2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 extern uint32 global_client_caps;
34 extern bool global_encrypted_passwords_negotiated;
36 /****************************************************************************
37 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
38 path or anything including wildcards.
39 We're assuming here that '/' is not the second byte in any multibyte char
40 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
42 ****************************************************************************/
44 /* Custom version for processing POSIX paths. */
45 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
47 static NTSTATUS check_path_syntax_internal(char *path,
49 bool *p_last_component_contains_wcard)
53 NTSTATUS ret = NT_STATUS_OK;
54 bool start_of_name_component = True;
55 bool stream_started = false;
57 *p_last_component_contains_wcard = False;
64 return NT_STATUS_OBJECT_NAME_INVALID;
67 return NT_STATUS_OBJECT_NAME_INVALID;
69 if (strchr_m(&s[1], ':')) {
70 return NT_STATUS_OBJECT_NAME_INVALID;
72 if (StrCaseCmp(s, ":$DATA") != 0) {
73 return NT_STATUS_INVALID_PARAMETER;
79 if (!stream_started && *s == ':') {
80 if (*p_last_component_contains_wcard) {
81 return NT_STATUS_OBJECT_NAME_INVALID;
83 /* stream names allow more characters than file names */
84 stream_started = true;
85 start_of_name_component = false;
89 return NT_STATUS_OBJECT_NAME_INVALID;
93 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
95 * Safe to assume is not the second part of a mb char
96 * as this is handled below.
98 /* Eat multiple '/' or '\\' */
99 while (IS_PATH_SEP(*s,posix_path)) {
102 if ((d != path) && (*s != '\0')) {
103 /* We only care about non-leading or trailing '/' or '\\' */
107 start_of_name_component = True;
109 *p_last_component_contains_wcard = False;
113 if (start_of_name_component) {
114 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
115 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
118 * No mb char starts with '.' so we're safe checking the directory separator here.
121 /* If we just added a '/' - delete it */
122 if ((d > path) && (*(d-1) == '/')) {
127 /* Are we at the start ? Can't go back further if so. */
129 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
132 /* Go back one level... */
133 /* We know this is safe as '/' cannot be part of a mb sequence. */
134 /* NOTE - if this assumption is invalid we are not in good shape... */
135 /* Decrement d first as d points to the *next* char to write into. */
136 for (d--; d > path; d--) {
140 s += 2; /* Else go past the .. */
141 /* We're still at the start of a name component, just the previous one. */
144 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
156 if (*s <= 0x1f || *s == '|') {
157 return NT_STATUS_OBJECT_NAME_INVALID;
165 *p_last_component_contains_wcard = True;
174 /* Get the size of the next MB character. */
175 next_codepoint(s,&siz);
193 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
195 return NT_STATUS_INVALID_PARAMETER;
198 start_of_name_component = False;
206 /****************************************************************************
207 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
208 No wildcards allowed.
209 ****************************************************************************/
211 NTSTATUS check_path_syntax(char *path)
214 return check_path_syntax_internal(path, False, &ignore);
217 /****************************************************************************
218 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
219 Wildcards allowed - p_contains_wcard returns true if the last component contained
221 ****************************************************************************/
223 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
225 return check_path_syntax_internal(path, False, p_contains_wcard);
228 /****************************************************************************
229 Check the path for a POSIX client.
230 We're assuming here that '/' is not the second byte in any multibyte char
231 set (a safe assumption).
232 ****************************************************************************/
234 NTSTATUS check_path_syntax_posix(char *path)
237 return check_path_syntax_internal(path, True, &ignore);
240 /****************************************************************************
241 Pull a string and check the path allowing a wilcard - provide for error return.
242 ****************************************************************************/
244 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
245 const char *base_ptr,
252 bool *contains_wcard)
258 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
262 *err = NT_STATUS_INVALID_PARAMETER;
266 *contains_wcard = False;
268 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
270 * For a DFS path the function parse_dfs_path()
271 * will do the path processing, just make a copy.
277 if (lp_posix_pathnames()) {
278 *err = check_path_syntax_posix(*pp_dest);
280 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
286 /****************************************************************************
287 Pull a string and check the path - provide for error return.
288 ****************************************************************************/
290 size_t srvstr_get_path(TALLOC_CTX *ctx,
291 const char *base_ptr,
300 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
301 src_len, flags, err, &ignore);
304 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
305 char **pp_dest, const char *src, int flags,
306 NTSTATUS *err, bool *contains_wcard)
308 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
309 pp_dest, src, smbreq_bufrem(req, src),
310 flags, err, contains_wcard);
313 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
314 char **pp_dest, const char *src, int flags,
318 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
319 flags, err, &ignore);
322 /****************************************************************************
323 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
324 ****************************************************************************/
326 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
329 if (!(fsp) || !(conn)) {
330 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
333 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
334 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
340 /****************************************************************************
341 Check if we have a correct fsp pointing to a file.
342 ****************************************************************************/
344 bool check_fsp(connection_struct *conn, struct smb_request *req,
347 if (!check_fsp_open(conn, req, fsp)) {
350 if ((fsp)->is_directory) {
351 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
354 if ((fsp)->fh->fd == -1) {
355 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
358 (fsp)->num_smb_operations++;
362 /****************************************************************************
363 Check if we have a correct fsp pointing to a quota fake file. Replacement for
364 the CHECK_NTQUOTA_HANDLE_OK macro.
365 ****************************************************************************/
367 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
370 if (!check_fsp_open(conn, req, fsp)) {
374 if (fsp->is_directory) {
378 if (fsp->fake_file_handle == NULL) {
382 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
386 if (fsp->fake_file_handle->private_data == NULL) {
393 /****************************************************************************
394 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
395 ****************************************************************************/
397 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
400 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
401 && (req->vuid == (fsp)->vuid)) {
405 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
409 /****************************************************************************
410 Reply to a (netbios-level) special message.
411 ****************************************************************************/
413 void reply_special(char *inbuf)
415 int msg_type = CVAL(inbuf,0);
416 int msg_flags = CVAL(inbuf,1);
421 * We only really use 4 bytes of the outbuf, but for the smb_setlen
422 * calculation & friends (srv_send_smb uses that) we need the full smb
425 char outbuf[smb_size];
427 static bool already_got_session = False;
431 memset(outbuf, '\0', sizeof(outbuf));
433 smb_setlen(outbuf,0);
436 case 0x81: /* session request */
438 if (already_got_session) {
439 exit_server_cleanly("multiple session request not permitted");
442 SCVAL(outbuf,0,0x82);
444 if (name_len(inbuf+4) > 50 ||
445 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
446 DEBUG(0,("Invalid name length in session request\n"));
449 name_extract(inbuf,4,name1);
450 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
451 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
454 set_local_machine_name(name1, True);
455 set_remote_machine_name(name2, True);
457 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
458 get_local_machine_name(), get_remote_machine_name(),
461 if (name_type == 'R') {
462 /* We are being asked for a pathworks session ---
464 SCVAL(outbuf, 0,0x83);
468 /* only add the client's machine name to the list
469 of possibly valid usernames if we are operating
470 in share mode security */
471 if (lp_security() == SEC_SHARE) {
472 add_session_user(get_remote_machine_name());
475 reload_services(True);
478 already_got_session = True;
481 case 0x89: /* session keepalive request
482 (some old clients produce this?) */
483 SCVAL(outbuf,0,SMBkeepalive);
487 case 0x82: /* positive session response */
488 case 0x83: /* negative session response */
489 case 0x84: /* retarget session response */
490 DEBUG(0,("Unexpected session response\n"));
493 case SMBkeepalive: /* session keepalive */
498 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
499 msg_type, msg_flags));
501 srv_send_smb(smbd_server_fd(), outbuf, false);
505 /****************************************************************************
507 conn POINTER CAN BE NULL HERE !
508 ****************************************************************************/
510 void reply_tcon(struct smb_request *req)
512 connection_struct *conn = req->conn;
514 char *service_buf = NULL;
515 char *password = NULL;
520 DATA_BLOB password_blob;
521 TALLOC_CTX *ctx = talloc_tos();
523 START_PROFILE(SMBtcon);
525 if (req->buflen < 4) {
526 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
527 END_PROFILE(SMBtcon);
531 p = (const char *)req->buf + 1;
532 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
534 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
536 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
539 if (service_buf == NULL || password == NULL || dev == NULL) {
540 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
541 END_PROFILE(SMBtcon);
544 p = strrchr_m(service_buf,'\\');
548 service = service_buf;
551 password_blob = data_blob(password, pwlen+1);
553 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
556 data_blob_clear_free(&password_blob);
559 reply_nterror(req, nt_status);
560 END_PROFILE(SMBtcon);
564 reply_outbuf(req, 2, 0);
565 SSVAL(req->outbuf,smb_vwv0,max_recv);
566 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
567 SSVAL(req->outbuf,smb_tid,conn->cnum);
569 DEBUG(3,("tcon service=%s cnum=%d\n",
570 service, conn->cnum));
572 END_PROFILE(SMBtcon);
576 /****************************************************************************
577 Reply to a tcon and X.
578 conn POINTER CAN BE NULL HERE !
579 ****************************************************************************/
581 void reply_tcon_and_X(struct smb_request *req)
583 connection_struct *conn = req->conn;
584 const char *service = NULL;
586 TALLOC_CTX *ctx = talloc_tos();
587 /* what the cleint thinks the device is */
588 char *client_devicetype = NULL;
589 /* what the server tells the client the share represents */
590 const char *server_devicetype;
597 START_PROFILE(SMBtconX);
600 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
601 END_PROFILE(SMBtconX);
605 passlen = SVAL(req->vwv+3, 0);
606 tcon_flags = SVAL(req->vwv+2, 0);
608 /* we might have to close an old one */
609 if ((tcon_flags & 0x1) && conn) {
610 close_cnum(conn,req->vuid);
615 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
616 reply_doserror(req, ERRDOS, ERRbuftoosmall);
617 END_PROFILE(SMBtconX);
621 if (global_encrypted_passwords_negotiated) {
622 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
623 if (lp_security() == SEC_SHARE) {
625 * Security = share always has a pad byte
626 * after the password.
628 p = (const char *)req->buf + passlen + 1;
630 p = (const char *)req->buf + passlen;
633 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
634 /* Ensure correct termination */
635 password.data[passlen]=0;
636 p = (const char *)req->buf + passlen + 1;
639 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
642 data_blob_clear_free(&password);
643 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
644 END_PROFILE(SMBtconX);
649 * the service name can be either: \\server\share
650 * or share directly like on the DELL PowerVault 705
653 q = strchr_m(path+2,'\\');
655 data_blob_clear_free(&password);
656 reply_doserror(req, ERRDOS, ERRnosuchshare);
657 END_PROFILE(SMBtconX);
665 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
666 &client_devicetype, p,
667 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
669 if (client_devicetype == NULL) {
670 data_blob_clear_free(&password);
671 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
672 END_PROFILE(SMBtconX);
676 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
678 conn = make_connection(service, password, client_devicetype,
679 req->vuid, &nt_status);
682 data_blob_clear_free(&password);
685 reply_nterror(req, nt_status);
686 END_PROFILE(SMBtconX);
691 server_devicetype = "IPC";
692 else if ( IS_PRINT(conn) )
693 server_devicetype = "LPT1:";
695 server_devicetype = "A:";
697 if (Protocol < PROTOCOL_NT1) {
698 reply_outbuf(req, 2, 0);
699 if (message_push_string(&req->outbuf, server_devicetype,
700 STR_TERMINATE|STR_ASCII) == -1) {
701 reply_nterror(req, NT_STATUS_NO_MEMORY);
702 END_PROFILE(SMBtconX);
706 /* NT sets the fstype of IPC$ to the null string */
707 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
709 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
710 /* Return permissions. */
714 reply_outbuf(req, 7, 0);
717 perm1 = FILE_ALL_ACCESS;
718 perm2 = FILE_ALL_ACCESS;
720 perm1 = CAN_WRITE(conn) ?
725 SIVAL(req->outbuf, smb_vwv3, perm1);
726 SIVAL(req->outbuf, smb_vwv5, perm2);
728 reply_outbuf(req, 3, 0);
731 if ((message_push_string(&req->outbuf, server_devicetype,
732 STR_TERMINATE|STR_ASCII) == -1)
733 || (message_push_string(&req->outbuf, fstype,
734 STR_TERMINATE) == -1)) {
735 reply_nterror(req, NT_STATUS_NO_MEMORY);
736 END_PROFILE(SMBtconX);
740 /* what does setting this bit do? It is set by NT4 and
741 may affect the ability to autorun mounted cdroms */
742 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
743 (lp_csc_policy(SNUM(conn)) << 2));
745 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
746 DEBUG(2,("Serving %s as a Dfs root\n",
747 lp_servicename(SNUM(conn)) ));
748 SSVAL(req->outbuf, smb_vwv2,
749 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
754 DEBUG(3,("tconX service=%s \n",
757 /* set the incoming and outgoing tid to the just created one */
758 SSVAL(req->inbuf,smb_tid,conn->cnum);
759 SSVAL(req->outbuf,smb_tid,conn->cnum);
761 END_PROFILE(SMBtconX);
767 /****************************************************************************
768 Reply to an unknown type.
769 ****************************************************************************/
771 void reply_unknown_new(struct smb_request *req, uint8 type)
773 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
774 smb_fn_name(type), type, type));
775 reply_doserror(req, ERRSRV, ERRunknownsmb);
779 /****************************************************************************
781 conn POINTER CAN BE NULL HERE !
782 ****************************************************************************/
784 void reply_ioctl(struct smb_request *req)
786 connection_struct *conn = req->conn;
793 START_PROFILE(SMBioctl);
796 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
797 END_PROFILE(SMBioctl);
801 device = SVAL(req->vwv+1, 0);
802 function = SVAL(req->vwv+2, 0);
803 ioctl_code = (device << 16) + function;
805 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
807 switch (ioctl_code) {
808 case IOCTL_QUERY_JOB_INFO:
812 reply_doserror(req, ERRSRV, ERRnosupport);
813 END_PROFILE(SMBioctl);
817 reply_outbuf(req, 8, replysize+1);
818 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
819 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
820 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
821 p = smb_buf(req->outbuf);
822 memset(p, '\0', replysize+1); /* valgrind-safe. */
823 p += 1; /* Allow for alignment */
825 switch (ioctl_code) {
826 case IOCTL_QUERY_JOB_INFO:
828 files_struct *fsp = file_fsp(
829 req, SVAL(req->vwv+0, 0));
831 reply_doserror(req, ERRDOS, ERRbadfid);
832 END_PROFILE(SMBioctl);
835 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
836 srvstr_push((char *)req->outbuf, req->flags2, p+2,
838 STR_TERMINATE|STR_ASCII);
840 srvstr_push((char *)req->outbuf, req->flags2,
841 p+18, lp_servicename(SNUM(conn)),
842 13, STR_TERMINATE|STR_ASCII);
850 END_PROFILE(SMBioctl);
854 /****************************************************************************
855 Strange checkpath NTSTATUS mapping.
856 ****************************************************************************/
858 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
860 /* Strange DOS error code semantics only for checkpath... */
861 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
862 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
863 /* We need to map to ERRbadpath */
864 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
870 /****************************************************************************
871 Reply to a checkpath.
872 ****************************************************************************/
874 void reply_checkpath(struct smb_request *req)
876 connection_struct *conn = req->conn;
878 SMB_STRUCT_STAT sbuf;
880 TALLOC_CTX *ctx = talloc_tos();
882 START_PROFILE(SMBcheckpath);
884 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
885 STR_TERMINATE, &status);
887 if (!NT_STATUS_IS_OK(status)) {
888 status = map_checkpath_error(req->flags2, status);
889 reply_nterror(req, status);
890 END_PROFILE(SMBcheckpath);
894 status = resolve_dfspath(ctx, conn,
895 req->flags2 & FLAGS2_DFS_PATHNAMES,
898 if (!NT_STATUS_IS_OK(status)) {
899 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
900 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
902 END_PROFILE(SMBcheckpath);
908 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
910 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
911 if (!NT_STATUS_IS_OK(status)) {
915 status = check_name(conn, name);
916 if (!NT_STATUS_IS_OK(status)) {
917 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
921 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
922 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
923 status = map_nt_error_from_unix(errno);
927 if (!S_ISDIR(sbuf.st_mode)) {
928 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
930 END_PROFILE(SMBcheckpath);
934 reply_outbuf(req, 0, 0);
936 END_PROFILE(SMBcheckpath);
941 END_PROFILE(SMBcheckpath);
943 /* We special case this - as when a Windows machine
944 is parsing a path is steps through the components
945 one at a time - if a component fails it expects
946 ERRbadpath, not ERRbadfile.
948 status = map_checkpath_error(req->flags2, status);
949 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
951 * Windows returns different error codes if
952 * the parent directory is valid but not the
953 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
954 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
955 * if the path is invalid.
