2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2004.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
33 unsigned int smb_echo_count = 0;
34 extern uint32 global_client_caps;
36 extern struct current_user current_user;
37 extern BOOL global_encrypted_passwords_negotiated;
39 /****************************************************************************
40 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 NTSTATUS check_path_syntax(pstring destname, const pstring srcname)
49 const char *s = srcname;
50 NTSTATUS ret = NT_STATUS_OK;
51 BOOL start_of_name_component = True;
52 unsigned int num_bad_components = 0;
55 if (IS_DIRECTORY_SEP(*s)) {
57 * Safe to assume is not the second part of a mb char as this is handled below.
59 /* Eat multiple '/' or '\\' */
60 while (IS_DIRECTORY_SEP(*s)) {
63 if ((d != destname) && (*s != '\0')) {
64 /* We only care about non-leading or trailing '/' or '\\' */
68 start_of_name_component = True;
72 if (start_of_name_component) {
73 if ((s[0] == '.') && (s[1] == '.') && (IS_DIRECTORY_SEP(s[2]) || s[2] == '\0')) {
74 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
77 * No mb char starts with '.' so we're safe checking the directory separator here.
80 /* If we just added a '/' - delete it */
81 if ((d > destname) && (*(d-1) == '/')) {
86 /* Are we at the start ? Can't go back further if so. */
88 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
91 /* Go back one level... */
92 /* We know this is safe as '/' cannot be part of a mb sequence. */
93 /* NOTE - if this assumption is invalid we are not in good shape... */
94 /* Decrement d first as d points to the *next* char to write into. */
95 for (d--; d > destname; d--) {
99 s += 2; /* Else go past the .. */
100 /* We're still at the start of a name component, just the previous one. */
102 if (num_bad_components) {
103 /* Hmmm. Should we only decrement the bad_components if
104 we're removing a bad component ? Need to check this. JRA. */
105 num_bad_components--;
110 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_DIRECTORY_SEP(s[1]))) {
111 /* Component of pathname can't be "." only. */
112 ret = NT_STATUS_OBJECT_NAME_INVALID;
113 num_bad_components++;
121 return NT_STATUS_OBJECT_NAME_INVALID;
129 return NT_STATUS_OBJECT_NAME_INVALID;
136 /* Get the size of the next MB character. */
137 next_codepoint(s,&siz);
155 DEBUG(0,("check_path_syntax: character length assumptions invalid !\n"));
157 return NT_STATUS_INVALID_PARAMETER;
160 if (start_of_name_component && num_bad_components) {
161 num_bad_components++;
163 start_of_name_component = False;
166 if (NT_STATUS_EQUAL(ret, NT_STATUS_OBJECT_NAME_INVALID)) {
167 if (num_bad_components > 1) {
168 ret = NT_STATUS_OBJECT_PATH_NOT_FOUND;
176 /****************************************************************************
177 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
178 path or anything including wildcards.
179 We're assuming here that '/' is not the second byte in any multibyte char
180 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
182 ****************************************************************************/
184 NTSTATUS check_path_syntax_wcard(pstring destname, const pstring srcname, BOOL *p_contains_wcard)
187 const char *s = srcname;
188 NTSTATUS ret = NT_STATUS_OK;
189 BOOL start_of_name_component = True;
190 unsigned int num_bad_components = 0;
192 *p_contains_wcard = False;
195 if (IS_DIRECTORY_SEP(*s)) {
197 * Safe to assume is not the second part of a mb char as this is handled below.
199 /* Eat multiple '/' or '\\' */
200 while (IS_DIRECTORY_SEP(*s)) {
203 if ((d != destname) && (*s != '\0')) {
204 /* We only care about non-leading or trailing '/' or '\\' */
208 start_of_name_component = True;
212 if (start_of_name_component) {
213 if ((s[0] == '.') && (s[1] == '.') && (IS_DIRECTORY_SEP(s[2]) || s[2] == '\0')) {
214 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
217 * No mb char starts with '.' so we're safe checking the directory separator here.
220 /* If we just added a '/' - delete it */
221 if ((d > destname) && (*(d-1) == '/')) {
226 /* Are we at the start ? Can't go back further if so. */
228 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
231 /* Go back one level... */
232 /* We know this is safe as '/' cannot be part of a mb sequence. */
233 /* NOTE - if this assumption is invalid we are not in good shape... */
234 /* Decrement d first as d points to the *next* char to write into. */
235 for (d--; d > destname; d--) {
239 s += 2; /* Else go past the .. */
240 /* We're still at the start of a name component, just the previous one. */
242 if (num_bad_components) {
243 /* Hmmm. Should we only decrement the bad_components if
244 we're removing a bad component ? Need to check this. JRA. */
245 num_bad_components--;
250 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_DIRECTORY_SEP(s[1]))) {
251 /* Component of pathname can't be "." only. */
252 ret = NT_STATUS_OBJECT_NAME_INVALID;
253 num_bad_components++;
261 return NT_STATUS_OBJECT_NAME_INVALID;
263 if (!*p_contains_wcard) {
270 *p_contains_wcard = True;
279 /* Get the size of the next MB character. */
280 next_codepoint(s,&siz);
298 DEBUG(0,("check_path_syntax_wcard: character length assumptions invalid !\n"));
300 return NT_STATUS_INVALID_PARAMETER;
303 if (start_of_name_component && num_bad_components) {
304 num_bad_components++;
306 start_of_name_component = False;
309 if (NT_STATUS_EQUAL(ret, NT_STATUS_OBJECT_NAME_INVALID)) {
310 /* For some strange reason being called from findfirst changes
311 the num_components number to cause the error return to change. JRA. */
312 if (num_bad_components > 2) {
313 ret = NT_STATUS_OBJECT_PATH_NOT_FOUND;
321 /****************************************************************************
322 Check the path for a POSIX client.
323 We're assuming here that '/' is not the second byte in any multibyte char
324 set (a safe assumption).
325 ****************************************************************************/
327 NTSTATUS check_path_syntax_posix(pstring destname, const pstring srcname)
330 const char *s = srcname;
331 NTSTATUS ret = NT_STATUS_OK;
332 BOOL start_of_name_component = True;
337 * Safe to assume is not the second part of a mb char as this is handled below.
339 /* Eat multiple '/' or '\\' */
343 if ((d != destname) && (*s != '\0')) {
344 /* We only care about non-leading or trailing '/' */
348 start_of_name_component = True;
352 if (start_of_name_component) {
353 if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) {
354 /* Uh oh - "/../" or "/..\0" ! */
357 * No mb char starts with '.' so we're safe checking the directory separator here.
360 /* If we just added a '/' - delete it */
361 if ((d > destname) && (*(d-1) == '/')) {
366 /* Are we at the start ? Can't go back further if so. */
368 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
371 /* Go back one level... */
372 /* We know this is safe as '/' cannot be part of a mb sequence. */
373 /* NOTE - if this assumption is invalid we are not in good shape... */
374 /* Decrement d first as d points to the *next* char to write into. */
375 for (d--; d > destname; d--) {
379 s += 2; /* Else go past the .. */
382 } else if ((s[0] == '.') && ((s[1] == '\0') || (s[1] == '/'))) {
393 /* Get the size of the next MB character. */
394 next_codepoint(s,&siz);
412 DEBUG(0,("check_path_syntax_posix: character length assumptions invalid !\n"));
414 return NT_STATUS_INVALID_PARAMETER;
417 start_of_name_component = False;
424 /****************************************************************************
425 Pull a string and check the path allowing a wilcard - provide for error return.
426 ****************************************************************************/
428 size_t srvstr_get_path_wcard(char *inbuf, char *dest, const char *src, size_t dest_len, size_t src_len, int flags,
429 NTSTATUS *err, BOOL *contains_wcard)
432 char *tmppath_ptr = tmppath;
435 SMB_ASSERT(dest_len == sizeof(pstring));
439 ret = srvstr_pull_buf( inbuf, tmppath_ptr, src, dest_len, flags);
441 ret = srvstr_pull( inbuf, tmppath_ptr, src, dest_len, src_len, flags);
444 *contains_wcard = False;
446 if (lp_posix_pathnames()) {
447 *err = check_path_syntax_posix(dest, tmppath);
449 *err = check_path_syntax_wcard(dest, tmppath, contains_wcard);
455 /****************************************************************************
456 Pull a string and check the path - provide for error return.
457 ****************************************************************************/
459 size_t srvstr_get_path(char *inbuf, char *dest, const char *src, size_t dest_len, size_t src_len, int flags, NTSTATUS *err)
462 char *tmppath_ptr = tmppath;
465 SMB_ASSERT(dest_len == sizeof(pstring));
469 ret = srvstr_pull_buf( inbuf, tmppath_ptr, src, dest_len, flags);
471 ret = srvstr_pull( inbuf, tmppath_ptr, src, dest_len, src_len, flags);
473 if (lp_posix_pathnames()) {
474 *err = check_path_syntax_posix(dest, tmppath);
476 *err = check_path_syntax(dest, tmppath);
482 /****************************************************************************
483 Reply to a special message.
484 ****************************************************************************/
486 int reply_special(char *inbuf,char *outbuf)
489 int msg_type = CVAL(inbuf,0);
490 int msg_flags = CVAL(inbuf,1);
494 static BOOL already_got_session = False;
498 memset(outbuf,'\0',smb_size);
500 smb_setlen(outbuf,0);
503 case 0x81: /* session request */
505 if (already_got_session) {
506 exit_server_cleanly("multiple session request not permitted");
509 SCVAL(outbuf,0,0x82);
511 if (name_len(inbuf+4) > 50 ||
512 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
513 DEBUG(0,("Invalid name length in session request\n"));
516 name_extract(inbuf,4,name1);
517 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
518 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
521 set_local_machine_name(name1, True);
522 set_remote_machine_name(name2, True);
524 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
525 get_local_machine_name(), get_remote_machine_name(),
528 if (name_type == 'R') {
529 /* We are being asked for a pathworks session ---
531 SCVAL(outbuf, 0,0x83);
535 /* only add the client's machine name to the list
536 of possibly valid usernames if we are operating
537 in share mode security */
538 if (lp_security() == SEC_SHARE) {
539 add_session_user(get_remote_machine_name());
542 reload_services(True);
545 already_got_session = True;
548 case 0x89: /* session keepalive request
549 (some old clients produce this?) */
550 SCVAL(outbuf,0,SMBkeepalive);
554 case 0x82: /* positive session response */
555 case 0x83: /* negative session response */
556 case 0x84: /* retarget session response */
557 DEBUG(0,("Unexpected session response\n"));
560 case SMBkeepalive: /* session keepalive */
565 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
566 msg_type, msg_flags));
571 /****************************************************************************
573 conn POINTER CAN BE NULL HERE !
574 ****************************************************************************/
576 int reply_tcon(connection_struct *conn,
577 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
584 uint16 vuid = SVAL(inbuf,smb_uid);
588 DATA_BLOB password_blob;
590 START_PROFILE(SMBtcon);
592 *service_buf = *password = *dev = 0;
594 p = smb_buf(inbuf)+1;
595 p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1;
596 pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1;
598 p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1;
600 p = strrchr_m(service_buf,'\\');
604 service = service_buf;
607 password_blob = data_blob(password, pwlen+1);
609 conn = make_connection(service,password_blob,dev,vuid,&nt_status);
611 data_blob_clear_free(&password_blob);
614 END_PROFILE(SMBtcon);
615 return ERROR_NT(nt_status);
618 outsize = set_message(outbuf,2,0,True);
619 SSVAL(outbuf,smb_vwv0,max_recv);
620 SSVAL(outbuf,smb_vwv1,conn->cnum);
621 SSVAL(outbuf,smb_tid,conn->cnum);
623 DEBUG(3,("tcon service=%s cnum=%d\n",
624 service, conn->cnum));
626 END_PROFILE(SMBtcon);
630 /****************************************************************************
631 Reply to a tcon and X.
632 conn POINTER CAN BE NULL HERE !
633 ****************************************************************************/
635 int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
640 /* what the cleint thinks the device is */
641 fstring client_devicetype;
642 /* what the server tells the client the share represents */
643 const char *server_devicetype;
645 uint16 vuid = SVAL(inbuf,smb_uid);
646 int passlen = SVAL(inbuf,smb_vwv3);
650 START_PROFILE(SMBtconX);
652 *service = *client_devicetype = 0;
654 /* we might have to close an old one */
655 if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
656 close_cnum(conn,vuid);
659 if (passlen > MAX_PASS_LEN) {
660 return ERROR_DOS(ERRDOS,ERRbuftoosmall);
663 if (global_encrypted_passwords_negotiated) {
664 password = data_blob(smb_buf(inbuf),passlen);
666 password = data_blob(smb_buf(inbuf),passlen+1);
667 /* Ensure correct termination */
668 password.data[passlen]=0;
671 p = smb_buf(inbuf) + passlen;
672 p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE);
675 * the service name can be either: \\server\share
676 * or share directly like on the DELL PowerVault 705
679 q = strchr_m(path+2,'\\');
681 END_PROFILE(SMBtconX);
682 return(ERROR_DOS(ERRDOS,ERRnosuchshare));
684 fstrcpy(service,q+1);
687 fstrcpy(service,path);
689 p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII);
691 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
693 conn = make_connection(service,password,client_devicetype,vuid,&nt_status);
695 data_blob_clear_free(&password);
698 END_PROFILE(SMBtconX);
699 return ERROR_NT(nt_status);
703 server_devicetype = "IPC";
704 else if ( IS_PRINT(conn) )
705 server_devicetype = "LPT1:";
707 server_devicetype = "A:";
709 if (Protocol < PROTOCOL_NT1) {
710 set_message(outbuf,2,0,True);
712 p += srvstr_push(outbuf, p, server_devicetype, -1,
713 STR_TERMINATE|STR_ASCII);
714 set_message_end(outbuf,p);
716 /* NT sets the fstype of IPC$ to the null string */
717 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
719 set_message(outbuf,3,0,True);
722 p += srvstr_push(outbuf, p, server_devicetype, -1,
723 STR_TERMINATE|STR_ASCII);
724 p += srvstr_push(outbuf, p, fstype, -1,
727 set_message_end(outbuf,p);
729 /* what does setting this bit do? It is set by NT4 and
730 may affect the ability to autorun mounted cdroms */
731 SSVAL(outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
732 (lp_csc_policy(SNUM(conn)) << 2));
734 init_dfsroot(conn, inbuf, outbuf);
738 DEBUG(3,("tconX service=%s \n",
741 /* set the incoming and outgoing tid to the just created one */
742 SSVAL(inbuf,smb_tid,conn->cnum);
743 SSVAL(outbuf,smb_tid,conn->cnum);
745 END_PROFILE(SMBtconX);
746 return chain_reply(inbuf,outbuf,length,bufsize);
749 /****************************************************************************
750 Reply to an unknown type.
751 ****************************************************************************/
753 int reply_unknown(char *inbuf,char *outbuf)
756 type = CVAL(inbuf,smb_com);
758 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
759 smb_fn_name(type), type, type));
761 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
764 /****************************************************************************
766 conn POINTER CAN BE NULL HERE !
767 ****************************************************************************/
769 int reply_ioctl(connection_struct *conn,
770 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
772 uint16 device = SVAL(inbuf,smb_vwv1);
773 uint16 function = SVAL(inbuf,smb_vwv2);
774 uint32 ioctl_code = (device << 16) + function;
775 int replysize, outsize;
777 START_PROFILE(SMBioctl);
779 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
781 switch (ioctl_code) {
782 case IOCTL_QUERY_JOB_INFO:
786 END_PROFILE(SMBioctl);
787 return(ERROR_DOS(ERRSRV,ERRnosupport));
790 outsize = set_message(outbuf,8,replysize+1,True);
791 SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
792 SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
793 SSVAL(outbuf,smb_vwv6,52); /* Offset to data */
794 p = smb_buf(outbuf) + 1; /* Allow for alignment */
796 switch (ioctl_code) {
797 case IOCTL_QUERY_JOB_INFO:
799 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
801 END_PROFILE(SMBioctl);
802 return(UNIXERROR(ERRDOS,ERRbadfid));
804 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
805 srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII);
807 srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII);
813 END_PROFILE(SMBioctl);
817 /****************************************************************************
819 ****************************************************************************/
821 int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
826 BOOL bad_path = False;
827 SMB_STRUCT_STAT sbuf;
830 START_PROFILE(SMBchkpth);
832 srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status);
833 if (!NT_STATUS_IS_OK(status)) {
834 END_PROFILE(SMBchkpth);
836 /* Strange DOS error code semantics only for chkpth... */
837 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
838 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
839 /* We need to map to ERRbadpath */
840 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
843 return ERROR_NT(status);
846 RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
848 unix_convert(name,conn,0,&bad_path,&sbuf);
850 END_PROFILE(SMBchkpth);
851 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
854 if (check_name(name,conn)) {
855 if (VALID_STAT(sbuf) || SMB_VFS_STAT(conn,name,&sbuf) == 0)
856 if (!(ok = S_ISDIR(sbuf.st_mode))) {
857 END_PROFILE(SMBchkpth);
858 return ERROR_BOTH(NT_STATUS_NOT_A_DIRECTORY,ERRDOS,ERRbadpath);
863 /* We special case this - as when a Windows machine
864 is parsing a path is steps through the components
865 one at a time - if a component fails it expects
866 ERRbadpath, not ERRbadfile.
868 if(errno == ENOENT) {
870 * Windows returns different error codes if
871 * the parent directory is valid but not the
872 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
873 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
874 * if the path is invalid. This is different from set_bad_path_error()
875 * in the non-NT error case.
