2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
25 #include "../lib/util/tevent_ntstatus.h"
27 static struct tevent_req *smbd_smb2_write_send(TALLOC_CTX *mem_ctx,
28 struct tevent_context *ev,
29 struct smbd_smb2_request *smb2req,
31 uint64_t in_file_id_volatile,
35 static NTSTATUS smbd_smb2_write_recv(struct tevent_req *req,
38 static void smbd_smb2_request_write_done(struct tevent_req *subreq);
39 NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req)
42 const uint8_t *inbody;
43 int i = req->current_idx;
44 size_t expected_body_size = 0x31;
47 uint16_t in_data_offset;
48 uint32_t in_data_length;
49 DATA_BLOB in_data_buffer;
51 uint64_t in_file_id_persistent;
52 uint64_t in_file_id_volatile;
54 struct tevent_req *subreq;
56 inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
57 if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
58 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
61 inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
63 body_size = SVAL(inbody, 0x00);
64 if (body_size != expected_body_size) {
65 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
68 in_smbpid = IVAL(inhdr, SMB2_HDR_PID);
70 in_data_offset = SVAL(inbody, 0x02);
71 in_data_length = IVAL(inbody, 0x04);
72 in_offset = BVAL(inbody, 0x08);
73 in_file_id_persistent = BVAL(inbody, 0x10);
74 in_file_id_volatile = BVAL(inbody, 0x18);
75 in_flags = IVAL(inbody, 0x2C);
77 if (in_data_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
78 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
81 if (in_data_length > req->in.vector[i+2].iov_len) {
82 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
85 /* check the max write size */
86 if (in_data_length > lp_smb2_max_write()) {
87 /* This is a warning. */
88 DEBUG(2,("smbd_smb2_request_process_write : "
89 "client ignored max write :%s: 0x%08X: 0x%08X\n",
90 __location__, in_data_length, lp_smb2_max_write()));
92 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
96 in_data_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
97 in_data_buffer.length = in_data_length;
99 if (req->compat_chain_fsp) {
101 } else if (in_file_id_persistent != in_file_id_volatile) {
102 return smbd_smb2_request_error(req, NT_STATUS_FILE_CLOSED);
105 subreq = smbd_smb2_write_send(req,
106 req->sconn->smb2.event_ctx,
113 if (subreq == NULL) {
114 return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
116 tevent_req_set_callback(subreq, smbd_smb2_request_write_done, req);
118 return smbd_smb2_request_pending_queue(req, subreq);
121 static void smbd_smb2_request_write_done(struct tevent_req *subreq)
123 struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
124 struct smbd_smb2_request);
125 int i = req->current_idx;
129 uint32_t out_count = 0;
131 NTSTATUS error; /* transport error */
133 status = smbd_smb2_write_recv(subreq, &out_count);
135 if (!NT_STATUS_IS_OK(status)) {
136 error = smbd_smb2_request_error(req, status);
137 if (!NT_STATUS_IS_OK(error)) {
138 smbd_server_connection_terminate(req->sconn,
145 outhdr = (uint8_t *)req->out.vector[i].iov_base;
147 outbody = data_blob_talloc(req->out.vector, NULL, 0x10);
148 if (outbody.data == NULL) {
149 error = smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
150 if (!NT_STATUS_IS_OK(error)) {
151 smbd_server_connection_terminate(req->sconn,
158 SSVAL(outbody.data, 0x00, 0x10 + 1); /* struct size */
159 SSVAL(outbody.data, 0x02, 0); /* reserved */
160 SIVAL(outbody.data, 0x04, out_count); /* count */
161 SIVAL(outbody.data, 0x08, 0); /* remaining */
162 SSVAL(outbody.data, 0x0C, 0); /* write channel info offset */
163 SSVAL(outbody.data, 0x0E, 0); /* write channel info length */
165 outdyn = data_blob_const(NULL, 0);
167 error = smbd_smb2_request_done(req, outbody, &outdyn);
168 if (!NT_STATUS_IS_OK(error)) {
169 smbd_server_connection_terminate(req->sconn, nt_errstr(error));
174 struct smbd_smb2_write_state {
175 struct smbd_smb2_request *smb2req;
183 static void smbd_smb2_write_pipe_done(struct tevent_req *subreq);
185 NTSTATUS smb2_write_complete(struct tevent_req *req, ssize_t nwritten, int err)
188 struct smbd_smb2_write_state *state = tevent_req_data(req,
189 struct smbd_smb2_write_state);
190 files_struct *fsp = state->fsp;
192 DEBUG(3,("smb2: fnum=[%d/%s] "
193 "length=%lu offset=%lu wrote=%lu\n",
196 (unsigned long)state->in_length,
197 (unsigned long)state->in_offset,
198 (unsigned long)nwritten));