957 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
962 reply_nterror(req, status);
965 /****************************************************************************
967 ****************************************************************************/
969 void reply_getatr(struct smb_request *req)
971 connection_struct *conn = req->conn;
973 SMB_STRUCT_STAT sbuf;
979 TALLOC_CTX *ctx = talloc_tos();
981 START_PROFILE(SMBgetatr);
983 p = (const char *)req->buf + 1;
984 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
985 if (!NT_STATUS_IS_OK(status)) {
986 reply_nterror(req, status);
987 END_PROFILE(SMBgetatr);
991 status = resolve_dfspath(ctx, conn,
992 req->flags2 & FLAGS2_DFS_PATHNAMES,
995 if (!NT_STATUS_IS_OK(status)) {
996 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
997 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
999 END_PROFILE(SMBgetatr);
1002 reply_nterror(req, status);
1003 END_PROFILE(SMBgetatr);
1007 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1008 under WfWg - weird! */
1009 if (*fname == '\0') {
1010 mode = aHIDDEN | aDIR;
1011 if (!CAN_WRITE(conn)) {
1017 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1018 if (!NT_STATUS_IS_OK(status)) {
1019 reply_nterror(req, status);
1020 END_PROFILE(SMBgetatr);
1023 status = check_name(conn, fname);
1024 if (!NT_STATUS_IS_OK(status)) {
1025 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1026 reply_nterror(req, status);
1027 END_PROFILE(SMBgetatr);
1030 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1031 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1032 reply_unixerror(req, ERRDOS,ERRbadfile);
1033 END_PROFILE(SMBgetatr);
1037 mode = dos_mode(conn,fname,&sbuf);
1038 size = sbuf.st_size;
1039 mtime = sbuf.st_mtime;
1045 reply_outbuf(req, 10, 0);
1047 SSVAL(req->outbuf,smb_vwv0,mode);
1048 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1049 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1051 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1053 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1055 if (Protocol >= PROTOCOL_NT1) {
1056 SSVAL(req->outbuf, smb_flg2,
1057 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1060 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1062 END_PROFILE(SMBgetatr);
1066 /****************************************************************************
1068 ****************************************************************************/
1070 void reply_setatr(struct smb_request *req)
1072 struct timespec ts[2];
1073 connection_struct *conn = req->conn;
1077 SMB_STRUCT_STAT sbuf;
1080 TALLOC_CTX *ctx = talloc_tos();
1082 START_PROFILE(SMBsetatr);
1087 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1091 p = (const char *)req->buf + 1;
1092 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1093 if (!NT_STATUS_IS_OK(status)) {
1094 reply_nterror(req, status);
1095 END_PROFILE(SMBsetatr);
1099 status = resolve_dfspath(ctx, conn,
1100 req->flags2 & FLAGS2_DFS_PATHNAMES,
1103 if (!NT_STATUS_IS_OK(status)) {
1104 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1105 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1106 ERRSRV, ERRbadpath);
1107 END_PROFILE(SMBsetatr);
1110 reply_nterror(req, status);
1111 END_PROFILE(SMBsetatr);
1115 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1116 if (!NT_STATUS_IS_OK(status)) {
1117 reply_nterror(req, status);
1118 END_PROFILE(SMBsetatr);
1122 status = check_name(conn, fname);
1123 if (!NT_STATUS_IS_OK(status)) {
1124 reply_nterror(req, status);
1125 END_PROFILE(SMBsetatr);
1129 if (fname[0] == '.' && fname[1] == '\0') {
1131 * Not sure here is the right place to catch this
1132 * condition. Might be moved to somewhere else later -- vl
1134 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1135 END_PROFILE(SMBsetatr);
1139 mode = SVAL(req->vwv+0, 0);
1140 mtime = srv_make_unix_date3(req->vwv+1);
1142 ts[1] = convert_time_t_to_timespec(mtime);
1143 status = smb_set_file_time(conn, NULL, fname,
1145 if (!NT_STATUS_IS_OK(status)) {
1146 reply_unixerror(req, ERRDOS, ERRnoaccess);
1147 END_PROFILE(SMBsetatr);
1151 if (mode != FILE_ATTRIBUTE_NORMAL) {
1152 if (VALID_STAT_OF_DIR(sbuf))
1157 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1158 reply_unixerror(req, ERRDOS, ERRnoaccess);
1159 END_PROFILE(SMBsetatr);
1164 reply_outbuf(req, 0, 0);
1166 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1168 END_PROFILE(SMBsetatr);
1172 /****************************************************************************
1174 ****************************************************************************/
1176 void reply_dskattr(struct smb_request *req)
1178 connection_struct *conn = req->conn;
1179 uint64_t dfree,dsize,bsize;
1180 START_PROFILE(SMBdskattr);
1182 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1183 reply_unixerror(req, ERRHRD, ERRgeneral);
1184 END_PROFILE(SMBdskattr);
1188 reply_outbuf(req, 5, 0);
1190 if (Protocol <= PROTOCOL_LANMAN2) {
1191 double total_space, free_space;
1192 /* we need to scale this to a number that DOS6 can handle. We
1193 use floating point so we can handle large drives on systems
1194 that don't have 64 bit integers
1196 we end up displaying a maximum of 2G to DOS systems
1198 total_space = dsize * (double)bsize;
1199 free_space = dfree * (double)bsize;
1201 dsize = (uint64_t)((total_space+63*512) / (64*512));
1202 dfree = (uint64_t)((free_space+63*512) / (64*512));
1204 if (dsize > 0xFFFF) dsize = 0xFFFF;
1205 if (dfree > 0xFFFF) dfree = 0xFFFF;
1207 SSVAL(req->outbuf,smb_vwv0,dsize);
1208 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1209 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1210 SSVAL(req->outbuf,smb_vwv3,dfree);
1212 SSVAL(req->outbuf,smb_vwv0,dsize);
1213 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1214 SSVAL(req->outbuf,smb_vwv2,512);
1215 SSVAL(req->outbuf,smb_vwv3,dfree);
1218 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1220 END_PROFILE(SMBdskattr);
1224 /****************************************************************************
1226 Can be called from SMBsearch, SMBffirst or SMBfunique.
1227 ****************************************************************************/
1229 void reply_search(struct smb_request *req)
1231 connection_struct *conn = req->conn;
1232 const char *mask = NULL;
1233 char *directory = NULL;
1239 unsigned int numentries = 0;
1240 unsigned int maxentries = 0;
1241 bool finished = False;
1247 bool check_descend = False;
1248 bool expect_close = False;
1250 bool mask_contains_wcard = False;
1251 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1252 TALLOC_CTX *ctx = talloc_tos();
1253 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1255 START_PROFILE(SMBsearch);
1258 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1259 END_PROFILE(SMBsearch);
1263 if (lp_posix_pathnames()) {
1264 reply_unknown_new(req, req->cmd);
1265 END_PROFILE(SMBsearch);
1269 /* If we were called as SMBffirst then we must expect close. */
1270 if(req->cmd == SMBffirst) {
1271 expect_close = True;
1274 reply_outbuf(req, 1, 3);
1275 maxentries = SVAL(req->vwv+0, 0);
1276 dirtype = SVAL(req->vwv+1, 0);
1277 p = (const char *)req->buf + 1;
1278 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1279 &nt_status, &mask_contains_wcard);
1280 if (!NT_STATUS_IS_OK(nt_status)) {
1281 reply_nterror(req, nt_status);
1282 END_PROFILE(SMBsearch);
1286 nt_status = resolve_dfspath_wcard(ctx, conn,
1287 req->flags2 & FLAGS2_DFS_PATHNAMES,
1290 &mask_contains_wcard);
1291 if (!NT_STATUS_IS_OK(nt_status)) {
1292 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1293 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1294 ERRSRV, ERRbadpath);
1295 END_PROFILE(SMBsearch);
1298 reply_nterror(req, nt_status);
1299 END_PROFILE(SMBsearch);
1304 status_len = SVAL(p, 0);
1307 /* dirtype &= ~aDIR; */
1309 if (status_len == 0) {
1310 SMB_STRUCT_STAT sbuf;
1312 nt_status = unix_convert(ctx, conn, path, True,
1313 &directory, NULL, &sbuf);
1314 if (!NT_STATUS_IS_OK(nt_status)) {
1315 reply_nterror(req, nt_status);
1316 END_PROFILE(SMBsearch);
1320 nt_status = check_name(conn, directory);
1321 if (!NT_STATUS_IS_OK(nt_status)) {
1322 reply_nterror(req, nt_status);
1323 END_PROFILE(SMBsearch);
1327 p = strrchr_m(directory,'/');
1328 if ((p != NULL) && (*directory != '/')) {
1330 directory = talloc_strndup(ctx, directory,
1331 PTR_DIFF(p, directory));
1334 directory = talloc_strdup(ctx,".");
1338 reply_nterror(req, NT_STATUS_NO_MEMORY);
1339 END_PROFILE(SMBsearch);
1343 memset((char *)status,'\0',21);
1344 SCVAL(status,0,(dirtype & 0x1F));
1346 nt_status = dptr_create(conn,
1352 mask_contains_wcard,
1355 if (!NT_STATUS_IS_OK(nt_status)) {
1356 reply_nterror(req, nt_status);
1357 END_PROFILE(SMBsearch);
1360 dptr_num = dptr_dnum(conn->dirptr);
1364 memcpy(status,p,21);
1365 status_dirtype = CVAL(status,0) & 0x1F;
1366 if (status_dirtype != (dirtype & 0x1F)) {
1367 dirtype = status_dirtype;
1370 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1371 if (!conn->dirptr) {
1374 string_set(&conn->dirpath,dptr_path(dptr_num));
1375 mask = dptr_wcard(dptr_num);
1380 * For a 'continue' search we have no string. So
1381 * check from the initial saved string.
1383 mask_contains_wcard = ms_has_wild(mask);
1384 dirtype = dptr_attr(dptr_num);
1387 DEBUG(4,("dptr_num is %d\n",dptr_num));
1389 if ((dirtype&0x1F) == aVOLID) {
1390 char buf[DIR_STRUCT_SIZE];
1391 memcpy(buf,status,21);
1392 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1393 0,aVOLID,0,!allow_long_path_components)) {
1394 reply_nterror(req, NT_STATUS_NO_MEMORY);
1395 END_PROFILE(SMBsearch);
1398 dptr_fill(buf+12,dptr_num);
1399 if (dptr_zero(buf+12) && (status_len==0)) {
1404 if (message_push_blob(&req->outbuf,
1405 data_blob_const(buf, sizeof(buf)))
1407 reply_nterror(req, NT_STATUS_NO_MEMORY);
1408 END_PROFILE(SMBsearch);
1416 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1419 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1420 conn->dirpath,lp_dontdescend(SNUM(conn))));
1421 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1422 check_descend = True;
1425 for (i=numentries;(i<maxentries) && !finished;i++) {
1426 finished = !get_dir_entry(ctx,
1437 char buf[DIR_STRUCT_SIZE];
1438 memcpy(buf,status,21);
1439 if (!make_dir_struct(ctx,
1446 !allow_long_path_components)) {
1447 reply_nterror(req, NT_STATUS_NO_MEMORY);
1448 END_PROFILE(SMBsearch);
1451 if (!dptr_fill(buf+12,dptr_num)) {
1454 if (message_push_blob(&req->outbuf,
1455 data_blob_const(buf, sizeof(buf)))
1457 reply_nterror(req, NT_STATUS_NO_MEMORY);
1458 END_PROFILE(SMBsearch);
1468 /* If we were called as SMBffirst with smb_search_id == NULL
1469 and no entries were found then return error and close dirptr
1472 if (numentries == 0) {
1473 dptr_close(&dptr_num);
1474 } else if(expect_close && status_len == 0) {
1475 /* Close the dptr - we know it's gone */
1476 dptr_close(&dptr_num);
1479 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1480 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1481 dptr_close(&dptr_num);
1484 if ((numentries == 0) && !mask_contains_wcard) {
1485 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1486 END_PROFILE(SMBsearch);
1490 SSVAL(req->outbuf,smb_vwv0,numentries);
1491 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1492 SCVAL(smb_buf(req->outbuf),0,5);
1493 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1495 /* The replies here are never long name. */
1496 SSVAL(req->outbuf, smb_flg2,
1497 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1498 if (!allow_long_path_components) {
1499 SSVAL(req->outbuf, smb_flg2,
1500 SVAL(req->outbuf, smb_flg2)
1501 & (~FLAGS2_LONG_PATH_COMPONENTS));
1504 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1505 SSVAL(req->outbuf, smb_flg2,
1506 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1509 directory = dptr_path(dptr_num);
1512 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1513 smb_fn_name(req->cmd),
1515 directory ? directory : "./",
1520 END_PROFILE(SMBsearch);
1524 /****************************************************************************
1525 Reply to a fclose (stop directory search).
1526 ****************************************************************************/
1528 void reply_fclose(struct smb_request *req)
1536 bool path_contains_wcard = False;
1537 TALLOC_CTX *ctx = talloc_tos();
1539 START_PROFILE(SMBfclose);
1541 if (lp_posix_pathnames()) {
1542 reply_unknown_new(req, req->cmd);
1543 END_PROFILE(SMBfclose);
1547 p = (const char *)req->buf + 1;
1548 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1549 &err, &path_contains_wcard);
1550 if (!NT_STATUS_IS_OK(err)) {
1551 reply_nterror(req, err);
1552 END_PROFILE(SMBfclose);
1556 status_len = SVAL(p,0);
1559 if (status_len == 0) {
1560 reply_doserror(req, ERRSRV, ERRsrverror);
1561 END_PROFILE(SMBfclose);
1565 memcpy(status,p,21);
1567 if(dptr_fetch(status+12,&dptr_num)) {
1568 /* Close the dptr - we know it's gone */
1569 dptr_close(&dptr_num);
1572 reply_outbuf(req, 1, 0);
1573 SSVAL(req->outbuf,smb_vwv0,0);
1575 DEBUG(3,("search close\n"));
1577 END_PROFILE(SMBfclose);
1581 /****************************************************************************
1583 ****************************************************************************/
1585 void reply_open(struct smb_request *req)
1587 connection_struct *conn = req->conn;
1593 SMB_STRUCT_STAT sbuf;
1600 uint32 create_disposition;
1601 uint32 create_options = 0;
1603 TALLOC_CTX *ctx = talloc_tos();
1605 START_PROFILE(SMBopen);
1608 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1609 END_PROFILE(SMBopen);
1613 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1614 deny_mode = SVAL(req->vwv+0, 0);
1615 dos_attr = SVAL(req->vwv+1, 0);
1617 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1618 STR_TERMINATE, &status);
1619 if (!NT_STATUS_IS_OK(status)) {
1620 reply_nterror(req, status);
1621 END_PROFILE(SMBopen);
1625 if (!map_open_params_to_ntcreate(
1626 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1627 &share_mode, &create_disposition, &create_options)) {
1628 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1629 END_PROFILE(SMBopen);
1633 status = create_file(conn, /* conn */
1635 0, /* root_dir_fid */
1637 access_mask, /* access_mask */
1638 share_mode, /* share_access */
1639 create_disposition, /* create_disposition*/
1640 create_options, /* create_options */
1641 dos_attr, /* file_attributes */
1642 oplock_request, /* oplock_request */
1643 0, /* allocation_size */
1650 if (!NT_STATUS_IS_OK(status)) {
1651 if (open_was_deferred(req->mid)) {
1652 /* We have re-scheduled this call. */
1653 END_PROFILE(SMBopen);
1656 reply_openerror(req, status);
1657 END_PROFILE(SMBopen);
1661 size = sbuf.st_size;
1662 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1663 mtime = sbuf.st_mtime;
1666 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1667 close_file(req, fsp, ERROR_CLOSE);
1668 reply_doserror(req, ERRDOS,ERRnoaccess);
1669 END_PROFILE(SMBopen);
1673 reply_outbuf(req, 7, 0);
1674 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1675 SSVAL(req->outbuf,smb_vwv1,fattr);
1676 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1677 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1679 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1681 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1682 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1684 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1685 SCVAL(req->outbuf,smb_flg,
1686 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1689 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1690 SCVAL(req->outbuf,smb_flg,
1691 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1693 END_PROFILE(SMBopen);
1697 /****************************************************************************
1698 Reply to an open and X.
1699 ****************************************************************************/
1701 void reply_open_and_X(struct smb_request *req)
1703 connection_struct *conn = req->conn;
1708 /* Breakout the oplock request bits so we can set the
1709 reply bits separately. */
1710 int ex_oplock_request;
1711 int core_oplock_request;
1714 int smb_sattr = SVAL(req->vwv+4, 0);
1715 uint32 smb_time = make_unix_date3(req->vwv+6);
1720 SMB_STRUCT_STAT sbuf;
1724 uint64_t allocation_size;
1725 ssize_t retval = -1;
1728 uint32 create_disposition;
1729 uint32 create_options = 0;
1730 TALLOC_CTX *ctx = talloc_tos();
1732 START_PROFILE(SMBopenX);
1734 if (req->wct < 15) {
1735 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1736 END_PROFILE(SMBopenX);
1740 open_flags = SVAL(req->vwv+2, 0);
1741 deny_mode = SVAL(req->vwv+3, 0);
1742 smb_attr = SVAL(req->vwv+5, 0);
1743 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1744 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1745 oplock_request = ex_oplock_request | core_oplock_request;
1746 smb_ofun = SVAL(req->vwv+8, 0);
1747 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1749 /* If it's an IPC, pass off the pipe handler. */
1751 if (lp_nt_pipe_support()) {
1752 reply_open_pipe_and_X(conn, req);
1754 reply_doserror(req, ERRSRV, ERRaccess);
1756 END_PROFILE(SMBopenX);
1760 /* XXXX we need to handle passed times, sattr and flags */
1761 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1762 STR_TERMINATE, &status);
1763 if (!NT_STATUS_IS_OK(status)) {
1764 reply_nterror(req, status);
1765 END_PROFILE(SMBopenX);
1769 if (!map_open_params_to_ntcreate(
1770 fname, deny_mode, smb_ofun, &access_mask,
1771 &share_mode, &create_disposition, &create_options)) {
1772 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1773 END_PROFILE(SMBopenX);
1777 status = create_file(conn, /* conn */
1779 0, /* root_dir_fid */
1781 access_mask, /* access_mask */
1782 share_mode, /* share_access */
1783 create_disposition, /* create_disposition*/
1784 create_options, /* create_options */
1785 smb_attr, /* file_attributes */
1786 oplock_request, /* oplock_request */
1787 0, /* allocation_size */
1791 &smb_action, /* pinfo */
1794 if (!NT_STATUS_IS_OK(status)) {
1795 END_PROFILE(SMBopenX);
1796 if (open_was_deferred(req->mid)) {
1797 /* We have re-scheduled this call. */
1800 reply_openerror(req, status);
1804 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1805 if the file is truncated or created. */
1806 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1807 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1808 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1809 close_file(req, fsp, ERROR_CLOSE);
1810 reply_nterror(req, NT_STATUS_DISK_FULL);
1811 END_PROFILE(SMBopenX);
1814 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1816 close_file(req, fsp, ERROR_CLOSE);
1817 reply_nterror(req, NT_STATUS_DISK_FULL);
1818 END_PROFILE(SMBopenX);
1821 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1824 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1825 mtime = sbuf.st_mtime;
1827 close_file(req, fsp, ERROR_CLOSE);
1828 reply_doserror(req, ERRDOS, ERRnoaccess);
1829 END_PROFILE(SMBopenX);
1833 /* If the caller set the extended oplock request bit
1834 and we granted one (by whatever means) - set the
1835 correct bit for extended oplock reply.
1838 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1839 smb_action |= EXTENDED_OPLOCK_GRANTED;
1842 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1843 smb_action |= EXTENDED_OPLOCK_GRANTED;
1846 /* If the caller set the core oplock request bit
1847 and we granted one (by whatever means) - set the
1848 correct bit for core oplock reply.
1851 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1852 reply_outbuf(req, 19, 0);
1854 reply_outbuf(req, 15, 0);
1857 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1858 SCVAL(req->outbuf, smb_flg,
1859 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1862 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1863 SCVAL(req->outbuf, smb_flg,
1864 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1867 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1868 SSVAL(req->outbuf,smb_vwv3,fattr);
1869 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1870 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1872 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1874 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1875 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1876 SSVAL(req->outbuf,smb_vwv11,smb_action);
1878 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1879 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1882 END_PROFILE(SMBopenX);
1887 /****************************************************************************
1888 Reply to a SMBulogoffX.
1889 ****************************************************************************/
1891 void reply_ulogoffX(struct smb_request *req)
1895 START_PROFILE(SMBulogoffX);
1897 vuser = get_valid_user_struct(req->vuid);
1900 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1904 /* in user level security we are supposed to close any files
1905 open by this user */
1906 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1907 file_close_user(req->vuid);
1910 invalidate_vuid(req->vuid);
1912 reply_outbuf(req, 2, 0);
1914 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1916 END_PROFILE(SMBulogoffX);
1920 /****************************************************************************
1921 Reply to a mknew or a create.
1922 ****************************************************************************/
1924 void reply_mknew(struct smb_request *req)
1926 connection_struct *conn = req->conn;
1929 struct timespec ts[2];
1931 int oplock_request = 0;
1932 SMB_STRUCT_STAT sbuf;
1934 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1935 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1936 uint32 create_disposition;
1937 uint32 create_options = 0;
1938 TALLOC_CTX *ctx = talloc_tos();
1940 START_PROFILE(SMBcreate);
1943 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1944 END_PROFILE(SMBcreate);
1948 fattr = SVAL(req->vwv+0, 0);
1949 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1951 ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1954 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1955 STR_TERMINATE, &status);
1956 if (!NT_STATUS_IS_OK(status)) {
1957 reply_nterror(req, status);
1958 END_PROFILE(SMBcreate);
1962 if (fattr & aVOLID) {
1963 DEBUG(0,("Attempt to create file (%s) with volid set - "
1964 "please report this\n", fname));
1967 if(req->cmd == SMBmknew) {
1968 /* We should fail if file exists. */
1969 create_disposition = FILE_CREATE;
1971 /* Create if file doesn't exist, truncate if it does. */
1972 create_disposition = FILE_OVERWRITE_IF;
1975 status = create_file(conn, /* conn */
1977 0, /* root_dir_fid */
1979 access_mask, /* access_mask */
1980 share_mode, /* share_access */
1981 create_disposition, /* create_disposition*/
1982 create_options, /* create_options */
1983 fattr, /* file_attributes */
1984 oplock_request, /* oplock_request */
1985 0, /* allocation_size */
1992 if (!NT_STATUS_IS_OK(status)) {
1993 END_PROFILE(SMBcreate);
1994 if (open_was_deferred(req->mid)) {
1995 /* We have re-scheduled this call. */
1998 reply_openerror(req, status);
2002 ts[0] = get_atimespec(&sbuf); /* atime. */
2003 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, ts, true);
2004 if (!NT_STATUS_IS_OK(status)) {
2005 END_PROFILE(SMBcreate);
2006 reply_openerror(req, status);
2010 reply_outbuf(req, 1, 0);
2011 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2013 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2014 SCVAL(req->outbuf,smb_flg,
2015 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2018 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2019 SCVAL(req->outbuf,smb_flg,
2020 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2023 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2024 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2025 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2027 END_PROFILE(SMBcreate);
2031 /****************************************************************************
2032 Reply to a create temporary file.
2033 ****************************************************************************/
2035 void reply_ctemp(struct smb_request *req)
2037 connection_struct *conn = req->conn;
2043 SMB_STRUCT_STAT sbuf;
2046 TALLOC_CTX *ctx = talloc_tos();
2048 START_PROFILE(SMBctemp);
2051 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2052 END_PROFILE(SMBctemp);
2056 fattr = SVAL(req->vwv+0, 0);
2057 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2059 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2060 STR_TERMINATE, &status);
2061 if (!NT_STATUS_IS_OK(status)) {
2062 reply_nterror(req, status);
2063 END_PROFILE(SMBctemp);
2067 fname = talloc_asprintf(ctx,
2071 fname = talloc_strdup(ctx, "TMXXXXXX");
2075 reply_nterror(req, NT_STATUS_NO_MEMORY);
2076 END_PROFILE(SMBctemp);
2080 status = resolve_dfspath(ctx, conn,
2081 req->flags2 & FLAGS2_DFS_PATHNAMES,
2084 if (!NT_STATUS_IS_OK(status)) {
2085 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2086 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2087 ERRSRV, ERRbadpath);
2088 END_PROFILE(SMBctemp);
2091 reply_nterror(req, status);
2092 END_PROFILE(SMBctemp);
2096 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2097 if (!NT_STATUS_IS_OK(status)) {
2098 reply_nterror(req, status);
2099 END_PROFILE(SMBctemp);
2103 status = check_name(conn, fname);
2104 if (!NT_STATUS_IS_OK(status)) {
2105 reply_nterror(req, status);
2106 END_PROFILE(SMBctemp);
2110 tmpfd = smb_mkstemp(fname);
2112 reply_unixerror(req, ERRDOS, ERRnoaccess);
2113 END_PROFILE(SMBctemp);
2117 SMB_VFS_STAT(conn,fname,&sbuf);
2119 /* We should fail if file does not exist. */
2120 status = open_file_ntcreate(conn, req, fname, &sbuf,
2121 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2122 FILE_SHARE_READ|FILE_SHARE_WRITE,
2129 /* close fd from smb_mkstemp() */
2132 if (!NT_STATUS_IS_OK(status)) {
2133 if (open_was_deferred(req->mid)) {
2134 /* We have re-scheduled this call. */
2135 END_PROFILE(SMBctemp);
2138 reply_openerror(req, status);
2139 END_PROFILE(SMBctemp);
2143 reply_outbuf(req, 1, 0);
2144 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2146 /* the returned filename is relative to the directory */
2147 s = strrchr_m(fsp->fsp_name, '/');
2155 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2156 thing in the byte section. JRA */
2157 SSVALS(p, 0, -1); /* what is this? not in spec */
2159 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2161 reply_nterror(req, NT_STATUS_NO_MEMORY);
2162 END_PROFILE(SMBctemp);
2166 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2167 SCVAL(req->outbuf, smb_flg,
2168 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2171 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2172 SCVAL(req->outbuf, smb_flg,
2173 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2176 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2177 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2178 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2180 END_PROFILE(SMBctemp);
2184 /*******************************************************************
2185 Check if a user is allowed to rename a file.
2186 ********************************************************************/
2188 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2189 uint16 dirtype, SMB_STRUCT_STAT *pst)
2193 if (!CAN_WRITE(conn)) {
2194 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2197 fmode = dos_mode(conn, fsp->fsp_name, pst);
2198 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2199 return NT_STATUS_NO_SUCH_FILE;
2202 if (S_ISDIR(pst->st_mode)) {
2203 return NT_STATUS_OK;
2206 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2207 return NT_STATUS_OK;
2210 return NT_STATUS_ACCESS_DENIED;
2213 /*******************************************************************
2214 * unlink a file with all relevant access checks
2215 *******************************************************************/
2217 static NTSTATUS do_unlink(connection_struct *conn,
2218 struct smb_request *req,
2222 SMB_STRUCT_STAT sbuf;
2225 uint32 dirtype_orig = dirtype;
2228 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2230 if (!CAN_WRITE(conn)) {
2231 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2234 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2235 return map_nt_error_from_unix(errno);
2238 fattr = dos_mode(conn,fname,&sbuf);
2240 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2241 dirtype = aDIR|aARCH|aRONLY;
2244 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2246 return NT_STATUS_NO_SUCH_FILE;
2249 if (!dir_check_ftype(conn, fattr, dirtype)) {
2251 return NT_STATUS_FILE_IS_A_DIRECTORY;
2253 return NT_STATUS_NO_SUCH_FILE;
2256 if (dirtype_orig & 0x8000) {
2257 /* These will never be set for POSIX. */
2258 return NT_STATUS_NO_SUCH_FILE;
2262 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2263 return NT_STATUS_FILE_IS_A_DIRECTORY;
2266 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2267 return NT_STATUS_NO_SUCH_FILE;
2270 if (dirtype & 0xFF00) {
2271 /* These will never be set for POSIX. */
2272 return NT_STATUS_NO_SUCH_FILE;
2277 return NT_STATUS_NO_SUCH_FILE;
2280 /* Can't delete a directory. */
2282 return NT_STATUS_FILE_IS_A_DIRECTORY;
2287 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2288 return NT_STATUS_OBJECT_NAME_INVALID;
2289 #endif /* JRATEST */
2291 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2293 On a Windows share, a file with read-only dosmode can be opened with
2294 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2295 fails with NT_STATUS_CANNOT_DELETE error.
2297 This semantic causes a problem that a user can not
2298 rename a file with read-only dosmode on a Samba share
2299 from a Windows command prompt (i.e. cmd.exe, but can rename
2300 from Windows Explorer).
2303 if (!lp_delete_readonly(SNUM(conn))) {
2304 if (fattr & aRONLY) {
2305 return NT_STATUS_CANNOT_DELETE;
2309 /* On open checks the open itself will check the share mode, so
2310 don't do it here as we'll get it wrong. */
2312 status = create_file_unixpath
2316 DELETE_ACCESS, /* access_mask */
2317 FILE_SHARE_NONE, /* share_access */
2318 FILE_OPEN, /* create_disposition*/
2319 FILE_NON_DIRECTORY_FILE, /* create_options */
2320 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2321 0, /* oplock_request */
2322 0, /* allocation_size */
2329 if (!NT_STATUS_IS_OK(status)) {
2330 DEBUG(10, ("create_file_unixpath failed: %s\n",
2331 nt_errstr(status)));
2335 /* The set is across all open files on this dev/inode pair. */
2336 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2337 close_file(req, fsp, NORMAL_CLOSE);
2338 return NT_STATUS_ACCESS_DENIED;
2341 return close_file(req, fsp, NORMAL_CLOSE);
2344 /****************************************************************************
2345 The guts of the unlink command, split out so it may be called by the NT SMB
2347 ****************************************************************************/
2349 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2350 uint32 dirtype, const char *name_in, bool has_wild)
2352 const char *directory = NULL;
2357 NTSTATUS status = NT_STATUS_OK;
2358 SMB_STRUCT_STAT sbuf;
2359 TALLOC_CTX *ctx = talloc_tos();
2361 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2362 if (!NT_STATUS_IS_OK(status)) {
2366 p = strrchr_m(name,'/');
2368 directory = talloc_strdup(ctx, ".");
2370 return NT_STATUS_NO_MEMORY;
2380 * We should only check the mangled cache
2381 * here if unix_convert failed. This means
2382 * that the path in 'mask' doesn't exist
2383 * on the file system and so we need to look
2384 * for a possible mangle. This patch from
2385 * Tine Smukavec <valentin.smukavec@hermes.si>.
2388 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2389 char *new_mask = NULL;
2390 mangle_lookup_name_from_8_3(ctx,
2400 directory = talloc_asprintf(ctx,
2405 return NT_STATUS_NO_MEMORY;
2408 dirtype = FILE_ATTRIBUTE_NORMAL;
2411 status = check_name(conn, directory);
2412 if (!NT_STATUS_IS_OK(status)) {
2416 status = do_unlink(conn, req, directory, dirtype);
2417 if (!NT_STATUS_IS_OK(status)) {
2423 struct smb_Dir *dir_hnd = NULL;
2427 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2428 return NT_STATUS_OBJECT_NAME_INVALID;
2431 if (strequal(mask,"????????.???")) {
2436 status = check_name(conn, directory);
2437 if (!NT_STATUS_IS_OK(status)) {
2441 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2443 if (dir_hnd == NULL) {
2444 return map_nt_error_from_unix(errno);
2447 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2448 the pattern matches against the long name, otherwise the short name
2449 We don't implement this yet XXXX
2452 status = NT_STATUS_NO_SUCH_FILE;
2454 while ((dname = ReadDirName(dir_hnd, &offset))) {
2458 if (!is_visible_file(conn, directory, dname, &st, True)) {
2462 /* Quick check for "." and ".." */
2463 if (ISDOT(dname) || ISDOTDOT(dname)) {
2467 if(!mask_match(dname, mask, conn->case_sensitive)) {
2471 fname = talloc_asprintf(ctx, "%s/%s",
2475 return NT_STATUS_NO_MEMORY;
2478 status = check_name(conn, fname);
2479 if (!NT_STATUS_IS_OK(status)) {
2480 TALLOC_FREE(dir_hnd);
2484 status = do_unlink(conn, req, fname, dirtype);
2485 if (!NT_STATUS_IS_OK(status)) {
2491 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2496 TALLOC_FREE(dir_hnd);
2499 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2500 status = map_nt_error_from_unix(errno);
2506 /****************************************************************************
2508 ****************************************************************************/
2510 void reply_unlink(struct smb_request *req)
2512 connection_struct *conn = req->conn;
2516 bool path_contains_wcard = False;
2517 TALLOC_CTX *ctx = talloc_tos();
2519 START_PROFILE(SMBunlink);
2522 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2523 END_PROFILE(SMBunlink);
2527 dirtype = SVAL(req->vwv+0, 0);
2529 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2530 STR_TERMINATE, &status,
2531 &path_contains_wcard);
2532 if (!NT_STATUS_IS_OK(status)) {
2533 reply_nterror(req, status);
2534 END_PROFILE(SMBunlink);
2538 status = resolve_dfspath_wcard(ctx, conn,
2539 req->flags2 & FLAGS2_DFS_PATHNAMES,
2542 &path_contains_wcard);
2543 if (!NT_STATUS_IS_OK(status)) {
2544 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2545 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2546 ERRSRV, ERRbadpath);
2547 END_PROFILE(SMBunlink);
2550 reply_nterror(req, status);
2551 END_PROFILE(SMBunlink);
2555 DEBUG(3,("reply_unlink : %s\n",name));
2557 status = unlink_internals(conn, req, dirtype, name,
2558 path_contains_wcard);
2559 if (!NT_STATUS_IS_OK(status)) {
2560 if (open_was_deferred(req->mid)) {
2561 /* We have re-scheduled this call. */
2562 END_PROFILE(SMBunlink);
2565 reply_nterror(req, status);
2566 END_PROFILE(SMBunlink);
2570 reply_outbuf(req, 0, 0);
2571 END_PROFILE(SMBunlink);
2576 /****************************************************************************
2578 ****************************************************************************/
2580 static void fail_readraw(void)
2582 const char *errstr = talloc_asprintf(talloc_tos(),
2583 "FAIL ! reply_readbraw: socket write fail (%s)",
2588 exit_server_cleanly(errstr);
2591 /****************************************************************************
2592 Fake (read/write) sendfile. Returns -1 on read or write fail.
2593 ****************************************************************************/
2595 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2599 size_t tosend = nread;
2606 bufsize = MIN(nread, 65536);
2608 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2612 while (tosend > 0) {
2616 if (tosend > bufsize) {
2621 ret = read_file(fsp,buf,startpos,cur_read);
2627 /* If we had a short read, fill with zeros. */
2628 if (ret < cur_read) {
2629 memset(buf, '\0', cur_read - ret);
2632 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2637 startpos += cur_read;
2641 return (ssize_t)nread;
2644 /****************************************************************************
2645 Return a readbraw error (4 bytes of zero).
2646 ****************************************************************************/
2648 static void reply_readbraw_error(void)
2652 if (write_data(smbd_server_fd(),header,4) != 4) {
2657 /****************************************************************************
2658 Use sendfile in readbraw.
2659 ****************************************************************************/
2661 void send_file_readbraw(connection_struct *conn,
2667 char *outbuf = NULL;
2670 #if defined(WITH_SENDFILE)
2672 * We can only use sendfile on a non-chained packet
2673 * but we can use on a non-oplocked file. tridge proved this
2674 * on a train in Germany :-). JRA.
2675 * reply_readbraw has already checked the length.
2678 if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) &&
2679 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2681 DATA_BLOB header_blob;
2683 _smb_setlen(header,nread);
2684 header_blob = data_blob_const(header, 4);
2686 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2687 &header_blob, startpos, nread) == -1) {
2688 /* Returning ENOSYS means no data at all was sent.
2689 * Do this as a normal read. */
2690 if (errno == ENOSYS) {
2691 goto normal_readbraw;
2695 * Special hack for broken Linux with no working sendfile. If we
2696 * return EINTR we sent the header but not the rest of the data.
2697 * Fake this up by doing read/write calls.
2699 if (errno == EINTR) {
2700 /* Ensure we don't do this again. */
2701 set_use_sendfile(SNUM(conn), False);
2702 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2704 if (fake_sendfile(fsp, startpos, nread) == -1) {
2705 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2706 fsp->fsp_name, strerror(errno) ));
2707 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2712 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2713 fsp->fsp_name, strerror(errno) ));
2714 exit_server_cleanly("send_file_readbraw sendfile failed");
2723 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2725 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2726 (unsigned)(nread+4)));
2727 reply_readbraw_error();
2732 ret = read_file(fsp,outbuf+4,startpos,nread);
2733 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2742 _smb_setlen(outbuf,ret);
2743 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2746 TALLOC_FREE(outbuf);
2749 /****************************************************************************
2750 Reply to a readbraw (core+ protocol).
2751 ****************************************************************************/
2753 void reply_readbraw(struct smb_request *req)
2755 connection_struct *conn = req->conn;
2756 ssize_t maxcount,mincount;
2763 START_PROFILE(SMBreadbraw);
2765 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2766 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2767 "raw reads/writes are disallowed.");
2771 reply_readbraw_error();
2772 END_PROFILE(SMBreadbraw);
2777 * Special check if an oplock break has been issued
2778 * and the readraw request croses on the wire, we must
2779 * return a zero length response here.
2782 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2785 * We have to do a check_fsp by hand here, as
2786 * we must always return 4 zero bytes on error,
2790 if (!fsp || !conn || conn != fsp->conn ||
2791 req->vuid != fsp->vuid ||
2792 fsp->is_directory || fsp->fh->fd == -1) {
2794 * fsp could be NULL here so use the value from the packet. JRA.
2796 DEBUG(3,("reply_readbraw: fnum %d not valid "
2798 (int)SVAL(req->vwv+0, 0)));
2799 reply_readbraw_error();
2800 END_PROFILE(SMBreadbraw);
2804 /* Do a "by hand" version of CHECK_READ. */
2805 if (!(fsp->can_read ||
2806 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2807 (fsp->access_mask & FILE_EXECUTE)))) {
2808 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2809 (int)SVAL(req->vwv+0, 0)));
2810 reply_readbraw_error();
2811 END_PROFILE(SMBreadbraw);
2815 flush_write_cache(fsp, READRAW_FLUSH);
2817 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2818 if(req->wct == 10) {
2820 * This is a large offset (64 bit) read.
2822 #ifdef LARGE_SMB_OFF_T
2824 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2826 #else /* !LARGE_SMB_OFF_T */
2829 * Ensure we haven't been sent a >32 bit offset.
2832 if(IVAL(req->vwv+8, 0) != 0) {
2833 DEBUG(0,("reply_readbraw: large offset "
2834 "(%x << 32) used and we don't support "
2835 "64 bit offsets.\n",
2836 (unsigned int)IVAL(req->vwv+8, 0) ));
2837 reply_readbraw_error();
2838 END_PROFILE(SMBreadbraw);
2842 #endif /* LARGE_SMB_OFF_T */
2845 DEBUG(0,("reply_readbraw: negative 64 bit "
2846 "readraw offset (%.0f) !\n",
2847 (double)startpos ));
2848 reply_readbraw_error();
2849 END_PROFILE(SMBreadbraw);
2854 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
2855 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
2857 /* ensure we don't overrun the packet size */
2858 maxcount = MIN(65535,maxcount);
2860 if (is_locked(fsp,(uint32)req->smbpid,
2864 reply_readbraw_error();
2865 END_PROFILE(SMBreadbraw);
2869 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2873 if (startpos >= size) {
2876 nread = MIN(maxcount,(size - startpos));
2879 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2880 if (nread < mincount)
2884 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2885 "min=%lu nread=%lu\n",
2886 fsp->fnum, (double)startpos,
2887 (unsigned long)maxcount,
2888 (unsigned long)mincount,
2889 (unsigned long)nread ) );
2891 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2893 DEBUG(5,("reply_readbraw finished\n"));
2894 END_PROFILE(SMBreadbraw);
2898 #define DBGC_CLASS DBGC_LOCKING
2900 /****************************************************************************
2901 Reply to a lockread (core+ protocol).
2902 ****************************************************************************/
2904 void reply_lockread(struct smb_request *req)
2906 connection_struct *conn = req->conn;
2913 struct byte_range_lock *br_lck = NULL;
2916 START_PROFILE(SMBlockread);
2919 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2920 END_PROFILE(SMBlockread);
2924 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2926 if (!check_fsp(conn, req, fsp)) {
2927 END_PROFILE(SMBlockread);
2931 if (!CHECK_READ(fsp,req)) {
2932 reply_doserror(req, ERRDOS, ERRbadaccess);
2933 END_PROFILE(SMBlockread);
2937 release_level_2_oplocks_on_change(fsp);
2939 numtoread = SVAL(req->vwv+1, 0);
2940 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
2942 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2944 reply_outbuf(req, 5, numtoread + 3);
2946 data = smb_buf(req->outbuf) + 3;
2949 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2950 * protocol request that predates the read/write lock concept.
2951 * Thus instead of asking for a read lock here we need to ask
2952 * for a write lock. JRA.
2953 * Note that the requested lock size is unaffected by max_recv.
2956 br_lck = do_lock(smbd_messaging_context(),
2959 (uint64_t)numtoread,
2963 False, /* Non-blocking lock. */
2966 TALLOC_FREE(br_lck);
2968 if (NT_STATUS_V(status)) {
2969 reply_nterror(req, status);
2970 END_PROFILE(SMBlockread);
2975 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2978 if (numtoread > max_recv) {
2979 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2980 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2981 (unsigned int)numtoread, (unsigned int)max_recv ));
2982 numtoread = MIN(numtoread,max_recv);
2984 nread = read_file(fsp,data,startpos,numtoread);
2987 reply_unixerror(req, ERRDOS, ERRnoaccess);
2988 END_PROFILE(SMBlockread);
2992 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2994 SSVAL(req->outbuf,smb_vwv0,nread);
2995 SSVAL(req->outbuf,smb_vwv5,nread+3);
2996 p = smb_buf(req->outbuf);
2997 SCVAL(p,0,0); /* pad byte. */
3000 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3001 fsp->fnum, (int)numtoread, (int)nread));
3003 END_PROFILE(SMBlockread);
3008 #define DBGC_CLASS DBGC_ALL
3010 /****************************************************************************
3012 ****************************************************************************/
3014 void reply_read(struct smb_request *req)
3016 connection_struct *conn = req->conn;
3024 START_PROFILE(SMBread);
3027 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3028 END_PROFILE(SMBread);
3032 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3034 if (!check_fsp(conn, req, fsp)) {
3035 END_PROFILE(SMBread);
3039 if (!CHECK_READ(fsp,req)) {
3040 reply_doserror(req, ERRDOS, ERRbadaccess);
3041 END_PROFILE(SMBread);
3045 numtoread = SVAL(req->vwv+1, 0);
3046 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3048 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3051 * The requested read size cannot be greater than max_recv. JRA.
3053 if (numtoread > max_recv) {
3054 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3055 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3056 (unsigned int)numtoread, (unsigned int)max_recv ));
3057 numtoread = MIN(numtoread,max_recv);
3060 reply_outbuf(req, 5, numtoread+3);
3062 data = smb_buf(req->outbuf) + 3;
3064 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtoread,
3065 (uint64_t)startpos, READ_LOCK)) {
3066 reply_doserror(req, ERRDOS,ERRlock);
3067 END_PROFILE(SMBread);
3072 nread = read_file(fsp,data,startpos,numtoread);
3075 reply_unixerror(req, ERRDOS,ERRnoaccess);
3076 END_PROFILE(SMBread);
3080 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3082 SSVAL(req->outbuf,smb_vwv0,nread);
3083 SSVAL(req->outbuf,smb_vwv5,nread+3);
3084 SCVAL(smb_buf(req->outbuf),0,1);
3085 SSVAL(smb_buf(req->outbuf),1,nread);
3087 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3088 fsp->fnum, (int)numtoread, (int)nread ) );
3090 END_PROFILE(SMBread);
3094 /****************************************************************************
3096 ****************************************************************************/
3098 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3103 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3104 data = smb_buf(outbuf);
3106 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3108 SCVAL(outbuf,smb_vwv0,0xFF);
3109 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3110 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3111 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3112 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3113 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3114 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3115 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3119 /****************************************************************************
3120 Reply to a read and X - possibly using sendfile.
3121 ****************************************************************************/
3123 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3124 files_struct *fsp, SMB_OFF_T startpos,
3127 SMB_STRUCT_STAT sbuf;
3130 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3131 reply_unixerror(req, ERRDOS, ERRnoaccess);
3135 if (startpos > sbuf.st_size) {
3137 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3138 smb_maxcnt = (sbuf.st_size - startpos);
3141 if (smb_maxcnt == 0) {
3145 #if defined(WITH_SENDFILE)
3147 * We can only use sendfile on a non-chained packet
3148 * but we can use on a non-oplocked file. tridge proved this
3149 * on a train in Germany :-). JRA.
3152 if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) &&
3153 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3154 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3155 uint8 headerbuf[smb_size + 12 * 2];
3159 * Set up the packet header before send. We
3160 * assume here the sendfile will work (get the
3161 * correct amount of data).
3164 header = data_blob_const(headerbuf, sizeof(headerbuf));
3166 construct_reply_common_req(req, (char *)headerbuf);
3167 setup_readX_header((char *)headerbuf, smb_maxcnt);
3169 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3170 /* Returning ENOSYS or EINVAL means no data at all was sent.
3171 Do this as a normal read. */
3172 if (errno == ENOSYS || errno == EINVAL) {
3177 * Special hack for broken Linux with no working sendfile. If we
3178 * return EINTR we sent the header but not the rest of the data.
3179 * Fake this up by doing read/write calls.
3182 if (errno == EINTR) {
3183 /* Ensure we don't do this again. */
3184 set_use_sendfile(SNUM(conn), False);
3185 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3186 nread = fake_sendfile(fsp, startpos,
3189 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3190 fsp->fsp_name, strerror(errno) ));
3191 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3193 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3194 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3195 /* No outbuf here means successful sendfile. */
3196 TALLOC_FREE(req->outbuf);
3200 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3201 fsp->fsp_name, strerror(errno) ));
3202 exit_server_cleanly("send_file_readX sendfile failed");
3205 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3206 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3207 /* No outbuf here means successful sendfile. */
3208 TALLOC_FREE(req->outbuf);
3215 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3216 uint8 headerbuf[smb_size + 2*12];
3218 construct_reply_common_req(req, (char *)headerbuf);
3219 setup_readX_header((char *)headerbuf, smb_maxcnt);
3221 /* Send out the header. */
3222 if (write_data(smbd_server_fd(), (char *)headerbuf,
3223 sizeof(headerbuf)) != sizeof(headerbuf)) {
3224 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3225 fsp->fsp_name, strerror(errno) ));
3226 exit_server_cleanly("send_file_readX sendfile failed");
3228 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3230 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3231 fsp->fsp_name, strerror(errno) ));
3232 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3234 TALLOC_FREE(req->outbuf);
3238 reply_outbuf(req, 12, smb_maxcnt);
3240 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3242 reply_unixerror(req, ERRDOS, ERRnoaccess);
3246 setup_readX_header((char *)req->outbuf, nread);
3248 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3249 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3254 /****************************************************************************
3255 Reply to a read and X.
3256 ****************************************************************************/
3258 void reply_read_and_X(struct smb_request *req)
3260 connection_struct *conn = req->conn;
3264 bool big_readX = False;
3266 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3269 START_PROFILE(SMBreadX);
3271 if ((req->wct != 10) && (req->wct != 12)) {
3272 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3276 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3277 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3278 smb_maxcnt = SVAL(req->vwv+5, 0);
3280 /* If it's an IPC, pass off the pipe handler. */
3282 reply_pipe_read_and_X(req);
3283 END_PROFILE(SMBreadX);
3287 if (!check_fsp(conn, req, fsp)) {
3288 END_PROFILE(SMBreadX);
3292 if (!CHECK_READ(fsp,req)) {
3293 reply_doserror(req, ERRDOS,ERRbadaccess);
3294 END_PROFILE(SMBreadX);
3298 if (global_client_caps & CAP_LARGE_READX) {
3299 size_t upper_size = SVAL(req->vwv+7, 0);
3300 smb_maxcnt |= (upper_size<<16);
3301 if (upper_size > 1) {
3302 /* Can't do this on a chained packet. */
3303 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3304 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3305 END_PROFILE(SMBreadX);
3308 /* We currently don't do this on signed or sealed data. */
3309 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3310 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3311 END_PROFILE(SMBreadX);
3314 /* Is there room in the reply for this data ? */
3315 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3317 NT_STATUS_INVALID_PARAMETER);
3318 END_PROFILE(SMBreadX);
3325 if (req->wct == 12) {
3326 #ifdef LARGE_SMB_OFF_T
3328 * This is a large offset (64 bit) read.
3330 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3332 #else /* !LARGE_SMB_OFF_T */
3335 * Ensure we haven't been sent a >32 bit offset.
3338 if(IVAL(req->vwv+10, 0) != 0) {
3339 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3340 "used and we don't support 64 bit offsets.\n",
3341 (unsigned int)IVAL(req->vwv+10, 0) ));
3342 END_PROFILE(SMBreadX);
3343 reply_doserror(req, ERRDOS, ERRbadaccess);
3347 #endif /* LARGE_SMB_OFF_T */
3351 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)smb_maxcnt,
3352 (uint64_t)startpos, READ_LOCK)) {
3353 END_PROFILE(SMBreadX);
3354 reply_doserror(req, ERRDOS, ERRlock);
3359 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3360 END_PROFILE(SMBreadX);
3364 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3366 END_PROFILE(SMBreadX);
3370 /****************************************************************************
3371 Error replies to writebraw must have smb_wct == 1. Fix this up.
3372 ****************************************************************************/
3374 void error_to_writebrawerr(struct smb_request *req)
3376 uint8 *old_outbuf = req->outbuf;
3378 reply_outbuf(req, 1, 0);
3380 memcpy(req->outbuf, old_outbuf, smb_size);
3381 TALLOC_FREE(old_outbuf);
3384 /****************************************************************************
3385 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3386 ****************************************************************************/
3388 void reply_writebraw(struct smb_request *req)
3390 connection_struct *conn = req->conn;
3393 ssize_t total_written=0;
3394 size_t numtowrite=0;
3402 START_PROFILE(SMBwritebraw);
3405 * If we ever reply with an error, it must have the SMB command
3406 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3409 SCVAL(req->inbuf,smb_com,SMBwritec);
3411 if (srv_is_signing_active()) {
3412 END_PROFILE(SMBwritebraw);
3413 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3414 "raw reads/writes are disallowed.");
3417 if (req->wct < 12) {
3418 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3419 error_to_writebrawerr(req);
3420 END_PROFILE(SMBwritebraw);
3424 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3425 if (!check_fsp(conn, req, fsp)) {
3426 error_to_writebrawerr(req);
3427 END_PROFILE(SMBwritebraw);
3431 if (!CHECK_WRITE(fsp)) {
3432 reply_doserror(req, ERRDOS, ERRbadaccess);
3433 error_to_writebrawerr(req);
3434 END_PROFILE(SMBwritebraw);
3438 tcount = IVAL(req->vwv+1, 0);
3439 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3440 write_through = BITSETW(req->vwv+7,0);
3442 /* We have to deal with slightly different formats depending
3443 on whether we are using the core+ or lanman1.0 protocol */
3445 if(Protocol <= PROTOCOL_COREPLUS) {
3446 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3447 data = smb_buf(req->inbuf);
3449 numtowrite = SVAL(req->vwv+10, 0);
3450 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3453 /* Ensure we don't write bytes past the end of this packet. */
3454 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3455 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3456 error_to_writebrawerr(req);
3457 END_PROFILE(SMBwritebraw);
3461 if (is_locked(fsp,(uint32)req->smbpid,(uint64_t)tcount,
3462 (uint64_t)startpos, WRITE_LOCK)) {
3463 reply_doserror(req, ERRDOS, ERRlock);
3464 error_to_writebrawerr(req);
3465 END_PROFILE(SMBwritebraw);
3470 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3473 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3474 "wrote=%d sync=%d\n",
3475 fsp->fnum, (double)startpos, (int)numtowrite,
3476 (int)nwritten, (int)write_through));
3478 if (nwritten < (ssize_t)numtowrite) {
3479 reply_unixerror(req, ERRHRD, ERRdiskfull);
3480 error_to_writebrawerr(req);
3481 END_PROFILE(SMBwritebraw);
3485 total_written = nwritten;
3487 /* Allocate a buffer of 64k + length. */
3488 buf = TALLOC_ARRAY(NULL, char, 65540);
3490 reply_doserror(req, ERRDOS, ERRnomem);
3491 error_to_writebrawerr(req);
3492 END_PROFILE(SMBwritebraw);
3496 /* Return a SMBwritebraw message to the redirector to tell
3497 * it to send more bytes */
3499 memcpy(buf, req->inbuf, smb_size);
3500 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3501 SCVAL(buf,smb_com,SMBwritebraw);
3502 SSVALS(buf,smb_vwv0,0xFFFF);
3504 if (!srv_send_smb(smbd_server_fd(),
3506 IS_CONN_ENCRYPTED(conn))) {
3507 exit_server_cleanly("reply_writebraw: srv_send_smb "
3511 /* Now read the raw data into the buffer and write it */
3512 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3514 if (!NT_STATUS_IS_OK(status)) {
3515 exit_server_cleanly("secondary writebraw failed");
3518 /* Set up outbuf to return the correct size */
3519 reply_outbuf(req, 1, 0);
3521 if (numtowrite != 0) {
3523 if (numtowrite > 0xFFFF) {
3524 DEBUG(0,("reply_writebraw: Oversize secondary write "
3525 "raw requested (%u). Terminating\n",
3526 (unsigned int)numtowrite ));
3527 exit_server_cleanly("secondary writebraw failed");
3530 if (tcount > nwritten+numtowrite) {
3531 DEBUG(3,("reply_writebraw: Client overestimated the "
3533 (int)tcount,(int)nwritten,(int)numtowrite));
3536 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3538 if (!NT_STATUS_IS_OK(status)) {
3539 DEBUG(0,("reply_writebraw: Oversize secondary write "
3540 "raw read failed (%s). Terminating\n",
3541 nt_errstr(status)));
3542 exit_server_cleanly("secondary writebraw failed");
3545 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3546 if (nwritten == -1) {
3548 reply_unixerror(req, ERRHRD, ERRdiskfull);
3549 error_to_writebrawerr(req);
3550 END_PROFILE(SMBwritebraw);
3554 if (nwritten < (ssize_t)numtowrite) {
3555 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3556 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3560 total_written += nwritten;
3565 SSVAL(req->outbuf,smb_vwv0,total_written);
3567 status = sync_file(conn, fsp, write_through);
3568 if (!NT_STATUS_IS_OK(status)) {
3569 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3570 fsp->fsp_name, nt_errstr(status) ));
3571 reply_nterror(req, status);
3572 error_to_writebrawerr(req);
3573 END_PROFILE(SMBwritebraw);
3577 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3579 fsp->fnum, (double)startpos, (int)numtowrite,
3580 (int)total_written));
3582 /* We won't return a status if write through is not selected - this
3583 * follows what WfWg does */
3584 END_PROFILE(SMBwritebraw);
3586 if (!write_through && total_written==tcount) {
3588 #if RABBIT_PELLET_FIX
3590 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3591 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3594 if (!send_keepalive(smbd_server_fd())) {
3595 exit_server_cleanly("reply_writebraw: send of "
3596 "keepalive failed");
3599 TALLOC_FREE(req->outbuf);
3605 #define DBGC_CLASS DBGC_LOCKING
3607 /****************************************************************************
3608 Reply to a writeunlock (core+).
3609 ****************************************************************************/
3611 void reply_writeunlock(struct smb_request *req)
3613 connection_struct *conn = req->conn;
3614 ssize_t nwritten = -1;
3618 NTSTATUS status = NT_STATUS_OK;
3621 START_PROFILE(SMBwriteunlock);
3624 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3625 END_PROFILE(SMBwriteunlock);
3629 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3631 if (!check_fsp(conn, req, fsp)) {
3632 END_PROFILE(SMBwriteunlock);
3636 if (!CHECK_WRITE(fsp)) {
3637 reply_doserror(req, ERRDOS,ERRbadaccess);
3638 END_PROFILE(SMBwriteunlock);
3642 numtowrite = SVAL(req->vwv+1, 0);
3643 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3644 data = (const char *)req->buf + 3;
3647 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3648 (uint64_t)startpos, WRITE_LOCK)) {
3649 reply_doserror(req, ERRDOS, ERRlock);
3650 END_PROFILE(SMBwriteunlock);
3654 /* The special X/Open SMB protocol handling of
3655 zero length writes is *NOT* done for
3657 if(numtowrite == 0) {
3660 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3663 status = sync_file(conn, fsp, False /* write through */);
3664 if (!NT_STATUS_IS_OK(status)) {
3665 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3666 fsp->fsp_name, nt_errstr(status) ));
3667 reply_nterror(req, status);
3668 END_PROFILE(SMBwriteunlock);
3672 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3673 reply_unixerror(req, ERRHRD, ERRdiskfull);
3674 END_PROFILE(SMBwriteunlock);
3679 status = do_unlock(smbd_messaging_context(),
3682 (uint64_t)numtowrite,
3686 if (NT_STATUS_V(status)) {
3687 reply_nterror(req, status);
3688 END_PROFILE(SMBwriteunlock);
3693 reply_outbuf(req, 1, 0);
3695 SSVAL(req->outbuf,smb_vwv0,nwritten);
3697 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3698 fsp->fnum, (int)numtowrite, (int)nwritten));
3700 END_PROFILE(SMBwriteunlock);
3705 #define DBGC_CLASS DBGC_ALL
3707 /****************************************************************************
3709 ****************************************************************************/
3711 void reply_write(struct smb_request *req)
3713 connection_struct *conn = req->conn;
3715 ssize_t nwritten = -1;
3721 START_PROFILE(SMBwrite);
3724 END_PROFILE(SMBwrite);
3725 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3729 /* If it's an IPC, pass off the pipe handler. */
3731 reply_pipe_write(req);
3732 END_PROFILE(SMBwrite);
3736 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3738 if (!check_fsp(conn, req, fsp)) {
3739 END_PROFILE(SMBwrite);
3743 if (!CHECK_WRITE(fsp)) {
3744 reply_doserror(req, ERRDOS, ERRbadaccess);
3745 END_PROFILE(SMBwrite);
3749 numtowrite = SVAL(req->vwv+1, 0);
3750 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3751 data = (const char *)req->buf + 3;
3753 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3754 (uint64_t)startpos, WRITE_LOCK)) {
3755 reply_doserror(req, ERRDOS, ERRlock);
3756 END_PROFILE(SMBwrite);
3761 * X/Open SMB protocol says that if smb_vwv1 is
3762 * zero then the file size should be extended or
3763 * truncated to the size given in smb_vwv[2-3].
3766 if(numtowrite == 0) {
3768 * This is actually an allocate call, and set EOF. JRA.
3770 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3772 reply_nterror(req, NT_STATUS_DISK_FULL);
3773 END_PROFILE(SMBwrite);
3776 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3778 reply_nterror(req, NT_STATUS_DISK_FULL);
3779 END_PROFILE(SMBwrite);
3782 trigger_write_time_update_immediate(fsp);
3784 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3787 status = sync_file(conn, fsp, False);
3788 if (!NT_STATUS_IS_OK(status)) {
3789 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3790 fsp->fsp_name, nt_errstr(status) ));
3791 reply_nterror(req, status);
3792 END_PROFILE(SMBwrite);
3796 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3797 reply_unixerror(req, ERRHRD, ERRdiskfull);
3798 END_PROFILE(SMBwrite);
3802 reply_outbuf(req, 1, 0);
3804 SSVAL(req->outbuf,smb_vwv0,nwritten);
3806 if (nwritten < (ssize_t)numtowrite) {
3807 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3808 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3811 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3813 END_PROFILE(SMBwrite);
3817 /****************************************************************************
3818 Ensure a buffer is a valid writeX for recvfile purposes.
3819 ****************************************************************************/
3821 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3822 (2*14) + /* word count (including bcc) */ \
3825 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3828 connection_struct *conn = NULL;
3829 unsigned int doff = 0;
3830 size_t len = smb_len_large(inbuf);
3832 if (is_encrypted_packet(inbuf)) {
3833 /* Can't do this on encrypted
3838 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3842 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3843 CVAL(inbuf,smb_wct) != 14) {
3844 DEBUG(10,("is_valid_writeX_buffer: chained or "
3845 "invalid word length.\n"));
3849 conn = conn_find(SVAL(inbuf, smb_tid));
3851 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3855 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3858 doff = SVAL(inbuf,smb_vwv11);
3860 numtowrite = SVAL(inbuf,smb_vwv10);
3862 if (len > doff && len - doff > 0xFFFF) {
3863 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3866 if (numtowrite == 0) {
3867 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3871 /* Ensure the sizes match up. */
3872 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3873 /* no pad byte...old smbclient :-( */
3874 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3876 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3880 if (len - doff != numtowrite) {
3881 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3882 "len = %u, doff = %u, numtowrite = %u\n",
3885 (unsigned int)numtowrite ));
3889 DEBUG(10,("is_valid_writeX_buffer: true "
3890 "len = %u, doff = %u, numtowrite = %u\n",
3893 (unsigned int)numtowrite ));
3898 /****************************************************************************
3899 Reply to a write and X.
3900 ****************************************************************************/
3902 void reply_write_and_X(struct smb_request *req)
3904 connection_struct *conn = req->conn;
3910 unsigned int smb_doff;
3911 unsigned int smblen;
3915 START_PROFILE(SMBwriteX);
3917 if ((req->wct != 12) && (req->wct != 14)) {
3918 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3919 END_PROFILE(SMBwriteX);
3923 numtowrite = SVAL(req->vwv+10, 0);
3924 smb_doff = SVAL(req->vwv+11, 0);
3925 smblen = smb_len(req->inbuf);
3927 if (req->unread_bytes > 0xFFFF ||
3928 (smblen > smb_doff &&
3929 smblen - smb_doff > 0xFFFF)) {
3930 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
3933 if (req->unread_bytes) {
3934 /* Can't do a recvfile write on IPC$ */
3936 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3937 END_PROFILE(SMBwriteX);
3940 if (numtowrite != req->unread_bytes) {
3941 reply_doserror(req, ERRDOS, ERRbadmem);
3942 END_PROFILE(SMBwriteX);
3946 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3947 smb_doff + numtowrite > smblen) {
3948 reply_doserror(req, ERRDOS, ERRbadmem);
3949 END_PROFILE(SMBwriteX);
3954 /* If it's an IPC, pass off the pipe handler. */
3956 if (req->unread_bytes) {
3957 reply_doserror(req, ERRDOS, ERRbadmem);
3958 END_PROFILE(SMBwriteX);
3961 reply_pipe_write_and_X(req);
3962 END_PROFILE(SMBwriteX);
3966 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3967 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3968 write_through = BITSETW(req->vwv+7,0);
3970 if (!check_fsp(conn, req, fsp)) {
3971 END_PROFILE(SMBwriteX);
3975 if (!CHECK_WRITE(fsp)) {
3976 reply_doserror(req, ERRDOS, ERRbadaccess);
3977 END_PROFILE(SMBwriteX);
3981 data = smb_base(req->inbuf) + smb_doff;
3983 if(req->wct == 14) {
3984 #ifdef LARGE_SMB_OFF_T
3986 * This is a large offset (64 bit) write.
3988 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
3990 #else /* !LARGE_SMB_OFF_T */
3993 * Ensure we haven't been sent a >32 bit offset.
3996 if(IVAL(req->vwv+12, 0) != 0) {
3997 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3998 "used and we don't support 64 bit offsets.\n",
3999 (unsigned int)IVAL(req->vwv+12, 0) ));
4000 reply_doserror(req, ERRDOS, ERRbadaccess);
4001 END_PROFILE(SMBwriteX);
4005 #endif /* LARGE_SMB_OFF_T */
4008 if (is_locked(fsp,(uint32)req->smbpid,
4009 (uint64_t)numtowrite,
4010 (uint64_t)startpos, WRITE_LOCK)) {
4011 reply_doserror(req, ERRDOS, ERRlock);
4012 END_PROFILE(SMBwriteX);
4016 /* X/Open SMB protocol says that, unlike SMBwrite
4017 if the length is zero then NO truncation is
4018 done, just a write of zero. To truncate a file,
4021 if(numtowrite == 0) {
4025 if ((req->unread_bytes == 0) &&
4026 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4028 END_PROFILE(SMBwriteX);
4032 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4035 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4036 reply_unixerror(req, ERRHRD, ERRdiskfull);
4037 END_PROFILE(SMBwriteX);
4041 reply_outbuf(req, 6, 0);
4042 SSVAL(req->outbuf,smb_vwv2,nwritten);
4043 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4045 if (nwritten < (ssize_t)numtowrite) {
4046 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4047 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4050 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4051 fsp->fnum, (int)numtowrite, (int)nwritten));
4053 status = sync_file(conn, fsp, write_through);
4054 if (!NT_STATUS_IS_OK(status)) {
4055 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4056 fsp->fsp_name, nt_errstr(status) ));
4057 reply_nterror(req, status);
4058 END_PROFILE(SMBwriteX);
4062 END_PROFILE(SMBwriteX);
4067 /****************************************************************************
4069 ****************************************************************************/
4071 void reply_lseek(struct smb_request *req)
4073 connection_struct *conn = req->conn;
4079 START_PROFILE(SMBlseek);
4082 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4083 END_PROFILE(SMBlseek);
4087 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4089 if (!check_fsp(conn, req, fsp)) {
4093 flush_write_cache(fsp, SEEK_FLUSH);
4095 mode = SVAL(req->vwv+1, 0) & 3;
4096 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4097 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4106 res = fsp->fh->pos + startpos;
4117 if (umode == SEEK_END) {
4118 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4119 if(errno == EINVAL) {
4120 SMB_OFF_T current_pos = startpos;
4121 SMB_STRUCT_STAT sbuf;
4123 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4124 reply_unixerror(req, ERRDOS,
4126 END_PROFILE(SMBlseek);
4130 current_pos += sbuf.st_size;
4132 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4137 reply_unixerror(req, ERRDOS, ERRnoaccess);
4138 END_PROFILE(SMBlseek);
4145 reply_outbuf(req, 2, 0);
4146 SIVAL(req->outbuf,smb_vwv0,res);
4148 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4149 fsp->fnum, (double)startpos, (double)res, mode));
4151 END_PROFILE(SMBlseek);
4155 /****************************************************************************
4157 ****************************************************************************/
4159 void reply_flush(struct smb_request *req)
4161 connection_struct *conn = req->conn;
4165 START_PROFILE(SMBflush);
4168 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4172 fnum = SVAL(req->vwv+0, 0);
4173 fsp = file_fsp(req, fnum);
4175 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4180 file_sync_all(conn);
4182 NTSTATUS status = sync_file(conn, fsp, True);
4183 if (!NT_STATUS_IS_OK(status)) {
4184 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4185 fsp->fsp_name, nt_errstr(status) ));
4186 reply_nterror(req, status);
4187 END_PROFILE(SMBflush);
4192 reply_outbuf(req, 0, 0);
4194 DEBUG(3,("flush\n"));
4195 END_PROFILE(SMBflush);
4199 /****************************************************************************
4201 conn POINTER CAN BE NULL HERE !
4202 ****************************************************************************/
4204 void reply_exit(struct smb_request *req)
4206 START_PROFILE(SMBexit);
4208 file_close_pid(req->smbpid, req->vuid);
4210 reply_outbuf(req, 0, 0);
4212 DEBUG(3,("exit\n"));
4214 END_PROFILE(SMBexit);
4218 /****************************************************************************
4219 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4220 ****************************************************************************/
4222 void reply_close(struct smb_request *req)
4224 connection_struct *conn = req->conn;
4225 NTSTATUS status = NT_STATUS_OK;
4226 files_struct *fsp = NULL;
4227 START_PROFILE(SMBclose);
4230 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4231 END_PROFILE(SMBclose);
4235 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4238 * We can only use check_fsp if we know it's not a directory.
4241 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4242 reply_doserror(req, ERRDOS, ERRbadfid);
4243 END_PROFILE(SMBclose);
4247 if(fsp->is_directory) {
4249 * Special case - close NT SMB directory handle.
4251 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4252 status = close_file(req, fsp, NORMAL_CLOSE);
4256 * Close ordinary file.
4259 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4260 fsp->fh->fd, fsp->fnum,
4261 conn->num_files_open));
4264 * Take care of any time sent in the close.
4267 t = srv_make_unix_date3(req->vwv+1);
4268 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4271 * close_file() returns the unix errno if an error
4272 * was detected on close - normally this is due to
4273 * a disk full error. If not then it was probably an I/O error.
4276 status = close_file(req, fsp, NORMAL_CLOSE);
4279 if (!NT_STATUS_IS_OK(status)) {
4280 reply_nterror(req, status);
4281 END_PROFILE(SMBclose);
4285 reply_outbuf(req, 0, 0);
4286 END_PROFILE(SMBclose);
4290 /****************************************************************************
4291 Reply to a writeclose (Core+ protocol).
4292 ****************************************************************************/
4294 void reply_writeclose(struct smb_request *req)
4296 connection_struct *conn = req->conn;
4298 ssize_t nwritten = -1;
4299 NTSTATUS close_status = NT_STATUS_OK;
4302 struct timespec mtime;
4305 START_PROFILE(SMBwriteclose);
4308 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4309 END_PROFILE(SMBwriteclose);
4313 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4315 if (!check_fsp(conn, req, fsp)) {
4316 END_PROFILE(SMBwriteclose);
4319 if (!CHECK_WRITE(fsp)) {
4320 reply_doserror(req, ERRDOS,ERRbadaccess);
4321 END_PROFILE(SMBwriteclose);
4325 numtowrite = SVAL(req->vwv+1, 0);
4326 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4327 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4328 data = (const char *)req->buf + 1;
4331 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
4332 (uint64_t)startpos, WRITE_LOCK)) {
4333 reply_doserror(req, ERRDOS,ERRlock);
4334 END_PROFILE(SMBwriteclose);
4338 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4340 set_close_write_time(fsp, mtime);
4343 * More insanity. W2K only closes the file if writelen > 0.
4348 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4350 close_status = close_file(req, fsp, NORMAL_CLOSE);
4353 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4354 fsp->fnum, (int)numtowrite, (int)nwritten,
4355 conn->num_files_open));
4357 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4358 reply_doserror(req, ERRHRD, ERRdiskfull);
4359 END_PROFILE(SMBwriteclose);
4363 if(!NT_STATUS_IS_OK(close_status)) {
4364 reply_nterror(req, close_status);
4365 END_PROFILE(SMBwriteclose);
4369 reply_outbuf(req, 1, 0);
4371 SSVAL(req->outbuf,smb_vwv0,nwritten);
4372 END_PROFILE(SMBwriteclose);
4377 #define DBGC_CLASS DBGC_LOCKING
4379 /****************************************************************************
4381 ****************************************************************************/
4383 void reply_lock(struct smb_request *req)
4385 connection_struct *conn = req->conn;
4386 uint64_t count,offset;
4389 struct byte_range_lock *br_lck = NULL;
4391 START_PROFILE(SMBlock);
4394 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4395 END_PROFILE(SMBlock);
4399 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4401 if (!check_fsp(conn, req, fsp)) {
4402 END_PROFILE(SMBlock);
4406 release_level_2_oplocks_on_change(fsp);
4408 count = (uint64_t)IVAL(req->vwv+1, 0);
4409 offset = (uint64_t)IVAL(req->vwv+3, 0);
4411 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4412 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4414 br_lck = do_lock(smbd_messaging_context(),
4421 False, /* Non-blocking lock. */
4425 TALLOC_FREE(br_lck);
4427 if (NT_STATUS_V(status)) {
4428 reply_nterror(req, status);
4429 END_PROFILE(SMBlock);
4433 reply_outbuf(req, 0, 0);
4435 END_PROFILE(SMBlock);
4439 /****************************************************************************
4441 ****************************************************************************/
4443 void reply_unlock(struct smb_request *req)
4445 connection_struct *conn = req->conn;
4446 uint64_t count,offset;
4450 START_PROFILE(SMBunlock);
4453 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4454 END_PROFILE(SMBunlock);
4458 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4460 if (!check_fsp(conn, req, fsp)) {
4461 END_PROFILE(SMBunlock);
4465 count = (uint64_t)IVAL(req->vwv+1, 0);
4466 offset = (uint64_t)IVAL(req->vwv+3, 0);
4468 status = do_unlock(smbd_messaging_context(),
4475 if (NT_STATUS_V(status)) {
4476 reply_nterror(req, status);
4477 END_PROFILE(SMBunlock);
4481 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4482 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4484 reply_outbuf(req, 0, 0);
4486 END_PROFILE(SMBunlock);
4491 #define DBGC_CLASS DBGC_ALL
4493 /****************************************************************************
4495 conn POINTER CAN BE NULL HERE !
4496 ****************************************************************************/
4498 void reply_tdis(struct smb_request *req)
4500 connection_struct *conn = req->conn;
4501 START_PROFILE(SMBtdis);
4504 DEBUG(4,("Invalid connection in tdis\n"));
4505 reply_doserror(req, ERRSRV, ERRinvnid);
4506 END_PROFILE(SMBtdis);
4512 close_cnum(conn,req->vuid);
4515 reply_outbuf(req, 0, 0);
4516 END_PROFILE(SMBtdis);
4520 /****************************************************************************
4522 conn POINTER CAN BE NULL HERE !
4523 ****************************************************************************/
4525 void reply_echo(struct smb_request *req)
4527 connection_struct *conn = req->conn;
4531 START_PROFILE(SMBecho);
4534 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4535 END_PROFILE(SMBecho);
4539 smb_reverb = SVAL(req->vwv+0, 0);
4541 reply_outbuf(req, 1, req->buflen);
4543 /* copy any incoming data back out */
4544 if (req->buflen > 0) {
4545 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4548 if (smb_reverb > 100) {
4549 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4553 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4554 SSVAL(req->outbuf,smb_vwv0,seq_num);
4556 show_msg((char *)req->outbuf);
4557 if (!srv_send_smb(smbd_server_fd(),
4558 (char *)req->outbuf,
4559 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4560 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4563 DEBUG(3,("echo %d times\n", smb_reverb));
4565 TALLOC_FREE(req->outbuf);
4567 END_PROFILE(SMBecho);
4571 /****************************************************************************
4572 Reply to a printopen.
4573 ****************************************************************************/
4575 void reply_printopen(struct smb_request *req)
4577 connection_struct *conn = req->conn;
4581 START_PROFILE(SMBsplopen);
4584 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4585 END_PROFILE(SMBsplopen);
4589 if (!CAN_PRINT(conn)) {
4590 reply_doserror(req, ERRDOS, ERRnoaccess);
4591 END_PROFILE(SMBsplopen);
4595 status = file_new(req, conn, &fsp);
4596 if(!NT_STATUS_IS_OK(status)) {
4597 reply_nterror(req, status);
4598 END_PROFILE(SMBsplopen);
4602 /* Open for exclusive use, write only. */
4603 status = print_fsp_open(req, conn, NULL, req->vuid, fsp);
4605 if (!NT_STATUS_IS_OK(status)) {
4606 reply_nterror(req, status);
4607 END_PROFILE(SMBsplopen);
4611 reply_outbuf(req, 1, 0);
4612 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4614 DEBUG(3,("openprint fd=%d fnum=%d\n",
4615 fsp->fh->fd, fsp->fnum));
4617 END_PROFILE(SMBsplopen);
4621 /****************************************************************************
4622 Reply to a printclose.
4623 ****************************************************************************/
4625 void reply_printclose(struct smb_request *req)
4627 connection_struct *conn = req->conn;
4631 START_PROFILE(SMBsplclose);
4634 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4635 END_PROFILE(SMBsplclose);
4639 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4641 if (!check_fsp(conn, req, fsp)) {
4642 END_PROFILE(SMBsplclose);
4646 if (!CAN_PRINT(conn)) {
4647 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4648 END_PROFILE(SMBsplclose);
4652 DEBUG(3,("printclose fd=%d fnum=%d\n",
4653 fsp->fh->fd,fsp->fnum));
4655 status = close_file(req, fsp, NORMAL_CLOSE);
4657 if(!NT_STATUS_IS_OK(status)) {
4658 reply_nterror(req, status);
4659 END_PROFILE(SMBsplclose);
4663 reply_outbuf(req, 0, 0);
4665 END_PROFILE(SMBsplclose);
4669 /****************************************************************************
4670 Reply to a printqueue.
4671 ****************************************************************************/
4673 void reply_printqueue(struct smb_request *req)
4675 connection_struct *conn = req->conn;
4679 START_PROFILE(SMBsplretq);
4682 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4683 END_PROFILE(SMBsplretq);
4687 max_count = SVAL(req->vwv+0, 0);
4688 start_index = SVAL(req->vwv+1, 0);
4690 /* we used to allow the client to get the cnum wrong, but that
4691 is really quite gross and only worked when there was only
4692 one printer - I think we should now only accept it if they
4693 get it right (tridge) */
4694 if (!CAN_PRINT(conn)) {
4695 reply_doserror(req, ERRDOS, ERRnoaccess);
4696 END_PROFILE(SMBsplretq);
4700 reply_outbuf(req, 2, 3);
4701 SSVAL(req->outbuf,smb_vwv0,0);
4702 SSVAL(req->outbuf,smb_vwv1,0);
4703 SCVAL(smb_buf(req->outbuf),0,1);
4704 SSVAL(smb_buf(req->outbuf),1,0);
4706 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4707 start_index, max_count));
4710 print_queue_struct *queue = NULL;
4711 print_status_struct status;
4712 int count = print_queue_status(SNUM(conn), &queue, &status);
4713 int num_to_get = ABS(max_count);
4714 int first = (max_count>0?start_index:start_index+max_count+1);
4720 num_to_get = MIN(num_to_get,count-first);
4723 for (i=first;i<first+num_to_get;i++) {
4727 srv_put_dos_date2(p,0,queue[i].time);
4728 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4729 SSVAL(p,5, queue[i].job);
4730 SIVAL(p,7,queue[i].size);
4732 srvstr_push(blob, req->flags2, p+12,
4733 queue[i].fs_user, 16, STR_ASCII);
4735 if (message_push_blob(
4738 blob, sizeof(blob))) == -1) {
4739 reply_nterror(req, NT_STATUS_NO_MEMORY);
4740 END_PROFILE(SMBsplretq);
4746 SSVAL(req->outbuf,smb_vwv0,count);
4747 SSVAL(req->outbuf,smb_vwv1,
4748 (max_count>0?first+count:first-1));
4749 SCVAL(smb_buf(req->outbuf),0,1);
4750 SSVAL(smb_buf(req->outbuf),1,28*count);
4755 DEBUG(3,("%d entries returned in queue\n",count));
4758 END_PROFILE(SMBsplretq);
4762 /****************************************************************************
4763 Reply to a printwrite.
4764 ****************************************************************************/
4766 void reply_printwrite(struct smb_request *req)
4768 connection_struct *conn = req->conn;
4773 START_PROFILE(SMBsplwr);
4776 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4777 END_PROFILE(SMBsplwr);
4781 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4783 if (!check_fsp(conn, req, fsp)) {
4784 END_PROFILE(SMBsplwr);
4788 if (!CAN_PRINT(conn)) {
4789 reply_doserror(req, ERRDOS, ERRnoaccess);
4790 END_PROFILE(SMBsplwr);
4794 if (!CHECK_WRITE(fsp)) {
4795 reply_doserror(req, ERRDOS, ERRbadaccess);
4796 END_PROFILE(SMBsplwr);
4800 numtowrite = SVAL(req->buf, 1);
4802 if (req->buflen < numtowrite + 3) {
4803 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4804 END_PROFILE(SMBsplwr);
4808 data = (const char *)req->buf + 3;
4810 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4811 reply_unixerror(req, ERRHRD, ERRdiskfull);
4812 END_PROFILE(SMBsplwr);
4816 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4818 END_PROFILE(SMBsplwr);
4822 /****************************************************************************
4824 ****************************************************************************/
4826 void reply_mkdir(struct smb_request *req)
4828 connection_struct *conn = req->conn;
4829 char *directory = NULL;
4831 SMB_STRUCT_STAT sbuf;
4832 TALLOC_CTX *ctx = talloc_tos();
4834 START_PROFILE(SMBmkdir);
4836 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
4837 STR_TERMINATE, &status);
4838 if (!NT_STATUS_IS_OK(status)) {
4839 reply_nterror(req, status);
4840 END_PROFILE(SMBmkdir);
4844 status = resolve_dfspath(ctx, conn,
4845 req->flags2 & FLAGS2_DFS_PATHNAMES,
4848 if (!NT_STATUS_IS_OK(status)) {
4849 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4850 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4851 ERRSRV, ERRbadpath);
4852 END_PROFILE(SMBmkdir);
4855 reply_nterror(req, status);
4856 END_PROFILE(SMBmkdir);
4860 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4861 if (!NT_STATUS_IS_OK(status)) {
4862 reply_nterror(req, status);
4863 END_PROFILE(SMBmkdir);
4867 status = check_name(conn, directory);
4868 if (!NT_STATUS_IS_OK(status)) {
4869 reply_nterror(req, status);
4870 END_PROFILE(SMBmkdir);
4874 status = create_directory(conn, req, directory);
4876 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4878 if (!NT_STATUS_IS_OK(status)) {
4880 if (!use_nt_status()
4881 && NT_STATUS_EQUAL(status,
4882 NT_STATUS_OBJECT_NAME_COLLISION)) {
4884 * Yes, in the DOS error code case we get a
4885 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4886 * samba4 torture test.
4888 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4891 reply_nterror(req, status);
4892 END_PROFILE(SMBmkdir);
4896 reply_outbuf(req, 0, 0);
4898 DEBUG( 3, ( "mkdir %s\n", directory ) );
4900 END_PROFILE(SMBmkdir);
4904 /****************************************************************************
4905 Static function used by reply_rmdir to delete an entire directory
4906 tree recursively. Return True on ok, False on fail.
4907 ****************************************************************************/
4909 static bool recursive_rmdir(TALLOC_CTX *ctx,
4910 connection_struct *conn,
4913 const char *dname = NULL;
4916 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4922 while((dname = ReadDirName(dir_hnd, &offset))) {
4923 char *fullname = NULL;
4926 if (ISDOT(dname) || ISDOTDOT(dname)) {
4930 if (!is_visible_file(conn, directory, dname, &st, False)) {
4934 /* Construct the full name. */
4935 fullname = talloc_asprintf(ctx,
4945 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4950 if(st.st_mode & S_IFDIR) {
4951 if(!recursive_rmdir(ctx, conn, fullname)) {
4955 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4959 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4963 TALLOC_FREE(fullname);
4965 TALLOC_FREE(dir_hnd);
4969 /****************************************************************************
4970 The internals of the rmdir code - called elsewhere.
4971 ****************************************************************************/
4973 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4974 connection_struct *conn,
4975 const char *directory)
4980 /* Might be a symlink. */
4981 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4982 return map_nt_error_from_unix(errno);
4985 if (S_ISLNK(st.st_mode)) {
4986 /* Is what it points to a directory ? */
4987 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4988 return map_nt_error_from_unix(errno);
4990 if (!(S_ISDIR(st.st_mode))) {
4991 return NT_STATUS_NOT_A_DIRECTORY;
4993 ret = SMB_VFS_UNLINK(conn,directory);
4995 ret = SMB_VFS_RMDIR(conn,directory);
4998 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4999 FILE_NOTIFY_CHANGE_DIR_NAME,
5001 return NT_STATUS_OK;
5004 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5006 * Check to see if the only thing in this directory are
5007 * vetoed files/directories. If so then delete them and
5008 * retry. If we fail to delete any of them (and we *don't*
5009 * do a recursive delete) then fail the rmdir.
5013 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5014 directory, NULL, 0);
5016 if(dir_hnd == NULL) {
5021 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5022 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5024 if (!is_visible_file(conn, directory, dname, &st, False))
5026 if(!IS_VETO_PATH(conn, dname)) {
5027 TALLOC_FREE(dir_hnd);
5033 /* We only have veto files/directories.
5034 * Are we allowed to delete them ? */
5036 if(!lp_recursive_veto_delete(SNUM(conn))) {
5037 TALLOC_FREE(dir_hnd);
5042 /* Do a recursive delete. */
5043 RewindDir(dir_hnd,&dirpos);
5044 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5045 char *fullname = NULL;
5047 if (ISDOT(dname) || ISDOTDOT(dname)) {
5050 if (!is_visible_file(conn, directory, dname, &st, False)) {
5054 fullname = talloc_asprintf(ctx,
5064 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5067 if(st.st_mode & S_IFDIR) {
5068 if(!recursive_rmdir(ctx, conn, fullname)) {
5071 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5074 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5077 TALLOC_FREE(fullname);
5079 TALLOC_FREE(dir_hnd);
5080 /* Retry the rmdir */
5081 ret = SMB_VFS_RMDIR(conn,directory);
5087 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5088 "%s\n", directory,strerror(errno)));
5089 return map_nt_error_from_unix(errno);
5092 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5093 FILE_NOTIFY_CHANGE_DIR_NAME,
5096 return NT_STATUS_OK;
5099 /****************************************************************************
5101 ****************************************************************************/
5103 void reply_rmdir(struct smb_request *req)
5105 connection_struct *conn = req->conn;
5106 char *directory = NULL;
5107 SMB_STRUCT_STAT sbuf;
5109 TALLOC_CTX *ctx = talloc_tos();
5111 START_PROFILE(SMBrmdir);
5113 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5114 STR_TERMINATE, &status);
5115 if (!NT_STATUS_IS_OK(status)) {
5116 reply_nterror(req, status);
5117 END_PROFILE(SMBrmdir);
5121 status = resolve_dfspath(ctx, conn,
5122 req->flags2 & FLAGS2_DFS_PATHNAMES,
5125 if (!NT_STATUS_IS_OK(status)) {
5126 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5127 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5128 ERRSRV, ERRbadpath);
5129 END_PROFILE(SMBrmdir);
5132 reply_nterror(req, status);
5133 END_PROFILE(SMBrmdir);
5137 status = unix_convert(ctx, conn, directory, False, &directory,
5139 if (!NT_STATUS_IS_OK(status)) {
5140 reply_nterror(req, status);
5141 END_PROFILE(SMBrmdir);
5145 status = check_name(conn, directory);
5146 if (!NT_STATUS_IS_OK(status)) {
5147 reply_nterror(req, status);
5148 END_PROFILE(SMBrmdir);
5152 dptr_closepath(directory, req->smbpid);
5153 status = rmdir_internals(ctx, conn, directory);
5154 if (!NT_STATUS_IS_OK(status)) {
5155 reply_nterror(req, status);
5156 END_PROFILE(SMBrmdir);
5160 reply_outbuf(req, 0, 0);
5162 DEBUG( 3, ( "rmdir %s\n", directory ) );
5164 END_PROFILE(SMBrmdir);
5168 /*******************************************************************
5169 Resolve wildcards in a filename rename.
5170 ********************************************************************/
5172 static bool resolve_wildcards(TALLOC_CTX *ctx,
5177 char *name2_copy = NULL;
5182 char *p,*p2, *pname1, *pname2;
5184 name2_copy = talloc_strdup(ctx, name2);
5189 pname1 = strrchr_m(name1,'/');
5190 pname2 = strrchr_m(name2_copy,'/');
5192 if (!pname1 || !pname2) {
5196 /* Truncate the copy of name2 at the last '/' */
5199 /* Now go past the '/' */
5203 root1 = talloc_strdup(ctx, pname1);
5204 root2 = talloc_strdup(ctx, pname2);
5206 if (!root1 || !root2) {
5210 p = strrchr_m(root1,'.');
5213 ext1 = talloc_strdup(ctx, p+1);
5215 ext1 = talloc_strdup(ctx, "");
5217 p = strrchr_m(root2,'.');
5220 ext2 = talloc_strdup(ctx, p+1);
5222 ext2 = talloc_strdup(ctx, "");
5225 if (!ext1 || !ext2) {
5233 /* Hmmm. Should this be mb-aware ? */
5236 } else if (*p2 == '*') {
5238 root2 = talloc_asprintf(ctx, "%s%s",
5257 /* Hmmm. Should this be mb-aware ? */
5260 } else if (*p2 == '*') {
5262 ext2 = talloc_asprintf(ctx, "%s%s",
5278 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5283 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5295 /****************************************************************************
5296 Ensure open files have their names updated. Updated to notify other smbd's
5298 ****************************************************************************/
5300 static void rename_open_files(connection_struct *conn,
5301 struct share_mode_lock *lck,
5302 const char *newname)
5305 bool did_rename = False;
5307 for(fsp = file_find_di_first(lck->id); fsp;
5308 fsp = file_find_di_next(fsp)) {
5309 /* fsp_name is a relative path under the fsp. To change this for other
5310 sharepaths we need to manipulate relative paths. */
5311 /* TODO - create the absolute path and manipulate the newname
5312 relative to the sharepath. */
5313 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5316 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5317 fsp->fnum, file_id_string_tos(&fsp->file_id),
5318 fsp->fsp_name, newname ));
5319 string_set(&fsp->fsp_name, newname);
5324 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5325 file_id_string_tos(&lck->id), newname ));
5328 /* Send messages to all smbd's (not ourself) that the name has changed. */
5329 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5333 /****************************************************************************
5334 We need to check if the source path is a parent directory of the destination
5335 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5336 refuse the rename with a sharing violation. Under UNIX the above call can
5337 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5338 probably need to check that the client is a Windows one before disallowing
5339 this as a UNIX client (one with UNIX extensions) can know the source is a
5340 symlink and make this decision intelligently. Found by an excellent bug
5341 report from <AndyLiebman@aol.com>.
5342 ****************************************************************************/
5344 static bool rename_path_prefix_equal(const char *src, const char *dest)
5346 const char *psrc = src;
5347 const char *pdst = dest;
5350 if (psrc[0] == '.' && psrc[1] == '/') {
5353 if (pdst[0] == '.' && pdst[1] == '/') {
5356 if ((slen = strlen(psrc)) > strlen(pdst)) {
5359 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5363 * Do the notify calls from a rename
5366 static void notify_rename(connection_struct *conn, bool is_dir,
5367 const char *oldpath, const char *newpath)
5369 char *olddir, *newdir;
5370 const char *oldname, *newname;
5373 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5374 : FILE_NOTIFY_CHANGE_FILE_NAME;
5376 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5377 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5378 TALLOC_FREE(olddir);
5382 if (strcmp(olddir, newdir) == 0) {
5383 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5384 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5387 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5388 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5390 TALLOC_FREE(olddir);
5391 TALLOC_FREE(newdir);
5393 /* this is a strange one. w2k3 gives an additional event for
5394 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5395 files, but not directories */
5397 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5398 FILE_NOTIFY_CHANGE_ATTRIBUTES
5399 |FILE_NOTIFY_CHANGE_CREATION,
5404 /****************************************************************************
5405 Rename an open file - given an fsp.
5406 ****************************************************************************/
5408 NTSTATUS rename_internals_fsp(connection_struct *conn,
5411 const char *newname_last_component,
5413 bool replace_if_exists)
5415 TALLOC_CTX *ctx = talloc_tos();
5416 SMB_STRUCT_STAT sbuf, sbuf1;
5417 NTSTATUS status = NT_STATUS_OK;
5418 struct share_mode_lock *lck = NULL;
5423 status = check_name(conn, newname);
5424 if (!NT_STATUS_IS_OK(status)) {
5428 /* Ensure newname contains a '/' */
5429 if(strrchr_m(newname,'/') == 0) {
5430 newname = talloc_asprintf(ctx,
5434 return NT_STATUS_NO_MEMORY;
5439 * Check for special case with case preserving and not
5440 * case sensitive. If the old last component differs from the original
5441 * last component only by case, then we should allow
5442 * the rename (user is trying to change the case of the
5446 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5447 strequal(newname, fsp->fsp_name)) {
5449 char *newname_modified_last_component = NULL;
5452 * Get the last component of the modified name.
5453 * Note that we guarantee that newname contains a '/'
5456 p = strrchr_m(newname,'/');
5457 newname_modified_last_component = talloc_strdup(ctx,
5459 if (!newname_modified_last_component) {
5460 return NT_STATUS_NO_MEMORY;
5463 if(strcsequal(newname_modified_last_component,
5464 newname_last_component) == False) {
5466 * Replace the modified last component with
5469 *p = '\0'; /* Truncate at the '/' */
5470 newname = talloc_asprintf(ctx,
5473 newname_last_component);
5478 * If the src and dest names are identical - including case,
5479 * don't do the rename, just return success.
5482 if (strcsequal(fsp->fsp_name, newname)) {
5483 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5485 return NT_STATUS_OK;
5489 * Have vfs_object_exist also fill sbuf1
5491 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5493 if(!replace_if_exists && dst_exists) {
5494 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5495 fsp->fsp_name,newname));
5496 return NT_STATUS_OBJECT_NAME_COLLISION;
5499 if(replace_if_exists && dst_exists) {
5500 if (is_ntfs_stream_name(newname)) {
5501 return NT_STATUS_INVALID_PARAMETER;
5506 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5507 files_struct *dst_fsp = file_find_di_first(fileid);
5509 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5510 return NT_STATUS_ACCESS_DENIED;
5514 /* Ensure we have a valid stat struct for the source. */
5515 if (fsp->fh->fd != -1) {
5516 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5517 return map_nt_error_from_unix(errno);
5520 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5521 return map_nt_error_from_unix(errno);
5525 status = can_rename(conn, fsp, attrs, &sbuf);
5527 if (!NT_STATUS_IS_OK(status)) {
5528 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5529 nt_errstr(status), fsp->fsp_name,newname));
5530 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5531 status = NT_STATUS_ACCESS_DENIED;
5535 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5536 return NT_STATUS_ACCESS_DENIED;
5539 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5543 * We have the file open ourselves, so not being able to get the
5544 * corresponding share mode lock is a fatal error.
5547 SMB_ASSERT(lck != NULL);
5549 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5550 uint32 create_options = fsp->fh->private_options;
5552 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5553 fsp->fsp_name,newname));
5555 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5557 rename_open_files(conn, lck, newname);
5560 * A rename acts as a new file create w.r.t. allowing an initial delete
5561 * on close, probably because in Windows there is a new handle to the
5562 * new file. If initial delete on close was requested but not
5563 * originally set, we need to set it here. This is probably not 100% correct,
5564 * but will work for the CIFSFS client which in non-posix mode
5565 * depends on these semantics. JRA.
5568 set_allow_initial_delete_on_close(lck, fsp, True);
5570 if (create_options & FILE_DELETE_ON_CLOSE) {
5571 status = can_set_delete_on_close(fsp, True, 0);
5573 if (NT_STATUS_IS_OK(status)) {
5574 /* Note that here we set the *inital* delete on close flag,
5575 * not the regular one. The magic gets handled in close. */
5576 fsp->initial_delete_on_close = True;
5580 return NT_STATUS_OK;
5585 if (errno == ENOTDIR || errno == EISDIR) {
5586 status = NT_STATUS_OBJECT_NAME_COLLISION;
5588 status = map_nt_error_from_unix(errno);
5591 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5592 nt_errstr(status), fsp->fsp_name,newname));
5597 /****************************************************************************
5598 The guts of the rename command, split out so it may be called by the NT SMB
5600 ****************************************************************************/
5602 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5603 connection_struct *conn,
5604 struct smb_request *req,
5605 const char *name_in,
5606 const char *newname_in,
5608 bool replace_if_exists,
5611 uint32_t access_mask)
5613 char *directory = NULL;
5615 char *last_component_src = NULL;
5616 char *last_component_dest = NULL;
5618 char *newname = NULL;
5621 NTSTATUS status = NT_STATUS_OK;
5622 SMB_STRUCT_STAT sbuf1, sbuf2;
5623 struct smb_Dir *dir_hnd = NULL;
5630 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5631 &last_component_src, &sbuf1);
5632 if (!NT_STATUS_IS_OK(status)) {
5636 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5637 &last_component_dest, &sbuf2);
5638 if (!NT_STATUS_IS_OK(status)) {
5643 * Split the old name into directory and last component
5644 * strings. Note that unix_convert may have stripped off a
5645 * leading ./ from both name and newname if the rename is
5646 * at the root of the share. We need to make sure either both
5647 * name and newname contain a / character or neither of them do
5648 * as this is checked in resolve_wildcards().
5651 p = strrchr_m(name,'/');
5653 directory = talloc_strdup(ctx, ".");
5655 return NT_STATUS_NO_MEMORY;
5660 directory = talloc_strdup(ctx, name);
5662 return NT_STATUS_NO_MEMORY;
5665 *p = '/'; /* Replace needed for exceptional test below. */
5669 * We should only check the mangled cache
5670 * here if unix_convert failed. This means
5671 * that the path in 'mask' doesn't exist
5672 * on the file system and so we need to look
5673 * for a possible mangle. This patch from
5674 * Tine Smukavec <valentin.smukavec@hermes.si>.
5677 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5678 char *new_mask = NULL;
5679 mangle_lookup_name_from_8_3(ctx,
5688 if (!src_has_wild) {
5692 * No wildcards - just process the one file.
5694 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5696 /* Add a terminating '/' to the directory name. */
5697 directory = talloc_asprintf_append(directory,
5701 return NT_STATUS_NO_MEMORY;
5704 /* Ensure newname contains a '/' also */
5705 if(strrchr_m(newname,'/') == 0) {
5706 newname = talloc_asprintf(ctx,
5710 return NT_STATUS_NO_MEMORY;
5714 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5715 "case_preserve = %d, short case preserve = %d, "
5716 "directory = %s, newname = %s, "
5717 "last_component_dest = %s, is_8_3 = %d\n",
5718 conn->case_sensitive, conn->case_preserve,
5719 conn->short_case_preserve, directory,
5720 newname, last_component_dest, is_short_name));
5722 /* The dest name still may have wildcards. */
5723 if (dest_has_wild) {
5724 char *mod_newname = NULL;
5725 if (!resolve_wildcards(ctx,
5726 directory,newname,&mod_newname)) {
5727 DEBUG(6, ("rename_internals: resolve_wildcards "
5731 return NT_STATUS_NO_MEMORY;
5733 newname = mod_newname;
5737 SMB_VFS_STAT(conn, directory, &sbuf1);
5739 status = S_ISDIR(sbuf1.st_mode) ?
5740 open_directory(conn, req, directory, &sbuf1,
5742 FILE_SHARE_READ|FILE_SHARE_WRITE,
5743 FILE_OPEN, 0, 0, NULL,
5745 : open_file_ntcreate(conn, req, directory, &sbuf1,
5747 FILE_SHARE_READ|FILE_SHARE_WRITE,
5748 FILE_OPEN, 0, 0, 0, NULL,
5751 if (!NT_STATUS_IS_OK(status)) {
5752 DEBUG(3, ("Could not open rename source %s: %s\n",
5753 directory, nt_errstr(status)));
5757 status = rename_internals_fsp(conn, fsp, newname,
5758 last_component_dest,
5759 attrs, replace_if_exists);
5761 close_file(req, fsp, NORMAL_CLOSE);
5763 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5764 nt_errstr(status), directory,newname));
5770 * Wildcards - process each file that matches.
5772 if (strequal(mask,"????????.???")) {
5777 status = check_name(conn, directory);
5778 if (!NT_STATUS_IS_OK(status)) {
5782 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5783 if (dir_hnd == NULL) {
5784 return map_nt_error_from_unix(errno);
5787 status = NT_STATUS_NO_SUCH_FILE;
5789 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5790 * - gentest fix. JRA
5793 while ((dname = ReadDirName(dir_hnd, &offset))) {
5794 files_struct *fsp = NULL;
5796 char *destname = NULL;
5797 bool sysdir_entry = False;
5799 /* Quick check for "." and ".." */
5800 if (ISDOT(dname) || ISDOTDOT(dname)) {
5802 sysdir_entry = True;
5808 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5812 if(!mask_match(dname, mask, conn->case_sensitive)) {
5817 status = NT_STATUS_OBJECT_NAME_INVALID;
5821 fname = talloc_asprintf(ctx,
5826 return NT_STATUS_NO_MEMORY;
5829 if (!resolve_wildcards(ctx,
5830 fname,newname,&destname)) {
5831 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5837 return NT_STATUS_NO_MEMORY;
5841 SMB_VFS_STAT(conn, fname, &sbuf1);
5843 status = S_ISDIR(sbuf1.st_mode) ?
5844 open_directory(conn, req, fname, &sbuf1,
5846 FILE_SHARE_READ|FILE_SHARE_WRITE,
5847 FILE_OPEN, 0, 0, NULL,
5849 : open_file_ntcreate(conn, req, fname, &sbuf1,
5851 FILE_SHARE_READ|FILE_SHARE_WRITE,
5852 FILE_OPEN, 0, 0, 0, NULL,
5855 if (!NT_STATUS_IS_OK(status)) {
5856 DEBUG(3,("rename_internals: open_file_ntcreate "
5857 "returned %s rename %s -> %s\n",
5858 nt_errstr(status), directory, newname));
5862 status = rename_internals_fsp(conn, fsp, destname, dname,
5863 attrs, replace_if_exists);
5865 close_file(req, fsp, NORMAL_CLOSE);
5867 if (!NT_STATUS_IS_OK(status)) {
5868 DEBUG(3, ("rename_internals_fsp returned %s for "
5869 "rename %s -> %s\n", nt_errstr(status),
5870 directory, newname));
5876 DEBUG(3,("rename_internals: doing rename on %s -> "
5877 "%s\n",fname,destname));
5880 TALLOC_FREE(destname);
5882 TALLOC_FREE(dir_hnd);
5884 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
5885 status = map_nt_error_from_unix(errno);
5891 /****************************************************************************
5893 ****************************************************************************/
5895 void reply_mv(struct smb_request *req)
5897 connection_struct *conn = req->conn;
5899 char *newname = NULL;
5903 bool src_has_wcard = False;
5904 bool dest_has_wcard = False;
5905 TALLOC_CTX *ctx = talloc_tos();
5907 START_PROFILE(SMBmv);
5910 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5915 attrs = SVAL(req->vwv+0, 0);
5917 p = (const char *)req->buf + 1;
5918 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
5919 &status, &src_has_wcard);
5920 if (!NT_STATUS_IS_OK(status)) {
5921 reply_nterror(req, status);
5926 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
5927 &status, &dest_has_wcard);
5928 if (!NT_STATUS_IS_OK(status)) {
5929 reply_nterror(req, status);
5934 status = resolve_dfspath_wcard(ctx, conn,
5935 req->flags2 & FLAGS2_DFS_PATHNAMES,
5939 if (!NT_STATUS_IS_OK(status)) {
5940 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5941 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5942 ERRSRV, ERRbadpath);
5946 reply_nterror(req, status);
5951 status = resolve_dfspath_wcard(ctx, conn,
5952 req->flags2 & FLAGS2_DFS_PATHNAMES,
5956 if (!NT_STATUS_IS_OK(status)) {
5957 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5958 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5959 ERRSRV, ERRbadpath);
5963 reply_nterror(req, status);
5968 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5970 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5971 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
5972 if (!NT_STATUS_IS_OK(status)) {
5973 if (open_was_deferred(req->mid)) {
5974 /* We have re-scheduled this call. */
5978 reply_nterror(req, status);
5983 reply_outbuf(req, 0, 0);
5989 /*******************************************************************
5990 Copy a file as part of a reply_copy.
5991 ******************************************************************/
5994 * TODO: check error codes on all callers
5997 NTSTATUS copy_file(TALLOC_CTX *ctx,
5998 connection_struct *conn,
6003 bool target_is_directory)
6005 SMB_STRUCT_STAT src_sbuf, sbuf2;
6007 files_struct *fsp1,*fsp2;
6010 uint32 new_create_disposition;
6013 dest = talloc_strdup(ctx, dest1);
6015 return NT_STATUS_NO_MEMORY;
6017 if (target_is_directory) {
6018 const char *p = strrchr_m(src,'/');
6024 dest = talloc_asprintf_append(dest,
6028 return NT_STATUS_NO_MEMORY;
6032 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6034 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6037 if (!target_is_directory && count) {
6038 new_create_disposition = FILE_OPEN;
6040 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6041 NULL, NULL, &new_create_disposition, NULL)) {
6043 return NT_STATUS_INVALID_PARAMETER;
6047 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6049 FILE_SHARE_READ|FILE_SHARE_WRITE,
6052 FILE_ATTRIBUTE_NORMAL,
6056 if (!NT_STATUS_IS_OK(status)) {
6061 dosattrs = dos_mode(conn, src, &src_sbuf);
6062 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6063 ZERO_STRUCTP(&sbuf2);
6066 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6068 FILE_SHARE_READ|FILE_SHARE_WRITE,
6069 new_create_disposition,
6077 if (!NT_STATUS_IS_OK(status)) {
6078 close_file(NULL, fsp1, ERROR_CLOSE);
6082 if ((ofun&3) == 1) {
6083 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6084 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6086 * Stop the copy from occurring.
6089 src_sbuf.st_size = 0;
6093 if (src_sbuf.st_size) {
6094 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6097 close_file(NULL, fsp1, NORMAL_CLOSE);
6099 /* Ensure the modtime is set correctly on the destination file. */
6100 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6103 * As we are opening fsp1 read-only we only expect
6104 * an error on close on fsp2 if we are out of space.
6105 * Thus we don't look at the error return from the
6108 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6110 if (!NT_STATUS_IS_OK(status)) {
6114 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6115 return NT_STATUS_DISK_FULL;
6118 return NT_STATUS_OK;
6121 /****************************************************************************
6122 Reply to a file copy.
6123 ****************************************************************************/
6125 void reply_copy(struct smb_request *req)
6127 connection_struct *conn = req->conn;
6129 char *newname = NULL;
6130 char *directory = NULL;
6131 const char *mask = NULL;
6132 const char mask_star[] = "*";
6135 int error = ERRnoaccess;
6140 bool target_is_directory=False;
6141 bool source_has_wild = False;
6142 bool dest_has_wild = False;
6143 SMB_STRUCT_STAT sbuf1, sbuf2;
6145 TALLOC_CTX *ctx = talloc_tos();
6147 START_PROFILE(SMBcopy);
6150 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6151 END_PROFILE(SMBcopy);
6155 tid2 = SVAL(req->vwv+0, 0);
6156 ofun = SVAL(req->vwv+1, 0);
6157 flags = SVAL(req->vwv+2, 0);
6159 p = (const char *)req->buf;
6160 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6161 &status, &source_has_wild);
6162 if (!NT_STATUS_IS_OK(status)) {
6163 reply_nterror(req, status);
6164 END_PROFILE(SMBcopy);
6167 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6168 &status, &dest_has_wild);
6169 if (!NT_STATUS_IS_OK(status)) {
6170 reply_nterror(req, status);
6171 END_PROFILE(SMBcopy);
6175 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6177 if (tid2 != conn->cnum) {
6178 /* can't currently handle inter share copies XXXX */
6179 DEBUG(3,("Rejecting inter-share copy\n"));
6180 reply_doserror(req, ERRSRV, ERRinvdevice);
6181 END_PROFILE(SMBcopy);
6185 status = resolve_dfspath_wcard(ctx, conn,
6186 req->flags2 & FLAGS2_DFS_PATHNAMES,
6190 if (!NT_STATUS_IS_OK(status)) {
6191 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6192 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6193 ERRSRV, ERRbadpath);
6194 END_PROFILE(SMBcopy);
6197 reply_nterror(req, status);
6198 END_PROFILE(SMBcopy);
6202 status = resolve_dfspath_wcard(ctx, conn,
6203 req->flags2 & FLAGS2_DFS_PATHNAMES,
6207 if (!NT_STATUS_IS_OK(status)) {
6208 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6209 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6210 ERRSRV, ERRbadpath);
6211 END_PROFILE(SMBcopy);
6214 reply_nterror(req, status);
6215 END_PROFILE(SMBcopy);
6219 status = unix_convert(ctx, conn, name, source_has_wild,
6220 &name, NULL, &sbuf1);
6221 if (!NT_STATUS_IS_OK(status)) {
6222 reply_nterror(req, status);
6223 END_PROFILE(SMBcopy);
6227 status = unix_convert(ctx, conn, newname, dest_has_wild,
6228 &newname, NULL, &sbuf2);
6229 if (!NT_STATUS_IS_OK(status)) {
6230 reply_nterror(req, status);
6231 END_PROFILE(SMBcopy);
6235 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6237 if ((flags&1) && target_is_directory) {
6238 reply_doserror(req, ERRDOS, ERRbadfile);
6239 END_PROFILE(SMBcopy);
6243 if ((flags&2) && !target_is_directory) {
6244 reply_doserror(req, ERRDOS, ERRbadpath);
6245 END_PROFILE(SMBcopy);
6249 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6250 /* wants a tree copy! XXXX */
6251 DEBUG(3,("Rejecting tree copy\n"));
6252 reply_doserror(req, ERRSRV, ERRerror);
6253 END_PROFILE(SMBcopy);
6257 p = strrchr_m(name,'/');
6259 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6262 directory = talloc_strdup(ctx, "./");
6267 reply_nterror(req, NT_STATUS_NO_MEMORY);
6268 END_PROFILE(SMBcopy);
6273 * We should only check the mangled cache
6274 * here if unix_convert failed. This means
6275 * that the path in 'mask' doesn't exist
6276 * on the file system and so we need to look
6277 * for a possible mangle. This patch from
6278 * Tine Smukavec <valentin.smukavec@hermes.si>.
