2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 This file handles most of the reply_ calls that the server
23 makes to handle specific protocols
28 /* look in server.c for some explanation of these variables */
29 extern enum protocol_types Protocol;
31 unsigned int smb_echo_count = 0;
32 extern uint32 global_client_caps;
34 extern struct current_user current_user;
35 extern BOOL global_encrypted_passwords_negotiated;
37 /****************************************************************************
38 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
39 path or anything including wildcards.
40 We're assuming here that '/' is not the second byte in any multibyte char
41 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
43 ****************************************************************************/
45 /* Custom version for processing POSIX paths. */
46 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
48 static NTSTATUS check_path_syntax_internal(char *path,
50 BOOL *p_last_component_contains_wcard)
54 NTSTATUS ret = NT_STATUS_OK;
55 BOOL start_of_name_component = True;
57 *p_last_component_contains_wcard = False;
60 if (IS_PATH_SEP(*s,posix_path)) {
62 * Safe to assume is not the second part of a mb char
63 * as this is handled below.
65 /* Eat multiple '/' or '\\' */
66 while (IS_PATH_SEP(*s,posix_path)) {
69 if ((d != path) && (*s != '\0')) {
70 /* We only care about non-leading or trailing '/' or '\\' */
74 start_of_name_component = True;
76 *p_last_component_contains_wcard = False;
80 if (start_of_name_component) {
81 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
82 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
85 * No mb char starts with '.' so we're safe checking the directory separator here.
88 /* If we just added a '/' - delete it */
89 if ((d > path) && (*(d-1) == '/')) {
94 /* Are we at the start ? Can't go back further if so. */
96 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
99 /* Go back one level... */
100 /* We know this is safe as '/' cannot be part of a mb sequence. */
101 /* NOTE - if this assumption is invalid we are not in good shape... */
102 /* Decrement d first as d points to the *next* char to write into. */
103 for (d--; d > path; d--) {
107 s += 2; /* Else go past the .. */
108 /* We're still at the start of a name component, just the previous one. */
111 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
124 return NT_STATUS_OBJECT_NAME_INVALID;
132 *p_last_component_contains_wcard = True;
141 /* Get the size of the next MB character. */
142 next_codepoint(s,&siz);
160 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
162 return NT_STATUS_INVALID_PARAMETER;
165 start_of_name_component = False;
172 /****************************************************************************
173 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
174 No wildcards allowed.
175 ****************************************************************************/
177 NTSTATUS check_path_syntax(char *path)
180 return check_path_syntax_internal(path, False, &ignore);
183 /****************************************************************************
184 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
185 Wildcards allowed - p_contains_wcard returns true if the last component contained
187 ****************************************************************************/
189 NTSTATUS check_path_syntax_wcard(char *path, BOOL *p_contains_wcard)
191 return check_path_syntax_internal(path, False, p_contains_wcard);
194 /****************************************************************************
195 Check the path for a POSIX client.
196 We're assuming here that '/' is not the second byte in any multibyte char
197 set (a safe assumption).
198 ****************************************************************************/
200 NTSTATUS check_path_syntax_posix(char *path)
203 return check_path_syntax_internal(path, True, &ignore);
206 /****************************************************************************
207 Pull a string and check the path allowing a wilcard - provide for error return.
208 ****************************************************************************/
210 size_t srvstr_get_path_wcard(const char *inbuf, uint16 smb_flags2, char *dest,
211 const char *src, size_t dest_len, size_t src_len,
212 int flags, NTSTATUS *err, BOOL *contains_wcard)
216 SMB_ASSERT(dest_len == sizeof(pstring));
220 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
223 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
224 dest_len, src_len, flags);
227 *contains_wcard = False;
229 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
231 * For a DFS path the function parse_dfs_path()
232 * will do the path processing, just make a copy.
238 if (lp_posix_pathnames()) {
239 *err = check_path_syntax_posix(dest);
241 *err = check_path_syntax_wcard(dest, contains_wcard);
247 /****************************************************************************
248 Pull a string and check the path - provide for error return.
249 ****************************************************************************/
251 size_t srvstr_get_path(const char *inbuf, uint16 smb_flags2, char *dest,
252 const char *src, size_t dest_len, size_t src_len,
253 int flags, NTSTATUS *err)
257 SMB_ASSERT(dest_len == sizeof(pstring));
261 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
264 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
265 dest_len, src_len, flags);
268 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
270 * For a DFS path the function parse_dfs_path()
271 * will do the path processing, just make a copy.
277 if (lp_posix_pathnames()) {
278 *err = check_path_syntax_posix(dest);
280 *err = check_path_syntax(dest);
286 /****************************************************************************
287 Reply to a special message.
288 ****************************************************************************/
290 int reply_special(char *inbuf,char *outbuf)
293 int msg_type = CVAL(inbuf,0);
294 int msg_flags = CVAL(inbuf,1);
298 static BOOL already_got_session = False;
302 memset(outbuf,'\0',smb_size);
304 smb_setlen(inbuf,outbuf,0);
307 case 0x81: /* session request */
309 if (already_got_session) {
310 exit_server_cleanly("multiple session request not permitted");
313 SCVAL(outbuf,0,0x82);
315 if (name_len(inbuf+4) > 50 ||
316 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
317 DEBUG(0,("Invalid name length in session request\n"));
320 name_extract(inbuf,4,name1);
321 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
322 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
325 set_local_machine_name(name1, True);
326 set_remote_machine_name(name2, True);
328 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
329 get_local_machine_name(), get_remote_machine_name(),
332 if (name_type == 'R') {
333 /* We are being asked for a pathworks session ---
335 SCVAL(outbuf, 0,0x83);
339 /* only add the client's machine name to the list
340 of possibly valid usernames if we are operating
341 in share mode security */
342 if (lp_security() == SEC_SHARE) {
343 add_session_user(get_remote_machine_name());
346 reload_services(True);
349 already_got_session = True;
352 case 0x89: /* session keepalive request
353 (some old clients produce this?) */
354 SCVAL(outbuf,0,SMBkeepalive);
358 case 0x82: /* positive session response */
359 case 0x83: /* negative session response */
360 case 0x84: /* retarget session response */
361 DEBUG(0,("Unexpected session response\n"));
364 case SMBkeepalive: /* session keepalive */
369 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
370 msg_type, msg_flags));
375 /****************************************************************************
377 conn POINTER CAN BE NULL HERE !
378 ****************************************************************************/
380 int reply_tcon(connection_struct *conn,
381 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
385 char *service_buf = NULL;
386 char *password = NULL;
389 uint16 vuid = SVAL(inbuf,smb_uid);
393 DATA_BLOB password_blob;
395 START_PROFILE(SMBtcon);
397 ctx = talloc_init("reply_tcon");
399 END_PROFILE(SMBtcon);
400 return ERROR_NT(NT_STATUS_NO_MEMORY);
403 p = smb_buf(inbuf)+1;
404 p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
405 &service_buf, p, STR_TERMINATE) + 1;
406 pwlen = srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
407 &password, p, STR_TERMINATE) + 1;
409 p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
410 &dev, p, STR_TERMINATE) + 1;
412 if (service_buf == NULL || password == NULL || dev == NULL) {
414 END_PROFILE(SMBtcon);
415 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
417 p = strrchr_m(service_buf,'\\');
421 service = service_buf;
424 password_blob = data_blob(password, pwlen+1);
426 conn = make_connection(service,password_blob,dev,vuid,&nt_status);
428 data_blob_clear_free(&password_blob);
432 END_PROFILE(SMBtcon);
433 return ERROR_NT(nt_status);
436 outsize = set_message(inbuf,outbuf,2,0,True);
437 SSVAL(outbuf,smb_vwv0,max_recv);
438 SSVAL(outbuf,smb_vwv1,conn->cnum);
439 SSVAL(outbuf,smb_tid,conn->cnum);
441 DEBUG(3,("tcon service=%s cnum=%d\n",
442 service, conn->cnum));
444 END_PROFILE(SMBtcon);
449 /****************************************************************************
450 Reply to a tcon and X.
451 conn POINTER CAN BE NULL HERE !
452 ****************************************************************************/
454 int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
456 char *service = NULL;
459 TALLOC_CTX *ctx = NULL;
460 /* what the cleint thinks the device is */
461 char *client_devicetype = NULL;
462 /* what the server tells the client the share represents */
463 const char *server_devicetype;
465 uint16 vuid = SVAL(inbuf,smb_uid);
466 int passlen = SVAL(inbuf,smb_vwv3);
469 uint16 tcon_flags = SVAL(inbuf,smb_vwv2);
471 START_PROFILE(SMBtconX);
473 /* we might have to close an old one */
474 if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
475 close_cnum(conn,vuid);
478 if (passlen > MAX_PASS_LEN) {
479 return ERROR_DOS(ERRDOS,ERRbuftoosmall);
482 if (global_encrypted_passwords_negotiated) {
483 password = data_blob(smb_buf(inbuf),passlen);
484 if (lp_security() == SEC_SHARE) {
486 * Security = share always has a pad byte
487 * after the password.
489 p = smb_buf(inbuf) + passlen + 1;
491 p = smb_buf(inbuf) + passlen;
494 password = data_blob(smb_buf(inbuf),passlen+1);
495 /* Ensure correct termination */
496 password.data[passlen]=0;
497 p = smb_buf(inbuf) + passlen + 1;
500 ctx = talloc_init("reply_tcon_and_X");
502 END_PROFILE(SMBtconX);
503 return ERROR_NT(NT_STATUS_NO_MEMORY);
505 p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2), &path, p,
510 END_PROFILE(SMBtconX);
511 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
515 * the service name can be either: \\server\share
516 * or share directly like on the DELL PowerVault 705
519 q = strchr_m(path+2,'\\');
522 END_PROFILE(SMBtconX);
523 return(ERROR_DOS(ERRDOS,ERRnosuchshare));
530 p += srvstr_pull_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2), &client_devicetype, p,
531 MIN(6,smb_bufrem(inbuf, p)), STR_ASCII);
533 if (client_devicetype == NULL) {
535 END_PROFILE(SMBtconX);
536 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
539 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
541 conn = make_connection(service,password,client_devicetype,vuid,&nt_status);
543 data_blob_clear_free(&password);
547 END_PROFILE(SMBtconX);
548 return ERROR_NT(nt_status);
552 server_devicetype = "IPC";
553 else if ( IS_PRINT(conn) )
554 server_devicetype = "LPT1:";
556 server_devicetype = "A:";
558 if (Protocol < PROTOCOL_NT1) {
559 set_message(inbuf,outbuf,2,0,True);
561 p += srvstr_push(outbuf, p, server_devicetype, -1,
562 STR_TERMINATE|STR_ASCII);
563 set_message_end(inbuf,outbuf,p);
565 /* NT sets the fstype of IPC$ to the null string */
566 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
568 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
569 /* Return permissions. */
573 set_message(inbuf,outbuf,7,0,True);
576 perm1 = FILE_ALL_ACCESS;
577 perm2 = FILE_ALL_ACCESS;
579 perm1 = CAN_WRITE(conn) ?
584 SIVAL(outbuf, smb_vwv3, perm1);
585 SIVAL(outbuf, smb_vwv5, perm2);
587 set_message(inbuf,outbuf,3,0,True);
591 p += srvstr_push(outbuf, p, server_devicetype, -1,
592 STR_TERMINATE|STR_ASCII);
593 p += srvstr_push(outbuf, p, fstype, -1,
596 set_message_end(inbuf,outbuf,p);
598 /* what does setting this bit do? It is set by NT4 and
599 may affect the ability to autorun mounted cdroms */
600 SSVAL(outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
601 (lp_csc_policy(SNUM(conn)) << 2));
603 init_dfsroot(conn, inbuf, outbuf);
607 DEBUG(3,("tconX service=%s \n",
610 /* set the incoming and outgoing tid to the just created one */
611 SSVAL(inbuf,smb_tid,conn->cnum);
612 SSVAL(outbuf,smb_tid,conn->cnum);
615 END_PROFILE(SMBtconX);
616 return chain_reply(inbuf,outbuf,length,bufsize);
619 /****************************************************************************
620 Reply to an unknown type.
621 ****************************************************************************/
623 int reply_unknown(char *inbuf,char *outbuf)
626 type = CVAL(inbuf,smb_com);
628 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
629 smb_fn_name(type), type, type));
631 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
634 /****************************************************************************
636 conn POINTER CAN BE NULL HERE !
637 ****************************************************************************/
639 int reply_ioctl(connection_struct *conn,
640 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
642 uint16 device = SVAL(inbuf,smb_vwv1);
643 uint16 function = SVAL(inbuf,smb_vwv2);
644 uint32 ioctl_code = (device << 16) + function;
645 int replysize, outsize;
647 START_PROFILE(SMBioctl);
649 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
651 switch (ioctl_code) {
652 case IOCTL_QUERY_JOB_INFO:
656 END_PROFILE(SMBioctl);
657 return(ERROR_DOS(ERRSRV,ERRnosupport));
660 outsize = set_message(inbuf,outbuf,8,replysize+1,True);
661 SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
662 SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
663 SSVAL(outbuf,smb_vwv6,52); /* Offset to data */
664 p = smb_buf(outbuf) + 1; /* Allow for alignment */
666 switch (ioctl_code) {
667 case IOCTL_QUERY_JOB_INFO:
669 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
671 END_PROFILE(SMBioctl);
672 return(UNIXERROR(ERRDOS,ERRbadfid));
674 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
675 srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII);
677 srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII);
683 END_PROFILE(SMBioctl);
687 /****************************************************************************
688 Strange checkpath NTSTATUS mapping.
689 ****************************************************************************/
691 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
693 /* Strange DOS error code semantics only for checkpath... */
694 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
695 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
696 /* We need to map to ERRbadpath */
697 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
703 /****************************************************************************
704 Reply to a checkpath.
705 ****************************************************************************/
707 int reply_checkpath(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
711 SMB_STRUCT_STAT sbuf;
714 START_PROFILE(SMBcheckpath);
716 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), name, smb_buf(inbuf) + 1,
717 sizeof(name), 0, STR_TERMINATE, &status);
718 if (!NT_STATUS_IS_OK(status)) {
719 END_PROFILE(SMBcheckpath);
720 status = map_checkpath_error(inbuf, status);
721 return ERROR_NT(status);
724 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, name);
725 if (!NT_STATUS_IS_OK(status)) {
726 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
727 END_PROFILE(SMBcheckpath);
728 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
733 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(inbuf,smb_vwv0)));
735 status = unix_convert(conn, name, False, NULL, &sbuf);
736 if (!NT_STATUS_IS_OK(status)) {
740 status = check_name(conn, name);
741 if (!NT_STATUS_IS_OK(status)) {
742 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
746 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
747 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
748 status = map_nt_error_from_unix(errno);
752 if (!S_ISDIR(sbuf.st_mode)) {
753 END_PROFILE(SMBcheckpath);
754 return ERROR_BOTH(NT_STATUS_NOT_A_DIRECTORY,ERRDOS,ERRbadpath);
757 outsize = set_message(inbuf,outbuf,0,0,False);
759 END_PROFILE(SMBcheckpath);
764 END_PROFILE(SMBcheckpath);
766 /* We special case this - as when a Windows machine
767 is parsing a path is steps through the components
768 one at a time - if a component fails it expects
769 ERRbadpath, not ERRbadfile.
771 status = map_checkpath_error(inbuf, status);
772 if(NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
774 * Windows returns different error codes if
775 * the parent directory is valid but not the
776 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
777 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
778 * if the path is invalid.
