2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern BOOL global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 BOOL *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 BOOL start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, BOOL *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(const char *inbuf, uint16 smb_flags2, char *dest,
212 const char *src, size_t dest_len, size_t src_len,
213 int flags, NTSTATUS *err, BOOL *contains_wcard)
217 SMB_ASSERT(dest_len == sizeof(pstring));
221 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
224 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
225 dest_len, src_len, flags);
228 *contains_wcard = False;
230 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
232 * For a DFS path the function parse_dfs_path()
233 * will do the path processing, just make a copy.
239 if (lp_posix_pathnames()) {
240 *err = check_path_syntax_posix(dest);
242 *err = check_path_syntax_wcard(dest, contains_wcard);
248 /****************************************************************************
249 Pull a string and check the path - provide for error return.
250 ****************************************************************************/
252 size_t srvstr_get_path(const char *inbuf, uint16 smb_flags2, char *dest,
253 const char *src, size_t dest_len, size_t src_len,
254 int flags, NTSTATUS *err)
258 SMB_ASSERT(dest_len == sizeof(pstring));
262 ret = srvstr_pull_buf(inbuf, smb_flags2, dest, src,
265 ret = srvstr_pull(inbuf, smb_flags2, dest, src,
266 dest_len, src_len, flags);
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(dest);
281 *err = check_path_syntax(dest);
287 /****************************************************************************
288 Check if we have a correct fsp pointing to a file. Replacement for the
290 ****************************************************************************/
292 BOOL check_fsp(connection_struct *conn, struct smb_request *req,
293 files_struct *fsp, struct current_user *user)
295 if (!(fsp) || !(conn)) {
296 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
299 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
300 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
303 if ((fsp)->is_directory) {
304 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
307 if ((fsp)->fh->fd == -1) {
308 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
311 (fsp)->num_smb_operations++;
315 /****************************************************************************
316 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
317 ****************************************************************************/
319 BOOL fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
320 files_struct *fsp, struct current_user *user)
322 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
323 && (current_user.vuid==(fsp)->vuid)) {
327 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
331 /****************************************************************************
332 Reply to a (netbios-level) special message.
333 ****************************************************************************/
335 void reply_special(char *inbuf)
337 int msg_type = CVAL(inbuf,0);
338 int msg_flags = CVAL(inbuf,1);
343 * We only really use 4 bytes of the outbuf, but for the smb_setlen
344 * calculation & friends (send_smb uses that) we need the full smb
347 char outbuf[smb_size];
349 static BOOL already_got_session = False;
353 memset(outbuf, '\0', sizeof(outbuf));
355 smb_setlen(inbuf,outbuf,0);
358 case 0x81: /* session request */
360 if (already_got_session) {
361 exit_server_cleanly("multiple session request not permitted");
364 SCVAL(outbuf,0,0x82);
366 if (name_len(inbuf+4) > 50 ||
367 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
368 DEBUG(0,("Invalid name length in session request\n"));
371 name_extract(inbuf,4,name1);
372 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
373 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
376 set_local_machine_name(name1, True);
377 set_remote_machine_name(name2, True);
379 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
380 get_local_machine_name(), get_remote_machine_name(),
383 if (name_type == 'R') {
384 /* We are being asked for a pathworks session ---
386 SCVAL(outbuf, 0,0x83);
390 /* only add the client's machine name to the list
391 of possibly valid usernames if we are operating
392 in share mode security */
393 if (lp_security() == SEC_SHARE) {
394 add_session_user(get_remote_machine_name());
397 reload_services(True);
400 already_got_session = True;
403 case 0x89: /* session keepalive request
404 (some old clients produce this?) */
405 SCVAL(outbuf,0,SMBkeepalive);
409 case 0x82: /* positive session response */
410 case 0x83: /* negative session response */
411 case 0x84: /* retarget session response */
412 DEBUG(0,("Unexpected session response\n"));
415 case SMBkeepalive: /* session keepalive */
420 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
421 msg_type, msg_flags));
423 send_smb(smbd_server_fd(), outbuf);
427 /****************************************************************************
429 conn POINTER CAN BE NULL HERE !
430 ****************************************************************************/
432 int reply_tcon(connection_struct *conn,
433 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
437 char *service_buf = NULL;
438 char *password = NULL;
441 uint16 vuid = SVAL(inbuf,smb_uid);
445 DATA_BLOB password_blob;
447 START_PROFILE(SMBtcon);
449 ctx = talloc_init("reply_tcon");
451 END_PROFILE(SMBtcon);
452 return ERROR_NT(NT_STATUS_NO_MEMORY);
455 p = smb_buf(inbuf)+1;
456 p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
457 &service_buf, p, STR_TERMINATE) + 1;
458 pwlen = srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
459 &password, p, STR_TERMINATE) + 1;
461 p += srvstr_pull_buf_talloc(ctx, inbuf, SVAL(inbuf, smb_flg2),
462 &dev, p, STR_TERMINATE) + 1;
464 if (service_buf == NULL || password == NULL || dev == NULL) {
466 END_PROFILE(SMBtcon);
467 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
469 p = strrchr_m(service_buf,'\\');
473 service = service_buf;
476 password_blob = data_blob(password, pwlen+1);
478 conn = make_connection(service,password_blob,dev,vuid,&nt_status);
480 data_blob_clear_free(&password_blob);
484 END_PROFILE(SMBtcon);
485 return ERROR_NT(nt_status);
488 outsize = set_message(inbuf,outbuf,2,0,True);
489 SSVAL(outbuf,smb_vwv0,max_recv);
490 SSVAL(outbuf,smb_vwv1,conn->cnum);
491 SSVAL(outbuf,smb_tid,conn->cnum);
493 DEBUG(3,("tcon service=%s cnum=%d\n",
494 service, conn->cnum));
496 END_PROFILE(SMBtcon);
501 /****************************************************************************
502 Reply to a tcon and X.
503 conn POINTER CAN BE NULL HERE !
504 ****************************************************************************/
506 void reply_tcon_and_X(connection_struct *conn, struct smb_request *req)
508 char *service = NULL;
511 TALLOC_CTX *ctx = NULL;
512 /* what the cleint thinks the device is */
513 char *client_devicetype = NULL;
514 /* what the server tells the client the share represents */
515 const char *server_devicetype;
522 START_PROFILE(SMBtconX);
525 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
526 END_PROFILE(SMBtconX);
530 passlen = SVAL(req->inbuf,smb_vwv3);
531 tcon_flags = SVAL(req->inbuf,smb_vwv2);
533 /* we might have to close an old one */
534 if ((tcon_flags & 0x1) && conn) {
535 close_cnum(conn,req->vuid);
538 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
539 reply_doserror(req, ERRDOS, ERRbuftoosmall);
540 END_PROFILE(SMBtconX);
544 if (global_encrypted_passwords_negotiated) {
545 password = data_blob(smb_buf(req->inbuf),passlen);
546 if (lp_security() == SEC_SHARE) {
548 * Security = share always has a pad byte
549 * after the password.
551 p = smb_buf(req->inbuf) + passlen + 1;
553 p = smb_buf(req->inbuf) + passlen;
556 password = data_blob(smb_buf(req->inbuf),passlen+1);
557 /* Ensure correct termination */
558 password.data[passlen]=0;
559 p = smb_buf(req->inbuf) + passlen + 1;
562 ctx = talloc_init("reply_tcon_and_X");
564 data_blob_clear_free(&password);
565 reply_nterror(req, NT_STATUS_NO_MEMORY);
566 END_PROFILE(SMBtconX);
569 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
573 data_blob_clear_free(&password);
575 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
576 END_PROFILE(SMBtconX);
581 * the service name can be either: \\server\share
582 * or share directly like on the DELL PowerVault 705
585 q = strchr_m(path+2,'\\');
587 data_blob_clear_free(&password);
589 reply_doserror(req, ERRDOS, ERRnosuchshare);
590 END_PROFILE(SMBtconX);
598 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
599 &client_devicetype, p,
600 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
602 if (client_devicetype == NULL) {
603 data_blob_clear_free(&password);
605 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
606 END_PROFILE(SMBtconX);
610 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
612 conn = make_connection(service, password, client_devicetype,
613 req->vuid, &nt_status);
615 data_blob_clear_free(&password);
619 reply_nterror(req, nt_status);
620 END_PROFILE(SMBtconX);
625 server_devicetype = "IPC";
626 else if ( IS_PRINT(conn) )
627 server_devicetype = "LPT1:";
629 server_devicetype = "A:";
631 if (Protocol < PROTOCOL_NT1) {
632 reply_outbuf(req, 2, 0);
633 if (message_push_string(&req->outbuf, server_devicetype,
634 STR_TERMINATE|STR_ASCII) == -1) {
636 reply_nterror(req, NT_STATUS_NO_MEMORY);
637 END_PROFILE(SMBtconX);
641 /* NT sets the fstype of IPC$ to the null string */
642 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
644 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
645 /* Return permissions. */
649 reply_outbuf(req, 7, 0);
652 perm1 = FILE_ALL_ACCESS;
653 perm2 = FILE_ALL_ACCESS;
655 perm1 = CAN_WRITE(conn) ?
660 SIVAL(req->outbuf, smb_vwv3, perm1);
661 SIVAL(req->outbuf, smb_vwv5, perm2);
663 reply_outbuf(req, 3, 0);
666 if ((message_push_string(&req->outbuf, server_devicetype,
667 STR_TERMINATE|STR_ASCII) == -1)
668 || (message_push_string(&req->outbuf, fstype,
669 STR_TERMINATE) == -1)) {
671 reply_nterror(req, NT_STATUS_NO_MEMORY);
672 END_PROFILE(SMBtconX);
676 /* what does setting this bit do? It is set by NT4 and
677 may affect the ability to autorun mounted cdroms */
678 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
679 (lp_csc_policy(SNUM(conn)) << 2));
681 init_dfsroot(conn, req->inbuf, req->outbuf);
685 DEBUG(3,("tconX service=%s \n",
688 /* set the incoming and outgoing tid to the just created one */
689 SSVAL(req->inbuf,smb_tid,conn->cnum);
690 SSVAL(req->outbuf,smb_tid,conn->cnum);
693 END_PROFILE(SMBtconX);
695 chain_reply_new(req);
699 /****************************************************************************
700 Reply to an unknown type.
701 ****************************************************************************/
703 int reply_unknown(char *inbuf,char *outbuf)
706 type = CVAL(inbuf,smb_com);
708 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
709 smb_fn_name(type), type, type));
711 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
714 void reply_unknown_new(struct smb_request *req, uint8 type)
716 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
717 smb_fn_name(type), type, type));
718 reply_doserror(req, ERRSRV, ERRunknownsmb);
722 /****************************************************************************
724 conn POINTER CAN BE NULL HERE !
725 ****************************************************************************/
727 int reply_ioctl(connection_struct *conn,
728 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
730 uint16 device = SVAL(inbuf,smb_vwv1);
731 uint16 function = SVAL(inbuf,smb_vwv2);
732 uint32 ioctl_code = (device << 16) + function;
733 int replysize, outsize;
735 START_PROFILE(SMBioctl);
737 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
739 switch (ioctl_code) {
740 case IOCTL_QUERY_JOB_INFO:
744 END_PROFILE(SMBioctl);
745 return(ERROR_DOS(ERRSRV,ERRnosupport));
748 outsize = set_message(inbuf,outbuf,8,replysize+1,True);
749 SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
750 SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
751 SSVAL(outbuf,smb_vwv6,52); /* Offset to data */
752 p = smb_buf(outbuf) + 1; /* Allow for alignment */
754 switch (ioctl_code) {
755 case IOCTL_QUERY_JOB_INFO:
757 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
759 END_PROFILE(SMBioctl);
760 return(UNIXERROR(ERRDOS,ERRbadfid));
762 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
763 srvstr_push(outbuf, SVAL(outbuf, smb_flg2), p+2,
765 STR_TERMINATE|STR_ASCII);
767 srvstr_push(outbuf, SVAL(outbuf, smb_flg2),
768 p+18, lp_servicename(SNUM(conn)),
769 13, STR_TERMINATE|STR_ASCII);
775 END_PROFILE(SMBioctl);
779 /****************************************************************************
780 Strange checkpath NTSTATUS mapping.
781 ****************************************************************************/
783 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
785 /* Strange DOS error code semantics only for checkpath... */
786 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
787 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
788 /* We need to map to ERRbadpath */
789 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
795 /****************************************************************************
796 Reply to a checkpath.
797 ****************************************************************************/
799 void reply_checkpath(connection_struct *conn, struct smb_request *req)
802 SMB_STRUCT_STAT sbuf;
805 START_PROFILE(SMBcheckpath);
807 srvstr_get_path((char *)req->inbuf, req->flags2, name,
808 smb_buf(req->inbuf) + 1, sizeof(name), 0,
809 STR_TERMINATE, &status);
810 if (!NT_STATUS_IS_OK(status)) {
811 status = map_checkpath_error((char *)req->inbuf, status);
812 reply_nterror(req, status);
813 END_PROFILE(SMBcheckpath);
817 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES, name);
818 if (!NT_STATUS_IS_OK(status)) {
819 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
820 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
822 END_PROFILE(SMBcheckpath);
828 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
830 status = unix_convert(conn, name, False, NULL, &sbuf);
831 if (!NT_STATUS_IS_OK(status)) {
835 status = check_name(conn, name);
836 if (!NT_STATUS_IS_OK(status)) {
837 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
841 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
842 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
843 status = map_nt_error_from_unix(errno);
847 if (!S_ISDIR(sbuf.st_mode)) {
848 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
850 END_PROFILE(SMBcheckpath);
854 reply_outbuf(req, 0, 0);
856 END_PROFILE(SMBcheckpath);
861 END_PROFILE(SMBcheckpath);
863 /* We special case this - as when a Windows machine
864 is parsing a path is steps through the components
865 one at a time - if a component fails it expects
866 ERRbadpath, not ERRbadfile.
868 status = map_checkpath_error((char *)req->inbuf, status);
869 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
871 * Windows returns different error codes if
872 * the parent directory is valid but not the
873 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
874 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
875 * if the path is invalid.
877 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
882 reply_nterror(req, status);
885 /****************************************************************************
887 ****************************************************************************/
889 void reply_getatr(connection_struct *conn, struct smb_request *req)
892 SMB_STRUCT_STAT sbuf;
899 START_PROFILE(SMBgetatr);
901 p = smb_buf(req->inbuf) + 1;
902 p += srvstr_get_path((char *)req->inbuf, req->flags2, fname, p,
903 sizeof(fname), 0, STR_TERMINATE, &status);
904 if (!NT_STATUS_IS_OK(status)) {
905 reply_nterror(req, status);
906 END_PROFILE(SMBgetatr);
910 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
912 if (!NT_STATUS_IS_OK(status)) {
913 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
914 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
916 END_PROFILE(SMBgetatr);
919 reply_nterror(req, status);
920 END_PROFILE(SMBgetatr);
924 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
925 under WfWg - weird! */
926 if (*fname == '\0') {
927 mode = aHIDDEN | aDIR;
928 if (!CAN_WRITE(conn)) {
934 status = unix_convert(conn, fname, False, NULL,&sbuf);
935 if (!NT_STATUS_IS_OK(status)) {
936 reply_nterror(req, status);
937 END_PROFILE(SMBgetatr);
940 status = check_name(conn, fname);
941 if (!NT_STATUS_IS_OK(status)) {
942 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
943 reply_nterror(req, status);
944 END_PROFILE(SMBgetatr);
947 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
948 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
949 reply_unixerror(req, ERRDOS,ERRbadfile);
950 END_PROFILE(SMBgetatr);
954 mode = dos_mode(conn,fname,&sbuf);
956 mtime = sbuf.st_mtime;
962 reply_outbuf(req, 10, 0);
964 SSVAL(req->outbuf,smb_vwv0,mode);
965 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
966 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
968 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
970 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
972 if (Protocol >= PROTOCOL_NT1) {
973 SSVAL(req->outbuf, smb_flg2,
974 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
977 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
979 END_PROFILE(SMBgetatr);
983 /****************************************************************************
985 ****************************************************************************/
987 void reply_setatr(connection_struct *conn, struct smb_request *req)
992 SMB_STRUCT_STAT sbuf;
996 START_PROFILE(SMBsetatr);
999 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1003 p = smb_buf(req->inbuf) + 1;
1004 p += srvstr_get_path((char *)req->inbuf, req->flags2, fname, p,
1005 sizeof(fname), 0, STR_TERMINATE, &status);
1006 if (!NT_STATUS_IS_OK(status)) {
1007 reply_nterror(req, status);
1008 END_PROFILE(SMBsetatr);
1012 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1014 if (!NT_STATUS_IS_OK(status)) {
1015 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1016 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1017 ERRSRV, ERRbadpath);
1018 END_PROFILE(SMBsetatr);
1021 reply_nterror(req, status);
1022 END_PROFILE(SMBsetatr);
1026 status = unix_convert(conn, fname, False, NULL, &sbuf);
1027 if (!NT_STATUS_IS_OK(status)) {
1028 reply_nterror(req, status);
1029 END_PROFILE(SMBsetatr);
1033 status = check_name(conn, fname);
1034 if (!NT_STATUS_IS_OK(status)) {
1035 reply_nterror(req, status);
1036 END_PROFILE(SMBsetatr);
1040 if (fname[0] == '.' && fname[1] == '\0') {
1042 * Not sure here is the right place to catch this
1043 * condition. Might be moved to somewhere else later -- vl
1045 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1046 END_PROFILE(SMBsetatr);
1050 mode = SVAL(req->inbuf,smb_vwv0);
1051 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1053 if (mode != FILE_ATTRIBUTE_NORMAL) {
1054 if (VALID_STAT_OF_DIR(sbuf))
1059 if (file_set_dosmode(conn,fname,mode,&sbuf,False) != 0) {
1060 reply_unixerror(req, ERRDOS, ERRnoaccess);
1061 END_PROFILE(SMBsetatr);
1066 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1067 reply_unixerror(req, ERRDOS, ERRnoaccess);
1068 END_PROFILE(SMBsetatr);
1072 reply_outbuf(req, 0, 0);
1074 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1076 END_PROFILE(SMBsetatr);
1080 /****************************************************************************
1082 ****************************************************************************/
1084 void reply_dskattr(connection_struct *conn, struct smb_request *req)
1086 SMB_BIG_UINT dfree,dsize,bsize;
1087 START_PROFILE(SMBdskattr);
1089 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1090 reply_unixerror(req, ERRHRD, ERRgeneral);
1091 END_PROFILE(SMBdskattr);
1095 reply_outbuf(req, 5, 0);
1097 if (Protocol <= PROTOCOL_LANMAN2) {
1098 double total_space, free_space;
1099 /* we need to scale this to a number that DOS6 can handle. We
1100 use floating point so we can handle large drives on systems
1101 that don't have 64 bit integers
1103 we end up displaying a maximum of 2G to DOS systems
1105 total_space = dsize * (double)bsize;
1106 free_space = dfree * (double)bsize;
1108 dsize = (total_space+63*512) / (64*512);
1109 dfree = (free_space+63*512) / (64*512);
1111 if (dsize > 0xFFFF) dsize = 0xFFFF;
1112 if (dfree > 0xFFFF) dfree = 0xFFFF;
1114 SSVAL(req->outbuf,smb_vwv0,dsize);
1115 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1116 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1117 SSVAL(req->outbuf,smb_vwv3,dfree);
1119 SSVAL(req->outbuf,smb_vwv0,dsize);
1120 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1121 SSVAL(req->outbuf,smb_vwv2,512);
1122 SSVAL(req->outbuf,smb_vwv3,dfree);
1125 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1127 END_PROFILE(SMBdskattr);
1131 /****************************************************************************
