2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern bool global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 bool *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
219 bool *contains_wcard)
226 ret = srvstr_pull_buf_talloc(ctx,
233 ret = srvstr_pull_talloc(ctx,
243 *err = NT_STATUS_INVALID_PARAMETER;
247 *contains_wcard = False;
249 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
251 * For a DFS path the function parse_dfs_path()
252 * will do the path processing, just make a copy.
258 if (lp_posix_pathnames()) {
259 *err = check_path_syntax_posix(*pp_dest);
261 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
267 /****************************************************************************
268 Pull a string and check the path - provide for error return.
269 ****************************************************************************/
271 size_t srvstr_get_path(TALLOC_CTX *ctx,
285 ret = srvstr_pull_buf_talloc(ctx,
292 ret = srvstr_pull_talloc(ctx,
302 *err = NT_STATUS_INVALID_PARAMETER;
306 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
308 * For a DFS path the function parse_dfs_path()
309 * will do the path processing, just make a copy.
315 if (lp_posix_pathnames()) {
316 *err = check_path_syntax_posix(*pp_dest);
318 *err = check_path_syntax(*pp_dest);
324 /****************************************************************************
325 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
326 ****************************************************************************/
328 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
329 files_struct *fsp, struct current_user *user)
331 if (!(fsp) || !(conn)) {
332 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
335 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
336 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
342 /****************************************************************************
343 Check if we have a correct fsp pointing to a file. Replacement for the
345 ****************************************************************************/
347 bool check_fsp(connection_struct *conn, struct smb_request *req,
348 files_struct *fsp, struct current_user *user)
350 if (!check_fsp_open(conn, req, fsp, user)) {
353 if ((fsp)->is_directory) {
354 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
357 if ((fsp)->fh->fd == -1) {
358 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
361 (fsp)->num_smb_operations++;
365 /****************************************************************************
366 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
367 ****************************************************************************/
369 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
370 files_struct *fsp, struct current_user *user)
372 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
373 && (current_user.vuid==(fsp)->vuid)) {
377 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
381 /****************************************************************************
382 Reply to a (netbios-level) special message.
383 ****************************************************************************/
385 void reply_special(char *inbuf)
387 int msg_type = CVAL(inbuf,0);
388 int msg_flags = CVAL(inbuf,1);
393 * We only really use 4 bytes of the outbuf, but for the smb_setlen
394 * calculation & friends (srv_send_smb uses that) we need the full smb
397 char outbuf[smb_size];
399 static bool already_got_session = False;
403 memset(outbuf, '\0', sizeof(outbuf));
405 smb_setlen(outbuf,0);
408 case 0x81: /* session request */
410 if (already_got_session) {
411 exit_server_cleanly("multiple session request not permitted");
414 SCVAL(outbuf,0,0x82);
416 if (name_len(inbuf+4) > 50 ||
417 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
418 DEBUG(0,("Invalid name length in session request\n"));
421 name_extract(inbuf,4,name1);
422 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
423 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
426 set_local_machine_name(name1, True);
427 set_remote_machine_name(name2, True);
429 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
430 get_local_machine_name(), get_remote_machine_name(),
433 if (name_type == 'R') {
434 /* We are being asked for a pathworks session ---
436 SCVAL(outbuf, 0,0x83);
440 /* only add the client's machine name to the list
441 of possibly valid usernames if we are operating
442 in share mode security */
443 if (lp_security() == SEC_SHARE) {
444 add_session_user(get_remote_machine_name());
447 reload_services(True);
450 already_got_session = True;
453 case 0x89: /* session keepalive request
454 (some old clients produce this?) */
455 SCVAL(outbuf,0,SMBkeepalive);
459 case 0x82: /* positive session response */
460 case 0x83: /* negative session response */
461 case 0x84: /* retarget session response */
462 DEBUG(0,("Unexpected session response\n"));
465 case SMBkeepalive: /* session keepalive */
470 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
471 msg_type, msg_flags));
473 srv_send_smb(smbd_server_fd(), outbuf, false);
477 /****************************************************************************
479 conn POINTER CAN BE NULL HERE !
480 ****************************************************************************/
482 void reply_tcon(struct smb_request *req)
484 connection_struct *conn = req->conn;
486 char *service_buf = NULL;
487 char *password = NULL;
492 DATA_BLOB password_blob;
493 TALLOC_CTX *ctx = talloc_tos();
495 START_PROFILE(SMBtcon);
497 if (smb_buflen(req->inbuf) < 4) {
498 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
499 END_PROFILE(SMBtcon);
503 p = smb_buf(req->inbuf)+1;
504 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
505 &service_buf, p, STR_TERMINATE) + 1;
506 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
507 &password, p, STR_TERMINATE) + 1;
509 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
510 &dev, p, STR_TERMINATE) + 1;
512 if (service_buf == NULL || password == NULL || dev == NULL) {
513 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
514 END_PROFILE(SMBtcon);
517 p = strrchr_m(service_buf,'\\');
521 service = service_buf;
524 password_blob = data_blob(password, pwlen+1);
526 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
529 data_blob_clear_free(&password_blob);
532 reply_nterror(req, nt_status);
533 END_PROFILE(SMBtcon);
537 reply_outbuf(req, 2, 0);
538 SSVAL(req->outbuf,smb_vwv0,max_recv);
539 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
540 SSVAL(req->outbuf,smb_tid,conn->cnum);
542 DEBUG(3,("tcon service=%s cnum=%d\n",
543 service, conn->cnum));
545 END_PROFILE(SMBtcon);
549 /****************************************************************************
550 Reply to a tcon and X.
551 conn POINTER CAN BE NULL HERE !
552 ****************************************************************************/
554 void reply_tcon_and_X(struct smb_request *req)
556 connection_struct *conn = req->conn;
557 char *service = NULL;
559 TALLOC_CTX *ctx = talloc_tos();
560 /* what the cleint thinks the device is */
561 char *client_devicetype = NULL;
562 /* what the server tells the client the share represents */
563 const char *server_devicetype;
570 START_PROFILE(SMBtconX);
573 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
574 END_PROFILE(SMBtconX);
578 passlen = SVAL(req->inbuf,smb_vwv3);
579 tcon_flags = SVAL(req->inbuf,smb_vwv2);
581 /* we might have to close an old one */
582 if ((tcon_flags & 0x1) && conn) {
583 close_cnum(conn,req->vuid);
588 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
589 reply_doserror(req, ERRDOS, ERRbuftoosmall);
590 END_PROFILE(SMBtconX);
594 if (global_encrypted_passwords_negotiated) {
595 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
597 if (lp_security() == SEC_SHARE) {
599 * Security = share always has a pad byte
600 * after the password.
602 p = smb_buf(req->inbuf) + passlen + 1;
604 p = smb_buf(req->inbuf) + passlen;
607 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
609 /* Ensure correct termination */
610 password.data[passlen]=0;
611 p = smb_buf(req->inbuf) + passlen + 1;
614 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
618 data_blob_clear_free(&password);
619 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
620 END_PROFILE(SMBtconX);
625 * the service name can be either: \\server\share
626 * or share directly like on the DELL PowerVault 705
629 q = strchr_m(path+2,'\\');
631 data_blob_clear_free(&password);
632 reply_doserror(req, ERRDOS, ERRnosuchshare);
633 END_PROFILE(SMBtconX);
641 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
642 &client_devicetype, p,
643 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
645 if (client_devicetype == NULL) {
646 data_blob_clear_free(&password);
647 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
648 END_PROFILE(SMBtconX);
652 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
654 conn = make_connection(service, password, client_devicetype,
655 req->vuid, &nt_status);
658 data_blob_clear_free(&password);
661 reply_nterror(req, nt_status);
662 END_PROFILE(SMBtconX);
667 server_devicetype = "IPC";
668 else if ( IS_PRINT(conn) )
669 server_devicetype = "LPT1:";
671 server_devicetype = "A:";
673 if (Protocol < PROTOCOL_NT1) {
674 reply_outbuf(req, 2, 0);
675 if (message_push_string(&req->outbuf, server_devicetype,
676 STR_TERMINATE|STR_ASCII) == -1) {
677 reply_nterror(req, NT_STATUS_NO_MEMORY);
678 END_PROFILE(SMBtconX);
682 /* NT sets the fstype of IPC$ to the null string */
683 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
685 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
686 /* Return permissions. */
690 reply_outbuf(req, 7, 0);
693 perm1 = FILE_ALL_ACCESS;
694 perm2 = FILE_ALL_ACCESS;
696 perm1 = CAN_WRITE(conn) ?
701 SIVAL(req->outbuf, smb_vwv3, perm1);
702 SIVAL(req->outbuf, smb_vwv5, perm2);
704 reply_outbuf(req, 3, 0);
707 if ((message_push_string(&req->outbuf, server_devicetype,
708 STR_TERMINATE|STR_ASCII) == -1)
709 || (message_push_string(&req->outbuf, fstype,
710 STR_TERMINATE) == -1)) {
711 reply_nterror(req, NT_STATUS_NO_MEMORY);
712 END_PROFILE(SMBtconX);
716 /* what does setting this bit do? It is set by NT4 and
717 may affect the ability to autorun mounted cdroms */
718 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
719 (lp_csc_policy(SNUM(conn)) << 2));
721 init_dfsroot(conn, req->inbuf, req->outbuf);
725 DEBUG(3,("tconX service=%s \n",
728 /* set the incoming and outgoing tid to the just created one */
729 SSVAL(req->inbuf,smb_tid,conn->cnum);
730 SSVAL(req->outbuf,smb_tid,conn->cnum);
732 END_PROFILE(SMBtconX);
738 /****************************************************************************
739 Reply to an unknown type.
740 ****************************************************************************/
742 void reply_unknown_new(struct smb_request *req, uint8 type)
744 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
745 smb_fn_name(type), type, type));
746 reply_doserror(req, ERRSRV, ERRunknownsmb);
750 /****************************************************************************
752 conn POINTER CAN BE NULL HERE !
753 ****************************************************************************/
755 void reply_ioctl(struct smb_request *req)
757 connection_struct *conn = req->conn;
764 START_PROFILE(SMBioctl);
767 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
768 END_PROFILE(SMBioctl);
772 device = SVAL(req->inbuf,smb_vwv1);
773 function = SVAL(req->inbuf,smb_vwv2);
774 ioctl_code = (device << 16) + function;
776 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
778 switch (ioctl_code) {
779 case IOCTL_QUERY_JOB_INFO:
783 reply_doserror(req, ERRSRV, ERRnosupport);
784 END_PROFILE(SMBioctl);
788 reply_outbuf(req, 8, replysize+1);
789 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
790 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
791 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
792 p = smb_buf(req->outbuf);
793 memset(p, '\0', replysize+1); /* valgrind-safe. */
794 p += 1; /* Allow for alignment */
796 switch (ioctl_code) {
797 case IOCTL_QUERY_JOB_INFO:
799 files_struct *fsp = file_fsp(SVAL(req->inbuf,
802 reply_doserror(req, ERRDOS, ERRbadfid);
803 END_PROFILE(SMBioctl);
806 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
807 srvstr_push((char *)req->outbuf, req->flags2, p+2,
809 STR_TERMINATE|STR_ASCII);
811 srvstr_push((char *)req->outbuf, req->flags2,
812 p+18, lp_servicename(SNUM(conn)),
813 13, STR_TERMINATE|STR_ASCII);
821 END_PROFILE(SMBioctl);
825 /****************************************************************************
826 Strange checkpath NTSTATUS mapping.
827 ****************************************************************************/
829 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
831 /* Strange DOS error code semantics only for checkpath... */
832 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
833 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
834 /* We need to map to ERRbadpath */
835 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
841 /****************************************************************************
842 Reply to a checkpath.
843 ****************************************************************************/
845 void reply_checkpath(struct smb_request *req)
847 connection_struct *conn = req->conn;
849 SMB_STRUCT_STAT sbuf;
851 TALLOC_CTX *ctx = talloc_tos();
853 START_PROFILE(SMBcheckpath);
855 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
856 smb_buf(req->inbuf) + 1, 0,
857 STR_TERMINATE, &status);
858 if (!NT_STATUS_IS_OK(status)) {
859 status = map_checkpath_error((char *)req->inbuf, status);
860 reply_nterror(req, status);
861 END_PROFILE(SMBcheckpath);
865 status = resolve_dfspath(ctx, conn,
866 req->flags2 & FLAGS2_DFS_PATHNAMES,
869 if (!NT_STATUS_IS_OK(status)) {
870 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
871 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
873 END_PROFILE(SMBcheckpath);
879 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
881 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
882 if (!NT_STATUS_IS_OK(status)) {
886 status = check_name(conn, name);
887 if (!NT_STATUS_IS_OK(status)) {
888 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
892 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
893 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
894 status = map_nt_error_from_unix(errno);
898 if (!S_ISDIR(sbuf.st_mode)) {
899 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
901 END_PROFILE(SMBcheckpath);
905 reply_outbuf(req, 0, 0);
907 END_PROFILE(SMBcheckpath);
912 END_PROFILE(SMBcheckpath);
914 /* We special case this - as when a Windows machine
915 is parsing a path is steps through the components
916 one at a time - if a component fails it expects
917 ERRbadpath, not ERRbadfile.
919 status = map_checkpath_error((char *)req->inbuf, status);
920 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
922 * Windows returns different error codes if
923 * the parent directory is valid but not the
924 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
925 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
926 * if the path is invalid.
928 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
933 reply_nterror(req, status);
936 /****************************************************************************
938 ****************************************************************************/
940 void reply_getatr(struct smb_request *req)
942 connection_struct *conn = req->conn;
944 SMB_STRUCT_STAT sbuf;
950 TALLOC_CTX *ctx = talloc_tos();
952 START_PROFILE(SMBgetatr);
954 p = smb_buf(req->inbuf) + 1;
955 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
956 0, STR_TERMINATE, &status);
957 if (!NT_STATUS_IS_OK(status)) {
958 reply_nterror(req, status);
959 END_PROFILE(SMBgetatr);
963 status = resolve_dfspath(ctx, conn,
964 req->flags2 & FLAGS2_DFS_PATHNAMES,
967 if (!NT_STATUS_IS_OK(status)) {
968 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
969 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
971 END_PROFILE(SMBgetatr);
974 reply_nterror(req, status);
975 END_PROFILE(SMBgetatr);
979 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
980 under WfWg - weird! */
981 if (*fname == '\0') {
982 mode = aHIDDEN | aDIR;
983 if (!CAN_WRITE(conn)) {
989 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
990 if (!NT_STATUS_IS_OK(status)) {
991 reply_nterror(req, status);
992 END_PROFILE(SMBgetatr);
995 status = check_name(conn, fname);
996 if (!NT_STATUS_IS_OK(status)) {
997 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
998 reply_nterror(req, status);
999 END_PROFILE(SMBgetatr);
1002 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1003 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1004 reply_unixerror(req, ERRDOS,ERRbadfile);
1005 END_PROFILE(SMBgetatr);
1009 mode = dos_mode(conn,fname,&sbuf);
1010 size = sbuf.st_size;
1011 mtime = sbuf.st_mtime;
1017 reply_outbuf(req, 10, 0);
1019 SSVAL(req->outbuf,smb_vwv0,mode);
1020 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1021 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1023 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1025 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1027 if (Protocol >= PROTOCOL_NT1) {
1028 SSVAL(req->outbuf, smb_flg2,
1029 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1032 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1034 END_PROFILE(SMBgetatr);
1038 /****************************************************************************
1040 ****************************************************************************/
1042 void reply_setatr(struct smb_request *req)
1044 connection_struct *conn = req->conn;
1048 SMB_STRUCT_STAT sbuf;
1051 TALLOC_CTX *ctx = talloc_tos();
1053 START_PROFILE(SMBsetatr);
1056 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1060 p = smb_buf(req->inbuf) + 1;
1061 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1062 0, STR_TERMINATE, &status);
1063 if (!NT_STATUS_IS_OK(status)) {
1064 reply_nterror(req, status);
1065 END_PROFILE(SMBsetatr);
1069 status = resolve_dfspath(ctx, conn,
1070 req->flags2 & FLAGS2_DFS_PATHNAMES,
1073 if (!NT_STATUS_IS_OK(status)) {
1074 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1075 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1076 ERRSRV, ERRbadpath);
1077 END_PROFILE(SMBsetatr);
1080 reply_nterror(req, status);
1081 END_PROFILE(SMBsetatr);
1085 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1086 if (!NT_STATUS_IS_OK(status)) {
1087 reply_nterror(req, status);
1088 END_PROFILE(SMBsetatr);
1092 status = check_name(conn, fname);
1093 if (!NT_STATUS_IS_OK(status)) {
1094 reply_nterror(req, status);
1095 END_PROFILE(SMBsetatr);
1099 if (fname[0] == '.' && fname[1] == '\0') {
1101 * Not sure here is the right place to catch this
1102 * condition. Might be moved to somewhere else later -- vl
1104 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1105 END_PROFILE(SMBsetatr);
1109 mode = SVAL(req->inbuf,smb_vwv0);
1110 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1112 if (mode != FILE_ATTRIBUTE_NORMAL) {
1113 if (VALID_STAT_OF_DIR(sbuf))
1118 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1119 reply_unixerror(req, ERRDOS, ERRnoaccess);
1120 END_PROFILE(SMBsetatr);
1125 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1126 reply_unixerror(req, ERRDOS, ERRnoaccess);
1127 END_PROFILE(SMBsetatr);
1131 reply_outbuf(req, 0, 0);
1133 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1135 END_PROFILE(SMBsetatr);
1139 /****************************************************************************
1141 ****************************************************************************/
1143 void reply_dskattr(struct smb_request *req)
1145 connection_struct *conn = req->conn;
1146 SMB_BIG_UINT dfree,dsize,bsize;
1147 START_PROFILE(SMBdskattr);
1149 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1150 reply_unixerror(req, ERRHRD, ERRgeneral);
1151 END_PROFILE(SMBdskattr);
1155 reply_outbuf(req, 5, 0);
1157 if (Protocol <= PROTOCOL_LANMAN2) {
1158 double total_space, free_space;
1159 /* we need to scale this to a number that DOS6 can handle. We
1160 use floating point so we can handle large drives on systems
1161 that don't have 64 bit integers
1163 we end up displaying a maximum of 2G to DOS systems
1165 total_space = dsize * (double)bsize;
1166 free_space = dfree * (double)bsize;
1168 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1169 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1171 if (dsize > 0xFFFF) dsize = 0xFFFF;
1172 if (dfree > 0xFFFF) dfree = 0xFFFF;
1174 SSVAL(req->outbuf,smb_vwv0,dsize);
1175 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1176 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1177 SSVAL(req->outbuf,smb_vwv3,dfree);
1179 SSVAL(req->outbuf,smb_vwv0,dsize);
1180 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1181 SSVAL(req->outbuf,smb_vwv2,512);
1182 SSVAL(req->outbuf,smb_vwv3,dfree);
1185 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1187 END_PROFILE(SMBdskattr);
1191 /****************************************************************************