780 return ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpath);
783 return ERROR_NT(status);
786 /****************************************************************************
788 ****************************************************************************/
790 int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
794 SMB_STRUCT_STAT sbuf;
801 START_PROFILE(SMBgetatr);
803 p = smb_buf(inbuf) + 1;
804 p += srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, p,
805 sizeof(fname), 0, STR_TERMINATE, &status);
806 if (!NT_STATUS_IS_OK(status)) {
807 END_PROFILE(SMBgetatr);
808 return ERROR_NT(status);
811 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, fname);
812 if (!NT_STATUS_IS_OK(status)) {
813 END_PROFILE(SMBgetatr);
814 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
815 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
817 return ERROR_NT(status);
820 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
821 under WfWg - weird! */
822 if (*fname == '\0') {
823 mode = aHIDDEN | aDIR;
824 if (!CAN_WRITE(conn)) {
830 status = unix_convert(conn, fname, False, NULL,&sbuf);
831 if (!NT_STATUS_IS_OK(status)) {
832 END_PROFILE(SMBgetatr);
833 return ERROR_NT(status);
835 status = check_name(conn, fname);
836 if (!NT_STATUS_IS_OK(status)) {
837 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
838 END_PROFILE(SMBgetatr);
839 return ERROR_NT(status);
841 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
842 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
843 return UNIXERROR(ERRDOS,ERRbadfile);
846 mode = dos_mode(conn,fname,&sbuf);
848 mtime = sbuf.st_mtime;
854 outsize = set_message(inbuf,outbuf,10,0,True);
856 SSVAL(outbuf,smb_vwv0,mode);
857 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
858 srv_put_dos_date3(outbuf,smb_vwv1,mtime & ~1);
860 srv_put_dos_date3(outbuf,smb_vwv1,mtime);
862 SIVAL(outbuf,smb_vwv3,(uint32)size);
864 if (Protocol >= PROTOCOL_NT1) {
865 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
868 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
870 END_PROFILE(SMBgetatr);
874 /****************************************************************************
876 ****************************************************************************/
878 int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
884 SMB_STRUCT_STAT sbuf;
888 START_PROFILE(SMBsetatr);
890 p = smb_buf(inbuf) + 1;
891 p += srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, p,
892 sizeof(fname), 0, STR_TERMINATE, &status);
893 if (!NT_STATUS_IS_OK(status)) {
894 END_PROFILE(SMBsetatr);
895 return ERROR_NT(status);
898 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, fname);
899 if (!NT_STATUS_IS_OK(status)) {
900 END_PROFILE(SMBsetatr);
901 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
902 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
904 return ERROR_NT(status);
907 status = unix_convert(conn, fname, False, NULL, &sbuf);
908 if (!NT_STATUS_IS_OK(status)) {
909 END_PROFILE(SMBsetatr);
910 return ERROR_NT(status);
913 status = check_name(conn, fname);
914 if (!NT_STATUS_IS_OK(status)) {
915 END_PROFILE(SMBsetatr);
916 return ERROR_NT(status);
919 if (fname[0] == '.' && fname[1] == '\0') {
921 * Not sure here is the right place to catch this
922 * condition. Might be moved to somewhere else later -- vl
924 END_PROFILE(SMBsetatr);
925 return ERROR_NT(NT_STATUS_ACCESS_DENIED);
928 mode = SVAL(inbuf,smb_vwv0);
929 mtime = srv_make_unix_date3(inbuf+smb_vwv1);
931 if (mode != FILE_ATTRIBUTE_NORMAL) {
932 if (VALID_STAT_OF_DIR(sbuf))
937 if (file_set_dosmode(conn,fname,mode,&sbuf,False) != 0) {
938 END_PROFILE(SMBsetatr);
939 return UNIXERROR(ERRDOS, ERRnoaccess);
943 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
944 END_PROFILE(SMBsetatr);
945 return UNIXERROR(ERRDOS, ERRnoaccess);
948 outsize = set_message(inbuf,outbuf,0,0,False);
950 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
952 END_PROFILE(SMBsetatr);
956 /****************************************************************************
958 ****************************************************************************/
960 int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
963 SMB_BIG_UINT dfree,dsize,bsize;
964 START_PROFILE(SMBdskattr);
966 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
967 END_PROFILE(SMBdskattr);
968 return(UNIXERROR(ERRHRD,ERRgeneral));
971 outsize = set_message(inbuf,outbuf,5,0,True);
973 if (Protocol <= PROTOCOL_LANMAN2) {
974 double total_space, free_space;
975 /* we need to scale this to a number that DOS6 can handle. We
976 use floating point so we can handle large drives on systems
977 that don't have 64 bit integers
979 we end up displaying a maximum of 2G to DOS systems
981 total_space = dsize * (double)bsize;
982 free_space = dfree * (double)bsize;
984 dsize = (total_space+63*512) / (64*512);
985 dfree = (free_space+63*512) / (64*512);
987 if (dsize > 0xFFFF) dsize = 0xFFFF;
988 if (dfree > 0xFFFF) dfree = 0xFFFF;
990 SSVAL(outbuf,smb_vwv0,dsize);
991 SSVAL(outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
992 SSVAL(outbuf,smb_vwv2,512); /* and this must be 512 */
993 SSVAL(outbuf,smb_vwv3,dfree);
995 SSVAL(outbuf,smb_vwv0,dsize);
996 SSVAL(outbuf,smb_vwv1,bsize/512);
997 SSVAL(outbuf,smb_vwv2,512);
998 SSVAL(outbuf,smb_vwv3,dfree);
1001 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1003 END_PROFILE(SMBdskattr);
1007 /****************************************************************************
1009 Can be called from SMBsearch, SMBffirst or SMBfunique.
1010 ****************************************************************************/
1012 int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1022 unsigned int numentries = 0;
1023 unsigned int maxentries = 0;
1024 BOOL finished = False;
1030 BOOL check_descend = False;
1031 BOOL expect_close = False;
1033 BOOL mask_contains_wcard = False;
1034 BOOL allow_long_path_components = (SVAL(inbuf,smb_flg2) & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1036 START_PROFILE(SMBsearch);
1038 if (lp_posix_pathnames()) {
1039 END_PROFILE(SMBsearch);
1040 return reply_unknown(inbuf, outbuf);
1043 *mask = *directory = *fname = 0;
1045 /* If we were called as SMBffirst then we must expect close. */
1046 if(CVAL(inbuf,smb_com) == SMBffirst) {
1047 expect_close = True;
1050 outsize = set_message(inbuf,outbuf,1,3,True);
1051 maxentries = SVAL(inbuf,smb_vwv0);
1052 dirtype = SVAL(inbuf,smb_vwv1);
1053 p = smb_buf(inbuf) + 1;
1054 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), path, p,
1055 sizeof(path), 0, STR_TERMINATE, &nt_status,
1056 &mask_contains_wcard);
1057 if (!NT_STATUS_IS_OK(nt_status)) {
1058 END_PROFILE(SMBsearch);
1059 return ERROR_NT(nt_status);
1062 nt_status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, path, &mask_contains_wcard);
1063 if (!NT_STATUS_IS_OK(nt_status)) {
1064 END_PROFILE(SMBsearch);
1065 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1066 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
1068 return ERROR_NT(nt_status);
1072 status_len = SVAL(p, 0);
1075 /* dirtype &= ~aDIR; */
1077 if (status_len == 0) {
1078 SMB_STRUCT_STAT sbuf;
1080 pstrcpy(directory,path);
1081 nt_status = unix_convert(conn, directory, True, NULL, &sbuf);
1082 if (!NT_STATUS_IS_OK(nt_status)) {
1083 END_PROFILE(SMBsearch);
1084 return ERROR_NT(nt_status);
1087 nt_status = check_name(conn, directory);
1088 if (!NT_STATUS_IS_OK(nt_status)) {
1089 END_PROFILE(SMBsearch);
1090 return ERROR_NT(nt_status);
1093 p = strrchr_m(directory,'/');
1095 pstrcpy(mask,directory);
1096 pstrcpy(directory,".");
1102 if (*directory == '\0') {
1103 pstrcpy(directory,".");
1105 memset((char *)status,'\0',21);
1106 SCVAL(status,0,(dirtype & 0x1F));
1110 memcpy(status,p,21);
1111 status_dirtype = CVAL(status,0) & 0x1F;
1112 if (status_dirtype != (dirtype & 0x1F)) {
1113 dirtype = status_dirtype;
1116 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1117 if (!conn->dirptr) {
1120 string_set(&conn->dirpath,dptr_path(dptr_num));
1121 pstrcpy(mask, dptr_wcard(dptr_num));
1123 * For a 'continue' search we have no string. So
1124 * check from the initial saved string.
1126 mask_contains_wcard = ms_has_wild(mask);
1129 p = smb_buf(outbuf) + 3;
1131 if (status_len == 0) {
1132 nt_status = dptr_create(conn,
1136 SVAL(inbuf,smb_pid),
1138 mask_contains_wcard,
1141 if (!NT_STATUS_IS_OK(nt_status)) {
1142 return ERROR_NT(nt_status);
1144 dptr_num = dptr_dnum(conn->dirptr);
1146 dirtype = dptr_attr(dptr_num);
1149 DEBUG(4,("dptr_num is %d\n",dptr_num));
1151 if ((dirtype&0x1F) == aVOLID) {
1152 memcpy(p,status,21);
1153 make_dir_struct(p,"???????????",volume_label(SNUM(conn)),
1154 0,aVOLID,0,!allow_long_path_components);
1155 dptr_fill(p+12,dptr_num);
1156 if (dptr_zero(p+12) && (status_len==0)) {
1161 p += DIR_STRUCT_SIZE;
1164 maxentries = MIN(maxentries, ((BUFFER_SIZE - (p - outbuf))/DIR_STRUCT_SIZE));
1166 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1167 conn->dirpath,lp_dontdescend(SNUM(conn))));
1168 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1169 check_descend = True;
1172 for (i=numentries;(i<maxentries) && !finished;i++) {
1173 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1175 memcpy(p,status,21);
1176 make_dir_struct(p,mask,fname,size, mode,date,
1177 !allow_long_path_components);
1178 if (!dptr_fill(p+12,dptr_num)) {
1182 p += DIR_STRUCT_SIZE;
1189 /* If we were called as SMBffirst with smb_search_id == NULL
1190 and no entries were found then return error and close dirptr
1193 if (numentries == 0) {
1194 dptr_close(&dptr_num);
1195 } else if(expect_close && status_len == 0) {
1196 /* Close the dptr - we know it's gone */
1197 dptr_close(&dptr_num);
1200 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1201 if(dptr_num >= 0 && CVAL(inbuf,smb_com) == SMBfunique) {
1202 dptr_close(&dptr_num);
1205 if ((numentries == 0) && !mask_contains_wcard) {
1206 return ERROR_BOTH(STATUS_NO_MORE_FILES,ERRDOS,ERRnofiles);
1209 SSVAL(outbuf,smb_vwv0,numentries);
1210 SSVAL(outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1211 SCVAL(smb_buf(outbuf),0,5);
1212 SSVAL(smb_buf(outbuf),1,numentries*DIR_STRUCT_SIZE);
1214 /* The replies here are never long name. */
1215 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1216 if (!allow_long_path_components) {
1217 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_LONG_PATH_COMPONENTS));
1220 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1221 SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1223 outsize += DIR_STRUCT_SIZE*numentries;
1224 smb_setlen(inbuf,outbuf,outsize - 4);
1226 if ((! *directory) && dptr_path(dptr_num))
1227 slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
1229 DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1230 smb_fn_name(CVAL(inbuf,smb_com)),
1231 mask, directory, dirtype, numentries, maxentries ) );
1233 END_PROFILE(SMBsearch);
1237 /****************************************************************************
1238 Reply to a fclose (stop directory search).
1239 ****************************************************************************/
1241 int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1250 BOOL path_contains_wcard = False;
1252 START_PROFILE(SMBfclose);
1254 if (lp_posix_pathnames()) {
1255 END_PROFILE(SMBfclose);
1256 return reply_unknown(inbuf, outbuf);
1259 outsize = set_message(inbuf,outbuf,1,0,True);
1260 p = smb_buf(inbuf) + 1;
1261 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), path, p,
1262 sizeof(path), 0, STR_TERMINATE, &err,
1263 &path_contains_wcard);
1264 if (!NT_STATUS_IS_OK(err)) {
1265 END_PROFILE(SMBfclose);
1266 return ERROR_NT(err);
1269 status_len = SVAL(p,0);
1272 if (status_len == 0) {
1273 END_PROFILE(SMBfclose);
1274 return ERROR_DOS(ERRSRV,ERRsrverror);
1277 memcpy(status,p,21);
1279 if(dptr_fetch(status+12,&dptr_num)) {
1280 /* Close the dptr - we know it's gone */
1281 dptr_close(&dptr_num);
1284 SSVAL(outbuf,smb_vwv0,0);
1286 DEBUG(3,("search close\n"));
1288 END_PROFILE(SMBfclose);
1292 /****************************************************************************
1294 ****************************************************************************/
1296 int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1304 SMB_STRUCT_STAT sbuf;
1306 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1308 uint32 dos_attr = SVAL(inbuf,smb_vwv1);
1311 uint32 create_disposition;
1312 uint32 create_options = 0;
1314 struct smb_request req;
1316 START_PROFILE(SMBopen);
1318 init_smb_request(&req, (uint8 *)inbuf);
1320 deny_mode = SVAL(inbuf,smb_vwv0);
1322 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, smb_buf(inbuf)+1,
1323 sizeof(fname), 0, STR_TERMINATE, &status);
1324 if (!NT_STATUS_IS_OK(status)) {
1325 END_PROFILE(SMBopen);
1326 return ERROR_NT(status);
1329 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, fname);
1330 if (!NT_STATUS_IS_OK(status)) {
1331 END_PROFILE(SMBopen);
1332 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1333 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
1335 return ERROR_NT(status);
1338 status = unix_convert(conn, fname, False, NULL, &sbuf);
1339 if (!NT_STATUS_IS_OK(status)) {
1340 END_PROFILE(SMBopen);
1341 return ERROR_NT(status);
1344 status = check_name(conn, fname);
1345 if (!NT_STATUS_IS_OK(status)) {
1346 END_PROFILE(SMBopen);
1347 return ERROR_NT(status);
1350 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1351 &access_mask, &share_mode, &create_disposition, &create_options)) {
1352 END_PROFILE(SMBopen);
1353 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1356 status = open_file_ntcreate(conn, &req, fname, &sbuf,
1365 if (!NT_STATUS_IS_OK(status)) {
1366 END_PROFILE(SMBopen);
1367 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1368 /* We have re-scheduled this call. */
1371 return ERROR_NT(status);
1374 size = sbuf.st_size;
1375 fattr = dos_mode(conn,fname,&sbuf);
1376 mtime = sbuf.st_mtime;
1379 DEBUG(3,("attempt to open a directory %s\n",fname));
1380 close_file(fsp,ERROR_CLOSE);
1381 END_PROFILE(SMBopen);
1382 return ERROR_DOS(ERRDOS,ERRnoaccess);
1385 outsize = set_message(inbuf,outbuf,7,0,True);
1386 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1387 SSVAL(outbuf,smb_vwv1,fattr);
1388 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1389 srv_put_dos_date3(outbuf,smb_vwv2,mtime & ~1);
1391 srv_put_dos_date3(outbuf,smb_vwv2,mtime);
1393 SIVAL(outbuf,smb_vwv4,(uint32)size);
1394 SSVAL(outbuf,smb_vwv6,deny_mode);
1396 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1397 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1400 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1401 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1403 END_PROFILE(SMBopen);
1407 /****************************************************************************
1408 Reply to an open and X.
1409 ****************************************************************************/
1411 int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1414 uint16 open_flags = SVAL(inbuf,smb_vwv2);
1415 int deny_mode = SVAL(inbuf,smb_vwv3);
1416 uint32 smb_attr = SVAL(inbuf,smb_vwv5);
1417 /* Breakout the oplock request bits so we can set the
1418 reply bits separately. */
1419 int ex_oplock_request = EXTENDED_OPLOCK_REQUEST(inbuf);
1420 int core_oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1421 int oplock_request = ex_oplock_request | core_oplock_request;
1423 int smb_sattr = SVAL(inbuf,smb_vwv4);
1424 uint32 smb_time = make_unix_date3(inbuf+smb_vwv6);
1426 int smb_ofun = SVAL(inbuf,smb_vwv8);
1429 SMB_STRUCT_STAT sbuf;
1433 SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv9);
1434 ssize_t retval = -1;
1437 uint32 create_disposition;
1438 uint32 create_options = 0;
1439 struct smb_request req;
1441 START_PROFILE(SMBopenX);
1443 init_smb_request(&req, (uint8 *)inbuf);
1445 /* If it's an IPC, pass off the pipe handler. */
1447 if (lp_nt_pipe_support()) {
1448 END_PROFILE(SMBopenX);
1449 return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize);
1451 END_PROFILE(SMBopenX);
1452 return ERROR_DOS(ERRSRV,ERRaccess);
1456 /* XXXX we need to handle passed times, sattr and flags */
1457 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, smb_buf(inbuf),
1458 sizeof(fname), 0, STR_TERMINATE, &status);
1459 if (!NT_STATUS_IS_OK(status)) {
1460 END_PROFILE(SMBopenX);
1461 return ERROR_NT(status);
1464 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, fname);
1465 if (!NT_STATUS_IS_OK(status)) {
1466 END_PROFILE(SMBopenX);
1467 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1468 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
1470 return ERROR_NT(status);
1473 status = unix_convert(conn, fname, False, NULL, &sbuf);
1474 if (!NT_STATUS_IS_OK(status)) {
1475 END_PROFILE(SMBopenX);
1476 return ERROR_NT(status);
1479 status = check_name(conn, fname);
1480 if (!NT_STATUS_IS_OK(status)) {
1481 END_PROFILE(SMBopenX);
1482 return ERROR_NT(status);
1485 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1488 &create_disposition,
1490 END_PROFILE(SMBopenX);
1491 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1494 status = open_file_ntcreate(conn, &req, fname, &sbuf,
1503 if (!NT_STATUS_IS_OK(status)) {
1504 END_PROFILE(SMBopenX);
1505 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1506 /* We have re-scheduled this call. */
1509 return ERROR_NT(status);
1512 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1513 if the file is truncated or created. */
1514 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1515 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1516 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1517 close_file(fsp,ERROR_CLOSE);
1518 END_PROFILE(SMBopenX);
1519 return ERROR_NT(NT_STATUS_DISK_FULL);
1521 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1523 close_file(fsp,ERROR_CLOSE);
1524 END_PROFILE(SMBopenX);
1525 return ERROR_NT(NT_STATUS_DISK_FULL);
1527 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1530 fattr = dos_mode(conn,fname,&sbuf);
1531 mtime = sbuf.st_mtime;
1533 close_file(fsp,ERROR_CLOSE);
1534 END_PROFILE(SMBopenX);
1535 return ERROR_DOS(ERRDOS,ERRnoaccess);
1538 /* If the caller set the extended oplock request bit
1539 and we granted one (by whatever means) - set the
1540 correct bit for extended oplock reply.
1543 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1544 smb_action |= EXTENDED_OPLOCK_GRANTED;
1547 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1548 smb_action |= EXTENDED_OPLOCK_GRANTED;
1551 /* If the caller set the core oplock request bit
1552 and we granted one (by whatever means) - set the
1553 correct bit for core oplock reply.
1556 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1557 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1560 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1561 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1564 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1565 set_message(inbuf,outbuf,19,0,True);
1567 set_message(inbuf,outbuf,15,0,True);
1569 SSVAL(outbuf,smb_vwv2,fsp->fnum);
1570 SSVAL(outbuf,smb_vwv3,fattr);
1571 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1572 srv_put_dos_date3(outbuf,smb_vwv4,mtime & ~1);
1574 srv_put_dos_date3(outbuf,smb_vwv4,mtime);
1576 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
1577 SSVAL(outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1578 SSVAL(outbuf,smb_vwv11,smb_action);
1580 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1581 SIVAL(outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1584 END_PROFILE(SMBopenX);
1585 return chain_reply(inbuf,outbuf,length,bufsize);
1588 /****************************************************************************
1589 Reply to a SMBulogoffX.
1590 conn POINTER CAN BE NULL HERE !
