2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "system/filesys.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "fake_file.h"
33 #include "rpc_client/rpc_client.h"
34 #include "../librpc/gen_ndr/ndr_spoolss_c.h"
35 #include "../librpc/gen_ndr/open_files.h"
36 #include "rpc_client/cli_spoolss.h"
37 #include "rpc_client/init_spoolss.h"
38 #include "rpc_server/rpc_ncacn_np.h"
39 #include "libcli/security/security.h"
40 #include "libsmb/nmblib.h"
42 #include "smbprofile.h"
43 #include "../lib/tsocket/tsocket.h"
44 #include "lib/tevent_wait.h"
45 #include "libcli/smb/smb_signing.h"
47 /****************************************************************************
48 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
49 path or anything including wildcards.
50 We're assuming here that '/' is not the second byte in any multibyte char
51 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
53 ****************************************************************************/
55 /* Custom version for processing POSIX paths. */
56 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
58 static NTSTATUS check_path_syntax_internal(char *path,
60 bool *p_last_component_contains_wcard)
64 NTSTATUS ret = NT_STATUS_OK;
65 bool start_of_name_component = True;
66 bool stream_started = false;
68 *p_last_component_contains_wcard = False;
75 return NT_STATUS_OBJECT_NAME_INVALID;
78 return NT_STATUS_OBJECT_NAME_INVALID;
80 if (strchr_m(&s[1], ':')) {
81 return NT_STATUS_OBJECT_NAME_INVALID;
87 if ((*s == ':') && !posix_path && !stream_started) {
88 if (*p_last_component_contains_wcard) {
89 return NT_STATUS_OBJECT_NAME_INVALID;
91 /* Stream names allow more characters than file names.
92 We're overloading posix_path here to allow a wider
93 range of characters. If stream_started is true this
94 is still a Windows path even if posix_path is true.
97 stream_started = true;
98 start_of_name_component = false;
102 return NT_STATUS_OBJECT_NAME_INVALID;
106 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
108 * Safe to assume is not the second part of a mb char
109 * as this is handled below.
111 /* Eat multiple '/' or '\\' */
112 while (IS_PATH_SEP(*s,posix_path)) {
115 if ((d != path) && (*s != '\0')) {
116 /* We only care about non-leading or trailing '/' or '\\' */
120 start_of_name_component = True;
122 *p_last_component_contains_wcard = False;
126 if (start_of_name_component) {
127 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
128 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
131 * No mb char starts with '.' so we're safe checking the directory separator here.
134 /* If we just added a '/' - delete it */
135 if ((d > path) && (*(d-1) == '/')) {
140 /* Are we at the start ? Can't go back further if so. */
142 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
145 /* Go back one level... */
146 /* We know this is safe as '/' cannot be part of a mb sequence. */
147 /* NOTE - if this assumption is invalid we are not in good shape... */
148 /* Decrement d first as d points to the *next* char to write into. */
149 for (d--; d > path; d--) {
153 s += 2; /* Else go past the .. */
154 /* We're still at the start of a name component, just the previous one. */
157 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
169 if (*s <= 0x1f || *s == '|') {
170 return NT_STATUS_OBJECT_NAME_INVALID;
178 *p_last_component_contains_wcard = True;
187 /* Get the size of the next MB character. */
188 next_codepoint(s,&siz);
206 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
208 return NT_STATUS_INVALID_PARAMETER;
211 start_of_name_component = False;
219 /****************************************************************************
220 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
221 No wildcards allowed.
222 ****************************************************************************/
224 NTSTATUS check_path_syntax(char *path)
227 return check_path_syntax_internal(path, False, &ignore);
230 /****************************************************************************
231 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
232 Wildcards allowed - p_contains_wcard returns true if the last component contained
234 ****************************************************************************/
236 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
238 return check_path_syntax_internal(path, False, p_contains_wcard);
241 /****************************************************************************
242 Check the path for a POSIX client.
243 We're assuming here that '/' is not the second byte in any multibyte char
244 set (a safe assumption).
245 ****************************************************************************/
247 NTSTATUS check_path_syntax_posix(char *path)
250 return check_path_syntax_internal(path, True, &ignore);
253 /****************************************************************************
254 Pull a string and check the path allowing a wilcard - provide for error return.
255 ****************************************************************************/
257 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
258 const char *base_ptr,
265 bool *contains_wcard)
271 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
275 *err = NT_STATUS_INVALID_PARAMETER;
279 *contains_wcard = False;
281 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
283 * For a DFS path the function parse_dfs_path()
284 * will do the path processing, just make a copy.
290 if (lp_posix_pathnames()) {
291 *err = check_path_syntax_posix(*pp_dest);
293 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
299 /****************************************************************************
300 Pull a string and check the path - provide for error return.
301 ****************************************************************************/
303 size_t srvstr_get_path(TALLOC_CTX *ctx,
304 const char *base_ptr,
313 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
314 src_len, flags, err, &ignore);
317 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
318 char **pp_dest, const char *src, int flags,
319 NTSTATUS *err, bool *contains_wcard)
321 ssize_t bufrem = smbreq_bufrem(req, src);
324 *err = NT_STATUS_INVALID_PARAMETER;
328 return srvstr_get_path_wcard(mem_ctx, (const char *)req->inbuf,
329 req->flags2, pp_dest, src, bufrem, flags,
330 err, contains_wcard);
333 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
334 char **pp_dest, const char *src, int flags,
338 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
339 flags, err, &ignore);
343 * pull a string from the smb_buf part of a packet. In this case the
344 * string can either be null terminated or it can be terminated by the
345 * end of the smbbuf area
347 size_t srvstr_pull_req_talloc(TALLOC_CTX *ctx, struct smb_request *req,
348 char **dest, const char *src, int flags)
350 ssize_t bufrem = smbreq_bufrem(req, src);
356 return pull_string_talloc(ctx, req->inbuf, req->flags2, dest, src,
360 /****************************************************************************
361 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
362 ****************************************************************************/
364 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
367 if ((fsp == NULL) || (conn == NULL)) {
368 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
371 if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) {
372 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
378 /****************************************************************************
379 Check if we have a correct fsp pointing to a file.
380 ****************************************************************************/
382 bool check_fsp(connection_struct *conn, struct smb_request *req,
385 if (!check_fsp_open(conn, req, fsp)) {
388 if (fsp->is_directory) {
389 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
392 if (fsp->fh->fd == -1) {
393 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
396 fsp->num_smb_operations++;
400 /****************************************************************************
401 Check if we have a correct fsp pointing to a quota fake file. Replacement for
402 the CHECK_NTQUOTA_HANDLE_OK macro.
403 ****************************************************************************/
405 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
408 if (!check_fsp_open(conn, req, fsp)) {
412 if (fsp->is_directory) {
416 if (fsp->fake_file_handle == NULL) {
420 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
424 if (fsp->fake_file_handle->private_data == NULL) {
431 static bool netbios_session_retarget(struct smbd_server_connection *sconn,
432 const char *name, int name_type)
435 char *trim_name_type;
436 const char *retarget_parm;
439 int retarget_type = 0x20;
440 int retarget_port = NBT_SMB_PORT;
441 struct sockaddr_storage retarget_addr;
442 struct sockaddr_in *in_addr;
446 if (get_socket_port(sconn->sock) != NBT_SMB_PORT) {
450 trim_name = talloc_strdup(talloc_tos(), name);
451 if (trim_name == NULL) {
454 trim_char(trim_name, ' ', ' ');
456 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
458 if (trim_name_type == NULL) {
462 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
463 trim_name_type, NULL);
464 if (retarget_parm == NULL) {
465 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
468 if (retarget_parm == NULL) {
472 retarget = talloc_strdup(trim_name, retarget_parm);
473 if (retarget == NULL) {
477 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
479 p = strchr(retarget, ':');
482 retarget_port = atoi(p);
485 p = strchr_m(retarget, '#');
488 if (sscanf(p, "%x", &retarget_type) != 1) {
493 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
495 DEBUG(10, ("could not resolve %s\n", retarget));
499 if (retarget_addr.ss_family != AF_INET) {
500 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
504 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
506 _smb_setlen(outbuf, 6);
507 SCVAL(outbuf, 0, 0x84);
508 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
509 *(uint16_t *)(outbuf+8) = htons(retarget_port);
511 if (!srv_send_smb(sconn, (char *)outbuf, false, 0, false,
513 exit_server_cleanly("netbios_session_retarget: srv_send_smb "
519 TALLOC_FREE(trim_name);
523 static void reply_called_name_not_present(char *outbuf)
525 smb_setlen(outbuf, 1);
526 SCVAL(outbuf, 0, 0x83);
527 SCVAL(outbuf, 4, 0x82);
530 /****************************************************************************
531 Reply to a (netbios-level) special message.
532 ****************************************************************************/
534 void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inbuf_size)
536 int msg_type = CVAL(inbuf,0);
537 int msg_flags = CVAL(inbuf,1);
539 * We only really use 4 bytes of the outbuf, but for the smb_setlen
540 * calculation & friends (srv_send_smb uses that) we need the full smb
543 char outbuf[smb_size];
545 memset(outbuf, '\0', sizeof(outbuf));
547 smb_setlen(outbuf,0);
550 case NBSSrequest: /* session request */
552 /* inbuf_size is guarenteed to be at least 4. */
554 int name_type1, name_type2;
555 int name_len1, name_len2;
559 if (sconn->nbt.got_session) {
560 exit_server_cleanly("multiple session request not permitted");
563 SCVAL(outbuf,0,NBSSpositive);
566 /* inbuf_size is guaranteed to be at least 4. */
567 name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
568 if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
569 DEBUG(0,("Invalid name length in session request\n"));
570 reply_called_name_not_present(outbuf);
573 name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
574 if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
575 DEBUG(0,("Invalid name length in session request\n"));
576 reply_called_name_not_present(outbuf);
580 name_type1 = name_extract((unsigned char *)inbuf,
581 inbuf_size,(unsigned int)4,name1);
582 name_type2 = name_extract((unsigned char *)inbuf,
583 inbuf_size,(unsigned int)(4 + name_len1),name2);
585 if (name_type1 == -1 || name_type2 == -1) {
586 DEBUG(0,("Invalid name type in session request\n"));
587 reply_called_name_not_present(outbuf);
591 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
592 name1, name_type1, name2, name_type2));
594 if (netbios_session_retarget(sconn, name1, name_type1)) {
595 exit_server_cleanly("retargeted client");
599 * Windows NT/2k uses "*SMBSERVER" and XP uses
600 * "*SMBSERV" arrggg!!!
602 if (strequal(name1, "*SMBSERVER ")
603 || strequal(name1, "*SMBSERV ")) {
606 raddr = tsocket_address_inet_addr_string(sconn->remote_address,
609 exit_server_cleanly("could not allocate raddr");
612 fstrcpy(name1, raddr);
615 set_local_machine_name(name1, True);
616 set_remote_machine_name(name2, True);
618 if (is_ipaddress(sconn->remote_hostname)) {
619 char *p = discard_const_p(char, sconn->remote_hostname);
623 sconn->remote_hostname = talloc_strdup(sconn,
624 get_remote_machine_name());
625 if (sconn->remote_hostname == NULL) {
626 exit_server_cleanly("could not copy remote name");
628 sconn->conn->remote_hostname = sconn->remote_hostname;
631 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
632 get_local_machine_name(), get_remote_machine_name(),
635 if (name_type2 == 'R') {
636 /* We are being asked for a pathworks session ---
638 reply_called_name_not_present(outbuf);
642 reload_services(sconn, conn_snum_used, true);
645 sconn->nbt.got_session = true;
649 case 0x89: /* session keepalive request
650 (some old clients produce this?) */
651 SCVAL(outbuf,0,NBSSkeepalive);
655 case NBSSpositive: /* positive session response */
656 case NBSSnegative: /* negative session response */
657 case NBSSretarget: /* retarget session response */
658 DEBUG(0,("Unexpected session response\n"));
661 case NBSSkeepalive: /* session keepalive */
666 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
667 msg_type, msg_flags));
669 srv_send_smb(sconn, outbuf, false, 0, false, NULL);
671 if (CVAL(outbuf, 0) != 0x82) {
672 exit_server_cleanly("invalid netbios session");
677 /****************************************************************************
679 conn POINTER CAN BE NULL HERE !
680 ****************************************************************************/
682 void reply_tcon(struct smb_request *req)
684 connection_struct *conn = req->conn;
686 char *service_buf = NULL;
687 char *password = NULL;
692 TALLOC_CTX *ctx = talloc_tos();
693 struct smbd_server_connection *sconn = req->sconn;
694 NTTIME now = timeval_to_nttime(&req->request_time);
696 START_PROFILE(SMBtcon);
698 if (req->buflen < 4) {
699 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
700 END_PROFILE(SMBtcon);
704 p = (const char *)req->buf + 1;
705 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
707 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
709 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
712 if (service_buf == NULL || password == NULL || dev == NULL) {
713 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
714 END_PROFILE(SMBtcon);
717 p = strrchr_m(service_buf,'\\');
721 service = service_buf;
724 conn = make_connection(sconn, now, service, dev,
725 req->vuid,&nt_status);
729 reply_nterror(req, nt_status);
730 END_PROFILE(SMBtcon);
734 reply_outbuf(req, 2, 0);
735 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
736 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
737 SSVAL(req->outbuf,smb_tid,conn->cnum);
739 DEBUG(3,("tcon service=%s cnum=%d\n",
740 service, conn->cnum));
742 END_PROFILE(SMBtcon);
746 /****************************************************************************
747 Reply to a tcon and X.
748 conn POINTER CAN BE NULL HERE !
749 ****************************************************************************/
751 void reply_tcon_and_X(struct smb_request *req)
753 connection_struct *conn = req->conn;
754 const char *service = NULL;
755 TALLOC_CTX *ctx = talloc_tos();
756 /* what the cleint thinks the device is */
757 char *client_devicetype = NULL;
758 /* what the server tells the client the share represents */
759 const char *server_devicetype;
765 struct smbXsrv_session *session = NULL;
766 NTTIME now = timeval_to_nttime(&req->request_time);
767 bool session_key_updated = false;
768 uint16_t optional_support = 0;
769 struct smbd_server_connection *sconn = req->sconn;
771 START_PROFILE(SMBtconX);
774 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
775 END_PROFILE(SMBtconX);
779 passlen = SVAL(req->vwv+3, 0);
780 tcon_flags = SVAL(req->vwv+2, 0);
782 /* we might have to close an old one */
783 if ((tcon_flags & TCONX_FLAG_DISCONNECT_TID) && conn) {
784 struct smbXsrv_tcon *tcon;
792 * TODO: cancel all outstanding requests on the tcon
794 status = smbXsrv_tcon_disconnect(tcon, req->vuid);
795 if (!NT_STATUS_IS_OK(status)) {
796 DEBUG(0, ("reply_tcon_and_X: "
797 "smbXsrv_tcon_disconnect() failed: %s\n",
800 * If we hit this case, there is something completely
801 * wrong, so we better disconnect the transport connection.
803 END_PROFILE(SMBtconX);
804 exit_server(__location__ ": smbXsrv_tcon_disconnect failed");
811 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
812 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
813 END_PROFILE(SMBtconX);
817 if (sconn->smb1.negprot.encrypted_passwords) {
818 p = (const char *)req->buf + passlen;
820 p = (const char *)req->buf + passlen + 1;
823 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
826 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
827 END_PROFILE(SMBtconX);
832 * the service name can be either: \\server\share
833 * or share directly like on the DELL PowerVault 705
836 q = strchr_m(path+2,'\\');
838 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
839 END_PROFILE(SMBtconX);
847 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
848 &client_devicetype, p,
849 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
851 if (client_devicetype == NULL) {
852 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
853 END_PROFILE(SMBtconX);
857 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
859 nt_status = smb1srv_session_lookup(req->sconn->conn,
860 req->vuid, now, &session);
861 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_USER_SESSION_DELETED)) {
862 reply_force_doserror(req, ERRSRV, ERRbaduid);
863 END_PROFILE(SMBtconX);
866 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
867 reply_nterror(req, nt_status);
868 END_PROFILE(SMBtconX);
871 if (!NT_STATUS_IS_OK(nt_status)) {
872 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
873 END_PROFILE(SMBtconX);
877 if (session->global->auth_session_info == NULL) {
878 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
879 END_PROFILE(SMBtconX);
884 * If there is no application key defined yet
887 * This means we setup the application key on the
888 * first tcon that happens via the given session.
890 * Once the application key is defined, it does not
893 if (session->global->application_key.length == 0 &&
894 session->global->signing_key.length > 0)
896 struct smbXsrv_session *x = session;
897 struct auth_session_info *session_info =
898 session->global->auth_session_info;
899 uint8_t session_key[16];
901 ZERO_STRUCT(session_key);
902 memcpy(session_key, x->global->signing_key.data,
903 MIN(x->global->signing_key.length, sizeof(session_key)));
906 * The application key is truncated/padded to 16 bytes
908 x->global->application_key = data_blob_talloc(x->global,
910 sizeof(session_key));
911 ZERO_STRUCT(session_key);
912 if (x->global->application_key.data == NULL) {
913 reply_nterror(req, NT_STATUS_NO_MEMORY);
914 END_PROFILE(SMBtconX);
918 if (tcon_flags & TCONX_FLAG_EXTENDED_SIGNATURES) {
919 smb_key_derivation(x->global->application_key.data,
920 x->global->application_key.length,
921 x->global->application_key.data);
922 optional_support |= SMB_EXTENDED_SIGNATURES;
926 * Place the application key into the session_info
928 data_blob_clear_free(&session_info->session_key);
929 session_info->session_key = data_blob_dup_talloc(session_info,
930 x->global->application_key);
931 if (session_info->session_key.data == NULL) {
932 data_blob_clear_free(&x->global->application_key);
933 reply_nterror(req, NT_STATUS_NO_MEMORY);
934 END_PROFILE(SMBtconX);
937 session_key_updated = true;
940 conn = make_connection(sconn, now, service, client_devicetype,
941 req->vuid, &nt_status);
945 if (session_key_updated) {
946 struct smbXsrv_session *x = session;
947 struct auth_session_info *session_info =
948 session->global->auth_session_info;
949 data_blob_clear_free(&x->global->application_key);
950 data_blob_clear_free(&session_info->session_key);
952 reply_nterror(req, nt_status);
953 END_PROFILE(SMBtconX);
958 server_devicetype = "IPC";
959 else if ( IS_PRINT(conn) )
960 server_devicetype = "LPT1:";
962 server_devicetype = "A:";
964 if (get_Protocol() < PROTOCOL_NT1) {
965 reply_outbuf(req, 2, 0);
966 if (message_push_string(&req->outbuf, server_devicetype,
967 STR_TERMINATE|STR_ASCII) == -1) {
968 reply_nterror(req, NT_STATUS_NO_MEMORY);
969 END_PROFILE(SMBtconX);
973 /* NT sets the fstype of IPC$ to the null string */
974 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(ctx, SNUM(conn));
976 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
977 /* Return permissions. */
981 reply_outbuf(req, 7, 0);
984 perm1 = FILE_ALL_ACCESS;
985 perm2 = FILE_ALL_ACCESS;
987 perm1 = conn->share_access;
990 SIVAL(req->outbuf, smb_vwv3, perm1);
991 SIVAL(req->outbuf, smb_vwv5, perm2);
993 reply_outbuf(req, 3, 0);
996 if ((message_push_string(&req->outbuf, server_devicetype,
997 STR_TERMINATE|STR_ASCII) == -1)
998 || (message_push_string(&req->outbuf, fstype,
999 STR_TERMINATE) == -1)) {
1000 reply_nterror(req, NT_STATUS_NO_MEMORY);
1001 END_PROFILE(SMBtconX);
1005 /* what does setting this bit do? It is set by NT4 and
1006 may affect the ability to autorun mounted cdroms */
1007 optional_support |= SMB_SUPPORT_SEARCH_BITS;
1009 (lp_csc_policy(SNUM(conn)) << SMB_CSC_POLICY_SHIFT);
1011 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
1012 DEBUG(2,("Serving %s as a Dfs root\n",
1013 lp_servicename(ctx, SNUM(conn)) ));
1014 optional_support |= SMB_SHARE_IN_DFS;
1017 SSVAL(req->outbuf, smb_vwv2, optional_support);
1020 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
1021 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
1023 DEBUG(3,("tconX service=%s \n",
1026 /* set the incoming and outgoing tid to the just created one */
1027 SSVAL(discard_const_p(uint8_t, req->inbuf),smb_tid,conn->cnum);
1028 SSVAL(req->outbuf,smb_tid,conn->cnum);
1030 END_PROFILE(SMBtconX);
1032 req->tid = conn->cnum;
1035 /****************************************************************************
1036 Reply to an unknown type.
1037 ****************************************************************************/
1039 void reply_unknown_new(struct smb_request *req, uint8 type)
1041 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
1042 smb_fn_name(type), type, type));
1043 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
1047 /****************************************************************************
1049 conn POINTER CAN BE NULL HERE !
1050 ****************************************************************************/
1052 void reply_ioctl(struct smb_request *req)
1054 connection_struct *conn = req->conn;
1061 START_PROFILE(SMBioctl);
1064 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1065 END_PROFILE(SMBioctl);
1069 device = SVAL(req->vwv+1, 0);
1070 function = SVAL(req->vwv+2, 0);
1071 ioctl_code = (device << 16) + function;
1073 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
1075 switch (ioctl_code) {
1076 case IOCTL_QUERY_JOB_INFO:
1080 reply_force_doserror(req, ERRSRV, ERRnosupport);
1081 END_PROFILE(SMBioctl);
1085 reply_outbuf(req, 8, replysize+1);
1086 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
1087 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
1088 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
1089 p = smb_buf(req->outbuf);
1090 memset(p, '\0', replysize+1); /* valgrind-safe. */
1091 p += 1; /* Allow for alignment */
1093 switch (ioctl_code) {
1094 case IOCTL_QUERY_JOB_INFO:
1096 files_struct *fsp = file_fsp(
1097 req, SVAL(req->vwv+0, 0));
1099 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1100 END_PROFILE(SMBioctl);
1104 SSVAL(p, 0, print_spool_rap_jobid(fsp->print_file));
1106 srvstr_push((char *)req->outbuf, req->flags2, p+2,
1107 lp_netbios_name(), 15,
1108 STR_TERMINATE|STR_ASCII);
1110 srvstr_push((char *)req->outbuf, req->flags2,
1112 lp_servicename(talloc_tos(),
1114 13, STR_TERMINATE|STR_ASCII);
1116 memset(p+18, 0, 13);
1122 END_PROFILE(SMBioctl);
1126 /****************************************************************************
1127 Strange checkpath NTSTATUS mapping.
1128 ****************************************************************************/
1130 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
1132 /* Strange DOS error code semantics only for checkpath... */
1133 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
1134 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
1135 /* We need to map to ERRbadpath */
1136 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1142 /****************************************************************************
1143 Reply to a checkpath.
1144 ****************************************************************************/
1146 void reply_checkpath(struct smb_request *req)
1148 connection_struct *conn = req->conn;
1149 struct smb_filename *smb_fname = NULL;
1152 TALLOC_CTX *ctx = talloc_tos();
1154 START_PROFILE(SMBcheckpath);
1156 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
1157 STR_TERMINATE, &status);
1159 if (!NT_STATUS_IS_OK(status)) {
1160 status = map_checkpath_error(req->flags2, status);
1161 reply_nterror(req, status);
1162 END_PROFILE(SMBcheckpath);
1166 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
1168 status = filename_convert(ctx,
1170 req->flags2 & FLAGS2_DFS_PATHNAMES,
1176 if (!NT_STATUS_IS_OK(status)) {
1177 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1178 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1179 ERRSRV, ERRbadpath);
1180 END_PROFILE(SMBcheckpath);
1186 if (!VALID_STAT(smb_fname->st) &&
1187 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1188 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1189 smb_fname_str_dbg(smb_fname), strerror(errno)));
1190 status = map_nt_error_from_unix(errno);
1194 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1195 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1196 ERRDOS, ERRbadpath);
1200 reply_outbuf(req, 0, 0);
1203 /* We special case this - as when a Windows machine
1204 is parsing a path is steps through the components
1205 one at a time - if a component fails it expects
1206 ERRbadpath, not ERRbadfile.
1208 status = map_checkpath_error(req->flags2, status);
1209 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1211 * Windows returns different error codes if
1212 * the parent directory is valid but not the
1213 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1214 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1215 * if the path is invalid.
