total_sent_thistime + alignment_offset
+ data_alignment_offset);
- /*
- * We might have had SMBnttranss in req->inbuf, fix that.
- */
- SCVAL(req->outbuf, smb_com, SMBnttrans);
-
/*
* Set total params and data to be sent.
*/
chain_reply(req);
}
+struct case_semantics_state {
+ connection_struct *conn;
+ bool case_sensitive;
+ bool case_preserve;
+ bool short_case_preserve;
+};
+
+/****************************************************************************
+ Restore case semantics.
+****************************************************************************/
+
+static int restore_case_semantics(struct case_semantics_state *state)
+{
+ state->conn->case_sensitive = state->case_sensitive;
+ state->conn->case_preserve = state->case_preserve;
+ state->conn->short_case_preserve = state->short_case_preserve;
+ return 0;
+}
+
+/****************************************************************************
+ Save case semantics.
+****************************************************************************/
+
+static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
+ connection_struct *conn)
+{
+ struct case_semantics_state *result;
+
+ if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
+ return NULL;
+ }
+
+ result->conn = conn;
+ result->case_sensitive = conn->case_sensitive;
+ result->case_preserve = conn->case_preserve;
+ result->short_case_preserve = conn->short_case_preserve;
+
+ /* Set to POSIX. */
+ conn->case_sensitive = True;
+ conn->case_preserve = True;
+ conn->short_case_preserve = True;
+
+ talloc_set_destructor(result, restore_case_semantics);
+
+ return result;
+}
+
/****************************************************************************
Reply to an NT create and X call.
****************************************************************************/
NTSTATUS status;
int oplock_request;
uint8_t oplock_granted = NO_OPLOCK_RETURN;
+ struct case_semantics_state *case_state = NULL;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntcreateX);
if (req->wct < 24) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
+ goto out;
}
flags = IVAL(req->vwv+3, 1);
do_ntcreate_pipe_open(conn, req);
goto out;
}
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
goto out;
}
? BATCH_OPLOCK : 0;
}
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
NULL,
&smb_fname);
+ TALLOC_FREE(case_state);
+
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req,
goto out;
}
+ /*
+ * Bug #6898 - clients using Windows opens should
+ * never be able to set this attribute into the
+ * VFS.
+ */
+ file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
+
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
/* We have re-scheduled this call, no error. */
goto out;
}
- if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
- reply_botherror(req, status, ERRDOS, ERRfilexists);
- }
- else {
- reply_nterror(req, status);
- }
+ reply_openerror(req, status);
goto out;
}
if(parameter_count < 54) {
DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count));
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
}
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
SEC_DESC *psd = NULL;
NTSTATUS status;
- if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
+ if (sd_len == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!CAN_WRITE(fsp->conn)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (!lp_nt_acl_support(SNUM(fsp->conn))) {
return NT_STATUS_OK;
}
security_info_sent &= ~GROUP_SECURITY_INFORMATION;
}
- /* Convert all the generic bits. */
- security_acl_map_generic(psd->dacl, &file_generic_mapping);
- security_acl_map_generic(psd->sacl, &file_generic_mapping);
+ /* Ensure we have at least one thing set. */
+ if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
+ if (security_info_sent & SECINFO_LABEL) {
+ /* Only consider SECINFO_LABEL if no other
+ bits are set. Just like W2K3 we don't
+ store this. */
+ return NT_STATUS_OK;
+ }
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Ensure we have the rights to do this. */
+ if (security_info_sent & SECINFO_OWNER) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (security_info_sent & SECINFO_GROUP) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (security_info_sent & SECINFO_DACL) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* Convert all the generic bits. */
+ if (psd->dacl) {
+ security_acl_map_generic(psd->dacl, &file_generic_mapping);
+ }
+ }
+
+ if (security_info_sent & SECINFO_SACL) {
+ if (!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* Convert all the generic bits. */
+ if (psd->sacl) {
+ security_acl_map_generic(psd->sacl, &file_generic_mapping);
+ }
+ }
if (DEBUGLEVEL >= 10) {
DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
uint64_t allocation_size;
int oplock_request;
uint8_t oplock_granted;
+ struct case_semantics_state *case_state = NULL;
TALLOC_CTX *ctx = talloc_tos();
DEBUG(5,("call_nt_transact_create\n"));
ppdata, data_count);
goto out;
}
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
goto out;
}
goto out;
}
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
NULL,
&smb_fname);
+ TALLOC_FREE(case_state);
+
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req,
? BATCH_OPLOCK : 0;
}
+ /*
+ * Bug #6898 - clients using Windows opens should
+ * never be able to set this attribute into the
+ * VFS.