1591 ****************************************************************************/
1593 int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1595 uint16 vuid = SVAL(inbuf,smb_uid);
1596 user_struct *vuser = get_valid_user_struct(vuid);
1597 START_PROFILE(SMBulogoffX);
1600 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n", vuid));
1602 /* in user level security we are supposed to close any files
1603 open by this user */
1604 if ((vuser != 0) && (lp_security() != SEC_SHARE))
1605 file_close_user(vuid);
1607 invalidate_vuid(vuid);
1609 set_message(inbuf,outbuf,2,0,True);
1611 DEBUG( 3, ( "ulogoffX vuid=%d\n", vuid ) );
1613 END_PROFILE(SMBulogoffX);
1614 return chain_reply(inbuf,outbuf,length,bufsize);
1617 /****************************************************************************
1618 Reply to a mknew or a create.
1619 ****************************************************************************/
1621 int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1626 uint32 fattr = SVAL(inbuf,smb_vwv0);
1627 struct timespec ts[2];
1629 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1630 SMB_STRUCT_STAT sbuf;
1632 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1633 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1634 uint32 create_disposition;
1635 uint32 create_options = 0;
1636 struct smb_request req;
1638 START_PROFILE(SMBcreate);
1640 init_smb_request(&req, (uint8 *)inbuf);
1642 com = SVAL(inbuf,smb_com);
1644 ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(inbuf + smb_vwv1)); /* mtime. */
1646 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, smb_buf(inbuf) + 1,
1647 sizeof(fname), 0, STR_TERMINATE, &status);
1648 if (!NT_STATUS_IS_OK(status)) {
1649 END_PROFILE(SMBcreate);
1650 return ERROR_NT(status);
1653 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, fname);
1654 if (!NT_STATUS_IS_OK(status)) {
1655 END_PROFILE(SMBcreate);
1656 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1657 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
1659 return ERROR_NT(status);
1662 status = unix_convert(conn, fname, False, NULL, &sbuf);
1663 if (!NT_STATUS_IS_OK(status)) {
1664 END_PROFILE(SMBcreate);
1665 return ERROR_NT(status);
1668 status = check_name(conn, fname);
1669 if (!NT_STATUS_IS_OK(status)) {
1670 END_PROFILE(SMBcreate);
1671 return ERROR_NT(status);
1674 if (fattr & aVOLID) {
1675 DEBUG(0,("Attempt to create file (%s) with volid set - please report this\n",fname));
1678 if(com == SMBmknew) {
1679 /* We should fail if file exists. */
1680 create_disposition = FILE_CREATE;
1682 /* Create if file doesn't exist, truncate if it does. */
1683 create_disposition = FILE_OVERWRITE_IF;
1686 /* Open file using ntcreate. */
1687 status = open_file_ntcreate(conn, &req, fname, &sbuf,
1696 if (!NT_STATUS_IS_OK(status)) {
1697 END_PROFILE(SMBcreate);
1698 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1699 /* We have re-scheduled this call. */
1702 return ERROR_NT(status);
1705 ts[0] = get_atimespec(&sbuf); /* atime. */
1706 file_ntimes(conn, fname, ts);
1708 outsize = set_message(inbuf,outbuf,1,0,True);
1709 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1711 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1712 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1715 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1716 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1719 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1720 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n", fname, fsp->fh->fd, (unsigned int)fattr ) );
1722 END_PROFILE(SMBcreate);
1726 /****************************************************************************
1727 Reply to a create temporary file.
1728 ****************************************************************************/
1730 int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1734 uint32 fattr = SVAL(inbuf,smb_vwv0);
1736 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1738 SMB_STRUCT_STAT sbuf;
1741 unsigned int namelen;
1742 struct smb_request req;
1744 START_PROFILE(SMBctemp);
1746 init_smb_request(&req, (uint8 *)inbuf);
1748 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, smb_buf(inbuf)+1,
1749 sizeof(fname), 0, STR_TERMINATE, &status);
1750 if (!NT_STATUS_IS_OK(status)) {
1751 END_PROFILE(SMBctemp);
1752 return ERROR_NT(status);
1755 pstrcat(fname,"/TMXXXXXX");
1757 pstrcat(fname,"TMXXXXXX");
1760 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, fname);
1761 if (!NT_STATUS_IS_OK(status)) {
1762 END_PROFILE(SMBctemp);
1763 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1764 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
1766 return ERROR_NT(status);
1769 status = unix_convert(conn, fname, False, NULL, &sbuf);
1770 if (!NT_STATUS_IS_OK(status)) {
1771 END_PROFILE(SMBctemp);
1772 return ERROR_NT(status);
1775 status = check_name(conn, fname);
1776 if (!NT_STATUS_IS_OK(status)) {
1777 END_PROFILE(SMBctemp);
1778 return ERROR_NT(status);
1781 tmpfd = smb_mkstemp(fname);
1783 END_PROFILE(SMBctemp);
1784 return(UNIXERROR(ERRDOS,ERRnoaccess));
1787 SMB_VFS_STAT(conn,fname,&sbuf);
1789 /* We should fail if file does not exist. */
1790 status = open_file_ntcreate(conn, &req, fname, &sbuf,
1791 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
1792 FILE_SHARE_READ|FILE_SHARE_WRITE,
1799 /* close fd from smb_mkstemp() */
1802 if (!NT_STATUS_IS_OK(status)) {
1803 END_PROFILE(SMBctemp);
1804 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1805 /* We have re-scheduled this call. */
1808 return ERROR_NT(status);
1811 outsize = set_message(inbuf,outbuf,1,0,True);
1812 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1814 /* the returned filename is relative to the directory */
1815 s = strrchr_m(fname, '/');
1822 p = smb_buf(outbuf);
1824 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
1825 thing in the byte section. JRA */
1826 SSVALS(p, 0, -1); /* what is this? not in spec */
1828 namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);
1830 outsize = set_message_end(inbuf,outbuf, p);
1832 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1833 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1836 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1837 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1840 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
1841 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
1842 (unsigned int)sbuf.st_mode ) );
1844 END_PROFILE(SMBctemp);
1848 /*******************************************************************
1849 Check if a user is allowed to rename a file.
1850 ********************************************************************/
1852 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
1853 uint16 dirtype, SMB_STRUCT_STAT *pst)
1857 if (!CAN_WRITE(conn)) {
1858 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1861 fmode = dos_mode(conn, fsp->fsp_name, pst);
1862 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
1863 return NT_STATUS_NO_SUCH_FILE;
1866 if (S_ISDIR(pst->st_mode)) {
1867 return NT_STATUS_OK;
1870 if (fsp->access_mask & DELETE_ACCESS) {
1871 return NT_STATUS_OK;
1874 return NT_STATUS_ACCESS_DENIED;
1877 /*******************************************************************
1878 * unlink a file with all relevant access checks
1879 *******************************************************************/
1881 static NTSTATUS do_unlink(connection_struct *conn, struct smb_request *req,
1882 char *fname, uint32 dirtype)
1884 SMB_STRUCT_STAT sbuf;
1887 uint32 dirtype_orig = dirtype;
1890 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
1892 if (!CAN_WRITE(conn)) {
1893 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1896 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
1897 return map_nt_error_from_unix(errno);
1900 fattr = dos_mode(conn,fname,&sbuf);
1902 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
1903 dirtype = aDIR|aARCH|aRONLY;
1906 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
1908 return NT_STATUS_NO_SUCH_FILE;
1911 if (!dir_check_ftype(conn, fattr, dirtype)) {
1913 return NT_STATUS_FILE_IS_A_DIRECTORY;
1915 return NT_STATUS_NO_SUCH_FILE;
1918 if (dirtype_orig & 0x8000) {
1919 /* These will never be set for POSIX. */
1920 return NT_STATUS_NO_SUCH_FILE;
1924 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
1925 return NT_STATUS_FILE_IS_A_DIRECTORY;
1928 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
1929 return NT_STATUS_NO_SUCH_FILE;
1932 if (dirtype & 0xFF00) {
1933 /* These will never be set for POSIX. */
1934 return NT_STATUS_NO_SUCH_FILE;
1939 return NT_STATUS_NO_SUCH_FILE;
1942 /* Can't delete a directory. */
1944 return NT_STATUS_FILE_IS_A_DIRECTORY;
1949 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
1950 return NT_STATUS_OBJECT_NAME_INVALID;
1951 #endif /* JRATEST */
1953 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
1955 On a Windows share, a file with read-only dosmode can be opened with
1956 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
1957 fails with NT_STATUS_CANNOT_DELETE error.
1959 This semantic causes a problem that a user can not
1960 rename a file with read-only dosmode on a Samba share
1961 from a Windows command prompt (i.e. cmd.exe, but can rename
1962 from Windows Explorer).
1965 if (!lp_delete_readonly(SNUM(conn))) {
1966 if (fattr & aRONLY) {
1967 return NT_STATUS_CANNOT_DELETE;
1971 /* On open checks the open itself will check the share mode, so
1972 don't do it here as we'll get it wrong. */
1974 status = open_file_ntcreate(conn, req, fname, &sbuf,
1979 FILE_ATTRIBUTE_NORMAL,
1980 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
1983 if (!NT_STATUS_IS_OK(status)) {
1984 DEBUG(10, ("open_file_ntcreate failed: %s\n",
1985 nt_errstr(status)));
1989 /* The set is across all open files on this dev/inode pair. */
1990 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
1991 close_file(fsp, NORMAL_CLOSE);
1992 return NT_STATUS_ACCESS_DENIED;
1995 return close_file(fsp,NORMAL_CLOSE);
1998 /****************************************************************************
1999 The guts of the unlink command, split out so it may be called by the NT SMB
2001 ****************************************************************************/
2003 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2004 uint32 dirtype, char *name, BOOL has_wild)
2010 NTSTATUS status = NT_STATUS_OK;
2011 SMB_STRUCT_STAT sbuf;
2013 *directory = *mask = 0;
2015 status = unix_convert(conn, name, has_wild, NULL, &sbuf);
2016 if (!NT_STATUS_IS_OK(status)) {
2020 p = strrchr_m(name,'/');
2022 pstrcpy(directory,".");
2026 pstrcpy(directory,name);
2031 * We should only check the mangled cache
2032 * here if unix_convert failed. This means
2033 * that the path in 'mask' doesn't exist
2034 * on the file system and so we need to look
2035 * for a possible mangle. This patch from
2036 * Tine Smukavec <valentin.smukavec@hermes.si>.
2039 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params))
2040 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
2043 pstrcat(directory,"/");
2044 pstrcat(directory,mask);
2046 dirtype = FILE_ATTRIBUTE_NORMAL;
2049 status = check_name(conn, directory);
2050 if (!NT_STATUS_IS_OK(status)) {
2054 status = do_unlink(conn, req, directory, dirtype);
2055 if (!NT_STATUS_IS_OK(status)) {
2061 struct smb_Dir *dir_hnd = NULL;
2065 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2066 return NT_STATUS_OBJECT_NAME_INVALID;
2069 if (strequal(mask,"????????.???")) {
2073 status = check_name(conn, directory);
2074 if (!NT_STATUS_IS_OK(status)) {
2078 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2079 if (dir_hnd == NULL) {
2080 return map_nt_error_from_unix(errno);
2083 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2084 the pattern matches against the long name, otherwise the short name
2085 We don't implement this yet XXXX
2088 status = NT_STATUS_NO_SUCH_FILE;
2090 while ((dname = ReadDirName(dir_hnd, &offset))) {
2093 pstrcpy(fname,dname);
2095 if (!is_visible_file(conn, directory, dname, &st, True)) {
2099 /* Quick check for "." and ".." */
2100 if (fname[0] == '.') {
2101 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2106 if(!mask_match(fname, mask, conn->case_sensitive)) {
2110 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2112 status = check_name(conn, fname);
2113 if (!NT_STATUS_IS_OK(status)) {
2118 status = do_unlink(conn, req, fname, dirtype);
2119 if (!NT_STATUS_IS_OK(status)) {
2124 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2130 if (count == 0 && NT_STATUS_IS_OK(status)) {
2131 status = map_nt_error_from_unix(errno);
2137 /****************************************************************************
2139 ****************************************************************************/
2141 int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
2148 BOOL path_contains_wcard = False;
2149 struct smb_request req;
2151 START_PROFILE(SMBunlink);
2153 init_smb_request(&req, (uint8 *)inbuf);
2155 dirtype = SVAL(inbuf,smb_vwv0);
2157 srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), name,
2158 smb_buf(inbuf) + 1, sizeof(name), 0,
2159 STR_TERMINATE, &status, &path_contains_wcard);
2160 if (!NT_STATUS_IS_OK(status)) {
2161 END_PROFILE(SMBunlink);
2162 return ERROR_NT(status);
2165 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, name, &path_contains_wcard);
2166 if (!NT_STATUS_IS_OK(status)) {
2167 END_PROFILE(SMBunlink);
2168 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2169 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
2171 return ERROR_NT(status);
2174 DEBUG(3,("reply_unlink : %s\n",name));
2176 status = unlink_internals(conn, &req, dirtype, name,
2177 path_contains_wcard);
2178 if (!NT_STATUS_IS_OK(status)) {
2179 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
2180 /* We have re-scheduled this call. */
2183 return ERROR_NT(status);
2186 outsize = set_message(inbuf,outbuf,0,0,False);
2188 END_PROFILE(SMBunlink);
2192 /****************************************************************************
2194 ****************************************************************************/
2196 static void fail_readraw(void)
2199 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2201 exit_server_cleanly(errstr);
2204 /****************************************************************************
2205 Fake (read/write) sendfile. Returns -1 on read or write fail.
2206 ****************************************************************************/
2208 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos, size_t nread, char *buf, size_t bufsize)
2210 size_t tosend = nread;
2212 while (tosend > 0) {
2216 if (tosend > bufsize) {
2221 ret = read_file(fsp,buf,startpos,cur_read);
2226 /* If we had a short read, fill with zeros. */
2227 if (ret < cur_read) {
2228 memset(buf, '\0', cur_read - ret);
2231 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2235 startpos += cur_read;
2238 return (ssize_t)nread;
2241 /****************************************************************************
2242 Use sendfile in readbraw.
2243 ****************************************************************************/
2245 void send_file_readbraw(connection_struct *conn, files_struct *fsp, SMB_OFF_T startpos, size_t nread,
2246 ssize_t mincount, char *outbuf, int out_buffsize)
2250 #if defined(WITH_SENDFILE)
2252 * We can only use sendfile on a non-chained packet
2253 * but we can use on a non-oplocked file. tridge proved this
2254 * on a train in Germany :-). JRA.
2255 * reply_readbraw has already checked the length.
2258 if ( (chain_size == 0) && (nread > 0) &&
2259 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2262 _smb_setlen(outbuf,nread);
2263 header.data = (uint8 *)outbuf;
2267 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, nread) == -1) {
2268 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2269 if (errno == ENOSYS) {
2270 goto normal_readbraw;
2274 * Special hack for broken Linux with no working sendfile. If we
2275 * return EINTR we sent the header but not the rest of the data.
2276 * Fake this up by doing read/write calls.
2278 if (errno == EINTR) {
2279 /* Ensure we don't do this again. */
2280 set_use_sendfile(SNUM(conn), False);
2281 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2283 if (fake_sendfile(fsp, startpos, nread, outbuf + 4, out_buffsize - 4) == -1) {
2284 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2285 fsp->fsp_name, strerror(errno) ));
2286 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2291 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2292 fsp->fsp_name, strerror(errno) ));
2293 exit_server_cleanly("send_file_readbraw sendfile failed");
2303 ret = read_file(fsp,outbuf+4,startpos,nread);
2304 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2313 _smb_setlen(outbuf,ret);
2314 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2318 /****************************************************************************
2319 Reply to a readbraw (core+ protocol).
2320 ****************************************************************************/
2322 int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int out_buffsize)
2324 ssize_t maxcount,mincount;
2327 char *header = outbuf;
2329 START_PROFILE(SMBreadbraw);
2331 if (srv_is_signing_active()) {
2332 exit_server_cleanly("reply_readbraw: SMB signing is active - raw reads/writes are disallowed.");
2336 * Special check if an oplock break has been issued
2337 * and the readraw request croses on the wire, we must
2338 * return a zero length response here.
2341 fsp = file_fsp(inbuf,smb_vwv0);
2343 if (!FNUM_OK(fsp,conn) || !fsp->can_read) {
2345 * fsp could be NULL here so use the value from the packet. JRA.
2347 DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",(int)SVAL(inbuf,smb_vwv0)));
2348 _smb_setlen(header,0);
2349 if (write_data(smbd_server_fd(),header,4) != 4)
2351 END_PROFILE(SMBreadbraw);
2355 CHECK_FSP(fsp,conn);
2357 flush_write_cache(fsp, READRAW_FLUSH);
2359 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
2360 if(CVAL(inbuf,smb_wct) == 10) {
2362 * This is a large offset (64 bit) read.
2364 #ifdef LARGE_SMB_OFF_T
2366 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv8)) << 32);
2368 #else /* !LARGE_SMB_OFF_T */
2371 * Ensure we haven't been sent a >32 bit offset.
