2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern bool global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 bool *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
219 bool *contains_wcard)
226 ret = srvstr_pull_buf_talloc(ctx,
233 ret = srvstr_pull_talloc(ctx,
243 *err = NT_STATUS_INVALID_PARAMETER;
247 *contains_wcard = False;
249 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
251 * For a DFS path the function parse_dfs_path()
252 * will do the path processing, just make a copy.
258 if (lp_posix_pathnames()) {
259 *err = check_path_syntax_posix(*pp_dest);
261 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
267 /****************************************************************************
268 Pull a string and check the path - provide for error return.
269 ****************************************************************************/
271 size_t srvstr_get_path(TALLOC_CTX *ctx,
285 ret = srvstr_pull_buf_talloc(ctx,
292 ret = srvstr_pull_talloc(ctx,
302 *err = NT_STATUS_INVALID_PARAMETER;
306 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
308 * For a DFS path the function parse_dfs_path()
309 * will do the path processing, just make a copy.
315 if (lp_posix_pathnames()) {
316 *err = check_path_syntax_posix(*pp_dest);
318 *err = check_path_syntax(*pp_dest);
324 /****************************************************************************
325 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
326 ****************************************************************************/
328 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
329 files_struct *fsp, struct current_user *user)
331 if (!(fsp) || !(conn)) {
332 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
335 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
336 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
342 /****************************************************************************
343 Check if we have a correct fsp pointing to a file. Replacement for the
345 ****************************************************************************/
347 bool check_fsp(connection_struct *conn, struct smb_request *req,
348 files_struct *fsp, struct current_user *user)
350 if (!check_fsp_open(conn, req, fsp, user)) {
353 if ((fsp)->is_directory) {
354 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
357 if ((fsp)->fh->fd == -1) {
358 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
361 (fsp)->num_smb_operations++;
365 /****************************************************************************
366 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
367 ****************************************************************************/
369 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
370 files_struct *fsp, struct current_user *user)
372 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
373 && (current_user.vuid==(fsp)->vuid)) {
377 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
381 /****************************************************************************
382 Reply to a (netbios-level) special message.
383 ****************************************************************************/
385 void reply_special(char *inbuf)
387 int msg_type = CVAL(inbuf,0);
388 int msg_flags = CVAL(inbuf,1);
393 * We only really use 4 bytes of the outbuf, but for the smb_setlen
394 * calculation & friends (send_smb uses that) we need the full smb
397 char outbuf[smb_size];
399 static bool already_got_session = False;
403 memset(outbuf, '\0', sizeof(outbuf));
405 smb_setlen(outbuf,0);
408 case 0x81: /* session request */
410 if (already_got_session) {
411 exit_server_cleanly("multiple session request not permitted");
414 SCVAL(outbuf,0,0x82);
416 if (name_len(inbuf+4) > 50 ||
417 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
418 DEBUG(0,("Invalid name length in session request\n"));
421 name_extract(inbuf,4,name1);
422 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
423 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
426 set_local_machine_name(name1, True);
427 set_remote_machine_name(name2, True);
429 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
430 get_local_machine_name(), get_remote_machine_name(),
433 if (name_type == 'R') {
434 /* We are being asked for a pathworks session ---
436 SCVAL(outbuf, 0,0x83);
440 /* only add the client's machine name to the list
441 of possibly valid usernames if we are operating
442 in share mode security */
443 if (lp_security() == SEC_SHARE) {
444 add_session_user(get_remote_machine_name());
447 reload_services(True);
450 already_got_session = True;
453 case 0x89: /* session keepalive request
454 (some old clients produce this?) */
455 SCVAL(outbuf,0,SMBkeepalive);
459 case 0x82: /* positive session response */
460 case 0x83: /* negative session response */
461 case 0x84: /* retarget session response */
462 DEBUG(0,("Unexpected session response\n"));
465 case SMBkeepalive: /* session keepalive */
470 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
471 msg_type, msg_flags));
473 send_smb(smbd_server_fd(), outbuf);
477 /****************************************************************************
479 conn POINTER CAN BE NULL HERE !
480 ****************************************************************************/
482 void reply_tcon(connection_struct *conn, struct smb_request *req)
485 char *service_buf = NULL;
486 char *password = NULL;
491 DATA_BLOB password_blob;
492 TALLOC_CTX *ctx = talloc_tos();
494 START_PROFILE(SMBtcon);
496 if (smb_buflen(req->inbuf) < 4) {
497 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
498 END_PROFILE(SMBtcon);
502 p = smb_buf(req->inbuf)+1;
503 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
504 &service_buf, p, STR_TERMINATE) + 1;
505 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
506 &password, p, STR_TERMINATE) + 1;
508 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
509 &dev, p, STR_TERMINATE) + 1;
511 if (service_buf == NULL || password == NULL || dev == NULL) {
512 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
513 END_PROFILE(SMBtcon);
516 p = strrchr_m(service_buf,'\\');
520 service = service_buf;
523 password_blob = data_blob(password, pwlen+1);
525 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
527 data_blob_clear_free(&password_blob);
530 reply_nterror(req, nt_status);
531 END_PROFILE(SMBtcon);
535 reply_outbuf(req, 2, 0);
536 SSVAL(req->outbuf,smb_vwv0,max_recv);
537 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
538 SSVAL(req->outbuf,smb_tid,conn->cnum);
540 DEBUG(3,("tcon service=%s cnum=%d\n",
541 service, conn->cnum));
543 END_PROFILE(SMBtcon);
547 /****************************************************************************
548 Reply to a tcon and X.
549 conn POINTER CAN BE NULL HERE !
550 ****************************************************************************/
552 void reply_tcon_and_X(connection_struct *conn, struct smb_request *req)
554 char *service = NULL;
556 TALLOC_CTX *ctx = talloc_tos();
557 /* what the cleint thinks the device is */
558 char *client_devicetype = NULL;
559 /* what the server tells the client the share represents */
560 const char *server_devicetype;
567 START_PROFILE(SMBtconX);
570 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
571 END_PROFILE(SMBtconX);
575 passlen = SVAL(req->inbuf,smb_vwv3);
576 tcon_flags = SVAL(req->inbuf,smb_vwv2);
578 /* we might have to close an old one */
579 if ((tcon_flags & 0x1) && conn) {
580 close_cnum(conn,req->vuid);
583 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
584 reply_doserror(req, ERRDOS, ERRbuftoosmall);
585 END_PROFILE(SMBtconX);
589 if (global_encrypted_passwords_negotiated) {
590 password = data_blob(smb_buf(req->inbuf),passlen);
591 if (lp_security() == SEC_SHARE) {
593 * Security = share always has a pad byte
594 * after the password.
596 p = smb_buf(req->inbuf) + passlen + 1;
598 p = smb_buf(req->inbuf) + passlen;
601 password = data_blob(smb_buf(req->inbuf),passlen+1);
602 /* Ensure correct termination */
603 password.data[passlen]=0;
604 p = smb_buf(req->inbuf) + passlen + 1;
607 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
611 data_blob_clear_free(&password);
612 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
613 END_PROFILE(SMBtconX);
618 * the service name can be either: \\server\share
619 * or share directly like on the DELL PowerVault 705
622 q = strchr_m(path+2,'\\');
624 data_blob_clear_free(&password);
625 reply_doserror(req, ERRDOS, ERRnosuchshare);
626 END_PROFILE(SMBtconX);
634 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
635 &client_devicetype, p,
636 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
638 if (client_devicetype == NULL) {
639 data_blob_clear_free(&password);
640 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
641 END_PROFILE(SMBtconX);
645 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
647 conn = make_connection(service, password, client_devicetype,
648 req->vuid, &nt_status);
650 data_blob_clear_free(&password);
653 reply_nterror(req, nt_status);
654 END_PROFILE(SMBtconX);
659 server_devicetype = "IPC";
660 else if ( IS_PRINT(conn) )
661 server_devicetype = "LPT1:";
663 server_devicetype = "A:";
665 if (Protocol < PROTOCOL_NT1) {
666 reply_outbuf(req, 2, 0);
667 if (message_push_string(&req->outbuf, server_devicetype,
668 STR_TERMINATE|STR_ASCII) == -1) {
669 reply_nterror(req, NT_STATUS_NO_MEMORY);
670 END_PROFILE(SMBtconX);
674 /* NT sets the fstype of IPC$ to the null string */
675 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
677 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
678 /* Return permissions. */
682 reply_outbuf(req, 7, 0);
685 perm1 = FILE_ALL_ACCESS;
686 perm2 = FILE_ALL_ACCESS;
688 perm1 = CAN_WRITE(conn) ?
693 SIVAL(req->outbuf, smb_vwv3, perm1);
694 SIVAL(req->outbuf, smb_vwv5, perm2);
696 reply_outbuf(req, 3, 0);
699 if ((message_push_string(&req->outbuf, server_devicetype,
700 STR_TERMINATE|STR_ASCII) == -1)
701 || (message_push_string(&req->outbuf, fstype,
702 STR_TERMINATE) == -1)) {
703 reply_nterror(req, NT_STATUS_NO_MEMORY);
704 END_PROFILE(SMBtconX);
708 /* what does setting this bit do? It is set by NT4 and
709 may affect the ability to autorun mounted cdroms */
710 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
711 (lp_csc_policy(SNUM(conn)) << 2));
713 init_dfsroot(conn, req->inbuf, req->outbuf);
717 DEBUG(3,("tconX service=%s \n",
720 /* set the incoming and outgoing tid to the just created one */
721 SSVAL(req->inbuf,smb_tid,conn->cnum);
722 SSVAL(req->outbuf,smb_tid,conn->cnum);
724 END_PROFILE(SMBtconX);
730 /****************************************************************************
731 Reply to an unknown type.
732 ****************************************************************************/
734 int reply_unknown(char *inbuf,char *outbuf)
737 type = CVAL(inbuf,smb_com);
739 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
740 smb_fn_name(type), type, type));
742 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
745 void reply_unknown_new(struct smb_request *req, uint8 type)
747 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
748 smb_fn_name(type), type, type));
749 reply_doserror(req, ERRSRV, ERRunknownsmb);
753 /****************************************************************************
755 conn POINTER CAN BE NULL HERE !
756 ****************************************************************************/
758 void reply_ioctl(connection_struct *conn, struct smb_request *req)
766 START_PROFILE(SMBioctl);
769 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
770 END_PROFILE(SMBioctl);
774 device = SVAL(req->inbuf,smb_vwv1);
775 function = SVAL(req->inbuf,smb_vwv2);
776 ioctl_code = (device << 16) + function;
778 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
780 switch (ioctl_code) {
781 case IOCTL_QUERY_JOB_INFO:
785 reply_doserror(req, ERRSRV, ERRnosupport);
786 END_PROFILE(SMBioctl);
790 reply_outbuf(req, 8, replysize+1);
791 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
792 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
793 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
794 p = smb_buf(req->outbuf);
795 memset(p, '\0', replysize+1); /* valgrind-safe. */
796 p += 1; /* Allow for alignment */
798 switch (ioctl_code) {
799 case IOCTL_QUERY_JOB_INFO:
801 files_struct *fsp = file_fsp(SVAL(req->inbuf,
804 reply_doserror(req, ERRDOS, ERRbadfid);
805 END_PROFILE(SMBioctl);
808 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
809 srvstr_push((char *)req->outbuf, req->flags2, p+2,
811 STR_TERMINATE|STR_ASCII);
813 srvstr_push((char *)req->outbuf, req->flags2,
814 p+18, lp_servicename(SNUM(conn)),
815 13, STR_TERMINATE|STR_ASCII);
823 END_PROFILE(SMBioctl);
827 /****************************************************************************
828 Strange checkpath NTSTATUS mapping.
829 ****************************************************************************/
831 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
833 /* Strange DOS error code semantics only for checkpath... */
834 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
835 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
836 /* We need to map to ERRbadpath */
837 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
843 /****************************************************************************
844 Reply to a checkpath.
845 ****************************************************************************/
847 void reply_checkpath(connection_struct *conn, struct smb_request *req)
850 SMB_STRUCT_STAT sbuf;
852 TALLOC_CTX *ctx = talloc_tos();
854 START_PROFILE(SMBcheckpath);
856 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
857 smb_buf(req->inbuf) + 1, 0,
858 STR_TERMINATE, &status);
859 if (!NT_STATUS_IS_OK(status)) {
860 status = map_checkpath_error((char *)req->inbuf, status);
861 reply_nterror(req, status);
862 END_PROFILE(SMBcheckpath);
866 status = resolve_dfspath(ctx, conn,
867 req->flags2 & FLAGS2_DFS_PATHNAMES,
870 if (!NT_STATUS_IS_OK(status)) {
871 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
872 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
874 END_PROFILE(SMBcheckpath);
880 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
882 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
883 if (!NT_STATUS_IS_OK(status)) {
887 status = check_name(conn, name);
888 if (!NT_STATUS_IS_OK(status)) {
889 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
893 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
894 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
895 status = map_nt_error_from_unix(errno);
899 if (!S_ISDIR(sbuf.st_mode)) {
900 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
902 END_PROFILE(SMBcheckpath);
906 reply_outbuf(req, 0, 0);
908 END_PROFILE(SMBcheckpath);
913 END_PROFILE(SMBcheckpath);
915 /* We special case this - as when a Windows machine
916 is parsing a path is steps through the components
917 one at a time - if a component fails it expects
918 ERRbadpath, not ERRbadfile.
920 status = map_checkpath_error((char *)req->inbuf, status);
921 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
923 * Windows returns different error codes if
924 * the parent directory is valid but not the
925 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
926 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
927 * if the path is invalid.
929 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
934 reply_nterror(req, status);
937 /****************************************************************************
939 ****************************************************************************/
941 void reply_getatr(connection_struct *conn, struct smb_request *req)
944 SMB_STRUCT_STAT sbuf;
950 TALLOC_CTX *ctx = talloc_tos();
952 START_PROFILE(SMBgetatr);
954 p = smb_buf(req->inbuf) + 1;
955 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
956 0, STR_TERMINATE, &status);
957 if (!NT_STATUS_IS_OK(status)) {
958 reply_nterror(req, status);
959 END_PROFILE(SMBgetatr);
963 status = resolve_dfspath(ctx, conn,
964 req->flags2 & FLAGS2_DFS_PATHNAMES,
967 if (!NT_STATUS_IS_OK(status)) {
968 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
969 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
971 END_PROFILE(SMBgetatr);
974 reply_nterror(req, status);
975 END_PROFILE(SMBgetatr);
979 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
980 under WfWg - weird! */
981 if (*fname == '\0') {
982 mode = aHIDDEN | aDIR;
983 if (!CAN_WRITE(conn)) {
989 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
990 if (!NT_STATUS_IS_OK(status)) {
991 reply_nterror(req, status);
992 END_PROFILE(SMBgetatr);
995 status = check_name(conn, fname);
996 if (!NT_STATUS_IS_OK(status)) {
997 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
998 reply_nterror(req, status);
999 END_PROFILE(SMBgetatr);
1002 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1003 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1004 reply_unixerror(req, ERRDOS,ERRbadfile);
1005 END_PROFILE(SMBgetatr);
1009 mode = dos_mode(conn,fname,&sbuf);
1010 size = sbuf.st_size;
1011 mtime = sbuf.st_mtime;
1017 reply_outbuf(req, 10, 0);
1019 SSVAL(req->outbuf,smb_vwv0,mode);
1020 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1021 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1023 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1025 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1027 if (Protocol >= PROTOCOL_NT1) {
1028 SSVAL(req->outbuf, smb_flg2,
1029 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1032 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1034 END_PROFILE(SMBgetatr);
1038 /****************************************************************************
1040 ****************************************************************************/
1042 void reply_setatr(connection_struct *conn, struct smb_request *req)
1047 SMB_STRUCT_STAT sbuf;
1050 TALLOC_CTX *ctx = talloc_tos();
1052 START_PROFILE(SMBsetatr);
1055 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1059 p = smb_buf(req->inbuf) + 1;
1060 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1061 0, STR_TERMINATE, &status);
1062 if (!NT_STATUS_IS_OK(status)) {
1063 reply_nterror(req, status);
1064 END_PROFILE(SMBsetatr);
1068 status = resolve_dfspath(ctx, conn,
1069 req->flags2 & FLAGS2_DFS_PATHNAMES,
1072 if (!NT_STATUS_IS_OK(status)) {
1073 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1074 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1075 ERRSRV, ERRbadpath);
1076 END_PROFILE(SMBsetatr);
1079 reply_nterror(req, status);
1080 END_PROFILE(SMBsetatr);
1084 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1085 if (!NT_STATUS_IS_OK(status)) {
1086 reply_nterror(req, status);
1087 END_PROFILE(SMBsetatr);
1091 status = check_name(conn, fname);
1092 if (!NT_STATUS_IS_OK(status)) {
1093 reply_nterror(req, status);
1094 END_PROFILE(SMBsetatr);
1098 if (fname[0] == '.' && fname[1] == '\0') {
1100 * Not sure here is the right place to catch this
1101 * condition. Might be moved to somewhere else later -- vl
1103 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1104 END_PROFILE(SMBsetatr);
1108 mode = SVAL(req->inbuf,smb_vwv0);
1109 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1111 if (mode != FILE_ATTRIBUTE_NORMAL) {
1112 if (VALID_STAT_OF_DIR(sbuf))
1117 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1118 reply_unixerror(req, ERRDOS, ERRnoaccess);
1119 END_PROFILE(SMBsetatr);
1124 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1125 reply_unixerror(req, ERRDOS, ERRnoaccess);
1126 END_PROFILE(SMBsetatr);
1130 reply_outbuf(req, 0, 0);
1132 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1134 END_PROFILE(SMBsetatr);
1138 /****************************************************************************
1140 ****************************************************************************/
1142 void reply_dskattr(connection_struct *conn, struct smb_request *req)
1144 SMB_BIG_UINT dfree,dsize,bsize;
1145 START_PROFILE(SMBdskattr);
1147 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1148 reply_unixerror(req, ERRHRD, ERRgeneral);
1149 END_PROFILE(SMBdskattr);
1153 reply_outbuf(req, 5, 0);
1155 if (Protocol <= PROTOCOL_LANMAN2) {
1156 double total_space, free_space;
1157 /* we need to scale this to a number that DOS6 can handle. We
1158 use floating point so we can handle large drives on systems
1159 that don't have 64 bit integers
1161 we end up displaying a maximum of 2G to DOS systems
1163 total_space = dsize * (double)bsize;
1164 free_space = dfree * (double)bsize;
1166 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1167 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1169 if (dsize > 0xFFFF) dsize = 0xFFFF;
1170 if (dfree > 0xFFFF) dfree = 0xFFFF;
1172 SSVAL(req->outbuf,smb_vwv0,dsize);
1173 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1174 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1175 SSVAL(req->outbuf,smb_vwv3,dfree);
1177 SSVAL(req->outbuf,smb_vwv0,dsize);
1178 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1179 SSVAL(req->outbuf,smb_vwv2,512);
1180 SSVAL(req->outbuf,smb_vwv3,dfree);
1183 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1185 END_PROFILE(SMBdskattr);
1189 /****************************************************************************
