2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern bool global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 bool *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
124 if (*s <= 0x1f || *s == '|') {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
174 /****************************************************************************
175 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
176 No wildcards allowed.
177 ****************************************************************************/
179 NTSTATUS check_path_syntax(char *path)
182 return check_path_syntax_internal(path, False, &ignore);
185 /****************************************************************************
186 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
187 Wildcards allowed - p_contains_wcard returns true if the last component contained
189 ****************************************************************************/
191 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
193 return check_path_syntax_internal(path, False, p_contains_wcard);
196 /****************************************************************************
197 Check the path for a POSIX client.
198 We're assuming here that '/' is not the second byte in any multibyte char
199 set (a safe assumption).
200 ****************************************************************************/
202 NTSTATUS check_path_syntax_posix(char *path)
205 return check_path_syntax_internal(path, True, &ignore);
208 /****************************************************************************
209 Pull a string and check the path allowing a wilcard - provide for error return.
210 ****************************************************************************/
212 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
220 bool *contains_wcard)
227 ret = srvstr_pull_buf_talloc(ctx,
234 ret = srvstr_pull_talloc(ctx,
244 *err = NT_STATUS_INVALID_PARAMETER;
248 *contains_wcard = False;
250 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
252 * For a DFS path the function parse_dfs_path()
253 * will do the path processing, just make a copy.
259 if (lp_posix_pathnames()) {
260 *err = check_path_syntax_posix(*pp_dest);
262 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
268 /****************************************************************************
269 Pull a string and check the path - provide for error return.
270 ****************************************************************************/
272 size_t srvstr_get_path(TALLOC_CTX *ctx,
286 ret = srvstr_pull_buf_talloc(ctx,
293 ret = srvstr_pull_talloc(ctx,
303 *err = NT_STATUS_INVALID_PARAMETER;
307 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
309 * For a DFS path the function parse_dfs_path()
310 * will do the path processing, just make a copy.
316 if (lp_posix_pathnames()) {
317 *err = check_path_syntax_posix(*pp_dest);
319 *err = check_path_syntax(*pp_dest);
325 /****************************************************************************
326 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
327 ****************************************************************************/
329 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
330 files_struct *fsp, struct current_user *user)
332 if (!(fsp) || !(conn)) {
333 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
337 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
343 /****************************************************************************
344 Check if we have a correct fsp pointing to a file. Replacement for the
346 ****************************************************************************/
348 bool check_fsp(connection_struct *conn, struct smb_request *req,
349 files_struct *fsp, struct current_user *user)
351 if (!check_fsp_open(conn, req, fsp, user)) {
354 if ((fsp)->is_directory) {
355 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
358 if ((fsp)->fh->fd == -1) {
359 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
362 (fsp)->num_smb_operations++;
366 /****************************************************************************
367 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
368 ****************************************************************************/
370 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
371 files_struct *fsp, struct current_user *user)
373 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
374 && (current_user.vuid==(fsp)->vuid)) {
378 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
382 /****************************************************************************
383 Reply to a (netbios-level) special message.
384 ****************************************************************************/
386 void reply_special(char *inbuf)
388 int msg_type = CVAL(inbuf,0);
389 int msg_flags = CVAL(inbuf,1);
394 * We only really use 4 bytes of the outbuf, but for the smb_setlen
395 * calculation & friends (srv_send_smb uses that) we need the full smb
398 char outbuf[smb_size];
400 static bool already_got_session = False;
404 memset(outbuf, '\0', sizeof(outbuf));
406 smb_setlen(outbuf,0);
409 case 0x81: /* session request */
411 if (already_got_session) {
412 exit_server_cleanly("multiple session request not permitted");
415 SCVAL(outbuf,0,0x82);
417 if (name_len(inbuf+4) > 50 ||
418 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
419 DEBUG(0,("Invalid name length in session request\n"));
422 name_extract(inbuf,4,name1);
423 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
424 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
427 set_local_machine_name(name1, True);
428 set_remote_machine_name(name2, True);
430 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
431 get_local_machine_name(), get_remote_machine_name(),
434 if (name_type == 'R') {
435 /* We are being asked for a pathworks session ---
437 SCVAL(outbuf, 0,0x83);
441 /* only add the client's machine name to the list
442 of possibly valid usernames if we are operating
443 in share mode security */
444 if (lp_security() == SEC_SHARE) {
445 add_session_user(get_remote_machine_name());
448 reload_services(True);
451 already_got_session = True;
454 case 0x89: /* session keepalive request
455 (some old clients produce this?) */
456 SCVAL(outbuf,0,SMBkeepalive);
460 case 0x82: /* positive session response */
461 case 0x83: /* negative session response */
462 case 0x84: /* retarget session response */
463 DEBUG(0,("Unexpected session response\n"));
466 case SMBkeepalive: /* session keepalive */
471 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
472 msg_type, msg_flags));
474 srv_send_smb(smbd_server_fd(), outbuf, false);
478 /****************************************************************************
480 conn POINTER CAN BE NULL HERE !
481 ****************************************************************************/
483 void reply_tcon(struct smb_request *req)
485 connection_struct *conn = req->conn;
487 char *service_buf = NULL;
488 char *password = NULL;
493 DATA_BLOB password_blob;
494 TALLOC_CTX *ctx = talloc_tos();
496 START_PROFILE(SMBtcon);
498 if (smb_buflen(req->inbuf) < 4) {
499 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
500 END_PROFILE(SMBtcon);
504 p = smb_buf(req->inbuf)+1;
505 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
506 &service_buf, p, STR_TERMINATE) + 1;
507 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
508 &password, p, STR_TERMINATE) + 1;
510 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
511 &dev, p, STR_TERMINATE) + 1;
513 if (service_buf == NULL || password == NULL || dev == NULL) {
514 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
515 END_PROFILE(SMBtcon);
518 p = strrchr_m(service_buf,'\\');
522 service = service_buf;
525 password_blob = data_blob(password, pwlen+1);
527 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
530 data_blob_clear_free(&password_blob);
533 reply_nterror(req, nt_status);
534 END_PROFILE(SMBtcon);
538 reply_outbuf(req, 2, 0);
539 SSVAL(req->outbuf,smb_vwv0,max_recv);
540 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
541 SSVAL(req->outbuf,smb_tid,conn->cnum);
543 DEBUG(3,("tcon service=%s cnum=%d\n",
544 service, conn->cnum));
546 END_PROFILE(SMBtcon);
550 /****************************************************************************
551 Reply to a tcon and X.
552 conn POINTER CAN BE NULL HERE !
553 ****************************************************************************/
555 void reply_tcon_and_X(struct smb_request *req)
557 connection_struct *conn = req->conn;
558 char *service = NULL;
560 TALLOC_CTX *ctx = talloc_tos();
561 /* what the cleint thinks the device is */
562 char *client_devicetype = NULL;
563 /* what the server tells the client the share represents */
564 const char *server_devicetype;
571 START_PROFILE(SMBtconX);
574 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
575 END_PROFILE(SMBtconX);
579 passlen = SVAL(req->inbuf,smb_vwv3);
580 tcon_flags = SVAL(req->inbuf,smb_vwv2);
582 /* we might have to close an old one */
583 if ((tcon_flags & 0x1) && conn) {
584 close_cnum(conn,req->vuid);
589 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
590 reply_doserror(req, ERRDOS, ERRbuftoosmall);
591 END_PROFILE(SMBtconX);
595 if (global_encrypted_passwords_negotiated) {
596 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
598 if (lp_security() == SEC_SHARE) {
600 * Security = share always has a pad byte
601 * after the password.
603 p = smb_buf(req->inbuf) + passlen + 1;
605 p = smb_buf(req->inbuf) + passlen;
608 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
610 /* Ensure correct termination */
611 password.data[passlen]=0;
612 p = smb_buf(req->inbuf) + passlen + 1;
615 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
619 data_blob_clear_free(&password);
620 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
621 END_PROFILE(SMBtconX);
626 * the service name can be either: \\server\share
627 * or share directly like on the DELL PowerVault 705
630 q = strchr_m(path+2,'\\');
632 data_blob_clear_free(&password);
633 reply_doserror(req, ERRDOS, ERRnosuchshare);
634 END_PROFILE(SMBtconX);
642 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
643 &client_devicetype, p,
644 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
646 if (client_devicetype == NULL) {
647 data_blob_clear_free(&password);
648 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
649 END_PROFILE(SMBtconX);
653 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
655 conn = make_connection(service, password, client_devicetype,
656 req->vuid, &nt_status);
659 data_blob_clear_free(&password);
662 reply_nterror(req, nt_status);
663 END_PROFILE(SMBtconX);
668 server_devicetype = "IPC";
669 else if ( IS_PRINT(conn) )
670 server_devicetype = "LPT1:";
672 server_devicetype = "A:";
674 if (Protocol < PROTOCOL_NT1) {
675 reply_outbuf(req, 2, 0);
676 if (message_push_string(&req->outbuf, server_devicetype,
677 STR_TERMINATE|STR_ASCII) == -1) {
678 reply_nterror(req, NT_STATUS_NO_MEMORY);
679 END_PROFILE(SMBtconX);
683 /* NT sets the fstype of IPC$ to the null string */
684 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
686 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
687 /* Return permissions. */
691 reply_outbuf(req, 7, 0);
694 perm1 = FILE_ALL_ACCESS;
695 perm2 = FILE_ALL_ACCESS;
697 perm1 = CAN_WRITE(conn) ?
702 SIVAL(req->outbuf, smb_vwv3, perm1);
703 SIVAL(req->outbuf, smb_vwv5, perm2);
705 reply_outbuf(req, 3, 0);
708 if ((message_push_string(&req->outbuf, server_devicetype,
709 STR_TERMINATE|STR_ASCII) == -1)
710 || (message_push_string(&req->outbuf, fstype,
711 STR_TERMINATE) == -1)) {
712 reply_nterror(req, NT_STATUS_NO_MEMORY);
713 END_PROFILE(SMBtconX);
717 /* what does setting this bit do? It is set by NT4 and
718 may affect the ability to autorun mounted cdroms */
719 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
720 (lp_csc_policy(SNUM(conn)) << 2));
722 init_dfsroot(conn, req->inbuf, req->outbuf);
726 DEBUG(3,("tconX service=%s \n",
729 /* set the incoming and outgoing tid to the just created one */
730 SSVAL(req->inbuf,smb_tid,conn->cnum);
731 SSVAL(req->outbuf,smb_tid,conn->cnum);
733 END_PROFILE(SMBtconX);
739 /****************************************************************************
740 Reply to an unknown type.
741 ****************************************************************************/
743 void reply_unknown_new(struct smb_request *req, uint8 type)
745 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
746 smb_fn_name(type), type, type));
747 reply_doserror(req, ERRSRV, ERRunknownsmb);
751 /****************************************************************************
753 conn POINTER CAN BE NULL HERE !
754 ****************************************************************************/
756 void reply_ioctl(struct smb_request *req)
758 connection_struct *conn = req->conn;
765 START_PROFILE(SMBioctl);
768 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
769 END_PROFILE(SMBioctl);
773 device = SVAL(req->inbuf,smb_vwv1);
774 function = SVAL(req->inbuf,smb_vwv2);
775 ioctl_code = (device << 16) + function;
777 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
779 switch (ioctl_code) {
780 case IOCTL_QUERY_JOB_INFO:
784 reply_doserror(req, ERRSRV, ERRnosupport);
785 END_PROFILE(SMBioctl);
789 reply_outbuf(req, 8, replysize+1);
790 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
791 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
792 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
793 p = smb_buf(req->outbuf);
794 memset(p, '\0', replysize+1); /* valgrind-safe. */
795 p += 1; /* Allow for alignment */
797 switch (ioctl_code) {
798 case IOCTL_QUERY_JOB_INFO:
800 files_struct *fsp = file_fsp(SVAL(req->inbuf,
803 reply_doserror(req, ERRDOS, ERRbadfid);
804 END_PROFILE(SMBioctl);
807 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
808 srvstr_push((char *)req->outbuf, req->flags2, p+2,
810 STR_TERMINATE|STR_ASCII);
812 srvstr_push((char *)req->outbuf, req->flags2,
813 p+18, lp_servicename(SNUM(conn)),
814 13, STR_TERMINATE|STR_ASCII);
822 END_PROFILE(SMBioctl);
826 /****************************************************************************
827 Strange checkpath NTSTATUS mapping.
828 ****************************************************************************/
830 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
832 /* Strange DOS error code semantics only for checkpath... */
833 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
834 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
835 /* We need to map to ERRbadpath */
836 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
842 /****************************************************************************
843 Reply to a checkpath.
844 ****************************************************************************/
846 void reply_checkpath(struct smb_request *req)
848 connection_struct *conn = req->conn;
850 SMB_STRUCT_STAT sbuf;
852 TALLOC_CTX *ctx = talloc_tos();
854 START_PROFILE(SMBcheckpath);
856 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
857 smb_buf(req->inbuf) + 1, 0,
858 STR_TERMINATE, &status);
859 if (!NT_STATUS_IS_OK(status)) {
860 status = map_checkpath_error((char *)req->inbuf, status);
861 reply_nterror(req, status);
862 END_PROFILE(SMBcheckpath);
866 status = resolve_dfspath(ctx, conn,
867 req->flags2 & FLAGS2_DFS_PATHNAMES,
870 if (!NT_STATUS_IS_OK(status)) {
871 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
872 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
874 END_PROFILE(SMBcheckpath);
880 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
882 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
883 if (!NT_STATUS_IS_OK(status)) {
887 status = check_name(conn, name);
888 if (!NT_STATUS_IS_OK(status)) {
889 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
893 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
894 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
895 status = map_nt_error_from_unix(errno);
899 if (!S_ISDIR(sbuf.st_mode)) {
900 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
902 END_PROFILE(SMBcheckpath);
906 reply_outbuf(req, 0, 0);
908 END_PROFILE(SMBcheckpath);
913 END_PROFILE(SMBcheckpath);
915 /* We special case this - as when a Windows machine
916 is parsing a path is steps through the components
917 one at a time - if a component fails it expects
918 ERRbadpath, not ERRbadfile.
920 status = map_checkpath_error((char *)req->inbuf, status);
921 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
923 * Windows returns different error codes if
924 * the parent directory is valid but not the
925 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
926 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
927 * if the path is invalid.
929 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
934 reply_nterror(req, status);
937 /****************************************************************************
939 ****************************************************************************/
941 void reply_getatr(struct smb_request *req)
943 connection_struct *conn = req->conn;
945 SMB_STRUCT_STAT sbuf;
951 TALLOC_CTX *ctx = talloc_tos();
953 START_PROFILE(SMBgetatr);
955 p = smb_buf(req->inbuf) + 1;
956 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
957 0, STR_TERMINATE, &status);
958 if (!NT_STATUS_IS_OK(status)) {
959 reply_nterror(req, status);
960 END_PROFILE(SMBgetatr);
964 status = resolve_dfspath(ctx, conn,
965 req->flags2 & FLAGS2_DFS_PATHNAMES,
968 if (!NT_STATUS_IS_OK(status)) {
969 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
970 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
972 END_PROFILE(SMBgetatr);
975 reply_nterror(req, status);
976 END_PROFILE(SMBgetatr);
980 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
981 under WfWg - weird! */
982 if (*fname == '\0') {
983 mode = aHIDDEN | aDIR;
984 if (!CAN_WRITE(conn)) {
990 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
991 if (!NT_STATUS_IS_OK(status)) {
992 reply_nterror(req, status);
993 END_PROFILE(SMBgetatr);
996 status = check_name(conn, fname);
997 if (!NT_STATUS_IS_OK(status)) {
998 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
999 reply_nterror(req, status);
1000 END_PROFILE(SMBgetatr);
1003 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1004 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1005 reply_unixerror(req, ERRDOS,ERRbadfile);
1006 END_PROFILE(SMBgetatr);
1010 mode = dos_mode(conn,fname,&sbuf);
1011 size = sbuf.st_size;
1012 mtime = sbuf.st_mtime;
1018 reply_outbuf(req, 10, 0);
1020 SSVAL(req->outbuf,smb_vwv0,mode);
1021 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1022 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1024 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1026 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1028 if (Protocol >= PROTOCOL_NT1) {
1029 SSVAL(req->outbuf, smb_flg2,
1030 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1033 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1035 END_PROFILE(SMBgetatr);
1039 /****************************************************************************
1041 ****************************************************************************/
1043 void reply_setatr(struct smb_request *req)
1045 struct timespec ts[2];
1046 connection_struct *conn = req->conn;
1050 SMB_STRUCT_STAT sbuf;
1053 TALLOC_CTX *ctx = talloc_tos();
1055 START_PROFILE(SMBsetatr);
1060 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1064 p = smb_buf(req->inbuf) + 1;
1065 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1066 0, STR_TERMINATE, &status);
1067 if (!NT_STATUS_IS_OK(status)) {
1068 reply_nterror(req, status);
1069 END_PROFILE(SMBsetatr);
1073 status = resolve_dfspath(ctx, conn,
1074 req->flags2 & FLAGS2_DFS_PATHNAMES,
1077 if (!NT_STATUS_IS_OK(status)) {
1078 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1079 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1080 ERRSRV, ERRbadpath);
1081 END_PROFILE(SMBsetatr);
1084 reply_nterror(req, status);
1085 END_PROFILE(SMBsetatr);
1089 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1090 if (!NT_STATUS_IS_OK(status)) {
1091 reply_nterror(req, status);
1092 END_PROFILE(SMBsetatr);
1096 status = check_name(conn, fname);
1097 if (!NT_STATUS_IS_OK(status)) {
1098 reply_nterror(req, status);
1099 END_PROFILE(SMBsetatr);
1103 if (fname[0] == '.' && fname[1] == '\0') {
1105 * Not sure here is the right place to catch this
1106 * condition. Might be moved to somewhere else later -- vl
1108 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1109 END_PROFILE(SMBsetatr);
1113 mode = SVAL(req->inbuf,smb_vwv0);
1114 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1116 ts[1] = convert_time_t_to_timespec(mtime);
1117 status = smb_set_file_time(conn, NULL, fname,
1119 if (!NT_STATUS_IS_OK(status)) {
1120 reply_unixerror(req, ERRDOS, ERRnoaccess);
1121 END_PROFILE(SMBsetatr);
1125 if (mode != FILE_ATTRIBUTE_NORMAL) {
1126 if (VALID_STAT_OF_DIR(sbuf))
1131 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1132 reply_unixerror(req, ERRDOS, ERRnoaccess);
1133 END_PROFILE(SMBsetatr);
1138 reply_outbuf(req, 0, 0);
1140 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1142 END_PROFILE(SMBsetatr);
1146 /****************************************************************************
1148 ****************************************************************************/
1150 void reply_dskattr(struct smb_request *req)
1152 connection_struct *conn = req->conn;
1153 SMB_BIG_UINT dfree,dsize,bsize;
1154 START_PROFILE(SMBdskattr);
1156 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1157 reply_unixerror(req, ERRHRD, ERRgeneral);
1158 END_PROFILE(SMBdskattr);
1162 reply_outbuf(req, 5, 0);
1164 if (Protocol <= PROTOCOL_LANMAN2) {
1165 double total_space, free_space;
1166 /* we need to scale this to a number that DOS6 can handle. We
1167 use floating point so we can handle large drives on systems
1168 that don't have 64 bit integers
1170 we end up displaying a maximum of 2G to DOS systems
1172 total_space = dsize * (double)bsize;
1173 free_space = dfree * (double)bsize;
1175 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1176 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1178 if (dsize > 0xFFFF) dsize = 0xFFFF;
1179 if (dfree > 0xFFFF) dfree = 0xFFFF;
1181 SSVAL(req->outbuf,smb_vwv0,dsize);
1182 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1183 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1184 SSVAL(req->outbuf,smb_vwv3,dfree);
1186 SSVAL(req->outbuf,smb_vwv0,dsize);
1187 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1188 SSVAL(req->outbuf,smb_vwv2,512);
1189 SSVAL(req->outbuf,smb_vwv3,dfree);
1192 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1194 END_PROFILE(SMBdskattr);
1198 /****************************************************************************
