2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "system/filesys.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "fake_file.h"
33 #include "rpc_client/rpc_client.h"
34 #include "../librpc/gen_ndr/ndr_spoolss_c.h"
35 #include "../librpc/gen_ndr/open_files.h"
36 #include "rpc_client/cli_spoolss.h"
37 #include "rpc_client/init_spoolss.h"
38 #include "rpc_server/rpc_ncacn_np.h"
39 #include "libcli/security/security.h"
40 #include "libsmb/nmblib.h"
42 #include "smbprofile.h"
43 #include "../lib/tsocket/tsocket.h"
44 #include "lib/tevent_wait.h"
45 #include "libcli/smb/smb_signing.h"
47 /****************************************************************************
48 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
49 path or anything including wildcards.
50 We're assuming here that '/' is not the second byte in any multibyte char
51 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
53 ****************************************************************************/
55 /* Custom version for processing POSIX paths. */
56 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
58 static NTSTATUS check_path_syntax_internal(char *path,
60 bool *p_last_component_contains_wcard)
64 NTSTATUS ret = NT_STATUS_OK;
65 bool start_of_name_component = True;
66 bool stream_started = false;
68 *p_last_component_contains_wcard = False;
75 return NT_STATUS_OBJECT_NAME_INVALID;
78 return NT_STATUS_OBJECT_NAME_INVALID;
80 if (strchr_m(&s[1], ':')) {
81 return NT_STATUS_OBJECT_NAME_INVALID;
87 if ((*s == ':') && !posix_path && !stream_started) {
88 if (*p_last_component_contains_wcard) {
89 return NT_STATUS_OBJECT_NAME_INVALID;
91 /* Stream names allow more characters than file names.
92 We're overloading posix_path here to allow a wider
93 range of characters. If stream_started is true this
94 is still a Windows path even if posix_path is true.
97 stream_started = true;
98 start_of_name_component = false;
102 return NT_STATUS_OBJECT_NAME_INVALID;
106 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
108 * Safe to assume is not the second part of a mb char
109 * as this is handled below.
111 /* Eat multiple '/' or '\\' */
112 while (IS_PATH_SEP(*s,posix_path)) {
115 if ((d != path) && (*s != '\0')) {
116 /* We only care about non-leading or trailing '/' or '\\' */
120 start_of_name_component = True;
122 *p_last_component_contains_wcard = False;
126 if (start_of_name_component) {
127 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
128 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
131 * No mb char starts with '.' so we're safe checking the directory separator here.
134 /* If we just added a '/' - delete it */
135 if ((d > path) && (*(d-1) == '/')) {
140 /* Are we at the start ? Can't go back further if so. */
142 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
145 /* Go back one level... */
146 /* We know this is safe as '/' cannot be part of a mb sequence. */
147 /* NOTE - if this assumption is invalid we are not in good shape... */
148 /* Decrement d first as d points to the *next* char to write into. */
149 for (d--; d > path; d--) {
153 s += 2; /* Else go past the .. */
154 /* We're still at the start of a name component, just the previous one. */
157 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
169 if (*s <= 0x1f || *s == '|') {
170 return NT_STATUS_OBJECT_NAME_INVALID;
178 *p_last_component_contains_wcard = True;
187 /* Get the size of the next MB character. */
188 next_codepoint(s,&siz);
206 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
208 return NT_STATUS_INVALID_PARAMETER;
211 start_of_name_component = False;
219 /****************************************************************************
220 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
221 No wildcards allowed.
222 ****************************************************************************/
224 NTSTATUS check_path_syntax(char *path)
227 return check_path_syntax_internal(path, False, &ignore);
230 /****************************************************************************
231 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
232 Wildcards allowed - p_contains_wcard returns true if the last component contained
234 ****************************************************************************/
236 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
238 return check_path_syntax_internal(path, False, p_contains_wcard);
241 /****************************************************************************
242 Check the path for a POSIX client.
243 We're assuming here that '/' is not the second byte in any multibyte char
244 set (a safe assumption).
245 ****************************************************************************/
247 NTSTATUS check_path_syntax_posix(char *path)
250 return check_path_syntax_internal(path, True, &ignore);
253 /****************************************************************************
254 Pull a string and check the path allowing a wilcard - provide for error return.
255 ****************************************************************************/
257 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
258 const char *base_ptr,
265 bool *contains_wcard)
271 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
275 *err = NT_STATUS_INVALID_PARAMETER;
279 *contains_wcard = False;
281 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
283 * For a DFS path the function parse_dfs_path()
284 * will do the path processing, just make a copy.
290 if (lp_posix_pathnames()) {
291 *err = check_path_syntax_posix(*pp_dest);
293 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
299 /****************************************************************************
300 Pull a string and check the path - provide for error return.
301 ****************************************************************************/
303 size_t srvstr_get_path(TALLOC_CTX *ctx,
304 const char *base_ptr,
313 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
314 src_len, flags, err, &ignore);
317 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
318 char **pp_dest, const char *src, int flags,
319 NTSTATUS *err, bool *contains_wcard)
321 return srvstr_get_path_wcard(mem_ctx, (const char *)req->inbuf, req->flags2,
322 pp_dest, src, smbreq_bufrem(req, src),
323 flags, err, contains_wcard);
326 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
327 char **pp_dest, const char *src, int flags,
331 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
332 flags, err, &ignore);
335 /****************************************************************************
336 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
337 ****************************************************************************/
339 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
342 if ((fsp == NULL) || (conn == NULL)) {
343 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
346 if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) {
347 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
353 /****************************************************************************
354 Check if we have a correct fsp pointing to a file.
355 ****************************************************************************/
357 bool check_fsp(connection_struct *conn, struct smb_request *req,
360 if (!check_fsp_open(conn, req, fsp)) {
363 if (fsp->is_directory) {
364 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
367 if (fsp->fh->fd == -1) {
368 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
371 fsp->num_smb_operations++;
375 /****************************************************************************
376 Check if we have a correct fsp pointing to a quota fake file. Replacement for
377 the CHECK_NTQUOTA_HANDLE_OK macro.
378 ****************************************************************************/
380 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
383 if (!check_fsp_open(conn, req, fsp)) {
387 if (fsp->is_directory) {
391 if (fsp->fake_file_handle == NULL) {
395 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
399 if (fsp->fake_file_handle->private_data == NULL) {
406 static bool netbios_session_retarget(struct smbd_server_connection *sconn,
407 const char *name, int name_type)
410 char *trim_name_type;
411 const char *retarget_parm;
414 int retarget_type = 0x20;
415 int retarget_port = NBT_SMB_PORT;
416 struct sockaddr_storage retarget_addr;
417 struct sockaddr_in *in_addr;
421 if (get_socket_port(sconn->sock) != NBT_SMB_PORT) {
425 trim_name = talloc_strdup(talloc_tos(), name);
426 if (trim_name == NULL) {
429 trim_char(trim_name, ' ', ' ');
431 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
433 if (trim_name_type == NULL) {
437 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
438 trim_name_type, NULL);
439 if (retarget_parm == NULL) {
440 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
443 if (retarget_parm == NULL) {
447 retarget = talloc_strdup(trim_name, retarget_parm);
448 if (retarget == NULL) {
452 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
454 p = strchr(retarget, ':');
457 retarget_port = atoi(p);
460 p = strchr_m(retarget, '#');
463 if (sscanf(p, "%x", &retarget_type) != 1) {
468 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
470 DEBUG(10, ("could not resolve %s\n", retarget));
474 if (retarget_addr.ss_family != AF_INET) {
475 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
479 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
481 _smb_setlen(outbuf, 6);
482 SCVAL(outbuf, 0, 0x84);
483 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
484 *(uint16_t *)(outbuf+8) = htons(retarget_port);
486 if (!srv_send_smb(sconn, (char *)outbuf, false, 0, false,
488 exit_server_cleanly("netbios_session_retarget: srv_send_smb "
494 TALLOC_FREE(trim_name);
498 static void reply_called_name_not_present(char *outbuf)
500 smb_setlen(outbuf, 1);
501 SCVAL(outbuf, 0, 0x83);
502 SCVAL(outbuf, 4, 0x82);
505 /****************************************************************************
506 Reply to a (netbios-level) special message.
507 ****************************************************************************/
509 void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inbuf_size)
511 int msg_type = CVAL(inbuf,0);
512 int msg_flags = CVAL(inbuf,1);
514 * We only really use 4 bytes of the outbuf, but for the smb_setlen
515 * calculation & friends (srv_send_smb uses that) we need the full smb
518 char outbuf[smb_size];
520 memset(outbuf, '\0', sizeof(outbuf));
522 smb_setlen(outbuf,0);
525 case NBSSrequest: /* session request */
527 /* inbuf_size is guarenteed to be at least 4. */
529 int name_type1, name_type2;
530 int name_len1, name_len2;
534 if (sconn->nbt.got_session) {
535 exit_server_cleanly("multiple session request not permitted");
538 SCVAL(outbuf,0,NBSSpositive);
541 /* inbuf_size is guaranteed to be at least 4. */
542 name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
543 if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
544 DEBUG(0,("Invalid name length in session request\n"));
545 reply_called_name_not_present(outbuf);
548 name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
549 if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
550 DEBUG(0,("Invalid name length in session request\n"));
551 reply_called_name_not_present(outbuf);
555 name_type1 = name_extract((unsigned char *)inbuf,
556 inbuf_size,(unsigned int)4,name1);
557 name_type2 = name_extract((unsigned char *)inbuf,
558 inbuf_size,(unsigned int)(4 + name_len1),name2);
560 if (name_type1 == -1 || name_type2 == -1) {
561 DEBUG(0,("Invalid name type in session request\n"));
562 reply_called_name_not_present(outbuf);
566 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
567 name1, name_type1, name2, name_type2));
569 if (netbios_session_retarget(sconn, name1, name_type1)) {
570 exit_server_cleanly("retargeted client");
574 * Windows NT/2k uses "*SMBSERVER" and XP uses
575 * "*SMBSERV" arrggg!!!
577 if (strequal(name1, "*SMBSERVER ")
578 || strequal(name1, "*SMBSERV ")) {
581 raddr = tsocket_address_inet_addr_string(sconn->remote_address,
584 exit_server_cleanly("could not allocate raddr");
587 fstrcpy(name1, raddr);
590 set_local_machine_name(name1, True);
591 set_remote_machine_name(name2, True);
593 if (is_ipaddress(sconn->remote_hostname)) {
594 char *p = discard_const_p(char, sconn->remote_hostname);
598 sconn->remote_hostname = talloc_strdup(sconn,
599 get_remote_machine_name());
600 if (sconn->remote_hostname == NULL) {
601 exit_server_cleanly("could not copy remote name");
603 sconn->conn->remote_hostname = sconn->remote_hostname;
606 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
607 get_local_machine_name(), get_remote_machine_name(),
610 if (name_type2 == 'R') {
611 /* We are being asked for a pathworks session ---
613 reply_called_name_not_present(outbuf);
617 reload_services(sconn, conn_snum_used, true);
620 sconn->nbt.got_session = true;
624 case 0x89: /* session keepalive request
625 (some old clients produce this?) */
626 SCVAL(outbuf,0,NBSSkeepalive);
630 case NBSSpositive: /* positive session response */
631 case NBSSnegative: /* negative session response */
632 case NBSSretarget: /* retarget session response */
633 DEBUG(0,("Unexpected session response\n"));
636 case NBSSkeepalive: /* session keepalive */
641 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
642 msg_type, msg_flags));
644 srv_send_smb(sconn, outbuf, false, 0, false, NULL);
646 if (CVAL(outbuf, 0) != 0x82) {
647 exit_server_cleanly("invalid netbios session");
652 /****************************************************************************
654 conn POINTER CAN BE NULL HERE !
655 ****************************************************************************/
657 void reply_tcon(struct smb_request *req)
659 connection_struct *conn = req->conn;
661 char *service_buf = NULL;
662 char *password = NULL;
667 TALLOC_CTX *ctx = talloc_tos();
668 struct smbd_server_connection *sconn = req->sconn;
669 NTTIME now = timeval_to_nttime(&req->request_time);
671 START_PROFILE(SMBtcon);
673 if (req->buflen < 4) {
674 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
675 END_PROFILE(SMBtcon);
679 p = (const char *)req->buf + 1;
680 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
682 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
684 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
687 if (service_buf == NULL || password == NULL || dev == NULL) {
688 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
689 END_PROFILE(SMBtcon);
692 p = strrchr_m(service_buf,'\\');
696 service = service_buf;
699 conn = make_connection(sconn, now, service, dev,
700 req->vuid,&nt_status);
704 reply_nterror(req, nt_status);
705 END_PROFILE(SMBtcon);
709 reply_outbuf(req, 2, 0);
710 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
711 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
712 SSVAL(req->outbuf,smb_tid,conn->cnum);
714 DEBUG(3,("tcon service=%s cnum=%d\n",
715 service, conn->cnum));
717 END_PROFILE(SMBtcon);
721 /****************************************************************************
722 Reply to a tcon and X.
723 conn POINTER CAN BE NULL HERE !
724 ****************************************************************************/
726 void reply_tcon_and_X(struct smb_request *req)
728 connection_struct *conn = req->conn;
729 const char *service = NULL;
730 TALLOC_CTX *ctx = talloc_tos();
731 /* what the cleint thinks the device is */
732 char *client_devicetype = NULL;
733 /* what the server tells the client the share represents */
734 const char *server_devicetype;
740 struct smbXsrv_session *session = NULL;
741 NTTIME now = timeval_to_nttime(&req->request_time);
742 bool session_key_updated = false;
743 uint16_t optional_support = 0;
744 struct smbd_server_connection *sconn = req->sconn;
746 START_PROFILE(SMBtconX);
749 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
750 END_PROFILE(SMBtconX);
754 passlen = SVAL(req->vwv+3, 0);
755 tcon_flags = SVAL(req->vwv+2, 0);
757 /* we might have to close an old one */
758 if ((tcon_flags & TCONX_FLAG_DISCONNECT_TID) && conn) {
759 struct smbXsrv_tcon *tcon;
767 * TODO: cancel all outstanding requests on the tcon
769 status = smbXsrv_tcon_disconnect(tcon, req->vuid);
770 if (!NT_STATUS_IS_OK(status)) {
771 DEBUG(0, ("reply_tcon_and_X: "
772 "smbXsrv_tcon_disconnect() failed: %s\n",
775 * If we hit this case, there is something completely
776 * wrong, so we better disconnect the transport connection.
778 END_PROFILE(SMBtconX);
779 exit_server(__location__ ": smbXsrv_tcon_disconnect failed");
786 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
787 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
788 END_PROFILE(SMBtconX);
792 if (sconn->smb1.negprot.encrypted_passwords) {
793 p = (const char *)req->buf + passlen;
795 p = (const char *)req->buf + passlen + 1;
798 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
801 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
802 END_PROFILE(SMBtconX);
807 * the service name can be either: \\server\share
808 * or share directly like on the DELL PowerVault 705
811 q = strchr_m(path+2,'\\');
813 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
814 END_PROFILE(SMBtconX);
822 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
823 &client_devicetype, p,
824 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
826 if (client_devicetype == NULL) {
827 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
828 END_PROFILE(SMBtconX);
832 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
834 nt_status = smb1srv_session_lookup(req->sconn->conn,
835 req->vuid, now, &session);
836 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_USER_SESSION_DELETED)) {
837 reply_force_doserror(req, ERRSRV, ERRbaduid);
838 END_PROFILE(SMBtconX);
841 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
842 reply_nterror(req, nt_status);
843 END_PROFILE(SMBtconX);
846 if (!NT_STATUS_IS_OK(nt_status)) {
847 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
848 END_PROFILE(SMBtconX);
852 if (session->global->auth_session_info == NULL) {
853 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
854 END_PROFILE(SMBtconX);
859 * If there is no application key defined yet
862 * This means we setup the application key on the
863 * first tcon that happens via the given session.
865 * Once the application key is defined, it does not
868 if (session->global->application_key.length == 0 &&
869 session->global->signing_key.length > 0)
871 struct smbXsrv_session *x = session;
872 struct auth_session_info *session_info =
873 session->global->auth_session_info;
874 uint8_t session_key[16];
876 ZERO_STRUCT(session_key);
877 memcpy(session_key, x->global->signing_key.data,
878 MIN(x->global->signing_key.length, sizeof(session_key)));
881 * The application key is truncated/padded to 16 bytes
883 x->global->application_key = data_blob_talloc(x->global,
885 sizeof(session_key));
886 ZERO_STRUCT(session_key);
887 if (x->global->application_key.data == NULL) {
888 reply_nterror(req, NT_STATUS_NO_MEMORY);
889 END_PROFILE(SMBtconX);
893 if (tcon_flags & TCONX_FLAG_EXTENDED_SIGNATURES) {
894 smb_key_derivation(x->global->application_key.data,
895 x->global->application_key.length,
896 x->global->application_key.data);
897 optional_support |= SMB_EXTENDED_SIGNATURES;
901 * Place the application key into the session_info
903 data_blob_clear_free(&session_info->session_key);
904 session_info->session_key = data_blob_dup_talloc(session_info,
905 x->global->application_key);
906 if (session_info->session_key.data == NULL) {
907 data_blob_clear_free(&x->global->application_key);
908 reply_nterror(req, NT_STATUS_NO_MEMORY);
909 END_PROFILE(SMBtconX);
912 session_key_updated = true;
915 conn = make_connection(sconn, now, service, client_devicetype,
916 req->vuid, &nt_status);
920 if (session_key_updated) {
921 struct smbXsrv_session *x = session;
922 struct auth_session_info *session_info =
923 session->global->auth_session_info;
924 data_blob_clear_free(&x->global->application_key);
925 data_blob_clear_free(&session_info->session_key);
927 reply_nterror(req, nt_status);
928 END_PROFILE(SMBtconX);
933 server_devicetype = "IPC";
934 else if ( IS_PRINT(conn) )
935 server_devicetype = "LPT1:";
937 server_devicetype = "A:";
939 if (get_Protocol() < PROTOCOL_NT1) {
940 reply_outbuf(req, 2, 0);
941 if (message_push_string(&req->outbuf, server_devicetype,
942 STR_TERMINATE|STR_ASCII) == -1) {
943 reply_nterror(req, NT_STATUS_NO_MEMORY);
944 END_PROFILE(SMBtconX);
948 /* NT sets the fstype of IPC$ to the null string */
949 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(ctx, SNUM(conn));
951 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
952 /* Return permissions. */
956 reply_outbuf(req, 7, 0);
959 perm1 = FILE_ALL_ACCESS;
960 perm2 = FILE_ALL_ACCESS;
962 perm1 = conn->share_access;
965 SIVAL(req->outbuf, smb_vwv3, perm1);
966 SIVAL(req->outbuf, smb_vwv5, perm2);
968 reply_outbuf(req, 3, 0);
971 if ((message_push_string(&req->outbuf, server_devicetype,
972 STR_TERMINATE|STR_ASCII) == -1)
973 || (message_push_string(&req->outbuf, fstype,
974 STR_TERMINATE) == -1)) {
975 reply_nterror(req, NT_STATUS_NO_MEMORY);
976 END_PROFILE(SMBtconX);
980 /* what does setting this bit do? It is set by NT4 and
981 may affect the ability to autorun mounted cdroms */
982 optional_support |= SMB_SUPPORT_SEARCH_BITS;
984 (lp_csc_policy(SNUM(conn)) << SMB_CSC_POLICY_SHIFT);
986 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
987 DEBUG(2,("Serving %s as a Dfs root\n",
988 lp_servicename(ctx, SNUM(conn)) ));
989 optional_support |= SMB_SHARE_IN_DFS;
992 SSVAL(req->outbuf, smb_vwv2, optional_support);
995 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
996 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
998 DEBUG(3,("tconX service=%s \n",
1001 /* set the incoming and outgoing tid to the just created one */
1002 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_tid,conn->cnum);
1003 SSVAL(req->outbuf,smb_tid,conn->cnum);
1005 END_PROFILE(SMBtconX);
1007 req->tid = conn->cnum;
1010 /****************************************************************************
1011 Reply to an unknown type.
1012 ****************************************************************************/
1014 void reply_unknown_new(struct smb_request *req, uint8 type)
1016 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
1017 smb_fn_name(type), type, type));
1018 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
1022 /****************************************************************************
1024 conn POINTER CAN BE NULL HERE !
1025 ****************************************************************************/
1027 void reply_ioctl(struct smb_request *req)
1029 connection_struct *conn = req->conn;
1036 START_PROFILE(SMBioctl);
1039 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1040 END_PROFILE(SMBioctl);
1044 device = SVAL(req->vwv+1, 0);
1045 function = SVAL(req->vwv+2, 0);
1046 ioctl_code = (device << 16) + function;
1048 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
1050 switch (ioctl_code) {
1051 case IOCTL_QUERY_JOB_INFO:
1055 reply_force_doserror(req, ERRSRV, ERRnosupport);
1056 END_PROFILE(SMBioctl);
1060 reply_outbuf(req, 8, replysize+1);
1061 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
1062 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
1063 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
1064 p = smb_buf(req->outbuf);
1065 memset(p, '\0', replysize+1); /* valgrind-safe. */
1066 p += 1; /* Allow for alignment */
1068 switch (ioctl_code) {
1069 case IOCTL_QUERY_JOB_INFO:
1071 files_struct *fsp = file_fsp(
1072 req, SVAL(req->vwv+0, 0));
1074 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1075 END_PROFILE(SMBioctl);
1079 SSVAL(p, 0, print_spool_rap_jobid(fsp->print_file));
1081 srvstr_push((char *)req->outbuf, req->flags2, p+2,
1082 lp_netbios_name(), 15,
1083 STR_TERMINATE|STR_ASCII);
1085 srvstr_push((char *)req->outbuf, req->flags2,
1087 lp_servicename(talloc_tos(),
1089 13, STR_TERMINATE|STR_ASCII);
1091 memset(p+18, 0, 13);
1097 END_PROFILE(SMBioctl);
1101 /****************************************************************************
1102 Strange checkpath NTSTATUS mapping.
1103 ****************************************************************************/
1105 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
1107 /* Strange DOS error code semantics only for checkpath... */
1108 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
1109 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
1110 /* We need to map to ERRbadpath */
1111 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1117 /****************************************************************************
1118 Reply to a checkpath.
1119 ****************************************************************************/
1121 void reply_checkpath(struct smb_request *req)
1123 connection_struct *conn = req->conn;
1124 struct smb_filename *smb_fname = NULL;
1127 TALLOC_CTX *ctx = talloc_tos();
1129 START_PROFILE(SMBcheckpath);
1131 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
1132 STR_TERMINATE, &status);
1134 if (!NT_STATUS_IS_OK(status)) {
1135 status = map_checkpath_error(req->flags2, status);
1136 reply_nterror(req, status);
1137 END_PROFILE(SMBcheckpath);
1141 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
1143 status = filename_convert(ctx,
1145 req->flags2 & FLAGS2_DFS_PATHNAMES,
1151 if (!NT_STATUS_IS_OK(status)) {
1152 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1153 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1154 ERRSRV, ERRbadpath);
1155 END_PROFILE(SMBcheckpath);
1161 if (!VALID_STAT(smb_fname->st) &&
1162 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1163 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1164 smb_fname_str_dbg(smb_fname), strerror(errno)));
1165 status = map_nt_error_from_unix(errno);
1169 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1170 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1171 ERRDOS, ERRbadpath);
1175 reply_outbuf(req, 0, 0);
1178 /* We special case this - as when a Windows machine
1179 is parsing a path is steps through the components
1180 one at a time - if a component fails it expects
1181 ERRbadpath, not ERRbadfile.
1183 status = map_checkpath_error(req->flags2, status);
1184 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1186 * Windows returns different error codes if
1187 * the parent directory is valid but not the
1188 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1189 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1190 * if the path is invalid.