1193 Can be called from SMBsearch, SMBffirst or SMBfunique.
1194 ****************************************************************************/
1196 void reply_search(struct smb_request *req)
1198 connection_struct *conn = req->conn;
1200 char *directory = NULL;
1206 unsigned int numentries = 0;
1207 unsigned int maxentries = 0;
1208 bool finished = False;
1214 bool check_descend = False;
1215 bool expect_close = False;
1217 bool mask_contains_wcard = False;
1218 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1219 TALLOC_CTX *ctx = talloc_tos();
1221 START_PROFILE(SMBsearch);
1224 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1225 END_PROFILE(SMBsearch);
1229 if (lp_posix_pathnames()) {
1230 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1231 END_PROFILE(SMBsearch);
1235 /* If we were called as SMBffirst then we must expect close. */
1236 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1237 expect_close = True;
1240 reply_outbuf(req, 1, 3);
1241 maxentries = SVAL(req->inbuf,smb_vwv0);
1242 dirtype = SVAL(req->inbuf,smb_vwv1);
1243 p = smb_buf(req->inbuf) + 1;
1244 p += srvstr_get_path_wcard(ctx,
1252 &mask_contains_wcard);
1253 if (!NT_STATUS_IS_OK(nt_status)) {
1254 reply_nterror(req, nt_status);
1255 END_PROFILE(SMBsearch);
1259 nt_status = resolve_dfspath_wcard(ctx, conn,
1260 req->flags2 & FLAGS2_DFS_PATHNAMES,
1263 &mask_contains_wcard);
1264 if (!NT_STATUS_IS_OK(nt_status)) {
1265 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1266 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1267 ERRSRV, ERRbadpath);
1268 END_PROFILE(SMBsearch);
1271 reply_nterror(req, nt_status);
1272 END_PROFILE(SMBsearch);
1277 status_len = SVAL(p, 0);
1280 /* dirtype &= ~aDIR; */
1282 if (status_len == 0) {
1283 SMB_STRUCT_STAT sbuf;
1285 nt_status = unix_convert(ctx, conn, path, True,
1286 &directory, NULL, &sbuf);
1287 if (!NT_STATUS_IS_OK(nt_status)) {
1288 reply_nterror(req, nt_status);
1289 END_PROFILE(SMBsearch);
1293 nt_status = check_name(conn, directory);
1294 if (!NT_STATUS_IS_OK(nt_status)) {
1295 reply_nterror(req, nt_status);
1296 END_PROFILE(SMBsearch);
1300 p = strrchr_m(directory,'/');
1303 directory = talloc_strdup(ctx,".");
1305 reply_nterror(req, NT_STATUS_NO_MEMORY);
1306 END_PROFILE(SMBsearch);
1314 if (*directory == '\0') {
1315 directory = talloc_strdup(ctx,".");
1317 reply_nterror(req, NT_STATUS_NO_MEMORY);
1318 END_PROFILE(SMBsearch);
1322 memset((char *)status,'\0',21);
1323 SCVAL(status,0,(dirtype & 0x1F));
1325 nt_status = dptr_create(conn,
1331 mask_contains_wcard,
1334 if (!NT_STATUS_IS_OK(nt_status)) {
1335 reply_nterror(req, nt_status);
1336 END_PROFILE(SMBsearch);
1339 dptr_num = dptr_dnum(conn->dirptr);
1343 memcpy(status,p,21);
1344 status_dirtype = CVAL(status,0) & 0x1F;
1345 if (status_dirtype != (dirtype & 0x1F)) {
1346 dirtype = status_dirtype;
1349 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1350 if (!conn->dirptr) {
1353 string_set(&conn->dirpath,dptr_path(dptr_num));
1354 mask = dptr_wcard(dptr_num);
1359 * For a 'continue' search we have no string. So
1360 * check from the initial saved string.
1362 mask_contains_wcard = ms_has_wild(mask);
1363 dirtype = dptr_attr(dptr_num);
1366 DEBUG(4,("dptr_num is %d\n",dptr_num));
1368 if ((dirtype&0x1F) == aVOLID) {
1369 char buf[DIR_STRUCT_SIZE];
1370 memcpy(buf,status,21);
1371 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1372 0,aVOLID,0,!allow_long_path_components)) {
1373 reply_nterror(req, NT_STATUS_NO_MEMORY);
1374 END_PROFILE(SMBsearch);
1377 dptr_fill(buf+12,dptr_num);
1378 if (dptr_zero(buf+12) && (status_len==0)) {
1383 if (message_push_blob(&req->outbuf,
1384 data_blob_const(buf, sizeof(buf)))
1386 reply_nterror(req, NT_STATUS_NO_MEMORY);
1387 END_PROFILE(SMBsearch);
1395 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1398 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1399 conn->dirpath,lp_dontdescend(SNUM(conn))));
1400 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1401 check_descend = True;
1404 for (i=numentries;(i<maxentries) && !finished;i++) {
1405 finished = !get_dir_entry(ctx,conn,mask,dirtype,&fname,
1406 &size,&mode,&date,check_descend);
1408 char buf[DIR_STRUCT_SIZE];
1409 memcpy(buf,status,21);
1410 if (!make_dir_struct(ctx,
1417 !allow_long_path_components)) {
1418 reply_nterror(req, NT_STATUS_NO_MEMORY);
1419 END_PROFILE(SMBsearch);
1422 if (!dptr_fill(buf+12,dptr_num)) {
1425 if (message_push_blob(&req->outbuf,
1426 data_blob_const(buf, sizeof(buf)))
1428 reply_nterror(req, NT_STATUS_NO_MEMORY);
1429 END_PROFILE(SMBsearch);
1439 /* If we were called as SMBffirst with smb_search_id == NULL
1440 and no entries were found then return error and close dirptr
1443 if (numentries == 0) {
1444 dptr_close(&dptr_num);
1445 } else if(expect_close && status_len == 0) {
1446 /* Close the dptr - we know it's gone */
1447 dptr_close(&dptr_num);
1450 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1451 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1452 dptr_close(&dptr_num);
1455 if ((numentries == 0) && !mask_contains_wcard) {
1456 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1457 END_PROFILE(SMBsearch);
1461 SSVAL(req->outbuf,smb_vwv0,numentries);
1462 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1463 SCVAL(smb_buf(req->outbuf),0,5);
1464 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1466 /* The replies here are never long name. */
1467 SSVAL(req->outbuf, smb_flg2,
1468 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1469 if (!allow_long_path_components) {
1470 SSVAL(req->outbuf, smb_flg2,
1471 SVAL(req->outbuf, smb_flg2)
1472 & (~FLAGS2_LONG_PATH_COMPONENTS));
1475 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1476 SSVAL(req->outbuf, smb_flg2,
1477 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1480 directory = dptr_path(dptr_num);
1483 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1484 smb_fn_name(CVAL(req->inbuf,smb_com)),
1486 directory ? directory : "./",
1491 END_PROFILE(SMBsearch);
1495 /****************************************************************************
1496 Reply to a fclose (stop directory search).
1497 ****************************************************************************/
1499 void reply_fclose(struct smb_request *req)
1507 bool path_contains_wcard = False;
1508 TALLOC_CTX *ctx = talloc_tos();
1510 START_PROFILE(SMBfclose);
1512 if (lp_posix_pathnames()) {
1513 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1514 END_PROFILE(SMBfclose);
1518 p = smb_buf(req->inbuf) + 1;
1519 p += srvstr_get_path_wcard(ctx,
1527 &path_contains_wcard);
1528 if (!NT_STATUS_IS_OK(err)) {
1529 reply_nterror(req, err);
1530 END_PROFILE(SMBfclose);
1534 status_len = SVAL(p,0);
1537 if (status_len == 0) {
1538 reply_doserror(req, ERRSRV, ERRsrverror);
1539 END_PROFILE(SMBfclose);
1543 memcpy(status,p,21);
1545 if(dptr_fetch(status+12,&dptr_num)) {
1546 /* Close the dptr - we know it's gone */
1547 dptr_close(&dptr_num);
1550 reply_outbuf(req, 1, 0);
1551 SSVAL(req->outbuf,smb_vwv0,0);
1553 DEBUG(3,("search close\n"));
1555 END_PROFILE(SMBfclose);
1559 /****************************************************************************
1561 ****************************************************************************/
1563 void reply_open(struct smb_request *req)
1565 connection_struct *conn = req->conn;
1571 SMB_STRUCT_STAT sbuf;
1578 uint32 create_disposition;
1579 uint32 create_options = 0;
1581 TALLOC_CTX *ctx = talloc_tos();
1583 START_PROFILE(SMBopen);
1586 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1587 END_PROFILE(SMBopen);
1591 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1592 deny_mode = SVAL(req->inbuf,smb_vwv0);
1593 dos_attr = SVAL(req->inbuf,smb_vwv1);
1595 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1596 smb_buf(req->inbuf)+1, 0,
1597 STR_TERMINATE, &status);
1598 if (!NT_STATUS_IS_OK(status)) {
1599 reply_nterror(req, status);
1600 END_PROFILE(SMBopen);
1604 if (!map_open_params_to_ntcreate(
1605 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1606 &share_mode, &create_disposition, &create_options)) {
1607 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1608 END_PROFILE(SMBopen);
1612 status = create_file(conn, /* conn */
1614 0, /* root_dir_fid */
1616 access_mask, /* access_mask */
1617 share_mode, /* share_access */
1618 create_disposition, /* create_disposition*/
1619 create_options, /* create_options */
1620 dos_attr, /* file_attributes */
1621 oplock_request, /* oplock_request */
1622 0, /* allocation_size */
1629 if (!NT_STATUS_IS_OK(status)) {
1630 if (open_was_deferred(req->mid)) {
1631 /* We have re-scheduled this call. */
1632 END_PROFILE(SMBopen);
1635 reply_openerror(req, status);
1636 END_PROFILE(SMBopen);
1640 size = sbuf.st_size;
1641 fattr = dos_mode(conn,fname,&sbuf);
1642 mtime = sbuf.st_mtime;
1645 DEBUG(3,("attempt to open a directory %s\n",fname));
1646 close_file(fsp,ERROR_CLOSE);
1647 reply_doserror(req, ERRDOS,ERRnoaccess);
1648 END_PROFILE(SMBopen);
1652 reply_outbuf(req, 7, 0);
1653 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1654 SSVAL(req->outbuf,smb_vwv1,fattr);
1655 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1656 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1658 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1660 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1661 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1663 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1664 SCVAL(req->outbuf,smb_flg,
1665 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1668 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1669 SCVAL(req->outbuf,smb_flg,
1670 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1672 END_PROFILE(SMBopen);
1676 /****************************************************************************
1677 Reply to an open and X.
1678 ****************************************************************************/
1680 void reply_open_and_X(struct smb_request *req)
1682 connection_struct *conn = req->conn;
1687 /* Breakout the oplock request bits so we can set the
1688 reply bits separately. */
1689 int ex_oplock_request;
1690 int core_oplock_request;
1693 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1694 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1699 SMB_STRUCT_STAT sbuf;
1703 SMB_BIG_UINT allocation_size;
1704 ssize_t retval = -1;
1707 uint32 create_disposition;
1708 uint32 create_options = 0;
1709 TALLOC_CTX *ctx = talloc_tos();
1711 START_PROFILE(SMBopenX);
1713 if (req->wct < 15) {
1714 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1715 END_PROFILE(SMBopenX);
1719 open_flags = SVAL(req->inbuf,smb_vwv2);
1720 deny_mode = SVAL(req->inbuf,smb_vwv3);
1721 smb_attr = SVAL(req->inbuf,smb_vwv5);
1722 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1723 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1724 oplock_request = ex_oplock_request | core_oplock_request;
1725 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1726 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1728 /* If it's an IPC, pass off the pipe handler. */
1730 if (lp_nt_pipe_support()) {
1731 reply_open_pipe_and_X(conn, req);
1733 reply_doserror(req, ERRSRV, ERRaccess);
1735 END_PROFILE(SMBopenX);
1739 /* XXXX we need to handle passed times, sattr and flags */
1740 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1741 smb_buf(req->inbuf), 0, STR_TERMINATE,
1743 if (!NT_STATUS_IS_OK(status)) {
1744 reply_nterror(req, status);
1745 END_PROFILE(SMBopenX);
1749 if (!map_open_params_to_ntcreate(
1750 fname, deny_mode, smb_ofun, &access_mask,
1751 &share_mode, &create_disposition, &create_options)) {
1752 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1753 END_PROFILE(SMBopenX);
1757 status = create_file(conn, /* conn */
1759 0, /* root_dir_fid */
1761 access_mask, /* access_mask */
1762 share_mode, /* share_access */
1763 create_disposition, /* create_disposition*/
1764 create_options, /* create_options */
1765 smb_attr, /* file_attributes */
1766 oplock_request, /* oplock_request */
1767 0, /* allocation_size */
1771 &smb_action, /* pinfo */
1774 if (!NT_STATUS_IS_OK(status)) {
1775 END_PROFILE(SMBopenX);
1776 if (open_was_deferred(req->mid)) {
1777 /* We have re-scheduled this call. */
1780 reply_openerror(req, status);
1784 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1785 if the file is truncated or created. */
1786 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1787 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1788 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1789 close_file(fsp,ERROR_CLOSE);
1790 reply_nterror(req, NT_STATUS_DISK_FULL);
1791 END_PROFILE(SMBopenX);
1794 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1796 close_file(fsp,ERROR_CLOSE);
1797 reply_nterror(req, NT_STATUS_DISK_FULL);
1798 END_PROFILE(SMBopenX);
1801 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1804 fattr = dos_mode(conn,fname,&sbuf);
1805 mtime = sbuf.st_mtime;
1807 close_file(fsp,ERROR_CLOSE);
1808 reply_doserror(req, ERRDOS, ERRnoaccess);
1809 END_PROFILE(SMBopenX);
1813 /* If the caller set the extended oplock request bit
1814 and we granted one (by whatever means) - set the
1815 correct bit for extended oplock reply.
1818 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1819 smb_action |= EXTENDED_OPLOCK_GRANTED;
1822 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1823 smb_action |= EXTENDED_OPLOCK_GRANTED;
1826 /* If the caller set the core oplock request bit
1827 and we granted one (by whatever means) - set the
1828 correct bit for core oplock reply.
