Attempt to fix the build on NetBSD
[ira/wip.git] / source3 / smbd / trans2.c
1 /*
2    Unix SMB/CIFS implementation.
3    SMB transaction2 handling
4    Copyright (C) Jeremy Allison                 1994-2007
5    Copyright (C) Stefan (metze) Metzmacher      2003
6    Copyright (C) Volker Lendecke                2005-2007
7    Copyright (C) Steve French                   2005
8    Copyright (C) James Peach                    2006-2007
9
10    Extensively modified by Andrew Tridgell, 1995
11
12    This program is free software; you can redistribute it and/or modify
13    it under the terms of the GNU General Public License as published by
14    the Free Software Foundation; either version 3 of the License, or
15    (at your option) any later version.
16
17    This program is distributed in the hope that it will be useful,
18    but WITHOUT ANY WARRANTY; without even the implied warranty of
19    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20    GNU General Public License for more details.
21
22    You should have received a copy of the GNU General Public License
23    along with this program.  If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "includes.h"
27 #include "version.h"
28 #include "smbd/globals.h"
29 #include "../libcli/auth/libcli_auth.h"
30
31 extern enum protocol_types Protocol;
32
33 #define DIR_ENTRY_SAFETY_MARGIN 4096
34
35 static char *store_file_unix_basic(connection_struct *conn,
36                                 char *pdata,
37                                 files_struct *fsp,
38                                 const SMB_STRUCT_STAT *psbuf);
39
40 static char *store_file_unix_basic_info2(connection_struct *conn,
41                                 char *pdata,
42                                 files_struct *fsp,
43                                 const SMB_STRUCT_STAT *psbuf);
44
45 /********************************************************************
46  Roundup a value to the nearest allocation roundup size boundary.
47  Only do this for Windows clients.
48 ********************************************************************/
49
50 uint64_t smb_roundup(connection_struct *conn, uint64_t val)
51 {
52         uint64_t rval = lp_allocation_roundup_size(SNUM(conn));
53
54         /* Only roundup for Windows clients. */
55         enum remote_arch_types ra_type = get_remote_arch();
56         if (rval && (ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) {
57                 val = SMB_ROUNDUP(val,rval);
58         }
59         return val;
60 }
61
62 /****************************************************************************
63  Utility functions for dealing with extended attributes.
64 ****************************************************************************/
65
66 /****************************************************************************
67  Refuse to allow clients to overwrite our private xattrs.
68 ****************************************************************************/
69
70 static bool samba_private_attr_name(const char *unix_ea_name)
71 {
72         static const char * const prohibited_ea_names[] = {
73                 SAMBA_POSIX_INHERITANCE_EA_NAME,
74                 SAMBA_XATTR_DOS_ATTRIB,
75                 NULL
76         };
77
78         int i;
79
80         for (i = 0; prohibited_ea_names[i]; i++) {
81                 if (strequal( prohibited_ea_names[i], unix_ea_name))
82                         return true;
83         }
84         if (StrnCaseCmp(unix_ea_name, SAMBA_XATTR_DOSSTREAM_PREFIX,
85                         strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) == 0) {
86                 return true;
87         }
88         return false;
89 }
90
91 /****************************************************************************
92  Get one EA value. Fill in a struct ea_struct.
93 ****************************************************************************/
94
95 NTSTATUS get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn,
96                       files_struct *fsp, const char *fname,
97                       const char *ea_name, struct ea_struct *pea)
98 {
99         /* Get the value of this xattr. Max size is 64k. */
100         size_t attr_size = 256;
101         char *val = NULL;
102         ssize_t sizeret;
103
104  again:
105
106         val = TALLOC_REALLOC_ARRAY(mem_ctx, val, char, attr_size);
107         if (!val) {
108                 return NT_STATUS_NO_MEMORY;
109         }
110
111         if (fsp && fsp->fh->fd != -1) {
112                 sizeret = SMB_VFS_FGETXATTR(fsp, ea_name, val, attr_size);
113         } else {
114                 sizeret = SMB_VFS_GETXATTR(conn, fname, ea_name, val, attr_size);
115         }
116
117         if (sizeret == -1 && errno == ERANGE && attr_size != 65536) {
118                 attr_size = 65536;
119                 goto again;
120         }
121
122         if (sizeret == -1) {
123                 return map_nt_error_from_unix(errno);
124         }
125
126         DEBUG(10,("get_ea_value: EA %s is of length %u\n", ea_name, (unsigned int)sizeret));
127         dump_data(10, (uint8 *)val, sizeret);
128
129         pea->flags = 0;
130         if (strnequal(ea_name, "user.", 5)) {
131                 pea->name = talloc_strdup(mem_ctx, &ea_name[5]);
132         } else {
133                 pea->name = talloc_strdup(mem_ctx, ea_name);
134         }
135         if (pea->name == NULL) {
136                 TALLOC_FREE(val);
137                 return NT_STATUS_NO_MEMORY;
138         }
139         pea->value.data = (unsigned char *)val;
140         pea->value.length = (size_t)sizeret;
141         return NT_STATUS_OK;
142 }
143
144 NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
145                                 files_struct *fsp, const char *fname,
146                                 char ***pnames, size_t *pnum_names)
147 {
148         /* Get a list of all xattrs. Max namesize is 64k. */
149         size_t ea_namelist_size = 1024;
150         char *ea_namelist = NULL;
151
152         char *p;
153         char **names, **tmp;
154         size_t num_names;
155         ssize_t sizeret = -1;
156
157         if (!lp_ea_support(SNUM(conn))) {
158                 *pnames = NULL;
159                 *pnum_names = 0;
160                 return NT_STATUS_OK;
161         }
162
163         /*
164          * TALLOC the result early to get the talloc hierarchy right.
165          */
166
167         names = TALLOC_ARRAY(mem_ctx, char *, 1);
168         if (names == NULL) {
169                 DEBUG(0, ("talloc failed\n"));
170                 return NT_STATUS_NO_MEMORY;
171         }
172
173         while (ea_namelist_size <= 65536) {
174
175                 ea_namelist = TALLOC_REALLOC_ARRAY(
176                         names, ea_namelist, char, ea_namelist_size);
177                 if (ea_namelist == NULL) {
178                         DEBUG(0, ("talloc failed\n"));
179                         TALLOC_FREE(names);
180                         return NT_STATUS_NO_MEMORY;
181                 }
182
183                 if (fsp && fsp->fh->fd != -1) {
184                         sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
185                                                      ea_namelist_size);
186                 } else {
187                         sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist,
188                                                     ea_namelist_size);
189                 }
190
191                 if ((sizeret == -1) && (errno == ERANGE)) {
192                         ea_namelist_size *= 2;
193                 }
194                 else {
195                         break;
196                 }
197         }
198
199         if (sizeret == -1) {
200                 TALLOC_FREE(names);
201                 return map_nt_error_from_unix(errno);
202         }
203
204         DEBUG(10, ("get_ea_list_from_file: ea_namelist size = %u\n",
205                    (unsigned int)sizeret));
206
207         if (sizeret == 0) {
208                 TALLOC_FREE(names);
209                 *pnames = NULL;
210                 *pnum_names = 0;
211                 return NT_STATUS_OK;
212         }
213
214         /*
215          * Ensure the result is 0-terminated
216          */
217
218         if (ea_namelist[sizeret-1] != '\0') {
219                 TALLOC_FREE(names);
220                 return NT_STATUS_INTERNAL_ERROR;
221         }
222
223         /*
224          * count the names
225          */
226         num_names = 0;
227
228         for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
229                 num_names += 1;
230         }
231
232         tmp = TALLOC_REALLOC_ARRAY(mem_ctx, names, char *, num_names);
233         if (tmp == NULL) {
234                 DEBUG(0, ("talloc failed\n"));
235                 TALLOC_FREE(names);
236                 return NT_STATUS_NO_MEMORY;
237         }
238
239         names = tmp;
240         num_names = 0;
241
242         for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
243                 names[num_names++] = p;
244         }
245
246         *pnames = names;
247         *pnum_names = num_names;
248         return NT_STATUS_OK;
249 }
250
251 /****************************************************************************
252  Return a linked list of the total EA's. Plus the total size
253 ****************************************************************************/
254
255 static struct ea_list *get_ea_list_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
256                                         const char *fname, size_t *pea_total_len)
257 {
258         /* Get a list of all xattrs. Max namesize is 64k. */
259         size_t i, num_names;
260         char **names;
261         struct ea_list *ea_list_head = NULL;
262         NTSTATUS status;
263
264         *pea_total_len = 0;
265
266         if (!lp_ea_support(SNUM(conn))) {
267                 return NULL;
268         }
269
270         status = get_ea_names_from_file(talloc_tos(), conn, fsp, fname,
271                                         &names, &num_names);
272
273         if (!NT_STATUS_IS_OK(status) || (num_names == 0)) {
274                 return NULL;
275         }
276
277         for (i=0; i<num_names; i++) {
278                 struct ea_list *listp;
279                 fstring dos_ea_name;
280
281                 if (strnequal(names[i], "system.", 7)
282                     || samba_private_attr_name(names[i]))
283                         continue;
284
285                 listp = TALLOC_P(mem_ctx, struct ea_list);
286                 if (listp == NULL) {
287                         return NULL;
288                 }
289
290                 if (!NT_STATUS_IS_OK(get_ea_value(mem_ctx, conn, fsp,
291                                                   fname, names[i],
292                                                   &listp->ea))) {
293                         return NULL;
294                 }
295
296                 push_ascii_fstring(dos_ea_name, listp->ea.name);
297
298                 *pea_total_len +=
299                         4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
300
301                 DEBUG(10,("get_ea_list_from_file: total_len = %u, %s, val len "
302                           "= %u\n", (unsigned int)*pea_total_len, dos_ea_name,
303                           (unsigned int)listp->ea.value.length));
304
305                 DLIST_ADD_END(ea_list_head, listp, struct ea_list *);
306
307         }
308
309         /* Add on 4 for total length. */
310         if (*pea_total_len) {
311                 *pea_total_len += 4;
312         }
313
314         DEBUG(10, ("get_ea_list_from_file: total_len = %u\n",
315                    (unsigned int)*pea_total_len));
316
317         return ea_list_head;
318 }
319
320 /****************************************************************************
321  Fill a qfilepathinfo buffer with EA's. Returns the length of the buffer
322  that was filled.
323 ****************************************************************************/
324
325 static unsigned int fill_ea_buffer(TALLOC_CTX *mem_ctx, char *pdata, unsigned int total_data_size,
326         connection_struct *conn, struct ea_list *ea_list)
327 {
328         unsigned int ret_data_size = 4;
329         char *p = pdata;
330
331         SMB_ASSERT(total_data_size >= 4);
332
333         if (!lp_ea_support(SNUM(conn))) {
334                 SIVAL(pdata,4,0);
335                 return 4;
336         }
337
338         for (p = pdata + 4; ea_list; ea_list = ea_list->next) {
339                 size_t dos_namelen;
340                 fstring dos_ea_name;
341                 push_ascii_fstring(dos_ea_name, ea_list->ea.name);
342                 dos_namelen = strlen(dos_ea_name);
343                 if (dos_namelen > 255 || dos_namelen == 0) {
344                         break;
345                 }
346                 if (ea_list->ea.value.length > 65535) {
347                         break;
348                 }
349                 if (4 + dos_namelen + 1 + ea_list->ea.value.length > total_data_size) {
350                         break;
351                 }
352
353                 /* We know we have room. */
354                 SCVAL(p,0,ea_list->ea.flags);
355                 SCVAL(p,1,dos_namelen);
356                 SSVAL(p,2,ea_list->ea.value.length);
357                 fstrcpy(p+4, dos_ea_name);
358                 memcpy( p + 4 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length);
359
360                 total_data_size -= 4 + dos_namelen + 1 + ea_list->ea.value.length;
361                 p += 4 + dos_namelen + 1 + ea_list->ea.value.length;
362         }
363
364         ret_data_size = PTR_DIFF(p, pdata);
365         DEBUG(10,("fill_ea_buffer: data_size = %u\n", ret_data_size ));
366         SIVAL(pdata,0,ret_data_size);
367         return ret_data_size;
368 }
369
370 static unsigned int estimate_ea_size(connection_struct *conn, files_struct *fsp, const char *fname)
371 {
372         size_t total_ea_len = 0;
373         TALLOC_CTX *mem_ctx = NULL;
374
375         if (!lp_ea_support(SNUM(conn))) {
376                 return 0;
377         }
378         mem_ctx = talloc_tos();
379         (void)get_ea_list_from_file(mem_ctx, conn, fsp, fname, &total_ea_len);
380         return total_ea_len;
381 }
382
383 /****************************************************************************
384  Ensure the EA name is case insensitive by matching any existing EA name.
385 ****************************************************************************/
386
387 static void canonicalize_ea_name(connection_struct *conn, files_struct *fsp, const char *fname, fstring unix_ea_name)
388 {
389         size_t total_ea_len;
390         TALLOC_CTX *mem_ctx = talloc_tos();
391         struct ea_list *ea_list = get_ea_list_from_file(mem_ctx, conn, fsp, fname, &total_ea_len);
392
393         for (; ea_list; ea_list = ea_list->next) {
394                 if (strequal(&unix_ea_name[5], ea_list->ea.name)) {
395                         DEBUG(10,("canonicalize_ea_name: %s -> %s\n",
396                                 &unix_ea_name[5], ea_list->ea.name));
397                         safe_strcpy(&unix_ea_name[5], ea_list->ea.name, sizeof(fstring)-6);
398                         break;
399                 }
400         }
401 }
402
403 /****************************************************************************