+ */
+ file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
+
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
}
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
bool recursive;
if(setup_count < 6) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
DEBUG(3,("call_nt_transact_notify_change\n"));
if(!fsp) {
- reply_doserror(req, ERRDOS, ERRbadfid);
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
TALLOC_CTX *ctx = talloc_tos();
if(parameter_count < 5) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
DATA_BLOB blob;
if(parameter_count < 8) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
fsp = file_fsp(req, SVAL(params,0));
if(!fsp) {
- reply_doserror(req, ERRDOS, ERRbadfid);
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
params = nttrans_realloc(ppparams, 4);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
* Get the permissions to return.
*/
+ if ((security_info_wanted & SECINFO_SACL) &&
+ !(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+
+ if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) &&
+ !(fsp->access_mask & SEC_STD_READ_CONTROL)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+
+ if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
+ SECINFO_GROUP|SECINFO_SACL)) {
+ /* Don't return SECINFO_LABEL if anything else was
+ requested. See bug #8458. */
+ security_info_wanted &= ~SECINFO_LABEL;
+ }
+
if (!lp_nt_acl_support(SNUM(conn))) {
status = get_null_nt_acl(talloc_tos(), &psd);
+ } else if (security_info_wanted & SECINFO_LABEL) {
+ /* Like W2K3 return a null object. */
+ status = get_null_nt_acl(talloc_tos(), &psd);
} else {
status = SMB_VFS_FGET_NT_ACL(
fsp, security_info_wanted, &psd);
return;
}
+ if (!(security_info_wanted & SECINFO_OWNER)) {
+ psd->owner_sid = NULL;
+ }
+ if (!(security_info_wanted & SECINFO_GROUP)) {
+ psd->group_sid = NULL;
+ }
+ if (!(security_info_wanted & SECINFO_DACL)) {
+ psd->type &= ~SEC_DESC_DACL_PRESENT;
+ psd->dacl = NULL;
+ }
+ if (!(security_info_wanted & SECINFO_SACL)) {
+ psd->type &= ~SEC_DESC_SACL_PRESENT;
+ psd->sacl = NULL;
+ }
+
/* If the SACL/DACL is NULL, but was requested, we mark that it is
* present in the reply to match Windows behavior */
if (psd->sacl == NULL &&
security_info_wanted & DACL_SECURITY_INFORMATION)
psd->type |= SEC_DESC_DACL_PRESENT;
+ if (security_info_wanted & SECINFO_LABEL) {
+ /* Like W2K3 return a null object. */
+ psd->owner_sid = NULL;
+ psd->group_sid = NULL;
+ psd->dacl = NULL;
+ psd->sacl = NULL;
+ psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
+ }
+
sd_size = ndr_size_security_descriptor(psd, NULL, 0);
DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
data = nttrans_realloc(ppdata, sd_size);
if(data == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
NTSTATUS status;
if(parameter_count < 8) {
- reply_doserror(req, ERRDOS, ERRbadfunc);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
if((fsp = file_fsp(req, SVAL(params,0))) == NULL) {
- reply_doserror(req, ERRDOS, ERRbadfid);
+ reply_nterror(req, NT_STATUS_INVALID_HANDLE);
return;
}
fsp_str_dbg(fsp), (unsigned int)security_info_sent));
if (data_count == 0) {
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
- sid_parse(pdata+4,sid_len,&sid);
+ if (!sid_parse(pdata+4,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
if (!sid_to_uid(&sid, &uid)) {
ZERO_STRUCT(qt);
/* access check */
- if (conn->server_info->utok.uid != 0) {
+ if (conn->server_info->utok.uid != 0 && !conn->admin_user) {
DEBUG(1,("get_user_quota: access_denied service [%s] user "
"[%s]\n", lp_servicename(SNUM(conn)),
conn->server_info->unix_name));
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
if (parameter_count < 4) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count));
- reply_doserror(req, ERRDOS, ERRinvalidparam);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
}
if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0) {
- reply_doserror(req, ERRSRV, ERRerror);
+ reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
if(pdata == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