2374 if(IVAL(inbuf,smb_vwv8) != 0) {
2375 DEBUG(0,("readbraw - large offset (%x << 32) used and we don't support \
2376 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv8) ));
2377 _smb_setlen(header,0);
2378 if (write_data(smbd_server_fd(),header,4) != 4)
2380 END_PROFILE(SMBreadbraw);
2384 #endif /* LARGE_SMB_OFF_T */
2387 DEBUG(0,("readbraw - negative 64 bit readraw offset (%.0f) !\n", (double)startpos ));
2388 _smb_setlen(header,0);
2389 if (write_data(smbd_server_fd(),header,4) != 4)
2391 END_PROFILE(SMBreadbraw);
2395 maxcount = (SVAL(inbuf,smb_vwv3) & 0xFFFF);
2396 mincount = (SVAL(inbuf,smb_vwv4) & 0xFFFF);
2398 /* ensure we don't overrun the packet size */
2399 maxcount = MIN(65535,maxcount);
2401 if (!is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2405 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2409 if (startpos >= size) {
2412 nread = MIN(maxcount,(size - startpos));
2416 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2417 if (nread < mincount)
2421 DEBUG( 3, ( "readbraw fnum=%d start=%.0f max=%lu min=%lu nread=%lu\n", fsp->fnum, (double)startpos,
2422 (unsigned long)maxcount, (unsigned long)mincount, (unsigned long)nread ) );
2424 send_file_readbraw(conn, fsp, startpos, nread, mincount, outbuf, out_buffsize);
2426 DEBUG(5,("readbraw finished\n"));
2427 END_PROFILE(SMBreadbraw);
2432 #define DBGC_CLASS DBGC_LOCKING
2434 /****************************************************************************
2435 Reply to a lockread (core+ protocol).
2436 ****************************************************************************/
2438 int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz)
2446 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2447 struct byte_range_lock *br_lck = NULL;
2448 START_PROFILE(SMBlockread);
2450 CHECK_FSP(fsp,conn);
2451 if (!CHECK_READ(fsp,inbuf)) {
2452 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2455 release_level_2_oplocks_on_change(fsp);
2457 numtoread = SVAL(inbuf,smb_vwv1);
2458 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2460 outsize = set_message(inbuf,outbuf,5,3,True);
2461 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2462 data = smb_buf(outbuf) + 3;
2465 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2466 * protocol request that predates the read/write lock concept.
2467 * Thus instead of asking for a read lock here we need to ask
2468 * for a write lock. JRA.
2469 * Note that the requested lock size is unaffected by max_recv.
2472 br_lck = do_lock(smbd_messaging_context(),
2474 (uint32)SVAL(inbuf,smb_pid),
2475 (SMB_BIG_UINT)numtoread,
2476 (SMB_BIG_UINT)startpos,
2479 False, /* Non-blocking lock. */
2482 TALLOC_FREE(br_lck);
2484 if (NT_STATUS_V(status)) {
2485 END_PROFILE(SMBlockread);
2486 return ERROR_NT(status);
2490 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2493 if (numtoread > max_recv) {
2494 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2495 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2496 (unsigned int)numtoread, (unsigned int)max_recv ));
2497 numtoread = MIN(numtoread,max_recv);
2499 nread = read_file(fsp,data,startpos,numtoread);
2502 END_PROFILE(SMBlockread);
2503 return(UNIXERROR(ERRDOS,ERRnoaccess));
2507 SSVAL(outbuf,smb_vwv0,nread);
2508 SSVAL(outbuf,smb_vwv5,nread+3);
2509 SSVAL(smb_buf(outbuf),1,nread);
2511 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2512 fsp->fnum, (int)numtoread, (int)nread));
2514 END_PROFILE(SMBlockread);
2519 #define DBGC_CLASS DBGC_ALL
2521 /****************************************************************************
2523 ****************************************************************************/
2525 int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2532 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2533 START_PROFILE(SMBread);
2535 CHECK_FSP(fsp,conn);
2536 if (!CHECK_READ(fsp,inbuf)) {
2537 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2540 numtoread = SVAL(inbuf,smb_vwv1);
2541 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2543 outsize = set_message(inbuf,outbuf,5,3,True);
2544 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2546 * The requested read size cannot be greater than max_recv. JRA.
2548 if (numtoread > max_recv) {
2549 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
2550 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2551 (unsigned int)numtoread, (unsigned int)max_recv ));
2552 numtoread = MIN(numtoread,max_recv);
2555 data = smb_buf(outbuf) + 3;
2557 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2558 END_PROFILE(SMBread);
2559 return ERROR_DOS(ERRDOS,ERRlock);
2563 nread = read_file(fsp,data,startpos,numtoread);
2566 END_PROFILE(SMBread);
2567 return(UNIXERROR(ERRDOS,ERRnoaccess));
2571 SSVAL(outbuf,smb_vwv0,nread);
2572 SSVAL(outbuf,smb_vwv5,nread+3);
2573 SCVAL(smb_buf(outbuf),0,1);
2574 SSVAL(smb_buf(outbuf),1,nread);
2576 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
2577 fsp->fnum, (int)numtoread, (int)nread ) );
2579 END_PROFILE(SMBread);
2583 /****************************************************************************
2585 ****************************************************************************/
2587 static int setup_readX_header(char *inbuf, char *outbuf, size_t smb_maxcnt)
2590 char *data = smb_buf(outbuf);
2592 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2593 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
2594 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2595 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
2596 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
2597 SCVAL(outbuf,smb_vwv0,0xFF);
2598 outsize = set_message(inbuf, outbuf,12,smb_maxcnt,False);
2599 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
2600 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
2604 /****************************************************************************
2605 Reply to a read and X - possibly using sendfile.
2606 ****************************************************************************/
2608 int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length, int len_outbuf,
2609 files_struct *fsp, SMB_OFF_T startpos, size_t smb_maxcnt)
2611 SMB_STRUCT_STAT sbuf;
2614 char *data = smb_buf(outbuf);
2616 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
2617 return(UNIXERROR(ERRDOS,ERRnoaccess));
2620 if (startpos > sbuf.st_size) {
2622 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
2623 smb_maxcnt = (sbuf.st_size - startpos);
2626 if (smb_maxcnt == 0) {
2630 #if defined(WITH_SENDFILE)
2632 * We can only use sendfile on a non-chained packet
2633 * but we can use on a non-oplocked file. tridge proved this
2634 * on a train in Germany :-). JRA.
2637 if ((chain_size == 0) && (CVAL(inbuf,smb_vwv0) == 0xFF) &&
2638 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
2642 * Set up the packet header before send. We
2643 * assume here the sendfile will work (get the
2644 * correct amount of data).
2647 setup_readX_header(inbuf,outbuf,smb_maxcnt);
2648 set_message(inbuf,outbuf,12,smb_maxcnt,False);
2649 header.data = (uint8 *)outbuf;
2650 header.length = data - outbuf;
2653 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
2654 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2655 if (errno == ENOSYS) {
2660 * Special hack for broken Linux with no working sendfile. If we
2661 * return EINTR we sent the header but not the rest of the data.
2662 * Fake this up by doing read/write calls.
2665 if (errno == EINTR) {
2666 /* Ensure we don't do this again. */
2667 set_use_sendfile(SNUM(conn), False);
2668 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
2670 if ((nread = fake_sendfile(fsp, startpos, smb_maxcnt, data,
2671 len_outbuf - (data-outbuf))) == -1) {
2672 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
2673 fsp->fsp_name, strerror(errno) ));
2674 exit_server_cleanly("send_file_readX: fake_sendfile failed");
2676 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
2677 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2678 /* Returning -1 here means successful sendfile. */
2682 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
2683 fsp->fsp_name, strerror(errno) ));
2684 exit_server_cleanly("send_file_readX sendfile failed");
2687 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
2688 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2689 /* Returning -1 here means successful sendfile. */
2697 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
2698 int sendlen = setup_readX_header(inbuf,outbuf,smb_maxcnt) - smb_maxcnt;
2699 /* Send out the header. */
2700 if (write_data(smbd_server_fd(),outbuf,sendlen) != sendlen) {
2701 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
2702 fsp->fsp_name, strerror(errno) ));
2703 exit_server_cleanly("send_file_readX sendfile failed");
2705 if ((nread = fake_sendfile(fsp, startpos, smb_maxcnt, data,
2706 len_outbuf - (data-outbuf))) == -1) {
2707 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
2708 fsp->fsp_name, strerror(errno) ));
2709 exit_server_cleanly("send_file_readX: fake_sendfile failed");
2713 nread = read_file(fsp,data,startpos,smb_maxcnt);
2716 return(UNIXERROR(ERRDOS,ERRnoaccess));
2719 outsize = setup_readX_header(inbuf, outbuf,nread);
2721 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
2722 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2724 /* Returning the number of bytes we want to send back - including header. */
2729 /****************************************************************************
2730 Reply to a read and X.
2731 ****************************************************************************/
2733 int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
2735 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
2736 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2738 size_t smb_maxcnt = SVAL(inbuf,smb_vwv5);
2739 BOOL big_readX = False;
2741 size_t smb_mincnt = SVAL(inbuf,smb_vwv6);
2744 START_PROFILE(SMBreadX);
2746 /* If it's an IPC, pass off the pipe handler. */
2748 END_PROFILE(SMBreadX);
2749 return reply_pipe_read_and_X(inbuf,outbuf,length,bufsize);
2752 CHECK_FSP(fsp,conn);
2753 if (!CHECK_READ(fsp,inbuf)) {
2754 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2757 set_message(inbuf,outbuf,12,0,True);
2759 if (global_client_caps & CAP_LARGE_READX) {
2760 size_t upper_size = SVAL(inbuf,smb_vwv7);
2761 smb_maxcnt |= (upper_size<<16);
2762 if (upper_size > 1) {
2763 /* Can't do this on a chained packet. */
2764 if ((CVAL(inbuf,smb_vwv0) != 0xFF)) {
2765 return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
2767 /* We currently don't do this on signed or sealed data. */
2768 if (srv_is_signing_active() || srv_encryption_on()) {
2769 return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
2771 /* Is there room in the reply for this data ? */
2772 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
2773 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
2779 if(CVAL(inbuf,smb_wct) == 12) {
2780 #ifdef LARGE_SMB_OFF_T
2782 * This is a large offset (64 bit) read.
2784 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv10)) << 32);
2786 #else /* !LARGE_SMB_OFF_T */
2789 * Ensure we haven't been sent a >32 bit offset.
2792 if(IVAL(inbuf,smb_vwv10) != 0) {
2793 DEBUG(0,("reply_read_and_X - large offset (%x << 32) used and we don't support \
2794 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv10) ));
2795 END_PROFILE(SMBreadX);
2796 return ERROR_DOS(ERRDOS,ERRbadaccess);
2799 #endif /* LARGE_SMB_OFF_T */
2803 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)smb_maxcnt,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2804 END_PROFILE(SMBreadX);
2805 return ERROR_DOS(ERRDOS,ERRlock);
2808 if (!big_readX && schedule_aio_read_and_X(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt)) {
2809 END_PROFILE(SMBreadX);
2813 nread = send_file_readX(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt);
2814 /* Only call chain_reply if not an error. */
2815 if (nread != -1 && SVAL(outbuf,smb_rcls) == 0) {
2816 nread = chain_reply(inbuf,outbuf,length,bufsize);
2819 END_PROFILE(SMBreadX);
2823 /****************************************************************************
2824 Reply to a writebraw (core+ or LANMAN1.0 protocol).
2825 ****************************************************************************/
2827 int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2830 ssize_t total_written=0;
2831 size_t numtowrite=0;
2836 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2839 START_PROFILE(SMBwritebraw);
2841 if (srv_is_signing_active()) {
2842 exit_server_cleanly("reply_writebraw: SMB signing is active - raw reads/writes are disallowed.");
2845 CHECK_FSP(fsp,conn);
2846 if (!CHECK_WRITE(fsp)) {
2847 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2850 tcount = IVAL(inbuf,smb_vwv1);
2851 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2852 write_through = BITSETW(inbuf+smb_vwv7,0);
2854 /* We have to deal with slightly different formats depending
2855 on whether we are using the core+ or lanman1.0 protocol */
2857 if(Protocol <= PROTOCOL_COREPLUS) {
2858 numtowrite = SVAL(smb_buf(inbuf),-2);
2859 data = smb_buf(inbuf);
2861 numtowrite = SVAL(inbuf,smb_vwv10);
2862 data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
2865 /* force the error type */
2866 SCVAL(inbuf,smb_com,SMBwritec);
2867 SCVAL(outbuf,smb_com,SMBwritec);
2869 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2870 END_PROFILE(SMBwritebraw);
2871 return(ERROR_DOS(ERRDOS,ERRlock));
2875 nwritten = write_file(fsp,data,startpos,numtowrite);
2877 DEBUG(3,("writebraw1 fnum=%d start=%.0f num=%d wrote=%d sync=%d\n",
2878 fsp->fnum, (double)startpos, (int)numtowrite, (int)nwritten, (int)write_through));
2880 if (nwritten < (ssize_t)numtowrite) {
2881 END_PROFILE(SMBwritebraw);
2882 return(UNIXERROR(ERRHRD,ERRdiskfull));
2885 total_written = nwritten;
2887 /* Return a message to the redirector to tell it to send more bytes */
2888 SCVAL(outbuf,smb_com,SMBwritebraw);
2889 SSVALS(outbuf,smb_vwv0,-1);
2890 outsize = set_message(inbuf,outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
2892 if (!send_smb(smbd_server_fd(),outbuf))
2893 exit_server_cleanly("reply_writebraw: send_smb failed.");
2895 /* Now read the raw data into the buffer and write it */
2896 if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
2897 exit_server_cleanly("secondary writebraw failed");
2900 /* Even though this is not an smb message, smb_len returns the generic length of an smb message */
2901 numtowrite = smb_len(inbuf);
2903 /* Set up outbuf to return the correct return */
2904 outsize = set_message(inbuf,outbuf,1,0,True);
2905 SCVAL(outbuf,smb_com,SMBwritec);
2907 if (numtowrite != 0) {
2909 if (numtowrite > BUFFER_SIZE) {
2910 DEBUG(0,("reply_writebraw: Oversize secondary write raw requested (%u). Terminating\n",
2911 (unsigned int)numtowrite ));
2912 exit_server_cleanly("secondary writebraw failed");
2915 if (tcount > nwritten+numtowrite) {
2916 DEBUG(3,("Client overestimated the write %d %d %d\n",
2917 (int)tcount,(int)nwritten,(int)numtowrite));
2920 if (read_data( smbd_server_fd(), inbuf+4, numtowrite) != numtowrite ) {
2921 DEBUG(0,("reply_writebraw: Oversize secondary write raw read failed (%s). Terminating\n",
2923 exit_server_cleanly("secondary writebraw failed");
2926 nwritten = write_file(fsp,inbuf+4,startpos+nwritten,numtowrite);
2927 if (nwritten == -1) {
2928 END_PROFILE(SMBwritebraw);
2929 return(UNIXERROR(ERRHRD,ERRdiskfull));
2932 if (nwritten < (ssize_t)numtowrite) {
2933 SCVAL(outbuf,smb_rcls,ERRHRD);
2934 SSVAL(outbuf,smb_err,ERRdiskfull);
2938 total_written += nwritten;
2941 SSVAL(outbuf,smb_vwv0,total_written);
2943 status = sync_file(conn, fsp, write_through);
2944 if (!NT_STATUS_IS_OK(status)) {
2945 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
2946 fsp->fsp_name, nt_errstr(status) ));
2947 END_PROFILE(SMBwritebraw);
2948 return ERROR_NT(status);
2951 DEBUG(3,("writebraw2 fnum=%d start=%.0f num=%d wrote=%d\n",
2952 fsp->fnum, (double)startpos, (int)numtowrite,(int)total_written));
2954 /* we won't return a status if write through is not selected - this follows what WfWg does */
2955 END_PROFILE(SMBwritebraw);
2956 if (!write_through && total_written==tcount) {
2958 #if RABBIT_PELLET_FIX
2960 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
2961 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
2963 if (!send_keepalive(smbd_server_fd()))
2964 exit_server_cleanly("reply_writebraw: send of keepalive failed");
2973 #define DBGC_CLASS DBGC_LOCKING
2975 /****************************************************************************
2976 Reply to a writeunlock (core+).
2977 ****************************************************************************/
2979 int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf,
2980 int size, int dum_buffsize)
2982 ssize_t nwritten = -1;
2986 NTSTATUS status = NT_STATUS_OK;
2987 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2989 START_PROFILE(SMBwriteunlock);
2991 CHECK_FSP(fsp,conn);
2992 if (!CHECK_WRITE(fsp)) {
2993 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2996 numtowrite = SVAL(inbuf,smb_vwv1);
2997 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2998 data = smb_buf(inbuf) + 3;
3000 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3001 END_PROFILE(SMBwriteunlock);
3002 return ERROR_DOS(ERRDOS,ERRlock);
3005 /* The special X/Open SMB protocol handling of
3006 zero length writes is *NOT* done for
3008 if(numtowrite == 0) {
3011 nwritten = write_file(fsp,data,startpos,numtowrite);
3014 status = sync_file(conn, fsp, False /* write through */);
3015 if (!NT_STATUS_IS_OK(status)) {
3016 END_PROFILE(SMBwriteunlock);
3017 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3018 fsp->fsp_name, nt_errstr(status) ));
3019 return ERROR_NT(status);
3022 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3023 END_PROFILE(SMBwriteunlock);
3024 return(UNIXERROR(ERRHRD,ERRdiskfull));
3028 status = do_unlock(smbd_messaging_context(),
3030 (uint32)SVAL(inbuf,smb_pid),
3031 (SMB_BIG_UINT)numtowrite,
3032 (SMB_BIG_UINT)startpos,
3035 if (NT_STATUS_V(status)) {
3036 END_PROFILE(SMBwriteunlock);
3037 return ERROR_NT(status);
3041 outsize = set_message(inbuf,outbuf,1,0,True);
3043 SSVAL(outbuf,smb_vwv0,nwritten);
3045 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3046 fsp->fnum, (int)numtowrite, (int)nwritten));
3048 END_PROFILE(SMBwriteunlock);
3053 #define DBGC_CLASS DBGC_ALL
3055 /****************************************************************************
3057 ****************************************************************************/
3059 int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int dum_buffsize)
3062 ssize_t nwritten = -1;
3065 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3068 START_PROFILE(SMBwrite);
3070 /* If it's an IPC, pass off the pipe handler. */
3072 END_PROFILE(SMBwrite);
3073 return reply_pipe_write(inbuf,outbuf,size,dum_buffsize);
3076 CHECK_FSP(fsp,conn);
3077 if (!CHECK_WRITE(fsp)) {
3078 END_PROFILE(SMBwrite);
3079 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3082 numtowrite = SVAL(inbuf,smb_vwv1);
3083 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3084 data = smb_buf(inbuf) + 3;
3086 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3087 END_PROFILE(SMBwrite);
3088 return ERROR_DOS(ERRDOS,ERRlock);
3092 * X/Open SMB protocol says that if smb_vwv1 is
3093 * zero then the file size should be extended or
3094 * truncated to the size given in smb_vwv[2-3].
