2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern bool global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 bool *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
219 bool *contains_wcard)
226 ret = srvstr_pull_buf_talloc(ctx,
233 ret = srvstr_pull_talloc(ctx,
243 *err = NT_STATUS_INVALID_PARAMETER;
247 *contains_wcard = False;
249 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
251 * For a DFS path the function parse_dfs_path()
252 * will do the path processing, just make a copy.
258 if (lp_posix_pathnames()) {
259 *err = check_path_syntax_posix(*pp_dest);
261 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
267 /****************************************************************************
268 Pull a string and check the path - provide for error return.
269 ****************************************************************************/
271 size_t srvstr_get_path(TALLOC_CTX *ctx,
285 ret = srvstr_pull_buf_talloc(ctx,
292 ret = srvstr_pull_talloc(ctx,
302 *err = NT_STATUS_INVALID_PARAMETER;
306 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
308 * For a DFS path the function parse_dfs_path()
309 * will do the path processing, just make a copy.
315 if (lp_posix_pathnames()) {
316 *err = check_path_syntax_posix(*pp_dest);
318 *err = check_path_syntax(*pp_dest);
324 /****************************************************************************
325 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
326 ****************************************************************************/
328 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
329 files_struct *fsp, struct current_user *user)
331 if (!(fsp) || !(conn)) {
332 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
335 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
336 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
342 /****************************************************************************
343 Check if we have a correct fsp pointing to a file. Replacement for the
345 ****************************************************************************/
347 bool check_fsp(connection_struct *conn, struct smb_request *req,
348 files_struct *fsp, struct current_user *user)
350 if (!check_fsp_open(conn, req, fsp, user)) {
353 if ((fsp)->is_directory) {
354 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
357 if ((fsp)->fh->fd == -1) {
358 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
361 (fsp)->num_smb_operations++;
365 /****************************************************************************
366 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
367 ****************************************************************************/
369 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
370 files_struct *fsp, struct current_user *user)
372 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
373 && (current_user.vuid==(fsp)->vuid)) {
377 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
381 /****************************************************************************
382 Reply to a (netbios-level) special message.
383 ****************************************************************************/
385 void reply_special(char *inbuf)
387 int msg_type = CVAL(inbuf,0);
388 int msg_flags = CVAL(inbuf,1);
393 * We only really use 4 bytes of the outbuf, but for the smb_setlen
394 * calculation & friends (srv_send_smb uses that) we need the full smb
397 char outbuf[smb_size];
399 static bool already_got_session = False;
403 memset(outbuf, '\0', sizeof(outbuf));
405 smb_setlen(outbuf,0);
408 case 0x81: /* session request */
410 if (already_got_session) {
411 exit_server_cleanly("multiple session request not permitted");
414 SCVAL(outbuf,0,0x82);
416 if (name_len(inbuf+4) > 50 ||
417 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
418 DEBUG(0,("Invalid name length in session request\n"));
421 name_extract(inbuf,4,name1);
422 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
423 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
426 set_local_machine_name(name1, True);
427 set_remote_machine_name(name2, True);
429 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
430 get_local_machine_name(), get_remote_machine_name(),
433 if (name_type == 'R') {
434 /* We are being asked for a pathworks session ---
436 SCVAL(outbuf, 0,0x83);
440 /* only add the client's machine name to the list
441 of possibly valid usernames if we are operating
442 in share mode security */
443 if (lp_security() == SEC_SHARE) {
444 add_session_user(get_remote_machine_name());
447 reload_services(True);
450 already_got_session = True;
453 case 0x89: /* session keepalive request
454 (some old clients produce this?) */
455 SCVAL(outbuf,0,SMBkeepalive);
459 case 0x82: /* positive session response */
460 case 0x83: /* negative session response */
461 case 0x84: /* retarget session response */
462 DEBUG(0,("Unexpected session response\n"));
465 case SMBkeepalive: /* session keepalive */
470 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
471 msg_type, msg_flags));
473 srv_send_smb(smbd_server_fd(), outbuf, false);
477 /****************************************************************************
479 conn POINTER CAN BE NULL HERE !
480 ****************************************************************************/
482 void reply_tcon(struct smb_request *req)
484 connection_struct *conn = req->conn;
486 char *service_buf = NULL;
487 char *password = NULL;
492 DATA_BLOB password_blob;
493 TALLOC_CTX *ctx = talloc_tos();
495 START_PROFILE(SMBtcon);
497 if (smb_buflen(req->inbuf) < 4) {
498 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
499 END_PROFILE(SMBtcon);
503 p = smb_buf(req->inbuf)+1;
504 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
505 &service_buf, p, STR_TERMINATE) + 1;
506 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
507 &password, p, STR_TERMINATE) + 1;
509 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
510 &dev, p, STR_TERMINATE) + 1;
512 if (service_buf == NULL || password == NULL || dev == NULL) {
513 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
514 END_PROFILE(SMBtcon);
517 p = strrchr_m(service_buf,'\\');
521 service = service_buf;
524 password_blob = data_blob(password, pwlen+1);
526 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
529 data_blob_clear_free(&password_blob);
532 reply_nterror(req, nt_status);
533 END_PROFILE(SMBtcon);
537 reply_outbuf(req, 2, 0);
538 SSVAL(req->outbuf,smb_vwv0,max_recv);
539 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
540 SSVAL(req->outbuf,smb_tid,conn->cnum);
542 DEBUG(3,("tcon service=%s cnum=%d\n",
543 service, conn->cnum));
545 END_PROFILE(SMBtcon);
549 /****************************************************************************
550 Reply to a tcon and X.
551 conn POINTER CAN BE NULL HERE !
552 ****************************************************************************/
554 void reply_tcon_and_X(struct smb_request *req)
556 connection_struct *conn = req->conn;
557 char *service = NULL;
559 TALLOC_CTX *ctx = talloc_tos();
560 /* what the cleint thinks the device is */
561 char *client_devicetype = NULL;
562 /* what the server tells the client the share represents */
563 const char *server_devicetype;
570 START_PROFILE(SMBtconX);
573 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
574 END_PROFILE(SMBtconX);
578 passlen = SVAL(req->inbuf,smb_vwv3);
579 tcon_flags = SVAL(req->inbuf,smb_vwv2);
581 /* we might have to close an old one */
582 if ((tcon_flags & 0x1) && conn) {
583 close_cnum(conn,req->vuid);
588 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
589 reply_doserror(req, ERRDOS, ERRbuftoosmall);
590 END_PROFILE(SMBtconX);
594 if (global_encrypted_passwords_negotiated) {
595 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
597 if (lp_security() == SEC_SHARE) {
599 * Security = share always has a pad byte
600 * after the password.
602 p = smb_buf(req->inbuf) + passlen + 1;
604 p = smb_buf(req->inbuf) + passlen;
607 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
609 /* Ensure correct termination */
610 password.data[passlen]=0;
611 p = smb_buf(req->inbuf) + passlen + 1;
614 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
618 data_blob_clear_free(&password);
619 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
620 END_PROFILE(SMBtconX);
625 * the service name can be either: \\server\share
626 * or share directly like on the DELL PowerVault 705
629 q = strchr_m(path+2,'\\');
631 data_blob_clear_free(&password);
632 reply_doserror(req, ERRDOS, ERRnosuchshare);
633 END_PROFILE(SMBtconX);
641 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
642 &client_devicetype, p,
643 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
645 if (client_devicetype == NULL) {
646 data_blob_clear_free(&password);
647 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
648 END_PROFILE(SMBtconX);
652 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
654 conn = make_connection(service, password, client_devicetype,
655 req->vuid, &nt_status);
658 data_blob_clear_free(&password);
661 reply_nterror(req, nt_status);
662 END_PROFILE(SMBtconX);
667 server_devicetype = "IPC";
668 else if ( IS_PRINT(conn) )
669 server_devicetype = "LPT1:";
671 server_devicetype = "A:";
673 if (Protocol < PROTOCOL_NT1) {
674 reply_outbuf(req, 2, 0);
675 if (message_push_string(&req->outbuf, server_devicetype,
676 STR_TERMINATE|STR_ASCII) == -1) {
677 reply_nterror(req, NT_STATUS_NO_MEMORY);
678 END_PROFILE(SMBtconX);
682 /* NT sets the fstype of IPC$ to the null string */
683 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
685 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
686 /* Return permissions. */
690 reply_outbuf(req, 7, 0);
693 perm1 = FILE_ALL_ACCESS;
694 perm2 = FILE_ALL_ACCESS;
696 perm1 = CAN_WRITE(conn) ?
701 SIVAL(req->outbuf, smb_vwv3, perm1);
702 SIVAL(req->outbuf, smb_vwv5, perm2);
704 reply_outbuf(req, 3, 0);
707 if ((message_push_string(&req->outbuf, server_devicetype,
708 STR_TERMINATE|STR_ASCII) == -1)
709 || (message_push_string(&req->outbuf, fstype,
710 STR_TERMINATE) == -1)) {
711 reply_nterror(req, NT_STATUS_NO_MEMORY);
712 END_PROFILE(SMBtconX);
716 /* what does setting this bit do? It is set by NT4 and
717 may affect the ability to autorun mounted cdroms */
718 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
719 (lp_csc_policy(SNUM(conn)) << 2));
721 init_dfsroot(conn, req->inbuf, req->outbuf);
725 DEBUG(3,("tconX service=%s \n",
728 /* set the incoming and outgoing tid to the just created one */
729 SSVAL(req->inbuf,smb_tid,conn->cnum);
730 SSVAL(req->outbuf,smb_tid,conn->cnum);
732 END_PROFILE(SMBtconX);
738 /****************************************************************************
739 Reply to an unknown type.
740 ****************************************************************************/
742 void reply_unknown_new(struct smb_request *req, uint8 type)
744 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
745 smb_fn_name(type), type, type));
746 reply_doserror(req, ERRSRV, ERRunknownsmb);
750 /****************************************************************************
752 conn POINTER CAN BE NULL HERE !
753 ****************************************************************************/
755 void reply_ioctl(struct smb_request *req)
757 connection_struct *conn = req->conn;
764 START_PROFILE(SMBioctl);
767 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
768 END_PROFILE(SMBioctl);
772 device = SVAL(req->inbuf,smb_vwv1);
773 function = SVAL(req->inbuf,smb_vwv2);
774 ioctl_code = (device << 16) + function;
776 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
778 switch (ioctl_code) {
779 case IOCTL_QUERY_JOB_INFO:
783 reply_doserror(req, ERRSRV, ERRnosupport);
784 END_PROFILE(SMBioctl);
788 reply_outbuf(req, 8, replysize+1);
789 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
790 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
791 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
792 p = smb_buf(req->outbuf);
793 memset(p, '\0', replysize+1); /* valgrind-safe. */
794 p += 1; /* Allow for alignment */
796 switch (ioctl_code) {
797 case IOCTL_QUERY_JOB_INFO:
799 files_struct *fsp = file_fsp(SVAL(req->inbuf,
802 reply_doserror(req, ERRDOS, ERRbadfid);
803 END_PROFILE(SMBioctl);
806 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
807 srvstr_push((char *)req->outbuf, req->flags2, p+2,
809 STR_TERMINATE|STR_ASCII);
811 srvstr_push((char *)req->outbuf, req->flags2,
812 p+18, lp_servicename(SNUM(conn)),
813 13, STR_TERMINATE|STR_ASCII);
821 END_PROFILE(SMBioctl);
825 /****************************************************************************
826 Strange checkpath NTSTATUS mapping.
827 ****************************************************************************/
829 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
831 /* Strange DOS error code semantics only for checkpath... */
832 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
833 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
834 /* We need to map to ERRbadpath */
835 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
841 /****************************************************************************
842 Reply to a checkpath.
843 ****************************************************************************/
845 void reply_checkpath(struct smb_request *req)
847 connection_struct *conn = req->conn;
849 SMB_STRUCT_STAT sbuf;
851 TALLOC_CTX *ctx = talloc_tos();
853 START_PROFILE(SMBcheckpath);
855 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
856 smb_buf(req->inbuf) + 1, 0,
857 STR_TERMINATE, &status);
858 if (!NT_STATUS_IS_OK(status)) {
859 status = map_checkpath_error((char *)req->inbuf, status);
860 reply_nterror(req, status);
861 END_PROFILE(SMBcheckpath);
865 status = resolve_dfspath(ctx, conn,
866 req->flags2 & FLAGS2_DFS_PATHNAMES,
869 if (!NT_STATUS_IS_OK(status)) {
870 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
871 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
873 END_PROFILE(SMBcheckpath);
879 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
881 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
882 if (!NT_STATUS_IS_OK(status)) {
886 status = check_name(conn, name);
887 if (!NT_STATUS_IS_OK(status)) {
888 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
892 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
893 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
894 status = map_nt_error_from_unix(errno);
898 if (!S_ISDIR(sbuf.st_mode)) {
899 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
901 END_PROFILE(SMBcheckpath);
905 reply_outbuf(req, 0, 0);
907 END_PROFILE(SMBcheckpath);
912 END_PROFILE(SMBcheckpath);
914 /* We special case this - as when a Windows machine
915 is parsing a path is steps through the components
916 one at a time - if a component fails it expects
917 ERRbadpath, not ERRbadfile.
919 status = map_checkpath_error((char *)req->inbuf, status);
920 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
922 * Windows returns different error codes if
923 * the parent directory is valid but not the
924 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
925 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
926 * if the path is invalid.
928 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
933 reply_nterror(req, status);
936 /****************************************************************************
938 ****************************************************************************/
940 void reply_getatr(struct smb_request *req)
942 connection_struct *conn = req->conn;
944 SMB_STRUCT_STAT sbuf;
950 TALLOC_CTX *ctx = talloc_tos();
952 START_PROFILE(SMBgetatr);
954 p = smb_buf(req->inbuf) + 1;
955 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
956 0, STR_TERMINATE, &status);
957 if (!NT_STATUS_IS_OK(status)) {
958 reply_nterror(req, status);
959 END_PROFILE(SMBgetatr);
963 status = resolve_dfspath(ctx, conn,
964 req->flags2 & FLAGS2_DFS_PATHNAMES,
967 if (!NT_STATUS_IS_OK(status)) {
968 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
969 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
971 END_PROFILE(SMBgetatr);
974 reply_nterror(req, status);
975 END_PROFILE(SMBgetatr);
979 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
980 under WfWg - weird! */
981 if (*fname == '\0') {
982 mode = aHIDDEN | aDIR;
983 if (!CAN_WRITE(conn)) {
989 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
990 if (!NT_STATUS_IS_OK(status)) {
991 reply_nterror(req, status);
992 END_PROFILE(SMBgetatr);
995 status = check_name(conn, fname);
996 if (!NT_STATUS_IS_OK(status)) {
997 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
998 reply_nterror(req, status);
999 END_PROFILE(SMBgetatr);
1002 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1003 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1004 reply_unixerror(req, ERRDOS,ERRbadfile);
1005 END_PROFILE(SMBgetatr);
1009 mode = dos_mode(conn,fname,&sbuf);
1010 size = sbuf.st_size;
1011 mtime = sbuf.st_mtime;
1017 reply_outbuf(req, 10, 0);
1019 SSVAL(req->outbuf,smb_vwv0,mode);
1020 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1021 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1023 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1025 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1027 if (Protocol >= PROTOCOL_NT1) {
1028 SSVAL(req->outbuf, smb_flg2,
1029 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1032 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1034 END_PROFILE(SMBgetatr);
1038 /****************************************************************************
1040 ****************************************************************************/
1042 void reply_setatr(struct smb_request *req)
1044 connection_struct *conn = req->conn;
1048 SMB_STRUCT_STAT sbuf;
1051 TALLOC_CTX *ctx = talloc_tos();
1053 START_PROFILE(SMBsetatr);
1056 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1060 p = smb_buf(req->inbuf) + 1;
1061 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1062 0, STR_TERMINATE, &status);
1063 if (!NT_STATUS_IS_OK(status)) {
1064 reply_nterror(req, status);
1065 END_PROFILE(SMBsetatr);
1069 status = resolve_dfspath(ctx, conn,
1070 req->flags2 & FLAGS2_DFS_PATHNAMES,
1073 if (!NT_STATUS_IS_OK(status)) {
1074 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1075 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1076 ERRSRV, ERRbadpath);
1077 END_PROFILE(SMBsetatr);
1080 reply_nterror(req, status);
1081 END_PROFILE(SMBsetatr);
1085 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1086 if (!NT_STATUS_IS_OK(status)) {
1087 reply_nterror(req, status);
1088 END_PROFILE(SMBsetatr);
1092 status = check_name(conn, fname);
1093 if (!NT_STATUS_IS_OK(status)) {
1094 reply_nterror(req, status);
1095 END_PROFILE(SMBsetatr);
1099 if (fname[0] == '.' && fname[1] == '\0') {
1101 * Not sure here is the right place to catch this
1102 * condition. Might be moved to somewhere else later -- vl
1104 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1105 END_PROFILE(SMBsetatr);
1109 mode = SVAL(req->inbuf,smb_vwv0);
1110 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1112 if (mode != FILE_ATTRIBUTE_NORMAL) {
1113 if (VALID_STAT_OF_DIR(sbuf))
1118 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1119 reply_unixerror(req, ERRDOS, ERRnoaccess);
1120 END_PROFILE(SMBsetatr);
1125 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1126 reply_unixerror(req, ERRDOS, ERRnoaccess);
1127 END_PROFILE(SMBsetatr);
1131 reply_outbuf(req, 0, 0);
1133 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1135 END_PROFILE(SMBsetatr);
1139 /****************************************************************************
1141 ****************************************************************************/
1143 void reply_dskattr(struct smb_request *req)
1145 connection_struct *conn = req->conn;
1146 SMB_BIG_UINT dfree,dsize,bsize;
1147 START_PROFILE(SMBdskattr);
1149 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1150 reply_unixerror(req, ERRHRD, ERRgeneral);
1151 END_PROFILE(SMBdskattr);
1155 reply_outbuf(req, 5, 0);
1157 if (Protocol <= PROTOCOL_LANMAN2) {
1158 double total_space, free_space;
1159 /* we need to scale this to a number that DOS6 can handle. We
1160 use floating point so we can handle large drives on systems
1161 that don't have 64 bit integers
1163 we end up displaying a maximum of 2G to DOS systems
1165 total_space = dsize * (double)bsize;
1166 free_space = dfree * (double)bsize;
1168 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1169 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1171 if (dsize > 0xFFFF) dsize = 0xFFFF;
1172 if (dfree > 0xFFFF) dfree = 0xFFFF;
1174 SSVAL(req->outbuf,smb_vwv0,dsize);
1175 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1176 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1177 SSVAL(req->outbuf,smb_vwv3,dfree);
1179 SSVAL(req->outbuf,smb_vwv0,dsize);
1180 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1181 SSVAL(req->outbuf,smb_vwv2,512);
1182 SSVAL(req->outbuf,smb_vwv3,dfree);
1185 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1187 END_PROFILE(SMBdskattr);
1191 /****************************************************************************
