2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "system/filesys.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "fake_file.h"
33 #include "rpc_client/rpc_client.h"
34 #include "../librpc/gen_ndr/ndr_spoolss_c.h"
35 #include "../librpc/gen_ndr/open_files.h"
36 #include "rpc_client/cli_spoolss.h"
37 #include "rpc_client/init_spoolss.h"
38 #include "rpc_server/rpc_ncacn_np.h"
39 #include "libcli/security/security.h"
40 #include "libsmb/nmblib.h"
42 #include "smbprofile.h"
43 #include "../lib/tsocket/tsocket.h"
44 #include "lib/tevent_wait.h"
45 #include "libcli/smb/smb_signing.h"
47 /****************************************************************************
48 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
49 path or anything including wildcards.
50 We're assuming here that '/' is not the second byte in any multibyte char
51 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
53 ****************************************************************************/
55 /* Custom version for processing POSIX paths. */
56 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
58 static NTSTATUS check_path_syntax_internal(char *path,
60 bool *p_last_component_contains_wcard)
64 NTSTATUS ret = NT_STATUS_OK;
65 bool start_of_name_component = True;
66 bool stream_started = false;
68 *p_last_component_contains_wcard = False;
75 return NT_STATUS_OBJECT_NAME_INVALID;
78 return NT_STATUS_OBJECT_NAME_INVALID;
80 if (strchr_m(&s[1], ':')) {
81 return NT_STATUS_OBJECT_NAME_INVALID;
87 if ((*s == ':') && !posix_path && !stream_started) {
88 if (*p_last_component_contains_wcard) {
89 return NT_STATUS_OBJECT_NAME_INVALID;
91 /* Stream names allow more characters than file names.
92 We're overloading posix_path here to allow a wider
93 range of characters. If stream_started is true this
94 is still a Windows path even if posix_path is true.
97 stream_started = true;
98 start_of_name_component = false;
102 return NT_STATUS_OBJECT_NAME_INVALID;
106 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
108 * Safe to assume is not the second part of a mb char
109 * as this is handled below.
111 /* Eat multiple '/' or '\\' */
112 while (IS_PATH_SEP(*s,posix_path)) {
115 if ((d != path) && (*s != '\0')) {
116 /* We only care about non-leading or trailing '/' or '\\' */
120 start_of_name_component = True;
122 *p_last_component_contains_wcard = False;
126 if (start_of_name_component) {
127 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
128 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
131 * No mb char starts with '.' so we're safe checking the directory separator here.
134 /* If we just added a '/' - delete it */
135 if ((d > path) && (*(d-1) == '/')) {
140 /* Are we at the start ? Can't go back further if so. */
142 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
145 /* Go back one level... */
146 /* We know this is safe as '/' cannot be part of a mb sequence. */
147 /* NOTE - if this assumption is invalid we are not in good shape... */
148 /* Decrement d first as d points to the *next* char to write into. */
149 for (d--; d > path; d--) {
153 s += 2; /* Else go past the .. */
154 /* We're still at the start of a name component, just the previous one. */
157 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
169 if (*s <= 0x1f || *s == '|') {
170 return NT_STATUS_OBJECT_NAME_INVALID;
178 *p_last_component_contains_wcard = True;
187 /* Get the size of the next MB character. */
188 next_codepoint(s,&siz);
206 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
208 return NT_STATUS_INVALID_PARAMETER;
211 start_of_name_component = False;
219 /****************************************************************************
220 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
221 No wildcards allowed.
222 ****************************************************************************/
224 NTSTATUS check_path_syntax(char *path)
227 return check_path_syntax_internal(path, False, &ignore);
230 /****************************************************************************
231 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
232 Wildcards allowed - p_contains_wcard returns true if the last component contained
234 ****************************************************************************/
236 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
238 return check_path_syntax_internal(path, False, p_contains_wcard);
241 /****************************************************************************
242 Check the path for a POSIX client.
243 We're assuming here that '/' is not the second byte in any multibyte char
244 set (a safe assumption).
245 ****************************************************************************/
247 NTSTATUS check_path_syntax_posix(char *path)
250 return check_path_syntax_internal(path, True, &ignore);
253 /****************************************************************************
254 Pull a string and check the path allowing a wilcard - provide for error return.
255 ****************************************************************************/
257 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
258 const char *base_ptr,
265 bool *contains_wcard)
271 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
275 *err = NT_STATUS_INVALID_PARAMETER;
279 *contains_wcard = False;
281 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
283 * For a DFS path the function parse_dfs_path()
284 * will do the path processing, just make a copy.
290 if (lp_posix_pathnames()) {
291 *err = check_path_syntax_posix(*pp_dest);
293 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
299 /****************************************************************************
300 Pull a string and check the path - provide for error return.
301 ****************************************************************************/
303 size_t srvstr_get_path(TALLOC_CTX *ctx,
304 const char *base_ptr,
313 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
314 src_len, flags, err, &ignore);
317 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
318 char **pp_dest, const char *src, int flags,
319 NTSTATUS *err, bool *contains_wcard)
321 ssize_t bufrem = smbreq_bufrem(req, src);
324 *err = NT_STATUS_INVALID_PARAMETER;
328 return srvstr_get_path_wcard(mem_ctx, (const char *)req->inbuf,
329 req->flags2, pp_dest, src, bufrem, flags,
330 err, contains_wcard);
333 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
334 char **pp_dest, const char *src, int flags,
338 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
339 flags, err, &ignore);
343 * pull a string from the smb_buf part of a packet. In this case the
344 * string can either be null terminated or it can be terminated by the
345 * end of the smbbuf area
347 size_t srvstr_pull_req_talloc(TALLOC_CTX *ctx, struct smb_request *req,
348 char **dest, const char *src, int flags)
350 ssize_t bufrem = smbreq_bufrem(req, src);
356 return pull_string_talloc(ctx, req->inbuf, req->flags2, dest, src,
360 /****************************************************************************
361 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
362 ****************************************************************************/
364 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
367 if ((fsp == NULL) || (conn == NULL)) {
368 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
371 if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) {
372 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
378 /****************************************************************************
379 Check if we have a correct fsp pointing to a file.
380 ****************************************************************************/
382 bool check_fsp(connection_struct *conn, struct smb_request *req,
385 if (!check_fsp_open(conn, req, fsp)) {
388 if (fsp->is_directory) {
389 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
392 if (fsp->fh->fd == -1) {
393 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
396 fsp->num_smb_operations++;
400 /****************************************************************************
401 Check if we have a correct fsp pointing to a quota fake file. Replacement for
402 the CHECK_NTQUOTA_HANDLE_OK macro.
403 ****************************************************************************/
405 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
408 if (!check_fsp_open(conn, req, fsp)) {
412 if (fsp->is_directory) {
416 if (fsp->fake_file_handle == NULL) {
420 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
424 if (fsp->fake_file_handle->private_data == NULL) {
431 static bool netbios_session_retarget(struct smbd_server_connection *sconn,
432 const char *name, int name_type)
435 char *trim_name_type;
436 const char *retarget_parm;
439 int retarget_type = 0x20;
440 int retarget_port = NBT_SMB_PORT;
441 struct sockaddr_storage retarget_addr;
442 struct sockaddr_in *in_addr;
446 if (get_socket_port(sconn->sock) != NBT_SMB_PORT) {
450 trim_name = talloc_strdup(talloc_tos(), name);
451 if (trim_name == NULL) {
454 trim_char(trim_name, ' ', ' ');
456 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
458 if (trim_name_type == NULL) {
462 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
463 trim_name_type, NULL);
464 if (retarget_parm == NULL) {
465 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
468 if (retarget_parm == NULL) {
472 retarget = talloc_strdup(trim_name, retarget_parm);
473 if (retarget == NULL) {
477 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
479 p = strchr(retarget, ':');
482 retarget_port = atoi(p);
485 p = strchr_m(retarget, '#');
488 if (sscanf(p, "%x", &retarget_type) != 1) {
493 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
495 DEBUG(10, ("could not resolve %s\n", retarget));
499 if (retarget_addr.ss_family != AF_INET) {
500 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
504 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
506 _smb_setlen(outbuf, 6);
507 SCVAL(outbuf, 0, 0x84);
508 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
509 *(uint16_t *)(outbuf+8) = htons(retarget_port);
511 if (!srv_send_smb(sconn, (char *)outbuf, false, 0, false,
513 exit_server_cleanly("netbios_session_retarget: srv_send_smb "
519 TALLOC_FREE(trim_name);
523 static void reply_called_name_not_present(char *outbuf)
525 smb_setlen(outbuf, 1);
526 SCVAL(outbuf, 0, 0x83);
527 SCVAL(outbuf, 4, 0x82);
530 /****************************************************************************
531 Reply to a (netbios-level) special message.
532 ****************************************************************************/
534 void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inbuf_size)
536 int msg_type = CVAL(inbuf,0);
537 int msg_flags = CVAL(inbuf,1);
539 * We only really use 4 bytes of the outbuf, but for the smb_setlen
540 * calculation & friends (srv_send_smb uses that) we need the full smb
543 char outbuf[smb_size];
545 memset(outbuf, '\0', sizeof(outbuf));
547 smb_setlen(outbuf,0);
550 case NBSSrequest: /* session request */
552 /* inbuf_size is guarenteed to be at least 4. */
554 int name_type1, name_type2;
555 int name_len1, name_len2;
559 if (sconn->nbt.got_session) {
560 exit_server_cleanly("multiple session request not permitted");
563 SCVAL(outbuf,0,NBSSpositive);
566 /* inbuf_size is guaranteed to be at least 4. */
567 name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
568 if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
569 DEBUG(0,("Invalid name length in session request\n"));
570 reply_called_name_not_present(outbuf);
573 name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
574 if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
575 DEBUG(0,("Invalid name length in session request\n"));
576 reply_called_name_not_present(outbuf);
580 name_type1 = name_extract((unsigned char *)inbuf,
581 inbuf_size,(unsigned int)4,name1);
582 name_type2 = name_extract((unsigned char *)inbuf,
583 inbuf_size,(unsigned int)(4 + name_len1),name2);
585 if (name_type1 == -1 || name_type2 == -1) {
586 DEBUG(0,("Invalid name type in session request\n"));
587 reply_called_name_not_present(outbuf);
591 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
592 name1, name_type1, name2, name_type2));
594 if (netbios_session_retarget(sconn, name1, name_type1)) {
595 exit_server_cleanly("retargeted client");
599 * Windows NT/2k uses "*SMBSERVER" and XP uses
600 * "*SMBSERV" arrggg!!!
602 if (strequal(name1, "*SMBSERVER ")
603 || strequal(name1, "*SMBSERV ")) {
606 raddr = tsocket_address_inet_addr_string(sconn->remote_address,
609 exit_server_cleanly("could not allocate raddr");
612 fstrcpy(name1, raddr);
615 set_local_machine_name(name1, True);
616 set_remote_machine_name(name2, True);
618 if (is_ipaddress(sconn->remote_hostname)) {
619 char *p = discard_const_p(char, sconn->remote_hostname);
623 sconn->remote_hostname = talloc_strdup(sconn,
624 get_remote_machine_name());
625 if (sconn->remote_hostname == NULL) {
626 exit_server_cleanly("could not copy remote name");
628 sconn->conn->remote_hostname = sconn->remote_hostname;
631 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
632 get_local_machine_name(), get_remote_machine_name(),
635 if (name_type2 == 'R') {
636 /* We are being asked for a pathworks session ---
638 reply_called_name_not_present(outbuf);
642 reload_services(sconn, conn_snum_used, true);
645 sconn->nbt.got_session = true;
649 case 0x89: /* session keepalive request
650 (some old clients produce this?) */
651 SCVAL(outbuf,0,NBSSkeepalive);
655 case NBSSpositive: /* positive session response */
656 case NBSSnegative: /* negative session response */
657 case NBSSretarget: /* retarget session response */
658 DEBUG(0,("Unexpected session response\n"));
661 case NBSSkeepalive: /* session keepalive */
666 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
667 msg_type, msg_flags));
669 srv_send_smb(sconn, outbuf, false, 0, false, NULL);
671 if (CVAL(outbuf, 0) != 0x82) {
672 exit_server_cleanly("invalid netbios session");
677 /****************************************************************************
679 conn POINTER CAN BE NULL HERE !
680 ****************************************************************************/
682 void reply_tcon(struct smb_request *req)
684 connection_struct *conn = req->conn;
686 char *service_buf = NULL;
687 char *password = NULL;
692 TALLOC_CTX *ctx = talloc_tos();
693 struct smbd_server_connection *sconn = req->sconn;
694 NTTIME now = timeval_to_nttime(&req->request_time);
696 START_PROFILE(SMBtcon);
698 if (req->buflen < 4) {
699 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
700 END_PROFILE(SMBtcon);
704 p = (const char *)req->buf + 1;
705 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
707 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
709 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
712 if (service_buf == NULL || password == NULL || dev == NULL) {
713 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
714 END_PROFILE(SMBtcon);
717 p = strrchr_m(service_buf,'\\');
721 service = service_buf;
724 conn = make_connection(sconn, now, service, dev,
725 req->vuid,&nt_status);
729 reply_nterror(req, nt_status);
730 END_PROFILE(SMBtcon);
734 reply_outbuf(req, 2, 0);
735 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
736 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
737 SSVAL(req->outbuf,smb_tid,conn->cnum);
739 DEBUG(3,("tcon service=%s cnum=%d\n",
740 service, conn->cnum));
742 END_PROFILE(SMBtcon);
746 /****************************************************************************
747 Reply to a tcon and X.
748 conn POINTER CAN BE NULL HERE !
749 ****************************************************************************/
751 void reply_tcon_and_X(struct smb_request *req)
753 connection_struct *conn = req->conn;
754 const char *service = NULL;
755 TALLOC_CTX *ctx = talloc_tos();
756 /* what the cleint thinks the device is */
757 char *client_devicetype = NULL;
758 /* what the server tells the client the share represents */
759 const char *server_devicetype;
765 struct smbXsrv_session *session = NULL;
766 NTTIME now = timeval_to_nttime(&req->request_time);
767 bool session_key_updated = false;
768 uint16_t optional_support = 0;
769 struct smbd_server_connection *sconn = req->sconn;
771 START_PROFILE(SMBtconX);
774 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
775 END_PROFILE(SMBtconX);
779 passlen = SVAL(req->vwv+3, 0);
780 tcon_flags = SVAL(req->vwv+2, 0);
782 /* we might have to close an old one */
783 if ((tcon_flags & TCONX_FLAG_DISCONNECT_TID) && conn) {
784 struct smbXsrv_tcon *tcon;
792 * TODO: cancel all outstanding requests on the tcon
794 status = smbXsrv_tcon_disconnect(tcon, req->vuid);
795 if (!NT_STATUS_IS_OK(status)) {
796 DEBUG(0, ("reply_tcon_and_X: "
797 "smbXsrv_tcon_disconnect() failed: %s\n",
800 * If we hit this case, there is something completely
801 * wrong, so we better disconnect the transport connection.
803 END_PROFILE(SMBtconX);
804 exit_server(__location__ ": smbXsrv_tcon_disconnect failed");
811 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
812 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
813 END_PROFILE(SMBtconX);
817 if (sconn->smb1.negprot.encrypted_passwords) {
818 p = (const char *)req->buf + passlen;
820 p = (const char *)req->buf + passlen + 1;
823 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
826 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
827 END_PROFILE(SMBtconX);
832 * the service name can be either: \\server\share
833 * or share directly like on the DELL PowerVault 705
836 q = strchr_m(path+2,'\\');
838 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
839 END_PROFILE(SMBtconX);
847 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
848 &client_devicetype, p,
849 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
851 if (client_devicetype == NULL) {
852 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
853 END_PROFILE(SMBtconX);
857 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
859 nt_status = smb1srv_session_lookup(req->sconn->conn,
860 req->vuid, now, &session);
861 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_USER_SESSION_DELETED)) {
862 reply_force_doserror(req, ERRSRV, ERRbaduid);
863 END_PROFILE(SMBtconX);
866 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
867 reply_nterror(req, nt_status);
868 END_PROFILE(SMBtconX);
871 if (!NT_STATUS_IS_OK(nt_status)) {
872 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
873 END_PROFILE(SMBtconX);
877 if (session->global->auth_session_info == NULL) {
878 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
879 END_PROFILE(SMBtconX);
884 * If there is no application key defined yet
887 * This means we setup the application key on the
888 * first tcon that happens via the given session.
890 * Once the application key is defined, it does not
893 if (session->global->application_key.length == 0 &&
894 session->global->signing_key.length > 0)
896 struct smbXsrv_session *x = session;
897 struct auth_session_info *session_info =
898 session->global->auth_session_info;
899 uint8_t session_key[16];
901 ZERO_STRUCT(session_key);
902 memcpy(session_key, x->global->signing_key.data,
903 MIN(x->global->signing_key.length, sizeof(session_key)));
906 * The application key is truncated/padded to 16 bytes
908 x->global->application_key = data_blob_talloc(x->global,
910 sizeof(session_key));
911 ZERO_STRUCT(session_key);
912 if (x->global->application_key.data == NULL) {
913 reply_nterror(req, NT_STATUS_NO_MEMORY);
914 END_PROFILE(SMBtconX);
918 if (tcon_flags & TCONX_FLAG_EXTENDED_SIGNATURES) {
919 smb_key_derivation(x->global->application_key.data,
920 x->global->application_key.length,
921 x->global->application_key.data);
922 optional_support |= SMB_EXTENDED_SIGNATURES;
926 * Place the application key into the session_info
928 data_blob_clear_free(&session_info->session_key);
929 session_info->session_key = data_blob_dup_talloc(session_info,
930 x->global->application_key);
931 if (session_info->session_key.data == NULL) {
932 data_blob_clear_free(&x->global->application_key);
933 reply_nterror(req, NT_STATUS_NO_MEMORY);
934 END_PROFILE(SMBtconX);
937 session_key_updated = true;
940 conn = make_connection(sconn, now, service, client_devicetype,
941 req->vuid, &nt_status);
945 if (session_key_updated) {
946 struct smbXsrv_session *x = session;
947 struct auth_session_info *session_info =
948 session->global->auth_session_info;
949 data_blob_clear_free(&x->global->application_key);
950 data_blob_clear_free(&session_info->session_key);
952 reply_nterror(req, nt_status);
953 END_PROFILE(SMBtconX);
958 server_devicetype = "IPC";
959 else if ( IS_PRINT(conn) )
960 server_devicetype = "LPT1:";
962 server_devicetype = "A:";
964 if (get_Protocol() < PROTOCOL_NT1) {
965 reply_outbuf(req, 2, 0);
966 if (message_push_string(&req->outbuf, server_devicetype,
967 STR_TERMINATE|STR_ASCII) == -1) {
968 reply_nterror(req, NT_STATUS_NO_MEMORY);
969 END_PROFILE(SMBtconX);
973 /* NT sets the fstype of IPC$ to the null string */
974 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(ctx, SNUM(conn));
976 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
977 /* Return permissions. */
981 reply_outbuf(req, 7, 0);
984 perm1 = FILE_ALL_ACCESS;
985 perm2 = FILE_ALL_ACCESS;
987 perm1 = conn->share_access;
990 SIVAL(req->outbuf, smb_vwv3, perm1);
991 SIVAL(req->outbuf, smb_vwv5, perm2);
993 reply_outbuf(req, 3, 0);
996 if ((message_push_string(&req->outbuf, server_devicetype,
997 STR_TERMINATE|STR_ASCII) == -1)
998 || (message_push_string(&req->outbuf, fstype,
999 STR_TERMINATE) == -1)) {
1000 reply_nterror(req, NT_STATUS_NO_MEMORY);
1001 END_PROFILE(SMBtconX);
1005 /* what does setting this bit do? It is set by NT4 and
1006 may affect the ability to autorun mounted cdroms */
1007 optional_support |= SMB_SUPPORT_SEARCH_BITS;
1009 (lp_csc_policy(SNUM(conn)) << SMB_CSC_POLICY_SHIFT);
1011 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
1012 DEBUG(2,("Serving %s as a Dfs root\n",
1013 lp_servicename(ctx, SNUM(conn)) ));
1014 optional_support |= SMB_SHARE_IN_DFS;
1017 SSVAL(req->outbuf, smb_vwv2, optional_support);
1020 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
1021 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
1023 DEBUG(3,("tconX service=%s \n",
1026 /* set the incoming and outgoing tid to the just created one */
1027 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_tid,conn->cnum);
1028 SSVAL(req->outbuf,smb_tid,conn->cnum);
1030 END_PROFILE(SMBtconX);
1032 req->tid = conn->cnum;
1035 /****************************************************************************
1036 Reply to an unknown type.
1037 ****************************************************************************/
1039 void reply_unknown_new(struct smb_request *req, uint8 type)
1041 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
1042 smb_fn_name(type), type, type));
1043 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
1047 /****************************************************************************
1049 conn POINTER CAN BE NULL HERE !
1050 ****************************************************************************/
1052 void reply_ioctl(struct smb_request *req)
1054 connection_struct *conn = req->conn;
1061 START_PROFILE(SMBioctl);
1064 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1065 END_PROFILE(SMBioctl);
1069 device = SVAL(req->vwv+1, 0);
1070 function = SVAL(req->vwv+2, 0);
1071 ioctl_code = (device << 16) + function;
1073 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
1075 switch (ioctl_code) {
1076 case IOCTL_QUERY_JOB_INFO:
1080 reply_force_doserror(req, ERRSRV, ERRnosupport);
1081 END_PROFILE(SMBioctl);
1085 reply_outbuf(req, 8, replysize+1);
1086 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
1087 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
1088 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
1089 p = smb_buf(req->outbuf);
1090 memset(p, '\0', replysize+1); /* valgrind-safe. */
1091 p += 1; /* Allow for alignment */
1093 switch (ioctl_code) {
1094 case IOCTL_QUERY_JOB_INFO:
1096 files_struct *fsp = file_fsp(
1097 req, SVAL(req->vwv+0, 0));
1099 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1100 END_PROFILE(SMBioctl);
1104 SSVAL(p, 0, print_spool_rap_jobid(fsp->print_file));
1106 srvstr_push((char *)req->outbuf, req->flags2, p+2,
1107 lp_netbios_name(), 15,
1108 STR_TERMINATE|STR_ASCII);
1110 srvstr_push((char *)req->outbuf, req->flags2,
1112 lp_servicename(talloc_tos(),
1114 13, STR_TERMINATE|STR_ASCII);
1116 memset(p+18, 0, 13);
1122 END_PROFILE(SMBioctl);
1126 /****************************************************************************
1127 Strange checkpath NTSTATUS mapping.
1128 ****************************************************************************/
1130 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
1132 /* Strange DOS error code semantics only for checkpath... */
1133 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
1134 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
1135 /* We need to map to ERRbadpath */
1136 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1142 /****************************************************************************
1143 Reply to a checkpath.
1144 ****************************************************************************/
1146 void reply_checkpath(struct smb_request *req)
1148 connection_struct *conn = req->conn;
1149 struct smb_filename *smb_fname = NULL;
1152 TALLOC_CTX *ctx = talloc_tos();
1154 START_PROFILE(SMBcheckpath);
1156 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
1157 STR_TERMINATE, &status);
1159 if (!NT_STATUS_IS_OK(status)) {
1160 status = map_checkpath_error(req->flags2, status);
1161 reply_nterror(req, status);
1162 END_PROFILE(SMBcheckpath);
1166 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
1168 status = filename_convert(ctx,
1170 req->flags2 & FLAGS2_DFS_PATHNAMES,
1176 if (!NT_STATUS_IS_OK(status)) {
1177 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1178 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1179 ERRSRV, ERRbadpath);
1180 END_PROFILE(SMBcheckpath);
1186 if (!VALID_STAT(smb_fname->st) &&
1187 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1188 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1189 smb_fname_str_dbg(smb_fname), strerror(errno)));
1190 status = map_nt_error_from_unix(errno);
1194 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1195 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1196 ERRDOS, ERRbadpath);
1200 reply_outbuf(req, 0, 0);
1203 /* We special case this - as when a Windows machine
1204 is parsing a path is steps through the components
1205 one at a time - if a component fails it expects
1206 ERRbadpath, not ERRbadfile.
1208 status = map_checkpath_error(req->flags2, status);
1209 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1211 * Windows returns different error codes if
1212 * the parent directory is valid but not the
1213 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1214 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1215 * if the path is invalid.