1133 Can be called from SMBsearch, SMBffirst or SMBfunique.
1134 ****************************************************************************/
1136 int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1146 unsigned int numentries = 0;
1147 unsigned int maxentries = 0;
1148 BOOL finished = False;
1154 BOOL check_descend = False;
1155 BOOL expect_close = False;
1157 BOOL mask_contains_wcard = False;
1158 BOOL allow_long_path_components = (SVAL(inbuf,smb_flg2) & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1160 START_PROFILE(SMBsearch);
1162 if (lp_posix_pathnames()) {
1163 END_PROFILE(SMBsearch);
1164 return reply_unknown(inbuf, outbuf);
1167 *mask = *directory = *fname = 0;
1169 /* If we were called as SMBffirst then we must expect close. */
1170 if(CVAL(inbuf,smb_com) == SMBffirst) {
1171 expect_close = True;
1174 outsize = set_message(inbuf,outbuf,1,3,True);
1175 maxentries = SVAL(inbuf,smb_vwv0);
1176 dirtype = SVAL(inbuf,smb_vwv1);
1177 p = smb_buf(inbuf) + 1;
1178 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), path, p,
1179 sizeof(path), 0, STR_TERMINATE, &nt_status,
1180 &mask_contains_wcard);
1181 if (!NT_STATUS_IS_OK(nt_status)) {
1182 END_PROFILE(SMBsearch);
1183 return ERROR_NT(nt_status);
1186 nt_status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, path, &mask_contains_wcard);
1187 if (!NT_STATUS_IS_OK(nt_status)) {
1188 END_PROFILE(SMBsearch);
1189 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1190 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
1192 return ERROR_NT(nt_status);
1196 status_len = SVAL(p, 0);
1199 /* dirtype &= ~aDIR; */
1201 if (status_len == 0) {
1202 SMB_STRUCT_STAT sbuf;
1204 pstrcpy(directory,path);
1205 nt_status = unix_convert(conn, directory, True, NULL, &sbuf);
1206 if (!NT_STATUS_IS_OK(nt_status)) {
1207 END_PROFILE(SMBsearch);
1208 return ERROR_NT(nt_status);
1211 nt_status = check_name(conn, directory);
1212 if (!NT_STATUS_IS_OK(nt_status)) {
1213 END_PROFILE(SMBsearch);
1214 return ERROR_NT(nt_status);
1217 p = strrchr_m(directory,'/');
1219 pstrcpy(mask,directory);
1220 pstrcpy(directory,".");
1226 if (*directory == '\0') {
1227 pstrcpy(directory,".");
1229 memset((char *)status,'\0',21);
1230 SCVAL(status,0,(dirtype & 0x1F));
1234 memcpy(status,p,21);
1235 status_dirtype = CVAL(status,0) & 0x1F;
1236 if (status_dirtype != (dirtype & 0x1F)) {
1237 dirtype = status_dirtype;
1240 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1241 if (!conn->dirptr) {
1244 string_set(&conn->dirpath,dptr_path(dptr_num));
1245 pstrcpy(mask, dptr_wcard(dptr_num));
1247 * For a 'continue' search we have no string. So
1248 * check from the initial saved string.
1250 mask_contains_wcard = ms_has_wild(mask);
1253 p = smb_buf(outbuf) + 3;
1255 if (status_len == 0) {
1256 nt_status = dptr_create(conn,
1260 SVAL(inbuf,smb_pid),
1262 mask_contains_wcard,
1265 if (!NT_STATUS_IS_OK(nt_status)) {
1266 return ERROR_NT(nt_status);
1268 dptr_num = dptr_dnum(conn->dirptr);
1270 dirtype = dptr_attr(dptr_num);
1273 DEBUG(4,("dptr_num is %d\n",dptr_num));
1275 if ((dirtype&0x1F) == aVOLID) {
1276 memcpy(p,status,21);
1277 make_dir_struct(p,"???????????",volume_label(SNUM(conn)),
1278 0,aVOLID,0,!allow_long_path_components);
1279 dptr_fill(p+12,dptr_num);
1280 if (dptr_zero(p+12) && (status_len==0)) {
1285 p += DIR_STRUCT_SIZE;
1288 maxentries = MIN(maxentries, ((BUFFER_SIZE - (p - outbuf))/DIR_STRUCT_SIZE));
1290 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1291 conn->dirpath,lp_dontdescend(SNUM(conn))));
1292 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1293 check_descend = True;
1296 for (i=numentries;(i<maxentries) && !finished;i++) {
1297 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1299 memcpy(p,status,21);
1300 make_dir_struct(p,mask,fname,size, mode,date,
1301 !allow_long_path_components);
1302 if (!dptr_fill(p+12,dptr_num)) {
1306 p += DIR_STRUCT_SIZE;
1313 /* If we were called as SMBffirst with smb_search_id == NULL
1314 and no entries were found then return error and close dirptr
1317 if (numentries == 0) {
1318 dptr_close(&dptr_num);
1319 } else if(expect_close && status_len == 0) {
1320 /* Close the dptr - we know it's gone */
1321 dptr_close(&dptr_num);
1324 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1325 if(dptr_num >= 0 && CVAL(inbuf,smb_com) == SMBfunique) {
1326 dptr_close(&dptr_num);
1329 if ((numentries == 0) && !mask_contains_wcard) {
1330 return ERROR_BOTH(STATUS_NO_MORE_FILES,ERRDOS,ERRnofiles);
1333 SSVAL(outbuf,smb_vwv0,numentries);
1334 SSVAL(outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1335 SCVAL(smb_buf(outbuf),0,5);
1336 SSVAL(smb_buf(outbuf),1,numentries*DIR_STRUCT_SIZE);
1338 /* The replies here are never long name. */
1339 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1340 if (!allow_long_path_components) {
1341 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_LONG_PATH_COMPONENTS));
1344 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1345 SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1347 outsize += DIR_STRUCT_SIZE*numentries;
1348 smb_setlen(inbuf,outbuf,outsize - 4);
1350 if ((! *directory) && dptr_path(dptr_num))
1351 slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
1353 DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1354 smb_fn_name(CVAL(inbuf,smb_com)),
1355 mask, directory, dirtype, numentries, maxentries ) );
1357 END_PROFILE(SMBsearch);
1361 /****************************************************************************
1362 Reply to a fclose (stop directory search).
1363 ****************************************************************************/
1365 int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1374 BOOL path_contains_wcard = False;
1376 START_PROFILE(SMBfclose);
1378 if (lp_posix_pathnames()) {
1379 END_PROFILE(SMBfclose);
1380 return reply_unknown(inbuf, outbuf);
1383 outsize = set_message(inbuf,outbuf,1,0,True);
1384 p = smb_buf(inbuf) + 1;
1385 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), path, p,
1386 sizeof(path), 0, STR_TERMINATE, &err,
1387 &path_contains_wcard);
1388 if (!NT_STATUS_IS_OK(err)) {
1389 END_PROFILE(SMBfclose);
1390 return ERROR_NT(err);
1393 status_len = SVAL(p,0);
1396 if (status_len == 0) {
1397 END_PROFILE(SMBfclose);
1398 return ERROR_DOS(ERRSRV,ERRsrverror);
1401 memcpy(status,p,21);
1403 if(dptr_fetch(status+12,&dptr_num)) {
1404 /* Close the dptr - we know it's gone */
1405 dptr_close(&dptr_num);
1408 SSVAL(outbuf,smb_vwv0,0);
1410 DEBUG(3,("search close\n"));
1412 END_PROFILE(SMBfclose);
1416 /****************************************************************************
1418 ****************************************************************************/
1420 void reply_open(connection_struct *conn, struct smb_request *req)
1427 SMB_STRUCT_STAT sbuf;
1434 uint32 create_disposition;
1435 uint32 create_options = 0;
1438 START_PROFILE(SMBopen);
1441 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1442 END_PROFILE(SMBopen);
1446 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1447 deny_mode = SVAL(req->inbuf,smb_vwv0);
1448 dos_attr = SVAL(req->inbuf,smb_vwv1);
1450 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1451 smb_buf(req->inbuf)+1, sizeof(fname), 0,
1452 STR_TERMINATE, &status);
1453 if (!NT_STATUS_IS_OK(status)) {
1454 reply_nterror(req, status);
1455 END_PROFILE(SMBopen);
1459 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1461 if (!NT_STATUS_IS_OK(status)) {
1462 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1463 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1464 ERRSRV, ERRbadpath);
1465 END_PROFILE(SMBopen);
1468 reply_nterror(req, status);
1469 END_PROFILE(SMBopen);
1473 status = unix_convert(conn, fname, False, NULL, &sbuf);
1474 if (!NT_STATUS_IS_OK(status)) {
1475 reply_nterror(req, status);
1476 END_PROFILE(SMBopen);
1480 status = check_name(conn, fname);
1481 if (!NT_STATUS_IS_OK(status)) {
1482 reply_nterror(req, status);
1483 END_PROFILE(SMBopen);
1487 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1488 &access_mask, &share_mode, &create_disposition, &create_options)) {
1489 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1490 END_PROFILE(SMBopen);
1494 status = open_file_ntcreate(conn, req, fname, &sbuf,
1503 if (!NT_STATUS_IS_OK(status)) {
1504 if (open_was_deferred(req->mid)) {
1505 /* We have re-scheduled this call. */
1506 END_PROFILE(SMBopen);
1509 reply_nterror(req, status);
1510 END_PROFILE(SMBopen);
1514 size = sbuf.st_size;
1515 fattr = dos_mode(conn,fname,&sbuf);
1516 mtime = sbuf.st_mtime;
1519 DEBUG(3,("attempt to open a directory %s\n",fname));
1520 close_file(fsp,ERROR_CLOSE);
1521 reply_doserror(req, ERRDOS,ERRnoaccess);
1522 END_PROFILE(SMBopen);
1526 reply_outbuf(req, 7, 0);
1527 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1528 SSVAL(req->outbuf,smb_vwv1,fattr);
1529 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1530 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1532 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1534 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1535 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1537 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1538 SCVAL(req->outbuf,smb_flg,
1539 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1542 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1543 SCVAL(req->outbuf,smb_flg,
1544 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1546 END_PROFILE(SMBopen);
1550 /****************************************************************************
1551 Reply to an open and X.
1552 ****************************************************************************/
1554 void reply_open_and_X(connection_struct *conn, struct smb_request *req)
1560 /* Breakout the oplock request bits so we can set the
1561 reply bits separately. */
1562 int ex_oplock_request;
1563 int core_oplock_request;
1566 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1567 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1572 SMB_STRUCT_STAT sbuf;
1576 SMB_BIG_UINT allocation_size;
1577 ssize_t retval = -1;
1580 uint32 create_disposition;
1581 uint32 create_options = 0;
1583 START_PROFILE(SMBopenX);
1585 if (req->wct < 15) {
1586 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1587 END_PROFILE(SMBopenX);
1591 open_flags = SVAL(req->inbuf,smb_vwv2);
1592 deny_mode = SVAL(req->inbuf,smb_vwv3);
1593 smb_attr = SVAL(req->inbuf,smb_vwv5);
1594 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1595 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1596 oplock_request = ex_oplock_request | core_oplock_request;
1597 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1598 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1600 /* If it's an IPC, pass off the pipe handler. */
1602 if (lp_nt_pipe_support()) {
1603 reply_open_pipe_and_X(conn, req);
1605 reply_doserror(req, ERRSRV, ERRaccess);
1607 END_PROFILE(SMBopenX);
1611 /* XXXX we need to handle passed times, sattr and flags */
1612 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1613 smb_buf(req->inbuf), sizeof(fname), 0, STR_TERMINATE,
1615 if (!NT_STATUS_IS_OK(status)) {
1616 reply_nterror(req, status);
1617 END_PROFILE(SMBopenX);
1621 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1623 if (!NT_STATUS_IS_OK(status)) {
1624 END_PROFILE(SMBopenX);
1625 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1626 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1627 ERRSRV, ERRbadpath);
1630 reply_nterror(req, status);
1634 status = unix_convert(conn, fname, False, NULL, &sbuf);
1635 if (!NT_STATUS_IS_OK(status)) {
1636 reply_nterror(req, status);
1637 END_PROFILE(SMBopenX);
1641 status = check_name(conn, fname);
1642 if (!NT_STATUS_IS_OK(status)) {
1643 reply_nterror(req, status);
1644 END_PROFILE(SMBopenX);
1648 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1651 &create_disposition,
1653 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1654 END_PROFILE(SMBopenX);
1658 status = open_file_ntcreate(conn, req, fname, &sbuf,
1667 if (!NT_STATUS_IS_OK(status)) {
1668 END_PROFILE(SMBopenX);
1669 if (open_was_deferred(req->mid)) {
1670 /* We have re-scheduled this call. */
1673 reply_nterror(req, status);
1677 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1678 if the file is truncated or created. */
1679 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1680 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1681 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1682 close_file(fsp,ERROR_CLOSE);
1683 reply_nterror(req, NT_STATUS_DISK_FULL);
1684 END_PROFILE(SMBopenX);
1687 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1689 close_file(fsp,ERROR_CLOSE);
1690 reply_nterror(req, NT_STATUS_DISK_FULL);
1691 END_PROFILE(SMBopenX);
1694 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1697 fattr = dos_mode(conn,fname,&sbuf);
1698 mtime = sbuf.st_mtime;
1700 close_file(fsp,ERROR_CLOSE);
1701 reply_doserror(req, ERRDOS, ERRnoaccess);
1702 END_PROFILE(SMBopenX);
1706 /* If the caller set the extended oplock request bit
1707 and we granted one (by whatever means) - set the
1708 correct bit for extended oplock reply.
1711 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1712 smb_action |= EXTENDED_OPLOCK_GRANTED;
1715 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1716 smb_action |= EXTENDED_OPLOCK_GRANTED;
1719 /* If the caller set the core oplock request bit
1720 and we granted one (by whatever means) - set the
1721 correct bit for core oplock reply.
1724 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1725 reply_outbuf(req, 19, 0);
1727 reply_outbuf(req, 15, 0);
1730 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1731 SCVAL(req->outbuf, smb_flg,
1732 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1735 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1736 SCVAL(req->outbuf, smb_flg,
1737 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1740 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1741 SSVAL(req->outbuf,smb_vwv3,fattr);
1742 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1743 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1745 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1747 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1748 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1749 SSVAL(req->outbuf,smb_vwv11,smb_action);
1751 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1752 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1755 END_PROFILE(SMBopenX);
1756 chain_reply_new(req);
1760 /****************************************************************************
1761 Reply to a SMBulogoffX.
1762 conn POINTER CAN BE NULL HERE !
