2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 /****************************************************************************
31 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
32 path or anything including wildcards.
33 We're assuming here that '/' is not the second byte in any multibyte char
34 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
36 ****************************************************************************/
38 /* Custom version for processing POSIX paths. */
39 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
41 static NTSTATUS check_path_syntax_internal(char *path,
43 bool *p_last_component_contains_wcard)
47 NTSTATUS ret = NT_STATUS_OK;
48 bool start_of_name_component = True;
49 bool stream_started = false;
51 *p_last_component_contains_wcard = False;
58 return NT_STATUS_OBJECT_NAME_INVALID;
61 return NT_STATUS_OBJECT_NAME_INVALID;
63 if (strchr_m(&s[1], ':')) {
64 return NT_STATUS_OBJECT_NAME_INVALID;
70 if ((*s == ':') && !posix_path && !stream_started) {
71 if (*p_last_component_contains_wcard) {
72 return NT_STATUS_OBJECT_NAME_INVALID;
74 /* Stream names allow more characters than file names.
75 We're overloading posix_path here to allow a wider
76 range of characters. If stream_started is true this
77 is still a Windows path even if posix_path is true.
80 stream_started = true;
81 start_of_name_component = false;
85 return NT_STATUS_OBJECT_NAME_INVALID;
89 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
91 * Safe to assume is not the second part of a mb char
92 * as this is handled below.
94 /* Eat multiple '/' or '\\' */
95 while (IS_PATH_SEP(*s,posix_path)) {
98 if ((d != path) && (*s != '\0')) {
99 /* We only care about non-leading or trailing '/' or '\\' */
103 start_of_name_component = True;
105 *p_last_component_contains_wcard = False;
109 if (start_of_name_component) {
110 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
111 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
114 * No mb char starts with '.' so we're safe checking the directory separator here.
117 /* If we just added a '/' - delete it */
118 if ((d > path) && (*(d-1) == '/')) {
123 /* Are we at the start ? Can't go back further if so. */
125 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
128 /* Go back one level... */
129 /* We know this is safe as '/' cannot be part of a mb sequence. */
130 /* NOTE - if this assumption is invalid we are not in good shape... */
131 /* Decrement d first as d points to the *next* char to write into. */
132 for (d--; d > path; d--) {
136 s += 2; /* Else go past the .. */
137 /* We're still at the start of a name component, just the previous one. */
140 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
152 if (*s <= 0x1f || *s == '|') {
153 return NT_STATUS_OBJECT_NAME_INVALID;
161 *p_last_component_contains_wcard = True;
170 /* Get the size of the next MB character. */
171 next_codepoint(s,&siz);
189 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
191 return NT_STATUS_INVALID_PARAMETER;
194 start_of_name_component = False;
202 /****************************************************************************
203 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
204 No wildcards allowed.
205 ****************************************************************************/
207 NTSTATUS check_path_syntax(char *path)
210 return check_path_syntax_internal(path, False, &ignore);
213 /****************************************************************************
214 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
215 Wildcards allowed - p_contains_wcard returns true if the last component contained
217 ****************************************************************************/
219 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
221 return check_path_syntax_internal(path, False, p_contains_wcard);
224 /****************************************************************************
225 Check the path for a POSIX client.
226 We're assuming here that '/' is not the second byte in any multibyte char
227 set (a safe assumption).
228 ****************************************************************************/
230 NTSTATUS check_path_syntax_posix(char *path)
233 return check_path_syntax_internal(path, True, &ignore);
236 /****************************************************************************
237 Pull a string and check the path allowing a wilcard - provide for error return.
238 ****************************************************************************/
240 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
241 const char *base_ptr,
248 bool *contains_wcard)
254 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
258 *err = NT_STATUS_INVALID_PARAMETER;
262 *contains_wcard = False;
264 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
266 * For a DFS path the function parse_dfs_path()
267 * will do the path processing, just make a copy.
273 if (lp_posix_pathnames()) {
274 *err = check_path_syntax_posix(*pp_dest);
276 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 /****************************************************************************
283 Pull a string and check the path - provide for error return.
284 ****************************************************************************/
286 size_t srvstr_get_path(TALLOC_CTX *ctx,
287 const char *base_ptr,
296 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
297 src_len, flags, err, &ignore);
300 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
301 char **pp_dest, const char *src, int flags,
302 NTSTATUS *err, bool *contains_wcard)
304 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
305 pp_dest, src, smbreq_bufrem(req, src),
306 flags, err, contains_wcard);
309 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
310 char **pp_dest, const char *src, int flags,
314 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
315 flags, err, &ignore);
318 /****************************************************************************
319 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
320 ****************************************************************************/
322 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
325 if (!(fsp) || !(conn)) {
326 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
329 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
330 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 /****************************************************************************
337 Check if we have a correct fsp pointing to a file.
338 ****************************************************************************/
340 bool check_fsp(connection_struct *conn, struct smb_request *req,
343 if (!check_fsp_open(conn, req, fsp)) {
346 if ((fsp)->is_directory) {
347 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
350 if ((fsp)->fh->fd == -1) {
351 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
354 (fsp)->num_smb_operations++;
358 /****************************************************************************
359 Check if we have a correct fsp pointing to a quota fake file. Replacement for
360 the CHECK_NTQUOTA_HANDLE_OK macro.
361 ****************************************************************************/
363 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
366 if (!check_fsp_open(conn, req, fsp)) {
370 if (fsp->is_directory) {
374 if (fsp->fake_file_handle == NULL) {
378 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
382 if (fsp->fake_file_handle->private_data == NULL) {
389 /****************************************************************************
390 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
391 ****************************************************************************/
393 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
396 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
397 && (req->vuid == (fsp)->vuid)) {
401 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
405 static bool netbios_session_retarget(const char *name, int name_type)
408 char *trim_name_type;
409 const char *retarget_parm;
412 int retarget_type = 0x20;
413 int retarget_port = 139;
414 struct sockaddr_storage retarget_addr;
415 struct sockaddr_in *in_addr;
419 if (get_socket_port(smbd_server_fd()) != 139) {
423 trim_name = talloc_strdup(talloc_tos(), name);
424 if (trim_name == NULL) {
427 trim_char(trim_name, ' ', ' ');
429 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
431 if (trim_name_type == NULL) {
435 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
436 trim_name_type, NULL);
437 if (retarget_parm == NULL) {
438 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 if (retarget_parm == NULL) {
445 retarget = talloc_strdup(trim_name, retarget_parm);
446 if (retarget == NULL) {
450 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
452 p = strchr(retarget, ':');
455 retarget_port = atoi(p);
458 p = strchr_m(retarget, '#');
461 sscanf(p, "%x", &retarget_type);
464 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
466 DEBUG(10, ("could not resolve %s\n", retarget));
470 if (retarget_addr.ss_family != AF_INET) {
471 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
475 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
477 _smb_setlen(outbuf, 6);
478 SCVAL(outbuf, 0, 0x84);
479 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
480 *(uint16_t *)(outbuf+8) = htons(retarget_port);
482 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
484 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
490 TALLOC_FREE(trim_name);
494 /****************************************************************************
495 Reply to a (netbios-level) special message.
496 ****************************************************************************/
498 void reply_special(char *inbuf)
500 int msg_type = CVAL(inbuf,0);
501 int msg_flags = CVAL(inbuf,1);
503 char name_type1, name_type2;
504 struct smbd_server_connection *sconn = smbd_server_conn;
507 * We only really use 4 bytes of the outbuf, but for the smb_setlen
508 * calculation & friends (srv_send_smb uses that) we need the full smb
511 char outbuf[smb_size];
515 memset(outbuf, '\0', sizeof(outbuf));
517 smb_setlen(outbuf,0);
520 case 0x81: /* session request */
522 if (sconn->nbt.got_session) {
523 exit_server_cleanly("multiple session request not permitted");
526 SCVAL(outbuf,0,0x82);
528 if (name_len(inbuf+4) > 50 ||
529 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
530 DEBUG(0,("Invalid name length in session request\n"));
533 name_type1 = name_extract(inbuf,4,name1);
534 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
535 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
536 name1, name_type1, name2, name_type2));
538 if (netbios_session_retarget(name1, name_type1)) {
539 exit_server_cleanly("retargeted client");
542 set_local_machine_name(name1, True);
543 set_remote_machine_name(name2, True);
545 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
546 get_local_machine_name(), get_remote_machine_name(),
549 if (name_type2 == 'R') {
550 /* We are being asked for a pathworks session ---
552 SCVAL(outbuf, 0,0x83);
556 /* only add the client's machine name to the list
557 of possibly valid usernames if we are operating
558 in share mode security */
559 if (lp_security() == SEC_SHARE) {
560 add_session_user(sconn, get_remote_machine_name());
563 reload_services(True);
566 sconn->nbt.got_session = true;
569 case 0x89: /* session keepalive request
570 (some old clients produce this?) */
571 SCVAL(outbuf,0,SMBkeepalive);
575 case 0x82: /* positive session response */
576 case 0x83: /* negative session response */
577 case 0x84: /* retarget session response */
578 DEBUG(0,("Unexpected session response\n"));
581 case SMBkeepalive: /* session keepalive */
586 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
587 msg_type, msg_flags));
589 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
593 /****************************************************************************
595 conn POINTER CAN BE NULL HERE !
596 ****************************************************************************/
598 void reply_tcon(struct smb_request *req)
600 connection_struct *conn = req->conn;
602 char *service_buf = NULL;
603 char *password = NULL;
608 DATA_BLOB password_blob;
609 TALLOC_CTX *ctx = talloc_tos();
610 struct smbd_server_connection *sconn = req->sconn;
612 START_PROFILE(SMBtcon);
614 if (req->buflen < 4) {
615 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
616 END_PROFILE(SMBtcon);
620 p = (const char *)req->buf + 1;
621 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
623 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
625 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
628 if (service_buf == NULL || password == NULL || dev == NULL) {
629 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
630 END_PROFILE(SMBtcon);
633 p = strrchr_m(service_buf,'\\');
637 service = service_buf;
640 password_blob = data_blob(password, pwlen+1);
642 conn = make_connection(sconn,service,password_blob,dev,
643 req->vuid,&nt_status);
646 data_blob_clear_free(&password_blob);
649 reply_nterror(req, nt_status);
650 END_PROFILE(SMBtcon);
654 reply_outbuf(req, 2, 0);
655 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
656 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
657 SSVAL(req->outbuf,smb_tid,conn->cnum);
659 DEBUG(3,("tcon service=%s cnum=%d\n",
660 service, conn->cnum));
662 END_PROFILE(SMBtcon);
666 /****************************************************************************
667 Reply to a tcon and X.
668 conn POINTER CAN BE NULL HERE !
669 ****************************************************************************/
671 void reply_tcon_and_X(struct smb_request *req)
673 connection_struct *conn = req->conn;
674 const char *service = NULL;
676 TALLOC_CTX *ctx = talloc_tos();
677 /* what the cleint thinks the device is */
678 char *client_devicetype = NULL;
679 /* what the server tells the client the share represents */
680 const char *server_devicetype;
686 struct smbd_server_connection *sconn = req->sconn;
688 START_PROFILE(SMBtconX);
691 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
692 END_PROFILE(SMBtconX);
696 passlen = SVAL(req->vwv+3, 0);
697 tcon_flags = SVAL(req->vwv+2, 0);
699 /* we might have to close an old one */
700 if ((tcon_flags & 0x1) && conn) {
701 close_cnum(conn,req->vuid);
706 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
707 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
708 END_PROFILE(SMBtconX);
712 if (sconn->smb1.negprot.encrypted_passwords) {
713 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
714 if (lp_security() == SEC_SHARE) {
716 * Security = share always has a pad byte
717 * after the password.
719 p = (const char *)req->buf + passlen + 1;
721 p = (const char *)req->buf + passlen;
724 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
725 /* Ensure correct termination */
726 password.data[passlen]=0;
727 p = (const char *)req->buf + passlen + 1;
730 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
733 data_blob_clear_free(&password);
734 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
735 END_PROFILE(SMBtconX);
740 * the service name can be either: \\server\share
741 * or share directly like on the DELL PowerVault 705
744 q = strchr_m(path+2,'\\');
746 data_blob_clear_free(&password);
747 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
748 END_PROFILE(SMBtconX);
756 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
757 &client_devicetype, p,
758 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
760 if (client_devicetype == NULL) {
761 data_blob_clear_free(&password);
762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
763 END_PROFILE(SMBtconX);
767 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
769 conn = make_connection(sconn, service, password, client_devicetype,
770 req->vuid, &nt_status);
773 data_blob_clear_free(&password);
776 reply_nterror(req, nt_status);
777 END_PROFILE(SMBtconX);
782 server_devicetype = "IPC";
783 else if ( IS_PRINT(conn) )
784 server_devicetype = "LPT1:";
786 server_devicetype = "A:";
788 if (get_Protocol() < PROTOCOL_NT1) {
789 reply_outbuf(req, 2, 0);
790 if (message_push_string(&req->outbuf, server_devicetype,
791 STR_TERMINATE|STR_ASCII) == -1) {
792 reply_nterror(req, NT_STATUS_NO_MEMORY);
793 END_PROFILE(SMBtconX);
797 /* NT sets the fstype of IPC$ to the null string */
798 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
800 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
801 /* Return permissions. */
805 reply_outbuf(req, 7, 0);
808 perm1 = FILE_ALL_ACCESS;
809 perm2 = FILE_ALL_ACCESS;
811 perm1 = CAN_WRITE(conn) ?
816 SIVAL(req->outbuf, smb_vwv3, perm1);
817 SIVAL(req->outbuf, smb_vwv5, perm2);
819 reply_outbuf(req, 3, 0);
822 if ((message_push_string(&req->outbuf, server_devicetype,
823 STR_TERMINATE|STR_ASCII) == -1)
824 || (message_push_string(&req->outbuf, fstype,
825 STR_TERMINATE) == -1)) {
826 reply_nterror(req, NT_STATUS_NO_MEMORY);
827 END_PROFILE(SMBtconX);
831 /* what does setting this bit do? It is set by NT4 and
832 may affect the ability to autorun mounted cdroms */
833 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
834 (lp_csc_policy(SNUM(conn)) << 2));
836 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
837 DEBUG(2,("Serving %s as a Dfs root\n",
838 lp_servicename(SNUM(conn)) ));
839 SSVAL(req->outbuf, smb_vwv2,
840 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
845 DEBUG(3,("tconX service=%s \n",
848 /* set the incoming and outgoing tid to the just created one */
849 SSVAL(req->inbuf,smb_tid,conn->cnum);
850 SSVAL(req->outbuf,smb_tid,conn->cnum);
852 END_PROFILE(SMBtconX);
854 req->tid = conn->cnum;
859 /****************************************************************************
860 Reply to an unknown type.
861 ****************************************************************************/
863 void reply_unknown_new(struct smb_request *req, uint8 type)
865 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
866 smb_fn_name(type), type, type));
867 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
871 /****************************************************************************
873 conn POINTER CAN BE NULL HERE !
874 ****************************************************************************/
876 void reply_ioctl(struct smb_request *req)
878 connection_struct *conn = req->conn;
885 START_PROFILE(SMBioctl);
888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
889 END_PROFILE(SMBioctl);
893 device = SVAL(req->vwv+1, 0);
894 function = SVAL(req->vwv+2, 0);
895 ioctl_code = (device << 16) + function;
897 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
899 switch (ioctl_code) {
900 case IOCTL_QUERY_JOB_INFO:
904 reply_force_doserror(req, ERRSRV, ERRnosupport);
905 END_PROFILE(SMBioctl);
909 reply_outbuf(req, 8, replysize+1);
910 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
911 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
912 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
913 p = smb_buf(req->outbuf);
914 memset(p, '\0', replysize+1); /* valgrind-safe. */
915 p += 1; /* Allow for alignment */
917 switch (ioctl_code) {
918 case IOCTL_QUERY_JOB_INFO:
920 files_struct *fsp = file_fsp(
921 req, SVAL(req->vwv+0, 0));
923 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
924 END_PROFILE(SMBioctl);
928 if (fsp->print_file) {
929 SSVAL(p, 0, fsp->print_file->rap_jobid);
933 srvstr_push((char *)req->outbuf, req->flags2, p+2,
935 STR_TERMINATE|STR_ASCII);
937 srvstr_push((char *)req->outbuf, req->flags2,
938 p+18, lp_servicename(SNUM(conn)),
939 13, STR_TERMINATE|STR_ASCII);
947 END_PROFILE(SMBioctl);
951 /****************************************************************************
952 Strange checkpath NTSTATUS mapping.
953 ****************************************************************************/
955 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
957 /* Strange DOS error code semantics only for checkpath... */
958 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
959 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
960 /* We need to map to ERRbadpath */
961 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
967 /****************************************************************************
968 Reply to a checkpath.
969 ****************************************************************************/
971 void reply_checkpath(struct smb_request *req)
973 connection_struct *conn = req->conn;
974 struct smb_filename *smb_fname = NULL;
977 TALLOC_CTX *ctx = talloc_tos();
979 START_PROFILE(SMBcheckpath);
981 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
982 STR_TERMINATE, &status);
984 if (!NT_STATUS_IS_OK(status)) {
985 status = map_checkpath_error(req->flags2, status);
986 reply_nterror(req, status);
987 END_PROFILE(SMBcheckpath);
991 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
993 status = filename_convert(ctx,
995 req->flags2 & FLAGS2_DFS_PATHNAMES,
1001 if (!NT_STATUS_IS_OK(status)) {
1002 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1003 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1004 ERRSRV, ERRbadpath);
1005 END_PROFILE(SMBcheckpath);
1011 if (!VALID_STAT(smb_fname->st) &&
1012 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1013 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1014 smb_fname_str_dbg(smb_fname), strerror(errno)));
1015 status = map_nt_error_from_unix(errno);
1019 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1020 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1021 ERRDOS, ERRbadpath);
1025 reply_outbuf(req, 0, 0);
1028 /* We special case this - as when a Windows machine
1029 is parsing a path is steps through the components
1030 one at a time - if a component fails it expects
1031 ERRbadpath, not ERRbadfile.
1033 status = map_checkpath_error(req->flags2, status);
1034 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1036 * Windows returns different error codes if
1037 * the parent directory is valid but not the
1038 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1039 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1040 * if the path is invalid.