1191 Can be called from SMBsearch, SMBffirst or SMBfunique.
1192 ****************************************************************************/
1194 void reply_search(connection_struct *conn, struct smb_request *req)
1197 char *directory = NULL;
1203 unsigned int numentries = 0;
1204 unsigned int maxentries = 0;
1205 bool finished = False;
1211 bool check_descend = False;
1212 bool expect_close = False;
1214 bool mask_contains_wcard = False;
1215 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1216 TALLOC_CTX *ctx = talloc_tos();
1218 START_PROFILE(SMBsearch);
1221 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1222 END_PROFILE(SMBsearch);
1226 if (lp_posix_pathnames()) {
1227 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1228 END_PROFILE(SMBsearch);
1232 /* If we were called as SMBffirst then we must expect close. */
1233 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1234 expect_close = True;
1237 reply_outbuf(req, 1, 3);
1238 maxentries = SVAL(req->inbuf,smb_vwv0);
1239 dirtype = SVAL(req->inbuf,smb_vwv1);
1240 p = smb_buf(req->inbuf) + 1;
1241 p += srvstr_get_path_wcard(ctx,
1249 &mask_contains_wcard);
1250 if (!NT_STATUS_IS_OK(nt_status)) {
1251 reply_nterror(req, nt_status);
1252 END_PROFILE(SMBsearch);
1256 nt_status = resolve_dfspath_wcard(ctx, conn,
1257 req->flags2 & FLAGS2_DFS_PATHNAMES,
1260 &mask_contains_wcard);
1261 if (!NT_STATUS_IS_OK(nt_status)) {
1262 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1263 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1264 ERRSRV, ERRbadpath);
1265 END_PROFILE(SMBsearch);
1268 reply_nterror(req, nt_status);
1269 END_PROFILE(SMBsearch);
1274 status_len = SVAL(p, 0);
1277 /* dirtype &= ~aDIR; */
1279 if (status_len == 0) {
1280 SMB_STRUCT_STAT sbuf;
1282 nt_status = unix_convert(ctx, conn, path, True,
1283 &directory, NULL, &sbuf);
1284 if (!NT_STATUS_IS_OK(nt_status)) {
1285 reply_nterror(req, nt_status);
1286 END_PROFILE(SMBsearch);
1290 nt_status = check_name(conn, directory);
1291 if (!NT_STATUS_IS_OK(nt_status)) {
1292 reply_nterror(req, nt_status);
1293 END_PROFILE(SMBsearch);
1297 p = strrchr_m(directory,'/');
1300 directory = talloc_strdup(ctx,".");
1302 reply_nterror(req, NT_STATUS_NO_MEMORY);
1303 END_PROFILE(SMBsearch);
1311 if (*directory == '\0') {
1312 directory = talloc_strdup(ctx,".");
1314 reply_nterror(req, NT_STATUS_NO_MEMORY);
1315 END_PROFILE(SMBsearch);
1319 memset((char *)status,'\0',21);
1320 SCVAL(status,0,(dirtype & 0x1F));
1322 nt_status = dptr_create(conn,
1328 mask_contains_wcard,
1331 if (!NT_STATUS_IS_OK(nt_status)) {
1332 reply_nterror(req, nt_status);
1333 END_PROFILE(SMBsearch);
1336 dptr_num = dptr_dnum(conn->dirptr);
1340 memcpy(status,p,21);
1341 status_dirtype = CVAL(status,0) & 0x1F;
1342 if (status_dirtype != (dirtype & 0x1F)) {
1343 dirtype = status_dirtype;
1346 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1347 if (!conn->dirptr) {
1350 string_set(&conn->dirpath,dptr_path(dptr_num));
1351 mask = dptr_wcard(dptr_num);
1356 * For a 'continue' search we have no string. So
1357 * check from the initial saved string.
1359 mask_contains_wcard = ms_has_wild(mask);
1360 dirtype = dptr_attr(dptr_num);
1363 DEBUG(4,("dptr_num is %d\n",dptr_num));
1365 if ((dirtype&0x1F) == aVOLID) {
1366 char buf[DIR_STRUCT_SIZE];
1367 memcpy(buf,status,21);
1368 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1369 0,aVOLID,0,!allow_long_path_components)) {
1370 reply_nterror(req, NT_STATUS_NO_MEMORY);
1371 END_PROFILE(SMBsearch);
1374 dptr_fill(buf+12,dptr_num);
1375 if (dptr_zero(buf+12) && (status_len==0)) {
1380 if (message_push_blob(&req->outbuf,
1381 data_blob_const(buf, sizeof(buf)))
1383 reply_nterror(req, NT_STATUS_NO_MEMORY);
1384 END_PROFILE(SMBsearch);
1392 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1395 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1396 conn->dirpath,lp_dontdescend(SNUM(conn))));
1397 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1398 check_descend = True;
1401 for (i=numentries;(i<maxentries) && !finished;i++) {
1402 finished = !get_dir_entry(ctx,conn,mask,dirtype,&fname,
1403 &size,&mode,&date,check_descend);
1405 char buf[DIR_STRUCT_SIZE];
1406 memcpy(buf,status,21);
1407 if (!make_dir_struct(ctx,
1414 !allow_long_path_components)) {
1415 reply_nterror(req, NT_STATUS_NO_MEMORY);
1416 END_PROFILE(SMBsearch);
1419 if (!dptr_fill(buf+12,dptr_num)) {
1422 if (message_push_blob(&req->outbuf,
1423 data_blob_const(buf, sizeof(buf)))
1425 reply_nterror(req, NT_STATUS_NO_MEMORY);
1426 END_PROFILE(SMBsearch);
1436 /* If we were called as SMBffirst with smb_search_id == NULL
1437 and no entries were found then return error and close dirptr
1440 if (numentries == 0) {
1441 dptr_close(&dptr_num);
1442 } else if(expect_close && status_len == 0) {
1443 /* Close the dptr - we know it's gone */
1444 dptr_close(&dptr_num);
1447 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1448 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1449 dptr_close(&dptr_num);
1452 if ((numentries == 0) && !mask_contains_wcard) {
1453 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1454 END_PROFILE(SMBsearch);
1458 SSVAL(req->outbuf,smb_vwv0,numentries);
1459 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1460 SCVAL(smb_buf(req->outbuf),0,5);
1461 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1463 /* The replies here are never long name. */
1464 SSVAL(req->outbuf, smb_flg2,
1465 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1466 if (!allow_long_path_components) {
1467 SSVAL(req->outbuf, smb_flg2,
1468 SVAL(req->outbuf, smb_flg2)
1469 & (~FLAGS2_LONG_PATH_COMPONENTS));
1472 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1473 SSVAL(req->outbuf, smb_flg2,
1474 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1477 directory = dptr_path(dptr_num);
1480 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1481 smb_fn_name(CVAL(req->inbuf,smb_com)),
1483 directory ? directory : "./",
1488 END_PROFILE(SMBsearch);
1492 /****************************************************************************
1493 Reply to a fclose (stop directory search).
1494 ****************************************************************************/
1496 void reply_fclose(connection_struct *conn, struct smb_request *req)
1504 bool path_contains_wcard = False;
1505 TALLOC_CTX *ctx = talloc_tos();
1507 START_PROFILE(SMBfclose);
1509 if (lp_posix_pathnames()) {
1510 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1511 END_PROFILE(SMBfclose);
1515 p = smb_buf(req->inbuf) + 1;
1516 p += srvstr_get_path_wcard(ctx,
1524 &path_contains_wcard);
1525 if (!NT_STATUS_IS_OK(err)) {
1526 reply_nterror(req, err);
1527 END_PROFILE(SMBfclose);
1531 status_len = SVAL(p,0);
1534 if (status_len == 0) {
1535 reply_doserror(req, ERRSRV, ERRsrverror);
1536 END_PROFILE(SMBfclose);
1540 memcpy(status,p,21);
1542 if(dptr_fetch(status+12,&dptr_num)) {
1543 /* Close the dptr - we know it's gone */
1544 dptr_close(&dptr_num);
1547 reply_outbuf(req, 1, 0);
1548 SSVAL(req->outbuf,smb_vwv0,0);
1550 DEBUG(3,("search close\n"));
1552 END_PROFILE(SMBfclose);
1556 /****************************************************************************
1558 ****************************************************************************/
1560 void reply_open(connection_struct *conn, struct smb_request *req)
1567 SMB_STRUCT_STAT sbuf;
1574 uint32 create_disposition;
1575 uint32 create_options = 0;
1577 TALLOC_CTX *ctx = talloc_tos();
1579 START_PROFILE(SMBopen);
1582 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1583 END_PROFILE(SMBopen);
1587 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1588 deny_mode = SVAL(req->inbuf,smb_vwv0);
1589 dos_attr = SVAL(req->inbuf,smb_vwv1);
1591 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1592 smb_buf(req->inbuf)+1, 0,
1593 STR_TERMINATE, &status);
1594 if (!NT_STATUS_IS_OK(status)) {
1595 reply_nterror(req, status);
1596 END_PROFILE(SMBopen);
1600 if (!map_open_params_to_ntcreate(
1601 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1602 &share_mode, &create_disposition, &create_options)) {
1603 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1604 END_PROFILE(SMBopen);
1608 status = create_file(conn, /* conn */
1610 0, /* root_dir_fid */
1612 access_mask, /* access_mask */
1613 share_mode, /* share_access */
1614 create_disposition, /* create_disposition*/
1615 create_options, /* create_options */
1616 dos_attr, /* file_attributes */
1617 oplock_request, /* oplock_request */
1618 0, /* allocation_size */
1625 if (!NT_STATUS_IS_OK(status)) {
1626 if (open_was_deferred(req->mid)) {
1627 /* We have re-scheduled this call. */
1628 END_PROFILE(SMBopen);
1631 reply_openerror(req, status);
1632 END_PROFILE(SMBopen);
1636 size = sbuf.st_size;
1637 fattr = dos_mode(conn,fname,&sbuf);
1638 mtime = sbuf.st_mtime;
1641 DEBUG(3,("attempt to open a directory %s\n",fname));
1642 close_file(fsp,ERROR_CLOSE);
1643 reply_doserror(req, ERRDOS,ERRnoaccess);
1644 END_PROFILE(SMBopen);
1648 reply_outbuf(req, 7, 0);
1649 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1650 SSVAL(req->outbuf,smb_vwv1,fattr);
1651 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1652 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1654 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1656 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1657 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1659 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1660 SCVAL(req->outbuf,smb_flg,
1661 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1664 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1665 SCVAL(req->outbuf,smb_flg,
1666 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1668 END_PROFILE(SMBopen);
1672 /****************************************************************************
1673 Reply to an open and X.
1674 ****************************************************************************/
1676 void reply_open_and_X(connection_struct *conn, struct smb_request *req)
1682 /* Breakout the oplock request bits so we can set the
1683 reply bits separately. */
1684 int ex_oplock_request;
1685 int core_oplock_request;
1688 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1689 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1694 SMB_STRUCT_STAT sbuf;
1698 SMB_BIG_UINT allocation_size;
1699 ssize_t retval = -1;
1702 uint32 create_disposition;
1703 uint32 create_options = 0;
1704 TALLOC_CTX *ctx = talloc_tos();
1706 START_PROFILE(SMBopenX);
1708 if (req->wct < 15) {
1709 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1710 END_PROFILE(SMBopenX);
1714 open_flags = SVAL(req->inbuf,smb_vwv2);
1715 deny_mode = SVAL(req->inbuf,smb_vwv3);
1716 smb_attr = SVAL(req->inbuf,smb_vwv5);
1717 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1718 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1719 oplock_request = ex_oplock_request | core_oplock_request;
1720 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1721 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1723 /* If it's an IPC, pass off the pipe handler. */
1725 if (lp_nt_pipe_support()) {
1726 reply_open_pipe_and_X(conn, req);
1728 reply_doserror(req, ERRSRV, ERRaccess);
1730 END_PROFILE(SMBopenX);
1734 /* XXXX we need to handle passed times, sattr and flags */
1735 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1736 smb_buf(req->inbuf), 0, STR_TERMINATE,
1738 if (!NT_STATUS_IS_OK(status)) {
1739 reply_nterror(req, status);
1740 END_PROFILE(SMBopenX);
1744 if (!map_open_params_to_ntcreate(
1745 fname, deny_mode, smb_ofun, &access_mask,
1746 &share_mode, &create_disposition, &create_options)) {
1747 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1748 END_PROFILE(SMBopenX);
1752 status = create_file(conn, /* conn */
1754 0, /* root_dir_fid */
1756 access_mask, /* access_mask */
1757 share_mode, /* share_access */
1758 create_disposition, /* create_disposition*/
1759 create_options, /* create_options */
1760 smb_attr, /* file_attributes */
1761 oplock_request, /* oplock_request */
1762 0, /* allocation_size */
1766 &smb_action, /* pinfo */
1769 if (!NT_STATUS_IS_OK(status)) {
1770 END_PROFILE(SMBopenX);
1771 if (open_was_deferred(req->mid)) {
1772 /* We have re-scheduled this call. */
1775 reply_openerror(req, status);
1779 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1780 if the file is truncated or created. */
1781 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1782 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1783 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1784 close_file(fsp,ERROR_CLOSE);
1785 reply_nterror(req, NT_STATUS_DISK_FULL);
1786 END_PROFILE(SMBopenX);
1789 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1791 close_file(fsp,ERROR_CLOSE);
1792 reply_nterror(req, NT_STATUS_DISK_FULL);
1793 END_PROFILE(SMBopenX);
1796 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1799 fattr = dos_mode(conn,fname,&sbuf);
1800 mtime = sbuf.st_mtime;
1802 close_file(fsp,ERROR_CLOSE);
1803 reply_doserror(req, ERRDOS, ERRnoaccess);
1804 END_PROFILE(SMBopenX);
1808 /* If the caller set the extended oplock request bit
1809 and we granted one (by whatever means) - set the
1810 correct bit for extended oplock reply.
1813 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1814 smb_action |= EXTENDED_OPLOCK_GRANTED;
1817 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1818 smb_action |= EXTENDED_OPLOCK_GRANTED;
1821 /* If the caller set the core oplock request bit
1822 and we granted one (by whatever means) - set the
1823 correct bit for core oplock reply.
1826 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1827 reply_outbuf(req, 19, 0);
1829 reply_outbuf(req, 15, 0);
1832 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1833 SCVAL(req->outbuf, smb_flg,
1834 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1837 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1838 SCVAL(req->outbuf, smb_flg,
1839 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1842 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1843 SSVAL(req->outbuf,smb_vwv3,fattr);
1844 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1845 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1847 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1849 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1850 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1851 SSVAL(req->outbuf,smb_vwv11,smb_action);
1853 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1854 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1857 END_PROFILE(SMBopenX);
1862 /****************************************************************************
1863 Reply to a SMBulogoffX.
1864 conn POINTER CAN BE NULL HERE !
