2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 /****************************************************************************
31 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
32 path or anything including wildcards.
33 We're assuming here that '/' is not the second byte in any multibyte char
34 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
36 ****************************************************************************/
38 /* Custom version for processing POSIX paths. */
39 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
41 static NTSTATUS check_path_syntax_internal(char *path,
43 bool *p_last_component_contains_wcard)
47 NTSTATUS ret = NT_STATUS_OK;
48 bool start_of_name_component = True;
49 bool stream_started = false;
51 *p_last_component_contains_wcard = False;
58 return NT_STATUS_OBJECT_NAME_INVALID;
61 return NT_STATUS_OBJECT_NAME_INVALID;
63 if (strchr_m(&s[1], ':')) {
64 return NT_STATUS_OBJECT_NAME_INVALID;
70 if (!posix_path && !stream_started && *s == ':') {
71 if (*p_last_component_contains_wcard) {
72 return NT_STATUS_OBJECT_NAME_INVALID;
74 /* Stream names allow more characters than file names.
75 We're overloading posix_path here to allow a wider
76 range of characters. If stream_started is true this
77 is still a Windows path even if posix_path is true.
80 stream_started = true;
81 start_of_name_component = false;
85 return NT_STATUS_OBJECT_NAME_INVALID;
89 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
91 * Safe to assume is not the second part of a mb char
92 * as this is handled below.
94 /* Eat multiple '/' or '\\' */
95 while (IS_PATH_SEP(*s,posix_path)) {
98 if ((d != path) && (*s != '\0')) {
99 /* We only care about non-leading or trailing '/' or '\\' */
103 start_of_name_component = True;
105 *p_last_component_contains_wcard = False;
109 if (start_of_name_component) {
110 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
111 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
114 * No mb char starts with '.' so we're safe checking the directory separator here.
117 /* If we just added a '/' - delete it */
118 if ((d > path) && (*(d-1) == '/')) {
123 /* Are we at the start ? Can't go back further if so. */
125 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
128 /* Go back one level... */
129 /* We know this is safe as '/' cannot be part of a mb sequence. */
130 /* NOTE - if this assumption is invalid we are not in good shape... */
131 /* Decrement d first as d points to the *next* char to write into. */
132 for (d--; d > path; d--) {
136 s += 2; /* Else go past the .. */
137 /* We're still at the start of a name component, just the previous one. */
140 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
152 if (*s <= 0x1f || *s == '|') {
153 return NT_STATUS_OBJECT_NAME_INVALID;
161 *p_last_component_contains_wcard = True;
170 /* Get the size of the next MB character. */
171 next_codepoint(s,&siz);
189 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
191 return NT_STATUS_INVALID_PARAMETER;
194 start_of_name_component = False;
202 /****************************************************************************
203 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
204 No wildcards allowed.
205 ****************************************************************************/
207 NTSTATUS check_path_syntax(char *path)
210 return check_path_syntax_internal(path, False, &ignore);
213 /****************************************************************************
214 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
215 Wildcards allowed - p_contains_wcard returns true if the last component contained
217 ****************************************************************************/
219 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
221 return check_path_syntax_internal(path, False, p_contains_wcard);
224 /****************************************************************************
225 Check the path for a POSIX client.
226 We're assuming here that '/' is not the second byte in any multibyte char
227 set (a safe assumption).
228 ****************************************************************************/
230 NTSTATUS check_path_syntax_posix(char *path)
233 return check_path_syntax_internal(path, True, &ignore);
236 /****************************************************************************
237 Pull a string and check the path allowing a wilcard - provide for error return.
238 ****************************************************************************/
240 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
241 const char *base_ptr,
248 bool *contains_wcard)
254 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
258 *err = NT_STATUS_INVALID_PARAMETER;
262 *contains_wcard = False;
264 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
266 * For a DFS path the function parse_dfs_path()
267 * will do the path processing, just make a copy.
273 if (lp_posix_pathnames()) {
274 *err = check_path_syntax_posix(*pp_dest);
276 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 /****************************************************************************
283 Pull a string and check the path - provide for error return.
284 ****************************************************************************/
286 size_t srvstr_get_path(TALLOC_CTX *ctx,
287 const char *base_ptr,
296 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
297 src_len, flags, err, &ignore);
300 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
301 char **pp_dest, const char *src, int flags,
302 NTSTATUS *err, bool *contains_wcard)
304 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
305 pp_dest, src, smbreq_bufrem(req, src),
306 flags, err, contains_wcard);
309 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
310 char **pp_dest, const char *src, int flags,
314 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
315 flags, err, &ignore);
318 /****************************************************************************
319 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
320 ****************************************************************************/
322 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
325 if (!(fsp) || !(conn)) {
326 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
329 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
330 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 /****************************************************************************
337 Check if we have a correct fsp pointing to a file.
338 ****************************************************************************/
340 bool check_fsp(connection_struct *conn, struct smb_request *req,
343 if (!check_fsp_open(conn, req, fsp)) {
346 if ((fsp)->is_directory) {
347 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
350 if ((fsp)->fh->fd == -1) {
351 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
354 (fsp)->num_smb_operations++;
358 /****************************************************************************
359 Check if we have a correct fsp pointing to a quota fake file. Replacement for
360 the CHECK_NTQUOTA_HANDLE_OK macro.
361 ****************************************************************************/
363 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
366 if (!check_fsp_open(conn, req, fsp)) {
370 if (fsp->is_directory) {
374 if (fsp->fake_file_handle == NULL) {
378 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
382 if (fsp->fake_file_handle->private_data == NULL) {
389 /****************************************************************************
390 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
391 ****************************************************************************/
393 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
396 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
397 && (req->vuid == (fsp)->vuid)) {
401 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
405 static bool netbios_session_retarget(const char *name, int name_type)
408 char *trim_name_type;
409 const char *retarget_parm;
412 int retarget_type = 0x20;
413 int retarget_port = 139;
414 struct sockaddr_storage retarget_addr;
415 struct sockaddr_in *in_addr;
419 if (get_socket_port(smbd_server_fd()) != 139) {
423 trim_name = talloc_strdup(talloc_tos(), name);
424 if (trim_name == NULL) {
427 trim_char(trim_name, ' ', ' ');
429 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
431 if (trim_name_type == NULL) {
435 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
436 trim_name_type, NULL);
437 if (retarget_parm == NULL) {
438 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 if (retarget_parm == NULL) {
445 retarget = talloc_strdup(trim_name, retarget_parm);
446 if (retarget == NULL) {
450 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
452 p = strchr(retarget, ':');
455 retarget_port = atoi(p);
458 p = strchr_m(retarget, '#');
461 sscanf(p, "%x", &retarget_type);
464 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
466 DEBUG(10, ("could not resolve %s\n", retarget));
470 if (retarget_addr.ss_family != AF_INET) {
471 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
475 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
477 _smb_setlen(outbuf, 6);
478 SCVAL(outbuf, 0, 0x84);
479 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
480 *(uint16_t *)(outbuf+8) = htons(retarget_port);
482 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
484 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
490 TALLOC_FREE(trim_name);
494 /****************************************************************************
495 Reply to a (netbios-level) special message.
496 ****************************************************************************/
498 void reply_special(char *inbuf)
500 int msg_type = CVAL(inbuf,0);
501 int msg_flags = CVAL(inbuf,1);
503 char name_type1, name_type2;
504 struct smbd_server_connection *sconn = smbd_server_conn;
507 * We only really use 4 bytes of the outbuf, but for the smb_setlen
508 * calculation & friends (srv_send_smb uses that) we need the full smb
511 char outbuf[smb_size];
515 memset(outbuf, '\0', sizeof(outbuf));
517 smb_setlen(outbuf,0);
520 case 0x81: /* session request */
522 if (sconn->nbt.got_session) {
523 exit_server_cleanly("multiple session request not permitted");
526 SCVAL(outbuf,0,0x82);
528 if (name_len(inbuf+4) > 50 ||
529 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
530 DEBUG(0,("Invalid name length in session request\n"));
533 name_type1 = name_extract(inbuf,4,name1);
534 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
535 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
536 name1, name_type1, name2, name_type2));
538 if (netbios_session_retarget(name1, name_type1)) {
539 exit_server_cleanly("retargeted client");
542 set_local_machine_name(name1, True);
543 set_remote_machine_name(name2, True);
545 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
546 get_local_machine_name(), get_remote_machine_name(),
549 if (name_type2 == 'R') {
550 /* We are being asked for a pathworks session ---
552 SCVAL(outbuf, 0,0x83);
556 /* only add the client's machine name to the list
557 of possibly valid usernames if we are operating
558 in share mode security */
559 if (lp_security() == SEC_SHARE) {
560 add_session_user(sconn, get_remote_machine_name());
563 reload_services(True);
566 sconn->nbt.got_session = true;
569 case 0x89: /* session keepalive request
570 (some old clients produce this?) */
571 SCVAL(outbuf,0,SMBkeepalive);
575 case 0x82: /* positive session response */
576 case 0x83: /* negative session response */
577 case 0x84: /* retarget session response */
578 DEBUG(0,("Unexpected session response\n"));
581 case SMBkeepalive: /* session keepalive */
586 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
587 msg_type, msg_flags));
589 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
593 /****************************************************************************
595 conn POINTER CAN BE NULL HERE !
596 ****************************************************************************/
598 void reply_tcon(struct smb_request *req)
600 connection_struct *conn = req->conn;
602 char *service_buf = NULL;
603 char *password = NULL;
608 DATA_BLOB password_blob;
609 TALLOC_CTX *ctx = talloc_tos();
610 struct smbd_server_connection *sconn = smbd_server_conn;
612 START_PROFILE(SMBtcon);
614 if (req->buflen < 4) {
615 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
616 END_PROFILE(SMBtcon);
620 p = (const char *)req->buf + 1;
621 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
623 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
625 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
628 if (service_buf == NULL || password == NULL || dev == NULL) {
629 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
630 END_PROFILE(SMBtcon);
633 p = strrchr_m(service_buf,'\\');
637 service = service_buf;
640 password_blob = data_blob(password, pwlen+1);
642 conn = make_connection(sconn,service,password_blob,dev,
643 req->vuid,&nt_status);
646 data_blob_clear_free(&password_blob);
649 reply_nterror(req, nt_status);
650 END_PROFILE(SMBtcon);
654 reply_outbuf(req, 2, 0);
655 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
656 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
657 SSVAL(req->outbuf,smb_tid,conn->cnum);
659 DEBUG(3,("tcon service=%s cnum=%d\n",
660 service, conn->cnum));
662 END_PROFILE(SMBtcon);
666 /****************************************************************************
667 Reply to a tcon and X.
668 conn POINTER CAN BE NULL HERE !
669 ****************************************************************************/
671 void reply_tcon_and_X(struct smb_request *req)
673 connection_struct *conn = req->conn;
674 const char *service = NULL;
676 TALLOC_CTX *ctx = talloc_tos();
677 /* what the cleint thinks the device is */
678 char *client_devicetype = NULL;
679 /* what the server tells the client the share represents */
680 const char *server_devicetype;
686 struct smbd_server_connection *sconn = smbd_server_conn;
688 START_PROFILE(SMBtconX);
691 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
692 END_PROFILE(SMBtconX);
696 passlen = SVAL(req->vwv+3, 0);
697 tcon_flags = SVAL(req->vwv+2, 0);
699 /* we might have to close an old one */
700 if ((tcon_flags & 0x1) && conn) {
701 close_cnum(conn,req->vuid);
706 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
707 reply_doserror(req, ERRDOS, ERRbuftoosmall);
708 END_PROFILE(SMBtconX);
712 if (sconn->smb1.negprot.encrypted_passwords) {
713 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
714 if (lp_security() == SEC_SHARE) {
716 * Security = share always has a pad byte
717 * after the password.
719 p = (const char *)req->buf + passlen + 1;
721 p = (const char *)req->buf + passlen;
724 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
725 /* Ensure correct termination */
726 password.data[passlen]=0;
727 p = (const char *)req->buf + passlen + 1;
730 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
733 data_blob_clear_free(&password);
734 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
735 END_PROFILE(SMBtconX);
740 * the service name can be either: \\server\share
741 * or share directly like on the DELL PowerVault 705
744 q = strchr_m(path+2,'\\');
746 data_blob_clear_free(&password);
747 reply_doserror(req, ERRDOS, ERRnosuchshare);
748 END_PROFILE(SMBtconX);
756 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
757 &client_devicetype, p,
758 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
760 if (client_devicetype == NULL) {
761 data_blob_clear_free(&password);
762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
763 END_PROFILE(SMBtconX);
767 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
769 conn = make_connection(sconn, service, password, client_devicetype,
770 req->vuid, &nt_status);
773 data_blob_clear_free(&password);
776 reply_nterror(req, nt_status);
777 END_PROFILE(SMBtconX);
782 server_devicetype = "IPC";
783 else if ( IS_PRINT(conn) )
784 server_devicetype = "LPT1:";
786 server_devicetype = "A:";
788 if (get_Protocol() < PROTOCOL_NT1) {
789 reply_outbuf(req, 2, 0);
790 if (message_push_string(&req->outbuf, server_devicetype,
791 STR_TERMINATE|STR_ASCII) == -1) {
792 reply_nterror(req, NT_STATUS_NO_MEMORY);
793 END_PROFILE(SMBtconX);
797 /* NT sets the fstype of IPC$ to the null string */
798 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
800 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
801 /* Return permissions. */
805 reply_outbuf(req, 7, 0);
808 perm1 = FILE_ALL_ACCESS;
809 perm2 = FILE_ALL_ACCESS;
811 perm1 = CAN_WRITE(conn) ?
816 SIVAL(req->outbuf, smb_vwv3, perm1);
817 SIVAL(req->outbuf, smb_vwv5, perm2);
819 reply_outbuf(req, 3, 0);
822 if ((message_push_string(&req->outbuf, server_devicetype,
823 STR_TERMINATE|STR_ASCII) == -1)
824 || (message_push_string(&req->outbuf, fstype,
825 STR_TERMINATE) == -1)) {
826 reply_nterror(req, NT_STATUS_NO_MEMORY);
827 END_PROFILE(SMBtconX);
831 /* what does setting this bit do? It is set by NT4 and
832 may affect the ability to autorun mounted cdroms */
833 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
834 (lp_csc_policy(SNUM(conn)) << 2));
836 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
837 DEBUG(2,("Serving %s as a Dfs root\n",
838 lp_servicename(SNUM(conn)) ));
839 SSVAL(req->outbuf, smb_vwv2,
840 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
845 DEBUG(3,("tconX service=%s \n",
848 /* set the incoming and outgoing tid to the just created one */
849 SSVAL(req->inbuf,smb_tid,conn->cnum);
850 SSVAL(req->outbuf,smb_tid,conn->cnum);
852 END_PROFILE(SMBtconX);
854 req->tid = conn->cnum;
859 /****************************************************************************
860 Reply to an unknown type.
861 ****************************************************************************/
863 void reply_unknown_new(struct smb_request *req, uint8 type)
865 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
866 smb_fn_name(type), type, type));
867 reply_doserror(req, ERRSRV, ERRunknownsmb);
871 /****************************************************************************
873 conn POINTER CAN BE NULL HERE !
874 ****************************************************************************/
876 void reply_ioctl(struct smb_request *req)
878 connection_struct *conn = req->conn;
885 START_PROFILE(SMBioctl);
888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
889 END_PROFILE(SMBioctl);
893 device = SVAL(req->vwv+1, 0);
894 function = SVAL(req->vwv+2, 0);
895 ioctl_code = (device << 16) + function;
897 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
899 switch (ioctl_code) {
900 case IOCTL_QUERY_JOB_INFO:
904 reply_doserror(req, ERRSRV, ERRnosupport);
905 END_PROFILE(SMBioctl);
909 reply_outbuf(req, 8, replysize+1);
910 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
911 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
912 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
913 p = smb_buf(req->outbuf);
914 memset(p, '\0', replysize+1); /* valgrind-safe. */
915 p += 1; /* Allow for alignment */
917 switch (ioctl_code) {
918 case IOCTL_QUERY_JOB_INFO:
920 files_struct *fsp = file_fsp(
921 req, SVAL(req->vwv+0, 0));
923 reply_doserror(req, ERRDOS, ERRbadfid);
924 END_PROFILE(SMBioctl);
927 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
928 srvstr_push((char *)req->outbuf, req->flags2, p+2,
930 STR_TERMINATE|STR_ASCII);
932 srvstr_push((char *)req->outbuf, req->flags2,
933 p+18, lp_servicename(SNUM(conn)),
934 13, STR_TERMINATE|STR_ASCII);
942 END_PROFILE(SMBioctl);
946 /****************************************************************************
947 Strange checkpath NTSTATUS mapping.
948 ****************************************************************************/
950 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
952 /* Strange DOS error code semantics only for checkpath... */
953 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
954 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
955 /* We need to map to ERRbadpath */
956 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
962 /****************************************************************************
963 Reply to a checkpath.
964 ****************************************************************************/
966 void reply_checkpath(struct smb_request *req)
968 connection_struct *conn = req->conn;
969 struct smb_filename *smb_fname = NULL;
972 TALLOC_CTX *ctx = talloc_tos();
974 START_PROFILE(SMBcheckpath);
976 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
977 STR_TERMINATE, &status);
979 if (!NT_STATUS_IS_OK(status)) {
980 status = map_checkpath_error(req->flags2, status);
981 reply_nterror(req, status);
982 END_PROFILE(SMBcheckpath);
986 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
988 status = filename_convert(ctx,
990 req->flags2 & FLAGS2_DFS_PATHNAMES,
996 if (!NT_STATUS_IS_OK(status)) {
997 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
998 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1000 END_PROFILE(SMBcheckpath);
1006 if (!VALID_STAT(smb_fname->st) &&
1007 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1008 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1009 smb_fname_str_dbg(smb_fname), strerror(errno)));
1010 status = map_nt_error_from_unix(errno);
1014 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1015 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1016 ERRDOS, ERRbadpath);
1020 reply_outbuf(req, 0, 0);
1023 /* We special case this - as when a Windows machine
1024 is parsing a path is steps through the components
1025 one at a time - if a component fails it expects
1026 ERRbadpath, not ERRbadfile.
1028 status = map_checkpath_error(req->flags2, status);
1029 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1031 * Windows returns different error codes if
1032 * the parent directory is valid but not the
1033 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1034 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1035 * if the path is invalid.
