2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 extern uint32 global_client_caps;
34 extern bool global_encrypted_passwords_negotiated;
36 /****************************************************************************
37 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
38 path or anything including wildcards.
39 We're assuming here that '/' is not the second byte in any multibyte char
40 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
42 ****************************************************************************/
44 /* Custom version for processing POSIX paths. */
45 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
47 static NTSTATUS check_path_syntax_internal(char *path,
49 bool *p_last_component_contains_wcard)
53 NTSTATUS ret = NT_STATUS_OK;
54 bool start_of_name_component = True;
56 *p_last_component_contains_wcard = False;
59 if (IS_PATH_SEP(*s,posix_path)) {
61 * Safe to assume is not the second part of a mb char
62 * as this is handled below.
64 /* Eat multiple '/' or '\\' */
65 while (IS_PATH_SEP(*s,posix_path)) {
68 if ((d != path) && (*s != '\0')) {
69 /* We only care about non-leading or trailing '/' or '\\' */
73 start_of_name_component = True;
75 *p_last_component_contains_wcard = False;
79 if (start_of_name_component) {
80 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
81 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
84 * No mb char starts with '.' so we're safe checking the directory separator here.
87 /* If we just added a '/' - delete it */
88 if ((d > path) && (*(d-1) == '/')) {
93 /* Are we at the start ? Can't go back further if so. */
95 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
98 /* Go back one level... */
99 /* We know this is safe as '/' cannot be part of a mb sequence. */
100 /* NOTE - if this assumption is invalid we are not in good shape... */
101 /* Decrement d first as d points to the *next* char to write into. */
102 for (d--; d > path; d--) {
106 s += 2; /* Else go past the .. */
107 /* We're still at the start of a name component, just the previous one. */
110 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
123 return NT_STATUS_OBJECT_NAME_INVALID;
131 *p_last_component_contains_wcard = True;
140 /* Get the size of the next MB character. */
141 next_codepoint(s,&siz);
159 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
161 return NT_STATUS_INVALID_PARAMETER;
164 start_of_name_component = False;
172 /****************************************************************************
173 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
174 No wildcards allowed.
175 ****************************************************************************/
177 NTSTATUS check_path_syntax(char *path)
180 return check_path_syntax_internal(path, False, &ignore);
183 /****************************************************************************
184 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
185 Wildcards allowed - p_contains_wcard returns true if the last component contained
187 ****************************************************************************/
189 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
191 return check_path_syntax_internal(path, False, p_contains_wcard);
194 /****************************************************************************
195 Check the path for a POSIX client.
196 We're assuming here that '/' is not the second byte in any multibyte char
197 set (a safe assumption).
198 ****************************************************************************/
200 NTSTATUS check_path_syntax_posix(char *path)
203 return check_path_syntax_internal(path, True, &ignore);
206 /****************************************************************************
207 Pull a string and check the path allowing a wilcard - provide for error return.
208 ****************************************************************************/
210 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
211 const char *base_ptr,
218 bool *contains_wcard)
224 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
228 *err = NT_STATUS_INVALID_PARAMETER;
232 *contains_wcard = False;
234 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
236 * For a DFS path the function parse_dfs_path()
237 * will do the path processing, just make a copy.
243 if (lp_posix_pathnames()) {
244 *err = check_path_syntax_posix(*pp_dest);
246 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
252 /****************************************************************************
253 Pull a string and check the path - provide for error return.
254 ****************************************************************************/
256 size_t srvstr_get_path(TALLOC_CTX *ctx,
257 const char *base_ptr,
266 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
267 src_len, flags, err, &ignore);
270 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
271 char **pp_dest, const char *src, int flags,
272 NTSTATUS *err, bool *contains_wcard)
274 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
275 pp_dest, src, smbreq_bufrem(req, src),
276 flags, err, contains_wcard);
279 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
280 char **pp_dest, const char *src, int flags,
284 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
285 flags, err, &ignore);
288 /****************************************************************************
289 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
290 ****************************************************************************/
292 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
295 if (!(fsp) || !(conn)) {
296 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
299 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
300 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
306 /****************************************************************************
307 Check if we have a correct fsp pointing to a file.
308 ****************************************************************************/
310 bool check_fsp(connection_struct *conn, struct smb_request *req,
313 if (!check_fsp_open(conn, req, fsp)) {
316 if ((fsp)->is_directory) {
317 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
320 if ((fsp)->fh->fd == -1) {
321 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
324 (fsp)->num_smb_operations++;
328 /****************************************************************************
329 Check if we have a correct fsp pointing to a quota fake file. Replacement for
330 the CHECK_NTQUOTA_HANDLE_OK macro.
331 ****************************************************************************/
333 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
336 if (!check_fsp_open(conn, req, fsp)) {
340 if (fsp->is_directory) {
344 if (fsp->fake_file_handle == NULL) {
348 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
352 if (fsp->fake_file_handle->private_data == NULL) {
359 /****************************************************************************
360 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
361 ****************************************************************************/
363 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
366 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
367 && (req->vuid == (fsp)->vuid)) {
371 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
375 /****************************************************************************
376 Reply to a (netbios-level) special message.
377 ****************************************************************************/
379 void reply_special(char *inbuf)
381 int msg_type = CVAL(inbuf,0);
382 int msg_flags = CVAL(inbuf,1);
387 * We only really use 4 bytes of the outbuf, but for the smb_setlen
388 * calculation & friends (srv_send_smb uses that) we need the full smb
391 char outbuf[smb_size];
393 static bool already_got_session = False;
397 memset(outbuf, '\0', sizeof(outbuf));
399 smb_setlen(outbuf,0);
402 case 0x81: /* session request */
404 if (already_got_session) {
405 exit_server_cleanly("multiple session request not permitted");
408 SCVAL(outbuf,0,0x82);
410 if (name_len(inbuf+4) > 50 ||
411 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
412 DEBUG(0,("Invalid name length in session request\n"));
415 name_extract(inbuf,4,name1);
416 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
417 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
420 set_local_machine_name(name1, True);
421 set_remote_machine_name(name2, True);
423 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
424 get_local_machine_name(), get_remote_machine_name(),
427 if (name_type == 'R') {
428 /* We are being asked for a pathworks session ---
430 SCVAL(outbuf, 0,0x83);
434 /* only add the client's machine name to the list
435 of possibly valid usernames if we are operating
436 in share mode security */
437 if (lp_security() == SEC_SHARE) {
438 add_session_user(get_remote_machine_name());
441 reload_services(True);
444 already_got_session = True;
447 case 0x89: /* session keepalive request
448 (some old clients produce this?) */
449 SCVAL(outbuf,0,SMBkeepalive);
453 case 0x82: /* positive session response */
454 case 0x83: /* negative session response */
455 case 0x84: /* retarget session response */
456 DEBUG(0,("Unexpected session response\n"));
459 case SMBkeepalive: /* session keepalive */
464 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
465 msg_type, msg_flags));
467 srv_send_smb(smbd_server_fd(), outbuf, false);
471 /****************************************************************************
473 conn POINTER CAN BE NULL HERE !
474 ****************************************************************************/
476 void reply_tcon(struct smb_request *req)
478 connection_struct *conn = req->conn;
480 char *service_buf = NULL;
481 char *password = NULL;
486 DATA_BLOB password_blob;
487 TALLOC_CTX *ctx = talloc_tos();
489 START_PROFILE(SMBtcon);
491 if (req->buflen < 4) {
492 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
493 END_PROFILE(SMBtcon);
497 p = (const char *)req->buf + 1;
498 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
500 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
502 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
505 if (service_buf == NULL || password == NULL || dev == NULL) {
506 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
507 END_PROFILE(SMBtcon);
510 p = strrchr_m(service_buf,'\\');
514 service = service_buf;
517 password_blob = data_blob(password, pwlen+1);
519 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
522 data_blob_clear_free(&password_blob);
525 reply_nterror(req, nt_status);
526 END_PROFILE(SMBtcon);
530 reply_outbuf(req, 2, 0);
531 SSVAL(req->outbuf,smb_vwv0,max_recv);
532 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
533 SSVAL(req->outbuf,smb_tid,conn->cnum);
535 DEBUG(3,("tcon service=%s cnum=%d\n",
536 service, conn->cnum));
538 END_PROFILE(SMBtcon);
542 /****************************************************************************
543 Reply to a tcon and X.
544 conn POINTER CAN BE NULL HERE !
545 ****************************************************************************/
547 void reply_tcon_and_X(struct smb_request *req)
549 connection_struct *conn = req->conn;
550 const char *service = NULL;
552 TALLOC_CTX *ctx = talloc_tos();
553 /* what the cleint thinks the device is */
554 char *client_devicetype = NULL;
555 /* what the server tells the client the share represents */
556 const char *server_devicetype;
563 START_PROFILE(SMBtconX);
566 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
567 END_PROFILE(SMBtconX);
571 passlen = SVAL(req->vwv+3, 0);
572 tcon_flags = SVAL(req->vwv+2, 0);
574 /* we might have to close an old one */
575 if ((tcon_flags & 0x1) && conn) {
576 close_cnum(conn,req->vuid);
581 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
582 reply_doserror(req, ERRDOS, ERRbuftoosmall);
583 END_PROFILE(SMBtconX);
587 if (global_encrypted_passwords_negotiated) {
588 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
589 if (lp_security() == SEC_SHARE) {
591 * Security = share always has a pad byte
592 * after the password.
594 p = (const char *)req->buf + passlen + 1;
596 p = (const char *)req->buf + passlen;
599 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
600 /* Ensure correct termination */
601 password.data[passlen]=0;
602 p = (const char *)req->buf + passlen + 1;
605 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
608 data_blob_clear_free(&password);
609 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
610 END_PROFILE(SMBtconX);
615 * the service name can be either: \\server\share
616 * or share directly like on the DELL PowerVault 705
619 q = strchr_m(path+2,'\\');
621 data_blob_clear_free(&password);
622 reply_doserror(req, ERRDOS, ERRnosuchshare);
623 END_PROFILE(SMBtconX);
631 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
632 &client_devicetype, p,
633 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
635 if (client_devicetype == NULL) {
636 data_blob_clear_free(&password);
637 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
638 END_PROFILE(SMBtconX);
642 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
644 conn = make_connection(service, password, client_devicetype,
645 req->vuid, &nt_status);
648 data_blob_clear_free(&password);
651 reply_nterror(req, nt_status);
652 END_PROFILE(SMBtconX);
657 server_devicetype = "IPC";
658 else if ( IS_PRINT(conn) )
659 server_devicetype = "LPT1:";
661 server_devicetype = "A:";
663 if (Protocol < PROTOCOL_NT1) {
664 reply_outbuf(req, 2, 0);
665 if (message_push_string(&req->outbuf, server_devicetype,
666 STR_TERMINATE|STR_ASCII) == -1) {
667 reply_nterror(req, NT_STATUS_NO_MEMORY);
668 END_PROFILE(SMBtconX);
672 /* NT sets the fstype of IPC$ to the null string */
673 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
675 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
676 /* Return permissions. */
680 reply_outbuf(req, 7, 0);
683 perm1 = FILE_ALL_ACCESS;
684 perm2 = FILE_ALL_ACCESS;
686 perm1 = CAN_WRITE(conn) ?
691 SIVAL(req->outbuf, smb_vwv3, perm1);
692 SIVAL(req->outbuf, smb_vwv5, perm2);
694 reply_outbuf(req, 3, 0);
697 if ((message_push_string(&req->outbuf, server_devicetype,
698 STR_TERMINATE|STR_ASCII) == -1)
699 || (message_push_string(&req->outbuf, fstype,
700 STR_TERMINATE) == -1)) {
701 reply_nterror(req, NT_STATUS_NO_MEMORY);
702 END_PROFILE(SMBtconX);
706 /* what does setting this bit do? It is set by NT4 and
707 may affect the ability to autorun mounted cdroms */
708 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
709 (lp_csc_policy(SNUM(conn)) << 2));
711 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
712 DEBUG(2,("Serving %s as a Dfs root\n",
713 lp_servicename(SNUM(conn)) ));
714 SSVAL(req->outbuf, smb_vwv2,
715 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
720 DEBUG(3,("tconX service=%s \n",
723 /* set the incoming and outgoing tid to the just created one */
724 SSVAL(req->inbuf,smb_tid,conn->cnum);
725 SSVAL(req->outbuf,smb_tid,conn->cnum);
727 END_PROFILE(SMBtconX);
733 /****************************************************************************
734 Reply to an unknown type.
735 ****************************************************************************/
737 void reply_unknown_new(struct smb_request *req, uint8 type)
739 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
740 smb_fn_name(type), type, type));
741 reply_doserror(req, ERRSRV, ERRunknownsmb);
745 /****************************************************************************
747 conn POINTER CAN BE NULL HERE !
748 ****************************************************************************/
750 void reply_ioctl(struct smb_request *req)
752 connection_struct *conn = req->conn;
759 START_PROFILE(SMBioctl);
762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
763 END_PROFILE(SMBioctl);
767 device = SVAL(req->vwv+1, 0);
768 function = SVAL(req->vwv+2, 0);
769 ioctl_code = (device << 16) + function;
771 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
773 switch (ioctl_code) {
774 case IOCTL_QUERY_JOB_INFO:
778 reply_doserror(req, ERRSRV, ERRnosupport);
779 END_PROFILE(SMBioctl);
783 reply_outbuf(req, 8, replysize+1);
784 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
785 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
786 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
787 p = smb_buf(req->outbuf);
788 memset(p, '\0', replysize+1); /* valgrind-safe. */
789 p += 1; /* Allow for alignment */
791 switch (ioctl_code) {
792 case IOCTL_QUERY_JOB_INFO:
794 files_struct *fsp = file_fsp(
795 req, SVAL(req->vwv+0, 0));
797 reply_doserror(req, ERRDOS, ERRbadfid);
798 END_PROFILE(SMBioctl);
801 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
802 srvstr_push((char *)req->outbuf, req->flags2, p+2,
804 STR_TERMINATE|STR_ASCII);
806 srvstr_push((char *)req->outbuf, req->flags2,
807 p+18, lp_servicename(SNUM(conn)),
808 13, STR_TERMINATE|STR_ASCII);
816 END_PROFILE(SMBioctl);
820 /****************************************************************************
821 Strange checkpath NTSTATUS mapping.
822 ****************************************************************************/
824 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
826 /* Strange DOS error code semantics only for checkpath... */
827 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
828 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
829 /* We need to map to ERRbadpath */
830 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
836 /****************************************************************************
837 Reply to a checkpath.
838 ****************************************************************************/
840 void reply_checkpath(struct smb_request *req)
842 connection_struct *conn = req->conn;
844 SMB_STRUCT_STAT sbuf;
846 TALLOC_CTX *ctx = talloc_tos();
848 START_PROFILE(SMBcheckpath);
850 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
851 STR_TERMINATE, &status);
853 if (!NT_STATUS_IS_OK(status)) {
854 status = map_checkpath_error(req->flags2, status);
855 reply_nterror(req, status);
856 END_PROFILE(SMBcheckpath);
860 status = resolve_dfspath(ctx, conn,
861 req->flags2 & FLAGS2_DFS_PATHNAMES,
864 if (!NT_STATUS_IS_OK(status)) {
865 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
866 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
868 END_PROFILE(SMBcheckpath);
874 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
876 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
877 if (!NT_STATUS_IS_OK(status)) {
881 status = check_name(conn, name);
882 if (!NT_STATUS_IS_OK(status)) {
883 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
887 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
888 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
889 status = map_nt_error_from_unix(errno);
893 if (!S_ISDIR(sbuf.st_mode)) {
894 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
896 END_PROFILE(SMBcheckpath);
900 reply_outbuf(req, 0, 0);
902 END_PROFILE(SMBcheckpath);
907 END_PROFILE(SMBcheckpath);
909 /* We special case this - as when a Windows machine
910 is parsing a path is steps through the components
911 one at a time - if a component fails it expects
912 ERRbadpath, not ERRbadfile.
914 status = map_checkpath_error(req->flags2, status);
915 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
917 * Windows returns different error codes if
918 * the parent directory is valid but not the
919 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
920 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
921 * if the path is invalid.