1831 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1832 reply_outbuf(req, 19, 0);
1834 reply_outbuf(req, 15, 0);
1837 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1838 SCVAL(req->outbuf, smb_flg,
1839 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1842 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1843 SCVAL(req->outbuf, smb_flg,
1844 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1847 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1848 SSVAL(req->outbuf,smb_vwv3,fattr);
1849 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1850 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1852 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1854 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1855 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1856 SSVAL(req->outbuf,smb_vwv11,smb_action);
1858 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1859 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1862 END_PROFILE(SMBopenX);
1867 /****************************************************************************
1868 Reply to a SMBulogoffX.
1869 ****************************************************************************/
1871 void reply_ulogoffX(struct smb_request *req)
1875 START_PROFILE(SMBulogoffX);
1877 vuser = get_valid_user_struct(req->vuid);
1880 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1884 /* in user level security we are supposed to close any files
1885 open by this user */
1886 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1887 file_close_user(req->vuid);
1890 invalidate_vuid(req->vuid);
1892 reply_outbuf(req, 2, 0);
1894 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1896 END_PROFILE(SMBulogoffX);
1900 /****************************************************************************
1901 Reply to a mknew or a create.
1902 ****************************************************************************/
1904 void reply_mknew(struct smb_request *req)
1906 connection_struct *conn = req->conn;
1910 struct timespec ts[2];
1912 int oplock_request = 0;
1913 SMB_STRUCT_STAT sbuf;
1915 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1916 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1917 uint32 create_disposition;
1918 uint32 create_options = 0;
1919 TALLOC_CTX *ctx = talloc_tos();
1921 START_PROFILE(SMBcreate);
1924 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1925 END_PROFILE(SMBcreate);
1929 fattr = SVAL(req->inbuf,smb_vwv0);
1930 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1931 com = SVAL(req->inbuf,smb_com);
1933 ts[1] =convert_time_t_to_timespec(
1934 srv_make_unix_date3(req->inbuf + smb_vwv1));
1937 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1938 smb_buf(req->inbuf) + 1, 0,
1939 STR_TERMINATE, &status);
1940 if (!NT_STATUS_IS_OK(status)) {
1941 reply_nterror(req, status);
1942 END_PROFILE(SMBcreate);
1946 if (fattr & aVOLID) {
1947 DEBUG(0,("Attempt to create file (%s) with volid set - "
1948 "please report this\n", fname));
1951 if(com == SMBmknew) {
1952 /* We should fail if file exists. */
1953 create_disposition = FILE_CREATE;
1955 /* Create if file doesn't exist, truncate if it does. */
1956 create_disposition = FILE_OVERWRITE_IF;
1959 status = create_file(conn, /* conn */
1961 0, /* root_dir_fid */
1963 access_mask, /* access_mask */
1964 share_mode, /* share_access */
1965 create_disposition, /* create_disposition*/
1966 create_options, /* create_options */
1967 fattr, /* file_attributes */
1968 oplock_request, /* oplock_request */
1969 0, /* allocation_size */
1976 if (!NT_STATUS_IS_OK(status)) {
1977 END_PROFILE(SMBcreate);
1978 if (open_was_deferred(req->mid)) {
1979 /* We have re-scheduled this call. */
1982 reply_openerror(req, status);
1986 ts[0] = get_atimespec(&sbuf); /* atime. */
1987 file_ntimes(conn, fname, ts);
1989 reply_outbuf(req, 1, 0);
1990 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1992 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1993 SCVAL(req->outbuf,smb_flg,
1994 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1997 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1998 SCVAL(req->outbuf,smb_flg,
1999 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2002 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
2003 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2004 fname, fsp->fh->fd, (unsigned int)fattr ) );
2006 END_PROFILE(SMBcreate);
2010 /****************************************************************************
2011 Reply to a create temporary file.
2012 ****************************************************************************/
2014 void reply_ctemp(struct smb_request *req)
2016 connection_struct *conn = req->conn;
2022 SMB_STRUCT_STAT sbuf;
2025 TALLOC_CTX *ctx = talloc_tos();
2027 START_PROFILE(SMBctemp);
2030 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2031 END_PROFILE(SMBctemp);
2035 fattr = SVAL(req->inbuf,smb_vwv0);
2036 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2038 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2039 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2041 if (!NT_STATUS_IS_OK(status)) {
2042 reply_nterror(req, status);
2043 END_PROFILE(SMBctemp);
2047 fname = talloc_asprintf(ctx,
2051 fname = talloc_strdup(ctx, "TMXXXXXX");
2055 reply_nterror(req, NT_STATUS_NO_MEMORY);
2056 END_PROFILE(SMBctemp);
2060 status = resolve_dfspath(ctx, conn,
2061 req->flags2 & FLAGS2_DFS_PATHNAMES,
2064 if (!NT_STATUS_IS_OK(status)) {
2065 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2066 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2067 ERRSRV, ERRbadpath);
2068 END_PROFILE(SMBctemp);
2071 reply_nterror(req, status);
2072 END_PROFILE(SMBctemp);
2076 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2077 if (!NT_STATUS_IS_OK(status)) {
2078 reply_nterror(req, status);
2079 END_PROFILE(SMBctemp);
2083 status = check_name(conn, CONST_DISCARD(char *,fname));
2084 if (!NT_STATUS_IS_OK(status)) {
2085 reply_nterror(req, status);
2086 END_PROFILE(SMBctemp);
2090 tmpfd = smb_mkstemp(fname);
2092 reply_unixerror(req, ERRDOS, ERRnoaccess);
2093 END_PROFILE(SMBctemp);
2097 SMB_VFS_STAT(conn,fname,&sbuf);
2099 /* We should fail if file does not exist. */
2100 status = open_file_ntcreate(conn, req, fname, &sbuf,
2101 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2102 FILE_SHARE_READ|FILE_SHARE_WRITE,
2109 /* close fd from smb_mkstemp() */
2112 if (!NT_STATUS_IS_OK(status)) {
2113 if (open_was_deferred(req->mid)) {
2114 /* We have re-scheduled this call. */
2115 END_PROFILE(SMBctemp);
2118 reply_openerror(req, status);
2119 END_PROFILE(SMBctemp);
2123 reply_outbuf(req, 1, 0);
2124 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2126 /* the returned filename is relative to the directory */
2127 s = strrchr_m(fname, '/');
2135 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2136 thing in the byte section. JRA */
2137 SSVALS(p, 0, -1); /* what is this? not in spec */
2139 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2141 reply_nterror(req, NT_STATUS_NO_MEMORY);
2142 END_PROFILE(SMBctemp);
2146 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2147 SCVAL(req->outbuf, smb_flg,
2148 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2151 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2152 SCVAL(req->outbuf, smb_flg,
2153 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2156 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2157 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2158 (unsigned int)sbuf.st_mode ) );
2160 END_PROFILE(SMBctemp);
2164 /*******************************************************************
2165 Check if a user is allowed to rename a file.
2166 ********************************************************************/
2168 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2169 uint16 dirtype, SMB_STRUCT_STAT *pst)
2173 if (!CAN_WRITE(conn)) {
2174 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2177 fmode = dos_mode(conn, fsp->fsp_name, pst);
2178 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2179 return NT_STATUS_NO_SUCH_FILE;
2182 if (S_ISDIR(pst->st_mode)) {
2183 return NT_STATUS_OK;
2186 if (fsp->access_mask & DELETE_ACCESS) {
2187 return NT_STATUS_OK;
2190 return NT_STATUS_ACCESS_DENIED;
2193 /*******************************************************************
2194 * unlink a file with all relevant access checks
2195 *******************************************************************/
2197 static NTSTATUS do_unlink(connection_struct *conn,
2198 struct smb_request *req,
2202 SMB_STRUCT_STAT sbuf;
2205 uint32 dirtype_orig = dirtype;
2208 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2210 if (!CAN_WRITE(conn)) {
2211 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2214 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2215 return map_nt_error_from_unix(errno);
2218 fattr = dos_mode(conn,fname,&sbuf);
2220 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2221 dirtype = aDIR|aARCH|aRONLY;
2224 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2226 return NT_STATUS_NO_SUCH_FILE;
2229 if (!dir_check_ftype(conn, fattr, dirtype)) {
2231 return NT_STATUS_FILE_IS_A_DIRECTORY;
2233 return NT_STATUS_NO_SUCH_FILE;
2236 if (dirtype_orig & 0x8000) {
2237 /* These will never be set for POSIX. */
2238 return NT_STATUS_NO_SUCH_FILE;
2242 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2243 return NT_STATUS_FILE_IS_A_DIRECTORY;
2246 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2247 return NT_STATUS_NO_SUCH_FILE;
2250 if (dirtype & 0xFF00) {
2251 /* These will never be set for POSIX. */
2252 return NT_STATUS_NO_SUCH_FILE;
2257 return NT_STATUS_NO_SUCH_FILE;
2260 /* Can't delete a directory. */
2262 return NT_STATUS_FILE_IS_A_DIRECTORY;
2267 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2268 return NT_STATUS_OBJECT_NAME_INVALID;
2269 #endif /* JRATEST */
2271 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2273 On a Windows share, a file with read-only dosmode can be opened with
2274 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2275 fails with NT_STATUS_CANNOT_DELETE error.
2277 This semantic causes a problem that a user can not
2278 rename a file with read-only dosmode on a Samba share
2279 from a Windows command prompt (i.e. cmd.exe, but can rename
2280 from Windows Explorer).
2283 if (!lp_delete_readonly(SNUM(conn))) {
2284 if (fattr & aRONLY) {
2285 return NT_STATUS_CANNOT_DELETE;
2289 /* On open checks the open itself will check the share mode, so
2290 don't do it here as we'll get it wrong. */
2292 status = open_file_ntcreate(conn, req, fname, &sbuf,
2297 FILE_ATTRIBUTE_NORMAL,
2298 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2301 if (!NT_STATUS_IS_OK(status)) {
2302 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2303 nt_errstr(status)));
2307 /* The set is across all open files on this dev/inode pair. */
2308 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2309 close_file(fsp, NORMAL_CLOSE);
2310 return NT_STATUS_ACCESS_DENIED;
2313 return close_file(fsp,NORMAL_CLOSE);
2316 /****************************************************************************
2317 The guts of the unlink command, split out so it may be called by the NT SMB
2319 ****************************************************************************/
2321 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2322 uint32 dirtype, const char *name_in, bool has_wild)
2324 const char *directory = NULL;
2329 NTSTATUS status = NT_STATUS_OK;
2330 SMB_STRUCT_STAT sbuf;
2331 TALLOC_CTX *ctx = talloc_tos();
2333 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2334 if (!NT_STATUS_IS_OK(status)) {
2338 p = strrchr_m(name,'/');
2340 directory = talloc_strdup(ctx, ".");
2342 return NT_STATUS_NO_MEMORY;
2352 * We should only check the mangled cache
2353 * here if unix_convert failed. This means
2354 * that the path in 'mask' doesn't exist
2355 * on the file system and so we need to look
2356 * for a possible mangle. This patch from
2357 * Tine Smukavec <valentin.smukavec@hermes.si>.
2360 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2361 char *new_mask = NULL;
2362 mangle_lookup_name_from_8_3(ctx,
2372 directory = talloc_asprintf(ctx,
2377 return NT_STATUS_NO_MEMORY;
2380 dirtype = FILE_ATTRIBUTE_NORMAL;
2383 status = check_name(conn, directory);
2384 if (!NT_STATUS_IS_OK(status)) {
2388 status = do_unlink(conn, req, directory, dirtype);
2389 if (!NT_STATUS_IS_OK(status)) {
2395 struct smb_Dir *dir_hnd = NULL;
2399 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2400 return NT_STATUS_OBJECT_NAME_INVALID;
2403 if (strequal(mask,"????????.???")) {
2408 status = check_name(conn, directory);
2409 if (!NT_STATUS_IS_OK(status)) {
2413 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2415 if (dir_hnd == NULL) {
2416 return map_nt_error_from_unix(errno);
2419 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2420 the pattern matches against the long name, otherwise the short name
2421 We don't implement this yet XXXX
2424 status = NT_STATUS_NO_SUCH_FILE;
2426 while ((dname = ReadDirName(dir_hnd, &offset))) {
2430 if (!is_visible_file(conn, directory, dname, &st, True)) {
2434 /* Quick check for "." and ".." */
2435 if (ISDOT(dname) || ISDOTDOT(dname)) {
2439 if(!mask_match(dname, mask, conn->case_sensitive)) {
2443 fname = talloc_asprintf(ctx, "%s/%s",
2447 return NT_STATUS_NO_MEMORY;
2450 status = check_name(conn, fname);
2451 if (!NT_STATUS_IS_OK(status)) {
2452 TALLOC_FREE(dir_hnd);
2456 status = do_unlink(conn, req, fname, dirtype);
2457 if (!NT_STATUS_IS_OK(status)) {
2463 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2468 TALLOC_FREE(dir_hnd);
2471 if (count == 0 && NT_STATUS_IS_OK(status)) {
2472 status = map_nt_error_from_unix(errno);
2478 /****************************************************************************
2480 ****************************************************************************/
2482 void reply_unlink(struct smb_request *req)
2484 connection_struct *conn = req->conn;
2488 bool path_contains_wcard = False;
2489 TALLOC_CTX *ctx = talloc_tos();
2491 START_PROFILE(SMBunlink);
2494 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2495 END_PROFILE(SMBunlink);
2499 dirtype = SVAL(req->inbuf,smb_vwv0);
2501 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2502 smb_buf(req->inbuf) + 1, 0,
2503 STR_TERMINATE, &status, &path_contains_wcard);
2504 if (!NT_STATUS_IS_OK(status)) {
2505 reply_nterror(req, status);
2506 END_PROFILE(SMBunlink);
2510 status = resolve_dfspath_wcard(ctx, conn,
2511 req->flags2 & FLAGS2_DFS_PATHNAMES,
2514 &path_contains_wcard);
2515 if (!NT_STATUS_IS_OK(status)) {
2516 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2517 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2518 ERRSRV, ERRbadpath);
2519 END_PROFILE(SMBunlink);
2522 reply_nterror(req, status);
2523 END_PROFILE(SMBunlink);
2527 DEBUG(3,("reply_unlink : %s\n",name));
2529 status = unlink_internals(conn, req, dirtype, name,
2530 path_contains_wcard);
2531 if (!NT_STATUS_IS_OK(status)) {
2532 if (open_was_deferred(req->mid)) {
2533 /* We have re-scheduled this call. */
2534 END_PROFILE(SMBunlink);
2537 reply_nterror(req, status);
2538 END_PROFILE(SMBunlink);
2542 reply_outbuf(req, 0, 0);
2543 END_PROFILE(SMBunlink);
2548 /****************************************************************************
2550 ****************************************************************************/
2552 static void fail_readraw(void)
2554 const char *errstr = talloc_asprintf(talloc_tos(),
2555 "FAIL ! reply_readbraw: socket write fail (%s)",
2560 exit_server_cleanly(errstr);
2563 /****************************************************************************
2564 Fake (read/write) sendfile. Returns -1 on read or write fail.
2565 ****************************************************************************/
2567 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2571 size_t tosend = nread;
2578 bufsize = MIN(nread, 65536);
2580 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2584 while (tosend > 0) {
2588 if (tosend > bufsize) {
2593 ret = read_file(fsp,buf,startpos,cur_read);
2599 /* If we had a short read, fill with zeros. */
2600 if (ret < cur_read) {
2601 memset(buf, '\0', cur_read - ret);
2604 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2609 startpos += cur_read;
2613 return (ssize_t)nread;
2616 /****************************************************************************
2617 Return a readbraw error (4 bytes of zero).
2618 ****************************************************************************/
2620 static void reply_readbraw_error(void)
2624 if (write_data(smbd_server_fd(),header,4) != 4) {
2629 /****************************************************************************
2630 Use sendfile in readbraw.
2631 ****************************************************************************/
2633 void send_file_readbraw(connection_struct *conn,
2639 char *outbuf = NULL;
2642 #if defined(WITH_SENDFILE)
2644 * We can only use sendfile on a non-chained packet
2645 * but we can use on a non-oplocked file. tridge proved this
2646 * on a train in Germany :-). JRA.
2647 * reply_readbraw has already checked the length.
2650 if ( (chain_size == 0) && (nread > 0) &&
2651 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2653 DATA_BLOB header_blob;
2655 _smb_setlen(header,nread);
2656 header_blob = data_blob_const(header, 4);
2658 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2659 &header_blob, startpos, nread) == -1) {
2660 /* Returning ENOSYS means no data at all was sent.
2661 * Do this as a normal read. */
2662 if (errno == ENOSYS) {
2663 goto normal_readbraw;
2667 * Special hack for broken Linux with no working sendfile. If we
2668 * return EINTR we sent the header but not the rest of the data.
2669 * Fake this up by doing read/write calls.
2671 if (errno == EINTR) {
2672 /* Ensure we don't do this again. */
2673 set_use_sendfile(SNUM(conn), False);
2674 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2676 if (fake_sendfile(fsp, startpos, nread) == -1) {
2677 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2678 fsp->fsp_name, strerror(errno) ));
2679 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2684 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2685 fsp->fsp_name, strerror(errno) ));
2686 exit_server_cleanly("send_file_readbraw sendfile failed");
2695 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2697 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2698 (unsigned)(nread+4)));
2699 reply_readbraw_error();
2704 ret = read_file(fsp,outbuf+4,startpos,nread);
2705 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2714 _smb_setlen(outbuf,ret);
2715 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2718 TALLOC_FREE(outbuf);
2721 /****************************************************************************
2722 Reply to a readbraw (core+ protocol).
2723 ****************************************************************************/
2725 void reply_readbraw(struct smb_request *req)
2727 connection_struct *conn = req->conn;
2728 ssize_t maxcount,mincount;
2735 START_PROFILE(SMBreadbraw);
2737 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2738 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2739 "raw reads/writes are disallowed.");
2743 reply_readbraw_error();
2744 END_PROFILE(SMBreadbraw);
2749 * Special check if an oplock break has been issued
2750 * and the readraw request croses on the wire, we must
2751 * return a zero length response here.
2754 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2757 * We have to do a check_fsp by hand here, as
2758 * we must always return 4 zero bytes on error,
2762 if (!fsp || !conn || conn != fsp->conn ||
2763 current_user.vuid != fsp->vuid ||
2764 fsp->is_directory || fsp->fh->fd == -1) {
2766 * fsp could be NULL here so use the value from the packet. JRA.
2768 DEBUG(3,("reply_readbraw: fnum %d not valid "
2770 (int)SVAL(req->inbuf,smb_vwv0)));
2771 reply_readbraw_error();
2772 END_PROFILE(SMBreadbraw);
2776 /* Do a "by hand" version of CHECK_READ. */
2777 if (!(fsp->can_read ||
2778 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2779 (fsp->access_mask & FILE_EXECUTE)))) {
2780 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2781 (int)SVAL(req->inbuf,smb_vwv0)));
2782 reply_readbraw_error();
2783 END_PROFILE(SMBreadbraw);
2787 flush_write_cache(fsp, READRAW_FLUSH);
2789 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2790 if(req->wct == 10) {
2792 * This is a large offset (64 bit) read.
2794 #ifdef LARGE_SMB_OFF_T
2796 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2798 #else /* !LARGE_SMB_OFF_T */
2801 * Ensure we haven't been sent a >32 bit offset.