1763 ****************************************************************************/
1765 void reply_ulogoffX(connection_struct *conn, struct smb_request *req)
1769 START_PROFILE(SMBulogoffX);
1771 vuser = get_valid_user_struct(req->vuid);
1774 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1778 /* in user level security we are supposed to close any files
1779 open by this user */
1780 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1781 file_close_user(req->vuid);
1784 invalidate_vuid(req->vuid);
1786 reply_outbuf(req, 2, 0);
1788 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1790 END_PROFILE(SMBulogoffX);
1791 chain_reply_new(req);
1794 /****************************************************************************
1795 Reply to a mknew or a create.
1796 ****************************************************************************/
1798 void reply_mknew(connection_struct *conn, struct smb_request *req)
1803 struct timespec ts[2];
1805 int oplock_request = 0;
1806 SMB_STRUCT_STAT sbuf;
1808 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1809 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1810 uint32 create_disposition;
1811 uint32 create_options = 0;
1813 START_PROFILE(SMBcreate);
1816 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1817 END_PROFILE(SMBcreate);
1821 fattr = SVAL(req->inbuf,smb_vwv0);
1822 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1823 com = SVAL(req->inbuf,smb_com);
1825 ts[1] =convert_time_t_to_timespec(
1826 srv_make_unix_date3(req->inbuf + smb_vwv1));
1829 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1830 smb_buf(req->inbuf) + 1, sizeof(fname), 0,
1831 STR_TERMINATE, &status);
1832 if (!NT_STATUS_IS_OK(status)) {
1833 reply_nterror(req, status);
1834 END_PROFILE(SMBcreate);
1838 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1840 if (!NT_STATUS_IS_OK(status)) {
1841 END_PROFILE(SMBcreate);
1842 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1843 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1844 ERRSRV, ERRbadpath);
1847 reply_nterror(req, status);
1851 status = unix_convert(conn, fname, False, NULL, &sbuf);
1852 if (!NT_STATUS_IS_OK(status)) {
1853 reply_nterror(req, status);
1854 END_PROFILE(SMBcreate);
1858 status = check_name(conn, fname);
1859 if (!NT_STATUS_IS_OK(status)) {
1860 reply_nterror(req, status);
1861 END_PROFILE(SMBcreate);
1865 if (fattr & aVOLID) {
1866 DEBUG(0,("Attempt to create file (%s) with volid set - "
1867 "please report this\n", fname));
1870 if(com == SMBmknew) {
1871 /* We should fail if file exists. */
1872 create_disposition = FILE_CREATE;
1874 /* Create if file doesn't exist, truncate if it does. */
1875 create_disposition = FILE_OVERWRITE_IF;
1878 /* Open file using ntcreate. */
1879 status = open_file_ntcreate(conn, req, fname, &sbuf,
1888 if (!NT_STATUS_IS_OK(status)) {
1889 END_PROFILE(SMBcreate);
1890 if (open_was_deferred(req->mid)) {
1891 /* We have re-scheduled this call. */
1894 reply_nterror(req, status);
1898 ts[0] = get_atimespec(&sbuf); /* atime. */
1899 file_ntimes(conn, fname, ts);
1901 reply_outbuf(req, 1, 0);
1903 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1905 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1906 SCVAL(req->outbuf,smb_flg,
1907 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1910 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1911 SCVAL(req->outbuf,smb_flg,
1912 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1915 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1916 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
1917 fname, fsp->fh->fd, (unsigned int)fattr ) );
1919 END_PROFILE(SMBcreate);
1923 /****************************************************************************
1924 Reply to a create temporary file.
1925 ****************************************************************************/
1927 void reply_ctemp(connection_struct *conn, struct smb_request *req)
1934 SMB_STRUCT_STAT sbuf;
1938 START_PROFILE(SMBctemp);
1941 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1942 END_PROFILE(SMBctemp);
1946 fattr = SVAL(req->inbuf,smb_vwv0);
1947 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1949 srvstr_get_path((char *)req->inbuf, req->flags2, fname,
1950 smb_buf(req->inbuf)+1, sizeof(fname), 0, STR_TERMINATE,
1952 if (!NT_STATUS_IS_OK(status)) {
1953 reply_nterror(req, status);
1954 END_PROFILE(SMBctemp);
1958 pstrcat(fname,"/TMXXXXXX");
1960 pstrcat(fname,"TMXXXXXX");
1963 status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
1965 if (!NT_STATUS_IS_OK(status)) {
1966 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1967 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1968 ERRSRV, ERRbadpath);
1969 END_PROFILE(SMBctemp);
1972 reply_nterror(req, status);
1973 END_PROFILE(SMBctemp);
1977 status = unix_convert(conn, fname, False, NULL, &sbuf);
1978 if (!NT_STATUS_IS_OK(status)) {
1979 reply_nterror(req, status);
1980 END_PROFILE(SMBctemp);
1984 status = check_name(conn, fname);
1985 if (!NT_STATUS_IS_OK(status)) {
1986 reply_nterror(req, status);
1987 END_PROFILE(SMBctemp);
1991 tmpfd = smb_mkstemp(fname);
1993 reply_unixerror(req, ERRDOS, ERRnoaccess);
1994 END_PROFILE(SMBctemp);
1998 SMB_VFS_STAT(conn,fname,&sbuf);
2000 /* We should fail if file does not exist. */
2001 status = open_file_ntcreate(conn, req, fname, &sbuf,
2002 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2003 FILE_SHARE_READ|FILE_SHARE_WRITE,
2010 /* close fd from smb_mkstemp() */
2013 if (!NT_STATUS_IS_OK(status)) {
2014 if (open_was_deferred(req->mid)) {
2015 /* We have re-scheduled this call. */
2016 END_PROFILE(SMBctemp);
2019 reply_nterror(req, status);
2020 END_PROFILE(SMBctemp);
2024 reply_outbuf(req, 1, 0);
2025 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2027 /* the returned filename is relative to the directory */
2028 s = strrchr_m(fname, '/');
2036 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2037 thing in the byte section. JRA */
2038 SSVALS(p, 0, -1); /* what is this? not in spec */
2040 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2042 reply_nterror(req, NT_STATUS_NO_MEMORY);
2043 END_PROFILE(SMBctemp);
2047 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2048 SCVAL(req->outbuf, smb_flg,
2049 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2052 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2053 SCVAL(req->outbuf, smb_flg,
2054 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2057 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2058 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2059 (unsigned int)sbuf.st_mode ) );
2061 END_PROFILE(SMBctemp);
2065 /*******************************************************************
2066 Check if a user is allowed to rename a file.
2067 ********************************************************************/
2069 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2070 uint16 dirtype, SMB_STRUCT_STAT *pst)
2074 if (!CAN_WRITE(conn)) {
2075 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2078 fmode = dos_mode(conn, fsp->fsp_name, pst);
2079 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2080 return NT_STATUS_NO_SUCH_FILE;
2083 if (S_ISDIR(pst->st_mode)) {
2084 return NT_STATUS_OK;
2087 if (fsp->access_mask & DELETE_ACCESS) {
2088 return NT_STATUS_OK;
2091 return NT_STATUS_ACCESS_DENIED;
2094 /*******************************************************************
2095 * unlink a file with all relevant access checks
2096 *******************************************************************/
2098 static NTSTATUS do_unlink(connection_struct *conn, struct smb_request *req,
2099 char *fname, uint32 dirtype)
2101 SMB_STRUCT_STAT sbuf;
2104 uint32 dirtype_orig = dirtype;
2107 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2109 if (!CAN_WRITE(conn)) {
2110 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2113 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2114 return map_nt_error_from_unix(errno);
2117 fattr = dos_mode(conn,fname,&sbuf);
2119 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2120 dirtype = aDIR|aARCH|aRONLY;
2123 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2125 return NT_STATUS_NO_SUCH_FILE;
2128 if (!dir_check_ftype(conn, fattr, dirtype)) {
2130 return NT_STATUS_FILE_IS_A_DIRECTORY;
2132 return NT_STATUS_NO_SUCH_FILE;
2135 if (dirtype_orig & 0x8000) {
2136 /* These will never be set for POSIX. */
2137 return NT_STATUS_NO_SUCH_FILE;
2141 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2142 return NT_STATUS_FILE_IS_A_DIRECTORY;
2145 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2146 return NT_STATUS_NO_SUCH_FILE;
2149 if (dirtype & 0xFF00) {
2150 /* These will never be set for POSIX. */
2151 return NT_STATUS_NO_SUCH_FILE;
2156 return NT_STATUS_NO_SUCH_FILE;
2159 /* Can't delete a directory. */
2161 return NT_STATUS_FILE_IS_A_DIRECTORY;
2166 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2167 return NT_STATUS_OBJECT_NAME_INVALID;
2168 #endif /* JRATEST */
2170 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2172 On a Windows share, a file with read-only dosmode can be opened with
2173 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2174 fails with NT_STATUS_CANNOT_DELETE error.
2176 This semantic causes a problem that a user can not
2177 rename a file with read-only dosmode on a Samba share
2178 from a Windows command prompt (i.e. cmd.exe, but can rename
2179 from Windows Explorer).
2182 if (!lp_delete_readonly(SNUM(conn))) {
2183 if (fattr & aRONLY) {
2184 return NT_STATUS_CANNOT_DELETE;
2188 /* On open checks the open itself will check the share mode, so
2189 don't do it here as we'll get it wrong. */
2191 status = open_file_ntcreate(conn, req, fname, &sbuf,
2196 FILE_ATTRIBUTE_NORMAL,
2197 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2200 if (!NT_STATUS_IS_OK(status)) {
2201 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2202 nt_errstr(status)));
2206 /* The set is across all open files on this dev/inode pair. */
2207 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2208 close_file(fsp, NORMAL_CLOSE);
2209 return NT_STATUS_ACCESS_DENIED;
2212 return close_file(fsp,NORMAL_CLOSE);
2215 /****************************************************************************
2216 The guts of the unlink command, split out so it may be called by the NT SMB
2218 ****************************************************************************/
2220 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2221 uint32 dirtype, char *name, BOOL has_wild)
2227 NTSTATUS status = NT_STATUS_OK;
2228 SMB_STRUCT_STAT sbuf;
2230 *directory = *mask = 0;
2232 status = unix_convert(conn, name, has_wild, NULL, &sbuf);
2233 if (!NT_STATUS_IS_OK(status)) {
2237 p = strrchr_m(name,'/');
2239 pstrcpy(directory,".");
2243 pstrcpy(directory,name);
2248 * We should only check the mangled cache
2249 * here if unix_convert failed. This means
2250 * that the path in 'mask' doesn't exist
2251 * on the file system and so we need to look
2252 * for a possible mangle. This patch from
2253 * Tine Smukavec <valentin.smukavec@hermes.si>.
2256 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params))
2257 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
2260 pstrcat(directory,"/");
2261 pstrcat(directory,mask);
2263 dirtype = FILE_ATTRIBUTE_NORMAL;
2266 status = check_name(conn, directory);
2267 if (!NT_STATUS_IS_OK(status)) {
2271 status = do_unlink(conn, req, directory, dirtype);
2272 if (!NT_STATUS_IS_OK(status)) {
2278 struct smb_Dir *dir_hnd = NULL;
2282 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2283 return NT_STATUS_OBJECT_NAME_INVALID;
2286 if (strequal(mask,"????????.???")) {
2290 status = check_name(conn, directory);
2291 if (!NT_STATUS_IS_OK(status)) {
2295 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2296 if (dir_hnd == NULL) {
2297 return map_nt_error_from_unix(errno);
2300 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2301 the pattern matches against the long name, otherwise the short name
2302 We don't implement this yet XXXX
2305 status = NT_STATUS_NO_SUCH_FILE;
2307 while ((dname = ReadDirName(dir_hnd, &offset))) {
2310 pstrcpy(fname,dname);
2312 if (!is_visible_file(conn, directory, dname, &st, True)) {
2316 /* Quick check for "." and ".." */
2317 if (fname[0] == '.') {
2318 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2323 if(!mask_match(fname, mask, conn->case_sensitive)) {
2327 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2329 status = check_name(conn, fname);
2330 if (!NT_STATUS_IS_OK(status)) {
2335 status = do_unlink(conn, req, fname, dirtype);
2336 if (!NT_STATUS_IS_OK(status)) {
2341 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2347 if (count == 0 && NT_STATUS_IS_OK(status)) {
2348 status = map_nt_error_from_unix(errno);
2354 /****************************************************************************
2356 ****************************************************************************/
2358 void reply_unlink(connection_struct *conn, struct smb_request *req)
2363 BOOL path_contains_wcard = False;
2365 START_PROFILE(SMBunlink);
2368 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2369 END_PROFILE(SMBunlink);
2373 dirtype = SVAL(req->inbuf,smb_vwv0);
2375 srvstr_get_path_wcard((char *)req->inbuf, req->flags2, name,
2376 smb_buf(req->inbuf) + 1, sizeof(name), 0,
2377 STR_TERMINATE, &status, &path_contains_wcard);
2378 if (!NT_STATUS_IS_OK(status)) {
2379 reply_nterror(req, status);
2380 END_PROFILE(SMBunlink);
2384 status = resolve_dfspath_wcard(conn,
2385 req->flags2 & FLAGS2_DFS_PATHNAMES,
2386 name, &path_contains_wcard);
2387 if (!NT_STATUS_IS_OK(status)) {
2388 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2389 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2390 ERRSRV, ERRbadpath);
2391 END_PROFILE(SMBunlink);
2394 reply_nterror(req, status);
2395 END_PROFILE(SMBunlink);
2399 DEBUG(3,("reply_unlink : %s\n",name));
2401 status = unlink_internals(conn, req, dirtype, name,
2402 path_contains_wcard);
2403 if (!NT_STATUS_IS_OK(status)) {
2404 if (open_was_deferred(req->mid)) {
2405 /* We have re-scheduled this call. */
2406 END_PROFILE(SMBunlink);
2409 reply_nterror(req, status);
2410 END_PROFILE(SMBunlink);
2414 reply_outbuf(req, 0, 0);
2415 END_PROFILE(SMBunlink);
2420 /****************************************************************************
2422 ****************************************************************************/
2424 static void fail_readraw(void)
2427 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2429 exit_server_cleanly(errstr);
2432 /****************************************************************************
2433 Fake (read/write) sendfile. Returns -1 on read or write fail.
2434 ****************************************************************************/
2436 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2440 size_t tosend = nread;
2447 bufsize = MIN(nread, 65536);
2449 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2453 while (tosend > 0) {
2457 if (tosend > bufsize) {
2462 ret = read_file(fsp,buf,startpos,cur_read);
2468 /* If we had a short read, fill with zeros. */
2469 if (ret < cur_read) {
2470 memset(buf, '\0', cur_read - ret);
2473 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2478 startpos += cur_read;
2482 return (ssize_t)nread;
2485 /****************************************************************************
2486 Return a readbraw error (4 bytes of zero).
2487 ****************************************************************************/
2489 static void reply_readbraw_error(void)
2493 if (write_data(smbd_server_fd(),header,4) != 4) {
2498 /****************************************************************************
2499 Use sendfile in readbraw.
2500 ****************************************************************************/
2502 void send_file_readbraw(connection_struct *conn,
2508 char *outbuf = NULL;
2511 #if defined(WITH_SENDFILE)
2513 * We can only use sendfile on a non-chained packet
2514 * but we can use on a non-oplocked file. tridge proved this
2515 * on a train in Germany :-). JRA.
2516 * reply_readbraw has already checked the length.
2519 if ( (chain_size == 0) && (nread > 0) &&
2520 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2522 DATA_BLOB header_blob;
2524 _smb_setlen(header,nread);
2525 header_blob = data_blob_const(header, 4);
2527 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd,
2528 &header_blob, startpos, nread) == -1) {
2529 /* Returning ENOSYS means no data at all was sent.
2530 * Do this as a normal read. */
2531 if (errno == ENOSYS) {
2532 goto normal_readbraw;
2536 * Special hack for broken Linux with no working sendfile. If we
2537 * return EINTR we sent the header but not the rest of the data.
2538 * Fake this up by doing read/write calls.
2540 if (errno == EINTR) {
2541 /* Ensure we don't do this again. */
2542 set_use_sendfile(SNUM(conn), False);
2543 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2545 if (fake_sendfile(fsp, startpos, nread) == -1) {
2546 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2547 fsp->fsp_name, strerror(errno) ));
2548 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2553 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2554 fsp->fsp_name, strerror(errno) ));
2555 exit_server_cleanly("send_file_readbraw sendfile failed");
2564 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2566 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2567 (unsigned)(nread+4)));
2568 reply_readbraw_error();
2573 ret = read_file(fsp,outbuf+4,startpos,nread);
2574 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2583 _smb_setlen(outbuf,ret);
2584 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2587 TALLOC_FREE(outbuf);
2590 /****************************************************************************
2591 Reply to a readbraw (core+ protocol).
2592 ****************************************************************************/
2594 void reply_readbraw(connection_struct *conn, struct smb_request *req)
2596 ssize_t maxcount,mincount;
2603 START_PROFILE(SMBreadbraw);
2605 if (srv_is_signing_active()) {
2606 exit_server_cleanly("reply_readbraw: SMB signing is active - "
2607 "raw reads/writes are disallowed.");
2611 reply_readbraw_error();
2612 END_PROFILE(SMBreadbraw);
2617 * Special check if an oplock break has been issued
2618 * and the readraw request croses on the wire, we must
2619 * return a zero length response here.
2622 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2625 * We have to do a check_fsp by hand here, as
2626 * we must always return 4 zero bytes on error,
2630 if (!fsp || !conn || conn != fsp->conn ||
2631 current_user.vuid != fsp->vuid ||
2632 fsp->is_directory || fsp->fh->fd == -1) {
2634 * fsp could be NULL here so use the value from the packet. JRA.
2636 DEBUG(3,("reply_readbraw: fnum %d not valid "
2638 (int)SVAL(req->inbuf,smb_vwv0)));
2639 reply_readbraw_error();
2640 END_PROFILE(SMBreadbraw);
2644 /* Do a "by hand" version of CHECK_READ. */
2645 if (!(fsp->can_read ||
2646 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2647 (fsp->access_mask & FILE_EXECUTE)))) {
2648 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2649 (int)SVAL(req->inbuf,smb_vwv0)));
2650 reply_readbraw_error();
2651 END_PROFILE(SMBreadbraw);
2655 flush_write_cache(fsp, READRAW_FLUSH);
2657 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2658 if(req->wct == 10) {
2660 * This is a large offset (64 bit) read.
2662 #ifdef LARGE_SMB_OFF_T
2664 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2666 #else /* !LARGE_SMB_OFF_T */
2669 * Ensure we haven't been sent a >32 bit offset.
