2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
35 extern struct current_user current_user;
36 extern bool global_encrypted_passwords_negotiated;
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
49 static NTSTATUS check_path_syntax_internal(char *path,
51 bool *p_last_component_contains_wcard)
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
58 *p_last_component_contains_wcard = False;
61 if (IS_PATH_SEP(*s,posix_path)) {
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
75 start_of_name_component = True;
77 *p_last_component_contains_wcard = False;
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
86 * No mb char starts with '.' so we're safe checking the directory separator here.
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
95 /* Are we at the start ? Can't go back further if so. */
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
133 *p_last_component_contains_wcard = True;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
163 return NT_STATUS_INVALID_PARAMETER;
166 start_of_name_component = False;
173 /****************************************************************************
174 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
175 No wildcards allowed.
176 ****************************************************************************/
178 NTSTATUS check_path_syntax(char *path)
181 return check_path_syntax_internal(path, False, &ignore);
184 /****************************************************************************
185 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
186 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 ****************************************************************************/
190 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
192 return check_path_syntax_internal(path, False, p_contains_wcard);
195 /****************************************************************************
196 Check the path for a POSIX client.
197 We're assuming here that '/' is not the second byte in any multibyte char
198 set (a safe assumption).
199 ****************************************************************************/
201 NTSTATUS check_path_syntax_posix(char *path)
204 return check_path_syntax_internal(path, True, &ignore);
207 /****************************************************************************
208 Pull a string and check the path allowing a wilcard - provide for error return.
209 ****************************************************************************/
211 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
219 bool *contains_wcard)
226 ret = srvstr_pull_buf_talloc(ctx,
233 ret = srvstr_pull_talloc(ctx,
243 *err = NT_STATUS_INVALID_PARAMETER;
247 *contains_wcard = False;
249 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
251 * For a DFS path the function parse_dfs_path()
252 * will do the path processing, just make a copy.
258 if (lp_posix_pathnames()) {
259 *err = check_path_syntax_posix(*pp_dest);
261 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
267 /****************************************************************************
268 Pull a string and check the path - provide for error return.
269 ****************************************************************************/
271 size_t srvstr_get_path(TALLOC_CTX *ctx,
285 ret = srvstr_pull_buf_talloc(ctx,
292 ret = srvstr_pull_talloc(ctx,
302 *err = NT_STATUS_INVALID_PARAMETER;
306 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
308 * For a DFS path the function parse_dfs_path()
309 * will do the path processing, just make a copy.
315 if (lp_posix_pathnames()) {
316 *err = check_path_syntax_posix(*pp_dest);
318 *err = check_path_syntax(*pp_dest);
324 /****************************************************************************
325 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
326 ****************************************************************************/
328 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
329 files_struct *fsp, struct current_user *user)
331 if (!(fsp) || !(conn)) {
332 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
335 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
336 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
342 /****************************************************************************
343 Check if we have a correct fsp pointing to a file. Replacement for the
345 ****************************************************************************/
347 bool check_fsp(connection_struct *conn, struct smb_request *req,
348 files_struct *fsp, struct current_user *user)
350 if (!check_fsp_open(conn, req, fsp, user)) {
353 if ((fsp)->is_directory) {
354 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
357 if ((fsp)->fh->fd == -1) {
358 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
361 (fsp)->num_smb_operations++;
365 /****************************************************************************
366 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
367 ****************************************************************************/
369 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
370 files_struct *fsp, struct current_user *user)
372 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
373 && (current_user.vuid==(fsp)->vuid)) {
377 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
381 /****************************************************************************
382 Reply to a (netbios-level) special message.
383 ****************************************************************************/
385 void reply_special(char *inbuf)
387 int msg_type = CVAL(inbuf,0);
388 int msg_flags = CVAL(inbuf,1);
393 * We only really use 4 bytes of the outbuf, but for the smb_setlen
394 * calculation & friends (srv_send_smb uses that) we need the full smb
397 char outbuf[smb_size];
399 static bool already_got_session = False;
403 memset(outbuf, '\0', sizeof(outbuf));
405 smb_setlen(outbuf,0);
408 case 0x81: /* session request */
410 if (already_got_session) {
411 exit_server_cleanly("multiple session request not permitted");
414 SCVAL(outbuf,0,0x82);
416 if (name_len(inbuf+4) > 50 ||
417 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
418 DEBUG(0,("Invalid name length in session request\n"));
421 name_extract(inbuf,4,name1);
422 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
423 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
426 set_local_machine_name(name1, True);
427 set_remote_machine_name(name2, True);
429 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
430 get_local_machine_name(), get_remote_machine_name(),
433 if (name_type == 'R') {
434 /* We are being asked for a pathworks session ---
436 SCVAL(outbuf, 0,0x83);
440 /* only add the client's machine name to the list
441 of possibly valid usernames if we are operating
442 in share mode security */
443 if (lp_security() == SEC_SHARE) {
444 add_session_user(get_remote_machine_name());
447 reload_services(True);
450 already_got_session = True;
453 case 0x89: /* session keepalive request
454 (some old clients produce this?) */
455 SCVAL(outbuf,0,SMBkeepalive);
459 case 0x82: /* positive session response */
460 case 0x83: /* negative session response */
461 case 0x84: /* retarget session response */
462 DEBUG(0,("Unexpected session response\n"));
465 case SMBkeepalive: /* session keepalive */
470 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
471 msg_type, msg_flags));
473 srv_send_smb(smbd_server_fd(), outbuf, false);
477 /****************************************************************************
479 conn POINTER CAN BE NULL HERE !
480 ****************************************************************************/
482 void reply_tcon(struct smb_request *req)
484 connection_struct *conn = req->conn;
486 char *service_buf = NULL;
487 char *password = NULL;
492 DATA_BLOB password_blob;
493 TALLOC_CTX *ctx = talloc_tos();
495 START_PROFILE(SMBtcon);
497 if (smb_buflen(req->inbuf) < 4) {
498 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
499 END_PROFILE(SMBtcon);
503 p = smb_buf(req->inbuf)+1;
504 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
505 &service_buf, p, STR_TERMINATE) + 1;
506 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
507 &password, p, STR_TERMINATE) + 1;
509 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
510 &dev, p, STR_TERMINATE) + 1;
512 if (service_buf == NULL || password == NULL || dev == NULL) {
513 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
514 END_PROFILE(SMBtcon);
517 p = strrchr_m(service_buf,'\\');
521 service = service_buf;
524 password_blob = data_blob(password, pwlen+1);
526 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
529 data_blob_clear_free(&password_blob);
532 reply_nterror(req, nt_status);
533 END_PROFILE(SMBtcon);
537 reply_outbuf(req, 2, 0);
538 SSVAL(req->outbuf,smb_vwv0,max_recv);
539 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
540 SSVAL(req->outbuf,smb_tid,conn->cnum);
542 DEBUG(3,("tcon service=%s cnum=%d\n",
543 service, conn->cnum));
545 END_PROFILE(SMBtcon);
549 /****************************************************************************
550 Reply to a tcon and X.
551 conn POINTER CAN BE NULL HERE !
552 ****************************************************************************/
554 void reply_tcon_and_X(struct smb_request *req)
556 connection_struct *conn = req->conn;
557 char *service = NULL;
559 TALLOC_CTX *ctx = talloc_tos();
560 /* what the cleint thinks the device is */
561 char *client_devicetype = NULL;
562 /* what the server tells the client the share represents */
563 const char *server_devicetype;
570 START_PROFILE(SMBtconX);
573 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
574 END_PROFILE(SMBtconX);
578 passlen = SVAL(req->inbuf,smb_vwv3);
579 tcon_flags = SVAL(req->inbuf,smb_vwv2);
581 /* we might have to close an old one */
582 if ((tcon_flags & 0x1) && conn) {
583 close_cnum(conn,req->vuid);
588 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
589 reply_doserror(req, ERRDOS, ERRbuftoosmall);
590 END_PROFILE(SMBtconX);
594 if (global_encrypted_passwords_negotiated) {
595 password = data_blob(smb_buf(req->inbuf),passlen);
596 if (lp_security() == SEC_SHARE) {
598 * Security = share always has a pad byte
599 * after the password.
601 p = smb_buf(req->inbuf) + passlen + 1;
603 p = smb_buf(req->inbuf) + passlen;
606 password = data_blob(smb_buf(req->inbuf),passlen+1);
607 /* Ensure correct termination */
608 password.data[passlen]=0;
609 p = smb_buf(req->inbuf) + passlen + 1;
612 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
616 data_blob_clear_free(&password);
617 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
618 END_PROFILE(SMBtconX);
623 * the service name can be either: \\server\share
624 * or share directly like on the DELL PowerVault 705
627 q = strchr_m(path+2,'\\');
629 data_blob_clear_free(&password);
630 reply_doserror(req, ERRDOS, ERRnosuchshare);
631 END_PROFILE(SMBtconX);
639 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
640 &client_devicetype, p,
641 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
643 if (client_devicetype == NULL) {
644 data_blob_clear_free(&password);
645 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
646 END_PROFILE(SMBtconX);
650 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
652 conn = make_connection(service, password, client_devicetype,
653 req->vuid, &nt_status);
656 data_blob_clear_free(&password);
659 reply_nterror(req, nt_status);
660 END_PROFILE(SMBtconX);
665 server_devicetype = "IPC";
666 else if ( IS_PRINT(conn) )
667 server_devicetype = "LPT1:";
669 server_devicetype = "A:";
671 if (Protocol < PROTOCOL_NT1) {
672 reply_outbuf(req, 2, 0);
673 if (message_push_string(&req->outbuf, server_devicetype,
674 STR_TERMINATE|STR_ASCII) == -1) {
675 reply_nterror(req, NT_STATUS_NO_MEMORY);
676 END_PROFILE(SMBtconX);
680 /* NT sets the fstype of IPC$ to the null string */
681 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
683 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
684 /* Return permissions. */
688 reply_outbuf(req, 7, 0);
691 perm1 = FILE_ALL_ACCESS;
692 perm2 = FILE_ALL_ACCESS;
694 perm1 = CAN_WRITE(conn) ?
699 SIVAL(req->outbuf, smb_vwv3, perm1);
700 SIVAL(req->outbuf, smb_vwv5, perm2);
702 reply_outbuf(req, 3, 0);
705 if ((message_push_string(&req->outbuf, server_devicetype,
706 STR_TERMINATE|STR_ASCII) == -1)
707 || (message_push_string(&req->outbuf, fstype,
708 STR_TERMINATE) == -1)) {
709 reply_nterror(req, NT_STATUS_NO_MEMORY);
710 END_PROFILE(SMBtconX);
714 /* what does setting this bit do? It is set by NT4 and
715 may affect the ability to autorun mounted cdroms */
716 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
717 (lp_csc_policy(SNUM(conn)) << 2));
719 init_dfsroot(conn, req->inbuf, req->outbuf);
723 DEBUG(3,("tconX service=%s \n",
726 /* set the incoming and outgoing tid to the just created one */
727 SSVAL(req->inbuf,smb_tid,conn->cnum);
728 SSVAL(req->outbuf,smb_tid,conn->cnum);
730 END_PROFILE(SMBtconX);
736 /****************************************************************************
737 Reply to an unknown type.
738 ****************************************************************************/
740 void reply_unknown_new(struct smb_request *req, uint8 type)
742 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
743 smb_fn_name(type), type, type));
744 reply_doserror(req, ERRSRV, ERRunknownsmb);
748 /****************************************************************************
750 conn POINTER CAN BE NULL HERE !
751 ****************************************************************************/
753 void reply_ioctl(struct smb_request *req)
755 connection_struct *conn = req->conn;
762 START_PROFILE(SMBioctl);
765 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
766 END_PROFILE(SMBioctl);
770 device = SVAL(req->inbuf,smb_vwv1);
771 function = SVAL(req->inbuf,smb_vwv2);
772 ioctl_code = (device << 16) + function;
774 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
776 switch (ioctl_code) {
777 case IOCTL_QUERY_JOB_INFO:
781 reply_doserror(req, ERRSRV, ERRnosupport);
782 END_PROFILE(SMBioctl);
786 reply_outbuf(req, 8, replysize+1);
787 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
788 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
789 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
790 p = smb_buf(req->outbuf);
791 memset(p, '\0', replysize+1); /* valgrind-safe. */
792 p += 1; /* Allow for alignment */
794 switch (ioctl_code) {
795 case IOCTL_QUERY_JOB_INFO:
797 files_struct *fsp = file_fsp(SVAL(req->inbuf,
800 reply_doserror(req, ERRDOS, ERRbadfid);
801 END_PROFILE(SMBioctl);
804 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
805 srvstr_push((char *)req->outbuf, req->flags2, p+2,
807 STR_TERMINATE|STR_ASCII);
809 srvstr_push((char *)req->outbuf, req->flags2,
810 p+18, lp_servicename(SNUM(conn)),
811 13, STR_TERMINATE|STR_ASCII);
819 END_PROFILE(SMBioctl);
823 /****************************************************************************
824 Strange checkpath NTSTATUS mapping.
825 ****************************************************************************/
827 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
829 /* Strange DOS error code semantics only for checkpath... */
830 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
831 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
832 /* We need to map to ERRbadpath */
833 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
839 /****************************************************************************
840 Reply to a checkpath.
841 ****************************************************************************/
843 void reply_checkpath(struct smb_request *req)
845 connection_struct *conn = req->conn;
847 SMB_STRUCT_STAT sbuf;
849 TALLOC_CTX *ctx = talloc_tos();
851 START_PROFILE(SMBcheckpath);
853 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
854 smb_buf(req->inbuf) + 1, 0,
855 STR_TERMINATE, &status);
856 if (!NT_STATUS_IS_OK(status)) {
857 status = map_checkpath_error((char *)req->inbuf, status);
858 reply_nterror(req, status);
859 END_PROFILE(SMBcheckpath);
863 status = resolve_dfspath(ctx, conn,
864 req->flags2 & FLAGS2_DFS_PATHNAMES,
867 if (!NT_STATUS_IS_OK(status)) {
868 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
869 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
871 END_PROFILE(SMBcheckpath);
877 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
879 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
880 if (!NT_STATUS_IS_OK(status)) {
884 status = check_name(conn, name);
885 if (!NT_STATUS_IS_OK(status)) {
886 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
890 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
891 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
892 status = map_nt_error_from_unix(errno);
896 if (!S_ISDIR(sbuf.st_mode)) {
897 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
899 END_PROFILE(SMBcheckpath);
903 reply_outbuf(req, 0, 0);
905 END_PROFILE(SMBcheckpath);
910 END_PROFILE(SMBcheckpath);
912 /* We special case this - as when a Windows machine
913 is parsing a path is steps through the components
914 one at a time - if a component fails it expects
915 ERRbadpath, not ERRbadfile.
917 status = map_checkpath_error((char *)req->inbuf, status);
918 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
920 * Windows returns different error codes if
921 * the parent directory is valid but not the
922 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
923 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
924 * if the path is invalid.
926 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
931 reply_nterror(req, status);
934 /****************************************************************************
936 ****************************************************************************/
938 void reply_getatr(struct smb_request *req)
940 connection_struct *conn = req->conn;
942 SMB_STRUCT_STAT sbuf;
948 TALLOC_CTX *ctx = talloc_tos();
950 START_PROFILE(SMBgetatr);
952 p = smb_buf(req->inbuf) + 1;
953 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
954 0, STR_TERMINATE, &status);
955 if (!NT_STATUS_IS_OK(status)) {
956 reply_nterror(req, status);
957 END_PROFILE(SMBgetatr);
961 status = resolve_dfspath(ctx, conn,
962 req->flags2 & FLAGS2_DFS_PATHNAMES,
965 if (!NT_STATUS_IS_OK(status)) {
966 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
967 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
969 END_PROFILE(SMBgetatr);
972 reply_nterror(req, status);
973 END_PROFILE(SMBgetatr);
977 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
978 under WfWg - weird! */
979 if (*fname == '\0') {
980 mode = aHIDDEN | aDIR;
981 if (!CAN_WRITE(conn)) {
987 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
988 if (!NT_STATUS_IS_OK(status)) {
989 reply_nterror(req, status);
990 END_PROFILE(SMBgetatr);
993 status = check_name(conn, fname);
994 if (!NT_STATUS_IS_OK(status)) {
995 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
996 reply_nterror(req, status);
997 END_PROFILE(SMBgetatr);
1000 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1001 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1002 reply_unixerror(req, ERRDOS,ERRbadfile);
1003 END_PROFILE(SMBgetatr);
1007 mode = dos_mode(conn,fname,&sbuf);
1008 size = sbuf.st_size;
1009 mtime = sbuf.st_mtime;
1015 reply_outbuf(req, 10, 0);
1017 SSVAL(req->outbuf,smb_vwv0,mode);
1018 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1019 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1021 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1023 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1025 if (Protocol >= PROTOCOL_NT1) {
1026 SSVAL(req->outbuf, smb_flg2,
1027 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1030 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1032 END_PROFILE(SMBgetatr);
1036 /****************************************************************************
1038 ****************************************************************************/
1040 void reply_setatr(struct smb_request *req)
1042 connection_struct *conn = req->conn;
1046 SMB_STRUCT_STAT sbuf;
1049 TALLOC_CTX *ctx = talloc_tos();
1051 START_PROFILE(SMBsetatr);
1054 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1058 p = smb_buf(req->inbuf) + 1;
1059 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1060 0, STR_TERMINATE, &status);
1061 if (!NT_STATUS_IS_OK(status)) {
1062 reply_nterror(req, status);
1063 END_PROFILE(SMBsetatr);
1067 status = resolve_dfspath(ctx, conn,
1068 req->flags2 & FLAGS2_DFS_PATHNAMES,
1071 if (!NT_STATUS_IS_OK(status)) {
1072 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1073 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1074 ERRSRV, ERRbadpath);
1075 END_PROFILE(SMBsetatr);
1078 reply_nterror(req, status);
1079 END_PROFILE(SMBsetatr);
1083 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1084 if (!NT_STATUS_IS_OK(status)) {
1085 reply_nterror(req, status);
1086 END_PROFILE(SMBsetatr);
1090 status = check_name(conn, fname);
1091 if (!NT_STATUS_IS_OK(status)) {
1092 reply_nterror(req, status);
1093 END_PROFILE(SMBsetatr);
1097 if (fname[0] == '.' && fname[1] == '\0') {
1099 * Not sure here is the right place to catch this
1100 * condition. Might be moved to somewhere else later -- vl
1102 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1103 END_PROFILE(SMBsetatr);
1107 mode = SVAL(req->inbuf,smb_vwv0);
1108 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1110 if (mode != FILE_ATTRIBUTE_NORMAL) {
1111 if (VALID_STAT_OF_DIR(sbuf))
1116 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1117 reply_unixerror(req, ERRDOS, ERRnoaccess);
1118 END_PROFILE(SMBsetatr);
1123 if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
1124 reply_unixerror(req, ERRDOS, ERRnoaccess);
1125 END_PROFILE(SMBsetatr);
1129 reply_outbuf(req, 0, 0);
1131 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1133 END_PROFILE(SMBsetatr);
1137 /****************************************************************************
1139 ****************************************************************************/
1141 void reply_dskattr(struct smb_request *req)
1143 connection_struct *conn = req->conn;
1144 SMB_BIG_UINT dfree,dsize,bsize;
1145 START_PROFILE(SMBdskattr);
1147 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1148 reply_unixerror(req, ERRHRD, ERRgeneral);
1149 END_PROFILE(SMBdskattr);
1153 reply_outbuf(req, 5, 0);
1155 if (Protocol <= PROTOCOL_LANMAN2) {
1156 double total_space, free_space;
1157 /* we need to scale this to a number that DOS6 can handle. We
1158 use floating point so we can handle large drives on systems
1159 that don't have 64 bit integers
1161 we end up displaying a maximum of 2G to DOS systems
1163 total_space = dsize * (double)bsize;
1164 free_space = dfree * (double)bsize;
1166 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1167 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1169 if (dsize > 0xFFFF) dsize = 0xFFFF;
1170 if (dfree > 0xFFFF) dfree = 0xFFFF;
1172 SSVAL(req->outbuf,smb_vwv0,dsize);
1173 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1174 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1175 SSVAL(req->outbuf,smb_vwv3,dfree);
1177 SSVAL(req->outbuf,smb_vwv0,dsize);
1178 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1179 SSVAL(req->outbuf,smb_vwv2,512);
1180 SSVAL(req->outbuf,smb_vwv3,dfree);
1183 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1185 END_PROFILE(SMBdskattr);
1189 /****************************************************************************