1042 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1043 ERRDOS, ERRbadpath);
1047 reply_nterror(req, status);
1050 TALLOC_FREE(smb_fname);
1051 END_PROFILE(SMBcheckpath);
1055 /****************************************************************************
1057 ****************************************************************************/
1059 void reply_getatr(struct smb_request *req)
1061 connection_struct *conn = req->conn;
1062 struct smb_filename *smb_fname = NULL;
1069 TALLOC_CTX *ctx = talloc_tos();
1070 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1072 START_PROFILE(SMBgetatr);
1074 p = (const char *)req->buf + 1;
1075 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1076 if (!NT_STATUS_IS_OK(status)) {
1077 reply_nterror(req, status);
1081 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1082 under WfWg - weird! */
1083 if (*fname == '\0') {
1084 mode = aHIDDEN | aDIR;
1085 if (!CAN_WRITE(conn)) {
1091 status = filename_convert(ctx,
1093 req->flags2 & FLAGS2_DFS_PATHNAMES,
1098 if (!NT_STATUS_IS_OK(status)) {
1099 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1100 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1101 ERRSRV, ERRbadpath);
1104 reply_nterror(req, status);
1107 if (!VALID_STAT(smb_fname->st) &&
1108 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1109 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1110 smb_fname_str_dbg(smb_fname),
1112 reply_nterror(req, map_nt_error_from_unix(errno));
1116 mode = dos_mode(conn, smb_fname);
1117 size = smb_fname->st.st_ex_size;
1119 if (ask_sharemode) {
1120 struct timespec write_time_ts;
1121 struct file_id fileid;
1123 ZERO_STRUCT(write_time_ts);
1124 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1125 get_file_infos(fileid, NULL, &write_time_ts);
1126 if (!null_timespec(write_time_ts)) {
1127 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1131 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1137 reply_outbuf(req, 10, 0);
1139 SSVAL(req->outbuf,smb_vwv0,mode);
1140 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1141 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1143 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1145 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1147 if (get_Protocol() >= PROTOCOL_NT1) {
1148 SSVAL(req->outbuf, smb_flg2,
1149 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1152 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1153 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1156 TALLOC_FREE(smb_fname);
1158 END_PROFILE(SMBgetatr);
1162 /****************************************************************************
1164 ****************************************************************************/
1166 void reply_setatr(struct smb_request *req)
1168 struct smb_file_time ft;
1169 connection_struct *conn = req->conn;
1170 struct smb_filename *smb_fname = NULL;
1176 TALLOC_CTX *ctx = talloc_tos();
1178 START_PROFILE(SMBsetatr);
1183 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1187 p = (const char *)req->buf + 1;
1188 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1189 if (!NT_STATUS_IS_OK(status)) {
1190 reply_nterror(req, status);
1194 status = filename_convert(ctx,
1196 req->flags2 & FLAGS2_DFS_PATHNAMES,
1201 if (!NT_STATUS_IS_OK(status)) {
1202 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1203 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1204 ERRSRV, ERRbadpath);
1207 reply_nterror(req, status);
1211 if (smb_fname->base_name[0] == '.' &&
1212 smb_fname->base_name[1] == '\0') {
1214 * Not sure here is the right place to catch this
1215 * condition. Might be moved to somewhere else later -- vl
1217 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1221 mode = SVAL(req->vwv+0, 0);
1222 mtime = srv_make_unix_date3(req->vwv+1);
1224 ft.mtime = convert_time_t_to_timespec(mtime);
1225 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1226 if (!NT_STATUS_IS_OK(status)) {
1227 reply_nterror(req, status);
1231 if (mode != FILE_ATTRIBUTE_NORMAL) {
1232 if (VALID_STAT_OF_DIR(smb_fname->st))
1237 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1239 reply_nterror(req, map_nt_error_from_unix(errno));
1244 reply_outbuf(req, 0, 0);
1246 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1249 TALLOC_FREE(smb_fname);
1250 END_PROFILE(SMBsetatr);
1254 /****************************************************************************
1256 ****************************************************************************/
1258 void reply_dskattr(struct smb_request *req)
1260 connection_struct *conn = req->conn;
1261 uint64_t dfree,dsize,bsize;
1262 START_PROFILE(SMBdskattr);
1264 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1265 reply_nterror(req, map_nt_error_from_unix(errno));
1266 END_PROFILE(SMBdskattr);
1270 reply_outbuf(req, 5, 0);
1272 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1273 double total_space, free_space;
1274 /* we need to scale this to a number that DOS6 can handle. We
1275 use floating point so we can handle large drives on systems
1276 that don't have 64 bit integers
1278 we end up displaying a maximum of 2G to DOS systems
1280 total_space = dsize * (double)bsize;
1281 free_space = dfree * (double)bsize;
1283 dsize = (uint64_t)((total_space+63*512) / (64*512));
1284 dfree = (uint64_t)((free_space+63*512) / (64*512));
1286 if (dsize > 0xFFFF) dsize = 0xFFFF;
1287 if (dfree > 0xFFFF) dfree = 0xFFFF;
1289 SSVAL(req->outbuf,smb_vwv0,dsize);
1290 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1291 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1292 SSVAL(req->outbuf,smb_vwv3,dfree);
1294 SSVAL(req->outbuf,smb_vwv0,dsize);
1295 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1296 SSVAL(req->outbuf,smb_vwv2,512);
1297 SSVAL(req->outbuf,smb_vwv3,dfree);
1300 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1302 END_PROFILE(SMBdskattr);
1307 * Utility function to split the filename from the directory.
1309 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1310 char **fname_dir_out,
1311 char **fname_mask_out)
1313 const char *p = NULL;
1314 char *fname_dir = NULL;
1315 char *fname_mask = NULL;
1317 p = strrchr_m(fname_in, '/');
1319 fname_dir = talloc_strdup(ctx, ".");
1320 fname_mask = talloc_strdup(ctx, fname_in);
1322 fname_dir = talloc_strndup(ctx, fname_in,
1323 PTR_DIFF(p, fname_in));
1324 fname_mask = talloc_strdup(ctx, p+1);
1327 if (!fname_dir || !fname_mask) {
1328 TALLOC_FREE(fname_dir);
1329 TALLOC_FREE(fname_mask);
1330 return NT_STATUS_NO_MEMORY;
1333 *fname_dir_out = fname_dir;
1334 *fname_mask_out = fname_mask;
1335 return NT_STATUS_OK;
1338 /****************************************************************************
1340 Can be called from SMBsearch, SMBffirst or SMBfunique.
1341 ****************************************************************************/
1343 void reply_search(struct smb_request *req)
1345 connection_struct *conn = req->conn;
1347 const char *mask = NULL;
1348 char *directory = NULL;
1349 struct smb_filename *smb_fname = NULL;
1353 struct timespec date;
1355 unsigned int numentries = 0;
1356 unsigned int maxentries = 0;
1357 bool finished = False;
1362 bool check_descend = False;
1363 bool expect_close = False;
1365 bool mask_contains_wcard = False;
1366 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1367 TALLOC_CTX *ctx = talloc_tos();
1368 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1369 struct dptr_struct *dirptr = NULL;
1370 struct smbd_server_connection *sconn = req->sconn;
1372 START_PROFILE(SMBsearch);
1375 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1379 if (lp_posix_pathnames()) {
1380 reply_unknown_new(req, req->cmd);
1384 /* If we were called as SMBffirst then we must expect close. */
1385 if(req->cmd == SMBffirst) {
1386 expect_close = True;
1389 reply_outbuf(req, 1, 3);
1390 maxentries = SVAL(req->vwv+0, 0);
1391 dirtype = SVAL(req->vwv+1, 0);
1392 p = (const char *)req->buf + 1;
1393 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1394 &nt_status, &mask_contains_wcard);
1395 if (!NT_STATUS_IS_OK(nt_status)) {
1396 reply_nterror(req, nt_status);
1401 status_len = SVAL(p, 0);
1404 /* dirtype &= ~aDIR; */
1406 if (status_len == 0) {
1407 nt_status = filename_convert(ctx, conn,
1408 req->flags2 & FLAGS2_DFS_PATHNAMES,
1410 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1411 &mask_contains_wcard,
1413 if (!NT_STATUS_IS_OK(nt_status)) {
1414 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1415 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1416 ERRSRV, ERRbadpath);
1419 reply_nterror(req, nt_status);
1423 directory = smb_fname->base_name;
1425 p = strrchr_m(directory,'/');
1426 if ((p != NULL) && (*directory != '/')) {
1428 directory = talloc_strndup(ctx, directory,
1429 PTR_DIFF(p, directory));
1432 directory = talloc_strdup(ctx,".");
1436 reply_nterror(req, NT_STATUS_NO_MEMORY);
1440 memset((char *)status,'\0',21);
1441 SCVAL(status,0,(dirtype & 0x1F));
1443 nt_status = dptr_create(conn,
1449 mask_contains_wcard,
1452 if (!NT_STATUS_IS_OK(nt_status)) {
1453 reply_nterror(req, nt_status);
1456 dptr_num = dptr_dnum(dirptr);
1459 const char *dirpath;
1461 memcpy(status,p,21);
1462 status_dirtype = CVAL(status,0) & 0x1F;
1463 if (status_dirtype != (dirtype & 0x1F)) {
1464 dirtype = status_dirtype;
1467 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1471 dirpath = dptr_path(sconn, dptr_num);
1472 directory = talloc_strdup(ctx, dirpath);
1474 reply_nterror(req, NT_STATUS_NO_MEMORY);
1478 mask = dptr_wcard(sconn, dptr_num);
1483 * For a 'continue' search we have no string. So
1484 * check from the initial saved string.
1486 mask_contains_wcard = ms_has_wild(mask);
1487 dirtype = dptr_attr(sconn, dptr_num);
1490 DEBUG(4,("dptr_num is %d\n",dptr_num));
1492 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1493 dptr_init_search_op(dirptr);
1495 if ((dirtype&0x1F) == aVOLID) {
1496 char buf[DIR_STRUCT_SIZE];
1497 memcpy(buf,status,21);
1498 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1499 0,aVOLID,0,!allow_long_path_components)) {
1500 reply_nterror(req, NT_STATUS_NO_MEMORY);
1503 dptr_fill(sconn, buf+12,dptr_num);
1504 if (dptr_zero(buf+12) && (status_len==0)) {
1509 if (message_push_blob(&req->outbuf,
1510 data_blob_const(buf, sizeof(buf)))
1512 reply_nterror(req, NT_STATUS_NO_MEMORY);
1520 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1523 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1524 directory,lp_dontdescend(SNUM(conn))));
1525 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1526 check_descend = True;
1529 for (i=numentries;(i<maxentries) && !finished;i++) {
1530 finished = !get_dir_entry(ctx,
1541 char buf[DIR_STRUCT_SIZE];
1542 memcpy(buf,status,21);
1543 if (!make_dir_struct(ctx,
1549 convert_timespec_to_time_t(date),
1550 !allow_long_path_components)) {
1551 reply_nterror(req, NT_STATUS_NO_MEMORY);
1554 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1557 if (message_push_blob(&req->outbuf,
1558 data_blob_const(buf, sizeof(buf)))
1560 reply_nterror(req, NT_STATUS_NO_MEMORY);
1570 /* If we were called as SMBffirst with smb_search_id == NULL
1571 and no entries were found then return error and close dirptr
1574 if (numentries == 0) {
1575 dptr_close(sconn, &dptr_num);
1576 } else if(expect_close && status_len == 0) {
1577 /* Close the dptr - we know it's gone */
1578 dptr_close(sconn, &dptr_num);
1581 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1582 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1583 dptr_close(sconn, &dptr_num);
1586 if ((numentries == 0) && !mask_contains_wcard) {
1587 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1591 SSVAL(req->outbuf,smb_vwv0,numentries);
1592 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1593 SCVAL(smb_buf(req->outbuf),0,5);
1594 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1596 /* The replies here are never long name. */
1597 SSVAL(req->outbuf, smb_flg2,
1598 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1599 if (!allow_long_path_components) {
1600 SSVAL(req->outbuf, smb_flg2,
1601 SVAL(req->outbuf, smb_flg2)
1602 & (~FLAGS2_LONG_PATH_COMPONENTS));
1605 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1606 SSVAL(req->outbuf, smb_flg2,
1607 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1609 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1610 smb_fn_name(req->cmd),
1617 TALLOC_FREE(directory);
1618 TALLOC_FREE(smb_fname);
1619 END_PROFILE(SMBsearch);
1623 /****************************************************************************
1624 Reply to a fclose (stop directory search).
1625 ****************************************************************************/
1627 void reply_fclose(struct smb_request *req)
1635 bool path_contains_wcard = False;
1636 TALLOC_CTX *ctx = talloc_tos();
1637 struct smbd_server_connection *sconn = req->sconn;
1639 START_PROFILE(SMBfclose);
1641 if (lp_posix_pathnames()) {
1642 reply_unknown_new(req, req->cmd);
1643 END_PROFILE(SMBfclose);
1647 p = (const char *)req->buf + 1;
1648 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1649 &err, &path_contains_wcard);
1650 if (!NT_STATUS_IS_OK(err)) {
1651 reply_nterror(req, err);
1652 END_PROFILE(SMBfclose);
1656 status_len = SVAL(p,0);
1659 if (status_len == 0) {
1660 reply_force_doserror(req, ERRSRV, ERRsrverror);
1661 END_PROFILE(SMBfclose);
1665 memcpy(status,p,21);
1667 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1668 /* Close the dptr - we know it's gone */
1669 dptr_close(sconn, &dptr_num);
1672 reply_outbuf(req, 1, 0);
1673 SSVAL(req->outbuf,smb_vwv0,0);
1675 DEBUG(3,("search close\n"));
1677 END_PROFILE(SMBfclose);
1681 /****************************************************************************
1683 ****************************************************************************/
1685 void reply_open(struct smb_request *req)
1687 connection_struct *conn = req->conn;
1688 struct smb_filename *smb_fname = NULL;
1700 uint32 create_disposition;
1701 uint32 create_options = 0;
1702 uint32_t private_flags = 0;
1704 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1705 TALLOC_CTX *ctx = talloc_tos();
1707 START_PROFILE(SMBopen);
1710 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1714 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1715 deny_mode = SVAL(req->vwv+0, 0);
1716 dos_attr = SVAL(req->vwv+1, 0);
1718 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1719 STR_TERMINATE, &status);
1720 if (!NT_STATUS_IS_OK(status)) {
1721 reply_nterror(req, status);
1725 status = filename_convert(ctx,
1727 req->flags2 & FLAGS2_DFS_PATHNAMES,
1732 if (!NT_STATUS_IS_OK(status)) {
1733 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1734 reply_botherror(req,
1735 NT_STATUS_PATH_NOT_COVERED,
1736 ERRSRV, ERRbadpath);
1739 reply_nterror(req, status);
1743 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1744 OPENX_FILE_EXISTS_OPEN, &access_mask,
1745 &share_mode, &create_disposition,
1746 &create_options, &private_flags)) {
1747 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1751 status = SMB_VFS_CREATE_FILE(
1754 0, /* root_dir_fid */
1755 smb_fname, /* fname */
1756 access_mask, /* access_mask */
1757 share_mode, /* share_access */
1758 create_disposition, /* create_disposition*/
1759 create_options, /* create_options */
1760 dos_attr, /* file_attributes */
1761 oplock_request, /* oplock_request */
1762 0, /* allocation_size */
1769 if (!NT_STATUS_IS_OK(status)) {
1770 if (open_was_deferred(req->mid)) {
1771 /* We have re-scheduled this call. */
1774 reply_openerror(req, status);
1778 size = smb_fname->st.st_ex_size;
1779 fattr = dos_mode(conn, smb_fname);
1781 /* Deal with other possible opens having a modified
1783 if (ask_sharemode) {
1784 struct timespec write_time_ts;
1786 ZERO_STRUCT(write_time_ts);
1787 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1788 if (!null_timespec(write_time_ts)) {
1789 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1793 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1796 DEBUG(3,("attempt to open a directory %s\n",
1798 close_file(req, fsp, ERROR_CLOSE);
1799 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1800 ERRDOS, ERRnoaccess);
1804 reply_outbuf(req, 7, 0);
1805 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1806 SSVAL(req->outbuf,smb_vwv1,fattr);
1807 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1808 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1810 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1812 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1813 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1815 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1816 SCVAL(req->outbuf,smb_flg,
1817 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1820 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1821 SCVAL(req->outbuf,smb_flg,
1822 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1825 TALLOC_FREE(smb_fname);
1826 END_PROFILE(SMBopen);
1830 /****************************************************************************
1831 Reply to an open and X.
1832 ****************************************************************************/
1834 void reply_open_and_X(struct smb_request *req)
1836 connection_struct *conn = req->conn;
1837 struct smb_filename *smb_fname = NULL;
1842 /* Breakout the oplock request bits so we can set the
1843 reply bits separately. */
1844 int ex_oplock_request;
1845 int core_oplock_request;
1848 int smb_sattr = SVAL(req->vwv+4, 0);
1849 uint32 smb_time = make_unix_date3(req->vwv+6);
1857 uint64_t allocation_size;
1858 ssize_t retval = -1;
1861 uint32 create_disposition;
1862 uint32 create_options = 0;
1863 uint32_t private_flags = 0;
1864 TALLOC_CTX *ctx = talloc_tos();
1866 START_PROFILE(SMBopenX);
1868 if (req->wct < 15) {
1869 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1873 open_flags = SVAL(req->vwv+2, 0);
1874 deny_mode = SVAL(req->vwv+3, 0);
1875 smb_attr = SVAL(req->vwv+5, 0);
1876 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1877 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1878 oplock_request = ex_oplock_request | core_oplock_request;
1879 smb_ofun = SVAL(req->vwv+8, 0);
1880 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1882 /* If it's an IPC, pass off the pipe handler. */
1884 if (lp_nt_pipe_support()) {
1885 reply_open_pipe_and_X(conn, req);
1887 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1892 /* XXXX we need to handle passed times, sattr and flags */
1893 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1894 STR_TERMINATE, &status);
1895 if (!NT_STATUS_IS_OK(status)) {
1896 reply_nterror(req, status);
1900 status = filename_convert(ctx,
1902 req->flags2 & FLAGS2_DFS_PATHNAMES,
1907 if (!NT_STATUS_IS_OK(status)) {
1908 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1909 reply_botherror(req,
1910 NT_STATUS_PATH_NOT_COVERED,
1911 ERRSRV, ERRbadpath);
1914 reply_nterror(req, status);
1918 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1919 &access_mask, &share_mode,
1920 &create_disposition,
1923 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1927 status = SMB_VFS_CREATE_FILE(
1930 0, /* root_dir_fid */
1931 smb_fname, /* fname */
1932 access_mask, /* access_mask */
1933 share_mode, /* share_access */
1934 create_disposition, /* create_disposition*/
1935 create_options, /* create_options */
1936 smb_attr, /* file_attributes */
1937 oplock_request, /* oplock_request */
1938 0, /* allocation_size */
1943 &smb_action); /* pinfo */
1945 if (!NT_STATUS_IS_OK(status)) {
1946 if (open_was_deferred(req->mid)) {
1947 /* We have re-scheduled this call. */
1950 reply_openerror(req, status);
1954 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1955 if the file is truncated or created. */
1956 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1957 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1958 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1959 close_file(req, fsp, ERROR_CLOSE);
1960 reply_nterror(req, NT_STATUS_DISK_FULL);
1963 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1965 close_file(req, fsp, ERROR_CLOSE);
1966 reply_nterror(req, NT_STATUS_DISK_FULL);
1969 smb_fname->st.st_ex_size =
1970 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1973 fattr = dos_mode(conn, smb_fname);
1974 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1976 close_file(req, fsp, ERROR_CLOSE);
1977 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1981 /* If the caller set the extended oplock request bit
1982 and we granted one (by whatever means) - set the
1983 correct bit for extended oplock reply.
1986 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1987 smb_action |= EXTENDED_OPLOCK_GRANTED;
1990 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1991 smb_action |= EXTENDED_OPLOCK_GRANTED;
1994 /* If the caller set the core oplock request bit
1995 and we granted one (by whatever means) - set the
1996 correct bit for core oplock reply.
