2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern BOOL global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 BOOL *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 BOOL start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, BOOL *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
219 BOOL *contains_wcard)
226 ret = srvstr_pull_buf_talloc(ctx,
233 ret = srvstr_pull_talloc(ctx,
243 *err = NT_STATUS_INVALID_PARAMETER;
247 *contains_wcard = False;
249 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
251 * For a DFS path the function parse_dfs_path()
252 * will do the path processing, just make a copy.
258 if (lp_posix_pathnames()) {
259 *err = check_path_syntax_posix(*pp_dest);
261 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
267 /****************************************************************************
268 Pull a string and check the path - provide for error return.
269 ****************************************************************************/
271 size_t srvstr_get_path(TALLOC_CTX *ctx,
285 ret = srvstr_pull_buf_talloc(ctx,
292 ret = srvstr_pull_talloc(ctx,
302 *err = NT_STATUS_INVALID_PARAMETER;
306 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
308 * For a DFS path the function parse_dfs_path()
309 * will do the path processing, just make a copy.
315 if (lp_posix_pathnames()) {
316 *err = check_path_syntax_posix(*pp_dest);
318 *err = check_path_syntax(*pp_dest);
324 /****************************************************************************
325 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
326 ****************************************************************************/
328 BOOL check_fsp_open(connection_struct *conn, struct smb_request *req,
329 files_struct *fsp, struct current_user *user)
331 if (!(fsp) || !(conn)) {
332 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
335 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
336 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
342 /****************************************************************************
343 Check if we have a correct fsp pointing to a file. Replacement for the
345 ****************************************************************************/
347 BOOL check_fsp(connection_struct *conn, struct smb_request *req,
348 files_struct *fsp, struct current_user *user)
350 if (!check_fsp_open(conn, req, fsp, user)) {
353 if ((fsp)->is_directory) {
354 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
357 if ((fsp)->fh->fd == -1) {
358 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
361 (fsp)->num_smb_operations++;
365 /****************************************************************************
366 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
367 ****************************************************************************/
369 BOOL fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
370 files_struct *fsp, struct current_user *user)
372 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
373 && (current_user.vuid==(fsp)->vuid)) {
377 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
381 /****************************************************************************
382 Reply to a (netbios-level) special message.
383 ****************************************************************************/
385 void reply_special(char *inbuf)
387 int msg_type = CVAL(inbuf,0);
388 int msg_flags = CVAL(inbuf,1);
393 * We only really use 4 bytes of the outbuf, but for the smb_setlen
394 * calculation & friends (send_smb uses that) we need the full smb
397 char outbuf[smb_size];
399 static BOOL already_got_session = False;
403 memset(outbuf, '\0', sizeof(outbuf));
405 smb_setlen(inbuf,outbuf,0);
408 case 0x81: /* session request */
410 if (already_got_session) {
411 exit_server_cleanly("multiple session request not permitted");
414 SCVAL(outbuf,0,0x82);
416 if (name_len(inbuf+4) > 50 ||
417 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
418 DEBUG(0,("Invalid name length in session request\n"));
421 name_extract(inbuf,4,name1);
422 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
423 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
426 set_local_machine_name(name1, True);
427 set_remote_machine_name(name2, True);
429 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
430 get_local_machine_name(), get_remote_machine_name(),
433 if (name_type == 'R') {
434 /* We are being asked for a pathworks session ---
436 SCVAL(outbuf, 0,0x83);
440 /* only add the client's machine name to the list
441 of possibly valid usernames if we are operating
442 in share mode security */
443 if (lp_security() == SEC_SHARE) {
444 add_session_user(get_remote_machine_name());
447 reload_services(True);
450 already_got_session = True;
453 case 0x89: /* session keepalive request
454 (some old clients produce this?) */
455 SCVAL(outbuf,0,SMBkeepalive);
459 case 0x82: /* positive session response */
460 case 0x83: /* negative session response */
461 case 0x84: /* retarget session response */
462 DEBUG(0,("Unexpected session response\n"));
465 case SMBkeepalive: /* session keepalive */
470 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
471 msg_type, msg_flags));
473 send_smb(smbd_server_fd(), outbuf);
477 /****************************************************************************
479 conn POINTER CAN BE NULL HERE !
480 ****************************************************************************/
482 void reply_tcon(connection_struct *conn, struct smb_request *req)
485 char *service_buf = NULL;
486 char *password = NULL;
491 DATA_BLOB password_blob;
492 TALLOC_CTX *ctx = talloc_tos();
494 START_PROFILE(SMBtcon);
496 if (smb_buflen(req->inbuf) < 4) {
497 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
498 END_PROFILE(SMBtcon);
502 p = smb_buf(req->inbuf)+1;
503 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
504 &service_buf, p, STR_TERMINATE) + 1;
505 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
506 &password, p, STR_TERMINATE) + 1;
508 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
509 &dev, p, STR_TERMINATE) + 1;
511 if (service_buf == NULL || password == NULL || dev == NULL) {
512 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
513 END_PROFILE(SMBtcon);
516 p = strrchr_m(service_buf,'\\');
520 service = service_buf;
523 password_blob = data_blob(password, pwlen+1);
525 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
527 data_blob_clear_free(&password_blob);
530 reply_nterror(req, nt_status);
531 END_PROFILE(SMBtcon);
535 reply_outbuf(req, 2, 0);
536 SSVAL(req->outbuf,smb_vwv0,max_recv);
537 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
538 SSVAL(req->outbuf,smb_tid,conn->cnum);
540 DEBUG(3,("tcon service=%s cnum=%d\n",
541 service, conn->cnum));
543 END_PROFILE(SMBtcon);
547 /****************************************************************************
548 Reply to a tcon and X.
549 conn POINTER CAN BE NULL HERE !
550 ****************************************************************************/
552 void reply_tcon_and_X(connection_struct *conn, struct smb_request *req)
554 char *service = NULL;
556 TALLOC_CTX *ctx = talloc_tos();
557 /* what the cleint thinks the device is */
558 char *client_devicetype = NULL;
559 /* what the server tells the client the share represents */
560 const char *server_devicetype;
567 START_PROFILE(SMBtconX);
570 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
571 END_PROFILE(SMBtconX);
575 passlen = SVAL(req->inbuf,smb_vwv3);
576 tcon_flags = SVAL(req->inbuf,smb_vwv2);
578 /* we might have to close an old one */
579 if ((tcon_flags & 0x1) && conn) {
580 close_cnum(conn,req->vuid);
583 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
584 reply_doserror(req, ERRDOS, ERRbuftoosmall);
585 END_PROFILE(SMBtconX);
589 if (global_encrypted_passwords_negotiated) {
590 password = data_blob(smb_buf(req->inbuf),passlen);
591 if (lp_security() == SEC_SHARE) {
593 * Security = share always has a pad byte
594 * after the password.
596 p = smb_buf(req->inbuf) + passlen + 1;
598 p = smb_buf(req->inbuf) + passlen;
601 password = data_blob(smb_buf(req->inbuf),passlen+1);
602 /* Ensure correct termination */
603 password.data[passlen]=0;
604 p = smb_buf(req->inbuf) + passlen + 1;
607 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
611 data_blob_clear_free(&password);
612 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
613 END_PROFILE(SMBtconX);
618 * the service name can be either: \\server\share
619 * or share directly like on the DELL PowerVault 705
622 q = strchr_m(path+2,'\\');
624 data_blob_clear_free(&password);
625 reply_doserror(req, ERRDOS, ERRnosuchshare);
626 END_PROFILE(SMBtconX);
634 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
635 &client_devicetype, p,
636 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
638 if (client_devicetype == NULL) {
639 data_blob_clear_free(&password);
640 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
641 END_PROFILE(SMBtconX);
645 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
647 conn = make_connection(service, password, client_devicetype,
648 req->vuid, &nt_status);
650 data_blob_clear_free(&password);
653 reply_nterror(req, nt_status);
654 END_PROFILE(SMBtconX);
659 server_devicetype = "IPC";
660 else if ( IS_PRINT(conn) )
661 server_devicetype = "LPT1:";
663 server_devicetype = "A:";
665 if (Protocol < PROTOCOL_NT1) {
666 reply_outbuf(req, 2, 0);
667 if (message_push_string(&req->outbuf, server_devicetype,
668 STR_TERMINATE|STR_ASCII) == -1) {
669 reply_nterror(req, NT_STATUS_NO_MEMORY);
670 END_PROFILE(SMBtconX);
674 /* NT sets the fstype of IPC$ to the null string */
675 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
677 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
678 /* Return permissions. */
682 reply_outbuf(req, 7, 0);
685 perm1 = FILE_ALL_ACCESS;
686 perm2 = FILE_ALL_ACCESS;
688 perm1 = CAN_WRITE(conn) ?
693 SIVAL(req->outbuf, smb_vwv3, perm1);
694 SIVAL(req->outbuf, smb_vwv5, perm2);
696 reply_outbuf(req, 3, 0);
699 if ((message_push_string(&req->outbuf, server_devicetype,
700 STR_TERMINATE|STR_ASCII) == -1)
701 || (message_push_string(&req->outbuf, fstype,
702 STR_TERMINATE) == -1)) {
703 reply_nterror(req, NT_STATUS_NO_MEMORY);
704 END_PROFILE(SMBtconX);
708 /* what does setting this bit do? It is set by NT4 and
709 may affect the ability to autorun mounted cdroms */
710 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
711 (lp_csc_policy(SNUM(conn)) << 2));
713 init_dfsroot(conn, req->inbuf, req->outbuf);
717 DEBUG(3,("tconX service=%s \n",
720 /* set the incoming and outgoing tid to the just created one */
721 SSVAL(req->inbuf,smb_tid,conn->cnum);
722 SSVAL(req->outbuf,smb_tid,conn->cnum);
724 END_PROFILE(SMBtconX);
730 /****************************************************************************
731 Reply to an unknown type.
732 ****************************************************************************/
734 int reply_unknown(char *inbuf,char *outbuf)
737 type = CVAL(inbuf,smb_com);
739 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
740 smb_fn_name(type), type, type));
742 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
745 void reply_unknown_new(struct smb_request *req, uint8 type)
747 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
748 smb_fn_name(type), type, type));
749 reply_doserror(req, ERRSRV, ERRunknownsmb);
753 /****************************************************************************
755 conn POINTER CAN BE NULL HERE !
756 ****************************************************************************/
758 void reply_ioctl(connection_struct *conn, struct smb_request *req)
766 START_PROFILE(SMBioctl);
769 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
770 END_PROFILE(SMBioctl);
774 device = SVAL(req->inbuf,smb_vwv1);
775 function = SVAL(req->inbuf,smb_vwv2);
776 ioctl_code = (device << 16) + function;
778 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
780 switch (ioctl_code) {
781 case IOCTL_QUERY_JOB_INFO:
785 reply_doserror(req, ERRSRV, ERRnosupport);
786 END_PROFILE(SMBioctl);
790 reply_outbuf(req, 8, replysize+1);
791 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
792 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
793 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
794 p = smb_buf(req->outbuf);
795 memset(p, '\0', replysize+1); /* valgrind-safe. */
796 p += 1; /* Allow for alignment */
798 switch (ioctl_code) {
799 case IOCTL_QUERY_JOB_INFO:
801 files_struct *fsp = file_fsp(SVAL(req->inbuf,
804 reply_doserror(req, ERRDOS, ERRbadfid);
805 END_PROFILE(SMBioctl);
808 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
809 srvstr_push((char *)req->outbuf, req->flags2, p+2,
811 STR_TERMINATE|STR_ASCII);
813 srvstr_push((char *)req->outbuf, req->flags2,
814 p+18, lp_servicename(SNUM(conn)),
815 13, STR_TERMINATE|STR_ASCII);
823 END_PROFILE(SMBioctl);
827 /****************************************************************************
828 Strange checkpath NTSTATUS mapping.
829 ****************************************************************************/
831 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
833 /* Strange DOS error code semantics only for checkpath... */
834 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
835 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
836 /* We need to map to ERRbadpath */
837 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
843 /****************************************************************************
844 Reply to a checkpath.
845 ****************************************************************************/
847 void reply_checkpath(connection_struct *conn, struct smb_request *req)
850 SMB_STRUCT_STAT sbuf;
852 TALLOC_CTX *ctx = talloc_tos();
854 START_PROFILE(SMBcheckpath);
856 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
857 smb_buf(req->inbuf) + 1, 0,
858 STR_TERMINATE, &status);
859 if (!NT_STATUS_IS_OK(status)) {
860 status = map_checkpath_error((char *)req->inbuf, status);
861 reply_nterror(req, status);
862 END_PROFILE(SMBcheckpath);
866 status = resolve_dfspath(ctx, conn,
867 req->flags2 & FLAGS2_DFS_PATHNAMES,
870 if (!NT_STATUS_IS_OK(status)) {
871 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
872 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
874 END_PROFILE(SMBcheckpath);
880 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
882 status = unix_convert(conn, name, False, &name, NULL, &sbuf);
883 if (!NT_STATUS_IS_OK(status)) {
887 status = check_name(conn, name);
888 if (!NT_STATUS_IS_OK(status)) {
889 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
893 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
894 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
895 status = map_nt_error_from_unix(errno);
899 if (!S_ISDIR(sbuf.st_mode)) {
900 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
902 END_PROFILE(SMBcheckpath);
906 reply_outbuf(req, 0, 0);
908 END_PROFILE(SMBcheckpath);
913 END_PROFILE(SMBcheckpath);
915 /* We special case this - as when a Windows machine
916 is parsing a path is steps through the components
917 one at a time - if a component fails it expects
918 ERRbadpath, not ERRbadfile.
920 status = map_checkpath_error((char *)req->inbuf, status);
921 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
923 * Windows returns different error codes if
924 * the parent directory is valid but not the
925 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
926 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
927 * if the path is invalid.
929 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
934 reply_nterror(req, status);
937 /****************************************************************************
939 ****************************************************************************/
941 void reply_getatr(connection_struct *conn, struct smb_request *req)
944 SMB_STRUCT_STAT sbuf;
950 TALLOC_CTX *ctx = talloc_tos();
952 START_PROFILE(SMBgetatr);
954 p = smb_buf(req->inbuf) + 1;
955 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
956 0, STR_TERMINATE, &status);
957 if (!NT_STATUS_IS_OK(status)) {
958 reply_nterror(req, status);
959 END_PROFILE(SMBgetatr);
963 status = resolve_dfspath(ctx, conn,
964 req->flags2 & FLAGS2_DFS_PATHNAMES,
967 if (!NT_STATUS_IS_OK(status)) {
968 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
969 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
971 END_PROFILE(SMBgetatr);
974 reply_nterror(req, status);
975 END_PROFILE(SMBgetatr);
979 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
980 under WfWg - weird! */
981 if (*fname == '\0') {
982 mode = aHIDDEN | aDIR;
983 if (!CAN_WRITE(conn)) {
989 status = unix_convert(conn, fname, False, &fname, NULL,&sbuf);
990 if (!NT_STATUS_IS_OK(status)) {
991 reply_nterror(req, status);
992 END_PROFILE(SMBgetatr);
995 status = check_name(conn, fname);
996 if (!NT_STATUS_IS_OK(status)) {
997 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
998 reply_nterror(req, status);
999 END_PROFILE(SMBgetatr);
1002 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1003 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1004 reply_unixerror(req, ERRDOS,ERRbadfile);
1005 END_PROFILE(SMBgetatr);
1009 mode = dos_mode(conn,fname,&sbuf);
1010 size = sbuf.st_size;
1011 mtime = sbuf.st_mtime;
1017 reply_outbuf(req, 10, 0);
1019 SSVAL(req->outbuf,smb_vwv0,mode);
1020 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1021 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1023 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1025 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1027 if (Protocol >= PROTOCOL_NT1) {
1028 SSVAL(req->outbuf, smb_flg2,
1029 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1032 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1034 END_PROFILE(SMBgetatr);
1038 /****************************************************************************
1040 ****************************************************************************/
1042 void reply_setatr(connection_struct *conn, struct smb_request *req)
1047 SMB_STRUCT_STAT sbuf;
1050 TALLOC_CTX *ctx = talloc_tos();
1052 START_PROFILE(SMBsetatr);
1055 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1059 p = smb_buf(req->inbuf) + 1;
1060 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1061 0, STR_TERMINATE, &status);
1062 if (!NT_STATUS_IS_OK(status)) {
1063 reply_nterror(req, status);
1064 END_PROFILE(SMBsetatr);
1068 status = resolve_dfspath(ctx, conn,
1069 req->flags2 & FLAGS2_DFS_PATHNAMES,
1072 if (!NT_STATUS_IS_OK(status)) {
1073 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1074 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1075 ERRSRV, ERRbadpath);
1076 END_PROFILE(SMBsetatr);
1079 reply_nterror(req, status);
1080 END_PROFILE(SMBsetatr);
1084 status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
1085 if (!NT_STATUS_IS_OK(status)) {
1086 reply_nterror(req, status);
1087 END_PROFILE(SMBsetatr);
1091 status = check_name(conn, fname);
1092 if (!NT_STATUS_IS_OK(status)) {
1093 reply_nterror(req, status);
1094 END_PROFILE(SMBsetatr);
1098 if (fname[0] == '.' && fname[1] == '\0') {
1100 * Not sure here is the right place to catch this
1101 * condition. Might be moved to somewhere else later -- vl
1103 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1104 END_PROFILE(SMBsetatr);
1108 mode = SVAL(req->inbuf,smb_vwv0);
1109 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1111 if (mode != FILE_ATTRIBUTE_NORMAL) {
1112 if (VALID_STAT_OF_DIR(sbuf))
1117 if (file_set_dosmode(conn,fname,mode,&sbuf,False) != 0) {
1118 reply_unixerror(req, ERRDOS, ERRnoaccess);
1119 END_PROFILE(SMBsetatr);
1124 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1125 reply_unixerror(req, ERRDOS, ERRnoaccess);
1126 END_PROFILE(SMBsetatr);
1130 reply_outbuf(req, 0, 0);
1132 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1134 END_PROFILE(SMBsetatr);
1138 /****************************************************************************
1140 ****************************************************************************/
1142 void reply_dskattr(connection_struct *conn, struct smb_request *req)
1144 SMB_BIG_UINT dfree,dsize,bsize;
1145 START_PROFILE(SMBdskattr);
1147 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1148 reply_unixerror(req, ERRHRD, ERRgeneral);
1149 END_PROFILE(SMBdskattr);
1153 reply_outbuf(req, 5, 0);
1155 if (Protocol <= PROTOCOL_LANMAN2) {
1156 double total_space, free_space;
1157 /* we need to scale this to a number that DOS6 can handle. We
1158 use floating point so we can handle large drives on systems
1159 that don't have 64 bit integers
1161 we end up displaying a maximum of 2G to DOS systems
1163 total_space = dsize * (double)bsize;
1164 free_space = dfree * (double)bsize;
1166 dsize = (total_space+63*512) / (64*512);
1167 dfree = (free_space+63*512) / (64*512);
1169 if (dsize > 0xFFFF) dsize = 0xFFFF;
1170 if (dfree > 0xFFFF) dfree = 0xFFFF;
1172 SSVAL(req->outbuf,smb_vwv0,dsize);
1173 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1174 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1175 SSVAL(req->outbuf,smb_vwv3,dfree);
1177 SSVAL(req->outbuf,smb_vwv0,dsize);
1178 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1179 SSVAL(req->outbuf,smb_vwv2,512);
1180 SSVAL(req->outbuf,smb_vwv3,dfree);
1183 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1185 END_PROFILE(SMBdskattr);
1189 /****************************************************************************