1037 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1038 ERRDOS, ERRbadpath);
1042 reply_nterror(req, status);
1045 TALLOC_FREE(smb_fname);
1046 END_PROFILE(SMBcheckpath);
1050 /****************************************************************************
1052 ****************************************************************************/
1054 void reply_getatr(struct smb_request *req)
1056 connection_struct *conn = req->conn;
1057 struct smb_filename *smb_fname = NULL;
1064 TALLOC_CTX *ctx = talloc_tos();
1065 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1067 START_PROFILE(SMBgetatr);
1069 p = (const char *)req->buf + 1;
1070 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1071 if (!NT_STATUS_IS_OK(status)) {
1072 reply_nterror(req, status);
1076 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1077 under WfWg - weird! */
1078 if (*fname == '\0') {
1079 mode = aHIDDEN | aDIR;
1080 if (!CAN_WRITE(conn)) {
1086 status = filename_convert(ctx,
1088 req->flags2 & FLAGS2_DFS_PATHNAMES,
1093 if (!NT_STATUS_IS_OK(status)) {
1094 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1095 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1096 ERRSRV, ERRbadpath);
1099 reply_nterror(req, status);
1102 if (!VALID_STAT(smb_fname->st) &&
1103 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1104 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1105 smb_fname_str_dbg(smb_fname),
1107 reply_nterror(req, map_nt_error_from_unix(errno));
1111 mode = dos_mode(conn, smb_fname);
1112 size = smb_fname->st.st_ex_size;
1114 if (ask_sharemode) {
1115 struct timespec write_time_ts;
1116 struct file_id fileid;
1118 ZERO_STRUCT(write_time_ts);
1119 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1120 get_file_infos(fileid, NULL, &write_time_ts);
1121 if (!null_timespec(write_time_ts)) {
1122 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1126 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1132 reply_outbuf(req, 10, 0);
1134 SSVAL(req->outbuf,smb_vwv0,mode);
1135 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1136 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1138 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1140 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1142 if (get_Protocol() >= PROTOCOL_NT1) {
1143 SSVAL(req->outbuf, smb_flg2,
1144 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1147 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1148 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1151 TALLOC_FREE(smb_fname);
1153 END_PROFILE(SMBgetatr);
1157 /****************************************************************************
1159 ****************************************************************************/
1161 void reply_setatr(struct smb_request *req)
1163 struct smb_file_time ft;
1164 connection_struct *conn = req->conn;
1165 struct smb_filename *smb_fname = NULL;
1171 TALLOC_CTX *ctx = talloc_tos();
1173 START_PROFILE(SMBsetatr);
1178 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1182 p = (const char *)req->buf + 1;
1183 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1184 if (!NT_STATUS_IS_OK(status)) {
1185 reply_nterror(req, status);
1189 status = filename_convert(ctx,
1191 req->flags2 & FLAGS2_DFS_PATHNAMES,
1196 if (!NT_STATUS_IS_OK(status)) {
1197 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1198 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1199 ERRSRV, ERRbadpath);
1202 reply_nterror(req, status);
1206 if (smb_fname->base_name[0] == '.' &&
1207 smb_fname->base_name[1] == '\0') {
1209 * Not sure here is the right place to catch this
1210 * condition. Might be moved to somewhere else later -- vl
1212 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1216 mode = SVAL(req->vwv+0, 0);
1217 mtime = srv_make_unix_date3(req->vwv+1);
1219 ft.mtime = convert_time_t_to_timespec(mtime);
1220 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1221 if (!NT_STATUS_IS_OK(status)) {
1222 reply_nterror(req, status);
1226 if (mode != FILE_ATTRIBUTE_NORMAL) {
1227 if (VALID_STAT_OF_DIR(smb_fname->st))
1232 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1234 reply_nterror(req, map_nt_error_from_unix(errno));
1239 reply_outbuf(req, 0, 0);
1241 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1244 TALLOC_FREE(smb_fname);
1245 END_PROFILE(SMBsetatr);
1249 /****************************************************************************
1251 ****************************************************************************/
1253 void reply_dskattr(struct smb_request *req)
1255 connection_struct *conn = req->conn;
1256 uint64_t dfree,dsize,bsize;
1257 START_PROFILE(SMBdskattr);
1259 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1260 reply_nterror(req, map_nt_error_from_unix(errno));
1261 END_PROFILE(SMBdskattr);
1265 reply_outbuf(req, 5, 0);
1267 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1268 double total_space, free_space;
1269 /* we need to scale this to a number that DOS6 can handle. We
1270 use floating point so we can handle large drives on systems
1271 that don't have 64 bit integers
1273 we end up displaying a maximum of 2G to DOS systems
1275 total_space = dsize * (double)bsize;
1276 free_space = dfree * (double)bsize;
1278 dsize = (uint64_t)((total_space+63*512) / (64*512));
1279 dfree = (uint64_t)((free_space+63*512) / (64*512));
1281 if (dsize > 0xFFFF) dsize = 0xFFFF;
1282 if (dfree > 0xFFFF) dfree = 0xFFFF;
1284 SSVAL(req->outbuf,smb_vwv0,dsize);
1285 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1286 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1287 SSVAL(req->outbuf,smb_vwv3,dfree);
1289 SSVAL(req->outbuf,smb_vwv0,dsize);
1290 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1291 SSVAL(req->outbuf,smb_vwv2,512);
1292 SSVAL(req->outbuf,smb_vwv3,dfree);
1295 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1297 END_PROFILE(SMBdskattr);
1302 * Utility function to split the filename from the directory.
1304 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1305 char **fname_dir_out,
1306 char **fname_mask_out)
1308 const char *p = NULL;
1309 char *fname_dir = NULL;
1310 char *fname_mask = NULL;
1312 p = strrchr_m(fname_in, '/');
1314 fname_dir = talloc_strdup(ctx, ".");
1315 fname_mask = talloc_strdup(ctx, fname_in);
1317 fname_dir = talloc_strndup(ctx, fname_in,
1318 PTR_DIFF(p, fname_in));
1319 fname_mask = talloc_strdup(ctx, p+1);
1322 if (!fname_dir || !fname_mask) {
1323 TALLOC_FREE(fname_dir);
1324 TALLOC_FREE(fname_mask);
1325 return NT_STATUS_NO_MEMORY;
1328 *fname_dir_out = fname_dir;
1329 *fname_mask_out = fname_mask;
1330 return NT_STATUS_OK;
1333 /****************************************************************************
1335 Can be called from SMBsearch, SMBffirst or SMBfunique.
1336 ****************************************************************************/
1338 void reply_search(struct smb_request *req)
1340 connection_struct *conn = req->conn;
1342 const char *mask = NULL;
1343 char *directory = NULL;
1344 struct smb_filename *smb_fname = NULL;
1348 struct timespec date;
1350 unsigned int numentries = 0;
1351 unsigned int maxentries = 0;
1352 bool finished = False;
1357 bool check_descend = False;
1358 bool expect_close = False;
1360 bool mask_contains_wcard = False;
1361 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1362 TALLOC_CTX *ctx = talloc_tos();
1363 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1364 struct dptr_struct *dirptr = NULL;
1365 struct smbd_server_connection *sconn = smbd_server_conn;
1367 START_PROFILE(SMBsearch);
1370 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1374 if (lp_posix_pathnames()) {
1375 reply_unknown_new(req, req->cmd);
1379 /* If we were called as SMBffirst then we must expect close. */
1380 if(req->cmd == SMBffirst) {
1381 expect_close = True;
1384 reply_outbuf(req, 1, 3);
1385 maxentries = SVAL(req->vwv+0, 0);
1386 dirtype = SVAL(req->vwv+1, 0);
1387 p = (const char *)req->buf + 1;
1388 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1389 &nt_status, &mask_contains_wcard);
1390 if (!NT_STATUS_IS_OK(nt_status)) {
1391 reply_nterror(req, nt_status);
1396 status_len = SVAL(p, 0);
1399 /* dirtype &= ~aDIR; */
1401 if (status_len == 0) {
1402 nt_status = filename_convert(ctx, conn,
1403 req->flags2 & FLAGS2_DFS_PATHNAMES,
1405 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1406 &mask_contains_wcard,
1408 if (!NT_STATUS_IS_OK(nt_status)) {
1409 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1410 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1411 ERRSRV, ERRbadpath);
1414 reply_nterror(req, nt_status);
1418 directory = smb_fname->base_name;
1420 p = strrchr_m(directory,'/');
1421 if ((p != NULL) && (*directory != '/')) {
1423 directory = talloc_strndup(ctx, directory,
1424 PTR_DIFF(p, directory));
1427 directory = talloc_strdup(ctx,".");
1431 reply_nterror(req, NT_STATUS_NO_MEMORY);
1435 memset((char *)status,'\0',21);
1436 SCVAL(status,0,(dirtype & 0x1F));
1438 nt_status = dptr_create(conn,
1444 mask_contains_wcard,
1447 if (!NT_STATUS_IS_OK(nt_status)) {
1448 reply_nterror(req, nt_status);
1451 dptr_num = dptr_dnum(dirptr);
1454 const char *dirpath;
1456 memcpy(status,p,21);
1457 status_dirtype = CVAL(status,0) & 0x1F;
1458 if (status_dirtype != (dirtype & 0x1F)) {
1459 dirtype = status_dirtype;
1462 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1466 dirpath = dptr_path(sconn, dptr_num);
1467 directory = talloc_strdup(ctx, dirpath);
1469 reply_nterror(req, NT_STATUS_NO_MEMORY);
1473 mask = dptr_wcard(sconn, dptr_num);
1478 * For a 'continue' search we have no string. So
1479 * check from the initial saved string.
1481 mask_contains_wcard = ms_has_wild(mask);
1482 dirtype = dptr_attr(sconn, dptr_num);
1485 DEBUG(4,("dptr_num is %d\n",dptr_num));
1487 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1488 dptr_init_search_op(dirptr);
1490 if ((dirtype&0x1F) == aVOLID) {
1491 char buf[DIR_STRUCT_SIZE];
1492 memcpy(buf,status,21);
1493 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1494 0,aVOLID,0,!allow_long_path_components)) {
1495 reply_nterror(req, NT_STATUS_NO_MEMORY);
1498 dptr_fill(sconn, buf+12,dptr_num);
1499 if (dptr_zero(buf+12) && (status_len==0)) {
1504 if (message_push_blob(&req->outbuf,
1505 data_blob_const(buf, sizeof(buf)))
1507 reply_nterror(req, NT_STATUS_NO_MEMORY);
1515 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1518 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1519 directory,lp_dontdescend(SNUM(conn))));
1520 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1521 check_descend = True;
1524 for (i=numentries;(i<maxentries) && !finished;i++) {
1525 finished = !get_dir_entry(ctx,
1536 char buf[DIR_STRUCT_SIZE];
1537 memcpy(buf,status,21);
1538 if (!make_dir_struct(ctx,
1544 convert_timespec_to_time_t(date),
1545 !allow_long_path_components)) {
1546 reply_nterror(req, NT_STATUS_NO_MEMORY);
1549 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1552 if (message_push_blob(&req->outbuf,
1553 data_blob_const(buf, sizeof(buf)))
1555 reply_nterror(req, NT_STATUS_NO_MEMORY);
1565 /* If we were called as SMBffirst with smb_search_id == NULL
1566 and no entries were found then return error and close dirptr
1569 if (numentries == 0) {
1570 dptr_close(sconn, &dptr_num);
1571 } else if(expect_close && status_len == 0) {
1572 /* Close the dptr - we know it's gone */
1573 dptr_close(sconn, &dptr_num);
1576 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1577 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1578 dptr_close(sconn, &dptr_num);
1581 if ((numentries == 0) && !mask_contains_wcard) {
1582 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1586 SSVAL(req->outbuf,smb_vwv0,numentries);
1587 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1588 SCVAL(smb_buf(req->outbuf),0,5);
1589 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1591 /* The replies here are never long name. */
1592 SSVAL(req->outbuf, smb_flg2,
1593 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1594 if (!allow_long_path_components) {
1595 SSVAL(req->outbuf, smb_flg2,
1596 SVAL(req->outbuf, smb_flg2)
1597 & (~FLAGS2_LONG_PATH_COMPONENTS));
1600 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1601 SSVAL(req->outbuf, smb_flg2,
1602 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1604 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1605 smb_fn_name(req->cmd),
1612 TALLOC_FREE(directory);
1613 TALLOC_FREE(smb_fname);
1614 END_PROFILE(SMBsearch);
1618 /****************************************************************************
1619 Reply to a fclose (stop directory search).
1620 ****************************************************************************/
1622 void reply_fclose(struct smb_request *req)
1630 bool path_contains_wcard = False;
1631 TALLOC_CTX *ctx = talloc_tos();
1632 struct smbd_server_connection *sconn = smbd_server_conn;
1634 START_PROFILE(SMBfclose);
1636 if (lp_posix_pathnames()) {
1637 reply_unknown_new(req, req->cmd);
1638 END_PROFILE(SMBfclose);
1642 p = (const char *)req->buf + 1;
1643 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1644 &err, &path_contains_wcard);
1645 if (!NT_STATUS_IS_OK(err)) {
1646 reply_nterror(req, err);
1647 END_PROFILE(SMBfclose);
1651 status_len = SVAL(p,0);
1654 if (status_len == 0) {
1655 reply_doserror(req, ERRSRV, ERRsrverror);
1656 END_PROFILE(SMBfclose);
1660 memcpy(status,p,21);
1662 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1663 /* Close the dptr - we know it's gone */
1664 dptr_close(sconn, &dptr_num);
1667 reply_outbuf(req, 1, 0);
1668 SSVAL(req->outbuf,smb_vwv0,0);
1670 DEBUG(3,("search close\n"));
1672 END_PROFILE(SMBfclose);
1676 /****************************************************************************
1678 ****************************************************************************/
1680 void reply_open(struct smb_request *req)
1682 connection_struct *conn = req->conn;
1683 struct smb_filename *smb_fname = NULL;
1695 uint32 create_disposition;
1696 uint32 create_options = 0;
1698 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1699 TALLOC_CTX *ctx = talloc_tos();
1701 START_PROFILE(SMBopen);
1704 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1708 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1709 deny_mode = SVAL(req->vwv+0, 0);
1710 dos_attr = SVAL(req->vwv+1, 0);
1712 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1713 STR_TERMINATE, &status);
1714 if (!NT_STATUS_IS_OK(status)) {
1715 reply_nterror(req, status);
1719 status = filename_convert(ctx,
1721 req->flags2 & FLAGS2_DFS_PATHNAMES,
1726 if (!NT_STATUS_IS_OK(status)) {
1727 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1728 reply_botherror(req,
1729 NT_STATUS_PATH_NOT_COVERED,
1730 ERRSRV, ERRbadpath);
1733 reply_nterror(req, status);
1737 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1738 OPENX_FILE_EXISTS_OPEN, &access_mask,
1739 &share_mode, &create_disposition,
1741 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1745 status = SMB_VFS_CREATE_FILE(
1748 0, /* root_dir_fid */
1749 smb_fname, /* fname */
1750 access_mask, /* access_mask */
1751 share_mode, /* share_access */
1752 create_disposition, /* create_disposition*/
1753 create_options, /* create_options */
1754 dos_attr, /* file_attributes */
1755 oplock_request, /* oplock_request */
1756 0, /* allocation_size */
1762 if (!NT_STATUS_IS_OK(status)) {
1763 if (open_was_deferred(req->mid)) {
1764 /* We have re-scheduled this call. */
1767 reply_openerror(req, status);
1771 size = smb_fname->st.st_ex_size;
1772 fattr = dos_mode(conn, smb_fname);
1774 /* Deal with other possible opens having a modified
1776 if (ask_sharemode) {
1777 struct timespec write_time_ts;
1779 ZERO_STRUCT(write_time_ts);
1780 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1781 if (!null_timespec(write_time_ts)) {
1782 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1786 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1789 DEBUG(3,("attempt to open a directory %s\n",
1791 close_file(req, fsp, ERROR_CLOSE);
1792 reply_doserror(req, ERRDOS,ERRnoaccess);
1796 reply_outbuf(req, 7, 0);
1797 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1798 SSVAL(req->outbuf,smb_vwv1,fattr);
1799 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1800 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1802 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1804 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1805 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1807 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1808 SCVAL(req->outbuf,smb_flg,
1809 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1812 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1813 SCVAL(req->outbuf,smb_flg,
1814 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1817 TALLOC_FREE(smb_fname);
1818 END_PROFILE(SMBopen);
1822 /****************************************************************************
1823 Reply to an open and X.
1824 ****************************************************************************/
1826 void reply_open_and_X(struct smb_request *req)
1828 connection_struct *conn = req->conn;
1829 struct smb_filename *smb_fname = NULL;
1834 /* Breakout the oplock request bits so we can set the
1835 reply bits separately. */
1836 int ex_oplock_request;
1837 int core_oplock_request;
1840 int smb_sattr = SVAL(req->vwv+4, 0);
1841 uint32 smb_time = make_unix_date3(req->vwv+6);
1849 uint64_t allocation_size;
1850 ssize_t retval = -1;
1853 uint32 create_disposition;
1854 uint32 create_options = 0;
1855 TALLOC_CTX *ctx = talloc_tos();
1857 START_PROFILE(SMBopenX);
1859 if (req->wct < 15) {
1860 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1864 open_flags = SVAL(req->vwv+2, 0);
1865 deny_mode = SVAL(req->vwv+3, 0);
1866 smb_attr = SVAL(req->vwv+5, 0);
1867 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1868 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1869 oplock_request = ex_oplock_request | core_oplock_request;
1870 smb_ofun = SVAL(req->vwv+8, 0);
1871 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1873 /* If it's an IPC, pass off the pipe handler. */
1875 if (lp_nt_pipe_support()) {
1876 reply_open_pipe_and_X(conn, req);
1878 reply_doserror(req, ERRSRV, ERRaccess);
1883 /* XXXX we need to handle passed times, sattr and flags */
1884 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1885 STR_TERMINATE, &status);
1886 if (!NT_STATUS_IS_OK(status)) {
1887 reply_nterror(req, status);
1891 status = filename_convert(ctx,
1893 req->flags2 & FLAGS2_DFS_PATHNAMES,
1898 if (!NT_STATUS_IS_OK(status)) {
1899 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1900 reply_botherror(req,
1901 NT_STATUS_PATH_NOT_COVERED,
1902 ERRSRV, ERRbadpath);
1905 reply_nterror(req, status);
1909 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1910 &access_mask, &share_mode,
1911 &create_disposition,
1913 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1917 status = SMB_VFS_CREATE_FILE(
1920 0, /* root_dir_fid */
1921 smb_fname, /* fname */
1922 access_mask, /* access_mask */
1923 share_mode, /* share_access */
1924 create_disposition, /* create_disposition*/
1925 create_options, /* create_options */
1926 smb_attr, /* file_attributes */
1927 oplock_request, /* oplock_request */
1928 0, /* allocation_size */
1932 &smb_action); /* pinfo */
1934 if (!NT_STATUS_IS_OK(status)) {
1935 if (open_was_deferred(req->mid)) {
1936 /* We have re-scheduled this call. */
1939 reply_openerror(req, status);
1943 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1944 if the file is truncated or created. */
1945 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1946 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1947 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1948 close_file(req, fsp, ERROR_CLOSE);
1949 reply_nterror(req, NT_STATUS_DISK_FULL);
1952 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1954 close_file(req, fsp, ERROR_CLOSE);
1955 reply_nterror(req, NT_STATUS_DISK_FULL);
1958 smb_fname->st.st_ex_size =
1959 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1962 fattr = dos_mode(conn, smb_fname);
1963 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1965 close_file(req, fsp, ERROR_CLOSE);
1966 reply_doserror(req, ERRDOS, ERRnoaccess);
1970 /* If the caller set the extended oplock request bit
1971 and we granted one (by whatever means) - set the
1972 correct bit for extended oplock reply.
1975 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1976 smb_action |= EXTENDED_OPLOCK_GRANTED;
1979 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1980 smb_action |= EXTENDED_OPLOCK_GRANTED;
1983 /* If the caller set the core oplock request bit
1984 and we granted one (by whatever means) - set the
1985 correct bit for core oplock reply.