1217 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1218 ERRDOS, ERRbadpath);
1222 reply_nterror(req, status);
1225 TALLOC_FREE(smb_fname);
1226 END_PROFILE(SMBcheckpath);
1230 /****************************************************************************
1232 ****************************************************************************/
1234 void reply_getatr(struct smb_request *req)
1236 connection_struct *conn = req->conn;
1237 struct smb_filename *smb_fname = NULL;
1244 TALLOC_CTX *ctx = talloc_tos();
1245 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1247 START_PROFILE(SMBgetatr);
1249 p = (const char *)req->buf + 1;
1250 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1251 if (!NT_STATUS_IS_OK(status)) {
1252 reply_nterror(req, status);
1256 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1257 under WfWg - weird! */
1258 if (*fname == '\0') {
1259 mode = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
1260 if (!CAN_WRITE(conn)) {
1261 mode |= FILE_ATTRIBUTE_READONLY;
1266 status = filename_convert(ctx,
1268 req->flags2 & FLAGS2_DFS_PATHNAMES,
1273 if (!NT_STATUS_IS_OK(status)) {
1274 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1275 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1276 ERRSRV, ERRbadpath);
1279 reply_nterror(req, status);
1282 if (!VALID_STAT(smb_fname->st) &&
1283 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1284 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1285 smb_fname_str_dbg(smb_fname),
1287 reply_nterror(req, map_nt_error_from_unix(errno));
1291 mode = dos_mode(conn, smb_fname);
1292 size = smb_fname->st.st_ex_size;
1294 if (ask_sharemode) {
1295 struct timespec write_time_ts;
1296 struct file_id fileid;
1298 ZERO_STRUCT(write_time_ts);
1299 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1300 get_file_infos(fileid, 0, NULL, &write_time_ts);
1301 if (!null_timespec(write_time_ts)) {
1302 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1306 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1307 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
1312 reply_outbuf(req, 10, 0);
1314 SSVAL(req->outbuf,smb_vwv0,mode);
1315 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1316 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1318 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1320 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1322 if (get_Protocol() >= PROTOCOL_NT1) {
1323 SSVAL(req->outbuf, smb_flg2,
1324 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1327 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1328 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1331 TALLOC_FREE(smb_fname);
1333 END_PROFILE(SMBgetatr);
1337 /****************************************************************************
1339 ****************************************************************************/
1341 void reply_setatr(struct smb_request *req)
1343 struct smb_file_time ft;
1344 connection_struct *conn = req->conn;
1345 struct smb_filename *smb_fname = NULL;
1351 TALLOC_CTX *ctx = talloc_tos();
1353 START_PROFILE(SMBsetatr);
1358 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1362 p = (const char *)req->buf + 1;
1363 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1364 if (!NT_STATUS_IS_OK(status)) {
1365 reply_nterror(req, status);
1369 status = filename_convert(ctx,
1371 req->flags2 & FLAGS2_DFS_PATHNAMES,
1376 if (!NT_STATUS_IS_OK(status)) {
1377 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1378 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1379 ERRSRV, ERRbadpath);
1382 reply_nterror(req, status);
1386 if (smb_fname->base_name[0] == '.' &&
1387 smb_fname->base_name[1] == '\0') {
1389 * Not sure here is the right place to catch this
1390 * condition. Might be moved to somewhere else later -- vl
1392 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1396 mode = SVAL(req->vwv+0, 0);
1397 mtime = srv_make_unix_date3(req->vwv+1);
1399 if (mode != FILE_ATTRIBUTE_NORMAL) {
1400 if (VALID_STAT_OF_DIR(smb_fname->st))
1401 mode |= FILE_ATTRIBUTE_DIRECTORY;
1403 mode &= ~FILE_ATTRIBUTE_DIRECTORY;
1405 status = check_access(conn, NULL, smb_fname,
1406 FILE_WRITE_ATTRIBUTES);
1407 if (!NT_STATUS_IS_OK(status)) {
1408 reply_nterror(req, status);
1412 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1414 reply_nterror(req, map_nt_error_from_unix(errno));
1419 ft.mtime = convert_time_t_to_timespec(mtime);
1420 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1421 if (!NT_STATUS_IS_OK(status)) {
1422 reply_nterror(req, status);
1426 reply_outbuf(req, 0, 0);
1428 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1431 TALLOC_FREE(smb_fname);
1432 END_PROFILE(SMBsetatr);
1436 /****************************************************************************
1438 ****************************************************************************/
1440 void reply_dskattr(struct smb_request *req)
1442 connection_struct *conn = req->conn;
1443 uint64_t dfree,dsize,bsize;
1444 START_PROFILE(SMBdskattr);
1446 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1447 reply_nterror(req, map_nt_error_from_unix(errno));
1448 END_PROFILE(SMBdskattr);
1452 reply_outbuf(req, 5, 0);
1454 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1455 double total_space, free_space;
1456 /* we need to scale this to a number that DOS6 can handle. We
1457 use floating point so we can handle large drives on systems
1458 that don't have 64 bit integers
1460 we end up displaying a maximum of 2G to DOS systems
1462 total_space = dsize * (double)bsize;
1463 free_space = dfree * (double)bsize;
1465 dsize = (uint64_t)((total_space+63*512) / (64*512));
1466 dfree = (uint64_t)((free_space+63*512) / (64*512));
1468 if (dsize > 0xFFFF) dsize = 0xFFFF;
1469 if (dfree > 0xFFFF) dfree = 0xFFFF;
1471 SSVAL(req->outbuf,smb_vwv0,dsize);
1472 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1473 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1474 SSVAL(req->outbuf,smb_vwv3,dfree);
1476 SSVAL(req->outbuf,smb_vwv0,dsize);
1477 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1478 SSVAL(req->outbuf,smb_vwv2,512);
1479 SSVAL(req->outbuf,smb_vwv3,dfree);
1482 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1484 END_PROFILE(SMBdskattr);
1489 * Utility function to split the filename from the directory.
1491 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1492 char **fname_dir_out,
1493 char **fname_mask_out)
1495 const char *p = NULL;
1496 char *fname_dir = NULL;
1497 char *fname_mask = NULL;
1499 p = strrchr_m(fname_in, '/');
1501 fname_dir = talloc_strdup(ctx, ".");
1502 fname_mask = talloc_strdup(ctx, fname_in);
1504 fname_dir = talloc_strndup(ctx, fname_in,
1505 PTR_DIFF(p, fname_in));
1506 fname_mask = talloc_strdup(ctx, p+1);
1509 if (!fname_dir || !fname_mask) {
1510 TALLOC_FREE(fname_dir);
1511 TALLOC_FREE(fname_mask);
1512 return NT_STATUS_NO_MEMORY;
1515 *fname_dir_out = fname_dir;
1516 *fname_mask_out = fname_mask;
1517 return NT_STATUS_OK;
1520 /****************************************************************************
1522 Can be called from SMBsearch, SMBffirst or SMBfunique.
1523 ****************************************************************************/
1525 void reply_search(struct smb_request *req)
1527 connection_struct *conn = req->conn;
1529 const char *mask = NULL;
1530 char *directory = NULL;
1531 struct smb_filename *smb_fname = NULL;
1535 struct timespec date;
1537 unsigned int numentries = 0;
1538 unsigned int maxentries = 0;
1539 bool finished = False;
1544 bool check_descend = False;
1545 bool expect_close = False;
1547 bool mask_contains_wcard = False;
1548 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1549 TALLOC_CTX *ctx = talloc_tos();
1550 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1551 struct dptr_struct *dirptr = NULL;
1552 struct smbd_server_connection *sconn = req->sconn;
1554 START_PROFILE(SMBsearch);
1557 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1561 if (lp_posix_pathnames()) {
1562 reply_unknown_new(req, req->cmd);
1566 /* If we were called as SMBffirst then we must expect close. */
1567 if(req->cmd == SMBffirst) {
1568 expect_close = True;
1571 reply_outbuf(req, 1, 3);
1572 maxentries = SVAL(req->vwv+0, 0);
1573 dirtype = SVAL(req->vwv+1, 0);
1574 p = (const char *)req->buf + 1;
1575 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1576 &nt_status, &mask_contains_wcard);
1577 if (!NT_STATUS_IS_OK(nt_status)) {
1578 reply_nterror(req, nt_status);
1583 status_len = SVAL(p, 0);
1586 /* dirtype &= ~FILE_ATTRIBUTE_DIRECTORY; */
1588 if (status_len == 0) {
1589 nt_status = filename_convert(ctx, conn,
1590 req->flags2 & FLAGS2_DFS_PATHNAMES,
1592 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1593 &mask_contains_wcard,
1595 if (!NT_STATUS_IS_OK(nt_status)) {
1596 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1597 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1598 ERRSRV, ERRbadpath);
1601 reply_nterror(req, nt_status);
1605 directory = smb_fname->base_name;
1607 p = strrchr_m(directory,'/');
1608 if ((p != NULL) && (*directory != '/')) {
1610 directory = talloc_strndup(ctx, directory,
1611 PTR_DIFF(p, directory));
1614 directory = talloc_strdup(ctx,".");
1618 reply_nterror(req, NT_STATUS_NO_MEMORY);
1622 memset((char *)status,'\0',21);
1623 SCVAL(status,0,(dirtype & 0x1F));
1625 nt_status = dptr_create(conn,
1633 mask_contains_wcard,
1636 if (!NT_STATUS_IS_OK(nt_status)) {
1637 reply_nterror(req, nt_status);
1640 dptr_num = dptr_dnum(dirptr);
1643 const char *dirpath;
1645 memcpy(status,p,21);
1646 status_dirtype = CVAL(status,0) & 0x1F;
1647 if (status_dirtype != (dirtype & 0x1F)) {
1648 dirtype = status_dirtype;
1651 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1655 dirpath = dptr_path(sconn, dptr_num);
1656 directory = talloc_strdup(ctx, dirpath);
1658 reply_nterror(req, NT_STATUS_NO_MEMORY);
1662 mask = dptr_wcard(sconn, dptr_num);
1667 * For a 'continue' search we have no string. So
1668 * check from the initial saved string.
1670 mask_contains_wcard = ms_has_wild(mask);
1671 dirtype = dptr_attr(sconn, dptr_num);
1674 DEBUG(4,("dptr_num is %d\n",dptr_num));
1676 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1677 dptr_init_search_op(dirptr);
1679 if ((dirtype&0x1F) == FILE_ATTRIBUTE_VOLUME) {
1680 char buf[DIR_STRUCT_SIZE];
1681 memcpy(buf,status,21);
1682 if (!make_dir_struct(ctx,buf,"???????????",volume_label(ctx, SNUM(conn)),
1683 0,FILE_ATTRIBUTE_VOLUME,0,!allow_long_path_components)) {
1684 reply_nterror(req, NT_STATUS_NO_MEMORY);
1687 dptr_fill(sconn, buf+12,dptr_num);
1688 if (dptr_zero(buf+12) && (status_len==0)) {
1693 if (message_push_blob(&req->outbuf,
1694 data_blob_const(buf, sizeof(buf)))
1696 reply_nterror(req, NT_STATUS_NO_MEMORY);
1704 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1707 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1708 directory,lp_dontdescend(ctx, SNUM(conn))));
1709 if (in_list(directory, lp_dontdescend(ctx, SNUM(conn)),True)) {
1710 check_descend = True;
1713 for (i=numentries;(i<maxentries) && !finished;i++) {
1714 finished = !get_dir_entry(ctx,
1725 char buf[DIR_STRUCT_SIZE];
1726 memcpy(buf,status,21);
1727 if (!make_dir_struct(ctx,
1733 convert_timespec_to_time_t(date),
1734 !allow_long_path_components)) {
1735 reply_nterror(req, NT_STATUS_NO_MEMORY);
1738 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1741 if (message_push_blob(&req->outbuf,
1742 data_blob_const(buf, sizeof(buf)))
1744 reply_nterror(req, NT_STATUS_NO_MEMORY);
1754 /* If we were called as SMBffirst with smb_search_id == NULL
1755 and no entries were found then return error and close dirptr
1758 if (numentries == 0) {
1759 dptr_close(sconn, &dptr_num);
1760 } else if(expect_close && status_len == 0) {
1761 /* Close the dptr - we know it's gone */
1762 dptr_close(sconn, &dptr_num);
1765 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1766 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1767 dptr_close(sconn, &dptr_num);
1770 if ((numentries == 0) && !mask_contains_wcard) {
1771 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1775 SSVAL(req->outbuf,smb_vwv0,numentries);
1776 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1777 SCVAL(smb_buf(req->outbuf),0,5);
1778 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1780 /* The replies here are never long name. */
1781 SSVAL(req->outbuf, smb_flg2,
1782 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1783 if (!allow_long_path_components) {
1784 SSVAL(req->outbuf, smb_flg2,
1785 SVAL(req->outbuf, smb_flg2)
1786 & (~FLAGS2_LONG_PATH_COMPONENTS));
1789 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1790 SSVAL(req->outbuf, smb_flg2,
1791 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1793 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1794 smb_fn_name(req->cmd),
1801 TALLOC_FREE(directory);
1802 TALLOC_FREE(smb_fname);
1803 END_PROFILE(SMBsearch);
1807 /****************************************************************************
1808 Reply to a fclose (stop directory search).
1809 ****************************************************************************/
1811 void reply_fclose(struct smb_request *req)
1819 bool path_contains_wcard = False;
1820 TALLOC_CTX *ctx = talloc_tos();
1821 struct smbd_server_connection *sconn = req->sconn;
1823 START_PROFILE(SMBfclose);
1825 if (lp_posix_pathnames()) {
1826 reply_unknown_new(req, req->cmd);
1827 END_PROFILE(SMBfclose);
1831 p = (const char *)req->buf + 1;
1832 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1833 &err, &path_contains_wcard);
1834 if (!NT_STATUS_IS_OK(err)) {
1835 reply_nterror(req, err);
1836 END_PROFILE(SMBfclose);
1840 status_len = SVAL(p,0);
1843 if (status_len == 0) {
1844 reply_force_doserror(req, ERRSRV, ERRsrverror);
1845 END_PROFILE(SMBfclose);
1849 memcpy(status,p,21);
1851 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1852 /* Close the dptr - we know it's gone */
1853 dptr_close(sconn, &dptr_num);
1856 reply_outbuf(req, 1, 0);
1857 SSVAL(req->outbuf,smb_vwv0,0);
1859 DEBUG(3,("search close\n"));
1861 END_PROFILE(SMBfclose);
1865 /****************************************************************************
1867 ****************************************************************************/
1869 void reply_open(struct smb_request *req)
1871 connection_struct *conn = req->conn;
1872 struct smb_filename *smb_fname = NULL;
1884 uint32 create_disposition;
1885 uint32 create_options = 0;
1886 uint32_t private_flags = 0;
1888 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1889 TALLOC_CTX *ctx = talloc_tos();
1891 START_PROFILE(SMBopen);
1894 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1898 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1899 deny_mode = SVAL(req->vwv+0, 0);
1900 dos_attr = SVAL(req->vwv+1, 0);
1902 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1903 STR_TERMINATE, &status);
1904 if (!NT_STATUS_IS_OK(status)) {
1905 reply_nterror(req, status);
1909 status = filename_convert(ctx,
1911 req->flags2 & FLAGS2_DFS_PATHNAMES,
1916 if (!NT_STATUS_IS_OK(status)) {
1917 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1918 reply_botherror(req,
1919 NT_STATUS_PATH_NOT_COVERED,
1920 ERRSRV, ERRbadpath);
1923 reply_nterror(req, status);
1927 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
1928 OPENX_FILE_EXISTS_OPEN, &access_mask,
1929 &share_mode, &create_disposition,
1930 &create_options, &private_flags)) {
1931 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1935 status = SMB_VFS_CREATE_FILE(
1938 0, /* root_dir_fid */
1939 smb_fname, /* fname */
1940 access_mask, /* access_mask */
1941 share_mode, /* share_access */
1942 create_disposition, /* create_disposition*/
1943 create_options, /* create_options */
1944 dos_attr, /* file_attributes */
1945 oplock_request, /* oplock_request */
1946 0, /* allocation_size */
1953 if (!NT_STATUS_IS_OK(status)) {
1954 if (open_was_deferred(req->sconn, req->mid)) {
1955 /* We have re-scheduled this call. */
1958 reply_openerror(req, status);
1962 size = smb_fname->st.st_ex_size;
1963 fattr = dos_mode(conn, smb_fname);
1965 /* Deal with other possible opens having a modified
1967 if (ask_sharemode) {
1968 struct timespec write_time_ts;
1970 ZERO_STRUCT(write_time_ts);
1971 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
1972 if (!null_timespec(write_time_ts)) {
1973 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1977 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1979 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
1980 DEBUG(3,("attempt to open a directory %s\n",
1982 close_file(req, fsp, ERROR_CLOSE);
1983 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1984 ERRDOS, ERRnoaccess);
1988 reply_outbuf(req, 7, 0);
1989 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1990 SSVAL(req->outbuf,smb_vwv1,fattr);
1991 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1992 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1994 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1996 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1997 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1999 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2000 SCVAL(req->outbuf,smb_flg,
2001 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2004 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2005 SCVAL(req->outbuf,smb_flg,
2006 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2009 TALLOC_FREE(smb_fname);
2010 END_PROFILE(SMBopen);
2014 /****************************************************************************
2015 Reply to an open and X.
2016 ****************************************************************************/
2018 void reply_open_and_X(struct smb_request *req)
2020 connection_struct *conn = req->conn;
2021 struct smb_filename *smb_fname = NULL;
2026 /* Breakout the oplock request bits so we can set the
2027 reply bits separately. */
2028 int ex_oplock_request;
2029 int core_oplock_request;
2032 int smb_sattr = SVAL(req->vwv+4, 0);
2033 uint32 smb_time = make_unix_date3(req->vwv+6);
2041 uint64_t allocation_size;
2042 ssize_t retval = -1;
2045 uint32 create_disposition;
2046 uint32 create_options = 0;
2047 uint32_t private_flags = 0;
2048 TALLOC_CTX *ctx = talloc_tos();
2050 START_PROFILE(SMBopenX);
2052 if (req->wct < 15) {
2053 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2057 open_flags = SVAL(req->vwv+2, 0);
2058 deny_mode = SVAL(req->vwv+3, 0);
2059 smb_attr = SVAL(req->vwv+5, 0);
2060 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
2061 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2062 oplock_request = ex_oplock_request | core_oplock_request;
2063 smb_ofun = SVAL(req->vwv+8, 0);
2064 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
2066 /* If it's an IPC, pass off the pipe handler. */
2068 if (lp_nt_pipe_support()) {
2069 reply_open_pipe_and_X(conn, req);
2071 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
2076 /* XXXX we need to handle passed times, sattr and flags */
2077 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
2078 STR_TERMINATE, &status);
2079 if (!NT_STATUS_IS_OK(status)) {
2080 reply_nterror(req, status);
2084 status = filename_convert(ctx,
2086 req->flags2 & FLAGS2_DFS_PATHNAMES,
2091 if (!NT_STATUS_IS_OK(status)) {
2092 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2093 reply_botherror(req,
2094 NT_STATUS_PATH_NOT_COVERED,
2095 ERRSRV, ERRbadpath);
2098 reply_nterror(req, status);
2102 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
2104 &access_mask, &share_mode,
2105 &create_disposition,
2108 reply_force_doserror(req, ERRDOS, ERRbadaccess);
2112 status = SMB_VFS_CREATE_FILE(
2115 0, /* root_dir_fid */
2116 smb_fname, /* fname */
2117 access_mask, /* access_mask */
2118 share_mode, /* share_access */
2119 create_disposition, /* create_disposition*/
2120 create_options, /* create_options */
2121 smb_attr, /* file_attributes */
2122 oplock_request, /* oplock_request */
2123 0, /* allocation_size */
2128 &smb_action); /* pinfo */
2130 if (!NT_STATUS_IS_OK(status)) {
2131 if (open_was_deferred(req->sconn, req->mid)) {
2132 /* We have re-scheduled this call. */
2135 reply_openerror(req, status);
2139 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
2140 if the file is truncated or created. */
2141 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
2142 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
2143 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
2144 close_file(req, fsp, ERROR_CLOSE);
2145 reply_nterror(req, NT_STATUS_DISK_FULL);
2148 retval = vfs_set_filelen(fsp, (off_t)allocation_size);
2150 close_file(req, fsp, ERROR_CLOSE);
2151 reply_nterror(req, NT_STATUS_DISK_FULL);
2154 status = vfs_stat_fsp(fsp);
2155 if (!NT_STATUS_IS_OK(status)) {
2156 close_file(req, fsp, ERROR_CLOSE);
2157 reply_nterror(req, status);
2162 fattr = dos_mode(conn, fsp->fsp_name);
2163 mtime = convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime);
2164 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2165 close_file(req, fsp, ERROR_CLOSE);
2166 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2170 /* If the caller set the extended oplock request bit
2171 and we granted one (by whatever means) - set the
2172 correct bit for extended oplock reply.
2175 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2176 smb_action |= EXTENDED_OPLOCK_GRANTED;
2179 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2180 smb_action |= EXTENDED_OPLOCK_GRANTED;
2183 /* If the caller set the core oplock request bit
2184 and we granted one (by whatever means) - set the
2185 correct bit for core oplock reply.