1193 Can be called from SMBsearch, SMBffirst or SMBfunique.
1194 ****************************************************************************/
1196 void reply_search(struct smb_request *req)
1198 connection_struct *conn = req->conn;
1200 char *directory = NULL;
1206 unsigned int numentries = 0;
1207 unsigned int maxentries = 0;
1208 bool finished = False;
1214 bool check_descend = False;
1215 bool expect_close = False;
1217 bool mask_contains_wcard = False;
1218 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1219 TALLOC_CTX *ctx = talloc_tos();
1221 START_PROFILE(SMBsearch);
1224 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1225 END_PROFILE(SMBsearch);
1229 if (lp_posix_pathnames()) {
1230 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1231 END_PROFILE(SMBsearch);
1235 /* If we were called as SMBffirst then we must expect close. */
1236 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1237 expect_close = True;
1240 reply_outbuf(req, 1, 3);
1241 maxentries = SVAL(req->inbuf,smb_vwv0);
1242 dirtype = SVAL(req->inbuf,smb_vwv1);
1243 p = smb_buf(req->inbuf) + 1;
1244 p += srvstr_get_path_wcard(ctx,
1252 &mask_contains_wcard);
1253 if (!NT_STATUS_IS_OK(nt_status)) {
1254 reply_nterror(req, nt_status);
1255 END_PROFILE(SMBsearch);
1259 nt_status = resolve_dfspath_wcard(ctx, conn,
1260 req->flags2 & FLAGS2_DFS_PATHNAMES,
1263 &mask_contains_wcard);
1264 if (!NT_STATUS_IS_OK(nt_status)) {
1265 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1266 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1267 ERRSRV, ERRbadpath);
1268 END_PROFILE(SMBsearch);
1271 reply_nterror(req, nt_status);
1272 END_PROFILE(SMBsearch);
1277 status_len = SVAL(p, 0);
1280 /* dirtype &= ~aDIR; */
1282 if (status_len == 0) {
1283 SMB_STRUCT_STAT sbuf;
1285 nt_status = unix_convert(ctx, conn, path, True,
1286 &directory, NULL, &sbuf);
1287 if (!NT_STATUS_IS_OK(nt_status)) {
1288 reply_nterror(req, nt_status);
1289 END_PROFILE(SMBsearch);
1293 nt_status = check_name(conn, directory);
1294 if (!NT_STATUS_IS_OK(nt_status)) {
1295 reply_nterror(req, nt_status);
1296 END_PROFILE(SMBsearch);
1300 p = strrchr_m(directory,'/');
1303 directory = talloc_strdup(ctx,".");
1305 reply_nterror(req, NT_STATUS_NO_MEMORY);
1306 END_PROFILE(SMBsearch);
1314 if (*directory == '\0') {
1315 directory = talloc_strdup(ctx,".");
1317 reply_nterror(req, NT_STATUS_NO_MEMORY);
1318 END_PROFILE(SMBsearch);
1322 memset((char *)status,'\0',21);
1323 SCVAL(status,0,(dirtype & 0x1F));
1325 nt_status = dptr_create(conn,
1331 mask_contains_wcard,
1334 if (!NT_STATUS_IS_OK(nt_status)) {
1335 reply_nterror(req, nt_status);
1336 END_PROFILE(SMBsearch);
1339 dptr_num = dptr_dnum(conn->dirptr);
1343 memcpy(status,p,21);
1344 status_dirtype = CVAL(status,0) & 0x1F;
1345 if (status_dirtype != (dirtype & 0x1F)) {
1346 dirtype = status_dirtype;
1349 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1350 if (!conn->dirptr) {
1353 string_set(&conn->dirpath,dptr_path(dptr_num));
1354 mask = dptr_wcard(dptr_num);
1359 * For a 'continue' search we have no string. So
1360 * check from the initial saved string.
1362 mask_contains_wcard = ms_has_wild(mask);
1363 dirtype = dptr_attr(dptr_num);
1366 DEBUG(4,("dptr_num is %d\n",dptr_num));
1368 if ((dirtype&0x1F) == aVOLID) {
1369 char buf[DIR_STRUCT_SIZE];
1370 memcpy(buf,status,21);
1371 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1372 0,aVOLID,0,!allow_long_path_components)) {
1373 reply_nterror(req, NT_STATUS_NO_MEMORY);
1374 END_PROFILE(SMBsearch);
1377 dptr_fill(buf+12,dptr_num);
1378 if (dptr_zero(buf+12) && (status_len==0)) {
1383 if (message_push_blob(&req->outbuf,
1384 data_blob_const(buf, sizeof(buf)))
1386 reply_nterror(req, NT_STATUS_NO_MEMORY);
1387 END_PROFILE(SMBsearch);
1395 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1398 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1399 conn->dirpath,lp_dontdescend(SNUM(conn))));
1400 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1401 check_descend = True;
1404 for (i=numentries;(i<maxentries) && !finished;i++) {
1405 finished = !get_dir_entry(ctx,conn,mask,dirtype,&fname,
1406 &size,&mode,&date,check_descend);
1408 char buf[DIR_STRUCT_SIZE];
1409 memcpy(buf,status,21);
1410 if (!make_dir_struct(ctx,
1417 !allow_long_path_components)) {
1418 reply_nterror(req, NT_STATUS_NO_MEMORY);
1419 END_PROFILE(SMBsearch);
1422 if (!dptr_fill(buf+12,dptr_num)) {
1425 if (message_push_blob(&req->outbuf,
1426 data_blob_const(buf, sizeof(buf)))
1428 reply_nterror(req, NT_STATUS_NO_MEMORY);
1429 END_PROFILE(SMBsearch);
1439 /* If we were called as SMBffirst with smb_search_id == NULL
1440 and no entries were found then return error and close dirptr
1443 if (numentries == 0) {
1444 dptr_close(&dptr_num);
1445 } else if(expect_close && status_len == 0) {
1446 /* Close the dptr - we know it's gone */
1447 dptr_close(&dptr_num);
1450 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1451 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1452 dptr_close(&dptr_num);
1455 if ((numentries == 0) && !mask_contains_wcard) {
1456 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1457 END_PROFILE(SMBsearch);
1461 SSVAL(req->outbuf,smb_vwv0,numentries);
1462 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1463 SCVAL(smb_buf(req->outbuf),0,5);
1464 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1466 /* The replies here are never long name. */
1467 SSVAL(req->outbuf, smb_flg2,
1468 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1469 if (!allow_long_path_components) {
1470 SSVAL(req->outbuf, smb_flg2,
1471 SVAL(req->outbuf, smb_flg2)
1472 & (~FLAGS2_LONG_PATH_COMPONENTS));
1475 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1476 SSVAL(req->outbuf, smb_flg2,
1477 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1480 directory = dptr_path(dptr_num);
1483 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1484 smb_fn_name(CVAL(req->inbuf,smb_com)),
1486 directory ? directory : "./",
1491 END_PROFILE(SMBsearch);
1495 /****************************************************************************
1496 Reply to a fclose (stop directory search).
1497 ****************************************************************************/
1499 void reply_fclose(struct smb_request *req)
1507 bool path_contains_wcard = False;
1508 TALLOC_CTX *ctx = talloc_tos();
1510 START_PROFILE(SMBfclose);
1512 if (lp_posix_pathnames()) {
1513 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1514 END_PROFILE(SMBfclose);
1518 p = smb_buf(req->inbuf) + 1;
1519 p += srvstr_get_path_wcard(ctx,
1527 &path_contains_wcard);
1528 if (!NT_STATUS_IS_OK(err)) {
1529 reply_nterror(req, err);
1530 END_PROFILE(SMBfclose);
1534 status_len = SVAL(p,0);
1537 if (status_len == 0) {
1538 reply_doserror(req, ERRSRV, ERRsrverror);
1539 END_PROFILE(SMBfclose);
1543 memcpy(status,p,21);
1545 if(dptr_fetch(status+12,&dptr_num)) {
1546 /* Close the dptr - we know it's gone */
1547 dptr_close(&dptr_num);
1550 reply_outbuf(req, 1, 0);
1551 SSVAL(req->outbuf,smb_vwv0,0);
1553 DEBUG(3,("search close\n"));
1555 END_PROFILE(SMBfclose);
1559 /****************************************************************************
1561 ****************************************************************************/
1563 void reply_open(struct smb_request *req)
1565 connection_struct *conn = req->conn;
1571 SMB_STRUCT_STAT sbuf;
1578 uint32 create_disposition;
1579 uint32 create_options = 0;
1581 TALLOC_CTX *ctx = talloc_tos();
1583 START_PROFILE(SMBopen);
1586 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1587 END_PROFILE(SMBopen);
1591 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1592 deny_mode = SVAL(req->inbuf,smb_vwv0);
1593 dos_attr = SVAL(req->inbuf,smb_vwv1);
1595 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1596 smb_buf(req->inbuf)+1, 0,
1597 STR_TERMINATE, &status);
1598 if (!NT_STATUS_IS_OK(status)) {
1599 reply_nterror(req, status);
1600 END_PROFILE(SMBopen);
1604 if (!map_open_params_to_ntcreate(
1605 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1606 &share_mode, &create_disposition, &create_options)) {
1607 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1608 END_PROFILE(SMBopen);
1612 status = create_file(conn, /* conn */
1614 0, /* root_dir_fid */
1616 access_mask, /* access_mask */
1617 share_mode, /* share_access */
1618 create_disposition, /* create_disposition*/
1619 create_options, /* create_options */
1620 dos_attr, /* file_attributes */
1621 oplock_request, /* oplock_request */
1622 0, /* allocation_size */
1629 if (!NT_STATUS_IS_OK(status)) {
1630 if (open_was_deferred(req->mid)) {
1631 /* We have re-scheduled this call. */
1632 END_PROFILE(SMBopen);
1635 reply_openerror(req, status);
1636 END_PROFILE(SMBopen);
1640 size = sbuf.st_size;
1641 fattr = dos_mode(conn,fname,&sbuf);
1642 mtime = sbuf.st_mtime;
1645 DEBUG(3,("attempt to open a directory %s\n",fname));
1646 close_file(fsp,ERROR_CLOSE);
1647 reply_doserror(req, ERRDOS,ERRnoaccess);
1648 END_PROFILE(SMBopen);
1652 reply_outbuf(req, 7, 0);
1653 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1654 SSVAL(req->outbuf,smb_vwv1,fattr);
1655 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1656 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1658 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1660 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1661 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1663 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1664 SCVAL(req->outbuf,smb_flg,
1665 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1668 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1669 SCVAL(req->outbuf,smb_flg,
1670 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1672 END_PROFILE(SMBopen);
1676 /****************************************************************************
1677 Reply to an open and X.
1678 ****************************************************************************/
1680 void reply_open_and_X(struct smb_request *req)
1682 connection_struct *conn = req->conn;
1687 /* Breakout the oplock request bits so we can set the
1688 reply bits separately. */
1689 int ex_oplock_request;
1690 int core_oplock_request;
1693 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1694 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1699 SMB_STRUCT_STAT sbuf;
1703 SMB_BIG_UINT allocation_size;
1704 ssize_t retval = -1;
1707 uint32 create_disposition;
1708 uint32 create_options = 0;
1709 TALLOC_CTX *ctx = talloc_tos();
1711 START_PROFILE(SMBopenX);
1713 if (req->wct < 15) {
1714 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1715 END_PROFILE(SMBopenX);
1719 open_flags = SVAL(req->inbuf,smb_vwv2);
1720 deny_mode = SVAL(req->inbuf,smb_vwv3);
1721 smb_attr = SVAL(req->inbuf,smb_vwv5);
1722 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1723 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1724 oplock_request = ex_oplock_request | core_oplock_request;
1725 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1726 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1728 /* If it's an IPC, pass off the pipe handler. */
1730 if (lp_nt_pipe_support()) {
1731 reply_open_pipe_and_X(conn, req);
1733 reply_doserror(req, ERRSRV, ERRaccess);
1735 END_PROFILE(SMBopenX);
1739 /* XXXX we need to handle passed times, sattr and flags */
1740 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1741 smb_buf(req->inbuf), 0, STR_TERMINATE,
1743 if (!NT_STATUS_IS_OK(status)) {
1744 reply_nterror(req, status);
1745 END_PROFILE(SMBopenX);
1749 if (!map_open_params_to_ntcreate(
1750 fname, deny_mode, smb_ofun, &access_mask,
1751 &share_mode, &create_disposition, &create_options)) {
1752 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1753 END_PROFILE(SMBopenX);
1757 status = create_file(conn, /* conn */
1759 0, /* root_dir_fid */
1761 access_mask, /* access_mask */
1762 share_mode, /* share_access */
1763 create_disposition, /* create_disposition*/
1764 create_options, /* create_options */
1765 smb_attr, /* file_attributes */
1766 oplock_request, /* oplock_request */
1767 0, /* allocation_size */
1771 &smb_action, /* pinfo */
1774 if (!NT_STATUS_IS_OK(status)) {
1775 END_PROFILE(SMBopenX);
1776 if (open_was_deferred(req->mid)) {
1777 /* We have re-scheduled this call. */
1780 reply_openerror(req, status);
1784 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1785 if the file is truncated or created. */
1786 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1787 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1788 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1789 close_file(fsp,ERROR_CLOSE);
1790 reply_nterror(req, NT_STATUS_DISK_FULL);
1791 END_PROFILE(SMBopenX);
1794 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1796 close_file(fsp,ERROR_CLOSE);
1797 reply_nterror(req, NT_STATUS_DISK_FULL);
1798 END_PROFILE(SMBopenX);
1801 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1804 fattr = dos_mode(conn,fname,&sbuf);
1805 mtime = sbuf.st_mtime;
1807 close_file(fsp,ERROR_CLOSE);
1808 reply_doserror(req, ERRDOS, ERRnoaccess);
1809 END_PROFILE(SMBopenX);
1813 /* If the caller set the extended oplock request bit
1814 and we granted one (by whatever means) - set the
1815 correct bit for extended oplock reply.
1818 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1819 smb_action |= EXTENDED_OPLOCK_GRANTED;
1822 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1823 smb_action |= EXTENDED_OPLOCK_GRANTED;
1826 /* If the caller set the core oplock request bit
1827 and we granted one (by whatever means) - set the
1828 correct bit for core oplock reply.
