2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-1998
5 Copyright (C) Stefan (metze) Metzmacher 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern enum protocol_types Protocol;
26 extern int smb_read_error;
27 extern struct current_user current_user;
29 static const char *known_nt_pipes[] = {
49 static char *nttrans_realloc(char **ptr, size_t size)
52 smb_panic("nttrans_realloc() called with NULL ptr\n");
55 *ptr = SMB_REALLOC(*ptr, size);
59 memset(*ptr,'\0',size);
63 /****************************************************************************
64 Send the required number of replies back.
65 We assume all fields other than the data fields are
66 set correctly for the type of call.
67 HACK ! Always assumes smb_setup field is zero.
68 ****************************************************************************/
70 static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, NTSTATUS nt_error, char *params,
71 int paramsize, char *pdata, int datasize)
73 int data_to_send = datasize;
74 int params_to_send = paramsize;
78 int params_sent_thistime, data_sent_thistime, total_sent_thistime;
79 int alignment_offset = 3;
80 int data_alignment_offset = 0;
83 * Initially set the wcnt area to be 18 - this is true for all
87 set_message(outbuf,18,0,True);
89 if (NT_STATUS_V(nt_error)) {
94 * If there genuinely are no parameters or data to send just send
98 if(params_to_send == 0 && data_to_send == 0) {
100 if (!send_smb(smbd_server_fd(),outbuf)) {
101 exit_server("send_nt_replies: send_smb failed.");
107 * When sending params and data ensure that both are nicely aligned.
108 * Only do this alignment when there is also data to send - else
109 * can cause NT redirector problems.
112 if (((params_to_send % 4) != 0) && (data_to_send != 0)) {
113 data_alignment_offset = 4 - (params_to_send % 4);
117 * Space is bufsize minus Netbios over TCP header minus SMB header.
118 * The alignment_offset is to align the param bytes on a four byte
119 * boundary (2 bytes for data len, one byte pad).
120 * NT needs this to work correctly.
123 useable_space = bufsize - ((smb_buf(outbuf)+
124 alignment_offset+data_alignment_offset) -
128 * useable_space can never be more than max_send minus the
132 useable_space = MIN(useable_space,
133 max_send - (alignment_offset+data_alignment_offset));
136 while (params_to_send || data_to_send) {
139 * Calculate whether we will totally or partially fill this packet.
142 total_sent_thistime = params_to_send + data_to_send +
143 alignment_offset + data_alignment_offset;
146 * We can never send more than useable_space.
149 total_sent_thistime = MIN(total_sent_thistime, useable_space);
151 set_message(outbuf, 18, total_sent_thistime, True);
154 * Set total params and data to be sent.
157 SIVAL(outbuf,smb_ntr_TotalParameterCount,paramsize);
158 SIVAL(outbuf,smb_ntr_TotalDataCount,datasize);
161 * Calculate how many parameters and data we can fit into
162 * this packet. Parameters get precedence.
165 params_sent_thistime = MIN(params_to_send,useable_space);
166 data_sent_thistime = useable_space - params_sent_thistime;
167 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
169 SIVAL(outbuf,smb_ntr_ParameterCount,params_sent_thistime);
171 if(params_sent_thistime == 0) {
172 SIVAL(outbuf,smb_ntr_ParameterOffset,0);
173 SIVAL(outbuf,smb_ntr_ParameterDisplacement,0);
176 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
177 * parameter bytes, however the first 4 bytes of outbuf are
178 * the Netbios over TCP header. Thus use smb_base() to subtract
179 * them from the calculation.
182 SIVAL(outbuf,smb_ntr_ParameterOffset,
183 ((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
185 * Absolute displacement of param bytes sent in this packet.
188 SIVAL(outbuf,smb_ntr_ParameterDisplacement,pp - params);
192 * Deal with the data portion.
195 SIVAL(outbuf,smb_ntr_DataCount, data_sent_thistime);
197 if(data_sent_thistime == 0) {
198 SIVAL(outbuf,smb_ntr_DataOffset,0);
199 SIVAL(outbuf,smb_ntr_DataDisplacement, 0);
202 * The offset of the data bytes is the offset of the
203 * parameter bytes plus the number of parameters being sent this time.
206 SIVAL(outbuf,smb_ntr_DataOffset,((smb_buf(outbuf)+alignment_offset) -
207 smb_base(outbuf)) + params_sent_thistime + data_alignment_offset);
208 SIVAL(outbuf,smb_ntr_DataDisplacement, pd - pdata);
212 * Copy the param bytes into the packet.
215 if(params_sent_thistime) {
216 memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
220 * Copy in the data bytes
223 if(data_sent_thistime) {
224 memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+
225 data_alignment_offset,pd,data_sent_thistime);
228 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
229 params_sent_thistime, data_sent_thistime, useable_space));
230 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
231 params_to_send, data_to_send, paramsize, datasize));
233 /* Send the packet */
235 if (!send_smb(smbd_server_fd(),outbuf)) {
236 exit_server("send_nt_replies: send_smb failed.");
239 pp += params_sent_thistime;
240 pd += data_sent_thistime;
242 params_to_send -= params_sent_thistime;
243 data_to_send -= data_sent_thistime;
249 if(params_to_send < 0 || data_to_send < 0) {
250 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
251 params_to_send, data_to_send));
259 /****************************************************************************
260 Is it an NTFS stream name ?
261 ****************************************************************************/
263 BOOL is_ntfs_stream_name(const char *fname)
265 if (lp_posix_pathnames()) {
268 return (strchr_m(fname, ':') != NULL) ? True : False;
271 /****************************************************************************
273 ****************************************************************************/
275 static BOOL saved_case_sensitive;
276 static BOOL saved_case_preserve;
277 static BOOL saved_short_case_preserve;
279 /****************************************************************************
281 ****************************************************************************/
283 static void set_posix_case_semantics(connection_struct *conn, uint32 file_attributes)
285 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
289 saved_case_sensitive = conn->case_sensitive;
290 saved_case_preserve = conn->case_preserve;
291 saved_short_case_preserve = conn->short_case_preserve;
294 conn->case_sensitive = True;
295 conn->case_preserve = True;
296 conn->short_case_preserve = True;
299 /****************************************************************************
300 Restore case semantics.
301 ****************************************************************************/
303 static void restore_case_semantics(connection_struct *conn, uint32 file_attributes)
305 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
309 conn->case_sensitive = saved_case_sensitive;
310 conn->case_preserve = saved_case_preserve;
311 conn->short_case_preserve = saved_short_case_preserve;
314 /****************************************************************************
315 Reply to an NT create and X call on a pipe.
316 ****************************************************************************/
318 static int nt_open_pipe(char *fname, connection_struct *conn,
319 char *inbuf, char *outbuf, int *ppnum)
321 smb_np_struct *p = NULL;
322 uint16 vuid = SVAL(inbuf, smb_uid);
325 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
327 /* See if it is one we want to handle. */
329 if (lp_disable_spoolss() && strequal(fname, "\\spoolss")) {
330 return(ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpipe));
333 for( i = 0; known_nt_pipes[i]; i++ ) {
334 if( strequal(fname,known_nt_pipes[i])) {
339 if ( known_nt_pipes[i] == NULL ) {
340 return(ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpipe));
343 /* Strip \\ off the name. */
346 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
348 p = open_rpc_pipe_p(fname, conn, vuid);
350 return(ERROR_DOS(ERRSRV,ERRnofids));
353 /* TODO: Add pipe to db */
355 if ( !store_pipe_opendb( p ) ) {
356 DEBUG(3,("nt_open_pipe: failed to store %s pipe open.\n", fname));
363 /****************************************************************************
364 Reply to an NT create and X call for pipes.
365 ****************************************************************************/
367 static int do_ntcreate_pipe_open(connection_struct *conn,
368 char *inbuf,char *outbuf,int length,int bufsize)
375 srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE);
377 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) {
382 * Deal with pipe return.
385 set_message(outbuf,34,0,True);
387 p = outbuf + smb_vwv2;
391 SIVAL(p,0,FILE_WAS_OPENED);
394 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
397 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
399 SSVAL(p,2, 0x5FF); /* ? */
401 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
403 return chain_reply(inbuf,outbuf,length,bufsize);
406 /****************************************************************************
407 Reply to an NT create and X call for a quota file.
408 ****************************************************************************/
410 int reply_ntcreate_and_X_quota(connection_struct *conn,
415 enum FAKE_FILE_TYPE fake_file_type,
420 uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess);
424 status = open_fake_file(conn, fake_file_type, fname, desired_access,
427 if (!NT_STATUS_IS_OK(status)) {
428 return ERROR_NT(status);
431 set_message(outbuf,34,0,True);
433 p = outbuf + smb_vwv2;
435 /* SCVAL(p,0,NO_OPLOCK_RETURN); */
437 SSVAL(p,0,fsp->fnum);
440 SIVAL(p,0,smb_action);
444 put_long_date(p,c_time);
446 put_long_date(p,sbuf.st_atime); /* access time */
448 put_long_date(p,sbuf.st_mtime); /* write time */
450 put_long_date(p,sbuf.st_mtime); /* change time */
452 SIVAL(p,0,fattr); /* File Attributes. */
454 SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf));
456 SOFF_T(p,0,file_len);
458 if (flags & EXTENDED_RESPONSE_REQUIRED)
461 SCVAL(p,0,fsp->is_directory ? 1 : 0);
464 DEBUG(5,("reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
466 result = chain_reply(inbuf,outbuf,length,bufsize);
470 /****************************************************************************
471 Reply to an NT create and X call.
472 ****************************************************************************/
474 int reply_ntcreate_and_X(connection_struct *conn,
475 char *inbuf,char *outbuf,int length,int bufsize)
479 uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
480 uint32 access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
481 uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
482 uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
483 uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
484 uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
485 uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
486 /* Breakout the oplock request bits so we can set the
487 reply bits separately. */
488 int oplock_request = 0;
490 SMB_OFF_T file_len = 0;
491 SMB_STRUCT_STAT sbuf;
493 BOOL bad_path = False;
494 files_struct *fsp=NULL;
497 BOOL extended_oplock_granted = False;
500 START_PROFILE(SMBntcreateX);
502 DEBUG(10,("reply_ntcreateX: flags = 0x%x, access_mask = 0x%x \
503 file_attributes = 0x%x, share_access = 0x%x, create_disposition = 0x%x \
504 create_options = 0x%x root_dir_fid = 0x%x\n",
506 (unsigned int)access_mask,
507 (unsigned int)file_attributes,
508 (unsigned int)share_access,
509 (unsigned int)create_disposition,
510 (unsigned int)create_options,
511 (unsigned int)root_dir_fid ));
513 /* If it's an IPC, use the pipe handler. */
516 if (lp_nt_pipe_support()) {
517 END_PROFILE(SMBntcreateX);
518 return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize);
520 END_PROFILE(SMBntcreateX);
521 return(ERROR_DOS(ERRDOS,ERRnoaccess));
525 if (create_options & FILE_OPEN_BY_FILE_ID) {
526 END_PROFILE(SMBntcreateX);
527 return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
534 if(root_dir_fid != 0) {
536 * This filename is relative to a directory fid.
