2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern BOOL global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 BOOL *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 BOOL start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, BOOL *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(const char *inbuf, uint16 smb_flags2, char *dest,
212 const char *src, size_t dest_len, size_t src_len,
213 int flags, NTSTATUS *err, BOOL *contains_wcard)
217 SMB_ASSERT(dest_len == sizeof(pstring));
221 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
224 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
225 dest_len, src_len, flags);
228 *contains_wcard = False;
230 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
232 * For a DFS path the function parse_dfs_path()
233 * will do the path processing, just make a copy.
239 if (lp_posix_pathnames()) {
240 *err = check_path_syntax_posix(dest);
242 *err = check_path_syntax_wcard(dest, contains_wcard);
248 /****************************************************************************
249 Pull a string and check the path - provide for error return.
250 ****************************************************************************/
252 size_t srvstr_get_path(const char *inbuf, uint16 smb_flags2, char *dest,
253 const char *src, size_t dest_len, size_t src_len,
254 int flags, NTSTATUS *err)
258 SMB_ASSERT(dest_len == sizeof(pstring));
262 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
265 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
266 dest_len, src_len, flags);
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(dest);
281 *err = check_path_syntax(dest);
287 /****************************************************************************
288 Check if we have a correct fsp pointing to a file. Replacement for the
290 ****************************************************************************/
292 BOOL check_fsp(connection_struct *conn, struct smb_request *req,
293 files_struct *fsp, struct current_user *user)
295 if (!(fsp) || !(conn)) {
296 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
299 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
300 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
303 if ((fsp)->is_directory) {
304 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
307 if ((fsp)->fh->fd == -1) {
308 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
311 (fsp)->num_smb_operations++;
315 /****************************************************************************
316 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
317 ****************************************************************************/
319 BOOL fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
320 files_struct *fsp, struct current_user *user)
322 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
323 && (current_user.vuid==(fsp)->vuid)) {
327 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
331 /****************************************************************************
332 Reply to a (netbios-level) special message.
333 ****************************************************************************/
335 void reply_special(char *inbuf)
337 int msg_type = CVAL(inbuf,0);
338 int msg_flags = CVAL(inbuf,1);
343 * We only really use 4 bytes of the outbuf, but for the smb_setlen
344 * calculation & friends (send_smb uses that) we need the full smb
347 char outbuf[smb_size];
349 static BOOL already_got_session = False;
353 memset(outbuf, '\0', sizeof(outbuf));
355 smb_setlen(inbuf,outbuf,0);
358 case 0x81: /* session request */
360 if (already_got_session) {
361 exit_server_cleanly("multiple session request not permitted");
364 SCVAL(outbuf,0,0x82);
366 if (name_len(inbuf+4) > 50 ||
367 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
368 DEBUG(0,("Invalid name length in session request\n"));
371 name_extract(inbuf,4,name1);
372 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
373 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
376 set_local_machine_name(name1, True);
377 set_remote_machine_name(name2, True);
379 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
380 get_local_machine_name(), get_remote_machine_name(),
383 if (name_type == 'R') {
384 /* We are being asked for a pathworks session ---
386 SCVAL(outbuf, 0,0x83);
390 /* only add the client's machine name to the list
391 of possibly valid usernames if we are operating
392 in share mode security */
393 if (lp_security() == SEC_SHARE) {
394 add_session_user(get_remote_machine_name());
397 reload_services(True);
400 already_got_session = True;
403 case 0x89: /* session keepalive request
404 (some old clients produce this?) */
405 SCVAL(outbuf,0,SMBkeepalive);
409 case 0x82: /* positive session response */
410 case 0x83: /* negative session response */
411 case 0x84: /* retarget session response */
412 DEBUG(0,("Unexpected session response\n"));
415 case SMBkeepalive: /* session keepalive */
420 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
421 msg_type, msg_flags));
423 send_smb(smbd_server_fd(), outbuf);
427 /****************************************************************************
429 conn POINTER CAN BE NULL HERE !
430 ****************************************************************************/
432 void reply_tcon(connection_struct *conn, struct smb_request *req)
435 char *service_buf = NULL;
436 char *password = NULL;
441 DATA_BLOB password_blob;
443 START_PROFILE(SMBtcon);
445 if (smb_buflen(req->inbuf) < 4) {
446 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
447 END_PROFILE(SMBtcon);
451 p = smb_buf(req->inbuf)+1;
452 p += srvstr_pull_buf_talloc(req, req->inbuf, req->flags2,
453 &service_buf, p, STR_TERMINATE) + 1;
454 pwlen = srvstr_pull_buf_talloc(req, req->inbuf, req->flags2,
455 &password, p, STR_TERMINATE) + 1;
457 p += srvstr_pull_buf_talloc(req, req->inbuf, req->flags2,
458 &dev, p, STR_TERMINATE) + 1;
460 if (service_buf == NULL || password == NULL || dev == NULL) {
461 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
462 END_PROFILE(SMBtcon);
465 p = strrchr_m(service_buf,'\\');
469 service = service_buf;
472 password_blob = data_blob(password, pwlen+1);
474 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
476 data_blob_clear_free(&password_blob);
479 reply_nterror(req, nt_status);
480 END_PROFILE(SMBtcon);
484 reply_outbuf(req, 2, 0);
485 SSVAL(req->outbuf,smb_vwv0,max_recv);
486 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
487 SSVAL(req->outbuf,smb_tid,conn->cnum);
489 DEBUG(3,("tcon service=%s cnum=%d\n",
490 service, conn->cnum));
492 END_PROFILE(SMBtcon);
496 /****************************************************************************
497 Reply to a tcon and X.
498 conn POINTER CAN BE NULL HERE !
499 ****************************************************************************/
501 void reply_tcon_and_X(connection_struct *conn, struct smb_request *req)
503 char *service = NULL;
506 TALLOC_CTX *ctx = NULL;
507 /* what the cleint thinks the device is */
508 char *client_devicetype = NULL;
509 /* what the server tells the client the share represents */
510 const char *server_devicetype;
517 START_PROFILE(SMBtconX);
520 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
521 END_PROFILE(SMBtconX);
525 passlen = SVAL(req->inbuf,smb_vwv3);
526 tcon_flags = SVAL(req->inbuf,smb_vwv2);
528 /* we might have to close an old one */
529 if ((tcon_flags & 0x1) && conn) {
530 close_cnum(conn,req->vuid);
533 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
534 reply_doserror(req, ERRDOS, ERRbuftoosmall);
535 END_PROFILE(SMBtconX);
539 if (global_encrypted_passwords_negotiated) {
540 password = data_blob(smb_buf(req->inbuf),passlen);
541 if (lp_security() == SEC_SHARE) {
543 * Security = share always has a pad byte
544 * after the password.
546 p = smb_buf(req->inbuf) + passlen + 1;
548 p = smb_buf(req->inbuf) + passlen;
551 password = data_blob(smb_buf(req->inbuf),passlen+1);
552 /* Ensure correct termination */
553 password.data[passlen]=0;
554 p = smb_buf(req->inbuf) + passlen + 1;
557 ctx = talloc_init("reply_tcon_and_X");
559 data_blob_clear_free(&password);
560 reply_nterror(req, NT_STATUS_NO_MEMORY);
561 END_PROFILE(SMBtconX);
564 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
568 data_blob_clear_free(&password);
570 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
571 END_PROFILE(SMBtconX);
576 * the service name can be either: \\server\share
577 * or share directly like on the DELL PowerVault 705
580 q = strchr_m(path+2,'\\');
582 data_blob_clear_free(&password);
584 reply_doserror(req, ERRDOS, ERRnosuchshare);
585 END_PROFILE(SMBtconX);
593 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
594 &client_devicetype, p,
595 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
597 if (client_devicetype == NULL) {
598 data_blob_clear_free(&password);
600 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
601 END_PROFILE(SMBtconX);
605 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
607 conn = make_connection(service, password, client_devicetype,
608 req->vuid, &nt_status);
610 data_blob_clear_free(&password);
614 reply_nterror(req, nt_status);
615 END_PROFILE(SMBtconX);
620 server_devicetype = "IPC";
621 else if ( IS_PRINT(conn) )
622 server_devicetype = "LPT1:";
624 server_devicetype = "A:";
626 if (Protocol < PROTOCOL_NT1) {
627 reply_outbuf(req, 2, 0);
628 if (message_push_string(&req->outbuf, server_devicetype,
629 STR_TERMINATE|STR_ASCII) == -1) {
631 reply_nterror(req, NT_STATUS_NO_MEMORY);
632 END_PROFILE(SMBtconX);
636 /* NT sets the fstype of IPC$ to the null string */
637 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
639 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
640 /* Return permissions. */
644 reply_outbuf(req, 7, 0);
647 perm1 = FILE_ALL_ACCESS;
648 perm2 = FILE_ALL_ACCESS;
650 perm1 = CAN_WRITE(conn) ?
655 SIVAL(req->outbuf, smb_vwv3, perm1);
656 SIVAL(req->outbuf, smb_vwv5, perm2);
658 reply_outbuf(req, 3, 0);
661 if ((message_push_string(&req->outbuf, server_devicetype,
662 STR_TERMINATE|STR_ASCII) == -1)
663 || (message_push_string(&req->outbuf, fstype,
664 STR_TERMINATE) == -1)) {
666 reply_nterror(req, NT_STATUS_NO_MEMORY);
667 END_PROFILE(SMBtconX);
671 /* what does setting this bit do? It is set by NT4 and
672 may affect the ability to autorun mounted cdroms */
673 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
674 (lp_csc_policy(SNUM(conn)) << 2));
676 init_dfsroot(conn, req->inbuf, req->outbuf);
680 DEBUG(3,("tconX service=%s \n",
683 /* set the incoming and outgoing tid to the just created one */
684 SSVAL(req->inbuf,smb_tid,conn->cnum);
685 SSVAL(req->outbuf,smb_tid,conn->cnum);
688 END_PROFILE(SMBtconX);
690 chain_reply_new(req);
694 /****************************************************************************
695 Reply to an unknown type.
696 ****************************************************************************/
698 int reply_unknown(char *inbuf,char *outbuf)
701 type = CVAL(inbuf,smb_com);
703 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
704 smb_fn_name(type), type, type));
706 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
709 void reply_unknown_new(struct smb_request *req, uint8 type)
711 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
712 smb_fn_name(type), type, type));
713 reply_doserror(req, ERRSRV, ERRunknownsmb);
717 /****************************************************************************
719 conn POINTER CAN BE NULL HERE !
720 ****************************************************************************/
722 void reply_ioctl(connection_struct *conn, struct smb_request *req)
730 START_PROFILE(SMBioctl);
733 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
734 END_PROFILE(SMBioctl);
738 device = SVAL(req->inbuf,smb_vwv1);
739 function = SVAL(req->inbuf,smb_vwv2);
740 ioctl_code = (device << 16) + function;
742 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
744 switch (ioctl_code) {
745 case IOCTL_QUERY_JOB_INFO:
749 reply_doserror(req, ERRSRV, ERRnosupport);
750 END_PROFILE(SMBioctl);
754 reply_outbuf(req, 8, replysize+1);
755 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
756 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
757 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
758 p = smb_buf(req->outbuf) + 1; /* Allow for alignment */
760 switch (ioctl_code) {
761 case IOCTL_QUERY_JOB_INFO:
763 files_struct *fsp = file_fsp(SVAL(req->inbuf,
766 reply_doserror(req, ERRDOS, ERRbadfid);
767 END_PROFILE(SMBioctl);
770 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
771 srvstr_push((char *)req->outbuf, req->flags2, p+2,
773 STR_TERMINATE|STR_ASCII);
775 srvstr_push((char *)req->outbuf, req->flags2,
776 p+18, lp_servicename(SNUM(conn)),
777 13, STR_TERMINATE|STR_ASCII);
786 END_PROFILE(SMBioctl);
790 /****************************************************************************
791 Strange checkpath NTSTATUS mapping.
792 ****************************************************************************/
794 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
796 /* Strange DOS error code semantics only for checkpath... */
797 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
798 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
799 /* We need to map to ERRbadpath */
800 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
806 /****************************************************************************
807 Reply to a checkpath.
808 ****************************************************************************/
810 void reply_checkpath(connection_struct *conn, struct smb_request *req)
813 SMB_STRUCT_STAT sbuf;
816 START_PROFILE(SMBcheckpath);
818 srvstr_get_path((char *)req->inbuf, req->flags2, name,
819 smb_buf(req->inbuf) + 1, sizeof(name), 0,
820 STR_TERMINATE, &status);
821 if (!NT_STATUS_IS_OK(status)) {
822 status = map_checkpath_error((char *)req->inbuf, status);
823 reply_nterror(req, status);
824 END_PROFILE(SMBcheckpath);
828 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES, name);
829 if (!NT_STATUS_IS_OK(status)) {
830 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
831 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
833 END_PROFILE(SMBcheckpath);
839 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
841 status = unix_convert(conn, name, False, NULL, &sbuf);
842 if (!NT_STATUS_IS_OK(status)) {
846 status = check_name(conn, name);
847 if (!NT_STATUS_IS_OK(status)) {
848 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
852 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
853 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
854 status = map_nt_error_from_unix(errno);
858 if (!S_ISDIR(sbuf.st_mode)) {
859 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
861 END_PROFILE(SMBcheckpath);
865 reply_outbuf(req, 0, 0);
867 END_PROFILE(SMBcheckpath);
872 END_PROFILE(SMBcheckpath);
874 /* We special case this - as when a Windows machine
875 is parsing a path is steps through the components
876 one at a time - if a component fails it expects
877 ERRbadpath, not ERRbadfile.
879 status = map_checkpath_error((char *)req->inbuf, status);
880 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
882 * Windows returns different error codes if
883 * the parent directory is valid but not the
884 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
885 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
886 * if the path is invalid.
888 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
893 reply_nterror(req, status);
896 /****************************************************************************
898 ****************************************************************************/
900 void reply_getatr(connection_struct *conn, struct smb_request *req)
903 SMB_STRUCT_STAT sbuf;
910 START_PROFILE(SMBgetatr);
912 p = smb_buf(req->inbuf) + 1;
913 p += srvstr_get_path((char *)req->inbuf, req->flags2, fname, p,
914 sizeof(fname), 0, STR_TERMINATE, &status);
915 if (!NT_STATUS_IS_OK(status)) {
916 reply_nterror(req, status);
917 END_PROFILE(SMBgetatr);
921 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
923 if (!NT_STATUS_IS_OK(status)) {
924 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
925 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
927 END_PROFILE(SMBgetatr);
930 reply_nterror(req, status);
931 END_PROFILE(SMBgetatr);
935 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
936 under WfWg - weird! */
937 if (*fname == '\0') {
938 mode = aHIDDEN | aDIR;
939 if (!CAN_WRITE(conn)) {
945 status = unix_convert(conn, fname, False, NULL,&sbuf);
946 if (!NT_STATUS_IS_OK(status)) {
947 reply_nterror(req, status);
948 END_PROFILE(SMBgetatr);
951 status = check_name(conn, fname);
952 if (!NT_STATUS_IS_OK(status)) {
953 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
954 reply_nterror(req, status);
955 END_PROFILE(SMBgetatr);
958 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
959 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
960 reply_unixerror(req, ERRDOS,ERRbadfile);
961 END_PROFILE(SMBgetatr);
965 mode = dos_mode(conn,fname,&sbuf);
967 mtime = sbuf.st_mtime;
973 reply_outbuf(req, 10, 0);
975 SSVAL(req->outbuf,smb_vwv0,mode);
976 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
977 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
979 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
981 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
983 if (Protocol >= PROTOCOL_NT1) {
984 SSVAL(req->outbuf, smb_flg2,
985 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
988 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
990 END_PROFILE(SMBgetatr);
994 /****************************************************************************
996 ****************************************************************************/
998 void reply_setatr(connection_struct *conn, struct smb_request *req)
1003 SMB_STRUCT_STAT sbuf;
1007 START_PROFILE(SMBsetatr);
1010 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1014 p = smb_buf(req->inbuf) + 1;
1015 p += srvstr_get_path((char *)req->inbuf, req->flags2, fname, p,
1016 sizeof(fname), 0, STR_TERMINATE, &status);
1017 if (!NT_STATUS_IS_OK(status)) {
1018 reply_nterror(req, status);
1019 END_PROFILE(SMBsetatr);
1023 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1025 if (!NT_STATUS_IS_OK(status)) {
1026 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1027 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1028 ERRSRV, ERRbadpath);
1029 END_PROFILE(SMBsetatr);
1032 reply_nterror(req, status);
1033 END_PROFILE(SMBsetatr);
1037 status = unix_convert(conn, fname, False, NULL, &sbuf);
1038 if (!NT_STATUS_IS_OK(status)) {
1039 reply_nterror(req, status);
1040 END_PROFILE(SMBsetatr);
1044 status = check_name(conn, fname);
1045 if (!NT_STATUS_IS_OK(status)) {
1046 reply_nterror(req, status);
1047 END_PROFILE(SMBsetatr);
1051 if (fname[0] == '.' && fname[1] == '\0') {
1053 * Not sure here is the right place to catch this
1054 * condition. Might be moved to somewhere else later -- vl
1056 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1057 END_PROFILE(SMBsetatr);
1061 mode = SVAL(req->inbuf,smb_vwv0);
1062 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1064 if (mode != FILE_ATTRIBUTE_NORMAL) {
1065 if (VALID_STAT_OF_DIR(sbuf))
1070 if (file_set_dosmode(conn,fname,mode,&sbuf,False) != 0) {
1071 reply_unixerror(req, ERRDOS, ERRnoaccess);
1072 END_PROFILE(SMBsetatr);
1077 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1078 reply_unixerror(req, ERRDOS, ERRnoaccess);
1079 END_PROFILE(SMBsetatr);
1083 reply_outbuf(req, 0, 0);
1085 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1087 END_PROFILE(SMBsetatr);
1091 /****************************************************************************
1093 ****************************************************************************/
1095 void reply_dskattr(connection_struct *conn, struct smb_request *req)
1097 SMB_BIG_UINT dfree,dsize,bsize;
1098 START_PROFILE(SMBdskattr);
1100 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1101 reply_unixerror(req, ERRHRD, ERRgeneral);
1102 END_PROFILE(SMBdskattr);
1106 reply_outbuf(req, 5, 0);
1108 if (Protocol <= PROTOCOL_LANMAN2) {
1109 double total_space, free_space;
1110 /* we need to scale this to a number that DOS6 can handle. We
1111 use floating point so we can handle large drives on systems
1112 that don't have 64 bit integers
1114 we end up displaying a maximum of 2G to DOS systems
1116 total_space = dsize * (double)bsize;
1117 free_space = dfree * (double)bsize;
1119 dsize = (total_space+63*512) / (64*512);
1120 dfree = (free_space+63*512) / (64*512);
1122 if (dsize > 0xFFFF) dsize = 0xFFFF;
1123 if (dfree > 0xFFFF) dfree = 0xFFFF;
1125 SSVAL(req->outbuf,smb_vwv0,dsize);
1126 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1127 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1128 SSVAL(req->outbuf,smb_vwv3,dfree);
1130 SSVAL(req->outbuf,smb_vwv0,dsize);
1131 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1132 SSVAL(req->outbuf,smb_vwv2,512);
1133 SSVAL(req->outbuf,smb_vwv3,dfree);
1136 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1138 END_PROFILE(SMBdskattr);
1142 /****************************************************************************