1999 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2000 reply_outbuf(req, 19, 0);
2002 reply_outbuf(req, 15, 0);
2005 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2006 SCVAL(req->outbuf, smb_flg,
2007 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2010 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2011 SCVAL(req->outbuf, smb_flg,
2012 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2015 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2016 SSVAL(req->outbuf,smb_vwv3,fattr);
2017 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2018 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2020 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2022 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2023 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2024 SSVAL(req->outbuf,smb_vwv11,smb_action);
2026 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2027 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2032 TALLOC_FREE(smb_fname);
2033 END_PROFILE(SMBopenX);
2037 /****************************************************************************
2038 Reply to a SMBulogoffX.
2039 ****************************************************************************/
2041 void reply_ulogoffX(struct smb_request *req)
2043 struct smbd_server_connection *sconn = req->sconn;
2046 START_PROFILE(SMBulogoffX);
2048 vuser = get_valid_user_struct(sconn, req->vuid);
2051 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2055 /* in user level security we are supposed to close any files
2056 open by this user */
2057 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2058 file_close_user(req->vuid);
2061 invalidate_vuid(sconn, req->vuid);
2063 reply_outbuf(req, 2, 0);
2065 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2067 END_PROFILE(SMBulogoffX);
2068 req->vuid = UID_FIELD_INVALID;
2072 /****************************************************************************
2073 Reply to a mknew or a create.
2074 ****************************************************************************/
2076 void reply_mknew(struct smb_request *req)
2078 connection_struct *conn = req->conn;
2079 struct smb_filename *smb_fname = NULL;
2082 struct smb_file_time ft;
2084 int oplock_request = 0;
2086 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2087 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2088 uint32 create_disposition;
2089 uint32 create_options = 0;
2090 TALLOC_CTX *ctx = talloc_tos();
2092 START_PROFILE(SMBcreate);
2096 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2100 fattr = SVAL(req->vwv+0, 0);
2101 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2104 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2106 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2107 STR_TERMINATE, &status);
2108 if (!NT_STATUS_IS_OK(status)) {
2109 reply_nterror(req, status);
2113 status = filename_convert(ctx,
2115 req->flags2 & FLAGS2_DFS_PATHNAMES,
2120 if (!NT_STATUS_IS_OK(status)) {
2121 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2122 reply_botherror(req,
2123 NT_STATUS_PATH_NOT_COVERED,
2124 ERRSRV, ERRbadpath);
2127 reply_nterror(req, status);
2131 if (fattr & aVOLID) {
2132 DEBUG(0,("Attempt to create file (%s) with volid set - "
2133 "please report this\n",
2134 smb_fname_str_dbg(smb_fname)));
2137 if(req->cmd == SMBmknew) {
2138 /* We should fail if file exists. */
2139 create_disposition = FILE_CREATE;
2141 /* Create if file doesn't exist, truncate if it does. */
2142 create_disposition = FILE_OVERWRITE_IF;
2145 status = SMB_VFS_CREATE_FILE(
2148 0, /* root_dir_fid */
2149 smb_fname, /* fname */
2150 access_mask, /* access_mask */
2151 share_mode, /* share_access */
2152 create_disposition, /* create_disposition*/
2153 create_options, /* create_options */
2154 fattr, /* file_attributes */
2155 oplock_request, /* oplock_request */
2156 0, /* allocation_size */
2157 0, /* private_flags */
2163 if (!NT_STATUS_IS_OK(status)) {
2164 if (open_was_deferred(req->mid)) {
2165 /* We have re-scheduled this call. */
2168 reply_openerror(req, status);
2172 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2173 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2174 if (!NT_STATUS_IS_OK(status)) {
2175 END_PROFILE(SMBcreate);
2179 reply_outbuf(req, 1, 0);
2180 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2182 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2183 SCVAL(req->outbuf,smb_flg,
2184 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2187 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2188 SCVAL(req->outbuf,smb_flg,
2189 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2192 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2193 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2194 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2195 (unsigned int)fattr));
2198 TALLOC_FREE(smb_fname);
2199 END_PROFILE(SMBcreate);
2203 /****************************************************************************
2204 Reply to a create temporary file.
2205 ****************************************************************************/
2207 void reply_ctemp(struct smb_request *req)
2209 connection_struct *conn = req->conn;
2210 struct smb_filename *smb_fname = NULL;
2218 TALLOC_CTX *ctx = talloc_tos();
2220 START_PROFILE(SMBctemp);
2223 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2227 fattr = SVAL(req->vwv+0, 0);
2228 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2230 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2231 STR_TERMINATE, &status);
2232 if (!NT_STATUS_IS_OK(status)) {
2233 reply_nterror(req, status);
2237 fname = talloc_asprintf(ctx,
2241 fname = talloc_strdup(ctx, "TMXXXXXX");
2245 reply_nterror(req, NT_STATUS_NO_MEMORY);
2249 status = filename_convert(ctx, conn,
2250 req->flags2 & FLAGS2_DFS_PATHNAMES,
2255 if (!NT_STATUS_IS_OK(status)) {
2256 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2257 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2258 ERRSRV, ERRbadpath);
2261 reply_nterror(req, status);
2265 tmpfd = mkstemp(smb_fname->base_name);
2267 reply_nterror(req, map_nt_error_from_unix(errno));
2271 SMB_VFS_STAT(conn, smb_fname);
2273 /* We should fail if file does not exist. */
2274 status = SMB_VFS_CREATE_FILE(
2277 0, /* root_dir_fid */
2278 smb_fname, /* fname */
2279 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2280 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2281 FILE_OPEN, /* create_disposition*/
2282 0, /* create_options */
2283 fattr, /* file_attributes */
2284 oplock_request, /* oplock_request */
2285 0, /* allocation_size */
2286 0, /* private_flags */
2292 /* close fd from mkstemp() */
2295 if (!NT_STATUS_IS_OK(status)) {
2296 if (open_was_deferred(req->mid)) {
2297 /* We have re-scheduled this call. */
2300 reply_openerror(req, status);
2304 reply_outbuf(req, 1, 0);
2305 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2307 /* the returned filename is relative to the directory */
2308 s = strrchr_m(fsp->fsp_name->base_name, '/');
2310 s = fsp->fsp_name->base_name;
2316 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2317 thing in the byte section. JRA */
2318 SSVALS(p, 0, -1); /* what is this? not in spec */
2320 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2322 reply_nterror(req, NT_STATUS_NO_MEMORY);
2326 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2327 SCVAL(req->outbuf, smb_flg,
2328 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2331 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2332 SCVAL(req->outbuf, smb_flg,
2333 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2336 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2337 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2338 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2340 TALLOC_FREE(smb_fname);
2341 END_PROFILE(SMBctemp);
2345 /*******************************************************************
2346 Check if a user is allowed to rename a file.
2347 ********************************************************************/
2349 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2354 if (!CAN_WRITE(conn)) {
2355 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2358 fmode = dos_mode(conn, fsp->fsp_name);
2359 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2360 return NT_STATUS_NO_SUCH_FILE;
2363 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2364 if (fsp->posix_open) {
2365 return NT_STATUS_OK;
2368 /* If no pathnames are open below this
2369 directory, allow the rename. */
2371 if (file_find_subpath(fsp)) {
2372 return NT_STATUS_ACCESS_DENIED;
2374 return NT_STATUS_OK;
2377 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2378 return NT_STATUS_OK;
2381 return NT_STATUS_ACCESS_DENIED;
2384 /*******************************************************************
2385 * unlink a file with all relevant access checks
2386 *******************************************************************/
2388 static NTSTATUS do_unlink(connection_struct *conn,
2389 struct smb_request *req,
2390 struct smb_filename *smb_fname,
2395 uint32 dirtype_orig = dirtype;
2398 bool posix_paths = lp_posix_pathnames();
2400 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2401 smb_fname_str_dbg(smb_fname),
2404 if (!CAN_WRITE(conn)) {
2405 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2409 ret = SMB_VFS_LSTAT(conn, smb_fname);
2411 ret = SMB_VFS_STAT(conn, smb_fname);
2414 return map_nt_error_from_unix(errno);
2417 fattr = dos_mode(conn, smb_fname);
2419 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2420 dirtype = aDIR|aARCH|aRONLY;
2423 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2425 return NT_STATUS_NO_SUCH_FILE;
2428 if (!dir_check_ftype(conn, fattr, dirtype)) {
2430 return NT_STATUS_FILE_IS_A_DIRECTORY;
2432 return NT_STATUS_NO_SUCH_FILE;
2435 if (dirtype_orig & 0x8000) {
2436 /* These will never be set for POSIX. */
2437 return NT_STATUS_NO_SUCH_FILE;
2441 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2442 return NT_STATUS_FILE_IS_A_DIRECTORY;
2445 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2446 return NT_STATUS_NO_SUCH_FILE;
2449 if (dirtype & 0xFF00) {
2450 /* These will never be set for POSIX. */
2451 return NT_STATUS_NO_SUCH_FILE;
2456 return NT_STATUS_NO_SUCH_FILE;
2459 /* Can't delete a directory. */
2461 return NT_STATUS_FILE_IS_A_DIRECTORY;
2466 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2467 return NT_STATUS_OBJECT_NAME_INVALID;
2468 #endif /* JRATEST */
2470 /* On open checks the open itself will check the share mode, so
2471 don't do it here as we'll get it wrong. */
2473 status = SMB_VFS_CREATE_FILE
2476 0, /* root_dir_fid */
2477 smb_fname, /* fname */
2478 DELETE_ACCESS, /* access_mask */
2479 FILE_SHARE_NONE, /* share_access */
2480 FILE_OPEN, /* create_disposition*/
2481 FILE_NON_DIRECTORY_FILE, /* create_options */
2482 /* file_attributes */
2483 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2484 FILE_ATTRIBUTE_NORMAL,
2485 0, /* oplock_request */
2486 0, /* allocation_size */
2487 0, /* private_flags */
2493 if (!NT_STATUS_IS_OK(status)) {
2494 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2495 nt_errstr(status)));
2499 status = can_set_delete_on_close(fsp, fattr);
2500 if (!NT_STATUS_IS_OK(status)) {
2501 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2503 smb_fname_str_dbg(smb_fname),
2504 nt_errstr(status)));
2505 close_file(req, fsp, NORMAL_CLOSE);
2509 /* The set is across all open files on this dev/inode pair. */
2510 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2511 close_file(req, fsp, NORMAL_CLOSE);
2512 return NT_STATUS_ACCESS_DENIED;
2515 return close_file(req, fsp, NORMAL_CLOSE);
2518 /****************************************************************************
2519 The guts of the unlink command, split out so it may be called by the NT SMB
2521 ****************************************************************************/
2523 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2524 uint32 dirtype, struct smb_filename *smb_fname,
2527 char *fname_dir = NULL;
2528 char *fname_mask = NULL;
2530 NTSTATUS status = NT_STATUS_OK;
2531 TALLOC_CTX *ctx = talloc_tos();
2533 /* Split up the directory from the filename/mask. */
2534 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2535 &fname_dir, &fname_mask);
2536 if (!NT_STATUS_IS_OK(status)) {
2541 * We should only check the mangled cache
2542 * here if unix_convert failed. This means
2543 * that the path in 'mask' doesn't exist
2544 * on the file system and so we need to look
2545 * for a possible mangle. This patch from
2546 * Tine Smukavec <valentin.smukavec@hermes.si>.
2549 if (!VALID_STAT(smb_fname->st) &&
2550 mangle_is_mangled(fname_mask, conn->params)) {
2551 char *new_mask = NULL;
2552 mangle_lookup_name_from_8_3(ctx, fname_mask,
2553 &new_mask, conn->params);
2555 TALLOC_FREE(fname_mask);
2556 fname_mask = new_mask;
2563 * Only one file needs to be unlinked. Append the mask back
2564 * onto the directory.
2566 TALLOC_FREE(smb_fname->base_name);
2567 smb_fname->base_name = talloc_asprintf(smb_fname,
2571 if (!smb_fname->base_name) {
2572 status = NT_STATUS_NO_MEMORY;
2576 dirtype = FILE_ATTRIBUTE_NORMAL;
2579 status = check_name(conn, smb_fname->base_name);
2580 if (!NT_STATUS_IS_OK(status)) {
2584 status = do_unlink(conn, req, smb_fname, dirtype);
2585 if (!NT_STATUS_IS_OK(status)) {
2591 struct smb_Dir *dir_hnd = NULL;
2593 const char *dname = NULL;
2594 char *talloced = NULL;
2596 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2597 status = NT_STATUS_OBJECT_NAME_INVALID;
2601 if (strequal(fname_mask,"????????.???")) {
2602 TALLOC_FREE(fname_mask);
2603 fname_mask = talloc_strdup(ctx, "*");
2605 status = NT_STATUS_NO_MEMORY;
2610 status = check_name(conn, fname_dir);
2611 if (!NT_STATUS_IS_OK(status)) {
2615 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2617 if (dir_hnd == NULL) {
2618 status = map_nt_error_from_unix(errno);
2622 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2623 the pattern matches against the long name, otherwise the short name
2624 We don't implement this yet XXXX
2627 status = NT_STATUS_NO_SUCH_FILE;
2629 while ((dname = ReadDirName(dir_hnd, &offset,
2630 &smb_fname->st, &talloced))) {
2631 TALLOC_CTX *frame = talloc_stackframe();
2633 if (!is_visible_file(conn, fname_dir, dname,
2634 &smb_fname->st, true)) {
2636 TALLOC_FREE(talloced);
2640 /* Quick check for "." and ".." */
2641 if (ISDOT(dname) || ISDOTDOT(dname)) {
2643 TALLOC_FREE(talloced);
2647 if(!mask_match(dname, fname_mask,
2648 conn->case_sensitive)) {
2650 TALLOC_FREE(talloced);
2654 TALLOC_FREE(smb_fname->base_name);
2655 smb_fname->base_name =
2656 talloc_asprintf(smb_fname, "%s/%s",
2659 if (!smb_fname->base_name) {
2660 TALLOC_FREE(dir_hnd);
2661 status = NT_STATUS_NO_MEMORY;
2663 TALLOC_FREE(talloced);
2667 status = check_name(conn, smb_fname->base_name);
2668 if (!NT_STATUS_IS_OK(status)) {
2669 TALLOC_FREE(dir_hnd);
2671 TALLOC_FREE(talloced);
2675 status = do_unlink(conn, req, smb_fname, dirtype);
2676 if (!NT_STATUS_IS_OK(status)) {
2678 TALLOC_FREE(talloced);
2683 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2684 smb_fname->base_name));
2687 TALLOC_FREE(talloced);
2689 TALLOC_FREE(dir_hnd);
2692 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2693 status = map_nt_error_from_unix(errno);
2697 TALLOC_FREE(fname_dir);
2698 TALLOC_FREE(fname_mask);
2702 /****************************************************************************
2704 ****************************************************************************/
2706 void reply_unlink(struct smb_request *req)
2708 connection_struct *conn = req->conn;
2710 struct smb_filename *smb_fname = NULL;
2713 bool path_contains_wcard = False;
2714 TALLOC_CTX *ctx = talloc_tos();
2716 START_PROFILE(SMBunlink);
2719 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2723 dirtype = SVAL(req->vwv+0, 0);
2725 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2726 STR_TERMINATE, &status,
2727 &path_contains_wcard);
2728 if (!NT_STATUS_IS_OK(status)) {
2729 reply_nterror(req, status);
2733 status = filename_convert(ctx, conn,
2734 req->flags2 & FLAGS2_DFS_PATHNAMES,
2736 UCF_COND_ALLOW_WCARD_LCOMP,
2737 &path_contains_wcard,
2739 if (!NT_STATUS_IS_OK(status)) {
2740 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2741 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2742 ERRSRV, ERRbadpath);
2745 reply_nterror(req, status);
2749 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2751 status = unlink_internals(conn, req, dirtype, smb_fname,
2752 path_contains_wcard);
2753 if (!NT_STATUS_IS_OK(status)) {
2754 if (open_was_deferred(req->mid)) {
2755 /* We have re-scheduled this call. */
2758 reply_nterror(req, status);
2762 reply_outbuf(req, 0, 0);
2764 TALLOC_FREE(smb_fname);
2765 END_PROFILE(SMBunlink);
2769 /****************************************************************************
2771 ****************************************************************************/
2773 static void fail_readraw(void)
2775 const char *errstr = talloc_asprintf(talloc_tos(),
2776 "FAIL ! reply_readbraw: socket write fail (%s)",
2781 exit_server_cleanly(errstr);
2784 /****************************************************************************
2785 Fake (read/write) sendfile. Returns -1 on read or write fail.
2786 ****************************************************************************/
2788 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2792 size_t tosend = nread;
2799 bufsize = MIN(nread, 65536);
2801 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2805 while (tosend > 0) {
2809 if (tosend > bufsize) {
2814 ret = read_file(fsp,buf,startpos,cur_read);
2820 /* If we had a short read, fill with zeros. */
2821 if (ret < cur_read) {
2822 memset(buf + ret, '\0', cur_read - ret);
2825 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2830 startpos += cur_read;
2834 return (ssize_t)nread;
2837 #if defined(WITH_SENDFILE)
2838 /****************************************************************************
2839 Deal with the case of sendfile reading less bytes from the file than
2840 requested. Fill with zeros (all we can do).
2841 ****************************************************************************/
2843 static void sendfile_short_send(files_struct *fsp,
2848 #define SHORT_SEND_BUFSIZE 1024
2849 if (nread < headersize) {
2850 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2851 "header for file %s (%s). Terminating\n",
2852 fsp_str_dbg(fsp), strerror(errno)));
2853 exit_server_cleanly("sendfile_short_send failed");
2856 nread -= headersize;
2858 if (nread < smb_maxcnt) {
2859 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2861 exit_server_cleanly("sendfile_short_send: "
2865 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2866 "with zeros !\n", fsp_str_dbg(fsp)));
2868 while (nread < smb_maxcnt) {
2870 * We asked for the real file size and told sendfile
2871 * to not go beyond the end of the file. But it can
2872 * happen that in between our fstat call and the
2873 * sendfile call the file was truncated. This is very
2874 * bad because we have already announced the larger
2875 * number of bytes to the client.
2877 * The best we can do now is to send 0-bytes, just as
2878 * a read from a hole in a sparse file would do.
2880 * This should happen rarely enough that I don't care
2881 * about efficiency here :-)
2885 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2886 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2887 exit_server_cleanly("sendfile_short_send: "
2888 "write_data failed");
2895 #endif /* defined WITH_SENDFILE */
2897 /****************************************************************************
2898 Return a readbraw error (4 bytes of zero).
2899 ****************************************************************************/
2901 static void reply_readbraw_error(void)
2907 smbd_lock_socket(smbd_server_conn);
2908 if (write_data(smbd_server_fd(),header,4) != 4) {
2911 smbd_unlock_socket(smbd_server_conn);
2914 /****************************************************************************
2915 Use sendfile in readbraw.
2916 ****************************************************************************/
2918 static void send_file_readbraw(connection_struct *conn,
2919 struct smb_request *req,
2925 char *outbuf = NULL;
2928 #if defined(WITH_SENDFILE)
2930 * We can only use sendfile on a non-chained packet
2931 * but we can use on a non-oplocked file. tridge proved this
2932 * on a train in Germany :-). JRA.
2933 * reply_readbraw has already checked the length.
2936 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2937 (fsp->wcp == NULL) &&
2938 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
2939 ssize_t sendfile_read = -1;
2941 DATA_BLOB header_blob;
2943 _smb_setlen(header,nread);
2944 header_blob = data_blob_const(header, 4);
2946 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2947 &header_blob, startpos, nread)) == -1) {
2948 /* Returning ENOSYS means no data at all was sent.
2949 * Do this as a normal read. */
2950 if (errno == ENOSYS) {
2951 goto normal_readbraw;
2955 * Special hack for broken Linux with no working sendfile. If we
2956 * return EINTR we sent the header but not the rest of the data.
2957 * Fake this up by doing read/write calls.
2959 if (errno == EINTR) {
2960 /* Ensure we don't do this again. */
2961 set_use_sendfile(SNUM(conn), False);
2962 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2964 if (fake_sendfile(fsp, startpos, nread) == -1) {
2965 DEBUG(0,("send_file_readbraw: "
2966 "fake_sendfile failed for "
2970 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2975 DEBUG(0,("send_file_readbraw: sendfile failed for "
2976 "file %s (%s). Terminating\n",
2977 fsp_str_dbg(fsp), strerror(errno)));
2978 exit_server_cleanly("send_file_readbraw sendfile failed");
2979 } else if (sendfile_read == 0) {
2981 * Some sendfile implementations return 0 to indicate
2982 * that there was a short read, but nothing was
2983 * actually written to the socket. In this case,
2984 * fallback to the normal read path so the header gets
2985 * the correct byte count.