3097 if(numtowrite == 0) {
3099 * This is actually an allocate call, and set EOF. JRA.
3101 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3103 END_PROFILE(SMBwrite);
3104 return ERROR_NT(NT_STATUS_DISK_FULL);
3106 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3108 END_PROFILE(SMBwrite);
3109 return ERROR_NT(NT_STATUS_DISK_FULL);
3112 nwritten = write_file(fsp,data,startpos,numtowrite);
3114 status = sync_file(conn, fsp, False);
3115 if (!NT_STATUS_IS_OK(status)) {
3116 END_PROFILE(SMBwrite);
3117 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3118 fsp->fsp_name, nt_errstr(status) ));
3119 return ERROR_NT(status);
3122 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3123 END_PROFILE(SMBwrite);
3124 return(UNIXERROR(ERRHRD,ERRdiskfull));
3127 outsize = set_message(inbuf,outbuf,1,0,True);
3129 SSVAL(outbuf,smb_vwv0,nwritten);
3131 if (nwritten < (ssize_t)numtowrite) {
3132 SCVAL(outbuf,smb_rcls,ERRHRD);
3133 SSVAL(outbuf,smb_err,ERRdiskfull);
3136 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3138 END_PROFILE(SMBwrite);
3142 /****************************************************************************
3143 Reply to a write and X.
3144 ****************************************************************************/
3146 int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
3148 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
3149 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
3150 size_t numtowrite = SVAL(inbuf,smb_vwv10);
3151 BOOL write_through = BITSETW(inbuf+smb_vwv7,0);
3152 ssize_t nwritten = -1;
3153 unsigned int smb_doff = SVAL(inbuf,smb_vwv11);
3154 unsigned int smblen = smb_len(inbuf);
3156 BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
3158 START_PROFILE(SMBwriteX);
3160 /* If it's an IPC, pass off the pipe handler. */
3162 END_PROFILE(SMBwriteX);
3163 return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize);
3166 CHECK_FSP(fsp,conn);
3167 if (!CHECK_WRITE(fsp)) {
3168 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3171 set_message(inbuf,outbuf,6,0,True);
3173 /* Deal with possible LARGE_WRITEX */
3175 numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
3178 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3179 END_PROFILE(SMBwriteX);
3180 return ERROR_DOS(ERRDOS,ERRbadmem);
3183 data = smb_base(inbuf) + smb_doff;
3185 if(CVAL(inbuf,smb_wct) == 14) {
3186 #ifdef LARGE_SMB_OFF_T
3188 * This is a large offset (64 bit) write.
3190 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv12)) << 32);
3192 #else /* !LARGE_SMB_OFF_T */
3195 * Ensure we haven't been sent a >32 bit offset.
3198 if(IVAL(inbuf,smb_vwv12) != 0) {
3199 DEBUG(0,("reply_write_and_X - large offset (%x << 32) used and we don't support \
3200 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv12) ));
3201 END_PROFILE(SMBwriteX);
3202 return ERROR_DOS(ERRDOS,ERRbadaccess);
3205 #endif /* LARGE_SMB_OFF_T */
3208 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3209 END_PROFILE(SMBwriteX);
3210 return ERROR_DOS(ERRDOS,ERRlock);
3213 /* X/Open SMB protocol says that, unlike SMBwrite
3214 if the length is zero then NO truncation is
3215 done, just a write of zero. To truncate a file,
3218 if(numtowrite == 0) {
3222 if (schedule_aio_write_and_X(conn, inbuf, outbuf, length, bufsize,
3223 fsp,data,startpos,numtowrite)) {
3224 END_PROFILE(SMBwriteX);
3228 nwritten = write_file(fsp,data,startpos,numtowrite);
3231 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3232 END_PROFILE(SMBwriteX);
3233 return(UNIXERROR(ERRHRD,ERRdiskfull));
3236 SSVAL(outbuf,smb_vwv2,nwritten);
3238 SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1);
3240 if (nwritten < (ssize_t)numtowrite) {
3241 SCVAL(outbuf,smb_rcls,ERRHRD);
3242 SSVAL(outbuf,smb_err,ERRdiskfull);
3245 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3246 fsp->fnum, (int)numtowrite, (int)nwritten));
3248 status = sync_file(conn, fsp, write_through);
3249 if (!NT_STATUS_IS_OK(status)) {
3250 END_PROFILE(SMBwriteX);
3251 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
3252 fsp->fsp_name, nt_errstr(status) ));
3253 return ERROR_NT(status);
3256 END_PROFILE(SMBwriteX);
3257 return chain_reply(inbuf,outbuf,length,bufsize);
3260 /****************************************************************************
3262 ****************************************************************************/
3264 int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3270 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3271 START_PROFILE(SMBlseek);
3273 CHECK_FSP(fsp,conn);
3275 flush_write_cache(fsp, SEEK_FLUSH);
3277 mode = SVAL(inbuf,smb_vwv1) & 3;
3278 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3279 startpos = (SMB_OFF_T)IVALS(inbuf,smb_vwv2);
3288 res = fsp->fh->pos + startpos;
3299 if (umode == SEEK_END) {
3300 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
3301 if(errno == EINVAL) {
3302 SMB_OFF_T current_pos = startpos;
3303 SMB_STRUCT_STAT sbuf;
3305 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3306 END_PROFILE(SMBlseek);
3307 return(UNIXERROR(ERRDOS,ERRnoaccess));
3310 current_pos += sbuf.st_size;
3312 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
3317 END_PROFILE(SMBlseek);
3318 return(UNIXERROR(ERRDOS,ERRnoaccess));
3324 outsize = set_message(inbuf,outbuf,2,0,True);
3325 SIVAL(outbuf,smb_vwv0,res);
3327 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
3328 fsp->fnum, (double)startpos, (double)res, mode));
3330 END_PROFILE(SMBlseek);
3334 /****************************************************************************
3336 ****************************************************************************/
3338 int reply_flush(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3340 int outsize = set_message(inbuf,outbuf,0,0,False);
3341 uint16 fnum = SVAL(inbuf,smb_vwv0);
3342 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3343 START_PROFILE(SMBflush);
3346 CHECK_FSP(fsp,conn);
3349 file_sync_all(conn);
3351 NTSTATUS status = sync_file(conn, fsp, True);
3352 if (!NT_STATUS_IS_OK(status)) {
3353 END_PROFILE(SMBflush);
3354 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
3355 fsp->fsp_name, nt_errstr(status) ));
3356 return ERROR_NT(status);
3360 DEBUG(3,("flush\n"));
3361 END_PROFILE(SMBflush);
3365 /****************************************************************************
3367 conn POINTER CAN BE NULL HERE !
3368 ****************************************************************************/
3370 int reply_exit(connection_struct *conn,
3371 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3374 START_PROFILE(SMBexit);
3376 file_close_pid(SVAL(inbuf,smb_pid),SVAL(inbuf,smb_uid));
3378 outsize = set_message(inbuf,outbuf,0,0,False);
3380 DEBUG(3,("exit\n"));
3382 END_PROFILE(SMBexit);
3386 /****************************************************************************
3387 Reply to a close - has to deal with closing a directory opened by NT SMB's.
3388 ****************************************************************************/
3390 int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size,
3393 NTSTATUS status = NT_STATUS_OK;
3395 files_struct *fsp = NULL;
3396 START_PROFILE(SMBclose);
3398 outsize = set_message(inbuf,outbuf,0,0,False);
3400 /* If it's an IPC, pass off to the pipe handler. */
3402 END_PROFILE(SMBclose);
3403 return reply_pipe_close(conn, inbuf,outbuf);
3406 fsp = file_fsp(inbuf,smb_vwv0);
3409 * We can only use CHECK_FSP if we know it's not a directory.
3412 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
3413 END_PROFILE(SMBclose);
3414 return ERROR_DOS(ERRDOS,ERRbadfid);
3417 if(fsp->is_directory) {
3419 * Special case - close NT SMB directory handle.
3421 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
3422 status = close_file(fsp,NORMAL_CLOSE);
3425 * Close ordinary file.
3428 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
3429 fsp->fh->fd, fsp->fnum,
3430 conn->num_files_open));
3433 * Take care of any time sent in the close.
3436 fsp_set_pending_modtime(fsp,
3437 convert_time_t_to_timespec(srv_make_unix_date3(inbuf+smb_vwv1)));
3440 * close_file() returns the unix errno if an error
3441 * was detected on close - normally this is due to
3442 * a disk full error. If not then it was probably an I/O error.
3445 status = close_file(fsp,NORMAL_CLOSE);
3448 if(!NT_STATUS_IS_OK(status)) {
3449 END_PROFILE(SMBclose);
3450 return ERROR_NT(status);
3453 END_PROFILE(SMBclose);
3457 /****************************************************************************
3458 Reply to a writeclose (Core+ protocol).
3459 ****************************************************************************/
3461 int reply_writeclose(connection_struct *conn,
3462 char *inbuf,char *outbuf, int size, int dum_buffsize)
3465 ssize_t nwritten = -1;
3467 NTSTATUS close_status = NT_STATUS_OK;
3470 struct timespec mtime;
3471 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3472 START_PROFILE(SMBwriteclose);
3474 CHECK_FSP(fsp,conn);
3475 if (!CHECK_WRITE(fsp)) {
3476 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3479 numtowrite = SVAL(inbuf,smb_vwv1);
3480 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3481 mtime = convert_time_t_to_timespec(srv_make_unix_date3(inbuf+smb_vwv4));
3482 data = smb_buf(inbuf) + 1;
3484 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3485 END_PROFILE(SMBwriteclose);
3486 return ERROR_DOS(ERRDOS,ERRlock);
3489 nwritten = write_file(fsp,data,startpos,numtowrite);
3491 set_filetime(conn, fsp->fsp_name, mtime);
3494 * More insanity. W2K only closes the file if writelen > 0.
3499 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
3501 close_status = close_file(fsp,NORMAL_CLOSE);
3504 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
3505 fsp->fnum, (int)numtowrite, (int)nwritten,
3506 conn->num_files_open));
3508 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3509 END_PROFILE(SMBwriteclose);
3510 return(UNIXERROR(ERRHRD,ERRdiskfull));
3513 if(!NT_STATUS_IS_OK(close_status)) {
3514 END_PROFILE(SMBwriteclose);
3515 return ERROR_NT(close_status);
3518 outsize = set_message(inbuf,outbuf,1,0,True);
3520 SSVAL(outbuf,smb_vwv0,nwritten);
3521 END_PROFILE(SMBwriteclose);
3526 #define DBGC_CLASS DBGC_LOCKING
3528 /****************************************************************************
3530 ****************************************************************************/
3532 int reply_lock(connection_struct *conn,
3533 char *inbuf,char *outbuf, int length, int dum_buffsize)
3535 int outsize = set_message(inbuf,outbuf,0,0,False);
3536 SMB_BIG_UINT count,offset;
3538 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3539 struct byte_range_lock *br_lck = NULL;
3541 START_PROFILE(SMBlock);
3543 CHECK_FSP(fsp,conn);
3545 release_level_2_oplocks_on_change(fsp);
3547 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3548 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3550 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3551 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
3553 br_lck = do_lock(smbd_messaging_context(),
3555 (uint32)SVAL(inbuf,smb_pid),
3560 False, /* Non-blocking lock. */
3564 TALLOC_FREE(br_lck);
3566 if (NT_STATUS_V(status)) {
3567 END_PROFILE(SMBlock);
3568 return ERROR_NT(status);
3571 END_PROFILE(SMBlock);
3575 /****************************************************************************
3577 ****************************************************************************/
3579 int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size,
3582 int outsize = set_message(inbuf,outbuf,0,0,False);
3583 SMB_BIG_UINT count,offset;
3585 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3586 START_PROFILE(SMBunlock);
3588 CHECK_FSP(fsp,conn);
3590 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3591 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3593 status = do_unlock(smbd_messaging_context(),
3595 (uint32)SVAL(inbuf,smb_pid),
3600 if (NT_STATUS_V(status)) {
3601 END_PROFILE(SMBunlock);
3602 return ERROR_NT(status);
3605 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3606 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
3608 END_PROFILE(SMBunlock);
3613 #define DBGC_CLASS DBGC_ALL
3615 /****************************************************************************
3617 conn POINTER CAN BE NULL HERE !
3618 ****************************************************************************/
3620 int reply_tdis(connection_struct *conn,
3621 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3623 int outsize = set_message(inbuf,outbuf,0,0,False);
3625 START_PROFILE(SMBtdis);
3627 vuid = SVAL(inbuf,smb_uid);
3630 DEBUG(4,("Invalid connection in tdis\n"));
3631 END_PROFILE(SMBtdis);
3632 return ERROR_DOS(ERRSRV,ERRinvnid);
3637 close_cnum(conn,vuid);
3639 END_PROFILE(SMBtdis);
3643 /****************************************************************************
3645 conn POINTER CAN BE NULL HERE !
3646 ****************************************************************************/
3648 int reply_echo(connection_struct *conn,
3649 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3651 int smb_reverb = SVAL(inbuf,smb_vwv0);
3653 unsigned int data_len = smb_buflen(inbuf);
3654 int outsize = set_message(inbuf,outbuf,1,data_len,True);
3655 START_PROFILE(SMBecho);
3657 if (data_len > BUFFER_SIZE) {
3658 DEBUG(0,("reply_echo: data_len too large.\n"));
3659 END_PROFILE(SMBecho);
3663 /* copy any incoming data back out */
3665 memcpy(smb_buf(outbuf),smb_buf(inbuf),data_len);
3667 if (smb_reverb > 100) {
3668 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
3672 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
3673 SSVAL(outbuf,smb_vwv0,seq_num);
3675 smb_setlen(inbuf,outbuf,outsize - 4);
3678 if (!send_smb(smbd_server_fd(),outbuf))
3679 exit_server_cleanly("reply_echo: send_smb failed.");
3682 DEBUG(3,("echo %d times\n", smb_reverb));
3686 END_PROFILE(SMBecho);
3690 /****************************************************************************
3691 Reply to a printopen.
3692 ****************************************************************************/
3694 int reply_printopen(connection_struct *conn,
3695 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3701 START_PROFILE(SMBsplopen);
3703 if (!CAN_PRINT(conn)) {
3704 END_PROFILE(SMBsplopen);
3705 return ERROR_DOS(ERRDOS,ERRnoaccess);
3708 /* Open for exclusive use, write only. */
3709 status = print_fsp_open(conn, NULL, &fsp);
3711 if (!NT_STATUS_IS_OK(status)) {
3712 END_PROFILE(SMBsplopen);
3713 return(ERROR_NT(status));
3716 outsize = set_message(inbuf,outbuf,1,0,True);
3717 SSVAL(outbuf,smb_vwv0,fsp->fnum);
3719 DEBUG(3,("openprint fd=%d fnum=%d\n",
3720 fsp->fh->fd, fsp->fnum));
3722 END_PROFILE(SMBsplopen);
3726 /****************************************************************************
3727 Reply to a printclose.
3728 ****************************************************************************/
3730 int reply_printclose(connection_struct *conn,
3731 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3733 int outsize = set_message(inbuf,outbuf,0,0,False);
3734 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3736 START_PROFILE(SMBsplclose);
3738 CHECK_FSP(fsp,conn);
3740 if (!CAN_PRINT(conn)) {
3741 END_PROFILE(SMBsplclose);
3742 return ERROR_NT(NT_STATUS_DOS(ERRSRV, ERRerror));
3745 DEBUG(3,("printclose fd=%d fnum=%d\n",
3746 fsp->fh->fd,fsp->fnum));
3748 status = close_file(fsp,NORMAL_CLOSE);
3750 if(!NT_STATUS_IS_OK(status)) {
3751 END_PROFILE(SMBsplclose);
3752 return ERROR_NT(status);
3755 END_PROFILE(SMBsplclose);
3759 /****************************************************************************
3760 Reply to a printqueue.
3761 ****************************************************************************/
3763 int reply_printqueue(connection_struct *conn,
3764 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3766 int outsize = set_message(inbuf,outbuf,2,3,True);
3767 int max_count = SVAL(inbuf,smb_vwv0);
3768 int start_index = SVAL(inbuf,smb_vwv1);
3769 START_PROFILE(SMBsplretq);
3771 /* we used to allow the client to get the cnum wrong, but that
3772 is really quite gross and only worked when there was only
3773 one printer - I think we should now only accept it if they
3774 get it right (tridge) */
3775 if (!CAN_PRINT(conn)) {
3776 END_PROFILE(SMBsplretq);
3777 return ERROR_DOS(ERRDOS,ERRnoaccess);
3780 SSVAL(outbuf,smb_vwv0,0);
3781 SSVAL(outbuf,smb_vwv1,0);
3782 SCVAL(smb_buf(outbuf),0,1);
3783 SSVAL(smb_buf(outbuf),1,0);
3785 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
3786 start_index, max_count));
3789 print_queue_struct *queue = NULL;
3790 print_status_struct status;
3791 char *p = smb_buf(outbuf) + 3;
3792 int count = print_queue_status(SNUM(conn), &queue, &status);
3793 int num_to_get = ABS(max_count);
3794 int first = (max_count>0?start_index:start_index+max_count+1);
3800 num_to_get = MIN(num_to_get,count-first);
3803 for (i=first;i<first+num_to_get;i++) {
3804 srv_put_dos_date2(p,0,queue[i].time);
3805 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
3806 SSVAL(p,5, queue[i].job);
3807 SIVAL(p,7,queue[i].size);
3809 srvstr_push(outbuf, p+12, queue[i].fs_user, 16, STR_ASCII);
3814 outsize = set_message(inbuf,outbuf,2,28*count+3,False);
3815 SSVAL(outbuf,smb_vwv0,count);
3816 SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1));
3817 SCVAL(smb_buf(outbuf),0,1);
3818 SSVAL(smb_buf(outbuf),1,28*count);
3823 DEBUG(3,("%d entries returned in queue\n",count));
3826 END_PROFILE(SMBsplretq);
3830 /****************************************************************************
3831 Reply to a printwrite.
3832 ****************************************************************************/
3834 int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3837 int outsize = set_message(inbuf,outbuf,0,0,False);
3839 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3841 START_PROFILE(SMBsplwr);
3843 if (!CAN_PRINT(conn)) {
3844 END_PROFILE(SMBsplwr);
3845 return ERROR_DOS(ERRDOS,ERRnoaccess);
3848 CHECK_FSP(fsp,conn);
3849 if (!CHECK_WRITE(fsp)) {
3850 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3853 numtowrite = SVAL(smb_buf(inbuf),1);
3854 data = smb_buf(inbuf) + 3;
3856 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
3857 END_PROFILE(SMBsplwr);
3858 return(UNIXERROR(ERRHRD,ERRdiskfull));
3861 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
3863 END_PROFILE(SMBsplwr);
3867 /****************************************************************************
3869 ****************************************************************************/
3871 int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3876 SMB_STRUCT_STAT sbuf;
3878 START_PROFILE(SMBmkdir);
3880 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), directory,
3881 smb_buf(inbuf) + 1, sizeof(directory), 0,
3882 STR_TERMINATE, &status);
3883 if (!NT_STATUS_IS_OK(status)) {
3884 END_PROFILE(SMBmkdir);
3885 return ERROR_NT(status);
3888 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, directory);
3889 if (!NT_STATUS_IS_OK(status)) {
3890 END_PROFILE(SMBmkdir);
3891 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
3892 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
3894 return ERROR_NT(status);
3897 status = unix_convert(conn, directory, False, NULL, &sbuf);
3898 if (!NT_STATUS_IS_OK(status)) {
3899 END_PROFILE(SMBmkdir);
3900 return ERROR_NT(status);
3903 status = check_name(conn, directory);
3904 if (!NT_STATUS_IS_OK(status)) {
3905 END_PROFILE(SMBmkdir);
3906 return ERROR_NT(status);
3909 status = create_directory(conn, directory);
3911 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
3913 if (!NT_STATUS_IS_OK(status)) {
3915 if (!use_nt_status()
3916 && NT_STATUS_EQUAL(status,
3917 NT_STATUS_OBJECT_NAME_COLLISION)) {
3919 * Yes, in the DOS error code case we get a
3920 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
3921 * samba4 torture test.
