2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
32 extern uint32 global_client_caps;
34 extern bool global_encrypted_passwords_negotiated;
36 /****************************************************************************
37 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
38 path or anything including wildcards.
39 We're assuming here that '/' is not the second byte in any multibyte char
40 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
42 ****************************************************************************/
44 /* Custom version for processing POSIX paths. */
45 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
47 static NTSTATUS check_path_syntax_internal(char *path,
49 bool *p_last_component_contains_wcard)
53 NTSTATUS ret = NT_STATUS_OK;
54 bool start_of_name_component = True;
56 *p_last_component_contains_wcard = False;
59 if (IS_PATH_SEP(*s,posix_path)) {
61 * Safe to assume is not the second part of a mb char
62 * as this is handled below.
64 /* Eat multiple '/' or '\\' */
65 while (IS_PATH_SEP(*s,posix_path)) {
68 if ((d != path) && (*s != '\0')) {
69 /* We only care about non-leading or trailing '/' or '\\' */
73 start_of_name_component = True;
75 *p_last_component_contains_wcard = False;
79 if (start_of_name_component) {
80 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
81 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
84 * No mb char starts with '.' so we're safe checking the directory separator here.
87 /* If we just added a '/' - delete it */
88 if ((d > path) && (*(d-1) == '/')) {
93 /* Are we at the start ? Can't go back further if so. */
95 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
98 /* Go back one level... */
99 /* We know this is safe as '/' cannot be part of a mb sequence. */
100 /* NOTE - if this assumption is invalid we are not in good shape... */
101 /* Decrement d first as d points to the *next* char to write into. */
102 for (d--; d > path; d--) {
106 s += 2; /* Else go past the .. */
107 /* We're still at the start of a name component, just the previous one. */
110 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
123 return NT_STATUS_OBJECT_NAME_INVALID;
131 *p_last_component_contains_wcard = True;
140 /* Get the size of the next MB character. */
141 next_codepoint(s,&siz);
159 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
161 return NT_STATUS_INVALID_PARAMETER;
164 start_of_name_component = False;
172 /****************************************************************************
173 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
174 No wildcards allowed.
175 ****************************************************************************/
177 NTSTATUS check_path_syntax(char *path)
180 return check_path_syntax_internal(path, False, &ignore);
183 /****************************************************************************
184 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
185 Wildcards allowed - p_contains_wcard returns true if the last component contained
187 ****************************************************************************/
189 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
191 return check_path_syntax_internal(path, False, p_contains_wcard);
194 /****************************************************************************
195 Check the path for a POSIX client.
196 We're assuming here that '/' is not the second byte in any multibyte char
197 set (a safe assumption).
198 ****************************************************************************/
200 NTSTATUS check_path_syntax_posix(char *path)
203 return check_path_syntax_internal(path, True, &ignore);
206 /****************************************************************************
207 Pull a string and check the path allowing a wilcard - provide for error return.
208 ****************************************************************************/
210 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
211 const char *base_ptr,
218 bool *contains_wcard)
224 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
228 *err = NT_STATUS_INVALID_PARAMETER;
232 *contains_wcard = False;
234 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
236 * For a DFS path the function parse_dfs_path()
237 * will do the path processing, just make a copy.
243 if (lp_posix_pathnames()) {
244 *err = check_path_syntax_posix(*pp_dest);
246 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
252 /****************************************************************************
253 Pull a string and check the path - provide for error return.
254 ****************************************************************************/
256 size_t srvstr_get_path(TALLOC_CTX *ctx,
257 const char *base_ptr,
266 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
267 src_len, flags, err, &ignore);
270 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
271 char **pp_dest, const char *src, int flags,
272 NTSTATUS *err, bool *contains_wcard)
274 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
275 pp_dest, src, smbreq_bufrem(req, src),
276 flags, err, contains_wcard);
279 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
280 char **pp_dest, const char *src, int flags,
284 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
285 flags, err, &ignore);
288 /****************************************************************************
289 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
290 ****************************************************************************/
292 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
295 if (!(fsp) || !(conn)) {
296 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
299 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
300 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
306 /****************************************************************************
307 Check if we have a correct fsp pointing to a file.
308 ****************************************************************************/
310 bool check_fsp(connection_struct *conn, struct smb_request *req,
313 if (!check_fsp_open(conn, req, fsp)) {
316 if ((fsp)->is_directory) {
317 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
320 if ((fsp)->fh->fd == -1) {
321 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
324 (fsp)->num_smb_operations++;
328 /****************************************************************************
329 Check if we have a correct fsp pointing to a quota fake file. Replacement for
330 the CHECK_NTQUOTA_HANDLE_OK macro.
331 ****************************************************************************/
333 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
336 if (!check_fsp_open(conn, req, fsp)) {
340 if (fsp->is_directory) {
344 if (fsp->fake_file_handle == NULL) {
348 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
352 if (fsp->fake_file_handle->private_data == NULL) {
359 /****************************************************************************
360 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
361 ****************************************************************************/
363 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
366 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
367 && (req->vuid == (fsp)->vuid)) {
371 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
375 /****************************************************************************
376 Reply to a (netbios-level) special message.
377 ****************************************************************************/
379 void reply_special(char *inbuf)
381 int msg_type = CVAL(inbuf,0);
382 int msg_flags = CVAL(inbuf,1);
387 * We only really use 4 bytes of the outbuf, but for the smb_setlen
388 * calculation & friends (srv_send_smb uses that) we need the full smb
391 char outbuf[smb_size];
393 static bool already_got_session = False;
397 memset(outbuf, '\0', sizeof(outbuf));
399 smb_setlen(outbuf,0);
402 case 0x81: /* session request */
404 if (already_got_session) {
405 exit_server_cleanly("multiple session request not permitted");
408 SCVAL(outbuf,0,0x82);
410 if (name_len(inbuf+4) > 50 ||
411 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
412 DEBUG(0,("Invalid name length in session request\n"));
415 name_extract(inbuf,4,name1);
416 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
417 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
420 set_local_machine_name(name1, True);
421 set_remote_machine_name(name2, True);
423 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
424 get_local_machine_name(), get_remote_machine_name(),
427 if (name_type == 'R') {
428 /* We are being asked for a pathworks session ---
430 SCVAL(outbuf, 0,0x83);
434 /* only add the client's machine name to the list
435 of possibly valid usernames if we are operating
436 in share mode security */
437 if (lp_security() == SEC_SHARE) {
438 add_session_user(get_remote_machine_name());
441 reload_services(True);
444 already_got_session = True;
447 case 0x89: /* session keepalive request
448 (some old clients produce this?) */
449 SCVAL(outbuf,0,SMBkeepalive);
453 case 0x82: /* positive session response */
454 case 0x83: /* negative session response */
455 case 0x84: /* retarget session response */
456 DEBUG(0,("Unexpected session response\n"));
459 case SMBkeepalive: /* session keepalive */
464 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
465 msg_type, msg_flags));
467 srv_send_smb(smbd_server_fd(), outbuf, false);
471 /****************************************************************************
473 conn POINTER CAN BE NULL HERE !
474 ****************************************************************************/
476 void reply_tcon(struct smb_request *req)
478 connection_struct *conn = req->conn;
480 char *service_buf = NULL;
481 char *password = NULL;
486 DATA_BLOB password_blob;
487 TALLOC_CTX *ctx = talloc_tos();
489 START_PROFILE(SMBtcon);
491 if (req->buflen < 4) {
492 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
493 END_PROFILE(SMBtcon);
497 p = (const char *)req->buf + 1;
498 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
500 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
502 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
505 if (service_buf == NULL || password == NULL || dev == NULL) {
506 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
507 END_PROFILE(SMBtcon);
510 p = strrchr_m(service_buf,'\\');
514 service = service_buf;
517 password_blob = data_blob(password, pwlen+1);
519 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
522 data_blob_clear_free(&password_blob);
525 reply_nterror(req, nt_status);
526 END_PROFILE(SMBtcon);
530 reply_outbuf(req, 2, 0);
531 SSVAL(req->outbuf,smb_vwv0,max_recv);
532 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
533 SSVAL(req->outbuf,smb_tid,conn->cnum);
535 DEBUG(3,("tcon service=%s cnum=%d\n",
536 service, conn->cnum));
538 END_PROFILE(SMBtcon);
542 /****************************************************************************
543 Reply to a tcon and X.
544 conn POINTER CAN BE NULL HERE !
545 ****************************************************************************/
547 void reply_tcon_and_X(struct smb_request *req)
549 connection_struct *conn = req->conn;
550 const char *service = NULL;
552 TALLOC_CTX *ctx = talloc_tos();
553 /* what the cleint thinks the device is */
554 char *client_devicetype = NULL;
555 /* what the server tells the client the share represents */
556 const char *server_devicetype;
563 START_PROFILE(SMBtconX);
566 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
567 END_PROFILE(SMBtconX);
571 passlen = SVAL(req->vwv+3, 0);
572 tcon_flags = SVAL(req->vwv+2, 0);
574 /* we might have to close an old one */
575 if ((tcon_flags & 0x1) && conn) {
576 close_cnum(conn,req->vuid);
581 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
582 reply_doserror(req, ERRDOS, ERRbuftoosmall);
583 END_PROFILE(SMBtconX);
587 if (global_encrypted_passwords_negotiated) {
588 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
589 if (lp_security() == SEC_SHARE) {
591 * Security = share always has a pad byte
592 * after the password.
594 p = (const char *)req->buf + passlen + 1;
596 p = (const char *)req->buf + passlen;
599 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
600 /* Ensure correct termination */
601 password.data[passlen]=0;
602 p = (const char *)req->buf + passlen + 1;
605 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
608 data_blob_clear_free(&password);
609 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
610 END_PROFILE(SMBtconX);
615 * the service name can be either: \\server\share
616 * or share directly like on the DELL PowerVault 705
619 q = strchr_m(path+2,'\\');
621 data_blob_clear_free(&password);
622 reply_doserror(req, ERRDOS, ERRnosuchshare);
623 END_PROFILE(SMBtconX);
631 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
632 &client_devicetype, p,
633 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
635 if (client_devicetype == NULL) {
636 data_blob_clear_free(&password);
637 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
638 END_PROFILE(SMBtconX);
642 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
644 conn = make_connection(service, password, client_devicetype,
645 req->vuid, &nt_status);
648 data_blob_clear_free(&password);
651 reply_nterror(req, nt_status);
652 END_PROFILE(SMBtconX);
657 server_devicetype = "IPC";
658 else if ( IS_PRINT(conn) )
659 server_devicetype = "LPT1:";
661 server_devicetype = "A:";
663 if (Protocol < PROTOCOL_NT1) {
664 reply_outbuf(req, 2, 0);
665 if (message_push_string(&req->outbuf, server_devicetype,
666 STR_TERMINATE|STR_ASCII) == -1) {
667 reply_nterror(req, NT_STATUS_NO_MEMORY);
668 END_PROFILE(SMBtconX);
672 /* NT sets the fstype of IPC$ to the null string */
673 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
675 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
676 /* Return permissions. */
680 reply_outbuf(req, 7, 0);
683 perm1 = FILE_ALL_ACCESS;
684 perm2 = FILE_ALL_ACCESS;
686 perm1 = CAN_WRITE(conn) ?
691 SIVAL(req->outbuf, smb_vwv3, perm1);
692 SIVAL(req->outbuf, smb_vwv5, perm2);
694 reply_outbuf(req, 3, 0);
697 if ((message_push_string(&req->outbuf, server_devicetype,
698 STR_TERMINATE|STR_ASCII) == -1)
699 || (message_push_string(&req->outbuf, fstype,
700 STR_TERMINATE) == -1)) {
701 reply_nterror(req, NT_STATUS_NO_MEMORY);
702 END_PROFILE(SMBtconX);
706 /* what does setting this bit do? It is set by NT4 and
707 may affect the ability to autorun mounted cdroms */
708 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
709 (lp_csc_policy(SNUM(conn)) << 2));
711 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
712 DEBUG(2,("Serving %s as a Dfs root\n",
713 lp_servicename(SNUM(conn)) ));
714 SSVAL(req->outbuf, smb_vwv2,
715 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
720 DEBUG(3,("tconX service=%s \n",
723 /* set the incoming and outgoing tid to the just created one */
724 SSVAL(req->inbuf,smb_tid,conn->cnum);
725 SSVAL(req->outbuf,smb_tid,conn->cnum);
727 END_PROFILE(SMBtconX);
733 /****************************************************************************
734 Reply to an unknown type.
735 ****************************************************************************/
737 void reply_unknown_new(struct smb_request *req, uint8 type)
739 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
740 smb_fn_name(type), type, type));
741 reply_doserror(req, ERRSRV, ERRunknownsmb);
745 /****************************************************************************
747 conn POINTER CAN BE NULL HERE !
748 ****************************************************************************/
750 void reply_ioctl(struct smb_request *req)
752 connection_struct *conn = req->conn;
759 START_PROFILE(SMBioctl);
762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
763 END_PROFILE(SMBioctl);
767 device = SVAL(req->vwv+1, 0);
768 function = SVAL(req->vwv+2, 0);
769 ioctl_code = (device << 16) + function;
771 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
773 switch (ioctl_code) {
774 case IOCTL_QUERY_JOB_INFO:
778 reply_doserror(req, ERRSRV, ERRnosupport);
779 END_PROFILE(SMBioctl);
783 reply_outbuf(req, 8, replysize+1);
784 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
785 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
786 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
787 p = smb_buf(req->outbuf);
788 memset(p, '\0', replysize+1); /* valgrind-safe. */
789 p += 1; /* Allow for alignment */
791 switch (ioctl_code) {
792 case IOCTL_QUERY_JOB_INFO:
794 files_struct *fsp = file_fsp(
795 req, SVAL(req->vwv+0, 0));
797 reply_doserror(req, ERRDOS, ERRbadfid);
798 END_PROFILE(SMBioctl);
801 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
802 srvstr_push((char *)req->outbuf, req->flags2, p+2,
804 STR_TERMINATE|STR_ASCII);
806 srvstr_push((char *)req->outbuf, req->flags2,
807 p+18, lp_servicename(SNUM(conn)),
808 13, STR_TERMINATE|STR_ASCII);
816 END_PROFILE(SMBioctl);
820 /****************************************************************************
821 Strange checkpath NTSTATUS mapping.
822 ****************************************************************************/
824 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
826 /* Strange DOS error code semantics only for checkpath... */
827 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
828 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
829 /* We need to map to ERRbadpath */
830 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
836 /****************************************************************************
837 Reply to a checkpath.
838 ****************************************************************************/
840 void reply_checkpath(struct smb_request *req)
842 connection_struct *conn = req->conn;
844 SMB_STRUCT_STAT sbuf;
846 TALLOC_CTX *ctx = talloc_tos();
848 START_PROFILE(SMBcheckpath);
850 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
851 STR_TERMINATE, &status);
853 if (!NT_STATUS_IS_OK(status)) {
854 status = map_checkpath_error(req->flags2, status);
855 reply_nterror(req, status);
856 END_PROFILE(SMBcheckpath);
860 status = resolve_dfspath(ctx, conn,
861 req->flags2 & FLAGS2_DFS_PATHNAMES,
864 if (!NT_STATUS_IS_OK(status)) {
865 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
866 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
868 END_PROFILE(SMBcheckpath);
874 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
876 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
877 if (!NT_STATUS_IS_OK(status)) {
881 status = check_name(conn, name);
882 if (!NT_STATUS_IS_OK(status)) {
883 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
887 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
888 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
889 status = map_nt_error_from_unix(errno);
893 if (!S_ISDIR(sbuf.st_mode)) {
894 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
896 END_PROFILE(SMBcheckpath);
900 reply_outbuf(req, 0, 0);
902 END_PROFILE(SMBcheckpath);
907 END_PROFILE(SMBcheckpath);
909 /* We special case this - as when a Windows machine
910 is parsing a path is steps through the components
911 one at a time - if a component fails it expects
912 ERRbadpath, not ERRbadfile.
914 status = map_checkpath_error(req->flags2, status);
915 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
917 * Windows returns different error codes if
918 * the parent directory is valid but not the
919 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
920 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
921 * if the path is invalid.