1217 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1218 ERRDOS, ERRbadpath);
1222 reply_nterror(req, status);
1225 TALLOC_FREE(smb_fname);
1226 END_PROFILE(SMBcheckpath);
1230 /****************************************************************************
1232 ****************************************************************************/
1234 void reply_getatr(struct smb_request *req)
1236 connection_struct *conn = req->conn;
1237 struct smb_filename *smb_fname = NULL;
1244 TALLOC_CTX *ctx = talloc_tos();
1245 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1247 START_PROFILE(SMBgetatr);
1249 p = (const char *)req->buf + 1;
1250 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1251 if (!NT_STATUS_IS_OK(status)) {
1252 reply_nterror(req, status);
1256 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1257 under WfWg - weird! */
1258 if (*fname == '\0') {
1259 mode = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
1260 if (!CAN_WRITE(conn)) {
1261 mode |= FILE_ATTRIBUTE_READONLY;
1266 status = filename_convert(ctx,
1268 req->flags2 & FLAGS2_DFS_PATHNAMES,
1273 if (!NT_STATUS_IS_OK(status)) {
1274 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1275 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1276 ERRSRV, ERRbadpath);
1279 reply_nterror(req, status);
1282 if (!VALID_STAT(smb_fname->st) &&
1283 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1284 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1285 smb_fname_str_dbg(smb_fname),
1287 reply_nterror(req, map_nt_error_from_unix(errno));
1291 mode = dos_mode(conn, smb_fname);
1292 size = smb_fname->st.st_ex_size;
1294 if (ask_sharemode) {
1295 struct timespec write_time_ts;
1296 struct file_id fileid;
1298 ZERO_STRUCT(write_time_ts);
1299 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1300 get_file_infos(fileid, 0, NULL, &write_time_ts);
1301 if (!null_timespec(write_time_ts)) {
1302 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1306 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1307 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
1312 reply_outbuf(req, 10, 0);
1314 SSVAL(req->outbuf,smb_vwv0,mode);
1315 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1316 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1318 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1320 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1322 if (get_Protocol() >= PROTOCOL_NT1) {
1323 SSVAL(req->outbuf, smb_flg2,
1324 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1327 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1328 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1331 TALLOC_FREE(smb_fname);
1333 END_PROFILE(SMBgetatr);
1337 /****************************************************************************
1339 ****************************************************************************/
1341 void reply_setatr(struct smb_request *req)
1343 struct smb_file_time ft;
1344 connection_struct *conn = req->conn;
1345 struct smb_filename *smb_fname = NULL;
1351 TALLOC_CTX *ctx = talloc_tos();
1353 START_PROFILE(SMBsetatr);
1358 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1362 p = (const char *)req->buf + 1;
1363 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1364 if (!NT_STATUS_IS_OK(status)) {
1365 reply_nterror(req, status);
1369 status = filename_convert(ctx,
1371 req->flags2 & FLAGS2_DFS_PATHNAMES,
1376 if (!NT_STATUS_IS_OK(status)) {
1377 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1378 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1379 ERRSRV, ERRbadpath);
1382 reply_nterror(req, status);
1386 if (smb_fname->base_name[0] == '.' &&
1387 smb_fname->base_name[1] == '\0') {
1389 * Not sure here is the right place to catch this
1390 * condition. Might be moved to somewhere else later -- vl
1392 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1396 mode = SVAL(req->vwv+0, 0);
1397 mtime = srv_make_unix_date3(req->vwv+1);
1399 if (mode != FILE_ATTRIBUTE_NORMAL) {
1400 if (VALID_STAT_OF_DIR(smb_fname->st))
1401 mode |= FILE_ATTRIBUTE_DIRECTORY;
1403 mode &= ~FILE_ATTRIBUTE_DIRECTORY;
1405 status = check_access(conn, NULL, smb_fname,
1406 FILE_WRITE_ATTRIBUTES);
1407 if (!NT_STATUS_IS_OK(status)) {
1408 reply_nterror(req, status);
1412 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1414 reply_nterror(req, map_nt_error_from_unix(errno));
1419 ft.mtime = convert_time_t_to_timespec(mtime);
1420 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1421 if (!NT_STATUS_IS_OK(status)) {
1422 reply_nterror(req, status);
1426 reply_outbuf(req, 0, 0);
1428 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1431 TALLOC_FREE(smb_fname);
1432 END_PROFILE(SMBsetatr);
1436 /****************************************************************************
1438 ****************************************************************************/
1440 void reply_dskattr(struct smb_request *req)
1442 connection_struct *conn = req->conn;
1443 uint64_t dfree,dsize,bsize;
1444 START_PROFILE(SMBdskattr);
1446 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1447 reply_nterror(req, map_nt_error_from_unix(errno));
1448 END_PROFILE(SMBdskattr);
1452 reply_outbuf(req, 5, 0);
1454 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1455 double total_space, free_space;
1456 /* we need to scale this to a number that DOS6 can handle. We
1457 use floating point so we can handle large drives on systems
1458 that don't have 64 bit integers
1460 we end up displaying a maximum of 2G to DOS systems
1462 total_space = dsize * (double)bsize;
1463 free_space = dfree * (double)bsize;
1465 dsize = (uint64_t)((total_space+63*512) / (64*512));
1466 dfree = (uint64_t)((free_space+63*512) / (64*512));
1468 if (dsize > 0xFFFF) dsize = 0xFFFF;
1469 if (dfree > 0xFFFF) dfree = 0xFFFF;
1471 SSVAL(req->outbuf,smb_vwv0,dsize);
1472 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1473 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1474 SSVAL(req->outbuf,smb_vwv3,dfree);
1476 SSVAL(req->outbuf,smb_vwv0,dsize);
1477 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1478 SSVAL(req->outbuf,smb_vwv2,512);
1479 SSVAL(req->outbuf,smb_vwv3,dfree);
1482 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1484 END_PROFILE(SMBdskattr);
1489 * Utility function to split the filename from the directory.
1491 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1492 char **fname_dir_out,
1493 char **fname_mask_out)
1495 const char *p = NULL;
1496 char *fname_dir = NULL;
1497 char *fname_mask = NULL;
1499 p = strrchr_m(fname_in, '/');
1501 fname_dir = talloc_strdup(ctx, ".");
1502 fname_mask = talloc_strdup(ctx, fname_in);
1504 fname_dir = talloc_strndup(ctx, fname_in,
1505 PTR_DIFF(p, fname_in));
1506 fname_mask = talloc_strdup(ctx, p+1);
1509 if (!fname_dir || !fname_mask) {
1510 TALLOC_FREE(fname_dir);
1511 TALLOC_FREE(fname_mask);
1512 return NT_STATUS_NO_MEMORY;
1515 *fname_dir_out = fname_dir;
1516 *fname_mask_out = fname_mask;
1517 return NT_STATUS_OK;
1520 /****************************************************************************
1522 Can be called from SMBsearch, SMBffirst or SMBfunique.
1523 ****************************************************************************/
1525 void reply_search(struct smb_request *req)
1527 connection_struct *conn = req->conn;
1529 const char *mask = NULL;
1530 char *directory = NULL;
1531 struct smb_filename *smb_fname = NULL;
1535 struct timespec date;
1537 unsigned int numentries = 0;
1538 unsigned int maxentries = 0;
1539 bool finished = False;
1544 bool check_descend = False;
1545 bool expect_close = False;
1547 bool mask_contains_wcard = False;
1548 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1549 TALLOC_CTX *ctx = talloc_tos();
1550 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1551 struct dptr_struct *dirptr = NULL;
1552 struct smbd_server_connection *sconn = req->sconn;
1554 START_PROFILE(SMBsearch);
1557 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1561 if (lp_posix_pathnames()) {
1562 reply_unknown_new(req, req->cmd);
1566 /* If we were called as SMBffirst then we must expect close. */
1567 if(req->cmd == SMBffirst) {
1568 expect_close = True;
1571 reply_outbuf(req, 1, 3);
1572 maxentries = SVAL(req->vwv+0, 0);
1573 dirtype = SVAL(req->vwv+1, 0);
1574 p = (const char *)req->buf + 1;
1575 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1576 &nt_status, &mask_contains_wcard);
1577 if (!NT_STATUS_IS_OK(nt_status)) {
1578 reply_nterror(req, nt_status);
1583 status_len = SVAL(p, 0);
1586 /* dirtype &= ~FILE_ATTRIBUTE_DIRECTORY; */
1588 if (status_len == 0) {
1589 nt_status = filename_convert(ctx, conn,
1590 req->flags2 & FLAGS2_DFS_PATHNAMES,
1592 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1593 &mask_contains_wcard,
1595 if (!NT_STATUS_IS_OK(nt_status)) {
1596 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1597 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1598 ERRSRV, ERRbadpath);
1601 reply_nterror(req, nt_status);
1605 directory = smb_fname->base_name;
1607 p = strrchr_m(directory,'/');
1608 if ((p != NULL) && (*directory != '/')) {
1610 directory = talloc_strndup(ctx, directory,
1611 PTR_DIFF(p, directory));
1614 directory = talloc_strdup(ctx,".");
1618 reply_nterror(req, NT_STATUS_NO_MEMORY);
1622 memset((char *)status,'\0',21);
1623 SCVAL(status,0,(dirtype & 0x1F));
1625 nt_status = dptr_create(conn,
1633 mask_contains_wcard,
1636 if (!NT_STATUS_IS_OK(nt_status)) {
1637 reply_nterror(req, nt_status);
1640 dptr_num = dptr_dnum(dirptr);
1643 const char *dirpath;
1645 memcpy(status,p,21);
1646 status_dirtype = CVAL(status,0) & 0x1F;
1647 if (status_dirtype != (dirtype & 0x1F)) {
1648 dirtype = status_dirtype;
1651 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1655 dirpath = dptr_path(sconn, dptr_num);
1656 directory = talloc_strdup(ctx, dirpath);
1658 reply_nterror(req, NT_STATUS_NO_MEMORY);
1662 mask = dptr_wcard(sconn, dptr_num);
1667 * For a 'continue' search we have no string. So
1668 * check from the initial saved string.
1670 mask_contains_wcard = ms_has_wild(mask);
1671 dirtype = dptr_attr(sconn, dptr_num);
1674 DEBUG(4,("dptr_num is %d\n",dptr_num));
1676 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1677 dptr_init_search_op(dirptr);
1679 if ((dirtype&0x1F) == FILE_ATTRIBUTE_VOLUME) {
1680 char buf[DIR_STRUCT_SIZE];
1681 memcpy(buf,status,21);
1682 if (!make_dir_struct(ctx,buf,"???????????",volume_label(ctx, SNUM(conn)),
1683 0,FILE_ATTRIBUTE_VOLUME,0,!allow_long_path_components)) {
1684 reply_nterror(req, NT_STATUS_NO_MEMORY);
1687 dptr_fill(sconn, buf+12,dptr_num);
1688 if (dptr_zero(buf+12) && (status_len==0)) {
1693 if (message_push_blob(&req->outbuf,
1694 data_blob_const(buf, sizeof(buf)))
1696 reply_nterror(req, NT_STATUS_NO_MEMORY);
1704 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1707 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1708 directory,lp_dontdescend(ctx, SNUM(conn))));
1709 if (in_list(directory, lp_dontdescend(ctx, SNUM(conn)),True)) {
1710 check_descend = True;
1713 for (i=numentries;(i<maxentries) && !finished;i++) {
1714 finished = !get_dir_entry(ctx,
1725 char buf[DIR_STRUCT_SIZE];
1726 memcpy(buf,status,21);
1727 if (!make_dir_struct(ctx,
1733 convert_timespec_to_time_t(date),
1734 !allow_long_path_components)) {
1735 reply_nterror(req, NT_STATUS_NO_MEMORY);
1738 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1741 if (message_push_blob(&req->outbuf,
1742 data_blob_const(buf, sizeof(buf)))
1744 reply_nterror(req, NT_STATUS_NO_MEMORY);
1754 /* If we were called as SMBffirst with smb_search_id == NULL
1755 and no entries were found then return error and close dirptr
1758 if (numentries == 0) {
1759 dptr_close(sconn, &dptr_num);
1760 } else if(expect_close && status_len == 0) {
1761 /* Close the dptr - we know it's gone */
1762 dptr_close(sconn, &dptr_num);
1765 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1766 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1767 dptr_close(sconn, &dptr_num);
1770 if ((numentries == 0) && !mask_contains_wcard) {
1771 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1775 SSVAL(req->outbuf,smb_vwv0,numentries);
1776 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1777 SCVAL(smb_buf(req->outbuf),0,5);
1778 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1780 /* The replies here are never long name. */
1781 SSVAL(req->outbuf, smb_flg2,
1782 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1783 if (!allow_long_path_components) {
1784 SSVAL(req->outbuf, smb_flg2,
1785 SVAL(req->outbuf, smb_flg2)
1786 & (~FLAGS2_LONG_PATH_COMPONENTS));
1789 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1790 SSVAL(req->outbuf, smb_flg2,
1791 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1793 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1794 smb_fn_name(req->cmd),
1801 TALLOC_FREE(directory);
1802 TALLOC_FREE(smb_fname);
1803 END_PROFILE(SMBsearch);
1807 /****************************************************************************
1808 Reply to a fclose (stop directory search).
1809 ****************************************************************************/
1811 void reply_fclose(struct smb_request *req)
1819 bool path_contains_wcard = False;
1820 TALLOC_CTX *ctx = talloc_tos();
1821 struct smbd_server_connection *sconn = req->sconn;
1823 START_PROFILE(SMBfclose);
1825 if (lp_posix_pathnames()) {
1826 reply_unknown_new(req, req->cmd);
1827 END_PROFILE(SMBfclose);
1831 p = (const char *)req->buf + 1;
1832 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1833 &err, &path_contains_wcard);
1834 if (!NT_STATUS_IS_OK(err)) {
1835 reply_nterror(req, err);
1836 END_PROFILE(SMBfclose);
1840 status_len = SVAL(p,0);
1843 if (status_len == 0) {
1844 reply_force_doserror(req, ERRSRV, ERRsrverror);
1845 END_PROFILE(SMBfclose);
1849 memcpy(status,p,21);
1851 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1852 /* Close the dptr - we know it's gone */
1853 dptr_close(sconn, &dptr_num);
1856 reply_outbuf(req, 1, 0);
1857 SSVAL(req->outbuf,smb_vwv0,0);
1859 DEBUG(3,("search close\n"));
1861 END_PROFILE(SMBfclose);
1865 /****************************************************************************
1867 ****************************************************************************/
1869 void reply_open(struct smb_request *req)
1871 connection_struct *conn = req->conn;
1872 struct smb_filename *smb_fname = NULL;
1884 uint32 create_disposition;
1885 uint32 create_options = 0;
1886 uint32_t private_flags = 0;
1888 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1889 TALLOC_CTX *ctx = talloc_tos();
1891 START_PROFILE(SMBopen);
1894 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1898 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1899 deny_mode = SVAL(req->vwv+0, 0);
1900 dos_attr = SVAL(req->vwv+1, 0);
1902 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1903 STR_TERMINATE, &status);
1904 if (!NT_STATUS_IS_OK(status)) {
1905 reply_nterror(req, status);
1909 status = filename_convert(ctx,
1911 req->flags2 & FLAGS2_DFS_PATHNAMES,
1916 if (!NT_STATUS_IS_OK(status)) {
1917 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1918 reply_botherror(req,
1919 NT_STATUS_PATH_NOT_COVERED,
1920 ERRSRV, ERRbadpath);
1923 reply_nterror(req, status);
1927 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
1928 OPENX_FILE_EXISTS_OPEN, &access_mask,
1929 &share_mode, &create_disposition,
1930 &create_options, &private_flags)) {
1931 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1935 status = SMB_VFS_CREATE_FILE(
1938 0, /* root_dir_fid */
1939 smb_fname, /* fname */
1940 access_mask, /* access_mask */
1941 share_mode, /* share_access */
1942 create_disposition, /* create_disposition*/
1943 create_options, /* create_options */
1944 dos_attr, /* file_attributes */
1945 oplock_request, /* oplock_request */
1946 0, /* allocation_size */
1953 if (!NT_STATUS_IS_OK(status)) {
1954 if (open_was_deferred(req->sconn, req->mid)) {
1955 /* We have re-scheduled this call. */
1958 reply_openerror(req, status);
1962 size = smb_fname->st.st_ex_size;
1963 fattr = dos_mode(conn, smb_fname);
1965 /* Deal with other possible opens having a modified
1967 if (ask_sharemode) {
1968 struct timespec write_time_ts;
1970 ZERO_STRUCT(write_time_ts);
1971 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
1972 if (!null_timespec(write_time_ts)) {
1973 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1977 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1979 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
1980 DEBUG(3,("attempt to open a directory %s\n",
1982 close_file(req, fsp, ERROR_CLOSE);
1983 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1984 ERRDOS, ERRnoaccess);
1988 reply_outbuf(req, 7, 0);
1989 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1990 SSVAL(req->outbuf,smb_vwv1,fattr);
1991 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1992 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1994 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1996 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1997 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1999 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2000 SCVAL(req->outbuf,smb_flg,
2001 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2004 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2005 SCVAL(req->outbuf,smb_flg,
2006 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2009 TALLOC_FREE(smb_fname);
2010 END_PROFILE(SMBopen);
2014 /****************************************************************************
2015 Reply to an open and X.
2016 ****************************************************************************/
2018 void reply_open_and_X(struct smb_request *req)
2020 connection_struct *conn = req->conn;
2021 struct smb_filename *smb_fname = NULL;
2026 /* Breakout the oplock request bits so we can set the
2027 reply bits separately. */
2028 int ex_oplock_request;
2029 int core_oplock_request;
2032 int smb_sattr = SVAL(req->vwv+4, 0);
2033 uint32 smb_time = make_unix_date3(req->vwv+6);
2041 uint64_t allocation_size;
2042 ssize_t retval = -1;
2045 uint32 create_disposition;
2046 uint32 create_options = 0;
2047 uint32_t private_flags = 0;
2048 TALLOC_CTX *ctx = talloc_tos();
2050 START_PROFILE(SMBopenX);
2052 if (req->wct < 15) {
2053 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2057 open_flags = SVAL(req->vwv+2, 0);
2058 deny_mode = SVAL(req->vwv+3, 0);
2059 smb_attr = SVAL(req->vwv+5, 0);
2060 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
2061 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2062 oplock_request = ex_oplock_request | core_oplock_request;
2063 smb_ofun = SVAL(req->vwv+8, 0);
2064 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
2066 /* If it's an IPC, pass off the pipe handler. */
2068 if (lp_nt_pipe_support()) {
2069 reply_open_pipe_and_X(conn, req);
2071 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
2076 /* XXXX we need to handle passed times, sattr and flags */
2077 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
2078 STR_TERMINATE, &status);
2079 if (!NT_STATUS_IS_OK(status)) {
2080 reply_nterror(req, status);
2084 status = filename_convert(ctx,
2086 req->flags2 & FLAGS2_DFS_PATHNAMES,
2091 if (!NT_STATUS_IS_OK(status)) {
2092 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2093 reply_botherror(req,
2094 NT_STATUS_PATH_NOT_COVERED,
2095 ERRSRV, ERRbadpath);
2098 reply_nterror(req, status);
2102 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
2104 &access_mask, &share_mode,
2105 &create_disposition,
2108 reply_force_doserror(req, ERRDOS, ERRbadaccess);
2112 status = SMB_VFS_CREATE_FILE(
2115 0, /* root_dir_fid */
2116 smb_fname, /* fname */
2117 access_mask, /* access_mask */
2118 share_mode, /* share_access */
2119 create_disposition, /* create_disposition*/
2120 create_options, /* create_options */
2121 smb_attr, /* file_attributes */
2122 oplock_request, /* oplock_request */
2123 0, /* allocation_size */
2128 &smb_action); /* pinfo */
2130 if (!NT_STATUS_IS_OK(status)) {
2131 if (open_was_deferred(req->sconn, req->mid)) {
2132 /* We have re-scheduled this call. */
2135 reply_openerror(req, status);
2139 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
2140 if the file is truncated or created. */
2141 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
2142 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
2143 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
2144 close_file(req, fsp, ERROR_CLOSE);
2145 reply_nterror(req, NT_STATUS_DISK_FULL);
2148 retval = vfs_set_filelen(fsp, (off_t)allocation_size);
2150 close_file(req, fsp, ERROR_CLOSE);
2151 reply_nterror(req, NT_STATUS_DISK_FULL);
2154 status = vfs_stat_fsp(fsp);
2155 if (!NT_STATUS_IS_OK(status)) {
2156 close_file(req, fsp, ERROR_CLOSE);
2157 reply_nterror(req, status);
2162 fattr = dos_mode(conn, fsp->fsp_name);
2163 mtime = convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime);
2164 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2165 close_file(req, fsp, ERROR_CLOSE);
2166 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2170 /* If the caller set the extended oplock request bit
2171 and we granted one (by whatever means) - set the
2172 correct bit for extended oplock reply.
2175 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2176 smb_action |= EXTENDED_OPLOCK_GRANTED;
2179 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2180 smb_action |= EXTENDED_OPLOCK_GRANTED;
2183 /* If the caller set the core oplock request bit
2184 and we granted one (by whatever means) - set the
2185 correct bit for core oplock reply.