1988 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1989 reply_outbuf(req, 19, 0);
1991 reply_outbuf(req, 15, 0);
1994 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1995 SCVAL(req->outbuf, smb_flg,
1996 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1999 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2000 SCVAL(req->outbuf, smb_flg,
2001 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2004 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2005 SSVAL(req->outbuf,smb_vwv3,fattr);
2006 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2007 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2009 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2011 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2012 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2013 SSVAL(req->outbuf,smb_vwv11,smb_action);
2015 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2016 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
2021 TALLOC_FREE(smb_fname);
2022 END_PROFILE(SMBopenX);
2026 /****************************************************************************
2027 Reply to a SMBulogoffX.
2028 ****************************************************************************/
2030 void reply_ulogoffX(struct smb_request *req)
2032 struct smbd_server_connection *sconn = smbd_server_conn;
2035 START_PROFILE(SMBulogoffX);
2037 vuser = get_valid_user_struct(sconn, req->vuid);
2040 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2044 /* in user level security we are supposed to close any files
2045 open by this user */
2046 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2047 file_close_user(req->vuid);
2050 invalidate_vuid(sconn, req->vuid);
2052 reply_outbuf(req, 2, 0);
2054 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2056 END_PROFILE(SMBulogoffX);
2057 req->vuid = UID_FIELD_INVALID;
2061 /****************************************************************************
2062 Reply to a mknew or a create.
2063 ****************************************************************************/
2065 void reply_mknew(struct smb_request *req)
2067 connection_struct *conn = req->conn;
2068 struct smb_filename *smb_fname = NULL;
2071 struct smb_file_time ft;
2073 int oplock_request = 0;
2075 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2076 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2077 uint32 create_disposition;
2078 uint32 create_options = 0;
2079 TALLOC_CTX *ctx = talloc_tos();
2081 START_PROFILE(SMBcreate);
2085 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2089 fattr = SVAL(req->vwv+0, 0);
2090 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2093 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2095 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2096 STR_TERMINATE, &status);
2097 if (!NT_STATUS_IS_OK(status)) {
2098 reply_nterror(req, status);
2102 status = filename_convert(ctx,
2104 req->flags2 & FLAGS2_DFS_PATHNAMES,
2109 if (!NT_STATUS_IS_OK(status)) {
2110 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2111 reply_botherror(req,
2112 NT_STATUS_PATH_NOT_COVERED,
2113 ERRSRV, ERRbadpath);
2116 reply_nterror(req, status);
2120 if (fattr & aVOLID) {
2121 DEBUG(0,("Attempt to create file (%s) with volid set - "
2122 "please report this\n",
2123 smb_fname_str_dbg(smb_fname)));
2126 if(req->cmd == SMBmknew) {
2127 /* We should fail if file exists. */
2128 create_disposition = FILE_CREATE;
2130 /* Create if file doesn't exist, truncate if it does. */
2131 create_disposition = FILE_OVERWRITE_IF;
2134 status = SMB_VFS_CREATE_FILE(
2137 0, /* root_dir_fid */
2138 smb_fname, /* fname */
2139 access_mask, /* access_mask */
2140 share_mode, /* share_access */
2141 create_disposition, /* create_disposition*/
2142 create_options, /* create_options */
2143 fattr, /* file_attributes */
2144 oplock_request, /* oplock_request */
2145 0, /* allocation_size */
2151 if (!NT_STATUS_IS_OK(status)) {
2152 if (open_was_deferred(req->mid)) {
2153 /* We have re-scheduled this call. */
2156 reply_openerror(req, status);
2160 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2161 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2162 if (!NT_STATUS_IS_OK(status)) {
2163 END_PROFILE(SMBcreate);
2167 reply_outbuf(req, 1, 0);
2168 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2170 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2171 SCVAL(req->outbuf,smb_flg,
2172 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2175 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2176 SCVAL(req->outbuf,smb_flg,
2177 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2180 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2181 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2182 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2183 (unsigned int)fattr));
2186 TALLOC_FREE(smb_fname);
2187 END_PROFILE(SMBcreate);
2191 /****************************************************************************
2192 Reply to a create temporary file.
2193 ****************************************************************************/
2195 void reply_ctemp(struct smb_request *req)
2197 connection_struct *conn = req->conn;
2198 struct smb_filename *smb_fname = NULL;
2206 TALLOC_CTX *ctx = talloc_tos();
2208 START_PROFILE(SMBctemp);
2211 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2215 fattr = SVAL(req->vwv+0, 0);
2216 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2218 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2219 STR_TERMINATE, &status);
2220 if (!NT_STATUS_IS_OK(status)) {
2221 reply_nterror(req, status);
2225 fname = talloc_asprintf(ctx,
2229 fname = talloc_strdup(ctx, "TMXXXXXX");
2233 reply_nterror(req, NT_STATUS_NO_MEMORY);
2237 status = filename_convert(ctx, conn,
2238 req->flags2 & FLAGS2_DFS_PATHNAMES,
2243 if (!NT_STATUS_IS_OK(status)) {
2244 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2245 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2246 ERRSRV, ERRbadpath);
2249 reply_nterror(req, status);
2253 tmpfd = mkstemp(smb_fname->base_name);
2255 reply_nterror(req, map_nt_error_from_unix(errno));
2259 SMB_VFS_STAT(conn, smb_fname);
2261 /* We should fail if file does not exist. */
2262 status = SMB_VFS_CREATE_FILE(
2265 0, /* root_dir_fid */
2266 smb_fname, /* fname */
2267 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2268 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2269 FILE_OPEN, /* create_disposition*/
2270 0, /* create_options */
2271 fattr, /* file_attributes */
2272 oplock_request, /* oplock_request */
2273 0, /* allocation_size */
2279 /* close fd from mkstemp() */
2282 if (!NT_STATUS_IS_OK(status)) {
2283 if (open_was_deferred(req->mid)) {
2284 /* We have re-scheduled this call. */
2287 reply_openerror(req, status);
2291 reply_outbuf(req, 1, 0);
2292 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2294 /* the returned filename is relative to the directory */
2295 s = strrchr_m(fsp->fsp_name->base_name, '/');
2297 s = fsp->fsp_name->base_name;
2303 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2304 thing in the byte section. JRA */
2305 SSVALS(p, 0, -1); /* what is this? not in spec */
2307 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2309 reply_nterror(req, NT_STATUS_NO_MEMORY);
2313 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2314 SCVAL(req->outbuf, smb_flg,
2315 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2318 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2319 SCVAL(req->outbuf, smb_flg,
2320 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2323 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2324 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2325 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2327 TALLOC_FREE(smb_fname);
2328 END_PROFILE(SMBctemp);
2332 /*******************************************************************
2333 Check if a user is allowed to rename a file.
2334 ********************************************************************/
2336 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2341 if (!CAN_WRITE(conn)) {
2342 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2345 fmode = dos_mode(conn, fsp->fsp_name);
2346 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2347 return NT_STATUS_NO_SUCH_FILE;
2350 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2351 if (fsp->posix_open) {
2352 return NT_STATUS_OK;
2355 /* If no pathnames are open below this
2356 directory, allow the rename. */
2358 if (file_find_subpath(fsp)) {
2359 return NT_STATUS_ACCESS_DENIED;
2361 return NT_STATUS_OK;
2364 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2365 return NT_STATUS_OK;
2368 return NT_STATUS_ACCESS_DENIED;
2371 /*******************************************************************
2372 * unlink a file with all relevant access checks
2373 *******************************************************************/
2375 static NTSTATUS do_unlink(connection_struct *conn,
2376 struct smb_request *req,
2377 struct smb_filename *smb_fname,
2382 uint32 dirtype_orig = dirtype;
2385 bool posix_paths = lp_posix_pathnames();
2387 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2388 smb_fname_str_dbg(smb_fname),
2391 if (!CAN_WRITE(conn)) {
2392 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2396 ret = SMB_VFS_LSTAT(conn, smb_fname);
2398 ret = SMB_VFS_LSTAT(conn, smb_fname);
2401 return map_nt_error_from_unix(errno);
2404 fattr = dos_mode(conn, smb_fname);
2406 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2407 dirtype = aDIR|aARCH|aRONLY;
2410 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2412 return NT_STATUS_NO_SUCH_FILE;
2415 if (!dir_check_ftype(conn, fattr, dirtype)) {
2417 return NT_STATUS_FILE_IS_A_DIRECTORY;
2419 return NT_STATUS_NO_SUCH_FILE;
2422 if (dirtype_orig & 0x8000) {
2423 /* These will never be set for POSIX. */
2424 return NT_STATUS_NO_SUCH_FILE;
2428 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2429 return NT_STATUS_FILE_IS_A_DIRECTORY;
2432 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2433 return NT_STATUS_NO_SUCH_FILE;
2436 if (dirtype & 0xFF00) {
2437 /* These will never be set for POSIX. */
2438 return NT_STATUS_NO_SUCH_FILE;
2443 return NT_STATUS_NO_SUCH_FILE;
2446 /* Can't delete a directory. */
2448 return NT_STATUS_FILE_IS_A_DIRECTORY;
2453 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2454 return NT_STATUS_OBJECT_NAME_INVALID;
2455 #endif /* JRATEST */
2457 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2459 On a Windows share, a file with read-only dosmode can be opened with
2460 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2461 fails with NT_STATUS_CANNOT_DELETE error.
2463 This semantic causes a problem that a user can not
2464 rename a file with read-only dosmode on a Samba share
2465 from a Windows command prompt (i.e. cmd.exe, but can rename
2466 from Windows Explorer).
2469 if (!lp_delete_readonly(SNUM(conn))) {
2470 if (fattr & aRONLY) {
2471 return NT_STATUS_CANNOT_DELETE;
2475 /* On open checks the open itself will check the share mode, so
2476 don't do it here as we'll get it wrong. */
2478 status = SMB_VFS_CREATE_FILE
2481 0, /* root_dir_fid */
2482 smb_fname, /* fname */
2483 DELETE_ACCESS, /* access_mask */
2484 FILE_SHARE_NONE, /* share_access */
2485 FILE_OPEN, /* create_disposition*/
2486 FILE_NON_DIRECTORY_FILE, /* create_options */
2487 /* file_attributes */
2488 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2489 FILE_ATTRIBUTE_NORMAL,
2490 0, /* oplock_request */
2491 0, /* allocation_size */
2497 if (!NT_STATUS_IS_OK(status)) {
2498 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2499 nt_errstr(status)));
2503 /* The set is across all open files on this dev/inode pair. */
2504 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2505 close_file(req, fsp, NORMAL_CLOSE);
2506 return NT_STATUS_ACCESS_DENIED;
2509 return close_file(req, fsp, NORMAL_CLOSE);
2512 /****************************************************************************
2513 The guts of the unlink command, split out so it may be called by the NT SMB
2515 ****************************************************************************/
2517 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2518 uint32 dirtype, struct smb_filename *smb_fname,
2521 char *fname_dir = NULL;
2522 char *fname_mask = NULL;
2524 NTSTATUS status = NT_STATUS_OK;
2525 TALLOC_CTX *ctx = talloc_tos();
2527 /* Split up the directory from the filename/mask. */
2528 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2529 &fname_dir, &fname_mask);
2530 if (!NT_STATUS_IS_OK(status)) {
2535 * We should only check the mangled cache
2536 * here if unix_convert failed. This means
2537 * that the path in 'mask' doesn't exist
2538 * on the file system and so we need to look
2539 * for a possible mangle. This patch from
2540 * Tine Smukavec <valentin.smukavec@hermes.si>.
2543 if (!VALID_STAT(smb_fname->st) &&
2544 mangle_is_mangled(fname_mask, conn->params)) {
2545 char *new_mask = NULL;
2546 mangle_lookup_name_from_8_3(ctx, fname_mask,
2547 &new_mask, conn->params);
2549 TALLOC_FREE(fname_mask);
2550 fname_mask = new_mask;
2557 * Only one file needs to be unlinked. Append the mask back
2558 * onto the directory.
2560 TALLOC_FREE(smb_fname->base_name);
2561 smb_fname->base_name = talloc_asprintf(smb_fname,
2565 if (!smb_fname->base_name) {
2566 status = NT_STATUS_NO_MEMORY;
2570 dirtype = FILE_ATTRIBUTE_NORMAL;
2573 status = check_name(conn, smb_fname->base_name);
2574 if (!NT_STATUS_IS_OK(status)) {
2578 status = do_unlink(conn, req, smb_fname, dirtype);
2579 if (!NT_STATUS_IS_OK(status)) {
2585 struct smb_Dir *dir_hnd = NULL;
2589 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2590 status = NT_STATUS_OBJECT_NAME_INVALID;
2594 if (strequal(fname_mask,"????????.???")) {
2595 TALLOC_FREE(fname_mask);
2596 fname_mask = talloc_strdup(ctx, "*");
2598 status = NT_STATUS_NO_MEMORY;
2603 status = check_name(conn, fname_dir);
2604 if (!NT_STATUS_IS_OK(status)) {
2608 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2610 if (dir_hnd == NULL) {
2611 status = map_nt_error_from_unix(errno);
2615 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2616 the pattern matches against the long name, otherwise the short name
2617 We don't implement this yet XXXX
2620 status = NT_STATUS_NO_SUCH_FILE;
2622 while ((dname = ReadDirName(dir_hnd, &offset,
2624 TALLOC_CTX *frame = talloc_stackframe();
2626 if (!is_visible_file(conn, fname_dir, dname,
2627 &smb_fname->st, true)) {
2633 /* Quick check for "." and ".." */
2634 if (ISDOT(dname) || ISDOTDOT(dname)) {
2640 if(!mask_match(dname, fname_mask,
2641 conn->case_sensitive)) {
2647 TALLOC_FREE(smb_fname->base_name);
2648 smb_fname->base_name =
2649 talloc_asprintf(smb_fname, "%s/%s",
2652 if (!smb_fname->base_name) {
2653 TALLOC_FREE(dir_hnd);
2654 status = NT_STATUS_NO_MEMORY;
2660 status = check_name(conn, smb_fname->base_name);
2661 if (!NT_STATUS_IS_OK(status)) {
2662 TALLOC_FREE(dir_hnd);
2668 status = do_unlink(conn, req, smb_fname, dirtype);
2669 if (!NT_STATUS_IS_OK(status)) {
2676 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2677 smb_fname->base_name));
2682 TALLOC_FREE(dir_hnd);
2685 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2686 status = map_nt_error_from_unix(errno);
2690 TALLOC_FREE(fname_dir);
2691 TALLOC_FREE(fname_mask);
2695 /****************************************************************************
2697 ****************************************************************************/
2699 void reply_unlink(struct smb_request *req)
2701 connection_struct *conn = req->conn;
2703 struct smb_filename *smb_fname = NULL;
2706 bool path_contains_wcard = False;
2707 TALLOC_CTX *ctx = talloc_tos();
2709 START_PROFILE(SMBunlink);
2712 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2716 dirtype = SVAL(req->vwv+0, 0);
2718 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2719 STR_TERMINATE, &status,
2720 &path_contains_wcard);
2721 if (!NT_STATUS_IS_OK(status)) {
2722 reply_nterror(req, status);
2726 status = filename_convert(ctx, conn,
2727 req->flags2 & FLAGS2_DFS_PATHNAMES,
2729 UCF_COND_ALLOW_WCARD_LCOMP,
2730 &path_contains_wcard,
2732 if (!NT_STATUS_IS_OK(status)) {
2733 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2734 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2735 ERRSRV, ERRbadpath);
2738 reply_nterror(req, status);
2742 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2744 status = unlink_internals(conn, req, dirtype, smb_fname,
2745 path_contains_wcard);
2746 if (!NT_STATUS_IS_OK(status)) {
2747 if (open_was_deferred(req->mid)) {
2748 /* We have re-scheduled this call. */
2751 reply_nterror(req, status);
2755 reply_outbuf(req, 0, 0);
2757 TALLOC_FREE(smb_fname);
2758 END_PROFILE(SMBunlink);
2762 /****************************************************************************
2764 ****************************************************************************/
2766 static void fail_readraw(void)
2768 const char *errstr = talloc_asprintf(talloc_tos(),
2769 "FAIL ! reply_readbraw: socket write fail (%s)",
2774 exit_server_cleanly(errstr);
2777 /****************************************************************************
2778 Fake (read/write) sendfile. Returns -1 on read or write fail.
2779 ****************************************************************************/
2781 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2785 size_t tosend = nread;
2792 bufsize = MIN(nread, 65536);
2794 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2798 while (tosend > 0) {
2802 if (tosend > bufsize) {
2807 ret = read_file(fsp,buf,startpos,cur_read);
2813 /* If we had a short read, fill with zeros. */
2814 if (ret < cur_read) {
2815 memset(buf + ret, '\0', cur_read - ret);
2818 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2823 startpos += cur_read;
2827 return (ssize_t)nread;
2830 #if defined(WITH_SENDFILE)
2831 /****************************************************************************
2832 Deal with the case of sendfile reading less bytes from the file than
2833 requested. Fill with zeros (all we can do).
2834 ****************************************************************************/
2836 static void sendfile_short_send(files_struct *fsp,
2841 #define SHORT_SEND_BUFSIZE 1024
2842 if (nread < headersize) {
2843 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2844 "header for file %s (%s). Terminating\n",
2845 fsp_str_dbg(fsp), strerror(errno)));
2846 exit_server_cleanly("sendfile_short_send failed");
2849 nread -= headersize;
2851 if (nread < smb_maxcnt) {
2852 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2854 exit_server_cleanly("sendfile_short_send: "
2858 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2859 "with zeros !\n", fsp_str_dbg(fsp)));
2861 while (nread < smb_maxcnt) {
2863 * We asked for the real file size and told sendfile
2864 * to not go beyond the end of the file. But it can
2865 * happen that in between our fstat call and the
2866 * sendfile call the file was truncated. This is very
2867 * bad because we have already announced the larger
2868 * number of bytes to the client.
2870 * The best we can do now is to send 0-bytes, just as
2871 * a read from a hole in a sparse file would do.
2873 * This should happen rarely enough that I don't care
2874 * about efficiency here :-)
2878 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2879 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2880 exit_server_cleanly("sendfile_short_send: "
2881 "write_data failed");
2888 #endif /* defined WITH_SENDFILE */
2890 /****************************************************************************
2891 Return a readbraw error (4 bytes of zero).
2892 ****************************************************************************/
2894 static void reply_readbraw_error(void)
2898 if (write_data(smbd_server_fd(),header,4) != 4) {
2903 /****************************************************************************
2904 Use sendfile in readbraw.
2905 ****************************************************************************/
2907 static void send_file_readbraw(connection_struct *conn,
2908 struct smb_request *req,
2914 char *outbuf = NULL;
2917 #if defined(WITH_SENDFILE)
2919 * We can only use sendfile on a non-chained packet
2920 * but we can use on a non-oplocked file. tridge proved this
2921 * on a train in Germany :-). JRA.
2922 * reply_readbraw has already checked the length.
2925 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2926 (fsp->wcp == NULL) &&
2927 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
2928 ssize_t sendfile_read = -1;
2930 DATA_BLOB header_blob;
2932 _smb_setlen(header,nread);
2933 header_blob = data_blob_const(header, 4);
2935 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2936 &header_blob, startpos, nread)) == -1) {
2937 /* Returning ENOSYS means no data at all was sent.
2938 * Do this as a normal read. */
2939 if (errno == ENOSYS) {
2940 goto normal_readbraw;
2944 * Special hack for broken Linux with no working sendfile. If we
2945 * return EINTR we sent the header but not the rest of the data.
2946 * Fake this up by doing read/write calls.
2948 if (errno == EINTR) {
2949 /* Ensure we don't do this again. */
2950 set_use_sendfile(SNUM(conn), False);
2951 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2953 if (fake_sendfile(fsp, startpos, nread) == -1) {
2954 DEBUG(0,("send_file_readbraw: "
2955 "fake_sendfile failed for "
2959 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2964 DEBUG(0,("send_file_readbraw: sendfile failed for "
2965 "file %s (%s). Terminating\n",
2966 fsp_str_dbg(fsp), strerror(errno)));
2967 exit_server_cleanly("send_file_readbraw sendfile failed");
2968 } else if (sendfile_read == 0) {
2970 * Some sendfile implementations return 0 to indicate
2971 * that there was a short read, but nothing was
2972 * actually written to the socket. In this case,
2973 * fallback to the normal read path so the header gets
2974 * the correct byte count.
2976 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2977 "bytes falling back to the normal read: "
2978 "%s\n", fsp_str_dbg(fsp)));
2979 goto normal_readbraw;
2982 /* Deal with possible short send. */
2983 if (sendfile_read != 4+nread) {
2984 sendfile_short_send(fsp, sendfile_read, 4, nread);
2992 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2994 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2995 (unsigned)(nread+4)));
2996 reply_readbraw_error();
3001 ret = read_file(fsp,outbuf+4,startpos,nread);
3002 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3011 _smb_setlen(outbuf,ret);
3012 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
3015 TALLOC_FREE(outbuf);
3018 /****************************************************************************
3019 Reply to a readbraw (core+ protocol).
3020 ****************************************************************************/
3022 void reply_readbraw(struct smb_request *req)
3024 connection_struct *conn = req->conn;
3025 ssize_t maxcount,mincount;
3029 struct lock_struct lock;
3032 START_PROFILE(SMBreadbraw);
3034 if (srv_is_signing_active(smbd_server_conn) ||
3035 is_encrypted_packet(req->inbuf)) {
3036 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3037 "raw reads/writes are disallowed.");
3041 reply_readbraw_error();
3042 END_PROFILE(SMBreadbraw);
3047 * Special check if an oplock break has been issued
3048 * and the readraw request croses on the wire, we must
3049 * return a zero length response here.