2987 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2988 "bytes falling back to the normal read: "
2989 "%s\n", fsp_str_dbg(fsp)));
2990 goto normal_readbraw;
2993 /* Deal with possible short send. */
2994 if (sendfile_read != 4+nread) {
2995 sendfile_short_send(fsp, sendfile_read, 4, nread);
3003 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
3005 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
3006 (unsigned)(nread+4)));
3007 reply_readbraw_error();
3012 ret = read_file(fsp,outbuf+4,startpos,nread);
3013 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3022 _smb_setlen(outbuf,ret);
3023 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
3026 TALLOC_FREE(outbuf);
3029 /****************************************************************************
3030 Reply to a readbraw (core+ protocol).
3031 ****************************************************************************/
3033 void reply_readbraw(struct smb_request *req)
3035 connection_struct *conn = req->conn;
3036 ssize_t maxcount,mincount;
3040 struct lock_struct lock;
3043 START_PROFILE(SMBreadbraw);
3045 if (srv_is_signing_active(smbd_server_conn) ||
3046 is_encrypted_packet(req->inbuf)) {
3047 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3048 "raw reads/writes are disallowed.");
3052 reply_readbraw_error();
3053 END_PROFILE(SMBreadbraw);
3057 if (smbd_server_conn->smb1.echo_handler.trusted_fde) {
3058 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3059 "'async smb echo handler = yes'\n"));
3060 reply_readbraw_error();
3061 END_PROFILE(SMBreadbraw);
3066 * Special check if an oplock break has been issued
3067 * and the readraw request croses on the wire, we must
3068 * return a zero length response here.
3071 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3074 * We have to do a check_fsp by hand here, as
3075 * we must always return 4 zero bytes on error,
3079 if (!fsp || !conn || conn != fsp->conn ||
3080 req->vuid != fsp->vuid ||
3081 fsp->is_directory || fsp->fh->fd == -1) {
3083 * fsp could be NULL here so use the value from the packet. JRA.
3085 DEBUG(3,("reply_readbraw: fnum %d not valid "
3087 (int)SVAL(req->vwv+0, 0)));
3088 reply_readbraw_error();
3089 END_PROFILE(SMBreadbraw);
3093 /* Do a "by hand" version of CHECK_READ. */
3094 if (!(fsp->can_read ||
3095 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3096 (fsp->access_mask & FILE_EXECUTE)))) {
3097 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3098 (int)SVAL(req->vwv+0, 0)));
3099 reply_readbraw_error();
3100 END_PROFILE(SMBreadbraw);
3104 flush_write_cache(fsp, READRAW_FLUSH);
3106 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3107 if(req->wct == 10) {
3109 * This is a large offset (64 bit) read.
3111 #ifdef LARGE_SMB_OFF_T
3113 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3115 #else /* !LARGE_SMB_OFF_T */
3118 * Ensure we haven't been sent a >32 bit offset.
3121 if(IVAL(req->vwv+8, 0) != 0) {
3122 DEBUG(0,("reply_readbraw: large offset "
3123 "(%x << 32) used and we don't support "
3124 "64 bit offsets.\n",
3125 (unsigned int)IVAL(req->vwv+8, 0) ));
3126 reply_readbraw_error();
3127 END_PROFILE(SMBreadbraw);
3131 #endif /* LARGE_SMB_OFF_T */
3134 DEBUG(0,("reply_readbraw: negative 64 bit "
3135 "readraw offset (%.0f) !\n",
3136 (double)startpos ));
3137 reply_readbraw_error();
3138 END_PROFILE(SMBreadbraw);
3143 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3144 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3146 /* ensure we don't overrun the packet size */
3147 maxcount = MIN(65535,maxcount);
3149 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3150 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3153 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3154 reply_readbraw_error();
3155 END_PROFILE(SMBreadbraw);
3159 if (fsp_stat(fsp) == 0) {
3160 size = fsp->fsp_name->st.st_ex_size;
3163 if (startpos >= size) {
3166 nread = MIN(maxcount,(size - startpos));
3169 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3170 if (nread < mincount)
3174 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3175 "min=%lu nread=%lu\n",
3176 fsp->fnum, (double)startpos,
3177 (unsigned long)maxcount,
3178 (unsigned long)mincount,
3179 (unsigned long)nread ) );
3181 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3183 DEBUG(5,("reply_readbraw finished\n"));
3185 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3187 END_PROFILE(SMBreadbraw);
3192 #define DBGC_CLASS DBGC_LOCKING
3194 /****************************************************************************
3195 Reply to a lockread (core+ protocol).
3196 ****************************************************************************/
3198 void reply_lockread(struct smb_request *req)
3200 connection_struct *conn = req->conn;
3207 struct byte_range_lock *br_lck = NULL;
3209 struct smbd_server_connection *sconn = smbd_server_conn;
3211 START_PROFILE(SMBlockread);
3214 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3215 END_PROFILE(SMBlockread);
3219 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3221 if (!check_fsp(conn, req, fsp)) {
3222 END_PROFILE(SMBlockread);
3226 if (!CHECK_READ(fsp,req)) {
3227 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3228 END_PROFILE(SMBlockread);
3232 numtoread = SVAL(req->vwv+1, 0);
3233 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3235 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3237 reply_outbuf(req, 5, numtoread + 3);
3239 data = smb_buf(req->outbuf) + 3;
3242 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3243 * protocol request that predates the read/write lock concept.
3244 * Thus instead of asking for a read lock here we need to ask
3245 * for a write lock. JRA.
3246 * Note that the requested lock size is unaffected by max_recv.
3249 br_lck = do_lock(smbd_messaging_context(),
3251 (uint64_t)req->smbpid,
3252 (uint64_t)numtoread,
3256 False, /* Non-blocking lock. */
3260 TALLOC_FREE(br_lck);
3262 if (NT_STATUS_V(status)) {
3263 reply_nterror(req, status);
3264 END_PROFILE(SMBlockread);
3269 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3272 if (numtoread > sconn->smb1.negprot.max_recv) {
3273 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3274 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3275 (unsigned int)numtoread,
3276 (unsigned int)sconn->smb1.negprot.max_recv));
3277 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3279 nread = read_file(fsp,data,startpos,numtoread);
3282 reply_nterror(req, map_nt_error_from_unix(errno));
3283 END_PROFILE(SMBlockread);
3287 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3289 SSVAL(req->outbuf,smb_vwv0,nread);
3290 SSVAL(req->outbuf,smb_vwv5,nread+3);
3291 p = smb_buf(req->outbuf);
3292 SCVAL(p,0,0); /* pad byte. */
3295 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3296 fsp->fnum, (int)numtoread, (int)nread));
3298 END_PROFILE(SMBlockread);
3303 #define DBGC_CLASS DBGC_ALL
3305 /****************************************************************************
3307 ****************************************************************************/
3309 void reply_read(struct smb_request *req)
3311 connection_struct *conn = req->conn;
3318 struct lock_struct lock;
3319 struct smbd_server_connection *sconn = smbd_server_conn;
3321 START_PROFILE(SMBread);
3324 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3325 END_PROFILE(SMBread);
3329 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3331 if (!check_fsp(conn, req, fsp)) {
3332 END_PROFILE(SMBread);
3336 if (!CHECK_READ(fsp,req)) {
3337 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3338 END_PROFILE(SMBread);
3342 numtoread = SVAL(req->vwv+1, 0);
3343 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3345 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3348 * The requested read size cannot be greater than max_recv. JRA.
3350 if (numtoread > sconn->smb1.negprot.max_recv) {
3351 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3352 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3353 (unsigned int)numtoread,
3354 (unsigned int)sconn->smb1.negprot.max_recv));
3355 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3358 reply_outbuf(req, 5, numtoread+3);
3360 data = smb_buf(req->outbuf) + 3;
3362 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3363 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3366 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3367 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3368 END_PROFILE(SMBread);
3373 nread = read_file(fsp,data,startpos,numtoread);
3376 reply_nterror(req, map_nt_error_from_unix(errno));
3380 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3382 SSVAL(req->outbuf,smb_vwv0,nread);
3383 SSVAL(req->outbuf,smb_vwv5,nread+3);
3384 SCVAL(smb_buf(req->outbuf),0,1);
3385 SSVAL(smb_buf(req->outbuf),1,nread);
3387 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3388 fsp->fnum, (int)numtoread, (int)nread ) );
3391 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3393 END_PROFILE(SMBread);
3397 /****************************************************************************
3399 ****************************************************************************/
3401 static int setup_readX_header(struct smb_request *req, char *outbuf,
3407 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3408 data = smb_buf(outbuf);
3410 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3412 SCVAL(outbuf,smb_vwv0,0xFF);
3413 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3414 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3415 SSVAL(outbuf,smb_vwv6,
3417 + 1 /* the wct field */
3418 + 12 * sizeof(uint16_t) /* vwv */
3419 + 2); /* the buflen field */
3420 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3421 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3422 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3423 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3427 /****************************************************************************
3428 Reply to a read and X - possibly using sendfile.
3429 ****************************************************************************/
3431 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3432 files_struct *fsp, SMB_OFF_T startpos,
3436 struct lock_struct lock;
3437 int saved_errno = 0;
3439 if(fsp_stat(fsp) == -1) {
3440 reply_nterror(req, map_nt_error_from_unix(errno));
3444 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3445 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3448 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3449 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3453 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3454 (startpos > fsp->fsp_name->st.st_ex_size)
3455 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3457 * We already know that we would do a short read, so don't
3458 * try the sendfile() path.
3460 goto nosendfile_read;
3463 #if defined(WITH_SENDFILE)
3465 * We can only use sendfile on a non-chained packet
3466 * but we can use on a non-oplocked file. tridge proved this
3467 * on a train in Germany :-). JRA.
3470 if (!req_is_in_chain(req) &&
3471 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3472 (fsp->wcp == NULL) &&
3473 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
3474 uint8 headerbuf[smb_size + 12 * 2];
3478 * Set up the packet header before send. We
3479 * assume here the sendfile will work (get the
3480 * correct amount of data).
3483 header = data_blob_const(headerbuf, sizeof(headerbuf));
3485 construct_reply_common_req(req, (char *)headerbuf);
3486 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3488 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3489 /* Returning ENOSYS means no data at all was sent.
3490 Do this as a normal read. */
3491 if (errno == ENOSYS) {
3496 * Special hack for broken Linux with no working sendfile. If we
3497 * return EINTR we sent the header but not the rest of the data.
3498 * Fake this up by doing read/write calls.
3501 if (errno == EINTR) {
3502 /* Ensure we don't do this again. */
3503 set_use_sendfile(SNUM(conn), False);
3504 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3505 nread = fake_sendfile(fsp, startpos,
3508 DEBUG(0,("send_file_readX: "
3509 "fake_sendfile failed for "
3513 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3515 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3516 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3517 /* No outbuf here means successful sendfile. */
3521 DEBUG(0,("send_file_readX: sendfile failed for file "
3522 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3524 exit_server_cleanly("send_file_readX sendfile failed");
3525 } else if (nread == 0) {
3527 * Some sendfile implementations return 0 to indicate
3528 * that there was a short read, but nothing was
3529 * actually written to the socket. In this case,
3530 * fallback to the normal read path so the header gets
3531 * the correct byte count.
3533 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3534 "falling back to the normal read: %s\n",
3539 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3540 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3542 /* Deal with possible short send. */
3543 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3544 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3546 /* No outbuf here means successful sendfile. */
3547 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3548 SMB_PERFCOUNT_END(&req->pcd);
3556 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3557 uint8 headerbuf[smb_size + 2*12];
3559 construct_reply_common_req(req, (char *)headerbuf);
3560 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3562 /* Send out the header. */
3563 if (write_data(smbd_server_fd(), (char *)headerbuf,
3564 sizeof(headerbuf)) != sizeof(headerbuf)) {
3565 DEBUG(0,("send_file_readX: write_data failed for file "
3566 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3568 exit_server_cleanly("send_file_readX sendfile failed");
3570 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3572 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3573 "file %s (%s).\n", fsp_str_dbg(fsp),
3575 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3582 reply_outbuf(req, 12, smb_maxcnt);
3584 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3585 saved_errno = errno;
3587 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3590 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3594 setup_readX_header(req, (char *)req->outbuf, nread);
3596 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3597 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3603 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3604 TALLOC_FREE(req->outbuf);
3608 /****************************************************************************
3609 Reply to a read and X.
3610 ****************************************************************************/
3612 void reply_read_and_X(struct smb_request *req)
3614 connection_struct *conn = req->conn;
3618 bool big_readX = False;
3620 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3623 START_PROFILE(SMBreadX);
3625 if ((req->wct != 10) && (req->wct != 12)) {
3626 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3630 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3631 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3632 smb_maxcnt = SVAL(req->vwv+5, 0);
3634 /* If it's an IPC, pass off the pipe handler. */
3636 reply_pipe_read_and_X(req);
3637 END_PROFILE(SMBreadX);
3641 if (!check_fsp(conn, req, fsp)) {
3642 END_PROFILE(SMBreadX);
3646 if (!CHECK_READ(fsp,req)) {
3647 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3648 END_PROFILE(SMBreadX);
3652 if (global_client_caps & CAP_LARGE_READX) {
3653 size_t upper_size = SVAL(req->vwv+7, 0);
3654 smb_maxcnt |= (upper_size<<16);
3655 if (upper_size > 1) {
3656 /* Can't do this on a chained packet. */
3657 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3658 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3659 END_PROFILE(SMBreadX);
3662 /* We currently don't do this on signed or sealed data. */
3663 if (srv_is_signing_active(smbd_server_conn) ||
3664 is_encrypted_packet(req->inbuf)) {
3665 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3666 END_PROFILE(SMBreadX);
3669 /* Is there room in the reply for this data ? */
3670 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3672 NT_STATUS_INVALID_PARAMETER);
3673 END_PROFILE(SMBreadX);
3680 if (req->wct == 12) {
3681 #ifdef LARGE_SMB_OFF_T
3683 * This is a large offset (64 bit) read.
3685 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3687 #else /* !LARGE_SMB_OFF_T */
3690 * Ensure we haven't been sent a >32 bit offset.
3693 if(IVAL(req->vwv+10, 0) != 0) {
3694 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3695 "used and we don't support 64 bit offsets.\n",
3696 (unsigned int)IVAL(req->vwv+10, 0) ));
3697 END_PROFILE(SMBreadX);
3698 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3702 #endif /* LARGE_SMB_OFF_T */
3707 NTSTATUS status = schedule_aio_read_and_X(conn,
3712 if (NT_STATUS_IS_OK(status)) {
3713 /* Read scheduled - we're done. */
3716 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
3717 /* Real error - report to client. */
3718 END_PROFILE(SMBreadX);
3719 reply_nterror(req, status);
3722 /* NT_STATUS_RETRY - fall back to sync read. */
3725 smbd_lock_socket(smbd_server_conn);
3726 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3727 smbd_unlock_socket(smbd_server_conn);
3730 END_PROFILE(SMBreadX);
3734 /****************************************************************************
3735 Error replies to writebraw must have smb_wct == 1. Fix this up.
3736 ****************************************************************************/
3738 void error_to_writebrawerr(struct smb_request *req)
3740 uint8 *old_outbuf = req->outbuf;
3742 reply_outbuf(req, 1, 0);
3744 memcpy(req->outbuf, old_outbuf, smb_size);
3745 TALLOC_FREE(old_outbuf);
3748 /****************************************************************************
3749 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3750 ****************************************************************************/
3752 void reply_writebraw(struct smb_request *req)
3754 connection_struct *conn = req->conn;
3757 ssize_t total_written=0;
3758 size_t numtowrite=0;
3764 struct lock_struct lock;
3767 START_PROFILE(SMBwritebraw);
3770 * If we ever reply with an error, it must have the SMB command
3771 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3774 SCVAL(req->inbuf,smb_com,SMBwritec);
3776 if (srv_is_signing_active(smbd_server_conn)) {
3777 END_PROFILE(SMBwritebraw);
3778 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3779 "raw reads/writes are disallowed.");
3782 if (req->wct < 12) {
3783 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3784 error_to_writebrawerr(req);
3785 END_PROFILE(SMBwritebraw);
3789 if (smbd_server_conn->smb1.echo_handler.trusted_fde) {
3790 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
3791 "'async smb echo handler = yes'\n"));
3792 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3793 error_to_writebrawerr(req);
3794 END_PROFILE(SMBwritebraw);
3798 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3799 if (!check_fsp(conn, req, fsp)) {
3800 error_to_writebrawerr(req);
3801 END_PROFILE(SMBwritebraw);
3805 if (!CHECK_WRITE(fsp)) {
3806 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3807 error_to_writebrawerr(req);
3808 END_PROFILE(SMBwritebraw);
3812 tcount = IVAL(req->vwv+1, 0);
3813 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3814 write_through = BITSETW(req->vwv+7,0);
3816 /* We have to deal with slightly different formats depending
3817 on whether we are using the core+ or lanman1.0 protocol */
3819 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3820 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3821 data = smb_buf(req->inbuf);
3823 numtowrite = SVAL(req->vwv+10, 0);
3824 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3827 /* Ensure we don't write bytes past the end of this packet. */
3828 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3829 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3830 error_to_writebrawerr(req);
3831 END_PROFILE(SMBwritebraw);
3835 if (!fsp->print_file) {
3836 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3837 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3840 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3841 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3842 error_to_writebrawerr(req);
3843 END_PROFILE(SMBwritebraw);
3849 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3852 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3853 "wrote=%d sync=%d\n",
3854 fsp->fnum, (double)startpos, (int)numtowrite,
3855 (int)nwritten, (int)write_through));
3857 if (nwritten < (ssize_t)numtowrite) {
3858 reply_nterror(req, NT_STATUS_DISK_FULL);
3859 error_to_writebrawerr(req);
3863 total_written = nwritten;
3865 /* Allocate a buffer of 64k + length. */
3866 buf = TALLOC_ARRAY(NULL, char, 65540);
3868 reply_nterror(req, NT_STATUS_NO_MEMORY);
3869 error_to_writebrawerr(req);
3873 /* Return a SMBwritebraw message to the redirector to tell
3874 * it to send more bytes */
3876 memcpy(buf, req->inbuf, smb_size);
3877 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
3878 SCVAL(buf,smb_com,SMBwritebraw);
3879 SSVALS(buf,smb_vwv0,0xFFFF);
3881 if (!srv_send_smb(smbd_server_fd(),
3883 false, 0, /* no signing */
3884 IS_CONN_ENCRYPTED(conn),
3886 exit_server_cleanly("reply_writebraw: srv_send_smb "
3890 /* Now read the raw data into the buffer and write it */
3891 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3893 if (!NT_STATUS_IS_OK(status)) {
3894 exit_server_cleanly("secondary writebraw failed");
3897 /* Set up outbuf to return the correct size */
3898 reply_outbuf(req, 1, 0);
3900 if (numtowrite != 0) {
3902 if (numtowrite > 0xFFFF) {
3903 DEBUG(0,("reply_writebraw: Oversize secondary write "
3904 "raw requested (%u). Terminating\n",
3905 (unsigned int)numtowrite ));
3906 exit_server_cleanly("secondary writebraw failed");
3909 if (tcount > nwritten+numtowrite) {
3910 DEBUG(3,("reply_writebraw: Client overestimated the "
3912 (int)tcount,(int)nwritten,(int)numtowrite));
3915 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3917 if (!NT_STATUS_IS_OK(status)) {
3918 DEBUG(0,("reply_writebraw: Oversize secondary write "
3919 "raw read failed (%s). Terminating\n",
3920 nt_errstr(status)));
3921 exit_server_cleanly("secondary writebraw failed");
3924 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3925 if (nwritten == -1) {
3927 reply_nterror(req, map_nt_error_from_unix(errno));
3928 error_to_writebrawerr(req);
3932 if (nwritten < (ssize_t)numtowrite) {
3933 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3934 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3938 total_written += nwritten;
3943 SSVAL(req->outbuf,smb_vwv0,total_written);
3945 status = sync_file(conn, fsp, write_through);
3946 if (!NT_STATUS_IS_OK(status)) {
3947 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3948 fsp_str_dbg(fsp), nt_errstr(status)));
3949 reply_nterror(req, status);
3950 error_to_writebrawerr(req);
3954 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3956 fsp->fnum, (double)startpos, (int)numtowrite,
3957 (int)total_written));
3959 if (!fsp->print_file) {
3960 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3963 /* We won't return a status if write through is not selected - this
3964 * follows what WfWg does */
3965 END_PROFILE(SMBwritebraw);
3967 if (!write_through && total_written==tcount) {
3969 #if RABBIT_PELLET_FIX
3971 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3972 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3975 if (!send_keepalive(smbd_server_fd())) {
3976 exit_server_cleanly("reply_writebraw: send of "
3977 "keepalive failed");
3980 TALLOC_FREE(req->outbuf);
3985 if (!fsp->print_file) {
3986 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3989 END_PROFILE(SMBwritebraw);
3994 #define DBGC_CLASS DBGC_LOCKING
3996 /****************************************************************************