2188 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2189 reply_outbuf(req, 19, 0);
2191 reply_outbuf(req, 15, 0);
2194 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
2195 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
2197 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2198 SCVAL(req->outbuf, smb_flg,
2199 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2202 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2203 SCVAL(req->outbuf, smb_flg,
2204 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2207 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2208 SSVAL(req->outbuf,smb_vwv3,fattr);
2209 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2210 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2212 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2214 SIVAL(req->outbuf,smb_vwv6,(uint32)fsp->fsp_name->st.st_ex_size);
2215 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2216 SSVAL(req->outbuf,smb_vwv11,smb_action);
2218 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2219 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2223 TALLOC_FREE(smb_fname);
2224 END_PROFILE(SMBopenX);
2228 /****************************************************************************
2229 Reply to a SMBulogoffX.
2230 ****************************************************************************/
2232 void reply_ulogoffX(struct smb_request *req)
2234 struct smbd_server_connection *sconn = req->sconn;
2235 struct user_struct *vuser;
2236 struct smbXsrv_session *session = NULL;
2239 START_PROFILE(SMBulogoffX);
2241 vuser = get_valid_user_struct(sconn, req->vuid);
2244 DEBUG(3,("ulogoff, vuser id %llu does not map to user.\n",
2245 (unsigned long long)req->vuid));
2247 req->vuid = UID_FIELD_INVALID;
2248 reply_force_doserror(req, ERRSRV, ERRbaduid);
2249 END_PROFILE(SMBulogoffX);
2253 session = vuser->session;
2257 * TODO: cancel all outstanding requests on the session
2259 status = smbXsrv_session_logoff(session);
2260 if (!NT_STATUS_IS_OK(status)) {
2261 DEBUG(0, ("reply_ulogoff: "
2262 "smbXsrv_session_logoff() failed: %s\n",
2263 nt_errstr(status)));
2265 * If we hit this case, there is something completely
2266 * wrong, so we better disconnect the transport connection.
2268 END_PROFILE(SMBulogoffX);
2269 exit_server(__location__ ": smbXsrv_session_logoff failed");
2273 TALLOC_FREE(session);
2275 reply_outbuf(req, 2, 0);
2276 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
2277 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
2279 DEBUG(3, ("ulogoffX vuid=%llu\n",
2280 (unsigned long long)req->vuid));
2282 END_PROFILE(SMBulogoffX);
2283 req->vuid = UID_FIELD_INVALID;
2286 /****************************************************************************
2287 Reply to a mknew or a create.
2288 ****************************************************************************/
2290 void reply_mknew(struct smb_request *req)
2292 connection_struct *conn = req->conn;
2293 struct smb_filename *smb_fname = NULL;
2296 struct smb_file_time ft;
2298 int oplock_request = 0;
2300 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2301 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2302 uint32 create_disposition;
2303 uint32 create_options = 0;
2304 TALLOC_CTX *ctx = talloc_tos();
2306 START_PROFILE(SMBcreate);
2310 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2314 fattr = SVAL(req->vwv+0, 0);
2315 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2318 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2320 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2321 STR_TERMINATE, &status);
2322 if (!NT_STATUS_IS_OK(status)) {
2323 reply_nterror(req, status);
2327 status = filename_convert(ctx,
2329 req->flags2 & FLAGS2_DFS_PATHNAMES,
2334 if (!NT_STATUS_IS_OK(status)) {
2335 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2336 reply_botherror(req,
2337 NT_STATUS_PATH_NOT_COVERED,
2338 ERRSRV, ERRbadpath);
2341 reply_nterror(req, status);
2345 if (fattr & FILE_ATTRIBUTE_VOLUME) {
2346 DEBUG(0,("Attempt to create file (%s) with volid set - "
2347 "please report this\n",
2348 smb_fname_str_dbg(smb_fname)));
2351 if(req->cmd == SMBmknew) {
2352 /* We should fail if file exists. */
2353 create_disposition = FILE_CREATE;
2355 /* Create if file doesn't exist, truncate if it does. */
2356 create_disposition = FILE_OVERWRITE_IF;
2359 status = SMB_VFS_CREATE_FILE(
2362 0, /* root_dir_fid */
2363 smb_fname, /* fname */
2364 access_mask, /* access_mask */
2365 share_mode, /* share_access */
2366 create_disposition, /* create_disposition*/
2367 create_options, /* create_options */
2368 fattr, /* file_attributes */
2369 oplock_request, /* oplock_request */
2370 0, /* allocation_size */
2371 0, /* private_flags */
2377 if (!NT_STATUS_IS_OK(status)) {
2378 if (open_was_deferred(req->sconn, req->mid)) {
2379 /* We have re-scheduled this call. */
2382 reply_openerror(req, status);
2386 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2387 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2388 if (!NT_STATUS_IS_OK(status)) {
2389 END_PROFILE(SMBcreate);
2393 reply_outbuf(req, 1, 0);
2394 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2396 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2397 SCVAL(req->outbuf,smb_flg,
2398 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2401 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2402 SCVAL(req->outbuf,smb_flg,
2403 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2406 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2407 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2408 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2409 (unsigned int)fattr));
2412 TALLOC_FREE(smb_fname);
2413 END_PROFILE(SMBcreate);
2417 /****************************************************************************
2418 Reply to a create temporary file.
2419 ****************************************************************************/
2421 void reply_ctemp(struct smb_request *req)
2423 connection_struct *conn = req->conn;
2424 struct smb_filename *smb_fname = NULL;
2432 TALLOC_CTX *ctx = talloc_tos();
2434 START_PROFILE(SMBctemp);
2437 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2441 fattr = SVAL(req->vwv+0, 0);
2442 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2444 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2445 STR_TERMINATE, &status);
2446 if (!NT_STATUS_IS_OK(status)) {
2447 reply_nterror(req, status);
2451 fname = talloc_asprintf(ctx,
2455 fname = talloc_strdup(ctx, "TMXXXXXX");
2459 reply_nterror(req, NT_STATUS_NO_MEMORY);
2463 status = filename_convert(ctx, conn,
2464 req->flags2 & FLAGS2_DFS_PATHNAMES,
2469 if (!NT_STATUS_IS_OK(status)) {
2470 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2471 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2472 ERRSRV, ERRbadpath);
2475 reply_nterror(req, status);
2479 tmpfd = mkstemp(smb_fname->base_name);
2481 reply_nterror(req, map_nt_error_from_unix(errno));
2485 SMB_VFS_STAT(conn, smb_fname);
2487 /* We should fail if file does not exist. */
2488 status = SMB_VFS_CREATE_FILE(
2491 0, /* root_dir_fid */
2492 smb_fname, /* fname */
2493 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2494 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2495 FILE_OPEN, /* create_disposition*/
2496 0, /* create_options */
2497 fattr, /* file_attributes */
2498 oplock_request, /* oplock_request */
2499 0, /* allocation_size */
2500 0, /* private_flags */
2506 /* close fd from mkstemp() */
2509 if (!NT_STATUS_IS_OK(status)) {
2510 if (open_was_deferred(req->sconn, req->mid)) {
2511 /* We have re-scheduled this call. */
2514 reply_openerror(req, status);
2518 reply_outbuf(req, 1, 0);
2519 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2521 /* the returned filename is relative to the directory */
2522 s = strrchr_m(fsp->fsp_name->base_name, '/');
2524 s = fsp->fsp_name->base_name;
2530 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2531 thing in the byte section. JRA */
2532 SSVALS(p, 0, -1); /* what is this? not in spec */
2534 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2536 reply_nterror(req, NT_STATUS_NO_MEMORY);
2540 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2541 SCVAL(req->outbuf, smb_flg,
2542 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2545 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2546 SCVAL(req->outbuf, smb_flg,
2547 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2550 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2551 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2552 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2554 TALLOC_FREE(smb_fname);
2555 END_PROFILE(SMBctemp);
2559 /*******************************************************************
2560 Check if a user is allowed to rename a file.
2561 ********************************************************************/
2563 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2566 if (!CAN_WRITE(conn)) {
2567 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2570 if ((dirtype & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) !=
2571 (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2572 /* Only bother to read the DOS attribute if we might deny the
2573 rename on the grounds of attribute missmatch. */
2574 uint32_t fmode = dos_mode(conn, fsp->fsp_name);
2575 if ((fmode & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2576 return NT_STATUS_NO_SUCH_FILE;
2580 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2581 if (fsp->posix_open) {
2582 return NT_STATUS_OK;
2585 /* If no pathnames are open below this
2586 directory, allow the rename. */
2588 if (file_find_subpath(fsp)) {
2589 return NT_STATUS_ACCESS_DENIED;
2591 return NT_STATUS_OK;
2594 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2595 return NT_STATUS_OK;
2598 return NT_STATUS_ACCESS_DENIED;
2601 /*******************************************************************
2602 * unlink a file with all relevant access checks
2603 *******************************************************************/
2605 static NTSTATUS do_unlink(connection_struct *conn,
2606 struct smb_request *req,
2607 struct smb_filename *smb_fname,
2612 uint32 dirtype_orig = dirtype;
2615 bool posix_paths = lp_posix_pathnames();
2617 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2618 smb_fname_str_dbg(smb_fname),
2621 if (!CAN_WRITE(conn)) {
2622 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2626 ret = SMB_VFS_LSTAT(conn, smb_fname);
2628 ret = SMB_VFS_STAT(conn, smb_fname);
2631 return map_nt_error_from_unix(errno);
2634 fattr = dos_mode(conn, smb_fname);
2636 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2637 dirtype = FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY;
2640 dirtype &= (FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
2642 return NT_STATUS_NO_SUCH_FILE;
2645 if (!dir_check_ftype(conn, fattr, dirtype)) {
2646 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2647 return NT_STATUS_FILE_IS_A_DIRECTORY;
2649 return NT_STATUS_NO_SUCH_FILE;
2652 if (dirtype_orig & 0x8000) {
2653 /* These will never be set for POSIX. */
2654 return NT_STATUS_NO_SUCH_FILE;
2658 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2659 return NT_STATUS_FILE_IS_A_DIRECTORY;
2662 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2663 return NT_STATUS_NO_SUCH_FILE;
2666 if (dirtype & 0xFF00) {
2667 /* These will never be set for POSIX. */
2668 return NT_STATUS_NO_SUCH_FILE;
2673 return NT_STATUS_NO_SUCH_FILE;
2676 /* Can't delete a directory. */
2677 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2678 return NT_STATUS_FILE_IS_A_DIRECTORY;
2683 else if (dirtype & FILE_ATTRIBUTE_DIRECTORY) /* Asked for a directory and it isn't. */
2684 return NT_STATUS_OBJECT_NAME_INVALID;
2685 #endif /* JRATEST */
2687 /* On open checks the open itself will check the share mode, so
2688 don't do it here as we'll get it wrong. */
2690 status = SMB_VFS_CREATE_FILE
2693 0, /* root_dir_fid */
2694 smb_fname, /* fname */
2695 DELETE_ACCESS, /* access_mask */
2696 FILE_SHARE_NONE, /* share_access */
2697 FILE_OPEN, /* create_disposition*/
2698 FILE_NON_DIRECTORY_FILE, /* create_options */
2699 /* file_attributes */
2700 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2701 FILE_ATTRIBUTE_NORMAL,
2702 0, /* oplock_request */
2703 0, /* allocation_size */
2704 0, /* private_flags */
2710 if (!NT_STATUS_IS_OK(status)) {
2711 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2712 nt_errstr(status)));
2716 status = can_set_delete_on_close(fsp, fattr);
2717 if (!NT_STATUS_IS_OK(status)) {
2718 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2720 smb_fname_str_dbg(smb_fname),
2721 nt_errstr(status)));
2722 close_file(req, fsp, NORMAL_CLOSE);
2726 /* The set is across all open files on this dev/inode pair. */
2727 if (!set_delete_on_close(fsp, True,
2728 conn->session_info->security_token,
2729 conn->session_info->unix_token)) {
2730 close_file(req, fsp, NORMAL_CLOSE);
2731 return NT_STATUS_ACCESS_DENIED;
2734 return close_file(req, fsp, NORMAL_CLOSE);
2737 /****************************************************************************
2738 The guts of the unlink command, split out so it may be called by the NT SMB
2740 ****************************************************************************/
2742 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2743 uint32 dirtype, struct smb_filename *smb_fname,
2746 char *fname_dir = NULL;
2747 char *fname_mask = NULL;
2749 NTSTATUS status = NT_STATUS_OK;
2750 TALLOC_CTX *ctx = talloc_tos();
2752 /* Split up the directory from the filename/mask. */
2753 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2754 &fname_dir, &fname_mask);
2755 if (!NT_STATUS_IS_OK(status)) {
2760 * We should only check the mangled cache
2761 * here if unix_convert failed. This means
2762 * that the path in 'mask' doesn't exist
2763 * on the file system and so we need to look
2764 * for a possible mangle. This patch from
2765 * Tine Smukavec <valentin.smukavec@hermes.si>.
2768 if (!VALID_STAT(smb_fname->st) &&
2769 mangle_is_mangled(fname_mask, conn->params)) {
2770 char *new_mask = NULL;
2771 mangle_lookup_name_from_8_3(ctx, fname_mask,
2772 &new_mask, conn->params);
2774 TALLOC_FREE(fname_mask);
2775 fname_mask = new_mask;
2782 * Only one file needs to be unlinked. Append the mask back
2783 * onto the directory.
2785 TALLOC_FREE(smb_fname->base_name);
2786 if (ISDOT(fname_dir)) {
2787 /* Ensure we use canonical names on open. */
2788 smb_fname->base_name = talloc_asprintf(smb_fname,
2792 smb_fname->base_name = talloc_asprintf(smb_fname,
2797 if (!smb_fname->base_name) {
2798 status = NT_STATUS_NO_MEMORY;
2802 dirtype = FILE_ATTRIBUTE_NORMAL;
2805 status = check_name(conn, smb_fname->base_name);
2806 if (!NT_STATUS_IS_OK(status)) {
2810 status = do_unlink(conn, req, smb_fname, dirtype);
2811 if (!NT_STATUS_IS_OK(status)) {
2817 struct smb_Dir *dir_hnd = NULL;
2819 const char *dname = NULL;
2820 char *talloced = NULL;
2822 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == FILE_ATTRIBUTE_DIRECTORY) {
2823 status = NT_STATUS_OBJECT_NAME_INVALID;
2827 if (strequal(fname_mask,"????????.???")) {
2828 TALLOC_FREE(fname_mask);
2829 fname_mask = talloc_strdup(ctx, "*");
2831 status = NT_STATUS_NO_MEMORY;
2836 status = check_name(conn, fname_dir);
2837 if (!NT_STATUS_IS_OK(status)) {
2841 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2843 if (dir_hnd == NULL) {
2844 status = map_nt_error_from_unix(errno);
2848 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2849 the pattern matches against the long name, otherwise the short name
2850 We don't implement this yet XXXX
2853 status = NT_STATUS_NO_SUCH_FILE;
2855 while ((dname = ReadDirName(dir_hnd, &offset,
2856 &smb_fname->st, &talloced))) {
2857 TALLOC_CTX *frame = talloc_stackframe();
2859 if (!is_visible_file(conn, fname_dir, dname,
2860 &smb_fname->st, true)) {
2862 TALLOC_FREE(talloced);
2866 /* Quick check for "." and ".." */
2867 if (ISDOT(dname) || ISDOTDOT(dname)) {
2869 TALLOC_FREE(talloced);
2873 if(!mask_match(dname, fname_mask,
2874 conn->case_sensitive)) {
2876 TALLOC_FREE(talloced);
2880 TALLOC_FREE(smb_fname->base_name);
2881 if (ISDOT(fname_dir)) {
2882 /* Ensure we use canonical names on open. */
2883 smb_fname->base_name =
2884 talloc_asprintf(smb_fname, "%s",
2887 smb_fname->base_name =
2888 talloc_asprintf(smb_fname, "%s/%s",
2892 if (!smb_fname->base_name) {
2893 TALLOC_FREE(dir_hnd);
2894 status = NT_STATUS_NO_MEMORY;
2896 TALLOC_FREE(talloced);
2900 status = check_name(conn, smb_fname->base_name);
2901 if (!NT_STATUS_IS_OK(status)) {
2902 TALLOC_FREE(dir_hnd);
2904 TALLOC_FREE(talloced);
2908 status = do_unlink(conn, req, smb_fname, dirtype);
2909 if (!NT_STATUS_IS_OK(status)) {
2911 TALLOC_FREE(talloced);
2916 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2917 smb_fname->base_name));
2920 TALLOC_FREE(talloced);
2922 TALLOC_FREE(dir_hnd);
2925 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2926 status = map_nt_error_from_unix(errno);
2930 TALLOC_FREE(fname_dir);
2931 TALLOC_FREE(fname_mask);
2935 /****************************************************************************
2937 ****************************************************************************/
2939 void reply_unlink(struct smb_request *req)
2941 connection_struct *conn = req->conn;
2943 struct smb_filename *smb_fname = NULL;
2946 bool path_contains_wcard = False;
2947 TALLOC_CTX *ctx = talloc_tos();
2949 START_PROFILE(SMBunlink);
2952 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2956 dirtype = SVAL(req->vwv+0, 0);
2958 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2959 STR_TERMINATE, &status,
2960 &path_contains_wcard);
2961 if (!NT_STATUS_IS_OK(status)) {
2962 reply_nterror(req, status);
2966 status = filename_convert(ctx, conn,
2967 req->flags2 & FLAGS2_DFS_PATHNAMES,
2969 UCF_COND_ALLOW_WCARD_LCOMP,
2970 &path_contains_wcard,
2972 if (!NT_STATUS_IS_OK(status)) {
2973 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2974 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2975 ERRSRV, ERRbadpath);
2978 reply_nterror(req, status);
2982 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2984 status = unlink_internals(conn, req, dirtype, smb_fname,
2985 path_contains_wcard);
2986 if (!NT_STATUS_IS_OK(status)) {
2987 if (open_was_deferred(req->sconn, req->mid)) {
2988 /* We have re-scheduled this call. */
2991 reply_nterror(req, status);
2995 reply_outbuf(req, 0, 0);
2997 TALLOC_FREE(smb_fname);
2998 END_PROFILE(SMBunlink);
3002 /****************************************************************************
3004 ****************************************************************************/
3006 static void fail_readraw(void)
3008 const char *errstr = talloc_asprintf(talloc_tos(),
3009 "FAIL ! reply_readbraw: socket write fail (%s)",
3014 exit_server_cleanly(errstr);
3017 /****************************************************************************
3018 Fake (read/write) sendfile. Returns -1 on read or write fail.
3019 ****************************************************************************/
3021 ssize_t fake_sendfile(files_struct *fsp, off_t startpos, size_t nread)
3024 size_t tosend = nread;
3031 bufsize = MIN(nread, 65536);
3033 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
3037 while (tosend > 0) {
3041 if (tosend > bufsize) {
3046 ret = read_file(fsp,buf,startpos,cur_read);
3052 /* If we had a short read, fill with zeros. */
3053 if (ret < cur_read) {
3054 memset(buf + ret, '\0', cur_read - ret);
3057 if (write_data(fsp->conn->sconn->sock, buf, cur_read)
3059 char addr[INET6_ADDRSTRLEN];
3061 * Try and give an error message saying what
3064 DEBUG(0, ("write_data failed for client %s. "
3066 get_peer_addr(fsp->conn->sconn->sock, addr,
3073 startpos += cur_read;
3077 return (ssize_t)nread;
3080 /****************************************************************************
3081 Deal with the case of sendfile reading less bytes from the file than
3082 requested. Fill with zeros (all we can do).
3083 ****************************************************************************/
3085 void sendfile_short_send(files_struct *fsp,
3090 #define SHORT_SEND_BUFSIZE 1024
3091 if (nread < headersize) {
3092 DEBUG(0,("sendfile_short_send: sendfile failed to send "
3093 "header for file %s (%s). Terminating\n",
3094 fsp_str_dbg(fsp), strerror(errno)));
3095 exit_server_cleanly("sendfile_short_send failed");
3098 nread -= headersize;
3100 if (nread < smb_maxcnt) {
3101 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
3103 exit_server_cleanly("sendfile_short_send: "
3107 DEBUG(0,("sendfile_short_send: filling truncated file %s "
3108 "with zeros !\n", fsp_str_dbg(fsp)));
3110 while (nread < smb_maxcnt) {
3112 * We asked for the real file size and told sendfile
3113 * to not go beyond the end of the file. But it can
3114 * happen that in between our fstat call and the
3115 * sendfile call the file was truncated. This is very
3116 * bad because we have already announced the larger
3117 * number of bytes to the client.
3119 * The best we can do now is to send 0-bytes, just as
3120 * a read from a hole in a sparse file would do.
3122 * This should happen rarely enough that I don't care
3123 * about efficiency here :-)
3127 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
3128 if (write_data(fsp->conn->sconn->sock, buf, to_write)
3130 char addr[INET6_ADDRSTRLEN];
3132 * Try and give an error message saying what
3135 DEBUG(0, ("write_data failed for client %s. "
3138 fsp->conn->sconn->sock, addr,
3141 exit_server_cleanly("sendfile_short_send: "
3142 "write_data failed");
3150 /****************************************************************************
3151 Return a readbraw error (4 bytes of zero).
3152 ****************************************************************************/
3154 static void reply_readbraw_error(struct smbd_server_connection *sconn)
3160 smbd_lock_socket(sconn);
3161 if (write_data(sconn->sock,header,4) != 4) {
3162 char addr[INET6_ADDRSTRLEN];
3164 * Try and give an error message saying what
3167 DEBUG(0, ("write_data failed for client %s. "
3169 get_peer_addr(sconn->sock, addr, sizeof(addr)),
3174 smbd_unlock_socket(sconn);
3177 /****************************************************************************
3178 Use sendfile in readbraw.
3179 ****************************************************************************/
3181 static void send_file_readbraw(connection_struct *conn,
3182 struct smb_request *req,
3188 struct smbd_server_connection *sconn = req->sconn;
3189 char *outbuf = NULL;
3193 * We can only use sendfile on a non-chained packet
3194 * but we can use on a non-oplocked file. tridge proved this
3195 * on a train in Germany :-). JRA.
3196 * reply_readbraw has already checked the length.
3199 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
3200 (fsp->wcp == NULL) &&
3201 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3202 ssize_t sendfile_read = -1;
3204 DATA_BLOB header_blob;
3206 _smb_setlen(header,nread);
3207 header_blob = data_blob_const(header, 4);
3209 sendfile_read = SMB_VFS_SENDFILE(sconn->sock, fsp,
3210 &header_blob, startpos,
3212 if (sendfile_read == -1) {
3213 /* Returning ENOSYS means no data at all was sent.
3214 * Do this as a normal read. */
3215 if (errno == ENOSYS) {
3216 goto normal_readbraw;
3220 * Special hack for broken Linux with no working sendfile. If we
3221 * return EINTR we sent the header but not the rest of the data.
3222 * Fake this up by doing read/write calls.