539 files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid);
543 END_PROFILE(SMBntcreateX);
544 return(ERROR_DOS(ERRDOS,ERRbadfid));
547 if(!dir_fsp->is_directory) {
549 srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, &status);
550 if (!NT_STATUS_IS_OK(status)) {
551 END_PROFILE(SMBntcreateX);
552 return ERROR_NT(status);
556 * Check to see if this is a mac fork of some kind.
559 if( is_ntfs_stream_name(fname)) {
560 END_PROFILE(SMBntcreateX);
561 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
565 we need to handle the case when we get a
566 relative open relative to a file and the
567 pathname is blank - this is a reopen!
568 (hint from demyn plantenberg)
571 END_PROFILE(SMBntcreateX);
572 return(ERROR_DOS(ERRDOS,ERRbadfid));
576 * Copy in the base directory name.
579 pstrcpy( fname, dir_fsp->fsp_name );
580 dir_name_len = strlen(fname);
583 * Ensure it ends in a '\'.
586 if(fname[dir_name_len-1] != '\\' && fname[dir_name_len-1] != '/') {
591 srvstr_get_path(inbuf, rel_fname, smb_buf(inbuf), sizeof(rel_fname), 0, STR_TERMINATE, &status);
592 if (!NT_STATUS_IS_OK(status)) {
593 END_PROFILE(SMBntcreateX);
594 return ERROR_NT(status);
596 pstrcat(fname, rel_fname);
598 srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, &status);
599 if (!NT_STATUS_IS_OK(status)) {
600 END_PROFILE(SMBntcreateX);
601 return ERROR_NT(status);
605 * Check to see if this is a mac fork of some kind.
608 if( is_ntfs_stream_name(fname)) {
609 enum FAKE_FILE_TYPE fake_file_type = is_fake_file(fname);
610 if (fake_file_type!=FAKE_FILE_TYPE_NONE) {
612 * Here we go! support for changing the disk quotas --metze
614 * We need to fake up to open this MAGIC QUOTA file
615 * and return a valid FID.
617 * w2k close this file directly after openening
618 * xp also tries a QUERY_FILE_INFO on the file and then close it
620 result = reply_ntcreate_and_X_quota(conn, inbuf, outbuf, length, bufsize,
621 fake_file_type, fname);
622 END_PROFILE(SMBntcreateX);
625 END_PROFILE(SMBntcreateX);
626 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
632 * Now contruct the smb_open_mode value from the filename,
633 * desired access and the share access.
635 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
637 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
638 if (oplock_request) {
639 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
643 * Ordinary file or directory.
647 * Check if POSIX semantics are wanted.
650 set_posix_case_semantics(conn, file_attributes);
652 unix_convert(fname,conn,0,&bad_path,&sbuf);
655 restore_case_semantics(conn, file_attributes);
656 END_PROFILE(SMBntcreateX);
657 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
659 /* All file access must go through check_name() */
660 if (!check_name(fname,conn)) {
661 restore_case_semantics(conn, file_attributes);
662 END_PROFILE(SMBntcreateX);
663 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadpath);
667 /* This is the correct thing to do (check every time) but can_delete is
668 expensive (it may have to read the parent directory permissions). So
669 for now we're not doing it unless we have a strong hint the client
670 is really going to delete this file. */
671 if (desired_access & DELETE_ACCESS) {
673 /* Setting FILE_SHARE_DELETE is the hint. */
674 if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE)
675 && (access_mask & DELETE_ACCESS)) {
677 status = can_delete(conn, fname, file_attributes, bad_path, True);
678 /* We're only going to fail here if it's access denied, as that's the
679 only error we care about for "can we delete this ?" questions. */
680 if (!NT_STATUS_IS_OK(status) && (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) ||
681 NT_STATUS_EQUAL(status,NT_STATUS_CANNOT_DELETE))) {
682 restore_case_semantics(conn, file_attributes);
683 END_PROFILE(SMBntcreateX);
684 return ERROR_NT(NT_STATUS_ACCESS_DENIED);
689 * If it's a request for a directory open, deal with it separately.
692 if(create_options & FILE_DIRECTORY_FILE) {
695 /* Can't open a temp directory. IFS kit test. */
696 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
697 END_PROFILE(SMBntcreateX);
698 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
701 status = open_directory(conn, fname, &sbuf,
708 restore_case_semantics(conn, file_attributes);
710 if(!NT_STATUS_IS_OK(status)) {
711 END_PROFILE(SMBntcreateX);
712 return ERROR_NT(status);
716 * Ordinary file case.
719 /* NB. We have a potential bug here. If we
720 * cause an oplock break to ourselves, then we
721 * could end up processing filename related
722 * SMB requests whilst we await the oplock
723 * break response. As we may have changed the
724 * filename case semantics to be POSIX-like,
725 * this could mean a filename request could
726 * fail when it should succeed. This is a rare
727 * condition, but eventually we must arrange
728 * to restore the correct case semantics
729 * before issuing an oplock break request to
730 * our client. JRA. */
732 status = open_file_ntcreate(conn,fname,&sbuf,
740 if (!NT_STATUS_IS_OK(status)) {
741 /* We cheat here. There are two cases we
742 * care about. One is a directory rename,
743 * where the NT client will attempt to
744 * open the source directory for
745 * DELETE access. Note that when the
746 * NT client does this it does *not*
747 * set the directory bit in the
748 * request packet. This is translated
749 * into a read/write open
750 * request. POSIX states that any open
751 * for write request on a directory
752 * will generate an EISDIR error, so
753 * we can catch this here and open a
754 * pseudo handle that is flagged as a
755 * directory. The second is an open
756 * for a permissions read only, which
757 * we handle in the open_file_stat case. JRA.
760 if (NT_STATUS_EQUAL(status,
761 NT_STATUS_FILE_IS_A_DIRECTORY)) {
764 * Fail the open if it was explicitly a non-directory file.
767 if (create_options & FILE_NON_DIRECTORY_FILE) {
768 restore_case_semantics(conn, file_attributes);
769 END_PROFILE(SMBntcreateX);
770 return ERROR_FORCE_NT(NT_STATUS_FILE_IS_A_DIRECTORY);
774 status = open_directory(conn, fname, &sbuf,
781 if(!NT_STATUS_IS_OK(status)) {
782 restore_case_semantics(conn, file_attributes);
783 END_PROFILE(SMBntcreateX);
784 return ERROR_NT(status);
788 restore_case_semantics(conn, file_attributes);
789 END_PROFILE(SMBntcreateX);
790 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
791 /* We have re-scheduled this call. */
794 return ERROR_NT(status);
799 restore_case_semantics(conn, file_attributes);
801 file_len = sbuf.st_size;
802 fattr = dos_mode(conn,fname,&sbuf);
804 fattr = FILE_ATTRIBUTE_NORMAL;
806 if (!fsp->is_directory && (fattr & aDIR)) {
807 close_file(fsp,ERROR_CLOSE);
808 END_PROFILE(SMBntcreateX);
809 return ERROR_DOS(ERRDOS,ERRnoaccess);
812 /* Save the requested allocation size. */
813 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
814 SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize);
815 #ifdef LARGE_SMB_OFF_T
816 allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) << 32);
818 if (allocation_size && (allocation_size > (SMB_BIG_UINT)file_len)) {
819 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
820 if (fsp->is_directory) {
821 close_file(fsp,ERROR_CLOSE);
822 END_PROFILE(SMBntcreateX);
823 /* Can't set allocation size on a directory. */
824 return ERROR_NT(NT_STATUS_ACCESS_DENIED);
826 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
827 close_file(fsp,ERROR_CLOSE);
828 END_PROFILE(SMBntcreateX);
829 return ERROR_NT(NT_STATUS_DISK_FULL);
832 fsp->initial_allocation_size = smb_roundup(fsp->conn,(SMB_BIG_UINT)file_len);
837 * If the caller set the extended oplock request bit
838 * and we granted one (by whatever means) - set the
839 * correct bit for extended oplock reply.
842 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
843 extended_oplock_granted = True;
846 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
847 extended_oplock_granted = True;
851 /* W2K sends back 42 words here ! If we do the same it breaks offline sync. Go figure... ? JRA. */
852 set_message(outbuf,42,0,True);
854 set_message(outbuf,34,0,True);
857 p = outbuf + smb_vwv2;
860 * Currently as we don't support level II oplocks we just report
861 * exclusive & batch here.