1144 Can be called from SMBsearch, SMBffirst or SMBfunique.
1145 ****************************************************************************/
1147 void reply_search(connection_struct *conn, struct smb_request *req)
1156 unsigned int numentries = 0;
1157 unsigned int maxentries = 0;
1158 BOOL finished = False;
1164 BOOL check_descend = False;
1165 BOOL expect_close = False;
1167 BOOL mask_contains_wcard = False;
1168 BOOL allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1170 START_PROFILE(SMBsearch);
1173 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1174 END_PROFILE(SMBsearch);
1178 if (lp_posix_pathnames()) {
1179 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1180 END_PROFILE(SMBsearch);
1184 *mask = *directory = *fname = 0;
1186 /* If we were called as SMBffirst then we must expect close. */
1187 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1188 expect_close = True;
1191 reply_outbuf(req, 1, 3);
1192 maxentries = SVAL(req->inbuf,smb_vwv0);
1193 dirtype = SVAL(req->inbuf,smb_vwv1);
1194 p = smb_buf(req->inbuf) + 1;
1195 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, path, p,
1196 sizeof(path), 0, STR_TERMINATE, &nt_status,
1197 &mask_contains_wcard);
1198 if (!NT_STATUS_IS_OK(nt_status)) {
1199 reply_nterror(req, nt_status);
1200 END_PROFILE(SMBsearch);
1204 nt_status = resolve_dfspath_wcard(conn,
1205 req->flags2 & FLAGS2_DFS_PATHNAMES,
1206 path, &mask_contains_wcard);
1207 if (!NT_STATUS_IS_OK(nt_status)) {
1208 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1209 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1210 ERRSRV, ERRbadpath);
1211 END_PROFILE(SMBsearch);
1214 reply_nterror(req, nt_status);
1215 END_PROFILE(SMBsearch);
1220 status_len = SVAL(p, 0);
1223 /* dirtype &= ~aDIR; */
1225 if (status_len == 0) {
1226 SMB_STRUCT_STAT sbuf;
1228 pstrcpy(directory,path);
1229 nt_status = unix_convert(conn, directory, True, NULL, &sbuf);
1230 if (!NT_STATUS_IS_OK(nt_status)) {
1231 reply_nterror(req, nt_status);
1232 END_PROFILE(SMBsearch);
1236 nt_status = check_name(conn, directory);
1237 if (!NT_STATUS_IS_OK(nt_status)) {
1238 reply_nterror(req, nt_status);
1239 END_PROFILE(SMBsearch);
1243 p = strrchr_m(directory,'/');
1245 pstrcpy(mask,directory);
1246 pstrcpy(directory,".");
1252 if (*directory == '\0') {
1253 pstrcpy(directory,".");
1255 memset((char *)status,'\0',21);
1256 SCVAL(status,0,(dirtype & 0x1F));
1260 memcpy(status,p,21);
1261 status_dirtype = CVAL(status,0) & 0x1F;
1262 if (status_dirtype != (dirtype & 0x1F)) {
1263 dirtype = status_dirtype;
1266 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1267 if (!conn->dirptr) {
1270 string_set(&conn->dirpath,dptr_path(dptr_num));
1271 pstrcpy(mask, dptr_wcard(dptr_num));
1273 * For a 'continue' search we have no string. So
1274 * check from the initial saved string.
1276 mask_contains_wcard = ms_has_wild(mask);
1279 if (status_len == 0) {
1280 nt_status = dptr_create(conn,
1286 mask_contains_wcard,
1289 if (!NT_STATUS_IS_OK(nt_status)) {
1290 reply_nterror(req, nt_status);
1291 END_PROFILE(SMBsearch);
1294 dptr_num = dptr_dnum(conn->dirptr);
1296 dirtype = dptr_attr(dptr_num);
1299 DEBUG(4,("dptr_num is %d\n",dptr_num));
1301 if ((dirtype&0x1F) == aVOLID) {
1302 char buf[DIR_STRUCT_SIZE];
1303 memcpy(buf,status,21);
1304 make_dir_struct(buf,"???????????",volume_label(SNUM(conn)),
1305 0,aVOLID,0,!allow_long_path_components);
1306 dptr_fill(buf+12,dptr_num);
1307 if (dptr_zero(buf+12) && (status_len==0)) {
1312 if (message_push_blob(&req->outbuf,
1313 data_blob_const(buf, sizeof(buf)))
1315 reply_nterror(req, NT_STATUS_NO_MEMORY);
1316 END_PROFILE(SMBsearch);
1324 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1327 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1328 conn->dirpath,lp_dontdescend(SNUM(conn))));
1329 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1330 check_descend = True;
1333 for (i=numentries;(i<maxentries) && !finished;i++) {
1334 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1336 char buf[DIR_STRUCT_SIZE];
1337 memcpy(buf,status,21);
1338 make_dir_struct(buf,mask,fname,size, mode,date,
1339 !allow_long_path_components);
1340 if (!dptr_fill(buf+12,dptr_num)) {
1343 if (message_push_blob(&req->outbuf,
1344 data_blob_const(buf, sizeof(buf)))
1346 reply_nterror(req, NT_STATUS_NO_MEMORY);
1347 END_PROFILE(SMBsearch);
1357 /* If we were called as SMBffirst with smb_search_id == NULL
1358 and no entries were found then return error and close dirptr
1361 if (numentries == 0) {
1362 dptr_close(&dptr_num);
1363 } else if(expect_close && status_len == 0) {
1364 /* Close the dptr - we know it's gone */
1365 dptr_close(&dptr_num);
1368 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1369 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1370 dptr_close(&dptr_num);
1373 if ((numentries == 0) && !mask_contains_wcard) {
1374 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1375 END_PROFILE(SMBsearch);
1379 SSVAL(req->outbuf,smb_vwv0,numentries);
1380 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1381 SCVAL(smb_buf(req->outbuf),0,5);
1382 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1384 /* The replies here are never long name. */
1385 SSVAL(req->outbuf, smb_flg2,
1386 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1387 if (!allow_long_path_components) {
1388 SSVAL(req->outbuf, smb_flg2,
1389 SVAL(req->outbuf, smb_flg2)
1390 & (~FLAGS2_LONG_PATH_COMPONENTS));
1393 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1394 SSVAL(req->outbuf, smb_flg2,
1395 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1397 if ((! *directory) && dptr_path(dptr_num))
1398 slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
1400 DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1401 smb_fn_name(CVAL(req->inbuf,smb_com)),
1402 mask, directory, dirtype, numentries, maxentries ) );
1404 END_PROFILE(SMBsearch);
1408 /****************************************************************************
1409 Reply to a fclose (stop directory search).
1410 ****************************************************************************/
1412 void reply_fclose(connection_struct *conn, struct smb_request *req)
1420 BOOL path_contains_wcard = False;
1422 START_PROFILE(SMBfclose);
1424 if (lp_posix_pathnames()) {
1425 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1426 END_PROFILE(SMBfclose);
1430 p = smb_buf(req->inbuf) + 1;
1431 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, path, p,
1432 sizeof(path), 0, STR_TERMINATE, &err,
1433 &path_contains_wcard);
1434 if (!NT_STATUS_IS_OK(err)) {
1435 reply_nterror(req, err);
1436 END_PROFILE(SMBfclose);
1440 status_len = SVAL(p,0);
1443 if (status_len == 0) {
1444 reply_doserror(req, ERRSRV, ERRsrverror);
1445 END_PROFILE(SMBfclose);
1449 memcpy(status,p,21);
1451 if(dptr_fetch(status+12,&dptr_num)) {
1452 /* Close the dptr - we know it's gone */
1453 dptr_close(&dptr_num);
1456 reply_outbuf(req, 1, 0);
1457 SSVAL(req->outbuf,smb_vwv0,0);
1459 DEBUG(3,("search close\n"));
1461 END_PROFILE(SMBfclose);
1465 /****************************************************************************
1467 ****************************************************************************/
1469 void reply_open(connection_struct *conn, struct smb_request *req)
1476 SMB_STRUCT_STAT sbuf;
1483 uint32 create_disposition;
1484 uint32 create_options = 0;
1487 START_PROFILE(SMBopen);
1490 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1491 END_PROFILE(SMBopen);
1495 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1496 deny_mode = SVAL(req->inbuf,smb_vwv0);
1497 dos_attr = SVAL(req->inbuf,smb_vwv1);
1499 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1500 smb_buf(req->inbuf)+1, sizeof(fname), 0,
1501 STR_TERMINATE, &status);
1502 if (!NT_STATUS_IS_OK(status)) {
1503 reply_nterror(req, status);
1504 END_PROFILE(SMBopen);
1508 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1510 if (!NT_STATUS_IS_OK(status)) {
1511 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1512 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1513 ERRSRV, ERRbadpath);
1514 END_PROFILE(SMBopen);
1517 reply_nterror(req, status);
1518 END_PROFILE(SMBopen);
1522 status = unix_convert(conn, fname, False, NULL, &sbuf);
1523 if (!NT_STATUS_IS_OK(status)) {
1524 reply_nterror(req, status);
1525 END_PROFILE(SMBopen);
1529 status = check_name(conn, fname);
1530 if (!NT_STATUS_IS_OK(status)) {
1531 reply_nterror(req, status);
1532 END_PROFILE(SMBopen);
1536 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1537 &access_mask, &share_mode, &create_disposition, &create_options)) {
1538 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1539 END_PROFILE(SMBopen);
1543 status = open_file_ntcreate(conn, req, fname, &sbuf,
1552 if (!NT_STATUS_IS_OK(status)) {
1553 END_PROFILE(SMBopen);
1554 if (open_was_deferred(req->mid)) {
1555 /* We have re-scheduled this call. */
1558 reply_openerror(req, status);
1562 size = sbuf.st_size;
1563 fattr = dos_mode(conn,fname,&sbuf);
1564 mtime = sbuf.st_mtime;
1567 DEBUG(3,("attempt to open a directory %s\n",fname));
1568 close_file(fsp,ERROR_CLOSE);
1569 reply_doserror(req, ERRDOS,ERRnoaccess);
1570 END_PROFILE(SMBopen);
1574 reply_outbuf(req, 7, 0);
1575 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1576 SSVAL(req->outbuf,smb_vwv1,fattr);
1577 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1578 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1580 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1582 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1583 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1585 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1586 SCVAL(req->outbuf,smb_flg,
1587 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1590 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1591 SCVAL(req->outbuf,smb_flg,
1592 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1594 END_PROFILE(SMBopen);
1598 /****************************************************************************
1599 Reply to an open and X.
1600 ****************************************************************************/
1602 void reply_open_and_X(connection_struct *conn, struct smb_request *req)
1608 /* Breakout the oplock request bits so we can set the
1609 reply bits separately. */
1610 int ex_oplock_request;
1611 int core_oplock_request;
1614 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1615 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1620 SMB_STRUCT_STAT sbuf;
1624 SMB_BIG_UINT allocation_size;
1625 ssize_t retval = -1;
1628 uint32 create_disposition;
1629 uint32 create_options = 0;
1631 START_PROFILE(SMBopenX);
1633 if (req->wct < 15) {
1634 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1635 END_PROFILE(SMBopenX);
1639 open_flags = SVAL(req->inbuf,smb_vwv2);
1640 deny_mode = SVAL(req->inbuf,smb_vwv3);
1641 smb_attr = SVAL(req->inbuf,smb_vwv5);
1642 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1643 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1644 oplock_request = ex_oplock_request | core_oplock_request;
1645 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1646 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1648 /* If it's an IPC, pass off the pipe handler. */
1650 if (lp_nt_pipe_support()) {
1651 reply_open_pipe_and_X(conn, req);
1653 reply_doserror(req, ERRSRV, ERRaccess);
1655 END_PROFILE(SMBopenX);
1659 /* XXXX we need to handle passed times, sattr and flags */
1660 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1661 smb_buf(req->inbuf), sizeof(fname), 0, STR_TERMINATE,
1663 if (!NT_STATUS_IS_OK(status)) {
1664 reply_nterror(req, status);
1665 END_PROFILE(SMBopenX);
1669 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1671 if (!NT_STATUS_IS_OK(status)) {
1672 END_PROFILE(SMBopenX);
1673 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1674 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1675 ERRSRV, ERRbadpath);
1678 reply_nterror(req, status);
1682 status = unix_convert(conn, fname, False, NULL, &sbuf);
1683 if (!NT_STATUS_IS_OK(status)) {
1684 reply_nterror(req, status);
1685 END_PROFILE(SMBopenX);
1689 status = check_name(conn, fname);
1690 if (!NT_STATUS_IS_OK(status)) {
1691 reply_nterror(req, status);
1692 END_PROFILE(SMBopenX);
1696 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1699 &create_disposition,
1701 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1702 END_PROFILE(SMBopenX);
1706 status = open_file_ntcreate(conn, req, fname, &sbuf,
1715 if (!NT_STATUS_IS_OK(status)) {
1716 END_PROFILE(SMBopenX);
1717 if (open_was_deferred(req->mid)) {
1718 /* We have re-scheduled this call. */
1721 reply_openerror(req, status);
1725 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1726 if the file is truncated or created. */
1727 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1728 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1729 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1730 close_file(fsp,ERROR_CLOSE);
1731 reply_nterror(req, NT_STATUS_DISK_FULL);
1732 END_PROFILE(SMBopenX);
1735 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1737 close_file(fsp,ERROR_CLOSE);
1738 reply_nterror(req, NT_STATUS_DISK_FULL);
1739 END_PROFILE(SMBopenX);
1742 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1745 fattr = dos_mode(conn,fname,&sbuf);
1746 mtime = sbuf.st_mtime;
1748 close_file(fsp,ERROR_CLOSE);
1749 reply_doserror(req, ERRDOS, ERRnoaccess);
1750 END_PROFILE(SMBopenX);
1754 /* If the caller set the extended oplock request bit
1755 and we granted one (by whatever means) - set the
1756 correct bit for extended oplock reply.
1759 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1760 smb_action |= EXTENDED_OPLOCK_GRANTED;
1763 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1764 smb_action |= EXTENDED_OPLOCK_GRANTED;
1767 /* If the caller set the core oplock request bit
1768 and we granted one (by whatever means) - set the
1769 correct bit for core oplock reply.
1772 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1773 reply_outbuf(req, 19, 0);
1775 reply_outbuf(req, 15, 0);
1778 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1779 SCVAL(req->outbuf, smb_flg,
1780 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1783 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1784 SCVAL(req->outbuf, smb_flg,
1785 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1788 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1789 SSVAL(req->outbuf,smb_vwv3,fattr);
1790 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1791 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1793 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1795 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1796 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1797 SSVAL(req->outbuf,smb_vwv11,smb_action);
1799 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1800 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1803 END_PROFILE(SMBopenX);
1804 chain_reply_new(req);
1808 /****************************************************************************
1809 Reply to a SMBulogoffX.
1810 conn POINTER CAN BE NULL HERE !