1831 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1832 reply_outbuf(req, 19, 0);
1834 reply_outbuf(req, 15, 0);
1837 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1838 SCVAL(req->outbuf, smb_flg,
1839 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1842 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1843 SCVAL(req->outbuf, smb_flg,
1844 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1847 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1848 SSVAL(req->outbuf,smb_vwv3,fattr);
1849 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1850 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1852 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1854 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1855 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1856 SSVAL(req->outbuf,smb_vwv11,smb_action);
1858 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1859 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1862 END_PROFILE(SMBopenX);
1867 /****************************************************************************
1868 Reply to a SMBulogoffX.
1869 ****************************************************************************/
1871 void reply_ulogoffX(struct smb_request *req)
1875 START_PROFILE(SMBulogoffX);
1877 vuser = get_valid_user_struct(req->vuid);
1880 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1884 /* in user level security we are supposed to close any files
1885 open by this user */
1886 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1887 file_close_user(req->vuid);
1890 invalidate_vuid(req->vuid);
1892 reply_outbuf(req, 2, 0);
1894 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1896 END_PROFILE(SMBulogoffX);
1900 /****************************************************************************
1901 Reply to a mknew or a create.
1902 ****************************************************************************/
1904 void reply_mknew(struct smb_request *req)
1906 connection_struct *conn = req->conn;
1910 struct timespec ts[2];
1912 int oplock_request = 0;
1913 SMB_STRUCT_STAT sbuf;
1915 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1916 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1917 uint32 create_disposition;
1918 uint32 create_options = 0;
1919 TALLOC_CTX *ctx = talloc_tos();
1921 START_PROFILE(SMBcreate);
1924 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1925 END_PROFILE(SMBcreate);
1929 fattr = SVAL(req->inbuf,smb_vwv0);
1930 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1931 com = SVAL(req->inbuf,smb_com);
1933 ts[1] =convert_time_t_to_timespec(
1934 srv_make_unix_date3(req->inbuf + smb_vwv1));
1937 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1938 smb_buf(req->inbuf) + 1, 0,
1939 STR_TERMINATE, &status);
1940 if (!NT_STATUS_IS_OK(status)) {
1941 reply_nterror(req, status);
1942 END_PROFILE(SMBcreate);
1946 if (fattr & aVOLID) {
1947 DEBUG(0,("Attempt to create file (%s) with volid set - "
1948 "please report this\n", fname));
1951 if(com == SMBmknew) {
1952 /* We should fail if file exists. */
1953 create_disposition = FILE_CREATE;
1955 /* Create if file doesn't exist, truncate if it does. */
1956 create_disposition = FILE_OVERWRITE_IF;
1959 status = create_file(conn, /* conn */
1961 0, /* root_dir_fid */
1963 access_mask, /* access_mask */
1964 share_mode, /* share_access */
1965 create_disposition, /* create_disposition*/
1966 create_options, /* create_options */
1967 fattr, /* file_attributes */
1968 oplock_request, /* oplock_request */
1969 0, /* allocation_size */
1976 if (!NT_STATUS_IS_OK(status)) {
1977 END_PROFILE(SMBcreate);
1978 if (open_was_deferred(req->mid)) {
1979 /* We have re-scheduled this call. */
1982 reply_openerror(req, status);
1986 ts[0] = get_atimespec(&sbuf); /* atime. */
1987 file_ntimes(conn, fname, ts);
1989 reply_outbuf(req, 1, 0);
1990 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1992 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1993 SCVAL(req->outbuf,smb_flg,
1994 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1997 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1998 SCVAL(req->outbuf,smb_flg,
1999 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2002 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
2003 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2004 fname, fsp->fh->fd, (unsigned int)fattr ) );
2006 END_PROFILE(SMBcreate);
2010 /****************************************************************************
2011 Reply to a create temporary file.
2012 ****************************************************************************/
2014 void reply_ctemp(struct smb_request *req)
2016 connection_struct *conn = req->conn;
2022 SMB_STRUCT_STAT sbuf;
2025 TALLOC_CTX *ctx = talloc_tos();
2027 START_PROFILE(SMBctemp);
2030 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2031 END_PROFILE(SMBctemp);
2035 fattr = SVAL(req->inbuf,smb_vwv0);
2036 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2038 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2039 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2041 if (!NT_STATUS_IS_OK(status)) {
2042 reply_nterror(req, status);
2043 END_PROFILE(SMBctemp);
2047 fname = talloc_asprintf(ctx,
2051 fname = talloc_strdup(ctx, "TMXXXXXX");
2055 reply_nterror(req, NT_STATUS_NO_MEMORY);
2056 END_PROFILE(SMBctemp);
2060 status = resolve_dfspath(ctx, conn,
2061 req->flags2 & FLAGS2_DFS_PATHNAMES,
2064 if (!NT_STATUS_IS_OK(status)) {
2065 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2066 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2067 ERRSRV, ERRbadpath);
2068 END_PROFILE(SMBctemp);
2071 reply_nterror(req, status);
2072 END_PROFILE(SMBctemp);
2076 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2077 if (!NT_STATUS_IS_OK(status)) {
2078 reply_nterror(req, status);
2079 END_PROFILE(SMBctemp);
2083 status = check_name(conn, CONST_DISCARD(char *,fname));
2084 if (!NT_STATUS_IS_OK(status)) {
2085 reply_nterror(req, status);
2086 END_PROFILE(SMBctemp);
2090 tmpfd = smb_mkstemp(fname);
2092 reply_unixerror(req, ERRDOS, ERRnoaccess);
2093 END_PROFILE(SMBctemp);
2097 SMB_VFS_STAT(conn,fname,&sbuf);
2099 /* We should fail if file does not exist. */
2100 status = open_file_ntcreate(conn, req, fname, &sbuf,
2101 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2102 FILE_SHARE_READ|FILE_SHARE_WRITE,
2109 /* close fd from smb_mkstemp() */
2112 if (!NT_STATUS_IS_OK(status)) {
2113 if (open_was_deferred(req->mid)) {
2114 /* We have re-scheduled this call. */
2115 END_PROFILE(SMBctemp);
2118 reply_openerror(req, status);
2119 END_PROFILE(SMBctemp);
2123 reply_outbuf(req, 1, 0);
2124 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2126 /* the returned filename is relative to the directory */
2127 s = strrchr_m(fname, '/');
2135 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2136 thing in the byte section. JRA */
2137 SSVALS(p, 0, -1); /* what is this? not in spec */
2139 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2141 reply_nterror(req, NT_STATUS_NO_MEMORY);
2142 END_PROFILE(SMBctemp);
2146 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2147 SCVAL(req->outbuf, smb_flg,
2148 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2151 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2152 SCVAL(req->outbuf, smb_flg,
2153 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2156 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2157 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2158 (unsigned int)sbuf.st_mode ) );
2160 END_PROFILE(SMBctemp);
2164 /*******************************************************************
2165 Check if a user is allowed to rename a file.
2166 ********************************************************************/
2168 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2169 uint16 dirtype, SMB_STRUCT_STAT *pst)
2173 if (!CAN_WRITE(conn)) {
2174 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2177 fmode = dos_mode(conn, fsp->fsp_name, pst);
2178 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2179 return NT_STATUS_NO_SUCH_FILE;
2182 if (S_ISDIR(pst->st_mode)) {
2183 return NT_STATUS_OK;
2186 if (fsp->access_mask & DELETE_ACCESS) {
2187 return NT_STATUS_OK;
2190 return NT_STATUS_ACCESS_DENIED;
2193 /*******************************************************************
2194 * unlink a file with all relevant access checks
2195 *******************************************************************/
2197 static NTSTATUS do_unlink(connection_struct *conn,
2198 struct smb_request *req,
2202 SMB_STRUCT_STAT sbuf;
2205 uint32 dirtype_orig = dirtype;
2208 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2210 if (!CAN_WRITE(conn)) {
2211 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2214 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2215 return map_nt_error_from_unix(errno);
2218 fattr = dos_mode(conn,fname,&sbuf);
2220 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2221 dirtype = aDIR|aARCH|aRONLY;
2224 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2226 return NT_STATUS_NO_SUCH_FILE;
2229 if (!dir_check_ftype(conn, fattr, dirtype)) {
2231 return NT_STATUS_FILE_IS_A_DIRECTORY;
2233 return NT_STATUS_NO_SUCH_FILE;
2236 if (dirtype_orig & 0x8000) {
2237 /* These will never be set for POSIX. */
2238 return NT_STATUS_NO_SUCH_FILE;
2242 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2243 return NT_STATUS_FILE_IS_A_DIRECTORY;
2246 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2247 return NT_STATUS_NO_SUCH_FILE;
2250 if (dirtype & 0xFF00) {
2251 /* These will never be set for POSIX. */
2252 return NT_STATUS_NO_SUCH_FILE;
2257 return NT_STATUS_NO_SUCH_FILE;
2260 /* Can't delete a directory. */
2262 return NT_STATUS_FILE_IS_A_DIRECTORY;
2267 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2268 return NT_STATUS_OBJECT_NAME_INVALID;
2269 #endif /* JRATEST */
2271 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2273 On a Windows share, a file with read-only dosmode can be opened with
2274 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2275 fails with NT_STATUS_CANNOT_DELETE error.
2277 This semantic causes a problem that a user can not
2278 rename a file with read-only dosmode on a Samba share
2279 from a Windows command prompt (i.e. cmd.exe, but can rename
2280 from Windows Explorer).
2283 if (!lp_delete_readonly(SNUM(conn))) {
2284 if (fattr & aRONLY) {
2285 return NT_STATUS_CANNOT_DELETE;
2289 /* On open checks the open itself will check the share mode, so
2290 don't do it here as we'll get it wrong. */
2292 status = open_file_ntcreate(conn, req, fname, &sbuf,
2297 FILE_ATTRIBUTE_NORMAL,
2298 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2301 if (!NT_STATUS_IS_OK(status)) {
2302 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2303 nt_errstr(status)));
2307 /* The set is across all open files on this dev/inode pair. */
2308 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2309 close_file(fsp, NORMAL_CLOSE);
2310 return NT_STATUS_ACCESS_DENIED;
2313 return close_file(fsp,NORMAL_CLOSE);
2316 /****************************************************************************
2317 The guts of the unlink command, split out so it may be called by the NT SMB
2319 ****************************************************************************/
2321 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2322 uint32 dirtype, const char *name_in, bool has_wild)
2324 const char *directory = NULL;
2329 NTSTATUS status = NT_STATUS_OK;
2330 SMB_STRUCT_STAT sbuf;
2331 TALLOC_CTX *ctx = talloc_tos();
2333 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2334 if (!NT_STATUS_IS_OK(status)) {
2338 p = strrchr_m(name,'/');
2340 directory = talloc_strdup(ctx, ".");
2342 return NT_STATUS_NO_MEMORY;
2352 * We should only check the mangled cache
2353 * here if unix_convert failed. This means
2354 * that the path in 'mask' doesn't exist
2355 * on the file system and so we need to look
2356 * for a possible mangle. This patch from
2357 * Tine Smukavec <valentin.smukavec@hermes.si>.
2360 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2361 char *new_mask = NULL;
2362 mangle_lookup_name_from_8_3(ctx,
2372 directory = talloc_asprintf(ctx,
2377 return NT_STATUS_NO_MEMORY;
2380 dirtype = FILE_ATTRIBUTE_NORMAL;
2383 status = check_name(conn, directory);
2384 if (!NT_STATUS_IS_OK(status)) {
2388 status = do_unlink(conn, req, directory, dirtype);
2389 if (!NT_STATUS_IS_OK(status)) {
2395 struct smb_Dir *dir_hnd = NULL;
2399 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2400 return NT_STATUS_OBJECT_NAME_INVALID;
2403 if (strequal(mask,"????????.???")) {
2408 status = check_name(conn, directory);
2409 if (!NT_STATUS_IS_OK(status)) {
2413 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2414 if (dir_hnd == NULL) {
2415 return map_nt_error_from_unix(errno);
2418 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2419 the pattern matches against the long name, otherwise the short name
2420 We don't implement this yet XXXX
2423 status = NT_STATUS_NO_SUCH_FILE;
2425 while ((dname = ReadDirName(dir_hnd, &offset))) {
2429 if (!is_visible_file(conn, directory, dname, &st, True)) {
2433 /* Quick check for "." and ".." */
2434 if (ISDOT(dname) || ISDOTDOT(dname)) {
2438 if(!mask_match(dname, mask, conn->case_sensitive)) {
2442 fname = talloc_asprintf(ctx, "%s/%s",
2446 return NT_STATUS_NO_MEMORY;
2449 status = check_name(conn, fname);
2450 if (!NT_STATUS_IS_OK(status)) {
2455 status = do_unlink(conn, req, fname, dirtype);
2456 if (!NT_STATUS_IS_OK(status)) {
2462 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2470 if (count == 0 && NT_STATUS_IS_OK(status)) {
2471 status = map_nt_error_from_unix(errno);
2477 /****************************************************************************
2479 ****************************************************************************/
2481 void reply_unlink(struct smb_request *req)
2483 connection_struct *conn = req->conn;
2487 bool path_contains_wcard = False;
2488 TALLOC_CTX *ctx = talloc_tos();
2490 START_PROFILE(SMBunlink);
2493 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2494 END_PROFILE(SMBunlink);
2498 dirtype = SVAL(req->inbuf,smb_vwv0);
2500 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2501 smb_buf(req->inbuf) + 1, 0,
2502 STR_TERMINATE, &status, &path_contains_wcard);
2503 if (!NT_STATUS_IS_OK(status)) {
2504 reply_nterror(req, status);
2505 END_PROFILE(SMBunlink);
2509 status = resolve_dfspath_wcard(ctx, conn,
2510 req->flags2 & FLAGS2_DFS_PATHNAMES,
2513 &path_contains_wcard);
2514 if (!NT_STATUS_IS_OK(status)) {
2515 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2516 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2517 ERRSRV, ERRbadpath);
2518 END_PROFILE(SMBunlink);
2521 reply_nterror(req, status);
2522 END_PROFILE(SMBunlink);
2526 DEBUG(3,("reply_unlink : %s\n",name));
2528 status = unlink_internals(conn, req, dirtype, name,
2529 path_contains_wcard);
2530 if (!NT_STATUS_IS_OK(status)) {
2531 if (open_was_deferred(req->mid)) {
2532 /* We have re-scheduled this call. */
2533 END_PROFILE(SMBunlink);
2536 reply_nterror(req, status);
2537 END_PROFILE(SMBunlink);
2541 reply_outbuf(req, 0, 0);
2542 END_PROFILE(SMBunlink);
2547 /****************************************************************************
2549 ****************************************************************************/
2551 static void fail_readraw(void)
2553 const char *errstr = talloc_asprintf(talloc_tos(),
2554 "FAIL ! reply_readbraw: socket write fail (%s)",
2559 exit_server_cleanly(errstr);
2562 /****************************************************************************
2563 Fake (read/write) sendfile. Returns -1 on read or write fail.
2564 ****************************************************************************/
2566 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2570 size_t tosend = nread;
2577 bufsize = MIN(nread, 65536);
2579 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2583 while (tosend > 0) {
2587 if (tosend > bufsize) {
2592 ret = read_file(fsp,buf,startpos,cur_read);
2598 /* If we had a short read, fill with zeros. */
2599 if (ret < cur_read) {
2600 memset(buf, '\0', cur_read - ret);
2603 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2608 startpos += cur_read;
2612 return (ssize_t)nread;
2615 /****************************************************************************
2616 Return a readbraw error (4 bytes of zero).
2617 ****************************************************************************/
2619 static void reply_readbraw_error(void)
2623 if (write_data(smbd_server_fd(),header,4) != 4) {
2628 /****************************************************************************
2629 Use sendfile in readbraw.
2630 ****************************************************************************/
2632 void send_file_readbraw(connection_struct *conn,
2638 char *outbuf = NULL;
2641 #if defined(WITH_SENDFILE)
2643 * We can only use sendfile on a non-chained packet
2644 * but we can use on a non-oplocked file. tridge proved this
2645 * on a train in Germany :-). JRA.
2646 * reply_readbraw has already checked the length.
2649 if ( (chain_size == 0) && (nread > 0) &&
2650 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2652 DATA_BLOB header_blob;
2654 _smb_setlen(header,nread);
2655 header_blob = data_blob_const(header, 4);
2657 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2658 &header_blob, startpos, nread) == -1) {
2659 /* Returning ENOSYS means no data at all was sent.
2660 * Do this as a normal read. */
2661 if (errno == ENOSYS) {
2662 goto normal_readbraw;
2666 * Special hack for broken Linux with no working sendfile. If we
2667 * return EINTR we sent the header but not the rest of the data.
2668 * Fake this up by doing read/write calls.
2670 if (errno == EINTR) {
2671 /* Ensure we don't do this again. */
2672 set_use_sendfile(SNUM(conn), False);
2673 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2675 if (fake_sendfile(fsp, startpos, nread) == -1) {
2676 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2677 fsp->fsp_name, strerror(errno) ));
2678 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2683 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2684 fsp->fsp_name, strerror(errno) ));
2685 exit_server_cleanly("send_file_readbraw sendfile failed");
2694 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2696 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2697 (unsigned)(nread+4)));
2698 reply_readbraw_error();
2703 ret = read_file(fsp,outbuf+4,startpos,nread);
2704 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2713 _smb_setlen(outbuf,ret);
2714 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2717 TALLOC_FREE(outbuf);
2720 /****************************************************************************
2721 Reply to a readbraw (core+ protocol).
2722 ****************************************************************************/
2724 void reply_readbraw(struct smb_request *req)
2726 connection_struct *conn = req->conn;
2727 ssize_t maxcount,mincount;
2734 START_PROFILE(SMBreadbraw);
2736 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2737 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2738 "raw reads/writes are disallowed.");
2742 reply_readbraw_error();
2743 END_PROFILE(SMBreadbraw);
2748 * Special check if an oplock break has been issued
2749 * and the readraw request croses on the wire, we must
2750 * return a zero length response here.
2753 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2756 * We have to do a check_fsp by hand here, as
2757 * we must always return 4 zero bytes on error,
2761 if (!fsp || !conn || conn != fsp->conn ||
2762 current_user.vuid != fsp->vuid ||
2763 fsp->is_directory || fsp->fh->fd == -1) {
2765 * fsp could be NULL here so use the value from the packet. JRA.
2767 DEBUG(3,("reply_readbraw: fnum %d not valid "
2769 (int)SVAL(req->inbuf,smb_vwv0)));
2770 reply_readbraw_error();
2771 END_PROFILE(SMBreadbraw);
2775 /* Do a "by hand" version of CHECK_READ. */
2776 if (!(fsp->can_read ||
2777 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2778 (fsp->access_mask & FILE_EXECUTE)))) {
2779 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2780 (int)SVAL(req->inbuf,smb_vwv0)));
2781 reply_readbraw_error();
2782 END_PROFILE(SMBreadbraw);
2786 flush_write_cache(fsp, READRAW_FLUSH);
2788 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2789 if(req->wct == 10) {
2791 * This is a large offset (64 bit) read.
2793 #ifdef LARGE_SMB_OFF_T
2795 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2797 #else /* !LARGE_SMB_OFF_T */
2800 * Ensure we haven't been sent a >32 bit offset.