1191 Can be called from SMBsearch, SMBffirst or SMBfunique.
1192 ****************************************************************************/
1194 void reply_search(connection_struct *conn, struct smb_request *req)
1197 char *directory = NULL;
1203 unsigned int numentries = 0;
1204 unsigned int maxentries = 0;
1205 BOOL finished = False;
1211 BOOL check_descend = False;
1212 BOOL expect_close = False;
1214 BOOL mask_contains_wcard = False;
1215 BOOL allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1216 TALLOC_CTX *ctx = talloc_tos();
1218 START_PROFILE(SMBsearch);
1221 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1222 END_PROFILE(SMBsearch);
1226 if (lp_posix_pathnames()) {
1227 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1228 END_PROFILE(SMBsearch);
1234 /* If we were called as SMBffirst then we must expect close. */
1235 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1236 expect_close = True;
1239 reply_outbuf(req, 1, 3);
1240 maxentries = SVAL(req->inbuf,smb_vwv0);
1241 dirtype = SVAL(req->inbuf,smb_vwv1);
1242 p = smb_buf(req->inbuf) + 1;
1243 p += srvstr_get_path_wcard(ctx,
1251 &mask_contains_wcard);
1252 if (!NT_STATUS_IS_OK(nt_status)) {
1253 reply_nterror(req, nt_status);
1254 END_PROFILE(SMBsearch);
1258 nt_status = resolve_dfspath_wcard(ctx, conn,
1259 req->flags2 & FLAGS2_DFS_PATHNAMES,
1262 &mask_contains_wcard);
1263 if (!NT_STATUS_IS_OK(nt_status)) {
1264 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1265 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1266 ERRSRV, ERRbadpath);
1267 END_PROFILE(SMBsearch);
1270 reply_nterror(req, nt_status);
1271 END_PROFILE(SMBsearch);
1276 status_len = SVAL(p, 0);
1279 /* dirtype &= ~aDIR; */
1281 if (status_len == 0) {
1282 SMB_STRUCT_STAT sbuf;
1284 nt_status = unix_convert(conn, path, True, &directory, NULL, &sbuf);
1285 if (!NT_STATUS_IS_OK(nt_status)) {
1286 reply_nterror(req, nt_status);
1287 END_PROFILE(SMBsearch);
1291 nt_status = check_name(conn, directory);
1292 if (!NT_STATUS_IS_OK(nt_status)) {
1293 reply_nterror(req, nt_status);
1294 END_PROFILE(SMBsearch);
1298 p = strrchr_m(directory,'/');
1300 pstrcpy(mask,directory);
1301 directory = talloc_strdup(talloc_tos(),".");
1303 reply_nterror(req, NT_STATUS_NO_MEMORY);
1304 END_PROFILE(SMBsearch);
1312 if (*directory == '\0') {
1313 directory = talloc_strdup(talloc_tos(),".");
1315 reply_nterror(req, NT_STATUS_NO_MEMORY);
1316 END_PROFILE(SMBsearch);
1320 memset((char *)status,'\0',21);
1321 SCVAL(status,0,(dirtype & 0x1F));
1323 nt_status = dptr_create(conn,
1329 mask_contains_wcard,
1332 if (!NT_STATUS_IS_OK(nt_status)) {
1333 reply_nterror(req, nt_status);
1334 END_PROFILE(SMBsearch);
1337 dptr_num = dptr_dnum(conn->dirptr);
1341 memcpy(status,p,21);
1342 status_dirtype = CVAL(status,0) & 0x1F;
1343 if (status_dirtype != (dirtype & 0x1F)) {
1344 dirtype = status_dirtype;
1347 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1348 if (!conn->dirptr) {
1351 string_set(&conn->dirpath,dptr_path(dptr_num));
1352 pstrcpy(mask, dptr_wcard(dptr_num));
1354 * For a 'continue' search we have no string. So
1355 * check from the initial saved string.
1357 mask_contains_wcard = ms_has_wild(mask);
1358 dirtype = dptr_attr(dptr_num);
1361 DEBUG(4,("dptr_num is %d\n",dptr_num));
1363 if ((dirtype&0x1F) == aVOLID) {
1364 char buf[DIR_STRUCT_SIZE];
1365 memcpy(buf,status,21);
1366 make_dir_struct(buf,"???????????",volume_label(SNUM(conn)),
1367 0,aVOLID,0,!allow_long_path_components);
1368 dptr_fill(buf+12,dptr_num);
1369 if (dptr_zero(buf+12) && (status_len==0)) {
1374 if (message_push_blob(&req->outbuf,
1375 data_blob_const(buf, sizeof(buf)))
1377 reply_nterror(req, NT_STATUS_NO_MEMORY);
1378 END_PROFILE(SMBsearch);
1386 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1389 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1390 conn->dirpath,lp_dontdescend(SNUM(conn))));
1391 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1392 check_descend = True;
1395 for (i=numentries;(i<maxentries) && !finished;i++) {
1396 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1398 char buf[DIR_STRUCT_SIZE];
1399 memcpy(buf,status,21);
1400 make_dir_struct(buf,mask,fname,size, mode,date,
1401 !allow_long_path_components);
1402 if (!dptr_fill(buf+12,dptr_num)) {
1405 if (message_push_blob(&req->outbuf,
1406 data_blob_const(buf, sizeof(buf)))
1408 reply_nterror(req, NT_STATUS_NO_MEMORY);
1409 END_PROFILE(SMBsearch);
1419 /* If we were called as SMBffirst with smb_search_id == NULL
1420 and no entries were found then return error and close dirptr
1423 if (numentries == 0) {
1424 dptr_close(&dptr_num);
1425 } else if(expect_close && status_len == 0) {
1426 /* Close the dptr - we know it's gone */
1427 dptr_close(&dptr_num);
1430 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1431 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1432 dptr_close(&dptr_num);
1435 if ((numentries == 0) && !mask_contains_wcard) {
1436 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1437 END_PROFILE(SMBsearch);
1441 SSVAL(req->outbuf,smb_vwv0,numentries);
1442 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1443 SCVAL(smb_buf(req->outbuf),0,5);
1444 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1446 /* The replies here are never long name. */
1447 SSVAL(req->outbuf, smb_flg2,
1448 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1449 if (!allow_long_path_components) {
1450 SSVAL(req->outbuf, smb_flg2,
1451 SVAL(req->outbuf, smb_flg2)
1452 & (~FLAGS2_LONG_PATH_COMPONENTS));
1455 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1456 SSVAL(req->outbuf, smb_flg2,
1457 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1460 directory = dptr_path(dptr_num);
1463 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1464 smb_fn_name(CVAL(req->inbuf,smb_com)),
1466 directory ? directory : "./",
1471 END_PROFILE(SMBsearch);
1475 /****************************************************************************
1476 Reply to a fclose (stop directory search).
1477 ****************************************************************************/
1479 void reply_fclose(connection_struct *conn, struct smb_request *req)
1487 BOOL path_contains_wcard = False;
1488 TALLOC_CTX *ctx = talloc_tos();
1490 START_PROFILE(SMBfclose);
1492 if (lp_posix_pathnames()) {
1493 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1494 END_PROFILE(SMBfclose);
1498 p = smb_buf(req->inbuf) + 1;
1499 p += srvstr_get_path_wcard(ctx,
1507 &path_contains_wcard);
1508 if (!NT_STATUS_IS_OK(err)) {
1509 reply_nterror(req, err);
1510 END_PROFILE(SMBfclose);
1514 status_len = SVAL(p,0);
1517 if (status_len == 0) {
1518 reply_doserror(req, ERRSRV, ERRsrverror);
1519 END_PROFILE(SMBfclose);
1523 memcpy(status,p,21);
1525 if(dptr_fetch(status+12,&dptr_num)) {
1526 /* Close the dptr - we know it's gone */
1527 dptr_close(&dptr_num);
1530 reply_outbuf(req, 1, 0);
1531 SSVAL(req->outbuf,smb_vwv0,0);
1533 DEBUG(3,("search close\n"));
1535 END_PROFILE(SMBfclose);
1539 /****************************************************************************
1541 ****************************************************************************/
1543 void reply_open(connection_struct *conn, struct smb_request *req)
1550 SMB_STRUCT_STAT sbuf;
1557 uint32 create_disposition;
1558 uint32 create_options = 0;
1560 TALLOC_CTX *ctx = talloc_tos();
1562 START_PROFILE(SMBopen);
1565 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1566 END_PROFILE(SMBopen);
1570 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1571 deny_mode = SVAL(req->inbuf,smb_vwv0);
1572 dos_attr = SVAL(req->inbuf,smb_vwv1);
1574 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1575 smb_buf(req->inbuf)+1, 0,
1576 STR_TERMINATE, &status);
1577 if (!NT_STATUS_IS_OK(status)) {
1578 reply_nterror(req, status);
1579 END_PROFILE(SMBopen);
1583 status = resolve_dfspath(ctx, conn,
1584 req->flags2 & FLAGS2_DFS_PATHNAMES,
1587 if (!NT_STATUS_IS_OK(status)) {
1588 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1589 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1590 ERRSRV, ERRbadpath);
1591 END_PROFILE(SMBopen);
1594 reply_nterror(req, status);
1595 END_PROFILE(SMBopen);
1599 status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
1600 if (!NT_STATUS_IS_OK(status)) {
1601 reply_nterror(req, status);
1602 END_PROFILE(SMBopen);
1606 status = check_name(conn, fname);
1607 if (!NT_STATUS_IS_OK(status)) {
1608 reply_nterror(req, status);
1609 END_PROFILE(SMBopen);
1613 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1614 &access_mask, &share_mode, &create_disposition, &create_options)) {
1615 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1616 END_PROFILE(SMBopen);
1620 status = open_file_ntcreate(conn, req, fname, &sbuf,
1629 if (!NT_STATUS_IS_OK(status)) {
1630 if (open_was_deferred(req->mid)) {
1631 END_PROFILE(SMBopen);
1632 /* We have re-scheduled this call. */
1635 reply_openerror(req, status);
1636 END_PROFILE(SMBopen);
1640 size = sbuf.st_size;
1641 fattr = dos_mode(conn,fname,&sbuf);
1642 mtime = sbuf.st_mtime;
1645 DEBUG(3,("attempt to open a directory %s\n",fname));
1646 close_file(fsp,ERROR_CLOSE);
1647 reply_doserror(req, ERRDOS,ERRnoaccess);
1648 END_PROFILE(SMBopen);
1652 reply_outbuf(req, 7, 0);
1653 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1654 SSVAL(req->outbuf,smb_vwv1,fattr);
1655 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1656 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1658 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1660 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1661 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1663 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1664 SCVAL(req->outbuf,smb_flg,
1665 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1668 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1669 SCVAL(req->outbuf,smb_flg,
1670 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1672 END_PROFILE(SMBopen);
1676 /****************************************************************************
1677 Reply to an open and X.
1678 ****************************************************************************/
1680 void reply_open_and_X(connection_struct *conn, struct smb_request *req)
1686 /* Breakout the oplock request bits so we can set the
1687 reply bits separately. */
1688 int ex_oplock_request;
1689 int core_oplock_request;
1692 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1693 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1698 SMB_STRUCT_STAT sbuf;
1702 SMB_BIG_UINT allocation_size;
1703 ssize_t retval = -1;
1706 uint32 create_disposition;
1707 uint32 create_options = 0;
1708 TALLOC_CTX *ctx = talloc_tos();
1710 START_PROFILE(SMBopenX);
1712 if (req->wct < 15) {
1713 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1714 END_PROFILE(SMBopenX);
1718 open_flags = SVAL(req->inbuf,smb_vwv2);
1719 deny_mode = SVAL(req->inbuf,smb_vwv3);
1720 smb_attr = SVAL(req->inbuf,smb_vwv5);
1721 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1722 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1723 oplock_request = ex_oplock_request | core_oplock_request;
1724 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1725 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1727 /* If it's an IPC, pass off the pipe handler. */
1729 if (lp_nt_pipe_support()) {
1730 reply_open_pipe_and_X(conn, req);
1732 reply_doserror(req, ERRSRV, ERRaccess);
1734 END_PROFILE(SMBopenX);
1738 /* XXXX we need to handle passed times, sattr and flags */
1739 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1740 smb_buf(req->inbuf), 0, STR_TERMINATE,
1742 if (!NT_STATUS_IS_OK(status)) {
1743 reply_nterror(req, status);
1744 END_PROFILE(SMBopenX);
1748 status = resolve_dfspath(ctx, conn,
1749 req->flags2 & FLAGS2_DFS_PATHNAMES,
1752 if (!NT_STATUS_IS_OK(status)) {
1753 END_PROFILE(SMBopenX);
1754 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1755 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1756 ERRSRV, ERRbadpath);
1759 reply_nterror(req, status);
1763 status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
1764 if (!NT_STATUS_IS_OK(status)) {
1765 reply_nterror(req, status);
1766 END_PROFILE(SMBopenX);
1770 status = check_name(conn, fname);
1771 if (!NT_STATUS_IS_OK(status)) {
1772 reply_nterror(req, status);
1773 END_PROFILE(SMBopenX);
1777 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1780 &create_disposition,
1782 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1783 END_PROFILE(SMBopenX);
1787 status = open_file_ntcreate(conn, req, fname, &sbuf,
1796 if (!NT_STATUS_IS_OK(status)) {
1797 END_PROFILE(SMBopenX);
1798 if (open_was_deferred(req->mid)) {
1799 /* We have re-scheduled this call. */
1802 reply_openerror(req, status);
1806 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1807 if the file is truncated or created. */
1808 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1809 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1810 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1811 close_file(fsp,ERROR_CLOSE);
1812 reply_nterror(req, NT_STATUS_DISK_FULL);
1813 END_PROFILE(SMBopenX);
1816 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1818 close_file(fsp,ERROR_CLOSE);
1819 reply_nterror(req, NT_STATUS_DISK_FULL);
1820 END_PROFILE(SMBopenX);
1823 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1826 fattr = dos_mode(conn,fname,&sbuf);
1827 mtime = sbuf.st_mtime;
1829 close_file(fsp,ERROR_CLOSE);
1830 reply_doserror(req, ERRDOS, ERRnoaccess);
1831 END_PROFILE(SMBopenX);
1835 /* If the caller set the extended oplock request bit
1836 and we granted one (by whatever means) - set the
1837 correct bit for extended oplock reply.
1840 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1841 smb_action |= EXTENDED_OPLOCK_GRANTED;
1844 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1845 smb_action |= EXTENDED_OPLOCK_GRANTED;
1848 /* If the caller set the core oplock request bit
1849 and we granted one (by whatever means) - set the
1850 correct bit for core oplock reply.
1853 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1854 reply_outbuf(req, 19, 0);
1856 reply_outbuf(req, 15, 0);
1859 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1860 SCVAL(req->outbuf, smb_flg,
1861 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1864 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1865 SCVAL(req->outbuf, smb_flg,
1866 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1869 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1870 SSVAL(req->outbuf,smb_vwv3,fattr);
1871 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1872 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1874 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1876 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1877 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1878 SSVAL(req->outbuf,smb_vwv11,smb_action);
1880 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1881 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1884 END_PROFILE(SMBopenX);
1889 /****************************************************************************
1890 Reply to a SMBulogoffX.
1891 conn POINTER CAN BE NULL HERE !
