2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 /****************************************************************************
31 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
32 path or anything including wildcards.
33 We're assuming here that '/' is not the second byte in any multibyte char
34 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
36 ****************************************************************************/
38 /* Custom version for processing POSIX paths. */
39 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
41 static NTSTATUS check_path_syntax_internal(char *path,
43 bool *p_last_component_contains_wcard)
47 NTSTATUS ret = NT_STATUS_OK;
48 bool start_of_name_component = True;
49 bool stream_started = false;
51 *p_last_component_contains_wcard = False;
58 return NT_STATUS_OBJECT_NAME_INVALID;
61 return NT_STATUS_OBJECT_NAME_INVALID;
63 if (strchr_m(&s[1], ':')) {
64 return NT_STATUS_OBJECT_NAME_INVALID;
70 if ((*s == ':') && !posix_path && !stream_started) {
71 if (*p_last_component_contains_wcard) {
72 return NT_STATUS_OBJECT_NAME_INVALID;
74 /* Stream names allow more characters than file names.
75 We're overloading posix_path here to allow a wider
76 range of characters. If stream_started is true this
77 is still a Windows path even if posix_path is true.
80 stream_started = true;
81 start_of_name_component = false;
85 return NT_STATUS_OBJECT_NAME_INVALID;
89 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
91 * Safe to assume is not the second part of a mb char
92 * as this is handled below.
94 /* Eat multiple '/' or '\\' */
95 while (IS_PATH_SEP(*s,posix_path)) {
98 if ((d != path) && (*s != '\0')) {
99 /* We only care about non-leading or trailing '/' or '\\' */
103 start_of_name_component = True;
105 *p_last_component_contains_wcard = False;
109 if (start_of_name_component) {
110 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
111 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
114 * No mb char starts with '.' so we're safe checking the directory separator here.
117 /* If we just added a '/' - delete it */
118 if ((d > path) && (*(d-1) == '/')) {
123 /* Are we at the start ? Can't go back further if so. */
125 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
128 /* Go back one level... */
129 /* We know this is safe as '/' cannot be part of a mb sequence. */
130 /* NOTE - if this assumption is invalid we are not in good shape... */
131 /* Decrement d first as d points to the *next* char to write into. */
132 for (d--; d > path; d--) {
136 s += 2; /* Else go past the .. */
137 /* We're still at the start of a name component, just the previous one. */
140 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
152 if (*s <= 0x1f || *s == '|') {
153 return NT_STATUS_OBJECT_NAME_INVALID;
161 *p_last_component_contains_wcard = True;
170 /* Get the size of the next MB character. */
171 next_codepoint(s,&siz);
189 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
191 return NT_STATUS_INVALID_PARAMETER;
194 start_of_name_component = False;
202 /****************************************************************************
203 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
204 No wildcards allowed.
205 ****************************************************************************/
207 NTSTATUS check_path_syntax(char *path)
210 return check_path_syntax_internal(path, False, &ignore);
213 /****************************************************************************
214 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
215 Wildcards allowed - p_contains_wcard returns true if the last component contained
217 ****************************************************************************/
219 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
221 return check_path_syntax_internal(path, False, p_contains_wcard);
224 /****************************************************************************
225 Check the path for a POSIX client.
226 We're assuming here that '/' is not the second byte in any multibyte char
227 set (a safe assumption).
228 ****************************************************************************/
230 NTSTATUS check_path_syntax_posix(char *path)
233 return check_path_syntax_internal(path, True, &ignore);
236 /****************************************************************************
237 Pull a string and check the path allowing a wilcard - provide for error return.
238 ****************************************************************************/
240 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
241 const char *base_ptr,
248 bool *contains_wcard)
254 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
258 *err = NT_STATUS_INVALID_PARAMETER;
262 *contains_wcard = False;
264 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
266 * For a DFS path the function parse_dfs_path()
267 * will do the path processing, just make a copy.
273 if (lp_posix_pathnames()) {
274 *err = check_path_syntax_posix(*pp_dest);
276 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 /****************************************************************************
283 Pull a string and check the path - provide for error return.
284 ****************************************************************************/
286 size_t srvstr_get_path(TALLOC_CTX *ctx,
287 const char *base_ptr,
296 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
297 src_len, flags, err, &ignore);
300 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
301 char **pp_dest, const char *src, int flags,
302 NTSTATUS *err, bool *contains_wcard)
304 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
305 pp_dest, src, smbreq_bufrem(req, src),
306 flags, err, contains_wcard);
309 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
310 char **pp_dest, const char *src, int flags,
314 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
315 flags, err, &ignore);
318 /****************************************************************************
319 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
320 ****************************************************************************/
322 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
325 if (!(fsp) || !(conn)) {
326 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
329 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
330 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 /****************************************************************************
337 Check if we have a correct fsp pointing to a file.
338 ****************************************************************************/
340 bool check_fsp(connection_struct *conn, struct smb_request *req,
343 if (!check_fsp_open(conn, req, fsp)) {
346 if ((fsp)->is_directory) {
347 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
350 if ((fsp)->fh->fd == -1) {
351 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
354 (fsp)->num_smb_operations++;
358 /****************************************************************************
359 Check if we have a correct fsp pointing to a quota fake file. Replacement for
360 the CHECK_NTQUOTA_HANDLE_OK macro.
361 ****************************************************************************/
363 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
366 if (!check_fsp_open(conn, req, fsp)) {
370 if (fsp->is_directory) {
374 if (fsp->fake_file_handle == NULL) {
378 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
382 if (fsp->fake_file_handle->private_data == NULL) {
389 /****************************************************************************
390 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
391 ****************************************************************************/
393 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
396 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
397 && (req->vuid == (fsp)->vuid)) {
401 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
405 static bool netbios_session_retarget(const char *name, int name_type)
408 char *trim_name_type;
409 const char *retarget_parm;
412 int retarget_type = 0x20;
413 int retarget_port = 139;
414 struct sockaddr_storage retarget_addr;
415 struct sockaddr_in *in_addr;
419 if (get_socket_port(smbd_server_fd()) != 139) {
423 trim_name = talloc_strdup(talloc_tos(), name);
424 if (trim_name == NULL) {
427 trim_char(trim_name, ' ', ' ');
429 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
431 if (trim_name_type == NULL) {
435 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
436 trim_name_type, NULL);
437 if (retarget_parm == NULL) {
438 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 if (retarget_parm == NULL) {
445 retarget = talloc_strdup(trim_name, retarget_parm);
446 if (retarget == NULL) {
450 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
452 p = strchr(retarget, ':');
455 retarget_port = atoi(p);
458 p = strchr_m(retarget, '#');
461 sscanf(p, "%x", &retarget_type);
464 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
466 DEBUG(10, ("could not resolve %s\n", retarget));
470 if (retarget_addr.ss_family != AF_INET) {
471 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
475 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
477 _smb_setlen(outbuf, 6);
478 SCVAL(outbuf, 0, 0x84);
479 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
480 *(uint16_t *)(outbuf+8) = htons(retarget_port);
482 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
484 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
490 TALLOC_FREE(trim_name);
494 /****************************************************************************
495 Reply to a (netbios-level) special message.
496 ****************************************************************************/
498 void reply_special(char *inbuf)
500 int msg_type = CVAL(inbuf,0);
501 int msg_flags = CVAL(inbuf,1);
503 char name_type1, name_type2;
504 struct smbd_server_connection *sconn = smbd_server_conn;
507 * We only really use 4 bytes of the outbuf, but for the smb_setlen
508 * calculation & friends (srv_send_smb uses that) we need the full smb
511 char outbuf[smb_size];
515 memset(outbuf, '\0', sizeof(outbuf));
517 smb_setlen(outbuf,0);
520 case 0x81: /* session request */
522 if (sconn->nbt.got_session) {
523 exit_server_cleanly("multiple session request not permitted");
526 SCVAL(outbuf,0,0x82);
528 if (name_len(inbuf+4) > 50 ||
529 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
530 DEBUG(0,("Invalid name length in session request\n"));
533 name_type1 = name_extract(inbuf,4,name1);
534 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
535 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
536 name1, name_type1, name2, name_type2));
538 if (netbios_session_retarget(name1, name_type1)) {
539 exit_server_cleanly("retargeted client");
542 set_local_machine_name(name1, True);
543 set_remote_machine_name(name2, True);
545 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
546 get_local_machine_name(), get_remote_machine_name(),
549 if (name_type2 == 'R') {
550 /* We are being asked for a pathworks session ---
552 SCVAL(outbuf, 0,0x83);
556 /* only add the client's machine name to the list
557 of possibly valid usernames if we are operating
558 in share mode security */
559 if (lp_security() == SEC_SHARE) {
560 add_session_user(sconn, get_remote_machine_name());
563 reload_services(True);
566 sconn->nbt.got_session = true;
569 case 0x89: /* session keepalive request
570 (some old clients produce this?) */
571 SCVAL(outbuf,0,SMBkeepalive);
575 case 0x82: /* positive session response */
576 case 0x83: /* negative session response */
577 case 0x84: /* retarget session response */
578 DEBUG(0,("Unexpected session response\n"));
581 case SMBkeepalive: /* session keepalive */
586 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
587 msg_type, msg_flags));
589 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
593 /****************************************************************************
595 conn POINTER CAN BE NULL HERE !
596 ****************************************************************************/
598 void reply_tcon(struct smb_request *req)
600 connection_struct *conn = req->conn;
602 char *service_buf = NULL;
603 char *password = NULL;
608 DATA_BLOB password_blob;
609 TALLOC_CTX *ctx = talloc_tos();
610 struct smbd_server_connection *sconn = smbd_server_conn;
612 START_PROFILE(SMBtcon);
614 if (req->buflen < 4) {
615 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
616 END_PROFILE(SMBtcon);
620 p = (const char *)req->buf + 1;
621 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
623 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
625 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
628 if (service_buf == NULL || password == NULL || dev == NULL) {
629 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
630 END_PROFILE(SMBtcon);
633 p = strrchr_m(service_buf,'\\');
637 service = service_buf;
640 password_blob = data_blob(password, pwlen+1);
642 conn = make_connection(sconn,service,password_blob,dev,
643 req->vuid,&nt_status);
646 data_blob_clear_free(&password_blob);
649 reply_nterror(req, nt_status);
650 END_PROFILE(SMBtcon);
654 reply_outbuf(req, 2, 0);
655 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
656 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
657 SSVAL(req->outbuf,smb_tid,conn->cnum);
659 DEBUG(3,("tcon service=%s cnum=%d\n",
660 service, conn->cnum));
662 END_PROFILE(SMBtcon);
666 /****************************************************************************
667 Reply to a tcon and X.
668 conn POINTER CAN BE NULL HERE !
669 ****************************************************************************/
671 void reply_tcon_and_X(struct smb_request *req)
673 connection_struct *conn = req->conn;
674 const char *service = NULL;
676 TALLOC_CTX *ctx = talloc_tos();
677 /* what the cleint thinks the device is */
678 char *client_devicetype = NULL;
679 /* what the server tells the client the share represents */
680 const char *server_devicetype;
686 struct smbd_server_connection *sconn = smbd_server_conn;
688 START_PROFILE(SMBtconX);
691 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
692 END_PROFILE(SMBtconX);
696 passlen = SVAL(req->vwv+3, 0);
697 tcon_flags = SVAL(req->vwv+2, 0);
699 /* we might have to close an old one */
700 if ((tcon_flags & 0x1) && conn) {
701 close_cnum(conn,req->vuid);
706 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
707 reply_doserror(req, ERRDOS, ERRbuftoosmall);
708 END_PROFILE(SMBtconX);
712 if (sconn->smb1.negprot.encrypted_passwords) {
713 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
714 if (lp_security() == SEC_SHARE) {
716 * Security = share always has a pad byte
717 * after the password.
719 p = (const char *)req->buf + passlen + 1;
721 p = (const char *)req->buf + passlen;
724 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
725 /* Ensure correct termination */
726 password.data[passlen]=0;
727 p = (const char *)req->buf + passlen + 1;
730 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
733 data_blob_clear_free(&password);
734 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
735 END_PROFILE(SMBtconX);
740 * the service name can be either: \\server\share
741 * or share directly like on the DELL PowerVault 705
744 q = strchr_m(path+2,'\\');
746 data_blob_clear_free(&password);
747 reply_doserror(req, ERRDOS, ERRnosuchshare);
748 END_PROFILE(SMBtconX);
756 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
757 &client_devicetype, p,
758 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
760 if (client_devicetype == NULL) {
761 data_blob_clear_free(&password);
762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
763 END_PROFILE(SMBtconX);
767 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
769 conn = make_connection(sconn, service, password, client_devicetype,
770 req->vuid, &nt_status);
773 data_blob_clear_free(&password);
776 reply_nterror(req, nt_status);
777 END_PROFILE(SMBtconX);
782 server_devicetype = "IPC";
783 else if ( IS_PRINT(conn) )
784 server_devicetype = "LPT1:";
786 server_devicetype = "A:";
788 if (get_Protocol() < PROTOCOL_NT1) {
789 reply_outbuf(req, 2, 0);
790 if (message_push_string(&req->outbuf, server_devicetype,
791 STR_TERMINATE|STR_ASCII) == -1) {
792 reply_nterror(req, NT_STATUS_NO_MEMORY);
793 END_PROFILE(SMBtconX);
797 /* NT sets the fstype of IPC$ to the null string */
798 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
800 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
801 /* Return permissions. */
805 reply_outbuf(req, 7, 0);
808 perm1 = FILE_ALL_ACCESS;
809 perm2 = FILE_ALL_ACCESS;
811 perm1 = CAN_WRITE(conn) ?
816 SIVAL(req->outbuf, smb_vwv3, perm1);
817 SIVAL(req->outbuf, smb_vwv5, perm2);
819 reply_outbuf(req, 3, 0);
822 if ((message_push_string(&req->outbuf, server_devicetype,
823 STR_TERMINATE|STR_ASCII) == -1)
824 || (message_push_string(&req->outbuf, fstype,
825 STR_TERMINATE) == -1)) {
826 reply_nterror(req, NT_STATUS_NO_MEMORY);
827 END_PROFILE(SMBtconX);
831 /* what does setting this bit do? It is set by NT4 and
832 may affect the ability to autorun mounted cdroms */
833 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
834 (lp_csc_policy(SNUM(conn)) << 2));
836 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
837 DEBUG(2,("Serving %s as a Dfs root\n",
838 lp_servicename(SNUM(conn)) ));
839 SSVAL(req->outbuf, smb_vwv2,
840 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
845 DEBUG(3,("tconX service=%s \n",
848 /* set the incoming and outgoing tid to the just created one */
849 SSVAL(req->inbuf,smb_tid,conn->cnum);
850 SSVAL(req->outbuf,smb_tid,conn->cnum);
852 END_PROFILE(SMBtconX);
854 req->tid = conn->cnum;
859 /****************************************************************************
860 Reply to an unknown type.
861 ****************************************************************************/
863 void reply_unknown_new(struct smb_request *req, uint8 type)
865 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
866 smb_fn_name(type), type, type));
867 reply_doserror(req, ERRSRV, ERRunknownsmb);
871 /****************************************************************************
873 conn POINTER CAN BE NULL HERE !
874 ****************************************************************************/
876 void reply_ioctl(struct smb_request *req)
878 connection_struct *conn = req->conn;
885 START_PROFILE(SMBioctl);
888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
889 END_PROFILE(SMBioctl);
893 device = SVAL(req->vwv+1, 0);
894 function = SVAL(req->vwv+2, 0);
895 ioctl_code = (device << 16) + function;
897 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
899 switch (ioctl_code) {
900 case IOCTL_QUERY_JOB_INFO:
904 reply_doserror(req, ERRSRV, ERRnosupport);
905 END_PROFILE(SMBioctl);
909 reply_outbuf(req, 8, replysize+1);
910 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
911 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
912 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
913 p = smb_buf(req->outbuf);
914 memset(p, '\0', replysize+1); /* valgrind-safe. */
915 p += 1; /* Allow for alignment */
917 switch (ioctl_code) {
918 case IOCTL_QUERY_JOB_INFO:
920 files_struct *fsp = file_fsp(
921 req, SVAL(req->vwv+0, 0));
923 reply_doserror(req, ERRDOS, ERRbadfid);
924 END_PROFILE(SMBioctl);
927 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
928 srvstr_push((char *)req->outbuf, req->flags2, p+2,
930 STR_TERMINATE|STR_ASCII);
932 srvstr_push((char *)req->outbuf, req->flags2,
933 p+18, lp_servicename(SNUM(conn)),
934 13, STR_TERMINATE|STR_ASCII);
942 END_PROFILE(SMBioctl);
946 /****************************************************************************
947 Strange checkpath NTSTATUS mapping.
948 ****************************************************************************/
950 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
952 /* Strange DOS error code semantics only for checkpath... */
953 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
954 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
955 /* We need to map to ERRbadpath */
956 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
962 /****************************************************************************
963 Reply to a checkpath.
964 ****************************************************************************/
966 void reply_checkpath(struct smb_request *req)
968 connection_struct *conn = req->conn;
969 struct smb_filename *smb_fname = NULL;
972 TALLOC_CTX *ctx = talloc_tos();
974 START_PROFILE(SMBcheckpath);
976 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
977 STR_TERMINATE, &status);
979 if (!NT_STATUS_IS_OK(status)) {
980 status = map_checkpath_error(req->flags2, status);
981 reply_nterror(req, status);
982 END_PROFILE(SMBcheckpath);
986 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
988 status = filename_convert(ctx,
990 req->flags2 & FLAGS2_DFS_PATHNAMES,
996 if (!NT_STATUS_IS_OK(status)) {
997 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
998 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1000 END_PROFILE(SMBcheckpath);
1006 if (!VALID_STAT(smb_fname->st) &&
1007 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1008 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1009 smb_fname_str_dbg(smb_fname), strerror(errno)));
1010 status = map_nt_error_from_unix(errno);
1014 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1015 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1016 ERRDOS, ERRbadpath);
1020 reply_outbuf(req, 0, 0);
1023 /* We special case this - as when a Windows machine
1024 is parsing a path is steps through the components
1025 one at a time - if a component fails it expects
1026 ERRbadpath, not ERRbadfile.
1028 status = map_checkpath_error(req->flags2, status);
1029 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1031 * Windows returns different error codes if
1032 * the parent directory is valid but not the
1033 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1034 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1035 * if the path is invalid.