1865 ****************************************************************************/
1867 void reply_ulogoffX(connection_struct *conn, struct smb_request *req)
1871 START_PROFILE(SMBulogoffX);
1873 vuser = get_valid_user_struct(req->vuid);
1876 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1880 /* in user level security we are supposed to close any files
1881 open by this user */
1882 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1883 file_close_user(req->vuid);
1886 invalidate_vuid(req->vuid);
1888 reply_outbuf(req, 2, 0);
1890 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1892 END_PROFILE(SMBulogoffX);
1896 /****************************************************************************
1897 Reply to a mknew or a create.
1898 ****************************************************************************/
1900 void reply_mknew(connection_struct *conn, struct smb_request *req)
1905 struct timespec ts[2];
1907 int oplock_request = 0;
1908 SMB_STRUCT_STAT sbuf;
1910 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1911 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1912 uint32 create_disposition;
1913 uint32 create_options = 0;
1914 TALLOC_CTX *ctx = talloc_tos();
1916 START_PROFILE(SMBcreate);
1919 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1920 END_PROFILE(SMBcreate);
1924 fattr = SVAL(req->inbuf,smb_vwv0);
1925 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1926 com = SVAL(req->inbuf,smb_com);
1928 ts[1] =convert_time_t_to_timespec(
1929 srv_make_unix_date3(req->inbuf + smb_vwv1));
1932 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1933 smb_buf(req->inbuf) + 1, 0,
1934 STR_TERMINATE, &status);
1935 if (!NT_STATUS_IS_OK(status)) {
1936 reply_nterror(req, status);
1937 END_PROFILE(SMBcreate);
1941 if (fattr & aVOLID) {
1942 DEBUG(0,("Attempt to create file (%s) with volid set - "
1943 "please report this\n", fname));
1946 if(com == SMBmknew) {
1947 /* We should fail if file exists. */
1948 create_disposition = FILE_CREATE;
1950 /* Create if file doesn't exist, truncate if it does. */
1951 create_disposition = FILE_OVERWRITE_IF;
1954 status = create_file(conn, /* conn */
1956 0, /* root_dir_fid */
1958 access_mask, /* access_mask */
1959 share_mode, /* share_access */
1960 create_disposition, /* create_disposition*/
1961 create_options, /* create_options */
1962 fattr, /* file_attributes */
1963 oplock_request, /* oplock_request */
1964 0, /* allocation_size */
1971 if (!NT_STATUS_IS_OK(status)) {
1972 END_PROFILE(SMBcreate);
1973 if (open_was_deferred(req->mid)) {
1974 /* We have re-scheduled this call. */
1977 reply_openerror(req, status);
1981 ts[0] = get_atimespec(&sbuf); /* atime. */
1982 file_ntimes(conn, fname, ts);
1984 reply_outbuf(req, 1, 0);
1985 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1987 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1988 SCVAL(req->outbuf,smb_flg,
1989 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1992 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1993 SCVAL(req->outbuf,smb_flg,
1994 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1997 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1998 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
1999 fname, fsp->fh->fd, (unsigned int)fattr ) );
2001 END_PROFILE(SMBcreate);
2005 /****************************************************************************
2006 Reply to a create temporary file.
2007 ****************************************************************************/
2009 void reply_ctemp(connection_struct *conn, struct smb_request *req)
2016 SMB_STRUCT_STAT sbuf;
2019 TALLOC_CTX *ctx = talloc_tos();
2021 START_PROFILE(SMBctemp);
2024 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2025 END_PROFILE(SMBctemp);
2029 fattr = SVAL(req->inbuf,smb_vwv0);
2030 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2032 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2033 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2035 if (!NT_STATUS_IS_OK(status)) {
2036 reply_nterror(req, status);
2037 END_PROFILE(SMBctemp);
2041 fname = talloc_asprintf(ctx,
2045 fname = talloc_strdup(ctx, "TMXXXXXX");
2049 reply_nterror(req, NT_STATUS_NO_MEMORY);
2050 END_PROFILE(SMBctemp);
2054 status = resolve_dfspath(ctx, conn,
2055 req->flags2 & FLAGS2_DFS_PATHNAMES,
2058 if (!NT_STATUS_IS_OK(status)) {
2059 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2060 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2061 ERRSRV, ERRbadpath);
2062 END_PROFILE(SMBctemp);
2065 reply_nterror(req, status);
2066 END_PROFILE(SMBctemp);
2070 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2071 if (!NT_STATUS_IS_OK(status)) {
2072 reply_nterror(req, status);
2073 END_PROFILE(SMBctemp);
2077 status = check_name(conn, CONST_DISCARD(char *,fname));
2078 if (!NT_STATUS_IS_OK(status)) {
2079 reply_nterror(req, status);
2080 END_PROFILE(SMBctemp);
2084 tmpfd = smb_mkstemp(fname);
2086 reply_unixerror(req, ERRDOS, ERRnoaccess);
2087 END_PROFILE(SMBctemp);
2091 SMB_VFS_STAT(conn,fname,&sbuf);
2093 /* We should fail if file does not exist. */
2094 status = open_file_ntcreate(conn, req, fname, &sbuf,
2095 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2096 FILE_SHARE_READ|FILE_SHARE_WRITE,
2103 /* close fd from smb_mkstemp() */
2106 if (!NT_STATUS_IS_OK(status)) {
2107 if (open_was_deferred(req->mid)) {
2108 /* We have re-scheduled this call. */
2109 END_PROFILE(SMBctemp);
2112 reply_openerror(req, status);
2113 END_PROFILE(SMBctemp);
2117 reply_outbuf(req, 1, 0);
2118 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2120 /* the returned filename is relative to the directory */
2121 s = strrchr_m(fname, '/');
2129 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2130 thing in the byte section. JRA */
2131 SSVALS(p, 0, -1); /* what is this? not in spec */
2133 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2135 reply_nterror(req, NT_STATUS_NO_MEMORY);
2136 END_PROFILE(SMBctemp);
2140 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2141 SCVAL(req->outbuf, smb_flg,
2142 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2145 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2146 SCVAL(req->outbuf, smb_flg,
2147 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2150 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2151 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2152 (unsigned int)sbuf.st_mode ) );
2154 END_PROFILE(SMBctemp);
2158 /*******************************************************************
2159 Check if a user is allowed to rename a file.
2160 ********************************************************************/
2162 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2163 uint16 dirtype, SMB_STRUCT_STAT *pst)
2167 if (!CAN_WRITE(conn)) {
2168 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2171 fmode = dos_mode(conn, fsp->fsp_name, pst);
2172 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2173 return NT_STATUS_NO_SUCH_FILE;
2176 if (S_ISDIR(pst->st_mode)) {
2177 return NT_STATUS_OK;
2180 if (fsp->access_mask & DELETE_ACCESS) {
2181 return NT_STATUS_OK;
2184 return NT_STATUS_ACCESS_DENIED;
2187 /*******************************************************************
2188 * unlink a file with all relevant access checks
2189 *******************************************************************/
2191 static NTSTATUS do_unlink(connection_struct *conn,
2192 struct smb_request *req,
2196 SMB_STRUCT_STAT sbuf;
2199 uint32 dirtype_orig = dirtype;
2202 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2204 if (!CAN_WRITE(conn)) {
2205 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2208 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2209 return map_nt_error_from_unix(errno);
2212 fattr = dos_mode(conn,fname,&sbuf);
2214 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2215 dirtype = aDIR|aARCH|aRONLY;
2218 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2220 return NT_STATUS_NO_SUCH_FILE;
2223 if (!dir_check_ftype(conn, fattr, dirtype)) {
2225 return NT_STATUS_FILE_IS_A_DIRECTORY;
2227 return NT_STATUS_NO_SUCH_FILE;
2230 if (dirtype_orig & 0x8000) {
2231 /* These will never be set for POSIX. */
2232 return NT_STATUS_NO_SUCH_FILE;
2236 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2237 return NT_STATUS_FILE_IS_A_DIRECTORY;
2240 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2241 return NT_STATUS_NO_SUCH_FILE;
2244 if (dirtype & 0xFF00) {
2245 /* These will never be set for POSIX. */
2246 return NT_STATUS_NO_SUCH_FILE;
2251 return NT_STATUS_NO_SUCH_FILE;
2254 /* Can't delete a directory. */
2256 return NT_STATUS_FILE_IS_A_DIRECTORY;
2261 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2262 return NT_STATUS_OBJECT_NAME_INVALID;
2263 #endif /* JRATEST */
2265 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2267 On a Windows share, a file with read-only dosmode can be opened with
2268 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2269 fails with NT_STATUS_CANNOT_DELETE error.
2271 This semantic causes a problem that a user can not
2272 rename a file with read-only dosmode on a Samba share
2273 from a Windows command prompt (i.e. cmd.exe, but can rename
2274 from Windows Explorer).
2277 if (!lp_delete_readonly(SNUM(conn))) {
2278 if (fattr & aRONLY) {
2279 return NT_STATUS_CANNOT_DELETE;
2283 /* On open checks the open itself will check the share mode, so
2284 don't do it here as we'll get it wrong. */
2286 status = open_file_ntcreate(conn, req, fname, &sbuf,
2291 FILE_ATTRIBUTE_NORMAL,
2292 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2295 if (!NT_STATUS_IS_OK(status)) {
2296 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2297 nt_errstr(status)));
2301 /* The set is across all open files on this dev/inode pair. */
2302 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2303 close_file(fsp, NORMAL_CLOSE);
2304 return NT_STATUS_ACCESS_DENIED;
2307 return close_file(fsp,NORMAL_CLOSE);
2310 /****************************************************************************
2311 The guts of the unlink command, split out so it may be called by the NT SMB
2313 ****************************************************************************/
2315 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2316 uint32 dirtype, const char *name_in, bool has_wild)
2318 const char *directory = NULL;
2323 NTSTATUS status = NT_STATUS_OK;
2324 SMB_STRUCT_STAT sbuf;
2325 TALLOC_CTX *ctx = talloc_tos();
2327 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2328 if (!NT_STATUS_IS_OK(status)) {
2332 p = strrchr_m(name,'/');
2334 directory = talloc_strdup(ctx, ".");
2336 return NT_STATUS_NO_MEMORY;
2346 * We should only check the mangled cache
2347 * here if unix_convert failed. This means
2348 * that the path in 'mask' doesn't exist
2349 * on the file system and so we need to look
2350 * for a possible mangle. This patch from
2351 * Tine Smukavec <valentin.smukavec@hermes.si>.
2354 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2355 char *new_mask = NULL;
2356 mangle_lookup_name_from_8_3(ctx,
2366 directory = talloc_asprintf(ctx,
2371 return NT_STATUS_NO_MEMORY;
2374 dirtype = FILE_ATTRIBUTE_NORMAL;
2377 status = check_name(conn, directory);
2378 if (!NT_STATUS_IS_OK(status)) {
2382 status = do_unlink(conn, req, directory, dirtype);
2383 if (!NT_STATUS_IS_OK(status)) {
2389 struct smb_Dir *dir_hnd = NULL;
2393 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2394 return NT_STATUS_OBJECT_NAME_INVALID;
2397 if (strequal(mask,"????????.???")) {
2402 status = check_name(conn, directory);
2403 if (!NT_STATUS_IS_OK(status)) {
2407 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2408 if (dir_hnd == NULL) {
2409 return map_nt_error_from_unix(errno);
2412 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2413 the pattern matches against the long name, otherwise the short name
2414 We don't implement this yet XXXX
2417 status = NT_STATUS_NO_SUCH_FILE;
2419 while ((dname = ReadDirName(dir_hnd, &offset))) {
2423 if (!is_visible_file(conn, directory, dname, &st, True)) {
2427 /* Quick check for "." and ".." */
2428 if (ISDOT(dname) || ISDOTDOT(dname)) {
2432 if(!mask_match(dname, mask, conn->case_sensitive)) {
2436 fname = talloc_asprintf(ctx, "%s/%s",
2440 return NT_STATUS_NO_MEMORY;
2443 status = check_name(conn, fname);
2444 if (!NT_STATUS_IS_OK(status)) {
2449 status = do_unlink(conn, req, fname, dirtype);
2450 if (!NT_STATUS_IS_OK(status)) {
2456 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2464 if (count == 0 && NT_STATUS_IS_OK(status)) {
2465 status = map_nt_error_from_unix(errno);
2471 /****************************************************************************
2473 ****************************************************************************/
2475 void reply_unlink(connection_struct *conn, struct smb_request *req)
2480 bool path_contains_wcard = False;
2481 TALLOC_CTX *ctx = talloc_tos();
2483 START_PROFILE(SMBunlink);
2486 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2487 END_PROFILE(SMBunlink);
2491 dirtype = SVAL(req->inbuf,smb_vwv0);
2493 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2494 smb_buf(req->inbuf) + 1, 0,
2495 STR_TERMINATE, &status, &path_contains_wcard);
2496 if (!NT_STATUS_IS_OK(status)) {
2497 reply_nterror(req, status);
2498 END_PROFILE(SMBunlink);
2502 status = resolve_dfspath_wcard(ctx, conn,
2503 req->flags2 & FLAGS2_DFS_PATHNAMES,
2506 &path_contains_wcard);
2507 if (!NT_STATUS_IS_OK(status)) {
2508 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2509 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2510 ERRSRV, ERRbadpath);
2511 END_PROFILE(SMBunlink);
2514 reply_nterror(req, status);
2515 END_PROFILE(SMBunlink);
2519 DEBUG(3,("reply_unlink : %s\n",name));
2521 status = unlink_internals(conn, req, dirtype, name,
2522 path_contains_wcard);
2523 if (!NT_STATUS_IS_OK(status)) {
2524 if (open_was_deferred(req->mid)) {
2525 /* We have re-scheduled this call. */
2526 END_PROFILE(SMBunlink);
2529 reply_nterror(req, status);
2530 END_PROFILE(SMBunlink);
2534 reply_outbuf(req, 0, 0);
2535 END_PROFILE(SMBunlink);
2540 /****************************************************************************
2542 ****************************************************************************/
2544 static void fail_readraw(void)
2546 const char *errstr = talloc_asprintf(talloc_tos(),
2547 "FAIL ! reply_readbraw: socket write fail (%s)",
2552 exit_server_cleanly(errstr);
2555 /****************************************************************************
2556 Fake (read/write) sendfile. Returns -1 on read or write fail.
2557 ****************************************************************************/
2559 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2563 size_t tosend = nread;
2570 bufsize = MIN(nread, 65536);
2572 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2576 while (tosend > 0) {
2580 if (tosend > bufsize) {
2585 ret = read_file(fsp,buf,startpos,cur_read);
2591 /* If we had a short read, fill with zeros. */
2592 if (ret < cur_read) {
2593 memset(buf, '\0', cur_read - ret);
2596 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2601 startpos += cur_read;
2605 return (ssize_t)nread;
2608 /****************************************************************************
2609 Return a readbraw error (4 bytes of zero).
2610 ****************************************************************************/
2612 static void reply_readbraw_error(void)
2616 if (write_data(smbd_server_fd(),header,4) != 4) {
2621 /****************************************************************************
2622 Use sendfile in readbraw.
2623 ****************************************************************************/
2625 void send_file_readbraw(connection_struct *conn,
2631 char *outbuf = NULL;
2634 #if defined(WITH_SENDFILE)
2636 * We can only use sendfile on a non-chained packet
2637 * but we can use on a non-oplocked file. tridge proved this
2638 * on a train in Germany :-). JRA.
2639 * reply_readbraw has already checked the length.
2642 if ( (chain_size == 0) && (nread > 0) &&
2643 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2645 DATA_BLOB header_blob;
2647 _smb_setlen(header,nread);
2648 header_blob = data_blob_const(header, 4);
2650 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd,
2651 &header_blob, startpos, nread) == -1) {
2652 /* Returning ENOSYS means no data at all was sent.
2653 * Do this as a normal read. */
2654 if (errno == ENOSYS) {
2655 goto normal_readbraw;
2659 * Special hack for broken Linux with no working sendfile. If we
2660 * return EINTR we sent the header but not the rest of the data.
2661 * Fake this up by doing read/write calls.
2663 if (errno == EINTR) {
2664 /* Ensure we don't do this again. */
2665 set_use_sendfile(SNUM(conn), False);
2666 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2668 if (fake_sendfile(fsp, startpos, nread) == -1) {
2669 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2670 fsp->fsp_name, strerror(errno) ));
2671 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2676 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2677 fsp->fsp_name, strerror(errno) ));
2678 exit_server_cleanly("send_file_readbraw sendfile failed");
2687 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2689 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2690 (unsigned)(nread+4)));
2691 reply_readbraw_error();
2696 ret = read_file(fsp,outbuf+4,startpos,nread);
2697 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2706 _smb_setlen(outbuf,ret);
2707 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2710 TALLOC_FREE(outbuf);
2713 /****************************************************************************
2714 Reply to a readbraw (core+ protocol).
2715 ****************************************************************************/
2717 void reply_readbraw(connection_struct *conn, struct smb_request *req)
2719 ssize_t maxcount,mincount;
2726 START_PROFILE(SMBreadbraw);
2728 if (srv_is_signing_active() || srv_encryption_on()) {
2729 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2730 "raw reads/writes are disallowed.");
2734 reply_readbraw_error();
2735 END_PROFILE(SMBreadbraw);
2740 * Special check if an oplock break has been issued
2741 * and the readraw request croses on the wire, we must
2742 * return a zero length response here.
2745 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2748 * We have to do a check_fsp by hand here, as
2749 * we must always return 4 zero bytes on error,
2753 if (!fsp || !conn || conn != fsp->conn ||
2754 current_user.vuid != fsp->vuid ||
2755 fsp->is_directory || fsp->fh->fd == -1) {
2757 * fsp could be NULL here so use the value from the packet. JRA.
2759 DEBUG(3,("reply_readbraw: fnum %d not valid "
2761 (int)SVAL(req->inbuf,smb_vwv0)));
2762 reply_readbraw_error();
2763 END_PROFILE(SMBreadbraw);
2767 /* Do a "by hand" version of CHECK_READ. */
2768 if (!(fsp->can_read ||
2769 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2770 (fsp->access_mask & FILE_EXECUTE)))) {
2771 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2772 (int)SVAL(req->inbuf,smb_vwv0)));
2773 reply_readbraw_error();
2774 END_PROFILE(SMBreadbraw);
2778 flush_write_cache(fsp, READRAW_FLUSH);
2780 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2781 if(req->wct == 10) {
2783 * This is a large offset (64 bit) read.
2785 #ifdef LARGE_SMB_OFF_T
2787 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2789 #else /* !LARGE_SMB_OFF_T */
2792 * Ensure we haven't been sent a >32 bit offset.