864 if (extended_oplock_granted) {
865 if (flags & REQUEST_BATCH_OPLOCK) {
866 SCVAL(p,0, BATCH_OPLOCK_RETURN);
868 SCVAL(p,0, EXCLUSIVE_OPLOCK_RETURN);
870 } else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
871 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
873 SCVAL(p,0,NO_OPLOCK_RETURN);
877 SSVAL(p,0,fsp->fnum);
879 if ((create_disposition == FILE_SUPERSEDE) && (info == FILE_WAS_OVERWRITTEN)) {
880 SIVAL(p,0,FILE_WAS_SUPERSEDED);
887 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
889 if (lp_dos_filetime_resolution(SNUM(conn))) {
896 put_long_date(p,c_time);
898 put_long_date(p,sbuf.st_atime); /* access time */
900 put_long_date(p,sbuf.st_mtime); /* write time */
902 put_long_date(p,sbuf.st_mtime); /* change time */
904 SIVAL(p,0,fattr); /* File Attributes. */
906 SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf));
908 SOFF_T(p,0,file_len);
910 if (flags & EXTENDED_RESPONSE_REQUIRED) {
914 SCVAL(p,0,fsp->is_directory ? 1 : 0);
916 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
918 result = chain_reply(inbuf,outbuf,length,bufsize);
919 END_PROFILE(SMBntcreateX);
923 /****************************************************************************
924 Reply to a NT_TRANSACT_CREATE call to open a pipe.
925 ****************************************************************************/
927 static int do_nt_transact_create_pipe( connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
928 uint16 **ppsetup, uint32 setup_count,
929 char **ppparams, uint32 parameter_count,
930 char **ppdata, uint32 data_count)
933 char *params = *ppparams;
940 * Ensure minimum number of parameters sent.
943 if(parameter_count < 54) {
944 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count));
945 return ERROR_DOS(ERRDOS,ERRnoaccess);
948 srvstr_get_path(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE, &status);
949 if (!NT_STATUS_IS_OK(status)) {
950 return ERROR_NT(status);
953 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) {
957 /* Realloc the size of parameters and data we will return */
958 params = nttrans_realloc(ppparams, 69);
960 return ERROR_DOS(ERRDOS,ERRnomem);
964 SCVAL(p,0,NO_OPLOCK_RETURN);
969 SIVAL(p,0,FILE_WAS_OPENED);
973 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
976 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
978 SSVAL(p,2, 0x5FF); /* ? */
980 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
982 /* Send the required number of replies */
983 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0);
988 /****************************************************************************
989 Internal fn to set security descriptors.
990 ****************************************************************************/
992 static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security_info_sent)
995 SEC_DESC *psd = NULL;
999 if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
1000 return NT_STATUS_OK;
1004 * Init the parse struct we will unmarshall from.
1007 if ((mem_ctx = talloc_init("set_sd")) == NULL) {
1008 DEBUG(0,("set_sd: talloc_init failed.\n"));
1009 return NT_STATUS_NO_MEMORY;
1012 prs_init(&pd, 0, mem_ctx, UNMARSHALL);
1015 * Setup the prs_struct to point at the memory we just
1019 prs_give_memory( &pd, data, sd_len, False);
1022 * Finally, unmarshall from the data buffer.
1025 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1026 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
1028 * Return access denied for want of a better error message..
1030 talloc_destroy(mem_ctx);
1031 return NT_STATUS_NO_MEMORY;
1034 if (psd->off_owner_sid==0) {
1035 security_info_sent &= ~OWNER_SECURITY_INFORMATION;
1037 if (psd->off_grp_sid==0) {
1038 security_info_sent &= ~GROUP_SECURITY_INFORMATION;
1040 if (psd->off_sacl==0) {
1041 security_info_sent &= ~SACL_SECURITY_INFORMATION;
1043 if (psd->off_dacl==0) {
1044 security_info_sent &= ~DACL_SECURITY_INFORMATION;
1047 ret = SMB_VFS_FSET_NT_ACL( fsp, fsp->fh->fd, security_info_sent, psd);
1050 talloc_destroy(mem_ctx);
1051 return NT_STATUS_ACCESS_DENIED;
1054 talloc_destroy(mem_ctx);
1056 return NT_STATUS_OK;
1059 /****************************************************************************
1060 Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
1061 ****************************************************************************/
1063 static struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
1065 struct ea_list *ea_list_head = NULL;
1068 if (data_size < 4) {
1072 while (offset + 4 <= data_size) {
1073 size_t next_offset = IVAL(pdata,offset);
1074 struct ea_list *tmp;
1075 struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset + 4, data_size - offset - 4, NULL);
1081 DLIST_ADD_END(ea_list_head, eal, tmp);
1082 if (next_offset == 0) {
1085 offset += next_offset;
1088 return ea_list_head;
1091 /****************************************************************************
1092 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1093 ****************************************************************************/
1095 static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
1096 uint16 **ppsetup, uint32 setup_count,
1097 char **ppparams, uint32 parameter_count,
1098 char **ppdata, uint32 data_count, uint32 max_data_count)
1101 char *params = *ppparams;
1102 char *data = *ppdata;
1103 /* Breakout the oplock request bits so we can set the reply bits separately. */
1104 int oplock_request = 0;
1106 SMB_OFF_T file_len = 0;
1107 SMB_STRUCT_STAT sbuf;
1109 BOOL bad_path = False;
1110 files_struct *fsp = NULL;
1112 BOOL extended_oplock_granted = False;
1115 uint32 file_attributes;
1116 uint32 share_access;
1117 uint32 create_disposition;
1118 uint32 create_options;
1121 uint16 root_dir_fid;
1123 struct ea_list *ea_list = NULL;
1124 TALLOC_CTX *ctx = NULL;
1128 DEBUG(5,("call_nt_transact_create\n"));
1131 * If it's an IPC, use the pipe handler.
1135 if (lp_nt_pipe_support()) {
1136 return do_nt_transact_create_pipe(conn, inbuf, outbuf, length,
1138 ppsetup, setup_count,
1139 ppparams, parameter_count,
1140 ppdata, data_count);
1142 return ERROR_DOS(ERRDOS,ERRnoaccess);
1147 * Ensure minimum number of parameters sent.
1150 if(parameter_count < 54) {
1151 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count));
1152 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1155 flags = IVAL(params,0);
1156 access_mask = IVAL(params,8);
1157 file_attributes = IVAL(params,20);
1158 share_access = IVAL(params,24);
1159 create_disposition = IVAL(params,28);
1160 create_options = IVAL(params,32);
1161 sd_len = IVAL(params,36);
1162 ea_len = IVAL(params,40);
1163 root_dir_fid = (uint16)IVAL(params,4);
1165 /* Ensure the data_len is correct for the sd and ea values given. */
1166 if ((ea_len + sd_len > data_count) ||
1167 (ea_len > data_count) || (sd_len > data_count) ||
1168 (ea_len + sd_len < ea_len) || (ea_len + sd_len < sd_len)) {
1169 DEBUG(10,("call_nt_transact_create - ea_len = %u, sd_len = %u, data_count = %u\n",
1170 (unsigned int)ea_len, (unsigned int)sd_len, (unsigned int)data_count ));
1171 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1175 if (!lp_ea_support(SNUM(conn))) {
1176 DEBUG(10,("call_nt_transact_create - ea_len = %u but EA's not supported.\n",
1177 (unsigned int)ea_len ));
1178 return ERROR_NT(NT_STATUS_EAS_NOT_SUPPORTED);
1182 DEBUG(10,("call_nt_transact_create - ea_len = %u - too small (should be more than 10)\n",
1183 (unsigned int)ea_len ));
1184 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1188 if (create_options & FILE_OPEN_BY_FILE_ID) {
1189 return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
1193 * Get the file name.
1196 if(root_dir_fid != 0) {
1198 * This filename is relative to a directory fid.
1200 files_struct *dir_fsp = file_fsp(params,4);
1201 size_t dir_name_len;
1204 return ERROR_DOS(ERRDOS,ERRbadfid);
1207 if(!dir_fsp->is_directory) {
1208 srvstr_get_path(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE, &status);
1209 if (!NT_STATUS_IS_OK(status)) {
1210 return ERROR_NT(status);
1214 * Check to see if this is a mac fork of some kind.
1217 if( is_ntfs_stream_name(fname)) {
1218 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1221 return ERROR_DOS(ERRDOS,ERRbadfid);
1225 * Copy in the base directory name.
1228 pstrcpy( fname, dir_fsp->fsp_name );
1229 dir_name_len = strlen(fname);
1232 * Ensure it ends in a '\'.
1235 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
1236 pstrcat(fname, "/");
1242 srvstr_get_path(inbuf, tmpname, params+53, sizeof(tmpname), parameter_count-53, STR_TERMINATE, &status);
1243 if (!NT_STATUS_IS_OK(status)) {
1244 return ERROR_NT(status);
1246 pstrcat(fname, tmpname);
1249 srvstr_get_path(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE, &status);
1250 if (!NT_STATUS_IS_OK(status)) {
1251 return ERROR_NT(status);
1255 * Check to see if this is a mac fork of some kind.
1258 if( is_ntfs_stream_name(fname)) {
1259 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1263 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1264 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
1267 * Check if POSIX semantics are wanted.
1270 set_posix_case_semantics(conn, file_attributes);
1272 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1274 unix_convert(fname,conn,0,&bad_path,&sbuf);
1276 restore_case_semantics(conn, file_attributes);
1277 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1279 /* All file access must go through check_name() */
1280 if (!check_name(fname,conn)) {
1281 restore_case_semantics(conn, file_attributes);
1282 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadpath);
1286 /* This is the correct thing to do (check every time) but can_delete is
1287 expensive (it may have to read the parent directory permissions). So
1288 for now we're not doing it unless we have a strong hint the client
1289 is really going to delete this file. */
1290 if (desired_access & DELETE_ACCESS) {
1292 /* Setting FILE_SHARE_DELETE is the hint. */
1293 if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS)) {
1295 status = can_delete(conn, fname, file_attributes, bad_path, True);
1296 /* We're only going to fail here if it's access denied, as that's the
1297 only error we care about for "can we delete this ?" questions. */
1298 if (!NT_STATUS_IS_OK(status) && (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) ||
1299 NT_STATUS_EQUAL(status,NT_STATUS_CANNOT_DELETE))) {
1300 restore_case_semantics(conn, file_attributes);
1301 return ERROR_NT(status);
1306 ctx = talloc_init("NTTRANS_CREATE_EA");
1308 talloc_destroy(ctx);
1309 restore_case_semantics(conn, file_attributes);
1310 return ERROR_NT(NT_STATUS_NO_MEMORY);
1313 pdata = data + sd_len;
1315 /* We have already checked that ea_len <= data_count here. */
1316 ea_list = read_nttrans_ea_list(ctx, pdata, ea_len);
1318 talloc_destroy(ctx);
1319 restore_case_semantics(conn, file_attributes);
1320 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1325 * If it's a request for a directory open, deal with it separately.