2188 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2189 reply_outbuf(req, 19, 0);
2191 reply_outbuf(req, 15, 0);
2194 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
2195 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
2197 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2198 SCVAL(req->outbuf, smb_flg,
2199 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2202 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2203 SCVAL(req->outbuf, smb_flg,
2204 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2207 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2208 SSVAL(req->outbuf,smb_vwv3,fattr);
2209 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2210 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2212 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2214 SIVAL(req->outbuf,smb_vwv6,(uint32)fsp->fsp_name->st.st_ex_size);
2215 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2216 SSVAL(req->outbuf,smb_vwv11,smb_action);
2218 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2219 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2223 TALLOC_FREE(smb_fname);
2224 END_PROFILE(SMBopenX);
2228 /****************************************************************************
2229 Reply to a SMBulogoffX.
2230 ****************************************************************************/
2232 void reply_ulogoffX(struct smb_request *req)
2234 struct smbd_server_connection *sconn = req->sconn;
2235 struct user_struct *vuser;
2236 struct smbXsrv_session *session = NULL;
2239 START_PROFILE(SMBulogoffX);
2241 vuser = get_valid_user_struct(sconn, req->vuid);
2244 DEBUG(3,("ulogoff, vuser id %llu does not map to user.\n",
2245 (unsigned long long)req->vuid));
2247 req->vuid = UID_FIELD_INVALID;
2248 reply_force_doserror(req, ERRSRV, ERRbaduid);
2249 END_PROFILE(SMBulogoffX);
2253 session = vuser->session;
2257 * TODO: cancel all outstanding requests on the session
2259 status = smbXsrv_session_logoff(session);
2260 if (!NT_STATUS_IS_OK(status)) {
2261 DEBUG(0, ("reply_ulogoff: "
2262 "smbXsrv_session_logoff() failed: %s\n",
2263 nt_errstr(status)));
2265 * If we hit this case, there is something completely
2266 * wrong, so we better disconnect the transport connection.
2268 END_PROFILE(SMBulogoffX);
2269 exit_server(__location__ ": smbXsrv_session_logoff failed");
2273 TALLOC_FREE(session);
2275 reply_outbuf(req, 2, 0);
2276 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
2277 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
2279 DEBUG(3, ("ulogoffX vuid=%llu\n",
2280 (unsigned long long)req->vuid));
2282 END_PROFILE(SMBulogoffX);
2283 req->vuid = UID_FIELD_INVALID;
2286 /****************************************************************************
2287 Reply to a mknew or a create.
2288 ****************************************************************************/
2290 void reply_mknew(struct smb_request *req)
2292 connection_struct *conn = req->conn;
2293 struct smb_filename *smb_fname = NULL;
2296 struct smb_file_time ft;
2298 int oplock_request = 0;
2300 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2301 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2302 uint32 create_disposition;
2303 uint32 create_options = 0;
2304 TALLOC_CTX *ctx = talloc_tos();
2306 START_PROFILE(SMBcreate);
2310 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2314 fattr = SVAL(req->vwv+0, 0);
2315 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2318 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2320 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2321 STR_TERMINATE, &status);
2322 if (!NT_STATUS_IS_OK(status)) {
2323 reply_nterror(req, status);
2327 status = filename_convert(ctx,
2329 req->flags2 & FLAGS2_DFS_PATHNAMES,
2334 if (!NT_STATUS_IS_OK(status)) {
2335 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2336 reply_botherror(req,
2337 NT_STATUS_PATH_NOT_COVERED,
2338 ERRSRV, ERRbadpath);
2341 reply_nterror(req, status);
2345 if (fattr & FILE_ATTRIBUTE_VOLUME) {
2346 DEBUG(0,("Attempt to create file (%s) with volid set - "
2347 "please report this\n",
2348 smb_fname_str_dbg(smb_fname)));
2351 if(req->cmd == SMBmknew) {
2352 /* We should fail if file exists. */
2353 create_disposition = FILE_CREATE;
2355 /* Create if file doesn't exist, truncate if it does. */
2356 create_disposition = FILE_OVERWRITE_IF;
2359 status = SMB_VFS_CREATE_FILE(
2362 0, /* root_dir_fid */
2363 smb_fname, /* fname */
2364 access_mask, /* access_mask */
2365 share_mode, /* share_access */
2366 create_disposition, /* create_disposition*/
2367 create_options, /* create_options */
2368 fattr, /* file_attributes */
2369 oplock_request, /* oplock_request */
2370 0, /* allocation_size */
2371 0, /* private_flags */
2377 if (!NT_STATUS_IS_OK(status)) {
2378 if (open_was_deferred(req->sconn, req->mid)) {
2379 /* We have re-scheduled this call. */
2382 reply_openerror(req, status);
2386 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2387 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2388 if (!NT_STATUS_IS_OK(status)) {
2389 END_PROFILE(SMBcreate);
2393 reply_outbuf(req, 1, 0);
2394 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2396 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2397 SCVAL(req->outbuf,smb_flg,
2398 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2401 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2402 SCVAL(req->outbuf,smb_flg,
2403 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2406 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2407 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2408 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2409 (unsigned int)fattr));
2412 TALLOC_FREE(smb_fname);
2413 END_PROFILE(SMBcreate);
2417 /****************************************************************************
2418 Reply to a create temporary file.
2419 ****************************************************************************/
2421 void reply_ctemp(struct smb_request *req)
2423 connection_struct *conn = req->conn;
2424 struct smb_filename *smb_fname = NULL;
2425 char *wire_name = NULL;
2433 TALLOC_CTX *ctx = talloc_tos();
2435 START_PROFILE(SMBctemp);
2438 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2442 fattr = SVAL(req->vwv+0, 0);
2443 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2445 srvstr_get_path_req(ctx, req, &wire_name, (const char *)req->buf+1,
2446 STR_TERMINATE, &status);
2447 if (!NT_STATUS_IS_OK(status)) {
2448 reply_nterror(req, status);
2452 for (i = 0; i < 10; i++) {
2454 fname = talloc_asprintf(ctx,
2457 generate_random_str_list(ctx, 5, "0123456789"));
2459 fname = talloc_asprintf(ctx,
2461 generate_random_str_list(ctx, 5, "0123456789"));
2465 reply_nterror(req, NT_STATUS_NO_MEMORY);
2469 status = filename_convert(ctx, conn,
2470 req->flags2 & FLAGS2_DFS_PATHNAMES,
2475 if (!NT_STATUS_IS_OK(status)) {
2476 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2477 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2478 ERRSRV, ERRbadpath);
2481 reply_nterror(req, status);
2485 /* Create the file. */
2486 status = SMB_VFS_CREATE_FILE(
2489 0, /* root_dir_fid */
2490 smb_fname, /* fname */
2491 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2492 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2493 FILE_CREATE, /* create_disposition*/
2494 0, /* create_options */
2495 fattr, /* file_attributes */
2496 oplock_request, /* oplock_request */
2497 0, /* allocation_size */
2498 0, /* private_flags */
2504 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
2506 TALLOC_FREE(smb_fname);
2510 if (!NT_STATUS_IS_OK(status)) {
2511 if (open_was_deferred(req->sconn, req->mid)) {
2512 /* We have re-scheduled this call. */
2515 reply_openerror(req, status);
2523 /* Collision after 10 times... */
2524 reply_nterror(req, status);
2528 reply_outbuf(req, 1, 0);
2529 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2531 /* the returned filename is relative to the directory */
2532 s = strrchr_m(fsp->fsp_name->base_name, '/');
2534 s = fsp->fsp_name->base_name;
2540 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2541 thing in the byte section. JRA */
2542 SSVALS(p, 0, -1); /* what is this? not in spec */
2544 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2546 reply_nterror(req, NT_STATUS_NO_MEMORY);
2550 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2551 SCVAL(req->outbuf, smb_flg,
2552 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2555 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2556 SCVAL(req->outbuf, smb_flg,
2557 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2560 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2561 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2562 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2564 TALLOC_FREE(smb_fname);
2565 TALLOC_FREE(wire_name);
2566 END_PROFILE(SMBctemp);
2570 /*******************************************************************
2571 Check if a user is allowed to rename a file.
2572 ********************************************************************/
2574 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2577 if (!CAN_WRITE(conn)) {
2578 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2581 if ((dirtype & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) !=
2582 (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2583 /* Only bother to read the DOS attribute if we might deny the
2584 rename on the grounds of attribute missmatch. */
2585 uint32_t fmode = dos_mode(conn, fsp->fsp_name);
2586 if ((fmode & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2587 return NT_STATUS_NO_SUCH_FILE;
2591 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2592 if (fsp->posix_open) {
2593 return NT_STATUS_OK;
2596 /* If no pathnames are open below this
2597 directory, allow the rename. */
2599 if (file_find_subpath(fsp)) {
2600 return NT_STATUS_ACCESS_DENIED;
2602 return NT_STATUS_OK;
2605 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2606 return NT_STATUS_OK;
2609 return NT_STATUS_ACCESS_DENIED;
2612 /*******************************************************************
2613 * unlink a file with all relevant access checks
2614 *******************************************************************/
2616 static NTSTATUS do_unlink(connection_struct *conn,
2617 struct smb_request *req,
2618 struct smb_filename *smb_fname,
2623 uint32 dirtype_orig = dirtype;
2626 bool posix_paths = lp_posix_pathnames();
2628 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2629 smb_fname_str_dbg(smb_fname),
2632 if (!CAN_WRITE(conn)) {
2633 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2637 ret = SMB_VFS_LSTAT(conn, smb_fname);
2639 ret = SMB_VFS_STAT(conn, smb_fname);
2642 return map_nt_error_from_unix(errno);
2645 fattr = dos_mode(conn, smb_fname);
2647 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2648 dirtype = FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY;
2651 dirtype &= (FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
2653 return NT_STATUS_NO_SUCH_FILE;
2656 if (!dir_check_ftype(conn, fattr, dirtype)) {
2657 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2658 return NT_STATUS_FILE_IS_A_DIRECTORY;
2660 return NT_STATUS_NO_SUCH_FILE;
2663 if (dirtype_orig & 0x8000) {
2664 /* These will never be set for POSIX. */
2665 return NT_STATUS_NO_SUCH_FILE;
2669 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2670 return NT_STATUS_FILE_IS_A_DIRECTORY;
2673 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2674 return NT_STATUS_NO_SUCH_FILE;
2677 if (dirtype & 0xFF00) {
2678 /* These will never be set for POSIX. */
2679 return NT_STATUS_NO_SUCH_FILE;
2684 return NT_STATUS_NO_SUCH_FILE;
2687 /* Can't delete a directory. */
2688 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2689 return NT_STATUS_FILE_IS_A_DIRECTORY;
2694 else if (dirtype & FILE_ATTRIBUTE_DIRECTORY) /* Asked for a directory and it isn't. */
2695 return NT_STATUS_OBJECT_NAME_INVALID;
2696 #endif /* JRATEST */
2698 /* On open checks the open itself will check the share mode, so
2699 don't do it here as we'll get it wrong. */
2701 status = SMB_VFS_CREATE_FILE
2704 0, /* root_dir_fid */
2705 smb_fname, /* fname */
2706 DELETE_ACCESS, /* access_mask */
2707 FILE_SHARE_NONE, /* share_access */
2708 FILE_OPEN, /* create_disposition*/
2709 FILE_NON_DIRECTORY_FILE, /* create_options */
2710 /* file_attributes */
2711 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2712 FILE_ATTRIBUTE_NORMAL,
2713 0, /* oplock_request */
2714 0, /* allocation_size */
2715 0, /* private_flags */
2721 if (!NT_STATUS_IS_OK(status)) {
2722 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2723 nt_errstr(status)));
2727 status = can_set_delete_on_close(fsp, fattr);
2728 if (!NT_STATUS_IS_OK(status)) {
2729 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2731 smb_fname_str_dbg(smb_fname),
2732 nt_errstr(status)));
2733 close_file(req, fsp, NORMAL_CLOSE);
2737 /* The set is across all open files on this dev/inode pair. */
2738 if (!set_delete_on_close(fsp, True,
2739 conn->session_info->security_token,
2740 conn->session_info->unix_token)) {
2741 close_file(req, fsp, NORMAL_CLOSE);
2742 return NT_STATUS_ACCESS_DENIED;
2745 return close_file(req, fsp, NORMAL_CLOSE);
2748 /****************************************************************************
2749 The guts of the unlink command, split out so it may be called by the NT SMB
2751 ****************************************************************************/
2753 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2754 uint32 dirtype, struct smb_filename *smb_fname,
2757 char *fname_dir = NULL;
2758 char *fname_mask = NULL;
2760 NTSTATUS status = NT_STATUS_OK;
2761 TALLOC_CTX *ctx = talloc_tos();
2763 /* Split up the directory from the filename/mask. */
2764 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2765 &fname_dir, &fname_mask);
2766 if (!NT_STATUS_IS_OK(status)) {
2771 * We should only check the mangled cache
2772 * here if unix_convert failed. This means
2773 * that the path in 'mask' doesn't exist
2774 * on the file system and so we need to look
2775 * for a possible mangle. This patch from
2776 * Tine Smukavec <valentin.smukavec@hermes.si>.
2779 if (!VALID_STAT(smb_fname->st) &&
2780 mangle_is_mangled(fname_mask, conn->params)) {
2781 char *new_mask = NULL;
2782 mangle_lookup_name_from_8_3(ctx, fname_mask,
2783 &new_mask, conn->params);
2785 TALLOC_FREE(fname_mask);
2786 fname_mask = new_mask;
2793 * Only one file needs to be unlinked. Append the mask back
2794 * onto the directory.
2796 TALLOC_FREE(smb_fname->base_name);
2797 if (ISDOT(fname_dir)) {
2798 /* Ensure we use canonical names on open. */
2799 smb_fname->base_name = talloc_asprintf(smb_fname,
2803 smb_fname->base_name = talloc_asprintf(smb_fname,
2808 if (!smb_fname->base_name) {
2809 status = NT_STATUS_NO_MEMORY;
2813 dirtype = FILE_ATTRIBUTE_NORMAL;
2816 status = check_name(conn, smb_fname->base_name);
2817 if (!NT_STATUS_IS_OK(status)) {
2821 status = do_unlink(conn, req, smb_fname, dirtype);
2822 if (!NT_STATUS_IS_OK(status)) {
2828 struct smb_Dir *dir_hnd = NULL;
2830 const char *dname = NULL;
2831 char *talloced = NULL;
2833 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == FILE_ATTRIBUTE_DIRECTORY) {
2834 status = NT_STATUS_OBJECT_NAME_INVALID;
2838 if (strequal(fname_mask,"????????.???")) {
2839 TALLOC_FREE(fname_mask);
2840 fname_mask = talloc_strdup(ctx, "*");
2842 status = NT_STATUS_NO_MEMORY;
2847 status = check_name(conn, fname_dir);
2848 if (!NT_STATUS_IS_OK(status)) {
2852 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2854 if (dir_hnd == NULL) {
2855 status = map_nt_error_from_unix(errno);
2859 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2860 the pattern matches against the long name, otherwise the short name
2861 We don't implement this yet XXXX
2864 status = NT_STATUS_NO_SUCH_FILE;
2866 while ((dname = ReadDirName(dir_hnd, &offset,
2867 &smb_fname->st, &talloced))) {
2868 TALLOC_CTX *frame = talloc_stackframe();
2870 if (!is_visible_file(conn, fname_dir, dname,
2871 &smb_fname->st, true)) {
2873 TALLOC_FREE(talloced);
2877 /* Quick check for "." and ".." */
2878 if (ISDOT(dname) || ISDOTDOT(dname)) {
2880 TALLOC_FREE(talloced);
2884 if(!mask_match(dname, fname_mask,
2885 conn->case_sensitive)) {
2887 TALLOC_FREE(talloced);
2891 TALLOC_FREE(smb_fname->base_name);
2892 if (ISDOT(fname_dir)) {
2893 /* Ensure we use canonical names on open. */
2894 smb_fname->base_name =
2895 talloc_asprintf(smb_fname, "%s",
2898 smb_fname->base_name =
2899 talloc_asprintf(smb_fname, "%s/%s",
2903 if (!smb_fname->base_name) {
2904 TALLOC_FREE(dir_hnd);
2905 status = NT_STATUS_NO_MEMORY;
2907 TALLOC_FREE(talloced);
2911 status = check_name(conn, smb_fname->base_name);
2912 if (!NT_STATUS_IS_OK(status)) {
2913 TALLOC_FREE(dir_hnd);
2915 TALLOC_FREE(talloced);
2919 status = do_unlink(conn, req, smb_fname, dirtype);
2920 if (!NT_STATUS_IS_OK(status)) {
2922 TALLOC_FREE(talloced);
2927 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2928 smb_fname->base_name));
2931 TALLOC_FREE(talloced);
2933 TALLOC_FREE(dir_hnd);
2936 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2937 status = map_nt_error_from_unix(errno);
2941 TALLOC_FREE(fname_dir);
2942 TALLOC_FREE(fname_mask);
2946 /****************************************************************************
2948 ****************************************************************************/
2950 void reply_unlink(struct smb_request *req)
2952 connection_struct *conn = req->conn;
2954 struct smb_filename *smb_fname = NULL;
2957 bool path_contains_wcard = False;
2958 TALLOC_CTX *ctx = talloc_tos();
2960 START_PROFILE(SMBunlink);
2963 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2967 dirtype = SVAL(req->vwv+0, 0);
2969 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2970 STR_TERMINATE, &status,
2971 &path_contains_wcard);
2972 if (!NT_STATUS_IS_OK(status)) {
2973 reply_nterror(req, status);
2977 status = filename_convert(ctx, conn,
2978 req->flags2 & FLAGS2_DFS_PATHNAMES,
2980 UCF_COND_ALLOW_WCARD_LCOMP,
2981 &path_contains_wcard,
2983 if (!NT_STATUS_IS_OK(status)) {
2984 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2985 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2986 ERRSRV, ERRbadpath);
2989 reply_nterror(req, status);
2993 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2995 status = unlink_internals(conn, req, dirtype, smb_fname,
2996 path_contains_wcard);
2997 if (!NT_STATUS_IS_OK(status)) {
2998 if (open_was_deferred(req->sconn, req->mid)) {
2999 /* We have re-scheduled this call. */
3002 reply_nterror(req, status);
3006 reply_outbuf(req, 0, 0);
3008 TALLOC_FREE(smb_fname);
3009 END_PROFILE(SMBunlink);
3013 /****************************************************************************
3015 ****************************************************************************/
3017 static void fail_readraw(void)
3019 const char *errstr = talloc_asprintf(talloc_tos(),
3020 "FAIL ! reply_readbraw: socket write fail (%s)",
3025 exit_server_cleanly(errstr);
3028 /****************************************************************************
3029 Fake (read/write) sendfile. Returns -1 on read or write fail.
3030 ****************************************************************************/
3032 ssize_t fake_sendfile(files_struct *fsp, off_t startpos, size_t nread)
3035 size_t tosend = nread;
3042 bufsize = MIN(nread, 65536);
3044 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
3048 while (tosend > 0) {
3052 if (tosend > bufsize) {
3057 ret = read_file(fsp,buf,startpos,cur_read);
3063 /* If we had a short read, fill with zeros. */
3064 if (ret < cur_read) {
3065 memset(buf + ret, '\0', cur_read - ret);
3068 if (write_data(fsp->conn->sconn->sock, buf, cur_read)
3070 char addr[INET6_ADDRSTRLEN];
3072 * Try and give an error message saying what
3075 DEBUG(0, ("write_data failed for client %s. "
3077 get_peer_addr(fsp->conn->sconn->sock, addr,
3084 startpos += cur_read;
3088 return (ssize_t)nread;
3091 /****************************************************************************
3092 Deal with the case of sendfile reading less bytes from the file than
3093 requested. Fill with zeros (all we can do).
3094 ****************************************************************************/
3096 void sendfile_short_send(files_struct *fsp,
3101 #define SHORT_SEND_BUFSIZE 1024
3102 if (nread < headersize) {
3103 DEBUG(0,("sendfile_short_send: sendfile failed to send "
3104 "header for file %s (%s). Terminating\n",
3105 fsp_str_dbg(fsp), strerror(errno)));
3106 exit_server_cleanly("sendfile_short_send failed");
3109 nread -= headersize;
3111 if (nread < smb_maxcnt) {
3112 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
3114 exit_server_cleanly("sendfile_short_send: "
3118 DEBUG(0,("sendfile_short_send: filling truncated file %s "
3119 "with zeros !\n", fsp_str_dbg(fsp)));
3121 while (nread < smb_maxcnt) {
3123 * We asked for the real file size and told sendfile
3124 * to not go beyond the end of the file. But it can
3125 * happen that in between our fstat call and the
3126 * sendfile call the file was truncated. This is very
3127 * bad because we have already announced the larger
3128 * number of bytes to the client.
3130 * The best we can do now is to send 0-bytes, just as
3131 * a read from a hole in a sparse file would do.
3133 * This should happen rarely enough that I don't care
3134 * about efficiency here :-)
3138 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
3139 if (write_data(fsp->conn->sconn->sock, buf, to_write)
3141 char addr[INET6_ADDRSTRLEN];
3143 * Try and give an error message saying what
3146 DEBUG(0, ("write_data failed for client %s. "
3149 fsp->conn->sconn->sock, addr,
3152 exit_server_cleanly("sendfile_short_send: "
3153 "write_data failed");
3161 /****************************************************************************
3162 Return a readbraw error (4 bytes of zero).
3163 ****************************************************************************/
3165 static void reply_readbraw_error(struct smbd_server_connection *sconn)
3171 smbd_lock_socket(sconn);
3172 if (write_data(sconn->sock,header,4) != 4) {
3173 char addr[INET6_ADDRSTRLEN];
3175 * Try and give an error message saying what
3178 DEBUG(0, ("write_data failed for client %s. "
3180 get_peer_addr(sconn->sock, addr, sizeof(addr)),
3185 smbd_unlock_socket(sconn);
3188 /****************************************************************************
3189 Use sendfile in readbraw.
3190 ****************************************************************************/
3192 static void send_file_readbraw(connection_struct *conn,
3193 struct smb_request *req,
3199 struct smbd_server_connection *sconn = req->sconn;
3200 char *outbuf = NULL;
3204 * We can only use sendfile on a non-chained packet
3205 * but we can use on a non-oplocked file. tridge proved this
3206 * on a train in Germany :-). JRA.
3207 * reply_readbraw has already checked the length.
3210 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
3211 (fsp->wcp == NULL) &&
3212 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3213 ssize_t sendfile_read = -1;
3215 DATA_BLOB header_blob;
3217 _smb_setlen(header,nread);
3218 header_blob = data_blob_const(header, 4);
3220 sendfile_read = SMB_VFS_SENDFILE(sconn->sock, fsp,
3221 &header_blob, startpos,
3223 if (sendfile_read == -1) {
3224 /* Returning ENOSYS means no data at all was sent.
3225 * Do this as a normal read. */
3226 if (errno == ENOSYS) {
3227 goto normal_readbraw;
3231 * Special hack for broken Linux with no working sendfile. If we
3232 * return EINTR we sent the header but not the rest of the data.
3233 * Fake this up by doing read/write calls.