1892 ****************************************************************************/
1894 void reply_ulogoffX(connection_struct *conn, struct smb_request *req)
1898 START_PROFILE(SMBulogoffX);
1900 vuser = get_valid_user_struct(req->vuid);
1903 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1907 /* in user level security we are supposed to close any files
1908 open by this user */
1909 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1910 file_close_user(req->vuid);
1913 invalidate_vuid(req->vuid);
1915 reply_outbuf(req, 2, 0);
1917 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1919 END_PROFILE(SMBulogoffX);
1923 /****************************************************************************
1924 Reply to a mknew or a create.
1925 ****************************************************************************/
1927 void reply_mknew(connection_struct *conn, struct smb_request *req)
1932 struct timespec ts[2];
1934 int oplock_request = 0;
1935 SMB_STRUCT_STAT sbuf;
1937 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1938 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1939 uint32 create_disposition;
1940 uint32 create_options = 0;
1941 TALLOC_CTX *ctx = talloc_tos();
1943 START_PROFILE(SMBcreate);
1946 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1947 END_PROFILE(SMBcreate);
1951 fattr = SVAL(req->inbuf,smb_vwv0);
1952 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1953 com = SVAL(req->inbuf,smb_com);
1955 ts[1] =convert_time_t_to_timespec(
1956 srv_make_unix_date3(req->inbuf + smb_vwv1));
1959 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1960 smb_buf(req->inbuf) + 1, 0,
1961 STR_TERMINATE, &status);
1962 if (!NT_STATUS_IS_OK(status)) {
1963 reply_nterror(req, status);
1964 END_PROFILE(SMBcreate);
1968 status = resolve_dfspath(ctx, conn,
1969 req->flags2 & FLAGS2_DFS_PATHNAMES,
1972 if (!NT_STATUS_IS_OK(status)) {
1973 END_PROFILE(SMBcreate);
1974 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1975 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1976 ERRSRV, ERRbadpath);
1979 reply_nterror(req, status);
1983 status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
1984 if (!NT_STATUS_IS_OK(status)) {
1985 reply_nterror(req, status);
1986 END_PROFILE(SMBcreate);
1990 status = check_name(conn, fname);
1991 if (!NT_STATUS_IS_OK(status)) {
1992 reply_nterror(req, status);
1993 END_PROFILE(SMBcreate);
1997 if (fattr & aVOLID) {
1998 DEBUG(0,("Attempt to create file (%s) with volid set - "
1999 "please report this\n", fname));
2002 if(com == SMBmknew) {
2003 /* We should fail if file exists. */
2004 create_disposition = FILE_CREATE;
2006 /* Create if file doesn't exist, truncate if it does. */
2007 create_disposition = FILE_OVERWRITE_IF;
2010 /* Open file using ntcreate. */
2011 status = open_file_ntcreate(conn, req, fname, &sbuf,
2020 if (!NT_STATUS_IS_OK(status)) {
2021 END_PROFILE(SMBcreate);
2022 if (open_was_deferred(req->mid)) {
2023 /* We have re-scheduled this call. */
2026 reply_nterror(req, status);
2030 ts[0] = get_atimespec(&sbuf); /* atime. */
2031 file_ntimes(conn, fname, ts);
2033 reply_outbuf(req, 1, 0);
2034 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2036 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2037 SCVAL(req->outbuf,smb_flg,
2038 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2041 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2042 SCVAL(req->outbuf,smb_flg,
2043 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2046 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
2047 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2048 fname, fsp->fh->fd, (unsigned int)fattr ) );
2050 END_PROFILE(SMBcreate);
2054 /****************************************************************************
2055 Reply to a create temporary file.
2056 ****************************************************************************/
2058 void reply_ctemp(connection_struct *conn, struct smb_request *req)
2065 SMB_STRUCT_STAT sbuf;
2068 TALLOC_CTX *ctx = talloc_tos();
2070 START_PROFILE(SMBctemp);
2073 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2074 END_PROFILE(SMBctemp);
2078 fattr = SVAL(req->inbuf,smb_vwv0);
2079 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2081 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2082 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2084 if (!NT_STATUS_IS_OK(status)) {
2085 reply_nterror(req, status);
2086 END_PROFILE(SMBctemp);
2090 fname = talloc_asprintf(ctx,
2094 fname = talloc_strdup(ctx, "TMXXXXXX");
2098 reply_nterror(req, NT_STATUS_NO_MEMORY);
2099 END_PROFILE(SMBctemp);
2103 status = resolve_dfspath(ctx, conn,
2104 req->flags2 & FLAGS2_DFS_PATHNAMES,
2107 if (!NT_STATUS_IS_OK(status)) {
2108 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2109 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2110 ERRSRV, ERRbadpath);
2111 END_PROFILE(SMBctemp);
2114 reply_nterror(req, status);
2115 END_PROFILE(SMBctemp);
2119 status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
2120 if (!NT_STATUS_IS_OK(status)) {
2121 reply_nterror(req, status);
2122 END_PROFILE(SMBctemp);
2126 status = check_name(conn, CONST_DISCARD(char *,fname));
2127 if (!NT_STATUS_IS_OK(status)) {
2128 reply_nterror(req, status);
2129 END_PROFILE(SMBctemp);
2133 tmpfd = smb_mkstemp(fname);
2135 reply_unixerror(req, ERRDOS, ERRnoaccess);
2136 END_PROFILE(SMBctemp);
2140 SMB_VFS_STAT(conn,fname,&sbuf);
2142 /* We should fail if file does not exist. */
2143 status = open_file_ntcreate(conn, req, fname, &sbuf,
2144 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2145 FILE_SHARE_READ|FILE_SHARE_WRITE,
2152 /* close fd from smb_mkstemp() */
2155 if (!NT_STATUS_IS_OK(status)) {
2156 if (open_was_deferred(req->mid)) {
2157 /* We have re-scheduled this call. */
2158 END_PROFILE(SMBctemp);
2161 reply_openerror(req, status);
2162 END_PROFILE(SMBctemp);
2166 reply_outbuf(req, 1, 0);
2167 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2169 /* the returned filename is relative to the directory */
2170 s = strrchr_m(fname, '/');
2178 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2179 thing in the byte section. JRA */
2180 SSVALS(p, 0, -1); /* what is this? not in spec */
2182 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2184 reply_nterror(req, NT_STATUS_NO_MEMORY);
2185 END_PROFILE(SMBctemp);
2189 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2190 SCVAL(req->outbuf, smb_flg,
2191 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2194 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2195 SCVAL(req->outbuf, smb_flg,
2196 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2199 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2200 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2201 (unsigned int)sbuf.st_mode ) );
2203 END_PROFILE(SMBctemp);
2207 /*******************************************************************
2208 Check if a user is allowed to rename a file.
2209 ********************************************************************/
2211 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2212 uint16 dirtype, SMB_STRUCT_STAT *pst)
2216 if (!CAN_WRITE(conn)) {
2217 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2220 fmode = dos_mode(conn, fsp->fsp_name, pst);
2221 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2222 return NT_STATUS_NO_SUCH_FILE;
2225 if (S_ISDIR(pst->st_mode)) {
2226 return NT_STATUS_OK;
2229 if (fsp->access_mask & DELETE_ACCESS) {
2230 return NT_STATUS_OK;
2233 return NT_STATUS_ACCESS_DENIED;
2236 /*******************************************************************
2237 * unlink a file with all relevant access checks
2238 *******************************************************************/
2240 static NTSTATUS do_unlink(connection_struct *conn, struct smb_request *req,
2241 char *fname, uint32 dirtype)
2243 SMB_STRUCT_STAT sbuf;
2246 uint32 dirtype_orig = dirtype;
2249 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2251 if (!CAN_WRITE(conn)) {
2252 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2255 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2256 return map_nt_error_from_unix(errno);
2259 fattr = dos_mode(conn,fname,&sbuf);
2261 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2262 dirtype = aDIR|aARCH|aRONLY;
2265 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2267 return NT_STATUS_NO_SUCH_FILE;
2270 if (!dir_check_ftype(conn, fattr, dirtype)) {
2272 return NT_STATUS_FILE_IS_A_DIRECTORY;
2274 return NT_STATUS_NO_SUCH_FILE;
2277 if (dirtype_orig & 0x8000) {
2278 /* These will never be set for POSIX. */
2279 return NT_STATUS_NO_SUCH_FILE;
2283 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2284 return NT_STATUS_FILE_IS_A_DIRECTORY;
2287 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2288 return NT_STATUS_NO_SUCH_FILE;
2291 if (dirtype & 0xFF00) {
2292 /* These will never be set for POSIX. */
2293 return NT_STATUS_NO_SUCH_FILE;
2298 return NT_STATUS_NO_SUCH_FILE;
2301 /* Can't delete a directory. */
2303 return NT_STATUS_FILE_IS_A_DIRECTORY;
2308 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2309 return NT_STATUS_OBJECT_NAME_INVALID;
2310 #endif /* JRATEST */
2312 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2314 On a Windows share, a file with read-only dosmode can be opened with
2315 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2316 fails with NT_STATUS_CANNOT_DELETE error.
2318 This semantic causes a problem that a user can not
2319 rename a file with read-only dosmode on a Samba share
2320 from a Windows command prompt (i.e. cmd.exe, but can rename
2321 from Windows Explorer).
2324 if (!lp_delete_readonly(SNUM(conn))) {
2325 if (fattr & aRONLY) {
2326 return NT_STATUS_CANNOT_DELETE;
2330 /* On open checks the open itself will check the share mode, so
2331 don't do it here as we'll get it wrong. */
2333 status = open_file_ntcreate(conn, req, fname, &sbuf,
2338 FILE_ATTRIBUTE_NORMAL,
2339 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2342 if (!NT_STATUS_IS_OK(status)) {
2343 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2344 nt_errstr(status)));
2348 /* The set is across all open files on this dev/inode pair. */
2349 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2350 close_file(fsp, NORMAL_CLOSE);
2351 return NT_STATUS_ACCESS_DENIED;
2354 return close_file(fsp,NORMAL_CLOSE);
2357 /****************************************************************************
2358 The guts of the unlink command, split out so it may be called by the NT SMB
2360 ****************************************************************************/
2362 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2363 uint32 dirtype, const char *name_in, BOOL has_wild)
2370 NTSTATUS status = NT_STATUS_OK;
2371 SMB_STRUCT_STAT sbuf;
2373 *directory = *mask = 0;
2375 status = unix_convert(conn, name_in, has_wild, &name, NULL, &sbuf);
2376 if (!NT_STATUS_IS_OK(status)) {
2380 p = strrchr_m(name,'/');
2382 pstrcpy(directory,".");
2386 pstrcpy(directory,name);
2391 * We should only check the mangled cache
2392 * here if unix_convert failed. This means
2393 * that the path in 'mask' doesn't exist
2394 * on the file system and so we need to look
2395 * for a possible mangle. This patch from
2396 * Tine Smukavec <valentin.smukavec@hermes.si>.
2399 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2400 char *new_mask = NULL;
2401 mangle_lookup_name_from_8_3(talloc_tos(),
2406 pstrcpy(mask, new_mask);
2411 pstrcat(directory,"/");
2412 pstrcat(directory,mask);
2414 dirtype = FILE_ATTRIBUTE_NORMAL;
2417 status = check_name(conn, directory);
2418 if (!NT_STATUS_IS_OK(status)) {
2422 status = do_unlink(conn, req, directory, dirtype);
2423 if (!NT_STATUS_IS_OK(status)) {
2429 struct smb_Dir *dir_hnd = NULL;
2433 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2434 return NT_STATUS_OBJECT_NAME_INVALID;
2437 if (strequal(mask,"????????.???")) {
2441 status = check_name(conn, directory);
2442 if (!NT_STATUS_IS_OK(status)) {
2446 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2447 if (dir_hnd == NULL) {
2448 return map_nt_error_from_unix(errno);
2451 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2452 the pattern matches against the long name, otherwise the short name
2453 We don't implement this yet XXXX
2456 status = NT_STATUS_NO_SUCH_FILE;
2458 while ((dname = ReadDirName(dir_hnd, &offset))) {
2461 pstrcpy(fname,dname);
2463 if (!is_visible_file(conn, directory, dname, &st, True)) {
2467 /* Quick check for "." and ".." */
2468 if (fname[0] == '.') {
2469 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2474 if(!mask_match(fname, mask, conn->case_sensitive)) {
2478 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2480 status = check_name(conn, fname);
2481 if (!NT_STATUS_IS_OK(status)) {
2486 status = do_unlink(conn, req, fname, dirtype);
2487 if (!NT_STATUS_IS_OK(status)) {
2492 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2498 if (count == 0 && NT_STATUS_IS_OK(status)) {
2499 status = map_nt_error_from_unix(errno);
2505 /****************************************************************************
2507 ****************************************************************************/
2509 void reply_unlink(connection_struct *conn, struct smb_request *req)
2514 BOOL path_contains_wcard = False;
2515 TALLOC_CTX *ctx = talloc_tos();
2517 START_PROFILE(SMBunlink);
2520 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2521 END_PROFILE(SMBunlink);
2525 dirtype = SVAL(req->inbuf,smb_vwv0);
2527 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2528 smb_buf(req->inbuf) + 1, 0,
2529 STR_TERMINATE, &status, &path_contains_wcard);
2530 if (!NT_STATUS_IS_OK(status)) {
2531 reply_nterror(req, status);
2532 END_PROFILE(SMBunlink);
2536 status = resolve_dfspath_wcard(ctx, conn,
2537 req->flags2 & FLAGS2_DFS_PATHNAMES,
2540 &path_contains_wcard);
2541 if (!NT_STATUS_IS_OK(status)) {
2542 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2543 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2544 ERRSRV, ERRbadpath);
2545 END_PROFILE(SMBunlink);
2548 reply_nterror(req, status);
2549 END_PROFILE(SMBunlink);
2553 DEBUG(3,("reply_unlink : %s\n",name));
2555 status = unlink_internals(conn, req, dirtype, name,
2556 path_contains_wcard);
2557 if (!NT_STATUS_IS_OK(status)) {
2558 if (open_was_deferred(req->mid)) {
2559 /* We have re-scheduled this call. */
2560 END_PROFILE(SMBunlink);
2563 reply_nterror(req, status);
2564 END_PROFILE(SMBunlink);
2568 reply_outbuf(req, 0, 0);
2569 END_PROFILE(SMBunlink);
2574 /****************************************************************************
2576 ****************************************************************************/
2578 static void fail_readraw(void)
2581 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2583 exit_server_cleanly(errstr);
2586 /****************************************************************************
2587 Fake (read/write) sendfile. Returns -1 on read or write fail.
2588 ****************************************************************************/
2590 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2594 size_t tosend = nread;
2601 bufsize = MIN(nread, 65536);
2603 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2607 while (tosend > 0) {
2611 if (tosend > bufsize) {
2616 ret = read_file(fsp,buf,startpos,cur_read);
2622 /* If we had a short read, fill with zeros. */
2623 if (ret < cur_read) {
2624 memset(buf, '\0', cur_read - ret);
2627 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2632 startpos += cur_read;
2636 return (ssize_t)nread;
2639 /****************************************************************************
2640 Return a readbraw error (4 bytes of zero).
2641 ****************************************************************************/
2643 static void reply_readbraw_error(void)
2647 if (write_data(smbd_server_fd(),header,4) != 4) {
2652 /****************************************************************************
2653 Use sendfile in readbraw.
2654 ****************************************************************************/
2656 void send_file_readbraw(connection_struct *conn,
2662 char *outbuf = NULL;
2665 #if defined(WITH_SENDFILE)
2667 * We can only use sendfile on a non-chained packet
2668 * but we can use on a non-oplocked file. tridge proved this
2669 * on a train in Germany :-). JRA.
2670 * reply_readbraw has already checked the length.
2673 if ( (chain_size == 0) && (nread > 0) &&
2674 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2676 DATA_BLOB header_blob;
2678 _smb_setlen(header,nread);
2679 header_blob = data_blob_const(header, 4);
2681 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd,
2682 &header_blob, startpos, nread) == -1) {
2683 /* Returning ENOSYS means no data at all was sent.
2684 * Do this as a normal read. */
2685 if (errno == ENOSYS) {
2686 goto normal_readbraw;
2690 * Special hack for broken Linux with no working sendfile. If we
2691 * return EINTR we sent the header but not the rest of the data.
2692 * Fake this up by doing read/write calls.
2694 if (errno == EINTR) {
2695 /* Ensure we don't do this again. */
2696 set_use_sendfile(SNUM(conn), False);
2697 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2699 if (fake_sendfile(fsp, startpos, nread) == -1) {
2700 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2701 fsp->fsp_name, strerror(errno) ));
2702 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2707 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2708 fsp->fsp_name, strerror(errno) ));
2709 exit_server_cleanly("send_file_readbraw sendfile failed");
2718 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2720 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2721 (unsigned)(nread+4)));
2722 reply_readbraw_error();
2727 ret = read_file(fsp,outbuf+4,startpos,nread);
2728 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2737 _smb_setlen(outbuf,ret);
2738 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2741 TALLOC_FREE(outbuf);
2744 /****************************************************************************
2745 Reply to a readbraw (core+ protocol).
2746 ****************************************************************************/
2748 void reply_readbraw(connection_struct *conn, struct smb_request *req)
2750 ssize_t maxcount,mincount;
2757 START_PROFILE(SMBreadbraw);
2759 if (srv_is_signing_active()) {
2760 exit_server_cleanly("reply_readbraw: SMB signing is active - "
2761 "raw reads/writes are disallowed.");
2765 reply_readbraw_error();
2766 END_PROFILE(SMBreadbraw);
2771 * Special check if an oplock break has been issued
2772 * and the readraw request croses on the wire, we must
2773 * return a zero length response here.
2776 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2779 * We have to do a check_fsp by hand here, as
2780 * we must always return 4 zero bytes on error,
2784 if (!fsp || !conn || conn != fsp->conn ||
2785 current_user.vuid != fsp->vuid ||
2786 fsp->is_directory || fsp->fh->fd == -1) {
2788 * fsp could be NULL here so use the value from the packet. JRA.