923 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
928 reply_nterror(req, status);
931 /****************************************************************************
933 ****************************************************************************/
935 void reply_getatr(struct smb_request *req)
937 connection_struct *conn = req->conn;
939 SMB_STRUCT_STAT sbuf;
945 TALLOC_CTX *ctx = talloc_tos();
947 START_PROFILE(SMBgetatr);
949 p = (const char *)req->buf + 1;
950 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
951 if (!NT_STATUS_IS_OK(status)) {
952 reply_nterror(req, status);
953 END_PROFILE(SMBgetatr);
957 status = resolve_dfspath(ctx, conn,
958 req->flags2 & FLAGS2_DFS_PATHNAMES,
961 if (!NT_STATUS_IS_OK(status)) {
962 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
963 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
965 END_PROFILE(SMBgetatr);
968 reply_nterror(req, status);
969 END_PROFILE(SMBgetatr);
973 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
974 under WfWg - weird! */
975 if (*fname == '\0') {
976 mode = aHIDDEN | aDIR;
977 if (!CAN_WRITE(conn)) {
983 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
984 if (!NT_STATUS_IS_OK(status)) {
985 reply_nterror(req, status);
986 END_PROFILE(SMBgetatr);
989 status = check_name(conn, fname);
990 if (!NT_STATUS_IS_OK(status)) {
991 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
992 reply_nterror(req, status);
993 END_PROFILE(SMBgetatr);
996 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
997 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
998 reply_unixerror(req, ERRDOS,ERRbadfile);
999 END_PROFILE(SMBgetatr);
1003 mode = dos_mode(conn,fname,&sbuf);
1004 size = sbuf.st_size;
1005 mtime = sbuf.st_mtime;
1011 reply_outbuf(req, 10, 0);
1013 SSVAL(req->outbuf,smb_vwv0,mode);
1014 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1015 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1017 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1019 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1021 if (Protocol >= PROTOCOL_NT1) {
1022 SSVAL(req->outbuf, smb_flg2,
1023 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1026 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1028 END_PROFILE(SMBgetatr);
1032 /****************************************************************************
1034 ****************************************************************************/
1036 void reply_setatr(struct smb_request *req)
1038 struct timespec ts[2];
1039 connection_struct *conn = req->conn;
1043 SMB_STRUCT_STAT sbuf;
1046 TALLOC_CTX *ctx = talloc_tos();
1048 START_PROFILE(SMBsetatr);
1053 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1057 p = (const char *)req->buf + 1;
1058 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1059 if (!NT_STATUS_IS_OK(status)) {
1060 reply_nterror(req, status);
1061 END_PROFILE(SMBsetatr);
1065 status = resolve_dfspath(ctx, conn,
1066 req->flags2 & FLAGS2_DFS_PATHNAMES,
1069 if (!NT_STATUS_IS_OK(status)) {
1070 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1071 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1072 ERRSRV, ERRbadpath);
1073 END_PROFILE(SMBsetatr);
1076 reply_nterror(req, status);
1077 END_PROFILE(SMBsetatr);
1081 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1082 if (!NT_STATUS_IS_OK(status)) {
1083 reply_nterror(req, status);
1084 END_PROFILE(SMBsetatr);
1088 status = check_name(conn, fname);
1089 if (!NT_STATUS_IS_OK(status)) {
1090 reply_nterror(req, status);
1091 END_PROFILE(SMBsetatr);
1095 if (fname[0] == '.' && fname[1] == '\0') {
1097 * Not sure here is the right place to catch this
1098 * condition. Might be moved to somewhere else later -- vl
1100 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1101 END_PROFILE(SMBsetatr);
1105 mode = SVAL(req->vwv+0, 0);
1106 mtime = srv_make_unix_date3(req->vwv+1);
1108 ts[1] = convert_time_t_to_timespec(mtime);
1109 status = smb_set_file_time(conn, NULL, fname,
1111 if (!NT_STATUS_IS_OK(status)) {
1112 reply_unixerror(req, ERRDOS, ERRnoaccess);
1113 END_PROFILE(SMBsetatr);
1117 if (mode != FILE_ATTRIBUTE_NORMAL) {
1118 if (VALID_STAT_OF_DIR(sbuf))
1123 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1124 reply_unixerror(req, ERRDOS, ERRnoaccess);
1125 END_PROFILE(SMBsetatr);
1130 reply_outbuf(req, 0, 0);
1132 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1134 END_PROFILE(SMBsetatr);
1138 /****************************************************************************
1140 ****************************************************************************/
1142 void reply_dskattr(struct smb_request *req)
1144 connection_struct *conn = req->conn;
1145 uint64_t dfree,dsize,bsize;
1146 START_PROFILE(SMBdskattr);
1148 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1149 reply_unixerror(req, ERRHRD, ERRgeneral);
1150 END_PROFILE(SMBdskattr);
1154 reply_outbuf(req, 5, 0);
1156 if (Protocol <= PROTOCOL_LANMAN2) {
1157 double total_space, free_space;
1158 /* we need to scale this to a number that DOS6 can handle. We
1159 use floating point so we can handle large drives on systems
1160 that don't have 64 bit integers
1162 we end up displaying a maximum of 2G to DOS systems
1164 total_space = dsize * (double)bsize;
1165 free_space = dfree * (double)bsize;
1167 dsize = (uint64_t)((total_space+63*512) / (64*512));
1168 dfree = (uint64_t)((free_space+63*512) / (64*512));
1170 if (dsize > 0xFFFF) dsize = 0xFFFF;
1171 if (dfree > 0xFFFF) dfree = 0xFFFF;
1173 SSVAL(req->outbuf,smb_vwv0,dsize);
1174 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1175 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1176 SSVAL(req->outbuf,smb_vwv3,dfree);
1178 SSVAL(req->outbuf,smb_vwv0,dsize);
1179 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1180 SSVAL(req->outbuf,smb_vwv2,512);
1181 SSVAL(req->outbuf,smb_vwv3,dfree);
1184 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1186 END_PROFILE(SMBdskattr);
1190 /****************************************************************************
1192 Can be called from SMBsearch, SMBffirst or SMBfunique.
1193 ****************************************************************************/
1195 void reply_search(struct smb_request *req)
1197 connection_struct *conn = req->conn;
1198 const char *mask = NULL;
1199 char *directory = NULL;
1205 unsigned int numentries = 0;
1206 unsigned int maxentries = 0;
1207 bool finished = False;
1213 bool check_descend = False;
1214 bool expect_close = False;
1216 bool mask_contains_wcard = False;
1217 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1218 TALLOC_CTX *ctx = talloc_tos();
1219 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1221 START_PROFILE(SMBsearch);
1224 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1225 END_PROFILE(SMBsearch);
1229 if (lp_posix_pathnames()) {
1230 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1231 END_PROFILE(SMBsearch);
1235 /* If we were called as SMBffirst then we must expect close. */
1236 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1237 expect_close = True;
1240 reply_outbuf(req, 1, 3);
1241 maxentries = SVAL(req->vwv+0, 0);
1242 dirtype = SVAL(req->vwv+1, 0);
1243 p = (const char *)req->buf + 1;
1244 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1245 &nt_status, &mask_contains_wcard);
1246 if (!NT_STATUS_IS_OK(nt_status)) {
1247 reply_nterror(req, nt_status);
1248 END_PROFILE(SMBsearch);
1252 nt_status = resolve_dfspath_wcard(ctx, conn,
1253 req->flags2 & FLAGS2_DFS_PATHNAMES,
1256 &mask_contains_wcard);
1257 if (!NT_STATUS_IS_OK(nt_status)) {
1258 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1259 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1260 ERRSRV, ERRbadpath);
1261 END_PROFILE(SMBsearch);
1264 reply_nterror(req, nt_status);
1265 END_PROFILE(SMBsearch);
1270 status_len = SVAL(p, 0);
1273 /* dirtype &= ~aDIR; */
1275 if (status_len == 0) {
1276 SMB_STRUCT_STAT sbuf;
1278 nt_status = unix_convert(ctx, conn, path, True,
1279 &directory, NULL, &sbuf);
1280 if (!NT_STATUS_IS_OK(nt_status)) {
1281 reply_nterror(req, nt_status);
1282 END_PROFILE(SMBsearch);
1286 nt_status = check_name(conn, directory);
1287 if (!NT_STATUS_IS_OK(nt_status)) {
1288 reply_nterror(req, nt_status);
1289 END_PROFILE(SMBsearch);
1293 p = strrchr_m(directory,'/');
1294 if ((p != NULL) && (*directory != '/')) {
1296 directory = talloc_strndup(ctx, directory,
1297 PTR_DIFF(p, directory));
1300 directory = talloc_strdup(ctx,".");
1304 reply_nterror(req, NT_STATUS_NO_MEMORY);
1305 END_PROFILE(SMBsearch);
1309 memset((char *)status,'\0',21);
1310 SCVAL(status,0,(dirtype & 0x1F));
1312 nt_status = dptr_create(conn,
1318 mask_contains_wcard,
1321 if (!NT_STATUS_IS_OK(nt_status)) {
1322 reply_nterror(req, nt_status);
1323 END_PROFILE(SMBsearch);
1326 dptr_num = dptr_dnum(conn->dirptr);
1330 memcpy(status,p,21);
1331 status_dirtype = CVAL(status,0) & 0x1F;
1332 if (status_dirtype != (dirtype & 0x1F)) {
1333 dirtype = status_dirtype;
1336 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1337 if (!conn->dirptr) {
1340 string_set(&conn->dirpath,dptr_path(dptr_num));
1341 mask = dptr_wcard(dptr_num);
1346 * For a 'continue' search we have no string. So
1347 * check from the initial saved string.
1349 mask_contains_wcard = ms_has_wild(mask);
1350 dirtype = dptr_attr(dptr_num);
1353 DEBUG(4,("dptr_num is %d\n",dptr_num));
1355 if ((dirtype&0x1F) == aVOLID) {
1356 char buf[DIR_STRUCT_SIZE];
1357 memcpy(buf,status,21);
1358 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1359 0,aVOLID,0,!allow_long_path_components)) {
1360 reply_nterror(req, NT_STATUS_NO_MEMORY);
1361 END_PROFILE(SMBsearch);
1364 dptr_fill(buf+12,dptr_num);
1365 if (dptr_zero(buf+12) && (status_len==0)) {
1370 if (message_push_blob(&req->outbuf,
1371 data_blob_const(buf, sizeof(buf)))
1373 reply_nterror(req, NT_STATUS_NO_MEMORY);
1374 END_PROFILE(SMBsearch);
1382 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1385 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1386 conn->dirpath,lp_dontdescend(SNUM(conn))));
1387 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1388 check_descend = True;
1391 for (i=numentries;(i<maxentries) && !finished;i++) {
1392 finished = !get_dir_entry(ctx,
1403 char buf[DIR_STRUCT_SIZE];
1404 memcpy(buf,status,21);
1405 if (!make_dir_struct(ctx,
1412 !allow_long_path_components)) {
1413 reply_nterror(req, NT_STATUS_NO_MEMORY);
1414 END_PROFILE(SMBsearch);
1417 if (!dptr_fill(buf+12,dptr_num)) {
1420 if (message_push_blob(&req->outbuf,
1421 data_blob_const(buf, sizeof(buf)))
1423 reply_nterror(req, NT_STATUS_NO_MEMORY);
1424 END_PROFILE(SMBsearch);
1434 /* If we were called as SMBffirst with smb_search_id == NULL
1435 and no entries were found then return error and close dirptr
1438 if (numentries == 0) {
1439 dptr_close(&dptr_num);
1440 } else if(expect_close && status_len == 0) {
1441 /* Close the dptr - we know it's gone */
1442 dptr_close(&dptr_num);
1445 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1446 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1447 dptr_close(&dptr_num);
1450 if ((numentries == 0) && !mask_contains_wcard) {
1451 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1452 END_PROFILE(SMBsearch);
1456 SSVAL(req->outbuf,smb_vwv0,numentries);
1457 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1458 SCVAL(smb_buf(req->outbuf),0,5);
1459 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1461 /* The replies here are never long name. */
1462 SSVAL(req->outbuf, smb_flg2,
1463 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1464 if (!allow_long_path_components) {
1465 SSVAL(req->outbuf, smb_flg2,
1466 SVAL(req->outbuf, smb_flg2)
1467 & (~FLAGS2_LONG_PATH_COMPONENTS));
1470 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1471 SSVAL(req->outbuf, smb_flg2,
1472 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1475 directory = dptr_path(dptr_num);
1478 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1479 smb_fn_name(CVAL(req->inbuf,smb_com)),
1481 directory ? directory : "./",
1486 END_PROFILE(SMBsearch);
1490 /****************************************************************************
1491 Reply to a fclose (stop directory search).
1492 ****************************************************************************/
1494 void reply_fclose(struct smb_request *req)
1502 bool path_contains_wcard = False;
1503 TALLOC_CTX *ctx = talloc_tos();
1505 START_PROFILE(SMBfclose);
1507 if (lp_posix_pathnames()) {
1508 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1509 END_PROFILE(SMBfclose);
1513 p = (const char *)req->buf + 1;
1514 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1515 &err, &path_contains_wcard);
1516 if (!NT_STATUS_IS_OK(err)) {
1517 reply_nterror(req, err);
1518 END_PROFILE(SMBfclose);
1522 status_len = SVAL(p,0);
1525 if (status_len == 0) {
1526 reply_doserror(req, ERRSRV, ERRsrverror);
1527 END_PROFILE(SMBfclose);
1531 memcpy(status,p,21);
1533 if(dptr_fetch(status+12,&dptr_num)) {
1534 /* Close the dptr - we know it's gone */
1535 dptr_close(&dptr_num);
1538 reply_outbuf(req, 1, 0);
1539 SSVAL(req->outbuf,smb_vwv0,0);
1541 DEBUG(3,("search close\n"));
1543 END_PROFILE(SMBfclose);
1547 /****************************************************************************
1549 ****************************************************************************/
1551 void reply_open(struct smb_request *req)
1553 connection_struct *conn = req->conn;
1559 SMB_STRUCT_STAT sbuf;
1566 uint32 create_disposition;
1567 uint32 create_options = 0;
1569 TALLOC_CTX *ctx = talloc_tos();
1571 START_PROFILE(SMBopen);
1574 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1575 END_PROFILE(SMBopen);
1579 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1580 deny_mode = SVAL(req->vwv+0, 0);
1581 dos_attr = SVAL(req->vwv+1, 0);
1583 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1584 STR_TERMINATE, &status);
1585 if (!NT_STATUS_IS_OK(status)) {
1586 reply_nterror(req, status);
1587 END_PROFILE(SMBopen);
1591 if (!map_open_params_to_ntcreate(
1592 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1593 &share_mode, &create_disposition, &create_options)) {
1594 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1595 END_PROFILE(SMBopen);
1599 status = create_file(conn, /* conn */
1601 0, /* root_dir_fid */
1603 access_mask, /* access_mask */
1604 share_mode, /* share_access */
1605 create_disposition, /* create_disposition*/
1606 create_options, /* create_options */
1607 dos_attr, /* file_attributes */
1608 oplock_request, /* oplock_request */
1609 0, /* allocation_size */
1616 if (!NT_STATUS_IS_OK(status)) {
1617 if (open_was_deferred(req->mid)) {
1618 /* We have re-scheduled this call. */
1619 END_PROFILE(SMBopen);
1622 reply_openerror(req, status);
1623 END_PROFILE(SMBopen);
1627 size = sbuf.st_size;
1628 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1629 mtime = sbuf.st_mtime;
1632 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1633 close_file(req, fsp, ERROR_CLOSE);
1634 reply_doserror(req, ERRDOS,ERRnoaccess);
1635 END_PROFILE(SMBopen);
1639 reply_outbuf(req, 7, 0);
1640 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1641 SSVAL(req->outbuf,smb_vwv1,fattr);
1642 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1643 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1645 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1647 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1648 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1650 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1651 SCVAL(req->outbuf,smb_flg,
1652 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1655 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1656 SCVAL(req->outbuf,smb_flg,
1657 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1659 END_PROFILE(SMBopen);
1663 /****************************************************************************
1664 Reply to an open and X.
1665 ****************************************************************************/
1667 void reply_open_and_X(struct smb_request *req)
1669 connection_struct *conn = req->conn;
1674 /* Breakout the oplock request bits so we can set the
1675 reply bits separately. */
1676 int ex_oplock_request;
1677 int core_oplock_request;
1680 int smb_sattr = SVAL(req->vwv+4, 0);
1681 uint32 smb_time = make_unix_date3(req->vwv+6);
1686 SMB_STRUCT_STAT sbuf;
1690 uint64_t allocation_size;
1691 ssize_t retval = -1;
1694 uint32 create_disposition;
1695 uint32 create_options = 0;
1696 TALLOC_CTX *ctx = talloc_tos();
1698 START_PROFILE(SMBopenX);
1700 if (req->wct < 15) {
1701 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1702 END_PROFILE(SMBopenX);
1706 open_flags = SVAL(req->vwv+2, 0);
1707 deny_mode = SVAL(req->vwv+3, 0);
1708 smb_attr = SVAL(req->vwv+5, 0);
1709 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1710 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1711 oplock_request = ex_oplock_request | core_oplock_request;
1712 smb_ofun = SVAL(req->vwv+8, 0);
1713 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1715 /* If it's an IPC, pass off the pipe handler. */
1717 if (lp_nt_pipe_support()) {
1718 reply_open_pipe_and_X(conn, req);
1720 reply_doserror(req, ERRSRV, ERRaccess);
1722 END_PROFILE(SMBopenX);
1726 /* XXXX we need to handle passed times, sattr and flags */
1727 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1728 STR_TERMINATE, &status);
1729 if (!NT_STATUS_IS_OK(status)) {
1730 reply_nterror(req, status);
1731 END_PROFILE(SMBopenX);
1735 if (!map_open_params_to_ntcreate(
1736 fname, deny_mode, smb_ofun, &access_mask,
1737 &share_mode, &create_disposition, &create_options)) {
1738 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1739 END_PROFILE(SMBopenX);
1743 status = create_file(conn, /* conn */
1745 0, /* root_dir_fid */
1747 access_mask, /* access_mask */
1748 share_mode, /* share_access */
1749 create_disposition, /* create_disposition*/
1750 create_options, /* create_options */
1751 smb_attr, /* file_attributes */
1752 oplock_request, /* oplock_request */
1753 0, /* allocation_size */
1757 &smb_action, /* pinfo */
1760 if (!NT_STATUS_IS_OK(status)) {
1761 END_PROFILE(SMBopenX);
1762 if (open_was_deferred(req->mid)) {
1763 /* We have re-scheduled this call. */
1766 reply_openerror(req, status);
1770 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1771 if the file is truncated or created. */
1772 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1773 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1774 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1775 close_file(req, fsp, ERROR_CLOSE);
1776 reply_nterror(req, NT_STATUS_DISK_FULL);
1777 END_PROFILE(SMBopenX);
1780 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1782 close_file(req, fsp, ERROR_CLOSE);
1783 reply_nterror(req, NT_STATUS_DISK_FULL);
1784 END_PROFILE(SMBopenX);
1787 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1790 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1791 mtime = sbuf.st_mtime;
1793 close_file(req, fsp, ERROR_CLOSE);
1794 reply_doserror(req, ERRDOS, ERRnoaccess);
1795 END_PROFILE(SMBopenX);
1799 /* If the caller set the extended oplock request bit
1800 and we granted one (by whatever means) - set the
1801 correct bit for extended oplock reply.
1804 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1805 smb_action |= EXTENDED_OPLOCK_GRANTED;
1808 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1809 smb_action |= EXTENDED_OPLOCK_GRANTED;
1812 /* If the caller set the core oplock request bit
1813 and we granted one (by whatever means) - set the
1814 correct bit for core oplock reply.