3235 if (errno == EINTR) {
3236 /* Ensure we don't do this again. */
3237 set_use_sendfile(SNUM(conn), False);
3238 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
3240 if (fake_sendfile(fsp, startpos, nread) == -1) {
3241 DEBUG(0,("send_file_readbraw: "
3242 "fake_sendfile failed for "
3246 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
3251 DEBUG(0,("send_file_readbraw: sendfile failed for "
3252 "file %s (%s). Terminating\n",
3253 fsp_str_dbg(fsp), strerror(errno)));
3254 exit_server_cleanly("send_file_readbraw sendfile failed");
3255 } else if (sendfile_read == 0) {
3257 * Some sendfile implementations return 0 to indicate
3258 * that there was a short read, but nothing was
3259 * actually written to the socket. In this case,
3260 * fallback to the normal read path so the header gets
3261 * the correct byte count.
3263 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
3264 "bytes falling back to the normal read: "
3265 "%s\n", fsp_str_dbg(fsp)));
3266 goto normal_readbraw;
3269 /* Deal with possible short send. */
3270 if (sendfile_read != 4+nread) {
3271 sendfile_short_send(fsp, sendfile_read, 4, nread);
3278 outbuf = talloc_array(NULL, char, nread+4);
3280 DEBUG(0,("send_file_readbraw: talloc_array failed for size %u.\n",
3281 (unsigned)(nread+4)));
3282 reply_readbraw_error(sconn);
3287 ret = read_file(fsp,outbuf+4,startpos,nread);
3288 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3297 _smb_setlen(outbuf,ret);
3298 if (write_data(sconn->sock, outbuf, 4+ret) != 4+ret) {
3299 char addr[INET6_ADDRSTRLEN];
3301 * Try and give an error message saying what
3304 DEBUG(0, ("write_data failed for client %s. "
3306 get_peer_addr(fsp->conn->sconn->sock, addr,
3313 TALLOC_FREE(outbuf);
3316 /****************************************************************************
3317 Reply to a readbraw (core+ protocol).
3318 ****************************************************************************/
3320 void reply_readbraw(struct smb_request *req)
3322 connection_struct *conn = req->conn;
3323 struct smbd_server_connection *sconn = req->sconn;
3324 ssize_t maxcount,mincount;
3328 struct lock_struct lock;
3331 START_PROFILE(SMBreadbraw);
3333 if (srv_is_signing_active(sconn) || req->encrypted) {
3334 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3335 "raw reads/writes are disallowed.");
3339 reply_readbraw_error(sconn);
3340 END_PROFILE(SMBreadbraw);
3344 if (sconn->smb1.echo_handler.trusted_fde) {
3345 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3346 "'async smb echo handler = yes'\n"));
3347 reply_readbraw_error(sconn);
3348 END_PROFILE(SMBreadbraw);
3353 * Special check if an oplock break has been issued
3354 * and the readraw request croses on the wire, we must
3355 * return a zero length response here.
3358 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3361 * We have to do a check_fsp by hand here, as
3362 * we must always return 4 zero bytes on error,
3366 if (!fsp || !conn || conn != fsp->conn ||
3367 req->vuid != fsp->vuid ||
3368 fsp->is_directory || fsp->fh->fd == -1) {
3370 * fsp could be NULL here so use the value from the packet. JRA.
3372 DEBUG(3,("reply_readbraw: fnum %d not valid "
3374 (int)SVAL(req->vwv+0, 0)));
3375 reply_readbraw_error(sconn);
3376 END_PROFILE(SMBreadbraw);
3380 /* Do a "by hand" version of CHECK_READ. */
3381 if (!(fsp->can_read ||
3382 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3383 (fsp->access_mask & FILE_EXECUTE)))) {
3384 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3385 (int)SVAL(req->vwv+0, 0)));
3386 reply_readbraw_error(sconn);
3387 END_PROFILE(SMBreadbraw);
3391 flush_write_cache(fsp, READRAW_FLUSH);
3393 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3394 if(req->wct == 10) {
3396 * This is a large offset (64 bit) read.
3399 startpos |= (((off_t)IVAL(req->vwv+8, 0)) << 32);
3402 DEBUG(0,("reply_readbraw: negative 64 bit "
3403 "readraw offset (%.0f) !\n",
3404 (double)startpos ));
3405 reply_readbraw_error(sconn);
3406 END_PROFILE(SMBreadbraw);
3411 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3412 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3414 /* ensure we don't overrun the packet size */
3415 maxcount = MIN(65535,maxcount);
3417 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3418 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3421 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3422 reply_readbraw_error(sconn);
3423 END_PROFILE(SMBreadbraw);
3427 if (fsp_stat(fsp) == 0) {
3428 size = fsp->fsp_name->st.st_ex_size;
3431 if (startpos >= size) {
3434 nread = MIN(maxcount,(size - startpos));
3437 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3438 if (nread < mincount)
3442 DEBUG( 3, ( "reply_readbraw: %s start=%.0f max=%lu "
3443 "min=%lu nread=%lu\n",
3444 fsp_fnum_dbg(fsp), (double)startpos,
3445 (unsigned long)maxcount,
3446 (unsigned long)mincount,
3447 (unsigned long)nread ) );
3449 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3451 DEBUG(5,("reply_readbraw finished\n"));
3453 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3455 END_PROFILE(SMBreadbraw);
3460 #define DBGC_CLASS DBGC_LOCKING
3462 /****************************************************************************
3463 Reply to a lockread (core+ protocol).
3464 ****************************************************************************/
3466 void reply_lockread(struct smb_request *req)
3468 connection_struct *conn = req->conn;
3475 struct byte_range_lock *br_lck = NULL;
3477 struct smbd_server_connection *sconn = req->sconn;
3479 START_PROFILE(SMBlockread);
3482 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3483 END_PROFILE(SMBlockread);
3487 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3489 if (!check_fsp(conn, req, fsp)) {
3490 END_PROFILE(SMBlockread);
3494 if (!CHECK_READ(fsp,req)) {
3495 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3496 END_PROFILE(SMBlockread);
3500 numtoread = SVAL(req->vwv+1, 0);
3501 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3503 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3505 reply_outbuf(req, 5, numtoread + 3);
3507 data = smb_buf(req->outbuf) + 3;
3510 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3511 * protocol request that predates the read/write lock concept.
3512 * Thus instead of asking for a read lock here we need to ask
3513 * for a write lock. JRA.
3514 * Note that the requested lock size is unaffected by max_recv.
3517 br_lck = do_lock(req->sconn->msg_ctx,
3519 (uint64_t)req->smbpid,
3520 (uint64_t)numtoread,
3524 False, /* Non-blocking lock. */
3528 TALLOC_FREE(br_lck);
3530 if (NT_STATUS_V(status)) {
3531 reply_nterror(req, status);
3532 END_PROFILE(SMBlockread);
3537 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3540 if (numtoread > sconn->smb1.negprot.max_recv) {
3541 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3542 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3543 (unsigned int)numtoread,
3544 (unsigned int)sconn->smb1.negprot.max_recv));
3545 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3547 nread = read_file(fsp,data,startpos,numtoread);
3550 reply_nterror(req, map_nt_error_from_unix(errno));
3551 END_PROFILE(SMBlockread);
3555 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3557 SSVAL(req->outbuf,smb_vwv0,nread);
3558 SSVAL(req->outbuf,smb_vwv5,nread+3);
3559 p = smb_buf(req->outbuf);
3560 SCVAL(p,0,0); /* pad byte. */
3563 DEBUG(3,("lockread %s num=%d nread=%d\n",
3564 fsp_fnum_dbg(fsp), (int)numtoread, (int)nread));
3566 END_PROFILE(SMBlockread);
3571 #define DBGC_CLASS DBGC_ALL
3573 /****************************************************************************
3575 ****************************************************************************/
3577 void reply_read(struct smb_request *req)
3579 connection_struct *conn = req->conn;
3586 struct lock_struct lock;
3587 struct smbd_server_connection *sconn = req->sconn;
3589 START_PROFILE(SMBread);
3592 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3593 END_PROFILE(SMBread);
3597 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3599 if (!check_fsp(conn, req, fsp)) {
3600 END_PROFILE(SMBread);
3604 if (!CHECK_READ(fsp,req)) {
3605 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3606 END_PROFILE(SMBread);
3610 numtoread = SVAL(req->vwv+1, 0);
3611 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3613 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3616 * The requested read size cannot be greater than max_recv. JRA.
3618 if (numtoread > sconn->smb1.negprot.max_recv) {
3619 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3620 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3621 (unsigned int)numtoread,
3622 (unsigned int)sconn->smb1.negprot.max_recv));
3623 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3626 reply_outbuf(req, 5, numtoread+3);
3628 data = smb_buf(req->outbuf) + 3;
3630 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3631 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3634 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3635 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3636 END_PROFILE(SMBread);
3641 nread = read_file(fsp,data,startpos,numtoread);
3644 reply_nterror(req, map_nt_error_from_unix(errno));
3648 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3650 SSVAL(req->outbuf,smb_vwv0,nread);
3651 SSVAL(req->outbuf,smb_vwv5,nread+3);
3652 SCVAL(smb_buf(req->outbuf),0,1);
3653 SSVAL(smb_buf(req->outbuf),1,nread);
3655 DEBUG(3, ("read %s num=%d nread=%d\n",
3656 fsp_fnum_dbg(fsp), (int)numtoread, (int)nread));
3659 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3661 END_PROFILE(SMBread);
3665 /****************************************************************************
3667 ****************************************************************************/
3669 static int setup_readX_header(struct smb_request *req, char *outbuf,
3674 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3676 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3678 SCVAL(outbuf,smb_vwv0,0xFF);
3679 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3680 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3681 SSVAL(outbuf,smb_vwv6,
3682 (smb_wct - 4) /* offset from smb header to wct */
3683 + 1 /* the wct field */
3684 + 12 * sizeof(uint16_t) /* vwv */
3685 + 2); /* the buflen field */
3686 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3687 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3688 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3689 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3693 /****************************************************************************
3694 Reply to a read and X - possibly using sendfile.
3695 ****************************************************************************/
3697 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3698 files_struct *fsp, off_t startpos,
3702 struct lock_struct lock;
3703 int saved_errno = 0;
3705 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3706 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3709 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3710 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3715 * We can only use sendfile on a non-chained packet
3716 * but we can use on a non-oplocked file. tridge proved this
3717 * on a train in Germany :-). JRA.
3720 if (!req_is_in_chain(req) &&
3722 (fsp->base_fsp == NULL) &&
3723 (fsp->wcp == NULL) &&
3724 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3725 uint8 headerbuf[smb_size + 12 * 2];
3728 if(fsp_stat(fsp) == -1) {
3729 reply_nterror(req, map_nt_error_from_unix(errno));
3733 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3734 (startpos > fsp->fsp_name->st.st_ex_size) ||
3735 (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3737 * We already know that we would do a short read, so don't
3738 * try the sendfile() path.
3740 goto nosendfile_read;
3744 * Set up the packet header before send. We
3745 * assume here the sendfile will work (get the
3746 * correct amount of data).
3749 header = data_blob_const(headerbuf, sizeof(headerbuf));
3751 construct_reply_common_req(req, (char *)headerbuf);
3752 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3754 nread = SMB_VFS_SENDFILE(req->sconn->sock, fsp, &header,
3755 startpos, smb_maxcnt);
3757 /* Returning ENOSYS means no data at all was sent.
3758 Do this as a normal read. */
3759 if (errno == ENOSYS) {
3764 * Special hack for broken Linux with no working sendfile. If we
3765 * return EINTR we sent the header but not the rest of the data.
3766 * Fake this up by doing read/write calls.
3769 if (errno == EINTR) {
3770 /* Ensure we don't do this again. */
3771 set_use_sendfile(SNUM(conn), False);
3772 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3773 nread = fake_sendfile(fsp, startpos,
3776 DEBUG(0,("send_file_readX: "
3777 "fake_sendfile failed for "
3781 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3783 DEBUG(3, ("send_file_readX: fake_sendfile %s max=%d nread=%d\n",
3784 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3785 /* No outbuf here means successful sendfile. */
3789 DEBUG(0,("send_file_readX: sendfile failed for file "
3790 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3792 exit_server_cleanly("send_file_readX sendfile failed");
3793 } else if (nread == 0) {
3795 * Some sendfile implementations return 0 to indicate
3796 * that there was a short read, but nothing was
3797 * actually written to the socket. In this case,
3798 * fallback to the normal read path so the header gets
3799 * the correct byte count.
3801 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3802 "falling back to the normal read: %s\n",
3807 DEBUG(3, ("send_file_readX: sendfile %s max=%d nread=%d\n",
3808 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3810 /* Deal with possible short send. */
3811 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3812 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3814 /* No outbuf here means successful sendfile. */
3815 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3816 SMB_PERFCOUNT_END(&req->pcd);
3822 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3823 uint8 headerbuf[smb_size + 2*12];
3825 construct_reply_common_req(req, (char *)headerbuf);
3826 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3828 /* Send out the header. */
3829 if (write_data(req->sconn->sock, (char *)headerbuf,
3830 sizeof(headerbuf)) != sizeof(headerbuf)) {
3832 char addr[INET6_ADDRSTRLEN];
3834 * Try and give an error message saying what
3837 DEBUG(0, ("write_data failed for client %s. "
3839 get_peer_addr(req->sconn->sock, addr,
3843 DEBUG(0,("send_file_readX: write_data failed for file "
3844 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3846 exit_server_cleanly("send_file_readX sendfile failed");
3848 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3850 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3851 "file %s (%s).\n", fsp_str_dbg(fsp),
3853 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3860 reply_outbuf(req, 12, smb_maxcnt);
3861 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
3862 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
3864 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3865 saved_errno = errno;
3867 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3870 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3874 setup_readX_header(req, (char *)req->outbuf, nread);
3876 DEBUG(3, ("send_file_readX %s max=%d nread=%d\n",
3877 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3881 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3882 TALLOC_FREE(req->outbuf);
3886 /****************************************************************************
3887 Work out how much space we have for a read return.
3888 ****************************************************************************/
3890 static size_t calc_max_read_pdu(const struct smb_request *req)
3892 if (req->sconn->conn->protocol < PROTOCOL_NT1) {
3893 return req->sconn->smb1.sessions.max_send;
3896 if (!lp_large_readwrite()) {
3897 return req->sconn->smb1.sessions.max_send;
3900 if (req_is_in_chain(req)) {
3901 return req->sconn->smb1.sessions.max_send;
3904 if (req->encrypted) {
3906 * Don't take encrypted traffic up to the
3907 * limit. There are padding considerations
3908 * that make that tricky.
3910 return req->sconn->smb1.sessions.max_send;
3913 if (srv_is_signing_active(req->sconn)) {
3917 if (!lp_unix_extensions()) {
3922 * We can do ultra-large POSIX reads.
3927 /****************************************************************************
3928 Calculate how big a read can be. Copes with all clients. It's always
3929 safe to return a short read - Windows does this.
3930 ****************************************************************************/
3932 static size_t calc_read_size(const struct smb_request *req,
3936 size_t max_pdu = calc_max_read_pdu(req);
3937 size_t total_size = 0;
3938 size_t hdr_len = MIN_SMB_SIZE + VWV(12);
3939 size_t max_len = max_pdu - hdr_len;
3942 * Windows explicitly ignores upper size of 0xFFFF.
3943 * See [MS-SMB].pdf <26> Section 2.2.4.2.1:
3944 * We must do the same as these will never fit even in
3945 * an extended size NetBIOS packet.
3947 if (upper_size == 0xFFFF) {
3951 if (req->sconn->conn->protocol < PROTOCOL_NT1) {
3955 total_size = ((upper_size<<16) | lower_size);
3958 * LARGE_READX test shows it's always safe to return
3959 * a short read. Windows does so.
3961 return MIN(total_size, max_len);
3964 /****************************************************************************
3965 Reply to a read and X.
3966 ****************************************************************************/
3968 void reply_read_and_X(struct smb_request *req)
3970 connection_struct *conn = req->conn;
3975 bool big_readX = False;
3977 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3980 START_PROFILE(SMBreadX);
3982 if ((req->wct != 10) && (req->wct != 12)) {
3983 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3987 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3988 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3989 smb_maxcnt = SVAL(req->vwv+5, 0);
3991 /* If it's an IPC, pass off the pipe handler. */
3993 reply_pipe_read_and_X(req);
3994 END_PROFILE(SMBreadX);
3998 if (!check_fsp(conn, req, fsp)) {
3999 END_PROFILE(SMBreadX);
4003 if (!CHECK_READ(fsp,req)) {
4004 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4005 END_PROFILE(SMBreadX);
4009 upper_size = SVAL(req->vwv+7, 0);
4010 smb_maxcnt = calc_read_size(req, upper_size, smb_maxcnt);
4011 if (smb_maxcnt > (0x1FFFF - (MIN_SMB_SIZE + VWV(12)))) {
4013 * This is a heuristic to avoid keeping large
4014 * outgoing buffers around over long-lived aio
4020 if (req->wct == 12) {
4022 * This is a large offset (64 bit) read.
4024 startpos |= (((off_t)IVAL(req->vwv+10, 0)) << 32);
4029 NTSTATUS status = schedule_aio_read_and_X(conn,
4034 if (NT_STATUS_IS_OK(status)) {
4035 /* Read scheduled - we're done. */
4038 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4039 /* Real error - report to client. */
4040 END_PROFILE(SMBreadX);
4041 reply_nterror(req, status);
4044 /* NT_STATUS_RETRY - fall back to sync read. */
4047 smbd_lock_socket(req->sconn);
4048 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
4049 smbd_unlock_socket(req->sconn);
4052 END_PROFILE(SMBreadX);
4056 /****************************************************************************
4057 Error replies to writebraw must have smb_wct == 1. Fix this up.
4058 ****************************************************************************/
4060 void error_to_writebrawerr(struct smb_request *req)
4062 uint8 *old_outbuf = req->outbuf;
4064 reply_outbuf(req, 1, 0);
4066 memcpy(req->outbuf, old_outbuf, smb_size);
4067 TALLOC_FREE(old_outbuf);
4070 /****************************************************************************
4071 Read 4 bytes of a smb packet and return the smb length of the packet.
4072 Store the result in the buffer. This version of the function will
4073 never return a session keepalive (length of zero).
4074 Timeout is in milliseconds.
4075 ****************************************************************************/
4077 static NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
4080 uint8_t msgtype = NBSSkeepalive;
4082 while (msgtype == NBSSkeepalive) {
4085 status = read_smb_length_return_keepalive(fd, inbuf, timeout,
4087 if (!NT_STATUS_IS_OK(status)) {
4088 char addr[INET6_ADDRSTRLEN];
4089 /* Try and give an error message
4090 * saying what client failed. */
4091 DEBUG(0, ("read_fd_with_timeout failed for "
4092 "client %s read error = %s.\n",
4093 get_peer_addr(fd,addr,sizeof(addr)),
4094 nt_errstr(status)));
4098 msgtype = CVAL(inbuf, 0);
4101 DEBUG(10,("read_smb_length: got smb length of %lu\n",
4102 (unsigned long)len));
4104 return NT_STATUS_OK;
4107 /****************************************************************************
4108 Reply to a writebraw (core+ or LANMAN1.0 protocol).
4109 ****************************************************************************/
4111 void reply_writebraw(struct smb_request *req)
4113 connection_struct *conn = req->conn;
4116 ssize_t total_written=0;
4117 size_t numtowrite=0;
4120 const char *data=NULL;
4123 struct lock_struct lock;
4126 START_PROFILE(SMBwritebraw);
4129 * If we ever reply with an error, it must have the SMB command
4130 * type of SMBwritec, not SMBwriteBraw, as this tells the client
4133 SCVAL(discard_const_p(uint8_t, req->inbuf),smb_com,SMBwritec);
4135 if (srv_is_signing_active(req->sconn)) {
4136 END_PROFILE(SMBwritebraw);
4137 exit_server_cleanly("reply_writebraw: SMB signing is active - "
4138 "raw reads/writes are disallowed.");
4141 if (req->wct < 12) {
4142 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4143 error_to_writebrawerr(req);
4144 END_PROFILE(SMBwritebraw);
4148 if (req->sconn->smb1.echo_handler.trusted_fde) {
4149 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
4150 "'async smb echo handler = yes'\n"));
4151 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
4152 error_to_writebrawerr(req);
4153 END_PROFILE(SMBwritebraw);
4157 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4158 if (!check_fsp(conn, req, fsp)) {
4159 error_to_writebrawerr(req);
4160 END_PROFILE(SMBwritebraw);
4164 if (!CHECK_WRITE(fsp)) {
4165 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4166 error_to_writebrawerr(req);
4167 END_PROFILE(SMBwritebraw);
4171 tcount = IVAL(req->vwv+1, 0);
4172 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4173 write_through = BITSETW(req->vwv+7,0);
4175 /* We have to deal with slightly different formats depending
4176 on whether we are using the core+ or lanman1.0 protocol */
4178 if(get_Protocol() <= PROTOCOL_COREPLUS) {
4179 numtowrite = SVAL(smb_buf_const(req->inbuf),-2);
4180 data = smb_buf_const(req->inbuf);
4182 numtowrite = SVAL(req->vwv+10, 0);
4183 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
4186 /* Ensure we don't write bytes past the end of this packet. */
4187 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
4188 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4189 error_to_writebrawerr(req);
4190 END_PROFILE(SMBwritebraw);
4194 if (!fsp->print_file) {
4195 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4196 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
4199 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4200 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4201 error_to_writebrawerr(req);
4202 END_PROFILE(SMBwritebraw);
4208 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4211 DEBUG(3, ("reply_writebraw: initial write %s start=%.0f num=%d "
4212 "wrote=%d sync=%d\n",
4213 fsp_fnum_dbg(fsp), (double)startpos, (int)numtowrite,
4214 (int)nwritten, (int)write_through));
4216 if (nwritten < (ssize_t)numtowrite) {
4217 reply_nterror(req, NT_STATUS_DISK_FULL);
4218 error_to_writebrawerr(req);
4222 total_written = nwritten;
4224 /* Allocate a buffer of 64k + length. */
4225 buf = talloc_array(NULL, char, 65540);
4227 reply_nterror(req, NT_STATUS_NO_MEMORY);
4228 error_to_writebrawerr(req);
4232 /* Return a SMBwritebraw message to the redirector to tell
4233 * it to send more bytes */
4235 memcpy(buf, req->inbuf, smb_size);
4236 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
4237 SCVAL(buf,smb_com,SMBwritebraw);
4238 SSVALS(buf,smb_vwv0,0xFFFF);
4240 if (!srv_send_smb(req->sconn,
4242 false, 0, /* no signing */
4243 IS_CONN_ENCRYPTED(conn),
4245 exit_server_cleanly("reply_writebraw: srv_send_smb "
4249 /* Now read the raw data into the buffer and write it */
4250 status = read_smb_length(req->sconn->sock, buf, SMB_SECONDARY_WAIT,
4252 if (!NT_STATUS_IS_OK(status)) {
4253 exit_server_cleanly("secondary writebraw failed");
4256 /* Set up outbuf to return the correct size */
4257 reply_outbuf(req, 1, 0);
4259 if (numtowrite != 0) {
4261 if (numtowrite > 0xFFFF) {
4262 DEBUG(0,("reply_writebraw: Oversize secondary write "
4263 "raw requested (%u). Terminating\n",
4264 (unsigned int)numtowrite ));
4265 exit_server_cleanly("secondary writebraw failed");
4268 if (tcount > nwritten+numtowrite) {
4269 DEBUG(3,("reply_writebraw: Client overestimated the "
4271 (int)tcount,(int)nwritten,(int)numtowrite));
4274 status = read_data(req->sconn->sock, buf+4, numtowrite);
4276 if (!NT_STATUS_IS_OK(status)) {
4277 char addr[INET6_ADDRSTRLEN];
4278 /* Try and give an error message
4279 * saying what client failed. */
4280 DEBUG(0, ("reply_writebraw: Oversize secondary write "
4281 "raw read failed (%s) for client %s. "
4282 "Terminating\n", nt_errstr(status),
4283 get_peer_addr(req->sconn->sock, addr,
4285 exit_server_cleanly("secondary writebraw failed");
4288 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
4289 if (nwritten == -1) {
4291 reply_nterror(req, map_nt_error_from_unix(errno));
4292 error_to_writebrawerr(req);
4296 if (nwritten < (ssize_t)numtowrite) {
4297 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4298 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4302 total_written += nwritten;
4307 SSVAL(req->outbuf,smb_vwv0,total_written);
4309 status = sync_file(conn, fsp, write_through);
4310 if (!NT_STATUS_IS_OK(status)) {
4311 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
4312 fsp_str_dbg(fsp), nt_errstr(status)));
4313 reply_nterror(req, status);
4314 error_to_writebrawerr(req);
4318 DEBUG(3,("reply_writebraw: secondart write %s start=%.0f num=%d "
4320 fsp_fnum_dbg(fsp), (double)startpos, (int)numtowrite,
4321 (int)total_written));
4323 if (!fsp->print_file) {
4324 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4327 /* We won't return a status if write through is not selected - this
4328 * follows what WfWg does */
4329 END_PROFILE(SMBwritebraw);
4331 if (!write_through && total_written==tcount) {
4333 #if RABBIT_PELLET_FIX
4335 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
4336 * sending a NBSSkeepalive. Thanks to DaveCB at Sun for this.