1037 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1038 ERRDOS, ERRbadpath);
1042 reply_nterror(req, status);
1045 TALLOC_FREE(smb_fname);
1046 END_PROFILE(SMBcheckpath);
1050 /****************************************************************************
1052 ****************************************************************************/
1054 void reply_getatr(struct smb_request *req)
1056 connection_struct *conn = req->conn;
1057 struct smb_filename *smb_fname = NULL;
1064 TALLOC_CTX *ctx = talloc_tos();
1065 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1067 START_PROFILE(SMBgetatr);
1069 p = (const char *)req->buf + 1;
1070 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1071 if (!NT_STATUS_IS_OK(status)) {
1072 reply_nterror(req, status);
1076 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1077 under WfWg - weird! */
1078 if (*fname == '\0') {
1079 mode = aHIDDEN | aDIR;
1080 if (!CAN_WRITE(conn)) {
1086 status = filename_convert(ctx,
1088 req->flags2 & FLAGS2_DFS_PATHNAMES,
1093 if (!NT_STATUS_IS_OK(status)) {
1094 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1095 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1096 ERRSRV, ERRbadpath);
1099 reply_nterror(req, status);
1102 if (!VALID_STAT(smb_fname->st) &&
1103 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1104 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1105 smb_fname_str_dbg(smb_fname),
1107 reply_nterror(req, map_nt_error_from_unix(errno));
1111 mode = dos_mode(conn, smb_fname);
1112 size = smb_fname->st.st_ex_size;
1114 if (ask_sharemode) {
1115 struct timespec write_time_ts;
1116 struct file_id fileid;
1118 ZERO_STRUCT(write_time_ts);
1119 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1120 get_file_infos(fileid, NULL, &write_time_ts);
1121 if (!null_timespec(write_time_ts)) {
1122 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1126 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1132 reply_outbuf(req, 10, 0);
1134 SSVAL(req->outbuf,smb_vwv0,mode);
1135 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1136 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1138 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1140 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1142 if (get_Protocol() >= PROTOCOL_NT1) {
1143 SSVAL(req->outbuf, smb_flg2,
1144 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1147 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1148 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1151 TALLOC_FREE(smb_fname);
1153 END_PROFILE(SMBgetatr);
1157 /****************************************************************************
1159 ****************************************************************************/
1161 void reply_setatr(struct smb_request *req)
1163 struct smb_file_time ft;
1164 connection_struct *conn = req->conn;
1165 struct smb_filename *smb_fname = NULL;
1171 TALLOC_CTX *ctx = talloc_tos();
1173 START_PROFILE(SMBsetatr);
1178 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1182 p = (const char *)req->buf + 1;
1183 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1184 if (!NT_STATUS_IS_OK(status)) {
1185 reply_nterror(req, status);
1189 status = filename_convert(ctx,
1191 req->flags2 & FLAGS2_DFS_PATHNAMES,
1196 if (!NT_STATUS_IS_OK(status)) {
1197 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1198 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1199 ERRSRV, ERRbadpath);
1202 reply_nterror(req, status);
1206 if (smb_fname->base_name[0] == '.' &&
1207 smb_fname->base_name[1] == '\0') {
1209 * Not sure here is the right place to catch this
1210 * condition. Might be moved to somewhere else later -- vl
1212 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1216 mode = SVAL(req->vwv+0, 0);
1217 mtime = srv_make_unix_date3(req->vwv+1);
1219 ft.mtime = convert_time_t_to_timespec(mtime);
1220 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1221 if (!NT_STATUS_IS_OK(status)) {
1222 reply_nterror(req, status);
1226 if (mode != FILE_ATTRIBUTE_NORMAL) {
1227 if (VALID_STAT_OF_DIR(smb_fname->st))
1232 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1234 reply_nterror(req, map_nt_error_from_unix(errno));
1239 reply_outbuf(req, 0, 0);
1241 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1244 TALLOC_FREE(smb_fname);
1245 END_PROFILE(SMBsetatr);
1249 /****************************************************************************
1251 ****************************************************************************/
1253 void reply_dskattr(struct smb_request *req)
1255 connection_struct *conn = req->conn;
1256 uint64_t dfree,dsize,bsize;
1257 START_PROFILE(SMBdskattr);
1259 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1260 reply_nterror(req, map_nt_error_from_unix(errno));
1261 END_PROFILE(SMBdskattr);
1265 reply_outbuf(req, 5, 0);
1267 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1268 double total_space, free_space;
1269 /* we need to scale this to a number that DOS6 can handle. We
1270 use floating point so we can handle large drives on systems
1271 that don't have 64 bit integers
1273 we end up displaying a maximum of 2G to DOS systems
1275 total_space = dsize * (double)bsize;
1276 free_space = dfree * (double)bsize;
1278 dsize = (uint64_t)((total_space+63*512) / (64*512));
1279 dfree = (uint64_t)((free_space+63*512) / (64*512));
1281 if (dsize > 0xFFFF) dsize = 0xFFFF;
1282 if (dfree > 0xFFFF) dfree = 0xFFFF;
1284 SSVAL(req->outbuf,smb_vwv0,dsize);
1285 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1286 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1287 SSVAL(req->outbuf,smb_vwv3,dfree);
1289 SSVAL(req->outbuf,smb_vwv0,dsize);
1290 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1291 SSVAL(req->outbuf,smb_vwv2,512);
1292 SSVAL(req->outbuf,smb_vwv3,dfree);
1295 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1297 END_PROFILE(SMBdskattr);
1302 * Utility function to split the filename from the directory.
1304 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1305 char **fname_dir_out,
1306 char **fname_mask_out)
1308 const char *p = NULL;
1309 char *fname_dir = NULL;
1310 char *fname_mask = NULL;
1312 p = strrchr_m(fname_in, '/');
1314 fname_dir = talloc_strdup(ctx, ".");
1315 fname_mask = talloc_strdup(ctx, fname_in);
1317 fname_dir = talloc_strndup(ctx, fname_in,
1318 PTR_DIFF(p, fname_in));
1319 fname_mask = talloc_strdup(ctx, p+1);
1322 if (!fname_dir || !fname_mask) {
1323 TALLOC_FREE(fname_dir);
1324 TALLOC_FREE(fname_mask);
1325 return NT_STATUS_NO_MEMORY;
1328 *fname_dir_out = fname_dir;
1329 *fname_mask_out = fname_mask;
1330 return NT_STATUS_OK;
1333 /****************************************************************************
1335 Can be called from SMBsearch, SMBffirst or SMBfunique.
1336 ****************************************************************************/
1338 void reply_search(struct smb_request *req)
1340 connection_struct *conn = req->conn;
1342 const char *mask = NULL;
1343 char *directory = NULL;
1344 struct smb_filename *smb_fname = NULL;
1348 struct timespec date;
1350 unsigned int numentries = 0;
1351 unsigned int maxentries = 0;
1352 bool finished = False;
1357 bool check_descend = False;
1358 bool expect_close = False;
1360 bool mask_contains_wcard = False;
1361 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1362 TALLOC_CTX *ctx = talloc_tos();
1363 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1364 struct dptr_struct *dirptr = NULL;
1365 struct smbd_server_connection *sconn = smbd_server_conn;
1367 START_PROFILE(SMBsearch);
1370 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1374 if (lp_posix_pathnames()) {
1375 reply_unknown_new(req, req->cmd);
1379 /* If we were called as SMBffirst then we must expect close. */
1380 if(req->cmd == SMBffirst) {
1381 expect_close = True;
1384 reply_outbuf(req, 1, 3);
1385 maxentries = SVAL(req->vwv+0, 0);
1386 dirtype = SVAL(req->vwv+1, 0);
1387 p = (const char *)req->buf + 1;
1388 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1389 &nt_status, &mask_contains_wcard);
1390 if (!NT_STATUS_IS_OK(nt_status)) {
1391 reply_nterror(req, nt_status);
1396 status_len = SVAL(p, 0);
1399 /* dirtype &= ~aDIR; */
1401 if (status_len == 0) {
1402 nt_status = filename_convert(ctx, conn,
1403 req->flags2 & FLAGS2_DFS_PATHNAMES,
1405 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1406 &mask_contains_wcard,
1408 if (!NT_STATUS_IS_OK(nt_status)) {
1409 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1410 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1411 ERRSRV, ERRbadpath);
1414 reply_nterror(req, nt_status);
1418 directory = smb_fname->base_name;
1420 p = strrchr_m(directory,'/');
1421 if ((p != NULL) && (*directory != '/')) {
1423 directory = talloc_strndup(ctx, directory,
1424 PTR_DIFF(p, directory));
1427 directory = talloc_strdup(ctx,".");
1431 reply_nterror(req, NT_STATUS_NO_MEMORY);
1435 memset((char *)status,'\0',21);
1436 SCVAL(status,0,(dirtype & 0x1F));
1438 nt_status = dptr_create(conn,
1444 mask_contains_wcard,
1447 if (!NT_STATUS_IS_OK(nt_status)) {
1448 reply_nterror(req, nt_status);
1451 dptr_num = dptr_dnum(dirptr);
1454 const char *dirpath;
1456 memcpy(status,p,21);
1457 status_dirtype = CVAL(status,0) & 0x1F;
1458 if (status_dirtype != (dirtype & 0x1F)) {
1459 dirtype = status_dirtype;
1462 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1466 dirpath = dptr_path(sconn, dptr_num);
1467 directory = talloc_strdup(ctx, dirpath);
1469 reply_nterror(req, NT_STATUS_NO_MEMORY);
1473 mask = dptr_wcard(sconn, dptr_num);
1478 * For a 'continue' search we have no string. So
1479 * check from the initial saved string.
1481 mask_contains_wcard = ms_has_wild(mask);
1482 dirtype = dptr_attr(sconn, dptr_num);
1485 DEBUG(4,("dptr_num is %d\n",dptr_num));
1487 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1488 dptr_init_search_op(dirptr);
1490 if ((dirtype&0x1F) == aVOLID) {
1491 char buf[DIR_STRUCT_SIZE];
1492 memcpy(buf,status,21);
1493 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1494 0,aVOLID,0,!allow_long_path_components)) {
1495 reply_nterror(req, NT_STATUS_NO_MEMORY);
1498 dptr_fill(sconn, buf+12,dptr_num);
1499 if (dptr_zero(buf+12) && (status_len==0)) {
1504 if (message_push_blob(&req->outbuf,
1505 data_blob_const(buf, sizeof(buf)))
1507 reply_nterror(req, NT_STATUS_NO_MEMORY);
1515 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1518 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1519 directory,lp_dontdescend(SNUM(conn))));
1520 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1521 check_descend = True;
1524 for (i=numentries;(i<maxentries) && !finished;i++) {
1525 finished = !get_dir_entry(ctx,
1536 char buf[DIR_STRUCT_SIZE];
1537 memcpy(buf,status,21);
1538 if (!make_dir_struct(ctx,
1544 convert_timespec_to_time_t(date),
1545 !allow_long_path_components)) {
1546 reply_nterror(req, NT_STATUS_NO_MEMORY);
1549 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1552 if (message_push_blob(&req->outbuf,
1553 data_blob_const(buf, sizeof(buf)))
1555 reply_nterror(req, NT_STATUS_NO_MEMORY);
1565 /* If we were called as SMBffirst with smb_search_id == NULL
1566 and no entries were found then return error and close dirptr
1569 if (numentries == 0) {
1570 dptr_close(sconn, &dptr_num);
1571 } else if(expect_close && status_len == 0) {
1572 /* Close the dptr - we know it's gone */
1573 dptr_close(sconn, &dptr_num);
1576 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1577 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1578 dptr_close(sconn, &dptr_num);
1581 if ((numentries == 0) && !mask_contains_wcard) {
1582 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1586 SSVAL(req->outbuf,smb_vwv0,numentries);
1587 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1588 SCVAL(smb_buf(req->outbuf),0,5);
1589 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1591 /* The replies here are never long name. */
1592 SSVAL(req->outbuf, smb_flg2,
1593 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1594 if (!allow_long_path_components) {
1595 SSVAL(req->outbuf, smb_flg2,
1596 SVAL(req->outbuf, smb_flg2)
1597 & (~FLAGS2_LONG_PATH_COMPONENTS));
1600 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1601 SSVAL(req->outbuf, smb_flg2,
1602 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1604 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1605 smb_fn_name(req->cmd),
1612 TALLOC_FREE(directory);
1613 TALLOC_FREE(smb_fname);
1614 END_PROFILE(SMBsearch);
1618 /****************************************************************************
1619 Reply to a fclose (stop directory search).
1620 ****************************************************************************/
1622 void reply_fclose(struct smb_request *req)
1630 bool path_contains_wcard = False;
1631 TALLOC_CTX *ctx = talloc_tos();
1632 struct smbd_server_connection *sconn = smbd_server_conn;
1634 START_PROFILE(SMBfclose);
1636 if (lp_posix_pathnames()) {
1637 reply_unknown_new(req, req->cmd);
1638 END_PROFILE(SMBfclose);
1642 p = (const char *)req->buf + 1;
1643 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1644 &err, &path_contains_wcard);
1645 if (!NT_STATUS_IS_OK(err)) {
1646 reply_nterror(req, err);
1647 END_PROFILE(SMBfclose);
1651 status_len = SVAL(p,0);
1654 if (status_len == 0) {
1655 reply_doserror(req, ERRSRV, ERRsrverror);
1656 END_PROFILE(SMBfclose);
1660 memcpy(status,p,21);
1662 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1663 /* Close the dptr - we know it's gone */
1664 dptr_close(sconn, &dptr_num);
1667 reply_outbuf(req, 1, 0);
1668 SSVAL(req->outbuf,smb_vwv0,0);
1670 DEBUG(3,("search close\n"));
1672 END_PROFILE(SMBfclose);
1676 /****************************************************************************
1678 ****************************************************************************/
1680 void reply_open(struct smb_request *req)
1682 connection_struct *conn = req->conn;
1683 struct smb_filename *smb_fname = NULL;
1695 uint32 create_disposition;
1696 uint32 create_options = 0;
1698 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1699 TALLOC_CTX *ctx = talloc_tos();
1701 START_PROFILE(SMBopen);
1704 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1708 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1709 deny_mode = SVAL(req->vwv+0, 0);
1710 dos_attr = SVAL(req->vwv+1, 0);
1712 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1713 STR_TERMINATE, &status);
1714 if (!NT_STATUS_IS_OK(status)) {
1715 reply_nterror(req, status);
1719 status = filename_convert(ctx,
1721 req->flags2 & FLAGS2_DFS_PATHNAMES,
1726 if (!NT_STATUS_IS_OK(status)) {
1727 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1728 reply_botherror(req,
1729 NT_STATUS_PATH_NOT_COVERED,
1730 ERRSRV, ERRbadpath);
1733 reply_nterror(req, status);
1737 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1738 OPENX_FILE_EXISTS_OPEN, &access_mask,
1739 &share_mode, &create_disposition,
1741 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1745 status = SMB_VFS_CREATE_FILE(
1748 0, /* root_dir_fid */
1749 smb_fname, /* fname */
1750 access_mask, /* access_mask */
1751 share_mode, /* share_access */
1752 create_disposition, /* create_disposition*/
1753 create_options, /* create_options */
1754 dos_attr, /* file_attributes */
1755 oplock_request, /* oplock_request */
1756 0, /* allocation_size */
1762 if (!NT_STATUS_IS_OK(status)) {
1763 if (open_was_deferred(req->mid)) {
1764 /* We have re-scheduled this call. */
1767 reply_openerror(req, status);
1771 size = smb_fname->st.st_ex_size;
1772 fattr = dos_mode(conn, smb_fname);
1774 /* Deal with other possible opens having a modified
1776 if (ask_sharemode) {
1777 struct timespec write_time_ts;
1779 ZERO_STRUCT(write_time_ts);
1780 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1781 if (!null_timespec(write_time_ts)) {
1782 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1786 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1789 DEBUG(3,("attempt to open a directory %s\n",
1791 close_file(req, fsp, ERROR_CLOSE);
1792 reply_doserror(req, ERRDOS,ERRnoaccess);
1796 reply_outbuf(req, 7, 0);
1797 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1798 SSVAL(req->outbuf,smb_vwv1,fattr);
1799 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1800 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1802 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1804 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1805 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1807 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1808 SCVAL(req->outbuf,smb_flg,
1809 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1812 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1813 SCVAL(req->outbuf,smb_flg,
1814 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1817 TALLOC_FREE(smb_fname);
1818 END_PROFILE(SMBopen);
1822 /****************************************************************************
1823 Reply to an open and X.
1824 ****************************************************************************/
1826 void reply_open_and_X(struct smb_request *req)
1828 connection_struct *conn = req->conn;
1829 struct smb_filename *smb_fname = NULL;
1834 /* Breakout the oplock request bits so we can set the
1835 reply bits separately. */
1836 int ex_oplock_request;
1837 int core_oplock_request;
1840 int smb_sattr = SVAL(req->vwv+4, 0);
1841 uint32 smb_time = make_unix_date3(req->vwv+6);
1849 uint64_t allocation_size;
1850 ssize_t retval = -1;
1853 uint32 create_disposition;
1854 uint32 create_options = 0;
1855 TALLOC_CTX *ctx = talloc_tos();
1857 START_PROFILE(SMBopenX);
1859 if (req->wct < 15) {
1860 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1864 open_flags = SVAL(req->vwv+2, 0);
1865 deny_mode = SVAL(req->vwv+3, 0);
1866 smb_attr = SVAL(req->vwv+5, 0);
1867 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1868 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1869 oplock_request = ex_oplock_request | core_oplock_request;
1870 smb_ofun = SVAL(req->vwv+8, 0);
1871 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1873 /* If it's an IPC, pass off the pipe handler. */
1875 if (lp_nt_pipe_support()) {
1876 reply_open_pipe_and_X(conn, req);
1878 reply_doserror(req, ERRSRV, ERRaccess);
1883 /* XXXX we need to handle passed times, sattr and flags */
1884 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1885 STR_TERMINATE, &status);
1886 if (!NT_STATUS_IS_OK(status)) {
1887 reply_nterror(req, status);
1891 status = filename_convert(ctx,
1893 req->flags2 & FLAGS2_DFS_PATHNAMES,
1898 if (!NT_STATUS_IS_OK(status)) {
1899 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1900 reply_botherror(req,
1901 NT_STATUS_PATH_NOT_COVERED,
1902 ERRSRV, ERRbadpath);
1905 reply_nterror(req, status);
1909 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1910 &access_mask, &share_mode,
1911 &create_disposition,
1913 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1917 status = SMB_VFS_CREATE_FILE(
1920 0, /* root_dir_fid */
1921 smb_fname, /* fname */
1922 access_mask, /* access_mask */
1923 share_mode, /* share_access */
1924 create_disposition, /* create_disposition*/
1925 create_options, /* create_options */
1926 smb_attr, /* file_attributes */
1927 oplock_request, /* oplock_request */
1928 0, /* allocation_size */
1932 &smb_action); /* pinfo */
1934 if (!NT_STATUS_IS_OK(status)) {
1935 if (open_was_deferred(req->mid)) {
1936 /* We have re-scheduled this call. */
1939 reply_openerror(req, status);
1943 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1944 if the file is truncated or created. */
1945 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1946 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1947 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1948 close_file(req, fsp, ERROR_CLOSE);
1949 reply_nterror(req, NT_STATUS_DISK_FULL);
1952 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1954 close_file(req, fsp, ERROR_CLOSE);
1955 reply_nterror(req, NT_STATUS_DISK_FULL);
1958 smb_fname->st.st_ex_size =
1959 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1962 fattr = dos_mode(conn, smb_fname);
1963 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1965 close_file(req, fsp, ERROR_CLOSE);
1966 reply_doserror(req, ERRDOS, ERRnoaccess);
1970 /* If the caller set the extended oplock request bit
1971 and we granted one (by whatever means) - set the
1972 correct bit for extended oplock reply.
1975 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1976 smb_action |= EXTENDED_OPLOCK_GRANTED;
1979 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1980 smb_action |= EXTENDED_OPLOCK_GRANTED;
1983 /* If the caller set the core oplock request bit
1984 and we granted one (by whatever means) - set the
1985 correct bit for core oplock reply.