1191 Can be called from SMBsearch, SMBffirst or SMBfunique.
1192 ****************************************************************************/
1194 void reply_search(struct smb_request *req)
1196 connection_struct *conn = req->conn;
1198 char *directory = NULL;
1204 unsigned int numentries = 0;
1205 unsigned int maxentries = 0;
1206 bool finished = False;
1212 bool check_descend = False;
1213 bool expect_close = False;
1215 bool mask_contains_wcard = False;
1216 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1217 TALLOC_CTX *ctx = talloc_tos();
1219 START_PROFILE(SMBsearch);
1222 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1223 END_PROFILE(SMBsearch);
1227 if (lp_posix_pathnames()) {
1228 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1229 END_PROFILE(SMBsearch);
1233 /* If we were called as SMBffirst then we must expect close. */
1234 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1235 expect_close = True;
1238 reply_outbuf(req, 1, 3);
1239 maxentries = SVAL(req->inbuf,smb_vwv0);
1240 dirtype = SVAL(req->inbuf,smb_vwv1);
1241 p = smb_buf(req->inbuf) + 1;
1242 p += srvstr_get_path_wcard(ctx,
1250 &mask_contains_wcard);
1251 if (!NT_STATUS_IS_OK(nt_status)) {
1252 reply_nterror(req, nt_status);
1253 END_PROFILE(SMBsearch);
1257 nt_status = resolve_dfspath_wcard(ctx, conn,
1258 req->flags2 & FLAGS2_DFS_PATHNAMES,
1261 &mask_contains_wcard);
1262 if (!NT_STATUS_IS_OK(nt_status)) {
1263 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1264 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1265 ERRSRV, ERRbadpath);
1266 END_PROFILE(SMBsearch);
1269 reply_nterror(req, nt_status);
1270 END_PROFILE(SMBsearch);
1275 status_len = SVAL(p, 0);
1278 /* dirtype &= ~aDIR; */
1280 if (status_len == 0) {
1281 SMB_STRUCT_STAT sbuf;
1283 nt_status = unix_convert(ctx, conn, path, True,
1284 &directory, NULL, &sbuf);
1285 if (!NT_STATUS_IS_OK(nt_status)) {
1286 reply_nterror(req, nt_status);
1287 END_PROFILE(SMBsearch);
1291 nt_status = check_name(conn, directory);
1292 if (!NT_STATUS_IS_OK(nt_status)) {
1293 reply_nterror(req, nt_status);
1294 END_PROFILE(SMBsearch);
1298 p = strrchr_m(directory,'/');
1301 directory = talloc_strdup(ctx,".");
1303 reply_nterror(req, NT_STATUS_NO_MEMORY);
1304 END_PROFILE(SMBsearch);
1312 if (*directory == '\0') {
1313 directory = talloc_strdup(ctx,".");
1315 reply_nterror(req, NT_STATUS_NO_MEMORY);
1316 END_PROFILE(SMBsearch);
1320 memset((char *)status,'\0',21);
1321 SCVAL(status,0,(dirtype & 0x1F));
1323 nt_status = dptr_create(conn,
1329 mask_contains_wcard,
1332 if (!NT_STATUS_IS_OK(nt_status)) {
1333 reply_nterror(req, nt_status);
1334 END_PROFILE(SMBsearch);
1337 dptr_num = dptr_dnum(conn->dirptr);
1341 memcpy(status,p,21);
1342 status_dirtype = CVAL(status,0) & 0x1F;
1343 if (status_dirtype != (dirtype & 0x1F)) {
1344 dirtype = status_dirtype;
1347 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1348 if (!conn->dirptr) {
1351 string_set(&conn->dirpath,dptr_path(dptr_num));
1352 mask = dptr_wcard(dptr_num);
1357 * For a 'continue' search we have no string. So
1358 * check from the initial saved string.
1360 mask_contains_wcard = ms_has_wild(mask);
1361 dirtype = dptr_attr(dptr_num);
1364 DEBUG(4,("dptr_num is %d\n",dptr_num));
1366 if ((dirtype&0x1F) == aVOLID) {
1367 char buf[DIR_STRUCT_SIZE];
1368 memcpy(buf,status,21);
1369 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1370 0,aVOLID,0,!allow_long_path_components)) {
1371 reply_nterror(req, NT_STATUS_NO_MEMORY);
1372 END_PROFILE(SMBsearch);
1375 dptr_fill(buf+12,dptr_num);
1376 if (dptr_zero(buf+12) && (status_len==0)) {
1381 if (message_push_blob(&req->outbuf,
1382 data_blob_const(buf, sizeof(buf)))
1384 reply_nterror(req, NT_STATUS_NO_MEMORY);
1385 END_PROFILE(SMBsearch);
1393 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1396 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1397 conn->dirpath,lp_dontdescend(SNUM(conn))));
1398 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1399 check_descend = True;
1402 for (i=numentries;(i<maxentries) && !finished;i++) {
1403 finished = !get_dir_entry(ctx,conn,mask,dirtype,&fname,
1404 &size,&mode,&date,check_descend);
1406 char buf[DIR_STRUCT_SIZE];
1407 memcpy(buf,status,21);
1408 if (!make_dir_struct(ctx,
1415 !allow_long_path_components)) {
1416 reply_nterror(req, NT_STATUS_NO_MEMORY);
1417 END_PROFILE(SMBsearch);
1420 if (!dptr_fill(buf+12,dptr_num)) {
1423 if (message_push_blob(&req->outbuf,
1424 data_blob_const(buf, sizeof(buf)))
1426 reply_nterror(req, NT_STATUS_NO_MEMORY);
1427 END_PROFILE(SMBsearch);
1437 /* If we were called as SMBffirst with smb_search_id == NULL
1438 and no entries were found then return error and close dirptr
1441 if (numentries == 0) {
1442 dptr_close(&dptr_num);
1443 } else if(expect_close && status_len == 0) {
1444 /* Close the dptr - we know it's gone */
1445 dptr_close(&dptr_num);
1448 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1449 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1450 dptr_close(&dptr_num);
1453 if ((numentries == 0) && !mask_contains_wcard) {
1454 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1455 END_PROFILE(SMBsearch);
1459 SSVAL(req->outbuf,smb_vwv0,numentries);
1460 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1461 SCVAL(smb_buf(req->outbuf),0,5);
1462 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1464 /* The replies here are never long name. */
1465 SSVAL(req->outbuf, smb_flg2,
1466 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1467 if (!allow_long_path_components) {
1468 SSVAL(req->outbuf, smb_flg2,
1469 SVAL(req->outbuf, smb_flg2)
1470 & (~FLAGS2_LONG_PATH_COMPONENTS));
1473 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1474 SSVAL(req->outbuf, smb_flg2,
1475 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1478 directory = dptr_path(dptr_num);
1481 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1482 smb_fn_name(CVAL(req->inbuf,smb_com)),
1484 directory ? directory : "./",
1489 END_PROFILE(SMBsearch);
1493 /****************************************************************************
1494 Reply to a fclose (stop directory search).
1495 ****************************************************************************/
1497 void reply_fclose(struct smb_request *req)
1505 bool path_contains_wcard = False;
1506 TALLOC_CTX *ctx = talloc_tos();
1508 START_PROFILE(SMBfclose);
1510 if (lp_posix_pathnames()) {
1511 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1512 END_PROFILE(SMBfclose);
1516 p = smb_buf(req->inbuf) + 1;
1517 p += srvstr_get_path_wcard(ctx,
1525 &path_contains_wcard);
1526 if (!NT_STATUS_IS_OK(err)) {
1527 reply_nterror(req, err);
1528 END_PROFILE(SMBfclose);
1532 status_len = SVAL(p,0);
1535 if (status_len == 0) {
1536 reply_doserror(req, ERRSRV, ERRsrverror);
1537 END_PROFILE(SMBfclose);
1541 memcpy(status,p,21);
1543 if(dptr_fetch(status+12,&dptr_num)) {
1544 /* Close the dptr - we know it's gone */
1545 dptr_close(&dptr_num);
1548 reply_outbuf(req, 1, 0);
1549 SSVAL(req->outbuf,smb_vwv0,0);
1551 DEBUG(3,("search close\n"));
1553 END_PROFILE(SMBfclose);
1557 /****************************************************************************
1559 ****************************************************************************/
1561 void reply_open(struct smb_request *req)
1563 connection_struct *conn = req->conn;
1569 SMB_STRUCT_STAT sbuf;
1576 uint32 create_disposition;
1577 uint32 create_options = 0;
1579 TALLOC_CTX *ctx = talloc_tos();
1581 START_PROFILE(SMBopen);
1584 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1585 END_PROFILE(SMBopen);
1589 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1590 deny_mode = SVAL(req->inbuf,smb_vwv0);
1591 dos_attr = SVAL(req->inbuf,smb_vwv1);
1593 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1594 smb_buf(req->inbuf)+1, 0,
1595 STR_TERMINATE, &status);
1596 if (!NT_STATUS_IS_OK(status)) {
1597 reply_nterror(req, status);
1598 END_PROFILE(SMBopen);
1602 if (!map_open_params_to_ntcreate(
1603 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1604 &share_mode, &create_disposition, &create_options)) {
1605 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1606 END_PROFILE(SMBopen);
1610 status = create_file(conn, /* conn */
1612 0, /* root_dir_fid */
1614 access_mask, /* access_mask */
1615 share_mode, /* share_access */
1616 create_disposition, /* create_disposition*/
1617 create_options, /* create_options */
1618 dos_attr, /* file_attributes */
1619 oplock_request, /* oplock_request */
1620 0, /* allocation_size */
1627 if (!NT_STATUS_IS_OK(status)) {
1628 if (open_was_deferred(req->mid)) {
1629 /* We have re-scheduled this call. */
1630 END_PROFILE(SMBopen);
1633 reply_openerror(req, status);
1634 END_PROFILE(SMBopen);
1638 size = sbuf.st_size;
1639 fattr = dos_mode(conn,fname,&sbuf);
1640 mtime = sbuf.st_mtime;
1643 DEBUG(3,("attempt to open a directory %s\n",fname));
1644 close_file(fsp,ERROR_CLOSE);
1645 reply_doserror(req, ERRDOS,ERRnoaccess);
1646 END_PROFILE(SMBopen);
1650 reply_outbuf(req, 7, 0);
1651 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1652 SSVAL(req->outbuf,smb_vwv1,fattr);
1653 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1654 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1656 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1658 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1659 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1661 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1662 SCVAL(req->outbuf,smb_flg,
1663 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1666 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1667 SCVAL(req->outbuf,smb_flg,
1668 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1670 END_PROFILE(SMBopen);
1674 /****************************************************************************
1675 Reply to an open and X.
1676 ****************************************************************************/
1678 void reply_open_and_X(struct smb_request *req)
1680 connection_struct *conn = req->conn;
1685 /* Breakout the oplock request bits so we can set the
1686 reply bits separately. */
1687 int ex_oplock_request;
1688 int core_oplock_request;
1691 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1692 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1697 SMB_STRUCT_STAT sbuf;
1701 SMB_BIG_UINT allocation_size;
1702 ssize_t retval = -1;
1705 uint32 create_disposition;
1706 uint32 create_options = 0;
1707 TALLOC_CTX *ctx = talloc_tos();
1709 START_PROFILE(SMBopenX);
1711 if (req->wct < 15) {
1712 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1713 END_PROFILE(SMBopenX);
1717 open_flags = SVAL(req->inbuf,smb_vwv2);
1718 deny_mode = SVAL(req->inbuf,smb_vwv3);
1719 smb_attr = SVAL(req->inbuf,smb_vwv5);
1720 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1721 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1722 oplock_request = ex_oplock_request | core_oplock_request;
1723 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1724 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1726 /* If it's an IPC, pass off the pipe handler. */
1728 if (lp_nt_pipe_support()) {
1729 reply_open_pipe_and_X(conn, req);
1731 reply_doserror(req, ERRSRV, ERRaccess);
1733 END_PROFILE(SMBopenX);
1737 /* XXXX we need to handle passed times, sattr and flags */
1738 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1739 smb_buf(req->inbuf), 0, STR_TERMINATE,
1741 if (!NT_STATUS_IS_OK(status)) {
1742 reply_nterror(req, status);
1743 END_PROFILE(SMBopenX);
1747 if (!map_open_params_to_ntcreate(
1748 fname, deny_mode, smb_ofun, &access_mask,
1749 &share_mode, &create_disposition, &create_options)) {
1750 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1751 END_PROFILE(SMBopenX);
1755 status = create_file(conn, /* conn */
1757 0, /* root_dir_fid */
1759 access_mask, /* access_mask */
1760 share_mode, /* share_access */
1761 create_disposition, /* create_disposition*/
1762 create_options, /* create_options */
1763 smb_attr, /* file_attributes */
1764 oplock_request, /* oplock_request */
1765 0, /* allocation_size */
1769 &smb_action, /* pinfo */
1772 if (!NT_STATUS_IS_OK(status)) {
1773 END_PROFILE(SMBopenX);
1774 if (open_was_deferred(req->mid)) {
1775 /* We have re-scheduled this call. */
1778 reply_openerror(req, status);
1782 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1783 if the file is truncated or created. */
1784 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1785 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1786 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1787 close_file(fsp,ERROR_CLOSE);
1788 reply_nterror(req, NT_STATUS_DISK_FULL);
1789 END_PROFILE(SMBopenX);
1792 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1794 close_file(fsp,ERROR_CLOSE);
1795 reply_nterror(req, NT_STATUS_DISK_FULL);
1796 END_PROFILE(SMBopenX);
1799 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1802 fattr = dos_mode(conn,fname,&sbuf);
1803 mtime = sbuf.st_mtime;
1805 close_file(fsp,ERROR_CLOSE);
1806 reply_doserror(req, ERRDOS, ERRnoaccess);
1807 END_PROFILE(SMBopenX);
1811 /* If the caller set the extended oplock request bit
1812 and we granted one (by whatever means) - set the
1813 correct bit for extended oplock reply.
1816 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1817 smb_action |= EXTENDED_OPLOCK_GRANTED;
1820 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1821 smb_action |= EXTENDED_OPLOCK_GRANTED;
1824 /* If the caller set the core oplock request bit
1825 and we granted one (by whatever means) - set the
1826 correct bit for core oplock reply.
1829 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1830 reply_outbuf(req, 19, 0);
1832 reply_outbuf(req, 15, 0);
1835 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1836 SCVAL(req->outbuf, smb_flg,
1837 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1840 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1841 SCVAL(req->outbuf, smb_flg,
1842 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1845 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1846 SSVAL(req->outbuf,smb_vwv3,fattr);
1847 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1848 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1850 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1852 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1853 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1854 SSVAL(req->outbuf,smb_vwv11,smb_action);
1856 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1857 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1860 END_PROFILE(SMBopenX);
1865 /****************************************************************************
1866 Reply to a SMBulogoffX.
1867 ****************************************************************************/
1869 void reply_ulogoffX(struct smb_request *req)
1873 START_PROFILE(SMBulogoffX);
1875 vuser = get_valid_user_struct(req->vuid);
1878 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1882 /* in user level security we are supposed to close any files
1883 open by this user */
1884 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1885 file_close_user(req->vuid);
1888 invalidate_vuid(req->vuid);
1890 reply_outbuf(req, 2, 0);
1892 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1894 END_PROFILE(SMBulogoffX);
1898 /****************************************************************************
1899 Reply to a mknew or a create.
1900 ****************************************************************************/
1902 void reply_mknew(struct smb_request *req)
1904 connection_struct *conn = req->conn;
1908 struct timespec ts[2];
1910 int oplock_request = 0;
1911 SMB_STRUCT_STAT sbuf;
1913 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1914 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1915 uint32 create_disposition;
1916 uint32 create_options = 0;
1917 TALLOC_CTX *ctx = talloc_tos();
1919 START_PROFILE(SMBcreate);
1922 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1923 END_PROFILE(SMBcreate);
1927 fattr = SVAL(req->inbuf,smb_vwv0);
1928 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1929 com = SVAL(req->inbuf,smb_com);
1931 ts[1] =convert_time_t_to_timespec(
1932 srv_make_unix_date3(req->inbuf + smb_vwv1));
1935 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1936 smb_buf(req->inbuf) + 1, 0,
1937 STR_TERMINATE, &status);
1938 if (!NT_STATUS_IS_OK(status)) {
1939 reply_nterror(req, status);
1940 END_PROFILE(SMBcreate);
1944 if (fattr & aVOLID) {
1945 DEBUG(0,("Attempt to create file (%s) with volid set - "
1946 "please report this\n", fname));
1949 if(com == SMBmknew) {
1950 /* We should fail if file exists. */
1951 create_disposition = FILE_CREATE;
1953 /* Create if file doesn't exist, truncate if it does. */
1954 create_disposition = FILE_OVERWRITE_IF;
1957 status = create_file(conn, /* conn */
1959 0, /* root_dir_fid */
1961 access_mask, /* access_mask */
1962 share_mode, /* share_access */
1963 create_disposition, /* create_disposition*/
1964 create_options, /* create_options */
1965 fattr, /* file_attributes */
1966 oplock_request, /* oplock_request */
1967 0, /* allocation_size */
1974 if (!NT_STATUS_IS_OK(status)) {
1975 END_PROFILE(SMBcreate);
1976 if (open_was_deferred(req->mid)) {
1977 /* We have re-scheduled this call. */
1980 reply_openerror(req, status);
1984 ts[0] = get_atimespec(&sbuf); /* atime. */
1985 file_ntimes(conn, fname, ts);
1987 reply_outbuf(req, 1, 0);
1988 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1990 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1991 SCVAL(req->outbuf,smb_flg,
1992 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1995 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1996 SCVAL(req->outbuf,smb_flg,
1997 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2000 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
2001 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2002 fname, fsp->fh->fd, (unsigned int)fattr ) );
2004 END_PROFILE(SMBcreate);
2008 /****************************************************************************
2009 Reply to a create temporary file.
2010 ****************************************************************************/
2012 void reply_ctemp(struct smb_request *req)
2014 connection_struct *conn = req->conn;
2020 SMB_STRUCT_STAT sbuf;
2023 TALLOC_CTX *ctx = talloc_tos();
2025 START_PROFILE(SMBctemp);
2028 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2029 END_PROFILE(SMBctemp);
2033 fattr = SVAL(req->inbuf,smb_vwv0);
2034 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2036 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2037 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2039 if (!NT_STATUS_IS_OK(status)) {
2040 reply_nterror(req, status);
2041 END_PROFILE(SMBctemp);
2045 fname = talloc_asprintf(ctx,
2049 fname = talloc_strdup(ctx, "TMXXXXXX");
2053 reply_nterror(req, NT_STATUS_NO_MEMORY);
2054 END_PROFILE(SMBctemp);
2058 status = resolve_dfspath(ctx, conn,
2059 req->flags2 & FLAGS2_DFS_PATHNAMES,
2062 if (!NT_STATUS_IS_OK(status)) {
2063 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2064 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2065 ERRSRV, ERRbadpath);
2066 END_PROFILE(SMBctemp);
2069 reply_nterror(req, status);
2070 END_PROFILE(SMBctemp);
2074 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2075 if (!NT_STATUS_IS_OK(status)) {
2076 reply_nterror(req, status);
2077 END_PROFILE(SMBctemp);
2081 status = check_name(conn, CONST_DISCARD(char *,fname));
2082 if (!NT_STATUS_IS_OK(status)) {
2083 reply_nterror(req, status);
2084 END_PROFILE(SMBctemp);
2088 tmpfd = smb_mkstemp(fname);
2090 reply_unixerror(req, ERRDOS, ERRnoaccess);
2091 END_PROFILE(SMBctemp);
2095 SMB_VFS_STAT(conn,fname,&sbuf);
2097 /* We should fail if file does not exist. */
2098 status = open_file_ntcreate(conn, req, fname, &sbuf,
2099 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2100 FILE_SHARE_READ|FILE_SHARE_WRITE,
2107 /* close fd from smb_mkstemp() */
2110 if (!NT_STATUS_IS_OK(status)) {
2111 if (open_was_deferred(req->mid)) {
2112 /* We have re-scheduled this call. */
2113 END_PROFILE(SMBctemp);
2116 reply_openerror(req, status);
2117 END_PROFILE(SMBctemp);
2121 reply_outbuf(req, 1, 0);
2122 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2124 /* the returned filename is relative to the directory */
2125 s = strrchr_m(fname, '/');
2133 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2134 thing in the byte section. JRA */
2135 SSVALS(p, 0, -1); /* what is this? not in spec */
2137 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2139 reply_nterror(req, NT_STATUS_NO_MEMORY);
2140 END_PROFILE(SMBctemp);
2144 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2145 SCVAL(req->outbuf, smb_flg,
2146 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2149 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2150 SCVAL(req->outbuf, smb_flg,
2151 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2154 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
2155 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
2156 (unsigned int)sbuf.st_mode ) );
2158 END_PROFILE(SMBctemp);
2162 /*******************************************************************
2163 Check if a user is allowed to rename a file.
2164 ********************************************************************/
2166 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2167 uint16 dirtype, SMB_STRUCT_STAT *pst)
2171 if (!CAN_WRITE(conn)) {
2172 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2175 fmode = dos_mode(conn, fsp->fsp_name, pst);
2176 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2177 return NT_STATUS_NO_SUCH_FILE;
2180 if (S_ISDIR(pst->st_mode)) {
2181 return NT_STATUS_OK;
2184 if (fsp->access_mask & DELETE_ACCESS) {
2185 return NT_STATUS_OK;
2188 return NT_STATUS_ACCESS_DENIED;
2191 /*******************************************************************
2192 * unlink a file with all relevant access checks
2193 *******************************************************************/
2195 static NTSTATUS do_unlink(connection_struct *conn,
2196 struct smb_request *req,
2200 SMB_STRUCT_STAT sbuf;
2203 uint32 dirtype_orig = dirtype;
2206 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2208 if (!CAN_WRITE(conn)) {
2209 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2212 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2213 return map_nt_error_from_unix(errno);
2216 fattr = dos_mode(conn,fname,&sbuf);
2218 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2219 dirtype = aDIR|aARCH|aRONLY;
2222 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2224 return NT_STATUS_NO_SUCH_FILE;
2227 if (!dir_check_ftype(conn, fattr, dirtype)) {
2229 return NT_STATUS_FILE_IS_A_DIRECTORY;
2231 return NT_STATUS_NO_SUCH_FILE;
2234 if (dirtype_orig & 0x8000) {
2235 /* These will never be set for POSIX. */
2236 return NT_STATUS_NO_SUCH_FILE;
2240 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2241 return NT_STATUS_FILE_IS_A_DIRECTORY;
2244 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2245 return NT_STATUS_NO_SUCH_FILE;
2248 if (dirtype & 0xFF00) {
2249 /* These will never be set for POSIX. */
2250 return NT_STATUS_NO_SUCH_FILE;
2255 return NT_STATUS_NO_SUCH_FILE;
2258 /* Can't delete a directory. */
2260 return NT_STATUS_FILE_IS_A_DIRECTORY;
2265 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2266 return NT_STATUS_OBJECT_NAME_INVALID;
2267 #endif /* JRATEST */
2269 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2271 On a Windows share, a file with read-only dosmode can be opened with
2272 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2273 fails with NT_STATUS_CANNOT_DELETE error.
2275 This semantic causes a problem that a user can not
2276 rename a file with read-only dosmode on a Samba share
2277 from a Windows command prompt (i.e. cmd.exe, but can rename
2278 from Windows Explorer).
2281 if (!lp_delete_readonly(SNUM(conn))) {
2282 if (fattr & aRONLY) {
2283 return NT_STATUS_CANNOT_DELETE;
2287 /* On open checks the open itself will check the share mode, so
2288 don't do it here as we'll get it wrong. */
2290 status = open_file_ntcreate(conn, req, fname, &sbuf,
2295 FILE_ATTRIBUTE_NORMAL,
2296 req != NULL ? 0 : INTERNAL_OPEN_ONLY,
2299 if (!NT_STATUS_IS_OK(status)) {
2300 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2301 nt_errstr(status)));
2305 /* The set is across all open files on this dev/inode pair. */
2306 if (!set_delete_on_close(fsp, True, ¤t_user.ut)) {
2307 close_file(fsp, NORMAL_CLOSE);
2308 return NT_STATUS_ACCESS_DENIED;
2311 return close_file(fsp,NORMAL_CLOSE);
2314 /****************************************************************************
2315 The guts of the unlink command, split out so it may be called by the NT SMB
2317 ****************************************************************************/
2319 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2320 uint32 dirtype, const char *name_in, bool has_wild)
2322 const char *directory = NULL;
2327 NTSTATUS status = NT_STATUS_OK;
2328 SMB_STRUCT_STAT sbuf;
2329 TALLOC_CTX *ctx = talloc_tos();
2331 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2332 if (!NT_STATUS_IS_OK(status)) {
2336 p = strrchr_m(name,'/');
2338 directory = talloc_strdup(ctx, ".");
2340 return NT_STATUS_NO_MEMORY;
2350 * We should only check the mangled cache
2351 * here if unix_convert failed. This means
2352 * that the path in 'mask' doesn't exist
2353 * on the file system and so we need to look
2354 * for a possible mangle. This patch from
2355 * Tine Smukavec <valentin.smukavec@hermes.si>.
2358 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2359 char *new_mask = NULL;
2360 mangle_lookup_name_from_8_3(ctx,
2370 directory = talloc_asprintf(ctx,
2375 return NT_STATUS_NO_MEMORY;
2378 dirtype = FILE_ATTRIBUTE_NORMAL;
2381 status = check_name(conn, directory);
2382 if (!NT_STATUS_IS_OK(status)) {
2386 status = do_unlink(conn, req, directory, dirtype);
2387 if (!NT_STATUS_IS_OK(status)) {
2393 struct smb_Dir *dir_hnd = NULL;
2397 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2398 return NT_STATUS_OBJECT_NAME_INVALID;
2401 if (strequal(mask,"????????.???")) {
2406 status = check_name(conn, directory);
2407 if (!NT_STATUS_IS_OK(status)) {
2411 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2412 if (dir_hnd == NULL) {
2413 return map_nt_error_from_unix(errno);
2416 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2417 the pattern matches against the long name, otherwise the short name
2418 We don't implement this yet XXXX
2421 status = NT_STATUS_NO_SUCH_FILE;
2423 while ((dname = ReadDirName(dir_hnd, &offset))) {
2427 if (!is_visible_file(conn, directory, dname, &st, True)) {
2431 /* Quick check for "." and ".." */
2432 if (ISDOT(dname) || ISDOTDOT(dname)) {
2436 if(!mask_match(dname, mask, conn->case_sensitive)) {
2440 fname = talloc_asprintf(ctx, "%s/%s",
2444 return NT_STATUS_NO_MEMORY;
2447 status = check_name(conn, fname);
2448 if (!NT_STATUS_IS_OK(status)) {
2453 status = do_unlink(conn, req, fname, dirtype);
2454 if (!NT_STATUS_IS_OK(status)) {
2460 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
2468 if (count == 0 && NT_STATUS_IS_OK(status)) {
2469 status = map_nt_error_from_unix(errno);
2475 /****************************************************************************
2477 ****************************************************************************/
2479 void reply_unlink(struct smb_request *req)
2481 connection_struct *conn = req->conn;
2485 bool path_contains_wcard = False;
2486 TALLOC_CTX *ctx = talloc_tos();
2488 START_PROFILE(SMBunlink);
2491 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2492 END_PROFILE(SMBunlink);
2496 dirtype = SVAL(req->inbuf,smb_vwv0);
2498 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2499 smb_buf(req->inbuf) + 1, 0,
2500 STR_TERMINATE, &status, &path_contains_wcard);
2501 if (!NT_STATUS_IS_OK(status)) {
2502 reply_nterror(req, status);
2503 END_PROFILE(SMBunlink);
2507 status = resolve_dfspath_wcard(ctx, conn,
2508 req->flags2 & FLAGS2_DFS_PATHNAMES,
2511 &path_contains_wcard);
2512 if (!NT_STATUS_IS_OK(status)) {
2513 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2514 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2515 ERRSRV, ERRbadpath);
2516 END_PROFILE(SMBunlink);
2519 reply_nterror(req, status);
2520 END_PROFILE(SMBunlink);
2524 DEBUG(3,("reply_unlink : %s\n",name));
2526 status = unlink_internals(conn, req, dirtype, name,
2527 path_contains_wcard);
2528 if (!NT_STATUS_IS_OK(status)) {
2529 if (open_was_deferred(req->mid)) {
2530 /* We have re-scheduled this call. */
2531 END_PROFILE(SMBunlink);
2534 reply_nterror(req, status);
2535 END_PROFILE(SMBunlink);
2539 reply_outbuf(req, 0, 0);
2540 END_PROFILE(SMBunlink);
2545 /****************************************************************************
2547 ****************************************************************************/
2549 static void fail_readraw(void)
2551 const char *errstr = talloc_asprintf(talloc_tos(),
2552 "FAIL ! reply_readbraw: socket write fail (%s)",
2557 exit_server_cleanly(errstr);
2560 /****************************************************************************
2561 Fake (read/write) sendfile. Returns -1 on read or write fail.
2562 ****************************************************************************/
2564 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2568 size_t tosend = nread;
2575 bufsize = MIN(nread, 65536);
2577 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2581 while (tosend > 0) {
2585 if (tosend > bufsize) {
2590 ret = read_file(fsp,buf,startpos,cur_read);
2596 /* If we had a short read, fill with zeros. */
2597 if (ret < cur_read) {
2598 memset(buf, '\0', cur_read - ret);
2601 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2606 startpos += cur_read;
2610 return (ssize_t)nread;
2613 /****************************************************************************
2614 Return a readbraw error (4 bytes of zero).
2615 ****************************************************************************/
2617 static void reply_readbraw_error(void)
2621 if (write_data(smbd_server_fd(),header,4) != 4) {
2626 /****************************************************************************
2627 Use sendfile in readbraw.
2628 ****************************************************************************/
2630 void send_file_readbraw(connection_struct *conn,
2636 char *outbuf = NULL;
2639 #if defined(WITH_SENDFILE)
2641 * We can only use sendfile on a non-chained packet
2642 * but we can use on a non-oplocked file. tridge proved this
2643 * on a train in Germany :-). JRA.
2644 * reply_readbraw has already checked the length.
2647 if ( (chain_size == 0) && (nread > 0) &&
2648 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2650 DATA_BLOB header_blob;
2652 _smb_setlen(header,nread);
2653 header_blob = data_blob_const(header, 4);
2655 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd,
2656 &header_blob, startpos, nread) == -1) {
2657 /* Returning ENOSYS means no data at all was sent.
2658 * Do this as a normal read. */
2659 if (errno == ENOSYS) {
2660 goto normal_readbraw;
2664 * Special hack for broken Linux with no working sendfile. If we
2665 * return EINTR we sent the header but not the rest of the data.
2666 * Fake this up by doing read/write calls.
2668 if (errno == EINTR) {
2669 /* Ensure we don't do this again. */
2670 set_use_sendfile(SNUM(conn), False);
2671 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2673 if (fake_sendfile(fsp, startpos, nread) == -1) {
2674 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2675 fsp->fsp_name, strerror(errno) ));
2676 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2681 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2682 fsp->fsp_name, strerror(errno) ));
2683 exit_server_cleanly("send_file_readbraw sendfile failed");
2692 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2694 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2695 (unsigned)(nread+4)));
2696 reply_readbraw_error();
2701 ret = read_file(fsp,outbuf+4,startpos,nread);
2702 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2711 _smb_setlen(outbuf,ret);
2712 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2715 TALLOC_FREE(outbuf);
2718 /****************************************************************************
2719 Reply to a readbraw (core+ protocol).
2720 ****************************************************************************/
2722 void reply_readbraw(struct smb_request *req)
2724 connection_struct *conn = req->conn;
2725 ssize_t maxcount,mincount;
2732 START_PROFILE(SMBreadbraw);
2734 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2735 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2736 "raw reads/writes are disallowed.");
2740 reply_readbraw_error();
2741 END_PROFILE(SMBreadbraw);
2746 * Special check if an oplock break has been issued
2747 * and the readraw request croses on the wire, we must
2748 * return a zero length response here.
2751 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2754 * We have to do a check_fsp by hand here, as
2755 * we must always return 4 zero bytes on error,
2759 if (!fsp || !conn || conn != fsp->conn ||
2760 current_user.vuid != fsp->vuid ||
2761 fsp->is_directory || fsp->fh->fd == -1) {
2763 * fsp could be NULL here so use the value from the packet. JRA.
2765 DEBUG(3,("reply_readbraw: fnum %d not valid "
2767 (int)SVAL(req->inbuf,smb_vwv0)));
2768 reply_readbraw_error();
2769 END_PROFILE(SMBreadbraw);
2773 /* Do a "by hand" version of CHECK_READ. */
2774 if (!(fsp->can_read ||
2775 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2776 (fsp->access_mask & FILE_EXECUTE)))) {
2777 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2778 (int)SVAL(req->inbuf,smb_vwv0)));
2779 reply_readbraw_error();
2780 END_PROFILE(SMBreadbraw);
2784 flush_write_cache(fsp, READRAW_FLUSH);
2786 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2787 if(req->wct == 10) {
2789 * This is a large offset (64 bit) read.