4339 if (!send_keepalive(req->sconn->sock)) {
4340 exit_server_cleanly("reply_writebraw: send of "
4341 "keepalive failed");
4344 TALLOC_FREE(req->outbuf);
4349 if (!fsp->print_file) {
4350 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4353 END_PROFILE(SMBwritebraw);
4358 #define DBGC_CLASS DBGC_LOCKING
4360 /****************************************************************************
4361 Reply to a writeunlock (core+).
4362 ****************************************************************************/
4364 void reply_writeunlock(struct smb_request *req)
4366 connection_struct *conn = req->conn;
4367 ssize_t nwritten = -1;
4371 NTSTATUS status = NT_STATUS_OK;
4373 struct lock_struct lock;
4374 int saved_errno = 0;
4376 START_PROFILE(SMBwriteunlock);
4379 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4380 END_PROFILE(SMBwriteunlock);
4384 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4386 if (!check_fsp(conn, req, fsp)) {
4387 END_PROFILE(SMBwriteunlock);
4391 if (!CHECK_WRITE(fsp)) {
4392 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4393 END_PROFILE(SMBwriteunlock);
4397 numtowrite = SVAL(req->vwv+1, 0);
4398 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4399 data = (const char *)req->buf + 3;
4401 if (!fsp->print_file && numtowrite > 0) {
4402 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4403 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4406 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4407 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4408 END_PROFILE(SMBwriteunlock);
4413 /* The special X/Open SMB protocol handling of
4414 zero length writes is *NOT* done for
4416 if(numtowrite == 0) {
4419 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4420 saved_errno = errno;
4423 status = sync_file(conn, fsp, False /* write through */);
4424 if (!NT_STATUS_IS_OK(status)) {
4425 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4426 fsp_str_dbg(fsp), nt_errstr(status)));
4427 reply_nterror(req, status);
4432 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4436 if((nwritten < numtowrite) && (numtowrite != 0)) {
4437 reply_nterror(req, NT_STATUS_DISK_FULL);
4441 if (numtowrite && !fsp->print_file) {
4442 status = do_unlock(req->sconn->msg_ctx,
4444 (uint64_t)req->smbpid,
4445 (uint64_t)numtowrite,
4449 if (NT_STATUS_V(status)) {
4450 reply_nterror(req, status);
4455 reply_outbuf(req, 1, 0);
4457 SSVAL(req->outbuf,smb_vwv0,nwritten);
4459 DEBUG(3, ("writeunlock %s num=%d wrote=%d\n",
4460 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4463 if (numtowrite && !fsp->print_file) {
4464 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4467 END_PROFILE(SMBwriteunlock);
4472 #define DBGC_CLASS DBGC_ALL
4474 /****************************************************************************
4476 ****************************************************************************/
4478 void reply_write(struct smb_request *req)
4480 connection_struct *conn = req->conn;
4482 ssize_t nwritten = -1;
4486 struct lock_struct lock;
4488 int saved_errno = 0;
4490 START_PROFILE(SMBwrite);
4493 END_PROFILE(SMBwrite);
4494 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4498 /* If it's an IPC, pass off the pipe handler. */
4500 reply_pipe_write(req);
4501 END_PROFILE(SMBwrite);
4505 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4507 if (!check_fsp(conn, req, fsp)) {
4508 END_PROFILE(SMBwrite);
4512 if (!CHECK_WRITE(fsp)) {
4513 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4514 END_PROFILE(SMBwrite);
4518 numtowrite = SVAL(req->vwv+1, 0);
4519 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4520 data = (const char *)req->buf + 3;
4522 if (!fsp->print_file) {
4523 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4524 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4527 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4528 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4529 END_PROFILE(SMBwrite);
4535 * X/Open SMB protocol says that if smb_vwv1 is
4536 * zero then the file size should be extended or
4537 * truncated to the size given in smb_vwv[2-3].
4540 if(numtowrite == 0) {
4542 * This is actually an allocate call, and set EOF. JRA.
4544 nwritten = vfs_allocate_file_space(fsp, (off_t)startpos);
4546 reply_nterror(req, NT_STATUS_DISK_FULL);
4549 nwritten = vfs_set_filelen(fsp, (off_t)startpos);
4551 reply_nterror(req, NT_STATUS_DISK_FULL);
4554 trigger_write_time_update_immediate(fsp);
4556 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4559 status = sync_file(conn, fsp, False);
4560 if (!NT_STATUS_IS_OK(status)) {
4561 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4562 fsp_str_dbg(fsp), nt_errstr(status)));
4563 reply_nterror(req, status);
4568 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4572 if((nwritten == 0) && (numtowrite != 0)) {
4573 reply_nterror(req, NT_STATUS_DISK_FULL);
4577 reply_outbuf(req, 1, 0);
4579 SSVAL(req->outbuf,smb_vwv0,nwritten);
4581 if (nwritten < (ssize_t)numtowrite) {
4582 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4583 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4586 DEBUG(3, ("write %s num=%d wrote=%d\n", fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4589 if (!fsp->print_file) {
4590 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4593 END_PROFILE(SMBwrite);
4597 /****************************************************************************
4598 Ensure a buffer is a valid writeX for recvfile purposes.
4599 ****************************************************************************/
4601 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4602 (2*14) + /* word count (including bcc) */ \
4605 bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
4606 const uint8_t *inbuf)
4609 connection_struct *conn = NULL;
4610 unsigned int doff = 0;
4611 size_t len = smb_len_large(inbuf);
4612 struct smbXsrv_tcon *tcon;
4616 if (is_encrypted_packet(sconn, inbuf)) {
4617 /* Can't do this on encrypted
4622 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4626 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4627 CVAL(inbuf,smb_wct) != 14) {
4628 DEBUG(10,("is_valid_writeX_buffer: chained or "
4629 "invalid word length.\n"));
4633 status = smb1srv_tcon_lookup(sconn->conn, SVAL(inbuf, smb_tid),
4635 if (!NT_STATUS_IS_OK(status)) {
4636 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4639 conn = tcon->compat;
4642 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4645 if (IS_PRINT(conn)) {
4646 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4649 doff = SVAL(inbuf,smb_vwv11);
4651 numtowrite = SVAL(inbuf,smb_vwv10);
4653 if (len > doff && len - doff > 0xFFFF) {
4654 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4657 if (numtowrite == 0) {
4658 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4662 /* Ensure the sizes match up. */
4663 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4664 /* no pad byte...old smbclient :-( */
4665 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4667 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4671 if (len - doff != numtowrite) {
4672 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4673 "len = %u, doff = %u, numtowrite = %u\n",
4676 (unsigned int)numtowrite ));
4680 DEBUG(10,("is_valid_writeX_buffer: true "
4681 "len = %u, doff = %u, numtowrite = %u\n",
4684 (unsigned int)numtowrite ));
4689 /****************************************************************************
4690 Reply to a write and X.
4691 ****************************************************************************/
4693 void reply_write_and_X(struct smb_request *req)
4695 connection_struct *conn = req->conn;
4697 struct lock_struct lock;
4702 unsigned int smb_doff;
4703 unsigned int smblen;
4706 int saved_errno = 0;
4708 START_PROFILE(SMBwriteX);
4710 if ((req->wct != 12) && (req->wct != 14)) {
4711 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4715 numtowrite = SVAL(req->vwv+10, 0);
4716 smb_doff = SVAL(req->vwv+11, 0);
4717 smblen = smb_len(req->inbuf);
4719 if (req->unread_bytes > 0xFFFF ||
4720 (smblen > smb_doff &&
4721 smblen - smb_doff > 0xFFFF)) {
4722 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4725 if (req->unread_bytes) {
4726 /* Can't do a recvfile write on IPC$ */
4728 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4731 if (numtowrite != req->unread_bytes) {
4732 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4736 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4737 smb_doff + numtowrite > smblen) {
4738 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4743 /* If it's an IPC, pass off the pipe handler. */
4745 if (req->unread_bytes) {
4746 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4749 reply_pipe_write_and_X(req);
4753 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4754 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4755 write_through = BITSETW(req->vwv+7,0);
4757 if (!check_fsp(conn, req, fsp)) {
4761 if (!CHECK_WRITE(fsp)) {
4762 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4766 data = smb_base(req->inbuf) + smb_doff;
4768 if(req->wct == 14) {
4770 * This is a large offset (64 bit) write.
4772 startpos |= (((off_t)IVAL(req->vwv+12, 0)) << 32);
4776 /* X/Open SMB protocol says that, unlike SMBwrite
4777 if the length is zero then NO truncation is
4778 done, just a write of zero. To truncate a file,
4781 if(numtowrite == 0) {
4784 if (req->unread_bytes == 0) {
4785 status = schedule_aio_write_and_X(conn,
4792 if (NT_STATUS_IS_OK(status)) {
4793 /* write scheduled - we're done. */
4796 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4797 /* Real error - report to client. */
4798 reply_nterror(req, status);
4801 /* NT_STATUS_RETRY - fall through to sync write. */
4804 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4805 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4808 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4809 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4813 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4814 saved_errno = errno;
4816 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4820 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4824 if((nwritten == 0) && (numtowrite != 0)) {
4825 reply_nterror(req, NT_STATUS_DISK_FULL);
4829 reply_outbuf(req, 6, 0);
4830 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
4831 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
4832 SSVAL(req->outbuf,smb_vwv2,nwritten);
4833 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4835 DEBUG(3,("writeX %s num=%d wrote=%d\n",
4836 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4838 status = sync_file(conn, fsp, write_through);
4839 if (!NT_STATUS_IS_OK(status)) {
4840 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4841 fsp_str_dbg(fsp), nt_errstr(status)));
4842 reply_nterror(req, status);
4846 END_PROFILE(SMBwriteX);
4850 if (req->unread_bytes) {
4851 /* writeX failed. drain socket. */
4852 if (drain_socket(req->sconn->sock, req->unread_bytes) !=
4853 req->unread_bytes) {
4854 smb_panic("failed to drain pending bytes");
4856 req->unread_bytes = 0;
4859 END_PROFILE(SMBwriteX);
4863 /****************************************************************************
4865 ****************************************************************************/
4867 void reply_lseek(struct smb_request *req)
4869 connection_struct *conn = req->conn;
4875 START_PROFILE(SMBlseek);
4878 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4879 END_PROFILE(SMBlseek);
4883 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4885 if (!check_fsp(conn, req, fsp)) {
4889 flush_write_cache(fsp, SEEK_FLUSH);
4891 mode = SVAL(req->vwv+1, 0) & 3;
4892 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4893 startpos = (off_t)IVALS(req->vwv+2, 0);
4902 res = fsp->fh->pos + startpos;
4913 if (umode == SEEK_END) {
4914 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4915 if(errno == EINVAL) {
4916 off_t current_pos = startpos;
4918 if(fsp_stat(fsp) == -1) {
4920 map_nt_error_from_unix(errno));
4921 END_PROFILE(SMBlseek);
4925 current_pos += fsp->fsp_name->st.st_ex_size;
4927 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4932 reply_nterror(req, map_nt_error_from_unix(errno));
4933 END_PROFILE(SMBlseek);
4940 reply_outbuf(req, 2, 0);
4941 SIVAL(req->outbuf,smb_vwv0,res);
4943 DEBUG(3,("lseek %s ofs=%.0f newpos = %.0f mode=%d\n",
4944 fsp_fnum_dbg(fsp), (double)startpos, (double)res, mode));
4946 END_PROFILE(SMBlseek);
4950 /****************************************************************************
4952 ****************************************************************************/
4954 void reply_flush(struct smb_request *req)
4956 connection_struct *conn = req->conn;
4960 START_PROFILE(SMBflush);
4963 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4967 fnum = SVAL(req->vwv+0, 0);
4968 fsp = file_fsp(req, fnum);
4970 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4975 file_sync_all(conn);
4977 NTSTATUS status = sync_file(conn, fsp, True);
4978 if (!NT_STATUS_IS_OK(status)) {
4979 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4980 fsp_str_dbg(fsp), nt_errstr(status)));
4981 reply_nterror(req, status);
4982 END_PROFILE(SMBflush);
4987 reply_outbuf(req, 0, 0);
4989 DEBUG(3,("flush\n"));
4990 END_PROFILE(SMBflush);
4994 /****************************************************************************
4996 conn POINTER CAN BE NULL HERE !
4997 ****************************************************************************/
4999 void reply_exit(struct smb_request *req)
5001 START_PROFILE(SMBexit);
5003 file_close_pid(req->sconn, req->smbpid, req->vuid);
5005 reply_outbuf(req, 0, 0);
5007 DEBUG(3,("exit\n"));
5009 END_PROFILE(SMBexit);
5013 struct reply_close_state {
5015 struct smb_request *smbreq;
5018 static void do_smb1_close(struct tevent_req *req);
5020 void reply_close(struct smb_request *req)
5022 connection_struct *conn = req->conn;
5023 NTSTATUS status = NT_STATUS_OK;
5024 files_struct *fsp = NULL;
5025 START_PROFILE(SMBclose);
5028 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5029 END_PROFILE(SMBclose);
5033 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5036 * We can only use check_fsp if we know it's not a directory.
5039 if (!check_fsp_open(conn, req, fsp)) {
5040 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
5041 END_PROFILE(SMBclose);
5045 DEBUG(3, ("Close %s fd=%d %s (numopen=%d)\n",
5046 fsp->is_directory ? "directory" : "file",
5047 fsp->fh->fd, fsp_fnum_dbg(fsp),
5048 conn->num_files_open));
5050 if (!fsp->is_directory) {
5054 * Take care of any time sent in the close.
5057 t = srv_make_unix_date3(req->vwv+1);
5058 set_close_write_time(fsp, convert_time_t_to_timespec(t));
5061 if (fsp->num_aio_requests != 0) {
5063 struct reply_close_state *state;
5065 DEBUG(10, ("closing with aio %u requests pending\n",
5066 fsp->num_aio_requests));
5069 * We depend on the aio_extra destructor to take care of this
5070 * close request once fsp->num_aio_request drops to 0.
5073 fsp->deferred_close = tevent_wait_send(
5074 fsp, fsp->conn->sconn->ev_ctx);
5075 if (fsp->deferred_close == NULL) {
5076 status = NT_STATUS_NO_MEMORY;
5080 state = talloc(fsp, struct reply_close_state);
5081 if (state == NULL) {
5082 TALLOC_FREE(fsp->deferred_close);
5083 status = NT_STATUS_NO_MEMORY;
5087 state->smbreq = talloc_move(fsp, &req);
5088 tevent_req_set_callback(fsp->deferred_close, do_smb1_close,
5090 END_PROFILE(SMBclose);
5095 * close_file() returns the unix errno if an error was detected on
5096 * close - normally this is due to a disk full error. If not then it
5097 * was probably an I/O error.
5100 status = close_file(req, fsp, NORMAL_CLOSE);
5102 if (!NT_STATUS_IS_OK(status)) {
5103 reply_nterror(req, status);
5104 END_PROFILE(SMBclose);
5108 reply_outbuf(req, 0, 0);
5109 END_PROFILE(SMBclose);
5113 static void do_smb1_close(struct tevent_req *req)
5115 struct reply_close_state *state = tevent_req_callback_data(
5116 req, struct reply_close_state);
5117 struct smb_request *smbreq;
5121 ret = tevent_wait_recv(req);
5124 DEBUG(10, ("tevent_wait_recv returned %s\n",
5127 * Continue anyway, this should never happen
5132 * fsp->smb2_close_request right now is a talloc grandchild of
5133 * fsp. When we close_file(fsp), it would go with it. No chance to
5136 smbreq = talloc_move(talloc_tos(), &state->smbreq);
5138 status = close_file(smbreq, state->fsp, NORMAL_CLOSE);
5139 if (NT_STATUS_IS_OK(status)) {
5140 reply_outbuf(smbreq, 0, 0);
5142 reply_nterror(smbreq, status);
5144 if (!srv_send_smb(smbreq->sconn,
5145 (char *)smbreq->outbuf,
5148 IS_CONN_ENCRYPTED(smbreq->conn)||smbreq->encrypted,
5150 exit_server_cleanly("handle_aio_read_complete: srv_send_smb "
5153 TALLOC_FREE(smbreq);
5156 /****************************************************************************
5157 Reply to a writeclose (Core+ protocol).
5158 ****************************************************************************/
5160 void reply_writeclose(struct smb_request *req)
5162 connection_struct *conn = req->conn;
5164 ssize_t nwritten = -1;
5165 NTSTATUS close_status = NT_STATUS_OK;
5168 struct timespec mtime;
5170 struct lock_struct lock;
5172 START_PROFILE(SMBwriteclose);
5175 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5176 END_PROFILE(SMBwriteclose);
5180 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5182 if (!check_fsp(conn, req, fsp)) {
5183 END_PROFILE(SMBwriteclose);
5186 if (!CHECK_WRITE(fsp)) {
5187 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5188 END_PROFILE(SMBwriteclose);
5192 numtowrite = SVAL(req->vwv+1, 0);
5193 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
5194 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
5195 data = (const char *)req->buf + 1;
5197 if (!fsp->print_file) {
5198 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
5199 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
5202 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
5203 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
5204 END_PROFILE(SMBwriteclose);
5209 nwritten = write_file(req,fsp,data,startpos,numtowrite);
5211 set_close_write_time(fsp, mtime);
5214 * More insanity. W2K only closes the file if writelen > 0.
5219 DEBUG(3,("reply_writeclose: zero length write doesn't close "
5220 "file %s\n", fsp_str_dbg(fsp)));
5221 close_status = close_file(req, fsp, NORMAL_CLOSE);
5224 DEBUG(3,("writeclose %s num=%d wrote=%d (numopen=%d)\n",
5225 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten,
5226 conn->num_files_open));
5228 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
5229 reply_nterror(req, NT_STATUS_DISK_FULL);
5233 if(!NT_STATUS_IS_OK(close_status)) {
5234 reply_nterror(req, close_status);
5238 reply_outbuf(req, 1, 0);
5240 SSVAL(req->outbuf,smb_vwv0,nwritten);
5243 if (numtowrite && !fsp->print_file) {
5244 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
5247 END_PROFILE(SMBwriteclose);
5252 #define DBGC_CLASS DBGC_LOCKING
5254 /****************************************************************************
5256 ****************************************************************************/
5258 void reply_lock(struct smb_request *req)
5260 connection_struct *conn = req->conn;
5261 uint64_t count,offset;
5264 struct byte_range_lock *br_lck = NULL;
5266 START_PROFILE(SMBlock);
5269 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5270 END_PROFILE(SMBlock);
5274 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5276 if (!check_fsp(conn, req, fsp)) {
5277 END_PROFILE(SMBlock);
5281 count = (uint64_t)IVAL(req->vwv+1, 0);
5282 offset = (uint64_t)IVAL(req->vwv+3, 0);
5284 DEBUG(3,("lock fd=%d %s offset=%.0f count=%.0f\n",
5285 fsp->fh->fd, fsp_fnum_dbg(fsp), (double)offset, (double)count));
5287 br_lck = do_lock(req->sconn->msg_ctx,
5289 (uint64_t)req->smbpid,
5294 False, /* Non-blocking lock. */
5299 TALLOC_FREE(br_lck);
5301 if (NT_STATUS_V(status)) {
5302 reply_nterror(req, status);
5303 END_PROFILE(SMBlock);
5307 reply_outbuf(req, 0, 0);
5309 END_PROFILE(SMBlock);
5313 /****************************************************************************
5315 ****************************************************************************/
5317 void reply_unlock(struct smb_request *req)
5319 connection_struct *conn = req->conn;
5320 uint64_t count,offset;
5324 START_PROFILE(SMBunlock);
5327 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5328 END_PROFILE(SMBunlock);
5332 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5334 if (!check_fsp(conn, req, fsp)) {
5335 END_PROFILE(SMBunlock);
5339 count = (uint64_t)IVAL(req->vwv+1, 0);
5340 offset = (uint64_t)IVAL(req->vwv+3, 0);
5342 status = do_unlock(req->sconn->msg_ctx,
5344 (uint64_t)req->smbpid,
5349 if (NT_STATUS_V(status)) {
5350 reply_nterror(req, status);
5351 END_PROFILE(SMBunlock);
5355 DEBUG( 3, ( "unlock fd=%d %s offset=%.0f count=%.0f\n",
5356 fsp->fh->fd, fsp_fnum_dbg(fsp), (double)offset, (double)count ) );
5358 reply_outbuf(req, 0, 0);
5360 END_PROFILE(SMBunlock);
5365 #define DBGC_CLASS DBGC_ALL
5367 /****************************************************************************
5369 conn POINTER CAN BE NULL HERE !