1811 ****************************************************************************/
1813 void reply_ulogoffX(connection_struct *conn, struct smb_request *req)
1817 START_PROFILE(SMBulogoffX);
1819 vuser = get_valid_user_struct(req->vuid);
1822 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1826 /* in user level security we are supposed to close any files
1827 open by this user */
1828 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1829 file_close_user(req->vuid);
1832 invalidate_vuid(req->vuid);
1834 reply_outbuf(req, 2, 0);
1836 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1838 END_PROFILE(SMBulogoffX);
1839 chain_reply_new(req);
1842 /****************************************************************************
1843 Reply to a mknew or a create.
1844 ****************************************************************************/
1846 void reply_mknew(connection_struct *conn, struct smb_request *req)
1851 struct timespec ts[2];
1853 int oplock_request = 0;
1854 SMB_STRUCT_STAT sbuf;
1856 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1857 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1858 uint32 create_disposition;
1859 uint32 create_options = 0;
1861 START_PROFILE(SMBcreate);
1864 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1865 END_PROFILE(SMBcreate);
1869 fattr = SVAL(req->inbuf,smb_vwv0);
1870 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1871 com = SVAL(req->inbuf,smb_com);
1873 ts[1] =convert_time_t_to_timespec(
1874 srv_make_unix_date3(req->inbuf + smb_vwv1));
1877 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1878 smb_buf(req->inbuf) + 1, sizeof(fname), 0,
1879 STR_TERMINATE, &status);
1880 if (!NT_STATUS_IS_OK(status)) {
1881 reply_nterror(req, status);
1882 END_PROFILE(SMBcreate);
1886 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1888 if (!NT_STATUS_IS_OK(status)) {
1889 END_PROFILE(SMBcreate);
1890 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1891 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1892 ERRSRV, ERRbadpath);
1895 reply_nterror(req, status);
1899 status = unix_convert(conn, fname, False, NULL, &sbuf);
1900 if (!NT_STATUS_IS_OK(status)) {
1901 reply_nterror(req, status);
1902 END_PROFILE(SMBcreate);
1906 status = check_name(conn, fname);
1907 if (!NT_STATUS_IS_OK(status)) {
1908 reply_nterror(req, status);
1909 END_PROFILE(SMBcreate);
1913 if (fattr & aVOLID) {
1914 DEBUG(0,("Attempt to create file (%s) with volid set - "
1915 "please report this\n", fname));
1918 if(com == SMBmknew) {
1919 /* We should fail if file exists. */
1920 create_disposition = FILE_CREATE;
1922 /* Create if file doesn't exist, truncate if it does. */
1923 create_disposition = FILE_OVERWRITE_IF;
1926 /* Open file using ntcreate. */
1927 status = open_file_ntcreate(conn, req, fname, &sbuf,
1936 if (!NT_STATUS_IS_OK(status)) {
1937 END_PROFILE(SMBcreate);
1938 if (open_was_deferred(req->mid)) {
1939 /* We have re-scheduled this call. */
1942 reply_nterror(req, status);
1946 ts[0] = get_atimespec(&sbuf); /* atime. */
1947 file_ntimes(conn, fname, ts);
1949 reply_outbuf(req, 1, 0);
1951 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1953 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1954 SCVAL(req->outbuf,smb_flg,
1955 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1958 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1959 SCVAL(req->outbuf,smb_flg,
1960 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1963 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1964 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
1965 fname, fsp->fh->fd, (unsigned int)fattr ) );
1967 END_PROFILE(SMBcreate);
1971 /****************************************************************************
1972 Reply to a create temporary file.
1973 ****************************************************************************/
1975 void reply_ctemp(connection_struct *conn, struct smb_request *req)
1982 SMB_STRUCT_STAT sbuf;
1986 START_PROFILE(SMBctemp);
1989 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1990 END_PROFILE(SMBctemp);
1994 fattr = SVAL(req->inbuf,smb_vwv0);
1995 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1997 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1998 smb_buf(req->inbuf)+1, sizeof(fname), 0, STR_TERMINATE,
2000 if (!NT_STATUS_IS_OK(status)) {
2001 reply_nterror(req, status);
2002 END_PROFILE(SMBctemp);
2006 pstrcat(fname,"/TMXXXXXX");
2008 pstrcat(fname,"TMXXXXXX");
2011 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
2013 if (!NT_STATUS_IS_OK(status)) {
2014 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2015 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2016 ERRSRV, ERRbadpath);
2017 END_PROFILE(SMBctemp);
2020 reply_nterror(req, status);
2021 END_PROFILE(SMBctemp);
2025 status = unix_convert(conn, fname, False, NULL, &sbuf);
2026 if (!NT_STATUS_IS_OK(status)) {
2027 reply_nterror(req, status);
2028 END_PROFILE(SMBctemp);
2032 status = check_name(conn, fname);
2033 if (!NT_STATUS_IS_OK(status)) {
2034 reply_nterror(req, status);
2035 END_PROFILE(SMBctemp);
2039 tmpfd = smb_mkstemp(fname);
2041 reply_unixerror(req, ERRDOS, ERRnoaccess);
2042 END_PROFILE(SMBctemp);
2046 SMB_VFS_STAT(conn,fname,&sbuf);
2048 /* We should fail if file does not exist. */
2049 status = open_file_ntcreate(conn, req, fname, &sbuf,
2050 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2051 FILE_SHARE_READ|FILE_SHARE_WRITE,
2058 /* close fd from smb_mkstemp() */
2061 if (!NT_STATUS_IS_OK(status)) {
2062 END_PROFILE(SMBctemp);
2063 if (open_was_deferred(req->mid)) {
2064 /* We have re-scheduled this call. */
2067 reply_openerror(req, status);
2071 reply_outbuf(req, 1, 0);
2072 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2074 /* the returned filename is relative to the directory */
2075 s = strrchr_m(fname, '/');
2083 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2084 thing in the byte section. JRA */
2085 SSVALS(p, 0, -1); /* what is this? not in spec */
2087 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2089 reply_nterror(req, NT_STATUS_NO_MEMORY);
2090 END_PROFILE(SMBctemp);
2094 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2095 SCVAL(req->outbuf, smb_flg,
2096 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2099 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2100 SCVAL(req->outbuf, smb_flg,
2101 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2104 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2105 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2106 (unsigned int)sbuf.st_mode ) );
2108 END_PROFILE(SMBctemp);
2112 /*******************************************************************
2113 Check if a user is allowed to rename a file.
2114 ********************************************************************/
2116 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2117 uint16 dirtype, SMB_STRUCT_STAT *pst)
2121 if (!CAN_WRITE(conn)) {
2122 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2125 fmode = dos_mode(conn, fsp->fsp_name, pst);
2126 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2127 return NT_STATUS_NO_SUCH_FILE;
2130 if (S_ISDIR(pst->st_mode)) {
2131 return NT_STATUS_OK;
2134 if (fsp->access_mask & DELETE_ACCESS) {
2135 return NT_STATUS_OK;
2138 return NT_STATUS_ACCESS_DENIED;
2141 /*******************************************************************
2142 * unlink a file with all relevant access checks
2143 *******************************************************************/
2145 static NTSTATUS do_unlink(connection_struct *conn, struct smb_request *req,
2146 char *fname, uint32 dirtype)
2148 SMB_STRUCT_STAT sbuf;
2151 uint32 dirtype_orig = dirtype;
2154 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2156 if (!CAN_WRITE(conn)) {
2157 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2160 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2161 return map_nt_error_from_unix(errno);
2164 fattr = dos_mode(conn,fname,&sbuf);
2166 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2167 dirtype = aDIR|aARCH|aRONLY;
2170 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2172 return NT_STATUS_NO_SUCH_FILE;
2175 if (!dir_check_ftype(conn, fattr, dirtype)) {
2177 return NT_STATUS_FILE_IS_A_DIRECTORY;
2179 return NT_STATUS_NO_SUCH_FILE;
2182 if (dirtype_orig & 0x8000) {
2183 /* These will never be set for POSIX. */
2184 return NT_STATUS_NO_SUCH_FILE;
2188 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2189 return NT_STATUS_FILE_IS_A_DIRECTORY;
2192 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2193 return NT_STATUS_NO_SUCH_FILE;
2196 if (dirtype & 0xFF00) {
2197 /* These will never be set for POSIX. */
2198 return NT_STATUS_NO_SUCH_FILE;
2203 return NT_STATUS_NO_SUCH_FILE;
2206 /* Can't delete a directory. */
2208 return NT_STATUS_FILE_IS_A_DIRECTORY;
2213 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2214 return NT_STATUS_OBJECT_NAME_INVALID;
2215 #endif /* JRATEST */
2217 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2219 On a Windows share, a file with read-only dosmode can be opened with
2220 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2221 fails with NT_STATUS_CANNOT_DELETE error.
2223 This semantic causes a problem that a user can not
2224 rename a file with read-only dosmode on a Samba share
2225 from a Windows command prompt (i.e. cmd.exe, but can rename
2226 from Windows Explorer).
2229 if (!lp_delete_readonly(SNUM(conn))) {
2230 if (fattr & aRONLY) {
2231 return NT_STATUS_CANNOT_DELETE;
2235 /* On open checks the open itself will check the share mode, so
2236 don't do it here as we'll get it wrong. */
2238 status = open_file_ntcreate(conn, req, fname, &sbuf,
2243 FILE_ATTRIBUTE_NORMAL,
2244 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2247 if (!NT_STATUS_IS_OK(status)) {
2248 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2249 nt_errstr(status)));
2253 /* The set is across all open files on this dev/inode pair. */
2254 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2255 close_file(fsp, NORMAL_CLOSE);
2256 return NT_STATUS_ACCESS_DENIED;
2259 return close_file(fsp,NORMAL_CLOSE);
2262 /****************************************************************************
2263 The guts of the unlink command, split out so it may be called by the NT SMB
2265 ****************************************************************************/
2267 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2268 uint32 dirtype, char *name, BOOL has_wild)
2274 NTSTATUS status = NT_STATUS_OK;
2275 SMB_STRUCT_STAT sbuf;
2277 *directory = *mask = 0;
2279 status = unix_convert(conn, name, has_wild, NULL, &sbuf);
2280 if (!NT_STATUS_IS_OK(status)) {
2284 p = strrchr_m(name,'/');
2286 pstrcpy(directory,".");
2290 pstrcpy(directory,name);
2295 * We should only check the mangled cache
2296 * here if unix_convert failed. This means
2297 * that the path in 'mask' doesn't exist
2298 * on the file system and so we need to look
2299 * for a possible mangle. This patch from
2300 * Tine Smukavec <valentin.smukavec@hermes.si>.
2303 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params))
2304 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
2307 pstrcat(directory,"/");
2308 pstrcat(directory,mask);
2310 dirtype = FILE_ATTRIBUTE_NORMAL;
2313 status = check_name(conn, directory);
2314 if (!NT_STATUS_IS_OK(status)) {
2318 status = do_unlink(conn, req, directory, dirtype);
2319 if (!NT_STATUS_IS_OK(status)) {
2325 struct smb_Dir *dir_hnd = NULL;
2329 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2330 return NT_STATUS_OBJECT_NAME_INVALID;
2333 if (strequal(mask,"????????.???")) {
2337 status = check_name(conn, directory);
2338 if (!NT_STATUS_IS_OK(status)) {
2342 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2343 if (dir_hnd == NULL) {
2344 return map_nt_error_from_unix(errno);
2347 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2348 the pattern matches against the long name, otherwise the short name
2349 We don't implement this yet XXXX
2352 status = NT_STATUS_NO_SUCH_FILE;
2354 while ((dname = ReadDirName(dir_hnd, &offset))) {
2357 pstrcpy(fname,dname);
2359 if (!is_visible_file(conn, directory, dname, &st, True)) {
2363 /* Quick check for "." and ".." */
2364 if (fname[0] == '.') {
2365 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2370 if(!mask_match(fname, mask, conn->case_sensitive)) {
2374 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2376 status = check_name(conn, fname);
2377 if (!NT_STATUS_IS_OK(status)) {
2382 status = do_unlink(conn, req, fname, dirtype);
2383 if (!NT_STATUS_IS_OK(status)) {
2388 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2394 if (count == 0 && NT_STATUS_IS_OK(status)) {
2395 status = map_nt_error_from_unix(errno);
2401 /****************************************************************************
2403 ****************************************************************************/
2405 void reply_unlink(connection_struct *conn, struct smb_request *req)
2410 BOOL path_contains_wcard = False;
2412 START_PROFILE(SMBunlink);
2415 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2416 END_PROFILE(SMBunlink);
2420 dirtype = SVAL(req->inbuf,smb_vwv0);
2422 srvstr_get_path_wcard((char *)req->inbuf, req->flags2, name,
2423 smb_buf(req->inbuf) + 1, sizeof(name), 0,
2424 STR_TERMINATE, &status, &path_contains_wcard);
2425 if (!NT_STATUS_IS_OK(status)) {
2426 reply_nterror(req, status);
2427 END_PROFILE(SMBunlink);
2431 status = resolve_dfspath_wcard(conn,
2432 req->flags2 & FLAGS2_DFS_PATHNAMES,
2433 name, &path_contains_wcard);
2434 if (!NT_STATUS_IS_OK(status)) {
2435 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2436 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2437 ERRSRV, ERRbadpath);
2438 END_PROFILE(SMBunlink);
2441 reply_nterror(req, status);
2442 END_PROFILE(SMBunlink);
2446 DEBUG(3,("reply_unlink : %s\n",name));
2448 status = unlink_internals(conn, req, dirtype, name,
2449 path_contains_wcard);
2450 if (!NT_STATUS_IS_OK(status)) {
2451 if (open_was_deferred(req->mid)) {
2452 /* We have re-scheduled this call. */
2453 END_PROFILE(SMBunlink);
2456 reply_nterror(req, status);
2457 END_PROFILE(SMBunlink);
2461 reply_outbuf(req, 0, 0);
2462 END_PROFILE(SMBunlink);
2467 /****************************************************************************
2469 ****************************************************************************/
2471 static void fail_readraw(void)
2474 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2476 exit_server_cleanly(errstr);
2479 /****************************************************************************
2480 Fake (read/write) sendfile. Returns -1 on read or write fail.
2481 ****************************************************************************/
2483 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2487 size_t tosend = nread;
2494 bufsize = MIN(nread, 65536);
2496 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2500 while (tosend > 0) {
2504 if (tosend > bufsize) {
2509 ret = read_file(fsp,buf,startpos,cur_read);
2515 /* If we had a short read, fill with zeros. */
2516 if (ret < cur_read) {
2517 memset(buf, '\0', cur_read - ret);
2520 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2525 startpos += cur_read;
2529 return (ssize_t)nread;
2532 /****************************************************************************
2533 Return a readbraw error (4 bytes of zero).
2534 ****************************************************************************/
2536 static void reply_readbraw_error(void)
2540 if (write_data(smbd_server_fd(),header,4) != 4) {
2545 /****************************************************************************
2546 Use sendfile in readbraw.
2547 ****************************************************************************/
2549 void send_file_readbraw(connection_struct *conn,
2555 char *outbuf = NULL;
2558 #if defined(WITH_SENDFILE)
2560 * We can only use sendfile on a non-chained packet
2561 * but we can use on a non-oplocked file. tridge proved this
2562 * on a train in Germany :-). JRA.
2563 * reply_readbraw has already checked the length.
2566 if ( (chain_size == 0) && (nread > 0) &&
2567 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2569 DATA_BLOB header_blob;
2571 _smb_setlen(header,nread);
2572 header_blob = data_blob_const(header, 4);
2574 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd,
2575 &header_blob, startpos, nread) == -1) {
2576 /* Returning ENOSYS means no data at all was sent.
2577 * Do this as a normal read. */
2578 if (errno == ENOSYS) {
2579 goto normal_readbraw;
2583 * Special hack for broken Linux with no working sendfile. If we
2584 * return EINTR we sent the header but not the rest of the data.
2585 * Fake this up by doing read/write calls.
2587 if (errno == EINTR) {
2588 /* Ensure we don't do this again. */
2589 set_use_sendfile(SNUM(conn), False);
2590 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2592 if (fake_sendfile(fsp, startpos, nread) == -1) {
2593 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2594 fsp->fsp_name, strerror(errno) ));
2595 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2600 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2601 fsp->fsp_name, strerror(errno) ));
2602 exit_server_cleanly("send_file_readbraw sendfile failed");
2611 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2613 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2614 (unsigned)(nread+4)));
2615 reply_readbraw_error();
2620 ret = read_file(fsp,outbuf+4,startpos,nread);
2621 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2630 _smb_setlen(outbuf,ret);
2631 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2634 TALLOC_FREE(outbuf);
2637 /****************************************************************************
2638 Reply to a readbraw (core+ protocol).
2639 ****************************************************************************/
2641 void reply_readbraw(connection_struct *conn, struct smb_request *req)
2643 ssize_t maxcount,mincount;
2650 START_PROFILE(SMBreadbraw);
2652 if (srv_is_signing_active()) {
2653 exit_server_cleanly("reply_readbraw: SMB signing is active - "
2654 "raw reads/writes are disallowed.");
2658 reply_readbraw_error();
2659 END_PROFILE(SMBreadbraw);
2664 * Special check if an oplock break has been issued
2665 * and the readraw request croses on the wire, we must
2666 * return a zero length response here.
2669 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2672 * We have to do a check_fsp by hand here, as
2673 * we must always return 4 zero bytes on error,
2677 if (!fsp || !conn || conn != fsp->conn ||
2678 current_user.vuid != fsp->vuid ||
2679 fsp->is_directory || fsp->fh->fd == -1) {
2681 * fsp could be NULL here so use the value from the packet. JRA.