2672 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2673 DEBUG(0,("reply_readbraw: large offset "
2674 "(%x << 32) used and we don't support "
2675 "64 bit offsets.\n",
2676 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2677 reply_readbraw_error();
2678 END_PROFILE(SMBreadbraw);
2682 #endif /* LARGE_SMB_OFF_T */
2685 DEBUG(0,("reply_readbraw: negative 64 bit "
2686 "readraw offset (%.0f) !\n",
2687 (double)startpos ));
2688 reply_readbraw_error();
2689 END_PROFILE(SMBreadbraw);
2694 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2695 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2697 /* ensure we don't overrun the packet size */
2698 maxcount = MIN(65535,maxcount);
2700 if (is_locked(fsp,(uint32)req->smbpid,
2701 (SMB_BIG_UINT)maxcount,
2702 (SMB_BIG_UINT)startpos,
2704 reply_readbraw_error();
2705 END_PROFILE(SMBreadbraw);
2709 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2713 if (startpos >= size) {
2716 nread = MIN(maxcount,(size - startpos));
2719 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2720 if (nread < mincount)
2724 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2725 "min=%lu nread=%lu\n",
2726 fsp->fnum, (double)startpos,
2727 (unsigned long)maxcount,
2728 (unsigned long)mincount,
2729 (unsigned long)nread ) );
2731 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2733 DEBUG(5,("reply_readbraw finished\n"));
2734 END_PROFILE(SMBreadbraw);
2738 #define DBGC_CLASS DBGC_LOCKING
2740 /****************************************************************************
2741 Reply to a lockread (core+ protocol).
2742 ****************************************************************************/
2744 int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz)
2752 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
2753 struct byte_range_lock *br_lck = NULL;
2754 START_PROFILE(SMBlockread);
2756 CHECK_FSP(fsp,conn);
2757 if (!CHECK_READ(fsp,inbuf)) {
2758 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2761 release_level_2_oplocks_on_change(fsp);
2763 numtoread = SVAL(inbuf,smb_vwv1);
2764 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2766 outsize = set_message(inbuf,outbuf,5,3,True);
2767 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2768 data = smb_buf(outbuf) + 3;
2771 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2772 * protocol request that predates the read/write lock concept.
2773 * Thus instead of asking for a read lock here we need to ask
2774 * for a write lock. JRA.
2775 * Note that the requested lock size is unaffected by max_recv.
2778 br_lck = do_lock(smbd_messaging_context(),
2780 (uint32)SVAL(inbuf,smb_pid),
2781 (SMB_BIG_UINT)numtoread,
2782 (SMB_BIG_UINT)startpos,
2785 False, /* Non-blocking lock. */
2788 TALLOC_FREE(br_lck);
2790 if (NT_STATUS_V(status)) {
2791 END_PROFILE(SMBlockread);
2792 return ERROR_NT(status);
2796 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2799 if (numtoread > max_recv) {
2800 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2801 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2802 (unsigned int)numtoread, (unsigned int)max_recv ));
2803 numtoread = MIN(numtoread,max_recv);
2805 nread = read_file(fsp,data,startpos,numtoread);
2808 END_PROFILE(SMBlockread);
2809 return(UNIXERROR(ERRDOS,ERRnoaccess));
2813 SSVAL(outbuf,smb_vwv0,nread);
2814 SSVAL(outbuf,smb_vwv5,nread+3);
2815 SSVAL(smb_buf(outbuf),1,nread);
2817 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2818 fsp->fnum, (int)numtoread, (int)nread));
2820 END_PROFILE(SMBlockread);
2825 #define DBGC_CLASS DBGC_ALL
2827 /****************************************************************************
2829 ****************************************************************************/
2831 int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2838 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
2839 START_PROFILE(SMBread);
2841 CHECK_FSP(fsp,conn);
2842 if (!CHECK_READ(fsp,inbuf)) {
2843 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2846 numtoread = SVAL(inbuf,smb_vwv1);
2847 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2849 outsize = set_message(inbuf,outbuf,5,3,True);
2850 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2852 * The requested read size cannot be greater than max_recv. JRA.
2854 if (numtoread > max_recv) {
2855 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
2856 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2857 (unsigned int)numtoread, (unsigned int)max_recv ));
2858 numtoread = MIN(numtoread,max_recv);
2861 data = smb_buf(outbuf) + 3;
2863 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2864 END_PROFILE(SMBread);
2865 return ERROR_DOS(ERRDOS,ERRlock);
2869 nread = read_file(fsp,data,startpos,numtoread);
2872 END_PROFILE(SMBread);
2873 return(UNIXERROR(ERRDOS,ERRnoaccess));
2877 SSVAL(outbuf,smb_vwv0,nread);
2878 SSVAL(outbuf,smb_vwv5,nread+3);
2879 SCVAL(smb_buf(outbuf),0,1);
2880 SSVAL(smb_buf(outbuf),1,nread);
2882 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
2883 fsp->fnum, (int)numtoread, (int)nread ) );
2885 END_PROFILE(SMBread);
2889 /****************************************************************************
2891 ****************************************************************************/
2893 static int setup_readX_header(const uint8 *inbuf, uint8 *outbuf,
2899 outsize = set_message((char *)inbuf, (char *)outbuf,12,smb_maxcnt,
2901 data = smb_buf(outbuf);
2903 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2904 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
2905 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2906 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
2907 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
2908 SCVAL(outbuf,smb_vwv0,0xFF);
2909 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
2910 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
2914 /****************************************************************************
2915 Reply to a read and X - possibly using sendfile.
2916 ****************************************************************************/
2918 static void send_file_readX(connection_struct *conn, struct smb_request *req,
2919 files_struct *fsp, SMB_OFF_T startpos,
2922 SMB_STRUCT_STAT sbuf;
2925 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
2926 reply_unixerror(req, ERRDOS, ERRnoaccess);
2930 if (startpos > sbuf.st_size) {
2932 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
2933 smb_maxcnt = (sbuf.st_size - startpos);
2936 if (smb_maxcnt == 0) {
2940 #if defined(WITH_SENDFILE)
2942 * We can only use sendfile on a non-chained packet
2943 * but we can use on a non-oplocked file. tridge proved this
2944 * on a train in Germany :-). JRA.
2947 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
2948 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
2949 uint8 headerbuf[smb_size + 12 * 2];
2953 * Set up the packet header before send. We
2954 * assume here the sendfile will work (get the
2955 * correct amount of data).
2958 header = data_blob_const(headerbuf, sizeof(headerbuf));
2960 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
2961 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
2963 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
2964 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2965 if (errno == ENOSYS) {
2970 * Special hack for broken Linux with no working sendfile. If we
2971 * return EINTR we sent the header but not the rest of the data.
2972 * Fake this up by doing read/write calls.
2975 if (errno == EINTR) {
2976 /* Ensure we don't do this again. */
2977 set_use_sendfile(SNUM(conn), False);
2978 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
2979 nread = fake_sendfile(fsp, startpos,
2982 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
2983 fsp->fsp_name, strerror(errno) ));
2984 exit_server_cleanly("send_file_readX: fake_sendfile failed");
2986 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
2987 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2988 /* No outbuf here means successful sendfile. */
2989 TALLOC_FREE(req->outbuf);
2993 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
2994 fsp->fsp_name, strerror(errno) ));
2995 exit_server_cleanly("send_file_readX sendfile failed");
2998 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
2999 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3000 /* No outbuf here means successful sendfile. */
3001 TALLOC_FREE(req->outbuf);
3009 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3010 uint8 headerbuf[smb_size + 2*12];
3012 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3013 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
3015 /* Send out the header. */
3016 if (write_data(smbd_server_fd(), (char *)headerbuf,
3017 sizeof(headerbuf)) != sizeof(headerbuf)) {
3018 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3019 fsp->fsp_name, strerror(errno) ));
3020 exit_server_cleanly("send_file_readX sendfile failed");
3022 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3024 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3025 fsp->fsp_name, strerror(errno) ));
3026 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3028 TALLOC_FREE(req->outbuf);
3031 reply_outbuf(req, 12, smb_maxcnt);
3033 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3036 reply_unixerror(req, ERRDOS, ERRnoaccess);
3040 setup_readX_header(req->inbuf, req->outbuf, nread);
3042 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3043 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3045 chain_reply_new(req);
3051 /****************************************************************************
3052 Reply to a read and X.
3053 ****************************************************************************/
3055 void reply_read_and_X(connection_struct *conn, struct smb_request *req)
3060 BOOL big_readX = False;
3062 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3065 START_PROFILE(SMBreadX);
3067 if ((req->wct != 10) && (req->wct != 12)) {
3068 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3072 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3073 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3074 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3076 /* If it's an IPC, pass off the pipe handler. */
3078 reply_pipe_read_and_X(req);
3079 END_PROFILE(SMBreadX);
3083 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3084 END_PROFILE(SMBreadX);
3088 if (!CHECK_READ(fsp,req->inbuf)) {
3089 reply_doserror(req, ERRDOS,ERRbadaccess);
3090 END_PROFILE(SMBreadX);
3094 if (global_client_caps & CAP_LARGE_READX) {
3095 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3096 smb_maxcnt |= (upper_size<<16);
3097 if (upper_size > 1) {
3098 /* Can't do this on a chained packet. */
3099 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3100 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3101 END_PROFILE(SMBreadX);
3104 /* We currently don't do this on signed or sealed data. */
3105 if (srv_is_signing_active() || srv_encryption_on()) {
3106 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3107 END_PROFILE(SMBreadX);
3110 /* Is there room in the reply for this data ? */
3111 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3113 NT_STATUS_INVALID_PARAMETER);
3114 END_PROFILE(SMBreadX);
3121 if (req->wct == 12) {
3122 #ifdef LARGE_SMB_OFF_T
3124 * This is a large offset (64 bit) read.
3126 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3128 #else /* !LARGE_SMB_OFF_T */
3131 * Ensure we haven't been sent a >32 bit offset.
3134 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3135 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3136 "used and we don't support 64 bit offsets.\n",
3137 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3138 END_PROFILE(SMBreadX);
3139 reply_doserror(req, ERRDOS, ERRbadaccess);
3143 #endif /* LARGE_SMB_OFF_T */
3147 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3148 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3149 END_PROFILE(SMBreadX);
3150 reply_doserror(req, ERRDOS, ERRlock);
3155 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3156 END_PROFILE(SMBreadX);
3157 reply_post_legacy(req, -1);
3161 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3163 END_PROFILE(SMBreadX);
3167 /****************************************************************************
3168 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3169 ****************************************************************************/
3171 int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3174 ssize_t total_written=0;
3175 size_t numtowrite=0;
3180 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3183 START_PROFILE(SMBwritebraw);
3185 if (srv_is_signing_active()) {
3186 exit_server_cleanly("reply_writebraw: SMB signing is active - raw reads/writes are disallowed.");
3189 CHECK_FSP(fsp,conn);
3190 if (!CHECK_WRITE(fsp)) {
3191 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3194 tcount = IVAL(inbuf,smb_vwv1);
3195 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
3196 write_through = BITSETW(inbuf+smb_vwv7,0);
3198 /* We have to deal with slightly different formats depending
3199 on whether we are using the core+ or lanman1.0 protocol */
3201 if(Protocol <= PROTOCOL_COREPLUS) {
3202 numtowrite = SVAL(smb_buf(inbuf),-2);
3203 data = smb_buf(inbuf);
3205 numtowrite = SVAL(inbuf,smb_vwv10);
3206 data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
3209 /* force the error type */
3210 SCVAL(inbuf,smb_com,SMBwritec);
3211 SCVAL(outbuf,smb_com,SMBwritec);
3213 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3214 END_PROFILE(SMBwritebraw);
3215 return(ERROR_DOS(ERRDOS,ERRlock));
3219 nwritten = write_file(fsp,data,startpos,numtowrite);
3221 DEBUG(3,("writebraw1 fnum=%d start=%.0f num=%d wrote=%d sync=%d\n",
3222 fsp->fnum, (double)startpos, (int)numtowrite, (int)nwritten, (int)write_through));
3224 if (nwritten < (ssize_t)numtowrite) {
3225 END_PROFILE(SMBwritebraw);
3226 return(UNIXERROR(ERRHRD,ERRdiskfull));
3229 total_written = nwritten;
3231 /* Return a message to the redirector to tell it to send more bytes */
3232 SCVAL(outbuf,smb_com,SMBwritebraw);
3233 SSVALS(outbuf,smb_vwv0,-1);
3234 outsize = set_message(inbuf,outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3236 if (!send_smb(smbd_server_fd(),outbuf))
3237 exit_server_cleanly("reply_writebraw: send_smb failed.");
3239 /* Now read the raw data into the buffer and write it */
3240 if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
3241 exit_server_cleanly("secondary writebraw failed");
3244 /* Even though this is not an smb message, smb_len returns the generic length of an smb message */
3245 numtowrite = smb_len(inbuf);
3247 /* Set up outbuf to return the correct return */
3248 outsize = set_message(inbuf,outbuf,1,0,True);
3249 SCVAL(outbuf,smb_com,SMBwritec);
3251 if (numtowrite != 0) {
3253 if (numtowrite > BUFFER_SIZE) {
3254 DEBUG(0,("reply_writebraw: Oversize secondary write raw requested (%u). Terminating\n",
3255 (unsigned int)numtowrite ));
3256 exit_server_cleanly("secondary writebraw failed");
3259 if (tcount > nwritten+numtowrite) {
3260 DEBUG(3,("Client overestimated the write %d %d %d\n",
3261 (int)tcount,(int)nwritten,(int)numtowrite));
3264 if (read_data( smbd_server_fd(), inbuf+4, numtowrite) != numtowrite ) {
3265 DEBUG(0,("reply_writebraw: Oversize secondary write raw read failed (%s). Terminating\n",
3267 exit_server_cleanly("secondary writebraw failed");
3270 nwritten = write_file(fsp,inbuf+4,startpos+nwritten,numtowrite);
3271 if (nwritten == -1) {
3272 END_PROFILE(SMBwritebraw);
3273 return(UNIXERROR(ERRHRD,ERRdiskfull));
3276 if (nwritten < (ssize_t)numtowrite) {
3277 SCVAL(outbuf,smb_rcls,ERRHRD);
3278 SSVAL(outbuf,smb_err,ERRdiskfull);
3282 total_written += nwritten;
3285 SSVAL(outbuf,smb_vwv0,total_written);
3287 status = sync_file(conn, fsp, write_through);
3288 if (!NT_STATUS_IS_OK(status)) {
3289 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3290 fsp->fsp_name, nt_errstr(status) ));
3291 END_PROFILE(SMBwritebraw);
3292 return ERROR_NT(status);
3295 DEBUG(3,("writebraw2 fnum=%d start=%.0f num=%d wrote=%d\n",
3296 fsp->fnum, (double)startpos, (int)numtowrite,(int)total_written));
3298 /* we won't return a status if write through is not selected - this follows what WfWg does */
3299 END_PROFILE(SMBwritebraw);
3300 if (!write_through && total_written==tcount) {
3302 #if RABBIT_PELLET_FIX
3304 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3305 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
3307 if (!send_keepalive(smbd_server_fd()))
3308 exit_server_cleanly("reply_writebraw: send of keepalive failed");
3317 #define DBGC_CLASS DBGC_LOCKING
3319 /****************************************************************************
3320 Reply to a writeunlock (core+).
3321 ****************************************************************************/
3323 int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf,
3324 int size, int dum_buffsize)
3326 ssize_t nwritten = -1;
3330 NTSTATUS status = NT_STATUS_OK;
3331 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3333 START_PROFILE(SMBwriteunlock);
3335 CHECK_FSP(fsp,conn);
3336 if (!CHECK_WRITE(fsp)) {
3337 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3340 numtowrite = SVAL(inbuf,smb_vwv1);
3341 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3342 data = smb_buf(inbuf) + 3;
3344 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3345 END_PROFILE(SMBwriteunlock);
3346 return ERROR_DOS(ERRDOS,ERRlock);
3349 /* The special X/Open SMB protocol handling of
3350 zero length writes is *NOT* done for
3352 if(numtowrite == 0) {
3355 nwritten = write_file(fsp,data,startpos,numtowrite);
3358 status = sync_file(conn, fsp, False /* write through */);
3359 if (!NT_STATUS_IS_OK(status)) {
3360 END_PROFILE(SMBwriteunlock);
3361 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3362 fsp->fsp_name, nt_errstr(status) ));
3363 return ERROR_NT(status);
3366 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3367 END_PROFILE(SMBwriteunlock);
3368 return(UNIXERROR(ERRHRD,ERRdiskfull));
3372 status = do_unlock(smbd_messaging_context(),
3374 (uint32)SVAL(inbuf,smb_pid),
3375 (SMB_BIG_UINT)numtowrite,
3376 (SMB_BIG_UINT)startpos,
3379 if (NT_STATUS_V(status)) {
3380 END_PROFILE(SMBwriteunlock);
3381 return ERROR_NT(status);
3385 outsize = set_message(inbuf,outbuf,1,0,True);
3387 SSVAL(outbuf,smb_vwv0,nwritten);
3389 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3390 fsp->fnum, (int)numtowrite, (int)nwritten));
3392 END_PROFILE(SMBwriteunlock);
3397 #define DBGC_CLASS DBGC_ALL
3399 /****************************************************************************
3401 ****************************************************************************/
3403 int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int dum_buffsize)
3406 ssize_t nwritten = -1;
3409 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3412 START_PROFILE(SMBwrite);
3414 /* If it's an IPC, pass off the pipe handler. */
3416 END_PROFILE(SMBwrite);
3417 return reply_pipe_write(inbuf,outbuf,size,dum_buffsize);
3420 CHECK_FSP(fsp,conn);
3421 if (!CHECK_WRITE(fsp)) {
3422 END_PROFILE(SMBwrite);
3423 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3426 numtowrite = SVAL(inbuf,smb_vwv1);
3427 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3428 data = smb_buf(inbuf) + 3;
3430 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3431 END_PROFILE(SMBwrite);
3432 return ERROR_DOS(ERRDOS,ERRlock);
3436 * X/Open SMB protocol says that if smb_vwv1 is
3437 * zero then the file size should be extended or
3438 * truncated to the size given in smb_vwv[2-3].
3441 if(numtowrite == 0) {
3443 * This is actually an allocate call, and set EOF. JRA.