5370 ****************************************************************************/
5372 void reply_tdis(struct smb_request *req)
5375 connection_struct *conn = req->conn;
5376 struct smbXsrv_tcon *tcon;
5378 START_PROFILE(SMBtdis);
5381 DEBUG(4,("Invalid connection in tdis\n"));
5382 reply_force_doserror(req, ERRSRV, ERRinvnid);
5383 END_PROFILE(SMBtdis);
5391 * TODO: cancel all outstanding requests on the tcon
5393 status = smbXsrv_tcon_disconnect(tcon, req->vuid);
5394 if (!NT_STATUS_IS_OK(status)) {
5395 DEBUG(0, ("reply_tdis: "
5396 "smbXsrv_tcon_disconnect() failed: %s\n",
5397 nt_errstr(status)));
5399 * If we hit this case, there is something completely
5400 * wrong, so we better disconnect the transport connection.
5402 END_PROFILE(SMBtdis);
5403 exit_server(__location__ ": smbXsrv_tcon_disconnect failed");
5409 reply_outbuf(req, 0, 0);
5410 END_PROFILE(SMBtdis);
5414 /****************************************************************************
5416 conn POINTER CAN BE NULL HERE !
5417 ****************************************************************************/
5419 void reply_echo(struct smb_request *req)
5421 connection_struct *conn = req->conn;
5422 struct smb_perfcount_data local_pcd;
5423 struct smb_perfcount_data *cur_pcd;
5427 START_PROFILE(SMBecho);
5429 smb_init_perfcount_data(&local_pcd);
5432 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5433 END_PROFILE(SMBecho);
5437 smb_reverb = SVAL(req->vwv+0, 0);
5439 reply_outbuf(req, 1, req->buflen);
5441 /* copy any incoming data back out */
5442 if (req->buflen > 0) {
5443 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5446 if (smb_reverb > 100) {
5447 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5451 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5453 /* this makes sure we catch the request pcd */
5454 if (seq_num == smb_reverb) {
5455 cur_pcd = &req->pcd;
5457 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5458 cur_pcd = &local_pcd;
5461 SSVAL(req->outbuf,smb_vwv0,seq_num);
5463 show_msg((char *)req->outbuf);
5464 if (!srv_send_smb(req->sconn,
5465 (char *)req->outbuf,
5466 true, req->seqnum+1,
5467 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5469 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5472 DEBUG(3,("echo %d times\n", smb_reverb));
5474 TALLOC_FREE(req->outbuf);
5476 END_PROFILE(SMBecho);
5480 /****************************************************************************
5481 Reply to a printopen.
5482 ****************************************************************************/
5484 void reply_printopen(struct smb_request *req)
5486 connection_struct *conn = req->conn;
5490 START_PROFILE(SMBsplopen);
5493 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5494 END_PROFILE(SMBsplopen);
5498 if (!CAN_PRINT(conn)) {
5499 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5500 END_PROFILE(SMBsplopen);
5504 status = file_new(req, conn, &fsp);
5505 if(!NT_STATUS_IS_OK(status)) {
5506 reply_nterror(req, status);
5507 END_PROFILE(SMBsplopen);
5511 /* Open for exclusive use, write only. */
5512 status = print_spool_open(fsp, NULL, req->vuid);
5514 if (!NT_STATUS_IS_OK(status)) {
5515 file_free(req, fsp);
5516 reply_nterror(req, status);
5517 END_PROFILE(SMBsplopen);
5521 reply_outbuf(req, 1, 0);
5522 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5524 DEBUG(3,("openprint fd=%d %s\n",
5525 fsp->fh->fd, fsp_fnum_dbg(fsp)));
5527 END_PROFILE(SMBsplopen);
5531 /****************************************************************************
5532 Reply to a printclose.
5533 ****************************************************************************/
5535 void reply_printclose(struct smb_request *req)
5537 connection_struct *conn = req->conn;
5541 START_PROFILE(SMBsplclose);
5544 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5545 END_PROFILE(SMBsplclose);
5549 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5551 if (!check_fsp(conn, req, fsp)) {
5552 END_PROFILE(SMBsplclose);
5556 if (!CAN_PRINT(conn)) {
5557 reply_force_doserror(req, ERRSRV, ERRerror);
5558 END_PROFILE(SMBsplclose);
5562 DEBUG(3,("printclose fd=%d %s\n",
5563 fsp->fh->fd, fsp_fnum_dbg(fsp)));
5565 status = close_file(req, fsp, NORMAL_CLOSE);
5567 if(!NT_STATUS_IS_OK(status)) {
5568 reply_nterror(req, status);
5569 END_PROFILE(SMBsplclose);
5573 reply_outbuf(req, 0, 0);
5575 END_PROFILE(SMBsplclose);
5579 /****************************************************************************
5580 Reply to a printqueue.
5581 ****************************************************************************/
5583 void reply_printqueue(struct smb_request *req)
5585 connection_struct *conn = req->conn;
5589 START_PROFILE(SMBsplretq);
5592 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5593 END_PROFILE(SMBsplretq);
5597 max_count = SVAL(req->vwv+0, 0);
5598 start_index = SVAL(req->vwv+1, 0);
5600 /* we used to allow the client to get the cnum wrong, but that
5601 is really quite gross and only worked when there was only
5602 one printer - I think we should now only accept it if they
5603 get it right (tridge) */
5604 if (!CAN_PRINT(conn)) {
5605 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5606 END_PROFILE(SMBsplretq);
5610 reply_outbuf(req, 2, 3);
5611 SSVAL(req->outbuf,smb_vwv0,0);
5612 SSVAL(req->outbuf,smb_vwv1,0);
5613 SCVAL(smb_buf(req->outbuf),0,1);
5614 SSVAL(smb_buf(req->outbuf),1,0);
5616 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5617 start_index, max_count));
5620 TALLOC_CTX *mem_ctx = talloc_tos();
5623 const char *sharename = lp_servicename(mem_ctx, SNUM(conn));
5624 struct rpc_pipe_client *cli = NULL;
5625 struct dcerpc_binding_handle *b = NULL;
5626 struct policy_handle handle;
5627 struct spoolss_DevmodeContainer devmode_ctr;
5628 union spoolss_JobInfo *info;
5630 uint32_t num_to_get;
5634 ZERO_STRUCT(handle);
5636 status = rpc_pipe_open_interface(conn,
5637 &ndr_table_spoolss.syntax_id,
5639 conn->sconn->remote_address,
5640 conn->sconn->msg_ctx,
5642 if (!NT_STATUS_IS_OK(status)) {
5643 DEBUG(0, ("reply_printqueue: "
5644 "could not connect to spoolss: %s\n",
5645 nt_errstr(status)));
5646 reply_nterror(req, status);
5649 b = cli->binding_handle;
5651 ZERO_STRUCT(devmode_ctr);
5653 status = dcerpc_spoolss_OpenPrinter(b, mem_ctx,
5656 SEC_FLAG_MAXIMUM_ALLOWED,
5659 if (!NT_STATUS_IS_OK(status)) {
5660 reply_nterror(req, status);
5663 if (!W_ERROR_IS_OK(werr)) {
5664 reply_nterror(req, werror_to_ntstatus(werr));
5668 werr = rpccli_spoolss_enumjobs(cli, mem_ctx,
5676 if (!W_ERROR_IS_OK(werr)) {
5677 reply_nterror(req, werror_to_ntstatus(werr));
5681 if (max_count > 0) {
5682 first = start_index;
5684 first = start_index + max_count + 1;
5687 if (first >= count) {
5690 num_to_get = first + MIN(ABS(max_count), count - first);
5693 for (i = first; i < num_to_get; i++) {
5696 time_t qtime = spoolss_Time_to_time_t(&info[i].info2.submitted);
5698 uint16_t qrapjobid = pjobid_to_rap(sharename,
5699 info[i].info2.job_id);
5701 if (info[i].info2.status == JOB_STATUS_PRINTING) {
5707 srv_put_dos_date2(p, 0, qtime);
5708 SCVAL(p, 4, qstatus);
5709 SSVAL(p, 5, qrapjobid);
5710 SIVAL(p, 7, info[i].info2.size);
5712 srvstr_push(blob, req->flags2, p+12,
5713 info[i].info2.notify_name, 16, STR_ASCII);
5715 if (message_push_blob(
5718 blob, sizeof(blob))) == -1) {
5719 reply_nterror(req, NT_STATUS_NO_MEMORY);
5725 SSVAL(req->outbuf,smb_vwv0,count);
5726 SSVAL(req->outbuf,smb_vwv1,
5727 (max_count>0?first+count:first-1));
5728 SCVAL(smb_buf(req->outbuf),0,1);
5729 SSVAL(smb_buf(req->outbuf),1,28*count);
5733 DEBUG(3, ("%u entries returned in queue\n",
5737 if (b && is_valid_policy_hnd(&handle)) {
5738 dcerpc_spoolss_ClosePrinter(b, mem_ctx, &handle, &werr);
5743 END_PROFILE(SMBsplretq);
5747 /****************************************************************************
5748 Reply to a printwrite.
5749 ****************************************************************************/
5751 void reply_printwrite(struct smb_request *req)
5753 connection_struct *conn = req->conn;
5758 START_PROFILE(SMBsplwr);
5761 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5762 END_PROFILE(SMBsplwr);
5766 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5768 if (!check_fsp(conn, req, fsp)) {
5769 END_PROFILE(SMBsplwr);
5773 if (!fsp->print_file) {
5774 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5775 END_PROFILE(SMBsplwr);
5779 if (!CHECK_WRITE(fsp)) {
5780 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5781 END_PROFILE(SMBsplwr);
5785 numtowrite = SVAL(req->buf, 1);
5787 if (req->buflen < numtowrite + 3) {
5788 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5789 END_PROFILE(SMBsplwr);
5793 data = (const char *)req->buf + 3;
5795 if (write_file(req,fsp,data,(off_t)-1,numtowrite) != numtowrite) {
5796 reply_nterror(req, map_nt_error_from_unix(errno));
5797 END_PROFILE(SMBsplwr);
5801 DEBUG(3, ("printwrite %s num=%d\n", fsp_fnum_dbg(fsp), numtowrite));
5803 END_PROFILE(SMBsplwr);
5807 /****************************************************************************
5809 ****************************************************************************/
5811 void reply_mkdir(struct smb_request *req)
5813 connection_struct *conn = req->conn;
5814 struct smb_filename *smb_dname = NULL;
5815 char *directory = NULL;
5817 TALLOC_CTX *ctx = talloc_tos();
5819 START_PROFILE(SMBmkdir);
5821 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5822 STR_TERMINATE, &status);
5823 if (!NT_STATUS_IS_OK(status)) {
5824 reply_nterror(req, status);
5828 status = filename_convert(ctx, conn,
5829 req->flags2 & FLAGS2_DFS_PATHNAMES,
5834 if (!NT_STATUS_IS_OK(status)) {
5835 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5836 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5837 ERRSRV, ERRbadpath);
5840 reply_nterror(req, status);
5844 status = create_directory(conn, req, smb_dname);
5846 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5848 if (!NT_STATUS_IS_OK(status)) {
5850 if (!use_nt_status()
5851 && NT_STATUS_EQUAL(status,
5852 NT_STATUS_OBJECT_NAME_COLLISION)) {
5854 * Yes, in the DOS error code case we get a
5855 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5856 * samba4 torture test.
5858 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5861 reply_nterror(req, status);
5865 reply_outbuf(req, 0, 0);
5867 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5869 TALLOC_FREE(smb_dname);
5870 END_PROFILE(SMBmkdir);
5874 /****************************************************************************
5876 ****************************************************************************/
5878 void reply_rmdir(struct smb_request *req)
5880 connection_struct *conn = req->conn;
5881 struct smb_filename *smb_dname = NULL;
5882 char *directory = NULL;
5884 TALLOC_CTX *ctx = talloc_tos();
5885 files_struct *fsp = NULL;
5887 struct smbd_server_connection *sconn = req->sconn;
5889 START_PROFILE(SMBrmdir);
5891 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5892 STR_TERMINATE, &status);
5893 if (!NT_STATUS_IS_OK(status)) {
5894 reply_nterror(req, status);
5898 status = filename_convert(ctx, conn,
5899 req->flags2 & FLAGS2_DFS_PATHNAMES,
5904 if (!NT_STATUS_IS_OK(status)) {
5905 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5906 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5907 ERRSRV, ERRbadpath);
5910 reply_nterror(req, status);
5914 if (is_ntfs_stream_smb_fname(smb_dname)) {
5915 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5919 status = SMB_VFS_CREATE_FILE(
5922 0, /* root_dir_fid */
5923 smb_dname, /* fname */
5924 DELETE_ACCESS, /* access_mask */
5925 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5927 FILE_OPEN, /* create_disposition*/
5928 FILE_DIRECTORY_FILE, /* create_options */
5929 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5930 0, /* oplock_request */
5931 0, /* allocation_size */
5932 0, /* private_flags */
5938 if (!NT_STATUS_IS_OK(status)) {
5939 if (open_was_deferred(req->sconn, req->mid)) {
5940 /* We have re-scheduled this call. */
5943 reply_nterror(req, status);
5947 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5948 if (!NT_STATUS_IS_OK(status)) {
5949 close_file(req, fsp, ERROR_CLOSE);
5950 reply_nterror(req, status);
5954 if (!set_delete_on_close(fsp, true,
5955 conn->session_info->security_token,
5956 conn->session_info->unix_token)) {
5957 close_file(req, fsp, ERROR_CLOSE);
5958 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5962 status = close_file(req, fsp, NORMAL_CLOSE);
5963 if (!NT_STATUS_IS_OK(status)) {
5964 reply_nterror(req, status);
5966 reply_outbuf(req, 0, 0);
5969 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5971 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5973 TALLOC_FREE(smb_dname);
5974 END_PROFILE(SMBrmdir);
5978 /*******************************************************************
5979 Resolve wildcards in a filename rename.
5980 ********************************************************************/
5982 static bool resolve_wildcards(TALLOC_CTX *ctx,
5987 char *name2_copy = NULL;
5992 char *p,*p2, *pname1, *pname2;
5994 name2_copy = talloc_strdup(ctx, name2);
5999 pname1 = strrchr_m(name1,'/');
6000 pname2 = strrchr_m(name2_copy,'/');
6002 if (!pname1 || !pname2) {
6006 /* Truncate the copy of name2 at the last '/' */
6009 /* Now go past the '/' */
6013 root1 = talloc_strdup(ctx, pname1);
6014 root2 = talloc_strdup(ctx, pname2);
6016 if (!root1 || !root2) {
6020 p = strrchr_m(root1,'.');
6023 ext1 = talloc_strdup(ctx, p+1);
6025 ext1 = talloc_strdup(ctx, "");
6027 p = strrchr_m(root2,'.');
6030 ext2 = talloc_strdup(ctx, p+1);
6032 ext2 = talloc_strdup(ctx, "");
6035 if (!ext1 || !ext2) {
6043 /* Hmmm. Should this be mb-aware ? */
6046 } else if (*p2 == '*') {
6048 root2 = talloc_asprintf(ctx, "%s%s",
6067 /* Hmmm. Should this be mb-aware ? */
6070 } else if (*p2 == '*') {
6072 ext2 = talloc_asprintf(ctx, "%s%s",
6088 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
6093 *pp_newname = talloc_asprintf(ctx, "%s/%s",
6105 /****************************************************************************
6106 Ensure open files have their names updated. Updated to notify other smbd's
6108 ****************************************************************************/
6110 static void rename_open_files(connection_struct *conn,
6111 struct share_mode_lock *lck,
6112 uint32_t orig_name_hash,
6113 const struct smb_filename *smb_fname_dst)
6116 bool did_rename = False;
6118 uint32_t new_name_hash = 0;
6120 for(fsp = file_find_di_first(conn->sconn, lck->data->id); fsp;
6121 fsp = file_find_di_next(fsp)) {
6122 /* fsp_name is a relative path under the fsp. To change this for other
6123 sharepaths we need to manipulate relative paths. */
6124 /* TODO - create the absolute path and manipulate the newname
6125 relative to the sharepath. */
6126 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
6129 if (fsp->name_hash != orig_name_hash) {
6132 DEBUG(10, ("rename_open_files: renaming file %s "
6133 "(file_id %s) from %s -> %s\n", fsp_fnum_dbg(fsp),
6134 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
6135 smb_fname_str_dbg(smb_fname_dst)));
6137 status = fsp_set_smb_fname(fsp, smb_fname_dst);
6138 if (NT_STATUS_IS_OK(status)) {
6140 new_name_hash = fsp->name_hash;
6145 DEBUG(10, ("rename_open_files: no open files on file_id %s "
6146 "for %s\n", file_id_string_tos(&lck->data->id),
6147 smb_fname_str_dbg(smb_fname_dst)));
6150 /* Send messages to all smbd's (not ourself) that the name has changed. */
6151 rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
6152 orig_name_hash, new_name_hash,
6157 /****************************************************************************
6158 We need to check if the source path is a parent directory of the destination
6159 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
6160 refuse the rename with a sharing violation. Under UNIX the above call can
6161 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
6162 probably need to check that the client is a Windows one before disallowing
6163 this as a UNIX client (one with UNIX extensions) can know the source is a
6164 symlink and make this decision intelligently. Found by an excellent bug
6165 report from <AndyLiebman@aol.com>.
6166 ****************************************************************************/
6168 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
6169 const struct smb_filename *smb_fname_dst)
6171 const char *psrc = smb_fname_src->base_name;
6172 const char *pdst = smb_fname_dst->base_name;
6175 if (psrc[0] == '.' && psrc[1] == '/') {
6178 if (pdst[0] == '.' && pdst[1] == '/') {
6181 if ((slen = strlen(psrc)) > strlen(pdst)) {
6184 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
6188 * Do the notify calls from a rename
6191 static void notify_rename(connection_struct *conn, bool is_dir,
6192 const struct smb_filename *smb_fname_src,
6193 const struct smb_filename *smb_fname_dst)
6195 char *parent_dir_src = NULL;
6196 char *parent_dir_dst = NULL;
6199 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
6200 : FILE_NOTIFY_CHANGE_FILE_NAME;
6202 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
6203 &parent_dir_src, NULL) ||
6204 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
6205 &parent_dir_dst, NULL)) {
6209 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
6210 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
6211 smb_fname_src->base_name);
6212 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
6213 smb_fname_dst->base_name);
6216 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
6217 smb_fname_src->base_name);
6218 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
6219 smb_fname_dst->base_name);
6222 /* this is a strange one. w2k3 gives an additional event for
6223 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
6224 files, but not directories */
6226 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
6227 FILE_NOTIFY_CHANGE_ATTRIBUTES
6228 |FILE_NOTIFY_CHANGE_CREATION,
6229 smb_fname_dst->base_name);
6232 TALLOC_FREE(parent_dir_src);
6233 TALLOC_FREE(parent_dir_dst);
6236 /****************************************************************************
6237 Returns an error if the parent directory for a filename is open in an
6239 ****************************************************************************/
6241 static NTSTATUS parent_dirname_compatible_open(connection_struct *conn,
6242 const struct smb_filename *smb_fname_dst_in)
6244 char *parent_dir = NULL;
6245 struct smb_filename smb_fname_parent;
6247 files_struct *fsp = NULL;
6250 if (!parent_dirname(talloc_tos(), smb_fname_dst_in->base_name,
6251 &parent_dir, NULL)) {
6252 return NT_STATUS_NO_MEMORY;
6254 ZERO_STRUCT(smb_fname_parent);
6255 smb_fname_parent.base_name = parent_dir;
6257 ret = SMB_VFS_LSTAT(conn, &smb_fname_parent);
6259 return map_nt_error_from_unix(errno);
6263 * We're only checking on this smbd here, mostly good
6264 * enough.. and will pass tests.
6267 id = vfs_file_id_from_sbuf(conn, &smb_fname_parent.st);
6268 for (fsp = file_find_di_first(conn->sconn, id); fsp;
6269 fsp = file_find_di_next(fsp)) {
6270 if (fsp->access_mask & DELETE_ACCESS) {
6271 return NT_STATUS_SHARING_VIOLATION;
6274 return NT_STATUS_OK;
6277 /****************************************************************************
6278 Rename an open file - given an fsp.
6279 ****************************************************************************/
6281 NTSTATUS rename_internals_fsp(connection_struct *conn,
6283 const struct smb_filename *smb_fname_dst_in,
6285 bool replace_if_exists)
6287 TALLOC_CTX *ctx = talloc_tos();
6288 struct smb_filename *smb_fname_dst = NULL;
6289 NTSTATUS status = NT_STATUS_OK;
6290 struct share_mode_lock *lck = NULL;
6291 bool dst_exists, old_is_stream, new_is_stream;
6293 status = check_name(conn, smb_fname_dst_in->base_name);
6294 if (!NT_STATUS_IS_OK(status)) {
6298 status = parent_dirname_compatible_open(conn, smb_fname_dst_in);
6299 if (!NT_STATUS_IS_OK(status)) {
6303 /* Make a copy of the dst smb_fname structs */
6305 smb_fname_dst = cp_smb_filename(ctx, smb_fname_dst_in);
6306 if (smb_fname_dst == NULL) {
6307 status = NT_STATUS_NO_MEMORY;
6312 * Check for special case with case preserving and not
6313 * case sensitive. If the old last component differs from the original
6314 * last component only by case, then we should allow
6315 * the rename (user is trying to change the case of the
6318 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
6319 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6320 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
6322 char *fname_dst_lcomp_base_mod = NULL;
6323 struct smb_filename *smb_fname_orig_lcomp = NULL;
6326 * Get the last component of the destination name.
6328 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
6330 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
6332 fname_dst_lcomp_base_mod = talloc_strdup(ctx, smb_fname_dst->base_name);
6334 if (!fname_dst_lcomp_base_mod) {
6335 status = NT_STATUS_NO_MEMORY;
6340 * Create an smb_filename struct using the original last
6341 * component of the destination.
6343 smb_fname_orig_lcomp = synthetic_smb_fname_split(
6344 ctx, smb_fname_dst->original_lcomp, NULL);
6345 if (smb_fname_orig_lcomp == NULL) {
6346 status = NT_STATUS_NO_MEMORY;
6347 TALLOC_FREE(fname_dst_lcomp_base_mod);
6351 /* If the base names only differ by case, use original. */
6352 if(!strcsequal(fname_dst_lcomp_base_mod,
6353 smb_fname_orig_lcomp->base_name)) {
6356 * Replace the modified last component with the
6360 *last_slash = '\0'; /* Truncate at the '/' */
6361 tmp = talloc_asprintf(smb_fname_dst,
6363 smb_fname_dst->base_name,
6364 smb_fname_orig_lcomp->base_name);
6366 tmp = talloc_asprintf(smb_fname_dst,
6368 smb_fname_orig_lcomp->base_name);
6371 status = NT_STATUS_NO_MEMORY;
6372 TALLOC_FREE(fname_dst_lcomp_base_mod);
6373 TALLOC_FREE(smb_fname_orig_lcomp);
6376 TALLOC_FREE(smb_fname_dst->base_name);
6377 smb_fname_dst->base_name = tmp;
6380 /* If the stream_names only differ by case, use original. */
6381 if(!strcsequal(smb_fname_dst->stream_name,
6382 smb_fname_orig_lcomp->stream_name)) {
6384 /* Use the original stream. */
6385 tmp = talloc_strdup(smb_fname_dst,
6386 smb_fname_orig_lcomp->stream_name);
6388 status = NT_STATUS_NO_MEMORY;
6389 TALLOC_FREE(fname_dst_lcomp_base_mod);
6390 TALLOC_FREE(smb_fname_orig_lcomp);
6393 TALLOC_FREE(smb_fname_dst->stream_name);
6394 smb_fname_dst->stream_name = tmp;
6396 TALLOC_FREE(fname_dst_lcomp_base_mod);
6397 TALLOC_FREE(smb_fname_orig_lcomp);
6401 * If the src and dest names are identical - including case,
6402 * don't do the rename, just return success.