404  Set or delete an extended attribute.
405 ****************************************************************************/
406
407 NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, const char *fname, struct ea_list *ea_list)
408 {
409         if (!lp_ea_support(SNUM(conn))) {
410                 return NT_STATUS_EAS_NOT_SUPPORTED;
411         }
412
413         for (;ea_list; ea_list = ea_list->next) {
414                 int ret;
415                 fstring unix_ea_name;
416
417                 fstrcpy(unix_ea_name, "user."); /* All EA's must start with user. */
418                 fstrcat(unix_ea_name, ea_list->ea.name);
419
420                 canonicalize_ea_name(conn, fsp, fname, unix_ea_name);
421
422                 DEBUG(10,("set_ea: ea_name %s ealen = %u\n", unix_ea_name, (unsigned int)ea_list->ea.value.length));
423
424                 if (samba_private_attr_name(unix_ea_name)) {
425                         DEBUG(10,("set_ea: ea name %s is a private Samba name.\n", unix_ea_name));
426                         return NT_STATUS_ACCESS_DENIED;
427                 }
428
429                 if (ea_list->ea.value.length == 0) {
430                         /* Remove the attribute. */
431                         if (fsp && (fsp->fh->fd != -1)) {
432                                 DEBUG(10,("set_ea: deleting ea name %s on file %s by file descriptor.\n",
433                                         unix_ea_name, fsp->fsp_name));
434                                 ret = SMB_VFS_FREMOVEXATTR(fsp, unix_ea_name);
435                         } else {
436                                 DEBUG(10,("set_ea: deleting ea name %s on file %s.\n",
437                                         unix_ea_name, fname));
438                                 ret = SMB_VFS_REMOVEXATTR(conn, fname, unix_ea_name);
439                         }
440 #ifdef ENOATTR
441                         /* Removing a non existent attribute always succeeds. */
442                         if (ret == -1 && errno == ENOATTR) {
443                                 DEBUG(10,("set_ea: deleting ea name %s didn't exist - succeeding by default.\n",
444                                                 unix_ea_name));
445                                 ret = 0;
446                         }
447 #endif
448                 } else {
449                         if (fsp && (fsp->fh->fd != -1)) {
450                                 DEBUG(10,("set_ea: setting ea name %s on file %s by file descriptor.\n",
451                                         unix_ea_name, fsp->fsp_name));
452                                 ret = SMB_VFS_FSETXATTR(fsp, unix_ea_name,
453                                                         ea_list->ea.value.data, ea_list->ea.value.length, 0);
454                         } else {
455                                 DEBUG(10,("set_ea: setting ea name %s on file %s.\n",
456                                         unix_ea_name, fname));
457                                 ret = SMB_VFS_SETXATTR(conn, fname, unix_ea_name,
458                                                         ea_list->ea.value.data, ea_list->ea.value.length, 0);
459                         }
460                 }
461
462                 if (ret == -1) {
463 #ifdef ENOTSUP
464                         if (errno == ENOTSUP) {
465                                 return NT_STATUS_EAS_NOT_SUPPORTED;
466                         }
467 #endif
468                         return map_nt_error_from_unix(errno);
469                 }
470
471         }
472         return NT_STATUS_OK;
473 }
474 /****************************************************************************
475  Read a list of EA names from an incoming data buffer. Create an ea_list with them.
476 ****************************************************************************/
477
478 static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
479 {
480         struct ea_list *ea_list_head = NULL;
481         size_t converted_size, offset = 0;
482
483         while (offset + 2 < data_size) {
484                 struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list);
485                 unsigned int namelen = CVAL(pdata,offset);
486
487                 offset++; /* Go past the namelen byte. */
488
489                 /* integer wrap paranioa. */
490                 if ((offset + namelen < offset) || (offset + namelen < namelen) ||
491                                 (offset > data_size) || (namelen > data_size) ||
492                                 (offset + namelen >= data_size)) {
493                         break;
494                 }
495                 /* Ensure the name is null terminated. */
496                 if (pdata[offset + namelen] != '\0') {
497                         return NULL;
498                 }
499                 if (!pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset],
500                                        &converted_size)) {
501                         DEBUG(0,("read_ea_name_list: pull_ascii_talloc "
502                                  "failed: %s", strerror(errno)));
503                 }
504                 if (!eal->ea.name) {
505                         return NULL;
506                 }
507
508                 offset += (namelen + 1); /* Go past the name + terminating zero. */
509                 DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
510                 DEBUG(10,("read_ea_name_list: read ea name %s\n", eal->ea.name));
511         }
512
513         return ea_list_head;
514 }
515
516 /****************************************************************************
517  Read one EA list entry from the buffer.
518 ****************************************************************************/
519
520 struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t data_size, size_t *pbytes_used)
521 {
522         struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list);
523         uint16 val_len;
524         unsigned int namelen;
525         size_t converted_size;
526
527         if (!eal) {
528                 return NULL;
529         }
530
531         if (data_size < 6) {
532                 return NULL;
533         }
534
535         eal->ea.flags = CVAL(pdata,0);
536         namelen = CVAL(pdata,1);
537         val_len = SVAL(pdata,2);
538
539         if (4 + namelen + 1 + val_len > data_size) {
540                 return NULL;
541         }
542
543         /* Ensure the name is null terminated. */
544         if (pdata[namelen + 4] != '\0') {
545                 return NULL;
546         }
547         if (!pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4, &converted_size)) {
548                 DEBUG(0,("read_ea_list_entry: pull_ascii_talloc failed: %s",
549                          strerror(errno)));
550         }
551         if (!eal->ea.name) {
552                 return NULL;
553         }
554
555         eal->ea.value = data_blob_talloc(eal, NULL, (size_t)val_len + 1);
556         if (!eal->ea.value.data) {
557                 return NULL;
558         }
559
560         memcpy(eal->ea.value.data, pdata + 4 + namelen + 1, val_len);
561
562         /* Ensure we're null terminated just in case we print the value. */
563         eal->ea.value.data[val_len] = '\0';
564         /* But don't count the null. */
565         eal->ea.value.length--;
566
567         if (pbytes_used) {
568                 *pbytes_used = 4 + namelen + 1 + val_len;
569         }
570
571         DEBUG(10,("read_ea_list_entry: read ea name %s\n", eal->ea.name));
572         dump_data(10, eal->ea.value.data, eal->ea.value.length);
573
574         return eal;
575 }
576
577 /****************************************************************************
578  Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
579 ****************************************************************************/
580
581 static struct ea_list *read_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
582 {
583         struct ea_list *ea_list_head = NULL;
584         size_t offset = 0;
585         size_t bytes_used = 0;
586
587         while (offset < data_size) {
588                 struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset, data_size - offset, &bytes_used);
589
590                 if (!eal) {
591                         return NULL;
592                 }
593
594                 DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
595                 offset += bytes_used;
596         }
597
598         return ea_list_head;
599 }
600
601 /****************************************************************************
602  Count the total EA size needed.
603 ****************************************************************************/
604
605 static size_t ea_list_size(struct ea_list *ealist)
606 {
607         fstring dos_ea_name;
608         struct ea_list *listp;
609         size_t ret = 0;
610
611         for (listp = ealist; listp; listp = listp->next) {
612                 push_ascii_fstring(dos_ea_name, listp->ea.name);
613                 ret += 4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
614         }
615         /* Add on 4 for total length. */
616         if (ret) {
617                 ret += 4;
618         }
619
620         return ret;
621 }
622
623 /****************************************************************************
624  Return a union of EA's from a file list and a list of names.
625  The TALLOC context for the two lists *MUST* be identical as we steal
626  memory from one list to add to another. JRA.
627 ****************************************************************************/
628
629 static struct ea_list *ea_list_union(struct ea_list *name_list, struct ea_list *file_list, size_t *total_ea_len)
630 {
631         struct ea_list *nlistp, *flistp;
632
633         for (nlistp = name_list; nlistp; nlistp = nlistp->next) {
634                 for (flistp = file_list; flistp; flistp = flistp->next) {
635                         if (strequal(nlistp->ea.name, flistp->ea.name)) {
636                                 break;
637                         }
638                 }
639
640                 if (flistp) {
641                         /* Copy the data from this entry. */
642                         nlistp->ea.flags = flistp->ea.flags;
643                         nlistp->ea.value = flistp->ea.value;
644                 } else {
645                         /* Null entry. */
646                         nlistp->ea.flags = 0;
647                         ZERO_STRUCT(nlistp->ea.value);
648                 }
649         }
650
651         *total_ea_len = ea_list_size(name_list);
652         return name_list;
653 }
654
655 /****************************************************************************
656   Send the required number of replies back.
657   We assume all fields other than the data fields are
658   set correctly for the type of call.
659   HACK ! Always assumes smb_setup field is zero.
660 ****************************************************************************/
661
662 void send_trans2_replies(connection_struct *conn,
663                         struct smb_request *req,
664                          const char *params,
665                          int paramsize,
666                          const char *pdata,
667                          int datasize,
668                          int max_data_bytes)
669 {
670         /* As we are using a protocol > LANMAN1 then the max_send
671          variable must have been set in the sessetupX call.
672          This takes precedence over the max_xmit field in the
673          global struct. These different max_xmit variables should
674          be merged as this is now too confusing */
675
676         int data_to_send = datasize;
677         int params_to_send = paramsize;
678         int useable_space;
679         const char *pp = params;
680         const char *pd = pdata;
681         int params_sent_thistime, data_sent_thistime, total_sent_thistime;
682         int alignment_offset = 1; /* JRA. This used to be 3. Set to 1 to make netmon parse ok. */
683         int data_alignment_offset = 0;
684         bool overflow = False;
685
686         /* Modify the data_to_send and datasize and set the error if
687            we're trying to send more than max_data_bytes. We still send
688            the part of the packet(s) that fit. Strange, but needed
689            for OS/2. */
690
691         if (max_data_bytes > 0 && datasize > max_data_bytes) {
692                 DEBUG(5,("send_trans2_replies: max_data_bytes %d exceeded by data %d\n",
693                         max_data_bytes, datasize ));
694                 datasize = data_to_send = max_data_bytes;
695                 overflow = True;
696         }
697
698         /* If there genuinely are no parameters or data to send just send the empty packet */
699
700         if(params_to_send == 0 && data_to_send == 0) {
701                 reply_outbuf(req, 10, 0);
702                 show_msg((char *)req->outbuf);
703                 return;
704         }
705
706         /* When sending params and data ensure that both are nicely aligned */
707         /* Only do this alignment when there is also data to send - else
708                 can cause NT redirector problems. */
709
710         if (((params_to_send % 4) != 0) && (data_to_send != 0))
711                 data_alignment_offset = 4 - (params_to_send % 4);
712
713         /* Space is bufsize minus Netbios over TCP header minus SMB header */
714         /* The alignment_offset is to align the param bytes on an even byte
715                 boundary. NT 4.0 Beta needs this to work correctly. */
716
717         useable_space = max_send - (smb_size
718                                     + 2 * 10 /* wct */
719                                     + alignment_offset
720                                     + data_alignment_offset);
721
722         if (useable_space < 0) {
723                 DEBUG(0, ("send_trans2_replies failed sanity useable_space "
724                           "= %d!!!", useable_space));
725                 exit_server_cleanly("send_trans2_replies: Not enough space");
726         }
727
728         while (params_to_send || data_to_send) {
729                 /* Calculate whether we will totally or partially fill this packet */
730
731                 total_sent_thistime = params_to_send + data_to_send;
732
733                 /* We can never send more than useable_space */
734                 /*
735                  * Note that 'useable_space' does not include the alignment offsets,
736                  * but we must include the alignment offsets in the calculation of
737                  * the length of the data we send over the wire, as the alignment offsets
738                  * are sent here. Fix from Marc_Jacobsen@hp.com.
739                  */
740
741                 total_sent_thistime = MIN(total_sent_thistime, useable_space);
742
743                 reply_outbuf(req, 10, total_sent_thistime + alignment_offset
744                              + data_alignment_offset);
745
746                 /*
747                  * We might have SMBtrans2s in req which was transferred to
748                  * the outbuf, fix that.
749                  */
750                 SCVAL(req->outbuf, smb_com, SMBtrans2);
751
752                 /* Set total params and data to be sent */
753                 SSVAL(req->outbuf,smb_tprcnt,paramsize);
754                 SSVAL(req->outbuf,smb_tdrcnt,datasize);
755
756                 /* Calculate how many parameters and data we can fit into
757                  * this packet. Parameters get precedence
758                  */
759
760                 params_sent_thistime = MIN(params_to_send,useable_space);
761                 data_sent_thistime = useable_space - params_sent_thistime;
762                 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
763
764                 SSVAL(req->outbuf,smb_prcnt, params_sent_thistime);
765
766                 /* smb_proff is the offset from the start of the SMB header to the
767                         parameter bytes, however the first 4 bytes of outbuf are
768                         the Netbios over TCP header. Thus use smb_base() to subtract
769                         them from the calculation */
770
771                 SSVAL(req->outbuf,smb_proff,
772                       ((smb_buf(req->outbuf)+alignment_offset)
773                        - smb_base(req->outbuf)));
774
775                 if(params_sent_thistime == 0)
776                         SSVAL(req->outbuf,smb_prdisp,0);
777                 else
778                         /* Absolute displacement of param bytes sent in this packet */
779                         SSVAL(req->outbuf,smb_prdisp,pp - params);
780
781                 SSVAL(req->outbuf,smb_drcnt, data_sent_thistime);
782                 if(data_sent_thistime == 0) {
783                         SSVAL(req->outbuf,smb_droff,0);
784                         SSVAL(req->outbuf,smb_drdisp, 0);
785                 } else {
786                         /* The offset of the data bytes is the offset of the
787                                 parameter bytes plus the number of parameters being sent this time */
788                         SSVAL(req->outbuf, smb_droff,
789                               ((smb_buf(req->outbuf)+alignment_offset)
790                                - smb_base(req->outbuf))
791                               + params_sent_thistime + data_alignment_offset);
792                         SSVAL(req->outbuf,smb_drdisp, pd - pdata);
793                 }
794
795                 /* Initialize the padding for alignment */
796
797                 if (alignment_offset != 0) {
798                         memset(smb_buf(req->outbuf), 0, alignment_offset);
799                 }
800
801                 /* Copy the param bytes into the packet */
802
803                 if(params_sent_thistime) {
804                         memcpy((smb_buf(req->outbuf)+alignment_offset), pp,
805                                params_sent_thistime);
806                 }
807
808                 /* Copy in the data bytes */
809                 if(data_sent_thistime) {
810                         if (data_alignment_offset != 0) {
811                                 memset((smb_buf(req->outbuf)+alignment_offset+
812                                         params_sent_thistime), 0,
813                                        data_alignment_offset);
814                         }
815                         memcpy(smb_buf(req->outbuf)+alignment_offset
816                                +params_sent_thistime+data_alignment_offset,
817                                pd,data_sent_thistime);
818                 }
819
820                 DEBUG(9,("t2_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
821                         params_sent_thistime, data_sent_thistime, useable_space));
822                 DEBUG(9,("t2_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
823                         params_to_send, data_to_send, paramsize, datasize));
824
825                 if (overflow) {
826                         error_packet_set((char *)req->outbuf,
827                                          ERRDOS,ERRbufferoverflow,
828                                          STATUS_BUFFER_OVERFLOW,
829                                          __LINE__,__FILE__);
830                 }
831
832                 /* Send the packet */
833                 show_msg((char *)req->outbuf);
834                 if (!srv_send_smb(smbd_server_fd(),
835                                 (char *)req->outbuf,
836                                 true, req->seqnum+1,
837                                 IS_CONN_ENCRYPTED(conn),
838                                 &req->pcd))
839                         exit_server_cleanly("send_trans2_replies: srv_send_smb failed.");
840
841                 TALLOC_FREE(req->outbuf);
842
843                 pp += params_sent_thistime;
844                 pd += data_sent_thistime;
845
846                 params_to_send -= params_sent_thistime;
847                 data_to_send -= data_sent_thistime;
848
849                 /* Sanity check */
850                 if(params_to_send < 0 || data_to_send < 0) {
851                         DEBUG(0,("send_trans2_replies failed sanity check pts = %d, dts = %d\n!!!",
852                                 params_to_send, data_to_send));
853                         return;
854                 }
855         }
856
857         return;
858 }
859
860 /****************************************************************************