2683 DEBUG(3,("reply_readbraw: fnum %d not valid "
2685 (int)SVAL(req->inbuf,smb_vwv0)));
2686 reply_readbraw_error();
2687 END_PROFILE(SMBreadbraw);
2691 /* Do a "by hand" version of CHECK_READ. */
2692 if (!(fsp->can_read ||
2693 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2694 (fsp->access_mask & FILE_EXECUTE)))) {
2695 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2696 (int)SVAL(req->inbuf,smb_vwv0)));
2697 reply_readbraw_error();
2698 END_PROFILE(SMBreadbraw);
2702 flush_write_cache(fsp, READRAW_FLUSH);
2704 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2705 if(req->wct == 10) {
2707 * This is a large offset (64 bit) read.
2709 #ifdef LARGE_SMB_OFF_T
2711 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2713 #else /* !LARGE_SMB_OFF_T */
2716 * Ensure we haven't been sent a >32 bit offset.
2719 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2720 DEBUG(0,("reply_readbraw: large offset "
2721 "(%x << 32) used and we don't support "
2722 "64 bit offsets.\n",
2723 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2724 reply_readbraw_error();
2725 END_PROFILE(SMBreadbraw);
2729 #endif /* LARGE_SMB_OFF_T */
2732 DEBUG(0,("reply_readbraw: negative 64 bit "
2733 "readraw offset (%.0f) !\n",
2734 (double)startpos ));
2735 reply_readbraw_error();
2736 END_PROFILE(SMBreadbraw);
2741 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2742 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2744 /* ensure we don't overrun the packet size */
2745 maxcount = MIN(65535,maxcount);
2747 if (is_locked(fsp,(uint32)req->smbpid,
2748 (SMB_BIG_UINT)maxcount,
2749 (SMB_BIG_UINT)startpos,
2751 reply_readbraw_error();
2752 END_PROFILE(SMBreadbraw);
2756 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2760 if (startpos >= size) {
2763 nread = MIN(maxcount,(size - startpos));
2766 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2767 if (nread < mincount)
2771 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2772 "min=%lu nread=%lu\n",
2773 fsp->fnum, (double)startpos,
2774 (unsigned long)maxcount,
2775 (unsigned long)mincount,
2776 (unsigned long)nread ) );
2778 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2780 DEBUG(5,("reply_readbraw finished\n"));
2781 END_PROFILE(SMBreadbraw);
2785 #define DBGC_CLASS DBGC_LOCKING
2787 /****************************************************************************
2788 Reply to a lockread (core+ protocol).
2789 ****************************************************************************/
2791 void reply_lockread(connection_struct *conn, struct smb_request *req)
2799 struct byte_range_lock *br_lck = NULL;
2801 START_PROFILE(SMBlockread);
2804 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2805 END_PROFILE(SMBlockread);
2809 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2811 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2812 END_PROFILE(SMBlockread);
2816 if (!CHECK_READ(fsp,req->inbuf)) {
2817 reply_doserror(req, ERRDOS, ERRbadaccess);
2818 END_PROFILE(SMBlockread);
2822 release_level_2_oplocks_on_change(fsp);
2824 numtoread = SVAL(req->inbuf,smb_vwv1);
2825 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2827 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2829 reply_outbuf(req, 5, numtoread + 3);
2831 data = smb_buf(req->outbuf) + 3;
2834 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2835 * protocol request that predates the read/write lock concept.
2836 * Thus instead of asking for a read lock here we need to ask
2837 * for a write lock. JRA.
2838 * Note that the requested lock size is unaffected by max_recv.
2841 br_lck = do_lock(smbd_messaging_context(),
2844 (SMB_BIG_UINT)numtoread,
2845 (SMB_BIG_UINT)startpos,
2848 False, /* Non-blocking lock. */
2851 TALLOC_FREE(br_lck);
2853 if (NT_STATUS_V(status)) {
2854 reply_nterror(req, status);
2855 END_PROFILE(SMBlockread);
2860 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2863 if (numtoread > max_recv) {
2864 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2865 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2866 (unsigned int)numtoread, (unsigned int)max_recv ));
2867 numtoread = MIN(numtoread,max_recv);
2869 nread = read_file(fsp,data,startpos,numtoread);
2872 reply_unixerror(req, ERRDOS, ERRnoaccess);
2873 END_PROFILE(SMBlockread);
2877 set_message(NULL, (char *)req->outbuf, 5, nread+3, False);
2879 SSVAL(req->outbuf,smb_vwv0,nread);
2880 SSVAL(req->outbuf,smb_vwv5,nread+3);
2881 SSVAL(smb_buf(req->outbuf),1,nread);
2883 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2884 fsp->fnum, (int)numtoread, (int)nread));
2886 END_PROFILE(SMBlockread);
2891 #define DBGC_CLASS DBGC_ALL
2893 /****************************************************************************
2895 ****************************************************************************/
2897 void reply_read(connection_struct *conn, struct smb_request *req)
2906 START_PROFILE(SMBread);
2909 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2910 END_PROFILE(SMBread);
2914 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2916 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2917 END_PROFILE(SMBread);
2921 if (!CHECK_READ(fsp,req->inbuf)) {
2922 reply_doserror(req, ERRDOS, ERRbadaccess);
2923 END_PROFILE(SMBread);
2927 numtoread = SVAL(req->inbuf,smb_vwv1);
2928 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2930 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2933 * The requested read size cannot be greater than max_recv. JRA.
2935 if (numtoread > max_recv) {
2936 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
2937 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2938 (unsigned int)numtoread, (unsigned int)max_recv ));
2939 numtoread = MIN(numtoread,max_recv);
2942 reply_outbuf(req, 5, numtoread+3);
2944 data = smb_buf(req->outbuf) + 3;
2946 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
2947 (SMB_BIG_UINT)startpos, READ_LOCK)) {
2948 reply_doserror(req, ERRDOS,ERRlock);
2949 END_PROFILE(SMBread);
2954 nread = read_file(fsp,data,startpos,numtoread);
2957 reply_unixerror(req, ERRDOS,ERRnoaccess);
2958 END_PROFILE(SMBread);
2962 set_message(NULL, (char *)req->outbuf, 5, nread+3, False);
2964 SSVAL(req->outbuf,smb_vwv0,nread);
2965 SSVAL(req->outbuf,smb_vwv5,nread+3);
2966 SCVAL(smb_buf(req->outbuf),0,1);
2967 SSVAL(smb_buf(req->outbuf),1,nread);
2969 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
2970 fsp->fnum, (int)numtoread, (int)nread ) );
2972 END_PROFILE(SMBread);
2976 /****************************************************************************
2978 ****************************************************************************/
2980 static int setup_readX_header(const uint8 *inbuf, uint8 *outbuf,
2986 outsize = set_message((char *)inbuf, (char *)outbuf,12,smb_maxcnt,
2988 data = smb_buf(outbuf);
2990 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2991 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
2992 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2993 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
2994 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
2995 SCVAL(outbuf,smb_vwv0,0xFF);
2996 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
2997 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3001 /****************************************************************************
3002 Reply to a read and X - possibly using sendfile.
3003 ****************************************************************************/
3005 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3006 files_struct *fsp, SMB_OFF_T startpos,
3009 SMB_STRUCT_STAT sbuf;
3012 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3013 reply_unixerror(req, ERRDOS, ERRnoaccess);
3017 if (startpos > sbuf.st_size) {
3019 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3020 smb_maxcnt = (sbuf.st_size - startpos);
3023 if (smb_maxcnt == 0) {
3027 #if defined(WITH_SENDFILE)
3029 * We can only use sendfile on a non-chained packet
3030 * but we can use on a non-oplocked file. tridge proved this
3031 * on a train in Germany :-). JRA.
3034 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3035 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3036 uint8 headerbuf[smb_size + 12 * 2];
3040 * Set up the packet header before send. We
3041 * assume here the sendfile will work (get the
3042 * correct amount of data).
3045 header = data_blob_const(headerbuf, sizeof(headerbuf));
3047 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3048 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
3050 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
3051 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3052 if (errno == ENOSYS) {
3057 * Special hack for broken Linux with no working sendfile. If we
3058 * return EINTR we sent the header but not the rest of the data.
3059 * Fake this up by doing read/write calls.
3062 if (errno == EINTR) {
3063 /* Ensure we don't do this again. */
3064 set_use_sendfile(SNUM(conn), False);
3065 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3066 nread = fake_sendfile(fsp, startpos,
3069 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3070 fsp->fsp_name, strerror(errno) ));
3071 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3073 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3074 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3075 /* No outbuf here means successful sendfile. */
3076 TALLOC_FREE(req->outbuf);
3080 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3081 fsp->fsp_name, strerror(errno) ));
3082 exit_server_cleanly("send_file_readX sendfile failed");
3085 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3086 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3087 /* No outbuf here means successful sendfile. */
3088 TALLOC_FREE(req->outbuf);
3096 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3097 uint8 headerbuf[smb_size + 2*12];
3099 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3100 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
3102 /* Send out the header. */
3103 if (write_data(smbd_server_fd(), (char *)headerbuf,
3104 sizeof(headerbuf)) != sizeof(headerbuf)) {
3105 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3106 fsp->fsp_name, strerror(errno) ));
3107 exit_server_cleanly("send_file_readX sendfile failed");
3109 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3111 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3112 fsp->fsp_name, strerror(errno) ));
3113 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3115 TALLOC_FREE(req->outbuf);
3118 reply_outbuf(req, 12, smb_maxcnt);
3120 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3123 reply_unixerror(req, ERRDOS, ERRnoaccess);
3127 setup_readX_header(req->inbuf, req->outbuf, nread);
3129 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3130 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3132 chain_reply_new(req);
3138 /****************************************************************************
3139 Reply to a read and X.
3140 ****************************************************************************/
3142 void reply_read_and_X(connection_struct *conn, struct smb_request *req)
3147 BOOL big_readX = False;
3149 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3152 START_PROFILE(SMBreadX);
3154 if ((req->wct != 10) && (req->wct != 12)) {
3155 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3159 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3160 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3161 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3163 /* If it's an IPC, pass off the pipe handler. */
3165 reply_pipe_read_and_X(req);
3166 END_PROFILE(SMBreadX);
3170 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3171 END_PROFILE(SMBreadX);
3175 if (!CHECK_READ(fsp,req->inbuf)) {
3176 reply_doserror(req, ERRDOS,ERRbadaccess);
3177 END_PROFILE(SMBreadX);
3181 if (global_client_caps & CAP_LARGE_READX) {
3182 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3183 smb_maxcnt |= (upper_size<<16);
3184 if (upper_size > 1) {
3185 /* Can't do this on a chained packet. */
3186 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3187 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3188 END_PROFILE(SMBreadX);
3191 /* We currently don't do this on signed or sealed data. */
3192 if (srv_is_signing_active() || srv_encryption_on()) {
3193 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3194 END_PROFILE(SMBreadX);
3197 /* Is there room in the reply for this data ? */
3198 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3200 NT_STATUS_INVALID_PARAMETER);
3201 END_PROFILE(SMBreadX);
3208 if (req->wct == 12) {
3209 #ifdef LARGE_SMB_OFF_T
3211 * This is a large offset (64 bit) read.
3213 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3215 #else /* !LARGE_SMB_OFF_T */
3218 * Ensure we haven't been sent a >32 bit offset.
3221 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3222 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3223 "used and we don't support 64 bit offsets.\n",
3224 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3225 END_PROFILE(SMBreadX);
3226 reply_doserror(req, ERRDOS, ERRbadaccess);
3230 #endif /* LARGE_SMB_OFF_T */
3234 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3235 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3236 END_PROFILE(SMBreadX);
3237 reply_doserror(req, ERRDOS, ERRlock);
3242 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3243 END_PROFILE(SMBreadX);
3244 reply_post_legacy(req, -1);
3248 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3250 END_PROFILE(SMBreadX);
3254 /****************************************************************************
3255 Error replies to writebraw must have smb_wct == 1. Fix this up.
3256 ****************************************************************************/
3258 void error_to_writebrawerr(struct smb_request *req)
3260 uint8 *old_outbuf = req->outbuf;
3262 reply_outbuf(req, 1, 0);
3264 memcpy(req->outbuf, old_outbuf, smb_size);
3265 TALLOC_FREE(old_outbuf);
3268 /****************************************************************************
3269 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3270 ****************************************************************************/
3272 void reply_writebraw(connection_struct *conn, struct smb_request *req)
3277 ssize_t total_written=0;
3278 size_t numtowrite=0;
3286 START_PROFILE(SMBwritebraw);
3289 * If we ever reply with an error, it must have the SMB command
3290 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3293 SCVAL(req->inbuf,smb_com,SMBwritec);
3295 if (srv_is_signing_active()) {
3296 END_PROFILE(SMBwritebraw);
3297 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3298 "raw reads/writes are disallowed.");
3301 if (req->wct < 12) {
3302 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3303 error_to_writebrawerr(req);
3304 END_PROFILE(SMBwritebraw);
3308 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3309 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3310 error_to_writebrawerr(req);
3311 END_PROFILE(SMBwritebraw);
3315 if (!CHECK_WRITE(fsp)) {
3316 reply_doserror(req, ERRDOS, ERRbadaccess);
3317 error_to_writebrawerr(req);
3318 END_PROFILE(SMBwritebraw);
3322 tcount = IVAL(req->inbuf,smb_vwv1);
3323 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3324 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3326 /* We have to deal with slightly different formats depending
3327 on whether we are using the core+ or lanman1.0 protocol */
3329 if(Protocol <= PROTOCOL_COREPLUS) {
3330 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3331 data = smb_buf(req->inbuf);
3333 numtowrite = SVAL(req->inbuf,smb_vwv10);
3334 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3337 /* Ensure we don't write bytes past the end of this packet. */
3338 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3339 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3340 error_to_writebrawerr(req);
3341 END_PROFILE(SMBwritebraw);
3345 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3346 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3347 reply_doserror(req, ERRDOS, ERRlock);
3348 error_to_writebrawerr(req);
3349 END_PROFILE(SMBwritebraw);
3354 nwritten = write_file(fsp,data,startpos,numtowrite);
3357 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3358 "wrote=%d sync=%d\n",
3359 fsp->fnum, (double)startpos, (int)numtowrite,
3360 (int)nwritten, (int)write_through));
3362 if (nwritten < (ssize_t)numtowrite) {
3363 reply_unixerror(req, ERRHRD, ERRdiskfull);
3364 error_to_writebrawerr(req);
3365 END_PROFILE(SMBwritebraw);
3369 total_written = nwritten;
3371 /* Allocate a buffer of 64k + length. */
3372 buf = TALLOC_ARRAY(NULL, char, 65540);
3374 reply_doserror(req, ERRDOS, ERRnomem);
3375 error_to_writebrawerr(req);
3376 END_PROFILE(SMBwritebraw);
3380 /* Return a SMBwritebraw message to the redirector to tell
3381 * it to send more bytes */
3383 memcpy(buf, req->inbuf, smb_size);
3384 outsize = set_message(NULL,buf,
3385 Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3386 SCVAL(buf,smb_com,SMBwritebraw);
3387 SSVALS(buf,smb_vwv0,0xFFFF);
3389 if (!send_smb(smbd_server_fd(),buf)) {
3390 exit_server_cleanly("reply_writebraw: send_smb "
3394 /* Now read the raw data into the buffer and write it */
3395 if (read_smb_length(smbd_server_fd(),buf,SMB_SECONDARY_WAIT) == -1) {
3396 exit_server_cleanly("secondary writebraw failed");
3400 * Even though this is not an smb message,
3401 * smb_len returns the generic length of a packet.