3997 Reply to a writeunlock (core+).
3998 ****************************************************************************/
4000 void reply_writeunlock(struct smb_request *req)
4002 connection_struct *conn = req->conn;
4003 ssize_t nwritten = -1;
4007 NTSTATUS status = NT_STATUS_OK;
4009 struct lock_struct lock;
4010 int saved_errno = 0;
4012 START_PROFILE(SMBwriteunlock);
4015 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4016 END_PROFILE(SMBwriteunlock);
4020 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4022 if (!check_fsp(conn, req, fsp)) {
4023 END_PROFILE(SMBwriteunlock);
4027 if (!CHECK_WRITE(fsp)) {
4028 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4029 END_PROFILE(SMBwriteunlock);
4033 numtowrite = SVAL(req->vwv+1, 0);
4034 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4035 data = (const char *)req->buf + 3;
4037 if (!fsp->print_file && numtowrite > 0) {
4038 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4039 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4042 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4043 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4044 END_PROFILE(SMBwriteunlock);
4049 /* The special X/Open SMB protocol handling of
4050 zero length writes is *NOT* done for
4052 if(numtowrite == 0) {
4055 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4056 saved_errno = errno;
4059 status = sync_file(conn, fsp, False /* write through */);
4060 if (!NT_STATUS_IS_OK(status)) {
4061 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4062 fsp_str_dbg(fsp), nt_errstr(status)));
4063 reply_nterror(req, status);
4068 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4072 if((nwritten < numtowrite) && (numtowrite != 0)) {
4073 reply_nterror(req, NT_STATUS_DISK_FULL);
4077 if (numtowrite && !fsp->print_file) {
4078 status = do_unlock(smbd_messaging_context(),
4080 (uint64_t)req->smbpid,
4081 (uint64_t)numtowrite,
4085 if (NT_STATUS_V(status)) {
4086 reply_nterror(req, status);
4091 reply_outbuf(req, 1, 0);
4093 SSVAL(req->outbuf,smb_vwv0,nwritten);
4095 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4096 fsp->fnum, (int)numtowrite, (int)nwritten));
4099 if (numtowrite && !fsp->print_file) {
4100 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4103 END_PROFILE(SMBwriteunlock);
4108 #define DBGC_CLASS DBGC_ALL
4110 /****************************************************************************
4112 ****************************************************************************/
4114 void reply_write(struct smb_request *req)
4116 connection_struct *conn = req->conn;
4118 ssize_t nwritten = -1;
4122 struct lock_struct lock;
4124 int saved_errno = 0;
4126 START_PROFILE(SMBwrite);
4129 END_PROFILE(SMBwrite);
4130 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4134 /* If it's an IPC, pass off the pipe handler. */
4136 reply_pipe_write(req);
4137 END_PROFILE(SMBwrite);
4141 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4143 if (!check_fsp(conn, req, fsp)) {
4144 END_PROFILE(SMBwrite);
4148 if (!CHECK_WRITE(fsp)) {
4149 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4150 END_PROFILE(SMBwrite);
4154 numtowrite = SVAL(req->vwv+1, 0);
4155 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4156 data = (const char *)req->buf + 3;
4158 if (!fsp->print_file) {
4159 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4160 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4163 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4164 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4165 END_PROFILE(SMBwrite);
4171 * X/Open SMB protocol says that if smb_vwv1 is
4172 * zero then the file size should be extended or
4173 * truncated to the size given in smb_vwv[2-3].
4176 if(numtowrite == 0) {
4178 * This is actually an allocate call, and set EOF. JRA.
4180 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4182 reply_nterror(req, NT_STATUS_DISK_FULL);
4185 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4187 reply_nterror(req, NT_STATUS_DISK_FULL);
4190 trigger_write_time_update_immediate(fsp);
4192 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4195 status = sync_file(conn, fsp, False);
4196 if (!NT_STATUS_IS_OK(status)) {
4197 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4198 fsp_str_dbg(fsp), nt_errstr(status)));
4199 reply_nterror(req, status);
4204 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4208 if((nwritten == 0) && (numtowrite != 0)) {
4209 reply_nterror(req, NT_STATUS_DISK_FULL);
4213 reply_outbuf(req, 1, 0);
4215 SSVAL(req->outbuf,smb_vwv0,nwritten);
4217 if (nwritten < (ssize_t)numtowrite) {
4218 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4219 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4222 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4225 if (!fsp->print_file) {
4226 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4229 END_PROFILE(SMBwrite);
4233 /****************************************************************************
4234 Ensure a buffer is a valid writeX for recvfile purposes.
4235 ****************************************************************************/
4237 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4238 (2*14) + /* word count (including bcc) */ \
4241 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4244 connection_struct *conn = NULL;
4245 unsigned int doff = 0;
4246 size_t len = smb_len_large(inbuf);
4247 struct smbd_server_connection *sconn = smbd_server_conn;
4249 if (is_encrypted_packet(inbuf)) {
4250 /* Can't do this on encrypted
4255 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4259 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4260 CVAL(inbuf,smb_wct) != 14) {
4261 DEBUG(10,("is_valid_writeX_buffer: chained or "
4262 "invalid word length.\n"));
4266 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4268 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4272 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4275 if (IS_PRINT(conn)) {
4276 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4279 doff = SVAL(inbuf,smb_vwv11);
4281 numtowrite = SVAL(inbuf,smb_vwv10);
4283 if (len > doff && len - doff > 0xFFFF) {
4284 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4287 if (numtowrite == 0) {
4288 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4292 /* Ensure the sizes match up. */
4293 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4294 /* no pad byte...old smbclient :-( */
4295 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4297 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4301 if (len - doff != numtowrite) {
4302 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4303 "len = %u, doff = %u, numtowrite = %u\n",
4306 (unsigned int)numtowrite ));
4310 DEBUG(10,("is_valid_writeX_buffer: true "
4311 "len = %u, doff = %u, numtowrite = %u\n",
4314 (unsigned int)numtowrite ));
4319 /****************************************************************************
4320 Reply to a write and X.
4321 ****************************************************************************/
4323 void reply_write_and_X(struct smb_request *req)
4325 connection_struct *conn = req->conn;
4327 struct lock_struct lock;
4332 unsigned int smb_doff;
4333 unsigned int smblen;
4336 int saved_errno = 0;
4338 START_PROFILE(SMBwriteX);
4340 if ((req->wct != 12) && (req->wct != 14)) {
4341 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4342 END_PROFILE(SMBwriteX);
4346 numtowrite = SVAL(req->vwv+10, 0);
4347 smb_doff = SVAL(req->vwv+11, 0);
4348 smblen = smb_len(req->inbuf);
4350 if (req->unread_bytes > 0xFFFF ||
4351 (smblen > smb_doff &&
4352 smblen - smb_doff > 0xFFFF)) {
4353 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4356 if (req->unread_bytes) {
4357 /* Can't do a recvfile write on IPC$ */
4359 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4360 END_PROFILE(SMBwriteX);
4363 if (numtowrite != req->unread_bytes) {
4364 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4365 END_PROFILE(SMBwriteX);
4369 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4370 smb_doff + numtowrite > smblen) {
4371 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4372 END_PROFILE(SMBwriteX);
4377 /* If it's an IPC, pass off the pipe handler. */
4379 if (req->unread_bytes) {
4380 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4381 END_PROFILE(SMBwriteX);
4384 reply_pipe_write_and_X(req);
4385 END_PROFILE(SMBwriteX);
4389 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4390 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4391 write_through = BITSETW(req->vwv+7,0);
4393 if (!check_fsp(conn, req, fsp)) {
4394 END_PROFILE(SMBwriteX);
4398 if (!CHECK_WRITE(fsp)) {
4399 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4400 END_PROFILE(SMBwriteX);
4404 data = smb_base(req->inbuf) + smb_doff;
4406 if(req->wct == 14) {
4407 #ifdef LARGE_SMB_OFF_T
4409 * This is a large offset (64 bit) write.
4411 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4413 #else /* !LARGE_SMB_OFF_T */
4416 * Ensure we haven't been sent a >32 bit offset.
4419 if(IVAL(req->vwv+12, 0) != 0) {
4420 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4421 "used and we don't support 64 bit offsets.\n",
4422 (unsigned int)IVAL(req->vwv+12, 0) ));
4423 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4424 END_PROFILE(SMBwriteX);
4428 #endif /* LARGE_SMB_OFF_T */
4431 /* X/Open SMB protocol says that, unlike SMBwrite
4432 if the length is zero then NO truncation is
4433 done, just a write of zero. To truncate a file,
4436 if(numtowrite == 0) {
4439 if (req->unread_bytes == 0) {
4440 status = schedule_aio_write_and_X(conn,
4447 if (NT_STATUS_IS_OK(status)) {
4448 /* write scheduled - we're done. */
4451 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4452 /* Real error - report to client. */
4453 reply_nterror(req, status);
4456 /* NT_STATUS_RETRY - fall through to sync write. */
4459 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4460 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4463 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4464 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4468 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4469 saved_errno = errno;
4471 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4475 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4479 if((nwritten == 0) && (numtowrite != 0)) {
4480 reply_nterror(req, NT_STATUS_DISK_FULL);
4484 reply_outbuf(req, 6, 0);
4485 SSVAL(req->outbuf,smb_vwv2,nwritten);
4486 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4488 if (nwritten < (ssize_t)numtowrite) {
4489 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4490 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4493 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4494 fsp->fnum, (int)numtowrite, (int)nwritten));
4496 status = sync_file(conn, fsp, write_through);
4497 if (!NT_STATUS_IS_OK(status)) {
4498 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4499 fsp_str_dbg(fsp), nt_errstr(status)));
4500 reply_nterror(req, status);
4504 END_PROFILE(SMBwriteX);
4509 END_PROFILE(SMBwriteX);
4513 /****************************************************************************
4515 ****************************************************************************/
4517 void reply_lseek(struct smb_request *req)
4519 connection_struct *conn = req->conn;
4525 START_PROFILE(SMBlseek);
4528 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4529 END_PROFILE(SMBlseek);
4533 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4535 if (!check_fsp(conn, req, fsp)) {
4539 flush_write_cache(fsp, SEEK_FLUSH);
4541 mode = SVAL(req->vwv+1, 0) & 3;
4542 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4543 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4552 res = fsp->fh->pos + startpos;
4563 if (umode == SEEK_END) {
4564 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4565 if(errno == EINVAL) {
4566 SMB_OFF_T current_pos = startpos;
4568 if(fsp_stat(fsp) == -1) {
4570 map_nt_error_from_unix(errno));
4571 END_PROFILE(SMBlseek);
4575 current_pos += fsp->fsp_name->st.st_ex_size;
4577 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4582 reply_nterror(req, map_nt_error_from_unix(errno));
4583 END_PROFILE(SMBlseek);
4590 reply_outbuf(req, 2, 0);
4591 SIVAL(req->outbuf,smb_vwv0,res);
4593 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4594 fsp->fnum, (double)startpos, (double)res, mode));
4596 END_PROFILE(SMBlseek);
4600 /****************************************************************************
4602 ****************************************************************************/
4604 void reply_flush(struct smb_request *req)
4606 connection_struct *conn = req->conn;
4610 START_PROFILE(SMBflush);
4613 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4617 fnum = SVAL(req->vwv+0, 0);
4618 fsp = file_fsp(req, fnum);
4620 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4625 file_sync_all(conn);
4627 NTSTATUS status = sync_file(conn, fsp, True);
4628 if (!NT_STATUS_IS_OK(status)) {
4629 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4630 fsp_str_dbg(fsp), nt_errstr(status)));
4631 reply_nterror(req, status);
4632 END_PROFILE(SMBflush);
4637 reply_outbuf(req, 0, 0);
4639 DEBUG(3,("flush\n"));
4640 END_PROFILE(SMBflush);
4644 /****************************************************************************
4646 conn POINTER CAN BE NULL HERE !
4647 ****************************************************************************/
4649 void reply_exit(struct smb_request *req)
4651 START_PROFILE(SMBexit);
4653 file_close_pid(req->smbpid, req->vuid);
4655 reply_outbuf(req, 0, 0);
4657 DEBUG(3,("exit\n"));
4659 END_PROFILE(SMBexit);
4663 /****************************************************************************
4664 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4665 ****************************************************************************/
4667 void reply_close(struct smb_request *req)
4669 connection_struct *conn = req->conn;
4670 NTSTATUS status = NT_STATUS_OK;
4671 files_struct *fsp = NULL;
4672 START_PROFILE(SMBclose);
4675 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4676 END_PROFILE(SMBclose);
4680 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4683 * We can only use check_fsp if we know it's not a directory.
4686 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4687 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
4688 END_PROFILE(SMBclose);
4692 if(fsp->is_directory) {
4694 * Special case - close NT SMB directory handle.
4696 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4697 status = close_file(req, fsp, NORMAL_CLOSE);
4701 * Close ordinary file.
4704 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4705 fsp->fh->fd, fsp->fnum,
4706 conn->num_files_open));
4709 * Take care of any time sent in the close.
4712 t = srv_make_unix_date3(req->vwv+1);
4713 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4716 * close_file() returns the unix errno if an error
4717 * was detected on close - normally this is due to
4718 * a disk full error. If not then it was probably an I/O error.
4721 status = close_file(req, fsp, NORMAL_CLOSE);
4724 if (!NT_STATUS_IS_OK(status)) {
4725 reply_nterror(req, status);
4726 END_PROFILE(SMBclose);
4730 reply_outbuf(req, 0, 0);
4731 END_PROFILE(SMBclose);
4735 /****************************************************************************
4736 Reply to a writeclose (Core+ protocol).
4737 ****************************************************************************/
4739 void reply_writeclose(struct smb_request *req)
4741 connection_struct *conn = req->conn;
4743 ssize_t nwritten = -1;
4744 NTSTATUS close_status = NT_STATUS_OK;
4747 struct timespec mtime;
4749 struct lock_struct lock;
4751 START_PROFILE(SMBwriteclose);
4754 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4755 END_PROFILE(SMBwriteclose);
4759 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4761 if (!check_fsp(conn, req, fsp)) {
4762 END_PROFILE(SMBwriteclose);
4765 if (!CHECK_WRITE(fsp)) {
4766 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4767 END_PROFILE(SMBwriteclose);
4771 numtowrite = SVAL(req->vwv+1, 0);
4772 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4773 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4774 data = (const char *)req->buf + 1;
4776 if (!fsp->print_file) {
4777 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4778 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4781 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4782 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4783 END_PROFILE(SMBwriteclose);
4788 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4790 set_close_write_time(fsp, mtime);
4793 * More insanity. W2K only closes the file if writelen > 0.
4798 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4799 "file %s\n", fsp_str_dbg(fsp)));
4800 close_status = close_file(req, fsp, NORMAL_CLOSE);
4803 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4804 fsp->fnum, (int)numtowrite, (int)nwritten,
4805 conn->num_files_open));
4807 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4808 reply_nterror(req, NT_STATUS_DISK_FULL);
4812 if(!NT_STATUS_IS_OK(close_status)) {
4813 reply_nterror(req, close_status);
4817 reply_outbuf(req, 1, 0);
4819 SSVAL(req->outbuf,smb_vwv0,nwritten);
4822 if (numtowrite && !fsp->print_file) {
4823 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4826 END_PROFILE(SMBwriteclose);
4831 #define DBGC_CLASS DBGC_LOCKING
4833 /****************************************************************************
4835 ****************************************************************************/
4837 void reply_lock(struct smb_request *req)
4839 connection_struct *conn = req->conn;
4840 uint64_t count,offset;
4843 struct byte_range_lock *br_lck = NULL;
4845 START_PROFILE(SMBlock);
4848 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4849 END_PROFILE(SMBlock);
4853 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4855 if (!check_fsp(conn, req, fsp)) {
4856 END_PROFILE(SMBlock);
4860 count = (uint64_t)IVAL(req->vwv+1, 0);
4861 offset = (uint64_t)IVAL(req->vwv+3, 0);
4863 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4864 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4866 br_lck = do_lock(smbd_messaging_context(),
4868 (uint64_t)req->smbpid,
4873 False, /* Non-blocking lock. */
4878 TALLOC_FREE(br_lck);
4880 if (NT_STATUS_V(status)) {
4881 reply_nterror(req, status);
4882 END_PROFILE(SMBlock);
4886 reply_outbuf(req, 0, 0);
4888 END_PROFILE(SMBlock);
4892 /****************************************************************************
4894 ****************************************************************************/
4896 void reply_unlock(struct smb_request *req)
4898 connection_struct *conn = req->conn;
4899 uint64_t count,offset;
4903 START_PROFILE(SMBunlock);
4906 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4907 END_PROFILE(SMBunlock);
4911 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4913 if (!check_fsp(conn, req, fsp)) {
4914 END_PROFILE(SMBunlock);
4918 count = (uint64_t)IVAL(req->vwv+1, 0);
4919 offset = (uint64_t)IVAL(req->vwv+3, 0);
4921 status = do_unlock(smbd_messaging_context(),
4923 (uint64_t)req->smbpid,
4928 if (NT_STATUS_V(status)) {
4929 reply_nterror(req, status);
4930 END_PROFILE(SMBunlock);
4934 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4935 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4937 reply_outbuf(req, 0, 0);
4939 END_PROFILE(SMBunlock);
4944 #define DBGC_CLASS DBGC_ALL
4946 /****************************************************************************
4948 conn POINTER CAN BE NULL HERE !
4949 ****************************************************************************/
4951 void reply_tdis(struct smb_request *req)
4953 connection_struct *conn = req->conn;
4954 START_PROFILE(SMBtdis);
4957 DEBUG(4,("Invalid connection in tdis\n"));
4958 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
4959 END_PROFILE(SMBtdis);
4965 close_cnum(conn,req->vuid);
4968 reply_outbuf(req, 0, 0);
4969 END_PROFILE(SMBtdis);
4973 /****************************************************************************
4975 conn POINTER CAN BE NULL HERE !