1200 Can be called from SMBsearch, SMBffirst or SMBfunique.
1201 ****************************************************************************/
1203 void reply_search(struct smb_request *req)
1205 connection_struct *conn = req->conn;
1207 char *directory = NULL;
1213 unsigned int numentries = 0;
1214 unsigned int maxentries = 0;
1215 bool finished = False;
1221 bool check_descend = False;
1222 bool expect_close = False;
1224 bool mask_contains_wcard = False;
1225 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1226 TALLOC_CTX *ctx = talloc_tos();
1227 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1229 START_PROFILE(SMBsearch);
1232 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1233 END_PROFILE(SMBsearch);
1237 if (lp_posix_pathnames()) {
1238 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1239 END_PROFILE(SMBsearch);
1243 /* If we were called as SMBffirst then we must expect close. */
1244 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1245 expect_close = True;
1248 reply_outbuf(req, 1, 3);
1249 maxentries = SVAL(req->inbuf,smb_vwv0);
1250 dirtype = SVAL(req->inbuf,smb_vwv1);
1251 p = smb_buf(req->inbuf) + 1;
1252 p += srvstr_get_path_wcard(ctx,
1260 &mask_contains_wcard);
1261 if (!NT_STATUS_IS_OK(nt_status)) {
1262 reply_nterror(req, nt_status);
1263 END_PROFILE(SMBsearch);
1267 nt_status = resolve_dfspath_wcard(ctx, conn,
1268 req->flags2 & FLAGS2_DFS_PATHNAMES,
1271 &mask_contains_wcard);
1272 if (!NT_STATUS_IS_OK(nt_status)) {
1273 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1274 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1275 ERRSRV, ERRbadpath);
1276 END_PROFILE(SMBsearch);
1279 reply_nterror(req, nt_status);
1280 END_PROFILE(SMBsearch);
1285 status_len = SVAL(p, 0);
1288 /* dirtype &= ~aDIR; */
1290 if (status_len == 0) {
1291 SMB_STRUCT_STAT sbuf;
1293 nt_status = unix_convert(ctx, conn, path, True,
1294 &directory, NULL, &sbuf);
1295 if (!NT_STATUS_IS_OK(nt_status)) {
1296 reply_nterror(req, nt_status);
1297 END_PROFILE(SMBsearch);
1301 nt_status = check_name(conn, directory);
1302 if (!NT_STATUS_IS_OK(nt_status)) {
1303 reply_nterror(req, nt_status);
1304 END_PROFILE(SMBsearch);
1308 p = strrchr_m(directory,'/');
1311 directory = talloc_strdup(ctx,".");
1313 reply_nterror(req, NT_STATUS_NO_MEMORY);
1314 END_PROFILE(SMBsearch);
1322 if (*directory == '\0') {
1323 directory = talloc_strdup(ctx,".");
1325 reply_nterror(req, NT_STATUS_NO_MEMORY);
1326 END_PROFILE(SMBsearch);
1330 memset((char *)status,'\0',21);
1331 SCVAL(status,0,(dirtype & 0x1F));
1333 nt_status = dptr_create(conn,
1339 mask_contains_wcard,
1342 if (!NT_STATUS_IS_OK(nt_status)) {
1343 reply_nterror(req, nt_status);
1344 END_PROFILE(SMBsearch);
1347 dptr_num = dptr_dnum(conn->dirptr);
1351 memcpy(status,p,21);
1352 status_dirtype = CVAL(status,0) & 0x1F;
1353 if (status_dirtype != (dirtype & 0x1F)) {
1354 dirtype = status_dirtype;
1357 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1358 if (!conn->dirptr) {
1361 string_set(&conn->dirpath,dptr_path(dptr_num));
1362 mask = dptr_wcard(dptr_num);
1367 * For a 'continue' search we have no string. So
1368 * check from the initial saved string.
1370 mask_contains_wcard = ms_has_wild(mask);
1371 dirtype = dptr_attr(dptr_num);
1374 DEBUG(4,("dptr_num is %d\n",dptr_num));
1376 if ((dirtype&0x1F) == aVOLID) {
1377 char buf[DIR_STRUCT_SIZE];
1378 memcpy(buf,status,21);
1379 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1380 0,aVOLID,0,!allow_long_path_components)) {
1381 reply_nterror(req, NT_STATUS_NO_MEMORY);
1382 END_PROFILE(SMBsearch);
1385 dptr_fill(buf+12,dptr_num);
1386 if (dptr_zero(buf+12) && (status_len==0)) {
1391 if (message_push_blob(&req->outbuf,
1392 data_blob_const(buf, sizeof(buf)))
1394 reply_nterror(req, NT_STATUS_NO_MEMORY);
1395 END_PROFILE(SMBsearch);
1403 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1406 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1407 conn->dirpath,lp_dontdescend(SNUM(conn))));
1408 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1409 check_descend = True;
1412 for (i=numentries;(i<maxentries) && !finished;i++) {
1413 finished = !get_dir_entry(ctx,
1424 char buf[DIR_STRUCT_SIZE];
1425 memcpy(buf,status,21);
1426 if (!make_dir_struct(ctx,
1433 !allow_long_path_components)) {
1434 reply_nterror(req, NT_STATUS_NO_MEMORY);
1435 END_PROFILE(SMBsearch);
1438 if (!dptr_fill(buf+12,dptr_num)) {
1441 if (message_push_blob(&req->outbuf,
1442 data_blob_const(buf, sizeof(buf)))
1444 reply_nterror(req, NT_STATUS_NO_MEMORY);
1445 END_PROFILE(SMBsearch);
1455 /* If we were called as SMBffirst with smb_search_id == NULL
1456 and no entries were found then return error and close dirptr
1459 if (numentries == 0) {
1460 dptr_close(&dptr_num);
1461 } else if(expect_close && status_len == 0) {
1462 /* Close the dptr - we know it's gone */
1463 dptr_close(&dptr_num);
1466 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1467 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1468 dptr_close(&dptr_num);
1471 if ((numentries == 0) && !mask_contains_wcard) {
1472 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1473 END_PROFILE(SMBsearch);
1477 SSVAL(req->outbuf,smb_vwv0,numentries);
1478 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1479 SCVAL(smb_buf(req->outbuf),0,5);
1480 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1482 /* The replies here are never long name. */
1483 SSVAL(req->outbuf, smb_flg2,
1484 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1485 if (!allow_long_path_components) {
1486 SSVAL(req->outbuf, smb_flg2,
1487 SVAL(req->outbuf, smb_flg2)
1488 & (~FLAGS2_LONG_PATH_COMPONENTS));
1491 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1492 SSVAL(req->outbuf, smb_flg2,
1493 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1496 directory = dptr_path(dptr_num);
1499 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1500 smb_fn_name(CVAL(req->inbuf,smb_com)),
1502 directory ? directory : "./",
1507 END_PROFILE(SMBsearch);
1511 /****************************************************************************
1512 Reply to a fclose (stop directory search).
1513 ****************************************************************************/
1515 void reply_fclose(struct smb_request *req)
1523 bool path_contains_wcard = False;
1524 TALLOC_CTX *ctx = talloc_tos();
1526 START_PROFILE(SMBfclose);
1528 if (lp_posix_pathnames()) {
1529 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1530 END_PROFILE(SMBfclose);
1534 p = smb_buf(req->inbuf) + 1;
1535 p += srvstr_get_path_wcard(ctx,
1543 &path_contains_wcard);
1544 if (!NT_STATUS_IS_OK(err)) {
1545 reply_nterror(req, err);
1546 END_PROFILE(SMBfclose);
1550 status_len = SVAL(p,0);
1553 if (status_len == 0) {
1554 reply_doserror(req, ERRSRV, ERRsrverror);
1555 END_PROFILE(SMBfclose);
1559 memcpy(status,p,21);
1561 if(dptr_fetch(status+12,&dptr_num)) {
1562 /* Close the dptr - we know it's gone */
1563 dptr_close(&dptr_num);
1566 reply_outbuf(req, 1, 0);
1567 SSVAL(req->outbuf,smb_vwv0,0);
1569 DEBUG(3,("search close\n"));
1571 END_PROFILE(SMBfclose);
1575 /****************************************************************************
1577 ****************************************************************************/
1579 void reply_open(struct smb_request *req)
1581 connection_struct *conn = req->conn;
1587 SMB_STRUCT_STAT sbuf;
1594 uint32 create_disposition;
1595 uint32 create_options = 0;
1597 TALLOC_CTX *ctx = talloc_tos();
1599 START_PROFILE(SMBopen);
1602 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1603 END_PROFILE(SMBopen);
1607 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1608 deny_mode = SVAL(req->inbuf,smb_vwv0);
1609 dos_attr = SVAL(req->inbuf,smb_vwv1);
1611 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1612 smb_buf(req->inbuf)+1, 0,
1613 STR_TERMINATE, &status);
1614 if (!NT_STATUS_IS_OK(status)) {
1615 reply_nterror(req, status);
1616 END_PROFILE(SMBopen);
1620 if (!map_open_params_to_ntcreate(
1621 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1622 &share_mode, &create_disposition, &create_options)) {
1623 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1624 END_PROFILE(SMBopen);
1628 status = create_file(conn, /* conn */
1630 0, /* root_dir_fid */
1632 access_mask, /* access_mask */
1633 share_mode, /* share_access */
1634 create_disposition, /* create_disposition*/
1635 create_options, /* create_options */
1636 dos_attr, /* file_attributes */
1637 oplock_request, /* oplock_request */
1638 0, /* allocation_size */
1645 if (!NT_STATUS_IS_OK(status)) {
1646 if (open_was_deferred(req->mid)) {
1647 /* We have re-scheduled this call. */
1648 END_PROFILE(SMBopen);
1651 reply_openerror(req, status);
1652 END_PROFILE(SMBopen);
1656 size = sbuf.st_size;
1657 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1658 mtime = sbuf.st_mtime;
1661 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1662 close_file(fsp,ERROR_CLOSE);
1663 reply_doserror(req, ERRDOS,ERRnoaccess);
1664 END_PROFILE(SMBopen);
1668 reply_outbuf(req, 7, 0);
1669 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1670 SSVAL(req->outbuf,smb_vwv1,fattr);
1671 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1672 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1674 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1676 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1677 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1679 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1680 SCVAL(req->outbuf,smb_flg,
1681 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1684 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1685 SCVAL(req->outbuf,smb_flg,
1686 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1688 END_PROFILE(SMBopen);
1692 /****************************************************************************
1693 Reply to an open and X.
1694 ****************************************************************************/
1696 void reply_open_and_X(struct smb_request *req)
1698 connection_struct *conn = req->conn;
1703 /* Breakout the oplock request bits so we can set the
1704 reply bits separately. */
1705 int ex_oplock_request;
1706 int core_oplock_request;
1709 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1710 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1715 SMB_STRUCT_STAT sbuf;
1719 SMB_BIG_UINT allocation_size;
1720 ssize_t retval = -1;
1723 uint32 create_disposition;
1724 uint32 create_options = 0;
1725 TALLOC_CTX *ctx = talloc_tos();
1727 START_PROFILE(SMBopenX);
1729 if (req->wct < 15) {
1730 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1731 END_PROFILE(SMBopenX);
1735 open_flags = SVAL(req->inbuf,smb_vwv2);
1736 deny_mode = SVAL(req->inbuf,smb_vwv3);
1737 smb_attr = SVAL(req->inbuf,smb_vwv5);
1738 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1739 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1740 oplock_request = ex_oplock_request | core_oplock_request;
1741 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1742 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1744 /* If it's an IPC, pass off the pipe handler. */
1746 if (lp_nt_pipe_support()) {
1747 reply_open_pipe_and_X(conn, req);
1749 reply_doserror(req, ERRSRV, ERRaccess);
1751 END_PROFILE(SMBopenX);
1755 /* XXXX we need to handle passed times, sattr and flags */
1756 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1757 smb_buf(req->inbuf), 0, STR_TERMINATE,
1759 if (!NT_STATUS_IS_OK(status)) {
1760 reply_nterror(req, status);
1761 END_PROFILE(SMBopenX);
1765 if (!map_open_params_to_ntcreate(
1766 fname, deny_mode, smb_ofun, &access_mask,
1767 &share_mode, &create_disposition, &create_options)) {
1768 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1769 END_PROFILE(SMBopenX);
1773 status = create_file(conn, /* conn */
1775 0, /* root_dir_fid */
1777 access_mask, /* access_mask */
1778 share_mode, /* share_access */
1779 create_disposition, /* create_disposition*/
1780 create_options, /* create_options */
1781 smb_attr, /* file_attributes */
1782 oplock_request, /* oplock_request */
1783 0, /* allocation_size */
1787 &smb_action, /* pinfo */
1790 if (!NT_STATUS_IS_OK(status)) {
1791 END_PROFILE(SMBopenX);
1792 if (open_was_deferred(req->mid)) {
1793 /* We have re-scheduled this call. */
1796 reply_openerror(req, status);
1800 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1801 if the file is truncated or created. */
1802 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1803 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1804 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1805 close_file(fsp,ERROR_CLOSE);
1806 reply_nterror(req, NT_STATUS_DISK_FULL);
1807 END_PROFILE(SMBopenX);
1810 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1812 close_file(fsp,ERROR_CLOSE);
1813 reply_nterror(req, NT_STATUS_DISK_FULL);
1814 END_PROFILE(SMBopenX);
1817 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1820 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1821 mtime = sbuf.st_mtime;
1823 close_file(fsp,ERROR_CLOSE);
1824 reply_doserror(req, ERRDOS, ERRnoaccess);
1825 END_PROFILE(SMBopenX);
1829 /* If the caller set the extended oplock request bit
1830 and we granted one (by whatever means) - set the
1831 correct bit for extended oplock reply.
1834 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1835 smb_action |= EXTENDED_OPLOCK_GRANTED;
1838 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1839 smb_action |= EXTENDED_OPLOCK_GRANTED;
1842 /* If the caller set the core oplock request bit
1843 and we granted one (by whatever means) - set the
1844 correct bit for core oplock reply.