1988 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1989 reply_outbuf(req, 19, 0);
1991 reply_outbuf(req, 15, 0);
1994 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1995 SCVAL(req->outbuf, smb_flg,
1996 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1999 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2000 SCVAL(req->outbuf, smb_flg,
2001 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2004 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2005 SSVAL(req->outbuf,smb_vwv3,fattr);
2006 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2007 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2009 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2011 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2012 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2013 SSVAL(req->outbuf,smb_vwv11,smb_action);
2015 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2016 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
2021 TALLOC_FREE(smb_fname);
2022 END_PROFILE(SMBopenX);
2026 /****************************************************************************
2027 Reply to a SMBulogoffX.
2028 ****************************************************************************/
2030 void reply_ulogoffX(struct smb_request *req)
2032 struct smbd_server_connection *sconn = smbd_server_conn;
2035 START_PROFILE(SMBulogoffX);
2037 vuser = get_valid_user_struct(sconn, req->vuid);
2040 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2044 /* in user level security we are supposed to close any files
2045 open by this user */
2046 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2047 file_close_user(req->vuid);
2050 invalidate_vuid(sconn, req->vuid);
2052 reply_outbuf(req, 2, 0);
2054 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2056 END_PROFILE(SMBulogoffX);
2057 req->vuid = UID_FIELD_INVALID;
2061 /****************************************************************************
2062 Reply to a mknew or a create.
2063 ****************************************************************************/
2065 void reply_mknew(struct smb_request *req)
2067 connection_struct *conn = req->conn;
2068 struct smb_filename *smb_fname = NULL;
2071 struct smb_file_time ft;
2073 int oplock_request = 0;
2075 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2076 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2077 uint32 create_disposition;
2078 uint32 create_options = 0;
2079 TALLOC_CTX *ctx = talloc_tos();
2081 START_PROFILE(SMBcreate);
2085 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2089 fattr = SVAL(req->vwv+0, 0);
2090 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2093 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2095 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2096 STR_TERMINATE, &status);
2097 if (!NT_STATUS_IS_OK(status)) {
2098 reply_nterror(req, status);
2102 status = filename_convert(ctx,
2104 req->flags2 & FLAGS2_DFS_PATHNAMES,
2109 if (!NT_STATUS_IS_OK(status)) {
2110 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2111 reply_botherror(req,
2112 NT_STATUS_PATH_NOT_COVERED,
2113 ERRSRV, ERRbadpath);
2116 reply_nterror(req, status);
2120 if (fattr & aVOLID) {
2121 DEBUG(0,("Attempt to create file (%s) with volid set - "
2122 "please report this\n",
2123 smb_fname_str_dbg(smb_fname)));
2126 if(req->cmd == SMBmknew) {
2127 /* We should fail if file exists. */
2128 create_disposition = FILE_CREATE;
2130 /* Create if file doesn't exist, truncate if it does. */
2131 create_disposition = FILE_OVERWRITE_IF;
2134 status = SMB_VFS_CREATE_FILE(
2137 0, /* root_dir_fid */
2138 smb_fname, /* fname */
2139 access_mask, /* access_mask */
2140 share_mode, /* share_access */
2141 create_disposition, /* create_disposition*/
2142 create_options, /* create_options */
2143 fattr, /* file_attributes */
2144 oplock_request, /* oplock_request */
2145 0, /* allocation_size */
2151 if (!NT_STATUS_IS_OK(status)) {
2152 if (open_was_deferred(req->mid)) {
2153 /* We have re-scheduled this call. */
2156 reply_openerror(req, status);
2160 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2161 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2162 if (!NT_STATUS_IS_OK(status)) {
2163 END_PROFILE(SMBcreate);
2167 reply_outbuf(req, 1, 0);
2168 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2170 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2171 SCVAL(req->outbuf,smb_flg,
2172 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2175 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2176 SCVAL(req->outbuf,smb_flg,
2177 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2180 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2181 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2182 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2183 (unsigned int)fattr));
2186 TALLOC_FREE(smb_fname);
2187 END_PROFILE(SMBcreate);
2191 /****************************************************************************
2192 Reply to a create temporary file.
2193 ****************************************************************************/
2195 void reply_ctemp(struct smb_request *req)
2197 connection_struct *conn = req->conn;
2198 struct smb_filename *smb_fname = NULL;
2206 TALLOC_CTX *ctx = talloc_tos();
2208 START_PROFILE(SMBctemp);
2211 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2215 fattr = SVAL(req->vwv+0, 0);
2216 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2218 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2219 STR_TERMINATE, &status);
2220 if (!NT_STATUS_IS_OK(status)) {
2221 reply_nterror(req, status);
2225 fname = talloc_asprintf(ctx,
2229 fname = talloc_strdup(ctx, "TMXXXXXX");
2233 reply_nterror(req, NT_STATUS_NO_MEMORY);
2237 status = filename_convert(ctx, conn,
2238 req->flags2 & FLAGS2_DFS_PATHNAMES,
2243 if (!NT_STATUS_IS_OK(status)) {
2244 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2245 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2246 ERRSRV, ERRbadpath);
2249 reply_nterror(req, status);
2253 tmpfd = mkstemp(smb_fname->base_name);
2255 reply_nterror(req, map_nt_error_from_unix(errno));
2259 SMB_VFS_STAT(conn, smb_fname);
2261 /* We should fail if file does not exist. */
2262 status = SMB_VFS_CREATE_FILE(
2265 0, /* root_dir_fid */
2266 smb_fname, /* fname */
2267 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2268 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2269 FILE_OPEN, /* create_disposition*/
2270 0, /* create_options */
2271 fattr, /* file_attributes */
2272 oplock_request, /* oplock_request */
2273 0, /* allocation_size */
2279 /* close fd from mkstemp() */
2282 if (!NT_STATUS_IS_OK(status)) {
2283 if (open_was_deferred(req->mid)) {
2284 /* We have re-scheduled this call. */
2287 reply_openerror(req, status);
2291 reply_outbuf(req, 1, 0);
2292 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2294 /* the returned filename is relative to the directory */
2295 s = strrchr_m(fsp->fsp_name->base_name, '/');
2297 s = fsp->fsp_name->base_name;
2303 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2304 thing in the byte section. JRA */
2305 SSVALS(p, 0, -1); /* what is this? not in spec */
2307 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2309 reply_nterror(req, NT_STATUS_NO_MEMORY);
2313 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2314 SCVAL(req->outbuf, smb_flg,
2315 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2318 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2319 SCVAL(req->outbuf, smb_flg,
2320 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2323 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2324 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2325 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2327 TALLOC_FREE(smb_fname);
2328 END_PROFILE(SMBctemp);
2332 /*******************************************************************
2333 Check if a user is allowed to rename a file.
2334 ********************************************************************/
2336 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2341 if (!CAN_WRITE(conn)) {
2342 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2345 fmode = dos_mode(conn, fsp->fsp_name);
2346 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2347 return NT_STATUS_NO_SUCH_FILE;
2350 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2351 if (fsp->posix_open) {
2352 return NT_STATUS_OK;
2355 /* If no pathnames are open below this
2356 directory, allow the rename. */
2358 if (file_find_subpath(fsp)) {
2359 return NT_STATUS_ACCESS_DENIED;
2361 return NT_STATUS_OK;
2364 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2365 return NT_STATUS_OK;
2368 return NT_STATUS_ACCESS_DENIED;
2371 /*******************************************************************
2372 * unlink a file with all relevant access checks
2373 *******************************************************************/
2375 static NTSTATUS do_unlink(connection_struct *conn,
2376 struct smb_request *req,
2377 struct smb_filename *smb_fname,
2382 uint32 dirtype_orig = dirtype;
2385 bool posix_paths = lp_posix_pathnames();
2387 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2388 smb_fname_str_dbg(smb_fname),
2391 if (!CAN_WRITE(conn)) {
2392 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2396 ret = SMB_VFS_LSTAT(conn, smb_fname);
2398 ret = SMB_VFS_LSTAT(conn, smb_fname);
2401 return map_nt_error_from_unix(errno);
2404 fattr = dos_mode(conn, smb_fname);
2406 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2407 dirtype = aDIR|aARCH|aRONLY;
2410 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2412 return NT_STATUS_NO_SUCH_FILE;
2415 if (!dir_check_ftype(conn, fattr, dirtype)) {
2417 return NT_STATUS_FILE_IS_A_DIRECTORY;
2419 return NT_STATUS_NO_SUCH_FILE;
2422 if (dirtype_orig & 0x8000) {
2423 /* These will never be set for POSIX. */
2424 return NT_STATUS_NO_SUCH_FILE;
2428 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2429 return NT_STATUS_FILE_IS_A_DIRECTORY;
2432 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2433 return NT_STATUS_NO_SUCH_FILE;
2436 if (dirtype & 0xFF00) {
2437 /* These will never be set for POSIX. */
2438 return NT_STATUS_NO_SUCH_FILE;
2443 return NT_STATUS_NO_SUCH_FILE;
2446 /* Can't delete a directory. */
2448 return NT_STATUS_FILE_IS_A_DIRECTORY;
2453 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2454 return NT_STATUS_OBJECT_NAME_INVALID;
2455 #endif /* JRATEST */
2457 /* On open checks the open itself will check the share mode, so
2458 don't do it here as we'll get it wrong. */
2460 status = SMB_VFS_CREATE_FILE
2463 0, /* root_dir_fid */
2464 smb_fname, /* fname */
2465 DELETE_ACCESS, /* access_mask */
2466 FILE_SHARE_NONE, /* share_access */
2467 FILE_OPEN, /* create_disposition*/
2468 FILE_NON_DIRECTORY_FILE, /* create_options */
2469 /* file_attributes */
2470 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2471 FILE_ATTRIBUTE_NORMAL,
2472 0, /* oplock_request */
2473 0, /* allocation_size */
2479 if (!NT_STATUS_IS_OK(status)) {
2480 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2481 nt_errstr(status)));
2485 status = can_set_delete_on_close(fsp, fattr);
2486 if (!NT_STATUS_IS_OK(status)) {
2487 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2489 smb_fname_str_dbg(smb_fname),
2490 nt_errstr(status)));
2491 close_file(req, fsp, NORMAL_CLOSE);
2495 /* The set is across all open files on this dev/inode pair. */
2496 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2497 close_file(req, fsp, NORMAL_CLOSE);
2498 return NT_STATUS_ACCESS_DENIED;
2501 return close_file(req, fsp, NORMAL_CLOSE);
2504 /****************************************************************************
2505 The guts of the unlink command, split out so it may be called by the NT SMB
2507 ****************************************************************************/
2509 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2510 uint32 dirtype, struct smb_filename *smb_fname,
2513 char *fname_dir = NULL;
2514 char *fname_mask = NULL;
2516 NTSTATUS status = NT_STATUS_OK;
2517 TALLOC_CTX *ctx = talloc_tos();
2519 /* Split up the directory from the filename/mask. */
2520 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2521 &fname_dir, &fname_mask);
2522 if (!NT_STATUS_IS_OK(status)) {
2527 * We should only check the mangled cache
2528 * here if unix_convert failed. This means
2529 * that the path in 'mask' doesn't exist
2530 * on the file system and so we need to look
2531 * for a possible mangle. This patch from
2532 * Tine Smukavec <valentin.smukavec@hermes.si>.
2535 if (!VALID_STAT(smb_fname->st) &&
2536 mangle_is_mangled(fname_mask, conn->params)) {
2537 char *new_mask = NULL;
2538 mangle_lookup_name_from_8_3(ctx, fname_mask,
2539 &new_mask, conn->params);
2541 TALLOC_FREE(fname_mask);
2542 fname_mask = new_mask;
2549 * Only one file needs to be unlinked. Append the mask back
2550 * onto the directory.
2552 TALLOC_FREE(smb_fname->base_name);
2553 smb_fname->base_name = talloc_asprintf(smb_fname,
2557 if (!smb_fname->base_name) {
2558 status = NT_STATUS_NO_MEMORY;
2562 dirtype = FILE_ATTRIBUTE_NORMAL;
2565 status = check_name(conn, smb_fname->base_name);
2566 if (!NT_STATUS_IS_OK(status)) {
2570 status = do_unlink(conn, req, smb_fname, dirtype);
2571 if (!NT_STATUS_IS_OK(status)) {
2577 struct smb_Dir *dir_hnd = NULL;
2579 const char *dname = NULL;
2580 char *talloced = NULL;
2582 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2583 status = NT_STATUS_OBJECT_NAME_INVALID;
2587 if (strequal(fname_mask,"????????.???")) {
2588 TALLOC_FREE(fname_mask);
2589 fname_mask = talloc_strdup(ctx, "*");
2591 status = NT_STATUS_NO_MEMORY;
2596 status = check_name(conn, fname_dir);
2597 if (!NT_STATUS_IS_OK(status)) {
2601 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2603 if (dir_hnd == NULL) {
2604 status = map_nt_error_from_unix(errno);
2608 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2609 the pattern matches against the long name, otherwise the short name
2610 We don't implement this yet XXXX
2613 status = NT_STATUS_NO_SUCH_FILE;
2615 while ((dname = ReadDirName(dir_hnd, &offset,
2616 &smb_fname->st, &talloced))) {
2617 TALLOC_CTX *frame = talloc_stackframe();
2619 if (!is_visible_file(conn, fname_dir, dname,
2620 &smb_fname->st, true)) {
2622 TALLOC_FREE(talloced);
2626 /* Quick check for "." and ".." */
2627 if (ISDOT(dname) || ISDOTDOT(dname)) {
2629 TALLOC_FREE(talloced);
2633 if(!mask_match(dname, fname_mask,
2634 conn->case_sensitive)) {
2636 TALLOC_FREE(talloced);
2640 TALLOC_FREE(smb_fname->base_name);
2641 smb_fname->base_name =
2642 talloc_asprintf(smb_fname, "%s/%s",
2645 if (!smb_fname->base_name) {
2646 TALLOC_FREE(dir_hnd);
2647 status = NT_STATUS_NO_MEMORY;
2649 TALLOC_FREE(talloced);
2653 status = check_name(conn, smb_fname->base_name);
2654 if (!NT_STATUS_IS_OK(status)) {
2655 TALLOC_FREE(dir_hnd);
2657 TALLOC_FREE(talloced);
2661 status = do_unlink(conn, req, smb_fname, dirtype);
2662 if (!NT_STATUS_IS_OK(status)) {
2664 TALLOC_FREE(talloced);
2669 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2670 smb_fname->base_name));
2673 TALLOC_FREE(talloced);
2675 TALLOC_FREE(dir_hnd);
2678 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2679 status = map_nt_error_from_unix(errno);
2683 TALLOC_FREE(fname_dir);
2684 TALLOC_FREE(fname_mask);
2688 /****************************************************************************
2690 ****************************************************************************/
2692 void reply_unlink(struct smb_request *req)
2694 connection_struct *conn = req->conn;
2696 struct smb_filename *smb_fname = NULL;
2699 bool path_contains_wcard = False;
2700 TALLOC_CTX *ctx = talloc_tos();
2702 START_PROFILE(SMBunlink);
2705 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2709 dirtype = SVAL(req->vwv+0, 0);
2711 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2712 STR_TERMINATE, &status,
2713 &path_contains_wcard);
2714 if (!NT_STATUS_IS_OK(status)) {
2715 reply_nterror(req, status);
2719 status = filename_convert(ctx, conn,
2720 req->flags2 & FLAGS2_DFS_PATHNAMES,
2722 UCF_COND_ALLOW_WCARD_LCOMP,
2723 &path_contains_wcard,
2725 if (!NT_STATUS_IS_OK(status)) {
2726 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2727 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2728 ERRSRV, ERRbadpath);
2731 reply_nterror(req, status);
2735 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2737 status = unlink_internals(conn, req, dirtype, smb_fname,
2738 path_contains_wcard);
2739 if (!NT_STATUS_IS_OK(status)) {
2740 if (open_was_deferred(req->mid)) {
2741 /* We have re-scheduled this call. */
2744 reply_nterror(req, status);
2748 reply_outbuf(req, 0, 0);
2750 TALLOC_FREE(smb_fname);
2751 END_PROFILE(SMBunlink);
2755 /****************************************************************************
2757 ****************************************************************************/
2759 static void fail_readraw(void)
2761 const char *errstr = talloc_asprintf(talloc_tos(),
2762 "FAIL ! reply_readbraw: socket write fail (%s)",
2767 exit_server_cleanly(errstr);
2770 /****************************************************************************
2771 Fake (read/write) sendfile. Returns -1 on read or write fail.
2772 ****************************************************************************/
2774 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2778 size_t tosend = nread;
2785 bufsize = MIN(nread, 65536);
2787 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2791 while (tosend > 0) {
2795 if (tosend > bufsize) {
2800 ret = read_file(fsp,buf,startpos,cur_read);
2806 /* If we had a short read, fill with zeros. */
2807 if (ret < cur_read) {
2808 memset(buf + ret, '\0', cur_read - ret);
2811 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2816 startpos += cur_read;
2820 return (ssize_t)nread;
2823 #if defined(WITH_SENDFILE)
2824 /****************************************************************************
2825 Deal with the case of sendfile reading less bytes from the file than
2826 requested. Fill with zeros (all we can do).
2827 ****************************************************************************/
2829 static void sendfile_short_send(files_struct *fsp,
2834 #define SHORT_SEND_BUFSIZE 1024
2835 if (nread < headersize) {
2836 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2837 "header for file %s (%s). Terminating\n",
2838 fsp_str_dbg(fsp), strerror(errno)));
2839 exit_server_cleanly("sendfile_short_send failed");
2842 nread -= headersize;
2844 if (nread < smb_maxcnt) {
2845 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2847 exit_server_cleanly("sendfile_short_send: "
2851 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2852 "with zeros !\n", fsp_str_dbg(fsp)));
2854 while (nread < smb_maxcnt) {
2856 * We asked for the real file size and told sendfile
2857 * to not go beyond the end of the file. But it can
2858 * happen that in between our fstat call and the
2859 * sendfile call the file was truncated. This is very
2860 * bad because we have already announced the larger
2861 * number of bytes to the client.
2863 * The best we can do now is to send 0-bytes, just as
2864 * a read from a hole in a sparse file would do.
2866 * This should happen rarely enough that I don't care
2867 * about efficiency here :-)
2871 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2872 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2873 exit_server_cleanly("sendfile_short_send: "
2874 "write_data failed");
2881 #endif /* defined WITH_SENDFILE */
2883 /****************************************************************************
2884 Return a readbraw error (4 bytes of zero).
2885 ****************************************************************************/
2887 static void reply_readbraw_error(void)
2891 if (write_data(smbd_server_fd(),header,4) != 4) {
2896 /****************************************************************************
2897 Use sendfile in readbraw.
2898 ****************************************************************************/
2900 static void send_file_readbraw(connection_struct *conn,
2901 struct smb_request *req,
2907 char *outbuf = NULL;
2910 #if defined(WITH_SENDFILE)
2912 * We can only use sendfile on a non-chained packet
2913 * but we can use on a non-oplocked file. tridge proved this
2914 * on a train in Germany :-). JRA.
2915 * reply_readbraw has already checked the length.
2918 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2919 (fsp->wcp == NULL) &&
2920 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
2921 ssize_t sendfile_read = -1;
2923 DATA_BLOB header_blob;
2925 _smb_setlen(header,nread);
2926 header_blob = data_blob_const(header, 4);
2928 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2929 &header_blob, startpos, nread)) == -1) {
2930 /* Returning ENOSYS means no data at all was sent.
2931 * Do this as a normal read. */
2932 if (errno == ENOSYS) {
2933 goto normal_readbraw;
2937 * Special hack for broken Linux with no working sendfile. If we
2938 * return EINTR we sent the header but not the rest of the data.
2939 * Fake this up by doing read/write calls.
2941 if (errno == EINTR) {
2942 /* Ensure we don't do this again. */
2943 set_use_sendfile(SNUM(conn), False);
2944 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2946 if (fake_sendfile(fsp, startpos, nread) == -1) {
2947 DEBUG(0,("send_file_readbraw: "
2948 "fake_sendfile failed for "
2952 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2957 DEBUG(0,("send_file_readbraw: sendfile failed for "
2958 "file %s (%s). Terminating\n",
2959 fsp_str_dbg(fsp), strerror(errno)));
2960 exit_server_cleanly("send_file_readbraw sendfile failed");
2961 } else if (sendfile_read == 0) {
2963 * Some sendfile implementations return 0 to indicate
2964 * that there was a short read, but nothing was
2965 * actually written to the socket. In this case,
2966 * fallback to the normal read path so the header gets
2967 * the correct byte count.