3445 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3447 END_PROFILE(SMBwrite);
3448 return ERROR_NT(NT_STATUS_DISK_FULL);
3450 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3452 END_PROFILE(SMBwrite);
3453 return ERROR_NT(NT_STATUS_DISK_FULL);
3456 nwritten = write_file(fsp,data,startpos,numtowrite);
3458 status = sync_file(conn, fsp, False);
3459 if (!NT_STATUS_IS_OK(status)) {
3460 END_PROFILE(SMBwrite);
3461 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3462 fsp->fsp_name, nt_errstr(status) ));
3463 return ERROR_NT(status);
3466 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3467 END_PROFILE(SMBwrite);
3468 return(UNIXERROR(ERRHRD,ERRdiskfull));
3471 outsize = set_message(inbuf,outbuf,1,0,True);
3473 SSVAL(outbuf,smb_vwv0,nwritten);
3475 if (nwritten < (ssize_t)numtowrite) {
3476 SCVAL(outbuf,smb_rcls,ERRHRD);
3477 SSVAL(outbuf,smb_err,ERRdiskfull);
3480 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3482 END_PROFILE(SMBwrite);
3486 /****************************************************************************
3487 Reply to a write and X.
3488 ****************************************************************************/
3490 void reply_write_and_X(connection_struct *conn, struct smb_request *req)
3497 unsigned int smb_doff;
3498 unsigned int smblen;
3503 START_PROFILE(SMBwriteX);
3505 if ((req->wct != 12) && (req->wct != 14)) {
3506 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3507 END_PROFILE(SMBwriteX);
3511 numtowrite = SVAL(req->inbuf,smb_vwv10);
3512 smb_doff = SVAL(req->inbuf,smb_vwv11);
3513 smblen = smb_len(req->inbuf);
3514 large_writeX = ((req->wct == 14) && (smblen > 0xFFFF));
3516 /* Deal with possible LARGE_WRITEX */
3518 numtowrite |= ((((size_t)SVAL(req->inbuf,smb_vwv9)) & 1 )<<16);
3521 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3522 reply_doserror(req, ERRDOS, ERRbadmem);
3523 END_PROFILE(SMBwriteX);
3527 /* If it's an IPC, pass off the pipe handler. */
3529 reply_pipe_write_and_X(req);
3530 END_PROFILE(SMBwriteX);
3534 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3535 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3536 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3538 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3539 END_PROFILE(SMBwriteX);
3543 if (!CHECK_WRITE(fsp)) {
3544 reply_doserror(req, ERRDOS, ERRbadaccess);
3545 END_PROFILE(SMBwriteX);
3549 data = smb_base(req->inbuf) + smb_doff;
3551 if(req->wct == 14) {
3552 #ifdef LARGE_SMB_OFF_T
3554 * This is a large offset (64 bit) write.
3556 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3558 #else /* !LARGE_SMB_OFF_T */
3561 * Ensure we haven't been sent a >32 bit offset.
3564 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3565 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3566 "used and we don't support 64 bit offsets.\n",
3567 (unsigned int)IVAL(inbuf,smb_vwv12) ));
3568 reply_doserror(req, ERRDOS, ERRbadaccess);
3569 END_PROFILE(SMBwriteX);
3573 #endif /* LARGE_SMB_OFF_T */
3576 if (is_locked(fsp,(uint32)req->smbpid,
3577 (SMB_BIG_UINT)numtowrite,
3578 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3579 reply_doserror(req, ERRDOS, ERRlock);
3580 END_PROFILE(SMBwriteX);
3584 /* X/Open SMB protocol says that, unlike SMBwrite
3585 if the length is zero then NO truncation is
3586 done, just a write of zero. To truncate a file,
3589 if(numtowrite == 0) {
3593 if (schedule_aio_write_and_X(conn, req, fsp, data, startpos,
3595 END_PROFILE(SMBwriteX);
3599 nwritten = write_file(fsp,data,startpos,numtowrite);
3602 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3603 reply_unixerror(req, ERRHRD, ERRdiskfull);
3604 END_PROFILE(SMBwriteX);
3608 reply_outbuf(req, 6, 0);
3609 SSVAL(req->outbuf,smb_vwv2,nwritten);
3611 SSVAL(req->outbuf,smb_vwv4,(nwritten>>16)&1);
3613 if (nwritten < (ssize_t)numtowrite) {
3614 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3615 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3618 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3619 fsp->fnum, (int)numtowrite, (int)nwritten));
3621 status = sync_file(conn, fsp, write_through);
3622 if (!NT_STATUS_IS_OK(status)) {
3623 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
3624 fsp->fsp_name, nt_errstr(status) ));
3625 reply_nterror(req, status);
3626 END_PROFILE(SMBwriteX);
3630 END_PROFILE(SMBwriteX);
3631 chain_reply_new(req);
3635 /****************************************************************************
3637 ****************************************************************************/
3639 int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3645 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3646 START_PROFILE(SMBlseek);
3648 CHECK_FSP(fsp,conn);
3650 flush_write_cache(fsp, SEEK_FLUSH);
3652 mode = SVAL(inbuf,smb_vwv1) & 3;
3653 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3654 startpos = (SMB_OFF_T)IVALS(inbuf,smb_vwv2);
3663 res = fsp->fh->pos + startpos;
3674 if (umode == SEEK_END) {
3675 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
3676 if(errno == EINVAL) {
3677 SMB_OFF_T current_pos = startpos;
3678 SMB_STRUCT_STAT sbuf;
3680 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3681 END_PROFILE(SMBlseek);
3682 return(UNIXERROR(ERRDOS,ERRnoaccess));
3685 current_pos += sbuf.st_size;
3687 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
3692 END_PROFILE(SMBlseek);
3693 return(UNIXERROR(ERRDOS,ERRnoaccess));
3699 outsize = set_message(inbuf,outbuf,2,0,True);
3700 SIVAL(outbuf,smb_vwv0,res);
3702 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
3703 fsp->fnum, (double)startpos, (double)res, mode));
3705 END_PROFILE(SMBlseek);
3709 /****************************************************************************
3711 ****************************************************************************/
3713 void reply_flush(connection_struct *conn, struct smb_request *req)
3718 START_PROFILE(SMBflush);
3721 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3725 fnum = SVAL(req->inbuf,smb_vwv0);
3726 fsp = file_fsp(fnum);
3728 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
3733 file_sync_all(conn);
3735 NTSTATUS status = sync_file(conn, fsp, True);
3736 if (!NT_STATUS_IS_OK(status)) {
3737 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
3738 fsp->fsp_name, nt_errstr(status) ));
3739 reply_nterror(req, status);
3740 END_PROFILE(SMBflush);
3745 reply_outbuf(req, 0, 0);
3747 DEBUG(3,("flush\n"));
3748 END_PROFILE(SMBflush);
3752 /****************************************************************************
3754 conn POINTER CAN BE NULL HERE !
3755 ****************************************************************************/
3757 void reply_exit(connection_struct *conn, struct smb_request *req)
3759 START_PROFILE(SMBexit);
3761 file_close_pid(req->smbpid, req->vuid);
3763 reply_outbuf(req, 0, 0);
3765 DEBUG(3,("exit\n"));
3767 END_PROFILE(SMBexit);
3771 /****************************************************************************
3772 Reply to a close - has to deal with closing a directory opened by NT SMB's.
3773 ****************************************************************************/
3775 void reply_close(connection_struct *conn, struct smb_request *req)
3777 NTSTATUS status = NT_STATUS_OK;
3778 files_struct *fsp = NULL;
3779 START_PROFILE(SMBclose);
3782 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3783 END_PROFILE(SMBclose);
3787 /* If it's an IPC, pass off to the pipe handler. */
3789 reply_pipe_close(conn, req);
3790 END_PROFILE(SMBclose);
3794 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3797 * We can only use CHECK_FSP if we know it's not a directory.
3800 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
3801 reply_doserror(req, ERRDOS, ERRbadfid);
3802 END_PROFILE(SMBclose);
3806 if(fsp->is_directory) {
3808 * Special case - close NT SMB directory handle.
3810 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
3811 status = close_file(fsp,NORMAL_CLOSE);
3814 * Close ordinary file.
3817 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
3818 fsp->fh->fd, fsp->fnum,
3819 conn->num_files_open));
3822 * Take care of any time sent in the close.
3825 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
3826 srv_make_unix_date3(
3827 req->inbuf+smb_vwv1)));
3830 * close_file() returns the unix errno if an error
3831 * was detected on close - normally this is due to
3832 * a disk full error. If not then it was probably an I/O error.
3835 status = close_file(fsp,NORMAL_CLOSE);
3838 if (!NT_STATUS_IS_OK(status)) {
3839 reply_nterror(req, status);
3840 END_PROFILE(SMBclose);
3844 reply_outbuf(req, 0, 0);
3845 END_PROFILE(SMBclose);
3849 /****************************************************************************
3850 Reply to a writeclose (Core+ protocol).
3851 ****************************************************************************/
3853 int reply_writeclose(connection_struct *conn,
3854 char *inbuf,char *outbuf, int size, int dum_buffsize)
3857 ssize_t nwritten = -1;
3859 NTSTATUS close_status = NT_STATUS_OK;
3862 struct timespec mtime;
3863 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3864 START_PROFILE(SMBwriteclose);
3866 CHECK_FSP(fsp,conn);
3867 if (!CHECK_WRITE(fsp)) {
3868 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3871 numtowrite = SVAL(inbuf,smb_vwv1);
3872 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3873 mtime = convert_time_t_to_timespec(srv_make_unix_date3(inbuf+smb_vwv4));
3874 data = smb_buf(inbuf) + 1;
3876 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3877 END_PROFILE(SMBwriteclose);
3878 return ERROR_DOS(ERRDOS,ERRlock);
3881 nwritten = write_file(fsp,data,startpos,numtowrite);
3883 set_filetime(conn, fsp->fsp_name, mtime);
3886 * More insanity. W2K only closes the file if writelen > 0.
3891 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
3893 close_status = close_file(fsp,NORMAL_CLOSE);
3896 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
3897 fsp->fnum, (int)numtowrite, (int)nwritten,
3898 conn->num_files_open));
3900 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3901 END_PROFILE(SMBwriteclose);
3902 return(UNIXERROR(ERRHRD,ERRdiskfull));
3905 if(!NT_STATUS_IS_OK(close_status)) {
3906 END_PROFILE(SMBwriteclose);
3907 return ERROR_NT(close_status);
3910 outsize = set_message(inbuf,outbuf,1,0,True);
3912 SSVAL(outbuf,smb_vwv0,nwritten);
3913 END_PROFILE(SMBwriteclose);
3918 #define DBGC_CLASS DBGC_LOCKING
3920 /****************************************************************************
3922 ****************************************************************************/
3924 int reply_lock(connection_struct *conn,
3925 char *inbuf,char *outbuf, int length, int dum_buffsize)
3927 int outsize = set_message(inbuf,outbuf,0,0,False);
3928 SMB_BIG_UINT count,offset;
3930 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3931 struct byte_range_lock *br_lck = NULL;
3933 START_PROFILE(SMBlock);
3935 CHECK_FSP(fsp,conn);
3937 release_level_2_oplocks_on_change(fsp);
3939 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3940 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3942 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3943 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
3945 br_lck = do_lock(smbd_messaging_context(),
3947 (uint32)SVAL(inbuf,smb_pid),
3952 False, /* Non-blocking lock. */
3956 TALLOC_FREE(br_lck);
3958 if (NT_STATUS_V(status)) {
3959 END_PROFILE(SMBlock);
3960 return ERROR_NT(status);
3963 END_PROFILE(SMBlock);
3967 /****************************************************************************
3969 ****************************************************************************/
3971 int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size,
3974 int outsize = set_message(inbuf,outbuf,0,0,False);
3975 SMB_BIG_UINT count,offset;
3977 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
3978 START_PROFILE(SMBunlock);
3980 CHECK_FSP(fsp,conn);
3982 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3983 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3985 status = do_unlock(smbd_messaging_context(),
3987 (uint32)SVAL(inbuf,smb_pid),
3992 if (NT_STATUS_V(status)) {
3993 END_PROFILE(SMBunlock);
3994 return ERROR_NT(status);
3997 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3998 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4000 END_PROFILE(SMBunlock);
4005 #define DBGC_CLASS DBGC_ALL
4007 /****************************************************************************
4009 conn POINTER CAN BE NULL HERE !
4010 ****************************************************************************/
4012 void reply_tdis(connection_struct *conn, struct smb_request *req)
4014 START_PROFILE(SMBtdis);
4017 DEBUG(4,("Invalid connection in tdis\n"));
4018 reply_doserror(req, ERRSRV, ERRinvnid);
4019 END_PROFILE(SMBtdis);
4025 close_cnum(conn,req->vuid);
4027 reply_outbuf(req, 0, 0);
4028 END_PROFILE(SMBtdis);
4032 /****************************************************************************
4034 conn POINTER CAN BE NULL HERE !
4035 ****************************************************************************/
4037 void reply_echo(connection_struct *conn, struct smb_request *req)
4041 unsigned int data_len = smb_buflen(req->inbuf);
4043 START_PROFILE(SMBecho);
4046 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4047 END_PROFILE(SMBecho);
4051 if (data_len > BUFFER_SIZE) {
4052 DEBUG(0,("reply_echo: data_len too large.\n"));
4053 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4054 END_PROFILE(SMBecho);
4058 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4060 reply_outbuf(req, 1, data_len);
4062 /* copy any incoming data back out */
4064 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4067 if (smb_reverb > 100) {
4068 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4072 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4073 SSVAL(req->outbuf,smb_vwv0,seq_num);
4075 show_msg((char *)req->outbuf);
4076 if (!send_smb(smbd_server_fd(),(char *)req->outbuf))
4077 exit_server_cleanly("reply_echo: send_smb failed.");
4080 DEBUG(3,("echo %d times\n", smb_reverb));
4082 TALLOC_FREE(req->outbuf);
4086 END_PROFILE(SMBecho);
4090 /****************************************************************************
4091 Reply to a printopen.
4092 ****************************************************************************/
4094 int reply_printopen(connection_struct *conn,
4095 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4101 START_PROFILE(SMBsplopen);
4103 if (!CAN_PRINT(conn)) {
4104 END_PROFILE(SMBsplopen);
4105 return ERROR_DOS(ERRDOS,ERRnoaccess);
4108 /* Open for exclusive use, write only. */
4109 status = print_fsp_open(conn, NULL, &fsp);
4111 if (!NT_STATUS_IS_OK(status)) {
4112 END_PROFILE(SMBsplopen);
4113 return(ERROR_NT(status));
4116 outsize = set_message(inbuf,outbuf,1,0,True);
4117 SSVAL(outbuf,smb_vwv0,fsp->fnum);
4119 DEBUG(3,("openprint fd=%d fnum=%d\n",
4120 fsp->fh->fd, fsp->fnum));
4122 END_PROFILE(SMBsplopen);
4126 /****************************************************************************
4127 Reply to a printclose.
4128 ****************************************************************************/
4130 int reply_printclose(connection_struct *conn,
4131 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4133 int outsize = set_message(inbuf,outbuf,0,0,False);
4134 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
4136 START_PROFILE(SMBsplclose);
4138 CHECK_FSP(fsp,conn);
4140 if (!CAN_PRINT(conn)) {
4141 END_PROFILE(SMBsplclose);
4142 return ERROR_NT(NT_STATUS_DOS(ERRSRV, ERRerror));
4145 DEBUG(3,("printclose fd=%d fnum=%d\n",
4146 fsp->fh->fd,fsp->fnum));
4148 status = close_file(fsp,NORMAL_CLOSE);
4150 if(!NT_STATUS_IS_OK(status)) {
4151 END_PROFILE(SMBsplclose);
4152 return ERROR_NT(status);
4155 END_PROFILE(SMBsplclose);
4159 /****************************************************************************
4160 Reply to a printqueue.
4161 ****************************************************************************/
4163 int reply_printqueue(connection_struct *conn,
4164 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4166 int outsize = set_message(inbuf,outbuf,2,3,True);
4167 int max_count = SVAL(inbuf,smb_vwv0);
4168 int start_index = SVAL(inbuf,smb_vwv1);
4169 START_PROFILE(SMBsplretq);
4171 /* we used to allow the client to get the cnum wrong, but that
4172 is really quite gross and only worked when there was only
4173 one printer - I think we should now only accept it if they
4174 get it right (tridge) */
4175 if (!CAN_PRINT(conn)) {
4176 END_PROFILE(SMBsplretq);
4177 return ERROR_DOS(ERRDOS,ERRnoaccess);
4180 SSVAL(outbuf,smb_vwv0,0);
4181 SSVAL(outbuf,smb_vwv1,0);
4182 SCVAL(smb_buf(outbuf),0,1);
4183 SSVAL(smb_buf(outbuf),1,0);
4185 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4186 start_index, max_count));
4189 print_queue_struct *queue = NULL;
4190 print_status_struct status;
4191 char *p = smb_buf(outbuf) + 3;
4192 int count = print_queue_status(SNUM(conn), &queue, &status);
4193 int num_to_get = ABS(max_count);
4194 int first = (max_count>0?start_index:start_index+max_count+1);
4200 num_to_get = MIN(num_to_get,count-first);
4203 for (i=first;i<first+num_to_get;i++) {
4204 srv_put_dos_date2(p,0,queue[i].time);
4205 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4206 SSVAL(p,5, queue[i].job);
4207 SIVAL(p,7,queue[i].size);
4209 srvstr_push(outbuf, SVAL(outbuf, smb_flg2), p+12,
4210 queue[i].fs_user, 16, STR_ASCII);
4215 outsize = set_message(inbuf,outbuf,2,28*count+3,False);
4216 SSVAL(outbuf,smb_vwv0,count);
4217 SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1));
4218 SCVAL(smb_buf(outbuf),0,1);
4219 SSVAL(smb_buf(outbuf),1,28*count);
4224 DEBUG(3,("%d entries returned in queue\n",count));
4227 END_PROFILE(SMBsplretq);
4231 /****************************************************************************
4232 Reply to a printwrite.
4233 ****************************************************************************/
4235 int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4238 int outsize = set_message(inbuf,outbuf,0,0,False);
4240 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
4242 START_PROFILE(SMBsplwr);
4244 if (!CAN_PRINT(conn)) {
4245 END_PROFILE(SMBsplwr);
4246 return ERROR_DOS(ERRDOS,ERRnoaccess);
4249 CHECK_FSP(fsp,conn);
4250 if (!CHECK_WRITE(fsp)) {
4251 return(ERROR_DOS(ERRDOS,ERRbadaccess));
4254 numtowrite = SVAL(smb_buf(inbuf),1);
4255 data = smb_buf(inbuf) + 3;
4257 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
4258 END_PROFILE(SMBsplwr);
4259 return(UNIXERROR(ERRHRD,ERRdiskfull));
4262 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4264 END_PROFILE(SMBsplwr);
4268 /****************************************************************************
4270 ****************************************************************************/
4272 void reply_mkdir(connection_struct *conn, struct smb_request *req)
4276 SMB_STRUCT_STAT sbuf;
4278 START_PROFILE(SMBmkdir);
4280 srvstr_get_path((char *)req->inbuf, req->flags2, directory,
4281 smb_buf(req->inbuf) + 1, sizeof(directory), 0,
4282 STR_TERMINATE, &status);
4283 if (!NT_STATUS_IS_OK(status)) {
4284 reply_nterror(req, status);
4285 END_PROFILE(SMBmkdir);
4289 status = resolve_dfspath(conn,
4290 req->flags2 & FLAGS2_DFS_PATHNAMES,
4292 if (!NT_STATUS_IS_OK(status)) {
4293 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4294 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4295 ERRSRV, ERRbadpath);
4296 END_PROFILE(SMBmkdir);
4299 reply_nterror(req, status);
4300 END_PROFILE(SMBmkdir);
4304 status = unix_convert(conn, directory, False, NULL, &sbuf);
4305 if (!NT_STATUS_IS_OK(status)) {
4306 reply_nterror(req, status);
4307 END_PROFILE(SMBmkdir);
4311 status = check_name(conn, directory);
4312 if (!NT_STATUS_IS_OK(status)) {
4313 reply_nterror(req, status);
4314 END_PROFILE(SMBmkdir);
4318 status = create_directory(conn, directory);
4320 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4322 if (!NT_STATUS_IS_OK(status)) {
4324 if (!use_nt_status()
4325 && NT_STATUS_EQUAL(status,
4326 NT_STATUS_OBJECT_NAME_COLLISION)) {
4328 * Yes, in the DOS error code case we get a
4329 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4330 * samba4 torture test.
