2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern bool global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 bool *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
174 /****************************************************************************
175 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
176 No wildcards allowed.
177 ****************************************************************************/
179 NTSTATUS check_path_syntax(char *path)
182 return check_path_syntax_internal(path, False, &ignore);
185 /****************************************************************************
186 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
187 Wildcards allowed - p_contains_wcard returns true if the last component contained
189 ****************************************************************************/
191 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
193 return check_path_syntax_internal(path, False, p_contains_wcard);
196 /****************************************************************************
197 Check the path for a POSIX client.
198 We're assuming here that '/' is not the second byte in any multibyte char
199 set (a safe assumption).
200 ****************************************************************************/
202 NTSTATUS check_path_syntax_posix(char *path)
205 return check_path_syntax_internal(path, True, &ignore);
208 /****************************************************************************
209 Pull a string and check the path allowing a wilcard - provide for error return.
210 ****************************************************************************/
212 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
220 bool *contains_wcard)
227 ret = srvstr_pull_buf_talloc(ctx,
234 ret = srvstr_pull_talloc(ctx,
244 *err = NT_STATUS_INVALID_PARAMETER;
248 *contains_wcard = False;
250 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
252 * For a DFS path the function parse_dfs_path()
253 * will do the path processing, just make a copy.
259 if (lp_posix_pathnames()) {
260 *err = check_path_syntax_posix(*pp_dest);
262 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
268 /****************************************************************************
269 Pull a string and check the path - provide for error return.
270 ****************************************************************************/
272 size_t srvstr_get_path(TALLOC_CTX *ctx,
286 ret = srvstr_pull_buf_talloc(ctx,
293 ret = srvstr_pull_talloc(ctx,
303 *err = NT_STATUS_INVALID_PARAMETER;
307 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
309 * For a DFS path the function parse_dfs_path()
310 * will do the path processing, just make a copy.
316 if (lp_posix_pathnames()) {
317 *err = check_path_syntax_posix(*pp_dest);
319 *err = check_path_syntax(*pp_dest);
325 /****************************************************************************
326 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
327 ****************************************************************************/
329 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
330 files_struct *fsp, struct current_user *user)
332 if (!(fsp) || !(conn)) {
333 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
337 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
343 /****************************************************************************
344 Check if we have a correct fsp pointing to a file. Replacement for the
346 ****************************************************************************/
348 bool check_fsp(connection_struct *conn, struct smb_request *req,
349 files_struct *fsp, struct current_user *user)
351 if (!check_fsp_open(conn, req, fsp, user)) {
354 if ((fsp)->is_directory) {
355 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
358 if ((fsp)->fh->fd == -1) {
359 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
362 (fsp)->num_smb_operations++;
366 /****************************************************************************
367 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
368 ****************************************************************************/
370 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
371 files_struct *fsp, struct current_user *user)
373 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
374 && (current_user.vuid==(fsp)->vuid)) {
378 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
382 /****************************************************************************
383 Reply to a (netbios-level) special message.
384 ****************************************************************************/
386 void reply_special(char *inbuf)
388 int msg_type = CVAL(inbuf,0);
389 int msg_flags = CVAL(inbuf,1);
394 * We only really use 4 bytes of the outbuf, but for the smb_setlen
395 * calculation & friends (srv_send_smb uses that) we need the full smb
398 char outbuf[smb_size];
400 static bool already_got_session = False;
404 memset(outbuf, '\0', sizeof(outbuf));
406 smb_setlen(outbuf,0);
409 case 0x81: /* session request */
411 if (already_got_session) {
412 exit_server_cleanly("multiple session request not permitted");
415 SCVAL(outbuf,0,0x82);
417 if (name_len(inbuf+4) > 50 ||
418 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
419 DEBUG(0,("Invalid name length in session request\n"));
422 name_extract(inbuf,4,name1);
423 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
424 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
427 set_local_machine_name(name1, True);
428 set_remote_machine_name(name2, True);
430 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
431 get_local_machine_name(), get_remote_machine_name(),
434 if (name_type == 'R') {
435 /* We are being asked for a pathworks session ---
437 SCVAL(outbuf, 0,0x83);
441 /* only add the client's machine name to the list
442 of possibly valid usernames if we are operating
443 in share mode security */
444 if (lp_security() == SEC_SHARE) {
445 add_session_user(get_remote_machine_name());
448 reload_services(True);
451 already_got_session = True;
454 case 0x89: /* session keepalive request
455 (some old clients produce this?) */
456 SCVAL(outbuf,0,SMBkeepalive);
460 case 0x82: /* positive session response */
461 case 0x83: /* negative session response */
462 case 0x84: /* retarget session response */
463 DEBUG(0,("Unexpected session response\n"));
466 case SMBkeepalive: /* session keepalive */
471 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
472 msg_type, msg_flags));
474 srv_send_smb(smbd_server_fd(), outbuf, false);
478 /****************************************************************************
480 conn POINTER CAN BE NULL HERE !
481 ****************************************************************************/
483 void reply_tcon(struct smb_request *req)
485 connection_struct *conn = req->conn;
487 char *service_buf = NULL;
488 char *password = NULL;
493 DATA_BLOB password_blob;
494 TALLOC_CTX *ctx = talloc_tos();
496 START_PROFILE(SMBtcon);
498 if (smb_buflen(req->inbuf) < 4) {
499 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
500 END_PROFILE(SMBtcon);
504 p = smb_buf(req->inbuf)+1;
505 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
506 &service_buf, p, STR_TERMINATE) + 1;
507 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
508 &password, p, STR_TERMINATE) + 1;
510 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
511 &dev, p, STR_TERMINATE) + 1;
513 if (service_buf == NULL || password == NULL || dev == NULL) {
514 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
515 END_PROFILE(SMBtcon);
518 p = strrchr_m(service_buf,'\\');
522 service = service_buf;
525 password_blob = data_blob(password, pwlen+1);
527 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
530 data_blob_clear_free(&password_blob);
533 reply_nterror(req, nt_status);
534 END_PROFILE(SMBtcon);
538 reply_outbuf(req, 2, 0);
539 SSVAL(req->outbuf,smb_vwv0,max_recv);
540 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
541 SSVAL(req->outbuf,smb_tid,conn->cnum);
543 DEBUG(3,("tcon service=%s cnum=%d\n",
544 service, conn->cnum));
546 END_PROFILE(SMBtcon);
550 /****************************************************************************
551 Reply to a tcon and X.
552 conn POINTER CAN BE NULL HERE !
553 ****************************************************************************/
555 void reply_tcon_and_X(struct smb_request *req)
557 connection_struct *conn = req->conn;
558 char *service = NULL;
560 TALLOC_CTX *ctx = talloc_tos();
561 /* what the cleint thinks the device is */
562 char *client_devicetype = NULL;
563 /* what the server tells the client the share represents */
564 const char *server_devicetype;
571 START_PROFILE(SMBtconX);
574 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
575 END_PROFILE(SMBtconX);
579 passlen = SVAL(req->inbuf,smb_vwv3);
580 tcon_flags = SVAL(req->inbuf,smb_vwv2);
582 /* we might have to close an old one */
583 if ((tcon_flags & 0x1) && conn) {
584 close_cnum(conn,req->vuid);
589 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
590 reply_doserror(req, ERRDOS, ERRbuftoosmall);
591 END_PROFILE(SMBtconX);
595 if (global_encrypted_passwords_negotiated) {
596 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
598 if (lp_security() == SEC_SHARE) {
600 * Security = share always has a pad byte
601 * after the password.
603 p = smb_buf(req->inbuf) + passlen + 1;
605 p = smb_buf(req->inbuf) + passlen;
608 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
610 /* Ensure correct termination */
611 password.data[passlen]=0;
612 p = smb_buf(req->inbuf) + passlen + 1;
615 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
619 data_blob_clear_free(&password);
620 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
621 END_PROFILE(SMBtconX);
626 * the service name can be either: \\server\share
627 * or share directly like on the DELL PowerVault 705
630 q = strchr_m(path+2,'\\');
632 data_blob_clear_free(&password);
633 reply_doserror(req, ERRDOS, ERRnosuchshare);
634 END_PROFILE(SMBtconX);
642 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
643 &client_devicetype, p,
644 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
646 if (client_devicetype == NULL) {
647 data_blob_clear_free(&password);
648 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
649 END_PROFILE(SMBtconX);
653 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
655 conn = make_connection(service, password, client_devicetype,
656 req->vuid, &nt_status);
659 data_blob_clear_free(&password);
662 reply_nterror(req, nt_status);
663 END_PROFILE(SMBtconX);
668 server_devicetype = "IPC";
669 else if ( IS_PRINT(conn) )
670 server_devicetype = "LPT1:";
672 server_devicetype = "A:";
674 if (Protocol < PROTOCOL_NT1) {
675 reply_outbuf(req, 2, 0);
676 if (message_push_string(&req->outbuf, server_devicetype,
677 STR_TERMINATE|STR_ASCII) == -1) {
678 reply_nterror(req, NT_STATUS_NO_MEMORY);
679 END_PROFILE(SMBtconX);
683 /* NT sets the fstype of IPC$ to the null string */
684 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
686 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
687 /* Return permissions. */
691 reply_outbuf(req, 7, 0);
694 perm1 = FILE_ALL_ACCESS;
695 perm2 = FILE_ALL_ACCESS;
697 perm1 = CAN_WRITE(conn) ?
702 SIVAL(req->outbuf, smb_vwv3, perm1);
703 SIVAL(req->outbuf, smb_vwv5, perm2);
705 reply_outbuf(req, 3, 0);
708 if ((message_push_string(&req->outbuf, server_devicetype,
709 STR_TERMINATE|STR_ASCII) == -1)
710 || (message_push_string(&req->outbuf, fstype,
711 STR_TERMINATE) == -1)) {
712 reply_nterror(req, NT_STATUS_NO_MEMORY);
713 END_PROFILE(SMBtconX);
717 /* what does setting this bit do? It is set by NT4 and
718 may affect the ability to autorun mounted cdroms */
719 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
720 (lp_csc_policy(SNUM(conn)) << 2));
722 init_dfsroot(conn, req->inbuf, req->outbuf);
726 DEBUG(3,("tconX service=%s \n",
729 /* set the incoming and outgoing tid to the just created one */
730 SSVAL(req->inbuf,smb_tid,conn->cnum);
731 SSVAL(req->outbuf,smb_tid,conn->cnum);
733 END_PROFILE(SMBtconX);
739 /****************************************************************************
740 Reply to an unknown type.
741 ****************************************************************************/
743 void reply_unknown_new(struct smb_request *req, uint8 type)
745 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
746 smb_fn_name(type), type, type));
747 reply_doserror(req, ERRSRV, ERRunknownsmb);
751 /****************************************************************************
753 conn POINTER CAN BE NULL HERE !
754 ****************************************************************************/
756 void reply_ioctl(struct smb_request *req)
758 connection_struct *conn = req->conn;
765 START_PROFILE(SMBioctl);
768 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
769 END_PROFILE(SMBioctl);
773 device = SVAL(req->inbuf,smb_vwv1);
774 function = SVAL(req->inbuf,smb_vwv2);
775 ioctl_code = (device << 16) + function;
777 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
779 switch (ioctl_code) {
780 case IOCTL_QUERY_JOB_INFO:
784 reply_doserror(req, ERRSRV, ERRnosupport);
785 END_PROFILE(SMBioctl);
789 reply_outbuf(req, 8, replysize+1);
790 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
791 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
792 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
793 p = smb_buf(req->outbuf);
794 memset(p, '\0', replysize+1); /* valgrind-safe. */
795 p += 1; /* Allow for alignment */
797 switch (ioctl_code) {
798 case IOCTL_QUERY_JOB_INFO:
800 files_struct *fsp = file_fsp(SVAL(req->inbuf,
803 reply_doserror(req, ERRDOS, ERRbadfid);
804 END_PROFILE(SMBioctl);
807 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
808 srvstr_push((char *)req->outbuf, req->flags2, p+2,
810 STR_TERMINATE|STR_ASCII);
812 srvstr_push((char *)req->outbuf, req->flags2,
813 p+18, lp_servicename(SNUM(conn)),
814 13, STR_TERMINATE|STR_ASCII);
822 END_PROFILE(SMBioctl);
826 /****************************************************************************
827 Strange checkpath NTSTATUS mapping.
828 ****************************************************************************/
830 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
832 /* Strange DOS error code semantics only for checkpath... */
833 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
834 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
835 /* We need to map to ERRbadpath */
836 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
842 /****************************************************************************
843 Reply to a checkpath.
844 ****************************************************************************/
846 void reply_checkpath(struct smb_request *req)
848 connection_struct *conn = req->conn;
850 SMB_STRUCT_STAT sbuf;
852 TALLOC_CTX *ctx = talloc_tos();
854 START_PROFILE(SMBcheckpath);
856 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
857 smb_buf(req->inbuf) + 1, 0,
858 STR_TERMINATE, &status);
859 if (!NT_STATUS_IS_OK(status)) {
860 status = map_checkpath_error((char *)req->inbuf, status);
861 reply_nterror(req, status);
862 END_PROFILE(SMBcheckpath);
866 status = resolve_dfspath(ctx, conn,
867 req->flags2 & FLAGS2_DFS_PATHNAMES,
870 if (!NT_STATUS_IS_OK(status)) {
871 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
872 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
874 END_PROFILE(SMBcheckpath);
880 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
882 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
883 if (!NT_STATUS_IS_OK(status)) {
887 status = check_name(conn, name);
888 if (!NT_STATUS_IS_OK(status)) {
889 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
893 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
894 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
895 status = map_nt_error_from_unix(errno);
899 if (!S_ISDIR(sbuf.st_mode)) {
900 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
902 END_PROFILE(SMBcheckpath);
906 reply_outbuf(req, 0, 0);
908 END_PROFILE(SMBcheckpath);
913 END_PROFILE(SMBcheckpath);
915 /* We special case this - as when a Windows machine
916 is parsing a path is steps through the components
917 one at a time - if a component fails it expects
918 ERRbadpath, not ERRbadfile.
920 status = map_checkpath_error((char *)req->inbuf, status);
921 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
923 * Windows returns different error codes if
924 * the parent directory is valid but not the
925 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
926 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
927 * if the path is invalid.
929 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
934 reply_nterror(req, status);
937 /****************************************************************************
939 ****************************************************************************/
941 void reply_getatr(struct smb_request *req)
943 connection_struct *conn = req->conn;
945 SMB_STRUCT_STAT sbuf;
951 TALLOC_CTX *ctx = talloc_tos();
953 START_PROFILE(SMBgetatr);
955 p = smb_buf(req->inbuf) + 1;
956 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
957 0, STR_TERMINATE, &status);
958 if (!NT_STATUS_IS_OK(status)) {
959 reply_nterror(req, status);
960 END_PROFILE(SMBgetatr);
964 status = resolve_dfspath(ctx, conn,
965 req->flags2 & FLAGS2_DFS_PATHNAMES,
968 if (!NT_STATUS_IS_OK(status)) {
969 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
970 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
972 END_PROFILE(SMBgetatr);
975 reply_nterror(req, status);
976 END_PROFILE(SMBgetatr);
980 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
981 under WfWg - weird! */
982 if (*fname == '\0') {
983 mode = aHIDDEN | aDIR;
984 if (!CAN_WRITE(conn)) {
990 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
991 if (!NT_STATUS_IS_OK(status)) {
992 reply_nterror(req, status);
993 END_PROFILE(SMBgetatr);
996 status = check_name(conn, fname);
997 if (!NT_STATUS_IS_OK(status)) {
998 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
999 reply_nterror(req, status);
1000 END_PROFILE(SMBgetatr);
1003 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1004 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1005 reply_unixerror(req, ERRDOS,ERRbadfile);
1006 END_PROFILE(SMBgetatr);
1010 mode = dos_mode(conn,fname,&sbuf);
1011 size = sbuf.st_size;
1012 mtime = sbuf.st_mtime;
1018 reply_outbuf(req, 10, 0);
1020 SSVAL(req->outbuf,smb_vwv0,mode);
1021 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1022 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1024 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1026 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1028 if (Protocol >= PROTOCOL_NT1) {
1029 SSVAL(req->outbuf, smb_flg2,
1030 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1033 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1035 END_PROFILE(SMBgetatr);
1039 /****************************************************************************
1041 ****************************************************************************/
1043 void reply_setatr(struct smb_request *req)
1045 connection_struct *conn = req->conn;
1049 SMB_STRUCT_STAT sbuf;
1052 TALLOC_CTX *ctx = talloc_tos();
1054 START_PROFILE(SMBsetatr);
1057 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1061 p = smb_buf(req->inbuf) + 1;
1062 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1063 0, STR_TERMINATE, &status);
1064 if (!NT_STATUS_IS_OK(status)) {
1065 reply_nterror(req, status);
1066 END_PROFILE(SMBsetatr);
1070 status = resolve_dfspath(ctx, conn,
1071 req->flags2 & FLAGS2_DFS_PATHNAMES,
1074 if (!NT_STATUS_IS_OK(status)) {
1075 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1076 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1077 ERRSRV, ERRbadpath);
1078 END_PROFILE(SMBsetatr);
1081 reply_nterror(req, status);
1082 END_PROFILE(SMBsetatr);
1086 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1087 if (!NT_STATUS_IS_OK(status)) {
1088 reply_nterror(req, status);
1089 END_PROFILE(SMBsetatr);
1093 status = check_name(conn, fname);
1094 if (!NT_STATUS_IS_OK(status)) {
1095 reply_nterror(req, status);
1096 END_PROFILE(SMBsetatr);
1100 if (fname[0] == '.' && fname[1] == '\0') {
1102 * Not sure here is the right place to catch this
1103 * condition. Might be moved to somewhere else later -- vl
1105 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1106 END_PROFILE(SMBsetatr);
1110 mode = SVAL(req->inbuf,smb_vwv0);
1111 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1113 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1114 reply_unixerror(req, ERRDOS, ERRnoaccess);
1115 END_PROFILE(SMBsetatr);
1119 if (mode != FILE_ATTRIBUTE_NORMAL) {
1120 if (VALID_STAT_OF_DIR(sbuf))
1125 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1126 reply_unixerror(req, ERRDOS, ERRnoaccess);
1127 END_PROFILE(SMBsetatr);
1132 reply_outbuf(req, 0, 0);
1134 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1136 END_PROFILE(SMBsetatr);
1140 /****************************************************************************
1142 ****************************************************************************/
1144 void reply_dskattr(struct smb_request *req)
1146 connection_struct *conn = req->conn;
1147 SMB_BIG_UINT dfree,dsize,bsize;
1148 START_PROFILE(SMBdskattr);
1150 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1151 reply_unixerror(req, ERRHRD, ERRgeneral);
1152 END_PROFILE(SMBdskattr);
1156 reply_outbuf(req, 5, 0);
1158 if (Protocol <= PROTOCOL_LANMAN2) {
1159 double total_space, free_space;
1160 /* we need to scale this to a number that DOS6 can handle. We
1161 use floating point so we can handle large drives on systems
1162 that don't have 64 bit integers
1164 we end up displaying a maximum of 2G to DOS systems
1166 total_space = dsize * (double)bsize;
1167 free_space = dfree * (double)bsize;
1169 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1170 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1172 if (dsize > 0xFFFF) dsize = 0xFFFF;
1173 if (dfree > 0xFFFF) dfree = 0xFFFF;
1175 SSVAL(req->outbuf,smb_vwv0,dsize);
1176 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1177 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1178 SSVAL(req->outbuf,smb_vwv3,dfree);
1180 SSVAL(req->outbuf,smb_vwv0,dsize);
1181 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1182 SSVAL(req->outbuf,smb_vwv2,512);
1183 SSVAL(req->outbuf,smb_vwv3,dfree);
1186 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1188 END_PROFILE(SMBdskattr);
1192 /****************************************************************************