2803 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2804 DEBUG(0,("reply_readbraw: large offset "
2805 "(%x << 32) used and we don't support "
2806 "64 bit offsets.\n",
2807 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2808 reply_readbraw_error();
2809 END_PROFILE(SMBreadbraw);
2813 #endif /* LARGE_SMB_OFF_T */
2816 DEBUG(0,("reply_readbraw: negative 64 bit "
2817 "readraw offset (%.0f) !\n",
2818 (double)startpos ));
2819 reply_readbraw_error();
2820 END_PROFILE(SMBreadbraw);
2825 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2826 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2828 /* ensure we don't overrun the packet size */
2829 maxcount = MIN(65535,maxcount);
2831 if (is_locked(fsp,(uint32)req->smbpid,
2832 (SMB_BIG_UINT)maxcount,
2833 (SMB_BIG_UINT)startpos,
2835 reply_readbraw_error();
2836 END_PROFILE(SMBreadbraw);
2840 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2844 if (startpos >= size) {
2847 nread = MIN(maxcount,(size - startpos));
2850 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2851 if (nread < mincount)
2855 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2856 "min=%lu nread=%lu\n",
2857 fsp->fnum, (double)startpos,
2858 (unsigned long)maxcount,
2859 (unsigned long)mincount,
2860 (unsigned long)nread ) );
2862 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2864 DEBUG(5,("reply_readbraw finished\n"));
2865 END_PROFILE(SMBreadbraw);
2869 #define DBGC_CLASS DBGC_LOCKING
2871 /****************************************************************************
2872 Reply to a lockread (core+ protocol).
2873 ****************************************************************************/
2875 void reply_lockread(struct smb_request *req)
2877 connection_struct *conn = req->conn;
2884 struct byte_range_lock *br_lck = NULL;
2887 START_PROFILE(SMBlockread);
2890 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2891 END_PROFILE(SMBlockread);
2895 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2897 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2898 END_PROFILE(SMBlockread);
2902 if (!CHECK_READ(fsp,req->inbuf)) {
2903 reply_doserror(req, ERRDOS, ERRbadaccess);
2904 END_PROFILE(SMBlockread);
2908 release_level_2_oplocks_on_change(fsp);
2910 numtoread = SVAL(req->inbuf,smb_vwv1);
2911 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2913 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2915 reply_outbuf(req, 5, numtoread + 3);
2917 data = smb_buf(req->outbuf) + 3;
2920 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2921 * protocol request that predates the read/write lock concept.
2922 * Thus instead of asking for a read lock here we need to ask
2923 * for a write lock. JRA.
2924 * Note that the requested lock size is unaffected by max_recv.
2927 br_lck = do_lock(smbd_messaging_context(),
2930 (SMB_BIG_UINT)numtoread,
2931 (SMB_BIG_UINT)startpos,
2934 False, /* Non-blocking lock. */
2937 TALLOC_FREE(br_lck);
2939 if (NT_STATUS_V(status)) {
2940 reply_nterror(req, status);
2941 END_PROFILE(SMBlockread);
2946 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2949 if (numtoread > max_recv) {
2950 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2951 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2952 (unsigned int)numtoread, (unsigned int)max_recv ));
2953 numtoread = MIN(numtoread,max_recv);
2955 nread = read_file(fsp,data,startpos,numtoread);
2958 reply_unixerror(req, ERRDOS, ERRnoaccess);
2959 END_PROFILE(SMBlockread);
2963 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2965 SSVAL(req->outbuf,smb_vwv0,nread);
2966 SSVAL(req->outbuf,smb_vwv5,nread+3);
2967 p = smb_buf(req->outbuf);
2968 SCVAL(p,0,0); /* pad byte. */
2971 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2972 fsp->fnum, (int)numtoread, (int)nread));
2974 END_PROFILE(SMBlockread);
2979 #define DBGC_CLASS DBGC_ALL
2981 /****************************************************************************
2983 ****************************************************************************/
2985 void reply_read(struct smb_request *req)
2987 connection_struct *conn = req->conn;
2995 START_PROFILE(SMBread);
2998 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2999 END_PROFILE(SMBread);
3003 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3005 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3006 END_PROFILE(SMBread);
3010 if (!CHECK_READ(fsp,req->inbuf)) {
3011 reply_doserror(req, ERRDOS, ERRbadaccess);
3012 END_PROFILE(SMBread);
3016 numtoread = SVAL(req->inbuf,smb_vwv1);
3017 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3019 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3022 * The requested read size cannot be greater than max_recv. JRA.
3024 if (numtoread > max_recv) {
3025 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3026 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3027 (unsigned int)numtoread, (unsigned int)max_recv ));
3028 numtoread = MIN(numtoread,max_recv);
3031 reply_outbuf(req, 5, numtoread+3);
3033 data = smb_buf(req->outbuf) + 3;
3035 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3036 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3037 reply_doserror(req, ERRDOS,ERRlock);
3038 END_PROFILE(SMBread);
3043 nread = read_file(fsp,data,startpos,numtoread);
3046 reply_unixerror(req, ERRDOS,ERRnoaccess);
3047 END_PROFILE(SMBread);
3051 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3053 SSVAL(req->outbuf,smb_vwv0,nread);
3054 SSVAL(req->outbuf,smb_vwv5,nread+3);
3055 SCVAL(smb_buf(req->outbuf),0,1);
3056 SSVAL(smb_buf(req->outbuf),1,nread);
3058 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3059 fsp->fnum, (int)numtoread, (int)nread ) );
3061 END_PROFILE(SMBread);
3065 /****************************************************************************
3067 ****************************************************************************/
3069 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3074 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3075 data = smb_buf(outbuf);
3077 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3079 SCVAL(outbuf,smb_vwv0,0xFF);
3080 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3081 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3082 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3083 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3084 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3085 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3086 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3090 /****************************************************************************
3091 Reply to a read and X - possibly using sendfile.
3092 ****************************************************************************/
3094 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3095 files_struct *fsp, SMB_OFF_T startpos,
3098 SMB_STRUCT_STAT sbuf;
3101 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3102 reply_unixerror(req, ERRDOS, ERRnoaccess);
3106 if (startpos > sbuf.st_size) {
3108 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3109 smb_maxcnt = (sbuf.st_size - startpos);
3112 if (smb_maxcnt == 0) {
3116 #if defined(WITH_SENDFILE)
3118 * We can only use sendfile on a non-chained packet
3119 * but we can use on a non-oplocked file. tridge proved this
3120 * on a train in Germany :-). JRA.
3123 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3124 !is_encrypted_packet(req->inbuf) &&
3125 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3126 uint8 headerbuf[smb_size + 12 * 2];
3130 * Set up the packet header before send. We
3131 * assume here the sendfile will work (get the
3132 * correct amount of data).
3135 header = data_blob_const(headerbuf, sizeof(headerbuf));
3137 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3138 setup_readX_header((char *)headerbuf, smb_maxcnt);
3140 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3141 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3142 if (errno == ENOSYS) {
3147 * Special hack for broken Linux with no working sendfile. If we
3148 * return EINTR we sent the header but not the rest of the data.
3149 * Fake this up by doing read/write calls.
3152 if (errno == EINTR) {
3153 /* Ensure we don't do this again. */
3154 set_use_sendfile(SNUM(conn), False);
3155 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3156 nread = fake_sendfile(fsp, startpos,
3159 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3160 fsp->fsp_name, strerror(errno) ));
3161 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3163 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3164 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3165 /* No outbuf here means successful sendfile. */
3166 TALLOC_FREE(req->outbuf);
3170 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3171 fsp->fsp_name, strerror(errno) ));
3172 exit_server_cleanly("send_file_readX sendfile failed");
3175 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3176 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3177 /* No outbuf here means successful sendfile. */
3178 TALLOC_FREE(req->outbuf);
3185 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3186 uint8 headerbuf[smb_size + 2*12];
3188 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3189 setup_readX_header((char *)headerbuf, smb_maxcnt);
3191 /* Send out the header. */
3192 if (write_data(smbd_server_fd(), (char *)headerbuf,
3193 sizeof(headerbuf)) != sizeof(headerbuf)) {
3194 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3195 fsp->fsp_name, strerror(errno) ));
3196 exit_server_cleanly("send_file_readX sendfile failed");
3198 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3200 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3201 fsp->fsp_name, strerror(errno) ));
3202 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3204 TALLOC_FREE(req->outbuf);
3207 reply_outbuf(req, 12, smb_maxcnt);
3209 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3212 reply_unixerror(req, ERRDOS, ERRnoaccess);
3216 setup_readX_header((char *)req->outbuf, nread);
3218 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3219 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3227 /****************************************************************************
3228 Reply to a read and X.
3229 ****************************************************************************/
3231 void reply_read_and_X(struct smb_request *req)
3233 connection_struct *conn = req->conn;
3237 bool big_readX = False;
3239 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3242 START_PROFILE(SMBreadX);
3244 if ((req->wct != 10) && (req->wct != 12)) {
3245 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3249 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3250 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3251 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3253 /* If it's an IPC, pass off the pipe handler. */
3255 reply_pipe_read_and_X(req);
3256 END_PROFILE(SMBreadX);
3260 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3261 END_PROFILE(SMBreadX);
3265 if (!CHECK_READ(fsp,req->inbuf)) {
3266 reply_doserror(req, ERRDOS,ERRbadaccess);
3267 END_PROFILE(SMBreadX);
3271 if (global_client_caps & CAP_LARGE_READX) {
3272 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3273 smb_maxcnt |= (upper_size<<16);
3274 if (upper_size > 1) {
3275 /* Can't do this on a chained packet. */
3276 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3277 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3278 END_PROFILE(SMBreadX);
3281 /* We currently don't do this on signed or sealed data. */
3282 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3283 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3284 END_PROFILE(SMBreadX);
3287 /* Is there room in the reply for this data ? */
3288 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3290 NT_STATUS_INVALID_PARAMETER);
3291 END_PROFILE(SMBreadX);
3298 if (req->wct == 12) {
3299 #ifdef LARGE_SMB_OFF_T
3301 * This is a large offset (64 bit) read.
3303 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3305 #else /* !LARGE_SMB_OFF_T */
3308 * Ensure we haven't been sent a >32 bit offset.
3311 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3312 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3313 "used and we don't support 64 bit offsets.\n",
3314 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3315 END_PROFILE(SMBreadX);
3316 reply_doserror(req, ERRDOS, ERRbadaccess);
3320 #endif /* LARGE_SMB_OFF_T */
3324 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3325 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3326 END_PROFILE(SMBreadX);
3327 reply_doserror(req, ERRDOS, ERRlock);
3332 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3333 END_PROFILE(SMBreadX);
3337 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3339 END_PROFILE(SMBreadX);
3343 /****************************************************************************
3344 Error replies to writebraw must have smb_wct == 1. Fix this up.
3345 ****************************************************************************/
3347 void error_to_writebrawerr(struct smb_request *req)
3349 uint8 *old_outbuf = req->outbuf;
3351 reply_outbuf(req, 1, 0);
3353 memcpy(req->outbuf, old_outbuf, smb_size);
3354 TALLOC_FREE(old_outbuf);
3357 /****************************************************************************
3358 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3359 ****************************************************************************/
3361 void reply_writebraw(struct smb_request *req)
3363 connection_struct *conn = req->conn;
3367 ssize_t total_written=0;
3368 size_t numtowrite=0;
3376 START_PROFILE(SMBwritebraw);
3379 * If we ever reply with an error, it must have the SMB command
3380 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3383 SCVAL(req->inbuf,smb_com,SMBwritec);
3385 if (srv_is_signing_active()) {
3386 END_PROFILE(SMBwritebraw);
3387 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3388 "raw reads/writes are disallowed.");
3391 if (req->wct < 12) {
3392 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3393 error_to_writebrawerr(req);
3394 END_PROFILE(SMBwritebraw);
3398 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3399 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3400 error_to_writebrawerr(req);
3401 END_PROFILE(SMBwritebraw);
3405 if (!CHECK_WRITE(fsp)) {
3406 reply_doserror(req, ERRDOS, ERRbadaccess);
3407 error_to_writebrawerr(req);
3408 END_PROFILE(SMBwritebraw);
3412 tcount = IVAL(req->inbuf,smb_vwv1);
3413 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3414 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3416 /* We have to deal with slightly different formats depending
3417 on whether we are using the core+ or lanman1.0 protocol */
3419 if(Protocol <= PROTOCOL_COREPLUS) {
3420 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3421 data = smb_buf(req->inbuf);
3423 numtowrite = SVAL(req->inbuf,smb_vwv10);
3424 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3427 /* Ensure we don't write bytes past the end of this packet. */
3428 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3429 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3430 error_to_writebrawerr(req);
3431 END_PROFILE(SMBwritebraw);
3435 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3436 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3437 reply_doserror(req, ERRDOS, ERRlock);
3438 error_to_writebrawerr(req);
3439 END_PROFILE(SMBwritebraw);
3444 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3447 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3448 "wrote=%d sync=%d\n",
3449 fsp->fnum, (double)startpos, (int)numtowrite,
3450 (int)nwritten, (int)write_through));
3452 if (nwritten < (ssize_t)numtowrite) {
3453 reply_unixerror(req, ERRHRD, ERRdiskfull);
3454 error_to_writebrawerr(req);
3455 END_PROFILE(SMBwritebraw);
3459 total_written = nwritten;
3461 /* Allocate a buffer of 64k + length. */
3462 buf = TALLOC_ARRAY(NULL, char, 65540);
3464 reply_doserror(req, ERRDOS, ERRnomem);
3465 error_to_writebrawerr(req);
3466 END_PROFILE(SMBwritebraw);
3470 /* Return a SMBwritebraw message to the redirector to tell
3471 * it to send more bytes */
3473 memcpy(buf, req->inbuf, smb_size);
3474 outsize = srv_set_message(buf,
3475 Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3476 SCVAL(buf,smb_com,SMBwritebraw);
3477 SSVALS(buf,smb_vwv0,0xFFFF);
3479 if (!srv_send_smb(smbd_server_fd(),
3481 IS_CONN_ENCRYPTED(conn))) {
3482 exit_server_cleanly("reply_writebraw: srv_send_smb "
3486 /* Now read the raw data into the buffer and write it */
3487 if (read_smb_length(smbd_server_fd(),buf,
3488 SMB_SECONDARY_WAIT, get_srv_read_error()) == -1) {
3489 exit_server_cleanly("secondary writebraw failed");
3493 * Even though this is not an smb message,
3494 * smb_len returns the generic length of a packet.
3497 numtowrite = smb_len(buf);
3499 /* Set up outbuf to return the correct size */
3500 reply_outbuf(req, 1, 0);
3502 if (numtowrite != 0) {
3504 if (numtowrite > 0xFFFF) {
3505 DEBUG(0,("reply_writebraw: Oversize secondary write "
3506 "raw requested (%u). Terminating\n",
3507 (unsigned int)numtowrite ));
3508 exit_server_cleanly("secondary writebraw failed");
3511 if (tcount > nwritten+numtowrite) {
3512 DEBUG(3,("reply_writebraw: Client overestimated the "
3514 (int)tcount,(int)nwritten,(int)numtowrite));
3517 if (read_data(smbd_server_fd(), buf+4, numtowrite,get_srv_read_error())
3519 DEBUG(0,("reply_writebraw: Oversize secondary write "
3520 "raw read failed (%s). Terminating\n",
3522 exit_server_cleanly("secondary writebraw failed");
3525 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3526 if (nwritten == -1) {
3528 reply_unixerror(req, ERRHRD, ERRdiskfull);
3529 error_to_writebrawerr(req);
3530 END_PROFILE(SMBwritebraw);
3534 if (nwritten < (ssize_t)numtowrite) {
3535 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3536 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3540 total_written += nwritten;
3545 SSVAL(req->outbuf,smb_vwv0,total_written);
3547 status = sync_file(conn, fsp, write_through);
3548 if (!NT_STATUS_IS_OK(status)) {
3549 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3550 fsp->fsp_name, nt_errstr(status) ));
3551 reply_nterror(req, status);
3552 error_to_writebrawerr(req);
3553 END_PROFILE(SMBwritebraw);
3557 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3559 fsp->fnum, (double)startpos, (int)numtowrite,
3560 (int)total_written));
3562 /* We won't return a status if write through is not selected - this
3563 * follows what WfWg does */
3564 END_PROFILE(SMBwritebraw);
3566 if (!write_through && total_written==tcount) {
3568 #if RABBIT_PELLET_FIX
3570 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3571 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3574 if (!send_keepalive(smbd_server_fd())) {
3575 exit_server_cleanly("reply_writebraw: send of "
3576 "keepalive failed");
3579 TALLOC_FREE(req->outbuf);
3585 #define DBGC_CLASS DBGC_LOCKING
3587 /****************************************************************************
3588 Reply to a writeunlock (core+).
3589 ****************************************************************************/
3591 void reply_writeunlock(struct smb_request *req)
3593 connection_struct *conn = req->conn;
3594 ssize_t nwritten = -1;
3598 NTSTATUS status = NT_STATUS_OK;
3601 START_PROFILE(SMBwriteunlock);
3604 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3605 END_PROFILE(SMBwriteunlock);
3609 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3611 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3612 END_PROFILE(SMBwriteunlock);
3616 if (!CHECK_WRITE(fsp)) {
3617 reply_doserror(req, ERRDOS,ERRbadaccess);
3618 END_PROFILE(SMBwriteunlock);
3622 numtowrite = SVAL(req->inbuf,smb_vwv1);
3623 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3624 data = smb_buf(req->inbuf) + 3;
3627 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3628 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3629 reply_doserror(req, ERRDOS, ERRlock);
3630 END_PROFILE(SMBwriteunlock);
3634 /* The special X/Open SMB protocol handling of
3635 zero length writes is *NOT* done for
3637 if(numtowrite == 0) {
3640 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3643 status = sync_file(conn, fsp, False /* write through */);
3644 if (!NT_STATUS_IS_OK(status)) {
3645 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3646 fsp->fsp_name, nt_errstr(status) ));
3647 reply_nterror(req, status);
3648 END_PROFILE(SMBwriteunlock);
3652 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3653 reply_unixerror(req, ERRHRD, ERRdiskfull);
3654 END_PROFILE(SMBwriteunlock);
3659 status = do_unlock(smbd_messaging_context(),
3662 (SMB_BIG_UINT)numtowrite,
3663 (SMB_BIG_UINT)startpos,
3666 if (NT_STATUS_V(status)) {
3667 reply_nterror(req, status);
3668 END_PROFILE(SMBwriteunlock);
3673 reply_outbuf(req, 1, 0);
3675 SSVAL(req->outbuf,smb_vwv0,nwritten);
3677 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3678 fsp->fnum, (int)numtowrite, (int)nwritten));
3680 END_PROFILE(SMBwriteunlock);
3685 #define DBGC_CLASS DBGC_ALL
3687 /****************************************************************************
3689 ****************************************************************************/
3691 void reply_write(struct smb_request *req)
3693 connection_struct *conn = req->conn;
3695 ssize_t nwritten = -1;
3701 START_PROFILE(SMBwrite);
3704 END_PROFILE(SMBwrite);
3705 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3709 /* If it's an IPC, pass off the pipe handler. */
3711 reply_pipe_write(req);
3712 END_PROFILE(SMBwrite);
3716 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3718 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3719 END_PROFILE(SMBwrite);
3723 if (!CHECK_WRITE(fsp)) {
3724 reply_doserror(req, ERRDOS, ERRbadaccess);
3725 END_PROFILE(SMBwrite);
3729 numtowrite = SVAL(req->inbuf,smb_vwv1);
3730 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3731 data = smb_buf(req->inbuf) + 3;
3733 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3734 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3735 reply_doserror(req, ERRDOS, ERRlock);
3736 END_PROFILE(SMBwrite);
3741 * X/Open SMB protocol says that if smb_vwv1 is
3742 * zero then the file size should be extended or
3743 * truncated to the size given in smb_vwv[2-3].
