == EISDIR) {
6144 status = NT_STATUS_OBJECT_NAME_COLLISION;
6146 status = map_nt_error_from_unix(errno);
6149 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6150 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6151 smb_fname_str_dbg(smb_fname_dst)));
6154 TALLOC_FREE(smb_fname_dst);
6159 /****************************************************************************
6160 The guts of the rename command, split out so it may be called by the NT SMB
6162 ****************************************************************************/
6164 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6165 connection_struct *conn,
6166 struct smb_request *req,
6167 struct smb_filename *smb_fname_src,
6168 struct smb_filename *smb_fname_dst,
6170 bool replace_if_exists,
6173 uint32_t access_mask)
6175 char *fname_src_dir = NULL;
6176 char *fname_src_mask = NULL;
6178 NTSTATUS status = NT_STATUS_OK;
6179 struct smb_Dir *dir_hnd = NULL;
6180 const char *dname = NULL;
6181 char *talloced = NULL;
6183 int create_options = 0;
6184 bool posix_pathnames = lp_posix_pathnames();
6187 * Split the old name into directory and last component
6188 * strings. Note that unix_convert may have stripped off a
6189 * leading ./ from both name and newname if the rename is
6190 * at the root of the share. We need to make sure either both
6191 * name and newname contain a / character or neither of them do
6192 * as this is checked in resolve_wildcards().
6195 /* Split up the directory from the filename/mask. */
6196 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6197 &fname_src_dir, &fname_src_mask);
6198 if (!NT_STATUS_IS_OK(status)) {
6199 status = NT_STATUS_NO_MEMORY;
6204 * We should only check the mangled cache
6205 * here if unix_convert failed. This means
6206 * that the path in 'mask' doesn't exist
6207 * on the file system and so we need to look
6208 * for a possible mangle. This patch from
6209 * Tine Smukavec <valentin.smukavec@hermes.si>.
6212 if (!VALID_STAT(smb_fname_src->st) &&
6213 mangle_is_mangled(fname_src_mask, conn->params)) {
6214 char *new_mask = NULL;
6215 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6218 TALLOC_FREE(fname_src_mask);
6219 fname_src_mask = new_mask;
6223 if (!src_has_wild) {
6227 * Only one file needs to be renamed. Append the mask back
6228 * onto the directory.
6230 TALLOC_FREE(smb_fname_src->base_name);
6231 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6235 if (!smb_fname_src->base_name) {
6236 status = NT_STATUS_NO_MEMORY;
6240 /* Ensure dst fname contains a '/' also */
6241 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
6243 tmp = talloc_asprintf(smb_fname_dst, "./%s",
6244 smb_fname_dst->base_name);
6246 status = NT_STATUS_NO_MEMORY;
6249 TALLOC_FREE(smb_fname_dst->base_name);
6250 smb_fname_dst->base_name = tmp;
6253 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6254 "case_preserve = %d, short case preserve = %d, "
6255 "directory = %s, newname = %s, "
6256 "last_component_dest = %s\n",
6257 conn->case_sensitive, conn->case_preserve,
6258 conn->short_case_preserve,
6259 smb_fname_str_dbg(smb_fname_src),
6260 smb_fname_str_dbg(smb_fname_dst),
6261 smb_fname_dst->original_lcomp));
6263 /* The dest name still may have wildcards. */
6264 if (dest_has_wild) {
6265 char *fname_dst_mod = NULL;
6266 if (!resolve_wildcards(smb_fname_dst,
6267 smb_fname_src->base_name,
6268 smb_fname_dst->base_name,
6270 DEBUG(6, ("rename_internals: resolve_wildcards "
6272 smb_fname_src->base_name,
6273 smb_fname_dst->base_name));
6274 status = NT_STATUS_NO_MEMORY;
6277 TALLOC_FREE(smb_fname_dst->base_name);
6278 smb_fname_dst->base_name = fname_dst_mod;
6281 ZERO_STRUCT(smb_fname_src->st);
6282 if (posix_pathnames) {
6283 SMB_VFS_LSTAT(conn, smb_fname_src);
6285 SMB_VFS_STAT(conn, smb_fname_src);
6288 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6289 create_options |= FILE_DIRECTORY_FILE;
6292 status = SMB_VFS_CREATE_FILE(
6295 0, /* root_dir_fid */
6296 smb_fname_src, /* fname */
6297 access_mask, /* access_mask */
6298 (FILE_SHARE_READ | /* share_access */
6300 FILE_OPEN, /* create_disposition*/
6301 create_options, /* create_options */
6302 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6303 0, /* oplock_request */
6304 0, /* allocation_size */
6305 0, /* private_flags */
6311 if (!NT_STATUS_IS_OK(status)) {
6312 DEBUG(3, ("Could not open rename source %s: %s\n",
6313 smb_fname_str_dbg(smb_fname_src),
6314 nt_errstr(status)));
6318 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6319 attrs, replace_if_exists);
6321 close_file(req, fsp, NORMAL_CLOSE);
6323 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6324 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6325 smb_fname_str_dbg(smb_fname_dst)));
6331 * Wildcards - process each file that matches.