4976 ****************************************************************************/
4978 void reply_echo(struct smb_request *req)
4980 connection_struct *conn = req->conn;
4981 struct smb_perfcount_data local_pcd;
4982 struct smb_perfcount_data *cur_pcd;
4986 START_PROFILE(SMBecho);
4988 smb_init_perfcount_data(&local_pcd);
4991 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4992 END_PROFILE(SMBecho);
4996 smb_reverb = SVAL(req->vwv+0, 0);
4998 reply_outbuf(req, 1, req->buflen);
5000 /* copy any incoming data back out */
5001 if (req->buflen > 0) {
5002 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5005 if (smb_reverb > 100) {
5006 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5010 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5012 /* this makes sure we catch the request pcd */
5013 if (seq_num == smb_reverb) {
5014 cur_pcd = &req->pcd;
5016 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5017 cur_pcd = &local_pcd;
5020 SSVAL(req->outbuf,smb_vwv0,seq_num);
5022 show_msg((char *)req->outbuf);
5023 if (!srv_send_smb(smbd_server_fd(),
5024 (char *)req->outbuf,
5025 true, req->seqnum+1,
5026 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5028 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5031 DEBUG(3,("echo %d times\n", smb_reverb));
5033 TALLOC_FREE(req->outbuf);
5035 END_PROFILE(SMBecho);
5039 /****************************************************************************
5040 Reply to a printopen.
5041 ****************************************************************************/
5043 void reply_printopen(struct smb_request *req)
5045 connection_struct *conn = req->conn;
5049 START_PROFILE(SMBsplopen);
5052 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5053 END_PROFILE(SMBsplopen);
5057 if (!CAN_PRINT(conn)) {
5058 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5059 END_PROFILE(SMBsplopen);
5063 status = file_new(req, conn, &fsp);
5064 if(!NT_STATUS_IS_OK(status)) {
5065 reply_nterror(req, status);
5066 END_PROFILE(SMBsplopen);
5070 /* Open for exclusive use, write only. */
5071 status = print_fsp_open(req, conn, NULL, req->vuid, fsp);
5073 if (!NT_STATUS_IS_OK(status)) {
5074 file_free(req, fsp);
5075 reply_nterror(req, status);
5076 END_PROFILE(SMBsplopen);
5080 reply_outbuf(req, 1, 0);
5081 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5083 DEBUG(3,("openprint fd=%d fnum=%d\n",
5084 fsp->fh->fd, fsp->fnum));
5086 END_PROFILE(SMBsplopen);
5090 /****************************************************************************
5091 Reply to a printclose.
5092 ****************************************************************************/
5094 void reply_printclose(struct smb_request *req)
5096 connection_struct *conn = req->conn;
5100 START_PROFILE(SMBsplclose);
5103 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5104 END_PROFILE(SMBsplclose);
5108 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5110 if (!check_fsp(conn, req, fsp)) {
5111 END_PROFILE(SMBsplclose);
5115 if (!CAN_PRINT(conn)) {
5116 reply_force_doserror(req, ERRSRV, ERRerror);
5117 END_PROFILE(SMBsplclose);
5121 DEBUG(3,("printclose fd=%d fnum=%d\n",
5122 fsp->fh->fd,fsp->fnum));
5124 status = close_file(req, fsp, NORMAL_CLOSE);
5126 if(!NT_STATUS_IS_OK(status)) {
5127 reply_nterror(req, status);
5128 END_PROFILE(SMBsplclose);
5132 reply_outbuf(req, 0, 0);
5134 END_PROFILE(SMBsplclose);
5138 /****************************************************************************
5139 Reply to a printqueue.
5140 ****************************************************************************/
5142 void reply_printqueue(struct smb_request *req)
5144 connection_struct *conn = req->conn;
5148 START_PROFILE(SMBsplretq);
5151 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5152 END_PROFILE(SMBsplretq);
5156 max_count = SVAL(req->vwv+0, 0);
5157 start_index = SVAL(req->vwv+1, 0);
5159 /* we used to allow the client to get the cnum wrong, but that
5160 is really quite gross and only worked when there was only
5161 one printer - I think we should now only accept it if they
5162 get it right (tridge) */
5163 if (!CAN_PRINT(conn)) {
5164 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5165 END_PROFILE(SMBsplretq);
5169 reply_outbuf(req, 2, 3);
5170 SSVAL(req->outbuf,smb_vwv0,0);
5171 SSVAL(req->outbuf,smb_vwv1,0);
5172 SCVAL(smb_buf(req->outbuf),0,1);
5173 SSVAL(smb_buf(req->outbuf),1,0);
5175 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5176 start_index, max_count));
5179 print_queue_struct *queue = NULL;
5180 print_status_struct status;
5181 int count = print_queue_status(SNUM(conn), &queue, &status);
5182 int num_to_get = ABS(max_count);
5183 int first = (max_count>0?start_index:start_index+max_count+1);
5189 num_to_get = MIN(num_to_get,count-first);
5192 for (i=first;i<first+num_to_get;i++) {
5196 srv_put_dos_date2(p,0,queue[i].time);
5197 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5198 SSVAL(p,5, queue[i].job);
5199 SIVAL(p,7,queue[i].size);
5201 srvstr_push(blob, req->flags2, p+12,
5202 queue[i].fs_user, 16, STR_ASCII);
5204 if (message_push_blob(
5207 blob, sizeof(blob))) == -1) {
5208 reply_nterror(req, NT_STATUS_NO_MEMORY);
5209 END_PROFILE(SMBsplretq);
5215 SSVAL(req->outbuf,smb_vwv0,count);
5216 SSVAL(req->outbuf,smb_vwv1,
5217 (max_count>0?first+count:first-1));
5218 SCVAL(smb_buf(req->outbuf),0,1);
5219 SSVAL(smb_buf(req->outbuf),1,28*count);
5224 DEBUG(3,("%d entries returned in queue\n",count));
5227 END_PROFILE(SMBsplretq);
5231 /****************************************************************************
5232 Reply to a printwrite.
5233 ****************************************************************************/
5235 void reply_printwrite(struct smb_request *req)
5237 connection_struct *conn = req->conn;
5242 START_PROFILE(SMBsplwr);
5245 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5246 END_PROFILE(SMBsplwr);
5250 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5252 if (!check_fsp(conn, req, fsp)) {
5253 END_PROFILE(SMBsplwr);
5257 if (!CAN_PRINT(conn)) {
5258 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5259 END_PROFILE(SMBsplwr);
5263 if (!CHECK_WRITE(fsp)) {
5264 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5265 END_PROFILE(SMBsplwr);
5269 numtowrite = SVAL(req->buf, 1);
5271 if (req->buflen < numtowrite + 3) {
5272 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5273 END_PROFILE(SMBsplwr);
5277 data = (const char *)req->buf + 3;
5279 if (write_file(req,fsp,data,(SMB_OFF_T)-1,numtowrite) != numtowrite) {
5280 reply_nterror(req, map_nt_error_from_unix(errno));
5281 END_PROFILE(SMBsplwr);
5285 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5287 END_PROFILE(SMBsplwr);
5291 /****************************************************************************
5293 ****************************************************************************/
5295 void reply_mkdir(struct smb_request *req)
5297 connection_struct *conn = req->conn;
5298 struct smb_filename *smb_dname = NULL;
5299 char *directory = NULL;
5301 TALLOC_CTX *ctx = talloc_tos();
5303 START_PROFILE(SMBmkdir);
5305 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5306 STR_TERMINATE, &status);
5307 if (!NT_STATUS_IS_OK(status)) {
5308 reply_nterror(req, status);
5312 status = filename_convert(ctx, conn,
5313 req->flags2 & FLAGS2_DFS_PATHNAMES,
5318 if (!NT_STATUS_IS_OK(status)) {
5319 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5320 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5321 ERRSRV, ERRbadpath);
5324 reply_nterror(req, status);
5328 status = create_directory(conn, req, smb_dname);
5330 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5332 if (!NT_STATUS_IS_OK(status)) {
5334 if (!use_nt_status()
5335 && NT_STATUS_EQUAL(status,
5336 NT_STATUS_OBJECT_NAME_COLLISION)) {
5338 * Yes, in the DOS error code case we get a
5339 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5340 * samba4 torture test.
5342 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5345 reply_nterror(req, status);
5349 reply_outbuf(req, 0, 0);
5351 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5353 TALLOC_FREE(smb_dname);
5354 END_PROFILE(SMBmkdir);
5358 /****************************************************************************
5360 ****************************************************************************/
5362 void reply_rmdir(struct smb_request *req)
5364 connection_struct *conn = req->conn;
5365 struct smb_filename *smb_dname = NULL;
5366 char *directory = NULL;
5368 TALLOC_CTX *ctx = talloc_tos();
5369 files_struct *fsp = NULL;
5371 struct smbd_server_connection *sconn = smbd_server_conn;
5373 START_PROFILE(SMBrmdir);
5375 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5376 STR_TERMINATE, &status);
5377 if (!NT_STATUS_IS_OK(status)) {
5378 reply_nterror(req, status);
5382 status = filename_convert(ctx, conn,
5383 req->flags2 & FLAGS2_DFS_PATHNAMES,
5388 if (!NT_STATUS_IS_OK(status)) {
5389 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5390 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5391 ERRSRV, ERRbadpath);
5394 reply_nterror(req, status);
5398 if (is_ntfs_stream_smb_fname(smb_dname)) {
5399 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5403 status = SMB_VFS_CREATE_FILE(
5406 0, /* root_dir_fid */
5407 smb_dname, /* fname */
5408 DELETE_ACCESS, /* access_mask */
5409 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5411 FILE_OPEN, /* create_disposition*/
5412 FILE_DIRECTORY_FILE, /* create_options */
5413 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5414 0, /* oplock_request */
5415 0, /* allocation_size */
5416 0, /* private_flags */
5422 if (!NT_STATUS_IS_OK(status)) {
5423 if (open_was_deferred(req->mid)) {
5424 /* We have re-scheduled this call. */
5427 reply_nterror(req, status);
5431 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5432 if (!NT_STATUS_IS_OK(status)) {
5433 close_file(req, fsp, ERROR_CLOSE);
5434 reply_nterror(req, status);
5438 if (!set_delete_on_close(fsp, true, &conn->server_info->utok)) {
5439 close_file(req, fsp, ERROR_CLOSE);
5440 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5444 status = close_file(req, fsp, NORMAL_CLOSE);
5445 if (!NT_STATUS_IS_OK(status)) {
5446 reply_nterror(req, status);
5448 reply_outbuf(req, 0, 0);
5451 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5453 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5455 TALLOC_FREE(smb_dname);
5456 END_PROFILE(SMBrmdir);
5460 /*******************************************************************
5461 Resolve wildcards in a filename rename.
5462 ********************************************************************/
5464 static bool resolve_wildcards(TALLOC_CTX *ctx,
5469 char *name2_copy = NULL;
5474 char *p,*p2, *pname1, *pname2;
5476 name2_copy = talloc_strdup(ctx, name2);
5481 pname1 = strrchr_m(name1,'/');
5482 pname2 = strrchr_m(name2_copy,'/');
5484 if (!pname1 || !pname2) {
5488 /* Truncate the copy of name2 at the last '/' */
5491 /* Now go past the '/' */
5495 root1 = talloc_strdup(ctx, pname1);
5496 root2 = talloc_strdup(ctx, pname2);
5498 if (!root1 || !root2) {
5502 p = strrchr_m(root1,'.');
5505 ext1 = talloc_strdup(ctx, p+1);
5507 ext1 = talloc_strdup(ctx, "");
5509 p = strrchr_m(root2,'.');
5512 ext2 = talloc_strdup(ctx, p+1);
5514 ext2 = talloc_strdup(ctx, "");
5517 if (!ext1 || !ext2) {
5525 /* Hmmm. Should this be mb-aware ? */
5528 } else if (*p2 == '*') {
5530 root2 = talloc_asprintf(ctx, "%s%s",
5549 /* Hmmm. Should this be mb-aware ? */
5552 } else if (*p2 == '*') {
5554 ext2 = talloc_asprintf(ctx, "%s%s",
5570 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5575 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5587 /****************************************************************************
5588 Ensure open files have their names updated. Updated to notify other smbd's
5590 ****************************************************************************/
5592 static void rename_open_files(connection_struct *conn,
5593 struct share_mode_lock *lck,
5594 const struct smb_filename *smb_fname_dst)
5597 bool did_rename = False;
5600 for(fsp = file_find_di_first(lck->id); fsp;
5601 fsp = file_find_di_next(fsp)) {
5602 /* fsp_name is a relative path under the fsp. To change this for other
5603 sharepaths we need to manipulate relative paths. */
5604 /* TODO - create the absolute path and manipulate the newname
5605 relative to the sharepath. */
5606 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5609 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5610 "(file_id %s) from %s -> %s\n", fsp->fnum,
5611 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5612 smb_fname_str_dbg(smb_fname_dst)));
5614 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5615 if (NT_STATUS_IS_OK(status)) {
5621 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5622 "for %s\n", file_id_string_tos(&lck->id),
5623 smb_fname_str_dbg(smb_fname_dst)));
5626 /* Send messages to all smbd's (not ourself) that the name has changed. */
5627 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5632 /****************************************************************************
5633 We need to check if the source path is a parent directory of the destination
5634 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5635 refuse the rename with a sharing violation. Under UNIX the above call can
5636 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5637 probably need to check that the client is a Windows one before disallowing
5638 this as a UNIX client (one with UNIX extensions) can know the source is a
5639 symlink and make this decision intelligently. Found by an excellent bug
5640 report from <AndyLiebman@aol.com>.
5641 ****************************************************************************/
5643 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5644 const struct smb_filename *smb_fname_dst)
5646 const char *psrc = smb_fname_src->base_name;
5647 const char *pdst = smb_fname_dst->base_name;
5650 if (psrc[0] == '.' && psrc[1] == '/') {
5653 if (pdst[0] == '.' && pdst[1] == '/') {
5656 if ((slen = strlen(psrc)) > strlen(pdst)) {
5659 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5663 * Do the notify calls from a rename
5666 static void notify_rename(connection_struct *conn, bool is_dir,
5667 const struct smb_filename *smb_fname_src,
5668 const struct smb_filename *smb_fname_dst)
5670 char *parent_dir_src = NULL;
5671 char *parent_dir_dst = NULL;
5674 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5675 : FILE_NOTIFY_CHANGE_FILE_NAME;
5677 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5678 &parent_dir_src, NULL) ||
5679 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5680 &parent_dir_dst, NULL)) {
5684 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5685 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5686 smb_fname_src->base_name);
5687 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5688 smb_fname_dst->base_name);
5691 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5692 smb_fname_src->base_name);
5693 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5694 smb_fname_dst->base_name);
5697 /* this is a strange one. w2k3 gives an additional event for
5698 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5699 files, but not directories */
5701 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5702 FILE_NOTIFY_CHANGE_ATTRIBUTES
5703 |FILE_NOTIFY_CHANGE_CREATION,
5704 smb_fname_dst->base_name);
5707 TALLOC_FREE(parent_dir_src);
5708 TALLOC_FREE(parent_dir_dst);
5711 /****************************************************************************
5712 Rename an open file - given an fsp.
5713 ****************************************************************************/
5715 NTSTATUS rename_internals_fsp(connection_struct *conn,
5717 const struct smb_filename *smb_fname_dst_in,
5719 bool replace_if_exists)
5721 TALLOC_CTX *ctx = talloc_tos();
5722 struct smb_filename *smb_fname_dst = NULL;
5723 NTSTATUS status = NT_STATUS_OK;
5724 struct share_mode_lock *lck = NULL;
5725 bool dst_exists, old_is_stream, new_is_stream;
5727 status = check_name(conn, smb_fname_dst_in->base_name);
5728 if (!NT_STATUS_IS_OK(status)) {
5732 /* Make a copy of the dst smb_fname structs */
5734 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5735 if (!NT_STATUS_IS_OK(status)) {
5739 /* Ensure the dst smb_fname contains a '/' */
5740 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5742 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5743 smb_fname_dst->base_name);
5745 status = NT_STATUS_NO_MEMORY;
5748 TALLOC_FREE(smb_fname_dst->base_name);
5749 smb_fname_dst->base_name = tmp;
5753 * Check for special case with case preserving and not
5754 * case sensitive. If the old last component differs from the original
5755 * last component only by case, then we should allow
5756 * the rename (user is trying to change the case of the
5759 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5760 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5761 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
5763 char *fname_dst_lcomp_base_mod = NULL;
5764 struct smb_filename *smb_fname_orig_lcomp = NULL;
5767 * Get the last component of the destination name. Note that
5768 * we guarantee that destination name contains a '/' character
5771 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5772 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5773 if (!fname_dst_lcomp_base_mod) {
5774 status = NT_STATUS_NO_MEMORY;
5779 * Create an smb_filename struct using the original last
5780 * component of the destination.
5782 status = create_synthetic_smb_fname_split(ctx,
5783 smb_fname_dst->original_lcomp, NULL,
5784 &smb_fname_orig_lcomp);
5785 if (!NT_STATUS_IS_OK(status)) {
5786 TALLOC_FREE(fname_dst_lcomp_base_mod);
5790 /* If the base names only differ by case, use original. */
5791 if(!strcsequal(fname_dst_lcomp_base_mod,
5792 smb_fname_orig_lcomp->base_name)) {
5795 * Replace the modified last component with the
5798 *last_slash = '\0'; /* Truncate at the '/' */
5799 tmp = talloc_asprintf(smb_fname_dst,
5801 smb_fname_dst->base_name,
5802 smb_fname_orig_lcomp->base_name);
5804 status = NT_STATUS_NO_MEMORY;
5805 TALLOC_FREE(fname_dst_lcomp_base_mod);
5806 TALLOC_FREE(smb_fname_orig_lcomp);
5809 TALLOC_FREE(smb_fname_dst->base_name);
5810 smb_fname_dst->base_name = tmp;
5813 /* If the stream_names only differ by case, use original. */
5814 if(!strcsequal(smb_fname_dst->stream_name,
5815 smb_fname_orig_lcomp->stream_name)) {
5817 /* Use the original stream. */
5818 tmp = talloc_strdup(smb_fname_dst,
5819 smb_fname_orig_lcomp->stream_name);
5821 status = NT_STATUS_NO_MEMORY;
5822 TALLOC_FREE(fname_dst_lcomp_base_mod);
5823 TALLOC_FREE(smb_fname_orig_lcomp);
5826 TALLOC_FREE(smb_fname_dst->stream_name);
5827 smb_fname_dst->stream_name = tmp;
5829 TALLOC_FREE(fname_dst_lcomp_base_mod);
5830 TALLOC_FREE(smb_fname_orig_lcomp);
5834 * If the src and dest names are identical - including case,
5835 * don't do the rename, just return success.
5838 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5839 strcsequal(fsp->fsp_name->stream_name,
5840 smb_fname_dst->stream_name)) {
5841 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
5842 "- returning success\n",
5843 smb_fname_str_dbg(smb_fname_dst)));
5844 status = NT_STATUS_OK;
5848 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
5849 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
5851 /* Return the correct error code if both names aren't streams. */
5852 if (!old_is_stream && new_is_stream) {
5853 status = NT_STATUS_OBJECT_NAME_INVALID;
5857 if (old_is_stream && !new_is_stream) {
5858 status = NT_STATUS_INVALID_PARAMETER;
5862 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
5864 if(!replace_if_exists && dst_exists) {
5865 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
5866 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5867 smb_fname_str_dbg(smb_fname_dst)));
5868 status = NT_STATUS_OBJECT_NAME_COLLISION;
5873 struct file_id fileid = vfs_file_id_from_sbuf(conn,
5874 &smb_fname_dst->st);
5875 files_struct *dst_fsp = file_find_di_first(fileid);
5876 /* The file can be open when renaming a stream */
5877 if (dst_fsp && !new_is_stream) {
5878 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5879 status = NT_STATUS_ACCESS_DENIED;
5884 /* Ensure we have a valid stat struct for the source. */
5885 status = vfs_stat_fsp(fsp);
5886 if (!NT_STATUS_IS_OK(status)) {
5890 status = can_rename(conn, fsp, attrs);
5892 if (!NT_STATUS_IS_OK(status)) {
5893 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5894 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5895 smb_fname_str_dbg(smb_fname_dst)));
5896 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5897 status = NT_STATUS_ACCESS_DENIED;
5901 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
5902 status = NT_STATUS_ACCESS_DENIED;
5905 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5909 * We have the file open ourselves, so not being able to get the
5910 * corresponding share mode lock is a fatal error.
5913 SMB_ASSERT(lck != NULL);
5915 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
5916 uint32 create_options = fsp->fh->private_options;
5918 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
5919 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5920 smb_fname_str_dbg(smb_fname_dst)));
5922 if (lp_map_archive(SNUM(conn)) ||
5923 lp_store_dos_attributes(SNUM(conn))) {
5924 /* We must set the archive bit on the newly
5926 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
5927 uint32_t old_dosmode = dos_mode(conn,
5929 file_set_dosmode(conn,
5931 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
5937 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
5940 rename_open_files(conn, lck, smb_fname_dst);
5943 * A rename acts as a new file create w.r.t. allowing an initial delete
5944 * on close, probably because in Windows there is a new handle to the
5945 * new file. If initial delete on close was requested but not
5946 * originally set, we need to set it here. This is probably not 100% correct,
5947 * but will work for the CIFSFS client which in non-posix mode
5948 * depends on these semantics. JRA.