877 END_PROFILE(SMBchkpth);
878 return ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpath);
881 END_PROFILE(SMBchkpth);
882 return(UNIXERROR(ERRDOS,ERRbadpath));
885 outsize = set_message(outbuf,0,0,False);
886 DEBUG(3,("chkpth %s mode=%d\n", name, (int)SVAL(inbuf,smb_vwv0)));
888 END_PROFILE(SMBchkpth);
892 /****************************************************************************
894 ****************************************************************************/
896 int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
900 SMB_STRUCT_STAT sbuf;
905 BOOL bad_path = False;
909 START_PROFILE(SMBgetatr);
911 p = smb_buf(inbuf) + 1;
912 p += srvstr_get_path(inbuf, fname, p, sizeof(fname), 0, STR_TERMINATE, &status);
913 if (!NT_STATUS_IS_OK(status)) {
914 END_PROFILE(SMBgetatr);
915 return ERROR_NT(status);
918 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
920 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
921 under WfWg - weird! */
923 mode = aHIDDEN | aDIR;
924 if (!CAN_WRITE(conn))
930 unix_convert(fname,conn,0,&bad_path,&sbuf);
932 END_PROFILE(SMBgetatr);
933 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
935 if (check_name(fname,conn)) {
936 if (VALID_STAT(sbuf) || SMB_VFS_STAT(conn,fname,&sbuf) == 0) {
937 mode = dos_mode(conn,fname,&sbuf);
939 mtime = sbuf.st_mtime;
944 DEBUG(3,("stat of %s failed (%s)\n",fname,strerror(errno)));
950 END_PROFILE(SMBgetatr);
951 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadfile);
954 outsize = set_message(outbuf,10,0,True);
956 SSVAL(outbuf,smb_vwv0,mode);
957 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
958 srv_put_dos_date3(outbuf,smb_vwv1,mtime & ~1);
960 srv_put_dos_date3(outbuf,smb_vwv1,mtime);
962 SIVAL(outbuf,smb_vwv3,(uint32)size);
964 if (Protocol >= PROTOCOL_NT1) {
965 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
968 DEBUG( 3, ( "getatr name=%s mode=%d size=%d\n", fname, mode, (uint32)size ) );
970 END_PROFILE(SMBgetatr);
974 /****************************************************************************
976 ****************************************************************************/
978 int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
985 SMB_STRUCT_STAT sbuf;
986 BOOL bad_path = False;
990 START_PROFILE(SMBsetatr);
992 p = smb_buf(inbuf) + 1;
993 p += srvstr_get_path(inbuf, fname, p, sizeof(fname), 0, STR_TERMINATE, &status);
994 if (!NT_STATUS_IS_OK(status)) {
995 END_PROFILE(SMBsetatr);
996 return ERROR_NT(status);
999 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1001 unix_convert(fname,conn,0,&bad_path,&sbuf);
1003 END_PROFILE(SMBsetatr);
1004 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1007 if (fname[0] == '.' && fname[1] == '\0') {
1009 * Not sure here is the right place to catch this
1010 * condition. Might be moved to somewhere else later -- vl
1012 END_PROFILE(SMBsetatr);
1013 return ERROR_NT(NT_STATUS_ACCESS_DENIED);
1016 mode = SVAL(inbuf,smb_vwv0);
1017 mtime = srv_make_unix_date3(inbuf+smb_vwv1);
1019 if (mode != FILE_ATTRIBUTE_NORMAL) {
1020 if (VALID_STAT_OF_DIR(sbuf))
1025 if (check_name(fname,conn)) {
1026 ok = (file_set_dosmode(conn,fname,mode,&sbuf,False) == 0);
1033 ok = set_filetime(conn,fname,mtime);
1036 END_PROFILE(SMBsetatr);
1037 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRnoaccess);
1040 outsize = set_message(outbuf,0,0,False);
1042 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1044 END_PROFILE(SMBsetatr);
1048 /****************************************************************************
1050 ****************************************************************************/
1052 int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1055 SMB_BIG_UINT dfree,dsize,bsize;
1056 START_PROFILE(SMBdskattr);
1058 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1059 END_PROFILE(SMBdskattr);
1060 return(UNIXERROR(ERRHRD,ERRgeneral));
1063 outsize = set_message(outbuf,5,0,True);
1065 if (Protocol <= PROTOCOL_LANMAN2) {
1066 double total_space, free_space;
1067 /* we need to scale this to a number that DOS6 can handle. We
1068 use floating point so we can handle large drives on systems
1069 that don't have 64 bit integers
1071 we end up displaying a maximum of 2G to DOS systems
1073 total_space = dsize * (double)bsize;
1074 free_space = dfree * (double)bsize;
1076 dsize = (total_space+63*512) / (64*512);
1077 dfree = (free_space+63*512) / (64*512);
1079 if (dsize > 0xFFFF) dsize = 0xFFFF;
1080 if (dfree > 0xFFFF) dfree = 0xFFFF;
1082 SSVAL(outbuf,smb_vwv0,dsize);
1083 SSVAL(outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1084 SSVAL(outbuf,smb_vwv2,512); /* and this must be 512 */
1085 SSVAL(outbuf,smb_vwv3,dfree);
1087 SSVAL(outbuf,smb_vwv0,dsize);
1088 SSVAL(outbuf,smb_vwv1,bsize/512);
1089 SSVAL(outbuf,smb_vwv2,512);
1090 SSVAL(outbuf,smb_vwv3,dfree);
1093 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1095 END_PROFILE(SMBdskattr);
1099 /****************************************************************************
1101 Can be called from SMBsearch, SMBffirst or SMBfunique.
1102 ****************************************************************************/
1104 int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1114 unsigned int numentries = 0;
1115 unsigned int maxentries = 0;
1116 BOOL finished = False;
1123 BOOL check_descend = False;
1124 BOOL expect_close = False;
1125 BOOL can_open = True;
1126 BOOL bad_path = False;
1128 BOOL mask_contains_wcard = False;
1129 BOOL allow_long_path_components = (SVAL(inbuf,smb_flg2) & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1131 START_PROFILE(SMBsearch);
1133 if (lp_posix_pathnames()) {
1134 END_PROFILE(SMBsearch);
1135 return reply_unknown(inbuf, outbuf);
1138 *mask = *directory = *fname = 0;
1140 /* If we were called as SMBffirst then we must expect close. */
1141 if(CVAL(inbuf,smb_com) == SMBffirst)
1142 expect_close = True;
1144 outsize = set_message(outbuf,1,3,True);
1145 maxentries = SVAL(inbuf,smb_vwv0);
1146 dirtype = SVAL(inbuf,smb_vwv1);
1147 p = smb_buf(inbuf) + 1;
1148 p += srvstr_get_path_wcard(inbuf, path, p, sizeof(path), 0, STR_TERMINATE, &nt_status, &mask_contains_wcard);
1149 if (!NT_STATUS_IS_OK(nt_status)) {
1150 END_PROFILE(SMBsearch);
1151 return ERROR_NT(nt_status);
1154 RESOLVE_DFSPATH_WCARD(path, conn, inbuf, outbuf);
1157 status_len = SVAL(p, 0);
1160 /* dirtype &= ~aDIR; */
1162 if (status_len == 0) {
1163 SMB_STRUCT_STAT sbuf;
1166 pstrcpy(directory,path);
1168 unix_convert(directory,conn,0,&bad_path,&sbuf);
1171 if (!check_name(directory,conn))
1174 p = strrchr_m(dir2,'/');
1183 p = strrchr_m(directory,'/');
1189 if (strlen(directory) == 0)
1190 pstrcpy(directory,".");
1191 memset((char *)status,'\0',21);
1192 SCVAL(status,0,(dirtype & 0x1F));
1196 memcpy(status,p,21);
1197 status_dirtype = CVAL(status,0) & 0x1F;
1198 if (status_dirtype != (dirtype & 0x1F))
1199 dirtype = status_dirtype;
1201 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1204 string_set(&conn->dirpath,dptr_path(dptr_num));
1205 pstrcpy(mask, dptr_wcard(dptr_num));
1209 p = smb_buf(outbuf) + 3;
1212 if (status_len == 0) {
1213 dptr_num = dptr_create(conn,directory,True,expect_close,SVAL(inbuf,smb_pid), mask, mask_contains_wcard, dirtype);
1215 if(dptr_num == -2) {
1216 END_PROFILE(SMBsearch);
1217 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRnofids);
1219 END_PROFILE(SMBsearch);
1220 return ERROR_DOS(ERRDOS,ERRnofids);
1223 dirtype = dptr_attr(dptr_num);
1226 DEBUG(4,("dptr_num is %d\n",dptr_num));
1229 if ((dirtype&0x1F) == aVOLID) {
1230 memcpy(p,status,21);
1231 make_dir_struct(p,"???????????",volume_label(SNUM(conn)),
1232 0,aVOLID,0,!allow_long_path_components);
1233 dptr_fill(p+12,dptr_num);
1234 if (dptr_zero(p+12) && (status_len==0))
1238 p += DIR_STRUCT_SIZE;
1241 maxentries = MIN(maxentries, ((BUFFER_SIZE - (p - outbuf))/DIR_STRUCT_SIZE));
1243 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1244 conn->dirpath,lp_dontdescend(SNUM(conn))));
1245 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True))
1246 check_descend = True;
1248 for (i=numentries;(i<maxentries) && !finished;i++) {
1249 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1251 memcpy(p,status,21);
1252 make_dir_struct(p,mask,fname,size, mode,date,
1253 !allow_long_path_components);
1254 if (!dptr_fill(p+12,dptr_num)) {
1258 p += DIR_STRUCT_SIZE;
1268 /* If we were called as SMBffirst with smb_search_id == NULL
1269 and no entries were found then return error and close dirptr
1272 if (numentries == 0 || !ok) {
1273 dptr_close(&dptr_num);
1274 } else if(ok && expect_close && status_len == 0) {
1275 /* Close the dptr - we know it's gone */
1276 dptr_close(&dptr_num);
1279 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1280 if(dptr_num >= 0 && CVAL(inbuf,smb_com) == SMBfunique) {
1281 dptr_close(&dptr_num);
1284 if ((numentries == 0) && !mask_contains_wcard) {
1285 return ERROR_BOTH(STATUS_NO_MORE_FILES,ERRDOS,ERRnofiles);
1288 SSVAL(outbuf,smb_vwv0,numentries);
1289 SSVAL(outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1290 SCVAL(smb_buf(outbuf),0,5);
1291 SSVAL(smb_buf(outbuf),1,numentries*DIR_STRUCT_SIZE);
1293 /* The replies here are never long name. */
1294 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1295 if (!allow_long_path_components) {
1296 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_LONG_PATH_COMPONENTS));
1299 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1300 SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1302 outsize += DIR_STRUCT_SIZE*numentries;
1303 smb_setlen(outbuf,outsize - 4);
1305 if ((! *directory) && dptr_path(dptr_num))
1306 slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
1308 DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1309 smb_fn_name(CVAL(inbuf,smb_com)),
1310 mask, directory, dirtype, numentries, maxentries ) );
1312 END_PROFILE(SMBsearch);
1316 /****************************************************************************
1317 Reply to a fclose (stop directory search).
1318 ****************************************************************************/
1320 int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1329 BOOL path_contains_wcard = False;
1331 START_PROFILE(SMBfclose);
1333 if (lp_posix_pathnames()) {
1334 END_PROFILE(SMBfclose);
1335 return reply_unknown(inbuf, outbuf);
1338 outsize = set_message(outbuf,1,0,True);
1339 p = smb_buf(inbuf) + 1;
1340 p += srvstr_get_path_wcard(inbuf, path, p, sizeof(path), 0, STR_TERMINATE, &err, &path_contains_wcard);
1341 if (!NT_STATUS_IS_OK(err)) {
1342 END_PROFILE(SMBfclose);
1343 return ERROR_NT(err);
1346 status_len = SVAL(p,0);
1349 if (status_len == 0) {
1350 END_PROFILE(SMBfclose);
1351 return ERROR_DOS(ERRSRV,ERRsrverror);
1354 memcpy(status,p,21);
1356 if(dptr_fetch(status+12,&dptr_num)) {
1357 /* Close the dptr - we know it's gone */
1358 dptr_close(&dptr_num);
1361 SSVAL(outbuf,smb_vwv0,0);
1363 DEBUG(3,("search close\n"));
1365 END_PROFILE(SMBfclose);
1369 /****************************************************************************
1371 ****************************************************************************/
1373 int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1381 SMB_STRUCT_STAT sbuf;
1382 BOOL bad_path = False;
1384 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1386 uint32 dos_attr = SVAL(inbuf,smb_vwv1);
1389 uint32 create_disposition;
1390 uint32 create_options = 0;
1392 START_PROFILE(SMBopen);
1394 deny_mode = SVAL(inbuf,smb_vwv0);
1396 srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), 0, STR_TERMINATE, &status);
1397 if (!NT_STATUS_IS_OK(status)) {
1398 END_PROFILE(SMBopen);
1399 return ERROR_NT(status);
1402 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1404 unix_convert(fname,conn,0,&bad_path,&sbuf);
1406 END_PROFILE(SMBopen);
1407 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1410 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1411 &access_mask, &share_mode, &create_disposition, &create_options)) {
1412 END_PROFILE(SMBopen);
1413 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1416 status = open_file_ntcreate(conn,fname,&sbuf,
1425 if (!NT_STATUS_IS_OK(status)) {
1426 END_PROFILE(SMBopen);
1427 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1428 /* We have re-scheduled this call. */
1431 return ERROR_NT(status);
1434 size = sbuf.st_size;
1435 fattr = dos_mode(conn,fname,&sbuf);
1436 mtime = sbuf.st_mtime;
1439 DEBUG(3,("attempt to open a directory %s\n",fname));
1440 close_file(fsp,ERROR_CLOSE);
1441 END_PROFILE(SMBopen);
1442 return ERROR_DOS(ERRDOS,ERRnoaccess);
1445 outsize = set_message(outbuf,7,0,True);
1446 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1447 SSVAL(outbuf,smb_vwv1,fattr);
1448 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1449 srv_put_dos_date3(outbuf,smb_vwv2,mtime & ~1);
1451 srv_put_dos_date3(outbuf,smb_vwv2,mtime);
1453 SIVAL(outbuf,smb_vwv4,(uint32)size);
1454 SSVAL(outbuf,smb_vwv6,deny_mode);
1456 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1457 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1460 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1461 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1463 END_PROFILE(SMBopen);
1467 /****************************************************************************
1468 Reply to an open and X.
1469 ****************************************************************************/
1471 int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1474 uint16 open_flags = SVAL(inbuf,smb_vwv2);
1475 int deny_mode = SVAL(inbuf,smb_vwv3);
1476 uint32 smb_attr = SVAL(inbuf,smb_vwv5);
1477 /* Breakout the oplock request bits so we can set the
1478 reply bits separately. */
1479 int ex_oplock_request = EXTENDED_OPLOCK_REQUEST(inbuf);
1480 int core_oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1481 int oplock_request = ex_oplock_request | core_oplock_request;
1483 int smb_sattr = SVAL(inbuf,smb_vwv4);
1484 uint32 smb_time = make_unix_date3(inbuf+smb_vwv6);
1486 int smb_ofun = SVAL(inbuf,smb_vwv8);
1489 SMB_STRUCT_STAT sbuf;
1491 BOOL bad_path = False;
1494 SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv9);
1495 ssize_t retval = -1;
1498 uint32 create_disposition;
1499 uint32 create_options = 0;
1501 START_PROFILE(SMBopenX);
1503 /* If it's an IPC, pass off the pipe handler. */
1505 if (lp_nt_pipe_support()) {
1506 END_PROFILE(SMBopenX);
1507 return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize);
1509 END_PROFILE(SMBopenX);
1510 return ERROR_DOS(ERRSRV,ERRaccess);
1514 /* XXXX we need to handle passed times, sattr and flags */
1515 srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, &status);
1516 if (!NT_STATUS_IS_OK(status)) {
1517 END_PROFILE(SMBopenX);
1518 return ERROR_NT(status);
1521 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1523 unix_convert(fname,conn,0,&bad_path,&sbuf);
1525 END_PROFILE(SMBopenX);
1526 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1529 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1532 &create_disposition,
1534 END_PROFILE(SMBopenX);
1535 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1538 status = open_file_ntcreate(conn,fname,&sbuf,
1547 if (!NT_STATUS_IS_OK(status)) {
1548 END_PROFILE(SMBopenX);
1549 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1550 /* We have re-scheduled this call. */
1553 return ERROR_NT(status);
1556 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1557 if the file is truncated or created. */
1558 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1559 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1560 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1561 close_file(fsp,ERROR_CLOSE);
1562 END_PROFILE(SMBopenX);
1563 return ERROR_NT(NT_STATUS_DISK_FULL);
1565 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1567 close_file(fsp,ERROR_CLOSE);
1568 END_PROFILE(SMBopenX);
1569 return ERROR_NT(NT_STATUS_DISK_FULL);
1571 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1574 fattr = dos_mode(conn,fname,&sbuf);
1575 mtime = sbuf.st_mtime;
1577 close_file(fsp,ERROR_CLOSE);
1578 END_PROFILE(SMBopenX);
1579 return ERROR_DOS(ERRDOS,ERRnoaccess);
1582 /* If the caller set the extended oplock request bit
1583 and we granted one (by whatever means) - set the
1584 correct bit for extended oplock reply.