3052 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3055 * We have to do a check_fsp by hand here, as
3056 * we must always return 4 zero bytes on error,
3060 if (!fsp || !conn || conn != fsp->conn ||
3061 req->vuid != fsp->vuid ||
3062 fsp->is_directory || fsp->fh->fd == -1) {
3064 * fsp could be NULL here so use the value from the packet. JRA.
3066 DEBUG(3,("reply_readbraw: fnum %d not valid "
3068 (int)SVAL(req->vwv+0, 0)));
3069 reply_readbraw_error();
3070 END_PROFILE(SMBreadbraw);
3074 /* Do a "by hand" version of CHECK_READ. */
3075 if (!(fsp->can_read ||
3076 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3077 (fsp->access_mask & FILE_EXECUTE)))) {
3078 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3079 (int)SVAL(req->vwv+0, 0)));
3080 reply_readbraw_error();
3081 END_PROFILE(SMBreadbraw);
3085 flush_write_cache(fsp, READRAW_FLUSH);
3087 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3088 if(req->wct == 10) {
3090 * This is a large offset (64 bit) read.
3092 #ifdef LARGE_SMB_OFF_T
3094 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3096 #else /* !LARGE_SMB_OFF_T */
3099 * Ensure we haven't been sent a >32 bit offset.
3102 if(IVAL(req->vwv+8, 0) != 0) {
3103 DEBUG(0,("reply_readbraw: large offset "
3104 "(%x << 32) used and we don't support "
3105 "64 bit offsets.\n",
3106 (unsigned int)IVAL(req->vwv+8, 0) ));
3107 reply_readbraw_error();
3108 END_PROFILE(SMBreadbraw);
3112 #endif /* LARGE_SMB_OFF_T */
3115 DEBUG(0,("reply_readbraw: negative 64 bit "
3116 "readraw offset (%.0f) !\n",
3117 (double)startpos ));
3118 reply_readbraw_error();
3119 END_PROFILE(SMBreadbraw);
3124 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3125 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3127 /* ensure we don't overrun the packet size */
3128 maxcount = MIN(65535,maxcount);
3130 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3131 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3134 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3135 reply_readbraw_error();
3136 END_PROFILE(SMBreadbraw);
3140 if (fsp_stat(fsp) == 0) {
3141 size = fsp->fsp_name->st.st_ex_size;
3144 if (startpos >= size) {
3147 nread = MIN(maxcount,(size - startpos));
3150 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3151 if (nread < mincount)
3155 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3156 "min=%lu nread=%lu\n",
3157 fsp->fnum, (double)startpos,
3158 (unsigned long)maxcount,
3159 (unsigned long)mincount,
3160 (unsigned long)nread ) );
3162 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3164 DEBUG(5,("reply_readbraw finished\n"));
3166 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3168 END_PROFILE(SMBreadbraw);
3173 #define DBGC_CLASS DBGC_LOCKING
3175 /****************************************************************************
3176 Reply to a lockread (core+ protocol).
3177 ****************************************************************************/
3179 void reply_lockread(struct smb_request *req)
3181 connection_struct *conn = req->conn;
3188 struct byte_range_lock *br_lck = NULL;
3190 struct smbd_server_connection *sconn = smbd_server_conn;
3192 START_PROFILE(SMBlockread);
3195 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3196 END_PROFILE(SMBlockread);
3200 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3202 if (!check_fsp(conn, req, fsp)) {
3203 END_PROFILE(SMBlockread);
3207 if (!CHECK_READ(fsp,req)) {
3208 reply_doserror(req, ERRDOS, ERRbadaccess);
3209 END_PROFILE(SMBlockread);
3213 numtoread = SVAL(req->vwv+1, 0);
3214 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3216 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3218 reply_outbuf(req, 5, numtoread + 3);
3220 data = smb_buf(req->outbuf) + 3;
3223 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3224 * protocol request that predates the read/write lock concept.
3225 * Thus instead of asking for a read lock here we need to ask
3226 * for a write lock. JRA.
3227 * Note that the requested lock size is unaffected by max_recv.
3230 br_lck = do_lock(smbd_messaging_context(),
3233 (uint64_t)numtoread,
3237 False, /* Non-blocking lock. */
3241 TALLOC_FREE(br_lck);
3243 if (NT_STATUS_V(status)) {
3244 reply_nterror(req, status);
3245 END_PROFILE(SMBlockread);
3250 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3253 if (numtoread > sconn->smb1.negprot.max_recv) {
3254 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3255 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3256 (unsigned int)numtoread,
3257 (unsigned int)sconn->smb1.negprot.max_recv));
3258 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3260 nread = read_file(fsp,data,startpos,numtoread);
3263 reply_nterror(req, map_nt_error_from_unix(errno));
3264 END_PROFILE(SMBlockread);
3268 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3270 SSVAL(req->outbuf,smb_vwv0,nread);
3271 SSVAL(req->outbuf,smb_vwv5,nread+3);
3272 p = smb_buf(req->outbuf);
3273 SCVAL(p,0,0); /* pad byte. */
3276 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3277 fsp->fnum, (int)numtoread, (int)nread));
3279 END_PROFILE(SMBlockread);
3284 #define DBGC_CLASS DBGC_ALL
3286 /****************************************************************************
3288 ****************************************************************************/
3290 void reply_read(struct smb_request *req)
3292 connection_struct *conn = req->conn;
3299 struct lock_struct lock;
3300 struct smbd_server_connection *sconn = smbd_server_conn;
3302 START_PROFILE(SMBread);
3305 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3306 END_PROFILE(SMBread);
3310 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3312 if (!check_fsp(conn, req, fsp)) {
3313 END_PROFILE(SMBread);
3317 if (!CHECK_READ(fsp,req)) {
3318 reply_doserror(req, ERRDOS, ERRbadaccess);
3319 END_PROFILE(SMBread);
3323 numtoread = SVAL(req->vwv+1, 0);
3324 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3326 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3329 * The requested read size cannot be greater than max_recv. JRA.
3331 if (numtoread > sconn->smb1.negprot.max_recv) {
3332 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3333 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3334 (unsigned int)numtoread,
3335 (unsigned int)sconn->smb1.negprot.max_recv));
3336 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3339 reply_outbuf(req, 5, numtoread+3);
3341 data = smb_buf(req->outbuf) + 3;
3343 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3344 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3347 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3348 reply_doserror(req, ERRDOS,ERRlock);
3349 END_PROFILE(SMBread);
3354 nread = read_file(fsp,data,startpos,numtoread);
3357 reply_nterror(req, map_nt_error_from_unix(errno));
3361 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3363 SSVAL(req->outbuf,smb_vwv0,nread);
3364 SSVAL(req->outbuf,smb_vwv5,nread+3);
3365 SCVAL(smb_buf(req->outbuf),0,1);
3366 SSVAL(smb_buf(req->outbuf),1,nread);
3368 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3369 fsp->fnum, (int)numtoread, (int)nread ) );
3372 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3374 END_PROFILE(SMBread);
3378 /****************************************************************************
3380 ****************************************************************************/
3382 static int setup_readX_header(struct smb_request *req, char *outbuf,
3388 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3389 data = smb_buf(outbuf);
3391 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3393 SCVAL(outbuf,smb_vwv0,0xFF);
3394 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3395 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3396 SSVAL(outbuf,smb_vwv6,
3398 + 1 /* the wct field */
3399 + 12 * sizeof(uint16_t) /* vwv */
3400 + 2); /* the buflen field */
3401 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3402 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3403 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3404 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3408 /****************************************************************************
3409 Reply to a read and X - possibly using sendfile.
3410 ****************************************************************************/
3412 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3413 files_struct *fsp, SMB_OFF_T startpos,
3417 struct lock_struct lock;
3418 int saved_errno = 0;
3420 if(fsp_stat(fsp) == -1) {
3421 reply_nterror(req, map_nt_error_from_unix(errno));
3425 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3426 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3429 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3430 reply_doserror(req, ERRDOS, ERRlock);
3434 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3435 (startpos > fsp->fsp_name->st.st_ex_size)
3436 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3438 * We already know that we would do a short read, so don't
3439 * try the sendfile() path.
3441 goto nosendfile_read;
3444 #if defined(WITH_SENDFILE)
3446 * We can only use sendfile on a non-chained packet
3447 * but we can use on a non-oplocked file. tridge proved this
3448 * on a train in Germany :-). JRA.
3451 if (!req_is_in_chain(req) &&
3452 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3453 (fsp->wcp == NULL) &&
3454 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
3455 uint8 headerbuf[smb_size + 12 * 2];
3459 * Set up the packet header before send. We
3460 * assume here the sendfile will work (get the
3461 * correct amount of data).
3464 header = data_blob_const(headerbuf, sizeof(headerbuf));
3466 construct_reply_common_req(req, (char *)headerbuf);
3467 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3469 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3470 /* Returning ENOSYS means no data at all was sent.
3471 Do this as a normal read. */
3472 if (errno == ENOSYS) {
3477 * Special hack for broken Linux with no working sendfile. If we
3478 * return EINTR we sent the header but not the rest of the data.
3479 * Fake this up by doing read/write calls.
3482 if (errno == EINTR) {
3483 /* Ensure we don't do this again. */
3484 set_use_sendfile(SNUM(conn), False);
3485 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3486 nread = fake_sendfile(fsp, startpos,
3489 DEBUG(0,("send_file_readX: "
3490 "fake_sendfile failed for "
3494 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3496 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3497 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3498 /* No outbuf here means successful sendfile. */
3502 DEBUG(0,("send_file_readX: sendfile failed for file "
3503 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3505 exit_server_cleanly("send_file_readX sendfile failed");
3506 } else if (nread == 0) {
3508 * Some sendfile implementations return 0 to indicate
3509 * that there was a short read, but nothing was
3510 * actually written to the socket. In this case,
3511 * fallback to the normal read path so the header gets
3512 * the correct byte count.
3514 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3515 "falling back to the normal read: %s\n",
3520 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3521 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3523 /* Deal with possible short send. */
3524 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3525 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3527 /* No outbuf here means successful sendfile. */
3528 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3529 SMB_PERFCOUNT_END(&req->pcd);
3537 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3538 uint8 headerbuf[smb_size + 2*12];
3540 construct_reply_common_req(req, (char *)headerbuf);
3541 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3543 /* Send out the header. */
3544 if (write_data(smbd_server_fd(), (char *)headerbuf,
3545 sizeof(headerbuf)) != sizeof(headerbuf)) {
3546 DEBUG(0,("send_file_readX: write_data failed for file "
3547 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3549 exit_server_cleanly("send_file_readX sendfile failed");
3551 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3553 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3554 "file %s (%s).\n", fsp_str_dbg(fsp),
3556 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3563 reply_outbuf(req, 12, smb_maxcnt);
3565 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3566 saved_errno = errno;
3568 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3571 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3575 setup_readX_header(req, (char *)req->outbuf, nread);
3577 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3578 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3584 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3585 TALLOC_FREE(req->outbuf);
3589 /****************************************************************************
3590 Reply to a read and X.
3591 ****************************************************************************/
3593 void reply_read_and_X(struct smb_request *req)
3595 connection_struct *conn = req->conn;
3599 bool big_readX = False;
3601 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3604 START_PROFILE(SMBreadX);
3606 if ((req->wct != 10) && (req->wct != 12)) {
3607 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3611 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3612 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3613 smb_maxcnt = SVAL(req->vwv+5, 0);
3615 /* If it's an IPC, pass off the pipe handler. */
3617 reply_pipe_read_and_X(req);
3618 END_PROFILE(SMBreadX);
3622 if (!check_fsp(conn, req, fsp)) {
3623 END_PROFILE(SMBreadX);
3627 if (!CHECK_READ(fsp,req)) {
3628 reply_doserror(req, ERRDOS,ERRbadaccess);
3629 END_PROFILE(SMBreadX);
3633 if (global_client_caps & CAP_LARGE_READX) {
3634 size_t upper_size = SVAL(req->vwv+7, 0);
3635 smb_maxcnt |= (upper_size<<16);
3636 if (upper_size > 1) {
3637 /* Can't do this on a chained packet. */
3638 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3639 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3640 END_PROFILE(SMBreadX);
3643 /* We currently don't do this on signed or sealed data. */
3644 if (srv_is_signing_active(smbd_server_conn) ||
3645 is_encrypted_packet(req->inbuf)) {
3646 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3647 END_PROFILE(SMBreadX);
3650 /* Is there room in the reply for this data ? */
3651 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3653 NT_STATUS_INVALID_PARAMETER);
3654 END_PROFILE(SMBreadX);
3661 if (req->wct == 12) {
3662 #ifdef LARGE_SMB_OFF_T
3664 * This is a large offset (64 bit) read.
3666 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3668 #else /* !LARGE_SMB_OFF_T */
3671 * Ensure we haven't been sent a >32 bit offset.
3674 if(IVAL(req->vwv+10, 0) != 0) {
3675 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3676 "used and we don't support 64 bit offsets.\n",
3677 (unsigned int)IVAL(req->vwv+10, 0) ));
3678 END_PROFILE(SMBreadX);
3679 reply_doserror(req, ERRDOS, ERRbadaccess);
3683 #endif /* LARGE_SMB_OFF_T */
3688 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3692 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3695 END_PROFILE(SMBreadX);
3699 /****************************************************************************
3700 Error replies to writebraw must have smb_wct == 1. Fix this up.
3701 ****************************************************************************/
3703 void error_to_writebrawerr(struct smb_request *req)
3705 uint8 *old_outbuf = req->outbuf;
3707 reply_outbuf(req, 1, 0);
3709 memcpy(req->outbuf, old_outbuf, smb_size);
3710 TALLOC_FREE(old_outbuf);
3713 /****************************************************************************
3714 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3715 ****************************************************************************/
3717 void reply_writebraw(struct smb_request *req)
3719 connection_struct *conn = req->conn;
3722 ssize_t total_written=0;
3723 size_t numtowrite=0;
3729 struct lock_struct lock;
3732 START_PROFILE(SMBwritebraw);
3735 * If we ever reply with an error, it must have the SMB command
3736 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3739 SCVAL(req->inbuf,smb_com,SMBwritec);
3741 if (srv_is_signing_active(smbd_server_conn)) {
3742 END_PROFILE(SMBwritebraw);
3743 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3744 "raw reads/writes are disallowed.");
3747 if (req->wct < 12) {
3748 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3749 error_to_writebrawerr(req);
3750 END_PROFILE(SMBwritebraw);
3754 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3755 if (!check_fsp(conn, req, fsp)) {
3756 error_to_writebrawerr(req);
3757 END_PROFILE(SMBwritebraw);
3761 if (!CHECK_WRITE(fsp)) {
3762 reply_doserror(req, ERRDOS, ERRbadaccess);
3763 error_to_writebrawerr(req);
3764 END_PROFILE(SMBwritebraw);
3768 tcount = IVAL(req->vwv+1, 0);
3769 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3770 write_through = BITSETW(req->vwv+7,0);
3772 /* We have to deal with slightly different formats depending
3773 on whether we are using the core+ or lanman1.0 protocol */
3775 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3776 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3777 data = smb_buf(req->inbuf);
3779 numtowrite = SVAL(req->vwv+10, 0);
3780 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3783 /* Ensure we don't write bytes past the end of this packet. */
3784 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3785 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3786 error_to_writebrawerr(req);
3787 END_PROFILE(SMBwritebraw);
3791 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3792 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3795 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3796 reply_doserror(req, ERRDOS, ERRlock);
3797 error_to_writebrawerr(req);
3798 END_PROFILE(SMBwritebraw);
3803 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3806 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3807 "wrote=%d sync=%d\n",
3808 fsp->fnum, (double)startpos, (int)numtowrite,
3809 (int)nwritten, (int)write_through));
3811 if (nwritten < (ssize_t)numtowrite) {
3812 reply_doserror(req, ERRHRD, ERRdiskfull);
3813 error_to_writebrawerr(req);
3817 total_written = nwritten;
3819 /* Allocate a buffer of 64k + length. */
3820 buf = TALLOC_ARRAY(NULL, char, 65540);
3822 reply_doserror(req, ERRDOS, ERRnomem);
3823 error_to_writebrawerr(req);
3827 /* Return a SMBwritebraw message to the redirector to tell
3828 * it to send more bytes */
3830 memcpy(buf, req->inbuf, smb_size);
3831 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
3832 SCVAL(buf,smb_com,SMBwritebraw);
3833 SSVALS(buf,smb_vwv0,0xFFFF);
3835 if (!srv_send_smb(smbd_server_fd(),
3837 false, 0, /* no signing */
3838 IS_CONN_ENCRYPTED(conn),
3840 exit_server_cleanly("reply_writebraw: srv_send_smb "
3844 /* Now read the raw data into the buffer and write it */
3845 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3847 if (!NT_STATUS_IS_OK(status)) {
3848 exit_server_cleanly("secondary writebraw failed");
3851 /* Set up outbuf to return the correct size */
3852 reply_outbuf(req, 1, 0);
3854 if (numtowrite != 0) {
3856 if (numtowrite > 0xFFFF) {
3857 DEBUG(0,("reply_writebraw: Oversize secondary write "
3858 "raw requested (%u). Terminating\n",
3859 (unsigned int)numtowrite ));
3860 exit_server_cleanly("secondary writebraw failed");
3863 if (tcount > nwritten+numtowrite) {
3864 DEBUG(3,("reply_writebraw: Client overestimated the "
3866 (int)tcount,(int)nwritten,(int)numtowrite));
3869 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3871 if (!NT_STATUS_IS_OK(status)) {
3872 DEBUG(0,("reply_writebraw: Oversize secondary write "
3873 "raw read failed (%s). Terminating\n",
3874 nt_errstr(status)));
3875 exit_server_cleanly("secondary writebraw failed");
3878 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3879 if (nwritten == -1) {
3881 reply_nterror(req, map_nt_error_from_unix(errno));
3882 error_to_writebrawerr(req);
3886 if (nwritten < (ssize_t)numtowrite) {
3887 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3888 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3892 total_written += nwritten;
3897 SSVAL(req->outbuf,smb_vwv0,total_written);
3899 status = sync_file(conn, fsp, write_through);
3900 if (!NT_STATUS_IS_OK(status)) {
3901 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3902 fsp_str_dbg(fsp), nt_errstr(status)));
3903 reply_nterror(req, status);
3904 error_to_writebrawerr(req);
3908 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3910 fsp->fnum, (double)startpos, (int)numtowrite,
3911 (int)total_written));
3913 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3915 /* We won't return a status if write through is not selected - this
3916 * follows what WfWg does */
3917 END_PROFILE(SMBwritebraw);
3919 if (!write_through && total_written==tcount) {
3921 #if RABBIT_PELLET_FIX
3923 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3924 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3927 if (!send_keepalive(smbd_server_fd())) {
3928 exit_server_cleanly("reply_writebraw: send of "
3929 "keepalive failed");
3932 TALLOC_FREE(req->outbuf);
3937 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3939 END_PROFILE(SMBwritebraw);
3944 #define DBGC_CLASS DBGC_LOCKING
3946 /****************************************************************************
3947 Reply to a writeunlock (core+).
3948 ****************************************************************************/
3950 void reply_writeunlock(struct smb_request *req)
3952 connection_struct *conn = req->conn;
3953 ssize_t nwritten = -1;
3957 NTSTATUS status = NT_STATUS_OK;
3959 struct lock_struct lock;
3960 int saved_errno = 0;
3962 START_PROFILE(SMBwriteunlock);
3965 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3966 END_PROFILE(SMBwriteunlock);
3970 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3972 if (!check_fsp(conn, req, fsp)) {
3973 END_PROFILE(SMBwriteunlock);
3977 if (!CHECK_WRITE(fsp)) {
3978 reply_doserror(req, ERRDOS,ERRbadaccess);
3979 END_PROFILE(SMBwriteunlock);
3983 numtowrite = SVAL(req->vwv+1, 0);
3984 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3985 data = (const char *)req->buf + 3;
3988 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3989 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3992 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3993 reply_doserror(req, ERRDOS, ERRlock);
3994 END_PROFILE(SMBwriteunlock);
3999 /* The special X/Open SMB protocol handling of
4000 zero length writes is *NOT* done for
4002 if(numtowrite == 0) {
4005 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4006 saved_errno = errno;
4009 status = sync_file(conn, fsp, False /* write through */);
4010 if (!NT_STATUS_IS_OK(status)) {
4011 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4012 fsp_str_dbg(fsp), nt_errstr(status)));
4013 reply_nterror(req, status);
4018 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4022 if((nwritten < numtowrite) && (numtowrite != 0)) {
4023 reply_doserror(req, ERRHRD, ERRdiskfull);
4028 status = do_unlock(smbd_messaging_context(),
4031 (uint64_t)numtowrite,
4035 if (NT_STATUS_V(status)) {
4036 reply_nterror(req, status);
4041 reply_outbuf(req, 1, 0);
4043 SSVAL(req->outbuf,smb_vwv0,nwritten);
4045 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4046 fsp->fnum, (int)numtowrite, (int)nwritten));
4050 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4053 END_PROFILE(SMBwriteunlock);
4058 #define DBGC_CLASS DBGC_ALL
4060 /****************************************************************************
4062 ****************************************************************************/
4064 void reply_write(struct smb_request *req)
4066 connection_struct *conn = req->conn;
4068 ssize_t nwritten = -1;
4072 struct lock_struct lock;
4074 int saved_errno = 0;
4076 START_PROFILE(SMBwrite);
4079 END_PROFILE(SMBwrite);
4080 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4084 /* If it's an IPC, pass off the pipe handler. */
4086 reply_pipe_write(req);
4087 END_PROFILE(SMBwrite);
4091 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4093 if (!check_fsp(conn, req, fsp)) {
4094 END_PROFILE(SMBwrite);
4098 if (!CHECK_WRITE(fsp)) {
4099 reply_doserror(req, ERRDOS, ERRbadaccess);
4100 END_PROFILE(SMBwrite);
4104 numtowrite = SVAL(req->vwv+1, 0);
4105 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4106 data = (const char *)req->buf + 3;
4108 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4109 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4112 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4113 reply_doserror(req, ERRDOS, ERRlock);
4114 END_PROFILE(SMBwrite);
4119 * X/Open SMB protocol says that if smb_vwv1 is
4120 * zero then the file size should be extended or
4121 * truncated to the size given in smb_vwv[2-3].