5951 if (create_options & FILE_DELETE_ON_CLOSE) {
5952 status = can_set_delete_on_close(fsp, 0);
5954 if (NT_STATUS_IS_OK(status)) {
5955 /* Note that here we set the *inital* delete on close flag,
5956 * not the regular one. The magic gets handled in close. */
5957 fsp->initial_delete_on_close = True;
5961 status = NT_STATUS_OK;
5967 if (errno == ENOTDIR || errno == EISDIR) {
5968 status = NT_STATUS_OBJECT_NAME_COLLISION;
5970 status = map_nt_error_from_unix(errno);
5973 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5974 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5975 smb_fname_str_dbg(smb_fname_dst)));
5978 TALLOC_FREE(smb_fname_dst);
5983 /****************************************************************************
5984 The guts of the rename command, split out so it may be called by the NT SMB
5986 ****************************************************************************/
5988 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5989 connection_struct *conn,
5990 struct smb_request *req,
5991 struct smb_filename *smb_fname_src,
5992 struct smb_filename *smb_fname_dst,
5994 bool replace_if_exists,
5997 uint32_t access_mask)
5999 char *fname_src_dir = NULL;
6000 char *fname_src_mask = NULL;
6002 NTSTATUS status = NT_STATUS_OK;
6003 struct smb_Dir *dir_hnd = NULL;
6004 const char *dname = NULL;
6005 char *talloced = NULL;
6007 int create_options = 0;
6008 bool posix_pathnames = lp_posix_pathnames();
6011 * Split the old name into directory and last component
6012 * strings. Note that unix_convert may have stripped off a
6013 * leading ./ from both name and newname if the rename is
6014 * at the root of the share. We need to make sure either both
6015 * name and newname contain a / character or neither of them do
6016 * as this is checked in resolve_wildcards().
6019 /* Split up the directory from the filename/mask. */
6020 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6021 &fname_src_dir, &fname_src_mask);
6022 if (!NT_STATUS_IS_OK(status)) {
6023 status = NT_STATUS_NO_MEMORY;
6028 * We should only check the mangled cache
6029 * here if unix_convert failed. This means
6030 * that the path in 'mask' doesn't exist
6031 * on the file system and so we need to look
6032 * for a possible mangle. This patch from
6033 * Tine Smukavec <valentin.smukavec@hermes.si>.
6036 if (!VALID_STAT(smb_fname_src->st) &&
6037 mangle_is_mangled(fname_src_mask, conn->params)) {
6038 char *new_mask = NULL;
6039 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6042 TALLOC_FREE(fname_src_mask);
6043 fname_src_mask = new_mask;
6047 if (!src_has_wild) {
6051 * Only one file needs to be renamed. Append the mask back
6052 * onto the directory.
6054 TALLOC_FREE(smb_fname_src->base_name);
6055 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6059 if (!smb_fname_src->base_name) {
6060 status = NT_STATUS_NO_MEMORY;
6064 /* Ensure dst fname contains a '/' also */
6065 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
6067 tmp = talloc_asprintf(smb_fname_dst, "./%s",
6068 smb_fname_dst->base_name);
6070 status = NT_STATUS_NO_MEMORY;
6073 TALLOC_FREE(smb_fname_dst->base_name);
6074 smb_fname_dst->base_name = tmp;
6077 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6078 "case_preserve = %d, short case preserve = %d, "
6079 "directory = %s, newname = %s, "
6080 "last_component_dest = %s\n",
6081 conn->case_sensitive, conn->case_preserve,
6082 conn->short_case_preserve,
6083 smb_fname_str_dbg(smb_fname_src),
6084 smb_fname_str_dbg(smb_fname_dst),
6085 smb_fname_dst->original_lcomp));
6087 /* The dest name still may have wildcards. */
6088 if (dest_has_wild) {
6089 char *fname_dst_mod = NULL;
6090 if (!resolve_wildcards(smb_fname_dst,
6091 smb_fname_src->base_name,
6092 smb_fname_dst->base_name,
6094 DEBUG(6, ("rename_internals: resolve_wildcards "
6096 smb_fname_src->base_name,
6097 smb_fname_dst->base_name));
6098 status = NT_STATUS_NO_MEMORY;
6101 TALLOC_FREE(smb_fname_dst->base_name);
6102 smb_fname_dst->base_name = fname_dst_mod;
6105 ZERO_STRUCT(smb_fname_src->st);
6106 if (posix_pathnames) {
6107 SMB_VFS_LSTAT(conn, smb_fname_src);
6109 SMB_VFS_STAT(conn, smb_fname_src);
6112 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6113 create_options |= FILE_DIRECTORY_FILE;
6116 status = SMB_VFS_CREATE_FILE(
6119 0, /* root_dir_fid */
6120 smb_fname_src, /* fname */
6121 access_mask, /* access_mask */
6122 (FILE_SHARE_READ | /* share_access */
6124 FILE_OPEN, /* create_disposition*/
6125 create_options, /* create_options */
6126 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6127 0, /* oplock_request */
6128 0, /* allocation_size */
6129 0, /* private_flags */
6135 if (!NT_STATUS_IS_OK(status)) {
6136 DEBUG(3, ("Could not open rename source %s: %s\n",
6137 smb_fname_str_dbg(smb_fname_src),
6138 nt_errstr(status)));
6142 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6143 attrs, replace_if_exists);
6145 close_file(req, fsp, NORMAL_CLOSE);
6147 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6148 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6149 smb_fname_str_dbg(smb_fname_dst)));
6155 * Wildcards - process each file that matches.
6157 if (strequal(fname_src_mask, "????????.???")) {
6158 TALLOC_FREE(fname_src_mask);
6159 fname_src_mask = talloc_strdup(ctx, "*");
6160 if (!fname_src_mask) {
6161 status = NT_STATUS_NO_MEMORY;
6166 status = check_name(conn, fname_src_dir);
6167 if (!NT_STATUS_IS_OK(status)) {
6171 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6173 if (dir_hnd == NULL) {
6174 status = map_nt_error_from_unix(errno);
6178 status = NT_STATUS_NO_SUCH_FILE;
6180 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6181 * - gentest fix. JRA
6184 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6186 files_struct *fsp = NULL;
6187 char *destname = NULL;
6188 bool sysdir_entry = False;
6190 /* Quick check for "." and ".." */
6191 if (ISDOT(dname) || ISDOTDOT(dname)) {
6193 sysdir_entry = True;
6195 TALLOC_FREE(talloced);
6200 if (!is_visible_file(conn, fname_src_dir, dname,
6201 &smb_fname_src->st, false)) {
6202 TALLOC_FREE(talloced);
6206 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6207 TALLOC_FREE(talloced);
6212 status = NT_STATUS_OBJECT_NAME_INVALID;
6216 TALLOC_FREE(smb_fname_src->base_name);
6217 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6221 if (!smb_fname_src->base_name) {
6222 status = NT_STATUS_NO_MEMORY;
6226 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6227 smb_fname_dst->base_name,
6229 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6230 smb_fname_src->base_name, destname));
6231 TALLOC_FREE(talloced);
6235 status = NT_STATUS_NO_MEMORY;
6239 TALLOC_FREE(smb_fname_dst->base_name);
6240 smb_fname_dst->base_name = destname;
6242 ZERO_STRUCT(smb_fname_src->st);
6243 if (posix_pathnames) {
6244 SMB_VFS_LSTAT(conn, smb_fname_src);
6246 SMB_VFS_STAT(conn, smb_fname_src);
6251 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6252 create_options |= FILE_DIRECTORY_FILE;
6255 status = SMB_VFS_CREATE_FILE(
6258 0, /* root_dir_fid */
6259 smb_fname_src, /* fname */
6260 access_mask, /* access_mask */
6261 (FILE_SHARE_READ | /* share_access */
6263 FILE_OPEN, /* create_disposition*/
6264 create_options, /* create_options */
6265 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6266 0, /* oplock_request */
6267 0, /* allocation_size */
6268 0, /* private_flags */
6274 if (!NT_STATUS_IS_OK(status)) {
6275 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6276 "returned %s rename %s -> %s\n",
6278 smb_fname_str_dbg(smb_fname_src),
6279 smb_fname_str_dbg(smb_fname_dst)));
6283 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6285 if (!smb_fname_dst->original_lcomp) {
6286 status = NT_STATUS_NO_MEMORY;
6290 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6291 attrs, replace_if_exists);
6293 close_file(req, fsp, NORMAL_CLOSE);
6295 if (!NT_STATUS_IS_OK(status)) {
6296 DEBUG(3, ("rename_internals_fsp returned %s for "
6297 "rename %s -> %s\n", nt_errstr(status),
6298 smb_fname_str_dbg(smb_fname_src),
6299 smb_fname_str_dbg(smb_fname_dst)));
6305 DEBUG(3,("rename_internals: doing rename on %s -> "
6306 "%s\n", smb_fname_str_dbg(smb_fname_src),
6307 smb_fname_str_dbg(smb_fname_src)));
6308 TALLOC_FREE(talloced);
6310 TALLOC_FREE(dir_hnd);
6312 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6313 status = map_nt_error_from_unix(errno);
6317 TALLOC_FREE(talloced);
6318 TALLOC_FREE(fname_src_dir);
6319 TALLOC_FREE(fname_src_mask);
6323 /****************************************************************************
6325 ****************************************************************************/
6327 void reply_mv(struct smb_request *req)
6329 connection_struct *conn = req->conn;
6331 char *newname = NULL;
6335 bool src_has_wcard = False;
6336 bool dest_has_wcard = False;
6337 TALLOC_CTX *ctx = talloc_tos();
6338 struct smb_filename *smb_fname_src = NULL;
6339 struct smb_filename *smb_fname_dst = NULL;
6341 START_PROFILE(SMBmv);
6344 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6348 attrs = SVAL(req->vwv+0, 0);
6350 p = (const char *)req->buf + 1;
6351 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6352 &status, &src_has_wcard);
6353 if (!NT_STATUS_IS_OK(status)) {
6354 reply_nterror(req, status);
6358 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6359 &status, &dest_has_wcard);
6360 if (!NT_STATUS_IS_OK(status)) {
6361 reply_nterror(req, status);
6365 status = filename_convert(ctx,
6367 req->flags2 & FLAGS2_DFS_PATHNAMES,
6369 UCF_COND_ALLOW_WCARD_LCOMP,
6373 if (!NT_STATUS_IS_OK(status)) {
6374 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6375 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6376 ERRSRV, ERRbadpath);
6379 reply_nterror(req, status);
6383 status = filename_convert(ctx,
6385 req->flags2 & FLAGS2_DFS_PATHNAMES,
6387 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6391 if (!NT_STATUS_IS_OK(status)) {
6392 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6393 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6394 ERRSRV, ERRbadpath);
6397 reply_nterror(req, status);
6401 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6402 smb_fname_str_dbg(smb_fname_dst)));
6404 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6405 attrs, False, src_has_wcard, dest_has_wcard,
6407 if (!NT_STATUS_IS_OK(status)) {
6408 if (open_was_deferred(req->mid)) {
6409 /* We have re-scheduled this call. */
6412 reply_nterror(req, status);
6416 reply_outbuf(req, 0, 0);
6418 TALLOC_FREE(smb_fname_src);
6419 TALLOC_FREE(smb_fname_dst);
6424 /*******************************************************************
6425 Copy a file as part of a reply_copy.
6426 ******************************************************************/
6429 * TODO: check error codes on all callers
6432 NTSTATUS copy_file(TALLOC_CTX *ctx,
6433 connection_struct *conn,
6434 struct smb_filename *smb_fname_src,
6435 struct smb_filename *smb_fname_dst,
6438 bool target_is_directory)
6440 struct smb_filename *smb_fname_dst_tmp = NULL;
6442 files_struct *fsp1,*fsp2;
6444 uint32 new_create_disposition;
6448 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6449 if (!NT_STATUS_IS_OK(status)) {
6454 * If the target is a directory, extract the last component from the
6455 * src filename and append it to the dst filename
6457 if (target_is_directory) {
6460 /* dest/target can't be a stream if it's a directory. */
6461 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6463 p = strrchr_m(smb_fname_src->base_name,'/');
6467 p = smb_fname_src->base_name;
6469 smb_fname_dst_tmp->base_name =
6470 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6472 if (!smb_fname_dst_tmp->base_name) {
6473 status = NT_STATUS_NO_MEMORY;
6478 status = vfs_file_exist(conn, smb_fname_src);
6479 if (!NT_STATUS_IS_OK(status)) {
6483 if (!target_is_directory && count) {
6484 new_create_disposition = FILE_OPEN;
6486 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6488 &new_create_disposition,
6491 status = NT_STATUS_INVALID_PARAMETER;
6496 /* Open the src file for reading. */
6497 status = SMB_VFS_CREATE_FILE(
6500 0, /* root_dir_fid */
6501 smb_fname_src, /* fname */
6502 FILE_GENERIC_READ, /* access_mask */
6503 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6504 FILE_OPEN, /* create_disposition*/
6505 0, /* create_options */
6506 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6507 INTERNAL_OPEN_ONLY, /* oplock_request */
6508 0, /* allocation_size */
6509 0, /* private_flags */
6515 if (!NT_STATUS_IS_OK(status)) {
6519 dosattrs = dos_mode(conn, smb_fname_src);
6521 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6522 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6525 /* Open the dst file for writing. */
6526 status = SMB_VFS_CREATE_FILE(
6529 0, /* root_dir_fid */
6530 smb_fname_dst, /* fname */
6531 FILE_GENERIC_WRITE, /* access_mask */
6532 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6533 new_create_disposition, /* create_disposition*/
6534 0, /* create_options */
6535 dosattrs, /* file_attributes */
6536 INTERNAL_OPEN_ONLY, /* oplock_request */
6537 0, /* allocation_size */
6538 0, /* private_flags */
6544 if (!NT_STATUS_IS_OK(status)) {
6545 close_file(NULL, fsp1, ERROR_CLOSE);
6549 if ((ofun&3) == 1) {
6550 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6551 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6553 * Stop the copy from occurring.
6556 smb_fname_src->st.st_ex_size = 0;
6560 /* Do the actual copy. */
6561 if (smb_fname_src->st.st_ex_size) {
6562 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6565 close_file(NULL, fsp1, NORMAL_CLOSE);
6567 /* Ensure the modtime is set correctly on the destination file. */
6568 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6571 * As we are opening fsp1 read-only we only expect
6572 * an error on close on fsp2 if we are out of space.
6573 * Thus we don't look at the error return from the
6576 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6578 if (!NT_STATUS_IS_OK(status)) {
6582 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6583 status = NT_STATUS_DISK_FULL;
6587 status = NT_STATUS_OK;
6590 TALLOC_FREE(smb_fname_dst_tmp);
6594 /****************************************************************************
6595 Reply to a file copy.
6596 ****************************************************************************/
6598 void reply_copy(struct smb_request *req)
6600 connection_struct *conn = req->conn;
6601 struct smb_filename *smb_fname_src = NULL;
6602 struct smb_filename *smb_fname_dst = NULL;
6603 char *fname_src = NULL;
6604 char *fname_dst = NULL;
6605 char *fname_src_mask = NULL;
6606 char *fname_src_dir = NULL;
6609 int error = ERRnoaccess;
6613 bool target_is_directory=False;
6614 bool source_has_wild = False;
6615 bool dest_has_wild = False;
6617 TALLOC_CTX *ctx = talloc_tos();
6619 START_PROFILE(SMBcopy);
6622 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6626 tid2 = SVAL(req->vwv+0, 0);
6627 ofun = SVAL(req->vwv+1, 0);
6628 flags = SVAL(req->vwv+2, 0);
6630 p = (const char *)req->buf;
6631 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6632 &status, &source_has_wild);
6633 if (!NT_STATUS_IS_OK(status)) {
6634 reply_nterror(req, status);
6637 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6638 &status, &dest_has_wild);
6639 if (!NT_STATUS_IS_OK(status)) {
6640 reply_nterror(req, status);
6644 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6646 if (tid2 != conn->cnum) {
6647 /* can't currently handle inter share copies XXXX */
6648 DEBUG(3,("Rejecting inter-share copy\n"));
6649 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
6653 status = filename_convert(ctx, conn,
6654 req->flags2 & FLAGS2_DFS_PATHNAMES,
6656 UCF_COND_ALLOW_WCARD_LCOMP,
6659 if (!NT_STATUS_IS_OK(status)) {
6660 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6661 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6662 ERRSRV, ERRbadpath);
6665 reply_nterror(req, status);
6669 status = filename_convert(ctx, conn,
6670 req->flags2 & FLAGS2_DFS_PATHNAMES,
6672 UCF_COND_ALLOW_WCARD_LCOMP,
6675 if (!NT_STATUS_IS_OK(status)) {
6676 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6677 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6678 ERRSRV, ERRbadpath);
6681 reply_nterror(req, status);
6685 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6687 if ((flags&1) && target_is_directory) {
6688 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
6692 if ((flags&2) && !target_is_directory) {
6693 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
6697 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6698 /* wants a tree copy! XXXX */
6699 DEBUG(3,("Rejecting tree copy\n"));
6700 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6704 /* Split up the directory from the filename/mask. */
6705 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6706 &fname_src_dir, &fname_src_mask);
6707 if (!NT_STATUS_IS_OK(status)) {
6708 reply_nterror(req, NT_STATUS_NO_MEMORY);
6713 * We should only check the mangled cache
6714 * here if unix_convert failed. This means
6715 * that the path in 'mask' doesn't exist
6716 * on the file system and so we need to look
6717 * for a possible mangle. This patch from
6718 * Tine Smukavec <valentin.smukavec@hermes.si>.
6720 if (!VALID_STAT(smb_fname_src->st) &&
6721 mangle_is_mangled(fname_src_mask, conn->params)) {
6722 char *new_mask = NULL;
6723 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6724 &new_mask, conn->params);
6726 /* Use demangled name if one was successfully found. */
6728 TALLOC_FREE(fname_src_mask);
6729 fname_src_mask = new_mask;
6733 if (!source_has_wild) {
6736 * Only one file needs to be copied. Append the mask back onto
6739 TALLOC_FREE(smb_fname_src->base_name);
6740 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6744 if (!smb_fname_src->base_name) {
6745 reply_nterror(req, NT_STATUS_NO_MEMORY);
6749 if (dest_has_wild) {
6750 char *fname_dst_mod = NULL;
6751 if (!resolve_wildcards(smb_fname_dst,
6752 smb_fname_src->base_name,
6753 smb_fname_dst->base_name,
6755 reply_nterror(req, NT_STATUS_NO_MEMORY);
6758 TALLOC_FREE(smb_fname_dst->base_name);
6759 smb_fname_dst->base_name = fname_dst_mod;
6762 status = check_name(conn, smb_fname_src->base_name);
6763 if (!NT_STATUS_IS_OK(status)) {
6764 reply_nterror(req, status);
6768 status = check_name(conn, smb_fname_dst->base_name);
6769 if (!NT_STATUS_IS_OK(status)) {
6770 reply_nterror(req, status);
6774 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6775 ofun, count, target_is_directory);
6777 if(!NT_STATUS_IS_OK(status)) {
6778 reply_nterror(req, status);
6784 struct smb_Dir *dir_hnd = NULL;
6785 const char *dname = NULL;
6786 char *talloced = NULL;
6790 * There is a wildcard that requires us to actually read the
6791 * src dir and copy each file matching the mask to the dst.
6792 * Right now streams won't be copied, but this could
6793 * presumably be added with a nested loop for reach dir entry.