3923 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
3926 END_PROFILE(SMBmkdir);
3927 return ERROR_NT(status);
3930 outsize = set_message(inbuf,outbuf,0,0,False);
3932 DEBUG( 3, ( "mkdir %s ret=%d\n", directory, outsize ) );
3934 END_PROFILE(SMBmkdir);
3938 /****************************************************************************
3939 Static function used by reply_rmdir to delete an entire directory
3940 tree recursively. Return True on ok, False on fail.
3941 ****************************************************************************/
3943 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
3945 const char *dname = NULL;
3948 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
3953 while((dname = ReadDirName(dir_hnd, &offset))) {
3957 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3960 if (!is_visible_file(conn, directory, dname, &st, False))
3963 /* Construct the full name. */
3964 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
3970 pstrcpy(fullname, directory);
3971 pstrcat(fullname, "/");
3972 pstrcat(fullname, dname);
3974 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
3979 if(st.st_mode & S_IFDIR) {
3980 if(!recursive_rmdir(conn, fullname)) {
3984 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
3988 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
3997 /****************************************************************************
3998 The internals of the rmdir code - called elsewhere.
3999 ****************************************************************************/
4001 NTSTATUS rmdir_internals(connection_struct *conn, const char *directory)
4006 /* Might be a symlink. */
4007 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4008 return map_nt_error_from_unix(errno);
4011 if (S_ISLNK(st.st_mode)) {
4012 /* Is what it points to a directory ? */
4013 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4014 return map_nt_error_from_unix(errno);
4016 if (!(S_ISDIR(st.st_mode))) {
4017 return NT_STATUS_NOT_A_DIRECTORY;
4019 ret = SMB_VFS_UNLINK(conn,directory);
4021 ret = SMB_VFS_RMDIR(conn,directory);
4024 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4025 FILE_NOTIFY_CHANGE_DIR_NAME,
4027 return NT_STATUS_OK;
4030 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4032 * Check to see if the only thing in this directory are
4033 * vetoed files/directories. If so then delete them and
4034 * retry. If we fail to delete any of them (and we *don't*
4035 * do a recursive delete) then fail the rmdir.
4039 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4041 if(dir_hnd == NULL) {
4046 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4047 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4049 if (!is_visible_file(conn, directory, dname, &st, False))
4051 if(!IS_VETO_PATH(conn, dname)) {
4058 /* We only have veto files/directories. Recursive delete. */
4060 RewindDir(dir_hnd,&dirpos);
4061 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4064 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4066 if (!is_visible_file(conn, directory, dname, &st, False))
4069 /* Construct the full name. */
4070 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4075 pstrcpy(fullname, directory);
4076 pstrcat(fullname, "/");
4077 pstrcat(fullname, dname);
4079 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
4081 if(st.st_mode & S_IFDIR) {
4082 if(lp_recursive_veto_delete(SNUM(conn))) {
4083 if(!recursive_rmdir(conn, fullname))
4086 if(SMB_VFS_RMDIR(conn,fullname) != 0)
4088 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
4092 /* Retry the rmdir */
4093 ret = SMB_VFS_RMDIR(conn,directory);
4099 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
4100 "%s\n", directory,strerror(errno)));
4101 return map_nt_error_from_unix(errno);
4104 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4105 FILE_NOTIFY_CHANGE_DIR_NAME,
4108 return NT_STATUS_OK;
4111 /****************************************************************************
4113 ****************************************************************************/
4115 int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4119 SMB_STRUCT_STAT sbuf;
4121 START_PROFILE(SMBrmdir);
4123 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), directory,
4124 smb_buf(inbuf) + 1, sizeof(directory), 0,
4125 STR_TERMINATE, &status);
4126 if (!NT_STATUS_IS_OK(status)) {
4127 END_PROFILE(SMBrmdir);
4128 return ERROR_NT(status);
4131 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, directory);
4132 if (!NT_STATUS_IS_OK(status)) {
4133 END_PROFILE(SMBrmdir);
4134 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4135 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
4137 return ERROR_NT(status);
4140 status = unix_convert(conn, directory, False, NULL, &sbuf);
4141 if (!NT_STATUS_IS_OK(status)) {
4142 END_PROFILE(SMBrmdir);
4143 return ERROR_NT(status);
4146 status = check_name(conn, directory);
4147 if (!NT_STATUS_IS_OK(status)) {
4148 END_PROFILE(SMBrmdir);
4149 return ERROR_NT(status);
4152 dptr_closepath(directory,SVAL(inbuf,smb_pid));
4153 status = rmdir_internals(conn, directory);
4154 if (!NT_STATUS_IS_OK(status)) {
4155 END_PROFILE(SMBrmdir);
4156 return ERROR_NT(status);
4159 outsize = set_message(inbuf,outbuf,0,0,False);
4161 DEBUG( 3, ( "rmdir %s\n", directory ) );
4163 END_PROFILE(SMBrmdir);
4167 /*******************************************************************
4168 Resolve wildcards in a filename rename.
4169 Note that name is in UNIX charset and thus potentially can be more
4170 than fstring buffer (255 bytes) especially in default UTF-8 case.
4171 Therefore, we use pstring inside and all calls should ensure that
4172 name2 is at least pstring-long (they do already)
4173 ********************************************************************/
4175 static BOOL resolve_wildcards(const char *name1, char *name2)
4177 pstring root1,root2;
4179 char *p,*p2, *pname1, *pname2;
4180 int available_space, actual_space;
4182 pname1 = strrchr_m(name1,'/');
4183 pname2 = strrchr_m(name2,'/');
4185 if (!pname1 || !pname2)
4188 pstrcpy(root1,pname1);
4189 pstrcpy(root2,pname2);
4190 p = strrchr_m(root1,'.');
4197 p = strrchr_m(root2,'.');
4211 } else if (*p2 == '*') {
4227 } else if (*p2 == '*') {
4237 available_space = sizeof(pstring) - PTR_DIFF(pname2, name2);
4240 actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
4241 if (actual_space >= available_space - 1) {
4242 DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n",
4243 actual_space - available_space));
4246 pstrcpy_base(pname2, root2, name2);
4252 /****************************************************************************
4253 Ensure open files have their names updated. Updated to notify other smbd's
4255 ****************************************************************************/
4257 static void rename_open_files(connection_struct *conn,
4258 struct share_mode_lock *lck,
4259 const char *newname)
4262 BOOL did_rename = False;
4264 for(fsp = file_find_di_first(lck->id); fsp;
4265 fsp = file_find_di_next(fsp)) {
4266 /* fsp_name is a relative path under the fsp. To change this for other
4267 sharepaths we need to manipulate relative paths. */
4268 /* TODO - create the absolute path and manipulate the newname
4269 relative to the sharepath. */
4270 if (fsp->conn != conn) {
4273 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
4274 fsp->fnum, file_id_static_string(&fsp->file_id),
4275 fsp->fsp_name, newname ));
4276 string_set(&fsp->fsp_name, newname);
4281 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
4282 file_id_static_string(&lck->id), newname ));
4285 /* Send messages to all smbd's (not ourself) that the name has changed. */
4286 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
4290 /****************************************************************************
4291 We need to check if the source path is a parent directory of the destination
4292 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
4293 refuse the rename with a sharing violation. Under UNIX the above call can
4294 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
4295 probably need to check that the client is a Windows one before disallowing
4296 this as a UNIX client (one with UNIX extensions) can know the source is a
4297 symlink and make this decision intelligently. Found by an excellent bug
4298 report from <AndyLiebman@aol.com>.
4299 ****************************************************************************/
4301 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
4303 const char *psrc = src;
4304 const char *pdst = dest;
4307 if (psrc[0] == '.' && psrc[1] == '/') {
4310 if (pdst[0] == '.' && pdst[1] == '/') {
4313 if ((slen = strlen(psrc)) > strlen(pdst)) {
4316 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
4320 * Do the notify calls from a rename
4323 static void notify_rename(connection_struct *conn, BOOL is_dir,
4324 const char *oldpath, const char *newpath)
4326 char *olddir, *newdir;
4327 const char *oldname, *newname;
4330 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
4331 : FILE_NOTIFY_CHANGE_FILE_NAME;
4333 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
4334 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
4335 TALLOC_FREE(olddir);
4339 if (strcmp(olddir, newdir) == 0) {
4340 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
4341 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
4344 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
4345 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
4347 TALLOC_FREE(olddir);
4348 TALLOC_FREE(newdir);
4350 /* this is a strange one. w2k3 gives an additional event for
4351 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
4352 files, but not directories */
4354 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
4355 FILE_NOTIFY_CHANGE_ATTRIBUTES
4356 |FILE_NOTIFY_CHANGE_CREATION,
4361 /****************************************************************************
4362 Rename an open file - given an fsp.
4363 ****************************************************************************/
4365 NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, pstring newname, uint32 attrs, BOOL replace_if_exists)
4367 SMB_STRUCT_STAT sbuf, sbuf1;
4368 pstring newname_last_component;
4369 NTSTATUS status = NT_STATUS_OK;
4370 struct share_mode_lock *lck = NULL;
4375 status = unix_convert(conn, newname, False, newname_last_component, &sbuf);
4377 /* If an error we expect this to be NT_STATUS_OBJECT_PATH_NOT_FOUND */
4379 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(NT_STATUS_OBJECT_PATH_NOT_FOUND, status)) {
4383 status = check_name(conn, newname);
4384 if (!NT_STATUS_IS_OK(status)) {
4388 /* Ensure newname contains a '/' */
4389 if(strrchr_m(newname,'/') == 0) {
4392 pstrcpy(tmpstr, "./");
4393 pstrcat(tmpstr, newname);
4394 pstrcpy(newname, tmpstr);
4398 * Check for special case with case preserving and not
4399 * case sensitive. If the old last component differs from the original
4400 * last component only by case, then we should allow
4401 * the rename (user is trying to change the case of the
4405 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
4406 strequal(newname, fsp->fsp_name)) {
4408 pstring newname_modified_last_component;
4411 * Get the last component of the modified name.
4412 * Note that we guarantee that newname contains a '/'
4415 p = strrchr_m(newname,'/');
4416 pstrcpy(newname_modified_last_component,p+1);
4418 if(strcsequal(newname_modified_last_component,
4419 newname_last_component) == False) {
4421 * Replace the modified last component with
4424 pstrcpy(p+1, newname_last_component);
4429 * If the src and dest names are identical - including case,
4430 * don't do the rename, just return success.
4433 if (strcsequal(fsp->fsp_name, newname)) {
4434 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
4436 return NT_STATUS_OK;
4440 * Have vfs_object_exist also fill sbuf1
4442 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
4444 if(!replace_if_exists && dst_exists) {
4445 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
4446 fsp->fsp_name,newname));
4447 return NT_STATUS_OBJECT_NAME_COLLISION;
4451 files_struct *dst_fsp = file_find_di_first(file_id_sbuf(&sbuf1));
4453 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
4454 return NT_STATUS_ACCESS_DENIED;
4458 /* Ensure we have a valid stat struct for the source. */
4459 if (fsp->fh->fd != -1) {
4460 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) == -1) {
4461 return map_nt_error_from_unix(errno);
4464 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
4465 return map_nt_error_from_unix(errno);
4469 status = can_rename(conn, fsp, attrs, &sbuf);
4471 if (!NT_STATUS_IS_OK(status)) {
4472 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
4473 nt_errstr(status), fsp->fsp_name,newname));
4474 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
4475 status = NT_STATUS_ACCESS_DENIED;
4479 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
4480 return NT_STATUS_ACCESS_DENIED;
4483 lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
4486 * We have the file open ourselves, so not being able to get the
4487 * corresponding share mode lock is a fatal error.
4490 SMB_ASSERT(lck != NULL);
4492 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
4493 uint32 create_options = fsp->fh->private_options;
4495 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
4496 fsp->fsp_name,newname));
4498 rename_open_files(conn, lck, newname);
4500 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
4503 * A rename acts as a new file create w.r.t. allowing an initial delete
4504 * on close, probably because in Windows there is a new handle to the
4505 * new file. If initial delete on close was requested but not
4506 * originally set, we need to set it here. This is probably not 100% correct,
4507 * but will work for the CIFSFS client which in non-posix mode
4508 * depends on these semantics. JRA.
4511 set_allow_initial_delete_on_close(lck, fsp, True);
4513 if (create_options & FILE_DELETE_ON_CLOSE) {
4514 status = can_set_delete_on_close(fsp, True, 0);
4516 if (NT_STATUS_IS_OK(status)) {
4517 /* Note that here we set the *inital* delete on close flag,
4518 * not the regular one. The magic gets handled in close. */
4519 fsp->initial_delete_on_close = True;
4523 return NT_STATUS_OK;
4528 if (errno == ENOTDIR || errno == EISDIR) {
4529 status = NT_STATUS_OBJECT_NAME_COLLISION;
4531 status = map_nt_error_from_unix(errno);
4534 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
4535 nt_errstr(status), fsp->fsp_name,newname));
4540 /****************************************************************************
4541 The guts of the rename command, split out so it may be called by the NT SMB
4543 ****************************************************************************/
4545 NTSTATUS rename_internals(connection_struct *conn, struct smb_request *req,
4549 BOOL replace_if_exists,
4555 pstring last_component_src;
4556 pstring last_component_dest;
4559 NTSTATUS status = NT_STATUS_OK;
4560 SMB_STRUCT_STAT sbuf1, sbuf2;
4561 struct smb_Dir *dir_hnd = NULL;
4566 *directory = *mask = 0;
4571 status = unix_convert(conn, name, src_has_wild, last_component_src, &sbuf1);
4572 if (!NT_STATUS_IS_OK(status)) {
4576 status = unix_convert(conn, newname, dest_has_wild, last_component_dest, &sbuf2);
4577 if (!NT_STATUS_IS_OK(status)) {
4582 * Split the old name into directory and last component
4583 * strings. Note that unix_convert may have stripped off a
4584 * leading ./ from both name and newname if the rename is
4585 * at the root of the share. We need to make sure either both
4586 * name and newname contain a / character or neither of them do
4587 * as this is checked in resolve_wildcards().
4590 p = strrchr_m(name,'/');
4592 pstrcpy(directory,".");
4596 pstrcpy(directory,name);
4598 *p = '/'; /* Replace needed for exceptional test below. */
4602 * We should only check the mangled cache
4603 * here if unix_convert failed. This means
4604 * that the path in 'mask' doesn't exist
4605 * on the file system and so we need to look
4606 * for a possible mangle. This patch from
4607 * Tine Smukavec <valentin.smukavec@hermes.si>.
4610 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
4611 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
4614 if (!src_has_wild) {
4618 * No wildcards - just process the one file.
4620 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
4622 /* Add a terminating '/' to the directory name. */
4623 pstrcat(directory,"/");
4624 pstrcat(directory,mask);
4626 /* Ensure newname contains a '/' also */
4627 if(strrchr_m(newname,'/') == 0) {
4630 pstrcpy(tmpstr, "./");
4631 pstrcat(tmpstr, newname);
4632 pstrcpy(newname, tmpstr);
4635 DEBUG(3, ("rename_internals: case_sensitive = %d, "
4636 "case_preserve = %d, short case preserve = %d, "
4637 "directory = %s, newname = %s, "
4638 "last_component_dest = %s, is_8_3 = %d\n",
4639 conn->case_sensitive, conn->case_preserve,
4640 conn->short_case_preserve, directory,
4641 newname, last_component_dest, is_short_name));
4643 /* The dest name still may have wildcards. */
4644 if (dest_has_wild) {
4645 if (!resolve_wildcards(directory,newname)) {
4646 DEBUG(6, ("rename_internals: resolve_wildcards %s %s failed\n",
4647 directory,newname));
4648 return NT_STATUS_NO_MEMORY;
4653 SMB_VFS_STAT(conn, directory, &sbuf1);
4655 status = S_ISDIR(sbuf1.st_mode) ?