2804 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2805 DEBUG(0,("reply_readbraw: large offset "
2806 "(%x << 32) used and we don't support "
2807 "64 bit offsets.\n",
2808 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2809 reply_readbraw_error();
2810 END_PROFILE(SMBreadbraw);
2814 #endif /* LARGE_SMB_OFF_T */
2817 DEBUG(0,("reply_readbraw: negative 64 bit "
2818 "readraw offset (%.0f) !\n",
2819 (double)startpos ));
2820 reply_readbraw_error();
2821 END_PROFILE(SMBreadbraw);
2826 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2827 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2829 /* ensure we don't overrun the packet size */
2830 maxcount = MIN(65535,maxcount);
2832 if (is_locked(fsp,(uint32)req->smbpid,
2833 (SMB_BIG_UINT)maxcount,
2834 (SMB_BIG_UINT)startpos,
2836 reply_readbraw_error();
2837 END_PROFILE(SMBreadbraw);
2841 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2845 if (startpos >= size) {
2848 nread = MIN(maxcount,(size - startpos));
2851 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2852 if (nread < mincount)
2856 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2857 "min=%lu nread=%lu\n",
2858 fsp->fnum, (double)startpos,
2859 (unsigned long)maxcount,
2860 (unsigned long)mincount,
2861 (unsigned long)nread ) );
2863 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2865 DEBUG(5,("reply_readbraw finished\n"));
2866 END_PROFILE(SMBreadbraw);
2870 #define DBGC_CLASS DBGC_LOCKING
2872 /****************************************************************************
2873 Reply to a lockread (core+ protocol).
2874 ****************************************************************************/
2876 void reply_lockread(struct smb_request *req)
2878 connection_struct *conn = req->conn;
2885 struct byte_range_lock *br_lck = NULL;
2888 START_PROFILE(SMBlockread);
2891 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2892 END_PROFILE(SMBlockread);
2896 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2898 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2899 END_PROFILE(SMBlockread);
2903 if (!CHECK_READ(fsp,req->inbuf)) {
2904 reply_doserror(req, ERRDOS, ERRbadaccess);
2905 END_PROFILE(SMBlockread);
2909 release_level_2_oplocks_on_change(fsp);
2911 numtoread = SVAL(req->inbuf,smb_vwv1);
2912 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2914 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2916 reply_outbuf(req, 5, numtoread + 3);
2918 data = smb_buf(req->outbuf) + 3;
2921 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2922 * protocol request that predates the read/write lock concept.
2923 * Thus instead of asking for a read lock here we need to ask
2924 * for a write lock. JRA.
2925 * Note that the requested lock size is unaffected by max_recv.
2928 br_lck = do_lock(smbd_messaging_context(),
2931 (SMB_BIG_UINT)numtoread,
2932 (SMB_BIG_UINT)startpos,
2935 False, /* Non-blocking lock. */
2938 TALLOC_FREE(br_lck);
2940 if (NT_STATUS_V(status)) {
2941 reply_nterror(req, status);
2942 END_PROFILE(SMBlockread);
2947 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2950 if (numtoread > max_recv) {
2951 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2952 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2953 (unsigned int)numtoread, (unsigned int)max_recv ));
2954 numtoread = MIN(numtoread,max_recv);
2956 nread = read_file(fsp,data,startpos,numtoread);
2959 reply_unixerror(req, ERRDOS, ERRnoaccess);
2960 END_PROFILE(SMBlockread);
2964 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2966 SSVAL(req->outbuf,smb_vwv0,nread);
2967 SSVAL(req->outbuf,smb_vwv5,nread+3);
2968 p = smb_buf(req->outbuf);
2969 SCVAL(p,0,0); /* pad byte. */
2972 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2973 fsp->fnum, (int)numtoread, (int)nread));
2975 END_PROFILE(SMBlockread);
2980 #define DBGC_CLASS DBGC_ALL
2982 /****************************************************************************
2984 ****************************************************************************/
2986 void reply_read(struct smb_request *req)
2988 connection_struct *conn = req->conn;
2996 START_PROFILE(SMBread);
2999 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3000 END_PROFILE(SMBread);
3004 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3006 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3007 END_PROFILE(SMBread);
3011 if (!CHECK_READ(fsp,req->inbuf)) {
3012 reply_doserror(req, ERRDOS, ERRbadaccess);
3013 END_PROFILE(SMBread);
3017 numtoread = SVAL(req->inbuf,smb_vwv1);
3018 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3020 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3023 * The requested read size cannot be greater than max_recv. JRA.
3025 if (numtoread > max_recv) {
3026 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3027 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3028 (unsigned int)numtoread, (unsigned int)max_recv ));
3029 numtoread = MIN(numtoread,max_recv);
3032 reply_outbuf(req, 5, numtoread+3);
3034 data = smb_buf(req->outbuf) + 3;
3036 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3037 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3038 reply_doserror(req, ERRDOS,ERRlock);
3039 END_PROFILE(SMBread);
3044 nread = read_file(fsp,data,startpos,numtoread);
3047 reply_unixerror(req, ERRDOS,ERRnoaccess);
3048 END_PROFILE(SMBread);
3052 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3054 SSVAL(req->outbuf,smb_vwv0,nread);
3055 SSVAL(req->outbuf,smb_vwv5,nread+3);
3056 SCVAL(smb_buf(req->outbuf),0,1);
3057 SSVAL(smb_buf(req->outbuf),1,nread);
3059 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3060 fsp->fnum, (int)numtoread, (int)nread ) );
3062 END_PROFILE(SMBread);
3066 /****************************************************************************
3068 ****************************************************************************/
3070 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3075 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3076 data = smb_buf(outbuf);
3078 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3080 SCVAL(outbuf,smb_vwv0,0xFF);
3081 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3082 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3083 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3084 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3085 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3086 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3087 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3091 /****************************************************************************
3092 Reply to a read and X - possibly using sendfile.
3093 ****************************************************************************/
3095 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3096 files_struct *fsp, SMB_OFF_T startpos,
3099 SMB_STRUCT_STAT sbuf;
3102 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3103 reply_unixerror(req, ERRDOS, ERRnoaccess);
3107 if (startpos > sbuf.st_size) {
3109 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3110 smb_maxcnt = (sbuf.st_size - startpos);
3113 if (smb_maxcnt == 0) {
3117 #if defined(WITH_SENDFILE)
3119 * We can only use sendfile on a non-chained packet
3120 * but we can use on a non-oplocked file. tridge proved this
3121 * on a train in Germany :-). JRA.
3124 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3125 !is_encrypted_packet(req->inbuf) &&
3126 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3127 uint8 headerbuf[smb_size + 12 * 2];
3131 * Set up the packet header before send. We
3132 * assume here the sendfile will work (get the
3133 * correct amount of data).
3136 header = data_blob_const(headerbuf, sizeof(headerbuf));
3138 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3139 setup_readX_header((char *)headerbuf, smb_maxcnt);
3141 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3142 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3143 if (errno == ENOSYS) {
3148 * Special hack for broken Linux with no working sendfile. If we
3149 * return EINTR we sent the header but not the rest of the data.
3150 * Fake this up by doing read/write calls.
3153 if (errno == EINTR) {
3154 /* Ensure we don't do this again. */
3155 set_use_sendfile(SNUM(conn), False);
3156 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3157 nread = fake_sendfile(fsp, startpos,
3160 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3161 fsp->fsp_name, strerror(errno) ));
3162 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3164 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3165 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3166 /* No outbuf here means successful sendfile. */
3167 TALLOC_FREE(req->outbuf);
3171 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3172 fsp->fsp_name, strerror(errno) ));
3173 exit_server_cleanly("send_file_readX sendfile failed");
3176 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3177 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3178 /* No outbuf here means successful sendfile. */
3179 TALLOC_FREE(req->outbuf);
3186 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3187 uint8 headerbuf[smb_size + 2*12];
3189 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3190 setup_readX_header((char *)headerbuf, smb_maxcnt);
3192 /* Send out the header. */
3193 if (write_data(smbd_server_fd(), (char *)headerbuf,
3194 sizeof(headerbuf)) != sizeof(headerbuf)) {
3195 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3196 fsp->fsp_name, strerror(errno) ));
3197 exit_server_cleanly("send_file_readX sendfile failed");
3199 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3201 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3202 fsp->fsp_name, strerror(errno) ));
3203 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3205 TALLOC_FREE(req->outbuf);
3208 reply_outbuf(req, 12, smb_maxcnt);
3210 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3213 reply_unixerror(req, ERRDOS, ERRnoaccess);
3217 setup_readX_header((char *)req->outbuf, nread);
3219 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3220 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3228 /****************************************************************************
3229 Reply to a read and X.
3230 ****************************************************************************/
3232 void reply_read_and_X(struct smb_request *req)
3234 connection_struct *conn = req->conn;
3238 bool big_readX = False;
3240 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3243 START_PROFILE(SMBreadX);
3245 if ((req->wct != 10) && (req->wct != 12)) {
3246 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3250 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3251 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3252 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3254 /* If it's an IPC, pass off the pipe handler. */
3256 reply_pipe_read_and_X(req);
3257 END_PROFILE(SMBreadX);
3261 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3262 END_PROFILE(SMBreadX);
3266 if (!CHECK_READ(fsp,req->inbuf)) {
3267 reply_doserror(req, ERRDOS,ERRbadaccess);
3268 END_PROFILE(SMBreadX);
3272 if (global_client_caps & CAP_LARGE_READX) {
3273 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3274 smb_maxcnt |= (upper_size<<16);
3275 if (upper_size > 1) {
3276 /* Can't do this on a chained packet. */
3277 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3278 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3279 END_PROFILE(SMBreadX);
3282 /* We currently don't do this on signed or sealed data. */
3283 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3284 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3285 END_PROFILE(SMBreadX);
3288 /* Is there room in the reply for this data ? */
3289 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3291 NT_STATUS_INVALID_PARAMETER);
3292 END_PROFILE(SMBreadX);
3299 if (req->wct == 12) {
3300 #ifdef LARGE_SMB_OFF_T
3302 * This is a large offset (64 bit) read.
3304 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3306 #else /* !LARGE_SMB_OFF_T */
3309 * Ensure we haven't been sent a >32 bit offset.
3312 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3313 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3314 "used and we don't support 64 bit offsets.\n",
3315 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3316 END_PROFILE(SMBreadX);
3317 reply_doserror(req, ERRDOS, ERRbadaccess);
3321 #endif /* LARGE_SMB_OFF_T */
3325 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3326 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3327 END_PROFILE(SMBreadX);
3328 reply_doserror(req, ERRDOS, ERRlock);
3333 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3334 END_PROFILE(SMBreadX);
3338 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3340 END_PROFILE(SMBreadX);
3344 /****************************************************************************
3345 Error replies to writebraw must have smb_wct == 1. Fix this up.
3346 ****************************************************************************/
3348 void error_to_writebrawerr(struct smb_request *req)
3350 uint8 *old_outbuf = req->outbuf;
3352 reply_outbuf(req, 1, 0);
3354 memcpy(req->outbuf, old_outbuf, smb_size);
3355 TALLOC_FREE(old_outbuf);
3358 /****************************************************************************
3359 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3360 ****************************************************************************/
3362 void reply_writebraw(struct smb_request *req)
3364 connection_struct *conn = req->conn;
3368 ssize_t total_written=0;
3369 size_t numtowrite=0;
3377 START_PROFILE(SMBwritebraw);
3380 * If we ever reply with an error, it must have the SMB command
3381 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3384 SCVAL(req->inbuf,smb_com,SMBwritec);
3386 if (srv_is_signing_active()) {
3387 END_PROFILE(SMBwritebraw);
3388 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3389 "raw reads/writes are disallowed.");
3392 if (req->wct < 12) {
3393 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3394 error_to_writebrawerr(req);
3395 END_PROFILE(SMBwritebraw);
3399 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3400 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3401 error_to_writebrawerr(req);
3402 END_PROFILE(SMBwritebraw);
3406 if (!CHECK_WRITE(fsp)) {
3407 reply_doserror(req, ERRDOS, ERRbadaccess);
3408 error_to_writebrawerr(req);
3409 END_PROFILE(SMBwritebraw);
3413 tcount = IVAL(req->inbuf,smb_vwv1);
3414 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3415 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3417 /* We have to deal with slightly different formats depending
3418 on whether we are using the core+ or lanman1.0 protocol */
3420 if(Protocol <= PROTOCOL_COREPLUS) {
3421 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3422 data = smb_buf(req->inbuf);
3424 numtowrite = SVAL(req->inbuf,smb_vwv10);
3425 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3428 /* Ensure we don't write bytes past the end of this packet. */
3429 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3430 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3431 error_to_writebrawerr(req);
3432 END_PROFILE(SMBwritebraw);
3436 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3437 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3438 reply_doserror(req, ERRDOS, ERRlock);
3439 error_to_writebrawerr(req);
3440 END_PROFILE(SMBwritebraw);
3445 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3448 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3449 "wrote=%d sync=%d\n",
3450 fsp->fnum, (double)startpos, (int)numtowrite,
3451 (int)nwritten, (int)write_through));
3453 if (nwritten < (ssize_t)numtowrite) {
3454 reply_unixerror(req, ERRHRD, ERRdiskfull);
3455 error_to_writebrawerr(req);
3456 END_PROFILE(SMBwritebraw);
3460 total_written = nwritten;
3462 /* Allocate a buffer of 64k + length. */
3463 buf = TALLOC_ARRAY(NULL, char, 65540);
3465 reply_doserror(req, ERRDOS, ERRnomem);
3466 error_to_writebrawerr(req);
3467 END_PROFILE(SMBwritebraw);
3471 /* Return a SMBwritebraw message to the redirector to tell
3472 * it to send more bytes */
3474 memcpy(buf, req->inbuf, smb_size);
3475 outsize = srv_set_message(buf,
3476 Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3477 SCVAL(buf,smb_com,SMBwritebraw);
3478 SSVALS(buf,smb_vwv0,0xFFFF);
3480 if (!srv_send_smb(smbd_server_fd(),
3482 IS_CONN_ENCRYPTED(conn))) {
3483 exit_server_cleanly("reply_writebraw: srv_send_smb "
3487 /* Now read the raw data into the buffer and write it */
3488 if (read_smb_length(smbd_server_fd(),buf,
3489 SMB_SECONDARY_WAIT, get_srv_read_error()) == -1) {
3490 exit_server_cleanly("secondary writebraw failed");
3494 * Even though this is not an smb message,
3495 * smb_len returns the generic length of a packet.
3498 numtowrite = smb_len(buf);
3500 /* Set up outbuf to return the correct size */
3501 reply_outbuf(req, 1, 0);
3503 if (numtowrite != 0) {
3505 if (numtowrite > 0xFFFF) {
3506 DEBUG(0,("reply_writebraw: Oversize secondary write "
3507 "raw requested (%u). Terminating\n",
3508 (unsigned int)numtowrite ));
3509 exit_server_cleanly("secondary writebraw failed");
3512 if (tcount > nwritten+numtowrite) {
3513 DEBUG(3,("reply_writebraw: Client overestimated the "
3515 (int)tcount,(int)nwritten,(int)numtowrite));
3518 if (read_data(smbd_server_fd(), buf+4, numtowrite,get_srv_read_error())
3520 DEBUG(0,("reply_writebraw: Oversize secondary write "
3521 "raw read failed (%s). Terminating\n",
3523 exit_server_cleanly("secondary writebraw failed");
3526 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3527 if (nwritten == -1) {
3529 reply_unixerror(req, ERRHRD, ERRdiskfull);
3530 error_to_writebrawerr(req);
3531 END_PROFILE(SMBwritebraw);
3535 if (nwritten < (ssize_t)numtowrite) {
3536 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3537 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3541 total_written += nwritten;
3546 SSVAL(req->outbuf,smb_vwv0,total_written);
3548 status = sync_file(conn, fsp, write_through);
3549 if (!NT_STATUS_IS_OK(status)) {
3550 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3551 fsp->fsp_name, nt_errstr(status) ));
3552 reply_nterror(req, status);
3553 error_to_writebrawerr(req);
3554 END_PROFILE(SMBwritebraw);
3558 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3560 fsp->fnum, (double)startpos, (int)numtowrite,
3561 (int)total_written));
3563 /* We won't return a status if write through is not selected - this
3564 * follows what WfWg does */
3565 END_PROFILE(SMBwritebraw);
3567 if (!write_through && total_written==tcount) {
3569 #if RABBIT_PELLET_FIX
3571 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3572 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3575 if (!send_keepalive(smbd_server_fd())) {
3576 exit_server_cleanly("reply_writebraw: send of "
3577 "keepalive failed");
3580 TALLOC_FREE(req->outbuf);
3586 #define DBGC_CLASS DBGC_LOCKING
3588 /****************************************************************************
3589 Reply to a writeunlock (core+).
3590 ****************************************************************************/
3592 void reply_writeunlock(struct smb_request *req)
3594 connection_struct *conn = req->conn;
3595 ssize_t nwritten = -1;
3599 NTSTATUS status = NT_STATUS_OK;
3602 START_PROFILE(SMBwriteunlock);
3605 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3606 END_PROFILE(SMBwriteunlock);
3610 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3612 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3613 END_PROFILE(SMBwriteunlock);
3617 if (!CHECK_WRITE(fsp)) {
3618 reply_doserror(req, ERRDOS,ERRbadaccess);
3619 END_PROFILE(SMBwriteunlock);
3623 numtowrite = SVAL(req->inbuf,smb_vwv1);
3624 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3625 data = smb_buf(req->inbuf) + 3;
3628 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3629 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3630 reply_doserror(req, ERRDOS, ERRlock);
3631 END_PROFILE(SMBwriteunlock);
3635 /* The special X/Open SMB protocol handling of
3636 zero length writes is *NOT* done for
3638 if(numtowrite == 0) {
3641 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3644 status = sync_file(conn, fsp, False /* write through */);
3645 if (!NT_STATUS_IS_OK(status)) {
3646 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3647 fsp->fsp_name, nt_errstr(status) ));
3648 reply_nterror(req, status);
3649 END_PROFILE(SMBwriteunlock);
3653 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3654 reply_unixerror(req, ERRHRD, ERRdiskfull);
3655 END_PROFILE(SMBwriteunlock);
3660 status = do_unlock(smbd_messaging_context(),
3663 (SMB_BIG_UINT)numtowrite,
3664 (SMB_BIG_UINT)startpos,
3667 if (NT_STATUS_V(status)) {
3668 reply_nterror(req, status);
3669 END_PROFILE(SMBwriteunlock);
3674 reply_outbuf(req, 1, 0);
3676 SSVAL(req->outbuf,smb_vwv0,nwritten);
3678 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3679 fsp->fnum, (int)numtowrite, (int)nwritten));
3681 END_PROFILE(SMBwriteunlock);
3686 #define DBGC_CLASS DBGC_ALL
3688 /****************************************************************************
3690 ****************************************************************************/
3692 void reply_write(struct smb_request *req)
3694 connection_struct *conn = req->conn;
3696 ssize_t nwritten = -1;
3702 START_PROFILE(SMBwrite);
3705 END_PROFILE(SMBwrite);
3706 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3710 /* If it's an IPC, pass off the pipe handler. */
3712 reply_pipe_write(req);
3713 END_PROFILE(SMBwrite);
3717 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3719 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3720 END_PROFILE(SMBwrite);
3724 if (!CHECK_WRITE(fsp)) {
3725 reply_doserror(req, ERRDOS, ERRbadaccess);
3726 END_PROFILE(SMBwrite);
3730 numtowrite = SVAL(req->inbuf,smb_vwv1);
3731 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3732 data = smb_buf(req->inbuf) + 3;
3734 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3735 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3736 reply_doserror(req, ERRDOS, ERRlock);
3737 END_PROFILE(SMBwrite);
3742 * X/Open SMB protocol says that if smb_vwv1 is
3743 * zero then the file size should be extended or
3744 * truncated to the size given in smb_vwv[2-3].