1817 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1818 reply_outbuf(req, 19, 0);
1820 reply_outbuf(req, 15, 0);
1823 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1824 SCVAL(req->outbuf, smb_flg,
1825 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1828 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1829 SCVAL(req->outbuf, smb_flg,
1830 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1833 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1834 SSVAL(req->outbuf,smb_vwv3,fattr);
1835 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1836 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1838 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1840 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1841 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1842 SSVAL(req->outbuf,smb_vwv11,smb_action);
1844 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1845 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1848 END_PROFILE(SMBopenX);
1853 /****************************************************************************
1854 Reply to a SMBulogoffX.
1855 ****************************************************************************/
1857 void reply_ulogoffX(struct smb_request *req)
1861 START_PROFILE(SMBulogoffX);
1863 vuser = get_valid_user_struct(req->vuid);
1866 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1870 /* in user level security we are supposed to close any files
1871 open by this user */
1872 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1873 file_close_user(req->vuid);
1876 invalidate_vuid(req->vuid);
1878 reply_outbuf(req, 2, 0);
1880 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1882 END_PROFILE(SMBulogoffX);
1886 /****************************************************************************
1887 Reply to a mknew or a create.
1888 ****************************************************************************/
1890 void reply_mknew(struct smb_request *req)
1892 connection_struct *conn = req->conn;
1896 struct timespec ts[2];
1898 int oplock_request = 0;
1899 SMB_STRUCT_STAT sbuf;
1901 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1902 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1903 uint32 create_disposition;
1904 uint32 create_options = 0;
1905 TALLOC_CTX *ctx = talloc_tos();
1907 START_PROFILE(SMBcreate);
1910 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1911 END_PROFILE(SMBcreate);
1915 fattr = SVAL(req->vwv+0, 0);
1916 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1917 com = SVAL(req->inbuf,smb_com);
1919 ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1922 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1923 STR_TERMINATE, &status);
1924 if (!NT_STATUS_IS_OK(status)) {
1925 reply_nterror(req, status);
1926 END_PROFILE(SMBcreate);
1930 if (fattr & aVOLID) {
1931 DEBUG(0,("Attempt to create file (%s) with volid set - "
1932 "please report this\n", fname));
1935 if(com == SMBmknew) {
1936 /* We should fail if file exists. */
1937 create_disposition = FILE_CREATE;
1939 /* Create if file doesn't exist, truncate if it does. */
1940 create_disposition = FILE_OVERWRITE_IF;
1943 status = create_file(conn, /* conn */
1945 0, /* root_dir_fid */
1947 access_mask, /* access_mask */
1948 share_mode, /* share_access */
1949 create_disposition, /* create_disposition*/
1950 create_options, /* create_options */
1951 fattr, /* file_attributes */
1952 oplock_request, /* oplock_request */
1953 0, /* allocation_size */
1960 if (!NT_STATUS_IS_OK(status)) {
1961 END_PROFILE(SMBcreate);
1962 if (open_was_deferred(req->mid)) {
1963 /* We have re-scheduled this call. */
1966 reply_openerror(req, status);
1970 ts[0] = get_atimespec(&sbuf); /* atime. */
1971 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, ts, true);
1972 if (!NT_STATUS_IS_OK(status)) {
1973 END_PROFILE(SMBcreate);
1974 reply_openerror(req, status);
1978 reply_outbuf(req, 1, 0);
1979 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1981 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1982 SCVAL(req->outbuf,smb_flg,
1983 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1986 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1987 SCVAL(req->outbuf,smb_flg,
1988 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1991 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
1992 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
1993 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
1995 END_PROFILE(SMBcreate);
1999 /****************************************************************************
2000 Reply to a create temporary file.
2001 ****************************************************************************/
2003 void reply_ctemp(struct smb_request *req)
2005 connection_struct *conn = req->conn;
2011 SMB_STRUCT_STAT sbuf;
2014 TALLOC_CTX *ctx = talloc_tos();
2016 START_PROFILE(SMBctemp);
2019 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2020 END_PROFILE(SMBctemp);
2024 fattr = SVAL(req->vwv+0, 0);
2025 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2027 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2028 STR_TERMINATE, &status);
2029 if (!NT_STATUS_IS_OK(status)) {
2030 reply_nterror(req, status);
2031 END_PROFILE(SMBctemp);
2035 fname = talloc_asprintf(ctx,
2039 fname = talloc_strdup(ctx, "TMXXXXXX");
2043 reply_nterror(req, NT_STATUS_NO_MEMORY);
2044 END_PROFILE(SMBctemp);
2048 status = resolve_dfspath(ctx, conn,
2049 req->flags2 & FLAGS2_DFS_PATHNAMES,
2052 if (!NT_STATUS_IS_OK(status)) {
2053 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2054 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2055 ERRSRV, ERRbadpath);
2056 END_PROFILE(SMBctemp);
2059 reply_nterror(req, status);
2060 END_PROFILE(SMBctemp);
2064 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2065 if (!NT_STATUS_IS_OK(status)) {
2066 reply_nterror(req, status);
2067 END_PROFILE(SMBctemp);
2071 status = check_name(conn, fname);
2072 if (!NT_STATUS_IS_OK(status)) {
2073 reply_nterror(req, status);
2074 END_PROFILE(SMBctemp);
2078 tmpfd = smb_mkstemp(fname);
2080 reply_unixerror(req, ERRDOS, ERRnoaccess);
2081 END_PROFILE(SMBctemp);
2085 SMB_VFS_STAT(conn,fname,&sbuf);
2087 /* We should fail if file does not exist. */
2088 status = open_file_ntcreate(conn, req, fname, &sbuf,
2089 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2090 FILE_SHARE_READ|FILE_SHARE_WRITE,
2097 /* close fd from smb_mkstemp() */
2100 if (!NT_STATUS_IS_OK(status)) {
2101 if (open_was_deferred(req->mid)) {
2102 /* We have re-scheduled this call. */
2103 END_PROFILE(SMBctemp);
2106 reply_openerror(req, status);
2107 END_PROFILE(SMBctemp);
2111 reply_outbuf(req, 1, 0);
2112 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2114 /* the returned filename is relative to the directory */
2115 s = strrchr_m(fsp->fsp_name, '/');
2123 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2124 thing in the byte section. JRA */
2125 SSVALS(p, 0, -1); /* what is this? not in spec */
2127 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2129 reply_nterror(req, NT_STATUS_NO_MEMORY);
2130 END_PROFILE(SMBctemp);
2134 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2135 SCVAL(req->outbuf, smb_flg,
2136 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2139 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2140 SCVAL(req->outbuf, smb_flg,
2141 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2144 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2145 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2146 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2148 END_PROFILE(SMBctemp);
2152 /*******************************************************************
2153 Check if a user is allowed to rename a file.
2154 ********************************************************************/
2156 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2157 uint16 dirtype, SMB_STRUCT_STAT *pst)
2161 if (!CAN_WRITE(conn)) {
2162 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2165 fmode = dos_mode(conn, fsp->fsp_name, pst);
2166 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2167 return NT_STATUS_NO_SUCH_FILE;
2170 if (S_ISDIR(pst->st_mode)) {
2171 return NT_STATUS_OK;
2174 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2175 return NT_STATUS_OK;
2178 return NT_STATUS_ACCESS_DENIED;
2181 /*******************************************************************
2182 * unlink a file with all relevant access checks
2183 *******************************************************************/
2185 static NTSTATUS do_unlink(connection_struct *conn,
2186 struct smb_request *req,
2190 SMB_STRUCT_STAT sbuf;
2193 uint32 dirtype_orig = dirtype;
2196 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2198 if (!CAN_WRITE(conn)) {
2199 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2202 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2203 return map_nt_error_from_unix(errno);
2206 fattr = dos_mode(conn,fname,&sbuf);
2208 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2209 dirtype = aDIR|aARCH|aRONLY;
2212 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2214 return NT_STATUS_NO_SUCH_FILE;
2217 if (!dir_check_ftype(conn, fattr, dirtype)) {
2219 return NT_STATUS_FILE_IS_A_DIRECTORY;
2221 return NT_STATUS_NO_SUCH_FILE;
2224 if (dirtype_orig & 0x8000) {
2225 /* These will never be set for POSIX. */
2226 return NT_STATUS_NO_SUCH_FILE;
2230 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2231 return NT_STATUS_FILE_IS_A_DIRECTORY;
2234 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2235 return NT_STATUS_NO_SUCH_FILE;
2238 if (dirtype & 0xFF00) {
2239 /* These will never be set for POSIX. */
2240 return NT_STATUS_NO_SUCH_FILE;
2245 return NT_STATUS_NO_SUCH_FILE;
2248 /* Can't delete a directory. */
2250 return NT_STATUS_FILE_IS_A_DIRECTORY;
2255 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2256 return NT_STATUS_OBJECT_NAME_INVALID;
2257 #endif /* JRATEST */
2259 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2261 On a Windows share, a file with read-only dosmode can be opened with
2262 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2263 fails with NT_STATUS_CANNOT_DELETE error.
2265 This semantic causes a problem that a user can not
2266 rename a file with read-only dosmode on a Samba share
2267 from a Windows command prompt (i.e. cmd.exe, but can rename
2268 from Windows Explorer).
2271 if (!lp_delete_readonly(SNUM(conn))) {
2272 if (fattr & aRONLY) {
2273 return NT_STATUS_CANNOT_DELETE;
2277 /* On open checks the open itself will check the share mode, so
2278 don't do it here as we'll get it wrong. */
2280 status = create_file_unixpath
2284 DELETE_ACCESS, /* access_mask */
2285 FILE_SHARE_NONE, /* share_access */
2286 FILE_OPEN, /* create_disposition*/
2287 FILE_NON_DIRECTORY_FILE, /* create_options */
2288 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2289 0, /* oplock_request */
2290 0, /* allocation_size */
2297 if (!NT_STATUS_IS_OK(status)) {
2298 DEBUG(10, ("create_file_unixpath failed: %s\n",
2299 nt_errstr(status)));
2303 /* The set is across all open files on this dev/inode pair. */
2304 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2305 close_file(req, fsp, NORMAL_CLOSE);
2306 return NT_STATUS_ACCESS_DENIED;
2309 return close_file(req, fsp, NORMAL_CLOSE);
2312 /****************************************************************************
2313 The guts of the unlink command, split out so it may be called by the NT SMB
2315 ****************************************************************************/
2317 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2318 uint32 dirtype, const char *name_in, bool has_wild)
2320 const char *directory = NULL;
2325 NTSTATUS status = NT_STATUS_OK;
2326 SMB_STRUCT_STAT sbuf;
2327 TALLOC_CTX *ctx = talloc_tos();
2329 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2330 if (!NT_STATUS_IS_OK(status)) {
2334 p = strrchr_m(name,'/');
2336 directory = talloc_strdup(ctx, ".");
2338 return NT_STATUS_NO_MEMORY;
2348 * We should only check the mangled cache
2349 * here if unix_convert failed. This means
2350 * that the path in 'mask' doesn't exist
2351 * on the file system and so we need to look
2352 * for a possible mangle. This patch from
2353 * Tine Smukavec <valentin.smukavec@hermes.si>.
2356 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2357 char *new_mask = NULL;
2358 mangle_lookup_name_from_8_3(ctx,
2368 directory = talloc_asprintf(ctx,
2373 return NT_STATUS_NO_MEMORY;
2376 dirtype = FILE_ATTRIBUTE_NORMAL;
2379 status = check_name(conn, directory);
2380 if (!NT_STATUS_IS_OK(status)) {
2384 status = do_unlink(conn, req, directory, dirtype);
2385 if (!NT_STATUS_IS_OK(status)) {
2391 struct smb_Dir *dir_hnd = NULL;
2395 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2396 return NT_STATUS_OBJECT_NAME_INVALID;
2399 if (strequal(mask,"????????.???")) {
2404 status = check_name(conn, directory);
2405 if (!NT_STATUS_IS_OK(status)) {
2409 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2411 if (dir_hnd == NULL) {
2412 return map_nt_error_from_unix(errno);
2415 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2416 the pattern matches against the long name, otherwise the short name
2417 We don't implement this yet XXXX
2420 status = NT_STATUS_NO_SUCH_FILE;
2422 while ((dname = ReadDirName(dir_hnd, &offset))) {
2426 if (!is_visible_file(conn, directory, dname, &st, True)) {
2430 /* Quick check for "." and ".." */
2431 if (ISDOT(dname) || ISDOTDOT(dname)) {
2435 if(!mask_match(dname, mask, conn->case_sensitive)) {
2439 fname = talloc_asprintf(ctx, "%s/%s",
2443 return NT_STATUS_NO_MEMORY;
2446 status = check_name(conn, fname);
2447 if (!NT_STATUS_IS_OK(status)) {
2448 TALLOC_FREE(dir_hnd);
2452 status = do_unlink(conn, req, fname, dirtype);
2453 if (!NT_STATUS_IS_OK(status)) {
2459 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2464 TALLOC_FREE(dir_hnd);
2467 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2468 status = map_nt_error_from_unix(errno);
2474 /****************************************************************************
2476 ****************************************************************************/
2478 void reply_unlink(struct smb_request *req)
2480 connection_struct *conn = req->conn;
2484 bool path_contains_wcard = False;
2485 TALLOC_CTX *ctx = talloc_tos();
2487 START_PROFILE(SMBunlink);
2490 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2491 END_PROFILE(SMBunlink);
2495 dirtype = SVAL(req->vwv+0, 0);
2497 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2498 STR_TERMINATE, &status,
2499 &path_contains_wcard);
2500 if (!NT_STATUS_IS_OK(status)) {
2501 reply_nterror(req, status);
2502 END_PROFILE(SMBunlink);
2506 status = resolve_dfspath_wcard(ctx, conn,
2507 req->flags2 & FLAGS2_DFS_PATHNAMES,
2510 &path_contains_wcard);
2511 if (!NT_STATUS_IS_OK(status)) {
2512 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2513 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2514 ERRSRV, ERRbadpath);
2515 END_PROFILE(SMBunlink);
2518 reply_nterror(req, status);
2519 END_PROFILE(SMBunlink);
2523 DEBUG(3,("reply_unlink : %s\n",name));
2525 status = unlink_internals(conn, req, dirtype, name,
2526 path_contains_wcard);
2527 if (!NT_STATUS_IS_OK(status)) {
2528 if (open_was_deferred(req->mid)) {
2529 /* We have re-scheduled this call. */
2530 END_PROFILE(SMBunlink);
2533 reply_nterror(req, status);
2534 END_PROFILE(SMBunlink);
2538 reply_outbuf(req, 0, 0);
2539 END_PROFILE(SMBunlink);
2544 /****************************************************************************
2546 ****************************************************************************/
2548 static void fail_readraw(void)
2550 const char *errstr = talloc_asprintf(talloc_tos(),
2551 "FAIL ! reply_readbraw: socket write fail (%s)",
2556 exit_server_cleanly(errstr);
2559 /****************************************************************************
2560 Fake (read/write) sendfile. Returns -1 on read or write fail.
2561 ****************************************************************************/
2563 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2567 size_t tosend = nread;
2574 bufsize = MIN(nread, 65536);
2576 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2580 while (tosend > 0) {
2584 if (tosend > bufsize) {
2589 ret = read_file(fsp,buf,startpos,cur_read);
2595 /* If we had a short read, fill with zeros. */
2596 if (ret < cur_read) {
2597 memset(buf, '\0', cur_read - ret);
2600 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2605 startpos += cur_read;
2609 return (ssize_t)nread;
2612 /****************************************************************************
2613 Return a readbraw error (4 bytes of zero).
2614 ****************************************************************************/
2616 static void reply_readbraw_error(void)
2620 if (write_data(smbd_server_fd(),header,4) != 4) {
2625 /****************************************************************************
2626 Use sendfile in readbraw.
2627 ****************************************************************************/
2629 void send_file_readbraw(connection_struct *conn,
2635 char *outbuf = NULL;
2638 #if defined(WITH_SENDFILE)
2640 * We can only use sendfile on a non-chained packet
2641 * but we can use on a non-oplocked file. tridge proved this
2642 * on a train in Germany :-). JRA.
2643 * reply_readbraw has already checked the length.
2646 if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) &&
2647 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2649 DATA_BLOB header_blob;
2651 _smb_setlen(header,nread);
2652 header_blob = data_blob_const(header, 4);
2654 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2655 &header_blob, startpos, nread) == -1) {
2656 /* Returning ENOSYS means no data at all was sent.
2657 * Do this as a normal read. */
2658 if (errno == ENOSYS) {
2659 goto normal_readbraw;
2663 * Special hack for broken Linux with no working sendfile. If we
2664 * return EINTR we sent the header but not the rest of the data.
2665 * Fake this up by doing read/write calls.
2667 if (errno == EINTR) {
2668 /* Ensure we don't do this again. */
2669 set_use_sendfile(SNUM(conn), False);
2670 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2672 if (fake_sendfile(fsp, startpos, nread) == -1) {
2673 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2674 fsp->fsp_name, strerror(errno) ));
2675 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2680 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2681 fsp->fsp_name, strerror(errno) ));
2682 exit_server_cleanly("send_file_readbraw sendfile failed");
2691 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2693 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2694 (unsigned)(nread+4)));
2695 reply_readbraw_error();
2700 ret = read_file(fsp,outbuf+4,startpos,nread);
2701 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2710 _smb_setlen(outbuf,ret);
2711 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2714 TALLOC_FREE(outbuf);
2717 /****************************************************************************
2718 Reply to a readbraw (core+ protocol).
2719 ****************************************************************************/
2721 void reply_readbraw(struct smb_request *req)
2723 connection_struct *conn = req->conn;
2724 ssize_t maxcount,mincount;
2731 START_PROFILE(SMBreadbraw);
2733 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2734 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2735 "raw reads/writes are disallowed.");
2739 reply_readbraw_error();
2740 END_PROFILE(SMBreadbraw);
2745 * Special check if an oplock break has been issued
2746 * and the readraw request croses on the wire, we must
2747 * return a zero length response here.
2750 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2753 * We have to do a check_fsp by hand here, as
2754 * we must always return 4 zero bytes on error,
2758 if (!fsp || !conn || conn != fsp->conn ||
2759 req->vuid != fsp->vuid ||
2760 fsp->is_directory || fsp->fh->fd == -1) {
2762 * fsp could be NULL here so use the value from the packet. JRA.
2764 DEBUG(3,("reply_readbraw: fnum %d not valid "
2766 (int)SVAL(req->vwv+0, 0)));
2767 reply_readbraw_error();
2768 END_PROFILE(SMBreadbraw);
2772 /* Do a "by hand" version of CHECK_READ. */
2773 if (!(fsp->can_read ||
2774 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2775 (fsp->access_mask & FILE_EXECUTE)))) {
2776 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2777 (int)SVAL(req->vwv+0, 0)));
2778 reply_readbraw_error();
2779 END_PROFILE(SMBreadbraw);
2783 flush_write_cache(fsp, READRAW_FLUSH);
2785 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2786 if(req->wct == 10) {
2788 * This is a large offset (64 bit) read.