861  Reply to a TRANSACT2_OPEN.
862 ****************************************************************************/
863
864 static void call_trans2open(connection_struct *conn,
865                             struct smb_request *req,
866                             char **pparams, int total_params,
867                             char **ppdata, int total_data,
868                             unsigned int max_data_bytes)
869 {
870         char *params = *pparams;
871         char *pdata = *ppdata;
872         int deny_mode;
873         int32 open_attr;
874         bool oplock_request;
875 #if 0
876         bool return_additional_info;
877         int16 open_sattr;
878         time_t open_time;
879 #endif
880         int open_ofun;
881         uint32 open_size;
882         char *pname;
883         char *fname = NULL;
884         SMB_OFF_T size=0;
885         int fattr=0,mtime=0;
886         SMB_INO_T inode = 0;
887         SMB_STRUCT_STAT sbuf;
888         int smb_action = 0;
889         files_struct *fsp;
890         struct ea_list *ea_list = NULL;
891         uint16 flags = 0;
892         NTSTATUS status;
893         uint32 access_mask;
894         uint32 share_mode;
895         uint32 create_disposition;
896         uint32 create_options = 0;
897         TALLOC_CTX *ctx = talloc_tos();
898
899         SET_STAT_INVALID(sbuf);
900
901         /*
902          * Ensure we have enough parameters to perform the operation.
903          */
904
905         if (total_params < 29) {
906                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
907                 return;
908         }
909
910         flags = SVAL(params, 0);
911         deny_mode = SVAL(params, 2);
912         open_attr = SVAL(params,6);
913         oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
914         if (oplock_request) {
915                 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
916         }
917
918 #if 0
919         return_additional_info = BITSETW(params,0);
920         open_sattr = SVAL(params, 4);
921         open_time = make_unix_date3(params+8);
922 #endif
923         open_ofun = SVAL(params,12);
924         open_size = IVAL(params,14);
925         pname = &params[28];
926
927         if (IS_IPC(conn)) {
928                 reply_doserror(req, ERRSRV, ERRaccess);
929                 return;
930         }
931
932         srvstr_get_path(ctx, params, req->flags2, &fname, pname,
933                         total_params - 28, STR_TERMINATE,
934                         &status);
935         if (!NT_STATUS_IS_OK(status)) {
936                 reply_nterror(req, status);
937                 return;
938         }
939
940         DEBUG(3,("call_trans2open %s deny_mode=0x%x attr=%d ofun=0x%x size=%d\n",
941                 fname, (unsigned int)deny_mode, (unsigned int)open_attr,
942                 (unsigned int)open_ofun, open_size));
943
944         if (open_ofun == 0) {
945                 reply_nterror(req, NT_STATUS_OBJECT_NAME_COLLISION);
946                 return;
947         }
948
949         if (!map_open_params_to_ntcreate(fname, deny_mode, open_ofun,
950                                 &access_mask,
951                                 &share_mode,
952                                 &create_disposition,
953                                 &create_options)) {
954                 reply_doserror(req, ERRDOS, ERRbadaccess);
955                 return;
956         }
957
958         /* Any data in this call is an EA list. */
959         if (total_data && (total_data != 4) && !lp_ea_support(SNUM(conn))) {
960                 reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
961                 return;
962         }
963
964         if (total_data != 4) {
965                 if (total_data < 10) {
966                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
967                         return;
968                 }
969
970                 if (IVAL(pdata,0) > total_data) {
971                         DEBUG(10,("call_trans2open: bad total data size (%u) > %u\n",
972                                 IVAL(pdata,0), (unsigned int)total_data));
973                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
974                         return;
975                 }
976
977                 ea_list = read_ea_list(talloc_tos(), pdata + 4,
978                                        total_data - 4);
979                 if (!ea_list) {
980                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
981                         return;
982                 }
983         } else if (IVAL(pdata,0) != 4) {
984                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
985                 return;
986         }
987
988         status = SMB_VFS_CREATE_FILE(
989                 conn,                                   /* conn */
990                 req,                                    /* req */
991                 0,                                      /* root_dir_fid */
992                 fname,                                  /* fname */
993                 CFF_DOS_PATH,                           /* create_file_flags */
994                 access_mask,                            /* access_mask */
995                 share_mode,                             /* share_access */
996                 create_disposition,                     /* create_disposition*/
997                 create_options,                         /* create_options */
998                 open_attr,                              /* file_attributes */
999                 oplock_request,                         /* oplock_request */
1000                 open_size,                              /* allocation_size */
1001                 NULL,                                   /* sd */
1002                 ea_list,                                /* ea_list */
1003                 &fsp,                                   /* result */
1004                 &smb_action,                            /* pinfo */
1005                 &sbuf);                                 /* psbuf */
1006
1007         if (!NT_STATUS_IS_OK(status)) {
1008                 if (open_was_deferred(req->mid)) {
1009                         /* We have re-scheduled this call. */
1010                         return;
1011                 }
1012                 reply_openerror(req, status);
1013                 return;
1014         }
1015
1016         size = get_file_size_stat(&sbuf);
1017         fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1018         mtime = convert_timespec_to_time_t(sbuf.st_ex_mtime);
1019         inode = sbuf.st_ex_ino;
1020         if (fattr & aDIR) {
1021                 close_file(req, fsp, ERROR_CLOSE);
1022                 reply_doserror(req, ERRDOS,ERRnoaccess);
1023                 return;
1024         }
1025
1026         /* Realloc the size of parameters and data we will return */
1027         *pparams = (char *)SMB_REALLOC(*pparams, 30);
1028         if(*pparams == NULL ) {
1029                 reply_nterror(req, NT_STATUS_NO_MEMORY);
1030                 return;
1031         }
1032         params = *pparams;
1033
1034         SSVAL(params,0,fsp->fnum);
1035         SSVAL(params,2,fattr);
1036         srv_put_dos_date2(params,4, mtime);
1037         SIVAL(params,8, (uint32)size);
1038         SSVAL(params,12,deny_mode);
1039         SSVAL(params,14,0); /* open_type - file or directory. */
1040         SSVAL(params,16,0); /* open_state - only valid for IPC device. */
1041
1042         if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1043                 smb_action |= EXTENDED_OPLOCK_GRANTED;
1044         }
1045
1046         SSVAL(params,18,smb_action);
1047
1048         /*
1049          * WARNING - this may need to be changed if SMB_INO_T <> 4 bytes.
1050          */
1051         SIVAL(params,20,inode);
1052         SSVAL(params,24,0); /* Padding. */
1053         if (flags & 8) {
1054                 uint32 ea_size = estimate_ea_size(conn, fsp, fsp->fsp_name);
1055                 SIVAL(params, 26, ea_size);
1056         } else {
1057                 SIVAL(params, 26, 0);
1058         }
1059
1060         /* Send the required number of replies */
1061         send_trans2_replies(conn, req, params, 30, *ppdata, 0, max_data_bytes);
1062 }
1063
1064 /*********************************************************
1065  Routine to check if a given string matches exactly.
1066  as a special case a mask of "." does NOT match. That
1067  is required for correct wildcard semantics
1068  Case can be significant or not.
1069 **********************************************************/
1070
1071 static bool exact_match(connection_struct *conn,
1072                 const char *str,
1073                 const char *mask)
1074 {
1075         if (mask[0] == '.' && mask[1] == 0)
1076                 return False;
1077         if (dptr_has_wild(conn->dirptr)) {
1078                 return False;
1079         }
1080         if (conn->case_sensitive)
1081                 return strcmp(str,mask)==0;
1082         else
1083                 return StrCaseCmp(str,mask) == 0;
1084 }
1085
1086 /****************************************************************************
1087  Return the filetype for UNIX extensions.
1088 ****************************************************************************/
1089
1090 static uint32 unix_filetype(mode_t mode)
1091 {
1092         if(S_ISREG(mode))
1093                 return UNIX_TYPE_FILE;
1094         else if(S_ISDIR(mode))
1095                 return UNIX_TYPE_DIR;
1096 #ifdef S_ISLNK
1097         else if(S_ISLNK(mode))
1098                 return UNIX_TYPE_SYMLINK;
1099 #endif
1100 #ifdef S_ISCHR
1101         else if(S_ISCHR(mode))
1102                 return UNIX_TYPE_CHARDEV;
1103 #endif
1104 #ifdef S_ISBLK
1105         else if(S_ISBLK(mode))
1106                 return UNIX_TYPE_BLKDEV;
1107 #endif
1108 #ifdef S_ISFIFO
1109         else if(S_ISFIFO(mode))
1110                 return UNIX_TYPE_FIFO;
1111 #endif
1112 #ifdef S_ISSOCK
1113         else if(S_ISSOCK(mode))
1114                 return UNIX_TYPE_SOCKET;
1115 #endif
1116
1117         DEBUG(0,("unix_filetype: unknown filetype %u\n", (unsigned)mode));
1118         return UNIX_TYPE_UNKNOWN;
1119 }
1120
1121 /****************************************************************************
1122  Map wire perms onto standard UNIX permissions. Obey share restrictions.
1123 ****************************************************************************/
1124
1125 enum perm_type { PERM_NEW_FILE, PERM_NEW_DIR, PERM_EXISTING_FILE, PERM_EXISTING_DIR};
1126
1127 static NTSTATUS unix_perms_from_wire( connection_struct *conn,
1128                                 SMB_STRUCT_STAT *psbuf,
1129                                 uint32 perms,
1130                                 enum perm_type ptype,
1131                                 mode_t *ret_perms)
1132 {
1133         mode_t ret = 0;
1134
1135         if (perms == SMB_MODE_NO_CHANGE) {
1136                 if (!VALID_STAT(*psbuf)) {
1137                         return NT_STATUS_INVALID_PARAMETER;
1138                 } else {
1139                         *ret_perms = psbuf->st_ex_mode;
1140                         return NT_STATUS_OK;
1141                 }
1142         }
1143
1144         ret |= ((perms & UNIX_X_OTH ) ? S_IXOTH : 0);
1145         ret |= ((perms & UNIX_W_OTH ) ? S_IWOTH : 0);
1146         ret |= ((perms & UNIX_R_OTH ) ? S_IROTH : 0);
1147         ret |= ((perms & UNIX_X_GRP ) ? S_IXGRP : 0);
1148         ret |= ((perms & UNIX_W_GRP ) ? S_IWGRP : 0);
1149         ret |= ((perms & UNIX_R_GRP ) ? S_IRGRP : 0);
1150         ret |= ((perms & UNIX_X_USR ) ? S_IXUSR : 0);
1151         ret |= ((perms & UNIX_W_USR ) ? S_IWUSR : 0);
1152         ret |= ((perms & UNIX_R_USR ) ? S_IRUSR : 0);
1153 #ifdef S_ISVTX
1154         ret |= ((perms & UNIX_STICKY ) ? S_ISVTX : 0);
1155 #endif
1156 #ifdef S_ISGID
1157         ret |= ((perms & UNIX_SET_GID ) ? S_ISGID : 0);
1158 #endif
1159 #ifdef S_ISUID
1160         ret |= ((perms & UNIX_SET_UID ) ? S_ISUID : 0);
1161 #endif
1162
1163         switch (ptype) {
1164         case PERM_NEW_FILE:
1165                 /* Apply mode mask */
1166                 ret &= lp_create_mask(SNUM(conn));
1167                 /* Add in force bits */
1168                 ret |= lp_force_create_mode(SNUM(conn));
1169                 break;
1170         case PERM_NEW_DIR:
1171                 ret &= lp_dir_mask(SNUM(conn));
1172                 /* Add in force bits */
1173                 ret |= lp_force_dir_mode(SNUM(conn));
1174                 break;
1175         case PERM_EXISTING_FILE:
1176                 /* Apply mode mask */
1177                 ret &= lp_security_mask(SNUM(conn));
1178                 /* Add in force bits */
1179                 ret |= lp_force_security_mode(SNUM(conn));
1180                 break;
1181         case PERM_EXISTING_DIR:
1182                 /* Apply mode mask */
1183                 ret &= lp_dir_security_mask(SNUM(conn));
1184                 /* Add in force bits */
1185                 ret |= lp_force_dir_security_mode(SNUM(conn));
1186                 break;
1187         }
1188
1189         *ret_perms = ret;
1190         return NT_STATUS_OK;
1191 }
1192
1193 /****************************************************************************
1194  Needed to show the msdfs symlinks as directories. Modifies psbuf
1195  to be a directory if it's a msdfs link.
1196 ****************************************************************************/
1197
1198 static bool check_msdfs_link(connection_struct *conn,
1199                                 const char *pathname,
1200                                 SMB_STRUCT_STAT *psbuf)
1201 {
1202         int saved_errno = errno;
1203         if(lp_host_msdfs() &&
1204                 lp_msdfs_root(SNUM(conn)) &&
1205                 is_msdfs_link(conn, pathname, psbuf)) {
1206
1207                 DEBUG(5,("check_msdfs_link: Masquerading msdfs link %s "
1208                         "as a directory\n",
1209                         pathname));
1210                 psbuf->st_ex_mode = (psbuf->st_ex_mode & 0xFFF) | S_IFDIR;
1211                 errno = saved_errno;
1212                 return true;
1213         }
1214         errno = saved_errno;
1215         return false;
1216 }
1217
1218
1219 /****************************************************************************
1220  Get a level dependent lanman2 dir entry.
1221 ****************************************************************************/
1222
1223 static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
1224                                 connection_struct *conn,
1225                                 uint16 flags2,
1226                                 const char *path_mask,
1227                                 uint32 dirtype,
1228                                 int info_level,
1229                                 int requires_resume_key,
1230                                 bool dont_descend,
1231                                 bool ask_sharemode,
1232                                 char **ppdata,
1233                                 char *base_data,
1234                                 char *end_data,
1235                                 int space_remaining,
1236                                 bool *out_of_space,
1237                                 bool *got_exact_match,
1238                                 int *last_entry_off,
1239                                 struct ea_list *name_list)
1240 {
1241         char *dname;
1242         bool found = False;
1243         SMB_STRUCT_STAT sbuf;
1244         const char *mask = NULL;
1245         char *pathreal = NULL;
1246         char *fname = NULL;
1247         char *p, *q, *pdata = *ppdata;
1248         uint32 reskey=0;
1249         long prev_dirpos=0;
1250         uint32 mode=0;
1251         SMB_OFF_T file_size = 0;
1252         uint64_t allocation_size = 0;
1253         uint32 len;
1254         struct timespec mdate_ts, adate_ts, create_date_ts;
1255         time_t mdate = (time_t)0, adate = (time_t)0, create_date = (time_t)0;
1256         char *nameptr;
1257         char *last_entry_ptr;
1258         bool was_8_3;
1259         uint32 nt_extmode; /* Used for NT connections instead of mode */
1260         bool needslash = ( conn->dirpath[strlen(conn->dirpath) -1] != '/');
1261         bool check_mangled_names = lp_manglednames(conn->params);
1262         char mangled_name[13]; /* mangled 8.3 name. */
1263
1264         *out_of_space = False;
1265         *got_exact_match = False;
1266
1267         ZERO_STRUCT(mdate_ts);
1268         ZERO_STRUCT(adate_ts);
1269         ZERO_STRUCT(create_date_ts);
1270
1271         if (!conn->dirptr) {
1272                 return(False);
1273         }
1274
1275         p = strrchr_m(path_mask,'/');
1276         if(p != NULL) {
1277                 if(p[1] == '\0') {
1278                         mask = talloc_strdup(ctx,"*.*");
1279                 } else {
1280                         mask = p+1;
1281                 }
1282         } else {
1283                 mask = path_mask;
1284         }
1285
1286         while (!found) {
1287                 bool got_match;
1288                 bool ms_dfs_link = False;
1289
1290                 /* Needed if we run out of space */
1291                 long curr_dirpos = prev_dirpos = dptr_TellDir(conn->dirptr);
1292                 dname = dptr_ReadDirName(ctx,conn->dirptr,&curr_dirpos,&sbuf);
1293
1294                 /*
1295                  * Due to bugs in NT client redirectors we are not using
1296                  * resume keys any more - set them to zero.
1297                  * Check out the related comments in findfirst/findnext.
1298                  * JRA.
1299                  */
1300
1301                 reskey = 0;
1302
1303                 DEBUG(8,("get_lanman2_dir_entry:readdir on dirptr 0x%lx now at offset %ld\n",
1304                         (long)conn->dirptr,curr_dirpos));
1305
1306                 if (!dname) {
1307                         return(False);
1308                 }
1309
1310                 /*
1311                  * fname may get mangled, dname is never mangled.
1312                  * Whenever we're accessing the filesystem we use
1313                  * pathreal which is composed from dname.
1314                  */
1315
1316                 pathreal = NULL;
1317                 fname = dname;
1318
1319                 /* Mangle fname if it's an illegal name. */
1320                 if (mangle_must_mangle(dname,conn->params)) {
1321                         if (!name_to_8_3(dname,mangled_name,True,conn->params)) {
1322                                 TALLOC_FREE(fname);
1323                                 continue; /* Error - couldn't mangle. */
1324                         }
1325                         fname = talloc_strdup(ctx, mangled_name);
1326                         if (!fname) {
1327                                 return False;
1328                         }
1329                 }
1330
1331                 if(!(got_match = *got_exact_match = exact_match(conn, fname, mask))) {
1332                         got_match = mask_match(fname, mask, conn->case_sensitive);
1333                 }
1334
1335                 if(!got_match && check_mangled_names &&
1336                    !mangle_is_8_3(fname, False, conn->params)) {
1337                         /*
1338                          * It turns out that NT matches wildcards against
1339                          * both long *and* short names. This may explain some
1340                          * of the wildcard wierdness from old DOS clients
1341                          * that some people have been seeing.... JRA.
1342                          */
1343                         /* Force the mangling into 8.3. */
1344                         if (!name_to_8_3( fname, mangled_name, False, conn->params)) {
1345                                 TALLOC_FREE(fname);
1346                                 continue; /* Error - couldn't mangle. */
1347                         }
1348
1349                         if(!(got_match = *got_exact_match = exact_match(conn, mangled_name, mask))) {
1350                                 got_match = mask_match(mangled_name, mask, conn->case_sensitive);
1351                         }
1352                 }
1353
1354                 if (got_match) {
1355                         bool isdots = (ISDOT(dname) || ISDOTDOT(dname));
1356
1357                         if (dont_descend && !isdots) {
1358                                 TALLOC_FREE(fname);
1359                                 continue;
1360                         }
1361
1362                         if (needslash) {
1363                                 pathreal = NULL;
1364                                 pathreal = talloc_asprintf(ctx,
1365                                         "%s/%s",
1366                                         conn->dirpath,
1367                                         dname);
1368                         } else {
1369                                 pathreal = talloc_asprintf(ctx,
1370                                         "%s%s",
1371                                         conn->dirpath,
1372                                         dname);
1373                         }
1374
1375                         if (!pathreal) {
1376                                 TALLOC_FREE(fname);
1377                                 return False;
1378                         }
1379
1380                         if (INFO_LEVEL_IS_UNIX(info_level)) {
1381                                 if (SMB_VFS_LSTAT(conn,pathreal,&sbuf) != 0) {
1382                                         DEBUG(5,("get_lanman2_dir_entry:Couldn't lstat [%s] (%s)\n",
1383                                                 pathreal,strerror(errno)));
1384                                         TALLOC_FREE(pathreal);
1385                                         TALLOC_FREE(fname);
1386                                         continue;
1387                                 }
1388                         } else if (!VALID_STAT(sbuf) && SMB_VFS_STAT(conn,pathreal,&sbuf) != 0) {
1389                                 /* Needed to show the msdfs symlinks as
1390                                  * directories */
1391
1392                                 ms_dfs_link = check_msdfs_link(conn, pathreal, &sbuf);
1393                                 if (!ms_dfs_link) {
1394                                         DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n",
1395                                                 pathreal,strerror(errno)));
1396                                         TALLOC_FREE(pathreal);
1397                                         TALLOC_FREE(fname);
1398                                         continue;
1399                                 }
1400                         }
1401
1402                         if (ms_dfs_link) {
1403                                 mode = dos_mode_msdfs(conn,pathreal,&sbuf);
1404                         } else {
1405                                 mode = dos_mode(conn,pathreal,&sbuf);
1406                         }
1407
1408                         if (!dir_check_ftype(conn,mode,dirtype)) {
1409                                 DEBUG(5,("get_lanman2_dir_entry: [%s] attribs didn't match %x\n",fname,dirtype));
1410                                 TALLOC_FREE(pathreal);
1411                                 TALLOC_FREE(fname);
1412                                 continue;
1413                         }
1414
1415                         if (!(mode & aDIR)) {
1416                                 file_size = get_file_size_stat(&sbuf);
1417                         }
1418                         allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,NULL,&sbuf);
1419
1420                         mdate_ts = sbuf.st_ex_mtime;
1421                         adate_ts = sbuf.st_ex_atime;
1422                         create_date_ts = sbuf.st_ex_btime;
1423
1424                         if (ask_sharemode) {
1425                                 struct timespec write_time_ts;
1426                                 struct file_id fileid;
1427
1428                                 fileid = vfs_file_id_from_sbuf(conn, &sbuf);
1429                                 get_file_infos(fileid, NULL, &write_time_ts);
1430                                 if (!null_timespec(write_time_ts)) {
1431                                         mdate_ts = write_time_ts;
1432                                 }
1433                         }
1434
1435                         if (lp_dos_filetime_resolution(SNUM(conn))) {
1436                                 dos_filetime_timespec(&create_date_ts);
1437                                 dos_filetime_timespec(&mdate_ts);
1438                                 dos_filetime_timespec(&adate_ts);
1439                         }
1440
1441                         create_date = convert_timespec_to_time_t(create_date_ts);
1442                         mdate = convert_timespec_to_time_t(mdate_ts);
1443                         adate = convert_timespec_to_time_t(adate_ts);
1444
1445                         DEBUG(5,("get_lanman2_dir_entry: found %s fname=%s\n",
1446                                 pathreal,fname));
1447
1448                         found = True;
1449
1450                         dptr_DirCacheAdd(conn->dirptr, dname, curr_dirpos);
1451                 }
1452
1453                 if (!found)
1454                         TALLOC_FREE(fname);
1455         }
1456
1457         p = pdata;
1458         last_entry_ptr = p;
1459
1460         nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL;
1461
1462         switch (info_level) {
1463                 case SMB_FIND_INFO_STANDARD:
1464                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_INFO_STANDARD\n"));
1465                         if(requires_resume_key) {
1466                                 SIVAL(p,0,reskey);
1467                                 p += 4;
1468                         }
1469                         srv_put_dos_date2(p,0,create_date);
1470                         srv_put_dos_date2(p,4,adate);
1471                         srv_put_dos_date2(p,8,mdate);
1472                         SIVAL(p,12,(uint32)file_size);
1473                         SIVAL(p,16,(uint32)allocation_size);
1474                         SSVAL(p,20,mode);
1475                         p += 23;
1476                         nameptr = p;
1477                         if (flags2 & FLAGS2_UNICODE_STRINGS) {
1478                                 p += ucs2_align(base_data, p, 0);
1479                         }
1480                         len = srvstr_push(base_data, flags2, p,
1481                                           fname, PTR_DIFF(end_data, p),
1482                                           STR_TERMINATE);
1483                         if (flags2 & FLAGS2_UNICODE_STRINGS) {
1484                                 if (len > 2) {
1485                                         SCVAL(nameptr, -1, len - 2);
1486                                 } else {
1487                                         SCVAL(nameptr, -1, 0);
1488                                 }
1489                         } else {
1490                                 if (len > 1) {
1491                                         SCVAL(nameptr, -1, len - 1);
1492                                 } else {
1493                                         SCVAL(nameptr, -1, 0);
1494                                 }
1495                         }
1496                         p += len;
1497                         break;
1498
1499                 case SMB_FIND_EA_SIZE:
1500                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_EA_SIZE\n"));
1501                         if(requires_resume_key) {
1502                                 SIVAL(p,0,reskey);
1503                                 p += 4;
1504                         }
1505                         srv_put_dos_date2(p,0,create_date);
1506                         srv_put_dos_date2(p,4,adate);
1507                         srv_put_dos_date2(p,8,mdate);
1508                         SIVAL(p,12,(uint32)file_size);
1509                         SIVAL(p,16,(uint32)allocation_size);
1510                         SSVAL(p,20,mode);
1511                         {
1512                                 unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1513                                 SIVAL(p,22,ea_size); /* Extended attributes */
1514                         }
1515                         p += 27;
1516                         nameptr = p - 1;
1517                         len = srvstr_push(base_data, flags2,
1518                                           p, fname, PTR_DIFF(end_data, p),
1519                                           STR_TERMINATE | STR_NOALIGN);
1520                         if (flags2 & FLAGS2_UNICODE_STRINGS) {
1521                                 if (len > 2) {
1522                                         len -= 2;
1523                                 } else {
1524                                         len = 0;
1525                                 }
1526                         } else {
1527                                 if (len > 1) {
1528                                         len -= 1;
1529                                 } else {
1530                                         len = 0;
1531                                 }
1532                         }
1533                         SCVAL(nameptr,0,len);
1534                         p += len;
1535                         SCVAL(p,0,0); p += 1; /* Extra zero byte ? - why.. */
1536                         break;
1537
1538                 case SMB_FIND_EA_LIST:
1539                 {
1540                         struct ea_list *file_list = NULL;
1541                         size_t ea_len = 0;
1542
1543                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_EA_LIST\n"));
1544                         if (!name_list) {
1545                                 return False;
1546                         }
1547                         if(requires_resume_key) {
1548                                 SIVAL(p,0,reskey);
1549                                 p += 4;
1550                         }
1551                         srv_put_dos_date2(p,0,create_date);
1552                         srv_put_dos_date2(p,4,adate);
1553                         srv_put_dos_date2(p,8,mdate);
1554                         SIVAL(p,12,(uint32)file_size);
1555                         SIVAL(p,16,(uint32)allocation_size);
1556                         SSVAL(p,20,mode);
1557                         p += 22; /* p now points to the EA area. */
1558
1559                         file_list = get_ea_list_from_file(ctx, conn, NULL, pathreal, &ea_len);
1560                         name_list = ea_list_union(name_list, file_list, &ea_len);
1561
1562                         /* We need to determine if this entry will fit in the space available. */
1563                         /* Max string size is 255 bytes. */
1564                         if (PTR_DIFF(p + 255 + ea_len,pdata) > space_remaining) {
1565                                 /* Move the dirptr back to prev_dirpos */
1566                                 dptr_SeekDir(conn->dirptr, prev_dirpos);
1567                                 *out_of_space = True;
1568                                 DEBUG(9,("get_lanman2_dir_entry: out of space\n"));
1569                                 return False; /* Not finished - just out of space */
1570                         }
1571
1572                         /* Push the ea_data followed by the name. */
1573                         p += fill_ea_buffer(ctx, p, space_remaining, conn, name_list);
1574                         nameptr = p;
1575                         len = srvstr_push(base_data, flags2,
1576                                           p + 1, fname, PTR_DIFF(end_data, p+1),
1577                                           STR_TERMINATE | STR_NOALIGN);
1578                         if (flags2 & FLAGS2_UNICODE_STRINGS) {
1579                                 if (len > 2) {
1580                                         len -= 2;
1581                                 } else {
1582                                         len = 0;
1583                                 }
1584                         } else {
1585                                 if (len > 1) {
1586                                         len -= 1;
1587                                 } else {
1588                                         len = 0;
1589                                 }
1590                         }
1591                         SCVAL(nameptr,0,len);
1592                         p += len + 1;
1593                         SCVAL(p,0,0); p += 1; /* Extra zero byte ? - why.. */
1594                         break;
1595                 }
1596
1597                 case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
1598                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO\n"));
1599                         was_8_3 = mangle_is_8_3(fname, True, conn->params);
1600                         p += 4;
1601                         SIVAL(p,0,reskey); p += 4;
1602                         put_long_date_timespec(p,create_date_ts); p += 8;
1603                         put_long_date_timespec(p,adate_ts); p += 8;
1604                         put_long_date_timespec(p,mdate_ts); p += 8;
1605                         put_long_date_timespec(p,mdate_ts); p += 8;
1606                         SOFF_T(p,0,file_size); p += 8;
1607                         SOFF_T(p,0,allocation_size); p += 8;
1608                         SIVAL(p,0,nt_extmode); p += 4;
1609                         q = p; p += 4; /* q is placeholder for name length. */
1610                         {
1611                                 unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1612                                 SIVAL(p,0,ea_size); /* Extended attributes */
1613                                 p += 4;
1614                         }
1615                         /* Clear the short name buffer. This is
1616                          * IMPORTANT as not doing so will trigger
1617                          * a Win2k client bug. JRA.
1618                          */
1619                         if (!was_8_3 && check_mangled_names) {
1620                                 if (!name_to_8_3(fname,mangled_name,True,
1621                                                    conn->params)) {
1622                                         /* Error - mangle failed ! */
1623                                         memset(mangled_name,'\0',12);
1624                                 }
1625                                 mangled_name[12] = 0;
1626                                 len = srvstr_push(base_data, flags2,
1627                                                   p+2, mangled_name, 24,
1628                                                   STR_UPPER|STR_UNICODE);
1629                                 if (len < 24) {
1630                                         memset(p + 2 + len,'\0',24 - len);
1631                                 }
1632                                 SSVAL(p, 0, len);
1633                         } else {
1634                                 memset(p,'\0',26);
1635                         }
1636                         p += 2 + 24;
1637                         len = srvstr_push(base_data, flags2, p,
1638                                           fname, PTR_DIFF(end_data, p),
1639                                           STR_TERMINATE_ASCII);
1640                         SIVAL(q,0,len);
1641                         p += len;
1642                         SIVAL(p,0,0); /* Ensure any padding is null. */
1643                         len = PTR_DIFF(p, pdata);
1644                         len = (len + 3) & ~3;
1645                         SIVAL(pdata,0,len);
1646                         p = pdata + len;
1647                         break;
1648
1649                 case SMB_FIND_FILE_DIRECTORY_INFO:
1650                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_DIRECTORY_INFO\n"));
1651                         p += 4;
1652                         SIVAL(p,0,reskey); p += 4;
1653                         put_long_date_timespec(p,create_date_ts); p += 8;
1654                         put_long_date_timespec(p,adate_ts); p += 8;
1655                         put_long_date_timespec(p,mdate_ts); p += 8;
1656                         put_long_date_timespec(p,mdate_ts); p += 8;
1657                         SOFF_T(p,0,file_size); p += 8;
1658                         SOFF_T(p,0,allocation_size); p += 8;
1659                         SIVAL(p,0,nt_extmode); p += 4;
1660                         len = srvstr_push(base_data, flags2,
1661                                           p + 4, fname, PTR_DIFF(end_data, p+4),
1662                                           STR_TERMINATE_ASCII);
1663                         SIVAL(p,0,len);
1664                         p += 4 + len;
1665                         SIVAL(p,0,0); /* Ensure any padding is null. */
1666                         len = PTR_DIFF(p, pdata);
1667                         len = (len + 3) & ~3;
1668                         SIVAL(pdata,0,len);
1669                         p = pdata + len;
1670                         break;
1671
1672                 case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
1673                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_FULL_DIRECTORY_INFO\n"));
1674                         p += 4;
1675                         SIVAL(p,0,reskey); p += 4;
1676                         put_long_date_timespec(p,create_date_ts); p += 8;
1677                         put_long_date_timespec(p,adate_ts); p += 8;
1678                         put_long_date_timespec(p,mdate_ts); p += 8;
1679                         put_long_date_timespec(p,mdate_ts); p += 8;
1680                         SOFF_T(p,0,file_size); p += 8;
1681                         SOFF_T(p,0,allocation_size); p += 8;
1682                         SIVAL(p,0,nt_extmode); p += 4;
1683                         q = p; p += 4; /* q is placeholder for name length. */
1684                         {
1685                                 unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1686                                 SIVAL(p,0,ea_size); /* Extended attributes */
1687                                 p +=4;
1688                         }
1689                         len = srvstr_push(base_data, flags2, p,
1690                                           fname, PTR_DIFF(end_data, p),
1691                                           STR_TERMINATE_ASCII);
1692                         SIVAL(q, 0, len);
1693                         p += len;
1694
1695                         SIVAL(p,0,0); /* Ensure any padding is null. */
1696                         len = PTR_DIFF(p, pdata);
1697                         len = (len + 3) & ~3;
1698                         SIVAL(pdata,0,len);
1699                         p = pdata + len;
1700                         break;
1701
1702                 case SMB_FIND_FILE_NAMES_INFO:
1703                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_NAMES_INFO\n"));
1704                         p += 4;
1705                         SIVAL(p,0,reskey); p += 4;
1706                         p += 4;
1707                         /* this must *not* be null terminated or w2k gets in a loop trying to set an
1708                            acl on a dir (tridge) */
1709                         len = srvstr_push(base_data, flags2, p,
1710                                           fname, PTR_DIFF(end_data, p),
1711                                           STR_TERMINATE_ASCII);
1712                         SIVAL(p, -4, len);
1713                         p += len;
1714                         SIVAL(p,0,0); /* Ensure any padding is null. */
1715                         len = PTR_DIFF(p, pdata);
1716                         len = (len + 3) & ~3;
1717                         SIVAL(pdata,0,len);
1718                         p = pdata + len;
1719                         break;
1720
1721                 case SMB_FIND_ID_FULL_DIRECTORY_INFO:
1722                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_ID_FULL_DIRECTORY_INFO\n"));
1723                         p += 4;
1724                         SIVAL(p,0,reskey); p += 4;
1725                         put_long_date_timespec(p,create_date_ts); p += 8;
1726                         put_long_date_timespec(p,adate_ts); p += 8;
1727                         put_long_date_timespec(p,mdate_ts); p += 8;
1728                         put_long_date_timespec(p,mdate_ts); p += 8;
1729                         SOFF_T(p,0,file_size); p += 8;
1730                         SOFF_T(p,0,allocation_size); p += 8;
1731                         SIVAL(p,0,nt_extmode); p += 4;
1732                         q = p; p += 4; /* q is placeholder for name length. */
1733                         {
1734                                 unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1735                                 SIVAL(p,0,ea_size); /* Extended attributes */
1736                                 p +=4;
1737                         }
1738                         SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
1739                         SIVAL(p,0,sbuf.st_ex_ino); p += 4; /* FileIndexLow */
1740                         SIVAL(p,0,sbuf.st_ex_dev); p += 4; /* FileIndexHigh */
1741                         len = srvstr_push(base_data, flags2, p,
1742                                           fname, PTR_DIFF(end_data, p),
1743                                           STR_TERMINATE_ASCII);
1744                         SIVAL(q, 0, len);
1745                         p += len; 
1746                         SIVAL(p,0,0); /* Ensure any padding is null. */
1747                         len = PTR_DIFF(p, pdata);
1748                         len = (len + 3) & ~3;
1749                         SIVAL(pdata,0,len);
1750                         p = pdata + len;
1751                         break;
1752
1753                 case SMB_FIND_ID_BOTH_DIRECTORY_INFO:
1754                         DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_ID_BOTH_DIRECTORY_INFO\n"));
1755                         was_8_3 = mangle_is_8_3(fname, True, conn->params);
1756                         p += 4;
1757                         SIVAL(p,0,reskey); p += 4;
1758                         put_long_date_timespec(p,create_date_ts); p += 8;
1759                         put_long_date_timespec(p,adate_ts); p += 8;
1760                         put_long_date_timespec(p,mdate_ts); p += 8;
1761                         put_long_date_timespec(p,mdate_ts); p += 8;
1762                         SOFF_T(p,0,file_size); p += 8;
1763                         SOFF_T(p,0,allocation_size); p += 8;
1764                         SIVAL(p,0,nt_extmode); p += 4;
1765                         q = p; p += 4; /* q is placeholder for name length */
1766                         {
1767                                 unsigned int ea_size = estimate_ea_size(conn, NULL, pathreal);
1768                                 SIVAL(p,0,ea_size); /* Extended attributes */
1769                                 p +=4;
1770                         }
1771                         /* Clear the short name buffer. This is
1772                          * IMPORTANT as not doing so will trigger
1773                          * a Win2k client bug. JRA.
1774                          */
1775                         if (!was_8_3 && check_mangled_names) {
1776                                 if (!name_to_8_3(fname,mangled_name,True,
1777                                                 conn->params)) {
1778                                         /* Error - mangle failed ! */
1779                                         memset(mangled_name,'\0',12);
1780                                 }
1781                                 mangled_name[12] = 0;
1782                                 len = srvstr_push(base_data, flags2,
1783                                                   p+2, mangled_name, 24,
1784                                                   STR_UPPER|STR_UNICODE);
1785                                 SSVAL(p, 0, len);
1786                                 if (len < 24) {
1787                                         memset(p + 2 + len,'\0',24 - len);
1788                                 }
1789                                 SSVAL(p, 0, len);
1790                         } else {
1791                                 memset(p,'\0',26);
1792                         }
1793                         p += 26;
1794                         SSVAL(p,0,0); p += 2; /* Reserved ? */
1795                         SIVAL(p,0,sbuf.st_ex_ino); p += 4; /* FileIndexLow */
1796                         SIVAL(p,0,sbuf.st_ex_dev); p += 4; /* FileIndexHigh */
1797                         len = srvstr_push(base_data, flags2, p,
1798                                           fname, PTR_DIFF(end_data, p),
1799                                           STR_TERMINATE_ASCII);
1800                         SIVAL(q,0,len);
1801                         p += len;
1802                         SIVAL(p,0,0); /* Ensure any padding is null. */
1803                         len = PTR_DIFF(p, pdata);
1804                         len = (len + 3) & ~3;
1805                         SIVAL(pdata,0,len);
1806                         p = pdata + len;
1807                         break;
1808
1809                 /* CIFS UNIX Extension. */
1810
1811                 case SMB_FIND_FILE_UNIX:
1812                 case SMB_FIND_FILE_UNIX_INFO2:
1813                         p+= 4;
1814                         SIVAL(p,0,reskey); p+= 4;    /* Used for continuing search. */
1815
1816                         /* Begin of SMB_QUERY_FILE_UNIX_BASIC */
1817
1818                         if (info_level == SMB_FIND_FILE_UNIX) {
1819                                 DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_UNIX\n"));
1820                                 p = store_file_unix_basic(conn, p,
1821                                                         NULL, &sbuf);
1822                                 len = srvstr_push(base_data, flags2, p,
1823                                                   fname, PTR_DIFF(end_data, p),
1824                                                   STR_TERMINATE);
1825                         } else {
1826                                 DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_UNIX_INFO2\n"));
1827                                 p = store_file_unix_basic_info2(conn, p,
1828                                                         NULL, &sbuf);
1829                                 nameptr = p;
1830                                 p += 4;
1831                                 len = srvstr_push(base_data, flags2, p, fname,
1832                                                   PTR_DIFF(end_data, p), 0);
1833                                 SIVAL(nameptr, 0, len);
1834                         }
1835
1836                         p += len;
1837                         SIVAL(p,0,0); /* Ensure any padding is null. */
1838
1839                         len = PTR_DIFF(p, pdata);
1840                         len = (len + 3) & ~3;
1841                         SIVAL(pdata,0,len);     /* Offset from this structure to the beginning of the next one */
1842                         p = pdata + len;
1843                         /* End of SMB_QUERY_FILE_UNIX_BASIC */
1844
1845                         break;
1846
1847                 default:
1848                         TALLOC_FREE(fname);
1849                         return(False);
1850         }
1851
1852         TALLOC_FREE(fname);
1853         if (PTR_DIFF(p,pdata) > space_remaining) {
1854                 /* Move the dirptr back to prev_dirpos */
1855                 dptr_SeekDir(conn->dirptr, prev_dirpos);
1856                 *out_of_space = True;
1857                 DEBUG(9,("get_lanman2_dir_entry: out of space\n"));
1858                 return False; /* Not finished - just out of space */
1859         }
1860
1861         /* Setup the last entry pointer, as an offset from base_data */
1862         *last_entry_off = PTR_DIFF(last_entry_ptr,base_data);
1863         /* Advance the data pointer to the next slot */
1864         *ppdata = p;
1865
1866         return(found);
1867 }
1868
1869 /****************************************************************************
1870  Reply to a TRANS2_FINDFIRST.
1871 ****************************************************************************/
1872
1873 static void call_trans2findfirst(connection_struct *conn,
1874                                  struct smb_request *req,
1875                                  char **pparams, int total_params,
1876                                  char **ppdata, int total_data,
1877                                  unsigned int max_data_bytes)
1878 {
1879         /* We must be careful here that we don't return more than the
1880                 allowed number of data bytes. If this means returning fewer than
1881                 maxentries then so be it. We assume that the redirector has
1882                 enough room for the fixed number of parameter bytes it has
1883                 requested. */
1884         struct smb_filename *smb_dname = NULL;
1885         char *params = *pparams;
1886         char *pdata = *ppdata;
1887         char *data_end;
1888         uint32 dirtype;
1889         int maxentries;
1890         uint16 findfirst_flags;
1891         bool close_after_first;
1892         bool close_if_end;
1893         bool requires_resume_key;
1894         int info_level;
1895         char *directory = NULL;
1896         char *mask = NULL;
1897         char *p;
1898         int last_entry_off=0;
1899         int dptr_num = -1;
1900         int numentries = 0;
1901         int i;
1902         bool finished = False;
1903         bool dont_descend = False;
1904         bool out_of_space = False;
1905         int space_remaining;
1906         bool mask_contains_wcard = False;
1907         struct ea_list *ea_list = NULL;
1908         NTSTATUS ntstatus = NT_STATUS_OK;
1909         bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1910         TALLOC_CTX *ctx = talloc_tos();
1911
1912         if (total_params < 13) {
1913                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1914                 return;
1915         }
1916
1917         dirtype = SVAL(params,0);
1918         maxentries = SVAL(params,2);
1919         findfirst_flags = SVAL(params,4);
1920         close_after_first = (findfirst_flags & FLAG_TRANS2_FIND_CLOSE);
1921         close_if_end = (findfirst_flags & FLAG_TRANS2_FIND_CLOSE_IF_END);
1922         requires_resume_key = (findfirst_flags & FLAG_TRANS2_FIND_REQUIRE_RESUME);
1923         info_level = SVAL(params,6);
1924
1925         DEBUG(3,("call_trans2findfirst: dirtype = %x, maxentries = %d, close_after_first=%d, \
1926 close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
1927                 (unsigned int)dirtype, maxentries, close_after_first, close_if_end, requires_resume_key,
1928                 info_level, max_data_bytes));
1929
1930         if (!maxentries) {
1931                 /* W2K3 seems to treat zero as 1. */
1932                 maxentries = 1;
1933         }
1934
1935         switch (info_level) {
1936                 case SMB_FIND_INFO_STANDARD:
1937                 case SMB_FIND_EA_SIZE:
1938                 case SMB_FIND_EA_LIST:
1939                 case SMB_FIND_FILE_DIRECTORY_INFO:
1940                 case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
1941                 case SMB_FIND_FILE_NAMES_INFO:
1942                 case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
1943                 case SMB_FIND_ID_FULL_DIRECTORY_INFO:
1944                 case SMB_FIND_ID_BOTH_DIRECTORY_INFO:
1945                         break;
1946                 case SMB_FIND_FILE_UNIX:
1947                 case SMB_FIND_FILE_UNIX_INFO2:
1948                         /* Always use filesystem for UNIX mtime query. */
1949                         ask_sharemode = false;
1950                         if (!lp_unix_extensions()) {
1951                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
1952                                 return;
1953                         }
1954                         break;
1955                 default:
1956                         reply_nterror(req, NT_STATUS_INVALID_LEVEL);
1957                         return;
1958         }
1959
1960         srvstr_get_path_wcard(ctx, params, req->flags2, &directory,
1961                               params+12, total_params - 12,
1962                               STR_TERMINATE, &ntstatus, &mask_contains_wcard);
1963         if (!NT_STATUS_IS_OK(ntstatus)) {
1964                 reply_nterror(req, ntstatus);
1965                 return;
1966         }
1967
1968         ntstatus = resolve_dfspath_wcard(ctx, conn,
1969                         req->flags2 & FLAGS2_DFS_PATHNAMES,
1970                         directory,
1971                         &directory,
1972                         &mask_contains_wcard);
1973         if (!NT_STATUS_IS_OK(ntstatus)) {
1974                 if (NT_STATUS_EQUAL(ntstatus,NT_STATUS_PATH_NOT_COVERED)) {
1975                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1976                                         ERRSRV, ERRbadpath);
1977                         return;
1978                 }
1979                 reply_nterror(req, ntstatus);
1980                 return;
1981         }
1982
1983         ntstatus = unix_convert(ctx, conn, directory, &smb_dname,
1984                                 (UCF_SAVE_LCOMP | UCF_ALLOW_WCARD_LCOMP));
1985         if (!NT_STATUS_IS_OK(ntstatus)) {
1986                 reply_nterror(req, ntstatus);
1987                 return;
1988         }
1989
1990         mask = smb_dname->original_lcomp;
1991
1992         ntstatus = get_full_smb_filename(ctx, smb_dname, &directory);
1993         TALLOC_FREE(smb_dname);
1994         if (!NT_STATUS_IS_OK(ntstatus)) {
1995                 reply_nterror(req, ntstatus);
1996                 return;
1997         }
1998
1999         ntstatus = check_name(conn, directory);
2000         if (!NT_STATUS_IS_OK(ntstatus)) {
2001                 reply_nterror(req, ntstatus);
2002                 return;
2003         }
2004
2005         p = strrchr_m(directory,'/');
2006         if(p == NULL) {
2007                 /* Windows and OS/2 systems treat search on the root '\' as if it were '\*' */
2008                 if((directory[0] == '.') && (directory[1] == '\0')) {
2009                         mask = talloc_strdup(ctx,"*");
2010                         if (!mask) {
2011                                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2012                                 return;
2013                         }
2014                         mask_contains_wcard = True;
2015                 }
2016                 directory = talloc_strdup(talloc_tos(), "./");
2017                 if (!directory) {
2018                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2019                         return;
2020                 }
2021         } else {
2022                 *p = 0;
2023         }
2024
2025         DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
2026
2027         if (info_level == SMB_FIND_EA_LIST) {
2028                 uint32 ea_size;
2029
2030                 if (total_data < 4) {
2031                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2032                         return;
2033                 }
2034
2035                 ea_size = IVAL(pdata,0);
2036                 if (ea_size != total_data) {
2037                         DEBUG(4,("call_trans2findfirst: Rejecting EA request with incorrect \
2038 total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pdata,0) ));
2039                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2040                         return;
2041                 }
2042
2043                 if (!lp_ea_support(SNUM(conn))) {
2044                         reply_doserror(req, ERRDOS, ERReasnotsupported);
2045                         return;
2046                 }
2047
2048                 /* Pull out the list of names. */
2049                 ea_list = read_ea_name_list(ctx, pdata + 4, ea_size - 4);
2050                 if (!ea_list) {
2051                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2052                         return;
2053                 }
2054         }
2055
2056         *ppdata = (char *)SMB_REALLOC(
2057                 *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
2058         if(*ppdata == NULL ) {
2059                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2060                 return;
2061         }
2062         pdata = *ppdata;
2063         data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
2064
2065         /* Realloc the params space */
2066         *pparams = (char *)SMB_REALLOC(*pparams, 10);
2067         if (*pparams == NULL) {
2068                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2069                 return;
2070         }
2071         params = *pparams;
2072
2073         /* Save the wildcard match and attribs we are using on this directory -
2074                 needed as lanman2 assumes these are being saved between calls */
2075
2076         ntstatus = dptr_create(conn,
2077                                 directory,
2078                                 False,
2079                                 True,
2080                                 req->smbpid,
2081                                 mask,
2082                                 mask_contains_wcard,
2083                                 dirtype,
2084                                 &conn->dirptr);
2085
2086         if (!NT_STATUS_IS_OK(ntstatus)) {
2087                 reply_nterror(req, ntstatus);
2088                 return;
2089         }
2090
2091         dptr_num = dptr_dnum(conn->dirptr);
2092         DEBUG(4,("dptr_num is %d, wcard = %s, attr = %d\n", dptr_num, mask, dirtype));
2093
2094         /* Initialize per TRANS2_FIND_FIRST operation data */
2095         dptr_init_search_op(conn->dirptr);
2096
2097         /* We don't need to check for VOL here as this is returned by
2098                 a different TRANS2 call. */
2099
2100         DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n", conn->dirpath,lp_dontdescend(SNUM(conn))));
2101         if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),conn->case_sensitive))
2102                 dont_descend = True;
2103
2104         p = pdata;
2105         space_remaining = max_data_bytes;
2106         out_of_space = False;
2107
2108         for (i=0;(i<maxentries) && !finished && !out_of_space;i++) {
2109                 bool got_exact_match = False;
2110
2111                 /* this is a heuristic to avoid seeking the dirptr except when
2112                         absolutely necessary. It allows for a filename of about 40 chars */
2113                 if (space_remaining < DIRLEN_GUESS && numentries > 0) {
2114                         out_of_space = True;
2115                         finished = False;
2116                 } else {
2117                         finished = !get_lanman2_dir_entry(ctx,
2118                                         conn,
2119                                         req->flags2,
2120                                         mask,dirtype,info_level,
2121                                         requires_resume_key,dont_descend,
2122                                         ask_sharemode,
2123                                         &p,pdata,data_end,
2124                                         space_remaining, &out_of_space,
2125                                         &got_exact_match,
2126                                         &last_entry_off, ea_list);
2127                 }
2128
2129                 if (finished && out_of_space)
2130                         finished = False;
2131
2132                 if (!finished && !out_of_space)
2133                         numentries++;
2134
2135                 /*
2136                  * As an optimisation if we know we aren't looking
2137                  * for a wildcard name (ie. the name matches the wildcard exactly)
2138                  * then we can finish on any (first) match.
2139                  * This speeds up large directory searches. JRA.
2140                  */
2141
2142                 if(got_exact_match)
2143                         finished = True;
2144
2145                 /* Ensure space_remaining never goes -ve. */
2146                 if (PTR_DIFF(p,pdata) > max_data_bytes) {
2147                         space_remaining = 0;
2148                         out_of_space = true;
2149                 } else {
2150                         space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
2151                 }
2152         }
2153
2154         /* Check if we can close the dirptr */
2155         if(close_after_first || (finished && close_if_end)) {
2156                 DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num));
2157                 dptr_close(&dptr_num);
2158         }
2159
2160         /*
2161          * If there are no matching entries we must return ERRDOS/ERRbadfile -
2162          * from observation of NT. NB. This changes to ERRDOS,ERRnofiles if
2163          * the protocol level is less than NT1. Tested with smbclient. JRA.
2164          * This should fix the OS/2 client bug #2335.
2165          */
2166
2167         if(numentries == 0) {
2168                 dptr_close(&dptr_num);
2169                 if (Protocol < PROTOCOL_NT1) {
2170                         reply_doserror(req, ERRDOS, ERRnofiles);
2171                         return;
2172                 } else {
2173                         reply_botherror(req, NT_STATUS_NO_SUCH_FILE,
2174                                         ERRDOS, ERRbadfile);
2175                         return;
2176                 }
2177         }
2178
2179         /* At this point pdata points to numentries directory entries. */
2180
2181         /* Set up the return parameter block */
2182         SSVAL(params,0,dptr_num);
2183         SSVAL(params,2,numentries);
2184         SSVAL(params,4,finished);
2185         SSVAL(params,6,0); /* Never an EA error */
2186         SSVAL(params,8,last_entry_off);
2187
2188         send_trans2_replies(conn, req, params, 10, pdata, PTR_DIFF(p,pdata),
2189                             max_data_bytes);
2190
2191         if ((! *directory) && dptr_path(dptr_num)) {
2192                 directory = talloc_strdup(talloc_tos(),dptr_path(dptr_num));
2193                 if (!directory) {
2194                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2195                 }
2196         }
2197
2198         DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
2199                 smb_fn_name(req->cmd),
2200                 mask, directory, dirtype, numentries ) );
2201
2202         /*
2203          * Force a name mangle here to ensure that the
2204          * mask as an 8.3 name is top of the mangled cache.
2205          * The reasons for this are subtle. Don't remove
2206          * this code unless you know what you are doing
2207          * (see PR#13758). JRA.
2208          */
2209
2210         if(!mangle_is_8_3_wildcards( mask, False, conn->params)) {
2211                 char mangled_name[13];
2212                 name_to_8_3(mask, mangled_name, True, conn->params);
2213         }
2214
2215         return;
2216 }
2217
2218 /****************************************************************************
2219  Reply to a TRANS2_FINDNEXT.
2220 ****************************************************************************/
2221
2222 static void call_trans2findnext(connection_struct *conn,
2223                                 struct smb_request *req,
2224                                 char **pparams, int total_params,
2225                                 char **ppdata, int total_data,
2226                                 unsigned int max_data_bytes)
2227 {
2228         /* We must be careful here that we don't return more than the
2229                 allowed number of data bytes. If this means returning fewer than
2230                 maxentries then so be it. We assume that the redirector has
2231                 enough room for the fixed number of parameter bytes it has
2232                 requested. */
2233         char *params = *pparams;
2234         char *pdata = *ppdata;
2235         char *data_end;
2236         int dptr_num;
2237         int maxentries;
2238         uint16 info_level;
2239         uint32 resume_key;
2240         uint16 findnext_flags;
2241         bool close_after_request;
2242         bool close_if_end;
2243         bool requires_resume_key;
2244         bool continue_bit;
2245         bool mask_contains_wcard = False;
2246         char *resume_name = NULL;
2247         const char *mask = NULL;
2248         const char *directory = NULL;
2249         char *p = NULL;
2250         uint16 dirtype;
2251         int numentries = 0;
2252         int i, last_entry_off=0;
2253         bool finished = False;
2254         bool dont_descend = False;
2255         bool out_of_space = False;
2256         int space_remaining;
2257         struct ea_list *ea_list = NULL;
2258         NTSTATUS ntstatus = NT_STATUS_OK;
2259         bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
2260         TALLOC_CTX *ctx = talloc_tos();
2261
2262         if (total_params < 13) {
2263                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2264                 return;
2265         }
2266
2267         dptr_num = SVAL(params,0);
2268         maxentries = SVAL(params,2);
2269         info_level = SVAL(params,4);
2270         resume_key = IVAL(params,6);
2271         findnext_flags = SVAL(params,10);
2272         close_after_request = (findnext_flags & FLAG_TRANS2_FIND_CLOSE);
2273         close_if_end = (findnext_flags & FLAG_TRANS2_FIND_CLOSE_IF_END);
2274         requires_resume_key = (findnext_flags & FLAG_TRANS2_FIND_REQUIRE_RESUME);
2275         continue_bit = (findnext_flags & FLAG_TRANS2_FIND_CONTINUE);
2276
2277         srvstr_get_path_wcard(ctx, params, req->flags2, &resume_name,
2278                               params+12,
2279                               total_params - 12, STR_TERMINATE, &ntstatus,
2280                               &mask_contains_wcard);
2281         if (!NT_STATUS_IS_OK(ntstatus)) {
2282                 /* Win9x or OS/2 can send a resume name of ".." or ".". This will cause the parser to
2283                    complain (it thinks we're asking for the directory above the shared
2284                    path or an invalid name). Catch this as the resume name is only compared, never used in
2285                    a file access. JRA. */
2286                 srvstr_pull_talloc(ctx, params, req->flags2,
2287                                 &resume_name, params+12,
2288                                 total_params - 12,
2289                                 STR_TERMINATE);
2290
2291                 if (!resume_name || !(ISDOT(resume_name) || ISDOTDOT(resume_name))) {
2292                         reply_nterror(req, ntstatus);
2293                         return;
2294                 }
2295         }
2296
2297         DEBUG(3,("call_trans2findnext: dirhandle = %d, max_data_bytes = %d, maxentries = %d, \
2298 close_after_request=%d, close_if_end = %d requires_resume_key = %d \
2299 resume_key = %d resume name = %s continue=%d level = %d\n",
2300                 dptr_num, max_data_bytes, maxentries, close_after_request, close_if_end, 
2301                 requires_resume_key, resume_key, resume_name, continue_bit, info_level));
2302
2303         if (!maxentries) {
2304                 /* W2K3 seems to treat zero as 1. */
2305                 maxentries = 1;
2306         }
2307
2308         switch (info_level) {
2309                 case SMB_FIND_INFO_STANDARD:
2310                 case SMB_FIND_EA_SIZE:
2311                 case SMB_FIND_EA_LIST:
2312                 case SMB_FIND_FILE_DIRECTORY_INFO:
2313                 case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
2314                 case SMB_FIND_FILE_NAMES_INFO:
2315                 case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
2316                 case SMB_FIND_ID_FULL_DIRECTORY_INFO:
2317                 case SMB_FIND_ID_BOTH_DIRECTORY_INFO:
2318                         break;
2319                 case SMB_FIND_FILE_UNIX:
2320                 case SMB_FIND_FILE_UNIX_INFO2:
2321                         /* Always use filesystem for UNIX mtime query. */
2322                         ask_sharemode = false;
2323                         if (!lp_unix_extensions()) {
2324                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2325                                 return;
2326                         }
2327                         break;
2328                 default:
2329                         reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2330                         return;
2331         }
2332
2333         if (info_level == SMB_FIND_EA_LIST) {
2334                 uint32 ea_size;
2335
2336                 if (total_data < 4) {
2337                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2338                         return;
2339                 }
2340
2341                 ea_size = IVAL(pdata,0);
2342                 if (ea_size != total_data) {
2343                         DEBUG(4,("call_trans2findnext: Rejecting EA request with incorrect \
2344 total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pdata,0) ));
2345                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2346                         return;
2347                 }
2348
2349                 if (!lp_ea_support(SNUM(conn))) {
2350                         reply_doserror(req, ERRDOS, ERReasnotsupported);
2351                         return;
2352                 }
2353
2354                 /* Pull out the list of names. */
2355                 ea_list = read_ea_name_list(ctx, pdata + 4, ea_size - 4);
2356                 if (!ea_list) {
2357                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2358                         return;
2359                 }
2360         }
2361
2362         *ppdata = (char *)SMB_REALLOC(
2363                 *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
2364         if(*ppdata == NULL) {
2365                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2366                 return;
2367         }
2368
2369         pdata = *ppdata;
2370         data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
2371
2372         /* Realloc the params space */
2373         *pparams = (char *)SMB_REALLOC(*pparams, 6*SIZEOFWORD);
2374         if(*pparams == NULL ) {
2375                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2376                 return;
2377         }
2378
2379         params = *pparams;
2380
2381         /* Check that the dptr is valid */
2382         if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num))) {
2383                 reply_doserror(req, ERRDOS, ERRnofiles);
2384                 return;
2385         }
2386
2387         string_set(&conn->dirpath,dptr_path(dptr_num));
2388
2389         /* Get the wildcard mask from the dptr */
2390         if((p = dptr_wcard(dptr_num))== NULL) {
2391                 DEBUG(2,("dptr_num %d has no wildcard\n", dptr_num));
2392                 reply_doserror(req, ERRDOS, ERRnofiles);
2393                 return;
2394         }
2395
2396         mask = p;
2397         directory = conn->dirpath;
2398
2399         /* Get the attr mask from the dptr */
2400         dirtype = dptr_attr(dptr_num);
2401
2402         DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%lX,%ld)\n",
2403                 dptr_num, mask, dirtype,
2404                 (long)conn->dirptr,
2405                 dptr_TellDir(conn->dirptr)));
2406
2407         /* Initialize per TRANS2_FIND_NEXT operation data */
2408         dptr_init_search_op(conn->dirptr);
2409
2410         /* We don't need to check for VOL here as this is returned by
2411                 a different TRANS2 call. */
2412
2413         DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",conn->dirpath,lp_dontdescend(SNUM(conn))));
2414         if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),conn->case_sensitive))
2415                 dont_descend = True;
2416
2417         p = pdata;
2418         space_remaining = max_data_bytes;
2419         out_of_space = False;
2420
2421         /*
2422          * Seek to the correct position. We no longer use the resume key but
2423          * depend on the last file name instead.
2424          */
2425
2426         if(*resume_name && !continue_bit) {
2427                 SMB_STRUCT_STAT st;
2428
2429                 long current_pos = 0;
2430                 /*
2431                  * Remember, name_to_8_3 is called by
2432                  * get_lanman2_dir_entry(), so the resume name
2433                  * could be mangled. Ensure we check the unmangled name.
2434                  */
2435
2436                 if (mangle_is_mangled(resume_name, conn->params)) {
2437                         char *new_resume_name = NULL;
2438                         mangle_lookup_name_from_8_3(ctx,
2439                                                 resume_name,
2440                                                 &new_resume_name,
2441                                                 conn->params);
2442                         if (new_resume_name) {
2443                                 resume_name = new_resume_name;
2444                         }
2445                 }
2446
2447                 /*
2448                  * Fix for NT redirector problem triggered by resume key indexes
2449                  * changing between directory scans. We now return a resume key of 0
2450                  * and instead look for the filename to continue from (also given
2451                  * to us by NT/95/smbfs/smbclient). If no other scans have been done between the
2452                  * findfirst/findnext (as is usual) then the directory pointer
2453                  * should already be at the correct place.
2454                  */
2455
2456                 finished = !dptr_SearchDir(conn->dirptr, resume_name, &current_pos, &st);
2457         } /* end if resume_name && !continue_bit */
2458
2459         for (i=0;(i<(int)maxentries) && !finished && !out_of_space ;i++) {
2460                 bool got_exact_match = False;
2461
2462                 /* this is a heuristic to avoid seeking the dirptr except when 
2463                         absolutely necessary. It allows for a filename of about 40 chars */
2464                 if (space_remaining < DIRLEN_GUESS && numentries > 0) {
2465                         out_of_space = True;
2466                         finished = False;
2467                 } else {
2468                         finished = !get_lanman2_dir_entry(ctx,
2469                                                 conn,
2470                                                 req->flags2,
2471                                                 mask,dirtype,info_level,
2472                                                 requires_resume_key,dont_descend,
2473                                                 ask_sharemode,
2474                                                 &p,pdata,data_end,
2475                                                 space_remaining, &out_of_space,
2476                                                 &got_exact_match,
2477                                                 &last_entry_off, ea_list);
2478                 }
2479
2480                 if (finished && out_of_space)
2481                         finished = False;
2482
2483                 if (!finished && !out_of_space)
2484                         numentries++;
2485
2486                 /*
2487                  * As an optimisation if we know we aren't looking
2488                  * for a wildcard name (ie. the name matches the wildcard exactly)
2489                  * then we can finish on any (first) match.
2490                  * This speeds up large directory searches. JRA.
2491                  */
2492
2493                 if(got_exact_match)
2494                         finished = True;
2495
2496                 space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
2497         }
2498
2499         DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
2500                 smb_fn_name(req->cmd),
2501                 mask, directory, dirtype, numentries ) );
2502
2503         /* Check if we can close the dirptr */
2504         if(close_after_request || (finished && close_if_end)) {
2505                 DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num));
2506                 dptr_close(&dptr_num); /* This frees up the saved mask */
2507         }
2508
2509         /* Set up the return parameter block */
2510         SSVAL(params,0,numentries);
2511         SSVAL(params,2,finished);
2512         SSVAL(params,4,0); /* Never an EA error */
2513         SSVAL(params,6,last_entry_off);
2514
2515         send_trans2_replies(conn, req, params, 8, pdata, PTR_DIFF(p,pdata),
2516                             max_data_bytes);
2517
2518         return;
2519 }
2520
2521 unsigned char *create_volume_objectid(connection_struct *conn, unsigned char objid[16])
2522 {
2523         E_md4hash(lp_servicename(SNUM(conn)),objid);
2524         return objid;
2525 }
2526
2527 static void samba_extended_info_version(struct smb_extended_info *extended_info)
2528 {
2529         SMB_ASSERT(extended_info != NULL);
2530
2531         extended_info->samba_magic = SAMBA_EXTENDED_INFO_MAGIC;
2532         extended_info->samba_version = ((SAMBA_VERSION_MAJOR & 0xff) << 24)
2533                                        | ((SAMBA_VERSION_MINOR & 0xff) << 16)
2534                                        | ((SAMBA_VERSION_RELEASE & 0xff) << 8);
2535 #ifdef SAMBA_VERSION_REVISION
2536         extended_info->samba_version |= (tolower(*SAMBA_VERSION_REVISION) - 'a' + 1) & 0xff;
2537 #endif
2538         extended_info->samba_subversion = 0;
2539 #ifdef SAMBA_VERSION_RC_RELEASE
2540         extended_info->samba_subversion |= (SAMBA_VERSION_RC_RELEASE & 0xff) << 24;
2541 #else
2542 #ifdef SAMBA_VERSION_PRE_RELEASE
2543         extended_info->samba_subversion |= (SAMBA_VERSION_PRE_RELEASE & 0xff) << 16;
2544 #endif
2545 #endif
2546 #ifdef SAMBA_VERSION_VENDOR_PATCH
2547         extended_info->samba_subversion |= (SAMBA_VERSION_VENDOR_PATCH & 0xffff);
2548 #endif
2549         extended_info->samba_gitcommitdate = 0;
2550 #ifdef SAMBA_VERSION_GIT_COMMIT_TIME
2551         unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_GIT_COMMIT_TIME);
2552 #endif
2553
2554         memset(extended_info->samba_version_string, 0,
2555                sizeof(extended_info->samba_version_string));
2556
2557         snprintf (extended_info->samba_version_string,
2558                   sizeof(extended_info->samba_version_string),
2559                   "%s", samba_version_string());
2560 }
2561
2562 /****************************************************************************
2563  Reply to a TRANS2_QFSINFO (query filesystem info).
2564 ****************************************************************************/
2565
2566 static void call_trans2qfsinfo(connection_struct *conn,
2567                                struct smb_request *req,
2568                                char **pparams, int total_params,
2569                                char **ppdata, int total_data,
2570                                unsigned int max_data_bytes)
2571 {
2572         char *pdata, *end_data;
2573         char *params = *pparams;
2574         uint16 info_level;
2575         int data_len, len;
2576         SMB_STRUCT_STAT st;
2577         const char *vname = volume_label(SNUM(conn));
2578         int snum = SNUM(conn);
2579         char *fstype = lp_fstype(SNUM(conn));
2580         uint32 additional_flags = 0;
2581
2582         if (total_params < 2) {
2583                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2584                 return;
2585         }
2586
2587         info_level = SVAL(params,0);
2588
2589         if (IS_IPC(conn)) {
2590                 if (info_level != SMB_QUERY_CIFS_UNIX_INFO) {
2591                         DEBUG(0,("call_trans2qfsinfo: not an allowed "
2592                                 "info level (0x%x) on IPC$.\n",
2593                                 (unsigned int)info_level));
2594                         reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2595                         return;
2596                 }
2597         }
2598
2599         if (ENCRYPTION_REQUIRED(conn) && !req->encrypted) {
2600                 if (info_level != SMB_QUERY_CIFS_UNIX_INFO) {
2601                         DEBUG(0,("call_trans2qfsinfo: encryption required "
2602                                 "and info level 0x%x sent.\n",
2603                                 (unsigned int)info_level));
2604                         exit_server_cleanly("encryption required "
2605                                 "on connection");
2606                         return;
2607                 }
2608         }
2609
2610         DEBUG(3,("call_trans2qfsinfo: level = %d\n", info_level));
2611
2612         if(SMB_VFS_STAT(conn,".",&st)!=0) {
2613                 DEBUG(2,("call_trans2qfsinfo: stat of . failed (%s)\n", strerror(errno)));
2614                 reply_doserror(req, ERRSRV, ERRinvdevice);
2615                 return;
2616         }
2617
2618         *ppdata = (char *)SMB_REALLOC(
2619                 *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
2620         if (*ppdata == NULL ) {
2621                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2622                 return;
2623         }
2624
2625         pdata = *ppdata;
2626         memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
2627         end_data = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
2628
2629         switch (info_level) {
2630                 case SMB_INFO_ALLOCATION:
2631                 {
2632                         uint64_t dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
2633                         data_len = 18;
2634                         if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (uint64_t)-1) {
2635                                 reply_unixerror(req, ERRHRD, ERRgeneral);
2636                                 return;
2637                         }
2638
2639                         block_size = lp_block_size(snum);
2640                         if (bsize < block_size) {
2641                                 uint64_t factor = block_size/bsize;
2642                                 bsize = block_size;
2643                                 dsize /= factor;
2644                                 dfree /= factor;
2645                         }
2646                         if (bsize > block_size) {
2647                                 uint64_t factor = bsize/block_size;
2648                                 bsize = block_size;
2649                                 dsize *= factor;
2650                                 dfree *= factor;
2651                         }
2652                         bytes_per_sector = 512;
2653                         sectors_per_unit = bsize/bytes_per_sector;
2654
2655                         DEBUG(5,("call_trans2qfsinfo : SMB_INFO_ALLOCATION id=%x, bsize=%u, cSectorUnit=%u, \
2656 cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_ex_dev, (unsigned int)bsize, (unsigned int)sectors_per_unit,
2657                                 (unsigned int)bytes_per_sector, (unsigned int)dsize, (unsigned int)dfree));
2658
2659                         SIVAL(pdata,l1_idFileSystem,st.st_ex_dev);
2660                         SIVAL(pdata,l1_cSectorUnit,sectors_per_unit);
2661                         SIVAL(pdata,l1_cUnit,dsize);
2662                         SIVAL(pdata,l1_cUnitAvail,dfree);
2663                         SSVAL(pdata,l1_cbSector,bytes_per_sector);
2664                         break;
2665                 }
2666
2667                 case SMB_INFO_VOLUME:
2668                         /* Return volume name */
2669                         /* 
2670                          * Add volume serial number - hash of a combination of
2671                          * the called hostname and the service name.
2672                          */
2673                         SIVAL(pdata,0,str_checksum(lp_servicename(snum)) ^ (str_checksum(get_local_machine_name())<<16) );
2674                         /*
2675                          * Win2k3 and previous mess this up by sending a name length
2676                          * one byte short. I believe only older clients (OS/2 Win9x) use
2677                          * this call so try fixing this by adding a terminating null to
2678                          * the pushed string. The change here was adding the STR_TERMINATE. JRA.
2679                          */
2680                         len = srvstr_push(
2681                                 pdata, req->flags2,
2682                                 pdata+l2_vol_szVolLabel, vname,
2683                                 PTR_DIFF(end_data, pdata+l2_vol_szVolLabel),
2684                                 STR_NOALIGN|STR_TERMINATE);
2685                         SCVAL(pdata,l2_vol_cch,len);
2686                         data_len = l2_vol_szVolLabel + len;
2687                         DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d, name = %s\n",
2688                                  (unsigned)convert_timespec_to_time_t(st.st_ex_ctime),
2689                                  len, vname));
2690                         break;
2691
2692                 case SMB_QUERY_FS_ATTRIBUTE_INFO:
2693                 case SMB_FS_ATTRIBUTE_INFORMATION:
2694
2695                         additional_flags = 0;
2696 #if defined(HAVE_SYS_QUOTAS)
2697                         additional_flags |= FILE_VOLUME_QUOTAS;
2698 #endif
2699
2700                         if(lp_nt_acl_support(SNUM(conn))) {
2701                                 additional_flags |= FILE_PERSISTENT_ACLS;
2702                         }
2703
2704                         /* Capabilities are filled in at connection time through STATVFS call */
2705                         additional_flags |= conn->fs_capabilities;
2706
2707                         SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
2708                                 FILE_SUPPORTS_OBJECT_IDS|FILE_UNICODE_ON_DISK|
2709                                 additional_flags); /* FS ATTRIBUTES */
2710
2711                         SIVAL(pdata,4,255); /* Max filename component length */
2712                         /* NOTE! the fstype must *not* be null terminated or win98 won't recognise it
2713                                 and will think we can't do long filenames */
2714                         len = srvstr_push(pdata, req->flags2, pdata+12, fstype,
2715                                           PTR_DIFF(end_data, pdata+12),
2716                                           STR_UNICODE);
2717                         SIVAL(pdata,8,len);
2718                         data_len = 12 + len;
2719                         break;
2720
2721                 case SMB_QUERY_FS_LABEL_INFO:
2722                 case SMB_FS_LABEL_INFORMATION:
2723                         len = srvstr_push(pdata, req->flags2, pdata+4, vname,
2724                                           PTR_DIFF(end_data, pdata+4), 0);
2725                         data_len = 4 + len;
2726                         SIVAL(pdata,0,len);
2727                         break;
2728
2729                 case SMB_QUERY_FS_VOLUME_INFO:      
2730                 case SMB_FS_VOLUME_INFORMATION:
2731
2732                         /* 
2733                          * Add volume serial number - hash of a combination of
2734                          * the called hostname and the service name.
2735                          */
2736                         SIVAL(pdata,8,str_checksum(lp_servicename(snum)) ^ 
2737                                 (str_checksum(get_local_machine_name())<<16));
2738
2739                         /* Max label len is 32 characters. */
2740                         len = srvstr_push(pdata, req->flags2, pdata+18, vname,
2741                                           PTR_DIFF(end_data, pdata+18),
2742                                           STR_UNICODE);
2743                         SIVAL(pdata,12,len);
2744                         data_len = 18+len;
2745
2746                         DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n", 
2747                                 (int)strlen(vname),vname, lp_servicename(snum)));
2748                         break;
2749
2750                 case SMB_QUERY_FS_SIZE_INFO:
2751                 case SMB_FS_SIZE_INFORMATION:
2752                 {
2753                         uint64_t dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
2754                         data_len = 24;
2755                         if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (uint64_t)-1) {
2756                                 reply_unixerror(req, ERRHRD, ERRgeneral);
2757                                 return;
2758                         }
2759                         block_size = lp_block_size(snum);
2760                         if (bsize < block_size) {
2761                                 uint64_t factor = block_size/bsize;
2762                                 bsize = block_size;
2763                                 dsize /= factor;
2764                                 dfree /= factor;
2765                         }
2766                         if (bsize > block_size) {
2767                                 uint64_t factor = bsize/block_size;
2768                                 bsize = block_size;
2769                                 dsize *= factor;
2770                                 dfree *= factor;
2771                         }
2772                         bytes_per_sector = 512;
2773                         sectors_per_unit = bsize/bytes_per_sector;
2774                         DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_SIZE_INFO bsize=%u, cSectorUnit=%u, \
2775 cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned int)sectors_per_unit,
2776                                 (unsigned int)bytes_per_sector, (unsigned int)dsize, (unsigned int)dfree));
2777                         SBIG_UINT(pdata,0,dsize);
2778                         SBIG_UINT(pdata,8,dfree);
2779                         SIVAL(pdata,16,sectors_per_unit);
2780                         SIVAL(pdata,20,bytes_per_sector);
2781                         break;
2782                 }
2783
2784                 case SMB_FS_FULL_SIZE_INFORMATION:
2785                 {
2786                         uint64_t dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
2787                         data_len = 32;
2788                         if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (uint64_t)-1) {
2789                                 reply_unixerror(req, ERRHRD, ERRgeneral);
2790                                 return;
2791                         }
2792                         block_size = lp_block_size(snum);
2793                         if (bsize < block_size) {
2794                                 uint64_t factor = block_size/bsize;
2795                                 bsize = block_size;
2796                                 dsize /= factor;
2797                                 dfree /= factor;
2798                         }
2799                         if (bsize > block_size) {
2800                                 uint64_t factor = bsize/block_size;
2801                                 bsize = block_size;
2802                                 dsize *= factor;
2803                                 dfree *= factor;
2804                         }
2805                         bytes_per_sector = 512;
2806                         sectors_per_unit = bsize/bytes_per_sector;
2807                         DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=%u, cSectorUnit=%u, \
2808 cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned int)sectors_per_unit,
2809                                 (unsigned int)bytes_per_sector, (unsigned int)dsize, (unsigned int)dfree));
2810                         SBIG_UINT(pdata,0,dsize); /* Total Allocation units. */
2811                         SBIG_UINT(pdata,8,dfree); /* Caller available allocation units. */
2812                         SBIG_UINT(pdata,16,dfree); /* Actual available allocation units. */
2813                         SIVAL(pdata,24,sectors_per_unit); /* Sectors per allocation unit. */
2814                         SIVAL(pdata,28,bytes_per_sector); /* Bytes per sector. */
2815                         break;
2816                 }
2817
2818                 case SMB_QUERY_FS_DEVICE_INFO:
2819                 case SMB_FS_DEVICE_INFORMATION:
2820                         data_len = 8;
2821                         SIVAL(pdata,0,0); /* dev type */
2822                         SIVAL(pdata,4,0); /* characteristics */
2823                         break;
2824
2825 #ifdef HAVE_SYS_QUOTAS
2826                 case SMB_FS_QUOTA_INFORMATION:
2827                 /* 
2828                  * what we have to send --metze:
2829                  *
2830                  * Unknown1:            24 NULL bytes
2831                  * Soft Quota Treshold: 8 bytes seems like uint64_t or so
2832                  * Hard Quota Limit:    8 bytes seems like uint64_t or so
2833                  * Quota Flags:         2 byte :
2834                  * Unknown3:            6 NULL bytes
2835                  *
2836                  * 48 bytes total
2837                  * 
2838                  * details for Quota Flags:
2839                  * 
2840                  * 0x0020 Log Limit: log if the user exceeds his Hard Quota
2841                  * 0x0010 Log Warn:  log if the user exceeds his Soft Quota
2842                  * 0x0002 Deny Disk: deny disk access when the user exceeds his Hard Quota
2843                  * 0x0001 Enable Quotas: enable quota for this fs
2844                  *
2845                  */
2846                 {
2847                         /* we need to fake up a fsp here,
2848                          * because its not send in this call
2849                          */
2850                         files_struct fsp;
2851                         SMB_NTQUOTA_STRUCT quotas;
2852
2853                         ZERO_STRUCT(fsp);
2854                         ZERO_STRUCT(quotas);
2855
2856                         fsp.conn = conn;
2857                         fsp.fnum = -1;
2858
2859                         /* access check */
2860                         if (conn->server_info->utok.uid != 0) {
2861                                 DEBUG(0,("set_user_quota: access_denied "
2862                                          "service [%s] user [%s]\n",
2863                                          lp_servicename(SNUM(conn)),
2864                                          conn->server_info->unix_name));
2865                                 reply_doserror(req, ERRDOS, ERRnoaccess);
2866                                 return;
2867                         }
2868
2869                         if (vfs_get_ntquota(&fsp, SMB_USER_FS_QUOTA_TYPE, NULL, &quotas)!=0) {
2870                                 DEBUG(0,("vfs_get_ntquota() failed for service [%s]\n",lp_servicename(SNUM(conn))));
2871                                 reply_doserror(req, ERRSRV, ERRerror);
2872                                 return;
2873                         }
2874
2875                         data_len = 48;
2876
2877                         DEBUG(10,("SMB_FS_QUOTA_INFORMATION: for service [%s]\n",lp_servicename(SNUM(conn))));          
2878
2879                         /* Unknown1 24 NULL bytes*/
2880                         SBIG_UINT(pdata,0,(uint64_t)0);
2881                         SBIG_UINT(pdata,8,(uint64_t)0);
2882                         SBIG_UINT(pdata,16,(uint64_t)0);
2883
2884                         /* Default Soft Quota 8 bytes */
2885                         SBIG_UINT(pdata,24,quotas.softlim);
2886
2887                         /* Default Hard Quota 8 bytes */
2888                         SBIG_UINT(pdata,32,quotas.hardlim);
2889
2890                         /* Quota flag 2 bytes */
2891                         SSVAL(pdata,40,quotas.qflags);
2892
2893                         /* Unknown3 6 NULL bytes */
2894                         SSVAL(pdata,42,0);
2895                         SIVAL(pdata,44,0);
2896
2897                         break;
2898                 }
2899 #endif /* HAVE_SYS_QUOTAS */
2900                 case SMB_FS_OBJECTID_INFORMATION:
2901                 {
2902                         unsigned char objid[16];
2903                         struct smb_extended_info extended_info;
2904                         memcpy(pdata,create_volume_objectid(conn, objid),16);
2905                         samba_extended_info_version (&extended_info);
2906                         SIVAL(pdata,16,extended_info.samba_magic);
2907                         SIVAL(pdata,20,extended_info.samba_version);
2908                         SIVAL(pdata,24,extended_info.samba_subversion);
2909                         SBIG_UINT(pdata,28,extended_info.samba_gitcommitdate);
2910                         memcpy(pdata+36,extended_info.samba_version_string,28);
2911                         data_len = 64;
2912                         break;
2913                 }
2914
2915                 /*
2916                  * Query the version and capabilities of the CIFS UNIX extensions
2917                  * in use.
2918                  */
2919
2920                 case SMB_QUERY_CIFS_UNIX_INFO:
2921                 {
2922                         bool large_write = lp_min_receive_file_size() &&
2923                                         !srv_is_signing_active(smbd_server_conn);
2924                         bool large_read = !srv_is_signing_active(smbd_server_conn);
2925                         int encrypt_caps = 0;
2926
2927                         if (!lp_unix_extensions()) {
2928                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2929                                 return;
2930                         }
2931
2932                         switch (conn->encrypt_level) {
2933                         case 0:
2934                                 encrypt_caps = 0;
2935                                 break;
2936                         case 1:
2937                         case Auto:
2938                                 encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP;
2939                                 break;
2940                         case Required:
2941                                 encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP|
2942                                                 CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP;
2943                                 large_write = false;
2944                                 large_read = false;
2945                                 break;
2946                         }
2947
2948                         data_len = 12;
2949                         SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION);
2950                         SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION);
2951
2952                         /* We have POSIX ACLs, pathname, encryption, 
2953                          * large read/write, and locking capability. */
2954
2955                         SBIG_UINT(pdata,4,((uint64_t)(
2956                                         CIFS_UNIX_POSIX_ACLS_CAP|
2957                                         CIFS_UNIX_POSIX_PATHNAMES_CAP|
2958                                         CIFS_UNIX_FCNTL_LOCKS_CAP|
2959                                         CIFS_UNIX_EXTATTR_CAP|
2960                                         CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP|
2961                                         encrypt_caps|
2962                                         (large_read ? CIFS_UNIX_LARGE_READ_CAP : 0) |
2963                                         (large_write ?
2964                                         CIFS_UNIX_LARGE_WRITE_CAP : 0))));
2965                         break;
2966                 }
2967
2968                 case SMB_QUERY_POSIX_FS_INFO:
2969                 {
2970                         int rc;
2971                         vfs_statvfs_struct svfs;
2972
2973                         if (!lp_unix_extensions()) {
2974                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2975                                 return;
2976                         }
2977
2978                         rc = SMB_VFS_STATVFS(conn, ".", &svfs);
2979
2980                         if (!rc) {
2981                                 data_len = 56;
2982                                 SIVAL(pdata,0,svfs.OptimalTransferSize);
2983                                 SIVAL(pdata,4,svfs.BlockSize);
2984                                 SBIG_UINT(pdata,8,svfs.TotalBlocks);
2985                                 SBIG_UINT(pdata,16,svfs.BlocksAvail);
2986                                 SBIG_UINT(pdata,24,svfs.UserBlocksAvail);
2987                                 SBIG_UINT(pdata,32,svfs.TotalFileNodes);
2988                                 SBIG_UINT(pdata,40,svfs.FreeFileNodes);
2989                                 SBIG_UINT(pdata,48,svfs.FsIdentifier);
2990                                 DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_POSIX_FS_INFO succsessful\n"));
2991 #ifdef EOPNOTSUPP
2992                         } else if (rc == EOPNOTSUPP) {
2993                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2994                                 return;