4656 open_directory(conn, req, directory, &sbuf1,
4658 FILE_SHARE_READ|FILE_SHARE_WRITE,
4659 FILE_OPEN, 0, 0, NULL,
4661 : open_file_ntcreate(conn, req, directory, &sbuf1,
4663 FILE_SHARE_READ|FILE_SHARE_WRITE,
4664 FILE_OPEN, 0, 0, 0, NULL,
4667 if (!NT_STATUS_IS_OK(status)) {
4668 DEBUG(3, ("Could not open rename source %s: %s\n",
4669 directory, nt_errstr(status)));
4673 status = rename_internals_fsp(conn, fsp, newname, attrs,
4676 close_file(fsp, NORMAL_CLOSE);
4678 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
4679 nt_errstr(status), directory,newname));
4685 * Wildcards - process each file that matches.
4687 if (strequal(mask,"????????.???")) {
4691 status = check_name(conn, directory);
4692 if (!NT_STATUS_IS_OK(status)) {
4696 dir_hnd = OpenDir(conn, directory, mask, attrs);
4697 if (dir_hnd == NULL) {
4698 return map_nt_error_from_unix(errno);
4701 status = NT_STATUS_NO_SUCH_FILE;
4703 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
4704 * - gentest fix. JRA
4707 while ((dname = ReadDirName(dir_hnd, &offset))) {
4710 BOOL sysdir_entry = False;
4712 pstrcpy(fname,dname);
4714 /* Quick check for "." and ".." */
4715 if (fname[0] == '.') {
4716 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
4718 sysdir_entry = True;
4725 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
4729 if(!mask_match(fname, mask, conn->case_sensitive)) {
4734 status = NT_STATUS_OBJECT_NAME_INVALID;
4738 slprintf(fname, sizeof(fname)-1, "%s/%s", directory, dname);
4740 pstrcpy(destname,newname);
4742 if (!resolve_wildcards(fname,destname)) {
4743 DEBUG(6, ("resolve_wildcards %s %s failed\n",
4749 SMB_VFS_STAT(conn, fname, &sbuf1);
4751 status = S_ISDIR(sbuf1.st_mode) ?
4752 open_directory(conn, req, fname, &sbuf1,
4754 FILE_SHARE_READ|FILE_SHARE_WRITE,
4755 FILE_OPEN, 0, 0, NULL,
4757 : open_file_ntcreate(conn, req, fname, &sbuf1,
4759 FILE_SHARE_READ|FILE_SHARE_WRITE,
4760 FILE_OPEN, 0, 0, 0, NULL,
4763 if (!NT_STATUS_IS_OK(status)) {
4764 DEBUG(3,("rename_internals: open_file_ntcreate "
4765 "returned %s rename %s -> %s\n",
4766 nt_errstr(status), directory, newname));
4770 status = rename_internals_fsp(conn, fsp, destname, attrs,
4773 close_file(fsp, NORMAL_CLOSE);
4775 if (!NT_STATUS_IS_OK(status)) {
4776 DEBUG(3, ("rename_internals_fsp returned %s for "
4777 "rename %s -> %s\n", nt_errstr(status),
4778 directory, newname));
4784 DEBUG(3,("rename_internals: doing rename on %s -> "
4785 "%s\n",fname,destname));
4789 if (count == 0 && NT_STATUS_IS_OK(status)) {
4790 status = map_nt_error_from_unix(errno);
4796 /****************************************************************************
4798 ****************************************************************************/
4800 int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
4807 uint32 attrs = SVAL(inbuf,smb_vwv0);
4809 BOOL src_has_wcard = False;
4810 BOOL dest_has_wcard = False;
4811 struct smb_request req;
4813 START_PROFILE(SMBmv);
4815 init_smb_request(&req, (uint8 *)inbuf);
4817 p = smb_buf(inbuf) + 1;
4818 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), name, p,
4819 sizeof(name), 0, STR_TERMINATE, &status,
4821 if (!NT_STATUS_IS_OK(status)) {
4823 return ERROR_NT(status);
4826 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), newname, p,
4827 sizeof(newname), 0, STR_TERMINATE, &status,
4829 if (!NT_STATUS_IS_OK(status)) {
4831 return ERROR_NT(status);
4834 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, name, &src_has_wcard);
4835 if (!NT_STATUS_IS_OK(status)) {
4837 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4838 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
4840 return ERROR_NT(status);
4843 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, newname, &dest_has_wcard);
4844 if (!NT_STATUS_IS_OK(status)) {
4846 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4847 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
4849 return ERROR_NT(status);
4852 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
4854 status = rename_internals(conn, &req, name, newname, attrs, False,
4855 src_has_wcard, dest_has_wcard);
4856 if (!NT_STATUS_IS_OK(status)) {
4858 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
4859 /* We have re-scheduled this call. */
4862 return ERROR_NT(status);
4865 outsize = set_message(inbuf,outbuf,0,0,False);
4871 /*******************************************************************
4872 Copy a file as part of a reply_copy.
4873 ******************************************************************/
4876 * TODO: check error codes on all callers
4879 NTSTATUS copy_file(connection_struct *conn,
4884 BOOL target_is_directory)
4886 SMB_STRUCT_STAT src_sbuf, sbuf2;
4888 files_struct *fsp1,*fsp2;
4891 uint32 new_create_disposition;
4894 pstrcpy(dest,dest1);
4895 if (target_is_directory) {
4896 char *p = strrchr_m(src,'/');
4906 if (!vfs_file_exist(conn,src,&src_sbuf)) {
4907 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4910 if (!target_is_directory && count) {
4911 new_create_disposition = FILE_OPEN;
4913 if (!map_open_params_to_ntcreate(dest1,0,ofun,
4914 NULL, NULL, &new_create_disposition, NULL)) {
4915 return NT_STATUS_INVALID_PARAMETER;
4919 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
4921 FILE_SHARE_READ|FILE_SHARE_WRITE,
4924 FILE_ATTRIBUTE_NORMAL,
4928 if (!NT_STATUS_IS_OK(status)) {
4932 dosattrs = dos_mode(conn, src, &src_sbuf);
4933 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
4934 ZERO_STRUCTP(&sbuf2);
4937 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
4939 FILE_SHARE_READ|FILE_SHARE_WRITE,
4940 new_create_disposition,
4946 if (!NT_STATUS_IS_OK(status)) {
4947 close_file(fsp1,ERROR_CLOSE);
4951 if ((ofun&3) == 1) {
4952 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
4953 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
4955 * Stop the copy from occurring.
4958 src_sbuf.st_size = 0;
4962 if (src_sbuf.st_size) {
4963 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
4966 close_file(fsp1,NORMAL_CLOSE);
4968 /* Ensure the modtime is set correctly on the destination file. */
4969 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
4972 * As we are opening fsp1 read-only we only expect
4973 * an error on close on fsp2 if we are out of space.
4974 * Thus we don't look at the error return from the
4977 status = close_file(fsp2,NORMAL_CLOSE);
4979 if (!NT_STATUS_IS_OK(status)) {
4983 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
4984 return NT_STATUS_DISK_FULL;
4987 return NT_STATUS_OK;
4990 /****************************************************************************
4991 Reply to a file copy.
4992 ****************************************************************************/
4994 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4999 pstring mask,newname;
5002 int error = ERRnoaccess;
5004 int tid2 = SVAL(inbuf,smb_vwv0);
5005 int ofun = SVAL(inbuf,smb_vwv1);
5006 int flags = SVAL(inbuf,smb_vwv2);
5007 BOOL target_is_directory=False;
5008 BOOL source_has_wild = False;
5009 BOOL dest_has_wild = False;
5010 SMB_STRUCT_STAT sbuf1, sbuf2;
5012 START_PROFILE(SMBcopy);
5014 *directory = *mask = 0;
5017 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), name, p,
5018 sizeof(name), 0, STR_TERMINATE, &status,
5020 if (!NT_STATUS_IS_OK(status)) {
5021 END_PROFILE(SMBcopy);
5022 return ERROR_NT(status);
5024 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), newname, p,
5025 sizeof(newname), 0, STR_TERMINATE, &status,
5027 if (!NT_STATUS_IS_OK(status)) {
5028 END_PROFILE(SMBcopy);
5029 return ERROR_NT(status);
5032 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
5034 if (tid2 != conn->cnum) {
5035 /* can't currently handle inter share copies XXXX */
5036 DEBUG(3,("Rejecting inter-share copy\n"));
5037 END_PROFILE(SMBcopy);
5038 return ERROR_DOS(ERRSRV,ERRinvdevice);
5041 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, name, &source_has_wild);
5042 if (!NT_STATUS_IS_OK(status)) {
5043 END_PROFILE(SMBcopy);
5044 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5045 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5047 return ERROR_NT(status);
5050 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, newname, &dest_has_wild);
5051 if (!NT_STATUS_IS_OK(status)) {
5052 END_PROFILE(SMBcopy);
5053 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5054 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5056 return ERROR_NT(status);
5059 status = unix_convert(conn, name, source_has_wild, NULL, &sbuf1);
5060 if (!NT_STATUS_IS_OK(status)) {
5061 END_PROFILE(SMBcopy);
5062 return ERROR_NT(status);
5065 status = unix_convert(conn, newname, dest_has_wild, NULL, &sbuf2);
5066 if (!NT_STATUS_IS_OK(status)) {
5067 END_PROFILE(SMBcopy);
5068 return ERROR_NT(status);
5071 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
5073 if ((flags&1) && target_is_directory) {
5074 END_PROFILE(SMBcopy);
5075 return ERROR_DOS(ERRDOS,ERRbadfile);
5078 if ((flags&2) && !target_is_directory) {
5079 END_PROFILE(SMBcopy);
5080 return ERROR_DOS(ERRDOS,ERRbadpath);
5083 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
5084 /* wants a tree copy! XXXX */
5085 DEBUG(3,("Rejecting tree copy\n"));
5086 END_PROFILE(SMBcopy);
5087 return ERROR_DOS(ERRSRV,ERRerror);
5090 p = strrchr_m(name,'/');
5092 pstrcpy(directory,"./");
5096 pstrcpy(directory,name);
5101 * We should only check the mangled cache
5102 * here if unix_convert failed. This means
5103 * that the path in 'mask' doesn't exist
5104 * on the file system and so we need to look
5105 * for a possible mangle. This patch from
5106 * Tine Smukavec <valentin.smukavec@hermes.si>.
5109 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5110 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
5113 if (!source_has_wild) {
5114 pstrcat(directory,"/");
5115 pstrcat(directory,mask);
5116 if (dest_has_wild) {
5117 if (!resolve_wildcards(directory,newname)) {
5118 END_PROFILE(SMBcopy);
5119 return ERROR_NT(NT_STATUS_NO_MEMORY);
5123 status = check_name(conn, directory);
5124 if (!NT_STATUS_IS_OK(status)) {
5125 return ERROR_NT(status);
5128 status = check_name(conn, newname);
5129 if (!NT_STATUS_IS_OK(status)) {
5130 return ERROR_NT(status);
5133 status = copy_file(conn,directory,newname,ofun,
5134 count,target_is_directory);
5136 if(!NT_STATUS_IS_OK(status)) {
5137 END_PROFILE(SMBcopy);
5138 return ERROR_NT(status);
5143 struct smb_Dir *dir_hnd = NULL;
5148 if (strequal(mask,"????????.???"))
5151 status = check_name(conn, directory);
5152 if (!NT_STATUS_IS_OK(status)) {
5153 return ERROR_NT(status);
5156 dir_hnd = OpenDir(conn, directory, mask, 0);
5157 if (dir_hnd == NULL) {
5158 status = map_nt_error_from_unix(errno);
5159 return ERROR_NT(status);
5164 while ((dname = ReadDirName(dir_hnd, &offset))) {
5166 pstrcpy(fname,dname);
5168 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5172 if(!mask_match(fname, mask, conn->case_sensitive)) {
5176 error = ERRnoaccess;
5177 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
5178 pstrcpy(destname,newname);
5179 if (!resolve_wildcards(fname,destname)) {
5183 status = check_name(conn, fname);
5184 if (!NT_STATUS_IS_OK(status)) {
5185 return ERROR_NT(status);
5188 status = check_name(conn, destname);
5189 if (!NT_STATUS_IS_OK(status)) {
5190 return ERROR_NT(status);
5193 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
5195 status = copy_file(conn,fname,destname,ofun,
5196 count,target_is_directory);
5197 if (NT_STATUS_IS_OK(status)) {
5206 /* Error on close... */
5208 END_PROFILE(SMBcopy);
5209 return(UNIXERROR(ERRHRD,ERRgeneral));
5212 END_PROFILE(SMBcopy);
5213 return ERROR_DOS(ERRDOS,error);
5216 outsize = set_message(inbuf,outbuf,1,0,True);
5217 SSVAL(outbuf,smb_vwv0,count);
5219 END_PROFILE(SMBcopy);
5223 /****************************************************************************
5225 ****************************************************************************/
5227 int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5234 START_PROFILE(pathworks_setdir);
5237 if (!CAN_SETDIR(snum)) {
5238 END_PROFILE(pathworks_setdir);
5239 return ERROR_DOS(ERRDOS,ERRnoaccess);
5242 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), newdir,
5243 smb_buf(inbuf) + 1, sizeof(newdir), 0, STR_TERMINATE,
5245 if (!NT_STATUS_IS_OK(status)) {
5246 END_PROFILE(pathworks_setdir);
5247 return ERROR_NT(status);
5250 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, newdir);
5251 if (!NT_STATUS_IS_OK(status)) {
5252 END_PROFILE(pathworks_setdir);
5253 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5254 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5256 return ERROR_NT(status);
5259 if (strlen(newdir) != 0) {
5260 if (!vfs_directory_exist(conn,newdir,NULL)) {
5261 END_PROFILE(pathworks_setdir);
5262 return ERROR_DOS(ERRDOS,ERRbadpath);
5264 set_conn_connectpath(conn,newdir);
5267 outsize = set_message(inbuf,outbuf,0,0,False);
5268 SCVAL(outbuf,smb_reh,CVAL(inbuf,smb_reh));
5270 DEBUG(3,("setdir %s\n", newdir));
5272 END_PROFILE(pathworks_setdir);
5277 #define DBGC_CLASS DBGC_LOCKING
5279 /****************************************************************************
5280 Get a lock pid, dealing with large count requests.
5281 ****************************************************************************/
5283 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
5285 if(!large_file_format)
5286 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
5288 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
5291 /****************************************************************************
5292 Get a lock count, dealing with large count requests.
5293 ****************************************************************************/
5295 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
5297 SMB_BIG_UINT count = 0;
5299 if(!large_file_format) {
5300 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
5303 #if defined(HAVE_LONGLONG)
5304 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
5305 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
5306 #else /* HAVE_LONGLONG */
5309 * NT4.x seems to be broken in that it sends large file (64 bit)
5310 * lockingX calls even if the CAP_LARGE_FILES was *not*
5311 * negotiated. For boxes without large unsigned ints truncate the
5312 * lock count by dropping the top 32 bits.
5315 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
5316 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
5317 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
5318 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
5319 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
5322 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
5323 #endif /* HAVE_LONGLONG */
5329 #if !defined(HAVE_LONGLONG)
5330 /****************************************************************************
5331 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
5332 ****************************************************************************/
5334 static uint32 map_lock_offset(uint32 high, uint32 low)
5338 uint32 highcopy = high;
5341 * Try and find out how many significant bits there are in high.
5344 for(i = 0; highcopy; i++)
5348 * We use 31 bits not 32 here as POSIX
5349 * lock offsets may not be negative.
5352 mask = (~0) << (31 - i);
5355 return 0; /* Fail. */
5361 #endif /* !defined(HAVE_LONGLONG) */
5363 /****************************************************************************
5364 Get a lock offset, dealing with large offset requests.
5365 ****************************************************************************/
5367 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
5369 SMB_BIG_UINT offset = 0;
5373 if(!large_file_format) {
5374 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
5377 #if defined(HAVE_LONGLONG)
5378 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
5379 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
5380 #else /* HAVE_LONGLONG */
5383 * NT4.x seems to be broken in that it sends large file (64 bit)
5384 * lockingX calls even if the CAP_LARGE_FILES was *not*
5385 * negotiated. For boxes without large unsigned ints mangle the
5386 * lock offset by mapping the top 32 bits onto the lower 32.
5389 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
5390 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5391 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
5394 if((new_low = map_lock_offset(high, low)) == 0) {
5396 return (SMB_BIG_UINT)-1;
5399 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
5400 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
5401 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
5402 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
5405 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5406 #endif /* HAVE_LONGLONG */
5412 /****************************************************************************
5413 Reply to a lockingX request.
5414 ****************************************************************************/
5416 int reply_lockingX(connection_struct *conn, char *inbuf, char *outbuf,
5417 int length, int bufsize)
5419 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
5420 unsigned char locktype = CVAL(inbuf,smb_vwv3);
5421 unsigned char oplocklevel = CVAL(inbuf,smb_vwv3+1);
5422 uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
5423 uint16 num_locks = SVAL(inbuf,smb_vwv7);
5424 SMB_BIG_UINT count = 0, offset = 0;
5426 int32 lock_timeout = IVAL(inbuf,smb_vwv4);
5429 BOOL large_file_format =
5430 (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
5432 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5434 START_PROFILE(SMBlockingX);
5436 CHECK_FSP(fsp,conn);
5438 data = smb_buf(inbuf);
5440 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
5441 /* we don't support these - and CANCEL_LOCK makes w2k
5442 and XP reboot so I don't really want to be
5443 compatible! (tridge) */
5444 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
5447 /* Check if this is an oplock break on a file
5448 we have granted an oplock on.