6405 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6406 strcsequal(fsp->fsp_name->stream_name,
6407 smb_fname_dst->stream_name)) {
6408 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
6409 "- returning success\n",
6410 smb_fname_str_dbg(smb_fname_dst)));
6411 status = NT_STATUS_OK;
6415 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
6416 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
6418 /* Return the correct error code if both names aren't streams. */
6419 if (!old_is_stream && new_is_stream) {
6420 status = NT_STATUS_OBJECT_NAME_INVALID;
6424 if (old_is_stream && !new_is_stream) {
6425 status = NT_STATUS_INVALID_PARAMETER;
6429 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6431 if(!replace_if_exists && dst_exists) {
6432 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6433 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6434 smb_fname_str_dbg(smb_fname_dst)));
6435 status = NT_STATUS_OBJECT_NAME_COLLISION;
6440 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6441 &smb_fname_dst->st);
6442 files_struct *dst_fsp = file_find_di_first(conn->sconn,
6444 /* The file can be open when renaming a stream */
6445 if (dst_fsp && !new_is_stream) {
6446 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6447 status = NT_STATUS_ACCESS_DENIED;
6452 /* Ensure we have a valid stat struct for the source. */
6453 status = vfs_stat_fsp(fsp);
6454 if (!NT_STATUS_IS_OK(status)) {
6458 status = can_rename(conn, fsp, attrs);
6460 if (!NT_STATUS_IS_OK(status)) {
6461 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6462 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6463 smb_fname_str_dbg(smb_fname_dst)));
6464 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6465 status = NT_STATUS_ACCESS_DENIED;
6469 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6470 status = NT_STATUS_ACCESS_DENIED;
6473 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
6476 * We have the file open ourselves, so not being able to get the
6477 * corresponding share mode lock is a fatal error.
6480 SMB_ASSERT(lck != NULL);
6482 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6483 uint32 create_options = fsp->fh->private_options;
6485 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6486 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6487 smb_fname_str_dbg(smb_fname_dst)));
6489 if (!fsp->is_directory &&
6490 !lp_posix_pathnames() &&
6491 (lp_map_archive(SNUM(conn)) ||
6492 lp_store_dos_attributes(SNUM(conn)))) {
6493 /* We must set the archive bit on the newly
6495 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
6496 uint32_t old_dosmode = dos_mode(conn,
6498 file_set_dosmode(conn,
6500 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
6506 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6509 rename_open_files(conn, lck, fsp->name_hash, smb_fname_dst);
6512 * A rename acts as a new file create w.r.t. allowing an initial delete
6513 * on close, probably because in Windows there is a new handle to the
6514 * new file. If initial delete on close was requested but not
6515 * originally set, we need to set it here. This is probably not 100% correct,
6516 * but will work for the CIFSFS client which in non-posix mode
6517 * depends on these semantics. JRA.
6520 if (create_options & FILE_DELETE_ON_CLOSE) {
6521 status = can_set_delete_on_close(fsp, 0);
6523 if (NT_STATUS_IS_OK(status)) {
6524 /* Note that here we set the *inital* delete on close flag,
6525 * not the regular one. The magic gets handled in close. */
6526 fsp->initial_delete_on_close = True;
6530 status = NT_STATUS_OK;
6536 if (errno == ENOTDIR || errno == EISDIR) {
6537 status = NT_STATUS_OBJECT_NAME_COLLISION;
6539 status = map_nt_error_from_unix(errno);
6542 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6543 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6544 smb_fname_str_dbg(smb_fname_dst)));
6547 TALLOC_FREE(smb_fname_dst);
6552 /****************************************************************************
6553 The guts of the rename command, split out so it may be called by the NT SMB
6555 ****************************************************************************/
6557 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6558 connection_struct *conn,
6559 struct smb_request *req,
6560 struct smb_filename *smb_fname_src,
6561 struct smb_filename *smb_fname_dst,
6563 bool replace_if_exists,
6566 uint32_t access_mask)
6568 char *fname_src_dir = NULL;
6569 char *fname_src_mask = NULL;
6571 NTSTATUS status = NT_STATUS_OK;
6572 struct smb_Dir *dir_hnd = NULL;
6573 const char *dname = NULL;
6574 char *talloced = NULL;
6576 int create_options = 0;
6577 bool posix_pathnames = lp_posix_pathnames();
6581 * Split the old name into directory and last component
6582 * strings. Note that unix_convert may have stripped off a
6583 * leading ./ from both name and newname if the rename is
6584 * at the root of the share. We need to make sure either both
6585 * name and newname contain a / character or neither of them do
6586 * as this is checked in resolve_wildcards().
6589 /* Split up the directory from the filename/mask. */
6590 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6591 &fname_src_dir, &fname_src_mask);
6592 if (!NT_STATUS_IS_OK(status)) {
6593 status = NT_STATUS_NO_MEMORY;
6598 * We should only check the mangled cache
6599 * here if unix_convert failed. This means
6600 * that the path in 'mask' doesn't exist
6601 * on the file system and so we need to look
6602 * for a possible mangle. This patch from
6603 * Tine Smukavec <valentin.smukavec@hermes.si>.
6606 if (!VALID_STAT(smb_fname_src->st) &&
6607 mangle_is_mangled(fname_src_mask, conn->params)) {
6608 char *new_mask = NULL;
6609 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6612 TALLOC_FREE(fname_src_mask);
6613 fname_src_mask = new_mask;
6617 if (!src_has_wild) {
6621 * Only one file needs to be renamed. Append the mask back
6622 * onto the directory.
6624 TALLOC_FREE(smb_fname_src->base_name);
6625 if (ISDOT(fname_src_dir)) {
6626 /* Ensure we use canonical names on open. */
6627 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6631 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6636 if (!smb_fname_src->base_name) {
6637 status = NT_STATUS_NO_MEMORY;
6641 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6642 "case_preserve = %d, short case preserve = %d, "
6643 "directory = %s, newname = %s, "
6644 "last_component_dest = %s\n",
6645 conn->case_sensitive, conn->case_preserve,
6646 conn->short_case_preserve,
6647 smb_fname_str_dbg(smb_fname_src),
6648 smb_fname_str_dbg(smb_fname_dst),
6649 smb_fname_dst->original_lcomp));
6651 /* The dest name still may have wildcards. */
6652 if (dest_has_wild) {
6653 char *fname_dst_mod = NULL;
6654 if (!resolve_wildcards(smb_fname_dst,
6655 smb_fname_src->base_name,
6656 smb_fname_dst->base_name,
6658 DEBUG(6, ("rename_internals: resolve_wildcards "
6660 smb_fname_src->base_name,
6661 smb_fname_dst->base_name));
6662 status = NT_STATUS_NO_MEMORY;
6665 TALLOC_FREE(smb_fname_dst->base_name);
6666 smb_fname_dst->base_name = fname_dst_mod;
6669 ZERO_STRUCT(smb_fname_src->st);
6670 if (posix_pathnames) {
6671 rc = SMB_VFS_LSTAT(conn, smb_fname_src);
6673 rc = SMB_VFS_STAT(conn, smb_fname_src);
6676 status = map_nt_error_from_unix_common(errno);
6680 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6681 create_options |= FILE_DIRECTORY_FILE;
6684 status = SMB_VFS_CREATE_FILE(
6687 0, /* root_dir_fid */
6688 smb_fname_src, /* fname */
6689 access_mask, /* access_mask */
6690 (FILE_SHARE_READ | /* share_access */
6692 FILE_OPEN, /* create_disposition*/
6693 create_options, /* create_options */
6694 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6695 0, /* oplock_request */
6696 0, /* allocation_size */
6697 0, /* private_flags */
6703 if (!NT_STATUS_IS_OK(status)) {
6704 DEBUG(3, ("Could not open rename source %s: %s\n",
6705 smb_fname_str_dbg(smb_fname_src),
6706 nt_errstr(status)));
6710 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6711 attrs, replace_if_exists);
6713 close_file(req, fsp, NORMAL_CLOSE);
6715 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6716 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6717 smb_fname_str_dbg(smb_fname_dst)));
6723 * Wildcards - process each file that matches.
6725 if (strequal(fname_src_mask, "????????.???")) {
6726 TALLOC_FREE(fname_src_mask);
6727 fname_src_mask = talloc_strdup(ctx, "*");
6728 if (!fname_src_mask) {
6729 status = NT_STATUS_NO_MEMORY;
6734 status = check_name(conn, fname_src_dir);
6735 if (!NT_STATUS_IS_OK(status)) {
6739 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6741 if (dir_hnd == NULL) {
6742 status = map_nt_error_from_unix(errno);
6746 status = NT_STATUS_NO_SUCH_FILE;
6748 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6749 * - gentest fix. JRA
6752 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6754 files_struct *fsp = NULL;
6755 char *destname = NULL;
6756 bool sysdir_entry = False;
6758 /* Quick check for "." and ".." */
6759 if (ISDOT(dname) || ISDOTDOT(dname)) {
6760 if (attrs & FILE_ATTRIBUTE_DIRECTORY) {
6761 sysdir_entry = True;
6763 TALLOC_FREE(talloced);
6768 if (!is_visible_file(conn, fname_src_dir, dname,
6769 &smb_fname_src->st, false)) {
6770 TALLOC_FREE(talloced);
6774 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6775 TALLOC_FREE(talloced);
6780 status = NT_STATUS_OBJECT_NAME_INVALID;
6784 TALLOC_FREE(smb_fname_src->base_name);
6785 if (ISDOT(fname_src_dir)) {
6786 /* Ensure we use canonical names on open. */
6787 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6791 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6796 if (!smb_fname_src->base_name) {
6797 status = NT_STATUS_NO_MEMORY;
6801 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6802 smb_fname_dst->base_name,
6804 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6805 smb_fname_src->base_name, destname));
6806 TALLOC_FREE(talloced);
6810 status = NT_STATUS_NO_MEMORY;
6814 TALLOC_FREE(smb_fname_dst->base_name);
6815 smb_fname_dst->base_name = destname;
6817 ZERO_STRUCT(smb_fname_src->st);
6818 if (posix_pathnames) {
6819 SMB_VFS_LSTAT(conn, smb_fname_src);
6821 SMB_VFS_STAT(conn, smb_fname_src);
6826 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6827 create_options |= FILE_DIRECTORY_FILE;
6830 status = SMB_VFS_CREATE_FILE(
6833 0, /* root_dir_fid */
6834 smb_fname_src, /* fname */
6835 access_mask, /* access_mask */
6836 (FILE_SHARE_READ | /* share_access */
6838 FILE_OPEN, /* create_disposition*/
6839 create_options, /* create_options */
6840 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6841 0, /* oplock_request */
6842 0, /* allocation_size */
6843 0, /* private_flags */
6849 if (!NT_STATUS_IS_OK(status)) {
6850 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6851 "returned %s rename %s -> %s\n",
6853 smb_fname_str_dbg(smb_fname_src),
6854 smb_fname_str_dbg(smb_fname_dst)));
6858 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6860 if (!smb_fname_dst->original_lcomp) {
6861 status = NT_STATUS_NO_MEMORY;
6865 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6866 attrs, replace_if_exists);
6868 close_file(req, fsp, NORMAL_CLOSE);
6870 if (!NT_STATUS_IS_OK(status)) {
6871 DEBUG(3, ("rename_internals_fsp returned %s for "
6872 "rename %s -> %s\n", nt_errstr(status),
6873 smb_fname_str_dbg(smb_fname_src),
6874 smb_fname_str_dbg(smb_fname_dst)));
6880 DEBUG(3,("rename_internals: doing rename on %s -> "
6881 "%s\n", smb_fname_str_dbg(smb_fname_src),
6882 smb_fname_str_dbg(smb_fname_src)));
6883 TALLOC_FREE(talloced);
6885 TALLOC_FREE(dir_hnd);
6887 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6888 status = map_nt_error_from_unix(errno);
6892 TALLOC_FREE(talloced);
6893 TALLOC_FREE(fname_src_dir);
6894 TALLOC_FREE(fname_src_mask);
6898 /****************************************************************************
6900 ****************************************************************************/
6902 void reply_mv(struct smb_request *req)
6904 connection_struct *conn = req->conn;
6906 char *newname = NULL;
6910 bool src_has_wcard = False;
6911 bool dest_has_wcard = False;
6912 TALLOC_CTX *ctx = talloc_tos();
6913 struct smb_filename *smb_fname_src = NULL;
6914 struct smb_filename *smb_fname_dst = NULL;
6915 uint32_t src_ucf_flags = lp_posix_pathnames() ? UCF_UNIX_NAME_LOOKUP : UCF_COND_ALLOW_WCARD_LCOMP;
6916 uint32_t dst_ucf_flags = UCF_SAVE_LCOMP | (lp_posix_pathnames() ? 0 : UCF_COND_ALLOW_WCARD_LCOMP);
6917 bool stream_rename = false;
6919 START_PROFILE(SMBmv);
6922 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6926 attrs = SVAL(req->vwv+0, 0);
6928 p = (const char *)req->buf + 1;
6929 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6930 &status, &src_has_wcard);
6931 if (!NT_STATUS_IS_OK(status)) {
6932 reply_nterror(req, status);
6936 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6937 &status, &dest_has_wcard);
6938 if (!NT_STATUS_IS_OK(status)) {
6939 reply_nterror(req, status);
6943 if (!lp_posix_pathnames()) {
6944 /* The newname must begin with a ':' if the
6945 name contains a ':'. */
6946 if (strchr_m(name, ':')) {
6947 if (newname[0] != ':') {
6948 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6951 stream_rename = true;
6955 status = filename_convert(ctx,
6957 req->flags2 & FLAGS2_DFS_PATHNAMES,
6963 if (!NT_STATUS_IS_OK(status)) {
6964 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6965 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6966 ERRSRV, ERRbadpath);
6969 reply_nterror(req, status);
6973 status = filename_convert(ctx,
6975 req->flags2 & FLAGS2_DFS_PATHNAMES,
6981 if (!NT_STATUS_IS_OK(status)) {
6982 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6983 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6984 ERRSRV, ERRbadpath);
6987 reply_nterror(req, status);
6991 if (stream_rename) {
6992 /* smb_fname_dst->base_name must be the same as
6993 smb_fname_src->base_name. */
6994 TALLOC_FREE(smb_fname_dst->base_name);
6995 smb_fname_dst->base_name = talloc_strdup(smb_fname_dst,
6996 smb_fname_src->base_name);
6997 if (!smb_fname_dst->base_name) {
6998 reply_nterror(req, NT_STATUS_NO_MEMORY);
7003 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
7004 smb_fname_str_dbg(smb_fname_dst)));
7006 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
7007 attrs, False, src_has_wcard, dest_has_wcard,
7009 if (!NT_STATUS_IS_OK(status)) {
7010 if (open_was_deferred(req->sconn, req->mid)) {
7011 /* We have re-scheduled this call. */
7014 reply_nterror(req, status);
7018 reply_outbuf(req, 0, 0);
7020 TALLOC_FREE(smb_fname_src);
7021 TALLOC_FREE(smb_fname_dst);
7026 /*******************************************************************
7027 Copy a file as part of a reply_copy.
7028 ******************************************************************/
7031 * TODO: check error codes on all callers
7034 NTSTATUS copy_file(TALLOC_CTX *ctx,
7035 connection_struct *conn,
7036 struct smb_filename *smb_fname_src,
7037 struct smb_filename *smb_fname_dst,
7040 bool target_is_directory)
7042 struct smb_filename *smb_fname_dst_tmp = NULL;
7044 files_struct *fsp1,*fsp2;
7046 uint32 new_create_disposition;
7050 smb_fname_dst_tmp = cp_smb_filename(ctx, smb_fname_dst);
7051 if (smb_fname_dst_tmp == NULL) {
7052 return NT_STATUS_NO_MEMORY;
7056 * If the target is a directory, extract the last component from the
7057 * src filename and append it to the dst filename
7059 if (target_is_directory) {
7062 /* dest/target can't be a stream if it's a directory. */
7063 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
7065 p = strrchr_m(smb_fname_src->base_name,'/');
7069 p = smb_fname_src->base_name;
7071 smb_fname_dst_tmp->base_name =
7072 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
7074 if (!smb_fname_dst_tmp->base_name) {
7075 status = NT_STATUS_NO_MEMORY;
7080 status = vfs_file_exist(conn, smb_fname_src);
7081 if (!NT_STATUS_IS_OK(status)) {
7085 if (!target_is_directory && count) {
7086 new_create_disposition = FILE_OPEN;
7088 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp->base_name,
7091 &new_create_disposition,
7094 status = NT_STATUS_INVALID_PARAMETER;
7099 /* Open the src file for reading. */
7100 status = SMB_VFS_CREATE_FILE(
7103 0, /* root_dir_fid */
7104 smb_fname_src, /* fname */
7105 FILE_GENERIC_READ, /* access_mask */
7106 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
7107 FILE_OPEN, /* create_disposition*/
7108 0, /* create_options */
7109 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
7110 INTERNAL_OPEN_ONLY, /* oplock_request */
7111 0, /* allocation_size */
7112 0, /* private_flags */
7118 if (!NT_STATUS_IS_OK(status)) {
7122 dosattrs = dos_mode(conn, smb_fname_src);
7124 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
7125 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
7128 /* Open the dst file for writing. */
7129 status = SMB_VFS_CREATE_FILE(
7132 0, /* root_dir_fid */
7133 smb_fname_dst, /* fname */
7134 FILE_GENERIC_WRITE, /* access_mask */
7135 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
7136 new_create_disposition, /* create_disposition*/
7137 0, /* create_options */
7138 dosattrs, /* file_attributes */
7139 INTERNAL_OPEN_ONLY, /* oplock_request */
7140 0, /* allocation_size */
7141 0, /* private_flags */
7147 if (!NT_STATUS_IS_OK(status)) {
7148 close_file(NULL, fsp1, ERROR_CLOSE);
7152 if (ofun & OPENX_FILE_EXISTS_OPEN) {
7153 ret = SMB_VFS_LSEEK(fsp2, 0, SEEK_END);
7155 DEBUG(0, ("error - vfs lseek returned error %s\n",
7157 status = map_nt_error_from_unix(errno);
7158 close_file(NULL, fsp1, ERROR_CLOSE);
7159 close_file(NULL, fsp2, ERROR_CLOSE);
7164 /* Do the actual copy. */
7165 if (smb_fname_src->st.st_ex_size) {
7166 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
7171 close_file(NULL, fsp1, NORMAL_CLOSE);
7173 /* Ensure the modtime is set correctly on the destination file. */
7174 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
7177 * As we are opening fsp1 read-only we only expect
7178 * an error on close on fsp2 if we are out of space.
7179 * Thus we don't look at the error return from the
7182 status = close_file(NULL, fsp2, NORMAL_CLOSE);
7184 if (!NT_STATUS_IS_OK(status)) {
7188 if (ret != (off_t)smb_fname_src->st.st_ex_size) {
7189 status = NT_STATUS_DISK_FULL;
7193 status = NT_STATUS_OK;
7196 TALLOC_FREE(smb_fname_dst_tmp);
7200 /****************************************************************************
7201 Reply to a file copy.
7202 ****************************************************************************/
7204 void reply_copy(struct smb_request *req)
7206 connection_struct *conn = req->conn;
7207 struct smb_filename *smb_fname_src = NULL;
7208 struct smb_filename *smb_fname_dst = NULL;
7209 char *fname_src = NULL;
7210 char *fname_dst = NULL;
7211 char *fname_src_mask = NULL;
7212 char *fname_src_dir = NULL;
7215 int error = ERRnoaccess;
7219 bool target_is_directory=False;
7220 bool source_has_wild = False;
7221 bool dest_has_wild = False;
7223 TALLOC_CTX *ctx = talloc_tos();
7225 START_PROFILE(SMBcopy);
7228 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7232 tid2 = SVAL(req->vwv+0, 0);
7233 ofun = SVAL(req->vwv+1, 0);
7234 flags = SVAL(req->vwv+2, 0);
7236 p = (const char *)req->buf;
7237 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
7238 &status, &source_has_wild);
7239 if (!NT_STATUS_IS_OK(status)) {
7240 reply_nterror(req, status);
7243 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
7244 &status, &dest_has_wild);
7245 if (!NT_STATUS_IS_OK(status)) {
7246 reply_nterror(req, status);
7250 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
7252 if (tid2 != conn->cnum) {
7253 /* can't currently handle inter share copies XXXX */
7254 DEBUG(3,("Rejecting inter-share copy\n"));
7255 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
7259 status = filename_convert(ctx, conn,
7260 req->flags2 & FLAGS2_DFS_PATHNAMES,
7262 UCF_COND_ALLOW_WCARD_LCOMP,
7265 if (!NT_STATUS_IS_OK(status)) {
7266 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
7267 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
7268 ERRSRV, ERRbadpath);
7271 reply_nterror(req, status);
7275 status = filename_convert(ctx, conn,
7276 req->flags2 & FLAGS2_DFS_PATHNAMES,
7278 UCF_COND_ALLOW_WCARD_LCOMP,
7281 if (!NT_STATUS_IS_OK(status)) {
7282 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
7283 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
7284 ERRSRV, ERRbadpath);
7287 reply_nterror(req, status);
7291 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
7293 if ((flags&1) && target_is_directory) {
7294 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
7298 if ((flags&2) && !target_is_directory) {
7299 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
7303 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
7304 /* wants a tree copy! XXXX */
7305 DEBUG(3,("Rejecting tree copy\n"));
7306 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7310 /* Split up the directory from the filename/mask. */
7311 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
7312 &fname_src_dir, &fname_src_mask);
7313 if (!NT_STATUS_IS_OK(status)) {
7314 reply_nterror(req, NT_STATUS_NO_MEMORY);
7319 * We should only check the mangled cache
7320 * here if unix_convert failed. This means
7321 * that the path in 'mask' doesn't exist
7322 * on the file system and so we need to look
7323 * for a possible mangle. This patch from
7324 * Tine Smukavec <valentin.smukavec@hermes.si>.