2791 #ifdef LARGE_SMB_OFF_T
2793 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2795 #else /* !LARGE_SMB_OFF_T */
2798 * Ensure we haven't been sent a >32 bit offset.
2801 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2802 DEBUG(0,("reply_readbraw: large offset "
2803 "(%x << 32) used and we don't support "
2804 "64 bit offsets.\n",
2805 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2806 reply_readbraw_error();
2807 END_PROFILE(SMBreadbraw);
2811 #endif /* LARGE_SMB_OFF_T */
2814 DEBUG(0,("reply_readbraw: negative 64 bit "
2815 "readraw offset (%.0f) !\n",
2816 (double)startpos ));
2817 reply_readbraw_error();
2818 END_PROFILE(SMBreadbraw);
2823 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2824 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2826 /* ensure we don't overrun the packet size */
2827 maxcount = MIN(65535,maxcount);
2829 if (is_locked(fsp,(uint32)req->smbpid,
2830 (SMB_BIG_UINT)maxcount,
2831 (SMB_BIG_UINT)startpos,
2833 reply_readbraw_error();
2834 END_PROFILE(SMBreadbraw);
2838 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2842 if (startpos >= size) {
2845 nread = MIN(maxcount,(size - startpos));
2848 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2849 if (nread < mincount)
2853 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2854 "min=%lu nread=%lu\n",
2855 fsp->fnum, (double)startpos,
2856 (unsigned long)maxcount,
2857 (unsigned long)mincount,
2858 (unsigned long)nread ) );
2860 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2862 DEBUG(5,("reply_readbraw finished\n"));
2863 END_PROFILE(SMBreadbraw);
2867 #define DBGC_CLASS DBGC_LOCKING
2869 /****************************************************************************
2870 Reply to a lockread (core+ protocol).
2871 ****************************************************************************/
2873 void reply_lockread(struct smb_request *req)
2875 connection_struct *conn = req->conn;
2882 struct byte_range_lock *br_lck = NULL;
2885 START_PROFILE(SMBlockread);
2888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2889 END_PROFILE(SMBlockread);
2893 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2895 if (!check_fsp(conn, req, fsp, ¤t_user)) {
2896 END_PROFILE(SMBlockread);
2900 if (!CHECK_READ(fsp,req->inbuf)) {
2901 reply_doserror(req, ERRDOS, ERRbadaccess);
2902 END_PROFILE(SMBlockread);
2906 release_level_2_oplocks_on_change(fsp);
2908 numtoread = SVAL(req->inbuf,smb_vwv1);
2909 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2911 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2913 reply_outbuf(req, 5, numtoread + 3);
2915 data = smb_buf(req->outbuf) + 3;
2918 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2919 * protocol request that predates the read/write lock concept.
2920 * Thus instead of asking for a read lock here we need to ask
2921 * for a write lock. JRA.
2922 * Note that the requested lock size is unaffected by max_recv.
2925 br_lck = do_lock(smbd_messaging_context(),
2928 (SMB_BIG_UINT)numtoread,
2929 (SMB_BIG_UINT)startpos,
2932 False, /* Non-blocking lock. */
2935 TALLOC_FREE(br_lck);
2937 if (NT_STATUS_V(status)) {
2938 reply_nterror(req, status);
2939 END_PROFILE(SMBlockread);
2944 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2947 if (numtoread > max_recv) {
2948 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2949 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2950 (unsigned int)numtoread, (unsigned int)max_recv ));
2951 numtoread = MIN(numtoread,max_recv);
2953 nread = read_file(fsp,data,startpos,numtoread);
2956 reply_unixerror(req, ERRDOS, ERRnoaccess);
2957 END_PROFILE(SMBlockread);
2961 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2963 SSVAL(req->outbuf,smb_vwv0,nread);
2964 SSVAL(req->outbuf,smb_vwv5,nread+3);
2965 p = smb_buf(req->outbuf);
2966 SCVAL(p,0,0); /* pad byte. */
2969 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2970 fsp->fnum, (int)numtoread, (int)nread));
2972 END_PROFILE(SMBlockread);
2977 #define DBGC_CLASS DBGC_ALL
2979 /****************************************************************************
2981 ****************************************************************************/
2983 void reply_read(struct smb_request *req)
2985 connection_struct *conn = req->conn;
2993 START_PROFILE(SMBread);
2996 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2997 END_PROFILE(SMBread);
3001 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3003 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3004 END_PROFILE(SMBread);
3008 if (!CHECK_READ(fsp,req->inbuf)) {
3009 reply_doserror(req, ERRDOS, ERRbadaccess);
3010 END_PROFILE(SMBread);
3014 numtoread = SVAL(req->inbuf,smb_vwv1);
3015 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3017 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3020 * The requested read size cannot be greater than max_recv. JRA.
3022 if (numtoread > max_recv) {
3023 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3024 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3025 (unsigned int)numtoread, (unsigned int)max_recv ));
3026 numtoread = MIN(numtoread,max_recv);
3029 reply_outbuf(req, 5, numtoread+3);
3031 data = smb_buf(req->outbuf) + 3;
3033 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3034 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3035 reply_doserror(req, ERRDOS,ERRlock);
3036 END_PROFILE(SMBread);
3041 nread = read_file(fsp,data,startpos,numtoread);
3044 reply_unixerror(req, ERRDOS,ERRnoaccess);
3045 END_PROFILE(SMBread);
3049 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3051 SSVAL(req->outbuf,smb_vwv0,nread);
3052 SSVAL(req->outbuf,smb_vwv5,nread+3);
3053 SCVAL(smb_buf(req->outbuf),0,1);
3054 SSVAL(smb_buf(req->outbuf),1,nread);
3056 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3057 fsp->fnum, (int)numtoread, (int)nread ) );
3059 END_PROFILE(SMBread);
3063 /****************************************************************************
3065 ****************************************************************************/
3067 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3072 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3073 data = smb_buf(outbuf);
3075 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3077 SCVAL(outbuf,smb_vwv0,0xFF);
3078 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3079 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3080 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3081 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3082 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3083 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3084 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3088 /****************************************************************************
3089 Reply to a read and X - possibly using sendfile.
3090 ****************************************************************************/
3092 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3093 files_struct *fsp, SMB_OFF_T startpos,
3096 SMB_STRUCT_STAT sbuf;
3099 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3100 reply_unixerror(req, ERRDOS, ERRnoaccess);
3104 if (startpos > sbuf.st_size) {
3106 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3107 smb_maxcnt = (sbuf.st_size - startpos);
3110 if (smb_maxcnt == 0) {
3114 #if defined(WITH_SENDFILE)
3116 * We can only use sendfile on a non-chained packet
3117 * but we can use on a non-oplocked file. tridge proved this
3118 * on a train in Germany :-). JRA.
3121 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3122 !is_encrypted_packet(req->inbuf) &&
3123 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3124 uint8 headerbuf[smb_size + 12 * 2];
3128 * Set up the packet header before send. We
3129 * assume here the sendfile will work (get the
3130 * correct amount of data).
3133 header = data_blob_const(headerbuf, sizeof(headerbuf));
3135 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3136 setup_readX_header((char *)headerbuf, smb_maxcnt);
3138 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
3139 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3140 if (errno == ENOSYS) {
3145 * Special hack for broken Linux with no working sendfile. If we
3146 * return EINTR we sent the header but not the rest of the data.
3147 * Fake this up by doing read/write calls.
3150 if (errno == EINTR) {
3151 /* Ensure we don't do this again. */
3152 set_use_sendfile(SNUM(conn), False);
3153 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3154 nread = fake_sendfile(fsp, startpos,
3157 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3158 fsp->fsp_name, strerror(errno) ));
3159 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3161 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3162 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3163 /* No outbuf here means successful sendfile. */
3164 TALLOC_FREE(req->outbuf);
3168 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3169 fsp->fsp_name, strerror(errno) ));
3170 exit_server_cleanly("send_file_readX sendfile failed");
3173 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3174 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3175 /* No outbuf here means successful sendfile. */
3176 TALLOC_FREE(req->outbuf);
3183 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3184 uint8 headerbuf[smb_size + 2*12];
3186 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3187 setup_readX_header((char *)headerbuf, smb_maxcnt);
3189 /* Send out the header. */
3190 if (write_data(smbd_server_fd(), (char *)headerbuf,
3191 sizeof(headerbuf)) != sizeof(headerbuf)) {
3192 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3193 fsp->fsp_name, strerror(errno) ));
3194 exit_server_cleanly("send_file_readX sendfile failed");
3196 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3198 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3199 fsp->fsp_name, strerror(errno) ));
3200 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3202 TALLOC_FREE(req->outbuf);
3205 reply_outbuf(req, 12, smb_maxcnt);
3207 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3210 reply_unixerror(req, ERRDOS, ERRnoaccess);
3214 setup_readX_header((char *)req->outbuf, nread);
3216 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3217 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3225 /****************************************************************************
3226 Reply to a read and X.
3227 ****************************************************************************/
3229 void reply_read_and_X(struct smb_request *req)
3231 connection_struct *conn = req->conn;
3235 bool big_readX = False;
3237 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3240 START_PROFILE(SMBreadX);
3242 if ((req->wct != 10) && (req->wct != 12)) {
3243 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3247 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3248 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3249 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3251 /* If it's an IPC, pass off the pipe handler. */
3253 reply_pipe_read_and_X(req);
3254 END_PROFILE(SMBreadX);
3258 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3259 END_PROFILE(SMBreadX);
3263 if (!CHECK_READ(fsp,req->inbuf)) {
3264 reply_doserror(req, ERRDOS,ERRbadaccess);
3265 END_PROFILE(SMBreadX);
3269 if (global_client_caps & CAP_LARGE_READX) {
3270 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3271 smb_maxcnt |= (upper_size<<16);
3272 if (upper_size > 1) {
3273 /* Can't do this on a chained packet. */
3274 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3275 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3276 END_PROFILE(SMBreadX);
3279 /* We currently don't do this on signed or sealed data. */
3280 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3281 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3282 END_PROFILE(SMBreadX);
3285 /* Is there room in the reply for this data ? */
3286 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3288 NT_STATUS_INVALID_PARAMETER);
3289 END_PROFILE(SMBreadX);
3296 if (req->wct == 12) {
3297 #ifdef LARGE_SMB_OFF_T
3299 * This is a large offset (64 bit) read.
3301 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3303 #else /* !LARGE_SMB_OFF_T */
3306 * Ensure we haven't been sent a >32 bit offset.
3309 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3310 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3311 "used and we don't support 64 bit offsets.\n",
3312 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3313 END_PROFILE(SMBreadX);
3314 reply_doserror(req, ERRDOS, ERRbadaccess);
3318 #endif /* LARGE_SMB_OFF_T */
3322 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3323 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3324 END_PROFILE(SMBreadX);
3325 reply_doserror(req, ERRDOS, ERRlock);
3330 && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3331 END_PROFILE(SMBreadX);
3335 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3337 END_PROFILE(SMBreadX);
3341 /****************************************************************************
3342 Error replies to writebraw must have smb_wct == 1. Fix this up.
3343 ****************************************************************************/
3345 void error_to_writebrawerr(struct smb_request *req)
3347 uint8 *old_outbuf = req->outbuf;
3349 reply_outbuf(req, 1, 0);
3351 memcpy(req->outbuf, old_outbuf, smb_size);
3352 TALLOC_FREE(old_outbuf);
3355 /****************************************************************************
3356 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3357 ****************************************************************************/
3359 void reply_writebraw(struct smb_request *req)
3361 connection_struct *conn = req->conn;
3365 ssize_t total_written=0;
3366 size_t numtowrite=0;
3374 START_PROFILE(SMBwritebraw);
3377 * If we ever reply with an error, it must have the SMB command
3378 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3381 SCVAL(req->inbuf,smb_com,SMBwritec);
3383 if (srv_is_signing_active()) {
3384 END_PROFILE(SMBwritebraw);
3385 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3386 "raw reads/writes are disallowed.");
3389 if (req->wct < 12) {
3390 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3391 error_to_writebrawerr(req);
3392 END_PROFILE(SMBwritebraw);
3396 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3397 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3398 error_to_writebrawerr(req);
3399 END_PROFILE(SMBwritebraw);
3403 if (!CHECK_WRITE(fsp)) {
3404 reply_doserror(req, ERRDOS, ERRbadaccess);
3405 error_to_writebrawerr(req);
3406 END_PROFILE(SMBwritebraw);
3410 tcount = IVAL(req->inbuf,smb_vwv1);
3411 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3412 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3414 /* We have to deal with slightly different formats depending
3415 on whether we are using the core+ or lanman1.0 protocol */
3417 if(Protocol <= PROTOCOL_COREPLUS) {
3418 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3419 data = smb_buf(req->inbuf);
3421 numtowrite = SVAL(req->inbuf,smb_vwv10);
3422 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3425 /* Ensure we don't write bytes past the end of this packet. */
3426 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3427 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3428 error_to_writebrawerr(req);
3429 END_PROFILE(SMBwritebraw);
3433 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3434 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3435 reply_doserror(req, ERRDOS, ERRlock);
3436 error_to_writebrawerr(req);
3437 END_PROFILE(SMBwritebraw);
3442 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3445 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3446 "wrote=%d sync=%d\n",
3447 fsp->fnum, (double)startpos, (int)numtowrite,
3448 (int)nwritten, (int)write_through));
3450 if (nwritten < (ssize_t)numtowrite) {
3451 reply_unixerror(req, ERRHRD, ERRdiskfull);
3452 error_to_writebrawerr(req);
3453 END_PROFILE(SMBwritebraw);
3457 total_written = nwritten;
3459 /* Allocate a buffer of 64k + length. */
3460 buf = TALLOC_ARRAY(NULL, char, 65540);
3462 reply_doserror(req, ERRDOS, ERRnomem);
3463 error_to_writebrawerr(req);
3464 END_PROFILE(SMBwritebraw);
3468 /* Return a SMBwritebraw message to the redirector to tell
3469 * it to send more bytes */
3471 memcpy(buf, req->inbuf, smb_size);
3472 outsize = srv_set_message(buf,
3473 Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3474 SCVAL(buf,smb_com,SMBwritebraw);
3475 SSVALS(buf,smb_vwv0,0xFFFF);
3477 if (!srv_send_smb(smbd_server_fd(),
3479 IS_CONN_ENCRYPTED(conn))) {
3480 exit_server_cleanly("reply_writebraw: srv_send_smb "
3484 /* Now read the raw data into the buffer and write it */
3485 if (read_smb_length(smbd_server_fd(),buf,
3486 SMB_SECONDARY_WAIT, get_srv_read_error()) == -1) {
3487 exit_server_cleanly("secondary writebraw failed");
3491 * Even though this is not an smb message,
3492 * smb_len returns the generic length of a packet.
3495 numtowrite = smb_len(buf);
3497 /* Set up outbuf to return the correct size */
3498 reply_outbuf(req, 1, 0);
3500 if (numtowrite != 0) {
3502 if (numtowrite > 0xFFFF) {
3503 DEBUG(0,("reply_writebraw: Oversize secondary write "
3504 "raw requested (%u). Terminating\n",
3505 (unsigned int)numtowrite ));
3506 exit_server_cleanly("secondary writebraw failed");
3509 if (tcount > nwritten+numtowrite) {
3510 DEBUG(3,("reply_writebraw: Client overestimated the "
3512 (int)tcount,(int)nwritten,(int)numtowrite));
3515 if (read_data(smbd_server_fd(), buf+4, numtowrite,get_srv_read_error())
3517 DEBUG(0,("reply_writebraw: Oversize secondary write "
3518 "raw read failed (%s). Terminating\n",
3520 exit_server_cleanly("secondary writebraw failed");
3523 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3524 if (nwritten == -1) {
3526 reply_unixerror(req, ERRHRD, ERRdiskfull);
3527 error_to_writebrawerr(req);
3528 END_PROFILE(SMBwritebraw);
3532 if (nwritten < (ssize_t)numtowrite) {
3533 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3534 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3538 total_written += nwritten;
3543 SSVAL(req->outbuf,smb_vwv0,total_written);
3545 status = sync_file(conn, fsp, write_through);
3546 if (!NT_STATUS_IS_OK(status)) {
3547 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3548 fsp->fsp_name, nt_errstr(status) ));
3549 reply_nterror(req, status);
3550 error_to_writebrawerr(req);
3551 END_PROFILE(SMBwritebraw);
3555 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3557 fsp->fnum, (double)startpos, (int)numtowrite,
3558 (int)total_written));
3560 /* We won't return a status if write through is not selected - this
3561 * follows what WfWg does */
3562 END_PROFILE(SMBwritebraw);
3564 if (!write_through && total_written==tcount) {
3566 #if RABBIT_PELLET_FIX
3568 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3569 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3572 if (!send_keepalive(smbd_server_fd())) {
3573 exit_server_cleanly("reply_writebraw: send of "
3574 "keepalive failed");
3577 TALLOC_FREE(req->outbuf);
3583 #define DBGC_CLASS DBGC_LOCKING
3585 /****************************************************************************
3586 Reply to a writeunlock (core+).
3587 ****************************************************************************/
3589 void reply_writeunlock(struct smb_request *req)
3591 connection_struct *conn = req->conn;
3592 ssize_t nwritten = -1;
3596 NTSTATUS status = NT_STATUS_OK;
3599 START_PROFILE(SMBwriteunlock);
3602 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3603 END_PROFILE(SMBwriteunlock);
3607 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3609 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3610 END_PROFILE(SMBwriteunlock);
3614 if (!CHECK_WRITE(fsp)) {
3615 reply_doserror(req, ERRDOS,ERRbadaccess);
3616 END_PROFILE(SMBwriteunlock);
3620 numtowrite = SVAL(req->inbuf,smb_vwv1);
3621 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3622 data = smb_buf(req->inbuf) + 3;
3625 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3626 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3627 reply_doserror(req, ERRDOS, ERRlock);
3628 END_PROFILE(SMBwriteunlock);
3632 /* The special X/Open SMB protocol handling of
3633 zero length writes is *NOT* done for
3635 if(numtowrite == 0) {
3638 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3641 status = sync_file(conn, fsp, False /* write through */);
3642 if (!NT_STATUS_IS_OK(status)) {
3643 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3644 fsp->fsp_name, nt_errstr(status) ));
3645 reply_nterror(req, status);
3646 END_PROFILE(SMBwriteunlock);
3650 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3651 reply_unixerror(req, ERRHRD, ERRdiskfull);
3652 END_PROFILE(SMBwriteunlock);
3657 status = do_unlock(smbd_messaging_context(),
3660 (SMB_BIG_UINT)numtowrite,
3661 (SMB_BIG_UINT)startpos,
3664 if (NT_STATUS_V(status)) {
3665 reply_nterror(req, status);
3666 END_PROFILE(SMBwriteunlock);
3671 reply_outbuf(req, 1, 0);
3673 SSVAL(req->outbuf,smb_vwv0,nwritten);
3675 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3676 fsp->fnum, (int)numtowrite, (int)nwritten));
3678 END_PROFILE(SMBwriteunlock);
3683 #define DBGC_CLASS DBGC_ALL
3685 /****************************************************************************
3687 ****************************************************************************/
3689 void reply_write(struct smb_request *req)
3691 connection_struct *conn = req->conn;
3693 ssize_t nwritten = -1;
3699 START_PROFILE(SMBwrite);
3702 END_PROFILE(SMBwrite);
3703 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3707 /* If it's an IPC, pass off the pipe handler. */
3709 reply_pipe_write(req);
3710 END_PROFILE(SMBwrite);
3714 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3716 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3717 END_PROFILE(SMBwrite);
3721 if (!CHECK_WRITE(fsp)) {
3722 reply_doserror(req, ERRDOS, ERRbadaccess);
3723 END_PROFILE(SMBwrite);
3727 numtowrite = SVAL(req->inbuf,smb_vwv1);
3728 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3729 data = smb_buf(req->inbuf) + 3;
3731 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3732 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3733 reply_doserror(req, ERRDOS, ERRlock);
3734 END_PROFILE(SMBwrite);
3739 * X/Open SMB protocol says that if smb_vwv1 is
3740 * zero then the file size should be extended or
3741 * truncated to the size given in smb_vwv[2-3].
