2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../lib/util/tevent_ntstatus.h"
26 #include "rpc_server/srv_pipe_hnd.h"
28 static struct tevent_req *smbd_smb2_write_send(TALLOC_CTX *mem_ctx,
29 struct tevent_context *ev,
30 struct smbd_smb2_request *smb2req,
32 uint64_t in_file_id_volatile,
36 static NTSTATUS smbd_smb2_write_recv(struct tevent_req *req,
39 static void smbd_smb2_request_write_done(struct tevent_req *subreq);
40 NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req)
44 const uint8_t *inbody;
45 int i = req->current_idx;
47 uint16_t in_data_offset;
48 uint32_t in_data_length;
49 DATA_BLOB in_data_buffer;
51 uint64_t in_file_id_persistent;
52 uint64_t in_file_id_volatile;
54 struct tevent_req *subreq;
56 status = smbd_smb2_request_verify_sizes(req, 0x31);
57 if (!NT_STATUS_IS_OK(status)) {
58 return smbd_smb2_request_error(req, status);
60 inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
61 inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
63 in_smbpid = IVAL(inhdr, SMB2_HDR_PID);
65 in_data_offset = SVAL(inbody, 0x02);
66 in_data_length = IVAL(inbody, 0x04);
67 in_offset = BVAL(inbody, 0x08);
68 in_file_id_persistent = BVAL(inbody, 0x10);
69 in_file_id_volatile = BVAL(inbody, 0x18);
70 in_flags = IVAL(inbody, 0x2C);
72 if (in_data_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
73 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
76 if (in_data_length > req->in.vector[i+2].iov_len) {
77 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
80 /* check the max write size */
81 if (in_data_length > req->sconn->smb2.max_write) {
82 DEBUG(2,("smbd_smb2_request_process_write : "
83 "client ignored max write :%s: 0x%08X: 0x%08X\n",
84 __location__, in_data_length, req->sconn->smb2.max_write));
85 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
88 in_data_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
89 in_data_buffer.length = in_data_length;
91 if (req->compat_chain_fsp) {
93 } else if (in_file_id_persistent != in_file_id_volatile) {
94 return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
97 subreq = smbd_smb2_write_send(req,
105 if (subreq == NULL) {
106 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
108 tevent_req_set_callback(subreq, smbd_smb2_request_write_done, req);
110 return smbd_smb2_request_pending_queue(req, subreq, 500);
113 static void smbd_smb2_request_write_done(struct tevent_req *subreq)
115 struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
116 struct smbd_smb2_request);
119 uint32_t out_count = 0;
121 NTSTATUS error; /* transport error */
123 status = smbd_smb2_write_recv(subreq, &out_count);
125 if (!NT_STATUS_IS_OK(status)) {
126 error = smbd_smb2_request_error(req, status);
127 if (!NT_STATUS_IS_OK(error)) {
128 smbd_server_connection_terminate(req->sconn,
135 outbody = data_blob_talloc(req->out.vector, NULL, 0x10);
136 if (outbody.data == NULL) {
137 error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
138 if (!NT_STATUS_IS_OK(error)) {
139 smbd_server_connection_terminate(req->sconn,
146 SSVAL(outbody.data, 0x00, 0x10 + 1); /* struct size */
147 SSVAL(outbody.data, 0x02, 0); /* reserved */
148 SIVAL(outbody.data, 0x04, out_count); /* count */
149 SIVAL(outbody.data, 0x08, 0); /* remaining */
150 SSVAL(outbody.data, 0x0C, 0); /* write channel info offset */
151 SSVAL(outbody.data, 0x0E, 0); /* write channel info length */
153 outdyn = data_blob_const(NULL, 0);
155 error = smbd_smb2_request_done(req, outbody, &outdyn);
156 if (!NT_STATUS_IS_OK(error)) {
157 smbd_server_connection_terminate(req->sconn, nt_errstr(error));
162 struct smbd_smb2_write_state {
163 struct smbd_smb2_request *smb2req;
164 struct smb_request *smbreq;
172 static void smbd_smb2_write_pipe_done(struct tevent_req *subreq);
174 NTSTATUS smb2_write_complete(struct tevent_req *req, ssize_t nwritten, int err)
177 struct smbd_smb2_write_state *state = tevent_req_data(req,
178 struct smbd_smb2_write_state);
179 files_struct *fsp = state->fsp;
181 if (nwritten == -1) {
182 status = map_nt_error_from_unix(err);
184 DEBUG(2, ("smb2_write failed: fnum=[%d/%s] "
185 "length=%lu offset=%lu nwritten=-1: %s\n",
188 (unsigned long)state->in_length,
189 (unsigned long)state->in_offset,
195 DEBUG(3,("smb2: fnum=[%d/%s] "
196 "length=%lu offset=%lu wrote=%lu\n",
199 (unsigned long)state->in_length,
200 (unsigned long)state->in_offset,
201 (unsigned long)nwritten));
203 if ((nwritten == 0) && (state->in_length != 0)) {