3746 if(numtowrite == 0) {
3748 * This is actually an allocate call, and set EOF. JRA.
3750 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3752 reply_nterror(req, NT_STATUS_DISK_FULL);
3753 END_PROFILE(SMBwrite);
3756 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3758 reply_nterror(req, NT_STATUS_DISK_FULL);
3759 END_PROFILE(SMBwrite);
3763 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3765 status = sync_file(conn, fsp, False);
3766 if (!NT_STATUS_IS_OK(status)) {
3767 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3768 fsp->fsp_name, nt_errstr(status) ));
3769 reply_nterror(req, status);
3770 END_PROFILE(SMBwrite);
3774 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3775 reply_unixerror(req, ERRHRD, ERRdiskfull);
3776 END_PROFILE(SMBwrite);
3780 reply_outbuf(req, 1, 0);
3782 SSVAL(req->outbuf,smb_vwv0,nwritten);
3784 if (nwritten < (ssize_t)numtowrite) {
3785 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3786 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3789 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3791 END_PROFILE(SMBwrite);
3795 /****************************************************************************
3796 Ensure a buffer is a valid writeX for recvfile purposes.
3797 ****************************************************************************/
3799 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3800 (2*14) + /* word count (including bcc) */ \
3803 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3806 connection_struct *conn = NULL;
3807 unsigned int doff = 0;
3808 size_t len = smb_len_large(inbuf);
3810 if (is_encrypted_packet(inbuf)) {
3811 /* Can't do this on encrypted
3816 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3820 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3821 CVAL(inbuf,smb_wct) != 14) {
3822 DEBUG(10,("is_valid_writeX_buffer: chained or "
3823 "invalid word length.\n"));
3827 conn = conn_find(SVAL(inbuf, smb_tid));
3829 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3833 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3836 doff = SVAL(inbuf,smb_vwv11);
3838 numtowrite = SVAL(inbuf,smb_vwv10);
3840 if (len > doff && len - doff > 0xFFFF) {
3841 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3844 if (numtowrite == 0) {
3845 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3849 /* Ensure the sizes match up. */
3850 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3851 /* no pad byte...old smbclient :-( */
3852 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3854 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3858 if (len - doff != numtowrite) {
3859 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3860 "len = %u, doff = %u, numtowrite = %u\n",
3863 (unsigned int)numtowrite ));
3867 DEBUG(10,("is_valid_writeX_buffer: true "
3868 "len = %u, doff = %u, numtowrite = %u\n",
3871 (unsigned int)numtowrite ));
3876 /****************************************************************************
3877 Reply to a write and X.
3878 ****************************************************************************/
3880 void reply_write_and_X(struct smb_request *req)
3882 connection_struct *conn = req->conn;
3888 unsigned int smb_doff;
3889 unsigned int smblen;
3893 START_PROFILE(SMBwriteX);
3895 if ((req->wct != 12) && (req->wct != 14)) {
3896 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3897 END_PROFILE(SMBwriteX);
3901 numtowrite = SVAL(req->inbuf,smb_vwv10);
3902 smb_doff = SVAL(req->inbuf,smb_vwv11);
3903 smblen = smb_len(req->inbuf);
3905 if (req->unread_bytes > 0xFFFF ||
3906 (smblen > smb_doff &&
3907 smblen - smb_doff > 0xFFFF)) {
3908 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3911 if (req->unread_bytes) {
3912 /* Can't do a recvfile write on IPC$ */
3914 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3915 END_PROFILE(SMBwriteX);
3918 if (numtowrite != req->unread_bytes) {
3919 reply_doserror(req, ERRDOS, ERRbadmem);
3920 END_PROFILE(SMBwriteX);
3924 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3925 smb_doff + numtowrite > smblen) {
3926 reply_doserror(req, ERRDOS, ERRbadmem);
3927 END_PROFILE(SMBwriteX);
3932 /* If it's an IPC, pass off the pipe handler. */
3934 if (req->unread_bytes) {
3935 reply_doserror(req, ERRDOS, ERRbadmem);
3936 END_PROFILE(SMBwriteX);
3939 reply_pipe_write_and_X(req);
3940 END_PROFILE(SMBwriteX);
3944 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3945 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3946 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3948 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3949 END_PROFILE(SMBwriteX);
3953 if (!CHECK_WRITE(fsp)) {
3954 reply_doserror(req, ERRDOS, ERRbadaccess);
3955 END_PROFILE(SMBwriteX);
3959 data = smb_base(req->inbuf) + smb_doff;
3961 if(req->wct == 14) {
3962 #ifdef LARGE_SMB_OFF_T
3964 * This is a large offset (64 bit) write.
3966 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3968 #else /* !LARGE_SMB_OFF_T */
3971 * Ensure we haven't been sent a >32 bit offset.
3974 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3975 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3976 "used and we don't support 64 bit offsets.\n",
3977 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
3978 reply_doserror(req, ERRDOS, ERRbadaccess);
3979 END_PROFILE(SMBwriteX);
3983 #endif /* LARGE_SMB_OFF_T */
3986 if (is_locked(fsp,(uint32)req->smbpid,
3987 (SMB_BIG_UINT)numtowrite,
3988 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3989 reply_doserror(req, ERRDOS, ERRlock);
3990 END_PROFILE(SMBwriteX);
3994 /* X/Open SMB protocol says that, unlike SMBwrite
3995 if the length is zero then NO truncation is
3996 done, just a write of zero. To truncate a file,
3999 if(numtowrite == 0) {
4003 if (req->unread_bytes == 0 &&
4004 schedule_aio_write_and_X(conn, req, fsp, data,
4005 startpos, numtowrite)) {
4006 END_PROFILE(SMBwriteX);
4010 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4013 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4014 reply_unixerror(req, ERRHRD, ERRdiskfull);
4015 END_PROFILE(SMBwriteX);
4019 reply_outbuf(req, 6, 0);
4020 SSVAL(req->outbuf,smb_vwv2,nwritten);
4021 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4023 if (nwritten < (ssize_t)numtowrite) {
4024 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4025 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4028 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4029 fsp->fnum, (int)numtowrite, (int)nwritten));
4031 status = sync_file(conn, fsp, write_through);
4032 if (!NT_STATUS_IS_OK(status)) {
4033 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4034 fsp->fsp_name, nt_errstr(status) ));
4035 reply_nterror(req, status);
4036 END_PROFILE(SMBwriteX);
4040 END_PROFILE(SMBwriteX);
4045 /****************************************************************************
4047 ****************************************************************************/
4049 void reply_lseek(struct smb_request *req)
4051 connection_struct *conn = req->conn;
4057 START_PROFILE(SMBlseek);
4060 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4061 END_PROFILE(SMBlseek);
4065 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4067 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4071 flush_write_cache(fsp, SEEK_FLUSH);
4073 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4074 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4075 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4084 res = fsp->fh->pos + startpos;
4095 if (umode == SEEK_END) {
4096 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4097 if(errno == EINVAL) {
4098 SMB_OFF_T current_pos = startpos;
4099 SMB_STRUCT_STAT sbuf;
4101 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4102 reply_unixerror(req, ERRDOS,
4104 END_PROFILE(SMBlseek);
4108 current_pos += sbuf.st_size;
4110 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4115 reply_unixerror(req, ERRDOS, ERRnoaccess);
4116 END_PROFILE(SMBlseek);
4123 reply_outbuf(req, 2, 0);
4124 SIVAL(req->outbuf,smb_vwv0,res);
4126 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4127 fsp->fnum, (double)startpos, (double)res, mode));
4129 END_PROFILE(SMBlseek);
4133 /****************************************************************************
4135 ****************************************************************************/
4137 void reply_flush(struct smb_request *req)
4139 connection_struct *conn = req->conn;
4143 START_PROFILE(SMBflush);
4146 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4150 fnum = SVAL(req->inbuf,smb_vwv0);
4151 fsp = file_fsp(fnum);
4153 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
4158 file_sync_all(conn);
4160 NTSTATUS status = sync_file(conn, fsp, True);
4161 if (!NT_STATUS_IS_OK(status)) {
4162 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4163 fsp->fsp_name, nt_errstr(status) ));
4164 reply_nterror(req, status);
4165 END_PROFILE(SMBflush);
4170 reply_outbuf(req, 0, 0);
4172 DEBUG(3,("flush\n"));
4173 END_PROFILE(SMBflush);
4177 /****************************************************************************
4179 conn POINTER CAN BE NULL HERE !
4180 ****************************************************************************/
4182 void reply_exit(struct smb_request *req)
4184 START_PROFILE(SMBexit);
4186 file_close_pid(req->smbpid, req->vuid);
4188 reply_outbuf(req, 0, 0);
4190 DEBUG(3,("exit\n"));
4192 END_PROFILE(SMBexit);
4196 /****************************************************************************
4197 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4198 ****************************************************************************/
4200 void reply_close(struct smb_request *req)
4202 connection_struct *conn = req->conn;
4203 NTSTATUS status = NT_STATUS_OK;
4204 files_struct *fsp = NULL;
4205 START_PROFILE(SMBclose);
4208 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4209 END_PROFILE(SMBclose);
4213 /* If it's an IPC, pass off to the pipe handler. */
4215 reply_pipe_close(conn, req);
4216 END_PROFILE(SMBclose);
4220 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4223 * We can only use CHECK_FSP if we know it's not a directory.
4226 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4227 reply_doserror(req, ERRDOS, ERRbadfid);
4228 END_PROFILE(SMBclose);
4232 if(fsp->is_directory) {
4234 * Special case - close NT SMB directory handle.
4236 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4237 status = close_file(fsp,NORMAL_CLOSE);
4240 * Close ordinary file.
4243 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4244 fsp->fh->fd, fsp->fnum,
4245 conn->num_files_open));
4248 * Take care of any time sent in the close.
4251 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
4252 srv_make_unix_date3(
4253 req->inbuf+smb_vwv1)));
4256 * close_file() returns the unix errno if an error
4257 * was detected on close - normally this is due to
4258 * a disk full error. If not then it was probably an I/O error.
4261 status = close_file(fsp,NORMAL_CLOSE);
4264 if (!NT_STATUS_IS_OK(status)) {
4265 reply_nterror(req, status);
4266 END_PROFILE(SMBclose);
4270 reply_outbuf(req, 0, 0);
4271 END_PROFILE(SMBclose);
4275 /****************************************************************************
4276 Reply to a writeclose (Core+ protocol).
4277 ****************************************************************************/
4279 void reply_writeclose(struct smb_request *req)
4281 connection_struct *conn = req->conn;
4283 ssize_t nwritten = -1;
4284 NTSTATUS close_status = NT_STATUS_OK;
4287 struct timespec mtime;
4290 START_PROFILE(SMBwriteclose);
4293 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4294 END_PROFILE(SMBwriteclose);
4298 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4300 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4301 END_PROFILE(SMBwriteclose);
4304 if (!CHECK_WRITE(fsp)) {
4305 reply_doserror(req, ERRDOS,ERRbadaccess);
4306 END_PROFILE(SMBwriteclose);
4310 numtowrite = SVAL(req->inbuf,smb_vwv1);
4311 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4312 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4313 req->inbuf+smb_vwv4));
4314 data = smb_buf(req->inbuf) + 1;
4317 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4318 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4319 reply_doserror(req, ERRDOS,ERRlock);
4320 END_PROFILE(SMBwriteclose);
4324 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4326 set_filetime(conn, fsp->fsp_name, mtime);
4329 * More insanity. W2K only closes the file if writelen > 0.
4334 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4336 close_status = close_file(fsp,NORMAL_CLOSE);
4339 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4340 fsp->fnum, (int)numtowrite, (int)nwritten,
4341 conn->num_files_open));
4343 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4344 reply_doserror(req, ERRHRD, ERRdiskfull);
4345 END_PROFILE(SMBwriteclose);
4349 if(!NT_STATUS_IS_OK(close_status)) {
4350 reply_nterror(req, close_status);
4351 END_PROFILE(SMBwriteclose);
4355 reply_outbuf(req, 1, 0);
4357 SSVAL(req->outbuf,smb_vwv0,nwritten);
4358 END_PROFILE(SMBwriteclose);
4363 #define DBGC_CLASS DBGC_LOCKING
4365 /****************************************************************************
4367 ****************************************************************************/
4369 void reply_lock(struct smb_request *req)
4371 connection_struct *conn = req->conn;
4372 SMB_BIG_UINT count,offset;
4375 struct byte_range_lock *br_lck = NULL;
4377 START_PROFILE(SMBlock);
4380 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4381 END_PROFILE(SMBlock);
4385 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4387 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4388 END_PROFILE(SMBlock);
4392 release_level_2_oplocks_on_change(fsp);
4394 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4395 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4397 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4398 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4400 br_lck = do_lock(smbd_messaging_context(),
4407 False, /* Non-blocking lock. */
4411 TALLOC_FREE(br_lck);
4413 if (NT_STATUS_V(status)) {
4414 reply_nterror(req, status);
4415 END_PROFILE(SMBlock);
4419 reply_outbuf(req, 0, 0);
4421 END_PROFILE(SMBlock);
4425 /****************************************************************************
4427 ****************************************************************************/
4429 void reply_unlock(struct smb_request *req)
4431 connection_struct *conn = req->conn;
4432 SMB_BIG_UINT count,offset;
4436 START_PROFILE(SMBunlock);
4439 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4440 END_PROFILE(SMBunlock);
4444 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4446 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4447 END_PROFILE(SMBunlock);
4451 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4452 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4454 status = do_unlock(smbd_messaging_context(),
4461 if (NT_STATUS_V(status)) {
4462 reply_nterror(req, status);
4463 END_PROFILE(SMBunlock);
4467 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4468 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4470 reply_outbuf(req, 0, 0);
4472 END_PROFILE(SMBunlock);
4477 #define DBGC_CLASS DBGC_ALL
4479 /****************************************************************************
4481 conn POINTER CAN BE NULL HERE !
4482 ****************************************************************************/
4484 void reply_tdis(struct smb_request *req)
4486 connection_struct *conn = req->conn;
4487 START_PROFILE(SMBtdis);
4490 DEBUG(4,("Invalid connection in tdis\n"));
4491 reply_doserror(req, ERRSRV, ERRinvnid);
4492 END_PROFILE(SMBtdis);
4498 close_cnum(conn,req->vuid);
4501 reply_outbuf(req, 0, 0);
4502 END_PROFILE(SMBtdis);
4506 /****************************************************************************
4508 conn POINTER CAN BE NULL HERE !