6333 if (strequal(fname_src_mask, "????????.???")) {
6334 TALLOC_FREE(fname_src_mask);
6335 fname_src_mask = talloc_strdup(ctx, "*");
6336 if (!fname_src_mask) {
6337 status = NT_STATUS_NO_MEMORY;
6342 status = check_name(conn, fname_src_dir);
6343 if (!NT_STATUS_IS_OK(status)) {
6347 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6349 if (dir_hnd == NULL) {
6350 status = map_nt_error_from_unix(errno);
6354 status = NT_STATUS_NO_SUCH_FILE;
6356 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6357 * - gentest fix. JRA
6360 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6362 files_struct *fsp = NULL;
6363 char *destname = NULL;
6364 bool sysdir_entry = False;
6366 /* Quick check for "." and ".." */
6367 if (ISDOT(dname) || ISDOTDOT(dname)) {
6369 sysdir_entry = True;
6371 TALLOC_FREE(talloced);
6376 if (!is_visible_file(conn, fname_src_dir, dname,
6377 &smb_fname_src->st, false)) {
6378 TALLOC_FREE(talloced);
6382 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6383 TALLOC_FREE(talloced);
6388 status = NT_STATUS_OBJECT_NAME_INVALID;
6392 TALLOC_FREE(smb_fname_src->base_name);
6393 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6397 if (!smb_fname_src->base_name) {
6398 status = NT_STATUS_NO_MEMORY;
6402 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6403 smb_fname_dst->base_name,
6405 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6406 smb_fname_src->base_name, destname));
6407 TALLOC_FREE(talloced);
6411 status = NT_STATUS_NO_MEMORY;
6415 TALLOC_FREE(smb_fname_dst->base_name);
6416 smb_fname_dst->base_name = destname;
6418 ZERO_STRUCT(smb_fname_src->st);
6419 if (posix_pathnames) {
6420 SMB_VFS_LSTAT(conn, smb_fname_src);
6422 SMB_VFS_STAT(conn, smb_fname_src);
6427 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6428 create_options |= FILE_DIRECTORY_FILE;
6431 status = SMB_VFS_CREATE_FILE(
6434 0, /* root_dir_fid */
6435 smb_fname_src, /* fname */
6436 access_mask, /* access_mask */
6437 (FILE_SHARE_READ | /* share_access */
6439 FILE_OPEN, /* create_disposition*/
6440 create_options, /* create_options */
6441 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6442 0, /* oplock_request */
6443 0, /* allocation_size */
6444 0, /* private_flags */
6450 if (!NT_STATUS_IS_OK(status)) {
6451 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6452 "returned %s rename %s -> %s\n",
6454 smb_fname_str_dbg(smb_fname_src),
6455 smb_fname_str_dbg(smb_fname_dst)));
6459 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6461 if (!smb_fname_dst->original_lcomp) {
6462 status = NT_STATUS_NO_MEMORY;
6466 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6467 attrs, replace_if_exists);
6469 close_file(req, fsp, NORMAL_CLOSE);
6471 if (!NT_STATUS_IS_OK(status)) {
6472 DEBUG(3, ("rename_internals_fsp returned %s for "
6473 "rename %s -> %s\n", nt_errstr(status),
6474 smb_fname_str_dbg(smb_fname_src),
6475 smb_fname_str_dbg(smb_fname_dst)));
6481 DEBUG(3,("rename_internals: doing rename on %s -> "
6482 "%s\n", smb_fname_str_dbg(smb_fname_src),
6483 smb_fname_str_dbg(smb_fname_src)));
6484 TALLOC_FREE(talloced);
6486 TALLOC_FREE(dir_hnd);
6488 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6489 status = map_nt_error_from_unix(errno);
6493 TALLOC_FREE(talloced);
6494 TALLOC_FREE(fname_src_dir);
6495 TALLOC_FREE(fname_src_mask);
6499 /****************************************************************************
6501 ****************************************************************************/
6503 void reply_mv(struct smb_request *req)
6505 connection_struct *conn = req->conn;
6507 char *newname = NULL;
6511 bool src_has_wcard = False;
6512 bool dest_has_wcard = False;
6513 TALLOC_CTX *ctx = talloc_tos();
6514 struct smb_filename *smb_fname_src = NULL;
6515 struct smb_filename *smb_fname_dst = NULL;
6517 START_PROFILE(SMBmv);
6520 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6524 attrs = SVAL(req->vwv+0, 0);
6526 p = (const char *)req->buf + 1;
6527 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6528 &status, &src_has_wcard);
6529 if (!NT_STATUS_IS_OK(status)) {
6530 reply_nterror(req, status);
6534 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6535 &status, &dest_has_wcard);
6536 if (!NT_STATUS_IS_OK(status)) {
6537 reply_nterror(req, status);
6541 status = filename_convert(ctx,
6543 req->flags2 & FLAGS2_DFS_PATHNAMES,
6545 UCF_COND_ALLOW_WCARD_LCOMP,
6549 if (!NT_STATUS_IS_OK(status)) {
6550 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6551 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6552 ERRSRV, ERRbadpath);
6555 reply_nterror(req, status);
6559 status = filename_convert(ctx,
6561 req->flags2 & FLAGS2_DFS_PATHNAMES,
6563 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6567 if (!NT_STATUS_IS_OK(status)) {
6568 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6569 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6570 ERRSRV, ERRbadpath);
6573 reply_nterror(req, status);
6577 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6578 smb_fname_str_dbg(smb_fname_dst)));
6580 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6581 attrs, False, src_has_wcard, dest_has_wcard,
6583 if (!NT_STATUS_IS_OK(status)) {
6584 if (open_was_deferred(req->mid)) {
6585 /* We have re-scheduled this call. */
6588 reply_nterror(req, status);
6592 reply_outbuf(req, 0, 0);