2790 DEBUG(3,("reply_readbraw: fnum %d not valid "
2792 (int)SVAL(req->inbuf,smb_vwv0)));
2793 reply_readbraw_error();
2794 END_PROFILE(SMBreadbraw);
2798 /* Do a "by hand" version of CHECK_READ. */
2799 if (!(fsp->can_read ||
2800 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2801 (fsp->access_mask & FILE_EXECUTE)))) {
2802 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2803 (int)SVAL(req->inbuf,smb_vwv0)));
2804 reply_readbraw_error();
2805 END_PROFILE(SMBreadbraw);
2809 flush_write_cache(fsp, READRAW_FLUSH);
2811 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2812 if(req->wct == 10) {
2814 * This is a large offset (64 bit) read.
2816 #ifdef LARGE_SMB_OFF_T
2818 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2820 #else /* !LARGE_SMB_OFF_T */
2823 * Ensure we haven't been sent a >32 bit offset.
2826 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2827 DEBUG(0,("reply_readbraw: large offset "
2828 "(%x << 32) used and we don't support "
2829 "64 bit offsets.\n",
2830 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2831 reply_readbraw_error();
2832 END_PROFILE(SMBreadbraw);
2836 #endif /* LARGE_SMB_OFF_T */
2839 DEBUG(0,("reply_readbraw: negative 64 bit "
2840 "readraw offset (%.0f) !\n",
2841 (double)startpos ));
2842 reply_readbraw_error();
2843 END_PROFILE(SMBreadbraw);
2848 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2849 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2851 /* ensure we don't overrun the packet size */
2852 maxcount = MIN(65535,maxcount);
2854 if (is_locked(fsp,(uint32)req->smbpid,
2855 (SMB_BIG_UINT)maxcount,
2856 (SMB_BIG_UINT)startpos,
2858 reply_readbraw_error();
2859 END_PROFILE(SMBreadbraw);
2863 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2867 if (startpos >= size) {
2870 nread = MIN(maxcount,(size - startpos));
2873 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2874 if (nread < mincount)
2878 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2879 "min=%lu nread=%lu\n",
2880 fsp->fnum, (double)startpos,
2881 (unsigned long)maxcount,
2882 (unsigned long)mincount,
2883 (unsigned long)nread ) );
2885 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2887 DEBUG(5,("reply_readbraw finished\n"));
2888 END_PROFILE(SMBreadbraw);
2892 #define DBGC_CLASS DBGC_LOCKING
2894 /****************************************************************************
2895 Reply to a lockread (core+ protocol).
2896 ****************************************************************************/
2898 void reply_lockread(connection_struct *conn, struct smb_request *req)
2906 struct byte_range_lock *br_lck = NULL;
2909 START_PROFILE(SMBlockread);
2912 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2913 END_PROFILE(SMBlockread);
2917 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2919 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2920 END_PROFILE(SMBlockread);
2924 if (!CHECK_READ(fsp,req->inbuf)) {
2925 reply_doserror(req, ERRDOS, ERRbadaccess);
2926 END_PROFILE(SMBlockread);
2930 release_level_2_oplocks_on_change(fsp);
2932 numtoread = SVAL(req->inbuf,smb_vwv1);
2933 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2935 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2937 reply_outbuf(req, 5, numtoread + 3);
2939 data = smb_buf(req->outbuf) + 3;
2942 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2943 * protocol request that predates the read/write lock concept.
2944 * Thus instead of asking for a read lock here we need to ask
2945 * for a write lock. JRA.
2946 * Note that the requested lock size is unaffected by max_recv.
2949 br_lck = do_lock(smbd_messaging_context(),
2952 (SMB_BIG_UINT)numtoread,
2953 (SMB_BIG_UINT)startpos,
2956 False, /* Non-blocking lock. */
2959 TALLOC_FREE(br_lck);
2961 if (NT_STATUS_V(status)) {
2962 reply_nterror(req, status);
2963 END_PROFILE(SMBlockread);
2968 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2971 if (numtoread > max_recv) {
2972 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2973 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2974 (unsigned int)numtoread, (unsigned int)max_recv ));
2975 numtoread = MIN(numtoread,max_recv);
2977 nread = read_file(fsp,data,startpos,numtoread);
2980 reply_unixerror(req, ERRDOS, ERRnoaccess);
2981 END_PROFILE(SMBlockread);
2985 set_message(NULL, (char *)req->outbuf, 5, nread+3, False);
2987 SSVAL(req->outbuf,smb_vwv0,nread);
2988 SSVAL(req->outbuf,smb_vwv5,nread+3);
2989 p = smb_buf(req->outbuf);
2990 SCVAL(p,0,0); /* pad byte. */
2993 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2994 fsp->fnum, (int)numtoread, (int)nread));
2996 END_PROFILE(SMBlockread);
3001 #define DBGC_CLASS DBGC_ALL
3003 /****************************************************************************
3005 ****************************************************************************/
3007 void reply_read(connection_struct *conn, struct smb_request *req)
3016 START_PROFILE(SMBread);
3019 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3020 END_PROFILE(SMBread);
3024 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3026 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3027 END_PROFILE(SMBread);
3031 if (!CHECK_READ(fsp,req->inbuf)) {
3032 reply_doserror(req, ERRDOS, ERRbadaccess);
3033 END_PROFILE(SMBread);
3037 numtoread = SVAL(req->inbuf,smb_vwv1);
3038 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3040 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3043 * The requested read size cannot be greater than max_recv. JRA.
3045 if (numtoread > max_recv) {
3046 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3047 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3048 (unsigned int)numtoread, (unsigned int)max_recv ));
3049 numtoread = MIN(numtoread,max_recv);
3052 reply_outbuf(req, 5, numtoread+3);
3054 data = smb_buf(req->outbuf) + 3;
3056 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3057 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3058 reply_doserror(req, ERRDOS,ERRlock);
3059 END_PROFILE(SMBread);
3064 nread = read_file(fsp,data,startpos,numtoread);
3067 reply_unixerror(req, ERRDOS,ERRnoaccess);
3068 END_PROFILE(SMBread);
3072 set_message(NULL, (char *)req->outbuf, 5, nread+3, False);
3074 SSVAL(req->outbuf,smb_vwv0,nread);
3075 SSVAL(req->outbuf,smb_vwv5,nread+3);
3076 SCVAL(smb_buf(req->outbuf),0,1);
3077 SSVAL(smb_buf(req->outbuf),1,nread);
3079 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3080 fsp->fnum, (int)numtoread, (int)nread ) );
3082 END_PROFILE(SMBread);
3086 /****************************************************************************
3088 ****************************************************************************/
3090 static int setup_readX_header(const uint8 *inbuf, uint8 *outbuf,
3096 outsize = set_message((char *)inbuf, (char *)outbuf,12,smb_maxcnt,
3098 data = smb_buf(outbuf);
3100 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3101 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3102 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3103 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3104 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3105 SCVAL(outbuf,smb_vwv0,0xFF);
3106 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3107 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3111 /****************************************************************************
3112 Reply to a read and X - possibly using sendfile.
3113 ****************************************************************************/
3115 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3116 files_struct *fsp, SMB_OFF_T startpos,
3119 SMB_STRUCT_STAT sbuf;
3122 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3123 reply_unixerror(req, ERRDOS, ERRnoaccess);
3127 if (startpos > sbuf.st_size) {
3129 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3130 smb_maxcnt = (sbuf.st_size - startpos);
3133 if (smb_maxcnt == 0) {
3137 #if defined(WITH_SENDFILE)
3139 * We can only use sendfile on a non-chained packet
3140 * but we can use on a non-oplocked file. tridge proved this
3141 * on a train in Germany :-). JRA.
3144 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3145 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3146 uint8 headerbuf[smb_size + 12 * 2];
3150 * Set up the packet header before send. We
3151 * assume here the sendfile will work (get the
3152 * correct amount of data).
3155 header = data_blob_const(headerbuf, sizeof(headerbuf));
3157 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3158 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
3160 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
3161 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3162 if (errno == ENOSYS) {
3167 * Special hack for broken Linux with no working sendfile. If we
3168 * return EINTR we sent the header but not the rest of the data.
3169 * Fake this up by doing read/write calls.
3172 if (errno == EINTR) {
3173 /* Ensure we don't do this again. */
3174 set_use_sendfile(SNUM(conn), False);
3175 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3176 nread = fake_sendfile(fsp, startpos,
3179 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3180 fsp->fsp_name, strerror(errno) ));
3181 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3183 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3184 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3185 /* No outbuf here means successful sendfile. */
3186 TALLOC_FREE(req->outbuf);
3190 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3191 fsp->fsp_name, strerror(errno) ));
3192 exit_server_cleanly("send_file_readX sendfile failed");
3195 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3196 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3197 /* No outbuf here means successful sendfile. */
3198 TALLOC_FREE(req->outbuf);
3205 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3206 uint8 headerbuf[smb_size + 2*12];
3208 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3209 setup_readX_header(req->inbuf, headerbuf, smb_maxcnt);
3211 /* Send out the header. */
3212 if (write_data(smbd_server_fd(), (char *)headerbuf,
3213 sizeof(headerbuf)) != sizeof(headerbuf)) {
3214 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3215 fsp->fsp_name, strerror(errno) ));
3216 exit_server_cleanly("send_file_readX sendfile failed");
3218 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3220 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3221 fsp->fsp_name, strerror(errno) ));
3222 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3224 TALLOC_FREE(req->outbuf);
3227 reply_outbuf(req, 12, smb_maxcnt);
3229 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3232 reply_unixerror(req, ERRDOS, ERRnoaccess);
3236 setup_readX_header(req->inbuf, req->outbuf, nread);
3238 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3239 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3247 /****************************************************************************
3248 Reply to a read and X.
3249 ****************************************************************************/
3251 void reply_read_and_X(connection_struct *conn, struct smb_request *req)
3256 BOOL big_readX = False;
3258 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3261 START_PROFILE(SMBreadX);
3263 if ((req->wct != 10) && (req->wct != 12)) {
3264 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3268 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3269 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3270 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3272 /* If it's an IPC, pass off the pipe handler. */
3274 reply_pipe_read_and_X(req);
3275 END_PROFILE(SMBreadX);
3279 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3280 END_PROFILE(SMBreadX);
3284 if (!CHECK_READ(fsp,req->inbuf)) {
3285 reply_doserror(req, ERRDOS,ERRbadaccess);
3286 END_PROFILE(SMBreadX);
3290 if (global_client_caps & CAP_LARGE_READX) {
3291 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3292 smb_maxcnt |= (upper_size<<16);
3293 if (upper_size > 1) {
3294 /* Can't do this on a chained packet. */
3295 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3296 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3297 END_PROFILE(SMBreadX);
3300 /* We currently don't do this on signed or sealed data. */
3301 if (srv_is_signing_active() || srv_encryption_on()) {
3302 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3303 END_PROFILE(SMBreadX);
3306 /* Is there room in the reply for this data ? */
3307 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3309 NT_STATUS_INVALID_PARAMETER);
3310 END_PROFILE(SMBreadX);
3317 if (req->wct == 12) {
3318 #ifdef LARGE_SMB_OFF_T
3320 * This is a large offset (64 bit) read.
3322 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3324 #else /* !LARGE_SMB_OFF_T */
3327 * Ensure we haven't been sent a >32 bit offset.
3330 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3331 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3332 "used and we don't support 64 bit offsets.\n",
3333 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3334 END_PROFILE(SMBreadX);
3335 reply_doserror(req, ERRDOS, ERRbadaccess);
3339 #endif /* LARGE_SMB_OFF_T */
3343 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3344 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3345 END_PROFILE(SMBreadX);
3346 reply_doserror(req, ERRDOS, ERRlock);
3351 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3352 END_PROFILE(SMBreadX);
3356 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3358 END_PROFILE(SMBreadX);
3362 /****************************************************************************
3363 Error replies to writebraw must have smb_wct == 1. Fix this up.
3364 ****************************************************************************/
3366 void error_to_writebrawerr(struct smb_request *req)
3368 uint8 *old_outbuf = req->outbuf;
3370 reply_outbuf(req, 1, 0);
3372 memcpy(req->outbuf, old_outbuf, smb_size);
3373 TALLOC_FREE(old_outbuf);
3376 /****************************************************************************
3377 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3378 ****************************************************************************/
3380 void reply_writebraw(connection_struct *conn, struct smb_request *req)
3385 ssize_t total_written=0;
3386 size_t numtowrite=0;
3394 START_PROFILE(SMBwritebraw);
3397 * If we ever reply with an error, it must have the SMB command
3398 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3401 SCVAL(req->inbuf,smb_com,SMBwritec);
3403 if (srv_is_signing_active()) {
3404 END_PROFILE(SMBwritebraw);
3405 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3406 "raw reads/writes are disallowed.");
3409 if (req->wct < 12) {
3410 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3411 error_to_writebrawerr(req);
3412 END_PROFILE(SMBwritebraw);
3416 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3417 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3418 error_to_writebrawerr(req);
3419 END_PROFILE(SMBwritebraw);
3423 if (!CHECK_WRITE(fsp)) {
3424 reply_doserror(req, ERRDOS, ERRbadaccess);
3425 error_to_writebrawerr(req);
3426 END_PROFILE(SMBwritebraw);
3430 tcount = IVAL(req->inbuf,smb_vwv1);
3431 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3432 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3434 /* We have to deal with slightly different formats depending
3435 on whether we are using the core+ or lanman1.0 protocol */
3437 if(Protocol <= PROTOCOL_COREPLUS) {
3438 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3439 data = smb_buf(req->inbuf);
3441 numtowrite = SVAL(req->inbuf,smb_vwv10);
3442 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3445 /* Ensure we don't write bytes past the end of this packet. */
3446 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3447 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3448 error_to_writebrawerr(req);
3449 END_PROFILE(SMBwritebraw);
3453 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3454 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3455 reply_doserror(req, ERRDOS, ERRlock);
3456 error_to_writebrawerr(req);
3457 END_PROFILE(SMBwritebraw);
3462 nwritten = write_file(fsp,data,startpos,numtowrite);
3465 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3466 "wrote=%d sync=%d\n",
3467 fsp->fnum, (double)startpos, (int)numtowrite,
3468 (int)nwritten, (int)write_through));
3470 if (nwritten < (ssize_t)numtowrite) {
3471 reply_unixerror(req, ERRHRD, ERRdiskfull);
3472 error_to_writebrawerr(req);
3473 END_PROFILE(SMBwritebraw);
3477 total_written = nwritten;
3479 /* Allocate a buffer of 64k + length. */
3480 buf = TALLOC_ARRAY(NULL, char, 65540);
3482 reply_doserror(req, ERRDOS, ERRnomem);
3483 error_to_writebrawerr(req);
3484 END_PROFILE(SMBwritebraw);
3488 /* Return a SMBwritebraw message to the redirector to tell
3489 * it to send more bytes */
3491 memcpy(buf, req->inbuf, smb_size);
3492 outsize = set_message(NULL,buf,
3493 Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3494 SCVAL(buf,smb_com,SMBwritebraw);
3495 SSVALS(buf,smb_vwv0,0xFFFF);
3497 if (!send_smb(smbd_server_fd(),buf)) {
3498 exit_server_cleanly("reply_writebraw: send_smb "
3502 /* Now read the raw data into the buffer and write it */
3503 if (read_smb_length(smbd_server_fd(),buf,SMB_SECONDARY_WAIT) == -1) {
3504 exit_server_cleanly("secondary writebraw failed");
3508 * Even though this is not an smb message,
3509 * smb_len returns the generic length of a packet.