1587 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1588 smb_action |= EXTENDED_OPLOCK_GRANTED;
1591 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1592 smb_action |= EXTENDED_OPLOCK_GRANTED;
1595 /* If the caller set the core oplock request bit
1596 and we granted one (by whatever means) - set the
1597 correct bit for core oplock reply.
1600 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1601 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1604 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1605 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1608 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1609 set_message(outbuf,19,0,True);
1611 set_message(outbuf,15,0,True);
1613 SSVAL(outbuf,smb_vwv2,fsp->fnum);
1614 SSVAL(outbuf,smb_vwv3,fattr);
1615 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1616 srv_put_dos_date3(outbuf,smb_vwv4,mtime & ~1);
1618 srv_put_dos_date3(outbuf,smb_vwv4,mtime);
1620 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
1621 SSVAL(outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1622 SSVAL(outbuf,smb_vwv11,smb_action);
1624 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1625 SIVAL(outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1628 END_PROFILE(SMBopenX);
1629 return chain_reply(inbuf,outbuf,length,bufsize);
1632 /****************************************************************************
1633 Reply to a SMBulogoffX.
1634 conn POINTER CAN BE NULL HERE !
1635 ****************************************************************************/
1637 int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1639 uint16 vuid = SVAL(inbuf,smb_uid);
1640 user_struct *vuser = get_valid_user_struct(vuid);
1641 START_PROFILE(SMBulogoffX);
1644 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n", vuid));
1646 /* in user level security we are supposed to close any files
1647 open by this user */
1648 if ((vuser != 0) && (lp_security() != SEC_SHARE))
1649 file_close_user(vuid);
1651 invalidate_vuid(vuid);
1653 set_message(outbuf,2,0,True);
1655 DEBUG( 3, ( "ulogoffX vuid=%d\n", vuid ) );
1657 END_PROFILE(SMBulogoffX);
1658 return chain_reply(inbuf,outbuf,length,bufsize);
1661 /****************************************************************************
1662 Reply to a mknew or a create.
1663 ****************************************************************************/
1665 int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1670 uint32 fattr = SVAL(inbuf,smb_vwv0);
1671 struct utimbuf times;
1672 BOOL bad_path = False;
1674 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1675 SMB_STRUCT_STAT sbuf;
1677 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1678 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1679 uint32 create_disposition;
1680 uint32 create_options = 0;
1682 START_PROFILE(SMBcreate);
1684 com = SVAL(inbuf,smb_com);
1686 times.modtime = srv_make_unix_date3(inbuf + smb_vwv1);
1688 srvstr_get_path(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), 0, STR_TERMINATE, &status);
1689 if (!NT_STATUS_IS_OK(status)) {
1690 END_PROFILE(SMBcreate);
1691 return ERROR_NT(status);
1694 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1696 unix_convert(fname,conn,0,&bad_path,&sbuf);
1698 END_PROFILE(SMBcreate);
1699 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1702 if (fattr & aVOLID) {
1703 DEBUG(0,("Attempt to create file (%s) with volid set - please report this\n",fname));
1706 if(com == SMBmknew) {
1707 /* We should fail if file exists. */
1708 create_disposition = FILE_CREATE;
1710 /* Create if file doesn't exist, truncate if it does. */
1711 create_disposition = FILE_OVERWRITE_IF;
1714 /* Open file using ntcreate. */
1715 status = open_file_ntcreate(conn,fname,&sbuf,
1724 if (!NT_STATUS_IS_OK(status)) {
1725 END_PROFILE(SMBcreate);
1726 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1727 /* We have re-scheduled this call. */
1730 return ERROR_NT(status);
1733 times.actime = sbuf.st_atime;
1734 file_utime(conn, fname, ×);
1736 outsize = set_message(outbuf,1,0,True);
1737 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1739 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1740 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1743 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1744 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1747 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1748 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n", fname, fsp->fh->fd, (unsigned int)fattr ) );
1750 END_PROFILE(SMBcreate);
1754 /****************************************************************************
1755 Reply to a create temporary file.
1756 ****************************************************************************/
1758 int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1762 uint32 fattr = SVAL(inbuf,smb_vwv0);
1763 BOOL bad_path = False;
1765 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1767 SMB_STRUCT_STAT sbuf;
1770 unsigned int namelen;
1772 START_PROFILE(SMBctemp);
1774 srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), 0, STR_TERMINATE, &status);
1775 if (!NT_STATUS_IS_OK(status)) {
1776 END_PROFILE(SMBctemp);
1777 return ERROR_NT(status);
1780 pstrcat(fname,"/TMXXXXXX");
1782 pstrcat(fname,"TMXXXXXX");
1785 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1787 unix_convert(fname,conn,0,&bad_path,&sbuf);
1789 END_PROFILE(SMBctemp);
1790 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1793 tmpfd = smb_mkstemp(fname);
1795 END_PROFILE(SMBctemp);
1796 return(UNIXERROR(ERRDOS,ERRnoaccess));
1799 SMB_VFS_STAT(conn,fname,&sbuf);
1801 /* We should fail if file does not exist. */
1802 status = open_file_ntcreate(conn,fname,&sbuf,
1803 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
1804 FILE_SHARE_READ|FILE_SHARE_WRITE,
1811 /* close fd from smb_mkstemp() */
1814 if (!NT_STATUS_IS_OK(status)) {
1815 END_PROFILE(SMBctemp);
1816 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1817 /* We have re-scheduled this call. */
1820 return ERROR_NT(status);
1823 outsize = set_message(outbuf,1,0,True);
1824 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1826 /* the returned filename is relative to the directory */
1827 s = strrchr_m(fname, '/');
1834 p = smb_buf(outbuf);
1836 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
1837 thing in the byte section. JRA */
1838 SSVALS(p, 0, -1); /* what is this? not in spec */
1840 namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);
1842 outsize = set_message_end(outbuf, p);
1844 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1845 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1848 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1849 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1852 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
1853 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
1854 (unsigned int)sbuf.st_mode ) );
1856 END_PROFILE(SMBctemp);
1860 /*******************************************************************
1861 Check if a user is allowed to rename a file.
1862 ********************************************************************/
1864 static NTSTATUS can_rename(connection_struct *conn, char *fname, uint16 dirtype, SMB_STRUCT_STAT *pst)
1870 if (!CAN_WRITE(conn)) {
1871 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1874 fmode = dos_mode(conn,fname,pst);
1875 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
1876 return NT_STATUS_NO_SUCH_FILE;
1879 if (S_ISDIR(pst->st_mode)) {
1880 return NT_STATUS_OK;
1883 status = open_file_ntcreate(conn, fname, pst,
1885 FILE_SHARE_READ|FILE_SHARE_WRITE,
1888 FILE_ATTRIBUTE_NORMAL,
1892 if (!NT_STATUS_IS_OK(status)) {
1895 close_file(fsp,NORMAL_CLOSE);
1896 return NT_STATUS_OK;
1899 /*******************************************************************
1900 Check if a user is allowed to delete a file.
1901 ********************************************************************/
1903 static NTSTATUS can_delete(connection_struct *conn, char *fname,
1904 uint32 dirtype, BOOL bad_path)
1906 SMB_STRUCT_STAT sbuf;
1911 DEBUG(10,("can_delete: %s, dirtype = %d\n", fname, dirtype ));
1913 if (!CAN_WRITE(conn)) {
1914 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1917 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
1918 if(errno == ENOENT) {
1920 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1922 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1925 return map_nt_error_from_unix(errno);
1928 fattr = dos_mode(conn,fname,&sbuf);
1930 /* Can't delete a directory. */
1932 return NT_STATUS_FILE_IS_A_DIRECTORY;
1936 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
1937 return NT_STATUS_OBJECT_NAME_INVALID;
1938 #endif /* JRATEST */
1940 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
1942 On a Windows share, a file with read-only dosmode can be opened with
1943 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
1944 fails with NT_STATUS_CANNOT_DELETE error.
1946 This semantic causes a problem that a user can not
1947 rename a file with read-only dosmode on a Samba share
1948 from a Windows command prompt (i.e. cmd.exe, but can rename
1949 from Windows Explorer).
1952 if (!lp_delete_readonly(SNUM(conn))) {
1953 if (fattr & aRONLY) {
1954 return NT_STATUS_CANNOT_DELETE;
1957 if ((fattr & ~dirtype) & (aHIDDEN | aSYSTEM)) {
1958 return NT_STATUS_NO_SUCH_FILE;
1961 /* On open checks the open itself will check the share mode, so
1962 don't do it here as we'll get it wrong. */
1964 status = open_file_ntcreate(conn, fname, &sbuf,
1969 FILE_ATTRIBUTE_NORMAL,
1973 if (NT_STATUS_IS_OK(status)) {
1974 close_file(fsp,NORMAL_CLOSE);
1979 /****************************************************************************
1980 The guts of the unlink command, split out so it may be called by the NT SMB
1982 ****************************************************************************/
1984 NTSTATUS unlink_internals(connection_struct *conn, uint32 dirtype,
1985 char *name, BOOL has_wild)
1992 NTSTATUS error = NT_STATUS_OK;
1993 BOOL bad_path = False;
1995 SMB_STRUCT_STAT sbuf;
1997 *directory = *mask = 0;
1999 rc = unix_convert(name,conn,0,&bad_path,&sbuf);
2002 * Feel my pain, this code needs rewriting *very* badly! -- vl
2004 pstrcpy(orig_name, name);
2006 p = strrchr_m(name,'/');
2008 pstrcpy(directory,".");
2012 pstrcpy(directory,name);
2017 * We should only check the mangled cache
2018 * here if unix_convert failed. This means
2019 * that the path in 'mask' doesn't exist
2020 * on the file system and so we need to look
2021 * for a possible mangle. This patch from
2022 * Tine Smukavec <valentin.smukavec@hermes.si>.
2025 if (!rc && mangle_is_mangled(mask,conn->params))
2026 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
2032 pstrcat(directory,"/");
2033 pstrcat(directory,mask);
2034 error = can_delete(conn,directory,dirtype,bad_path);
2035 if (!NT_STATUS_IS_OK(error))
2038 if (SMB_VFS_UNLINK(conn,directory) == 0) {
2042 if (parent_dirname_talloc(tmp_talloc_ctx(), orig_name,
2044 notify_action(conn, dir, fname, -1,
2045 NOTIFY_ACTION_REMOVED);
2046 TALLOC_FREE(dir); /* not strictly necessary */
2050 struct smb_Dir *dir_hnd = NULL;
2053 if (strequal(mask,"????????.???"))
2056 if (check_name(directory,conn))
2057 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2059 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2060 the pattern matches against the long name, otherwise the short name
2061 We don't implement this yet XXXX
2066 error = NT_STATUS_NO_SUCH_FILE;
2068 while ((dname = ReadDirName(dir_hnd, &offset))) {
2071 BOOL sys_direntry = False;
2072 pstrcpy(fname,dname);
2074 if (!is_visible_file(conn, directory, dname, &st, True)) {
2078 /* Quick check for "." and ".." */
2079 if (fname[0] == '.') {
2080 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2081 if (dirtype & FILE_ATTRIBUTE_DIRECTORY) {
2082 sys_direntry = True;
2089 if(!mask_match(fname, mask, conn->case_sensitive))
2093 error = NT_STATUS_OBJECT_NAME_INVALID;
2094 DEBUG(3,("unlink_internals: system directory delete denied [%s] mask [%s]\n",
2099 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2100 error = can_delete(conn, fname, dirtype,
2102 if (!NT_STATUS_IS_OK(error)) {
2105 if (SMB_VFS_UNLINK(conn,fname) == 0)
2107 notify_action(conn, directory, dname,
2108 -1, NOTIFY_ACTION_REMOVED);
2109 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",fname));
2115 if (count == 0 && NT_STATUS_IS_OK(error)) {
2116 error = map_nt_error_from_unix(errno);
2122 /****************************************************************************
2124 ****************************************************************************/
2126 int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
2133 BOOL path_contains_wcard = False;
2135 START_PROFILE(SMBunlink);
2137 dirtype = SVAL(inbuf,smb_vwv0);
2139 srvstr_get_path_wcard(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status, &path_contains_wcard);
2140 if (!NT_STATUS_IS_OK(status)) {
2141 END_PROFILE(SMBunlink);
2142 return ERROR_NT(status);
2145 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
2147 DEBUG(3,("reply_unlink : %s\n",name));
2149 status = unlink_internals(conn, dirtype, name, path_contains_wcard);
2150 if (!NT_STATUS_IS_OK(status)) {
2151 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
2152 /* We have re-scheduled this call. */
2155 return ERROR_NT(status);
2159 * Win2k needs a changenotify request response before it will
2160 * update after a rename..
2162 process_pending_change_notify_queue((time_t)0);
2164 outsize = set_message(outbuf,0,0,False);
2166 END_PROFILE(SMBunlink);
2170 /****************************************************************************
2172 ****************************************************************************/
2174 static void fail_readraw(void)
2177 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2179 exit_server_cleanly(errstr);
2182 #if defined(WITH_SENDFILE)
2183 /****************************************************************************
2184 Fake (read/write) sendfile. Returns -1 on read or write fail.
2185 ****************************************************************************/
2187 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos, size_t nread, char *buf, int bufsize)
2191 /* Paranioa check... */
2192 if (nread > bufsize) {
2197 ret = read_file(fsp,buf,startpos,nread);
2203 /* If we had a short read, fill with zeros. */
2205 memset(buf, '\0', nread - ret);
2208 if (write_data(smbd_server_fd(),buf,nread) != nread) {
2212 return (ssize_t)nread;
2216 /****************************************************************************
2217 Use sendfile in readbraw.
2218 ****************************************************************************/
2220 void send_file_readbraw(connection_struct *conn, files_struct *fsp, SMB_OFF_T startpos, size_t nread,
2221 ssize_t mincount, char *outbuf, int out_buffsize)
2225 #if defined(WITH_SENDFILE)
2227 * We can only use sendfile on a non-chained packet
2228 * but we can use on a non-oplocked file. tridge proved this
2229 * on a train in Germany :-). JRA.
2230 * reply_readbraw has already checked the length.
2233 if ( (chain_size == 0) && (nread > 0) &&
2234 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2237 _smb_setlen(outbuf,nread);
2238 header.data = (uint8 *)outbuf;
2242 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, nread) == -1) {
2243 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2244 if (errno == ENOSYS) {
2245 goto normal_readbraw;
2249 * Special hack for broken Linux with no working sendfile. If we
2250 * return EINTR we sent the header but not the rest of the data.
2251 * Fake this up by doing read/write calls.
2253 if (errno == EINTR) {
2254 /* Ensure we don't do this again. */
2255 set_use_sendfile(SNUM(conn), False);
2256 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2258 if (fake_sendfile(fsp, startpos, nread, outbuf + 4, out_buffsize - 4) == -1) {
2259 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2260 fsp->fsp_name, strerror(errno) ));
2261 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2266 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2267 fsp->fsp_name, strerror(errno) ));
2268 exit_server_cleanly("send_file_readbraw sendfile failed");
2278 ret = read_file(fsp,outbuf+4,startpos,nread);
2279 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2288 _smb_setlen(outbuf,ret);
2289 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2293 /****************************************************************************
2294 Reply to a readbraw (core+ protocol).
2295 ****************************************************************************/
2297 int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int out_buffsize)
2299 ssize_t maxcount,mincount;
2302 char *header = outbuf;
2304 START_PROFILE(SMBreadbraw);
2306 if (srv_is_signing_active()) {
2307 exit_server_cleanly("reply_readbraw: SMB signing is active - raw reads/writes are disallowed.");
2311 * Special check if an oplock break has been issued
2312 * and the readraw request croses on the wire, we must
2313 * return a zero length response here.
2316 fsp = file_fsp(inbuf,smb_vwv0);
2318 if (!FNUM_OK(fsp,conn) || !fsp->can_read) {
2320 * fsp could be NULL here so use the value from the packet. JRA.
2322 DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",(int)SVAL(inbuf,smb_vwv0)));
2323 _smb_setlen(header,0);
2324 if (write_data(smbd_server_fd(),header,4) != 4)
2326 END_PROFILE(SMBreadbraw);
2330 CHECK_FSP(fsp,conn);
2332 flush_write_cache(fsp, READRAW_FLUSH);
2334 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
2335 if(CVAL(inbuf,smb_wct) == 10) {
2337 * This is a large offset (64 bit) read.
2339 #ifdef LARGE_SMB_OFF_T
2341 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv8)) << 32);
2343 #else /* !LARGE_SMB_OFF_T */
2346 * Ensure we haven't been sent a >32 bit offset.