1192 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1193 ERRDOS, ERRbadpath);
1197 reply_nterror(req, status);
1200 TALLOC_FREE(smb_fname);
1201 END_PROFILE(SMBcheckpath);
1205 /****************************************************************************
1207 ****************************************************************************/
1209 void reply_getatr(struct smb_request *req)
1211 connection_struct *conn = req->conn;
1212 struct smb_filename *smb_fname = NULL;
1219 TALLOC_CTX *ctx = talloc_tos();
1220 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1222 START_PROFILE(SMBgetatr);
1224 p = (const char *)req->buf + 1;
1225 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1226 if (!NT_STATUS_IS_OK(status)) {
1227 reply_nterror(req, status);
1231 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1232 under WfWg - weird! */
1233 if (*fname == '\0') {
1234 mode = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
1235 if (!CAN_WRITE(conn)) {
1236 mode |= FILE_ATTRIBUTE_READONLY;
1241 status = filename_convert(ctx,
1243 req->flags2 & FLAGS2_DFS_PATHNAMES,
1248 if (!NT_STATUS_IS_OK(status)) {
1249 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1250 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1251 ERRSRV, ERRbadpath);
1254 reply_nterror(req, status);
1257 if (!VALID_STAT(smb_fname->st) &&
1258 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1259 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1260 smb_fname_str_dbg(smb_fname),
1262 reply_nterror(req, map_nt_error_from_unix(errno));
1266 mode = dos_mode(conn, smb_fname);
1267 size = smb_fname->st.st_ex_size;
1269 if (ask_sharemode) {
1270 struct timespec write_time_ts;
1271 struct file_id fileid;
1273 ZERO_STRUCT(write_time_ts);
1274 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1275 get_file_infos(fileid, 0, NULL, &write_time_ts);
1276 if (!null_timespec(write_time_ts)) {
1277 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1281 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1282 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
1287 reply_outbuf(req, 10, 0);
1289 SSVAL(req->outbuf,smb_vwv0,mode);
1290 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1291 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1293 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1295 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1297 if (get_Protocol() >= PROTOCOL_NT1) {
1298 SSVAL(req->outbuf, smb_flg2,
1299 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1302 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1303 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1306 TALLOC_FREE(smb_fname);
1308 END_PROFILE(SMBgetatr);
1312 /****************************************************************************
1314 ****************************************************************************/
1316 void reply_setatr(struct smb_request *req)
1318 struct smb_file_time ft;
1319 connection_struct *conn = req->conn;
1320 struct smb_filename *smb_fname = NULL;
1326 TALLOC_CTX *ctx = talloc_tos();
1328 START_PROFILE(SMBsetatr);
1333 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1337 p = (const char *)req->buf + 1;
1338 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1339 if (!NT_STATUS_IS_OK(status)) {
1340 reply_nterror(req, status);
1344 status = filename_convert(ctx,
1346 req->flags2 & FLAGS2_DFS_PATHNAMES,
1351 if (!NT_STATUS_IS_OK(status)) {
1352 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1353 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1354 ERRSRV, ERRbadpath);
1357 reply_nterror(req, status);
1361 if (smb_fname->base_name[0] == '.' &&
1362 smb_fname->base_name[1] == '\0') {
1364 * Not sure here is the right place to catch this
1365 * condition. Might be moved to somewhere else later -- vl
1367 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1371 mode = SVAL(req->vwv+0, 0);
1372 mtime = srv_make_unix_date3(req->vwv+1);
1374 if (mode != FILE_ATTRIBUTE_NORMAL) {
1375 if (VALID_STAT_OF_DIR(smb_fname->st))
1376 mode |= FILE_ATTRIBUTE_DIRECTORY;
1378 mode &= ~FILE_ATTRIBUTE_DIRECTORY;
1380 status = check_access(conn, NULL, smb_fname,
1381 FILE_WRITE_ATTRIBUTES);
1382 if (!NT_STATUS_IS_OK(status)) {
1383 reply_nterror(req, status);
1387 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1389 reply_nterror(req, map_nt_error_from_unix(errno));
1394 ft.mtime = convert_time_t_to_timespec(mtime);
1395 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1396 if (!NT_STATUS_IS_OK(status)) {
1397 reply_nterror(req, status);
1401 reply_outbuf(req, 0, 0);
1403 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1406 TALLOC_FREE(smb_fname);
1407 END_PROFILE(SMBsetatr);
1411 /****************************************************************************
1413 ****************************************************************************/
1415 void reply_dskattr(struct smb_request *req)
1417 connection_struct *conn = req->conn;
1418 uint64_t dfree,dsize,bsize;
1419 START_PROFILE(SMBdskattr);
1421 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1422 reply_nterror(req, map_nt_error_from_unix(errno));
1423 END_PROFILE(SMBdskattr);
1427 reply_outbuf(req, 5, 0);
1429 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1430 double total_space, free_space;
1431 /* we need to scale this to a number that DOS6 can handle. We
1432 use floating point so we can handle large drives on systems
1433 that don't have 64 bit integers
1435 we end up displaying a maximum of 2G to DOS systems
1437 total_space = dsize * (double)bsize;
1438 free_space = dfree * (double)bsize;
1440 dsize = (uint64_t)((total_space+63*512) / (64*512));
1441 dfree = (uint64_t)((free_space+63*512) / (64*512));
1443 if (dsize > 0xFFFF) dsize = 0xFFFF;
1444 if (dfree > 0xFFFF) dfree = 0xFFFF;
1446 SSVAL(req->outbuf,smb_vwv0,dsize);
1447 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1448 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1449 SSVAL(req->outbuf,smb_vwv3,dfree);
1451 SSVAL(req->outbuf,smb_vwv0,dsize);
1452 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1453 SSVAL(req->outbuf,smb_vwv2,512);
1454 SSVAL(req->outbuf,smb_vwv3,dfree);
1457 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1459 END_PROFILE(SMBdskattr);
1464 * Utility function to split the filename from the directory.
1466 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1467 char **fname_dir_out,
1468 char **fname_mask_out)
1470 const char *p = NULL;
1471 char *fname_dir = NULL;
1472 char *fname_mask = NULL;
1474 p = strrchr_m(fname_in, '/');
1476 fname_dir = talloc_strdup(ctx, ".");
1477 fname_mask = talloc_strdup(ctx, fname_in);
1479 fname_dir = talloc_strndup(ctx, fname_in,
1480 PTR_DIFF(p, fname_in));
1481 fname_mask = talloc_strdup(ctx, p+1);
1484 if (!fname_dir || !fname_mask) {
1485 TALLOC_FREE(fname_dir);
1486 TALLOC_FREE(fname_mask);
1487 return NT_STATUS_NO_MEMORY;
1490 *fname_dir_out = fname_dir;
1491 *fname_mask_out = fname_mask;
1492 return NT_STATUS_OK;
1495 /****************************************************************************
1497 Can be called from SMBsearch, SMBffirst or SMBfunique.
1498 ****************************************************************************/
1500 void reply_search(struct smb_request *req)
1502 connection_struct *conn = req->conn;
1504 const char *mask = NULL;
1505 char *directory = NULL;
1506 struct smb_filename *smb_fname = NULL;
1510 struct timespec date;
1512 unsigned int numentries = 0;
1513 unsigned int maxentries = 0;
1514 bool finished = False;
1519 bool check_descend = False;
1520 bool expect_close = False;
1522 bool mask_contains_wcard = False;
1523 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1524 TALLOC_CTX *ctx = talloc_tos();
1525 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1526 struct dptr_struct *dirptr = NULL;
1527 struct smbd_server_connection *sconn = req->sconn;
1529 START_PROFILE(SMBsearch);
1532 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1536 if (lp_posix_pathnames()) {
1537 reply_unknown_new(req, req->cmd);
1541 /* If we were called as SMBffirst then we must expect close. */
1542 if(req->cmd == SMBffirst) {
1543 expect_close = True;
1546 reply_outbuf(req, 1, 3);
1547 maxentries = SVAL(req->vwv+0, 0);
1548 dirtype = SVAL(req->vwv+1, 0);
1549 p = (const char *)req->buf + 1;
1550 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1551 &nt_status, &mask_contains_wcard);
1552 if (!NT_STATUS_IS_OK(nt_status)) {
1553 reply_nterror(req, nt_status);
1558 status_len = SVAL(p, 0);
1561 /* dirtype &= ~FILE_ATTRIBUTE_DIRECTORY; */
1563 if (status_len == 0) {
1564 nt_status = filename_convert(ctx, conn,
1565 req->flags2 & FLAGS2_DFS_PATHNAMES,
1567 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1568 &mask_contains_wcard,
1570 if (!NT_STATUS_IS_OK(nt_status)) {
1571 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1572 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1573 ERRSRV, ERRbadpath);
1576 reply_nterror(req, nt_status);
1580 directory = smb_fname->base_name;
1582 p = strrchr_m(directory,'/');
1583 if ((p != NULL) && (*directory != '/')) {
1585 directory = talloc_strndup(ctx, directory,
1586 PTR_DIFF(p, directory));
1589 directory = talloc_strdup(ctx,".");
1593 reply_nterror(req, NT_STATUS_NO_MEMORY);
1597 memset((char *)status,'\0',21);
1598 SCVAL(status,0,(dirtype & 0x1F));
1600 nt_status = dptr_create(conn,
1608 mask_contains_wcard,
1611 if (!NT_STATUS_IS_OK(nt_status)) {
1612 reply_nterror(req, nt_status);
1615 dptr_num = dptr_dnum(dirptr);
1618 const char *dirpath;
1620 memcpy(status,p,21);
1621 status_dirtype = CVAL(status,0) & 0x1F;
1622 if (status_dirtype != (dirtype & 0x1F)) {
1623 dirtype = status_dirtype;
1626 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1630 dirpath = dptr_path(sconn, dptr_num);
1631 directory = talloc_strdup(ctx, dirpath);
1633 reply_nterror(req, NT_STATUS_NO_MEMORY);
1637 mask = dptr_wcard(sconn, dptr_num);
1642 * For a 'continue' search we have no string. So
1643 * check from the initial saved string.
1645 mask_contains_wcard = ms_has_wild(mask);
1646 dirtype = dptr_attr(sconn, dptr_num);
1649 DEBUG(4,("dptr_num is %d\n",dptr_num));
1651 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1652 dptr_init_search_op(dirptr);
1654 if ((dirtype&0x1F) == FILE_ATTRIBUTE_VOLUME) {
1655 char buf[DIR_STRUCT_SIZE];
1656 memcpy(buf,status,21);
1657 if (!make_dir_struct(ctx,buf,"???????????",volume_label(ctx, SNUM(conn)),
1658 0,FILE_ATTRIBUTE_VOLUME,0,!allow_long_path_components)) {
1659 reply_nterror(req, NT_STATUS_NO_MEMORY);
1662 dptr_fill(sconn, buf+12,dptr_num);
1663 if (dptr_zero(buf+12) && (status_len==0)) {
1668 if (message_push_blob(&req->outbuf,
1669 data_blob_const(buf, sizeof(buf)))
1671 reply_nterror(req, NT_STATUS_NO_MEMORY);
1679 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1682 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1683 directory,lp_dontdescend(ctx, SNUM(conn))));
1684 if (in_list(directory, lp_dontdescend(ctx, SNUM(conn)),True)) {
1685 check_descend = True;
1688 for (i=numentries;(i<maxentries) && !finished;i++) {
1689 finished = !get_dir_entry(ctx,
1700 char buf[DIR_STRUCT_SIZE];
1701 memcpy(buf,status,21);
1702 if (!make_dir_struct(ctx,
1708 convert_timespec_to_time_t(date),
1709 !allow_long_path_components)) {
1710 reply_nterror(req, NT_STATUS_NO_MEMORY);
1713 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1716 if (message_push_blob(&req->outbuf,
1717 data_blob_const(buf, sizeof(buf)))
1719 reply_nterror(req, NT_STATUS_NO_MEMORY);
1729 /* If we were called as SMBffirst with smb_search_id == NULL
1730 and no entries were found then return error and close dirptr
1733 if (numentries == 0) {
1734 dptr_close(sconn, &dptr_num);
1735 } else if(expect_close && status_len == 0) {
1736 /* Close the dptr - we know it's gone */
1737 dptr_close(sconn, &dptr_num);
1740 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1741 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1742 dptr_close(sconn, &dptr_num);
1745 if ((numentries == 0) && !mask_contains_wcard) {
1746 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1750 SSVAL(req->outbuf,smb_vwv0,numentries);
1751 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1752 SCVAL(smb_buf(req->outbuf),0,5);
1753 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1755 /* The replies here are never long name. */
1756 SSVAL(req->outbuf, smb_flg2,
1757 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1758 if (!allow_long_path_components) {
1759 SSVAL(req->outbuf, smb_flg2,
1760 SVAL(req->outbuf, smb_flg2)
1761 & (~FLAGS2_LONG_PATH_COMPONENTS));
1764 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1765 SSVAL(req->outbuf, smb_flg2,
1766 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1768 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1769 smb_fn_name(req->cmd),
1776 TALLOC_FREE(directory);
1777 TALLOC_FREE(smb_fname);
1778 END_PROFILE(SMBsearch);
1782 /****************************************************************************
1783 Reply to a fclose (stop directory search).
1784 ****************************************************************************/
1786 void reply_fclose(struct smb_request *req)
1794 bool path_contains_wcard = False;
1795 TALLOC_CTX *ctx = talloc_tos();
1796 struct smbd_server_connection *sconn = req->sconn;
1798 START_PROFILE(SMBfclose);
1800 if (lp_posix_pathnames()) {
1801 reply_unknown_new(req, req->cmd);
1802 END_PROFILE(SMBfclose);
1806 p = (const char *)req->buf + 1;
1807 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1808 &err, &path_contains_wcard);
1809 if (!NT_STATUS_IS_OK(err)) {
1810 reply_nterror(req, err);
1811 END_PROFILE(SMBfclose);
1815 status_len = SVAL(p,0);
1818 if (status_len == 0) {
1819 reply_force_doserror(req, ERRSRV, ERRsrverror);
1820 END_PROFILE(SMBfclose);
1824 memcpy(status,p,21);
1826 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1827 /* Close the dptr - we know it's gone */
1828 dptr_close(sconn, &dptr_num);
1831 reply_outbuf(req, 1, 0);
1832 SSVAL(req->outbuf,smb_vwv0,0);
1834 DEBUG(3,("search close\n"));
1836 END_PROFILE(SMBfclose);
1840 /****************************************************************************
1842 ****************************************************************************/
1844 void reply_open(struct smb_request *req)
1846 connection_struct *conn = req->conn;
1847 struct smb_filename *smb_fname = NULL;
1859 uint32 create_disposition;
1860 uint32 create_options = 0;
1861 uint32_t private_flags = 0;
1863 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1864 TALLOC_CTX *ctx = talloc_tos();
1866 START_PROFILE(SMBopen);
1869 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1873 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1874 deny_mode = SVAL(req->vwv+0, 0);
1875 dos_attr = SVAL(req->vwv+1, 0);
1877 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1878 STR_TERMINATE, &status);
1879 if (!NT_STATUS_IS_OK(status)) {
1880 reply_nterror(req, status);
1884 status = filename_convert(ctx,
1886 req->flags2 & FLAGS2_DFS_PATHNAMES,
1891 if (!NT_STATUS_IS_OK(status)) {
1892 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1893 reply_botherror(req,
1894 NT_STATUS_PATH_NOT_COVERED,
1895 ERRSRV, ERRbadpath);
1898 reply_nterror(req, status);
1902 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
1903 OPENX_FILE_EXISTS_OPEN, &access_mask,
1904 &share_mode, &create_disposition,
1905 &create_options, &private_flags)) {
1906 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1910 status = SMB_VFS_CREATE_FILE(
1913 0, /* root_dir_fid */
1914 smb_fname, /* fname */
1915 access_mask, /* access_mask */
1916 share_mode, /* share_access */
1917 create_disposition, /* create_disposition*/
1918 create_options, /* create_options */
1919 dos_attr, /* file_attributes */
1920 oplock_request, /* oplock_request */
1921 0, /* allocation_size */
1928 if (!NT_STATUS_IS_OK(status)) {
1929 if (open_was_deferred(req->sconn, req->mid)) {
1930 /* We have re-scheduled this call. */
1933 reply_openerror(req, status);
1937 size = smb_fname->st.st_ex_size;
1938 fattr = dos_mode(conn, smb_fname);
1940 /* Deal with other possible opens having a modified
1942 if (ask_sharemode) {
1943 struct timespec write_time_ts;
1945 ZERO_STRUCT(write_time_ts);
1946 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
1947 if (!null_timespec(write_time_ts)) {
1948 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1952 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1954 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
1955 DEBUG(3,("attempt to open a directory %s\n",
1957 close_file(req, fsp, ERROR_CLOSE);
1958 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1959 ERRDOS, ERRnoaccess);
1963 reply_outbuf(req, 7, 0);
1964 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1965 SSVAL(req->outbuf,smb_vwv1,fattr);
1966 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1967 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1969 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1971 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1972 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1974 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1975 SCVAL(req->outbuf,smb_flg,
1976 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1979 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1980 SCVAL(req->outbuf,smb_flg,
1981 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1984 TALLOC_FREE(smb_fname);
1985 END_PROFILE(SMBopen);
1989 /****************************************************************************
1990 Reply to an open and X.
1991 ****************************************************************************/
1993 void reply_open_and_X(struct smb_request *req)
1995 connection_struct *conn = req->conn;
1996 struct smb_filename *smb_fname = NULL;
2001 /* Breakout the oplock request bits so we can set the
2002 reply bits separately. */
2003 int ex_oplock_request;
2004 int core_oplock_request;
2007 int smb_sattr = SVAL(req->vwv+4, 0);
2008 uint32 smb_time = make_unix_date3(req->vwv+6);
2016 uint64_t allocation_size;
2017 ssize_t retval = -1;
2020 uint32 create_disposition;
2021 uint32 create_options = 0;
2022 uint32_t private_flags = 0;
2023 TALLOC_CTX *ctx = talloc_tos();
2025 START_PROFILE(SMBopenX);
2027 if (req->wct < 15) {
2028 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2032 open_flags = SVAL(req->vwv+2, 0);
2033 deny_mode = SVAL(req->vwv+3, 0);
2034 smb_attr = SVAL(req->vwv+5, 0);
2035 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
2036 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2037 oplock_request = ex_oplock_request | core_oplock_request;
2038 smb_ofun = SVAL(req->vwv+8, 0);
2039 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
2041 /* If it's an IPC, pass off the pipe handler. */
2043 if (lp_nt_pipe_support()) {
2044 reply_open_pipe_and_X(conn, req);
2046 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
2051 /* XXXX we need to handle passed times, sattr and flags */
2052 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
2053 STR_TERMINATE, &status);
2054 if (!NT_STATUS_IS_OK(status)) {
2055 reply_nterror(req, status);
2059 status = filename_convert(ctx,
2061 req->flags2 & FLAGS2_DFS_PATHNAMES,
2066 if (!NT_STATUS_IS_OK(status)) {
2067 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2068 reply_botherror(req,
2069 NT_STATUS_PATH_NOT_COVERED,
2070 ERRSRV, ERRbadpath);
2073 reply_nterror(req, status);
2077 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
2079 &access_mask, &share_mode,
2080 &create_disposition,
2083 reply_force_doserror(req, ERRDOS, ERRbadaccess);
2087 status = SMB_VFS_CREATE_FILE(
2090 0, /* root_dir_fid */
2091 smb_fname, /* fname */
2092 access_mask, /* access_mask */
2093 share_mode, /* share_access */
2094 create_disposition, /* create_disposition*/
2095 create_options, /* create_options */
2096 smb_attr, /* file_attributes */
2097 oplock_request, /* oplock_request */
2098 0, /* allocation_size */
2103 &smb_action); /* pinfo */
2105 if (!NT_STATUS_IS_OK(status)) {
2106 if (open_was_deferred(req->sconn, req->mid)) {
2107 /* We have re-scheduled this call. */
2110 reply_openerror(req, status);
2114 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
2115 if the file is truncated or created. */
2116 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
2117 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
2118 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
2119 close_file(req, fsp, ERROR_CLOSE);
2120 reply_nterror(req, NT_STATUS_DISK_FULL);
2123 retval = vfs_set_filelen(fsp, (off_t)allocation_size);
2125 close_file(req, fsp, ERROR_CLOSE);
2126 reply_nterror(req, NT_STATUS_DISK_FULL);
2129 status = vfs_stat_fsp(fsp);
2130 if (!NT_STATUS_IS_OK(status)) {
2131 close_file(req, fsp, ERROR_CLOSE);
2132 reply_nterror(req, status);
2137 fattr = dos_mode(conn, fsp->fsp_name);
2138 mtime = convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime);
2139 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2140 close_file(req, fsp, ERROR_CLOSE);
2141 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2145 /* If the caller set the extended oplock request bit
2146 and we granted one (by whatever means) - set the
2147 correct bit for extended oplock reply.
2150 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2151 smb_action |= EXTENDED_OPLOCK_GRANTED;
2154 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2155 smb_action |= EXTENDED_OPLOCK_GRANTED;
2158 /* If the caller set the core oplock request bit
2159 and we granted one (by whatever means) - set the
2160 correct bit for core oplock reply.