3404 numtowrite = smb_len(buf);
3406 /* Set up outbuf to return the correct size */
3407 reply_outbuf(req, 1, 0);
3409 if (numtowrite != 0) {
3411 if (numtowrite > 0xFFFF) {
3412 DEBUG(0,("reply_writebraw: Oversize secondary write "
3413 "raw requested (%u). Terminating\n",
3414 (unsigned int)numtowrite ));
3415 exit_server_cleanly("secondary writebraw failed");
3418 if (tcount > nwritten+numtowrite) {
3419 DEBUG(3,("reply_writebraw: Client overestimated the "
3421 (int)tcount,(int)nwritten,(int)numtowrite));
3424 if (read_data(smbd_server_fd(), buf+4, numtowrite)
3426 DEBUG(0,("reply_writebraw: Oversize secondary write "
3427 "raw read failed (%s). Terminating\n",
3429 exit_server_cleanly("secondary writebraw failed");
3432 nwritten = write_file(fsp,buf+4,startpos+nwritten,numtowrite);
3433 if (nwritten == -1) {
3435 reply_unixerror(req, ERRHRD, ERRdiskfull);
3436 error_to_writebrawerr(req);
3437 END_PROFILE(SMBwritebraw);
3441 if (nwritten < (ssize_t)numtowrite) {
3442 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3443 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3447 total_written += nwritten;
3452 SSVAL(req->outbuf,smb_vwv0,total_written);
3454 status = sync_file(conn, fsp, write_through);
3455 if (!NT_STATUS_IS_OK(status)) {
3456 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3457 fsp->fsp_name, nt_errstr(status) ));
3458 reply_nterror(req, status);
3459 error_to_writebrawerr(req);
3460 END_PROFILE(SMBwritebraw);
3464 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3466 fsp->fnum, (double)startpos, (int)numtowrite,
3467 (int)total_written));
3469 /* We won't return a status if write through is not selected - this
3470 * follows what WfWg does */
3471 END_PROFILE(SMBwritebraw);
3473 if (!write_through && total_written==tcount) {
3475 #if RABBIT_PELLET_FIX
3477 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3478 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3481 if (!send_keepalive(smbd_server_fd())) {
3482 exit_server_cleanly("reply_writebraw: send of "
3483 "keepalive failed");
3486 TALLOC_FREE(req->outbuf);
3492 #define DBGC_CLASS DBGC_LOCKING
3494 /****************************************************************************
3495 Reply to a writeunlock (core+).
3496 ****************************************************************************/
3498 void reply_writeunlock(connection_struct *conn, struct smb_request *req)
3500 ssize_t nwritten = -1;
3504 NTSTATUS status = NT_STATUS_OK;
3507 START_PROFILE(SMBwriteunlock);
3510 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3511 END_PROFILE(SMBwriteunlock);
3515 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3517 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3518 END_PROFILE(SMBwriteunlock);
3522 if (!CHECK_WRITE(fsp)) {
3523 reply_doserror(req, ERRDOS,ERRbadaccess);
3524 END_PROFILE(SMBwriteunlock);
3528 numtowrite = SVAL(req->inbuf,smb_vwv1);
3529 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3530 data = smb_buf(req->inbuf) + 3;
3533 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3534 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3535 reply_doserror(req, ERRDOS, ERRlock);
3536 END_PROFILE(SMBwriteunlock);
3540 /* The special X/Open SMB protocol handling of
3541 zero length writes is *NOT* done for
3543 if(numtowrite == 0) {
3546 nwritten = write_file(fsp,data,startpos,numtowrite);
3549 status = sync_file(conn, fsp, False /* write through */);
3550 if (!NT_STATUS_IS_OK(status)) {
3551 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3552 fsp->fsp_name, nt_errstr(status) ));
3553 reply_nterror(req, status);
3554 END_PROFILE(SMBwriteunlock);
3558 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3559 reply_unixerror(req, ERRHRD, ERRdiskfull);
3560 END_PROFILE(SMBwriteunlock);
3565 status = do_unlock(smbd_messaging_context(),
3568 (SMB_BIG_UINT)numtowrite,
3569 (SMB_BIG_UINT)startpos,
3572 if (NT_STATUS_V(status)) {
3573 reply_nterror(req, status);
3574 END_PROFILE(SMBwriteunlock);
3579 reply_outbuf(req, 1, 0);
3581 SSVAL(req->outbuf,smb_vwv0,nwritten);
3583 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3584 fsp->fnum, (int)numtowrite, (int)nwritten));
3586 END_PROFILE(SMBwriteunlock);
3591 #define DBGC_CLASS DBGC_ALL
3593 /****************************************************************************
3595 ****************************************************************************/
3597 void reply_write(connection_struct *conn, struct smb_request *req)
3600 ssize_t nwritten = -1;
3606 START_PROFILE(SMBwrite);
3609 END_PROFILE(SMBwrite);
3610 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3614 /* If it's an IPC, pass off the pipe handler. */
3616 reply_pipe_write(req);
3617 END_PROFILE(SMBwrite);
3621 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3623 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3624 END_PROFILE(SMBwrite);
3628 if (!CHECK_WRITE(fsp)) {
3629 reply_doserror(req, ERRDOS, ERRbadaccess);
3630 END_PROFILE(SMBwrite);
3634 numtowrite = SVAL(req->inbuf,smb_vwv1);
3635 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3636 data = smb_buf(req->inbuf) + 3;
3638 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3639 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3640 reply_doserror(req, ERRDOS, ERRlock);
3641 END_PROFILE(SMBwrite);
3646 * X/Open SMB protocol says that if smb_vwv1 is
3647 * zero then the file size should be extended or
3648 * truncated to the size given in smb_vwv[2-3].
3651 if(numtowrite == 0) {
3653 * This is actually an allocate call, and set EOF. JRA.
3655 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3657 reply_nterror(req, NT_STATUS_DISK_FULL);
3658 END_PROFILE(SMBwrite);
3661 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3663 reply_nterror(req, NT_STATUS_DISK_FULL);
3664 END_PROFILE(SMBwrite);
3668 nwritten = write_file(fsp,data,startpos,numtowrite);
3670 status = sync_file(conn, fsp, False);
3671 if (!NT_STATUS_IS_OK(status)) {
3672 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3673 fsp->fsp_name, nt_errstr(status) ));
3674 reply_nterror(req, status);
3675 END_PROFILE(SMBwrite);
3679 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3680 reply_unixerror(req, ERRHRD, ERRdiskfull);
3681 END_PROFILE(SMBwrite);
3685 reply_outbuf(req, 1, 0);
3687 SSVAL(req->outbuf,smb_vwv0,nwritten);
3689 if (nwritten < (ssize_t)numtowrite) {
3690 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3691 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3694 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3696 END_PROFILE(SMBwrite);
3700 /****************************************************************************
3701 Reply to a write and X.
3702 ****************************************************************************/
3704 void reply_write_and_X(connection_struct *conn, struct smb_request *req)
3711 unsigned int smb_doff;
3712 unsigned int smblen;
3717 START_PROFILE(SMBwriteX);
3719 if ((req->wct != 12) && (req->wct != 14)) {
3720 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3721 END_PROFILE(SMBwriteX);
3725 numtowrite = SVAL(req->inbuf,smb_vwv10);
3726 smb_doff = SVAL(req->inbuf,smb_vwv11);
3727 smblen = smb_len(req->inbuf);
3728 large_writeX = ((req->wct == 14) && (smblen > 0xFFFF));
3730 /* Deal with possible LARGE_WRITEX */
3732 numtowrite |= ((((size_t)SVAL(req->inbuf,smb_vwv9)) & 1 )<<16);
3735 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3736 reply_doserror(req, ERRDOS, ERRbadmem);
3737 END_PROFILE(SMBwriteX);
3741 /* If it's an IPC, pass off the pipe handler. */
3743 reply_pipe_write_and_X(req);
3744 END_PROFILE(SMBwriteX);
3748 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3749 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3750 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3752 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3753 END_PROFILE(SMBwriteX);
3757 if (!CHECK_WRITE(fsp)) {
3758 reply_doserror(req, ERRDOS, ERRbadaccess);
3759 END_PROFILE(SMBwriteX);
3763 data = smb_base(req->inbuf) + smb_doff;
3765 if(req->wct == 14) {
3766 #ifdef LARGE_SMB_OFF_T
3768 * This is a large offset (64 bit) write.
3770 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3772 #else /* !LARGE_SMB_OFF_T */
3775 * Ensure we haven't been sent a >32 bit offset.
3778 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3779 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3780 "used and we don't support 64 bit offsets.\n",
3781 (unsigned int)IVAL(inbuf,smb_vwv12) ));
3782 reply_doserror(req, ERRDOS, ERRbadaccess);
3783 END_PROFILE(SMBwriteX);
3787 #endif /* LARGE_SMB_OFF_T */
3790 if (is_locked(fsp,(uint32)req->smbpid,
3791 (SMB_BIG_UINT)numtowrite,
3792 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3793 reply_doserror(req, ERRDOS, ERRlock);
3794 END_PROFILE(SMBwriteX);
3798 /* X/Open SMB protocol says that, unlike SMBwrite
3799 if the length is zero then NO truncation is
3800 done, just a write of zero. To truncate a file,
3803 if(numtowrite == 0) {
3807 if (schedule_aio_write_and_X(conn, req, fsp, data, startpos,
3809 END_PROFILE(SMBwriteX);
3813 nwritten = write_file(fsp,data,startpos,numtowrite);
3816 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3817 reply_unixerror(req, ERRHRD, ERRdiskfull);
3818 END_PROFILE(SMBwriteX);
3822 reply_outbuf(req, 6, 0);
3823 SSVAL(req->outbuf,smb_vwv2,nwritten);
3825 SSVAL(req->outbuf,smb_vwv4,(nwritten>>16)&1);
3827 if (nwritten < (ssize_t)numtowrite) {
3828 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3829 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3832 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3833 fsp->fnum, (int)numtowrite, (int)nwritten));
3835 status = sync_file(conn, fsp, write_through);
3836 if (!NT_STATUS_IS_OK(status)) {
3837 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
3838 fsp->fsp_name, nt_errstr(status) ));
3839 reply_nterror(req, status);
3840 END_PROFILE(SMBwriteX);
3844 END_PROFILE(SMBwriteX);
3845 chain_reply_new(req);
3849 /****************************************************************************
3851 ****************************************************************************/
3853 void reply_lseek(connection_struct *conn, struct smb_request *req)
3860 START_PROFILE(SMBlseek);
3863 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3864 END_PROFILE(SMBlseek);
3868 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3870 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3874 flush_write_cache(fsp, SEEK_FLUSH);
3876 mode = SVAL(req->inbuf,smb_vwv1) & 3;
3877 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3878 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
3887 res = fsp->fh->pos + startpos;
3898 if (umode == SEEK_END) {
3899 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
3900 if(errno == EINVAL) {
3901 SMB_OFF_T current_pos = startpos;
3902 SMB_STRUCT_STAT sbuf;
3904 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3905 reply_unixerror(req, ERRDOS,
3907 END_PROFILE(SMBlseek);
3911 current_pos += sbuf.st_size;
3913 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
3918 reply_unixerror(req, ERRDOS, ERRnoaccess);
3919 END_PROFILE(SMBlseek);
3926 reply_outbuf(req, 2, 0);
3927 SIVAL(req->outbuf,smb_vwv0,res);
3929 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
3930 fsp->fnum, (double)startpos, (double)res, mode));
3932 END_PROFILE(SMBlseek);
3936 /****************************************************************************
3938 ****************************************************************************/
3940 void reply_flush(connection_struct *conn, struct smb_request *req)
3945 START_PROFILE(SMBflush);
3948 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3952 fnum = SVAL(req->inbuf,smb_vwv0);
3953 fsp = file_fsp(fnum);
3955 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
3960 file_sync_all(conn);
3962 NTSTATUS status = sync_file(conn, fsp, True);
3963 if (!NT_STATUS_IS_OK(status)) {
3964 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
3965 fsp->fsp_name, nt_errstr(status) ));
3966 reply_nterror(req, status);
3967 END_PROFILE(SMBflush);
3972 reply_outbuf(req, 0, 0);
3974 DEBUG(3,("flush\n"));
3975 END_PROFILE(SMBflush);
3979 /****************************************************************************
3981 conn POINTER CAN BE NULL HERE !
3982 ****************************************************************************/
3984 void reply_exit(connection_struct *conn, struct smb_request *req)
3986 START_PROFILE(SMBexit);
3988 file_close_pid(req->smbpid, req->vuid);
3990 reply_outbuf(req, 0, 0);
3992 DEBUG(3,("exit\n"));
3994 END_PROFILE(SMBexit);
3998 /****************************************************************************
3999 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4000 ****************************************************************************/
4002 void reply_close(connection_struct *conn, struct smb_request *req)
4004 NTSTATUS status = NT_STATUS_OK;
4005 files_struct *fsp = NULL;
4006 START_PROFILE(SMBclose);
4009 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4010 END_PROFILE(SMBclose);
4014 /* If it's an IPC, pass off to the pipe handler. */
4016 reply_pipe_close(conn, req);
4017 END_PROFILE(SMBclose);
4021 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4024 * We can only use CHECK_FSP if we know it's not a directory.
4027 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4028 reply_doserror(req, ERRDOS, ERRbadfid);
4029 END_PROFILE(SMBclose);
4033 if(fsp->is_directory) {
4035 * Special case - close NT SMB directory handle.
4037 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4038 status = close_file(fsp,NORMAL_CLOSE);
4041 * Close ordinary file.
4044 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4045 fsp->fh->fd, fsp->fnum,
4046 conn->num_files_open));
4049 * Take care of any time sent in the close.
4052 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
4053 srv_make_unix_date3(
4054 req->inbuf+smb_vwv1)));
4057 * close_file() returns the unix errno if an error
4058 * was detected on close - normally this is due to
4059 * a disk full error. If not then it was probably an I/O error.
4062 status = close_file(fsp,NORMAL_CLOSE);
4065 if (!NT_STATUS_IS_OK(status)) {
4066 reply_nterror(req, status);
4067 END_PROFILE(SMBclose);
4071 reply_outbuf(req, 0, 0);
4072 END_PROFILE(SMBclose);
4076 /****************************************************************************
4077 Reply to a writeclose (Core+ protocol).
4078 ****************************************************************************/
4080 void reply_writeclose(connection_struct *conn, struct smb_request *req)
4083 ssize_t nwritten = -1;
4084 NTSTATUS close_status = NT_STATUS_OK;
4087 struct timespec mtime;
4090 START_PROFILE(SMBwriteclose);
4093 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4094 END_PROFILE(SMBwriteclose);
4098 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4100 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4101 END_PROFILE(SMBwriteclose);
4104 if (!CHECK_WRITE(fsp)) {
4105 reply_doserror(req, ERRDOS,ERRbadaccess);
4106 END_PROFILE(SMBwriteclose);
4110 numtowrite = SVAL(req->inbuf,smb_vwv1);
4111 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4112 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4113 req->inbuf+smb_vwv4));
4114 data = smb_buf(req->inbuf) + 1;
4117 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4118 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4119 reply_doserror(req, ERRDOS,ERRlock);
4120 END_PROFILE(SMBwriteclose);
4124 nwritten = write_file(fsp,data,startpos,numtowrite);
4126 set_filetime(conn, fsp->fsp_name, mtime);
4129 * More insanity. W2K only closes the file if writelen > 0.
4134 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4136 close_status = close_file(fsp,NORMAL_CLOSE);
4139 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4140 fsp->fnum, (int)numtowrite, (int)nwritten,
4141 conn->num_files_open));
4143 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4144 reply_doserror(req, ERRHRD, ERRdiskfull);
4145 END_PROFILE(SMBwriteclose);
4149 if(!NT_STATUS_IS_OK(close_status)) {
4150 reply_nterror(req, close_status);
4151 END_PROFILE(SMBwriteclose);
4155 reply_outbuf(req, 1, 0);
4157 SSVAL(req->outbuf,smb_vwv0,nwritten);
4158 END_PROFILE(SMBwriteclose);
4163 #define DBGC_CLASS DBGC_LOCKING
4165 /****************************************************************************
4167 ****************************************************************************/
4169 void reply_lock(connection_struct *conn, struct smb_request *req)
4171 SMB_BIG_UINT count,offset;
4174 struct byte_range_lock *br_lck = NULL;
4176 START_PROFILE(SMBlock);
4179 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4180 END_PROFILE(SMBlock);
4184 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4186 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4187 END_PROFILE(SMBlock);
4191 release_level_2_oplocks_on_change(fsp);
4193 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4194 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4196 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4197 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4199 br_lck = do_lock(smbd_messaging_context(),
4206 False, /* Non-blocking lock. */
4210 TALLOC_FREE(br_lck);
4212 if (NT_STATUS_V(status)) {
4213 reply_nterror(req, status);
4214 END_PROFILE(SMBlock);
4218 reply_outbuf(req, 0, 0);
4220 END_PROFILE(SMBlock);
4224 /****************************************************************************
4226 ****************************************************************************/
4228 void reply_unlock(connection_struct *conn, struct smb_request *req)
4230 SMB_BIG_UINT count,offset;
4234 START_PROFILE(SMBunlock);
4237 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4238 END_PROFILE(SMBunlock);
4242 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4244 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4245 END_PROFILE(SMBunlock);
4249 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4250 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4252 status = do_unlock(smbd_messaging_context(),
4259 if (NT_STATUS_V(status)) {
4260 reply_nterror(req, status);
4261 END_PROFILE(SMBunlock);
4265 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4266 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4268 reply_outbuf(req, 0, 0);
4270 END_PROFILE(SMBunlock);
4275 #define DBGC_CLASS DBGC_ALL
4277 /****************************************************************************
4279 conn POINTER CAN BE NULL HERE !
4280 ****************************************************************************/
4282 void reply_tdis(connection_struct *conn, struct smb_request *req)
4284 START_PROFILE(SMBtdis);
4287 DEBUG(4,("Invalid connection in tdis\n"));
4288 reply_doserror(req, ERRSRV, ERRinvnid);
4289 END_PROFILE(SMBtdis);
4295 close_cnum(conn,req->vuid);
4297 reply_outbuf(req, 0, 0);
4298 END_PROFILE(SMBtdis);
4302 /****************************************************************************
4304 conn POINTER CAN BE NULL HERE !