2349 if(IVAL(inbuf,smb_vwv8) != 0) {
2350 DEBUG(0,("readbraw - large offset (%x << 32) used and we don't support \
2351 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv8) ));
2352 _smb_setlen(header,0);
2353 if (write_data(smbd_server_fd(),header,4) != 4)
2355 END_PROFILE(SMBreadbraw);
2359 #endif /* LARGE_SMB_OFF_T */
2362 DEBUG(0,("readbraw - negative 64 bit readraw offset (%.0f) !\n", (double)startpos ));
2363 _smb_setlen(header,0);
2364 if (write_data(smbd_server_fd(),header,4) != 4)
2366 END_PROFILE(SMBreadbraw);
2370 maxcount = (SVAL(inbuf,smb_vwv3) & 0xFFFF);
2371 mincount = (SVAL(inbuf,smb_vwv4) & 0xFFFF);
2373 /* ensure we don't overrun the packet size */
2374 maxcount = MIN(65535,maxcount);
2376 if (!is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2380 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2384 if (startpos >= size) {
2387 nread = MIN(maxcount,(size - startpos));
2391 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2392 if (nread < mincount)
2396 DEBUG( 3, ( "readbraw fnum=%d start=%.0f max=%lu min=%lu nread=%lu\n", fsp->fnum, (double)startpos,
2397 (unsigned long)maxcount, (unsigned long)mincount, (unsigned long)nread ) );
2399 send_file_readbraw(conn, fsp, startpos, nread, mincount, outbuf, out_buffsize);
2401 DEBUG(5,("readbraw finished\n"));
2402 END_PROFILE(SMBreadbraw);
2407 #define DBGC_CLASS DBGC_LOCKING
2409 /****************************************************************************
2410 Reply to a lockread (core+ protocol).
2411 ****************************************************************************/
2413 int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz)
2421 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2422 struct byte_range_lock *br_lck = NULL;
2423 START_PROFILE(SMBlockread);
2425 CHECK_FSP(fsp,conn);
2426 if (!CHECK_READ(fsp,inbuf)) {
2427 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2430 release_level_2_oplocks_on_change(fsp);
2432 numtoread = SVAL(inbuf,smb_vwv1);
2433 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2435 outsize = set_message(outbuf,5,3,True);
2436 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2437 data = smb_buf(outbuf) + 3;
2440 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2441 * protocol request that predates the read/write lock concept.
2442 * Thus instead of asking for a read lock here we need to ask
2443 * for a write lock. JRA.
2444 * Note that the requested lock size is unaffected by max_recv.
2447 br_lck = do_lock(fsp,
2448 (uint32)SVAL(inbuf,smb_pid),
2449 (SMB_BIG_UINT)numtoread,
2450 (SMB_BIG_UINT)startpos,
2453 False, /* Non-blocking lock. */
2455 TALLOC_FREE(br_lck);
2457 if (NT_STATUS_V(status)) {
2458 END_PROFILE(SMBlockread);
2459 return ERROR_NT(status);
2463 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2466 if (numtoread > max_recv) {
2467 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2468 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2469 (unsigned int)numtoread, (unsigned int)max_recv ));
2470 numtoread = MIN(numtoread,max_recv);
2472 nread = read_file(fsp,data,startpos,numtoread);
2475 END_PROFILE(SMBlockread);
2476 return(UNIXERROR(ERRDOS,ERRnoaccess));
2480 SSVAL(outbuf,smb_vwv0,nread);
2481 SSVAL(outbuf,smb_vwv5,nread+3);
2482 SSVAL(smb_buf(outbuf),1,nread);
2484 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2485 fsp->fnum, (int)numtoread, (int)nread));
2487 END_PROFILE(SMBlockread);
2492 #define DBGC_CLASS DBGC_ALL
2494 /****************************************************************************
2496 ****************************************************************************/
2498 int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2505 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2506 START_PROFILE(SMBread);
2508 CHECK_FSP(fsp,conn);
2509 if (!CHECK_READ(fsp,inbuf)) {
2510 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2513 numtoread = SVAL(inbuf,smb_vwv1);
2514 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2516 outsize = set_message(outbuf,5,3,True);
2517 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2519 * The requested read size cannot be greater than max_recv. JRA.
2521 if (numtoread > max_recv) {
2522 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
2523 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2524 (unsigned int)numtoread, (unsigned int)max_recv ));
2525 numtoread = MIN(numtoread,max_recv);
2528 data = smb_buf(outbuf) + 3;
2530 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2531 END_PROFILE(SMBread);
2532 return ERROR_DOS(ERRDOS,ERRlock);
2536 nread = read_file(fsp,data,startpos,numtoread);
2539 END_PROFILE(SMBread);
2540 return(UNIXERROR(ERRDOS,ERRnoaccess));
2544 SSVAL(outbuf,smb_vwv0,nread);
2545 SSVAL(outbuf,smb_vwv5,nread+3);
2546 SCVAL(smb_buf(outbuf),0,1);
2547 SSVAL(smb_buf(outbuf),1,nread);
2549 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
2550 fsp->fnum, (int)numtoread, (int)nread ) );
2552 END_PROFILE(SMBread);
2556 /****************************************************************************
2557 Reply to a read and X - possibly using sendfile.
2558 ****************************************************************************/
2560 int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length, int len_outbuf,
2561 files_struct *fsp, SMB_OFF_T startpos, size_t smb_maxcnt)
2565 char *data = smb_buf(outbuf);
2567 #if defined(WITH_SENDFILE)
2569 * We can only use sendfile on a non-chained packet
2570 * but we can use on a non-oplocked file. tridge proved this
2571 * on a train in Germany :-). JRA.
2574 if ((chain_size == 0) && (CVAL(inbuf,smb_vwv0) == 0xFF) &&
2575 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
2576 SMB_STRUCT_STAT sbuf;
2579 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1)
2580 return(UNIXERROR(ERRDOS,ERRnoaccess));
2582 if (startpos > sbuf.st_size)
2585 if (smb_maxcnt > (sbuf.st_size - startpos))
2586 smb_maxcnt = (sbuf.st_size - startpos);
2588 if (smb_maxcnt == 0)
2592 * Set up the packet header before send. We
2593 * assume here the sendfile will work (get the
2594 * correct amount of data).
2597 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2598 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
2599 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2600 SSVAL(outbuf,smb_vwv7,((smb_maxcnt >> 16) & 1));
2601 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
2602 SCVAL(outbuf,smb_vwv0,0xFF);
2603 set_message(outbuf,12,smb_maxcnt,False);
2604 header.data = (uint8 *)outbuf;
2605 header.length = data - outbuf;
2608 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
2609 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2610 if (errno == ENOSYS) {
2615 * Special hack for broken Linux with no working sendfile. If we
2616 * return EINTR we sent the header but not the rest of the data.
2617 * Fake this up by doing read/write calls.
2620 if (errno == EINTR) {
2621 /* Ensure we don't do this again. */
2622 set_use_sendfile(SNUM(conn), False);
2623 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
2625 if ((nread = fake_sendfile(fsp, startpos, smb_maxcnt, data,
2626 len_outbuf - (data-outbuf))) == -1) {
2627 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
2628 fsp->fsp_name, strerror(errno) ));
2629 exit_server_cleanly("send_file_readX: fake_sendfile failed");
2631 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
2632 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2633 /* Returning -1 here means successful sendfile. */
2637 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
2638 fsp->fsp_name, strerror(errno) ));
2639 exit_server_cleanly("send_file_readX sendfile failed");
2642 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
2643 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2644 /* Returning -1 here means successful sendfile. */
2652 nread = read_file(fsp,data,startpos,smb_maxcnt);
2655 return(UNIXERROR(ERRDOS,ERRnoaccess));
2658 outsize = set_message(outbuf,12,nread,False);
2659 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2660 SSVAL(outbuf,smb_vwv5,nread);
2661 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2662 SSVAL(outbuf,smb_vwv7,((nread >> 16) & 1));
2663 SSVAL(smb_buf(outbuf),-2,nread);
2665 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
2666 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2668 /* Returning the number of bytes we want to send back - including header. */
2672 /****************************************************************************
2673 Reply to a read and X.
2674 ****************************************************************************/
2676 int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
2678 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
2679 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2681 size_t smb_maxcnt = SVAL(inbuf,smb_vwv5);
2683 size_t smb_mincnt = SVAL(inbuf,smb_vwv6);
2686 START_PROFILE(SMBreadX);
2688 /* If it's an IPC, pass off the pipe handler. */
2690 END_PROFILE(SMBreadX);
2691 return reply_pipe_read_and_X(inbuf,outbuf,length,bufsize);
2694 CHECK_FSP(fsp,conn);
2695 if (!CHECK_READ(fsp,inbuf)) {
2696 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2699 set_message(outbuf,12,0,True);
2701 if (global_client_caps & CAP_LARGE_READX) {
2702 if (SVAL(inbuf,smb_vwv7) == 1) {
2703 smb_maxcnt |= (1<<16);
2705 if (smb_maxcnt > BUFFER_SIZE) {
2706 DEBUG(0,("reply_read_and_X - read too large (%u) for reply buffer %u\n",
2707 (unsigned int)smb_maxcnt, (unsigned int)BUFFER_SIZE));
2708 END_PROFILE(SMBreadX);
2709 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
2713 if(CVAL(inbuf,smb_wct) == 12) {
2714 #ifdef LARGE_SMB_OFF_T
2716 * This is a large offset (64 bit) read.
2718 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv10)) << 32);
2720 #else /* !LARGE_SMB_OFF_T */
2723 * Ensure we haven't been sent a >32 bit offset.
2726 if(IVAL(inbuf,smb_vwv10) != 0) {
2727 DEBUG(0,("reply_read_and_X - large offset (%x << 32) used and we don't support \
2728 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv10) ));
2729 END_PROFILE(SMBreadX);
2730 return ERROR_DOS(ERRDOS,ERRbadaccess);
2733 #endif /* LARGE_SMB_OFF_T */
2737 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)smb_maxcnt,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2738 END_PROFILE(SMBreadX);
2739 return ERROR_DOS(ERRDOS,ERRlock);
2742 if (schedule_aio_read_and_X(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt)) {
2743 END_PROFILE(SMBreadX);
2747 nread = send_file_readX(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt);
2749 nread = chain_reply(inbuf,outbuf,length,bufsize);
2751 END_PROFILE(SMBreadX);
2755 /****************************************************************************
2756 Reply to a writebraw (core+ or LANMAN1.0 protocol).
2757 ****************************************************************************/
2759 int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2762 ssize_t total_written=0;
2763 size_t numtowrite=0;
2768 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2770 START_PROFILE(SMBwritebraw);
2772 if (srv_is_signing_active()) {
2773 exit_server_cleanly("reply_writebraw: SMB signing is active - raw reads/writes are disallowed.");
2776 CHECK_FSP(fsp,conn);
2777 if (!CHECK_WRITE(fsp)) {
2778 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2781 tcount = IVAL(inbuf,smb_vwv1);
2782 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2783 write_through = BITSETW(inbuf+smb_vwv7,0);
2785 /* We have to deal with slightly different formats depending
2786 on whether we are using the core+ or lanman1.0 protocol */
2788 if(Protocol <= PROTOCOL_COREPLUS) {
2789 numtowrite = SVAL(smb_buf(inbuf),-2);
2790 data = smb_buf(inbuf);
2792 numtowrite = SVAL(inbuf,smb_vwv10);
2793 data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
2796 /* force the error type */
2797 SCVAL(inbuf,smb_com,SMBwritec);
2798 SCVAL(outbuf,smb_com,SMBwritec);
2800 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2801 END_PROFILE(SMBwritebraw);
2802 return(ERROR_DOS(ERRDOS,ERRlock));
2806 nwritten = write_file(fsp,data,startpos,numtowrite);
2808 DEBUG(3,("writebraw1 fnum=%d start=%.0f num=%d wrote=%d sync=%d\n",
2809 fsp->fnum, (double)startpos, (int)numtowrite, (int)nwritten, (int)write_through));
2811 if (nwritten < (ssize_t)numtowrite) {
2812 END_PROFILE(SMBwritebraw);
2813 return(UNIXERROR(ERRHRD,ERRdiskfull));
2816 total_written = nwritten;
2818 /* Return a message to the redirector to tell it to send more bytes */
2819 SCVAL(outbuf,smb_com,SMBwritebraw);
2820 SSVALS(outbuf,smb_vwv0,-1);
2821 outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
2823 if (!send_smb(smbd_server_fd(),outbuf))
2824 exit_server_cleanly("reply_writebraw: send_smb failed.");
2826 /* Now read the raw data into the buffer and write it */
2827 if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
2828 exit_server_cleanly("secondary writebraw failed");
2831 /* Even though this is not an smb message, smb_len returns the generic length of an smb message */
2832 numtowrite = smb_len(inbuf);
2834 /* Set up outbuf to return the correct return */
2835 outsize = set_message(outbuf,1,0,True);
2836 SCVAL(outbuf,smb_com,SMBwritec);
2838 if (numtowrite != 0) {
2840 if (numtowrite > BUFFER_SIZE) {
2841 DEBUG(0,("reply_writebraw: Oversize secondary write raw requested (%u). Terminating\n",
2842 (unsigned int)numtowrite ));
2843 exit_server_cleanly("secondary writebraw failed");
2846 if (tcount > nwritten+numtowrite) {
2847 DEBUG(3,("Client overestimated the write %d %d %d\n",
2848 (int)tcount,(int)nwritten,(int)numtowrite));
2851 if (read_data( smbd_server_fd(), inbuf+4, numtowrite) != numtowrite ) {
2852 DEBUG(0,("reply_writebraw: Oversize secondary write raw read failed (%s). Terminating\n",
2854 exit_server_cleanly("secondary writebraw failed");
2857 nwritten = write_file(fsp,inbuf+4,startpos+nwritten,numtowrite);
2858 if (nwritten == -1) {
2859 END_PROFILE(SMBwritebraw);
2860 return(UNIXERROR(ERRHRD,ERRdiskfull));
2863 if (nwritten < (ssize_t)numtowrite) {
2864 SCVAL(outbuf,smb_rcls,ERRHRD);
2865 SSVAL(outbuf,smb_err,ERRdiskfull);
2869 total_written += nwritten;
2872 SSVAL(outbuf,smb_vwv0,total_written);
2874 sync_file(conn, fsp, write_through);
2876 DEBUG(3,("writebraw2 fnum=%d start=%.0f num=%d wrote=%d\n",
2877 fsp->fnum, (double)startpos, (int)numtowrite,(int)total_written));
2879 /* we won't return a status if write through is not selected - this follows what WfWg does */
2880 END_PROFILE(SMBwritebraw);
2881 if (!write_through && total_written==tcount) {
2883 #if RABBIT_PELLET_FIX
2885 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
2886 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
2888 if (!send_keepalive(smbd_server_fd()))
2889 exit_server_cleanly("reply_writebraw: send of keepalive failed");
2898 #define DBGC_CLASS DBGC_LOCKING
2900 /****************************************************************************
2901 Reply to a writeunlock (core+).
2902 ****************************************************************************/
2904 int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf,
2905 int size, int dum_buffsize)
2907 ssize_t nwritten = -1;
2911 NTSTATUS status = NT_STATUS_OK;
2912 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2914 START_PROFILE(SMBwriteunlock);
2916 CHECK_FSP(fsp,conn);
2917 if (!CHECK_WRITE(fsp)) {
2918 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2921 numtowrite = SVAL(inbuf,smb_vwv1);
2922 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2923 data = smb_buf(inbuf) + 3;
2925 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2926 END_PROFILE(SMBwriteunlock);
2927 return ERROR_DOS(ERRDOS,ERRlock);
2930 /* The special X/Open SMB protocol handling of
2931 zero length writes is *NOT* done for
2933 if(numtowrite == 0) {
2936 nwritten = write_file(fsp,data,startpos,numtowrite);
2939 sync_file(conn, fsp, False /* write through */);
2941 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
2942 END_PROFILE(SMBwriteunlock);
2943 return(UNIXERROR(ERRHRD,ERRdiskfull));
2947 status = do_unlock(fsp,
2948 (uint32)SVAL(inbuf,smb_pid),
2949 (SMB_BIG_UINT)numtowrite,
2950 (SMB_BIG_UINT)startpos,
2953 if (NT_STATUS_V(status)) {
2954 END_PROFILE(SMBwriteunlock);
2955 return ERROR_NT(status);
2959 outsize = set_message(outbuf,1,0,True);
2961 SSVAL(outbuf,smb_vwv0,nwritten);
2963 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
2964 fsp->fnum, (int)numtowrite, (int)nwritten));
2966 END_PROFILE(SMBwriteunlock);
2971 #define DBGC_CLASS DBGC_ALL
2973 /****************************************************************************
2975 ****************************************************************************/
2977 int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int dum_buffsize)
2980 ssize_t nwritten = -1;
2983 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2985 START_PROFILE(SMBwrite);
2987 /* If it's an IPC, pass off the pipe handler. */
2989 END_PROFILE(SMBwrite);
2990 return reply_pipe_write(inbuf,outbuf,size,dum_buffsize);
2993 CHECK_FSP(fsp,conn);
2994 if (!CHECK_WRITE(fsp)) {
2995 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2998 numtowrite = SVAL(inbuf,smb_vwv1);
2999 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3000 data = smb_buf(inbuf) + 3;
3002 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3003 END_PROFILE(SMBwrite);
3004 return ERROR_DOS(ERRDOS,ERRlock);
3008 * X/Open SMB protocol says that if smb_vwv1 is
3009 * zero then the file size should be extended or
3010 * truncated to the size given in smb_vwv[2-3].
3013 if(numtowrite == 0) {
3015 * This is actually an allocate call, and set EOF. JRA.