2163 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2164 reply_outbuf(req, 19, 0);
2166 reply_outbuf(req, 15, 0);
2169 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
2170 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
2172 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2173 SCVAL(req->outbuf, smb_flg,
2174 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2177 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2178 SCVAL(req->outbuf, smb_flg,
2179 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2182 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2183 SSVAL(req->outbuf,smb_vwv3,fattr);
2184 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2185 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2187 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2189 SIVAL(req->outbuf,smb_vwv6,(uint32)fsp->fsp_name->st.st_ex_size);
2190 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2191 SSVAL(req->outbuf,smb_vwv11,smb_action);
2193 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2194 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2198 TALLOC_FREE(smb_fname);
2199 END_PROFILE(SMBopenX);
2203 /****************************************************************************
2204 Reply to a SMBulogoffX.
2205 ****************************************************************************/
2207 void reply_ulogoffX(struct smb_request *req)
2209 struct smbd_server_connection *sconn = req->sconn;
2210 struct user_struct *vuser;
2211 struct smbXsrv_session *session = NULL;
2214 START_PROFILE(SMBulogoffX);
2216 vuser = get_valid_user_struct(sconn, req->vuid);
2219 DEBUG(3,("ulogoff, vuser id %llu does not map to user.\n",
2220 (unsigned long long)req->vuid));
2222 req->vuid = UID_FIELD_INVALID;
2223 reply_force_doserror(req, ERRSRV, ERRbaduid);
2224 END_PROFILE(SMBulogoffX);
2228 session = vuser->session;
2232 * TODO: cancel all outstanding requests on the session
2234 status = smbXsrv_session_logoff(session);
2235 if (!NT_STATUS_IS_OK(status)) {
2236 DEBUG(0, ("reply_ulogoff: "
2237 "smbXsrv_session_logoff() failed: %s\n",
2238 nt_errstr(status)));
2240 * If we hit this case, there is something completely
2241 * wrong, so we better disconnect the transport connection.
2243 END_PROFILE(SMBulogoffX);
2244 exit_server(__location__ ": smbXsrv_session_logoff failed");
2248 TALLOC_FREE(session);
2250 reply_outbuf(req, 2, 0);
2251 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
2252 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
2254 DEBUG(3, ("ulogoffX vuid=%llu\n",
2255 (unsigned long long)req->vuid));
2257 END_PROFILE(SMBulogoffX);
2258 req->vuid = UID_FIELD_INVALID;
2261 /****************************************************************************
2262 Reply to a mknew or a create.
2263 ****************************************************************************/
2265 void reply_mknew(struct smb_request *req)
2267 connection_struct *conn = req->conn;
2268 struct smb_filename *smb_fname = NULL;
2271 struct smb_file_time ft;
2273 int oplock_request = 0;
2275 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2276 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2277 uint32 create_disposition;
2278 uint32 create_options = 0;
2279 TALLOC_CTX *ctx = talloc_tos();
2281 START_PROFILE(SMBcreate);
2285 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2289 fattr = SVAL(req->vwv+0, 0);
2290 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2293 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2295 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2296 STR_TERMINATE, &status);
2297 if (!NT_STATUS_IS_OK(status)) {
2298 reply_nterror(req, status);
2302 status = filename_convert(ctx,
2304 req->flags2 & FLAGS2_DFS_PATHNAMES,
2309 if (!NT_STATUS_IS_OK(status)) {
2310 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2311 reply_botherror(req,
2312 NT_STATUS_PATH_NOT_COVERED,
2313 ERRSRV, ERRbadpath);
2316 reply_nterror(req, status);
2320 if (fattr & FILE_ATTRIBUTE_VOLUME) {
2321 DEBUG(0,("Attempt to create file (%s) with volid set - "
2322 "please report this\n",
2323 smb_fname_str_dbg(smb_fname)));
2326 if(req->cmd == SMBmknew) {
2327 /* We should fail if file exists. */
2328 create_disposition = FILE_CREATE;
2330 /* Create if file doesn't exist, truncate if it does. */
2331 create_disposition = FILE_OVERWRITE_IF;
2334 status = SMB_VFS_CREATE_FILE(
2337 0, /* root_dir_fid */
2338 smb_fname, /* fname */
2339 access_mask, /* access_mask */
2340 share_mode, /* share_access */
2341 create_disposition, /* create_disposition*/
2342 create_options, /* create_options */
2343 fattr, /* file_attributes */
2344 oplock_request, /* oplock_request */
2345 0, /* allocation_size */
2346 0, /* private_flags */
2352 if (!NT_STATUS_IS_OK(status)) {
2353 if (open_was_deferred(req->sconn, req->mid)) {
2354 /* We have re-scheduled this call. */
2357 reply_openerror(req, status);
2361 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2362 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2363 if (!NT_STATUS_IS_OK(status)) {
2364 END_PROFILE(SMBcreate);
2368 reply_outbuf(req, 1, 0);
2369 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2371 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2372 SCVAL(req->outbuf,smb_flg,
2373 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2376 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2377 SCVAL(req->outbuf,smb_flg,
2378 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2381 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2382 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2383 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2384 (unsigned int)fattr));
2387 TALLOC_FREE(smb_fname);
2388 END_PROFILE(SMBcreate);
2392 /****************************************************************************
2393 Reply to a create temporary file.
2394 ****************************************************************************/
2396 void reply_ctemp(struct smb_request *req)
2398 connection_struct *conn = req->conn;
2399 struct smb_filename *smb_fname = NULL;
2407 TALLOC_CTX *ctx = talloc_tos();
2409 START_PROFILE(SMBctemp);
2412 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2416 fattr = SVAL(req->vwv+0, 0);
2417 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2419 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2420 STR_TERMINATE, &status);
2421 if (!NT_STATUS_IS_OK(status)) {
2422 reply_nterror(req, status);
2426 fname = talloc_asprintf(ctx,
2430 fname = talloc_strdup(ctx, "TMXXXXXX");
2434 reply_nterror(req, NT_STATUS_NO_MEMORY);
2438 status = filename_convert(ctx, conn,
2439 req->flags2 & FLAGS2_DFS_PATHNAMES,
2444 if (!NT_STATUS_IS_OK(status)) {
2445 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2446 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2447 ERRSRV, ERRbadpath);
2450 reply_nterror(req, status);
2454 tmpfd = mkstemp(smb_fname->base_name);
2456 reply_nterror(req, map_nt_error_from_unix(errno));
2460 SMB_VFS_STAT(conn, smb_fname);
2462 /* We should fail if file does not exist. */
2463 status = SMB_VFS_CREATE_FILE(
2466 0, /* root_dir_fid */
2467 smb_fname, /* fname */
2468 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2469 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2470 FILE_OPEN, /* create_disposition*/
2471 0, /* create_options */
2472 fattr, /* file_attributes */
2473 oplock_request, /* oplock_request */
2474 0, /* allocation_size */
2475 0, /* private_flags */
2481 /* close fd from mkstemp() */
2484 if (!NT_STATUS_IS_OK(status)) {
2485 if (open_was_deferred(req->sconn, req->mid)) {
2486 /* We have re-scheduled this call. */
2489 reply_openerror(req, status);
2493 reply_outbuf(req, 1, 0);
2494 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2496 /* the returned filename is relative to the directory */
2497 s = strrchr_m(fsp->fsp_name->base_name, '/');
2499 s = fsp->fsp_name->base_name;
2505 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2506 thing in the byte section. JRA */
2507 SSVALS(p, 0, -1); /* what is this? not in spec */
2509 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2511 reply_nterror(req, NT_STATUS_NO_MEMORY);
2515 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2516 SCVAL(req->outbuf, smb_flg,
2517 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2520 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2521 SCVAL(req->outbuf, smb_flg,
2522 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2525 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2526 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2527 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2529 TALLOC_FREE(smb_fname);
2530 END_PROFILE(SMBctemp);
2534 /*******************************************************************
2535 Check if a user is allowed to rename a file.
2536 ********************************************************************/
2538 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2541 if (!CAN_WRITE(conn)) {
2542 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2545 if ((dirtype & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) !=
2546 (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2547 /* Only bother to read the DOS attribute if we might deny the
2548 rename on the grounds of attribute missmatch. */
2549 uint32_t fmode = dos_mode(conn, fsp->fsp_name);
2550 if ((fmode & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2551 return NT_STATUS_NO_SUCH_FILE;
2555 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2556 if (fsp->posix_open) {
2557 return NT_STATUS_OK;
2560 /* If no pathnames are open below this
2561 directory, allow the rename. */
2563 if (file_find_subpath(fsp)) {
2564 return NT_STATUS_ACCESS_DENIED;
2566 return NT_STATUS_OK;
2569 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2570 return NT_STATUS_OK;
2573 return NT_STATUS_ACCESS_DENIED;
2576 /*******************************************************************
2577 * unlink a file with all relevant access checks
2578 *******************************************************************/
2580 static NTSTATUS do_unlink(connection_struct *conn,
2581 struct smb_request *req,
2582 struct smb_filename *smb_fname,
2587 uint32 dirtype_orig = dirtype;
2590 bool posix_paths = lp_posix_pathnames();
2592 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2593 smb_fname_str_dbg(smb_fname),
2596 if (!CAN_WRITE(conn)) {
2597 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2601 ret = SMB_VFS_LSTAT(conn, smb_fname);
2603 ret = SMB_VFS_STAT(conn, smb_fname);
2606 return map_nt_error_from_unix(errno);
2609 fattr = dos_mode(conn, smb_fname);
2611 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2612 dirtype = FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY;
2615 dirtype &= (FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
2617 return NT_STATUS_NO_SUCH_FILE;
2620 if (!dir_check_ftype(conn, fattr, dirtype)) {
2621 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2622 return NT_STATUS_FILE_IS_A_DIRECTORY;
2624 return NT_STATUS_NO_SUCH_FILE;
2627 if (dirtype_orig & 0x8000) {
2628 /* These will never be set for POSIX. */
2629 return NT_STATUS_NO_SUCH_FILE;
2633 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2634 return NT_STATUS_FILE_IS_A_DIRECTORY;
2637 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2638 return NT_STATUS_NO_SUCH_FILE;
2641 if (dirtype & 0xFF00) {
2642 /* These will never be set for POSIX. */
2643 return NT_STATUS_NO_SUCH_FILE;
2648 return NT_STATUS_NO_SUCH_FILE;
2651 /* Can't delete a directory. */
2652 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2653 return NT_STATUS_FILE_IS_A_DIRECTORY;
2658 else if (dirtype & FILE_ATTRIBUTE_DIRECTORY) /* Asked for a directory and it isn't. */
2659 return NT_STATUS_OBJECT_NAME_INVALID;
2660 #endif /* JRATEST */
2662 /* On open checks the open itself will check the share mode, so
2663 don't do it here as we'll get it wrong. */
2665 status = SMB_VFS_CREATE_FILE
2668 0, /* root_dir_fid */
2669 smb_fname, /* fname */
2670 DELETE_ACCESS, /* access_mask */
2671 FILE_SHARE_NONE, /* share_access */
2672 FILE_OPEN, /* create_disposition*/
2673 FILE_NON_DIRECTORY_FILE, /* create_options */
2674 /* file_attributes */
2675 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2676 FILE_ATTRIBUTE_NORMAL,
2677 0, /* oplock_request */
2678 0, /* allocation_size */
2679 0, /* private_flags */
2685 if (!NT_STATUS_IS_OK(status)) {
2686 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2687 nt_errstr(status)));
2691 status = can_set_delete_on_close(fsp, fattr);
2692 if (!NT_STATUS_IS_OK(status)) {
2693 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2695 smb_fname_str_dbg(smb_fname),
2696 nt_errstr(status)));
2697 close_file(req, fsp, NORMAL_CLOSE);
2701 /* The set is across all open files on this dev/inode pair. */
2702 if (!set_delete_on_close(fsp, True,
2703 conn->session_info->security_token,
2704 conn->session_info->unix_token)) {
2705 close_file(req, fsp, NORMAL_CLOSE);
2706 return NT_STATUS_ACCESS_DENIED;
2709 return close_file(req, fsp, NORMAL_CLOSE);
2712 /****************************************************************************
2713 The guts of the unlink command, split out so it may be called by the NT SMB
2715 ****************************************************************************/
2717 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2718 uint32 dirtype, struct smb_filename *smb_fname,
2721 char *fname_dir = NULL;
2722 char *fname_mask = NULL;
2724 NTSTATUS status = NT_STATUS_OK;
2725 TALLOC_CTX *ctx = talloc_tos();
2727 /* Split up the directory from the filename/mask. */
2728 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2729 &fname_dir, &fname_mask);
2730 if (!NT_STATUS_IS_OK(status)) {
2735 * We should only check the mangled cache
2736 * here if unix_convert failed. This means
2737 * that the path in 'mask' doesn't exist
2738 * on the file system and so we need to look
2739 * for a possible mangle. This patch from
2740 * Tine Smukavec <valentin.smukavec@hermes.si>.
2743 if (!VALID_STAT(smb_fname->st) &&
2744 mangle_is_mangled(fname_mask, conn->params)) {
2745 char *new_mask = NULL;
2746 mangle_lookup_name_from_8_3(ctx, fname_mask,
2747 &new_mask, conn->params);
2749 TALLOC_FREE(fname_mask);
2750 fname_mask = new_mask;
2757 * Only one file needs to be unlinked. Append the mask back
2758 * onto the directory.
2760 TALLOC_FREE(smb_fname->base_name);
2761 if (ISDOT(fname_dir)) {
2762 /* Ensure we use canonical names on open. */
2763 smb_fname->base_name = talloc_asprintf(smb_fname,
2767 smb_fname->base_name = talloc_asprintf(smb_fname,
2772 if (!smb_fname->base_name) {
2773 status = NT_STATUS_NO_MEMORY;
2777 dirtype = FILE_ATTRIBUTE_NORMAL;
2780 status = check_name(conn, smb_fname->base_name);
2781 if (!NT_STATUS_IS_OK(status)) {
2785 status = do_unlink(conn, req, smb_fname, dirtype);
2786 if (!NT_STATUS_IS_OK(status)) {
2792 struct smb_Dir *dir_hnd = NULL;
2794 const char *dname = NULL;
2795 char *talloced = NULL;
2797 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == FILE_ATTRIBUTE_DIRECTORY) {
2798 status = NT_STATUS_OBJECT_NAME_INVALID;
2802 if (strequal(fname_mask,"????????.???")) {
2803 TALLOC_FREE(fname_mask);
2804 fname_mask = talloc_strdup(ctx, "*");
2806 status = NT_STATUS_NO_MEMORY;
2811 status = check_name(conn, fname_dir);
2812 if (!NT_STATUS_IS_OK(status)) {
2816 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2818 if (dir_hnd == NULL) {
2819 status = map_nt_error_from_unix(errno);
2823 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2824 the pattern matches against the long name, otherwise the short name
2825 We don't implement this yet XXXX
2828 status = NT_STATUS_NO_SUCH_FILE;
2830 while ((dname = ReadDirName(dir_hnd, &offset,
2831 &smb_fname->st, &talloced))) {
2832 TALLOC_CTX *frame = talloc_stackframe();
2834 if (!is_visible_file(conn, fname_dir, dname,
2835 &smb_fname->st, true)) {
2837 TALLOC_FREE(talloced);
2841 /* Quick check for "." and ".." */
2842 if (ISDOT(dname) || ISDOTDOT(dname)) {
2844 TALLOC_FREE(talloced);
2848 if(!mask_match(dname, fname_mask,
2849 conn->case_sensitive)) {
2851 TALLOC_FREE(talloced);
2855 TALLOC_FREE(smb_fname->base_name);
2856 if (ISDOT(fname_dir)) {
2857 /* Ensure we use canonical names on open. */
2858 smb_fname->base_name =
2859 talloc_asprintf(smb_fname, "%s",
2862 smb_fname->base_name =
2863 talloc_asprintf(smb_fname, "%s/%s",
2867 if (!smb_fname->base_name) {
2868 TALLOC_FREE(dir_hnd);
2869 status = NT_STATUS_NO_MEMORY;
2871 TALLOC_FREE(talloced);
2875 status = check_name(conn, smb_fname->base_name);
2876 if (!NT_STATUS_IS_OK(status)) {
2877 TALLOC_FREE(dir_hnd);
2879 TALLOC_FREE(talloced);
2883 status = do_unlink(conn, req, smb_fname, dirtype);
2884 if (!NT_STATUS_IS_OK(status)) {
2886 TALLOC_FREE(talloced);
2891 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2892 smb_fname->base_name));
2895 TALLOC_FREE(talloced);
2897 TALLOC_FREE(dir_hnd);
2900 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2901 status = map_nt_error_from_unix(errno);
2905 TALLOC_FREE(fname_dir);
2906 TALLOC_FREE(fname_mask);
2910 /****************************************************************************
2912 ****************************************************************************/
2914 void reply_unlink(struct smb_request *req)
2916 connection_struct *conn = req->conn;
2918 struct smb_filename *smb_fname = NULL;
2921 bool path_contains_wcard = False;
2922 TALLOC_CTX *ctx = talloc_tos();
2924 START_PROFILE(SMBunlink);
2927 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2931 dirtype = SVAL(req->vwv+0, 0);
2933 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2934 STR_TERMINATE, &status,
2935 &path_contains_wcard);
2936 if (!NT_STATUS_IS_OK(status)) {
2937 reply_nterror(req, status);
2941 status = filename_convert(ctx, conn,
2942 req->flags2 & FLAGS2_DFS_PATHNAMES,
2944 UCF_COND_ALLOW_WCARD_LCOMP,
2945 &path_contains_wcard,
2947 if (!NT_STATUS_IS_OK(status)) {
2948 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2949 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2950 ERRSRV, ERRbadpath);
2953 reply_nterror(req, status);
2957 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2959 status = unlink_internals(conn, req, dirtype, smb_fname,
2960 path_contains_wcard);
2961 if (!NT_STATUS_IS_OK(status)) {
2962 if (open_was_deferred(req->sconn, req->mid)) {
2963 /* We have re-scheduled this call. */
2966 reply_nterror(req, status);
2970 reply_outbuf(req, 0, 0);
2972 TALLOC_FREE(smb_fname);
2973 END_PROFILE(SMBunlink);
2977 /****************************************************************************
2979 ****************************************************************************/
2981 static void fail_readraw(void)
2983 const char *errstr = talloc_asprintf(talloc_tos(),
2984 "FAIL ! reply_readbraw: socket write fail (%s)",
2989 exit_server_cleanly(errstr);
2992 /****************************************************************************
2993 Fake (read/write) sendfile. Returns -1 on read or write fail.
2994 ****************************************************************************/
2996 ssize_t fake_sendfile(files_struct *fsp, off_t startpos, size_t nread)
2999 size_t tosend = nread;
3006 bufsize = MIN(nread, 65536);
3008 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
3012 while (tosend > 0) {
3016 if (tosend > bufsize) {
3021 ret = read_file(fsp,buf,startpos,cur_read);
3027 /* If we had a short read, fill with zeros. */
3028 if (ret < cur_read) {
3029 memset(buf + ret, '\0', cur_read - ret);
3032 if (write_data(fsp->conn->sconn->sock, buf, cur_read)
3034 char addr[INET6_ADDRSTRLEN];
3036 * Try and give an error message saying what
3039 DEBUG(0, ("write_data failed for client %s. "
3041 get_peer_addr(fsp->conn->sconn->sock, addr,
3048 startpos += cur_read;
3052 return (ssize_t)nread;
3055 /****************************************************************************
3056 Deal with the case of sendfile reading less bytes from the file than
3057 requested. Fill with zeros (all we can do).
3058 ****************************************************************************/
3060 void sendfile_short_send(files_struct *fsp,
3065 #define SHORT_SEND_BUFSIZE 1024
3066 if (nread < headersize) {
3067 DEBUG(0,("sendfile_short_send: sendfile failed to send "
3068 "header for file %s (%s). Terminating\n",
3069 fsp_str_dbg(fsp), strerror(errno)));
3070 exit_server_cleanly("sendfile_short_send failed");
3073 nread -= headersize;
3075 if (nread < smb_maxcnt) {
3076 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
3078 exit_server_cleanly("sendfile_short_send: "
3082 DEBUG(0,("sendfile_short_send: filling truncated file %s "
3083 "with zeros !\n", fsp_str_dbg(fsp)));
3085 while (nread < smb_maxcnt) {
3087 * We asked for the real file size and told sendfile
3088 * to not go beyond the end of the file. But it can
3089 * happen that in between our fstat call and the
3090 * sendfile call the file was truncated. This is very
3091 * bad because we have already announced the larger
3092 * number of bytes to the client.
3094 * The best we can do now is to send 0-bytes, just as
3095 * a read from a hole in a sparse file would do.
3097 * This should happen rarely enough that I don't care
3098 * about efficiency here :-)
3102 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
3103 if (write_data(fsp->conn->sconn->sock, buf, to_write)
3105 char addr[INET6_ADDRSTRLEN];
3107 * Try and give an error message saying what
3110 DEBUG(0, ("write_data failed for client %s. "
3113 fsp->conn->sconn->sock, addr,
3116 exit_server_cleanly("sendfile_short_send: "
3117 "write_data failed");
3125 /****************************************************************************
3126 Return a readbraw error (4 bytes of zero).
3127 ****************************************************************************/
3129 static void reply_readbraw_error(struct smbd_server_connection *sconn)
3135 smbd_lock_socket(sconn);
3136 if (write_data(sconn->sock,header,4) != 4) {
3137 char addr[INET6_ADDRSTRLEN];
3139 * Try and give an error message saying what
3142 DEBUG(0, ("write_data failed for client %s. "
3144 get_peer_addr(sconn->sock, addr, sizeof(addr)),
3149 smbd_unlock_socket(sconn);
3152 /****************************************************************************
3153 Use sendfile in readbraw.
3154 ****************************************************************************/
3156 static void send_file_readbraw(connection_struct *conn,
3157 struct smb_request *req,
3163 struct smbd_server_connection *sconn = req->sconn;
3164 char *outbuf = NULL;
3168 * We can only use sendfile on a non-chained packet
3169 * but we can use on a non-oplocked file. tridge proved this
3170 * on a train in Germany :-). JRA.
3171 * reply_readbraw has already checked the length.
3174 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
3175 (fsp->wcp == NULL) &&
3176 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3177 ssize_t sendfile_read = -1;
3179 DATA_BLOB header_blob;
3181 _smb_setlen(header,nread);
3182 header_blob = data_blob_const(header, 4);
3184 sendfile_read = SMB_VFS_SENDFILE(sconn->sock, fsp,
3185 &header_blob, startpos,
3187 if (sendfile_read == -1) {
3188 /* Returning ENOSYS means no data at all was sent.
3189 * Do this as a normal read. */
3190 if (errno == ENOSYS) {
3191 goto normal_readbraw;
3195 * Special hack for broken Linux with no working sendfile. If we
3196 * return EINTR we sent the header but not the rest of the data.
3197 * Fake this up by doing read/write calls.
3199 if (errno == EINTR) {
3200 /* Ensure we don't do this again. */
3201 set_use_sendfile(SNUM(conn), False);
3202 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
3204 if (fake_sendfile(fsp, startpos, nread) == -1) {
3205 DEBUG(0,("send_file_readbraw: "
3206 "fake_sendfile failed for "
3210 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
3215 DEBUG(0,("send_file_readbraw: sendfile failed for "
3216 "file %s (%s). Terminating\n",
3217 fsp_str_dbg(fsp), strerror(errno)));
3218 exit_server_cleanly("send_file_readbraw sendfile failed");
3219 } else if (sendfile_read == 0) {
3221 * Some sendfile implementations return 0 to indicate
3222 * that there was a short read, but nothing was
3223 * actually written to the socket. In this case,
3224 * fallback to the normal read path so the header gets
3225 * the correct byte count.