4305 ****************************************************************************/
4307 void reply_echo(connection_struct *conn, struct smb_request *req)
4311 unsigned int data_len = smb_buflen(req->inbuf);
4313 START_PROFILE(SMBecho);
4316 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4317 END_PROFILE(SMBecho);
4321 if (data_len > BUFFER_SIZE) {
4322 DEBUG(0,("reply_echo: data_len too large.\n"));
4323 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4324 END_PROFILE(SMBecho);
4328 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4330 reply_outbuf(req, 1, data_len);
4332 /* copy any incoming data back out */
4334 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4337 if (smb_reverb > 100) {
4338 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4342 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4343 SSVAL(req->outbuf,smb_vwv0,seq_num);
4345 show_msg((char *)req->outbuf);
4346 if (!send_smb(smbd_server_fd(),(char *)req->outbuf))
4347 exit_server_cleanly("reply_echo: send_smb failed.");
4350 DEBUG(3,("echo %d times\n", smb_reverb));
4352 TALLOC_FREE(req->outbuf);
4356 END_PROFILE(SMBecho);
4360 /****************************************************************************
4361 Reply to a printopen.
4362 ****************************************************************************/
4364 void reply_printopen(connection_struct *conn, struct smb_request *req)
4369 START_PROFILE(SMBsplopen);
4372 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4373 END_PROFILE(SMBsplopen);
4377 if (!CAN_PRINT(conn)) {
4378 reply_doserror(req, ERRDOS, ERRnoaccess);
4379 END_PROFILE(SMBsplopen);
4383 /* Open for exclusive use, write only. */
4384 status = print_fsp_open(conn, NULL, &fsp);
4386 if (!NT_STATUS_IS_OK(status)) {
4387 reply_nterror(req, status);
4388 END_PROFILE(SMBsplopen);
4392 reply_outbuf(req, 1, 0);
4393 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4395 DEBUG(3,("openprint fd=%d fnum=%d\n",
4396 fsp->fh->fd, fsp->fnum));
4398 END_PROFILE(SMBsplopen);
4402 /****************************************************************************
4403 Reply to a printclose.
4404 ****************************************************************************/
4406 void reply_printclose(connection_struct *conn, struct smb_request *req)
4411 START_PROFILE(SMBsplclose);
4414 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4415 END_PROFILE(SMBsplclose);
4419 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4421 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4422 END_PROFILE(SMBsplclose);
4426 if (!CAN_PRINT(conn)) {
4427 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4428 END_PROFILE(SMBsplclose);
4432 DEBUG(3,("printclose fd=%d fnum=%d\n",
4433 fsp->fh->fd,fsp->fnum));
4435 status = close_file(fsp,NORMAL_CLOSE);
4437 if(!NT_STATUS_IS_OK(status)) {
4438 reply_nterror(req, status);
4439 END_PROFILE(SMBsplclose);
4443 END_PROFILE(SMBsplclose);
4447 /****************************************************************************
4448 Reply to a printqueue.
4449 ****************************************************************************/
4451 void reply_printqueue(connection_struct *conn, struct smb_request *req)
4456 START_PROFILE(SMBsplretq);
4459 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4460 END_PROFILE(SMBsplretq);
4464 max_count = SVAL(req->inbuf,smb_vwv0);
4465 start_index = SVAL(req->inbuf,smb_vwv1);
4467 /* we used to allow the client to get the cnum wrong, but that
4468 is really quite gross and only worked when there was only
4469 one printer - I think we should now only accept it if they
4470 get it right (tridge) */
4471 if (!CAN_PRINT(conn)) {
4472 reply_doserror(req, ERRDOS, ERRnoaccess);
4473 END_PROFILE(SMBsplretq);
4477 reply_outbuf(req, 2, 3);
4478 SSVAL(req->outbuf,smb_vwv0,0);
4479 SSVAL(req->outbuf,smb_vwv1,0);
4480 SCVAL(smb_buf(req->outbuf),0,1);
4481 SSVAL(smb_buf(req->outbuf),1,0);
4483 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4484 start_index, max_count));
4487 print_queue_struct *queue = NULL;
4488 print_status_struct status;
4489 int count = print_queue_status(SNUM(conn), &queue, &status);
4490 int num_to_get = ABS(max_count);
4491 int first = (max_count>0?start_index:start_index+max_count+1);
4497 num_to_get = MIN(num_to_get,count-first);
4500 for (i=first;i<first+num_to_get;i++) {
4504 srv_put_dos_date2(p,0,queue[i].time);
4505 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4506 SSVAL(p,5, queue[i].job);
4507 SIVAL(p,7,queue[i].size);
4509 srvstr_push(blob, req->flags2, p+12,
4510 queue[i].fs_user, 16, STR_ASCII);
4512 if (message_push_blob(
4515 blob, sizeof(blob))) == -1) {
4516 reply_nterror(req, NT_STATUS_NO_MEMORY);
4517 END_PROFILE(SMBsplretq);
4523 SSVAL(req->outbuf,smb_vwv0,count);
4524 SSVAL(req->outbuf,smb_vwv1,
4525 (max_count>0?first+count:first-1));
4526 SCVAL(smb_buf(req->outbuf),0,1);
4527 SSVAL(smb_buf(req->outbuf),1,28*count);
4532 DEBUG(3,("%d entries returned in queue\n",count));
4535 END_PROFILE(SMBsplretq);
4539 /****************************************************************************
4540 Reply to a printwrite.
4541 ****************************************************************************/
4543 void reply_printwrite(connection_struct *conn, struct smb_request *req)
4549 START_PROFILE(SMBsplwr);
4552 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4553 END_PROFILE(SMBsplwr);
4557 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4559 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4560 END_PROFILE(SMBsplwr);
4564 if (!CAN_PRINT(conn)) {
4565 reply_doserror(req, ERRDOS, ERRnoaccess);
4566 END_PROFILE(SMBsplwr);
4570 if (!CHECK_WRITE(fsp)) {
4571 reply_doserror(req, ERRDOS, ERRbadaccess);
4572 END_PROFILE(SMBsplwr);
4576 numtowrite = SVAL(smb_buf(req->inbuf),1);
4578 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4579 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4580 END_PROFILE(SMBsplwr);
4584 data = smb_buf(req->inbuf) + 3;
4586 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
4587 reply_unixerror(req, ERRHRD, ERRdiskfull);
4588 END_PROFILE(SMBsplwr);
4592 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4594 END_PROFILE(SMBsplwr);
4598 /****************************************************************************
4600 ****************************************************************************/
4602 void reply_mkdir(connection_struct *conn, struct smb_request *req)
4606 SMB_STRUCT_STAT sbuf;
4608 START_PROFILE(SMBmkdir);
4610 srvstr_get_path((char *)req->inbuf, req->flags2, directory,
4611 smb_buf(req->inbuf) + 1, sizeof(directory), 0,
4612 STR_TERMINATE, &status);
4613 if (!NT_STATUS_IS_OK(status)) {
4614 reply_nterror(req, status);
4615 END_PROFILE(SMBmkdir);
4619 status = resolve_dfspath(conn,
4620 req->flags2 & FLAGS2_DFS_PATHNAMES,
4622 if (!NT_STATUS_IS_OK(status)) {
4623 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4624 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4625 ERRSRV, ERRbadpath);
4626 END_PROFILE(SMBmkdir);
4629 reply_nterror(req, status);
4630 END_PROFILE(SMBmkdir);
4634 status = unix_convert(conn, directory, False, NULL, &sbuf);
4635 if (!NT_STATUS_IS_OK(status)) {
4636 reply_nterror(req, status);
4637 END_PROFILE(SMBmkdir);
4641 status = check_name(conn, directory);
4642 if (!NT_STATUS_IS_OK(status)) {
4643 reply_nterror(req, status);
4644 END_PROFILE(SMBmkdir);
4648 status = create_directory(conn, directory);
4650 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4652 if (!NT_STATUS_IS_OK(status)) {
4654 if (!use_nt_status()
4655 && NT_STATUS_EQUAL(status,
4656 NT_STATUS_OBJECT_NAME_COLLISION)) {
4658 * Yes, in the DOS error code case we get a
4659 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4660 * samba4 torture test.
4662 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4665 reply_nterror(req, status);
4666 END_PROFILE(SMBmkdir);
4670 reply_outbuf(req, 0, 0);
4672 DEBUG( 3, ( "mkdir %s\n", directory ) );
4674 END_PROFILE(SMBmkdir);
4678 /****************************************************************************
4679 Static function used by reply_rmdir to delete an entire directory
4680 tree recursively. Return True on ok, False on fail.
4681 ****************************************************************************/
4683 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
4685 const char *dname = NULL;
4688 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4693 while((dname = ReadDirName(dir_hnd, &offset))) {
4697 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4700 if (!is_visible_file(conn, directory, dname, &st, False))
4703 /* Construct the full name. */
4704 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4710 pstrcpy(fullname, directory);
4711 pstrcat(fullname, "/");
4712 pstrcat(fullname, dname);
4714 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4719 if(st.st_mode & S_IFDIR) {
4720 if(!recursive_rmdir(conn, fullname)) {
4724 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4728 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4737 /****************************************************************************
4738 The internals of the rmdir code - called elsewhere.
4739 ****************************************************************************/
4741 NTSTATUS rmdir_internals(connection_struct *conn, const char *directory)
4746 /* Might be a symlink. */
4747 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4748 return map_nt_error_from_unix(errno);
4751 if (S_ISLNK(st.st_mode)) {
4752 /* Is what it points to a directory ? */
4753 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4754 return map_nt_error_from_unix(errno);
4756 if (!(S_ISDIR(st.st_mode))) {
4757 return NT_STATUS_NOT_A_DIRECTORY;
4759 ret = SMB_VFS_UNLINK(conn,directory);
4761 ret = SMB_VFS_RMDIR(conn,directory);
4764 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4765 FILE_NOTIFY_CHANGE_DIR_NAME,
4767 return NT_STATUS_OK;
4770 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4772 * Check to see if the only thing in this directory are
4773 * vetoed files/directories. If so then delete them and
4774 * retry. If we fail to delete any of them (and we *don't*
4775 * do a recursive delete) then fail the rmdir.
4779 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4781 if(dir_hnd == NULL) {
4786 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4787 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4789 if (!is_visible_file(conn, directory, dname, &st, False))
4791 if(!IS_VETO_PATH(conn, dname)) {
4798 /* We only have veto files/directories. Recursive delete. */
4800 RewindDir(dir_hnd,&dirpos);
4801 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4804 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4806 if (!is_visible_file(conn, directory, dname, &st, False))
4809 /* Construct the full name. */
4810 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4815 pstrcpy(fullname, directory);
4816 pstrcat(fullname, "/");
4817 pstrcat(fullname, dname);
4819 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
4821 if(st.st_mode & S_IFDIR) {
4822 if(lp_recursive_veto_delete(SNUM(conn))) {
4823 if(!recursive_rmdir(conn, fullname))
4826 if(SMB_VFS_RMDIR(conn,fullname) != 0)
4828 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
4832 /* Retry the rmdir */
4833 ret = SMB_VFS_RMDIR(conn,directory);
4839 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
4840 "%s\n", directory,strerror(errno)));
4841 return map_nt_error_from_unix(errno);
4844 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4845 FILE_NOTIFY_CHANGE_DIR_NAME,
4848 return NT_STATUS_OK;
4851 /****************************************************************************
4853 ****************************************************************************/
4855 void reply_rmdir(connection_struct *conn, struct smb_request *req)
4858 SMB_STRUCT_STAT sbuf;
4860 START_PROFILE(SMBrmdir);
4862 srvstr_get_path((char *)req->inbuf, req->flags2, directory,
4863 smb_buf(req->inbuf) + 1, sizeof(directory), 0,
4864 STR_TERMINATE, &status);
4865 if (!NT_STATUS_IS_OK(status)) {
4866 reply_nterror(req, status);
4867 END_PROFILE(SMBrmdir);
4871 status = resolve_dfspath(conn,
4872 req->flags2 & FLAGS2_DFS_PATHNAMES,
4874 if (!NT_STATUS_IS_OK(status)) {
4875 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4876 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4877 ERRSRV, ERRbadpath);
4878 END_PROFILE(SMBrmdir);
4881 reply_nterror(req, status);
4882 END_PROFILE(SMBrmdir);
4886 status = unix_convert(conn, directory, False, NULL, &sbuf);
4887 if (!NT_STATUS_IS_OK(status)) {
4888 reply_nterror(req, status);
4889 END_PROFILE(SMBrmdir);
4893 status = check_name(conn, directory);
4894 if (!NT_STATUS_IS_OK(status)) {
4895 reply_nterror(req, status);
4896 END_PROFILE(SMBrmdir);
4900 dptr_closepath(directory, req->smbpid);
4901 status = rmdir_internals(conn, directory);
4902 if (!NT_STATUS_IS_OK(status)) {
4903 reply_nterror(req, status);
4904 END_PROFILE(SMBrmdir);
4908 reply_outbuf(req, 0, 0);
4910 DEBUG( 3, ( "rmdir %s\n", directory ) );
4912 END_PROFILE(SMBrmdir);
4916 /*******************************************************************
4917 Resolve wildcards in a filename rename.
4918 Note that name is in UNIX charset and thus potentially can be more
4919 than fstring buffer (255 bytes) especially in default UTF-8 case.
4920 Therefore, we use pstring inside and all calls should ensure that
4921 name2 is at least pstring-long (they do already)
4922 ********************************************************************/
4924 static BOOL resolve_wildcards(const char *name1, char *name2)
4926 pstring root1,root2;
4928 char *p,*p2, *pname1, *pname2;
4929 int available_space, actual_space;
4931 pname1 = strrchr_m(name1,'/');
4932 pname2 = strrchr_m(name2,'/');
4934 if (!pname1 || !pname2)
4937 pstrcpy(root1,pname1);
4938 pstrcpy(root2,pname2);
4939 p = strrchr_m(root1,'.');
4946 p = strrchr_m(root2,'.');
4960 } else if (*p2 == '*') {
4976 } else if (*p2 == '*') {
4986 available_space = sizeof(pstring) - PTR_DIFF(pname2, name2);
4989 actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
4990 if (actual_space >= available_space - 1) {
4991 DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n",
4992 actual_space - available_space));
4995 pstrcpy_base(pname2, root2, name2);
5001 /****************************************************************************
5002 Ensure open files have their names updated. Updated to notify other smbd's
5004 ****************************************************************************/
5006 static void rename_open_files(connection_struct *conn,
5007 struct share_mode_lock *lck,
5008 const char *newname)
5011 BOOL did_rename = False;
5013 for(fsp = file_find_di_first(lck->id); fsp;
5014 fsp = file_find_di_next(fsp)) {
5015 /* fsp_name is a relative path under the fsp. To change this for other
5016 sharepaths we need to manipulate relative paths. */
5017 /* TODO - create the absolute path and manipulate the newname
5018 relative to the sharepath. */
5019 if (fsp->conn != conn) {
5022 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5023 fsp->fnum, file_id_static_string(&fsp->file_id),
5024 fsp->fsp_name, newname ));
5025 string_set(&fsp->fsp_name, newname);
5030 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5031 file_id_static_string(&lck->id), newname ));
5034 /* Send messages to all smbd's (not ourself) that the name has changed. */
5035 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5039 /****************************************************************************
5040 We need to check if the source path is a parent directory of the destination
5041 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5042 refuse the rename with a sharing violation. Under UNIX the above call can
5043 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5044 probably need to check that the client is a Windows one before disallowing
5045 this as a UNIX client (one with UNIX extensions) can know the source is a
5046 symlink and make this decision intelligently. Found by an excellent bug
5047 report from <AndyLiebman@aol.com>.
5048 ****************************************************************************/
5050 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
5052 const char *psrc = src;
5053 const char *pdst = dest;
5056 if (psrc[0] == '.' && psrc[1] == '/') {
5059 if (pdst[0] == '.' && pdst[1] == '/') {
5062 if ((slen = strlen(psrc)) > strlen(pdst)) {
5065 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5069 * Do the notify calls from a rename
5072 static void notify_rename(connection_struct *conn, BOOL is_dir,
5073 const char *oldpath, const char *newpath)
5075 char *olddir, *newdir;
5076 const char *oldname, *newname;
5079 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5080 : FILE_NOTIFY_CHANGE_FILE_NAME;
5082 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5083 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5084 TALLOC_FREE(olddir);
5088 if (strcmp(olddir, newdir) == 0) {
5089 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5090 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5093 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5094 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5096 TALLOC_FREE(olddir);
5097 TALLOC_FREE(newdir);
5099 /* this is a strange one. w2k3 gives an additional event for
5100 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5101 files, but not directories */
5103 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5104 FILE_NOTIFY_CHANGE_ATTRIBUTES
5105 |FILE_NOTIFY_CHANGE_CREATION,
5110 /****************************************************************************
5111 Rename an open file - given an fsp.
5112 ****************************************************************************/
5114 NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp,
5116 const char *newname_last_component,
5117 uint32 attrs, BOOL replace_if_exists)
5119 SMB_STRUCT_STAT sbuf, sbuf1;
5120 NTSTATUS status = NT_STATUS_OK;
5121 struct share_mode_lock *lck = NULL;
5126 status = check_name(conn, newname);
5127 if (!NT_STATUS_IS_OK(status)) {
5131 /* Ensure newname contains a '/' */
5132 if(strrchr_m(newname,'/') == 0) {
5135 pstrcpy(tmpstr, "./");
5136 pstrcat(tmpstr, newname);
5137 pstrcpy(newname, tmpstr);
5141 * Check for special case with case preserving and not
5142 * case sensitive. If the old last component differs from the original
5143 * last component only by case, then we should allow
5144 * the rename (user is trying to change the case of the
5148 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5149 strequal(newname, fsp->fsp_name)) {
5151 pstring newname_modified_last_component;
5154 * Get the last component of the modified name.
5155 * Note that we guarantee that newname contains a '/'
5158 p = strrchr_m(newname,'/');
5159 pstrcpy(newname_modified_last_component,p+1);
5161 if(strcsequal(newname_modified_last_component,
5162 newname_last_component) == False) {
5164 * Replace the modified last component with
5167 pstrcpy(p+1, newname_last_component);
5172 * If the src and dest names are identical - including case,
5173 * don't do the rename, just return success.