2790 #ifdef LARGE_SMB_OFF_T
2792 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2794 #else /* !LARGE_SMB_OFF_T */
2797 * Ensure we haven't been sent a >32 bit offset.
2800 if(IVAL(req->vwv+8, 0) != 0) {
2801 DEBUG(0,("reply_readbraw: large offset "
2802 "(%x << 32) used and we don't support "
2803 "64 bit offsets.\n",
2804 (unsigned int)IVAL(req->vwv+8, 0) ));
2805 reply_readbraw_error();
2806 END_PROFILE(SMBreadbraw);
2810 #endif /* LARGE_SMB_OFF_T */
2813 DEBUG(0,("reply_readbraw: negative 64 bit "
2814 "readraw offset (%.0f) !\n",
2815 (double)startpos ));
2816 reply_readbraw_error();
2817 END_PROFILE(SMBreadbraw);
2822 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
2823 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
2825 /* ensure we don't overrun the packet size */
2826 maxcount = MIN(65535,maxcount);
2828 if (is_locked(fsp,(uint32)req->smbpid,
2832 reply_readbraw_error();
2833 END_PROFILE(SMBreadbraw);
2837 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2841 if (startpos >= size) {
2844 nread = MIN(maxcount,(size - startpos));
2847 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2848 if (nread < mincount)
2852 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2853 "min=%lu nread=%lu\n",
2854 fsp->fnum, (double)startpos,
2855 (unsigned long)maxcount,
2856 (unsigned long)mincount,
2857 (unsigned long)nread ) );
2859 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2861 DEBUG(5,("reply_readbraw finished\n"));
2862 END_PROFILE(SMBreadbraw);
2866 #define DBGC_CLASS DBGC_LOCKING
2868 /****************************************************************************
2869 Reply to a lockread (core+ protocol).
2870 ****************************************************************************/
2872 void reply_lockread(struct smb_request *req)
2874 connection_struct *conn = req->conn;
2881 struct byte_range_lock *br_lck = NULL;
2884 START_PROFILE(SMBlockread);
2887 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2888 END_PROFILE(SMBlockread);
2892 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2894 if (!check_fsp(conn, req, fsp)) {
2895 END_PROFILE(SMBlockread);
2899 if (!CHECK_READ(fsp,req->inbuf)) {
2900 reply_doserror(req, ERRDOS, ERRbadaccess);
2901 END_PROFILE(SMBlockread);
2905 release_level_2_oplocks_on_change(fsp);
2907 numtoread = SVAL(req->vwv+1, 0);
2908 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
2910 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2912 reply_outbuf(req, 5, numtoread + 3);
2914 data = smb_buf(req->outbuf) + 3;
2917 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2918 * protocol request that predates the read/write lock concept.
2919 * Thus instead of asking for a read lock here we need to ask
2920 * for a write lock. JRA.
2921 * Note that the requested lock size is unaffected by max_recv.
2924 br_lck = do_lock(smbd_messaging_context(),
2927 (uint64_t)numtoread,
2931 False, /* Non-blocking lock. */
2934 TALLOC_FREE(br_lck);
2936 if (NT_STATUS_V(status)) {
2937 reply_nterror(req, status);
2938 END_PROFILE(SMBlockread);
2943 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2946 if (numtoread > max_recv) {
2947 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2948 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2949 (unsigned int)numtoread, (unsigned int)max_recv ));
2950 numtoread = MIN(numtoread,max_recv);
2952 nread = read_file(fsp,data,startpos,numtoread);
2955 reply_unixerror(req, ERRDOS, ERRnoaccess);
2956 END_PROFILE(SMBlockread);
2960 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2962 SSVAL(req->outbuf,smb_vwv0,nread);
2963 SSVAL(req->outbuf,smb_vwv5,nread+3);
2964 p = smb_buf(req->outbuf);
2965 SCVAL(p,0,0); /* pad byte. */
2968 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2969 fsp->fnum, (int)numtoread, (int)nread));
2971 END_PROFILE(SMBlockread);
2976 #define DBGC_CLASS DBGC_ALL
2978 /****************************************************************************
2980 ****************************************************************************/
2982 void reply_read(struct smb_request *req)
2984 connection_struct *conn = req->conn;
2992 START_PROFILE(SMBread);
2995 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2996 END_PROFILE(SMBread);
3000 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3002 if (!check_fsp(conn, req, fsp)) {
3003 END_PROFILE(SMBread);
3007 if (!CHECK_READ(fsp,req->inbuf)) {
3008 reply_doserror(req, ERRDOS, ERRbadaccess);
3009 END_PROFILE(SMBread);
3013 numtoread = SVAL(req->vwv+1, 0);
3014 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3016 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3019 * The requested read size cannot be greater than max_recv. JRA.
3021 if (numtoread > max_recv) {
3022 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3023 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3024 (unsigned int)numtoread, (unsigned int)max_recv ));
3025 numtoread = MIN(numtoread,max_recv);
3028 reply_outbuf(req, 5, numtoread+3);
3030 data = smb_buf(req->outbuf) + 3;
3032 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtoread,
3033 (uint64_t)startpos, READ_LOCK)) {
3034 reply_doserror(req, ERRDOS,ERRlock);
3035 END_PROFILE(SMBread);
3040 nread = read_file(fsp,data,startpos,numtoread);
3043 reply_unixerror(req, ERRDOS,ERRnoaccess);
3044 END_PROFILE(SMBread);
3048 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3050 SSVAL(req->outbuf,smb_vwv0,nread);
3051 SSVAL(req->outbuf,smb_vwv5,nread+3);
3052 SCVAL(smb_buf(req->outbuf),0,1);
3053 SSVAL(smb_buf(req->outbuf),1,nread);
3055 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3056 fsp->fnum, (int)numtoread, (int)nread ) );
3058 END_PROFILE(SMBread);
3062 /****************************************************************************
3064 ****************************************************************************/
3066 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3071 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3072 data = smb_buf(outbuf);
3074 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3076 SCVAL(outbuf,smb_vwv0,0xFF);
3077 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3078 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3079 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3080 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3081 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3082 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3083 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3087 /****************************************************************************
3088 Reply to a read and X - possibly using sendfile.
3089 ****************************************************************************/
3091 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3092 files_struct *fsp, SMB_OFF_T startpos,
3095 SMB_STRUCT_STAT sbuf;
3098 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3099 reply_unixerror(req, ERRDOS, ERRnoaccess);
3103 if (startpos > sbuf.st_size) {
3105 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3106 smb_maxcnt = (sbuf.st_size - startpos);
3109 if (smb_maxcnt == 0) {
3113 #if defined(WITH_SENDFILE)
3115 * We can only use sendfile on a non-chained packet
3116 * but we can use on a non-oplocked file. tridge proved this
3117 * on a train in Germany :-). JRA.
3120 if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) &&
3121 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3122 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3123 uint8 headerbuf[smb_size + 12 * 2];
3127 * Set up the packet header before send. We
3128 * assume here the sendfile will work (get the
3129 * correct amount of data).
3132 header = data_blob_const(headerbuf, sizeof(headerbuf));
3134 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3135 setup_readX_header((char *)headerbuf, smb_maxcnt);
3137 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3138 /* Returning ENOSYS or EINVAL means no data at all was sent.
3139 Do this as a normal read. */
3140 if (errno == ENOSYS || errno == EINVAL) {
3145 * Special hack for broken Linux with no working sendfile. If we
3146 * return EINTR we sent the header but not the rest of the data.
3147 * Fake this up by doing read/write calls.
3150 if (errno == EINTR) {
3151 /* Ensure we don't do this again. */
3152 set_use_sendfile(SNUM(conn), False);
3153 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3154 nread = fake_sendfile(fsp, startpos,
3157 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3158 fsp->fsp_name, strerror(errno) ));
3159 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3161 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3162 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3163 /* No outbuf here means successful sendfile. */
3164 TALLOC_FREE(req->outbuf);
3168 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3169 fsp->fsp_name, strerror(errno) ));
3170 exit_server_cleanly("send_file_readX sendfile failed");
3173 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3174 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3175 /* No outbuf here means successful sendfile. */
3176 TALLOC_FREE(req->outbuf);
3183 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3184 uint8 headerbuf[smb_size + 2*12];
3186 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3187 setup_readX_header((char *)headerbuf, smb_maxcnt);
3189 /* Send out the header. */
3190 if (write_data(smbd_server_fd(), (char *)headerbuf,
3191 sizeof(headerbuf)) != sizeof(headerbuf)) {
3192 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3193 fsp->fsp_name, strerror(errno) ));
3194 exit_server_cleanly("send_file_readX sendfile failed");
3196 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3198 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3199 fsp->fsp_name, strerror(errno) ));
3200 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3202 TALLOC_FREE(req->outbuf);
3206 reply_outbuf(req, 12, smb_maxcnt);
3208 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3210 reply_unixerror(req, ERRDOS, ERRnoaccess);
3214 setup_readX_header((char *)req->outbuf, nread);
3216 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3217 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3222 /****************************************************************************
3223 Reply to a read and X.
3224 ****************************************************************************/
3226 void reply_read_and_X(struct smb_request *req)
3228 connection_struct *conn = req->conn;
3232 bool big_readX = False;
3234 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3237 START_PROFILE(SMBreadX);
3239 if ((req->wct != 10) && (req->wct != 12)) {
3240 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3244 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3245 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3246 smb_maxcnt = SVAL(req->vwv+5, 0);
3248 /* If it's an IPC, pass off the pipe handler. */
3250 reply_pipe_read_and_X(req);
3251 END_PROFILE(SMBreadX);
3255 if (!check_fsp(conn, req, fsp)) {
3256 END_PROFILE(SMBreadX);
3260 if (!CHECK_READ(fsp,req->inbuf)) {
3261 reply_doserror(req, ERRDOS,ERRbadaccess);
3262 END_PROFILE(SMBreadX);
3266 if (global_client_caps & CAP_LARGE_READX) {
3267 size_t upper_size = SVAL(req->vwv+7, 0);
3268 smb_maxcnt |= (upper_size<<16);
3269 if (upper_size > 1) {
3270 /* Can't do this on a chained packet. */
3271 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3272 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3273 END_PROFILE(SMBreadX);
3276 /* We currently don't do this on signed or sealed data. */
3277 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3278 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3279 END_PROFILE(SMBreadX);
3282 /* Is there room in the reply for this data ? */
3283 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3285 NT_STATUS_INVALID_PARAMETER);
3286 END_PROFILE(SMBreadX);
3293 if (req->wct == 12) {
3294 #ifdef LARGE_SMB_OFF_T
3296 * This is a large offset (64 bit) read.
3298 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3300 #else /* !LARGE_SMB_OFF_T */
3303 * Ensure we haven't been sent a >32 bit offset.
3306 if(IVAL(req->vwv+10, 0) != 0) {
3307 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3308 "used and we don't support 64 bit offsets.\n",
3309 (unsigned int)IVAL(req->vwv+10, 0) ));
3310 END_PROFILE(SMBreadX);
3311 reply_doserror(req, ERRDOS, ERRbadaccess);
3315 #endif /* LARGE_SMB_OFF_T */
3319 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)smb_maxcnt,
3320 (uint64_t)startpos, READ_LOCK)) {
3321 END_PROFILE(SMBreadX);
3322 reply_doserror(req, ERRDOS, ERRlock);
3327 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3328 END_PROFILE(SMBreadX);
3332 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3334 END_PROFILE(SMBreadX);
3338 /****************************************************************************
3339 Error replies to writebraw must have smb_wct == 1. Fix this up.
3340 ****************************************************************************/
3342 void error_to_writebrawerr(struct smb_request *req)
3344 uint8 *old_outbuf = req->outbuf;
3346 reply_outbuf(req, 1, 0);
3348 memcpy(req->outbuf, old_outbuf, smb_size);
3349 TALLOC_FREE(old_outbuf);
3352 /****************************************************************************
3353 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3354 ****************************************************************************/
3356 void reply_writebraw(struct smb_request *req)
3358 connection_struct *conn = req->conn;
3361 ssize_t total_written=0;
3362 size_t numtowrite=0;
3370 START_PROFILE(SMBwritebraw);
3373 * If we ever reply with an error, it must have the SMB command
3374 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3377 SCVAL(req->inbuf,smb_com,SMBwritec);
3379 if (srv_is_signing_active()) {
3380 END_PROFILE(SMBwritebraw);
3381 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3382 "raw reads/writes are disallowed.");
3385 if (req->wct < 12) {
3386 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3387 error_to_writebrawerr(req);
3388 END_PROFILE(SMBwritebraw);
3392 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3393 if (!check_fsp(conn, req, fsp)) {
3394 error_to_writebrawerr(req);
3395 END_PROFILE(SMBwritebraw);
3399 if (!CHECK_WRITE(fsp)) {
3400 reply_doserror(req, ERRDOS, ERRbadaccess);
3401 error_to_writebrawerr(req);
3402 END_PROFILE(SMBwritebraw);
3406 tcount = IVAL(req->vwv+1, 0);
3407 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3408 write_through = BITSETW(req->vwv+7,0);
3410 /* We have to deal with slightly different formats depending
3411 on whether we are using the core+ or lanman1.0 protocol */
3413 if(Protocol <= PROTOCOL_COREPLUS) {
3414 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3415 data = smb_buf(req->inbuf);
3417 numtowrite = SVAL(req->vwv+10, 0);
3418 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3421 /* Ensure we don't write bytes past the end of this packet. */
3422 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3423 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3424 error_to_writebrawerr(req);
3425 END_PROFILE(SMBwritebraw);
3429 if (is_locked(fsp,(uint32)req->smbpid,(uint64_t)tcount,
3430 (uint64_t)startpos, WRITE_LOCK)) {
3431 reply_doserror(req, ERRDOS, ERRlock);
3432 error_to_writebrawerr(req);
3433 END_PROFILE(SMBwritebraw);
3438 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3441 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3442 "wrote=%d sync=%d\n",
3443 fsp->fnum, (double)startpos, (int)numtowrite,
3444 (int)nwritten, (int)write_through));
3446 if (nwritten < (ssize_t)numtowrite) {
3447 reply_unixerror(req, ERRHRD, ERRdiskfull);
3448 error_to_writebrawerr(req);
3449 END_PROFILE(SMBwritebraw);
3453 total_written = nwritten;
3455 /* Allocate a buffer of 64k + length. */
3456 buf = TALLOC_ARRAY(NULL, char, 65540);
3458 reply_doserror(req, ERRDOS, ERRnomem);
3459 error_to_writebrawerr(req);
3460 END_PROFILE(SMBwritebraw);
3464 /* Return a SMBwritebraw message to the redirector to tell
3465 * it to send more bytes */
3467 memcpy(buf, req->inbuf, smb_size);
3468 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3469 SCVAL(buf,smb_com,SMBwritebraw);
3470 SSVALS(buf,smb_vwv0,0xFFFF);
3472 if (!srv_send_smb(smbd_server_fd(),
3474 IS_CONN_ENCRYPTED(conn))) {
3475 exit_server_cleanly("reply_writebraw: srv_send_smb "
3479 /* Now read the raw data into the buffer and write it */
3480 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3482 if (!NT_STATUS_IS_OK(status)) {
3483 exit_server_cleanly("secondary writebraw failed");
3486 /* Set up outbuf to return the correct size */
3487 reply_outbuf(req, 1, 0);
3489 if (numtowrite != 0) {
3491 if (numtowrite > 0xFFFF) {
3492 DEBUG(0,("reply_writebraw: Oversize secondary write "
3493 "raw requested (%u). Terminating\n",
3494 (unsigned int)numtowrite ));
3495 exit_server_cleanly("secondary writebraw failed");
3498 if (tcount > nwritten+numtowrite) {
3499 DEBUG(3,("reply_writebraw: Client overestimated the "
3501 (int)tcount,(int)nwritten,(int)numtowrite));
3504 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3506 if (!NT_STATUS_IS_OK(status)) {
3507 DEBUG(0,("reply_writebraw: Oversize secondary write "
3508 "raw read failed (%s). Terminating\n",
3509 nt_errstr(status)));
3510 exit_server_cleanly("secondary writebraw failed");
3513 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3514 if (nwritten == -1) {
3516 reply_unixerror(req, ERRHRD, ERRdiskfull);
3517 error_to_writebrawerr(req);
3518 END_PROFILE(SMBwritebraw);
3522 if (nwritten < (ssize_t)numtowrite) {
3523 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3524 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3528 total_written += nwritten;
3533 SSVAL(req->outbuf,smb_vwv0,total_written);
3535 status = sync_file(conn, fsp, write_through);
3536 if (!NT_STATUS_IS_OK(status)) {
3537 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3538 fsp->fsp_name, nt_errstr(status) ));
3539 reply_nterror(req, status);
3540 error_to_writebrawerr(req);
3541 END_PROFILE(SMBwritebraw);
3545 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3547 fsp->fnum, (double)startpos, (int)numtowrite,
3548 (int)total_written));
3550 /* We won't return a status if write through is not selected - this
3551 * follows what WfWg does */
3552 END_PROFILE(SMBwritebraw);
3554 if (!write_through && total_written==tcount) {
3556 #if RABBIT_PELLET_FIX
3558 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3559 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3562 if (!send_keepalive(smbd_server_fd())) {
3563 exit_server_cleanly("reply_writebraw: send of "
3564 "keepalive failed");
3567 TALLOC_FREE(req->outbuf);
3573 #define DBGC_CLASS DBGC_LOCKING
3575 /****************************************************************************