2969 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2970 "bytes falling back to the normal read: "
2971 "%s\n", fsp_str_dbg(fsp)));
2972 goto normal_readbraw;
2975 /* Deal with possible short send. */
2976 if (sendfile_read != 4+nread) {
2977 sendfile_short_send(fsp, sendfile_read, 4, nread);
2985 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2987 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2988 (unsigned)(nread+4)));
2989 reply_readbraw_error();
2994 ret = read_file(fsp,outbuf+4,startpos,nread);
2995 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3004 _smb_setlen(outbuf,ret);
3005 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
3008 TALLOC_FREE(outbuf);
3011 /****************************************************************************
3012 Reply to a readbraw (core+ protocol).
3013 ****************************************************************************/
3015 void reply_readbraw(struct smb_request *req)
3017 connection_struct *conn = req->conn;
3018 ssize_t maxcount,mincount;
3022 struct lock_struct lock;
3025 START_PROFILE(SMBreadbraw);
3027 if (srv_is_signing_active(smbd_server_conn) ||
3028 is_encrypted_packet(req->inbuf)) {
3029 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3030 "raw reads/writes are disallowed.");
3034 reply_readbraw_error();
3035 END_PROFILE(SMBreadbraw);
3040 * Special check if an oplock break has been issued
3041 * and the readraw request croses on the wire, we must
3042 * return a zero length response here.
3045 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3048 * We have to do a check_fsp by hand here, as
3049 * we must always return 4 zero bytes on error,
3053 if (!fsp || !conn || conn != fsp->conn ||
3054 req->vuid != fsp->vuid ||
3055 fsp->is_directory || fsp->fh->fd == -1) {
3057 * fsp could be NULL here so use the value from the packet. JRA.
3059 DEBUG(3,("reply_readbraw: fnum %d not valid "
3061 (int)SVAL(req->vwv+0, 0)));
3062 reply_readbraw_error();
3063 END_PROFILE(SMBreadbraw);
3067 /* Do a "by hand" version of CHECK_READ. */
3068 if (!(fsp->can_read ||
3069 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3070 (fsp->access_mask & FILE_EXECUTE)))) {
3071 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3072 (int)SVAL(req->vwv+0, 0)));
3073 reply_readbraw_error();
3074 END_PROFILE(SMBreadbraw);
3078 flush_write_cache(fsp, READRAW_FLUSH);
3080 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3081 if(req->wct == 10) {
3083 * This is a large offset (64 bit) read.
3085 #ifdef LARGE_SMB_OFF_T
3087 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3089 #else /* !LARGE_SMB_OFF_T */
3092 * Ensure we haven't been sent a >32 bit offset.
3095 if(IVAL(req->vwv+8, 0) != 0) {
3096 DEBUG(0,("reply_readbraw: large offset "
3097 "(%x << 32) used and we don't support "
3098 "64 bit offsets.\n",
3099 (unsigned int)IVAL(req->vwv+8, 0) ));
3100 reply_readbraw_error();
3101 END_PROFILE(SMBreadbraw);
3105 #endif /* LARGE_SMB_OFF_T */
3108 DEBUG(0,("reply_readbraw: negative 64 bit "
3109 "readraw offset (%.0f) !\n",
3110 (double)startpos ));
3111 reply_readbraw_error();
3112 END_PROFILE(SMBreadbraw);
3117 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3118 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3120 /* ensure we don't overrun the packet size */
3121 maxcount = MIN(65535,maxcount);
3123 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3124 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3127 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3128 reply_readbraw_error();
3129 END_PROFILE(SMBreadbraw);
3133 if (fsp_stat(fsp) == 0) {
3134 size = fsp->fsp_name->st.st_ex_size;
3137 if (startpos >= size) {
3140 nread = MIN(maxcount,(size - startpos));
3143 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3144 if (nread < mincount)
3148 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3149 "min=%lu nread=%lu\n",
3150 fsp->fnum, (double)startpos,
3151 (unsigned long)maxcount,
3152 (unsigned long)mincount,
3153 (unsigned long)nread ) );
3155 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3157 DEBUG(5,("reply_readbraw finished\n"));
3159 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3161 END_PROFILE(SMBreadbraw);
3166 #define DBGC_CLASS DBGC_LOCKING
3168 /****************************************************************************
3169 Reply to a lockread (core+ protocol).
3170 ****************************************************************************/
3172 void reply_lockread(struct smb_request *req)
3174 connection_struct *conn = req->conn;
3181 struct byte_range_lock *br_lck = NULL;
3183 struct smbd_server_connection *sconn = smbd_server_conn;
3185 START_PROFILE(SMBlockread);
3188 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3189 END_PROFILE(SMBlockread);
3193 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3195 if (!check_fsp(conn, req, fsp)) {
3196 END_PROFILE(SMBlockread);
3200 if (!CHECK_READ(fsp,req)) {
3201 reply_doserror(req, ERRDOS, ERRbadaccess);
3202 END_PROFILE(SMBlockread);
3206 numtoread = SVAL(req->vwv+1, 0);
3207 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3209 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3211 reply_outbuf(req, 5, numtoread + 3);
3213 data = smb_buf(req->outbuf) + 3;
3216 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3217 * protocol request that predates the read/write lock concept.
3218 * Thus instead of asking for a read lock here we need to ask
3219 * for a write lock. JRA.
3220 * Note that the requested lock size is unaffected by max_recv.
3223 br_lck = do_lock(smbd_messaging_context(),
3226 (uint64_t)numtoread,
3230 False, /* Non-blocking lock. */
3234 TALLOC_FREE(br_lck);
3236 if (NT_STATUS_V(status)) {
3237 reply_nterror(req, status);
3238 END_PROFILE(SMBlockread);
3243 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3246 if (numtoread > sconn->smb1.negprot.max_recv) {
3247 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3248 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3249 (unsigned int)numtoread,
3250 (unsigned int)sconn->smb1.negprot.max_recv));
3251 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3253 nread = read_file(fsp,data,startpos,numtoread);
3256 reply_nterror(req, map_nt_error_from_unix(errno));
3257 END_PROFILE(SMBlockread);
3261 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3263 SSVAL(req->outbuf,smb_vwv0,nread);
3264 SSVAL(req->outbuf,smb_vwv5,nread+3);
3265 p = smb_buf(req->outbuf);
3266 SCVAL(p,0,0); /* pad byte. */
3269 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3270 fsp->fnum, (int)numtoread, (int)nread));
3272 END_PROFILE(SMBlockread);
3277 #define DBGC_CLASS DBGC_ALL
3279 /****************************************************************************
3281 ****************************************************************************/
3283 void reply_read(struct smb_request *req)
3285 connection_struct *conn = req->conn;
3292 struct lock_struct lock;
3293 struct smbd_server_connection *sconn = smbd_server_conn;
3295 START_PROFILE(SMBread);
3298 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3299 END_PROFILE(SMBread);
3303 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3305 if (!check_fsp(conn, req, fsp)) {
3306 END_PROFILE(SMBread);
3310 if (!CHECK_READ(fsp,req)) {
3311 reply_doserror(req, ERRDOS, ERRbadaccess);
3312 END_PROFILE(SMBread);
3316 numtoread = SVAL(req->vwv+1, 0);
3317 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3319 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3322 * The requested read size cannot be greater than max_recv. JRA.
3324 if (numtoread > sconn->smb1.negprot.max_recv) {
3325 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3326 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3327 (unsigned int)numtoread,
3328 (unsigned int)sconn->smb1.negprot.max_recv));
3329 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3332 reply_outbuf(req, 5, numtoread+3);
3334 data = smb_buf(req->outbuf) + 3;
3336 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3337 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3340 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3341 reply_doserror(req, ERRDOS,ERRlock);
3342 END_PROFILE(SMBread);
3347 nread = read_file(fsp,data,startpos,numtoread);
3350 reply_nterror(req, map_nt_error_from_unix(errno));
3354 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3356 SSVAL(req->outbuf,smb_vwv0,nread);
3357 SSVAL(req->outbuf,smb_vwv5,nread+3);
3358 SCVAL(smb_buf(req->outbuf),0,1);
3359 SSVAL(smb_buf(req->outbuf),1,nread);
3361 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3362 fsp->fnum, (int)numtoread, (int)nread ) );
3365 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3367 END_PROFILE(SMBread);
3371 /****************************************************************************
3373 ****************************************************************************/
3375 static int setup_readX_header(struct smb_request *req, char *outbuf,
3381 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3382 data = smb_buf(outbuf);
3384 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3386 SCVAL(outbuf,smb_vwv0,0xFF);
3387 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3388 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3389 SSVAL(outbuf,smb_vwv6,
3391 + 1 /* the wct field */
3392 + 12 * sizeof(uint16_t) /* vwv */
3393 + 2); /* the buflen field */
3394 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3395 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3396 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3397 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3401 /****************************************************************************
3402 Reply to a read and X - possibly using sendfile.
3403 ****************************************************************************/
3405 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3406 files_struct *fsp, SMB_OFF_T startpos,
3410 struct lock_struct lock;
3411 int saved_errno = 0;
3413 if(fsp_stat(fsp) == -1) {
3414 reply_nterror(req, map_nt_error_from_unix(errno));
3418 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3419 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3422 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3423 reply_doserror(req, ERRDOS, ERRlock);
3427 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3428 (startpos > fsp->fsp_name->st.st_ex_size)
3429 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3431 * We already know that we would do a short read, so don't
3432 * try the sendfile() path.
3434 goto nosendfile_read;
3437 #if defined(WITH_SENDFILE)
3439 * We can only use sendfile on a non-chained packet
3440 * but we can use on a non-oplocked file. tridge proved this
3441 * on a train in Germany :-). JRA.
3444 if (!req_is_in_chain(req) &&
3445 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3446 (fsp->wcp == NULL) &&
3447 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
3448 uint8 headerbuf[smb_size + 12 * 2];
3452 * Set up the packet header before send. We
3453 * assume here the sendfile will work (get the
3454 * correct amount of data).
3457 header = data_blob_const(headerbuf, sizeof(headerbuf));
3459 construct_reply_common_req(req, (char *)headerbuf);
3460 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3462 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3463 /* Returning ENOSYS means no data at all was sent.
3464 Do this as a normal read. */
3465 if (errno == ENOSYS) {
3470 * Special hack for broken Linux with no working sendfile. If we
3471 * return EINTR we sent the header but not the rest of the data.
3472 * Fake this up by doing read/write calls.
3475 if (errno == EINTR) {
3476 /* Ensure we don't do this again. */
3477 set_use_sendfile(SNUM(conn), False);
3478 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3479 nread = fake_sendfile(fsp, startpos,
3482 DEBUG(0,("send_file_readX: "
3483 "fake_sendfile failed for "
3487 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3489 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3490 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3491 /* No outbuf here means successful sendfile. */
3495 DEBUG(0,("send_file_readX: sendfile failed for file "
3496 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3498 exit_server_cleanly("send_file_readX sendfile failed");
3499 } else if (nread == 0) {
3501 * Some sendfile implementations return 0 to indicate
3502 * that there was a short read, but nothing was
3503 * actually written to the socket. In this case,
3504 * fallback to the normal read path so the header gets
3505 * the correct byte count.
3507 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3508 "falling back to the normal read: %s\n",
3513 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3514 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3516 /* Deal with possible short send. */
3517 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3518 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3520 /* No outbuf here means successful sendfile. */
3521 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3522 SMB_PERFCOUNT_END(&req->pcd);
3530 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3531 uint8 headerbuf[smb_size + 2*12];
3533 construct_reply_common_req(req, (char *)headerbuf);
3534 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3536 /* Send out the header. */
3537 if (write_data(smbd_server_fd(), (char *)headerbuf,
3538 sizeof(headerbuf)) != sizeof(headerbuf)) {
3539 DEBUG(0,("send_file_readX: write_data failed for file "
3540 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3542 exit_server_cleanly("send_file_readX sendfile failed");
3544 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3546 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3547 "file %s (%s).\n", fsp_str_dbg(fsp),
3549 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3556 reply_outbuf(req, 12, smb_maxcnt);
3558 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3559 saved_errno = errno;
3561 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3564 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3568 setup_readX_header(req, (char *)req->outbuf, nread);
3570 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3571 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3577 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3578 TALLOC_FREE(req->outbuf);
3582 /****************************************************************************
3583 Reply to a read and X.
3584 ****************************************************************************/
3586 void reply_read_and_X(struct smb_request *req)
3588 connection_struct *conn = req->conn;
3592 bool big_readX = False;
3594 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3597 START_PROFILE(SMBreadX);
3599 if ((req->wct != 10) && (req->wct != 12)) {
3600 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3604 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3605 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3606 smb_maxcnt = SVAL(req->vwv+5, 0);
3608 /* If it's an IPC, pass off the pipe handler. */
3610 reply_pipe_read_and_X(req);
3611 END_PROFILE(SMBreadX);
3615 if (!check_fsp(conn, req, fsp)) {
3616 END_PROFILE(SMBreadX);
3620 if (!CHECK_READ(fsp,req)) {
3621 reply_doserror(req, ERRDOS,ERRbadaccess);
3622 END_PROFILE(SMBreadX);
3626 if (global_client_caps & CAP_LARGE_READX) {
3627 size_t upper_size = SVAL(req->vwv+7, 0);
3628 smb_maxcnt |= (upper_size<<16);
3629 if (upper_size > 1) {
3630 /* Can't do this on a chained packet. */
3631 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3632 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3633 END_PROFILE(SMBreadX);
3636 /* We currently don't do this on signed or sealed data. */
3637 if (srv_is_signing_active(smbd_server_conn) ||
3638 is_encrypted_packet(req->inbuf)) {
3639 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3640 END_PROFILE(SMBreadX);
3643 /* Is there room in the reply for this data ? */
3644 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3646 NT_STATUS_INVALID_PARAMETER);
3647 END_PROFILE(SMBreadX);
3654 if (req->wct == 12) {
3655 #ifdef LARGE_SMB_OFF_T
3657 * This is a large offset (64 bit) read.
3659 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3661 #else /* !LARGE_SMB_OFF_T */
3664 * Ensure we haven't been sent a >32 bit offset.
3667 if(IVAL(req->vwv+10, 0) != 0) {
3668 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3669 "used and we don't support 64 bit offsets.\n",
3670 (unsigned int)IVAL(req->vwv+10, 0) ));
3671 END_PROFILE(SMBreadX);
3672 reply_doserror(req, ERRDOS, ERRbadaccess);
3676 #endif /* LARGE_SMB_OFF_T */
3681 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3685 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3688 END_PROFILE(SMBreadX);
3692 /****************************************************************************
3693 Error replies to writebraw must have smb_wct == 1. Fix this up.
3694 ****************************************************************************/
3696 void error_to_writebrawerr(struct smb_request *req)
3698 uint8 *old_outbuf = req->outbuf;
3700 reply_outbuf(req, 1, 0);
3702 memcpy(req->outbuf, old_outbuf, smb_size);
3703 TALLOC_FREE(old_outbuf);
3706 /****************************************************************************
3707 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3708 ****************************************************************************/
3710 void reply_writebraw(struct smb_request *req)
3712 connection_struct *conn = req->conn;
3715 ssize_t total_written=0;
3716 size_t numtowrite=0;
3722 struct lock_struct lock;
3725 START_PROFILE(SMBwritebraw);
3728 * If we ever reply with an error, it must have the SMB command
3729 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3732 SCVAL(req->inbuf,smb_com,SMBwritec);
3734 if (srv_is_signing_active(smbd_server_conn)) {
3735 END_PROFILE(SMBwritebraw);
3736 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3737 "raw reads/writes are disallowed.");
3740 if (req->wct < 12) {
3741 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3742 error_to_writebrawerr(req);
3743 END_PROFILE(SMBwritebraw);
3747 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3748 if (!check_fsp(conn, req, fsp)) {
3749 error_to_writebrawerr(req);
3750 END_PROFILE(SMBwritebraw);
3754 if (!CHECK_WRITE(fsp)) {
3755 reply_doserror(req, ERRDOS, ERRbadaccess);
3756 error_to_writebrawerr(req);
3757 END_PROFILE(SMBwritebraw);
3761 tcount = IVAL(req->vwv+1, 0);
3762 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3763 write_through = BITSETW(req->vwv+7,0);
3765 /* We have to deal with slightly different formats depending
3766 on whether we are using the core+ or lanman1.0 protocol */
3768 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3769 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3770 data = smb_buf(req->inbuf);
3772 numtowrite = SVAL(req->vwv+10, 0);
3773 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3776 /* Ensure we don't write bytes past the end of this packet. */
3777 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3778 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3779 error_to_writebrawerr(req);
3780 END_PROFILE(SMBwritebraw);
3784 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3785 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3788 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3789 reply_doserror(req, ERRDOS, ERRlock);
3790 error_to_writebrawerr(req);
3791 END_PROFILE(SMBwritebraw);
3796 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3799 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3800 "wrote=%d sync=%d\n",
3801 fsp->fnum, (double)startpos, (int)numtowrite,
3802 (int)nwritten, (int)write_through));
3804 if (nwritten < (ssize_t)numtowrite) {
3805 reply_doserror(req, ERRHRD, ERRdiskfull);
3806 error_to_writebrawerr(req);
3810 total_written = nwritten;
3812 /* Allocate a buffer of 64k + length. */
3813 buf = TALLOC_ARRAY(NULL, char, 65540);
3815 reply_doserror(req, ERRDOS, ERRnomem);
3816 error_to_writebrawerr(req);
3820 /* Return a SMBwritebraw message to the redirector to tell
3821 * it to send more bytes */
3823 memcpy(buf, req->inbuf, smb_size);
3824 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
3825 SCVAL(buf,smb_com,SMBwritebraw);
3826 SSVALS(buf,smb_vwv0,0xFFFF);
3828 if (!srv_send_smb(smbd_server_fd(),
3830 false, 0, /* no signing */
3831 IS_CONN_ENCRYPTED(conn),
3833 exit_server_cleanly("reply_writebraw: srv_send_smb "
3837 /* Now read the raw data into the buffer and write it */
3838 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3840 if (!NT_STATUS_IS_OK(status)) {
3841 exit_server_cleanly("secondary writebraw failed");
3844 /* Set up outbuf to return the correct size */
3845 reply_outbuf(req, 1, 0);
3847 if (numtowrite != 0) {
3849 if (numtowrite > 0xFFFF) {
3850 DEBUG(0,("reply_writebraw: Oversize secondary write "
3851 "raw requested (%u). Terminating\n",
3852 (unsigned int)numtowrite ));
3853 exit_server_cleanly("secondary writebraw failed");
3856 if (tcount > nwritten+numtowrite) {
3857 DEBUG(3,("reply_writebraw: Client overestimated the "
3859 (int)tcount,(int)nwritten,(int)numtowrite));
3862 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3864 if (!NT_STATUS_IS_OK(status)) {
3865 DEBUG(0,("reply_writebraw: Oversize secondary write "
3866 "raw read failed (%s). Terminating\n",
3867 nt_errstr(status)));
3868 exit_server_cleanly("secondary writebraw failed");
3871 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3872 if (nwritten == -1) {
3874 reply_nterror(req, map_nt_error_from_unix(errno));
3875 error_to_writebrawerr(req);
3879 if (nwritten < (ssize_t)numtowrite) {
3880 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3881 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3885 total_written += nwritten;
3890 SSVAL(req->outbuf,smb_vwv0,total_written);
3892 status = sync_file(conn, fsp, write_through);
3893 if (!NT_STATUS_IS_OK(status)) {
3894 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3895 fsp_str_dbg(fsp), nt_errstr(status)));
3896 reply_nterror(req, status);
3897 error_to_writebrawerr(req);
3901 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3903 fsp->fnum, (double)startpos, (int)numtowrite,
3904 (int)total_written));
3906 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3908 /* We won't return a status if write through is not selected - this
3909 * follows what WfWg does */
3910 END_PROFILE(SMBwritebraw);
3912 if (!write_through && total_written==tcount) {
3914 #if RABBIT_PELLET_FIX
3916 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3917 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3920 if (!send_keepalive(smbd_server_fd())) {
3921 exit_server_cleanly("reply_writebraw: send of "
3922 "keepalive failed");
3925 TALLOC_FREE(req->outbuf);
3930 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3932 END_PROFILE(SMBwritebraw);
3937 #define DBGC_CLASS DBGC_LOCKING
3939 /****************************************************************************