4124 if(numtowrite == 0) {
4126 * This is actually an allocate call, and set EOF. JRA.
4128 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4130 reply_nterror(req, NT_STATUS_DISK_FULL);
4133 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4135 reply_nterror(req, NT_STATUS_DISK_FULL);
4138 trigger_write_time_update_immediate(fsp);
4140 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4143 status = sync_file(conn, fsp, False);
4144 if (!NT_STATUS_IS_OK(status)) {
4145 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4146 fsp_str_dbg(fsp), nt_errstr(status)));
4147 reply_nterror(req, status);
4152 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4156 if((nwritten == 0) && (numtowrite != 0)) {
4157 reply_doserror(req, ERRHRD, ERRdiskfull);
4161 reply_outbuf(req, 1, 0);
4163 SSVAL(req->outbuf,smb_vwv0,nwritten);
4165 if (nwritten < (ssize_t)numtowrite) {
4166 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4167 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4170 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4173 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4175 END_PROFILE(SMBwrite);
4179 /****************************************************************************
4180 Ensure a buffer is a valid writeX for recvfile purposes.
4181 ****************************************************************************/
4183 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4184 (2*14) + /* word count (including bcc) */ \
4187 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4190 connection_struct *conn = NULL;
4191 unsigned int doff = 0;
4192 size_t len = smb_len_large(inbuf);
4193 struct smbd_server_connection *sconn = smbd_server_conn;
4195 if (is_encrypted_packet(inbuf)) {
4196 /* Can't do this on encrypted
4201 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4205 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4206 CVAL(inbuf,smb_wct) != 14) {
4207 DEBUG(10,("is_valid_writeX_buffer: chained or "
4208 "invalid word length.\n"));
4212 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4214 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4218 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4221 if (IS_PRINT(conn)) {
4222 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4225 doff = SVAL(inbuf,smb_vwv11);
4227 numtowrite = SVAL(inbuf,smb_vwv10);
4229 if (len > doff && len - doff > 0xFFFF) {
4230 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4233 if (numtowrite == 0) {
4234 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4238 /* Ensure the sizes match up. */
4239 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4240 /* no pad byte...old smbclient :-( */
4241 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4243 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4247 if (len - doff != numtowrite) {
4248 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4249 "len = %u, doff = %u, numtowrite = %u\n",
4252 (unsigned int)numtowrite ));
4256 DEBUG(10,("is_valid_writeX_buffer: true "
4257 "len = %u, doff = %u, numtowrite = %u\n",
4260 (unsigned int)numtowrite ));
4265 /****************************************************************************
4266 Reply to a write and X.
4267 ****************************************************************************/
4269 void reply_write_and_X(struct smb_request *req)
4271 connection_struct *conn = req->conn;
4273 struct lock_struct lock;
4278 unsigned int smb_doff;
4279 unsigned int smblen;
4283 START_PROFILE(SMBwriteX);
4285 if ((req->wct != 12) && (req->wct != 14)) {
4286 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4287 END_PROFILE(SMBwriteX);
4291 numtowrite = SVAL(req->vwv+10, 0);
4292 smb_doff = SVAL(req->vwv+11, 0);
4293 smblen = smb_len(req->inbuf);
4295 if (req->unread_bytes > 0xFFFF ||
4296 (smblen > smb_doff &&
4297 smblen - smb_doff > 0xFFFF)) {
4298 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4301 if (req->unread_bytes) {
4302 /* Can't do a recvfile write on IPC$ */
4304 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4305 END_PROFILE(SMBwriteX);
4308 if (numtowrite != req->unread_bytes) {
4309 reply_doserror(req, ERRDOS, ERRbadmem);
4310 END_PROFILE(SMBwriteX);
4314 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4315 smb_doff + numtowrite > smblen) {
4316 reply_doserror(req, ERRDOS, ERRbadmem);
4317 END_PROFILE(SMBwriteX);
4322 /* If it's an IPC, pass off the pipe handler. */
4324 if (req->unread_bytes) {
4325 reply_doserror(req, ERRDOS, ERRbadmem);
4326 END_PROFILE(SMBwriteX);
4329 reply_pipe_write_and_X(req);
4330 END_PROFILE(SMBwriteX);
4334 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4335 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4336 write_through = BITSETW(req->vwv+7,0);
4338 if (!check_fsp(conn, req, fsp)) {
4339 END_PROFILE(SMBwriteX);
4343 if (!CHECK_WRITE(fsp)) {
4344 reply_doserror(req, ERRDOS, ERRbadaccess);
4345 END_PROFILE(SMBwriteX);
4349 data = smb_base(req->inbuf) + smb_doff;
4351 if(req->wct == 14) {
4352 #ifdef LARGE_SMB_OFF_T
4354 * This is a large offset (64 bit) write.
4356 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4358 #else /* !LARGE_SMB_OFF_T */
4361 * Ensure we haven't been sent a >32 bit offset.
4364 if(IVAL(req->vwv+12, 0) != 0) {
4365 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4366 "used and we don't support 64 bit offsets.\n",
4367 (unsigned int)IVAL(req->vwv+12, 0) ));
4368 reply_doserror(req, ERRDOS, ERRbadaccess);
4369 END_PROFILE(SMBwriteX);
4373 #endif /* LARGE_SMB_OFF_T */
4376 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4377 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4380 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4381 reply_doserror(req, ERRDOS, ERRlock);
4382 END_PROFILE(SMBwriteX);
4386 /* X/Open SMB protocol says that, unlike SMBwrite
4387 if the length is zero then NO truncation is
4388 done, just a write of zero. To truncate a file,
4391 if(numtowrite == 0) {
4395 if ((req->unread_bytes == 0) &&
4396 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4401 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4405 reply_nterror(req, map_nt_error_from_unix(errno));
4409 if((nwritten == 0) && (numtowrite != 0)) {
4410 reply_doserror(req, ERRHRD, ERRdiskfull);
4414 reply_outbuf(req, 6, 0);
4415 SSVAL(req->outbuf,smb_vwv2,nwritten);
4416 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4418 if (nwritten < (ssize_t)numtowrite) {
4419 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4420 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4423 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4424 fsp->fnum, (int)numtowrite, (int)nwritten));
4426 status = sync_file(conn, fsp, write_through);
4427 if (!NT_STATUS_IS_OK(status)) {
4428 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4429 fsp_str_dbg(fsp), nt_errstr(status)));
4430 reply_nterror(req, status);
4434 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4436 END_PROFILE(SMBwriteX);
4441 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4443 END_PROFILE(SMBwriteX);
4447 /****************************************************************************
4449 ****************************************************************************/
4451 void reply_lseek(struct smb_request *req)
4453 connection_struct *conn = req->conn;
4459 START_PROFILE(SMBlseek);
4462 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4463 END_PROFILE(SMBlseek);
4467 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4469 if (!check_fsp(conn, req, fsp)) {
4473 flush_write_cache(fsp, SEEK_FLUSH);
4475 mode = SVAL(req->vwv+1, 0) & 3;
4476 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4477 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4486 res = fsp->fh->pos + startpos;
4497 if (umode == SEEK_END) {
4498 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4499 if(errno == EINVAL) {
4500 SMB_OFF_T current_pos = startpos;
4502 if(fsp_stat(fsp) == -1) {
4504 map_nt_error_from_unix(errno));
4505 END_PROFILE(SMBlseek);
4509 current_pos += fsp->fsp_name->st.st_ex_size;
4511 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4516 reply_nterror(req, map_nt_error_from_unix(errno));
4517 END_PROFILE(SMBlseek);
4524 reply_outbuf(req, 2, 0);
4525 SIVAL(req->outbuf,smb_vwv0,res);
4527 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4528 fsp->fnum, (double)startpos, (double)res, mode));
4530 END_PROFILE(SMBlseek);
4534 /****************************************************************************
4536 ****************************************************************************/
4538 void reply_flush(struct smb_request *req)
4540 connection_struct *conn = req->conn;
4544 START_PROFILE(SMBflush);
4547 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4551 fnum = SVAL(req->vwv+0, 0);
4552 fsp = file_fsp(req, fnum);
4554 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4559 file_sync_all(conn);
4561 NTSTATUS status = sync_file(conn, fsp, True);
4562 if (!NT_STATUS_IS_OK(status)) {
4563 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4564 fsp_str_dbg(fsp), nt_errstr(status)));
4565 reply_nterror(req, status);
4566 END_PROFILE(SMBflush);
4571 reply_outbuf(req, 0, 0);
4573 DEBUG(3,("flush\n"));
4574 END_PROFILE(SMBflush);
4578 /****************************************************************************
4580 conn POINTER CAN BE NULL HERE !
4581 ****************************************************************************/
4583 void reply_exit(struct smb_request *req)
4585 START_PROFILE(SMBexit);
4587 file_close_pid(req->smbpid, req->vuid);
4589 reply_outbuf(req, 0, 0);
4591 DEBUG(3,("exit\n"));
4593 END_PROFILE(SMBexit);
4597 /****************************************************************************
4598 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4599 ****************************************************************************/
4601 void reply_close(struct smb_request *req)
4603 connection_struct *conn = req->conn;
4604 NTSTATUS status = NT_STATUS_OK;
4605 files_struct *fsp = NULL;
4606 START_PROFILE(SMBclose);
4609 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4610 END_PROFILE(SMBclose);
4614 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4617 * We can only use check_fsp if we know it's not a directory.
4620 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4621 reply_doserror(req, ERRDOS, ERRbadfid);
4622 END_PROFILE(SMBclose);
4626 if(fsp->is_directory) {
4628 * Special case - close NT SMB directory handle.
4630 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4631 status = close_file(req, fsp, NORMAL_CLOSE);
4635 * Close ordinary file.
4638 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4639 fsp->fh->fd, fsp->fnum,
4640 conn->num_files_open));
4643 * Take care of any time sent in the close.
4646 t = srv_make_unix_date3(req->vwv+1);
4647 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4650 * close_file() returns the unix errno if an error
4651 * was detected on close - normally this is due to
4652 * a disk full error. If not then it was probably an I/O error.
4655 status = close_file(req, fsp, NORMAL_CLOSE);
4658 if (!NT_STATUS_IS_OK(status)) {
4659 reply_nterror(req, status);
4660 END_PROFILE(SMBclose);
4664 reply_outbuf(req, 0, 0);
4665 END_PROFILE(SMBclose);
4669 /****************************************************************************
4670 Reply to a writeclose (Core+ protocol).
4671 ****************************************************************************/
4673 void reply_writeclose(struct smb_request *req)
4675 connection_struct *conn = req->conn;
4677 ssize_t nwritten = -1;
4678 NTSTATUS close_status = NT_STATUS_OK;
4681 struct timespec mtime;
4683 struct lock_struct lock;
4685 START_PROFILE(SMBwriteclose);
4688 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4689 END_PROFILE(SMBwriteclose);
4693 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4695 if (!check_fsp(conn, req, fsp)) {
4696 END_PROFILE(SMBwriteclose);
4699 if (!CHECK_WRITE(fsp)) {
4700 reply_doserror(req, ERRDOS,ERRbadaccess);
4701 END_PROFILE(SMBwriteclose);
4705 numtowrite = SVAL(req->vwv+1, 0);
4706 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4707 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4708 data = (const char *)req->buf + 1;
4711 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4712 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4715 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4716 reply_doserror(req, ERRDOS,ERRlock);
4717 END_PROFILE(SMBwriteclose);
4722 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4724 set_close_write_time(fsp, mtime);
4727 * More insanity. W2K only closes the file if writelen > 0.
4732 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4733 "file %s\n", fsp_str_dbg(fsp)));
4734 close_status = close_file(req, fsp, NORMAL_CLOSE);
4737 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4738 fsp->fnum, (int)numtowrite, (int)nwritten,
4739 conn->num_files_open));
4741 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4742 reply_doserror(req, ERRHRD, ERRdiskfull);
4746 if(!NT_STATUS_IS_OK(close_status)) {
4747 reply_nterror(req, close_status);
4751 reply_outbuf(req, 1, 0);
4753 SSVAL(req->outbuf,smb_vwv0,nwritten);
4757 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4760 END_PROFILE(SMBwriteclose);
4765 #define DBGC_CLASS DBGC_LOCKING
4767 /****************************************************************************
4769 ****************************************************************************/
4771 void reply_lock(struct smb_request *req)
4773 connection_struct *conn = req->conn;
4774 uint64_t count,offset;
4777 struct byte_range_lock *br_lck = NULL;
4779 START_PROFILE(SMBlock);
4782 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4783 END_PROFILE(SMBlock);
4787 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4789 if (!check_fsp(conn, req, fsp)) {
4790 END_PROFILE(SMBlock);
4794 count = (uint64_t)IVAL(req->vwv+1, 0);
4795 offset = (uint64_t)IVAL(req->vwv+3, 0);
4797 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4798 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4800 br_lck = do_lock(smbd_messaging_context(),
4807 False, /* Non-blocking lock. */
4812 TALLOC_FREE(br_lck);
4814 if (NT_STATUS_V(status)) {
4815 reply_nterror(req, status);
4816 END_PROFILE(SMBlock);
4820 reply_outbuf(req, 0, 0);
4822 END_PROFILE(SMBlock);
4826 /****************************************************************************
4828 ****************************************************************************/
4830 void reply_unlock(struct smb_request *req)
4832 connection_struct *conn = req->conn;
4833 uint64_t count,offset;
4837 START_PROFILE(SMBunlock);
4840 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4841 END_PROFILE(SMBunlock);
4845 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4847 if (!check_fsp(conn, req, fsp)) {
4848 END_PROFILE(SMBunlock);
4852 count = (uint64_t)IVAL(req->vwv+1, 0);
4853 offset = (uint64_t)IVAL(req->vwv+3, 0);
4855 status = do_unlock(smbd_messaging_context(),
4862 if (NT_STATUS_V(status)) {
4863 reply_nterror(req, status);
4864 END_PROFILE(SMBunlock);
4868 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4869 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4871 reply_outbuf(req, 0, 0);
4873 END_PROFILE(SMBunlock);
4878 #define DBGC_CLASS DBGC_ALL
4880 /****************************************************************************
4882 conn POINTER CAN BE NULL HERE !
4883 ****************************************************************************/
4885 void reply_tdis(struct smb_request *req)
4887 connection_struct *conn = req->conn;
4888 START_PROFILE(SMBtdis);
4891 DEBUG(4,("Invalid connection in tdis\n"));
4892 reply_doserror(req, ERRSRV, ERRinvnid);
4893 END_PROFILE(SMBtdis);
4899 close_cnum(conn,req->vuid);
4902 reply_outbuf(req, 0, 0);
4903 END_PROFILE(SMBtdis);
4907 /****************************************************************************
4909 conn POINTER CAN BE NULL HERE !
4910 ****************************************************************************/
4912 void reply_echo(struct smb_request *req)
4914 connection_struct *conn = req->conn;
4915 struct smb_perfcount_data local_pcd;
4916 struct smb_perfcount_data *cur_pcd;
4920 START_PROFILE(SMBecho);
4922 smb_init_perfcount_data(&local_pcd);
4925 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4926 END_PROFILE(SMBecho);
4930 smb_reverb = SVAL(req->vwv+0, 0);
4932 reply_outbuf(req, 1, req->buflen);
4934 /* copy any incoming data back out */
4935 if (req->buflen > 0) {
4936 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4939 if (smb_reverb > 100) {
4940 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4944 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4946 /* this makes sure we catch the request pcd */
4947 if (seq_num == smb_reverb) {
4948 cur_pcd = &req->pcd;
4950 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4951 cur_pcd = &local_pcd;
4954 SSVAL(req->outbuf,smb_vwv0,seq_num);
4956 show_msg((char *)req->outbuf);
4957 if (!srv_send_smb(smbd_server_fd(),
4958 (char *)req->outbuf,
4959 true, req->seqnum+1,
4960 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4962 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4965 DEBUG(3,("echo %d times\n", smb_reverb));
4967 TALLOC_FREE(req->outbuf);
4969 END_PROFILE(SMBecho);
4973 /****************************************************************************
4974 Reply to a printopen.
4975 ****************************************************************************/
4977 void reply_printopen(struct smb_request *req)
4979 connection_struct *conn = req->conn;
4983 START_PROFILE(SMBsplopen);
4986 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4987 END_PROFILE(SMBsplopen);
4991 if (!CAN_PRINT(conn)) {
4992 reply_doserror(req, ERRDOS, ERRnoaccess);
4993 END_PROFILE(SMBsplopen);
4997 status = file_new(req, conn, &fsp);
4998 if(!NT_STATUS_IS_OK(status)) {
4999 reply_nterror(req, status);
5000 END_PROFILE(SMBsplopen);
5004 /* Open for exclusive use, write only. */
5005 status = print_fsp_open(req, conn, NULL, req->vuid, fsp);
5007 if (!NT_STATUS_IS_OK(status)) {
5008 file_free(req, fsp);
5009 reply_nterror(req, status);
5010 END_PROFILE(SMBsplopen);
5014 reply_outbuf(req, 1, 0);
5015 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5017 DEBUG(3,("openprint fd=%d fnum=%d\n",
5018 fsp->fh->fd, fsp->fnum));
5020 END_PROFILE(SMBsplopen);
5024 /****************************************************************************
5025 Reply to a printclose.
5026 ****************************************************************************/
5028 void reply_printclose(struct smb_request *req)
5030 connection_struct *conn = req->conn;
5034 START_PROFILE(SMBsplclose);
5037 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5038 END_PROFILE(SMBsplclose);
5042 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5044 if (!check_fsp(conn, req, fsp)) {
5045 END_PROFILE(SMBsplclose);
5049 if (!CAN_PRINT(conn)) {
5050 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
5051 END_PROFILE(SMBsplclose);
5055 DEBUG(3,("printclose fd=%d fnum=%d\n",
5056 fsp->fh->fd,fsp->fnum));
5058 status = close_file(req, fsp, NORMAL_CLOSE);
5060 if(!NT_STATUS_IS_OK(status)) {
5061 reply_nterror(req, status);
5062 END_PROFILE(SMBsplclose);
5066 reply_outbuf(req, 0, 0);
5068 END_PROFILE(SMBsplclose);
5072 /****************************************************************************