4332 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4335 reply_nterror(req, status);
4336 END_PROFILE(SMBmkdir);
4340 reply_outbuf(req, 0, 0);
4342 DEBUG( 3, ( "mkdir %s\n", directory ) );
4344 END_PROFILE(SMBmkdir);
4348 /****************************************************************************
4349 Static function used by reply_rmdir to delete an entire directory
4350 tree recursively. Return True on ok, False on fail.
4351 ****************************************************************************/
4353 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
4355 const char *dname = NULL;
4358 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4363 while((dname = ReadDirName(dir_hnd, &offset))) {
4367 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4370 if (!is_visible_file(conn, directory, dname, &st, False))
4373 /* Construct the full name. */
4374 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4380 pstrcpy(fullname, directory);
4381 pstrcat(fullname, "/");
4382 pstrcat(fullname, dname);
4384 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4389 if(st.st_mode & S_IFDIR) {
4390 if(!recursive_rmdir(conn, fullname)) {
4394 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4398 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4407 /****************************************************************************
4408 The internals of the rmdir code - called elsewhere.
4409 ****************************************************************************/
4411 NTSTATUS rmdir_internals(connection_struct *conn, const char *directory)
4416 /* Might be a symlink. */
4417 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4418 return map_nt_error_from_unix(errno);
4421 if (S_ISLNK(st.st_mode)) {
4422 /* Is what it points to a directory ? */
4423 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4424 return map_nt_error_from_unix(errno);
4426 if (!(S_ISDIR(st.st_mode))) {
4427 return NT_STATUS_NOT_A_DIRECTORY;
4429 ret = SMB_VFS_UNLINK(conn,directory);
4431 ret = SMB_VFS_RMDIR(conn,directory);
4434 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4435 FILE_NOTIFY_CHANGE_DIR_NAME,
4437 return NT_STATUS_OK;
4440 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4442 * Check to see if the only thing in this directory are
4443 * vetoed files/directories. If so then delete them and
4444 * retry. If we fail to delete any of them (and we *don't*
4445 * do a recursive delete) then fail the rmdir.
4449 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4451 if(dir_hnd == NULL) {
4456 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4457 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4459 if (!is_visible_file(conn, directory, dname, &st, False))
4461 if(!IS_VETO_PATH(conn, dname)) {
4468 /* We only have veto files/directories. Recursive delete. */
4470 RewindDir(dir_hnd,&dirpos);
4471 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4474 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4476 if (!is_visible_file(conn, directory, dname, &st, False))
4479 /* Construct the full name. */
4480 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4485 pstrcpy(fullname, directory);
4486 pstrcat(fullname, "/");
4487 pstrcat(fullname, dname);
4489 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
4491 if(st.st_mode & S_IFDIR) {
4492 if(lp_recursive_veto_delete(SNUM(conn))) {
4493 if(!recursive_rmdir(conn, fullname))
4496 if(SMB_VFS_RMDIR(conn,fullname) != 0)
4498 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
4502 /* Retry the rmdir */
4503 ret = SMB_VFS_RMDIR(conn,directory);
4509 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
4510 "%s\n", directory,strerror(errno)));
4511 return map_nt_error_from_unix(errno);
4514 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4515 FILE_NOTIFY_CHANGE_DIR_NAME,
4518 return NT_STATUS_OK;
4521 /****************************************************************************
4523 ****************************************************************************/
4525 void reply_rmdir(connection_struct *conn, struct smb_request *req)
4528 SMB_STRUCT_STAT sbuf;
4530 START_PROFILE(SMBrmdir);
4532 srvstr_get_path((char *)req->inbuf, req->flags2, directory,
4533 smb_buf(req->inbuf) + 1, sizeof(directory), 0,
4534 STR_TERMINATE, &status);
4535 if (!NT_STATUS_IS_OK(status)) {
4536 reply_nterror(req, status);
4537 END_PROFILE(SMBrmdir);
4541 status = resolve_dfspath(conn,
4542 req->flags2 & FLAGS2_DFS_PATHNAMES,
4544 if (!NT_STATUS_IS_OK(status)) {
4545 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4546 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4547 ERRSRV, ERRbadpath);
4548 END_PROFILE(SMBrmdir);
4551 reply_nterror(req, status);
4552 END_PROFILE(SMBrmdir);
4556 status = unix_convert(conn, directory, False, NULL, &sbuf);
4557 if (!NT_STATUS_IS_OK(status)) {
4558 reply_nterror(req, status);
4559 END_PROFILE(SMBrmdir);
4563 status = check_name(conn, directory);
4564 if (!NT_STATUS_IS_OK(status)) {
4565 reply_nterror(req, status);
4566 END_PROFILE(SMBrmdir);
4570 dptr_closepath(directory, req->smbpid);
4571 status = rmdir_internals(conn, directory);
4572 if (!NT_STATUS_IS_OK(status)) {
4573 reply_nterror(req, status);
4574 END_PROFILE(SMBrmdir);
4578 reply_outbuf(req, 0, 0);
4580 DEBUG( 3, ( "rmdir %s\n", directory ) );
4582 END_PROFILE(SMBrmdir);
4586 /*******************************************************************
4587 Resolve wildcards in a filename rename.
4588 Note that name is in UNIX charset and thus potentially can be more
4589 than fstring buffer (255 bytes) especially in default UTF-8 case.
4590 Therefore, we use pstring inside and all calls should ensure that
4591 name2 is at least pstring-long (they do already)
4592 ********************************************************************/
4594 static BOOL resolve_wildcards(const char *name1, char *name2)
4596 pstring root1,root2;
4598 char *p,*p2, *pname1, *pname2;
4599 int available_space, actual_space;
4601 pname1 = strrchr_m(name1,'/');
4602 pname2 = strrchr_m(name2,'/');
4604 if (!pname1 || !pname2)
4607 pstrcpy(root1,pname1);
4608 pstrcpy(root2,pname2);
4609 p = strrchr_m(root1,'.');
4616 p = strrchr_m(root2,'.');
4630 } else if (*p2 == '*') {
4646 } else if (*p2 == '*') {
4656 available_space = sizeof(pstring) - PTR_DIFF(pname2, name2);
4659 actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
4660 if (actual_space >= available_space - 1) {
4661 DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n",
4662 actual_space - available_space));
4665 pstrcpy_base(pname2, root2, name2);
4671 /****************************************************************************
4672 Ensure open files have their names updated. Updated to notify other smbd's
4674 ****************************************************************************/
4676 static void rename_open_files(connection_struct *conn,
4677 struct share_mode_lock *lck,
4678 const char *newname)
4681 BOOL did_rename = False;
4683 for(fsp = file_find_di_first(lck->id); fsp;
4684 fsp = file_find_di_next(fsp)) {
4685 /* fsp_name is a relative path under the fsp. To change this for other
4686 sharepaths we need to manipulate relative paths. */
4687 /* TODO - create the absolute path and manipulate the newname
4688 relative to the sharepath. */
4689 if (fsp->conn != conn) {
4692 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
4693 fsp->fnum, file_id_static_string(&fsp->file_id),
4694 fsp->fsp_name, newname ));
4695 string_set(&fsp->fsp_name, newname);
4700 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
4701 file_id_static_string(&lck->id), newname ));
4704 /* Send messages to all smbd's (not ourself) that the name has changed. */
4705 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
4709 /****************************************************************************
4710 We need to check if the source path is a parent directory of the destination
4711 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
4712 refuse the rename with a sharing violation. Under UNIX the above call can
4713 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
4714 probably need to check that the client is a Windows one before disallowing
4715 this as a UNIX client (one with UNIX extensions) can know the source is a
4716 symlink and make this decision intelligently. Found by an excellent bug
4717 report from <AndyLiebman@aol.com>.
4718 ****************************************************************************/
4720 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
4722 const char *psrc = src;
4723 const char *pdst = dest;
4726 if (psrc[0] == '.' && psrc[1] == '/') {
4729 if (pdst[0] == '.' && pdst[1] == '/') {
4732 if ((slen = strlen(psrc)) > strlen(pdst)) {
4735 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
4739 * Do the notify calls from a rename
4742 static void notify_rename(connection_struct *conn, BOOL is_dir,
4743 const char *oldpath, const char *newpath)
4745 char *olddir, *newdir;
4746 const char *oldname, *newname;
4749 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
4750 : FILE_NOTIFY_CHANGE_FILE_NAME;
4752 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
4753 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
4754 TALLOC_FREE(olddir);
4758 if (strcmp(olddir, newdir) == 0) {
4759 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
4760 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
4763 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
4764 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
4766 TALLOC_FREE(olddir);
4767 TALLOC_FREE(newdir);
4769 /* this is a strange one. w2k3 gives an additional event for
4770 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
4771 files, but not directories */
4773 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
4774 FILE_NOTIFY_CHANGE_ATTRIBUTES
4775 |FILE_NOTIFY_CHANGE_CREATION,
4780 /****************************************************************************
4781 Rename an open file - given an fsp.
4782 ****************************************************************************/
4784 NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, pstring newname, uint32 attrs, BOOL replace_if_exists)
4786 SMB_STRUCT_STAT sbuf, sbuf1;
4787 pstring newname_last_component;
4788 NTSTATUS status = NT_STATUS_OK;
4789 struct share_mode_lock *lck = NULL;
4794 status = unix_convert(conn, newname, False, newname_last_component, &sbuf);
4796 /* If an error we expect this to be NT_STATUS_OBJECT_PATH_NOT_FOUND */
4798 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(NT_STATUS_OBJECT_PATH_NOT_FOUND, status)) {
4802 status = check_name(conn, newname);
4803 if (!NT_STATUS_IS_OK(status)) {
4807 /* Ensure newname contains a '/' */
4808 if(strrchr_m(newname,'/') == 0) {
4811 pstrcpy(tmpstr, "./");
4812 pstrcat(tmpstr, newname);
4813 pstrcpy(newname, tmpstr);
4817 * Check for special case with case preserving and not
4818 * case sensitive. If the old last component differs from the original
4819 * last component only by case, then we should allow
4820 * the rename (user is trying to change the case of the
4824 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
4825 strequal(newname, fsp->fsp_name)) {
4827 pstring newname_modified_last_component;
4830 * Get the last component of the modified name.
4831 * Note that we guarantee that newname contains a '/'
4834 p = strrchr_m(newname,'/');
4835 pstrcpy(newname_modified_last_component,p+1);
4837 if(strcsequal(newname_modified_last_component,
4838 newname_last_component) == False) {
4840 * Replace the modified last component with
4843 pstrcpy(p+1, newname_last_component);
4848 * If the src and dest names are identical - including case,
4849 * don't do the rename, just return success.
4852 if (strcsequal(fsp->fsp_name, newname)) {
4853 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
4855 return NT_STATUS_OK;
4859 * Have vfs_object_exist also fill sbuf1
4861 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
4863 if(!replace_if_exists && dst_exists) {
4864 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
4865 fsp->fsp_name,newname));
4866 return NT_STATUS_OBJECT_NAME_COLLISION;
4870 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
4871 files_struct *dst_fsp = file_find_di_first(fileid);
4873 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
4874 return NT_STATUS_ACCESS_DENIED;
4878 /* Ensure we have a valid stat struct for the source. */
4879 if (fsp->fh->fd != -1) {
4880 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) == -1) {
4881 return map_nt_error_from_unix(errno);
4884 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
4885 return map_nt_error_from_unix(errno);
4889 status = can_rename(conn, fsp, attrs, &sbuf);
4891 if (!NT_STATUS_IS_OK(status)) {
4892 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
4893 nt_errstr(status), fsp->fsp_name,newname));
4894 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
4895 status = NT_STATUS_ACCESS_DENIED;
4899 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
4900 return NT_STATUS_ACCESS_DENIED;
4903 lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
4906 * We have the file open ourselves, so not being able to get the
4907 * corresponding share mode lock is a fatal error.
4910 SMB_ASSERT(lck != NULL);
4912 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
4913 uint32 create_options = fsp->fh->private_options;
4915 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
4916 fsp->fsp_name,newname));
4918 rename_open_files(conn, lck, newname);
4920 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
4923 * A rename acts as a new file create w.r.t. allowing an initial delete
4924 * on close, probably because in Windows there is a new handle to the
4925 * new file. If initial delete on close was requested but not
4926 * originally set, we need to set it here. This is probably not 100% correct,
4927 * but will work for the CIFSFS client which in non-posix mode
4928 * depends on these semantics. JRA.
4931 set_allow_initial_delete_on_close(lck, fsp, True);
4933 if (create_options & FILE_DELETE_ON_CLOSE) {
4934 status = can_set_delete_on_close(fsp, True, 0);
4936 if (NT_STATUS_IS_OK(status)) {
4937 /* Note that here we set the *inital* delete on close flag,
4938 * not the regular one. The magic gets handled in close. */
4939 fsp->initial_delete_on_close = True;
4943 return NT_STATUS_OK;
4948 if (errno == ENOTDIR || errno == EISDIR) {
4949 status = NT_STATUS_OBJECT_NAME_COLLISION;
4951 status = map_nt_error_from_unix(errno);
4954 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
4955 nt_errstr(status), fsp->fsp_name,newname));
4960 /****************************************************************************
4961 The guts of the rename command, split out so it may be called by the NT SMB
4963 ****************************************************************************/
4965 NTSTATUS rename_internals(connection_struct *conn, struct smb_request *req,
4969 BOOL replace_if_exists,
4975 pstring last_component_src;
4976 pstring last_component_dest;
4979 NTSTATUS status = NT_STATUS_OK;
4980 SMB_STRUCT_STAT sbuf1, sbuf2;
4981 struct smb_Dir *dir_hnd = NULL;
4986 *directory = *mask = 0;
4991 status = unix_convert(conn, name, src_has_wild, last_component_src, &sbuf1);
4992 if (!NT_STATUS_IS_OK(status)) {
4996 status = unix_convert(conn, newname, dest_has_wild, last_component_dest, &sbuf2);
4997 if (!NT_STATUS_IS_OK(status)) {
5002 * Split the old name into directory and last component
5003 * strings. Note that unix_convert may have stripped off a
5004 * leading ./ from both name and newname if the rename is
5005 * at the root of the share. We need to make sure either both
5006 * name and newname contain a / character or neither of them do
5007 * as this is checked in resolve_wildcards().
5010 p = strrchr_m(name,'/');
5012 pstrcpy(directory,".");
5016 pstrcpy(directory,name);
5018 *p = '/'; /* Replace needed for exceptional test below. */
5022 * We should only check the mangled cache
5023 * here if unix_convert failed. This means
5024 * that the path in 'mask' doesn't exist
5025 * on the file system and so we need to look
5026 * for a possible mangle. This patch from
5027 * Tine Smukavec <valentin.smukavec@hermes.si>.
5030 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5031 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
5034 if (!src_has_wild) {
5038 * No wildcards - just process the one file.
5040 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
5042 /* Add a terminating '/' to the directory name. */
5043 pstrcat(directory,"/");
5044 pstrcat(directory,mask);
5046 /* Ensure newname contains a '/' also */
5047 if(strrchr_m(newname,'/') == 0) {
5050 pstrcpy(tmpstr, "./");
5051 pstrcat(tmpstr, newname);
5052 pstrcpy(newname, tmpstr);
5055 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5056 "case_preserve = %d, short case preserve = %d, "
5057 "directory = %s, newname = %s, "
5058 "last_component_dest = %s, is_8_3 = %d\n",
5059 conn->case_sensitive, conn->case_preserve,
5060 conn->short_case_preserve, directory,
5061 newname, last_component_dest, is_short_name));
5063 /* The dest name still may have wildcards. */
5064 if (dest_has_wild) {
5065 if (!resolve_wildcards(directory,newname)) {
5066 DEBUG(6, ("rename_internals: resolve_wildcards %s %s failed\n",
5067 directory,newname));
5068 return NT_STATUS_NO_MEMORY;
5073 SMB_VFS_STAT(conn, directory, &sbuf1);
5075 status = S_ISDIR(sbuf1.st_mode) ?