3227 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
3228 "bytes falling back to the normal read: "
3229 "%s\n", fsp_str_dbg(fsp)));
3230 goto normal_readbraw;
3233 /* Deal with possible short send. */
3234 if (sendfile_read != 4+nread) {
3235 sendfile_short_send(fsp, sendfile_read, 4, nread);
3242 outbuf = talloc_array(NULL, char, nread+4);
3244 DEBUG(0,("send_file_readbraw: talloc_array failed for size %u.\n",
3245 (unsigned)(nread+4)));
3246 reply_readbraw_error(sconn);
3251 ret = read_file(fsp,outbuf+4,startpos,nread);
3252 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3261 _smb_setlen(outbuf,ret);
3262 if (write_data(sconn->sock, outbuf, 4+ret) != 4+ret) {
3263 char addr[INET6_ADDRSTRLEN];
3265 * Try and give an error message saying what
3268 DEBUG(0, ("write_data failed for client %s. "
3270 get_peer_addr(fsp->conn->sconn->sock, addr,
3277 TALLOC_FREE(outbuf);
3280 /****************************************************************************
3281 Reply to a readbraw (core+ protocol).
3282 ****************************************************************************/
3284 void reply_readbraw(struct smb_request *req)
3286 connection_struct *conn = req->conn;
3287 struct smbd_server_connection *sconn = req->sconn;
3288 ssize_t maxcount,mincount;
3292 struct lock_struct lock;
3295 START_PROFILE(SMBreadbraw);
3297 if (srv_is_signing_active(sconn) || req->encrypted) {
3298 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3299 "raw reads/writes are disallowed.");
3303 reply_readbraw_error(sconn);
3304 END_PROFILE(SMBreadbraw);
3308 if (sconn->smb1.echo_handler.trusted_fde) {
3309 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3310 "'async smb echo handler = yes'\n"));
3311 reply_readbraw_error(sconn);
3312 END_PROFILE(SMBreadbraw);
3317 * Special check if an oplock break has been issued
3318 * and the readraw request croses on the wire, we must
3319 * return a zero length response here.
3322 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3325 * We have to do a check_fsp by hand here, as
3326 * we must always return 4 zero bytes on error,
3330 if (!fsp || !conn || conn != fsp->conn ||
3331 req->vuid != fsp->vuid ||
3332 fsp->is_directory || fsp->fh->fd == -1) {
3334 * fsp could be NULL here so use the value from the packet. JRA.
3336 DEBUG(3,("reply_readbraw: fnum %d not valid "
3338 (int)SVAL(req->vwv+0, 0)));
3339 reply_readbraw_error(sconn);
3340 END_PROFILE(SMBreadbraw);
3344 /* Do a "by hand" version of CHECK_READ. */
3345 if (!(fsp->can_read ||
3346 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3347 (fsp->access_mask & FILE_EXECUTE)))) {
3348 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3349 (int)SVAL(req->vwv+0, 0)));
3350 reply_readbraw_error(sconn);
3351 END_PROFILE(SMBreadbraw);
3355 flush_write_cache(fsp, READRAW_FLUSH);
3357 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3358 if(req->wct == 10) {
3360 * This is a large offset (64 bit) read.
3363 startpos |= (((off_t)IVAL(req->vwv+8, 0)) << 32);
3366 DEBUG(0,("reply_readbraw: negative 64 bit "
3367 "readraw offset (%.0f) !\n",
3368 (double)startpos ));
3369 reply_readbraw_error(sconn);
3370 END_PROFILE(SMBreadbraw);
3375 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3376 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3378 /* ensure we don't overrun the packet size */
3379 maxcount = MIN(65535,maxcount);
3381 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3382 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3385 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3386 reply_readbraw_error(sconn);
3387 END_PROFILE(SMBreadbraw);
3391 if (fsp_stat(fsp) == 0) {
3392 size = fsp->fsp_name->st.st_ex_size;
3395 if (startpos >= size) {
3398 nread = MIN(maxcount,(size - startpos));
3401 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3402 if (nread < mincount)
3406 DEBUG( 3, ( "reply_readbraw: %s start=%.0f max=%lu "
3407 "min=%lu nread=%lu\n",
3408 fsp_fnum_dbg(fsp), (double)startpos,
3409 (unsigned long)maxcount,
3410 (unsigned long)mincount,
3411 (unsigned long)nread ) );
3413 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3415 DEBUG(5,("reply_readbraw finished\n"));
3417 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3419 END_PROFILE(SMBreadbraw);
3424 #define DBGC_CLASS DBGC_LOCKING
3426 /****************************************************************************
3427 Reply to a lockread (core+ protocol).
3428 ****************************************************************************/
3430 void reply_lockread(struct smb_request *req)
3432 connection_struct *conn = req->conn;
3439 struct byte_range_lock *br_lck = NULL;
3441 struct smbd_server_connection *sconn = req->sconn;
3443 START_PROFILE(SMBlockread);
3446 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3447 END_PROFILE(SMBlockread);
3451 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3453 if (!check_fsp(conn, req, fsp)) {
3454 END_PROFILE(SMBlockread);
3458 if (!CHECK_READ(fsp,req)) {
3459 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3460 END_PROFILE(SMBlockread);
3464 numtoread = SVAL(req->vwv+1, 0);
3465 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3467 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3469 reply_outbuf(req, 5, numtoread + 3);
3471 data = smb_buf(req->outbuf) + 3;
3474 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3475 * protocol request that predates the read/write lock concept.
3476 * Thus instead of asking for a read lock here we need to ask
3477 * for a write lock. JRA.
3478 * Note that the requested lock size is unaffected by max_recv.
3481 br_lck = do_lock(req->sconn->msg_ctx,
3483 (uint64_t)req->smbpid,
3484 (uint64_t)numtoread,
3488 False, /* Non-blocking lock. */
3492 TALLOC_FREE(br_lck);
3494 if (NT_STATUS_V(status)) {
3495 reply_nterror(req, status);
3496 END_PROFILE(SMBlockread);
3501 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3504 if (numtoread > sconn->smb1.negprot.max_recv) {
3505 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3506 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3507 (unsigned int)numtoread,
3508 (unsigned int)sconn->smb1.negprot.max_recv));
3509 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3511 nread = read_file(fsp,data,startpos,numtoread);
3514 reply_nterror(req, map_nt_error_from_unix(errno));
3515 END_PROFILE(SMBlockread);
3519 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3521 SSVAL(req->outbuf,smb_vwv0,nread);
3522 SSVAL(req->outbuf,smb_vwv5,nread+3);
3523 p = smb_buf(req->outbuf);
3524 SCVAL(p,0,0); /* pad byte. */
3527 DEBUG(3,("lockread %s num=%d nread=%d\n",
3528 fsp_fnum_dbg(fsp), (int)numtoread, (int)nread));
3530 END_PROFILE(SMBlockread);
3535 #define DBGC_CLASS DBGC_ALL
3537 /****************************************************************************
3539 ****************************************************************************/
3541 void reply_read(struct smb_request *req)
3543 connection_struct *conn = req->conn;
3550 struct lock_struct lock;
3551 struct smbd_server_connection *sconn = req->sconn;
3553 START_PROFILE(SMBread);
3556 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3557 END_PROFILE(SMBread);
3561 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3563 if (!check_fsp(conn, req, fsp)) {
3564 END_PROFILE(SMBread);
3568 if (!CHECK_READ(fsp,req)) {
3569 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3570 END_PROFILE(SMBread);
3574 numtoread = SVAL(req->vwv+1, 0);
3575 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3577 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3580 * The requested read size cannot be greater than max_recv. JRA.
3582 if (numtoread > sconn->smb1.negprot.max_recv) {
3583 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3584 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3585 (unsigned int)numtoread,
3586 (unsigned int)sconn->smb1.negprot.max_recv));
3587 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3590 reply_outbuf(req, 5, numtoread+3);
3592 data = smb_buf(req->outbuf) + 3;
3594 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3595 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3598 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3599 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3600 END_PROFILE(SMBread);
3605 nread = read_file(fsp,data,startpos,numtoread);
3608 reply_nterror(req, map_nt_error_from_unix(errno));
3612 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3614 SSVAL(req->outbuf,smb_vwv0,nread);
3615 SSVAL(req->outbuf,smb_vwv5,nread+3);
3616 SCVAL(smb_buf(req->outbuf),0,1);
3617 SSVAL(smb_buf(req->outbuf),1,nread);
3619 DEBUG(3, ("read %s num=%d nread=%d\n",
3620 fsp_fnum_dbg(fsp), (int)numtoread, (int)nread));
3623 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3625 END_PROFILE(SMBread);
3629 /****************************************************************************
3631 ****************************************************************************/
3633 static int setup_readX_header(struct smb_request *req, char *outbuf,
3638 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3640 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3642 SCVAL(outbuf,smb_vwv0,0xFF);
3643 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3644 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3645 SSVAL(outbuf,smb_vwv6,
3646 (smb_wct - 4) /* offset from smb header to wct */
3647 + 1 /* the wct field */
3648 + 12 * sizeof(uint16_t) /* vwv */
3649 + 2); /* the buflen field */
3650 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3651 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3652 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3653 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3657 /****************************************************************************
3658 Reply to a read and X - possibly using sendfile.
3659 ****************************************************************************/
3661 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3662 files_struct *fsp, off_t startpos,
3666 struct lock_struct lock;
3667 int saved_errno = 0;
3669 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3670 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3673 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3674 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3679 * We can only use sendfile on a non-chained packet
3680 * but we can use on a non-oplocked file. tridge proved this
3681 * on a train in Germany :-). JRA.
3684 if (!req_is_in_chain(req) &&
3686 (fsp->base_fsp == NULL) &&
3687 (fsp->wcp == NULL) &&
3688 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3689 uint8 headerbuf[smb_size + 12 * 2];
3692 if(fsp_stat(fsp) == -1) {
3693 reply_nterror(req, map_nt_error_from_unix(errno));
3697 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3698 (startpos > fsp->fsp_name->st.st_ex_size) ||
3699 (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3701 * We already know that we would do a short read, so don't
3702 * try the sendfile() path.
3704 goto nosendfile_read;
3708 * Set up the packet header before send. We
3709 * assume here the sendfile will work (get the
3710 * correct amount of data).
3713 header = data_blob_const(headerbuf, sizeof(headerbuf));
3715 construct_reply_common_req(req, (char *)headerbuf);
3716 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3718 nread = SMB_VFS_SENDFILE(req->sconn->sock, fsp, &header,
3719 startpos, smb_maxcnt);
3721 /* Returning ENOSYS means no data at all was sent.
3722 Do this as a normal read. */
3723 if (errno == ENOSYS) {
3728 * Special hack for broken Linux with no working sendfile. If we
3729 * return EINTR we sent the header but not the rest of the data.
3730 * Fake this up by doing read/write calls.
3733 if (errno == EINTR) {
3734 /* Ensure we don't do this again. */
3735 set_use_sendfile(SNUM(conn), False);
3736 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3737 nread = fake_sendfile(fsp, startpos,
3740 DEBUG(0,("send_file_readX: "
3741 "fake_sendfile failed for "
3745 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3747 DEBUG(3, ("send_file_readX: fake_sendfile %s max=%d nread=%d\n",
3748 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3749 /* No outbuf here means successful sendfile. */
3753 DEBUG(0,("send_file_readX: sendfile failed for file "
3754 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3756 exit_server_cleanly("send_file_readX sendfile failed");
3757 } else if (nread == 0) {
3759 * Some sendfile implementations return 0 to indicate
3760 * that there was a short read, but nothing was
3761 * actually written to the socket. In this case,
3762 * fallback to the normal read path so the header gets
3763 * the correct byte count.
3765 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3766 "falling back to the normal read: %s\n",
3771 DEBUG(3, ("send_file_readX: sendfile %s max=%d nread=%d\n",
3772 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3774 /* Deal with possible short send. */
3775 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3776 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3778 /* No outbuf here means successful sendfile. */
3779 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3780 SMB_PERFCOUNT_END(&req->pcd);
3786 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3787 uint8 headerbuf[smb_size + 2*12];
3789 construct_reply_common_req(req, (char *)headerbuf);
3790 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3792 /* Send out the header. */
3793 if (write_data(req->sconn->sock, (char *)headerbuf,
3794 sizeof(headerbuf)) != sizeof(headerbuf)) {
3796 char addr[INET6_ADDRSTRLEN];
3798 * Try and give an error message saying what
3801 DEBUG(0, ("write_data failed for client %s. "
3803 get_peer_addr(req->sconn->sock, addr,
3807 DEBUG(0,("send_file_readX: write_data failed for file "
3808 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3810 exit_server_cleanly("send_file_readX sendfile failed");
3812 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3814 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3815 "file %s (%s).\n", fsp_str_dbg(fsp),
3817 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3824 reply_outbuf(req, 12, smb_maxcnt);
3825 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
3826 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
3828 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3829 saved_errno = errno;
3831 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3834 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3838 setup_readX_header(req, (char *)req->outbuf, nread);
3840 DEBUG(3, ("send_file_readX %s max=%d nread=%d\n",
3841 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3845 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3846 TALLOC_FREE(req->outbuf);
3850 /****************************************************************************
3851 Work out how much space we have for a read return.
3852 ****************************************************************************/
3854 static size_t calc_max_read_pdu(const struct smb_request *req)
3856 if (req->sconn->conn->protocol < PROTOCOL_NT1) {
3857 return req->sconn->smb1.sessions.max_send;
3860 if (!lp_large_readwrite()) {
3861 return req->sconn->smb1.sessions.max_send;
3864 if (req_is_in_chain(req)) {
3865 return req->sconn->smb1.sessions.max_send;
3868 if (req->encrypted) {
3870 * Don't take encrypted traffic up to the
3871 * limit. There are padding considerations
3872 * that make that tricky.
3874 return req->sconn->smb1.sessions.max_send;
3877 if (srv_is_signing_active(req->sconn)) {
3881 if (!lp_unix_extensions()) {
3886 * We can do ultra-large POSIX reads.
3891 /****************************************************************************
3892 Calculate how big a read can be. Copes with all clients. It's always
3893 safe to return a short read - Windows does this.
3894 ****************************************************************************/
3896 static size_t calc_read_size(const struct smb_request *req,
3900 size_t max_pdu = calc_max_read_pdu(req);
3901 size_t total_size = 0;
3902 size_t hdr_len = MIN_SMB_SIZE + VWV(12);
3903 size_t max_len = max_pdu - hdr_len;
3906 * Windows explicitly ignores upper size of 0xFFFF.
3907 * See [MS-SMB].pdf <26> Section 2.2.4.2.1:
3908 * We must do the same as these will never fit even in
3909 * an extended size NetBIOS packet.
3911 if (upper_size == 0xFFFF) {
3915 if (req->sconn->conn->protocol < PROTOCOL_NT1) {
3919 total_size = ((upper_size<<16) | lower_size);
3922 * LARGE_READX test shows it's always safe to return
3923 * a short read. Windows does so.
3925 return MIN(total_size, max_len);
3928 /****************************************************************************
3929 Reply to a read and X.
3930 ****************************************************************************/
3932 void reply_read_and_X(struct smb_request *req)
3934 connection_struct *conn = req->conn;
3939 bool big_readX = False;
3941 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3944 START_PROFILE(SMBreadX);
3946 if ((req->wct != 10) && (req->wct != 12)) {
3947 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3951 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3952 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3953 smb_maxcnt = SVAL(req->vwv+5, 0);
3955 /* If it's an IPC, pass off the pipe handler. */
3957 reply_pipe_read_and_X(req);
3958 END_PROFILE(SMBreadX);
3962 if (!check_fsp(conn, req, fsp)) {
3963 END_PROFILE(SMBreadX);
3967 if (!CHECK_READ(fsp,req)) {
3968 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3969 END_PROFILE(SMBreadX);
3973 upper_size = SVAL(req->vwv+7, 0);
3974 smb_maxcnt = calc_read_size(req, upper_size, smb_maxcnt);
3975 if (smb_maxcnt > (0x1FFFF - (MIN_SMB_SIZE + VWV(12)))) {
3977 * This is a heuristic to avoid keeping large
3978 * outgoing buffers around over long-lived aio
3984 if (req->wct == 12) {
3986 * This is a large offset (64 bit) read.
3988 startpos |= (((off_t)IVAL(req->vwv+10, 0)) << 32);
3993 NTSTATUS status = schedule_aio_read_and_X(conn,
3998 if (NT_STATUS_IS_OK(status)) {
3999 /* Read scheduled - we're done. */
4002 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4003 /* Real error - report to client. */
4004 END_PROFILE(SMBreadX);
4005 reply_nterror(req, status);
4008 /* NT_STATUS_RETRY - fall back to sync read. */
4011 smbd_lock_socket(req->sconn);
4012 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
4013 smbd_unlock_socket(req->sconn);
4016 END_PROFILE(SMBreadX);
4020 /****************************************************************************
4021 Error replies to writebraw must have smb_wct == 1. Fix this up.
4022 ****************************************************************************/
4024 void error_to_writebrawerr(struct smb_request *req)
4026 uint8 *old_outbuf = req->outbuf;
4028 reply_outbuf(req, 1, 0);
4030 memcpy(req->outbuf, old_outbuf, smb_size);
4031 TALLOC_FREE(old_outbuf);
4034 /****************************************************************************
4035 Read 4 bytes of a smb packet and return the smb length of the packet.
4036 Store the result in the buffer. This version of the function will
4037 never return a session keepalive (length of zero).
4038 Timeout is in milliseconds.
4039 ****************************************************************************/
4041 static NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
4044 uint8_t msgtype = NBSSkeepalive;
4046 while (msgtype == NBSSkeepalive) {
4049 status = read_smb_length_return_keepalive(fd, inbuf, timeout,
4051 if (!NT_STATUS_IS_OK(status)) {
4052 char addr[INET6_ADDRSTRLEN];
4053 /* Try and give an error message
4054 * saying what client failed. */
4055 DEBUG(0, ("read_fd_with_timeout failed for "
4056 "client %s read error = %s.\n",
4057 get_peer_addr(fd,addr,sizeof(addr)),
4058 nt_errstr(status)));
4062 msgtype = CVAL(inbuf, 0);
4065 DEBUG(10,("read_smb_length: got smb length of %lu\n",
4066 (unsigned long)len));
4068 return NT_STATUS_OK;
4071 /****************************************************************************
4072 Reply to a writebraw (core+ or LANMAN1.0 protocol).
4073 ****************************************************************************/
4075 void reply_writebraw(struct smb_request *req)
4077 connection_struct *conn = req->conn;
4080 ssize_t total_written=0;
4081 size_t numtowrite=0;
4084 const char *data=NULL;
4087 struct lock_struct lock;
4090 START_PROFILE(SMBwritebraw);
4093 * If we ever reply with an error, it must have the SMB command
4094 * type of SMBwritec, not SMBwriteBraw, as this tells the client
4097 SCVAL(discard_const_p(uint8_t, req->inbuf),smb_com,SMBwritec);
4099 if (srv_is_signing_active(req->sconn)) {
4100 END_PROFILE(SMBwritebraw);
4101 exit_server_cleanly("reply_writebraw: SMB signing is active - "
4102 "raw reads/writes are disallowed.");
4105 if (req->wct < 12) {
4106 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4107 error_to_writebrawerr(req);
4108 END_PROFILE(SMBwritebraw);
4112 if (req->sconn->smb1.echo_handler.trusted_fde) {
4113 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
4114 "'async smb echo handler = yes'\n"));
4115 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
4116 error_to_writebrawerr(req);
4117 END_PROFILE(SMBwritebraw);
4121 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4122 if (!check_fsp(conn, req, fsp)) {
4123 error_to_writebrawerr(req);
4124 END_PROFILE(SMBwritebraw);
4128 if (!CHECK_WRITE(fsp)) {
4129 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4130 error_to_writebrawerr(req);
4131 END_PROFILE(SMBwritebraw);
4135 tcount = IVAL(req->vwv+1, 0);
4136 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4137 write_through = BITSETW(req->vwv+7,0);
4139 /* We have to deal with slightly different formats depending
4140 on whether we are using the core+ or lanman1.0 protocol */
4142 if(get_Protocol() <= PROTOCOL_COREPLUS) {
4143 numtowrite = SVAL(smb_buf_const(req->inbuf),-2);
4144 data = smb_buf_const(req->inbuf);
4146 numtowrite = SVAL(req->vwv+10, 0);
4147 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
4150 /* Ensure we don't write bytes past the end of this packet. */
4151 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
4152 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4153 error_to_writebrawerr(req);
4154 END_PROFILE(SMBwritebraw);
4158 if (!fsp->print_file) {
4159 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4160 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
4163 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4164 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4165 error_to_writebrawerr(req);
4166 END_PROFILE(SMBwritebraw);
4172 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4175 DEBUG(3, ("reply_writebraw: initial write %s start=%.0f num=%d "
4176 "wrote=%d sync=%d\n",
4177 fsp_fnum_dbg(fsp), (double)startpos, (int)numtowrite,
4178 (int)nwritten, (int)write_through));
4180 if (nwritten < (ssize_t)numtowrite) {
4181 reply_nterror(req, NT_STATUS_DISK_FULL);
4182 error_to_writebrawerr(req);
4186 total_written = nwritten;
4188 /* Allocate a buffer of 64k + length. */
4189 buf = talloc_array(NULL, char, 65540);
4191 reply_nterror(req, NT_STATUS_NO_MEMORY);
4192 error_to_writebrawerr(req);
4196 /* Return a SMBwritebraw message to the redirector to tell
4197 * it to send more bytes */
4199 memcpy(buf, req->inbuf, smb_size);
4200 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
4201 SCVAL(buf,smb_com,SMBwritebraw);
4202 SSVALS(buf,smb_vwv0,0xFFFF);
4204 if (!srv_send_smb(req->sconn,
4206 false, 0, /* no signing */
4207 IS_CONN_ENCRYPTED(conn),
4209 exit_server_cleanly("reply_writebraw: srv_send_smb "
4213 /* Now read the raw data into the buffer and write it */
4214 status = read_smb_length(req->sconn->sock, buf, SMB_SECONDARY_WAIT,
4216 if (!NT_STATUS_IS_OK(status)) {
4217 exit_server_cleanly("secondary writebraw failed");
4220 /* Set up outbuf to return the correct size */
4221 reply_outbuf(req, 1, 0);
4223 if (numtowrite != 0) {
4225 if (numtowrite > 0xFFFF) {
4226 DEBUG(0,("reply_writebraw: Oversize secondary write "
4227 "raw requested (%u). Terminating\n",
4228 (unsigned int)numtowrite ));
4229 exit_server_cleanly("secondary writebraw failed");
4232 if (tcount > nwritten+numtowrite) {
4233 DEBUG(3,("reply_writebraw: Client overestimated the "
4235 (int)tcount,(int)nwritten,(int)numtowrite));
4238 status = read_data(req->sconn->sock, buf+4, numtowrite);
4240 if (!NT_STATUS_IS_OK(status)) {
4241 char addr[INET6_ADDRSTRLEN];
4242 /* Try and give an error message
4243 * saying what client failed. */
4244 DEBUG(0, ("reply_writebraw: Oversize secondary write "
4245 "raw read failed (%s) for client %s. "
4246 "Terminating\n", nt_errstr(status),
4247 get_peer_addr(req->sconn->sock, addr,
4249 exit_server_cleanly("secondary writebraw failed");
4252 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
4253 if (nwritten == -1) {
4255 reply_nterror(req, map_nt_error_from_unix(errno));
4256 error_to_writebrawerr(req);
4260 if (nwritten < (ssize_t)numtowrite) {
4261 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4262 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4266 total_written += nwritten;
4271 SSVAL(req->outbuf,smb_vwv0,total_written);
4273 status = sync_file(conn, fsp, write_through);
4274 if (!NT_STATUS_IS_OK(status)) {
4275 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
4276 fsp_str_dbg(fsp), nt_errstr(status)));
4277 reply_nterror(req, status);
4278 error_to_writebrawerr(req);
4282 DEBUG(3,("reply_writebraw: secondart write %s start=%.0f num=%d "
4284 fsp_fnum_dbg(fsp), (double)startpos, (int)numtowrite,
4285 (int)total_written));
4287 if (!fsp->print_file) {
4288 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4291 /* We won't return a status if write through is not selected - this
4292 * follows what WfWg does */
4293 END_PROFILE(SMBwritebraw);
4295 if (!write_through && total_written==tcount) {
4297 #if RABBIT_PELLET_FIX
4299 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
4300 * sending a NBSSkeepalive. Thanks to DaveCB at Sun for this.