3744 if(numtowrite == 0) {
3746 * This is actually an allocate call, and set EOF. JRA.
3748 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3750 reply_nterror(req, NT_STATUS_DISK_FULL);
3751 END_PROFILE(SMBwrite);
3754 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3756 reply_nterror(req, NT_STATUS_DISK_FULL);
3757 END_PROFILE(SMBwrite);
3761 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3763 status = sync_file(conn, fsp, False);
3764 if (!NT_STATUS_IS_OK(status)) {
3765 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3766 fsp->fsp_name, nt_errstr(status) ));
3767 reply_nterror(req, status);
3768 END_PROFILE(SMBwrite);
3772 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3773 reply_unixerror(req, ERRHRD, ERRdiskfull);
3774 END_PROFILE(SMBwrite);
3778 reply_outbuf(req, 1, 0);
3780 SSVAL(req->outbuf,smb_vwv0,nwritten);
3782 if (nwritten < (ssize_t)numtowrite) {
3783 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3784 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3787 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3789 END_PROFILE(SMBwrite);
3793 /****************************************************************************
3794 Ensure a buffer is a valid writeX for recvfile purposes.
3795 ****************************************************************************/
3797 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3798 (2*14) + /* word count (including bcc) */ \
3801 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3804 connection_struct *conn = NULL;
3805 unsigned int doff = 0;
3806 size_t len = smb_len_large(inbuf);
3808 if (is_encrypted_packet(inbuf)) {
3809 /* Can't do this on encrypted
3814 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3818 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3819 CVAL(inbuf,smb_wct) != 14) {
3820 DEBUG(10,("is_valid_writeX_buffer: chained or "
3821 "invalid word length.\n"));
3825 conn = conn_find(SVAL(inbuf, smb_tid));
3827 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3831 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3834 doff = SVAL(inbuf,smb_vwv11);
3836 numtowrite = SVAL(inbuf,smb_vwv10);
3838 if (len > doff && len - doff > 0xFFFF) {
3839 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3842 if (numtowrite == 0) {
3843 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3847 /* Ensure the sizes match up. */
3848 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3849 /* no pad byte...old smbclient :-( */
3850 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3852 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3856 if (len - doff != numtowrite) {
3857 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3858 "len = %u, doff = %u, numtowrite = %u\n",
3861 (unsigned int)numtowrite ));
3865 DEBUG(10,("is_valid_writeX_buffer: true "
3866 "len = %u, doff = %u, numtowrite = %u\n",
3869 (unsigned int)numtowrite ));
3874 /****************************************************************************
3875 Reply to a write and X.
3876 ****************************************************************************/
3878 void reply_write_and_X(struct smb_request *req)
3880 connection_struct *conn = req->conn;
3886 unsigned int smb_doff;
3887 unsigned int smblen;
3891 START_PROFILE(SMBwriteX);
3893 if ((req->wct != 12) && (req->wct != 14)) {
3894 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3895 END_PROFILE(SMBwriteX);
3899 numtowrite = SVAL(req->inbuf,smb_vwv10);
3900 smb_doff = SVAL(req->inbuf,smb_vwv11);
3901 smblen = smb_len(req->inbuf);
3903 if (req->unread_bytes > 0xFFFF ||
3904 (smblen > smb_doff &&
3905 smblen - smb_doff > 0xFFFF)) {
3906 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3909 if (req->unread_bytes) {
3910 /* Can't do a recvfile write on IPC$ */
3912 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3913 END_PROFILE(SMBwriteX);
3916 if (numtowrite != req->unread_bytes) {
3917 reply_doserror(req, ERRDOS, ERRbadmem);
3918 END_PROFILE(SMBwriteX);
3922 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3923 smb_doff + numtowrite > smblen) {
3924 reply_doserror(req, ERRDOS, ERRbadmem);
3925 END_PROFILE(SMBwriteX);
3930 /* If it's an IPC, pass off the pipe handler. */
3932 if (req->unread_bytes) {
3933 reply_doserror(req, ERRDOS, ERRbadmem);
3934 END_PROFILE(SMBwriteX);
3937 reply_pipe_write_and_X(req);
3938 END_PROFILE(SMBwriteX);
3942 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3943 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3944 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3946 if (!check_fsp(conn, req, fsp, ¤t_user)) {
3947 END_PROFILE(SMBwriteX);
3951 if (!CHECK_WRITE(fsp)) {
3952 reply_doserror(req, ERRDOS, ERRbadaccess);
3953 END_PROFILE(SMBwriteX);
3957 data = smb_base(req->inbuf) + smb_doff;
3959 if(req->wct == 14) {
3960 #ifdef LARGE_SMB_OFF_T
3962 * This is a large offset (64 bit) write.
3964 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3966 #else /* !LARGE_SMB_OFF_T */
3969 * Ensure we haven't been sent a >32 bit offset.
3972 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3973 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3974 "used and we don't support 64 bit offsets.\n",
3975 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
3976 reply_doserror(req, ERRDOS, ERRbadaccess);
3977 END_PROFILE(SMBwriteX);
3981 #endif /* LARGE_SMB_OFF_T */
3984 if (is_locked(fsp,(uint32)req->smbpid,
3985 (SMB_BIG_UINT)numtowrite,
3986 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3987 reply_doserror(req, ERRDOS, ERRlock);
3988 END_PROFILE(SMBwriteX);
3992 /* X/Open SMB protocol says that, unlike SMBwrite
3993 if the length is zero then NO truncation is
3994 done, just a write of zero. To truncate a file,
3997 if(numtowrite == 0) {
4001 if (req->unread_bytes == 0 &&
4002 schedule_aio_write_and_X(conn, req, fsp, data,
4003 startpos, numtowrite)) {
4004 END_PROFILE(SMBwriteX);
4008 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4011 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4012 reply_unixerror(req, ERRHRD, ERRdiskfull);
4013 END_PROFILE(SMBwriteX);
4017 reply_outbuf(req, 6, 0);
4018 SSVAL(req->outbuf,smb_vwv2,nwritten);
4019 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4021 if (nwritten < (ssize_t)numtowrite) {
4022 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4023 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4026 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4027 fsp->fnum, (int)numtowrite, (int)nwritten));
4029 status = sync_file(conn, fsp, write_through);
4030 if (!NT_STATUS_IS_OK(status)) {
4031 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4032 fsp->fsp_name, nt_errstr(status) ));
4033 reply_nterror(req, status);
4034 END_PROFILE(SMBwriteX);
4038 END_PROFILE(SMBwriteX);
4043 /****************************************************************************
4045 ****************************************************************************/
4047 void reply_lseek(struct smb_request *req)
4049 connection_struct *conn = req->conn;
4055 START_PROFILE(SMBlseek);
4058 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4059 END_PROFILE(SMBlseek);
4063 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4065 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4069 flush_write_cache(fsp, SEEK_FLUSH);
4071 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4072 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4073 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4082 res = fsp->fh->pos + startpos;
4093 if (umode == SEEK_END) {
4094 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
4095 if(errno == EINVAL) {
4096 SMB_OFF_T current_pos = startpos;
4097 SMB_STRUCT_STAT sbuf;
4099 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
4100 reply_unixerror(req, ERRDOS,
4102 END_PROFILE(SMBlseek);
4106 current_pos += sbuf.st_size;
4108 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
4113 reply_unixerror(req, ERRDOS, ERRnoaccess);
4114 END_PROFILE(SMBlseek);
4121 reply_outbuf(req, 2, 0);
4122 SIVAL(req->outbuf,smb_vwv0,res);
4124 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4125 fsp->fnum, (double)startpos, (double)res, mode));
4127 END_PROFILE(SMBlseek);
4131 /****************************************************************************
4133 ****************************************************************************/
4135 void reply_flush(struct smb_request *req)
4137 connection_struct *conn = req->conn;
4141 START_PROFILE(SMBflush);
4144 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4148 fnum = SVAL(req->inbuf,smb_vwv0);
4149 fsp = file_fsp(fnum);
4151 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, ¤t_user)) {
4156 file_sync_all(conn);
4158 NTSTATUS status = sync_file(conn, fsp, True);
4159 if (!NT_STATUS_IS_OK(status)) {
4160 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4161 fsp->fsp_name, nt_errstr(status) ));
4162 reply_nterror(req, status);
4163 END_PROFILE(SMBflush);
4168 reply_outbuf(req, 0, 0);
4170 DEBUG(3,("flush\n"));
4171 END_PROFILE(SMBflush);
4175 /****************************************************************************
4177 conn POINTER CAN BE NULL HERE !
4178 ****************************************************************************/
4180 void reply_exit(struct smb_request *req)
4182 START_PROFILE(SMBexit);
4184 file_close_pid(req->smbpid, req->vuid);
4186 reply_outbuf(req, 0, 0);
4188 DEBUG(3,("exit\n"));
4190 END_PROFILE(SMBexit);
4194 /****************************************************************************
4195 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4196 ****************************************************************************/
4198 void reply_close(struct smb_request *req)
4200 connection_struct *conn = req->conn;
4201 NTSTATUS status = NT_STATUS_OK;
4202 files_struct *fsp = NULL;
4203 START_PROFILE(SMBclose);
4206 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4207 END_PROFILE(SMBclose);
4211 /* If it's an IPC, pass off to the pipe handler. */
4213 reply_pipe_close(conn, req);
4214 END_PROFILE(SMBclose);
4218 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4221 * We can only use CHECK_FSP if we know it's not a directory.
4224 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4225 reply_doserror(req, ERRDOS, ERRbadfid);
4226 END_PROFILE(SMBclose);
4230 if(fsp->is_directory) {
4232 * Special case - close NT SMB directory handle.
4234 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4235 status = close_file(fsp,NORMAL_CLOSE);
4238 * Close ordinary file.
4241 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4242 fsp->fh->fd, fsp->fnum,
4243 conn->num_files_open));
4246 * Take care of any time sent in the close.
4249 fsp_set_pending_modtime(fsp, convert_time_t_to_timespec(
4250 srv_make_unix_date3(
4251 req->inbuf+smb_vwv1)));
4254 * close_file() returns the unix errno if an error
4255 * was detected on close - normally this is due to
4256 * a disk full error. If not then it was probably an I/O error.
4259 status = close_file(fsp,NORMAL_CLOSE);
4262 if (!NT_STATUS_IS_OK(status)) {
4263 reply_nterror(req, status);
4264 END_PROFILE(SMBclose);
4268 reply_outbuf(req, 0, 0);
4269 END_PROFILE(SMBclose);
4273 /****************************************************************************
4274 Reply to a writeclose (Core+ protocol).
4275 ****************************************************************************/
4277 void reply_writeclose(struct smb_request *req)
4279 connection_struct *conn = req->conn;
4281 ssize_t nwritten = -1;
4282 NTSTATUS close_status = NT_STATUS_OK;
4285 struct timespec mtime;
4288 START_PROFILE(SMBwriteclose);
4291 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4292 END_PROFILE(SMBwriteclose);
4296 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4298 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4299 END_PROFILE(SMBwriteclose);
4302 if (!CHECK_WRITE(fsp)) {
4303 reply_doserror(req, ERRDOS,ERRbadaccess);
4304 END_PROFILE(SMBwriteclose);
4308 numtowrite = SVAL(req->inbuf,smb_vwv1);
4309 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4310 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4311 req->inbuf+smb_vwv4));
4312 data = smb_buf(req->inbuf) + 1;
4315 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4316 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4317 reply_doserror(req, ERRDOS,ERRlock);
4318 END_PROFILE(SMBwriteclose);
4322 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4324 set_filetime(conn, fsp->fsp_name, mtime);
4327 * More insanity. W2K only closes the file if writelen > 0.
4332 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4334 close_status = close_file(fsp,NORMAL_CLOSE);
4337 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4338 fsp->fnum, (int)numtowrite, (int)nwritten,
4339 conn->num_files_open));
4341 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4342 reply_doserror(req, ERRHRD, ERRdiskfull);
4343 END_PROFILE(SMBwriteclose);
4347 if(!NT_STATUS_IS_OK(close_status)) {
4348 reply_nterror(req, close_status);
4349 END_PROFILE(SMBwriteclose);
4353 reply_outbuf(req, 1, 0);
4355 SSVAL(req->outbuf,smb_vwv0,nwritten);
4356 END_PROFILE(SMBwriteclose);
4361 #define DBGC_CLASS DBGC_LOCKING
4363 /****************************************************************************
4365 ****************************************************************************/
4367 void reply_lock(struct smb_request *req)
4369 connection_struct *conn = req->conn;
4370 SMB_BIG_UINT count,offset;
4373 struct byte_range_lock *br_lck = NULL;
4375 START_PROFILE(SMBlock);
4378 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4379 END_PROFILE(SMBlock);
4383 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4385 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4386 END_PROFILE(SMBlock);
4390 release_level_2_oplocks_on_change(fsp);
4392 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4393 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4395 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4396 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4398 br_lck = do_lock(smbd_messaging_context(),
4405 False, /* Non-blocking lock. */
4409 TALLOC_FREE(br_lck);
4411 if (NT_STATUS_V(status)) {
4412 reply_nterror(req, status);
4413 END_PROFILE(SMBlock);
4417 reply_outbuf(req, 0, 0);
4419 END_PROFILE(SMBlock);
4423 /****************************************************************************
4425 ****************************************************************************/
4427 void reply_unlock(struct smb_request *req)
4429 connection_struct *conn = req->conn;
4430 SMB_BIG_UINT count,offset;
4434 START_PROFILE(SMBunlock);
4437 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4438 END_PROFILE(SMBunlock);
4442 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4444 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4445 END_PROFILE(SMBunlock);
4449 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4450 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4452 status = do_unlock(smbd_messaging_context(),
4459 if (NT_STATUS_V(status)) {
4460 reply_nterror(req, status);
4461 END_PROFILE(SMBunlock);
4465 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4466 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4468 reply_outbuf(req, 0, 0);
4470 END_PROFILE(SMBunlock);
4475 #define DBGC_CLASS DBGC_ALL
4477 /****************************************************************************
4479 conn POINTER CAN BE NULL HERE !
4480 ****************************************************************************/
4482 void reply_tdis(struct smb_request *req)
4484 connection_struct *conn = req->conn;
4485 START_PROFILE(SMBtdis);
4488 DEBUG(4,("Invalid connection in tdis\n"));
4489 reply_doserror(req, ERRSRV, ERRinvnid);
4490 END_PROFILE(SMBtdis);
4496 close_cnum(conn,req->vuid);
4499 reply_outbuf(req, 0, 0);
4500 END_PROFILE(SMBtdis);
4504 /****************************************************************************
4506 conn POINTER CAN BE NULL HERE !