3512 numtowrite = smb_len(buf);
3514 /* Set up outbuf to return the correct size */
3515 reply_outbuf(req, 1, 0);
3517 if (numtowrite != 0) {
3519 if (numtowrite > 0xFFFF) {
3520 DEBUG(0,("reply_writebraw: Oversize secondary write "
3521 "raw requested (%u). Terminating\n",
3522 (unsigned int)numtowrite ));
3523 exit_server_cleanly("secondary writebraw failed");
3526 if (tcount > nwritten+numtowrite) {
3527 DEBUG(3,("reply_writebraw: Client overestimated the "
3529 (int)tcount,(int)nwritten,(int)numtowrite));
3532 if (read_data(smbd_server_fd(), buf+4, numtowrite)
3534 DEBUG(0,("reply_writebraw: Oversize secondary write "
3535 "raw read failed (%s). Terminating\n",
3537 exit_server_cleanly("secondary writebraw failed");
3540 nwritten = write_file(fsp,buf+4,startpos+nwritten,numtowrite);
3541 if (nwritten == -1) {
3543 reply_unixerror(req, ERRHRD, ERRdiskfull);
3544 error_to_writebrawerr(req);
3545 END_PROFILE(SMBwritebraw);
3549 if (nwritten < (ssize_t)numtowrite) {
3550 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3551 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3555 total_written += nwritten;
3560 SSVAL(req->outbuf,smb_vwv0,total_written);
3562 status = sync_file(conn, fsp, write_through);
3563 if (!NT_STATUS_IS_OK(status)) {
3564 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3565 fsp->fsp_name, nt_errstr(status) ));
3566 reply_nterror(req, status);
3567 error_to_writebrawerr(req);
3568 END_PROFILE(SMBwritebraw);
3572 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3574 fsp->fnum, (double)startpos, (int)numtowrite,
3575 (int)total_written));
3577 /* We won't return a status if write through is not selected - this
3578 * follows what WfWg does */
3579 END_PROFILE(SMBwritebraw);
3581 if (!write_through && total_written==tcount) {
3583 #if RABBIT_PELLET_FIX
3585 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3586 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3589 if (!send_keepalive(smbd_server_fd())) {
3590 exit_server_cleanly("reply_writebraw: send of "
3591 "keepalive failed");
3594 TALLOC_FREE(req->outbuf);
3600 #define DBGC_CLASS DBGC_LOCKING
3602 /****************************************************************************
3603 Reply to a writeunlock (core+).
3604 ****************************************************************************/
3606 void reply_writeunlock(connection_struct *conn, struct smb_request *req)
3608 ssize_t nwritten = -1;
3612 NTSTATUS status = NT_STATUS_OK;
3615 START_PROFILE(SMBwriteunlock);
3618 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3619 END_PROFILE(SMBwriteunlock);
3623 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3625 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3626 END_PROFILE(SMBwriteunlock);
3630 if (!CHECK_WRITE(fsp)) {
3631 reply_doserror(req, ERRDOS,ERRbadaccess);
3632 END_PROFILE(SMBwriteunlock);
3636 numtowrite = SVAL(req->inbuf,smb_vwv1);
3637 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3638 data = smb_buf(req->inbuf) + 3;
3641 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3642 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3643 reply_doserror(req, ERRDOS, ERRlock);
3644 END_PROFILE(SMBwriteunlock);
3648 /* The special X/Open SMB protocol handling of
3649 zero length writes is *NOT* done for
3651 if(numtowrite == 0) {
3654 nwritten = write_file(fsp,data,startpos,numtowrite);
3657 status = sync_file(conn, fsp, False /* write through */);
3658 if (!NT_STATUS_IS_OK(status)) {
3659 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3660 fsp->fsp_name, nt_errstr(status) ));
3661 reply_nterror(req, status);
3662 END_PROFILE(SMBwriteunlock);
3666 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3667 reply_unixerror(req, ERRHRD, ERRdiskfull);
3668 END_PROFILE(SMBwriteunlock);
3673 status = do_unlock(smbd_messaging_context(),
3676 (SMB_BIG_UINT)numtowrite,
3677 (SMB_BIG_UINT)startpos,
3680 if (NT_STATUS_V(status)) {
3681 reply_nterror(req, status);
3682 END_PROFILE(SMBwriteunlock);
3687 reply_outbuf(req, 1, 0);
3689 SSVAL(req->outbuf,smb_vwv0,nwritten);
3691 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3692 fsp->fnum, (int)numtowrite, (int)nwritten));
3694 END_PROFILE(SMBwriteunlock);
3699 #define DBGC_CLASS DBGC_ALL
3701 /****************************************************************************
3703 ****************************************************************************/
3705 void reply_write(connection_struct *conn, struct smb_request *req)
3708 ssize_t nwritten = -1;
3714 START_PROFILE(SMBwrite);
3717 END_PROFILE(SMBwrite);
3718 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3722 /* If it's an IPC, pass off the pipe handler. */
3724 reply_pipe_write(req);
3725 END_PROFILE(SMBwrite);
3729 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3731 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3732 END_PROFILE(SMBwrite);
3736 if (!CHECK_WRITE(fsp)) {
3737 reply_doserror(req, ERRDOS, ERRbadaccess);
3738 END_PROFILE(SMBwrite);
3742 numtowrite = SVAL(req->inbuf,smb_vwv1);
3743 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3744 data = smb_buf(req->inbuf) + 3;
3746 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3747 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3748 reply_doserror(req, ERRDOS, ERRlock);
3749 END_PROFILE(SMBwrite);
3754 * X/Open SMB protocol says that if smb_vwv1 is
3755 * zero then the file size should be extended or
3756 * truncated to the size given in smb_vwv[2-3].
3759 if(numtowrite == 0) {
3761 * This is actually an allocate call, and set EOF. JRA.
3763 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3765 reply_nterror(req, NT_STATUS_DISK_FULL);
3766 END_PROFILE(SMBwrite);
3769 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3771 reply_nterror(req, NT_STATUS_DISK_FULL);
3772 END_PROFILE(SMBwrite);
3776 nwritten = write_file(fsp,data,startpos,numtowrite);
3778 status = sync_file(conn, fsp, False);
3779 if (!NT_STATUS_IS_OK(status)) {
3780 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3781 fsp->fsp_name, nt_errstr(status) ));
3782 reply_nterror(req, status);
3783 END_PROFILE(SMBwrite);
3787 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3788 reply_unixerror(req, ERRHRD, ERRdiskfull);
3789 END_PROFILE(SMBwrite);
3793 reply_outbuf(req, 1, 0);
3795 SSVAL(req->outbuf,smb_vwv0,nwritten);
3797 if (nwritten < (ssize_t)numtowrite) {
3798 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3799 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3802 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3804 END_PROFILE(SMBwrite);
3808 /****************************************************************************
3809 Reply to a write and X.
3810 ****************************************************************************/
3812 void reply_write_and_X(connection_struct *conn, struct smb_request *req)
3819 unsigned int smb_doff;
3820 unsigned int smblen;
3825 START_PROFILE(SMBwriteX);
3827 if ((req->wct != 12) && (req->wct != 14)) {
3828 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3829 END_PROFILE(SMBwriteX);
3833 numtowrite = SVAL(req->inbuf,smb_vwv10);
3834 smb_doff = SVAL(req->inbuf,smb_vwv11);
3835 smblen = smb_len(req->inbuf);
3836 large_writeX = ((req->wct == 14) && (smblen > 0xFFFF));
3838 /* Deal with possible LARGE_WRITEX */
3840 numtowrite |= ((((size_t)SVAL(req->inbuf,smb_vwv9)) & 1 )<<16);
3843 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3844 reply_doserror(req, ERRDOS, ERRbadmem);
3845 END_PROFILE(SMBwriteX);
3849 /* If it's an IPC, pass off the pipe handler. */
3851 reply_pipe_write_and_X(req);
3852 END_PROFILE(SMBwriteX);
3856 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3857 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3858 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3860 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3861 END_PROFILE(SMBwriteX);
3865 if (!CHECK_WRITE(fsp)) {
3866 reply_doserror(req, ERRDOS, ERRbadaccess);
3867 END_PROFILE(SMBwriteX);
3871 data = smb_base(req->inbuf) + smb_doff;
3873 if(req->wct == 14) {
3874 #ifdef LARGE_SMB_OFF_T
3876 * This is a large offset (64 bit) write.
3878 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3880 #else /* !LARGE_SMB_OFF_T */
3883 * Ensure we haven't been sent a >32 bit offset.
3886 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3887 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3888 "used and we don't support 64 bit offsets.\n",
3889 (unsigned int)IVAL(inbuf,smb_vwv12) ));
3890 reply_doserror(req, ERRDOS, ERRbadaccess);
3891 END_PROFILE(SMBwriteX);
3895 #endif /* LARGE_SMB_OFF_T */
3898 if (is_locked(fsp,(uint32)req->smbpid,
3899 (SMB_BIG_UINT)numtowrite,
3900 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3901 reply_doserror(req, ERRDOS, ERRlock);
3902 END_PROFILE(SMBwriteX);
3906 /* X/Open SMB protocol says that, unlike SMBwrite
3907 if the length is zero then NO truncation is
3908 done, just a write of zero. To truncate a file,
3911 if(numtowrite == 0) {
3915 if (schedule_aio_write_and_X(conn, req, fsp, data, startpos,
3917 END_PROFILE(SMBwriteX);
3921 nwritten = write_file(fsp,data,startpos,numtowrite);
3924 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3925 reply_unixerror(req, ERRHRD, ERRdiskfull);
3926 END_PROFILE(SMBwriteX);
3930 reply_outbuf(req, 6, 0);
3931 SSVAL(req->outbuf,smb_vwv2,nwritten);
3933 SSVAL(req->outbuf,smb_vwv4,(nwritten>>16)&1);
3935 if (nwritten < (ssize_t)numtowrite) {
3936 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3937 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3940 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3941 fsp->fnum, (int)numtowrite, (int)nwritten));
3943 status = sync_file(conn, fsp, write_through);
3944 if (!NT_STATUS_IS_OK(status)) {
3945 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
3946 fsp->fsp_name, nt_errstr(status) ));
3947 reply_nterror(req, status);
3948 END_PROFILE(SMBwriteX);
3952 END_PROFILE(SMBwriteX);
3957 /****************************************************************************
3959 ****************************************************************************/
3961 void reply_lseek(connection_struct *conn, struct smb_request *req)
3968 START_PROFILE(SMBlseek);
3971 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3972 END_PROFILE(SMBlseek);
3976 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3978 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3982 flush_write_cache(fsp, SEEK_FLUSH);
3984 mode = SVAL(req->inbuf,smb_vwv1) & 3;
3985 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3986 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
3995 res = fsp->fh->pos + startpos;
4006 if (umode == SEEK_END) {
4007 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
4008 if(errno == EINVAL) {
4009 SMB_OFF_T current_pos = startpos;
4010 SMB_STRUCT_STAT sbuf;
4012 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
4013 reply_unixerror(req, ERRDOS,
4015 END_PROFILE(SMBlseek);
4019 current_pos += sbuf.st_size;
4021 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
4026 reply_unixerror(req, ERRDOS, ERRnoaccess);
4027 END_PROFILE(SMBlseek);
4034 reply_outbuf(req, 2, 0);
4035 SIVAL(req->outbuf,smb_vwv0,res);
4037 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4038 fsp->fnum, (double)startpos, (double)res, mode));
4040 END_PROFILE(SMBlseek);
4044 /****************************************************************************
4046 ****************************************************************************/
4048 void reply_flush(connection_struct *conn, struct smb_request *req)
4053 START_PROFILE(SMBflush);
4056 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4060 fnum = SVAL(req->inbuf,smb_vwv0);
4061 fsp = file_fsp(fnum);
4063 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
4068 file_sync_all(conn);
4070 NTSTATUS status = sync_file(conn, fsp, True);
4071 if (!NT_STATUS_IS_OK(status)) {
4072 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4073 fsp->fsp_name, nt_errstr(status) ));
4074 reply_nterror(req, status);
4075 END_PROFILE(SMBflush);
4080 reply_outbuf(req, 0, 0);
4082 DEBUG(3,("flush\n"));
4083 END_PROFILE(SMBflush);
4087 /****************************************************************************
4089 conn POINTER CAN BE NULL HERE !
4090 ****************************************************************************/
4092 void reply_exit(connection_struct *conn, struct smb_request *req)
4094 START_PROFILE(SMBexit);
4096 file_close_pid(req->smbpid, req->vuid);
4098 reply_outbuf(req, 0, 0);
4100 DEBUG(3,("exit\n"));
4102 END_PROFILE(SMBexit);
4106 /****************************************************************************
4107 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4108 ****************************************************************************/
4110 void reply_close(connection_struct *conn, struct smb_request *req)
4112 NTSTATUS status = NT_STATUS_OK;
4113 files_struct *fsp = NULL;
4114 START_PROFILE(SMBclose);
4117 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4118 END_PROFILE(SMBclose);
4122 /* If it's an IPC, pass off to the pipe handler. */
4124 reply_pipe_close(conn, req);
4125 END_PROFILE(SMBclose);
4129 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4132 * We can only use CHECK_FSP if we know it's not a directory.
4135 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4136 reply_doserror(req, ERRDOS, ERRbadfid);
4137 END_PROFILE(SMBclose);
4141 if(fsp->is_directory) {
4143 * Special case - close NT SMB directory handle.
4145 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4146 status = close_file(fsp,NORMAL_CLOSE);
4149 * Close ordinary file.
4152 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4153 fsp->fh->fd, fsp->fnum,
4154 conn->num_files_open));
4157 * Take care of any time sent in the close.
4160 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
4161 srv_make_unix_date3(
4162 req->inbuf+smb_vwv1)));
4165 * close_file() returns the unix errno if an error
4166 * was detected on close - normally this is due to
4167 * a disk full error. If not then it was probably an I/O error.
4170 status = close_file(fsp,NORMAL_CLOSE);
4173 if (!NT_STATUS_IS_OK(status)) {
4174 reply_nterror(req, status);
4175 END_PROFILE(SMBclose);
4179 reply_outbuf(req, 0, 0);
4180 END_PROFILE(SMBclose);
4184 /****************************************************************************
4185 Reply to a writeclose (Core+ protocol).
4186 ****************************************************************************/
4188 void reply_writeclose(connection_struct *conn, struct smb_request *req)
4191 ssize_t nwritten = -1;
4192 NTSTATUS close_status = NT_STATUS_OK;
4195 struct timespec mtime;
4198 START_PROFILE(SMBwriteclose);
4201 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4202 END_PROFILE(SMBwriteclose);
4206 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4208 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4209 END_PROFILE(SMBwriteclose);
4212 if (!CHECK_WRITE(fsp)) {
4213 reply_doserror(req, ERRDOS,ERRbadaccess);
4214 END_PROFILE(SMBwriteclose);
4218 numtowrite = SVAL(req->inbuf,smb_vwv1);
4219 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4220 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4221 req->inbuf+smb_vwv4));
4222 data = smb_buf(req->inbuf) + 1;
4225 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4226 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4227 reply_doserror(req, ERRDOS,ERRlock);
4228 END_PROFILE(SMBwriteclose);
4232 nwritten = write_file(fsp,data,startpos,numtowrite);
4234 set_filetime(conn, fsp->fsp_name, mtime);
4237 * More insanity. W2K only closes the file if writelen > 0.
4242 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4244 close_status = close_file(fsp,NORMAL_CLOSE);
4247 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4248 fsp->fnum, (int)numtowrite, (int)nwritten,
4249 conn->num_files_open));
4251 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4252 reply_doserror(req, ERRHRD, ERRdiskfull);
4253 END_PROFILE(SMBwriteclose);
4257 if(!NT_STATUS_IS_OK(close_status)) {
4258 reply_nterror(req, close_status);
4259 END_PROFILE(SMBwriteclose);
4263 reply_outbuf(req, 1, 0);
4265 SSVAL(req->outbuf,smb_vwv0,nwritten);
4266 END_PROFILE(SMBwriteclose);
4271 #define DBGC_CLASS DBGC_LOCKING
4273 /****************************************************************************
4275 ****************************************************************************/
4277 void reply_lock(connection_struct *conn, struct smb_request *req)
4279 SMB_BIG_UINT count,offset;
4282 struct byte_range_lock *br_lck = NULL;
4284 START_PROFILE(SMBlock);
4287 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4288 END_PROFILE(SMBlock);
4292 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4294 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4295 END_PROFILE(SMBlock);
4299 release_level_2_oplocks_on_change(fsp);
4301 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4302 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4304 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4305 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4307 br_lck = do_lock(smbd_messaging_context(),
4314 False, /* Non-blocking lock. */
4318 TALLOC_FREE(br_lck);
4320 if (NT_STATUS_V(status)) {
4321 reply_nterror(req, status);
4322 END_PROFILE(SMBlock);
4326 reply_outbuf(req, 0, 0);
4328 END_PROFILE(SMBlock);
4332 /****************************************************************************
4334 ****************************************************************************/
4336 void reply_unlock(connection_struct *conn, struct smb_request *req)
4338 SMB_BIG_UINT count,offset;
4342 START_PROFILE(SMBunlock);
4345 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4346 END_PROFILE(SMBunlock);
4350 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4352 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4353 END_PROFILE(SMBunlock);
4357 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4358 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4360 status = do_unlock(smbd_messaging_context(),
4367 if (NT_STATUS_V(status)) {
4368 reply_nterror(req, status);
4369 END_PROFILE(SMBunlock);
4373 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4374 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4376 reply_outbuf(req, 0, 0);
4378 END_PROFILE(SMBunlock);
4383 #define DBGC_CLASS DBGC_ALL
4385 /****************************************************************************
4387 conn POINTER CAN BE NULL HERE !
4388 ****************************************************************************/
4390 void reply_tdis(connection_struct *conn, struct smb_request *req)
4392 START_PROFILE(SMBtdis);
4395 DEBUG(4,("Invalid connection in tdis\n"));
4396 reply_doserror(req, ERRSRV, ERRinvnid);
4397 END_PROFILE(SMBtdis);
4403 close_cnum(conn,req->vuid);
4405 reply_outbuf(req, 0, 0);
4406 END_PROFILE(SMBtdis);
4410 /****************************************************************************
4412 conn POINTER CAN BE NULL HERE !