2795 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2796 DEBUG(0,("reply_readbraw: large offset "
2797 "(%x << 32) used and we don't support "
2798 "64 bit offsets.\n",
2799 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2800 reply_readbraw_error();
2801 END_PROFILE(SMBreadbraw);
2805 #endif /* LARGE_SMB_OFF_T */
2808 DEBUG(0,("reply_readbraw: negative 64 bit "
2809 "readraw offset (%.0f) !\n",
2810 (double)startpos ));
2811 reply_readbraw_error();
2812 END_PROFILE(SMBreadbraw);
2817 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2818 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2820 /* ensure we don't overrun the packet size */
2821 maxcount = MIN(65535,maxcount);
2823 if (is_locked(fsp,(uint32)req->smbpid,
2824 (SMB_BIG_UINT)maxcount,
2825 (SMB_BIG_UINT)startpos,
2827 reply_readbraw_error();
2828 END_PROFILE(SMBreadbraw);
2832 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2836 if (startpos >= size) {
2839 nread = MIN(maxcount,(size - startpos));
2842 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2843 if (nread < mincount)
2847 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2848 "min=%lu nread=%lu\n",
2849 fsp->fnum, (double)startpos,
2850 (unsigned long)maxcount,
2851 (unsigned long)mincount,
2852 (unsigned long)nread ) );
2854 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2856 DEBUG(5,("reply_readbraw finished\n"));
2857 END_PROFILE(SMBreadbraw);
2861 #define DBGC_CLASS DBGC_LOCKING
2863 /****************************************************************************
2864 Reply to a lockread (core+ protocol).
2865 ****************************************************************************/
2867 void reply_lockread(connection_struct *conn, struct smb_request *req)
2875 struct byte_range_lock *br_lck = NULL;
2878 START_PROFILE(SMBlockread);
2881 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2882 END_PROFILE(SMBlockread);
2886 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2888 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2889 END_PROFILE(SMBlockread);
2893 if (!CHECK_READ(fsp,req->inbuf)) {
2894 reply_doserror(req, ERRDOS, ERRbadaccess);
2895 END_PROFILE(SMBlockread);
2899 release_level_2_oplocks_on_change(fsp);
2901 numtoread = SVAL(req->inbuf,smb_vwv1);
2902 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2904 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2906 reply_outbuf(req, 5, numtoread + 3);
2908 data = smb_buf(req->outbuf) + 3;
2911 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2912 * protocol request that predates the read/write lock concept.
2913 * Thus instead of asking for a read lock here we need to ask
2914 * for a write lock. JRA.
2915 * Note that the requested lock size is unaffected by max_recv.
2918 br_lck = do_lock(smbd_messaging_context(),
2921 (SMB_BIG_UINT)numtoread,
2922 (SMB_BIG_UINT)startpos,
2925 False, /* Non-blocking lock. */
2928 TALLOC_FREE(br_lck);
2930 if (NT_STATUS_V(status)) {
2931 reply_nterror(req, status);
2932 END_PROFILE(SMBlockread);
2937 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2940 if (numtoread > max_recv) {
2941 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2942 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2943 (unsigned int)numtoread, (unsigned int)max_recv ));
2944 numtoread = MIN(numtoread,max_recv);
2946 nread = read_file(fsp,data,startpos,numtoread);
2949 reply_unixerror(req, ERRDOS, ERRnoaccess);
2950 END_PROFILE(SMBlockread);
2954 srv_set_message((const char *)req->inbuf,
2955 (char *)req->outbuf, 5, nread+3, False);
2957 SSVAL(req->outbuf,smb_vwv0,nread);
2958 SSVAL(req->outbuf,smb_vwv5,nread+3);
2959 p = smb_buf(req->outbuf);
2960 SCVAL(p,0,0); /* pad byte. */
2963 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2964 fsp->fnum, (int)numtoread, (int)nread));
2966 END_PROFILE(SMBlockread);
2971 #define DBGC_CLASS DBGC_ALL
2973 /****************************************************************************
2975 ****************************************************************************/
2977 void reply_read(connection_struct *conn, struct smb_request *req)
2986 START_PROFILE(SMBread);
2989 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2990 END_PROFILE(SMBread);
2994 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2996 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2997 END_PROFILE(SMBread);
3001 if (!CHECK_READ(fsp,req->inbuf)) {
3002 reply_doserror(req, ERRDOS, ERRbadaccess);
3003 END_PROFILE(SMBread);
3007 numtoread = SVAL(req->inbuf,smb_vwv1);
3008 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3010 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3013 * The requested read size cannot be greater than max_recv. JRA.
3015 if (numtoread > max_recv) {
3016 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3017 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3018 (unsigned int)numtoread, (unsigned int)max_recv ));
3019 numtoread = MIN(numtoread,max_recv);
3022 reply_outbuf(req, 5, numtoread+3);
3024 data = smb_buf(req->outbuf) + 3;
3026 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3027 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3028 reply_doserror(req, ERRDOS,ERRlock);
3029 END_PROFILE(SMBread);
3034 nread = read_file(fsp,data,startpos,numtoread);
3037 reply_unixerror(req, ERRDOS,ERRnoaccess);
3038 END_PROFILE(SMBread);
3042 srv_set_message((const char *)req->inbuf,
3043 (char *)req->outbuf, 5, nread+3, False);
3045 SSVAL(req->outbuf,smb_vwv0,nread);
3046 SSVAL(req->outbuf,smb_vwv5,nread+3);
3047 SCVAL(smb_buf(req->outbuf),0,1);
3048 SSVAL(smb_buf(req->outbuf),1,nread);
3050 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3051 fsp->fnum, (int)numtoread, (int)nread ) );
3053 END_PROFILE(SMBread);
3057 /****************************************************************************
3059 ****************************************************************************/
3061 static int setup_readX_header(const char *inbuf, char *outbuf, size_t smb_maxcnt)
3066 outsize = srv_set_message(inbuf, outbuf,12,smb_maxcnt,False);
3067 data = smb_buf(outbuf);
3069 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3071 SCVAL(outbuf,smb_vwv0,0xFF);
3072 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3073 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3074 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3075 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3076 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3077 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3078 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3082 /****************************************************************************
3083 Reply to a read and X - possibly using sendfile.
3084 ****************************************************************************/
3086 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3087 files_struct *fsp, SMB_OFF_T startpos,
3090 SMB_STRUCT_STAT sbuf;
3093 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3094 reply_unixerror(req, ERRDOS, ERRnoaccess);
3098 if (startpos > sbuf.st_size) {
3100 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3101 smb_maxcnt = (sbuf.st_size - startpos);
3104 if (smb_maxcnt == 0) {
3108 #if defined(WITH_SENDFILE)
3110 * We can only use sendfile on a non-chained packet
3111 * but we can use on a non-oplocked file. tridge proved this
3112 * on a train in Germany :-). JRA.
3115 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3116 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3117 uint8 headerbuf[smb_size + 12 * 2];
3121 * Set up the packet header before send. We
3122 * assume here the sendfile will work (get the
3123 * correct amount of data).
3126 header = data_blob_const(headerbuf, sizeof(headerbuf));
3128 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3129 setup_readX_header((const char *)req->inbuf,
3130 (char *)headerbuf, smb_maxcnt);
3132 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
3133 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3134 if (errno == ENOSYS) {
3139 * Special hack for broken Linux with no working sendfile. If we
3140 * return EINTR we sent the header but not the rest of the data.
3141 * Fake this up by doing read/write calls.
3144 if (errno == EINTR) {
3145 /* Ensure we don't do this again. */
3146 set_use_sendfile(SNUM(conn), False);
3147 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3148 nread = fake_sendfile(fsp, startpos,
3151 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3152 fsp->fsp_name, strerror(errno) ));
3153 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3155 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3156 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3157 /* No outbuf here means successful sendfile. */
3158 TALLOC_FREE(req->outbuf);
3162 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3163 fsp->fsp_name, strerror(errno) ));
3164 exit_server_cleanly("send_file_readX sendfile failed");
3167 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3168 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3169 /* No outbuf here means successful sendfile. */
3170 TALLOC_FREE(req->outbuf);
3177 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3178 uint8 headerbuf[smb_size + 2*12];
3180 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3181 setup_readX_header((const char *)req->inbuf,
3182 (char *)headerbuf, smb_maxcnt);
3184 /* Send out the header. */
3185 if (write_data(smbd_server_fd(), (char *)headerbuf,
3186 sizeof(headerbuf)) != sizeof(headerbuf)) {
3187 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3188 fsp->fsp_name, strerror(errno) ));
3189 exit_server_cleanly("send_file_readX sendfile failed");
3191 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3193 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3194 fsp->fsp_name, strerror(errno) ));
3195 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3197 TALLOC_FREE(req->outbuf);
3200 reply_outbuf(req, 12, smb_maxcnt);
3202 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3205 reply_unixerror(req, ERRDOS, ERRnoaccess);
3209 setup_readX_header((const char *)req->inbuf,
3210 (char *)req->outbuf, nread);
3212 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3213 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3221 /****************************************************************************
3222 Reply to a read and X.
3223 ****************************************************************************/
3225 void reply_read_and_X(connection_struct *conn, struct smb_request *req)
3230 bool big_readX = False;
3232 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3235 START_PROFILE(SMBreadX);
3237 if ((req->wct != 10) && (req->wct != 12)) {
3238 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3242 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3243 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3244 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3246 /* If it's an IPC, pass off the pipe handler. */
3248 reply_pipe_read_and_X(req);
3249 END_PROFILE(SMBreadX);
3253 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3254 END_PROFILE(SMBreadX);
3258 if (!CHECK_READ(fsp,req->inbuf)) {
3259 reply_doserror(req, ERRDOS,ERRbadaccess);
3260 END_PROFILE(SMBreadX);
3264 if (global_client_caps & CAP_LARGE_READX) {
3265 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3266 smb_maxcnt |= (upper_size<<16);
3267 if (upper_size > 1) {
3268 /* Can't do this on a chained packet. */
3269 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3270 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3271 END_PROFILE(SMBreadX);
3274 /* We currently don't do this on signed or sealed data. */
3275 if (srv_is_signing_active() || srv_encryption_on()) {
3276 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3277 END_PROFILE(SMBreadX);
3280 /* Is there room in the reply for this data ? */
3281 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3283 NT_STATUS_INVALID_PARAMETER);
3284 END_PROFILE(SMBreadX);
3291 if (req->wct == 12) {
3292 #ifdef LARGE_SMB_OFF_T
3294 * This is a large offset (64 bit) read.
3296 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3298 #else /* !LARGE_SMB_OFF_T */
3301 * Ensure we haven't been sent a >32 bit offset.
3304 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3305 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3306 "used and we don't support 64 bit offsets.\n",
3307 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3308 END_PROFILE(SMBreadX);
3309 reply_doserror(req, ERRDOS, ERRbadaccess);
3313 #endif /* LARGE_SMB_OFF_T */
3317 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3318 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3319 END_PROFILE(SMBreadX);
3320 reply_doserror(req, ERRDOS, ERRlock);
3325 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3326 END_PROFILE(SMBreadX);
3330 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3332 END_PROFILE(SMBreadX);
3336 /****************************************************************************
3337 Error replies to writebraw must have smb_wct == 1. Fix this up.
3338 ****************************************************************************/
3340 void error_to_writebrawerr(struct smb_request *req)
3342 uint8 *old_outbuf = req->outbuf;
3344 reply_outbuf(req, 1, 0);
3346 memcpy(req->outbuf, old_outbuf, smb_size);
3347 TALLOC_FREE(old_outbuf);
3350 /****************************************************************************
3351 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3352 ****************************************************************************/
3354 void reply_writebraw(connection_struct *conn, struct smb_request *req)
3359 ssize_t total_written=0;
3360 size_t numtowrite=0;
3368 START_PROFILE(SMBwritebraw);
3371 * If we ever reply with an error, it must have the SMB command
3372 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3375 SCVAL(req->inbuf,smb_com,SMBwritec);
3377 if (srv_is_signing_active()) {
3378 END_PROFILE(SMBwritebraw);
3379 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3380 "raw reads/writes are disallowed.");
3383 if (req->wct < 12) {
3384 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3385 error_to_writebrawerr(req);
3386 END_PROFILE(SMBwritebraw);
3390 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3391 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3392 error_to_writebrawerr(req);
3393 END_PROFILE(SMBwritebraw);
3397 if (!CHECK_WRITE(fsp)) {
3398 reply_doserror(req, ERRDOS, ERRbadaccess);
3399 error_to_writebrawerr(req);
3400 END_PROFILE(SMBwritebraw);
3404 tcount = IVAL(req->inbuf,smb_vwv1);
3405 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3406 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3408 /* We have to deal with slightly different formats depending
3409 on whether we are using the core+ or lanman1.0 protocol */
3411 if(Protocol <= PROTOCOL_COREPLUS) {
3412 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3413 data = smb_buf(req->inbuf);
3415 numtowrite = SVAL(req->inbuf,smb_vwv10);
3416 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3419 /* Ensure we don't write bytes past the end of this packet. */
3420 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3421 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3422 error_to_writebrawerr(req);
3423 END_PROFILE(SMBwritebraw);
3427 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3428 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3429 reply_doserror(req, ERRDOS, ERRlock);
3430 error_to_writebrawerr(req);
3431 END_PROFILE(SMBwritebraw);
3436 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3439 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3440 "wrote=%d sync=%d\n",
3441 fsp->fnum, (double)startpos, (int)numtowrite,
3442 (int)nwritten, (int)write_through));
3444 if (nwritten < (ssize_t)numtowrite) {
3445 reply_unixerror(req, ERRHRD, ERRdiskfull);
3446 error_to_writebrawerr(req);
3447 END_PROFILE(SMBwritebraw);
3451 total_written = nwritten;
3453 /* Allocate a buffer of 64k + length. */
3454 buf = TALLOC_ARRAY(NULL, char, 65540);
3456 reply_doserror(req, ERRDOS, ERRnomem);
3457 error_to_writebrawerr(req);
3458 END_PROFILE(SMBwritebraw);
3462 /* Return a SMBwritebraw message to the redirector to tell
3463 * it to send more bytes */
3465 memcpy(buf, req->inbuf, smb_size);
3466 outsize = srv_set_message((const char *)req->inbuf, buf,
3467 Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3468 SCVAL(buf,smb_com,SMBwritebraw);
3469 SSVALS(buf,smb_vwv0,0xFFFF);
3471 if (!send_smb(smbd_server_fd(),buf)) {
3472 exit_server_cleanly("reply_writebraw: send_smb "
3476 /* Now read the raw data into the buffer and write it */
3477 if (read_smb_length(smbd_server_fd(),buf,
3478 SMB_SECONDARY_WAIT, get_srv_read_error()) == -1) {
3479 exit_server_cleanly("secondary writebraw failed");
3483 * Even though this is not an smb message,
3484 * smb_len returns the generic length of a packet.
3487 numtowrite = smb_len(buf);
3489 /* Set up outbuf to return the correct size */
3490 reply_outbuf(req, 1, 0);
3492 if (numtowrite != 0) {
3494 if (numtowrite > 0xFFFF) {
3495 DEBUG(0,("reply_writebraw: Oversize secondary write "
3496 "raw requested (%u). Terminating\n",
3497 (unsigned int)numtowrite ));
3498 exit_server_cleanly("secondary writebraw failed");
3501 if (tcount > nwritten+numtowrite) {
3502 DEBUG(3,("reply_writebraw: Client overestimated the "
3504 (int)tcount,(int)nwritten,(int)numtowrite));
3507 if (read_data(smbd_server_fd(), buf+4, numtowrite,get_srv_read_error())
3509 DEBUG(0,("reply_writebraw: Oversize secondary write "
3510 "raw read failed (%s). Terminating\n",
3512 exit_server_cleanly("secondary writebraw failed");
3515 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3516 if (nwritten == -1) {
3518 reply_unixerror(req, ERRHRD, ERRdiskfull);
3519 error_to_writebrawerr(req);
3520 END_PROFILE(SMBwritebraw);
3524 if (nwritten < (ssize_t)numtowrite) {
3525 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3526 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3530 total_written += nwritten;
3535 SSVAL(req->outbuf,smb_vwv0,total_written);
3537 status = sync_file(conn, fsp, write_through);
3538 if (!NT_STATUS_IS_OK(status)) {
3539 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3540 fsp->fsp_name, nt_errstr(status) ));
3541 reply_nterror(req, status);
3542 error_to_writebrawerr(req);
3543 END_PROFILE(SMBwritebraw);
3547 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3549 fsp->fnum, (double)startpos, (int)numtowrite,
3550 (int)total_written));
3552 /* We won't return a status if write through is not selected - this
3553 * follows what WfWg does */
3554 END_PROFILE(SMBwritebraw);
3556 if (!write_through && total_written==tcount) {
3558 #if RABBIT_PELLET_FIX
3560 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3561 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3564 if (!send_keepalive(smbd_server_fd())) {
3565 exit_server_cleanly("reply_writebraw: send of "
3566 "keepalive failed");
3569 TALLOC_FREE(req->outbuf);
3575 #define DBGC_CLASS DBGC_LOCKING
3577 /****************************************************************************
3578 Reply to a writeunlock (core+).
3579 ****************************************************************************/
3581 void reply_writeunlock(connection_struct *conn, struct smb_request *req)
3583 ssize_t nwritten = -1;
3587 NTSTATUS status = NT_STATUS_OK;
3590 START_PROFILE(SMBwriteunlock);
3593 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3594 END_PROFILE(SMBwriteunlock);
3598 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3600 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3601 END_PROFILE(SMBwriteunlock);
3605 if (!CHECK_WRITE(fsp)) {
3606 reply_doserror(req, ERRDOS,ERRbadaccess);
3607 END_PROFILE(SMBwriteunlock);
3611 numtowrite = SVAL(req->inbuf,smb_vwv1);
3612 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3613 data = smb_buf(req->inbuf) + 3;
3616 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3617 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3618 reply_doserror(req, ERRDOS, ERRlock);
3619 END_PROFILE(SMBwriteunlock);
3623 /* The special X/Open SMB protocol handling of
3624 zero length writes is *NOT* done for
3626 if(numtowrite == 0) {
3629 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3632 status = sync_file(conn, fsp, False /* write through */);
3633 if (!NT_STATUS_IS_OK(status)) {
3634 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3635 fsp->fsp_name, nt_errstr(status) ));
3636 reply_nterror(req, status);
3637 END_PROFILE(SMBwriteunlock);
3641 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3642 reply_unixerror(req, ERRHRD, ERRdiskfull);
3643 END_PROFILE(SMBwriteunlock);
3648 status = do_unlock(smbd_messaging_context(),
3651 (SMB_BIG_UINT)numtowrite,
3652 (SMB_BIG_UINT)startpos,
3655 if (NT_STATUS_V(status)) {
3656 reply_nterror(req, status);
3657 END_PROFILE(SMBwriteunlock);
3662 reply_outbuf(req, 1, 0);
3664 SSVAL(req->outbuf,smb_vwv0,nwritten);
3666 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3667 fsp->fnum, (int)numtowrite, (int)nwritten));
3669 END_PROFILE(SMBwriteunlock);
3674 #define DBGC_CLASS DBGC_ALL
3676 /****************************************************************************
3678 ****************************************************************************/
3680 void reply_write(connection_struct *conn, struct smb_request *req)
3683 ssize_t nwritten = -1;
3689 START_PROFILE(SMBwrite);
3692 END_PROFILE(SMBwrite);
3693 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3697 /* If it's an IPC, pass off the pipe handler. */
3699 reply_pipe_write(req);
3700 END_PROFILE(SMBwrite);
3704 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3706 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3707 END_PROFILE(SMBwrite);
3711 if (!CHECK_WRITE(fsp)) {
3712 reply_doserror(req, ERRDOS, ERRbadaccess);
3713 END_PROFILE(SMBwrite);
3717 numtowrite = SVAL(req->inbuf,smb_vwv1);
3718 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3719 data = smb_buf(req->inbuf) + 3;
3721 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3722 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3723 reply_doserror(req, ERRDOS, ERRlock);
3724 END_PROFILE(SMBwrite);
3729 * X/Open SMB protocol says that if smb_vwv1 is
3730 * zero then the file size should be extended or
3731 * truncated to the size given in smb_vwv[2-3].
3734 if(numtowrite == 0) {
3736 * This is actually an allocate call, and set EOF. JRA.
3738 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3740 reply_nterror(req, NT_STATUS_DISK_FULL);
3741 END_PROFILE(SMBwrite);
3744 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3746 reply_nterror(req, NT_STATUS_DISK_FULL);
3747 END_PROFILE(SMBwrite);
3751 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3753 status = sync_file(conn, fsp, False);
3754 if (!NT_STATUS_IS_OK(status)) {
3755 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3756 fsp->fsp_name, nt_errstr(status) ));
3757 reply_nterror(req, status);
3758 END_PROFILE(SMBwrite);
3762 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3763 reply_unixerror(req, ERRHRD, ERRdiskfull);
3764 END_PROFILE(SMBwrite);
3768 reply_outbuf(req, 1, 0);
3770 SSVAL(req->outbuf,smb_vwv0,nwritten);
3772 if (nwritten < (ssize_t)numtowrite) {
3773 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3774 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3777 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3779 END_PROFILE(SMBwrite);
3783 /****************************************************************************
3784 Ensure a buffer is a valid writeX for recvfile purposes.
3785 ****************************************************************************/
3787 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3788 (2*14) + /* word count (including bcc) */ \
3791 bool is_valid_writeX_buffer(const char *inbuf)
3794 connection_struct *conn = NULL;
3795 unsigned int doff = 0;
3796 size_t len = smb_len_large(inbuf);
3798 if (srv_encryption_on()) {
3799 /* Can't do this on encrypted
3804 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3808 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3809 CVAL(inbuf,smb_wct) != 14) {
3810 DEBUG(10,("is_valid_writeX_buffer: chained or "
3811 "invalid word length.\n"));
3815 conn = conn_find(SVAL(inbuf, smb_tid));
3817 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3821 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3824 doff = SVAL(inbuf,smb_vwv11);
3826 numtowrite = SVAL(inbuf,smb_vwv10);
3828 if (len > doff && len - doff > 0xFFFF) {
3829 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3832 if (numtowrite == 0) {
3833 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3837 /* Ensure the sizes match up. */
3838 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3839 /* no pad byte...old smbclient :-( */
3840 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3842 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3846 if (len - doff != numtowrite) {
3847 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3848 "len = %u, doff = %u, numtowrite = %u\n",
3851 (unsigned int)numtowrite ));
3855 DEBUG(10,("is_valid_writeX_buffer: true "
3856 "len = %u, doff = %u, numtowrite = %u\n",
3859 (unsigned int)numtowrite ));
3864 /****************************************************************************
3865 Reply to a write and X.
3866 ****************************************************************************/
3868 void reply_write_and_X(connection_struct *conn, struct smb_request *req)
3875 unsigned int smb_doff;
3876 unsigned int smblen;
3880 START_PROFILE(SMBwriteX);
3882 if ((req->wct != 12) && (req->wct != 14)) {
3883 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3884 END_PROFILE(SMBwriteX);
3888 numtowrite = SVAL(req->inbuf,smb_vwv10);
3889 smb_doff = SVAL(req->inbuf,smb_vwv11);
3890 smblen = smb_len(req->inbuf);
3892 if (req->unread_bytes > 0xFFFF ||
3893 (smblen > smb_doff &&
3894 smblen - smb_doff > 0xFFFF)) {
3895 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3898 if (req->unread_bytes) {
3899 /* Can't do a recvfile write on IPC$ */
3901 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3902 END_PROFILE(SMBwriteX);
3905 if (numtowrite != req->unread_bytes) {
3906 reply_doserror(req, ERRDOS, ERRbadmem);
3907 END_PROFILE(SMBwriteX);
3911 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3912 smb_doff + numtowrite > smblen) {
3913 reply_doserror(req, ERRDOS, ERRbadmem);
3914 END_PROFILE(SMBwriteX);
3919 /* If it's an IPC, pass off the pipe handler. */
3921 if (req->unread_bytes) {
3922 reply_doserror(req, ERRDOS, ERRbadmem);
3923 END_PROFILE(SMBwriteX);
3926 reply_pipe_write_and_X(req);
3927 END_PROFILE(SMBwriteX);
3931 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3932 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3933 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3935 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3936 END_PROFILE(SMBwriteX);
3940 if (!CHECK_WRITE(fsp)) {
3941 reply_doserror(req, ERRDOS, ERRbadaccess);
3942 END_PROFILE(SMBwriteX);
3946 data = smb_base(req->inbuf) + smb_doff;
3948 if(req->wct == 14) {
3949 #ifdef LARGE_SMB_OFF_T
3951 * This is a large offset (64 bit) write.
3953 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3955 #else /* !LARGE_SMB_OFF_T */
3958 * Ensure we haven't been sent a >32 bit offset.
3961 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3962 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3963 "used and we don't support 64 bit offsets.\n",
3964 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
3965 reply_doserror(req, ERRDOS, ERRbadaccess);
3966 END_PROFILE(SMBwriteX);
3970 #endif /* LARGE_SMB_OFF_T */
3973 if (is_locked(fsp,(uint32)req->smbpid,
3974 (SMB_BIG_UINT)numtowrite,
3975 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3976 reply_doserror(req, ERRDOS, ERRlock);
3977 END_PROFILE(SMBwriteX);
3981 /* X/Open SMB protocol says that, unlike SMBwrite
3982 if the length is zero then NO truncation is
3983 done, just a write of zero. To truncate a file,
3986 if(numtowrite == 0) {
3990 if (req->unread_bytes == 0 &&
3991 schedule_aio_write_and_X(conn, req, fsp, data,
3992 startpos, numtowrite)) {
3993 END_PROFILE(SMBwriteX);
3997 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4000 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4001 reply_unixerror(req, ERRHRD, ERRdiskfull);
4002 END_PROFILE(SMBwriteX);
4006 reply_outbuf(req, 6, 0);
4007 SSVAL(req->outbuf,smb_vwv2,nwritten);
4008 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4010 if (nwritten < (ssize_t)numtowrite) {
4011 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4012 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4015 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4016 fsp->fnum, (int)numtowrite, (int)nwritten));
4018 status = sync_file(conn, fsp, write_through);
4019 if (!NT_STATUS_IS_OK(status)) {
4020 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4021 fsp->fsp_name, nt_errstr(status) ));
4022 reply_nterror(req, status);
4023 END_PROFILE(SMBwriteX);
4027 END_PROFILE(SMBwriteX);
4032 /****************************************************************************
4034 ****************************************************************************/
4036 void reply_lseek(connection_struct *conn, struct smb_request *req)
4043 START_PROFILE(SMBlseek);
4046 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4047 END_PROFILE(SMBlseek);
4051 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4053 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4057 flush_write_cache(fsp, SEEK_FLUSH);
4059 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4060 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4061 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4070 res = fsp->fh->pos + startpos;
4081 if (umode == SEEK_END) {
4082 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
4083 if(errno == EINVAL) {
4084 SMB_OFF_T current_pos = startpos;
4085 SMB_STRUCT_STAT sbuf;
4087 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
4088 reply_unixerror(req, ERRDOS,
4090 END_PROFILE(SMBlseek);
4094 current_pos += sbuf.st_size;
4096 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
4101 reply_unixerror(req, ERRDOS, ERRnoaccess);
4102 END_PROFILE(SMBlseek);
4109 reply_outbuf(req, 2, 0);
4110 SIVAL(req->outbuf,smb_vwv0,res);
4112 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4113 fsp->fnum, (double)startpos, (double)res, mode));
4115 END_PROFILE(SMBlseek);
4119 /****************************************************************************
4121 ****************************************************************************/
4123 void reply_flush(connection_struct *conn, struct smb_request *req)
4128 START_PROFILE(SMBflush);
4131 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4135 fnum = SVAL(req->inbuf,smb_vwv0);
4136 fsp = file_fsp(fnum);
4138 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
4143 file_sync_all(conn);
4145 NTSTATUS status = sync_file(conn, fsp, True);
4146 if (!NT_STATUS_IS_OK(status)) {
4147 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4148 fsp->fsp_name, nt_errstr(status) ));
4149 reply_nterror(req, status);
4150 END_PROFILE(SMBflush);
4155 reply_outbuf(req, 0, 0);
4157 DEBUG(3,("flush\n"));
4158 END_PROFILE(SMBflush);
4162 /****************************************************************************
4164 conn POINTER CAN BE NULL HERE !
4165 ****************************************************************************/
4167 void reply_exit(connection_struct *conn, struct smb_request *req)
4169 START_PROFILE(SMBexit);
4171 file_close_pid(req->smbpid, req->vuid);
4173 reply_outbuf(req, 0, 0);
4175 DEBUG(3,("exit\n"));
4177 END_PROFILE(SMBexit);
4181 /****************************************************************************
4182 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4183 ****************************************************************************/
4185 void reply_close(connection_struct *conn, struct smb_request *req)
4187 NTSTATUS status = NT_STATUS_OK;
4188 files_struct *fsp = NULL;
4189 START_PROFILE(SMBclose);
4192 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4193 END_PROFILE(SMBclose);
4197 /* If it's an IPC, pass off to the pipe handler. */
4199 reply_pipe_close(conn, req);
4200 END_PROFILE(SMBclose);
4204 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4207 * We can only use CHECK_FSP if we know it's not a directory.
4210 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4211 reply_doserror(req, ERRDOS, ERRbadfid);
4212 END_PROFILE(SMBclose);
4216 if(fsp->is_directory) {
4218 * Special case - close NT SMB directory handle.
4220 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4221 status = close_file(fsp,NORMAL_CLOSE);
4224 * Close ordinary file.
4227 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4228 fsp->fh->fd, fsp->fnum,
4229 conn->num_files_open));
4232 * Take care of any time sent in the close.
4235 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
4236 srv_make_unix_date3(
4237 req->inbuf+smb_vwv1)));
4240 * close_file() returns the unix errno if an error
4241 * was detected on close - normally this is due to
4242 * a disk full error. If not then it was probably an I/O error.
4245 status = close_file(fsp,NORMAL_CLOSE);
4248 if (!NT_STATUS_IS_OK(status)) {
4249 reply_nterror(req, status);
4250 END_PROFILE(SMBclose);
4254 reply_outbuf(req, 0, 0);
4255 END_PROFILE(SMBclose);
4259 /****************************************************************************
4260 Reply to a writeclose (Core+ protocol).
4261 ****************************************************************************/
4263 void reply_writeclose(connection_struct *conn, struct smb_request *req)
4266 ssize_t nwritten = -1;
4267 NTSTATUS close_status = NT_STATUS_OK;
4270 struct timespec mtime;
4273 START_PROFILE(SMBwriteclose);
4276 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4277 END_PROFILE(SMBwriteclose);
4281 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4283 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4284 END_PROFILE(SMBwriteclose);
4287 if (!CHECK_WRITE(fsp)) {
4288 reply_doserror(req, ERRDOS,ERRbadaccess);
4289 END_PROFILE(SMBwriteclose);
4293 numtowrite = SVAL(req->inbuf,smb_vwv1);
4294 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4295 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4296 req->inbuf+smb_vwv4));
4297 data = smb_buf(req->inbuf) + 1;
4300 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4301 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4302 reply_doserror(req, ERRDOS,ERRlock);
4303 END_PROFILE(SMBwriteclose);
4307 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4309 set_filetime(conn, fsp->fsp_name, mtime);
4312 * More insanity. W2K only closes the file if writelen > 0.
4317 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4319 close_status = close_file(fsp,NORMAL_CLOSE);
4322 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4323 fsp->fnum, (int)numtowrite, (int)nwritten,
4324 conn->num_files_open));
4326 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4327 reply_doserror(req, ERRHRD, ERRdiskfull);
4328 END_PROFILE(SMBwriteclose);
4332 if(!NT_STATUS_IS_OK(close_status)) {
4333 reply_nterror(req, close_status);
4334 END_PROFILE(SMBwriteclose);
4338 reply_outbuf(req, 1, 0);
4340 SSVAL(req->outbuf,smb_vwv0,nwritten);
4341 END_PROFILE(SMBwriteclose);
4346 #define DBGC_CLASS DBGC_LOCKING
4348 /****************************************************************************
4350 ****************************************************************************/
4352 void reply_lock(connection_struct *conn, struct smb_request *req)
4354 SMB_BIG_UINT count,offset;
4357 struct byte_range_lock *br_lck = NULL;
4359 START_PROFILE(SMBlock);
4362 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4363 END_PROFILE(SMBlock);
4367 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4369 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4370 END_PROFILE(SMBlock);
4374 release_level_2_oplocks_on_change(fsp);
4376 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4377 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4379 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4380 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4382 br_lck = do_lock(smbd_messaging_context(),
4389 False, /* Non-blocking lock. */
4393 TALLOC_FREE(br_lck);
4395 if (NT_STATUS_V(status)) {
4396 reply_nterror(req, status);
4397 END_PROFILE(SMBlock);
4401 reply_outbuf(req, 0, 0);
4403 END_PROFILE(SMBlock);
4407 /****************************************************************************
4409 ****************************************************************************/
4411 void reply_unlock(connection_struct *conn, struct smb_request *req)
4413 SMB_BIG_UINT count,offset;
4417 START_PROFILE(SMBunlock);
4420 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4421 END_PROFILE(SMBunlock);
4425 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4427 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4428 END_PROFILE(SMBunlock);
4432 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4433 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4435 status = do_unlock(smbd_messaging_context(),
4442 if (NT_STATUS_V(status)) {
4443 reply_nterror(req, status);
4444 END_PROFILE(SMBunlock);
4448 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4449 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4451 reply_outbuf(req, 0, 0);
4453 END_PROFILE(SMBunlock);
4458 #define DBGC_CLASS DBGC_ALL
4460 /****************************************************************************
4462 conn POINTER CAN BE NULL HERE !
4463 ****************************************************************************/
4465 void reply_tdis(connection_struct *conn, struct smb_request *req)
4467 START_PROFILE(SMBtdis);
4470 DEBUG(4,("Invalid connection in tdis\n"));
4471 reply_doserror(req, ERRSRV, ERRinvnid);
4472 END_PROFILE(SMBtdis);
4478 close_cnum(conn,req->vuid);
4480 reply_outbuf(req, 0, 0);
4481 END_PROFILE(SMBtdis);
4485 /****************************************************************************
4487 conn POINTER CAN BE NULL HERE !
4488 ****************************************************************************/
4490 void reply_echo(connection_struct *conn, struct smb_request *req)
4494 unsigned int data_len = smb_buflen(req->inbuf);
4496 START_PROFILE(SMBecho);
4499 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4500 END_PROFILE(SMBecho);
4504 if (data_len > BUFFER_SIZE) {
4505 DEBUG(0,("reply_echo: data_len too large.\n"));
4506 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4507 END_PROFILE(SMBecho);
4511 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4513 reply_outbuf(req, 1, data_len);
4515 /* copy any incoming data back out */
4517 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4520 if (smb_reverb > 100) {
4521 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4525 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4526 SSVAL(req->outbuf,smb_vwv0,seq_num);
4528 show_msg((char *)req->outbuf);
4529 if (!send_smb(smbd_server_fd(),(char *)req->outbuf))
4530 exit_server_cleanly("reply_echo: send_smb failed.");
4533 DEBUG(3,("echo %d times\n", smb_reverb));
4535 TALLOC_FREE(req->outbuf);
4539 END_PROFILE(SMBecho);
4543 /****************************************************************************
4544 Reply to a printopen.
4545 ****************************************************************************/
4547 void reply_printopen(connection_struct *conn, struct smb_request *req)
4552 START_PROFILE(SMBsplopen);
4555 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4556 END_PROFILE(SMBsplopen);
4560 if (!CAN_PRINT(conn)) {
4561 reply_doserror(req, ERRDOS, ERRnoaccess);
4562 END_PROFILE(SMBsplopen);
4566 /* Open for exclusive use, write only. */
4567 status = print_fsp_open(conn, NULL, &fsp);
4569 if (!NT_STATUS_IS_OK(status)) {
4570 reply_nterror(req, status);
4571 END_PROFILE(SMBsplopen);
4575 reply_outbuf(req, 1, 0);
4576 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4578 DEBUG(3,("openprint fd=%d fnum=%d\n",
4579 fsp->fh->fd, fsp->fnum));
4581 END_PROFILE(SMBsplopen);
4585 /****************************************************************************
4586 Reply to a printclose.
4587 ****************************************************************************/
4589 void reply_printclose(connection_struct *conn, struct smb_request *req)
4594 START_PROFILE(SMBsplclose);
4597 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4598 END_PROFILE(SMBsplclose);
4602 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4604 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4605 END_PROFILE(SMBsplclose);
4609 if (!CAN_PRINT(conn)) {
4610 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4611 END_PROFILE(SMBsplclose);
4615 DEBUG(3,("printclose fd=%d fnum=%d\n",
4616 fsp->fh->fd,fsp->fnum));
4618 status = close_file(fsp,NORMAL_CLOSE);
4620 if(!NT_STATUS_IS_OK(status)) {
4621 reply_nterror(req, status);
4622 END_PROFILE(SMBsplclose);
4626 END_PROFILE(SMBsplclose);
4630 /****************************************************************************
4631 Reply to a printqueue.
4632 ****************************************************************************/
4634 void reply_printqueue(connection_struct *conn, struct smb_request *req)
4639 START_PROFILE(SMBsplretq);
4642 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4643 END_PROFILE(SMBsplretq);
4647 max_count = SVAL(req->inbuf,smb_vwv0);
4648 start_index = SVAL(req->inbuf,smb_vwv1);
4650 /* we used to allow the client to get the cnum wrong, but that
4651 is really quite gross and only worked when there was only
4652 one printer - I think we should now only accept it if they
4653 get it right (tridge) */
4654 if (!CAN_PRINT(conn)) {
4655 reply_doserror(req, ERRDOS, ERRnoaccess);
4656 END_PROFILE(SMBsplretq);
4660 reply_outbuf(req, 2, 3);
4661 SSVAL(req->outbuf,smb_vwv0,0);
4662 SSVAL(req->outbuf,smb_vwv1,0);
4663 SCVAL(smb_buf(req->outbuf),0,1);
4664 SSVAL(smb_buf(req->outbuf),1,0);
4666 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4667 start_index, max_count));
4670 print_queue_struct *queue = NULL;
4671 print_status_struct status;
4672 int count = print_queue_status(SNUM(conn), &queue, &status);
4673 int num_to_get = ABS(max_count);
4674 int first = (max_count>0?start_index:start_index+max_count+1);
4680 num_to_get = MIN(num_to_get,count-first);
4683 for (i=first;i<first+num_to_get;i++) {
4687 srv_put_dos_date2(p,0,queue[i].time);
4688 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4689 SSVAL(p,5, queue[i].job);
4690 SIVAL(p,7,queue[i].size);
4692 srvstr_push(blob, req->flags2, p+12,
4693 queue[i].fs_user, 16, STR_ASCII);
4695 if (message_push_blob(
4698 blob, sizeof(blob))) == -1) {
4699 reply_nterror(req, NT_STATUS_NO_MEMORY);
4700 END_PROFILE(SMBsplretq);
4706 SSVAL(req->outbuf,smb_vwv0,count);
4707 SSVAL(req->outbuf,smb_vwv1,
4708 (max_count>0?first+count:first-1));
4709 SCVAL(smb_buf(req->outbuf),0,1);
4710 SSVAL(smb_buf(req->outbuf),1,28*count);
4715 DEBUG(3,("%d entries returned in queue\n",count));
4718 END_PROFILE(SMBsplretq);
4722 /****************************************************************************
4723 Reply to a printwrite.
4724 ****************************************************************************/
4726 void reply_printwrite(connection_struct *conn, struct smb_request *req)
4732 START_PROFILE(SMBsplwr);
4735 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4736 END_PROFILE(SMBsplwr);
4740 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4742 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4743 END_PROFILE(SMBsplwr);
4747 if (!CAN_PRINT(conn)) {
4748 reply_doserror(req, ERRDOS, ERRnoaccess);
4749 END_PROFILE(SMBsplwr);
4753 if (!CHECK_WRITE(fsp)) {
4754 reply_doserror(req, ERRDOS, ERRbadaccess);
4755 END_PROFILE(SMBsplwr);
4759 numtowrite = SVAL(smb_buf(req->inbuf),1);
4761 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4763 END_PROFILE(SMBsplwr);
4767 data = smb_buf(req->inbuf) + 3;
4769 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4770 reply_unixerror(req, ERRHRD, ERRdiskfull);
4771 END_PROFILE(SMBsplwr);
4775 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4777 END_PROFILE(SMBsplwr);
4781 /****************************************************************************
4783 ****************************************************************************/
4785 void reply_mkdir(connection_struct *conn, struct smb_request *req)
4787 char *directory = NULL;
4789 SMB_STRUCT_STAT sbuf;
4790 TALLOC_CTX *ctx = talloc_tos();
4792 START_PROFILE(SMBmkdir);
4794 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4795 smb_buf(req->inbuf) + 1, 0,
4796 STR_TERMINATE, &status);
4797 if (!NT_STATUS_IS_OK(status)) {
4798 reply_nterror(req, status);
4799 END_PROFILE(SMBmkdir);
4803 status = resolve_dfspath(ctx, conn,
4804 req->flags2 & FLAGS2_DFS_PATHNAMES,
4807 if (!NT_STATUS_IS_OK(status)) {
4808 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4809 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4810 ERRSRV, ERRbadpath);
4811 END_PROFILE(SMBmkdir);
4814 reply_nterror(req, status);
4815 END_PROFILE(SMBmkdir);
4819 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4820 if (!NT_STATUS_IS_OK(status)) {
4821 reply_nterror(req, status);
4822 END_PROFILE(SMBmkdir);
4826 status = check_name(conn, directory);
4827 if (!NT_STATUS_IS_OK(status)) {
4828 reply_nterror(req, status);
4829 END_PROFILE(SMBmkdir);
4833 status = create_directory(conn, directory);
4835 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4837 if (!NT_STATUS_IS_OK(status)) {
4839 if (!use_nt_status()
4840 && NT_STATUS_EQUAL(status,
4841 NT_STATUS_OBJECT_NAME_COLLISION)) {
4843 * Yes, in the DOS error code case we get a
4844 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4845 * samba4 torture test.
4847 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4850 reply_nterror(req, status);
4851 END_PROFILE(SMBmkdir);
4855 reply_outbuf(req, 0, 0);
4857 DEBUG( 3, ( "mkdir %s\n", directory ) );
4859 END_PROFILE(SMBmkdir);
4863 /****************************************************************************
4864 Static function used by reply_rmdir to delete an entire directory
4865 tree recursively. Return True on ok, False on fail.
4866 ****************************************************************************/
4868 static bool recursive_rmdir(TALLOC_CTX *ctx,
4869 connection_struct *conn,
4872 const char *dname = NULL;
4875 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4880 while((dname = ReadDirName(dir_hnd, &offset))) {
4881 char *fullname = NULL;
4884 if (ISDOT(dname) || ISDOTDOT(dname)) {
4888 if (!is_visible_file(conn, directory, dname, &st, False)) {
4892 /* Construct the full name. */
4893 fullname = talloc_asprintf(ctx,
4903 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4908 if(st.st_mode & S_IFDIR) {
4909 if(!recursive_rmdir(ctx, conn, fullname)) {
4913 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4917 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4921 TALLOC_FREE(fullname);
4927 /****************************************************************************
4928 The internals of the rmdir code - called elsewhere.
4929 ****************************************************************************/
4931 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4932 connection_struct *conn,
4933 const char *directory)
4938 /* Might be a symlink. */
4939 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4940 return map_nt_error_from_unix(errno);
4943 if (S_ISLNK(st.st_mode)) {
4944 /* Is what it points to a directory ? */
4945 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4946 return map_nt_error_from_unix(errno);
4948 if (!(S_ISDIR(st.st_mode))) {
4949 return NT_STATUS_NOT_A_DIRECTORY;
4951 ret = SMB_VFS_UNLINK(conn,directory);
4953 ret = SMB_VFS_RMDIR(conn,directory);
4956 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4957 FILE_NOTIFY_CHANGE_DIR_NAME,
4959 return NT_STATUS_OK;
4962 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4964 * Check to see if the only thing in this directory are
4965 * vetoed files/directories. If so then delete them and
4966 * retry. If we fail to delete any of them (and we *don't*
4967 * do a recursive delete) then fail the rmdir.
4971 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4973 if(dir_hnd == NULL) {
4978 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4979 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4981 if (!is_visible_file(conn, directory, dname, &st, False))
4983 if(!IS_VETO_PATH(conn, dname)) {
4990 /* We only have veto files/directories. Recursive delete. */
4992 RewindDir(dir_hnd,&dirpos);
4993 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4994 char *fullname = NULL;
4996 if (ISDOT(dname) || ISDOTDOT(dname)) {
4999 if (!is_visible_file(conn, directory, dname, &st, False)) {
5003 fullname = talloc_asprintf(ctx,
5013 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5016 if(st.st_mode & S_IFDIR) {
5017 if(lp_recursive_veto_delete(SNUM(conn))) {
5018 if(!recursive_rmdir(ctx, conn, fullname))
5021 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5024 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5027 TALLOC_FREE(fullname);
5030 /* Retry the rmdir */
5031 ret = SMB_VFS_RMDIR(conn,directory);
5037 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5038 "%s\n", directory,strerror(errno)));
5039 return map_nt_error_from_unix(errno);
5042 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5043 FILE_NOTIFY_CHANGE_DIR_NAME,
5046 return NT_STATUS_OK;
5049 /****************************************************************************
5051 ****************************************************************************/
5053 void reply_rmdir(connection_struct *conn, struct smb_request *req)
5055 char *directory = NULL;
5056 SMB_STRUCT_STAT sbuf;
5058 TALLOC_CTX *ctx = talloc_tos();
5060 START_PROFILE(SMBrmdir);
5062 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5063 smb_buf(req->inbuf) + 1, 0,
5064 STR_TERMINATE, &status);
5065 if (!NT_STATUS_IS_OK(status)) {
5066 reply_nterror(req, status);
5067 END_PROFILE(SMBrmdir);
5071 status = resolve_dfspath(ctx, conn,
5072 req->flags2 & FLAGS2_DFS_PATHNAMES,
5075 if (!NT_STATUS_IS_OK(status)) {
5076 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5077 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5078 ERRSRV, ERRbadpath);
5079 END_PROFILE(SMBrmdir);
5082 reply_nterror(req, status);
5083 END_PROFILE(SMBrmdir);
5087 status = unix_convert(ctx, conn, directory, False, &directory,
5089 if (!NT_STATUS_IS_OK(status)) {
5090 reply_nterror(req, status);
5091 END_PROFILE(SMBrmdir);
5095 status = check_name(conn, directory);
5096 if (!NT_STATUS_IS_OK(status)) {
5097 reply_nterror(req, status);
5098 END_PROFILE(SMBrmdir);
5102 dptr_closepath(directory, req->smbpid);
5103 status = rmdir_internals(ctx, conn, directory);
5104 if (!NT_STATUS_IS_OK(status)) {
5105 reply_nterror(req, status);
5106 END_PROFILE(SMBrmdir);
5110 reply_outbuf(req, 0, 0);
5112 DEBUG( 3, ( "rmdir %s\n", directory ) );
5114 END_PROFILE(SMBrmdir);
5118 /*******************************************************************
5119 Resolve wildcards in a filename rename.
5120 ********************************************************************/
5122 static bool resolve_wildcards(TALLOC_CTX *ctx,
5127 char *name2_copy = NULL;
5132 char *p,*p2, *pname1, *pname2;
5134 name2_copy = talloc_strdup(ctx, name2);
5139 pname1 = strrchr_m(name1,'/');
5140 pname2 = strrchr_m(name2_copy,'/');
5142 if (!pname1 || !pname2) {
5146 /* Truncate the copy of name2 at the last '/' */
5149 /* Now go past the '/' */
5153 root1 = talloc_strdup(ctx, pname1);
5154 root2 = talloc_strdup(ctx, pname2);
5156 if (!root1 || !root2) {
5160 p = strrchr_m(root1,'.');
5163 ext1 = talloc_strdup(ctx, p+1);
5165 ext1 = talloc_strdup(ctx, "");
5167 p = strrchr_m(root2,'.');
5170 ext2 = talloc_strdup(ctx, p+1);
5172 ext2 = talloc_strdup(ctx, "");
5175 if (!ext1 || !ext2) {
5183 /* Hmmm. Should this be mb-aware ? */
5186 } else if (*p2 == '*') {
5188 root2 = talloc_asprintf(ctx, "%s%s",
5207 /* Hmmm. Should this be mb-aware ? */
5210 } else if (*p2 == '*') {
5212 ext2 = talloc_asprintf(ctx, "%s%s",
5228 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5233 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5245 /****************************************************************************
5246 Ensure open files have their names updated. Updated to notify other smbd's
5248 ****************************************************************************/
5250 static void rename_open_files(connection_struct *conn,
5251 struct share_mode_lock *lck,
5252 const char *newname)
5255 bool did_rename = False;
5257 for(fsp = file_find_di_first(lck->id); fsp;
5258 fsp = file_find_di_next(fsp)) {
5259 /* fsp_name is a relative path under the fsp. To change this for other
5260 sharepaths we need to manipulate relative paths. */
5261 /* TODO - create the absolute path and manipulate the newname
5262 relative to the sharepath. */
5263 if (fsp->conn != conn) {
5266 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5267 fsp->fnum, file_id_string_tos(&fsp->file_id),
5268 fsp->fsp_name, newname ));
5269 string_set(&fsp->fsp_name, newname);
5274 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5275 file_id_string_tos(&lck->id), newname ));
5278 /* Send messages to all smbd's (not ourself) that the name has changed. */
5279 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5283 /****************************************************************************
5284 We need to check if the source path is a parent directory of the destination
5285 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5286 refuse the rename with a sharing violation. Under UNIX the above call can
5287 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5288 probably need to check that the client is a Windows one before disallowing
5289 this as a UNIX client (one with UNIX extensions) can know the source is a
5290 symlink and make this decision intelligently. Found by an excellent bug
5291 report from <AndyLiebman@aol.com>.
5292 ****************************************************************************/
5294 static bool rename_path_prefix_equal(const char *src, const char *dest)
5296 const char *psrc = src;
5297 const char *pdst = dest;
5300 if (psrc[0] == '.' && psrc[1] == '/') {
5303 if (pdst[0] == '.' && pdst[1] == '/') {
5306 if ((slen = strlen(psrc)) > strlen(pdst)) {
5309 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5313 * Do the notify calls from a rename
5316 static void notify_rename(connection_struct *conn, bool is_dir,
5317 const char *oldpath, const char *newpath)
5319 char *olddir, *newdir;
5320 const char *oldname, *newname;
5323 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5324 : FILE_NOTIFY_CHANGE_FILE_NAME;
5326 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5327 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5328 TALLOC_FREE(olddir);
5332 if (strcmp(olddir, newdir) == 0) {
5333 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5334 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5337 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5338 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5340 TALLOC_FREE(olddir);
5341 TALLOC_FREE(newdir);
5343 /* this is a strange one. w2k3 gives an additional event for
5344 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5345 files, but not directories */
5347 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5348 FILE_NOTIFY_CHANGE_ATTRIBUTES
5349 |FILE_NOTIFY_CHANGE_CREATION,
5354 /****************************************************************************
5355 Rename an open file - given an fsp.
5356 ****************************************************************************/
5358 NTSTATUS rename_internals_fsp(connection_struct *conn,
5361 const char *newname_last_component,
5363 bool replace_if_exists)
5365 TALLOC_CTX *ctx = talloc_tos();
5366 SMB_STRUCT_STAT sbuf, sbuf1;
5367 NTSTATUS status = NT_STATUS_OK;
5368 struct share_mode_lock *lck = NULL;
5373 status = check_name(conn, newname);
5374 if (!NT_STATUS_IS_OK(status)) {
5378 /* Ensure newname contains a '/' */
5379 if(strrchr_m(newname,'/') == 0) {
5380 newname = talloc_asprintf(ctx,
5384 return NT_STATUS_NO_MEMORY;
5389 * Check for special case with case preserving and not
5390 * case sensitive. If the old last component differs from the original
5391 * last component only by case, then we should allow
5392 * the rename (user is trying to change the case of the
5396 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5397 strequal(newname, fsp->fsp_name)) {
5399 char *newname_modified_last_component = NULL;
5402 * Get the last component of the modified name.
5403 * Note that we guarantee that newname contains a '/'
5406 p = strrchr_m(newname,'/');
5407 newname_modified_last_component = talloc_strdup(ctx,
5409 if (!newname_modified_last_component) {
5410 return NT_STATUS_NO_MEMORY;
5413 if(strcsequal(newname_modified_last_component,
5414 newname_last_component) == False) {
5416 * Replace the modified last component with
5419 *p = '\0'; /* Truncate at the '/' */
5420 newname = talloc_asprintf(ctx,
5423 newname_last_component);
5428 * If the src and dest names are identical - including case,
5429 * don't do the rename, just return success.
5432 if (strcsequal(fsp->fsp_name, newname)) {
5433 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5435 return NT_STATUS_OK;
5439 * Have vfs_object_exist also fill sbuf1
5441 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5443 if(!replace_if_exists && dst_exists) {
5444 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5445 fsp->fsp_name,newname));
5446 return NT_STATUS_OBJECT_NAME_COLLISION;
5450 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5451 files_struct *dst_fsp = file_find_di_first(fileid);
5453 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5454 return NT_STATUS_ACCESS_DENIED;
5458 /* Ensure we have a valid stat struct for the source. */
5459 if (fsp->fh->fd != -1) {
5460 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) == -1) {
5461 return map_nt_error_from_unix(errno);
5464 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5465 return map_nt_error_from_unix(errno);
5469 status = can_rename(conn, fsp, attrs, &sbuf);
5471 if (!NT_STATUS_IS_OK(status)) {
5472 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5473 nt_errstr(status), fsp->fsp_name,newname));
5474 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5475 status = NT_STATUS_ACCESS_DENIED;
5479 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5480 return NT_STATUS_ACCESS_DENIED;
5483 lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
5486 * We have the file open ourselves, so not being able to get the
5487 * corresponding share mode lock is a fatal error.
5490 SMB_ASSERT(lck != NULL);
5492 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5493 uint32 create_options = fsp->fh->private_options;
5495 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5496 fsp->fsp_name,newname));
5498 rename_open_files(conn, lck, newname);
5500 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5503 * A rename acts as a new file create w.r.t. allowing an initial delete
5504 * on close, probably because in Windows there is a new handle to the
5505 * new file. If initial delete on close was requested but not
5506 * originally set, we need to set it here. This is probably not 100% correct,
5507 * but will work for the CIFSFS client which in non-posix mode
5508 * depends on these semantics. JRA.
5511 set_allow_initial_delete_on_close(lck, fsp, True);
5513 if (create_options & FILE_DELETE_ON_CLOSE) {
5514 status = can_set_delete_on_close(fsp, True, 0);
5516 if (NT_STATUS_IS_OK(status)) {
5517 /* Note that here we set the *inital* delete on close flag,
5518 * not the regular one. The magic gets handled in close. */
5519 fsp->initial_delete_on_close = True;
5523 return NT_STATUS_OK;
5528 if (errno == ENOTDIR || errno == EISDIR) {
5529 status = NT_STATUS_OBJECT_NAME_COLLISION;
5531 status = map_nt_error_from_unix(errno);
5534 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5535 nt_errstr(status), fsp->fsp_name,newname));
5540 /****************************************************************************
5541 The guts of the rename command, split out so it may be called by the NT SMB
5543 ****************************************************************************/
5545 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5546 connection_struct *conn,
5547 struct smb_request *req,
5548 const char *name_in,
5549 const char *newname_in,
5551 bool replace_if_exists,
5555 char *directory = NULL;
5557 char *last_component_src = NULL;
5558 char *last_component_dest = NULL;
5560 char *newname = NULL;
5563 NTSTATUS status = NT_STATUS_OK;
5564 SMB_STRUCT_STAT sbuf1, sbuf2;
5565 struct smb_Dir *dir_hnd = NULL;
5572 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5573 &last_component_src, &sbuf1);
5574 if (!NT_STATUS_IS_OK(status)) {
5578 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5579 &last_component_dest, &sbuf2);
5580 if (!NT_STATUS_IS_OK(status)) {
5585 * Split the old name into directory and last component
5586 * strings. Note that unix_convert may have stripped off a
5587 * leading ./ from both name and newname if the rename is
5588 * at the root of the share. We need to make sure either both
5589 * name and newname contain a / character or neither of them do
5590 * as this is checked in resolve_wildcards().
5593 p = strrchr_m(name,'/');
5595 directory = talloc_strdup(ctx, ".");
5597 return NT_STATUS_NO_MEMORY;
5602 directory = talloc_strdup(ctx, name);
5604 return NT_STATUS_NO_MEMORY;
5607 *p = '/'; /* Replace needed for exceptional test below. */
5611 * We should only check the mangled cache
5612 * here if unix_convert failed. This means
5613 * that the path in 'mask' doesn't exist
5614 * on the file system and so we need to look
5615 * for a possible mangle. This patch from
5616 * Tine Smukavec <valentin.smukavec@hermes.si>.
5619 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5620 char *new_mask = NULL;
5621 mangle_lookup_name_from_8_3(ctx,
5630 if (!src_has_wild) {
5634 * No wildcards - just process the one file.
5636 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5638 /* Add a terminating '/' to the directory name. */
5639 directory = talloc_asprintf_append(directory,
5643 return NT_STATUS_NO_MEMORY;
5646 /* Ensure newname contains a '/' also */
5647 if(strrchr_m(newname,'/') == 0) {
5648 newname = talloc_asprintf(ctx,
5652 return NT_STATUS_NO_MEMORY;
5656 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5657 "case_preserve = %d, short case preserve = %d, "
5658 "directory = %s, newname = %s, "
5659 "last_component_dest = %s, is_8_3 = %d\n",
5660 conn->case_sensitive, conn->case_preserve,
5661 conn->short_case_preserve, directory,
5662 newname, last_component_dest, is_short_name));
5664 /* The dest name still may have wildcards. */
5665 if (dest_has_wild) {
5666 char *mod_newname = NULL;
5667 if (!resolve_wildcards(ctx,
5668 directory,newname,&mod_newname)) {
5669 DEBUG(6, ("rename_internals: resolve_wildcards "
5673 return NT_STATUS_NO_MEMORY;
5675 newname = mod_newname;
5679 SMB_VFS_STAT(conn, directory, &sbuf1);
5681 status = S_ISDIR(sbuf1.st_mode) ?
5682 open_directory(conn, req, directory, &sbuf1,
5684 FILE_SHARE_READ|FILE_SHARE_WRITE,
5685 FILE_OPEN, 0, 0, NULL,
5687 : open_file_ntcreate(conn, req, directory, &sbuf1,
5689 FILE_SHARE_READ|FILE_SHARE_WRITE,
5690 FILE_OPEN, 0, 0, 0, NULL,
5693 if (!NT_STATUS_IS_OK(status)) {
5694 DEBUG(3, ("Could not open rename source %s: %s\n",
5695 directory, nt_errstr(status)));
5699 status = rename_internals_fsp(conn, fsp, newname,
5700 last_component_dest,
5701 attrs, replace_if_exists);
5703 close_file(fsp, NORMAL_CLOSE);
5705 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5706 nt_errstr(status), directory,newname));
5712 * Wildcards - process each file that matches.
5714 if (strequal(mask,"????????.???")) {
5719 status = check_name(conn, directory);
5720 if (!NT_STATUS_IS_OK(status)) {
5724 dir_hnd = OpenDir(conn, directory, mask, attrs);
5725 if (dir_hnd == NULL) {
5726 return map_nt_error_from_unix(errno);
5729 status = NT_STATUS_NO_SUCH_FILE;
5731 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5732 * - gentest fix. JRA
5735 while ((dname = ReadDirName(dir_hnd, &offset))) {
5736 files_struct *fsp = NULL;
5738 char *destname = NULL;
5739 bool sysdir_entry = False;
5741 /* Quick check for "." and ".." */
5742 if (ISDOT(dname) || ISDOTDOT(dname)) {
5744 sysdir_entry = True;
5750 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5754 if(!mask_match(dname, mask, conn->case_sensitive)) {
5759 status = NT_STATUS_OBJECT_NAME_INVALID;
5763 fname = talloc_asprintf(ctx,
5768 return NT_STATUS_NO_MEMORY;
5771 if (!resolve_wildcards(ctx,
5772 fname,newname,&destname)) {
5773 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5779 return NT_STATUS_NO_MEMORY;
5783 SMB_VFS_STAT(conn, fname, &sbuf1);
5785 status = S_ISDIR(sbuf1.st_mode) ?
5786 open_directory(conn, req, fname, &sbuf1,
5788 FILE_SHARE_READ|FILE_SHARE_WRITE,
5789 FILE_OPEN, 0, 0, NULL,
5791 : open_file_ntcreate(conn, req, fname, &sbuf1,
5793 FILE_SHARE_READ|FILE_SHARE_WRITE,
5794 FILE_OPEN, 0, 0, 0, NULL,
5797 if (!NT_STATUS_IS_OK(status)) {
5798 DEBUG(3,("rename_internals: open_file_ntcreate "
5799 "returned %s rename %s -> %s\n",
5800 nt_errstr(status), directory, newname));
5804 status = rename_internals_fsp(conn, fsp, destname, dname,
5805 attrs, replace_if_exists);
5807 close_file(fsp, NORMAL_CLOSE);
5809 if (!NT_STATUS_IS_OK(status)) {
5810 DEBUG(3, ("rename_internals_fsp returned %s for "
5811 "rename %s -> %s\n", nt_errstr(status),
5812 directory, newname));
5818 DEBUG(3,("rename_internals: doing rename on %s -> "
5819 "%s\n",fname,destname));
5822 TALLOC_FREE(destname);
5826 if (count == 0 && NT_STATUS_IS_OK(status)) {
5827 status = map_nt_error_from_unix(errno);
5833 /****************************************************************************
5835 ****************************************************************************/
5837 void reply_mv(connection_struct *conn, struct smb_request *req)
5840 char *newname = NULL;
5844 bool src_has_wcard = False;
5845 bool dest_has_wcard = False;
5846 TALLOC_CTX *ctx = talloc_tos();
5848 START_PROFILE(SMBmv);
5851 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5856 attrs = SVAL(req->inbuf,smb_vwv0);
5858 p = smb_buf(req->inbuf) + 1;
5859 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5860 0, STR_TERMINATE, &status,
5862 if (!NT_STATUS_IS_OK(status)) {
5863 reply_nterror(req, status);
5868 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5869 0, STR_TERMINATE, &status,
5871 if (!NT_STATUS_IS_OK(status)) {
5872 reply_nterror(req, status);
5877 status = resolve_dfspath_wcard(ctx, conn,
5878 req->flags2 & FLAGS2_DFS_PATHNAMES,
5882 if (!NT_STATUS_IS_OK(status)) {
5883 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5884 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5885 ERRSRV, ERRbadpath);
5889 reply_nterror(req, status);
5894 status = resolve_dfspath_wcard(ctx, conn,
5895 req->flags2 & FLAGS2_DFS_PATHNAMES,
5899 if (!NT_STATUS_IS_OK(status)) {
5900 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5901 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5902 ERRSRV, ERRbadpath);
5906 reply_nterror(req, status);
5911 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5913 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5914 src_has_wcard, dest_has_wcard);
5915 if (!NT_STATUS_IS_OK(status)) {
5916 if (open_was_deferred(req->mid)) {
5917 /* We have re-scheduled this call. */
5921 reply_nterror(req, status);
5926 reply_outbuf(req, 0, 0);
5932 /*******************************************************************
5933 Copy a file as part of a reply_copy.
5934 ******************************************************************/
5937 * TODO: check error codes on all callers
5940 NTSTATUS copy_file(TALLOC_CTX *ctx,
5941 connection_struct *conn,
5946 bool target_is_directory)
5948 SMB_STRUCT_STAT src_sbuf, sbuf2;
5950 files_struct *fsp1,*fsp2;
5953 uint32 new_create_disposition;
5956 dest = talloc_strdup(ctx, dest1);
5958 return NT_STATUS_NO_MEMORY;
5960 if (target_is_directory) {
5961 const char *p = strrchr_m(src,'/');
5967 dest = talloc_asprintf_append(dest,
5971 return NT_STATUS_NO_MEMORY;
5975 if (!vfs_file_exist(conn,src,&src_sbuf)) {
5977 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
5980 if (!target_is_directory && count) {
5981 new_create_disposition = FILE_OPEN;
5983 if (!map_open_params_to_ntcreate(dest1,0,ofun,
5984 NULL, NULL, &new_create_disposition, NULL)) {
5986 return NT_STATUS_INVALID_PARAMETER;
5990 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
5992 FILE_SHARE_READ|FILE_SHARE_WRITE,
5995 FILE_ATTRIBUTE_NORMAL,
5999 if (!NT_STATUS_IS_OK(status)) {
6004 dosattrs = dos_mode(conn, src, &src_sbuf);
6005 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6006 ZERO_STRUCTP(&sbuf2);
6009 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6011 FILE_SHARE_READ|FILE_SHARE_WRITE,
6012 new_create_disposition,
6020 if (!NT_STATUS_IS_OK(status)) {
6021 close_file(fsp1,ERROR_CLOSE);
6025 if ((ofun&3) == 1) {
6026 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
6027 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6029 * Stop the copy from occurring.
6032 src_sbuf.st_size = 0;
6036 if (src_sbuf.st_size) {
6037 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6040 close_file(fsp1,NORMAL_CLOSE);
6042 /* Ensure the modtime is set correctly on the destination file. */
6043 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
6046 * As we are opening fsp1 read-only we only expect
6047 * an error on close on fsp2 if we are out of space.
6048 * Thus we don't look at the error return from the
6051 status = close_file(fsp2,NORMAL_CLOSE);
6053 if (!NT_STATUS_IS_OK(status)) {
6057 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6058 return NT_STATUS_DISK_FULL;
6061 return NT_STATUS_OK;
6064 /****************************************************************************
6065 Reply to a file copy.
6066 ****************************************************************************/
6068 void reply_copy(connection_struct *conn, struct smb_request *req)
6071 char *newname = NULL;
6072 char *directory = NULL;
6076 int error = ERRnoaccess;
6081 bool target_is_directory=False;
6082 bool source_has_wild = False;
6083 bool dest_has_wild = False;
6084 SMB_STRUCT_STAT sbuf1, sbuf2;
6086 TALLOC_CTX *ctx = talloc_tos();
6088 START_PROFILE(SMBcopy);
6091 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6092 END_PROFILE(SMBcopy);
6096 tid2 = SVAL(req->inbuf,smb_vwv0);
6097 ofun = SVAL(req->inbuf,smb_vwv1);
6098 flags = SVAL(req->inbuf,smb_vwv2);
6100 p = smb_buf(req->inbuf);
6101 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6102 0, STR_TERMINATE, &status,
6104 if (!NT_STATUS_IS_OK(status)) {
6105 reply_nterror(req, status);
6106 END_PROFILE(SMBcopy);
6109 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6110 0, STR_TERMINATE, &status,
6112 if (!NT_STATUS_IS_OK(status)) {
6113 reply_nterror(req, status);
6114 END_PROFILE(SMBcopy);
6118 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6120 if (tid2 != conn->cnum) {
6121 /* can't currently handle inter share copies XXXX */
6122 DEBUG(3,("Rejecting inter-share copy\n"));
6123 reply_doserror(req, ERRSRV, ERRinvdevice);
6124 END_PROFILE(SMBcopy);
6128 status = resolve_dfspath_wcard(ctx, conn,
6129 req->flags2 & FLAGS2_DFS_PATHNAMES,
6133 if (!NT_STATUS_IS_OK(status)) {
6134 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6135 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6136 ERRSRV, ERRbadpath);
6137 END_PROFILE(SMBcopy);
6140 reply_nterror(req, status);
6141 END_PROFILE(SMBcopy);
6145 status = resolve_dfspath_wcard(ctx, conn,
6146 req->flags2 & FLAGS2_DFS_PATHNAMES,
6150 if (!NT_STATUS_IS_OK(status)) {
6151 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6152 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6153 ERRSRV, ERRbadpath);
6154 END_PROFILE(SMBcopy);
6157 reply_nterror(req, status);
6158 END_PROFILE(SMBcopy);
6162 status = unix_convert(ctx, conn, name, source_has_wild,
6163 &name, NULL, &sbuf1);
6164 if (!NT_STATUS_IS_OK(status)) {
6165 reply_nterror(req, status);
6166 END_PROFILE(SMBcopy);
6170 status = unix_convert(ctx, conn, newname, dest_has_wild,
6171 &newname, NULL, &sbuf2);
6172 if (!NT_STATUS_IS_OK(status)) {
6173 reply_nterror(req, status);
6174 END_PROFILE(SMBcopy);
6178 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6180 if ((flags&1) && target_is_directory) {
6181 reply_doserror(req, ERRDOS, ERRbadfile);
6182 END_PROFILE(SMBcopy);
6186 if ((flags&2) && !target_is_directory) {
6187 reply_doserror(req, ERRDOS, ERRbadpath);
6188 END_PROFILE(SMBcopy);
6192 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6193 /* wants a tree copy! XXXX */
6194 DEBUG(3,("Rejecting tree copy\n"));
6195 reply_doserror(req, ERRSRV, ERRerror);
6196 END_PROFILE(SMBcopy);
6200 p = strrchr_m(name,'/');
6202 directory = talloc_strdup(ctx, "./");
6204 reply_nterror(req, NT_STATUS_NO_MEMORY);
6205 END_PROFILE(SMBcopy);
6211 directory = talloc_strdup(ctx, name);
6213 reply_nterror(req, NT_STATUS_NO_MEMORY);
6214 END_PROFILE(SMBcopy);
6221 * We should only check the mangled cache
6222 * here if unix_convert failed. This means
6223 * that the path in 'mask' doesn't exist
6224 * on the file system and so we need to look
6225 * for a possible mangle. This patch from
6226 * Tine Smukavec <valentin.smukavec@hermes.si>.