3017 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3019 END_PROFILE(SMBwrite);
3020 return ERROR_NT(NT_STATUS_DISK_FULL);
3022 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3024 END_PROFILE(SMBwrite);
3025 return ERROR_NT(NT_STATUS_DISK_FULL);
3028 nwritten = write_file(fsp,data,startpos,numtowrite);
3030 sync_file(conn, fsp, False);
3032 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3033 END_PROFILE(SMBwrite);
3034 return(UNIXERROR(ERRHRD,ERRdiskfull));
3037 outsize = set_message(outbuf,1,0,True);
3039 SSVAL(outbuf,smb_vwv0,nwritten);
3041 if (nwritten < (ssize_t)numtowrite) {
3042 SCVAL(outbuf,smb_rcls,ERRHRD);
3043 SSVAL(outbuf,smb_err,ERRdiskfull);
3046 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3048 END_PROFILE(SMBwrite);
3052 /****************************************************************************
3053 Reply to a write and X.
3054 ****************************************************************************/
3056 int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
3058 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
3059 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
3060 size_t numtowrite = SVAL(inbuf,smb_vwv10);
3061 BOOL write_through = BITSETW(inbuf+smb_vwv7,0);
3062 ssize_t nwritten = -1;
3063 unsigned int smb_doff = SVAL(inbuf,smb_vwv11);
3064 unsigned int smblen = smb_len(inbuf);
3066 BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
3067 START_PROFILE(SMBwriteX);
3069 /* If it's an IPC, pass off the pipe handler. */
3071 END_PROFILE(SMBwriteX);
3072 return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize);
3075 CHECK_FSP(fsp,conn);
3076 if (!CHECK_WRITE(fsp)) {
3077 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3080 set_message(outbuf,6,0,True);
3082 /* Deal with possible LARGE_WRITEX */
3084 numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
3087 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3088 END_PROFILE(SMBwriteX);
3089 return ERROR_DOS(ERRDOS,ERRbadmem);
3092 data = smb_base(inbuf) + smb_doff;
3094 if(CVAL(inbuf,smb_wct) == 14) {
3095 #ifdef LARGE_SMB_OFF_T
3097 * This is a large offset (64 bit) write.
3099 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv12)) << 32);
3101 #else /* !LARGE_SMB_OFF_T */
3104 * Ensure we haven't been sent a >32 bit offset.
3107 if(IVAL(inbuf,smb_vwv12) != 0) {
3108 DEBUG(0,("reply_write_and_X - large offset (%x << 32) used and we don't support \
3109 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv12) ));
3110 END_PROFILE(SMBwriteX);
3111 return ERROR_DOS(ERRDOS,ERRbadaccess);
3114 #endif /* LARGE_SMB_OFF_T */
3117 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3118 END_PROFILE(SMBwriteX);
3119 return ERROR_DOS(ERRDOS,ERRlock);
3122 /* X/Open SMB protocol says that, unlike SMBwrite
3123 if the length is zero then NO truncation is
3124 done, just a write of zero. To truncate a file,
3127 if(numtowrite == 0) {
3131 if (schedule_aio_write_and_X(conn, inbuf, outbuf, length, bufsize,
3132 fsp,data,startpos,numtowrite)) {
3133 END_PROFILE(SMBwriteX);
3137 nwritten = write_file(fsp,data,startpos,numtowrite);
3140 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3141 END_PROFILE(SMBwriteX);
3142 return(UNIXERROR(ERRHRD,ERRdiskfull));
3145 SSVAL(outbuf,smb_vwv2,nwritten);
3147 SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1);
3149 if (nwritten < (ssize_t)numtowrite) {
3150 SCVAL(outbuf,smb_rcls,ERRHRD);
3151 SSVAL(outbuf,smb_err,ERRdiskfull);
3154 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3155 fsp->fnum, (int)numtowrite, (int)nwritten));
3157 sync_file(conn, fsp, write_through);
3159 END_PROFILE(SMBwriteX);
3160 return chain_reply(inbuf,outbuf,length,bufsize);
3163 /****************************************************************************
3165 ****************************************************************************/
3167 int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3173 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3174 START_PROFILE(SMBlseek);
3176 CHECK_FSP(fsp,conn);
3178 flush_write_cache(fsp, SEEK_FLUSH);
3180 mode = SVAL(inbuf,smb_vwv1) & 3;
3181 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3182 startpos = (SMB_OFF_T)IVALS(inbuf,smb_vwv2);
3191 res = fsp->fh->pos + startpos;
3202 if (umode == SEEK_END) {
3203 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
3204 if(errno == EINVAL) {
3205 SMB_OFF_T current_pos = startpos;
3206 SMB_STRUCT_STAT sbuf;
3208 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3209 END_PROFILE(SMBlseek);
3210 return(UNIXERROR(ERRDOS,ERRnoaccess));
3213 current_pos += sbuf.st_size;
3215 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
3220 END_PROFILE(SMBlseek);
3221 return(UNIXERROR(ERRDOS,ERRnoaccess));
3227 outsize = set_message(outbuf,2,0,True);
3228 SIVAL(outbuf,smb_vwv0,res);
3230 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
3231 fsp->fnum, (double)startpos, (double)res, mode));
3233 END_PROFILE(SMBlseek);
3237 /****************************************************************************
3239 ****************************************************************************/
3241 int reply_flush(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3243 int outsize = set_message(outbuf,0,0,False);
3244 uint16 fnum = SVAL(inbuf,smb_vwv0);
3245 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3246 START_PROFILE(SMBflush);
3249 CHECK_FSP(fsp,conn);
3252 file_sync_all(conn);
3254 sync_file(conn,fsp, True);
3257 DEBUG(3,("flush\n"));
3258 END_PROFILE(SMBflush);
3262 /****************************************************************************
3264 conn POINTER CAN BE NULL HERE !
3265 ****************************************************************************/
3267 int reply_exit(connection_struct *conn,
3268 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3271 START_PROFILE(SMBexit);
3273 file_close_pid(SVAL(inbuf,smb_pid),SVAL(inbuf,smb_uid));
3275 outsize = set_message(outbuf,0,0,False);
3277 DEBUG(3,("exit\n"));
3279 END_PROFILE(SMBexit);
3283 /****************************************************************************
3284 Reply to a close - has to deal with closing a directory opened by NT SMB's.
3285 ****************************************************************************/
3287 int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size,
3292 int32 eclass = 0, err = 0;
3293 files_struct *fsp = NULL;
3294 START_PROFILE(SMBclose);
3296 outsize = set_message(outbuf,0,0,False);
3298 /* If it's an IPC, pass off to the pipe handler. */
3300 END_PROFILE(SMBclose);
3301 return reply_pipe_close(conn, inbuf,outbuf);
3304 fsp = file_fsp(inbuf,smb_vwv0);
3307 * We can only use CHECK_FSP if we know it's not a directory.
3310 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
3311 END_PROFILE(SMBclose);
3312 return ERROR_DOS(ERRDOS,ERRbadfid);
3315 if(fsp->is_directory) {
3317 * Special case - close NT SMB directory handle.
3319 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
3320 close_file(fsp,NORMAL_CLOSE);
3323 * Close ordinary file.
3327 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
3328 fsp->fh->fd, fsp->fnum,
3329 conn->num_files_open));
3332 * Take care of any time sent in the close.
3335 mtime = srv_make_unix_date3(inbuf+smb_vwv1);
3336 fsp_set_pending_modtime(fsp, mtime);
3339 * close_file() returns the unix errno if an error
3340 * was detected on close - normally this is due to
3341 * a disk full error. If not then it was probably an I/O error.
3344 if((close_err = close_file(fsp,NORMAL_CLOSE)) != 0) {
3346 END_PROFILE(SMBclose);
3347 return (UNIXERROR(ERRHRD,ERRgeneral));
3351 /* We have a cached error */
3353 END_PROFILE(SMBclose);
3354 return ERROR_DOS(eclass,err);
3357 END_PROFILE(SMBclose);
3361 /****************************************************************************
3362 Reply to a writeclose (Core+ protocol).
3363 ****************************************************************************/
3365 int reply_writeclose(connection_struct *conn,
3366 char *inbuf,char *outbuf, int size, int dum_buffsize)
3369 ssize_t nwritten = -1;
3375 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3376 START_PROFILE(SMBwriteclose);
3378 CHECK_FSP(fsp,conn);
3379 if (!CHECK_WRITE(fsp)) {
3380 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3383 numtowrite = SVAL(inbuf,smb_vwv1);
3384 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3385 mtime = srv_make_unix_date3(inbuf+smb_vwv4);
3386 data = smb_buf(inbuf) + 1;
3388 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3389 END_PROFILE(SMBwriteclose);
3390 return ERROR_DOS(ERRDOS,ERRlock);
3393 nwritten = write_file(fsp,data,startpos,numtowrite);
3395 set_filetime(conn, fsp->fsp_name,mtime);
3398 * More insanity. W2K only closes the file if writelen > 0.
3403 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
3405 close_err = close_file(fsp,NORMAL_CLOSE);
3408 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
3409 fsp->fnum, (int)numtowrite, (int)nwritten,
3410 conn->num_files_open));
3412 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3413 END_PROFILE(SMBwriteclose);
3414 return(UNIXERROR(ERRHRD,ERRdiskfull));
3417 if(close_err != 0) {
3419 END_PROFILE(SMBwriteclose);
3420 return(UNIXERROR(ERRHRD,ERRgeneral));
3423 outsize = set_message(outbuf,1,0,True);
3425 SSVAL(outbuf,smb_vwv0,nwritten);
3426 END_PROFILE(SMBwriteclose);
3431 #define DBGC_CLASS DBGC_LOCKING
3433 /****************************************************************************
3435 ****************************************************************************/
3437 int reply_lock(connection_struct *conn,
3438 char *inbuf,char *outbuf, int length, int dum_buffsize)
3440 int outsize = set_message(outbuf,0,0,False);
3441 SMB_BIG_UINT count,offset;
3443 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3444 struct byte_range_lock *br_lck = NULL;
3446 START_PROFILE(SMBlock);
3448 CHECK_FSP(fsp,conn);
3450 release_level_2_oplocks_on_change(fsp);
3452 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3453 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3455 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3456 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
3458 br_lck = do_lock(fsp,
3459 (uint32)SVAL(inbuf,smb_pid),
3464 False, /* Non-blocking lock. */
3467 TALLOC_FREE(br_lck);
3469 if (NT_STATUS_V(status)) {
3470 END_PROFILE(SMBlock);
3471 return ERROR_NT(status);
3474 END_PROFILE(SMBlock);
3478 /****************************************************************************
3480 ****************************************************************************/
3482 int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size,
3485 int outsize = set_message(outbuf,0,0,False);
3486 SMB_BIG_UINT count,offset;
3488 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3489 START_PROFILE(SMBunlock);
3491 CHECK_FSP(fsp,conn);
3493 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3494 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3496 status = do_unlock(fsp,
3497 (uint32)SVAL(inbuf,smb_pid),
3502 if (NT_STATUS_V(status)) {
3503 END_PROFILE(SMBunlock);
3504 return ERROR_NT(status);
3507 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3508 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
3510 END_PROFILE(SMBunlock);
3515 #define DBGC_CLASS DBGC_ALL
3517 /****************************************************************************
3519 conn POINTER CAN BE NULL HERE !
3520 ****************************************************************************/
3522 int reply_tdis(connection_struct *conn,
3523 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3525 int outsize = set_message(outbuf,0,0,False);
3527 START_PROFILE(SMBtdis);
3529 vuid = SVAL(inbuf,smb_uid);
3532 DEBUG(4,("Invalid connection in tdis\n"));
3533 END_PROFILE(SMBtdis);
3534 return ERROR_DOS(ERRSRV,ERRinvnid);
3539 close_cnum(conn,vuid);
3541 END_PROFILE(SMBtdis);
3545 /****************************************************************************
3547 conn POINTER CAN BE NULL HERE !
3548 ****************************************************************************/
3550 int reply_echo(connection_struct *conn,
3551 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3553 int smb_reverb = SVAL(inbuf,smb_vwv0);
3555 unsigned int data_len = smb_buflen(inbuf);
3556 int outsize = set_message(outbuf,1,data_len,True);
3557 START_PROFILE(SMBecho);
3559 if (data_len > BUFFER_SIZE) {
3560 DEBUG(0,("reply_echo: data_len too large.\n"));
3561 END_PROFILE(SMBecho);
3565 /* copy any incoming data back out */
3567 memcpy(smb_buf(outbuf),smb_buf(inbuf),data_len);
3569 if (smb_reverb > 100) {
3570 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
3574 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
3575 SSVAL(outbuf,smb_vwv0,seq_num);
3577 smb_setlen(outbuf,outsize - 4);
3580 if (!send_smb(smbd_server_fd(),outbuf))
3581 exit_server_cleanly("reply_echo: send_smb failed.");
3584 DEBUG(3,("echo %d times\n", smb_reverb));
3588 END_PROFILE(SMBecho);
3592 /****************************************************************************
3593 Reply to a printopen.
3594 ****************************************************************************/
3596 int reply_printopen(connection_struct *conn,
3597 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3603 START_PROFILE(SMBsplopen);
3605 if (!CAN_PRINT(conn)) {
3606 END_PROFILE(SMBsplopen);
3607 return ERROR_DOS(ERRDOS,ERRnoaccess);
3610 /* Open for exclusive use, write only. */
3611 status = print_fsp_open(conn, NULL, &fsp);
3613 if (!NT_STATUS_IS_OK(status)) {
3614 END_PROFILE(SMBsplopen);
3615 return(ERROR_NT(status));
3618 outsize = set_message(outbuf,1,0,True);
3619 SSVAL(outbuf,smb_vwv0,fsp->fnum);
3621 DEBUG(3,("openprint fd=%d fnum=%d\n",
3622 fsp->fh->fd, fsp->fnum));
3624 END_PROFILE(SMBsplopen);
3628 /****************************************************************************
3629 Reply to a printclose.
3630 ****************************************************************************/
3632 int reply_printclose(connection_struct *conn,
3633 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3635 int outsize = set_message(outbuf,0,0,False);
3636 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3638 START_PROFILE(SMBsplclose);
3640 CHECK_FSP(fsp,conn);
3642 if (!CAN_PRINT(conn)) {
3643 END_PROFILE(SMBsplclose);
3644 return ERROR_NT(NT_STATUS_DOS(ERRSRV, ERRerror));
3647 DEBUG(3,("printclose fd=%d fnum=%d\n",
3648 fsp->fh->fd,fsp->fnum));
3650 close_err = close_file(fsp,NORMAL_CLOSE);
3652 if(close_err != 0) {
3654 END_PROFILE(SMBsplclose);
3655 return(UNIXERROR(ERRHRD,ERRgeneral));
3658 END_PROFILE(SMBsplclose);
3662 /****************************************************************************
3663 Reply to a printqueue.
3664 ****************************************************************************/
3666 int reply_printqueue(connection_struct *conn,
3667 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3669 int outsize = set_message(outbuf,2,3,True);
3670 int max_count = SVAL(inbuf,smb_vwv0);
3671 int start_index = SVAL(inbuf,smb_vwv1);
3672 START_PROFILE(SMBsplretq);
3674 /* we used to allow the client to get the cnum wrong, but that
3675 is really quite gross and only worked when there was only
3676 one printer - I think we should now only accept it if they
3677 get it right (tridge) */
3678 if (!CAN_PRINT(conn)) {
3679 END_PROFILE(SMBsplretq);
3680 return ERROR_DOS(ERRDOS,ERRnoaccess);
3683 SSVAL(outbuf,smb_vwv0,0);
3684 SSVAL(outbuf,smb_vwv1,0);
3685 SCVAL(smb_buf(outbuf),0,1);
3686 SSVAL(smb_buf(outbuf),1,0);
3688 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
3689 start_index, max_count));
3692 print_queue_struct *queue = NULL;
3693 print_status_struct status;
3694 char *p = smb_buf(outbuf) + 3;
3695 int count = print_queue_status(SNUM(conn), &queue, &status);
3696 int num_to_get = ABS(max_count);
3697 int first = (max_count>0?start_index:start_index+max_count+1);
3703 num_to_get = MIN(num_to_get,count-first);
3706 for (i=first;i<first+num_to_get;i++) {
3707 srv_put_dos_date2(p,0,queue[i].time);
3708 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
3709 SSVAL(p,5, queue[i].job);
3710 SIVAL(p,7,queue[i].size);
3712 srvstr_push(outbuf, p+12, queue[i].fs_user, 16, STR_ASCII);
3717 outsize = set_message(outbuf,2,28*count+3,False);
3718 SSVAL(outbuf,smb_vwv0,count);
3719 SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1));
3720 SCVAL(smb_buf(outbuf),0,1);
3721 SSVAL(smb_buf(outbuf),1,28*count);
3726 DEBUG(3,("%d entries returned in queue\n",count));
3729 END_PROFILE(SMBsplretq);
3733 /****************************************************************************
3734 Reply to a printwrite.
3735 ****************************************************************************/
3737 int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3740 int outsize = set_message(outbuf,0,0,False);
3742 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3744 START_PROFILE(SMBsplwr);
3746 if (!CAN_PRINT(conn)) {
3747 END_PROFILE(SMBsplwr);
3748 return ERROR_DOS(ERRDOS,ERRnoaccess);
3751 CHECK_FSP(fsp,conn);
3752 if (!CHECK_WRITE(fsp)) {
3753 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3756 numtowrite = SVAL(smb_buf(inbuf),1);
3757 data = smb_buf(inbuf) + 3;
3759 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
3760 END_PROFILE(SMBsplwr);
3761 return(UNIXERROR(ERRHRD,ERRdiskfull));
3764 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
3766 END_PROFILE(SMBsplwr);
3770 /****************************************************************************
3772 ****************************************************************************/
3774 int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3779 BOOL bad_path = False;
3780 SMB_STRUCT_STAT sbuf;
3782 START_PROFILE(SMBmkdir);
3784 srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, &status);
3785 if (!NT_STATUS_IS_OK(status)) {
3786 END_PROFILE(SMBmkdir);
3787 return ERROR_NT(status);
3790 RESOLVE_DFSPATH(directory, conn, inbuf, outbuf);
3792 unix_convert(directory,conn,0,&bad_path,&sbuf);
3794 END_PROFILE(SMBmkdir);
3795 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
3798 status = create_directory(conn, directory);
3800 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
3802 if (!NT_STATUS_IS_OK(status)) {
3804 if (!use_nt_status()
3805 && NT_STATUS_EQUAL(status,
3806 NT_STATUS_OBJECT_NAME_COLLISION)) {
3808 * Yes, in the DOS error code case we get a
3809 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
3810 * samba4 torture test.