4413 ****************************************************************************/
4415 void reply_echo(connection_struct *conn, struct smb_request *req)
4419 unsigned int data_len = smb_buflen(req->inbuf);
4421 START_PROFILE(SMBecho);
4424 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4425 END_PROFILE(SMBecho);
4429 if (data_len > BUFFER_SIZE) {
4430 DEBUG(0,("reply_echo: data_len too large.\n"));
4431 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4432 END_PROFILE(SMBecho);
4436 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4438 reply_outbuf(req, 1, data_len);
4440 /* copy any incoming data back out */
4442 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4445 if (smb_reverb > 100) {
4446 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4450 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4451 SSVAL(req->outbuf,smb_vwv0,seq_num);
4453 show_msg((char *)req->outbuf);
4454 if (!send_smb(smbd_server_fd(),(char *)req->outbuf))
4455 exit_server_cleanly("reply_echo: send_smb failed.");
4458 DEBUG(3,("echo %d times\n", smb_reverb));
4460 TALLOC_FREE(req->outbuf);
4464 END_PROFILE(SMBecho);
4468 /****************************************************************************
4469 Reply to a printopen.
4470 ****************************************************************************/
4472 void reply_printopen(connection_struct *conn, struct smb_request *req)
4477 START_PROFILE(SMBsplopen);
4480 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4481 END_PROFILE(SMBsplopen);
4485 if (!CAN_PRINT(conn)) {
4486 reply_doserror(req, ERRDOS, ERRnoaccess);
4487 END_PROFILE(SMBsplopen);
4491 /* Open for exclusive use, write only. */
4492 status = print_fsp_open(conn, NULL, &fsp);
4494 if (!NT_STATUS_IS_OK(status)) {
4495 reply_nterror(req, status);
4496 END_PROFILE(SMBsplopen);
4500 reply_outbuf(req, 1, 0);
4501 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4503 DEBUG(3,("openprint fd=%d fnum=%d\n",
4504 fsp->fh->fd, fsp->fnum));
4506 END_PROFILE(SMBsplopen);
4510 /****************************************************************************
4511 Reply to a printclose.
4512 ****************************************************************************/
4514 void reply_printclose(connection_struct *conn, struct smb_request *req)
4519 START_PROFILE(SMBsplclose);
4522 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4523 END_PROFILE(SMBsplclose);
4527 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4529 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4530 END_PROFILE(SMBsplclose);
4534 if (!CAN_PRINT(conn)) {
4535 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4536 END_PROFILE(SMBsplclose);
4540 DEBUG(3,("printclose fd=%d fnum=%d\n",
4541 fsp->fh->fd,fsp->fnum));
4543 status = close_file(fsp,NORMAL_CLOSE);
4545 if(!NT_STATUS_IS_OK(status)) {
4546 reply_nterror(req, status);
4547 END_PROFILE(SMBsplclose);
4551 END_PROFILE(SMBsplclose);
4555 /****************************************************************************
4556 Reply to a printqueue.
4557 ****************************************************************************/
4559 void reply_printqueue(connection_struct *conn, struct smb_request *req)
4564 START_PROFILE(SMBsplretq);
4567 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4568 END_PROFILE(SMBsplretq);
4572 max_count = SVAL(req->inbuf,smb_vwv0);
4573 start_index = SVAL(req->inbuf,smb_vwv1);
4575 /* we used to allow the client to get the cnum wrong, but that
4576 is really quite gross and only worked when there was only
4577 one printer - I think we should now only accept it if they
4578 get it right (tridge) */
4579 if (!CAN_PRINT(conn)) {
4580 reply_doserror(req, ERRDOS, ERRnoaccess);
4581 END_PROFILE(SMBsplretq);
4585 reply_outbuf(req, 2, 3);
4586 SSVAL(req->outbuf,smb_vwv0,0);
4587 SSVAL(req->outbuf,smb_vwv1,0);
4588 SCVAL(smb_buf(req->outbuf),0,1);
4589 SSVAL(smb_buf(req->outbuf),1,0);
4591 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4592 start_index, max_count));
4595 print_queue_struct *queue = NULL;
4596 print_status_struct status;
4597 int count = print_queue_status(SNUM(conn), &queue, &status);
4598 int num_to_get = ABS(max_count);
4599 int first = (max_count>0?start_index:start_index+max_count+1);
4605 num_to_get = MIN(num_to_get,count-first);
4608 for (i=first;i<first+num_to_get;i++) {
4612 srv_put_dos_date2(p,0,queue[i].time);
4613 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4614 SSVAL(p,5, queue[i].job);
4615 SIVAL(p,7,queue[i].size);
4617 srvstr_push(blob, req->flags2, p+12,
4618 queue[i].fs_user, 16, STR_ASCII);
4620 if (message_push_blob(
4623 blob, sizeof(blob))) == -1) {
4624 reply_nterror(req, NT_STATUS_NO_MEMORY);
4625 END_PROFILE(SMBsplretq);
4631 SSVAL(req->outbuf,smb_vwv0,count);
4632 SSVAL(req->outbuf,smb_vwv1,
4633 (max_count>0?first+count:first-1));
4634 SCVAL(smb_buf(req->outbuf),0,1);
4635 SSVAL(smb_buf(req->outbuf),1,28*count);
4640 DEBUG(3,("%d entries returned in queue\n",count));
4643 END_PROFILE(SMBsplretq);
4647 /****************************************************************************
4648 Reply to a printwrite.
4649 ****************************************************************************/
4651 void reply_printwrite(connection_struct *conn, struct smb_request *req)
4657 START_PROFILE(SMBsplwr);
4660 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4661 END_PROFILE(SMBsplwr);
4665 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4667 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4668 END_PROFILE(SMBsplwr);
4672 if (!CAN_PRINT(conn)) {
4673 reply_doserror(req, ERRDOS, ERRnoaccess);
4674 END_PROFILE(SMBsplwr);
4678 if (!CHECK_WRITE(fsp)) {
4679 reply_doserror(req, ERRDOS, ERRbadaccess);
4680 END_PROFILE(SMBsplwr);
4684 numtowrite = SVAL(smb_buf(req->inbuf),1);
4686 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4687 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4688 END_PROFILE(SMBsplwr);
4692 data = smb_buf(req->inbuf) + 3;
4694 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
4695 reply_unixerror(req, ERRHRD, ERRdiskfull);
4696 END_PROFILE(SMBsplwr);
4700 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4702 END_PROFILE(SMBsplwr);
4706 /****************************************************************************
4708 ****************************************************************************/
4710 void reply_mkdir(connection_struct *conn, struct smb_request *req)
4712 char *directory = NULL;
4714 SMB_STRUCT_STAT sbuf;
4715 TALLOC_CTX *ctx = talloc_tos();
4717 START_PROFILE(SMBmkdir);
4719 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4720 smb_buf(req->inbuf) + 1, 0,
4721 STR_TERMINATE, &status);
4722 if (!NT_STATUS_IS_OK(status)) {
4723 reply_nterror(req, status);
4724 END_PROFILE(SMBmkdir);
4728 status = resolve_dfspath(ctx, conn,
4729 req->flags2 & FLAGS2_DFS_PATHNAMES,
4732 if (!NT_STATUS_IS_OK(status)) {
4733 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4734 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4735 ERRSRV, ERRbadpath);
4736 END_PROFILE(SMBmkdir);
4739 reply_nterror(req, status);
4740 END_PROFILE(SMBmkdir);
4744 status = unix_convert(conn, directory, False, &directory, NULL, &sbuf);
4745 if (!NT_STATUS_IS_OK(status)) {
4746 reply_nterror(req, status);
4747 END_PROFILE(SMBmkdir);
4751 status = check_name(conn, directory);
4752 if (!NT_STATUS_IS_OK(status)) {
4753 reply_nterror(req, status);
4754 END_PROFILE(SMBmkdir);
4758 status = create_directory(conn, directory);
4760 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4762 if (!NT_STATUS_IS_OK(status)) {
4764 if (!use_nt_status()
4765 && NT_STATUS_EQUAL(status,
4766 NT_STATUS_OBJECT_NAME_COLLISION)) {
4768 * Yes, in the DOS error code case we get a
4769 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4770 * samba4 torture test.
4772 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4775 reply_nterror(req, status);
4776 END_PROFILE(SMBmkdir);
4780 reply_outbuf(req, 0, 0);
4782 DEBUG( 3, ( "mkdir %s\n", directory ) );
4784 END_PROFILE(SMBmkdir);
4788 /****************************************************************************
4789 Static function used by reply_rmdir to delete an entire directory
4790 tree recursively. Return True on ok, False on fail.
4791 ****************************************************************************/
4793 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
4795 const char *dname = NULL;
4798 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4803 while((dname = ReadDirName(dir_hnd, &offset))) {
4807 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4810 if (!is_visible_file(conn, directory, dname, &st, False))
4813 /* Construct the full name. */
4814 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4820 pstrcpy(fullname, directory);
4821 pstrcat(fullname, "/");
4822 pstrcat(fullname, dname);
4824 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4829 if(st.st_mode & S_IFDIR) {
4830 if(!recursive_rmdir(conn, fullname)) {
4834 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4838 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4847 /****************************************************************************
4848 The internals of the rmdir code - called elsewhere.
4849 ****************************************************************************/
4851 NTSTATUS rmdir_internals(connection_struct *conn, const char *directory)
4856 /* Might be a symlink. */
4857 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4858 return map_nt_error_from_unix(errno);
4861 if (S_ISLNK(st.st_mode)) {
4862 /* Is what it points to a directory ? */
4863 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4864 return map_nt_error_from_unix(errno);
4866 if (!(S_ISDIR(st.st_mode))) {
4867 return NT_STATUS_NOT_A_DIRECTORY;
4869 ret = SMB_VFS_UNLINK(conn,directory);
4871 ret = SMB_VFS_RMDIR(conn,directory);
4874 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4875 FILE_NOTIFY_CHANGE_DIR_NAME,
4877 return NT_STATUS_OK;
4880 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4882 * Check to see if the only thing in this directory are
4883 * vetoed files/directories. If so then delete them and
4884 * retry. If we fail to delete any of them (and we *don't*
4885 * do a recursive delete) then fail the rmdir.
4889 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4891 if(dir_hnd == NULL) {
4896 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4897 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4899 if (!is_visible_file(conn, directory, dname, &st, False))
4901 if(!IS_VETO_PATH(conn, dname)) {
4908 /* We only have veto files/directories. Recursive delete. */
4910 RewindDir(dir_hnd,&dirpos);
4911 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4914 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4916 if (!is_visible_file(conn, directory, dname, &st, False))
4919 /* Construct the full name. */
4920 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
4925 pstrcpy(fullname, directory);
4926 pstrcat(fullname, "/");
4927 pstrcat(fullname, dname);
4929 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
4931 if(st.st_mode & S_IFDIR) {
4932 if(lp_recursive_veto_delete(SNUM(conn))) {
4933 if(!recursive_rmdir(conn, fullname))
4936 if(SMB_VFS_RMDIR(conn,fullname) != 0)
4938 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
4942 /* Retry the rmdir */
4943 ret = SMB_VFS_RMDIR(conn,directory);
4949 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
4950 "%s\n", directory,strerror(errno)));
4951 return map_nt_error_from_unix(errno);
4954 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4955 FILE_NOTIFY_CHANGE_DIR_NAME,
4958 return NT_STATUS_OK;
4961 /****************************************************************************
4963 ****************************************************************************/
4965 void reply_rmdir(connection_struct *conn, struct smb_request *req)
4967 char *directory = NULL;
4968 SMB_STRUCT_STAT sbuf;
4970 TALLOC_CTX *ctx = talloc_tos();
4972 START_PROFILE(SMBrmdir);
4974 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4975 smb_buf(req->inbuf) + 1, 0,
4976 STR_TERMINATE, &status);
4977 if (!NT_STATUS_IS_OK(status)) {
4978 reply_nterror(req, status);
4979 END_PROFILE(SMBrmdir);
4983 status = resolve_dfspath(ctx, conn,
4984 req->flags2 & FLAGS2_DFS_PATHNAMES,
4987 if (!NT_STATUS_IS_OK(status)) {
4988 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4989 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4990 ERRSRV, ERRbadpath);
4991 END_PROFILE(SMBrmdir);
4994 reply_nterror(req, status);
4995 END_PROFILE(SMBrmdir);
4999 status = unix_convert(conn, directory, False, &directory,
5001 if (!NT_STATUS_IS_OK(status)) {
5002 reply_nterror(req, status);
5003 END_PROFILE(SMBrmdir);
5007 status = check_name(conn, directory);
5008 if (!NT_STATUS_IS_OK(status)) {
5009 reply_nterror(req, status);
5010 END_PROFILE(SMBrmdir);
5014 dptr_closepath(directory, req->smbpid);
5015 status = rmdir_internals(conn, directory);
5016 if (!NT_STATUS_IS_OK(status)) {
5017 reply_nterror(req, status);
5018 END_PROFILE(SMBrmdir);
5022 reply_outbuf(req, 0, 0);
5024 DEBUG( 3, ( "rmdir %s\n", directory ) );
5026 END_PROFILE(SMBrmdir);
5030 /*******************************************************************
5031 Resolve wildcards in a filename rename.
5032 ********************************************************************/
5034 static BOOL resolve_wildcards(TALLOC_CTX *ctx,
5039 char *name2_copy = NULL;
5044 char *p,*p2, *pname1, *pname2;
5046 name2_copy = talloc_strdup(ctx, name2);
5051 pname1 = strrchr_m(name1,'/');
5052 pname2 = strrchr_m(name2_copy,'/');
5054 if (!pname1 || !pname2) {
5058 /* Truncate the copy of name2 at the last '/' */
5061 /* Now go past the '/' */
5065 root1 = talloc_strdup(ctx, pname1);
5066 root2 = talloc_strdup(ctx, pname2);
5068 if (!root1 || !root2) {
5072 p = strrchr_m(root1,'.');
5075 ext1 = talloc_strdup(ctx, p+1);
5077 ext1 = talloc_strdup(ctx, "");
5079 p = strrchr_m(root2,'.');
5082 ext2 = talloc_strdup(ctx, p+1);
5084 ext2 = talloc_strdup(ctx, "");
5087 if (!ext1 || !ext2) {
5095 /* Hmmm. Should this be mb-aware ? */
5098 } else if (*p2 == '*') {
5100 root2 = talloc_asprintf(ctx, "%s%s",
5119 /* Hmmm. Should this be mb-aware ? */
5122 } else if (*p2 == '*') {
5124 ext2 = talloc_asprintf(ctx, "%s%s",
5140 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5145 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5157 /****************************************************************************
5158 Ensure open files have their names updated. Updated to notify other smbd's
5160 ****************************************************************************/
5162 static void rename_open_files(connection_struct *conn,
5163 struct share_mode_lock *lck,
5164 const char *newname)
5167 BOOL did_rename = False;
5169 for(fsp = file_find_di_first(lck->id); fsp;
5170 fsp = file_find_di_next(fsp)) {
5171 /* fsp_name is a relative path under the fsp. To change this for other
5172 sharepaths we need to manipulate relative paths. */
5173 /* TODO - create the absolute path and manipulate the newname
5174 relative to the sharepath. */
5175 if (fsp->conn != conn) {
5178 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5179 fsp->fnum, file_id_string_tos(&fsp->file_id),
5180 fsp->fsp_name, newname ));
5181 string_set(&fsp->fsp_name, newname);
5186 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5187 file_id_string_tos(&lck->id), newname ));
5190 /* Send messages to all smbd's (not ourself) that the name has changed. */
5191 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5195 /****************************************************************************
5196 We need to check if the source path is a parent directory of the destination
5197 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5198 refuse the rename with a sharing violation. Under UNIX the above call can
5199 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5200 probably need to check that the client is a Windows one before disallowing
5201 this as a UNIX client (one with UNIX extensions) can know the source is a
5202 symlink and make this decision intelligently. Found by an excellent bug
5203 report from <AndyLiebman@aol.com>.
5204 ****************************************************************************/
5206 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
5208 const char *psrc = src;
5209 const char *pdst = dest;
5212 if (psrc[0] == '.' && psrc[1] == '/') {
5215 if (pdst[0] == '.' && pdst[1] == '/') {
5218 if ((slen = strlen(psrc)) > strlen(pdst)) {
5221 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5225 * Do the notify calls from a rename
5228 static void notify_rename(connection_struct *conn, BOOL is_dir,
5229 const char *oldpath, const char *newpath)
5231 char *olddir, *newdir;
5232 const char *oldname, *newname;
5235 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5236 : FILE_NOTIFY_CHANGE_FILE_NAME;
5238 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5239 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5240 TALLOC_FREE(olddir);
5244 if (strcmp(olddir, newdir) == 0) {
5245 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5246 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5249 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5250 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5252 TALLOC_FREE(olddir);
5253 TALLOC_FREE(newdir);
5255 /* this is a strange one. w2k3 gives an additional event for
5256 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5257 files, but not directories */
5259 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5260 FILE_NOTIFY_CHANGE_ATTRIBUTES
5261 |FILE_NOTIFY_CHANGE_CREATION,
5266 /****************************************************************************
5267 Rename an open file - given an fsp.
5268 ****************************************************************************/
5270 NTSTATUS rename_internals_fsp(connection_struct *conn,
5273 const char *newname_last_component,
5275 BOOL replace_if_exists)
5277 TALLOC_CTX *ctx = talloc_tos();
5278 SMB_STRUCT_STAT sbuf, sbuf1;
5279 NTSTATUS status = NT_STATUS_OK;
5280 struct share_mode_lock *lck = NULL;
5285 status = check_name(conn, newname);
5286 if (!NT_STATUS_IS_OK(status)) {
5290 /* Ensure newname contains a '/' */
5291 if(strrchr_m(newname,'/') == 0) {
5292 newname = talloc_asprintf(ctx,
5296 return NT_STATUS_NO_MEMORY;
5301 * Check for special case with case preserving and not
5302 * case sensitive. If the old last component differs from the original
5303 * last component only by case, then we should allow
5304 * the rename (user is trying to change the case of the
5308 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5309 strequal(newname, fsp->fsp_name)) {
5311 char *newname_modified_last_component = NULL;
5314 * Get the last component of the modified name.
5315 * Note that we guarantee that newname contains a '/'
5318 p = strrchr_m(newname,'/');
5319 newname_modified_last_component = talloc_strdup(ctx,
5321 if (!newname_modified_last_component) {
5322 return NT_STATUS_NO_MEMORY;
5325 if(strcsequal(newname_modified_last_component,
5326 newname_last_component) == False) {
5328 * Replace the modified last component with
5331 *p = '\0'; /* Truncate at the '/' */
5332 newname = talloc_asprintf(ctx,
5335 newname_last_component);
5340 * If the src and dest names are identical - including case,
5341 * don't do the rename, just return success.