if (data_count < 8) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
sid_len = IVAL(pdata,4);
/* Ensure this is less than 1mb. */
if (sid_len > (1024*1024)) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
if (data_count < 8+sid_len) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
break;
}
- sid_parse(pdata+8,sid_len,&sid);
+ if (!sid_parse(pdata+8,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
ZERO_STRUCT(qt);
param_len = 4;
params = nttrans_realloc(ppparams, param_len);
if(params == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
pdata = nttrans_realloc(ppdata, data_len);
if(pdata == NULL) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
default:
DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp->fnum,level));
- reply_doserror(req, ERRSRV, ERRerror);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
break;
}
ZERO_STRUCT(qt);
/* access check */
- if (conn->server_info->utok.uid != 0) {
+ if (conn->server_info->utok.uid != 0 && !conn->admin_user) {
DEBUG(1,("set_user_quota: access_denied service [%s] user "
"[%s]\n", lp_servicename(SNUM(conn)),
conn->server_info->unix_name));
- reply_doserror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
if (parameter_count < 2) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count));
- reply_doserror(req, ERRDOS, ERRinvalidparam);
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
if (data_count < 40) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
if (data_count < 40+sid_len) {
DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len));
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
((qt.usedspace != 0xFFFFFFFF)||
(IVAL(pdata,20)!=0xFFFFFFFF))) {
/* more than 32 bits? */
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
#endif /* LARGE_SMB_OFF_T */
((qt.softlim != 0xFFFFFFFF)||
(IVAL(pdata,28)!=0xFFFFFFFF))) {
/* more than 32 bits? */
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
#endif /* LARGE_SMB_OFF_T */
((qt.hardlim != 0xFFFFFFFF)||
(IVAL(pdata,36)!=0xFFFFFFFF))) {
/* more than 32 bits? */
- reply_doserror(req, ERRDOS, ERRunknownlevel);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
#endif /* LARGE_SMB_OFF_T */
- sid_parse(pdata+40,sid_len,&sid);
+ if (!sid_parse(pdata+40,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
/* 44 unknown bytes left... */
if (vfs_set_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
- reply_doserror(req, ERRSRV, ERRerror);
+ reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
/* Error in request */
DEBUG(0,("handle_nttrans: Unknown request %d in "
"nttrans call\n", state->call));
- reply_doserror(req, ERRSRV, ERRerror);
+ reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
return;
function_code = SVAL(req->vwv+18, 0);
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
- reply_doserror(req, ERRSRV, ERRaccess);
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
END_PROFILE(SMBnttrans);
return;
}
}
if ((state = TALLOC_P(conn, struct trans_state)) == NULL) {
- reply_doserror(req, ERRSRV, ERRaccess);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
/* Don't allow more than 128mb for each value. */
if ((state->total_data > (1024*1024*128)) ||
(state->total_param > (1024*1024*128))) {
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
DEBUG(0,("reply_nttrans: data malloc fail for %u "
"bytes !\n", (unsigned int)state->total_data));
TALLOC_FREE(state);
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
"bytes !\n", (unsigned int)state->total_param));
SAFE_FREE(state->data);
TALLOC_FREE(state);
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
SAFE_FREE(state->data);
SAFE_FREE(state->param);
TALLOC_FREE(state);
- reply_doserror(req, ERRDOS, ERRnomem);
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBnttrans);
return;
}
show_msg((char *)req->inbuf);
+ /* Windows clients expect all replies to
+ an NT transact secondary (SMBnttranss 0xA1)
+ to have a command code of NT transact
+ (SMBnttrans 0xA0). See bug #8989 for details. */
+ req->cmd = SMBnttrans;
+
if (req->wct < 18) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBnttranss);