2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 extern enum protocol_types Protocol;
32 /****************************************************************************
33 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
34 path or anything including wildcards.
35 We're assuming here that '/' is not the second byte in any multibyte char
36 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
38 ****************************************************************************/
40 /* Custom version for processing POSIX paths. */
41 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
43 static NTSTATUS check_path_syntax_internal(char *path,
45 bool *p_last_component_contains_wcard)
49 NTSTATUS ret = NT_STATUS_OK;
50 bool start_of_name_component = True;
51 bool stream_started = false;
53 *p_last_component_contains_wcard = False;
60 return NT_STATUS_OBJECT_NAME_INVALID;
63 return NT_STATUS_OBJECT_NAME_INVALID;
65 if (strchr_m(&s[1], ':')) {
66 return NT_STATUS_OBJECT_NAME_INVALID;
68 if (StrCaseCmp(s, ":$DATA") != 0) {
69 return NT_STATUS_INVALID_PARAMETER;
75 if (!posix_path && !stream_started && *s == ':') {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
85 stream_started = true;
86 start_of_name_component = false;
90 return NT_STATUS_OBJECT_NAME_INVALID;
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
108 start_of_name_component = True;
110 *p_last_component_contains_wcard = False;
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
119 * No mb char starts with '.' so we're safe checking the directory separator here.
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
128 /* Are we at the start ? Can't go back further if so. */
130 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
133 /* Go back one level... */
134 /* We know this is safe as '/' cannot be part of a mb sequence. */
135 /* NOTE - if this assumption is invalid we are not in good shape... */
136 /* Decrement d first as d points to the *next* char to write into. */
137 for (d--; d > path; d--) {
141 s += 2; /* Else go past the .. */
142 /* We're still at the start of a name component, just the previous one. */
145 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
157 if (*s <= 0x1f || *s == '|') {
158 return NT_STATUS_OBJECT_NAME_INVALID;
166 *p_last_component_contains_wcard = True;
175 /* Get the size of the next MB character. */
176 next_codepoint(s,&siz);
194 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
196 return NT_STATUS_INVALID_PARAMETER;
199 start_of_name_component = False;
207 /****************************************************************************
208 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
209 No wildcards allowed.
210 ****************************************************************************/
212 NTSTATUS check_path_syntax(char *path)
215 return check_path_syntax_internal(path, False, &ignore);
218 /****************************************************************************
219 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
220 Wildcards allowed - p_contains_wcard returns true if the last component contained
222 ****************************************************************************/
224 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
226 return check_path_syntax_internal(path, False, p_contains_wcard);
229 /****************************************************************************
230 Check the path for a POSIX client.
231 We're assuming here that '/' is not the second byte in any multibyte char
232 set (a safe assumption).
233 ****************************************************************************/
235 NTSTATUS check_path_syntax_posix(char *path)
238 return check_path_syntax_internal(path, True, &ignore);
241 /****************************************************************************
242 Pull a string and check the path allowing a wilcard - provide for error return.
243 ****************************************************************************/
245 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
246 const char *base_ptr,
253 bool *contains_wcard)
259 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
263 *err = NT_STATUS_INVALID_PARAMETER;
267 *contains_wcard = False;
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(*pp_dest);
281 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
287 /****************************************************************************
288 Pull a string and check the path - provide for error return.
289 ****************************************************************************/
291 size_t srvstr_get_path(TALLOC_CTX *ctx,
292 const char *base_ptr,
301 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
302 src_len, flags, err, &ignore);
305 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
306 char **pp_dest, const char *src, int flags,
307 NTSTATUS *err, bool *contains_wcard)
309 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
310 pp_dest, src, smbreq_bufrem(req, src),
311 flags, err, contains_wcard);
314 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
315 char **pp_dest, const char *src, int flags,
319 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
320 flags, err, &ignore);
323 /****************************************************************************
324 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
325 ****************************************************************************/
327 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
330 if (!(fsp) || !(conn)) {
331 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
334 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
341 /****************************************************************************
342 Check if we have a correct fsp pointing to a file.
343 ****************************************************************************/
345 bool check_fsp(connection_struct *conn, struct smb_request *req,
348 if (!check_fsp_open(conn, req, fsp)) {
351 if ((fsp)->is_directory) {
352 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
355 if ((fsp)->fh->fd == -1) {
356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
359 (fsp)->num_smb_operations++;
363 /****************************************************************************
364 Check if we have a correct fsp pointing to a quota fake file. Replacement for
365 the CHECK_NTQUOTA_HANDLE_OK macro.
366 ****************************************************************************/
368 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
371 if (!check_fsp_open(conn, req, fsp)) {
375 if (fsp->is_directory) {
379 if (fsp->fake_file_handle == NULL) {
383 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
387 if (fsp->fake_file_handle->private_data == NULL) {
394 /****************************************************************************
395 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
396 ****************************************************************************/
398 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
401 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
402 && (req->vuid == (fsp)->vuid)) {
406 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
410 static bool netbios_session_retarget(const char *name, int name_type)
413 char *trim_name_type;
414 const char *retarget_parm;
417 int retarget_type = 0x20;
418 int retarget_port = 139;
419 struct sockaddr_storage retarget_addr;
420 struct sockaddr_in *in_addr;
424 if (get_socket_port(smbd_server_fd()) != 139) {
428 trim_name = talloc_strdup(talloc_tos(), name);
429 if (trim_name == NULL) {
432 trim_char(trim_name, ' ', ' ');
434 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
436 if (trim_name_type == NULL) {
440 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 trim_name_type, NULL);
442 if (retarget_parm == NULL) {
443 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
446 if (retarget_parm == NULL) {
450 retarget = talloc_strdup(trim_name, retarget_parm);
451 if (retarget == NULL) {
455 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
457 p = strchr(retarget, ':');
460 retarget_port = atoi(p);
463 p = strchr_m(retarget, '#');
466 sscanf(p, "%x", &retarget_type);
469 ret = resolve_name(retarget, &retarget_addr, retarget_type);
471 DEBUG(10, ("could not resolve %s\n", retarget));
475 if (retarget_addr.ss_family != AF_INET) {
476 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
480 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
482 _smb_setlen(outbuf, 6);
483 SCVAL(outbuf, 0, 0x84);
484 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
485 *(uint16_t *)(outbuf+8) = htons(retarget_port);
487 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
489 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
495 TALLOC_FREE(trim_name);
499 /****************************************************************************
500 Reply to a (netbios-level) special message.
501 ****************************************************************************/
503 void reply_special(char *inbuf)
505 int msg_type = CVAL(inbuf,0);
506 int msg_flags = CVAL(inbuf,1);
508 char name_type1, name_type2;
511 * We only really use 4 bytes of the outbuf, but for the smb_setlen
512 * calculation & friends (srv_send_smb uses that) we need the full smb
515 char outbuf[smb_size];
519 memset(outbuf, '\0', sizeof(outbuf));
521 smb_setlen(outbuf,0);
524 case 0x81: /* session request */
526 if (already_got_session) {
527 exit_server_cleanly("multiple session request not permitted");
530 SCVAL(outbuf,0,0x82);
532 if (name_len(inbuf+4) > 50 ||
533 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
534 DEBUG(0,("Invalid name length in session request\n"));
537 name_type1 = name_extract(inbuf,4,name1);
538 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
539 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
540 name1, name_type1, name2, name_type2));
542 if (netbios_session_retarget(name1, name_type1)) {
543 exit_server_cleanly("retargeted client");
546 set_local_machine_name(name1, True);
547 set_remote_machine_name(name2, True);
549 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
550 get_local_machine_name(), get_remote_machine_name(),
553 if (name_type2 == 'R') {
554 /* We are being asked for a pathworks session ---
556 SCVAL(outbuf, 0,0x83);
560 /* only add the client's machine name to the list
561 of possibly valid usernames if we are operating
562 in share mode security */
563 if (lp_security() == SEC_SHARE) {
564 add_session_user(get_remote_machine_name());
567 reload_services(True);
570 already_got_session = True;
573 case 0x89: /* session keepalive request
574 (some old clients produce this?) */
575 SCVAL(outbuf,0,SMBkeepalive);
579 case 0x82: /* positive session response */
580 case 0x83: /* negative session response */
581 case 0x84: /* retarget session response */
582 DEBUG(0,("Unexpected session response\n"));
585 case SMBkeepalive: /* session keepalive */
590 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
591 msg_type, msg_flags));
593 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
597 /****************************************************************************
599 conn POINTER CAN BE NULL HERE !
600 ****************************************************************************/
602 void reply_tcon(struct smb_request *req)
604 connection_struct *conn = req->conn;
606 char *service_buf = NULL;
607 char *password = NULL;
612 DATA_BLOB password_blob;
613 TALLOC_CTX *ctx = talloc_tos();
615 START_PROFILE(SMBtcon);
617 if (req->buflen < 4) {
618 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
619 END_PROFILE(SMBtcon);
623 p = (const char *)req->buf + 1;
624 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
626 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
628 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
631 if (service_buf == NULL || password == NULL || dev == NULL) {
632 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
633 END_PROFILE(SMBtcon);
636 p = strrchr_m(service_buf,'\\');
640 service = service_buf;
643 password_blob = data_blob(password, pwlen+1);
645 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
648 data_blob_clear_free(&password_blob);
651 reply_nterror(req, nt_status);
652 END_PROFILE(SMBtcon);
656 reply_outbuf(req, 2, 0);
657 SSVAL(req->outbuf,smb_vwv0,max_recv);
658 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
659 SSVAL(req->outbuf,smb_tid,conn->cnum);
661 DEBUG(3,("tcon service=%s cnum=%d\n",
662 service, conn->cnum));
664 END_PROFILE(SMBtcon);
668 /****************************************************************************
669 Reply to a tcon and X.
670 conn POINTER CAN BE NULL HERE !
671 ****************************************************************************/
673 void reply_tcon_and_X(struct smb_request *req)
675 connection_struct *conn = req->conn;
676 const char *service = NULL;
678 TALLOC_CTX *ctx = talloc_tos();
679 /* what the cleint thinks the device is */
680 char *client_devicetype = NULL;
681 /* what the server tells the client the share represents */
682 const char *server_devicetype;
689 START_PROFILE(SMBtconX);
692 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
693 END_PROFILE(SMBtconX);
697 passlen = SVAL(req->vwv+3, 0);
698 tcon_flags = SVAL(req->vwv+2, 0);
700 /* we might have to close an old one */
701 if ((tcon_flags & 0x1) && conn) {
702 close_cnum(conn,req->vuid);
707 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
708 reply_doserror(req, ERRDOS, ERRbuftoosmall);
709 END_PROFILE(SMBtconX);
713 if (global_encrypted_passwords_negotiated) {
714 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
715 if (lp_security() == SEC_SHARE) {
717 * Security = share always has a pad byte
718 * after the password.
720 p = (const char *)req->buf + passlen + 1;
722 p = (const char *)req->buf + passlen;
725 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
726 /* Ensure correct termination */
727 password.data[passlen]=0;
728 p = (const char *)req->buf + passlen + 1;
731 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
734 data_blob_clear_free(&password);
735 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
736 END_PROFILE(SMBtconX);
741 * the service name can be either: \\server\share
742 * or share directly like on the DELL PowerVault 705
745 q = strchr_m(path+2,'\\');
747 data_blob_clear_free(&password);
748 reply_doserror(req, ERRDOS, ERRnosuchshare);
749 END_PROFILE(SMBtconX);
757 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
758 &client_devicetype, p,
759 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
761 if (client_devicetype == NULL) {
762 data_blob_clear_free(&password);
763 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
764 END_PROFILE(SMBtconX);
768 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
770 conn = make_connection(service, password, client_devicetype,
771 req->vuid, &nt_status);
774 data_blob_clear_free(&password);
777 reply_nterror(req, nt_status);
778 END_PROFILE(SMBtconX);
783 server_devicetype = "IPC";
784 else if ( IS_PRINT(conn) )
785 server_devicetype = "LPT1:";
787 server_devicetype = "A:";
789 if (Protocol < PROTOCOL_NT1) {
790 reply_outbuf(req, 2, 0);
791 if (message_push_string(&req->outbuf, server_devicetype,
792 STR_TERMINATE|STR_ASCII) == -1) {
793 reply_nterror(req, NT_STATUS_NO_MEMORY);
794 END_PROFILE(SMBtconX);
798 /* NT sets the fstype of IPC$ to the null string */
799 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
801 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
802 /* Return permissions. */
806 reply_outbuf(req, 7, 0);
809 perm1 = FILE_ALL_ACCESS;
810 perm2 = FILE_ALL_ACCESS;
812 perm1 = CAN_WRITE(conn) ?
817 SIVAL(req->outbuf, smb_vwv3, perm1);
818 SIVAL(req->outbuf, smb_vwv5, perm2);
820 reply_outbuf(req, 3, 0);
823 if ((message_push_string(&req->outbuf, server_devicetype,
824 STR_TERMINATE|STR_ASCII) == -1)
825 || (message_push_string(&req->outbuf, fstype,
826 STR_TERMINATE) == -1)) {
827 reply_nterror(req, NT_STATUS_NO_MEMORY);
828 END_PROFILE(SMBtconX);
832 /* what does setting this bit do? It is set by NT4 and
833 may affect the ability to autorun mounted cdroms */
834 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
835 (lp_csc_policy(SNUM(conn)) << 2));
837 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
838 DEBUG(2,("Serving %s as a Dfs root\n",
839 lp_servicename(SNUM(conn)) ));
840 SSVAL(req->outbuf, smb_vwv2,
841 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
846 DEBUG(3,("tconX service=%s \n",
849 /* set the incoming and outgoing tid to the just created one */
850 SSVAL(req->inbuf,smb_tid,conn->cnum);
851 SSVAL(req->outbuf,smb_tid,conn->cnum);
853 END_PROFILE(SMBtconX);
859 /****************************************************************************
860 Reply to an unknown type.
861 ****************************************************************************/
863 void reply_unknown_new(struct smb_request *req, uint8 type)
865 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
866 smb_fn_name(type), type, type));
867 reply_doserror(req, ERRSRV, ERRunknownsmb);
871 /****************************************************************************
873 conn POINTER CAN BE NULL HERE !
874 ****************************************************************************/
876 void reply_ioctl(struct smb_request *req)
878 connection_struct *conn = req->conn;
885 START_PROFILE(SMBioctl);
888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
889 END_PROFILE(SMBioctl);
893 device = SVAL(req->vwv+1, 0);
894 function = SVAL(req->vwv+2, 0);
895 ioctl_code = (device << 16) + function;
897 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
899 switch (ioctl_code) {
900 case IOCTL_QUERY_JOB_INFO:
904 reply_doserror(req, ERRSRV, ERRnosupport);
905 END_PROFILE(SMBioctl);
909 reply_outbuf(req, 8, replysize+1);
910 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
911 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
912 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
913 p = smb_buf(req->outbuf);
914 memset(p, '\0', replysize+1); /* valgrind-safe. */
915 p += 1; /* Allow for alignment */
917 switch (ioctl_code) {
918 case IOCTL_QUERY_JOB_INFO:
920 files_struct *fsp = file_fsp(
921 req, SVAL(req->vwv+0, 0));
923 reply_doserror(req, ERRDOS, ERRbadfid);
924 END_PROFILE(SMBioctl);
927 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
928 srvstr_push((char *)req->outbuf, req->flags2, p+2,
930 STR_TERMINATE|STR_ASCII);
932 srvstr_push((char *)req->outbuf, req->flags2,
933 p+18, lp_servicename(SNUM(conn)),
934 13, STR_TERMINATE|STR_ASCII);
942 END_PROFILE(SMBioctl);
946 /****************************************************************************
947 Strange checkpath NTSTATUS mapping.
948 ****************************************************************************/
950 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
952 /* Strange DOS error code semantics only for checkpath... */
953 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
954 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
955 /* We need to map to ERRbadpath */
956 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
962 /****************************************************************************
963 Reply to a checkpath.
964 ****************************************************************************/
966 void reply_checkpath(struct smb_request *req)
968 connection_struct *conn = req->conn;
970 SMB_STRUCT_STAT sbuf;
972 TALLOC_CTX *ctx = talloc_tos();
974 START_PROFILE(SMBcheckpath);
976 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
977 STR_TERMINATE, &status);
979 if (!NT_STATUS_IS_OK(status)) {
980 status = map_checkpath_error(req->flags2, status);
981 reply_nterror(req, status);
982 END_PROFILE(SMBcheckpath);
986 status = resolve_dfspath(ctx, conn,
987 req->flags2 & FLAGS2_DFS_PATHNAMES,
990 if (!NT_STATUS_IS_OK(status)) {
991 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
992 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
994 END_PROFILE(SMBcheckpath);
1000 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
1002 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
1003 if (!NT_STATUS_IS_OK(status)) {
1007 status = check_name(conn, name);
1008 if (!NT_STATUS_IS_OK(status)) {
1009 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
1013 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
1014 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
1015 status = map_nt_error_from_unix(errno);
1019 if (!S_ISDIR(sbuf.st_mode)) {
1020 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1021 ERRDOS, ERRbadpath);
1022 END_PROFILE(SMBcheckpath);
1026 reply_outbuf(req, 0, 0);
1028 END_PROFILE(SMBcheckpath);
1033 END_PROFILE(SMBcheckpath);
1035 /* We special case this - as when a Windows machine
1036 is parsing a path is steps through the components
1037 one at a time - if a component fails it expects
1038 ERRbadpath, not ERRbadfile.
1040 status = map_checkpath_error(req->flags2, status);
1041 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1043 * Windows returns different error codes if
1044 * the parent directory is valid but not the
1045 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1046 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1047 * if the path is invalid.
1049 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1050 ERRDOS, ERRbadpath);
1054 reply_nterror(req, status);
1057 /****************************************************************************
1059 ****************************************************************************/
1061 void reply_getatr(struct smb_request *req)
1063 connection_struct *conn = req->conn;
1065 SMB_STRUCT_STAT sbuf;
1071 TALLOC_CTX *ctx = talloc_tos();
1073 START_PROFILE(SMBgetatr);
1075 p = (const char *)req->buf + 1;
1076 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1077 if (!NT_STATUS_IS_OK(status)) {
1078 reply_nterror(req, status);
1079 END_PROFILE(SMBgetatr);
1083 status = resolve_dfspath(ctx, conn,
1084 req->flags2 & FLAGS2_DFS_PATHNAMES,
1087 if (!NT_STATUS_IS_OK(status)) {
1088 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1089 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1090 ERRSRV, ERRbadpath);
1091 END_PROFILE(SMBgetatr);
1094 reply_nterror(req, status);
1095 END_PROFILE(SMBgetatr);
1099 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1100 under WfWg - weird! */
1101 if (*fname == '\0') {
1102 mode = aHIDDEN | aDIR;
1103 if (!CAN_WRITE(conn)) {
1109 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1110 if (!NT_STATUS_IS_OK(status)) {
1111 reply_nterror(req, status);
1112 END_PROFILE(SMBgetatr);
1115 status = check_name(conn, fname);
1116 if (!NT_STATUS_IS_OK(status)) {
1117 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1118 reply_nterror(req, status);
1119 END_PROFILE(SMBgetatr);
1122 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1123 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1124 reply_unixerror(req, ERRDOS,ERRbadfile);
1125 END_PROFILE(SMBgetatr);
1129 mode = dos_mode(conn,fname,&sbuf);
1130 size = sbuf.st_size;
1131 mtime = sbuf.st_mtime;
1137 reply_outbuf(req, 10, 0);
1139 SSVAL(req->outbuf,smb_vwv0,mode);
1140 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1141 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1143 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1145 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1147 if (Protocol >= PROTOCOL_NT1) {
1148 SSVAL(req->outbuf, smb_flg2,
1149 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1152 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1154 END_PROFILE(SMBgetatr);
1158 /****************************************************************************
1160 ****************************************************************************/
1162 void reply_setatr(struct smb_request *req)
1164 struct smb_file_time ft;
1165 connection_struct *conn = req->conn;
1169 SMB_STRUCT_STAT sbuf;
1172 TALLOC_CTX *ctx = talloc_tos();
1174 START_PROFILE(SMBsetatr);
1179 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1183 p = (const char *)req->buf + 1;
1184 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1185 if (!NT_STATUS_IS_OK(status)) {
1186 reply_nterror(req, status);
1187 END_PROFILE(SMBsetatr);
1191 status = resolve_dfspath(ctx, conn,
1192 req->flags2 & FLAGS2_DFS_PATHNAMES,
1195 if (!NT_STATUS_IS_OK(status)) {
1196 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1197 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1198 ERRSRV, ERRbadpath);
1199 END_PROFILE(SMBsetatr);
1202 reply_nterror(req, status);
1203 END_PROFILE(SMBsetatr);
1207 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1208 if (!NT_STATUS_IS_OK(status)) {
1209 reply_nterror(req, status);
1210 END_PROFILE(SMBsetatr);
1214 status = check_name(conn, fname);
1215 if (!NT_STATUS_IS_OK(status)) {
1216 reply_nterror(req, status);
1217 END_PROFILE(SMBsetatr);
1221 if (fname[0] == '.' && fname[1] == '\0') {
1223 * Not sure here is the right place to catch this
1224 * condition. Might be moved to somewhere else later -- vl
1226 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1227 END_PROFILE(SMBsetatr);
1231 mode = SVAL(req->vwv+0, 0);
1232 mtime = srv_make_unix_date3(req->vwv+1);
1234 ft.mtime = convert_time_t_to_timespec(mtime);
1235 status = smb_set_file_time(conn, NULL, fname,
1237 if (!NT_STATUS_IS_OK(status)) {
1238 reply_unixerror(req, ERRDOS, ERRnoaccess);
1239 END_PROFILE(SMBsetatr);
1243 if (mode != FILE_ATTRIBUTE_NORMAL) {
1244 if (VALID_STAT_OF_DIR(sbuf))
1249 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1250 reply_unixerror(req, ERRDOS, ERRnoaccess);
1251 END_PROFILE(SMBsetatr);
1256 reply_outbuf(req, 0, 0);
1258 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1260 END_PROFILE(SMBsetatr);
1264 /****************************************************************************
1266 ****************************************************************************/
1268 void reply_dskattr(struct smb_request *req)
1270 connection_struct *conn = req->conn;
1271 uint64_t dfree,dsize,bsize;
1272 START_PROFILE(SMBdskattr);
1274 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1275 reply_unixerror(req, ERRHRD, ERRgeneral);
1276 END_PROFILE(SMBdskattr);
1280 reply_outbuf(req, 5, 0);
1282 if (Protocol <= PROTOCOL_LANMAN2) {
1283 double total_space, free_space;
1284 /* we need to scale this to a number that DOS6 can handle. We
1285 use floating point so we can handle large drives on systems
1286 that don't have 64 bit integers
1288 we end up displaying a maximum of 2G to DOS systems
1290 total_space = dsize * (double)bsize;
1291 free_space = dfree * (double)bsize;
1293 dsize = (uint64_t)((total_space+63*512) / (64*512));
1294 dfree = (uint64_t)((free_space+63*512) / (64*512));
1296 if (dsize > 0xFFFF) dsize = 0xFFFF;
1297 if (dfree > 0xFFFF) dfree = 0xFFFF;
1299 SSVAL(req->outbuf,smb_vwv0,dsize);
1300 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1301 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1302 SSVAL(req->outbuf,smb_vwv3,dfree);
1304 SSVAL(req->outbuf,smb_vwv0,dsize);
1305 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1306 SSVAL(req->outbuf,smb_vwv2,512);
1307 SSVAL(req->outbuf,smb_vwv3,dfree);
1310 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1312 END_PROFILE(SMBdskattr);
1316 /****************************************************************************
1318 Can be called from SMBsearch, SMBffirst or SMBfunique.
1319 ****************************************************************************/
1321 void reply_search(struct smb_request *req)
1323 connection_struct *conn = req->conn;
1324 const char *mask = NULL;
1325 char *directory = NULL;
1331 unsigned int numentries = 0;
1332 unsigned int maxentries = 0;
1333 bool finished = False;
1339 bool check_descend = False;
1340 bool expect_close = False;
1342 bool mask_contains_wcard = False;
1343 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1344 TALLOC_CTX *ctx = talloc_tos();
1345 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1347 START_PROFILE(SMBsearch);
1350 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1351 END_PROFILE(SMBsearch);
1355 if (lp_posix_pathnames()) {
1356 reply_unknown_new(req, req->cmd);
1357 END_PROFILE(SMBsearch);
1361 /* If we were called as SMBffirst then we must expect close. */
1362 if(req->cmd == SMBffirst) {
1363 expect_close = True;
1366 reply_outbuf(req, 1, 3);
1367 maxentries = SVAL(req->vwv+0, 0);
1368 dirtype = SVAL(req->vwv+1, 0);
1369 p = (const char *)req->buf + 1;
1370 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1371 &nt_status, &mask_contains_wcard);
1372 if (!NT_STATUS_IS_OK(nt_status)) {
1373 reply_nterror(req, nt_status);
1374 END_PROFILE(SMBsearch);
1378 nt_status = resolve_dfspath_wcard(ctx, conn,
1379 req->flags2 & FLAGS2_DFS_PATHNAMES,
1382 &mask_contains_wcard);
1383 if (!NT_STATUS_IS_OK(nt_status)) {
1384 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1385 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1386 ERRSRV, ERRbadpath);
1387 END_PROFILE(SMBsearch);
1390 reply_nterror(req, nt_status);
1391 END_PROFILE(SMBsearch);
1396 status_len = SVAL(p, 0);
1399 /* dirtype &= ~aDIR; */
1401 if (status_len == 0) {
1402 SMB_STRUCT_STAT sbuf;
1404 nt_status = unix_convert(ctx, conn, path, True,
1405 &directory, NULL, &sbuf);
1406 if (!NT_STATUS_IS_OK(nt_status)) {
1407 reply_nterror(req, nt_status);
1408 END_PROFILE(SMBsearch);
1412 nt_status = check_name(conn, directory);
1413 if (!NT_STATUS_IS_OK(nt_status)) {
1414 reply_nterror(req, nt_status);
1415 END_PROFILE(SMBsearch);
1419 p = strrchr_m(directory,'/');
1420 if ((p != NULL) && (*directory != '/')) {
1422 directory = talloc_strndup(ctx, directory,
1423 PTR_DIFF(p, directory));
1426 directory = talloc_strdup(ctx,".");
1430 reply_nterror(req, NT_STATUS_NO_MEMORY);
1431 END_PROFILE(SMBsearch);
1435 memset((char *)status,'\0',21);
1436 SCVAL(status,0,(dirtype & 0x1F));
1438 nt_status = dptr_create(conn,
1444 mask_contains_wcard,
1447 if (!NT_STATUS_IS_OK(nt_status)) {
1448 reply_nterror(req, nt_status);
1449 END_PROFILE(SMBsearch);
1452 dptr_num = dptr_dnum(conn->dirptr);
1456 memcpy(status,p,21);
1457 status_dirtype = CVAL(status,0) & 0x1F;
1458 if (status_dirtype != (dirtype & 0x1F)) {
1459 dirtype = status_dirtype;
1462 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1463 if (!conn->dirptr) {
1466 string_set(&conn->dirpath,dptr_path(dptr_num));
1467 mask = dptr_wcard(dptr_num);
1472 * For a 'continue' search we have no string. So
1473 * check from the initial saved string.
1475 mask_contains_wcard = ms_has_wild(mask);
1476 dirtype = dptr_attr(dptr_num);
1479 DEBUG(4,("dptr_num is %d\n",dptr_num));
1481 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1482 dptr_init_search_op(conn->dirptr);
1484 if ((dirtype&0x1F) == aVOLID) {
1485 char buf[DIR_STRUCT_SIZE];
1486 memcpy(buf,status,21);
1487 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1488 0,aVOLID,0,!allow_long_path_components)) {
1489 reply_nterror(req, NT_STATUS_NO_MEMORY);
1490 END_PROFILE(SMBsearch);
1493 dptr_fill(buf+12,dptr_num);
1494 if (dptr_zero(buf+12) && (status_len==0)) {
1499 if (message_push_blob(&req->outbuf,
1500 data_blob_const(buf, sizeof(buf)))
1502 reply_nterror(req, NT_STATUS_NO_MEMORY);
1503 END_PROFILE(SMBsearch);
1511 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1514 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1515 conn->dirpath,lp_dontdescend(SNUM(conn))));
1516 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1517 check_descend = True;
1520 for (i=numentries;(i<maxentries) && !finished;i++) {
1521 finished = !get_dir_entry(ctx,
1532 char buf[DIR_STRUCT_SIZE];
1533 memcpy(buf,status,21);
1534 if (!make_dir_struct(ctx,
1541 !allow_long_path_components)) {
1542 reply_nterror(req, NT_STATUS_NO_MEMORY);
1543 END_PROFILE(SMBsearch);
1546 if (!dptr_fill(buf+12,dptr_num)) {
1549 if (message_push_blob(&req->outbuf,
1550 data_blob_const(buf, sizeof(buf)))
1552 reply_nterror(req, NT_STATUS_NO_MEMORY);
1553 END_PROFILE(SMBsearch);
1563 /* If we were called as SMBffirst with smb_search_id == NULL
1564 and no entries were found then return error and close dirptr
1567 if (numentries == 0) {
1568 dptr_close(&dptr_num);
1569 } else if(expect_close && status_len == 0) {
1570 /* Close the dptr - we know it's gone */
1571 dptr_close(&dptr_num);
1574 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1575 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1576 dptr_close(&dptr_num);
1579 if ((numentries == 0) && !mask_contains_wcard) {
1580 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1581 END_PROFILE(SMBsearch);
1585 SSVAL(req->outbuf,smb_vwv0,numentries);
1586 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1587 SCVAL(smb_buf(req->outbuf),0,5);
1588 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1590 /* The replies here are never long name. */
1591 SSVAL(req->outbuf, smb_flg2,
1592 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1593 if (!allow_long_path_components) {
1594 SSVAL(req->outbuf, smb_flg2,
1595 SVAL(req->outbuf, smb_flg2)
1596 & (~FLAGS2_LONG_PATH_COMPONENTS));
1599 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1600 SSVAL(req->outbuf, smb_flg2,
1601 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1604 directory = dptr_path(dptr_num);
1607 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1608 smb_fn_name(req->cmd),
1610 directory ? directory : "./",
1615 END_PROFILE(SMBsearch);
1619 /****************************************************************************
1620 Reply to a fclose (stop directory search).
1621 ****************************************************************************/
1623 void reply_fclose(struct smb_request *req)
1631 bool path_contains_wcard = False;
1632 TALLOC_CTX *ctx = talloc_tos();
1634 START_PROFILE(SMBfclose);
1636 if (lp_posix_pathnames()) {
1637 reply_unknown_new(req, req->cmd);
1638 END_PROFILE(SMBfclose);
1642 p = (const char *)req->buf + 1;
1643 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1644 &err, &path_contains_wcard);
1645 if (!NT_STATUS_IS_OK(err)) {
1646 reply_nterror(req, err);
1647 END_PROFILE(SMBfclose);
1651 status_len = SVAL(p,0);
1654 if (status_len == 0) {
1655 reply_doserror(req, ERRSRV, ERRsrverror);
1656 END_PROFILE(SMBfclose);
1660 memcpy(status,p,21);
1662 if(dptr_fetch(status+12,&dptr_num)) {
1663 /* Close the dptr - we know it's gone */
1664 dptr_close(&dptr_num);
1667 reply_outbuf(req, 1, 0);
1668 SSVAL(req->outbuf,smb_vwv0,0);
1670 DEBUG(3,("search close\n"));
1672 END_PROFILE(SMBfclose);
1676 /****************************************************************************
1678 ****************************************************************************/
1680 void reply_open(struct smb_request *req)
1682 connection_struct *conn = req->conn;
1688 SMB_STRUCT_STAT sbuf;
1695 uint32 create_disposition;
1696 uint32 create_options = 0;
1698 TALLOC_CTX *ctx = talloc_tos();
1700 START_PROFILE(SMBopen);
1702 SET_STAT_INVALID(sbuf);
1705 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1706 END_PROFILE(SMBopen);
1710 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1711 deny_mode = SVAL(req->vwv+0, 0);
1712 dos_attr = SVAL(req->vwv+1, 0);
1714 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1715 STR_TERMINATE, &status);
1716 if (!NT_STATUS_IS_OK(status)) {
1717 reply_nterror(req, status);
1718 END_PROFILE(SMBopen);
1722 if (!map_open_params_to_ntcreate(
1723 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1724 &share_mode, &create_disposition, &create_options)) {
1725 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1726 END_PROFILE(SMBopen);
1730 status = SMB_VFS_CREATE_FILE(
1733 0, /* root_dir_fid */
1735 CFF_DOS_PATH, /* create_file_flags */
1736 access_mask, /* access_mask */
1737 share_mode, /* share_access */
1738 create_disposition, /* create_disposition*/
1739 create_options, /* create_options */
1740 dos_attr, /* file_attributes */
1741 oplock_request, /* oplock_request */
1742 0, /* allocation_size */
1749 if (!NT_STATUS_IS_OK(status)) {
1750 if (open_was_deferred(req->mid)) {
1751 /* We have re-scheduled this call. */
1752 END_PROFILE(SMBopen);
1755 reply_openerror(req, status);
1756 END_PROFILE(SMBopen);
1760 size = sbuf.st_size;
1761 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1762 mtime = sbuf.st_mtime;
1765 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1766 close_file(req, fsp, ERROR_CLOSE);
1767 reply_doserror(req, ERRDOS,ERRnoaccess);
1768 END_PROFILE(SMBopen);
1772 reply_outbuf(req, 7, 0);
1773 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1774 SSVAL(req->outbuf,smb_vwv1,fattr);
1775 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1776 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1778 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1780 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1781 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1783 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1784 SCVAL(req->outbuf,smb_flg,
1785 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1788 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1789 SCVAL(req->outbuf,smb_flg,
1790 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1792 END_PROFILE(SMBopen);
1796 /****************************************************************************
1797 Reply to an open and X.
1798 ****************************************************************************/
1800 void reply_open_and_X(struct smb_request *req)
1802 connection_struct *conn = req->conn;
1807 /* Breakout the oplock request bits so we can set the
1808 reply bits separately. */
1809 int ex_oplock_request;
1810 int core_oplock_request;
1813 int smb_sattr = SVAL(req->vwv+4, 0);
1814 uint32 smb_time = make_unix_date3(req->vwv+6);
1819 SMB_STRUCT_STAT sbuf;
1823 uint64_t allocation_size;
1824 ssize_t retval = -1;
1827 uint32 create_disposition;
1828 uint32 create_options = 0;
1829 TALLOC_CTX *ctx = talloc_tos();
1831 START_PROFILE(SMBopenX);
1833 if (req->wct < 15) {
1834 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1835 END_PROFILE(SMBopenX);
1839 SET_STAT_INVALID(sbuf);
1841 open_flags = SVAL(req->vwv+2, 0);
1842 deny_mode = SVAL(req->vwv+3, 0);
1843 smb_attr = SVAL(req->vwv+5, 0);
1844 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1845 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1846 oplock_request = ex_oplock_request | core_oplock_request;
1847 smb_ofun = SVAL(req->vwv+8, 0);
1848 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1850 /* If it's an IPC, pass off the pipe handler. */
1852 if (lp_nt_pipe_support()) {
1853 reply_open_pipe_and_X(conn, req);
1855 reply_doserror(req, ERRSRV, ERRaccess);
1857 END_PROFILE(SMBopenX);
1861 /* XXXX we need to handle passed times, sattr and flags */
1862 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1863 STR_TERMINATE, &status);
1864 if (!NT_STATUS_IS_OK(status)) {
1865 reply_nterror(req, status);
1866 END_PROFILE(SMBopenX);
1870 if (!map_open_params_to_ntcreate(
1871 fname, deny_mode, smb_ofun, &access_mask,
1872 &share_mode, &create_disposition, &create_options)) {
1873 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1874 END_PROFILE(SMBopenX);
1878 status = SMB_VFS_CREATE_FILE(
1881 0, /* root_dir_fid */
1883 CFF_DOS_PATH, /* create_file_flags */
1884 access_mask, /* access_mask */
1885 share_mode, /* share_access */
1886 create_disposition, /* create_disposition*/
1887 create_options, /* create_options */
1888 smb_attr, /* file_attributes */
1889 oplock_request, /* oplock_request */
1890 0, /* allocation_size */
1894 &smb_action, /* pinfo */
1897 if (!NT_STATUS_IS_OK(status)) {
1898 END_PROFILE(SMBopenX);
1899 if (open_was_deferred(req->mid)) {
1900 /* We have re-scheduled this call. */
1903 reply_openerror(req, status);
1907 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1908 if the file is truncated or created. */
1909 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1910 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1911 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1912 close_file(req, fsp, ERROR_CLOSE);
1913 reply_nterror(req, NT_STATUS_DISK_FULL);
1914 END_PROFILE(SMBopenX);
1917 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1919 close_file(req, fsp, ERROR_CLOSE);
1920 reply_nterror(req, NT_STATUS_DISK_FULL);
1921 END_PROFILE(SMBopenX);
1924 sbuf.st_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf);
1927 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1928 mtime = sbuf.st_mtime;
1930 close_file(req, fsp, ERROR_CLOSE);
1931 reply_doserror(req, ERRDOS, ERRnoaccess);
1932 END_PROFILE(SMBopenX);
1936 /* If the caller set the extended oplock request bit
1937 and we granted one (by whatever means) - set the
1938 correct bit for extended oplock reply.
1941 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1942 smb_action |= EXTENDED_OPLOCK_GRANTED;
1945 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1946 smb_action |= EXTENDED_OPLOCK_GRANTED;
1949 /* If the caller set the core oplock request bit
1950 and we granted one (by whatever means) - set the
1951 correct bit for core oplock reply.
1954 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1955 reply_outbuf(req, 19, 0);
1957 reply_outbuf(req, 15, 0);
1960 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1961 SCVAL(req->outbuf, smb_flg,
1962 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1965 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1966 SCVAL(req->outbuf, smb_flg,
1967 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1970 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1971 SSVAL(req->outbuf,smb_vwv3,fattr);
1972 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1973 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1975 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1977 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1978 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1979 SSVAL(req->outbuf,smb_vwv11,smb_action);
1981 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1982 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1985 END_PROFILE(SMBopenX);
1990 /****************************************************************************
1991 Reply to a SMBulogoffX.
1992 ****************************************************************************/
1994 void reply_ulogoffX(struct smb_request *req)
1998 START_PROFILE(SMBulogoffX);
2000 vuser = get_valid_user_struct(req->vuid);
2003 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2007 /* in user level security we are supposed to close any files
2008 open by this user */
2009 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2010 file_close_user(req->vuid);
2013 invalidate_vuid(req->vuid);
2015 reply_outbuf(req, 2, 0);
2017 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2019 END_PROFILE(SMBulogoffX);
2023 /****************************************************************************
2024 Reply to a mknew or a create.
2025 ****************************************************************************/
2027 void reply_mknew(struct smb_request *req)
2029 connection_struct *conn = req->conn;
2032 struct smb_file_time ft;
2034 int oplock_request = 0;
2035 SMB_STRUCT_STAT sbuf;
2037 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2038 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2039 uint32 create_disposition;
2040 uint32 create_options = 0;
2041 TALLOC_CTX *ctx = talloc_tos();
2043 START_PROFILE(SMBcreate);
2045 SET_STAT_INVALID(sbuf);
2048 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2049 END_PROFILE(SMBcreate);
2053 fattr = SVAL(req->vwv+0, 0);
2054 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2057 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2059 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2060 STR_TERMINATE, &status);
2061 if (!NT_STATUS_IS_OK(status)) {
2062 reply_nterror(req, status);
2063 END_PROFILE(SMBcreate);
2067 if (fattr & aVOLID) {
2068 DEBUG(0,("Attempt to create file (%s) with volid set - "
2069 "please report this\n", fname));
2072 if(req->cmd == SMBmknew) {
2073 /* We should fail if file exists. */
2074 create_disposition = FILE_CREATE;
2076 /* Create if file doesn't exist, truncate if it does. */
2077 create_disposition = FILE_OVERWRITE_IF;
2080 status = SMB_VFS_CREATE_FILE(
2083 0, /* root_dir_fid */
2085 CFF_DOS_PATH, /* create_file_flags */
2086 access_mask, /* access_mask */
2087 share_mode, /* share_access */
2088 create_disposition, /* create_disposition*/
2089 create_options, /* create_options */
2090 fattr, /* file_attributes */
2091 oplock_request, /* oplock_request */
2092 0, /* allocation_size */
2099 if (!NT_STATUS_IS_OK(status)) {
2100 END_PROFILE(SMBcreate);
2101 if (open_was_deferred(req->mid)) {
2102 /* We have re-scheduled this call. */
2105 reply_openerror(req, status);
2109 ft.atime = get_atimespec(&sbuf); /* atime. */
2110 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, &ft, true);
2111 if (!NT_STATUS_IS_OK(status)) {
2112 END_PROFILE(SMBcreate);
2113 reply_openerror(req, status);
2117 reply_outbuf(req, 1, 0);
2118 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2120 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2121 SCVAL(req->outbuf,smb_flg,
2122 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2125 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2126 SCVAL(req->outbuf,smb_flg,
2127 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2130 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2131 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2132 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2134 END_PROFILE(SMBcreate);
2138 /****************************************************************************
2139 Reply to a create temporary file.
2140 ****************************************************************************/
2142 void reply_ctemp(struct smb_request *req)
2144 connection_struct *conn = req->conn;
2150 SMB_STRUCT_STAT sbuf;
2153 TALLOC_CTX *ctx = talloc_tos();
2155 START_PROFILE(SMBctemp);
2158 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2159 END_PROFILE(SMBctemp);
2163 fattr = SVAL(req->vwv+0, 0);
2164 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2166 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2167 STR_TERMINATE, &status);
2168 if (!NT_STATUS_IS_OK(status)) {
2169 reply_nterror(req, status);
2170 END_PROFILE(SMBctemp);
2174 fname = talloc_asprintf(ctx,
2178 fname = talloc_strdup(ctx, "TMXXXXXX");
2182 reply_nterror(req, NT_STATUS_NO_MEMORY);
2183 END_PROFILE(SMBctemp);
2187 status = resolve_dfspath(ctx, conn,
2188 req->flags2 & FLAGS2_DFS_PATHNAMES,
2191 if (!NT_STATUS_IS_OK(status)) {
2192 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2193 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2194 ERRSRV, ERRbadpath);
2195 END_PROFILE(SMBctemp);
2198 reply_nterror(req, status);
2199 END_PROFILE(SMBctemp);
2203 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2204 if (!NT_STATUS_IS_OK(status)) {
2205 reply_nterror(req, status);
2206 END_PROFILE(SMBctemp);
2210 status = check_name(conn, fname);
2211 if (!NT_STATUS_IS_OK(status)) {
2212 reply_nterror(req, status);
2213 END_PROFILE(SMBctemp);
2217 tmpfd = mkstemp(fname);
2219 reply_unixerror(req, ERRDOS, ERRnoaccess);
2220 END_PROFILE(SMBctemp);
2224 SET_STAT_INVALID(sbuf);
2225 SMB_VFS_STAT(conn,fname,&sbuf);
2227 /* We should fail if file does not exist. */
2228 status = SMB_VFS_CREATE_FILE(
2231 0, /* root_dir_fid */
2233 0, /* create_file_flags */
2234 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2235 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2236 FILE_OPEN, /* create_disposition*/
2237 0, /* create_options */
2238 fattr, /* file_attributes */
2239 oplock_request, /* oplock_request */
2240 0, /* allocation_size */
2247 /* close fd from mkstemp() */
2250 if (!NT_STATUS_IS_OK(status)) {
2251 if (open_was_deferred(req->mid)) {
2252 /* We have re-scheduled this call. */
2253 END_PROFILE(SMBctemp);
2256 reply_openerror(req, status);
2257 END_PROFILE(SMBctemp);
2261 reply_outbuf(req, 1, 0);
2262 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2264 /* the returned filename is relative to the directory */
2265 s = strrchr_m(fsp->fsp_name, '/');
2273 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2274 thing in the byte section. JRA */
2275 SSVALS(p, 0, -1); /* what is this? not in spec */
2277 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2279 reply_nterror(req, NT_STATUS_NO_MEMORY);
2280 END_PROFILE(SMBctemp);
2284 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2285 SCVAL(req->outbuf, smb_flg,
2286 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2289 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2290 SCVAL(req->outbuf, smb_flg,
2291 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2294 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2295 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2296 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2298 END_PROFILE(SMBctemp);
2302 /*******************************************************************
2303 Check if a user is allowed to rename a file.
2304 ********************************************************************/
2306 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2307 uint16 dirtype, SMB_STRUCT_STAT *pst)
2311 if (!CAN_WRITE(conn)) {
2312 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2315 fmode = dos_mode(conn, fsp->fsp_name, pst);
2316 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2317 return NT_STATUS_NO_SUCH_FILE;
2320 if (S_ISDIR(pst->st_mode)) {
2321 if (fsp->posix_open) {
2322 return NT_STATUS_OK;
2325 /* If no pathnames are open below this
2326 directory, allow the rename. */
2328 if (file_find_subpath(fsp)) {
2329 return NT_STATUS_ACCESS_DENIED;
2331 return NT_STATUS_OK;
2334 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2335 return NT_STATUS_OK;
2338 return NT_STATUS_ACCESS_DENIED;
2341 /*******************************************************************
2342 * unlink a file with all relevant access checks
2343 *******************************************************************/
2345 static NTSTATUS do_unlink(connection_struct *conn,
2346 struct smb_request *req,
2350 SMB_STRUCT_STAT sbuf;
2353 uint32 dirtype_orig = dirtype;
2356 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2358 if (!CAN_WRITE(conn)) {
2359 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2362 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2363 return map_nt_error_from_unix(errno);
2366 fattr = dos_mode(conn,fname,&sbuf);
2368 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2369 dirtype = aDIR|aARCH|aRONLY;
2372 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2374 return NT_STATUS_NO_SUCH_FILE;
2377 if (!dir_check_ftype(conn, fattr, dirtype)) {
2379 return NT_STATUS_FILE_IS_A_DIRECTORY;
2381 return NT_STATUS_NO_SUCH_FILE;
2384 if (dirtype_orig & 0x8000) {
2385 /* These will never be set for POSIX. */
2386 return NT_STATUS_NO_SUCH_FILE;
2390 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2391 return NT_STATUS_FILE_IS_A_DIRECTORY;
2394 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2395 return NT_STATUS_NO_SUCH_FILE;
2398 if (dirtype & 0xFF00) {
2399 /* These will never be set for POSIX. */
2400 return NT_STATUS_NO_SUCH_FILE;
2405 return NT_STATUS_NO_SUCH_FILE;
2408 /* Can't delete a directory. */
2410 return NT_STATUS_FILE_IS_A_DIRECTORY;
2415 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2416 return NT_STATUS_OBJECT_NAME_INVALID;
2417 #endif /* JRATEST */
2419 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2421 On a Windows share, a file with read-only dosmode can be opened with
2422 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2423 fails with NT_STATUS_CANNOT_DELETE error.
2425 This semantic causes a problem that a user can not
2426 rename a file with read-only dosmode on a Samba share
2427 from a Windows command prompt (i.e. cmd.exe, but can rename
2428 from Windows Explorer).
2431 if (!lp_delete_readonly(SNUM(conn))) {
2432 if (fattr & aRONLY) {
2433 return NT_STATUS_CANNOT_DELETE;
2437 /* On open checks the open itself will check the share mode, so
2438 don't do it here as we'll get it wrong. */
2440 status = SMB_VFS_CREATE_FILE
2443 0, /* root_dir_fid */
2445 0, /* create_file_flags */
2446 DELETE_ACCESS, /* access_mask */
2447 FILE_SHARE_NONE, /* share_access */
2448 FILE_OPEN, /* create_disposition*/
2449 FILE_NON_DIRECTORY_FILE, /* create_options */
2450 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2451 0, /* oplock_request */
2452 0, /* allocation_size */
2459 if (!NT_STATUS_IS_OK(status)) {
2460 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2461 nt_errstr(status)));
2465 /* The set is across all open files on this dev/inode pair. */
2466 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2467 close_file(req, fsp, NORMAL_CLOSE);
2468 return NT_STATUS_ACCESS_DENIED;
2471 return close_file(req, fsp, NORMAL_CLOSE);
2474 /****************************************************************************
2475 The guts of the unlink command, split out so it may be called by the NT SMB
2477 ****************************************************************************/
2479 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2480 uint32 dirtype, const char *name_in, bool has_wild)
2482 const char *directory = NULL;
2487 NTSTATUS status = NT_STATUS_OK;
2488 SMB_STRUCT_STAT sbuf, st;
2489 TALLOC_CTX *ctx = talloc_tos();
2491 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2492 if (!NT_STATUS_IS_OK(status)) {
2496 p = strrchr_m(name,'/');
2498 directory = talloc_strdup(ctx, ".");
2500 return NT_STATUS_NO_MEMORY;
2510 * We should only check the mangled cache
2511 * here if unix_convert failed. This means
2512 * that the path in 'mask' doesn't exist
2513 * on the file system and so we need to look
2514 * for a possible mangle. This patch from
2515 * Tine Smukavec <valentin.smukavec@hermes.si>.
2518 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2519 char *new_mask = NULL;
2520 mangle_lookup_name_from_8_3(ctx,
2530 directory = talloc_asprintf(ctx,
2535 return NT_STATUS_NO_MEMORY;
2538 dirtype = FILE_ATTRIBUTE_NORMAL;
2541 status = check_name(conn, directory);
2542 if (!NT_STATUS_IS_OK(status)) {
2546 status = do_unlink(conn, req, directory, dirtype);
2547 if (!NT_STATUS_IS_OK(status)) {
2553 struct smb_Dir *dir_hnd = NULL;
2557 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2558 return NT_STATUS_OBJECT_NAME_INVALID;
2561 if (strequal(mask,"????????.???")) {
2566 status = check_name(conn, directory);
2567 if (!NT_STATUS_IS_OK(status)) {
2571 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2573 if (dir_hnd == NULL) {
2574 return map_nt_error_from_unix(errno);
2577 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2578 the pattern matches against the long name, otherwise the short name
2579 We don't implement this yet XXXX
2582 status = NT_STATUS_NO_SUCH_FILE;
2584 while ((dname = ReadDirName(dir_hnd, &offset, &st))) {
2587 if (!is_visible_file(conn, directory, dname, &st,
2593 /* Quick check for "." and ".." */
2594 if (ISDOT(dname) || ISDOTDOT(dname)) {
2598 if(!mask_match(dname, mask, conn->case_sensitive)) {
2602 fname = talloc_asprintf(ctx, "%s/%s",
2606 return NT_STATUS_NO_MEMORY;
2609 status = check_name(conn, fname);
2610 if (!NT_STATUS_IS_OK(status)) {
2611 TALLOC_FREE(dir_hnd);
2615 status = do_unlink(conn, req, fname, dirtype);
2616 if (!NT_STATUS_IS_OK(status)) {
2622 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2627 TALLOC_FREE(dir_hnd);
2630 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2631 status = map_nt_error_from_unix(errno);
2637 /****************************************************************************
2639 ****************************************************************************/
2641 void reply_unlink(struct smb_request *req)
2643 connection_struct *conn = req->conn;
2647 bool path_contains_wcard = False;
2648 TALLOC_CTX *ctx = talloc_tos();
2650 START_PROFILE(SMBunlink);
2653 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2654 END_PROFILE(SMBunlink);
2658 dirtype = SVAL(req->vwv+0, 0);
2660 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2661 STR_TERMINATE, &status,
2662 &path_contains_wcard);
2663 if (!NT_STATUS_IS_OK(status)) {
2664 reply_nterror(req, status);
2665 END_PROFILE(SMBunlink);
2669 status = resolve_dfspath_wcard(ctx, conn,
2670 req->flags2 & FLAGS2_DFS_PATHNAMES,
2673 &path_contains_wcard);
2674 if (!NT_STATUS_IS_OK(status)) {
2675 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2676 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2677 ERRSRV, ERRbadpath);
2678 END_PROFILE(SMBunlink);
2681 reply_nterror(req, status);
2682 END_PROFILE(SMBunlink);
2686 DEBUG(3,("reply_unlink : %s\n",name));
2688 status = unlink_internals(conn, req, dirtype, name,
2689 path_contains_wcard);
2690 if (!NT_STATUS_IS_OK(status)) {
2691 if (open_was_deferred(req->mid)) {
2692 /* We have re-scheduled this call. */
2693 END_PROFILE(SMBunlink);
2696 reply_nterror(req, status);
2697 END_PROFILE(SMBunlink);
2701 reply_outbuf(req, 0, 0);
2702 END_PROFILE(SMBunlink);
2707 /****************************************************************************
2709 ****************************************************************************/
2711 static void fail_readraw(void)
2713 const char *errstr = talloc_asprintf(talloc_tos(),
2714 "FAIL ! reply_readbraw: socket write fail (%s)",
2719 exit_server_cleanly(errstr);
2722 /****************************************************************************
2723 Fake (read/write) sendfile. Returns -1 on read or write fail.
2724 ****************************************************************************/
2726 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2730 size_t tosend = nread;
2737 bufsize = MIN(nread, 65536);
2739 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2743 while (tosend > 0) {
2747 if (tosend > bufsize) {
2752 ret = read_file(fsp,buf,startpos,cur_read);
2758 /* If we had a short read, fill with zeros. */
2759 if (ret < cur_read) {
2760 memset(buf, '\0', cur_read - ret);
2763 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2768 startpos += cur_read;
2772 return (ssize_t)nread;
2775 #if defined(WITH_SENDFILE)
2776 /****************************************************************************
2777 Deal with the case of sendfile reading less bytes from the file than
2778 requested. Fill with zeros (all we can do).
2779 ****************************************************************************/
2781 static void sendfile_short_send(files_struct *fsp,
2786 if (nread < headersize) {
2787 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2788 "header for file %s (%s). Terminating\n",
2789 fsp->fsp_name, strerror(errno) ));
2790 exit_server_cleanly("sendfile_short_send failed");
2793 nread -= headersize;
2795 if (nread < smb_maxcnt) {
2796 char *buf = SMB_CALLOC_ARRAY(char, 1024);
2798 exit_server_cleanly("sendfile_short_send: "
2802 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2803 "with zeros !\n", fsp->fsp_name));
2805 while (nread < smb_maxcnt) {
2807 * We asked for the real file size and told sendfile
2808 * to not go beyond the end of the file. But it can
2809 * happen that in between our fstat call and the
2810 * sendfile call the file was truncated. This is very
2811 * bad because we have already announced the larger
2812 * number of bytes to the client.
2814 * The best we can do now is to send 0-bytes, just as
2815 * a read from a hole in a sparse file would do.
2817 * This should happen rarely enough that I don't care
2818 * about efficiency here :-)
2822 to_write = MIN(sizeof(buf), smb_maxcnt - nread);
2823 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2824 exit_server_cleanly("sendfile_short_send: "
2825 "write_data failed");
2832 #endif /* defined WITH_SENDFILE */
2834 /****************************************************************************
2835 Return a readbraw error (4 bytes of zero).
2836 ****************************************************************************/
2838 static void reply_readbraw_error(void)
2842 if (write_data(smbd_server_fd(),header,4) != 4) {
2847 /****************************************************************************
2848 Use sendfile in readbraw.
2849 ****************************************************************************/
2851 static void send_file_readbraw(connection_struct *conn,
2852 struct smb_request *req,
2858 char *outbuf = NULL;
2861 #if defined(WITH_SENDFILE)
2863 * We can only use sendfile on a non-chained packet
2864 * but we can use on a non-oplocked file. tridge proved this
2865 * on a train in Germany :-). JRA.
2866 * reply_readbraw has already checked the length.
2869 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2870 (fsp->wcp == NULL) &&
2871 lp_use_sendfile(SNUM(conn), smbd_server_conn->signing_state) ) {
2872 ssize_t sendfile_read = -1;
2874 DATA_BLOB header_blob;
2876 _smb_setlen(header,nread);
2877 header_blob = data_blob_const(header, 4);
2879 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2880 &header_blob, startpos, nread)) == -1) {
2881 /* Returning ENOSYS means no data at all was sent.
2882 * Do this as a normal read. */
2883 if (errno == ENOSYS) {
2884 goto normal_readbraw;
2888 * Special hack for broken Linux with no working sendfile. If we
2889 * return EINTR we sent the header but not the rest of the data.
2890 * Fake this up by doing read/write calls.
2892 if (errno == EINTR) {
2893 /* Ensure we don't do this again. */
2894 set_use_sendfile(SNUM(conn), False);
2895 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2897 if (fake_sendfile(fsp, startpos, nread) == -1) {
2898 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2899 fsp->fsp_name, strerror(errno) ));
2900 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2905 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2906 fsp->fsp_name, strerror(errno) ));
2907 exit_server_cleanly("send_file_readbraw sendfile failed");
2908 } else if (sendfile_read == 0) {
2910 * Some sendfile implementations return 0 to indicate
2911 * that there was a short read, but nothing was
2912 * actually written to the socket. In this case,
2913 * fallback to the normal read path so the header gets
2914 * the correct byte count.
2916 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2917 "bytes falling back to the normal read: "
2918 "%s\n", fsp->fsp_name));
2919 goto normal_readbraw;
2922 /* Deal with possible short send. */
2923 if (sendfile_read != 4+nread) {
2924 sendfile_short_send(fsp, sendfile_read, 4, nread);
2932 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2934 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2935 (unsigned)(nread+4)));
2936 reply_readbraw_error();
2941 ret = read_file(fsp,outbuf+4,startpos,nread);
2942 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2951 _smb_setlen(outbuf,ret);
2952 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2955 TALLOC_FREE(outbuf);
2958 /****************************************************************************
2959 Reply to a readbraw (core+ protocol).
2960 ****************************************************************************/
2962 void reply_readbraw(struct smb_request *req)
2964 connection_struct *conn = req->conn;
2965 ssize_t maxcount,mincount;
2969 struct lock_struct lock;
2973 START_PROFILE(SMBreadbraw);
2975 if (srv_is_signing_active(smbd_server_conn) ||
2976 is_encrypted_packet(req->inbuf)) {
2977 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2978 "raw reads/writes are disallowed.");
2982 reply_readbraw_error();
2983 END_PROFILE(SMBreadbraw);
2988 * Special check if an oplock break has been issued
2989 * and the readraw request croses on the wire, we must
2990 * return a zero length response here.
2993 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2996 * We have to do a check_fsp by hand here, as
2997 * we must always return 4 zero bytes on error,
3001 if (!fsp || !conn || conn != fsp->conn ||
3002 req->vuid != fsp->vuid ||
3003 fsp->is_directory || fsp->fh->fd == -1) {
3005 * fsp could be NULL here so use the value from the packet. JRA.
3007 DEBUG(3,("reply_readbraw: fnum %d not valid "
3009 (int)SVAL(req->vwv+0, 0)));
3010 reply_readbraw_error();
3011 END_PROFILE(SMBreadbraw);
3015 /* Do a "by hand" version of CHECK_READ. */
3016 if (!(fsp->can_read ||
3017 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3018 (fsp->access_mask & FILE_EXECUTE)))) {
3019 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3020 (int)SVAL(req->vwv+0, 0)));
3021 reply_readbraw_error();
3022 END_PROFILE(SMBreadbraw);
3026 flush_write_cache(fsp, READRAW_FLUSH);
3028 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3029 if(req->wct == 10) {
3031 * This is a large offset (64 bit) read.
3033 #ifdef LARGE_SMB_OFF_T
3035 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3037 #else /* !LARGE_SMB_OFF_T */
3040 * Ensure we haven't been sent a >32 bit offset.
3043 if(IVAL(req->vwv+8, 0) != 0) {
3044 DEBUG(0,("reply_readbraw: large offset "
3045 "(%x << 32) used and we don't support "
3046 "64 bit offsets.\n",
3047 (unsigned int)IVAL(req->vwv+8, 0) ));
3048 reply_readbraw_error();
3049 END_PROFILE(SMBreadbraw);
3053 #endif /* LARGE_SMB_OFF_T */
3056 DEBUG(0,("reply_readbraw: negative 64 bit "
3057 "readraw offset (%.0f) !\n",
3058 (double)startpos ));
3059 reply_readbraw_error();
3060 END_PROFILE(SMBreadbraw);
3065 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3066 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3068 /* ensure we don't overrun the packet size */
3069 maxcount = MIN(65535,maxcount);
3071 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3072 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3075 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3076 reply_readbraw_error();
3077 END_PROFILE(SMBreadbraw);
3081 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
3085 if (startpos >= size) {
3088 nread = MIN(maxcount,(size - startpos));
3091 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3092 if (nread < mincount)
3096 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3097 "min=%lu nread=%lu\n",
3098 fsp->fnum, (double)startpos,
3099 (unsigned long)maxcount,
3100 (unsigned long)mincount,
3101 (unsigned long)nread ) );
3103 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3105 DEBUG(5,("reply_readbraw finished\n"));
3107 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3109 END_PROFILE(SMBreadbraw);
3114 #define DBGC_CLASS DBGC_LOCKING
3116 /****************************************************************************
3117 Reply to a lockread (core+ protocol).
3118 ****************************************************************************/
3120 void reply_lockread(struct smb_request *req)
3122 connection_struct *conn = req->conn;
3129 struct byte_range_lock *br_lck = NULL;
3132 START_PROFILE(SMBlockread);
3135 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3136 END_PROFILE(SMBlockread);
3140 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3142 if (!check_fsp(conn, req, fsp)) {
3143 END_PROFILE(SMBlockread);
3147 if (!CHECK_READ(fsp,req)) {
3148 reply_doserror(req, ERRDOS, ERRbadaccess);
3149 END_PROFILE(SMBlockread);
3153 numtoread = SVAL(req->vwv+1, 0);
3154 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3156 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3158 reply_outbuf(req, 5, numtoread + 3);
3160 data = smb_buf(req->outbuf) + 3;
3163 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3164 * protocol request that predates the read/write lock concept.
3165 * Thus instead of asking for a read lock here we need to ask
3166 * for a write lock. JRA.
3167 * Note that the requested lock size is unaffected by max_recv.
3170 br_lck = do_lock(smbd_messaging_context(),
3173 (uint64_t)numtoread,
3177 False, /* Non-blocking lock. */
3181 TALLOC_FREE(br_lck);
3183 if (NT_STATUS_V(status)) {
3184 reply_nterror(req, status);
3185 END_PROFILE(SMBlockread);
3190 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3193 if (numtoread > max_recv) {
3194 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3195 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3196 (unsigned int)numtoread, (unsigned int)max_recv ));
3197 numtoread = MIN(numtoread,max_recv);
3199 nread = read_file(fsp,data,startpos,numtoread);
3202 reply_unixerror(req, ERRDOS, ERRnoaccess);
3203 END_PROFILE(SMBlockread);
3207 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3209 SSVAL(req->outbuf,smb_vwv0,nread);
3210 SSVAL(req->outbuf,smb_vwv5,nread+3);
3211 p = smb_buf(req->outbuf);
3212 SCVAL(p,0,0); /* pad byte. */
3215 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3216 fsp->fnum, (int)numtoread, (int)nread));
3218 END_PROFILE(SMBlockread);
3223 #define DBGC_CLASS DBGC_ALL
3225 /****************************************************************************
3227 ****************************************************************************/
3229 void reply_read(struct smb_request *req)
3231 connection_struct *conn = req->conn;
3238 struct lock_struct lock;
3240 START_PROFILE(SMBread);
3243 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3244 END_PROFILE(SMBread);
3248 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3250 if (!check_fsp(conn, req, fsp)) {
3251 END_PROFILE(SMBread);
3255 if (!CHECK_READ(fsp,req)) {
3256 reply_doserror(req, ERRDOS, ERRbadaccess);
3257 END_PROFILE(SMBread);
3261 numtoread = SVAL(req->vwv+1, 0);
3262 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3264 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3267 * The requested read size cannot be greater than max_recv. JRA.
3269 if (numtoread > max_recv) {
3270 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3271 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3272 (unsigned int)numtoread, (unsigned int)max_recv ));
3273 numtoread = MIN(numtoread,max_recv);
3276 reply_outbuf(req, 5, numtoread+3);
3278 data = smb_buf(req->outbuf) + 3;
3280 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3281 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3284 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3285 reply_doserror(req, ERRDOS,ERRlock);
3286 END_PROFILE(SMBread);
3291 nread = read_file(fsp,data,startpos,numtoread);
3294 reply_unixerror(req, ERRDOS,ERRnoaccess);
3298 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3300 SSVAL(req->outbuf,smb_vwv0,nread);
3301 SSVAL(req->outbuf,smb_vwv5,nread+3);
3302 SCVAL(smb_buf(req->outbuf),0,1);
3303 SSVAL(smb_buf(req->outbuf),1,nread);
3305 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3306 fsp->fnum, (int)numtoread, (int)nread ) );
3309 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3311 END_PROFILE(SMBread);
3315 /****************************************************************************
3317 ****************************************************************************/
3319 static int setup_readX_header(struct smb_request *req, char *outbuf,
3325 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3326 data = smb_buf(outbuf);
3328 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3330 SCVAL(outbuf,smb_vwv0,0xFF);
3331 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3332 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3333 SSVAL(outbuf,smb_vwv6,
3335 + 1 /* the wct field */
3336 + 12 * sizeof(uint16_t) /* vwv */
3337 + 2); /* the buflen field */
3338 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3339 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3340 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3341 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3345 /****************************************************************************
3346 Reply to a read and X - possibly using sendfile.
3347 ****************************************************************************/
3349 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3350 files_struct *fsp, SMB_OFF_T startpos,
3353 SMB_STRUCT_STAT sbuf;
3355 struct lock_struct lock;
3357 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3358 reply_unixerror(req, ERRDOS, ERRnoaccess);
3362 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3363 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3366 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3367 reply_doserror(req, ERRDOS, ERRlock);
3371 if (!S_ISREG(sbuf.st_mode) || (startpos > sbuf.st_size)
3372 || (smb_maxcnt > (sbuf.st_size - startpos))) {
3374 * We already know that we would do a short read, so don't
3375 * try the sendfile() path.
3377 goto nosendfile_read;
3380 #if defined(WITH_SENDFILE)
3382 * We can only use sendfile on a non-chained packet
3383 * but we can use on a non-oplocked file. tridge proved this
3384 * on a train in Germany :-). JRA.
3387 if (!req_is_in_chain(req) &&
3388 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3389 (fsp->wcp == NULL) &&
3390 lp_use_sendfile(SNUM(conn), smbd_server_conn->signing_state) ) {
3391 uint8 headerbuf[smb_size + 12 * 2];
3395 * Set up the packet header before send. We
3396 * assume here the sendfile will work (get the
3397 * correct amount of data).
3400 header = data_blob_const(headerbuf, sizeof(headerbuf));
3402 construct_reply_common_req(req, (char *)headerbuf);
3403 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3405 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3406 /* Returning ENOSYS means no data at all was sent.
3407 Do this as a normal read. */
3408 if (errno == ENOSYS) {
3413 * Special hack for broken Linux with no working sendfile. If we
3414 * return EINTR we sent the header but not the rest of the data.
3415 * Fake this up by doing read/write calls.
3418 if (errno == EINTR) {
3419 /* Ensure we don't do this again. */
3420 set_use_sendfile(SNUM(conn), False);
3421 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3422 nread = fake_sendfile(fsp, startpos,
3425 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3426 fsp->fsp_name, strerror(errno) ));
3427 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3429 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3430 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3431 /* No outbuf here means successful sendfile. */
3435 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3436 fsp->fsp_name, strerror(errno) ));
3437 exit_server_cleanly("send_file_readX sendfile failed");
3438 } else if (nread == 0) {
3440 * Some sendfile implementations return 0 to indicate
3441 * that there was a short read, but nothing was
3442 * actually written to the socket. In this case,
3443 * fallback to the normal read path so the header gets
3444 * the correct byte count.
3446 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3447 "falling back to the normal read: %s\n",
3452 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3453 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3455 /* Deal with possible short send. */
3456 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3457 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3459 /* No outbuf here means successful sendfile. */
3460 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3461 SMB_PERFCOUNT_END(&req->pcd);
3469 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3470 uint8 headerbuf[smb_size + 2*12];
3472 construct_reply_common_req(req, (char *)headerbuf);
3473 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3475 /* Send out the header. */
3476 if (write_data(smbd_server_fd(), (char *)headerbuf,
3477 sizeof(headerbuf)) != sizeof(headerbuf)) {
3478 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3479 fsp->fsp_name, strerror(errno) ));
3480 exit_server_cleanly("send_file_readX sendfile failed");
3482 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3484 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3485 fsp->fsp_name, strerror(errno) ));
3486 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3493 reply_outbuf(req, 12, smb_maxcnt);
3495 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3497 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3500 reply_unixerror(req, ERRDOS, ERRnoaccess);
3504 setup_readX_header(req, (char *)req->outbuf, nread);
3506 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3507 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3513 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3514 TALLOC_FREE(req->outbuf);
3518 /****************************************************************************
3519 Reply to a read and X.
3520 ****************************************************************************/
3522 void reply_read_and_X(struct smb_request *req)
3524 connection_struct *conn = req->conn;
3528 bool big_readX = False;
3530 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3533 START_PROFILE(SMBreadX);
3535 if ((req->wct != 10) && (req->wct != 12)) {
3536 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3540 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3541 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3542 smb_maxcnt = SVAL(req->vwv+5, 0);
3544 /* If it's an IPC, pass off the pipe handler. */
3546 reply_pipe_read_and_X(req);
3547 END_PROFILE(SMBreadX);
3551 if (!check_fsp(conn, req, fsp)) {
3552 END_PROFILE(SMBreadX);
3556 if (!CHECK_READ(fsp,req)) {
3557 reply_doserror(req, ERRDOS,ERRbadaccess);
3558 END_PROFILE(SMBreadX);
3562 if (global_client_caps & CAP_LARGE_READX) {
3563 size_t upper_size = SVAL(req->vwv+7, 0);
3564 smb_maxcnt |= (upper_size<<16);
3565 if (upper_size > 1) {
3566 /* Can't do this on a chained packet. */
3567 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3568 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3569 END_PROFILE(SMBreadX);
3572 /* We currently don't do this on signed or sealed data. */
3573 if (srv_is_signing_active(smbd_server_conn) ||
3574 is_encrypted_packet(req->inbuf)) {
3575 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3576 END_PROFILE(SMBreadX);
3579 /* Is there room in the reply for this data ? */
3580 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3582 NT_STATUS_INVALID_PARAMETER);
3583 END_PROFILE(SMBreadX);
3590 if (req->wct == 12) {
3591 #ifdef LARGE_SMB_OFF_T
3593 * This is a large offset (64 bit) read.
3595 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3597 #else /* !LARGE_SMB_OFF_T */
3600 * Ensure we haven't been sent a >32 bit offset.
3603 if(IVAL(req->vwv+10, 0) != 0) {
3604 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3605 "used and we don't support 64 bit offsets.\n",
3606 (unsigned int)IVAL(req->vwv+10, 0) ));
3607 END_PROFILE(SMBreadX);
3608 reply_doserror(req, ERRDOS, ERRbadaccess);
3612 #endif /* LARGE_SMB_OFF_T */
3617 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3621 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3624 END_PROFILE(SMBreadX);
3628 /****************************************************************************
3629 Error replies to writebraw must have smb_wct == 1. Fix this up.
3630 ****************************************************************************/
3632 void error_to_writebrawerr(struct smb_request *req)
3634 uint8 *old_outbuf = req->outbuf;
3636 reply_outbuf(req, 1, 0);
3638 memcpy(req->outbuf, old_outbuf, smb_size);
3639 TALLOC_FREE(old_outbuf);
3642 /****************************************************************************
3643 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3644 ****************************************************************************/
3646 void reply_writebraw(struct smb_request *req)
3648 connection_struct *conn = req->conn;
3651 ssize_t total_written=0;
3652 size_t numtowrite=0;
3658 struct lock_struct lock;
3661 START_PROFILE(SMBwritebraw);
3664 * If we ever reply with an error, it must have the SMB command
3665 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3668 SCVAL(req->inbuf,smb_com,SMBwritec);
3670 if (srv_is_signing_active(smbd_server_conn)) {
3671 END_PROFILE(SMBwritebraw);
3672 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3673 "raw reads/writes are disallowed.");
3676 if (req->wct < 12) {
3677 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3678 error_to_writebrawerr(req);
3679 END_PROFILE(SMBwritebraw);
3683 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3684 if (!check_fsp(conn, req, fsp)) {
3685 error_to_writebrawerr(req);
3686 END_PROFILE(SMBwritebraw);
3690 if (!CHECK_WRITE(fsp)) {
3691 reply_doserror(req, ERRDOS, ERRbadaccess);
3692 error_to_writebrawerr(req);
3693 END_PROFILE(SMBwritebraw);
3697 tcount = IVAL(req->vwv+1, 0);
3698 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3699 write_through = BITSETW(req->vwv+7,0);
3701 /* We have to deal with slightly different formats depending
3702 on whether we are using the core+ or lanman1.0 protocol */
3704 if(Protocol <= PROTOCOL_COREPLUS) {
3705 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3706 data = smb_buf(req->inbuf);
git.samba.org / ira / wip.git / blob