3747 if(numtowrite == 0) {
3749 * This is actually an allocate call, and set EOF. JRA.
3751 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3753 reply_nterror(req, NT_STATUS_DISK_FULL);
3754 END_PROFILE(SMBwrite);
3757 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3759 reply_nterror(req, NT_STATUS_DISK_FULL);
3760 END_PROFILE(SMBwrite);
3764 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3766 status = sync_file(conn, fsp, False);
3767 if (!NT_STATUS_IS_OK(status)) {
3768 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3769 fsp->fsp_name, nt_errstr(status) ));
3770 reply_nterror(req, status);
3771 END_PROFILE(SMBwrite);
3775 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3776 reply_unixerror(req, ERRHRD, ERRdiskfull);
3777 END_PROFILE(SMBwrite);
3781 reply_outbuf(req, 1, 0);
3783 SSVAL(req->outbuf,smb_vwv0,nwritten);
3785 if (nwritten < (ssize_t)numtowrite) {
3786 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3787 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3790 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3792 END_PROFILE(SMBwrite);
3796 /****************************************************************************
3797 Ensure a buffer is a valid writeX for recvfile purposes.
3798 ****************************************************************************/
3800 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3801 (2*14) + /* word count (including bcc) */ \
3804 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3807 connection_struct *conn = NULL;
3808 unsigned int doff = 0;
3809 size_t len = smb_len_large(inbuf);
3811 if (is_encrypted_packet(inbuf)) {
3812 /* Can't do this on encrypted
3817 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3821 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3822 CVAL(inbuf,smb_wct) != 14) {
3823 DEBUG(10,("is_valid_writeX_buffer: chained or "
3824 "invalid word length.\n"));
3828 conn = conn_find(SVAL(inbuf, smb_tid));
3830 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3834 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3837 doff = SVAL(inbuf,smb_vwv11);
3839 numtowrite = SVAL(inbuf,smb_vwv10);
3841 if (len > doff && len - doff > 0xFFFF) {
3842 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3845 if (numtowrite == 0) {
3846 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3850 /* Ensure the sizes match up. */
3851 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3852 /* no pad byte...old smbclient :-( */
3853 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3855 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3859 if (len - doff != numtowrite) {
3860 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3861 "len = %u, doff = %u, numtowrite = %u\n",
3864 (unsigned int)numtowrite ));
3868 DEBUG(10,("is_valid_writeX_buffer: true "
3869 "len = %u, doff = %u, numtowrite = %u\n",
3872 (unsigned int)numtowrite ));
3877 /****************************************************************************
3878 Reply to a write and X.
3879 ****************************************************************************/
3881 void reply_write_and_X(struct smb_request *req)
3883 connection_struct *conn = req->conn;
3889 unsigned int smb_doff;
3890 unsigned int smblen;
3894 START_PROFILE(SMBwriteX);
3896 if ((req->wct != 12) && (req->wct != 14)) {
3897 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3898 END_PROFILE(SMBwriteX);
3902 numtowrite = SVAL(req->inbuf,smb_vwv10);
3903 smb_doff = SVAL(req->inbuf,smb_vwv11);
3904 smblen = smb_len(req->inbuf);
3906 if (req->unread_bytes > 0xFFFF ||
3907 (smblen > smb_doff &&
3908 smblen - smb_doff > 0xFFFF)) {
3909 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3912 if (req->unread_bytes) {
3913 /* Can't do a recvfile write on IPC$ */
3915 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3916 END_PROFILE(SMBwriteX);
3919 if (numtowrite != req->unread_bytes) {
3920 reply_doserror(req, ERRDOS, ERRbadmem);
3921 END_PROFILE(SMBwriteX);
3925 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3926 smb_doff + numtowrite > smblen) {
3927 reply_doserror(req, ERRDOS, ERRbadmem);
3928 END_PROFILE(SMBwriteX);
3933 /* If it's an IPC, pass off the pipe handler. */
3935 if (req->unread_bytes) {
3936 reply_doserror(req, ERRDOS, ERRbadmem);
3937 END_PROFILE(SMBwriteX);
3940 reply_pipe_write_and_X(req);
3941 END_PROFILE(SMBwriteX);
3945 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3946 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3947 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3949 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3950 END_PROFILE(SMBwriteX);
3954 if (!CHECK_WRITE(fsp)) {
3955 reply_doserror(req, ERRDOS, ERRbadaccess);
3956 END_PROFILE(SMBwriteX);
3960 data = smb_base(req->inbuf) + smb_doff;
3962 if(req->wct == 14) {
3963 #ifdef LARGE_SMB_OFF_T
3965 * This is a large offset (64 bit) write.
3967 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3969 #else /* !LARGE_SMB_OFF_T */
3972 * Ensure we haven't been sent a >32 bit offset.
3975 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3976 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3977 "used and we don't support 64 bit offsets.\n",
3978 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
3979 reply_doserror(req, ERRDOS, ERRbadaccess);
3980 END_PROFILE(SMBwriteX);
3984 #endif /* LARGE_SMB_OFF_T */
3987 if (is_locked(fsp,(uint32)req->smbpid,
3988 (SMB_BIG_UINT)numtowrite,
3989 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3990 reply_doserror(req, ERRDOS, ERRlock);
3991 END_PROFILE(SMBwriteX);
3995 /* X/Open SMB protocol says that, unlike SMBwrite
3996 if the length is zero then NO truncation is
3997 done, just a write of zero. To truncate a file,
4000 if(numtowrite == 0) {
4004 if (req->unread_bytes == 0 &&
4005 schedule_aio_write_and_X(conn, req, fsp, data,
4006 startpos, numtowrite)) {
4007 END_PROFILE(SMBwriteX);
4011 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4014 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4015 reply_unixerror(req, ERRHRD, ERRdiskfull);
4016 END_PROFILE(SMBwriteX);
4020 reply_outbuf(req, 6, 0);
4021 SSVAL(req->outbuf,smb_vwv2,nwritten);
4022 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4024 if (nwritten < (ssize_t)numtowrite) {
4025 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4026 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4029 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4030 fsp->fnum, (int)numtowrite, (int)nwritten));
4032 status = sync_file(conn, fsp, write_through);
4033 if (!NT_STATUS_IS_OK(status)) {
4034 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4035 fsp->fsp_name, nt_errstr(status) ));
4036 reply_nterror(req, status);
4037 END_PROFILE(SMBwriteX);
4041 END_PROFILE(SMBwriteX);
4046 /****************************************************************************
4048 ****************************************************************************/
4050 void reply_lseek(struct smb_request *req)
4052 connection_struct *conn = req->conn;
4058 START_PROFILE(SMBlseek);
4061 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4062 END_PROFILE(SMBlseek);
4066 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4068 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4072 flush_write_cache(fsp, SEEK_FLUSH);
4074 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4075 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4076 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4085 res = fsp->fh->pos + startpos;
4096 if (umode == SEEK_END) {
4097 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4098 if(errno == EINVAL) {
4099 SMB_OFF_T current_pos = startpos;
4100 SMB_STRUCT_STAT sbuf;
4102 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4103 reply_unixerror(req, ERRDOS,
4105 END_PROFILE(SMBlseek);
4109 current_pos += sbuf.st_size;
4111 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4116 reply_unixerror(req, ERRDOS, ERRnoaccess);
4117 END_PROFILE(SMBlseek);
4124 reply_outbuf(req, 2, 0);
4125 SIVAL(req->outbuf,smb_vwv0,res);
4127 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4128 fsp->fnum, (double)startpos, (double)res, mode));
4130 END_PROFILE(SMBlseek);
4134 /****************************************************************************
4136 ****************************************************************************/
4138 void reply_flush(struct smb_request *req)
4140 connection_struct *conn = req->conn;
4144 START_PROFILE(SMBflush);
4147 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4151 fnum = SVAL(req->inbuf,smb_vwv0);
4152 fsp = file_fsp(fnum);
4154 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
4159 file_sync_all(conn);
4161 NTSTATUS status = sync_file(conn, fsp, True);
4162 if (!NT_STATUS_IS_OK(status)) {
4163 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4164 fsp->fsp_name, nt_errstr(status) ));
4165 reply_nterror(req, status);
4166 END_PROFILE(SMBflush);
4171 reply_outbuf(req, 0, 0);
4173 DEBUG(3,("flush\n"));
4174 END_PROFILE(SMBflush);
4178 /****************************************************************************
4180 conn POINTER CAN BE NULL HERE !
4181 ****************************************************************************/
4183 void reply_exit(struct smb_request *req)
4185 START_PROFILE(SMBexit);
4187 file_close_pid(req->smbpid, req->vuid);
4189 reply_outbuf(req, 0, 0);
4191 DEBUG(3,("exit\n"));
4193 END_PROFILE(SMBexit);
4197 /****************************************************************************
4198 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4199 ****************************************************************************/
4201 void reply_close(struct smb_request *req)
4203 connection_struct *conn = req->conn;
4204 NTSTATUS status = NT_STATUS_OK;
4205 files_struct *fsp = NULL;
4206 START_PROFILE(SMBclose);
4209 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4210 END_PROFILE(SMBclose);
4214 /* If it's an IPC, pass off to the pipe handler. */
4216 reply_pipe_close(conn, req);
4217 END_PROFILE(SMBclose);
4221 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4224 * We can only use CHECK_FSP if we know it's not a directory.
4227 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4228 reply_doserror(req, ERRDOS, ERRbadfid);
4229 END_PROFILE(SMBclose);
4233 if(fsp->is_directory) {
4235 * Special case - close NT SMB directory handle.
4237 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4238 status = close_file(fsp,NORMAL_CLOSE);
4241 * Close ordinary file.
4244 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4245 fsp->fh->fd, fsp->fnum,
4246 conn->num_files_open));
4249 * Take care of any time sent in the close.
4252 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
4253 srv_make_unix_date3(
4254 req->inbuf+smb_vwv1)));
4257 * close_file() returns the unix errno if an error
4258 * was detected on close - normally this is due to
4259 * a disk full error. If not then it was probably an I/O error.
4262 status = close_file(fsp,NORMAL_CLOSE);
4265 if (!NT_STATUS_IS_OK(status)) {
4266 reply_nterror(req, status);
4267 END_PROFILE(SMBclose);
4271 reply_outbuf(req, 0, 0);
4272 END_PROFILE(SMBclose);
4276 /****************************************************************************
4277 Reply to a writeclose (Core+ protocol).
4278 ****************************************************************************/
4280 void reply_writeclose(struct smb_request *req)
4282 connection_struct *conn = req->conn;
4284 ssize_t nwritten = -1;
4285 NTSTATUS close_status = NT_STATUS_OK;
4288 struct timespec mtime;
4291 START_PROFILE(SMBwriteclose);
4294 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4295 END_PROFILE(SMBwriteclose);
4299 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4301 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4302 END_PROFILE(SMBwriteclose);
4305 if (!CHECK_WRITE(fsp)) {
4306 reply_doserror(req, ERRDOS,ERRbadaccess);
4307 END_PROFILE(SMBwriteclose);
4311 numtowrite = SVAL(req->inbuf,smb_vwv1);
4312 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4313 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4314 req->inbuf+smb_vwv4));
4315 data = smb_buf(req->inbuf) + 1;
4318 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4319 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4320 reply_doserror(req, ERRDOS,ERRlock);
4321 END_PROFILE(SMBwriteclose);
4325 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4327 set_filetime(conn, fsp->fsp_name, mtime);
4330 * More insanity. W2K only closes the file if writelen > 0.
4335 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4337 close_status = close_file(fsp,NORMAL_CLOSE);
4340 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4341 fsp->fnum, (int)numtowrite, (int)nwritten,
4342 conn->num_files_open));
4344 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4345 reply_doserror(req, ERRHRD, ERRdiskfull);
4346 END_PROFILE(SMBwriteclose);
4350 if(!NT_STATUS_IS_OK(close_status)) {
4351 reply_nterror(req, close_status);
4352 END_PROFILE(SMBwriteclose);
4356 reply_outbuf(req, 1, 0);
4358 SSVAL(req->outbuf,smb_vwv0,nwritten);
4359 END_PROFILE(SMBwriteclose);
4364 #define DBGC_CLASS DBGC_LOCKING
4366 /****************************************************************************
4368 ****************************************************************************/
4370 void reply_lock(struct smb_request *req)
4372 connection_struct *conn = req->conn;
4373 SMB_BIG_UINT count,offset;
4376 struct byte_range_lock *br_lck = NULL;
4378 START_PROFILE(SMBlock);
4381 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4382 END_PROFILE(SMBlock);
4386 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4388 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4389 END_PROFILE(SMBlock);
4393 release_level_2_oplocks_on_change(fsp);
4395 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4396 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4398 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4399 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4401 br_lck = do_lock(smbd_messaging_context(),
4408 False, /* Non-blocking lock. */
4412 TALLOC_FREE(br_lck);
4414 if (NT_STATUS_V(status)) {
4415 reply_nterror(req, status);
4416 END_PROFILE(SMBlock);
4420 reply_outbuf(req, 0, 0);
4422 END_PROFILE(SMBlock);
4426 /****************************************************************************
4428 ****************************************************************************/
4430 void reply_unlock(struct smb_request *req)
4432 connection_struct *conn = req->conn;
4433 SMB_BIG_UINT count,offset;
4437 START_PROFILE(SMBunlock);
4440 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4441 END_PROFILE(SMBunlock);
4445 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4447 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4448 END_PROFILE(SMBunlock);
4452 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4453 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4455 status = do_unlock(smbd_messaging_context(),
4462 if (NT_STATUS_V(status)) {
4463 reply_nterror(req, status);
4464 END_PROFILE(SMBunlock);
4468 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4469 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4471 reply_outbuf(req, 0, 0);
4473 END_PROFILE(SMBunlock);
4478 #define DBGC_CLASS DBGC_ALL
4480 /****************************************************************************
4482 conn POINTER CAN BE NULL HERE !
4483 ****************************************************************************/
4485 void reply_tdis(struct smb_request *req)
4487 connection_struct *conn = req->conn;
4488 START_PROFILE(SMBtdis);
4491 DEBUG(4,("Invalid connection in tdis\n"));
4492 reply_doserror(req, ERRSRV, ERRinvnid);
4493 END_PROFILE(SMBtdis);
4499 close_cnum(conn,req->vuid);
4502 reply_outbuf(req, 0, 0);
4503 END_PROFILE(SMBtdis);
4507 /****************************************************************************
4509 conn POINTER CAN BE NULL HERE !