5450 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
5451 /* Client can insist on breaking to none. */
5452 BOOL break_to_none = (oplocklevel == 0);
5455 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
5456 "for fnum = %d\n", (unsigned int)oplocklevel,
5460 * Make sure we have granted an exclusive or batch oplock on
5464 if (fsp->oplock_type == 0) {
5466 /* The Samba4 nbench simulator doesn't understand
5467 the difference between break to level2 and break
5468 to none from level2 - it sends oplock break
5469 replies in both cases. Don't keep logging an error
5470 message here - just ignore it. JRA. */
5472 DEBUG(5,("reply_lockingX: Error : oplock break from "
5473 "client for fnum = %d (oplock=%d) and no "
5474 "oplock granted on this file (%s).\n",
5475 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
5477 /* if this is a pure oplock break request then don't
5479 if (num_locks == 0 && num_ulocks == 0) {
5480 END_PROFILE(SMBlockingX);
5483 END_PROFILE(SMBlockingX);
5484 return ERROR_DOS(ERRDOS,ERRlock);
5488 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
5490 result = remove_oplock(fsp);
5492 result = downgrade_oplock(fsp);
5496 DEBUG(0, ("reply_lockingX: error in removing "
5497 "oplock on file %s\n", fsp->fsp_name));
5498 /* Hmmm. Is this panic justified? */
5499 smb_panic("internal tdb error");
5502 reply_to_oplock_break_requests(fsp);
5504 /* if this is a pure oplock break request then don't send a
5506 if (num_locks == 0 && num_ulocks == 0) {
5507 /* Sanity check - ensure a pure oplock break is not a
5509 if(CVAL(inbuf,smb_vwv0) != 0xff)
5510 DEBUG(0,("reply_lockingX: Error : pure oplock "
5511 "break is a chained %d request !\n",
5512 (unsigned int)CVAL(inbuf,smb_vwv0) ));
5513 END_PROFILE(SMBlockingX);
5519 * We do this check *after* we have checked this is not a oplock break
5520 * response message. JRA.
5523 release_level_2_oplocks_on_change(fsp);
5525 /* Data now points at the beginning of the list
5526 of smb_unlkrng structs */
5527 for(i = 0; i < (int)num_ulocks; i++) {
5528 lock_pid = get_lock_pid( data, i, large_file_format);
5529 count = get_lock_count( data, i, large_file_format);
5530 offset = get_lock_offset( data, i, large_file_format, &err);
5533 * There is no error code marked "stupid client bug".... :-).
5536 END_PROFILE(SMBlockingX);
5537 return ERROR_DOS(ERRDOS,ERRnoaccess);
5540 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
5541 "pid %u, file %s\n", (double)offset, (double)count,
5542 (unsigned int)lock_pid, fsp->fsp_name ));
5544 status = do_unlock(smbd_messaging_context(),
5551 if (NT_STATUS_V(status)) {
5552 END_PROFILE(SMBlockingX);
5553 return ERROR_NT(status);
5557 /* Setup the timeout in seconds. */
5559 if (!lp_blocking_locks(SNUM(conn))) {
5563 /* Now do any requested locks */
5564 data += ((large_file_format ? 20 : 10)*num_ulocks);
5566 /* Data now points at the beginning of the list
5567 of smb_lkrng structs */
5569 for(i = 0; i < (int)num_locks; i++) {
5570 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
5571 READ_LOCK:WRITE_LOCK);
5572 lock_pid = get_lock_pid( data, i, large_file_format);
5573 count = get_lock_count( data, i, large_file_format);
5574 offset = get_lock_offset( data, i, large_file_format, &err);
5577 * There is no error code marked "stupid client bug".... :-).
5580 END_PROFILE(SMBlockingX);
5581 return ERROR_DOS(ERRDOS,ERRnoaccess);
5584 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
5585 "%u, file %s timeout = %d\n", (double)offset,
5586 (double)count, (unsigned int)lock_pid,
5587 fsp->fsp_name, (int)lock_timeout ));
5589 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
5590 if (lp_blocking_locks(SNUM(conn))) {
5592 /* Schedule a message to ourselves to
5593 remove the blocking lock record and
5594 return the right error. */
5596 if (!blocking_lock_cancel(fsp,
5602 NT_STATUS_FILE_LOCK_CONFLICT)) {
5603 END_PROFILE(SMBlockingX);
5604 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRcancelviolation));
5607 /* Remove a matching pending lock. */
5608 status = do_lock_cancel(fsp,
5614 BOOL blocking_lock = lock_timeout ? True : False;
5615 BOOL defer_lock = False;
5616 struct byte_range_lock *br_lck;
5617 uint32 block_smbpid;
5619 br_lck = do_lock(smbd_messaging_context(),
5630 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
5631 /* Windows internal resolution for blocking locks seems
5632 to be about 200ms... Don't wait for less than that. JRA. */
5633 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
5634 lock_timeout = lp_lock_spin_time();
5639 /* This heuristic seems to match W2K3 very well. If a
5640 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
5641 it pretends we asked for a timeout of between 150 - 300 milliseconds as
5642 far as I can tell. Replacement for do_lock_spin(). JRA. */
5644 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
5645 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
5647 lock_timeout = lp_lock_spin_time();
5650 if (br_lck && defer_lock) {
5652 * A blocking lock was requested. Package up
5653 * this smb into a queued request and push it
5654 * onto the blocking lock queue.
5656 if(push_blocking_lock_request(br_lck,
5667 TALLOC_FREE(br_lck);
5668 END_PROFILE(SMBlockingX);
5673 TALLOC_FREE(br_lck);
5676 if (NT_STATUS_V(status)) {
5677 END_PROFILE(SMBlockingX);
5678 return ERROR_NT(status);
5682 /* If any of the above locks failed, then we must unlock
5683 all of the previous locks (X/Open spec). */
5685 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
5689 * Ensure we don't do a remove on the lock that just failed,
5690 * as under POSIX rules, if we have a lock already there, we
5691 * will delete it (and we shouldn't) .....
5693 for(i--; i >= 0; i--) {
5694 lock_pid = get_lock_pid( data, i, large_file_format);
5695 count = get_lock_count( data, i, large_file_format);
5696 offset = get_lock_offset( data, i, large_file_format,
5700 * There is no error code marked "stupid client
5704 END_PROFILE(SMBlockingX);
5705 return ERROR_DOS(ERRDOS,ERRnoaccess);
5708 do_unlock(smbd_messaging_context(),
5715 END_PROFILE(SMBlockingX);
5716 return ERROR_NT(status);
5719 set_message(inbuf,outbuf,2,0,True);
5721 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
5722 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
5724 END_PROFILE(SMBlockingX);
5725 return chain_reply(inbuf,outbuf,length,bufsize);
5729 #define DBGC_CLASS DBGC_ALL
5731 /****************************************************************************
5732 Reply to a SMBreadbmpx (read block multiplex) request.
5733 ****************************************************************************/
5735 int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
5746 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5747 START_PROFILE(SMBreadBmpx);
5749 /* this function doesn't seem to work - disable by default */
5750 if (!lp_readbmpx()) {
5751 END_PROFILE(SMBreadBmpx);
5752 return ERROR_DOS(ERRSRV,ERRuseSTD);
5755 outsize = set_message(inbuf,outbuf,8,0,True);
5757 CHECK_FSP(fsp,conn);
5758 if (!CHECK_READ(fsp,inbuf)) {
5759 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5762 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
5763 maxcount = SVAL(inbuf,smb_vwv3);
5765 data = smb_buf(outbuf);
5766 pad = ((long)data)%4;
5771 max_per_packet = bufsize-(outsize+pad);
5775 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
5776 END_PROFILE(SMBreadBmpx);
5777 return ERROR_DOS(ERRDOS,ERRlock);
5781 size_t N = MIN(max_per_packet,tcount-total_read);
5783 nread = read_file(fsp,data,startpos,N);
5788 if (nread < (ssize_t)N)
5789 tcount = total_read + nread;
5791 set_message(inbuf,outbuf,8,nread+pad,False);
5792 SIVAL(outbuf,smb_vwv0,startpos);
5793 SSVAL(outbuf,smb_vwv2,tcount);
5794 SSVAL(outbuf,smb_vwv6,nread);
5795 SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
5798 if (!send_smb(smbd_server_fd(),outbuf))
5799 exit_server_cleanly("reply_readbmpx: send_smb failed.");
5801 total_read += nread;
5803 } while (total_read < (ssize_t)tcount);
5805 END_PROFILE(SMBreadBmpx);
5809 /****************************************************************************
5810 Reply to a SMBsetattrE.
5811 ****************************************************************************/
5813 int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5815 struct timespec ts[2];
5817 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5818 START_PROFILE(SMBsetattrE);
5820 outsize = set_message(inbuf,outbuf,0,0,False);
5822 if(!fsp || (fsp->conn != conn)) {
5823 END_PROFILE(SMBsetattrE);
5824 return ERROR_DOS(ERRDOS,ERRbadfid);
5828 * Convert the DOS times into unix times. Ignore create
5829 * time as UNIX can't set this.
5832 ts[0] = convert_time_t_to_timespec(srv_make_unix_date2(inbuf+smb_vwv3)); /* atime. */
5833 ts[1] = convert_time_t_to_timespec(srv_make_unix_date2(inbuf+smb_vwv5)); /* mtime. */
5836 * Patch from Ray Frush <frush@engr.colostate.edu>
5837 * Sometimes times are sent as zero - ignore them.
5840 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
5841 /* Ignore request */
5842 if( DEBUGLVL( 3 ) ) {
5843 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
5844 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
5846 END_PROFILE(SMBsetattrE);
5848 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
5849 /* set modify time = to access time if modify time was unset */
5853 /* Set the date on this file */
5854 /* Should we set pending modtime here ? JRA */
5855 if(file_ntimes(conn, fsp->fsp_name, ts)) {
5856 END_PROFILE(SMBsetattrE);
5857 return ERROR_DOS(ERRDOS,ERRnoaccess);
5860 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
5862 (unsigned int)ts[0].tv_sec,
5863 (unsigned int)ts[1].tv_sec));
5865 END_PROFILE(SMBsetattrE);
5870 /* Back from the dead for OS/2..... JRA. */
5872 /****************************************************************************
5873 Reply to a SMBwritebmpx (write block multiplex primary) request.
5874 ****************************************************************************/
5876 int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5879 ssize_t nwritten = -1;
5886 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5888 START_PROFILE(SMBwriteBmpx);
5890 CHECK_FSP(fsp,conn);
5891 if (!CHECK_WRITE(fsp)) {
5892 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5894 if (HAS_CACHED_ERROR(fsp)) {
5895 return(CACHED_ERROR(fsp));
5898 tcount = SVAL(inbuf,smb_vwv1);
5899 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
5900 write_through = BITSETW(inbuf+smb_vwv7,0);
5901 numtowrite = SVAL(inbuf,smb_vwv10);
5902 smb_doff = SVAL(inbuf,smb_vwv11);
5904 data = smb_base(inbuf) + smb_doff;
5906 /* If this fails we need to send an SMBwriteC response,
5907 not an SMBwritebmpx - set this up now so we don't forget */
5908 SCVAL(outbuf,smb_com,SMBwritec);
5910 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK)) {
5911 END_PROFILE(SMBwriteBmpx);
5912 return(ERROR_DOS(ERRDOS,ERRlock));
5915 nwritten = write_file(fsp,data,startpos,numtowrite);
5917 status = sync_file(conn, fsp, write_through);
5918 if (!NT_STATUS_IS_OK(status)) {
5919 END_PROFILE(SMBwriteBmpx);
5920 DEBUG(5,("reply_writebmpx: sync_file for %s returned %s\n",
5921 fsp->fsp_name, nt_errstr(status) ));
5922 return ERROR_NT(status);
5925 if(nwritten < (ssize_t)numtowrite) {
5926 END_PROFILE(SMBwriteBmpx);
5927 return(UNIXERROR(ERRHRD,ERRdiskfull));
5930 /* If the maximum to be written to this file
5931 is greater than what we just wrote then set
5932 up a secondary struct to be attached to this
5933 fd, we will use this to cache error messages etc. */
5935 if((ssize_t)tcount > nwritten) {
5936 write_bmpx_struct *wbms;
5937 if(fsp->wbmpx_ptr != NULL)
5938 wbms = fsp->wbmpx_ptr; /* Use an existing struct */
5940 wbms = SMB_MALLOC_P(write_bmpx_struct);
5942 DEBUG(0,("Out of memory in reply_readmpx\n"));
5943 END_PROFILE(SMBwriteBmpx);
5944 return(ERROR_DOS(ERRSRV,ERRnoresource));
5946 wbms->wr_mode = write_through;
5947 wbms->wr_discard = False; /* No errors yet */
5948 wbms->wr_total_written = nwritten;
5949 wbms->wr_errclass = 0;
5951 fsp->wbmpx_ptr = wbms;
5954 /* We are returning successfully, set the message type back to
5956 SCVAL(outbuf,smb_com,SMBwriteBmpx);
5958 outsize = set_message(inbuf,outbuf,1,0,True);
5960 SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
5962 DEBUG( 3, ( "writebmpx fnum=%d num=%d wrote=%d\n",
5963 fsp->fnum, (int)numtowrite, (int)nwritten ) );
5965 if (write_through && tcount==nwritten) {
5966 /* We need to send both a primary and a secondary response */
5967 smb_setlen(inbuf,outbuf,outsize - 4);
5969 if (!send_smb(smbd_server_fd(),outbuf))
5970 exit_server_cleanly("reply_writebmpx: send_smb failed.");
5972 /* Now the secondary */
5973 outsize = set_message(inbuf,outbuf,1,0,True);
5974 SCVAL(outbuf,smb_com,SMBwritec);
5975 SSVAL(outbuf,smb_vwv0,nwritten);
5978 END_PROFILE(SMBwriteBmpx);
5982 /****************************************************************************
5983 Reply to a SMBwritebs (write block multiplex secondary) request.
5984 ****************************************************************************/
5986 int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5989 ssize_t nwritten = -1;
5996 write_bmpx_struct *wbms;
5997 BOOL send_response = False;
5998 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
6000 START_PROFILE(SMBwriteBs);
6002 CHECK_FSP(fsp,conn);
6003 if (!CHECK_WRITE(fsp)) {
6004 return(ERROR_DOS(ERRDOS,ERRbadaccess));
6007 tcount = SVAL(inbuf,smb_vwv1);
6008 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
6009 numtowrite = SVAL(inbuf,smb_vwv6);
6010 smb_doff = SVAL(inbuf,smb_vwv7);
6012 data = smb_base(inbuf) + smb_doff;
6014 /* We need to send an SMBwriteC response, not an SMBwritebs */
6015 SCVAL(outbuf,smb_com,SMBwritec);
6017 /* This fd should have an auxiliary struct attached,
6018 check that it does */
6019 wbms = fsp->wbmpx_ptr;
6021 END_PROFILE(SMBwriteBs);
6025 /* If write through is set we can return errors, else we must cache them */
6026 write_through = wbms->wr_mode;
6028 /* Check for an earlier error */
6029 if(wbms->wr_discard) {
6030 END_PROFILE(SMBwriteBs);
6031 return -1; /* Just discard the packet */
6034 nwritten = write_file(fsp,data,startpos,numtowrite);
6036 status = sync_file(conn, fsp, write_through);
6038 if (nwritten < (ssize_t)numtowrite || !NT_STATUS_IS_OK(status)) {
6040 /* We are returning an error - we can delete the aux struct */
6043 fsp->wbmpx_ptr = NULL;
6044 END_PROFILE(SMBwriteBs);
6045 return(ERROR_DOS(ERRHRD,ERRdiskfull));
6047 wbms->wr_errclass = ERRHRD;
6048 wbms->wr_error = ERRdiskfull;
6049 wbms->wr_status = NT_STATUS_DISK_FULL;
6050 wbms->wr_discard = True;
6051 END_PROFILE(SMBwriteBs);
6055 /* Increment the total written, if this matches tcount
6056 we can discard the auxiliary struct (hurrah !) and return a writeC */
6057 wbms->wr_total_written += nwritten;
6058 if(wbms->wr_total_written >= tcount) {
6059 if (write_through) {
6060 outsize = set_message(inbuf,outbuf,1,0,True);
6061 SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);
6062 send_response = True;
6066 fsp->wbmpx_ptr = NULL;
6070 END_PROFILE(SMBwriteBs);
6074 END_PROFILE(SMBwriteBs);
6078 /****************************************************************************
6079 Reply to a SMBgetattrE.
6080 ****************************************************************************/
6082 int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
6084 SMB_STRUCT_STAT sbuf;
6087 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
6088 START_PROFILE(SMBgetattrE);
6090 outsize = set_message(inbuf,outbuf,11,0,True);
6092 if(!fsp || (fsp->conn != conn)) {
6093 END_PROFILE(SMBgetattrE);
6094 return ERROR_DOS(ERRDOS,ERRbadfid);
6097 /* Do an fstat on this file */
6098 if(fsp_stat(fsp, &sbuf)) {
6099 END_PROFILE(SMBgetattrE);
6100 return(UNIXERROR(ERRDOS,ERRnoaccess));
6103 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
6106 * Convert the times into dos times. Set create
6107 * date to be last modify date as UNIX doesn't save
6111 srv_put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
6112 srv_put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
6113 /* Should we check pending modtime here ? JRA */
6114 srv_put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
6117 SIVAL(outbuf,smb_vwv6,0);
6118 SIVAL(outbuf,smb_vwv8,0);
6120 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
6121 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
6122 SIVAL(outbuf,smb_vwv8,allocation_size);
6124 SSVAL(outbuf,smb_vwv10, mode);
6126 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
6128 END_PROFILE(SMBgetattrE);