5176 if (strcsequal(fsp->fsp_name, newname)) {
5177 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5179 return NT_STATUS_OK;
5183 * Have vfs_object_exist also fill sbuf1
5185 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5187 if(!replace_if_exists && dst_exists) {
5188 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5189 fsp->fsp_name,newname));
5190 return NT_STATUS_OBJECT_NAME_COLLISION;
5194 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5195 files_struct *dst_fsp = file_find_di_first(fileid);
5197 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5198 return NT_STATUS_ACCESS_DENIED;
5202 /* Ensure we have a valid stat struct for the source. */
5203 if (fsp->fh->fd != -1) {
5204 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) == -1) {
5205 return map_nt_error_from_unix(errno);
5208 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5209 return map_nt_error_from_unix(errno);
5213 status = can_rename(conn, fsp, attrs, &sbuf);
5215 if (!NT_STATUS_IS_OK(status)) {
5216 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5217 nt_errstr(status), fsp->fsp_name,newname));
5218 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5219 status = NT_STATUS_ACCESS_DENIED;
5223 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5224 return NT_STATUS_ACCESS_DENIED;
5227 lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
5230 * We have the file open ourselves, so not being able to get the
5231 * corresponding share mode lock is a fatal error.
5234 SMB_ASSERT(lck != NULL);
5236 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5237 uint32 create_options = fsp->fh->private_options;
5239 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5240 fsp->fsp_name,newname));
5242 rename_open_files(conn, lck, newname);
5244 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5247 * A rename acts as a new file create w.r.t. allowing an initial delete
5248 * on close, probably because in Windows there is a new handle to the
5249 * new file. If initial delete on close was requested but not
5250 * originally set, we need to set it here. This is probably not 100% correct,
5251 * but will work for the CIFSFS client which in non-posix mode
5252 * depends on these semantics. JRA.
5255 set_allow_initial_delete_on_close(lck, fsp, True);
5257 if (create_options & FILE_DELETE_ON_CLOSE) {
5258 status = can_set_delete_on_close(fsp, True, 0);
5260 if (NT_STATUS_IS_OK(status)) {
5261 /* Note that here we set the *inital* delete on close flag,
5262 * not the regular one. The magic gets handled in close. */
5263 fsp->initial_delete_on_close = True;
5267 return NT_STATUS_OK;
5272 if (errno == ENOTDIR || errno == EISDIR) {
5273 status = NT_STATUS_OBJECT_NAME_COLLISION;
5275 status = map_nt_error_from_unix(errno);
5278 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5279 nt_errstr(status), fsp->fsp_name,newname));
5284 /****************************************************************************
5285 The guts of the rename command, split out so it may be called by the NT SMB
5287 ****************************************************************************/
5289 NTSTATUS rename_internals(connection_struct *conn, struct smb_request *req,
5293 BOOL replace_if_exists,
5299 pstring last_component_src;
5300 pstring last_component_dest;
5303 NTSTATUS status = NT_STATUS_OK;
5304 SMB_STRUCT_STAT sbuf1, sbuf2;
5305 struct smb_Dir *dir_hnd = NULL;
5310 *directory = *mask = 0;
5315 status = unix_convert(conn, name, src_has_wild, last_component_src, &sbuf1);
5316 if (!NT_STATUS_IS_OK(status)) {
5320 status = unix_convert(conn, newname, dest_has_wild, last_component_dest, &sbuf2);
5321 if (!NT_STATUS_IS_OK(status)) {
5326 * Split the old name into directory and last component
5327 * strings. Note that unix_convert may have stripped off a
5328 * leading ./ from both name and newname if the rename is
5329 * at the root of the share. We need to make sure either both
5330 * name and newname contain a / character or neither of them do
5331 * as this is checked in resolve_wildcards().
5334 p = strrchr_m(name,'/');
5336 pstrcpy(directory,".");
5340 pstrcpy(directory,name);
5342 *p = '/'; /* Replace needed for exceptional test below. */
5346 * We should only check the mangled cache
5347 * here if unix_convert failed. This means
5348 * that the path in 'mask' doesn't exist
5349 * on the file system and so we need to look
5350 * for a possible mangle. This patch from
5351 * Tine Smukavec <valentin.smukavec@hermes.si>.
5354 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5355 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
5358 if (!src_has_wild) {
5362 * No wildcards - just process the one file.
5364 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
5366 /* Add a terminating '/' to the directory name. */
5367 pstrcat(directory,"/");
5368 pstrcat(directory,mask);
5370 /* Ensure newname contains a '/' also */
5371 if(strrchr_m(newname,'/') == 0) {
5374 pstrcpy(tmpstr, "./");
5375 pstrcat(tmpstr, newname);
5376 pstrcpy(newname, tmpstr);
5379 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5380 "case_preserve = %d, short case preserve = %d, "
5381 "directory = %s, newname = %s, "
5382 "last_component_dest = %s, is_8_3 = %d\n",
5383 conn->case_sensitive, conn->case_preserve,
5384 conn->short_case_preserve, directory,
5385 newname, last_component_dest, is_short_name));
5387 /* The dest name still may have wildcards. */
5388 if (dest_has_wild) {
5389 if (!resolve_wildcards(directory,newname)) {
5390 DEBUG(6, ("rename_internals: resolve_wildcards %s %s failed\n",
5391 directory,newname));
5392 return NT_STATUS_NO_MEMORY;
5397 SMB_VFS_STAT(conn, directory, &sbuf1);
5399 status = S_ISDIR(sbuf1.st_mode) ?
5400 open_directory(conn, req, directory, &sbuf1,
5402 FILE_SHARE_READ|FILE_SHARE_WRITE,
5403 FILE_OPEN, 0, 0, NULL,
5405 : open_file_ntcreate(conn, req, directory, &sbuf1,
5407 FILE_SHARE_READ|FILE_SHARE_WRITE,
5408 FILE_OPEN, 0, 0, 0, NULL,
5411 if (!NT_STATUS_IS_OK(status)) {
5412 DEBUG(3, ("Could not open rename source %s: %s\n",
5413 directory, nt_errstr(status)));
5417 status = rename_internals_fsp(conn, fsp, newname,
5418 last_component_dest,
5419 attrs, replace_if_exists);
5421 close_file(fsp, NORMAL_CLOSE);
5423 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5424 nt_errstr(status), directory,newname));
5430 * Wildcards - process each file that matches.
5432 if (strequal(mask,"????????.???")) {
5436 status = check_name(conn, directory);
5437 if (!NT_STATUS_IS_OK(status)) {
5441 dir_hnd = OpenDir(conn, directory, mask, attrs);
5442 if (dir_hnd == NULL) {
5443 return map_nt_error_from_unix(errno);
5446 status = NT_STATUS_NO_SUCH_FILE;
5448 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5449 * - gentest fix. JRA
5452 while ((dname = ReadDirName(dir_hnd, &offset))) {
5455 BOOL sysdir_entry = False;
5457 pstrcpy(fname,dname);
5459 /* Quick check for "." and ".." */
5460 if (fname[0] == '.') {
5461 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
5463 sysdir_entry = True;
5470 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5474 if(!mask_match(fname, mask, conn->case_sensitive)) {
5479 status = NT_STATUS_OBJECT_NAME_INVALID;
5483 slprintf(fname, sizeof(fname)-1, "%s/%s", directory, dname);
5485 pstrcpy(destname,newname);
5487 if (!resolve_wildcards(fname,destname)) {
5488 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5494 SMB_VFS_STAT(conn, fname, &sbuf1);
5496 status = S_ISDIR(sbuf1.st_mode) ?
5497 open_directory(conn, req, fname, &sbuf1,
5499 FILE_SHARE_READ|FILE_SHARE_WRITE,
5500 FILE_OPEN, 0, 0, NULL,
5502 : open_file_ntcreate(conn, req, fname, &sbuf1,
5504 FILE_SHARE_READ|FILE_SHARE_WRITE,
5505 FILE_OPEN, 0, 0, 0, NULL,
5508 if (!NT_STATUS_IS_OK(status)) {
5509 DEBUG(3,("rename_internals: open_file_ntcreate "
5510 "returned %s rename %s -> %s\n",
5511 nt_errstr(status), directory, newname));
5515 status = rename_internals_fsp(conn, fsp, destname, dname,
5516 attrs, replace_if_exists);
5518 close_file(fsp, NORMAL_CLOSE);
5520 if (!NT_STATUS_IS_OK(status)) {
5521 DEBUG(3, ("rename_internals_fsp returned %s for "
5522 "rename %s -> %s\n", nt_errstr(status),
5523 directory, newname));
5529 DEBUG(3,("rename_internals: doing rename on %s -> "
5530 "%s\n",fname,destname));
5534 if (count == 0 && NT_STATUS_IS_OK(status)) {
5535 status = map_nt_error_from_unix(errno);
5541 /****************************************************************************
5543 ****************************************************************************/
5545 void reply_mv(connection_struct *conn, struct smb_request *req)
5552 BOOL src_has_wcard = False;
5553 BOOL dest_has_wcard = False;
5555 START_PROFILE(SMBmv);
5558 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5563 attrs = SVAL(req->inbuf,smb_vwv0);
5565 p = smb_buf(req->inbuf) + 1;
5566 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, name, p,
5567 sizeof(name), 0, STR_TERMINATE, &status,
5569 if (!NT_STATUS_IS_OK(status)) {
5570 reply_nterror(req, status);
5575 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, newname, p,
5576 sizeof(newname), 0, STR_TERMINATE, &status,
5578 if (!NT_STATUS_IS_OK(status)) {
5579 reply_nterror(req, status);
5584 status = resolve_dfspath_wcard(conn,
5585 req->flags2 & FLAGS2_DFS_PATHNAMES,
5586 name, &src_has_wcard);
5587 if (!NT_STATUS_IS_OK(status)) {
5588 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5589 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5590 ERRSRV, ERRbadpath);
5594 reply_nterror(req, status);
5599 status = resolve_dfspath_wcard(conn,
5600 req->flags2 & FLAGS2_DFS_PATHNAMES,
5601 newname, &dest_has_wcard);
5602 if (!NT_STATUS_IS_OK(status)) {
5603 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5604 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5605 ERRSRV, ERRbadpath);
5609 reply_nterror(req, status);
5614 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5616 status = rename_internals(conn, req, name, newname, attrs, False,
5617 src_has_wcard, dest_has_wcard);
5618 if (!NT_STATUS_IS_OK(status)) {
5619 if (open_was_deferred(req->mid)) {
5620 /* We have re-scheduled this call. */
5624 reply_nterror(req, status);
5629 reply_outbuf(req, 0, 0);
5635 /*******************************************************************
5636 Copy a file as part of a reply_copy.
5637 ******************************************************************/
5640 * TODO: check error codes on all callers
5643 NTSTATUS copy_file(connection_struct *conn,
5648 BOOL target_is_directory)
5650 SMB_STRUCT_STAT src_sbuf, sbuf2;
5652 files_struct *fsp1,*fsp2;
5655 uint32 new_create_disposition;
5658 pstrcpy(dest,dest1);
5659 if (target_is_directory) {
5660 char *p = strrchr_m(src,'/');
5670 if (!vfs_file_exist(conn,src,&src_sbuf)) {
5671 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
5674 if (!target_is_directory && count) {
5675 new_create_disposition = FILE_OPEN;
5677 if (!map_open_params_to_ntcreate(dest1,0,ofun,
5678 NULL, NULL, &new_create_disposition, NULL)) {
5679 return NT_STATUS_INVALID_PARAMETER;
5683 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
5685 FILE_SHARE_READ|FILE_SHARE_WRITE,
5688 FILE_ATTRIBUTE_NORMAL,
5692 if (!NT_STATUS_IS_OK(status)) {
5696 dosattrs = dos_mode(conn, src, &src_sbuf);
5697 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
5698 ZERO_STRUCTP(&sbuf2);
5701 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
5703 FILE_SHARE_READ|FILE_SHARE_WRITE,
5704 new_create_disposition,
5710 if (!NT_STATUS_IS_OK(status)) {
5711 close_file(fsp1,ERROR_CLOSE);
5715 if ((ofun&3) == 1) {
5716 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
5717 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
5719 * Stop the copy from occurring.
5722 src_sbuf.st_size = 0;
5726 if (src_sbuf.st_size) {
5727 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
5730 close_file(fsp1,NORMAL_CLOSE);
5732 /* Ensure the modtime is set correctly on the destination file. */
5733 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
5736 * As we are opening fsp1 read-only we only expect
5737 * an error on close on fsp2 if we are out of space.
5738 * Thus we don't look at the error return from the
5741 status = close_file(fsp2,NORMAL_CLOSE);
5743 if (!NT_STATUS_IS_OK(status)) {
5747 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
5748 return NT_STATUS_DISK_FULL;
5751 return NT_STATUS_OK;
5754 /****************************************************************************
5755 Reply to a file copy.
5756 ****************************************************************************/
5758 void reply_copy(connection_struct *conn, struct smb_request *req)
5762 pstring mask,newname;
5765 int error = ERRnoaccess;
5770 BOOL target_is_directory=False;
5771 BOOL source_has_wild = False;
5772 BOOL dest_has_wild = False;
5773 SMB_STRUCT_STAT sbuf1, sbuf2;
5776 START_PROFILE(SMBcopy);
5779 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5780 END_PROFILE(SMBcopy);
5784 tid2 = SVAL(req->inbuf,smb_vwv0);
5785 ofun = SVAL(req->inbuf,smb_vwv1);
5786 flags = SVAL(req->inbuf,smb_vwv2);
5788 *directory = *mask = 0;
5790 p = smb_buf(req->inbuf);
5791 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, name, p,
5792 sizeof(name), 0, STR_TERMINATE, &status,
5794 if (!NT_STATUS_IS_OK(status)) {
5795 reply_nterror(req, status);
5796 END_PROFILE(SMBcopy);
5799 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, newname, p,
5800 sizeof(newname), 0, STR_TERMINATE, &status,
5802 if (!NT_STATUS_IS_OK(status)) {
5803 reply_nterror(req, status);
5804 END_PROFILE(SMBcopy);
5808 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
5810 if (tid2 != conn->cnum) {
5811 /* can't currently handle inter share copies XXXX */
5812 DEBUG(3,("Rejecting inter-share copy\n"));
5813 reply_doserror(req, ERRSRV, ERRinvdevice);
5814 END_PROFILE(SMBcopy);
5818 status = resolve_dfspath_wcard(conn,
5819 req->flags2 & FLAGS2_DFS_PATHNAMES,
5820 name, &source_has_wild);
5821 if (!NT_STATUS_IS_OK(status)) {
5822 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5823 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5824 ERRSRV, ERRbadpath);
5825 END_PROFILE(SMBcopy);
5828 reply_nterror(req, status);
5829 END_PROFILE(SMBcopy);
5833 status = resolve_dfspath_wcard(conn,
5834 req->flags2 & FLAGS2_DFS_PATHNAMES,
5835 newname, &dest_has_wild);
5836 if (!NT_STATUS_IS_OK(status)) {
5837 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5838 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5839 ERRSRV, ERRbadpath);
5840 END_PROFILE(SMBcopy);
5843 reply_nterror(req, status);
5844 END_PROFILE(SMBcopy);
5848 status = unix_convert(conn, name, source_has_wild, NULL, &sbuf1);
5849 if (!NT_STATUS_IS_OK(status)) {
5850 reply_nterror(req, status);
5851 END_PROFILE(SMBcopy);
5855 status = unix_convert(conn, newname, dest_has_wild, NULL, &sbuf2);
5856 if (!NT_STATUS_IS_OK(status)) {
5857 reply_nterror(req, status);
5858 END_PROFILE(SMBcopy);
5862 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
5864 if ((flags&1) && target_is_directory) {
5865 reply_doserror(req, ERRDOS, ERRbadfile);
5866 END_PROFILE(SMBcopy);
5870 if ((flags&2) && !target_is_directory) {
5871 reply_doserror(req, ERRDOS, ERRbadpath);
5872 END_PROFILE(SMBcopy);
5876 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
5877 /* wants a tree copy! XXXX */
5878 DEBUG(3,("Rejecting tree copy\n"));
5879 reply_doserror(req, ERRSRV, ERRerror);
5880 END_PROFILE(SMBcopy);
5884 p = strrchr_m(name,'/');
5886 pstrcpy(directory,"./");
5890 pstrcpy(directory,name);
5895 * We should only check the mangled cache
5896 * here if unix_convert failed. This means
5897 * that the path in 'mask' doesn't exist
5898 * on the file system and so we need to look
5899 * for a possible mangle. This patch from
5900 * Tine Smukavec <valentin.smukavec@hermes.si>.
5903 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5904 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
5907 if (!source_has_wild) {
5908 pstrcat(directory,"/");
5909 pstrcat(directory,mask);
5910 if (dest_has_wild) {
5911 if (!resolve_wildcards(directory,newname)) {
5912 reply_nterror(req, NT_STATUS_NO_MEMORY);
5913 END_PROFILE(SMBcopy);
5918 status = check_name(conn, directory);
5919 if (!NT_STATUS_IS_OK(status)) {
5920 reply_nterror(req, status);
5921 END_PROFILE(SMBcopy);
5925 status = check_name(conn, newname);
5926 if (!NT_STATUS_IS_OK(status)) {
5927 reply_nterror(req, status);
5928 END_PROFILE(SMBcopy);
5932 status = copy_file(conn,directory,newname,ofun,
5933 count,target_is_directory);
5935 if(!NT_STATUS_IS_OK(status)) {
5936 reply_nterror(req, status);
5937 END_PROFILE(SMBcopy);
5943 struct smb_Dir *dir_hnd = NULL;
5948 if (strequal(mask,"????????.???"))