6594 TALLOC_FREE(smb_fname_src);
6595 TALLOC_FREE(smb_fname_dst);
6600 /*******************************************************************
6601 Copy a file as part of a reply_copy.
6602 ******************************************************************/
6605 * TODO: check error codes on all callers
6608 NTSTATUS copy_file(TALLOC_CTX *ctx,
6609 connection_struct *conn,
6610 struct smb_filename *smb_fname_src,
6611 struct smb_filename *smb_fname_dst,
6614 bool target_is_directory)
6616 struct smb_filename *smb_fname_dst_tmp = NULL;
6618 files_struct *fsp1,*fsp2;
6620 uint32 new_create_disposition;
6624 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6625 if (!NT_STATUS_IS_OK(status)) {
6630 * If the target is a directory, extract the last component from the
6631 * src filename and append it to the dst filename
6633 if (target_is_directory) {
6636 /* dest/target can't be a stream if it's a directory. */
6637 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6639 p = strrchr_m(smb_fname_src->base_name,'/');
6643 p = smb_fname_src->base_name;
6645 smb_fname_dst_tmp->base_name =
6646 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6648 if (!smb_fname_dst_tmp->base_name) {
6649 status = NT_STATUS_NO_MEMORY;
6654 status = vfs_file_exist(conn, smb_fname_src);
6655 if (!NT_STATUS_IS_OK(status)) {
6659 if (!target_is_directory && count) {
6660 new_create_disposition = FILE_OPEN;
6662 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6664 &new_create_disposition,
6667 status = NT_STATUS_INVALID_PARAMETER;
6672 /* Open the src file for reading. */
6673 status = SMB_VFS_CREATE_FILE(
6676 0, /* root_dir_fid */
6677 smb_fname_src, /* fname */
6678 FILE_GENERIC_READ, /* access_mask */
6679 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6680 FILE_OPEN, /* create_disposition*/
6681 0, /* create_options */
6682 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6683 INTERNAL_OPEN_ONLY, /* oplock_request */
6684 0, /* allocation_size */
6685 0, /* private_flags */
6691 if (!NT_STATUS_IS_OK(status)) {
6695 dosattrs = dos_mode(conn, smb_fname_src);
6697 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6698 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6701 /* Open the dst file for writing. */
6702 status = SMB_VFS_CREATE_FILE(
6705 0, /* root_dir_fid */
6706 smb_fname_dst, /* fname */
6707 FILE_GENERIC_WRITE, /* access_mask */
6708 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6709 new_create_disposition, /* create_disposition*/
6710 0, /* create_options */
6711 dosattrs, /* file_attributes */
6712 INTERNAL_OPEN_ONLY, /* oplock_request */
6713 0, /* allocation_size */
6714 0, /* private_flags */
6720 if (!NT_STATUS_IS_OK(status)) {
6721 close_file(NULL, fsp1, ERROR_CLOSE);
6725 if ((ofun&3) == 1) {
6726 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6727 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6729 * Stop the copy from occurring.
6732 smb_fname_src->st.st_ex_size = 0;
6736 /* Do the actual copy. */
6737 if (smb_fname_src->st.st_ex_size) {
6738 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6741 close_file(NULL, fsp1, NORMAL_CLOSE);
6743 /* Ensure the modtime is set correctly on the destination file. */
6744 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6747 * As we are opening fsp1 read-only we only expect
6748 * an error on close on fsp2 if we are out of space.
6749 * Thus we don't look at the error return from the
6752 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6754 if (!NT_STATUS_IS_OK(status)) {
6758 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6759 status = NT_STATUS_DISK_FULL;
6763 status = NT_STATUS_OK;
6766 TALLOC_FREE(smb_fname_dst_tmp);
6770 /****************************************************************************