923 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
928 reply_nterror(req, status);
931 /****************************************************************************
933 ****************************************************************************/
935 void reply_getatr(struct smb_request *req)
937 connection_struct *conn = req->conn;
939 SMB_STRUCT_STAT sbuf;
945 TALLOC_CTX *ctx = talloc_tos();
947 START_PROFILE(SMBgetatr);
949 p = (const char *)req->buf + 1;
950 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
951 if (!NT_STATUS_IS_OK(status)) {
952 reply_nterror(req, status);
953 END_PROFILE(SMBgetatr);
957 status = resolve_dfspath(ctx, conn,
958 req->flags2 & FLAGS2_DFS_PATHNAMES,
961 if (!NT_STATUS_IS_OK(status)) {
962 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
963 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
965 END_PROFILE(SMBgetatr);
968 reply_nterror(req, status);
969 END_PROFILE(SMBgetatr);
973 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
974 under WfWg - weird! */
975 if (*fname == '\0') {
976 mode = aHIDDEN | aDIR;
977 if (!CAN_WRITE(conn)) {
983 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
984 if (!NT_STATUS_IS_OK(status)) {
985 reply_nterror(req, status);
986 END_PROFILE(SMBgetatr);
989 status = check_name(conn, fname);
990 if (!NT_STATUS_IS_OK(status)) {
991 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
992 reply_nterror(req, status);
993 END_PROFILE(SMBgetatr);
996 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
997 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
998 reply_unixerror(req, ERRDOS,ERRbadfile);
999 END_PROFILE(SMBgetatr);
1003 mode = dos_mode(conn,fname,&sbuf);
1004 size = sbuf.st_size;
1005 mtime = sbuf.st_mtime;
1011 reply_outbuf(req, 10, 0);
1013 SSVAL(req->outbuf,smb_vwv0,mode);
1014 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1015 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1017 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1019 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1021 if (Protocol >= PROTOCOL_NT1) {
1022 SSVAL(req->outbuf, smb_flg2,
1023 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1026 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1028 END_PROFILE(SMBgetatr);
1032 /****************************************************************************
1034 ****************************************************************************/
1036 void reply_setatr(struct smb_request *req)
1038 struct timespec ts[2];
1039 connection_struct *conn = req->conn;
1043 SMB_STRUCT_STAT sbuf;
1046 TALLOC_CTX *ctx = talloc_tos();
1048 START_PROFILE(SMBsetatr);
1053 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1057 p = (const char *)req->buf + 1;
1058 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1059 if (!NT_STATUS_IS_OK(status)) {
1060 reply_nterror(req, status);
1061 END_PROFILE(SMBsetatr);
1065 status = resolve_dfspath(ctx, conn,
1066 req->flags2 & FLAGS2_DFS_PATHNAMES,
1069 if (!NT_STATUS_IS_OK(status)) {
1070 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1071 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1072 ERRSRV, ERRbadpath);
1073 END_PROFILE(SMBsetatr);
1076 reply_nterror(req, status);
1077 END_PROFILE(SMBsetatr);
1081 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1082 if (!NT_STATUS_IS_OK(status)) {
1083 reply_nterror(req, status);
1084 END_PROFILE(SMBsetatr);
1088 status = check_name(conn, fname);
1089 if (!NT_STATUS_IS_OK(status)) {
1090 reply_nterror(req, status);
1091 END_PROFILE(SMBsetatr);
1095 if (fname[0] == '.' && fname[1] == '\0') {
1097 * Not sure here is the right place to catch this
1098 * condition. Might be moved to somewhere else later -- vl
1100 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1101 END_PROFILE(SMBsetatr);
1105 mode = SVAL(req->vwv+0, 0);
1106 mtime = srv_make_unix_date3(req->vwv+1);
1108 ts[1] = convert_time_t_to_timespec(mtime);
1109 status = smb_set_file_time(conn, NULL, fname,
1111 if (!NT_STATUS_IS_OK(status)) {
1112 reply_unixerror(req, ERRDOS, ERRnoaccess);
1113 END_PROFILE(SMBsetatr);
1117 if (mode != FILE_ATTRIBUTE_NORMAL) {
1118 if (VALID_STAT_OF_DIR(sbuf))
1123 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1124 reply_unixerror(req, ERRDOS, ERRnoaccess);
1125 END_PROFILE(SMBsetatr);
1130 reply_outbuf(req, 0, 0);
1132 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1134 END_PROFILE(SMBsetatr);
1138 /****************************************************************************
1140 ****************************************************************************/
1142 void reply_dskattr(struct smb_request *req)
1144 connection_struct *conn = req->conn;
1145 uint64_t dfree,dsize,bsize;
1146 START_PROFILE(SMBdskattr);
1148 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1149 reply_unixerror(req, ERRHRD, ERRgeneral);
1150 END_PROFILE(SMBdskattr);
1154 reply_outbuf(req, 5, 0);
1156 if (Protocol <= PROTOCOL_LANMAN2) {
1157 double total_space, free_space;
1158 /* we need to scale this to a number that DOS6 can handle. We
1159 use floating point so we can handle large drives on systems
1160 that don't have 64 bit integers
1162 we end up displaying a maximum of 2G to DOS systems
1164 total_space = dsize * (double)bsize;
1165 free_space = dfree * (double)bsize;
1167 dsize = (uint64_t)((total_space+63*512) / (64*512));
1168 dfree = (uint64_t)((free_space+63*512) / (64*512));
1170 if (dsize > 0xFFFF) dsize = 0xFFFF;
1171 if (dfree > 0xFFFF) dfree = 0xFFFF;
1173 SSVAL(req->outbuf,smb_vwv0,dsize);
1174 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1175 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1176 SSVAL(req->outbuf,smb_vwv3,dfree);
1178 SSVAL(req->outbuf,smb_vwv0,dsize);
1179 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1180 SSVAL(req->outbuf,smb_vwv2,512);
1181 SSVAL(req->outbuf,smb_vwv3,dfree);
1184 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1186 END_PROFILE(SMBdskattr);
1190 /****************************************************************************
1192 Can be called from SMBsearch, SMBffirst or SMBfunique.
1193 ****************************************************************************/
1195 void reply_search(struct smb_request *req)
1197 connection_struct *conn = req->conn;
1198 const char *mask = NULL;
1199 char *directory = NULL;
1205 unsigned int numentries = 0;
1206 unsigned int maxentries = 0;
1207 bool finished = False;
1213 bool check_descend = False;
1214 bool expect_close = False;
1216 bool mask_contains_wcard = False;
1217 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1218 TALLOC_CTX *ctx = talloc_tos();
1219 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1221 START_PROFILE(SMBsearch);
1224 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1225 END_PROFILE(SMBsearch);
1229 if (lp_posix_pathnames()) {
1230 reply_unknown_new(req, req->cmd);
1231 END_PROFILE(SMBsearch);
1235 /* If we were called as SMBffirst then we must expect close. */
1236 if(req->cmd == SMBffirst) {
1237 expect_close = True;
1240 reply_outbuf(req, 1, 3);
1241 maxentries = SVAL(req->vwv+0, 0);
1242 dirtype = SVAL(req->vwv+1, 0);
1243 p = (const char *)req->buf + 1;
1244 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1245 &nt_status, &mask_contains_wcard);
1246 if (!NT_STATUS_IS_OK(nt_status)) {
1247 reply_nterror(req, nt_status);
1248 END_PROFILE(SMBsearch);
1252 nt_status = resolve_dfspath_wcard(ctx, conn,
1253 req->flags2 & FLAGS2_DFS_PATHNAMES,
1256 &mask_contains_wcard);
1257 if (!NT_STATUS_IS_OK(nt_status)) {
1258 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1259 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1260 ERRSRV, ERRbadpath);
1261 END_PROFILE(SMBsearch);
1264 reply_nterror(req, nt_status);
1265 END_PROFILE(SMBsearch);
1270 status_len = SVAL(p, 0);
1273 /* dirtype &= ~aDIR; */
1275 if (status_len == 0) {
1276 SMB_STRUCT_STAT sbuf;
1278 nt_status = unix_convert(ctx, conn, path, True,
1279 &directory, NULL, &sbuf);
1280 if (!NT_STATUS_IS_OK(nt_status)) {
1281 reply_nterror(req, nt_status);
1282 END_PROFILE(SMBsearch);
1286 nt_status = check_name(conn, directory);
1287 if (!NT_STATUS_IS_OK(nt_status)) {
1288 reply_nterror(req, nt_status);
1289 END_PROFILE(SMBsearch);
1293 p = strrchr_m(directory,'/');
1294 if ((p != NULL) && (*directory != '/')) {
1296 directory = talloc_strndup(ctx, directory,
1297 PTR_DIFF(p, directory));
1300 directory = talloc_strdup(ctx,".");
1304 reply_nterror(req, NT_STATUS_NO_MEMORY);
1305 END_PROFILE(SMBsearch);
1309 memset((char *)status,'\0',21);
1310 SCVAL(status,0,(dirtype & 0x1F));
1312 nt_status = dptr_create(conn,
1318 mask_contains_wcard,
1321 if (!NT_STATUS_IS_OK(nt_status)) {
1322 reply_nterror(req, nt_status);
1323 END_PROFILE(SMBsearch);
1326 dptr_num = dptr_dnum(conn->dirptr);
1330 memcpy(status,p,21);
1331 status_dirtype = CVAL(status,0) & 0x1F;
1332 if (status_dirtype != (dirtype & 0x1F)) {
1333 dirtype = status_dirtype;
1336 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1337 if (!conn->dirptr) {
1340 string_set(&conn->dirpath,dptr_path(dptr_num));
1341 mask = dptr_wcard(dptr_num);
1346 * For a 'continue' search we have no string. So
1347 * check from the initial saved string.
1349 mask_contains_wcard = ms_has_wild(mask);
1350 dirtype = dptr_attr(dptr_num);
1353 DEBUG(4,("dptr_num is %d\n",dptr_num));
1355 if ((dirtype&0x1F) == aVOLID) {
1356 char buf[DIR_STRUCT_SIZE];
1357 memcpy(buf,status,21);
1358 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1359 0,aVOLID,0,!allow_long_path_components)) {
1360 reply_nterror(req, NT_STATUS_NO_MEMORY);
1361 END_PROFILE(SMBsearch);
1364 dptr_fill(buf+12,dptr_num);
1365 if (dptr_zero(buf+12) && (status_len==0)) {
1370 if (message_push_blob(&req->outbuf,
1371 data_blob_const(buf, sizeof(buf)))
1373 reply_nterror(req, NT_STATUS_NO_MEMORY);
1374 END_PROFILE(SMBsearch);
1382 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1385 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1386 conn->dirpath,lp_dontdescend(SNUM(conn))));
1387 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1388 check_descend = True;
1391 for (i=numentries;(i<maxentries) && !finished;i++) {
1392 finished = !get_dir_entry(ctx,
1403 char buf[DIR_STRUCT_SIZE];
1404 memcpy(buf,status,21);
1405 if (!make_dir_struct(ctx,
1412 !allow_long_path_components)) {
1413 reply_nterror(req, NT_STATUS_NO_MEMORY);
1414 END_PROFILE(SMBsearch);
1417 if (!dptr_fill(buf+12,dptr_num)) {
1420 if (message_push_blob(&req->outbuf,
1421 data_blob_const(buf, sizeof(buf)))
1423 reply_nterror(req, NT_STATUS_NO_MEMORY);
1424 END_PROFILE(SMBsearch);
1434 /* If we were called as SMBffirst with smb_search_id == NULL
1435 and no entries were found then return error and close dirptr
1438 if (numentries == 0) {
1439 dptr_close(&dptr_num);
1440 } else if(expect_close && status_len == 0) {
1441 /* Close the dptr - we know it's gone */
1442 dptr_close(&dptr_num);
1445 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1446 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1447 dptr_close(&dptr_num);
1450 if ((numentries == 0) && !mask_contains_wcard) {
1451 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1452 END_PROFILE(SMBsearch);
1456 SSVAL(req->outbuf,smb_vwv0,numentries);
1457 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1458 SCVAL(smb_buf(req->outbuf),0,5);
1459 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1461 /* The replies here are never long name. */
1462 SSVAL(req->outbuf, smb_flg2,
1463 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1464 if (!allow_long_path_components) {
1465 SSVAL(req->outbuf, smb_flg2,
1466 SVAL(req->outbuf, smb_flg2)
1467 & (~FLAGS2_LONG_PATH_COMPONENTS));
1470 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1471 SSVAL(req->outbuf, smb_flg2,
1472 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1475 directory = dptr_path(dptr_num);
1478 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1479 smb_fn_name(req->cmd),
1481 directory ? directory : "./",
1486 END_PROFILE(SMBsearch);
1490 /****************************************************************************
1491 Reply to a fclose (stop directory search).
1492 ****************************************************************************/
1494 void reply_fclose(struct smb_request *req)
1502 bool path_contains_wcard = False;
1503 TALLOC_CTX *ctx = talloc_tos();
1505 START_PROFILE(SMBfclose);
1507 if (lp_posix_pathnames()) {
1508 reply_unknown_new(req, req->cmd);
1509 END_PROFILE(SMBfclose);
1513 p = (const char *)req->buf + 1;
1514 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1515 &err, &path_contains_wcard);
1516 if (!NT_STATUS_IS_OK(err)) {
1517 reply_nterror(req, err);
1518 END_PROFILE(SMBfclose);
1522 status_len = SVAL(p,0);
1525 if (status_len == 0) {
1526 reply_doserror(req, ERRSRV, ERRsrverror);
1527 END_PROFILE(SMBfclose);
1531 memcpy(status,p,21);
1533 if(dptr_fetch(status+12,&dptr_num)) {
1534 /* Close the dptr - we know it's gone */
1535 dptr_close(&dptr_num);
1538 reply_outbuf(req, 1, 0);
1539 SSVAL(req->outbuf,smb_vwv0,0);
1541 DEBUG(3,("search close\n"));
1543 END_PROFILE(SMBfclose);
1547 /****************************************************************************
1549 ****************************************************************************/
1551 void reply_open(struct smb_request *req)
1553 connection_struct *conn = req->conn;
1559 SMB_STRUCT_STAT sbuf;
1566 uint32 create_disposition;
1567 uint32 create_options = 0;
1569 TALLOC_CTX *ctx = talloc_tos();
1571 START_PROFILE(SMBopen);
1574 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1575 END_PROFILE(SMBopen);
1579 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1580 deny_mode = SVAL(req->vwv+0, 0);
1581 dos_attr = SVAL(req->vwv+1, 0);
1583 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1584 STR_TERMINATE, &status);
1585 if (!NT_STATUS_IS_OK(status)) {
1586 reply_nterror(req, status);
1587 END_PROFILE(SMBopen);
1591 if (!map_open_params_to_ntcreate(
1592 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1593 &share_mode, &create_disposition, &create_options)) {
1594 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1595 END_PROFILE(SMBopen);
1599 status = create_file(conn, /* conn */
1601 0, /* root_dir_fid */
1603 access_mask, /* access_mask */
1604 share_mode, /* share_access */
1605 create_disposition, /* create_disposition*/
1606 create_options, /* create_options */
1607 dos_attr, /* file_attributes */
1608 oplock_request, /* oplock_request */
1609 0, /* allocation_size */
1616 if (!NT_STATUS_IS_OK(status)) {
1617 if (open_was_deferred(req->mid)) {
1618 /* We have re-scheduled this call. */
1619 END_PROFILE(SMBopen);
1622 reply_openerror(req, status);
1623 END_PROFILE(SMBopen);
1627 size = sbuf.st_size;
1628 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1629 mtime = sbuf.st_mtime;
1632 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1633 close_file(req, fsp, ERROR_CLOSE);
1634 reply_doserror(req, ERRDOS,ERRnoaccess);
1635 END_PROFILE(SMBopen);
1639 reply_outbuf(req, 7, 0);
1640 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1641 SSVAL(req->outbuf,smb_vwv1,fattr);
1642 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1643 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1645 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1647 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1648 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1650 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1651 SCVAL(req->outbuf,smb_flg,
1652 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1655 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1656 SCVAL(req->outbuf,smb_flg,
1657 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1659 END_PROFILE(SMBopen);
1663 /****************************************************************************
1664 Reply to an open and X.
1665 ****************************************************************************/
1667 void reply_open_and_X(struct smb_request *req)
1669 connection_struct *conn = req->conn;
1674 /* Breakout the oplock request bits so we can set the
1675 reply bits separately. */
1676 int ex_oplock_request;
1677 int core_oplock_request;
1680 int smb_sattr = SVAL(req->vwv+4, 0);
1681 uint32 smb_time = make_unix_date3(req->vwv+6);
1686 SMB_STRUCT_STAT sbuf;
1690 uint64_t allocation_size;
1691 ssize_t retval = -1;
1694 uint32 create_disposition;
1695 uint32 create_options = 0;
1696 TALLOC_CTX *ctx = talloc_tos();
1698 START_PROFILE(SMBopenX);
1700 if (req->wct < 15) {
1701 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1702 END_PROFILE(SMBopenX);
1706 open_flags = SVAL(req->vwv+2, 0);
1707 deny_mode = SVAL(req->vwv+3, 0);
1708 smb_attr = SVAL(req->vwv+5, 0);
1709 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1710 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1711 oplock_request = ex_oplock_request | core_oplock_request;
1712 smb_ofun = SVAL(req->vwv+8, 0);
1713 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1715 /* If it's an IPC, pass off the pipe handler. */
1717 if (lp_nt_pipe_support()) {
1718 reply_open_pipe_and_X(conn, req);
1720 reply_doserror(req, ERRSRV, ERRaccess);
1722 END_PROFILE(SMBopenX);
1726 /* XXXX we need to handle passed times, sattr and flags */
1727 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1728 STR_TERMINATE, &status);
1729 if (!NT_STATUS_IS_OK(status)) {
1730 reply_nterror(req, status);
1731 END_PROFILE(SMBopenX);
1735 if (!map_open_params_to_ntcreate(
1736 fname, deny_mode, smb_ofun, &access_mask,
1737 &share_mode, &create_disposition, &create_options)) {
1738 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1739 END_PROFILE(SMBopenX);
1743 status = create_file(conn, /* conn */
1745 0, /* root_dir_fid */
1747 access_mask, /* access_mask */
1748 share_mode, /* share_access */
1749 create_disposition, /* create_disposition*/
1750 create_options, /* create_options */
1751 smb_attr, /* file_attributes */
1752 oplock_request, /* oplock_request */
1753 0, /* allocation_size */
1757 &smb_action, /* pinfo */
1760 if (!NT_STATUS_IS_OK(status)) {
1761 END_PROFILE(SMBopenX);
1762 if (open_was_deferred(req->mid)) {
1763 /* We have re-scheduled this call. */
1766 reply_openerror(req, status);
1770 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1771 if the file is truncated or created. */
1772 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1773 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1774 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1775 close_file(req, fsp, ERROR_CLOSE);
1776 reply_nterror(req, NT_STATUS_DISK_FULL);
1777 END_PROFILE(SMBopenX);
1780 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1782 close_file(req, fsp, ERROR_CLOSE);
1783 reply_nterror(req, NT_STATUS_DISK_FULL);
1784 END_PROFILE(SMBopenX);
1787 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1790 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1791 mtime = sbuf.st_mtime;
1793 close_file(req, fsp, ERROR_CLOSE);
1794 reply_doserror(req, ERRDOS, ERRnoaccess);
1795 END_PROFILE(SMBopenX);
1799 /* If the caller set the extended oplock request bit
1800 and we granted one (by whatever means) - set the
1801 correct bit for extended oplock reply.
1804 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1805 smb_action |= EXTENDED_OPLOCK_GRANTED;
1808 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1809 smb_action |= EXTENDED_OPLOCK_GRANTED;
1812 /* If the caller set the core oplock request bit
1813 and we granted one (by whatever means) - set the
1814 correct bit for core oplock reply.
1817 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1818 reply_outbuf(req, 19, 0);
1820 reply_outbuf(req, 15, 0);
1823 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1824 SCVAL(req->outbuf, smb_flg,
1825 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1828 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1829 SCVAL(req->outbuf, smb_flg,
1830 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1833 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1834 SSVAL(req->outbuf,smb_vwv3,fattr);
1835 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1836 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1838 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1840 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1841 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1842 SSVAL(req->outbuf,smb_vwv11,smb_action);
1844 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1845 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1848 END_PROFILE(SMBopenX);
1853 /****************************************************************************
1854 Reply to a SMBulogoffX.
1855 ****************************************************************************/
1857 void reply_ulogoffX(struct smb_request *req)
1861 START_PROFILE(SMBulogoffX);
1863 vuser = get_valid_user_struct(req->vuid);
1866 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1870 /* in user level security we are supposed to close any files
1871 open by this user */
1872 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1873 file_close_user(req->vuid);
1876 invalidate_vuid(req->vuid);
1878 reply_outbuf(req, 2, 0);
1880 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1882 END_PROFILE(SMBulogoffX);
1886 /****************************************************************************
1887 Reply to a mknew or a create.
1888 ****************************************************************************/
1890 void reply_mknew(struct smb_request *req)
1892 connection_struct *conn = req->conn;
1895 struct timespec ts[2];
1897 int oplock_request = 0;
1898 SMB_STRUCT_STAT sbuf;
1900 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1901 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1902 uint32 create_disposition;
1903 uint32 create_options = 0;
1904 TALLOC_CTX *ctx = talloc_tos();
1906 START_PROFILE(SMBcreate);
1909 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1910 END_PROFILE(SMBcreate);
1914 fattr = SVAL(req->vwv+0, 0);
1915 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1917 ts[1] = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1920 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1921 STR_TERMINATE, &status);
1922 if (!NT_STATUS_IS_OK(status)) {
1923 reply_nterror(req, status);
1924 END_PROFILE(SMBcreate);
1928 if (fattr & aVOLID) {
1929 DEBUG(0,("Attempt to create file (%s) with volid set - "
1930 "please report this\n", fname));
1933 if(req->cmd == SMBmknew) {
1934 /* We should fail if file exists. */
1935 create_disposition = FILE_CREATE;
1937 /* Create if file doesn't exist, truncate if it does. */
1938 create_disposition = FILE_OVERWRITE_IF;
1941 status = create_file(conn, /* conn */
1943 0, /* root_dir_fid */
1945 access_mask, /* access_mask */
1946 share_mode, /* share_access */
1947 create_disposition, /* create_disposition*/
1948 create_options, /* create_options */
1949 fattr, /* file_attributes */
1950 oplock_request, /* oplock_request */
1951 0, /* allocation_size */
1958 if (!NT_STATUS_IS_OK(status)) {
1959 END_PROFILE(SMBcreate);
1960 if (open_was_deferred(req->mid)) {
1961 /* We have re-scheduled this call. */
1964 reply_openerror(req, status);
1968 ts[0] = get_atimespec(&sbuf); /* atime. */
1969 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, ts, true);
1970 if (!NT_STATUS_IS_OK(status)) {
1971 END_PROFILE(SMBcreate);
1972 reply_openerror(req, status);
1976 reply_outbuf(req, 1, 0);
1977 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1979 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1980 SCVAL(req->outbuf,smb_flg,
1981 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1984 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1985 SCVAL(req->outbuf,smb_flg,
1986 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1989 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
1990 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
1991 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
1993 END_PROFILE(SMBcreate);
1997 /****************************************************************************
1998 Reply to a create temporary file.
1999 ****************************************************************************/
2001 void reply_ctemp(struct smb_request *req)
2003 connection_struct *conn = req->conn;
2009 SMB_STRUCT_STAT sbuf;
2012 TALLOC_CTX *ctx = talloc_tos();
2014 START_PROFILE(SMBctemp);
2017 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2018 END_PROFILE(SMBctemp);
2022 fattr = SVAL(req->vwv+0, 0);
2023 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2025 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2026 STR_TERMINATE, &status);
2027 if (!NT_STATUS_IS_OK(status)) {
2028 reply_nterror(req, status);
2029 END_PROFILE(SMBctemp);
2033 fname = talloc_asprintf(ctx,
2037 fname = talloc_strdup(ctx, "TMXXXXXX");
2041 reply_nterror(req, NT_STATUS_NO_MEMORY);
2042 END_PROFILE(SMBctemp);
2046 status = resolve_dfspath(ctx, conn,
2047 req->flags2 & FLAGS2_DFS_PATHNAMES,
2050 if (!NT_STATUS_IS_OK(status)) {
2051 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2052 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2053 ERRSRV, ERRbadpath);
2054 END_PROFILE(SMBctemp);
2057 reply_nterror(req, status);
2058 END_PROFILE(SMBctemp);
2062 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2063 if (!NT_STATUS_IS_OK(status)) {
2064 reply_nterror(req, status);
2065 END_PROFILE(SMBctemp);
2069 status = check_name(conn, fname);
2070 if (!NT_STATUS_IS_OK(status)) {
2071 reply_nterror(req, status);
2072 END_PROFILE(SMBctemp);
2076 tmpfd = smb_mkstemp(fname);
2078 reply_unixerror(req, ERRDOS, ERRnoaccess);
2079 END_PROFILE(SMBctemp);
2083 SMB_VFS_STAT(conn,fname,&sbuf);
2085 /* We should fail if file does not exist. */
2086 status = open_file_ntcreate(conn, req, fname, &sbuf,
2087 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2088 FILE_SHARE_READ|FILE_SHARE_WRITE,
2095 /* close fd from smb_mkstemp() */
2098 if (!NT_STATUS_IS_OK(status)) {
2099 if (open_was_deferred(req->mid)) {
2100 /* We have re-scheduled this call. */
2101 END_PROFILE(SMBctemp);
2104 reply_openerror(req, status);
2105 END_PROFILE(SMBctemp);
2109 reply_outbuf(req, 1, 0);
2110 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2112 /* the returned filename is relative to the directory */
2113 s = strrchr_m(fsp->fsp_name, '/');
2121 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2122 thing in the byte section. JRA */
2123 SSVALS(p, 0, -1); /* what is this? not in spec */
2125 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2127 reply_nterror(req, NT_STATUS_NO_MEMORY);
2128 END_PROFILE(SMBctemp);
2132 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2133 SCVAL(req->outbuf, smb_flg,
2134 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2137 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2138 SCVAL(req->outbuf, smb_flg,
2139 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2142 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2143 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2144 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2146 END_PROFILE(SMBctemp);
2150 /*******************************************************************
2151 Check if a user is allowed to rename a file.
2152 ********************************************************************/
2154 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2155 uint16 dirtype, SMB_STRUCT_STAT *pst)
2159 if (!CAN_WRITE(conn)) {
2160 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2163 fmode = dos_mode(conn, fsp->fsp_name, pst);
2164 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2165 return NT_STATUS_NO_SUCH_FILE;
2168 if (S_ISDIR(pst->st_mode)) {
2169 return NT_STATUS_OK;
2172 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2173 return NT_STATUS_OK;
2176 return NT_STATUS_ACCESS_DENIED;
2179 /*******************************************************************
2180 * unlink a file with all relevant access checks
2181 *******************************************************************/
2183 static NTSTATUS do_unlink(connection_struct *conn,
2184 struct smb_request *req,
2188 SMB_STRUCT_STAT sbuf;
2191 uint32 dirtype_orig = dirtype;
2194 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2196 if (!CAN_WRITE(conn)) {
2197 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2200 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2201 return map_nt_error_from_unix(errno);
2204 fattr = dos_mode(conn,fname,&sbuf);
2206 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2207 dirtype = aDIR|aARCH|aRONLY;
2210 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2212 return NT_STATUS_NO_SUCH_FILE;
2215 if (!dir_check_ftype(conn, fattr, dirtype)) {
2217 return NT_STATUS_FILE_IS_A_DIRECTORY;
2219 return NT_STATUS_NO_SUCH_FILE;
2222 if (dirtype_orig & 0x8000) {
2223 /* These will never be set for POSIX. */
2224 return NT_STATUS_NO_SUCH_FILE;
2228 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2229 return NT_STATUS_FILE_IS_A_DIRECTORY;
2232 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2233 return NT_STATUS_NO_SUCH_FILE;
2236 if (dirtype & 0xFF00) {
2237 /* These will never be set for POSIX. */
2238 return NT_STATUS_NO_SUCH_FILE;
2243 return NT_STATUS_NO_SUCH_FILE;
2246 /* Can't delete a directory. */
2248 return NT_STATUS_FILE_IS_A_DIRECTORY;
2253 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2254 return NT_STATUS_OBJECT_NAME_INVALID;
2255 #endif /* JRATEST */
2257 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2259 On a Windows share, a file with read-only dosmode can be opened with
2260 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2261 fails with NT_STATUS_CANNOT_DELETE error.
2263 This semantic causes a problem that a user can not
2264 rename a file with read-only dosmode on a Samba share
2265 from a Windows command prompt (i.e. cmd.exe, but can rename
2266 from Windows Explorer).
2269 if (!lp_delete_readonly(SNUM(conn))) {
2270 if (fattr & aRONLY) {
2271 return NT_STATUS_CANNOT_DELETE;
2275 /* On open checks the open itself will check the share mode, so
2276 don't do it here as we'll get it wrong. */
2278 status = create_file_unixpath
2282 DELETE_ACCESS, /* access_mask */
2283 FILE_SHARE_NONE, /* share_access */
2284 FILE_OPEN, /* create_disposition*/
2285 FILE_NON_DIRECTORY_FILE, /* create_options */
2286 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2287 0, /* oplock_request */
2288 0, /* allocation_size */
2295 if (!NT_STATUS_IS_OK(status)) {
2296 DEBUG(10, ("create_file_unixpath failed: %s\n",
2297 nt_errstr(status)));
2301 /* The set is across all open files on this dev/inode pair. */
2302 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2303 close_file(req, fsp, NORMAL_CLOSE);
2304 return NT_STATUS_ACCESS_DENIED;
2307 return close_file(req, fsp, NORMAL_CLOSE);
2310 /****************************************************************************
2311 The guts of the unlink command, split out so it may be called by the NT SMB
2313 ****************************************************************************/
2315 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2316 uint32 dirtype, const char *name_in, bool has_wild)
2318 const char *directory = NULL;
2323 NTSTATUS status = NT_STATUS_OK;
2324 SMB_STRUCT_STAT sbuf;
2325 TALLOC_CTX *ctx = talloc_tos();
2327 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2328 if (!NT_STATUS_IS_OK(status)) {
2332 p = strrchr_m(name,'/');
2334 directory = talloc_strdup(ctx, ".");
2336 return NT_STATUS_NO_MEMORY;
2346 * We should only check the mangled cache
2347 * here if unix_convert failed. This means
2348 * that the path in 'mask' doesn't exist
2349 * on the file system and so we need to look
2350 * for a possible mangle. This patch from
2351 * Tine Smukavec <valentin.smukavec@hermes.si>.
2354 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2355 char *new_mask = NULL;
2356 mangle_lookup_name_from_8_3(ctx,
2366 directory = talloc_asprintf(ctx,
2371 return NT_STATUS_NO_MEMORY;
2374 dirtype = FILE_ATTRIBUTE_NORMAL;
2377 status = check_name(conn, directory);
2378 if (!NT_STATUS_IS_OK(status)) {
2382 status = do_unlink(conn, req, directory, dirtype);
2383 if (!NT_STATUS_IS_OK(status)) {
2389 struct smb_Dir *dir_hnd = NULL;
2393 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2394 return NT_STATUS_OBJECT_NAME_INVALID;
2397 if (strequal(mask,"????????.???")) {
2402 status = check_name(conn, directory);
2403 if (!NT_STATUS_IS_OK(status)) {
2407 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2409 if (dir_hnd == NULL) {
2410 return map_nt_error_from_unix(errno);
2413 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2414 the pattern matches against the long name, otherwise the short name
2415 We don't implement this yet XXXX
2418 status = NT_STATUS_NO_SUCH_FILE;
2420 while ((dname = ReadDirName(dir_hnd, &offset))) {
2424 if (!is_visible_file(conn, directory, dname, &st, True)) {
2428 /* Quick check for "." and ".." */
2429 if (ISDOT(dname) || ISDOTDOT(dname)) {
2433 if(!mask_match(dname, mask, conn->case_sensitive)) {
2437 fname = talloc_asprintf(ctx, "%s/%s",
2441 return NT_STATUS_NO_MEMORY;
2444 status = check_name(conn, fname);
2445 if (!NT_STATUS_IS_OK(status)) {
2446 TALLOC_FREE(dir_hnd);
2450 status = do_unlink(conn, req, fname, dirtype);
2451 if (!NT_STATUS_IS_OK(status)) {
2457 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2462 TALLOC_FREE(dir_hnd);
2465 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2466 status = map_nt_error_from_unix(errno);
2472 /****************************************************************************
2474 ****************************************************************************/
2476 void reply_unlink(struct smb_request *req)
2478 connection_struct *conn = req->conn;
2482 bool path_contains_wcard = False;
2483 TALLOC_CTX *ctx = talloc_tos();
2485 START_PROFILE(SMBunlink);
2488 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2489 END_PROFILE(SMBunlink);
2493 dirtype = SVAL(req->vwv+0, 0);
2495 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2496 STR_TERMINATE, &status,
2497 &path_contains_wcard);
2498 if (!NT_STATUS_IS_OK(status)) {
2499 reply_nterror(req, status);
2500 END_PROFILE(SMBunlink);
2504 status = resolve_dfspath_wcard(ctx, conn,
2505 req->flags2 & FLAGS2_DFS_PATHNAMES,
2508 &path_contains_wcard);
2509 if (!NT_STATUS_IS_OK(status)) {
2510 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2511 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2512 ERRSRV, ERRbadpath);
2513 END_PROFILE(SMBunlink);
2516 reply_nterror(req, status);
2517 END_PROFILE(SMBunlink);
2521 DEBUG(3,("reply_unlink : %s\n",name));
2523 status = unlink_internals(conn, req, dirtype, name,
2524 path_contains_wcard);
2525 if (!NT_STATUS_IS_OK(status)) {
2526 if (open_was_deferred(req->mid)) {
2527 /* We have re-scheduled this call. */
2528 END_PROFILE(SMBunlink);
2531 reply_nterror(req, status);
2532 END_PROFILE(SMBunlink);
2536 reply_outbuf(req, 0, 0);
2537 END_PROFILE(SMBunlink);
2542 /****************************************************************************
2544 ****************************************************************************/
2546 static void fail_readraw(void)
2548 const char *errstr = talloc_asprintf(talloc_tos(),
2549 "FAIL ! reply_readbraw: socket write fail (%s)",
2554 exit_server_cleanly(errstr);
2557 /****************************************************************************
2558 Fake (read/write) sendfile. Returns -1 on read or write fail.
2559 ****************************************************************************/
2561 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2565 size_t tosend = nread;
2572 bufsize = MIN(nread, 65536);
2574 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2578 while (tosend > 0) {
2582 if (tosend > bufsize) {
2587 ret = read_file(fsp,buf,startpos,cur_read);
2593 /* If we had a short read, fill with zeros. */
2594 if (ret < cur_read) {
2595 memset(buf, '\0', cur_read - ret);
2598 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2603 startpos += cur_read;
2607 return (ssize_t)nread;
2610 /****************************************************************************
2611 Return a readbraw error (4 bytes of zero).
2612 ****************************************************************************/
2614 static void reply_readbraw_error(void)
2618 if (write_data(smbd_server_fd(),header,4) != 4) {
2623 /****************************************************************************
2624 Use sendfile in readbraw.
2625 ****************************************************************************/
2627 void send_file_readbraw(connection_struct *conn,
2633 char *outbuf = NULL;
2636 #if defined(WITH_SENDFILE)
2638 * We can only use sendfile on a non-chained packet
2639 * but we can use on a non-oplocked file. tridge proved this
2640 * on a train in Germany :-). JRA.
2641 * reply_readbraw has already checked the length.
2644 if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) &&
2645 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2647 DATA_BLOB header_blob;
2649 _smb_setlen(header,nread);
2650 header_blob = data_blob_const(header, 4);
2652 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2653 &header_blob, startpos, nread) == -1) {
2654 /* Returning ENOSYS means no data at all was sent.
2655 * Do this as a normal read. */
2656 if (errno == ENOSYS) {
2657 goto normal_readbraw;
2661 * Special hack for broken Linux with no working sendfile. If we
2662 * return EINTR we sent the header but not the rest of the data.
2663 * Fake this up by doing read/write calls.
2665 if (errno == EINTR) {
2666 /* Ensure we don't do this again. */
2667 set_use_sendfile(SNUM(conn), False);
2668 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2670 if (fake_sendfile(fsp, startpos, nread) == -1) {
2671 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2672 fsp->fsp_name, strerror(errno) ));
2673 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2678 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2679 fsp->fsp_name, strerror(errno) ));
2680 exit_server_cleanly("send_file_readbraw sendfile failed");
2689 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2691 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2692 (unsigned)(nread+4)));
2693 reply_readbraw_error();
2698 ret = read_file(fsp,outbuf+4,startpos,nread);
2699 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2708 _smb_setlen(outbuf,ret);
2709 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2712 TALLOC_FREE(outbuf);
2715 /****************************************************************************
2716 Reply to a readbraw (core+ protocol).
2717 ****************************************************************************/
2719 void reply_readbraw(struct smb_request *req)
2721 connection_struct *conn = req->conn;
2722 ssize_t maxcount,mincount;
2729 START_PROFILE(SMBreadbraw);
2731 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2732 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2733 "raw reads/writes are disallowed.");
2737 reply_readbraw_error();
2738 END_PROFILE(SMBreadbraw);
2743 * Special check if an oplock break has been issued
2744 * and the readraw request croses on the wire, we must
2745 * return a zero length response here.
2748 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2751 * We have to do a check_fsp by hand here, as
2752 * we must always return 4 zero bytes on error,
2756 if (!fsp || !conn || conn != fsp->conn ||
2757 req->vuid != fsp->vuid ||
2758 fsp->is_directory || fsp->fh->fd == -1) {
2760 * fsp could be NULL here so use the value from the packet. JRA.
2762 DEBUG(3,("reply_readbraw: fnum %d not valid "
2764 (int)SVAL(req->vwv+0, 0)));
2765 reply_readbraw_error();
2766 END_PROFILE(SMBreadbraw);
2770 /* Do a "by hand" version of CHECK_READ. */
2771 if (!(fsp->can_read ||
2772 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2773 (fsp->access_mask & FILE_EXECUTE)))) {
2774 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2775 (int)SVAL(req->vwv+0, 0)));
2776 reply_readbraw_error();
2777 END_PROFILE(SMBreadbraw);
2781 flush_write_cache(fsp, READRAW_FLUSH);
2783 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2784 if(req->wct == 10) {
2786 * This is a large offset (64 bit) read.