1328 if(create_options & FILE_DIRECTORY_FILE) {
1330 /* Can't open a temp directory. IFS kit test. */
1331 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
1332 talloc_destroy(ctx);
1333 restore_case_semantics(conn, file_attributes);
1334 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
1340 * We will get a create directory here if the Win32
1341 * app specified a security descriptor in the
1342 * CreateDirectory() call.
1345 status = open_directory(conn, fname, &sbuf,
1351 if(!NT_STATUS_IS_OK(status)) {
1352 talloc_destroy(ctx);
1353 restore_case_semantics(conn, file_attributes);
1354 return ERROR_NT(status);
1360 * Ordinary file case.
1363 status = open_file_ntcreate(conn,fname,&sbuf,
1372 if (!NT_STATUS_IS_OK(status)) {
1373 if (NT_STATUS_EQUAL(status,
1374 NT_STATUS_FILE_IS_A_DIRECTORY)) {
1377 * Fail the open if it was explicitly a non-directory file.
1380 if (create_options & FILE_NON_DIRECTORY_FILE) {
1381 restore_case_semantics(conn, file_attributes);
1382 return ERROR_FORCE_NT(NT_STATUS_FILE_IS_A_DIRECTORY);
1386 status = open_directory(conn, fname, &sbuf,
1392 if(!NT_STATUS_IS_OK(status)) {
1393 talloc_destroy(ctx);
1394 restore_case_semantics(conn, file_attributes);
1395 return ERROR_NT(status);
1398 talloc_destroy(ctx);
1399 restore_case_semantics(conn, file_attributes);
1400 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1401 /* We have re-scheduled this call. */
1404 return ERROR_NT(status);
1410 * According to the MS documentation, the only time the security
1411 * descriptor is applied to the opened file is iff we *created* the
1412 * file; an existing file stays the same.
1414 * Also, it seems (from observation) that you can open the file with
1415 * any access mask but you can still write the sd. We need to override
1416 * the granted access before we call set_sd
1417 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
1420 if (lp_nt_acl_support(SNUM(conn)) && sd_len && info == FILE_WAS_CREATED) {
1421 uint32 saved_access_mask = fsp->access_mask;
1423 /* We have already checked that sd_len <= data_count here. */
1425 fsp->access_mask = FILE_GENERIC_ALL;
1427 status = set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION);
1428 if (!NT_STATUS_IS_OK(status)) {
1429 talloc_destroy(ctx);
1430 close_file(fsp,ERROR_CLOSE);
1431 restore_case_semantics(conn, file_attributes);
1432 return ERROR_NT(status);
1434 fsp->access_mask = saved_access_mask;
1437 if (ea_len && (info == FILE_WAS_CREATED)) {
1438 status = set_ea(conn, fsp, fname, ea_list);
1439 talloc_destroy(ctx);
1440 if (!NT_STATUS_IS_OK(status)) {
1441 close_file(fsp,ERROR_CLOSE);
1442 restore_case_semantics(conn, file_attributes);
1443 return ERROR_NT(status);
1447 restore_case_semantics(conn, file_attributes);
1449 file_len = sbuf.st_size;
1450 fattr = dos_mode(conn,fname,&sbuf);
1452 fattr = FILE_ATTRIBUTE_NORMAL;
1454 if (!fsp->is_directory && (fattr & aDIR)) {
1455 close_file(fsp,ERROR_CLOSE);
1456 return ERROR_DOS(ERRDOS,ERRnoaccess);
1459 /* Save the requested allocation size. */
1460 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
1461 SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(params,12);
1462 #ifdef LARGE_SMB_OFF_T
1463 allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32);
1465 if (allocation_size && (allocation_size > file_len)) {
1466 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1467 if (fsp->is_directory) {
1468 close_file(fsp,ERROR_CLOSE);
1469 /* Can't set allocation size on a directory. */
1470 return ERROR_NT(NT_STATUS_ACCESS_DENIED);
1472 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1473 close_file(fsp,ERROR_CLOSE);
1474 return ERROR_NT(NT_STATUS_DISK_FULL);
1477 fsp->initial_allocation_size = smb_roundup(fsp->conn, (SMB_BIG_UINT)file_len);
1482 * If the caller set the extended oplock request bit
1483 * and we granted one (by whatever means) - set the
1484 * correct bit for extended oplock reply.
1487 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1488 extended_oplock_granted = True;
1491 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1492 extended_oplock_granted = True;
1495 /* Realloc the size of parameters and data we will return */
1496 params = nttrans_realloc(ppparams, 69);
1497 if(params == NULL) {
1498 return ERROR_DOS(ERRDOS,ERRnomem);
1502 if (extended_oplock_granted) {
1503 SCVAL(p,0, BATCH_OPLOCK_RETURN);
1504 } else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type)) {
1505 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
1507 SCVAL(p,0,NO_OPLOCK_RETURN);
1511 SSVAL(p,0,fsp->fnum);
1513 if ((create_disposition == FILE_SUPERSEDE) && (info == FILE_WAS_OVERWRITTEN)) {
1514 SIVAL(p,0,FILE_WAS_SUPERSEDED);
1521 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
1523 if (lp_dos_filetime_resolution(SNUM(conn))) {
1525 sbuf.st_atime &= ~1;
1526 sbuf.st_mtime &= ~1;
1527 sbuf.st_mtime &= ~1;
1530 put_long_date(p,c_time);
1532 put_long_date(p,sbuf.st_atime); /* access time */
1534 put_long_date(p,sbuf.st_mtime); /* write time */
1536 put_long_date(p,sbuf.st_mtime); /* change time */
1538 SIVAL(p,0,fattr); /* File Attributes. */
1540 SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf));
1542 SOFF_T(p,0,file_len);
1544 if (flags & EXTENDED_RESPONSE_REQUIRED) {
1548 SCVAL(p,0,fsp->is_directory ? 1 : 0);
1550 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
1552 /* Send the required number of replies */
1553 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0);
1558 /****************************************************************************
1559 Reply to a NT CANCEL request.
1560 conn POINTER CAN BE NULL HERE !
1561 ****************************************************************************/
1563 int reply_ntcancel(connection_struct *conn,
1564 char *inbuf,char *outbuf,int length,int bufsize)
1567 * Go through and cancel any pending change notifies.
1570 int mid = SVAL(inbuf,smb_mid);
1571 START_PROFILE(SMBntcancel);
1572 remove_pending_change_notify_requests_by_mid(mid);
1573 remove_pending_lock_requests_by_mid(mid);
1574 srv_cancel_sign_response(mid);
1576 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid));
1578 END_PROFILE(SMBntcancel);
1582 /****************************************************************************
1584 ****************************************************************************/
1586 static NTSTATUS copy_internals(connection_struct *conn, char *oldname, char *newname, uint32 attrs)
1588 BOOL bad_path_oldname = False;
1589 BOOL bad_path_newname = False;
1590 SMB_STRUCT_STAT sbuf1, sbuf2;
1591 pstring last_component_oldname;
1592 pstring last_component_newname;
1593 files_struct *fsp1,*fsp2;
1598 NTSTATUS status = NT_STATUS_OK;
1604 if (ms_has_wild(newname) || ms_has_wild(oldname)) {
1605 return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
1608 if (!CAN_WRITE(conn))
1609 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1611 unix_convert(oldname,conn,last_component_oldname,&bad_path_oldname,&sbuf1);
1612 if (bad_path_oldname) {
1613 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1616 /* Quick check for "." and ".." */
1617 if (last_component_oldname[0] == '.') {
1618 if (!last_component_oldname[1] || (last_component_oldname[1] == '.' && !last_component_oldname[2])) {
1619 return NT_STATUS_OBJECT_NAME_INVALID;
1623 /* Source must already exist. */
1624 if (!VALID_STAT(sbuf1)) {
1625 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1627 if (!check_name(oldname,conn)) {
1628 return NT_STATUS_ACCESS_DENIED;
1631 /* Ensure attributes match. */
1632 fattr = dos_mode(conn,oldname,&sbuf1);
1633 if ((fattr & ~attrs) & (aHIDDEN | aSYSTEM)) {
1634 return NT_STATUS_NO_SUCH_FILE;
1637 unix_convert(newname,conn,last_component_newname,&bad_path_newname,&sbuf2);
1638 if (bad_path_newname) {
1639 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1642 /* Quick check for "." and ".." */
1643 if (last_component_newname[0] == '.') {
1644 if (!last_component_newname[1] || (last_component_newname[1] == '.' && !last_component_newname[2])) {
1645 return NT_STATUS_OBJECT_NAME_INVALID;
1649 /* Disallow if newname already exists. */
1650 if (VALID_STAT(sbuf2)) {
1651 return NT_STATUS_OBJECT_NAME_COLLISION;
1654 if (!check_name(newname,conn)) {
1655 return NT_STATUS_ACCESS_DENIED;
1658 /* No links from a directory. */
1659 if (S_ISDIR(sbuf1.st_mode)) {
1660 return NT_STATUS_FILE_IS_A_DIRECTORY;
1663 /* Ensure this is within the share. */
1664 if (!reduce_name(conn, oldname) != 0) {
1665 return NT_STATUS_ACCESS_DENIED;
1668 DEBUG(10,("copy_internals: doing file copy %s to %s\n", oldname, newname));
1670 status = open_file_ntcreate(conn,oldname,&sbuf1,
1671 FILE_READ_DATA, /* Read-only. */
1672 FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
1674 0, /* No create options. */
1675 FILE_ATTRIBUTE_NORMAL,
1679 if (!NT_STATUS_IS_OK(status)) {
1683 status = open_file_ntcreate(conn,newname,&sbuf2,
1684 FILE_WRITE_DATA, /* Read-only. */
1685 FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
1687 0, /* No create options. */
1692 if (!NT_STATUS_IS_OK(status)) {
1693 close_file(fsp1,ERROR_CLOSE);
1697 if (sbuf1.st_size) {
1698 ret = vfs_transfer_file(fsp1, fsp2, sbuf1.st_size);
1702 * As we are opening fsp1 read-only we only expect
1703 * an error on close on fsp2 if we are out of space.