7326 if (!VALID_STAT(smb_fname_src->st) &&
7327 mangle_is_mangled(fname_src_mask, conn->params)) {
7328 char *new_mask = NULL;
7329 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
7330 &new_mask, conn->params);
7332 /* Use demangled name if one was successfully found. */
7334 TALLOC_FREE(fname_src_mask);
7335 fname_src_mask = new_mask;
7339 if (!source_has_wild) {
7342 * Only one file needs to be copied. Append the mask back onto
7345 TALLOC_FREE(smb_fname_src->base_name);
7346 if (ISDOT(fname_src_dir)) {
7347 /* Ensure we use canonical names on open. */
7348 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7352 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7357 if (!smb_fname_src->base_name) {
7358 reply_nterror(req, NT_STATUS_NO_MEMORY);
7362 if (dest_has_wild) {
7363 char *fname_dst_mod = NULL;
7364 if (!resolve_wildcards(smb_fname_dst,
7365 smb_fname_src->base_name,
7366 smb_fname_dst->base_name,
7368 reply_nterror(req, NT_STATUS_NO_MEMORY);
7371 TALLOC_FREE(smb_fname_dst->base_name);
7372 smb_fname_dst->base_name = fname_dst_mod;
7375 status = check_name(conn, smb_fname_src->base_name);
7376 if (!NT_STATUS_IS_OK(status)) {
7377 reply_nterror(req, status);
7381 status = check_name(conn, smb_fname_dst->base_name);
7382 if (!NT_STATUS_IS_OK(status)) {
7383 reply_nterror(req, status);
7387 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
7388 ofun, count, target_is_directory);
7390 if(!NT_STATUS_IS_OK(status)) {
7391 reply_nterror(req, status);
7397 struct smb_Dir *dir_hnd = NULL;
7398 const char *dname = NULL;
7399 char *talloced = NULL;
7403 * There is a wildcard that requires us to actually read the
7404 * src dir and copy each file matching the mask to the dst.
7405 * Right now streams won't be copied, but this could
7406 * presumably be added with a nested loop for reach dir entry.
7408 SMB_ASSERT(!smb_fname_src->stream_name);
7409 SMB_ASSERT(!smb_fname_dst->stream_name);
7411 smb_fname_src->stream_name = NULL;
7412 smb_fname_dst->stream_name = NULL;
7414 if (strequal(fname_src_mask,"????????.???")) {
7415 TALLOC_FREE(fname_src_mask);
7416 fname_src_mask = talloc_strdup(ctx, "*");
7417 if (!fname_src_mask) {
7418 reply_nterror(req, NT_STATUS_NO_MEMORY);
7423 status = check_name(conn, fname_src_dir);
7424 if (!NT_STATUS_IS_OK(status)) {
7425 reply_nterror(req, status);
7429 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
7430 if (dir_hnd == NULL) {
7431 status = map_nt_error_from_unix(errno);
7432 reply_nterror(req, status);
7438 /* Iterate over the src dir copying each entry to the dst. */
7439 while ((dname = ReadDirName(dir_hnd, &offset,
7440 &smb_fname_src->st, &talloced))) {
7441 char *destname = NULL;
7443 if (ISDOT(dname) || ISDOTDOT(dname)) {
7444 TALLOC_FREE(talloced);
7448 if (!is_visible_file(conn, fname_src_dir, dname,
7449 &smb_fname_src->st, false)) {
7450 TALLOC_FREE(talloced);
7454 if(!mask_match(dname, fname_src_mask,
7455 conn->case_sensitive)) {
7456 TALLOC_FREE(talloced);
7460 error = ERRnoaccess;
7462 /* Get the src smb_fname struct setup. */
7463 TALLOC_FREE(smb_fname_src->base_name);
7464 if (ISDOT(fname_src_dir)) {
7465 /* Ensure we use canonical names on open. */
7466 smb_fname_src->base_name =
7467 talloc_asprintf(smb_fname_src, "%s",
7470 smb_fname_src->base_name =
7471 talloc_asprintf(smb_fname_src, "%s/%s",
7472 fname_src_dir, dname);
7475 if (!smb_fname_src->base_name) {
7476 TALLOC_FREE(dir_hnd);
7477 TALLOC_FREE(talloced);
7478 reply_nterror(req, NT_STATUS_NO_MEMORY);
7482 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
7483 smb_fname_dst->base_name,
7485 TALLOC_FREE(talloced);
7489 TALLOC_FREE(dir_hnd);
7490 TALLOC_FREE(talloced);
7491 reply_nterror(req, NT_STATUS_NO_MEMORY);
7495 TALLOC_FREE(smb_fname_dst->base_name);
7496 smb_fname_dst->base_name = destname;
7498 status = check_name(conn, smb_fname_src->base_name);
7499 if (!NT_STATUS_IS_OK(status)) {
7500 TALLOC_FREE(dir_hnd);
7501 TALLOC_FREE(talloced);
7502 reply_nterror(req, status);
7506 status = check_name(conn, smb_fname_dst->base_name);
7507 if (!NT_STATUS_IS_OK(status)) {
7508 TALLOC_FREE(dir_hnd);
7509 TALLOC_FREE(talloced);
7510 reply_nterror(req, status);
7514 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7515 smb_fname_src->base_name,
7516 smb_fname_dst->base_name));
7518 status = copy_file(ctx, conn, smb_fname_src,
7519 smb_fname_dst, ofun, count,
7520 target_is_directory);
7521 if (NT_STATUS_IS_OK(status)) {
7525 TALLOC_FREE(talloced);
7527 TALLOC_FREE(dir_hnd);
7531 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
7535 reply_outbuf(req, 1, 0);
7536 SSVAL(req->outbuf,smb_vwv0,count);
7538 TALLOC_FREE(smb_fname_src);
7539 TALLOC_FREE(smb_fname_dst);
7540 TALLOC_FREE(fname_src);
7541 TALLOC_FREE(fname_dst);
7542 TALLOC_FREE(fname_src_mask);
7543 TALLOC_FREE(fname_src_dir);
7545 END_PROFILE(SMBcopy);
7550 #define DBGC_CLASS DBGC_LOCKING
7552 /****************************************************************************
7553 Get a lock pid, dealing with large count requests.
7554 ****************************************************************************/
7556 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
7557 bool large_file_format)
7559 if(!large_file_format)
7560 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
7562 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7565 /****************************************************************************
7566 Get a lock count, dealing with large count requests.
7567 ****************************************************************************/
7569 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7570 bool large_file_format)
7574 if(!large_file_format) {
7575 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7578 #if defined(HAVE_LONGLONG)
7579 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7580 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7581 #else /* HAVE_LONGLONG */
7584 * NT4.x seems to be broken in that it sends large file (64 bit)
7585 * lockingX calls even if the CAP_LARGE_FILES was *not*
7586 * negotiated. For boxes without large unsigned ints truncate the
7587 * lock count by dropping the top 32 bits.
7590 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7591 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7592 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7593 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7594 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7597 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7598 #endif /* HAVE_LONGLONG */
7604 #if !defined(HAVE_LONGLONG)
7605 /****************************************************************************
7606 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7607 ****************************************************************************/
7609 static uint32 map_lock_offset(uint32 high, uint32 low)
7613 uint32 highcopy = high;
7616 * Try and find out how many significant bits there are in high.
7619 for(i = 0; highcopy; i++)
7623 * We use 31 bits not 32 here as POSIX
7624 * lock offsets may not be negative.
7627 mask = (~0) << (31 - i);
7630 return 0; /* Fail. */
7636 #endif /* !defined(HAVE_LONGLONG) */
7638 /****************************************************************************
7639 Get a lock offset, dealing with large offset requests.
7640 ****************************************************************************/
7642 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7643 bool large_file_format, bool *err)
7645 uint64_t offset = 0;
7649 if(!large_file_format) {
7650 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7653 #if defined(HAVE_LONGLONG)
7654 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7655 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7656 #else /* HAVE_LONGLONG */
7659 * NT4.x seems to be broken in that it sends large file (64 bit)
7660 * lockingX calls even if the CAP_LARGE_FILES was *not*
7661 * negotiated. For boxes without large unsigned ints mangle the
7662 * lock offset by mapping the top 32 bits onto the lower 32.
7665 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7666 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7667 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7670 if((new_low = map_lock_offset(high, low)) == 0) {
7672 return (uint64_t)-1;
7675 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7676 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7677 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7678 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7681 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7682 #endif /* HAVE_LONGLONG */
7688 NTSTATUS smbd_do_locking(struct smb_request *req,
7692 uint16_t num_ulocks,
7693 struct smbd_lock_element *ulocks,
7695 struct smbd_lock_element *locks,
7698 connection_struct *conn = req->conn;
7700 NTSTATUS status = NT_STATUS_OK;
7704 /* Data now points at the beginning of the list
7705 of smb_unlkrng structs */
7706 for(i = 0; i < (int)num_ulocks; i++) {
7707 struct smbd_lock_element *e = &ulocks[i];
7709 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7710 "pid %u, file %s\n",
7713 (unsigned int)e->smblctx,
7716 if (e->brltype != UNLOCK_LOCK) {
7717 /* this can only happen with SMB2 */
7718 return NT_STATUS_INVALID_PARAMETER;
7721 status = do_unlock(req->sconn->msg_ctx,
7728 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7729 nt_errstr(status)));
7731 if (!NT_STATUS_IS_OK(status)) {
7736 /* Setup the timeout in seconds. */
7738 if (!lp_blocking_locks(SNUM(conn))) {
7742 /* Data now points at the beginning of the list
7743 of smb_lkrng structs */
7745 for(i = 0; i < (int)num_locks; i++) {
7746 struct smbd_lock_element *e = &locks[i];
7748 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7749 "%llu, file %s timeout = %d\n",
7752 (unsigned long long)e->smblctx,
7756 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7757 struct blocking_lock_record *blr = NULL;
7759 if (num_locks > 1) {
7761 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7762 * if the lock vector contains one entry. When given mutliple cancel
7763 * requests in a single PDU we expect the server to return an
7764 * error. Windows servers seem to accept the request but only
7765 * cancel the first lock.
7766 * JRA - Do what Windows does (tm) :-).
7770 /* MS-CIFS (2.2.4.32.1) behavior. */
7771 return NT_STATUS_DOS(ERRDOS,
7772 ERRcancelviolation);
7774 /* Windows behavior. */
7776 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7777 "cancel request\n"));
7783 if (lp_blocking_locks(SNUM(conn))) {
7785 /* Schedule a message to ourselves to
7786 remove the blocking lock record and
7787 return the right error. */
7789 blr = blocking_lock_cancel_smb1(fsp,
7795 NT_STATUS_FILE_LOCK_CONFLICT);
7797 return NT_STATUS_DOS(
7799 ERRcancelviolation);
7802 /* Remove a matching pending lock. */
7803 status = do_lock_cancel(fsp,
7810 bool blocking_lock = timeout ? true : false;
7811 bool defer_lock = false;
7812 struct byte_range_lock *br_lck;
7813 uint64_t block_smblctx;
7815 br_lck = do_lock(req->sconn->msg_ctx,
7827 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7828 /* Windows internal resolution for blocking locks seems
7829 to be about 200ms... Don't wait for less than that. JRA. */
7830 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7831 timeout = lp_lock_spin_time();
7836 /* If a lock sent with timeout of zero would fail, and
7837 * this lock has been requested multiple times,
7838 * according to brl_lock_failed() we convert this
7839 * request to a blocking lock with a timeout of between
7840 * 150 - 300 milliseconds.
7842 * If lp_lock_spin_time() has been set to 0, we skip
7843 * this blocking retry and fail immediately.
7845 * Replacement for do_lock_spin(). JRA. */
7847 if (!req->sconn->using_smb2 &&
7848 br_lck && lp_blocking_locks(SNUM(conn)) &&
7849 lp_lock_spin_time() && !blocking_lock &&
7850 NT_STATUS_EQUAL((status),
7851 NT_STATUS_FILE_LOCK_CONFLICT))
7854 timeout = lp_lock_spin_time();
7857 if (br_lck && defer_lock) {
7859 * A blocking lock was requested. Package up
7860 * this smb into a queued request and push it
7861 * onto the blocking lock queue.
7863 if(push_blocking_lock_request(br_lck,
7874 TALLOC_FREE(br_lck);
7876 return NT_STATUS_OK;
7880 TALLOC_FREE(br_lck);
7883 if (!NT_STATUS_IS_OK(status)) {
7888 /* If any of the above locks failed, then we must unlock
7889 all of the previous locks (X/Open spec). */
7891 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7893 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7894 i = -1; /* we want to skip the for loop */
7898 * Ensure we don't do a remove on the lock that just failed,
7899 * as under POSIX rules, if we have a lock already there, we
7900 * will delete it (and we shouldn't) .....
7902 for(i--; i >= 0; i--) {
7903 struct smbd_lock_element *e = &locks[i];
7905 do_unlock(req->sconn->msg_ctx,
7915 DEBUG(3, ("smbd_do_locking: %s type=%d num_locks=%d num_ulocks=%d\n",
7916 fsp_fnum_dbg(fsp), (unsigned int)type, num_locks, num_ulocks));
7918 return NT_STATUS_OK;
7921 /****************************************************************************
7922 Reply to a lockingX request.
7923 ****************************************************************************/
7925 void reply_lockingX(struct smb_request *req)
7927 connection_struct *conn = req->conn;
7929 unsigned char locktype;
7930 unsigned char oplocklevel;
7935 const uint8_t *data;
7936 bool large_file_format;
7938 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7939 struct smbd_lock_element *ulocks;
7940 struct smbd_lock_element *locks;
7943 START_PROFILE(SMBlockingX);
7946 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7947 END_PROFILE(SMBlockingX);
7951 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7952 locktype = CVAL(req->vwv+3, 0);
7953 oplocklevel = CVAL(req->vwv+3, 1);
7954 num_ulocks = SVAL(req->vwv+6, 0);
7955 num_locks = SVAL(req->vwv+7, 0);
7956 lock_timeout = IVAL(req->vwv+4, 0);
7957 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7959 if (!check_fsp(conn, req, fsp)) {
7960 END_PROFILE(SMBlockingX);
7966 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7967 /* we don't support these - and CANCEL_LOCK makes w2k
7968 and XP reboot so I don't really want to be
7969 compatible! (tridge) */
7970 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7971 END_PROFILE(SMBlockingX);
7975 /* Check if this is an oplock break on a file
7976 we have granted an oplock on.
7978 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7979 /* Client can insist on breaking to none. */
7980 bool break_to_none = (oplocklevel == 0);
7983 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7984 "for %s\n", (unsigned int)oplocklevel,
7985 fsp_fnum_dbg(fsp)));
7988 * Make sure we have granted an exclusive or batch oplock on
7992 if (fsp->oplock_type == 0) {
7994 /* The Samba4 nbench simulator doesn't understand
7995 the difference between break to level2 and break
7996 to none from level2 - it sends oplock break
7997 replies in both cases. Don't keep logging an error
7998 message here - just ignore it. JRA. */
8000 DEBUG(5,("reply_lockingX: Error : oplock break from "
8001 "client for %s (oplock=%d) and no "
8002 "oplock granted on this file (%s).\n",
8003 fsp_fnum_dbg(fsp), fsp->oplock_type,
8006 /* if this is a pure oplock break request then don't
8008 if (num_locks == 0 && num_ulocks == 0) {
8009 END_PROFILE(SMBlockingX);
8012 END_PROFILE(SMBlockingX);
8013 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
8018 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
8020 result = remove_oplock(fsp);
8022 result = downgrade_oplock(fsp);
8026 DEBUG(0, ("reply_lockingX: error in removing "
8027 "oplock on file %s\n", fsp_str_dbg(fsp)));
8028 /* Hmmm. Is this panic justified? */
8029 smb_panic("internal tdb error");
8032 reply_to_oplock_break_requests(fsp);
8034 /* if this is a pure oplock break request then don't send a
8036 if (num_locks == 0 && num_ulocks == 0) {
8037 /* Sanity check - ensure a pure oplock break is not a
8039 if(CVAL(req->vwv+0, 0) != 0xff)
8040 DEBUG(0,("reply_lockingX: Error : pure oplock "
8041 "break is a chained %d request !\n",
8042 (unsigned int)CVAL(req->vwv+0, 0)));
8043 END_PROFILE(SMBlockingX);
8049 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
8050 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8051 END_PROFILE(SMBlockingX);
8055 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
8056 if (ulocks == NULL) {
8057 reply_nterror(req, NT_STATUS_NO_MEMORY);
8058 END_PROFILE(SMBlockingX);
8062 locks = talloc_array(req, struct smbd_lock_element, num_locks);
8063 if (locks == NULL) {
8064 reply_nterror(req, NT_STATUS_NO_MEMORY);
8065 END_PROFILE(SMBlockingX);
8069 /* Data now points at the beginning of the list
8070 of smb_unlkrng structs */
8071 for(i = 0; i < (int)num_ulocks; i++) {
8072 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
8073 ulocks[i].count = get_lock_count(data, i, large_file_format);
8074 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
8075 ulocks[i].brltype = UNLOCK_LOCK;
8078 * There is no error code marked "stupid client bug".... :-).
8081 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8082 END_PROFILE(SMBlockingX);
8087 /* Now do any requested locks */
8088 data += ((large_file_format ? 20 : 10)*num_ulocks);
8090 /* Data now points at the beginning of the list
8091 of smb_lkrng structs */
8093 for(i = 0; i < (int)num_locks; i++) {
8094 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
8095 locks[i].count = get_lock_count(data, i, large_file_format);
8096 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
8098 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
8099 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
8100 locks[i].brltype = PENDING_READ_LOCK;
8102 locks[i].brltype = READ_LOCK;
8105 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
8106 locks[i].brltype = PENDING_WRITE_LOCK;
8108 locks[i].brltype = WRITE_LOCK;
8113 * There is no error code marked "stupid client bug".... :-).
8116 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8117 END_PROFILE(SMBlockingX);
8122 status = smbd_do_locking(req, fsp,
8123 locktype, lock_timeout,
8127 if (!NT_STATUS_IS_OK(status)) {
8128 END_PROFILE(SMBlockingX);
8129 reply_nterror(req, status);
8133 END_PROFILE(SMBlockingX);
8137 reply_outbuf(req, 2, 0);
8138 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
8139 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
8141 DEBUG(3, ("lockingX %s type=%d num_locks=%d num_ulocks=%d\n",
8142 fsp_fnum_dbg(fsp), (unsigned int)locktype, num_locks, num_ulocks));
8144 END_PROFILE(SMBlockingX);
8148 #define DBGC_CLASS DBGC_ALL
8150 /****************************************************************************
8151 Reply to a SMBreadbmpx (read block multiplex) request.
8152 Always reply with an error, if someone has a platform really needs this,
8153 please contact vl@samba.org
8154 ****************************************************************************/
8156 void reply_readbmpx(struct smb_request *req)
8158 START_PROFILE(SMBreadBmpx);
8159 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8160 END_PROFILE(SMBreadBmpx);
8164 /****************************************************************************
8165 Reply to a SMBreadbs (read block multiplex secondary) request.
8166 Always reply with an error, if someone has a platform really needs this,
8167 please contact vl@samba.org
8168 ****************************************************************************/
8170 void reply_readbs(struct smb_request *req)
8172 START_PROFILE(SMBreadBs);
8173 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8174 END_PROFILE(SMBreadBs);
8178 /****************************************************************************
8179 Reply to a SMBsetattrE.
8180 ****************************************************************************/
8182 void reply_setattrE(struct smb_request *req)
8184 connection_struct *conn = req->conn;
8185 struct smb_file_time ft;
8189 START_PROFILE(SMBsetattrE);
8193 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8197 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
8199 if(!fsp || (fsp->conn != conn)) {
8200 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
8205 * Convert the DOS times into unix times.
8208 ft.atime = convert_time_t_to_timespec(
8209 srv_make_unix_date2(req->vwv+3));
8210 ft.mtime = convert_time_t_to_timespec(
8211 srv_make_unix_date2(req->vwv+5));
8212 ft.create_time = convert_time_t_to_timespec(
8213 srv_make_unix_date2(req->vwv+1));
8215 reply_outbuf(req, 0, 0);
8218 * Patch from Ray Frush <frush@engr.colostate.edu>
8219 * Sometimes times are sent as zero - ignore them.
8222 /* Ensure we have a valid stat struct for the source. */
8223 status = vfs_stat_fsp(fsp);
8224 if (!NT_STATUS_IS_OK(status)) {
8225 reply_nterror(req, status);
8229 if (!(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
8230 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8234 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
8235 if (!NT_STATUS_IS_OK(status)) {
8236 reply_nterror(req, status);
8240 DEBUG( 3, ( "reply_setattrE %s actime=%u modtime=%u "
8243 (unsigned int)ft.atime.tv_sec,
8244 (unsigned int)ft.mtime.tv_sec,
8245 (unsigned int)ft.create_time.tv_sec
8248 END_PROFILE(SMBsetattrE);
8253 /* Back from the dead for OS/2..... JRA. */
8255 /****************************************************************************
8256 Reply to a SMBwritebmpx (write block multiplex primary) request.
8257 Always reply with an error, if someone has a platform really needs this,
8258 please contact vl@samba.org
8259 ****************************************************************************/
8261 void reply_writebmpx(struct smb_request *req)
8263 START_PROFILE(SMBwriteBmpx);
8264 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8265 END_PROFILE(SMBwriteBmpx);
8269 /****************************************************************************
8270 Reply to a SMBwritebs (write block multiplex secondary) request.
8271 Always reply with an error, if someone has a platform really needs this,
8272 please contact vl@samba.org
8273 ****************************************************************************/
8275 void reply_writebs(struct smb_request *req)
8277 START_PROFILE(SMBwriteBs);
8278 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8279 END_PROFILE(SMBwriteBs);
8283 /****************************************************************************
8284 Reply to a SMBgetattrE.
8285 ****************************************************************************/
8287 void reply_getattrE(struct smb_request *req)
8289 connection_struct *conn = req->conn;
8292 struct timespec create_ts;
8294 START_PROFILE(SMBgetattrE);
8297 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8298 END_PROFILE(SMBgetattrE);
8302 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
8304 if(!fsp || (fsp->conn != conn)) {
8305 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
8306 END_PROFILE(SMBgetattrE);
8310 /* Do an fstat on this file */
8312 reply_nterror(req, map_nt_error_from_unix(errno));
8313 END_PROFILE(SMBgetattrE);
8317 mode = dos_mode(conn, fsp->fsp_name);
8320 * Convert the times into dos times. Set create
8321 * date to be last modify date as UNIX doesn't save
8325 reply_outbuf(req, 11, 0);
8327 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
8328 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
8329 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
8330 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
8331 /* Should we check pending modtime here ? JRA */
8332 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
8333 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
8335 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
8336 SIVAL(req->outbuf, smb_vwv6, 0);
8337 SIVAL(req->outbuf, smb_vwv8, 0);
8339 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
8340 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
8341 SIVAL(req->outbuf, smb_vwv8, allocation_size);
8343 SSVAL(req->outbuf,smb_vwv10, mode);
8345 DEBUG( 3, ( "reply_getattrE %s\n", fsp_fnum_dbg(fsp)));
8347 END_PROFILE(SMBgetattrE);
git.samba.org / metze / samba / wip.git / blob