3940 Reply to a writeunlock (core+).
3941 ****************************************************************************/
3943 void reply_writeunlock(struct smb_request *req)
3945 connection_struct *conn = req->conn;
3946 ssize_t nwritten = -1;
3950 NTSTATUS status = NT_STATUS_OK;
3952 struct lock_struct lock;
3953 int saved_errno = 0;
3955 START_PROFILE(SMBwriteunlock);
3958 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3959 END_PROFILE(SMBwriteunlock);
3963 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3965 if (!check_fsp(conn, req, fsp)) {
3966 END_PROFILE(SMBwriteunlock);
3970 if (!CHECK_WRITE(fsp)) {
3971 reply_doserror(req, ERRDOS,ERRbadaccess);
3972 END_PROFILE(SMBwriteunlock);
3976 numtowrite = SVAL(req->vwv+1, 0);
3977 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3978 data = (const char *)req->buf + 3;
3981 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3982 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3985 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3986 reply_doserror(req, ERRDOS, ERRlock);
3987 END_PROFILE(SMBwriteunlock);
3992 /* The special X/Open SMB protocol handling of
3993 zero length writes is *NOT* done for
3995 if(numtowrite == 0) {
3998 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3999 saved_errno = errno;
4002 status = sync_file(conn, fsp, False /* write through */);
4003 if (!NT_STATUS_IS_OK(status)) {
4004 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4005 fsp_str_dbg(fsp), nt_errstr(status)));
4006 reply_nterror(req, status);
4011 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4015 if((nwritten < numtowrite) && (numtowrite != 0)) {
4016 reply_doserror(req, ERRHRD, ERRdiskfull);
4021 status = do_unlock(smbd_messaging_context(),
4024 (uint64_t)numtowrite,
4028 if (NT_STATUS_V(status)) {
4029 reply_nterror(req, status);
4034 reply_outbuf(req, 1, 0);
4036 SSVAL(req->outbuf,smb_vwv0,nwritten);
4038 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4039 fsp->fnum, (int)numtowrite, (int)nwritten));
4043 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4046 END_PROFILE(SMBwriteunlock);
4051 #define DBGC_CLASS DBGC_ALL
4053 /****************************************************************************
4055 ****************************************************************************/
4057 void reply_write(struct smb_request *req)
4059 connection_struct *conn = req->conn;
4061 ssize_t nwritten = -1;
4065 struct lock_struct lock;
4067 int saved_errno = 0;
4069 START_PROFILE(SMBwrite);
4072 END_PROFILE(SMBwrite);
4073 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4077 /* If it's an IPC, pass off the pipe handler. */
4079 reply_pipe_write(req);
4080 END_PROFILE(SMBwrite);
4084 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4086 if (!check_fsp(conn, req, fsp)) {
4087 END_PROFILE(SMBwrite);
4091 if (!CHECK_WRITE(fsp)) {
4092 reply_doserror(req, ERRDOS, ERRbadaccess);
4093 END_PROFILE(SMBwrite);
4097 numtowrite = SVAL(req->vwv+1, 0);
4098 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4099 data = (const char *)req->buf + 3;
4101 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4102 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4105 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4106 reply_doserror(req, ERRDOS, ERRlock);
4107 END_PROFILE(SMBwrite);
4112 * X/Open SMB protocol says that if smb_vwv1 is
4113 * zero then the file size should be extended or
4114 * truncated to the size given in smb_vwv[2-3].
4117 if(numtowrite == 0) {
4119 * This is actually an allocate call, and set EOF. JRA.
4121 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4123 reply_nterror(req, NT_STATUS_DISK_FULL);
4126 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4128 reply_nterror(req, NT_STATUS_DISK_FULL);
4131 trigger_write_time_update_immediate(fsp);
4133 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4136 status = sync_file(conn, fsp, False);
4137 if (!NT_STATUS_IS_OK(status)) {
4138 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4139 fsp_str_dbg(fsp), nt_errstr(status)));
4140 reply_nterror(req, status);
4145 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4149 if((nwritten == 0) && (numtowrite != 0)) {
4150 reply_doserror(req, ERRHRD, ERRdiskfull);
4154 reply_outbuf(req, 1, 0);
4156 SSVAL(req->outbuf,smb_vwv0,nwritten);
4158 if (nwritten < (ssize_t)numtowrite) {
4159 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4160 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4163 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4166 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4168 END_PROFILE(SMBwrite);
4172 /****************************************************************************
4173 Ensure a buffer is a valid writeX for recvfile purposes.
4174 ****************************************************************************/
4176 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4177 (2*14) + /* word count (including bcc) */ \
4180 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4183 connection_struct *conn = NULL;
4184 unsigned int doff = 0;
4185 size_t len = smb_len_large(inbuf);
4186 struct smbd_server_connection *sconn = smbd_server_conn;
4188 if (is_encrypted_packet(inbuf)) {
4189 /* Can't do this on encrypted
4194 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4198 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4199 CVAL(inbuf,smb_wct) != 14) {
4200 DEBUG(10,("is_valid_writeX_buffer: chained or "
4201 "invalid word length.\n"));
4205 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4207 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4211 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4214 if (IS_PRINT(conn)) {
4215 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4218 doff = SVAL(inbuf,smb_vwv11);
4220 numtowrite = SVAL(inbuf,smb_vwv10);
4222 if (len > doff && len - doff > 0xFFFF) {
4223 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4226 if (numtowrite == 0) {
4227 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4231 /* Ensure the sizes match up. */
4232 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4233 /* no pad byte...old smbclient :-( */
4234 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4236 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4240 if (len - doff != numtowrite) {
4241 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4242 "len = %u, doff = %u, numtowrite = %u\n",
4245 (unsigned int)numtowrite ));
4249 DEBUG(10,("is_valid_writeX_buffer: true "
4250 "len = %u, doff = %u, numtowrite = %u\n",
4253 (unsigned int)numtowrite ));
4258 /****************************************************************************
4259 Reply to a write and X.
4260 ****************************************************************************/
4262 void reply_write_and_X(struct smb_request *req)
4264 connection_struct *conn = req->conn;
4266 struct lock_struct lock;
4271 unsigned int smb_doff;
4272 unsigned int smblen;
4276 START_PROFILE(SMBwriteX);
4278 if ((req->wct != 12) && (req->wct != 14)) {
4279 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4280 END_PROFILE(SMBwriteX);
4284 numtowrite = SVAL(req->vwv+10, 0);
4285 smb_doff = SVAL(req->vwv+11, 0);
4286 smblen = smb_len(req->inbuf);
4288 if (req->unread_bytes > 0xFFFF ||
4289 (smblen > smb_doff &&
4290 smblen - smb_doff > 0xFFFF)) {
4291 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4294 if (req->unread_bytes) {
4295 /* Can't do a recvfile write on IPC$ */
4297 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4298 END_PROFILE(SMBwriteX);
4301 if (numtowrite != req->unread_bytes) {
4302 reply_doserror(req, ERRDOS, ERRbadmem);
4303 END_PROFILE(SMBwriteX);
4307 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4308 smb_doff + numtowrite > smblen) {
4309 reply_doserror(req, ERRDOS, ERRbadmem);
4310 END_PROFILE(SMBwriteX);
4315 /* If it's an IPC, pass off the pipe handler. */
4317 if (req->unread_bytes) {
4318 reply_doserror(req, ERRDOS, ERRbadmem);
4319 END_PROFILE(SMBwriteX);
4322 reply_pipe_write_and_X(req);
4323 END_PROFILE(SMBwriteX);
4327 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4328 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4329 write_through = BITSETW(req->vwv+7,0);
4331 if (!check_fsp(conn, req, fsp)) {
4332 END_PROFILE(SMBwriteX);
4336 if (!CHECK_WRITE(fsp)) {
4337 reply_doserror(req, ERRDOS, ERRbadaccess);
4338 END_PROFILE(SMBwriteX);
4342 data = smb_base(req->inbuf) + smb_doff;
4344 if(req->wct == 14) {
4345 #ifdef LARGE_SMB_OFF_T
4347 * This is a large offset (64 bit) write.
4349 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4351 #else /* !LARGE_SMB_OFF_T */
4354 * Ensure we haven't been sent a >32 bit offset.
4357 if(IVAL(req->vwv+12, 0) != 0) {
4358 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4359 "used and we don't support 64 bit offsets.\n",
4360 (unsigned int)IVAL(req->vwv+12, 0) ));
4361 reply_doserror(req, ERRDOS, ERRbadaccess);
4362 END_PROFILE(SMBwriteX);
4366 #endif /* LARGE_SMB_OFF_T */
4369 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4370 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4373 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4374 reply_doserror(req, ERRDOS, ERRlock);
4375 END_PROFILE(SMBwriteX);
4379 /* X/Open SMB protocol says that, unlike SMBwrite
4380 if the length is zero then NO truncation is
4381 done, just a write of zero. To truncate a file,
4384 if(numtowrite == 0) {
4388 if ((req->unread_bytes == 0) &&
4389 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4394 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4398 reply_nterror(req, map_nt_error_from_unix(errno));
4402 if((nwritten == 0) && (numtowrite != 0)) {
4403 reply_doserror(req, ERRHRD, ERRdiskfull);
4407 reply_outbuf(req, 6, 0);
4408 SSVAL(req->outbuf,smb_vwv2,nwritten);
4409 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4411 if (nwritten < (ssize_t)numtowrite) {
4412 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4413 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4416 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4417 fsp->fnum, (int)numtowrite, (int)nwritten));
4419 status = sync_file(conn, fsp, write_through);
4420 if (!NT_STATUS_IS_OK(status)) {
4421 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4422 fsp_str_dbg(fsp), nt_errstr(status)));
4423 reply_nterror(req, status);
4427 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4429 END_PROFILE(SMBwriteX);
4434 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4436 END_PROFILE(SMBwriteX);
4440 /****************************************************************************
4442 ****************************************************************************/
4444 void reply_lseek(struct smb_request *req)
4446 connection_struct *conn = req->conn;
4452 START_PROFILE(SMBlseek);
4455 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4456 END_PROFILE(SMBlseek);
4460 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4462 if (!check_fsp(conn, req, fsp)) {
4466 flush_write_cache(fsp, SEEK_FLUSH);
4468 mode = SVAL(req->vwv+1, 0) & 3;
4469 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4470 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4479 res = fsp->fh->pos + startpos;
4490 if (umode == SEEK_END) {
4491 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4492 if(errno == EINVAL) {
4493 SMB_OFF_T current_pos = startpos;
4495 if(fsp_stat(fsp) == -1) {
4497 map_nt_error_from_unix(errno));
4498 END_PROFILE(SMBlseek);
4502 current_pos += fsp->fsp_name->st.st_ex_size;
4504 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4509 reply_nterror(req, map_nt_error_from_unix(errno));
4510 END_PROFILE(SMBlseek);
4517 reply_outbuf(req, 2, 0);
4518 SIVAL(req->outbuf,smb_vwv0,res);
4520 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4521 fsp->fnum, (double)startpos, (double)res, mode));
4523 END_PROFILE(SMBlseek);
4527 /****************************************************************************
4529 ****************************************************************************/
4531 void reply_flush(struct smb_request *req)
4533 connection_struct *conn = req->conn;
4537 START_PROFILE(SMBflush);
4540 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4544 fnum = SVAL(req->vwv+0, 0);
4545 fsp = file_fsp(req, fnum);
4547 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4552 file_sync_all(conn);
4554 NTSTATUS status = sync_file(conn, fsp, True);
4555 if (!NT_STATUS_IS_OK(status)) {
4556 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4557 fsp_str_dbg(fsp), nt_errstr(status)));
4558 reply_nterror(req, status);
4559 END_PROFILE(SMBflush);
4564 reply_outbuf(req, 0, 0);
4566 DEBUG(3,("flush\n"));
4567 END_PROFILE(SMBflush);
4571 /****************************************************************************
4573 conn POINTER CAN BE NULL HERE !
4574 ****************************************************************************/
4576 void reply_exit(struct smb_request *req)
4578 START_PROFILE(SMBexit);
4580 file_close_pid(req->smbpid, req->vuid);
4582 reply_outbuf(req, 0, 0);
4584 DEBUG(3,("exit\n"));
4586 END_PROFILE(SMBexit);
4590 /****************************************************************************
4591 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4592 ****************************************************************************/
4594 void reply_close(struct smb_request *req)
4596 connection_struct *conn = req->conn;
4597 NTSTATUS status = NT_STATUS_OK;
4598 files_struct *fsp = NULL;
4599 START_PROFILE(SMBclose);
4602 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4603 END_PROFILE(SMBclose);
4607 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4610 * We can only use check_fsp if we know it's not a directory.
4613 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4614 reply_doserror(req, ERRDOS, ERRbadfid);
4615 END_PROFILE(SMBclose);
4619 if(fsp->is_directory) {
4621 * Special case - close NT SMB directory handle.
4623 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4624 status = close_file(req, fsp, NORMAL_CLOSE);
4628 * Close ordinary file.
4631 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4632 fsp->fh->fd, fsp->fnum,
4633 conn->num_files_open));
4636 * Take care of any time sent in the close.
4639 t = srv_make_unix_date3(req->vwv+1);
4640 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4643 * close_file() returns the unix errno if an error
4644 * was detected on close - normally this is due to
4645 * a disk full error. If not then it was probably an I/O error.
4648 status = close_file(req, fsp, NORMAL_CLOSE);
4651 if (!NT_STATUS_IS_OK(status)) {
4652 reply_nterror(req, status);
4653 END_PROFILE(SMBclose);
4657 reply_outbuf(req, 0, 0);
4658 END_PROFILE(SMBclose);
4662 /****************************************************************************
4663 Reply to a writeclose (Core+ protocol).
4664 ****************************************************************************/
4666 void reply_writeclose(struct smb_request *req)
4668 connection_struct *conn = req->conn;
4670 ssize_t nwritten = -1;
4671 NTSTATUS close_status = NT_STATUS_OK;
4674 struct timespec mtime;
4676 struct lock_struct lock;
4678 START_PROFILE(SMBwriteclose);
4681 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4682 END_PROFILE(SMBwriteclose);
4686 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4688 if (!check_fsp(conn, req, fsp)) {
4689 END_PROFILE(SMBwriteclose);
4692 if (!CHECK_WRITE(fsp)) {
4693 reply_doserror(req, ERRDOS,ERRbadaccess);
4694 END_PROFILE(SMBwriteclose);
4698 numtowrite = SVAL(req->vwv+1, 0);
4699 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4700 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4701 data = (const char *)req->buf + 1;
4704 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4705 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4708 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4709 reply_doserror(req, ERRDOS,ERRlock);
4710 END_PROFILE(SMBwriteclose);
4715 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4717 set_close_write_time(fsp, mtime);
4720 * More insanity. W2K only closes the file if writelen > 0.
4725 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4726 "file %s\n", fsp_str_dbg(fsp)));
4727 close_status = close_file(req, fsp, NORMAL_CLOSE);
4730 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4731 fsp->fnum, (int)numtowrite, (int)nwritten,
4732 conn->num_files_open));
4734 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4735 reply_doserror(req, ERRHRD, ERRdiskfull);
4739 if(!NT_STATUS_IS_OK(close_status)) {
4740 reply_nterror(req, close_status);
4744 reply_outbuf(req, 1, 0);
4746 SSVAL(req->outbuf,smb_vwv0,nwritten);
4750 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4753 END_PROFILE(SMBwriteclose);
4758 #define DBGC_CLASS DBGC_LOCKING
4760 /****************************************************************************
4762 ****************************************************************************/
4764 void reply_lock(struct smb_request *req)
4766 connection_struct *conn = req->conn;
4767 uint64_t count,offset;
4770 struct byte_range_lock *br_lck = NULL;
4772 START_PROFILE(SMBlock);
4775 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4776 END_PROFILE(SMBlock);
4780 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4782 if (!check_fsp(conn, req, fsp)) {
4783 END_PROFILE(SMBlock);
4787 count = (uint64_t)IVAL(req->vwv+1, 0);
4788 offset = (uint64_t)IVAL(req->vwv+3, 0);
4790 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4791 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4793 br_lck = do_lock(smbd_messaging_context(),
4800 False, /* Non-blocking lock. */
4805 TALLOC_FREE(br_lck);
4807 if (NT_STATUS_V(status)) {
4808 reply_nterror(req, status);
4809 END_PROFILE(SMBlock);
4813 reply_outbuf(req, 0, 0);
4815 END_PROFILE(SMBlock);
4819 /****************************************************************************
4821 ****************************************************************************/
4823 void reply_unlock(struct smb_request *req)
4825 connection_struct *conn = req->conn;
4826 uint64_t count,offset;
4830 START_PROFILE(SMBunlock);
4833 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4834 END_PROFILE(SMBunlock);
4838 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4840 if (!check_fsp(conn, req, fsp)) {
4841 END_PROFILE(SMBunlock);
4845 count = (uint64_t)IVAL(req->vwv+1, 0);
4846 offset = (uint64_t)IVAL(req->vwv+3, 0);
4848 status = do_unlock(smbd_messaging_context(),
4855 if (NT_STATUS_V(status)) {
4856 reply_nterror(req, status);
4857 END_PROFILE(SMBunlock);
4861 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4862 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4864 reply_outbuf(req, 0, 0);
4866 END_PROFILE(SMBunlock);
4871 #define DBGC_CLASS DBGC_ALL
4873 /****************************************************************************
4875 conn POINTER CAN BE NULL HERE !
4876 ****************************************************************************/
4878 void reply_tdis(struct smb_request *req)
4880 connection_struct *conn = req->conn;
4881 START_PROFILE(SMBtdis);
4884 DEBUG(4,("Invalid connection in tdis\n"));
4885 reply_doserror(req, ERRSRV, ERRinvnid);
4886 END_PROFILE(SMBtdis);
4892 close_cnum(conn,req->vuid);
4895 reply_outbuf(req, 0, 0);
4896 END_PROFILE(SMBtdis);
4900 /****************************************************************************
4902 conn POINTER CAN BE NULL HERE !