4507 ****************************************************************************/
4509 void reply_echo(struct smb_request *req)
4511 connection_struct *conn = req->conn;
4514 unsigned int data_len = smb_buflen(req->inbuf);
4516 START_PROFILE(SMBecho);
4519 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4520 END_PROFILE(SMBecho);
4524 if (data_len > BUFFER_SIZE) {
4525 DEBUG(0,("reply_echo: data_len too large.\n"));
4526 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4527 END_PROFILE(SMBecho);
4531 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4533 reply_outbuf(req, 1, data_len);
4535 /* copy any incoming data back out */
4537 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4540 if (smb_reverb > 100) {
4541 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4545 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4546 SSVAL(req->outbuf,smb_vwv0,seq_num);
4548 show_msg((char *)req->outbuf);
4549 if (!srv_send_smb(smbd_server_fd(),
4550 (char *)req->outbuf,
4551 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4552 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4555 DEBUG(3,("echo %d times\n", smb_reverb));
4557 TALLOC_FREE(req->outbuf);
4561 END_PROFILE(SMBecho);
4565 /****************************************************************************
4566 Reply to a printopen.
4567 ****************************************************************************/
4569 void reply_printopen(struct smb_request *req)
4571 connection_struct *conn = req->conn;
4575 START_PROFILE(SMBsplopen);
4578 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4579 END_PROFILE(SMBsplopen);
4583 if (!CAN_PRINT(conn)) {
4584 reply_doserror(req, ERRDOS, ERRnoaccess);
4585 END_PROFILE(SMBsplopen);
4589 /* Open for exclusive use, write only. */
4590 status = print_fsp_open(conn, NULL, &fsp);
4592 if (!NT_STATUS_IS_OK(status)) {
4593 reply_nterror(req, status);
4594 END_PROFILE(SMBsplopen);
4598 reply_outbuf(req, 1, 0);
4599 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4601 DEBUG(3,("openprint fd=%d fnum=%d\n",
4602 fsp->fh->fd, fsp->fnum));
4604 END_PROFILE(SMBsplopen);
4608 /****************************************************************************
4609 Reply to a printclose.
4610 ****************************************************************************/
4612 void reply_printclose(struct smb_request *req)
4614 connection_struct *conn = req->conn;
4618 START_PROFILE(SMBsplclose);
4621 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4622 END_PROFILE(SMBsplclose);
4626 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4628 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4629 END_PROFILE(SMBsplclose);
4633 if (!CAN_PRINT(conn)) {
4634 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4635 END_PROFILE(SMBsplclose);
4639 DEBUG(3,("printclose fd=%d fnum=%d\n",
4640 fsp->fh->fd,fsp->fnum));
4642 status = close_file(fsp,NORMAL_CLOSE);
4644 if(!NT_STATUS_IS_OK(status)) {
4645 reply_nterror(req, status);
4646 END_PROFILE(SMBsplclose);
4650 END_PROFILE(SMBsplclose);
4654 /****************************************************************************
4655 Reply to a printqueue.
4656 ****************************************************************************/
4658 void reply_printqueue(struct smb_request *req)
4660 connection_struct *conn = req->conn;
4664 START_PROFILE(SMBsplretq);
4667 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4668 END_PROFILE(SMBsplretq);
4672 max_count = SVAL(req->inbuf,smb_vwv0);
4673 start_index = SVAL(req->inbuf,smb_vwv1);
4675 /* we used to allow the client to get the cnum wrong, but that
4676 is really quite gross and only worked when there was only
4677 one printer - I think we should now only accept it if they
4678 get it right (tridge) */
4679 if (!CAN_PRINT(conn)) {
4680 reply_doserror(req, ERRDOS, ERRnoaccess);
4681 END_PROFILE(SMBsplretq);
4685 reply_outbuf(req, 2, 3);
4686 SSVAL(req->outbuf,smb_vwv0,0);
4687 SSVAL(req->outbuf,smb_vwv1,0);
4688 SCVAL(smb_buf(req->outbuf),0,1);
4689 SSVAL(smb_buf(req->outbuf),1,0);
4691 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4692 start_index, max_count));
4695 print_queue_struct *queue = NULL;
4696 print_status_struct status;
4697 int count = print_queue_status(SNUM(conn), &queue, &status);
4698 int num_to_get = ABS(max_count);
4699 int first = (max_count>0?start_index:start_index+max_count+1);
4705 num_to_get = MIN(num_to_get,count-first);
4708 for (i=first;i<first+num_to_get;i++) {
4712 srv_put_dos_date2(p,0,queue[i].time);
4713 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4714 SSVAL(p,5, queue[i].job);
4715 SIVAL(p,7,queue[i].size);
4717 srvstr_push(blob, req->flags2, p+12,
4718 queue[i].fs_user, 16, STR_ASCII);
4720 if (message_push_blob(
4723 blob, sizeof(blob))) == -1) {
4724 reply_nterror(req, NT_STATUS_NO_MEMORY);
4725 END_PROFILE(SMBsplretq);
4731 SSVAL(req->outbuf,smb_vwv0,count);
4732 SSVAL(req->outbuf,smb_vwv1,
4733 (max_count>0?first+count:first-1));
4734 SCVAL(smb_buf(req->outbuf),0,1);
4735 SSVAL(smb_buf(req->outbuf),1,28*count);
4740 DEBUG(3,("%d entries returned in queue\n",count));
4743 END_PROFILE(SMBsplretq);
4747 /****************************************************************************
4748 Reply to a printwrite.
4749 ****************************************************************************/
4751 void reply_printwrite(struct smb_request *req)
4753 connection_struct *conn = req->conn;
4758 START_PROFILE(SMBsplwr);
4761 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4762 END_PROFILE(SMBsplwr);
4766 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4768 if (!check_fsp(conn, req, fsp, ¤t_user)) {
4769 END_PROFILE(SMBsplwr);
4773 if (!CAN_PRINT(conn)) {
4774 reply_doserror(req, ERRDOS, ERRnoaccess);
4775 END_PROFILE(SMBsplwr);
4779 if (!CHECK_WRITE(fsp)) {
4780 reply_doserror(req, ERRDOS, ERRbadaccess);
4781 END_PROFILE(SMBsplwr);
4785 numtowrite = SVAL(smb_buf(req->inbuf),1);
4787 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4788 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4789 END_PROFILE(SMBsplwr);
4793 data = smb_buf(req->inbuf) + 3;
4795 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4796 reply_unixerror(req, ERRHRD, ERRdiskfull);
4797 END_PROFILE(SMBsplwr);
4801 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4803 END_PROFILE(SMBsplwr);
4807 /****************************************************************************
4809 ****************************************************************************/
4811 void reply_mkdir(struct smb_request *req)
4813 connection_struct *conn = req->conn;
4814 char *directory = NULL;
4816 SMB_STRUCT_STAT sbuf;
4817 TALLOC_CTX *ctx = talloc_tos();
4819 START_PROFILE(SMBmkdir);
4821 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4822 smb_buf(req->inbuf) + 1, 0,
4823 STR_TERMINATE, &status);
4824 if (!NT_STATUS_IS_OK(status)) {
4825 reply_nterror(req, status);
4826 END_PROFILE(SMBmkdir);
4830 status = resolve_dfspath(ctx, conn,
4831 req->flags2 & FLAGS2_DFS_PATHNAMES,
4834 if (!NT_STATUS_IS_OK(status)) {
4835 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4836 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4837 ERRSRV, ERRbadpath);
4838 END_PROFILE(SMBmkdir);
4841 reply_nterror(req, status);
4842 END_PROFILE(SMBmkdir);
4846 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4847 if (!NT_STATUS_IS_OK(status)) {
4848 reply_nterror(req, status);
4849 END_PROFILE(SMBmkdir);
4853 status = check_name(conn, directory);
4854 if (!NT_STATUS_IS_OK(status)) {
4855 reply_nterror(req, status);
4856 END_PROFILE(SMBmkdir);
4860 status = create_directory(conn, req, directory);
4862 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4864 if (!NT_STATUS_IS_OK(status)) {
4866 if (!use_nt_status()
4867 && NT_STATUS_EQUAL(status,
4868 NT_STATUS_OBJECT_NAME_COLLISION)) {
4870 * Yes, in the DOS error code case we get a
4871 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4872 * samba4 torture test.
4874 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4877 reply_nterror(req, status);
4878 END_PROFILE(SMBmkdir);
4882 reply_outbuf(req, 0, 0);
4884 DEBUG( 3, ( "mkdir %s\n", directory ) );
4886 END_PROFILE(SMBmkdir);
4890 /****************************************************************************
4891 Static function used by reply_rmdir to delete an entire directory
4892 tree recursively. Return True on ok, False on fail.
4893 ****************************************************************************/
4895 static bool recursive_rmdir(TALLOC_CTX *ctx,
4896 connection_struct *conn,
4899 const char *dname = NULL;
4902 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
4907 while((dname = ReadDirName(dir_hnd, &offset))) {
4908 char *fullname = NULL;
4911 if (ISDOT(dname) || ISDOTDOT(dname)) {
4915 if (!is_visible_file(conn, directory, dname, &st, False)) {
4919 /* Construct the full name. */
4920 fullname = talloc_asprintf(ctx,
4930 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4935 if(st.st_mode & S_IFDIR) {
4936 if(!recursive_rmdir(ctx, conn, fullname)) {
4940 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4944 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4948 TALLOC_FREE(fullname);
4954 /****************************************************************************
4955 The internals of the rmdir code - called elsewhere.
4956 ****************************************************************************/
4958 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4959 connection_struct *conn,
4960 const char *directory)
4965 /* Might be a symlink. */
4966 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4967 return map_nt_error_from_unix(errno);
4970 if (S_ISLNK(st.st_mode)) {
4971 /* Is what it points to a directory ? */
4972 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4973 return map_nt_error_from_unix(errno);
4975 if (!(S_ISDIR(st.st_mode))) {
4976 return NT_STATUS_NOT_A_DIRECTORY;
4978 ret = SMB_VFS_UNLINK(conn,directory);
4980 ret = SMB_VFS_RMDIR(conn,directory);
4983 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4984 FILE_NOTIFY_CHANGE_DIR_NAME,
4986 return NT_STATUS_OK;
4989 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4991 * Check to see if the only thing in this directory are
4992 * vetoed files/directories. If so then delete them and
4993 * retry. If we fail to delete any of them (and we *don't*
4994 * do a recursive delete) then fail the rmdir.
4998 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
5000 if(dir_hnd == NULL) {
5005 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5006 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5008 if (!is_visible_file(conn, directory, dname, &st, False))
5010 if(!IS_VETO_PATH(conn, dname)) {
5017 /* We only have veto files/directories. Recursive delete. */
5019 RewindDir(dir_hnd,&dirpos);
5020 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5021 char *fullname = NULL;
5023 if (ISDOT(dname) || ISDOTDOT(dname)) {
5026 if (!is_visible_file(conn, directory, dname, &st, False)) {
5030 fullname = talloc_asprintf(ctx,
5040 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5043 if(st.st_mode & S_IFDIR) {
5044 if(lp_recursive_veto_delete(SNUM(conn))) {
5045 if(!recursive_rmdir(ctx, conn, fullname))
5048 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5051 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5054 TALLOC_FREE(fullname);
5057 /* Retry the rmdir */
5058 ret = SMB_VFS_RMDIR(conn,directory);
5064 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5065 "%s\n", directory,strerror(errno)));
5066 return map_nt_error_from_unix(errno);
5069 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5070 FILE_NOTIFY_CHANGE_DIR_NAME,
5073 return NT_STATUS_OK;
5076 /****************************************************************************
5078 ****************************************************************************/
5080 void reply_rmdir(struct smb_request *req)
5082 connection_struct *conn = req->conn;
5083 char *directory = NULL;
5084 SMB_STRUCT_STAT sbuf;
5086 TALLOC_CTX *ctx = talloc_tos();
5088 START_PROFILE(SMBrmdir);
5090 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5091 smb_buf(req->inbuf) + 1, 0,
5092 STR_TERMINATE, &status);
5093 if (!NT_STATUS_IS_OK(status)) {
5094 reply_nterror(req, status);
5095 END_PROFILE(SMBrmdir);
5099 status = resolve_dfspath(ctx, conn,
5100 req->flags2 & FLAGS2_DFS_PATHNAMES,
5103 if (!NT_STATUS_IS_OK(status)) {
5104 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5105 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5106 ERRSRV, ERRbadpath);
5107 END_PROFILE(SMBrmdir);
5110 reply_nterror(req, status);
5111 END_PROFILE(SMBrmdir);
5115 status = unix_convert(ctx, conn, directory, False, &directory,
5117 if (!NT_STATUS_IS_OK(status)) {
5118 reply_nterror(req, status);
5119 END_PROFILE(SMBrmdir);
5123 status = check_name(conn, directory);
5124 if (!NT_STATUS_IS_OK(status)) {
5125 reply_nterror(req, status);
5126 END_PROFILE(SMBrmdir);
5130 dptr_closepath(directory, req->smbpid);
5131 status = rmdir_internals(ctx, conn, directory);
5132 if (!NT_STATUS_IS_OK(status)) {
5133 reply_nterror(req, status);
5134 END_PROFILE(SMBrmdir);
5138 reply_outbuf(req, 0, 0);
5140 DEBUG( 3, ( "rmdir %s\n", directory ) );
5142 END_PROFILE(SMBrmdir);
5146 /*******************************************************************
5147 Resolve wildcards in a filename rename.
5148 ********************************************************************/
5150 static bool resolve_wildcards(TALLOC_CTX *ctx,
5155 char *name2_copy = NULL;
5160 char *p,*p2, *pname1, *pname2;
5162 name2_copy = talloc_strdup(ctx, name2);
5167 pname1 = strrchr_m(name1,'/');
5168 pname2 = strrchr_m(name2_copy,'/');
5170 if (!pname1 || !pname2) {
5174 /* Truncate the copy of name2 at the last '/' */
5177 /* Now go past the '/' */
5181 root1 = talloc_strdup(ctx, pname1);
5182 root2 = talloc_strdup(ctx, pname2);
5184 if (!root1 || !root2) {
5188 p = strrchr_m(root1,'.');
5191 ext1 = talloc_strdup(ctx, p+1);
5193 ext1 = talloc_strdup(ctx, "");
5195 p = strrchr_m(root2,'.');
5198 ext2 = talloc_strdup(ctx, p+1);
5200 ext2 = talloc_strdup(ctx, "");
5203 if (!ext1 || !ext2) {
5211 /* Hmmm. Should this be mb-aware ? */
5214 } else if (*p2 == '*') {
5216 root2 = talloc_asprintf(ctx, "%s%s",
5235 /* Hmmm. Should this be mb-aware ? */
5238 } else if (*p2 == '*') {
5240 ext2 = talloc_asprintf(ctx, "%s%s",
5256 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5261 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5273 /****************************************************************************
5274 Ensure open files have their names updated. Updated to notify other smbd's
5276 ****************************************************************************/
5278 static void rename_open_files(connection_struct *conn,
5279 struct share_mode_lock *lck,
5280 const char *newname)
5283 bool did_rename = False;
5285 for(fsp = file_find_di_first(lck->id); fsp;
5286 fsp = file_find_di_next(fsp)) {
5287 /* fsp_name is a relative path under the fsp. To change this for other
5288 sharepaths we need to manipulate relative paths. */
5289 /* TODO - create the absolute path and manipulate the newname
5290 relative to the sharepath. */
5291 if (fsp->conn != conn) {
5294 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5295 fsp->fnum, file_id_string_tos(&fsp->file_id),
5296 fsp->fsp_name, newname ));
5297 string_set(&fsp->fsp_name, newname);
5302 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5303 file_id_string_tos(&lck->id), newname ));
5306 /* Send messages to all smbd's (not ourself) that the name has changed. */
5307 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5311 /****************************************************************************
5312 We need to check if the source path is a parent directory of the destination
5313 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5314 refuse the rename with a sharing violation. Under UNIX the above call can
5315 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5316 probably need to check that the client is a Windows one before disallowing
5317 this as a UNIX client (one with UNIX extensions) can know the source is a
5318 symlink and make this decision intelligently. Found by an excellent bug
5319 report from <AndyLiebman@aol.com>.
5320 ****************************************************************************/
5322 static bool rename_path_prefix_equal(const char *src, const char *dest)
5324 const char *psrc = src;
5325 const char *pdst = dest;
5328 if (psrc[0] == '.' && psrc[1] == '/') {
5331 if (pdst[0] == '.' && pdst[1] == '/') {
5334 if ((slen = strlen(psrc)) > strlen(pdst)) {
5337 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5341 * Do the notify calls from a rename
5344 static void notify_rename(connection_struct *conn, bool is_dir,
5345 const char *oldpath, const char *newpath)
5347 char *olddir, *newdir;
5348 const char *oldname, *newname;
5351 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5352 : FILE_NOTIFY_CHANGE_FILE_NAME;
5354 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5355 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5356 TALLOC_FREE(olddir);
5360 if (strcmp(olddir, newdir) == 0) {
5361 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5362 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5365 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5366 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5368 TALLOC_FREE(olddir);
5369 TALLOC_FREE(newdir);
5371 /* this is a strange one. w2k3 gives an additional event for
5372 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5373 files, but not directories */
5375 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5376 FILE_NOTIFY_CHANGE_ATTRIBUTES
5377 |FILE_NOTIFY_CHANGE_CREATION,
5382 /****************************************************************************
5383 Rename an open file - given an fsp.
5384 ****************************************************************************/
5386 NTSTATUS rename_internals_fsp(connection_struct *conn,
5389 const char *newname_last_component,
5391 bool replace_if_exists)
5393 TALLOC_CTX *ctx = talloc_tos();
5394 SMB_STRUCT_STAT sbuf, sbuf1;
5395 NTSTATUS status = NT_STATUS_OK;
5396 struct share_mode_lock *lck = NULL;
5401 status = check_name(conn, newname);
5402 if (!NT_STATUS_IS_OK(status)) {
5406 /* Ensure newname contains a '/' */
5407 if(strrchr_m(newname,'/') == 0) {
5408 newname = talloc_asprintf(ctx,
5412 return NT_STATUS_NO_MEMORY;
5417 * Check for special case with case preserving and not
5418 * case sensitive. If the old last component differs from the original
5419 * last component only by case, then we should allow
5420 * the rename (user is trying to change the case of the
5424 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5425 strequal(newname, fsp->fsp_name)) {
5427 char *newname_modified_last_component = NULL;
5430 * Get the last component of the modified name.
5431 * Note that we guarantee that newname contains a '/'
5434 p = strrchr_m(newname,'/');
5435 newname_modified_last_component = talloc_strdup(ctx,
5437 if (!newname_modified_last_component) {
5438 return NT_STATUS_NO_MEMORY;
5441 if(strcsequal(newname_modified_last_component,
5442 newname_last_component) == False) {
5444 * Replace the modified last component with
5447 *p = '\0'; /* Truncate at the '/' */
5448 newname = talloc_asprintf(ctx,
5451 newname_last_component);
5456 * If the src and dest names are identical - including case,
5457 * don't do the rename, just return success.