4303 if (!send_keepalive(req->sconn->sock)) {
4304 exit_server_cleanly("reply_writebraw: send of "
4305 "keepalive failed");
4308 TALLOC_FREE(req->outbuf);
4313 if (!fsp->print_file) {
4314 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4317 END_PROFILE(SMBwritebraw);
4322 #define DBGC_CLASS DBGC_LOCKING
4324 /****************************************************************************
4325 Reply to a writeunlock (core+).
4326 ****************************************************************************/
4328 void reply_writeunlock(struct smb_request *req)
4330 connection_struct *conn = req->conn;
4331 ssize_t nwritten = -1;
4335 NTSTATUS status = NT_STATUS_OK;
4337 struct lock_struct lock;
4338 int saved_errno = 0;
4340 START_PROFILE(SMBwriteunlock);
4343 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4344 END_PROFILE(SMBwriteunlock);
4348 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4350 if (!check_fsp(conn, req, fsp)) {
4351 END_PROFILE(SMBwriteunlock);
4355 if (!CHECK_WRITE(fsp)) {
4356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4357 END_PROFILE(SMBwriteunlock);
4361 numtowrite = SVAL(req->vwv+1, 0);
4362 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4363 data = (const char *)req->buf + 3;
4365 if (!fsp->print_file && numtowrite > 0) {
4366 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4367 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4370 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4371 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4372 END_PROFILE(SMBwriteunlock);
4377 /* The special X/Open SMB protocol handling of
4378 zero length writes is *NOT* done for
4380 if(numtowrite == 0) {
4383 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4384 saved_errno = errno;
4387 status = sync_file(conn, fsp, False /* write through */);
4388 if (!NT_STATUS_IS_OK(status)) {
4389 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4390 fsp_str_dbg(fsp), nt_errstr(status)));
4391 reply_nterror(req, status);
4396 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4400 if((nwritten < numtowrite) && (numtowrite != 0)) {
4401 reply_nterror(req, NT_STATUS_DISK_FULL);
4405 if (numtowrite && !fsp->print_file) {
4406 status = do_unlock(req->sconn->msg_ctx,
4408 (uint64_t)req->smbpid,
4409 (uint64_t)numtowrite,
4413 if (NT_STATUS_V(status)) {
4414 reply_nterror(req, status);
4419 reply_outbuf(req, 1, 0);
4421 SSVAL(req->outbuf,smb_vwv0,nwritten);
4423 DEBUG(3, ("writeunlock %s num=%d wrote=%d\n",
4424 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4427 if (numtowrite && !fsp->print_file) {
4428 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4431 END_PROFILE(SMBwriteunlock);
4436 #define DBGC_CLASS DBGC_ALL
4438 /****************************************************************************
4440 ****************************************************************************/
4442 void reply_write(struct smb_request *req)
4444 connection_struct *conn = req->conn;
4446 ssize_t nwritten = -1;
4450 struct lock_struct lock;
4452 int saved_errno = 0;
4454 START_PROFILE(SMBwrite);
4457 END_PROFILE(SMBwrite);
4458 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4462 /* If it's an IPC, pass off the pipe handler. */
4464 reply_pipe_write(req);
4465 END_PROFILE(SMBwrite);
4469 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4471 if (!check_fsp(conn, req, fsp)) {
4472 END_PROFILE(SMBwrite);
4476 if (!CHECK_WRITE(fsp)) {
4477 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4478 END_PROFILE(SMBwrite);
4482 numtowrite = SVAL(req->vwv+1, 0);
4483 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4484 data = (const char *)req->buf + 3;
4486 if (!fsp->print_file) {
4487 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4488 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4491 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4492 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4493 END_PROFILE(SMBwrite);
4499 * X/Open SMB protocol says that if smb_vwv1 is
4500 * zero then the file size should be extended or
4501 * truncated to the size given in smb_vwv[2-3].
4504 if(numtowrite == 0) {
4506 * This is actually an allocate call, and set EOF. JRA.
4508 nwritten = vfs_allocate_file_space(fsp, (off_t)startpos);
4510 reply_nterror(req, NT_STATUS_DISK_FULL);
4513 nwritten = vfs_set_filelen(fsp, (off_t)startpos);
4515 reply_nterror(req, NT_STATUS_DISK_FULL);
4518 trigger_write_time_update_immediate(fsp);
4520 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4523 status = sync_file(conn, fsp, False);
4524 if (!NT_STATUS_IS_OK(status)) {
4525 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4526 fsp_str_dbg(fsp), nt_errstr(status)));
4527 reply_nterror(req, status);
4532 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4536 if((nwritten == 0) && (numtowrite != 0)) {
4537 reply_nterror(req, NT_STATUS_DISK_FULL);
4541 reply_outbuf(req, 1, 0);
4543 SSVAL(req->outbuf,smb_vwv0,nwritten);
4545 if (nwritten < (ssize_t)numtowrite) {
4546 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4547 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4550 DEBUG(3, ("write %s num=%d wrote=%d\n", fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4553 if (!fsp->print_file) {
4554 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4557 END_PROFILE(SMBwrite);
4561 /****************************************************************************
4562 Ensure a buffer is a valid writeX for recvfile purposes.
4563 ****************************************************************************/
4565 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4566 (2*14) + /* word count (including bcc) */ \
4569 bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
4570 const uint8_t *inbuf)
4573 connection_struct *conn = NULL;
4574 unsigned int doff = 0;
4575 size_t len = smb_len_large(inbuf);
4576 struct smbXsrv_tcon *tcon;
4580 if (is_encrypted_packet(sconn, inbuf)) {
4581 /* Can't do this on encrypted
4586 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4590 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4591 CVAL(inbuf,smb_wct) != 14) {
4592 DEBUG(10,("is_valid_writeX_buffer: chained or "
4593 "invalid word length.\n"));
4597 status = smb1srv_tcon_lookup(sconn->conn, SVAL(inbuf, smb_tid),
4599 if (!NT_STATUS_IS_OK(status)) {
4600 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4603 conn = tcon->compat;
4606 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4609 if (IS_PRINT(conn)) {
4610 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4613 doff = SVAL(inbuf,smb_vwv11);
4615 numtowrite = SVAL(inbuf,smb_vwv10);
4617 if (len > doff && len - doff > 0xFFFF) {
4618 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4621 if (numtowrite == 0) {
4622 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4626 /* Ensure the sizes match up. */
4627 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4628 /* no pad byte...old smbclient :-( */
4629 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4631 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4635 if (len - doff != numtowrite) {
4636 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4637 "len = %u, doff = %u, numtowrite = %u\n",
4640 (unsigned int)numtowrite ));
4644 DEBUG(10,("is_valid_writeX_buffer: true "
4645 "len = %u, doff = %u, numtowrite = %u\n",
4648 (unsigned int)numtowrite ));
4653 /****************************************************************************
4654 Reply to a write and X.
4655 ****************************************************************************/
4657 void reply_write_and_X(struct smb_request *req)
4659 connection_struct *conn = req->conn;
4661 struct lock_struct lock;
4666 unsigned int smb_doff;
4667 unsigned int smblen;
4670 int saved_errno = 0;
4672 START_PROFILE(SMBwriteX);
4674 if ((req->wct != 12) && (req->wct != 14)) {
4675 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4679 numtowrite = SVAL(req->vwv+10, 0);
4680 smb_doff = SVAL(req->vwv+11, 0);
4681 smblen = smb_len(req->inbuf);
4683 if (req->unread_bytes > 0xFFFF ||
4684 (smblen > smb_doff &&
4685 smblen - smb_doff > 0xFFFF)) {
4686 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4689 if (req->unread_bytes) {
4690 /* Can't do a recvfile write on IPC$ */
4692 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4695 if (numtowrite != req->unread_bytes) {
4696 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4700 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4701 smb_doff + numtowrite > smblen) {
4702 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4707 /* If it's an IPC, pass off the pipe handler. */
4709 if (req->unread_bytes) {
4710 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4713 reply_pipe_write_and_X(req);
4717 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4718 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4719 write_through = BITSETW(req->vwv+7,0);
4721 if (!check_fsp(conn, req, fsp)) {
4725 if (!CHECK_WRITE(fsp)) {
4726 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4730 data = smb_base(req->inbuf) + smb_doff;
4732 if(req->wct == 14) {
4734 * This is a large offset (64 bit) write.
4736 startpos |= (((off_t)IVAL(req->vwv+12, 0)) << 32);
4740 /* X/Open SMB protocol says that, unlike SMBwrite
4741 if the length is zero then NO truncation is
4742 done, just a write of zero. To truncate a file,
4745 if(numtowrite == 0) {
4748 if (req->unread_bytes == 0) {
4749 status = schedule_aio_write_and_X(conn,
4756 if (NT_STATUS_IS_OK(status)) {
4757 /* write scheduled - we're done. */
4760 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4761 /* Real error - report to client. */
4762 reply_nterror(req, status);
4765 /* NT_STATUS_RETRY - fall through to sync write. */
4768 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4769 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4772 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4773 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4777 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4778 saved_errno = errno;
4780 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4784 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4788 if((nwritten == 0) && (numtowrite != 0)) {
4789 reply_nterror(req, NT_STATUS_DISK_FULL);
4793 reply_outbuf(req, 6, 0);
4794 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
4795 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
4796 SSVAL(req->outbuf,smb_vwv2,nwritten);
4797 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4799 DEBUG(3,("writeX %s num=%d wrote=%d\n",
4800 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4802 status = sync_file(conn, fsp, write_through);
4803 if (!NT_STATUS_IS_OK(status)) {
4804 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4805 fsp_str_dbg(fsp), nt_errstr(status)));
4806 reply_nterror(req, status);
4810 END_PROFILE(SMBwriteX);
4814 if (req->unread_bytes) {
4815 /* writeX failed. drain socket. */
4816 if (drain_socket(req->sconn->sock, req->unread_bytes) !=
4817 req->unread_bytes) {
4818 smb_panic("failed to drain pending bytes");
4820 req->unread_bytes = 0;
4823 END_PROFILE(SMBwriteX);
4827 /****************************************************************************
4829 ****************************************************************************/
4831 void reply_lseek(struct smb_request *req)
4833 connection_struct *conn = req->conn;
4839 START_PROFILE(SMBlseek);
4842 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4843 END_PROFILE(SMBlseek);
4847 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4849 if (!check_fsp(conn, req, fsp)) {
4853 flush_write_cache(fsp, SEEK_FLUSH);
4855 mode = SVAL(req->vwv+1, 0) & 3;
4856 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4857 startpos = (off_t)IVALS(req->vwv+2, 0);
4866 res = fsp->fh->pos + startpos;
4877 if (umode == SEEK_END) {
4878 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4879 if(errno == EINVAL) {
4880 off_t current_pos = startpos;
4882 if(fsp_stat(fsp) == -1) {
4884 map_nt_error_from_unix(errno));
4885 END_PROFILE(SMBlseek);
4889 current_pos += fsp->fsp_name->st.st_ex_size;
4891 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4896 reply_nterror(req, map_nt_error_from_unix(errno));
4897 END_PROFILE(SMBlseek);
4904 reply_outbuf(req, 2, 0);
4905 SIVAL(req->outbuf,smb_vwv0,res);
4907 DEBUG(3,("lseek %s ofs=%.0f newpos = %.0f mode=%d\n",
4908 fsp_fnum_dbg(fsp), (double)startpos, (double)res, mode));
4910 END_PROFILE(SMBlseek);
4914 /****************************************************************************
4916 ****************************************************************************/
4918 void reply_flush(struct smb_request *req)
4920 connection_struct *conn = req->conn;
4924 START_PROFILE(SMBflush);
4927 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4931 fnum = SVAL(req->vwv+0, 0);
4932 fsp = file_fsp(req, fnum);
4934 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4939 file_sync_all(conn);
4941 NTSTATUS status = sync_file(conn, fsp, True);
4942 if (!NT_STATUS_IS_OK(status)) {
4943 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4944 fsp_str_dbg(fsp), nt_errstr(status)));
4945 reply_nterror(req, status);
4946 END_PROFILE(SMBflush);
4951 reply_outbuf(req, 0, 0);
4953 DEBUG(3,("flush\n"));
4954 END_PROFILE(SMBflush);
4958 /****************************************************************************
4960 conn POINTER CAN BE NULL HERE !
4961 ****************************************************************************/
4963 void reply_exit(struct smb_request *req)
4965 START_PROFILE(SMBexit);
4967 file_close_pid(req->sconn, req->smbpid, req->vuid);
4969 reply_outbuf(req, 0, 0);
4971 DEBUG(3,("exit\n"));
4973 END_PROFILE(SMBexit);
4977 struct reply_close_state {
4979 struct smb_request *smbreq;
4982 static void do_smb1_close(struct tevent_req *req);
4984 void reply_close(struct smb_request *req)
4986 connection_struct *conn = req->conn;
4987 NTSTATUS status = NT_STATUS_OK;
4988 files_struct *fsp = NULL;
4989 START_PROFILE(SMBclose);
4992 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4993 END_PROFILE(SMBclose);
4997 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5000 * We can only use check_fsp if we know it's not a directory.
5003 if (!check_fsp_open(conn, req, fsp)) {
5004 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
5005 END_PROFILE(SMBclose);
5009 DEBUG(3, ("Close %s fd=%d %s (numopen=%d)\n",
5010 fsp->is_directory ? "directory" : "file",
5011 fsp->fh->fd, fsp_fnum_dbg(fsp),
5012 conn->num_files_open));
5014 if (!fsp->is_directory) {
5018 * Take care of any time sent in the close.
5021 t = srv_make_unix_date3(req->vwv+1);
5022 set_close_write_time(fsp, convert_time_t_to_timespec(t));
5025 if (fsp->num_aio_requests != 0) {
5027 struct reply_close_state *state;
5029 DEBUG(10, ("closing with aio %u requests pending\n",
5030 fsp->num_aio_requests));
5033 * We depend on the aio_extra destructor to take care of this
5034 * close request once fsp->num_aio_request drops to 0.
5037 fsp->deferred_close = tevent_wait_send(
5038 fsp, fsp->conn->sconn->ev_ctx);
5039 if (fsp->deferred_close == NULL) {
5040 status = NT_STATUS_NO_MEMORY;
5044 state = talloc(fsp, struct reply_close_state);
5045 if (state == NULL) {
5046 TALLOC_FREE(fsp->deferred_close);
5047 status = NT_STATUS_NO_MEMORY;
5051 state->smbreq = talloc_move(fsp, &req);
5052 tevent_req_set_callback(fsp->deferred_close, do_smb1_close,
5054 END_PROFILE(SMBclose);
5059 * close_file() returns the unix errno if an error was detected on
5060 * close - normally this is due to a disk full error. If not then it
5061 * was probably an I/O error.
5064 status = close_file(req, fsp, NORMAL_CLOSE);
5066 if (!NT_STATUS_IS_OK(status)) {
5067 reply_nterror(req, status);
5068 END_PROFILE(SMBclose);
5072 reply_outbuf(req, 0, 0);
5073 END_PROFILE(SMBclose);
5077 static void do_smb1_close(struct tevent_req *req)
5079 struct reply_close_state *state = tevent_req_callback_data(
5080 req, struct reply_close_state);
5081 struct smb_request *smbreq;
5085 ret = tevent_wait_recv(req);
5088 DEBUG(10, ("tevent_wait_recv returned %s\n",
5091 * Continue anyway, this should never happen
5096 * fsp->smb2_close_request right now is a talloc grandchild of
5097 * fsp. When we close_file(fsp), it would go with it. No chance to
5100 smbreq = talloc_move(talloc_tos(), &state->smbreq);
5102 status = close_file(smbreq, state->fsp, NORMAL_CLOSE);
5103 if (NT_STATUS_IS_OK(status)) {
5104 reply_outbuf(smbreq, 0, 0);
5106 reply_nterror(smbreq, status);
5108 if (!srv_send_smb(smbreq->sconn,
5109 (char *)smbreq->outbuf,
5112 IS_CONN_ENCRYPTED(smbreq->conn)||smbreq->encrypted,
5114 exit_server_cleanly("handle_aio_read_complete: srv_send_smb "
5117 TALLOC_FREE(smbreq);
5120 /****************************************************************************
5121 Reply to a writeclose (Core+ protocol).
5122 ****************************************************************************/
5124 void reply_writeclose(struct smb_request *req)
5126 connection_struct *conn = req->conn;
5128 ssize_t nwritten = -1;
5129 NTSTATUS close_status = NT_STATUS_OK;
5132 struct timespec mtime;
5134 struct lock_struct lock;
5136 START_PROFILE(SMBwriteclose);
5139 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5140 END_PROFILE(SMBwriteclose);
5144 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5146 if (!check_fsp(conn, req, fsp)) {
5147 END_PROFILE(SMBwriteclose);
5150 if (!CHECK_WRITE(fsp)) {
5151 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5152 END_PROFILE(SMBwriteclose);
5156 numtowrite = SVAL(req->vwv+1, 0);
5157 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
5158 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
5159 data = (const char *)req->buf + 1;
5161 if (!fsp->print_file) {
5162 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
5163 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
5166 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
5167 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
5168 END_PROFILE(SMBwriteclose);
5173 nwritten = write_file(req,fsp,data,startpos,numtowrite);
5175 set_close_write_time(fsp, mtime);
5178 * More insanity. W2K only closes the file if writelen > 0.
5183 DEBUG(3,("reply_writeclose: zero length write doesn't close "
5184 "file %s\n", fsp_str_dbg(fsp)));
5185 close_status = close_file(req, fsp, NORMAL_CLOSE);
5188 DEBUG(3,("writeclose %s num=%d wrote=%d (numopen=%d)\n",
5189 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten,
5190 conn->num_files_open));
5192 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
5193 reply_nterror(req, NT_STATUS_DISK_FULL);
5197 if(!NT_STATUS_IS_OK(close_status)) {
5198 reply_nterror(req, close_status);
5202 reply_outbuf(req, 1, 0);
5204 SSVAL(req->outbuf,smb_vwv0,nwritten);
5207 if (numtowrite && !fsp->print_file) {
5208 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
5211 END_PROFILE(SMBwriteclose);
5216 #define DBGC_CLASS DBGC_LOCKING
5218 /****************************************************************************
5220 ****************************************************************************/
5222 void reply_lock(struct smb_request *req)
5224 connection_struct *conn = req->conn;
5225 uint64_t count,offset;
5228 struct byte_range_lock *br_lck = NULL;
5230 START_PROFILE(SMBlock);
5233 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5234 END_PROFILE(SMBlock);
5238 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5240 if (!check_fsp(conn, req, fsp)) {
5241 END_PROFILE(SMBlock);
5245 count = (uint64_t)IVAL(req->vwv+1, 0);
5246 offset = (uint64_t)IVAL(req->vwv+3, 0);
5248 DEBUG(3,("lock fd=%d %s offset=%.0f count=%.0f\n",
5249 fsp->fh->fd, fsp_fnum_dbg(fsp), (double)offset, (double)count));
5251 br_lck = do_lock(req->sconn->msg_ctx,
5253 (uint64_t)req->smbpid,
5258 False, /* Non-blocking lock. */
5263 TALLOC_FREE(br_lck);
5265 if (NT_STATUS_V(status)) {
5266 reply_nterror(req, status);
5267 END_PROFILE(SMBlock);
5271 reply_outbuf(req, 0, 0);
5273 END_PROFILE(SMBlock);
5277 /****************************************************************************
5279 ****************************************************************************/
5281 void reply_unlock(struct smb_request *req)
5283 connection_struct *conn = req->conn;
5284 uint64_t count,offset;
5288 START_PROFILE(SMBunlock);
5291 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5292 END_PROFILE(SMBunlock);
5296 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5298 if (!check_fsp(conn, req, fsp)) {
5299 END_PROFILE(SMBunlock);
5303 count = (uint64_t)IVAL(req->vwv+1, 0);
5304 offset = (uint64_t)IVAL(req->vwv+3, 0);
5306 status = do_unlock(req->sconn->msg_ctx,
5308 (uint64_t)req->smbpid,
5313 if (NT_STATUS_V(status)) {
5314 reply_nterror(req, status);
5315 END_PROFILE(SMBunlock);
5319 DEBUG( 3, ( "unlock fd=%d %s offset=%.0f count=%.0f\n",
5320 fsp->fh->fd, fsp_fnum_dbg(fsp), (double)offset, (double)count ) );
5322 reply_outbuf(req, 0, 0);
5324 END_PROFILE(SMBunlock);
5329 #define DBGC_CLASS DBGC_ALL
5331 /****************************************************************************
5333 conn POINTER CAN BE NULL HERE !