5073 Reply to a printqueue.
5074 ****************************************************************************/
5076 void reply_printqueue(struct smb_request *req)
5078 connection_struct *conn = req->conn;
5082 START_PROFILE(SMBsplretq);
5085 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5086 END_PROFILE(SMBsplretq);
5090 max_count = SVAL(req->vwv+0, 0);
5091 start_index = SVAL(req->vwv+1, 0);
5093 /* we used to allow the client to get the cnum wrong, but that
5094 is really quite gross and only worked when there was only
5095 one printer - I think we should now only accept it if they
5096 get it right (tridge) */
5097 if (!CAN_PRINT(conn)) {
5098 reply_doserror(req, ERRDOS, ERRnoaccess);
5099 END_PROFILE(SMBsplretq);
5103 reply_outbuf(req, 2, 3);
5104 SSVAL(req->outbuf,smb_vwv0,0);
5105 SSVAL(req->outbuf,smb_vwv1,0);
5106 SCVAL(smb_buf(req->outbuf),0,1);
5107 SSVAL(smb_buf(req->outbuf),1,0);
5109 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5110 start_index, max_count));
5113 print_queue_struct *queue = NULL;
5114 print_status_struct status;
5115 int count = print_queue_status(SNUM(conn), &queue, &status);
5116 int num_to_get = ABS(max_count);
5117 int first = (max_count>0?start_index:start_index+max_count+1);
5123 num_to_get = MIN(num_to_get,count-first);
5126 for (i=first;i<first+num_to_get;i++) {
5130 srv_put_dos_date2(p,0,queue[i].time);
5131 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5132 SSVAL(p,5, queue[i].job);
5133 SIVAL(p,7,queue[i].size);
5135 srvstr_push(blob, req->flags2, p+12,
5136 queue[i].fs_user, 16, STR_ASCII);
5138 if (message_push_blob(
5141 blob, sizeof(blob))) == -1) {
5142 reply_nterror(req, NT_STATUS_NO_MEMORY);
5143 END_PROFILE(SMBsplretq);
5149 SSVAL(req->outbuf,smb_vwv0,count);
5150 SSVAL(req->outbuf,smb_vwv1,
5151 (max_count>0?first+count:first-1));
5152 SCVAL(smb_buf(req->outbuf),0,1);
5153 SSVAL(smb_buf(req->outbuf),1,28*count);
5158 DEBUG(3,("%d entries returned in queue\n",count));
5161 END_PROFILE(SMBsplretq);
5165 /****************************************************************************
5166 Reply to a printwrite.
5167 ****************************************************************************/
5169 void reply_printwrite(struct smb_request *req)
5171 connection_struct *conn = req->conn;
5176 START_PROFILE(SMBsplwr);
5179 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5180 END_PROFILE(SMBsplwr);
5184 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5186 if (!check_fsp(conn, req, fsp)) {
5187 END_PROFILE(SMBsplwr);
5191 if (!CAN_PRINT(conn)) {
5192 reply_doserror(req, ERRDOS, ERRnoaccess);
5193 END_PROFILE(SMBsplwr);
5197 if (!CHECK_WRITE(fsp)) {
5198 reply_doserror(req, ERRDOS, ERRbadaccess);
5199 END_PROFILE(SMBsplwr);
5203 numtowrite = SVAL(req->buf, 1);
5205 if (req->buflen < numtowrite + 3) {
5206 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5207 END_PROFILE(SMBsplwr);
5211 data = (const char *)req->buf + 3;
5213 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5214 reply_nterror(req, map_nt_error_from_unix(errno));
5215 END_PROFILE(SMBsplwr);
5219 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5221 END_PROFILE(SMBsplwr);
5225 /****************************************************************************
5227 ****************************************************************************/
5229 void reply_mkdir(struct smb_request *req)
5231 connection_struct *conn = req->conn;
5232 struct smb_filename *smb_dname = NULL;
5233 char *directory = NULL;
5235 TALLOC_CTX *ctx = talloc_tos();
5237 START_PROFILE(SMBmkdir);
5239 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5240 STR_TERMINATE, &status);
5241 if (!NT_STATUS_IS_OK(status)) {
5242 reply_nterror(req, status);
5246 status = filename_convert(ctx, conn,
5247 req->flags2 & FLAGS2_DFS_PATHNAMES,
5252 if (!NT_STATUS_IS_OK(status)) {
5253 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5254 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5255 ERRSRV, ERRbadpath);
5258 reply_nterror(req, status);
5262 status = create_directory(conn, req, smb_dname);
5264 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5266 if (!NT_STATUS_IS_OK(status)) {
5268 if (!use_nt_status()
5269 && NT_STATUS_EQUAL(status,
5270 NT_STATUS_OBJECT_NAME_COLLISION)) {
5272 * Yes, in the DOS error code case we get a
5273 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5274 * samba4 torture test.
5276 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5279 reply_nterror(req, status);
5283 reply_outbuf(req, 0, 0);
5285 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5287 TALLOC_FREE(smb_dname);
5288 END_PROFILE(SMBmkdir);
5292 /****************************************************************************
5293 Static function used by reply_rmdir to delete an entire directory
5294 tree recursively. Return True on ok, False on fail.
5295 ****************************************************************************/
5297 static bool recursive_rmdir(TALLOC_CTX *ctx,
5298 connection_struct *conn,
5299 struct smb_filename *smb_dname)
5305 struct smb_Dir *dir_hnd;
5307 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
5309 dir_hnd = OpenDir(talloc_tos(), conn, smb_dname->base_name, NULL, 0);
5313 while((dname = ReadDirName(dir_hnd, &offset, &st))) {
5314 struct smb_filename *smb_dname_full = NULL;
5315 char *fullname = NULL;
5316 bool do_break = true;
5319 if (ISDOT(dname) || ISDOTDOT(dname)) {
5324 if (!is_visible_file(conn, smb_dname->base_name, dname, &st,
5330 /* Construct the full name. */
5331 fullname = talloc_asprintf(ctx,
5333 smb_dname->base_name,
5340 status = create_synthetic_smb_fname(talloc_tos(), fullname,
5343 if (!NT_STATUS_IS_OK(status)) {
5347 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
5351 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
5352 if(!recursive_rmdir(ctx, conn, smb_dname_full)) {
5355 if(SMB_VFS_RMDIR(conn,
5356 smb_dname_full->base_name) != 0) {
5359 } else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
5363 /* Successful iteration. */
5367 TALLOC_FREE(smb_dname_full);
5368 TALLOC_FREE(fullname);
5375 TALLOC_FREE(dir_hnd);
5379 /****************************************************************************
5380 The internals of the rmdir code - called elsewhere.
5381 ****************************************************************************/
5383 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5384 connection_struct *conn,
5385 struct smb_filename *smb_dname)
5389 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
5391 /* Might be a symlink. */
5392 if(SMB_VFS_LSTAT(conn, smb_dname) != 0) {
5393 return map_nt_error_from_unix(errno);
5396 if (S_ISLNK(smb_dname->st.st_ex_mode)) {
5397 /* Is what it points to a directory ? */
5398 if(SMB_VFS_STAT(conn, smb_dname) != 0) {
5399 return map_nt_error_from_unix(errno);
5401 if (!(S_ISDIR(smb_dname->st.st_ex_mode))) {
5402 return NT_STATUS_NOT_A_DIRECTORY;
5404 ret = SMB_VFS_UNLINK(conn, smb_dname);
5406 ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
5409 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5410 FILE_NOTIFY_CHANGE_DIR_NAME,
5411 smb_dname->base_name);
5412 return NT_STATUS_OK;
5415 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5417 * Check to see if the only thing in this directory are
5418 * vetoed files/directories. If so then delete them and
5419 * retry. If we fail to delete any of them (and we *don't*
5420 * do a recursive delete) then fail the rmdir.
5425 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5426 smb_dname->base_name, NULL,
5429 if(dir_hnd == NULL) {
5434 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5435 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) {
5439 if (!is_visible_file(conn, smb_dname->base_name, dname,
5444 if(!IS_VETO_PATH(conn, dname)) {
5445 TALLOC_FREE(dir_hnd);
5453 /* We only have veto files/directories.
5454 * Are we allowed to delete them ? */
5456 if(!lp_recursive_veto_delete(SNUM(conn))) {
5457 TALLOC_FREE(dir_hnd);
5462 /* Do a recursive delete. */
5463 RewindDir(dir_hnd,&dirpos);
5464 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5465 struct smb_filename *smb_dname_full = NULL;
5466 char *fullname = NULL;
5467 bool do_break = true;
5470 if (ISDOT(dname) || ISDOTDOT(dname)) {
5474 if (!is_visible_file(conn, smb_dname->base_name, dname,
5480 fullname = talloc_asprintf(ctx,
5482 smb_dname->base_name,
5490 status = create_synthetic_smb_fname(talloc_tos(),
5494 if (!NT_STATUS_IS_OK(status)) {
5495 errno = map_errno_from_nt_status(status);
5499 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
5502 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
5503 if(!recursive_rmdir(ctx, conn,
5507 if(SMB_VFS_RMDIR(conn,
5508 smb_dname_full->base_name) != 0) {
5511 } else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
5515 /* Successful iteration. */
5519 TALLOC_FREE(fullname);
5520 TALLOC_FREE(smb_dname_full);
5525 TALLOC_FREE(dir_hnd);
5526 /* Retry the rmdir */
5527 ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
5533 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5534 "%s\n", smb_fname_str_dbg(smb_dname),
5536 return map_nt_error_from_unix(errno);
5539 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5540 FILE_NOTIFY_CHANGE_DIR_NAME,
5541 smb_dname->base_name);
5543 return NT_STATUS_OK;
5546 /****************************************************************************
5548 ****************************************************************************/
5550 void reply_rmdir(struct smb_request *req)
5552 connection_struct *conn = req->conn;
5553 struct smb_filename *smb_dname = NULL;
5554 char *directory = NULL;
5556 TALLOC_CTX *ctx = talloc_tos();
5557 struct smbd_server_connection *sconn = smbd_server_conn;
5559 START_PROFILE(SMBrmdir);
5561 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5562 STR_TERMINATE, &status);
5563 if (!NT_STATUS_IS_OK(status)) {
5564 reply_nterror(req, status);
5568 status = filename_convert(ctx, conn,
5569 req->flags2 & FLAGS2_DFS_PATHNAMES,
5574 if (!NT_STATUS_IS_OK(status)) {
5575 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5576 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5577 ERRSRV, ERRbadpath);
5580 reply_nterror(req, status);
5584 if (is_ntfs_stream_smb_fname(smb_dname)) {
5585 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5589 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5590 status = rmdir_internals(ctx, conn, smb_dname);
5591 if (!NT_STATUS_IS_OK(status)) {
5592 reply_nterror(req, status);
5596 reply_outbuf(req, 0, 0);
5598 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5600 TALLOC_FREE(smb_dname);
5601 END_PROFILE(SMBrmdir);
5605 /*******************************************************************
5606 Resolve wildcards in a filename rename.
5607 ********************************************************************/
5609 static bool resolve_wildcards(TALLOC_CTX *ctx,
5614 char *name2_copy = NULL;
5619 char *p,*p2, *pname1, *pname2;
5621 name2_copy = talloc_strdup(ctx, name2);
5626 pname1 = strrchr_m(name1,'/');
5627 pname2 = strrchr_m(name2_copy,'/');
5629 if (!pname1 || !pname2) {
5633 /* Truncate the copy of name2 at the last '/' */
5636 /* Now go past the '/' */
5640 root1 = talloc_strdup(ctx, pname1);
5641 root2 = talloc_strdup(ctx, pname2);
5643 if (!root1 || !root2) {
5647 p = strrchr_m(root1,'.');
5650 ext1 = talloc_strdup(ctx, p+1);
5652 ext1 = talloc_strdup(ctx, "");
5654 p = strrchr_m(root2,'.');
5657 ext2 = talloc_strdup(ctx, p+1);
5659 ext2 = talloc_strdup(ctx, "");
5662 if (!ext1 || !ext2) {
5670 /* Hmmm. Should this be mb-aware ? */
5673 } else if (*p2 == '*') {
5675 root2 = talloc_asprintf(ctx, "%s%s",
5694 /* Hmmm. Should this be mb-aware ? */
5697 } else if (*p2 == '*') {
5699 ext2 = talloc_asprintf(ctx, "%s%s",
5715 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5720 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5732 /****************************************************************************
5733 Ensure open files have their names updated. Updated to notify other smbd's
5735 ****************************************************************************/
5737 static void rename_open_files(connection_struct *conn,
5738 struct share_mode_lock *lck,
5739 const struct smb_filename *smb_fname_dst)
5742 bool did_rename = False;
5745 for(fsp = file_find_di_first(lck->id); fsp;
5746 fsp = file_find_di_next(fsp)) {
5747 /* fsp_name is a relative path under the fsp. To change this for other
5748 sharepaths we need to manipulate relative paths. */
5749 /* TODO - create the absolute path and manipulate the newname
5750 relative to the sharepath. */
5751 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5754 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5755 "(file_id %s) from %s -> %s\n", fsp->fnum,
5756 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5757 smb_fname_str_dbg(smb_fname_dst)));
5759 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5760 if (NT_STATUS_IS_OK(status)) {
5766 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5767 "for %s\n", file_id_string_tos(&lck->id),
5768 smb_fname_str_dbg(smb_fname_dst)));
5771 /* Send messages to all smbd's (not ourself) that the name has changed. */
5772 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5777 /****************************************************************************
5778 We need to check if the source path is a parent directory of the destination
5779 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5780 refuse the rename with a sharing violation. Under UNIX the above call can
5781 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5782 probably need to check that the client is a Windows one before disallowing
5783 this as a UNIX client (one with UNIX extensions) can know the source is a
5784 symlink and make this decision intelligently. Found by an excellent bug
5785 report from <AndyLiebman@aol.com>.
5786 ****************************************************************************/
5788 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5789 const struct smb_filename *smb_fname_dst)
5791 const char *psrc = smb_fname_src->base_name;
5792 const char *pdst = smb_fname_dst->base_name;
5795 if (psrc[0] == '.' && psrc[1] == '/') {
5798 if (pdst[0] == '.' && pdst[1] == '/') {
5801 if ((slen = strlen(psrc)) > strlen(pdst)) {
5804 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5808 * Do the notify calls from a rename
5811 static void notify_rename(connection_struct *conn, bool is_dir,
5812 const struct smb_filename *smb_fname_src,
5813 const struct smb_filename *smb_fname_dst)
5815 char *parent_dir_src = NULL;
5816 char *parent_dir_dst = NULL;
5819 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5820 : FILE_NOTIFY_CHANGE_FILE_NAME;
5822 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5823 &parent_dir_src, NULL) ||
5824 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5825 &parent_dir_dst, NULL)) {
5829 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5830 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5831 smb_fname_src->base_name);
5832 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5833 smb_fname_dst->base_name);
5836 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5837 smb_fname_src->base_name);
5838 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5839 smb_fname_dst->base_name);
5842 /* this is a strange one. w2k3 gives an additional event for
5843 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5844 files, but not directories */
5846 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5847 FILE_NOTIFY_CHANGE_ATTRIBUTES
5848 |FILE_NOTIFY_CHANGE_CREATION,
5849 smb_fname_dst->base_name);
5852 TALLOC_FREE(parent_dir_src);
5853 TALLOC_FREE(parent_dir_dst);
5856 /****************************************************************************
5857 Rename an open file - given an fsp.
5858 ****************************************************************************/
5860 NTSTATUS rename_internals_fsp(connection_struct *conn,
5862 const struct smb_filename *smb_fname_dst_in,
5864 bool replace_if_exists)
5866 TALLOC_CTX *ctx = talloc_tos();
5867 struct smb_filename *smb_fname_dst = NULL;
5868 NTSTATUS status = NT_STATUS_OK;
5869 struct share_mode_lock *lck = NULL;
5870 bool dst_exists, old_is_stream, new_is_stream;
5872 status = check_name(conn, smb_fname_dst_in->base_name);
5873 if (!NT_STATUS_IS_OK(status)) {
5877 /* Make a copy of the dst smb_fname structs */
5879 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5880 if (!NT_STATUS_IS_OK(status)) {
5884 /* Ensure the dst smb_fname contains a '/' */
5885 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5887 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5888 smb_fname_dst->base_name);
5890 status = NT_STATUS_NO_MEMORY;
5893 TALLOC_FREE(smb_fname_dst->base_name);
5894 smb_fname_dst->base_name = tmp;
5898 * Check for special case with case preserving and not
5899 * case sensitive. If the old last component differs from the original
5900 * last component only by case, then we should allow
5901 * the rename (user is trying to change the case of the
5904 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5905 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5906 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
5908 char *fname_dst_lcomp_base_mod = NULL;
5909 struct smb_filename *smb_fname_orig_lcomp = NULL;
5912 * Get the last component of the destination name. Note that
5913 * we guarantee that destination name contains a '/' character
5916 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5917 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5918 if (!fname_dst_lcomp_base_mod) {
5919 status = NT_STATUS_NO_MEMORY;
5924 * Create an smb_filename struct using the original last
5925 * component of the destination.
5927 status = create_synthetic_smb_fname_split(ctx,
5928 smb_fname_dst->original_lcomp, NULL,
5929 &smb_fname_orig_lcomp);
5930 if (!NT_STATUS_IS_OK(status)) {
5931 TALLOC_FREE(fname_dst_lcomp_base_mod);
5935 /* If the base names only differ by case, use original. */
5936 if(!strcsequal(fname_dst_lcomp_base_mod,
5937 smb_fname_orig_lcomp->base_name)) {
5940 * Replace the modified last component with the
5943 *last_slash = '\0'; /* Truncate at the '/' */
5944 tmp = talloc_asprintf(smb_fname_dst,
5946 smb_fname_dst->base_name,
5947 smb_fname_orig_lcomp->base_name);
5949 status = NT_STATUS_NO_MEMORY;
5950 TALLOC_FREE(fname_dst_lcomp_base_mod);
5951 TALLOC_FREE(smb_fname_orig_lcomp);
5954 TALLOC_FREE(smb_fname_dst->base_name);
5955 smb_fname_dst->base_name = tmp;
5958 /* If the stream_names only differ by case, use original. */
5959 if(!strcsequal(smb_fname_dst->stream_name,
5960 smb_fname_orig_lcomp->stream_name)) {
5962 /* Use the original stream. */
5963 tmp = talloc_strdup(smb_fname_dst,
5964 smb_fname_orig_lcomp->stream_name);
5966 status = NT_STATUS_NO_MEMORY;
5967 TALLOC_FREE(fname_dst_lcomp_base_mod);
5968 TALLOC_FREE(smb_fname_orig_lcomp);
5971 TALLOC_FREE(smb_fname_dst->stream_name);
5972 smb_fname_dst->stream_name = tmp;
5974 TALLOC_FREE(fname_dst_lcomp_base_mod);
5975 TALLOC_FREE(smb_fname_orig_lcomp);
5979 * If the src and dest names are identical - including case,
5980 * don't do the rename, just return success.
