s3: Change SMB_VFS_CREATE_FILE to take a create_file_flags argument

[kai/samba.git] / source3 / smbd / trans2.c
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c

index c20d9304338f92e35035caa1c9ad7e1c10232b00..f41210b2e19de6417889e4c9159b51c2090d4489 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5,7 +5,7 @@
     Copyright (C) Stefan (metze) Metzmacher     2003
     Copyright (C) Volker Lendecke               2005-2007
     Copyright (C) Steve French                  2005
-   Copyright (C) James Peach                   2007
+   Copyright (C) James Peach                   2006-2007
  
     Extensively modified by Andrew Tridgell, 1995
  
@@ -28,7 +28,6 @@
  extern int max_send;
  extern enum protocol_types Protocol;
  extern uint32 global_client_caps;
-extern struct current_user current_user;
  
  #define get_file_size(sbuf) ((sbuf).st_size)
  #define DIR_ENTRY_SAFETY_MARGIN 4096
@@ -48,9 +47,9 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
   Only do this for Windows clients.
  ********************************************************************/
  
-SMB_BIG_UINT smb_roundup(connection_struct *conn, SMB_BIG_UINT val)
+uint64_t smb_roundup(connection_struct *conn, uint64_t val)
  {
-       SMB_BIG_UINT rval = lp_allocation_roundup_size(SNUM(conn));
+       uint64_t rval = lp_allocation_roundup_size(SNUM(conn));
  
         /* Only roundup for Windows clients. */
         enum remote_arch_types ra_type = get_remote_arch();
@@ -65,18 +64,18 @@ SMB_BIG_UINT smb_roundup(connection_struct *conn, SMB_BIG_UINT val)
   account sparse files.
  ********************************************************************/
  
-SMB_BIG_UINT get_allocation_size(connection_struct *conn, files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
+uint64_t get_allocation_size(connection_struct *conn, files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
  {
-       SMB_BIG_UINT ret;
+       uint64_t ret;
  
         if(S_ISDIR(sbuf->st_mode)) {
                 return 0;
         }
  
  #if defined(HAVE_STAT_ST_BLOCKS) && defined(STAT_ST_BLOCKSIZE)
-       ret = (SMB_BIG_UINT)STAT_ST_BLOCKSIZE * (SMB_BIG_UINT)sbuf->st_blocks;
+       ret = (uint64_t)STAT_ST_BLOCKSIZE * (uint64_t)sbuf->st_blocks;
  #else
-       ret = (SMB_BIG_UINT)get_file_size(*sbuf);
+       ret = (uint64_t)get_file_size(*sbuf);
  #endif
  
         if (fsp && fsp->initial_allocation_size)
@@ -105,17 +104,22 @@ static bool samba_private_attr_name(const char *unix_ea_name)
  
         for (i = 0; prohibited_ea_names[i]; i++) {
                 if (strequal( prohibited_ea_names[i], unix_ea_name))
-                       return True;
+                       return true;
         }
-       return False;
+       if (StrnCaseCmp(unix_ea_name, SAMBA_XATTR_DOSSTREAM_PREFIX,
+                       strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) == 0) {
+               return true;
+       }
+       return false;
  }
  
  /****************************************************************************
   Get one EA value. Fill in a struct ea_struct.
  ****************************************************************************/
  
-static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
-                               const char *fname, char *ea_name, struct ea_struct *pea)
+NTSTATUS get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn,
+                     files_struct *fsp, const char *fname,
+                     const char *ea_name, struct ea_struct *pea)
  {
         /* Get the value of this xattr. Max size is 64k. */
         size_t attr_size = 256;
@@ -126,7 +130,7 @@ static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str
  
         val = TALLOC_REALLOC_ARRAY(mem_ctx, val, char, attr_size);
         if (!val) {
-               return False;
+               return NT_STATUS_NO_MEMORY;
         }
  
         if (fsp && fsp->fh->fd != -1) {
@@ -141,7 +145,7 @@ static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str
         }
  
         if (sizeret == -1) {
-               return False;
+               return map_nt_error_from_unix(errno);
         }
  
         DEBUG(10,("get_ea_value: EA %s is of length %u\n", ea_name, (unsigned int)sizeret));
@@ -149,93 +153,192 @@ static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str
  
         pea->flags = 0;
         if (strnequal(ea_name, "user.", 5)) {
-               pea->name = &ea_name[5];
+               pea->name = talloc_strdup(mem_ctx, &ea_name[5]);
         } else {
-               pea->name = ea_name;
+               pea->name = talloc_strdup(mem_ctx, ea_name);
+       }
+       if (pea->name == NULL) {
+               TALLOC_FREE(val);
+               return NT_STATUS_NO_MEMORY;
         }
         pea->value.data = (unsigned char *)val;
         pea->value.length = (size_t)sizeret;
-       return True;
+       return NT_STATUS_OK;
  }
  