3224 if (errno == EINTR) {
3225 /* Ensure we don't do this again. */
3226 set_use_sendfile(SNUM(conn), False);
3227 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
3229 if (fake_sendfile(fsp, startpos, nread) == -1) {
3230 DEBUG(0,("send_file_readbraw: "
3231 "fake_sendfile failed for "
3235 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
3240 DEBUG(0,("send_file_readbraw: sendfile failed for "
3241 "file %s (%s). Terminating\n",
3242 fsp_str_dbg(fsp), strerror(errno)));
3243 exit_server_cleanly("send_file_readbraw sendfile failed");
3244 } else if (sendfile_read == 0) {
3246 * Some sendfile implementations return 0 to indicate
3247 * that there was a short read, but nothing was
3248 * actually written to the socket. In this case,
3249 * fallback to the normal read path so the header gets
3250 * the correct byte count.
3252 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
3253 "bytes falling back to the normal read: "
3254 "%s\n", fsp_str_dbg(fsp)));
3255 goto normal_readbraw;
3258 /* Deal with possible short send. */
3259 if (sendfile_read != 4+nread) {
3260 sendfile_short_send(fsp, sendfile_read, 4, nread);
3267 outbuf = talloc_array(NULL, char, nread+4);
3269 DEBUG(0,("send_file_readbraw: talloc_array failed for size %u.\n",
3270 (unsigned)(nread+4)));
3271 reply_readbraw_error(sconn);
3276 ret = read_file(fsp,outbuf+4,startpos,nread);
3277 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3286 _smb_setlen(outbuf,ret);
3287 if (write_data(sconn->sock, outbuf, 4+ret) != 4+ret) {
3288 char addr[INET6_ADDRSTRLEN];
3290 * Try and give an error message saying what
3293 DEBUG(0, ("write_data failed for client %s. "
3295 get_peer_addr(fsp->conn->sconn->sock, addr,
3302 TALLOC_FREE(outbuf);
3305 /****************************************************************************
3306 Reply to a readbraw (core+ protocol).
3307 ****************************************************************************/
3309 void reply_readbraw(struct smb_request *req)
3311 connection_struct *conn = req->conn;
3312 struct smbd_server_connection *sconn = req->sconn;
3313 ssize_t maxcount,mincount;
3317 struct lock_struct lock;
3320 START_PROFILE(SMBreadbraw);
3322 if (srv_is_signing_active(sconn) || req->encrypted) {
3323 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3324 "raw reads/writes are disallowed.");
3328 reply_readbraw_error(sconn);
3329 END_PROFILE(SMBreadbraw);
3333 if (sconn->smb1.echo_handler.trusted_fde) {
3334 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3335 "'async smb echo handler = yes'\n"));
3336 reply_readbraw_error(sconn);
3337 END_PROFILE(SMBreadbraw);
3342 * Special check if an oplock break has been issued
3343 * and the readraw request croses on the wire, we must
3344 * return a zero length response here.
3347 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3350 * We have to do a check_fsp by hand here, as
3351 * we must always return 4 zero bytes on error,
3355 if (!fsp || !conn || conn != fsp->conn ||
3356 req->vuid != fsp->vuid ||
3357 fsp->is_directory || fsp->fh->fd == -1) {
3359 * fsp could be NULL here so use the value from the packet. JRA.
3361 DEBUG(3,("reply_readbraw: fnum %d not valid "
3363 (int)SVAL(req->vwv+0, 0)));
3364 reply_readbraw_error(sconn);
3365 END_PROFILE(SMBreadbraw);
3369 /* Do a "by hand" version of CHECK_READ. */
3370 if (!(fsp->can_read ||
3371 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3372 (fsp->access_mask & FILE_EXECUTE)))) {
3373 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3374 (int)SVAL(req->vwv+0, 0)));
3375 reply_readbraw_error(sconn);
3376 END_PROFILE(SMBreadbraw);
3380 flush_write_cache(fsp, READRAW_FLUSH);
3382 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3383 if(req->wct == 10) {
3385 * This is a large offset (64 bit) read.
3388 startpos |= (((off_t)IVAL(req->vwv+8, 0)) << 32);
3391 DEBUG(0,("reply_readbraw: negative 64 bit "
3392 "readraw offset (%.0f) !\n",
3393 (double)startpos ));
3394 reply_readbraw_error(sconn);
3395 END_PROFILE(SMBreadbraw);
3400 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3401 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3403 /* ensure we don't overrun the packet size */
3404 maxcount = MIN(65535,maxcount);
3406 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3407 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3410 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3411 reply_readbraw_error(sconn);
3412 END_PROFILE(SMBreadbraw);
3416 if (fsp_stat(fsp) == 0) {
3417 size = fsp->fsp_name->st.st_ex_size;
3420 if (startpos >= size) {
3423 nread = MIN(maxcount,(size - startpos));
3426 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3427 if (nread < mincount)
3431 DEBUG( 3, ( "reply_readbraw: %s start=%.0f max=%lu "
3432 "min=%lu nread=%lu\n",
3433 fsp_fnum_dbg(fsp), (double)startpos,
3434 (unsigned long)maxcount,
3435 (unsigned long)mincount,
3436 (unsigned long)nread ) );
3438 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3440 DEBUG(5,("reply_readbraw finished\n"));
3442 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3444 END_PROFILE(SMBreadbraw);
3449 #define DBGC_CLASS DBGC_LOCKING
3451 /****************************************************************************
3452 Reply to a lockread (core+ protocol).
3453 ****************************************************************************/
3455 void reply_lockread(struct smb_request *req)
3457 connection_struct *conn = req->conn;
3464 struct byte_range_lock *br_lck = NULL;
3466 struct smbd_server_connection *sconn = req->sconn;
3468 START_PROFILE(SMBlockread);
3471 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3472 END_PROFILE(SMBlockread);
3476 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3478 if (!check_fsp(conn, req, fsp)) {
3479 END_PROFILE(SMBlockread);
3483 if (!CHECK_READ(fsp,req)) {
3484 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3485 END_PROFILE(SMBlockread);
3489 numtoread = SVAL(req->vwv+1, 0);
3490 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3492 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3494 reply_outbuf(req, 5, numtoread + 3);
3496 data = smb_buf(req->outbuf) + 3;
3499 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3500 * protocol request that predates the read/write lock concept.
3501 * Thus instead of asking for a read lock here we need to ask
3502 * for a write lock. JRA.
3503 * Note that the requested lock size is unaffected by max_recv.
3506 br_lck = do_lock(req->sconn->msg_ctx,
3508 (uint64_t)req->smbpid,
3509 (uint64_t)numtoread,
3513 False, /* Non-blocking lock. */
3517 TALLOC_FREE(br_lck);
3519 if (NT_STATUS_V(status)) {
3520 reply_nterror(req, status);
3521 END_PROFILE(SMBlockread);
3526 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3529 if (numtoread > sconn->smb1.negprot.max_recv) {
3530 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3531 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3532 (unsigned int)numtoread,
3533 (unsigned int)sconn->smb1.negprot.max_recv));
3534 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3536 nread = read_file(fsp,data,startpos,numtoread);
3539 reply_nterror(req, map_nt_error_from_unix(errno));
3540 END_PROFILE(SMBlockread);
3544 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3546 SSVAL(req->outbuf,smb_vwv0,nread);
3547 SSVAL(req->outbuf,smb_vwv5,nread+3);
3548 p = smb_buf(req->outbuf);
3549 SCVAL(p,0,0); /* pad byte. */
3552 DEBUG(3,("lockread %s num=%d nread=%d\n",
3553 fsp_fnum_dbg(fsp), (int)numtoread, (int)nread));
3555 END_PROFILE(SMBlockread);
3560 #define DBGC_CLASS DBGC_ALL
3562 /****************************************************************************
3564 ****************************************************************************/
3566 void reply_read(struct smb_request *req)
3568 connection_struct *conn = req->conn;
3575 struct lock_struct lock;
3576 struct smbd_server_connection *sconn = req->sconn;
3578 START_PROFILE(SMBread);
3581 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3582 END_PROFILE(SMBread);
3586 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3588 if (!check_fsp(conn, req, fsp)) {
3589 END_PROFILE(SMBread);
3593 if (!CHECK_READ(fsp,req)) {
3594 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3595 END_PROFILE(SMBread);
3599 numtoread = SVAL(req->vwv+1, 0);
3600 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3602 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3605 * The requested read size cannot be greater than max_recv. JRA.
3607 if (numtoread > sconn->smb1.negprot.max_recv) {
3608 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3609 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3610 (unsigned int)numtoread,
3611 (unsigned int)sconn->smb1.negprot.max_recv));
3612 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3615 reply_outbuf(req, 5, numtoread+3);
3617 data = smb_buf(req->outbuf) + 3;
3619 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3620 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3623 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3624 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3625 END_PROFILE(SMBread);
3630 nread = read_file(fsp,data,startpos,numtoread);
3633 reply_nterror(req, map_nt_error_from_unix(errno));
3637 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3639 SSVAL(req->outbuf,smb_vwv0,nread);
3640 SSVAL(req->outbuf,smb_vwv5,nread+3);
3641 SCVAL(smb_buf(req->outbuf),0,1);
3642 SSVAL(smb_buf(req->outbuf),1,nread);
3644 DEBUG(3, ("read %s num=%d nread=%d\n",
3645 fsp_fnum_dbg(fsp), (int)numtoread, (int)nread));
3648 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3650 END_PROFILE(SMBread);
3654 /****************************************************************************
3656 ****************************************************************************/
3658 static int setup_readX_header(struct smb_request *req, char *outbuf,
3663 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3665 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3667 SCVAL(outbuf,smb_vwv0,0xFF);
3668 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3669 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3670 SSVAL(outbuf,smb_vwv6,
3671 (smb_wct - 4) /* offset from smb header to wct */
3672 + 1 /* the wct field */
3673 + 12 * sizeof(uint16_t) /* vwv */
3674 + 2); /* the buflen field */
3675 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3676 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3677 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3678 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3682 /****************************************************************************
3683 Reply to a read and X - possibly using sendfile.
3684 ****************************************************************************/
3686 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3687 files_struct *fsp, off_t startpos,
3691 struct lock_struct lock;
3692 int saved_errno = 0;
3694 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3695 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3698 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3699 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3704 * We can only use sendfile on a non-chained packet
3705 * but we can use on a non-oplocked file. tridge proved this
3706 * on a train in Germany :-). JRA.
3709 if (!req_is_in_chain(req) &&
3711 (fsp->base_fsp == NULL) &&
3712 (fsp->wcp == NULL) &&
3713 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3714 uint8 headerbuf[smb_size + 12 * 2];
3717 if(fsp_stat(fsp) == -1) {
3718 reply_nterror(req, map_nt_error_from_unix(errno));
3722 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3723 (startpos > fsp->fsp_name->st.st_ex_size) ||
3724 (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3726 * We already know that we would do a short read, so don't
3727 * try the sendfile() path.
3729 goto nosendfile_read;
3733 * Set up the packet header before send. We
3734 * assume here the sendfile will work (get the
3735 * correct amount of data).
3738 header = data_blob_const(headerbuf, sizeof(headerbuf));
3740 construct_reply_common_req(req, (char *)headerbuf);
3741 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3743 nread = SMB_VFS_SENDFILE(req->sconn->sock, fsp, &header,
3744 startpos, smb_maxcnt);
3746 /* Returning ENOSYS means no data at all was sent.
3747 Do this as a normal read. */
3748 if (errno == ENOSYS) {
3753 * Special hack for broken Linux with no working sendfile. If we
3754 * return EINTR we sent the header but not the rest of the data.
3755 * Fake this up by doing read/write calls.
3758 if (errno == EINTR) {
3759 /* Ensure we don't do this again. */
3760 set_use_sendfile(SNUM(conn), False);
3761 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3762 nread = fake_sendfile(fsp, startpos,
3765 DEBUG(0,("send_file_readX: "
3766 "fake_sendfile failed for "
3770 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3772 DEBUG(3, ("send_file_readX: fake_sendfile %s max=%d nread=%d\n",
3773 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3774 /* No outbuf here means successful sendfile. */
3778 DEBUG(0,("send_file_readX: sendfile failed for file "
3779 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3781 exit_server_cleanly("send_file_readX sendfile failed");
3782 } else if (nread == 0) {
3784 * Some sendfile implementations return 0 to indicate
3785 * that there was a short read, but nothing was
3786 * actually written to the socket. In this case,
3787 * fallback to the normal read path so the header gets
3788 * the correct byte count.
3790 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3791 "falling back to the normal read: %s\n",
3796 DEBUG(3, ("send_file_readX: sendfile %s max=%d nread=%d\n",
3797 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3799 /* Deal with possible short send. */
3800 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3801 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3803 /* No outbuf here means successful sendfile. */
3804 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3805 SMB_PERFCOUNT_END(&req->pcd);
3811 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3812 uint8 headerbuf[smb_size + 2*12];
3814 construct_reply_common_req(req, (char *)headerbuf);
3815 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3817 /* Send out the header. */
3818 if (write_data(req->sconn->sock, (char *)headerbuf,
3819 sizeof(headerbuf)) != sizeof(headerbuf)) {
3821 char addr[INET6_ADDRSTRLEN];
3823 * Try and give an error message saying what
3826 DEBUG(0, ("write_data failed for client %s. "
3828 get_peer_addr(req->sconn->sock, addr,
3832 DEBUG(0,("send_file_readX: write_data failed for file "
3833 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3835 exit_server_cleanly("send_file_readX sendfile failed");
3837 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3839 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3840 "file %s (%s).\n", fsp_str_dbg(fsp),
3842 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3849 reply_outbuf(req, 12, smb_maxcnt);
3850 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
3851 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
3853 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3854 saved_errno = errno;
3856 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3859 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3863 setup_readX_header(req, (char *)req->outbuf, nread);
3865 DEBUG(3, ("send_file_readX %s max=%d nread=%d\n",
3866 fsp_fnum_dbg(fsp), (int)smb_maxcnt, (int)nread));
3870 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3871 TALLOC_FREE(req->outbuf);
3875 /****************************************************************************
3876 Work out how much space we have for a read return.
3877 ****************************************************************************/
3879 static size_t calc_max_read_pdu(const struct smb_request *req)
3881 if (req->sconn->conn->protocol < PROTOCOL_NT1) {
3882 return req->sconn->smb1.sessions.max_send;
3885 if (!lp_large_readwrite()) {
3886 return req->sconn->smb1.sessions.max_send;
3889 if (req_is_in_chain(req)) {
3890 return req->sconn->smb1.sessions.max_send;
3893 if (req->encrypted) {
3895 * Don't take encrypted traffic up to the
3896 * limit. There are padding considerations
3897 * that make that tricky.
3899 return req->sconn->smb1.sessions.max_send;
3902 if (srv_is_signing_active(req->sconn)) {
3906 if (!lp_unix_extensions()) {
3911 * We can do ultra-large POSIX reads.
3916 /****************************************************************************
3917 Calculate how big a read can be. Copes with all clients. It's always
3918 safe to return a short read - Windows does this.
3919 ****************************************************************************/
3921 static size_t calc_read_size(const struct smb_request *req,
3925 size_t max_pdu = calc_max_read_pdu(req);
3926 size_t total_size = 0;
3927 size_t hdr_len = MIN_SMB_SIZE + VWV(12);
3928 size_t max_len = max_pdu - hdr_len;
3931 * Windows explicitly ignores upper size of 0xFFFF.
3932 * See [MS-SMB].pdf <26> Section 2.2.4.2.1:
3933 * We must do the same as these will never fit even in
3934 * an extended size NetBIOS packet.
3936 if (upper_size == 0xFFFF) {
3940 if (req->sconn->conn->protocol < PROTOCOL_NT1) {
3944 total_size = ((upper_size<<16) | lower_size);
3947 * LARGE_READX test shows it's always safe to return
3948 * a short read. Windows does so.
3950 return MIN(total_size, max_len);
3953 /****************************************************************************
3954 Reply to a read and X.
3955 ****************************************************************************/
3957 void reply_read_and_X(struct smb_request *req)
3959 connection_struct *conn = req->conn;
3964 bool big_readX = False;
3966 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3969 START_PROFILE(SMBreadX);
3971 if ((req->wct != 10) && (req->wct != 12)) {
3972 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3976 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3977 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3978 smb_maxcnt = SVAL(req->vwv+5, 0);
3980 /* If it's an IPC, pass off the pipe handler. */
3982 reply_pipe_read_and_X(req);
3983 END_PROFILE(SMBreadX);
3987 if (!check_fsp(conn, req, fsp)) {
3988 END_PROFILE(SMBreadX);
3992 if (!CHECK_READ(fsp,req)) {
3993 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3994 END_PROFILE(SMBreadX);
3998 upper_size = SVAL(req->vwv+7, 0);
3999 smb_maxcnt = calc_read_size(req, upper_size, smb_maxcnt);
4000 if (smb_maxcnt > (0x1FFFF - (MIN_SMB_SIZE + VWV(12)))) {
4002 * This is a heuristic to avoid keeping large
4003 * outgoing buffers around over long-lived aio
4009 if (req->wct == 12) {
4011 * This is a large offset (64 bit) read.
4013 startpos |= (((off_t)IVAL(req->vwv+10, 0)) << 32);
4018 NTSTATUS status = schedule_aio_read_and_X(conn,
4023 if (NT_STATUS_IS_OK(status)) {
4024 /* Read scheduled - we're done. */
4027 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4028 /* Real error - report to client. */
4029 END_PROFILE(SMBreadX);
4030 reply_nterror(req, status);
4033 /* NT_STATUS_RETRY - fall back to sync read. */
4036 smbd_lock_socket(req->sconn);
4037 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
4038 smbd_unlock_socket(req->sconn);
4041 END_PROFILE(SMBreadX);
4045 /****************************************************************************
4046 Error replies to writebraw must have smb_wct == 1. Fix this up.
4047 ****************************************************************************/
4049 void error_to_writebrawerr(struct smb_request *req)
4051 uint8 *old_outbuf = req->outbuf;
4053 reply_outbuf(req, 1, 0);
4055 memcpy(req->outbuf, old_outbuf, smb_size);
4056 TALLOC_FREE(old_outbuf);
4059 /****************************************************************************
4060 Read 4 bytes of a smb packet and return the smb length of the packet.
4061 Store the result in the buffer. This version of the function will
4062 never return a session keepalive (length of zero).
4063 Timeout is in milliseconds.
4064 ****************************************************************************/
4066 static NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
4069 uint8_t msgtype = NBSSkeepalive;
4071 while (msgtype == NBSSkeepalive) {
4074 status = read_smb_length_return_keepalive(fd, inbuf, timeout,
4076 if (!NT_STATUS_IS_OK(status)) {
4077 char addr[INET6_ADDRSTRLEN];
4078 /* Try and give an error message
4079 * saying what client failed. */
4080 DEBUG(0, ("read_fd_with_timeout failed for "
4081 "client %s read error = %s.\n",
4082 get_peer_addr(fd,addr,sizeof(addr)),
4083 nt_errstr(status)));
4087 msgtype = CVAL(inbuf, 0);
4090 DEBUG(10,("read_smb_length: got smb length of %lu\n",
4091 (unsigned long)len));
4093 return NT_STATUS_OK;
4096 /****************************************************************************
4097 Reply to a writebraw (core+ or LANMAN1.0 protocol).
4098 ****************************************************************************/
4100 void reply_writebraw(struct smb_request *req)
4102 connection_struct *conn = req->conn;
4105 ssize_t total_written=0;
4106 size_t numtowrite=0;
4109 const char *data=NULL;
4112 struct lock_struct lock;
4115 START_PROFILE(SMBwritebraw);
4118 * If we ever reply with an error, it must have the SMB command
4119 * type of SMBwritec, not SMBwriteBraw, as this tells the client
4122 SCVAL(discard_const_p(uint8_t, req->inbuf),smb_com,SMBwritec);
4124 if (srv_is_signing_active(req->sconn)) {
4125 END_PROFILE(SMBwritebraw);
4126 exit_server_cleanly("reply_writebraw: SMB signing is active - "
4127 "raw reads/writes are disallowed.");
4130 if (req->wct < 12) {
4131 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4132 error_to_writebrawerr(req);
4133 END_PROFILE(SMBwritebraw);
4137 if (req->sconn->smb1.echo_handler.trusted_fde) {
4138 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
4139 "'async smb echo handler = yes'\n"));
4140 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
4141 error_to_writebrawerr(req);
4142 END_PROFILE(SMBwritebraw);
4146 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4147 if (!check_fsp(conn, req, fsp)) {
4148 error_to_writebrawerr(req);
4149 END_PROFILE(SMBwritebraw);
4153 if (!CHECK_WRITE(fsp)) {
4154 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4155 error_to_writebrawerr(req);
4156 END_PROFILE(SMBwritebraw);
4160 tcount = IVAL(req->vwv+1, 0);
4161 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4162 write_through = BITSETW(req->vwv+7,0);
4164 /* We have to deal with slightly different formats depending
4165 on whether we are using the core+ or lanman1.0 protocol */
4167 if(get_Protocol() <= PROTOCOL_COREPLUS) {
4168 numtowrite = SVAL(smb_buf_const(req->inbuf),-2);
4169 data = smb_buf_const(req->inbuf);
4171 numtowrite = SVAL(req->vwv+10, 0);
4172 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
4175 /* Ensure we don't write bytes past the end of this packet. */
4176 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
4177 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4178 error_to_writebrawerr(req);
4179 END_PROFILE(SMBwritebraw);
4183 if (!fsp->print_file) {
4184 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4185 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
4188 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4189 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4190 error_to_writebrawerr(req);
4191 END_PROFILE(SMBwritebraw);
4197 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4200 DEBUG(3, ("reply_writebraw: initial write %s start=%.0f num=%d "
4201 "wrote=%d sync=%d\n",
4202 fsp_fnum_dbg(fsp), (double)startpos, (int)numtowrite,
4203 (int)nwritten, (int)write_through));
4205 if (nwritten < (ssize_t)numtowrite) {
4206 reply_nterror(req, NT_STATUS_DISK_FULL);
4207 error_to_writebrawerr(req);
4211 total_written = nwritten;
4213 /* Allocate a buffer of 64k + length. */
4214 buf = talloc_array(NULL, char, 65540);
4216 reply_nterror(req, NT_STATUS_NO_MEMORY);
4217 error_to_writebrawerr(req);
4221 /* Return a SMBwritebraw message to the redirector to tell
4222 * it to send more bytes */
4224 memcpy(buf, req->inbuf, smb_size);
4225 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
4226 SCVAL(buf,smb_com,SMBwritebraw);
4227 SSVALS(buf,smb_vwv0,0xFFFF);
4229 if (!srv_send_smb(req->sconn,
4231 false, 0, /* no signing */
4232 IS_CONN_ENCRYPTED(conn),
4234 exit_server_cleanly("reply_writebraw: srv_send_smb "
4238 /* Now read the raw data into the buffer and write it */
4239 status = read_smb_length(req->sconn->sock, buf, SMB_SECONDARY_WAIT,
4241 if (!NT_STATUS_IS_OK(status)) {
4242 exit_server_cleanly("secondary writebraw failed");
4245 /* Set up outbuf to return the correct size */
4246 reply_outbuf(req, 1, 0);
4248 if (numtowrite != 0) {
4250 if (numtowrite > 0xFFFF) {
4251 DEBUG(0,("reply_writebraw: Oversize secondary write "
4252 "raw requested (%u). Terminating\n",
4253 (unsigned int)numtowrite ));
4254 exit_server_cleanly("secondary writebraw failed");
4257 if (tcount > nwritten+numtowrite) {
4258 DEBUG(3,("reply_writebraw: Client overestimated the "
4260 (int)tcount,(int)nwritten,(int)numtowrite));
4263 status = read_data(req->sconn->sock, buf+4, numtowrite);
4265 if (!NT_STATUS_IS_OK(status)) {
4266 char addr[INET6_ADDRSTRLEN];
4267 /* Try and give an error message
4268 * saying what client failed. */
4269 DEBUG(0, ("reply_writebraw: Oversize secondary write "
4270 "raw read failed (%s) for client %s. "
4271 "Terminating\n", nt_errstr(status),
4272 get_peer_addr(req->sconn->sock, addr,
4274 exit_server_cleanly("secondary writebraw failed");
4277 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
4278 if (nwritten == -1) {
4280 reply_nterror(req, map_nt_error_from_unix(errno));
4281 error_to_writebrawerr(req);
4285 if (nwritten < (ssize_t)numtowrite) {
4286 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4287 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4291 total_written += nwritten;
4296 SSVAL(req->outbuf,smb_vwv0,total_written);
4298 status = sync_file(conn, fsp, write_through);
4299 if (!NT_STATUS_IS_OK(status)) {
4300 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
4301 fsp_str_dbg(fsp), nt_errstr(status)));
4302 reply_nterror(req, status);
4303 error_to_writebrawerr(req);
4307 DEBUG(3,("reply_writebraw: secondart write %s start=%.0f num=%d "
4309 fsp_fnum_dbg(fsp), (double)startpos, (int)numtowrite,
4310 (int)total_written));
4312 if (!fsp->print_file) {
4313 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4316 /* We won't return a status if write through is not selected - this
4317 * follows what WfWg does */
4318 END_PROFILE(SMBwritebraw);
4320 if (!write_through && total_written==tcount) {
4322 #if RABBIT_PELLET_FIX
4324 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
4325 * sending a NBSSkeepalive. Thanks to DaveCB at Sun for this.