3576 Reply to a writeunlock (core+).
3577 ****************************************************************************/
3579 void reply_writeunlock(struct smb_request *req)
3581 connection_struct *conn = req->conn;
3582 ssize_t nwritten = -1;
3586 NTSTATUS status = NT_STATUS_OK;
3589 START_PROFILE(SMBwriteunlock);
3592 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3593 END_PROFILE(SMBwriteunlock);
3597 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3599 if (!check_fsp(conn, req, fsp)) {
3600 END_PROFILE(SMBwriteunlock);
3604 if (!CHECK_WRITE(fsp)) {
3605 reply_doserror(req, ERRDOS,ERRbadaccess);
3606 END_PROFILE(SMBwriteunlock);
3610 numtowrite = SVAL(req->vwv+1, 0);
3611 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3612 data = (const char *)req->buf + 3;
3615 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3616 (uint64_t)startpos, WRITE_LOCK)) {
3617 reply_doserror(req, ERRDOS, ERRlock);
3618 END_PROFILE(SMBwriteunlock);
3622 /* The special X/Open SMB protocol handling of
3623 zero length writes is *NOT* done for
3625 if(numtowrite == 0) {
3628 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3631 status = sync_file(conn, fsp, False /* write through */);
3632 if (!NT_STATUS_IS_OK(status)) {
3633 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3634 fsp->fsp_name, nt_errstr(status) ));
3635 reply_nterror(req, status);
3636 END_PROFILE(SMBwriteunlock);
3640 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3641 reply_unixerror(req, ERRHRD, ERRdiskfull);
3642 END_PROFILE(SMBwriteunlock);
3647 status = do_unlock(smbd_messaging_context(),
3650 (uint64_t)numtowrite,
3654 if (NT_STATUS_V(status)) {
3655 reply_nterror(req, status);
3656 END_PROFILE(SMBwriteunlock);
3661 reply_outbuf(req, 1, 0);
3663 SSVAL(req->outbuf,smb_vwv0,nwritten);
3665 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3666 fsp->fnum, (int)numtowrite, (int)nwritten));
3668 END_PROFILE(SMBwriteunlock);
3673 #define DBGC_CLASS DBGC_ALL
3675 /****************************************************************************
3677 ****************************************************************************/
3679 void reply_write(struct smb_request *req)
3681 connection_struct *conn = req->conn;
3683 ssize_t nwritten = -1;
3689 START_PROFILE(SMBwrite);
3692 END_PROFILE(SMBwrite);
3693 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3697 /* If it's an IPC, pass off the pipe handler. */
3699 reply_pipe_write(req);
3700 END_PROFILE(SMBwrite);
3704 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3706 if (!check_fsp(conn, req, fsp)) {
3707 END_PROFILE(SMBwrite);
3711 if (!CHECK_WRITE(fsp)) {
3712 reply_doserror(req, ERRDOS, ERRbadaccess);
3713 END_PROFILE(SMBwrite);
3717 numtowrite = SVAL(req->vwv+1, 0);
3718 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3719 data = (const char *)req->buf + 3;
3721 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3722 (uint64_t)startpos, WRITE_LOCK)) {
3723 reply_doserror(req, ERRDOS, ERRlock);
3724 END_PROFILE(SMBwrite);
3729 * X/Open SMB protocol says that if smb_vwv1 is
3730 * zero then the file size should be extended or
3731 * truncated to the size given in smb_vwv[2-3].
3734 if(numtowrite == 0) {
3736 * This is actually an allocate call, and set EOF. JRA.
3738 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3740 reply_nterror(req, NT_STATUS_DISK_FULL);
3741 END_PROFILE(SMBwrite);
3744 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3746 reply_nterror(req, NT_STATUS_DISK_FULL);
3747 END_PROFILE(SMBwrite);
3750 trigger_write_time_update_immediate(fsp);
3752 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3755 status = sync_file(conn, fsp, False);
3756 if (!NT_STATUS_IS_OK(status)) {
3757 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3758 fsp->fsp_name, nt_errstr(status) ));
3759 reply_nterror(req, status);
3760 END_PROFILE(SMBwrite);
3764 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3765 reply_unixerror(req, ERRHRD, ERRdiskfull);
3766 END_PROFILE(SMBwrite);
3770 reply_outbuf(req, 1, 0);
3772 SSVAL(req->outbuf,smb_vwv0,nwritten);
3774 if (nwritten < (ssize_t)numtowrite) {
3775 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3776 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3779 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3781 END_PROFILE(SMBwrite);
3785 /****************************************************************************
3786 Ensure a buffer is a valid writeX for recvfile purposes.
3787 ****************************************************************************/
3789 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3790 (2*14) + /* word count (including bcc) */ \
3793 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3796 connection_struct *conn = NULL;
3797 unsigned int doff = 0;
3798 size_t len = smb_len_large(inbuf);
3800 if (is_encrypted_packet(inbuf)) {
3801 /* Can't do this on encrypted
3806 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3810 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3811 CVAL(inbuf,smb_wct) != 14) {
3812 DEBUG(10,("is_valid_writeX_buffer: chained or "
3813 "invalid word length.\n"));
3817 conn = conn_find(SVAL(inbuf, smb_tid));
3819 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3823 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3826 doff = SVAL(inbuf,smb_vwv11);
3828 numtowrite = SVAL(inbuf,smb_vwv10);
3830 if (len > doff && len - doff > 0xFFFF) {
3831 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3834 if (numtowrite == 0) {
3835 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3839 /* Ensure the sizes match up. */
3840 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3841 /* no pad byte...old smbclient :-( */
3842 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3844 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3848 if (len - doff != numtowrite) {
3849 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3850 "len = %u, doff = %u, numtowrite = %u\n",
3853 (unsigned int)numtowrite ));
3857 DEBUG(10,("is_valid_writeX_buffer: true "
3858 "len = %u, doff = %u, numtowrite = %u\n",
3861 (unsigned int)numtowrite ));
3866 /****************************************************************************
3867 Reply to a write and X.
3868 ****************************************************************************/
3870 void reply_write_and_X(struct smb_request *req)
3872 connection_struct *conn = req->conn;
3878 unsigned int smb_doff;
3879 unsigned int smblen;
3883 START_PROFILE(SMBwriteX);
3885 if ((req->wct != 12) && (req->wct != 14)) {
3886 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3887 END_PROFILE(SMBwriteX);
3891 numtowrite = SVAL(req->vwv+10, 0);
3892 smb_doff = SVAL(req->vwv+11, 0);
3893 smblen = smb_len(req->inbuf);
3895 if (req->unread_bytes > 0xFFFF ||
3896 (smblen > smb_doff &&
3897 smblen - smb_doff > 0xFFFF)) {
3898 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
3901 if (req->unread_bytes) {
3902 /* Can't do a recvfile write on IPC$ */
3904 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3905 END_PROFILE(SMBwriteX);
3908 if (numtowrite != req->unread_bytes) {
3909 reply_doserror(req, ERRDOS, ERRbadmem);
3910 END_PROFILE(SMBwriteX);
3914 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3915 smb_doff + numtowrite > smblen) {
3916 reply_doserror(req, ERRDOS, ERRbadmem);
3917 END_PROFILE(SMBwriteX);
3922 /* If it's an IPC, pass off the pipe handler. */
3924 if (req->unread_bytes) {
3925 reply_doserror(req, ERRDOS, ERRbadmem);
3926 END_PROFILE(SMBwriteX);
3929 reply_pipe_write_and_X(req);
3930 END_PROFILE(SMBwriteX);
3934 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3935 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3936 write_through = BITSETW(req->vwv+7,0);
3938 if (!check_fsp(conn, req, fsp)) {
3939 END_PROFILE(SMBwriteX);
3943 if (!CHECK_WRITE(fsp)) {
3944 reply_doserror(req, ERRDOS, ERRbadaccess);
3945 END_PROFILE(SMBwriteX);
3949 data = smb_base(req->inbuf) + smb_doff;
3951 if(req->wct == 14) {
3952 #ifdef LARGE_SMB_OFF_T
3954 * This is a large offset (64 bit) write.
3956 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
3958 #else /* !LARGE_SMB_OFF_T */
3961 * Ensure we haven't been sent a >32 bit offset.
3964 if(IVAL(req->vwv+12, 0) != 0) {
3965 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3966 "used and we don't support 64 bit offsets.\n",
3967 (unsigned int)IVAL(req->vwv+12, 0) ));
3968 reply_doserror(req, ERRDOS, ERRbadaccess);
3969 END_PROFILE(SMBwriteX);
3973 #endif /* LARGE_SMB_OFF_T */
3976 if (is_locked(fsp,(uint32)req->smbpid,
3977 (uint64_t)numtowrite,
3978 (uint64_t)startpos, WRITE_LOCK)) {
3979 reply_doserror(req, ERRDOS, ERRlock);
3980 END_PROFILE(SMBwriteX);
3984 /* X/Open SMB protocol says that, unlike SMBwrite
3985 if the length is zero then NO truncation is
3986 done, just a write of zero. To truncate a file,
3989 if(numtowrite == 0) {
3993 if ((req->unread_bytes == 0) &&
3994 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
3996 END_PROFILE(SMBwriteX);
4000 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4003 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4004 reply_unixerror(req, ERRHRD, ERRdiskfull);
4005 END_PROFILE(SMBwriteX);
4009 reply_outbuf(req, 6, 0);
4010 SSVAL(req->outbuf,smb_vwv2,nwritten);
4011 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4013 if (nwritten < (ssize_t)numtowrite) {
4014 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4015 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4018 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4019 fsp->fnum, (int)numtowrite, (int)nwritten));
4021 status = sync_file(conn, fsp, write_through);
4022 if (!NT_STATUS_IS_OK(status)) {
4023 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4024 fsp->fsp_name, nt_errstr(status) ));
4025 reply_nterror(req, status);
4026 END_PROFILE(SMBwriteX);
4030 END_PROFILE(SMBwriteX);
4035 /****************************************************************************
4037 ****************************************************************************/
4039 void reply_lseek(struct smb_request *req)
4041 connection_struct *conn = req->conn;
4047 START_PROFILE(SMBlseek);
4050 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4051 END_PROFILE(SMBlseek);
4055 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4057 if (!check_fsp(conn, req, fsp)) {
4061 flush_write_cache(fsp, SEEK_FLUSH);
4063 mode = SVAL(req->vwv+1, 0) & 3;
4064 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4065 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4074 res = fsp->fh->pos + startpos;
4085 if (umode == SEEK_END) {
4086 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4087 if(errno == EINVAL) {
4088 SMB_OFF_T current_pos = startpos;
4089 SMB_STRUCT_STAT sbuf;
4091 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4092 reply_unixerror(req, ERRDOS,
4094 END_PROFILE(SMBlseek);
4098 current_pos += sbuf.st_size;
4100 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4105 reply_unixerror(req, ERRDOS, ERRnoaccess);
4106 END_PROFILE(SMBlseek);
4113 reply_outbuf(req, 2, 0);
4114 SIVAL(req->outbuf,smb_vwv0,res);
4116 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4117 fsp->fnum, (double)startpos, (double)res, mode));
4119 END_PROFILE(SMBlseek);
4123 /****************************************************************************
4125 ****************************************************************************/
4127 void reply_flush(struct smb_request *req)
4129 connection_struct *conn = req->conn;
4133 START_PROFILE(SMBflush);
4136 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4140 fnum = SVAL(req->vwv+0, 0);
4141 fsp = file_fsp(req, fnum);
4143 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4148 file_sync_all(conn);
4150 NTSTATUS status = sync_file(conn, fsp, True);
4151 if (!NT_STATUS_IS_OK(status)) {
4152 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4153 fsp->fsp_name, nt_errstr(status) ));
4154 reply_nterror(req, status);
4155 END_PROFILE(SMBflush);
4160 reply_outbuf(req, 0, 0);
4162 DEBUG(3,("flush\n"));
4163 END_PROFILE(SMBflush);
4167 /****************************************************************************
4169 conn POINTER CAN BE NULL HERE !
4170 ****************************************************************************/
4172 void reply_exit(struct smb_request *req)
4174 START_PROFILE(SMBexit);
4176 file_close_pid(req->smbpid, req->vuid);
4178 reply_outbuf(req, 0, 0);
4180 DEBUG(3,("exit\n"));
4182 END_PROFILE(SMBexit);
4186 /****************************************************************************
4187 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4188 ****************************************************************************/
4190 void reply_close(struct smb_request *req)
4192 connection_struct *conn = req->conn;
4193 NTSTATUS status = NT_STATUS_OK;
4194 files_struct *fsp = NULL;
4195 START_PROFILE(SMBclose);
4198 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4199 END_PROFILE(SMBclose);
4203 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4206 * We can only use check_fsp if we know it's not a directory.
4209 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4210 reply_doserror(req, ERRDOS, ERRbadfid);
4211 END_PROFILE(SMBclose);
4215 if(fsp->is_directory) {
4217 * Special case - close NT SMB directory handle.
4219 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4220 status = close_file(req, fsp, NORMAL_CLOSE);
4224 * Close ordinary file.
4227 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4228 fsp->fh->fd, fsp->fnum,
4229 conn->num_files_open));
4232 * Take care of any time sent in the close.
4235 t = srv_make_unix_date3(req->vwv+1);
4236 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4239 * close_file() returns the unix errno if an error
4240 * was detected on close - normally this is due to
4241 * a disk full error. If not then it was probably an I/O error.
4244 status = close_file(req, fsp, NORMAL_CLOSE);
4247 if (!NT_STATUS_IS_OK(status)) {
4248 reply_nterror(req, status);
4249 END_PROFILE(SMBclose);
4253 reply_outbuf(req, 0, 0);
4254 END_PROFILE(SMBclose);
4258 /****************************************************************************
4259 Reply to a writeclose (Core+ protocol).
4260 ****************************************************************************/
4262 void reply_writeclose(struct smb_request *req)
4264 connection_struct *conn = req->conn;
4266 ssize_t nwritten = -1;
4267 NTSTATUS close_status = NT_STATUS_OK;
4270 struct timespec mtime;
4273 START_PROFILE(SMBwriteclose);
4276 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4277 END_PROFILE(SMBwriteclose);
4281 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4283 if (!check_fsp(conn, req, fsp)) {
4284 END_PROFILE(SMBwriteclose);
4287 if (!CHECK_WRITE(fsp)) {
4288 reply_doserror(req, ERRDOS,ERRbadaccess);
4289 END_PROFILE(SMBwriteclose);
4293 numtowrite = SVAL(req->vwv+1, 0);
4294 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4295 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4296 data = (const char *)req->buf + 1;
4299 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
4300 (uint64_t)startpos, WRITE_LOCK)) {
4301 reply_doserror(req, ERRDOS,ERRlock);
4302 END_PROFILE(SMBwriteclose);
4306 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4308 set_close_write_time(fsp, mtime);
4311 * More insanity. W2K only closes the file if writelen > 0.
4316 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4318 close_status = close_file(req, fsp, NORMAL_CLOSE);
4321 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4322 fsp->fnum, (int)numtowrite, (int)nwritten,
4323 conn->num_files_open));
4325 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4326 reply_doserror(req, ERRHRD, ERRdiskfull);
4327 END_PROFILE(SMBwriteclose);
4331 if(!NT_STATUS_IS_OK(close_status)) {
4332 reply_nterror(req, close_status);
4333 END_PROFILE(SMBwriteclose);
4337 reply_outbuf(req, 1, 0);
4339 SSVAL(req->outbuf,smb_vwv0,nwritten);
4340 END_PROFILE(SMBwriteclose);
4345 #define DBGC_CLASS DBGC_LOCKING
4347 /****************************************************************************
4349 ****************************************************************************/
4351 void reply_lock(struct smb_request *req)
4353 connection_struct *conn = req->conn;
4354 uint64_t count,offset;
4357 struct byte_range_lock *br_lck = NULL;
4359 START_PROFILE(SMBlock);
4362 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4363 END_PROFILE(SMBlock);
4367 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4369 if (!check_fsp(conn, req, fsp)) {
4370 END_PROFILE(SMBlock);
4374 release_level_2_oplocks_on_change(fsp);
4376 count = (uint64_t)IVAL(req->vwv+1, 0);
4377 offset = (uint64_t)IVAL(req->vwv+3, 0);
4379 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4380 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4382 br_lck = do_lock(smbd_messaging_context(),
4389 False, /* Non-blocking lock. */
4393 TALLOC_FREE(br_lck);
4395 if (NT_STATUS_V(status)) {
4396 reply_nterror(req, status);
4397 END_PROFILE(SMBlock);
4401 reply_outbuf(req, 0, 0);
4403 END_PROFILE(SMBlock);
4407 /****************************************************************************
4409 ****************************************************************************/
4411 void reply_unlock(struct smb_request *req)
4413 connection_struct *conn = req->conn;
4414 uint64_t count,offset;
4418 START_PROFILE(SMBunlock);
4421 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4422 END_PROFILE(SMBunlock);
4426 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4428 if (!check_fsp(conn, req, fsp)) {
4429 END_PROFILE(SMBunlock);
4433 count = (uint64_t)IVAL(req->vwv+1, 0);
4434 offset = (uint64_t)IVAL(req->vwv+3, 0);
4436 status = do_unlock(smbd_messaging_context(),
4443 if (NT_STATUS_V(status)) {
4444 reply_nterror(req, status);
4445 END_PROFILE(SMBunlock);
4449 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4450 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4452 reply_outbuf(req, 0, 0);
4454 END_PROFILE(SMBunlock);
4459 #define DBGC_CLASS DBGC_ALL
4461 /****************************************************************************
4463 conn POINTER CAN BE NULL HERE !
4464 ****************************************************************************/
4466 void reply_tdis(struct smb_request *req)
4468 connection_struct *conn = req->conn;
4469 START_PROFILE(SMBtdis);
4472 DEBUG(4,("Invalid connection in tdis\n"));
4473 reply_doserror(req, ERRSRV, ERRinvnid);
4474 END_PROFILE(SMBtdis);
4480 close_cnum(conn,req->vuid);
4483 reply_outbuf(req, 0, 0);
4484 END_PROFILE(SMBtdis);
4488 /****************************************************************************
4490 conn POINTER CAN BE NULL HERE !