6771 Reply to a file copy.
6772 ****************************************************************************/
6774 void reply_copy(struct smb_request *req)
6776 connection_struct *conn = req->conn;
6777 struct smb_filename *smb_fname_src = NULL;
6778 struct smb_filename *smb_fname_dst = NULL;
6779 char *fname_src = NULL;
6780 char *fname_dst = NULL;
6781 char *fname_src_mask = NULL;
6782 char *fname_src_dir = NULL;
6785 int error = ERRnoaccess;
6789 bool target_is_directory=False;
6790 bool source_has_wild = False;
6791 bool dest_has_wild = False;
6793 TALLOC_CTX *ctx = talloc_tos();
6795 START_PROFILE(SMBcopy);
6798 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6802 tid2 = SVAL(req->vwv+0, 0);
6803 ofun = SVAL(req->vwv+1, 0);
6804 flags = SVAL(req->vwv+2, 0);
6806 p = (const char *)req->buf;
6807 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6808 &status, &source_has_wild);
6809 if (!NT_STATUS_IS_OK(status)) {
6810 reply_nterror(req, status);
6813 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6814 &status, &dest_has_wild);
6815 if (!NT_STATUS_IS_OK(status)) {
6816 reply_nterror(req, status);
6820 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6822 if (tid2 != conn->cnum) {
6823 /* can't currently handle inter share copies XXXX */
6824 DEBUG(3,("Rejecting inter-share copy\n"));
6825 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
6829 status = filename_convert(ctx, conn,
6830 req->flags2 & FLAGS2_DFS_PATHNAMES,
6832 UCF_COND_ALLOW_WCARD_LCOMP,
6835 if (!NT_STATUS_IS_OK(status)) {
6836 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6837 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6838 ERRSRV, ERRbadpath);
6841 reply_nterror(req, status);
6845 status = filename_convert(ctx, conn,
6846 req->flags2 & FLAGS2_DFS_PATHNAMES,
6848 UCF_COND_ALLOW_WCARD_LCOMP,
6851 if (!NT_STATUS_IS_OK(status)) {
6852 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6853 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6854 ERRSRV, ERRbadpath);
6857 reply_nterror(req, status);
6861 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6863 if ((flags&1) && target_is_directory) {
6864 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
6868 if ((flags&2) && !target_is_directory) {
6869 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
6873 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6874 /* wants a tree copy! XXXX */
6875 DEBUG(3,("Rejecting tree copy\n"));
6876 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6880 /* Split up the directory from the filename/mask. */
6881 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6882 &fname_src_dir, &fname_src_mask);
6883 if (!NT_STATUS_IS_OK(status)) {
6884 reply_nterror(req, NT_STATUS_NO_MEMORY);
6889 * We should only check the mangled cache
6890 * here if unix_convert failed. This means
6891 * that the path in 'mask' doesn't exist
6892 * on the file system and so we need to look
6893 * for a possible mangle. This patch from
6894 * Tine Smukavec <valentin.smukavec@hermes.si>.
6896 if (!VALID_STAT(smb_fname_src->st) &&
6897 mangle_is_mangled(fname_src_mask, conn->params)) {
6898 char *new_mask = NULL;
6899 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6900 &new_mask, conn->params);
6902 /* Use demangled name if one was successfully found. */
6904 TALLOC_FREE(fname_src_mask);
6905 fname_src_mask = new_mask;
6909 if (!source_has_wild) {
6912 * Only one file needs to be copied. Append the mask back onto
6915 TALLOC_FREE(smb_fname_src->base_name);
6916 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6920 if (!smb_fname_src->base_name) {
6921 reply_nterror(req, NT_STATUS_NO_MEMORY);
6925 if (dest_has_wild) {
6926 char *fname_dst_mod = NULL;
6927 if (!resolve_wildcards(smb_fname_dst,
6928 smb_fname_src->base_name,
6929 smb_fname_dst->base_name,
6931 reply_nterror(req, NT_STATUS_NO_MEMORY);
6934 TALLOC_FREE(smb_fname_dst->base_name);
6935 smb_fname_dst->base_name = fname_dst_mod;
6938 status = check_name(conn, smb_fname_src->base_name);
6939 if (!NT_STATUS_IS_OK(status)) {
6940 reply_nterror(req, status);
6944 status = check_name(conn, smb_fname_dst->base_name);
6945 if (!NT_STATUS_IS_OK(status)) {
6946 reply_nterror(req, status);
6950 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6951 ofun, count, target_is_directory);
6953 if(!NT_STATUS_IS_OK(status)) {
6954 reply_nterror(req, status);
6960 struct smb_Dir *dir_hnd = NULL;
6961 const char *dname = NULL;
6962 char *talloced = NULL;
6966 * There is a wildcard that requires us to actually read the
6967 * src dir and copy each file matching the mask to the dst.
6968 * Right now streams won't be copied, but this could
6969 * presumably be added with a nested loop for reach dir entry.