4903 ****************************************************************************/
4905 void reply_echo(struct smb_request *req)
4907 connection_struct *conn = req->conn;
4908 struct smb_perfcount_data local_pcd;
4909 struct smb_perfcount_data *cur_pcd;
4913 START_PROFILE(SMBecho);
4915 smb_init_perfcount_data(&local_pcd);
4918 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4919 END_PROFILE(SMBecho);
4923 smb_reverb = SVAL(req->vwv+0, 0);
4925 reply_outbuf(req, 1, req->buflen);
4927 /* copy any incoming data back out */
4928 if (req->buflen > 0) {
4929 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4932 if (smb_reverb > 100) {
4933 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4937 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4939 /* this makes sure we catch the request pcd */
4940 if (seq_num == smb_reverb) {
4941 cur_pcd = &req->pcd;
4943 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4944 cur_pcd = &local_pcd;
4947 SSVAL(req->outbuf,smb_vwv0,seq_num);
4949 show_msg((char *)req->outbuf);
4950 if (!srv_send_smb(smbd_server_fd(),
4951 (char *)req->outbuf,
4952 true, req->seqnum+1,
4953 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4955 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4958 DEBUG(3,("echo %d times\n", smb_reverb));
4960 TALLOC_FREE(req->outbuf);
4962 END_PROFILE(SMBecho);
4966 /****************************************************************************
4967 Reply to a printopen.
4968 ****************************************************************************/
4970 void reply_printopen(struct smb_request *req)
4972 connection_struct *conn = req->conn;
4976 START_PROFILE(SMBsplopen);
4979 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4980 END_PROFILE(SMBsplopen);
4984 if (!CAN_PRINT(conn)) {
4985 reply_doserror(req, ERRDOS, ERRnoaccess);
4986 END_PROFILE(SMBsplopen);
4990 status = file_new(req, conn, &fsp);
4991 if(!NT_STATUS_IS_OK(status)) {
4992 reply_nterror(req, status);
4993 END_PROFILE(SMBsplopen);
4997 /* Open for exclusive use, write only. */
4998 status = print_fsp_open(req, conn, NULL, req->vuid, fsp);
5000 if (!NT_STATUS_IS_OK(status)) {
5001 file_free(req, fsp);
5002 reply_nterror(req, status);
5003 END_PROFILE(SMBsplopen);
5007 reply_outbuf(req, 1, 0);
5008 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5010 DEBUG(3,("openprint fd=%d fnum=%d\n",
5011 fsp->fh->fd, fsp->fnum));
5013 END_PROFILE(SMBsplopen);
5017 /****************************************************************************
5018 Reply to a printclose.
5019 ****************************************************************************/
5021 void reply_printclose(struct smb_request *req)
5023 connection_struct *conn = req->conn;
5027 START_PROFILE(SMBsplclose);
5030 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5031 END_PROFILE(SMBsplclose);
5035 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5037 if (!check_fsp(conn, req, fsp)) {
5038 END_PROFILE(SMBsplclose);
5042 if (!CAN_PRINT(conn)) {
5043 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
5044 END_PROFILE(SMBsplclose);
5048 DEBUG(3,("printclose fd=%d fnum=%d\n",
5049 fsp->fh->fd,fsp->fnum));
5051 status = close_file(req, fsp, NORMAL_CLOSE);
5053 if(!NT_STATUS_IS_OK(status)) {
5054 reply_nterror(req, status);
5055 END_PROFILE(SMBsplclose);
5059 reply_outbuf(req, 0, 0);
5061 END_PROFILE(SMBsplclose);
5065 /****************************************************************************
5066 Reply to a printqueue.
5067 ****************************************************************************/
5069 void reply_printqueue(struct smb_request *req)
5071 connection_struct *conn = req->conn;
5075 START_PROFILE(SMBsplretq);
5078 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5079 END_PROFILE(SMBsplretq);
5083 max_count = SVAL(req->vwv+0, 0);
5084 start_index = SVAL(req->vwv+1, 0);
5086 /* we used to allow the client to get the cnum wrong, but that
5087 is really quite gross and only worked when there was only
5088 one printer - I think we should now only accept it if they
5089 get it right (tridge) */
5090 if (!CAN_PRINT(conn)) {
5091 reply_doserror(req, ERRDOS, ERRnoaccess);
5092 END_PROFILE(SMBsplretq);
5096 reply_outbuf(req, 2, 3);
5097 SSVAL(req->outbuf,smb_vwv0,0);
5098 SSVAL(req->outbuf,smb_vwv1,0);
5099 SCVAL(smb_buf(req->outbuf),0,1);
5100 SSVAL(smb_buf(req->outbuf),1,0);
5102 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5103 start_index, max_count));
5106 print_queue_struct *queue = NULL;
5107 print_status_struct status;
5108 int count = print_queue_status(SNUM(conn), &queue, &status);
5109 int num_to_get = ABS(max_count);
5110 int first = (max_count>0?start_index:start_index+max_count+1);
5116 num_to_get = MIN(num_to_get,count-first);
5119 for (i=first;i<first+num_to_get;i++) {
5123 srv_put_dos_date2(p,0,queue[i].time);
5124 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5125 SSVAL(p,5, queue[i].job);
5126 SIVAL(p,7,queue[i].size);
5128 srvstr_push(blob, req->flags2, p+12,
5129 queue[i].fs_user, 16, STR_ASCII);
5131 if (message_push_blob(
5134 blob, sizeof(blob))) == -1) {
5135 reply_nterror(req, NT_STATUS_NO_MEMORY);
5136 END_PROFILE(SMBsplretq);
5142 SSVAL(req->outbuf,smb_vwv0,count);
5143 SSVAL(req->outbuf,smb_vwv1,
5144 (max_count>0?first+count:first-1));
5145 SCVAL(smb_buf(req->outbuf),0,1);
5146 SSVAL(smb_buf(req->outbuf),1,28*count);
5151 DEBUG(3,("%d entries returned in queue\n",count));
5154 END_PROFILE(SMBsplretq);
5158 /****************************************************************************
5159 Reply to a printwrite.
5160 ****************************************************************************/
5162 void reply_printwrite(struct smb_request *req)
5164 connection_struct *conn = req->conn;
5169 START_PROFILE(SMBsplwr);
5172 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5173 END_PROFILE(SMBsplwr);
5177 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5179 if (!check_fsp(conn, req, fsp)) {
5180 END_PROFILE(SMBsplwr);
5184 if (!CAN_PRINT(conn)) {
5185 reply_doserror(req, ERRDOS, ERRnoaccess);
5186 END_PROFILE(SMBsplwr);
5190 if (!CHECK_WRITE(fsp)) {
5191 reply_doserror(req, ERRDOS, ERRbadaccess);
5192 END_PROFILE(SMBsplwr);
5196 numtowrite = SVAL(req->buf, 1);
5198 if (req->buflen < numtowrite + 3) {
5199 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5200 END_PROFILE(SMBsplwr);
5204 data = (const char *)req->buf + 3;
5206 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5207 reply_nterror(req, map_nt_error_from_unix(errno));
5208 END_PROFILE(SMBsplwr);
5212 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5214 END_PROFILE(SMBsplwr);
5218 /****************************************************************************
5220 ****************************************************************************/
5222 void reply_mkdir(struct smb_request *req)
5224 connection_struct *conn = req->conn;
5225 struct smb_filename *smb_dname = NULL;
5226 char *directory = NULL;
5228 TALLOC_CTX *ctx = talloc_tos();
5230 START_PROFILE(SMBmkdir);
5232 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5233 STR_TERMINATE, &status);
5234 if (!NT_STATUS_IS_OK(status)) {
5235 reply_nterror(req, status);
5239 status = filename_convert(ctx, conn,
5240 req->flags2 & FLAGS2_DFS_PATHNAMES,
5245 if (!NT_STATUS_IS_OK(status)) {
5246 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5247 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5248 ERRSRV, ERRbadpath);
5251 reply_nterror(req, status);
5255 status = create_directory(conn, req, smb_dname);
5257 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5259 if (!NT_STATUS_IS_OK(status)) {
5261 if (!use_nt_status()
5262 && NT_STATUS_EQUAL(status,
5263 NT_STATUS_OBJECT_NAME_COLLISION)) {
5265 * Yes, in the DOS error code case we get a
5266 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5267 * samba4 torture test.
5269 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5272 reply_nterror(req, status);
5276 reply_outbuf(req, 0, 0);
5278 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5280 TALLOC_FREE(smb_dname);
5281 END_PROFILE(SMBmkdir);
5285 /****************************************************************************
5287 ****************************************************************************/
5289 void reply_rmdir(struct smb_request *req)
5291 connection_struct *conn = req->conn;
5292 struct smb_filename *smb_dname = NULL;
5293 char *directory = NULL;
5295 TALLOC_CTX *ctx = talloc_tos();
5296 files_struct *fsp = NULL;
5298 struct smbd_server_connection *sconn = smbd_server_conn;
5300 START_PROFILE(SMBrmdir);
5302 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5303 STR_TERMINATE, &status);
5304 if (!NT_STATUS_IS_OK(status)) {
5305 reply_nterror(req, status);
5309 status = filename_convert(ctx, conn,
5310 req->flags2 & FLAGS2_DFS_PATHNAMES,
5315 if (!NT_STATUS_IS_OK(status)) {
5316 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5317 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5318 ERRSRV, ERRbadpath);
5321 reply_nterror(req, status);
5325 if (is_ntfs_stream_smb_fname(smb_dname)) {
5326 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5330 status = SMB_VFS_CREATE_FILE(
5333 0, /* root_dir_fid */
5334 smb_dname, /* fname */
5335 DELETE_ACCESS, /* access_mask */
5336 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5338 FILE_OPEN, /* create_disposition*/
5339 FILE_DIRECTORY_FILE, /* create_options */
5340 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5341 0, /* oplock_request */
5342 0, /* allocation_size */
5348 if (!NT_STATUS_IS_OK(status)) {
5349 if (open_was_deferred(req->mid)) {
5350 /* We have re-scheduled this call. */
5353 reply_nterror(req, status);
5357 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5358 if (!NT_STATUS_IS_OK(status)) {
5359 close_file(req, fsp, ERROR_CLOSE);
5360 reply_nterror(req, status);
5364 if (!set_delete_on_close(fsp, true, &conn->server_info->utok)) {
5365 close_file(req, fsp, ERROR_CLOSE);
5366 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5370 close_file(req, fsp, NORMAL_CLOSE);
5371 reply_outbuf(req, 0, 0);
5373 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5375 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5377 TALLOC_FREE(smb_dname);
5378 END_PROFILE(SMBrmdir);
5382 /*******************************************************************
5383 Resolve wildcards in a filename rename.
5384 ********************************************************************/
5386 static bool resolve_wildcards(TALLOC_CTX *ctx,
5391 char *name2_copy = NULL;
5396 char *p,*p2, *pname1, *pname2;
5398 name2_copy = talloc_strdup(ctx, name2);
5403 pname1 = strrchr_m(name1,'/');
5404 pname2 = strrchr_m(name2_copy,'/');
5406 if (!pname1 || !pname2) {
5410 /* Truncate the copy of name2 at the last '/' */
5413 /* Now go past the '/' */
5417 root1 = talloc_strdup(ctx, pname1);
5418 root2 = talloc_strdup(ctx, pname2);
5420 if (!root1 || !root2) {
5424 p = strrchr_m(root1,'.');
5427 ext1 = talloc_strdup(ctx, p+1);
5429 ext1 = talloc_strdup(ctx, "");
5431 p = strrchr_m(root2,'.');
5434 ext2 = talloc_strdup(ctx, p+1);
5436 ext2 = talloc_strdup(ctx, "");
5439 if (!ext1 || !ext2) {
5447 /* Hmmm. Should this be mb-aware ? */
5450 } else if (*p2 == '*') {
5452 root2 = talloc_asprintf(ctx, "%s%s",
5471 /* Hmmm. Should this be mb-aware ? */
5474 } else if (*p2 == '*') {
5476 ext2 = talloc_asprintf(ctx, "%s%s",
5492 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5497 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5509 /****************************************************************************
5510 Ensure open files have their names updated. Updated to notify other smbd's
5512 ****************************************************************************/
5514 static void rename_open_files(connection_struct *conn,
5515 struct share_mode_lock *lck,
5516 const struct smb_filename *smb_fname_dst)
5519 bool did_rename = False;
5522 for(fsp = file_find_di_first(lck->id); fsp;
5523 fsp = file_find_di_next(fsp)) {
5524 /* fsp_name is a relative path under the fsp. To change this for other
5525 sharepaths we need to manipulate relative paths. */
5526 /* TODO - create the absolute path and manipulate the newname
5527 relative to the sharepath. */
5528 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5531 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5532 "(file_id %s) from %s -> %s\n", fsp->fnum,
5533 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5534 smb_fname_str_dbg(smb_fname_dst)));
5536 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5537 if (NT_STATUS_IS_OK(status)) {
5543 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5544 "for %s\n", file_id_string_tos(&lck->id),
5545 smb_fname_str_dbg(smb_fname_dst)));
5548 /* Send messages to all smbd's (not ourself) that the name has changed. */
5549 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5554 /****************************************************************************
5555 We need to check if the source path is a parent directory of the destination
5556 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5557 refuse the rename with a sharing violation. Under UNIX the above call can
5558 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5559 probably need to check that the client is a Windows one before disallowing
5560 this as a UNIX client (one with UNIX extensions) can know the source is a
5561 symlink and make this decision intelligently. Found by an excellent bug
5562 report from <AndyLiebman@aol.com>.
5563 ****************************************************************************/
5565 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5566 const struct smb_filename *smb_fname_dst)
5568 const char *psrc = smb_fname_src->base_name;
5569 const char *pdst = smb_fname_dst->base_name;
5572 if (psrc[0] == '.' && psrc[1] == '/') {
5575 if (pdst[0] == '.' && pdst[1] == '/') {
5578 if ((slen = strlen(psrc)) > strlen(pdst)) {
5581 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5585 * Do the notify calls from a rename
5588 static void notify_rename(connection_struct *conn, bool is_dir,
5589 const struct smb_filename *smb_fname_src,
5590 const struct smb_filename *smb_fname_dst)
5592 char *parent_dir_src = NULL;
5593 char *parent_dir_dst = NULL;
5596 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5597 : FILE_NOTIFY_CHANGE_FILE_NAME;
5599 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5600 &parent_dir_src, NULL) ||
5601 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5602 &parent_dir_dst, NULL)) {
5606 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5607 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5608 smb_fname_src->base_name);
5609 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5610 smb_fname_dst->base_name);
5613 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5614 smb_fname_src->base_name);
5615 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5616 smb_fname_dst->base_name);
5619 /* this is a strange one. w2k3 gives an additional event for
5620 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5621 files, but not directories */
5623 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5624 FILE_NOTIFY_CHANGE_ATTRIBUTES
5625 |FILE_NOTIFY_CHANGE_CREATION,
5626 smb_fname_dst->base_name);
5629 TALLOC_FREE(parent_dir_src);
5630 TALLOC_FREE(parent_dir_dst);
5633 /****************************************************************************
5634 Rename an open file - given an fsp.
5635 ****************************************************************************/
5637 NTSTATUS rename_internals_fsp(connection_struct *conn,
5639 const struct smb_filename *smb_fname_dst_in,
5641 bool replace_if_exists)
5643 TALLOC_CTX *ctx = talloc_tos();
5644 struct smb_filename *smb_fname_dst = NULL;
5645 NTSTATUS status = NT_STATUS_OK;
5646 struct share_mode_lock *lck = NULL;
5647 bool dst_exists, old_is_stream, new_is_stream;
5649 status = check_name(conn, smb_fname_dst_in->base_name);
5650 if (!NT_STATUS_IS_OK(status)) {
5654 /* Make a copy of the dst smb_fname structs */
5656 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5657 if (!NT_STATUS_IS_OK(status)) {
5661 /* Ensure the dst smb_fname contains a '/' */
5662 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5664 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5665 smb_fname_dst->base_name);
5667 status = NT_STATUS_NO_MEMORY;
5670 TALLOC_FREE(smb_fname_dst->base_name);
5671 smb_fname_dst->base_name = tmp;
5675 * Check for special case with case preserving and not
5676 * case sensitive. If the old last component differs from the original
5677 * last component only by case, then we should allow
5678 * the rename (user is trying to change the case of the
5681 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5682 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5683 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
5685 char *fname_dst_lcomp_base_mod = NULL;
5686 struct smb_filename *smb_fname_orig_lcomp = NULL;
5689 * Get the last component of the destination name. Note that
5690 * we guarantee that destination name contains a '/' character
5693 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5694 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5695 if (!fname_dst_lcomp_base_mod) {
5696 status = NT_STATUS_NO_MEMORY;
5701 * Create an smb_filename struct using the original last
5702 * component of the destination.
5704 status = create_synthetic_smb_fname_split(ctx,
5705 smb_fname_dst->original_lcomp, NULL,
5706 &smb_fname_orig_lcomp);
5707 if (!NT_STATUS_IS_OK(status)) {
5708 TALLOC_FREE(fname_dst_lcomp_base_mod);
5712 /* If the base names only differ by case, use original. */
5713 if(!strcsequal(fname_dst_lcomp_base_mod,
5714 smb_fname_orig_lcomp->base_name)) {
5717 * Replace the modified last component with the
5720 *last_slash = '\0'; /* Truncate at the '/' */
5721 tmp = talloc_asprintf(smb_fname_dst,
5723 smb_fname_dst->base_name,
5724 smb_fname_orig_lcomp->base_name);
5726 status = NT_STATUS_NO_MEMORY;
5727 TALLOC_FREE(fname_dst_lcomp_base_mod);
5728 TALLOC_FREE(smb_fname_orig_lcomp);
5731 TALLOC_FREE(smb_fname_dst->base_name);
5732 smb_fname_dst->base_name = tmp;
5735 /* If the stream_names only differ by case, use original. */
5736 if(!strcsequal(smb_fname_dst->stream_name,
5737 smb_fname_orig_lcomp->stream_name)) {
5739 /* Use the original stream. */
5740 tmp = talloc_strdup(smb_fname_dst,
5741 smb_fname_orig_lcomp->stream_name);
5743 status = NT_STATUS_NO_MEMORY;
5744 TALLOC_FREE(fname_dst_lcomp_base_mod);
5745 TALLOC_FREE(smb_fname_orig_lcomp);
5748 TALLOC_FREE(smb_fname_dst->stream_name);
5749 smb_fname_dst->stream_name = tmp;
5751 TALLOC_FREE(fname_dst_lcomp_base_mod);
5752 TALLOC_FREE(smb_fname_orig_lcomp);
5756 * If the src and dest names are identical - including case,
5757 * don't do the rename, just return success.
5760 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5761 strcsequal(fsp->fsp_name->stream_name,
5762 smb_fname_dst->stream_name)) {
5763 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
5764 "- returning success\n",
5765 smb_fname_str_dbg(smb_fname_dst)));
5766 status = NT_STATUS_OK;
5770 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
5771 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
5773 /* Return the correct error code if both names aren't streams. */
5774 if (!old_is_stream && new_is_stream) {
5775 status = NT_STATUS_OBJECT_NAME_INVALID;
5779 if (old_is_stream && !new_is_stream) {
5780 status = NT_STATUS_INVALID_PARAMETER;
5784 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
5786 if(!replace_if_exists && dst_exists) {
5787 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
5788 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5789 smb_fname_str_dbg(smb_fname_dst)));
5790 status = NT_STATUS_OBJECT_NAME_COLLISION;
5795 struct file_id fileid = vfs_file_id_from_sbuf(conn,
5796 &smb_fname_dst->st);
5797 files_struct *dst_fsp = file_find_di_first(fileid);
5798 /* The file can be open when renaming a stream */
5799 if (dst_fsp && !new_is_stream) {
5800 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5801 status = NT_STATUS_ACCESS_DENIED;
5806 /* Ensure we have a valid stat struct for the source. */
5807 status = vfs_stat_fsp(fsp);
5808 if (!NT_STATUS_IS_OK(status)) {
5812 status = can_rename(conn, fsp, attrs);
5814 if (!NT_STATUS_IS_OK(status)) {
5815 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5816 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5817 smb_fname_str_dbg(smb_fname_dst)));
5818 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5819 status = NT_STATUS_ACCESS_DENIED;
5823 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
5824 status = NT_STATUS_ACCESS_DENIED;
5827 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5831 * We have the file open ourselves, so not being able to get the
5832 * corresponding share mode lock is a fatal error.
5835 SMB_ASSERT(lck != NULL);
5837 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
5838 uint32 create_options = fsp->fh->private_options;
5840 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
5841 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5842 smb_fname_str_dbg(smb_fname_dst)));
5844 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
5847 rename_open_files(conn, lck, smb_fname_dst);
5850 * A rename acts as a new file create w.r.t. allowing an initial delete
5851 * on close, probably because in Windows there is a new handle to the
5852 * new file. If initial delete on close was requested but not
5853 * originally set, we need to set it here. This is probably not 100% correct,
5854 * but will work for the CIFSFS client which in non-posix mode
5855 * depends on these semantics. JRA.