5076 open_directory(conn, req, directory, &sbuf1,
5078 FILE_SHARE_READ|FILE_SHARE_WRITE,
5079 FILE_OPEN, 0, 0, NULL,
5081 : open_file_ntcreate(conn, req, directory, &sbuf1,
5083 FILE_SHARE_READ|FILE_SHARE_WRITE,
5084 FILE_OPEN, 0, 0, 0, NULL,
5087 if (!NT_STATUS_IS_OK(status)) {
5088 DEBUG(3, ("Could not open rename source %s: %s\n",
5089 directory, nt_errstr(status)));
5093 status = rename_internals_fsp(conn, fsp, newname, attrs,
5096 close_file(fsp, NORMAL_CLOSE);
5098 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5099 nt_errstr(status), directory,newname));
5105 * Wildcards - process each file that matches.
5107 if (strequal(mask,"????????.???")) {
5111 status = check_name(conn, directory);
5112 if (!NT_STATUS_IS_OK(status)) {
5116 dir_hnd = OpenDir(conn, directory, mask, attrs);
5117 if (dir_hnd == NULL) {
5118 return map_nt_error_from_unix(errno);
5121 status = NT_STATUS_NO_SUCH_FILE;
5123 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5124 * - gentest fix. JRA
5127 while ((dname = ReadDirName(dir_hnd, &offset))) {
5130 BOOL sysdir_entry = False;
5132 pstrcpy(fname,dname);
5134 /* Quick check for "." and ".." */
5135 if (fname[0] == '.') {
5136 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
5138 sysdir_entry = True;
5145 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5149 if(!mask_match(fname, mask, conn->case_sensitive)) {
5154 status = NT_STATUS_OBJECT_NAME_INVALID;
5158 slprintf(fname, sizeof(fname)-1, "%s/%s", directory, dname);
5160 pstrcpy(destname,newname);
5162 if (!resolve_wildcards(fname,destname)) {
5163 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5169 SMB_VFS_STAT(conn, fname, &sbuf1);
5171 status = S_ISDIR(sbuf1.st_mode) ?
5172 open_directory(conn, req, fname, &sbuf1,
5174 FILE_SHARE_READ|FILE_SHARE_WRITE,
5175 FILE_OPEN, 0, 0, NULL,
5177 : open_file_ntcreate(conn, req, fname, &sbuf1,
5179 FILE_SHARE_READ|FILE_SHARE_WRITE,
5180 FILE_OPEN, 0, 0, 0, NULL,
5183 if (!NT_STATUS_IS_OK(status)) {
5184 DEBUG(3,("rename_internals: open_file_ntcreate "
5185 "returned %s rename %s -> %s\n",
5186 nt_errstr(status), directory, newname));
5190 status = rename_internals_fsp(conn, fsp, destname, attrs,
5193 close_file(fsp, NORMAL_CLOSE);
5195 if (!NT_STATUS_IS_OK(status)) {
5196 DEBUG(3, ("rename_internals_fsp returned %s for "
5197 "rename %s -> %s\n", nt_errstr(status),
5198 directory, newname));
5204 DEBUG(3,("rename_internals: doing rename on %s -> "
5205 "%s\n",fname,destname));
5209 if (count == 0 && NT_STATUS_IS_OK(status)) {
5210 status = map_nt_error_from_unix(errno);
5216 /****************************************************************************
5218 ****************************************************************************/
5220 void reply_mv(connection_struct *conn, struct smb_request *req)
5227 BOOL src_has_wcard = False;
5228 BOOL dest_has_wcard = False;
5230 START_PROFILE(SMBmv);
5233 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5238 attrs = SVAL(req->inbuf,smb_vwv0);
5240 p = smb_buf(req->inbuf) + 1;
5241 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, name, p,
5242 sizeof(name), 0, STR_TERMINATE, &status,
5244 if (!NT_STATUS_IS_OK(status)) {
5245 reply_nterror(req, status);
5250 p += srvstr_get_path_wcard((char *)req->inbuf, req->flags2, newname, p,
5251 sizeof(newname), 0, STR_TERMINATE, &status,
5253 if (!NT_STATUS_IS_OK(status)) {
5254 reply_nterror(req, status);
5259 status = resolve_dfspath_wcard(conn,
5260 req->flags2 & FLAGS2_DFS_PATHNAMES,
5261 name, &src_has_wcard);
5262 if (!NT_STATUS_IS_OK(status)) {
5263 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5264 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5265 ERRSRV, ERRbadpath);
5269 reply_nterror(req, status);
5274 status = resolve_dfspath_wcard(conn,
5275 req->flags2 & FLAGS2_DFS_PATHNAMES,
5276 newname, &dest_has_wcard);
5277 if (!NT_STATUS_IS_OK(status)) {
5278 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5279 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5280 ERRSRV, ERRbadpath);
5284 reply_nterror(req, status);
5289 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5291 status = rename_internals(conn, req, name, newname, attrs, False,
5292 src_has_wcard, dest_has_wcard);
5293 if (!NT_STATUS_IS_OK(status)) {
5294 if (open_was_deferred(req->mid)) {
5295 /* We have re-scheduled this call. */
5299 reply_nterror(req, status);
5304 reply_outbuf(req, 0, 0);
5310 /*******************************************************************
5311 Copy a file as part of a reply_copy.
5312 ******************************************************************/
5315 * TODO: check error codes on all callers
5318 NTSTATUS copy_file(connection_struct *conn,
5323 BOOL target_is_directory)
5325 SMB_STRUCT_STAT src_sbuf, sbuf2;
5327 files_struct *fsp1,*fsp2;
5330 uint32 new_create_disposition;
5333 pstrcpy(dest,dest1);
5334 if (target_is_directory) {
5335 char *p = strrchr_m(src,'/');
5345 if (!vfs_file_exist(conn,src,&src_sbuf)) {
5346 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
5349 if (!target_is_directory && count) {
5350 new_create_disposition = FILE_OPEN;
5352 if (!map_open_params_to_ntcreate(dest1,0,ofun,
5353 NULL, NULL, &new_create_disposition, NULL)) {
5354 return NT_STATUS_INVALID_PARAMETER;
5358 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
5360 FILE_SHARE_READ|FILE_SHARE_WRITE,
5363 FILE_ATTRIBUTE_NORMAL,
5367 if (!NT_STATUS_IS_OK(status)) {
5371 dosattrs = dos_mode(conn, src, &src_sbuf);
5372 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
5373 ZERO_STRUCTP(&sbuf2);
5376 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
5378 FILE_SHARE_READ|FILE_SHARE_WRITE,
5379 new_create_disposition,
5385 if (!NT_STATUS_IS_OK(status)) {
5386 close_file(fsp1,ERROR_CLOSE);
5390 if ((ofun&3) == 1) {
5391 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
5392 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
5394 * Stop the copy from occurring.
5397 src_sbuf.st_size = 0;
5401 if (src_sbuf.st_size) {
5402 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
5405 close_file(fsp1,NORMAL_CLOSE);
5407 /* Ensure the modtime is set correctly on the destination file. */
5408 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
5411 * As we are opening fsp1 read-only we only expect
5412 * an error on close on fsp2 if we are out of space.
5413 * Thus we don't look at the error return from the
5416 status = close_file(fsp2,NORMAL_CLOSE);
5418 if (!NT_STATUS_IS_OK(status)) {
5422 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
5423 return NT_STATUS_DISK_FULL;
5426 return NT_STATUS_OK;
5429 /****************************************************************************
5430 Reply to a file copy.
5431 ****************************************************************************/
5433 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5438 pstring mask,newname;
5441 int error = ERRnoaccess;
5443 int tid2 = SVAL(inbuf,smb_vwv0);
5444 int ofun = SVAL(inbuf,smb_vwv1);
5445 int flags = SVAL(inbuf,smb_vwv2);
5446 BOOL target_is_directory=False;
5447 BOOL source_has_wild = False;
5448 BOOL dest_has_wild = False;
5449 SMB_STRUCT_STAT sbuf1, sbuf2;
5451 START_PROFILE(SMBcopy);
5453 *directory = *mask = 0;
5456 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), name, p,
5457 sizeof(name), 0, STR_TERMINATE, &status,
5459 if (!NT_STATUS_IS_OK(status)) {
5460 END_PROFILE(SMBcopy);
5461 return ERROR_NT(status);
5463 p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), newname, p,
5464 sizeof(newname), 0, STR_TERMINATE, &status,
5466 if (!NT_STATUS_IS_OK(status)) {
5467 END_PROFILE(SMBcopy);
5468 return ERROR_NT(status);
5471 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
5473 if (tid2 != conn->cnum) {
5474 /* can't currently handle inter share copies XXXX */
5475 DEBUG(3,("Rejecting inter-share copy\n"));
5476 END_PROFILE(SMBcopy);
5477 return ERROR_DOS(ERRSRV,ERRinvdevice);
5480 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, name, &source_has_wild);
5481 if (!NT_STATUS_IS_OK(status)) {
5482 END_PROFILE(SMBcopy);
5483 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5484 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5486 return ERROR_NT(status);
5489 status = resolve_dfspath_wcard(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, newname, &dest_has_wild);
5490 if (!NT_STATUS_IS_OK(status)) {
5491 END_PROFILE(SMBcopy);
5492 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5493 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5495 return ERROR_NT(status);
5498 status = unix_convert(conn, name, source_has_wild, NULL, &sbuf1);
5499 if (!NT_STATUS_IS_OK(status)) {
5500 END_PROFILE(SMBcopy);
5501 return ERROR_NT(status);
5504 status = unix_convert(conn, newname, dest_has_wild, NULL, &sbuf2);
5505 if (!NT_STATUS_IS_OK(status)) {
5506 END_PROFILE(SMBcopy);
5507 return ERROR_NT(status);
5510 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
5512 if ((flags&1) && target_is_directory) {
5513 END_PROFILE(SMBcopy);
5514 return ERROR_DOS(ERRDOS,ERRbadfile);
5517 if ((flags&2) && !target_is_directory) {
5518 END_PROFILE(SMBcopy);
5519 return ERROR_DOS(ERRDOS,ERRbadpath);
5522 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
5523 /* wants a tree copy! XXXX */
5524 DEBUG(3,("Rejecting tree copy\n"));
5525 END_PROFILE(SMBcopy);
5526 return ERROR_DOS(ERRSRV,ERRerror);
5529 p = strrchr_m(name,'/');
5531 pstrcpy(directory,"./");
5535 pstrcpy(directory,name);
5540 * We should only check the mangled cache
5541 * here if unix_convert failed. This means
5542 * that the path in 'mask' doesn't exist
5543 * on the file system and so we need to look
5544 * for a possible mangle. This patch from
5545 * Tine Smukavec <valentin.smukavec@hermes.si>.
5548 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5549 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
5552 if (!source_has_wild) {
5553 pstrcat(directory,"/");
5554 pstrcat(directory,mask);
5555 if (dest_has_wild) {
5556 if (!resolve_wildcards(directory,newname)) {
5557 END_PROFILE(SMBcopy);
5558 return ERROR_NT(NT_STATUS_NO_MEMORY);
5562 status = check_name(conn, directory);
5563 if (!NT_STATUS_IS_OK(status)) {
5564 return ERROR_NT(status);
5567 status = check_name(conn, newname);
5568 if (!NT_STATUS_IS_OK(status)) {
5569 return ERROR_NT(status);
5572 status = copy_file(conn,directory,newname,ofun,
5573 count,target_is_directory);
5575 if(!NT_STATUS_IS_OK(status)) {
5576 END_PROFILE(SMBcopy);
5577 return ERROR_NT(status);
5582 struct smb_Dir *dir_hnd = NULL;
5587 if (strequal(mask,"????????.???"))
5590 status = check_name(conn, directory);
5591 if (!NT_STATUS_IS_OK(status)) {
5592 return ERROR_NT(status);
5595 dir_hnd = OpenDir(conn, directory, mask, 0);
5596 if (dir_hnd == NULL) {
5597 status = map_nt_error_from_unix(errno);
5598 return ERROR_NT(status);
5603 while ((dname = ReadDirName(dir_hnd, &offset))) {
5605 pstrcpy(fname,dname);
5607 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5611 if(!mask_match(fname, mask, conn->case_sensitive)) {
5615 error = ERRnoaccess;
5616 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
5617 pstrcpy(destname,newname);
5618 if (!resolve_wildcards(fname,destname)) {
5622 status = check_name(conn, fname);
5623 if (!NT_STATUS_IS_OK(status)) {
5624 return ERROR_NT(status);
5627 status = check_name(conn, destname);
5628 if (!NT_STATUS_IS_OK(status)) {
5629 return ERROR_NT(status);
5632 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
5634 status = copy_file(conn,fname,destname,ofun,
5635 count,target_is_directory);
5636 if (NT_STATUS_IS_OK(status)) {
5645 /* Error on close... */
5647 END_PROFILE(SMBcopy);
5648 return(UNIXERROR(ERRHRD,ERRgeneral));
5651 END_PROFILE(SMBcopy);
5652 return ERROR_DOS(ERRDOS,error);
5655 outsize = set_message(inbuf,outbuf,1,0,True);
5656 SSVAL(outbuf,smb_vwv0,count);
5658 END_PROFILE(SMBcopy);
5662 /****************************************************************************
5664 ****************************************************************************/
5666 int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5673 START_PROFILE(pathworks_setdir);
5676 if (!CAN_SETDIR(snum)) {
5677 END_PROFILE(pathworks_setdir);
5678 return ERROR_DOS(ERRDOS,ERRnoaccess);
5681 srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), newdir,
5682 smb_buf(inbuf) + 1, sizeof(newdir), 0, STR_TERMINATE,
5684 if (!NT_STATUS_IS_OK(status)) {
5685 END_PROFILE(pathworks_setdir);
5686 return ERROR_NT(status);
5689 status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, newdir);
5690 if (!NT_STATUS_IS_OK(status)) {
5691 END_PROFILE(pathworks_setdir);
5692 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5693 return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
5695 return ERROR_NT(status);
5698 if (strlen(newdir) != 0) {
5699 if (!vfs_directory_exist(conn,newdir,NULL)) {
5700 END_PROFILE(pathworks_setdir);
5701 return ERROR_DOS(ERRDOS,ERRbadpath);
5703 set_conn_connectpath(conn,newdir);
5706 outsize = set_message(inbuf,outbuf,0,0,False);
5707 SCVAL(outbuf,smb_reh,CVAL(inbuf,smb_reh));
5709 DEBUG(3,("setdir %s\n", newdir));
5711 END_PROFILE(pathworks_setdir);
5716 #define DBGC_CLASS DBGC_LOCKING
5718 /****************************************************************************
5719 Get a lock pid, dealing with large count requests.
5720 ****************************************************************************/
5722 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
5724 if(!large_file_format)
5725 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
5727 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
5730 /****************************************************************************
5731 Get a lock count, dealing with large count requests.
5732 ****************************************************************************/
5734 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
5736 SMB_BIG_UINT count = 0;
5738 if(!large_file_format) {
5739 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
5742 #if defined(HAVE_LONGLONG)
5743 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
5744 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
5745 #else /* HAVE_LONGLONG */
5748 * NT4.x seems to be broken in that it sends large file (64 bit)
5749 * lockingX calls even if the CAP_LARGE_FILES was *not*
5750 * negotiated. For boxes without large unsigned ints truncate the
5751 * lock count by dropping the top 32 bits.
5754 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
5755 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
5756 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
5757 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
5758 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
5761 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
5762 #endif /* HAVE_LONGLONG */
5768 #if !defined(HAVE_LONGLONG)
5769 /****************************************************************************
5770 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
5771 ****************************************************************************/
5773 static uint32 map_lock_offset(uint32 high, uint32 low)
5777 uint32 highcopy = high;
5780 * Try and find out how many significant bits there are in high.
5783 for(i = 0; highcopy; i++)
5787 * We use 31 bits not 32 here as POSIX
5788 * lock offsets may not be negative.
5791 mask = (~0) << (31 - i);
5794 return 0; /* Fail. */
5800 #endif /* !defined(HAVE_LONGLONG) */
5802 /****************************************************************************
5803 Get a lock offset, dealing with large offset requests.
5804 ****************************************************************************/
5806 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
5808 SMB_BIG_UINT offset = 0;
5812 if(!large_file_format) {
5813 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
5816 #if defined(HAVE_LONGLONG)
5817 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
5818 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
5819 #else /* HAVE_LONGLONG */
5822 * NT4.x seems to be broken in that it sends large file (64 bit)
5823 * lockingX calls even if the CAP_LARGE_FILES was *not*
5824 * negotiated. For boxes without large unsigned ints mangle the
5825 * lock offset by mapping the top 32 bits onto the lower 32.
5828 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
5829 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5830 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
5833 if((new_low = map_lock_offset(high, low)) == 0) {
5835 return (SMB_BIG_UINT)-1;
5838 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
5839 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
5840 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
5841 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
5844 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5845 #endif /* HAVE_LONGLONG */
5851 /****************************************************************************
5852 Reply to a lockingX request.
5853 ****************************************************************************/
5855 void reply_lockingX(connection_struct *conn, struct smb_request *req)
5858 unsigned char locktype;
5859 unsigned char oplocklevel;
5862 SMB_BIG_UINT count = 0, offset = 0;
5867 BOOL large_file_format;
5869 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5871 START_PROFILE(SMBlockingX);
5874 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5875 END_PROFILE(SMBlockingX);
5879 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
5880 locktype = CVAL(req->inbuf,smb_vwv3);
5881 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
5882 num_ulocks = SVAL(req->inbuf,smb_vwv6);
5883 num_locks = SVAL(req->inbuf,smb_vwv7);
5884 lock_timeout = IVAL(req->inbuf,smb_vwv4);
5885 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
5887 if (!check_fsp(conn, req, fsp, ¤t_user)) {
5888 END_PROFILE(SMBlockingX);
5892 data = smb_buf(req->inbuf);
5894 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
5895 /* we don't support these - and CANCEL_LOCK makes w2k
5896 and XP reboot so I don't really want to be
5897 compatible! (tridge) */
5898 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
5899 END_PROFILE(SMBlockingX);
5903 /* Check if this is an oplock break on a file
5904 we have granted an oplock on.