1704 * Thus we don't look at the error return from the
1707 close_file(fsp1,NORMAL_CLOSE);
1709 /* Ensure the modtime is set correctly on the destination file. */
1710 fsp_set_pending_modtime(fsp2, sbuf1.st_mtime);
1712 close_ret = close_file(fsp2,NORMAL_CLOSE);
1714 /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it
1715 creates the file. This isn't the correct thing to do in the copy
1717 file_set_dosmode(conn, newname, fattr, &sbuf2, True);
1719 if (ret < (SMB_OFF_T)sbuf1.st_size) {
1720 return NT_STATUS_DISK_FULL;
1723 if (close_ret != 0) {
1724 status = map_nt_error_from_unix(close_ret);
1725 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1726 nt_errstr(status), oldname, newname));
1731 /****************************************************************************
1732 Reply to a NT rename request.
1733 ****************************************************************************/
1735 int reply_ntrename(connection_struct *conn,
1736 char *inbuf,char *outbuf,int length,int bufsize)
1743 BOOL path_contains_wcard = False;
1744 uint32 attrs = SVAL(inbuf,smb_vwv0);
1745 uint16 rename_type = SVAL(inbuf,smb_vwv1);
1747 START_PROFILE(SMBntrename);
1749 p = smb_buf(inbuf) + 1;
1750 p += srvstr_get_path_wcard(inbuf, oldname, p, sizeof(oldname), 0, STR_TERMINATE, &status, &path_contains_wcard);
1751 if (!NT_STATUS_IS_OK(status)) {
1752 END_PROFILE(SMBntrename);
1753 return ERROR_NT(status);
1756 if( is_ntfs_stream_name(oldname)) {
1757 /* Can't rename a stream. */
1758 END_PROFILE(SMBntrename);
1759 return ERROR_NT(NT_STATUS_ACCESS_DENIED);
1762 if (ms_has_wild(oldname)) {
1763 END_PROFILE(SMBntrename);
1764 return ERROR_NT(NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
1768 p += srvstr_get_path(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status);
1769 if (!NT_STATUS_IS_OK(status)) {
1770 END_PROFILE(SMBntrename);
1771 return ERROR_NT(status);
1774 RESOLVE_DFSPATH(oldname, conn, inbuf, outbuf);
1775 RESOLVE_DFSPATH(newname, conn, inbuf, outbuf);
1777 DEBUG(3,("reply_ntrename : %s -> %s\n",oldname,newname));
1779 switch(rename_type) {
1780 case RENAME_FLAG_RENAME:
1781 status = rename_internals(conn, oldname, newname, attrs, False, path_contains_wcard);
1783 case RENAME_FLAG_HARD_LINK:
1784 status = hardlink_internals(conn, oldname, newname);
1786 case RENAME_FLAG_COPY:
1787 if (path_contains_wcard) {
1789 status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
1791 status = copy_internals(conn, oldname, newname, attrs);
1794 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
1795 status = NT_STATUS_INVALID_PARAMETER;
1798 status = NT_STATUS_ACCESS_DENIED; /* Default error. */
1802 if (!NT_STATUS_IS_OK(status)) {
1803 END_PROFILE(SMBntrename);
1804 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1805 /* We have re-scheduled this call. */
1808 return ERROR_NT(status);
1812 * Win2k needs a changenotify request response before it will
1813 * update after a rename..
1815 process_pending_change_notify_queue((time_t)0);
1816 outsize = set_message(outbuf,0,0,False);
1818 END_PROFILE(SMBntrename);
1822 /****************************************************************************
1823 Reply to a notify change - queue the request and
1824 don't allow a directory to be opened.
1825 ****************************************************************************/
1827 static int call_nt_transact_notify_change(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
1828 uint16 **ppsetup, uint32 setup_count,
1829 char **ppparams, uint32 parameter_count,
1830 char **ppdata, uint32 data_count, uint32 max_data_count)
1832 uint16 *setup = *ppsetup;
1836 if(setup_count < 6) {
1837 return ERROR_DOS(ERRDOS,ERRbadfunc);
1840 fsp = file_fsp((char *)setup,4);
1841 flags = IVAL(setup, 0);
1843 DEBUG(3,("call_nt_transact_notify_change\n"));
1846 return ERROR_DOS(ERRDOS,ERRbadfid);
1849 if((!fsp->is_directory) || (conn != fsp->conn)) {
1850 return ERROR_DOS(ERRDOS,ERRbadfid);
1853 if (!change_notify_set(inbuf, fsp, conn, flags)) {
1854 return(UNIXERROR(ERRDOS,ERRbadfid));
1857 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
1858 name = %s\n", fsp->fsp_name ));
1863 /****************************************************************************
1864 Reply to an NT transact rename command.
1865 ****************************************************************************/
1867 static int call_nt_transact_rename(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
1868 uint16 **ppsetup, uint32 setup_count,
1869 char **ppparams, uint32 parameter_count,
1870 char **ppdata, uint32 data_count, uint32 max_data_count)
1872 char *params = *ppparams;
1874 files_struct *fsp = NULL;
1875 BOOL replace_if_exists = False;
1876 BOOL path_contains_wcard = False;
1879 if(parameter_count < 4) {
1880 return ERROR_DOS(ERRDOS,ERRbadfunc);
1883 fsp = file_fsp(params, 0);
1884 replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
1885 CHECK_FSP(fsp, conn);
1886 srvstr_get_path_wcard(inbuf, new_name, params+4, sizeof(new_name), -1, STR_TERMINATE, &status, &path_contains_wcard);
1887 if (!NT_STATUS_IS_OK(status)) {
1888 return ERROR_NT(status);
1891 status = rename_internals(conn, fsp->fsp_name,
1892 new_name, 0, replace_if_exists, path_contains_wcard);
1893 if (!NT_STATUS_IS_OK(status))
1894 return ERROR_NT(status);
1897 * Rename was successful.
1899 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
1901 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
1902 fsp->fsp_name, new_name));
1905 * Win2k needs a changenotify request response before it will
1906 * update after a rename..
1909 process_pending_change_notify_queue((time_t)0);
1914 /******************************************************************************
1915 Fake up a completely empty SD.
1916 *******************************************************************************/
1918 static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
1922 *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
1924 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
1931 /****************************************************************************
1932 Reply to query a security descriptor.
1933 ****************************************************************************/
1935 static int call_nt_transact_query_security_desc(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
1936 uint16 **ppsetup, uint32 setup_count,
1937 char **ppparams, uint32 parameter_count,
1938 char **ppdata, uint32 data_count, uint32 max_data_count)
1940 char *params = *ppparams;
1941 char *data = *ppdata;
1943 SEC_DESC *psd = NULL;
1945 uint32 security_info_wanted;
1946 TALLOC_CTX *mem_ctx;
1947 files_struct *fsp = NULL;
1949 if(parameter_count < 8) {
1950 return ERROR_DOS(ERRDOS,ERRbadfunc);
1953 fsp = file_fsp(params,0);
1955 return ERROR_DOS(ERRDOS,ERRbadfid);
1958 security_info_wanted = IVAL(params,4);
1960 DEBUG(3,("call_nt_transact_query_security_desc: file = %s, info_wanted = 0x%x\n", fsp->fsp_name,
1961 (unsigned int)security_info_wanted ));
1963 params = nttrans_realloc(ppparams, 4);
1964 if(params == NULL) {
1965 return ERROR_DOS(ERRDOS,ERRnomem);
1968 if ((mem_ctx = talloc_init("call_nt_transact_query_security_desc")) == NULL) {
1969 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
1970 return ERROR_DOS(ERRDOS,ERRnomem);
1974 * Get the permissions to return.
1977 if (!lp_nt_acl_support(SNUM(conn))) {
1978 sd_size = get_null_nt_acl(mem_ctx, &psd);
1980 sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd);
1984 talloc_destroy(mem_ctx);
1985 return(UNIXERROR(ERRDOS,ERRnoaccess));
1988 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
1990 SIVAL(params,0,(uint32)sd_size);
1992 if(max_data_count < sd_size) {
1994 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL,
1995 params, 4, *ppdata, 0);
1996 talloc_destroy(mem_ctx);
2001 * Allocate the data we will point this at.
2004 data = nttrans_realloc(ppdata, sd_size);
2006 talloc_destroy(mem_ctx);
2007 return ERROR_DOS(ERRDOS,ERRnomem);
2011 * Init the parse struct we will marshall into.
2014 prs_init(&pd, 0, mem_ctx, MARSHALL);
2017 * Setup the prs_struct to point at the memory we just
2021 prs_give_memory( &pd, data, (uint32)sd_size, False);
2024 * Finally, linearize into the outgoing buffer.
2027 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
2028 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
2029 security descriptor.\n"));
2031 * Return access denied for want of a better error message..
2033 talloc_destroy(mem_ctx);
2034 return(UNIXERROR(ERRDOS,ERRnoaccess));
2038 * Now we can delete the security descriptor.