5334 ****************************************************************************/
5336 void reply_tdis(struct smb_request *req)
5339 connection_struct *conn = req->conn;
5340 struct smbXsrv_tcon *tcon;
5342 START_PROFILE(SMBtdis);
5345 DEBUG(4,("Invalid connection in tdis\n"));
5346 reply_force_doserror(req, ERRSRV, ERRinvnid);
5347 END_PROFILE(SMBtdis);
5355 * TODO: cancel all outstanding requests on the tcon
5357 status = smbXsrv_tcon_disconnect(tcon, req->vuid);
5358 if (!NT_STATUS_IS_OK(status)) {
5359 DEBUG(0, ("reply_tdis: "
5360 "smbXsrv_tcon_disconnect() failed: %s\n",
5361 nt_errstr(status)));
5363 * If we hit this case, there is something completely
5364 * wrong, so we better disconnect the transport connection.
5366 END_PROFILE(SMBtdis);
5367 exit_server(__location__ ": smbXsrv_tcon_disconnect failed");
5373 reply_outbuf(req, 0, 0);
5374 END_PROFILE(SMBtdis);
5378 /****************************************************************************
5380 conn POINTER CAN BE NULL HERE !
5381 ****************************************************************************/
5383 void reply_echo(struct smb_request *req)
5385 connection_struct *conn = req->conn;
5386 struct smb_perfcount_data local_pcd;
5387 struct smb_perfcount_data *cur_pcd;
5391 START_PROFILE(SMBecho);
5393 smb_init_perfcount_data(&local_pcd);
5396 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5397 END_PROFILE(SMBecho);
5401 smb_reverb = SVAL(req->vwv+0, 0);
5403 reply_outbuf(req, 1, req->buflen);
5405 /* copy any incoming data back out */
5406 if (req->buflen > 0) {
5407 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5410 if (smb_reverb > 100) {
5411 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5415 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5417 /* this makes sure we catch the request pcd */
5418 if (seq_num == smb_reverb) {
5419 cur_pcd = &req->pcd;
5421 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5422 cur_pcd = &local_pcd;
5425 SSVAL(req->outbuf,smb_vwv0,seq_num);
5427 show_msg((char *)req->outbuf);
5428 if (!srv_send_smb(req->sconn,
5429 (char *)req->outbuf,
5430 true, req->seqnum+1,
5431 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5433 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5436 DEBUG(3,("echo %d times\n", smb_reverb));
5438 TALLOC_FREE(req->outbuf);
5440 END_PROFILE(SMBecho);
5444 /****************************************************************************
5445 Reply to a printopen.
5446 ****************************************************************************/
5448 void reply_printopen(struct smb_request *req)
5450 connection_struct *conn = req->conn;
5454 START_PROFILE(SMBsplopen);
5457 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5458 END_PROFILE(SMBsplopen);
5462 if (!CAN_PRINT(conn)) {
5463 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5464 END_PROFILE(SMBsplopen);
5468 status = file_new(req, conn, &fsp);
5469 if(!NT_STATUS_IS_OK(status)) {
5470 reply_nterror(req, status);
5471 END_PROFILE(SMBsplopen);
5475 /* Open for exclusive use, write only. */
5476 status = print_spool_open(fsp, NULL, req->vuid);
5478 if (!NT_STATUS_IS_OK(status)) {
5479 file_free(req, fsp);
5480 reply_nterror(req, status);
5481 END_PROFILE(SMBsplopen);
5485 reply_outbuf(req, 1, 0);
5486 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5488 DEBUG(3,("openprint fd=%d %s\n",
5489 fsp->fh->fd, fsp_fnum_dbg(fsp)));
5491 END_PROFILE(SMBsplopen);
5495 /****************************************************************************
5496 Reply to a printclose.
5497 ****************************************************************************/
5499 void reply_printclose(struct smb_request *req)
5501 connection_struct *conn = req->conn;
5505 START_PROFILE(SMBsplclose);
5508 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5509 END_PROFILE(SMBsplclose);
5513 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5515 if (!check_fsp(conn, req, fsp)) {
5516 END_PROFILE(SMBsplclose);
5520 if (!CAN_PRINT(conn)) {
5521 reply_force_doserror(req, ERRSRV, ERRerror);
5522 END_PROFILE(SMBsplclose);
5526 DEBUG(3,("printclose fd=%d %s\n",
5527 fsp->fh->fd, fsp_fnum_dbg(fsp)));
5529 status = close_file(req, fsp, NORMAL_CLOSE);
5531 if(!NT_STATUS_IS_OK(status)) {
5532 reply_nterror(req, status);
5533 END_PROFILE(SMBsplclose);
5537 reply_outbuf(req, 0, 0);
5539 END_PROFILE(SMBsplclose);
5543 /****************************************************************************
5544 Reply to a printqueue.
5545 ****************************************************************************/
5547 void reply_printqueue(struct smb_request *req)
5549 connection_struct *conn = req->conn;
5553 START_PROFILE(SMBsplretq);
5556 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5557 END_PROFILE(SMBsplretq);
5561 max_count = SVAL(req->vwv+0, 0);
5562 start_index = SVAL(req->vwv+1, 0);
5564 /* we used to allow the client to get the cnum wrong, but that
5565 is really quite gross and only worked when there was only
5566 one printer - I think we should now only accept it if they
5567 get it right (tridge) */
5568 if (!CAN_PRINT(conn)) {
5569 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5570 END_PROFILE(SMBsplretq);
5574 reply_outbuf(req, 2, 3);
5575 SSVAL(req->outbuf,smb_vwv0,0);
5576 SSVAL(req->outbuf,smb_vwv1,0);
5577 SCVAL(smb_buf(req->outbuf),0,1);
5578 SSVAL(smb_buf(req->outbuf),1,0);
5580 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5581 start_index, max_count));
5584 TALLOC_CTX *mem_ctx = talloc_tos();
5587 const char *sharename = lp_servicename(mem_ctx, SNUM(conn));
5588 struct rpc_pipe_client *cli = NULL;
5589 struct dcerpc_binding_handle *b = NULL;
5590 struct policy_handle handle;
5591 struct spoolss_DevmodeContainer devmode_ctr;
5592 union spoolss_JobInfo *info;
5594 uint32_t num_to_get;
5598 ZERO_STRUCT(handle);
5600 status = rpc_pipe_open_interface(conn,
5601 &ndr_table_spoolss.syntax_id,
5603 conn->sconn->remote_address,
5604 conn->sconn->msg_ctx,
5606 if (!NT_STATUS_IS_OK(status)) {
5607 DEBUG(0, ("reply_printqueue: "
5608 "could not connect to spoolss: %s\n",
5609 nt_errstr(status)));
5610 reply_nterror(req, status);
5613 b = cli->binding_handle;
5615 ZERO_STRUCT(devmode_ctr);
5617 status = dcerpc_spoolss_OpenPrinter(b, mem_ctx,
5620 SEC_FLAG_MAXIMUM_ALLOWED,
5623 if (!NT_STATUS_IS_OK(status)) {
5624 reply_nterror(req, status);
5627 if (!W_ERROR_IS_OK(werr)) {
5628 reply_nterror(req, werror_to_ntstatus(werr));
5632 werr = rpccli_spoolss_enumjobs(cli, mem_ctx,
5640 if (!W_ERROR_IS_OK(werr)) {
5641 reply_nterror(req, werror_to_ntstatus(werr));
5645 if (max_count > 0) {
5646 first = start_index;
5648 first = start_index + max_count + 1;
5651 if (first >= count) {
5654 num_to_get = first + MIN(ABS(max_count), count - first);
5657 for (i = first; i < num_to_get; i++) {
5660 time_t qtime = spoolss_Time_to_time_t(&info[i].info2.submitted);
5662 uint16_t qrapjobid = pjobid_to_rap(sharename,
5663 info[i].info2.job_id);
5665 if (info[i].info2.status == JOB_STATUS_PRINTING) {
5671 srv_put_dos_date2(p, 0, qtime);
5672 SCVAL(p, 4, qstatus);
5673 SSVAL(p, 5, qrapjobid);
5674 SIVAL(p, 7, info[i].info2.size);
5676 srvstr_push(blob, req->flags2, p+12,
5677 info[i].info2.notify_name, 16, STR_ASCII);
5679 if (message_push_blob(
5682 blob, sizeof(blob))) == -1) {
5683 reply_nterror(req, NT_STATUS_NO_MEMORY);
5689 SSVAL(req->outbuf,smb_vwv0,count);
5690 SSVAL(req->outbuf,smb_vwv1,
5691 (max_count>0?first+count:first-1));
5692 SCVAL(smb_buf(req->outbuf),0,1);
5693 SSVAL(smb_buf(req->outbuf),1,28*count);
5697 DEBUG(3, ("%u entries returned in queue\n",
5701 if (b && is_valid_policy_hnd(&handle)) {
5702 dcerpc_spoolss_ClosePrinter(b, mem_ctx, &handle, &werr);
5707 END_PROFILE(SMBsplretq);
5711 /****************************************************************************
5712 Reply to a printwrite.
5713 ****************************************************************************/
5715 void reply_printwrite(struct smb_request *req)
5717 connection_struct *conn = req->conn;
5722 START_PROFILE(SMBsplwr);
5725 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5726 END_PROFILE(SMBsplwr);
5730 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5732 if (!check_fsp(conn, req, fsp)) {
5733 END_PROFILE(SMBsplwr);
5737 if (!fsp->print_file) {
5738 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5739 END_PROFILE(SMBsplwr);
5743 if (!CHECK_WRITE(fsp)) {
5744 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5745 END_PROFILE(SMBsplwr);
5749 numtowrite = SVAL(req->buf, 1);
5751 if (req->buflen < numtowrite + 3) {
5752 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5753 END_PROFILE(SMBsplwr);
5757 data = (const char *)req->buf + 3;
5759 if (write_file(req,fsp,data,(off_t)-1,numtowrite) != numtowrite) {
5760 reply_nterror(req, map_nt_error_from_unix(errno));
5761 END_PROFILE(SMBsplwr);
5765 DEBUG(3, ("printwrite %s num=%d\n", fsp_fnum_dbg(fsp), numtowrite));
5767 END_PROFILE(SMBsplwr);
5771 /****************************************************************************
5773 ****************************************************************************/
5775 void reply_mkdir(struct smb_request *req)
5777 connection_struct *conn = req->conn;
5778 struct smb_filename *smb_dname = NULL;
5779 char *directory = NULL;
5781 TALLOC_CTX *ctx = talloc_tos();
5783 START_PROFILE(SMBmkdir);
5785 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5786 STR_TERMINATE, &status);
5787 if (!NT_STATUS_IS_OK(status)) {
5788 reply_nterror(req, status);
5792 status = filename_convert(ctx, conn,
5793 req->flags2 & FLAGS2_DFS_PATHNAMES,
5798 if (!NT_STATUS_IS_OK(status)) {
5799 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5800 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5801 ERRSRV, ERRbadpath);
5804 reply_nterror(req, status);
5808 status = create_directory(conn, req, smb_dname);
5810 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5812 if (!NT_STATUS_IS_OK(status)) {
5814 if (!use_nt_status()
5815 && NT_STATUS_EQUAL(status,
5816 NT_STATUS_OBJECT_NAME_COLLISION)) {
5818 * Yes, in the DOS error code case we get a
5819 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5820 * samba4 torture test.
5822 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5825 reply_nterror(req, status);
5829 reply_outbuf(req, 0, 0);
5831 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5833 TALLOC_FREE(smb_dname);
5834 END_PROFILE(SMBmkdir);
5838 /****************************************************************************
5840 ****************************************************************************/
5842 void reply_rmdir(struct smb_request *req)
5844 connection_struct *conn = req->conn;
5845 struct smb_filename *smb_dname = NULL;
5846 char *directory = NULL;
5848 TALLOC_CTX *ctx = talloc_tos();
5849 files_struct *fsp = NULL;
5851 struct smbd_server_connection *sconn = req->sconn;
5853 START_PROFILE(SMBrmdir);
5855 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5856 STR_TERMINATE, &status);
5857 if (!NT_STATUS_IS_OK(status)) {
5858 reply_nterror(req, status);
5862 status = filename_convert(ctx, conn,
5863 req->flags2 & FLAGS2_DFS_PATHNAMES,
5868 if (!NT_STATUS_IS_OK(status)) {
5869 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5870 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5871 ERRSRV, ERRbadpath);
5874 reply_nterror(req, status);
5878 if (is_ntfs_stream_smb_fname(smb_dname)) {
5879 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5883 status = SMB_VFS_CREATE_FILE(
5886 0, /* root_dir_fid */
5887 smb_dname, /* fname */
5888 DELETE_ACCESS, /* access_mask */
5889 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5891 FILE_OPEN, /* create_disposition*/
5892 FILE_DIRECTORY_FILE, /* create_options */
5893 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5894 0, /* oplock_request */
5895 0, /* allocation_size */
5896 0, /* private_flags */
5902 if (!NT_STATUS_IS_OK(status)) {
5903 if (open_was_deferred(req->sconn, req->mid)) {
5904 /* We have re-scheduled this call. */
5907 reply_nterror(req, status);
5911 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5912 if (!NT_STATUS_IS_OK(status)) {
5913 close_file(req, fsp, ERROR_CLOSE);
5914 reply_nterror(req, status);
5918 if (!set_delete_on_close(fsp, true,
5919 conn->session_info->security_token,
5920 conn->session_info->unix_token)) {
5921 close_file(req, fsp, ERROR_CLOSE);
5922 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5926 status = close_file(req, fsp, NORMAL_CLOSE);
5927 if (!NT_STATUS_IS_OK(status)) {
5928 reply_nterror(req, status);
5930 reply_outbuf(req, 0, 0);
5933 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5935 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5937 TALLOC_FREE(smb_dname);
5938 END_PROFILE(SMBrmdir);
5942 /*******************************************************************
5943 Resolve wildcards in a filename rename.
5944 ********************************************************************/
5946 static bool resolve_wildcards(TALLOC_CTX *ctx,
5951 char *name2_copy = NULL;
5956 char *p,*p2, *pname1, *pname2;
5958 name2_copy = talloc_strdup(ctx, name2);
5963 pname1 = strrchr_m(name1,'/');
5964 pname2 = strrchr_m(name2_copy,'/');
5966 if (!pname1 || !pname2) {
5970 /* Truncate the copy of name2 at the last '/' */
5973 /* Now go past the '/' */
5977 root1 = talloc_strdup(ctx, pname1);
5978 root2 = talloc_strdup(ctx, pname2);
5980 if (!root1 || !root2) {
5984 p = strrchr_m(root1,'.');
5987 ext1 = talloc_strdup(ctx, p+1);
5989 ext1 = talloc_strdup(ctx, "");
5991 p = strrchr_m(root2,'.');
5994 ext2 = talloc_strdup(ctx, p+1);
5996 ext2 = talloc_strdup(ctx, "");
5999 if (!ext1 || !ext2) {
6007 /* Hmmm. Should this be mb-aware ? */
6010 } else if (*p2 == '*') {
6012 root2 = talloc_asprintf(ctx, "%s%s",
6031 /* Hmmm. Should this be mb-aware ? */
6034 } else if (*p2 == '*') {
6036 ext2 = talloc_asprintf(ctx, "%s%s",
6052 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
6057 *pp_newname = talloc_asprintf(ctx, "%s/%s",
6069 /****************************************************************************
6070 Ensure open files have their names updated. Updated to notify other smbd's
6072 ****************************************************************************/
6074 static void rename_open_files(connection_struct *conn,
6075 struct share_mode_lock *lck,
6076 uint32_t orig_name_hash,
6077 const struct smb_filename *smb_fname_dst)
6080 bool did_rename = False;
6082 uint32_t new_name_hash = 0;
6084 for(fsp = file_find_di_first(conn->sconn, lck->data->id); fsp;
6085 fsp = file_find_di_next(fsp)) {
6086 /* fsp_name is a relative path under the fsp. To change this for other
6087 sharepaths we need to manipulate relative paths. */
6088 /* TODO - create the absolute path and manipulate the newname
6089 relative to the sharepath. */
6090 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
6093 if (fsp->name_hash != orig_name_hash) {
6096 DEBUG(10, ("rename_open_files: renaming file %s "
6097 "(file_id %s) from %s -> %s\n", fsp_fnum_dbg(fsp),
6098 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
6099 smb_fname_str_dbg(smb_fname_dst)));
6101 status = fsp_set_smb_fname(fsp, smb_fname_dst);
6102 if (NT_STATUS_IS_OK(status)) {
6104 new_name_hash = fsp->name_hash;
6109 DEBUG(10, ("rename_open_files: no open files on file_id %s "
6110 "for %s\n", file_id_string_tos(&lck->data->id),
6111 smb_fname_str_dbg(smb_fname_dst)));
6114 /* Send messages to all smbd's (not ourself) that the name has changed. */
6115 rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
6116 orig_name_hash, new_name_hash,
6121 /****************************************************************************
6122 We need to check if the source path is a parent directory of the destination
6123 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
6124 refuse the rename with a sharing violation. Under UNIX the above call can
6125 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
6126 probably need to check that the client is a Windows one before disallowing
6127 this as a UNIX client (one with UNIX extensions) can know the source is a
6128 symlink and make this decision intelligently. Found by an excellent bug
6129 report from <AndyLiebman@aol.com>.
6130 ****************************************************************************/
6132 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
6133 const struct smb_filename *smb_fname_dst)
6135 const char *psrc = smb_fname_src->base_name;
6136 const char *pdst = smb_fname_dst->base_name;
6139 if (psrc[0] == '.' && psrc[1] == '/') {
6142 if (pdst[0] == '.' && pdst[1] == '/') {
6145 if ((slen = strlen(psrc)) > strlen(pdst)) {
6148 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
6152 * Do the notify calls from a rename
6155 static void notify_rename(connection_struct *conn, bool is_dir,
6156 const struct smb_filename *smb_fname_src,
6157 const struct smb_filename *smb_fname_dst)
6159 char *parent_dir_src = NULL;
6160 char *parent_dir_dst = NULL;
6163 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
6164 : FILE_NOTIFY_CHANGE_FILE_NAME;
6166 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
6167 &parent_dir_src, NULL) ||
6168 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
6169 &parent_dir_dst, NULL)) {
6173 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
6174 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
6175 smb_fname_src->base_name);
6176 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
6177 smb_fname_dst->base_name);
6180 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
6181 smb_fname_src->base_name);
6182 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
6183 smb_fname_dst->base_name);
6186 /* this is a strange one. w2k3 gives an additional event for
6187 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
6188 files, but not directories */
6190 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
6191 FILE_NOTIFY_CHANGE_ATTRIBUTES
6192 |FILE_NOTIFY_CHANGE_CREATION,
6193 smb_fname_dst->base_name);
6196 TALLOC_FREE(parent_dir_src);
6197 TALLOC_FREE(parent_dir_dst);
6200 /****************************************************************************
6201 Returns an error if the parent directory for a filename is open in an
6203 ****************************************************************************/
6205 static NTSTATUS parent_dirname_compatible_open(connection_struct *conn,
6206 const struct smb_filename *smb_fname_dst_in)
6208 char *parent_dir = NULL;
6209 struct smb_filename smb_fname_parent;
6211 files_struct *fsp = NULL;
6214 if (!parent_dirname(talloc_tos(), smb_fname_dst_in->base_name,
6215 &parent_dir, NULL)) {
6216 return NT_STATUS_NO_MEMORY;
6218 ZERO_STRUCT(smb_fname_parent);
6219 smb_fname_parent.base_name = parent_dir;
6221 ret = SMB_VFS_LSTAT(conn, &smb_fname_parent);
6223 return map_nt_error_from_unix(errno);
6227 * We're only checking on this smbd here, mostly good
6228 * enough.. and will pass tests.
6231 id = vfs_file_id_from_sbuf(conn, &smb_fname_parent.st);
6232 for (fsp = file_find_di_first(conn->sconn, id); fsp;
6233 fsp = file_find_di_next(fsp)) {
6234 if (fsp->access_mask & DELETE_ACCESS) {
6235 return NT_STATUS_SHARING_VIOLATION;
6238 return NT_STATUS_OK;
6241 /****************************************************************************
6242 Rename an open file - given an fsp.
6243 ****************************************************************************/
6245 NTSTATUS rename_internals_fsp(connection_struct *conn,
6247 const struct smb_filename *smb_fname_dst_in,
6249 bool replace_if_exists)
6251 TALLOC_CTX *ctx = talloc_tos();
6252 struct smb_filename *smb_fname_dst = NULL;
6253 NTSTATUS status = NT_STATUS_OK;
6254 struct share_mode_lock *lck = NULL;
6255 bool dst_exists, old_is_stream, new_is_stream;
6257 status = check_name(conn, smb_fname_dst_in->base_name);
6258 if (!NT_STATUS_IS_OK(status)) {
6262 status = parent_dirname_compatible_open(conn, smb_fname_dst_in);
6263 if (!NT_STATUS_IS_OK(status)) {
6267 /* Make a copy of the dst smb_fname structs */
6269 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
6270 if (!NT_STATUS_IS_OK(status)) {
6275 * Check for special case with case preserving and not
6276 * case sensitive. If the old last component differs from the original
6277 * last component only by case, then we should allow
6278 * the rename (user is trying to change the case of the
6281 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
6282 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6283 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
6285 char *fname_dst_lcomp_base_mod = NULL;
6286 struct smb_filename *smb_fname_orig_lcomp = NULL;
6289 * Get the last component of the destination name.
6291 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
6293 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
6295 fname_dst_lcomp_base_mod = talloc_strdup(ctx, smb_fname_dst->base_name);
6297 if (!fname_dst_lcomp_base_mod) {
6298 status = NT_STATUS_NO_MEMORY;
6303 * Create an smb_filename struct using the original last
6304 * component of the destination.
6306 status = create_synthetic_smb_fname_split(ctx,
6307 smb_fname_dst->original_lcomp, NULL,
6308 &smb_fname_orig_lcomp);
6309 if (!NT_STATUS_IS_OK(status)) {
6310 TALLOC_FREE(fname_dst_lcomp_base_mod);
6314 /* If the base names only differ by case, use original. */
6315 if(!strcsequal(fname_dst_lcomp_base_mod,
6316 smb_fname_orig_lcomp->base_name)) {
6319 * Replace the modified last component with the
6323 *last_slash = '\0'; /* Truncate at the '/' */
6324 tmp = talloc_asprintf(smb_fname_dst,
6326 smb_fname_dst->base_name,
6327 smb_fname_orig_lcomp->base_name);
6329 tmp = talloc_asprintf(smb_fname_dst,
6331 smb_fname_orig_lcomp->base_name);
6334 status = NT_STATUS_NO_MEMORY;
6335 TALLOC_FREE(fname_dst_lcomp_base_mod);
6336 TALLOC_FREE(smb_fname_orig_lcomp);
6339 TALLOC_FREE(smb_fname_dst->base_name);
6340 smb_fname_dst->base_name = tmp;
6343 /* If the stream_names only differ by case, use original. */
6344 if(!strcsequal(smb_fname_dst->stream_name,
6345 smb_fname_orig_lcomp->stream_name)) {
6347 /* Use the original stream. */
6348 tmp = talloc_strdup(smb_fname_dst,
6349 smb_fname_orig_lcomp->stream_name);
6351 status = NT_STATUS_NO_MEMORY;
6352 TALLOC_FREE(fname_dst_lcomp_base_mod);
6353 TALLOC_FREE(smb_fname_orig_lcomp);
6356 TALLOC_FREE(smb_fname_dst->stream_name);
6357 smb_fname_dst->stream_name = tmp;
6359 TALLOC_FREE(fname_dst_lcomp_base_mod);
6360 TALLOC_FREE(smb_fname_orig_lcomp);
6364 * If the src and dest names are identical - including case,
6365 * don't do the rename, just return success.