5858 if (create_options & FILE_DELETE_ON_CLOSE) {
5859 status = can_set_delete_on_close(fsp, 0);
5861 if (NT_STATUS_IS_OK(status)) {
5862 /* Note that here we set the *inital* delete on close flag,
5863 * not the regular one. The magic gets handled in close. */
5864 fsp->initial_delete_on_close = True;
5868 status = NT_STATUS_OK;
5874 if (errno == ENOTDIR || errno == EISDIR) {
5875 status = NT_STATUS_OBJECT_NAME_COLLISION;
5877 status = map_nt_error_from_unix(errno);
5880 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5881 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5882 smb_fname_str_dbg(smb_fname_dst)));
5885 TALLOC_FREE(smb_fname_dst);
5890 /****************************************************************************
5891 The guts of the rename command, split out so it may be called by the NT SMB
5893 ****************************************************************************/
5895 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5896 connection_struct *conn,
5897 struct smb_request *req,
5898 struct smb_filename *smb_fname_src,
5899 struct smb_filename *smb_fname_dst,
5901 bool replace_if_exists,
5904 uint32_t access_mask)
5906 char *fname_src_dir = NULL;
5907 char *fname_src_mask = NULL;
5909 NTSTATUS status = NT_STATUS_OK;
5910 struct smb_Dir *dir_hnd = NULL;
5911 const char *dname = NULL;
5912 char *talloced = NULL;
5914 int create_options = 0;
5915 bool posix_pathnames = lp_posix_pathnames();
5918 * Split the old name into directory and last component
5919 * strings. Note that unix_convert may have stripped off a
5920 * leading ./ from both name and newname if the rename is
5921 * at the root of the share. We need to make sure either both
5922 * name and newname contain a / character or neither of them do
5923 * as this is checked in resolve_wildcards().
5926 /* Split up the directory from the filename/mask. */
5927 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
5928 &fname_src_dir, &fname_src_mask);
5929 if (!NT_STATUS_IS_OK(status)) {
5930 status = NT_STATUS_NO_MEMORY;
5935 * We should only check the mangled cache
5936 * here if unix_convert failed. This means
5937 * that the path in 'mask' doesn't exist
5938 * on the file system and so we need to look
5939 * for a possible mangle. This patch from
5940 * Tine Smukavec <valentin.smukavec@hermes.si>.
5943 if (!VALID_STAT(smb_fname_src->st) &&
5944 mangle_is_mangled(fname_src_mask, conn->params)) {
5945 char *new_mask = NULL;
5946 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
5949 TALLOC_FREE(fname_src_mask);
5950 fname_src_mask = new_mask;
5954 if (!src_has_wild) {
5958 * Only one file needs to be renamed. Append the mask back
5959 * onto the directory.
5961 TALLOC_FREE(smb_fname_src->base_name);
5962 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
5966 if (!smb_fname_src->base_name) {
5967 status = NT_STATUS_NO_MEMORY;
5971 /* Ensure dst fname contains a '/' also */
5972 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
5974 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5975 smb_fname_dst->base_name);
5977 status = NT_STATUS_NO_MEMORY;
5980 TALLOC_FREE(smb_fname_dst->base_name);
5981 smb_fname_dst->base_name = tmp;
5984 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5985 "case_preserve = %d, short case preserve = %d, "
5986 "directory = %s, newname = %s, "
5987 "last_component_dest = %s\n",
5988 conn->case_sensitive, conn->case_preserve,
5989 conn->short_case_preserve,
5990 smb_fname_str_dbg(smb_fname_src),
5991 smb_fname_str_dbg(smb_fname_dst),
5992 smb_fname_dst->original_lcomp));
5994 /* The dest name still may have wildcards. */
5995 if (dest_has_wild) {
5996 char *fname_dst_mod = NULL;
5997 if (!resolve_wildcards(smb_fname_dst,
5998 smb_fname_src->base_name,
5999 smb_fname_dst->base_name,
6001 DEBUG(6, ("rename_internals: resolve_wildcards "
6003 smb_fname_src->base_name,
6004 smb_fname_dst->base_name));
6005 status = NT_STATUS_NO_MEMORY;
6008 TALLOC_FREE(smb_fname_dst->base_name);
6009 smb_fname_dst->base_name = fname_dst_mod;
6012 ZERO_STRUCT(smb_fname_src->st);
6013 if (posix_pathnames) {
6014 SMB_VFS_LSTAT(conn, smb_fname_src);
6016 SMB_VFS_STAT(conn, smb_fname_src);
6019 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6020 create_options |= FILE_DIRECTORY_FILE;
6023 status = SMB_VFS_CREATE_FILE(
6026 0, /* root_dir_fid */
6027 smb_fname_src, /* fname */
6028 access_mask, /* access_mask */
6029 (FILE_SHARE_READ | /* share_access */
6031 FILE_OPEN, /* create_disposition*/
6032 create_options, /* create_options */
6033 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6034 0, /* oplock_request */
6035 0, /* allocation_size */
6041 if (!NT_STATUS_IS_OK(status)) {
6042 DEBUG(3, ("Could not open rename source %s: %s\n",
6043 smb_fname_str_dbg(smb_fname_src),
6044 nt_errstr(status)));
6048 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6049 attrs, replace_if_exists);
6051 close_file(req, fsp, NORMAL_CLOSE);
6053 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6054 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6055 smb_fname_str_dbg(smb_fname_dst)));
6061 * Wildcards - process each file that matches.
6063 if (strequal(fname_src_mask, "????????.???")) {
6064 TALLOC_FREE(fname_src_mask);
6065 fname_src_mask = talloc_strdup(ctx, "*");
6066 if (!fname_src_mask) {
6067 status = NT_STATUS_NO_MEMORY;
6072 status = check_name(conn, fname_src_dir);
6073 if (!NT_STATUS_IS_OK(status)) {
6077 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6079 if (dir_hnd == NULL) {
6080 status = map_nt_error_from_unix(errno);
6084 status = NT_STATUS_NO_SUCH_FILE;
6086 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6087 * - gentest fix. JRA
6090 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6092 files_struct *fsp = NULL;
6093 char *destname = NULL;
6094 bool sysdir_entry = False;
6096 /* Quick check for "." and ".." */
6097 if (ISDOT(dname) || ISDOTDOT(dname)) {
6099 sysdir_entry = True;
6101 TALLOC_FREE(talloced);
6106 if (!is_visible_file(conn, fname_src_dir, dname,
6107 &smb_fname_src->st, false)) {
6108 TALLOC_FREE(talloced);
6112 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6113 TALLOC_FREE(talloced);
6118 status = NT_STATUS_OBJECT_NAME_INVALID;
6122 TALLOC_FREE(smb_fname_src->base_name);
6123 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6127 if (!smb_fname_src->base_name) {
6128 status = NT_STATUS_NO_MEMORY;
6132 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6133 smb_fname_dst->base_name,
6135 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6136 smb_fname_src->base_name, destname));
6137 TALLOC_FREE(talloced);
6141 status = NT_STATUS_NO_MEMORY;
6145 TALLOC_FREE(smb_fname_dst->base_name);
6146 smb_fname_dst->base_name = destname;
6148 ZERO_STRUCT(smb_fname_src->st);
6149 if (posix_pathnames) {
6150 SMB_VFS_LSTAT(conn, smb_fname_src);
6152 SMB_VFS_STAT(conn, smb_fname_src);
6157 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6158 create_options |= FILE_DIRECTORY_FILE;
6161 status = SMB_VFS_CREATE_FILE(
6164 0, /* root_dir_fid */
6165 smb_fname_src, /* fname */
6166 access_mask, /* access_mask */
6167 (FILE_SHARE_READ | /* share_access */
6169 FILE_OPEN, /* create_disposition*/
6170 create_options, /* create_options */
6171 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6172 0, /* oplock_request */
6173 0, /* allocation_size */
6179 if (!NT_STATUS_IS_OK(status)) {
6180 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6181 "returned %s rename %s -> %s\n",
6183 smb_fname_str_dbg(smb_fname_src),
6184 smb_fname_str_dbg(smb_fname_dst)));
6188 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6190 if (!smb_fname_dst->original_lcomp) {
6191 status = NT_STATUS_NO_MEMORY;
6195 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6196 attrs, replace_if_exists);
6198 close_file(req, fsp, NORMAL_CLOSE);
6200 if (!NT_STATUS_IS_OK(status)) {
6201 DEBUG(3, ("rename_internals_fsp returned %s for "
6202 "rename %s -> %s\n", nt_errstr(status),
6203 smb_fname_str_dbg(smb_fname_src),
6204 smb_fname_str_dbg(smb_fname_dst)));
6210 DEBUG(3,("rename_internals: doing rename on %s -> "
6211 "%s\n", smb_fname_str_dbg(smb_fname_src),
6212 smb_fname_str_dbg(smb_fname_src)));
6213 TALLOC_FREE(talloced);
6215 TALLOC_FREE(dir_hnd);
6217 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6218 status = map_nt_error_from_unix(errno);
6222 TALLOC_FREE(talloced);
6223 TALLOC_FREE(fname_src_dir);
6224 TALLOC_FREE(fname_src_mask);
6228 /****************************************************************************
6230 ****************************************************************************/
6232 void reply_mv(struct smb_request *req)
6234 connection_struct *conn = req->conn;
6236 char *newname = NULL;
6240 bool src_has_wcard = False;
6241 bool dest_has_wcard = False;
6242 TALLOC_CTX *ctx = talloc_tos();
6243 struct smb_filename *smb_fname_src = NULL;
6244 struct smb_filename *smb_fname_dst = NULL;
6246 START_PROFILE(SMBmv);
6249 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6253 attrs = SVAL(req->vwv+0, 0);
6255 p = (const char *)req->buf + 1;
6256 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6257 &status, &src_has_wcard);
6258 if (!NT_STATUS_IS_OK(status)) {
6259 reply_nterror(req, status);
6263 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6264 &status, &dest_has_wcard);
6265 if (!NT_STATUS_IS_OK(status)) {
6266 reply_nterror(req, status);
6270 status = filename_convert(ctx,
6272 req->flags2 & FLAGS2_DFS_PATHNAMES,
6274 UCF_COND_ALLOW_WCARD_LCOMP,
6278 if (!NT_STATUS_IS_OK(status)) {
6279 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6280 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6281 ERRSRV, ERRbadpath);
6284 reply_nterror(req, status);
6288 status = filename_convert(ctx,
6290 req->flags2 & FLAGS2_DFS_PATHNAMES,
6292 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6296 if (!NT_STATUS_IS_OK(status)) {
6297 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6298 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6299 ERRSRV, ERRbadpath);
6302 reply_nterror(req, status);
6306 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6307 smb_fname_str_dbg(smb_fname_dst)));
6309 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6310 attrs, False, src_has_wcard, dest_has_wcard,
6312 if (!NT_STATUS_IS_OK(status)) {
6313 if (open_was_deferred(req->mid)) {
6314 /* We have re-scheduled this call. */
6317 reply_nterror(req, status);
6321 reply_outbuf(req, 0, 0);
6323 TALLOC_FREE(smb_fname_src);
6324 TALLOC_FREE(smb_fname_dst);
6329 /*******************************************************************
6330 Copy a file as part of a reply_copy.
6331 ******************************************************************/
6334 * TODO: check error codes on all callers
6337 NTSTATUS copy_file(TALLOC_CTX *ctx,
6338 connection_struct *conn,
6339 struct smb_filename *smb_fname_src,
6340 struct smb_filename *smb_fname_dst,
6343 bool target_is_directory)
6345 struct smb_filename *smb_fname_dst_tmp = NULL;
6347 files_struct *fsp1,*fsp2;
6349 uint32 new_create_disposition;
6353 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6354 if (!NT_STATUS_IS_OK(status)) {
6359 * If the target is a directory, extract the last component from the
6360 * src filename and append it to the dst filename
6362 if (target_is_directory) {
6365 /* dest/target can't be a stream if it's a directory. */
6366 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6368 p = strrchr_m(smb_fname_src->base_name,'/');
6372 p = smb_fname_src->base_name;
6374 smb_fname_dst_tmp->base_name =
6375 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6377 if (!smb_fname_dst_tmp->base_name) {
6378 status = NT_STATUS_NO_MEMORY;
6383 status = vfs_file_exist(conn, smb_fname_src);
6384 if (!NT_STATUS_IS_OK(status)) {
6388 if (!target_is_directory && count) {
6389 new_create_disposition = FILE_OPEN;
6391 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6393 &new_create_disposition,
6395 status = NT_STATUS_INVALID_PARAMETER;
6400 /* Open the src file for reading. */
6401 status = SMB_VFS_CREATE_FILE(
6404 0, /* root_dir_fid */
6405 smb_fname_src, /* fname */
6406 FILE_GENERIC_READ, /* access_mask */
6407 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6408 FILE_OPEN, /* create_disposition*/
6409 0, /* create_options */
6410 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6411 INTERNAL_OPEN_ONLY, /* oplock_request */
6412 0, /* allocation_size */
6418 if (!NT_STATUS_IS_OK(status)) {
6422 dosattrs = dos_mode(conn, smb_fname_src);
6424 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6425 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6428 /* Open the dst file for writing. */
6429 status = SMB_VFS_CREATE_FILE(
6432 0, /* root_dir_fid */
6433 smb_fname_dst, /* fname */
6434 FILE_GENERIC_WRITE, /* access_mask */
6435 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6436 new_create_disposition, /* create_disposition*/
6437 0, /* create_options */
6438 dosattrs, /* file_attributes */
6439 INTERNAL_OPEN_ONLY, /* oplock_request */
6440 0, /* allocation_size */
6446 if (!NT_STATUS_IS_OK(status)) {
6447 close_file(NULL, fsp1, ERROR_CLOSE);
6451 if ((ofun&3) == 1) {
6452 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6453 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6455 * Stop the copy from occurring.
6458 smb_fname_src->st.st_ex_size = 0;
6462 /* Do the actual copy. */
6463 if (smb_fname_src->st.st_ex_size) {
6464 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6467 close_file(NULL, fsp1, NORMAL_CLOSE);
6469 /* Ensure the modtime is set correctly on the destination file. */
6470 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6473 * As we are opening fsp1 read-only we only expect
6474 * an error on close on fsp2 if we are out of space.
6475 * Thus we don't look at the error return from the
6478 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6480 if (!NT_STATUS_IS_OK(status)) {
6484 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6485 status = NT_STATUS_DISK_FULL;
6489 status = NT_STATUS_OK;
6492 TALLOC_FREE(smb_fname_dst_tmp);
6496 /****************************************************************************
6497 Reply to a file copy.
6498 ****************************************************************************/
6500 void reply_copy(struct smb_request *req)
6502 connection_struct *conn = req->conn;
6503 struct smb_filename *smb_fname_src = NULL;
6504 struct smb_filename *smb_fname_dst = NULL;
6505 char *fname_src = NULL;
6506 char *fname_dst = NULL;
6507 char *fname_src_mask = NULL;
6508 char *fname_src_dir = NULL;
6511 int error = ERRnoaccess;
6515 bool target_is_directory=False;
6516 bool source_has_wild = False;
6517 bool dest_has_wild = False;
6519 TALLOC_CTX *ctx = talloc_tos();
6521 START_PROFILE(SMBcopy);
6524 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6528 tid2 = SVAL(req->vwv+0, 0);
6529 ofun = SVAL(req->vwv+1, 0);
6530 flags = SVAL(req->vwv+2, 0);
6532 p = (const char *)req->buf;
6533 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6534 &status, &source_has_wild);
6535 if (!NT_STATUS_IS_OK(status)) {
6536 reply_nterror(req, status);
6539 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6540 &status, &dest_has_wild);
6541 if (!NT_STATUS_IS_OK(status)) {
6542 reply_nterror(req, status);
6546 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6548 if (tid2 != conn->cnum) {
6549 /* can't currently handle inter share copies XXXX */
6550 DEBUG(3,("Rejecting inter-share copy\n"));
6551 reply_doserror(req, ERRSRV, ERRinvdevice);
6555 status = filename_convert(ctx, conn,
6556 req->flags2 & FLAGS2_DFS_PATHNAMES,
6558 UCF_COND_ALLOW_WCARD_LCOMP,
6561 if (!NT_STATUS_IS_OK(status)) {
6562 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6563 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6564 ERRSRV, ERRbadpath);
6567 reply_nterror(req, status);
6571 status = filename_convert(ctx, conn,
6572 req->flags2 & FLAGS2_DFS_PATHNAMES,
6574 UCF_COND_ALLOW_WCARD_LCOMP,
6577 if (!NT_STATUS_IS_OK(status)) {
6578 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6579 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6580 ERRSRV, ERRbadpath);
6583 reply_nterror(req, status);
6587 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6589 if ((flags&1) && target_is_directory) {
6590 reply_doserror(req, ERRDOS, ERRbadfile);
6594 if ((flags&2) && !target_is_directory) {
6595 reply_doserror(req, ERRDOS, ERRbadpath);
6599 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6600 /* wants a tree copy! XXXX */
6601 DEBUG(3,("Rejecting tree copy\n"));
6602 reply_doserror(req, ERRSRV, ERRerror);
6606 /* Split up the directory from the filename/mask. */
6607 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6608 &fname_src_dir, &fname_src_mask);
6609 if (!NT_STATUS_IS_OK(status)) {
6610 reply_nterror(req, NT_STATUS_NO_MEMORY);
6615 * We should only check the mangled cache
6616 * here if unix_convert failed. This means
6617 * that the path in 'mask' doesn't exist
6618 * on the file system and so we need to look
6619 * for a possible mangle. This patch from
6620 * Tine Smukavec <valentin.smukavec@hermes.si>.
6622 if (!VALID_STAT(smb_fname_src->st) &&
6623 mangle_is_mangled(fname_src_mask, conn->params)) {
6624 char *new_mask = NULL;
6625 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6626 &new_mask, conn->params);
6628 /* Use demangled name if one was successfully found. */
6630 TALLOC_FREE(fname_src_mask);
6631 fname_src_mask = new_mask;
6635 if (!source_has_wild) {
6638 * Only one file needs to be copied. Append the mask back onto
6641 TALLOC_FREE(smb_fname_src->base_name);
6642 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6646 if (!smb_fname_src->base_name) {
6647 reply_nterror(req, NT_STATUS_NO_MEMORY);
6651 if (dest_has_wild) {
6652 char *fname_dst_mod = NULL;
6653 if (!resolve_wildcards(smb_fname_dst,
6654 smb_fname_src->base_name,
6655 smb_fname_dst->base_name,
6657 reply_nterror(req, NT_STATUS_NO_MEMORY);
6660 TALLOC_FREE(smb_fname_dst->base_name);
6661 smb_fname_dst->base_name = fname_dst_mod;
6664 status = check_name(conn, smb_fname_src->base_name);
6665 if (!NT_STATUS_IS_OK(status)) {
6666 reply_nterror(req, status);
6670 status = check_name(conn, smb_fname_dst->base_name);
6671 if (!NT_STATUS_IS_OK(status)) {
6672 reply_nterror(req, status);
6676 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6677 ofun, count, target_is_directory);
6679 if(!NT_STATUS_IS_OK(status)) {
6680 reply_nterror(req, status);
6686 struct smb_Dir *dir_hnd = NULL;
6687 const char *dname = NULL;
6688 char *talloced = NULL;
6692 * There is a wildcard that requires us to actually read the
6693 * src dir and copy each file matching the mask to the dst.
6694 * Right now streams won't be copied, but this could
6695 * presumably be added with a nested loop for reach dir entry.