4509 ****************************************************************************/
4511 void reply_echo(struct smb_request *req)
4513 connection_struct *conn = req->conn;
4516 unsigned int data_len = smb_buflen(req->inbuf);
4518 START_PROFILE(SMBecho);
4521 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4522 END_PROFILE(SMBecho);
4526 if (data_len > BUFFER_SIZE) {
4527 DEBUG(0,("reply_echo: data_len too large.\n"));
4528 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4529 END_PROFILE(SMBecho);
4533 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4535 reply_outbuf(req, 1, data_len);
4537 /* copy any incoming data back out */
4539 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4542 if (smb_reverb > 100) {
4543 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4547 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4548 SSVAL(req->outbuf,smb_vwv0,seq_num);
4550 show_msg((char *)req->outbuf);
4551 if (!srv_send_smb(smbd_server_fd(),
4552 (char *)req->outbuf,
4553 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4554 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4557 DEBUG(3,("echo %d times\n", smb_reverb));
4559 TALLOC_FREE(req->outbuf);
4563 END_PROFILE(SMBecho);
4567 /****************************************************************************
4568 Reply to a printopen.
4569 ****************************************************************************/
4571 void reply_printopen(struct smb_request *req)
4573 connection_struct *conn = req->conn;
4577 START_PROFILE(SMBsplopen);
4580 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4581 END_PROFILE(SMBsplopen);
4585 if (!CAN_PRINT(conn)) {
4586 reply_doserror(req, ERRDOS, ERRnoaccess);
4587 END_PROFILE(SMBsplopen);
4591 /* Open for exclusive use, write only. */
4592 status = print_fsp_open(conn, NULL, &fsp);
4594 if (!NT_STATUS_IS_OK(status)) {
4595 reply_nterror(req, status);
4596 END_PROFILE(SMBsplopen);
4600 reply_outbuf(req, 1, 0);
4601 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4603 DEBUG(3,("openprint fd=%d fnum=%d\n",
4604 fsp->fh->fd, fsp->fnum));
4606 END_PROFILE(SMBsplopen);
4610 /****************************************************************************
4611 Reply to a printclose.
4612 ****************************************************************************/
4614 void reply_printclose(struct smb_request *req)
4616 connection_struct *conn = req->conn;
4620 START_PROFILE(SMBsplclose);
4623 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4624 END_PROFILE(SMBsplclose);
4628 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4630 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4631 END_PROFILE(SMBsplclose);
4635 if (!CAN_PRINT(conn)) {
4636 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4637 END_PROFILE(SMBsplclose);
4641 DEBUG(3,("printclose fd=%d fnum=%d\n",
4642 fsp->fh->fd,fsp->fnum));
4644 status = close_file(fsp,NORMAL_CLOSE);
4646 if(!NT_STATUS_IS_OK(status)) {
4647 reply_nterror(req, status);
4648 END_PROFILE(SMBsplclose);
4652 END_PROFILE(SMBsplclose);
4656 /****************************************************************************
4657 Reply to a printqueue.
4658 ****************************************************************************/
4660 void reply_printqueue(struct smb_request *req)
4662 connection_struct *conn = req->conn;
4666 START_PROFILE(SMBsplretq);
4669 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4670 END_PROFILE(SMBsplretq);
4674 max_count = SVAL(req->inbuf,smb_vwv0);
4675 start_index = SVAL(req->inbuf,smb_vwv1);
4677 /* we used to allow the client to get the cnum wrong, but that
4678 is really quite gross and only worked when there was only
4679 one printer - I think we should now only accept it if they
4680 get it right (tridge) */
4681 if (!CAN_PRINT(conn)) {
4682 reply_doserror(req, ERRDOS, ERRnoaccess);
4683 END_PROFILE(SMBsplretq);
4687 reply_outbuf(req, 2, 3);
4688 SSVAL(req->outbuf,smb_vwv0,0);
4689 SSVAL(req->outbuf,smb_vwv1,0);
4690 SCVAL(smb_buf(req->outbuf),0,1);
4691 SSVAL(smb_buf(req->outbuf),1,0);
4693 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4694 start_index, max_count));
4697 print_queue_struct *queue = NULL;
4698 print_status_struct status;
4699 int count = print_queue_status(SNUM(conn), &queue, &status);
4700 int num_to_get = ABS(max_count);
4701 int first = (max_count>0?start_index:start_index+max_count+1);
4707 num_to_get = MIN(num_to_get,count-first);
4710 for (i=first;i<first+num_to_get;i++) {
4714 srv_put_dos_date2(p,0,queue[i].time);
4715 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4716 SSVAL(p,5, queue[i].job);
4717 SIVAL(p,7,queue[i].size);
4719 srvstr_push(blob, req->flags2, p+12,
4720 queue[i].fs_user, 16, STR_ASCII);
4722 if (message_push_blob(
4725 blob, sizeof(blob))) == -1) {
4726 reply_nterror(req, NT_STATUS_NO_MEMORY);
4727 END_PROFILE(SMBsplretq);
4733 SSVAL(req->outbuf,smb_vwv0,count);
4734 SSVAL(req->outbuf,smb_vwv1,
4735 (max_count>0?first+count:first-1));
4736 SCVAL(smb_buf(req->outbuf),0,1);
4737 SSVAL(smb_buf(req->outbuf),1,28*count);
4742 DEBUG(3,("%d entries returned in queue\n",count));
4745 END_PROFILE(SMBsplretq);
4749 /****************************************************************************
4750 Reply to a printwrite.
4751 ****************************************************************************/
4753 void reply_printwrite(struct smb_request *req)
4755 connection_struct *conn = req->conn;
4760 START_PROFILE(SMBsplwr);
4763 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4764 END_PROFILE(SMBsplwr);
4768 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4770 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4771 END_PROFILE(SMBsplwr);
4775 if (!CAN_PRINT(conn)) {
4776 reply_doserror(req, ERRDOS, ERRnoaccess);
4777 END_PROFILE(SMBsplwr);
4781 if (!CHECK_WRITE(fsp)) {
4782 reply_doserror(req, ERRDOS, ERRbadaccess);
4783 END_PROFILE(SMBsplwr);
4787 numtowrite = SVAL(smb_buf(req->inbuf),1);
4789 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4790 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4791 END_PROFILE(SMBsplwr);
4795 data = smb_buf(req->inbuf) + 3;
4797 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4798 reply_unixerror(req, ERRHRD, ERRdiskfull);
4799 END_PROFILE(SMBsplwr);
4803 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4805 END_PROFILE(SMBsplwr);
4809 /****************************************************************************
4811 ****************************************************************************/
4813 void reply_mkdir(struct smb_request *req)
4815 connection_struct *conn = req->conn;
4816 char *directory = NULL;
4818 SMB_STRUCT_STAT sbuf;
4819 TALLOC_CTX *ctx = talloc_tos();
4821 START_PROFILE(SMBmkdir);
4823 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4824 smb_buf(req->inbuf) + 1, 0,
4825 STR_TERMINATE, &status);
4826 if (!NT_STATUS_IS_OK(status)) {
4827 reply_nterror(req, status);
4828 END_PROFILE(SMBmkdir);
4832 status = resolve_dfspath(ctx, conn,
4833 req->flags2 & FLAGS2_DFS_PATHNAMES,
4836 if (!NT_STATUS_IS_OK(status)) {
4837 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4838 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4839 ERRSRV, ERRbadpath);
4840 END_PROFILE(SMBmkdir);
4843 reply_nterror(req, status);
4844 END_PROFILE(SMBmkdir);
4848 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4849 if (!NT_STATUS_IS_OK(status)) {
4850 reply_nterror(req, status);
4851 END_PROFILE(SMBmkdir);
4855 status = check_name(conn, directory);
4856 if (!NT_STATUS_IS_OK(status)) {
4857 reply_nterror(req, status);
4858 END_PROFILE(SMBmkdir);
4862 status = create_directory(conn, req, directory);
4864 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4866 if (!NT_STATUS_IS_OK(status)) {
4868 if (!use_nt_status()
4869 && NT_STATUS_EQUAL(status,
4870 NT_STATUS_OBJECT_NAME_COLLISION)) {
4872 * Yes, in the DOS error code case we get a
4873 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4874 * samba4 torture test.
4876 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4879 reply_nterror(req, status);
4880 END_PROFILE(SMBmkdir);
4884 reply_outbuf(req, 0, 0);
4886 DEBUG( 3, ( "mkdir %s\n", directory ) );
4888 END_PROFILE(SMBmkdir);
4892 /****************************************************************************
4893 Static function used by reply_rmdir to delete an entire directory
4894 tree recursively. Return True on ok, False on fail.
4895 ****************************************************************************/
4897 static bool recursive_rmdir(TALLOC_CTX *ctx,
4898 connection_struct *conn,
4901 const char *dname = NULL;
4904 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4909 while((dname = ReadDirName(dir_hnd, &offset))) {
4910 char *fullname = NULL;
4913 if (ISDOT(dname) || ISDOTDOT(dname)) {
4917 if (!is_visible_file(conn, directory, dname, &st, False)) {
4921 /* Construct the full name. */
4922 fullname = talloc_asprintf(ctx,
4932 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4937 if(st.st_mode & S_IFDIR) {
4938 if(!recursive_rmdir(ctx, conn, fullname)) {
4942 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4946 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4950 TALLOC_FREE(fullname);
4956 /****************************************************************************
4957 The internals of the rmdir code - called elsewhere.
4958 ****************************************************************************/
4960 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4961 connection_struct *conn,
4962 const char *directory)
4967 /* Might be a symlink. */
4968 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4969 return map_nt_error_from_unix(errno);
4972 if (S_ISLNK(st.st_mode)) {
4973 /* Is what it points to a directory ? */
4974 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4975 return map_nt_error_from_unix(errno);
4977 if (!(S_ISDIR(st.st_mode))) {
4978 return NT_STATUS_NOT_A_DIRECTORY;
4980 ret = SMB_VFS_UNLINK(conn,directory);
4982 ret = SMB_VFS_RMDIR(conn,directory);
4985 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4986 FILE_NOTIFY_CHANGE_DIR_NAME,
4988 return NT_STATUS_OK;
4991 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4993 * Check to see if the only thing in this directory are
4994 * vetoed files/directories. If so then delete them and
4995 * retry. If we fail to delete any of them (and we *don't*
4996 * do a recursive delete) then fail the rmdir.
5000 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
5002 if(dir_hnd == NULL) {
5007 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5008 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5010 if (!is_visible_file(conn, directory, dname, &st, False))
5012 if(!IS_VETO_PATH(conn, dname)) {
5019 /* We only have veto files/directories. Recursive delete. */
5021 RewindDir(dir_hnd,&dirpos);
5022 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5023 char *fullname = NULL;
5025 if (ISDOT(dname) || ISDOTDOT(dname)) {
5028 if (!is_visible_file(conn, directory, dname, &st, False)) {
5032 fullname = talloc_asprintf(ctx,
5042 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5045 if(st.st_mode & S_IFDIR) {
5046 if(lp_recursive_veto_delete(SNUM(conn))) {
5047 if(!recursive_rmdir(ctx, conn, fullname))
5050 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5053 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5056 TALLOC_FREE(fullname);
5059 /* Retry the rmdir */
5060 ret = SMB_VFS_RMDIR(conn,directory);
5066 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5067 "%s\n", directory,strerror(errno)));
5068 return map_nt_error_from_unix(errno);
5071 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5072 FILE_NOTIFY_CHANGE_DIR_NAME,
5075 return NT_STATUS_OK;
5078 /****************************************************************************
5080 ****************************************************************************/
5082 void reply_rmdir(struct smb_request *req)
5084 connection_struct *conn = req->conn;
5085 char *directory = NULL;
5086 SMB_STRUCT_STAT sbuf;
5088 TALLOC_CTX *ctx = talloc_tos();
5090 START_PROFILE(SMBrmdir);
5092 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5093 smb_buf(req->inbuf) + 1, 0,
5094 STR_TERMINATE, &status);
5095 if (!NT_STATUS_IS_OK(status)) {
5096 reply_nterror(req, status);
5097 END_PROFILE(SMBrmdir);
5101 status = resolve_dfspath(ctx, conn,
5102 req->flags2 & FLAGS2_DFS_PATHNAMES,
5105 if (!NT_STATUS_IS_OK(status)) {
5106 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5107 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5108 ERRSRV, ERRbadpath);
5109 END_PROFILE(SMBrmdir);
5112 reply_nterror(req, status);
5113 END_PROFILE(SMBrmdir);
5117 status = unix_convert(ctx, conn, directory, False, &directory,
5119 if (!NT_STATUS_IS_OK(status)) {
5120 reply_nterror(req, status);
5121 END_PROFILE(SMBrmdir);
5125 status = check_name(conn, directory);
5126 if (!NT_STATUS_IS_OK(status)) {
5127 reply_nterror(req, status);
5128 END_PROFILE(SMBrmdir);
5132 dptr_closepath(directory, req->smbpid);
5133 status = rmdir_internals(ctx, conn, directory);
5134 if (!NT_STATUS_IS_OK(status)) {
5135 reply_nterror(req, status);
5136 END_PROFILE(SMBrmdir);
5140 reply_outbuf(req, 0, 0);
5142 DEBUG( 3, ( "rmdir %s\n", directory ) );
5144 END_PROFILE(SMBrmdir);
5148 /*******************************************************************
5149 Resolve wildcards in a filename rename.
5150 ********************************************************************/
5152 static bool resolve_wildcards(TALLOC_CTX *ctx,
5157 char *name2_copy = NULL;
5162 char *p,*p2, *pname1, *pname2;
5164 name2_copy = talloc_strdup(ctx, name2);
5169 pname1 = strrchr_m(name1,'/');
5170 pname2 = strrchr_m(name2_copy,'/');
5172 if (!pname1 || !pname2) {
5176 /* Truncate the copy of name2 at the last '/' */
5179 /* Now go past the '/' */
5183 root1 = talloc_strdup(ctx, pname1);
5184 root2 = talloc_strdup(ctx, pname2);
5186 if (!root1 || !root2) {
5190 p = strrchr_m(root1,'.');
5193 ext1 = talloc_strdup(ctx, p+1);
5195 ext1 = talloc_strdup(ctx, "");
5197 p = strrchr_m(root2,'.');
5200 ext2 = talloc_strdup(ctx, p+1);
5202 ext2 = talloc_strdup(ctx, "");
5205 if (!ext1 || !ext2) {
5213 /* Hmmm. Should this be mb-aware ? */
5216 } else if (*p2 == '*') {
5218 root2 = talloc_asprintf(ctx, "%s%s",
5237 /* Hmmm. Should this be mb-aware ? */
5240 } else if (*p2 == '*') {
5242 ext2 = talloc_asprintf(ctx, "%s%s",
5258 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5263 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5275 /****************************************************************************
5276 Ensure open files have their names updated. Updated to notify other smbd's
5278 ****************************************************************************/
5280 static void rename_open_files(connection_struct *conn,
5281 struct share_mode_lock *lck,
5282 const char *newname)
5285 bool did_rename = False;
5287 for(fsp = file_find_di_first(lck->id); fsp;
5288 fsp = file_find_di_next(fsp)) {
5289 /* fsp_name is a relative path under the fsp. To change this for other
5290 sharepaths we need to manipulate relative paths. */
5291 /* TODO - create the absolute path and manipulate the newname
5292 relative to the sharepath. */
5293 if (fsp->conn != conn) {
5296 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5297 fsp->fnum, file_id_string_tos(&fsp->file_id),
5298 fsp->fsp_name, newname ));
5299 string_set(&fsp->fsp_name, newname);
5304 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5305 file_id_string_tos(&lck->id), newname ));
5308 /* Send messages to all smbd's (not ourself) that the name has changed. */
5309 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5313 /****************************************************************************
5314 We need to check if the source path is a parent directory of the destination
5315 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5316 refuse the rename with a sharing violation. Under UNIX the above call can
5317 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5318 probably need to check that the client is a Windows one before disallowing
5319 this as a UNIX client (one with UNIX extensions) can know the source is a
5320 symlink and make this decision intelligently. Found by an excellent bug
5321 report from <AndyLiebman@aol.com>.
5322 ****************************************************************************/
5324 static bool rename_path_prefix_equal(const char *src, const char *dest)
5326 const char *psrc = src;
5327 const char *pdst = dest;
5330 if (psrc[0] == '.' && psrc[1] == '/') {
5333 if (pdst[0] == '.' && pdst[1] == '/') {
5336 if ((slen = strlen(psrc)) > strlen(pdst)) {
5339 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5343 * Do the notify calls from a rename
5346 static void notify_rename(connection_struct *conn, bool is_dir,
5347 const char *oldpath, const char *newpath)
5349 char *olddir, *newdir;
5350 const char *oldname, *newname;
5353 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5354 : FILE_NOTIFY_CHANGE_FILE_NAME;
5356 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5357 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5358 TALLOC_FREE(olddir);
5362 if (strcmp(olddir, newdir) == 0) {
5363 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5364 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5367 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5368 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5370 TALLOC_FREE(olddir);
5371 TALLOC_FREE(newdir);
5373 /* this is a strange one. w2k3 gives an additional event for
5374 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5375 files, but not directories */
5377 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5378 FILE_NOTIFY_CHANGE_ATTRIBUTES
5379 |FILE_NOTIFY_CHANGE_CREATION,
5384 /****************************************************************************
5385 Rename an open file - given an fsp.
5386 ****************************************************************************/
5388 NTSTATUS rename_internals_fsp(connection_struct *conn,
5391 const char *newname_last_component,
5393 bool replace_if_exists)
5395 TALLOC_CTX *ctx = talloc_tos();
5396 SMB_STRUCT_STAT sbuf, sbuf1;
5397 NTSTATUS status = NT_STATUS_OK;
5398 struct share_mode_lock *lck = NULL;
5403 status = check_name(conn, newname);
5404 if (!NT_STATUS_IS_OK(status)) {
5408 /* Ensure newname contains a '/' */
5409 if(strrchr_m(newname,'/') == 0) {
5410 newname = talloc_asprintf(ctx,
5414 return NT_STATUS_NO_MEMORY;
5419 * Check for special case with case preserving and not
5420 * case sensitive. If the old last component differs from the original
5421 * last component only by case, then we should allow
5422 * the rename (user is trying to change the case of the
5426 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5427 strequal(newname, fsp->fsp_name)) {
5429 char *newname_modified_last_component = NULL;
5432 * Get the last component of the modified name.
5433 * Note that we guarantee that newname contains a '/'
5436 p = strrchr_m(newname,'/');
5437 newname_modified_last_component = talloc_strdup(ctx,
5439 if (!newname_modified_last_component) {
5440 return NT_STATUS_NO_MEMORY;
5443 if(strcsequal(newname_modified_last_component,
5444 newname_last_component) == False) {
5446 * Replace the modified last component with
5449 *p = '\0'; /* Truncate at the '/' */
5450 newname = talloc_asprintf(ctx,
5453 newname_last_component);
5458 * If the src and dest names are identical - including case,
5459 * don't do the rename, just return success.