2041 talloc_destroy(mem_ctx);
2043 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 4, data, (int)sd_size);
2047 /****************************************************************************
2048 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2049 ****************************************************************************/
2051 static int call_nt_transact_set_security_desc(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
2052 uint16 **ppsetup, uint32 setup_count,
2053 char **ppparams, uint32 parameter_count,
2054 char **ppdata, uint32 data_count, uint32 max_data_count)
2056 char *params= *ppparams;
2057 char *data = *ppdata;
2058 files_struct *fsp = NULL;
2059 uint32 security_info_sent = 0;
2062 if(parameter_count < 8) {
2063 return ERROR_DOS(ERRDOS,ERRbadfunc);
2066 if((fsp = file_fsp(params,0)) == NULL) {
2067 return ERROR_DOS(ERRDOS,ERRbadfid);
2070 if(!lp_nt_acl_support(SNUM(conn))) {
2074 security_info_sent = IVAL(params,4);
2076 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
2077 (unsigned int)security_info_sent ));
2079 if (data_count == 0) {
2080 return ERROR_DOS(ERRDOS, ERRnoaccess);
2083 if (!NT_STATUS_IS_OK(nt_status = set_sd( fsp, data, data_count, security_info_sent))) {
2084 return ERROR_NT(nt_status);
2089 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
2093 /****************************************************************************
2095 ****************************************************************************/
2097 static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
2098 uint16 **ppsetup, uint32 setup_count,
2099 char **ppparams, uint32 parameter_count,
2100 char **ppdata, uint32 data_count, uint32 max_data_count)
2107 static BOOL logged_message;
2108 char *pdata = *ppdata;
2110 if (setup_count != 8) {
2111 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count));
2112 return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
2115 function = IVAL(*ppsetup, 0);
2116 fidnum = SVAL(*ppsetup, 4);
2117 isFSctl = CVAL(*ppsetup, 6);
2118 compfilter = CVAL(*ppsetup, 7);
2120 DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
2121 function, fidnum, isFSctl, compfilter));
2123 fsp=file_fsp((char *)*ppsetup, 4);
2124 /* this check is done in each implemented function case for now
2125 because I don't want to break anything... --metze
2126 FSP_BELONGS_CONN(fsp,conn);*/
2129 case FSCTL_SET_SPARSE:
2130 /* pretend this succeeded - tho strictly we should
2131 mark the file sparse (if the local fs supports it)
2132 so we can know if we need to pre-allocate or not */
2134 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum));
2135 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
2138 case FSCTL_0x000900C0:
2139 /* pretend this succeeded - don't know what this really is
2140 but works ok like this --metze
2143 DEBUG(10,("FSCTL_0x000900C0: called on FID[0x%04X](but not implemented)\n",fidnum));
2144 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
2147 case FSCTL_GET_REPARSE_POINT:
2148 /* pretend this fail - my winXP does it like this
2152 DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
2153 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, NULL, 0, NULL, 0);
2156 case FSCTL_SET_REPARSE_POINT:
2157 /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case.
2161 DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
2162 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, NULL, 0, NULL, 0);
2165 case FSCTL_GET_SHADOW_COPY_DATA: /* don't know if this name is right...*/
2168 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
2169 * and return their volume names. If max_data_count is 16, then it is just
2170 * asking for the number of volumes and length of the combined names.
2172 * pdata is the data allocated by our caller, but that uses
2173 * total_data_count (which is 0 in our case) rather than max_data_count.
2174 * Allocate the correct amount and return the pointer to let
2175 * it be deallocated when we return.
2177 SHADOW_COPY_DATA *shadow_data = NULL;
2178 TALLOC_CTX *shadow_mem_ctx = NULL;
2179 BOOL labels = False;
2180 uint32 labels_data_count = 0;
2184 FSP_BELONGS_CONN(fsp,conn);
2186 if (max_data_count < 16) {
2187 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
2189 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
2192 if (max_data_count > 16) {
2196 shadow_mem_ctx = talloc_init("SHADOW_COPY_DATA");
2197 if (shadow_mem_ctx == NULL) {
2198 DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
2199 return ERROR_NT(NT_STATUS_NO_MEMORY);
2202 shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
2203 if (shadow_data == NULL) {
2204 DEBUG(0,("talloc_zero() failed!\n"));
2205 talloc_destroy(shadow_mem_ctx);
2206 return ERROR_NT(NT_STATUS_NO_MEMORY);
2209 shadow_data->mem_ctx = shadow_mem_ctx;
2212 * Call the VFS routine to actually do the work.
2214 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) {
2215 talloc_destroy(shadow_data->mem_ctx);
2216 if (errno == ENOSYS) {
2217 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n",
2218 conn->connectpath));
2219 return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
2221 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n",
2222 conn->connectpath));
2223 return ERROR_NT(NT_STATUS_UNSUCCESSFUL);
2227 labels_data_count = (shadow_data->num_volumes*2*sizeof(SHADOW_COPY_LABEL))+2;
2232 data_count = 12+labels_data_count+4;
2235 if (max_data_count<data_count) {
2236 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
2237 max_data_count,data_count));
2238 talloc_destroy(shadow_data->mem_ctx);
2239 return ERROR_NT(NT_STATUS_BUFFER_TOO_SMALL);
2242 pdata = nttrans_realloc(ppdata, data_count);
2243 if (pdata == NULL) {
2244 talloc_destroy(shadow_data->mem_ctx);
2245 return ERROR_NT(NT_STATUS_NO_MEMORY);
2250 /* num_volumes 4 bytes */
2251 SIVAL(pdata,0,shadow_data->num_volumes);
2254 /* num_labels 4 bytes */
2255 SIVAL(pdata,4,shadow_data->num_volumes);
2258 /* needed_data_count 4 bytes */
2259 SIVAL(pdata,8,labels_data_count);
2263 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
2264 shadow_data->num_volumes,fsp->fsp_name));
2265 if (labels && shadow_data->labels) {
2266 for (i=0;i<shadow_data->num_volumes;i++) {
2267 srvstr_push(outbuf, cur_pdata, shadow_data->labels[i], 2*sizeof(SHADOW_COPY_LABEL), STR_UNICODE|STR_TERMINATE);
2268 cur_pdata+=2*sizeof(SHADOW_COPY_LABEL);
2269 DEBUGADD(10,("Label[%u]: '%s'\n",i,shadow_data->labels[i]));
2273 talloc_destroy(shadow_data->mem_ctx);
2275 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, pdata, data_count);
2280 case FSCTL_FIND_FILES_BY_SID: /* I hope this name is right */
2282 /* pretend this succeeded -
2284 * we have to send back a list with all files owned by this SID
2286 * but I have to check that --metze
2290 size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
2292 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
2294 FSP_BELONGS_CONN(fsp,conn);
2296 /* unknown 4 bytes: this is not the length of the sid :-( */
2297 /*unknown = IVAL(pdata,0);*/
2299 sid_parse(pdata+4,sid_len,&sid);
2300 DEBUGADD(10,("for SID: %s\n",sid_string_static(&sid)));
2302 if (!sid_to_uid(&sid, &uid)) {
2303 DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2304 sid_string_static(&sid),(unsigned long)sid_len));
2308 /* we can take a look at the find source :-)
2310 * find ./ -uid $uid -name '*' is what we need here
2313 * and send 4bytes len and then NULL terminated unicode strings
2316 * but I don't know how to deal with the paged results
2317 * (maybe we can hang the result anywhere in the fsp struct)
2319 * we don't send all files at once
2320 * and at the next we should *not* start from the beginning,
2321 * so we have to cache the result
2326 /* this works for now... */
2327 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
2331 if (!logged_message) {
2332 logged_message = True; /* Only print this once... */
2333 DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n",
2338 return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
2342 #ifdef HAVE_SYS_QUOTAS
2343 /****************************************************************************
2344 Reply to get user quota
2345 ****************************************************************************/
2347 static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
2348 uint16 **ppsetup, uint32 setup_count,
2349 char **ppparams, uint32 parameter_count,
2350 char **ppdata, uint32 data_count, uint32 max_data_count)
2352 NTSTATUS nt_status = NT_STATUS_OK;
2353 char *params = *ppparams;
2354 char *pdata = *ppdata;
2356 int data_len=0,param_len=0;
2359 files_struct *fsp = NULL;
2363 BOOL start_enum = True;
2364 SMB_NTQUOTA_STRUCT qt;
2365 SMB_NTQUOTA_LIST *tmp_list;
2366 SMB_NTQUOTA_HANDLE *qt_handle = NULL;
2367 extern struct current_user current_user;
2372 if (current_user.ut.uid != 0) {
2373 DEBUG(1,("get_user_quota: access_denied service [%s] user [%s]\n",
2374 lp_servicename(SNUM(conn)),conn->user));
2375 return ERROR_DOS(ERRDOS,ERRnoaccess);
2379 * Ensure minimum number of parameters sent.