6971 SMB_ASSERT(!smb_fname_src->stream_name);
6972 SMB_ASSERT(!smb_fname_dst->stream_name);
6974 smb_fname_src->stream_name = NULL;
6975 smb_fname_dst->stream_name = NULL;
6977 if (strequal(fname_src_mask,"????????.???")) {
6978 TALLOC_FREE(fname_src_mask);
6979 fname_src_mask = talloc_strdup(ctx, "*");
6980 if (!fname_src_mask) {
6981 reply_nterror(req, NT_STATUS_NO_MEMORY);
6986 status = check_name(conn, fname_src_dir);
6987 if (!NT_STATUS_IS_OK(status)) {
6988 reply_nterror(req, status);
6992 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6993 if (dir_hnd == NULL) {
6994 status = map_nt_error_from_unix(errno);
6995 reply_nterror(req, status);
7001 /* Iterate over the src dir copying each entry to the dst. */
7002 while ((dname = ReadDirName(dir_hnd, &offset,
7003 &smb_fname_src->st, &talloced))) {
7004 char *destname = NULL;
7006 if (ISDOT(dname) || ISDOTDOT(dname)) {
7007 TALLOC_FREE(talloced);
7011 if (!is_visible_file(conn, fname_src_dir, dname,
7012 &smb_fname_src->st, false)) {
7013 TALLOC_FREE(talloced);
7017 if(!mask_match(dname, fname_src_mask,
7018 conn->case_sensitive)) {
7019 TALLOC_FREE(talloced);
7023 error = ERRnoaccess;
7025 /* Get the src smb_fname struct setup. */
7026 TALLOC_FREE(smb_fname_src->base_name);
7027 smb_fname_src->base_name =
7028 talloc_asprintf(smb_fname_src, "%s/%s",
7029 fname_src_dir, dname);
7031 if (!smb_fname_src->base_name) {
7032 TALLOC_FREE(dir_hnd);
7033 TALLOC_FREE(talloced);
7034 reply_nterror(req, NT_STATUS_NO_MEMORY);
7038 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
7039 smb_fname_dst->base_name,
7041 TALLOC_FREE(talloced);
7045 TALLOC_FREE(dir_hnd);
7046 TALLOC_FREE(talloced);
7047 reply_nterror(req, NT_STATUS_NO_MEMORY);
7051 TALLOC_FREE(smb_fname_dst->base_name);
7052 smb_fname_dst->base_name = destname;
7054 status = check_name(conn, smb_fname_src->base_name);
7055 if (!NT_STATUS_IS_OK(status)) {
7056 TALLOC_FREE(dir_hnd);
7057 TALLOC_FREE(talloced);
7058 reply_nterror(req, status);
7062 status = check_name(conn, smb_fname_dst->base_name);
7063 if (!NT_STATUS_IS_OK(status)) {
7064 TALLOC_FREE(dir_hnd);
7065 TALLOC_FREE(talloced);
7066 reply_nterror(req, status);
7070 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7071 smb_fname_src->base_name,
7072 smb_fname_dst->base_name));
7074 status = copy_file(ctx, conn, smb_fname_src,
7075 smb_fname_dst, ofun, count,
7076 target_is_directory);
7077 if (NT_STATUS_IS_OK(status)) {
7081 TALLOC_FREE(talloced);
7083 TALLOC_FREE(dir_hnd);
7087 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
7091 reply_outbuf(req, 1, 0);
7092 SSVAL(req->outbuf,smb_vwv0,count);
7094 TALLOC_FREE(smb_fname_src);
7095 TALLOC_FREE(smb_fname_dst);
7096 TALLOC_FREE(fname_src);
7097 TALLOC_FREE(fname_dst);
7098 TALLOC_FREE(fname_src_mask);
7099 TALLOC_FREE(fname_src_dir);
7101 END_PROFILE(SMBcopy);
7106 #define DBGC_CLASS DBGC_LOCKING
7108 /****************************************************************************
7109 Get a lock pid, dealing with large count requests.
7110 ****************************************************************************/
7112 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
7113 bool large_file_format)
7115 if(!large_file_format)
7116 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
7118 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7121 /****************************************************************************
7122 Get a lock count, dealing with large count requests.
7123 ****************************************************************************/
7125 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7126 bool large_file_format)
7130 if(!large_file_format) {
7131 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7134 #if defined(HAVE_LONGLONG)
7135 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7136 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7137 #else /* HAVE_LONGLONG */
7140 * NT4.x seems to be broken in that it sends large file (64 bit)
7141 * lockingX calls even if the CAP_LARGE_FILES was *not*
7142 * negotiated. For boxes without large unsigned ints truncate the
7143 * lock count by dropping the top 32 bits.
7146 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7147 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7148 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7149 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7150 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7153 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7154 #endif /* HAVE_LONGLONG */
7160 #if !defined(HAVE_LONGLONG)
7161 /****************************************************************************
7162 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7163 ****************************************************************************/
7165 static uint32 map_lock_offset(uint32 high, uint32 low)
7169 uint32 highcopy = high;
7172 * Try and find out how many significant bits there are in high.
7175 for(i = 0; highcopy; i++)
7179 * We use 31 bits not 32 here as POSIX
7180 * lock offsets may not be negative.