5462 if (strcsequal(fsp->fsp_name, newname)) {
5463 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5465 return NT_STATUS_OK;
5469 * Have vfs_object_exist also fill sbuf1
5471 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5473 if(!replace_if_exists && dst_exists) {
5474 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5475 fsp->fsp_name,newname));
5476 return NT_STATUS_OBJECT_NAME_COLLISION;
5480 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5481 files_struct *dst_fsp = file_find_di_first(fileid);
5483 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5484 return NT_STATUS_ACCESS_DENIED;
5488 /* Ensure we have a valid stat struct for the source. */
5489 if (fsp->fh->fd != -1) {
5490 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5491 return map_nt_error_from_unix(errno);
5494 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5495 return map_nt_error_from_unix(errno);
5499 status = can_rename(conn, fsp, attrs, &sbuf);
5501 if (!NT_STATUS_IS_OK(status)) {
5502 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5503 nt_errstr(status), fsp->fsp_name,newname));
5504 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5505 status = NT_STATUS_ACCESS_DENIED;
5509 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5510 return NT_STATUS_ACCESS_DENIED;
5513 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL);
5516 * We have the file open ourselves, so not being able to get the
5517 * corresponding share mode lock is a fatal error.
5520 SMB_ASSERT(lck != NULL);
5522 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5523 uint32 create_options = fsp->fh->private_options;
5525 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5526 fsp->fsp_name,newname));
5528 rename_open_files(conn, lck, newname);
5530 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5533 * A rename acts as a new file create w.r.t. allowing an initial delete
5534 * on close, probably because in Windows there is a new handle to the
5535 * new file. If initial delete on close was requested but not
5536 * originally set, we need to set it here. This is probably not 100% correct,
5537 * but will work for the CIFSFS client which in non-posix mode
5538 * depends on these semantics. JRA.
5541 set_allow_initial_delete_on_close(lck, fsp, True);
5543 if (create_options & FILE_DELETE_ON_CLOSE) {
5544 status = can_set_delete_on_close(fsp, True, 0);
5546 if (NT_STATUS_IS_OK(status)) {
5547 /* Note that here we set the *inital* delete on close flag,
5548 * not the regular one. The magic gets handled in close. */
5549 fsp->initial_delete_on_close = True;
5553 return NT_STATUS_OK;
5558 if (errno == ENOTDIR || errno == EISDIR) {
5559 status = NT_STATUS_OBJECT_NAME_COLLISION;
5561 status = map_nt_error_from_unix(errno);
5564 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5565 nt_errstr(status), fsp->fsp_name,newname));
5570 /****************************************************************************
5571 The guts of the rename command, split out so it may be called by the NT SMB
5573 ****************************************************************************/
5575 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5576 connection_struct *conn,
5577 struct smb_request *req,
5578 const char *name_in,
5579 const char *newname_in,
5581 bool replace_if_exists,
5585 char *directory = NULL;
5587 char *last_component_src = NULL;
5588 char *last_component_dest = NULL;
5590 char *newname = NULL;
5593 NTSTATUS status = NT_STATUS_OK;
5594 SMB_STRUCT_STAT sbuf1, sbuf2;
5595 struct smb_Dir *dir_hnd = NULL;
5602 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5603 &last_component_src, &sbuf1);
5604 if (!NT_STATUS_IS_OK(status)) {
5608 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5609 &last_component_dest, &sbuf2);
5610 if (!NT_STATUS_IS_OK(status)) {
5615 * Split the old name into directory and last component
5616 * strings. Note that unix_convert may have stripped off a
5617 * leading ./ from both name and newname if the rename is
5618 * at the root of the share. We need to make sure either both
5619 * name and newname contain a / character or neither of them do
5620 * as this is checked in resolve_wildcards().
5623 p = strrchr_m(name,'/');
5625 directory = talloc_strdup(ctx, ".");
5627 return NT_STATUS_NO_MEMORY;
5632 directory = talloc_strdup(ctx, name);
5634 return NT_STATUS_NO_MEMORY;
5637 *p = '/'; /* Replace needed for exceptional test below. */
5641 * We should only check the mangled cache
5642 * here if unix_convert failed. This means
5643 * that the path in 'mask' doesn't exist
5644 * on the file system and so we need to look
5645 * for a possible mangle. This patch from
5646 * Tine Smukavec <valentin.smukavec@hermes.si>.
5649 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5650 char *new_mask = NULL;
5651 mangle_lookup_name_from_8_3(ctx,
5660 if (!src_has_wild) {
5664 * No wildcards - just process the one file.
5666 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5668 /* Add a terminating '/' to the directory name. */
5669 directory = talloc_asprintf_append(directory,
5673 return NT_STATUS_NO_MEMORY;
5676 /* Ensure newname contains a '/' also */
5677 if(strrchr_m(newname,'/') == 0) {
5678 newname = talloc_asprintf(ctx,
5682 return NT_STATUS_NO_MEMORY;
5686 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5687 "case_preserve = %d, short case preserve = %d, "
5688 "directory = %s, newname = %s, "
5689 "last_component_dest = %s, is_8_3 = %d\n",
5690 conn->case_sensitive, conn->case_preserve,
5691 conn->short_case_preserve, directory,
5692 newname, last_component_dest, is_short_name));
5694 /* The dest name still may have wildcards. */
5695 if (dest_has_wild) {
5696 char *mod_newname = NULL;
5697 if (!resolve_wildcards(ctx,
5698 directory,newname,&mod_newname)) {
5699 DEBUG(6, ("rename_internals: resolve_wildcards "
5703 return NT_STATUS_NO_MEMORY;
5705 newname = mod_newname;
5709 SMB_VFS_STAT(conn, directory, &sbuf1);
5711 status = S_ISDIR(sbuf1.st_mode) ?
5712 open_directory(conn, req, directory, &sbuf1,
5714 FILE_SHARE_READ|FILE_SHARE_WRITE,
5715 FILE_OPEN, 0, 0, NULL,
5717 : open_file_ntcreate(conn, req, directory, &sbuf1,
5719 FILE_SHARE_READ|FILE_SHARE_WRITE,
5720 FILE_OPEN, 0, 0, 0, NULL,
5723 if (!NT_STATUS_IS_OK(status)) {
5724 DEBUG(3, ("Could not open rename source %s: %s\n",
5725 directory, nt_errstr(status)));
5729 status = rename_internals_fsp(conn, fsp, newname,
5730 last_component_dest,
5731 attrs, replace_if_exists);
5733 close_file(fsp, NORMAL_CLOSE);
5735 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5736 nt_errstr(status), directory,newname));
5742 * Wildcards - process each file that matches.
5744 if (strequal(mask,"????????.???")) {
5749 status = check_name(conn, directory);
5750 if (!NT_STATUS_IS_OK(status)) {
5754 dir_hnd = OpenDir(conn, directory, mask, attrs);
5755 if (dir_hnd == NULL) {
5756 return map_nt_error_from_unix(errno);
5759 status = NT_STATUS_NO_SUCH_FILE;
5761 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5762 * - gentest fix. JRA
5765 while ((dname = ReadDirName(dir_hnd, &offset))) {
5766 files_struct *fsp = NULL;
5768 char *destname = NULL;
5769 bool sysdir_entry = False;
5771 /* Quick check for "." and ".." */
5772 if (ISDOT(dname) || ISDOTDOT(dname)) {
5774 sysdir_entry = True;
5780 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5784 if(!mask_match(dname, mask, conn->case_sensitive)) {
5789 status = NT_STATUS_OBJECT_NAME_INVALID;
5793 fname = talloc_asprintf(ctx,
5798 return NT_STATUS_NO_MEMORY;
5801 if (!resolve_wildcards(ctx,
5802 fname,newname,&destname)) {
5803 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5809 return NT_STATUS_NO_MEMORY;
5813 SMB_VFS_STAT(conn, fname, &sbuf1);
5815 status = S_ISDIR(sbuf1.st_mode) ?
5816 open_directory(conn, req, fname, &sbuf1,
5818 FILE_SHARE_READ|FILE_SHARE_WRITE,
5819 FILE_OPEN, 0, 0, NULL,
5821 : open_file_ntcreate(conn, req, fname, &sbuf1,
5823 FILE_SHARE_READ|FILE_SHARE_WRITE,
5824 FILE_OPEN, 0, 0, 0, NULL,
5827 if (!NT_STATUS_IS_OK(status)) {
5828 DEBUG(3,("rename_internals: open_file_ntcreate "
5829 "returned %s rename %s -> %s\n",
5830 nt_errstr(status), directory, newname));
5834 status = rename_internals_fsp(conn, fsp, destname, dname,
5835 attrs, replace_if_exists);
5837 close_file(fsp, NORMAL_CLOSE);
5839 if (!NT_STATUS_IS_OK(status)) {
5840 DEBUG(3, ("rename_internals_fsp returned %s for "
5841 "rename %s -> %s\n", nt_errstr(status),
5842 directory, newname));
5848 DEBUG(3,("rename_internals: doing rename on %s -> "
5849 "%s\n",fname,destname));
5852 TALLOC_FREE(destname);
5856 if (count == 0 && NT_STATUS_IS_OK(status)) {
5857 status = map_nt_error_from_unix(errno);
5863 /****************************************************************************
5865 ****************************************************************************/
5867 void reply_mv(struct smb_request *req)
5869 connection_struct *conn = req->conn;
5871 char *newname = NULL;
5875 bool src_has_wcard = False;
5876 bool dest_has_wcard = False;
5877 TALLOC_CTX *ctx = talloc_tos();
5879 START_PROFILE(SMBmv);
5882 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5887 attrs = SVAL(req->inbuf,smb_vwv0);
5889 p = smb_buf(req->inbuf) + 1;
5890 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5891 0, STR_TERMINATE, &status,
5893 if (!NT_STATUS_IS_OK(status)) {
5894 reply_nterror(req, status);
5899 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5900 0, STR_TERMINATE, &status,
5902 if (!NT_STATUS_IS_OK(status)) {
5903 reply_nterror(req, status);
5908 status = resolve_dfspath_wcard(ctx, conn,
5909 req->flags2 & FLAGS2_DFS_PATHNAMES,
5913 if (!NT_STATUS_IS_OK(status)) {
5914 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5915 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5916 ERRSRV, ERRbadpath);
5920 reply_nterror(req, status);
5925 status = resolve_dfspath_wcard(ctx, conn,
5926 req->flags2 & FLAGS2_DFS_PATHNAMES,
5930 if (!NT_STATUS_IS_OK(status)) {
5931 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5932 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5933 ERRSRV, ERRbadpath);
5937 reply_nterror(req, status);
5942 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5944 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5945 src_has_wcard, dest_has_wcard);
5946 if (!NT_STATUS_IS_OK(status)) {
5947 if (open_was_deferred(req->mid)) {
5948 /* We have re-scheduled this call. */
5952 reply_nterror(req, status);
5957 reply_outbuf(req, 0, 0);
5963 /*******************************************************************
5964 Copy a file as part of a reply_copy.
5965 ******************************************************************/
5968 * TODO: check error codes on all callers
5971 NTSTATUS copy_file(TALLOC_CTX *ctx,
5972 connection_struct *conn,
5977 bool target_is_directory)
5979 SMB_STRUCT_STAT src_sbuf, sbuf2;
5981 files_struct *fsp1,*fsp2;
5984 uint32 new_create_disposition;
5987 dest = talloc_strdup(ctx, dest1);
5989 return NT_STATUS_NO_MEMORY;
5991 if (target_is_directory) {
5992 const char *p = strrchr_m(src,'/');
5998 dest = talloc_asprintf_append(dest,
6002 return NT_STATUS_NO_MEMORY;
6006 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6008 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6011 if (!target_is_directory && count) {
6012 new_create_disposition = FILE_OPEN;
6014 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6015 NULL, NULL, &new_create_disposition, NULL)) {
6017 return NT_STATUS_INVALID_PARAMETER;
6021 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6023 FILE_SHARE_READ|FILE_SHARE_WRITE,
6026 FILE_ATTRIBUTE_NORMAL,
6030 if (!NT_STATUS_IS_OK(status)) {
6035 dosattrs = dos_mode(conn, src, &src_sbuf);
6036 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6037 ZERO_STRUCTP(&sbuf2);
6040 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6042 FILE_SHARE_READ|FILE_SHARE_WRITE,
6043 new_create_disposition,
6051 if (!NT_STATUS_IS_OK(status)) {
6052 close_file(fsp1,ERROR_CLOSE);
6056 if ((ofun&3) == 1) {
6057 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6058 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6060 * Stop the copy from occurring.
6063 src_sbuf.st_size = 0;
6067 if (src_sbuf.st_size) {
6068 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6071 close_file(fsp1,NORMAL_CLOSE);
6073 /* Ensure the modtime is set correctly on the destination file. */
6074 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
6077 * As we are opening fsp1 read-only we only expect
6078 * an error on close on fsp2 if we are out of space.
6079 * Thus we don't look at the error return from the
6082 status = close_file(fsp2,NORMAL_CLOSE);
6084 if (!NT_STATUS_IS_OK(status)) {
6088 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6089 return NT_STATUS_DISK_FULL;
6092 return NT_STATUS_OK;
6095 /****************************************************************************
6096 Reply to a file copy.
6097 ****************************************************************************/
6099 void reply_copy(struct smb_request *req)
6101 connection_struct *conn = req->conn;
6103 char *newname = NULL;
6104 char *directory = NULL;
6108 int error = ERRnoaccess;
6113 bool target_is_directory=False;
6114 bool source_has_wild = False;
6115 bool dest_has_wild = False;
6116 SMB_STRUCT_STAT sbuf1, sbuf2;
6118 TALLOC_CTX *ctx = talloc_tos();
6120 START_PROFILE(SMBcopy);
6123 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6124 END_PROFILE(SMBcopy);
6128 tid2 = SVAL(req->inbuf,smb_vwv0);
6129 ofun = SVAL(req->inbuf,smb_vwv1);
6130 flags = SVAL(req->inbuf,smb_vwv2);
6132 p = smb_buf(req->inbuf);
6133 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6134 0, STR_TERMINATE, &status,
6136 if (!NT_STATUS_IS_OK(status)) {
6137 reply_nterror(req, status);
6138 END_PROFILE(SMBcopy);
6141 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6142 0, STR_TERMINATE, &status,
6144 if (!NT_STATUS_IS_OK(status)) {
6145 reply_nterror(req, status);
6146 END_PROFILE(SMBcopy);
6150 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6152 if (tid2 != conn->cnum) {
6153 /* can't currently handle inter share copies XXXX */
6154 DEBUG(3,("Rejecting inter-share copy\n"));
6155 reply_doserror(req, ERRSRV, ERRinvdevice);
6156 END_PROFILE(SMBcopy);
6160 status = resolve_dfspath_wcard(ctx, conn,
6161 req->flags2 & FLAGS2_DFS_PATHNAMES,
6165 if (!NT_STATUS_IS_OK(status)) {
6166 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6167 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6168 ERRSRV, ERRbadpath);
6169 END_PROFILE(SMBcopy);
6172 reply_nterror(req, status);
6173 END_PROFILE(SMBcopy);
6177 status = resolve_dfspath_wcard(ctx, conn,
6178 req->flags2 & FLAGS2_DFS_PATHNAMES,
6182 if (!NT_STATUS_IS_OK(status)) {
6183 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6184 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6185 ERRSRV, ERRbadpath);
6186 END_PROFILE(SMBcopy);
6189 reply_nterror(req, status);
6190 END_PROFILE(SMBcopy);
6194 status = unix_convert(ctx, conn, name, source_has_wild,
6195 &name, NULL, &sbuf1);
6196 if (!NT_STATUS_IS_OK(status)) {
6197 reply_nterror(req, status);
6198 END_PROFILE(SMBcopy);
6202 status = unix_convert(ctx, conn, newname, dest_has_wild,
6203 &newname, NULL, &sbuf2);
6204 if (!NT_STATUS_IS_OK(status)) {
6205 reply_nterror(req, status);
6206 END_PROFILE(SMBcopy);
6210 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6212 if ((flags&1) && target_is_directory) {
6213 reply_doserror(req, ERRDOS, ERRbadfile);
6214 END_PROFILE(SMBcopy);
6218 if ((flags&2) && !target_is_directory) {
6219 reply_doserror(req, ERRDOS, ERRbadpath);
6220 END_PROFILE(SMBcopy);
6224 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6225 /* wants a tree copy! XXXX */
6226 DEBUG(3,("Rejecting tree copy\n"));
6227 reply_doserror(req, ERRSRV, ERRerror);
6228 END_PROFILE(SMBcopy);
6232 p = strrchr_m(name,'/');
6234 directory = talloc_strdup(ctx, "./");
6236 reply_nterror(req, NT_STATUS_NO_MEMORY);
6237 END_PROFILE(SMBcopy);
6243 directory = talloc_strdup(ctx, name);
6245 reply_nterror(req, NT_STATUS_NO_MEMORY);
6246 END_PROFILE(SMBcopy);
6253 * We should only check the mangled cache
6254 * here if unix_convert failed. This means
6255 * that the path in 'mask' doesn't exist
6256 * on the file system and so we need to look
6257 * for a possible mangle. This patch from
6258 * Tine Smukavec <valentin.smukavec@hermes.si>.