6368 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6369 strcsequal(fsp->fsp_name->stream_name,
6370 smb_fname_dst->stream_name)) {
6371 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
6372 "- returning success\n",
6373 smb_fname_str_dbg(smb_fname_dst)));
6374 status = NT_STATUS_OK;
6378 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
6379 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
6381 /* Return the correct error code if both names aren't streams. */
6382 if (!old_is_stream && new_is_stream) {
6383 status = NT_STATUS_OBJECT_NAME_INVALID;
6387 if (old_is_stream && !new_is_stream) {
6388 status = NT_STATUS_INVALID_PARAMETER;
6392 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6394 if(!replace_if_exists && dst_exists) {
6395 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6396 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6397 smb_fname_str_dbg(smb_fname_dst)));
6398 status = NT_STATUS_OBJECT_NAME_COLLISION;
6403 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6404 &smb_fname_dst->st);
6405 files_struct *dst_fsp = file_find_di_first(conn->sconn,
6407 /* The file can be open when renaming a stream */
6408 if (dst_fsp && !new_is_stream) {
6409 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6410 status = NT_STATUS_ACCESS_DENIED;
6415 /* Ensure we have a valid stat struct for the source. */
6416 status = vfs_stat_fsp(fsp);
6417 if (!NT_STATUS_IS_OK(status)) {
6421 status = can_rename(conn, fsp, attrs);
6423 if (!NT_STATUS_IS_OK(status)) {
6424 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6425 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6426 smb_fname_str_dbg(smb_fname_dst)));
6427 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6428 status = NT_STATUS_ACCESS_DENIED;
6432 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6433 status = NT_STATUS_ACCESS_DENIED;
6436 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
6439 * We have the file open ourselves, so not being able to get the
6440 * corresponding share mode lock is a fatal error.
6443 SMB_ASSERT(lck != NULL);
6445 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6446 uint32 create_options = fsp->fh->private_options;
6448 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6449 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6450 smb_fname_str_dbg(smb_fname_dst)));
6452 if (!fsp->is_directory &&
6453 !lp_posix_pathnames() &&
6454 (lp_map_archive(SNUM(conn)) ||
6455 lp_store_dos_attributes(SNUM(conn)))) {
6456 /* We must set the archive bit on the newly
6458 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
6459 uint32_t old_dosmode = dos_mode(conn,
6461 file_set_dosmode(conn,
6463 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
6469 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6472 rename_open_files(conn, lck, fsp->name_hash, smb_fname_dst);
6475 * A rename acts as a new file create w.r.t. allowing an initial delete
6476 * on close, probably because in Windows there is a new handle to the
6477 * new file. If initial delete on close was requested but not
6478 * originally set, we need to set it here. This is probably not 100% correct,
6479 * but will work for the CIFSFS client which in non-posix mode
6480 * depends on these semantics. JRA.
6483 if (create_options & FILE_DELETE_ON_CLOSE) {
6484 status = can_set_delete_on_close(fsp, 0);
6486 if (NT_STATUS_IS_OK(status)) {
6487 /* Note that here we set the *inital* delete on close flag,
6488 * not the regular one. The magic gets handled in close. */
6489 fsp->initial_delete_on_close = True;
6493 status = NT_STATUS_OK;
6499 if (errno == ENOTDIR || errno == EISDIR) {
6500 status = NT_STATUS_OBJECT_NAME_COLLISION;
6502 status = map_nt_error_from_unix(errno);
6505 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6506 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6507 smb_fname_str_dbg(smb_fname_dst)));
6510 TALLOC_FREE(smb_fname_dst);
6515 /****************************************************************************
6516 The guts of the rename command, split out so it may be called by the NT SMB
6518 ****************************************************************************/
6520 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6521 connection_struct *conn,
6522 struct smb_request *req,
6523 struct smb_filename *smb_fname_src,
6524 struct smb_filename *smb_fname_dst,
6526 bool replace_if_exists,
6529 uint32_t access_mask)
6531 char *fname_src_dir = NULL;
6532 char *fname_src_mask = NULL;
6534 NTSTATUS status = NT_STATUS_OK;
6535 struct smb_Dir *dir_hnd = NULL;
6536 const char *dname = NULL;
6537 char *talloced = NULL;
6539 int create_options = 0;
6540 bool posix_pathnames = lp_posix_pathnames();
6544 * Split the old name into directory and last component
6545 * strings. Note that unix_convert may have stripped off a
6546 * leading ./ from both name and newname if the rename is
6547 * at the root of the share. We need to make sure either both
6548 * name and newname contain a / character or neither of them do
6549 * as this is checked in resolve_wildcards().
6552 /* Split up the directory from the filename/mask. */
6553 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6554 &fname_src_dir, &fname_src_mask);
6555 if (!NT_STATUS_IS_OK(status)) {
6556 status = NT_STATUS_NO_MEMORY;
6561 * We should only check the mangled cache
6562 * here if unix_convert failed. This means
6563 * that the path in 'mask' doesn't exist
6564 * on the file system and so we need to look
6565 * for a possible mangle. This patch from
6566 * Tine Smukavec <valentin.smukavec@hermes.si>.
6569 if (!VALID_STAT(smb_fname_src->st) &&
6570 mangle_is_mangled(fname_src_mask, conn->params)) {
6571 char *new_mask = NULL;
6572 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6575 TALLOC_FREE(fname_src_mask);
6576 fname_src_mask = new_mask;
6580 if (!src_has_wild) {
6584 * Only one file needs to be renamed. Append the mask back
6585 * onto the directory.
6587 TALLOC_FREE(smb_fname_src->base_name);
6588 if (ISDOT(fname_src_dir)) {
6589 /* Ensure we use canonical names on open. */
6590 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6594 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6599 if (!smb_fname_src->base_name) {
6600 status = NT_STATUS_NO_MEMORY;
6604 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6605 "case_preserve = %d, short case preserve = %d, "
6606 "directory = %s, newname = %s, "
6607 "last_component_dest = %s\n",
6608 conn->case_sensitive, conn->case_preserve,
6609 conn->short_case_preserve,
6610 smb_fname_str_dbg(smb_fname_src),
6611 smb_fname_str_dbg(smb_fname_dst),
6612 smb_fname_dst->original_lcomp));
6614 /* The dest name still may have wildcards. */
6615 if (dest_has_wild) {
6616 char *fname_dst_mod = NULL;
6617 if (!resolve_wildcards(smb_fname_dst,
6618 smb_fname_src->base_name,
6619 smb_fname_dst->base_name,
6621 DEBUG(6, ("rename_internals: resolve_wildcards "
6623 smb_fname_src->base_name,
6624 smb_fname_dst->base_name));
6625 status = NT_STATUS_NO_MEMORY;
6628 TALLOC_FREE(smb_fname_dst->base_name);
6629 smb_fname_dst->base_name = fname_dst_mod;
6632 ZERO_STRUCT(smb_fname_src->st);
6633 if (posix_pathnames) {
6634 rc = SMB_VFS_LSTAT(conn, smb_fname_src);
6636 rc = SMB_VFS_STAT(conn, smb_fname_src);
6639 status = map_nt_error_from_unix_common(errno);
6643 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6644 create_options |= FILE_DIRECTORY_FILE;
6647 status = SMB_VFS_CREATE_FILE(
6650 0, /* root_dir_fid */
6651 smb_fname_src, /* fname */
6652 access_mask, /* access_mask */
6653 (FILE_SHARE_READ | /* share_access */
6655 FILE_OPEN, /* create_disposition*/
6656 create_options, /* create_options */
6657 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6658 0, /* oplock_request */
6659 0, /* allocation_size */
6660 0, /* private_flags */
6666 if (!NT_STATUS_IS_OK(status)) {
6667 DEBUG(3, ("Could not open rename source %s: %s\n",
6668 smb_fname_str_dbg(smb_fname_src),
6669 nt_errstr(status)));
6673 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6674 attrs, replace_if_exists);
6676 close_file(req, fsp, NORMAL_CLOSE);
6678 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6679 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6680 smb_fname_str_dbg(smb_fname_dst)));
6686 * Wildcards - process each file that matches.
6688 if (strequal(fname_src_mask, "????????.???")) {
6689 TALLOC_FREE(fname_src_mask);
6690 fname_src_mask = talloc_strdup(ctx, "*");
6691 if (!fname_src_mask) {
6692 status = NT_STATUS_NO_MEMORY;
6697 status = check_name(conn, fname_src_dir);
6698 if (!NT_STATUS_IS_OK(status)) {
6702 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6704 if (dir_hnd == NULL) {
6705 status = map_nt_error_from_unix(errno);
6709 status = NT_STATUS_NO_SUCH_FILE;
6711 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6712 * - gentest fix. JRA
6715 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6717 files_struct *fsp = NULL;
6718 char *destname = NULL;
6719 bool sysdir_entry = False;
6721 /* Quick check for "." and ".." */
6722 if (ISDOT(dname) || ISDOTDOT(dname)) {
6723 if (attrs & FILE_ATTRIBUTE_DIRECTORY) {
6724 sysdir_entry = True;
6726 TALLOC_FREE(talloced);
6731 if (!is_visible_file(conn, fname_src_dir, dname,
6732 &smb_fname_src->st, false)) {
6733 TALLOC_FREE(talloced);
6737 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6738 TALLOC_FREE(talloced);
6743 status = NT_STATUS_OBJECT_NAME_INVALID;
6747 TALLOC_FREE(smb_fname_src->base_name);
6748 if (ISDOT(fname_src_dir)) {
6749 /* Ensure we use canonical names on open. */
6750 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6754 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6759 if (!smb_fname_src->base_name) {
6760 status = NT_STATUS_NO_MEMORY;
6764 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6765 smb_fname_dst->base_name,
6767 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6768 smb_fname_src->base_name, destname));
6769 TALLOC_FREE(talloced);
6773 status = NT_STATUS_NO_MEMORY;
6777 TALLOC_FREE(smb_fname_dst->base_name);
6778 smb_fname_dst->base_name = destname;
6780 ZERO_STRUCT(smb_fname_src->st);
6781 if (posix_pathnames) {
6782 SMB_VFS_LSTAT(conn, smb_fname_src);
6784 SMB_VFS_STAT(conn, smb_fname_src);
6789 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6790 create_options |= FILE_DIRECTORY_FILE;
6793 status = SMB_VFS_CREATE_FILE(
6796 0, /* root_dir_fid */
6797 smb_fname_src, /* fname */
6798 access_mask, /* access_mask */
6799 (FILE_SHARE_READ | /* share_access */
6801 FILE_OPEN, /* create_disposition*/
6802 create_options, /* create_options */
6803 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6804 0, /* oplock_request */
6805 0, /* allocation_size */
6806 0, /* private_flags */
6812 if (!NT_STATUS_IS_OK(status)) {
6813 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6814 "returned %s rename %s -> %s\n",
6816 smb_fname_str_dbg(smb_fname_src),
6817 smb_fname_str_dbg(smb_fname_dst)));
6821 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6823 if (!smb_fname_dst->original_lcomp) {
6824 status = NT_STATUS_NO_MEMORY;
6828 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6829 attrs, replace_if_exists);
6831 close_file(req, fsp, NORMAL_CLOSE);
6833 if (!NT_STATUS_IS_OK(status)) {
6834 DEBUG(3, ("rename_internals_fsp returned %s for "
6835 "rename %s -> %s\n", nt_errstr(status),
6836 smb_fname_str_dbg(smb_fname_src),
6837 smb_fname_str_dbg(smb_fname_dst)));
6843 DEBUG(3,("rename_internals: doing rename on %s -> "
6844 "%s\n", smb_fname_str_dbg(smb_fname_src),
6845 smb_fname_str_dbg(smb_fname_src)));
6846 TALLOC_FREE(talloced);
6848 TALLOC_FREE(dir_hnd);
6850 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6851 status = map_nt_error_from_unix(errno);
6855 TALLOC_FREE(talloced);
6856 TALLOC_FREE(fname_src_dir);
6857 TALLOC_FREE(fname_src_mask);
6861 /****************************************************************************
6863 ****************************************************************************/
6865 void reply_mv(struct smb_request *req)
6867 connection_struct *conn = req->conn;
6869 char *newname = NULL;
6873 bool src_has_wcard = False;
6874 bool dest_has_wcard = False;
6875 TALLOC_CTX *ctx = talloc_tos();
6876 struct smb_filename *smb_fname_src = NULL;
6877 struct smb_filename *smb_fname_dst = NULL;
6878 uint32_t src_ucf_flags = lp_posix_pathnames() ? UCF_UNIX_NAME_LOOKUP : UCF_COND_ALLOW_WCARD_LCOMP;
6879 uint32_t dst_ucf_flags = UCF_SAVE_LCOMP | (lp_posix_pathnames() ? 0 : UCF_COND_ALLOW_WCARD_LCOMP);
6880 bool stream_rename = false;
6882 START_PROFILE(SMBmv);
6885 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6889 attrs = SVAL(req->vwv+0, 0);
6891 p = (const char *)req->buf + 1;
6892 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6893 &status, &src_has_wcard);
6894 if (!NT_STATUS_IS_OK(status)) {
6895 reply_nterror(req, status);
6899 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6900 &status, &dest_has_wcard);
6901 if (!NT_STATUS_IS_OK(status)) {
6902 reply_nterror(req, status);
6906 if (!lp_posix_pathnames()) {
6907 /* The newname must begin with a ':' if the
6908 name contains a ':'. */
6909 if (strchr_m(name, ':')) {
6910 if (newname[0] != ':') {
6911 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6914 stream_rename = true;
6918 status = filename_convert(ctx,
6920 req->flags2 & FLAGS2_DFS_PATHNAMES,
6926 if (!NT_STATUS_IS_OK(status)) {
6927 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6928 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6929 ERRSRV, ERRbadpath);
6932 reply_nterror(req, status);
6936 status = filename_convert(ctx,
6938 req->flags2 & FLAGS2_DFS_PATHNAMES,
6944 if (!NT_STATUS_IS_OK(status)) {
6945 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6946 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6947 ERRSRV, ERRbadpath);
6950 reply_nterror(req, status);
6954 if (stream_rename) {
6955 /* smb_fname_dst->base_name must be the same as
6956 smb_fname_src->base_name. */
6957 TALLOC_FREE(smb_fname_dst->base_name);
6958 smb_fname_dst->base_name = talloc_strdup(smb_fname_dst,
6959 smb_fname_src->base_name);
6960 if (!smb_fname_dst->base_name) {
6961 reply_nterror(req, NT_STATUS_NO_MEMORY);
6966 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6967 smb_fname_str_dbg(smb_fname_dst)));
6969 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6970 attrs, False, src_has_wcard, dest_has_wcard,
6972 if (!NT_STATUS_IS_OK(status)) {
6973 if (open_was_deferred(req->sconn, req->mid)) {
6974 /* We have re-scheduled this call. */
6977 reply_nterror(req, status);
6981 reply_outbuf(req, 0, 0);
6983 TALLOC_FREE(smb_fname_src);
6984 TALLOC_FREE(smb_fname_dst);
6989 /*******************************************************************
6990 Copy a file as part of a reply_copy.
6991 ******************************************************************/
6994 * TODO: check error codes on all callers
6997 NTSTATUS copy_file(TALLOC_CTX *ctx,
6998 connection_struct *conn,
6999 struct smb_filename *smb_fname_src,
7000 struct smb_filename *smb_fname_dst,
7003 bool target_is_directory)
7005 struct smb_filename *smb_fname_dst_tmp = NULL;
7007 files_struct *fsp1,*fsp2;
7009 uint32 new_create_disposition;
7013 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
7014 if (!NT_STATUS_IS_OK(status)) {
7019 * If the target is a directory, extract the last component from the
7020 * src filename and append it to the dst filename
7022 if (target_is_directory) {
7025 /* dest/target can't be a stream if it's a directory. */
7026 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
7028 p = strrchr_m(smb_fname_src->base_name,'/');
7032 p = smb_fname_src->base_name;
7034 smb_fname_dst_tmp->base_name =
7035 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
7037 if (!smb_fname_dst_tmp->base_name) {
7038 status = NT_STATUS_NO_MEMORY;
7043 status = vfs_file_exist(conn, smb_fname_src);
7044 if (!NT_STATUS_IS_OK(status)) {
7048 if (!target_is_directory && count) {
7049 new_create_disposition = FILE_OPEN;
7051 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp->base_name,
7054 &new_create_disposition,
7057 status = NT_STATUS_INVALID_PARAMETER;
7062 /* Open the src file for reading. */
7063 status = SMB_VFS_CREATE_FILE(
7066 0, /* root_dir_fid */
7067 smb_fname_src, /* fname */
7068 FILE_GENERIC_READ, /* access_mask */
7069 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
7070 FILE_OPEN, /* create_disposition*/
7071 0, /* create_options */
7072 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
7073 INTERNAL_OPEN_ONLY, /* oplock_request */
7074 0, /* allocation_size */
7075 0, /* private_flags */
7081 if (!NT_STATUS_IS_OK(status)) {
7085 dosattrs = dos_mode(conn, smb_fname_src);
7087 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
7088 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
7091 /* Open the dst file for writing. */
7092 status = SMB_VFS_CREATE_FILE(
7095 0, /* root_dir_fid */
7096 smb_fname_dst, /* fname */
7097 FILE_GENERIC_WRITE, /* access_mask */
7098 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
7099 new_create_disposition, /* create_disposition*/
7100 0, /* create_options */
7101 dosattrs, /* file_attributes */
7102 INTERNAL_OPEN_ONLY, /* oplock_request */
7103 0, /* allocation_size */
7104 0, /* private_flags */
7110 if (!NT_STATUS_IS_OK(status)) {
7111 close_file(NULL, fsp1, ERROR_CLOSE);
7115 if (ofun & OPENX_FILE_EXISTS_OPEN) {
7116 ret = SMB_VFS_LSEEK(fsp2, 0, SEEK_END);
7118 DEBUG(0, ("error - vfs lseek returned error %s\n",
7120 status = map_nt_error_from_unix(errno);
7121 close_file(NULL, fsp1, ERROR_CLOSE);
7122 close_file(NULL, fsp2, ERROR_CLOSE);
7127 /* Do the actual copy. */
7128 if (smb_fname_src->st.st_ex_size) {
7129 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
7134 close_file(NULL, fsp1, NORMAL_CLOSE);
7136 /* Ensure the modtime is set correctly on the destination file. */
7137 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
7140 * As we are opening fsp1 read-only we only expect
7141 * an error on close on fsp2 if we are out of space.
7142 * Thus we don't look at the error return from the
7145 status = close_file(NULL, fsp2, NORMAL_CLOSE);
7147 if (!NT_STATUS_IS_OK(status)) {
7151 if (ret != (off_t)smb_fname_src->st.st_ex_size) {
7152 status = NT_STATUS_DISK_FULL;
7156 status = NT_STATUS_OK;
7159 TALLOC_FREE(smb_fname_dst_tmp);
7163 /****************************************************************************
7164 Reply to a file copy.
7165 ****************************************************************************/
7167 void reply_copy(struct smb_request *req)
7169 connection_struct *conn = req->conn;
7170 struct smb_filename *smb_fname_src = NULL;
7171 struct smb_filename *smb_fname_dst = NULL;
7172 char *fname_src = NULL;
7173 char *fname_dst = NULL;
7174 char *fname_src_mask = NULL;
7175 char *fname_src_dir = NULL;
7178 int error = ERRnoaccess;
7182 bool target_is_directory=False;
7183 bool source_has_wild = False;
7184 bool dest_has_wild = False;
7186 TALLOC_CTX *ctx = talloc_tos();
7188 START_PROFILE(SMBcopy);
7191 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7195 tid2 = SVAL(req->vwv+0, 0);
7196 ofun = SVAL(req->vwv+1, 0);
7197 flags = SVAL(req->vwv+2, 0);
7199 p = (const char *)req->buf;
7200 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
7201 &status, &source_has_wild);
7202 if (!NT_STATUS_IS_OK(status)) {
7203 reply_nterror(req, status);
7206 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
7207 &status, &dest_has_wild);
7208 if (!NT_STATUS_IS_OK(status)) {
7209 reply_nterror(req, status);
7213 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
7215 if (tid2 != conn->cnum) {
7216 /* can't currently handle inter share copies XXXX */
7217 DEBUG(3,("Rejecting inter-share copy\n"));
7218 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
7222 status = filename_convert(ctx, conn,
7223 req->flags2 & FLAGS2_DFS_PATHNAMES,
7225 UCF_COND_ALLOW_WCARD_LCOMP,
7228 if (!NT_STATUS_IS_OK(status)) {
7229 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
7230 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
7231 ERRSRV, ERRbadpath);
7234 reply_nterror(req, status);
7238 status = filename_convert(ctx, conn,
7239 req->flags2 & FLAGS2_DFS_PATHNAMES,
7241 UCF_COND_ALLOW_WCARD_LCOMP,
7244 if (!NT_STATUS_IS_OK(status)) {
7245 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
7246 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
7247 ERRSRV, ERRbadpath);
7250 reply_nterror(req, status);
7254 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
7256 if ((flags&1) && target_is_directory) {
7257 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
7261 if ((flags&2) && !target_is_directory) {
7262 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
7266 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
7267 /* wants a tree copy! XXXX */
7268 DEBUG(3,("Rejecting tree copy\n"));
7269 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7273 /* Split up the directory from the filename/mask. */
7274 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
7275 &fname_src_dir, &fname_src_mask);
7276 if (!NT_STATUS_IS_OK(status)) {
7277 reply_nterror(req, NT_STATUS_NO_MEMORY);
7282 * We should only check the mangled cache
7283 * here if unix_convert failed. This means
7284 * that the path in 'mask' doesn't exist
7285 * on the file system and so we need to look
7286 * for a possible mangle. This patch from
7287 * Tine Smukavec <valentin.smukavec@hermes.si>.