3812 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
3815 END_PROFILE(SMBmkdir);
3816 return ERROR_NT(status);
3819 outsize = set_message(outbuf,0,0,False);
3821 DEBUG( 3, ( "mkdir %s ret=%d\n", directory, outsize ) );
3823 END_PROFILE(SMBmkdir);
3827 /****************************************************************************
3828 Static function used by reply_rmdir to delete an entire directory
3829 tree recursively. Return True on ok, False on fail.
3830 ****************************************************************************/
3832 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
3834 const char *dname = NULL;
3837 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
3842 while((dname = ReadDirName(dir_hnd, &offset))) {
3846 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3849 if (!is_visible_file(conn, directory, dname, &st, False))
3852 /* Construct the full name. */
3853 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
3859 pstrcpy(fullname, directory);
3860 pstrcat(fullname, "/");
3861 pstrcat(fullname, dname);
3863 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
3868 if(st.st_mode & S_IFDIR) {
3869 if(!recursive_rmdir(conn, fullname)) {
3873 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
3877 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
3886 /****************************************************************************
3887 The internals of the rmdir code - called elsewhere.
3888 ****************************************************************************/
3890 BOOL rmdir_internals(connection_struct *conn, const char *directory)
3895 ok = (SMB_VFS_RMDIR(conn,directory) == 0);
3896 if(!ok && ((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
3898 * Check to see if the only thing in this directory are
3899 * vetoed files/directories. If so then delete them and
3900 * retry. If we fail to delete any of them (and we *don't*
3901 * do a recursive delete) then fail the rmdir.
3905 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
3907 if(dir_hnd == NULL) {
3912 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
3913 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3915 if (!is_visible_file(conn, directory, dname, &st, False))
3917 if(!IS_VETO_PATH(conn, dname)) {
3924 /* We only have veto files/directories. Recursive delete. */
3926 RewindDir(dir_hnd,&dirpos);
3927 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
3930 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3932 if (!is_visible_file(conn, directory, dname, &st, False))
3935 /* Construct the full name. */
3936 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
3941 pstrcpy(fullname, directory);
3942 pstrcat(fullname, "/");
3943 pstrcat(fullname, dname);
3945 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
3947 if(st.st_mode & S_IFDIR) {
3948 if(lp_recursive_veto_delete(SNUM(conn))) {
3949 if(!recursive_rmdir(conn, fullname))
3952 if(SMB_VFS_RMDIR(conn,fullname) != 0)
3954 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
3958 /* Retry the rmdir */
3959 ok = (SMB_VFS_RMDIR(conn,directory) == 0);
3965 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
3966 "%s\n", directory,strerror(errno)));
3972 const char *dirname;
3974 if (parent_dirname_talloc(tmp_talloc_ctx(), directory,
3975 &parent_dir, &dirname)) {
3976 notify_action(conn, parent_dir, dirname, -1,
3977 NOTIFY_ACTION_REMOVED);
3978 TALLOC_FREE(parent_dir); /* Not strictly necessary */
3985 /****************************************************************************
3987 ****************************************************************************/
3989 int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3994 BOOL bad_path = False;
3995 SMB_STRUCT_STAT sbuf;
3997 START_PROFILE(SMBrmdir);
3999 srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, &status);
4000 if (!NT_STATUS_IS_OK(status)) {
4001 END_PROFILE(SMBrmdir);
4002 return ERROR_NT(status);
4005 RESOLVE_DFSPATH(directory, conn, inbuf, outbuf)
4007 unix_convert(directory,conn, NULL,&bad_path,&sbuf);
4009 END_PROFILE(SMBrmdir);
4010 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
4013 if (check_name(directory,conn)) {
4014 dptr_closepath(directory,SVAL(inbuf,smb_pid));
4015 ok = rmdir_internals(conn, directory);
4019 END_PROFILE(SMBrmdir);
4020 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRbadpath);
4023 outsize = set_message(outbuf,0,0,False);
4025 DEBUG( 3, ( "rmdir %s\n", directory ) );
4027 END_PROFILE(SMBrmdir);
4031 /*******************************************************************
4032 Resolve wildcards in a filename rename.
4033 Note that name is in UNIX charset and thus potentially can be more
4034 than fstring buffer (255 bytes) especially in default UTF-8 case.
4035 Therefore, we use pstring inside and all calls should ensure that
4036 name2 is at least pstring-long (they do already)
4037 ********************************************************************/
4039 static BOOL resolve_wildcards(const char *name1, char *name2)
4041 pstring root1,root2;
4043 char *p,*p2, *pname1, *pname2;
4044 int available_space, actual_space;
4047 pname1 = strrchr_m(name1,'/');
4048 pname2 = strrchr_m(name2,'/');
4050 if (!pname1 || !pname2)
4053 pstrcpy(root1,pname1);
4054 pstrcpy(root2,pname2);
4055 p = strrchr_m(root1,'.');
4062 p = strrchr_m(root2,'.');
4076 } else if (*p2 == '*') {
4092 } else if (*p2 == '*') {
4102 available_space = sizeof(pstring) - PTR_DIFF(pname2, name2);
4105 actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
4106 if (actual_space >= available_space - 1) {
4107 DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n",
4108 actual_space - available_space));
4111 pstrcpy_base(pname2, root2, name2);
4117 /****************************************************************************
4118 Ensure open files have their names updated. Updated to notify other smbd's
4120 ****************************************************************************/
4122 static void rename_open_files(connection_struct *conn, struct share_mode_lock *lck,
4123 SMB_DEV_T dev, SMB_INO_T inode, const char *newname)
4126 BOOL did_rename = False;
4128 for(fsp = file_find_di_first(dev, inode); fsp; fsp = file_find_di_next(fsp)) {
4129 /* fsp_name is a relative path under the fsp. To change this for other
4130 sharepaths we need to manipulate relative paths. */
4131 /* TODO - create the absolute path and manipulate the newname
4132 relative to the sharepath. */
4133 if (fsp->conn != conn) {
4136 DEBUG(10,("rename_open_files: renaming file fnum %d (dev = %x, inode = %.0f) from %s -> %s\n",
4137 fsp->fnum, (unsigned int)fsp->dev, (double)fsp->inode,
4138 fsp->fsp_name, newname ));
4139 string_set(&fsp->fsp_name, newname);
4144 DEBUG(10,("rename_open_files: no open files on dev %x, inode %.0f for %s\n",
4145 (unsigned int)dev, (double)inode, newname ));
4148 /* Send messages to all smbd's (not ourself) that the name has changed. */
4149 rename_share_filename(lck, conn->connectpath, newname);
4152 /****************************************************************************
4153 We need to check if the source path is a parent directory of the destination
4154 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
4155 refuse the rename with a sharing violation. Under UNIX the above call can
4156 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
4157 probably need to check that the client is a Windows one before disallowing
4158 this as a UNIX client (one with UNIX extensions) can know the source is a
4159 symlink and make this decision intelligently. Found by an excellent bug
4160 report from <AndyLiebman@aol.com>.
4161 ****************************************************************************/
4163 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
4165 const char *psrc = src;
4166 const char *pdst = dest;
4169 if (psrc[0] == '.' && psrc[1] == '/') {
4172 if (pdst[0] == '.' && pdst[1] == '/') {
4175 if ((slen = strlen(psrc)) > strlen(pdst)) {
4178 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
4181 /****************************************************************************
4182 Rename an open file - given an fsp.
4183 ****************************************************************************/
4185 NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, char *newname, uint32 attrs, BOOL replace_if_exists)
4187 SMB_STRUCT_STAT sbuf;
4188 BOOL bad_path = False;
4189 pstring newname_last_component;
4190 NTSTATUS error = NT_STATUS_OK;
4193 struct share_mode_lock *lck = NULL;
4196 rcdest = unix_convert(newname,conn,newname_last_component,&bad_path,&sbuf);
4198 /* Quick check for "." and ".." */
4199 if (!bad_path && newname_last_component[0] == '.') {
4200 if (!newname_last_component[1] || (newname_last_component[1] == '.' && !newname_last_component[2])) {
4201 return NT_STATUS_ACCESS_DENIED;
4204 if (!rcdest && bad_path) {
4205 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4208 /* Ensure newname contains a '/' */
4209 if(strrchr_m(newname,'/') == 0) {
4212 pstrcpy(tmpstr, "./");
4213 pstrcat(tmpstr, newname);
4214 pstrcpy(newname, tmpstr);
4218 * Check for special case with case preserving and not
4219 * case sensitive. If the old last component differs from the original
4220 * last component only by case, then we should allow
4221 * the rename (user is trying to change the case of the
4225 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
4226 strequal(newname, fsp->fsp_name)) {
4228 pstring newname_modified_last_component;
4231 * Get the last component of the modified name.
4232 * Note that we guarantee that newname contains a '/'
4235 p = strrchr_m(newname,'/');
4236 pstrcpy(newname_modified_last_component,p+1);
4238 if(strcsequal(newname_modified_last_component,
4239 newname_last_component) == False) {
4241 * Replace the modified last component with
4244 pstrcpy(p+1, newname_last_component);
4249 * If the src and dest names are identical - including case,
4250 * don't do the rename, just return success.
4253 if (strcsequal(fsp->fsp_name, newname)) {
4254 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
4256 return NT_STATUS_OK;
4259 dest_exists = vfs_object_exist(conn,newname,NULL);
4261 if(!replace_if_exists && dest_exists) {
4262 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
4263 fsp->fsp_name,newname));
4264 return NT_STATUS_OBJECT_NAME_COLLISION;
4267 error = can_rename(conn,newname,attrs,&sbuf);
4269 if (dest_exists && !NT_STATUS_IS_OK(error)) {
4270 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4271 nt_errstr(error), fsp->fsp_name,newname));
4272 if (NT_STATUS_EQUAL(error,NT_STATUS_SHARING_VIOLATION))
4273 error = NT_STATUS_ACCESS_DENIED;
4277 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
4278 return NT_STATUS_ACCESS_DENIED;
4281 lck = get_share_mode_lock(NULL, fsp->dev, fsp->inode, NULL, NULL);
4283 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
4284 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
4285 fsp->fsp_name,newname));
4286 rename_open_files(conn, lck, fsp->dev, fsp->inode, newname);
4288 return NT_STATUS_OK;
4293 if (errno == ENOTDIR || errno == EISDIR) {
4294 error = NT_STATUS_OBJECT_NAME_COLLISION;
4296 error = map_nt_error_from_unix(errno);
4299 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
4300 nt_errstr(error), fsp->fsp_name,newname));
4305 /****************************************************************************
4306 The guts of the rename command, split out so it may be called by the NT SMB
4308 ****************************************************************************/
4310 NTSTATUS rename_internals(connection_struct *conn, char *name, char *newname, uint32 attrs, BOOL replace_if_exists, BOOL has_wild)
4314 pstring last_component_src;
4315 pstring last_component_dest;
4317 BOOL bad_path_src = False;
4318 BOOL bad_path_dest = False;
4320 NTSTATUS error = NT_STATUS_OK;
4323 SMB_STRUCT_STAT sbuf1, sbuf2;
4324 struct share_mode_lock *lck = NULL;
4326 *directory = *mask = 0;
4331 rc = unix_convert(name,conn,last_component_src,&bad_path_src,&sbuf1);
4332 if (!rc && bad_path_src) {
4333 if (ms_has_wild(last_component_src))
4334 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4335 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4338 /* Quick check for "." and ".." */
4339 if (last_component_src[0] == '.') {
4340 if (!last_component_src[1] || (last_component_src[1] == '.' && !last_component_src[2])) {
4341 return NT_STATUS_OBJECT_NAME_INVALID;
4345 rcdest = unix_convert(newname,conn,last_component_dest,&bad_path_dest,&sbuf2);
4347 /* Quick check for "." and ".." */
4348 if (last_component_dest[0] == '.') {
4349 if (!last_component_dest[1] || (last_component_dest[1] == '.' && !last_component_dest[2])) {
4350 return NT_STATUS_OBJECT_NAME_INVALID;
4355 * Split the old name into directory and last component
4356 * strings. Note that unix_convert may have stripped off a
4357 * leading ./ from both name and newname if the rename is
4358 * at the root of the share. We need to make sure either both
4359 * name and newname contain a / character or neither of them do
4360 * as this is checked in resolve_wildcards().
4363 p = strrchr_m(name,'/');
4365 pstrcpy(directory,".");
4369 pstrcpy(directory,name);
4371 *p = '/'; /* Replace needed for exceptional test below. */
4375 * We should only check the mangled cache
4376 * here if unix_convert failed. This means
4377 * that the path in 'mask' doesn't exist
4378 * on the file system and so we need to look
4379 * for a possible mangle. This patch from
4380 * Tine Smukavec <valentin.smukavec@hermes.si>.
4383 if (!rc && mangle_is_mangled(mask, conn->params))
4384 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
4388 * No wildcards - just process the one file.
4390 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
4392 /* Add a terminating '/' to the directory name. */
4393 pstrcat(directory,"/");
4394 pstrcat(directory,mask);
4396 /* Ensure newname contains a '/' also */
4397 if(strrchr_m(newname,'/') == 0) {
4400 pstrcpy(tmpstr, "./");
4401 pstrcat(tmpstr, newname);
4402 pstrcpy(newname, tmpstr);
4405 DEBUG(3,("rename_internals: case_sensitive = %d, case_preserve = %d, short case preserve = %d, \
4406 directory = %s, newname = %s, last_component_dest = %s, is_8_3 = %d\n",
4407 conn->case_sensitive, conn->case_preserve, conn->short_case_preserve, directory,
4408 newname, last_component_dest, is_short_name));
4411 * Check for special case with case preserving and not
4412 * case sensitive, if directory and newname are identical,
4413 * and the old last component differs from the original
4414 * last component only by case, then we should allow
4415 * the rename (user is trying to change the case of the
4418 if((conn->case_sensitive == False) &&
4419 (((conn->case_preserve == True) &&
4420 (is_short_name == False)) ||
4421 ((conn->short_case_preserve == True) &&
4422 (is_short_name == True))) &&
4423 strcsequal(directory, newname)) {
4424 pstring modified_last_component;
4427 * Get the last component of the modified name.
4428 * Note that we guarantee that newname contains a '/'
4431 p = strrchr_m(newname,'/');
4432 pstrcpy(modified_last_component,p+1);
4434 if(strcsequal(modified_last_component,
4435 last_component_dest) == False) {
4437 * Replace the modified last component with
4440 pstrcpy(p+1, last_component_dest);
4444 resolve_wildcards(directory,newname);
4447 * The source object must exist.
4450 if (!vfs_object_exist(conn, directory, &sbuf1)) {
4451 DEBUG(3,("rename_internals: source doesn't exist doing rename %s -> %s\n",
4452 directory,newname));
4454 if (errno == ENOTDIR || errno == EISDIR || errno == ENOENT) {
4456 * Must return different errors depending on whether the parent
4457 * directory existed or not.
4460 p = strrchr_m(directory, '/');
4462 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4464 if (vfs_object_exist(conn, directory, NULL))
4465 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4466 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4468 error = map_nt_error_from_unix(errno);
4469 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4470 nt_errstr(error), directory,newname));
4475 if (!rcdest && bad_path_dest) {
4476 if (ms_has_wild(last_component_dest))
4477 return NT_STATUS_OBJECT_NAME_INVALID;
4478 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4481 error = can_rename(conn,directory,attrs,&sbuf1);
4483 if (!NT_STATUS_IS_OK(error)) {
4484 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4485 nt_errstr(error), directory,newname));
4490 * If the src and dest names are identical - including case,
4491 * don't do the rename, just return success.