4328 if (!send_keepalive(req->sconn->sock)) {
4329 exit_server_cleanly("reply_writebraw: send of "
4330 "keepalive failed");
4333 TALLOC_FREE(req->outbuf);
4338 if (!fsp->print_file) {
4339 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4342 END_PROFILE(SMBwritebraw);
4347 #define DBGC_CLASS DBGC_LOCKING
4349 /****************************************************************************
4350 Reply to a writeunlock (core+).
4351 ****************************************************************************/
4353 void reply_writeunlock(struct smb_request *req)
4355 connection_struct *conn = req->conn;
4356 ssize_t nwritten = -1;
4360 NTSTATUS status = NT_STATUS_OK;
4362 struct lock_struct lock;
4363 int saved_errno = 0;
4365 START_PROFILE(SMBwriteunlock);
4368 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4369 END_PROFILE(SMBwriteunlock);
4373 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4375 if (!check_fsp(conn, req, fsp)) {
4376 END_PROFILE(SMBwriteunlock);
4380 if (!CHECK_WRITE(fsp)) {
4381 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4382 END_PROFILE(SMBwriteunlock);
4386 numtowrite = SVAL(req->vwv+1, 0);
4387 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4388 data = (const char *)req->buf + 3;
4390 if (!fsp->print_file && numtowrite > 0) {
4391 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4392 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4395 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4396 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4397 END_PROFILE(SMBwriteunlock);
4402 /* The special X/Open SMB protocol handling of
4403 zero length writes is *NOT* done for
4405 if(numtowrite == 0) {
4408 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4409 saved_errno = errno;
4412 status = sync_file(conn, fsp, False /* write through */);
4413 if (!NT_STATUS_IS_OK(status)) {
4414 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4415 fsp_str_dbg(fsp), nt_errstr(status)));
4416 reply_nterror(req, status);
4421 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4425 if((nwritten < numtowrite) && (numtowrite != 0)) {
4426 reply_nterror(req, NT_STATUS_DISK_FULL);
4430 if (numtowrite && !fsp->print_file) {
4431 status = do_unlock(req->sconn->msg_ctx,
4433 (uint64_t)req->smbpid,
4434 (uint64_t)numtowrite,
4438 if (NT_STATUS_V(status)) {
4439 reply_nterror(req, status);
4444 reply_outbuf(req, 1, 0);
4446 SSVAL(req->outbuf,smb_vwv0,nwritten);
4448 DEBUG(3, ("writeunlock %s num=%d wrote=%d\n",
4449 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4452 if (numtowrite && !fsp->print_file) {
4453 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4456 END_PROFILE(SMBwriteunlock);
4461 #define DBGC_CLASS DBGC_ALL
4463 /****************************************************************************
4465 ****************************************************************************/
4467 void reply_write(struct smb_request *req)
4469 connection_struct *conn = req->conn;
4471 ssize_t nwritten = -1;
4475 struct lock_struct lock;
4477 int saved_errno = 0;
4479 START_PROFILE(SMBwrite);
4482 END_PROFILE(SMBwrite);
4483 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4487 /* If it's an IPC, pass off the pipe handler. */
4489 reply_pipe_write(req);
4490 END_PROFILE(SMBwrite);
4494 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4496 if (!check_fsp(conn, req, fsp)) {
4497 END_PROFILE(SMBwrite);
4501 if (!CHECK_WRITE(fsp)) {
4502 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4503 END_PROFILE(SMBwrite);
4507 numtowrite = SVAL(req->vwv+1, 0);
4508 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4509 data = (const char *)req->buf + 3;
4511 if (!fsp->print_file) {
4512 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4513 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4516 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4517 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4518 END_PROFILE(SMBwrite);
4524 * X/Open SMB protocol says that if smb_vwv1 is
4525 * zero then the file size should be extended or
4526 * truncated to the size given in smb_vwv[2-3].
4529 if(numtowrite == 0) {
4531 * This is actually an allocate call, and set EOF. JRA.
4533 nwritten = vfs_allocate_file_space(fsp, (off_t)startpos);
4535 reply_nterror(req, NT_STATUS_DISK_FULL);
4538 nwritten = vfs_set_filelen(fsp, (off_t)startpos);
4540 reply_nterror(req, NT_STATUS_DISK_FULL);
4543 trigger_write_time_update_immediate(fsp);
4545 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4548 status = sync_file(conn, fsp, False);
4549 if (!NT_STATUS_IS_OK(status)) {
4550 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4551 fsp_str_dbg(fsp), nt_errstr(status)));
4552 reply_nterror(req, status);
4557 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4561 if((nwritten == 0) && (numtowrite != 0)) {
4562 reply_nterror(req, NT_STATUS_DISK_FULL);
4566 reply_outbuf(req, 1, 0);
4568 SSVAL(req->outbuf,smb_vwv0,nwritten);
4570 if (nwritten < (ssize_t)numtowrite) {
4571 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4572 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4575 DEBUG(3, ("write %s num=%d wrote=%d\n", fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4578 if (!fsp->print_file) {
4579 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4582 END_PROFILE(SMBwrite);
4586 /****************************************************************************
4587 Ensure a buffer is a valid writeX for recvfile purposes.
4588 ****************************************************************************/
4590 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4591 (2*14) + /* word count (including bcc) */ \
4594 bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
4595 const uint8_t *inbuf)
4598 connection_struct *conn = NULL;
4599 unsigned int doff = 0;
4600 size_t len = smb_len_large(inbuf);
4601 struct smbXsrv_tcon *tcon;
4605 if (is_encrypted_packet(sconn, inbuf)) {
4606 /* Can't do this on encrypted
4611 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4615 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4616 CVAL(inbuf,smb_wct) != 14) {
4617 DEBUG(10,("is_valid_writeX_buffer: chained or "
4618 "invalid word length.\n"));
4622 status = smb1srv_tcon_lookup(sconn->conn, SVAL(inbuf, smb_tid),
4624 if (!NT_STATUS_IS_OK(status)) {
4625 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4628 conn = tcon->compat;
4631 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4634 if (IS_PRINT(conn)) {
4635 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4638 doff = SVAL(inbuf,smb_vwv11);
4640 numtowrite = SVAL(inbuf,smb_vwv10);
4642 if (len > doff && len - doff > 0xFFFF) {
4643 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4646 if (numtowrite == 0) {
4647 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4651 /* Ensure the sizes match up. */
4652 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4653 /* no pad byte...old smbclient :-( */
4654 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4656 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4660 if (len - doff != numtowrite) {
4661 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4662 "len = %u, doff = %u, numtowrite = %u\n",
4665 (unsigned int)numtowrite ));
4669 DEBUG(10,("is_valid_writeX_buffer: true "
4670 "len = %u, doff = %u, numtowrite = %u\n",
4673 (unsigned int)numtowrite ));
4678 /****************************************************************************
4679 Reply to a write and X.
4680 ****************************************************************************/
4682 void reply_write_and_X(struct smb_request *req)
4684 connection_struct *conn = req->conn;
4686 struct lock_struct lock;
4691 unsigned int smb_doff;
4692 unsigned int smblen;
4695 int saved_errno = 0;
4697 START_PROFILE(SMBwriteX);
4699 if ((req->wct != 12) && (req->wct != 14)) {
4700 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4704 numtowrite = SVAL(req->vwv+10, 0);
4705 smb_doff = SVAL(req->vwv+11, 0);
4706 smblen = smb_len(req->inbuf);
4708 if (req->unread_bytes > 0xFFFF ||
4709 (smblen > smb_doff &&
4710 smblen - smb_doff > 0xFFFF)) {
4711 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4714 if (req->unread_bytes) {
4715 /* Can't do a recvfile write on IPC$ */
4717 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4720 if (numtowrite != req->unread_bytes) {
4721 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4725 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4726 smb_doff + numtowrite > smblen) {
4727 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4732 /* If it's an IPC, pass off the pipe handler. */
4734 if (req->unread_bytes) {
4735 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4738 reply_pipe_write_and_X(req);
4742 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4743 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4744 write_through = BITSETW(req->vwv+7,0);
4746 if (!check_fsp(conn, req, fsp)) {
4750 if (!CHECK_WRITE(fsp)) {
4751 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4755 data = smb_base(req->inbuf) + smb_doff;
4757 if(req->wct == 14) {
4759 * This is a large offset (64 bit) write.
4761 startpos |= (((off_t)IVAL(req->vwv+12, 0)) << 32);
4765 /* X/Open SMB protocol says that, unlike SMBwrite
4766 if the length is zero then NO truncation is
4767 done, just a write of zero. To truncate a file,
4770 if(numtowrite == 0) {
4773 if (req->unread_bytes == 0) {
4774 status = schedule_aio_write_and_X(conn,
4781 if (NT_STATUS_IS_OK(status)) {
4782 /* write scheduled - we're done. */
4785 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4786 /* Real error - report to client. */
4787 reply_nterror(req, status);
4790 /* NT_STATUS_RETRY - fall through to sync write. */
4793 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4794 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4797 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4798 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4802 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4803 saved_errno = errno;
4805 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4809 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4813 if((nwritten == 0) && (numtowrite != 0)) {
4814 reply_nterror(req, NT_STATUS_DISK_FULL);
4818 reply_outbuf(req, 6, 0);
4819 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
4820 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
4821 SSVAL(req->outbuf,smb_vwv2,nwritten);
4822 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4824 DEBUG(3,("writeX %s num=%d wrote=%d\n",
4825 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten));
4827 status = sync_file(conn, fsp, write_through);
4828 if (!NT_STATUS_IS_OK(status)) {
4829 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4830 fsp_str_dbg(fsp), nt_errstr(status)));
4831 reply_nterror(req, status);
4835 END_PROFILE(SMBwriteX);
4839 if (req->unread_bytes) {
4840 /* writeX failed. drain socket. */
4841 if (drain_socket(req->sconn->sock, req->unread_bytes) !=
4842 req->unread_bytes) {
4843 smb_panic("failed to drain pending bytes");
4845 req->unread_bytes = 0;
4848 END_PROFILE(SMBwriteX);
4852 /****************************************************************************
4854 ****************************************************************************/
4856 void reply_lseek(struct smb_request *req)
4858 connection_struct *conn = req->conn;
4864 START_PROFILE(SMBlseek);
4867 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4868 END_PROFILE(SMBlseek);
4872 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4874 if (!check_fsp(conn, req, fsp)) {
4878 flush_write_cache(fsp, SEEK_FLUSH);
4880 mode = SVAL(req->vwv+1, 0) & 3;
4881 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4882 startpos = (off_t)IVALS(req->vwv+2, 0);
4891 res = fsp->fh->pos + startpos;
4902 if (umode == SEEK_END) {
4903 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4904 if(errno == EINVAL) {
4905 off_t current_pos = startpos;
4907 if(fsp_stat(fsp) == -1) {
4909 map_nt_error_from_unix(errno));
4910 END_PROFILE(SMBlseek);
4914 current_pos += fsp->fsp_name->st.st_ex_size;
4916 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4921 reply_nterror(req, map_nt_error_from_unix(errno));
4922 END_PROFILE(SMBlseek);
4929 reply_outbuf(req, 2, 0);
4930 SIVAL(req->outbuf,smb_vwv0,res);
4932 DEBUG(3,("lseek %s ofs=%.0f newpos = %.0f mode=%d\n",
4933 fsp_fnum_dbg(fsp), (double)startpos, (double)res, mode));
4935 END_PROFILE(SMBlseek);
4939 /****************************************************************************
4941 ****************************************************************************/
4943 void reply_flush(struct smb_request *req)
4945 connection_struct *conn = req->conn;
4949 START_PROFILE(SMBflush);
4952 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4956 fnum = SVAL(req->vwv+0, 0);
4957 fsp = file_fsp(req, fnum);
4959 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4964 file_sync_all(conn);
4966 NTSTATUS status = sync_file(conn, fsp, True);
4967 if (!NT_STATUS_IS_OK(status)) {
4968 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4969 fsp_str_dbg(fsp), nt_errstr(status)));
4970 reply_nterror(req, status);
4971 END_PROFILE(SMBflush);
4976 reply_outbuf(req, 0, 0);
4978 DEBUG(3,("flush\n"));
4979 END_PROFILE(SMBflush);
4983 /****************************************************************************
4985 conn POINTER CAN BE NULL HERE !
4986 ****************************************************************************/
4988 void reply_exit(struct smb_request *req)
4990 START_PROFILE(SMBexit);
4992 file_close_pid(req->sconn, req->smbpid, req->vuid);
4994 reply_outbuf(req, 0, 0);
4996 DEBUG(3,("exit\n"));
4998 END_PROFILE(SMBexit);
5002 struct reply_close_state {
5004 struct smb_request *smbreq;
5007 static void do_smb1_close(struct tevent_req *req);
5009 void reply_close(struct smb_request *req)
5011 connection_struct *conn = req->conn;
5012 NTSTATUS status = NT_STATUS_OK;
5013 files_struct *fsp = NULL;
5014 START_PROFILE(SMBclose);
5017 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5018 END_PROFILE(SMBclose);
5022 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5025 * We can only use check_fsp if we know it's not a directory.
5028 if (!check_fsp_open(conn, req, fsp)) {
5029 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
5030 END_PROFILE(SMBclose);
5034 DEBUG(3, ("Close %s fd=%d %s (numopen=%d)\n",
5035 fsp->is_directory ? "directory" : "file",
5036 fsp->fh->fd, fsp_fnum_dbg(fsp),
5037 conn->num_files_open));
5039 if (!fsp->is_directory) {
5043 * Take care of any time sent in the close.
5046 t = srv_make_unix_date3(req->vwv+1);
5047 set_close_write_time(fsp, convert_time_t_to_timespec(t));
5050 if (fsp->num_aio_requests != 0) {
5052 struct reply_close_state *state;
5054 DEBUG(10, ("closing with aio %u requests pending\n",
5055 fsp->num_aio_requests));
5058 * We depend on the aio_extra destructor to take care of this
5059 * close request once fsp->num_aio_request drops to 0.
5062 fsp->deferred_close = tevent_wait_send(
5063 fsp, fsp->conn->sconn->ev_ctx);
5064 if (fsp->deferred_close == NULL) {
5065 status = NT_STATUS_NO_MEMORY;
5069 state = talloc(fsp, struct reply_close_state);
5070 if (state == NULL) {
5071 TALLOC_FREE(fsp->deferred_close);
5072 status = NT_STATUS_NO_MEMORY;
5076 state->smbreq = talloc_move(fsp, &req);
5077 tevent_req_set_callback(fsp->deferred_close, do_smb1_close,
5079 END_PROFILE(SMBclose);
5084 * close_file() returns the unix errno if an error was detected on
5085 * close - normally this is due to a disk full error. If not then it
5086 * was probably an I/O error.
5089 status = close_file(req, fsp, NORMAL_CLOSE);
5091 if (!NT_STATUS_IS_OK(status)) {
5092 reply_nterror(req, status);
5093 END_PROFILE(SMBclose);
5097 reply_outbuf(req, 0, 0);
5098 END_PROFILE(SMBclose);
5102 static void do_smb1_close(struct tevent_req *req)
5104 struct reply_close_state *state = tevent_req_callback_data(
5105 req, struct reply_close_state);
5106 struct smb_request *smbreq;
5110 ret = tevent_wait_recv(req);
5113 DEBUG(10, ("tevent_wait_recv returned %s\n",
5116 * Continue anyway, this should never happen
5121 * fsp->smb2_close_request right now is a talloc grandchild of
5122 * fsp. When we close_file(fsp), it would go with it. No chance to
5125 smbreq = talloc_move(talloc_tos(), &state->smbreq);
5127 status = close_file(smbreq, state->fsp, NORMAL_CLOSE);
5128 if (NT_STATUS_IS_OK(status)) {
5129 reply_outbuf(smbreq, 0, 0);
5131 reply_nterror(smbreq, status);
5133 if (!srv_send_smb(smbreq->sconn,
5134 (char *)smbreq->outbuf,
5137 IS_CONN_ENCRYPTED(smbreq->conn)||smbreq->encrypted,
5139 exit_server_cleanly("handle_aio_read_complete: srv_send_smb "
5142 TALLOC_FREE(smbreq);
5145 /****************************************************************************
5146 Reply to a writeclose (Core+ protocol).
5147 ****************************************************************************/
5149 void reply_writeclose(struct smb_request *req)
5151 connection_struct *conn = req->conn;
5153 ssize_t nwritten = -1;
5154 NTSTATUS close_status = NT_STATUS_OK;
5157 struct timespec mtime;
5159 struct lock_struct lock;
5161 START_PROFILE(SMBwriteclose);
5164 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5165 END_PROFILE(SMBwriteclose);
5169 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5171 if (!check_fsp(conn, req, fsp)) {
5172 END_PROFILE(SMBwriteclose);
5175 if (!CHECK_WRITE(fsp)) {
5176 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5177 END_PROFILE(SMBwriteclose);
5181 numtowrite = SVAL(req->vwv+1, 0);
5182 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
5183 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
5184 data = (const char *)req->buf + 1;
5186 if (!fsp->print_file) {
5187 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
5188 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
5191 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
5192 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
5193 END_PROFILE(SMBwriteclose);
5198 nwritten = write_file(req,fsp,data,startpos,numtowrite);
5200 set_close_write_time(fsp, mtime);
5203 * More insanity. W2K only closes the file if writelen > 0.
5208 DEBUG(3,("reply_writeclose: zero length write doesn't close "
5209 "file %s\n", fsp_str_dbg(fsp)));
5210 close_status = close_file(req, fsp, NORMAL_CLOSE);
5213 DEBUG(3,("writeclose %s num=%d wrote=%d (numopen=%d)\n",
5214 fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten,
5215 conn->num_files_open));
5217 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
5218 reply_nterror(req, NT_STATUS_DISK_FULL);
5222 if(!NT_STATUS_IS_OK(close_status)) {
5223 reply_nterror(req, close_status);
5227 reply_outbuf(req, 1, 0);
5229 SSVAL(req->outbuf,smb_vwv0,nwritten);
5232 if (numtowrite && !fsp->print_file) {
5233 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
5236 END_PROFILE(SMBwriteclose);
5241 #define DBGC_CLASS DBGC_LOCKING
5243 /****************************************************************************
5245 ****************************************************************************/
5247 void reply_lock(struct smb_request *req)
5249 connection_struct *conn = req->conn;
5250 uint64_t count,offset;
5253 struct byte_range_lock *br_lck = NULL;
5255 START_PROFILE(SMBlock);
5258 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5259 END_PROFILE(SMBlock);
5263 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5265 if (!check_fsp(conn, req, fsp)) {
5266 END_PROFILE(SMBlock);
5270 count = (uint64_t)IVAL(req->vwv+1, 0);
5271 offset = (uint64_t)IVAL(req->vwv+3, 0);
5273 DEBUG(3,("lock fd=%d %s offset=%.0f count=%.0f\n",
5274 fsp->fh->fd, fsp_fnum_dbg(fsp), (double)offset, (double)count));
5276 br_lck = do_lock(req->sconn->msg_ctx,
5278 (uint64_t)req->smbpid,
5283 False, /* Non-blocking lock. */
5288 TALLOC_FREE(br_lck);
5290 if (NT_STATUS_V(status)) {
5291 reply_nterror(req, status);
5292 END_PROFILE(SMBlock);
5296 reply_outbuf(req, 0, 0);
5298 END_PROFILE(SMBlock);
5302 /****************************************************************************
5304 ****************************************************************************/
5306 void reply_unlock(struct smb_request *req)
5308 connection_struct *conn = req->conn;
5309 uint64_t count,offset;
5313 START_PROFILE(SMBunlock);
5316 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5317 END_PROFILE(SMBunlock);
5321 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5323 if (!check_fsp(conn, req, fsp)) {
5324 END_PROFILE(SMBunlock);
5328 count = (uint64_t)IVAL(req->vwv+1, 0);
5329 offset = (uint64_t)IVAL(req->vwv+3, 0);
5331 status = do_unlock(req->sconn->msg_ctx,
5333 (uint64_t)req->smbpid,
5338 if (NT_STATUS_V(status)) {
5339 reply_nterror(req, status);
5340 END_PROFILE(SMBunlock);
5344 DEBUG( 3, ( "unlock fd=%d %s offset=%.0f count=%.0f\n",
5345 fsp->fh->fd, fsp_fnum_dbg(fsp), (double)offset, (double)count ) );
5347 reply_outbuf(req, 0, 0);
5349 END_PROFILE(SMBunlock);
5354 #define DBGC_CLASS DBGC_ALL
5356 /****************************************************************************
5358 conn POINTER CAN BE NULL HERE !