1847 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1848 reply_outbuf(req, 19, 0);
1850 reply_outbuf(req, 15, 0);
1853 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1854 SCVAL(req->outbuf, smb_flg,
1855 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1858 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1859 SCVAL(req->outbuf, smb_flg,
1860 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1863 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1864 SSVAL(req->outbuf,smb_vwv3,fattr);
1865 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1866 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1868 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1870 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1871 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1872 SSVAL(req->outbuf,smb_vwv11,smb_action);
1874 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1875 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1878 END_PROFILE(SMBopenX);
1883 /****************************************************************************
1884 Reply to a SMBulogoffX.
1885 ****************************************************************************/
1887 void reply_ulogoffX(struct smb_request *req)
1891 START_PROFILE(SMBulogoffX);
1893 vuser = get_valid_user_struct(req->vuid);
1896 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1900 /* in user level security we are supposed to close any files
1901 open by this user */
1902 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1903 file_close_user(req->vuid);
1906 invalidate_vuid(req->vuid);
1908 reply_outbuf(req, 2, 0);
1910 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1912 END_PROFILE(SMBulogoffX);
1916 /****************************************************************************
1917 Reply to a mknew or a create.
1918 ****************************************************************************/
1920 void reply_mknew(struct smb_request *req)
1922 connection_struct *conn = req->conn;
1926 struct timespec ts[2];
1928 int oplock_request = 0;
1929 SMB_STRUCT_STAT sbuf;
1931 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1932 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1933 uint32 create_disposition;
1934 uint32 create_options = 0;
1935 TALLOC_CTX *ctx = talloc_tos();
1937 START_PROFILE(SMBcreate);
1940 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1941 END_PROFILE(SMBcreate);
1945 fattr = SVAL(req->inbuf,smb_vwv0);
1946 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1947 com = SVAL(req->inbuf,smb_com);
1949 ts[1] =convert_time_t_to_timespec(
1950 srv_make_unix_date3(req->inbuf + smb_vwv1));
1953 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1954 smb_buf(req->inbuf) + 1, 0,
1955 STR_TERMINATE, &status);
1956 if (!NT_STATUS_IS_OK(status)) {
1957 reply_nterror(req, status);
1958 END_PROFILE(SMBcreate);
1962 if (fattr & aVOLID) {
1963 DEBUG(0,("Attempt to create file (%s) with volid set - "
1964 "please report this\n", fname));
1967 if(com == SMBmknew) {
1968 /* We should fail if file exists. */
1969 create_disposition = FILE_CREATE;
1971 /* Create if file doesn't exist, truncate if it does. */
1972 create_disposition = FILE_OVERWRITE_IF;
1975 status = create_file(conn, /* conn */
1977 0, /* root_dir_fid */
1979 access_mask, /* access_mask */
1980 share_mode, /* share_access */
1981 create_disposition, /* create_disposition*/
1982 create_options, /* create_options */
1983 fattr, /* file_attributes */
1984 oplock_request, /* oplock_request */
1985 0, /* allocation_size */
1992 if (!NT_STATUS_IS_OK(status)) {
1993 END_PROFILE(SMBcreate);
1994 if (open_was_deferred(req->mid)) {
1995 /* We have re-scheduled this call. */
1998 reply_openerror(req, status);
2002 ts[0] = get_atimespec(&sbuf); /* atime. */
2003 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, ts, true);
2004 if (!NT_STATUS_IS_OK(status)) {
2005 END_PROFILE(SMBcreate);
2006 reply_openerror(req, status);
2010 reply_outbuf(req, 1, 0);
2011 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2013 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2014 SCVAL(req->outbuf,smb_flg,
2015 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2018 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2019 SCVAL(req->outbuf,smb_flg,
2020 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2023 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2024 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2025 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2027 END_PROFILE(SMBcreate);
2031 /****************************************************************************
2032 Reply to a create temporary file.
2033 ****************************************************************************/
2035 void reply_ctemp(struct smb_request *req)
2037 connection_struct *conn = req->conn;
2043 SMB_STRUCT_STAT sbuf;
2046 TALLOC_CTX *ctx = talloc_tos();
2048 START_PROFILE(SMBctemp);
2051 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2052 END_PROFILE(SMBctemp);
2056 fattr = SVAL(req->inbuf,smb_vwv0);
2057 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2059 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2060 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2062 if (!NT_STATUS_IS_OK(status)) {
2063 reply_nterror(req, status);
2064 END_PROFILE(SMBctemp);
2068 fname = talloc_asprintf(ctx,
2072 fname = talloc_strdup(ctx, "TMXXXXXX");
2076 reply_nterror(req, NT_STATUS_NO_MEMORY);
2077 END_PROFILE(SMBctemp);
2081 status = resolve_dfspath(ctx, conn,
2082 req->flags2 & FLAGS2_DFS_PATHNAMES,
2085 if (!NT_STATUS_IS_OK(status)) {
2086 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2087 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2088 ERRSRV, ERRbadpath);
2089 END_PROFILE(SMBctemp);
2092 reply_nterror(req, status);
2093 END_PROFILE(SMBctemp);
2097 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2098 if (!NT_STATUS_IS_OK(status)) {
2099 reply_nterror(req, status);
2100 END_PROFILE(SMBctemp);
2104 status = check_name(conn, CONST_DISCARD(char *,fname));
2105 if (!NT_STATUS_IS_OK(status)) {
2106 reply_nterror(req, status);
2107 END_PROFILE(SMBctemp);
2111 tmpfd = smb_mkstemp(fname);
2113 reply_unixerror(req, ERRDOS, ERRnoaccess);
2114 END_PROFILE(SMBctemp);
2118 SMB_VFS_STAT(conn,fname,&sbuf);
2120 /* We should fail if file does not exist. */
2121 status = open_file_ntcreate(conn, req, fname, &sbuf,
2122 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2123 FILE_SHARE_READ|FILE_SHARE_WRITE,
2130 /* close fd from smb_mkstemp() */
2133 if (!NT_STATUS_IS_OK(status)) {
2134 if (open_was_deferred(req->mid)) {
2135 /* We have re-scheduled this call. */
2136 END_PROFILE(SMBctemp);
2139 reply_openerror(req, status);
2140 END_PROFILE(SMBctemp);
2144 reply_outbuf(req, 1, 0);
2145 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2147 /* the returned filename is relative to the directory */
2148 s = strrchr_m(fsp->fsp_name, '/');
2156 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2157 thing in the byte section. JRA */
2158 SSVALS(p, 0, -1); /* what is this? not in spec */
2160 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2162 reply_nterror(req, NT_STATUS_NO_MEMORY);
2163 END_PROFILE(SMBctemp);
2167 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2168 SCVAL(req->outbuf, smb_flg,
2169 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2172 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2173 SCVAL(req->outbuf, smb_flg,
2174 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2177 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2178 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2179 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2181 END_PROFILE(SMBctemp);
2185 /*******************************************************************
2186 Check if a user is allowed to rename a file.
2187 ********************************************************************/
2189 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2190 uint16 dirtype, SMB_STRUCT_STAT *pst)
2194 if (!CAN_WRITE(conn)) {
2195 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2198 fmode = dos_mode(conn, fsp->fsp_name, pst);
2199 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2200 return NT_STATUS_NO_SUCH_FILE;
2203 if (S_ISDIR(pst->st_mode)) {
2204 return NT_STATUS_OK;
2207 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2208 return NT_STATUS_OK;
2211 return NT_STATUS_ACCESS_DENIED;
2214 /*******************************************************************
2215 * unlink a file with all relevant access checks
2216 *******************************************************************/
2218 static NTSTATUS do_unlink(connection_struct *conn,
2219 struct smb_request *req,
2223 SMB_STRUCT_STAT sbuf;
2226 uint32 dirtype_orig = dirtype;
2229 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2231 if (!CAN_WRITE(conn)) {
2232 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2235 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2236 return map_nt_error_from_unix(errno);
2239 fattr = dos_mode(conn,fname,&sbuf);
2241 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2242 dirtype = aDIR|aARCH|aRONLY;
2245 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2247 return NT_STATUS_NO_SUCH_FILE;
2250 if (!dir_check_ftype(conn, fattr, dirtype)) {
2252 return NT_STATUS_FILE_IS_A_DIRECTORY;
2254 return NT_STATUS_NO_SUCH_FILE;
2257 if (dirtype_orig & 0x8000) {
2258 /* These will never be set for POSIX. */
2259 return NT_STATUS_NO_SUCH_FILE;
2263 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2264 return NT_STATUS_FILE_IS_A_DIRECTORY;
2267 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2268 return NT_STATUS_NO_SUCH_FILE;
2271 if (dirtype & 0xFF00) {
2272 /* These will never be set for POSIX. */
2273 return NT_STATUS_NO_SUCH_FILE;
2278 return NT_STATUS_NO_SUCH_FILE;
2281 /* Can't delete a directory. */
2283 return NT_STATUS_FILE_IS_A_DIRECTORY;
2288 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2289 return NT_STATUS_OBJECT_NAME_INVALID;
2290 #endif /* JRATEST */
2292 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2294 On a Windows share, a file with read-only dosmode can be opened with
2295 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2296 fails with NT_STATUS_CANNOT_DELETE error.
2298 This semantic causes a problem that a user can not
2299 rename a file with read-only dosmode on a Samba share
2300 from a Windows command prompt (i.e. cmd.exe, but can rename
2301 from Windows Explorer).
2304 if (!lp_delete_readonly(SNUM(conn))) {
2305 if (fattr & aRONLY) {
2306 return NT_STATUS_CANNOT_DELETE;
2310 /* On open checks the open itself will check the share mode, so
2311 don't do it here as we'll get it wrong. */
2313 status = create_file_unixpath
2317 DELETE_ACCESS, /* access_mask */
2318 FILE_SHARE_NONE, /* share_access */
2319 FILE_OPEN, /* create_disposition*/
2320 FILE_NON_DIRECTORY_FILE, /* create_options */
2321 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2322 0, /* oplock_request */
2323 0, /* allocation_size */
2330 if (!NT_STATUS_IS_OK(status)) {
2331 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2332 nt_errstr(status)));
2336 /* The set is across all open files on this dev/inode pair. */
2337 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2338 close_file(fsp, NORMAL_CLOSE);
2339 return NT_STATUS_ACCESS_DENIED;
2342 return close_file(fsp,NORMAL_CLOSE);
2345 /****************************************************************************
2346 The guts of the unlink command, split out so it may be called by the NT SMB
2348 ****************************************************************************/
2350 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2351 uint32 dirtype, const char *name_in, bool has_wild)
2353 const char *directory = NULL;
2358 NTSTATUS status = NT_STATUS_OK;
2359 SMB_STRUCT_STAT sbuf;
2360 TALLOC_CTX *ctx = talloc_tos();
2362 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2363 if (!NT_STATUS_IS_OK(status)) {
2367 p = strrchr_m(name,'/');
2369 directory = talloc_strdup(ctx, ".");
2371 return NT_STATUS_NO_MEMORY;
2381 * We should only check the mangled cache
2382 * here if unix_convert failed. This means
2383 * that the path in 'mask' doesn't exist
2384 * on the file system and so we need to look
2385 * for a possible mangle. This patch from
2386 * Tine Smukavec <valentin.smukavec@hermes.si>.
2389 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2390 char *new_mask = NULL;
2391 mangle_lookup_name_from_8_3(ctx,
2401 directory = talloc_asprintf(ctx,
2406 return NT_STATUS_NO_MEMORY;
2409 dirtype = FILE_ATTRIBUTE_NORMAL;
2412 status = check_name(conn, directory);
2413 if (!NT_STATUS_IS_OK(status)) {
2417 status = do_unlink(conn, req, directory, dirtype);
2418 if (!NT_STATUS_IS_OK(status)) {
2424 struct smb_Dir *dir_hnd = NULL;
2428 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2429 return NT_STATUS_OBJECT_NAME_INVALID;
2432 if (strequal(mask,"????????.???")) {
2437 status = check_name(conn, directory);
2438 if (!NT_STATUS_IS_OK(status)) {
2442 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2444 if (dir_hnd == NULL) {
2445 return map_nt_error_from_unix(errno);
2448 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2449 the pattern matches against the long name, otherwise the short name
2450 We don't implement this yet XXXX
2453 status = NT_STATUS_NO_SUCH_FILE;
2455 while ((dname = ReadDirName(dir_hnd, &offset))) {
2459 if (!is_visible_file(conn, directory, dname, &st, True)) {
2463 /* Quick check for "." and ".." */
2464 if (ISDOT(dname) || ISDOTDOT(dname)) {
2468 if(!mask_match(dname, mask, conn->case_sensitive)) {
2472 fname = talloc_asprintf(ctx, "%s/%s",
2476 return NT_STATUS_NO_MEMORY;
2479 status = check_name(conn, fname);
2480 if (!NT_STATUS_IS_OK(status)) {
2481 TALLOC_FREE(dir_hnd);
2485 status = do_unlink(conn, req, fname, dirtype);
2486 if (!NT_STATUS_IS_OK(status)) {
2492 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2497 TALLOC_FREE(dir_hnd);
2500 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2501 status = map_nt_error_from_unix(errno);
2507 /****************************************************************************
2509 ****************************************************************************/
2511 void reply_unlink(struct smb_request *req)
2513 connection_struct *conn = req->conn;
2517 bool path_contains_wcard = False;
2518 TALLOC_CTX *ctx = talloc_tos();
2520 START_PROFILE(SMBunlink);
2523 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2524 END_PROFILE(SMBunlink);
2528 dirtype = SVAL(req->inbuf,smb_vwv0);
2530 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2531 smb_buf(req->inbuf) + 1, 0,
2532 STR_TERMINATE, &status, &path_contains_wcard);
2533 if (!NT_STATUS_IS_OK(status)) {
2534 reply_nterror(req, status);
2535 END_PROFILE(SMBunlink);
2539 status = resolve_dfspath_wcard(ctx, conn,
2540 req->flags2 & FLAGS2_DFS_PATHNAMES,
2543 &path_contains_wcard);
2544 if (!NT_STATUS_IS_OK(status)) {
2545 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2546 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2547 ERRSRV, ERRbadpath);
2548 END_PROFILE(SMBunlink);
2551 reply_nterror(req, status);
2552 END_PROFILE(SMBunlink);
2556 DEBUG(3,("reply_unlink : %s\n",name));
2558 status = unlink_internals(conn, req, dirtype, name,
2559 path_contains_wcard);
2560 if (!NT_STATUS_IS_OK(status)) {
2561 if (open_was_deferred(req->mid)) {
2562 /* We have re-scheduled this call. */
2563 END_PROFILE(SMBunlink);
2566 reply_nterror(req, status);
2567 END_PROFILE(SMBunlink);
2571 reply_outbuf(req, 0, 0);
2572 END_PROFILE(SMBunlink);
2577 /****************************************************************************
2579 ****************************************************************************/
2581 static void fail_readraw(void)
2583 const char *errstr = talloc_asprintf(talloc_tos(),
2584 "FAIL ! reply_readbraw: socket write fail (%s)",
2589 exit_server_cleanly(errstr);
2592 /****************************************************************************
2593 Fake (read/write) sendfile. Returns -1 on read or write fail.
2594 ****************************************************************************/
2596 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2600 size_t tosend = nread;
2607 bufsize = MIN(nread, 65536);
2609 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2613 while (tosend > 0) {
2617 if (tosend > bufsize) {
2622 ret = read_file(fsp,buf,startpos,cur_read);
2628 /* If we had a short read, fill with zeros. */
2629 if (ret < cur_read) {
2630 memset(buf, '\0', cur_read - ret);
2633 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2638 startpos += cur_read;
2642 return (ssize_t)nread;
2645 /****************************************************************************
2646 Return a readbraw error (4 bytes of zero).
2647 ****************************************************************************/
2649 static void reply_readbraw_error(void)
2653 if (write_data(smbd_server_fd(),header,4) != 4) {
2658 /****************************************************************************
2659 Use sendfile in readbraw.
2660 ****************************************************************************/
2662 void send_file_readbraw(connection_struct *conn,
2668 char *outbuf = NULL;
2671 #if defined(WITH_SENDFILE)
2673 * We can only use sendfile on a non-chained packet
2674 * but we can use on a non-oplocked file. tridge proved this
2675 * on a train in Germany :-). JRA.
2676 * reply_readbraw has already checked the length.
2679 if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) &&
2680 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2682 DATA_BLOB header_blob;
2684 _smb_setlen(header,nread);
2685 header_blob = data_blob_const(header, 4);
2687 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2688 &header_blob, startpos, nread) == -1) {
2689 /* Returning ENOSYS means no data at all was sent.
2690 * Do this as a normal read. */
2691 if (errno == ENOSYS) {
2692 goto normal_readbraw;
2696 * Special hack for broken Linux with no working sendfile. If we
2697 * return EINTR we sent the header but not the rest of the data.
2698 * Fake this up by doing read/write calls.
2700 if (errno == EINTR) {
2701 /* Ensure we don't do this again. */
2702 set_use_sendfile(SNUM(conn), False);
2703 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2705 if (fake_sendfile(fsp, startpos, nread) == -1) {
2706 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2707 fsp->fsp_name, strerror(errno) ));
2708 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2713 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2714 fsp->fsp_name, strerror(errno) ));
2715 exit_server_cleanly("send_file_readbraw sendfile failed");
2724 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2726 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2727 (unsigned)(nread+4)));
2728 reply_readbraw_error();
2733 ret = read_file(fsp,outbuf+4,startpos,nread);
2734 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2743 _smb_setlen(outbuf,ret);
2744 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2747 TALLOC_FREE(outbuf);
2750 /****************************************************************************
2751 Reply to a readbraw (core+ protocol).
2752 ****************************************************************************/
2754 void reply_readbraw(struct smb_request *req)
2756 connection_struct *conn = req->conn;
2757 ssize_t maxcount,mincount;
2764 START_PROFILE(SMBreadbraw);
2766 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2767 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2768 "raw reads/writes are disallowed.");
2772 reply_readbraw_error();
2773 END_PROFILE(SMBreadbraw);
2778 * Special check if an oplock break has been issued
2779 * and the readraw request croses on the wire, we must
2780 * return a zero length response here.
2783 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2786 * We have to do a check_fsp by hand here, as
2787 * we must always return 4 zero bytes on error,
2791 if (!fsp || !conn || conn != fsp->conn ||
2792 current_user.vuid != fsp->vuid ||
2793 fsp->is_directory || fsp->fh->fd == -1) {
2795 * fsp could be NULL here so use the value from the packet. JRA.
2797 DEBUG(3,("reply_readbraw: fnum %d not valid "
2799 (int)SVAL(req->inbuf,smb_vwv0)));
2800 reply_readbraw_error();
2801 END_PROFILE(SMBreadbraw);
2805 /* Do a "by hand" version of CHECK_READ. */
2806 if (!(fsp->can_read ||
2807 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2808 (fsp->access_mask & FILE_EXECUTE)))) {
2809 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2810 (int)SVAL(req->inbuf,smb_vwv0)));
2811 reply_readbraw_error();
2812 END_PROFILE(SMBreadbraw);
2816 flush_write_cache(fsp, READRAW_FLUSH);
2818 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2819 if(req->wct == 10) {
2821 * This is a large offset (64 bit) read.
2823 #ifdef LARGE_SMB_OFF_T
2825 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2827 #else /* !LARGE_SMB_OFF_T */
2830 * Ensure we haven't been sent a >32 bit offset.