4491 ****************************************************************************/
4493 void reply_echo(struct smb_request *req)
4495 connection_struct *conn = req->conn;
4499 START_PROFILE(SMBecho);
4502 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4503 END_PROFILE(SMBecho);
4507 smb_reverb = SVAL(req->vwv+0, 0);
4509 reply_outbuf(req, 1, req->buflen);
4511 /* copy any incoming data back out */
4512 if (req->buflen > 0) {
4513 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4516 if (smb_reverb > 100) {
4517 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4521 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4522 SSVAL(req->outbuf,smb_vwv0,seq_num);
4524 show_msg((char *)req->outbuf);
4525 if (!srv_send_smb(smbd_server_fd(),
4526 (char *)req->outbuf,
4527 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4528 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4531 DEBUG(3,("echo %d times\n", smb_reverb));
4533 TALLOC_FREE(req->outbuf);
4535 END_PROFILE(SMBecho);
4539 /****************************************************************************
4540 Reply to a printopen.
4541 ****************************************************************************/
4543 void reply_printopen(struct smb_request *req)
4545 connection_struct *conn = req->conn;
4549 START_PROFILE(SMBsplopen);
4552 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4553 END_PROFILE(SMBsplopen);
4557 if (!CAN_PRINT(conn)) {
4558 reply_doserror(req, ERRDOS, ERRnoaccess);
4559 END_PROFILE(SMBsplopen);
4563 /* Open for exclusive use, write only. */
4564 status = print_fsp_open(req, conn, NULL, req->vuid, &fsp);
4566 if (!NT_STATUS_IS_OK(status)) {
4567 reply_nterror(req, status);
4568 END_PROFILE(SMBsplopen);
4572 reply_outbuf(req, 1, 0);
4573 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4575 DEBUG(3,("openprint fd=%d fnum=%d\n",
4576 fsp->fh->fd, fsp->fnum));
4578 END_PROFILE(SMBsplopen);
4582 /****************************************************************************
4583 Reply to a printclose.
4584 ****************************************************************************/
4586 void reply_printclose(struct smb_request *req)
4588 connection_struct *conn = req->conn;
4592 START_PROFILE(SMBsplclose);
4595 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4596 END_PROFILE(SMBsplclose);
4600 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4602 if (!check_fsp(conn, req, fsp)) {
4603 END_PROFILE(SMBsplclose);
4607 if (!CAN_PRINT(conn)) {
4608 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4609 END_PROFILE(SMBsplclose);
4613 DEBUG(3,("printclose fd=%d fnum=%d\n",
4614 fsp->fh->fd,fsp->fnum));
4616 status = close_file(req, fsp, NORMAL_CLOSE);
4618 if(!NT_STATUS_IS_OK(status)) {
4619 reply_nterror(req, status);
4620 END_PROFILE(SMBsplclose);
4624 reply_outbuf(req, 0, 0);
4626 END_PROFILE(SMBsplclose);
4630 /****************************************************************************
4631 Reply to a printqueue.
4632 ****************************************************************************/
4634 void reply_printqueue(struct smb_request *req)
4636 connection_struct *conn = req->conn;
4640 START_PROFILE(SMBsplretq);
4643 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4644 END_PROFILE(SMBsplretq);
4648 max_count = SVAL(req->vwv+0, 0);
4649 start_index = SVAL(req->vwv+1, 0);
4651 /* we used to allow the client to get the cnum wrong, but that
4652 is really quite gross and only worked when there was only
4653 one printer - I think we should now only accept it if they
4654 get it right (tridge) */
4655 if (!CAN_PRINT(conn)) {
4656 reply_doserror(req, ERRDOS, ERRnoaccess);
4657 END_PROFILE(SMBsplretq);
4661 reply_outbuf(req, 2, 3);
4662 SSVAL(req->outbuf,smb_vwv0,0);
4663 SSVAL(req->outbuf,smb_vwv1,0);
4664 SCVAL(smb_buf(req->outbuf),0,1);
4665 SSVAL(smb_buf(req->outbuf),1,0);
4667 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4668 start_index, max_count));
4671 print_queue_struct *queue = NULL;
4672 print_status_struct status;
4673 int count = print_queue_status(SNUM(conn), &queue, &status);
4674 int num_to_get = ABS(max_count);
4675 int first = (max_count>0?start_index:start_index+max_count+1);
4681 num_to_get = MIN(num_to_get,count-first);
4684 for (i=first;i<first+num_to_get;i++) {
4688 srv_put_dos_date2(p,0,queue[i].time);
4689 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4690 SSVAL(p,5, queue[i].job);
4691 SIVAL(p,7,queue[i].size);
4693 srvstr_push(blob, req->flags2, p+12,
4694 queue[i].fs_user, 16, STR_ASCII);
4696 if (message_push_blob(
4699 blob, sizeof(blob))) == -1) {
4700 reply_nterror(req, NT_STATUS_NO_MEMORY);
4701 END_PROFILE(SMBsplretq);
4707 SSVAL(req->outbuf,smb_vwv0,count);
4708 SSVAL(req->outbuf,smb_vwv1,
4709 (max_count>0?first+count:first-1));
4710 SCVAL(smb_buf(req->outbuf),0,1);
4711 SSVAL(smb_buf(req->outbuf),1,28*count);
4716 DEBUG(3,("%d entries returned in queue\n",count));
4719 END_PROFILE(SMBsplretq);
4723 /****************************************************************************
4724 Reply to a printwrite.
4725 ****************************************************************************/
4727 void reply_printwrite(struct smb_request *req)
4729 connection_struct *conn = req->conn;
4734 START_PROFILE(SMBsplwr);
4737 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4738 END_PROFILE(SMBsplwr);
4742 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4744 if (!check_fsp(conn, req, fsp)) {
4745 END_PROFILE(SMBsplwr);
4749 if (!CAN_PRINT(conn)) {
4750 reply_doserror(req, ERRDOS, ERRnoaccess);
4751 END_PROFILE(SMBsplwr);
4755 if (!CHECK_WRITE(fsp)) {
4756 reply_doserror(req, ERRDOS, ERRbadaccess);
4757 END_PROFILE(SMBsplwr);
4761 numtowrite = SVAL(req->buf, 1);
4763 if (req->buflen < numtowrite + 3) {
4764 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4765 END_PROFILE(SMBsplwr);
4769 data = (const char *)req->buf + 3;
4771 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4772 reply_unixerror(req, ERRHRD, ERRdiskfull);
4773 END_PROFILE(SMBsplwr);
4777 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4779 END_PROFILE(SMBsplwr);
4783 /****************************************************************************
4785 ****************************************************************************/
4787 void reply_mkdir(struct smb_request *req)
4789 connection_struct *conn = req->conn;
4790 char *directory = NULL;
4792 SMB_STRUCT_STAT sbuf;
4793 TALLOC_CTX *ctx = talloc_tos();
4795 START_PROFILE(SMBmkdir);
4797 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
4798 STR_TERMINATE, &status);
4799 if (!NT_STATUS_IS_OK(status)) {
4800 reply_nterror(req, status);
4801 END_PROFILE(SMBmkdir);
4805 status = resolve_dfspath(ctx, conn,
4806 req->flags2 & FLAGS2_DFS_PATHNAMES,
4809 if (!NT_STATUS_IS_OK(status)) {
4810 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4811 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4812 ERRSRV, ERRbadpath);
4813 END_PROFILE(SMBmkdir);
4816 reply_nterror(req, status);
4817 END_PROFILE(SMBmkdir);
4821 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4822 if (!NT_STATUS_IS_OK(status)) {
4823 reply_nterror(req, status);
4824 END_PROFILE(SMBmkdir);
4828 status = check_name(conn, directory);
4829 if (!NT_STATUS_IS_OK(status)) {
4830 reply_nterror(req, status);
4831 END_PROFILE(SMBmkdir);
4835 status = create_directory(conn, req, directory);
4837 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4839 if (!NT_STATUS_IS_OK(status)) {
4841 if (!use_nt_status()
4842 && NT_STATUS_EQUAL(status,
4843 NT_STATUS_OBJECT_NAME_COLLISION)) {
4845 * Yes, in the DOS error code case we get a
4846 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4847 * samba4 torture test.
4849 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4852 reply_nterror(req, status);
4853 END_PROFILE(SMBmkdir);
4857 reply_outbuf(req, 0, 0);
4859 DEBUG( 3, ( "mkdir %s\n", directory ) );
4861 END_PROFILE(SMBmkdir);
4865 /****************************************************************************
4866 Static function used by reply_rmdir to delete an entire directory
4867 tree recursively. Return True on ok, False on fail.
4868 ****************************************************************************/
4870 static bool recursive_rmdir(TALLOC_CTX *ctx,
4871 connection_struct *conn,
4874 const char *dname = NULL;
4877 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4883 while((dname = ReadDirName(dir_hnd, &offset))) {
4884 char *fullname = NULL;
4887 if (ISDOT(dname) || ISDOTDOT(dname)) {
4891 if (!is_visible_file(conn, directory, dname, &st, False)) {
4895 /* Construct the full name. */
4896 fullname = talloc_asprintf(ctx,
4906 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4911 if(st.st_mode & S_IFDIR) {
4912 if(!recursive_rmdir(ctx, conn, fullname)) {
4916 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4920 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4924 TALLOC_FREE(fullname);
4926 TALLOC_FREE(dir_hnd);
4930 /****************************************************************************
4931 The internals of the rmdir code - called elsewhere.
4932 ****************************************************************************/
4934 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4935 connection_struct *conn,
4936 const char *directory)
4941 /* Might be a symlink. */
4942 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4943 return map_nt_error_from_unix(errno);
4946 if (S_ISLNK(st.st_mode)) {
4947 /* Is what it points to a directory ? */
4948 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4949 return map_nt_error_from_unix(errno);
4951 if (!(S_ISDIR(st.st_mode))) {
4952 return NT_STATUS_NOT_A_DIRECTORY;
4954 ret = SMB_VFS_UNLINK(conn,directory);
4956 ret = SMB_VFS_RMDIR(conn,directory);
4959 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4960 FILE_NOTIFY_CHANGE_DIR_NAME,
4962 return NT_STATUS_OK;
4965 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4967 * Check to see if the only thing in this directory are
4968 * vetoed files/directories. If so then delete them and
4969 * retry. If we fail to delete any of them (and we *don't*
4970 * do a recursive delete) then fail the rmdir.
4974 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
4975 directory, NULL, 0);
4977 if(dir_hnd == NULL) {
4982 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4983 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4985 if (!is_visible_file(conn, directory, dname, &st, False))
4987 if(!IS_VETO_PATH(conn, dname)) {
4988 TALLOC_FREE(dir_hnd);
4994 /* We only have veto files/directories. Recursive delete. */
4996 RewindDir(dir_hnd,&dirpos);
4997 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4998 char *fullname = NULL;
5000 if (ISDOT(dname) || ISDOTDOT(dname)) {
5003 if (!is_visible_file(conn, directory, dname, &st, False)) {
5007 fullname = talloc_asprintf(ctx,
5017 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5020 if(st.st_mode & S_IFDIR) {
5021 if(lp_recursive_veto_delete(SNUM(conn))) {
5022 if(!recursive_rmdir(ctx, conn, fullname))
5025 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5028 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5031 TALLOC_FREE(fullname);
5033 TALLOC_FREE(dir_hnd);
5034 /* Retry the rmdir */
5035 ret = SMB_VFS_RMDIR(conn,directory);
5041 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5042 "%s\n", directory,strerror(errno)));
5043 return map_nt_error_from_unix(errno);
5046 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5047 FILE_NOTIFY_CHANGE_DIR_NAME,
5050 return NT_STATUS_OK;
5053 /****************************************************************************
5055 ****************************************************************************/
5057 void reply_rmdir(struct smb_request *req)
5059 connection_struct *conn = req->conn;
5060 char *directory = NULL;
5061 SMB_STRUCT_STAT sbuf;
5063 TALLOC_CTX *ctx = talloc_tos();
5065 START_PROFILE(SMBrmdir);
5067 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5068 STR_TERMINATE, &status);
5069 if (!NT_STATUS_IS_OK(status)) {
5070 reply_nterror(req, status);
5071 END_PROFILE(SMBrmdir);
5075 status = resolve_dfspath(ctx, conn,
5076 req->flags2 & FLAGS2_DFS_PATHNAMES,
5079 if (!NT_STATUS_IS_OK(status)) {
5080 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5081 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5082 ERRSRV, ERRbadpath);
5083 END_PROFILE(SMBrmdir);
5086 reply_nterror(req, status);
5087 END_PROFILE(SMBrmdir);
5091 status = unix_convert(ctx, conn, directory, False, &directory,
5093 if (!NT_STATUS_IS_OK(status)) {
5094 reply_nterror(req, status);
5095 END_PROFILE(SMBrmdir);
5099 status = check_name(conn, directory);
5100 if (!NT_STATUS_IS_OK(status)) {
5101 reply_nterror(req, status);
5102 END_PROFILE(SMBrmdir);
5106 dptr_closepath(directory, req->smbpid);
5107 status = rmdir_internals(ctx, conn, directory);
5108 if (!NT_STATUS_IS_OK(status)) {
5109 reply_nterror(req, status);
5110 END_PROFILE(SMBrmdir);
5114 reply_outbuf(req, 0, 0);
5116 DEBUG( 3, ( "rmdir %s\n", directory ) );
5118 END_PROFILE(SMBrmdir);
5122 /*******************************************************************
5123 Resolve wildcards in a filename rename.
5124 ********************************************************************/
5126 static bool resolve_wildcards(TALLOC_CTX *ctx,
5131 char *name2_copy = NULL;
5136 char *p,*p2, *pname1, *pname2;
5138 name2_copy = talloc_strdup(ctx, name2);
5143 pname1 = strrchr_m(name1,'/');
5144 pname2 = strrchr_m(name2_copy,'/');
5146 if (!pname1 || !pname2) {
5150 /* Truncate the copy of name2 at the last '/' */
5153 /* Now go past the '/' */
5157 root1 = talloc_strdup(ctx, pname1);
5158 root2 = talloc_strdup(ctx, pname2);
5160 if (!root1 || !root2) {
5164 p = strrchr_m(root1,'.');
5167 ext1 = talloc_strdup(ctx, p+1);
5169 ext1 = talloc_strdup(ctx, "");
5171 p = strrchr_m(root2,'.');
5174 ext2 = talloc_strdup(ctx, p+1);
5176 ext2 = talloc_strdup(ctx, "");
5179 if (!ext1 || !ext2) {
5187 /* Hmmm. Should this be mb-aware ? */
5190 } else if (*p2 == '*') {
5192 root2 = talloc_asprintf(ctx, "%s%s",
5211 /* Hmmm. Should this be mb-aware ? */
5214 } else if (*p2 == '*') {
5216 ext2 = talloc_asprintf(ctx, "%s%s",
5232 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5237 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5249 /****************************************************************************
5250 Ensure open files have their names updated. Updated to notify other smbd's
5252 ****************************************************************************/
5254 static void rename_open_files(connection_struct *conn,
5255 struct share_mode_lock *lck,
5256 const char *newname)
5259 bool did_rename = False;
5261 for(fsp = file_find_di_first(lck->id); fsp;
5262 fsp = file_find_di_next(fsp)) {
5263 /* fsp_name is a relative path under the fsp. To change this for other
5264 sharepaths we need to manipulate relative paths. */
5265 /* TODO - create the absolute path and manipulate the newname
5266 relative to the sharepath. */
5267 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5270 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5271 fsp->fnum, file_id_string_tos(&fsp->file_id),
5272 fsp->fsp_name, newname ));
5273 string_set(&fsp->fsp_name, newname);
5278 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5279 file_id_string_tos(&lck->id), newname ));
5282 /* Send messages to all smbd's (not ourself) that the name has changed. */
5283 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5287 /****************************************************************************
5288 We need to check if the source path is a parent directory of the destination
5289 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5290 refuse the rename with a sharing violation. Under UNIX the above call can
5291 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5292 probably need to check that the client is a Windows one before disallowing
5293 this as a UNIX client (one with UNIX extensions) can know the source is a
5294 symlink and make this decision intelligently. Found by an excellent bug
5295 report from <AndyLiebman@aol.com>.
5296 ****************************************************************************/
5298 static bool rename_path_prefix_equal(const char *src, const char *dest)
5300 const char *psrc = src;
5301 const char *pdst = dest;
5304 if (psrc[0] == '.' && psrc[1] == '/') {
5307 if (pdst[0] == '.' && pdst[1] == '/') {
5310 if ((slen = strlen(psrc)) > strlen(pdst)) {
5313 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5317 * Do the notify calls from a rename
5320 static void notify_rename(connection_struct *conn, bool is_dir,
5321 const char *oldpath, const char *newpath)
5323 char *olddir, *newdir;
5324 const char *oldname, *newname;
5327 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5328 : FILE_NOTIFY_CHANGE_FILE_NAME;
5330 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5331 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5332 TALLOC_FREE(olddir);
5336 if (strcmp(olddir, newdir) == 0) {
5337 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5338 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5341 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5342 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5344 TALLOC_FREE(olddir);
5345 TALLOC_FREE(newdir);
5347 /* this is a strange one. w2k3 gives an additional event for
5348 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5349 files, but not directories */
5351 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5352 FILE_NOTIFY_CHANGE_ATTRIBUTES
5353 |FILE_NOTIFY_CHANGE_CREATION,
5358 /****************************************************************************
5359 Rename an open file - given an fsp.
5360 ****************************************************************************/
5362 NTSTATUS rename_internals_fsp(connection_struct *conn,
5365 const char *newname_last_component,
5367 bool replace_if_exists)
5369 TALLOC_CTX *ctx = talloc_tos();
5370 SMB_STRUCT_STAT sbuf, sbuf1;
5371 NTSTATUS status = NT_STATUS_OK;
5372 struct share_mode_lock *lck = NULL;
5377 status = check_name(conn, newname);
5378 if (!NT_STATUS_IS_OK(status)) {
5382 /* Ensure newname contains a '/' */
5383 if(strrchr_m(newname,'/') == 0) {
5384 newname = talloc_asprintf(ctx,
5388 return NT_STATUS_NO_MEMORY;
5393 * Check for special case with case preserving and not
5394 * case sensitive. If the old last component differs from the original
5395 * last component only by case, then we should allow
5396 * the rename (user is trying to change the case of the
5400 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5401 strequal(newname, fsp->fsp_name)) {
5403 char *newname_modified_last_component = NULL;
5406 * Get the last component of the modified name.