200 if (nwritten == -1) {
201 return map_nt_error_from_unix(err);
204 if ((nwritten == 0) && (state->in_length != 0)) {
205 DEBUG(5,("smb2: write [%s] disk full\n",
207 return NT_STATUS_DISK_FULL;
210 status = sync_file(fsp->conn, fsp, state->write_through);
211 if (!NT_STATUS_IS_OK(status)) {
212 DEBUG(5,("smb2: sync_file for %s returned %s\n",
218 state->out_count = nwritten;
223 static struct tevent_req *smbd_smb2_write_send(TALLOC_CTX *mem_ctx,
224 struct tevent_context *ev,
225 struct smbd_smb2_request *smb2req,
227 uint64_t in_file_id_volatile,
233 struct tevent_req *req = NULL;
234 struct smbd_smb2_write_state *state = NULL;
235 struct smb_request *smbreq = NULL;
236 connection_struct *conn = smb2req->tcon->compat_conn;
237 files_struct *fsp = NULL;
239 struct lock_struct lock;
241 req = tevent_req_create(mem_ctx, &state,
242 struct smbd_smb2_write_state);
246 state->smb2req = smb2req;
247 if (in_flags & 0x00000001) {
248 state->write_through = true;
250 state->in_length = in_data.length;
251 state->out_count = 0;
253 DEBUG(10,("smbd_smb2_write: file_id[0x%016llX]\n",
254 (unsigned long long)in_file_id_volatile));
256 smbreq = smbd_smb2_fake_smb_request(smb2req);
257 if (tevent_req_nomem(smbreq, req)) {
258 return tevent_req_post(req, ev);
261 fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile);
263 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
264 return tevent_req_post(req, ev);
266 if (conn != fsp->conn) {
267 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
268 return tevent_req_post(req, ev);
270 if (smb2req->session->vuid != fsp->vuid) {
271 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
272 return tevent_req_post(req, ev);
277 if (IS_IPC(smbreq->conn)) {
278 struct tevent_req *subreq = NULL;
280 if (!fsp_is_np(fsp)) {
281 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
282 return tevent_req_post(req, ev);
285 subreq = np_write_send(state, smbd_event_context(),
286 fsp->fake_file_handle,
289 if (tevent_req_nomem(subreq, req)) {
290 return tevent_req_post(req, ev);
292 tevent_req_set_callback(subreq,
293 smbd_smb2_write_pipe_done,
298 if (!CHECK_WRITE(fsp)) {
299 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
300 return tevent_req_post(req, ev);
303 /* Try and do an asynchronous write. */
304 status = schedule_aio_smb2_write(conn,
309 state->write_through);
311 if (NT_STATUS_IS_OK(status)) {
313 * Doing an async write. Don't
314 * send a "gone async" message
315 * as we expect this to be less
316 * than the client timeout period.
317 * JRA. FIXME for offline files..
318 * FIXME - add cancel code..
320 smb2req->async = true;
324 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
325 /* Real error in setting up aio. Fail. */
326 tevent_req_nterror(req, NT_STATUS_FILE_CLOSED);
327 return tevent_req_post(req, ev);
330 /* Fallback to synchronous. */
331 init_strict_lock_struct(fsp,
338 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
339 tevent_req_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
340 return tevent_req_post(req, ev);
343 nwritten = write_file(smbreq, fsp,
344 (const char *)in_data.data,
348 status = smb2_write_complete(req, nwritten, errno);
350 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
352 DEBUG(10,("smb2: write on "
353 "file %s, offset %.0f, requested %u, written = %u\n",
356 (unsigned int)in_data.length,
357 (unsigned int)nwritten ));
359 if (!NT_STATUS_IS_OK(status)) {
360 tevent_req_nterror(req, status);
363 tevent_req_done(req);
366 return tevent_req_post(req, ev);
369 static void smbd_smb2_write_pipe_done(struct tevent_req *subreq)
371 struct tevent_req *req = tevent_req_callback_data(subreq,
373 struct smbd_smb2_write_state *state = tevent_req_data(req,
374 struct smbd_smb2_write_state);
376 ssize_t nwritten = -1;
378 status = np_write_recv(subreq, &nwritten);
380 if (!NT_STATUS_IS_OK(status)) {
381 tevent_req_nterror(req, status);
385 if ((nwritten == 0 && state->in_length != 0) || (nwritten < 0)) {
386 tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
390 state->out_count = nwritten;
392 tevent_req_done(req);
395 static NTSTATUS smbd_smb2_write_recv(struct tevent_req *req,
399 struct smbd_smb2_write_state *state = tevent_req_data(req,
400 struct smbd_smb2_write_state);
402 if (tevent_req_is_nterror(req, &status)) {
403 tevent_req_received(req);
407 *out_count = state->out_count;
409 tevent_req_received(req);