2382 if (parameter_count < 4) {
2383 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count));
2384 return ERROR_DOS(ERRDOS,ERRinvalidparam);
2387 /* maybe we can check the quota_fnum */
2388 fsp = file_fsp(params,0);
2389 if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
2390 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2391 return ERROR_NT(NT_STATUS_INVALID_HANDLE);
2394 /* the NULL pointer checking for fsp->fake_file_handle->pd
2395 * is done by CHECK_NTQUOTA_HANDLE_OK()
2397 qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->pd;
2399 level = SVAL(params,2);
2401 /* unknown 12 bytes leading in params */
2404 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE:
2405 /* seems that we should continue with the enum here --metze */
2407 if (qt_handle->quota_list!=NULL &&
2408 qt_handle->tmp_list==NULL) {
2411 free_ntquota_list(&(qt_handle->quota_list));
2413 /* Realloc the size of parameters and data we will return */
2415 params = nttrans_realloc(ppparams, param_len);
2416 if(params == NULL) {
2417 return ERROR_DOS(ERRDOS,ERRnomem);
2421 SIVAL(params,0,data_len);
2428 case TRANSACT_GET_USER_QUOTA_LIST_START:
2430 if (qt_handle->quota_list==NULL &&
2431 qt_handle->tmp_list==NULL) {
2435 if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0)
2436 return ERROR_DOS(ERRSRV,ERRerror);
2438 /* Realloc the size of parameters and data we will return */
2440 params = nttrans_realloc(ppparams, param_len);
2441 if(params == NULL) {
2442 return ERROR_DOS(ERRDOS,ERRnomem);
2445 /* we should not trust the value in max_data_count*/
2446 max_data_count = MIN(max_data_count,2048);
2448 pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
2450 return ERROR_DOS(ERRDOS,ERRnomem);
2455 /* set params Size of returned Quota Data 4 bytes*/
2456 /* but set it later when we know it */
2458 /* for each entry push the data */
2461 qt_handle->tmp_list = qt_handle->quota_list;
2464 tmp_list = qt_handle->tmp_list;
2466 for (;((tmp_list!=NULL)&&((qt_len +40+SID_MAX_SIZE)<max_data_count));
2467 tmp_list=tmp_list->next,entry+=entry_len,qt_len+=entry_len) {
2469 sid_len = sid_size(&tmp_list->quotas->sid);
2470 entry_len = 40 + sid_len;
2472 /* nextoffset entry 4 bytes */
2473 SIVAL(entry,0,entry_len);
2475 /* then the len of the SID 4 bytes */
2476 SIVAL(entry,4,sid_len);
2478 /* unknown data 8 bytes SMB_BIG_UINT */
2479 SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-metze*/
2481 /* the used disk space 8 bytes SMB_BIG_UINT */
2482 SBIG_UINT(entry,16,tmp_list->quotas->usedspace);
2484 /* the soft quotas 8 bytes SMB_BIG_UINT */
2485 SBIG_UINT(entry,24,tmp_list->quotas->softlim);
2487 /* the hard quotas 8 bytes SMB_BIG_UINT */
2488 SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
2490 /* and now the SID */
2491 sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
2494 qt_handle->tmp_list = tmp_list;
2496 /* overwrite the offset of the last entry */
2497 SIVAL(entry-entry_len,0,0);
2499 data_len = 4+qt_len;
2500 /* overwrite the params quota_data_len */
2501 SIVAL(params,0,data_len);
2505 case TRANSACT_GET_USER_QUOTA_FOR_SID:
2507 /* unknown 4 bytes IVAL(pdata,0) */
2509 if (data_count < 8) {
2510 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
2511 return ERROR_DOS(ERRDOS,ERRunknownlevel);
2514 sid_len = IVAL(pdata,4);
2515 /* Ensure this is less than 1mb. */
2516 if (sid_len > (1024*1024)) {
2517 return ERROR_DOS(ERRDOS,ERRnomem);
2520 if (data_count < 8+sid_len) {
2521 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
2522 return ERROR_DOS(ERRDOS,ERRunknownlevel);
2525 data_len = 4+40+sid_len;
2527 if (max_data_count < data_len) {
2528 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2529 max_data_count, data_len));
2531 SIVAL(params,0,data_len);
2533 nt_status = NT_STATUS_BUFFER_TOO_SMALL;
2537 sid_parse(pdata+8,sid_len,&sid);
2539 if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
2542 * we have to return zero's in all fields
2543 * instead of returning an error here
2548 /* Realloc the size of parameters and data we will return */
2550 params = nttrans_realloc(ppparams, param_len);
2551 if(params == NULL) {
2552 return ERROR_DOS(ERRDOS,ERRnomem);
2555 pdata = nttrans_realloc(ppdata, data_len);
2557 return ERROR_DOS(ERRDOS,ERRnomem);
2562 /* set params Size of returned Quota Data 4 bytes*/
2563 SIVAL(params,0,data_len);
2565 /* nextoffset entry 4 bytes */
2568 /* then the len of the SID 4 bytes */
2569 SIVAL(entry,4,sid_len);
2571 /* unknown data 8 bytes SMB_BIG_UINT */
2572 SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-mezte*/
2574 /* the used disk space 8 bytes SMB_BIG_UINT */
2575 SBIG_UINT(entry,16,qt.usedspace);
2577 /* the soft quotas 8 bytes SMB_BIG_UINT */
2578 SBIG_UINT(entry,24,qt.softlim);
2580 /* the hard quotas 8 bytes SMB_BIG_UINT */
2581 SBIG_UINT(entry,32,qt.hardlim);
2583 /* and now the SID */
2584 sid_linearize(entry+40, sid_len, &sid);
2589 DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp->fnum,level));
2590 return ERROR_DOS(ERRSRV,ERRerror);
2594 send_nt_replies(inbuf, outbuf, bufsize, nt_status, params, param_len, pdata, data_len);
2599 /****************************************************************************
2600 Reply to set user quota
2601 ****************************************************************************/
2603 static int call_nt_transact_set_user_quota(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize,
2604 uint16 **ppsetup, uint32 setup_count,
2605 char **ppparams, uint32 parameter_count,
2606 char **ppdata, uint32 data_count, uint32 max_data_count)
2608 char *params = *ppparams;
2609 char *pdata = *ppdata;
2610 int data_len=0,param_len=0;
2611 SMB_NTQUOTA_STRUCT qt;
2614 files_struct *fsp = NULL;
2619 if (current_user.ut.uid != 0) {
2620 DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n",
2621 lp_servicename(SNUM(conn)),conn->user));
2622 return ERROR_DOS(ERRDOS,ERRnoaccess);
2626 * Ensure minimum number of parameters sent.
2629 if (parameter_count < 2) {
2630 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count));
2631 return ERROR_DOS(ERRDOS,ERRinvalidparam);
2634 /* maybe we can check the quota_fnum */
2635 fsp = file_fsp(params,0);
2636 if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
2637 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2638 return ERROR_NT(NT_STATUS_INVALID_HANDLE);
2641 if (data_count < 40) {
2642 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40));
2643 return ERROR_DOS(ERRDOS,ERRunknownlevel);
2646 /* offset to next quota record.
2647 * 4 bytes IVAL(pdata,0)
2652 sid_len = IVAL(pdata,4);
2654 if (data_count < 40+sid_len) {
2655 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len));
2656 return ERROR_DOS(ERRDOS,ERRunknownlevel);
2659 /* unknown 8 bytes in pdata
2660 * maybe its the change time in NTTIME
2663 /* the used space 8 bytes (SMB_BIG_UINT)*/
2664 qt.usedspace = (SMB_BIG_UINT)IVAL(pdata,16);
2665 #ifdef LARGE_SMB_OFF_T
2666 qt.usedspace |= (((SMB_BIG_UINT)IVAL(pdata,20)) << 32);
2667 #else /* LARGE_SMB_OFF_T */
2668 if ((IVAL(pdata,20) != 0)&&
2669 ((qt.usedspace != 0xFFFFFFFF)||
2670 (IVAL(pdata,20)!=0xFFFFFFFF))) {
2671 /* more than 32 bits? */
2672 return ERROR_DOS(ERRDOS,ERRunknownlevel);
2674 #endif /* LARGE_SMB_OFF_T */
2676 /* the soft quotas 8 bytes (SMB_BIG_UINT)*/
2677 qt.softlim = (SMB_BIG_UINT)IVAL(pdata,24);
2678 #ifdef LARGE_SMB_OFF_T
2679 qt.softlim |= (((SMB_BIG_UINT)IVAL(pdata,28)) << 32);
2680 #else /* LARGE_SMB_OFF_T */
2681 if ((IVAL(pdata,28) != 0)&&
2682 ((qt.softlim != 0xFFFFFFFF)||
2683 (IVAL(pdata,28)!=0xFFFFFFFF))) {
2684 /* more than 32 bits? */
2685 return ERROR_DOS(ERRDOS,ERRunknownlevel);
2687 #endif /* LARGE_SMB_OFF_T */
2689 /* the hard quotas 8 bytes (SMB_BIG_UINT)*/
2690 qt.hardlim = (SMB_BIG_UINT)IVAL(pdata,32);
2691 #ifdef LARGE_SMB_OFF_T
2692 qt.hardlim |= (((SMB_BIG_UINT)IVAL(pdata,36)) << 32);
2693 #else /* LARGE_SMB_OFF_T */
2694 if ((IVAL(pdata,36) != 0)&&
2695 ((qt.hardlim != 0xFFFFFFFF)||
2696 (IVAL(pdata,36)!=0xFFFFFFFF))) {
2697 /* more than 32 bits? */
2698 return ERROR_DOS(ERRDOS,ERRunknownlevel);
2700 #endif /* LARGE_SMB_OFF_T */
2702 sid_parse(pdata+40,sid_len,&sid);
2703 DEBUGADD(8,("SID: %s\n",sid_string_static(&sid)));
2705 /* 44 unknown bytes left... */
2707 if (vfs_set_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
2708 return ERROR_DOS(ERRSRV,ERRerror);
2711 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, param_len, pdata, data_len);
2715 #endif /* HAVE_SYS_QUOTAS */
2717 static int handle_nttrans(connection_struct *conn,
2718 struct trans_state *state,
2719 char *inbuf, char *outbuf, int size, int bufsize)
2723 if (Protocol >= PROTOCOL_NT1) {
2724 SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | 0x40); /* IS_LONG_NAME */
2727 /* Now we must call the relevant NT_TRANS function */
2728 switch(state->call) {
2729 case NT_TRANSACT_CREATE:
2731 START_PROFILE_NESTED(NT_transact_create);
2732 outsize = call_nt_transact_create(conn, inbuf, outbuf,
2734 &state->setup, state->setup_count,
2735 &state->param, state->total_param,
2736 &state->data, state->total_data,
2737 state->max_data_return);
2738 END_PROFILE_NESTED(NT_transact_create);
2742 case NT_TRANSACT_IOCTL:
2744 START_PROFILE_NESTED(NT_transact_ioctl);
2745 outsize = call_nt_transact_ioctl(conn, inbuf, outbuf,
2747 &state->setup, state->setup_count,
2748 &state->param, state->total_param,
2749 &state->data, state->total_data, state->max_data_return);
2750 END_PROFILE_NESTED(NT_transact_ioctl);
2754 case NT_TRANSACT_SET_SECURITY_DESC:
2756 START_PROFILE_NESTED(NT_transact_set_security_desc);
2757 outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf,
2759 &state->setup, state->setup_count,
2760 &state->param, state->total_param,
2761 &state->data, state->total_data, state->max_data_return);
2762 END_PROFILE_NESTED(NT_transact_set_security_desc);
2766 case NT_TRANSACT_NOTIFY_CHANGE:
2768 START_PROFILE_NESTED(NT_transact_notify_change);
2769 outsize = call_nt_transact_notify_change(conn, inbuf, outbuf,
2771 &state->setup, state->setup_count,
2772 &state->param, state->total_param,
2773 &state->data, state->total_data, state->max_data_return);
2774 END_PROFILE_NESTED(NT_transact_notify_change);
2778 case NT_TRANSACT_RENAME:
2780 START_PROFILE_NESTED(NT_transact_rename);
2781 outsize = call_nt_transact_rename(conn, inbuf, outbuf,
2783 &state->setup, state->setup_count,
2784 &state->param, state->total_param,
2785 &state->data, state->total_data, state->max_data_return);
2786 END_PROFILE_NESTED(NT_transact_rename);
2790 case NT_TRANSACT_QUERY_SECURITY_DESC:
2792 START_PROFILE_NESTED(NT_transact_query_security_desc);
2793 outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf,
2795 &state->setup, state->setup_count,
2796 &state->param, state->total_param,
2797 &state->data, state->total_data, state->max_data_return);
2798 END_PROFILE_NESTED(NT_transact_query_security_desc);
2802 #ifdef HAVE_SYS_QUOTAS
2803 case NT_TRANSACT_GET_USER_QUOTA:
2805 START_PROFILE_NESTED(NT_transact_get_user_quota);
2806 outsize = call_nt_transact_get_user_quota(conn, inbuf, outbuf,
2808 &state->setup, state->setup_count,
2809 &state->param, state->total_param,
2810 &state->data, state->total_data, state->max_data_return);
2811 END_PROFILE_NESTED(NT_transact_get_user_quota);
2815 case NT_TRANSACT_SET_USER_QUOTA:
2817 START_PROFILE_NESTED(NT_transact_set_user_quota);
2818 outsize = call_nt_transact_set_user_quota(conn, inbuf, outbuf,
2820 &state->setup, state->setup_count,
2821 &state->param, state->total_param,
2822 &state->data, state->total_data, state->max_data_return);
2823 END_PROFILE_NESTED(NT_transact_set_user_quota);
2826 #endif /* HAVE_SYS_QUOTAS */
2829 /* Error in request */
2830 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n",
2832 return ERROR_DOS(ERRSRV,ERRerror);
2837 /****************************************************************************