1194 Can be called from SMBsearch, SMBffirst or SMBfunique.
1195 ****************************************************************************/
1197 void reply_search(struct smb_request *req)
1199 connection_struct *conn = req->conn;
1201 char *directory = NULL;
1207 unsigned int numentries = 0;
1208 unsigned int maxentries = 0;
1209 bool finished = False;
1215 bool check_descend = False;
1216 bool expect_close = False;
1218 bool mask_contains_wcard = False;
1219 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1220 TALLOC_CTX *ctx = talloc_tos();
1222 START_PROFILE(SMBsearch);
1225 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1226 END_PROFILE(SMBsearch);
1230 if (lp_posix_pathnames()) {
1231 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1232 END_PROFILE(SMBsearch);
1236 /* If we were called as SMBffirst then we must expect close. */
1237 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1238 expect_close = True;
1241 reply_outbuf(req, 1, 3);
1242 maxentries = SVAL(req->inbuf,smb_vwv0);
1243 dirtype = SVAL(req->inbuf,smb_vwv1);
1244 p = smb_buf(req->inbuf) + 1;
1245 p += srvstr_get_path_wcard(ctx,
1253 &mask_contains_wcard);
1254 if (!NT_STATUS_IS_OK(nt_status)) {
1255 reply_nterror(req, nt_status);
1256 END_PROFILE(SMBsearch);
1260 nt_status = resolve_dfspath_wcard(ctx, conn,
1261 req->flags2 & FLAGS2_DFS_PATHNAMES,
1264 &mask_contains_wcard);
1265 if (!NT_STATUS_IS_OK(nt_status)) {
1266 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1267 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1268 ERRSRV, ERRbadpath);
1269 END_PROFILE(SMBsearch);
1272 reply_nterror(req, nt_status);
1273 END_PROFILE(SMBsearch);
1278 status_len = SVAL(p, 0);
1281 /* dirtype &= ~aDIR; */
1283 if (status_len == 0) {
1284 SMB_STRUCT_STAT sbuf;
1286 nt_status = unix_convert(ctx, conn, path, True,
1287 &directory, NULL, &sbuf);
1288 if (!NT_STATUS_IS_OK(nt_status)) {
1289 reply_nterror(req, nt_status);
1290 END_PROFILE(SMBsearch);
1294 nt_status = check_name(conn, directory);
1295 if (!NT_STATUS_IS_OK(nt_status)) {
1296 reply_nterror(req, nt_status);
1297 END_PROFILE(SMBsearch);
1301 p = strrchr_m(directory,'/');
1304 directory = talloc_strdup(ctx,".");
1306 reply_nterror(req, NT_STATUS_NO_MEMORY);
1307 END_PROFILE(SMBsearch);
1315 if (*directory == '\0') {
1316 directory = talloc_strdup(ctx,".");
1318 reply_nterror(req, NT_STATUS_NO_MEMORY);
1319 END_PROFILE(SMBsearch);
1323 memset((char *)status,'\0',21);
1324 SCVAL(status,0,(dirtype & 0x1F));
1326 nt_status = dptr_create(conn,
1332 mask_contains_wcard,
1335 if (!NT_STATUS_IS_OK(nt_status)) {
1336 reply_nterror(req, nt_status);
1337 END_PROFILE(SMBsearch);
1340 dptr_num = dptr_dnum(conn->dirptr);
1344 memcpy(status,p,21);
1345 status_dirtype = CVAL(status,0) & 0x1F;
1346 if (status_dirtype != (dirtype & 0x1F)) {
1347 dirtype = status_dirtype;
1350 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1351 if (!conn->dirptr) {
1354 string_set(&conn->dirpath,dptr_path(dptr_num));
1355 mask = dptr_wcard(dptr_num);
1360 * For a 'continue' search we have no string. So
1361 * check from the initial saved string.
1363 mask_contains_wcard = ms_has_wild(mask);
1364 dirtype = dptr_attr(dptr_num);
1367 DEBUG(4,("dptr_num is %d\n",dptr_num));
1369 if ((dirtype&0x1F) == aVOLID) {
1370 char buf[DIR_STRUCT_SIZE];
1371 memcpy(buf,status,21);
1372 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1373 0,aVOLID,0,!allow_long_path_components)) {
1374 reply_nterror(req, NT_STATUS_NO_MEMORY);
1375 END_PROFILE(SMBsearch);
1378 dptr_fill(buf+12,dptr_num);
1379 if (dptr_zero(buf+12) && (status_len==0)) {
1384 if (message_push_blob(&req->outbuf,
1385 data_blob_const(buf, sizeof(buf)))
1387 reply_nterror(req, NT_STATUS_NO_MEMORY);
1388 END_PROFILE(SMBsearch);
1396 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1399 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1400 conn->dirpath,lp_dontdescend(SNUM(conn))));
1401 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1402 check_descend = True;
1405 for (i=numentries;(i<maxentries) && !finished;i++) {
1406 finished = !get_dir_entry(ctx,conn,mask,dirtype,&fname,
1407 &size,&mode,&date,check_descend);
1409 char buf[DIR_STRUCT_SIZE];
1410 memcpy(buf,status,21);
1411 if (!make_dir_struct(ctx,
1418 !allow_long_path_components)) {
1419 reply_nterror(req, NT_STATUS_NO_MEMORY);
1420 END_PROFILE(SMBsearch);
1423 if (!dptr_fill(buf+12,dptr_num)) {
1426 if (message_push_blob(&req->outbuf,
1427 data_blob_const(buf, sizeof(buf)))
1429 reply_nterror(req, NT_STATUS_NO_MEMORY);
1430 END_PROFILE(SMBsearch);
1440 /* If we were called as SMBffirst with smb_search_id == NULL
1441 and no entries were found then return error and close dirptr
1444 if (numentries == 0) {
1445 dptr_close(&dptr_num);
1446 } else if(expect_close && status_len == 0) {
1447 /* Close the dptr - we know it's gone */
1448 dptr_close(&dptr_num);
1451 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1452 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1453 dptr_close(&dptr_num);
1456 if ((numentries == 0) && !mask_contains_wcard) {
1457 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1458 END_PROFILE(SMBsearch);
1462 SSVAL(req->outbuf,smb_vwv0,numentries);
1463 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1464 SCVAL(smb_buf(req->outbuf),0,5);
1465 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1467 /* The replies here are never long name. */
1468 SSVAL(req->outbuf, smb_flg2,
1469 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1470 if (!allow_long_path_components) {
1471 SSVAL(req->outbuf, smb_flg2,
1472 SVAL(req->outbuf, smb_flg2)
1473 & (~FLAGS2_LONG_PATH_COMPONENTS));
1476 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1477 SSVAL(req->outbuf, smb_flg2,
1478 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1481 directory = dptr_path(dptr_num);
1484 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1485 smb_fn_name(CVAL(req->inbuf,smb_com)),
1487 directory ? directory : "./",
1492 END_PROFILE(SMBsearch);
1496 /****************************************************************************
1497 Reply to a fclose (stop directory search).
1498 ****************************************************************************/
1500 void reply_fclose(struct smb_request *req)
1508 bool path_contains_wcard = False;
1509 TALLOC_CTX *ctx = talloc_tos();
1511 START_PROFILE(SMBfclose);
1513 if (lp_posix_pathnames()) {
1514 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1515 END_PROFILE(SMBfclose);
1519 p = smb_buf(req->inbuf) + 1;
1520 p += srvstr_get_path_wcard(ctx,
1528 &path_contains_wcard);
1529 if (!NT_STATUS_IS_OK(err)) {
1530 reply_nterror(req, err);
1531 END_PROFILE(SMBfclose);
1535 status_len = SVAL(p,0);
1538 if (status_len == 0) {
1539 reply_doserror(req, ERRSRV, ERRsrverror);
1540 END_PROFILE(SMBfclose);
1544 memcpy(status,p,21);
1546 if(dptr_fetch(status+12,&dptr_num)) {
1547 /* Close the dptr - we know it's gone */
1548 dptr_close(&dptr_num);
1551 reply_outbuf(req, 1, 0);
1552 SSVAL(req->outbuf,smb_vwv0,0);
1554 DEBUG(3,("search close\n"));
1556 END_PROFILE(SMBfclose);
1560 /****************************************************************************
1562 ****************************************************************************/
1564 void reply_open(struct smb_request *req)
1566 connection_struct *conn = req->conn;
1572 SMB_STRUCT_STAT sbuf;
1579 uint32 create_disposition;
1580 uint32 create_options = 0;
1582 TALLOC_CTX *ctx = talloc_tos();
1584 START_PROFILE(SMBopen);
1587 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1588 END_PROFILE(SMBopen);
1592 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1593 deny_mode = SVAL(req->inbuf,smb_vwv0);
1594 dos_attr = SVAL(req->inbuf,smb_vwv1);
1596 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1597 smb_buf(req->inbuf)+1, 0,
1598 STR_TERMINATE, &status);
1599 if (!NT_STATUS_IS_OK(status)) {
1600 reply_nterror(req, status);
1601 END_PROFILE(SMBopen);
1605 if (!map_open_params_to_ntcreate(
1606 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1607 &share_mode, &create_disposition, &create_options)) {
1608 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1609 END_PROFILE(SMBopen);
1613 status = create_file(conn, /* conn */
1615 0, /* root_dir_fid */
1617 access_mask, /* access_mask */
1618 share_mode, /* share_access */
1619 create_disposition, /* create_disposition*/
1620 create_options, /* create_options */
1621 dos_attr, /* file_attributes */
1622 oplock_request, /* oplock_request */
1623 0, /* allocation_size */
1630 if (!NT_STATUS_IS_OK(status)) {
1631 if (open_was_deferred(req->mid)) {
1632 /* We have re-scheduled this call. */
1633 END_PROFILE(SMBopen);
1636 reply_openerror(req, status);
1637 END_PROFILE(SMBopen);
1641 size = sbuf.st_size;
1642 fattr = dos_mode(conn,fname,&sbuf);
1643 mtime = sbuf.st_mtime;
1646 DEBUG(3,("attempt to open a directory %s\n",fname));
1647 close_file(fsp,ERROR_CLOSE);
1648 reply_doserror(req, ERRDOS,ERRnoaccess);
1649 END_PROFILE(SMBopen);
1653 reply_outbuf(req, 7, 0);
1654 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1655 SSVAL(req->outbuf,smb_vwv1,fattr);
1656 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1657 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1659 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1661 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1662 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1664 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1665 SCVAL(req->outbuf,smb_flg,
1666 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1669 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1670 SCVAL(req->outbuf,smb_flg,
1671 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1673 END_PROFILE(SMBopen);
1677 /****************************************************************************
1678 Reply to an open and X.
1679 ****************************************************************************/
1681 void reply_open_and_X(struct smb_request *req)
1683 connection_struct *conn = req->conn;
1688 /* Breakout the oplock request bits so we can set the
1689 reply bits separately. */
1690 int ex_oplock_request;
1691 int core_oplock_request;
1694 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1695 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1700 SMB_STRUCT_STAT sbuf;
1704 SMB_BIG_UINT allocation_size;
1705 ssize_t retval = -1;
1708 uint32 create_disposition;
1709 uint32 create_options = 0;
1710 TALLOC_CTX *ctx = talloc_tos();
1712 START_PROFILE(SMBopenX);
1714 if (req->wct < 15) {
1715 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1716 END_PROFILE(SMBopenX);
1720 open_flags = SVAL(req->inbuf,smb_vwv2);
1721 deny_mode = SVAL(req->inbuf,smb_vwv3);
1722 smb_attr = SVAL(req->inbuf,smb_vwv5);
1723 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1724 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1725 oplock_request = ex_oplock_request | core_oplock_request;
1726 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1727 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1729 /* If it's an IPC, pass off the pipe handler. */
1731 if (lp_nt_pipe_support()) {
1732 reply_open_pipe_and_X(conn, req);
1734 reply_doserror(req, ERRSRV, ERRaccess);
1736 END_PROFILE(SMBopenX);
1740 /* XXXX we need to handle passed times, sattr and flags */
1741 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1742 smb_buf(req->inbuf), 0, STR_TERMINATE,
1744 if (!NT_STATUS_IS_OK(status)) {
1745 reply_nterror(req, status);
1746 END_PROFILE(SMBopenX);
1750 if (!map_open_params_to_ntcreate(
1751 fname, deny_mode, smb_ofun, &access_mask,
1752 &share_mode, &create_disposition, &create_options)) {
1753 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1754 END_PROFILE(SMBopenX);
1758 status = create_file(conn, /* conn */
1760 0, /* root_dir_fid */
1762 access_mask, /* access_mask */
1763 share_mode, /* share_access */
1764 create_disposition, /* create_disposition*/
1765 create_options, /* create_options */
1766 smb_attr, /* file_attributes */
1767 oplock_request, /* oplock_request */
1768 0, /* allocation_size */
1772 &smb_action, /* pinfo */
1775 if (!NT_STATUS_IS_OK(status)) {
1776 END_PROFILE(SMBopenX);
1777 if (open_was_deferred(req->mid)) {
1778 /* We have re-scheduled this call. */
1781 reply_openerror(req, status);
1785 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1786 if the file is truncated or created. */
1787 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1788 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1789 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1790 close_file(fsp,ERROR_CLOSE);
1791 reply_nterror(req, NT_STATUS_DISK_FULL);
1792 END_PROFILE(SMBopenX);
1795 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1797 close_file(fsp,ERROR_CLOSE);
1798 reply_nterror(req, NT_STATUS_DISK_FULL);
1799 END_PROFILE(SMBopenX);
1802 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1805 fattr = dos_mode(conn,fname,&sbuf);
1806 mtime = sbuf.st_mtime;
1808 close_file(fsp,ERROR_CLOSE);
1809 reply_doserror(req, ERRDOS, ERRnoaccess);
1810 END_PROFILE(SMBopenX);
1814 /* If the caller set the extended oplock request bit
1815 and we granted one (by whatever means) - set the
1816 correct bit for extended oplock reply.
1819 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1820 smb_action |= EXTENDED_OPLOCK_GRANTED;
1823 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1824 smb_action |= EXTENDED_OPLOCK_GRANTED;
1827 /* If the caller set the core oplock request bit
1828 and we granted one (by whatever means) - set the
1829 correct bit for core oplock reply.
1832 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1833 reply_outbuf(req, 19, 0);
1835 reply_outbuf(req, 15, 0);
1838 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1839 SCVAL(req->outbuf, smb_flg,
1840 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1843 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1844 SCVAL(req->outbuf, smb_flg,
1845 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1848 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1849 SSVAL(req->outbuf,smb_vwv3,fattr);
1850 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1851 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1853 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1855 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1856 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1857 SSVAL(req->outbuf,smb_vwv11,smb_action);
1859 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1860 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1863 END_PROFILE(SMBopenX);
1868 /****************************************************************************
1869 Reply to a SMBulogoffX.
1870 ****************************************************************************/
1872 void reply_ulogoffX(struct smb_request *req)
1876 START_PROFILE(SMBulogoffX);
1878 vuser = get_valid_user_struct(req->vuid);
1881 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1885 /* in user level security we are supposed to close any files
1886 open by this user */
1887 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1888 file_close_user(req->vuid);
1891 invalidate_vuid(req->vuid);
1893 reply_outbuf(req, 2, 0);
1895 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1897 END_PROFILE(SMBulogoffX);
1901 /****************************************************************************
1902 Reply to a mknew or a create.
1903 ****************************************************************************/
1905 void reply_mknew(struct smb_request *req)
1907 connection_struct *conn = req->conn;
1911 struct timespec ts[2];
1913 int oplock_request = 0;
1914 SMB_STRUCT_STAT sbuf;
1916 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1917 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1918 uint32 create_disposition;
1919 uint32 create_options = 0;
1920 TALLOC_CTX *ctx = talloc_tos();
1922 START_PROFILE(SMBcreate);
1925 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1926 END_PROFILE(SMBcreate);
1930 fattr = SVAL(req->inbuf,smb_vwv0);
1931 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1932 com = SVAL(req->inbuf,smb_com);
1934 ts[1] =convert_time_t_to_timespec(
1935 srv_make_unix_date3(req->inbuf + smb_vwv1));
1938 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1939 smb_buf(req->inbuf) + 1, 0,
1940 STR_TERMINATE, &status);
1941 if (!NT_STATUS_IS_OK(status)) {
1942 reply_nterror(req, status);
1943 END_PROFILE(SMBcreate);
1947 if (fattr & aVOLID) {
1948 DEBUG(0,("Attempt to create file (%s) with volid set - "
1949 "please report this\n", fname));
1952 if(com == SMBmknew) {
1953 /* We should fail if file exists. */
1954 create_disposition = FILE_CREATE;
1956 /* Create if file doesn't exist, truncate if it does. */
1957 create_disposition = FILE_OVERWRITE_IF;
1960 status = create_file(conn, /* conn */
1962 0, /* root_dir_fid */
1964 access_mask, /* access_mask */
1965 share_mode, /* share_access */
1966 create_disposition, /* create_disposition*/
1967 create_options, /* create_options */
1968 fattr, /* file_attributes */
1969 oplock_request, /* oplock_request */
1970 0, /* allocation_size */
1977 if (!NT_STATUS_IS_OK(status)) {
1978 END_PROFILE(SMBcreate);
1979 if (open_was_deferred(req->mid)) {
1980 /* We have re-scheduled this call. */
1983 reply_openerror(req, status);
1987 ts[0] = get_atimespec(&sbuf); /* atime. */
1988 file_ntimes(conn, fname, ts);
1990 reply_outbuf(req, 1, 0);
1991 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1993 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1994 SCVAL(req->outbuf,smb_flg,
1995 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1998 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1999 SCVAL(req->outbuf,smb_flg,
2000 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2003 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
2004 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2005 fname, fsp->fh->fd, (unsigned int)fattr ) );
2007 END_PROFILE(SMBcreate);
2011 /****************************************************************************
2012 Reply to a create temporary file.
2013 ****************************************************************************/
2015 void reply_ctemp(struct smb_request *req)
2017 connection_struct *conn = req->conn;
2023 SMB_STRUCT_STAT sbuf;
2026 TALLOC_CTX *ctx = talloc_tos();
2028 START_PROFILE(SMBctemp);
2031 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2032 END_PROFILE(SMBctemp);
2036 fattr = SVAL(req->inbuf,smb_vwv0);
2037 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2039 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2040 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2042 if (!NT_STATUS_IS_OK(status)) {
2043 reply_nterror(req, status);
2044 END_PROFILE(SMBctemp);
2048 fname = talloc_asprintf(ctx,
2052 fname = talloc_strdup(ctx, "TMXXXXXX");
2056 reply_nterror(req, NT_STATUS_NO_MEMORY);
2057 END_PROFILE(SMBctemp);
2061 status = resolve_dfspath(ctx, conn,
2062 req->flags2 & FLAGS2_DFS_PATHNAMES,
2065 if (!NT_STATUS_IS_OK(status)) {
2066 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2067 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2068 ERRSRV, ERRbadpath);
2069 END_PROFILE(SMBctemp);
2072 reply_nterror(req, status);
2073 END_PROFILE(SMBctemp);
2077 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2078 if (!NT_STATUS_IS_OK(status)) {
2079 reply_nterror(req, status);
2080 END_PROFILE(SMBctemp);
2084 status = check_name(conn, CONST_DISCARD(char *,fname));
2085 if (!NT_STATUS_IS_OK(status)) {
2086 reply_nterror(req, status);
2087 END_PROFILE(SMBctemp);
2091 tmpfd = smb_mkstemp(fname);
2093 reply_unixerror(req, ERRDOS, ERRnoaccess);
2094 END_PROFILE(SMBctemp);
2098 SMB_VFS_STAT(conn,fname,&sbuf);
2100 /* We should fail if file does not exist. */
2101 status = open_file_ntcreate(conn, req, fname, &sbuf,
2102 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2103 FILE_SHARE_READ|FILE_SHARE_WRITE,
2110 /* close fd from smb_mkstemp() */
2113 if (!NT_STATUS_IS_OK(status)) {
2114 if (open_was_deferred(req->mid)) {
2115 /* We have re-scheduled this call. */
2116 END_PROFILE(SMBctemp);
2119 reply_openerror(req, status);
2120 END_PROFILE(SMBctemp);
2124 reply_outbuf(req, 1, 0);
2125 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2127 /* the returned filename is relative to the directory */
2128 s = strrchr_m(fname, '/');
2136 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2137 thing in the byte section. JRA */
2138 SSVALS(p, 0, -1); /* what is this? not in spec */
2140 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2142 reply_nterror(req, NT_STATUS_NO_MEMORY);
2143 END_PROFILE(SMBctemp);
2147 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2148 SCVAL(req->outbuf, smb_flg,
2149 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2152 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2153 SCVAL(req->outbuf, smb_flg,
2154 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2157 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2158 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2159 (unsigned int)sbuf.st_mode ) );
2161 END_PROFILE(SMBctemp);
2165 /*******************************************************************
2166 Check if a user is allowed to rename a file.
2167 ********************************************************************/
2169 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2170 uint16 dirtype, SMB_STRUCT_STAT *pst)
2174 if (!CAN_WRITE(conn)) {
2175 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2178 fmode = dos_mode(conn, fsp->fsp_name, pst);
2179 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2180 return NT_STATUS_NO_SUCH_FILE;
2183 if (S_ISDIR(pst->st_mode)) {
2184 return NT_STATUS_OK;
2187 if (fsp->access_mask & DELETE_ACCESS) {
2188 return NT_STATUS_OK;
2191 return NT_STATUS_ACCESS_DENIED;
2194 /*******************************************************************
2195 * unlink a file with all relevant access checks
2196 *******************************************************************/
2198 static NTSTATUS do_unlink(connection_struct *conn,
2199 struct smb_request *req,
2203 SMB_STRUCT_STAT sbuf;
2206 uint32 dirtype_orig = dirtype;
2209 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2211 if (!CAN_WRITE(conn)) {
2212 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2215 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2216 return map_nt_error_from_unix(errno);
2219 fattr = dos_mode(conn,fname,&sbuf);
2221 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2222 dirtype = aDIR|aARCH|aRONLY;
2225 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2227 return NT_STATUS_NO_SUCH_FILE;
2230 if (!dir_check_ftype(conn, fattr, dirtype)) {
2232 return NT_STATUS_FILE_IS_A_DIRECTORY;
2234 return NT_STATUS_NO_SUCH_FILE;
2237 if (dirtype_orig & 0x8000) {
2238 /* These will never be set for POSIX. */
2239 return NT_STATUS_NO_SUCH_FILE;
2243 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2244 return NT_STATUS_FILE_IS_A_DIRECTORY;
2247 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2248 return NT_STATUS_NO_SUCH_FILE;
2251 if (dirtype & 0xFF00) {
2252 /* These will never be set for POSIX. */
2253 return NT_STATUS_NO_SUCH_FILE;
2258 return NT_STATUS_NO_SUCH_FILE;
2261 /* Can't delete a directory. */
2263 return NT_STATUS_FILE_IS_A_DIRECTORY;
2268 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2269 return NT_STATUS_OBJECT_NAME_INVALID;
2270 #endif /* JRATEST */
2272 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2274 On a Windows share, a file with read-only dosmode can be opened with
2275 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2276 fails with NT_STATUS_CANNOT_DELETE error.
2278 This semantic causes a problem that a user can not
2279 rename a file with read-only dosmode on a Samba share
2280 from a Windows command prompt (i.e. cmd.exe, but can rename
2281 from Windows Explorer).
2284 if (!lp_delete_readonly(SNUM(conn))) {
2285 if (fattr & aRONLY) {
2286 return NT_STATUS_CANNOT_DELETE;
2290 /* On open checks the open itself will check the share mode, so
2291 don't do it here as we'll get it wrong. */
2293 status = create_file_unixpath
2297 DELETE_ACCESS, /* access_mask */
2298 FILE_SHARE_NONE, /* share_access */
2299 FILE_OPEN, /* create_disposition*/
2300 FILE_NON_DIRECTORY_FILE, /* create_options */
2301 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2302 0, /* oplock_request */
2303 0, /* allocation_size */
2310 if (!NT_STATUS_IS_OK(status)) {
2311 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2312 nt_errstr(status)));
2316 /* The set is across all open files on this dev/inode pair. */
2317 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2318 close_file(fsp, NORMAL_CLOSE);
2319 return NT_STATUS_ACCESS_DENIED;
2322 return close_file(fsp,NORMAL_CLOSE);
2325 /****************************************************************************
2326 The guts of the unlink command, split out so it may be called by the NT SMB
2328 ****************************************************************************/
2330 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2331 uint32 dirtype, const char *name_in, bool has_wild)
2333 const char *directory = NULL;
2338 NTSTATUS status = NT_STATUS_OK;
2339 SMB_STRUCT_STAT sbuf;
2340 TALLOC_CTX *ctx = talloc_tos();
2342 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2343 if (!NT_STATUS_IS_OK(status)) {
2347 p = strrchr_m(name,'/');
2349 directory = talloc_strdup(ctx, ".");
2351 return NT_STATUS_NO_MEMORY;
2361 * We should only check the mangled cache
2362 * here if unix_convert failed. This means
2363 * that the path in 'mask' doesn't exist
2364 * on the file system and so we need to look
2365 * for a possible mangle. This patch from
2366 * Tine Smukavec <valentin.smukavec@hermes.si>.
2369 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2370 char *new_mask = NULL;
2371 mangle_lookup_name_from_8_3(ctx,
2381 directory = talloc_asprintf(ctx,
2386 return NT_STATUS_NO_MEMORY;
2389 dirtype = FILE_ATTRIBUTE_NORMAL;
2392 status = check_name(conn, directory);
2393 if (!NT_STATUS_IS_OK(status)) {
2397 status = do_unlink(conn, req, directory, dirtype);
2398 if (!NT_STATUS_IS_OK(status)) {
2404 struct smb_Dir *dir_hnd = NULL;
2408 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2409 return NT_STATUS_OBJECT_NAME_INVALID;
2412 if (strequal(mask,"????????.???")) {
2417 status = check_name(conn, directory);
2418 if (!NT_STATUS_IS_OK(status)) {
2422 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2424 if (dir_hnd == NULL) {
2425 return map_nt_error_from_unix(errno);
2428 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2429 the pattern matches against the long name, otherwise the short name
2430 We don't implement this yet XXXX
2433 status = NT_STATUS_NO_SUCH_FILE;
2435 while ((dname = ReadDirName(dir_hnd, &offset))) {
2439 if (!is_visible_file(conn, directory, dname, &st, True)) {
2443 /* Quick check for "." and ".." */
2444 if (ISDOT(dname) || ISDOTDOT(dname)) {
2448 if(!mask_match(dname, mask, conn->case_sensitive)) {
2452 fname = talloc_asprintf(ctx, "%s/%s",
2456 return NT_STATUS_NO_MEMORY;
2459 status = check_name(conn, fname);
2460 if (!NT_STATUS_IS_OK(status)) {
2461 TALLOC_FREE(dir_hnd);
2465 status = do_unlink(conn, req, fname, dirtype);
2466 if (!NT_STATUS_IS_OK(status)) {
2472 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2477 TALLOC_FREE(dir_hnd);
2480 if (count == 0 && NT_STATUS_IS_OK(status)) {
2481 status = map_nt_error_from_unix(errno);
2487 /****************************************************************************
2489 ****************************************************************************/
2491 void reply_unlink(struct smb_request *req)
2493 connection_struct *conn = req->conn;
2497 bool path_contains_wcard = False;
2498 TALLOC_CTX *ctx = talloc_tos();
2500 START_PROFILE(SMBunlink);
2503 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2504 END_PROFILE(SMBunlink);
2508 dirtype = SVAL(req->inbuf,smb_vwv0);
2510 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2511 smb_buf(req->inbuf) + 1, 0,
2512 STR_TERMINATE, &status, &path_contains_wcard);
2513 if (!NT_STATUS_IS_OK(status)) {
2514 reply_nterror(req, status);
2515 END_PROFILE(SMBunlink);
2519 status = resolve_dfspath_wcard(ctx, conn,
2520 req->flags2 & FLAGS2_DFS_PATHNAMES,
2523 &path_contains_wcard);
2524 if (!NT_STATUS_IS_OK(status)) {
2525 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2526 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2527 ERRSRV, ERRbadpath);
2528 END_PROFILE(SMBunlink);
2531 reply_nterror(req, status);
2532 END_PROFILE(SMBunlink);
2536 DEBUG(3,("reply_unlink : %s\n",name));
2538 status = unlink_internals(conn, req, dirtype, name,
2539 path_contains_wcard);
2540 if (!NT_STATUS_IS_OK(status)) {
2541 if (open_was_deferred(req->mid)) {
2542 /* We have re-scheduled this call. */
2543 END_PROFILE(SMBunlink);
2546 reply_nterror(req, status);
2547 END_PROFILE(SMBunlink);
2551 reply_outbuf(req, 0, 0);
2552 END_PROFILE(SMBunlink);
2557 /****************************************************************************
2559 ****************************************************************************/
2561 static void fail_readraw(void)
2563 const char *errstr = talloc_asprintf(talloc_tos(),
2564 "FAIL ! reply_readbraw: socket write fail (%s)",
2569 exit_server_cleanly(errstr);
2572 /****************************************************************************
2573 Fake (read/write) sendfile. Returns -1 on read or write fail.
2574 ****************************************************************************/
2576 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2580 size_t tosend = nread;
2587 bufsize = MIN(nread, 65536);
2589 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2593 while (tosend > 0) {
2597 if (tosend > bufsize) {
2602 ret = read_file(fsp,buf,startpos,cur_read);
2608 /* If we had a short read, fill with zeros. */
2609 if (ret < cur_read) {
2610 memset(buf, '\0', cur_read - ret);
2613 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2618 startpos += cur_read;
2622 return (ssize_t)nread;
2625 /****************************************************************************
2626 Return a readbraw error (4 bytes of zero).
2627 ****************************************************************************/
2629 static void reply_readbraw_error(void)
2633 if (write_data(smbd_server_fd(),header,4) != 4) {
2638 /****************************************************************************
2639 Use sendfile in readbraw.
2640 ****************************************************************************/
2642 void send_file_readbraw(connection_struct *conn,
2648 char *outbuf = NULL;
2651 #if defined(WITH_SENDFILE)
2653 * We can only use sendfile on a non-chained packet
2654 * but we can use on a non-oplocked file. tridge proved this
2655 * on a train in Germany :-). JRA.
2656 * reply_readbraw has already checked the length.
2659 if ( (chain_size == 0) && (nread > 0) &&
2660 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2662 DATA_BLOB header_blob;
2664 _smb_setlen(header,nread);
2665 header_blob = data_blob_const(header, 4);
2667 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2668 &header_blob, startpos, nread) == -1) {
2669 /* Returning ENOSYS means no data at all was sent.
2670 * Do this as a normal read. */
2671 if (errno == ENOSYS) {
2672 goto normal_readbraw;
2676 * Special hack for broken Linux with no working sendfile. If we
2677 * return EINTR we sent the header but not the rest of the data.
2678 * Fake this up by doing read/write calls.
2680 if (errno == EINTR) {
2681 /* Ensure we don't do this again. */
2682 set_use_sendfile(SNUM(conn), False);
2683 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2685 if (fake_sendfile(fsp, startpos, nread) == -1) {
2686 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2687 fsp->fsp_name, strerror(errno) ));
2688 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2693 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2694 fsp->fsp_name, strerror(errno) ));
2695 exit_server_cleanly("send_file_readbraw sendfile failed");
2704 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2706 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2707 (unsigned)(nread+4)));
2708 reply_readbraw_error();
2713 ret = read_file(fsp,outbuf+4,startpos,nread);
2714 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2723 _smb_setlen(outbuf,ret);
2724 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2727 TALLOC_FREE(outbuf);
2730 /****************************************************************************
2731 Reply to a readbraw (core+ protocol).
2732 ****************************************************************************/
2734 void reply_readbraw(struct smb_request *req)
2736 connection_struct *conn = req->conn;
2737 ssize_t maxcount,mincount;
2744 START_PROFILE(SMBreadbraw);
2746 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2747 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2748 "raw reads/writes are disallowed.");
2752 reply_readbraw_error();
2753 END_PROFILE(SMBreadbraw);
2758 * Special check if an oplock break has been issued
2759 * and the readraw request croses on the wire, we must
2760 * return a zero length response here.
2763 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2766 * We have to do a check_fsp by hand here, as
2767 * we must always return 4 zero bytes on error,
2771 if (!fsp || !conn || conn != fsp->conn ||
2772 current_user.vuid != fsp->vuid ||
2773 fsp->is_directory || fsp->fh->fd == -1) {
2775 * fsp could be NULL here so use the value from the packet. JRA.
2777 DEBUG(3,("reply_readbraw: fnum %d not valid "
2779 (int)SVAL(req->inbuf,smb_vwv0)));
2780 reply_readbraw_error();
2781 END_PROFILE(SMBreadbraw);
2785 /* Do a "by hand" version of CHECK_READ. */
2786 if (!(fsp->can_read ||
2787 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2788 (fsp->access_mask & FILE_EXECUTE)))) {
2789 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2790 (int)SVAL(req->inbuf,smb_vwv0)));
2791 reply_readbraw_error();
2792 END_PROFILE(SMBreadbraw);
2796 flush_write_cache(fsp, READRAW_FLUSH);
2798 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2799 if(req->wct == 10) {
2801 * This is a large offset (64 bit) read.
2803 #ifdef LARGE_SMB_OFF_T
2805 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2807 #else /* !LARGE_SMB_OFF_T */
2810 * Ensure we haven't been sent a >32 bit offset.
2813 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2814 DEBUG(0,("reply_readbraw: large offset "
2815 "(%x << 32) used and we don't support "
2816 "64 bit offsets.\n",
2817 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2818 reply_readbraw_error();
2819 END_PROFILE(SMBreadbraw);
2823 #endif /* LARGE_SMB_OFF_T */
2826 DEBUG(0,("reply_readbraw: negative 64 bit "
2827 "readraw offset (%.0f) !\n",
2828 (double)startpos ));
2829 reply_readbraw_error();
2830 END_PROFILE(SMBreadbraw);
2835 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2836 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2838 /* ensure we don't overrun the packet size */
2839 maxcount = MIN(65535,maxcount);
2841 if (is_locked(fsp,(uint32)req->smbpid,
2842 (SMB_BIG_UINT)maxcount,
2843 (SMB_BIG_UINT)startpos,
2845 reply_readbraw_error();
2846 END_PROFILE(SMBreadbraw);
2850 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2854 if (startpos >= size) {
2857 nread = MIN(maxcount,(size - startpos));
2860 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2861 if (nread < mincount)
2865 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2866 "min=%lu nread=%lu\n",
2867 fsp->fnum, (double)startpos,
2868 (unsigned long)maxcount,
2869 (unsigned long)mincount,
2870 (unsigned long)nread ) );
2872 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2874 DEBUG(5,("reply_readbraw finished\n"));
2875 END_PROFILE(SMBreadbraw);
2879 #define DBGC_CLASS DBGC_LOCKING
2881 /****************************************************************************
2882 Reply to a lockread (core+ protocol).
2883 ****************************************************************************/
2885 void reply_lockread(struct smb_request *req)
2887 connection_struct *conn = req->conn;
2894 struct byte_range_lock *br_lck = NULL;
2897 START_PROFILE(SMBlockread);
2900 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2901 END_PROFILE(SMBlockread);
2905 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2907 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2908 END_PROFILE(SMBlockread);
2912 if (!CHECK_READ(fsp,req->inbuf)) {
2913 reply_doserror(req, ERRDOS, ERRbadaccess);
2914 END_PROFILE(SMBlockread);
2918 release_level_2_oplocks_on_change(fsp);
2920 numtoread = SVAL(req->inbuf,smb_vwv1);
2921 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2923 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2925 reply_outbuf(req, 5, numtoread + 3);
2927 data = smb_buf(req->outbuf) + 3;
2930 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2931 * protocol request that predates the read/write lock concept.
2932 * Thus instead of asking for a read lock here we need to ask
2933 * for a write lock. JRA.
2934 * Note that the requested lock size is unaffected by max_recv.
2937 br_lck = do_lock(smbd_messaging_context(),
2940 (SMB_BIG_UINT)numtoread,
2941 (SMB_BIG_UINT)startpos,
2944 False, /* Non-blocking lock. */
2947 TALLOC_FREE(br_lck);
2949 if (NT_STATUS_V(status)) {
2950 reply_nterror(req, status);
2951 END_PROFILE(SMBlockread);
2956 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2959 if (numtoread > max_recv) {
2960 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2961 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2962 (unsigned int)numtoread, (unsigned int)max_recv ));
2963 numtoread = MIN(numtoread,max_recv);
2965 nread = read_file(fsp,data,startpos,numtoread);
2968 reply_unixerror(req, ERRDOS, ERRnoaccess);
2969 END_PROFILE(SMBlockread);
2973 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2975 SSVAL(req->outbuf,smb_vwv0,nread);
2976 SSVAL(req->outbuf,smb_vwv5,nread+3);
2977 p = smb_buf(req->outbuf);
2978 SCVAL(p,0,0); /* pad byte. */
2981 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2982 fsp->fnum, (int)numtoread, (int)nread));
2984 END_PROFILE(SMBlockread);
2989 #define DBGC_CLASS DBGC_ALL
2991 /****************************************************************************
2993 ****************************************************************************/
2995 void reply_read(struct smb_request *req)
2997 connection_struct *conn = req->conn;
3005 START_PROFILE(SMBread);
3008 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3009 END_PROFILE(SMBread);
3013 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3015 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3016 END_PROFILE(SMBread);
3020 if (!CHECK_READ(fsp,req->inbuf)) {
3021 reply_doserror(req, ERRDOS, ERRbadaccess);
3022 END_PROFILE(SMBread);
3026 numtoread = SVAL(req->inbuf,smb_vwv1);
3027 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3029 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3032 * The requested read size cannot be greater than max_recv. JRA.
3034 if (numtoread > max_recv) {
3035 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3036 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3037 (unsigned int)numtoread, (unsigned int)max_recv ));
3038 numtoread = MIN(numtoread,max_recv);
3041 reply_outbuf(req, 5, numtoread+3);
3043 data = smb_buf(req->outbuf) + 3;
3045 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3046 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3047 reply_doserror(req, ERRDOS,ERRlock);
3048 END_PROFILE(SMBread);
3053 nread = read_file(fsp,data,startpos,numtoread);
3056 reply_unixerror(req, ERRDOS,ERRnoaccess);
3057 END_PROFILE(SMBread);
3061 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3063 SSVAL(req->outbuf,smb_vwv0,nread);
3064 SSVAL(req->outbuf,smb_vwv5,nread+3);
3065 SCVAL(smb_buf(req->outbuf),0,1);
3066 SSVAL(smb_buf(req->outbuf),1,nread);
3068 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3069 fsp->fnum, (int)numtoread, (int)nread ) );
3071 END_PROFILE(SMBread);
3075 /****************************************************************************
3077 ****************************************************************************/
3079 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3084 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3085 data = smb_buf(outbuf);
3087 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3089 SCVAL(outbuf,smb_vwv0,0xFF);
3090 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3091 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3092 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3093 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3094 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3095 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3096 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3100 /****************************************************************************
3101 Reply to a read and X - possibly using sendfile.
3102 ****************************************************************************/
3104 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3105 files_struct *fsp, SMB_OFF_T startpos,
3108 SMB_STRUCT_STAT sbuf;
3111 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3112 reply_unixerror(req, ERRDOS, ERRnoaccess);
3116 if (startpos > sbuf.st_size) {
3118 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3119 smb_maxcnt = (sbuf.st_size - startpos);
3122 if (smb_maxcnt == 0) {
3126 #if defined(WITH_SENDFILE)
3128 * We can only use sendfile on a non-chained packet
3129 * but we can use on a non-oplocked file. tridge proved this
3130 * on a train in Germany :-). JRA.
3133 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3134 !is_encrypted_packet(req->inbuf) &&
3135 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3136 uint8 headerbuf[smb_size + 12 * 2];
3140 * Set up the packet header before send. We
3141 * assume here the sendfile will work (get the
3142 * correct amount of data).
3145 header = data_blob_const(headerbuf, sizeof(headerbuf));
3147 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3148 setup_readX_header((char *)headerbuf, smb_maxcnt);
3150 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3151 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3152 if (errno == ENOSYS) {
3157 * Special hack for broken Linux with no working sendfile. If we
3158 * return EINTR we sent the header but not the rest of the data.
3159 * Fake this up by doing read/write calls.
3162 if (errno == EINTR) {
3163 /* Ensure we don't do this again. */
3164 set_use_sendfile(SNUM(conn), False);
3165 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3166 nread = fake_sendfile(fsp, startpos,
3169 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3170 fsp->fsp_name, strerror(errno) ));
3171 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3173 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3174 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3175 /* No outbuf here means successful sendfile. */
3176 TALLOC_FREE(req->outbuf);
3180 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3181 fsp->fsp_name, strerror(errno) ));
3182 exit_server_cleanly("send_file_readX sendfile failed");
3185 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3186 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3187 /* No outbuf here means successful sendfile. */
3188 TALLOC_FREE(req->outbuf);
3195 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3196 uint8 headerbuf[smb_size + 2*12];
3198 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3199 setup_readX_header((char *)headerbuf, smb_maxcnt);
3201 /* Send out the header. */
3202 if (write_data(smbd_server_fd(), (char *)headerbuf,
3203 sizeof(headerbuf)) != sizeof(headerbuf)) {
3204 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3205 fsp->fsp_name, strerror(errno) ));
3206 exit_server_cleanly("send_file_readX sendfile failed");
3208 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3210 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3211 fsp->fsp_name, strerror(errno) ));
3212 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3214 TALLOC_FREE(req->outbuf);
3217 reply_outbuf(req, 12, smb_maxcnt);
3219 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3222 reply_unixerror(req, ERRDOS, ERRnoaccess);
3226 setup_readX_header((char *)req->outbuf, nread);
3228 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3229 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3237 /****************************************************************************
3238 Reply to a read and X.
3239 ****************************************************************************/
3241 void reply_read_and_X(struct smb_request *req)
3243 connection_struct *conn = req->conn;
3247 bool big_readX = False;
3249 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3252 START_PROFILE(SMBreadX);
3254 if ((req->wct != 10) && (req->wct != 12)) {
3255 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3259 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3260 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3261 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3263 /* If it's an IPC, pass off the pipe handler. */
3265 reply_pipe_read_and_X(req);
3266 END_PROFILE(SMBreadX);
3270 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3271 END_PROFILE(SMBreadX);
3275 if (!CHECK_READ(fsp,req->inbuf)) {
3276 reply_doserror(req, ERRDOS,ERRbadaccess);
3277 END_PROFILE(SMBreadX);
3281 if (global_client_caps & CAP_LARGE_READX) {
3282 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3283 smb_maxcnt |= (upper_size<<16);
3284 if (upper_size > 1) {
3285 /* Can't do this on a chained packet. */
3286 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3287 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3288 END_PROFILE(SMBreadX);
3291 /* We currently don't do this on signed or sealed data. */
3292 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3293 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3294 END_PROFILE(SMBreadX);
3297 /* Is there room in the reply for this data ? */
3298 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3300 NT_STATUS_INVALID_PARAMETER);
3301 END_PROFILE(SMBreadX);
3308 if (req->wct == 12) {
3309 #ifdef LARGE_SMB_OFF_T
3311 * This is a large offset (64 bit) read.
3313 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3315 #else /* !LARGE_SMB_OFF_T */
3318 * Ensure we haven't been sent a >32 bit offset.
3321 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3322 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3323 "used and we don't support 64 bit offsets.\n",
3324 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3325 END_PROFILE(SMBreadX);
3326 reply_doserror(req, ERRDOS, ERRbadaccess);
3330 #endif /* LARGE_SMB_OFF_T */
3334 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3335 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3336 END_PROFILE(SMBreadX);
3337 reply_doserror(req, ERRDOS, ERRlock);
3342 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3343 END_PROFILE(SMBreadX);
3347 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3349 END_PROFILE(SMBreadX);
3353 /****************************************************************************
3354 Error replies to writebraw must have smb_wct == 1. Fix this up.
3355 ****************************************************************************/
3357 void error_to_writebrawerr(struct smb_request *req)
3359 uint8 *old_outbuf = req->outbuf;
3361 reply_outbuf(req, 1, 0);
3363 memcpy(req->outbuf, old_outbuf, smb_size);
3364 TALLOC_FREE(old_outbuf);
3367 /****************************************************************************
3368 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3369 ****************************************************************************/
3371 void reply_writebraw(struct smb_request *req)
3373 connection_struct *conn = req->conn;
3376 ssize_t total_written=0;
3377 size_t numtowrite=0;
3385 START_PROFILE(SMBwritebraw);
3388 * If we ever reply with an error, it must have the SMB command
3389 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3392 SCVAL(req->inbuf,smb_com,SMBwritec);
3394 if (srv_is_signing_active()) {
3395 END_PROFILE(SMBwritebraw);
3396 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3397 "raw reads/writes are disallowed.");
3400 if (req->wct < 12) {
3401 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3402 error_to_writebrawerr(req);
3403 END_PROFILE(SMBwritebraw);
3407 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3408 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3409 error_to_writebrawerr(req);
3410 END_PROFILE(SMBwritebraw);
3414 if (!CHECK_WRITE(fsp)) {
3415 reply_doserror(req, ERRDOS, ERRbadaccess);
3416 error_to_writebrawerr(req);
3417 END_PROFILE(SMBwritebraw);
3421 tcount = IVAL(req->inbuf,smb_vwv1);
3422 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3423 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3425 /* We have to deal with slightly different formats depending
3426 on whether we are using the core+ or lanman1.0 protocol */
3428 if(Protocol <= PROTOCOL_COREPLUS) {
3429 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3430 data = smb_buf(req->inbuf);
3432 numtowrite = SVAL(req->inbuf,smb_vwv10);
3433 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3436 /* Ensure we don't write bytes past the end of this packet. */
3437 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3438 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3439 error_to_writebrawerr(req);
3440 END_PROFILE(SMBwritebraw);
3444 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3445 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3446 reply_doserror(req, ERRDOS, ERRlock);
3447 error_to_writebrawerr(req);
3448 END_PROFILE(SMBwritebraw);
3453 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3456 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3457 "wrote=%d sync=%d\n",
3458 fsp->fnum, (double)startpos, (int)numtowrite,
3459 (int)nwritten, (int)write_through));
3461 if (nwritten < (ssize_t)numtowrite) {
3462 reply_unixerror(req, ERRHRD, ERRdiskfull);
3463 error_to_writebrawerr(req);
3464 END_PROFILE(SMBwritebraw);
3468 total_written = nwritten;
3470 /* Allocate a buffer of 64k + length. */
3471 buf = TALLOC_ARRAY(NULL, char, 65540);
3473 reply_doserror(req, ERRDOS, ERRnomem);
3474 error_to_writebrawerr(req);
3475 END_PROFILE(SMBwritebraw);
3479 /* Return a SMBwritebraw message to the redirector to tell
3480 * it to send more bytes */
3482 memcpy(buf, req->inbuf, smb_size);
3483 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3484 SCVAL(buf,smb_com,SMBwritebraw);
3485 SSVALS(buf,smb_vwv0,0xFFFF);
3487 if (!srv_send_smb(smbd_server_fd(),
3489 IS_CONN_ENCRYPTED(conn))) {
3490 exit_server_cleanly("reply_writebraw: srv_send_smb "
3494 /* Now read the raw data into the buffer and write it */
3495 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3497 if (!NT_STATUS_IS_OK(status)) {
3498 exit_server_cleanly("secondary writebraw failed");
3501 /* Set up outbuf to return the correct size */
3502 reply_outbuf(req, 1, 0);
3504 if (numtowrite != 0) {
3506 if (numtowrite > 0xFFFF) {
3507 DEBUG(0,("reply_writebraw: Oversize secondary write "
3508 "raw requested (%u). Terminating\n",
3509 (unsigned int)numtowrite ));
3510 exit_server_cleanly("secondary writebraw failed");
3513 if (tcount > nwritten+numtowrite) {
3514 DEBUG(3,("reply_writebraw: Client overestimated the "
3516 (int)tcount,(int)nwritten,(int)numtowrite));
3519 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3521 if (!NT_STATUS_IS_OK(status)) {
3522 DEBUG(0,("reply_writebraw: Oversize secondary write "
3523 "raw read failed (%s). Terminating\n",
3524 nt_errstr(status)));
3525 exit_server_cleanly("secondary writebraw failed");
3528 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3529 if (nwritten == -1) {
3531 reply_unixerror(req, ERRHRD, ERRdiskfull);
3532 error_to_writebrawerr(req);
3533 END_PROFILE(SMBwritebraw);
3537 if (nwritten < (ssize_t)numtowrite) {
3538 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3539 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3543 total_written += nwritten;
3548 SSVAL(req->outbuf,smb_vwv0,total_written);
3550 status = sync_file(conn, fsp, write_through);
3551 if (!NT_STATUS_IS_OK(status)) {
3552 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3553 fsp->fsp_name, nt_errstr(status) ));
3554 reply_nterror(req, status);
3555 error_to_writebrawerr(req);
3556 END_PROFILE(SMBwritebraw);
3560 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3562 fsp->fnum, (double)startpos, (int)numtowrite,
3563 (int)total_written));
3565 /* We won't return a status if write through is not selected - this
3566 * follows what WfWg does */
3567 END_PROFILE(SMBwritebraw);
3569 if (!write_through && total_written==tcount) {
3571 #if RABBIT_PELLET_FIX
3573 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3574 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3577 if (!send_keepalive(smbd_server_fd())) {
3578 exit_server_cleanly("reply_writebraw: send of "
3579 "keepalive failed");
3582 TALLOC_FREE(req->outbuf);
3588 #define DBGC_CLASS DBGC_LOCKING
3590 /****************************************************************************
3591 Reply to a writeunlock (core+).
3592 ****************************************************************************/
3594 void reply_writeunlock(struct smb_request *req)
3596 connection_struct *conn = req->conn;
3597 ssize_t nwritten = -1;
3601 NTSTATUS status = NT_STATUS_OK;
3604 START_PROFILE(SMBwriteunlock);
3607 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3608 END_PROFILE(SMBwriteunlock);
3612 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3614 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3615 END_PROFILE(SMBwriteunlock);
3619 if (!CHECK_WRITE(fsp)) {
3620 reply_doserror(req, ERRDOS,ERRbadaccess);
3621 END_PROFILE(SMBwriteunlock);
3625 numtowrite = SVAL(req->inbuf,smb_vwv1);
3626 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3627 data = smb_buf(req->inbuf) + 3;
3630 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3631 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3632 reply_doserror(req, ERRDOS, ERRlock);
3633 END_PROFILE(SMBwriteunlock);
3637 /* The special X/Open SMB protocol handling of
3638 zero length writes is *NOT* done for
3640 if(numtowrite == 0) {
3643 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3646 status = sync_file(conn, fsp, False /* write through */);
3647 if (!NT_STATUS_IS_OK(status)) {
3648 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3649 fsp->fsp_name, nt_errstr(status) ));
3650 reply_nterror(req, status);
3651 END_PROFILE(SMBwriteunlock);
3655 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3656 reply_unixerror(req, ERRHRD, ERRdiskfull);
3657 END_PROFILE(SMBwriteunlock);
3662 status = do_unlock(smbd_messaging_context(),
3665 (SMB_BIG_UINT)numtowrite,
3666 (SMB_BIG_UINT)startpos,
3669 if (NT_STATUS_V(status)) {
3670 reply_nterror(req, status);
3671 END_PROFILE(SMBwriteunlock);
3676 reply_outbuf(req, 1, 0);
3678 SSVAL(req->outbuf,smb_vwv0,nwritten);
3680 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3681 fsp->fnum, (int)numtowrite, (int)nwritten));
3683 END_PROFILE(SMBwriteunlock);
3688 #define DBGC_CLASS DBGC_ALL
3690 /****************************************************************************
3692 ****************************************************************************/
3694 void reply_write(struct smb_request *req)
3696 connection_struct *conn = req->conn;
3698 ssize_t nwritten = -1;
3704 START_PROFILE(SMBwrite);
3707 END_PROFILE(SMBwrite);
3708 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3712 /* If it's an IPC, pass off the pipe handler. */
3714 reply_pipe_write(req);
3715 END_PROFILE(SMBwrite);
3719 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3721 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3722 END_PROFILE(SMBwrite);
3726 if (!CHECK_WRITE(fsp)) {
3727 reply_doserror(req, ERRDOS, ERRbadaccess);
3728 END_PROFILE(SMBwrite);
3732 numtowrite = SVAL(req->inbuf,smb_vwv1);
3733 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3734 data = smb_buf(req->inbuf) + 3;
3736 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3737 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3738 reply_doserror(req, ERRDOS, ERRlock);
3739 END_PROFILE(SMBwrite);
3744 * X/Open SMB protocol says that if smb_vwv1 is
3745 * zero then the file size should be extended or
3746 * truncated to the size given in smb_vwv[2-3].
3749 if(numtowrite == 0) {
3751 * This is actually an allocate call, and set EOF. JRA.
3753 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3755 reply_nterror(req, NT_STATUS_DISK_FULL);
3756 END_PROFILE(SMBwrite);
3759 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3761 reply_nterror(req, NT_STATUS_DISK_FULL);
3762 END_PROFILE(SMBwrite);
3766 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3768 status = sync_file(conn, fsp, False);
3769 if (!NT_STATUS_IS_OK(status)) {
3770 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3771 fsp->fsp_name, nt_errstr(status) ));
3772 reply_nterror(req, status);
3773 END_PROFILE(SMBwrite);
3777 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3778 reply_unixerror(req, ERRHRD, ERRdiskfull);
3779 END_PROFILE(SMBwrite);
3783 reply_outbuf(req, 1, 0);
3785 SSVAL(req->outbuf,smb_vwv0,nwritten);
3787 if (nwritten < (ssize_t)numtowrite) {
3788 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3789 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3792 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3794 END_PROFILE(SMBwrite);
3798 /****************************************************************************
3799 Ensure a buffer is a valid writeX for recvfile purposes.
3800 ****************************************************************************/
3802 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3803 (2*14) + /* word count (including bcc) */ \
3806 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3809 connection_struct *conn = NULL;
3810 unsigned int doff = 0;
3811 size_t len = smb_len_large(inbuf);
3813 if (is_encrypted_packet(inbuf)) {
3814 /* Can't do this on encrypted
3819 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3823 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3824 CVAL(inbuf,smb_wct) != 14) {
3825 DEBUG(10,("is_valid_writeX_buffer: chained or "
3826 "invalid word length.\n"));
3830 conn = conn_find(SVAL(inbuf, smb_tid));
3832 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3836 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3839 doff = SVAL(inbuf,smb_vwv11);
3841 numtowrite = SVAL(inbuf,smb_vwv10);
3843 if (len > doff && len - doff > 0xFFFF) {
3844 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3847 if (numtowrite == 0) {
3848 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3852 /* Ensure the sizes match up. */
3853 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3854 /* no pad byte...old smbclient :-( */
3855 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3857 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3861 if (len - doff != numtowrite) {
3862 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3863 "len = %u, doff = %u, numtowrite = %u\n",
3866 (unsigned int)numtowrite ));
3870 DEBUG(10,("is_valid_writeX_buffer: true "
3871 "len = %u, doff = %u, numtowrite = %u\n",
3874 (unsigned int)numtowrite ));
3879 /****************************************************************************
3880 Reply to a write and X.
3881 ****************************************************************************/
3883 void reply_write_and_X(struct smb_request *req)
3885 connection_struct *conn = req->conn;
3891 unsigned int smb_doff;
3892 unsigned int smblen;
3896 START_PROFILE(SMBwriteX);
3898 if ((req->wct != 12) && (req->wct != 14)) {
3899 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3900 END_PROFILE(SMBwriteX);
3904 numtowrite = SVAL(req->inbuf,smb_vwv10);
3905 smb_doff = SVAL(req->inbuf,smb_vwv11);
3906 smblen = smb_len(req->inbuf);
3908 if (req->unread_bytes > 0xFFFF ||
3909 (smblen > smb_doff &&
3910 smblen - smb_doff > 0xFFFF)) {
3911 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3914 if (req->unread_bytes) {
3915 /* Can't do a recvfile write on IPC$ */
3917 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3918 END_PROFILE(SMBwriteX);
3921 if (numtowrite != req->unread_bytes) {
3922 reply_doserror(req, ERRDOS, ERRbadmem);
3923 END_PROFILE(SMBwriteX);
3927 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3928 smb_doff + numtowrite > smblen) {
3929 reply_doserror(req, ERRDOS, ERRbadmem);
3930 END_PROFILE(SMBwriteX);
3935 /* If it's an IPC, pass off the pipe handler. */
3937 if (req->unread_bytes) {
3938 reply_doserror(req, ERRDOS, ERRbadmem);
3939 END_PROFILE(SMBwriteX);
3942 reply_pipe_write_and_X(req);
3943 END_PROFILE(SMBwriteX);
3947 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3948 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3949 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3951 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3952 END_PROFILE(SMBwriteX);
3956 if (!CHECK_WRITE(fsp)) {
3957 reply_doserror(req, ERRDOS, ERRbadaccess);
3958 END_PROFILE(SMBwriteX);
3962 data = smb_base(req->inbuf) + smb_doff;
3964 if(req->wct == 14) {
3965 #ifdef LARGE_SMB_OFF_T
3967 * This is a large offset (64 bit) write.
3969 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3971 #else /* !LARGE_SMB_OFF_T */
3974 * Ensure we haven't been sent a >32 bit offset.
3977 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3978 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3979 "used and we don't support 64 bit offsets.\n",
3980 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
3981 reply_doserror(req, ERRDOS, ERRbadaccess);
3982 END_PROFILE(SMBwriteX);
3986 #endif /* LARGE_SMB_OFF_T */
3989 if (is_locked(fsp,(uint32)req->smbpid,
3990 (SMB_BIG_UINT)numtowrite,
3991 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3992 reply_doserror(req, ERRDOS, ERRlock);
3993 END_PROFILE(SMBwriteX);
3997 /* X/Open SMB protocol says that, unlike SMBwrite
3998 if the length is zero then NO truncation is
3999 done, just a write of zero. To truncate a file,
4002 if(numtowrite == 0) {
4006 if ((req->unread_bytes == 0) &&
4007 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4009 END_PROFILE(SMBwriteX);
4013 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4016 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4017 reply_unixerror(req, ERRHRD, ERRdiskfull);
4018 END_PROFILE(SMBwriteX);
4022 reply_outbuf(req, 6, 0);
4023 SSVAL(req->outbuf,smb_vwv2,nwritten);
4024 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4026 if (nwritten < (ssize_t)numtowrite) {
4027 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4028 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4031 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4032 fsp->fnum, (int)numtowrite, (int)nwritten));
4034 status = sync_file(conn, fsp, write_through);
4035 if (!NT_STATUS_IS_OK(status)) {
4036 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4037 fsp->fsp_name, nt_errstr(status) ));
4038 reply_nterror(req, status);
4039 END_PROFILE(SMBwriteX);
4043 END_PROFILE(SMBwriteX);
4048 /****************************************************************************
4050 ****************************************************************************/
4052 void reply_lseek(struct smb_request *req)
4054 connection_struct *conn = req->conn;
4060 START_PROFILE(SMBlseek);
4063 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4064 END_PROFILE(SMBlseek);
4068 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4070 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4074 flush_write_cache(fsp, SEEK_FLUSH);
4076 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4077 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4078 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4087 res = fsp->fh->pos + startpos;
4098 if (umode == SEEK_END) {
4099 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4100 if(errno == EINVAL) {
4101 SMB_OFF_T current_pos = startpos;
4102 SMB_STRUCT_STAT sbuf;
4104 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4105 reply_unixerror(req, ERRDOS,
4107 END_PROFILE(SMBlseek);
4111 current_pos += sbuf.st_size;
4113 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4118 reply_unixerror(req, ERRDOS, ERRnoaccess);
4119 END_PROFILE(SMBlseek);
4126 reply_outbuf(req, 2, 0);
4127 SIVAL(req->outbuf,smb_vwv0,res);
4129 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4130 fsp->fnum, (double)startpos, (double)res, mode));
4132 END_PROFILE(SMBlseek);
4136 /****************************************************************************
4138 ****************************************************************************/
4140 void reply_flush(struct smb_request *req)
4142 connection_struct *conn = req->conn;
4146 START_PROFILE(SMBflush);
4149 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4153 fnum = SVAL(req->inbuf,smb_vwv0);
4154 fsp = file_fsp(fnum);
4156 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
4161 file_sync_all(conn);
4163 NTSTATUS status = sync_file(conn, fsp, True);
4164 if (!NT_STATUS_IS_OK(status)) {
4165 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4166 fsp->fsp_name, nt_errstr(status) ));
4167 reply_nterror(req, status);
4168 END_PROFILE(SMBflush);
4173 reply_outbuf(req, 0, 0);
4175 DEBUG(3,("flush\n"));
4176 END_PROFILE(SMBflush);
4180 /****************************************************************************
4182 conn POINTER CAN BE NULL HERE !
4183 ****************************************************************************/
4185 void reply_exit(struct smb_request *req)
4187 START_PROFILE(SMBexit);
4189 file_close_pid(req->smbpid, req->vuid);
4191 reply_outbuf(req, 0, 0);
4193 DEBUG(3,("exit\n"));
4195 END_PROFILE(SMBexit);
4199 /****************************************************************************
4200 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4201 ****************************************************************************/
4203 void reply_close(struct smb_request *req)
4205 connection_struct *conn = req->conn;
4206 NTSTATUS status = NT_STATUS_OK;
4207 files_struct *fsp = NULL;
4208 START_PROFILE(SMBclose);
4211 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4212 END_PROFILE(SMBclose);
4216 /* If it's an IPC, pass off to the pipe handler. */
4218 reply_pipe_close(conn, req);
4219 END_PROFILE(SMBclose);
4223 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4226 * We can only use CHECK_FSP if we know it's not a directory.
4229 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4230 reply_doserror(req, ERRDOS, ERRbadfid);
4231 END_PROFILE(SMBclose);
4235 if(fsp->is_directory) {
4237 * Special case - close NT SMB directory handle.
4239 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4240 status = close_file(fsp,NORMAL_CLOSE);
4243 * Close ordinary file.
4246 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4247 fsp->fh->fd, fsp->fnum,
4248 conn->num_files_open));
4251 * Take care of any time sent in the close.
4254 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
4255 srv_make_unix_date3(
4256 req->inbuf+smb_vwv1)));
4259 * close_file() returns the unix errno if an error
4260 * was detected on close - normally this is due to
4261 * a disk full error. If not then it was probably an I/O error.
4264 status = close_file(fsp,NORMAL_CLOSE);
4267 if (!NT_STATUS_IS_OK(status)) {
4268 reply_nterror(req, status);
4269 END_PROFILE(SMBclose);
4273 reply_outbuf(req, 0, 0);
4274 END_PROFILE(SMBclose);
4278 /****************************************************************************
4279 Reply to a writeclose (Core+ protocol).
4280 ****************************************************************************/
4282 void reply_writeclose(struct smb_request *req)
4284 connection_struct *conn = req->conn;
4286 ssize_t nwritten = -1;
4287 NTSTATUS close_status = NT_STATUS_OK;
4290 struct timespec mtime;
4293 START_PROFILE(SMBwriteclose);
4296 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4297 END_PROFILE(SMBwriteclose);
4301 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4303 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4304 END_PROFILE(SMBwriteclose);
4307 if (!CHECK_WRITE(fsp)) {
4308 reply_doserror(req, ERRDOS,ERRbadaccess);
4309 END_PROFILE(SMBwriteclose);
4313 numtowrite = SVAL(req->inbuf,smb_vwv1);
4314 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4315 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4316 req->inbuf+smb_vwv4));
4317 data = smb_buf(req->inbuf) + 1;
4320 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4321 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4322 reply_doserror(req, ERRDOS,ERRlock);
4323 END_PROFILE(SMBwriteclose);
4327 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4329 set_filetime(conn, fsp->fsp_name, mtime);
4332 * More insanity. W2K only closes the file if writelen > 0.
4337 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4339 close_status = close_file(fsp,NORMAL_CLOSE);
4342 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4343 fsp->fnum, (int)numtowrite, (int)nwritten,
4344 conn->num_files_open));
4346 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4347 reply_doserror(req, ERRHRD, ERRdiskfull);
4348 END_PROFILE(SMBwriteclose);
4352 if(!NT_STATUS_IS_OK(close_status)) {
4353 reply_nterror(req, close_status);
4354 END_PROFILE(SMBwriteclose);
4358 reply_outbuf(req, 1, 0);
4360 SSVAL(req->outbuf,smb_vwv0,nwritten);
4361 END_PROFILE(SMBwriteclose);
4366 #define DBGC_CLASS DBGC_LOCKING
4368 /****************************************************************************
4370 ****************************************************************************/
4372 void reply_lock(struct smb_request *req)
4374 connection_struct *conn = req->conn;
4375 SMB_BIG_UINT count,offset;
4378 struct byte_range_lock *br_lck = NULL;
4380 START_PROFILE(SMBlock);
4383 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4384 END_PROFILE(SMBlock);
4388 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4390 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4391 END_PROFILE(SMBlock);
4395 release_level_2_oplocks_on_change(fsp);
4397 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4398 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4400 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4401 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4403 br_lck = do_lock(smbd_messaging_context(),
4410 False, /* Non-blocking lock. */
4414 TALLOC_FREE(br_lck);
4416 if (NT_STATUS_V(status)) {
4417 reply_nterror(req, status);
4418 END_PROFILE(SMBlock);
4422 reply_outbuf(req, 0, 0);
4424 END_PROFILE(SMBlock);
4428 /****************************************************************************
4430 ****************************************************************************/
4432 void reply_unlock(struct smb_request *req)
4434 connection_struct *conn = req->conn;
4435 SMB_BIG_UINT count,offset;
4439 START_PROFILE(SMBunlock);
4442 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4443 END_PROFILE(SMBunlock);
4447 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4449 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4450 END_PROFILE(SMBunlock);
4454 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4455 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4457 status = do_unlock(smbd_messaging_context(),
4464 if (NT_STATUS_V(status)) {
4465 reply_nterror(req, status);
4466 END_PROFILE(SMBunlock);
4470 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4471 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4473 reply_outbuf(req, 0, 0);
4475 END_PROFILE(SMBunlock);
4480 #define DBGC_CLASS DBGC_ALL
4482 /****************************************************************************
4484 conn POINTER CAN BE NULL HERE !
4485 ****************************************************************************/
4487 void reply_tdis(struct smb_request *req)
4489 connection_struct *conn = req->conn;
4490 START_PROFILE(SMBtdis);
4493 DEBUG(4,("Invalid connection in tdis\n"));
4494 reply_doserror(req, ERRSRV, ERRinvnid);
4495 END_PROFILE(SMBtdis);
4501 close_cnum(conn,req->vuid);
4504 reply_outbuf(req, 0, 0);
4505 END_PROFILE(SMBtdis);
4509 /****************************************************************************
4511 conn POINTER CAN BE NULL HERE !
4512 ****************************************************************************/
4514 void reply_echo(struct smb_request *req)
4516 connection_struct *conn = req->conn;
4519 unsigned int data_len = smb_buflen(req->inbuf);
4521 START_PROFILE(SMBecho);
4524 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4525 END_PROFILE(SMBecho);
4529 if (data_len > BUFFER_SIZE) {
4530 DEBUG(0,("reply_echo: data_len too large.\n"));
4531 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4532 END_PROFILE(SMBecho);
4536 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4538 reply_outbuf(req, 1, data_len);
4540 /* copy any incoming data back out */
4542 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4545 if (smb_reverb > 100) {
4546 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4550 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4551 SSVAL(req->outbuf,smb_vwv0,seq_num);
4553 show_msg((char *)req->outbuf);
4554 if (!srv_send_smb(smbd_server_fd(),
4555 (char *)req->outbuf,
4556 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4557 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4560 DEBUG(3,("echo %d times\n", smb_reverb));
4562 TALLOC_FREE(req->outbuf);
4566 END_PROFILE(SMBecho);
4570 /****************************************************************************
4571 Reply to a printopen.
4572 ****************************************************************************/
4574 void reply_printopen(struct smb_request *req)
4576 connection_struct *conn = req->conn;
4580 START_PROFILE(SMBsplopen);
4583 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4584 END_PROFILE(SMBsplopen);
4588 if (!CAN_PRINT(conn)) {
4589 reply_doserror(req, ERRDOS, ERRnoaccess);
4590 END_PROFILE(SMBsplopen);
4594 /* Open for exclusive use, write only. */
4595 status = print_fsp_open(conn, NULL, &fsp);
4597 if (!NT_STATUS_IS_OK(status)) {
4598 reply_nterror(req, status);
4599 END_PROFILE(SMBsplopen);
4603 reply_outbuf(req, 1, 0);
4604 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4606 DEBUG(3,("openprint fd=%d fnum=%d\n",
4607 fsp->fh->fd, fsp->fnum));
4609 END_PROFILE(SMBsplopen);
4613 /****************************************************************************
4614 Reply to a printclose.
4615 ****************************************************************************/
4617 void reply_printclose(struct smb_request *req)
4619 connection_struct *conn = req->conn;
4623 START_PROFILE(SMBsplclose);
4626 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4627 END_PROFILE(SMBsplclose);
4631 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4633 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4634 END_PROFILE(SMBsplclose);
4638 if (!CAN_PRINT(conn)) {
4639 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4640 END_PROFILE(SMBsplclose);
4644 DEBUG(3,("printclose fd=%d fnum=%d\n",
4645 fsp->fh->fd,fsp->fnum));
4647 status = close_file(fsp,NORMAL_CLOSE);
4649 if(!NT_STATUS_IS_OK(status)) {
4650 reply_nterror(req, status);
4651 END_PROFILE(SMBsplclose);
4655 END_PROFILE(SMBsplclose);
4659 /****************************************************************************
4660 Reply to a printqueue.
4661 ****************************************************************************/
4663 void reply_printqueue(struct smb_request *req)
4665 connection_struct *conn = req->conn;
4669 START_PROFILE(SMBsplretq);
4672 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4673 END_PROFILE(SMBsplretq);
4677 max_count = SVAL(req->inbuf,smb_vwv0);
4678 start_index = SVAL(req->inbuf,smb_vwv1);
4680 /* we used to allow the client to get the cnum wrong, but that
4681 is really quite gross and only worked when there was only
4682 one printer - I think we should now only accept it if they
4683 get it right (tridge) */
4684 if (!CAN_PRINT(conn)) {
4685 reply_doserror(req, ERRDOS, ERRnoaccess);
4686 END_PROFILE(SMBsplretq);
4690 reply_outbuf(req, 2, 3);
4691 SSVAL(req->outbuf,smb_vwv0,0);
4692 SSVAL(req->outbuf,smb_vwv1,0);
4693 SCVAL(smb_buf(req->outbuf),0,1);
4694 SSVAL(smb_buf(req->outbuf),1,0);
4696 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4697 start_index, max_count));
4700 print_queue_struct *queue = NULL;
4701 print_status_struct status;
4702 int count = print_queue_status(SNUM(conn), &queue, &status);
4703 int num_to_get = ABS(max_count);
4704 int first = (max_count>0?start_index:start_index+max_count+1);
4710 num_to_get = MIN(num_to_get,count-first);
4713 for (i=first;i<first+num_to_get;i++) {
4717 srv_put_dos_date2(p,0,queue[i].time);
4718 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4719 SSVAL(p,5, queue[i].job);
4720 SIVAL(p,7,queue[i].size);
4722 srvstr_push(blob, req->flags2, p+12,
4723 queue[i].fs_user, 16, STR_ASCII);
4725 if (message_push_blob(
4728 blob, sizeof(blob))) == -1) {
4729 reply_nterror(req, NT_STATUS_NO_MEMORY);
4730 END_PROFILE(SMBsplretq);
4736 SSVAL(req->outbuf,smb_vwv0,count);
4737 SSVAL(req->outbuf,smb_vwv1,
4738 (max_count>0?first+count:first-1));
4739 SCVAL(smb_buf(req->outbuf),0,1);
4740 SSVAL(smb_buf(req->outbuf),1,28*count);
4745 DEBUG(3,("%d entries returned in queue\n",count));
4748 END_PROFILE(SMBsplretq);
4752 /****************************************************************************
4753 Reply to a printwrite.
4754 ****************************************************************************/
4756 void reply_printwrite(struct smb_request *req)
4758 connection_struct *conn = req->conn;
4763 START_PROFILE(SMBsplwr);
4766 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4767 END_PROFILE(SMBsplwr);
4771 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4773 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4774 END_PROFILE(SMBsplwr);
4778 if (!CAN_PRINT(conn)) {
4779 reply_doserror(req, ERRDOS, ERRnoaccess);
4780 END_PROFILE(SMBsplwr);
4784 if (!CHECK_WRITE(fsp)) {
4785 reply_doserror(req, ERRDOS, ERRbadaccess);
4786 END_PROFILE(SMBsplwr);
4790 numtowrite = SVAL(smb_buf(req->inbuf),1);
4792 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4793 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4794 END_PROFILE(SMBsplwr);
4798 data = smb_buf(req->inbuf) + 3;
4800 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4801 reply_unixerror(req, ERRHRD, ERRdiskfull);
4802 END_PROFILE(SMBsplwr);
4806 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4808 END_PROFILE(SMBsplwr);
4812 /****************************************************************************
4814 ****************************************************************************/
4816 void reply_mkdir(struct smb_request *req)
4818 connection_struct *conn = req->conn;
4819 char *directory = NULL;
4821 SMB_STRUCT_STAT sbuf;
4822 TALLOC_CTX *ctx = talloc_tos();
4824 START_PROFILE(SMBmkdir);
4826 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4827 smb_buf(req->inbuf) + 1, 0,
4828 STR_TERMINATE, &status);
4829 if (!NT_STATUS_IS_OK(status)) {
4830 reply_nterror(req, status);
4831 END_PROFILE(SMBmkdir);
4835 status = resolve_dfspath(ctx, conn,
4836 req->flags2 & FLAGS2_DFS_PATHNAMES,
4839 if (!NT_STATUS_IS_OK(status)) {
4840 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4841 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4842 ERRSRV, ERRbadpath);
4843 END_PROFILE(SMBmkdir);
4846 reply_nterror(req, status);
4847 END_PROFILE(SMBmkdir);
4851 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4852 if (!NT_STATUS_IS_OK(status)) {
4853 reply_nterror(req, status);
4854 END_PROFILE(SMBmkdir);
4858 status = check_name(conn, directory);
4859 if (!NT_STATUS_IS_OK(status)) {
4860 reply_nterror(req, status);
4861 END_PROFILE(SMBmkdir);
4865 status = create_directory(conn, req, directory);
4867 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4869 if (!NT_STATUS_IS_OK(status)) {
4871 if (!use_nt_status()
4872 && NT_STATUS_EQUAL(status,
4873 NT_STATUS_OBJECT_NAME_COLLISION)) {
4875 * Yes, in the DOS error code case we get a
4876 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4877 * samba4 torture test.
4879 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4882 reply_nterror(req, status);
4883 END_PROFILE(SMBmkdir);
4887 reply_outbuf(req, 0, 0);
4889 DEBUG( 3, ( "mkdir %s\n", directory ) );
4891 END_PROFILE(SMBmkdir);
4895 /****************************************************************************
4896 Static function used by reply_rmdir to delete an entire directory
4897 tree recursively. Return True on ok, False on fail.
4898 ****************************************************************************/
4900 static bool recursive_rmdir(TALLOC_CTX *ctx,
4901 connection_struct *conn,
4904 const char *dname = NULL;
4907 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4913 while((dname = ReadDirName(dir_hnd, &offset))) {
4914 char *fullname = NULL;
4917 if (ISDOT(dname) || ISDOTDOT(dname)) {
4921 if (!is_visible_file(conn, directory, dname, &st, False)) {
4925 /* Construct the full name. */
4926 fullname = talloc_asprintf(ctx,
4936 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4941 if(st.st_mode & S_IFDIR) {
4942 if(!recursive_rmdir(ctx, conn, fullname)) {
4946 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4950 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4954 TALLOC_FREE(fullname);
4956 TALLOC_FREE(dir_hnd);
4960 /****************************************************************************
4961 The internals of the rmdir code - called elsewhere.
4962 ****************************************************************************/
4964 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4965 connection_struct *conn,
4966 const char *directory)
4971 /* Might be a symlink. */
4972 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4973 return map_nt_error_from_unix(errno);
4976 if (S_ISLNK(st.st_mode)) {
4977 /* Is what it points to a directory ? */
4978 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4979 return map_nt_error_from_unix(errno);
4981 if (!(S_ISDIR(st.st_mode))) {
4982 return NT_STATUS_NOT_A_DIRECTORY;
4984 ret = SMB_VFS_UNLINK(conn,directory);
4986 ret = SMB_VFS_RMDIR(conn,directory);
4989 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4990 FILE_NOTIFY_CHANGE_DIR_NAME,
4992 return NT_STATUS_OK;
4995 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4997 * Check to see if the only thing in this directory are
4998 * vetoed files/directories. If so then delete them and
4999 * retry. If we fail to delete any of them (and we *don't*
5000 * do a recursive delete) then fail the rmdir.
5004 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5005 directory, NULL, 0);
5007 if(dir_hnd == NULL) {
5012 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5013 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5015 if (!is_visible_file(conn, directory, dname, &st, False))
5017 if(!IS_VETO_PATH(conn, dname)) {
5018 TALLOC_FREE(dir_hnd);
5024 /* We only have veto files/directories. Recursive delete. */
5026 RewindDir(dir_hnd,&dirpos);
5027 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5028 char *fullname = NULL;
5030 if (ISDOT(dname) || ISDOTDOT(dname)) {
5033 if (!is_visible_file(conn, directory, dname, &st, False)) {
5037 fullname = talloc_asprintf(ctx,
5047 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5050 if(st.st_mode & S_IFDIR) {
5051 if(lp_recursive_veto_delete(SNUM(conn))) {
5052 if(!recursive_rmdir(ctx, conn, fullname))
5055 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5058 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5061 TALLOC_FREE(fullname);
5063 TALLOC_FREE(dir_hnd);
5064 /* Retry the rmdir */
5065 ret = SMB_VFS_RMDIR(conn,directory);
5071 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5072 "%s\n", directory,strerror(errno)));
5073 return map_nt_error_from_unix(errno);
5076 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5077 FILE_NOTIFY_CHANGE_DIR_NAME,
5080 return NT_STATUS_OK;
5083 /****************************************************************************
5085 ****************************************************************************/
5087 void reply_rmdir(struct smb_request *req)
5089 connection_struct *conn = req->conn;
5090 char *directory = NULL;
5091 SMB_STRUCT_STAT sbuf;
5093 TALLOC_CTX *ctx = talloc_tos();
5095 START_PROFILE(SMBrmdir);
5097 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5098 smb_buf(req->inbuf) + 1, 0,
5099 STR_TERMINATE, &status);
5100 if (!NT_STATUS_IS_OK(status)) {
5101 reply_nterror(req, status);
5102 END_PROFILE(SMBrmdir);
5106 status = resolve_dfspath(ctx, conn,
5107 req->flags2 & FLAGS2_DFS_PATHNAMES,
5110 if (!NT_STATUS_IS_OK(status)) {
5111 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5112 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5113 ERRSRV, ERRbadpath);
5114 END_PROFILE(SMBrmdir);
5117 reply_nterror(req, status);
5118 END_PROFILE(SMBrmdir);
5122 status = unix_convert(ctx, conn, directory, False, &directory,
5124 if (!NT_STATUS_IS_OK(status)) {
5125 reply_nterror(req, status);
5126 END_PROFILE(SMBrmdir);
5130 status = check_name(conn, directory);
5131 if (!NT_STATUS_IS_OK(status)) {
5132 reply_nterror(req, status);
5133 END_PROFILE(SMBrmdir);
5137 dptr_closepath(directory, req->smbpid);
5138 status = rmdir_internals(ctx, conn, directory);
5139 if (!NT_STATUS_IS_OK(status)) {
5140 reply_nterror(req, status);
5141 END_PROFILE(SMBrmdir);
5145 reply_outbuf(req, 0, 0);
5147 DEBUG( 3, ( "rmdir %s\n", directory ) );
5149 END_PROFILE(SMBrmdir);
5153 /*******************************************************************
5154 Resolve wildcards in a filename rename.
5155 ********************************************************************/
5157 static bool resolve_wildcards(TALLOC_CTX *ctx,
5162 char *name2_copy = NULL;
5167 char *p,*p2, *pname1, *pname2;
5169 name2_copy = talloc_strdup(ctx, name2);
5174 pname1 = strrchr_m(name1,'/');
5175 pname2 = strrchr_m(name2_copy,'/');
5177 if (!pname1 || !pname2) {
5181 /* Truncate the copy of name2 at the last '/' */
5184 /* Now go past the '/' */
5188 root1 = talloc_strdup(ctx, pname1);
5189 root2 = talloc_strdup(ctx, pname2);
5191 if (!root1 || !root2) {
5195 p = strrchr_m(root1,'.');
5198 ext1 = talloc_strdup(ctx, p+1);
5200 ext1 = talloc_strdup(ctx, "");
5202 p = strrchr_m(root2,'.');
5205 ext2 = talloc_strdup(ctx, p+1);
5207 ext2 = talloc_strdup(ctx, "");
5210 if (!ext1 || !ext2) {
5218 /* Hmmm. Should this be mb-aware ? */
5221 } else if (*p2 == '*') {
5223 root2 = talloc_asprintf(ctx, "%s%s",
5242 /* Hmmm. Should this be mb-aware ? */
5245 } else if (*p2 == '*') {
5247 ext2 = talloc_asprintf(ctx, "%s%s",
5263 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5268 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5280 /****************************************************************************
5281 Ensure open files have their names updated. Updated to notify other smbd's
5283 ****************************************************************************/
5285 static void rename_open_files(connection_struct *conn,
5286 struct share_mode_lock *lck,
5287 const char *newname)
5290 bool did_rename = False;
5292 for(fsp = file_find_di_first(lck->id); fsp;
5293 fsp = file_find_di_next(fsp)) {
5294 /* fsp_name is a relative path under the fsp. To change this for other
5295 sharepaths we need to manipulate relative paths. */
5296 /* TODO - create the absolute path and manipulate the newname
5297 relative to the sharepath. */
5298 if (fsp->conn != conn) {
5301 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5302 fsp->fnum, file_id_string_tos(&fsp->file_id),
5303 fsp->fsp_name, newname ));
5304 string_set(&fsp->fsp_name, newname);
5309 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5310 file_id_string_tos(&lck->id), newname ));
5313 /* Send messages to all smbd's (not ourself) that the name has changed. */
5314 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5318 /****************************************************************************
5319 We need to check if the source path is a parent directory of the destination
5320 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5321 refuse the rename with a sharing violation. Under UNIX the above call can
5322 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5323 probably need to check that the client is a Windows one before disallowing
5324 this as a UNIX client (one with UNIX extensions) can know the source is a
5325 symlink and make this decision intelligently. Found by an excellent bug
5326 report from <AndyLiebman@aol.com>.
5327 ****************************************************************************/
5329 static bool rename_path_prefix_equal(const char *src, const char *dest)
5331 const char *psrc = src;
5332 const char *pdst = dest;
5335 if (psrc[0] == '.' && psrc[1] == '/') {
5338 if (pdst[0] == '.' && pdst[1] == '/') {
5341 if ((slen = strlen(psrc)) > strlen(pdst)) {
5344 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5348 * Do the notify calls from a rename
5351 static void notify_rename(connection_struct *conn, bool is_dir,
5352 const char *oldpath, const char *newpath)
5354 char *olddir, *newdir;
5355 const char *oldname, *newname;
5358 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5359 : FILE_NOTIFY_CHANGE_FILE_NAME;
5361 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5362 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5363 TALLOC_FREE(olddir);
5367 if (strcmp(olddir, newdir) == 0) {
5368 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5369 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5372 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5373 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5375 TALLOC_FREE(olddir);
5376 TALLOC_FREE(newdir);
5378 /* this is a strange one. w2k3 gives an additional event for
5379 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5380 files, but not directories */
5382 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5383 FILE_NOTIFY_CHANGE_ATTRIBUTES
5384 |FILE_NOTIFY_CHANGE_CREATION,
5389 /****************************************************************************
5390 Rename an open file - given an fsp.
5391 ****************************************************************************/
5393 NTSTATUS rename_internals_fsp(connection_struct *conn,
5396 const char *newname_last_component,
5398 bool replace_if_exists)
5400 TALLOC_CTX *ctx = talloc_tos();
5401 SMB_STRUCT_STAT sbuf, sbuf1;
5402 NTSTATUS status = NT_STATUS_OK;
5403 struct share_mode_lock *lck = NULL;
5408 status = check_name(conn, newname);
5409 if (!NT_STATUS_IS_OK(status)) {
5413 /* Ensure newname contains a '/' */
5414 if(strrchr_m(newname,'/') == 0) {
5415 newname = talloc_asprintf(ctx,
5419 return NT_STATUS_NO_MEMORY;
5424 * Check for special case with case preserving and not
5425 * case sensitive. If the old last component differs from the original
5426 * last component only by case, then we should allow
5427 * the rename (user is trying to change the case of the
5431 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5432 strequal(newname, fsp->fsp_name)) {
5434 char *newname_modified_last_component = NULL;
5437 * Get the last component of the modified name.
5438 * Note that we guarantee that newname contains a '/'
5441 p = strrchr_m(newname,'/');
5442 newname_modified_last_component = talloc_strdup(ctx,
5444 if (!newname_modified_last_component) {
5445 return NT_STATUS_NO_MEMORY;
5448 if(strcsequal(newname_modified_last_component,
5449 newname_last_component) == False) {
5451 * Replace the modified last component with
5454 *p = '\0'; /* Truncate at the '/' */
5455 newname = talloc_asprintf(ctx,
5458 newname_last_component);
5463 * If the src and dest names are identical - including case,
5464 * don't do the rename, just return success.
5467 if (strcsequal(fsp->fsp_name, newname)) {
5468 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5470 return NT_STATUS_OK;
5474 * Have vfs_object_exist also fill sbuf1
5476 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5478 if(!replace_if_exists && dst_exists) {
5479 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5480 fsp->fsp_name,newname));
5481 return NT_STATUS_OBJECT_NAME_COLLISION;
5485 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5486 files_struct *dst_fsp = file_find_di_first(fileid);
5488 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5489 return NT_STATUS_ACCESS_DENIED;
5493 /* Ensure we have a valid stat struct for the source. */
5494 if (fsp->fh->fd != -1) {
5495 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5496 return map_nt_error_from_unix(errno);
5499 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5500 return map_nt_error_from_unix(errno);
5504 status = can_rename(conn, fsp, attrs, &sbuf);
5506 if (!NT_STATUS_IS_OK(status)) {
5507 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5508 nt_errstr(status), fsp->fsp_name,newname));
5509 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5510 status = NT_STATUS_ACCESS_DENIED;
5514 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5515 return NT_STATUS_ACCESS_DENIED;
5518 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL);
5521 * We have the file open ourselves, so not being able to get the
5522 * corresponding share mode lock is a fatal error.
5525 SMB_ASSERT(lck != NULL);
5527 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5528 uint32 create_options = fsp->fh->private_options;
5530 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5531 fsp->fsp_name,newname));
5533 rename_open_files(conn, lck, newname);
5535 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5538 * A rename acts as a new file create w.r.t. allowing an initial delete
5539 * on close, probably because in Windows there is a new handle to the
5540 * new file. If initial delete on close was requested but not
5541 * originally set, we need to set it here. This is probably not 100% correct,
5542 * but will work for the CIFSFS client which in non-posix mode
5543 * depends on these semantics. JRA.
5546 set_allow_initial_delete_on_close(lck, fsp, True);
5548 if (create_options & FILE_DELETE_ON_CLOSE) {
5549 status = can_set_delete_on_close(fsp, True, 0);
5551 if (NT_STATUS_IS_OK(status)) {
5552 /* Note that here we set the *inital* delete on close flag,
5553 * not the regular one. The magic gets handled in close. */
5554 fsp->initial_delete_on_close = True;
5558 return NT_STATUS_OK;
5563 if (errno == ENOTDIR || errno == EISDIR) {
5564 status = NT_STATUS_OBJECT_NAME_COLLISION;
5566 status = map_nt_error_from_unix(errno);
5569 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5570 nt_errstr(status), fsp->fsp_name,newname));
5575 /****************************************************************************
5576 The guts of the rename command, split out so it may be called by the NT SMB
5578 ****************************************************************************/
5580 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5581 connection_struct *conn,
5582 struct smb_request *req,
5583 const char *name_in,
5584 const char *newname_in,
5586 bool replace_if_exists,
5590 char *directory = NULL;
5592 char *last_component_src = NULL;
5593 char *last_component_dest = NULL;
5595 char *newname = NULL;
5598 NTSTATUS status = NT_STATUS_OK;
5599 SMB_STRUCT_STAT sbuf1, sbuf2;
5600 struct smb_Dir *dir_hnd = NULL;
5607 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5608 &last_component_src, &sbuf1);
5609 if (!NT_STATUS_IS_OK(status)) {
5613 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5614 &last_component_dest, &sbuf2);
5615 if (!NT_STATUS_IS_OK(status)) {
5620 * Split the old name into directory and last component
5621 * strings. Note that unix_convert may have stripped off a
5622 * leading ./ from both name and newname if the rename is
5623 * at the root of the share. We need to make sure either both
5624 * name and newname contain a / character or neither of them do
5625 * as this is checked in resolve_wildcards().
5628 p = strrchr_m(name,'/');
5630 directory = talloc_strdup(ctx, ".");
5632 return NT_STATUS_NO_MEMORY;
5637 directory = talloc_strdup(ctx, name);
5639 return NT_STATUS_NO_MEMORY;
5642 *p = '/'; /* Replace needed for exceptional test below. */
5646 * We should only check the mangled cache
5647 * here if unix_convert failed. This means
5648 * that the path in 'mask' doesn't exist
5649 * on the file system and so we need to look
5650 * for a possible mangle. This patch from
5651 * Tine Smukavec <valentin.smukavec@hermes.si>.
5654 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5655 char *new_mask = NULL;
5656 mangle_lookup_name_from_8_3(ctx,
5665 if (!src_has_wild) {
5669 * No wildcards - just process the one file.
5671 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5673 /* Add a terminating '/' to the directory name. */
5674 directory = talloc_asprintf_append(directory,
5678 return NT_STATUS_NO_MEMORY;
5681 /* Ensure newname contains a '/' also */
5682 if(strrchr_m(newname,'/') == 0) {
5683 newname = talloc_asprintf(ctx,
5687 return NT_STATUS_NO_MEMORY;
5691 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5692 "case_preserve = %d, short case preserve = %d, "
5693 "directory = %s, newname = %s, "
5694 "last_component_dest = %s, is_8_3 = %d\n",
5695 conn->case_sensitive, conn->case_preserve,
5696 conn->short_case_preserve, directory,
5697 newname, last_component_dest, is_short_name));
5699 /* The dest name still may have wildcards. */
5700 if (dest_has_wild) {
5701 char *mod_newname = NULL;
5702 if (!resolve_wildcards(ctx,
5703 directory,newname,&mod_newname)) {
5704 DEBUG(6, ("rename_internals: resolve_wildcards "
5708 return NT_STATUS_NO_MEMORY;
5710 newname = mod_newname;
5714 SMB_VFS_STAT(conn, directory, &sbuf1);
5716 status = S_ISDIR(sbuf1.st_mode) ?
5717 open_directory(conn, req, directory, &sbuf1,
5719 FILE_SHARE_READ|FILE_SHARE_WRITE,
5720 FILE_OPEN, 0, 0, NULL,
5722 : open_file_ntcreate(conn, req, directory, &sbuf1,
5724 FILE_SHARE_READ|FILE_SHARE_WRITE,
5725 FILE_OPEN, 0, 0, 0, NULL,
5728 if (!NT_STATUS_IS_OK(status)) {
5729 DEBUG(3, ("Could not open rename source %s: %s\n",
5730 directory, nt_errstr(status)));
5734 status = rename_internals_fsp(conn, fsp, newname,
5735 last_component_dest,
5736 attrs, replace_if_exists);
5738 close_file(fsp, NORMAL_CLOSE);
5740 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5741 nt_errstr(status), directory,newname));
5747 * Wildcards - process each file that matches.
5749 if (strequal(mask,"????????.???")) {
5754 status = check_name(conn, directory);
5755 if (!NT_STATUS_IS_OK(status)) {
5759 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5760 if (dir_hnd == NULL) {
5761 return map_nt_error_from_unix(errno);
5764 status = NT_STATUS_NO_SUCH_FILE;
5766 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5767 * - gentest fix. JRA
5770 while ((dname = ReadDirName(dir_hnd, &offset))) {
5771 files_struct *fsp = NULL;
5773 char *destname = NULL;
5774 bool sysdir_entry = False;
5776 /* Quick check for "." and ".." */
5777 if (ISDOT(dname) || ISDOTDOT(dname)) {
5779 sysdir_entry = True;
5785 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5789 if(!mask_match(dname, mask, conn->case_sensitive)) {
5794 status = NT_STATUS_OBJECT_NAME_INVALID;
5798 fname = talloc_asprintf(ctx,
5803 return NT_STATUS_NO_MEMORY;
5806 if (!resolve_wildcards(ctx,
5807 fname,newname,&destname)) {
5808 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5814 return NT_STATUS_NO_MEMORY;
5818 SMB_VFS_STAT(conn, fname, &sbuf1);
5820 status = S_ISDIR(sbuf1.st_mode) ?
5821 open_directory(conn, req, fname, &sbuf1,
5823 FILE_SHARE_READ|FILE_SHARE_WRITE,
5824 FILE_OPEN, 0, 0, NULL,
5826 : open_file_ntcreate(conn, req, fname, &sbuf1,
5828 FILE_SHARE_READ|FILE_SHARE_WRITE,
5829 FILE_OPEN, 0, 0, 0, NULL,
5832 if (!NT_STATUS_IS_OK(status)) {
5833 DEBUG(3,("rename_internals: open_file_ntcreate "
5834 "returned %s rename %s -> %s\n",
5835 nt_errstr(status), directory, newname));
5839 status = rename_internals_fsp(conn, fsp, destname, dname,
5840 attrs, replace_if_exists);
5842 close_file(fsp, NORMAL_CLOSE);
5844 if (!NT_STATUS_IS_OK(status)) {
5845 DEBUG(3, ("rename_internals_fsp returned %s for "
5846 "rename %s -> %s\n", nt_errstr(status),
5847 directory, newname));
5853 DEBUG(3,("rename_internals: doing rename on %s -> "
5854 "%s\n",fname,destname));
5857 TALLOC_FREE(destname);
5859 TALLOC_FREE(dir_hnd);
5861 if (count == 0 && NT_STATUS_IS_OK(status)) {
5862 status = map_nt_error_from_unix(errno);
5868 /****************************************************************************
5870 ****************************************************************************/
5872 void reply_mv(struct smb_request *req)
5874 connection_struct *conn = req->conn;
5876 char *newname = NULL;
5880 bool src_has_wcard = False;
5881 bool dest_has_wcard = False;
5882 TALLOC_CTX *ctx = talloc_tos();
5884 START_PROFILE(SMBmv);
5887 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5892 attrs = SVAL(req->inbuf,smb_vwv0);
5894 p = smb_buf(req->inbuf) + 1;
5895 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5896 0, STR_TERMINATE, &status,
5898 if (!NT_STATUS_IS_OK(status)) {
5899 reply_nterror(req, status);
5904 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5905 0, STR_TERMINATE, &status,
5907 if (!NT_STATUS_IS_OK(status)) {
5908 reply_nterror(req, status);
5913 status = resolve_dfspath_wcard(ctx, conn,
5914 req->flags2 & FLAGS2_DFS_PATHNAMES,
5918 if (!NT_STATUS_IS_OK(status)) {
5919 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5920 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5921 ERRSRV, ERRbadpath);
5925 reply_nterror(req, status);
5930 status = resolve_dfspath_wcard(ctx, conn,
5931 req->flags2 & FLAGS2_DFS_PATHNAMES,
5935 if (!NT_STATUS_IS_OK(status)) {
5936 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5937 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5938 ERRSRV, ERRbadpath);
5942 reply_nterror(req, status);
5947 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5949 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5950 src_has_wcard, dest_has_wcard);
5951 if (!NT_STATUS_IS_OK(status)) {
5952 if (open_was_deferred(req->mid)) {
5953 /* We have re-scheduled this call. */
5957 reply_nterror(req, status);
5962 reply_outbuf(req, 0, 0);
5968 /*******************************************************************
5969 Copy a file as part of a reply_copy.
5970 ******************************************************************/
5973 * TODO: check error codes on all callers
5976 NTSTATUS copy_file(TALLOC_CTX *ctx,
5977 connection_struct *conn,
5982 bool target_is_directory)
5984 SMB_STRUCT_STAT src_sbuf, sbuf2;
5986 files_struct *fsp1,*fsp2;
5989 uint32 new_create_disposition;
5992 dest = talloc_strdup(ctx, dest1);
5994 return NT_STATUS_NO_MEMORY;
5996 if (target_is_directory) {
5997 const char *p = strrchr_m(src,'/');
6003 dest = talloc_asprintf_append(dest,
6007 return NT_STATUS_NO_MEMORY;
6011 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6013 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6016 if (!target_is_directory && count) {
6017 new_create_disposition = FILE_OPEN;
6019 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6020 NULL, NULL, &new_create_disposition, NULL)) {
6022 return NT_STATUS_INVALID_PARAMETER;
6026 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6028 FILE_SHARE_READ|FILE_SHARE_WRITE,
6031 FILE_ATTRIBUTE_NORMAL,
6035 if (!NT_STATUS_IS_OK(status)) {
6040 dosattrs = dos_mode(conn, src, &src_sbuf);
6041 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6042 ZERO_STRUCTP(&sbuf2);
6045 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6047 FILE_SHARE_READ|FILE_SHARE_WRITE,
6048 new_create_disposition,
6056 if (!NT_STATUS_IS_OK(status)) {
6057 close_file(fsp1,ERROR_CLOSE);
6061 if ((ofun&3) == 1) {
6062 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6063 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6065 * Stop the copy from occurring.
6068 src_sbuf.st_size = 0;
6072 if (src_sbuf.st_size) {
6073 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6076 close_file(fsp1,NORMAL_CLOSE);
6078 /* Ensure the modtime is set correctly on the destination file. */
6079 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
6082 * As we are opening fsp1 read-only we only expect
6083 * an error on close on fsp2 if we are out of space.
6084 * Thus we don't look at the error return from the
6087 status = close_file(fsp2,NORMAL_CLOSE);
6089 if (!NT_STATUS_IS_OK(status)) {
6093 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6094 return NT_STATUS_DISK_FULL;
6097 return NT_STATUS_OK;
6100 /****************************************************************************
6101 Reply to a file copy.
6102 ****************************************************************************/
6104 void reply_copy(struct smb_request *req)
6106 connection_struct *conn = req->conn;
6108 char *newname = NULL;
6109 char *directory = NULL;
6113 int error = ERRnoaccess;
6118 bool target_is_directory=False;
6119 bool source_has_wild = False;
6120 bool dest_has_wild = False;
6121 SMB_STRUCT_STAT sbuf1, sbuf2;
6123 TALLOC_CTX *ctx = talloc_tos();
6125 START_PROFILE(SMBcopy);
6128 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6129 END_PROFILE(SMBcopy);
6133 tid2 = SVAL(req->inbuf,smb_vwv0);
6134 ofun = SVAL(req->inbuf,smb_vwv1);
6135 flags = SVAL(req->inbuf,smb_vwv2);
6137 p = smb_buf(req->inbuf);
6138 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6139 0, STR_TERMINATE, &status,
6141 if (!NT_STATUS_IS_OK(status)) {
6142 reply_nterror(req, status);
6143 END_PROFILE(SMBcopy);
6146 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6147 0, STR_TERMINATE, &status,
6149 if (!NT_STATUS_IS_OK(status)) {
6150 reply_nterror(req, status);
6151 END_PROFILE(SMBcopy);
6155 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6157 if (tid2 != conn->cnum) {
6158 /* can't currently handle inter share copies XXXX */
6159 DEBUG(3,("Rejecting inter-share copy\n"));
6160 reply_doserror(req, ERRSRV, ERRinvdevice);
6161 END_PROFILE(SMBcopy);
6165 status = resolve_dfspath_wcard(ctx, conn,
6166 req->flags2 & FLAGS2_DFS_PATHNAMES,
6170 if (!NT_STATUS_IS_OK(status)) {
6171 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6172 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6173 ERRSRV, ERRbadpath);
6174 END_PROFILE(SMBcopy);
6177 reply_nterror(req, status);
6178 END_PROFILE(SMBcopy);
6182 status = resolve_dfspath_wcard(ctx, conn,
6183 req->flags2 & FLAGS2_DFS_PATHNAMES,
6187 if (!NT_STATUS_IS_OK(status)) {
6188 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6189 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6190 ERRSRV, ERRbadpath);
6191 END_PROFILE(SMBcopy);
6194 reply_nterror(req, status);
6195 END_PROFILE(SMBcopy);
6199 status = unix_convert(ctx, conn, name, source_has_wild,
6200 &name, NULL, &sbuf1);
6201 if (!NT_STATUS_IS_OK(status)) {
6202 reply_nterror(req, status);
6203 END_PROFILE(SMBcopy);
6207 status = unix_convert(ctx, conn, newname, dest_has_wild,
6208 &newname, NULL, &sbuf2);
6209 if (!NT_STATUS_IS_OK(status)) {
6210 reply_nterror(req, status);
6211 END_PROFILE(SMBcopy);
6215 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6217 if ((flags&1) && target_is_directory) {
6218 reply_doserror(req, ERRDOS, ERRbadfile);
6219 END_PROFILE(SMBcopy);
6223 if ((flags&2) && !target_is_directory) {
6224 reply_doserror(req, ERRDOS, ERRbadpath);
6225 END_PROFILE(SMBcopy);
6229 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6230 /* wants a tree copy! XXXX */
6231 DEBUG(3,("Rejecting tree copy\n"));
6232 reply_doserror(req, ERRSRV, ERRerror);
6233 END_PROFILE(SMBcopy);
6237 p = strrchr_m(name,'/');
6239 directory = talloc_strdup(ctx, "./");
6241 reply_nterror(req, NT_STATUS_NO_MEMORY);
6242 END_PROFILE(SMBcopy);
6248 directory = talloc_strdup(ctx, name);
6250 reply_nterror(req, NT_STATUS_NO_MEMORY);
6251 END_PROFILE(SMBcopy);
6258 * We should only check the mangled cache
6259 * here if unix_convert failed. This means
6260 * that the path in 'mask' doesn't exist
6261 * on the file system and so we need to look
6262 * for a possible mangle. This patch from
6263 * Tine Smukavec <valentin.smukavec@hermes.si>.
6266 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6267 char *new_mask = NULL;
6268 mangle_lookup_name_from_8_3(ctx,
6277 if (!source_has_wild) {
6278 directory = talloc_asprintf_append(directory,
6281 if (dest_has_wild) {
6282 char *mod_newname = NULL;
6283 if (!resolve_wildcards(ctx,
6284 directory,newname,&mod_newname)) {
6285 reply_nterror(req, NT_STATUS_NO_MEMORY);
6286 END_PROFILE(SMBcopy);
6289 newname = mod_newname;
6292 status = check_name(conn, directory);
6293 if (!NT_STATUS_IS_OK(status)) {
6294 reply_nterror(req, status);
6295 END_PROFILE(SMBcopy);
6299 status = check_name(conn, newname);
6300 if (!NT_STATUS_IS_OK(status)) {
6301 reply_nterror(req, status);
6302 END_PROFILE(SMBcopy);
6306 status = copy_file(ctx,conn,directory,newname,ofun,
6307 count,target_is_directory);
6309 if(!NT_STATUS_IS_OK(status)) {
6310 reply_nterror(req, status);
6311 END_PROFILE(SMBcopy);
6317 struct smb_Dir *dir_hnd = NULL;
6318 const char *dname = NULL;
6321 if (strequal(mask,"????????.???")) {
6326 status = check_name(conn, directory);
6327 if (!NT_STATUS_IS_OK(status)) {
6328 reply_nterror(req, status);
6329 END_PROFILE(SMBcopy);
6333 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6334 if (dir_hnd == NULL) {
6335 status = map_nt_error_from_unix(errno);
6336 reply_nterror(req, status);
6337 END_PROFILE(SMBcopy);
6343 while ((dname = ReadDirName(dir_hnd, &offset))) {
6344 char *destname = NULL;
6347 if (ISDOT(dname) || ISDOTDOT(dname)) {
6351 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6355 if(!mask_match(dname, mask, conn->case_sensitive)) {
6359 error = ERRnoaccess;
6360 fname = talloc_asprintf(ctx,
6365 TALLOC_FREE(dir_hnd);
6366 reply_nterror(req, NT_STATUS_NO_MEMORY);
6367 END_PROFILE(SMBcopy);
6371 if (!resolve_wildcards(ctx,
6372 fname,newname,&destname)) {
6376 TALLOC_FREE(dir_hnd);
6377 reply_nterror(req, NT_STATUS_NO_MEMORY);
6378 END_PROFILE(SMBcopy);
6382 status = check_name(conn, fname);
6383 if (!NT_STATUS_IS_OK(status)) {
6384 TALLOC_FREE(dir_hnd);
6385 reply_nterror(req, status);
6386 END_PROFILE(SMBcopy);
6390 status = check_name(conn, destname);
6391 if (!NT_STATUS_IS_OK(status)) {
6392 TALLOC_FREE(dir_hnd);
6393 reply_nterror(req, status);
6394 END_PROFILE(SMBcopy);
6398 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6400 status = copy_file(ctx,conn,fname,destname,ofun,
6401 count,target_is_directory);
6402 if (NT_STATUS_IS_OK(status)) {
6406 TALLOC_FREE(destname);
6408 TALLOC_FREE(dir_hnd);
6413 /* Error on close... */
6415 reply_unixerror(req, ERRHRD, ERRgeneral);
6416 END_PROFILE(SMBcopy);
6420 reply_doserror(req, ERRDOS, error);
6421 END_PROFILE(SMBcopy);
6425 reply_outbuf(req, 1, 0);
6426 SSVAL(req->outbuf,smb_vwv0,count);
6428 END_PROFILE(SMBcopy);
6433 #define DBGC_CLASS DBGC_LOCKING
6435 /****************************************************************************
6436 Get a lock pid, dealing with large count requests.
6437 ****************************************************************************/
6439 uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6441 if(!large_file_format)
6442 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6444 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6447 /****************************************************************************
6448 Get a lock count, dealing with large count requests.
6449 ****************************************************************************/
6451 SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6453 SMB_BIG_UINT count = 0;
6455 if(!large_file_format) {
6456 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6459 #if defined(HAVE_LONGLONG)
6460 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6461 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6462 #else /* HAVE_LONGLONG */
6465 * NT4.x seems to be broken in that it sends large file (64 bit)
6466 * lockingX calls even if the CAP_LARGE_FILES was *not*
6467 * negotiated. For boxes without large unsigned ints truncate the
6468 * lock count by dropping the top 32 bits.
6471 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6472 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6473 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6474 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6475 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6478 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6479 #endif /* HAVE_LONGLONG */
6485 #if !defined(HAVE_LONGLONG)
6486 /****************************************************************************
6487 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6488 ****************************************************************************/
6490 static uint32 map_lock_offset(uint32 high, uint32 low)
6494 uint32 highcopy = high;
6497 * Try and find out how many significant bits there are in high.
6500 for(i = 0; highcopy; i++)
6504 * We use 31 bits not 32 here as POSIX
6505 * lock offsets may not be negative.
6508 mask = (~0) << (31 - i);
6511 return 0; /* Fail. */
6517 #endif /* !defined(HAVE_LONGLONG) */
6519 /****************************************************************************
6520 Get a lock offset, dealing with large offset requests.
6521 ****************************************************************************/
6523 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6525 SMB_BIG_UINT offset = 0;
6529 if(!large_file_format) {
6530 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6533 #if defined(HAVE_LONGLONG)
6534 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6535 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6536 #else /* HAVE_LONGLONG */
6539 * NT4.x seems to be broken in that it sends large file (64 bit)
6540 * lockingX calls even if the CAP_LARGE_FILES was *not*
6541 * negotiated. For boxes without large unsigned ints mangle the
6542 * lock offset by mapping the top 32 bits onto the lower 32.
6545 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6546 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6547 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6550 if((new_low = map_lock_offset(high, low)) == 0) {
6552 return (SMB_BIG_UINT)-1;
6555 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6556 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6557 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6558 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6561 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6562 #endif /* HAVE_LONGLONG */
6568 /****************************************************************************
6569 Reply to a lockingX request.
6570 ****************************************************************************/
6572 void reply_lockingX(struct smb_request *req)
6574 connection_struct *conn = req->conn;
6576 unsigned char locktype;
6577 unsigned char oplocklevel;
6580 SMB_BIG_UINT count = 0, offset = 0;
6585 bool large_file_format;
6587 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6589 START_PROFILE(SMBlockingX);
6592 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6593 END_PROFILE(SMBlockingX);
6597 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6598 locktype = CVAL(req->inbuf,smb_vwv3);
6599 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6600 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6601 num_locks = SVAL(req->inbuf,smb_vwv7);
6602 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6603 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6605 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6606 END_PROFILE(SMBlockingX);
6610 data = smb_buf(req->inbuf);
6612 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6613 /* we don't support these - and CANCEL_LOCK makes w2k
6614 and XP reboot so I don't really want to be
6615 compatible! (tridge) */
6616 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6617 END_PROFILE(SMBlockingX);
6621 /* Check if this is an oplock break on a file
6622 we have granted an oplock on.
6624 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6625 /* Client can insist on breaking to none. */
6626 bool break_to_none = (oplocklevel == 0);
6629 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6630 "for fnum = %d\n", (unsigned int)oplocklevel,
6634 * Make sure we have granted an exclusive or batch oplock on
6638 if (fsp->oplock_type == 0) {
6640 /* The Samba4 nbench simulator doesn't understand
6641 the difference between break to level2 and break
6642 to none from level2 - it sends oplock break
6643 replies in both cases. Don't keep logging an error
6644 message here - just ignore it. JRA. */
6646 DEBUG(5,("reply_lockingX: Error : oplock break from "
6647 "client for fnum = %d (oplock=%d) and no "
6648 "oplock granted on this file (%s).\n",
6649 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6651 /* if this is a pure oplock break request then don't
6653 if (num_locks == 0 && num_ulocks == 0) {
6654 END_PROFILE(SMBlockingX);
6657 END_PROFILE(SMBlockingX);
6658 reply_doserror(req, ERRDOS, ERRlock);
6663 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6665 result = remove_oplock(fsp);
6667 result = downgrade_oplock(fsp);
6671 DEBUG(0, ("reply_lockingX: error in removing "
6672 "oplock on file %s\n", fsp->fsp_name));
6673 /* Hmmm. Is this panic justified? */
6674 smb_panic("internal tdb error");
6677 reply_to_oplock_break_requests(fsp);
6679 /* if this is a pure oplock break request then don't send a
6681 if (num_locks == 0 && num_ulocks == 0) {
6682 /* Sanity check - ensure a pure oplock break is not a
6684 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6685 DEBUG(0,("reply_lockingX: Error : pure oplock "
6686 "break is a chained %d request !\n",
6687 (unsigned int)CVAL(req->inbuf,
6689 END_PROFILE(SMBlockingX);
6695 * We do this check *after* we have checked this is not a oplock break
6696 * response message. JRA.
6699 release_level_2_oplocks_on_change(fsp);
6701 if (smb_buflen(req->inbuf) <
6702 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6703 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6704 END_PROFILE(SMBlockingX);
6708 /* Data now points at the beginning of the list
6709 of smb_unlkrng structs */
6710 for(i = 0; i < (int)num_ulocks; i++) {
6711 lock_pid = get_lock_pid( data, i, large_file_format);
6712 count = get_lock_count( data, i, large_file_format);
6713 offset = get_lock_offset( data, i, large_file_format, &err);
6716 * There is no error code marked "stupid client bug".... :-).
6719 END_PROFILE(SMBlockingX);
6720 reply_doserror(req, ERRDOS, ERRnoaccess);
6724 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6725 "pid %u, file %s\n", (double)offset, (double)count,
6726 (unsigned int)lock_pid, fsp->fsp_name ));
6728 status = do_unlock(smbd_messaging_context(),
6735 if (NT_STATUS_V(status)) {
6736 END_PROFILE(SMBlockingX);
6737 reply_nterror(req, status);
6742 /* Setup the timeout in seconds. */
6744 if (!lp_blocking_locks(SNUM(conn))) {
6748 /* Now do any requested locks */
6749 data += ((large_file_format ? 20 : 10)*num_ulocks);
6751 /* Data now points at the beginning of the list
6752 of smb_lkrng structs */
6754 for(i = 0; i < (int)num_locks; i++) {
6755 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6756 READ_LOCK:WRITE_LOCK);
6757 lock_pid = get_lock_pid( data, i, large_file_format);
6758 count = get_lock_count( data, i, large_file_format);
6759 offset = get_lock_offset( data, i, large_file_format, &err);
6762 * There is no error code marked "stupid client bug".... :-).
6765 END_PROFILE(SMBlockingX);
6766 reply_doserror(req, ERRDOS, ERRnoaccess);
6770 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6771 "%u, file %s timeout = %d\n", (double)offset,
6772 (double)count, (unsigned int)lock_pid,
6773 fsp->fsp_name, (int)lock_timeout ));
6775 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6776 if (lp_blocking_locks(SNUM(conn))) {
6778 /* Schedule a message to ourselves to
6779 remove the blocking lock record and
6780 return the right error. */
6782 if (!blocking_lock_cancel(fsp,
6788 NT_STATUS_FILE_LOCK_CONFLICT)) {
6789 END_PROFILE(SMBlockingX);
6794 ERRcancelviolation));
6798 /* Remove a matching pending lock. */
6799 status = do_lock_cancel(fsp,
6805 bool blocking_lock = lock_timeout ? True : False;
6806 bool defer_lock = False;
6807 struct byte_range_lock *br_lck;
6808 uint32 block_smbpid;
6810 br_lck = do_lock(smbd_messaging_context(),
6821 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6822 /* Windows internal resolution for blocking locks seems
6823 to be about 200ms... Don't wait for less than that. JRA. */
6824 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6825 lock_timeout = lp_lock_spin_time();
6830 /* This heuristic seems to match W2K3 very well. If a
6831 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6832 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6833 far as I can tell. Replacement for do_lock_spin(). JRA. */
6835 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6836 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6838 lock_timeout = lp_lock_spin_time();
6841 if (br_lck && defer_lock) {
6843 * A blocking lock was requested. Package up
6844 * this smb into a queued request and push it
6845 * onto the blocking lock queue.
6847 if(push_blocking_lock_request(br_lck,
6858 TALLOC_FREE(br_lck);
6859 END_PROFILE(SMBlockingX);
6864 TALLOC_FREE(br_lck);
6867 if (NT_STATUS_V(status)) {
6868 END_PROFILE(SMBlockingX);
6869 reply_nterror(req, status);
6874 /* If any of the above locks failed, then we must unlock
6875 all of the previous locks (X/Open spec). */
6877 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6881 * Ensure we don't do a remove on the lock that just failed,
6882 * as under POSIX rules, if we have a lock already there, we
6883 * will delete it (and we shouldn't) .....
6885 for(i--; i >= 0; i--) {
6886 lock_pid = get_lock_pid( data, i, large_file_format);
6887 count = get_lock_count( data, i, large_file_format);
6888 offset = get_lock_offset( data, i, large_file_format,
6892 * There is no error code marked "stupid client
6896 END_PROFILE(SMBlockingX);
6897 reply_doserror(req, ERRDOS, ERRnoaccess);
6901 do_unlock(smbd_messaging_context(),
6908 END_PROFILE(SMBlockingX);
6909 reply_nterror(req, status);
6913 reply_outbuf(req, 2, 0);
6915 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6916 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6918 END_PROFILE(SMBlockingX);
6923 #define DBGC_CLASS DBGC_ALL
6925 /****************************************************************************
6926 Reply to a SMBreadbmpx (read block multiplex) request.
6927 Always reply with an error, if someone has a platform really needs this,
6928 please contact vl@samba.org
6929 ****************************************************************************/
6931 void reply_readbmpx(struct smb_request *req)
6933 START_PROFILE(SMBreadBmpx);
6934 reply_doserror(req, ERRSRV, ERRuseSTD);
6935 END_PROFILE(SMBreadBmpx);
6939 /****************************************************************************
6940 Reply to a SMBreadbs (read block multiplex secondary) request.
6941 Always reply with an error, if someone has a platform really needs this,
6942 please contact vl@samba.org
6943 ****************************************************************************/
6945 void reply_readbs(struct smb_request *req)
6947 START_PROFILE(SMBreadBs);
6948 reply_doserror(req, ERRSRV, ERRuseSTD);
6949 END_PROFILE(SMBreadBs);
6953 /****************************************************************************
6954 Reply to a SMBsetattrE.
6955 ****************************************************************************/
6957 void reply_setattrE(struct smb_request *req)
6959 connection_struct *conn = req->conn;
6960 struct timespec ts[2];
6963 START_PROFILE(SMBsetattrE);
6966 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6967 END_PROFILE(SMBsetattrE);
6971 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6973 if(!fsp || (fsp->conn != conn)) {
6974 reply_doserror(req, ERRDOS, ERRbadfid);
6975 END_PROFILE(SMBsetattrE);
6981 * Convert the DOS times into unix times. Ignore create
6982 * time as UNIX can't set this.
6985 ts[0] = convert_time_t_to_timespec(
6986 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
6987 ts[1] = convert_time_t_to_timespec(
6988 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
6990 reply_outbuf(req, 0, 0);
6993 * Patch from Ray Frush <frush@engr.colostate.edu>
6994 * Sometimes times are sent as zero - ignore them.
6997 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6998 /* Ignore request */
6999 if( DEBUGLVL( 3 ) ) {
7000 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
7001 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
7003 END_PROFILE(SMBsetattrE);
7005 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
7006 /* set modify time = to access time if modify time was unset */
7010 /* Set the date on this file */
7011 /* Should we set pending modtime here ? JRA */
7012 if(file_ntimes(conn, fsp->fsp_name, ts)) {
7013 reply_doserror(req, ERRDOS, ERRnoaccess);
7014 END_PROFILE(SMBsetattrE);
7018 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7020 (unsigned int)ts[0].tv_sec,
7021 (unsigned int)ts[1].tv_sec));
7023 END_PROFILE(SMBsetattrE);
7028 /* Back from the dead for OS/2..... JRA. */
7030 /****************************************************************************
7031 Reply to a SMBwritebmpx (write block multiplex primary) request.
7032 Always reply with an error, if someone has a platform really needs this,
7033 please contact vl@samba.org
7034 ****************************************************************************/
7036 void reply_writebmpx(struct smb_request *req)
7038 START_PROFILE(SMBwriteBmpx);
7039 reply_doserror(req, ERRSRV, ERRuseSTD);
7040 END_PROFILE(SMBwriteBmpx);
7044 /****************************************************************************
7045 Reply to a SMBwritebs (write block multiplex secondary) request.
7046 Always reply with an error, if someone has a platform really needs this,
7047 please contact vl@samba.org
7048 ****************************************************************************/
7050 void reply_writebs(struct smb_request *req)
7052 START_PROFILE(SMBwriteBs);
7053 reply_doserror(req, ERRSRV, ERRuseSTD);
7054 END_PROFILE(SMBwriteBs);
7058 /****************************************************************************
7059 Reply to a SMBgetattrE.
7060 ****************************************************************************/
7062 void reply_getattrE(struct smb_request *req)
7064 connection_struct *conn = req->conn;
7065 SMB_STRUCT_STAT sbuf;
7069 START_PROFILE(SMBgetattrE);
7072 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7073 END_PROFILE(SMBgetattrE);
7077 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7079 if(!fsp || (fsp->conn != conn)) {
7080 reply_doserror(req, ERRDOS, ERRbadfid);
7081 END_PROFILE(SMBgetattrE);
7085 /* Do an fstat on this file */
7086 if(fsp_stat(fsp, &sbuf)) {
7087 reply_unixerror(req, ERRDOS, ERRnoaccess);
7088 END_PROFILE(SMBgetattrE);
7092 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7095 * Convert the times into dos times. Set create
7096 * date to be last modify date as UNIX doesn't save
7100 reply_outbuf(req, 11, 0);
7102 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
7103 get_create_time(&sbuf,
7104 lp_fake_dir_create_times(SNUM(conn))));
7105 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7106 /* Should we check pending modtime here ? JRA */
7107 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7110 SIVAL(req->outbuf, smb_vwv6, 0);
7111 SIVAL(req->outbuf, smb_vwv8, 0);
7113 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7114 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7115 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7117 SSVAL(req->outbuf,smb_vwv10, mode);
7119 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7121 END_PROFILE(SMBgetattrE);
git.samba.org / kai / samba.git / blob