7289 if (!VALID_STAT(smb_fname_src->st) &&
7290 mangle_is_mangled(fname_src_mask, conn->params)) {
7291 char *new_mask = NULL;
7292 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
7293 &new_mask, conn->params);
7295 /* Use demangled name if one was successfully found. */
7297 TALLOC_FREE(fname_src_mask);
7298 fname_src_mask = new_mask;
7302 if (!source_has_wild) {
7305 * Only one file needs to be copied. Append the mask back onto
7308 TALLOC_FREE(smb_fname_src->base_name);
7309 if (ISDOT(fname_src_dir)) {
7310 /* Ensure we use canonical names on open. */
7311 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7315 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7320 if (!smb_fname_src->base_name) {
7321 reply_nterror(req, NT_STATUS_NO_MEMORY);
7325 if (dest_has_wild) {
7326 char *fname_dst_mod = NULL;
7327 if (!resolve_wildcards(smb_fname_dst,
7328 smb_fname_src->base_name,
7329 smb_fname_dst->base_name,
7331 reply_nterror(req, NT_STATUS_NO_MEMORY);
7334 TALLOC_FREE(smb_fname_dst->base_name);
7335 smb_fname_dst->base_name = fname_dst_mod;
7338 status = check_name(conn, smb_fname_src->base_name);
7339 if (!NT_STATUS_IS_OK(status)) {
7340 reply_nterror(req, status);
7344 status = check_name(conn, smb_fname_dst->base_name);
7345 if (!NT_STATUS_IS_OK(status)) {
7346 reply_nterror(req, status);
7350 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
7351 ofun, count, target_is_directory);
7353 if(!NT_STATUS_IS_OK(status)) {
7354 reply_nterror(req, status);
7360 struct smb_Dir *dir_hnd = NULL;
7361 const char *dname = NULL;
7362 char *talloced = NULL;
7366 * There is a wildcard that requires us to actually read the
7367 * src dir and copy each file matching the mask to the dst.
7368 * Right now streams won't be copied, but this could
7369 * presumably be added with a nested loop for reach dir entry.
7371 SMB_ASSERT(!smb_fname_src->stream_name);
7372 SMB_ASSERT(!smb_fname_dst->stream_name);
7374 smb_fname_src->stream_name = NULL;
7375 smb_fname_dst->stream_name = NULL;
7377 if (strequal(fname_src_mask,"????????.???")) {
7378 TALLOC_FREE(fname_src_mask);
7379 fname_src_mask = talloc_strdup(ctx, "*");
7380 if (!fname_src_mask) {
7381 reply_nterror(req, NT_STATUS_NO_MEMORY);
7386 status = check_name(conn, fname_src_dir);
7387 if (!NT_STATUS_IS_OK(status)) {
7388 reply_nterror(req, status);
7392 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
7393 if (dir_hnd == NULL) {
7394 status = map_nt_error_from_unix(errno);
7395 reply_nterror(req, status);
7401 /* Iterate over the src dir copying each entry to the dst. */
7402 while ((dname = ReadDirName(dir_hnd, &offset,
7403 &smb_fname_src->st, &talloced))) {
7404 char *destname = NULL;
7406 if (ISDOT(dname) || ISDOTDOT(dname)) {
7407 TALLOC_FREE(talloced);
7411 if (!is_visible_file(conn, fname_src_dir, dname,
7412 &smb_fname_src->st, false)) {
7413 TALLOC_FREE(talloced);
7417 if(!mask_match(dname, fname_src_mask,
7418 conn->case_sensitive)) {
7419 TALLOC_FREE(talloced);
7423 error = ERRnoaccess;
7425 /* Get the src smb_fname struct setup. */
7426 TALLOC_FREE(smb_fname_src->base_name);
7427 if (ISDOT(fname_src_dir)) {
7428 /* Ensure we use canonical names on open. */
7429 smb_fname_src->base_name =
7430 talloc_asprintf(smb_fname_src, "%s",
7433 smb_fname_src->base_name =
7434 talloc_asprintf(smb_fname_src, "%s/%s",
7435 fname_src_dir, dname);
7438 if (!smb_fname_src->base_name) {
7439 TALLOC_FREE(dir_hnd);
7440 TALLOC_FREE(talloced);
7441 reply_nterror(req, NT_STATUS_NO_MEMORY);
7445 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
7446 smb_fname_dst->base_name,
7448 TALLOC_FREE(talloced);
7452 TALLOC_FREE(dir_hnd);
7453 TALLOC_FREE(talloced);
7454 reply_nterror(req, NT_STATUS_NO_MEMORY);
7458 TALLOC_FREE(smb_fname_dst->base_name);
7459 smb_fname_dst->base_name = destname;
7461 status = check_name(conn, smb_fname_src->base_name);
7462 if (!NT_STATUS_IS_OK(status)) {
7463 TALLOC_FREE(dir_hnd);
7464 TALLOC_FREE(talloced);
7465 reply_nterror(req, status);
7469 status = check_name(conn, smb_fname_dst->base_name);
7470 if (!NT_STATUS_IS_OK(status)) {
7471 TALLOC_FREE(dir_hnd);
7472 TALLOC_FREE(talloced);
7473 reply_nterror(req, status);
7477 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7478 smb_fname_src->base_name,
7479 smb_fname_dst->base_name));
7481 status = copy_file(ctx, conn, smb_fname_src,
7482 smb_fname_dst, ofun, count,
7483 target_is_directory);
7484 if (NT_STATUS_IS_OK(status)) {
7488 TALLOC_FREE(talloced);
7490 TALLOC_FREE(dir_hnd);
7494 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
7498 reply_outbuf(req, 1, 0);
7499 SSVAL(req->outbuf,smb_vwv0,count);
7501 TALLOC_FREE(smb_fname_src);
7502 TALLOC_FREE(smb_fname_dst);
7503 TALLOC_FREE(fname_src);
7504 TALLOC_FREE(fname_dst);
7505 TALLOC_FREE(fname_src_mask);
7506 TALLOC_FREE(fname_src_dir);
7508 END_PROFILE(SMBcopy);
7513 #define DBGC_CLASS DBGC_LOCKING
7515 /****************************************************************************
7516 Get a lock pid, dealing with large count requests.
7517 ****************************************************************************/
7519 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
7520 bool large_file_format)
7522 if(!large_file_format)
7523 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
7525 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7528 /****************************************************************************
7529 Get a lock count, dealing with large count requests.
7530 ****************************************************************************/
7532 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7533 bool large_file_format)
7537 if(!large_file_format) {
7538 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7541 #if defined(HAVE_LONGLONG)
7542 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7543 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7544 #else /* HAVE_LONGLONG */
7547 * NT4.x seems to be broken in that it sends large file (64 bit)
7548 * lockingX calls even if the CAP_LARGE_FILES was *not*
7549 * negotiated. For boxes without large unsigned ints truncate the
7550 * lock count by dropping the top 32 bits.
7553 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7554 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7555 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7556 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7557 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7560 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7561 #endif /* HAVE_LONGLONG */
7567 #if !defined(HAVE_LONGLONG)
7568 /****************************************************************************
7569 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7570 ****************************************************************************/
7572 static uint32 map_lock_offset(uint32 high, uint32 low)
7576 uint32 highcopy = high;
7579 * Try and find out how many significant bits there are in high.
7582 for(i = 0; highcopy; i++)
7586 * We use 31 bits not 32 here as POSIX
7587 * lock offsets may not be negative.
7590 mask = (~0) << (31 - i);
7593 return 0; /* Fail. */
7599 #endif /* !defined(HAVE_LONGLONG) */
7601 /****************************************************************************
7602 Get a lock offset, dealing with large offset requests.
7603 ****************************************************************************/
7605 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7606 bool large_file_format, bool *err)
7608 uint64_t offset = 0;
7612 if(!large_file_format) {
7613 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7616 #if defined(HAVE_LONGLONG)
7617 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7618 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7619 #else /* HAVE_LONGLONG */
7622 * NT4.x seems to be broken in that it sends large file (64 bit)
7623 * lockingX calls even if the CAP_LARGE_FILES was *not*
7624 * negotiated. For boxes without large unsigned ints mangle the
7625 * lock offset by mapping the top 32 bits onto the lower 32.
7628 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7629 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7630 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7633 if((new_low = map_lock_offset(high, low)) == 0) {
7635 return (uint64_t)-1;
7638 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7639 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7640 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7641 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7644 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7645 #endif /* HAVE_LONGLONG */
7651 NTSTATUS smbd_do_locking(struct smb_request *req,
7655 uint16_t num_ulocks,
7656 struct smbd_lock_element *ulocks,
7658 struct smbd_lock_element *locks,
7661 connection_struct *conn = req->conn;
7663 NTSTATUS status = NT_STATUS_OK;
7667 /* Data now points at the beginning of the list
7668 of smb_unlkrng structs */
7669 for(i = 0; i < (int)num_ulocks; i++) {
7670 struct smbd_lock_element *e = &ulocks[i];
7672 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7673 "pid %u, file %s\n",
7676 (unsigned int)e->smblctx,
7679 if (e->brltype != UNLOCK_LOCK) {
7680 /* this can only happen with SMB2 */
7681 return NT_STATUS_INVALID_PARAMETER;
7684 status = do_unlock(req->sconn->msg_ctx,
7691 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7692 nt_errstr(status)));
7694 if (!NT_STATUS_IS_OK(status)) {
7699 /* Setup the timeout in seconds. */
7701 if (!lp_blocking_locks(SNUM(conn))) {
7705 /* Data now points at the beginning of the list
7706 of smb_lkrng structs */
7708 for(i = 0; i < (int)num_locks; i++) {
7709 struct smbd_lock_element *e = &locks[i];
7711 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7712 "%llu, file %s timeout = %d\n",
7715 (unsigned long long)e->smblctx,
7719 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7720 struct blocking_lock_record *blr = NULL;
7722 if (num_locks > 1) {
7724 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7725 * if the lock vector contains one entry. When given mutliple cancel
7726 * requests in a single PDU we expect the server to return an
7727 * error. Windows servers seem to accept the request but only
7728 * cancel the first lock.
7729 * JRA - Do what Windows does (tm) :-).
7733 /* MS-CIFS (2.2.4.32.1) behavior. */
7734 return NT_STATUS_DOS(ERRDOS,
7735 ERRcancelviolation);
7737 /* Windows behavior. */
7739 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7740 "cancel request\n"));
7746 if (lp_blocking_locks(SNUM(conn))) {
7748 /* Schedule a message to ourselves to
7749 remove the blocking lock record and
7750 return the right error. */
7752 blr = blocking_lock_cancel_smb1(fsp,
7758 NT_STATUS_FILE_LOCK_CONFLICT);
7760 return NT_STATUS_DOS(
7762 ERRcancelviolation);
7765 /* Remove a matching pending lock. */
7766 status = do_lock_cancel(fsp,
7773 bool blocking_lock = timeout ? true : false;
7774 bool defer_lock = false;
7775 struct byte_range_lock *br_lck;
7776 uint64_t block_smblctx;
7778 br_lck = do_lock(req->sconn->msg_ctx,
7790 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7791 /* Windows internal resolution for blocking locks seems
7792 to be about 200ms... Don't wait for less than that. JRA. */
7793 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7794 timeout = lp_lock_spin_time();
7799 /* If a lock sent with timeout of zero would fail, and
7800 * this lock has been requested multiple times,
7801 * according to brl_lock_failed() we convert this
7802 * request to a blocking lock with a timeout of between
7803 * 150 - 300 milliseconds.
7805 * If lp_lock_spin_time() has been set to 0, we skip
7806 * this blocking retry and fail immediately.
7808 * Replacement for do_lock_spin(). JRA. */
7810 if (!req->sconn->using_smb2 &&
7811 br_lck && lp_blocking_locks(SNUM(conn)) &&
7812 lp_lock_spin_time() && !blocking_lock &&
7813 NT_STATUS_EQUAL((status),
7814 NT_STATUS_FILE_LOCK_CONFLICT))
7817 timeout = lp_lock_spin_time();
7820 if (br_lck && defer_lock) {
7822 * A blocking lock was requested. Package up
7823 * this smb into a queued request and push it
7824 * onto the blocking lock queue.
7826 if(push_blocking_lock_request(br_lck,
7837 TALLOC_FREE(br_lck);
7839 return NT_STATUS_OK;
7843 TALLOC_FREE(br_lck);
7846 if (!NT_STATUS_IS_OK(status)) {
7851 /* If any of the above locks failed, then we must unlock
7852 all of the previous locks (X/Open spec). */
7854 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7856 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7857 i = -1; /* we want to skip the for loop */
7861 * Ensure we don't do a remove on the lock that just failed,
7862 * as under POSIX rules, if we have a lock already there, we
7863 * will delete it (and we shouldn't) .....
7865 for(i--; i >= 0; i--) {
7866 struct smbd_lock_element *e = &locks[i];
7868 do_unlock(req->sconn->msg_ctx,
7878 DEBUG(3, ("smbd_do_locking: %s type=%d num_locks=%d num_ulocks=%d\n",
7879 fsp_fnum_dbg(fsp), (unsigned int)type, num_locks, num_ulocks));
7881 return NT_STATUS_OK;
7884 /****************************************************************************
7885 Reply to a lockingX request.
7886 ****************************************************************************/
7888 void reply_lockingX(struct smb_request *req)
7890 connection_struct *conn = req->conn;
7892 unsigned char locktype;
7893 unsigned char oplocklevel;
7898 const uint8_t *data;
7899 bool large_file_format;
7901 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7902 struct smbd_lock_element *ulocks;
7903 struct smbd_lock_element *locks;
7906 START_PROFILE(SMBlockingX);
7909 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7910 END_PROFILE(SMBlockingX);
7914 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7915 locktype = CVAL(req->vwv+3, 0);
7916 oplocklevel = CVAL(req->vwv+3, 1);
7917 num_ulocks = SVAL(req->vwv+6, 0);
7918 num_locks = SVAL(req->vwv+7, 0);
7919 lock_timeout = IVAL(req->vwv+4, 0);
7920 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7922 if (!check_fsp(conn, req, fsp)) {
7923 END_PROFILE(SMBlockingX);
7929 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7930 /* we don't support these - and CANCEL_LOCK makes w2k
7931 and XP reboot so I don't really want to be
7932 compatible! (tridge) */
7933 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7934 END_PROFILE(SMBlockingX);
7938 /* Check if this is an oplock break on a file
7939 we have granted an oplock on.
7941 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7942 /* Client can insist on breaking to none. */
7943 bool break_to_none = (oplocklevel == 0);
7946 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7947 "for %s\n", (unsigned int)oplocklevel,
7948 fsp_fnum_dbg(fsp)));
7951 * Make sure we have granted an exclusive or batch oplock on
7955 if (fsp->oplock_type == 0) {
7957 /* The Samba4 nbench simulator doesn't understand
7958 the difference between break to level2 and break
7959 to none from level2 - it sends oplock break
7960 replies in both cases. Don't keep logging an error
7961 message here - just ignore it. JRA. */
7963 DEBUG(5,("reply_lockingX: Error : oplock break from "
7964 "client for %s (oplock=%d) and no "
7965 "oplock granted on this file (%s).\n",
7966 fsp_fnum_dbg(fsp), fsp->oplock_type,
7969 /* if this is a pure oplock break request then don't
7971 if (num_locks == 0 && num_ulocks == 0) {
7972 END_PROFILE(SMBlockingX);
7975 END_PROFILE(SMBlockingX);
7976 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7981 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7983 result = remove_oplock(fsp);
7985 result = downgrade_oplock(fsp);
7989 DEBUG(0, ("reply_lockingX: error in removing "
7990 "oplock on file %s\n", fsp_str_dbg(fsp)));
7991 /* Hmmm. Is this panic justified? */
7992 smb_panic("internal tdb error");
7995 reply_to_oplock_break_requests(fsp);
7997 /* if this is a pure oplock break request then don't send a
7999 if (num_locks == 0 && num_ulocks == 0) {
8000 /* Sanity check - ensure a pure oplock break is not a
8002 if(CVAL(req->vwv+0, 0) != 0xff)
8003 DEBUG(0,("reply_lockingX: Error : pure oplock "
8004 "break is a chained %d request !\n",
8005 (unsigned int)CVAL(req->vwv+0, 0)));
8006 END_PROFILE(SMBlockingX);
8012 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
8013 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8014 END_PROFILE(SMBlockingX);
8018 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
8019 if (ulocks == NULL) {
8020 reply_nterror(req, NT_STATUS_NO_MEMORY);
8021 END_PROFILE(SMBlockingX);
8025 locks = talloc_array(req, struct smbd_lock_element, num_locks);
8026 if (locks == NULL) {
8027 reply_nterror(req, NT_STATUS_NO_MEMORY);
8028 END_PROFILE(SMBlockingX);
8032 /* Data now points at the beginning of the list
8033 of smb_unlkrng structs */
8034 for(i = 0; i < (int)num_ulocks; i++) {
8035 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
8036 ulocks[i].count = get_lock_count(data, i, large_file_format);
8037 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
8038 ulocks[i].brltype = UNLOCK_LOCK;
8041 * There is no error code marked "stupid client bug".... :-).
8044 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8045 END_PROFILE(SMBlockingX);
8050 /* Now do any requested locks */
8051 data += ((large_file_format ? 20 : 10)*num_ulocks);
8053 /* Data now points at the beginning of the list
8054 of smb_lkrng structs */
8056 for(i = 0; i < (int)num_locks; i++) {
8057 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
8058 locks[i].count = get_lock_count(data, i, large_file_format);
8059 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
8061 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
8062 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
8063 locks[i].brltype = PENDING_READ_LOCK;
8065 locks[i].brltype = READ_LOCK;
8068 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
8069 locks[i].brltype = PENDING_WRITE_LOCK;
8071 locks[i].brltype = WRITE_LOCK;
8076 * There is no error code marked "stupid client bug".... :-).
8079 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8080 END_PROFILE(SMBlockingX);
8085 status = smbd_do_locking(req, fsp,
8086 locktype, lock_timeout,
8090 if (!NT_STATUS_IS_OK(status)) {
8091 END_PROFILE(SMBlockingX);
8092 reply_nterror(req, status);
8096 END_PROFILE(SMBlockingX);
8100 reply_outbuf(req, 2, 0);
8101 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
8102 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
8104 DEBUG(3, ("lockingX %s type=%d num_locks=%d num_ulocks=%d\n",
8105 fsp_fnum_dbg(fsp), (unsigned int)locktype, num_locks, num_ulocks));
8107 END_PROFILE(SMBlockingX);
8111 #define DBGC_CLASS DBGC_ALL
8113 /****************************************************************************
8114 Reply to a SMBreadbmpx (read block multiplex) request.
8115 Always reply with an error, if someone has a platform really needs this,
8116 please contact vl@samba.org
8117 ****************************************************************************/
8119 void reply_readbmpx(struct smb_request *req)
8121 START_PROFILE(SMBreadBmpx);
8122 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8123 END_PROFILE(SMBreadBmpx);
8127 /****************************************************************************
8128 Reply to a SMBreadbs (read block multiplex secondary) request.
8129 Always reply with an error, if someone has a platform really needs this,
8130 please contact vl@samba.org
8131 ****************************************************************************/
8133 void reply_readbs(struct smb_request *req)
8135 START_PROFILE(SMBreadBs);
8136 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8137 END_PROFILE(SMBreadBs);
8141 /****************************************************************************
8142 Reply to a SMBsetattrE.
8143 ****************************************************************************/
8145 void reply_setattrE(struct smb_request *req)
8147 connection_struct *conn = req->conn;
8148 struct smb_file_time ft;
8152 START_PROFILE(SMBsetattrE);
8156 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8160 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
8162 if(!fsp || (fsp->conn != conn)) {
8163 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
8168 * Convert the DOS times into unix times.
8171 ft.atime = convert_time_t_to_timespec(
8172 srv_make_unix_date2(req->vwv+3));
8173 ft.mtime = convert_time_t_to_timespec(
8174 srv_make_unix_date2(req->vwv+5));
8175 ft.create_time = convert_time_t_to_timespec(
8176 srv_make_unix_date2(req->vwv+1));
8178 reply_outbuf(req, 0, 0);
8181 * Patch from Ray Frush <frush@engr.colostate.edu>
8182 * Sometimes times are sent as zero - ignore them.
8185 /* Ensure we have a valid stat struct for the source. */
8186 status = vfs_stat_fsp(fsp);
8187 if (!NT_STATUS_IS_OK(status)) {
8188 reply_nterror(req, status);
8192 if (!(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
8193 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8197 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
8198 if (!NT_STATUS_IS_OK(status)) {
8199 reply_nterror(req, status);
8203 DEBUG( 3, ( "reply_setattrE %s actime=%u modtime=%u "
8206 (unsigned int)ft.atime.tv_sec,
8207 (unsigned int)ft.mtime.tv_sec,
8208 (unsigned int)ft.create_time.tv_sec
8211 END_PROFILE(SMBsetattrE);
8216 /* Back from the dead for OS/2..... JRA. */
8218 /****************************************************************************
8219 Reply to a SMBwritebmpx (write block multiplex primary) request.
8220 Always reply with an error, if someone has a platform really needs this,
8221 please contact vl@samba.org
8222 ****************************************************************************/
8224 void reply_writebmpx(struct smb_request *req)
8226 START_PROFILE(SMBwriteBmpx);
8227 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8228 END_PROFILE(SMBwriteBmpx);
8232 /****************************************************************************
8233 Reply to a SMBwritebs (write block multiplex secondary) request.
8234 Always reply with an error, if someone has a platform really needs this,
8235 please contact vl@samba.org
8236 ****************************************************************************/
8238 void reply_writebs(struct smb_request *req)
8240 START_PROFILE(SMBwriteBs);
8241 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8242 END_PROFILE(SMBwriteBs);
8246 /****************************************************************************
8247 Reply to a SMBgetattrE.
8248 ****************************************************************************/
8250 void reply_getattrE(struct smb_request *req)
8252 connection_struct *conn = req->conn;
8255 struct timespec create_ts;
8257 START_PROFILE(SMBgetattrE);
8260 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8261 END_PROFILE(SMBgetattrE);
8265 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
8267 if(!fsp || (fsp->conn != conn)) {
8268 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
8269 END_PROFILE(SMBgetattrE);
8273 /* Do an fstat on this file */
8275 reply_nterror(req, map_nt_error_from_unix(errno));
8276 END_PROFILE(SMBgetattrE);
8280 mode = dos_mode(conn, fsp->fsp_name);
8283 * Convert the times into dos times. Set create
8284 * date to be last modify date as UNIX doesn't save
8288 reply_outbuf(req, 11, 0);
8290 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
8291 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
8292 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
8293 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
8294 /* Should we check pending modtime here ? JRA */
8295 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
8296 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
8298 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
8299 SIVAL(req->outbuf, smb_vwv6, 0);
8300 SIVAL(req->outbuf, smb_vwv8, 0);
8302 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
8303 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
8304 SIVAL(req->outbuf, smb_vwv8, allocation_size);
8306 SSVAL(req->outbuf,smb_vwv10, mode);
8308 DEBUG( 3, ( "reply_getattrE %s\n", fsp_fnum_dbg(fsp)));
8310 END_PROFILE(SMBgetattrE);
git.samba.org / metze / samba / wip.git / blob