6261 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6262 char *new_mask = NULL;
6263 mangle_lookup_name_from_8_3(ctx,
6272 if (!source_has_wild) {
6273 directory = talloc_asprintf_append(directory,
6276 if (dest_has_wild) {
6277 char *mod_newname = NULL;
6278 if (!resolve_wildcards(ctx,
6279 directory,newname,&mod_newname)) {
6280 reply_nterror(req, NT_STATUS_NO_MEMORY);
6281 END_PROFILE(SMBcopy);
6284 newname = mod_newname;
6287 status = check_name(conn, directory);
6288 if (!NT_STATUS_IS_OK(status)) {
6289 reply_nterror(req, status);
6290 END_PROFILE(SMBcopy);
6294 status = check_name(conn, newname);
6295 if (!NT_STATUS_IS_OK(status)) {
6296 reply_nterror(req, status);
6297 END_PROFILE(SMBcopy);
6301 status = copy_file(ctx,conn,directory,newname,ofun,
6302 count,target_is_directory);
6304 if(!NT_STATUS_IS_OK(status)) {
6305 reply_nterror(req, status);
6306 END_PROFILE(SMBcopy);
6312 struct smb_Dir *dir_hnd = NULL;
6313 const char *dname = NULL;
6316 if (strequal(mask,"????????.???")) {
6321 status = check_name(conn, directory);
6322 if (!NT_STATUS_IS_OK(status)) {
6323 reply_nterror(req, status);
6324 END_PROFILE(SMBcopy);
6328 dir_hnd = OpenDir(conn, directory, mask, 0);
6329 if (dir_hnd == NULL) {
6330 status = map_nt_error_from_unix(errno);
6331 reply_nterror(req, status);
6332 END_PROFILE(SMBcopy);
6338 while ((dname = ReadDirName(dir_hnd, &offset))) {
6339 char *destname = NULL;
6342 if (ISDOT(dname) || ISDOTDOT(dname)) {
6346 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6350 if(!mask_match(dname, mask, conn->case_sensitive)) {
6354 error = ERRnoaccess;
6355 fname = talloc_asprintf(ctx,
6361 reply_nterror(req, NT_STATUS_NO_MEMORY);
6362 END_PROFILE(SMBcopy);
6366 if (!resolve_wildcards(ctx,
6367 fname,newname,&destname)) {
6372 reply_nterror(req, NT_STATUS_NO_MEMORY);
6373 END_PROFILE(SMBcopy);
6377 status = check_name(conn, fname);
6378 if (!NT_STATUS_IS_OK(status)) {
6380 reply_nterror(req, status);
6381 END_PROFILE(SMBcopy);
6385 status = check_name(conn, destname);
6386 if (!NT_STATUS_IS_OK(status)) {
6388 reply_nterror(req, status);
6389 END_PROFILE(SMBcopy);
6393 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6395 status = copy_file(ctx,conn,fname,destname,ofun,
6396 count,target_is_directory);
6397 if (NT_STATUS_IS_OK(status)) {
6401 TALLOC_FREE(destname);
6408 /* Error on close... */
6410 reply_unixerror(req, ERRHRD, ERRgeneral);
6411 END_PROFILE(SMBcopy);
6415 reply_doserror(req, ERRDOS, error);
6416 END_PROFILE(SMBcopy);
6420 reply_outbuf(req, 1, 0);
6421 SSVAL(req->outbuf,smb_vwv0,count);
6423 END_PROFILE(SMBcopy);
6428 #define DBGC_CLASS DBGC_LOCKING
6430 /****************************************************************************
6431 Get a lock pid, dealing with large count requests.
6432 ****************************************************************************/
6434 uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6436 if(!large_file_format)
6437 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6439 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6442 /****************************************************************************
6443 Get a lock count, dealing with large count requests.
6444 ****************************************************************************/
6446 SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6448 SMB_BIG_UINT count = 0;
6450 if(!large_file_format) {
6451 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6454 #if defined(HAVE_LONGLONG)
6455 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6456 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6457 #else /* HAVE_LONGLONG */
6460 * NT4.x seems to be broken in that it sends large file (64 bit)
6461 * lockingX calls even if the CAP_LARGE_FILES was *not*
6462 * negotiated. For boxes without large unsigned ints truncate the
6463 * lock count by dropping the top 32 bits.
6466 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6467 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6468 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6469 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6470 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6473 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6474 #endif /* HAVE_LONGLONG */
6480 #if !defined(HAVE_LONGLONG)
6481 /****************************************************************************
6482 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6483 ****************************************************************************/
6485 static uint32 map_lock_offset(uint32 high, uint32 low)
6489 uint32 highcopy = high;
6492 * Try and find out how many significant bits there are in high.
6495 for(i = 0; highcopy; i++)
6499 * We use 31 bits not 32 here as POSIX
6500 * lock offsets may not be negative.
6503 mask = (~0) << (31 - i);
6506 return 0; /* Fail. */
6512 #endif /* !defined(HAVE_LONGLONG) */
6514 /****************************************************************************
6515 Get a lock offset, dealing with large offset requests.
6516 ****************************************************************************/
6518 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6520 SMB_BIG_UINT offset = 0;
6524 if(!large_file_format) {
6525 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6528 #if defined(HAVE_LONGLONG)
6529 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6530 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6531 #else /* HAVE_LONGLONG */
6534 * NT4.x seems to be broken in that it sends large file (64 bit)
6535 * lockingX calls even if the CAP_LARGE_FILES was *not*
6536 * negotiated. For boxes without large unsigned ints mangle the
6537 * lock offset by mapping the top 32 bits onto the lower 32.
6540 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6541 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6542 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6545 if((new_low = map_lock_offset(high, low)) == 0) {
6547 return (SMB_BIG_UINT)-1;
6550 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6551 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6552 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6553 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6556 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6557 #endif /* HAVE_LONGLONG */
6563 /****************************************************************************
6564 Reply to a lockingX request.
6565 ****************************************************************************/
6567 void reply_lockingX(struct smb_request *req)
6569 connection_struct *conn = req->conn;
6571 unsigned char locktype;
6572 unsigned char oplocklevel;
6575 SMB_BIG_UINT count = 0, offset = 0;
6580 bool large_file_format;
6582 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6584 START_PROFILE(SMBlockingX);
6587 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6588 END_PROFILE(SMBlockingX);
6592 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6593 locktype = CVAL(req->inbuf,smb_vwv3);
6594 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6595 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6596 num_locks = SVAL(req->inbuf,smb_vwv7);
6597 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6598 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6600 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6601 END_PROFILE(SMBlockingX);
6605 data = smb_buf(req->inbuf);
6607 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6608 /* we don't support these - and CANCEL_LOCK makes w2k
6609 and XP reboot so I don't really want to be
6610 compatible! (tridge) */
6611 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6612 END_PROFILE(SMBlockingX);
6616 /* Check if this is an oplock break on a file
6617 we have granted an oplock on.
6619 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6620 /* Client can insist on breaking to none. */
6621 bool break_to_none = (oplocklevel == 0);
6624 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6625 "for fnum = %d\n", (unsigned int)oplocklevel,
6629 * Make sure we have granted an exclusive or batch oplock on
6633 if (fsp->oplock_type == 0) {
6635 /* The Samba4 nbench simulator doesn't understand
6636 the difference between break to level2 and break
6637 to none from level2 - it sends oplock break
6638 replies in both cases. Don't keep logging an error
6639 message here - just ignore it. JRA. */
6641 DEBUG(5,("reply_lockingX: Error : oplock break from "
6642 "client for fnum = %d (oplock=%d) and no "
6643 "oplock granted on this file (%s).\n",
6644 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6646 /* if this is a pure oplock break request then don't
6648 if (num_locks == 0 && num_ulocks == 0) {
6649 END_PROFILE(SMBlockingX);
6652 END_PROFILE(SMBlockingX);
6653 reply_doserror(req, ERRDOS, ERRlock);
6658 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6660 result = remove_oplock(fsp);
6662 result = downgrade_oplock(fsp);
6666 DEBUG(0, ("reply_lockingX: error in removing "
6667 "oplock on file %s\n", fsp->fsp_name));
6668 /* Hmmm. Is this panic justified? */
6669 smb_panic("internal tdb error");
6672 reply_to_oplock_break_requests(fsp);
6674 /* if this is a pure oplock break request then don't send a
6676 if (num_locks == 0 && num_ulocks == 0) {
6677 /* Sanity check - ensure a pure oplock break is not a
6679 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6680 DEBUG(0,("reply_lockingX: Error : pure oplock "
6681 "break is a chained %d request !\n",
6682 (unsigned int)CVAL(req->inbuf,
6684 END_PROFILE(SMBlockingX);
6690 * We do this check *after* we have checked this is not a oplock break
6691 * response message. JRA.
6694 release_level_2_oplocks_on_change(fsp);
6696 if (smb_buflen(req->inbuf) <
6697 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6698 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6699 END_PROFILE(SMBlockingX);
6703 /* Data now points at the beginning of the list
6704 of smb_unlkrng structs */
6705 for(i = 0; i < (int)num_ulocks; i++) {
6706 lock_pid = get_lock_pid( data, i, large_file_format);
6707 count = get_lock_count( data, i, large_file_format);
6708 offset = get_lock_offset( data, i, large_file_format, &err);
6711 * There is no error code marked "stupid client bug".... :-).
6714 END_PROFILE(SMBlockingX);
6715 reply_doserror(req, ERRDOS, ERRnoaccess);
6719 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6720 "pid %u, file %s\n", (double)offset, (double)count,
6721 (unsigned int)lock_pid, fsp->fsp_name ));
6723 status = do_unlock(smbd_messaging_context(),
6730 if (NT_STATUS_V(status)) {
6731 END_PROFILE(SMBlockingX);
6732 reply_nterror(req, status);
6737 /* Setup the timeout in seconds. */
6739 if (!lp_blocking_locks(SNUM(conn))) {
6743 /* Now do any requested locks */
6744 data += ((large_file_format ? 20 : 10)*num_ulocks);
6746 /* Data now points at the beginning of the list
6747 of smb_lkrng structs */
6749 for(i = 0; i < (int)num_locks; i++) {
6750 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6751 READ_LOCK:WRITE_LOCK);
6752 lock_pid = get_lock_pid( data, i, large_file_format);
6753 count = get_lock_count( data, i, large_file_format);
6754 offset = get_lock_offset( data, i, large_file_format, &err);
6757 * There is no error code marked "stupid client bug".... :-).
6760 END_PROFILE(SMBlockingX);
6761 reply_doserror(req, ERRDOS, ERRnoaccess);
6765 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6766 "%u, file %s timeout = %d\n", (double)offset,
6767 (double)count, (unsigned int)lock_pid,
6768 fsp->fsp_name, (int)lock_timeout ));
6770 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6771 if (lp_blocking_locks(SNUM(conn))) {
6773 /* Schedule a message to ourselves to
6774 remove the blocking lock record and
6775 return the right error. */
6777 if (!blocking_lock_cancel(fsp,
6783 NT_STATUS_FILE_LOCK_CONFLICT)) {
6784 END_PROFILE(SMBlockingX);
6789 ERRcancelviolation));
6793 /* Remove a matching pending lock. */
6794 status = do_lock_cancel(fsp,
6800 bool blocking_lock = lock_timeout ? True : False;
6801 bool defer_lock = False;
6802 struct byte_range_lock *br_lck;
6803 uint32 block_smbpid;
6805 br_lck = do_lock(smbd_messaging_context(),
6816 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6817 /* Windows internal resolution for blocking locks seems
6818 to be about 200ms... Don't wait for less than that. JRA. */
6819 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6820 lock_timeout = lp_lock_spin_time();
6825 /* This heuristic seems to match W2K3 very well. If a
6826 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6827 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6828 far as I can tell. Replacement for do_lock_spin(). JRA. */
6830 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6831 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6833 lock_timeout = lp_lock_spin_time();
6836 if (br_lck && defer_lock) {
6838 * A blocking lock was requested. Package up
6839 * this smb into a queued request and push it
6840 * onto the blocking lock queue.
6842 if(push_blocking_lock_request(br_lck,
6853 TALLOC_FREE(br_lck);
6854 END_PROFILE(SMBlockingX);
6859 TALLOC_FREE(br_lck);
6862 if (NT_STATUS_V(status)) {
6863 END_PROFILE(SMBlockingX);
6864 reply_nterror(req, status);
6869 /* If any of the above locks failed, then we must unlock
6870 all of the previous locks (X/Open spec). */
6872 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6876 * Ensure we don't do a remove on the lock that just failed,
6877 * as under POSIX rules, if we have a lock already there, we
6878 * will delete it (and we shouldn't) .....
6880 for(i--; i >= 0; i--) {
6881 lock_pid = get_lock_pid( data, i, large_file_format);
6882 count = get_lock_count( data, i, large_file_format);
6883 offset = get_lock_offset( data, i, large_file_format,
6887 * There is no error code marked "stupid client
6891 END_PROFILE(SMBlockingX);
6892 reply_doserror(req, ERRDOS, ERRnoaccess);
6896 do_unlock(smbd_messaging_context(),
6903 END_PROFILE(SMBlockingX);
6904 reply_nterror(req, status);
6908 reply_outbuf(req, 2, 0);
6910 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6911 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6913 END_PROFILE(SMBlockingX);
6918 #define DBGC_CLASS DBGC_ALL
6920 /****************************************************************************
6921 Reply to a SMBreadbmpx (read block multiplex) request.
6922 Always reply with an error, if someone has a platform really needs this,
6923 please contact vl@samba.org
6924 ****************************************************************************/
6926 void reply_readbmpx(struct smb_request *req)
6928 START_PROFILE(SMBreadBmpx);
6929 reply_doserror(req, ERRSRV, ERRuseSTD);
6930 END_PROFILE(SMBreadBmpx);
6934 /****************************************************************************
6935 Reply to a SMBreadbs (read block multiplex secondary) request.
6936 Always reply with an error, if someone has a platform really needs this,
6937 please contact vl@samba.org
6938 ****************************************************************************/
6940 void reply_readbs(struct smb_request *req)
6942 START_PROFILE(SMBreadBs);
6943 reply_doserror(req, ERRSRV, ERRuseSTD);
6944 END_PROFILE(SMBreadBs);
6948 /****************************************************************************
6949 Reply to a SMBsetattrE.
6950 ****************************************************************************/
6952 void reply_setattrE(struct smb_request *req)
6954 connection_struct *conn = req->conn;
6955 struct timespec ts[2];
6958 START_PROFILE(SMBsetattrE);
6961 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6962 END_PROFILE(SMBsetattrE);
6966 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6968 if(!fsp || (fsp->conn != conn)) {
6969 reply_doserror(req, ERRDOS, ERRbadfid);
6970 END_PROFILE(SMBsetattrE);
6976 * Convert the DOS times into unix times. Ignore create
6977 * time as UNIX can't set this.
6980 ts[0] = convert_time_t_to_timespec(
6981 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
6982 ts[1] = convert_time_t_to_timespec(
6983 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
6985 reply_outbuf(req, 0, 0);
6988 * Patch from Ray Frush <frush@engr.colostate.edu>
6989 * Sometimes times are sent as zero - ignore them.
6992 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6993 /* Ignore request */
6994 if( DEBUGLVL( 3 ) ) {
6995 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6996 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
6998 END_PROFILE(SMBsetattrE);
7000 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
7001 /* set modify time = to access time if modify time was unset */
7005 /* Set the date on this file */
7006 /* Should we set pending modtime here ? JRA */
7007 if(file_ntimes(conn, fsp->fsp_name, ts)) {
7008 reply_doserror(req, ERRDOS, ERRnoaccess);
7009 END_PROFILE(SMBsetattrE);
7013 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7015 (unsigned int)ts[0].tv_sec,
7016 (unsigned int)ts[1].tv_sec));
7018 END_PROFILE(SMBsetattrE);
7023 /* Back from the dead for OS/2..... JRA. */
7025 /****************************************************************************
7026 Reply to a SMBwritebmpx (write block multiplex primary) request.
7027 Always reply with an error, if someone has a platform really needs this,
7028 please contact vl@samba.org
7029 ****************************************************************************/
7031 void reply_writebmpx(struct smb_request *req)
7033 START_PROFILE(SMBwriteBmpx);
7034 reply_doserror(req, ERRSRV, ERRuseSTD);
7035 END_PROFILE(SMBwriteBmpx);
7039 /****************************************************************************
7040 Reply to a SMBwritebs (write block multiplex secondary) request.
7041 Always reply with an error, if someone has a platform really needs this,
7042 please contact vl@samba.org
7043 ****************************************************************************/
7045 void reply_writebs(struct smb_request *req)
7047 START_PROFILE(SMBwriteBs);
7048 reply_doserror(req, ERRSRV, ERRuseSTD);
7049 END_PROFILE(SMBwriteBs);
7053 /****************************************************************************
7054 Reply to a SMBgetattrE.
7055 ****************************************************************************/
7057 void reply_getattrE(struct smb_request *req)
7059 connection_struct *conn = req->conn;
7060 SMB_STRUCT_STAT sbuf;
7064 START_PROFILE(SMBgetattrE);
7067 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7068 END_PROFILE(SMBgetattrE);
7072 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7074 if(!fsp || (fsp->conn != conn)) {
7075 reply_doserror(req, ERRDOS, ERRbadfid);
7076 END_PROFILE(SMBgetattrE);
7080 /* Do an fstat on this file */
7081 if(fsp_stat(fsp, &sbuf)) {
7082 reply_unixerror(req, ERRDOS, ERRnoaccess);
7083 END_PROFILE(SMBgetattrE);
7087 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7090 * Convert the times into dos times. Set create
7091 * date to be last modify date as UNIX doesn't save
7095 reply_outbuf(req, 11, 0);
7097 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
7098 get_create_time(&sbuf,
7099 lp_fake_dir_create_times(SNUM(conn))));
7100 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7101 /* Should we check pending modtime here ? JRA */
7102 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7105 SIVAL(req->outbuf, smb_vwv6, 0);
7106 SIVAL(req->outbuf, smb_vwv8, 0);
7108 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7109 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7110 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7112 SSVAL(req->outbuf,smb_vwv10, mode);
7114 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7116 END_PROFILE(SMBgetattrE);