204 DEBUG(5,("smb2: write [%s] disk full\n",
206 return NT_STATUS_DISK_FULL;
209 status = sync_file(fsp->conn, fsp, state->write_through);
210 if (!NT_STATUS_IS_OK(status)) {
211 DEBUG(5,("smb2: sync_file for %s returned %s\n",
217 state->out_count = nwritten;
222 static bool smbd_smb2_write_cancel(struct tevent_req *req)
224 struct smbd_smb2_write_state *state =
226 struct smbd_smb2_write_state);
228 state->smb2req->cancelled = true;
230 return cancel_smb2_aio(state->smbreq);
233 static struct tevent_req *smbd_smb2_write_send(TALLOC_CTX *mem_ctx,
234 struct tevent_context *ev,
235 struct smbd_smb2_request *smb2req,
237 uint64_t in_file_id_volatile,
243 struct tevent_req *req = NULL;
244 struct smbd_smb2_write_state *state = NULL;
245 struct smb_request *smbreq = NULL;
246 connection_struct *conn = smb2req->tcon->compat_conn;
247 files_struct *fsp = NULL;
249 struct lock_struct lock;
251 req = tevent_req_create(mem_ctx, &state,
252 struct smbd_smb2_write_state);
256 state->smb2req = smb2req;
257 if (in_flags & SMB2_WRITEFLAG_WRITE_THROUGH) {
258 state->write_through = true;
260 state->in_length = in_data.length;
261 state->out_count = 0;
263 DEBUG(10,("smbd_smb2_write: file_id[0x%016llX]\n",
264 (unsigned long long)in_file_id_volatile));
266 smbreq = smbd_smb2_fake_smb_request(smb2req);
267 if (tevent_req_nomem(smbreq, req)) {
268 return tevent_req_post(req, ev);
270 state->smbreq = smbreq;
272 fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile);
274 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
275 return tevent_req_post(req, ev);
277 if (conn != fsp->conn) {
278 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
279 return tevent_req_post(req, ev);
281 if (smb2req->session->vuid != fsp->vuid) {
282 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
283 return tevent_req_post(req, ev);
288 if (IS_IPC(smbreq->conn)) {
289 struct tevent_req *subreq = NULL;
291 if (!fsp_is_np(fsp)) {
292 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
293 return tevent_req_post(req, ev);
296 subreq = np_write_send(state, ev,
297 fsp->fake_file_handle,
300 if (tevent_req_nomem(subreq, req)) {
301 return tevent_req_post(req, ev);
303 tevent_req_set_callback(subreq,
304 smbd_smb2_write_pipe_done,
309 if (!CHECK_WRITE(fsp)) {
310 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
311 return tevent_req_post(req, ev);
314 /* Try and do an asynchronous write. */
315 status = schedule_aio_smb2_write(conn,
320 state->write_through);
322 if (NT_STATUS_IS_OK(status)) {
324 * Doing an async write, allow this
325 * request to be canceled
327 tevent_req_set_cancel_fn(req, smbd_smb2_write_cancel);
331 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
332 /* Real error in setting up aio. Fail. */
333 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
334 return tevent_req_post(req, ev);
337 /* Fallback to synchronous. */
338 init_strict_lock_struct(fsp,
345 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
346 tevent_req_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
347 return tevent_req_post(req, ev);
350 nwritten = write_file(smbreq, fsp,
351 (const char *)in_data.data,
355 status = smb2_write_complete(req, nwritten, errno);
357 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
359 DEBUG(10,("smb2: write on "
360 "file %s, offset %.0f, requested %u, written = %u\n",
363 (unsigned int)in_data.length,
364 (unsigned int)nwritten ));
366 if (!NT_STATUS_IS_OK(status)) {
367 tevent_req_nterror(req, status);
370 tevent_req_done(req);
373 return tevent_req_post(req, ev);
376 static void smbd_smb2_write_pipe_done(struct tevent_req *subreq)
378 struct tevent_req *req = tevent_req_callback_data(subreq,
380 struct smbd_smb2_write_state *state = tevent_req_data(req,
381 struct smbd_smb2_write_state);
383 ssize_t nwritten = -1;
385 status = np_write_recv(subreq, &nwritten);
387 if (!NT_STATUS_IS_OK(status)) {
388 tevent_req_nterror(req, status);
392 if ((nwritten == 0 && state->in_length != 0) || (nwritten < 0)) {
393 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
397 state->out_count = nwritten;
399 tevent_req_done(req);
402 static NTSTATUS smbd_smb2_write_recv(struct tevent_req *req,
406 struct smbd_smb2_write_state *state = tevent_req_data(req,
407 struct smbd_smb2_write_state);
409 if (tevent_req_is_nterror(req, &status)) {
410 tevent_req_received(req);
414 *out_count = state->out_count;
416 tevent_req_received(req);