4494 if (strcsequal(directory, newname)) {
4495 rename_open_files(conn, NULL, sbuf1.st_dev, sbuf1.st_ino, newname);
4496 DEBUG(3,("rename_internals: identical names in rename %s - returning success\n", directory));
4497 return NT_STATUS_OK;
4500 if(!replace_if_exists && vfs_object_exist(conn,newname,NULL)) {
4501 DEBUG(3,("rename_internals: dest exists doing rename %s -> %s\n",
4502 directory,newname));
4503 return NT_STATUS_OBJECT_NAME_COLLISION;
4506 if (rename_path_prefix_equal(directory, newname)) {
4507 return NT_STATUS_SHARING_VIOLATION;
4510 lck = get_share_mode_lock(NULL, sbuf1.st_dev, sbuf1.st_ino, NULL, NULL);
4512 if(SMB_VFS_RENAME(conn,directory, newname) == 0) {
4513 DEBUG(3,("rename_internals: succeeded doing rename on %s -> %s\n",
4514 directory,newname));
4515 rename_open_files(conn, lck, sbuf1.st_dev, sbuf1.st_ino, newname);
4517 return NT_STATUS_OK;
4521 if (errno == ENOTDIR || errno == EISDIR)
4522 error = NT_STATUS_OBJECT_NAME_COLLISION;
4524 error = map_nt_error_from_unix(errno);
4526 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4527 nt_errstr(error), directory,newname));
4532 * Wildcards - process each file that matches.
4534 struct smb_Dir *dir_hnd = NULL;
4538 if (strequal(mask,"????????.???"))
4541 if (check_name(directory,conn))
4542 dir_hnd = OpenDir(conn, directory, mask, attrs);
4546 error = NT_STATUS_NO_SUCH_FILE;
4547 /* Was error = NT_STATUS_OBJECT_NAME_NOT_FOUND; - gentest fix. JRA */
4549 while ((dname = ReadDirName(dir_hnd, &offset))) {
4551 BOOL sysdir_entry = False;
4553 pstrcpy(fname,dname);
4555 /* Quick check for "." and ".." */
4556 if (fname[0] == '.') {
4557 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
4559 sysdir_entry = True;
4566 if (!is_visible_file(conn, directory, dname, &sbuf1, False))
4569 if(!mask_match(fname, mask, conn->case_sensitive))
4573 error = NT_STATUS_OBJECT_NAME_INVALID;
4577 error = NT_STATUS_ACCESS_DENIED;
4578 slprintf(fname,sizeof(fname)-1,"%s/%s",directory,dname);
4579 if (!vfs_object_exist(conn, fname, &sbuf1)) {
4580 error = NT_STATUS_OBJECT_NAME_NOT_FOUND;
4581 DEBUG(6,("rename %s failed. Error %s\n", fname, nt_errstr(error)));
4584 error = can_rename(conn,fname,attrs,&sbuf1);
4585 if (!NT_STATUS_IS_OK(error)) {
4586 DEBUG(6,("rename %s refused\n", fname));
4589 pstrcpy(destname,newname);
4591 if (!resolve_wildcards(fname,destname)) {
4592 DEBUG(6,("resolve_wildcards %s %s failed\n",
4597 if (strcsequal(fname,destname)) {
4598 rename_open_files(conn, NULL, sbuf1.st_dev, sbuf1.st_ino, newname);
4599 DEBUG(3,("rename_internals: identical names in wildcard rename %s - success\n", fname));
4601 error = NT_STATUS_OK;
4605 if (!replace_if_exists &&
4606 vfs_file_exist(conn,destname, NULL)) {
4607 DEBUG(6,("file_exist %s\n", destname));
4608 error = NT_STATUS_OBJECT_NAME_COLLISION;
4612 if (rename_path_prefix_equal(fname, destname)) {
4613 return NT_STATUS_SHARING_VIOLATION;
4616 lck = get_share_mode_lock(NULL, sbuf1.st_dev, sbuf1.st_ino, NULL, NULL);
4618 if (!SMB_VFS_RENAME(conn,fname,destname)) {
4619 rename_open_files(conn, lck, sbuf1.st_dev, sbuf1.st_ino, newname);
4621 error = NT_STATUS_OK;
4624 DEBUG(3,("rename_internals: doing rename on %s -> %s\n",fname,destname));
4629 if (!NT_STATUS_EQUAL(error,NT_STATUS_NO_SUCH_FILE)) {
4630 if (!rcdest && bad_path_dest) {
4631 if (ms_has_wild(last_component_dest))
4632 return NT_STATUS_OBJECT_NAME_INVALID;
4633 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4638 if (count == 0 && NT_STATUS_IS_OK(error)) {
4639 error = map_nt_error_from_unix(errno);
4645 /****************************************************************************
4647 ****************************************************************************/
4649 int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
4656 uint32 attrs = SVAL(inbuf,smb_vwv0);
4658 BOOL path1_contains_wcard = False;
4659 BOOL path2_contains_wcard = False;
4661 START_PROFILE(SMBmv);
4663 p = smb_buf(inbuf) + 1;
4664 p += srvstr_get_path_wcard(inbuf, name, p, sizeof(name), 0, STR_TERMINATE, &status, &path1_contains_wcard);
4665 if (!NT_STATUS_IS_OK(status)) {
4667 return ERROR_NT(status);
4670 p += srvstr_get_path_wcard(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status, &path2_contains_wcard);
4671 if (!NT_STATUS_IS_OK(status)) {
4673 return ERROR_NT(status);
4676 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
4677 RESOLVE_DFSPATH_WCARD(newname, conn, inbuf, outbuf);
4679 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
4681 status = rename_internals(conn, name, newname, attrs, False, path1_contains_wcard);
4682 if (!NT_STATUS_IS_OK(status)) {
4684 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
4685 /* We have re-scheduled this call. */
4688 return ERROR_NT(status);
4692 * Win2k needs a changenotify request response before it will
4693 * update after a rename..
4695 process_pending_change_notify_queue((time_t)0);
4696 outsize = set_message(outbuf,0,0,False);
4702 /*******************************************************************
4703 Copy a file as part of a reply_copy.
4704 ******************************************************************/
4707 * TODO: check error codes on all callers
4710 NTSTATUS copy_file(char *src, char *dest1,connection_struct *conn, int ofun,
4711 int count, BOOL target_is_directory)
4713 SMB_STRUCT_STAT src_sbuf, sbuf2;
4715 files_struct *fsp1,*fsp2;
4718 uint32 new_create_disposition;
4722 pstrcpy(dest,dest1);
4723 if (target_is_directory) {
4724 char *p = strrchr_m(src,'/');
4734 if (!vfs_file_exist(conn,src,&src_sbuf)) {
4735 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4738 if (!target_is_directory && count) {
4739 new_create_disposition = FILE_OPEN;
4741 if (!map_open_params_to_ntcreate(dest1,0,ofun,
4742 NULL, NULL, &new_create_disposition, NULL)) {
4743 return NT_STATUS_INVALID_PARAMETER;
4747 status = open_file_ntcreate(conn,src,&src_sbuf,
4749 FILE_SHARE_READ|FILE_SHARE_WRITE,
4752 FILE_ATTRIBUTE_NORMAL,
4756 if (!NT_STATUS_IS_OK(status)) {
4760 dosattrs = dos_mode(conn, src, &src_sbuf);
4761 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
4762 ZERO_STRUCTP(&sbuf2);
4765 status = open_file_ntcreate(conn,dest,&sbuf2,
4767 FILE_SHARE_READ|FILE_SHARE_WRITE,
4768 new_create_disposition,
4774 if (!NT_STATUS_IS_OK(status)) {
4775 close_file(fsp1,ERROR_CLOSE);
4779 if ((ofun&3) == 1) {
4780 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
4781 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
4783 * Stop the copy from occurring.
4786 src_sbuf.st_size = 0;
4790 if (src_sbuf.st_size) {
4791 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
4794 close_file(fsp1,NORMAL_CLOSE);
4796 /* Ensure the modtime is set correctly on the destination file. */
4797 fsp_set_pending_modtime( fsp2, src_sbuf.st_mtime);
4800 * As we are opening fsp1 read-only we only expect
4801 * an error on close on fsp2 if we are out of space.
4802 * Thus we don't look at the error return from the
4805 close_err = close_file(fsp2,NORMAL_CLOSE);
4807 if (close_err != 0) {
4808 return map_nt_error_from_unix(close_err);
4811 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
4812 return NT_STATUS_DISK_FULL;
4815 return NT_STATUS_OK;
4818 /****************************************************************************
4819 Reply to a file copy.
4820 ****************************************************************************/
4822 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4827 pstring mask,newname;
4830 int error = ERRnoaccess;
4834 int tid2 = SVAL(inbuf,smb_vwv0);
4835 int ofun = SVAL(inbuf,smb_vwv1);
4836 int flags = SVAL(inbuf,smb_vwv2);
4837 BOOL target_is_directory=False;
4838 BOOL bad_path1 = False;
4839 BOOL bad_path2 = False;
4840 BOOL path_contains_wcard1 = False;
4841 BOOL path_contains_wcard2 = False;
4843 SMB_STRUCT_STAT sbuf1, sbuf2;
4845 START_PROFILE(SMBcopy);
4847 *directory = *mask = 0;
4850 p += srvstr_get_path_wcard(inbuf, name, p, sizeof(name), 0, STR_TERMINATE, &status, &path_contains_wcard1);
4851 if (!NT_STATUS_IS_OK(status)) {
4852 END_PROFILE(SMBcopy);
4853 return ERROR_NT(status);
4855 p += srvstr_get_path_wcard(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status, &path_contains_wcard2);
4856 if (!NT_STATUS_IS_OK(status)) {
4857 END_PROFILE(SMBcopy);
4858 return ERROR_NT(status);
4861 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
4863 if (tid2 != conn->cnum) {
4864 /* can't currently handle inter share copies XXXX */
4865 DEBUG(3,("Rejecting inter-share copy\n"));
4866 END_PROFILE(SMBcopy);
4867 return ERROR_DOS(ERRSRV,ERRinvdevice);
4870 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
4871 RESOLVE_DFSPATH_WCARD(newname, conn, inbuf, outbuf);
4873 rc = unix_convert(name,conn,0,&bad_path1,&sbuf1);
4874 unix_convert(newname,conn,0,&bad_path2,&sbuf2);
4876 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
4878 if ((flags&1) && target_is_directory) {
4879 END_PROFILE(SMBcopy);
4880 return ERROR_DOS(ERRDOS,ERRbadfile);
4883 if ((flags&2) && !target_is_directory) {
4884 END_PROFILE(SMBcopy);
4885 return ERROR_DOS(ERRDOS,ERRbadpath);
4888 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
4889 /* wants a tree copy! XXXX */
4890 DEBUG(3,("Rejecting tree copy\n"));
4891 END_PROFILE(SMBcopy);
4892 return ERROR_DOS(ERRSRV,ERRerror);
4895 p = strrchr_m(name,'/');
4897 pstrcpy(directory,"./");
4901 pstrcpy(directory,name);
4906 * We should only check the mangled cache
4907 * here if unix_convert failed. This means
4908 * that the path in 'mask' doesn't exist
4909 * on the file system and so we need to look
4910 * for a possible mangle. This patch from
4911 * Tine Smukavec <valentin.smukavec@hermes.si>.
4914 if (!rc && mangle_is_mangled(mask, conn->params))
4915 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
4917 has_wild = path_contains_wcard1;
4920 pstrcat(directory,"/");
4921 pstrcat(directory,mask);
4922 if (resolve_wildcards(directory,newname)
4923 && NT_STATUS_IS_OK(status = copy_file(
4924 directory,newname,conn,ofun,
4925 count,target_is_directory)))
4927 if(!count && !NT_STATUS_IS_OK(status)) {
4928 END_PROFILE(SMBcopy);
4929 return ERROR_NT(status);
4932 exists = vfs_file_exist(conn,directory,NULL);
4935 struct smb_Dir *dir_hnd = NULL;
4939 if (strequal(mask,"????????.???"))
4942 if (check_name(directory,conn))
4943 dir_hnd = OpenDir(conn, directory, mask, 0);
4949 while ((dname = ReadDirName(dir_hnd, &offset))) {
4951 pstrcpy(fname,dname);
4953 if (!is_visible_file(conn, directory, dname, &sbuf1, False))
4956 if(!mask_match(fname, mask, conn->case_sensitive))
4959 error = ERRnoaccess;
4960 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
4961 pstrcpy(destname,newname);
4962 if (resolve_wildcards(fname,destname)
4963 && NT_STATUS_IS_OK(status = copy_file(
4964 fname,destname,conn,ofun,
4965 count,target_is_directory)))
4967 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname,destname));
4975 /* Error on close... */
4977 END_PROFILE(SMBcopy);
4978 return(UNIXERROR(ERRHRD,ERRgeneral));
4982 END_PROFILE(SMBcopy);
4983 return ERROR_DOS(ERRDOS,error);
4985 if((errno == ENOENT) && (bad_path1 || bad_path2) &&
4987 /* Samba 3.0.22 has ERRDOS/ERRbadpath in the
4988 * DOS error code case
4990 return ERROR_DOS(ERRDOS, ERRbadpath);
4992 END_PROFILE(SMBcopy);
4993 return(UNIXERROR(ERRDOS,error));
4997 outsize = set_message(outbuf,1,0,True);
4998 SSVAL(outbuf,smb_vwv0,count);
5000 END_PROFILE(SMBcopy);
5004 /****************************************************************************
5006 ****************************************************************************/
5008 int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5016 START_PROFILE(pathworks_setdir);
5019 if (!CAN_SETDIR(snum)) {
5020 END_PROFILE(pathworks_setdir);
5021 return ERROR_DOS(ERRDOS,ERRnoaccess);
5024 srvstr_get_path(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), 0, STR_TERMINATE, &status);
5025 if (!NT_STATUS_IS_OK(status)) {
5026 END_PROFILE(pathworks_setdir);
5027 return ERROR_NT(status);
5030 RESOLVE_DFSPATH(newdir, conn, inbuf, outbuf);
5032 if (strlen(newdir) == 0) {
5035 ok = vfs_directory_exist(conn,newdir,NULL);
5037 set_conn_connectpath(conn,newdir);
5041 END_PROFILE(pathworks_setdir);
5042 return ERROR_DOS(ERRDOS,ERRbadpath);
5045 outsize = set_message(outbuf,0,0,False);
5046 SCVAL(outbuf,smb_reh,CVAL(inbuf,smb_reh));
5048 DEBUG(3,("setdir %s\n", newdir));
5050 END_PROFILE(pathworks_setdir);
5055 #define DBGC_CLASS DBGC_LOCKING
5057 /****************************************************************************
5058 Get a lock pid, dealing with large count requests.
5059 ****************************************************************************/
5061 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
5063 if(!large_file_format)
5064 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
5066 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
5069 /****************************************************************************
5070 Get a lock count, dealing with large count requests.
5071 ****************************************************************************/
5073 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
5075 SMB_BIG_UINT count = 0;
5077 if(!large_file_format) {
5078 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
5081 #if defined(HAVE_LONGLONG)
5082 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
5083 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
5084 #else /* HAVE_LONGLONG */
5087 * NT4.x seems to be broken in that it sends large file (64 bit)
5088 * lockingX calls even if the CAP_LARGE_FILES was *not*
5089 * negotiated. For boxes without large unsigned ints truncate the
5090 * lock count by dropping the top 32 bits.
5093 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
5094 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
5095 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
5096 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
5097 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
5100 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
5101 #endif /* HAVE_LONGLONG */
5107 #if !defined(HAVE_LONGLONG)
5108 /****************************************************************************
5109 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
5110 ****************************************************************************/
5112 static uint32 map_lock_offset(uint32 high, uint32 low)
5116 uint32 highcopy = high;
5119 * Try and find out how many significant bits there are in high.
5122 for(i = 0; highcopy; i++)
5126 * We use 31 bits not 32 here as POSIX
5127 * lock offsets may not be negative.
5130 mask = (~0) << (31 - i);
5133 return 0; /* Fail. */
5139 #endif /* !defined(HAVE_LONGLONG) */
5141 /****************************************************************************
5142 Get a lock offset, dealing with large offset requests.
5143 ****************************************************************************/
5145 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
5147 SMB_BIG_UINT offset = 0;
5151 if(!large_file_format) {
5152 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
5155 #if defined(HAVE_LONGLONG)
5156 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
5157 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
5158 #else /* HAVE_LONGLONG */
5161 * NT4.x seems to be broken in that it sends large file (64 bit)
5162 * lockingX calls even if the CAP_LARGE_FILES was *not*
5163 * negotiated. For boxes without large unsigned ints mangle the
5164 * lock offset by mapping the top 32 bits onto the lower 32.
5167 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
5168 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5169 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
5172 if((new_low = map_lock_offset(high, low)) == 0) {
5174 return (SMB_BIG_UINT)-1;
5177 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
5178 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
5179 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
5180 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
5183 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5184 #endif /* HAVE_LONGLONG */
5190 /****************************************************************************
5191 Reply to a lockingX request.
5192 ****************************************************************************/
5194 int reply_lockingX(connection_struct *conn, char *inbuf, char *outbuf,
5195 int length, int bufsize)
5197 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
5198 unsigned char locktype = CVAL(inbuf,smb_vwv3);
5199 unsigned char oplocklevel = CVAL(inbuf,smb_vwv3+1);
5200 uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
5201 uint16 num_locks = SVAL(inbuf,smb_vwv7);
5202 SMB_BIG_UINT count = 0, offset = 0;
5204 int32 lock_timeout = IVAL(inbuf,smb_vwv4);
5207 BOOL large_file_format =
5208 (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
5210 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5212 START_PROFILE(SMBlockingX);
5214 CHECK_FSP(fsp,conn);
5216 data = smb_buf(inbuf);
5218 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
5219 /* we don't support these - and CANCEL_LOCK makes w2k
5220 and XP reboot so I don't really want to be
5221 compatible! (tridge) */
5222 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
5225 /* Check if this is an oplock break on a file
5226 we have granted an oplock on.