5951 status = check_name(conn, directory);
5952 if (!NT_STATUS_IS_OK(status)) {
5953 reply_nterror(req, status);
5954 END_PROFILE(SMBcopy);
5958 dir_hnd = OpenDir(conn, directory, mask, 0);
5959 if (dir_hnd == NULL) {
5960 status = map_nt_error_from_unix(errno);
5961 reply_nterror(req, status);
5962 END_PROFILE(SMBcopy);
5968 while ((dname = ReadDirName(dir_hnd, &offset))) {
5970 pstrcpy(fname,dname);
5972 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5976 if(!mask_match(fname, mask, conn->case_sensitive)) {
5980 error = ERRnoaccess;
5981 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
5982 pstrcpy(destname,newname);
5983 if (!resolve_wildcards(fname,destname)) {
5987 status = check_name(conn, fname);
5988 if (!NT_STATUS_IS_OK(status)) {
5989 reply_nterror(req, status);
5990 END_PROFILE(SMBcopy);
5994 status = check_name(conn, destname);
5995 if (!NT_STATUS_IS_OK(status)) {
5996 reply_nterror(req, status);
5997 END_PROFILE(SMBcopy);
6001 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6003 status = copy_file(conn,fname,destname,ofun,
6004 count,target_is_directory);
6005 if (NT_STATUS_IS_OK(status)) {
6014 /* Error on close... */
6016 reply_unixerror(req, ERRHRD, ERRgeneral);
6017 END_PROFILE(SMBcopy);
6021 reply_doserror(req, ERRDOS, error);
6022 END_PROFILE(SMBcopy);
6026 reply_outbuf(req, 1, 0);
6027 SSVAL(req->outbuf,smb_vwv0,count);
6029 END_PROFILE(SMBcopy);
6034 #define DBGC_CLASS DBGC_LOCKING
6036 /****************************************************************************
6037 Get a lock pid, dealing with large count requests.
6038 ****************************************************************************/
6040 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
6042 if(!large_file_format)
6043 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6045 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6048 /****************************************************************************
6049 Get a lock count, dealing with large count requests.
6050 ****************************************************************************/
6052 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
6054 SMB_BIG_UINT count = 0;
6056 if(!large_file_format) {
6057 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6060 #if defined(HAVE_LONGLONG)
6061 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6062 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6063 #else /* HAVE_LONGLONG */
6066 * NT4.x seems to be broken in that it sends large file (64 bit)
6067 * lockingX calls even if the CAP_LARGE_FILES was *not*
6068 * negotiated. For boxes without large unsigned ints truncate the
6069 * lock count by dropping the top 32 bits.
6072 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6073 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6074 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6075 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6076 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6079 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6080 #endif /* HAVE_LONGLONG */
6086 #if !defined(HAVE_LONGLONG)
6087 /****************************************************************************
6088 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6089 ****************************************************************************/
6091 static uint32 map_lock_offset(uint32 high, uint32 low)
6095 uint32 highcopy = high;
6098 * Try and find out how many significant bits there are in high.
6101 for(i = 0; highcopy; i++)
6105 * We use 31 bits not 32 here as POSIX
6106 * lock offsets may not be negative.
6109 mask = (~0) << (31 - i);
6112 return 0; /* Fail. */
6118 #endif /* !defined(HAVE_LONGLONG) */
6120 /****************************************************************************
6121 Get a lock offset, dealing with large offset requests.
6122 ****************************************************************************/
6124 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
6126 SMB_BIG_UINT offset = 0;
6130 if(!large_file_format) {
6131 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6134 #if defined(HAVE_LONGLONG)
6135 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6136 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6137 #else /* HAVE_LONGLONG */
6140 * NT4.x seems to be broken in that it sends large file (64 bit)
6141 * lockingX calls even if the CAP_LARGE_FILES was *not*
6142 * negotiated. For boxes without large unsigned ints mangle the
6143 * lock offset by mapping the top 32 bits onto the lower 32.
6146 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6147 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6148 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6151 if((new_low = map_lock_offset(high, low)) == 0) {
6153 return (SMB_BIG_UINT)-1;
6156 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6157 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6158 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6159 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6162 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6163 #endif /* HAVE_LONGLONG */
6169 /****************************************************************************
6170 Reply to a lockingX request.
6171 ****************************************************************************/
6173 void reply_lockingX(connection_struct *conn, struct smb_request *req)
6176 unsigned char locktype;
6177 unsigned char oplocklevel;
6180 SMB_BIG_UINT count = 0, offset = 0;
6185 BOOL large_file_format;
6187 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6189 START_PROFILE(SMBlockingX);
6192 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6193 END_PROFILE(SMBlockingX);
6197 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6198 locktype = CVAL(req->inbuf,smb_vwv3);
6199 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6200 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6201 num_locks = SVAL(req->inbuf,smb_vwv7);
6202 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6203 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6205 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6206 END_PROFILE(SMBlockingX);
6210 data = smb_buf(req->inbuf);
6212 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6213 /* we don't support these - and CANCEL_LOCK makes w2k
6214 and XP reboot so I don't really want to be
6215 compatible! (tridge) */
6216 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6217 END_PROFILE(SMBlockingX);
6221 /* Check if this is an oplock break on a file
6222 we have granted an oplock on.
6224 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6225 /* Client can insist on breaking to none. */
6226 BOOL break_to_none = (oplocklevel == 0);
6229 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6230 "for fnum = %d\n", (unsigned int)oplocklevel,
6234 * Make sure we have granted an exclusive or batch oplock on
6238 if (fsp->oplock_type == 0) {
6240 /* The Samba4 nbench simulator doesn't understand
6241 the difference between break to level2 and break
6242 to none from level2 - it sends oplock break
6243 replies in both cases. Don't keep logging an error
6244 message here - just ignore it. JRA. */
6246 DEBUG(5,("reply_lockingX: Error : oplock break from "
6247 "client for fnum = %d (oplock=%d) and no "
6248 "oplock granted on this file (%s).\n",
6249 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6251 /* if this is a pure oplock break request then don't
6253 if (num_locks == 0 && num_ulocks == 0) {
6254 END_PROFILE(SMBlockingX);
6255 reply_post_legacy(req, -1);
6258 END_PROFILE(SMBlockingX);
6259 reply_doserror(req, ERRDOS, ERRlock);
6264 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6266 result = remove_oplock(fsp);
6268 result = downgrade_oplock(fsp);
6272 DEBUG(0, ("reply_lockingX: error in removing "
6273 "oplock on file %s\n", fsp->fsp_name));
6274 /* Hmmm. Is this panic justified? */
6275 smb_panic("internal tdb error");
6278 reply_to_oplock_break_requests(fsp);
6280 /* if this is a pure oplock break request then don't send a
6282 if (num_locks == 0 && num_ulocks == 0) {
6283 /* Sanity check - ensure a pure oplock break is not a
6285 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6286 DEBUG(0,("reply_lockingX: Error : pure oplock "
6287 "break is a chained %d request !\n",
6288 (unsigned int)CVAL(req->inbuf,
6290 END_PROFILE(SMBlockingX);
6296 * We do this check *after* we have checked this is not a oplock break
6297 * response message. JRA.
6300 release_level_2_oplocks_on_change(fsp);
6302 if (smb_buflen(req->inbuf) <
6303 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6304 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6305 END_PROFILE(SMBlockingX);
6309 /* Data now points at the beginning of the list
6310 of smb_unlkrng structs */
6311 for(i = 0; i < (int)num_ulocks; i++) {
6312 lock_pid = get_lock_pid( data, i, large_file_format);
6313 count = get_lock_count( data, i, large_file_format);
6314 offset = get_lock_offset( data, i, large_file_format, &err);
6317 * There is no error code marked "stupid client bug".... :-).
6320 END_PROFILE(SMBlockingX);
6321 reply_doserror(req, ERRDOS, ERRnoaccess);
6325 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6326 "pid %u, file %s\n", (double)offset, (double)count,
6327 (unsigned int)lock_pid, fsp->fsp_name ));
6329 status = do_unlock(smbd_messaging_context(),
6336 if (NT_STATUS_V(status)) {
6337 END_PROFILE(SMBlockingX);
6338 reply_nterror(req, status);
6343 /* Setup the timeout in seconds. */
6345 if (!lp_blocking_locks(SNUM(conn))) {
6349 /* Now do any requested locks */
6350 data += ((large_file_format ? 20 : 10)*num_ulocks);
6352 /* Data now points at the beginning of the list
6353 of smb_lkrng structs */
6355 for(i = 0; i < (int)num_locks; i++) {
6356 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6357 READ_LOCK:WRITE_LOCK);
6358 lock_pid = get_lock_pid( data, i, large_file_format);
6359 count = get_lock_count( data, i, large_file_format);
6360 offset = get_lock_offset( data, i, large_file_format, &err);
6363 * There is no error code marked "stupid client bug".... :-).
6366 END_PROFILE(SMBlockingX);
6367 reply_doserror(req, ERRDOS, ERRnoaccess);
6371 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6372 "%u, file %s timeout = %d\n", (double)offset,
6373 (double)count, (unsigned int)lock_pid,
6374 fsp->fsp_name, (int)lock_timeout ));
6376 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6377 if (lp_blocking_locks(SNUM(conn))) {
6379 /* Schedule a message to ourselves to
6380 remove the blocking lock record and
6381 return the right error. */
6383 if (!blocking_lock_cancel(fsp,
6389 NT_STATUS_FILE_LOCK_CONFLICT)) {
6390 END_PROFILE(SMBlockingX);
6395 ERRcancelviolation));
6399 /* Remove a matching pending lock. */
6400 status = do_lock_cancel(fsp,
6406 BOOL blocking_lock = lock_timeout ? True : False;
6407 BOOL defer_lock = False;
6408 struct byte_range_lock *br_lck;
6409 uint32 block_smbpid;
6411 br_lck = do_lock(smbd_messaging_context(),
6422 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6423 /* Windows internal resolution for blocking locks seems
6424 to be about 200ms... Don't wait for less than that. JRA. */
6425 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6426 lock_timeout = lp_lock_spin_time();
6431 /* This heuristic seems to match W2K3 very well. If a
6432 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6433 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6434 far as I can tell. Replacement for do_lock_spin(). JRA. */
6436 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6437 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6439 lock_timeout = lp_lock_spin_time();
6442 if (br_lck && defer_lock) {
6444 * A blocking lock was requested. Package up
6445 * this smb into a queued request and push it
6446 * onto the blocking lock queue.
6448 if(push_blocking_lock_request(br_lck,
6450 smb_len(req->inbuf)+4,
6460 TALLOC_FREE(br_lck);
6461 END_PROFILE(SMBlockingX);
6462 reply_post_legacy(req, -1);
6467 TALLOC_FREE(br_lck);
6470 if (NT_STATUS_V(status)) {
6471 END_PROFILE(SMBlockingX);
6472 reply_nterror(req, status);
6477 /* If any of the above locks failed, then we must unlock
6478 all of the previous locks (X/Open spec). */
6480 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6484 * Ensure we don't do a remove on the lock that just failed,
6485 * as under POSIX rules, if we have a lock already there, we
6486 * will delete it (and we shouldn't) .....
6488 for(i--; i >= 0; i--) {
6489 lock_pid = get_lock_pid( data, i, large_file_format);
6490 count = get_lock_count( data, i, large_file_format);
6491 offset = get_lock_offset( data, i, large_file_format,
6495 * There is no error code marked "stupid client
6499 END_PROFILE(SMBlockingX);
6500 reply_doserror(req, ERRDOS, ERRnoaccess);
6504 do_unlock(smbd_messaging_context(),
6511 END_PROFILE(SMBlockingX);
6512 reply_nterror(req, status);
6516 reply_outbuf(req, 2, 0);
6518 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6519 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6521 END_PROFILE(SMBlockingX);
6522 chain_reply_new(req);
6526 #define DBGC_CLASS DBGC_ALL
6528 /****************************************************************************
6529 Reply to a SMBreadbmpx (read block multiplex) request.
6530 Always reply with an error, if someone has a platform really needs this,
6531 please contact vl@samba.org
6532 ****************************************************************************/
6534 void reply_readbmpx(connection_struct *conn, struct smb_request *req)
6536 START_PROFILE(SMBreadBmpx);
6537 reply_doserror(req, ERRSRV, ERRuseSTD);
6538 END_PROFILE(SMBreadBmpx);
6542 /****************************************************************************
6543 Reply to a SMBreadbs (read block multiplex secondary) request.
6544 Always reply with an error, if someone has a platform really needs this,
6545 please contact vl@samba.org
6546 ****************************************************************************/
6548 void reply_readbs(connection_struct *conn, struct smb_request *req)
6550 START_PROFILE(SMBreadBs);
6551 reply_doserror(req, ERRSRV, ERRuseSTD);
6552 END_PROFILE(SMBreadBs);
6556 /****************************************************************************
6557 Reply to a SMBsetattrE.
6558 ****************************************************************************/
6560 void reply_setattrE(connection_struct *conn, struct smb_request *req)
6562 struct timespec ts[2];
6565 START_PROFILE(SMBsetattrE);
6568 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6569 END_PROFILE(SMBsetattrE);
6573 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6575 if(!fsp || (fsp->conn != conn)) {
6576 reply_doserror(req, ERRDOS, ERRbadfid);
6577 END_PROFILE(SMBsetattrE);
6583 * Convert the DOS times into unix times. Ignore create
6584 * time as UNIX can't set this.
6587 ts[0] = convert_time_t_to_timespec(
6588 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
6589 ts[1] = convert_time_t_to_timespec(
6590 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
6592 reply_outbuf(req, 0, 0);
6595 * Patch from Ray Frush <frush@engr.colostate.edu>
6596 * Sometimes times are sent as zero - ignore them.
6599 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6600 /* Ignore request */
6601 if( DEBUGLVL( 3 ) ) {
6602 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6603 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
6605 END_PROFILE(SMBsetattrE);
6607 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
6608 /* set modify time = to access time if modify time was unset */
6612 /* Set the date on this file */
6613 /* Should we set pending modtime here ? JRA */
6614 if(file_ntimes(conn, fsp->fsp_name, ts)) {
6615 reply_doserror(req, ERRDOS, ERRnoaccess);
6616 END_PROFILE(SMBsetattrE);
6620 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
6622 (unsigned int)ts[0].tv_sec,
6623 (unsigned int)ts[1].tv_sec));
6625 END_PROFILE(SMBsetattrE);
6630 /* Back from the dead for OS/2..... JRA. */
6632 /****************************************************************************
6633 Reply to a SMBwritebmpx (write block multiplex primary) request.
6634 Always reply with an error, if someone has a platform really needs this,
6635 please contact vl@samba.org
6636 ****************************************************************************/
6638 void reply_writebmpx(connection_struct *conn, struct smb_request *req)
6640 START_PROFILE(SMBwriteBmpx);
6641 reply_doserror(req, ERRSRV, ERRuseSTD);
6642 END_PROFILE(SMBwriteBmpx);
6646 /****************************************************************************
6647 Reply to a SMBwritebs (write block multiplex secondary) request.
6648 Always reply with an error, if someone has a platform really needs this,
6649 please contact vl@samba.org
6650 ****************************************************************************/
6652 void reply_writebs(connection_struct *conn, struct smb_request *req)
6654 START_PROFILE(SMBwriteBs);
6655 reply_doserror(req, ERRSRV, ERRuseSTD);
6656 END_PROFILE(SMBwriteBs);
6660 /****************************************************************************
6661 Reply to a SMBgetattrE.
6662 ****************************************************************************/
6664 void reply_getattrE(connection_struct *conn, struct smb_request *req)
6666 SMB_STRUCT_STAT sbuf;
6670 START_PROFILE(SMBgetattrE);
6673 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6674 END_PROFILE(SMBgetattrE);
6678 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6680 if(!fsp || (fsp->conn != conn)) {
6681 reply_doserror(req, ERRDOS, ERRbadfid);
6682 END_PROFILE(SMBgetattrE);
6686 /* Do an fstat on this file */
6687 if(fsp_stat(fsp, &sbuf)) {
6688 reply_unixerror(req, ERRDOS, ERRnoaccess);
6689 END_PROFILE(SMBgetattrE);
6693 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
6696 * Convert the times into dos times. Set create
6697 * date to be last modify date as UNIX doesn't save
6701 reply_outbuf(req, 11, 0);
6703 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
6704 get_create_time(&sbuf,
6705 lp_fake_dir_create_times(SNUM(conn))));
6706 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
6707 /* Should we check pending modtime here ? JRA */
6708 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
6711 SIVAL(req->outbuf, smb_vwv6, 0);
6712 SIVAL(req->outbuf, smb_vwv8, 0);
6714 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
6715 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
6716 SIVAL(req->outbuf, smb_vwv8, allocation_size);
6718 SSVAL(req->outbuf,smb_vwv10, mode);
6720 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
6722 END_PROFILE(SMBgetattrE);