5983 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5984 strcsequal(fsp->fsp_name->stream_name,
5985 smb_fname_dst->stream_name)) {
5986 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
5987 "- returning success\n",
5988 smb_fname_str_dbg(smb_fname_dst)));
5989 status = NT_STATUS_OK;
5993 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
5994 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
5996 /* Return the correct error code if both names aren't streams. */
5997 if (!old_is_stream && new_is_stream) {
5998 status = NT_STATUS_OBJECT_NAME_INVALID;
6002 if (old_is_stream && !new_is_stream) {
6003 status = NT_STATUS_INVALID_PARAMETER;
6007 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6009 if(!replace_if_exists && dst_exists) {
6010 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6011 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6012 smb_fname_str_dbg(smb_fname_dst)));
6013 status = NT_STATUS_OBJECT_NAME_COLLISION;
6018 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6019 &smb_fname_dst->st);
6020 files_struct *dst_fsp = file_find_di_first(fileid);
6021 /* The file can be open when renaming a stream */
6022 if (dst_fsp && !new_is_stream) {
6023 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6024 status = NT_STATUS_ACCESS_DENIED;
6029 /* Ensure we have a valid stat struct for the source. */
6030 status = vfs_stat_fsp(fsp);
6031 if (!NT_STATUS_IS_OK(status)) {
6035 status = can_rename(conn, fsp, attrs);
6037 if (!NT_STATUS_IS_OK(status)) {
6038 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6039 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6040 smb_fname_str_dbg(smb_fname_dst)));
6041 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6042 status = NT_STATUS_ACCESS_DENIED;
6046 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6047 status = NT_STATUS_ACCESS_DENIED;
6050 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
6054 * We have the file open ourselves, so not being able to get the
6055 * corresponding share mode lock is a fatal error.
6058 SMB_ASSERT(lck != NULL);
6060 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6061 uint32 create_options = fsp->fh->private_options;
6063 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6064 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6065 smb_fname_str_dbg(smb_fname_dst)));
6067 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6070 rename_open_files(conn, lck, smb_fname_dst);
6073 * A rename acts as a new file create w.r.t. allowing an initial delete
6074 * on close, probably because in Windows there is a new handle to the
6075 * new file. If initial delete on close was requested but not
6076 * originally set, we need to set it here. This is probably not 100% correct,
6077 * but will work for the CIFSFS client which in non-posix mode
6078 * depends on these semantics. JRA.
6081 if (create_options & FILE_DELETE_ON_CLOSE) {
6082 status = can_set_delete_on_close(fsp, True, 0);
6084 if (NT_STATUS_IS_OK(status)) {
6085 /* Note that here we set the *inital* delete on close flag,
6086 * not the regular one. The magic gets handled in close. */
6087 fsp->initial_delete_on_close = True;
6091 status = NT_STATUS_OK;
6097 if (errno == ENOTDIR || errno == EISDIR) {
6098 status = NT_STATUS_OBJECT_NAME_COLLISION;
6100 status = map_nt_error_from_unix(errno);
6103 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6104 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6105 smb_fname_str_dbg(smb_fname_dst)));
6108 TALLOC_FREE(smb_fname_dst);
6113 /****************************************************************************
6114 The guts of the rename command, split out so it may be called by the NT SMB
6116 ****************************************************************************/
6118 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6119 connection_struct *conn,
6120 struct smb_request *req,
6121 struct smb_filename *smb_fname_src,
6122 struct smb_filename *smb_fname_dst,
6124 bool replace_if_exists,
6127 uint32_t access_mask)
6129 char *fname_src_dir = NULL;
6130 char *fname_src_mask = NULL;
6132 NTSTATUS status = NT_STATUS_OK;
6133 struct smb_Dir *dir_hnd = NULL;
6136 int create_options = 0;
6137 bool posix_pathnames = lp_posix_pathnames();
6140 * Split the old name into directory and last component
6141 * strings. Note that unix_convert may have stripped off a
6142 * leading ./ from both name and newname if the rename is
6143 * at the root of the share. We need to make sure either both
6144 * name and newname contain a / character or neither of them do
6145 * as this is checked in resolve_wildcards().
6148 /* Split up the directory from the filename/mask. */
6149 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6150 &fname_src_dir, &fname_src_mask);
6151 if (!NT_STATUS_IS_OK(status)) {
6152 status = NT_STATUS_NO_MEMORY;
6157 * We should only check the mangled cache
6158 * here if unix_convert failed. This means
6159 * that the path in 'mask' doesn't exist
6160 * on the file system and so we need to look
6161 * for a possible mangle. This patch from
6162 * Tine Smukavec <valentin.smukavec@hermes.si>.
6165 if (!VALID_STAT(smb_fname_src->st) &&
6166 mangle_is_mangled(fname_src_mask, conn->params)) {
6167 char *new_mask = NULL;
6168 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6171 TALLOC_FREE(fname_src_mask);
6172 fname_src_mask = new_mask;
6176 if (!src_has_wild) {
6180 * Only one file needs to be renamed. Append the mask back
6181 * onto the directory.
6183 TALLOC_FREE(smb_fname_src->base_name);
6184 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6188 if (!smb_fname_src->base_name) {
6189 status = NT_STATUS_NO_MEMORY;
6193 /* Ensure dst fname contains a '/' also */
6194 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
6196 tmp = talloc_asprintf(smb_fname_dst, "./%s",
6197 smb_fname_dst->base_name);
6199 status = NT_STATUS_NO_MEMORY;
6202 TALLOC_FREE(smb_fname_dst->base_name);
6203 smb_fname_dst->base_name = tmp;
6206 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6207 "case_preserve = %d, short case preserve = %d, "
6208 "directory = %s, newname = %s, "
6209 "last_component_dest = %s\n",
6210 conn->case_sensitive, conn->case_preserve,
6211 conn->short_case_preserve,
6212 smb_fname_str_dbg(smb_fname_src),
6213 smb_fname_str_dbg(smb_fname_dst),
6214 smb_fname_dst->original_lcomp));
6216 /* The dest name still may have wildcards. */
6217 if (dest_has_wild) {
6218 char *fname_dst_mod = NULL;
6219 if (!resolve_wildcards(smb_fname_dst,
6220 smb_fname_src->base_name,
6221 smb_fname_dst->base_name,
6223 DEBUG(6, ("rename_internals: resolve_wildcards "
6225 smb_fname_src->base_name,
6226 smb_fname_dst->base_name));
6227 status = NT_STATUS_NO_MEMORY;
6230 TALLOC_FREE(smb_fname_dst->base_name);
6231 smb_fname_dst->base_name = fname_dst_mod;
6234 ZERO_STRUCT(smb_fname_src->st);
6235 if (posix_pathnames) {
6236 SMB_VFS_LSTAT(conn, smb_fname_src);
6238 SMB_VFS_STAT(conn, smb_fname_src);
6241 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6242 create_options |= FILE_DIRECTORY_FILE;
6245 status = SMB_VFS_CREATE_FILE(
6248 0, /* root_dir_fid */
6249 smb_fname_src, /* fname */
6250 access_mask, /* access_mask */
6251 (FILE_SHARE_READ | /* share_access */
6253 FILE_OPEN, /* create_disposition*/
6254 create_options, /* create_options */
6255 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6256 0, /* oplock_request */
6257 0, /* allocation_size */
6263 if (!NT_STATUS_IS_OK(status)) {
6264 DEBUG(3, ("Could not open rename source %s: %s\n",
6265 smb_fname_str_dbg(smb_fname_src),
6266 nt_errstr(status)));
6270 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6271 attrs, replace_if_exists);
6273 close_file(req, fsp, NORMAL_CLOSE);
6275 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6276 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6277 smb_fname_str_dbg(smb_fname_dst)));
6283 * Wildcards - process each file that matches.
6285 if (strequal(fname_src_mask, "????????.???")) {
6286 TALLOC_FREE(fname_src_mask);
6287 fname_src_mask = talloc_strdup(ctx, "*");
6288 if (!fname_src_mask) {
6289 status = NT_STATUS_NO_MEMORY;
6294 status = check_name(conn, fname_src_dir);
6295 if (!NT_STATUS_IS_OK(status)) {
6299 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6301 if (dir_hnd == NULL) {
6302 status = map_nt_error_from_unix(errno);
6306 status = NT_STATUS_NO_SUCH_FILE;
6308 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6309 * - gentest fix. JRA
6312 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st))) {
6313 files_struct *fsp = NULL;
6314 char *destname = NULL;
6315 bool sysdir_entry = False;
6317 /* Quick check for "." and ".." */
6318 if (ISDOT(dname) || ISDOTDOT(dname)) {
6320 sysdir_entry = True;
6327 if (!is_visible_file(conn, fname_src_dir, dname,
6328 &smb_fname_src->st, false)) {
6333 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6339 status = NT_STATUS_OBJECT_NAME_INVALID;
6343 TALLOC_FREE(smb_fname_src->base_name);
6344 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6348 if (!smb_fname_src->base_name) {
6349 status = NT_STATUS_NO_MEMORY;
6353 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6354 smb_fname_dst->base_name,
6356 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6357 smb_fname_src->base_name, destname));
6362 status = NT_STATUS_NO_MEMORY;
6366 TALLOC_FREE(smb_fname_dst->base_name);
6367 smb_fname_dst->base_name = destname;
6369 ZERO_STRUCT(smb_fname_src->st);
6370 if (posix_pathnames) {
6371 SMB_VFS_LSTAT(conn, smb_fname_src);
6373 SMB_VFS_STAT(conn, smb_fname_src);
6378 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6379 create_options |= FILE_DIRECTORY_FILE;
6382 status = SMB_VFS_CREATE_FILE(
6385 0, /* root_dir_fid */
6386 smb_fname_src, /* fname */
6387 access_mask, /* access_mask */
6388 (FILE_SHARE_READ | /* share_access */
6390 FILE_OPEN, /* create_disposition*/
6391 create_options, /* create_options */
6392 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6393 0, /* oplock_request */
6394 0, /* allocation_size */
6400 if (!NT_STATUS_IS_OK(status)) {
6401 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6402 "returned %s rename %s -> %s\n",
6404 smb_fname_str_dbg(smb_fname_src),
6405 smb_fname_str_dbg(smb_fname_dst)));
6409 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6411 if (!smb_fname_dst->original_lcomp) {
6412 status = NT_STATUS_NO_MEMORY;
6416 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6417 attrs, replace_if_exists);
6419 close_file(req, fsp, NORMAL_CLOSE);
6421 if (!NT_STATUS_IS_OK(status)) {
6422 DEBUG(3, ("rename_internals_fsp returned %s for "
6423 "rename %s -> %s\n", nt_errstr(status),
6424 smb_fname_str_dbg(smb_fname_src),
6425 smb_fname_str_dbg(smb_fname_dst)));
6431 DEBUG(3,("rename_internals: doing rename on %s -> "
6432 "%s\n", smb_fname_str_dbg(smb_fname_src),
6433 smb_fname_str_dbg(smb_fname_src)));
6436 TALLOC_FREE(dir_hnd);
6438 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6439 status = map_nt_error_from_unix(errno);
6444 TALLOC_FREE(fname_src_dir);
6445 TALLOC_FREE(fname_src_mask);
6449 /****************************************************************************
6451 ****************************************************************************/
6453 void reply_mv(struct smb_request *req)
6455 connection_struct *conn = req->conn;
6457 char *newname = NULL;
6461 bool src_has_wcard = False;
6462 bool dest_has_wcard = False;
6463 TALLOC_CTX *ctx = talloc_tos();
6464 struct smb_filename *smb_fname_src = NULL;
6465 struct smb_filename *smb_fname_dst = NULL;
6467 START_PROFILE(SMBmv);
6470 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6474 attrs = SVAL(req->vwv+0, 0);
6476 p = (const char *)req->buf + 1;
6477 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6478 &status, &src_has_wcard);
6479 if (!NT_STATUS_IS_OK(status)) {
6480 reply_nterror(req, status);
6484 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6485 &status, &dest_has_wcard);
6486 if (!NT_STATUS_IS_OK(status)) {
6487 reply_nterror(req, status);
6491 status = filename_convert(ctx,
6493 req->flags2 & FLAGS2_DFS_PATHNAMES,
6495 UCF_COND_ALLOW_WCARD_LCOMP,
6499 if (!NT_STATUS_IS_OK(status)) {
6500 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6501 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6502 ERRSRV, ERRbadpath);
6505 reply_nterror(req, status);
6509 status = filename_convert(ctx,
6511 req->flags2 & FLAGS2_DFS_PATHNAMES,
6513 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6517 if (!NT_STATUS_IS_OK(status)) {
6518 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6519 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6520 ERRSRV, ERRbadpath);
6523 reply_nterror(req, status);
6527 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6528 smb_fname_str_dbg(smb_fname_dst)));
6530 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6531 attrs, False, src_has_wcard, dest_has_wcard,
6533 if (!NT_STATUS_IS_OK(status)) {
6534 if (open_was_deferred(req->mid)) {
6535 /* We have re-scheduled this call. */
6538 reply_nterror(req, status);
6542 reply_outbuf(req, 0, 0);
6544 TALLOC_FREE(smb_fname_src);
6545 TALLOC_FREE(smb_fname_dst);
6550 /*******************************************************************
6551 Copy a file as part of a reply_copy.
6552 ******************************************************************/
6555 * TODO: check error codes on all callers
6558 NTSTATUS copy_file(TALLOC_CTX *ctx,
6559 connection_struct *conn,
6560 struct smb_filename *smb_fname_src,
6561 struct smb_filename *smb_fname_dst,
6564 bool target_is_directory)
6566 struct smb_filename *smb_fname_dst_tmp = NULL;
6568 files_struct *fsp1,*fsp2;
6570 uint32 new_create_disposition;
6574 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6575 if (!NT_STATUS_IS_OK(status)) {
6580 * If the target is a directory, extract the last component from the
6581 * src filename and append it to the dst filename
6583 if (target_is_directory) {
6586 /* dest/target can't be a stream if it's a directory. */
6587 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6589 p = strrchr_m(smb_fname_src->base_name,'/');
6593 p = smb_fname_src->base_name;
6595 smb_fname_dst_tmp->base_name =
6596 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6598 if (!smb_fname_dst_tmp->base_name) {
6599 status = NT_STATUS_NO_MEMORY;
6604 status = vfs_file_exist(conn, smb_fname_src);
6605 if (!NT_STATUS_IS_OK(status)) {
6609 if (!target_is_directory && count) {
6610 new_create_disposition = FILE_OPEN;
6612 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6614 &new_create_disposition,
6616 status = NT_STATUS_INVALID_PARAMETER;
6621 /* Open the src file for reading. */
6622 status = SMB_VFS_CREATE_FILE(
6625 0, /* root_dir_fid */
6626 smb_fname_src, /* fname */
6627 FILE_GENERIC_READ, /* access_mask */
6628 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6629 FILE_OPEN, /* create_disposition*/
6630 0, /* create_options */
6631 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6632 INTERNAL_OPEN_ONLY, /* oplock_request */
6633 0, /* allocation_size */
6639 if (!NT_STATUS_IS_OK(status)) {
6643 dosattrs = dos_mode(conn, smb_fname_src);
6645 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6646 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6649 /* Open the dst file for writing. */
6650 status = SMB_VFS_CREATE_FILE(
6653 0, /* root_dir_fid */
6654 smb_fname_dst, /* fname */
6655 FILE_GENERIC_WRITE, /* access_mask */
6656 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6657 new_create_disposition, /* create_disposition*/
6658 0, /* create_options */
6659 dosattrs, /* file_attributes */
6660 INTERNAL_OPEN_ONLY, /* oplock_request */
6661 0, /* allocation_size */
6667 if (!NT_STATUS_IS_OK(status)) {
6668 close_file(NULL, fsp1, ERROR_CLOSE);
6672 if ((ofun&3) == 1) {
6673 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6674 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6676 * Stop the copy from occurring.
6679 smb_fname_src->st.st_ex_size = 0;
6683 /* Do the actual copy. */
6684 if (smb_fname_src->st.st_ex_size) {
6685 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6688 close_file(NULL, fsp1, NORMAL_CLOSE);
6690 /* Ensure the modtime is set correctly on the destination file. */
6691 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6694 * As we are opening fsp1 read-only we only expect
6695 * an error on close on fsp2 if we are out of space.
6696 * Thus we don't look at the error return from the
6699 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6701 if (!NT_STATUS_IS_OK(status)) {
6705 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6706 status = NT_STATUS_DISK_FULL;
6710 status = NT_STATUS_OK;
6713 TALLOC_FREE(smb_fname_dst_tmp);
6717 /****************************************************************************
6718 Reply to a file copy.
6719 ****************************************************************************/
6721 void reply_copy(struct smb_request *req)
6723 connection_struct *conn = req->conn;
6724 struct smb_filename *smb_fname_src = NULL;
6725 struct smb_filename *smb_fname_dst = NULL;
6726 char *fname_src = NULL;
6727 char *fname_dst = NULL;
6728 char *fname_src_mask = NULL;
6729 char *fname_src_dir = NULL;
6732 int error = ERRnoaccess;
6736 bool target_is_directory=False;
6737 bool source_has_wild = False;
6738 bool dest_has_wild = False;
6740 TALLOC_CTX *ctx = talloc_tos();
6742 START_PROFILE(SMBcopy);
6745 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6749 tid2 = SVAL(req->vwv+0, 0);
6750 ofun = SVAL(req->vwv+1, 0);
6751 flags = SVAL(req->vwv+2, 0);
6753 p = (const char *)req->buf;
6754 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6755 &status, &source_has_wild);
6756 if (!NT_STATUS_IS_OK(status)) {
6757 reply_nterror(req, status);
6760 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6761 &status, &dest_has_wild);
6762 if (!NT_STATUS_IS_OK(status)) {
6763 reply_nterror(req, status);
6767 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6769 if (tid2 != conn->cnum) {
6770 /* can't currently handle inter share copies XXXX */
6771 DEBUG(3,("Rejecting inter-share copy\n"));
6772 reply_doserror(req, ERRSRV, ERRinvdevice);
6776 status = filename_convert(ctx, conn,
6777 req->flags2 & FLAGS2_DFS_PATHNAMES,
6779 UCF_COND_ALLOW_WCARD_LCOMP,
6782 if (!NT_STATUS_IS_OK(status)) {
6783 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6784 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6785 ERRSRV, ERRbadpath);
6788 reply_nterror(req, status);
6792 status = filename_convert(ctx, conn,
6793 req->flags2 & FLAGS2_DFS_PATHNAMES,
6795 UCF_COND_ALLOW_WCARD_LCOMP,
6798 if (!NT_STATUS_IS_OK(status)) {
6799 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6800 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6801 ERRSRV, ERRbadpath);
6804 reply_nterror(req, status);
6808 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6810 if ((flags&1) && target_is_directory) {
6811 reply_doserror(req, ERRDOS, ERRbadfile);
6815 if ((flags&2) && !target_is_directory) {
6816 reply_doserror(req, ERRDOS, ERRbadpath);
6820 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6821 /* wants a tree copy! XXXX */
6822 DEBUG(3,("Rejecting tree copy\n"));
6823 reply_doserror(req, ERRSRV, ERRerror);
6827 /* Split up the directory from the filename/mask. */
6828 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6829 &fname_src_dir, &fname_src_mask);
6830 if (!NT_STATUS_IS_OK(status)) {
6831 reply_nterror(req, NT_STATUS_NO_MEMORY);
6836 * We should only check the mangled cache
6837 * here if unix_convert failed. This means
6838 * that the path in 'mask' doesn't exist
6839 * on the file system and so we need to look
6840 * for a possible mangle. This patch from
6841 * Tine Smukavec <valentin.smukavec@hermes.si>.
6843 if (!VALID_STAT(smb_fname_src->st) &&
6844 mangle_is_mangled(fname_src_mask, conn->params)) {
6845 char *new_mask = NULL;
6846 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6847 &new_mask, conn->params);
6849 /* Use demangled name if one was successfully found. */
6851 TALLOC_FREE(fname_src_mask);
6852 fname_src_mask = new_mask;
6856 if (!source_has_wild) {
6859 * Only one file needs to be copied. Append the mask back onto
6862 TALLOC_FREE(smb_fname_src->base_name);
6863 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6867 if (!smb_fname_src->base_name) {
6868 reply_nterror(req, NT_STATUS_NO_MEMORY);
6872 if (dest_has_wild) {
6873 char *fname_dst_mod = NULL;
6874 if (!resolve_wildcards(smb_fname_dst,
6875 smb_fname_src->base_name,
6876 smb_fname_dst->base_name,
6878 reply_nterror(req, NT_STATUS_NO_MEMORY);
6881 TALLOC_FREE(smb_fname_dst->base_name);
6882 smb_fname_dst->base_name = fname_dst_mod;
6885 status = check_name(conn, smb_fname_src->base_name);
6886 if (!NT_STATUS_IS_OK(status)) {
6887 reply_nterror(req, status);
6891 status = check_name(conn, smb_fname_dst->base_name);
6892 if (!NT_STATUS_IS_OK(status)) {
6893 reply_nterror(req, status);
6897 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6898 ofun, count, target_is_directory);
6900 if(!NT_STATUS_IS_OK(status)) {
6901 reply_nterror(req, status);
6907 struct smb_Dir *dir_hnd = NULL;
6912 * There is a wildcard that requires us to actually read the
6913 * src dir and copy each file matching the mask to the dst.