5906 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
5907 /* Client can insist on breaking to none. */
5908 BOOL break_to_none = (oplocklevel == 0);
5911 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
5912 "for fnum = %d\n", (unsigned int)oplocklevel,
5916 * Make sure we have granted an exclusive or batch oplock on
5920 if (fsp->oplock_type == 0) {
5922 /* The Samba4 nbench simulator doesn't understand
5923 the difference between break to level2 and break
5924 to none from level2 - it sends oplock break
5925 replies in both cases. Don't keep logging an error
5926 message here - just ignore it. JRA. */
5928 DEBUG(5,("reply_lockingX: Error : oplock break from "
5929 "client for fnum = %d (oplock=%d) and no "
5930 "oplock granted on this file (%s).\n",
5931 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
5933 /* if this is a pure oplock break request then don't
5935 if (num_locks == 0 && num_ulocks == 0) {
5936 END_PROFILE(SMBlockingX);
5937 reply_post_legacy(req, -1);
5940 END_PROFILE(SMBlockingX);
5941 reply_doserror(req, ERRDOS, ERRlock);
5946 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
5948 result = remove_oplock(fsp);
5950 result = downgrade_oplock(fsp);
5954 DEBUG(0, ("reply_lockingX: error in removing "
5955 "oplock on file %s\n", fsp->fsp_name));
5956 /* Hmmm. Is this panic justified? */
5957 smb_panic("internal tdb error");
5960 reply_to_oplock_break_requests(fsp);
5962 /* if this is a pure oplock break request then don't send a
5964 if (num_locks == 0 && num_ulocks == 0) {
5965 /* Sanity check - ensure a pure oplock break is not a
5967 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
5968 DEBUG(0,("reply_lockingX: Error : pure oplock "
5969 "break is a chained %d request !\n",
5970 (unsigned int)CVAL(req->inbuf,
5972 END_PROFILE(SMBlockingX);
5978 * We do this check *after* we have checked this is not a oplock break
5979 * response message. JRA.
5982 release_level_2_oplocks_on_change(fsp);
5984 if (smb_buflen(req->inbuf) <
5985 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
5986 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5987 END_PROFILE(SMBlockingX);
5991 /* Data now points at the beginning of the list
5992 of smb_unlkrng structs */
5993 for(i = 0; i < (int)num_ulocks; i++) {
5994 lock_pid = get_lock_pid( data, i, large_file_format);
5995 count = get_lock_count( data, i, large_file_format);
5996 offset = get_lock_offset( data, i, large_file_format, &err);
5999 * There is no error code marked "stupid client bug".... :-).
6002 END_PROFILE(SMBlockingX);
6003 reply_doserror(req, ERRDOS, ERRnoaccess);
6007 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6008 "pid %u, file %s\n", (double)offset, (double)count,
6009 (unsigned int)lock_pid, fsp->fsp_name ));
6011 status = do_unlock(smbd_messaging_context(),
6018 if (NT_STATUS_V(status)) {
6019 END_PROFILE(SMBlockingX);
6020 reply_nterror(req, status);
6025 /* Setup the timeout in seconds. */
6027 if (!lp_blocking_locks(SNUM(conn))) {
6031 /* Now do any requested locks */
6032 data += ((large_file_format ? 20 : 10)*num_ulocks);
6034 /* Data now points at the beginning of the list
6035 of smb_lkrng structs */
6037 for(i = 0; i < (int)num_locks; i++) {
6038 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6039 READ_LOCK:WRITE_LOCK);
6040 lock_pid = get_lock_pid( data, i, large_file_format);
6041 count = get_lock_count( data, i, large_file_format);
6042 offset = get_lock_offset( data, i, large_file_format, &err);
6045 * There is no error code marked "stupid client bug".... :-).
6048 END_PROFILE(SMBlockingX);
6049 reply_doserror(req, ERRDOS, ERRnoaccess);
6053 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6054 "%u, file %s timeout = %d\n", (double)offset,
6055 (double)count, (unsigned int)lock_pid,
6056 fsp->fsp_name, (int)lock_timeout ));
6058 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6059 if (lp_blocking_locks(SNUM(conn))) {
6061 /* Schedule a message to ourselves to
6062 remove the blocking lock record and
6063 return the right error. */
6065 if (!blocking_lock_cancel(fsp,
6071 NT_STATUS_FILE_LOCK_CONFLICT)) {
6072 END_PROFILE(SMBlockingX);
6077 ERRcancelviolation));
6081 /* Remove a matching pending lock. */
6082 status = do_lock_cancel(fsp,
6088 BOOL blocking_lock = lock_timeout ? True : False;
6089 BOOL defer_lock = False;
6090 struct byte_range_lock *br_lck;
6091 uint32 block_smbpid;
6093 br_lck = do_lock(smbd_messaging_context(),
6104 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6105 /* Windows internal resolution for blocking locks seems
6106 to be about 200ms... Don't wait for less than that. JRA. */
6107 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6108 lock_timeout = lp_lock_spin_time();
6113 /* This heuristic seems to match W2K3 very well. If a
6114 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6115 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6116 far as I can tell. Replacement for do_lock_spin(). JRA. */
6118 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6119 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6121 lock_timeout = lp_lock_spin_time();
6124 if (br_lck && defer_lock) {
6126 * A blocking lock was requested. Package up
6127 * this smb into a queued request and push it
6128 * onto the blocking lock queue.
6130 if(push_blocking_lock_request(br_lck,
6132 smb_len(req->inbuf)+4,
6142 TALLOC_FREE(br_lck);
6143 END_PROFILE(SMBlockingX);
6144 reply_post_legacy(req, -1);
6149 TALLOC_FREE(br_lck);
6152 if (NT_STATUS_V(status)) {
6153 END_PROFILE(SMBlockingX);
6154 reply_nterror(req, status);
6159 /* If any of the above locks failed, then we must unlock
6160 all of the previous locks (X/Open spec). */
6162 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6166 * Ensure we don't do a remove on the lock that just failed,
6167 * as under POSIX rules, if we have a lock already there, we
6168 * will delete it (and we shouldn't) .....
6170 for(i--; i >= 0; i--) {
6171 lock_pid = get_lock_pid( data, i, large_file_format);
6172 count = get_lock_count( data, i, large_file_format);
6173 offset = get_lock_offset( data, i, large_file_format,
6177 * There is no error code marked "stupid client
6181 END_PROFILE(SMBlockingX);
6182 reply_doserror(req, ERRDOS, ERRnoaccess);
6186 do_unlock(smbd_messaging_context(),
6193 END_PROFILE(SMBlockingX);
6194 reply_nterror(req, status);
6198 reply_outbuf(req, 2, 0);
6200 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6201 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6203 END_PROFILE(SMBlockingX);
6204 chain_reply_new(req);
6208 #define DBGC_CLASS DBGC_ALL
6210 /****************************************************************************
6211 Reply to a SMBreadbmpx (read block multiplex) request.
6212 ****************************************************************************/
6214 int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
6225 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6226 START_PROFILE(SMBreadBmpx);
6228 /* this function doesn't seem to work - disable by default */
6229 if (!lp_readbmpx()) {
6230 END_PROFILE(SMBreadBmpx);
6231 return ERROR_DOS(ERRSRV,ERRuseSTD);
6234 outsize = set_message(inbuf,outbuf,8,0,True);
6236 CHECK_FSP(fsp,conn);
6237 if (!CHECK_READ(fsp,inbuf)) {
6238 return(ERROR_DOS(ERRDOS,ERRbadaccess));
6241 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
6242 maxcount = SVAL(inbuf,smb_vwv3);
6244 data = smb_buf(outbuf);
6245 pad = ((long)data)%4;
6250 max_per_packet = bufsize-(outsize+pad);
6254 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
6255 END_PROFILE(SMBreadBmpx);
6256 return ERROR_DOS(ERRDOS,ERRlock);
6260 size_t N = MIN(max_per_packet,tcount-total_read);
6262 nread = read_file(fsp,data,startpos,N);
6267 if (nread < (ssize_t)N)
6268 tcount = total_read + nread;
6270 set_message(inbuf,outbuf,8,nread+pad,False);
6271 SIVAL(outbuf,smb_vwv0,startpos);
6272 SSVAL(outbuf,smb_vwv2,tcount);
6273 SSVAL(outbuf,smb_vwv6,nread);
6274 SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
6277 if (!send_smb(smbd_server_fd(),outbuf))
6278 exit_server_cleanly("reply_readbmpx: send_smb failed.");
6280 total_read += nread;
6282 } while (total_read < (ssize_t)tcount);
6284 END_PROFILE(SMBreadBmpx);
6288 /****************************************************************************
6289 Reply to a SMBsetattrE.
6290 ****************************************************************************/
6292 int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
6294 struct timespec ts[2];
6296 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6297 START_PROFILE(SMBsetattrE);
6299 outsize = set_message(inbuf,outbuf,0,0,False);
6301 if(!fsp || (fsp->conn != conn)) {
6302 END_PROFILE(SMBsetattrE);
6303 return ERROR_DOS(ERRDOS,ERRbadfid);
6307 * Convert the DOS times into unix times. Ignore create
6308 * time as UNIX can't set this.
6311 ts[0] = convert_time_t_to_timespec(srv_make_unix_date2(inbuf+smb_vwv3)); /* atime. */
6312 ts[1] = convert_time_t_to_timespec(srv_make_unix_date2(inbuf+smb_vwv5)); /* mtime. */
6315 * Patch from Ray Frush <frush@engr.colostate.edu>
6316 * Sometimes times are sent as zero - ignore them.
6319 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6320 /* Ignore request */
6321 if( DEBUGLVL( 3 ) ) {
6322 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6323 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
6325 END_PROFILE(SMBsetattrE);
6327 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
6328 /* set modify time = to access time if modify time was unset */
6332 /* Set the date on this file */
6333 /* Should we set pending modtime here ? JRA */
6334 if(file_ntimes(conn, fsp->fsp_name, ts)) {
6335 END_PROFILE(SMBsetattrE);
6336 return ERROR_DOS(ERRDOS,ERRnoaccess);
6339 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
6341 (unsigned int)ts[0].tv_sec,
6342 (unsigned int)ts[1].tv_sec));
6344 END_PROFILE(SMBsetattrE);
6349 /* Back from the dead for OS/2..... JRA. */
6351 /****************************************************************************
6352 Reply to a SMBwritebmpx (write block multiplex primary) request.
6353 ****************************************************************************/
6355 int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
6358 ssize_t nwritten = -1;
6365 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6367 START_PROFILE(SMBwriteBmpx);
6369 CHECK_FSP(fsp,conn);
6370 if (!CHECK_WRITE(fsp)) {
6371 return(ERROR_DOS(ERRDOS,ERRbadaccess));
6373 if (HAS_CACHED_ERROR(fsp)) {
6374 return(CACHED_ERROR(fsp));
6377 tcount = SVAL(inbuf,smb_vwv1);
6378 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
6379 write_through = BITSETW(inbuf+smb_vwv7,0);
6380 numtowrite = SVAL(inbuf,smb_vwv10);
6381 smb_doff = SVAL(inbuf,smb_vwv11);
6383 data = smb_base(inbuf) + smb_doff;
6385 /* If this fails we need to send an SMBwriteC response,
6386 not an SMBwritebmpx - set this up now so we don't forget */
6387 SCVAL(outbuf,smb_com,SMBwritec);
6389 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK)) {
6390 END_PROFILE(SMBwriteBmpx);
6391 return(ERROR_DOS(ERRDOS,ERRlock));
6394 nwritten = write_file(fsp,data,startpos,numtowrite);
6396 status = sync_file(conn, fsp, write_through);
6397 if (!NT_STATUS_IS_OK(status)) {
6398 END_PROFILE(SMBwriteBmpx);
6399 DEBUG(5,("reply_writebmpx: sync_file for %s returned %s\n",
6400 fsp->fsp_name, nt_errstr(status) ));
6401 return ERROR_NT(status);
6404 if(nwritten < (ssize_t)numtowrite) {
6405 END_PROFILE(SMBwriteBmpx);
6406 return(UNIXERROR(ERRHRD,ERRdiskfull));
6409 /* If the maximum to be written to this file
6410 is greater than what we just wrote then set
6411 up a secondary struct to be attached to this
6412 fd, we will use this to cache error messages etc. */
6414 if((ssize_t)tcount > nwritten) {
6415 write_bmpx_struct *wbms;
6416 if(fsp->wbmpx_ptr != NULL)
6417 wbms = fsp->wbmpx_ptr; /* Use an existing struct */
6419 wbms = SMB_MALLOC_P(write_bmpx_struct);
6421 DEBUG(0,("Out of memory in reply_readmpx\n"));
6422 END_PROFILE(SMBwriteBmpx);
6423 return(ERROR_DOS(ERRSRV,ERRnoresource));
6425 wbms->wr_mode = write_through;
6426 wbms->wr_discard = False; /* No errors yet */
6427 wbms->wr_total_written = nwritten;
6428 wbms->wr_errclass = 0;
6430 fsp->wbmpx_ptr = wbms;
6433 /* We are returning successfully, set the message type back to
6435 SCVAL(outbuf,smb_com,SMBwriteBmpx);
6437 outsize = set_message(inbuf,outbuf,1,0,True);
6439 SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
6441 DEBUG( 3, ( "writebmpx fnum=%d num=%d wrote=%d\n",
6442 fsp->fnum, (int)numtowrite, (int)nwritten ) );
6444 if (write_through && tcount==nwritten) {
6445 /* We need to send both a primary and a secondary response */
6446 smb_setlen(inbuf,outbuf,outsize - 4);
6448 if (!send_smb(smbd_server_fd(),outbuf))
6449 exit_server_cleanly("reply_writebmpx: send_smb failed.");
6451 /* Now the secondary */
6452 outsize = set_message(inbuf,outbuf,1,0,True);
6453 SCVAL(outbuf,smb_com,SMBwritec);
6454 SSVAL(outbuf,smb_vwv0,nwritten);
6457 END_PROFILE(SMBwriteBmpx);
6461 /****************************************************************************
6462 Reply to a SMBwritebs (write block multiplex secondary) request.
6463 ****************************************************************************/
6465 int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
6468 ssize_t nwritten = -1;
6475 write_bmpx_struct *wbms;
6476 BOOL send_response = False;
6477 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6479 START_PROFILE(SMBwriteBs);
6481 CHECK_FSP(fsp,conn);
6482 if (!CHECK_WRITE(fsp)) {
6483 return(ERROR_DOS(ERRDOS,ERRbadaccess));
6486 tcount = SVAL(inbuf,smb_vwv1);
6487 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
6488 numtowrite = SVAL(inbuf,smb_vwv6);
6489 smb_doff = SVAL(inbuf,smb_vwv7);
6491 data = smb_base(inbuf) + smb_doff;
6493 /* We need to send an SMBwriteC response, not an SMBwritebs */
6494 SCVAL(outbuf,smb_com,SMBwritec);
6496 /* This fd should have an auxiliary struct attached,
6497 check that it does */
6498 wbms = fsp->wbmpx_ptr;
6500 END_PROFILE(SMBwriteBs);
6504 /* If write through is set we can return errors, else we must cache them */
6505 write_through = wbms->wr_mode;
6507 /* Check for an earlier error */
6508 if(wbms->wr_discard) {
6509 END_PROFILE(SMBwriteBs);
6510 return -1; /* Just discard the packet */
6513 nwritten = write_file(fsp,data,startpos,numtowrite);
6515 status = sync_file(conn, fsp, write_through);
6517 if (nwritten < (ssize_t)numtowrite || !NT_STATUS_IS_OK(status)) {
6519 /* We are returning an error - we can delete the aux struct */
6522 fsp->wbmpx_ptr = NULL;
6523 END_PROFILE(SMBwriteBs);
6524 return(ERROR_DOS(ERRHRD,ERRdiskfull));
6526 wbms->wr_errclass = ERRHRD;
6527 wbms->wr_error = ERRdiskfull;
6528 wbms->wr_status = NT_STATUS_DISK_FULL;
6529 wbms->wr_discard = True;
6530 END_PROFILE(SMBwriteBs);
6534 /* Increment the total written, if this matches tcount
6535 we can discard the auxiliary struct (hurrah !) and return a writeC */
6536 wbms->wr_total_written += nwritten;
6537 if(wbms->wr_total_written >= tcount) {
6538 if (write_through) {
6539 outsize = set_message(inbuf,outbuf,1,0,True);
6540 SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);
6541 send_response = True;
6545 fsp->wbmpx_ptr = NULL;
6549 END_PROFILE(SMBwriteBs);
6553 END_PROFILE(SMBwriteBs);
6557 /****************************************************************************
6558 Reply to a SMBgetattrE.
6559 ****************************************************************************/
6561 int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
6563 SMB_STRUCT_STAT sbuf;
6566 files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
6567 START_PROFILE(SMBgetattrE);
6569 outsize = set_message(inbuf,outbuf,11,0,True);
6571 if(!fsp || (fsp->conn != conn)) {
6572 END_PROFILE(SMBgetattrE);
6573 return ERROR_DOS(ERRDOS,ERRbadfid);
6576 /* Do an fstat on this file */
6577 if(fsp_stat(fsp, &sbuf)) {
6578 END_PROFILE(SMBgetattrE);
6579 return(UNIXERROR(ERRDOS,ERRnoaccess));
6582 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
6585 * Convert the times into dos times. Set create
6586 * date to be last modify date as UNIX doesn't save
6590 srv_put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
6591 srv_put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
6592 /* Should we check pending modtime here ? JRA */
6593 srv_put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
6596 SIVAL(outbuf,smb_vwv6,0);
6597 SIVAL(outbuf,smb_vwv8,0);
6599 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
6600 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
6601 SIVAL(outbuf,smb_vwv8,allocation_size);
6603 SSVAL(outbuf,smb_vwv10, mode);
6605 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
6607 END_PROFILE(SMBgetattrE);