5407 * Note that we guarantee that newname contains a '/'
5410 p = strrchr_m(newname,'/');
5411 newname_modified_last_component = talloc_strdup(ctx,
5413 if (!newname_modified_last_component) {
5414 return NT_STATUS_NO_MEMORY;
5417 if(strcsequal(newname_modified_last_component,
5418 newname_last_component) == False) {
5420 * Replace the modified last component with
5423 *p = '\0'; /* Truncate at the '/' */
5424 newname = talloc_asprintf(ctx,
5427 newname_last_component);
5432 * If the src and dest names are identical - including case,
5433 * don't do the rename, just return success.
5436 if (strcsequal(fsp->fsp_name, newname)) {
5437 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5439 return NT_STATUS_OK;
5443 * Have vfs_object_exist also fill sbuf1
5445 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5447 if(!replace_if_exists && dst_exists) {
5448 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5449 fsp->fsp_name,newname));
5450 return NT_STATUS_OBJECT_NAME_COLLISION;
5454 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5455 files_struct *dst_fsp = file_find_di_first(fileid);
5457 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5458 return NT_STATUS_ACCESS_DENIED;
5462 /* Ensure we have a valid stat struct for the source. */
5463 if (fsp->fh->fd != -1) {
5464 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5465 return map_nt_error_from_unix(errno);
5468 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5469 return map_nt_error_from_unix(errno);
5473 status = can_rename(conn, fsp, attrs, &sbuf);
5475 if (!NT_STATUS_IS_OK(status)) {
5476 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5477 nt_errstr(status), fsp->fsp_name,newname));
5478 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5479 status = NT_STATUS_ACCESS_DENIED;
5483 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5484 return NT_STATUS_ACCESS_DENIED;
5487 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5491 * We have the file open ourselves, so not being able to get the
5492 * corresponding share mode lock is a fatal error.
5495 SMB_ASSERT(lck != NULL);
5497 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5498 uint32 create_options = fsp->fh->private_options;
5500 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5501 fsp->fsp_name,newname));
5503 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5505 rename_open_files(conn, lck, newname);
5508 * A rename acts as a new file create w.r.t. allowing an initial delete
5509 * on close, probably because in Windows there is a new handle to the
5510 * new file. If initial delete on close was requested but not
5511 * originally set, we need to set it here. This is probably not 100% correct,
5512 * but will work for the CIFSFS client which in non-posix mode
5513 * depends on these semantics. JRA.
5516 set_allow_initial_delete_on_close(lck, fsp, True);
5518 if (create_options & FILE_DELETE_ON_CLOSE) {
5519 status = can_set_delete_on_close(fsp, True, 0);
5521 if (NT_STATUS_IS_OK(status)) {
5522 /* Note that here we set the *inital* delete on close flag,
5523 * not the regular one. The magic gets handled in close. */
5524 fsp->initial_delete_on_close = True;
5528 return NT_STATUS_OK;
5533 if (errno == ENOTDIR || errno == EISDIR) {
5534 status = NT_STATUS_OBJECT_NAME_COLLISION;
5536 status = map_nt_error_from_unix(errno);
5539 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5540 nt_errstr(status), fsp->fsp_name,newname));
5545 /****************************************************************************
5546 The guts of the rename command, split out so it may be called by the NT SMB
5548 ****************************************************************************/
5550 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5551 connection_struct *conn,
5552 struct smb_request *req,
5553 const char *name_in,
5554 const char *newname_in,
5556 bool replace_if_exists,
5559 uint32_t access_mask)
5561 char *directory = NULL;
5563 char *last_component_src = NULL;
5564 char *last_component_dest = NULL;
5566 char *newname = NULL;
5569 NTSTATUS status = NT_STATUS_OK;
5570 SMB_STRUCT_STAT sbuf1, sbuf2;
5571 struct smb_Dir *dir_hnd = NULL;
5578 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5579 &last_component_src, &sbuf1);
5580 if (!NT_STATUS_IS_OK(status)) {
5584 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5585 &last_component_dest, &sbuf2);
5586 if (!NT_STATUS_IS_OK(status)) {
5591 * Split the old name into directory and last component
5592 * strings. Note that unix_convert may have stripped off a
5593 * leading ./ from both name and newname if the rename is
5594 * at the root of the share. We need to make sure either both
5595 * name and newname contain a / character or neither of them do
5596 * as this is checked in resolve_wildcards().
5599 p = strrchr_m(name,'/');
5601 directory = talloc_strdup(ctx, ".");
5603 return NT_STATUS_NO_MEMORY;
5608 directory = talloc_strdup(ctx, name);
5610 return NT_STATUS_NO_MEMORY;
5613 *p = '/'; /* Replace needed for exceptional test below. */
5617 * We should only check the mangled cache
5618 * here if unix_convert failed. This means
5619 * that the path in 'mask' doesn't exist
5620 * on the file system and so we need to look
5621 * for a possible mangle. This patch from
5622 * Tine Smukavec <valentin.smukavec@hermes.si>.
5625 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5626 char *new_mask = NULL;
5627 mangle_lookup_name_from_8_3(ctx,
5636 if (!src_has_wild) {
5640 * No wildcards - just process the one file.
5642 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5644 /* Add a terminating '/' to the directory name. */
5645 directory = talloc_asprintf_append(directory,
5649 return NT_STATUS_NO_MEMORY;
5652 /* Ensure newname contains a '/' also */
5653 if(strrchr_m(newname,'/') == 0) {
5654 newname = talloc_asprintf(ctx,
5658 return NT_STATUS_NO_MEMORY;
5662 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5663 "case_preserve = %d, short case preserve = %d, "
5664 "directory = %s, newname = %s, "
5665 "last_component_dest = %s, is_8_3 = %d\n",
5666 conn->case_sensitive, conn->case_preserve,
5667 conn->short_case_preserve, directory,
5668 newname, last_component_dest, is_short_name));
5670 /* The dest name still may have wildcards. */
5671 if (dest_has_wild) {
5672 char *mod_newname = NULL;
5673 if (!resolve_wildcards(ctx,
5674 directory,newname,&mod_newname)) {
5675 DEBUG(6, ("rename_internals: resolve_wildcards "
5679 return NT_STATUS_NO_MEMORY;
5681 newname = mod_newname;
5685 SMB_VFS_STAT(conn, directory, &sbuf1);
5687 status = S_ISDIR(sbuf1.st_mode) ?
5688 open_directory(conn, req, directory, &sbuf1,
5690 FILE_SHARE_READ|FILE_SHARE_WRITE,
5691 FILE_OPEN, 0, 0, NULL,
5693 : open_file_ntcreate(conn, req, directory, &sbuf1,
5695 FILE_SHARE_READ|FILE_SHARE_WRITE,
5696 FILE_OPEN, 0, 0, 0, NULL,
5699 if (!NT_STATUS_IS_OK(status)) {
5700 DEBUG(3, ("Could not open rename source %s: %s\n",
5701 directory, nt_errstr(status)));
5705 status = rename_internals_fsp(conn, fsp, newname,
5706 last_component_dest,
5707 attrs, replace_if_exists);
5709 close_file(req, fsp, NORMAL_CLOSE);
5711 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5712 nt_errstr(status), directory,newname));
5718 * Wildcards - process each file that matches.
5720 if (strequal(mask,"????????.???")) {
5725 status = check_name(conn, directory);
5726 if (!NT_STATUS_IS_OK(status)) {
5730 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5731 if (dir_hnd == NULL) {
5732 return map_nt_error_from_unix(errno);
5735 status = NT_STATUS_NO_SUCH_FILE;
5737 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5738 * - gentest fix. JRA
5741 while ((dname = ReadDirName(dir_hnd, &offset))) {
5742 files_struct *fsp = NULL;
5744 char *destname = NULL;
5745 bool sysdir_entry = False;
5747 /* Quick check for "." and ".." */
5748 if (ISDOT(dname) || ISDOTDOT(dname)) {
5750 sysdir_entry = True;
5756 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5760 if(!mask_match(dname, mask, conn->case_sensitive)) {
5765 status = NT_STATUS_OBJECT_NAME_INVALID;
5769 fname = talloc_asprintf(ctx,
5774 return NT_STATUS_NO_MEMORY;
5777 if (!resolve_wildcards(ctx,
5778 fname,newname,&destname)) {
5779 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5785 return NT_STATUS_NO_MEMORY;
5789 SMB_VFS_STAT(conn, fname, &sbuf1);
5791 status = S_ISDIR(sbuf1.st_mode) ?
5792 open_directory(conn, req, fname, &sbuf1,
5794 FILE_SHARE_READ|FILE_SHARE_WRITE,
5795 FILE_OPEN, 0, 0, NULL,
5797 : open_file_ntcreate(conn, req, fname, &sbuf1,
5799 FILE_SHARE_READ|FILE_SHARE_WRITE,
5800 FILE_OPEN, 0, 0, 0, NULL,
5803 if (!NT_STATUS_IS_OK(status)) {
5804 DEBUG(3,("rename_internals: open_file_ntcreate "
5805 "returned %s rename %s -> %s\n",
5806 nt_errstr(status), directory, newname));
5810 status = rename_internals_fsp(conn, fsp, destname, dname,
5811 attrs, replace_if_exists);
5813 close_file(req, fsp, NORMAL_CLOSE);
5815 if (!NT_STATUS_IS_OK(status)) {
5816 DEBUG(3, ("rename_internals_fsp returned %s for "
5817 "rename %s -> %s\n", nt_errstr(status),
5818 directory, newname));
5824 DEBUG(3,("rename_internals: doing rename on %s -> "
5825 "%s\n",fname,destname));
5828 TALLOC_FREE(destname);
5830 TALLOC_FREE(dir_hnd);
5832 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
5833 status = map_nt_error_from_unix(errno);
5839 /****************************************************************************
5841 ****************************************************************************/
5843 void reply_mv(struct smb_request *req)
5845 connection_struct *conn = req->conn;
5847 char *newname = NULL;
5851 bool src_has_wcard = False;
5852 bool dest_has_wcard = False;
5853 TALLOC_CTX *ctx = talloc_tos();
5855 START_PROFILE(SMBmv);
5858 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5863 attrs = SVAL(req->vwv+0, 0);
5865 p = (const char *)req->buf + 1;
5866 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
5867 &status, &src_has_wcard);
5868 if (!NT_STATUS_IS_OK(status)) {
5869 reply_nterror(req, status);
5874 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
5875 &status, &dest_has_wcard);
5876 if (!NT_STATUS_IS_OK(status)) {
5877 reply_nterror(req, status);
5882 status = resolve_dfspath_wcard(ctx, conn,
5883 req->flags2 & FLAGS2_DFS_PATHNAMES,
5887 if (!NT_STATUS_IS_OK(status)) {
5888 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5889 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5890 ERRSRV, ERRbadpath);
5894 reply_nterror(req, status);
5899 status = resolve_dfspath_wcard(ctx, conn,
5900 req->flags2 & FLAGS2_DFS_PATHNAMES,
5904 if (!NT_STATUS_IS_OK(status)) {
5905 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5906 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5907 ERRSRV, ERRbadpath);
5911 reply_nterror(req, status);
5916 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5918 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5919 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
5920 if (!NT_STATUS_IS_OK(status)) {
5921 if (open_was_deferred(req->mid)) {
5922 /* We have re-scheduled this call. */
5926 reply_nterror(req, status);
5931 reply_outbuf(req, 0, 0);
5937 /*******************************************************************
5938 Copy a file as part of a reply_copy.
5939 ******************************************************************/
5942 * TODO: check error codes on all callers
5945 NTSTATUS copy_file(TALLOC_CTX *ctx,
5946 connection_struct *conn,
5951 bool target_is_directory)
5953 SMB_STRUCT_STAT src_sbuf, sbuf2;
5955 files_struct *fsp1,*fsp2;
5958 uint32 new_create_disposition;
5961 dest = talloc_strdup(ctx, dest1);
5963 return NT_STATUS_NO_MEMORY;
5965 if (target_is_directory) {
5966 const char *p = strrchr_m(src,'/');
5972 dest = talloc_asprintf_append(dest,
5976 return NT_STATUS_NO_MEMORY;
5980 if (!vfs_file_exist(conn,src,&src_sbuf)) {
5982 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
5985 if (!target_is_directory && count) {
5986 new_create_disposition = FILE_OPEN;
5988 if (!map_open_params_to_ntcreate(dest1,0,ofun,
5989 NULL, NULL, &new_create_disposition, NULL)) {
5991 return NT_STATUS_INVALID_PARAMETER;
5995 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
5997 FILE_SHARE_READ|FILE_SHARE_WRITE,
6000 FILE_ATTRIBUTE_NORMAL,
6004 if (!NT_STATUS_IS_OK(status)) {
6009 dosattrs = dos_mode(conn, src, &src_sbuf);
6010 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6011 ZERO_STRUCTP(&sbuf2);
6014 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6016 FILE_SHARE_READ|FILE_SHARE_WRITE,
6017 new_create_disposition,
6025 if (!NT_STATUS_IS_OK(status)) {
6026 close_file(NULL, fsp1, ERROR_CLOSE);
6030 if ((ofun&3) == 1) {
6031 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6032 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6034 * Stop the copy from occurring.
6037 src_sbuf.st_size = 0;
6041 if (src_sbuf.st_size) {
6042 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6045 close_file(NULL, fsp1, NORMAL_CLOSE);
6047 /* Ensure the modtime is set correctly on the destination file. */
6048 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6051 * As we are opening fsp1 read-only we only expect
6052 * an error on close on fsp2 if we are out of space.
6053 * Thus we don't look at the error return from the
6056 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6058 if (!NT_STATUS_IS_OK(status)) {
6062 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6063 return NT_STATUS_DISK_FULL;
6066 return NT_STATUS_OK;
6069 /****************************************************************************
6070 Reply to a file copy.
6071 ****************************************************************************/
6073 void reply_copy(struct smb_request *req)
6075 connection_struct *conn = req->conn;
6077 char *newname = NULL;
6078 char *directory = NULL;
6079 const char *mask = NULL;
6080 const char mask_star[] = "*";
6083 int error = ERRnoaccess;
6088 bool target_is_directory=False;
6089 bool source_has_wild = False;
6090 bool dest_has_wild = False;
6091 SMB_STRUCT_STAT sbuf1, sbuf2;
6093 TALLOC_CTX *ctx = talloc_tos();
6095 START_PROFILE(SMBcopy);
6098 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6099 END_PROFILE(SMBcopy);
6103 tid2 = SVAL(req->vwv+0, 0);
6104 ofun = SVAL(req->vwv+1, 0);
6105 flags = SVAL(req->vwv+2, 0);
6107 p = (const char *)req->buf;
6108 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6109 &status, &source_has_wild);
6110 if (!NT_STATUS_IS_OK(status)) {
6111 reply_nterror(req, status);
6112 END_PROFILE(SMBcopy);
6115 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6116 &status, &dest_has_wild);
6117 if (!NT_STATUS_IS_OK(status)) {
6118 reply_nterror(req, status);
6119 END_PROFILE(SMBcopy);
6123 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6125 if (tid2 != conn->cnum) {
6126 /* can't currently handle inter share copies XXXX */
6127 DEBUG(3,("Rejecting inter-share copy\n"));
6128 reply_doserror(req, ERRSRV, ERRinvdevice);
6129 END_PROFILE(SMBcopy);
6133 status = resolve_dfspath_wcard(ctx, conn,
6134 req->flags2 & FLAGS2_DFS_PATHNAMES,
6138 if (!NT_STATUS_IS_OK(status)) {
6139 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6140 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6141 ERRSRV, ERRbadpath);
6142 END_PROFILE(SMBcopy);
6145 reply_nterror(req, status);
6146 END_PROFILE(SMBcopy);
6150 status = resolve_dfspath_wcard(ctx, conn,
6151 req->flags2 & FLAGS2_DFS_PATHNAMES,
6155 if (!NT_STATUS_IS_OK(status)) {
6156 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6157 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6158 ERRSRV, ERRbadpath);
6159 END_PROFILE(SMBcopy);
6162 reply_nterror(req, status);
6163 END_PROFILE(SMBcopy);
6167 status = unix_convert(ctx, conn, name, source_has_wild,
6168 &name, NULL, &sbuf1);
6169 if (!NT_STATUS_IS_OK(status)) {
6170 reply_nterror(req, status);
6171 END_PROFILE(SMBcopy);
6175 status = unix_convert(ctx, conn, newname, dest_has_wild,
6176 &newname, NULL, &sbuf2);
6177 if (!NT_STATUS_IS_OK(status)) {
6178 reply_nterror(req, status);
6179 END_PROFILE(SMBcopy);
6183 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6185 if ((flags&1) && target_is_directory) {
6186 reply_doserror(req, ERRDOS, ERRbadfile);
6187 END_PROFILE(SMBcopy);
6191 if ((flags&2) && !target_is_directory) {
6192 reply_doserror(req, ERRDOS, ERRbadpath);
6193 END_PROFILE(SMBcopy);
6197 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6198 /* wants a tree copy! XXXX */
6199 DEBUG(3,("Rejecting tree copy\n"));
6200 reply_doserror(req, ERRSRV, ERRerror);
6201 END_PROFILE(SMBcopy);
6205 p = strrchr_m(name,'/');
6207 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6210 directory = talloc_strdup(ctx, "./");
6215 reply_nterror(req, NT_STATUS_NO_MEMORY);
6216 END_PROFILE(SMBcopy);
6221 * We should only check the mangled cache
6222 * here if unix_convert failed. This means
6223 * that the path in 'mask' doesn't exist
6224 * on the file system and so we need to look
6225 * for a possible mangle. This patch from
6226 * Tine Smukavec <valentin.smukavec@hermes.si>.