2788 #ifdef LARGE_SMB_OFF_T
2790 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2792 #else /* !LARGE_SMB_OFF_T */
2795 * Ensure we haven't been sent a >32 bit offset.
2798 if(IVAL(req->vwv+8, 0) != 0) {
2799 DEBUG(0,("reply_readbraw: large offset "
2800 "(%x << 32) used and we don't support "
2801 "64 bit offsets.\n",
2802 (unsigned int)IVAL(req->vwv+8, 0) ));
2803 reply_readbraw_error();
2804 END_PROFILE(SMBreadbraw);
2808 #endif /* LARGE_SMB_OFF_T */
2811 DEBUG(0,("reply_readbraw: negative 64 bit "
2812 "readraw offset (%.0f) !\n",
2813 (double)startpos ));
2814 reply_readbraw_error();
2815 END_PROFILE(SMBreadbraw);
2820 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
2821 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
2823 /* ensure we don't overrun the packet size */
2824 maxcount = MIN(65535,maxcount);
2826 if (is_locked(fsp,(uint32)req->smbpid,
2830 reply_readbraw_error();
2831 END_PROFILE(SMBreadbraw);
2835 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2839 if (startpos >= size) {
2842 nread = MIN(maxcount,(size - startpos));
2845 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2846 if (nread < mincount)
2850 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2851 "min=%lu nread=%lu\n",
2852 fsp->fnum, (double)startpos,
2853 (unsigned long)maxcount,
2854 (unsigned long)mincount,
2855 (unsigned long)nread ) );
2857 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2859 DEBUG(5,("reply_readbraw finished\n"));
2860 END_PROFILE(SMBreadbraw);
2864 #define DBGC_CLASS DBGC_LOCKING
2866 /****************************************************************************
2867 Reply to a lockread (core+ protocol).
2868 ****************************************************************************/
2870 void reply_lockread(struct smb_request *req)
2872 connection_struct *conn = req->conn;
2879 struct byte_range_lock *br_lck = NULL;
2882 START_PROFILE(SMBlockread);
2885 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2886 END_PROFILE(SMBlockread);
2890 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2892 if (!check_fsp(conn, req, fsp)) {
2893 END_PROFILE(SMBlockread);
2897 if (!CHECK_READ(fsp,req->inbuf)) {
2898 reply_doserror(req, ERRDOS, ERRbadaccess);
2899 END_PROFILE(SMBlockread);
2903 release_level_2_oplocks_on_change(fsp);
2905 numtoread = SVAL(req->vwv+1, 0);
2906 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
2908 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2910 reply_outbuf(req, 5, numtoread + 3);
2912 data = smb_buf(req->outbuf) + 3;
2915 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2916 * protocol request that predates the read/write lock concept.
2917 * Thus instead of asking for a read lock here we need to ask
2918 * for a write lock. JRA.
2919 * Note that the requested lock size is unaffected by max_recv.
2922 br_lck = do_lock(smbd_messaging_context(),
2925 (uint64_t)numtoread,
2929 False, /* Non-blocking lock. */
2932 TALLOC_FREE(br_lck);
2934 if (NT_STATUS_V(status)) {
2935 reply_nterror(req, status);
2936 END_PROFILE(SMBlockread);
2941 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2944 if (numtoread > max_recv) {
2945 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2946 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2947 (unsigned int)numtoread, (unsigned int)max_recv ));
2948 numtoread = MIN(numtoread,max_recv);
2950 nread = read_file(fsp,data,startpos,numtoread);
2953 reply_unixerror(req, ERRDOS, ERRnoaccess);
2954 END_PROFILE(SMBlockread);
2958 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2960 SSVAL(req->outbuf,smb_vwv0,nread);
2961 SSVAL(req->outbuf,smb_vwv5,nread+3);
2962 p = smb_buf(req->outbuf);
2963 SCVAL(p,0,0); /* pad byte. */
2966 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2967 fsp->fnum, (int)numtoread, (int)nread));
2969 END_PROFILE(SMBlockread);
2974 #define DBGC_CLASS DBGC_ALL
2976 /****************************************************************************
2978 ****************************************************************************/
2980 void reply_read(struct smb_request *req)
2982 connection_struct *conn = req->conn;
2990 START_PROFILE(SMBread);
2993 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2994 END_PROFILE(SMBread);
2998 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3000 if (!check_fsp(conn, req, fsp)) {
3001 END_PROFILE(SMBread);
3005 if (!CHECK_READ(fsp,req->inbuf)) {
3006 reply_doserror(req, ERRDOS, ERRbadaccess);
3007 END_PROFILE(SMBread);
3011 numtoread = SVAL(req->vwv+1, 0);
3012 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3014 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3017 * The requested read size cannot be greater than max_recv. JRA.
3019 if (numtoread > max_recv) {
3020 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3021 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3022 (unsigned int)numtoread, (unsigned int)max_recv ));
3023 numtoread = MIN(numtoread,max_recv);
3026 reply_outbuf(req, 5, numtoread+3);
3028 data = smb_buf(req->outbuf) + 3;
3030 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtoread,
3031 (uint64_t)startpos, READ_LOCK)) {
3032 reply_doserror(req, ERRDOS,ERRlock);
3033 END_PROFILE(SMBread);
3038 nread = read_file(fsp,data,startpos,numtoread);
3041 reply_unixerror(req, ERRDOS,ERRnoaccess);
3042 END_PROFILE(SMBread);
3046 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3048 SSVAL(req->outbuf,smb_vwv0,nread);
3049 SSVAL(req->outbuf,smb_vwv5,nread+3);
3050 SCVAL(smb_buf(req->outbuf),0,1);
3051 SSVAL(smb_buf(req->outbuf),1,nread);
3053 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3054 fsp->fnum, (int)numtoread, (int)nread ) );
3056 END_PROFILE(SMBread);
3060 /****************************************************************************
3062 ****************************************************************************/
3064 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3069 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3070 data = smb_buf(outbuf);
3072 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3074 SCVAL(outbuf,smb_vwv0,0xFF);
3075 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3076 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3077 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3078 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3079 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3080 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3081 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3085 /****************************************************************************
3086 Reply to a read and X - possibly using sendfile.
3087 ****************************************************************************/
3089 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3090 files_struct *fsp, SMB_OFF_T startpos,
3093 SMB_STRUCT_STAT sbuf;
3096 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3097 reply_unixerror(req, ERRDOS, ERRnoaccess);
3101 if (startpos > sbuf.st_size) {
3103 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3104 smb_maxcnt = (sbuf.st_size - startpos);
3107 if (smb_maxcnt == 0) {
3111 #if defined(WITH_SENDFILE)
3113 * We can only use sendfile on a non-chained packet
3114 * but we can use on a non-oplocked file. tridge proved this
3115 * on a train in Germany :-). JRA.
3118 if ((chain_size == 0) && (CVAL(req->vwv+0, 0) == 0xFF) &&
3119 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3120 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3121 uint8 headerbuf[smb_size + 12 * 2];
3125 * Set up the packet header before send. We
3126 * assume here the sendfile will work (get the
3127 * correct amount of data).
3130 header = data_blob_const(headerbuf, sizeof(headerbuf));
3132 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3133 setup_readX_header((char *)headerbuf, smb_maxcnt);
3135 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3136 /* Returning ENOSYS or EINVAL means no data at all was sent.
3137 Do this as a normal read. */
3138 if (errno == ENOSYS || errno == EINVAL) {
3143 * Special hack for broken Linux with no working sendfile. If we
3144 * return EINTR we sent the header but not the rest of the data.
3145 * Fake this up by doing read/write calls.
3148 if (errno == EINTR) {
3149 /* Ensure we don't do this again. */
3150 set_use_sendfile(SNUM(conn), False);
3151 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3152 nread = fake_sendfile(fsp, startpos,
3155 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3156 fsp->fsp_name, strerror(errno) ));
3157 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3159 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3160 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3161 /* No outbuf here means successful sendfile. */
3162 TALLOC_FREE(req->outbuf);
3166 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3167 fsp->fsp_name, strerror(errno) ));
3168 exit_server_cleanly("send_file_readX sendfile failed");
3171 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3172 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3173 /* No outbuf here means successful sendfile. */
3174 TALLOC_FREE(req->outbuf);
3181 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3182 uint8 headerbuf[smb_size + 2*12];
3184 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3185 setup_readX_header((char *)headerbuf, smb_maxcnt);
3187 /* Send out the header. */
3188 if (write_data(smbd_server_fd(), (char *)headerbuf,
3189 sizeof(headerbuf)) != sizeof(headerbuf)) {
3190 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3191 fsp->fsp_name, strerror(errno) ));
3192 exit_server_cleanly("send_file_readX sendfile failed");
3194 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3196 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3197 fsp->fsp_name, strerror(errno) ));
3198 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3200 TALLOC_FREE(req->outbuf);
3204 reply_outbuf(req, 12, smb_maxcnt);
3206 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3208 reply_unixerror(req, ERRDOS, ERRnoaccess);
3212 setup_readX_header((char *)req->outbuf, nread);
3214 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3215 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3220 /****************************************************************************
3221 Reply to a read and X.
3222 ****************************************************************************/
3224 void reply_read_and_X(struct smb_request *req)
3226 connection_struct *conn = req->conn;
3230 bool big_readX = False;
3232 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3235 START_PROFILE(SMBreadX);
3237 if ((req->wct != 10) && (req->wct != 12)) {
3238 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3242 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3243 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3244 smb_maxcnt = SVAL(req->vwv+5, 0);
3246 /* If it's an IPC, pass off the pipe handler. */
3248 reply_pipe_read_and_X(req);
3249 END_PROFILE(SMBreadX);
3253 if (!check_fsp(conn, req, fsp)) {
3254 END_PROFILE(SMBreadX);
3258 if (!CHECK_READ(fsp,req->inbuf)) {
3259 reply_doserror(req, ERRDOS,ERRbadaccess);
3260 END_PROFILE(SMBreadX);
3264 if (global_client_caps & CAP_LARGE_READX) {
3265 size_t upper_size = SVAL(req->vwv+7, 0);
3266 smb_maxcnt |= (upper_size<<16);
3267 if (upper_size > 1) {
3268 /* Can't do this on a chained packet. */
3269 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3270 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3271 END_PROFILE(SMBreadX);
3274 /* We currently don't do this on signed or sealed data. */
3275 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3276 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3277 END_PROFILE(SMBreadX);
3280 /* Is there room in the reply for this data ? */
3281 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3283 NT_STATUS_INVALID_PARAMETER);
3284 END_PROFILE(SMBreadX);
3291 if (req->wct == 12) {
3292 #ifdef LARGE_SMB_OFF_T
3294 * This is a large offset (64 bit) read.
3296 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3298 #else /* !LARGE_SMB_OFF_T */
3301 * Ensure we haven't been sent a >32 bit offset.
3304 if(IVAL(req->vwv+10, 0) != 0) {
3305 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3306 "used and we don't support 64 bit offsets.\n",
3307 (unsigned int)IVAL(req->vwv+10, 0) ));
3308 END_PROFILE(SMBreadX);
3309 reply_doserror(req, ERRDOS, ERRbadaccess);
3313 #endif /* LARGE_SMB_OFF_T */
3317 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)smb_maxcnt,
3318 (uint64_t)startpos, READ_LOCK)) {
3319 END_PROFILE(SMBreadX);
3320 reply_doserror(req, ERRDOS, ERRlock);
3325 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3326 END_PROFILE(SMBreadX);
3330 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3332 END_PROFILE(SMBreadX);
3336 /****************************************************************************
3337 Error replies to writebraw must have smb_wct == 1. Fix this up.
3338 ****************************************************************************/
3340 void error_to_writebrawerr(struct smb_request *req)
3342 uint8 *old_outbuf = req->outbuf;
3344 reply_outbuf(req, 1, 0);
3346 memcpy(req->outbuf, old_outbuf, smb_size);
3347 TALLOC_FREE(old_outbuf);
3350 /****************************************************************************
3351 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3352 ****************************************************************************/
3354 void reply_writebraw(struct smb_request *req)
3356 connection_struct *conn = req->conn;
3359 ssize_t total_written=0;
3360 size_t numtowrite=0;
3368 START_PROFILE(SMBwritebraw);
3371 * If we ever reply with an error, it must have the SMB command
3372 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3375 SCVAL(req->inbuf,smb_com,SMBwritec);
3377 if (srv_is_signing_active()) {
3378 END_PROFILE(SMBwritebraw);
3379 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3380 "raw reads/writes are disallowed.");
3383 if (req->wct < 12) {
3384 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3385 error_to_writebrawerr(req);
3386 END_PROFILE(SMBwritebraw);
3390 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3391 if (!check_fsp(conn, req, fsp)) {
3392 error_to_writebrawerr(req);
3393 END_PROFILE(SMBwritebraw);
3397 if (!CHECK_WRITE(fsp)) {
3398 reply_doserror(req, ERRDOS, ERRbadaccess);
3399 error_to_writebrawerr(req);
3400 END_PROFILE(SMBwritebraw);
3404 tcount = IVAL(req->vwv+1, 0);
3405 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3406 write_through = BITSETW(req->vwv+7,0);
3408 /* We have to deal with slightly different formats depending
3409 on whether we are using the core+ or lanman1.0 protocol */
3411 if(Protocol <= PROTOCOL_COREPLUS) {
3412 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3413 data = smb_buf(req->inbuf);
3415 numtowrite = SVAL(req->vwv+10, 0);
3416 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3419 /* Ensure we don't write bytes past the end of this packet. */
3420 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3421 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3422 error_to_writebrawerr(req);
3423 END_PROFILE(SMBwritebraw);
3427 if (is_locked(fsp,(uint32)req->smbpid,(uint64_t)tcount,
3428 (uint64_t)startpos, WRITE_LOCK)) {
3429 reply_doserror(req, ERRDOS, ERRlock);
3430 error_to_writebrawerr(req);
3431 END_PROFILE(SMBwritebraw);
3436 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3439 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3440 "wrote=%d sync=%d\n",
3441 fsp->fnum, (double)startpos, (int)numtowrite,
3442 (int)nwritten, (int)write_through));
3444 if (nwritten < (ssize_t)numtowrite) {
3445 reply_unixerror(req, ERRHRD, ERRdiskfull);
3446 error_to_writebrawerr(req);
3447 END_PROFILE(SMBwritebraw);
3451 total_written = nwritten;
3453 /* Allocate a buffer of 64k + length. */
3454 buf = TALLOC_ARRAY(NULL, char, 65540);
3456 reply_doserror(req, ERRDOS, ERRnomem);
3457 error_to_writebrawerr(req);
3458 END_PROFILE(SMBwritebraw);
3462 /* Return a SMBwritebraw message to the redirector to tell
3463 * it to send more bytes */
3465 memcpy(buf, req->inbuf, smb_size);
3466 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3467 SCVAL(buf,smb_com,SMBwritebraw);
3468 SSVALS(buf,smb_vwv0,0xFFFF);
3470 if (!srv_send_smb(smbd_server_fd(),
3472 IS_CONN_ENCRYPTED(conn))) {
3473 exit_server_cleanly("reply_writebraw: srv_send_smb "
3477 /* Now read the raw data into the buffer and write it */
3478 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3480 if (!NT_STATUS_IS_OK(status)) {
3481 exit_server_cleanly("secondary writebraw failed");
3484 /* Set up outbuf to return the correct size */
3485 reply_outbuf(req, 1, 0);
3487 if (numtowrite != 0) {
3489 if (numtowrite > 0xFFFF) {
3490 DEBUG(0,("reply_writebraw: Oversize secondary write "
3491 "raw requested (%u). Terminating\n",
3492 (unsigned int)numtowrite ));
3493 exit_server_cleanly("secondary writebraw failed");
3496 if (tcount > nwritten+numtowrite) {
3497 DEBUG(3,("reply_writebraw: Client overestimated the "
3499 (int)tcount,(int)nwritten,(int)numtowrite));
3502 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3504 if (!NT_STATUS_IS_OK(status)) {
3505 DEBUG(0,("reply_writebraw: Oversize secondary write "
3506 "raw read failed (%s). Terminating\n",
3507 nt_errstr(status)));
3508 exit_server_cleanly("secondary writebraw failed");
3511 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3512 if (nwritten == -1) {
3514 reply_unixerror(req, ERRHRD, ERRdiskfull);
3515 error_to_writebrawerr(req);
3516 END_PROFILE(SMBwritebraw);
3520 if (nwritten < (ssize_t)numtowrite) {
3521 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3522 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3526 total_written += nwritten;
3531 SSVAL(req->outbuf,smb_vwv0,total_written);
3533 status = sync_file(conn, fsp, write_through);
3534 if (!NT_STATUS_IS_OK(status)) {
3535 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3536 fsp->fsp_name, nt_errstr(status) ));
3537 reply_nterror(req, status);
3538 error_to_writebrawerr(req);
3539 END_PROFILE(SMBwritebraw);
3543 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3545 fsp->fnum, (double)startpos, (int)numtowrite,
3546 (int)total_written));
3548 /* We won't return a status if write through is not selected - this
3549 * follows what WfWg does */
3550 END_PROFILE(SMBwritebraw);
3552 if (!write_through && total_written==tcount) {
3554 #if RABBIT_PELLET_FIX
3556 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3557 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3560 if (!send_keepalive(smbd_server_fd())) {
3561 exit_server_cleanly("reply_writebraw: send of "
3562 "keepalive failed");
3565 TALLOC_FREE(req->outbuf);
3571 #define DBGC_CLASS DBGC_LOCKING
3573 /****************************************************************************