2833 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2834 DEBUG(0,("reply_readbraw: large offset "
2835 "(%x << 32) used and we don't support "
2836 "64 bit offsets.\n",
2837 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2838 reply_readbraw_error();
2839 END_PROFILE(SMBreadbraw);
2843 #endif /* LARGE_SMB_OFF_T */
2846 DEBUG(0,("reply_readbraw: negative 64 bit "
2847 "readraw offset (%.0f) !\n",
2848 (double)startpos ));
2849 reply_readbraw_error();
2850 END_PROFILE(SMBreadbraw);
2855 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2856 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2858 /* ensure we don't overrun the packet size */
2859 maxcount = MIN(65535,maxcount);
2861 if (is_locked(fsp,(uint32)req->smbpid,
2862 (SMB_BIG_UINT)maxcount,
2863 (SMB_BIG_UINT)startpos,
2865 reply_readbraw_error();
2866 END_PROFILE(SMBreadbraw);
2870 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2874 if (startpos >= size) {
2877 nread = MIN(maxcount,(size - startpos));
2880 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2881 if (nread < mincount)
2885 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2886 "min=%lu nread=%lu\n",
2887 fsp->fnum, (double)startpos,
2888 (unsigned long)maxcount,
2889 (unsigned long)mincount,
2890 (unsigned long)nread ) );
2892 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2894 DEBUG(5,("reply_readbraw finished\n"));
2895 END_PROFILE(SMBreadbraw);
2899 #define DBGC_CLASS DBGC_LOCKING
2901 /****************************************************************************
2902 Reply to a lockread (core+ protocol).
2903 ****************************************************************************/
2905 void reply_lockread(struct smb_request *req)
2907 connection_struct *conn = req->conn;
2914 struct byte_range_lock *br_lck = NULL;
2917 START_PROFILE(SMBlockread);
2920 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2921 END_PROFILE(SMBlockread);
2925 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2927 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2928 END_PROFILE(SMBlockread);
2932 if (!CHECK_READ(fsp,req->inbuf)) {
2933 reply_doserror(req, ERRDOS, ERRbadaccess);
2934 END_PROFILE(SMBlockread);
2938 release_level_2_oplocks_on_change(fsp);
2940 numtoread = SVAL(req->inbuf,smb_vwv1);
2941 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2943 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2945 reply_outbuf(req, 5, numtoread + 3);
2947 data = smb_buf(req->outbuf) + 3;
2950 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2951 * protocol request that predates the read/write lock concept.
2952 * Thus instead of asking for a read lock here we need to ask
2953 * for a write lock. JRA.
2954 * Note that the requested lock size is unaffected by max_recv.
2957 br_lck = do_lock(smbd_messaging_context(),
2960 (SMB_BIG_UINT)numtoread,
2961 (SMB_BIG_UINT)startpos,
2964 False, /* Non-blocking lock. */
2967 TALLOC_FREE(br_lck);
2969 if (NT_STATUS_V(status)) {
2970 reply_nterror(req, status);
2971 END_PROFILE(SMBlockread);
2976 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2979 if (numtoread > max_recv) {
2980 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2981 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2982 (unsigned int)numtoread, (unsigned int)max_recv ));
2983 numtoread = MIN(numtoread,max_recv);
2985 nread = read_file(fsp,data,startpos,numtoread);
2988 reply_unixerror(req, ERRDOS, ERRnoaccess);
2989 END_PROFILE(SMBlockread);
2993 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2995 SSVAL(req->outbuf,smb_vwv0,nread);
2996 SSVAL(req->outbuf,smb_vwv5,nread+3);
2997 p = smb_buf(req->outbuf);
2998 SCVAL(p,0,0); /* pad byte. */
3001 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3002 fsp->fnum, (int)numtoread, (int)nread));
3004 END_PROFILE(SMBlockread);
3009 #define DBGC_CLASS DBGC_ALL
3011 /****************************************************************************
3013 ****************************************************************************/
3015 void reply_read(struct smb_request *req)
3017 connection_struct *conn = req->conn;
3025 START_PROFILE(SMBread);
3028 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3029 END_PROFILE(SMBread);
3033 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3035 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3036 END_PROFILE(SMBread);
3040 if (!CHECK_READ(fsp,req->inbuf)) {
3041 reply_doserror(req, ERRDOS, ERRbadaccess);
3042 END_PROFILE(SMBread);
3046 numtoread = SVAL(req->inbuf,smb_vwv1);
3047 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3049 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3052 * The requested read size cannot be greater than max_recv. JRA.
3054 if (numtoread > max_recv) {
3055 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3056 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3057 (unsigned int)numtoread, (unsigned int)max_recv ));
3058 numtoread = MIN(numtoread,max_recv);
3061 reply_outbuf(req, 5, numtoread+3);
3063 data = smb_buf(req->outbuf) + 3;
3065 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3066 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3067 reply_doserror(req, ERRDOS,ERRlock);
3068 END_PROFILE(SMBread);
3073 nread = read_file(fsp,data,startpos,numtoread);
3076 reply_unixerror(req, ERRDOS,ERRnoaccess);
3077 END_PROFILE(SMBread);
3081 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3083 SSVAL(req->outbuf,smb_vwv0,nread);
3084 SSVAL(req->outbuf,smb_vwv5,nread+3);
3085 SCVAL(smb_buf(req->outbuf),0,1);
3086 SSVAL(smb_buf(req->outbuf),1,nread);
3088 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3089 fsp->fnum, (int)numtoread, (int)nread ) );
3091 END_PROFILE(SMBread);
3095 /****************************************************************************
3097 ****************************************************************************/
3099 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3104 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3105 data = smb_buf(outbuf);
3107 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3109 SCVAL(outbuf,smb_vwv0,0xFF);
3110 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3111 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3112 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3113 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3114 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3115 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3116 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3120 /****************************************************************************
3121 Reply to a read and X - possibly using sendfile.
3122 ****************************************************************************/
3124 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3125 files_struct *fsp, SMB_OFF_T startpos,
3128 SMB_STRUCT_STAT sbuf;
3131 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3132 reply_unixerror(req, ERRDOS, ERRnoaccess);
3136 if (startpos > sbuf.st_size) {
3138 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3139 smb_maxcnt = (sbuf.st_size - startpos);
3142 if (smb_maxcnt == 0) {
3146 #if defined(WITH_SENDFILE)
3148 * We can only use sendfile on a non-chained packet
3149 * but we can use on a non-oplocked file. tridge proved this
3150 * on a train in Germany :-). JRA.
3153 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3154 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3155 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3156 uint8 headerbuf[smb_size + 12 * 2];
3160 * Set up the packet header before send. We
3161 * assume here the sendfile will work (get the
3162 * correct amount of data).
3165 header = data_blob_const(headerbuf, sizeof(headerbuf));
3167 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3168 setup_readX_header((char *)headerbuf, smb_maxcnt);
3170 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3171 /* Returning ENOSYS or EINVAL means no data at all was sent.
3172 Do this as a normal read. */
3173 if (errno == ENOSYS || errno == EINVAL) {
3178 * Special hack for broken Linux with no working sendfile. If we
3179 * return EINTR we sent the header but not the rest of the data.
3180 * Fake this up by doing read/write calls.
3183 if (errno == EINTR) {
3184 /* Ensure we don't do this again. */
3185 set_use_sendfile(SNUM(conn), False);
3186 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3187 nread = fake_sendfile(fsp, startpos,
3190 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3191 fsp->fsp_name, strerror(errno) ));
3192 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3194 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3195 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3196 /* No outbuf here means successful sendfile. */
3197 TALLOC_FREE(req->outbuf);
3201 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3202 fsp->fsp_name, strerror(errno) ));
3203 exit_server_cleanly("send_file_readX sendfile failed");
3206 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3207 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3208 /* No outbuf here means successful sendfile. */
3209 TALLOC_FREE(req->outbuf);
3216 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3217 uint8 headerbuf[smb_size + 2*12];
3219 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3220 setup_readX_header((char *)headerbuf, smb_maxcnt);
3222 /* Send out the header. */
3223 if (write_data(smbd_server_fd(), (char *)headerbuf,
3224 sizeof(headerbuf)) != sizeof(headerbuf)) {
3225 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3226 fsp->fsp_name, strerror(errno) ));
3227 exit_server_cleanly("send_file_readX sendfile failed");
3229 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3231 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3232 fsp->fsp_name, strerror(errno) ));
3233 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3235 TALLOC_FREE(req->outbuf);
3238 reply_outbuf(req, 12, smb_maxcnt);
3240 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3243 reply_unixerror(req, ERRDOS, ERRnoaccess);
3247 setup_readX_header((char *)req->outbuf, nread);
3249 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3250 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3258 /****************************************************************************
3259 Reply to a read and X.
3260 ****************************************************************************/
3262 void reply_read_and_X(struct smb_request *req)
3264 connection_struct *conn = req->conn;
3268 bool big_readX = False;
3270 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3273 START_PROFILE(SMBreadX);
3275 if ((req->wct != 10) && (req->wct != 12)) {
3276 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3280 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3281 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3282 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3284 /* If it's an IPC, pass off the pipe handler. */
3286 reply_pipe_read_and_X(req);
3287 END_PROFILE(SMBreadX);
3291 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3292 END_PROFILE(SMBreadX);
3296 if (!CHECK_READ(fsp,req->inbuf)) {
3297 reply_doserror(req, ERRDOS,ERRbadaccess);
3298 END_PROFILE(SMBreadX);
3302 if (global_client_caps & CAP_LARGE_READX) {
3303 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3304 smb_maxcnt |= (upper_size<<16);
3305 if (upper_size > 1) {
3306 /* Can't do this on a chained packet. */
3307 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3308 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3309 END_PROFILE(SMBreadX);
3312 /* We currently don't do this on signed or sealed data. */
3313 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3314 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3315 END_PROFILE(SMBreadX);
3318 /* Is there room in the reply for this data ? */
3319 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3321 NT_STATUS_INVALID_PARAMETER);
3322 END_PROFILE(SMBreadX);
3329 if (req->wct == 12) {
3330 #ifdef LARGE_SMB_OFF_T
3332 * This is a large offset (64 bit) read.
3334 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3336 #else /* !LARGE_SMB_OFF_T */
3339 * Ensure we haven't been sent a >32 bit offset.
3342 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3343 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3344 "used and we don't support 64 bit offsets.\n",
3345 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3346 END_PROFILE(SMBreadX);
3347 reply_doserror(req, ERRDOS, ERRbadaccess);
3351 #endif /* LARGE_SMB_OFF_T */
3355 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3356 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3357 END_PROFILE(SMBreadX);
3358 reply_doserror(req, ERRDOS, ERRlock);
3363 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3364 END_PROFILE(SMBreadX);
3368 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3370 END_PROFILE(SMBreadX);
3374 /****************************************************************************
3375 Error replies to writebraw must have smb_wct == 1. Fix this up.
3376 ****************************************************************************/
3378 void error_to_writebrawerr(struct smb_request *req)
3380 uint8 *old_outbuf = req->outbuf;
3382 reply_outbuf(req, 1, 0);
3384 memcpy(req->outbuf, old_outbuf, smb_size);
3385 TALLOC_FREE(old_outbuf);
3388 /****************************************************************************
3389 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3390 ****************************************************************************/
3392 void reply_writebraw(struct smb_request *req)
3394 connection_struct *conn = req->conn;
3397 ssize_t total_written=0;
3398 size_t numtowrite=0;
3406 START_PROFILE(SMBwritebraw);
3409 * If we ever reply with an error, it must have the SMB command
3410 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3413 SCVAL(req->inbuf,smb_com,SMBwritec);
3415 if (srv_is_signing_active()) {
3416 END_PROFILE(SMBwritebraw);
3417 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3418 "raw reads/writes are disallowed.");
3421 if (req->wct < 12) {
3422 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3423 error_to_writebrawerr(req);
3424 END_PROFILE(SMBwritebraw);
3428 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3429 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3430 error_to_writebrawerr(req);
3431 END_PROFILE(SMBwritebraw);
3435 if (!CHECK_WRITE(fsp)) {
3436 reply_doserror(req, ERRDOS, ERRbadaccess);
3437 error_to_writebrawerr(req);
3438 END_PROFILE(SMBwritebraw);
3442 tcount = IVAL(req->inbuf,smb_vwv1);
3443 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3444 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3446 /* We have to deal with slightly different formats depending
3447 on whether we are using the core+ or lanman1.0 protocol */
3449 if(Protocol <= PROTOCOL_COREPLUS) {
3450 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3451 data = smb_buf(req->inbuf);
3453 numtowrite = SVAL(req->inbuf,smb_vwv10);
3454 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3457 /* Ensure we don't write bytes past the end of this packet. */
3458 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3459 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3460 error_to_writebrawerr(req);
3461 END_PROFILE(SMBwritebraw);
3465 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3466 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3467 reply_doserror(req, ERRDOS, ERRlock);
3468 error_to_writebrawerr(req);
3469 END_PROFILE(SMBwritebraw);
3474 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3477 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3478 "wrote=%d sync=%d\n",
3479 fsp->fnum, (double)startpos, (int)numtowrite,
3480 (int)nwritten, (int)write_through));
3482 if (nwritten < (ssize_t)numtowrite) {
3483 reply_unixerror(req, ERRHRD, ERRdiskfull);
3484 error_to_writebrawerr(req);
3485 END_PROFILE(SMBwritebraw);
3489 total_written = nwritten;
3491 /* Allocate a buffer of 64k + length. */
3492 buf = TALLOC_ARRAY(NULL, char, 65540);
3494 reply_doserror(req, ERRDOS, ERRnomem);
3495 error_to_writebrawerr(req);
3496 END_PROFILE(SMBwritebraw);
3500 /* Return a SMBwritebraw message to the redirector to tell
3501 * it to send more bytes */
3503 memcpy(buf, req->inbuf, smb_size);
3504 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3505 SCVAL(buf,smb_com,SMBwritebraw);
3506 SSVALS(buf,smb_vwv0,0xFFFF);
3508 if (!srv_send_smb(smbd_server_fd(),
3510 IS_CONN_ENCRYPTED(conn))) {
3511 exit_server_cleanly("reply_writebraw: srv_send_smb "
3515 /* Now read the raw data into the buffer and write it */
3516 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3518 if (!NT_STATUS_IS_OK(status)) {
3519 exit_server_cleanly("secondary writebraw failed");
3522 /* Set up outbuf to return the correct size */
3523 reply_outbuf(req, 1, 0);
3525 if (numtowrite != 0) {
3527 if (numtowrite > 0xFFFF) {
3528 DEBUG(0,("reply_writebraw: Oversize secondary write "
3529 "raw requested (%u). Terminating\n",
3530 (unsigned int)numtowrite ));
3531 exit_server_cleanly("secondary writebraw failed");
3534 if (tcount > nwritten+numtowrite) {
3535 DEBUG(3,("reply_writebraw: Client overestimated the "
3537 (int)tcount,(int)nwritten,(int)numtowrite));
3540 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3542 if (!NT_STATUS_IS_OK(status)) {
3543 DEBUG(0,("reply_writebraw: Oversize secondary write "
3544 "raw read failed (%s). Terminating\n",
3545 nt_errstr(status)));
3546 exit_server_cleanly("secondary writebraw failed");
3549 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3550 if (nwritten == -1) {
3552 reply_unixerror(req, ERRHRD, ERRdiskfull);
3553 error_to_writebrawerr(req);
3554 END_PROFILE(SMBwritebraw);
3558 if (nwritten < (ssize_t)numtowrite) {
3559 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3560 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3564 total_written += nwritten;
3569 SSVAL(req->outbuf,smb_vwv0,total_written);
3571 status = sync_file(conn, fsp, write_through);
3572 if (!NT_STATUS_IS_OK(status)) {
3573 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3574 fsp->fsp_name, nt_errstr(status) ));
3575 reply_nterror(req, status);
3576 error_to_writebrawerr(req);
3577 END_PROFILE(SMBwritebraw);
3581 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3583 fsp->fnum, (double)startpos, (int)numtowrite,
3584 (int)total_written));
3586 /* We won't return a status if write through is not selected - this
3587 * follows what WfWg does */
3588 END_PROFILE(SMBwritebraw);
3590 if (!write_through && total_written==tcount) {
3592 #if RABBIT_PELLET_FIX
3594 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3595 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3598 if (!send_keepalive(smbd_server_fd())) {
3599 exit_server_cleanly("reply_writebraw: send of "
3600 "keepalive failed");
3603 TALLOC_FREE(req->outbuf);
3609 #define DBGC_CLASS DBGC_LOCKING
3611 /****************************************************************************
3612 Reply to a writeunlock (core+).
3613 ****************************************************************************/
3615 void reply_writeunlock(struct smb_request *req)
3617 connection_struct *conn = req->conn;
3618 ssize_t nwritten = -1;
3622 NTSTATUS status = NT_STATUS_OK;
3625 START_PROFILE(SMBwriteunlock);
3628 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3629 END_PROFILE(SMBwriteunlock);
3633 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3635 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3636 END_PROFILE(SMBwriteunlock);
3640 if (!CHECK_WRITE(fsp)) {
3641 reply_doserror(req, ERRDOS,ERRbadaccess);
3642 END_PROFILE(SMBwriteunlock);
3646 numtowrite = SVAL(req->inbuf,smb_vwv1);
3647 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3648 data = smb_buf(req->inbuf) + 3;
3651 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3652 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3653 reply_doserror(req, ERRDOS, ERRlock);
3654 END_PROFILE(SMBwriteunlock);
3658 /* The special X/Open SMB protocol handling of
3659 zero length writes is *NOT* done for
3661 if(numtowrite == 0) {
3664 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3667 status = sync_file(conn, fsp, False /* write through */);
3668 if (!NT_STATUS_IS_OK(status)) {
3669 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3670 fsp->fsp_name, nt_errstr(status) ));
3671 reply_nterror(req, status);
3672 END_PROFILE(SMBwriteunlock);
3676 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3677 reply_unixerror(req, ERRHRD, ERRdiskfull);
3678 END_PROFILE(SMBwriteunlock);
3683 status = do_unlock(smbd_messaging_context(),
3686 (SMB_BIG_UINT)numtowrite,
3687 (SMB_BIG_UINT)startpos,
3690 if (NT_STATUS_V(status)) {
3691 reply_nterror(req, status);
3692 END_PROFILE(SMBwriteunlock);
3697 reply_outbuf(req, 1, 0);
3699 SSVAL(req->outbuf,smb_vwv0,nwritten);
3701 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3702 fsp->fnum, (int)numtowrite, (int)nwritten));
3704 END_PROFILE(SMBwriteunlock);
3709 #define DBGC_CLASS DBGC_ALL
3711 /****************************************************************************
3713 ****************************************************************************/
3715 void reply_write(struct smb_request *req)
3717 connection_struct *conn = req->conn;
3719 ssize_t nwritten = -1;
3725 START_PROFILE(SMBwrite);
3728 END_PROFILE(SMBwrite);
3729 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3733 /* If it's an IPC, pass off the pipe handler. */
3735 reply_pipe_write(req);
3736 END_PROFILE(SMBwrite);
3740 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3742 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3743 END_PROFILE(SMBwrite);
3747 if (!CHECK_WRITE(fsp)) {
3748 reply_doserror(req, ERRDOS, ERRbadaccess);
3749 END_PROFILE(SMBwrite);
3753 numtowrite = SVAL(req->inbuf,smb_vwv1);
3754 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3755 data = smb_buf(req->inbuf) + 3;
3757 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3758 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3759 reply_doserror(req, ERRDOS, ERRlock);
3760 END_PROFILE(SMBwrite);
3765 * X/Open SMB protocol says that if smb_vwv1 is
3766 * zero then the file size should be extended or
3767 * truncated to the size given in smb_vwv[2-3].