6697 SMB_ASSERT(!smb_fname_src->stream_name);
6698 SMB_ASSERT(!smb_fname_dst->stream_name);
6700 smb_fname_src->stream_name = NULL;
6701 smb_fname_dst->stream_name = NULL;
6703 if (strequal(fname_src_mask,"????????.???")) {
6704 TALLOC_FREE(fname_src_mask);
6705 fname_src_mask = talloc_strdup(ctx, "*");
6706 if (!fname_src_mask) {
6707 reply_nterror(req, NT_STATUS_NO_MEMORY);
6712 status = check_name(conn, fname_src_dir);
6713 if (!NT_STATUS_IS_OK(status)) {
6714 reply_nterror(req, status);
6718 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6719 if (dir_hnd == NULL) {
6720 status = map_nt_error_from_unix(errno);
6721 reply_nterror(req, status);
6727 /* Iterate over the src dir copying each entry to the dst. */
6728 while ((dname = ReadDirName(dir_hnd, &offset,
6729 &smb_fname_src->st, &talloced))) {
6730 char *destname = NULL;
6732 if (ISDOT(dname) || ISDOTDOT(dname)) {
6733 TALLOC_FREE(talloced);
6737 if (!is_visible_file(conn, fname_src_dir, dname,
6738 &smb_fname_src->st, false)) {
6739 TALLOC_FREE(talloced);
6743 if(!mask_match(dname, fname_src_mask,
6744 conn->case_sensitive)) {
6745 TALLOC_FREE(talloced);
6749 error = ERRnoaccess;
6751 /* Get the src smb_fname struct setup. */
6752 TALLOC_FREE(smb_fname_src->base_name);
6753 smb_fname_src->base_name =
6754 talloc_asprintf(smb_fname_src, "%s/%s",
6755 fname_src_dir, dname);
6757 if (!smb_fname_src->base_name) {
6758 TALLOC_FREE(dir_hnd);
6759 TALLOC_FREE(talloced);
6760 reply_nterror(req, NT_STATUS_NO_MEMORY);
6764 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6765 smb_fname_dst->base_name,
6767 TALLOC_FREE(talloced);
6771 TALLOC_FREE(dir_hnd);
6772 TALLOC_FREE(talloced);
6773 reply_nterror(req, NT_STATUS_NO_MEMORY);
6777 TALLOC_FREE(smb_fname_dst->base_name);
6778 smb_fname_dst->base_name = destname;
6780 status = check_name(conn, smb_fname_src->base_name);
6781 if (!NT_STATUS_IS_OK(status)) {
6782 TALLOC_FREE(dir_hnd);
6783 TALLOC_FREE(talloced);
6784 reply_nterror(req, status);
6788 status = check_name(conn, smb_fname_dst->base_name);
6789 if (!NT_STATUS_IS_OK(status)) {
6790 TALLOC_FREE(dir_hnd);
6791 TALLOC_FREE(talloced);
6792 reply_nterror(req, status);
6796 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
6797 smb_fname_src->base_name,
6798 smb_fname_dst->base_name));
6800 status = copy_file(ctx, conn, smb_fname_src,
6801 smb_fname_dst, ofun, count,
6802 target_is_directory);
6803 if (NT_STATUS_IS_OK(status)) {
6807 TALLOC_FREE(talloced);
6809 TALLOC_FREE(dir_hnd);
6813 reply_doserror(req, ERRDOS, error);
6817 reply_outbuf(req, 1, 0);
6818 SSVAL(req->outbuf,smb_vwv0,count);
6820 TALLOC_FREE(smb_fname_src);
6821 TALLOC_FREE(smb_fname_dst);
6822 TALLOC_FREE(fname_src);
6823 TALLOC_FREE(fname_dst);
6824 TALLOC_FREE(fname_src_mask);
6825 TALLOC_FREE(fname_src_dir);
6827 END_PROFILE(SMBcopy);
6832 #define DBGC_CLASS DBGC_LOCKING
6834 /****************************************************************************
6835 Get a lock pid, dealing with large count requests.
6836 ****************************************************************************/
6838 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6839 bool large_file_format)
6841 if(!large_file_format)
6842 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6844 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6847 /****************************************************************************
6848 Get a lock count, dealing with large count requests.
6849 ****************************************************************************/
6851 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6852 bool large_file_format)
6856 if(!large_file_format) {
6857 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6860 #if defined(HAVE_LONGLONG)
6861 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6862 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6863 #else /* HAVE_LONGLONG */
6866 * NT4.x seems to be broken in that it sends large file (64 bit)
6867 * lockingX calls even if the CAP_LARGE_FILES was *not*
6868 * negotiated. For boxes without large unsigned ints truncate the
6869 * lock count by dropping the top 32 bits.
6872 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6873 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6874 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6875 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6876 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6879 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6880 #endif /* HAVE_LONGLONG */
6886 #if !defined(HAVE_LONGLONG)
6887 /****************************************************************************
6888 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6889 ****************************************************************************/
6891 static uint32 map_lock_offset(uint32 high, uint32 low)
6895 uint32 highcopy = high;
6898 * Try and find out how many significant bits there are in high.
6901 for(i = 0; highcopy; i++)
6905 * We use 31 bits not 32 here as POSIX
6906 * lock offsets may not be negative.
6909 mask = (~0) << (31 - i);
6912 return 0; /* Fail. */
6918 #endif /* !defined(HAVE_LONGLONG) */
6920 /****************************************************************************
6921 Get a lock offset, dealing with large offset requests.
6922 ****************************************************************************/
6924 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6925 bool large_file_format, bool *err)
6927 uint64_t offset = 0;
6931 if(!large_file_format) {
6932 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6935 #if defined(HAVE_LONGLONG)
6936 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6937 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6938 #else /* HAVE_LONGLONG */
6941 * NT4.x seems to be broken in that it sends large file (64 bit)
6942 * lockingX calls even if the CAP_LARGE_FILES was *not*
6943 * negotiated. For boxes without large unsigned ints mangle the
6944 * lock offset by mapping the top 32 bits onto the lower 32.
6947 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6948 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6949 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6952 if((new_low = map_lock_offset(high, low)) == 0) {
6954 return (uint64_t)-1;
6957 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6958 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6959 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6960 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6963 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6964 #endif /* HAVE_LONGLONG */
6970 NTSTATUS smbd_do_locking(struct smb_request *req,
6974 uint16_t num_ulocks,
6975 struct smbd_lock_element *ulocks,
6977 struct smbd_lock_element *locks,
6980 connection_struct *conn = req->conn;
6982 NTSTATUS status = NT_STATUS_OK;
6986 /* Data now points at the beginning of the list
6987 of smb_unlkrng structs */
6988 for(i = 0; i < (int)num_ulocks; i++) {
6989 struct smbd_lock_element *e = &ulocks[i];
6991 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
6992 "pid %u, file %s\n",
6995 (unsigned int)e->smbpid,
6998 if (e->brltype != UNLOCK_LOCK) {
6999 /* this can only happen with SMB2 */
7000 return NT_STATUS_INVALID_PARAMETER;
7003 status = do_unlock(smbd_messaging_context(),
7010 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7011 nt_errstr(status)));
7013 if (!NT_STATUS_IS_OK(status)) {
7018 /* Setup the timeout in seconds. */
7020 if (!lp_blocking_locks(SNUM(conn))) {
7024 /* Data now points at the beginning of the list
7025 of smb_lkrng structs */
7027 for(i = 0; i < (int)num_locks; i++) {
7028 struct smbd_lock_element *e = &locks[i];
7030 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for pid "
7031 "%u, file %s timeout = %d\n",
7034 (unsigned int)e->smbpid,
7038 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7039 struct blocking_lock_record *blr = NULL;
7041 if (num_locks > 1) {
7043 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7044 * if the lock vector contains one entry. When given mutliple cancel
7045 * requests in a single PDU we expect the server to return an
7046 * error. Windows servers seem to accept the request but only
7047 * cancel the first lock.
7048 * JRA - Do what Windows does (tm) :-).
7052 /* MS-CIFS (2.2.4.32.1) behavior. */
7053 return NT_STATUS_DOS(ERRDOS,
7054 ERRcancelviolation);
7056 /* Windows behavior. */
7058 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7059 "cancel request\n"));
7065 if (lp_blocking_locks(SNUM(conn))) {
7067 /* Schedule a message to ourselves to
7068 remove the blocking lock record and
7069 return the right error. */
7071 blr = blocking_lock_cancel(fsp,
7077 NT_STATUS_FILE_LOCK_CONFLICT);
7079 return NT_STATUS_DOS(
7081 ERRcancelviolation);
7084 /* Remove a matching pending lock. */
7085 status = do_lock_cancel(fsp,
7092 bool blocking_lock = timeout ? true : false;
7093 bool defer_lock = false;
7094 struct byte_range_lock *br_lck;
7095 uint32_t block_smbpid;
7097 br_lck = do_lock(smbd_messaging_context(),
7109 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7110 /* Windows internal resolution for blocking locks seems
7111 to be about 200ms... Don't wait for less than that. JRA. */
7112 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7113 timeout = lp_lock_spin_time();
7118 /* This heuristic seems to match W2K3 very well. If a
7119 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7120 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7121 far as I can tell. Replacement for do_lock_spin(). JRA. */
7123 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7124 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7126 timeout = lp_lock_spin_time();
7129 if (br_lck && defer_lock) {
7131 * A blocking lock was requested. Package up
7132 * this smb into a queued request and push it
7133 * onto the blocking lock queue.
7135 if(push_blocking_lock_request(br_lck,
7146 TALLOC_FREE(br_lck);
7148 return NT_STATUS_OK;
7152 TALLOC_FREE(br_lck);
7155 if (!NT_STATUS_IS_OK(status)) {
7160 /* If any of the above locks failed, then we must unlock
7161 all of the previous locks (X/Open spec). */
7163 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7165 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7166 i = -1; /* we want to skip the for loop */
7170 * Ensure we don't do a remove on the lock that just failed,
7171 * as under POSIX rules, if we have a lock already there, we
7172 * will delete it (and we shouldn't) .....
7174 for(i--; i >= 0; i--) {
7175 struct smbd_lock_element *e = &locks[i];
7177 do_unlock(smbd_messaging_context(),
7187 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7188 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7190 return NT_STATUS_OK;
7193 /****************************************************************************
7194 Reply to a lockingX request.
7195 ****************************************************************************/
7197 void reply_lockingX(struct smb_request *req)
7199 connection_struct *conn = req->conn;
7201 unsigned char locktype;
7202 unsigned char oplocklevel;
7207 const uint8_t *data;
7208 bool large_file_format;
7210 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7211 struct smbd_lock_element *ulocks;
7212 struct smbd_lock_element *locks;
7215 START_PROFILE(SMBlockingX);
7218 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7219 END_PROFILE(SMBlockingX);
7223 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7224 locktype = CVAL(req->vwv+3, 0);
7225 oplocklevel = CVAL(req->vwv+3, 1);
7226 num_ulocks = SVAL(req->vwv+6, 0);
7227 num_locks = SVAL(req->vwv+7, 0);
7228 lock_timeout = IVAL(req->vwv+4, 0);
7229 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7231 if (!check_fsp(conn, req, fsp)) {
7232 END_PROFILE(SMBlockingX);
7238 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7239 /* we don't support these - and CANCEL_LOCK makes w2k
7240 and XP reboot so I don't really want to be
7241 compatible! (tridge) */
7242 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
7243 END_PROFILE(SMBlockingX);
7247 /* Check if this is an oplock break on a file
7248 we have granted an oplock on.
7250 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7251 /* Client can insist on breaking to none. */
7252 bool break_to_none = (oplocklevel == 0);
7255 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7256 "for fnum = %d\n", (unsigned int)oplocklevel,
7260 * Make sure we have granted an exclusive or batch oplock on
7264 if (fsp->oplock_type == 0) {
7266 /* The Samba4 nbench simulator doesn't understand
7267 the difference between break to level2 and break
7268 to none from level2 - it sends oplock break
7269 replies in both cases. Don't keep logging an error
7270 message here - just ignore it. JRA. */
7272 DEBUG(5,("reply_lockingX: Error : oplock break from "
7273 "client for fnum = %d (oplock=%d) and no "
7274 "oplock granted on this file (%s).\n",
7275 fsp->fnum, fsp->oplock_type,
7278 /* if this is a pure oplock break request then don't
7280 if (num_locks == 0 && num_ulocks == 0) {
7281 END_PROFILE(SMBlockingX);
7284 END_PROFILE(SMBlockingX);
7285 reply_doserror(req, ERRDOS, ERRlock);
7290 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7292 result = remove_oplock(fsp);
7294 result = downgrade_oplock(fsp);
7298 DEBUG(0, ("reply_lockingX: error in removing "
7299 "oplock on file %s\n", fsp_str_dbg(fsp)));
7300 /* Hmmm. Is this panic justified? */
7301 smb_panic("internal tdb error");
7304 reply_to_oplock_break_requests(fsp);
7306 /* if this is a pure oplock break request then don't send a
7308 if (num_locks == 0 && num_ulocks == 0) {
7309 /* Sanity check - ensure a pure oplock break is not a
7311 if(CVAL(req->vwv+0, 0) != 0xff)
7312 DEBUG(0,("reply_lockingX: Error : pure oplock "
7313 "break is a chained %d request !\n",
7314 (unsigned int)CVAL(req->vwv+0, 0)));
7315 END_PROFILE(SMBlockingX);
7321 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7322 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7323 END_PROFILE(SMBlockingX);
7327 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7328 if (ulocks == NULL) {
7329 reply_nterror(req, NT_STATUS_NO_MEMORY);
7330 END_PROFILE(SMBlockingX);
7334 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7335 if (locks == NULL) {
7336 reply_nterror(req, NT_STATUS_NO_MEMORY);
7337 END_PROFILE(SMBlockingX);
7341 /* Data now points at the beginning of the list
7342 of smb_unlkrng structs */
7343 for(i = 0; i < (int)num_ulocks; i++) {
7344 ulocks[i].smbpid = get_lock_pid(data, i, large_file_format);
7345 ulocks[i].count = get_lock_count(data, i, large_file_format);
7346 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7347 ulocks[i].brltype = UNLOCK_LOCK;
7350 * There is no error code marked "stupid client bug".... :-).
7353 END_PROFILE(SMBlockingX);
7354 reply_doserror(req, ERRDOS, ERRnoaccess);
7359 /* Now do any requested locks */
7360 data += ((large_file_format ? 20 : 10)*num_ulocks);
7362 /* Data now points at the beginning of the list
7363 of smb_lkrng structs */
7365 for(i = 0; i < (int)num_locks; i++) {
7366 locks[i].smbpid = get_lock_pid(data, i, large_file_format);
7367 locks[i].count = get_lock_count(data, i, large_file_format);
7368 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7370 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7371 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7372 locks[i].brltype = PENDING_READ_LOCK;
7374 locks[i].brltype = READ_LOCK;
7377 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7378 locks[i].brltype = PENDING_WRITE_LOCK;
7380 locks[i].brltype = WRITE_LOCK;
7385 * There is no error code marked "stupid client bug".... :-).
7388 END_PROFILE(SMBlockingX);
7389 reply_doserror(req, ERRDOS, ERRnoaccess);
7394 status = smbd_do_locking(req, fsp,
7395 locktype, lock_timeout,
7399 if (!NT_STATUS_IS_OK(status)) {
7400 END_PROFILE(SMBlockingX);
7401 reply_nterror(req, status);
7405 END_PROFILE(SMBlockingX);
7409 reply_outbuf(req, 2, 0);
7411 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7412 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7414 END_PROFILE(SMBlockingX);
7419 #define DBGC_CLASS DBGC_ALL
7421 /****************************************************************************
7422 Reply to a SMBreadbmpx (read block multiplex) request.
7423 Always reply with an error, if someone has a platform really needs this,
7424 please contact vl@samba.org
7425 ****************************************************************************/
7427 void reply_readbmpx(struct smb_request *req)
7429 START_PROFILE(SMBreadBmpx);
7430 reply_doserror(req, ERRSRV, ERRuseSTD);
7431 END_PROFILE(SMBreadBmpx);
7435 /****************************************************************************
7436 Reply to a SMBreadbs (read block multiplex secondary) request.
7437 Always reply with an error, if someone has a platform really needs this,
7438 please contact vl@samba.org
7439 ****************************************************************************/
7441 void reply_readbs(struct smb_request *req)
7443 START_PROFILE(SMBreadBs);
7444 reply_doserror(req, ERRSRV, ERRuseSTD);
7445 END_PROFILE(SMBreadBs);
7449 /****************************************************************************
7450 Reply to a SMBsetattrE.
7451 ****************************************************************************/
7453 void reply_setattrE(struct smb_request *req)
7455 connection_struct *conn = req->conn;
7456 struct smb_file_time ft;
7460 START_PROFILE(SMBsetattrE);
7464 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7468 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7470 if(!fsp || (fsp->conn != conn)) {
7471 reply_doserror(req, ERRDOS, ERRbadfid);
7476 * Convert the DOS times into unix times.
7479 ft.atime = convert_time_t_to_timespec(
7480 srv_make_unix_date2(req->vwv+3));
7481 ft.mtime = convert_time_t_to_timespec(
7482 srv_make_unix_date2(req->vwv+5));
7483 ft.create_time = convert_time_t_to_timespec(
7484 srv_make_unix_date2(req->vwv+1));
7486 reply_outbuf(req, 0, 0);
7489 * Patch from Ray Frush <frush@engr.colostate.edu>
7490 * Sometimes times are sent as zero - ignore them.
7493 /* Ensure we have a valid stat struct for the source. */
7494 status = vfs_stat_fsp(fsp);
7495 if (!NT_STATUS_IS_OK(status)) {
7496 reply_nterror(req, status);
7500 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7501 if (!NT_STATUS_IS_OK(status)) {
7502 reply_doserror(req, ERRDOS, ERRnoaccess);
7506 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7509 (unsigned int)ft.atime.tv_sec,
7510 (unsigned int)ft.mtime.tv_sec,
7511 (unsigned int)ft.create_time.tv_sec
7514 END_PROFILE(SMBsetattrE);
7519 /* Back from the dead for OS/2..... JRA. */
7521 /****************************************************************************
7522 Reply to a SMBwritebmpx (write block multiplex primary) request.
7523 Always reply with an error, if someone has a platform really needs this,
7524 please contact vl@samba.org
7525 ****************************************************************************/
7527 void reply_writebmpx(struct smb_request *req)
7529 START_PROFILE(SMBwriteBmpx);
7530 reply_doserror(req, ERRSRV, ERRuseSTD);
7531 END_PROFILE(SMBwriteBmpx);
7535 /****************************************************************************
7536 Reply to a SMBwritebs (write block multiplex secondary) request.
7537 Always reply with an error, if someone has a platform really needs this,
7538 please contact vl@samba.org
7539 ****************************************************************************/
7541 void reply_writebs(struct smb_request *req)
7543 START_PROFILE(SMBwriteBs);
7544 reply_doserror(req, ERRSRV, ERRuseSTD);
7545 END_PROFILE(SMBwriteBs);
7549 /****************************************************************************
7550 Reply to a SMBgetattrE.
7551 ****************************************************************************/
7553 void reply_getattrE(struct smb_request *req)
7555 connection_struct *conn = req->conn;
7558 struct timespec create_ts;
7560 START_PROFILE(SMBgetattrE);
7563 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7564 END_PROFILE(SMBgetattrE);
7568 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7570 if(!fsp || (fsp->conn != conn)) {
7571 reply_doserror(req, ERRDOS, ERRbadfid);
7572 END_PROFILE(SMBgetattrE);
7576 /* Do an fstat on this file */
7578 reply_nterror(req, map_nt_error_from_unix(errno));
7579 END_PROFILE(SMBgetattrE);
7583 mode = dos_mode(conn, fsp->fsp_name);
7586 * Convert the times into dos times. Set create
7587 * date to be last modify date as UNIX doesn't save
7591 reply_outbuf(req, 11, 0);
7593 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
7594 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7595 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7596 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
7597 /* Should we check pending modtime here ? JRA */
7598 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7599 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
7602 SIVAL(req->outbuf, smb_vwv6, 0);
7603 SIVAL(req->outbuf, smb_vwv8, 0);
7605 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
7606 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
7607 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7609 SSVAL(req->outbuf,smb_vwv10, mode);
7611 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7613 END_PROFILE(SMBgetattrE);
git.samba.org / samba.git / blob