5344 if (strcsequal(fsp->fsp_name, newname)) {
5345 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5347 return NT_STATUS_OK;
5351 * Have vfs_object_exist also fill sbuf1
5353 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5355 if(!replace_if_exists && dst_exists) {
5356 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5357 fsp->fsp_name,newname));
5358 return NT_STATUS_OBJECT_NAME_COLLISION;
5362 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5363 files_struct *dst_fsp = file_find_di_first(fileid);
5365 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5366 return NT_STATUS_ACCESS_DENIED;
5370 /* Ensure we have a valid stat struct for the source. */
5371 if (fsp->fh->fd != -1) {
5372 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) == -1) {
5373 return map_nt_error_from_unix(errno);
5376 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5377 return map_nt_error_from_unix(errno);
5381 status = can_rename(conn, fsp, attrs, &sbuf);
5383 if (!NT_STATUS_IS_OK(status)) {
5384 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5385 nt_errstr(status), fsp->fsp_name,newname));
5386 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5387 status = NT_STATUS_ACCESS_DENIED;
5391 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5392 return NT_STATUS_ACCESS_DENIED;
5395 lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
5398 * We have the file open ourselves, so not being able to get the
5399 * corresponding share mode lock is a fatal error.
5402 SMB_ASSERT(lck != NULL);
5404 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5405 uint32 create_options = fsp->fh->private_options;
5407 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5408 fsp->fsp_name,newname));
5410 rename_open_files(conn, lck, newname);
5412 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5415 * A rename acts as a new file create w.r.t. allowing an initial delete
5416 * on close, probably because in Windows there is a new handle to the
5417 * new file. If initial delete on close was requested but not
5418 * originally set, we need to set it here. This is probably not 100% correct,
5419 * but will work for the CIFSFS client which in non-posix mode
5420 * depends on these semantics. JRA.
5423 set_allow_initial_delete_on_close(lck, fsp, True);
5425 if (create_options & FILE_DELETE_ON_CLOSE) {
5426 status = can_set_delete_on_close(fsp, True, 0);
5428 if (NT_STATUS_IS_OK(status)) {
5429 /* Note that here we set the *inital* delete on close flag,
5430 * not the regular one. The magic gets handled in close. */
5431 fsp->initial_delete_on_close = True;
5435 return NT_STATUS_OK;
5440 if (errno == ENOTDIR || errno == EISDIR) {
5441 status = NT_STATUS_OBJECT_NAME_COLLISION;
5443 status = map_nt_error_from_unix(errno);
5446 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5447 nt_errstr(status), fsp->fsp_name,newname));
5452 /****************************************************************************
5453 The guts of the rename command, split out so it may be called by the NT SMB
5455 ****************************************************************************/
5457 NTSTATUS rename_internals(connection_struct *conn, struct smb_request *req,
5458 const char *name_in,
5459 const char *newname_in,
5461 BOOL replace_if_exists,
5467 char *last_component_src = NULL;
5468 char *last_component_dest = NULL;
5470 char *newname = NULL;
5473 NTSTATUS status = NT_STATUS_OK;
5474 SMB_STRUCT_STAT sbuf1, sbuf2;
5475 struct smb_Dir *dir_hnd = NULL;
5480 *directory = *mask = 0;
5485 status = unix_convert(conn, name_in, src_has_wild, &name,
5486 &last_component_src, &sbuf1);
5487 if (!NT_STATUS_IS_OK(status)) {
5491 status = unix_convert(conn, newname_in, dest_has_wild, &newname,
5492 &last_component_dest, &sbuf2);
5493 if (!NT_STATUS_IS_OK(status)) {
5498 * Split the old name into directory and last component
5499 * strings. Note that unix_convert may have stripped off a
5500 * leading ./ from both name and newname if the rename is
5501 * at the root of the share. We need to make sure either both
5502 * name and newname contain a / character or neither of them do
5503 * as this is checked in resolve_wildcards().
5506 p = strrchr_m(name,'/');
5508 pstrcpy(directory,".");
5512 pstrcpy(directory,name);
5514 *p = '/'; /* Replace needed for exceptional test below. */
5518 * We should only check the mangled cache
5519 * here if unix_convert failed. This means
5520 * that the path in 'mask' doesn't exist
5521 * on the file system and so we need to look
5522 * for a possible mangle. This patch from
5523 * Tine Smukavec <valentin.smukavec@hermes.si>.
5526 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5527 char *new_mask = NULL;
5528 mangle_lookup_name_from_8_3(talloc_tos(),
5533 pstrcpy(mask, new_mask);
5537 if (!src_has_wild) {
5541 * No wildcards - just process the one file.
5543 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
5545 /* Add a terminating '/' to the directory name. */
5546 pstrcat(directory,"/");
5547 pstrcat(directory,mask);
5549 /* Ensure newname contains a '/' also */
5550 if(strrchr_m(newname,'/') == 0) {
5551 newname = talloc_asprintf(talloc_tos(),
5555 return NT_STATUS_NO_MEMORY;
5559 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5560 "case_preserve = %d, short case preserve = %d, "
5561 "directory = %s, newname = %s, "
5562 "last_component_dest = %s, is_8_3 = %d\n",
5563 conn->case_sensitive, conn->case_preserve,
5564 conn->short_case_preserve, directory,
5565 newname, last_component_dest, is_short_name));
5567 /* The dest name still may have wildcards. */
5568 if (dest_has_wild) {
5569 char *mod_newname = NULL;
5570 if (!resolve_wildcards(talloc_tos(),
5571 directory,newname,&mod_newname)) {
5572 DEBUG(6, ("rename_internals: resolve_wildcards %s %s failed\n",
5573 directory,newname));
5574 return NT_STATUS_NO_MEMORY;
5576 newname = mod_newname;
5580 SMB_VFS_STAT(conn, directory, &sbuf1);
5582 status = S_ISDIR(sbuf1.st_mode) ?
5583 open_directory(conn, req, directory, &sbuf1,
5585 FILE_SHARE_READ|FILE_SHARE_WRITE,
5586 FILE_OPEN, 0, 0, NULL,
5588 : open_file_ntcreate(conn, req, directory, &sbuf1,
5590 FILE_SHARE_READ|FILE_SHARE_WRITE,
5591 FILE_OPEN, 0, 0, 0, NULL,
5594 if (!NT_STATUS_IS_OK(status)) {
5595 DEBUG(3, ("Could not open rename source %s: %s\n",
5596 directory, nt_errstr(status)));
5600 status = rename_internals_fsp(conn, fsp, newname,
5601 last_component_dest,
5602 attrs, replace_if_exists);
5604 close_file(fsp, NORMAL_CLOSE);
5606 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5607 nt_errstr(status), directory,newname));
5613 * Wildcards - process each file that matches.
5615 if (strequal(mask,"????????.???")) {
5619 status = check_name(conn, directory);
5620 if (!NT_STATUS_IS_OK(status)) {
5624 dir_hnd = OpenDir(conn, directory, mask, attrs);
5625 if (dir_hnd == NULL) {
5626 return map_nt_error_from_unix(errno);
5629 status = NT_STATUS_NO_SUCH_FILE;
5631 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5632 * - gentest fix. JRA
5635 while ((dname = ReadDirName(dir_hnd, &offset))) {
5638 BOOL sysdir_entry = False;
5639 char *mod_destname = NULL;
5641 pstrcpy(fname,dname);
5643 /* Quick check for "." and ".." */
5644 if (fname[0] == '.') {
5645 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
5647 sysdir_entry = True;
5654 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5658 if(!mask_match(fname, mask, conn->case_sensitive)) {
5663 status = NT_STATUS_OBJECT_NAME_INVALID;
5667 slprintf(fname, sizeof(fname)-1, "%s/%s", directory, dname);
5669 pstrcpy(destname,newname);
5671 if (!resolve_wildcards(talloc_tos(),
5672 fname,destname,&mod_destname)) {
5673 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5677 pstrcpy(destname,mod_destname);
5680 SMB_VFS_STAT(conn, fname, &sbuf1);
5682 status = S_ISDIR(sbuf1.st_mode) ?
5683 open_directory(conn, req, fname, &sbuf1,
5685 FILE_SHARE_READ|FILE_SHARE_WRITE,
5686 FILE_OPEN, 0, 0, NULL,
5688 : open_file_ntcreate(conn, req, fname, &sbuf1,
5690 FILE_SHARE_READ|FILE_SHARE_WRITE,
5691 FILE_OPEN, 0, 0, 0, NULL,
5694 if (!NT_STATUS_IS_OK(status)) {
5695 DEBUG(3,("rename_internals: open_file_ntcreate "
5696 "returned %s rename %s -> %s\n",
5697 nt_errstr(status), directory, newname));
5701 status = rename_internals_fsp(conn, fsp, destname, dname,
5702 attrs, replace_if_exists);
5704 close_file(fsp, NORMAL_CLOSE);
5706 if (!NT_STATUS_IS_OK(status)) {
5707 DEBUG(3, ("rename_internals_fsp returned %s for "
5708 "rename %s -> %s\n", nt_errstr(status),
5709 directory, newname));
5715 DEBUG(3,("rename_internals: doing rename on %s -> "
5716 "%s\n",fname,destname));
5720 if (count == 0 && NT_STATUS_IS_OK(status)) {
5721 status = map_nt_error_from_unix(errno);
5727 /****************************************************************************
5729 ****************************************************************************/
5731 void reply_mv(connection_struct *conn, struct smb_request *req)
5734 char *newname = NULL;
5738 BOOL src_has_wcard = False;
5739 BOOL dest_has_wcard = False;
5740 TALLOC_CTX *ctx = talloc_tos();
5742 START_PROFILE(SMBmv);
5745 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5750 attrs = SVAL(req->inbuf,smb_vwv0);
5752 p = smb_buf(req->inbuf) + 1;
5753 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5754 0, STR_TERMINATE, &status,
5756 if (!NT_STATUS_IS_OK(status)) {
5757 reply_nterror(req, status);
5762 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5763 0, STR_TERMINATE, &status,
5765 if (!NT_STATUS_IS_OK(status)) {
5766 reply_nterror(req, status);
5771 status = resolve_dfspath_wcard(ctx, conn,
5772 req->flags2 & FLAGS2_DFS_PATHNAMES,
5776 if (!NT_STATUS_IS_OK(status)) {
5777 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5778 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5779 ERRSRV, ERRbadpath);
5783 reply_nterror(req, status);
5788 status = resolve_dfspath_wcard(ctx, conn,
5789 req->flags2 & FLAGS2_DFS_PATHNAMES,
5793 if (!NT_STATUS_IS_OK(status)) {
5794 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5795 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5796 ERRSRV, ERRbadpath);
5800 reply_nterror(req, status);
5805 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5807 status = rename_internals(conn, req, name, newname, attrs, False,
5808 src_has_wcard, dest_has_wcard);
5809 if (!NT_STATUS_IS_OK(status)) {
5810 if (open_was_deferred(req->mid)) {
5811 /* We have re-scheduled this call. */
5815 reply_nterror(req, status);
5820 reply_outbuf(req, 0, 0);
5826 /*******************************************************************
5827 Copy a file as part of a reply_copy.
5828 ******************************************************************/
5831 * TODO: check error codes on all callers
5834 NTSTATUS copy_file(connection_struct *conn,
5839 BOOL target_is_directory)
5841 SMB_STRUCT_STAT src_sbuf, sbuf2;
5843 files_struct *fsp1,*fsp2;
5846 uint32 new_create_disposition;
5849 pstrcpy(dest,dest1);
5850 if (target_is_directory) {
5851 char *p = strrchr_m(src,'/');
5861 if (!vfs_file_exist(conn,src,&src_sbuf)) {
5862 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
5865 if (!target_is_directory && count) {
5866 new_create_disposition = FILE_OPEN;
5868 if (!map_open_params_to_ntcreate(dest1,0,ofun,
5869 NULL, NULL, &new_create_disposition, NULL)) {
5870 return NT_STATUS_INVALID_PARAMETER;
5874 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
5876 FILE_SHARE_READ|FILE_SHARE_WRITE,
5879 FILE_ATTRIBUTE_NORMAL,
5883 if (!NT_STATUS_IS_OK(status)) {
5887 dosattrs = dos_mode(conn, src, &src_sbuf);
5888 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
5889 ZERO_STRUCTP(&sbuf2);
5892 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
5894 FILE_SHARE_READ|FILE_SHARE_WRITE,
5895 new_create_disposition,
5901 if (!NT_STATUS_IS_OK(status)) {
5902 close_file(fsp1,ERROR_CLOSE);
5906 if ((ofun&3) == 1) {
5907 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
5908 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
5910 * Stop the copy from occurring.
5913 src_sbuf.st_size = 0;
5917 if (src_sbuf.st_size) {
5918 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
5921 close_file(fsp1,NORMAL_CLOSE);
5923 /* Ensure the modtime is set correctly on the destination file. */
5924 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
5927 * As we are opening fsp1 read-only we only expect
5928 * an error on close on fsp2 if we are out of space.
5929 * Thus we don't look at the error return from the
5932 status = close_file(fsp2,NORMAL_CLOSE);
5934 if (!NT_STATUS_IS_OK(status)) {
5938 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
5939 return NT_STATUS_DISK_FULL;
5942 return NT_STATUS_OK;
5945 /****************************************************************************
5946 Reply to a file copy.
5947 ****************************************************************************/
5949 void reply_copy(connection_struct *conn, struct smb_request *req)
5952 char *newname = NULL;
5957 int error = ERRnoaccess;
5962 BOOL target_is_directory=False;
5963 BOOL source_has_wild = False;
5964 BOOL dest_has_wild = False;
5965 SMB_STRUCT_STAT sbuf1, sbuf2;
5967 TALLOC_CTX *ctx = talloc_tos();
5969 START_PROFILE(SMBcopy);
5972 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5973 END_PROFILE(SMBcopy);
5977 tid2 = SVAL(req->inbuf,smb_vwv0);
5978 ofun = SVAL(req->inbuf,smb_vwv1);
5979 flags = SVAL(req->inbuf,smb_vwv2);
5981 *directory = *mask = 0;
5983 p = smb_buf(req->inbuf);
5984 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5985 0, STR_TERMINATE, &status,
5987 if (!NT_STATUS_IS_OK(status)) {
5988 reply_nterror(req, status);
5989 END_PROFILE(SMBcopy);
5992 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5993 0, STR_TERMINATE, &status,
5995 if (!NT_STATUS_IS_OK(status)) {
5996 reply_nterror(req, status);
5997 END_PROFILE(SMBcopy);
6001 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6003 if (tid2 != conn->cnum) {
6004 /* can't currently handle inter share copies XXXX */
6005 DEBUG(3,("Rejecting inter-share copy\n"));
6006 reply_doserror(req, ERRSRV, ERRinvdevice);
6007 END_PROFILE(SMBcopy);
6011 status = resolve_dfspath_wcard(ctx, conn,
6012 req->flags2 & FLAGS2_DFS_PATHNAMES,
6016 if (!NT_STATUS_IS_OK(status)) {
6017 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6018 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6019 ERRSRV, ERRbadpath);
6020 END_PROFILE(SMBcopy);
6023 reply_nterror(req, status);
6024 END_PROFILE(SMBcopy);
6028 status = resolve_dfspath_wcard(ctx, conn,
6029 req->flags2 & FLAGS2_DFS_PATHNAMES,
6033 if (!NT_STATUS_IS_OK(status)) {
6034 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6035 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6036 ERRSRV, ERRbadpath);
6037 END_PROFILE(SMBcopy);
6040 reply_nterror(req, status);
6041 END_PROFILE(SMBcopy);
6045 status = unix_convert(conn, name, source_has_wild, &name, NULL, &sbuf1);
6046 if (!NT_STATUS_IS_OK(status)) {
6047 reply_nterror(req, status);
6048 END_PROFILE(SMBcopy);
6052 status = unix_convert(conn, newname, dest_has_wild, &newname, NULL, &sbuf2);
6053 if (!NT_STATUS_IS_OK(status)) {
6054 reply_nterror(req, status);
6055 END_PROFILE(SMBcopy);
6059 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6061 if ((flags&1) && target_is_directory) {
6062 reply_doserror(req, ERRDOS, ERRbadfile);
6063 END_PROFILE(SMBcopy);
6067 if ((flags&2) && !target_is_directory) {
6068 reply_doserror(req, ERRDOS, ERRbadpath);
6069 END_PROFILE(SMBcopy);
6073 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6074 /* wants a tree copy! XXXX */
6075 DEBUG(3,("Rejecting tree copy\n"));
6076 reply_doserror(req, ERRSRV, ERRerror);
6077 END_PROFILE(SMBcopy);
6081 p = strrchr_m(name,'/');
6083 pstrcpy(directory,"./");
6087 pstrcpy(directory,name);
6092 * We should only check the mangled cache
6093 * here if unix_convert failed. This means
6094 * that the path in 'mask' doesn't exist
6095 * on the file system and so we need to look
6096 * for a possible mangle. This patch from
6097 * Tine Smukavec <valentin.smukavec@hermes.si>.