3770 if(numtowrite == 0) {
3772 * This is actually an allocate call, and set EOF. JRA.
3774 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3776 reply_nterror(req, NT_STATUS_DISK_FULL);
3777 END_PROFILE(SMBwrite);
3780 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3782 reply_nterror(req, NT_STATUS_DISK_FULL);
3783 END_PROFILE(SMBwrite);
3786 trigger_write_time_update_immediate(fsp);
3788 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3791 status = sync_file(conn, fsp, False);
3792 if (!NT_STATUS_IS_OK(status)) {
3793 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3794 fsp->fsp_name, nt_errstr(status) ));
3795 reply_nterror(req, status);
3796 END_PROFILE(SMBwrite);
3800 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3801 reply_unixerror(req, ERRHRD, ERRdiskfull);
3802 END_PROFILE(SMBwrite);
3806 reply_outbuf(req, 1, 0);
3808 SSVAL(req->outbuf,smb_vwv0,nwritten);
3810 if (nwritten < (ssize_t)numtowrite) {
3811 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3812 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3815 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3817 END_PROFILE(SMBwrite);
3821 /****************************************************************************
3822 Ensure a buffer is a valid writeX for recvfile purposes.
3823 ****************************************************************************/
3825 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3826 (2*14) + /* word count (including bcc) */ \
3829 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3832 connection_struct *conn = NULL;
3833 unsigned int doff = 0;
3834 size_t len = smb_len_large(inbuf);
3836 if (is_encrypted_packet(inbuf)) {
3837 /* Can't do this on encrypted
3842 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3846 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3847 CVAL(inbuf,smb_wct) != 14) {
3848 DEBUG(10,("is_valid_writeX_buffer: chained or "
3849 "invalid word length.\n"));
3853 conn = conn_find(SVAL(inbuf, smb_tid));
3855 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3859 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3862 doff = SVAL(inbuf,smb_vwv11);
3864 numtowrite = SVAL(inbuf,smb_vwv10);
3866 if (len > doff && len - doff > 0xFFFF) {
3867 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3870 if (numtowrite == 0) {
3871 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3875 /* Ensure the sizes match up. */
3876 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3877 /* no pad byte...old smbclient :-( */
3878 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3880 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3884 if (len - doff != numtowrite) {
3885 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3886 "len = %u, doff = %u, numtowrite = %u\n",
3889 (unsigned int)numtowrite ));
3893 DEBUG(10,("is_valid_writeX_buffer: true "
3894 "len = %u, doff = %u, numtowrite = %u\n",
3897 (unsigned int)numtowrite ));
3902 /****************************************************************************
3903 Reply to a write and X.
3904 ****************************************************************************/
3906 void reply_write_and_X(struct smb_request *req)
3908 connection_struct *conn = req->conn;
3914 unsigned int smb_doff;
3915 unsigned int smblen;
3919 START_PROFILE(SMBwriteX);
3921 if ((req->wct != 12) && (req->wct != 14)) {
3922 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3923 END_PROFILE(SMBwriteX);
3927 numtowrite = SVAL(req->inbuf,smb_vwv10);
3928 smb_doff = SVAL(req->inbuf,smb_vwv11);
3929 smblen = smb_len(req->inbuf);
3931 if (req->unread_bytes > 0xFFFF ||
3932 (smblen > smb_doff &&
3933 smblen - smb_doff > 0xFFFF)) {
3934 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3937 if (req->unread_bytes) {
3938 /* Can't do a recvfile write on IPC$ */
3940 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3941 END_PROFILE(SMBwriteX);
3944 if (numtowrite != req->unread_bytes) {
3945 reply_doserror(req, ERRDOS, ERRbadmem);
3946 END_PROFILE(SMBwriteX);
3950 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3951 smb_doff + numtowrite > smblen) {
3952 reply_doserror(req, ERRDOS, ERRbadmem);
3953 END_PROFILE(SMBwriteX);
3958 /* If it's an IPC, pass off the pipe handler. */
3960 if (req->unread_bytes) {
3961 reply_doserror(req, ERRDOS, ERRbadmem);
3962 END_PROFILE(SMBwriteX);
3965 reply_pipe_write_and_X(req);
3966 END_PROFILE(SMBwriteX);
3970 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3971 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3972 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3974 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3975 END_PROFILE(SMBwriteX);
3979 if (!CHECK_WRITE(fsp)) {
3980 reply_doserror(req, ERRDOS, ERRbadaccess);
3981 END_PROFILE(SMBwriteX);
3985 data = smb_base(req->inbuf) + smb_doff;
3987 if(req->wct == 14) {
3988 #ifdef LARGE_SMB_OFF_T
3990 * This is a large offset (64 bit) write.
3992 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3994 #else /* !LARGE_SMB_OFF_T */
3997 * Ensure we haven't been sent a >32 bit offset.
4000 if(IVAL(req->inbuf,smb_vwv12) != 0) {
4001 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4002 "used and we don't support 64 bit offsets.\n",
4003 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
4004 reply_doserror(req, ERRDOS, ERRbadaccess);
4005 END_PROFILE(SMBwriteX);
4009 #endif /* LARGE_SMB_OFF_T */
4012 if (is_locked(fsp,(uint32)req->smbpid,
4013 (SMB_BIG_UINT)numtowrite,
4014 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4015 reply_doserror(req, ERRDOS, ERRlock);
4016 END_PROFILE(SMBwriteX);
4020 /* X/Open SMB protocol says that, unlike SMBwrite
4021 if the length is zero then NO truncation is
4022 done, just a write of zero. To truncate a file,
4025 if(numtowrite == 0) {
4029 if ((req->unread_bytes == 0) &&
4030 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4032 END_PROFILE(SMBwriteX);
4036 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4039 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4040 reply_unixerror(req, ERRHRD, ERRdiskfull);
4041 END_PROFILE(SMBwriteX);
4045 reply_outbuf(req, 6, 0);
4046 SSVAL(req->outbuf,smb_vwv2,nwritten);
4047 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4049 if (nwritten < (ssize_t)numtowrite) {
4050 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4051 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4054 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4055 fsp->fnum, (int)numtowrite, (int)nwritten));
4057 status = sync_file(conn, fsp, write_through);
4058 if (!NT_STATUS_IS_OK(status)) {
4059 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4060 fsp->fsp_name, nt_errstr(status) ));
4061 reply_nterror(req, status);
4062 END_PROFILE(SMBwriteX);
4066 END_PROFILE(SMBwriteX);
4071 /****************************************************************************
4073 ****************************************************************************/
4075 void reply_lseek(struct smb_request *req)
4077 connection_struct *conn = req->conn;
4083 START_PROFILE(SMBlseek);
4086 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4087 END_PROFILE(SMBlseek);
4091 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4093 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4097 flush_write_cache(fsp, SEEK_FLUSH);
4099 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4100 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4101 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4110 res = fsp->fh->pos + startpos;
4121 if (umode == SEEK_END) {
4122 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4123 if(errno == EINVAL) {
4124 SMB_OFF_T current_pos = startpos;
4125 SMB_STRUCT_STAT sbuf;
4127 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4128 reply_unixerror(req, ERRDOS,
4130 END_PROFILE(SMBlseek);
4134 current_pos += sbuf.st_size;
4136 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4141 reply_unixerror(req, ERRDOS, ERRnoaccess);
4142 END_PROFILE(SMBlseek);
4149 reply_outbuf(req, 2, 0);
4150 SIVAL(req->outbuf,smb_vwv0,res);
4152 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4153 fsp->fnum, (double)startpos, (double)res, mode));
4155 END_PROFILE(SMBlseek);
4159 /****************************************************************************
4161 ****************************************************************************/
4163 void reply_flush(struct smb_request *req)
4165 connection_struct *conn = req->conn;
4169 START_PROFILE(SMBflush);
4172 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4176 fnum = SVAL(req->inbuf,smb_vwv0);
4177 fsp = file_fsp(fnum);
4179 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
4184 file_sync_all(conn);
4186 NTSTATUS status = sync_file(conn, fsp, True);
4187 if (!NT_STATUS_IS_OK(status)) {
4188 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4189 fsp->fsp_name, nt_errstr(status) ));
4190 reply_nterror(req, status);
4191 END_PROFILE(SMBflush);
4196 reply_outbuf(req, 0, 0);
4198 DEBUG(3,("flush\n"));
4199 END_PROFILE(SMBflush);
4203 /****************************************************************************
4205 conn POINTER CAN BE NULL HERE !
4206 ****************************************************************************/
4208 void reply_exit(struct smb_request *req)
4210 START_PROFILE(SMBexit);
4212 file_close_pid(req->smbpid, req->vuid);
4214 reply_outbuf(req, 0, 0);
4216 DEBUG(3,("exit\n"));
4218 END_PROFILE(SMBexit);
4222 /****************************************************************************
4223 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4224 ****************************************************************************/
4226 void reply_close(struct smb_request *req)
4228 connection_struct *conn = req->conn;
4229 NTSTATUS status = NT_STATUS_OK;
4230 files_struct *fsp = NULL;
4231 START_PROFILE(SMBclose);
4234 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4235 END_PROFILE(SMBclose);
4239 /* If it's an IPC, pass off to the pipe handler. */
4241 reply_pipe_close(conn, req);
4242 END_PROFILE(SMBclose);
4246 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4249 * We can only use CHECK_FSP if we know it's not a directory.
4252 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4253 reply_doserror(req, ERRDOS, ERRbadfid);
4254 END_PROFILE(SMBclose);
4258 if(fsp->is_directory) {
4260 * Special case - close NT SMB directory handle.
4262 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4263 status = close_file(fsp,NORMAL_CLOSE);
4267 * Close ordinary file.
4270 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4271 fsp->fh->fd, fsp->fnum,
4272 conn->num_files_open));
4275 * Take care of any time sent in the close.
4278 t = srv_make_unix_date3(req->inbuf+smb_vwv1);
4279 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4282 * close_file() returns the unix errno if an error
4283 * was detected on close - normally this is due to
4284 * a disk full error. If not then it was probably an I/O error.
4287 status = close_file(fsp,NORMAL_CLOSE);
4290 if (!NT_STATUS_IS_OK(status)) {
4291 reply_nterror(req, status);
4292 END_PROFILE(SMBclose);
4296 reply_outbuf(req, 0, 0);
4297 END_PROFILE(SMBclose);
4301 /****************************************************************************
4302 Reply to a writeclose (Core+ protocol).
4303 ****************************************************************************/
4305 void reply_writeclose(struct smb_request *req)
4307 connection_struct *conn = req->conn;
4309 ssize_t nwritten = -1;
4310 NTSTATUS close_status = NT_STATUS_OK;
4313 struct timespec mtime;
4316 START_PROFILE(SMBwriteclose);
4319 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4320 END_PROFILE(SMBwriteclose);
4324 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4326 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4327 END_PROFILE(SMBwriteclose);
4330 if (!CHECK_WRITE(fsp)) {
4331 reply_doserror(req, ERRDOS,ERRbadaccess);
4332 END_PROFILE(SMBwriteclose);
4336 numtowrite = SVAL(req->inbuf,smb_vwv1);
4337 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4338 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4339 req->inbuf+smb_vwv4));
4340 data = smb_buf(req->inbuf) + 1;
4343 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4344 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4345 reply_doserror(req, ERRDOS,ERRlock);
4346 END_PROFILE(SMBwriteclose);
4350 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4352 set_close_write_time(fsp, mtime);
4355 * More insanity. W2K only closes the file if writelen > 0.
4360 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4362 close_status = close_file(fsp,NORMAL_CLOSE);
4365 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4366 fsp->fnum, (int)numtowrite, (int)nwritten,
4367 conn->num_files_open));
4369 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4370 reply_doserror(req, ERRHRD, ERRdiskfull);
4371 END_PROFILE(SMBwriteclose);
4375 if(!NT_STATUS_IS_OK(close_status)) {
4376 reply_nterror(req, close_status);
4377 END_PROFILE(SMBwriteclose);
4381 reply_outbuf(req, 1, 0);
4383 SSVAL(req->outbuf,smb_vwv0,nwritten);
4384 END_PROFILE(SMBwriteclose);
4389 #define DBGC_CLASS DBGC_LOCKING
4391 /****************************************************************************
4393 ****************************************************************************/
4395 void reply_lock(struct smb_request *req)
4397 connection_struct *conn = req->conn;
4398 SMB_BIG_UINT count,offset;
4401 struct byte_range_lock *br_lck = NULL;
4403 START_PROFILE(SMBlock);
4406 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4407 END_PROFILE(SMBlock);
4411 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4413 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4414 END_PROFILE(SMBlock);
4418 release_level_2_oplocks_on_change(fsp);
4420 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4421 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4423 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4424 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4426 br_lck = do_lock(smbd_messaging_context(),
4433 False, /* Non-blocking lock. */
4437 TALLOC_FREE(br_lck);
4439 if (NT_STATUS_V(status)) {
4440 reply_nterror(req, status);
4441 END_PROFILE(SMBlock);
4445 reply_outbuf(req, 0, 0);
4447 END_PROFILE(SMBlock);
4451 /****************************************************************************
4453 ****************************************************************************/
4455 void reply_unlock(struct smb_request *req)
4457 connection_struct *conn = req->conn;
4458 SMB_BIG_UINT count,offset;
4462 START_PROFILE(SMBunlock);
4465 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4466 END_PROFILE(SMBunlock);
4470 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4472 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4473 END_PROFILE(SMBunlock);
4477 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4478 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4480 status = do_unlock(smbd_messaging_context(),
4487 if (NT_STATUS_V(status)) {
4488 reply_nterror(req, status);
4489 END_PROFILE(SMBunlock);
4493 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4494 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4496 reply_outbuf(req, 0, 0);
4498 END_PROFILE(SMBunlock);
4503 #define DBGC_CLASS DBGC_ALL
4505 /****************************************************************************
4507 conn POINTER CAN BE NULL HERE !
4508 ****************************************************************************/
4510 void reply_tdis(struct smb_request *req)
4512 connection_struct *conn = req->conn;
4513 START_PROFILE(SMBtdis);
4516 DEBUG(4,("Invalid connection in tdis\n"));
4517 reply_doserror(req, ERRSRV, ERRinvnid);
4518 END_PROFILE(SMBtdis);
4524 close_cnum(conn,req->vuid);
4527 reply_outbuf(req, 0, 0);
4528 END_PROFILE(SMBtdis);
4532 /****************************************************************************
4534 conn POINTER CAN BE NULL HERE !