5359 ****************************************************************************/
5361 void reply_tdis(struct smb_request *req)
5364 connection_struct *conn = req->conn;
5365 struct smbXsrv_tcon *tcon;
5367 START_PROFILE(SMBtdis);
5370 DEBUG(4,("Invalid connection in tdis\n"));
5371 reply_force_doserror(req, ERRSRV, ERRinvnid);
5372 END_PROFILE(SMBtdis);
5380 * TODO: cancel all outstanding requests on the tcon
5382 status = smbXsrv_tcon_disconnect(tcon, req->vuid);
5383 if (!NT_STATUS_IS_OK(status)) {
5384 DEBUG(0, ("reply_tdis: "
5385 "smbXsrv_tcon_disconnect() failed: %s\n",
5386 nt_errstr(status)));
5388 * If we hit this case, there is something completely
5389 * wrong, so we better disconnect the transport connection.
5391 END_PROFILE(SMBtdis);
5392 exit_server(__location__ ": smbXsrv_tcon_disconnect failed");
5398 reply_outbuf(req, 0, 0);
5399 END_PROFILE(SMBtdis);
5403 /****************************************************************************
5405 conn POINTER CAN BE NULL HERE !
5406 ****************************************************************************/
5408 void reply_echo(struct smb_request *req)
5410 connection_struct *conn = req->conn;
5411 struct smb_perfcount_data local_pcd;
5412 struct smb_perfcount_data *cur_pcd;
5416 START_PROFILE(SMBecho);
5418 smb_init_perfcount_data(&local_pcd);
5421 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5422 END_PROFILE(SMBecho);
5426 smb_reverb = SVAL(req->vwv+0, 0);
5428 reply_outbuf(req, 1, req->buflen);
5430 /* copy any incoming data back out */
5431 if (req->buflen > 0) {
5432 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5435 if (smb_reverb > 100) {
5436 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5440 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5442 /* this makes sure we catch the request pcd */
5443 if (seq_num == smb_reverb) {
5444 cur_pcd = &req->pcd;
5446 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5447 cur_pcd = &local_pcd;
5450 SSVAL(req->outbuf,smb_vwv0,seq_num);
5452 show_msg((char *)req->outbuf);
5453 if (!srv_send_smb(req->sconn,
5454 (char *)req->outbuf,
5455 true, req->seqnum+1,
5456 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5458 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5461 DEBUG(3,("echo %d times\n", smb_reverb));
5463 TALLOC_FREE(req->outbuf);
5465 END_PROFILE(SMBecho);
5469 /****************************************************************************
5470 Reply to a printopen.
5471 ****************************************************************************/
5473 void reply_printopen(struct smb_request *req)
5475 connection_struct *conn = req->conn;
5479 START_PROFILE(SMBsplopen);
5482 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5483 END_PROFILE(SMBsplopen);
5487 if (!CAN_PRINT(conn)) {
5488 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5489 END_PROFILE(SMBsplopen);
5493 status = file_new(req, conn, &fsp);
5494 if(!NT_STATUS_IS_OK(status)) {
5495 reply_nterror(req, status);
5496 END_PROFILE(SMBsplopen);
5500 /* Open for exclusive use, write only. */
5501 status = print_spool_open(fsp, NULL, req->vuid);
5503 if (!NT_STATUS_IS_OK(status)) {
5504 file_free(req, fsp);
5505 reply_nterror(req, status);
5506 END_PROFILE(SMBsplopen);
5510 reply_outbuf(req, 1, 0);
5511 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5513 DEBUG(3,("openprint fd=%d %s\n",
5514 fsp->fh->fd, fsp_fnum_dbg(fsp)));
5516 END_PROFILE(SMBsplopen);
5520 /****************************************************************************
5521 Reply to a printclose.
5522 ****************************************************************************/
5524 void reply_printclose(struct smb_request *req)
5526 connection_struct *conn = req->conn;
5530 START_PROFILE(SMBsplclose);
5533 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5534 END_PROFILE(SMBsplclose);
5538 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5540 if (!check_fsp(conn, req, fsp)) {
5541 END_PROFILE(SMBsplclose);
5545 if (!CAN_PRINT(conn)) {
5546 reply_force_doserror(req, ERRSRV, ERRerror);
5547 END_PROFILE(SMBsplclose);
5551 DEBUG(3,("printclose fd=%d %s\n",
5552 fsp->fh->fd, fsp_fnum_dbg(fsp)));
5554 status = close_file(req, fsp, NORMAL_CLOSE);
5556 if(!NT_STATUS_IS_OK(status)) {
5557 reply_nterror(req, status);
5558 END_PROFILE(SMBsplclose);
5562 reply_outbuf(req, 0, 0);
5564 END_PROFILE(SMBsplclose);
5568 /****************************************************************************
5569 Reply to a printqueue.
5570 ****************************************************************************/
5572 void reply_printqueue(struct smb_request *req)
5574 connection_struct *conn = req->conn;
5578 START_PROFILE(SMBsplretq);
5581 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5582 END_PROFILE(SMBsplretq);
5586 max_count = SVAL(req->vwv+0, 0);
5587 start_index = SVAL(req->vwv+1, 0);
5589 /* we used to allow the client to get the cnum wrong, but that
5590 is really quite gross and only worked when there was only
5591 one printer - I think we should now only accept it if they
5592 get it right (tridge) */
5593 if (!CAN_PRINT(conn)) {
5594 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5595 END_PROFILE(SMBsplretq);
5599 reply_outbuf(req, 2, 3);
5600 SSVAL(req->outbuf,smb_vwv0,0);
5601 SSVAL(req->outbuf,smb_vwv1,0);
5602 SCVAL(smb_buf(req->outbuf),0,1);
5603 SSVAL(smb_buf(req->outbuf),1,0);
5605 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5606 start_index, max_count));
5609 TALLOC_CTX *mem_ctx = talloc_tos();
5612 const char *sharename = lp_servicename(mem_ctx, SNUM(conn));
5613 struct rpc_pipe_client *cli = NULL;
5614 struct dcerpc_binding_handle *b = NULL;
5615 struct policy_handle handle;
5616 struct spoolss_DevmodeContainer devmode_ctr;
5617 union spoolss_JobInfo *info;
5619 uint32_t num_to_get;
5623 ZERO_STRUCT(handle);
5625 status = rpc_pipe_open_interface(conn,
5626 &ndr_table_spoolss.syntax_id,
5628 conn->sconn->remote_address,
5629 conn->sconn->msg_ctx,
5631 if (!NT_STATUS_IS_OK(status)) {
5632 DEBUG(0, ("reply_printqueue: "
5633 "could not connect to spoolss: %s\n",
5634 nt_errstr(status)));
5635 reply_nterror(req, status);
5638 b = cli->binding_handle;
5640 ZERO_STRUCT(devmode_ctr);
5642 status = dcerpc_spoolss_OpenPrinter(b, mem_ctx,
5645 SEC_FLAG_MAXIMUM_ALLOWED,
5648 if (!NT_STATUS_IS_OK(status)) {
5649 reply_nterror(req, status);
5652 if (!W_ERROR_IS_OK(werr)) {
5653 reply_nterror(req, werror_to_ntstatus(werr));
5657 werr = rpccli_spoolss_enumjobs(cli, mem_ctx,
5665 if (!W_ERROR_IS_OK(werr)) {
5666 reply_nterror(req, werror_to_ntstatus(werr));
5670 if (max_count > 0) {
5671 first = start_index;
5673 first = start_index + max_count + 1;
5676 if (first >= count) {
5679 num_to_get = first + MIN(ABS(max_count), count - first);
5682 for (i = first; i < num_to_get; i++) {
5685 time_t qtime = spoolss_Time_to_time_t(&info[i].info2.submitted);
5687 uint16_t qrapjobid = pjobid_to_rap(sharename,
5688 info[i].info2.job_id);
5690 if (info[i].info2.status == JOB_STATUS_PRINTING) {
5696 srv_put_dos_date2(p, 0, qtime);
5697 SCVAL(p, 4, qstatus);
5698 SSVAL(p, 5, qrapjobid);
5699 SIVAL(p, 7, info[i].info2.size);
5701 srvstr_push(blob, req->flags2, p+12,
5702 info[i].info2.notify_name, 16, STR_ASCII);
5704 if (message_push_blob(
5707 blob, sizeof(blob))) == -1) {
5708 reply_nterror(req, NT_STATUS_NO_MEMORY);
5714 SSVAL(req->outbuf,smb_vwv0,count);
5715 SSVAL(req->outbuf,smb_vwv1,
5716 (max_count>0?first+count:first-1));
5717 SCVAL(smb_buf(req->outbuf),0,1);
5718 SSVAL(smb_buf(req->outbuf),1,28*count);
5722 DEBUG(3, ("%u entries returned in queue\n",
5726 if (b && is_valid_policy_hnd(&handle)) {
5727 dcerpc_spoolss_ClosePrinter(b, mem_ctx, &handle, &werr);
5732 END_PROFILE(SMBsplretq);
5736 /****************************************************************************
5737 Reply to a printwrite.
5738 ****************************************************************************/
5740 void reply_printwrite(struct smb_request *req)
5742 connection_struct *conn = req->conn;
5747 START_PROFILE(SMBsplwr);
5750 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5751 END_PROFILE(SMBsplwr);
5755 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5757 if (!check_fsp(conn, req, fsp)) {
5758 END_PROFILE(SMBsplwr);
5762 if (!fsp->print_file) {
5763 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5764 END_PROFILE(SMBsplwr);
5768 if (!CHECK_WRITE(fsp)) {
5769 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5770 END_PROFILE(SMBsplwr);
5774 numtowrite = SVAL(req->buf, 1);
5776 if (req->buflen < numtowrite + 3) {
5777 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5778 END_PROFILE(SMBsplwr);
5782 data = (const char *)req->buf + 3;
5784 if (write_file(req,fsp,data,(off_t)-1,numtowrite) != numtowrite) {
5785 reply_nterror(req, map_nt_error_from_unix(errno));
5786 END_PROFILE(SMBsplwr);
5790 DEBUG(3, ("printwrite %s num=%d\n", fsp_fnum_dbg(fsp), numtowrite));
5792 END_PROFILE(SMBsplwr);
5796 /****************************************************************************
5798 ****************************************************************************/
5800 void reply_mkdir(struct smb_request *req)
5802 connection_struct *conn = req->conn;
5803 struct smb_filename *smb_dname = NULL;
5804 char *directory = NULL;
5806 TALLOC_CTX *ctx = talloc_tos();
5808 START_PROFILE(SMBmkdir);
5810 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5811 STR_TERMINATE, &status);
5812 if (!NT_STATUS_IS_OK(status)) {
5813 reply_nterror(req, status);
5817 status = filename_convert(ctx, conn,
5818 req->flags2 & FLAGS2_DFS_PATHNAMES,
5823 if (!NT_STATUS_IS_OK(status)) {
5824 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5825 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5826 ERRSRV, ERRbadpath);
5829 reply_nterror(req, status);
5833 status = create_directory(conn, req, smb_dname);
5835 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5837 if (!NT_STATUS_IS_OK(status)) {
5839 if (!use_nt_status()
5840 && NT_STATUS_EQUAL(status,
5841 NT_STATUS_OBJECT_NAME_COLLISION)) {
5843 * Yes, in the DOS error code case we get a
5844 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5845 * samba4 torture test.
5847 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5850 reply_nterror(req, status);
5854 reply_outbuf(req, 0, 0);
5856 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5858 TALLOC_FREE(smb_dname);
5859 END_PROFILE(SMBmkdir);
5863 /****************************************************************************
5865 ****************************************************************************/
5867 void reply_rmdir(struct smb_request *req)
5869 connection_struct *conn = req->conn;
5870 struct smb_filename *smb_dname = NULL;
5871 char *directory = NULL;
5873 TALLOC_CTX *ctx = talloc_tos();
5874 files_struct *fsp = NULL;
5876 struct smbd_server_connection *sconn = req->sconn;
5878 START_PROFILE(SMBrmdir);
5880 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5881 STR_TERMINATE, &status);
5882 if (!NT_STATUS_IS_OK(status)) {
5883 reply_nterror(req, status);
5887 status = filename_convert(ctx, conn,
5888 req->flags2 & FLAGS2_DFS_PATHNAMES,
5893 if (!NT_STATUS_IS_OK(status)) {
5894 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5895 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5896 ERRSRV, ERRbadpath);
5899 reply_nterror(req, status);
5903 if (is_ntfs_stream_smb_fname(smb_dname)) {
5904 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5908 status = SMB_VFS_CREATE_FILE(
5911 0, /* root_dir_fid */
5912 smb_dname, /* fname */
5913 DELETE_ACCESS, /* access_mask */
5914 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5916 FILE_OPEN, /* create_disposition*/
5917 FILE_DIRECTORY_FILE, /* create_options */
5918 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5919 0, /* oplock_request */
5920 0, /* allocation_size */
5921 0, /* private_flags */
5927 if (!NT_STATUS_IS_OK(status)) {
5928 if (open_was_deferred(req->sconn, req->mid)) {
5929 /* We have re-scheduled this call. */
5932 reply_nterror(req, status);
5936 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5937 if (!NT_STATUS_IS_OK(status)) {
5938 close_file(req, fsp, ERROR_CLOSE);
5939 reply_nterror(req, status);
5943 if (!set_delete_on_close(fsp, true,
5944 conn->session_info->security_token,
5945 conn->session_info->unix_token)) {
5946 close_file(req, fsp, ERROR_CLOSE);
5947 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5951 status = close_file(req, fsp, NORMAL_CLOSE);
5952 if (!NT_STATUS_IS_OK(status)) {
5953 reply_nterror(req, status);
5955 reply_outbuf(req, 0, 0);
5958 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5960 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5962 TALLOC_FREE(smb_dname);
5963 END_PROFILE(SMBrmdir);
5967 /*******************************************************************
5968 Resolve wildcards in a filename rename.
5969 ********************************************************************/
5971 static bool resolve_wildcards(TALLOC_CTX *ctx,
5976 char *name2_copy = NULL;
5981 char *p,*p2, *pname1, *pname2;
5983 name2_copy = talloc_strdup(ctx, name2);
5988 pname1 = strrchr_m(name1,'/');
5989 pname2 = strrchr_m(name2_copy,'/');
5991 if (!pname1 || !pname2) {
5995 /* Truncate the copy of name2 at the last '/' */
5998 /* Now go past the '/' */
6002 root1 = talloc_strdup(ctx, pname1);
6003 root2 = talloc_strdup(ctx, pname2);
6005 if (!root1 || !root2) {
6009 p = strrchr_m(root1,'.');
6012 ext1 = talloc_strdup(ctx, p+1);
6014 ext1 = talloc_strdup(ctx, "");
6016 p = strrchr_m(root2,'.');
6019 ext2 = talloc_strdup(ctx, p+1);
6021 ext2 = talloc_strdup(ctx, "");
6024 if (!ext1 || !ext2) {
6032 /* Hmmm. Should this be mb-aware ? */
6035 } else if (*p2 == '*') {
6037 root2 = talloc_asprintf(ctx, "%s%s",
6056 /* Hmmm. Should this be mb-aware ? */
6059 } else if (*p2 == '*') {
6061 ext2 = talloc_asprintf(ctx, "%s%s",
6077 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
6082 *pp_newname = talloc_asprintf(ctx, "%s/%s",
6094 /****************************************************************************
6095 Ensure open files have their names updated. Updated to notify other smbd's
6097 ****************************************************************************/
6099 static void rename_open_files(connection_struct *conn,
6100 struct share_mode_lock *lck,
6101 uint32_t orig_name_hash,
6102 const struct smb_filename *smb_fname_dst)
6105 bool did_rename = False;
6107 uint32_t new_name_hash = 0;
6109 for(fsp = file_find_di_first(conn->sconn, lck->data->id); fsp;
6110 fsp = file_find_di_next(fsp)) {
6111 /* fsp_name is a relative path under the fsp. To change this for other
6112 sharepaths we need to manipulate relative paths. */
6113 /* TODO - create the absolute path and manipulate the newname
6114 relative to the sharepath. */
6115 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
6118 if (fsp->name_hash != orig_name_hash) {
6121 DEBUG(10, ("rename_open_files: renaming file %s "
6122 "(file_id %s) from %s -> %s\n", fsp_fnum_dbg(fsp),
6123 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
6124 smb_fname_str_dbg(smb_fname_dst)));
6126 status = fsp_set_smb_fname(fsp, smb_fname_dst);
6127 if (NT_STATUS_IS_OK(status)) {
6129 new_name_hash = fsp->name_hash;
6134 DEBUG(10, ("rename_open_files: no open files on file_id %s "
6135 "for %s\n", file_id_string_tos(&lck->data->id),
6136 smb_fname_str_dbg(smb_fname_dst)));
6139 /* Send messages to all smbd's (not ourself) that the name has changed. */
6140 rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
6141 orig_name_hash, new_name_hash,
6146 /****************************************************************************
6147 We need to check if the source path is a parent directory of the destination
6148 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
6149 refuse the rename with a sharing violation. Under UNIX the above call can
6150 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
6151 probably need to check that the client is a Windows one before disallowing
6152 this as a UNIX client (one with UNIX extensions) can know the source is a
6153 symlink and make this decision intelligently. Found by an excellent bug
6154 report from <AndyLiebman@aol.com>.
6155 ****************************************************************************/
6157 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
6158 const struct smb_filename *smb_fname_dst)
6160 const char *psrc = smb_fname_src->base_name;
6161 const char *pdst = smb_fname_dst->base_name;
6164 if (psrc[0] == '.' && psrc[1] == '/') {
6167 if (pdst[0] == '.' && pdst[1] == '/') {
6170 if ((slen = strlen(psrc)) > strlen(pdst)) {
6173 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
6177 * Do the notify calls from a rename
6180 static void notify_rename(connection_struct *conn, bool is_dir,
6181 const struct smb_filename *smb_fname_src,
6182 const struct smb_filename *smb_fname_dst)
6184 char *parent_dir_src = NULL;
6185 char *parent_dir_dst = NULL;
6188 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
6189 : FILE_NOTIFY_CHANGE_FILE_NAME;
6191 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
6192 &parent_dir_src, NULL) ||
6193 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
6194 &parent_dir_dst, NULL)) {
6198 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
6199 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
6200 smb_fname_src->base_name);
6201 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
6202 smb_fname_dst->base_name);
6205 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
6206 smb_fname_src->base_name);
6207 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
6208 smb_fname_dst->base_name);
6211 /* this is a strange one. w2k3 gives an additional event for
6212 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
6213 files, but not directories */
6215 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
6216 FILE_NOTIFY_CHANGE_ATTRIBUTES
6217 |FILE_NOTIFY_CHANGE_CREATION,
6218 smb_fname_dst->base_name);
6221 TALLOC_FREE(parent_dir_src);
6222 TALLOC_FREE(parent_dir_dst);
6225 /****************************************************************************
6226 Returns an error if the parent directory for a filename is open in an
6228 ****************************************************************************/
6230 static NTSTATUS parent_dirname_compatible_open(connection_struct *conn,
6231 const struct smb_filename *smb_fname_dst_in)
6233 char *parent_dir = NULL;
6234 struct smb_filename smb_fname_parent;
6236 files_struct *fsp = NULL;
6239 if (!parent_dirname(talloc_tos(), smb_fname_dst_in->base_name,
6240 &parent_dir, NULL)) {
6241 return NT_STATUS_NO_MEMORY;
6243 ZERO_STRUCT(smb_fname_parent);
6244 smb_fname_parent.base_name = parent_dir;
6246 ret = SMB_VFS_LSTAT(conn, &smb_fname_parent);
6248 return map_nt_error_from_unix(errno);
6252 * We're only checking on this smbd here, mostly good
6253 * enough.. and will pass tests.
6256 id = vfs_file_id_from_sbuf(conn, &smb_fname_parent.st);
6257 for (fsp = file_find_di_first(conn->sconn, id); fsp;
6258 fsp = file_find_di_next(fsp)) {
6259 if (fsp->access_mask & DELETE_ACCESS) {
6260 return NT_STATUS_SHARING_VIOLATION;
6263 return NT_STATUS_OK;
6266 /****************************************************************************
6267 Rename an open file - given an fsp.
6268 ****************************************************************************/
6270 NTSTATUS rename_internals_fsp(connection_struct *conn,
6272 const struct smb_filename *smb_fname_dst_in,
6274 bool replace_if_exists)
6276 TALLOC_CTX *ctx = talloc_tos();
6277 struct smb_filename *smb_fname_dst = NULL;
6278 NTSTATUS status = NT_STATUS_OK;
6279 struct share_mode_lock *lck = NULL;
6280 bool dst_exists, old_is_stream, new_is_stream;
6282 status = check_name(conn, smb_fname_dst_in->base_name);
6283 if (!NT_STATUS_IS_OK(status)) {
6287 status = parent_dirname_compatible_open(conn, smb_fname_dst_in);
6288 if (!NT_STATUS_IS_OK(status)) {
6292 /* Make a copy of the dst smb_fname structs */
6294 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
6295 if (!NT_STATUS_IS_OK(status)) {
6300 * Check for special case with case preserving and not
6301 * case sensitive. If the old last component differs from the original
6302 * last component only by case, then we should allow
6303 * the rename (user is trying to change the case of the
6306 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
6307 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6308 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
6310 char *fname_dst_lcomp_base_mod = NULL;
6311 struct smb_filename *smb_fname_orig_lcomp = NULL;
6314 * Get the last component of the destination name.
6316 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
6318 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
6320 fname_dst_lcomp_base_mod = talloc_strdup(ctx, smb_fname_dst->base_name);
6322 if (!fname_dst_lcomp_base_mod) {
6323 status = NT_STATUS_NO_MEMORY;
6328 * Create an smb_filename struct using the original last
6329 * component of the destination.
6331 status = create_synthetic_smb_fname_split(ctx,
6332 smb_fname_dst->original_lcomp, NULL,
6333 &smb_fname_orig_lcomp);
6334 if (!NT_STATUS_IS_OK(status)) {
6335 TALLOC_FREE(fname_dst_lcomp_base_mod);
6339 /* If the base names only differ by case, use original. */
6340 if(!strcsequal(fname_dst_lcomp_base_mod,
6341 smb_fname_orig_lcomp->base_name)) {
6344 * Replace the modified last component with the
6348 *last_slash = '\0'; /* Truncate at the '/' */
6349 tmp = talloc_asprintf(smb_fname_dst,
6351 smb_fname_dst->base_name,
6352 smb_fname_orig_lcomp->base_name);
6354 tmp = talloc_asprintf(smb_fname_dst,
6356 smb_fname_orig_lcomp->base_name);
6359 status = NT_STATUS_NO_MEMORY;
6360 TALLOC_FREE(fname_dst_lcomp_base_mod);
6361 TALLOC_FREE(smb_fname_orig_lcomp);
6364 TALLOC_FREE(smb_fname_dst->base_name);
6365 smb_fname_dst->base_name = tmp;
6368 /* If the stream_names only differ by case, use original. */
6369 if(!strcsequal(smb_fname_dst->stream_name,
6370 smb_fname_orig_lcomp->stream_name)) {
6372 /* Use the original stream. */
6373 tmp = talloc_strdup(smb_fname_dst,
6374 smb_fname_orig_lcomp->stream_name);
6376 status = NT_STATUS_NO_MEMORY;
6377 TALLOC_FREE(fname_dst_lcomp_base_mod);
6378 TALLOC_FREE(smb_fname_orig_lcomp);
6381 TALLOC_FREE(smb_fname_dst->stream_name);
6382 smb_fname_dst->stream_name = tmp;
6384 TALLOC_FREE(fname_dst_lcomp_base_mod);
6385 TALLOC_FREE(smb_fname_orig_lcomp);
6389 * If the src and dest names are identical - including case,
6390 * don't do the rename, just return success.