6229 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6230 char *new_mask = NULL;
6231 mangle_lookup_name_from_8_3(ctx,
6240 if (!source_has_wild) {
6241 directory = talloc_asprintf_append(directory,
6244 if (dest_has_wild) {
6245 char *mod_newname = NULL;
6246 if (!resolve_wildcards(ctx,
6247 directory,newname,&mod_newname)) {
6248 reply_nterror(req, NT_STATUS_NO_MEMORY);
6249 END_PROFILE(SMBcopy);
6252 newname = mod_newname;
6255 status = check_name(conn, directory);
6256 if (!NT_STATUS_IS_OK(status)) {
6257 reply_nterror(req, status);
6258 END_PROFILE(SMBcopy);
6262 status = check_name(conn, newname);
6263 if (!NT_STATUS_IS_OK(status)) {
6264 reply_nterror(req, status);
6265 END_PROFILE(SMBcopy);
6269 status = copy_file(ctx,conn,directory,newname,ofun,
6270 count,target_is_directory);
6272 if(!NT_STATUS_IS_OK(status)) {
6273 reply_nterror(req, status);
6274 END_PROFILE(SMBcopy);
6280 struct smb_Dir *dir_hnd = NULL;
6281 const char *dname = NULL;
6284 if (strequal(mask,"????????.???")) {
6289 status = check_name(conn, directory);
6290 if (!NT_STATUS_IS_OK(status)) {
6291 reply_nterror(req, status);
6292 END_PROFILE(SMBcopy);
6296 dir_hnd = OpenDir(conn, directory, mask, 0);
6297 if (dir_hnd == NULL) {
6298 status = map_nt_error_from_unix(errno);
6299 reply_nterror(req, status);
6300 END_PROFILE(SMBcopy);
6306 while ((dname = ReadDirName(dir_hnd, &offset))) {
6307 char *destname = NULL;
6310 if (ISDOT(dname) || ISDOTDOT(dname)) {
6314 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6318 if(!mask_match(dname, mask, conn->case_sensitive)) {
6322 error = ERRnoaccess;
6323 fname = talloc_asprintf(ctx,
6328 reply_nterror(req, NT_STATUS_NO_MEMORY);
6329 END_PROFILE(SMBcopy);
6333 if (!resolve_wildcards(ctx,
6334 fname,newname,&destname)) {
6338 reply_nterror(req, NT_STATUS_NO_MEMORY);
6339 END_PROFILE(SMBcopy);
6343 status = check_name(conn, fname);
6344 if (!NT_STATUS_IS_OK(status)) {
6345 reply_nterror(req, status);
6346 END_PROFILE(SMBcopy);
6350 status = check_name(conn, destname);
6351 if (!NT_STATUS_IS_OK(status)) {
6352 reply_nterror(req, status);
6353 END_PROFILE(SMBcopy);
6357 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6359 status = copy_file(ctx,conn,fname,destname,ofun,
6360 count,target_is_directory);
6361 if (NT_STATUS_IS_OK(status)) {
6365 TALLOC_FREE(destname);
6372 /* Error on close... */
6374 reply_unixerror(req, ERRHRD, ERRgeneral);
6375 END_PROFILE(SMBcopy);
6379 reply_doserror(req, ERRDOS, error);
6380 END_PROFILE(SMBcopy);
6384 reply_outbuf(req, 1, 0);
6385 SSVAL(req->outbuf,smb_vwv0,count);
6387 END_PROFILE(SMBcopy);
6392 #define DBGC_CLASS DBGC_LOCKING
6394 /****************************************************************************
6395 Get a lock pid, dealing with large count requests.
6396 ****************************************************************************/
6398 uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6400 if(!large_file_format)
6401 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6403 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6406 /****************************************************************************
6407 Get a lock count, dealing with large count requests.
6408 ****************************************************************************/
6410 SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6412 SMB_BIG_UINT count = 0;
6414 if(!large_file_format) {
6415 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6418 #if defined(HAVE_LONGLONG)
6419 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6420 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6421 #else /* HAVE_LONGLONG */
6424 * NT4.x seems to be broken in that it sends large file (64 bit)
6425 * lockingX calls even if the CAP_LARGE_FILES was *not*
6426 * negotiated. For boxes without large unsigned ints truncate the
6427 * lock count by dropping the top 32 bits.
6430 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6431 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6432 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6433 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6434 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6437 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6438 #endif /* HAVE_LONGLONG */
6444 #if !defined(HAVE_LONGLONG)
6445 /****************************************************************************
6446 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6447 ****************************************************************************/
6449 static uint32 map_lock_offset(uint32 high, uint32 low)
6453 uint32 highcopy = high;
6456 * Try and find out how many significant bits there are in high.
6459 for(i = 0; highcopy; i++)
6463 * We use 31 bits not 32 here as POSIX
6464 * lock offsets may not be negative.
6467 mask = (~0) << (31 - i);
6470 return 0; /* Fail. */
6476 #endif /* !defined(HAVE_LONGLONG) */
6478 /****************************************************************************
6479 Get a lock offset, dealing with large offset requests.
6480 ****************************************************************************/
6482 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6484 SMB_BIG_UINT offset = 0;
6488 if(!large_file_format) {
6489 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6492 #if defined(HAVE_LONGLONG)
6493 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6494 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6495 #else /* HAVE_LONGLONG */
6498 * NT4.x seems to be broken in that it sends large file (64 bit)
6499 * lockingX calls even if the CAP_LARGE_FILES was *not*
6500 * negotiated. For boxes without large unsigned ints mangle the
6501 * lock offset by mapping the top 32 bits onto the lower 32.
6504 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6505 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6506 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6509 if((new_low = map_lock_offset(high, low)) == 0) {
6511 return (SMB_BIG_UINT)-1;
6514 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6515 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6516 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6517 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6520 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6521 #endif /* HAVE_LONGLONG */
6527 /****************************************************************************
6528 Reply to a lockingX request.
6529 ****************************************************************************/
6531 void reply_lockingX(connection_struct *conn, struct smb_request *req)
6534 unsigned char locktype;
6535 unsigned char oplocklevel;
6538 SMB_BIG_UINT count = 0, offset = 0;
6543 bool large_file_format;
6545 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6547 START_PROFILE(SMBlockingX);
6550 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6551 END_PROFILE(SMBlockingX);
6555 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6556 locktype = CVAL(req->inbuf,smb_vwv3);
6557 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6558 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6559 num_locks = SVAL(req->inbuf,smb_vwv7);
6560 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6561 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6563 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6564 END_PROFILE(SMBlockingX);
6568 data = smb_buf(req->inbuf);
6570 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6571 /* we don't support these - and CANCEL_LOCK makes w2k
6572 and XP reboot so I don't really want to be
6573 compatible! (tridge) */
6574 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6575 END_PROFILE(SMBlockingX);
6579 /* Check if this is an oplock break on a file
6580 we have granted an oplock on.
6582 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6583 /* Client can insist on breaking to none. */
6584 bool break_to_none = (oplocklevel == 0);
6587 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6588 "for fnum = %d\n", (unsigned int)oplocklevel,
6592 * Make sure we have granted an exclusive or batch oplock on
6596 if (fsp->oplock_type == 0) {
6598 /* The Samba4 nbench simulator doesn't understand
6599 the difference between break to level2 and break
6600 to none from level2 - it sends oplock break
6601 replies in both cases. Don't keep logging an error
6602 message here - just ignore it. JRA. */
6604 DEBUG(5,("reply_lockingX: Error : oplock break from "
6605 "client for fnum = %d (oplock=%d) and no "
6606 "oplock granted on this file (%s).\n",
6607 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6609 /* if this is a pure oplock break request then don't
6611 if (num_locks == 0 && num_ulocks == 0) {
6612 END_PROFILE(SMBlockingX);
6615 END_PROFILE(SMBlockingX);
6616 reply_doserror(req, ERRDOS, ERRlock);
6621 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6623 result = remove_oplock(fsp);
6625 result = downgrade_oplock(fsp);
6629 DEBUG(0, ("reply_lockingX: error in removing "
6630 "oplock on file %s\n", fsp->fsp_name));
6631 /* Hmmm. Is this panic justified? */
6632 smb_panic("internal tdb error");
6635 reply_to_oplock_break_requests(fsp);
6637 /* if this is a pure oplock break request then don't send a
6639 if (num_locks == 0 && num_ulocks == 0) {
6640 /* Sanity check - ensure a pure oplock break is not a
6642 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6643 DEBUG(0,("reply_lockingX: Error : pure oplock "
6644 "break is a chained %d request !\n",
6645 (unsigned int)CVAL(req->inbuf,
6647 END_PROFILE(SMBlockingX);
6653 * We do this check *after* we have checked this is not a oplock break
6654 * response message. JRA.
6657 release_level_2_oplocks_on_change(fsp);
6659 if (smb_buflen(req->inbuf) <
6660 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6661 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6662 END_PROFILE(SMBlockingX);
6666 /* Data now points at the beginning of the list
6667 of smb_unlkrng structs */
6668 for(i = 0; i < (int)num_ulocks; i++) {
6669 lock_pid = get_lock_pid( data, i, large_file_format);
6670 count = get_lock_count( data, i, large_file_format);
6671 offset = get_lock_offset( data, i, large_file_format, &err);
6674 * There is no error code marked "stupid client bug".... :-).
6677 END_PROFILE(SMBlockingX);
6678 reply_doserror(req, ERRDOS, ERRnoaccess);
6682 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6683 "pid %u, file %s\n", (double)offset, (double)count,
6684 (unsigned int)lock_pid, fsp->fsp_name ));
6686 status = do_unlock(smbd_messaging_context(),
6693 if (NT_STATUS_V(status)) {
6694 END_PROFILE(SMBlockingX);
6695 reply_nterror(req, status);
6700 /* Setup the timeout in seconds. */
6702 if (!lp_blocking_locks(SNUM(conn))) {
6706 /* Now do any requested locks */
6707 data += ((large_file_format ? 20 : 10)*num_ulocks);
6709 /* Data now points at the beginning of the list
6710 of smb_lkrng structs */
6712 for(i = 0; i < (int)num_locks; i++) {
6713 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6714 READ_LOCK:WRITE_LOCK);
6715 lock_pid = get_lock_pid( data, i, large_file_format);
6716 count = get_lock_count( data, i, large_file_format);
6717 offset = get_lock_offset( data, i, large_file_format, &err);
6720 * There is no error code marked "stupid client bug".... :-).
6723 END_PROFILE(SMBlockingX);
6724 reply_doserror(req, ERRDOS, ERRnoaccess);
6728 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6729 "%u, file %s timeout = %d\n", (double)offset,
6730 (double)count, (unsigned int)lock_pid,
6731 fsp->fsp_name, (int)lock_timeout ));
6733 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6734 if (lp_blocking_locks(SNUM(conn))) {
6736 /* Schedule a message to ourselves to
6737 remove the blocking lock record and
6738 return the right error. */
6740 if (!blocking_lock_cancel(fsp,
6746 NT_STATUS_FILE_LOCK_CONFLICT)) {
6747 END_PROFILE(SMBlockingX);
6752 ERRcancelviolation));
6756 /* Remove a matching pending lock. */
6757 status = do_lock_cancel(fsp,
6763 bool blocking_lock = lock_timeout ? True : False;
6764 bool defer_lock = False;
6765 struct byte_range_lock *br_lck;
6766 uint32 block_smbpid;
6768 br_lck = do_lock(smbd_messaging_context(),
6779 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6780 /* Windows internal resolution for blocking locks seems
6781 to be about 200ms... Don't wait for less than that. JRA. */
6782 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6783 lock_timeout = lp_lock_spin_time();
6788 /* This heuristic seems to match W2K3 very well. If a
6789 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6790 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6791 far as I can tell. Replacement for do_lock_spin(). JRA. */
6793 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6794 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6796 lock_timeout = lp_lock_spin_time();
6799 if (br_lck && defer_lock) {
6801 * A blocking lock was requested. Package up
6802 * this smb into a queued request and push it
6803 * onto the blocking lock queue.
6805 if(push_blocking_lock_request(br_lck,
6807 smb_len(req->inbuf)+4,
6817 TALLOC_FREE(br_lck);
6818 END_PROFILE(SMBlockingX);
6823 TALLOC_FREE(br_lck);
6826 if (NT_STATUS_V(status)) {
6827 END_PROFILE(SMBlockingX);
6828 reply_nterror(req, status);
6833 /* If any of the above locks failed, then we must unlock
6834 all of the previous locks (X/Open spec). */
6836 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6840 * Ensure we don't do a remove on the lock that just failed,
6841 * as under POSIX rules, if we have a lock already there, we
6842 * will delete it (and we shouldn't) .....
6844 for(i--; i >= 0; i--) {
6845 lock_pid = get_lock_pid( data, i, large_file_format);
6846 count = get_lock_count( data, i, large_file_format);
6847 offset = get_lock_offset( data, i, large_file_format,
6851 * There is no error code marked "stupid client
6855 END_PROFILE(SMBlockingX);
6856 reply_doserror(req, ERRDOS, ERRnoaccess);
6860 do_unlock(smbd_messaging_context(),
6867 END_PROFILE(SMBlockingX);
6868 reply_nterror(req, status);
6872 reply_outbuf(req, 2, 0);
6874 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6875 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6877 END_PROFILE(SMBlockingX);
6882 #define DBGC_CLASS DBGC_ALL
6884 /****************************************************************************
6885 Reply to a SMBreadbmpx (read block multiplex) request.
6886 Always reply with an error, if someone has a platform really needs this,
6887 please contact vl@samba.org
6888 ****************************************************************************/
6890 void reply_readbmpx(connection_struct *conn, struct smb_request *req)
6892 START_PROFILE(SMBreadBmpx);
6893 reply_doserror(req, ERRSRV, ERRuseSTD);
6894 END_PROFILE(SMBreadBmpx);
6898 /****************************************************************************
6899 Reply to a SMBreadbs (read block multiplex secondary) request.
6900 Always reply with an error, if someone has a platform really needs this,
6901 please contact vl@samba.org
6902 ****************************************************************************/
6904 void reply_readbs(connection_struct *conn, struct smb_request *req)
6906 START_PROFILE(SMBreadBs);
6907 reply_doserror(req, ERRSRV, ERRuseSTD);
6908 END_PROFILE(SMBreadBs);
6912 /****************************************************************************
6913 Reply to a SMBsetattrE.
6914 ****************************************************************************/
6916 void reply_setattrE(connection_struct *conn, struct smb_request *req)
6918 struct timespec ts[2];
6921 START_PROFILE(SMBsetattrE);
6924 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6925 END_PROFILE(SMBsetattrE);
6929 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6931 if(!fsp || (fsp->conn != conn)) {
6932 reply_doserror(req, ERRDOS, ERRbadfid);
6933 END_PROFILE(SMBsetattrE);
6939 * Convert the DOS times into unix times. Ignore create
6940 * time as UNIX can't set this.
6943 ts[0] = convert_time_t_to_timespec(
6944 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
6945 ts[1] = convert_time_t_to_timespec(
6946 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
6948 reply_outbuf(req, 0, 0);
6951 * Patch from Ray Frush <frush@engr.colostate.edu>
6952 * Sometimes times are sent as zero - ignore them.
6955 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6956 /* Ignore request */
6957 if( DEBUGLVL( 3 ) ) {
6958 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6959 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
6961 END_PROFILE(SMBsetattrE);
6963 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
6964 /* set modify time = to access time if modify time was unset */
6968 /* Set the date on this file */
6969 /* Should we set pending modtime here ? JRA */
6970 if(file_ntimes(conn, fsp->fsp_name, ts)) {
6971 reply_doserror(req, ERRDOS, ERRnoaccess);
6972 END_PROFILE(SMBsetattrE);
6976 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
6978 (unsigned int)ts[0].tv_sec,
6979 (unsigned int)ts[1].tv_sec));
6981 END_PROFILE(SMBsetattrE);
6986 /* Back from the dead for OS/2..... JRA. */
6988 /****************************************************************************
6989 Reply to a SMBwritebmpx (write block multiplex primary) request.
6990 Always reply with an error, if someone has a platform really needs this,
6991 please contact vl@samba.org
6992 ****************************************************************************/
6994 void reply_writebmpx(connection_struct *conn, struct smb_request *req)
6996 START_PROFILE(SMBwriteBmpx);
6997 reply_doserror(req, ERRSRV, ERRuseSTD);
6998 END_PROFILE(SMBwriteBmpx);
7002 /****************************************************************************
7003 Reply to a SMBwritebs (write block multiplex secondary) request.
7004 Always reply with an error, if someone has a platform really needs this,
7005 please contact vl@samba.org
7006 ****************************************************************************/
7008 void reply_writebs(connection_struct *conn, struct smb_request *req)
7010 START_PROFILE(SMBwriteBs);
7011 reply_doserror(req, ERRSRV, ERRuseSTD);
7012 END_PROFILE(SMBwriteBs);
7016 /****************************************************************************
7017 Reply to a SMBgetattrE.
7018 ****************************************************************************/
7020 void reply_getattrE(connection_struct *conn, struct smb_request *req)
7022 SMB_STRUCT_STAT sbuf;
7026 START_PROFILE(SMBgetattrE);
7029 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7030 END_PROFILE(SMBgetattrE);
7034 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7036 if(!fsp || (fsp->conn != conn)) {
7037 reply_doserror(req, ERRDOS, ERRbadfid);
7038 END_PROFILE(SMBgetattrE);
7042 /* Do an fstat on this file */
7043 if(fsp_stat(fsp, &sbuf)) {
7044 reply_unixerror(req, ERRDOS, ERRnoaccess);
7045 END_PROFILE(SMBgetattrE);
7049 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7052 * Convert the times into dos times. Set create
7053 * date to be last modify date as UNIX doesn't save
7057 reply_outbuf(req, 11, 0);
7059 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
7060 get_create_time(&sbuf,
7061 lp_fake_dir_create_times(SNUM(conn))));
7062 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7063 /* Should we check pending modtime here ? JRA */
7064 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7067 SIVAL(req->outbuf, smb_vwv6, 0);
7068 SIVAL(req->outbuf, smb_vwv8, 0);
7070 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7071 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7072 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7074 SSVAL(req->outbuf,smb_vwv10, mode);
7076 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7078 END_PROFILE(SMBgetattrE);