4535 ****************************************************************************/
4537 void reply_echo(struct smb_request *req)
4539 connection_struct *conn = req->conn;
4542 unsigned int data_len = smb_buflen(req->inbuf);
4544 START_PROFILE(SMBecho);
4547 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4548 END_PROFILE(SMBecho);
4552 if (data_len > BUFFER_SIZE) {
4553 DEBUG(0,("reply_echo: data_len too large.\n"));
4554 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4555 END_PROFILE(SMBecho);
4559 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4561 reply_outbuf(req, 1, data_len);
4563 /* copy any incoming data back out */
4565 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4568 if (smb_reverb > 100) {
4569 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4573 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4574 SSVAL(req->outbuf,smb_vwv0,seq_num);
4576 show_msg((char *)req->outbuf);
4577 if (!srv_send_smb(smbd_server_fd(),
4578 (char *)req->outbuf,
4579 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4580 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4583 DEBUG(3,("echo %d times\n", smb_reverb));
4585 TALLOC_FREE(req->outbuf);
4589 END_PROFILE(SMBecho);
4593 /****************************************************************************
4594 Reply to a printopen.
4595 ****************************************************************************/
4597 void reply_printopen(struct smb_request *req)
4599 connection_struct *conn = req->conn;
4603 START_PROFILE(SMBsplopen);
4606 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4607 END_PROFILE(SMBsplopen);
4611 if (!CAN_PRINT(conn)) {
4612 reply_doserror(req, ERRDOS, ERRnoaccess);
4613 END_PROFILE(SMBsplopen);
4617 status = file_new(conn, &fsp);
4618 if(!NT_STATUS_IS_OK(status)) {
4619 reply_nterror(req, status);
4620 END_PROFILE(SMBsplopen);
4624 /* Open for exclusive use, write only. */
4625 status = print_fsp_open(conn, NULL, fsp);
4627 if (!NT_STATUS_IS_OK(status)) {
4629 reply_nterror(req, status);
4630 END_PROFILE(SMBsplopen);
4634 reply_outbuf(req, 1, 0);
4635 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4637 DEBUG(3,("openprint fd=%d fnum=%d\n",
4638 fsp->fh->fd, fsp->fnum));
4640 END_PROFILE(SMBsplopen);
4644 /****************************************************************************
4645 Reply to a printclose.
4646 ****************************************************************************/
4648 void reply_printclose(struct smb_request *req)
4650 connection_struct *conn = req->conn;
4654 START_PROFILE(SMBsplclose);
4657 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4658 END_PROFILE(SMBsplclose);
4662 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4664 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4665 END_PROFILE(SMBsplclose);
4669 if (!CAN_PRINT(conn)) {
4670 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4671 END_PROFILE(SMBsplclose);
4675 DEBUG(3,("printclose fd=%d fnum=%d\n",
4676 fsp->fh->fd,fsp->fnum));
4678 status = close_file(fsp,NORMAL_CLOSE);
4680 if(!NT_STATUS_IS_OK(status)) {
4681 reply_nterror(req, status);
4682 END_PROFILE(SMBsplclose);
4686 reply_outbuf(req, 0, 0);
4688 END_PROFILE(SMBsplclose);
4692 /****************************************************************************
4693 Reply to a printqueue.
4694 ****************************************************************************/
4696 void reply_printqueue(struct smb_request *req)
4698 connection_struct *conn = req->conn;
4702 START_PROFILE(SMBsplretq);
4705 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4706 END_PROFILE(SMBsplretq);
4710 max_count = SVAL(req->inbuf,smb_vwv0);
4711 start_index = SVAL(req->inbuf,smb_vwv1);
4713 /* we used to allow the client to get the cnum wrong, but that
4714 is really quite gross and only worked when there was only
4715 one printer - I think we should now only accept it if they
4716 get it right (tridge) */
4717 if (!CAN_PRINT(conn)) {
4718 reply_doserror(req, ERRDOS, ERRnoaccess);
4719 END_PROFILE(SMBsplretq);
4723 reply_outbuf(req, 2, 3);
4724 SSVAL(req->outbuf,smb_vwv0,0);
4725 SSVAL(req->outbuf,smb_vwv1,0);
4726 SCVAL(smb_buf(req->outbuf),0,1);
4727 SSVAL(smb_buf(req->outbuf),1,0);
4729 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4730 start_index, max_count));
4733 print_queue_struct *queue = NULL;
4734 print_status_struct status;
4735 int count = print_queue_status(SNUM(conn), &queue, &status);
4736 int num_to_get = ABS(max_count);
4737 int first = (max_count>0?start_index:start_index+max_count+1);
4743 num_to_get = MIN(num_to_get,count-first);
4746 for (i=first;i<first+num_to_get;i++) {
4750 srv_put_dos_date2(p,0,queue[i].time);
4751 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4752 SSVAL(p,5, queue[i].job);
4753 SIVAL(p,7,queue[i].size);
4755 srvstr_push(blob, req->flags2, p+12,
4756 queue[i].fs_user, 16, STR_ASCII);
4758 if (message_push_blob(
4761 blob, sizeof(blob))) == -1) {
4762 reply_nterror(req, NT_STATUS_NO_MEMORY);
4763 END_PROFILE(SMBsplretq);
4769 SSVAL(req->outbuf,smb_vwv0,count);
4770 SSVAL(req->outbuf,smb_vwv1,
4771 (max_count>0?first+count:first-1));
4772 SCVAL(smb_buf(req->outbuf),0,1);
4773 SSVAL(smb_buf(req->outbuf),1,28*count);
4778 DEBUG(3,("%d entries returned in queue\n",count));
4781 END_PROFILE(SMBsplretq);
4785 /****************************************************************************
4786 Reply to a printwrite.
4787 ****************************************************************************/
4789 void reply_printwrite(struct smb_request *req)
4791 connection_struct *conn = req->conn;
4796 START_PROFILE(SMBsplwr);
4799 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4800 END_PROFILE(SMBsplwr);
4804 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4806 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4807 END_PROFILE(SMBsplwr);
4811 if (!CAN_PRINT(conn)) {
4812 reply_doserror(req, ERRDOS, ERRnoaccess);
4813 END_PROFILE(SMBsplwr);
4817 if (!CHECK_WRITE(fsp)) {
4818 reply_doserror(req, ERRDOS, ERRbadaccess);
4819 END_PROFILE(SMBsplwr);
4823 numtowrite = SVAL(smb_buf(req->inbuf),1);
4825 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4826 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4827 END_PROFILE(SMBsplwr);
4831 data = smb_buf(req->inbuf) + 3;
4833 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4834 reply_unixerror(req, ERRHRD, ERRdiskfull);
4835 END_PROFILE(SMBsplwr);
4839 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4841 END_PROFILE(SMBsplwr);
4845 /****************************************************************************
4847 ****************************************************************************/
4849 void reply_mkdir(struct smb_request *req)
4851 connection_struct *conn = req->conn;
4852 char *directory = NULL;
4854 SMB_STRUCT_STAT sbuf;
4855 TALLOC_CTX *ctx = talloc_tos();
4857 START_PROFILE(SMBmkdir);
4859 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4860 smb_buf(req->inbuf) + 1, 0,
4861 STR_TERMINATE, &status);
4862 if (!NT_STATUS_IS_OK(status)) {
4863 reply_nterror(req, status);
4864 END_PROFILE(SMBmkdir);
4868 status = resolve_dfspath(ctx, conn,
4869 req->flags2 & FLAGS2_DFS_PATHNAMES,
4872 if (!NT_STATUS_IS_OK(status)) {
4873 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4874 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4875 ERRSRV, ERRbadpath);
4876 END_PROFILE(SMBmkdir);
4879 reply_nterror(req, status);
4880 END_PROFILE(SMBmkdir);
4884 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4885 if (!NT_STATUS_IS_OK(status)) {
4886 reply_nterror(req, status);
4887 END_PROFILE(SMBmkdir);
4891 status = check_name(conn, directory);
4892 if (!NT_STATUS_IS_OK(status)) {
4893 reply_nterror(req, status);
4894 END_PROFILE(SMBmkdir);
4898 status = create_directory(conn, req, directory);
4900 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4902 if (!NT_STATUS_IS_OK(status)) {
4904 if (!use_nt_status()
4905 && NT_STATUS_EQUAL(status,
4906 NT_STATUS_OBJECT_NAME_COLLISION)) {
4908 * Yes, in the DOS error code case we get a
4909 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4910 * samba4 torture test.
4912 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4915 reply_nterror(req, status);
4916 END_PROFILE(SMBmkdir);
4920 reply_outbuf(req, 0, 0);
4922 DEBUG( 3, ( "mkdir %s\n", directory ) );
4924 END_PROFILE(SMBmkdir);
4928 /****************************************************************************
4929 Static function used by reply_rmdir to delete an entire directory
4930 tree recursively. Return True on ok, False on fail.
4931 ****************************************************************************/
4933 static bool recursive_rmdir(TALLOC_CTX *ctx,
4934 connection_struct *conn,
4937 const char *dname = NULL;
4940 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4946 while((dname = ReadDirName(dir_hnd, &offset))) {
4947 char *fullname = NULL;
4950 if (ISDOT(dname) || ISDOTDOT(dname)) {
4954 if (!is_visible_file(conn, directory, dname, &st, False)) {
4958 /* Construct the full name. */
4959 fullname = talloc_asprintf(ctx,
4969 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4974 if(st.st_mode & S_IFDIR) {
4975 if(!recursive_rmdir(ctx, conn, fullname)) {
4979 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4983 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4987 TALLOC_FREE(fullname);
4989 TALLOC_FREE(dir_hnd);
4993 /****************************************************************************
4994 The internals of the rmdir code - called elsewhere.
4995 ****************************************************************************/
4997 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4998 connection_struct *conn,
4999 const char *directory)
5004 /* Might be a symlink. */
5005 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
5006 return map_nt_error_from_unix(errno);
5009 if (S_ISLNK(st.st_mode)) {
5010 /* Is what it points to a directory ? */
5011 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
5012 return map_nt_error_from_unix(errno);
5014 if (!(S_ISDIR(st.st_mode))) {
5015 return NT_STATUS_NOT_A_DIRECTORY;
5017 ret = SMB_VFS_UNLINK(conn,directory);
5019 ret = SMB_VFS_RMDIR(conn,directory);
5022 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5023 FILE_NOTIFY_CHANGE_DIR_NAME,
5025 return NT_STATUS_OK;
5028 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5030 * Check to see if the only thing in this directory are
5031 * vetoed files/directories. If so then delete them and
5032 * retry. If we fail to delete any of them (and we *don't*
5033 * do a recursive delete) then fail the rmdir.
5037 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5038 directory, NULL, 0);
5040 if(dir_hnd == NULL) {
5045 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5046 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5048 if (!is_visible_file(conn, directory, dname, &st, False))
5050 if(!IS_VETO_PATH(conn, dname)) {
5051 TALLOC_FREE(dir_hnd);
5057 /* We only have veto files/directories.
5058 * Are we allowed to delete them ? */
5060 if(!lp_recursive_veto_delete(SNUM(conn))) {
5061 TALLOC_FREE(dir_hnd);
5066 /* Do a recursive delete. */
5067 RewindDir(dir_hnd,&dirpos);
5068 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5069 char *fullname = NULL;
5071 if (ISDOT(dname) || ISDOTDOT(dname)) {
5074 if (!is_visible_file(conn, directory, dname, &st, False)) {
5078 fullname = talloc_asprintf(ctx,
5088 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5091 if(st.st_mode & S_IFDIR) {
5092 if(!recursive_rmdir(ctx, conn, fullname)) {
5095 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5098 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5101 TALLOC_FREE(fullname);
5103 TALLOC_FREE(dir_hnd);
5104 /* Retry the rmdir */
5105 ret = SMB_VFS_RMDIR(conn,directory);
5111 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5112 "%s\n", directory,strerror(errno)));
5113 return map_nt_error_from_unix(errno);
5116 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5117 FILE_NOTIFY_CHANGE_DIR_NAME,
5120 return NT_STATUS_OK;
5123 /****************************************************************************
5125 ****************************************************************************/
5127 void reply_rmdir(struct smb_request *req)
5129 connection_struct *conn = req->conn;
5130 char *directory = NULL;
5131 SMB_STRUCT_STAT sbuf;
5133 TALLOC_CTX *ctx = talloc_tos();
5135 START_PROFILE(SMBrmdir);
5137 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5138 smb_buf(req->inbuf) + 1, 0,
5139 STR_TERMINATE, &status);
5140 if (!NT_STATUS_IS_OK(status)) {
5141 reply_nterror(req, status);
5142 END_PROFILE(SMBrmdir);
5146 status = resolve_dfspath(ctx, conn,
5147 req->flags2 & FLAGS2_DFS_PATHNAMES,
5150 if (!NT_STATUS_IS_OK(status)) {
5151 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5152 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5153 ERRSRV, ERRbadpath);
5154 END_PROFILE(SMBrmdir);
5157 reply_nterror(req, status);
5158 END_PROFILE(SMBrmdir);
5162 status = unix_convert(ctx, conn, directory, False, &directory,
5164 if (!NT_STATUS_IS_OK(status)) {
5165 reply_nterror(req, status);
5166 END_PROFILE(SMBrmdir);
5170 status = check_name(conn, directory);
5171 if (!NT_STATUS_IS_OK(status)) {
5172 reply_nterror(req, status);
5173 END_PROFILE(SMBrmdir);
5177 dptr_closepath(directory, req->smbpid);
5178 status = rmdir_internals(ctx, conn, directory);
5179 if (!NT_STATUS_IS_OK(status)) {
5180 reply_nterror(req, status);
5181 END_PROFILE(SMBrmdir);
5185 reply_outbuf(req, 0, 0);
5187 DEBUG( 3, ( "rmdir %s\n", directory ) );
5189 END_PROFILE(SMBrmdir);
5193 /*******************************************************************
5194 Resolve wildcards in a filename rename.
5195 ********************************************************************/
5197 static bool resolve_wildcards(TALLOC_CTX *ctx,
5202 char *name2_copy = NULL;
5207 char *p,*p2, *pname1, *pname2;
5209 name2_copy = talloc_strdup(ctx, name2);
5214 pname1 = strrchr_m(name1,'/');
5215 pname2 = strrchr_m(name2_copy,'/');
5217 if (!pname1 || !pname2) {
5221 /* Truncate the copy of name2 at the last '/' */
5224 /* Now go past the '/' */
5228 root1 = talloc_strdup(ctx, pname1);
5229 root2 = talloc_strdup(ctx, pname2);
5231 if (!root1 || !root2) {
5235 p = strrchr_m(root1,'.');
5238 ext1 = talloc_strdup(ctx, p+1);
5240 ext1 = talloc_strdup(ctx, "");
5242 p = strrchr_m(root2,'.');
5245 ext2 = talloc_strdup(ctx, p+1);
5247 ext2 = talloc_strdup(ctx, "");
5250 if (!ext1 || !ext2) {
5258 /* Hmmm. Should this be mb-aware ? */
5261 } else if (*p2 == '*') {
5263 root2 = talloc_asprintf(ctx, "%s%s",
5282 /* Hmmm. Should this be mb-aware ? */
5285 } else if (*p2 == '*') {
5287 ext2 = talloc_asprintf(ctx, "%s%s",
5303 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5308 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5320 /****************************************************************************
5321 Ensure open files have their names updated. Updated to notify other smbd's
5323 ****************************************************************************/
5325 static void rename_open_files(connection_struct *conn,
5326 struct share_mode_lock *lck,
5327 const char *newname)
5330 bool did_rename = False;
5332 for(fsp = file_find_di_first(lck->id); fsp;
5333 fsp = file_find_di_next(fsp)) {
5334 /* fsp_name is a relative path under the fsp. To change this for other
5335 sharepaths we need to manipulate relative paths. */
5336 /* TODO - create the absolute path and manipulate the newname
5337 relative to the sharepath. */
5338 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5341 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5342 fsp->fnum, file_id_string_tos(&fsp->file_id),
5343 fsp->fsp_name, newname ));
5344 string_set(&fsp->fsp_name, newname);
5349 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5350 file_id_string_tos(&lck->id), newname ));
5353 /* Send messages to all smbd's (not ourself) that the name has changed. */
5354 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5358 /****************************************************************************
5359 We need to check if the source path is a parent directory of the destination
5360 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5361 refuse the rename with a sharing violation. Under UNIX the above call can
5362 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5363 probably need to check that the client is a Windows one before disallowing
5364 this as a UNIX client (one with UNIX extensions) can know the source is a
5365 symlink and make this decision intelligently. Found by an excellent bug
5366 report from <AndyLiebman@aol.com>.
5367 ****************************************************************************/
5369 static bool rename_path_prefix_equal(const char *src, const char *dest)
5371 const char *psrc = src;
5372 const char *pdst = dest;
5375 if (psrc[0] == '.' && psrc[1] == '/') {
5378 if (pdst[0] == '.' && pdst[1] == '/') {
5381 if ((slen = strlen(psrc)) > strlen(pdst)) {
5384 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5388 * Do the notify calls from a rename
5391 static void notify_rename(connection_struct *conn, bool is_dir,
5392 const char *oldpath, const char *newpath)
5394 char *olddir, *newdir;
5395 const char *oldname, *newname;
5398 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5399 : FILE_NOTIFY_CHANGE_FILE_NAME;
5401 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5402 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5403 TALLOC_FREE(olddir);
5407 if (strcmp(olddir, newdir) == 0) {
5408 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5409 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5412 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5413 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5415 TALLOC_FREE(olddir);
5416 TALLOC_FREE(newdir);
5418 /* this is a strange one. w2k3 gives an additional event for
5419 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5420 files, but not directories */
5422 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5423 FILE_NOTIFY_CHANGE_ATTRIBUTES
5424 |FILE_NOTIFY_CHANGE_CREATION,
5429 /****************************************************************************
5430 Rename an open file - given an fsp.
5431 ****************************************************************************/
5433 NTSTATUS rename_internals_fsp(connection_struct *conn,
5436 const char *newname_last_component,
5438 bool replace_if_exists)
5440 TALLOC_CTX *ctx = talloc_tos();
5441 SMB_STRUCT_STAT sbuf, sbuf1;
5442 NTSTATUS status = NT_STATUS_OK;
5443 struct share_mode_lock *lck = NULL;
5448 status = check_name(conn, newname);
5449 if (!NT_STATUS_IS_OK(status)) {
5453 /* Ensure newname contains a '/' */
5454 if(strrchr_m(newname,'/') == 0) {
5455 newname = talloc_asprintf(ctx,
5459 return NT_STATUS_NO_MEMORY;
5464 * Check for special case with case preserving and not
5465 * case sensitive. If the old last component differs from the original
5466 * last component only by case, then we should allow
5467 * the rename (user is trying to change the case of the
5471 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5472 strequal(newname, fsp->fsp_name)) {
5474 char *newname_modified_last_component = NULL;
5477 * Get the last component of the modified name.
5478 * Note that we guarantee that newname contains a '/'
5481 p = strrchr_m(newname,'/');
5482 newname_modified_last_component = talloc_strdup(ctx,
5484 if (!newname_modified_last_component) {
5485 return NT_STATUS_NO_MEMORY;
5488 if(strcsequal(newname_modified_last_component,
5489 newname_last_component) == False) {
5491 * Replace the modified last component with
5494 *p = '\0'; /* Truncate at the '/' */
5495 newname = talloc_asprintf(ctx,
5498 newname_last_component);
5503 * If the src and dest names are identical - including case,
5504 * don't do the rename, just return success.