4510 ****************************************************************************/
4512 void reply_echo(struct smb_request *req)
4514 connection_struct *conn = req->conn;
4517 unsigned int data_len = smb_buflen(req->inbuf);
4519 START_PROFILE(SMBecho);
4522 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4523 END_PROFILE(SMBecho);
4527 if (data_len > BUFFER_SIZE) {
4528 DEBUG(0,("reply_echo: data_len too large.\n"));
4529 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4530 END_PROFILE(SMBecho);
4534 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4536 reply_outbuf(req, 1, data_len);
4538 /* copy any incoming data back out */
4540 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4543 if (smb_reverb > 100) {
4544 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4548 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4549 SSVAL(req->outbuf,smb_vwv0,seq_num);
4551 show_msg((char *)req->outbuf);
4552 if (!srv_send_smb(smbd_server_fd(),
4553 (char *)req->outbuf,
4554 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4555 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4558 DEBUG(3,("echo %d times\n", smb_reverb));
4560 TALLOC_FREE(req->outbuf);
4564 END_PROFILE(SMBecho);
4568 /****************************************************************************
4569 Reply to a printopen.
4570 ****************************************************************************/
4572 void reply_printopen(struct smb_request *req)
4574 connection_struct *conn = req->conn;
4578 START_PROFILE(SMBsplopen);
4581 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4582 END_PROFILE(SMBsplopen);
4586 if (!CAN_PRINT(conn)) {
4587 reply_doserror(req, ERRDOS, ERRnoaccess);
4588 END_PROFILE(SMBsplopen);
4592 /* Open for exclusive use, write only. */
4593 status = print_fsp_open(conn, NULL, &fsp);
4595 if (!NT_STATUS_IS_OK(status)) {
4596 reply_nterror(req, status);
4597 END_PROFILE(SMBsplopen);
4601 reply_outbuf(req, 1, 0);
4602 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4604 DEBUG(3,("openprint fd=%d fnum=%d\n",
4605 fsp->fh->fd, fsp->fnum));
4607 END_PROFILE(SMBsplopen);
4611 /****************************************************************************
4612 Reply to a printclose.
4613 ****************************************************************************/
4615 void reply_printclose(struct smb_request *req)
4617 connection_struct *conn = req->conn;
4621 START_PROFILE(SMBsplclose);
4624 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4625 END_PROFILE(SMBsplclose);
4629 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4631 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4632 END_PROFILE(SMBsplclose);
4636 if (!CAN_PRINT(conn)) {
4637 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4638 END_PROFILE(SMBsplclose);
4642 DEBUG(3,("printclose fd=%d fnum=%d\n",
4643 fsp->fh->fd,fsp->fnum));
4645 status = close_file(fsp,NORMAL_CLOSE);
4647 if(!NT_STATUS_IS_OK(status)) {
4648 reply_nterror(req, status);
4649 END_PROFILE(SMBsplclose);
4653 END_PROFILE(SMBsplclose);
4657 /****************************************************************************
4658 Reply to a printqueue.
4659 ****************************************************************************/
4661 void reply_printqueue(struct smb_request *req)
4663 connection_struct *conn = req->conn;
4667 START_PROFILE(SMBsplretq);
4670 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4671 END_PROFILE(SMBsplretq);
4675 max_count = SVAL(req->inbuf,smb_vwv0);
4676 start_index = SVAL(req->inbuf,smb_vwv1);
4678 /* we used to allow the client to get the cnum wrong, but that
4679 is really quite gross and only worked when there was only
4680 one printer - I think we should now only accept it if they
4681 get it right (tridge) */
4682 if (!CAN_PRINT(conn)) {
4683 reply_doserror(req, ERRDOS, ERRnoaccess);
4684 END_PROFILE(SMBsplretq);
4688 reply_outbuf(req, 2, 3);
4689 SSVAL(req->outbuf,smb_vwv0,0);
4690 SSVAL(req->outbuf,smb_vwv1,0);
4691 SCVAL(smb_buf(req->outbuf),0,1);
4692 SSVAL(smb_buf(req->outbuf),1,0);
4694 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4695 start_index, max_count));
4698 print_queue_struct *queue = NULL;
4699 print_status_struct status;
4700 int count = print_queue_status(SNUM(conn), &queue, &status);
4701 int num_to_get = ABS(max_count);
4702 int first = (max_count>0?start_index:start_index+max_count+1);
4708 num_to_get = MIN(num_to_get,count-first);
4711 for (i=first;i<first+num_to_get;i++) {
4715 srv_put_dos_date2(p,0,queue[i].time);
4716 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4717 SSVAL(p,5, queue[i].job);
4718 SIVAL(p,7,queue[i].size);
4720 srvstr_push(blob, req->flags2, p+12,
4721 queue[i].fs_user, 16, STR_ASCII);
4723 if (message_push_blob(
4726 blob, sizeof(blob))) == -1) {
4727 reply_nterror(req, NT_STATUS_NO_MEMORY);
4728 END_PROFILE(SMBsplretq);
4734 SSVAL(req->outbuf,smb_vwv0,count);
4735 SSVAL(req->outbuf,smb_vwv1,
4736 (max_count>0?first+count:first-1));
4737 SCVAL(smb_buf(req->outbuf),0,1);
4738 SSVAL(smb_buf(req->outbuf),1,28*count);
4743 DEBUG(3,("%d entries returned in queue\n",count));
4746 END_PROFILE(SMBsplretq);
4750 /****************************************************************************
4751 Reply to a printwrite.
4752 ****************************************************************************/
4754 void reply_printwrite(struct smb_request *req)
4756 connection_struct *conn = req->conn;
4761 START_PROFILE(SMBsplwr);
4764 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4765 END_PROFILE(SMBsplwr);
4769 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4771 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4772 END_PROFILE(SMBsplwr);
4776 if (!CAN_PRINT(conn)) {
4777 reply_doserror(req, ERRDOS, ERRnoaccess);
4778 END_PROFILE(SMBsplwr);
4782 if (!CHECK_WRITE(fsp)) {
4783 reply_doserror(req, ERRDOS, ERRbadaccess);
4784 END_PROFILE(SMBsplwr);
4788 numtowrite = SVAL(smb_buf(req->inbuf),1);
4790 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4791 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4792 END_PROFILE(SMBsplwr);
4796 data = smb_buf(req->inbuf) + 3;
4798 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4799 reply_unixerror(req, ERRHRD, ERRdiskfull);
4800 END_PROFILE(SMBsplwr);
4804 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4806 END_PROFILE(SMBsplwr);
4810 /****************************************************************************
4812 ****************************************************************************/
4814 void reply_mkdir(struct smb_request *req)
4816 connection_struct *conn = req->conn;
4817 char *directory = NULL;
4819 SMB_STRUCT_STAT sbuf;
4820 TALLOC_CTX *ctx = talloc_tos();
4822 START_PROFILE(SMBmkdir);
4824 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4825 smb_buf(req->inbuf) + 1, 0,
4826 STR_TERMINATE, &status);
4827 if (!NT_STATUS_IS_OK(status)) {
4828 reply_nterror(req, status);
4829 END_PROFILE(SMBmkdir);
4833 status = resolve_dfspath(ctx, conn,
4834 req->flags2 & FLAGS2_DFS_PATHNAMES,
4837 if (!NT_STATUS_IS_OK(status)) {
4838 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4839 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4840 ERRSRV, ERRbadpath);
4841 END_PROFILE(SMBmkdir);
4844 reply_nterror(req, status);
4845 END_PROFILE(SMBmkdir);
4849 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4850 if (!NT_STATUS_IS_OK(status)) {
4851 reply_nterror(req, status);
4852 END_PROFILE(SMBmkdir);
4856 status = check_name(conn, directory);
4857 if (!NT_STATUS_IS_OK(status)) {
4858 reply_nterror(req, status);
4859 END_PROFILE(SMBmkdir);
4863 status = create_directory(conn, req, directory);
4865 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4867 if (!NT_STATUS_IS_OK(status)) {
4869 if (!use_nt_status()
4870 && NT_STATUS_EQUAL(status,
4871 NT_STATUS_OBJECT_NAME_COLLISION)) {
4873 * Yes, in the DOS error code case we get a
4874 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4875 * samba4 torture test.
4877 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4880 reply_nterror(req, status);
4881 END_PROFILE(SMBmkdir);
4885 reply_outbuf(req, 0, 0);
4887 DEBUG( 3, ( "mkdir %s\n", directory ) );
4889 END_PROFILE(SMBmkdir);
4893 /****************************************************************************
4894 Static function used by reply_rmdir to delete an entire directory
4895 tree recursively. Return True on ok, False on fail.
4896 ****************************************************************************/
4898 static bool recursive_rmdir(TALLOC_CTX *ctx,
4899 connection_struct *conn,
4902 const char *dname = NULL;
4905 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4911 while((dname = ReadDirName(dir_hnd, &offset))) {
4912 char *fullname = NULL;
4915 if (ISDOT(dname) || ISDOTDOT(dname)) {
4919 if (!is_visible_file(conn, directory, dname, &st, False)) {
4923 /* Construct the full name. */
4924 fullname = talloc_asprintf(ctx,
4934 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4939 if(st.st_mode & S_IFDIR) {
4940 if(!recursive_rmdir(ctx, conn, fullname)) {
4944 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4948 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4952 TALLOC_FREE(fullname);
4954 TALLOC_FREE(dir_hnd);
4958 /****************************************************************************
4959 The internals of the rmdir code - called elsewhere.
4960 ****************************************************************************/
4962 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4963 connection_struct *conn,
4964 const char *directory)
4969 /* Might be a symlink. */
4970 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4971 return map_nt_error_from_unix(errno);
4974 if (S_ISLNK(st.st_mode)) {
4975 /* Is what it points to a directory ? */
4976 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4977 return map_nt_error_from_unix(errno);
4979 if (!(S_ISDIR(st.st_mode))) {
4980 return NT_STATUS_NOT_A_DIRECTORY;
4982 ret = SMB_VFS_UNLINK(conn,directory);
4984 ret = SMB_VFS_RMDIR(conn,directory);
4987 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4988 FILE_NOTIFY_CHANGE_DIR_NAME,
4990 return NT_STATUS_OK;
4993 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4995 * Check to see if the only thing in this directory are
4996 * vetoed files/directories. If so then delete them and
4997 * retry. If we fail to delete any of them (and we *don't*
4998 * do a recursive delete) then fail the rmdir.
5002 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5003 directory, NULL, 0);
5005 if(dir_hnd == NULL) {
5010 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5011 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5013 if (!is_visible_file(conn, directory, dname, &st, False))
5015 if(!IS_VETO_PATH(conn, dname)) {
5016 TALLOC_FREE(dir_hnd);
5022 /* We only have veto files/directories. Recursive delete. */
5024 RewindDir(dir_hnd,&dirpos);
5025 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5026 char *fullname = NULL;
5028 if (ISDOT(dname) || ISDOTDOT(dname)) {
5031 if (!is_visible_file(conn, directory, dname, &st, False)) {
5035 fullname = talloc_asprintf(ctx,
5045 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5048 if(st.st_mode & S_IFDIR) {
5049 if(lp_recursive_veto_delete(SNUM(conn))) {
5050 if(!recursive_rmdir(ctx, conn, fullname))
5053 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5056 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5059 TALLOC_FREE(fullname);
5061 TALLOC_FREE(dir_hnd);
5062 /* Retry the rmdir */
5063 ret = SMB_VFS_RMDIR(conn,directory);
5069 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5070 "%s\n", directory,strerror(errno)));
5071 return map_nt_error_from_unix(errno);
5074 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5075 FILE_NOTIFY_CHANGE_DIR_NAME,
5078 return NT_STATUS_OK;
5081 /****************************************************************************
5083 ****************************************************************************/
5085 void reply_rmdir(struct smb_request *req)
5087 connection_struct *conn = req->conn;
5088 char *directory = NULL;
5089 SMB_STRUCT_STAT sbuf;
5091 TALLOC_CTX *ctx = talloc_tos();
5093 START_PROFILE(SMBrmdir);
5095 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5096 smb_buf(req->inbuf) + 1, 0,
5097 STR_TERMINATE, &status);
5098 if (!NT_STATUS_IS_OK(status)) {
5099 reply_nterror(req, status);
5100 END_PROFILE(SMBrmdir);
5104 status = resolve_dfspath(ctx, conn,
5105 req->flags2 & FLAGS2_DFS_PATHNAMES,
5108 if (!NT_STATUS_IS_OK(status)) {
5109 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5110 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5111 ERRSRV, ERRbadpath);
5112 END_PROFILE(SMBrmdir);
5115 reply_nterror(req, status);
5116 END_PROFILE(SMBrmdir);
5120 status = unix_convert(ctx, conn, directory, False, &directory,
5122 if (!NT_STATUS_IS_OK(status)) {
5123 reply_nterror(req, status);
5124 END_PROFILE(SMBrmdir);
5128 status = check_name(conn, directory);
5129 if (!NT_STATUS_IS_OK(status)) {
5130 reply_nterror(req, status);
5131 END_PROFILE(SMBrmdir);
5135 dptr_closepath(directory, req->smbpid);
5136 status = rmdir_internals(ctx, conn, directory);
5137 if (!NT_STATUS_IS_OK(status)) {
5138 reply_nterror(req, status);
5139 END_PROFILE(SMBrmdir);
5143 reply_outbuf(req, 0, 0);
5145 DEBUG( 3, ( "rmdir %s\n", directory ) );
5147 END_PROFILE(SMBrmdir);
5151 /*******************************************************************
5152 Resolve wildcards in a filename rename.
5153 ********************************************************************/
5155 static bool resolve_wildcards(TALLOC_CTX *ctx,
5160 char *name2_copy = NULL;
5165 char *p,*p2, *pname1, *pname2;
5167 name2_copy = talloc_strdup(ctx, name2);
5172 pname1 = strrchr_m(name1,'/');
5173 pname2 = strrchr_m(name2_copy,'/');
5175 if (!pname1 || !pname2) {
5179 /* Truncate the copy of name2 at the last '/' */
5182 /* Now go past the '/' */
5186 root1 = talloc_strdup(ctx, pname1);
5187 root2 = talloc_strdup(ctx, pname2);
5189 if (!root1 || !root2) {
5193 p = strrchr_m(root1,'.');
5196 ext1 = talloc_strdup(ctx, p+1);
5198 ext1 = talloc_strdup(ctx, "");
5200 p = strrchr_m(root2,'.');
5203 ext2 = talloc_strdup(ctx, p+1);
5205 ext2 = talloc_strdup(ctx, "");
5208 if (!ext1 || !ext2) {
5216 /* Hmmm. Should this be mb-aware ? */
5219 } else if (*p2 == '*') {
5221 root2 = talloc_asprintf(ctx, "%s%s",
5240 /* Hmmm. Should this be mb-aware ? */
5243 } else if (*p2 == '*') {
5245 ext2 = talloc_asprintf(ctx, "%s%s",
5261 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5266 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5278 /****************************************************************************
5279 Ensure open files have their names updated. Updated to notify other smbd's
5281 ****************************************************************************/
5283 static void rename_open_files(connection_struct *conn,
5284 struct share_mode_lock *lck,
5285 const char *newname)
5288 bool did_rename = False;
5290 for(fsp = file_find_di_first(lck->id); fsp;
5291 fsp = file_find_di_next(fsp)) {
5292 /* fsp_name is a relative path under the fsp. To change this for other
5293 sharepaths we need to manipulate relative paths. */
5294 /* TODO - create the absolute path and manipulate the newname
5295 relative to the sharepath. */
5296 if (fsp->conn != conn) {
5299 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5300 fsp->fnum, file_id_string_tos(&fsp->file_id),
5301 fsp->fsp_name, newname ));
5302 string_set(&fsp->fsp_name, newname);
5307 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5308 file_id_string_tos(&lck->id), newname ));
5311 /* Send messages to all smbd's (not ourself) that the name has changed. */
5312 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5316 /****************************************************************************
5317 We need to check if the source path is a parent directory of the destination
5318 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5319 refuse the rename with a sharing violation. Under UNIX the above call can
5320 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5321 probably need to check that the client is a Windows one before disallowing
5322 this as a UNIX client (one with UNIX extensions) can know the source is a
5323 symlink and make this decision intelligently. Found by an excellent bug
5324 report from <AndyLiebman@aol.com>.
5325 ****************************************************************************/
5327 static bool rename_path_prefix_equal(const char *src, const char *dest)
5329 const char *psrc = src;
5330 const char *pdst = dest;
5333 if (psrc[0] == '.' && psrc[1] == '/') {
5336 if (pdst[0] == '.' && pdst[1] == '/') {
5339 if ((slen = strlen(psrc)) > strlen(pdst)) {
5342 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5346 * Do the notify calls from a rename
5349 static void notify_rename(connection_struct *conn, bool is_dir,
5350 const char *oldpath, const char *newpath)
5352 char *olddir, *newdir;
5353 const char *oldname, *newname;
5356 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5357 : FILE_NOTIFY_CHANGE_FILE_NAME;
5359 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5360 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5361 TALLOC_FREE(olddir);
5365 if (strcmp(olddir, newdir) == 0) {
5366 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5367 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5370 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5371 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5373 TALLOC_FREE(olddir);
5374 TALLOC_FREE(newdir);
5376 /* this is a strange one. w2k3 gives an additional event for
5377 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5378 files, but not directories */
5380 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5381 FILE_NOTIFY_CHANGE_ATTRIBUTES
5382 |FILE_NOTIFY_CHANGE_CREATION,
5387 /****************************************************************************
5388 Rename an open file - given an fsp.
5389 ****************************************************************************/
5391 NTSTATUS rename_internals_fsp(connection_struct *conn,
5394 const char *newname_last_component,
5396 bool replace_if_exists)
5398 TALLOC_CTX *ctx = talloc_tos();
5399 SMB_STRUCT_STAT sbuf, sbuf1;
5400 NTSTATUS status = NT_STATUS_OK;
5401 struct share_mode_lock *lck = NULL;
5406 status = check_name(conn, newname);
5407 if (!NT_STATUS_IS_OK(status)) {
5411 /* Ensure newname contains a '/' */
5412 if(strrchr_m(newname,'/') == 0) {
5413 newname = talloc_asprintf(ctx,
5417 return NT_STATUS_NO_MEMORY;
5422 * Check for special case with case preserving and not
5423 * case sensitive. If the old last component differs from the original
5424 * last component only by case, then we should allow
5425 * the rename (user is trying to change the case of the
5429 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5430 strequal(newname, fsp->fsp_name)) {
5432 char *newname_modified_last_component = NULL;
5435 * Get the last component of the modified name.
5436 * Note that we guarantee that newname contains a '/'
5439 p = strrchr_m(newname,'/');
5440 newname_modified_last_component = talloc_strdup(ctx,
5442 if (!newname_modified_last_component) {
5443 return NT_STATUS_NO_MEMORY;
5446 if(strcsequal(newname_modified_last_component,
5447 newname_last_component) == False) {
5449 * Replace the modified last component with
5452 *p = '\0'; /* Truncate at the '/' */
5453 newname = talloc_asprintf(ctx,
5456 newname_last_component);
5461 * If the src and dest names are identical - including case,
5462 * don't do the rename, just return success.