3574 Reply to a writeunlock (core+).
3575 ****************************************************************************/
3577 void reply_writeunlock(struct smb_request *req)
3579 connection_struct *conn = req->conn;
3580 ssize_t nwritten = -1;
3584 NTSTATUS status = NT_STATUS_OK;
3587 START_PROFILE(SMBwriteunlock);
3590 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3591 END_PROFILE(SMBwriteunlock);
3595 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3597 if (!check_fsp(conn, req, fsp)) {
3598 END_PROFILE(SMBwriteunlock);
3602 if (!CHECK_WRITE(fsp)) {
3603 reply_doserror(req, ERRDOS,ERRbadaccess);
3604 END_PROFILE(SMBwriteunlock);
3608 numtowrite = SVAL(req->vwv+1, 0);
3609 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3610 data = (const char *)req->buf + 3;
3613 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3614 (uint64_t)startpos, WRITE_LOCK)) {
3615 reply_doserror(req, ERRDOS, ERRlock);
3616 END_PROFILE(SMBwriteunlock);
3620 /* The special X/Open SMB protocol handling of
3621 zero length writes is *NOT* done for
3623 if(numtowrite == 0) {
3626 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3629 status = sync_file(conn, fsp, False /* write through */);
3630 if (!NT_STATUS_IS_OK(status)) {
3631 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3632 fsp->fsp_name, nt_errstr(status) ));
3633 reply_nterror(req, status);
3634 END_PROFILE(SMBwriteunlock);
3638 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3639 reply_unixerror(req, ERRHRD, ERRdiskfull);
3640 END_PROFILE(SMBwriteunlock);
3645 status = do_unlock(smbd_messaging_context(),
3648 (uint64_t)numtowrite,
3652 if (NT_STATUS_V(status)) {
3653 reply_nterror(req, status);
3654 END_PROFILE(SMBwriteunlock);
3659 reply_outbuf(req, 1, 0);
3661 SSVAL(req->outbuf,smb_vwv0,nwritten);
3663 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3664 fsp->fnum, (int)numtowrite, (int)nwritten));
3666 END_PROFILE(SMBwriteunlock);
3671 #define DBGC_CLASS DBGC_ALL
3673 /****************************************************************************
3675 ****************************************************************************/
3677 void reply_write(struct smb_request *req)
3679 connection_struct *conn = req->conn;
3681 ssize_t nwritten = -1;
3687 START_PROFILE(SMBwrite);
3690 END_PROFILE(SMBwrite);
3691 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3695 /* If it's an IPC, pass off the pipe handler. */
3697 reply_pipe_write(req);
3698 END_PROFILE(SMBwrite);
3702 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3704 if (!check_fsp(conn, req, fsp)) {
3705 END_PROFILE(SMBwrite);
3709 if (!CHECK_WRITE(fsp)) {
3710 reply_doserror(req, ERRDOS, ERRbadaccess);
3711 END_PROFILE(SMBwrite);
3715 numtowrite = SVAL(req->vwv+1, 0);
3716 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3717 data = (const char *)req->buf + 3;
3719 if (is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
3720 (uint64_t)startpos, WRITE_LOCK)) {
3721 reply_doserror(req, ERRDOS, ERRlock);
3722 END_PROFILE(SMBwrite);
3727 * X/Open SMB protocol says that if smb_vwv1 is
3728 * zero then the file size should be extended or
3729 * truncated to the size given in smb_vwv[2-3].
3732 if(numtowrite == 0) {
3734 * This is actually an allocate call, and set EOF. JRA.
3736 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3738 reply_nterror(req, NT_STATUS_DISK_FULL);
3739 END_PROFILE(SMBwrite);
3742 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3744 reply_nterror(req, NT_STATUS_DISK_FULL);
3745 END_PROFILE(SMBwrite);
3748 trigger_write_time_update_immediate(fsp);
3750 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3753 status = sync_file(conn, fsp, False);
3754 if (!NT_STATUS_IS_OK(status)) {
3755 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3756 fsp->fsp_name, nt_errstr(status) ));
3757 reply_nterror(req, status);
3758 END_PROFILE(SMBwrite);
3762 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3763 reply_unixerror(req, ERRHRD, ERRdiskfull);
3764 END_PROFILE(SMBwrite);
3768 reply_outbuf(req, 1, 0);
3770 SSVAL(req->outbuf,smb_vwv0,nwritten);
3772 if (nwritten < (ssize_t)numtowrite) {
3773 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3774 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3777 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3779 END_PROFILE(SMBwrite);
3783 /****************************************************************************
3784 Ensure a buffer is a valid writeX for recvfile purposes.
3785 ****************************************************************************/
3787 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3788 (2*14) + /* word count (including bcc) */ \
3791 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3794 connection_struct *conn = NULL;
3795 unsigned int doff = 0;
3796 size_t len = smb_len_large(inbuf);
3798 if (is_encrypted_packet(inbuf)) {
3799 /* Can't do this on encrypted
3804 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3808 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3809 CVAL(inbuf,smb_wct) != 14) {
3810 DEBUG(10,("is_valid_writeX_buffer: chained or "
3811 "invalid word length.\n"));
3815 conn = conn_find(SVAL(inbuf, smb_tid));
3817 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3821 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3824 doff = SVAL(inbuf,smb_vwv11);
3826 numtowrite = SVAL(inbuf,smb_vwv10);
3828 if (len > doff && len - doff > 0xFFFF) {
3829 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3832 if (numtowrite == 0) {
3833 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3837 /* Ensure the sizes match up. */
3838 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3839 /* no pad byte...old smbclient :-( */
3840 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3842 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3846 if (len - doff != numtowrite) {
3847 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3848 "len = %u, doff = %u, numtowrite = %u\n",
3851 (unsigned int)numtowrite ));
3855 DEBUG(10,("is_valid_writeX_buffer: true "
3856 "len = %u, doff = %u, numtowrite = %u\n",
3859 (unsigned int)numtowrite ));
3864 /****************************************************************************
3865 Reply to a write and X.
3866 ****************************************************************************/
3868 void reply_write_and_X(struct smb_request *req)
3870 connection_struct *conn = req->conn;
3876 unsigned int smb_doff;
3877 unsigned int smblen;
3881 START_PROFILE(SMBwriteX);
3883 if ((req->wct != 12) && (req->wct != 14)) {
3884 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3885 END_PROFILE(SMBwriteX);
3889 numtowrite = SVAL(req->vwv+10, 0);
3890 smb_doff = SVAL(req->vwv+11, 0);
3891 smblen = smb_len(req->inbuf);
3893 if (req->unread_bytes > 0xFFFF ||
3894 (smblen > smb_doff &&
3895 smblen - smb_doff > 0xFFFF)) {
3896 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
3899 if (req->unread_bytes) {
3900 /* Can't do a recvfile write on IPC$ */
3902 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3903 END_PROFILE(SMBwriteX);
3906 if (numtowrite != req->unread_bytes) {
3907 reply_doserror(req, ERRDOS, ERRbadmem);
3908 END_PROFILE(SMBwriteX);
3912 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3913 smb_doff + numtowrite > smblen) {
3914 reply_doserror(req, ERRDOS, ERRbadmem);
3915 END_PROFILE(SMBwriteX);
3920 /* If it's an IPC, pass off the pipe handler. */
3922 if (req->unread_bytes) {
3923 reply_doserror(req, ERRDOS, ERRbadmem);
3924 END_PROFILE(SMBwriteX);
3927 reply_pipe_write_and_X(req);
3928 END_PROFILE(SMBwriteX);
3932 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3933 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3934 write_through = BITSETW(req->vwv+7,0);
3936 if (!check_fsp(conn, req, fsp)) {
3937 END_PROFILE(SMBwriteX);
3941 if (!CHECK_WRITE(fsp)) {
3942 reply_doserror(req, ERRDOS, ERRbadaccess);
3943 END_PROFILE(SMBwriteX);
3947 data = smb_base(req->inbuf) + smb_doff;
3949 if(req->wct == 14) {
3950 #ifdef LARGE_SMB_OFF_T
3952 * This is a large offset (64 bit) write.
3954 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
3956 #else /* !LARGE_SMB_OFF_T */
3959 * Ensure we haven't been sent a >32 bit offset.
3962 if(IVAL(req->vwv+12, 0) != 0) {
3963 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3964 "used and we don't support 64 bit offsets.\n",
3965 (unsigned int)IVAL(req->vwv+12, 0) ));
3966 reply_doserror(req, ERRDOS, ERRbadaccess);
3967 END_PROFILE(SMBwriteX);
3971 #endif /* LARGE_SMB_OFF_T */
3974 if (is_locked(fsp,(uint32)req->smbpid,
3975 (uint64_t)numtowrite,
3976 (uint64_t)startpos, WRITE_LOCK)) {
3977 reply_doserror(req, ERRDOS, ERRlock);
3978 END_PROFILE(SMBwriteX);
3982 /* X/Open SMB protocol says that, unlike SMBwrite
3983 if the length is zero then NO truncation is
3984 done, just a write of zero. To truncate a file,
3987 if(numtowrite == 0) {
3991 if ((req->unread_bytes == 0) &&
3992 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
3994 END_PROFILE(SMBwriteX);
3998 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4001 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4002 reply_unixerror(req, ERRHRD, ERRdiskfull);
4003 END_PROFILE(SMBwriteX);
4007 reply_outbuf(req, 6, 0);
4008 SSVAL(req->outbuf,smb_vwv2,nwritten);
4009 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4011 if (nwritten < (ssize_t)numtowrite) {
4012 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4013 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4016 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4017 fsp->fnum, (int)numtowrite, (int)nwritten));
4019 status = sync_file(conn, fsp, write_through);
4020 if (!NT_STATUS_IS_OK(status)) {
4021 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4022 fsp->fsp_name, nt_errstr(status) ));
4023 reply_nterror(req, status);
4024 END_PROFILE(SMBwriteX);
4028 END_PROFILE(SMBwriteX);
4033 /****************************************************************************
4035 ****************************************************************************/
4037 void reply_lseek(struct smb_request *req)
4039 connection_struct *conn = req->conn;
4045 START_PROFILE(SMBlseek);
4048 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4049 END_PROFILE(SMBlseek);
4053 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4055 if (!check_fsp(conn, req, fsp)) {
4059 flush_write_cache(fsp, SEEK_FLUSH);
4061 mode = SVAL(req->vwv+1, 0) & 3;
4062 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4063 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4072 res = fsp->fh->pos + startpos;
4083 if (umode == SEEK_END) {
4084 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4085 if(errno == EINVAL) {
4086 SMB_OFF_T current_pos = startpos;
4087 SMB_STRUCT_STAT sbuf;
4089 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4090 reply_unixerror(req, ERRDOS,
4092 END_PROFILE(SMBlseek);
4096 current_pos += sbuf.st_size;
4098 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4103 reply_unixerror(req, ERRDOS, ERRnoaccess);
4104 END_PROFILE(SMBlseek);
4111 reply_outbuf(req, 2, 0);
4112 SIVAL(req->outbuf,smb_vwv0,res);
4114 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4115 fsp->fnum, (double)startpos, (double)res, mode));
4117 END_PROFILE(SMBlseek);
4121 /****************************************************************************
4123 ****************************************************************************/
4125 void reply_flush(struct smb_request *req)
4127 connection_struct *conn = req->conn;
4131 START_PROFILE(SMBflush);
4134 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4138 fnum = SVAL(req->vwv+0, 0);
4139 fsp = file_fsp(req, fnum);
4141 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4146 file_sync_all(conn);
4148 NTSTATUS status = sync_file(conn, fsp, True);
4149 if (!NT_STATUS_IS_OK(status)) {
4150 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4151 fsp->fsp_name, nt_errstr(status) ));
4152 reply_nterror(req, status);
4153 END_PROFILE(SMBflush);
4158 reply_outbuf(req, 0, 0);
4160 DEBUG(3,("flush\n"));
4161 END_PROFILE(SMBflush);
4165 /****************************************************************************
4167 conn POINTER CAN BE NULL HERE !
4168 ****************************************************************************/
4170 void reply_exit(struct smb_request *req)
4172 START_PROFILE(SMBexit);
4174 file_close_pid(req->smbpid, req->vuid);
4176 reply_outbuf(req, 0, 0);
4178 DEBUG(3,("exit\n"));
4180 END_PROFILE(SMBexit);
4184 /****************************************************************************
4185 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4186 ****************************************************************************/
4188 void reply_close(struct smb_request *req)
4190 connection_struct *conn = req->conn;
4191 NTSTATUS status = NT_STATUS_OK;
4192 files_struct *fsp = NULL;
4193 START_PROFILE(SMBclose);
4196 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4197 END_PROFILE(SMBclose);
4201 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4204 * We can only use check_fsp if we know it's not a directory.
4207 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4208 reply_doserror(req, ERRDOS, ERRbadfid);
4209 END_PROFILE(SMBclose);
4213 if(fsp->is_directory) {
4215 * Special case - close NT SMB directory handle.
4217 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4218 status = close_file(req, fsp, NORMAL_CLOSE);
4222 * Close ordinary file.
4225 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4226 fsp->fh->fd, fsp->fnum,
4227 conn->num_files_open));
4230 * Take care of any time sent in the close.
4233 t = srv_make_unix_date3(req->vwv+1);
4234 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4237 * close_file() returns the unix errno if an error
4238 * was detected on close - normally this is due to
4239 * a disk full error. If not then it was probably an I/O error.
4242 status = close_file(req, fsp, NORMAL_CLOSE);
4245 if (!NT_STATUS_IS_OK(status)) {
4246 reply_nterror(req, status);
4247 END_PROFILE(SMBclose);
4251 reply_outbuf(req, 0, 0);
4252 END_PROFILE(SMBclose);
4256 /****************************************************************************
4257 Reply to a writeclose (Core+ protocol).
4258 ****************************************************************************/
4260 void reply_writeclose(struct smb_request *req)
4262 connection_struct *conn = req->conn;
4264 ssize_t nwritten = -1;
4265 NTSTATUS close_status = NT_STATUS_OK;
4268 struct timespec mtime;
4271 START_PROFILE(SMBwriteclose);
4274 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4275 END_PROFILE(SMBwriteclose);
4279 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4281 if (!check_fsp(conn, req, fsp)) {
4282 END_PROFILE(SMBwriteclose);
4285 if (!CHECK_WRITE(fsp)) {
4286 reply_doserror(req, ERRDOS,ERRbadaccess);
4287 END_PROFILE(SMBwriteclose);
4291 numtowrite = SVAL(req->vwv+1, 0);
4292 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4293 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4294 data = (const char *)req->buf + 1;
4297 && is_locked(fsp, (uint32)req->smbpid, (uint64_t)numtowrite,
4298 (uint64_t)startpos, WRITE_LOCK)) {
4299 reply_doserror(req, ERRDOS,ERRlock);
4300 END_PROFILE(SMBwriteclose);
4304 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4306 set_close_write_time(fsp, mtime);
4309 * More insanity. W2K only closes the file if writelen > 0.
4314 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4316 close_status = close_file(req, fsp, NORMAL_CLOSE);
4319 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4320 fsp->fnum, (int)numtowrite, (int)nwritten,
4321 conn->num_files_open));
4323 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4324 reply_doserror(req, ERRHRD, ERRdiskfull);
4325 END_PROFILE(SMBwriteclose);
4329 if(!NT_STATUS_IS_OK(close_status)) {
4330 reply_nterror(req, close_status);
4331 END_PROFILE(SMBwriteclose);
4335 reply_outbuf(req, 1, 0);
4337 SSVAL(req->outbuf,smb_vwv0,nwritten);
4338 END_PROFILE(SMBwriteclose);
4343 #define DBGC_CLASS DBGC_LOCKING
4345 /****************************************************************************
4347 ****************************************************************************/
4349 void reply_lock(struct smb_request *req)
4351 connection_struct *conn = req->conn;
4352 uint64_t count,offset;
4355 struct byte_range_lock *br_lck = NULL;
4357 START_PROFILE(SMBlock);
4360 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4361 END_PROFILE(SMBlock);
4365 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4367 if (!check_fsp(conn, req, fsp)) {
4368 END_PROFILE(SMBlock);
4372 release_level_2_oplocks_on_change(fsp);
4374 count = (uint64_t)IVAL(req->vwv+1, 0);
4375 offset = (uint64_t)IVAL(req->vwv+3, 0);
4377 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4378 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4380 br_lck = do_lock(smbd_messaging_context(),
4387 False, /* Non-blocking lock. */
4391 TALLOC_FREE(br_lck);
4393 if (NT_STATUS_V(status)) {
4394 reply_nterror(req, status);
4395 END_PROFILE(SMBlock);
4399 reply_outbuf(req, 0, 0);
4401 END_PROFILE(SMBlock);
4405 /****************************************************************************
4407 ****************************************************************************/
4409 void reply_unlock(struct smb_request *req)
4411 connection_struct *conn = req->conn;
4412 uint64_t count,offset;
4416 START_PROFILE(SMBunlock);
4419 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4420 END_PROFILE(SMBunlock);
4424 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4426 if (!check_fsp(conn, req, fsp)) {
4427 END_PROFILE(SMBunlock);
4431 count = (uint64_t)IVAL(req->vwv+1, 0);
4432 offset = (uint64_t)IVAL(req->vwv+3, 0);
4434 status = do_unlock(smbd_messaging_context(),
4441 if (NT_STATUS_V(status)) {
4442 reply_nterror(req, status);
4443 END_PROFILE(SMBunlock);
4447 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4448 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4450 reply_outbuf(req, 0, 0);
4452 END_PROFILE(SMBunlock);
4457 #define DBGC_CLASS DBGC_ALL
4459 /****************************************************************************
4461 conn POINTER CAN BE NULL HERE !
4462 ****************************************************************************/
4464 void reply_tdis(struct smb_request *req)
4466 connection_struct *conn = req->conn;
4467 START_PROFILE(SMBtdis);
4470 DEBUG(4,("Invalid connection in tdis\n"));
4471 reply_doserror(req, ERRSRV, ERRinvnid);
4472 END_PROFILE(SMBtdis);
4478 close_cnum(conn,req->vuid);
4481 reply_outbuf(req, 0, 0);
4482 END_PROFILE(SMBtdis);
4486 /****************************************************************************
4488 conn POINTER CAN BE NULL HERE !
4489 ****************************************************************************/
4491 void reply_echo(struct smb_request *req)
4493 connection_struct *conn = req->conn;
4497 START_PROFILE(SMBecho);
4500 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4501 END_PROFILE(SMBecho);
4505 smb_reverb = SVAL(req->vwv+0, 0);
4507 reply_outbuf(req, 1, req->buflen);
4509 /* copy any incoming data back out */
4510 if (req->buflen > 0) {
4511 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4514 if (smb_reverb > 100) {
4515 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4519 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4520 SSVAL(req->outbuf,smb_vwv0,seq_num);
4522 show_msg((char *)req->outbuf);
4523 if (!srv_send_smb(smbd_server_fd(),
4524 (char *)req->outbuf,
4525 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4526 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4529 DEBUG(3,("echo %d times\n", smb_reverb));
4531 TALLOC_FREE(req->outbuf);
4533 END_PROFILE(SMBecho);
4537 /****************************************************************************
4538 Reply to a printopen.
4539 ****************************************************************************/
4541 void reply_printopen(struct smb_request *req)
4543 connection_struct *conn = req->conn;
4547 START_PROFILE(SMBsplopen);
4550 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4551 END_PROFILE(SMBsplopen);
4555 if (!CAN_PRINT(conn)) {
4556 reply_doserror(req, ERRDOS, ERRnoaccess);
4557 END_PROFILE(SMBsplopen);
4561 /* Open for exclusive use, write only. */
4562 status = print_fsp_open(req, conn, NULL, req->vuid, &fsp);
4564 if (!NT_STATUS_IS_OK(status)) {
4565 reply_nterror(req, status);
4566 END_PROFILE(SMBsplopen);
4570 reply_outbuf(req, 1, 0);
4571 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4573 DEBUG(3,("openprint fd=%d fnum=%d\n",
4574 fsp->fh->fd, fsp->fnum));
4576 END_PROFILE(SMBsplopen);
4580 /****************************************************************************
4581 Reply to a printclose.
4582 ****************************************************************************/
4584 void reply_printclose(struct smb_request *req)
4586 connection_struct *conn = req->conn;
4590 START_PROFILE(SMBsplclose);
4593 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4594 END_PROFILE(SMBsplclose);
4598 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4600 if (!check_fsp(conn, req, fsp)) {
4601 END_PROFILE(SMBsplclose);
4605 if (!CAN_PRINT(conn)) {
4606 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4607 END_PROFILE(SMBsplclose);
4611 DEBUG(3,("printclose fd=%d fnum=%d\n",
4612 fsp->fh->fd,fsp->fnum));
4614 status = close_file(req, fsp, NORMAL_CLOSE);
4616 if(!NT_STATUS_IS_OK(status)) {
4617 reply_nterror(req, status);
4618 END_PROFILE(SMBsplclose);
4622 reply_outbuf(req, 0, 0);
4624 END_PROFILE(SMBsplclose);
4628 /****************************************************************************
4629 Reply to a printqueue.
4630 ****************************************************************************/
4632 void reply_printqueue(struct smb_request *req)
4634 connection_struct *conn = req->conn;
4638 START_PROFILE(SMBsplretq);
4641 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4642 END_PROFILE(SMBsplretq);
4646 max_count = SVAL(req->vwv+0, 0);
4647 start_index = SVAL(req->vwv+1, 0);
4649 /* we used to allow the client to get the cnum wrong, but that
4650 is really quite gross and only worked when there was only
4651 one printer - I think we should now only accept it if they
4652 get it right (tridge) */
4653 if (!CAN_PRINT(conn)) {
4654 reply_doserror(req, ERRDOS, ERRnoaccess);
4655 END_PROFILE(SMBsplretq);
4659 reply_outbuf(req, 2, 3);
4660 SSVAL(req->outbuf,smb_vwv0,0);
4661 SSVAL(req->outbuf,smb_vwv1,0);
4662 SCVAL(smb_buf(req->outbuf),0,1);
4663 SSVAL(smb_buf(req->outbuf),1,0);
4665 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4666 start_index, max_count));
4669 print_queue_struct *queue = NULL;
4670 print_status_struct status;
4671 int count = print_queue_status(SNUM(conn), &queue, &status);
4672 int num_to_get = ABS(max_count);
4673 int first = (max_count>0?start_index:start_index+max_count+1);
4679 num_to_get = MIN(num_to_get,count-first);
4682 for (i=first;i<first+num_to_get;i++) {
4686 srv_put_dos_date2(p,0,queue[i].time);
4687 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4688 SSVAL(p,5, queue[i].job);
4689 SIVAL(p,7,queue[i].size);
4691 srvstr_push(blob, req->flags2, p+12,
4692 queue[i].fs_user, 16, STR_ASCII);
4694 if (message_push_blob(
4697 blob, sizeof(blob))) == -1) {
4698 reply_nterror(req, NT_STATUS_NO_MEMORY);
4699 END_PROFILE(SMBsplretq);
4705 SSVAL(req->outbuf,smb_vwv0,count);
4706 SSVAL(req->outbuf,smb_vwv1,
4707 (max_count>0?first+count:first-1));
4708 SCVAL(smb_buf(req->outbuf),0,1);
4709 SSVAL(smb_buf(req->outbuf),1,28*count);
4714 DEBUG(3,("%d entries returned in queue\n",count));
4717 END_PROFILE(SMBsplretq);
4721 /****************************************************************************
4722 Reply to a printwrite.
4723 ****************************************************************************/
4725 void reply_printwrite(struct smb_request *req)
4727 connection_struct *conn = req->conn;
4732 START_PROFILE(SMBsplwr);
4735 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4736 END_PROFILE(SMBsplwr);
4740 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4742 if (!check_fsp(conn, req, fsp)) {
4743 END_PROFILE(SMBsplwr);
4747 if (!CAN_PRINT(conn)) {
4748 reply_doserror(req, ERRDOS, ERRnoaccess);
4749 END_PROFILE(SMBsplwr);
4753 if (!CHECK_WRITE(fsp)) {
4754 reply_doserror(req, ERRDOS, ERRbadaccess);
4755 END_PROFILE(SMBsplwr);
4759 numtowrite = SVAL(req->buf, 1);
4761 if (req->buflen < numtowrite + 3) {
4762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4763 END_PROFILE(SMBsplwr);
4767 data = (const char *)req->buf + 3;
4769 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4770 reply_unixerror(req, ERRHRD, ERRdiskfull);
4771 END_PROFILE(SMBsplwr);
4775 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4777 END_PROFILE(SMBsplwr);
4781 /****************************************************************************
4783 ****************************************************************************/
4785 void reply_mkdir(struct smb_request *req)
4787 connection_struct *conn = req->conn;
4788 char *directory = NULL;
4790 SMB_STRUCT_STAT sbuf;
4791 TALLOC_CTX *ctx = talloc_tos();
4793 START_PROFILE(SMBmkdir);
4795 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
4796 STR_TERMINATE, &status);
4797 if (!NT_STATUS_IS_OK(status)) {
4798 reply_nterror(req, status);
4799 END_PROFILE(SMBmkdir);
4803 status = resolve_dfspath(ctx, conn,
4804 req->flags2 & FLAGS2_DFS_PATHNAMES,
4807 if (!NT_STATUS_IS_OK(status)) {
4808 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4809 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4810 ERRSRV, ERRbadpath);
4811 END_PROFILE(SMBmkdir);
4814 reply_nterror(req, status);
4815 END_PROFILE(SMBmkdir);
4819 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4820 if (!NT_STATUS_IS_OK(status)) {
4821 reply_nterror(req, status);
4822 END_PROFILE(SMBmkdir);
4826 status = check_name(conn, directory);
4827 if (!NT_STATUS_IS_OK(status)) {
4828 reply_nterror(req, status);
4829 END_PROFILE(SMBmkdir);
4833 status = create_directory(conn, req, directory);
4835 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4837 if (!NT_STATUS_IS_OK(status)) {
4839 if (!use_nt_status()
4840 && NT_STATUS_EQUAL(status,
4841 NT_STATUS_OBJECT_NAME_COLLISION)) {
4843 * Yes, in the DOS error code case we get a
4844 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4845 * samba4 torture test.
4847 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4850 reply_nterror(req, status);
4851 END_PROFILE(SMBmkdir);
4855 reply_outbuf(req, 0, 0);
4857 DEBUG( 3, ( "mkdir %s\n", directory ) );
4859 END_PROFILE(SMBmkdir);
4863 /****************************************************************************
4864 Static function used by reply_rmdir to delete an entire directory
4865 tree recursively. Return True on ok, False on fail.
4866 ****************************************************************************/
4868 static bool recursive_rmdir(TALLOC_CTX *ctx,
4869 connection_struct *conn,
4872 const char *dname = NULL;
4875 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4881 while((dname = ReadDirName(dir_hnd, &offset))) {
4882 char *fullname = NULL;
4885 if (ISDOT(dname) || ISDOTDOT(dname)) {
4889 if (!is_visible_file(conn, directory, dname, &st, False)) {
4893 /* Construct the full name. */
4894 fullname = talloc_asprintf(ctx,
4904 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4909 if(st.st_mode & S_IFDIR) {
4910 if(!recursive_rmdir(ctx, conn, fullname)) {
4914 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4918 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4922 TALLOC_FREE(fullname);
4924 TALLOC_FREE(dir_hnd);
4928 /****************************************************************************
4929 The internals of the rmdir code - called elsewhere.
4930 ****************************************************************************/
4932 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4933 connection_struct *conn,
4934 const char *directory)
4939 /* Might be a symlink. */
4940 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4941 return map_nt_error_from_unix(errno);
4944 if (S_ISLNK(st.st_mode)) {
4945 /* Is what it points to a directory ? */
4946 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
4947 return map_nt_error_from_unix(errno);
4949 if (!(S_ISDIR(st.st_mode))) {
4950 return NT_STATUS_NOT_A_DIRECTORY;
4952 ret = SMB_VFS_UNLINK(conn,directory);
4954 ret = SMB_VFS_RMDIR(conn,directory);
4957 notify_fname(conn, NOTIFY_ACTION_REMOVED,
4958 FILE_NOTIFY_CHANGE_DIR_NAME,
4960 return NT_STATUS_OK;
4963 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
4965 * Check to see if the only thing in this directory are
4966 * vetoed files/directories. If so then delete them and
4967 * retry. If we fail to delete any of them (and we *don't*
4968 * do a recursive delete) then fail the rmdir.
4972 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
4973 directory, NULL, 0);
4975 if(dir_hnd == NULL) {
4980 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4981 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
4983 if (!is_visible_file(conn, directory, dname, &st, False))
4985 if(!IS_VETO_PATH(conn, dname)) {
4986 TALLOC_FREE(dir_hnd);
4992 /* We only have veto files/directories. Recursive delete. */
4994 RewindDir(dir_hnd,&dirpos);
4995 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
4996 char *fullname = NULL;
4998 if (ISDOT(dname) || ISDOTDOT(dname)) {
5001 if (!is_visible_file(conn, directory, dname, &st, False)) {
5005 fullname = talloc_asprintf(ctx,
5015 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5018 if(st.st_mode & S_IFDIR) {
5019 if(lp_recursive_veto_delete(SNUM(conn))) {
5020 if(!recursive_rmdir(ctx, conn, fullname))
5023 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5026 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5029 TALLOC_FREE(fullname);
5031 TALLOC_FREE(dir_hnd);
5032 /* Retry the rmdir */
5033 ret = SMB_VFS_RMDIR(conn,directory);
5039 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5040 "%s\n", directory,strerror(errno)));
5041 return map_nt_error_from_unix(errno);
5044 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5045 FILE_NOTIFY_CHANGE_DIR_NAME,
5048 return NT_STATUS_OK;
5051 /****************************************************************************
5053 ****************************************************************************/
5055 void reply_rmdir(struct smb_request *req)
5057 connection_struct *conn = req->conn;
5058 char *directory = NULL;
5059 SMB_STRUCT_STAT sbuf;
5061 TALLOC_CTX *ctx = talloc_tos();
5063 START_PROFILE(SMBrmdir);
5065 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5066 STR_TERMINATE, &status);
5067 if (!NT_STATUS_IS_OK(status)) {
5068 reply_nterror(req, status);
5069 END_PROFILE(SMBrmdir);
5073 status = resolve_dfspath(ctx, conn,
5074 req->flags2 & FLAGS2_DFS_PATHNAMES,
5077 if (!NT_STATUS_IS_OK(status)) {
5078 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5079 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5080 ERRSRV, ERRbadpath);
5081 END_PROFILE(SMBrmdir);
5084 reply_nterror(req, status);
5085 END_PROFILE(SMBrmdir);
5089 status = unix_convert(ctx, conn, directory, False, &directory,
5091 if (!NT_STATUS_IS_OK(status)) {
5092 reply_nterror(req, status);
5093 END_PROFILE(SMBrmdir);
5097 status = check_name(conn, directory);
5098 if (!NT_STATUS_IS_OK(status)) {
5099 reply_nterror(req, status);
5100 END_PROFILE(SMBrmdir);
5104 dptr_closepath(directory, req->smbpid);
5105 status = rmdir_internals(ctx, conn, directory);
5106 if (!NT_STATUS_IS_OK(status)) {
5107 reply_nterror(req, status);
5108 END_PROFILE(SMBrmdir);
5112 reply_outbuf(req, 0, 0);
5114 DEBUG( 3, ( "rmdir %s\n", directory ) );
5116 END_PROFILE(SMBrmdir);
5120 /*******************************************************************
5121 Resolve wildcards in a filename rename.
5122 ********************************************************************/
5124 static bool resolve_wildcards(TALLOC_CTX *ctx,
5129 char *name2_copy = NULL;
5134 char *p,*p2, *pname1, *pname2;
5136 name2_copy = talloc_strdup(ctx, name2);
5141 pname1 = strrchr_m(name1,'/');
5142 pname2 = strrchr_m(name2_copy,'/');
5144 if (!pname1 || !pname2) {
5148 /* Truncate the copy of name2 at the last '/' */
5151 /* Now go past the '/' */
5155 root1 = talloc_strdup(ctx, pname1);
5156 root2 = talloc_strdup(ctx, pname2);
5158 if (!root1 || !root2) {
5162 p = strrchr_m(root1,'.');
5165 ext1 = talloc_strdup(ctx, p+1);
5167 ext1 = talloc_strdup(ctx, "");
5169 p = strrchr_m(root2,'.');
5172 ext2 = talloc_strdup(ctx, p+1);
5174 ext2 = talloc_strdup(ctx, "");
5177 if (!ext1 || !ext2) {
5185 /* Hmmm. Should this be mb-aware ? */
5188 } else if (*p2 == '*') {
5190 root2 = talloc_asprintf(ctx, "%s%s",
5209 /* Hmmm. Should this be mb-aware ? */
5212 } else if (*p2 == '*') {
5214 ext2 = talloc_asprintf(ctx, "%s%s",
5230 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5235 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5247 /****************************************************************************
5248 Ensure open files have their names updated. Updated to notify other smbd's
5250 ****************************************************************************/
5252 static void rename_open_files(connection_struct *conn,
5253 struct share_mode_lock *lck,
5254 const char *newname)
5257 bool did_rename = False;
5259 for(fsp = file_find_di_first(lck->id); fsp;
5260 fsp = file_find_di_next(fsp)) {
5261 /* fsp_name is a relative path under the fsp. To change this for other
5262 sharepaths we need to manipulate relative paths. */
5263 /* TODO - create the absolute path and manipulate the newname
5264 relative to the sharepath. */
5265 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5268 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5269 fsp->fnum, file_id_string_tos(&fsp->file_id),
5270 fsp->fsp_name, newname ));
5271 string_set(&fsp->fsp_name, newname);
5276 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5277 file_id_string_tos(&lck->id), newname ));
5280 /* Send messages to all smbd's (not ourself) that the name has changed. */
5281 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5285 /****************************************************************************
5286 We need to check if the source path is a parent directory of the destination
5287 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5288 refuse the rename with a sharing violation. Under UNIX the above call can
5289 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5290 probably need to check that the client is a Windows one before disallowing
5291 this as a UNIX client (one with UNIX extensions) can know the source is a
5292 symlink and make this decision intelligently. Found by an excellent bug
5293 report from <AndyLiebman@aol.com>.
5294 ****************************************************************************/
5296 static bool rename_path_prefix_equal(const char *src, const char *dest)
5298 const char *psrc = src;
5299 const char *pdst = dest;
5302 if (psrc[0] == '.' && psrc[1] == '/') {
5305 if (pdst[0] == '.' && pdst[1] == '/') {
5308 if ((slen = strlen(psrc)) > strlen(pdst)) {
5311 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5315 * Do the notify calls from a rename
5318 static void notify_rename(connection_struct *conn, bool is_dir,
5319 const char *oldpath, const char *newpath)
5321 char *olddir, *newdir;
5322 const char *oldname, *newname;
5325 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5326 : FILE_NOTIFY_CHANGE_FILE_NAME;
5328 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5329 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5330 TALLOC_FREE(olddir);
5334 if (strcmp(olddir, newdir) == 0) {
5335 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5336 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5339 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5340 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5342 TALLOC_FREE(olddir);
5343 TALLOC_FREE(newdir);
5345 /* this is a strange one. w2k3 gives an additional event for
5346 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5347 files, but not directories */
5349 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5350 FILE_NOTIFY_CHANGE_ATTRIBUTES
5351 |FILE_NOTIFY_CHANGE_CREATION,
5356 /****************************************************************************
5357 Rename an open file - given an fsp.
5358 ****************************************************************************/
5360 NTSTATUS rename_internals_fsp(connection_struct *conn,
5363 const char *newname_last_component,
5365 bool replace_if_exists)
5367 TALLOC_CTX *ctx = talloc_tos();
5368 SMB_STRUCT_STAT sbuf, sbuf1;
5369 NTSTATUS status = NT_STATUS_OK;
5370 struct share_mode_lock *lck = NULL;
5375 status = check_name(conn, newname);
5376 if (!NT_STATUS_IS_OK(status)) {
5380 /* Ensure newname contains a '/' */
5381 if(strrchr_m(newname,'/') == 0) {
5382 newname = talloc_asprintf(ctx,
5386 return NT_STATUS_NO_MEMORY;
5391 * Check for special case with case preserving and not
5392 * case sensitive. If the old last component differs from the original
5393 * last component only by case, then we should allow
5394 * the rename (user is trying to change the case of the
5398 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5399 strequal(newname, fsp->fsp_name)) {
5401 char *newname_modified_last_component = NULL;
5404 * Get the last component of the modified name.