5507 if (strcsequal(fsp->fsp_name, newname)) {
5508 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5510 return NT_STATUS_OK;
5514 * Have vfs_object_exist also fill sbuf1
5516 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5518 if(!replace_if_exists && dst_exists) {
5519 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5520 fsp->fsp_name,newname));
5521 return NT_STATUS_OBJECT_NAME_COLLISION;
5525 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5526 files_struct *dst_fsp = file_find_di_first(fileid);
5528 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5529 return NT_STATUS_ACCESS_DENIED;
5533 /* Ensure we have a valid stat struct for the source. */
5534 if (fsp->fh->fd != -1) {
5535 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5536 return map_nt_error_from_unix(errno);
5539 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5540 return map_nt_error_from_unix(errno);
5544 status = can_rename(conn, fsp, attrs, &sbuf);
5546 if (!NT_STATUS_IS_OK(status)) {
5547 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5548 nt_errstr(status), fsp->fsp_name,newname));
5549 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5550 status = NT_STATUS_ACCESS_DENIED;
5554 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5555 return NT_STATUS_ACCESS_DENIED;
5558 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5562 * We have the file open ourselves, so not being able to get the
5563 * corresponding share mode lock is a fatal error.
5566 SMB_ASSERT(lck != NULL);
5568 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5569 uint32 create_options = fsp->fh->private_options;
5571 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5572 fsp->fsp_name,newname));
5574 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5576 rename_open_files(conn, lck, newname);
5579 * A rename acts as a new file create w.r.t. allowing an initial delete
5580 * on close, probably because in Windows there is a new handle to the
5581 * new file. If initial delete on close was requested but not
5582 * originally set, we need to set it here. This is probably not 100% correct,
5583 * but will work for the CIFSFS client which in non-posix mode
5584 * depends on these semantics. JRA.
5587 set_allow_initial_delete_on_close(lck, fsp, True);
5589 if (create_options & FILE_DELETE_ON_CLOSE) {
5590 status = can_set_delete_on_close(fsp, True, 0);
5592 if (NT_STATUS_IS_OK(status)) {
5593 /* Note that here we set the *inital* delete on close flag,
5594 * not the regular one. The magic gets handled in close. */
5595 fsp->initial_delete_on_close = True;
5599 return NT_STATUS_OK;
5604 if (errno == ENOTDIR || errno == EISDIR) {
5605 status = NT_STATUS_OBJECT_NAME_COLLISION;
5607 status = map_nt_error_from_unix(errno);
5610 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5611 nt_errstr(status), fsp->fsp_name,newname));
5616 /****************************************************************************
5617 The guts of the rename command, split out so it may be called by the NT SMB
5619 ****************************************************************************/
5621 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5622 connection_struct *conn,
5623 struct smb_request *req,
5624 const char *name_in,
5625 const char *newname_in,
5627 bool replace_if_exists,
5630 uint32_t access_mask)
5632 char *directory = NULL;
5634 char *last_component_src = NULL;
5635 char *last_component_dest = NULL;
5637 char *newname = NULL;
5640 NTSTATUS status = NT_STATUS_OK;
5641 SMB_STRUCT_STAT sbuf1, sbuf2;
5642 struct smb_Dir *dir_hnd = NULL;
5649 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5650 &last_component_src, &sbuf1);
5651 if (!NT_STATUS_IS_OK(status)) {
5655 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5656 &last_component_dest, &sbuf2);
5657 if (!NT_STATUS_IS_OK(status)) {
5662 * Split the old name into directory and last component
5663 * strings. Note that unix_convert may have stripped off a
5664 * leading ./ from both name and newname if the rename is
5665 * at the root of the share. We need to make sure either both
5666 * name and newname contain a / character or neither of them do
5667 * as this is checked in resolve_wildcards().
5670 p = strrchr_m(name,'/');
5672 directory = talloc_strdup(ctx, ".");
5674 return NT_STATUS_NO_MEMORY;
5679 directory = talloc_strdup(ctx, name);
5681 return NT_STATUS_NO_MEMORY;
5684 *p = '/'; /* Replace needed for exceptional test below. */
5688 * We should only check the mangled cache
5689 * here if unix_convert failed. This means
5690 * that the path in 'mask' doesn't exist
5691 * on the file system and so we need to look
5692 * for a possible mangle. This patch from
5693 * Tine Smukavec <valentin.smukavec@hermes.si>.
5696 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5697 char *new_mask = NULL;
5698 mangle_lookup_name_from_8_3(ctx,
5707 if (!src_has_wild) {
5711 * No wildcards - just process the one file.
5713 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5715 /* Add a terminating '/' to the directory name. */
5716 directory = talloc_asprintf_append(directory,
5720 return NT_STATUS_NO_MEMORY;
5723 /* Ensure newname contains a '/' also */
5724 if(strrchr_m(newname,'/') == 0) {
5725 newname = talloc_asprintf(ctx,
5729 return NT_STATUS_NO_MEMORY;
5733 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5734 "case_preserve = %d, short case preserve = %d, "
5735 "directory = %s, newname = %s, "
5736 "last_component_dest = %s, is_8_3 = %d\n",
5737 conn->case_sensitive, conn->case_preserve,
5738 conn->short_case_preserve, directory,
5739 newname, last_component_dest, is_short_name));
5741 /* The dest name still may have wildcards. */
5742 if (dest_has_wild) {
5743 char *mod_newname = NULL;
5744 if (!resolve_wildcards(ctx,
5745 directory,newname,&mod_newname)) {
5746 DEBUG(6, ("rename_internals: resolve_wildcards "
5750 return NT_STATUS_NO_MEMORY;
5752 newname = mod_newname;
5756 SMB_VFS_STAT(conn, directory, &sbuf1);
5758 status = S_ISDIR(sbuf1.st_mode) ?
5759 open_directory(conn, req, directory, &sbuf1,
5761 FILE_SHARE_READ|FILE_SHARE_WRITE,
5762 FILE_OPEN, 0, 0, NULL,
5764 : open_file_ntcreate(conn, req, directory, &sbuf1,
5766 FILE_SHARE_READ|FILE_SHARE_WRITE,
5767 FILE_OPEN, 0, 0, 0, NULL,
5770 if (!NT_STATUS_IS_OK(status)) {
5771 DEBUG(3, ("Could not open rename source %s: %s\n",
5772 directory, nt_errstr(status)));
5776 status = rename_internals_fsp(conn, fsp, newname,
5777 last_component_dest,
5778 attrs, replace_if_exists);
5780 close_file(fsp, NORMAL_CLOSE);
5782 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5783 nt_errstr(status), directory,newname));
5789 * Wildcards - process each file that matches.
5791 if (strequal(mask,"????????.???")) {
5796 status = check_name(conn, directory);
5797 if (!NT_STATUS_IS_OK(status)) {
5801 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5802 if (dir_hnd == NULL) {
5803 return map_nt_error_from_unix(errno);
5806 status = NT_STATUS_NO_SUCH_FILE;
5808 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5809 * - gentest fix. JRA
5812 while ((dname = ReadDirName(dir_hnd, &offset))) {
5813 files_struct *fsp = NULL;
5815 char *destname = NULL;
5816 bool sysdir_entry = False;
5818 /* Quick check for "." and ".." */
5819 if (ISDOT(dname) || ISDOTDOT(dname)) {
5821 sysdir_entry = True;
5827 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5831 if(!mask_match(dname, mask, conn->case_sensitive)) {
5836 status = NT_STATUS_OBJECT_NAME_INVALID;
5840 fname = talloc_asprintf(ctx,
5845 return NT_STATUS_NO_MEMORY;
5848 if (!resolve_wildcards(ctx,
5849 fname,newname,&destname)) {
5850 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5856 return NT_STATUS_NO_MEMORY;
5860 SMB_VFS_STAT(conn, fname, &sbuf1);
5862 status = S_ISDIR(sbuf1.st_mode) ?
5863 open_directory(conn, req, fname, &sbuf1,
5865 FILE_SHARE_READ|FILE_SHARE_WRITE,
5866 FILE_OPEN, 0, 0, NULL,
5868 : open_file_ntcreate(conn, req, fname, &sbuf1,
5870 FILE_SHARE_READ|FILE_SHARE_WRITE,
5871 FILE_OPEN, 0, 0, 0, NULL,
5874 if (!NT_STATUS_IS_OK(status)) {
5875 DEBUG(3,("rename_internals: open_file_ntcreate "
5876 "returned %s rename %s -> %s\n",
5877 nt_errstr(status), directory, newname));
5881 status = rename_internals_fsp(conn, fsp, destname, dname,
5882 attrs, replace_if_exists);
5884 close_file(fsp, NORMAL_CLOSE);
5886 if (!NT_STATUS_IS_OK(status)) {
5887 DEBUG(3, ("rename_internals_fsp returned %s for "
5888 "rename %s -> %s\n", nt_errstr(status),
5889 directory, newname));
5895 DEBUG(3,("rename_internals: doing rename on %s -> "
5896 "%s\n",fname,destname));
5899 TALLOC_FREE(destname);
5901 TALLOC_FREE(dir_hnd);
5903 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
5904 status = map_nt_error_from_unix(errno);
5910 /****************************************************************************
5912 ****************************************************************************/
5914 void reply_mv(struct smb_request *req)
5916 connection_struct *conn = req->conn;
5918 char *newname = NULL;
5922 bool src_has_wcard = False;
5923 bool dest_has_wcard = False;
5924 TALLOC_CTX *ctx = talloc_tos();
5926 START_PROFILE(SMBmv);
5929 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5934 attrs = SVAL(req->inbuf,smb_vwv0);
5936 p = smb_buf(req->inbuf) + 1;
5937 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5938 0, STR_TERMINATE, &status,
5940 if (!NT_STATUS_IS_OK(status)) {
5941 reply_nterror(req, status);
5946 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5947 0, STR_TERMINATE, &status,
5949 if (!NT_STATUS_IS_OK(status)) {
5950 reply_nterror(req, status);
5955 status = resolve_dfspath_wcard(ctx, conn,
5956 req->flags2 & FLAGS2_DFS_PATHNAMES,
5960 if (!NT_STATUS_IS_OK(status)) {
5961 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5962 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5963 ERRSRV, ERRbadpath);
5967 reply_nterror(req, status);
5972 status = resolve_dfspath_wcard(ctx, conn,
5973 req->flags2 & FLAGS2_DFS_PATHNAMES,
5977 if (!NT_STATUS_IS_OK(status)) {
5978 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5979 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5980 ERRSRV, ERRbadpath);
5984 reply_nterror(req, status);
5989 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5991 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5992 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
5993 if (!NT_STATUS_IS_OK(status)) {
5994 if (open_was_deferred(req->mid)) {
5995 /* We have re-scheduled this call. */
5999 reply_nterror(req, status);
6004 reply_outbuf(req, 0, 0);
6010 /*******************************************************************
6011 Copy a file as part of a reply_copy.
6012 ******************************************************************/
6015 * TODO: check error codes on all callers
6018 NTSTATUS copy_file(TALLOC_CTX *ctx,
6019 connection_struct *conn,
6024 bool target_is_directory)
6026 SMB_STRUCT_STAT src_sbuf, sbuf2;
6028 files_struct *fsp1,*fsp2;
6031 uint32 new_create_disposition;
6034 dest = talloc_strdup(ctx, dest1);
6036 return NT_STATUS_NO_MEMORY;
6038 if (target_is_directory) {
6039 const char *p = strrchr_m(src,'/');
6045 dest = talloc_asprintf_append(dest,
6049 return NT_STATUS_NO_MEMORY;
6053 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6055 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6058 if (!target_is_directory && count) {
6059 new_create_disposition = FILE_OPEN;
6061 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6062 NULL, NULL, &new_create_disposition, NULL)) {
6064 return NT_STATUS_INVALID_PARAMETER;
6068 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6070 FILE_SHARE_READ|FILE_SHARE_WRITE,
6073 FILE_ATTRIBUTE_NORMAL,
6077 if (!NT_STATUS_IS_OK(status)) {
6082 dosattrs = dos_mode(conn, src, &src_sbuf);
6083 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6084 ZERO_STRUCTP(&sbuf2);
6087 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6089 FILE_SHARE_READ|FILE_SHARE_WRITE,
6090 new_create_disposition,
6098 if (!NT_STATUS_IS_OK(status)) {
6099 close_file(fsp1,ERROR_CLOSE);
6103 if ((ofun&3) == 1) {
6104 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6105 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6107 * Stop the copy from occurring.
6110 src_sbuf.st_size = 0;
6114 if (src_sbuf.st_size) {
6115 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6118 close_file(fsp1,NORMAL_CLOSE);
6120 /* Ensure the modtime is set correctly on the destination file. */
6121 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6124 * As we are opening fsp1 read-only we only expect
6125 * an error on close on fsp2 if we are out of space.
6126 * Thus we don't look at the error return from the
6129 status = close_file(fsp2,NORMAL_CLOSE);
6131 if (!NT_STATUS_IS_OK(status)) {
6135 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6136 return NT_STATUS_DISK_FULL;
6139 return NT_STATUS_OK;
6142 /****************************************************************************
6143 Reply to a file copy.
6144 ****************************************************************************/
6146 void reply_copy(struct smb_request *req)
6148 connection_struct *conn = req->conn;
6150 char *newname = NULL;
6151 char *directory = NULL;
6155 int error = ERRnoaccess;
6160 bool target_is_directory=False;
6161 bool source_has_wild = False;
6162 bool dest_has_wild = False;
6163 SMB_STRUCT_STAT sbuf1, sbuf2;
6165 TALLOC_CTX *ctx = talloc_tos();
6167 START_PROFILE(SMBcopy);
6170 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6171 END_PROFILE(SMBcopy);
6175 tid2 = SVAL(req->inbuf,smb_vwv0);
6176 ofun = SVAL(req->inbuf,smb_vwv1);
6177 flags = SVAL(req->inbuf,smb_vwv2);
6179 p = smb_buf(req->inbuf);
6180 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6181 0, STR_TERMINATE, &status,
6183 if (!NT_STATUS_IS_OK(status)) {
6184 reply_nterror(req, status);
6185 END_PROFILE(SMBcopy);
6188 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6189 0, STR_TERMINATE, &status,
6191 if (!NT_STATUS_IS_OK(status)) {
6192 reply_nterror(req, status);
6193 END_PROFILE(SMBcopy);
6197 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6199 if (tid2 != conn->cnum) {
6200 /* can't currently handle inter share copies XXXX */
6201 DEBUG(3,("Rejecting inter-share copy\n"));
6202 reply_doserror(req, ERRSRV, ERRinvdevice);
6203 END_PROFILE(SMBcopy);
6207 status = resolve_dfspath_wcard(ctx, conn,
6208 req->flags2 & FLAGS2_DFS_PATHNAMES,
6212 if (!NT_STATUS_IS_OK(status)) {
6213 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6214 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6215 ERRSRV, ERRbadpath);
6216 END_PROFILE(SMBcopy);
6219 reply_nterror(req, status);
6220 END_PROFILE(SMBcopy);
6224 status = resolve_dfspath_wcard(ctx, conn,
6225 req->flags2 & FLAGS2_DFS_PATHNAMES,
6229 if (!NT_STATUS_IS_OK(status)) {
6230 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6231 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6232 ERRSRV, ERRbadpath);
6233 END_PROFILE(SMBcopy);
6236 reply_nterror(req, status);
6237 END_PROFILE(SMBcopy);
6241 status = unix_convert(ctx, conn, name, source_has_wild,
6242 &name, NULL, &sbuf1);
6243 if (!NT_STATUS_IS_OK(status)) {
6244 reply_nterror(req, status);
6245 END_PROFILE(SMBcopy);
6249 status = unix_convert(ctx, conn, newname, dest_has_wild,
6250 &newname, NULL, &sbuf2);
6251 if (!NT_STATUS_IS_OK(status)) {
6252 reply_nterror(req, status);
6253 END_PROFILE(SMBcopy);
6257 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6259 if ((flags&1) && target_is_directory) {
6260 reply_doserror(req, ERRDOS, ERRbadfile);
6261 END_PROFILE(SMBcopy);
6265 if ((flags&2) && !target_is_directory) {
6266 reply_doserror(req, ERRDOS, ERRbadpath);
6267 END_PROFILE(SMBcopy);
6271 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6272 /* wants a tree copy! XXXX */
6273 DEBUG(3,("Rejecting tree copy\n"));
6274 reply_doserror(req, ERRSRV, ERRerror);
6275 END_PROFILE(SMBcopy);
6279 p = strrchr_m(name,'/');
6281 directory = talloc_strdup(ctx, "./");
6283 reply_nterror(req, NT_STATUS_NO_MEMORY);
6284 END_PROFILE(SMBcopy);
6290 directory = talloc_strdup(ctx, name);
6292 reply_nterror(req, NT_STATUS_NO_MEMORY);
6293 END_PROFILE(SMBcopy);
6300 * We should only check the mangled cache
6301 * here if unix_convert failed. This means
6302 * that the path in 'mask' doesn't exist
6303 * on the file system and so we need to look
6304 * for a possible mangle. This patch from
6305 * Tine Smukavec <valentin.smukavec@hermes.si>.