5460 if (strcsequal(fsp->fsp_name, newname)) {
5461 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5463 return NT_STATUS_OK;
5467 * Have vfs_object_exist also fill sbuf1
5469 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5471 if(!replace_if_exists && dst_exists) {
5472 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5473 fsp->fsp_name,newname));
5474 return NT_STATUS_OBJECT_NAME_COLLISION;
5478 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5479 files_struct *dst_fsp = file_find_di_first(fileid);
5481 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5482 return NT_STATUS_ACCESS_DENIED;
5486 /* Ensure we have a valid stat struct for the source. */
5487 if (fsp->fh->fd != -1) {
5488 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) == -1) {
5489 return map_nt_error_from_unix(errno);
5492 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5493 return map_nt_error_from_unix(errno);
5497 status = can_rename(conn, fsp, attrs, &sbuf);
5499 if (!NT_STATUS_IS_OK(status)) {
5500 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5501 nt_errstr(status), fsp->fsp_name,newname));
5502 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5503 status = NT_STATUS_ACCESS_DENIED;
5507 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5508 return NT_STATUS_ACCESS_DENIED;
5511 lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
5514 * We have the file open ourselves, so not being able to get the
5515 * corresponding share mode lock is a fatal error.
5518 SMB_ASSERT(lck != NULL);
5520 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5521 uint32 create_options = fsp->fh->private_options;
5523 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5524 fsp->fsp_name,newname));
5526 rename_open_files(conn, lck, newname);
5528 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5531 * A rename acts as a new file create w.r.t. allowing an initial delete
5532 * on close, probably because in Windows there is a new handle to the
5533 * new file. If initial delete on close was requested but not
5534 * originally set, we need to set it here. This is probably not 100% correct,
5535 * but will work for the CIFSFS client which in non-posix mode
5536 * depends on these semantics. JRA.
5539 set_allow_initial_delete_on_close(lck, fsp, True);
5541 if (create_options & FILE_DELETE_ON_CLOSE) {
5542 status = can_set_delete_on_close(fsp, True, 0);
5544 if (NT_STATUS_IS_OK(status)) {
5545 /* Note that here we set the *inital* delete on close flag,
5546 * not the regular one. The magic gets handled in close. */
5547 fsp->initial_delete_on_close = True;
5551 return NT_STATUS_OK;
5556 if (errno == ENOTDIR || errno == EISDIR) {
5557 status = NT_STATUS_OBJECT_NAME_COLLISION;
5559 status = map_nt_error_from_unix(errno);
5562 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5563 nt_errstr(status), fsp->fsp_name,newname));
5568 /****************************************************************************
5569 The guts of the rename command, split out so it may be called by the NT SMB
5571 ****************************************************************************/
5573 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5574 connection_struct *conn,
5575 struct smb_request *req,
5576 const char *name_in,
5577 const char *newname_in,
5579 bool replace_if_exists,
5583 char *directory = NULL;
5585 char *last_component_src = NULL;
5586 char *last_component_dest = NULL;
5588 char *newname = NULL;
5591 NTSTATUS status = NT_STATUS_OK;
5592 SMB_STRUCT_STAT sbuf1, sbuf2;
5593 struct smb_Dir *dir_hnd = NULL;
5600 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5601 &last_component_src, &sbuf1);
5602 if (!NT_STATUS_IS_OK(status)) {
5606 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5607 &last_component_dest, &sbuf2);
5608 if (!NT_STATUS_IS_OK(status)) {
5613 * Split the old name into directory and last component
5614 * strings. Note that unix_convert may have stripped off a
5615 * leading ./ from both name and newname if the rename is
5616 * at the root of the share. We need to make sure either both
5617 * name and newname contain a / character or neither of them do
5618 * as this is checked in resolve_wildcards().
5621 p = strrchr_m(name,'/');
5623 directory = talloc_strdup(ctx, ".");
5625 return NT_STATUS_NO_MEMORY;
5630 directory = talloc_strdup(ctx, name);
5632 return NT_STATUS_NO_MEMORY;
5635 *p = '/'; /* Replace needed for exceptional test below. */
5639 * We should only check the mangled cache
5640 * here if unix_convert failed. This means
5641 * that the path in 'mask' doesn't exist
5642 * on the file system and so we need to look
5643 * for a possible mangle. This patch from
5644 * Tine Smukavec <valentin.smukavec@hermes.si>.
5647 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5648 char *new_mask = NULL;
5649 mangle_lookup_name_from_8_3(ctx,
5658 if (!src_has_wild) {
5662 * No wildcards - just process the one file.
5664 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5666 /* Add a terminating '/' to the directory name. */
5667 directory = talloc_asprintf_append(directory,
5671 return NT_STATUS_NO_MEMORY;
5674 /* Ensure newname contains a '/' also */
5675 if(strrchr_m(newname,'/') == 0) {
5676 newname = talloc_asprintf(ctx,
5680 return NT_STATUS_NO_MEMORY;
5684 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5685 "case_preserve = %d, short case preserve = %d, "
5686 "directory = %s, newname = %s, "
5687 "last_component_dest = %s, is_8_3 = %d\n",
5688 conn->case_sensitive, conn->case_preserve,
5689 conn->short_case_preserve, directory,
5690 newname, last_component_dest, is_short_name));
5692 /* The dest name still may have wildcards. */
5693 if (dest_has_wild) {
5694 char *mod_newname = NULL;
5695 if (!resolve_wildcards(ctx,
5696 directory,newname,&mod_newname)) {
5697 DEBUG(6, ("rename_internals: resolve_wildcards "
5701 return NT_STATUS_NO_MEMORY;
5703 newname = mod_newname;
5707 SMB_VFS_STAT(conn, directory, &sbuf1);
5709 status = S_ISDIR(sbuf1.st_mode) ?
5710 open_directory(conn, req, directory, &sbuf1,
5712 FILE_SHARE_READ|FILE_SHARE_WRITE,
5713 FILE_OPEN, 0, 0, NULL,
5715 : open_file_ntcreate(conn, req, directory, &sbuf1,
5717 FILE_SHARE_READ|FILE_SHARE_WRITE,
5718 FILE_OPEN, 0, 0, 0, NULL,
5721 if (!NT_STATUS_IS_OK(status)) {
5722 DEBUG(3, ("Could not open rename source %s: %s\n",
5723 directory, nt_errstr(status)));
5727 status = rename_internals_fsp(conn, fsp, newname,
5728 last_component_dest,
5729 attrs, replace_if_exists);
5731 close_file(fsp, NORMAL_CLOSE);
5733 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5734 nt_errstr(status), directory,newname));
5740 * Wildcards - process each file that matches.
5742 if (strequal(mask,"????????.???")) {
5747 status = check_name(conn, directory);
5748 if (!NT_STATUS_IS_OK(status)) {
5752 dir_hnd = OpenDir(conn, directory, mask, attrs);
5753 if (dir_hnd == NULL) {
5754 return map_nt_error_from_unix(errno);
5757 status = NT_STATUS_NO_SUCH_FILE;
5759 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5760 * - gentest fix. JRA
5763 while ((dname = ReadDirName(dir_hnd, &offset))) {
5764 files_struct *fsp = NULL;
5766 char *destname = NULL;
5767 bool sysdir_entry = False;
5769 /* Quick check for "." and ".." */
5770 if (ISDOT(dname) || ISDOTDOT(dname)) {
5772 sysdir_entry = True;
5778 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5782 if(!mask_match(dname, mask, conn->case_sensitive)) {
5787 status = NT_STATUS_OBJECT_NAME_INVALID;
5791 fname = talloc_asprintf(ctx,
5796 return NT_STATUS_NO_MEMORY;
5799 if (!resolve_wildcards(ctx,
5800 fname,newname,&destname)) {
5801 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5807 return NT_STATUS_NO_MEMORY;
5811 SMB_VFS_STAT(conn, fname, &sbuf1);
5813 status = S_ISDIR(sbuf1.st_mode) ?
5814 open_directory(conn, req, fname, &sbuf1,
5816 FILE_SHARE_READ|FILE_SHARE_WRITE,
5817 FILE_OPEN, 0, 0, NULL,
5819 : open_file_ntcreate(conn, req, fname, &sbuf1,
5821 FILE_SHARE_READ|FILE_SHARE_WRITE,
5822 FILE_OPEN, 0, 0, 0, NULL,
5825 if (!NT_STATUS_IS_OK(status)) {
5826 DEBUG(3,("rename_internals: open_file_ntcreate "
5827 "returned %s rename %s -> %s\n",
5828 nt_errstr(status), directory, newname));
5832 status = rename_internals_fsp(conn, fsp, destname, dname,
5833 attrs, replace_if_exists);
5835 close_file(fsp, NORMAL_CLOSE);
5837 if (!NT_STATUS_IS_OK(status)) {
5838 DEBUG(3, ("rename_internals_fsp returned %s for "
5839 "rename %s -> %s\n", nt_errstr(status),
5840 directory, newname));
5846 DEBUG(3,("rename_internals: doing rename on %s -> "
5847 "%s\n",fname,destname));
5850 TALLOC_FREE(destname);
5854 if (count == 0 && NT_STATUS_IS_OK(status)) {
5855 status = map_nt_error_from_unix(errno);
5861 /****************************************************************************
5863 ****************************************************************************/
5865 void reply_mv(struct smb_request *req)
5867 connection_struct *conn = req->conn;
5869 char *newname = NULL;
5873 bool src_has_wcard = False;
5874 bool dest_has_wcard = False;
5875 TALLOC_CTX *ctx = talloc_tos();
5877 START_PROFILE(SMBmv);
5880 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5885 attrs = SVAL(req->inbuf,smb_vwv0);
5887 p = smb_buf(req->inbuf) + 1;
5888 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5889 0, STR_TERMINATE, &status,
5891 if (!NT_STATUS_IS_OK(status)) {
5892 reply_nterror(req, status);
5897 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5898 0, STR_TERMINATE, &status,
5900 if (!NT_STATUS_IS_OK(status)) {
5901 reply_nterror(req, status);
5906 status = resolve_dfspath_wcard(ctx, conn,
5907 req->flags2 & FLAGS2_DFS_PATHNAMES,
5911 if (!NT_STATUS_IS_OK(status)) {
5912 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5913 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5914 ERRSRV, ERRbadpath);
5918 reply_nterror(req, status);
5923 status = resolve_dfspath_wcard(ctx, conn,
5924 req->flags2 & FLAGS2_DFS_PATHNAMES,
5928 if (!NT_STATUS_IS_OK(status)) {
5929 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5930 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5931 ERRSRV, ERRbadpath);
5935 reply_nterror(req, status);
5940 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5942 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5943 src_has_wcard, dest_has_wcard);
5944 if (!NT_STATUS_IS_OK(status)) {
5945 if (open_was_deferred(req->mid)) {
5946 /* We have re-scheduled this call. */
5950 reply_nterror(req, status);
5955 reply_outbuf(req, 0, 0);
5961 /*******************************************************************
5962 Copy a file as part of a reply_copy.
5963 ******************************************************************/
5966 * TODO: check error codes on all callers
5969 NTSTATUS copy_file(TALLOC_CTX *ctx,
5970 connection_struct *conn,
5975 bool target_is_directory)
5977 SMB_STRUCT_STAT src_sbuf, sbuf2;
5979 files_struct *fsp1,*fsp2;
5982 uint32 new_create_disposition;
5985 dest = talloc_strdup(ctx, dest1);
5987 return NT_STATUS_NO_MEMORY;
5989 if (target_is_directory) {
5990 const char *p = strrchr_m(src,'/');
5996 dest = talloc_asprintf_append(dest,
6000 return NT_STATUS_NO_MEMORY;
6004 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6006 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6009 if (!target_is_directory && count) {
6010 new_create_disposition = FILE_OPEN;
6012 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6013 NULL, NULL, &new_create_disposition, NULL)) {
6015 return NT_STATUS_INVALID_PARAMETER;
6019 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6021 FILE_SHARE_READ|FILE_SHARE_WRITE,
6024 FILE_ATTRIBUTE_NORMAL,
6028 if (!NT_STATUS_IS_OK(status)) {
6033 dosattrs = dos_mode(conn, src, &src_sbuf);
6034 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6035 ZERO_STRUCTP(&sbuf2);
6038 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6040 FILE_SHARE_READ|FILE_SHARE_WRITE,
6041 new_create_disposition,
6049 if (!NT_STATUS_IS_OK(status)) {
6050 close_file(fsp1,ERROR_CLOSE);
6054 if ((ofun&3) == 1) {
6055 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
6056 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6058 * Stop the copy from occurring.
6061 src_sbuf.st_size = 0;
6065 if (src_sbuf.st_size) {
6066 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6069 close_file(fsp1,NORMAL_CLOSE);
6071 /* Ensure the modtime is set correctly on the destination file. */
6072 fsp_set_pending_modtime( fsp2, get_mtimespec(&src_sbuf));
6075 * As we are opening fsp1 read-only we only expect
6076 * an error on close on fsp2 if we are out of space.
6077 * Thus we don't look at the error return from the
6080 status = close_file(fsp2,NORMAL_CLOSE);
6082 if (!NT_STATUS_IS_OK(status)) {
6086 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6087 return NT_STATUS_DISK_FULL;
6090 return NT_STATUS_OK;
6093 /****************************************************************************
6094 Reply to a file copy.
6095 ****************************************************************************/
6097 void reply_copy(struct smb_request *req)
6099 connection_struct *conn = req->conn;
6101 char *newname = NULL;
6102 char *directory = NULL;
6106 int error = ERRnoaccess;
6111 bool target_is_directory=False;
6112 bool source_has_wild = False;
6113 bool dest_has_wild = False;
6114 SMB_STRUCT_STAT sbuf1, sbuf2;
6116 TALLOC_CTX *ctx = talloc_tos();
6118 START_PROFILE(SMBcopy);
6121 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6122 END_PROFILE(SMBcopy);
6126 tid2 = SVAL(req->inbuf,smb_vwv0);
6127 ofun = SVAL(req->inbuf,smb_vwv1);
6128 flags = SVAL(req->inbuf,smb_vwv2);
6130 p = smb_buf(req->inbuf);
6131 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6132 0, STR_TERMINATE, &status,
6134 if (!NT_STATUS_IS_OK(status)) {
6135 reply_nterror(req, status);
6136 END_PROFILE(SMBcopy);
6139 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6140 0, STR_TERMINATE, &status,
6142 if (!NT_STATUS_IS_OK(status)) {
6143 reply_nterror(req, status);
6144 END_PROFILE(SMBcopy);
6148 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6150 if (tid2 != conn->cnum) {
6151 /* can't currently handle inter share copies XXXX */
6152 DEBUG(3,("Rejecting inter-share copy\n"));
6153 reply_doserror(req, ERRSRV, ERRinvdevice);
6154 END_PROFILE(SMBcopy);
6158 status = resolve_dfspath_wcard(ctx, conn,
6159 req->flags2 & FLAGS2_DFS_PATHNAMES,
6163 if (!NT_STATUS_IS_OK(status)) {
6164 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6165 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6166 ERRSRV, ERRbadpath);
6167 END_PROFILE(SMBcopy);
6170 reply_nterror(req, status);
6171 END_PROFILE(SMBcopy);
6175 status = resolve_dfspath_wcard(ctx, conn,
6176 req->flags2 & FLAGS2_DFS_PATHNAMES,
6180 if (!NT_STATUS_IS_OK(status)) {
6181 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6182 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6183 ERRSRV, ERRbadpath);
6184 END_PROFILE(SMBcopy);
6187 reply_nterror(req, status);
6188 END_PROFILE(SMBcopy);
6192 status = unix_convert(ctx, conn, name, source_has_wild,
6193 &name, NULL, &sbuf1);
6194 if (!NT_STATUS_IS_OK(status)) {
6195 reply_nterror(req, status);
6196 END_PROFILE(SMBcopy);
6200 status = unix_convert(ctx, conn, newname, dest_has_wild,
6201 &newname, NULL, &sbuf2);
6202 if (!NT_STATUS_IS_OK(status)) {
6203 reply_nterror(req, status);
6204 END_PROFILE(SMBcopy);
6208 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6210 if ((flags&1) && target_is_directory) {
6211 reply_doserror(req, ERRDOS, ERRbadfile);
6212 END_PROFILE(SMBcopy);
6216 if ((flags&2) && !target_is_directory) {
6217 reply_doserror(req, ERRDOS, ERRbadpath);
6218 END_PROFILE(SMBcopy);
6222 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6223 /* wants a tree copy! XXXX */
6224 DEBUG(3,("Rejecting tree copy\n"));
6225 reply_doserror(req, ERRSRV, ERRerror);
6226 END_PROFILE(SMBcopy);
6230 p = strrchr_m(name,'/');
6232 directory = talloc_strdup(ctx, "./");
6234 reply_nterror(req, NT_STATUS_NO_MEMORY);
6235 END_PROFILE(SMBcopy);
6241 directory = talloc_strdup(ctx, name);
6243 reply_nterror(req, NT_STATUS_NO_MEMORY);
6244 END_PROFILE(SMBcopy);
6251 * We should only check the mangled cache
6252 * here if unix_convert failed. This means
6253 * that the path in 'mask' doesn't exist
6254 * on the file system and so we need to look
6255 * for a possible mangle. This patch from
6256 * Tine Smukavec <valentin.smukavec@hermes.si>.