6795 SMB_ASSERT(!smb_fname_src->stream_name);
6796 SMB_ASSERT(!smb_fname_dst->stream_name);
6798 smb_fname_src->stream_name = NULL;
6799 smb_fname_dst->stream_name = NULL;
6801 if (strequal(fname_src_mask,"????????.???")) {
6802 TALLOC_FREE(fname_src_mask);
6803 fname_src_mask = talloc_strdup(ctx, "*");
6804 if (!fname_src_mask) {
6805 reply_nterror(req, NT_STATUS_NO_MEMORY);
6810 status = check_name(conn, fname_src_dir);
6811 if (!NT_STATUS_IS_OK(status)) {
6812 reply_nterror(req, status);
6816 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6817 if (dir_hnd == NULL) {
6818 status = map_nt_error_from_unix(errno);
6819 reply_nterror(req, status);
6825 /* Iterate over the src dir copying each entry to the dst. */
6826 while ((dname = ReadDirName(dir_hnd, &offset,
6827 &smb_fname_src->st, &talloced))) {
6828 char *destname = NULL;
6830 if (ISDOT(dname) || ISDOTDOT(dname)) {
6831 TALLOC_FREE(talloced);
6835 if (!is_visible_file(conn, fname_src_dir, dname,
6836 &smb_fname_src->st, false)) {
6837 TALLOC_FREE(talloced);
6841 if(!mask_match(dname, fname_src_mask,
6842 conn->case_sensitive)) {
6843 TALLOC_FREE(talloced);
6847 error = ERRnoaccess;
6849 /* Get the src smb_fname struct setup. */
6850 TALLOC_FREE(smb_fname_src->base_name);
6851 smb_fname_src->base_name =
6852 talloc_asprintf(smb_fname_src, "%s/%s",
6853 fname_src_dir, dname);
6855 if (!smb_fname_src->base_name) {
6856 TALLOC_FREE(dir_hnd);
6857 TALLOC_FREE(talloced);
6858 reply_nterror(req, NT_STATUS_NO_MEMORY);
6862 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6863 smb_fname_dst->base_name,
6865 TALLOC_FREE(talloced);
6869 TALLOC_FREE(dir_hnd);
6870 TALLOC_FREE(talloced);
6871 reply_nterror(req, NT_STATUS_NO_MEMORY);
6875 TALLOC_FREE(smb_fname_dst->base_name);
6876 smb_fname_dst->base_name = destname;
6878 status = check_name(conn, smb_fname_src->base_name);
6879 if (!NT_STATUS_IS_OK(status)) {
6880 TALLOC_FREE(dir_hnd);
6881 TALLOC_FREE(talloced);
6882 reply_nterror(req, status);
6886 status = check_name(conn, smb_fname_dst->base_name);
6887 if (!NT_STATUS_IS_OK(status)) {
6888 TALLOC_FREE(dir_hnd);
6889 TALLOC_FREE(talloced);
6890 reply_nterror(req, status);
6894 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
6895 smb_fname_src->base_name,
6896 smb_fname_dst->base_name));
6898 status = copy_file(ctx, conn, smb_fname_src,
6899 smb_fname_dst, ofun, count,
6900 target_is_directory);
6901 if (NT_STATUS_IS_OK(status)) {
6905 TALLOC_FREE(talloced);
6907 TALLOC_FREE(dir_hnd);
6911 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
6915 reply_outbuf(req, 1, 0);
6916 SSVAL(req->outbuf,smb_vwv0,count);
6918 TALLOC_FREE(smb_fname_src);
6919 TALLOC_FREE(smb_fname_dst);
6920 TALLOC_FREE(fname_src);
6921 TALLOC_FREE(fname_dst);
6922 TALLOC_FREE(fname_src_mask);
6923 TALLOC_FREE(fname_src_dir);
6925 END_PROFILE(SMBcopy);
6930 #define DBGC_CLASS DBGC_LOCKING
6932 /****************************************************************************
6933 Get a lock pid, dealing with large count requests.
6934 ****************************************************************************/
6936 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
6937 bool large_file_format)
6939 if(!large_file_format)
6940 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
6942 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6945 /****************************************************************************
6946 Get a lock count, dealing with large count requests.
6947 ****************************************************************************/
6949 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6950 bool large_file_format)
6954 if(!large_file_format) {
6955 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6958 #if defined(HAVE_LONGLONG)
6959 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6960 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6961 #else /* HAVE_LONGLONG */
6964 * NT4.x seems to be broken in that it sends large file (64 bit)
6965 * lockingX calls even if the CAP_LARGE_FILES was *not*
6966 * negotiated. For boxes without large unsigned ints truncate the
6967 * lock count by dropping the top 32 bits.
6970 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6971 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6972 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6973 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6974 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6977 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6978 #endif /* HAVE_LONGLONG */
6984 #if !defined(HAVE_LONGLONG)
6985 /****************************************************************************
6986 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6987 ****************************************************************************/
6989 static uint32 map_lock_offset(uint32 high, uint32 low)
6993 uint32 highcopy = high;
6996 * Try and find out how many significant bits there are in high.
6999 for(i = 0; highcopy; i++)
7003 * We use 31 bits not 32 here as POSIX
7004 * lock offsets may not be negative.
7007 mask = (~0) << (31 - i);
7010 return 0; /* Fail. */
7016 #endif /* !defined(HAVE_LONGLONG) */
7018 /****************************************************************************
7019 Get a lock offset, dealing with large offset requests.
7020 ****************************************************************************/
7022 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7023 bool large_file_format, bool *err)
7025 uint64_t offset = 0;
7029 if(!large_file_format) {
7030 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7033 #if defined(HAVE_LONGLONG)
7034 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7035 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7036 #else /* HAVE_LONGLONG */
7039 * NT4.x seems to be broken in that it sends large file (64 bit)
7040 * lockingX calls even if the CAP_LARGE_FILES was *not*
7041 * negotiated. For boxes without large unsigned ints mangle the
7042 * lock offset by mapping the top 32 bits onto the lower 32.
7045 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7046 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7047 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7050 if((new_low = map_lock_offset(high, low)) == 0) {
7052 return (uint64_t)-1;
7055 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7056 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7057 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7058 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7061 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7062 #endif /* HAVE_LONGLONG */
7068 NTSTATUS smbd_do_locking(struct smb_request *req,
7072 uint16_t num_ulocks,
7073 struct smbd_lock_element *ulocks,
7075 struct smbd_lock_element *locks,
7078 connection_struct *conn = req->conn;
7080 NTSTATUS status = NT_STATUS_OK;
7084 /* Data now points at the beginning of the list
7085 of smb_unlkrng structs */
7086 for(i = 0; i < (int)num_ulocks; i++) {
7087 struct smbd_lock_element *e = &ulocks[i];
7089 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7090 "pid %u, file %s\n",
7093 (unsigned int)e->smblctx,
7096 if (e->brltype != UNLOCK_LOCK) {
7097 /* this can only happen with SMB2 */
7098 return NT_STATUS_INVALID_PARAMETER;
7101 status = do_unlock(smbd_messaging_context(),
7108 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7109 nt_errstr(status)));
7111 if (!NT_STATUS_IS_OK(status)) {
7116 /* Setup the timeout in seconds. */
7118 if (!lp_blocking_locks(SNUM(conn))) {
7122 /* Data now points at the beginning of the list
7123 of smb_lkrng structs */
7125 for(i = 0; i < (int)num_locks; i++) {
7126 struct smbd_lock_element *e = &locks[i];
7128 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7129 "%llu, file %s timeout = %d\n",
7132 (unsigned long long)e->smblctx,
7136 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7137 struct blocking_lock_record *blr = NULL;
7139 if (num_locks > 1) {
7141 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7142 * if the lock vector contains one entry. When given mutliple cancel
7143 * requests in a single PDU we expect the server to return an
7144 * error. Windows servers seem to accept the request but only
7145 * cancel the first lock.
7146 * JRA - Do what Windows does (tm) :-).
7150 /* MS-CIFS (2.2.4.32.1) behavior. */
7151 return NT_STATUS_DOS(ERRDOS,
7152 ERRcancelviolation);
7154 /* Windows behavior. */
7156 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7157 "cancel request\n"));
7163 if (lp_blocking_locks(SNUM(conn))) {
7165 /* Schedule a message to ourselves to
7166 remove the blocking lock record and
7167 return the right error. */
7169 blr = blocking_lock_cancel_smb1(fsp,
7175 NT_STATUS_FILE_LOCK_CONFLICT);
7177 return NT_STATUS_DOS(
7179 ERRcancelviolation);
7182 /* Remove a matching pending lock. */
7183 status = do_lock_cancel(fsp,
7190 bool blocking_lock = timeout ? true : false;
7191 bool defer_lock = false;
7192 struct byte_range_lock *br_lck;
7193 uint64_t block_smblctx;
7195 br_lck = do_lock(smbd_messaging_context(),
7207 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7208 /* Windows internal resolution for blocking locks seems
7209 to be about 200ms... Don't wait for less than that. JRA. */
7210 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7211 timeout = lp_lock_spin_time();
7216 /* If a lock sent with timeout of zero would fail, and
7217 * this lock has been requested multiple times,
7218 * according to brl_lock_failed() we convert this
7219 * request to a blocking lock with a timeout of between
7220 * 150 - 300 milliseconds.
7222 * If lp_lock_spin_time() has been set to 0, we skip
7223 * this blocking retry and fail immediately.
7225 * Replacement for do_lock_spin(). JRA. */
7227 if (!smbd_server_conn->using_smb2 &&
7228 br_lck && lp_blocking_locks(SNUM(conn)) &&
7229 lp_lock_spin_time() && !blocking_lock &&
7230 NT_STATUS_EQUAL((status),
7231 NT_STATUS_FILE_LOCK_CONFLICT))
7234 timeout = lp_lock_spin_time();
7237 if (br_lck && defer_lock) {
7239 * A blocking lock was requested. Package up
7240 * this smb into a queued request and push it
7241 * onto the blocking lock queue.
7243 if(push_blocking_lock_request(br_lck,
7254 TALLOC_FREE(br_lck);
7256 return NT_STATUS_OK;
7260 TALLOC_FREE(br_lck);
7263 if (!NT_STATUS_IS_OK(status)) {
7268 /* If any of the above locks failed, then we must unlock
7269 all of the previous locks (X/Open spec). */
7271 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7273 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7274 i = -1; /* we want to skip the for loop */
7278 * Ensure we don't do a remove on the lock that just failed,
7279 * as under POSIX rules, if we have a lock already there, we
7280 * will delete it (and we shouldn't) .....
7282 for(i--; i >= 0; i--) {
7283 struct smbd_lock_element *e = &locks[i];
7285 do_unlock(smbd_messaging_context(),
7295 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7296 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7298 return NT_STATUS_OK;
7301 /****************************************************************************
7302 Reply to a lockingX request.
7303 ****************************************************************************/
7305 void reply_lockingX(struct smb_request *req)
7307 connection_struct *conn = req->conn;
7309 unsigned char locktype;
7310 unsigned char oplocklevel;
7315 const uint8_t *data;
7316 bool large_file_format;
7318 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7319 struct smbd_lock_element *ulocks;
7320 struct smbd_lock_element *locks;
7323 START_PROFILE(SMBlockingX);
7326 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7327 END_PROFILE(SMBlockingX);
7331 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7332 locktype = CVAL(req->vwv+3, 0);
7333 oplocklevel = CVAL(req->vwv+3, 1);
7334 num_ulocks = SVAL(req->vwv+6, 0);
7335 num_locks = SVAL(req->vwv+7, 0);
7336 lock_timeout = IVAL(req->vwv+4, 0);
7337 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7339 if (!check_fsp(conn, req, fsp)) {
7340 END_PROFILE(SMBlockingX);
7346 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7347 /* we don't support these - and CANCEL_LOCK makes w2k
7348 and XP reboot so I don't really want to be
7349 compatible! (tridge) */
7350 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7351 END_PROFILE(SMBlockingX);
7355 /* Check if this is an oplock break on a file
7356 we have granted an oplock on.
7358 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7359 /* Client can insist on breaking to none. */
7360 bool break_to_none = (oplocklevel == 0);
7363 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7364 "for fnum = %d\n", (unsigned int)oplocklevel,
7368 * Make sure we have granted an exclusive or batch oplock on
7372 if (fsp->oplock_type == 0) {
7374 /* The Samba4 nbench simulator doesn't understand
7375 the difference between break to level2 and break
7376 to none from level2 - it sends oplock break
7377 replies in both cases. Don't keep logging an error
7378 message here - just ignore it. JRA. */
7380 DEBUG(5,("reply_lockingX: Error : oplock break from "
7381 "client for fnum = %d (oplock=%d) and no "
7382 "oplock granted on this file (%s).\n",
7383 fsp->fnum, fsp->oplock_type,
7386 /* if this is a pure oplock break request then don't
7388 if (num_locks == 0 && num_ulocks == 0) {
7389 END_PROFILE(SMBlockingX);
7392 END_PROFILE(SMBlockingX);
7393 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7398 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7400 result = remove_oplock(fsp);
7402 result = downgrade_oplock(fsp);
7406 DEBUG(0, ("reply_lockingX: error in removing "
7407 "oplock on file %s\n", fsp_str_dbg(fsp)));
7408 /* Hmmm. Is this panic justified? */
7409 smb_panic("internal tdb error");
7412 reply_to_oplock_break_requests(fsp);
7414 /* if this is a pure oplock break request then don't send a
7416 if (num_locks == 0 && num_ulocks == 0) {
7417 /* Sanity check - ensure a pure oplock break is not a
7419 if(CVAL(req->vwv+0, 0) != 0xff)
7420 DEBUG(0,("reply_lockingX: Error : pure oplock "
7421 "break is a chained %d request !\n",
7422 (unsigned int)CVAL(req->vwv+0, 0)));
7423 END_PROFILE(SMBlockingX);
7429 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7430 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7431 END_PROFILE(SMBlockingX);
7435 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7436 if (ulocks == NULL) {
7437 reply_nterror(req, NT_STATUS_NO_MEMORY);
7438 END_PROFILE(SMBlockingX);
7442 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7443 if (locks == NULL) {
7444 reply_nterror(req, NT_STATUS_NO_MEMORY);
7445 END_PROFILE(SMBlockingX);
7449 /* Data now points at the beginning of the list
7450 of smb_unlkrng structs */
7451 for(i = 0; i < (int)num_ulocks; i++) {
7452 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
7453 ulocks[i].count = get_lock_count(data, i, large_file_format);
7454 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7455 ulocks[i].brltype = UNLOCK_LOCK;
7458 * There is no error code marked "stupid client bug".... :-).
7461 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7462 END_PROFILE(SMBlockingX);
7467 /* Now do any requested locks */
7468 data += ((large_file_format ? 20 : 10)*num_ulocks);
7470 /* Data now points at the beginning of the list
7471 of smb_lkrng structs */
7473 for(i = 0; i < (int)num_locks; i++) {
7474 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
7475 locks[i].count = get_lock_count(data, i, large_file_format);
7476 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7478 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7479 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7480 locks[i].brltype = PENDING_READ_LOCK;
7482 locks[i].brltype = READ_LOCK;
7485 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7486 locks[i].brltype = PENDING_WRITE_LOCK;
7488 locks[i].brltype = WRITE_LOCK;
7493 * There is no error code marked "stupid client bug".... :-).
7496 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7497 END_PROFILE(SMBlockingX);
7502 status = smbd_do_locking(req, fsp,
7503 locktype, lock_timeout,
7507 if (!NT_STATUS_IS_OK(status)) {
7508 END_PROFILE(SMBlockingX);
7509 reply_nterror(req, status);
7513 END_PROFILE(SMBlockingX);
7517 reply_outbuf(req, 2, 0);
7519 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7520 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7522 END_PROFILE(SMBlockingX);
7527 #define DBGC_CLASS DBGC_ALL
7529 /****************************************************************************
7530 Reply to a SMBreadbmpx (read block multiplex) request.
7531 Always reply with an error, if someone has a platform really needs this,
7532 please contact vl@samba.org
7533 ****************************************************************************/
7535 void reply_readbmpx(struct smb_request *req)
7537 START_PROFILE(SMBreadBmpx);
7538 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7539 END_PROFILE(SMBreadBmpx);
7543 /****************************************************************************
7544 Reply to a SMBreadbs (read block multiplex secondary) request.
7545 Always reply with an error, if someone has a platform really needs this,
7546 please contact vl@samba.org
7547 ****************************************************************************/
7549 void reply_readbs(struct smb_request *req)
7551 START_PROFILE(SMBreadBs);
7552 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7553 END_PROFILE(SMBreadBs);
7557 /****************************************************************************
7558 Reply to a SMBsetattrE.
7559 ****************************************************************************/
7561 void reply_setattrE(struct smb_request *req)
7563 connection_struct *conn = req->conn;
7564 struct smb_file_time ft;
7568 START_PROFILE(SMBsetattrE);
7572 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7576 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7578 if(!fsp || (fsp->conn != conn)) {
7579 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7584 * Convert the DOS times into unix times.
7587 ft.atime = convert_time_t_to_timespec(
7588 srv_make_unix_date2(req->vwv+3));
7589 ft.mtime = convert_time_t_to_timespec(
7590 srv_make_unix_date2(req->vwv+5));
7591 ft.create_time = convert_time_t_to_timespec(
7592 srv_make_unix_date2(req->vwv+1));
7594 reply_outbuf(req, 0, 0);
7597 * Patch from Ray Frush <frush@engr.colostate.edu>
7598 * Sometimes times are sent as zero - ignore them.
7601 /* Ensure we have a valid stat struct for the source. */
7602 status = vfs_stat_fsp(fsp);
7603 if (!NT_STATUS_IS_OK(status)) {
7604 reply_nterror(req, status);
7608 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7609 if (!NT_STATUS_IS_OK(status)) {
7610 reply_nterror(req, status);
7614 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7617 (unsigned int)ft.atime.tv_sec,
7618 (unsigned int)ft.mtime.tv_sec,
7619 (unsigned int)ft.create_time.tv_sec
7622 END_PROFILE(SMBsetattrE);
7627 /* Back from the dead for OS/2..... JRA. */
7629 /****************************************************************************
7630 Reply to a SMBwritebmpx (write block multiplex primary) request.
7631 Always reply with an error, if someone has a platform really needs this,
7632 please contact vl@samba.org
7633 ****************************************************************************/
7635 void reply_writebmpx(struct smb_request *req)
7637 START_PROFILE(SMBwriteBmpx);
7638 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7639 END_PROFILE(SMBwriteBmpx);
7643 /****************************************************************************
7644 Reply to a SMBwritebs (write block multiplex secondary) request.
7645 Always reply with an error, if someone has a platform really needs this,
7646 please contact vl@samba.org
7647 ****************************************************************************/
7649 void reply_writebs(struct smb_request *req)
7651 START_PROFILE(SMBwriteBs);
7652 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7653 END_PROFILE(SMBwriteBs);
7657 /****************************************************************************
7658 Reply to a SMBgetattrE.
7659 ****************************************************************************/
7661 void reply_getattrE(struct smb_request *req)
7663 connection_struct *conn = req->conn;
7666 struct timespec create_ts;
7668 START_PROFILE(SMBgetattrE);
7671 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7672 END_PROFILE(SMBgetattrE);
7676 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7678 if(!fsp || (fsp->conn != conn)) {
7679 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7680 END_PROFILE(SMBgetattrE);
7684 /* Do an fstat on this file */
7686 reply_nterror(req, map_nt_error_from_unix(errno));
7687 END_PROFILE(SMBgetattrE);
7691 mode = dos_mode(conn, fsp->fsp_name);
7694 * Convert the times into dos times. Set create
7695 * date to be last modify date as UNIX doesn't save
7699 reply_outbuf(req, 11, 0);
7701 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
7702 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7703 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7704 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
7705 /* Should we check pending modtime here ? JRA */
7706 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7707 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
7710 SIVAL(req->outbuf, smb_vwv6, 0);
7711 SIVAL(req->outbuf, smb_vwv8, 0);
7713 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
7714 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
7715 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7717 SSVAL(req->outbuf,smb_vwv10, mode);
7719 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7721 END_PROFILE(SMBgetattrE);
git.samba.org / samba.git / blob