6308 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6309 char *new_mask = NULL;
6310 mangle_lookup_name_from_8_3(ctx,
6319 if (!source_has_wild) {
6320 directory = talloc_asprintf_append(directory,
6323 if (dest_has_wild) {
6324 char *mod_newname = NULL;
6325 if (!resolve_wildcards(ctx,
6326 directory,newname,&mod_newname)) {
6327 reply_nterror(req, NT_STATUS_NO_MEMORY);
6328 END_PROFILE(SMBcopy);
6331 newname = mod_newname;
6334 status = check_name(conn, directory);
6335 if (!NT_STATUS_IS_OK(status)) {
6336 reply_nterror(req, status);
6337 END_PROFILE(SMBcopy);
6341 status = check_name(conn, newname);
6342 if (!NT_STATUS_IS_OK(status)) {
6343 reply_nterror(req, status);
6344 END_PROFILE(SMBcopy);
6348 status = copy_file(ctx,conn,directory,newname,ofun,
6349 count,target_is_directory);
6351 if(!NT_STATUS_IS_OK(status)) {
6352 reply_nterror(req, status);
6353 END_PROFILE(SMBcopy);
6359 struct smb_Dir *dir_hnd = NULL;
6360 const char *dname = NULL;
6363 if (strequal(mask,"????????.???")) {
6368 status = check_name(conn, directory);
6369 if (!NT_STATUS_IS_OK(status)) {
6370 reply_nterror(req, status);
6371 END_PROFILE(SMBcopy);
6375 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6376 if (dir_hnd == NULL) {
6377 status = map_nt_error_from_unix(errno);
6378 reply_nterror(req, status);
6379 END_PROFILE(SMBcopy);
6385 while ((dname = ReadDirName(dir_hnd, &offset))) {
6386 char *destname = NULL;
6389 if (ISDOT(dname) || ISDOTDOT(dname)) {
6393 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6397 if(!mask_match(dname, mask, conn->case_sensitive)) {
6401 error = ERRnoaccess;
6402 fname = talloc_asprintf(ctx,
6407 TALLOC_FREE(dir_hnd);
6408 reply_nterror(req, NT_STATUS_NO_MEMORY);
6409 END_PROFILE(SMBcopy);
6413 if (!resolve_wildcards(ctx,
6414 fname,newname,&destname)) {
6418 TALLOC_FREE(dir_hnd);
6419 reply_nterror(req, NT_STATUS_NO_MEMORY);
6420 END_PROFILE(SMBcopy);
6424 status = check_name(conn, fname);
6425 if (!NT_STATUS_IS_OK(status)) {
6426 TALLOC_FREE(dir_hnd);
6427 reply_nterror(req, status);
6428 END_PROFILE(SMBcopy);
6432 status = check_name(conn, destname);
6433 if (!NT_STATUS_IS_OK(status)) {
6434 TALLOC_FREE(dir_hnd);
6435 reply_nterror(req, status);
6436 END_PROFILE(SMBcopy);
6440 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6442 status = copy_file(ctx,conn,fname,destname,ofun,
6443 count,target_is_directory);
6444 if (NT_STATUS_IS_OK(status)) {
6448 TALLOC_FREE(destname);
6450 TALLOC_FREE(dir_hnd);
6455 /* Error on close... */
6457 reply_unixerror(req, ERRHRD, ERRgeneral);
6458 END_PROFILE(SMBcopy);
6462 reply_doserror(req, ERRDOS, error);
6463 END_PROFILE(SMBcopy);
6467 reply_outbuf(req, 1, 0);
6468 SSVAL(req->outbuf,smb_vwv0,count);
6470 END_PROFILE(SMBcopy);
6475 #define DBGC_CLASS DBGC_LOCKING
6477 /****************************************************************************
6478 Get a lock pid, dealing with large count requests.
6479 ****************************************************************************/
6481 uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6483 if(!large_file_format)
6484 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6486 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6489 /****************************************************************************
6490 Get a lock count, dealing with large count requests.
6491 ****************************************************************************/
6493 SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6495 SMB_BIG_UINT count = 0;
6497 if(!large_file_format) {
6498 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6501 #if defined(HAVE_LONGLONG)
6502 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6503 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6504 #else /* HAVE_LONGLONG */
6507 * NT4.x seems to be broken in that it sends large file (64 bit)
6508 * lockingX calls even if the CAP_LARGE_FILES was *not*
6509 * negotiated. For boxes without large unsigned ints truncate the
6510 * lock count by dropping the top 32 bits.
6513 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6514 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6515 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6516 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6517 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6520 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6521 #endif /* HAVE_LONGLONG */
6527 #if !defined(HAVE_LONGLONG)
6528 /****************************************************************************
6529 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6530 ****************************************************************************/
6532 static uint32 map_lock_offset(uint32 high, uint32 low)
6536 uint32 highcopy = high;
6539 * Try and find out how many significant bits there are in high.
6542 for(i = 0; highcopy; i++)
6546 * We use 31 bits not 32 here as POSIX
6547 * lock offsets may not be negative.
6550 mask = (~0) << (31 - i);
6553 return 0; /* Fail. */
6559 #endif /* !defined(HAVE_LONGLONG) */
6561 /****************************************************************************
6562 Get a lock offset, dealing with large offset requests.
6563 ****************************************************************************/
6565 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6567 SMB_BIG_UINT offset = 0;
6571 if(!large_file_format) {
6572 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6575 #if defined(HAVE_LONGLONG)
6576 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6577 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6578 #else /* HAVE_LONGLONG */
6581 * NT4.x seems to be broken in that it sends large file (64 bit)
6582 * lockingX calls even if the CAP_LARGE_FILES was *not*
6583 * negotiated. For boxes without large unsigned ints mangle the
6584 * lock offset by mapping the top 32 bits onto the lower 32.
6587 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6588 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6589 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6592 if((new_low = map_lock_offset(high, low)) == 0) {
6594 return (SMB_BIG_UINT)-1;
6597 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6598 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6599 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6600 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6603 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6604 #endif /* HAVE_LONGLONG */
6610 /****************************************************************************
6611 Reply to a lockingX request.
6612 ****************************************************************************/
6614 void reply_lockingX(struct smb_request *req)
6616 connection_struct *conn = req->conn;
6618 unsigned char locktype;
6619 unsigned char oplocklevel;
6622 SMB_BIG_UINT count = 0, offset = 0;
6627 bool large_file_format;
6629 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6631 START_PROFILE(SMBlockingX);
6634 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6635 END_PROFILE(SMBlockingX);
6639 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6640 locktype = CVAL(req->inbuf,smb_vwv3);
6641 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6642 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6643 num_locks = SVAL(req->inbuf,smb_vwv7);
6644 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6645 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6647 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6648 END_PROFILE(SMBlockingX);
6652 data = smb_buf(req->inbuf);
6654 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6655 /* we don't support these - and CANCEL_LOCK makes w2k
6656 and XP reboot so I don't really want to be
6657 compatible! (tridge) */
6658 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6659 END_PROFILE(SMBlockingX);
6663 /* Check if this is an oplock break on a file
6664 we have granted an oplock on.
6666 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6667 /* Client can insist on breaking to none. */
6668 bool break_to_none = (oplocklevel == 0);
6671 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6672 "for fnum = %d\n", (unsigned int)oplocklevel,
6676 * Make sure we have granted an exclusive or batch oplock on
6680 if (fsp->oplock_type == 0) {
6682 /* The Samba4 nbench simulator doesn't understand
6683 the difference between break to level2 and break
6684 to none from level2 - it sends oplock break
6685 replies in both cases. Don't keep logging an error
6686 message here - just ignore it. JRA. */
6688 DEBUG(5,("reply_lockingX: Error : oplock break from "
6689 "client for fnum = %d (oplock=%d) and no "
6690 "oplock granted on this file (%s).\n",
6691 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6693 /* if this is a pure oplock break request then don't
6695 if (num_locks == 0 && num_ulocks == 0) {
6696 END_PROFILE(SMBlockingX);
6699 END_PROFILE(SMBlockingX);
6700 reply_doserror(req, ERRDOS, ERRlock);
6705 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6707 result = remove_oplock(fsp);
6709 result = downgrade_oplock(fsp);
6713 DEBUG(0, ("reply_lockingX: error in removing "
6714 "oplock on file %s\n", fsp->fsp_name));
6715 /* Hmmm. Is this panic justified? */
6716 smb_panic("internal tdb error");
6719 reply_to_oplock_break_requests(fsp);
6721 /* if this is a pure oplock break request then don't send a
6723 if (num_locks == 0 && num_ulocks == 0) {
6724 /* Sanity check - ensure a pure oplock break is not a
6726 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6727 DEBUG(0,("reply_lockingX: Error : pure oplock "
6728 "break is a chained %d request !\n",
6729 (unsigned int)CVAL(req->inbuf,
6731 END_PROFILE(SMBlockingX);
6737 * We do this check *after* we have checked this is not a oplock break
6738 * response message. JRA.
6741 release_level_2_oplocks_on_change(fsp);
6743 if (smb_buflen(req->inbuf) <
6744 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6745 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6746 END_PROFILE(SMBlockingX);
6750 /* Data now points at the beginning of the list
6751 of smb_unlkrng structs */
6752 for(i = 0; i < (int)num_ulocks; i++) {
6753 lock_pid = get_lock_pid( data, i, large_file_format);
6754 count = get_lock_count( data, i, large_file_format);
6755 offset = get_lock_offset( data, i, large_file_format, &err);
6758 * There is no error code marked "stupid client bug".... :-).
6761 END_PROFILE(SMBlockingX);
6762 reply_doserror(req, ERRDOS, ERRnoaccess);
6766 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6767 "pid %u, file %s\n", (double)offset, (double)count,
6768 (unsigned int)lock_pid, fsp->fsp_name ));
6770 status = do_unlock(smbd_messaging_context(),
6777 if (NT_STATUS_V(status)) {
6778 END_PROFILE(SMBlockingX);
6779 reply_nterror(req, status);
6784 /* Setup the timeout in seconds. */
6786 if (!lp_blocking_locks(SNUM(conn))) {
6790 /* Now do any requested locks */
6791 data += ((large_file_format ? 20 : 10)*num_ulocks);
6793 /* Data now points at the beginning of the list
6794 of smb_lkrng structs */
6796 for(i = 0; i < (int)num_locks; i++) {
6797 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6798 READ_LOCK:WRITE_LOCK);
6799 lock_pid = get_lock_pid( data, i, large_file_format);
6800 count = get_lock_count( data, i, large_file_format);
6801 offset = get_lock_offset( data, i, large_file_format, &err);
6804 * There is no error code marked "stupid client bug".... :-).
6807 END_PROFILE(SMBlockingX);
6808 reply_doserror(req, ERRDOS, ERRnoaccess);
6812 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6813 "%u, file %s timeout = %d\n", (double)offset,
6814 (double)count, (unsigned int)lock_pid,
6815 fsp->fsp_name, (int)lock_timeout ));
6817 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6818 if (lp_blocking_locks(SNUM(conn))) {
6820 /* Schedule a message to ourselves to
6821 remove the blocking lock record and
6822 return the right error. */
6824 if (!blocking_lock_cancel(fsp,
6830 NT_STATUS_FILE_LOCK_CONFLICT)) {
6831 END_PROFILE(SMBlockingX);
6836 ERRcancelviolation));
6840 /* Remove a matching pending lock. */
6841 status = do_lock_cancel(fsp,
6847 bool blocking_lock = lock_timeout ? True : False;
6848 bool defer_lock = False;
6849 struct byte_range_lock *br_lck;
6850 uint32 block_smbpid;
6852 br_lck = do_lock(smbd_messaging_context(),
6863 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6864 /* Windows internal resolution for blocking locks seems
6865 to be about 200ms... Don't wait for less than that. JRA. */
6866 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6867 lock_timeout = lp_lock_spin_time();
6872 /* This heuristic seems to match W2K3 very well. If a
6873 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6874 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6875 far as I can tell. Replacement for do_lock_spin(). JRA. */
6877 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6878 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6880 lock_timeout = lp_lock_spin_time();
6883 if (br_lck && defer_lock) {
6885 * A blocking lock was requested. Package up
6886 * this smb into a queued request and push it
6887 * onto the blocking lock queue.
6889 if(push_blocking_lock_request(br_lck,
6900 TALLOC_FREE(br_lck);
6901 END_PROFILE(SMBlockingX);
6906 TALLOC_FREE(br_lck);
6909 if (NT_STATUS_V(status)) {
6910 END_PROFILE(SMBlockingX);
6911 reply_nterror(req, status);
6916 /* If any of the above locks failed, then we must unlock
6917 all of the previous locks (X/Open spec). */
6919 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6923 * Ensure we don't do a remove on the lock that just failed,
6924 * as under POSIX rules, if we have a lock already there, we
6925 * will delete it (and we shouldn't) .....
6927 for(i--; i >= 0; i--) {
6928 lock_pid = get_lock_pid( data, i, large_file_format);
6929 count = get_lock_count( data, i, large_file_format);
6930 offset = get_lock_offset( data, i, large_file_format,
6934 * There is no error code marked "stupid client
6938 END_PROFILE(SMBlockingX);
6939 reply_doserror(req, ERRDOS, ERRnoaccess);
6943 do_unlock(smbd_messaging_context(),
6950 END_PROFILE(SMBlockingX);
6951 reply_nterror(req, status);
6955 reply_outbuf(req, 2, 0);
6957 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6958 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6960 END_PROFILE(SMBlockingX);
6965 #define DBGC_CLASS DBGC_ALL
6967 /****************************************************************************
6968 Reply to a SMBreadbmpx (read block multiplex) request.
6969 Always reply with an error, if someone has a platform really needs this,
6970 please contact vl@samba.org
6971 ****************************************************************************/
6973 void reply_readbmpx(struct smb_request *req)
6975 START_PROFILE(SMBreadBmpx);
6976 reply_doserror(req, ERRSRV, ERRuseSTD);
6977 END_PROFILE(SMBreadBmpx);
6981 /****************************************************************************
6982 Reply to a SMBreadbs (read block multiplex secondary) request.
6983 Always reply with an error, if someone has a platform really needs this,
6984 please contact vl@samba.org
6985 ****************************************************************************/
6987 void reply_readbs(struct smb_request *req)
6989 START_PROFILE(SMBreadBs);
6990 reply_doserror(req, ERRSRV, ERRuseSTD);
6991 END_PROFILE(SMBreadBs);
6995 /****************************************************************************
6996 Reply to a SMBsetattrE.
6997 ****************************************************************************/
6999 void reply_setattrE(struct smb_request *req)
7001 connection_struct *conn = req->conn;
7002 struct timespec ts[2];
7004 SMB_STRUCT_STAT sbuf;
7007 START_PROFILE(SMBsetattrE);
7010 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7011 END_PROFILE(SMBsetattrE);
7015 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7017 if(!fsp || (fsp->conn != conn)) {
7018 reply_doserror(req, ERRDOS, ERRbadfid);
7019 END_PROFILE(SMBsetattrE);
7025 * Convert the DOS times into unix times. Ignore create
7026 * time as UNIX can't set this.
7029 ts[0] = convert_time_t_to_timespec(
7030 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
7031 ts[1] = convert_time_t_to_timespec(
7032 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
7034 reply_outbuf(req, 0, 0);
7037 * Patch from Ray Frush <frush@engr.colostate.edu>
7038 * Sometimes times are sent as zero - ignore them.
7041 /* Ensure we have a valid stat struct for the source. */
7042 if (fsp->fh->fd != -1) {
7043 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7044 status = map_nt_error_from_unix(errno);
7045 reply_nterror(req, status);
7046 END_PROFILE(SMBsetattrE);
7050 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) {
7051 status = map_nt_error_from_unix(errno);
7052 reply_nterror(req, status);
7053 END_PROFILE(SMBsetattrE);
7058 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7060 if (!NT_STATUS_IS_OK(status)) {
7061 reply_doserror(req, ERRDOS, ERRnoaccess);
7062 END_PROFILE(SMBsetattrE);
7066 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7068 (unsigned int)ts[0].tv_sec,
7069 (unsigned int)ts[1].tv_sec));
7071 END_PROFILE(SMBsetattrE);
7076 /* Back from the dead for OS/2..... JRA. */
7078 /****************************************************************************
7079 Reply to a SMBwritebmpx (write block multiplex primary) request.
7080 Always reply with an error, if someone has a platform really needs this,
7081 please contact vl@samba.org
7082 ****************************************************************************/
7084 void reply_writebmpx(struct smb_request *req)
7086 START_PROFILE(SMBwriteBmpx);
7087 reply_doserror(req, ERRSRV, ERRuseSTD);
7088 END_PROFILE(SMBwriteBmpx);
7092 /****************************************************************************
7093 Reply to a SMBwritebs (write block multiplex secondary) request.
7094 Always reply with an error, if someone has a platform really needs this,
7095 please contact vl@samba.org
7096 ****************************************************************************/
7098 void reply_writebs(struct smb_request *req)
7100 START_PROFILE(SMBwriteBs);
7101 reply_doserror(req, ERRSRV, ERRuseSTD);
7102 END_PROFILE(SMBwriteBs);
7106 /****************************************************************************
7107 Reply to a SMBgetattrE.
7108 ****************************************************************************/
7110 void reply_getattrE(struct smb_request *req)
7112 connection_struct *conn = req->conn;
7113 SMB_STRUCT_STAT sbuf;
7116 struct timespec create_ts;
7118 START_PROFILE(SMBgetattrE);
7121 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7122 END_PROFILE(SMBgetattrE);
7126 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7128 if(!fsp || (fsp->conn != conn)) {
7129 reply_doserror(req, ERRDOS, ERRbadfid);
7130 END_PROFILE(SMBgetattrE);
7134 /* Do an fstat on this file */
7135 if(fsp_stat(fsp, &sbuf)) {
7136 reply_unixerror(req, ERRDOS, ERRnoaccess);
7137 END_PROFILE(SMBgetattrE);
7141 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7144 * Convert the times into dos times. Set create
7145 * date to be last modify date as UNIX doesn't save
7149 reply_outbuf(req, 11, 0);
7151 create_ts = get_create_timespec(&sbuf,
7152 lp_fake_dir_create_times(SNUM(conn)));
7153 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7154 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7155 /* Should we check pending modtime here ? JRA */
7156 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7159 SIVAL(req->outbuf, smb_vwv6, 0);
7160 SIVAL(req->outbuf, smb_vwv8, 0);
7162 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7163 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7164 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7166 SSVAL(req->outbuf,smb_vwv10, mode);
7168 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7170 END_PROFILE(SMBgetattrE);