6229 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6230 char *new_mask = NULL;
6231 mangle_lookup_name_from_8_3(ctx,
6240 if (!source_has_wild) {
6241 directory = talloc_asprintf_append(directory,
6244 if (dest_has_wild) {
6245 char *mod_newname = NULL;
6246 if (!resolve_wildcards(ctx,
6247 directory,newname,&mod_newname)) {
6248 reply_nterror(req, NT_STATUS_NO_MEMORY);
6249 END_PROFILE(SMBcopy);
6252 newname = mod_newname;
6255 status = check_name(conn, directory);
6256 if (!NT_STATUS_IS_OK(status)) {
6257 reply_nterror(req, status);
6258 END_PROFILE(SMBcopy);
6262 status = check_name(conn, newname);
6263 if (!NT_STATUS_IS_OK(status)) {
6264 reply_nterror(req, status);
6265 END_PROFILE(SMBcopy);
6269 status = copy_file(ctx,conn,directory,newname,ofun,
6270 count,target_is_directory);
6272 if(!NT_STATUS_IS_OK(status)) {
6273 reply_nterror(req, status);
6274 END_PROFILE(SMBcopy);
6280 struct smb_Dir *dir_hnd = NULL;
6281 const char *dname = NULL;
6284 if (strequal(mask,"????????.???")) {
6288 status = check_name(conn, directory);
6289 if (!NT_STATUS_IS_OK(status)) {
6290 reply_nterror(req, status);
6291 END_PROFILE(SMBcopy);
6295 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6296 if (dir_hnd == NULL) {
6297 status = map_nt_error_from_unix(errno);
6298 reply_nterror(req, status);
6299 END_PROFILE(SMBcopy);
6305 while ((dname = ReadDirName(dir_hnd, &offset))) {
6306 char *destname = NULL;
6309 if (ISDOT(dname) || ISDOTDOT(dname)) {
6313 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6317 if(!mask_match(dname, mask, conn->case_sensitive)) {
6321 error = ERRnoaccess;
6322 fname = talloc_asprintf(ctx,
6327 TALLOC_FREE(dir_hnd);
6328 reply_nterror(req, NT_STATUS_NO_MEMORY);
6329 END_PROFILE(SMBcopy);
6333 if (!resolve_wildcards(ctx,
6334 fname,newname,&destname)) {
6338 TALLOC_FREE(dir_hnd);
6339 reply_nterror(req, NT_STATUS_NO_MEMORY);
6340 END_PROFILE(SMBcopy);
6344 status = check_name(conn, fname);
6345 if (!NT_STATUS_IS_OK(status)) {
6346 TALLOC_FREE(dir_hnd);
6347 reply_nterror(req, status);
6348 END_PROFILE(SMBcopy);
6352 status = check_name(conn, destname);
6353 if (!NT_STATUS_IS_OK(status)) {
6354 TALLOC_FREE(dir_hnd);
6355 reply_nterror(req, status);
6356 END_PROFILE(SMBcopy);
6360 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6362 status = copy_file(ctx,conn,fname,destname,ofun,
6363 count,target_is_directory);
6364 if (NT_STATUS_IS_OK(status)) {
6368 TALLOC_FREE(destname);
6370 TALLOC_FREE(dir_hnd);
6375 /* Error on close... */
6377 reply_unixerror(req, ERRHRD, ERRgeneral);
6378 END_PROFILE(SMBcopy);
6382 reply_doserror(req, ERRDOS, error);
6383 END_PROFILE(SMBcopy);
6387 reply_outbuf(req, 1, 0);
6388 SSVAL(req->outbuf,smb_vwv0,count);
6390 END_PROFILE(SMBcopy);
6395 #define DBGC_CLASS DBGC_LOCKING
6397 /****************************************************************************
6398 Get a lock pid, dealing with large count requests.
6399 ****************************************************************************/
6401 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6402 bool large_file_format)
6404 if(!large_file_format)
6405 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6407 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6410 /****************************************************************************
6411 Get a lock count, dealing with large count requests.
6412 ****************************************************************************/
6414 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6415 bool large_file_format)
6419 if(!large_file_format) {
6420 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6423 #if defined(HAVE_LONGLONG)
6424 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6425 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6426 #else /* HAVE_LONGLONG */
6429 * NT4.x seems to be broken in that it sends large file (64 bit)
6430 * lockingX calls even if the CAP_LARGE_FILES was *not*
6431 * negotiated. For boxes without large unsigned ints truncate the
6432 * lock count by dropping the top 32 bits.
6435 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6436 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6437 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6438 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6439 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6442 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6443 #endif /* HAVE_LONGLONG */
6449 #if !defined(HAVE_LONGLONG)
6450 /****************************************************************************
6451 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6452 ****************************************************************************/
6454 static uint32 map_lock_offset(uint32 high, uint32 low)
6458 uint32 highcopy = high;
6461 * Try and find out how many significant bits there are in high.
6464 for(i = 0; highcopy; i++)
6468 * We use 31 bits not 32 here as POSIX
6469 * lock offsets may not be negative.
6472 mask = (~0) << (31 - i);
6475 return 0; /* Fail. */
6481 #endif /* !defined(HAVE_LONGLONG) */
6483 /****************************************************************************
6484 Get a lock offset, dealing with large offset requests.
6485 ****************************************************************************/
6487 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6488 bool large_file_format, bool *err)
6490 uint64_t offset = 0;
6494 if(!large_file_format) {
6495 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6498 #if defined(HAVE_LONGLONG)
6499 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6500 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6501 #else /* HAVE_LONGLONG */
6504 * NT4.x seems to be broken in that it sends large file (64 bit)
6505 * lockingX calls even if the CAP_LARGE_FILES was *not*
6506 * negotiated. For boxes without large unsigned ints mangle the
6507 * lock offset by mapping the top 32 bits onto the lower 32.
6510 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6511 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6512 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6515 if((new_low = map_lock_offset(high, low)) == 0) {
6517 return (uint64_t)-1;
6520 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6521 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6522 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6523 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6526 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6527 #endif /* HAVE_LONGLONG */
6533 /****************************************************************************
6534 Reply to a lockingX request.
6535 ****************************************************************************/
6537 void reply_lockingX(struct smb_request *req)
6539 connection_struct *conn = req->conn;
6541 unsigned char locktype;
6542 unsigned char oplocklevel;
6545 uint64_t count = 0, offset = 0;
6549 const uint8_t *data;
6550 bool large_file_format;
6552 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6554 START_PROFILE(SMBlockingX);
6557 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6558 END_PROFILE(SMBlockingX);
6562 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6563 locktype = CVAL(req->vwv+3, 0);
6564 oplocklevel = CVAL(req->vwv+3, 1);
6565 num_ulocks = SVAL(req->vwv+6, 0);
6566 num_locks = SVAL(req->vwv+7, 0);
6567 lock_timeout = IVAL(req->vwv+4, 0);
6568 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6570 if (!check_fsp(conn, req, fsp)) {
6571 END_PROFILE(SMBlockingX);
6577 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6578 /* we don't support these - and CANCEL_LOCK makes w2k
6579 and XP reboot so I don't really want to be
6580 compatible! (tridge) */
6581 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6582 END_PROFILE(SMBlockingX);
6586 /* Check if this is an oplock break on a file
6587 we have granted an oplock on.
6589 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6590 /* Client can insist on breaking to none. */
6591 bool break_to_none = (oplocklevel == 0);
6594 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6595 "for fnum = %d\n", (unsigned int)oplocklevel,
6599 * Make sure we have granted an exclusive or batch oplock on
6603 if (fsp->oplock_type == 0) {
6605 /* The Samba4 nbench simulator doesn't understand
6606 the difference between break to level2 and break
6607 to none from level2 - it sends oplock break
6608 replies in both cases. Don't keep logging an error
6609 message here - just ignore it. JRA. */
6611 DEBUG(5,("reply_lockingX: Error : oplock break from "
6612 "client for fnum = %d (oplock=%d) and no "
6613 "oplock granted on this file (%s).\n",
6614 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6616 /* if this is a pure oplock break request then don't
6618 if (num_locks == 0 && num_ulocks == 0) {
6619 END_PROFILE(SMBlockingX);
6622 END_PROFILE(SMBlockingX);
6623 reply_doserror(req, ERRDOS, ERRlock);
6628 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6630 result = remove_oplock(fsp);
6632 result = downgrade_oplock(fsp);
6636 DEBUG(0, ("reply_lockingX: error in removing "
6637 "oplock on file %s\n", fsp->fsp_name));
6638 /* Hmmm. Is this panic justified? */
6639 smb_panic("internal tdb error");
6642 reply_to_oplock_break_requests(fsp);
6644 /* if this is a pure oplock break request then don't send a
6646 if (num_locks == 0 && num_ulocks == 0) {
6647 /* Sanity check - ensure a pure oplock break is not a
6649 if(CVAL(req->vwv+0, 0) != 0xff)
6650 DEBUG(0,("reply_lockingX: Error : pure oplock "
6651 "break is a chained %d request !\n",
6652 (unsigned int)CVAL(req->vwv+0, 0)));
6653 END_PROFILE(SMBlockingX);
6659 * We do this check *after* we have checked this is not a oplock break
6660 * response message. JRA.
6663 release_level_2_oplocks_on_change(fsp);
6666 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6667 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6668 END_PROFILE(SMBlockingX);
6672 /* Data now points at the beginning of the list
6673 of smb_unlkrng structs */
6674 for(i = 0; i < (int)num_ulocks; i++) {
6675 lock_pid = get_lock_pid( data, i, large_file_format);
6676 count = get_lock_count( data, i, large_file_format);
6677 offset = get_lock_offset( data, i, large_file_format, &err);
6680 * There is no error code marked "stupid client bug".... :-).
6683 END_PROFILE(SMBlockingX);
6684 reply_doserror(req, ERRDOS, ERRnoaccess);
6688 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6689 "pid %u, file %s\n", (double)offset, (double)count,
6690 (unsigned int)lock_pid, fsp->fsp_name ));
6692 status = do_unlock(smbd_messaging_context(),
6699 if (NT_STATUS_V(status)) {
6700 END_PROFILE(SMBlockingX);
6701 reply_nterror(req, status);
6706 /* Setup the timeout in seconds. */
6708 if (!lp_blocking_locks(SNUM(conn))) {
6712 /* Now do any requested locks */
6713 data += ((large_file_format ? 20 : 10)*num_ulocks);
6715 /* Data now points at the beginning of the list
6716 of smb_lkrng structs */
6718 for(i = 0; i < (int)num_locks; i++) {
6719 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6720 READ_LOCK:WRITE_LOCK);
6721 lock_pid = get_lock_pid( data, i, large_file_format);
6722 count = get_lock_count( data, i, large_file_format);
6723 offset = get_lock_offset( data, i, large_file_format, &err);
6726 * There is no error code marked "stupid client bug".... :-).
6729 END_PROFILE(SMBlockingX);
6730 reply_doserror(req, ERRDOS, ERRnoaccess);
6734 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6735 "%u, file %s timeout = %d\n", (double)offset,
6736 (double)count, (unsigned int)lock_pid,
6737 fsp->fsp_name, (int)lock_timeout ));
6739 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6740 if (lp_blocking_locks(SNUM(conn))) {
6742 /* Schedule a message to ourselves to
6743 remove the blocking lock record and
6744 return the right error. */
6746 if (!blocking_lock_cancel(fsp,
6752 NT_STATUS_FILE_LOCK_CONFLICT)) {
6753 END_PROFILE(SMBlockingX);
6758 ERRcancelviolation));
6762 /* Remove a matching pending lock. */
6763 status = do_lock_cancel(fsp,
6769 bool blocking_lock = lock_timeout ? True : False;
6770 bool defer_lock = False;
6771 struct byte_range_lock *br_lck;
6772 uint32 block_smbpid;
6774 br_lck = do_lock(smbd_messaging_context(),
6785 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6786 /* Windows internal resolution for blocking locks seems
6787 to be about 200ms... Don't wait for less than that. JRA. */
6788 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6789 lock_timeout = lp_lock_spin_time();
6794 /* This heuristic seems to match W2K3 very well. If a
6795 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6796 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6797 far as I can tell. Replacement for do_lock_spin(). JRA. */
6799 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6800 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6802 lock_timeout = lp_lock_spin_time();
6805 if (br_lck && defer_lock) {
6807 * A blocking lock was requested. Package up
6808 * this smb into a queued request and push it
6809 * onto the blocking lock queue.
6811 if(push_blocking_lock_request(br_lck,
6822 TALLOC_FREE(br_lck);
6823 END_PROFILE(SMBlockingX);
6828 TALLOC_FREE(br_lck);
6831 if (NT_STATUS_V(status)) {
6832 END_PROFILE(SMBlockingX);
6833 reply_nterror(req, status);
6838 /* If any of the above locks failed, then we must unlock
6839 all of the previous locks (X/Open spec). */
6841 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6845 * Ensure we don't do a remove on the lock that just failed,
6846 * as under POSIX rules, if we have a lock already there, we
6847 * will delete it (and we shouldn't) .....
6849 for(i--; i >= 0; i--) {
6850 lock_pid = get_lock_pid( data, i, large_file_format);
6851 count = get_lock_count( data, i, large_file_format);
6852 offset = get_lock_offset( data, i, large_file_format,
6856 * There is no error code marked "stupid client
6860 END_PROFILE(SMBlockingX);
6861 reply_doserror(req, ERRDOS, ERRnoaccess);
6865 do_unlock(smbd_messaging_context(),
6872 END_PROFILE(SMBlockingX);
6873 reply_nterror(req, status);
6877 reply_outbuf(req, 2, 0);
6879 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6880 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6882 END_PROFILE(SMBlockingX);
6887 #define DBGC_CLASS DBGC_ALL
6889 /****************************************************************************
6890 Reply to a SMBreadbmpx (read block multiplex) request.
6891 Always reply with an error, if someone has a platform really needs this,
6892 please contact vl@samba.org
6893 ****************************************************************************/
6895 void reply_readbmpx(struct smb_request *req)
6897 START_PROFILE(SMBreadBmpx);
6898 reply_doserror(req, ERRSRV, ERRuseSTD);
6899 END_PROFILE(SMBreadBmpx);
6903 /****************************************************************************
6904 Reply to a SMBreadbs (read block multiplex secondary) request.
6905 Always reply with an error, if someone has a platform really needs this,
6906 please contact vl@samba.org
6907 ****************************************************************************/
6909 void reply_readbs(struct smb_request *req)
6911 START_PROFILE(SMBreadBs);
6912 reply_doserror(req, ERRSRV, ERRuseSTD);
6913 END_PROFILE(SMBreadBs);
6917 /****************************************************************************
6918 Reply to a SMBsetattrE.
6919 ****************************************************************************/
6921 void reply_setattrE(struct smb_request *req)
6923 connection_struct *conn = req->conn;
6924 struct timespec ts[2];
6926 SMB_STRUCT_STAT sbuf;
6929 START_PROFILE(SMBsetattrE);
6932 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6933 END_PROFILE(SMBsetattrE);
6937 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
6939 if(!fsp || (fsp->conn != conn)) {
6940 reply_doserror(req, ERRDOS, ERRbadfid);
6941 END_PROFILE(SMBsetattrE);
6947 * Convert the DOS times into unix times. Ignore create
6948 * time as UNIX can't set this.
6951 ts[0] = convert_time_t_to_timespec(
6952 srv_make_unix_date2(req->vwv+3)); /* atime. */
6953 ts[1] = convert_time_t_to_timespec(
6954 srv_make_unix_date2(req->vwv+5)); /* mtime. */
6956 reply_outbuf(req, 0, 0);
6959 * Patch from Ray Frush <frush@engr.colostate.edu>
6960 * Sometimes times are sent as zero - ignore them.
6963 /* Ensure we have a valid stat struct for the source. */
6964 if (fsp->fh->fd != -1) {
6965 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
6966 status = map_nt_error_from_unix(errno);
6967 reply_nterror(req, status);
6968 END_PROFILE(SMBsetattrE);
6972 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) {
6973 status = map_nt_error_from_unix(errno);
6974 reply_nterror(req, status);
6975 END_PROFILE(SMBsetattrE);
6980 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
6982 if (!NT_STATUS_IS_OK(status)) {
6983 reply_doserror(req, ERRDOS, ERRnoaccess);
6984 END_PROFILE(SMBsetattrE);
6988 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
6990 (unsigned int)ts[0].tv_sec,
6991 (unsigned int)ts[1].tv_sec));
6993 END_PROFILE(SMBsetattrE);
6998 /* Back from the dead for OS/2..... JRA. */
7000 /****************************************************************************
7001 Reply to a SMBwritebmpx (write block multiplex primary) request.
7002 Always reply with an error, if someone has a platform really needs this,
7003 please contact vl@samba.org
7004 ****************************************************************************/
7006 void reply_writebmpx(struct smb_request *req)
7008 START_PROFILE(SMBwriteBmpx);
7009 reply_doserror(req, ERRSRV, ERRuseSTD);
7010 END_PROFILE(SMBwriteBmpx);
7014 /****************************************************************************
7015 Reply to a SMBwritebs (write block multiplex secondary) request.
7016 Always reply with an error, if someone has a platform really needs this,
7017 please contact vl@samba.org
7018 ****************************************************************************/
7020 void reply_writebs(struct smb_request *req)
7022 START_PROFILE(SMBwriteBs);
7023 reply_doserror(req, ERRSRV, ERRuseSTD);
7024 END_PROFILE(SMBwriteBs);
7028 /****************************************************************************
7029 Reply to a SMBgetattrE.
7030 ****************************************************************************/
7032 void reply_getattrE(struct smb_request *req)
7034 connection_struct *conn = req->conn;
7035 SMB_STRUCT_STAT sbuf;
7038 struct timespec create_ts;
7040 START_PROFILE(SMBgetattrE);
7043 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7044 END_PROFILE(SMBgetattrE);
7048 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7050 if(!fsp || (fsp->conn != conn)) {
7051 reply_doserror(req, ERRDOS, ERRbadfid);
7052 END_PROFILE(SMBgetattrE);
7056 /* Do an fstat on this file */
7057 if(fsp_stat(fsp, &sbuf)) {
7058 reply_unixerror(req, ERRDOS, ERRnoaccess);
7059 END_PROFILE(SMBgetattrE);
7063 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7066 * Convert the times into dos times. Set create
7067 * date to be last modify date as UNIX doesn't save
7071 reply_outbuf(req, 11, 0);
7073 create_ts = get_create_timespec(&sbuf,
7074 lp_fake_dir_create_times(SNUM(conn)));
7075 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7076 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7077 /* Should we check pending modtime here ? JRA */
7078 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7081 SIVAL(req->outbuf, smb_vwv6, 0);
7082 SIVAL(req->outbuf, smb_vwv8, 0);
7084 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7085 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7086 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7088 SSVAL(req->outbuf,smb_vwv10, mode);
7090 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7092 END_PROFILE(SMBgetattrE);