2838 Reply to a SMBNTtrans.
2839 ****************************************************************************/
2841 int reply_nttrans(connection_struct *conn,
2842 char *inbuf,char *outbuf,int size,int bufsize)
2845 uint32 pscnt = IVAL(inbuf,smb_nt_ParameterCount);
2846 uint32 psoff = IVAL(inbuf,smb_nt_ParameterOffset);
2847 uint32 dscnt = IVAL(inbuf,smb_nt_DataCount);
2848 uint32 dsoff = IVAL(inbuf,smb_nt_DataOffset);
2850 uint16 function_code = SVAL( inbuf, smb_nt_Function);
2852 struct trans_state *state;
2854 START_PROFILE(SMBnttrans);
2856 if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
2857 END_PROFILE(SMBnttrans);
2858 return ERROR_DOS(ERRSRV,ERRaccess);
2861 result = allow_new_trans(conn->pending_trans, SVAL(inbuf, smb_mid));
2862 if (!NT_STATUS_IS_OK(result)) {
2863 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result)));
2864 END_PROFILE(SMBnttrans);
2865 return ERROR_NT(result);
2868 if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
2869 END_PROFILE(SMBnttrans);
2870 return ERROR_DOS(ERRSRV,ERRaccess);
2873 state->cmd = SMBnttrans;
2875 state->mid = SVAL(inbuf,smb_mid);
2876 state->vuid = SVAL(inbuf,smb_uid);
2877 state->total_data = IVAL(inbuf, smb_nt_TotalDataCount);
2879 state->total_param = IVAL(inbuf, smb_nt_TotalParameterCount);
2880 state->param = NULL;
2881 state->max_data_return = IVAL(inbuf,smb_nt_MaxDataCount);
2883 /* setup count is in *words* */
2884 state->setup_count = 2*CVAL(inbuf,smb_nt_SetupCount);
2885 state->call = function_code;
2888 * All nttrans messages we handle have smb_wct == 19 +
2889 * state->setup_count. Ensure this is so as a sanity check.
2892 if(CVAL(inbuf, smb_wct) != 19 + (state->setup_count/2)) {
2893 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
2894 CVAL(inbuf, smb_wct), 19 + (state->setup_count/2)));
2898 /* Don't allow more than 128mb for each value. */
2899 if ((state->total_data > (1024*1024*128)) ||
2900 (state->total_param > (1024*1024*128))) {
2901 END_PROFILE(SMBnttrans);
2902 return ERROR_DOS(ERRDOS,ERRnomem);
2905 if ((dscnt > state->total_data) || (pscnt > state->total_param))
2908 if (state->total_data) {
2909 /* Can't use talloc here, the core routines do realloc on the
2910 * params and data. */
2911 if ((state->data = SMB_MALLOC(state->total_data)) == NULL) {
2912 DEBUG(0,("reply_nttrans: data malloc fail for %u "
2913 "bytes !\n", (unsigned int)state->total_data));
2915 END_PROFILE(SMBnttrans);
2916 return(ERROR_DOS(ERRDOS,ERRnomem));
2918 if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
2920 if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) ||
2921 (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf)))
2924 memcpy(state->data,smb_base(inbuf)+dsoff,dscnt);
2927 if (state->total_param) {
2928 /* Can't use talloc here, the core routines do realloc on the
2929 * params and data. */
2930 if ((state->param = SMB_MALLOC(state->total_param)) == NULL) {
2931 DEBUG(0,("reply_nttrans: param malloc fail for %u "
2932 "bytes !\n", (unsigned int)state->total_param));
2933 SAFE_FREE(state->data);
2935 END_PROFILE(SMBnttrans);
2936 return(ERROR_DOS(ERRDOS,ERRnomem));
2938 if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
2940 if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) ||
2941 (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf)))
2944 memcpy(state->param,smb_base(inbuf)+psoff,pscnt);
2947 state->received_data = dscnt;
2948 state->received_param = pscnt;
2950 if(state->setup_count > 0) {
2951 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
2952 state->setup_count));
2953 state->setup = TALLOC(state, state->setup_count);
2954 if (state->setup == NULL) {
2955 DEBUG(0,("reply_nttrans : Out of memory\n"));
2956 SAFE_FREE(state->data);
2957 SAFE_FREE(state->param);
2959 END_PROFILE(SMBnttrans);
2960 return ERROR_DOS(ERRDOS,ERRnomem);
2963 if ((smb_nt_SetupStart + state->setup_count < smb_nt_SetupStart) ||
2964 (smb_nt_SetupStart + state->setup_count < state->setup_count)) {
2967 if (smb_nt_SetupStart + state->setup_count > size) {
2971 memcpy( state->setup, &inbuf[smb_nt_SetupStart], state->setup_count);
2972 dump_data(10, (char *)state->setup, state->setup_count);
2975 if ((state->received_data == state->total_data) &&
2976 (state->received_param == state->total_param)) {
2977 outsize = handle_nttrans(conn, state, inbuf, outbuf,
2979 SAFE_FREE(state->param);
2980 SAFE_FREE(state->data);
2982 END_PROFILE(SMBnttrans);
2986 DLIST_ADD(conn->pending_trans, state);
2988 /* We need to send an interim response then receive the rest
2989 of the parameter/data bytes */
2990 outsize = set_message(outbuf,0,0,False);
2992 END_PROFILE(SMBnttrans);
2997 DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
2998 SAFE_FREE(state->data);
2999 SAFE_FREE(state->param);
3001 END_PROFILE(SMBnttrans);
3002 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
3005 /****************************************************************************
3006 Reply to a SMBnttranss
3007 ****************************************************************************/
3009 int reply_nttranss(connection_struct *conn, char *inbuf,char *outbuf,
3010 int size,int bufsize)
3013 unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
3014 struct trans_state *state;
3016 START_PROFILE(SMBnttranss);
3020 for (state = conn->pending_trans; state != NULL;
3021 state = state->next) {
3022 if (state->mid == SVAL(inbuf,smb_mid)) {
3027 if ((state == NULL) || (state->cmd != SMBnttrans)) {
3028 END_PROFILE(SMBnttranss);
3029 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
3032 /* Revise state->total_param and state->total_data in case they have
3033 changed downwards */
3034 if (IVAL(inbuf, smb_nts_TotalParameterCount) < state->total_param) {
3035 state->total_param = IVAL(inbuf, smb_nts_TotalParameterCount);
3037 if (IVAL(inbuf, smb_nts_TotalDataCount) < state->total_data) {
3038 state->total_data = IVAL(inbuf, smb_nts_TotalDataCount);
3041 pcnt = IVAL(inbuf,smb_nts_ParameterCount);
3042 poff = IVAL(inbuf, smb_nts_ParameterOffset);
3043 pdisp = IVAL(inbuf, smb_nts_ParameterDisplacement);
3045 dcnt = IVAL(inbuf, smb_nts_DataCount);
3046 ddisp = IVAL(inbuf, smb_nts_DataDisplacement);
3047 doff = IVAL(inbuf, smb_nts_DataOffset);
3049 state->received_param += pcnt;
3050 state->received_data += dcnt;
3052 if ((state->received_data > state->total_data) ||
3053 (state->received_param > state->total_param))
3057 if (pdisp+pcnt > state->total_param)
3059 if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
3061 if (pdisp > state->total_param)
3063 if ((smb_base(inbuf) + poff + pcnt > inbuf + size) ||
3064 (smb_base(inbuf) + poff + pcnt < smb_base(inbuf)))
3066 if (state->param + pdisp < state->param)
3069 memcpy(state->param+pdisp,smb_base(inbuf)+poff,
3074 if (ddisp+dcnt > state->total_data)
3076 if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
3078 if (ddisp > state->total_data)
3080 if ((smb_base(inbuf) + doff + dcnt > inbuf + size) ||
3081 (smb_base(inbuf) + doff + dcnt < smb_base(inbuf)))
3083 if (state->data + ddisp < state->data)
3086 memcpy(state->data+ddisp, smb_base(inbuf)+doff,
3090 if ((state->received_param < state->total_param) ||
3091 (state->received_data < state->total_data)) {
3092 END_PROFILE(SMBnttranss);
3096 /* construct_reply_common has done us the favor to pre-fill the
3097 * command field with SMBnttranss which is wrong :-)
3099 SCVAL(outbuf,smb_com,SMBnttrans);
3101 outsize = handle_nttrans(conn, state, inbuf, outbuf,
3104 DLIST_REMOVE(conn->pending_trans, state);
3105 SAFE_FREE(state->data);
3106 SAFE_FREE(state->param);
3110 END_PROFILE(SMBnttranss);
3111 return(ERROR_DOS(ERRSRV,ERRnosupport));
3114 END_PROFILE(SMBnttranss);
3119 DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3120 DLIST_REMOVE(conn->pending_trans, state);
3121 SAFE_FREE(state->data);
3122 SAFE_FREE(state->param);
3124 END_PROFILE(SMBnttranss);
3125 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);