6100 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6101 char *new_mask = NULL;
6102 mangle_lookup_name_from_8_3( talloc_tos(),
6107 pstrcpy(mask, new_mask);
6111 if (!source_has_wild) {
6112 pstrcat(directory,"/");
6113 pstrcat(directory,mask);
6114 if (dest_has_wild) {
6115 char *mod_newname = NULL;
6116 if (!resolve_wildcards(talloc_tos(),
6117 directory,newname,&mod_newname)) {
6118 reply_nterror(req, NT_STATUS_NO_MEMORY);
6119 END_PROFILE(SMBcopy);
6122 newname = mod_newname;
6125 status = check_name(conn, directory);
6126 if (!NT_STATUS_IS_OK(status)) {
6127 reply_nterror(req, status);
6128 END_PROFILE(SMBcopy);
6132 status = check_name(conn, newname);
6133 if (!NT_STATUS_IS_OK(status)) {
6134 reply_nterror(req, status);
6135 END_PROFILE(SMBcopy);
6139 status = copy_file(conn,directory,newname,ofun,
6140 count,target_is_directory);
6142 if(!NT_STATUS_IS_OK(status)) {
6143 reply_nterror(req, status);
6144 END_PROFILE(SMBcopy);
6150 struct smb_Dir *dir_hnd = NULL;
6155 if (strequal(mask,"????????.???"))
6158 status = check_name(conn, directory);
6159 if (!NT_STATUS_IS_OK(status)) {
6160 reply_nterror(req, status);
6161 END_PROFILE(SMBcopy);
6165 dir_hnd = OpenDir(conn, directory, mask, 0);
6166 if (dir_hnd == NULL) {
6167 status = map_nt_error_from_unix(errno);
6168 reply_nterror(req, status);
6169 END_PROFILE(SMBcopy);
6175 while ((dname = ReadDirName(dir_hnd, &offset))) {
6176 char *mod_destname = NULL;
6178 pstrcpy(fname,dname);
6180 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6184 if(!mask_match(fname, mask, conn->case_sensitive)) {
6188 error = ERRnoaccess;
6189 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
6190 pstrcpy(destname,newname);
6191 if (!resolve_wildcards(talloc_tos(),
6192 fname,destname,&mod_destname)) {
6195 pstrcpy(destname,mod_destname);
6197 status = check_name(conn, fname);
6198 if (!NT_STATUS_IS_OK(status)) {
6199 reply_nterror(req, status);
6200 END_PROFILE(SMBcopy);
6204 status = check_name(conn, destname);
6205 if (!NT_STATUS_IS_OK(status)) {
6206 reply_nterror(req, status);
6207 END_PROFILE(SMBcopy);
6211 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6213 status = copy_file(conn,fname,destname,ofun,
6214 count,target_is_directory);
6215 if (NT_STATUS_IS_OK(status)) {
6224 /* Error on close... */
6226 reply_unixerror(req, ERRHRD, ERRgeneral);
6227 END_PROFILE(SMBcopy);
6231 reply_doserror(req, ERRDOS, error);
6232 END_PROFILE(SMBcopy);
6236 reply_outbuf(req, 1, 0);
6237 SSVAL(req->outbuf,smb_vwv0,count);
6239 END_PROFILE(SMBcopy);
6244 #define DBGC_CLASS DBGC_LOCKING
6246 /****************************************************************************
6247 Get a lock pid, dealing with large count requests.
6248 ****************************************************************************/
6250 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
6252 if(!large_file_format)
6253 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6255 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6258 /****************************************************************************
6259 Get a lock count, dealing with large count requests.
6260 ****************************************************************************/
6262 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
6264 SMB_BIG_UINT count = 0;
6266 if(!large_file_format) {
6267 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6270 #if defined(HAVE_LONGLONG)
6271 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6272 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6273 #else /* HAVE_LONGLONG */
6276 * NT4.x seems to be broken in that it sends large file (64 bit)
6277 * lockingX calls even if the CAP_LARGE_FILES was *not*
6278 * negotiated. For boxes without large unsigned ints truncate the
6279 * lock count by dropping the top 32 bits.
6282 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6283 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6284 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6285 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6286 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6289 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6290 #endif /* HAVE_LONGLONG */
6296 #if !defined(HAVE_LONGLONG)
6297 /****************************************************************************
6298 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6299 ****************************************************************************/
6301 static uint32 map_lock_offset(uint32 high, uint32 low)
6305 uint32 highcopy = high;
6308 * Try and find out how many significant bits there are in high.
6311 for(i = 0; highcopy; i++)
6315 * We use 31 bits not 32 here as POSIX
6316 * lock offsets may not be negative.
6319 mask = (~0) << (31 - i);
6322 return 0; /* Fail. */
6328 #endif /* !defined(HAVE_LONGLONG) */
6330 /****************************************************************************
6331 Get a lock offset, dealing with large offset requests.
6332 ****************************************************************************/
6334 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
6336 SMB_BIG_UINT offset = 0;
6340 if(!large_file_format) {
6341 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6344 #if defined(HAVE_LONGLONG)
6345 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6346 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6347 #else /* HAVE_LONGLONG */
6350 * NT4.x seems to be broken in that it sends large file (64 bit)
6351 * lockingX calls even if the CAP_LARGE_FILES was *not*
6352 * negotiated. For boxes without large unsigned ints mangle the
6353 * lock offset by mapping the top 32 bits onto the lower 32.
6356 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6357 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6358 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6361 if((new_low = map_lock_offset(high, low)) == 0) {
6363 return (SMB_BIG_UINT)-1;
6366 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6367 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6368 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6369 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6372 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6373 #endif /* HAVE_LONGLONG */
6379 /****************************************************************************
6380 Reply to a lockingX request.
6381 ****************************************************************************/
6383 void reply_lockingX(connection_struct *conn, struct smb_request *req)
6386 unsigned char locktype;
6387 unsigned char oplocklevel;
6390 SMB_BIG_UINT count = 0, offset = 0;
6395 BOOL large_file_format;
6397 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6399 START_PROFILE(SMBlockingX);
6402 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6403 END_PROFILE(SMBlockingX);
6407 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6408 locktype = CVAL(req->inbuf,smb_vwv3);
6409 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6410 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6411 num_locks = SVAL(req->inbuf,smb_vwv7);
6412 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6413 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6415 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6416 END_PROFILE(SMBlockingX);
6420 data = smb_buf(req->inbuf);
6422 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6423 /* we don't support these - and CANCEL_LOCK makes w2k
6424 and XP reboot so I don't really want to be
6425 compatible! (tridge) */
6426 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6427 END_PROFILE(SMBlockingX);
6431 /* Check if this is an oplock break on a file
6432 we have granted an oplock on.
6434 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6435 /* Client can insist on breaking to none. */
6436 BOOL break_to_none = (oplocklevel == 0);
6439 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6440 "for fnum = %d\n", (unsigned int)oplocklevel,
6444 * Make sure we have granted an exclusive or batch oplock on
6448 if (fsp->oplock_type == 0) {
6450 /* The Samba4 nbench simulator doesn't understand
6451 the difference between break to level2 and break
6452 to none from level2 - it sends oplock break
6453 replies in both cases. Don't keep logging an error
6454 message here - just ignore it. JRA. */
6456 DEBUG(5,("reply_lockingX: Error : oplock break from "
6457 "client for fnum = %d (oplock=%d) and no "
6458 "oplock granted on this file (%s).\n",
6459 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6461 /* if this is a pure oplock break request then don't
6463 if (num_locks == 0 && num_ulocks == 0) {
6464 END_PROFILE(SMBlockingX);
6467 END_PROFILE(SMBlockingX);
6468 reply_doserror(req, ERRDOS, ERRlock);
6473 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6475 result = remove_oplock(fsp);
6477 result = downgrade_oplock(fsp);
6481 DEBUG(0, ("reply_lockingX: error in removing "
6482 "oplock on file %s\n", fsp->fsp_name));
6483 /* Hmmm. Is this panic justified? */
6484 smb_panic("internal tdb error");
6487 reply_to_oplock_break_requests(fsp);
6489 /* if this is a pure oplock break request then don't send a
6491 if (num_locks == 0 && num_ulocks == 0) {
6492 /* Sanity check - ensure a pure oplock break is not a
6494 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6495 DEBUG(0,("reply_lockingX: Error : pure oplock "
6496 "break is a chained %d request !\n",
6497 (unsigned int)CVAL(req->inbuf,
6499 END_PROFILE(SMBlockingX);
6505 * We do this check *after* we have checked this is not a oplock break
6506 * response message. JRA.
6509 release_level_2_oplocks_on_change(fsp);
6511 if (smb_buflen(req->inbuf) <
6512 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6513 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6514 END_PROFILE(SMBlockingX);
6518 /* Data now points at the beginning of the list
6519 of smb_unlkrng structs */
6520 for(i = 0; i < (int)num_ulocks; i++) {
6521 lock_pid = get_lock_pid( data, i, large_file_format);
6522 count = get_lock_count( data, i, large_file_format);
6523 offset = get_lock_offset( data, i, large_file_format, &err);
6526 * There is no error code marked "stupid client bug".... :-).
6529 END_PROFILE(SMBlockingX);
6530 reply_doserror(req, ERRDOS, ERRnoaccess);
6534 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6535 "pid %u, file %s\n", (double)offset, (double)count,
6536 (unsigned int)lock_pid, fsp->fsp_name ));
6538 status = do_unlock(smbd_messaging_context(),
6545 if (NT_STATUS_V(status)) {
6546 END_PROFILE(SMBlockingX);
6547 reply_nterror(req, status);
6552 /* Setup the timeout in seconds. */
6554 if (!lp_blocking_locks(SNUM(conn))) {
6558 /* Now do any requested locks */
6559 data += ((large_file_format ? 20 : 10)*num_ulocks);
6561 /* Data now points at the beginning of the list
6562 of smb_lkrng structs */
6564 for(i = 0; i < (int)num_locks; i++) {
6565 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6566 READ_LOCK:WRITE_LOCK);
6567 lock_pid = get_lock_pid( data, i, large_file_format);
6568 count = get_lock_count( data, i, large_file_format);
6569 offset = get_lock_offset( data, i, large_file_format, &err);
6572 * There is no error code marked "stupid client bug".... :-).
6575 END_PROFILE(SMBlockingX);
6576 reply_doserror(req, ERRDOS, ERRnoaccess);
6580 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6581 "%u, file %s timeout = %d\n", (double)offset,
6582 (double)count, (unsigned int)lock_pid,
6583 fsp->fsp_name, (int)lock_timeout ));
6585 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6586 if (lp_blocking_locks(SNUM(conn))) {
6588 /* Schedule a message to ourselves to
6589 remove the blocking lock record and
6590 return the right error. */
6592 if (!blocking_lock_cancel(fsp,
6598 NT_STATUS_FILE_LOCK_CONFLICT)) {
6599 END_PROFILE(SMBlockingX);
6604 ERRcancelviolation));
6608 /* Remove a matching pending lock. */
6609 status = do_lock_cancel(fsp,
6615 BOOL blocking_lock = lock_timeout ? True : False;
6616 BOOL defer_lock = False;
6617 struct byte_range_lock *br_lck;
6618 uint32 block_smbpid;
6620 br_lck = do_lock(smbd_messaging_context(),
6631 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6632 /* Windows internal resolution for blocking locks seems
6633 to be about 200ms... Don't wait for less than that. JRA. */
6634 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6635 lock_timeout = lp_lock_spin_time();
6640 /* This heuristic seems to match W2K3 very well. If a
6641 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6642 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6643 far as I can tell. Replacement for do_lock_spin(). JRA. */
6645 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6646 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6648 lock_timeout = lp_lock_spin_time();
6651 if (br_lck && defer_lock) {
6653 * A blocking lock was requested. Package up
6654 * this smb into a queued request and push it
6655 * onto the blocking lock queue.
6657 if(push_blocking_lock_request(br_lck,
6659 smb_len(req->inbuf)+4,
6669 TALLOC_FREE(br_lck);
6670 END_PROFILE(SMBlockingX);
6675 TALLOC_FREE(br_lck);
6678 if (NT_STATUS_V(status)) {
6679 END_PROFILE(SMBlockingX);
6680 reply_nterror(req, status);
6685 /* If any of the above locks failed, then we must unlock
6686 all of the previous locks (X/Open spec). */
6688 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6692 * Ensure we don't do a remove on the lock that just failed,
6693 * as under POSIX rules, if we have a lock already there, we
6694 * will delete it (and we shouldn't) .....
6696 for(i--; i >= 0; i--) {
6697 lock_pid = get_lock_pid( data, i, large_file_format);
6698 count = get_lock_count( data, i, large_file_format);
6699 offset = get_lock_offset( data, i, large_file_format,
6703 * There is no error code marked "stupid client
6707 END_PROFILE(SMBlockingX);
6708 reply_doserror(req, ERRDOS, ERRnoaccess);
6712 do_unlock(smbd_messaging_context(),
6719 END_PROFILE(SMBlockingX);
6720 reply_nterror(req, status);
6724 reply_outbuf(req, 2, 0);
6726 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6727 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6729 END_PROFILE(SMBlockingX);
6734 #define DBGC_CLASS DBGC_ALL
6736 /****************************************************************************
6737 Reply to a SMBreadbmpx (read block multiplex) request.
6738 Always reply with an error, if someone has a platform really needs this,
6739 please contact vl@samba.org
6740 ****************************************************************************/
6742 void reply_readbmpx(connection_struct *conn, struct smb_request *req)
6744 START_PROFILE(SMBreadBmpx);
6745 reply_doserror(req, ERRSRV, ERRuseSTD);
6746 END_PROFILE(SMBreadBmpx);
6750 /****************************************************************************
6751 Reply to a SMBreadbs (read block multiplex secondary) request.
6752 Always reply with an error, if someone has a platform really needs this,
6753 please contact vl@samba.org
6754 ****************************************************************************/
6756 void reply_readbs(connection_struct *conn, struct smb_request *req)
6758 START_PROFILE(SMBreadBs);
6759 reply_doserror(req, ERRSRV, ERRuseSTD);
6760 END_PROFILE(SMBreadBs);
6764 /****************************************************************************
6765 Reply to a SMBsetattrE.
6766 ****************************************************************************/
6768 void reply_setattrE(connection_struct *conn, struct smb_request *req)
6770 struct timespec ts[2];
6773 START_PROFILE(SMBsetattrE);
6776 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6777 END_PROFILE(SMBsetattrE);
6781 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6783 if(!fsp || (fsp->conn != conn)) {
6784 reply_doserror(req, ERRDOS, ERRbadfid);
6785 END_PROFILE(SMBsetattrE);
6791 * Convert the DOS times into unix times. Ignore create
6792 * time as UNIX can't set this.
6795 ts[0] = convert_time_t_to_timespec(
6796 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
6797 ts[1] = convert_time_t_to_timespec(
6798 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
6800 reply_outbuf(req, 0, 0);
6803 * Patch from Ray Frush <frush@engr.colostate.edu>
6804 * Sometimes times are sent as zero - ignore them.
6807 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6808 /* Ignore request */
6809 if( DEBUGLVL( 3 ) ) {
6810 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6811 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
6813 END_PROFILE(SMBsetattrE);
6815 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
6816 /* set modify time = to access time if modify time was unset */
6820 /* Set the date on this file */
6821 /* Should we set pending modtime here ? JRA */
6822 if(file_ntimes(conn, fsp->fsp_name, ts)) {
6823 reply_doserror(req, ERRDOS, ERRnoaccess);
6824 END_PROFILE(SMBsetattrE);
6828 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
6830 (unsigned int)ts[0].tv_sec,
6831 (unsigned int)ts[1].tv_sec));
6833 END_PROFILE(SMBsetattrE);
6838 /* Back from the dead for OS/2..... JRA. */
6840 /****************************************************************************
6841 Reply to a SMBwritebmpx (write block multiplex primary) request.
6842 Always reply with an error, if someone has a platform really needs this,
6843 please contact vl@samba.org
6844 ****************************************************************************/
6846 void reply_writebmpx(connection_struct *conn, struct smb_request *req)
6848 START_PROFILE(SMBwriteBmpx);
6849 reply_doserror(req, ERRSRV, ERRuseSTD);
6850 END_PROFILE(SMBwriteBmpx);
6854 /****************************************************************************
6855 Reply to a SMBwritebs (write block multiplex secondary) request.
6856 Always reply with an error, if someone has a platform really needs this,
6857 please contact vl@samba.org
6858 ****************************************************************************/
6860 void reply_writebs(connection_struct *conn, struct smb_request *req)
6862 START_PROFILE(SMBwriteBs);
6863 reply_doserror(req, ERRSRV, ERRuseSTD);
6864 END_PROFILE(SMBwriteBs);
6868 /****************************************************************************
6869 Reply to a SMBgetattrE.
6870 ****************************************************************************/
6872 void reply_getattrE(connection_struct *conn, struct smb_request *req)
6874 SMB_STRUCT_STAT sbuf;
6878 START_PROFILE(SMBgetattrE);
6881 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6882 END_PROFILE(SMBgetattrE);
6886 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6888 if(!fsp || (fsp->conn != conn)) {
6889 reply_doserror(req, ERRDOS, ERRbadfid);
6890 END_PROFILE(SMBgetattrE);
6894 /* Do an fstat on this file */
6895 if(fsp_stat(fsp, &sbuf)) {
6896 reply_unixerror(req, ERRDOS, ERRnoaccess);
6897 END_PROFILE(SMBgetattrE);
6901 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
6904 * Convert the times into dos times. Set create
6905 * date to be last modify date as UNIX doesn't save
6909 reply_outbuf(req, 11, 0);
6911 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
6912 get_create_time(&sbuf,
6913 lp_fake_dir_create_times(SNUM(conn))));
6914 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
6915 /* Should we check pending modtime here ? JRA */
6916 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
6919 SIVAL(req->outbuf, smb_vwv6, 0);
6920 SIVAL(req->outbuf, smb_vwv8, 0);
6922 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
6923 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
6924 SIVAL(req->outbuf, smb_vwv8, allocation_size);
6926 SSVAL(req->outbuf,smb_vwv10, mode);
6928 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
6930 END_PROFILE(SMBgetattrE);