6281 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6282 char *new_mask = NULL;
6283 mangle_lookup_name_from_8_3(ctx,
6292 if (!source_has_wild) {
6293 directory = talloc_asprintf_append(directory,
6296 if (dest_has_wild) {
6297 char *mod_newname = NULL;
6298 if (!resolve_wildcards(ctx,
6299 directory,newname,&mod_newname)) {
6300 reply_nterror(req, NT_STATUS_NO_MEMORY);
6301 END_PROFILE(SMBcopy);
6304 newname = mod_newname;
6307 status = check_name(conn, directory);
6308 if (!NT_STATUS_IS_OK(status)) {
6309 reply_nterror(req, status);
6310 END_PROFILE(SMBcopy);
6314 status = check_name(conn, newname);
6315 if (!NT_STATUS_IS_OK(status)) {
6316 reply_nterror(req, status);
6317 END_PROFILE(SMBcopy);
6321 status = copy_file(ctx,conn,directory,newname,ofun,
6322 count,target_is_directory);
6324 if(!NT_STATUS_IS_OK(status)) {
6325 reply_nterror(req, status);
6326 END_PROFILE(SMBcopy);
6332 struct smb_Dir *dir_hnd = NULL;
6333 const char *dname = NULL;
6336 if (strequal(mask,"????????.???")) {
6340 status = check_name(conn, directory);
6341 if (!NT_STATUS_IS_OK(status)) {
6342 reply_nterror(req, status);
6343 END_PROFILE(SMBcopy);
6347 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6348 if (dir_hnd == NULL) {
6349 status = map_nt_error_from_unix(errno);
6350 reply_nterror(req, status);
6351 END_PROFILE(SMBcopy);
6357 while ((dname = ReadDirName(dir_hnd, &offset))) {
6358 char *destname = NULL;
6361 if (ISDOT(dname) || ISDOTDOT(dname)) {
6365 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6369 if(!mask_match(dname, mask, conn->case_sensitive)) {
6373 error = ERRnoaccess;
6374 fname = talloc_asprintf(ctx,
6379 TALLOC_FREE(dir_hnd);
6380 reply_nterror(req, NT_STATUS_NO_MEMORY);
6381 END_PROFILE(SMBcopy);
6385 if (!resolve_wildcards(ctx,
6386 fname,newname,&destname)) {
6390 TALLOC_FREE(dir_hnd);
6391 reply_nterror(req, NT_STATUS_NO_MEMORY);
6392 END_PROFILE(SMBcopy);
6396 status = check_name(conn, fname);
6397 if (!NT_STATUS_IS_OK(status)) {
6398 TALLOC_FREE(dir_hnd);
6399 reply_nterror(req, status);
6400 END_PROFILE(SMBcopy);
6404 status = check_name(conn, destname);
6405 if (!NT_STATUS_IS_OK(status)) {
6406 TALLOC_FREE(dir_hnd);
6407 reply_nterror(req, status);
6408 END_PROFILE(SMBcopy);
6412 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6414 status = copy_file(ctx,conn,fname,destname,ofun,
6415 count,target_is_directory);
6416 if (NT_STATUS_IS_OK(status)) {
6420 TALLOC_FREE(destname);
6422 TALLOC_FREE(dir_hnd);
6427 /* Error on close... */
6429 reply_unixerror(req, ERRHRD, ERRgeneral);
6430 END_PROFILE(SMBcopy);
6434 reply_doserror(req, ERRDOS, error);
6435 END_PROFILE(SMBcopy);
6439 reply_outbuf(req, 1, 0);
6440 SSVAL(req->outbuf,smb_vwv0,count);
6442 END_PROFILE(SMBcopy);
6447 #define DBGC_CLASS DBGC_LOCKING
6449 /****************************************************************************
6450 Get a lock pid, dealing with large count requests.
6451 ****************************************************************************/
6453 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6454 bool large_file_format)
6456 if(!large_file_format)
6457 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6459 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6462 /****************************************************************************
6463 Get a lock count, dealing with large count requests.
6464 ****************************************************************************/
6466 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6467 bool large_file_format)
6471 if(!large_file_format) {
6472 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6475 #if defined(HAVE_LONGLONG)
6476 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6477 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6478 #else /* HAVE_LONGLONG */
6481 * NT4.x seems to be broken in that it sends large file (64 bit)
6482 * lockingX calls even if the CAP_LARGE_FILES was *not*
6483 * negotiated. For boxes without large unsigned ints truncate the
6484 * lock count by dropping the top 32 bits.
6487 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6488 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6489 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6490 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6491 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6494 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6495 #endif /* HAVE_LONGLONG */
6501 #if !defined(HAVE_LONGLONG)
6502 /****************************************************************************
6503 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6504 ****************************************************************************/
6506 static uint32 map_lock_offset(uint32 high, uint32 low)
6510 uint32 highcopy = high;
6513 * Try and find out how many significant bits there are in high.
6516 for(i = 0; highcopy; i++)
6520 * We use 31 bits not 32 here as POSIX
6521 * lock offsets may not be negative.
6524 mask = (~0) << (31 - i);
6527 return 0; /* Fail. */
6533 #endif /* !defined(HAVE_LONGLONG) */
6535 /****************************************************************************
6536 Get a lock offset, dealing with large offset requests.
6537 ****************************************************************************/
6539 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6540 bool large_file_format, bool *err)
6542 uint64_t offset = 0;
6546 if(!large_file_format) {
6547 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6550 #if defined(HAVE_LONGLONG)
6551 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6552 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6553 #else /* HAVE_LONGLONG */
6556 * NT4.x seems to be broken in that it sends large file (64 bit)
6557 * lockingX calls even if the CAP_LARGE_FILES was *not*
6558 * negotiated. For boxes without large unsigned ints mangle the
6559 * lock offset by mapping the top 32 bits onto the lower 32.
6562 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6563 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6564 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6567 if((new_low = map_lock_offset(high, low)) == 0) {
6569 return (uint64_t)-1;
6572 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6573 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6574 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6575 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6578 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6579 #endif /* HAVE_LONGLONG */
6585 /****************************************************************************
6586 Reply to a lockingX request.
6587 ****************************************************************************/
6589 void reply_lockingX(struct smb_request *req)
6591 connection_struct *conn = req->conn;
6593 unsigned char locktype;
6594 unsigned char oplocklevel;
6597 uint64_t count = 0, offset = 0;
6601 const uint8_t *data;
6602 bool large_file_format;
6604 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6606 START_PROFILE(SMBlockingX);
6609 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6610 END_PROFILE(SMBlockingX);
6614 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6615 locktype = CVAL(req->vwv+3, 0);
6616 oplocklevel = CVAL(req->vwv+3, 1);
6617 num_ulocks = SVAL(req->vwv+6, 0);
6618 num_locks = SVAL(req->vwv+7, 0);
6619 lock_timeout = IVAL(req->vwv+4, 0);
6620 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6622 if (!check_fsp(conn, req, fsp)) {
6623 END_PROFILE(SMBlockingX);
6629 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6630 /* we don't support these - and CANCEL_LOCK makes w2k
6631 and XP reboot so I don't really want to be
6632 compatible! (tridge) */
6633 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6634 END_PROFILE(SMBlockingX);
6638 /* Check if this is an oplock break on a file
6639 we have granted an oplock on.
6641 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6642 /* Client can insist on breaking to none. */
6643 bool break_to_none = (oplocklevel == 0);
6646 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6647 "for fnum = %d\n", (unsigned int)oplocklevel,
6651 * Make sure we have granted an exclusive or batch oplock on
6655 if (fsp->oplock_type == 0) {
6657 /* The Samba4 nbench simulator doesn't understand
6658 the difference between break to level2 and break
6659 to none from level2 - it sends oplock break
6660 replies in both cases. Don't keep logging an error
6661 message here - just ignore it. JRA. */
6663 DEBUG(5,("reply_lockingX: Error : oplock break from "
6664 "client for fnum = %d (oplock=%d) and no "
6665 "oplock granted on this file (%s).\n",
6666 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6668 /* if this is a pure oplock break request then don't
6670 if (num_locks == 0 && num_ulocks == 0) {
6671 END_PROFILE(SMBlockingX);
6674 END_PROFILE(SMBlockingX);
6675 reply_doserror(req, ERRDOS, ERRlock);
6680 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6682 result = remove_oplock(fsp);
6684 result = downgrade_oplock(fsp);
6688 DEBUG(0, ("reply_lockingX: error in removing "
6689 "oplock on file %s\n", fsp->fsp_name));
6690 /* Hmmm. Is this panic justified? */
6691 smb_panic("internal tdb error");
6694 reply_to_oplock_break_requests(fsp);
6696 /* if this is a pure oplock break request then don't send a
6698 if (num_locks == 0 && num_ulocks == 0) {
6699 /* Sanity check - ensure a pure oplock break is not a
6701 if(CVAL(req->vwv+0, 0) != 0xff)
6702 DEBUG(0,("reply_lockingX: Error : pure oplock "
6703 "break is a chained %d request !\n",
6704 (unsigned int)CVAL(req->vwv+0, 0)));
6705 END_PROFILE(SMBlockingX);
6711 * We do this check *after* we have checked this is not a oplock break
6712 * response message. JRA.
6715 release_level_2_oplocks_on_change(fsp);
6718 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6719 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6720 END_PROFILE(SMBlockingX);
6724 /* Data now points at the beginning of the list
6725 of smb_unlkrng structs */
6726 for(i = 0; i < (int)num_ulocks; i++) {
6727 lock_pid = get_lock_pid( data, i, large_file_format);
6728 count = get_lock_count( data, i, large_file_format);
6729 offset = get_lock_offset( data, i, large_file_format, &err);
6732 * There is no error code marked "stupid client bug".... :-).
6735 END_PROFILE(SMBlockingX);
6736 reply_doserror(req, ERRDOS, ERRnoaccess);
6740 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6741 "pid %u, file %s\n", (double)offset, (double)count,
6742 (unsigned int)lock_pid, fsp->fsp_name ));
6744 status = do_unlock(smbd_messaging_context(),
6751 if (NT_STATUS_V(status)) {
6752 END_PROFILE(SMBlockingX);
6753 reply_nterror(req, status);
6758 /* Setup the timeout in seconds. */
6760 if (!lp_blocking_locks(SNUM(conn))) {
6764 /* Now do any requested locks */
6765 data += ((large_file_format ? 20 : 10)*num_ulocks);
6767 /* Data now points at the beginning of the list
6768 of smb_lkrng structs */
6770 for(i = 0; i < (int)num_locks; i++) {
6771 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6772 READ_LOCK:WRITE_LOCK);
6773 lock_pid = get_lock_pid( data, i, large_file_format);
6774 count = get_lock_count( data, i, large_file_format);
6775 offset = get_lock_offset( data, i, large_file_format, &err);
6778 * There is no error code marked "stupid client bug".... :-).
6781 END_PROFILE(SMBlockingX);
6782 reply_doserror(req, ERRDOS, ERRnoaccess);
6786 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6787 "%u, file %s timeout = %d\n", (double)offset,
6788 (double)count, (unsigned int)lock_pid,
6789 fsp->fsp_name, (int)lock_timeout ));
6791 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6792 if (lp_blocking_locks(SNUM(conn))) {
6794 /* Schedule a message to ourselves to
6795 remove the blocking lock record and
6796 return the right error. */
6798 if (!blocking_lock_cancel(fsp,
6804 NT_STATUS_FILE_LOCK_CONFLICT)) {
6805 END_PROFILE(SMBlockingX);
6810 ERRcancelviolation));
6814 /* Remove a matching pending lock. */
6815 status = do_lock_cancel(fsp,
6821 bool blocking_lock = lock_timeout ? True : False;
6822 bool defer_lock = False;
6823 struct byte_range_lock *br_lck;
6824 uint32 block_smbpid;
6826 br_lck = do_lock(smbd_messaging_context(),
6837 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6838 /* Windows internal resolution for blocking locks seems
6839 to be about 200ms... Don't wait for less than that. JRA. */
6840 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6841 lock_timeout = lp_lock_spin_time();
6846 /* This heuristic seems to match W2K3 very well. If a
6847 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6848 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6849 far as I can tell. Replacement for do_lock_spin(). JRA. */
6851 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6852 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6854 lock_timeout = lp_lock_spin_time();
6857 if (br_lck && defer_lock) {
6859 * A blocking lock was requested. Package up
6860 * this smb into a queued request and push it
6861 * onto the blocking lock queue.
6863 if(push_blocking_lock_request(br_lck,
6874 TALLOC_FREE(br_lck);
6875 END_PROFILE(SMBlockingX);
6880 TALLOC_FREE(br_lck);
6883 if (NT_STATUS_V(status)) {
6884 END_PROFILE(SMBlockingX);
6885 reply_nterror(req, status);
6890 /* If any of the above locks failed, then we must unlock
6891 all of the previous locks (X/Open spec). */
6893 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6897 * Ensure we don't do a remove on the lock that just failed,
6898 * as under POSIX rules, if we have a lock already there, we
6899 * will delete it (and we shouldn't) .....
6901 for(i--; i >= 0; i--) {
6902 lock_pid = get_lock_pid( data, i, large_file_format);
6903 count = get_lock_count( data, i, large_file_format);
6904 offset = get_lock_offset( data, i, large_file_format,
6908 * There is no error code marked "stupid client
6912 END_PROFILE(SMBlockingX);
6913 reply_doserror(req, ERRDOS, ERRnoaccess);
6917 do_unlock(smbd_messaging_context(),
6924 END_PROFILE(SMBlockingX);
6925 reply_nterror(req, status);
6929 reply_outbuf(req, 2, 0);
6931 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6932 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6934 END_PROFILE(SMBlockingX);
6939 #define DBGC_CLASS DBGC_ALL
6941 /****************************************************************************
6942 Reply to a SMBreadbmpx (read block multiplex) request.
6943 Always reply with an error, if someone has a platform really needs this,
6944 please contact vl@samba.org
6945 ****************************************************************************/
6947 void reply_readbmpx(struct smb_request *req)
6949 START_PROFILE(SMBreadBmpx);
6950 reply_doserror(req, ERRSRV, ERRuseSTD);
6951 END_PROFILE(SMBreadBmpx);
6955 /****************************************************************************
6956 Reply to a SMBreadbs (read block multiplex secondary) request.
6957 Always reply with an error, if someone has a platform really needs this,
6958 please contact vl@samba.org
6959 ****************************************************************************/
6961 void reply_readbs(struct smb_request *req)
6963 START_PROFILE(SMBreadBs);
6964 reply_doserror(req, ERRSRV, ERRuseSTD);
6965 END_PROFILE(SMBreadBs);
6969 /****************************************************************************
6970 Reply to a SMBsetattrE.
6971 ****************************************************************************/
6973 void reply_setattrE(struct smb_request *req)
6975 connection_struct *conn = req->conn;
6976 struct timespec ts[2];
6978 SMB_STRUCT_STAT sbuf;
6981 START_PROFILE(SMBsetattrE);
6984 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6985 END_PROFILE(SMBsetattrE);
6989 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
6991 if(!fsp || (fsp->conn != conn)) {
6992 reply_doserror(req, ERRDOS, ERRbadfid);
6993 END_PROFILE(SMBsetattrE);
6999 * Convert the DOS times into unix times. Ignore create
7000 * time as UNIX can't set this.
7003 ts[0] = convert_time_t_to_timespec(
7004 srv_make_unix_date2(req->vwv+3)); /* atime. */
7005 ts[1] = convert_time_t_to_timespec(
7006 srv_make_unix_date2(req->vwv+5)); /* mtime. */
7008 reply_outbuf(req, 0, 0);
7011 * Patch from Ray Frush <frush@engr.colostate.edu>
7012 * Sometimes times are sent as zero - ignore them.
7015 /* Ensure we have a valid stat struct for the source. */
7016 if (fsp->fh->fd != -1) {
7017 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7018 status = map_nt_error_from_unix(errno);
7019 reply_nterror(req, status);
7020 END_PROFILE(SMBsetattrE);
7024 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) {
7025 status = map_nt_error_from_unix(errno);
7026 reply_nterror(req, status);
7027 END_PROFILE(SMBsetattrE);
7032 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7034 if (!NT_STATUS_IS_OK(status)) {
7035 reply_doserror(req, ERRDOS, ERRnoaccess);
7036 END_PROFILE(SMBsetattrE);
7040 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7042 (unsigned int)ts[0].tv_sec,
7043 (unsigned int)ts[1].tv_sec));
7045 END_PROFILE(SMBsetattrE);
7050 /* Back from the dead for OS/2..... JRA. */
7052 /****************************************************************************
7053 Reply to a SMBwritebmpx (write block multiplex primary) request.
7054 Always reply with an error, if someone has a platform really needs this,
7055 please contact vl@samba.org
7056 ****************************************************************************/
7058 void reply_writebmpx(struct smb_request *req)
7060 START_PROFILE(SMBwriteBmpx);
7061 reply_doserror(req, ERRSRV, ERRuseSTD);
7062 END_PROFILE(SMBwriteBmpx);
7066 /****************************************************************************
7067 Reply to a SMBwritebs (write block multiplex secondary) request.
7068 Always reply with an error, if someone has a platform really needs this,
7069 please contact vl@samba.org
7070 ****************************************************************************/
7072 void reply_writebs(struct smb_request *req)
7074 START_PROFILE(SMBwriteBs);
7075 reply_doserror(req, ERRSRV, ERRuseSTD);
7076 END_PROFILE(SMBwriteBs);
7080 /****************************************************************************
7081 Reply to a SMBgetattrE.
7082 ****************************************************************************/
7084 void reply_getattrE(struct smb_request *req)
7086 connection_struct *conn = req->conn;
7087 SMB_STRUCT_STAT sbuf;
7090 struct timespec create_ts;
7092 START_PROFILE(SMBgetattrE);
7095 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7096 END_PROFILE(SMBgetattrE);
7100 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7102 if(!fsp || (fsp->conn != conn)) {
7103 reply_doserror(req, ERRDOS, ERRbadfid);
7104 END_PROFILE(SMBgetattrE);
7108 /* Do an fstat on this file */
7109 if(fsp_stat(fsp, &sbuf)) {
7110 reply_unixerror(req, ERRDOS, ERRnoaccess);
7111 END_PROFILE(SMBgetattrE);
7115 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7118 * Convert the times into dos times. Set create
7119 * date to be last modify date as UNIX doesn't save
7123 reply_outbuf(req, 11, 0);
7125 create_ts = get_create_timespec(&sbuf,
7126 lp_fake_dir_create_times(SNUM(conn)));
7127 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7128 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7129 /* Should we check pending modtime here ? JRA */
7130 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7133 SIVAL(req->outbuf, smb_vwv6, 0);
7134 SIVAL(req->outbuf, smb_vwv8, 0);
7136 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7137 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7138 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7140 SSVAL(req->outbuf,smb_vwv10, mode);
7142 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7144 END_PROFILE(SMBgetattrE);