5405 * Note that we guarantee that newname contains a '/'
5408 p = strrchr_m(newname,'/');
5409 newname_modified_last_component = talloc_strdup(ctx,
5411 if (!newname_modified_last_component) {
5412 return NT_STATUS_NO_MEMORY;
5415 if(strcsequal(newname_modified_last_component,
5416 newname_last_component) == False) {
5418 * Replace the modified last component with
5421 *p = '\0'; /* Truncate at the '/' */
5422 newname = talloc_asprintf(ctx,
5425 newname_last_component);
5430 * If the src and dest names are identical - including case,
5431 * don't do the rename, just return success.
5434 if (strcsequal(fsp->fsp_name, newname)) {
5435 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5437 return NT_STATUS_OK;
5441 * Have vfs_object_exist also fill sbuf1
5443 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5445 if(!replace_if_exists && dst_exists) {
5446 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5447 fsp->fsp_name,newname));
5448 return NT_STATUS_OBJECT_NAME_COLLISION;
5452 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5453 files_struct *dst_fsp = file_find_di_first(fileid);
5455 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5456 return NT_STATUS_ACCESS_DENIED;
5460 /* Ensure we have a valid stat struct for the source. */
5461 if (fsp->fh->fd != -1) {
5462 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5463 return map_nt_error_from_unix(errno);
5466 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5467 return map_nt_error_from_unix(errno);
5471 status = can_rename(conn, fsp, attrs, &sbuf);
5473 if (!NT_STATUS_IS_OK(status)) {
5474 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5475 nt_errstr(status), fsp->fsp_name,newname));
5476 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5477 status = NT_STATUS_ACCESS_DENIED;
5481 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5482 return NT_STATUS_ACCESS_DENIED;
5485 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5489 * We have the file open ourselves, so not being able to get the
5490 * corresponding share mode lock is a fatal error.
5493 SMB_ASSERT(lck != NULL);
5495 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5496 uint32 create_options = fsp->fh->private_options;
5498 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5499 fsp->fsp_name,newname));
5501 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5503 rename_open_files(conn, lck, newname);
5506 * A rename acts as a new file create w.r.t. allowing an initial delete
5507 * on close, probably because in Windows there is a new handle to the
5508 * new file. If initial delete on close was requested but not
5509 * originally set, we need to set it here. This is probably not 100% correct,
5510 * but will work for the CIFSFS client which in non-posix mode
5511 * depends on these semantics. JRA.
5514 set_allow_initial_delete_on_close(lck, fsp, True);
5516 if (create_options & FILE_DELETE_ON_CLOSE) {
5517 status = can_set_delete_on_close(fsp, True, 0);
5519 if (NT_STATUS_IS_OK(status)) {
5520 /* Note that here we set the *inital* delete on close flag,
5521 * not the regular one. The magic gets handled in close. */
5522 fsp->initial_delete_on_close = True;
5526 return NT_STATUS_OK;
5531 if (errno == ENOTDIR || errno == EISDIR) {
5532 status = NT_STATUS_OBJECT_NAME_COLLISION;
5534 status = map_nt_error_from_unix(errno);
5537 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5538 nt_errstr(status), fsp->fsp_name,newname));
5543 /****************************************************************************
5544 The guts of the rename command, split out so it may be called by the NT SMB
5546 ****************************************************************************/
5548 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5549 connection_struct *conn,
5550 struct smb_request *req,
5551 const char *name_in,
5552 const char *newname_in,
5554 bool replace_if_exists,
5557 uint32_t access_mask)
5559 char *directory = NULL;
5561 char *last_component_src = NULL;
5562 char *last_component_dest = NULL;
5564 char *newname = NULL;
5567 NTSTATUS status = NT_STATUS_OK;
5568 SMB_STRUCT_STAT sbuf1, sbuf2;
5569 struct smb_Dir *dir_hnd = NULL;
5576 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5577 &last_component_src, &sbuf1);
5578 if (!NT_STATUS_IS_OK(status)) {
5582 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5583 &last_component_dest, &sbuf2);
5584 if (!NT_STATUS_IS_OK(status)) {
5589 * Split the old name into directory and last component
5590 * strings. Note that unix_convert may have stripped off a
5591 * leading ./ from both name and newname if the rename is
5592 * at the root of the share. We need to make sure either both
5593 * name and newname contain a / character or neither of them do
5594 * as this is checked in resolve_wildcards().
5597 p = strrchr_m(name,'/');
5599 directory = talloc_strdup(ctx, ".");
5601 return NT_STATUS_NO_MEMORY;
5606 directory = talloc_strdup(ctx, name);
5608 return NT_STATUS_NO_MEMORY;
5611 *p = '/'; /* Replace needed for exceptional test below. */
5615 * We should only check the mangled cache
5616 * here if unix_convert failed. This means
5617 * that the path in 'mask' doesn't exist
5618 * on the file system and so we need to look
5619 * for a possible mangle. This patch from
5620 * Tine Smukavec <valentin.smukavec@hermes.si>.
5623 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5624 char *new_mask = NULL;
5625 mangle_lookup_name_from_8_3(ctx,
5634 if (!src_has_wild) {
5638 * No wildcards - just process the one file.
5640 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5642 /* Add a terminating '/' to the directory name. */
5643 directory = talloc_asprintf_append(directory,
5647 return NT_STATUS_NO_MEMORY;
5650 /* Ensure newname contains a '/' also */
5651 if(strrchr_m(newname,'/') == 0) {
5652 newname = talloc_asprintf(ctx,
5656 return NT_STATUS_NO_MEMORY;
5660 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5661 "case_preserve = %d, short case preserve = %d, "
5662 "directory = %s, newname = %s, "
5663 "last_component_dest = %s, is_8_3 = %d\n",
5664 conn->case_sensitive, conn->case_preserve,
5665 conn->short_case_preserve, directory,
5666 newname, last_component_dest, is_short_name));
5668 /* The dest name still may have wildcards. */
5669 if (dest_has_wild) {
5670 char *mod_newname = NULL;
5671 if (!resolve_wildcards(ctx,
5672 directory,newname,&mod_newname)) {
5673 DEBUG(6, ("rename_internals: resolve_wildcards "
5677 return NT_STATUS_NO_MEMORY;
5679 newname = mod_newname;
5683 SMB_VFS_STAT(conn, directory, &sbuf1);
5685 status = S_ISDIR(sbuf1.st_mode) ?
5686 open_directory(conn, req, directory, &sbuf1,
5688 FILE_SHARE_READ|FILE_SHARE_WRITE,
5689 FILE_OPEN, 0, 0, NULL,
5691 : open_file_ntcreate(conn, req, directory, &sbuf1,
5693 FILE_SHARE_READ|FILE_SHARE_WRITE,
5694 FILE_OPEN, 0, 0, 0, NULL,
5697 if (!NT_STATUS_IS_OK(status)) {
5698 DEBUG(3, ("Could not open rename source %s: %s\n",
5699 directory, nt_errstr(status)));
5703 status = rename_internals_fsp(conn, fsp, newname,
5704 last_component_dest,
5705 attrs, replace_if_exists);
5707 close_file(req, fsp, NORMAL_CLOSE);
5709 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5710 nt_errstr(status), directory,newname));
5716 * Wildcards - process each file that matches.
5718 if (strequal(mask,"????????.???")) {
5723 status = check_name(conn, directory);
5724 if (!NT_STATUS_IS_OK(status)) {
5728 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5729 if (dir_hnd == NULL) {
5730 return map_nt_error_from_unix(errno);
5733 status = NT_STATUS_NO_SUCH_FILE;
5735 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5736 * - gentest fix. JRA
5739 while ((dname = ReadDirName(dir_hnd, &offset))) {
5740 files_struct *fsp = NULL;
5742 char *destname = NULL;
5743 bool sysdir_entry = False;
5745 /* Quick check for "." and ".." */
5746 if (ISDOT(dname) || ISDOTDOT(dname)) {
5748 sysdir_entry = True;
5754 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5758 if(!mask_match(dname, mask, conn->case_sensitive)) {
5763 status = NT_STATUS_OBJECT_NAME_INVALID;
5767 fname = talloc_asprintf(ctx,
5772 return NT_STATUS_NO_MEMORY;
5775 if (!resolve_wildcards(ctx,
5776 fname,newname,&destname)) {
5777 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5783 return NT_STATUS_NO_MEMORY;
5787 SMB_VFS_STAT(conn, fname, &sbuf1);
5789 status = S_ISDIR(sbuf1.st_mode) ?
5790 open_directory(conn, req, fname, &sbuf1,
5792 FILE_SHARE_READ|FILE_SHARE_WRITE,
5793 FILE_OPEN, 0, 0, NULL,
5795 : open_file_ntcreate(conn, req, fname, &sbuf1,
5797 FILE_SHARE_READ|FILE_SHARE_WRITE,
5798 FILE_OPEN, 0, 0, 0, NULL,
5801 if (!NT_STATUS_IS_OK(status)) {
5802 DEBUG(3,("rename_internals: open_file_ntcreate "
5803 "returned %s rename %s -> %s\n",
5804 nt_errstr(status), directory, newname));
5808 status = rename_internals_fsp(conn, fsp, destname, dname,
5809 attrs, replace_if_exists);
5811 close_file(req, fsp, NORMAL_CLOSE);
5813 if (!NT_STATUS_IS_OK(status)) {
5814 DEBUG(3, ("rename_internals_fsp returned %s for "
5815 "rename %s -> %s\n", nt_errstr(status),
5816 directory, newname));
5822 DEBUG(3,("rename_internals: doing rename on %s -> "
5823 "%s\n",fname,destname));
5826 TALLOC_FREE(destname);
5828 TALLOC_FREE(dir_hnd);
5830 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
5831 status = map_nt_error_from_unix(errno);
5837 /****************************************************************************
5839 ****************************************************************************/
5841 void reply_mv(struct smb_request *req)
5843 connection_struct *conn = req->conn;
5845 char *newname = NULL;
5849 bool src_has_wcard = False;
5850 bool dest_has_wcard = False;
5851 TALLOC_CTX *ctx = talloc_tos();
5853 START_PROFILE(SMBmv);
5856 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5861 attrs = SVAL(req->vwv+0, 0);
5863 p = (const char *)req->buf + 1;
5864 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
5865 &status, &src_has_wcard);
5866 if (!NT_STATUS_IS_OK(status)) {
5867 reply_nterror(req, status);
5872 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
5873 &status, &dest_has_wcard);
5874 if (!NT_STATUS_IS_OK(status)) {
5875 reply_nterror(req, status);
5880 status = resolve_dfspath_wcard(ctx, conn,
5881 req->flags2 & FLAGS2_DFS_PATHNAMES,
5885 if (!NT_STATUS_IS_OK(status)) {
5886 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5887 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5888 ERRSRV, ERRbadpath);
5892 reply_nterror(req, status);
5897 status = resolve_dfspath_wcard(ctx, conn,
5898 req->flags2 & FLAGS2_DFS_PATHNAMES,
5902 if (!NT_STATUS_IS_OK(status)) {
5903 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5904 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5905 ERRSRV, ERRbadpath);
5909 reply_nterror(req, status);
5914 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5916 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5917 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
5918 if (!NT_STATUS_IS_OK(status)) {
5919 if (open_was_deferred(req->mid)) {
5920 /* We have re-scheduled this call. */
5924 reply_nterror(req, status);
5929 reply_outbuf(req, 0, 0);
5935 /*******************************************************************
5936 Copy a file as part of a reply_copy.
5937 ******************************************************************/
5940 * TODO: check error codes on all callers
5943 NTSTATUS copy_file(TALLOC_CTX *ctx,
5944 connection_struct *conn,
5949 bool target_is_directory)
5951 SMB_STRUCT_STAT src_sbuf, sbuf2;
5953 files_struct *fsp1,*fsp2;
5956 uint32 new_create_disposition;
5959 dest = talloc_strdup(ctx, dest1);
5961 return NT_STATUS_NO_MEMORY;
5963 if (target_is_directory) {
5964 const char *p = strrchr_m(src,'/');
5970 dest = talloc_asprintf_append(dest,
5974 return NT_STATUS_NO_MEMORY;
5978 if (!vfs_file_exist(conn,src,&src_sbuf)) {
5980 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
5983 if (!target_is_directory && count) {
5984 new_create_disposition = FILE_OPEN;
5986 if (!map_open_params_to_ntcreate(dest1,0,ofun,
5987 NULL, NULL, &new_create_disposition, NULL)) {
5989 return NT_STATUS_INVALID_PARAMETER;
5993 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
5995 FILE_SHARE_READ|FILE_SHARE_WRITE,
5998 FILE_ATTRIBUTE_NORMAL,
6002 if (!NT_STATUS_IS_OK(status)) {
6007 dosattrs = dos_mode(conn, src, &src_sbuf);
6008 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6009 ZERO_STRUCTP(&sbuf2);
6012 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6014 FILE_SHARE_READ|FILE_SHARE_WRITE,
6015 new_create_disposition,
6023 if (!NT_STATUS_IS_OK(status)) {
6024 close_file(NULL, fsp1, ERROR_CLOSE);
6028 if ((ofun&3) == 1) {
6029 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6030 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6032 * Stop the copy from occurring.
6035 src_sbuf.st_size = 0;
6039 if (src_sbuf.st_size) {
6040 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6043 close_file(NULL, fsp1, NORMAL_CLOSE);
6045 /* Ensure the modtime is set correctly on the destination file. */
6046 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6049 * As we are opening fsp1 read-only we only expect
6050 * an error on close on fsp2 if we are out of space.
6051 * Thus we don't look at the error return from the
6054 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6056 if (!NT_STATUS_IS_OK(status)) {
6060 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6061 return NT_STATUS_DISK_FULL;
6064 return NT_STATUS_OK;
6067 /****************************************************************************
6068 Reply to a file copy.
6069 ****************************************************************************/
6071 void reply_copy(struct smb_request *req)
6073 connection_struct *conn = req->conn;
6075 char *newname = NULL;
6076 char *directory = NULL;
6077 const char *mask = NULL;
6078 const char mask_star[] = "*";
6081 int error = ERRnoaccess;
6086 bool target_is_directory=False;
6087 bool source_has_wild = False;
6088 bool dest_has_wild = False;
6089 SMB_STRUCT_STAT sbuf1, sbuf2;
6091 TALLOC_CTX *ctx = talloc_tos();
6093 START_PROFILE(SMBcopy);
6096 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6097 END_PROFILE(SMBcopy);
6101 tid2 = SVAL(req->vwv+0, 0);
6102 ofun = SVAL(req->vwv+1, 0);
6103 flags = SVAL(req->vwv+2, 0);
6105 p = (const char *)req->buf;
6106 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6107 &status, &source_has_wild);
6108 if (!NT_STATUS_IS_OK(status)) {
6109 reply_nterror(req, status);
6110 END_PROFILE(SMBcopy);
6113 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6114 &status, &dest_has_wild);
6115 if (!NT_STATUS_IS_OK(status)) {
6116 reply_nterror(req, status);
6117 END_PROFILE(SMBcopy);
6121 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6123 if (tid2 != conn->cnum) {
6124 /* can't currently handle inter share copies XXXX */
6125 DEBUG(3,("Rejecting inter-share copy\n"));
6126 reply_doserror(req, ERRSRV, ERRinvdevice);
6127 END_PROFILE(SMBcopy);
6131 status = resolve_dfspath_wcard(ctx, conn,
6132 req->flags2 & FLAGS2_DFS_PATHNAMES,
6136 if (!NT_STATUS_IS_OK(status)) {
6137 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6138 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6139 ERRSRV, ERRbadpath);
6140 END_PROFILE(SMBcopy);
6143 reply_nterror(req, status);
6144 END_PROFILE(SMBcopy);
6148 status = resolve_dfspath_wcard(ctx, conn,
6149 req->flags2 & FLAGS2_DFS_PATHNAMES,
6153 if (!NT_STATUS_IS_OK(status)) {
6154 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6155 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6156 ERRSRV, ERRbadpath);
6157 END_PROFILE(SMBcopy);
6160 reply_nterror(req, status);
6161 END_PROFILE(SMBcopy);
6165 status = unix_convert(ctx, conn, name, source_has_wild,
6166 &name, NULL, &sbuf1);
6167 if (!NT_STATUS_IS_OK(status)) {
6168 reply_nterror(req, status);
6169 END_PROFILE(SMBcopy);
6173 status = unix_convert(ctx, conn, newname, dest_has_wild,
6174 &newname, NULL, &sbuf2);
6175 if (!NT_STATUS_IS_OK(status)) {
6176 reply_nterror(req, status);
6177 END_PROFILE(SMBcopy);
6181 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6183 if ((flags&1) && target_is_directory) {
6184 reply_doserror(req, ERRDOS, ERRbadfile);
6185 END_PROFILE(SMBcopy);
6189 if ((flags&2) && !target_is_directory) {
6190 reply_doserror(req, ERRDOS, ERRbadpath);
6191 END_PROFILE(SMBcopy);
6195 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6196 /* wants a tree copy! XXXX */
6197 DEBUG(3,("Rejecting tree copy\n"));
6198 reply_doserror(req, ERRSRV, ERRerror);
6199 END_PROFILE(SMBcopy);
6203 p = strrchr_m(name,'/');
6205 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6208 directory = talloc_strdup(ctx, "./");
6213 reply_nterror(req, NT_STATUS_NO_MEMORY);
6214 END_PROFILE(SMBcopy);
6219 * We should only check the mangled cache
6220 * here if unix_convert failed. This means
6221 * that the path in 'mask' doesn't exist
6222 * on the file system and so we need to look
6223 * for a possible mangle. This patch from
6224 * Tine Smukavec <valentin.smukavec@hermes.si>.