6393 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6394 strcsequal(fsp->fsp_name->stream_name,
6395 smb_fname_dst->stream_name)) {
6396 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
6397 "- returning success\n",
6398 smb_fname_str_dbg(smb_fname_dst)));
6399 status = NT_STATUS_OK;
6403 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
6404 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
6406 /* Return the correct error code if both names aren't streams. */
6407 if (!old_is_stream && new_is_stream) {
6408 status = NT_STATUS_OBJECT_NAME_INVALID;
6412 if (old_is_stream && !new_is_stream) {
6413 status = NT_STATUS_INVALID_PARAMETER;
6417 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6419 if(!replace_if_exists && dst_exists) {
6420 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6421 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6422 smb_fname_str_dbg(smb_fname_dst)));
6423 status = NT_STATUS_OBJECT_NAME_COLLISION;
6428 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6429 &smb_fname_dst->st);
6430 files_struct *dst_fsp = file_find_di_first(conn->sconn,
6432 /* The file can be open when renaming a stream */
6433 if (dst_fsp && !new_is_stream) {
6434 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6435 status = NT_STATUS_ACCESS_DENIED;
6440 /* Ensure we have a valid stat struct for the source. */
6441 status = vfs_stat_fsp(fsp);
6442 if (!NT_STATUS_IS_OK(status)) {
6446 status = can_rename(conn, fsp, attrs);
6448 if (!NT_STATUS_IS_OK(status)) {
6449 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6450 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6451 smb_fname_str_dbg(smb_fname_dst)));
6452 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6453 status = NT_STATUS_ACCESS_DENIED;
6457 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6458 status = NT_STATUS_ACCESS_DENIED;
6461 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
6464 * We have the file open ourselves, so not being able to get the
6465 * corresponding share mode lock is a fatal error.
6468 SMB_ASSERT(lck != NULL);
6470 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6471 uint32 create_options = fsp->fh->private_options;
6473 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6474 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6475 smb_fname_str_dbg(smb_fname_dst)));
6477 if (!fsp->is_directory &&
6478 !lp_posix_pathnames() &&
6479 (lp_map_archive(SNUM(conn)) ||
6480 lp_store_dos_attributes(SNUM(conn)))) {
6481 /* We must set the archive bit on the newly
6483 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
6484 uint32_t old_dosmode = dos_mode(conn,
6486 file_set_dosmode(conn,
6488 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
6494 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6497 rename_open_files(conn, lck, fsp->name_hash, smb_fname_dst);
6500 * A rename acts as a new file create w.r.t. allowing an initial delete
6501 * on close, probably because in Windows there is a new handle to the
6502 * new file. If initial delete on close was requested but not
6503 * originally set, we need to set it here. This is probably not 100% correct,
6504 * but will work for the CIFSFS client which in non-posix mode
6505 * depends on these semantics. JRA.
6508 if (create_options & FILE_DELETE_ON_CLOSE) {
6509 status = can_set_delete_on_close(fsp, 0);
6511 if (NT_STATUS_IS_OK(status)) {
6512 /* Note that here we set the *inital* delete on close flag,
6513 * not the regular one. The magic gets handled in close. */
6514 fsp->initial_delete_on_close = True;
6518 status = NT_STATUS_OK;
6524 if (errno == ENOTDIR || errno == EISDIR) {
6525 status = NT_STATUS_OBJECT_NAME_COLLISION;
6527 status = map_nt_error_from_unix(errno);
6530 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6531 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6532 smb_fname_str_dbg(smb_fname_dst)));
6535 TALLOC_FREE(smb_fname_dst);
6540 /****************************************************************************
6541 The guts of the rename command, split out so it may be called by the NT SMB
6543 ****************************************************************************/
6545 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6546 connection_struct *conn,
6547 struct smb_request *req,
6548 struct smb_filename *smb_fname_src,
6549 struct smb_filename *smb_fname_dst,
6551 bool replace_if_exists,
6554 uint32_t access_mask)
6556 char *fname_src_dir = NULL;
6557 char *fname_src_mask = NULL;
6559 NTSTATUS status = NT_STATUS_OK;
6560 struct smb_Dir *dir_hnd = NULL;
6561 const char *dname = NULL;
6562 char *talloced = NULL;
6564 int create_options = 0;
6565 bool posix_pathnames = lp_posix_pathnames();
6569 * Split the old name into directory and last component
6570 * strings. Note that unix_convert may have stripped off a
6571 * leading ./ from both name and newname if the rename is
6572 * at the root of the share. We need to make sure either both
6573 * name and newname contain a / character or neither of them do
6574 * as this is checked in resolve_wildcards().
6577 /* Split up the directory from the filename/mask. */
6578 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6579 &fname_src_dir, &fname_src_mask);
6580 if (!NT_STATUS_IS_OK(status)) {
6581 status = NT_STATUS_NO_MEMORY;
6586 * We should only check the mangled cache
6587 * here if unix_convert failed. This means
6588 * that the path in 'mask' doesn't exist
6589 * on the file system and so we need to look
6590 * for a possible mangle. This patch from
6591 * Tine Smukavec <valentin.smukavec@hermes.si>.
6594 if (!VALID_STAT(smb_fname_src->st) &&
6595 mangle_is_mangled(fname_src_mask, conn->params)) {
6596 char *new_mask = NULL;
6597 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6600 TALLOC_FREE(fname_src_mask);
6601 fname_src_mask = new_mask;
6605 if (!src_has_wild) {
6609 * Only one file needs to be renamed. Append the mask back
6610 * onto the directory.
6612 TALLOC_FREE(smb_fname_src->base_name);
6613 if (ISDOT(fname_src_dir)) {
6614 /* Ensure we use canonical names on open. */
6615 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6619 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6624 if (!smb_fname_src->base_name) {
6625 status = NT_STATUS_NO_MEMORY;
6629 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6630 "case_preserve = %d, short case preserve = %d, "
6631 "directory = %s, newname = %s, "
6632 "last_component_dest = %s\n",
6633 conn->case_sensitive, conn->case_preserve,
6634 conn->short_case_preserve,
6635 smb_fname_str_dbg(smb_fname_src),
6636 smb_fname_str_dbg(smb_fname_dst),
6637 smb_fname_dst->original_lcomp));
6639 /* The dest name still may have wildcards. */
6640 if (dest_has_wild) {
6641 char *fname_dst_mod = NULL;
6642 if (!resolve_wildcards(smb_fname_dst,
6643 smb_fname_src->base_name,
6644 smb_fname_dst->base_name,
6646 DEBUG(6, ("rename_internals: resolve_wildcards "
6648 smb_fname_src->base_name,
6649 smb_fname_dst->base_name));
6650 status = NT_STATUS_NO_MEMORY;
6653 TALLOC_FREE(smb_fname_dst->base_name);
6654 smb_fname_dst->base_name = fname_dst_mod;
6657 ZERO_STRUCT(smb_fname_src->st);
6658 if (posix_pathnames) {
6659 rc = SMB_VFS_LSTAT(conn, smb_fname_src);
6661 rc = SMB_VFS_STAT(conn, smb_fname_src);
6664 status = map_nt_error_from_unix_common(errno);
6668 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6669 create_options |= FILE_DIRECTORY_FILE;
6672 status = SMB_VFS_CREATE_FILE(
6675 0, /* root_dir_fid */
6676 smb_fname_src, /* fname */
6677 access_mask, /* access_mask */
6678 (FILE_SHARE_READ | /* share_access */
6680 FILE_OPEN, /* create_disposition*/
6681 create_options, /* create_options */
6682 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6683 0, /* oplock_request */
6684 0, /* allocation_size */
6685 0, /* private_flags */
6691 if (!NT_STATUS_IS_OK(status)) {
6692 DEBUG(3, ("Could not open rename source %s: %s\n",
6693 smb_fname_str_dbg(smb_fname_src),
6694 nt_errstr(status)));
6698 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6699 attrs, replace_if_exists);
6701 close_file(req, fsp, NORMAL_CLOSE);
6703 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6704 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6705 smb_fname_str_dbg(smb_fname_dst)));
6711 * Wildcards - process each file that matches.
6713 if (strequal(fname_src_mask, "????????.???")) {
6714 TALLOC_FREE(fname_src_mask);
6715 fname_src_mask = talloc_strdup(ctx, "*");
6716 if (!fname_src_mask) {
6717 status = NT_STATUS_NO_MEMORY;
6722 status = check_name(conn, fname_src_dir);
6723 if (!NT_STATUS_IS_OK(status)) {
6727 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6729 if (dir_hnd == NULL) {
6730 status = map_nt_error_from_unix(errno);
6734 status = NT_STATUS_NO_SUCH_FILE;
6736 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6737 * - gentest fix. JRA
6740 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6742 files_struct *fsp = NULL;
6743 char *destname = NULL;
6744 bool sysdir_entry = False;
6746 /* Quick check for "." and ".." */
6747 if (ISDOT(dname) || ISDOTDOT(dname)) {
6748 if (attrs & FILE_ATTRIBUTE_DIRECTORY) {
6749 sysdir_entry = True;
6751 TALLOC_FREE(talloced);
6756 if (!is_visible_file(conn, fname_src_dir, dname,
6757 &smb_fname_src->st, false)) {
6758 TALLOC_FREE(talloced);
6762 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6763 TALLOC_FREE(talloced);
6768 status = NT_STATUS_OBJECT_NAME_INVALID;
6772 TALLOC_FREE(smb_fname_src->base_name);
6773 if (ISDOT(fname_src_dir)) {
6774 /* Ensure we use canonical names on open. */
6775 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6779 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6784 if (!smb_fname_src->base_name) {
6785 status = NT_STATUS_NO_MEMORY;
6789 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6790 smb_fname_dst->base_name,
6792 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6793 smb_fname_src->base_name, destname));
6794 TALLOC_FREE(talloced);
6798 status = NT_STATUS_NO_MEMORY;
6802 TALLOC_FREE(smb_fname_dst->base_name);
6803 smb_fname_dst->base_name = destname;
6805 ZERO_STRUCT(smb_fname_src->st);
6806 if (posix_pathnames) {
6807 SMB_VFS_LSTAT(conn, smb_fname_src);
6809 SMB_VFS_STAT(conn, smb_fname_src);
6814 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6815 create_options |= FILE_DIRECTORY_FILE;
6818 status = SMB_VFS_CREATE_FILE(
6821 0, /* root_dir_fid */
6822 smb_fname_src, /* fname */
6823 access_mask, /* access_mask */
6824 (FILE_SHARE_READ | /* share_access */
6826 FILE_OPEN, /* create_disposition*/
6827 create_options, /* create_options */
6828 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6829 0, /* oplock_request */
6830 0, /* allocation_size */
6831 0, /* private_flags */
6837 if (!NT_STATUS_IS_OK(status)) {
6838 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6839 "returned %s rename %s -> %s\n",
6841 smb_fname_str_dbg(smb_fname_src),
6842 smb_fname_str_dbg(smb_fname_dst)));
6846 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6848 if (!smb_fname_dst->original_lcomp) {
6849 status = NT_STATUS_NO_MEMORY;
6853 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6854 attrs, replace_if_exists);
6856 close_file(req, fsp, NORMAL_CLOSE);
6858 if (!NT_STATUS_IS_OK(status)) {
6859 DEBUG(3, ("rename_internals_fsp returned %s for "
6860 "rename %s -> %s\n", nt_errstr(status),
6861 smb_fname_str_dbg(smb_fname_src),
6862 smb_fname_str_dbg(smb_fname_dst)));
6868 DEBUG(3,("rename_internals: doing rename on %s -> "
6869 "%s\n", smb_fname_str_dbg(smb_fname_src),
6870 smb_fname_str_dbg(smb_fname_src)));
6871 TALLOC_FREE(talloced);
6873 TALLOC_FREE(dir_hnd);
6875 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6876 status = map_nt_error_from_unix(errno);
6880 TALLOC_FREE(talloced);
6881 TALLOC_FREE(fname_src_dir);
6882 TALLOC_FREE(fname_src_mask);
6886 /****************************************************************************
6888 ****************************************************************************/
6890 void reply_mv(struct smb_request *req)
6892 connection_struct *conn = req->conn;
6894 char *newname = NULL;
6898 bool src_has_wcard = False;
6899 bool dest_has_wcard = False;
6900 TALLOC_CTX *ctx = talloc_tos();
6901 struct smb_filename *smb_fname_src = NULL;
6902 struct smb_filename *smb_fname_dst = NULL;
6903 uint32_t src_ucf_flags = lp_posix_pathnames() ? UCF_UNIX_NAME_LOOKUP : UCF_COND_ALLOW_WCARD_LCOMP;
6904 uint32_t dst_ucf_flags = UCF_SAVE_LCOMP | (lp_posix_pathnames() ? 0 : UCF_COND_ALLOW_WCARD_LCOMP);
6905 bool stream_rename = false;
6907 START_PROFILE(SMBmv);
6910 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6914 attrs = SVAL(req->vwv+0, 0);
6916 p = (const char *)req->buf + 1;
6917 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6918 &status, &src_has_wcard);
6919 if (!NT_STATUS_IS_OK(status)) {
6920 reply_nterror(req, status);
6924 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6925 &status, &dest_has_wcard);
6926 if (!NT_STATUS_IS_OK(status)) {
6927 reply_nterror(req, status);
6931 if (!lp_posix_pathnames()) {
6932 /* The newname must begin with a ':' if the
6933 name contains a ':'. */
6934 if (strchr_m(name, ':')) {
6935 if (newname[0] != ':') {
6936 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6939 stream_rename = true;
6943 status = filename_convert(ctx,
6945 req->flags2 & FLAGS2_DFS_PATHNAMES,
6951 if (!NT_STATUS_IS_OK(status)) {
6952 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6953 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6954 ERRSRV, ERRbadpath);
6957 reply_nterror(req, status);
6961 status = filename_convert(ctx,
6963 req->flags2 & FLAGS2_DFS_PATHNAMES,
6969 if (!NT_STATUS_IS_OK(status)) {
6970 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6971 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6972 ERRSRV, ERRbadpath);
6975 reply_nterror(req, status);
6979 if (stream_rename) {
6980 /* smb_fname_dst->base_name must be the same as
6981 smb_fname_src->base_name. */
6982 TALLOC_FREE(smb_fname_dst->base_name);
6983 smb_fname_dst->base_name = talloc_strdup(smb_fname_dst,
6984 smb_fname_src->base_name);
6985 if (!smb_fname_dst->base_name) {
6986 reply_nterror(req, NT_STATUS_NO_MEMORY);
6991 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6992 smb_fname_str_dbg(smb_fname_dst)));
6994 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6995 attrs, False, src_has_wcard, dest_has_wcard,
6997 if (!NT_STATUS_IS_OK(status)) {
6998 if (open_was_deferred(req->sconn, req->mid)) {
6999 /* We have re-scheduled this call. */
7002 reply_nterror(req, status);
7006 reply_outbuf(req, 0, 0);
7008 TALLOC_FREE(smb_fname_src);
7009 TALLOC_FREE(smb_fname_dst);
7014 /*******************************************************************
7015 Copy a file as part of a reply_copy.
7016 ******************************************************************/
7019 * TODO: check error codes on all callers
7022 NTSTATUS copy_file(TALLOC_CTX *ctx,
7023 connection_struct *conn,
7024 struct smb_filename *smb_fname_src,
7025 struct smb_filename *smb_fname_dst,
7028 bool target_is_directory)
7030 struct smb_filename *smb_fname_dst_tmp = NULL;
7032 files_struct *fsp1,*fsp2;
7034 uint32 new_create_disposition;
7038 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
7039 if (!NT_STATUS_IS_OK(status)) {
7044 * If the target is a directory, extract the last component from the
7045 * src filename and append it to the dst filename
7047 if (target_is_directory) {
7050 /* dest/target can't be a stream if it's a directory. */
7051 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
7053 p = strrchr_m(smb_fname_src->base_name,'/');
7057 p = smb_fname_src->base_name;
7059 smb_fname_dst_tmp->base_name =
7060 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
7062 if (!smb_fname_dst_tmp->base_name) {
7063 status = NT_STATUS_NO_MEMORY;
7068 status = vfs_file_exist(conn, smb_fname_src);
7069 if (!NT_STATUS_IS_OK(status)) {
7073 if (!target_is_directory && count) {
7074 new_create_disposition = FILE_OPEN;
7076 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp->base_name,
7079 &new_create_disposition,
7082 status = NT_STATUS_INVALID_PARAMETER;
7087 /* Open the src file for reading. */
7088 status = SMB_VFS_CREATE_FILE(
7091 0, /* root_dir_fid */
7092 smb_fname_src, /* fname */
7093 FILE_GENERIC_READ, /* access_mask */
7094 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
7095 FILE_OPEN, /* create_disposition*/
7096 0, /* create_options */
7097 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
7098 INTERNAL_OPEN_ONLY, /* oplock_request */
7099 0, /* allocation_size */
7100 0, /* private_flags */
7106 if (!NT_STATUS_IS_OK(status)) {
7110 dosattrs = dos_mode(conn, smb_fname_src);
7112 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
7113 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
7116 /* Open the dst file for writing. */
7117 status = SMB_VFS_CREATE_FILE(
7120 0, /* root_dir_fid */
7121 smb_fname_dst, /* fname */
7122 FILE_GENERIC_WRITE, /* access_mask */
7123 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
7124 new_create_disposition, /* create_disposition*/
7125 0, /* create_options */
7126 dosattrs, /* file_attributes */
7127 INTERNAL_OPEN_ONLY, /* oplock_request */
7128 0, /* allocation_size */
7129 0, /* private_flags */
7135 if (!NT_STATUS_IS_OK(status)) {
7136 close_file(NULL, fsp1, ERROR_CLOSE);
7140 if (ofun & OPENX_FILE_EXISTS_OPEN) {
7141 ret = SMB_VFS_LSEEK(fsp2, 0, SEEK_END);
7143 DEBUG(0, ("error - vfs lseek returned error %s\n",
7145 status = map_nt_error_from_unix(errno);
7146 close_file(NULL, fsp1, ERROR_CLOSE);
7147 close_file(NULL, fsp2, ERROR_CLOSE);
7152 /* Do the actual copy. */
7153 if (smb_fname_src->st.st_ex_size) {
7154 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
7159 close_file(NULL, fsp1, NORMAL_CLOSE);
7161 /* Ensure the modtime is set correctly on the destination file. */
7162 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
7165 * As we are opening fsp1 read-only we only expect
7166 * an error on close on fsp2 if we are out of space.
7167 * Thus we don't look at the error return from the
7170 status = close_file(NULL, fsp2, NORMAL_CLOSE);
7172 if (!NT_STATUS_IS_OK(status)) {
7176 if (ret != (off_t)smb_fname_src->st.st_ex_size) {
7177 status = NT_STATUS_DISK_FULL;
7181 status = NT_STATUS_OK;
7184 TALLOC_FREE(smb_fname_dst_tmp);
7188 /****************************************************************************
7189 Reply to a file copy.
7190 ****************************************************************************/
7192 void reply_copy(struct smb_request *req)
7194 connection_struct *conn = req->conn;
7195 struct smb_filename *smb_fname_src = NULL;
7196 struct smb_filename *smb_fname_dst = NULL;
7197 char *fname_src = NULL;
7198 char *fname_dst = NULL;
7199 char *fname_src_mask = NULL;
7200 char *fname_src_dir = NULL;
7203 int error = ERRnoaccess;
7207 bool target_is_directory=False;
7208 bool source_has_wild = False;
7209 bool dest_has_wild = False;
7211 TALLOC_CTX *ctx = talloc_tos();
7213 START_PROFILE(SMBcopy);
7216 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7220 tid2 = SVAL(req->vwv+0, 0);
7221 ofun = SVAL(req->vwv+1, 0);
7222 flags = SVAL(req->vwv+2, 0);
7224 p = (const char *)req->buf;
7225 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
7226 &status, &source_has_wild);
7227 if (!NT_STATUS_IS_OK(status)) {
7228 reply_nterror(req, status);
7231 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
7232 &status, &dest_has_wild);
7233 if (!NT_STATUS_IS_OK(status)) {
7234 reply_nterror(req, status);
7238 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
7240 if (tid2 != conn->cnum) {
7241 /* can't currently handle inter share copies XXXX */
7242 DEBUG(3,("Rejecting inter-share copy\n"));
7243 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
7247 status = filename_convert(ctx, conn,
7248 req->flags2 & FLAGS2_DFS_PATHNAMES,
7250 UCF_COND_ALLOW_WCARD_LCOMP,
7253 if (!NT_STATUS_IS_OK(status)) {
7254 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
7255 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
7256 ERRSRV, ERRbadpath);
7259 reply_nterror(req, status);
7263 status = filename_convert(ctx, conn,
7264 req->flags2 & FLAGS2_DFS_PATHNAMES,
7266 UCF_COND_ALLOW_WCARD_LCOMP,
7269 if (!NT_STATUS_IS_OK(status)) {
7270 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
7271 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
7272 ERRSRV, ERRbadpath);
7275 reply_nterror(req, status);
7279 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
7281 if ((flags&1) && target_is_directory) {
7282 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
7286 if ((flags&2) && !target_is_directory) {
7287 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
7291 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
7292 /* wants a tree copy! XXXX */
7293 DEBUG(3,("Rejecting tree copy\n"));
7294 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7298 /* Split up the directory from the filename/mask. */
7299 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
7300 &fname_src_dir, &fname_src_mask);
7301 if (!NT_STATUS_IS_OK(status)) {
7302 reply_nterror(req, NT_STATUS_NO_MEMORY);
7307 * We should only check the mangled cache
7308 * here if unix_convert failed. This means
7309 * that the path in 'mask' doesn't exist
7310 * on the file system and so we need to look
7311 * for a possible mangle. This patch from
7312 * Tine Smukavec <valentin.smukavec@hermes.si>.