5228 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
5229 /* Client can insist on breaking to none. */
5230 BOOL break_to_none = (oplocklevel == 0);
5233 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
5234 "for fnum = %d\n", (unsigned int)oplocklevel,
5238 * Make sure we have granted an exclusive or batch oplock on
5242 if (fsp->oplock_type == 0) {
5244 /* The Samba4 nbench simulator doesn't understand
5245 the difference between break to level2 and break
5246 to none from level2 - it sends oplock break
5247 replies in both cases. Don't keep logging an error
5248 message here - just ignore it. JRA. */
5250 DEBUG(5,("reply_lockingX: Error : oplock break from "
5251 "client for fnum = %d (oplock=%d) and no "
5252 "oplock granted on this file (%s).\n",
5253 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
5255 /* if this is a pure oplock break request then don't
5257 if (num_locks == 0 && num_ulocks == 0) {
5258 END_PROFILE(SMBlockingX);
5261 END_PROFILE(SMBlockingX);
5262 return ERROR_DOS(ERRDOS,ERRlock);
5266 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
5268 result = remove_oplock(fsp);
5270 result = downgrade_oplock(fsp);
5274 DEBUG(0, ("reply_lockingX: error in removing "
5275 "oplock on file %s\n", fsp->fsp_name));
5276 /* Hmmm. Is this panic justified? */
5277 smb_panic("internal tdb error");
5280 reply_to_oplock_break_requests(fsp);
5282 /* if this is a pure oplock break request then don't send a
5284 if (num_locks == 0 && num_ulocks == 0) {
5285 /* Sanity check - ensure a pure oplock break is not a
5287 if(CVAL(inbuf,smb_vwv0) != 0xff)
5288 DEBUG(0,("reply_lockingX: Error : pure oplock "
5289 "break is a chained %d request !\n",
5290 (unsigned int)CVAL(inbuf,smb_vwv0) ));
5291 END_PROFILE(SMBlockingX);
5297 * We do this check *after* we have checked this is not a oplock break
5298 * response message. JRA.
5301 release_level_2_oplocks_on_change(fsp);
5303 /* Data now points at the beginning of the list
5304 of smb_unlkrng structs */
5305 for(i = 0; i < (int)num_ulocks; i++) {
5306 lock_pid = get_lock_pid( data, i, large_file_format);
5307 count = get_lock_count( data, i, large_file_format);
5308 offset = get_lock_offset( data, i, large_file_format, &err);
5311 * There is no error code marked "stupid client bug".... :-).
5314 END_PROFILE(SMBlockingX);
5315 return ERROR_DOS(ERRDOS,ERRnoaccess);
5318 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
5319 "pid %u, file %s\n", (double)offset, (double)count,
5320 (unsigned int)lock_pid, fsp->fsp_name ));
5322 status = do_unlock(fsp,
5328 if (NT_STATUS_V(status)) {
5329 END_PROFILE(SMBlockingX);
5330 return ERROR_NT(status);
5334 /* Setup the timeout in seconds. */
5336 if (!lp_blocking_locks(SNUM(conn))) {
5340 /* Now do any requested locks */
5341 data += ((large_file_format ? 20 : 10)*num_ulocks);
5343 /* Data now points at the beginning of the list
5344 of smb_lkrng structs */
5346 for(i = 0; i < (int)num_locks; i++) {
5347 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
5348 READ_LOCK:WRITE_LOCK);
5349 lock_pid = get_lock_pid( data, i, large_file_format);
5350 count = get_lock_count( data, i, large_file_format);
5351 offset = get_lock_offset( data, i, large_file_format, &err);
5354 * There is no error code marked "stupid client bug".... :-).
5357 END_PROFILE(SMBlockingX);
5358 return ERROR_DOS(ERRDOS,ERRnoaccess);
5361 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
5362 "%u, file %s timeout = %d\n", (double)offset,
5363 (double)count, (unsigned int)lock_pid,
5364 fsp->fsp_name, (int)lock_timeout ));
5366 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
5367 if (lp_blocking_locks(SNUM(conn))) {
5369 /* Schedule a message to ourselves to
5370 remove the blocking lock record and
5371 return the right error. */
5373 if (!blocking_lock_cancel(fsp,
5379 NT_STATUS_FILE_LOCK_CONFLICT)) {
5380 END_PROFILE(SMBlockingX);
5381 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRcancelviolation));
5384 /* Remove a matching pending lock. */
5385 status = do_lock_cancel(fsp,
5391 BOOL blocking_lock = lock_timeout ? True : False;
5392 BOOL defer_lock = False;
5393 struct byte_range_lock *br_lck;
5395 br_lck = do_lock(fsp,
5404 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
5405 /* Windows internal resolution for blocking locks seems
5406 to be about 200ms... Don't wait for less than that. JRA. */
5407 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
5408 lock_timeout = lp_lock_spin_time();
5413 /* This heuristic seems to match W2K3 very well. If a
5414 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
5415 it pretends we asked for a timeout of between 150 - 300 milliseconds as
5416 far as I can tell. Replacement for do_lock_spin(). JRA. */
5418 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
5419 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
5421 lock_timeout = lp_lock_spin_time();
5424 if (br_lck && defer_lock) {
5426 * A blocking lock was requested. Package up
5427 * this smb into a queued request and push it
5428 * onto the blocking lock queue.
5430 if(push_blocking_lock_request(br_lck,
5440 TALLOC_FREE(br_lck);
5441 END_PROFILE(SMBlockingX);
5446 TALLOC_FREE(br_lck);
5449 if (NT_STATUS_V(status)) {
5450 END_PROFILE(SMBlockingX);
5451 return ERROR_NT(status);
5455 /* If any of the above locks failed, then we must unlock
5456 all of the previous locks (X/Open spec). */
5458 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
5462 * Ensure we don't do a remove on the lock that just failed,
5463 * as under POSIX rules, if we have a lock already there, we
5464 * will delete it (and we shouldn't) .....
5466 for(i--; i >= 0; i--) {
5467 lock_pid = get_lock_pid( data, i, large_file_format);
5468 count = get_lock_count( data, i, large_file_format);
5469 offset = get_lock_offset( data, i, large_file_format,
5473 * There is no error code marked "stupid client
5477 END_PROFILE(SMBlockingX);
5478 return ERROR_DOS(ERRDOS,ERRnoaccess);
5487 END_PROFILE(SMBlockingX);
5488 return ERROR_NT(status);
5491 set_message(outbuf,2,0,True);
5493 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
5494 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
5496 END_PROFILE(SMBlockingX);
5497 return chain_reply(inbuf,outbuf,length,bufsize);
5501 #define DBGC_CLASS DBGC_ALL
5503 /****************************************************************************
5504 Reply to a SMBreadbmpx (read block multiplex) request.
5505 ****************************************************************************/
5507 int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
5518 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5519 START_PROFILE(SMBreadBmpx);
5521 /* this function doesn't seem to work - disable by default */
5522 if (!lp_readbmpx()) {
5523 END_PROFILE(SMBreadBmpx);
5524 return ERROR_DOS(ERRSRV,ERRuseSTD);
5527 outsize = set_message(outbuf,8,0,True);
5529 CHECK_FSP(fsp,conn);
5530 if (!CHECK_READ(fsp,inbuf)) {
5531 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5534 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
5535 maxcount = SVAL(inbuf,smb_vwv3);
5537 data = smb_buf(outbuf);
5538 pad = ((long)data)%4;
5543 max_per_packet = bufsize-(outsize+pad);
5547 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
5548 END_PROFILE(SMBreadBmpx);
5549 return ERROR_DOS(ERRDOS,ERRlock);
5553 size_t N = MIN(max_per_packet,tcount-total_read);
5555 nread = read_file(fsp,data,startpos,N);
5560 if (nread < (ssize_t)N)
5561 tcount = total_read + nread;
5563 set_message(outbuf,8,nread+pad,False);
5564 SIVAL(outbuf,smb_vwv0,startpos);
5565 SSVAL(outbuf,smb_vwv2,tcount);
5566 SSVAL(outbuf,smb_vwv6,nread);
5567 SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
5570 if (!send_smb(smbd_server_fd(),outbuf))
5571 exit_server_cleanly("reply_readbmpx: send_smb failed.");
5573 total_read += nread;
5575 } while (total_read < (ssize_t)tcount);
5577 END_PROFILE(SMBreadBmpx);
5581 /****************************************************************************
5582 Reply to a SMBsetattrE.
5583 ****************************************************************************/
5585 int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5587 struct utimbuf unix_times;
5589 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5590 START_PROFILE(SMBsetattrE);
5592 outsize = set_message(outbuf,0,0,False);
5594 if(!fsp || (fsp->conn != conn)) {
5595 END_PROFILE(SMBsetattrE);
5596 return ERROR_DOS(ERRDOS,ERRbadfid);
5600 * Convert the DOS times into unix times. Ignore create
5601 * time as UNIX can't set this.
5604 unix_times.actime = srv_make_unix_date2(inbuf+smb_vwv3);
5605 unix_times.modtime = srv_make_unix_date2(inbuf+smb_vwv5);
5608 * Patch from Ray Frush <frush@engr.colostate.edu>
5609 * Sometimes times are sent as zero - ignore them.
5612 if (null_mtime(unix_times.actime) && null_mtime(unix_times.modtime)) {
5613 /* Ignore request */
5614 if( DEBUGLVL( 3 ) ) {
5615 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
5616 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
5618 END_PROFILE(SMBsetattrE);
5620 } else if (!null_mtime(unix_times.actime) && null_mtime(unix_times.modtime)) {
5621 /* set modify time = to access time if modify time was unset */
5622 unix_times.modtime = unix_times.actime;
5625 /* Set the date on this file */
5626 /* Should we set pending modtime here ? JRA */
5627 if(file_utime(conn, fsp->fsp_name, &unix_times)) {
5628 END_PROFILE(SMBsetattrE);
5629 return ERROR_DOS(ERRDOS,ERRnoaccess);
5632 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%d modtime=%d\n",
5633 fsp->fnum, (int)unix_times.actime, (int)unix_times.modtime ) );
5635 END_PROFILE(SMBsetattrE);
5640 /* Back from the dead for OS/2..... JRA. */
5642 /****************************************************************************
5643 Reply to a SMBwritebmpx (write block multiplex primary) request.
5644 ****************************************************************************/
5646 int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5649 ssize_t nwritten = -1;
5656 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5657 START_PROFILE(SMBwriteBmpx);
5659 CHECK_FSP(fsp,conn);
5660 if (!CHECK_WRITE(fsp)) {
5661 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5663 if (HAS_CACHED_ERROR(fsp)) {
5664 return(CACHED_ERROR(fsp));
5667 tcount = SVAL(inbuf,smb_vwv1);
5668 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
5669 write_through = BITSETW(inbuf+smb_vwv7,0);
5670 numtowrite = SVAL(inbuf,smb_vwv10);
5671 smb_doff = SVAL(inbuf,smb_vwv11);
5673 data = smb_base(inbuf) + smb_doff;
5675 /* If this fails we need to send an SMBwriteC response,
5676 not an SMBwritebmpx - set this up now so we don't forget */
5677 SCVAL(outbuf,smb_com,SMBwritec);
5679 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK)) {
5680 END_PROFILE(SMBwriteBmpx);
5681 return(ERROR_DOS(ERRDOS,ERRlock));
5684 nwritten = write_file(fsp,data,startpos,numtowrite);
5686 sync_file(conn, fsp, write_through);
5688 if(nwritten < (ssize_t)numtowrite) {
5689 END_PROFILE(SMBwriteBmpx);
5690 return(UNIXERROR(ERRHRD,ERRdiskfull));
5693 /* If the maximum to be written to this file
5694 is greater than what we just wrote then set
5695 up a secondary struct to be attached to this
5696 fd, we will use this to cache error messages etc. */
5698 if((ssize_t)tcount > nwritten) {
5699 write_bmpx_struct *wbms;
5700 if(fsp->wbmpx_ptr != NULL)
5701 wbms = fsp->wbmpx_ptr; /* Use an existing struct */
5703 wbms = SMB_MALLOC_P(write_bmpx_struct);
5705 DEBUG(0,("Out of memory in reply_readmpx\n"));
5706 END_PROFILE(SMBwriteBmpx);
5707 return(ERROR_DOS(ERRSRV,ERRnoresource));
5709 wbms->wr_mode = write_through;
5710 wbms->wr_discard = False; /* No errors yet */
5711 wbms->wr_total_written = nwritten;
5712 wbms->wr_errclass = 0;
5714 fsp->wbmpx_ptr = wbms;
5717 /* We are returning successfully, set the message type back to
5719 SCVAL(outbuf,smb_com,SMBwriteBmpx);
5721 outsize = set_message(outbuf,1,0,True);
5723 SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
5725 DEBUG( 3, ( "writebmpx fnum=%d num=%d wrote=%d\n",
5726 fsp->fnum, (int)numtowrite, (int)nwritten ) );
5728 if (write_through && tcount==nwritten) {
5729 /* We need to send both a primary and a secondary response */
5730 smb_setlen(outbuf,outsize - 4);
5732 if (!send_smb(smbd_server_fd(),outbuf))
5733 exit_server_cleanly("reply_writebmpx: send_smb failed.");
5735 /* Now the secondary */
5736 outsize = set_message(outbuf,1,0,True);
5737 SCVAL(outbuf,smb_com,SMBwritec);
5738 SSVAL(outbuf,smb_vwv0,nwritten);
5741 END_PROFILE(SMBwriteBmpx);
5745 /****************************************************************************
5746 Reply to a SMBwritebs (write block multiplex secondary) request.
5747 ****************************************************************************/
5749 int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5752 ssize_t nwritten = -1;
5759 write_bmpx_struct *wbms;
5760 BOOL send_response = False;
5761 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5762 START_PROFILE(SMBwriteBs);
5764 CHECK_FSP(fsp,conn);
5765 if (!CHECK_WRITE(fsp)) {
5766 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5769 tcount = SVAL(inbuf,smb_vwv1);
5770 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
5771 numtowrite = SVAL(inbuf,smb_vwv6);
5772 smb_doff = SVAL(inbuf,smb_vwv7);
5774 data = smb_base(inbuf) + smb_doff;
5776 /* We need to send an SMBwriteC response, not an SMBwritebs */
5777 SCVAL(outbuf,smb_com,SMBwritec);
5779 /* This fd should have an auxiliary struct attached,
5780 check that it does */
5781 wbms = fsp->wbmpx_ptr;
5783 END_PROFILE(SMBwriteBs);
5787 /* If write through is set we can return errors, else we must cache them */
5788 write_through = wbms->wr_mode;
5790 /* Check for an earlier error */
5791 if(wbms->wr_discard) {
5792 END_PROFILE(SMBwriteBs);
5793 return -1; /* Just discard the packet */
5796 nwritten = write_file(fsp,data,startpos,numtowrite);
5798 sync_file(conn, fsp, write_through);
5800 if (nwritten < (ssize_t)numtowrite) {
5802 /* We are returning an error - we can delete the aux struct */
5805 fsp->wbmpx_ptr = NULL;
5806 END_PROFILE(SMBwriteBs);
5807 return(ERROR_DOS(ERRHRD,ERRdiskfull));
5809 wbms->wr_errclass = ERRHRD;
5810 wbms->wr_error = ERRdiskfull;
5811 wbms->wr_status = NT_STATUS_DISK_FULL;
5812 wbms->wr_discard = True;
5813 END_PROFILE(SMBwriteBs);
5817 /* Increment the total written, if this matches tcount
5818 we can discard the auxiliary struct (hurrah !) and return a writeC */
5819 wbms->wr_total_written += nwritten;
5820 if(wbms->wr_total_written >= tcount) {
5821 if (write_through) {
5822 outsize = set_message(outbuf,1,0,True);
5823 SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);
5824 send_response = True;
5828 fsp->wbmpx_ptr = NULL;
5832 END_PROFILE(SMBwriteBs);
5836 END_PROFILE(SMBwriteBs);
5840 /****************************************************************************
5841 Reply to a SMBgetattrE.
5842 ****************************************************************************/
5844 int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5846 SMB_STRUCT_STAT sbuf;
5849 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5850 START_PROFILE(SMBgetattrE);
5852 outsize = set_message(outbuf,11,0,True);
5854 if(!fsp || (fsp->conn != conn)) {
5855 END_PROFILE(SMBgetattrE);
5856 return ERROR_DOS(ERRDOS,ERRbadfid);
5859 /* Do an fstat on this file */
5860 if(fsp_stat(fsp, &sbuf)) {
5861 END_PROFILE(SMBgetattrE);
5862 return(UNIXERROR(ERRDOS,ERRnoaccess));
5865 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
5868 * Convert the times into dos times. Set create
5869 * date to be last modify date as UNIX doesn't save
5873 srv_put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
5874 srv_put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
5875 /* Should we check pending modtime here ? JRA */
5876 srv_put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
5879 SIVAL(outbuf,smb_vwv6,0);
5880 SIVAL(outbuf,smb_vwv8,0);
5882 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
5883 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
5884 SIVAL(outbuf,smb_vwv8,allocation_size);
5886 SSVAL(outbuf,smb_vwv10, mode);
5888 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
5890 END_PROFILE(SMBgetattrE);