6227 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6228 char *new_mask = NULL;
6229 mangle_lookup_name_from_8_3(ctx,
6238 if (!source_has_wild) {
6239 directory = talloc_asprintf_append(directory,
6242 if (dest_has_wild) {
6243 char *mod_newname = NULL;
6244 if (!resolve_wildcards(ctx,
6245 directory,newname,&mod_newname)) {
6246 reply_nterror(req, NT_STATUS_NO_MEMORY);
6247 END_PROFILE(SMBcopy);
6250 newname = mod_newname;
6253 status = check_name(conn, directory);
6254 if (!NT_STATUS_IS_OK(status)) {
6255 reply_nterror(req, status);
6256 END_PROFILE(SMBcopy);
6260 status = check_name(conn, newname);
6261 if (!NT_STATUS_IS_OK(status)) {
6262 reply_nterror(req, status);
6263 END_PROFILE(SMBcopy);
6267 status = copy_file(ctx,conn,directory,newname,ofun,
6268 count,target_is_directory);
6270 if(!NT_STATUS_IS_OK(status)) {
6271 reply_nterror(req, status);
6272 END_PROFILE(SMBcopy);
6278 struct smb_Dir *dir_hnd = NULL;
6279 const char *dname = NULL;
6282 if (strequal(mask,"????????.???")) {
6286 status = check_name(conn, directory);
6287 if (!NT_STATUS_IS_OK(status)) {
6288 reply_nterror(req, status);
6289 END_PROFILE(SMBcopy);
6293 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6294 if (dir_hnd == NULL) {
6295 status = map_nt_error_from_unix(errno);
6296 reply_nterror(req, status);
6297 END_PROFILE(SMBcopy);
6303 while ((dname = ReadDirName(dir_hnd, &offset))) {
6304 char *destname = NULL;
6307 if (ISDOT(dname) || ISDOTDOT(dname)) {
6311 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6315 if(!mask_match(dname, mask, conn->case_sensitive)) {
6319 error = ERRnoaccess;
6320 fname = talloc_asprintf(ctx,
6325 TALLOC_FREE(dir_hnd);
6326 reply_nterror(req, NT_STATUS_NO_MEMORY);
6327 END_PROFILE(SMBcopy);
6331 if (!resolve_wildcards(ctx,
6332 fname,newname,&destname)) {
6336 TALLOC_FREE(dir_hnd);
6337 reply_nterror(req, NT_STATUS_NO_MEMORY);
6338 END_PROFILE(SMBcopy);
6342 status = check_name(conn, fname);
6343 if (!NT_STATUS_IS_OK(status)) {
6344 TALLOC_FREE(dir_hnd);
6345 reply_nterror(req, status);
6346 END_PROFILE(SMBcopy);
6350 status = check_name(conn, destname);
6351 if (!NT_STATUS_IS_OK(status)) {
6352 TALLOC_FREE(dir_hnd);
6353 reply_nterror(req, status);
6354 END_PROFILE(SMBcopy);
6358 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6360 status = copy_file(ctx,conn,fname,destname,ofun,
6361 count,target_is_directory);
6362 if (NT_STATUS_IS_OK(status)) {
6366 TALLOC_FREE(destname);
6368 TALLOC_FREE(dir_hnd);
6373 /* Error on close... */
6375 reply_unixerror(req, ERRHRD, ERRgeneral);
6376 END_PROFILE(SMBcopy);
6380 reply_doserror(req, ERRDOS, error);
6381 END_PROFILE(SMBcopy);
6385 reply_outbuf(req, 1, 0);
6386 SSVAL(req->outbuf,smb_vwv0,count);
6388 END_PROFILE(SMBcopy);
6393 #define DBGC_CLASS DBGC_LOCKING
6395 /****************************************************************************
6396 Get a lock pid, dealing with large count requests.
6397 ****************************************************************************/
6399 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6400 bool large_file_format)
6402 if(!large_file_format)
6403 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6405 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6408 /****************************************************************************
6409 Get a lock count, dealing with large count requests.
6410 ****************************************************************************/
6412 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6413 bool large_file_format)
6417 if(!large_file_format) {
6418 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6421 #if defined(HAVE_LONGLONG)
6422 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6423 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6424 #else /* HAVE_LONGLONG */
6427 * NT4.x seems to be broken in that it sends large file (64 bit)
6428 * lockingX calls even if the CAP_LARGE_FILES was *not*
6429 * negotiated. For boxes without large unsigned ints truncate the
6430 * lock count by dropping the top 32 bits.
6433 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6434 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6435 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6436 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6437 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6440 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6441 #endif /* HAVE_LONGLONG */
6447 #if !defined(HAVE_LONGLONG)
6448 /****************************************************************************
6449 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6450 ****************************************************************************/
6452 static uint32 map_lock_offset(uint32 high, uint32 low)
6456 uint32 highcopy = high;
6459 * Try and find out how many significant bits there are in high.
6462 for(i = 0; highcopy; i++)
6466 * We use 31 bits not 32 here as POSIX
6467 * lock offsets may not be negative.
6470 mask = (~0) << (31 - i);
6473 return 0; /* Fail. */
6479 #endif /* !defined(HAVE_LONGLONG) */
6481 /****************************************************************************
6482 Get a lock offset, dealing with large offset requests.
6483 ****************************************************************************/
6485 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6486 bool large_file_format, bool *err)
6488 uint64_t offset = 0;
6492 if(!large_file_format) {
6493 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6496 #if defined(HAVE_LONGLONG)
6497 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6498 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6499 #else /* HAVE_LONGLONG */
6502 * NT4.x seems to be broken in that it sends large file (64 bit)
6503 * lockingX calls even if the CAP_LARGE_FILES was *not*
6504 * negotiated. For boxes without large unsigned ints mangle the
6505 * lock offset by mapping the top 32 bits onto the lower 32.
6508 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6509 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6510 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6513 if((new_low = map_lock_offset(high, low)) == 0) {
6515 return (uint64_t)-1;
6518 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6519 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6520 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6521 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6524 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6525 #endif /* HAVE_LONGLONG */
6531 /****************************************************************************
6532 Reply to a lockingX request.
6533 ****************************************************************************/
6535 void reply_lockingX(struct smb_request *req)
6537 connection_struct *conn = req->conn;
6539 unsigned char locktype;
6540 unsigned char oplocklevel;
6543 uint64_t count = 0, offset = 0;
6547 const uint8_t *data;
6548 bool large_file_format;
6550 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6552 START_PROFILE(SMBlockingX);
6555 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6556 END_PROFILE(SMBlockingX);
6560 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6561 locktype = CVAL(req->vwv+3, 0);
6562 oplocklevel = CVAL(req->vwv+3, 1);
6563 num_ulocks = SVAL(req->vwv+6, 0);
6564 num_locks = SVAL(req->vwv+7, 0);
6565 lock_timeout = IVAL(req->vwv+4, 0);
6566 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6568 if (!check_fsp(conn, req, fsp)) {
6569 END_PROFILE(SMBlockingX);
6575 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6576 /* we don't support these - and CANCEL_LOCK makes w2k
6577 and XP reboot so I don't really want to be
6578 compatible! (tridge) */
6579 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6580 END_PROFILE(SMBlockingX);
6584 /* Check if this is an oplock break on a file
6585 we have granted an oplock on.
6587 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6588 /* Client can insist on breaking to none. */
6589 bool break_to_none = (oplocklevel == 0);
6592 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6593 "for fnum = %d\n", (unsigned int)oplocklevel,
6597 * Make sure we have granted an exclusive or batch oplock on
6601 if (fsp->oplock_type == 0) {
6603 /* The Samba4 nbench simulator doesn't understand
6604 the difference between break to level2 and break
6605 to none from level2 - it sends oplock break
6606 replies in both cases. Don't keep logging an error
6607 message here - just ignore it. JRA. */
6609 DEBUG(5,("reply_lockingX: Error : oplock break from "
6610 "client for fnum = %d (oplock=%d) and no "
6611 "oplock granted on this file (%s).\n",
6612 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6614 /* if this is a pure oplock break request then don't
6616 if (num_locks == 0 && num_ulocks == 0) {
6617 END_PROFILE(SMBlockingX);
6620 END_PROFILE(SMBlockingX);
6621 reply_doserror(req, ERRDOS, ERRlock);
6626 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6628 result = remove_oplock(fsp);
6630 result = downgrade_oplock(fsp);
6634 DEBUG(0, ("reply_lockingX: error in removing "
6635 "oplock on file %s\n", fsp->fsp_name));
6636 /* Hmmm. Is this panic justified? */
6637 smb_panic("internal tdb error");
6640 reply_to_oplock_break_requests(fsp);
6642 /* if this is a pure oplock break request then don't send a
6644 if (num_locks == 0 && num_ulocks == 0) {
6645 /* Sanity check - ensure a pure oplock break is not a
6647 if(CVAL(req->vwv+0, 0) != 0xff)
6648 DEBUG(0,("reply_lockingX: Error : pure oplock "
6649 "break is a chained %d request !\n",
6650 (unsigned int)CVAL(req->vwv+0, 0)));
6651 END_PROFILE(SMBlockingX);
6657 * We do this check *after* we have checked this is not a oplock break
6658 * response message. JRA.
6661 release_level_2_oplocks_on_change(fsp);
6664 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6665 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6666 END_PROFILE(SMBlockingX);
6670 /* Data now points at the beginning of the list
6671 of smb_unlkrng structs */
6672 for(i = 0; i < (int)num_ulocks; i++) {
6673 lock_pid = get_lock_pid( data, i, large_file_format);
6674 count = get_lock_count( data, i, large_file_format);
6675 offset = get_lock_offset( data, i, large_file_format, &err);
6678 * There is no error code marked "stupid client bug".... :-).
6681 END_PROFILE(SMBlockingX);
6682 reply_doserror(req, ERRDOS, ERRnoaccess);
6686 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6687 "pid %u, file %s\n", (double)offset, (double)count,
6688 (unsigned int)lock_pid, fsp->fsp_name ));
6690 status = do_unlock(smbd_messaging_context(),
6697 if (NT_STATUS_V(status)) {
6698 END_PROFILE(SMBlockingX);
6699 reply_nterror(req, status);
6704 /* Setup the timeout in seconds. */
6706 if (!lp_blocking_locks(SNUM(conn))) {
6710 /* Now do any requested locks */
6711 data += ((large_file_format ? 20 : 10)*num_ulocks);
6713 /* Data now points at the beginning of the list
6714 of smb_lkrng structs */
6716 for(i = 0; i < (int)num_locks; i++) {
6717 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6718 READ_LOCK:WRITE_LOCK);
6719 lock_pid = get_lock_pid( data, i, large_file_format);
6720 count = get_lock_count( data, i, large_file_format);
6721 offset = get_lock_offset( data, i, large_file_format, &err);
6724 * There is no error code marked "stupid client bug".... :-).
6727 END_PROFILE(SMBlockingX);
6728 reply_doserror(req, ERRDOS, ERRnoaccess);
6732 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6733 "%u, file %s timeout = %d\n", (double)offset,
6734 (double)count, (unsigned int)lock_pid,
6735 fsp->fsp_name, (int)lock_timeout ));
6737 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6738 if (lp_blocking_locks(SNUM(conn))) {
6740 /* Schedule a message to ourselves to
6741 remove the blocking lock record and
6742 return the right error. */
6744 if (!blocking_lock_cancel(fsp,
6750 NT_STATUS_FILE_LOCK_CONFLICT)) {
6751 END_PROFILE(SMBlockingX);
6756 ERRcancelviolation));
6760 /* Remove a matching pending lock. */
6761 status = do_lock_cancel(fsp,
6767 bool blocking_lock = lock_timeout ? True : False;
6768 bool defer_lock = False;
6769 struct byte_range_lock *br_lck;
6770 uint32 block_smbpid;
6772 br_lck = do_lock(smbd_messaging_context(),
6783 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6784 /* Windows internal resolution for blocking locks seems
6785 to be about 200ms... Don't wait for less than that. JRA. */
6786 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6787 lock_timeout = lp_lock_spin_time();
6792 /* This heuristic seems to match W2K3 very well. If a
6793 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6794 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6795 far as I can tell. Replacement for do_lock_spin(). JRA. */
6797 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6798 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6800 lock_timeout = lp_lock_spin_time();
6803 if (br_lck && defer_lock) {
6805 * A blocking lock was requested. Package up
6806 * this smb into a queued request and push it
6807 * onto the blocking lock queue.
6809 if(push_blocking_lock_request(br_lck,
6820 TALLOC_FREE(br_lck);
6821 END_PROFILE(SMBlockingX);
6826 TALLOC_FREE(br_lck);
6829 if (NT_STATUS_V(status)) {
6830 END_PROFILE(SMBlockingX);
6831 reply_nterror(req, status);
6836 /* If any of the above locks failed, then we must unlock
6837 all of the previous locks (X/Open spec). */
6839 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6843 * Ensure we don't do a remove on the lock that just failed,
6844 * as under POSIX rules, if we have a lock already there, we
6845 * will delete it (and we shouldn't) .....
6847 for(i--; i >= 0; i--) {
6848 lock_pid = get_lock_pid( data, i, large_file_format);
6849 count = get_lock_count( data, i, large_file_format);
6850 offset = get_lock_offset( data, i, large_file_format,
6854 * There is no error code marked "stupid client
6858 END_PROFILE(SMBlockingX);
6859 reply_doserror(req, ERRDOS, ERRnoaccess);
6863 do_unlock(smbd_messaging_context(),
6870 END_PROFILE(SMBlockingX);
6871 reply_nterror(req, status);
6875 reply_outbuf(req, 2, 0);
6877 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6878 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6880 END_PROFILE(SMBlockingX);
6885 #define DBGC_CLASS DBGC_ALL
6887 /****************************************************************************
6888 Reply to a SMBreadbmpx (read block multiplex) request.
6889 Always reply with an error, if someone has a platform really needs this,
6890 please contact vl@samba.org
6891 ****************************************************************************/
6893 void reply_readbmpx(struct smb_request *req)
6895 START_PROFILE(SMBreadBmpx);
6896 reply_doserror(req, ERRSRV, ERRuseSTD);
6897 END_PROFILE(SMBreadBmpx);
6901 /****************************************************************************
6902 Reply to a SMBreadbs (read block multiplex secondary) request.
6903 Always reply with an error, if someone has a platform really needs this,
6904 please contact vl@samba.org
6905 ****************************************************************************/
6907 void reply_readbs(struct smb_request *req)
6909 START_PROFILE(SMBreadBs);
6910 reply_doserror(req, ERRSRV, ERRuseSTD);
6911 END_PROFILE(SMBreadBs);
6915 /****************************************************************************
6916 Reply to a SMBsetattrE.
6917 ****************************************************************************/
6919 void reply_setattrE(struct smb_request *req)
6921 connection_struct *conn = req->conn;
6922 struct timespec ts[2];
6924 SMB_STRUCT_STAT sbuf;
6927 START_PROFILE(SMBsetattrE);
6930 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6931 END_PROFILE(SMBsetattrE);
6935 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
6937 if(!fsp || (fsp->conn != conn)) {
6938 reply_doserror(req, ERRDOS, ERRbadfid);
6939 END_PROFILE(SMBsetattrE);
6945 * Convert the DOS times into unix times. Ignore create
6946 * time as UNIX can't set this.
6949 ts[0] = convert_time_t_to_timespec(
6950 srv_make_unix_date2(req->vwv+3)); /* atime. */
6951 ts[1] = convert_time_t_to_timespec(
6952 srv_make_unix_date2(req->vwv+5)); /* mtime. */
6954 reply_outbuf(req, 0, 0);
6957 * Patch from Ray Frush <frush@engr.colostate.edu>
6958 * Sometimes times are sent as zero - ignore them.
6961 /* Ensure we have a valid stat struct for the source. */
6962 if (fsp->fh->fd != -1) {
6963 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
6964 status = map_nt_error_from_unix(errno);
6965 reply_nterror(req, status);
6966 END_PROFILE(SMBsetattrE);
6970 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) {
6971 status = map_nt_error_from_unix(errno);
6972 reply_nterror(req, status);
6973 END_PROFILE(SMBsetattrE);
6978 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
6980 if (!NT_STATUS_IS_OK(status)) {
6981 reply_doserror(req, ERRDOS, ERRnoaccess);
6982 END_PROFILE(SMBsetattrE);
6986 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
6988 (unsigned int)ts[0].tv_sec,
6989 (unsigned int)ts[1].tv_sec));
6991 END_PROFILE(SMBsetattrE);
6996 /* Back from the dead for OS/2..... JRA. */
6998 /****************************************************************************
6999 Reply to a SMBwritebmpx (write block multiplex primary) request.
7000 Always reply with an error, if someone has a platform really needs this,
7001 please contact vl@samba.org
7002 ****************************************************************************/
7004 void reply_writebmpx(struct smb_request *req)
7006 START_PROFILE(SMBwriteBmpx);
7007 reply_doserror(req, ERRSRV, ERRuseSTD);
7008 END_PROFILE(SMBwriteBmpx);
7012 /****************************************************************************
7013 Reply to a SMBwritebs (write block multiplex secondary) request.
7014 Always reply with an error, if someone has a platform really needs this,
7015 please contact vl@samba.org
7016 ****************************************************************************/
7018 void reply_writebs(struct smb_request *req)
7020 START_PROFILE(SMBwriteBs);
7021 reply_doserror(req, ERRSRV, ERRuseSTD);
7022 END_PROFILE(SMBwriteBs);
7026 /****************************************************************************
7027 Reply to a SMBgetattrE.
7028 ****************************************************************************/
7030 void reply_getattrE(struct smb_request *req)
7032 connection_struct *conn = req->conn;
7033 SMB_STRUCT_STAT sbuf;
7036 struct timespec create_ts;
7038 START_PROFILE(SMBgetattrE);
7041 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7042 END_PROFILE(SMBgetattrE);
7046 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7048 if(!fsp || (fsp->conn != conn)) {
7049 reply_doserror(req, ERRDOS, ERRbadfid);
7050 END_PROFILE(SMBgetattrE);
7054 /* Do an fstat on this file */
7055 if(fsp_stat(fsp, &sbuf)) {
7056 reply_unixerror(req, ERRDOS, ERRnoaccess);
7057 END_PROFILE(SMBgetattrE);
7061 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7064 * Convert the times into dos times. Set create
7065 * date to be last modify date as UNIX doesn't save
7069 reply_outbuf(req, 11, 0);
7071 create_ts = get_create_timespec(&sbuf,
7072 lp_fake_dir_create_times(SNUM(conn)));
7073 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7074 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7075 /* Should we check pending modtime here ? JRA */
7076 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7079 SIVAL(req->outbuf, smb_vwv6, 0);
7080 SIVAL(req->outbuf, smb_vwv8, 0);
7082 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7083 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7084 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7086 SSVAL(req->outbuf,smb_vwv10, mode);
7088 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7090 END_PROFILE(SMBgetattrE);
git.samba.org / kai / samba.git / blob