-/****************************************************************************
- Return a linked list of the total EA's. Plus the total size
-****************************************************************************/
-
-static struct ea_list *get_ea_list_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
-                                       const char *fname, size_t *pea_total_len)
+NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
+                               files_struct *fsp, const char *fname,
+                               char ***pnames, size_t *pnum_names)
  {
         /* Get a list of all xattrs. Max namesize is 64k. */
         size_t ea_namelist_size = 1024;
-       char *ea_namelist;
-       char *p;
-       ssize_t sizeret;
-       int i;
-       struct ea_list *ea_list_head = NULL;
+       char *ea_namelist = NULL;
  
-       *pea_total_len = 0;
+       char *p;
+       char **names, **tmp;
+       size_t num_names;
+       ssize_t sizeret = -1;
  
         if (!lp_ea_support(SNUM(conn))) {
-               return NULL;
+               *pnames = NULL;
+               *pnum_names = 0;
+               return NT_STATUS_OK;
         }
  
-       for (i = 0, ea_namelist = TALLOC_ARRAY(mem_ctx, char, ea_namelist_size); i < 6;
-            ea_namelist = TALLOC_REALLOC_ARRAY(mem_ctx, ea_namelist, char, ea_namelist_size), i++) {
+       /*
+        * TALLOC the result early to get the talloc hierarchy right.
+        */
  
-               if (!ea_namelist) {
-                       return NULL;
+       names = TALLOC_ARRAY(mem_ctx, char *, 1);
+       if (names == NULL) {
+               DEBUG(0, ("talloc failed\n"));
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       while (ea_namelist_size <= 65536) {
+
+               ea_namelist = TALLOC_REALLOC_ARRAY(
+                       names, ea_namelist, char, ea_namelist_size);
+               if (ea_namelist == NULL) {
+                       DEBUG(0, ("talloc failed\n"));
+                       TALLOC_FREE(names);
+                       return NT_STATUS_NO_MEMORY;
                 }
  
                 if (fsp && fsp->fh->fd != -1) {
-                       sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist, ea_namelist_size);
+                       sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
+                                                    ea_namelist_size);
                 } else {
-                       sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist, ea_namelist_size);
+                       sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist,
+                                                   ea_namelist_size);
                 }
  
-               if (sizeret == -1 && errno == ERANGE) {
+               if ((sizeret == -1) && (errno == ERANGE)) {
                         ea_namelist_size *= 2;
-               } else {
+               }
+               else {
                         break;
                 }
         }
  
-       if (sizeret == -1)
-               return NULL;
+       if (sizeret == -1) {
+               TALLOC_FREE(names);
+               return map_nt_error_from_unix(errno);
+       }
  
-       DEBUG(10,("get_ea_list_from_file: ea_namelist size = %u\n", (unsigned int)sizeret ));
+       DEBUG(10, ("get_ea_list_from_file: ea_namelist size = %u\n",
+                  (unsigned int)sizeret));
  
-       if (sizeret) {
-               for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p) + 1) {
-                       struct ea_list *listp;
+       if (sizeret == 0) {
+               TALLOC_FREE(names);
+               *pnames = NULL;
+               *pnum_names = 0;
+               return NT_STATUS_OK;
+       }
  
-                       if (strnequal(p, "system.", 7) || samba_private_attr_name(p))
-                               continue;
+       /*
+        * Ensure the result is 0-terminated
+        */
  
-                       listp = TALLOC_P(mem_ctx, struct ea_list);
-                       if (!listp)
-                               return NULL;
+       if (ea_namelist[sizeret-1] != '\0') {
+               TALLOC_FREE(names);
+               return NT_STATUS_INTERNAL_ERROR;
+       }
  
-                       if (!get_ea_value(mem_ctx, conn, fsp, fname, p, &listp->ea)) {
-                               return NULL;
-                       }
+       /*
+        * count the names
+        */
+       num_names = 0;
  