5465 if (strcsequal(fsp->fsp_name, newname)) {
5466 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5468 return NT_STATUS_OK;
5472 * Have vfs_object_exist also fill sbuf1
5474 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5476 if(!replace_if_exists && dst_exists) {
5477 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5478 fsp->fsp_name,newname));
5479 return NT_STATUS_OBJECT_NAME_COLLISION;
5483 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5484 files_struct *dst_fsp = file_find_di_first(fileid);
5486 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5487 return NT_STATUS_ACCESS_DENIED;
5491 /* Ensure we have a valid stat struct for the source. */
5492 if (fsp->fh->fd != -1) {
5493 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5494 return map_nt_error_from_unix(errno);
5497 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5498 return map_nt_error_from_unix(errno);
5502 status = can_rename(conn, fsp, attrs, &sbuf);
5504 if (!NT_STATUS_IS_OK(status)) {
5505 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5506 nt_errstr(status), fsp->fsp_name,newname));
5507 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5508 status = NT_STATUS_ACCESS_DENIED;
5512 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5513 return NT_STATUS_ACCESS_DENIED;
5516 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL);
5519 * We have the file open ourselves, so not being able to get the
5520 * corresponding share mode lock is a fatal error.
5523 SMB_ASSERT(lck != NULL);
5525 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5526 uint32 create_options = fsp->fh->private_options;
5528 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5529 fsp->fsp_name,newname));
5531 rename_open_files(conn, lck, newname);
5533 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5536 * A rename acts as a new file create w.r.t. allowing an initial delete
5537 * on close, probably because in Windows there is a new handle to the
5538 * new file. If initial delete on close was requested but not
5539 * originally set, we need to set it here. This is probably not 100% correct,
5540 * but will work for the CIFSFS client which in non-posix mode
5541 * depends on these semantics. JRA.
5544 set_allow_initial_delete_on_close(lck, fsp, True);
5546 if (create_options & FILE_DELETE_ON_CLOSE) {
5547 status = can_set_delete_on_close(fsp, True, 0);
5549 if (NT_STATUS_IS_OK(status)) {
5550 /* Note that here we set the *inital* delete on close flag,
5551 * not the regular one. The magic gets handled in close. */
5552 fsp->initial_delete_on_close = True;
5556 return NT_STATUS_OK;
5561 if (errno == ENOTDIR || errno == EISDIR) {
5562 status = NT_STATUS_OBJECT_NAME_COLLISION;
5564 status = map_nt_error_from_unix(errno);
5567 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5568 nt_errstr(status), fsp->fsp_name,newname));
5573 /****************************************************************************
5574 The guts of the rename command, split out so it may be called by the NT SMB
5576 ****************************************************************************/
5578 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5579 connection_struct *conn,
5580 struct smb_request *req,
5581 const char *name_in,
5582 const char *newname_in,
5584 bool replace_if_exists,
5588 char *directory = NULL;
5590 char *last_component_src = NULL;
5591 char *last_component_dest = NULL;
5593 char *newname = NULL;
5596 NTSTATUS status = NT_STATUS_OK;
5597 SMB_STRUCT_STAT sbuf1, sbuf2;
5598 struct smb_Dir *dir_hnd = NULL;
5605 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5606 &last_component_src, &sbuf1);
5607 if (!NT_STATUS_IS_OK(status)) {
5611 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5612 &last_component_dest, &sbuf2);
5613 if (!NT_STATUS_IS_OK(status)) {
5618 * Split the old name into directory and last component
5619 * strings. Note that unix_convert may have stripped off a
5620 * leading ./ from both name and newname if the rename is
5621 * at the root of the share. We need to make sure either both
5622 * name and newname contain a / character or neither of them do
5623 * as this is checked in resolve_wildcards().
5626 p = strrchr_m(name,'/');
5628 directory = talloc_strdup(ctx, ".");
5630 return NT_STATUS_NO_MEMORY;
5635 directory = talloc_strdup(ctx, name);
5637 return NT_STATUS_NO_MEMORY;
5640 *p = '/'; /* Replace needed for exceptional test below. */
5644 * We should only check the mangled cache
5645 * here if unix_convert failed. This means
5646 * that the path in 'mask' doesn't exist
5647 * on the file system and so we need to look
5648 * for a possible mangle. This patch from
5649 * Tine Smukavec <valentin.smukavec@hermes.si>.
5652 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5653 char *new_mask = NULL;
5654 mangle_lookup_name_from_8_3(ctx,
5663 if (!src_has_wild) {
5667 * No wildcards - just process the one file.
5669 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5671 /* Add a terminating '/' to the directory name. */
5672 directory = talloc_asprintf_append(directory,
5676 return NT_STATUS_NO_MEMORY;
5679 /* Ensure newname contains a '/' also */
5680 if(strrchr_m(newname,'/') == 0) {
5681 newname = talloc_asprintf(ctx,
5685 return NT_STATUS_NO_MEMORY;
5689 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5690 "case_preserve = %d, short case preserve = %d, "
5691 "directory = %s, newname = %s, "
5692 "last_component_dest = %s, is_8_3 = %d\n",
5693 conn->case_sensitive, conn->case_preserve,
5694 conn->short_case_preserve, directory,
5695 newname, last_component_dest, is_short_name));
5697 /* The dest name still may have wildcards. */
5698 if (dest_has_wild) {
5699 char *mod_newname = NULL;
5700 if (!resolve_wildcards(ctx,
5701 directory,newname,&mod_newname)) {
5702 DEBUG(6, ("rename_internals: resolve_wildcards "
5706 return NT_STATUS_NO_MEMORY;
5708 newname = mod_newname;
5712 SMB_VFS_STAT(conn, directory, &sbuf1);
5714 status = S_ISDIR(sbuf1.st_mode) ?
5715 open_directory(conn, req, directory, &sbuf1,
5717 FILE_SHARE_READ|FILE_SHARE_WRITE,
5718 FILE_OPEN, 0, 0, NULL,
5720 : open_file_ntcreate(conn, req, directory, &sbuf1,
5722 FILE_SHARE_READ|FILE_SHARE_WRITE,
5723 FILE_OPEN, 0, 0, 0, NULL,
5726 if (!NT_STATUS_IS_OK(status)) {
5727 DEBUG(3, ("Could not open rename source %s: %s\n",
5728 directory, nt_errstr(status)));
5732 status = rename_internals_fsp(conn, fsp, newname,
5733 last_component_dest,
5734 attrs, replace_if_exists);
5736 close_file(fsp, NORMAL_CLOSE);
5738 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5739 nt_errstr(status), directory,newname));
5745 * Wildcards - process each file that matches.
5747 if (strequal(mask,"????????.???")) {
5752 status = check_name(conn, directory);
5753 if (!NT_STATUS_IS_OK(status)) {
5757 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5758 if (dir_hnd == NULL) {
5759 return map_nt_error_from_unix(errno);
5762 status = NT_STATUS_NO_SUCH_FILE;
5764 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5765 * - gentest fix. JRA
5768 while ((dname = ReadDirName(dir_hnd, &offset))) {
5769 files_struct *fsp = NULL;
5771 char *destname = NULL;
5772 bool sysdir_entry = False;
5774 /* Quick check for "." and ".." */
5775 if (ISDOT(dname) || ISDOTDOT(dname)) {
5777 sysdir_entry = True;
5783 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5787 if(!mask_match(dname, mask, conn->case_sensitive)) {
5792 status = NT_STATUS_OBJECT_NAME_INVALID;
5796 fname = talloc_asprintf(ctx,
5801 return NT_STATUS_NO_MEMORY;
5804 if (!resolve_wildcards(ctx,
5805 fname,newname,&destname)) {
5806 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5812 return NT_STATUS_NO_MEMORY;
5816 SMB_VFS_STAT(conn, fname, &sbuf1);
5818 status = S_ISDIR(sbuf1.st_mode) ?
5819 open_directory(conn, req, fname, &sbuf1,
5821 FILE_SHARE_READ|FILE_SHARE_WRITE,
5822 FILE_OPEN, 0, 0, NULL,
5824 : open_file_ntcreate(conn, req, fname, &sbuf1,
5826 FILE_SHARE_READ|FILE_SHARE_WRITE,
5827 FILE_OPEN, 0, 0, 0, NULL,
5830 if (!NT_STATUS_IS_OK(status)) {
5831 DEBUG(3,("rename_internals: open_file_ntcreate "
5832 "returned %s rename %s -> %s\n",
5833 nt_errstr(status), directory, newname));
5837 status = rename_internals_fsp(conn, fsp, destname, dname,
5838 attrs, replace_if_exists);
5840 close_file(fsp, NORMAL_CLOSE);
5842 if (!NT_STATUS_IS_OK(status)) {
5843 DEBUG(3, ("rename_internals_fsp returned %s for "
5844 "rename %s -> %s\n", nt_errstr(status),
5845 directory, newname));
5851 DEBUG(3,("rename_internals: doing rename on %s -> "
5852 "%s\n",fname,destname));
5855 TALLOC_FREE(destname);
5857 TALLOC_FREE(dir_hnd);
5859 if (count == 0 && NT_STATUS_IS_OK(status)) {
5860 status = map_nt_error_from_unix(errno);
5866 /****************************************************************************
5868 ****************************************************************************/
5870 void reply_mv(struct smb_request *req)
5872 connection_struct *conn = req->conn;
5874 char *newname = NULL;
5878 bool src_has_wcard = False;
5879 bool dest_has_wcard = False;
5880 TALLOC_CTX *ctx = talloc_tos();
5882 START_PROFILE(SMBmv);
5885 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5890 attrs = SVAL(req->inbuf,smb_vwv0);
5892 p = smb_buf(req->inbuf) + 1;
5893 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5894 0, STR_TERMINATE, &status,
5896 if (!NT_STATUS_IS_OK(status)) {
5897 reply_nterror(req, status);
5902 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5903 0, STR_TERMINATE, &status,
5905 if (!NT_STATUS_IS_OK(status)) {
5906 reply_nterror(req, status);
5911 status = resolve_dfspath_wcard(ctx, conn,
5912 req->flags2 & FLAGS2_DFS_PATHNAMES,
5916 if (!NT_STATUS_IS_OK(status)) {
5917 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5918 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5919 ERRSRV, ERRbadpath);
5923 reply_nterror(req, status);
5928 status = resolve_dfspath_wcard(ctx, conn,
5929 req->flags2 & FLAGS2_DFS_PATHNAMES,
5933 if (!NT_STATUS_IS_OK(status)) {
5934 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5935 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5936 ERRSRV, ERRbadpath);
5940 reply_nterror(req, status);
5945 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5947 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5948 src_has_wcard, dest_has_wcard);
5949 if (!NT_STATUS_IS_OK(status)) {
5950 if (open_was_deferred(req->mid)) {
5951 /* We have re-scheduled this call. */
5955 reply_nterror(req, status);
5960 reply_outbuf(req, 0, 0);
5966 /*******************************************************************
5967 Copy a file as part of a reply_copy.
5968 ******************************************************************/
5971 * TODO: check error codes on all callers
5974 NTSTATUS copy_file(TALLOC_CTX *ctx,
5975 connection_struct *conn,
5980 bool target_is_directory)
5982 SMB_STRUCT_STAT src_sbuf, sbuf2;
5984 files_struct *fsp1,*fsp2;
5987 uint32 new_create_disposition;
5990 dest = talloc_strdup(ctx, dest1);
5992 return NT_STATUS_NO_MEMORY;
5994 if (target_is_directory) {
5995 const char *p = strrchr_m(src,'/');
6001 dest = talloc_asprintf_append(dest,
6005 return NT_STATUS_NO_MEMORY;
6009 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6011 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6014 if (!target_is_directory && count) {
6015 new_create_disposition = FILE_OPEN;
6017 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6018 NULL, NULL, &new_create_disposition, NULL)) {
6020 return NT_STATUS_INVALID_PARAMETER;
6024 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6026 FILE_SHARE_READ|FILE_SHARE_WRITE,
6029 FILE_ATTRIBUTE_NORMAL,
6033 if (!NT_STATUS_IS_OK(status)) {
6038 dosattrs = dos_mode(conn, src, &src_sbuf);
6039 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6040 ZERO_STRUCTP(&sbuf2);
6043 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6045 FILE_SHARE_READ|FILE_SHARE_WRITE,
6046 new_create_disposition,
6054 if (!NT_STATUS_IS_OK(status)) {
6055 close_file(fsp1,ERROR_CLOSE);
6059 if ((ofun&3) == 1) {
6060 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6061 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6063 * Stop the copy from occurring.
6066 src_sbuf.st_size = 0;
6070 if (src_sbuf.st_size) {
6071 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6074 close_file(fsp1,NORMAL_CLOSE);
6076 /* Ensure the modtime is set correctly on the destination file. */
6077 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
6080 * As we are opening fsp1 read-only we only expect
6081 * an error on close on fsp2 if we are out of space.
6082 * Thus we don't look at the error return from the
6085 status = close_file(fsp2,NORMAL_CLOSE);
6087 if (!NT_STATUS_IS_OK(status)) {
6091 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6092 return NT_STATUS_DISK_FULL;
6095 return NT_STATUS_OK;
6098 /****************************************************************************
6099 Reply to a file copy.
6100 ****************************************************************************/
6102 void reply_copy(struct smb_request *req)
6104 connection_struct *conn = req->conn;
6106 char *newname = NULL;
6107 char *directory = NULL;
6111 int error = ERRnoaccess;
6116 bool target_is_directory=False;
6117 bool source_has_wild = False;
6118 bool dest_has_wild = False;
6119 SMB_STRUCT_STAT sbuf1, sbuf2;
6121 TALLOC_CTX *ctx = talloc_tos();
6123 START_PROFILE(SMBcopy);
6126 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6127 END_PROFILE(SMBcopy);
6131 tid2 = SVAL(req->inbuf,smb_vwv0);
6132 ofun = SVAL(req->inbuf,smb_vwv1);
6133 flags = SVAL(req->inbuf,smb_vwv2);
6135 p = smb_buf(req->inbuf);
6136 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6137 0, STR_TERMINATE, &status,
6139 if (!NT_STATUS_IS_OK(status)) {
6140 reply_nterror(req, status);
6141 END_PROFILE(SMBcopy);
6144 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6145 0, STR_TERMINATE, &status,
6147 if (!NT_STATUS_IS_OK(status)) {
6148 reply_nterror(req, status);
6149 END_PROFILE(SMBcopy);
6153 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6155 if (tid2 != conn->cnum) {
6156 /* can't currently handle inter share copies XXXX */
6157 DEBUG(3,("Rejecting inter-share copy\n"));
6158 reply_doserror(req, ERRSRV, ERRinvdevice);
6159 END_PROFILE(SMBcopy);
6163 status = resolve_dfspath_wcard(ctx, conn,
6164 req->flags2 & FLAGS2_DFS_PATHNAMES,
6168 if (!NT_STATUS_IS_OK(status)) {
6169 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6170 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6171 ERRSRV, ERRbadpath);
6172 END_PROFILE(SMBcopy);
6175 reply_nterror(req, status);
6176 END_PROFILE(SMBcopy);
6180 status = resolve_dfspath_wcard(ctx, conn,
6181 req->flags2 & FLAGS2_DFS_PATHNAMES,
6185 if (!NT_STATUS_IS_OK(status)) {
6186 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6187 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6188 ERRSRV, ERRbadpath);
6189 END_PROFILE(SMBcopy);
6192 reply_nterror(req, status);
6193 END_PROFILE(SMBcopy);
6197 status = unix_convert(ctx, conn, name, source_has_wild,
6198 &name, NULL, &sbuf1);
6199 if (!NT_STATUS_IS_OK(status)) {
6200 reply_nterror(req, status);
6201 END_PROFILE(SMBcopy);
6205 status = unix_convert(ctx, conn, newname, dest_has_wild,
6206 &newname, NULL, &sbuf2);
6207 if (!NT_STATUS_IS_OK(status)) {
6208 reply_nterror(req, status);
6209 END_PROFILE(SMBcopy);
6213 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6215 if ((flags&1) && target_is_directory) {
6216 reply_doserror(req, ERRDOS, ERRbadfile);
6217 END_PROFILE(SMBcopy);
6221 if ((flags&2) && !target_is_directory) {
6222 reply_doserror(req, ERRDOS, ERRbadpath);
6223 END_PROFILE(SMBcopy);
6227 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6228 /* wants a tree copy! XXXX */
6229 DEBUG(3,("Rejecting tree copy\n"));
6230 reply_doserror(req, ERRSRV, ERRerror);
6231 END_PROFILE(SMBcopy);
6235 p = strrchr_m(name,'/');
6237 directory = talloc_strdup(ctx, "./");
6239 reply_nterror(req, NT_STATUS_NO_MEMORY);
6240 END_PROFILE(SMBcopy);
6246 directory = talloc_strdup(ctx, name);
6248 reply_nterror(req, NT_STATUS_NO_MEMORY);
6249 END_PROFILE(SMBcopy);
6256 * We should only check the mangled cache
6257 * here if unix_convert failed. This means
6258 * that the path in 'mask' doesn't exist
6259 * on the file system and so we need to look
6260 * for a possible mangle. This patch from
6261 * Tine Smukavec <valentin.smukavec@hermes.si>.