6914 * Right now streams won't be copied, but this could
6915 * presumably be added with a nested loop for reach dir entry.
6917 SMB_ASSERT(!smb_fname_src->stream_name);
6918 SMB_ASSERT(!smb_fname_dst->stream_name);
6920 smb_fname_src->stream_name = NULL;
6921 smb_fname_dst->stream_name = NULL;
6923 if (strequal(fname_src_mask,"????????.???")) {
6924 TALLOC_FREE(fname_src_mask);
6925 fname_src_mask = talloc_strdup(ctx, "*");
6926 if (!fname_src_mask) {
6927 reply_nterror(req, NT_STATUS_NO_MEMORY);
6932 status = check_name(conn, fname_src_dir);
6933 if (!NT_STATUS_IS_OK(status)) {
6934 reply_nterror(req, status);
6938 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6939 if (dir_hnd == NULL) {
6940 status = map_nt_error_from_unix(errno);
6941 reply_nterror(req, status);
6947 /* Iterate over the src dir copying each entry to the dst. */
6948 while ((dname = ReadDirName(dir_hnd, &offset,
6949 &smb_fname_src->st))) {
6950 char *destname = NULL;
6952 if (ISDOT(dname) || ISDOTDOT(dname)) {
6957 if (!is_visible_file(conn, fname_src_dir, dname,
6958 &smb_fname_src->st, false)) {
6963 if(!mask_match(dname, fname_src_mask,
6964 conn->case_sensitive)) {
6969 error = ERRnoaccess;
6971 /* Get the src smb_fname struct setup. */
6972 TALLOC_FREE(smb_fname_src->base_name);
6973 smb_fname_src->base_name =
6974 talloc_asprintf(smb_fname_src, "%s/%s",
6975 fname_src_dir, dname);
6977 if (!smb_fname_src->base_name) {
6978 TALLOC_FREE(dir_hnd);
6980 reply_nterror(req, NT_STATUS_NO_MEMORY);
6984 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6985 smb_fname_dst->base_name,
6991 TALLOC_FREE(dir_hnd);
6993 reply_nterror(req, NT_STATUS_NO_MEMORY);
6997 TALLOC_FREE(smb_fname_dst->base_name);
6998 smb_fname_dst->base_name = destname;
7000 status = check_name(conn, smb_fname_src->base_name);
7001 if (!NT_STATUS_IS_OK(status)) {
7002 TALLOC_FREE(dir_hnd);
7004 reply_nterror(req, status);
7008 status = check_name(conn, smb_fname_dst->base_name);
7009 if (!NT_STATUS_IS_OK(status)) {
7010 TALLOC_FREE(dir_hnd);
7012 reply_nterror(req, status);
7016 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7017 smb_fname_src->base_name,
7018 smb_fname_dst->base_name));
7020 status = copy_file(ctx, conn, smb_fname_src,
7021 smb_fname_dst, ofun, count,
7022 target_is_directory);
7023 if (NT_STATUS_IS_OK(status)) {
7029 TALLOC_FREE(dir_hnd);
7033 reply_doserror(req, ERRDOS, error);
7037 reply_outbuf(req, 1, 0);
7038 SSVAL(req->outbuf,smb_vwv0,count);
7040 TALLOC_FREE(smb_fname_src);
7041 TALLOC_FREE(smb_fname_dst);
7042 TALLOC_FREE(fname_src);
7043 TALLOC_FREE(fname_dst);
7044 TALLOC_FREE(fname_src_mask);
7045 TALLOC_FREE(fname_src_dir);
7047 END_PROFILE(SMBcopy);
7052 #define DBGC_CLASS DBGC_LOCKING
7054 /****************************************************************************
7055 Get a lock pid, dealing with large count requests.
7056 ****************************************************************************/
7058 uint32 get_lock_pid(const uint8_t *data, int data_offset,
7059 bool large_file_format)
7061 if(!large_file_format)
7062 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
7064 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7067 /****************************************************************************
7068 Get a lock count, dealing with large count requests.
7069 ****************************************************************************/
7071 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7072 bool large_file_format)
7076 if(!large_file_format) {
7077 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7080 #if defined(HAVE_LONGLONG)
7081 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7082 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7083 #else /* HAVE_LONGLONG */
7086 * NT4.x seems to be broken in that it sends large file (64 bit)
7087 * lockingX calls even if the CAP_LARGE_FILES was *not*
7088 * negotiated. For boxes without large unsigned ints truncate the
7089 * lock count by dropping the top 32 bits.
7092 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7093 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7094 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7095 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7096 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7099 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7100 #endif /* HAVE_LONGLONG */
7106 #if !defined(HAVE_LONGLONG)
7107 /****************************************************************************
7108 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7109 ****************************************************************************/
7111 static uint32 map_lock_offset(uint32 high, uint32 low)
7115 uint32 highcopy = high;
7118 * Try and find out how many significant bits there are in high.
7121 for(i = 0; highcopy; i++)
7125 * We use 31 bits not 32 here as POSIX
7126 * lock offsets may not be negative.
7129 mask = (~0) << (31 - i);
7132 return 0; /* Fail. */
7138 #endif /* !defined(HAVE_LONGLONG) */
7140 /****************************************************************************
7141 Get a lock offset, dealing with large offset requests.
7142 ****************************************************************************/
7144 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7145 bool large_file_format, bool *err)
7147 uint64_t offset = 0;
7151 if(!large_file_format) {
7152 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7155 #if defined(HAVE_LONGLONG)
7156 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7157 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7158 #else /* HAVE_LONGLONG */
7161 * NT4.x seems to be broken in that it sends large file (64 bit)
7162 * lockingX calls even if the CAP_LARGE_FILES was *not*
7163 * negotiated. For boxes without large unsigned ints mangle the
7164 * lock offset by mapping the top 32 bits onto the lower 32.
7167 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7168 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7169 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7172 if((new_low = map_lock_offset(high, low)) == 0) {
7174 return (uint64_t)-1;
7177 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7178 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7179 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7180 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7183 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7184 #endif /* HAVE_LONGLONG */
7190 NTSTATUS smbd_do_locking(struct smb_request *req,
7194 uint16_t num_ulocks,
7195 struct smbd_lock_element *ulocks,
7197 struct smbd_lock_element *locks,
7200 connection_struct *conn = req->conn;
7202 NTSTATUS status = NT_STATUS_OK;
7206 /* Data now points at the beginning of the list
7207 of smb_unlkrng structs */
7208 for(i = 0; i < (int)num_ulocks; i++) {
7209 struct smbd_lock_element *e = &ulocks[i];
7211 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7212 "pid %u, file %s\n",
7215 (unsigned int)e->smbpid,
7218 if (e->brltype != UNLOCK_LOCK) {
7219 /* this can only happen with SMB2 */
7220 return NT_STATUS_INVALID_PARAMETER;
7223 status = do_unlock(smbd_messaging_context(),
7230 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7231 nt_errstr(status)));
7233 if (!NT_STATUS_IS_OK(status)) {
7238 /* Setup the timeout in seconds. */
7240 if (!lp_blocking_locks(SNUM(conn))) {
7244 /* Data now points at the beginning of the list
7245 of smb_lkrng structs */
7247 for(i = 0; i < (int)num_locks; i++) {
7248 struct smbd_lock_element *e = &locks[i];
7250 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for pid "
7251 "%u, file %s timeout = %d\n",
7254 (unsigned int)e->smbpid,
7258 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7259 struct blocking_lock_record *blr = NULL;
7261 if (lp_blocking_locks(SNUM(conn))) {
7263 /* Schedule a message to ourselves to
7264 remove the blocking lock record and
7265 return the right error. */
7267 blr = blocking_lock_cancel(fsp,
7273 NT_STATUS_FILE_LOCK_CONFLICT);
7275 return NT_STATUS_DOS(
7277 ERRcancelviolation);
7280 /* Remove a matching pending lock. */
7281 status = do_lock_cancel(fsp,
7288 bool blocking_lock = timeout ? true : false;
7289 bool defer_lock = false;
7290 struct byte_range_lock *br_lck;
7291 uint32_t block_smbpid;
7293 br_lck = do_lock(smbd_messaging_context(),
7305 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7306 /* Windows internal resolution for blocking locks seems
7307 to be about 200ms... Don't wait for less than that. JRA. */
7308 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7309 timeout = lp_lock_spin_time();
7314 /* This heuristic seems to match W2K3 very well. If a
7315 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7316 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7317 far as I can tell. Replacement for do_lock_spin(). JRA. */
7319 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7320 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7322 timeout = lp_lock_spin_time();
7325 if (br_lck && defer_lock) {
7327 * A blocking lock was requested. Package up
7328 * this smb into a queued request and push it
7329 * onto the blocking lock queue.
7331 if(push_blocking_lock_request(br_lck,
7342 TALLOC_FREE(br_lck);
7344 return NT_STATUS_OK;
7348 TALLOC_FREE(br_lck);
7351 if (!NT_STATUS_IS_OK(status)) {
7356 /* If any of the above locks failed, then we must unlock
7357 all of the previous locks (X/Open spec). */
7359 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7361 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7362 i = -1; /* we want to skip the for loop */
7366 * Ensure we don't do a remove on the lock that just failed,
7367 * as under POSIX rules, if we have a lock already there, we
7368 * will delete it (and we shouldn't) .....
7370 for(i--; i >= 0; i--) {
7371 struct smbd_lock_element *e = &locks[i];
7373 do_unlock(smbd_messaging_context(),
7383 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7384 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7386 return NT_STATUS_OK;
7389 /****************************************************************************
7390 Reply to a lockingX request.
7391 ****************************************************************************/
7393 void reply_lockingX(struct smb_request *req)
7395 connection_struct *conn = req->conn;
7397 unsigned char locktype;
7398 unsigned char oplocklevel;
7403 const uint8_t *data;
7404 bool large_file_format;
7406 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7407 struct smbd_lock_element *ulocks;
7408 struct smbd_lock_element *locks;
7411 START_PROFILE(SMBlockingX);
7414 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7415 END_PROFILE(SMBlockingX);
7419 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7420 locktype = CVAL(req->vwv+3, 0);
7421 oplocklevel = CVAL(req->vwv+3, 1);
7422 num_ulocks = SVAL(req->vwv+6, 0);
7423 num_locks = SVAL(req->vwv+7, 0);
7424 lock_timeout = IVAL(req->vwv+4, 0);
7425 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7427 if (!check_fsp(conn, req, fsp)) {
7428 END_PROFILE(SMBlockingX);
7434 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7435 /* we don't support these - and CANCEL_LOCK makes w2k
7436 and XP reboot so I don't really want to be
7437 compatible! (tridge) */
7438 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
7439 END_PROFILE(SMBlockingX);
7443 /* Check if this is an oplock break on a file
7444 we have granted an oplock on.
7446 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7447 /* Client can insist on breaking to none. */
7448 bool break_to_none = (oplocklevel == 0);
7451 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7452 "for fnum = %d\n", (unsigned int)oplocklevel,
7456 * Make sure we have granted an exclusive or batch oplock on
7460 if (fsp->oplock_type == 0) {
7462 /* The Samba4 nbench simulator doesn't understand
7463 the difference between break to level2 and break
7464 to none from level2 - it sends oplock break
7465 replies in both cases. Don't keep logging an error
7466 message here - just ignore it. JRA. */
7468 DEBUG(5,("reply_lockingX: Error : oplock break from "
7469 "client for fnum = %d (oplock=%d) and no "
7470 "oplock granted on this file (%s).\n",
7471 fsp->fnum, fsp->oplock_type,
7474 /* if this is a pure oplock break request then don't
7476 if (num_locks == 0 && num_ulocks == 0) {
7477 END_PROFILE(SMBlockingX);
7480 END_PROFILE(SMBlockingX);
7481 reply_doserror(req, ERRDOS, ERRlock);
7486 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7488 result = remove_oplock(fsp);
7490 result = downgrade_oplock(fsp);
7494 DEBUG(0, ("reply_lockingX: error in removing "
7495 "oplock on file %s\n", fsp_str_dbg(fsp)));
7496 /* Hmmm. Is this panic justified? */
7497 smb_panic("internal tdb error");
7500 reply_to_oplock_break_requests(fsp);
7502 /* if this is a pure oplock break request then don't send a
7504 if (num_locks == 0 && num_ulocks == 0) {
7505 /* Sanity check - ensure a pure oplock break is not a
7507 if(CVAL(req->vwv+0, 0) != 0xff)
7508 DEBUG(0,("reply_lockingX: Error : pure oplock "
7509 "break is a chained %d request !\n",
7510 (unsigned int)CVAL(req->vwv+0, 0)));
7511 END_PROFILE(SMBlockingX);
7517 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7518 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7519 END_PROFILE(SMBlockingX);
7523 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7524 if (ulocks == NULL) {
7525 reply_nterror(req, NT_STATUS_NO_MEMORY);
7526 END_PROFILE(SMBlockingX);
7530 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7531 if (locks == NULL) {
7532 reply_nterror(req, NT_STATUS_NO_MEMORY);
7533 END_PROFILE(SMBlockingX);
7537 /* Data now points at the beginning of the list
7538 of smb_unlkrng structs */
7539 for(i = 0; i < (int)num_ulocks; i++) {
7540 ulocks[i].smbpid = get_lock_pid(data, i, large_file_format);
7541 ulocks[i].count = get_lock_count(data, i, large_file_format);
7542 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7543 ulocks[i].brltype = UNLOCK_LOCK;
7546 * There is no error code marked "stupid client bug".... :-).
7549 END_PROFILE(SMBlockingX);
7550 reply_doserror(req, ERRDOS, ERRnoaccess);
7555 /* Now do any requested locks */
7556 data += ((large_file_format ? 20 : 10)*num_ulocks);
7558 /* Data now points at the beginning of the list
7559 of smb_lkrng structs */
7561 for(i = 0; i < (int)num_locks; i++) {
7562 locks[i].smbpid = get_lock_pid(data, i, large_file_format);
7563 locks[i].count = get_lock_count(data, i, large_file_format);
7564 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7566 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7567 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7568 locks[i].brltype = PENDING_READ_LOCK;
7570 locks[i].brltype = READ_LOCK;
7573 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7574 locks[i].brltype = PENDING_WRITE_LOCK;
7576 locks[i].brltype = WRITE_LOCK;
7581 * There is no error code marked "stupid client bug".... :-).
7584 END_PROFILE(SMBlockingX);
7585 reply_doserror(req, ERRDOS, ERRnoaccess);
7590 status = smbd_do_locking(req, fsp,
7591 locktype, lock_timeout,
7595 if (!NT_STATUS_IS_OK(status)) {
7596 END_PROFILE(SMBlockingX);
7597 reply_nterror(req, status);
7601 END_PROFILE(SMBlockingX);
7605 reply_outbuf(req, 2, 0);
7607 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7608 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7610 END_PROFILE(SMBlockingX);
7615 #define DBGC_CLASS DBGC_ALL
7617 /****************************************************************************
7618 Reply to a SMBreadbmpx (read block multiplex) request.
7619 Always reply with an error, if someone has a platform really needs this,
7620 please contact vl@samba.org
7621 ****************************************************************************/
7623 void reply_readbmpx(struct smb_request *req)
7625 START_PROFILE(SMBreadBmpx);
7626 reply_doserror(req, ERRSRV, ERRuseSTD);
7627 END_PROFILE(SMBreadBmpx);
7631 /****************************************************************************
7632 Reply to a SMBreadbs (read block multiplex secondary) request.
7633 Always reply with an error, if someone has a platform really needs this,
7634 please contact vl@samba.org
7635 ****************************************************************************/
7637 void reply_readbs(struct smb_request *req)
7639 START_PROFILE(SMBreadBs);
7640 reply_doserror(req, ERRSRV, ERRuseSTD);
7641 END_PROFILE(SMBreadBs);
7645 /****************************************************************************
7646 Reply to a SMBsetattrE.
7647 ****************************************************************************/
7649 void reply_setattrE(struct smb_request *req)
7651 connection_struct *conn = req->conn;
7652 struct smb_file_time ft;
7656 START_PROFILE(SMBsetattrE);
7660 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7664 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7666 if(!fsp || (fsp->conn != conn)) {
7667 reply_doserror(req, ERRDOS, ERRbadfid);
7672 * Convert the DOS times into unix times.
7675 ft.atime = convert_time_t_to_timespec(
7676 srv_make_unix_date2(req->vwv+3));
7677 ft.mtime = convert_time_t_to_timespec(
7678 srv_make_unix_date2(req->vwv+5));
7679 ft.create_time = convert_time_t_to_timespec(
7680 srv_make_unix_date2(req->vwv+1));
7682 reply_outbuf(req, 0, 0);
7685 * Patch from Ray Frush <frush@engr.colostate.edu>
7686 * Sometimes times are sent as zero - ignore them.
7689 /* Ensure we have a valid stat struct for the source. */
7690 status = vfs_stat_fsp(fsp);
7691 if (!NT_STATUS_IS_OK(status)) {
7692 reply_nterror(req, status);
7696 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7697 if (!NT_STATUS_IS_OK(status)) {
7698 reply_doserror(req, ERRDOS, ERRnoaccess);
7702 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7705 (unsigned int)ft.atime.tv_sec,
7706 (unsigned int)ft.mtime.tv_sec,
7707 (unsigned int)ft.create_time.tv_sec
7710 END_PROFILE(SMBsetattrE);
7715 /* Back from the dead for OS/2..... JRA. */
7717 /****************************************************************************
7718 Reply to a SMBwritebmpx (write block multiplex primary) request.
7719 Always reply with an error, if someone has a platform really needs this,
7720 please contact vl@samba.org
7721 ****************************************************************************/
7723 void reply_writebmpx(struct smb_request *req)
7725 START_PROFILE(SMBwriteBmpx);
7726 reply_doserror(req, ERRSRV, ERRuseSTD);
7727 END_PROFILE(SMBwriteBmpx);
7731 /****************************************************************************
7732 Reply to a SMBwritebs (write block multiplex secondary) request.
7733 Always reply with an error, if someone has a platform really needs this,
7734 please contact vl@samba.org
7735 ****************************************************************************/
7737 void reply_writebs(struct smb_request *req)
7739 START_PROFILE(SMBwriteBs);
7740 reply_doserror(req, ERRSRV, ERRuseSTD);
7741 END_PROFILE(SMBwriteBs);
7745 /****************************************************************************
7746 Reply to a SMBgetattrE.
7747 ****************************************************************************/
7749 void reply_getattrE(struct smb_request *req)
7751 connection_struct *conn = req->conn;
7754 struct timespec create_ts;
7756 START_PROFILE(SMBgetattrE);
7759 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7760 END_PROFILE(SMBgetattrE);
7764 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7766 if(!fsp || (fsp->conn != conn)) {
7767 reply_doserror(req, ERRDOS, ERRbadfid);
7768 END_PROFILE(SMBgetattrE);
7772 /* Do an fstat on this file */
7774 reply_nterror(req, map_nt_error_from_unix(errno));
7775 END_PROFILE(SMBgetattrE);
7779 mode = dos_mode(conn, fsp->fsp_name);
7782 * Convert the times into dos times. Set create
7783 * date to be last modify date as UNIX doesn't save
7787 reply_outbuf(req, 11, 0);
7789 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
7790 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7791 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7792 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
7793 /* Should we check pending modtime here ? JRA */
7794 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7795 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
7798 SIVAL(req->outbuf, smb_vwv6, 0);
7799 SIVAL(req->outbuf, smb_vwv8, 0);
7801 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
7802 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
7803 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7805 SSVAL(req->outbuf,smb_vwv10, mode);
7807 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7809 END_PROFILE(SMBgetattrE);
git.samba.org / samba.git / blob