6259 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6260 char *new_mask = NULL;
6261 mangle_lookup_name_from_8_3(ctx,
6270 if (!source_has_wild) {
6271 directory = talloc_asprintf_append(directory,
6274 if (dest_has_wild) {
6275 char *mod_newname = NULL;
6276 if (!resolve_wildcards(ctx,
6277 directory,newname,&mod_newname)) {
6278 reply_nterror(req, NT_STATUS_NO_MEMORY);
6279 END_PROFILE(SMBcopy);
6282 newname = mod_newname;
6285 status = check_name(conn, directory);
6286 if (!NT_STATUS_IS_OK(status)) {
6287 reply_nterror(req, status);
6288 END_PROFILE(SMBcopy);
6292 status = check_name(conn, newname);
6293 if (!NT_STATUS_IS_OK(status)) {
6294 reply_nterror(req, status);
6295 END_PROFILE(SMBcopy);
6299 status = copy_file(ctx,conn,directory,newname,ofun,
6300 count,target_is_directory);
6302 if(!NT_STATUS_IS_OK(status)) {
6303 reply_nterror(req, status);
6304 END_PROFILE(SMBcopy);
6310 struct smb_Dir *dir_hnd = NULL;
6311 const char *dname = NULL;
6314 if (strequal(mask,"????????.???")) {
6319 status = check_name(conn, directory);
6320 if (!NT_STATUS_IS_OK(status)) {
6321 reply_nterror(req, status);
6322 END_PROFILE(SMBcopy);
6326 dir_hnd = OpenDir(conn, directory, mask, 0);
6327 if (dir_hnd == NULL) {
6328 status = map_nt_error_from_unix(errno);
6329 reply_nterror(req, status);
6330 END_PROFILE(SMBcopy);
6336 while ((dname = ReadDirName(dir_hnd, &offset))) {
6337 char *destname = NULL;
6340 if (ISDOT(dname) || ISDOTDOT(dname)) {
6344 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6348 if(!mask_match(dname, mask, conn->case_sensitive)) {
6352 error = ERRnoaccess;
6353 fname = talloc_asprintf(ctx,
6358 reply_nterror(req, NT_STATUS_NO_MEMORY);
6359 END_PROFILE(SMBcopy);
6363 if (!resolve_wildcards(ctx,
6364 fname,newname,&destname)) {
6368 reply_nterror(req, NT_STATUS_NO_MEMORY);
6369 END_PROFILE(SMBcopy);
6373 status = check_name(conn, fname);
6374 if (!NT_STATUS_IS_OK(status)) {
6375 reply_nterror(req, status);
6376 END_PROFILE(SMBcopy);
6380 status = check_name(conn, destname);
6381 if (!NT_STATUS_IS_OK(status)) {
6382 reply_nterror(req, status);
6383 END_PROFILE(SMBcopy);
6387 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6389 status = copy_file(ctx,conn,fname,destname,ofun,
6390 count,target_is_directory);
6391 if (NT_STATUS_IS_OK(status)) {
6395 TALLOC_FREE(destname);
6402 /* Error on close... */
6404 reply_unixerror(req, ERRHRD, ERRgeneral);
6405 END_PROFILE(SMBcopy);
6409 reply_doserror(req, ERRDOS, error);
6410 END_PROFILE(SMBcopy);
6414 reply_outbuf(req, 1, 0);
6415 SSVAL(req->outbuf,smb_vwv0,count);
6417 END_PROFILE(SMBcopy);
6422 #define DBGC_CLASS DBGC_LOCKING
6424 /****************************************************************************
6425 Get a lock pid, dealing with large count requests.
6426 ****************************************************************************/
6428 uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6430 if(!large_file_format)
6431 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6433 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6436 /****************************************************************************
6437 Get a lock count, dealing with large count requests.
6438 ****************************************************************************/
6440 SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6442 SMB_BIG_UINT count = 0;
6444 if(!large_file_format) {
6445 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6448 #if defined(HAVE_LONGLONG)
6449 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6450 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6451 #else /* HAVE_LONGLONG */
6454 * NT4.x seems to be broken in that it sends large file (64 bit)
6455 * lockingX calls even if the CAP_LARGE_FILES was *not*
6456 * negotiated. For boxes without large unsigned ints truncate the
6457 * lock count by dropping the top 32 bits.
6460 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6461 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6462 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6463 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6464 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6467 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6468 #endif /* HAVE_LONGLONG */
6474 #if !defined(HAVE_LONGLONG)
6475 /****************************************************************************
6476 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6477 ****************************************************************************/
6479 static uint32 map_lock_offset(uint32 high, uint32 low)
6483 uint32 highcopy = high;
6486 * Try and find out how many significant bits there are in high.
6489 for(i = 0; highcopy; i++)
6493 * We use 31 bits not 32 here as POSIX
6494 * lock offsets may not be negative.
6497 mask = (~0) << (31 - i);
6500 return 0; /* Fail. */
6506 #endif /* !defined(HAVE_LONGLONG) */
6508 /****************************************************************************
6509 Get a lock offset, dealing with large offset requests.
6510 ****************************************************************************/
6512 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6514 SMB_BIG_UINT offset = 0;
6518 if(!large_file_format) {
6519 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6522 #if defined(HAVE_LONGLONG)
6523 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6524 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6525 #else /* HAVE_LONGLONG */
6528 * NT4.x seems to be broken in that it sends large file (64 bit)
6529 * lockingX calls even if the CAP_LARGE_FILES was *not*
6530 * negotiated. For boxes without large unsigned ints mangle the
6531 * lock offset by mapping the top 32 bits onto the lower 32.
6534 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6535 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6536 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6539 if((new_low = map_lock_offset(high, low)) == 0) {
6541 return (SMB_BIG_UINT)-1;
6544 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6545 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6546 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6547 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6550 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6551 #endif /* HAVE_LONGLONG */
6557 /****************************************************************************
6558 Reply to a lockingX request.
6559 ****************************************************************************/
6561 void reply_lockingX(struct smb_request *req)
6563 connection_struct *conn = req->conn;
6565 unsigned char locktype;
6566 unsigned char oplocklevel;
6569 SMB_BIG_UINT count = 0, offset = 0;
6574 bool large_file_format;
6576 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6578 START_PROFILE(SMBlockingX);
6581 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6582 END_PROFILE(SMBlockingX);
6586 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6587 locktype = CVAL(req->inbuf,smb_vwv3);
6588 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6589 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6590 num_locks = SVAL(req->inbuf,smb_vwv7);
6591 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6592 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6594 if (!check_fsp(conn, req, fsp, ¤t_user)) {
6595 END_PROFILE(SMBlockingX);
6599 data = smb_buf(req->inbuf);
6601 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6602 /* we don't support these - and CANCEL_LOCK makes w2k
6603 and XP reboot so I don't really want to be
6604 compatible! (tridge) */
6605 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6606 END_PROFILE(SMBlockingX);
6610 /* Check if this is an oplock break on a file
6611 we have granted an oplock on.
6613 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6614 /* Client can insist on breaking to none. */
6615 bool break_to_none = (oplocklevel == 0);
6618 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6619 "for fnum = %d\n", (unsigned int)oplocklevel,
6623 * Make sure we have granted an exclusive or batch oplock on
6627 if (fsp->oplock_type == 0) {
6629 /* The Samba4 nbench simulator doesn't understand
6630 the difference between break to level2 and break
6631 to none from level2 - it sends oplock break
6632 replies in both cases. Don't keep logging an error
6633 message here - just ignore it. JRA. */
6635 DEBUG(5,("reply_lockingX: Error : oplock break from "
6636 "client for fnum = %d (oplock=%d) and no "
6637 "oplock granted on this file (%s).\n",
6638 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6640 /* if this is a pure oplock break request then don't
6642 if (num_locks == 0 && num_ulocks == 0) {
6643 END_PROFILE(SMBlockingX);
6646 END_PROFILE(SMBlockingX);
6647 reply_doserror(req, ERRDOS, ERRlock);
6652 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6654 result = remove_oplock(fsp);
6656 result = downgrade_oplock(fsp);
6660 DEBUG(0, ("reply_lockingX: error in removing "
6661 "oplock on file %s\n", fsp->fsp_name));
6662 /* Hmmm. Is this panic justified? */
6663 smb_panic("internal tdb error");
6666 reply_to_oplock_break_requests(fsp);
6668 /* if this is a pure oplock break request then don't send a
6670 if (num_locks == 0 && num_ulocks == 0) {
6671 /* Sanity check - ensure a pure oplock break is not a
6673 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6674 DEBUG(0,("reply_lockingX: Error : pure oplock "
6675 "break is a chained %d request !\n",
6676 (unsigned int)CVAL(req->inbuf,
6678 END_PROFILE(SMBlockingX);
6684 * We do this check *after* we have checked this is not a oplock break
6685 * response message. JRA.
6688 release_level_2_oplocks_on_change(fsp);
6690 if (smb_buflen(req->inbuf) <
6691 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6692 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6693 END_PROFILE(SMBlockingX);
6697 /* Data now points at the beginning of the list
6698 of smb_unlkrng structs */
6699 for(i = 0; i < (int)num_ulocks; i++) {
6700 lock_pid = get_lock_pid( data, i, large_file_format);
6701 count = get_lock_count( data, i, large_file_format);
6702 offset = get_lock_offset( data, i, large_file_format, &err);
6705 * There is no error code marked "stupid client bug".... :-).
6708 END_PROFILE(SMBlockingX);
6709 reply_doserror(req, ERRDOS, ERRnoaccess);
6713 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6714 "pid %u, file %s\n", (double)offset, (double)count,
6715 (unsigned int)lock_pid, fsp->fsp_name ));
6717 status = do_unlock(smbd_messaging_context(),
6724 if (NT_STATUS_V(status)) {
6725 END_PROFILE(SMBlockingX);
6726 reply_nterror(req, status);
6731 /* Setup the timeout in seconds. */
6733 if (!lp_blocking_locks(SNUM(conn))) {
6737 /* Now do any requested locks */
6738 data += ((large_file_format ? 20 : 10)*num_ulocks);
6740 /* Data now points at the beginning of the list
6741 of smb_lkrng structs */
6743 for(i = 0; i < (int)num_locks; i++) {
6744 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6745 READ_LOCK:WRITE_LOCK);
6746 lock_pid = get_lock_pid( data, i, large_file_format);
6747 count = get_lock_count( data, i, large_file_format);
6748 offset = get_lock_offset( data, i, large_file_format, &err);
6751 * There is no error code marked "stupid client bug".... :-).
6754 END_PROFILE(SMBlockingX);
6755 reply_doserror(req, ERRDOS, ERRnoaccess);
6759 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6760 "%u, file %s timeout = %d\n", (double)offset,
6761 (double)count, (unsigned int)lock_pid,
6762 fsp->fsp_name, (int)lock_timeout ));
6764 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6765 if (lp_blocking_locks(SNUM(conn))) {
6767 /* Schedule a message to ourselves to
6768 remove the blocking lock record and
6769 return the right error. */
6771 if (!blocking_lock_cancel(fsp,
6777 NT_STATUS_FILE_LOCK_CONFLICT)) {
6778 END_PROFILE(SMBlockingX);
6783 ERRcancelviolation));
6787 /* Remove a matching pending lock. */
6788 status = do_lock_cancel(fsp,
6794 bool blocking_lock = lock_timeout ? True : False;
6795 bool defer_lock = False;
6796 struct byte_range_lock *br_lck;
6797 uint32 block_smbpid;
6799 br_lck = do_lock(smbd_messaging_context(),
6810 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6811 /* Windows internal resolution for blocking locks seems
6812 to be about 200ms... Don't wait for less than that. JRA. */
6813 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6814 lock_timeout = lp_lock_spin_time();
6819 /* This heuristic seems to match W2K3 very well. If a
6820 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6821 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6822 far as I can tell. Replacement for do_lock_spin(). JRA. */
6824 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6825 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6827 lock_timeout = lp_lock_spin_time();
6830 if (br_lck && defer_lock) {
6832 * A blocking lock was requested. Package up
6833 * this smb into a queued request and push it
6834 * onto the blocking lock queue.
6836 if(push_blocking_lock_request(br_lck,
6847 TALLOC_FREE(br_lck);
6848 END_PROFILE(SMBlockingX);
6853 TALLOC_FREE(br_lck);
6856 if (NT_STATUS_V(status)) {
6857 END_PROFILE(SMBlockingX);
6858 reply_nterror(req, status);
6863 /* If any of the above locks failed, then we must unlock
6864 all of the previous locks (X/Open spec). */
6866 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6870 * Ensure we don't do a remove on the lock that just failed,
6871 * as under POSIX rules, if we have a lock already there, we
6872 * will delete it (and we shouldn't) .....
6874 for(i--; i >= 0; i--) {
6875 lock_pid = get_lock_pid( data, i, large_file_format);
6876 count = get_lock_count( data, i, large_file_format);
6877 offset = get_lock_offset( data, i, large_file_format,
6881 * There is no error code marked "stupid client
6885 END_PROFILE(SMBlockingX);
6886 reply_doserror(req, ERRDOS, ERRnoaccess);
6890 do_unlock(smbd_messaging_context(),
6897 END_PROFILE(SMBlockingX);
6898 reply_nterror(req, status);
6902 reply_outbuf(req, 2, 0);
6904 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6905 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6907 END_PROFILE(SMBlockingX);
6912 #define DBGC_CLASS DBGC_ALL
6914 /****************************************************************************
6915 Reply to a SMBreadbmpx (read block multiplex) request.
6916 Always reply with an error, if someone has a platform really needs this,
6917 please contact vl@samba.org
6918 ****************************************************************************/
6920 void reply_readbmpx(struct smb_request *req)
6922 START_PROFILE(SMBreadBmpx);
6923 reply_doserror(req, ERRSRV, ERRuseSTD);
6924 END_PROFILE(SMBreadBmpx);
6928 /****************************************************************************
6929 Reply to a SMBreadbs (read block multiplex secondary) request.
6930 Always reply with an error, if someone has a platform really needs this,
6931 please contact vl@samba.org
6932 ****************************************************************************/
6934 void reply_readbs(struct smb_request *req)
6936 START_PROFILE(SMBreadBs);
6937 reply_doserror(req, ERRSRV, ERRuseSTD);
6938 END_PROFILE(SMBreadBs);
6942 /****************************************************************************
6943 Reply to a SMBsetattrE.
6944 ****************************************************************************/
6946 void reply_setattrE(struct smb_request *req)
6948 connection_struct *conn = req->conn;
6949 struct timespec ts[2];
6952 START_PROFILE(SMBsetattrE);
6955 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6956 END_PROFILE(SMBsetattrE);
6960 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6962 if(!fsp || (fsp->conn != conn)) {
6963 reply_doserror(req, ERRDOS, ERRbadfid);
6964 END_PROFILE(SMBsetattrE);
6970 * Convert the DOS times into unix times. Ignore create
6971 * time as UNIX can't set this.
6974 ts[0] = convert_time_t_to_timespec(
6975 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
6976 ts[1] = convert_time_t_to_timespec(
6977 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
6979 reply_outbuf(req, 0, 0);
6982 * Patch from Ray Frush <frush@engr.colostate.edu>
6983 * Sometimes times are sent as zero - ignore them.
6986 if (null_timespec(ts[0]) && null_timespec(ts[1])) {
6987 /* Ignore request */
6988 if( DEBUGLVL( 3 ) ) {
6989 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
6990 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
6992 END_PROFILE(SMBsetattrE);
6994 } else if (!null_timespec(ts[0]) && null_timespec(ts[1])) {
6995 /* set modify time = to access time if modify time was unset */
6999 /* Set the date on this file */
7000 /* Should we set pending modtime here ? JRA */
7001 if(file_ntimes(conn, fsp->fsp_name, ts)) {
7002 reply_doserror(req, ERRDOS, ERRnoaccess);
7003 END_PROFILE(SMBsetattrE);
7007 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7009 (unsigned int)ts[0].tv_sec,
7010 (unsigned int)ts[1].tv_sec));
7012 END_PROFILE(SMBsetattrE);
7017 /* Back from the dead for OS/2..... JRA. */
7019 /****************************************************************************
7020 Reply to a SMBwritebmpx (write block multiplex primary) request.
7021 Always reply with an error, if someone has a platform really needs this,
7022 please contact vl@samba.org
7023 ****************************************************************************/
7025 void reply_writebmpx(struct smb_request *req)
7027 START_PROFILE(SMBwriteBmpx);
7028 reply_doserror(req, ERRSRV, ERRuseSTD);
7029 END_PROFILE(SMBwriteBmpx);
7033 /****************************************************************************
7034 Reply to a SMBwritebs (write block multiplex secondary) request.
7035 Always reply with an error, if someone has a platform really needs this,
7036 please contact vl@samba.org
7037 ****************************************************************************/
7039 void reply_writebs(struct smb_request *req)
7041 START_PROFILE(SMBwriteBs);
7042 reply_doserror(req, ERRSRV, ERRuseSTD);
7043 END_PROFILE(SMBwriteBs);
7047 /****************************************************************************
7048 Reply to a SMBgetattrE.
7049 ****************************************************************************/
7051 void reply_getattrE(struct smb_request *req)
7053 connection_struct *conn = req->conn;
7054 SMB_STRUCT_STAT sbuf;
7058 START_PROFILE(SMBgetattrE);
7061 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7062 END_PROFILE(SMBgetattrE);
7066 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7068 if(!fsp || (fsp->conn != conn)) {
7069 reply_doserror(req, ERRDOS, ERRbadfid);
7070 END_PROFILE(SMBgetattrE);
7074 /* Do an fstat on this file */
7075 if(fsp_stat(fsp, &sbuf)) {
7076 reply_unixerror(req, ERRDOS, ERRnoaccess);
7077 END_PROFILE(SMBgetattrE);
7081 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7084 * Convert the times into dos times. Set create
7085 * date to be last modify date as UNIX doesn't save
7089 reply_outbuf(req, 11, 0);
7091 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
7092 get_create_time(&sbuf,
7093 lp_fake_dir_create_times(SNUM(conn))));
7094 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7095 /* Should we check pending modtime here ? JRA */
7096 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7099 SIVAL(req->outbuf, smb_vwv6, 0);
7100 SIVAL(req->outbuf, smb_vwv8, 0);
7102 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7103 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7104 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7106 SSVAL(req->outbuf,smb_vwv10, mode);
7108 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7110 END_PROFILE(SMBgetattrE);