6264 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6265 char *new_mask = NULL;
6266 mangle_lookup_name_from_8_3(ctx,
6275 if (!source_has_wild) {
6276 directory = talloc_asprintf_append(directory,
6279 if (dest_has_wild) {
6280 char *mod_newname = NULL;
6281 if (!resolve_wildcards(ctx,
6282 directory,newname,&mod_newname)) {
6283 reply_nterror(req, NT_STATUS_NO_MEMORY);
6284 END_PROFILE(SMBcopy);
6287 newname = mod_newname;
6290 status = check_name(conn, directory);
6291 if (!NT_STATUS_IS_OK(status)) {
6292 reply_nterror(req, status);
6293 END_PROFILE(SMBcopy);
6297 status = check_name(conn, newname);
6298 if (!NT_STATUS_IS_OK(status)) {
6299 reply_nterror(req, status);
6300 END_PROFILE(SMBcopy);
6304 status = copy_file(ctx,conn,directory,newname,ofun,
6305 count,target_is_directory);
6307 if(!NT_STATUS_IS_OK(status)) {
6308 reply_nterror(req, status);
6309 END_PROFILE(SMBcopy);
6315 struct smb_Dir *dir_hnd = NULL;
6316 const char *dname = NULL;
6319 if (strequal(mask,"????????.???")) {
6324 status = check_name(conn, directory);
6325 if (!NT_STATUS_IS_OK(status)) {
6326 reply_nterror(req, status);
6327 END_PROFILE(SMBcopy);
6331 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6332 if (dir_hnd == NULL) {
6333 status = map_nt_error_from_unix(errno);
6334 reply_nterror(req, status);
6335 END_PROFILE(SMBcopy);
6341 while ((dname = ReadDirName(dir_hnd, &offset))) {
6342 char *destname = NULL;
6345 if (ISDOT(dname) || ISDOTDOT(dname)) {
6349 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6353 if(!mask_match(dname, mask, conn->case_sensitive)) {
6357 error = ERRnoaccess;
6358 fname = talloc_asprintf(ctx,
6363 TALLOC_FREE(dir_hnd);
6364 reply_nterror(req, NT_STATUS_NO_MEMORY);
6365 END_PROFILE(SMBcopy);
6369 if (!resolve_wildcards(ctx,
6370 fname,newname,&destname)) {
6374 TALLOC_FREE(dir_hnd);
6375 reply_nterror(req, NT_STATUS_NO_MEMORY);
6376 END_PROFILE(SMBcopy);
6380 status = check_name(conn, fname);
6381 if (!NT_STATUS_IS_OK(status)) {
6382 TALLOC_FREE(dir_hnd);
6383 reply_nterror(req, status);
6384 END_PROFILE(SMBcopy);
6388 status = check_name(conn, destname);
6389 if (!NT_STATUS_IS_OK(status)) {
6390 TALLOC_FREE(dir_hnd);
6391 reply_nterror(req, status);
6392 END_PROFILE(SMBcopy);
6396 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6398 status = copy_file(ctx,conn,fname,destname,ofun,
6399 count,target_is_directory);
6400 if (NT_STATUS_IS_OK(status)) {
6404 TALLOC_FREE(destname);
6406 TALLOC_FREE(dir_hnd);
6411 /* Error on close... */
6413 reply_unixerror(req, ERRHRD, ERRgeneral);
6414 END_PROFILE(SMBcopy);
6418 reply_doserror(req, ERRDOS, error);
6419 END_PROFILE(SMBcopy);
6423 reply_outbuf(req, 1, 0);
6424 SSVAL(req->outbuf,smb_vwv0,count);
6426 END_PROFILE(SMBcopy);
6431 #define DBGC_CLASS DBGC_LOCKING
6433 /****************************************************************************
6434 Get a lock pid, dealing with large count requests.
6435 ****************************************************************************/
6437 uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6439 if(!large_file_format)
6440 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6442 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6445 /****************************************************************************
6446 Get a lock count, dealing with large count requests.
6447 ****************************************************************************/
6449 SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6451 SMB_BIG_UINT count = 0;
6453 if(!large_file_format) {
6454 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6457 #if defined(HAVE_LONGLONG)
6458 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6459 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6460 #else /* HAVE_LONGLONG */
6463 * NT4.x seems to be broken in that it sends large file (64 bit)
6464 * lockingX calls even if the CAP_LARGE_FILES was *not*
6465 * negotiated. For boxes without large unsigned ints truncate the
6466 * lock count by dropping the top 32 bits.
6469 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6470 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6471 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6472 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6473 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6476 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6477 #endif /* HAVE_LONGLONG */
6483 #if !defined(HAVE_LONGLONG)
6484 /****************************************************************************
6485 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6486 ****************************************************************************/
6488 static uint32 map_lock_offset(uint32 high, uint32 low)
6492 uint32 highcopy = high;
6495 * Try and find out how many significant bits there are in high.
6498 for(i = 0; highcopy; i++)
6502 * We use 31 bits not 32 here as POSIX
6503 * lock offsets may not be negative.
6506 mask = (~0) << (31 - i);
6509 return 0; /* Fail. */
6515 #endif /* !defined(HAVE_LONGLONG) */
6517 /****************************************************************************
6518 Get a lock offset, dealing with large offset requests.
6519 ****************************************************************************/
6521 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6523 SMB_BIG_UINT offset = 0;
6527 if(!large_file_format) {
6528 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6531 #if defined(HAVE_LONGLONG)
6532 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6533 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6534 #else /* HAVE_LONGLONG */
6537 * NT4.x seems to be broken in that it sends large file (64 bit)
6538 * lockingX calls even if the CAP_LARGE_FILES was *not*
6539 * negotiated. For boxes without large unsigned ints mangle the
6540 * lock offset by mapping the top 32 bits onto the lower 32.
6543 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6544 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6545 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6548 if((new_low = map_lock_offset(high, low)) == 0) {
6550 return (SMB_BIG_UINT)-1;
6553 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6554 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6555 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6556 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6559 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6560 #endif /* HAVE_LONGLONG */
6566 /****************************************************************************
6567 Reply to a lockingX request.
6568 ****************************************************************************/
6570 void reply_lockingX(struct smb_request *req)
6572 connection_struct *conn = req->conn;
6574 unsigned char locktype;
6575 unsigned char oplocklevel;
6578 SMB_BIG_UINT count = 0, offset = 0;
6583 bool large_file_format;
6585 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6587 START_PROFILE(SMBlockingX);
6590 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6591 END_PROFILE(SMBlockingX);
6595 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6596 locktype = CVAL(req->inbuf,smb_vwv3);
6597 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6598 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6599 num_locks = SVAL(req->inbuf,smb_vwv7);
6600 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6601 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6603 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6604 END_PROFILE(SMBlockingX);
6608 data = smb_buf(req->inbuf);
6610 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6611 /* we don't support these - and CANCEL_LOCK makes w2k
6612 and XP reboot so I don't really want to be
6613 compatible! (tridge) */
6614 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6615 END_PROFILE(SMBlockingX);
6619 /* Check if this is an oplock break on a file
6620 we have granted an oplock on.
6622 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6623 /* Client can insist on breaking to none. */
6624 bool break_to_none = (oplocklevel == 0);
6627 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6628 "for fnum = %d\n", (unsigned int)oplocklevel,
6632 * Make sure we have granted an exclusive or batch oplock on
6636 if (fsp->oplock_type == 0) {
6638 /* The Samba4 nbench simulator doesn't understand
6639 the difference between break to level2 and break
6640 to none from level2 - it sends oplock break
6641 replies in both cases. Don't keep logging an error
6642 message here - just ignore it. JRA. */
6644 DEBUG(5,("reply_lockingX: Error : oplock break from "
6645 "client for fnum = %d (oplock=%d) and no "
6646 "oplock granted on this file (%s).\n",
6647 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6649 /* if this is a pure oplock break request then don't
6651 if (num_locks == 0 && num_ulocks == 0) {
6652 END_PROFILE(SMBlockingX);
6655 END_PROFILE(SMBlockingX);
6656 reply_doserror(req, ERRDOS, ERRlock);
6661 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6663 result = remove_oplock(fsp);
6665 result = downgrade_oplock(fsp);
6669 DEBUG(0, ("reply_lockingX: error in removing "
6670 "oplock on file %s\n", fsp->fsp_name));
6671 /* Hmmm. Is this panic justified? */
6672 smb_panic("internal tdb error");
6675 reply_to_oplock_break_requests(fsp);
6677 /* if this is a pure oplock break request then don't send a
6679 if (num_locks == 0 && num_ulocks == 0) {
6680 /* Sanity check - ensure a pure oplock break is not a
6682 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6683 DEBUG(0,("reply_lockingX: Error : pure oplock "
6684 "break is a chained %d request !\n",
6685 (unsigned int)CVAL(req->inbuf,
6687 END_PROFILE(SMBlockingX);
6693 * We do this check *after* we have checked this is not a oplock break
6694 * response message. JRA.
6697 release_level_2_oplocks_on_change(fsp);
6699 if (smb_buflen(req->inbuf) <
6700 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6701 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6702 END_PROFILE(SMBlockingX);
6706 /* Data now points at the beginning of the list
6707 of smb_unlkrng structs */
6708 for(i = 0; i < (int)num_ulocks; i++) {
6709 lock_pid = get_lock_pid( data, i, large_file_format);
6710 count = get_lock_count( data, i, large_file_format);
6711 offset = get_lock_offset( data, i, large_file_format, &err);
6714 * There is no error code marked "stupid client bug".... :-).
6717 END_PROFILE(SMBlockingX);
6718 reply_doserror(req, ERRDOS, ERRnoaccess);
6722 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6723 "pid %u, file %s\n", (double)offset, (double)count,
6724 (unsigned int)lock_pid, fsp->fsp_name ));
6726 status = do_unlock(smbd_messaging_context(),
6733 if (NT_STATUS_V(status)) {
6734 END_PROFILE(SMBlockingX);
6735 reply_nterror(req, status);
6740 /* Setup the timeout in seconds. */
6742 if (!lp_blocking_locks(SNUM(conn))) {
6746 /* Now do any requested locks */
6747 data += ((large_file_format ? 20 : 10)*num_ulocks);
6749 /* Data now points at the beginning of the list
6750 of smb_lkrng structs */
6752 for(i = 0; i < (int)num_locks; i++) {
6753 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6754 READ_LOCK:WRITE_LOCK);
6755 lock_pid = get_lock_pid( data, i, large_file_format);
6756 count = get_lock_count( data, i, large_file_format);
6757 offset = get_lock_offset( data, i, large_file_format, &err);
6760 * There is no error code marked "stupid client bug".... :-).
6763 END_PROFILE(SMBlockingX);
6764 reply_doserror(req, ERRDOS, ERRnoaccess);
6768 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6769 "%u, file %s timeout = %d\n", (double)offset,
6770 (double)count, (unsigned int)lock_pid,
6771 fsp->fsp_name, (int)lock_timeout ));
6773 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6774 if (lp_blocking_locks(SNUM(conn))) {
6776 /* Schedule a message to ourselves to
6777 remove the blocking lock record and
6778 return the right error. */
6780 if (!blocking_lock_cancel(fsp,
6786 NT_STATUS_FILE_LOCK_CONFLICT)) {
6787 END_PROFILE(SMBlockingX);
6792 ERRcancelviolation));
6796 /* Remove a matching pending lock. */
6797 status = do_lock_cancel(fsp,
6803 bool blocking_lock = lock_timeout ? True : False;
6804 bool defer_lock = False;
6805 struct byte_range_lock *br_lck;
6806 uint32 block_smbpid;
6808 br_lck = do_lock(smbd_messaging_context(),
6819 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6820 /* Windows internal resolution for blocking locks seems
6821 to be about 200ms... Don't wait for less than that. JRA. */
6822 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6823 lock_timeout = lp_lock_spin_time();
6828 /* This heuristic seems to match W2K3 very well. If a
6829 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6830 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6831 far as I can tell. Replacement for do_lock_spin(). JRA. */
6833 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6834 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6836 lock_timeout = lp_lock_spin_time();
6839 if (br_lck && defer_lock) {
6841 * A blocking lock was requested. Package up
6842 * this smb into a queued request and push it
6843 * onto the blocking lock queue.
6845 if(push_blocking_lock_request(br_lck,
6856 TALLOC_FREE(br_lck);
6857 END_PROFILE(SMBlockingX);
6862 TALLOC_FREE(br_lck);
6865 if (NT_STATUS_V(status)) {
6866 END_PROFILE(SMBlockingX);
6867 reply_nterror(req, status);
6872 /* If any of the above locks failed, then we must unlock
6873 all of the previous locks (X/Open spec). */
6875 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6879 * Ensure we don't do a remove on the lock that just failed,
6880 * as under POSIX rules, if we have a lock already there, we
6881 * will delete it (and we shouldn't) .....
6883 for(i--; i >= 0; i--) {
6884 lock_pid = get_lock_pid( data, i, large_file_format);
6885 count = get_lock_count( data, i, large_file_format);
6886 offset = get_lock_offset( data, i, large_file_format,
6890 * There is no error code marked "stupid client
6894 END_PROFILE(SMBlockingX);
6895 reply_doserror(req, ERRDOS, ERRnoaccess);
6899 do_unlock(smbd_messaging_context(),
6906 END_PROFILE(SMBlockingX);
6907 reply_nterror(req, status);
6911 reply_outbuf(req, 2, 0);
6913 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6914 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6916 END_PROFILE(SMBlockingX);
6921 #define DBGC_CLASS DBGC_ALL
6923 /****************************************************************************
6924 Reply to a SMBreadbmpx (read block multiplex) request.
6925 Always reply with an error, if someone has a platform really needs this,
6926 please contact vl@samba.org
6927 ****************************************************************************/
6929 void reply_readbmpx(struct smb_request *req)
6931 START_PROFILE(SMBreadBmpx);
6932 reply_doserror(req, ERRSRV, ERRuseSTD);
6933 END_PROFILE(SMBreadBmpx);
6937 /****************************************************************************
6938 Reply to a SMBreadbs (read block multiplex secondary) request.
6939 Always reply with an error, if someone has a platform really needs this,
6940 please contact vl@samba.org
6941 ****************************************************************************/
6943 void reply_readbs(struct smb_request *req)
6945 START_PROFILE(SMBreadBs);
6946 reply_doserror(req, ERRSRV, ERRuseSTD);
6947 END_PROFILE(SMBreadBs);
6951 /****************************************************************************
6952 Reply to a SMBsetattrE.
6953 ****************************************************************************/
6955 void reply_setattrE(struct smb_request *req)
6957 connection_struct *conn = req->conn;
6958 struct timespec ts[2];
6961 START_PROFILE(SMBsetattrE);
6964 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6965 END_PROFILE(SMBsetattrE);
6969 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6971 if(!fsp || (fsp->conn != conn)) {
6972 reply_doserror(req, ERRDOS, ERRbadfid);
6973 END_PROFILE(SMBsetattrE);
6979 * Convert the DOS times into unix times. Ignore create
6980 * time as UNIX can't set this.
6983 ts[0] = convert_time_t_to_timespec(
6984 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
6985 ts[1] = convert_time_t_to_timespec(
6986 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
6988 reply_outbuf(req, 0, 0);
6991 * Patch from Ray Frush <frush@engr.colostate.edu>
6992 * Sometimes times are sent as zero - ignore them.
6995 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6996 /* Ignore request */
6997 if( DEBUGLVL( 3 ) ) {
6998 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6999 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
7001 END_PROFILE(SMBsetattrE);
7003 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
7004 /* set modify time = to access time if modify time was unset */
7008 /* Set the date on this file */
7009 /* Should we set pending modtime here ? JRA */
7010 if(file_ntimes(conn, fsp->fsp_name, ts)) {
7011 reply_doserror(req, ERRDOS, ERRnoaccess);
7012 END_PROFILE(SMBsetattrE);
7016 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7018 (unsigned int)ts[0].tv_sec,
7019 (unsigned int)ts[1].tv_sec));
7021 END_PROFILE(SMBsetattrE);
7026 /* Back from the dead for OS/2..... JRA. */
7028 /****************************************************************************
7029 Reply to a SMBwritebmpx (write block multiplex primary) request.
7030 Always reply with an error, if someone has a platform really needs this,
7031 please contact vl@samba.org
7032 ****************************************************************************/
7034 void reply_writebmpx(struct smb_request *req)
7036 START_PROFILE(SMBwriteBmpx);
7037 reply_doserror(req, ERRSRV, ERRuseSTD);
7038 END_PROFILE(SMBwriteBmpx);
7042 /****************************************************************************
7043 Reply to a SMBwritebs (write block multiplex secondary) request.
7044 Always reply with an error, if someone has a platform really needs this,
7045 please contact vl@samba.org
7046 ****************************************************************************/
7048 void reply_writebs(struct smb_request *req)
7050 START_PROFILE(SMBwriteBs);
7051 reply_doserror(req, ERRSRV, ERRuseSTD);
7052 END_PROFILE(SMBwriteBs);
7056 /****************************************************************************
7057 Reply to a SMBgetattrE.
7058 ****************************************************************************/
7060 void reply_getattrE(struct smb_request *req)
7062 connection_struct *conn = req->conn;
7063 SMB_STRUCT_STAT sbuf;
7067 START_PROFILE(SMBgetattrE);
7070 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7071 END_PROFILE(SMBgetattrE);
7075 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7077 if(!fsp || (fsp->conn != conn)) {
7078 reply_doserror(req, ERRDOS, ERRbadfid);
7079 END_PROFILE(SMBgetattrE);
7083 /* Do an fstat on this file */
7084 if(fsp_stat(fsp, &sbuf)) {
7085 reply_unixerror(req, ERRDOS, ERRnoaccess);
7086 END_PROFILE(SMBgetattrE);
7090 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7093 * Convert the times into dos times. Set create
7094 * date to be last modify date as UNIX doesn't save
7098 reply_outbuf(req, 11, 0);
7100 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
7101 get_create_time(&sbuf,
7102 lp_fake_dir_create_times(SNUM(conn))));
7103 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7104 /* Should we check pending modtime here ? JRA */
7105 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7108 SIVAL(req->outbuf, smb_vwv6, 0);
7109 SIVAL(req->outbuf, smb_vwv8, 0);
7111 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7112 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7113 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7115 SSVAL(req->outbuf,smb_vwv10, mode);
7117 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7119 END_PROFILE(SMBgetattrE);