7314 if (!VALID_STAT(smb_fname_src->st) &&
7315 mangle_is_mangled(fname_src_mask, conn->params)) {
7316 char *new_mask = NULL;
7317 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
7318 &new_mask, conn->params);
7320 /* Use demangled name if one was successfully found. */
7322 TALLOC_FREE(fname_src_mask);
7323 fname_src_mask = new_mask;
7327 if (!source_has_wild) {
7330 * Only one file needs to be copied. Append the mask back onto
7333 TALLOC_FREE(smb_fname_src->base_name);
7334 if (ISDOT(fname_src_dir)) {
7335 /* Ensure we use canonical names on open. */
7336 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7340 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7345 if (!smb_fname_src->base_name) {
7346 reply_nterror(req, NT_STATUS_NO_MEMORY);
7350 if (dest_has_wild) {
7351 char *fname_dst_mod = NULL;
7352 if (!resolve_wildcards(smb_fname_dst,
7353 smb_fname_src->base_name,
7354 smb_fname_dst->base_name,
7356 reply_nterror(req, NT_STATUS_NO_MEMORY);
7359 TALLOC_FREE(smb_fname_dst->base_name);
7360 smb_fname_dst->base_name = fname_dst_mod;
7363 status = check_name(conn, smb_fname_src->base_name);
7364 if (!NT_STATUS_IS_OK(status)) {
7365 reply_nterror(req, status);
7369 status = check_name(conn, smb_fname_dst->base_name);
7370 if (!NT_STATUS_IS_OK(status)) {
7371 reply_nterror(req, status);
7375 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
7376 ofun, count, target_is_directory);
7378 if(!NT_STATUS_IS_OK(status)) {
7379 reply_nterror(req, status);
7385 struct smb_Dir *dir_hnd = NULL;
7386 const char *dname = NULL;
7387 char *talloced = NULL;
7391 * There is a wildcard that requires us to actually read the
7392 * src dir and copy each file matching the mask to the dst.
7393 * Right now streams won't be copied, but this could
7394 * presumably be added with a nested loop for reach dir entry.
7396 SMB_ASSERT(!smb_fname_src->stream_name);
7397 SMB_ASSERT(!smb_fname_dst->stream_name);
7399 smb_fname_src->stream_name = NULL;
7400 smb_fname_dst->stream_name = NULL;
7402 if (strequal(fname_src_mask,"????????.???")) {
7403 TALLOC_FREE(fname_src_mask);
7404 fname_src_mask = talloc_strdup(ctx, "*");
7405 if (!fname_src_mask) {
7406 reply_nterror(req, NT_STATUS_NO_MEMORY);
7411 status = check_name(conn, fname_src_dir);
7412 if (!NT_STATUS_IS_OK(status)) {
7413 reply_nterror(req, status);
7417 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
7418 if (dir_hnd == NULL) {
7419 status = map_nt_error_from_unix(errno);
7420 reply_nterror(req, status);
7426 /* Iterate over the src dir copying each entry to the dst. */
7427 while ((dname = ReadDirName(dir_hnd, &offset,
7428 &smb_fname_src->st, &talloced))) {
7429 char *destname = NULL;
7431 if (ISDOT(dname) || ISDOTDOT(dname)) {
7432 TALLOC_FREE(talloced);
7436 if (!is_visible_file(conn, fname_src_dir, dname,
7437 &smb_fname_src->st, false)) {
7438 TALLOC_FREE(talloced);
7442 if(!mask_match(dname, fname_src_mask,
7443 conn->case_sensitive)) {
7444 TALLOC_FREE(talloced);
7448 error = ERRnoaccess;
7450 /* Get the src smb_fname struct setup. */
7451 TALLOC_FREE(smb_fname_src->base_name);
7452 if (ISDOT(fname_src_dir)) {
7453 /* Ensure we use canonical names on open. */
7454 smb_fname_src->base_name =
7455 talloc_asprintf(smb_fname_src, "%s",
7458 smb_fname_src->base_name =
7459 talloc_asprintf(smb_fname_src, "%s/%s",
7460 fname_src_dir, dname);
7463 if (!smb_fname_src->base_name) {
7464 TALLOC_FREE(dir_hnd);
7465 TALLOC_FREE(talloced);
7466 reply_nterror(req, NT_STATUS_NO_MEMORY);
7470 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
7471 smb_fname_dst->base_name,
7473 TALLOC_FREE(talloced);
7477 TALLOC_FREE(dir_hnd);
7478 TALLOC_FREE(talloced);
7479 reply_nterror(req, NT_STATUS_NO_MEMORY);
7483 TALLOC_FREE(smb_fname_dst->base_name);
7484 smb_fname_dst->base_name = destname;
7486 status = check_name(conn, smb_fname_src->base_name);
7487 if (!NT_STATUS_IS_OK(status)) {
7488 TALLOC_FREE(dir_hnd);
7489 TALLOC_FREE(talloced);
7490 reply_nterror(req, status);
7494 status = check_name(conn, smb_fname_dst->base_name);
7495 if (!NT_STATUS_IS_OK(status)) {
7496 TALLOC_FREE(dir_hnd);
7497 TALLOC_FREE(talloced);
7498 reply_nterror(req, status);
7502 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7503 smb_fname_src->base_name,
7504 smb_fname_dst->base_name));
7506 status = copy_file(ctx, conn, smb_fname_src,
7507 smb_fname_dst, ofun, count,
7508 target_is_directory);
7509 if (NT_STATUS_IS_OK(status)) {
7513 TALLOC_FREE(talloced);
7515 TALLOC_FREE(dir_hnd);
7519 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
7523 reply_outbuf(req, 1, 0);
7524 SSVAL(req->outbuf,smb_vwv0,count);
7526 TALLOC_FREE(smb_fname_src);
7527 TALLOC_FREE(smb_fname_dst);
7528 TALLOC_FREE(fname_src);
7529 TALLOC_FREE(fname_dst);
7530 TALLOC_FREE(fname_src_mask);
7531 TALLOC_FREE(fname_src_dir);
7533 END_PROFILE(SMBcopy);
7538 #define DBGC_CLASS DBGC_LOCKING
7540 /****************************************************************************
7541 Get a lock pid, dealing with large count requests.
7542 ****************************************************************************/
7544 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
7545 bool large_file_format)
7547 if(!large_file_format)
7548 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
7550 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7553 /****************************************************************************
7554 Get a lock count, dealing with large count requests.
7555 ****************************************************************************/
7557 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7558 bool large_file_format)
7562 if(!large_file_format) {
7563 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7566 #if defined(HAVE_LONGLONG)
7567 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7568 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7569 #else /* HAVE_LONGLONG */
7572 * NT4.x seems to be broken in that it sends large file (64 bit)
7573 * lockingX calls even if the CAP_LARGE_FILES was *not*
7574 * negotiated. For boxes without large unsigned ints truncate the
7575 * lock count by dropping the top 32 bits.
7578 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7579 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7580 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7581 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7582 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7585 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7586 #endif /* HAVE_LONGLONG */
7592 #if !defined(HAVE_LONGLONG)
7593 /****************************************************************************
7594 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7595 ****************************************************************************/
7597 static uint32 map_lock_offset(uint32 high, uint32 low)
7601 uint32 highcopy = high;
7604 * Try and find out how many significant bits there are in high.
7607 for(i = 0; highcopy; i++)
7611 * We use 31 bits not 32 here as POSIX
7612 * lock offsets may not be negative.
7615 mask = (~0) << (31 - i);
7618 return 0; /* Fail. */
7624 #endif /* !defined(HAVE_LONGLONG) */
7626 /****************************************************************************
7627 Get a lock offset, dealing with large offset requests.
7628 ****************************************************************************/
7630 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7631 bool large_file_format, bool *err)
7633 uint64_t offset = 0;
7637 if(!large_file_format) {
7638 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7641 #if defined(HAVE_LONGLONG)
7642 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7643 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7644 #else /* HAVE_LONGLONG */
7647 * NT4.x seems to be broken in that it sends large file (64 bit)
7648 * lockingX calls even if the CAP_LARGE_FILES was *not*
7649 * negotiated. For boxes without large unsigned ints mangle the
7650 * lock offset by mapping the top 32 bits onto the lower 32.
7653 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7654 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7655 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7658 if((new_low = map_lock_offset(high, low)) == 0) {
7660 return (uint64_t)-1;
7663 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7664 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7665 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7666 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7669 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7670 #endif /* HAVE_LONGLONG */
7676 NTSTATUS smbd_do_locking(struct smb_request *req,
7680 uint16_t num_ulocks,
7681 struct smbd_lock_element *ulocks,
7683 struct smbd_lock_element *locks,
7686 connection_struct *conn = req->conn;
7688 NTSTATUS status = NT_STATUS_OK;
7692 /* Data now points at the beginning of the list
7693 of smb_unlkrng structs */
7694 for(i = 0; i < (int)num_ulocks; i++) {
7695 struct smbd_lock_element *e = &ulocks[i];
7697 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7698 "pid %u, file %s\n",
7701 (unsigned int)e->smblctx,
7704 if (e->brltype != UNLOCK_LOCK) {
7705 /* this can only happen with SMB2 */
7706 return NT_STATUS_INVALID_PARAMETER;
7709 status = do_unlock(req->sconn->msg_ctx,
7716 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7717 nt_errstr(status)));
7719 if (!NT_STATUS_IS_OK(status)) {
7724 /* Setup the timeout in seconds. */
7726 if (!lp_blocking_locks(SNUM(conn))) {
7730 /* Data now points at the beginning of the list
7731 of smb_lkrng structs */
7733 for(i = 0; i < (int)num_locks; i++) {
7734 struct smbd_lock_element *e = &locks[i];
7736 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7737 "%llu, file %s timeout = %d\n",
7740 (unsigned long long)e->smblctx,
7744 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7745 struct blocking_lock_record *blr = NULL;
7747 if (num_locks > 1) {
7749 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7750 * if the lock vector contains one entry. When given mutliple cancel
7751 * requests in a single PDU we expect the server to return an
7752 * error. Windows servers seem to accept the request but only
7753 * cancel the first lock.
7754 * JRA - Do what Windows does (tm) :-).
7758 /* MS-CIFS (2.2.4.32.1) behavior. */
7759 return NT_STATUS_DOS(ERRDOS,
7760 ERRcancelviolation);
7762 /* Windows behavior. */
7764 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7765 "cancel request\n"));
7771 if (lp_blocking_locks(SNUM(conn))) {
7773 /* Schedule a message to ourselves to
7774 remove the blocking lock record and
7775 return the right error. */
7777 blr = blocking_lock_cancel_smb1(fsp,
7783 NT_STATUS_FILE_LOCK_CONFLICT);
7785 return NT_STATUS_DOS(
7787 ERRcancelviolation);
7790 /* Remove a matching pending lock. */
7791 status = do_lock_cancel(fsp,
7798 bool blocking_lock = timeout ? true : false;
7799 bool defer_lock = false;
7800 struct byte_range_lock *br_lck;
7801 uint64_t block_smblctx;
7803 br_lck = do_lock(req->sconn->msg_ctx,
7815 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7816 /* Windows internal resolution for blocking locks seems
7817 to be about 200ms... Don't wait for less than that. JRA. */
7818 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7819 timeout = lp_lock_spin_time();
7824 /* If a lock sent with timeout of zero would fail, and
7825 * this lock has been requested multiple times,
7826 * according to brl_lock_failed() we convert this
7827 * request to a blocking lock with a timeout of between
7828 * 150 - 300 milliseconds.
7830 * If lp_lock_spin_time() has been set to 0, we skip
7831 * this blocking retry and fail immediately.
7833 * Replacement for do_lock_spin(). JRA. */
7835 if (!req->sconn->using_smb2 &&
7836 br_lck && lp_blocking_locks(SNUM(conn)) &&
7837 lp_lock_spin_time() && !blocking_lock &&
7838 NT_STATUS_EQUAL((status),
7839 NT_STATUS_FILE_LOCK_CONFLICT))
7842 timeout = lp_lock_spin_time();
7845 if (br_lck && defer_lock) {
7847 * A blocking lock was requested. Package up
7848 * this smb into a queued request and push it
7849 * onto the blocking lock queue.
7851 if(push_blocking_lock_request(br_lck,
7862 TALLOC_FREE(br_lck);
7864 return NT_STATUS_OK;
7868 TALLOC_FREE(br_lck);
7871 if (!NT_STATUS_IS_OK(status)) {
7876 /* If any of the above locks failed, then we must unlock
7877 all of the previous locks (X/Open spec). */
7879 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7881 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7882 i = -1; /* we want to skip the for loop */
7886 * Ensure we don't do a remove on the lock that just failed,
7887 * as under POSIX rules, if we have a lock already there, we
7888 * will delete it (and we shouldn't) .....
7890 for(i--; i >= 0; i--) {
7891 struct smbd_lock_element *e = &locks[i];
7893 do_unlock(req->sconn->msg_ctx,
7903 DEBUG(3, ("smbd_do_locking: %s type=%d num_locks=%d num_ulocks=%d\n",
7904 fsp_fnum_dbg(fsp), (unsigned int)type, num_locks, num_ulocks));
7906 return NT_STATUS_OK;
7909 /****************************************************************************
7910 Reply to a lockingX request.
7911 ****************************************************************************/
7913 void reply_lockingX(struct smb_request *req)
7915 connection_struct *conn = req->conn;
7917 unsigned char locktype;
7918 unsigned char oplocklevel;
7923 const uint8_t *data;
7924 bool large_file_format;
7926 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7927 struct smbd_lock_element *ulocks;
7928 struct smbd_lock_element *locks;
7931 START_PROFILE(SMBlockingX);
7934 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7935 END_PROFILE(SMBlockingX);
7939 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7940 locktype = CVAL(req->vwv+3, 0);
7941 oplocklevel = CVAL(req->vwv+3, 1);
7942 num_ulocks = SVAL(req->vwv+6, 0);
7943 num_locks = SVAL(req->vwv+7, 0);
7944 lock_timeout = IVAL(req->vwv+4, 0);
7945 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7947 if (!check_fsp(conn, req, fsp)) {
7948 END_PROFILE(SMBlockingX);
7954 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7955 /* we don't support these - and CANCEL_LOCK makes w2k
7956 and XP reboot so I don't really want to be
7957 compatible! (tridge) */
7958 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7959 END_PROFILE(SMBlockingX);
7963 /* Check if this is an oplock break on a file
7964 we have granted an oplock on.
7966 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7967 /* Client can insist on breaking to none. */
7968 bool break_to_none = (oplocklevel == 0);
7971 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7972 "for %s\n", (unsigned int)oplocklevel,
7973 fsp_fnum_dbg(fsp)));
7976 * Make sure we have granted an exclusive or batch oplock on
7980 if (fsp->oplock_type == 0) {
7982 /* The Samba4 nbench simulator doesn't understand
7983 the difference between break to level2 and break
7984 to none from level2 - it sends oplock break
7985 replies in both cases. Don't keep logging an error
7986 message here - just ignore it. JRA. */
7988 DEBUG(5,("reply_lockingX: Error : oplock break from "
7989 "client for %s (oplock=%d) and no "
7990 "oplock granted on this file (%s).\n",
7991 fsp_fnum_dbg(fsp), fsp->oplock_type,
7994 /* if this is a pure oplock break request then don't
7996 if (num_locks == 0 && num_ulocks == 0) {
7997 END_PROFILE(SMBlockingX);
8000 END_PROFILE(SMBlockingX);
8001 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
8006 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
8008 result = remove_oplock(fsp);
8010 result = downgrade_oplock(fsp);
8014 DEBUG(0, ("reply_lockingX: error in removing "
8015 "oplock on file %s\n", fsp_str_dbg(fsp)));
8016 /* Hmmm. Is this panic justified? */
8017 smb_panic("internal tdb error");
8020 reply_to_oplock_break_requests(fsp);
8022 /* if this is a pure oplock break request then don't send a
8024 if (num_locks == 0 && num_ulocks == 0) {
8025 /* Sanity check - ensure a pure oplock break is not a
8027 if(CVAL(req->vwv+0, 0) != 0xff)
8028 DEBUG(0,("reply_lockingX: Error : pure oplock "
8029 "break is a chained %d request !\n",
8030 (unsigned int)CVAL(req->vwv+0, 0)));
8031 END_PROFILE(SMBlockingX);
8037 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
8038 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8039 END_PROFILE(SMBlockingX);
8043 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
8044 if (ulocks == NULL) {
8045 reply_nterror(req, NT_STATUS_NO_MEMORY);
8046 END_PROFILE(SMBlockingX);
8050 locks = talloc_array(req, struct smbd_lock_element, num_locks);
8051 if (locks == NULL) {
8052 reply_nterror(req, NT_STATUS_NO_MEMORY);
8053 END_PROFILE(SMBlockingX);
8057 /* Data now points at the beginning of the list
8058 of smb_unlkrng structs */
8059 for(i = 0; i < (int)num_ulocks; i++) {
8060 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
8061 ulocks[i].count = get_lock_count(data, i, large_file_format);
8062 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
8063 ulocks[i].brltype = UNLOCK_LOCK;
8066 * There is no error code marked "stupid client bug".... :-).
8069 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8070 END_PROFILE(SMBlockingX);
8075 /* Now do any requested locks */
8076 data += ((large_file_format ? 20 : 10)*num_ulocks);
8078 /* Data now points at the beginning of the list
8079 of smb_lkrng structs */
8081 for(i = 0; i < (int)num_locks; i++) {
8082 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
8083 locks[i].count = get_lock_count(data, i, large_file_format);
8084 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
8086 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
8087 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
8088 locks[i].brltype = PENDING_READ_LOCK;
8090 locks[i].brltype = READ_LOCK;
8093 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
8094 locks[i].brltype = PENDING_WRITE_LOCK;
8096 locks[i].brltype = WRITE_LOCK;
8101 * There is no error code marked "stupid client bug".... :-).
8104 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8105 END_PROFILE(SMBlockingX);
8110 status = smbd_do_locking(req, fsp,
8111 locktype, lock_timeout,
8115 if (!NT_STATUS_IS_OK(status)) {
8116 END_PROFILE(SMBlockingX);
8117 reply_nterror(req, status);
8121 END_PROFILE(SMBlockingX);
8125 reply_outbuf(req, 2, 0);
8126 SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
8127 SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
8129 DEBUG(3, ("lockingX %s type=%d num_locks=%d num_ulocks=%d\n",
8130 fsp_fnum_dbg(fsp), (unsigned int)locktype, num_locks, num_ulocks));
8132 END_PROFILE(SMBlockingX);
8136 #define DBGC_CLASS DBGC_ALL
8138 /****************************************************************************
8139 Reply to a SMBreadbmpx (read block multiplex) request.
8140 Always reply with an error, if someone has a platform really needs this,
8141 please contact vl@samba.org
8142 ****************************************************************************/
8144 void reply_readbmpx(struct smb_request *req)
8146 START_PROFILE(SMBreadBmpx);
8147 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8148 END_PROFILE(SMBreadBmpx);
8152 /****************************************************************************
8153 Reply to a SMBreadbs (read block multiplex secondary) request.
8154 Always reply with an error, if someone has a platform really needs this,
8155 please contact vl@samba.org
8156 ****************************************************************************/
8158 void reply_readbs(struct smb_request *req)
8160 START_PROFILE(SMBreadBs);
8161 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8162 END_PROFILE(SMBreadBs);
8166 /****************************************************************************
8167 Reply to a SMBsetattrE.
8168 ****************************************************************************/
8170 void reply_setattrE(struct smb_request *req)
8172 connection_struct *conn = req->conn;
8173 struct smb_file_time ft;
8177 START_PROFILE(SMBsetattrE);
8181 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8185 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
8187 if(!fsp || (fsp->conn != conn)) {
8188 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
8193 * Convert the DOS times into unix times.
8196 ft.atime = convert_time_t_to_timespec(
8197 srv_make_unix_date2(req->vwv+3));
8198 ft.mtime = convert_time_t_to_timespec(
8199 srv_make_unix_date2(req->vwv+5));
8200 ft.create_time = convert_time_t_to_timespec(
8201 srv_make_unix_date2(req->vwv+1));
8203 reply_outbuf(req, 0, 0);
8206 * Patch from Ray Frush <frush@engr.colostate.edu>
8207 * Sometimes times are sent as zero - ignore them.
8210 /* Ensure we have a valid stat struct for the source. */
8211 status = vfs_stat_fsp(fsp);
8212 if (!NT_STATUS_IS_OK(status)) {
8213 reply_nterror(req, status);
8217 if (!(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
8218 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
8222 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
8223 if (!NT_STATUS_IS_OK(status)) {
8224 reply_nterror(req, status);
8228 DEBUG( 3, ( "reply_setattrE %s actime=%u modtime=%u "
8231 (unsigned int)ft.atime.tv_sec,
8232 (unsigned int)ft.mtime.tv_sec,
8233 (unsigned int)ft.create_time.tv_sec
8236 END_PROFILE(SMBsetattrE);
8241 /* Back from the dead for OS/2..... JRA. */
8243 /****************************************************************************
8244 Reply to a SMBwritebmpx (write block multiplex primary) request.
8245 Always reply with an error, if someone has a platform really needs this,
8246 please contact vl@samba.org
8247 ****************************************************************************/
8249 void reply_writebmpx(struct smb_request *req)
8251 START_PROFILE(SMBwriteBmpx);
8252 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8253 END_PROFILE(SMBwriteBmpx);
8257 /****************************************************************************
8258 Reply to a SMBwritebs (write block multiplex secondary) request.
8259 Always reply with an error, if someone has a platform really needs this,
8260 please contact vl@samba.org
8261 ****************************************************************************/
8263 void reply_writebs(struct smb_request *req)
8265 START_PROFILE(SMBwriteBs);
8266 reply_force_doserror(req, ERRSRV, ERRuseSTD);
8267 END_PROFILE(SMBwriteBs);
8271 /****************************************************************************
8272 Reply to a SMBgetattrE.
8273 ****************************************************************************/
8275 void reply_getattrE(struct smb_request *req)
8277 connection_struct *conn = req->conn;
8280 struct timespec create_ts;
8282 START_PROFILE(SMBgetattrE);
8285 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8286 END_PROFILE(SMBgetattrE);
8290 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
8292 if(!fsp || (fsp->conn != conn)) {
8293 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
8294 END_PROFILE(SMBgetattrE);
8298 /* Do an fstat on this file */
8300 reply_nterror(req, map_nt_error_from_unix(errno));
8301 END_PROFILE(SMBgetattrE);
8305 mode = dos_mode(conn, fsp->fsp_name);
8308 * Convert the times into dos times. Set create
8309 * date to be last modify date as UNIX doesn't save
8313 reply_outbuf(req, 11, 0);
8315 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
8316 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
8317 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
8318 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
8319 /* Should we check pending modtime here ? JRA */
8320 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
8321 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
8323 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
8324 SIVAL(req->outbuf, smb_vwv6, 0);
8325 SIVAL(req->outbuf, smb_vwv8, 0);
8327 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
8328 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
8329 SIVAL(req->outbuf, smb_vwv8, allocation_size);
8331 SSVAL(req->outbuf,smb_vwv10, mode);
8333 DEBUG( 3, ( "reply_getattrE %s\n", fsp_fnum_dbg(fsp)));
8335 END_PROFILE(SMBgetattrE);