7183 mask = (~0) << (31 - i);
7186 return 0; /* Fail. */
7192 #endif /* !defined(HAVE_LONGLONG) */
7194 /****************************************************************************
7195 Get a lock offset, dealing with large offset requests.
7196 ****************************************************************************/
7198 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7199 bool large_file_format, bool *err)
7201 uint64_t offset = 0;
7205 if(!large_file_format) {
7206 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7209 #if defined(HAVE_LONGLONG)
7210 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7211 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7212 #else /* HAVE_LONGLONG */
7215 * NT4.x seems to be broken in that it sends large file (64 bit)
7216 * lockingX calls even if the CAP_LARGE_FILES was *not*
7217 * negotiated. For boxes without large unsigned ints mangle the
7218 * lock offset by mapping the top 32 bits onto the lower 32.
7221 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7222 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7223 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7226 if((new_low = map_lock_offset(high, low)) == 0) {
7228 return (uint64_t)-1;
7231 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7232 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7233 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7234 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7237 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7238 #endif /* HAVE_LONGLONG */
7244 NTSTATUS smbd_do_locking(struct smb_request *req,
7248 uint16_t num_ulocks,
7249 struct smbd_lock_element *ulocks,
7251 struct smbd_lock_element *locks,
7254 connection_struct *conn = req->conn;
7256 NTSTATUS status = NT_STATUS_OK;
7260 /* Data now points at the beginning of the list
7261 of smb_unlkrng structs */
7262 for(i = 0; i < (int)num_ulocks; i++) {
7263 struct smbd_lock_element *e = &ulocks[i];
7265 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7266 "pid %u, file %s\n",
7269 (unsigned int)e->smblctx,
7272 if (e->brltype != UNLOCK_LOCK) {
7273 /* this can only happen with SMB2 */
7274 return NT_STATUS_INVALID_PARAMETER;
7277 status = do_unlock(req->sconn->msg_ctx,
7284 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7285 nt_errstr(status)));
7287 if (!NT_STATUS_IS_OK(status)) {
7292 /* Setup the timeout in seconds. */
7294 if (!lp_blocking_locks(SNUM(conn))) {
7298 /* Data now points at the beginning of the list
7299 of smb_lkrng structs */
7301 for(i = 0; i < (int)num_locks; i++) {
7302 struct smbd_lock_element *e = &locks[i];
7304 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7305 "%llu, file %s timeout = %d\n",
7308 (unsigned long long)e->smblctx,
7312 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7313 struct blocking_lock_record *blr = NULL;
7315 if (num_locks > 1) {
7317 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7318 * if the lock vector contains one entry. When given mutliple cancel
7319 * requests in a single PDU we expect the server to return an
7320 * error. Windows servers seem to accept the request but only
7321 * cancel the first lock.
7322 * JRA - Do what Windows does (tm) :-).
7326 /* MS-CIFS (2.2.4.32.1) behavior. */
7327 return NT_STATUS_DOS(ERRDOS,
7328 ERRcancelviolation);
7330 /* Windows behavior. */
7332 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7333 "cancel request\n"));
7339 if (lp_blocking_locks(SNUM(conn))) {
7341 /* Schedule a message to ourselves to
7342 remove the blocking lock record and
7343 return the right error. */
7345 blr = blocking_lock_cancel_smb1(fsp,
7351 NT_STATUS_FILE_LOCK_CONFLICT);
7353 return NT_STATUS_DOS(
7355 ERRcancelviolation);
7358 /* Remove a matching pending lock. */
7359 status = do_lock_cancel(fsp,
7366 bool blocking_lock = timeout ? true : false;
7367 bool defer_lock = false;
7368 struct byte_range_lock *br_lck;
7369 uint64_t block_smblctx;
7371 br_lck = do_lock(req->sconn->msg_ctx,
7383 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7384 /* Windows internal resolution for blocking locks seems
7385 to be about 200ms... Don't wait for less than that. JRA. */
7386 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7387 timeout = lp_lock_spin_time();
7392 /* If a lock sent with timeout of zero would fail, and
7393 * this lock has been requested multiple times,
7394 * according to brl_lock_failed() we convert this
7395 * request to a blocking lock with a timeout of between
7396 * 150 - 300 milliseconds.
7398 * If lp_lock_spin_time() has been set to 0, we skip
7399 * this blocking retry and fail immediately.
7401 * Replacement for do_lock_spin(). JRA. */
7403 if (!req->sconn->using_smb2 &&
7404 br_lck && lp_blocking_locks(SNUM(conn)) &&
7405 lp_lock_spin_time() && !blocking_lock &&
7406 NT_STATUS_EQUAL((status),
7407 NT_STATUS_FILE_LOCK_CONFLICT))
7410 timeout = lp_lock_spin_time();
7413 if (br_lck && defer_lock) {
7415 * A blocking lock was requested. Package up
7416 * this smb into a queued request and push it
7417 * onto the blocking lock queue.
7419 if(push_blocking_lock_request(br_lck,
7430 TALLOC_FREE(br_lck);
7432 return NT_STATUS_OK;
7436 TALLOC_FREE(br_lck);
7439 if (!NT_STATUS_IS_OK(status)) {
7444 /* If any of the above locks failed, then we must unlock
7445 all of the previous locks (X/Open spec). */
7447 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7449 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7450 i = -1; /* we want to skip the for loop */
7454 * Ensure we don't do a remove on the lock that just failed,
7455 * as under POSIX rules, if we have a lock already there, we
7456 * will delete it (and we shouldn't) .....
7458 for(i--; i >= 0; i--) {
7459 struct smbd_lock_element *e = &locks[i];
7461 do_unlock(req->sconn->msg_ctx,
7471 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7472 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7474 return NT_STATUS_OK;
7477 /****************************************************************************
7478 Reply to a lockingX request.
7479 ****************************************************************************/
7481 void reply_lockingX(struct smb_request *req)
7483 connection_struct *conn = req->conn;
7485 unsigned char locktype;
7486 unsigned char oplocklevel;
7491 const uint8_t *data;
7492 bool large_file_format;
7494 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7495 struct smbd_lock_element *ulocks;
7496 struct smbd_lock_element *locks;
7499 START_PROFILE(SMBlockingX);
7502 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7503 END_PROFILE(SMBlockingX);
7507 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7508 locktype = CVAL(req->vwv+3, 0);
7509 oplocklevel = CVAL(req->vwv+3, 1);
7510 num_ulocks = SVAL(req->vwv+6, 0);
7511 num_locks = SVAL(req->vwv+7, 0);
7512 lock_timeout = IVAL(req->vwv+4, 0);
7513 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7515 if (!check_fsp(conn, req, fsp)) {
7516 END_PROFILE(SMBlockingX);
7522 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7523 /* we don't support these - and CANCEL_LOCK makes w2k
7524 and XP reboot so I don't really want to be
7525 compatible! (tridge) */
7526 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7527 END_PROFILE(SMBlockingX);
7531 /* Check if this is an oplock break on a file
7532 we have granted an oplock on.
7534 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7535 /* Client can insist on breaking to none. */
7536 bool break_to_none = (oplocklevel == 0);
7539 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7540 "for fnum = %d\n", (unsigned int)oplocklevel,
7544 * Make sure we have granted an exclusive or batch oplock on
7548 if (fsp->oplock_type == 0) {
7550 /* The Samba4 nbench simulator doesn't understand
7551 the difference between break to level2 and break
7552 to none from level2 - it sends oplock break
7553 replies in both cases. Don't keep logging an error
7554 message here - just ignore it. JRA. */
7556 DEBUG(5,("reply_lockingX: Error : oplock break from "
7557 "client for fnum = %d (oplock=%d) and no "
7558 "oplock granted on this file (%s).\n",
7559 fsp->fnum, fsp->oplock_type,
7562 /* if this is a pure oplock break request then don't
7564 if (num_locks == 0 && num_ulocks == 0) {
7565 END_PROFILE(SMBlockingX);
7568 END_PROFILE(SMBlockingX);
7569 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7574 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7576 result = remove_oplock(fsp);
7578 result = downgrade_oplock(fsp);
7582 DEBUG(0, ("reply_lockingX: error in removing "
7583 "oplock on file %s\n", fsp_str_dbg(fsp)));
7584 /* Hmmm. Is this panic justified? */
7585 smb_panic("internal tdb error");
7588 reply_to_oplock_break_requests(fsp);
7590 /* if this is a pure oplock break request then don't send a
7592 if (num_locks == 0 && num_ulocks == 0) {
7593 /* Sanity check - ensure a pure oplock break is not a
7595 if(CVAL(req->vwv+0, 0) != 0xff)
7596 DEBUG(0,("reply_lockingX: Error : pure oplock "
7597 "break is a chained %d request !\n",
7598 (unsigned int)CVAL(req->vwv+0, 0)));
7599 END_PROFILE(SMBlockingX);
7605 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7606 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7607 END_PROFILE(SMBlockingX);
7611 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7612 if (ulocks == NULL) {
7613 reply_nterror(req, NT_STATUS_NO_MEMORY);
7614 END_PROFILE(SMBlockingX);
7618 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7619 if (locks == NULL) {
7620 reply_nterror(req, NT_STATUS_NO_MEMORY);
7621 END_PROFILE(SMBlockingX);
7625 /* Data now points at the beginning of the list
7626 of smb_unlkrng structs */
7627 for(i = 0; i < (int)num_ulocks; i++) {
7628 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
7629 ulocks[i].count = get_lock_count(data, i, large_file_format);
7630 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7631 ulocks[i].brltype = UNLOCK_LOCK;
7634 * There is no error code marked "stupid client bug".... :-).
7637 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7638 END_PROFILE(SMBlockingX);
7643 /* Now do any requested locks */
7644 data += ((large_file_format ? 20 : 10)*num_ulocks);
7646 /* Data now points at the beginning of the list
7647 of smb_lkrng structs */
7649 for(i = 0; i < (int)num_locks; i++) {
7650 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
7651 locks[i].count = get_lock_count(data, i, large_file_format);
7652 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7654 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7655 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7656 locks[i].brltype = PENDING_READ_LOCK;
7658 locks[i].brltype = READ_LOCK;
7661 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7662 locks[i].brltype = PENDING_WRITE_LOCK;
7664 locks[i].brltype = WRITE_LOCK;
7669 * There is no error code marked "stupid client bug".... :-).
7672 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7673 END_PROFILE(SMBlockingX);
7678 status = smbd_do_locking(req, fsp,
7679 locktype, lock_timeout,
7683 if (!NT_STATUS_IS_OK(status)) {
7684 END_PROFILE(SMBlockingX);
7685 reply_nterror(req, status);
7689 END_PROFILE(SMBlockingX);
7693 reply_outbuf(req, 2, 0);
7695 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7696 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7698 END_PROFILE(SMBlockingX);
7703 #define DBGC_CLASS DBGC_ALL
7705 /****************************************************************************
7706 Reply to a SMBreadbmpx (read block multiplex) request.
7707 Always reply with an error, if someone has a platform really needs this,
7708 please contact vl@samba.org
7709 ****************************************************************************/
7711 void reply_readbmpx(struct smb_request *req)
7713 START_PROFILE(SMBreadBmpx);
7714 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7715 END_PROFILE(SMBreadBmpx);
7719 /****************************************************************************
7720 Reply to a SMBreadbs (read block multiplex secondary) request.
7721 Always reply with an error, if someone has a platform really needs this,
7722 please contact vl@samba.org
7723 ****************************************************************************/
7725 void reply_readbs(struct smb_request *req)
7727 START_PROFILE(SMBreadBs);
7728 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7729 END_PROFILE(SMBreadBs);
7733 /****************************************************************************
7734 Reply to a SMBsetattrE.
7735 ****************************************************************************/
7737 void reply_setattrE(struct smb_request *req)
7739 connection_struct *conn = req->conn;
7740 struct smb_file_time ft;
7744 START_PROFILE(SMBsetattrE);
7748 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7752 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7754 if(!fsp || (fsp->conn != conn)) {
7755 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7760 * Convert the DOS times into unix times.
7763 ft.atime = convert_time_t_to_timespec(
7764 srv_make_unix_date2(req->vwv+3));
7765 ft.mtime = convert_time_t_to_timespec(
7766 srv_make_unix_date2(req->vwv+5));
7767 ft.create_time = convert_time_t_to_timespec(
7768 srv_make_unix_date2(req->vwv+1));
7770 reply_outbuf(req, 0, 0);
7773 * Patch from Ray Frush <frush@engr.colostate.edu>
7774 * Sometimes times are sent as zero - ignore them.
7777 /* Ensure we have a valid stat struct for the source. */
7778 status = vfs_stat_fsp(fsp);
7779 if (!NT_STATUS_IS_OK(status)) {
7780 reply_nterror(req, status);
7784 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7785 if (!NT_STATUS_IS_OK(status)) {
7786 reply_nterror(req, status);
7790 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7793 (unsigned int)ft.atime.tv_sec,
7794 (unsigned int)ft.mtime.tv_sec,
7795 (unsigned int)ft.create_time.tv_sec
7798 END_PROFILE(SMBsetattrE);
7803 /* Back from the dead for OS/2..... JRA. */
7805 /****************************************************************************
7806 Reply to a SMBwritebmpx (write block multiplex primary) request.
7807 Always reply with an error, if someone has a platform really needs this,
7808 please contact vl@samba.org
7809 ****************************************************************************/
7811 void reply_writebmpx(struct smb_request *req)
7813 START_PROFILE(SMBwriteBmpx);
7814 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7815 END_PROFILE(SMBwriteBmpx);
7819 /****************************************************************************
7820 Reply to a SMBwritebs (write block multiplex secondary) request.
7821 Always reply with an error, if someone has a platform really needs this,
7822 please contact vl@samba.org
7823 ****************************************************************************/
7825 void reply_writebs(struct smb_request *req)
7827 START_PROFILE(SMBwriteBs);
7828 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7829 END_PROFILE(SMBwriteBs);
7833 /****************************************************************************
7834 Reply to a SMBgetattrE.
7835 ****************************************************************************/
7837 void reply_getattrE(struct smb_request *req)
7839 connection_struct *conn = req->conn;
7842 struct timespec create_ts;
7844 START_PROFILE(SMBgetattrE);
7847 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7848 END_PROFILE(SMBgetattrE);
7852 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7854 if(!fsp || (fsp->conn != conn)) {
7855 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7856 END_PROFILE(SMBgetattrE);
7860 /* Do an fstat on this file */
7862 reply_nterror(req, map_nt_error_from_unix(errno));
7863 END_PROFILE(SMBgetattrE);
7867 mode = dos_mode(conn, fsp->fsp_name);
7870 * Convert the times into dos times. Set create
7871 * date to be last modify date as UNIX doesn't save
7875 reply_outbuf(req, 11, 0);
7877 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
7878 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7879 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7880 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
7881 /* Should we check pending modtime here ? JRA */
7882 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7883 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
7886 SIVAL(req->outbuf, smb_vwv6, 0);
7887 SIVAL(req->outbuf, smb_vwv8, 0);
7889 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
7890 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
7891 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7893 SSVAL(req->outbuf,smb_vwv10, mode);
7895 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7897 END_PROFILE(SMBgetattrE);