-                       {
-                               fstring dos_ea_name;
-                               push_ascii_fstring(dos_ea_name, listp->ea.name);
-                               *pea_total_len += 4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
-                               DEBUG(10,("get_ea_list_from_file: total_len = %u, %s, val len = %u\n",
-                                       (unsigned int)*pea_total_len, dos_ea_name,
-                                       (unsigned int)listp->ea.value.length ));
-                       }
-                       DLIST_ADD_END(ea_list_head, listp, struct ea_list *);
+       for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
+               num_names += 1;
+       }
+
+       tmp = TALLOC_REALLOC_ARRAY(mem_ctx, names, char *, num_names);
+       if (tmp == NULL) {
+               DEBUG(0, ("talloc failed\n"));
+               TALLOC_FREE(names);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       names = tmp;
+       num_names = 0;
+
+       for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
+               names[num_names++] = p;
+       }
+
+       *pnames = names;
+       *pnum_names = num_names;
+       return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Return a linked list of the total EA's. Plus the total size
+****************************************************************************/
+
+static struct ea_list *get_ea_list_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
+                                       const char *fname, size_t *pea_total_len)
+{
+       /* Get a list of all xattrs. Max namesize is 64k. */
+       size_t i, num_names;
+       char **names;
+       struct ea_list *ea_list_head = NULL;
+       NTSTATUS status;
+
+       *pea_total_len = 0;
+
+       if (!lp_ea_support(SNUM(conn))) {
+               return NULL;
+       }
+
+       status = get_ea_names_from_file(talloc_tos(), conn, fsp, fname,
+                                       &names, &num_names);
+
+       if (!NT_STATUS_IS_OK(status) || (num_names == 0)) {
+               return NULL;
+       }
+
+       for (i=0; i<num_names; i++) {
+               struct ea_list *listp;
+               fstring dos_ea_name;
+
+               if (strnequal(names[i], "system.", 7)
+                   || samba_private_attr_name(names[i]))
+                       continue;
+
+               listp = TALLOC_P(mem_ctx, struct ea_list);
+               if (listp == NULL) {
+                       return NULL;
                 }
-               /* Add on 4 for total length. */
-               if (*pea_total_len) {
-                       *pea_total_len += 4;
+
+               if (!NT_STATUS_IS_OK(get_ea_value(mem_ctx, conn, fsp,
+                                                 fname, names[i],
+                                                 &listp->ea))) {
+                       return NULL;
                 }
+
+               push_ascii_fstring(dos_ea_name, listp->ea.name);
+
+               *pea_total_len +=
+                       4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
+
+               DEBUG(10,("get_ea_list_from_file: total_len = %u, %s, val len "
+                         "= %u\n", (unsigned int)*pea_total_len, dos_ea_name,
+                         (unsigned int)listp->ea.value.length));
+
+               DLIST_ADD_END(ea_list_head, listp, struct ea_list *);
+
+       }
+
+       /* Add on 4 for total length. */
+       if (*pea_total_len) {
+               *pea_total_len += 4;
         }
  
-       DEBUG(10,("get_ea_list_from_file: total_len = %u\n", (unsigned int)*pea_total_len));
+       DEBUG(10, ("get_ea_list_from_file: total_len = %u\n",
+                  (unsigned int)*pea_total_len));
+
         return ea_list_head;
  }
  
@@ -297,9 +400,8 @@ static unsigned int estimate_ea_size(connection_struct *conn, files_struct *fsp,
         if (!lp_ea_support(SNUM(conn))) {
                 return 0;
         }
-       mem_ctx = talloc_init("estimate_ea_size");
+       mem_ctx = talloc_tos();
         (void)get_ea_list_from_file(mem_ctx, conn, fsp, fname, &total_ea_len);
-       talloc_destroy(mem_ctx);
         return total_ea_len;
  }
  
@@ -310,7 +412,7 @@ static unsigned int estimate_ea_size(connection_struct *conn, files_struct *fsp,
  static void canonicalize_ea_name(connection_struct *conn, files_struct *fsp, const char *fname, fstring unix_ea_name)
  {
         size_t total_ea_len;
-       TALLOC_CTX *mem_ctx = talloc_init("canonicalize_ea_name");
+       TALLOC_CTX *mem_ctx = talloc_tos();
         struct ea_list *ea_list = get_ea_list_from_file(mem_ctx, conn, fsp, fname, &total_ea_len);
  
         for (; ea_list; ea_list = ea_list->next) {
@@ -321,7 +423,6 @@ static void canonicalize_ea_name(connection_struct *conn, files_struct *fsp, con
                         break;
                 }
         }
-       talloc_destroy(mem_ctx);
  }
  
  /****************************************************************************
@@ -373,7 +474,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, const char *fname, s
                         if (fsp && (fsp->fh->fd != -1)) {
                                 DEBUG(10,("set_ea: setting ea name %s on file %s by file descriptor.\n",
                                         unix_ea_name, fsp->fsp_name));
-                               ret = SMB_VFS_FSETXATTR(fsp, fsp->fh->fd, unix_ea_name,
+                               ret = SMB_VFS_FSETXATTR(fsp, unix_ea_name,
                                                         ea_list->ea.value.data, ea_list->ea.value.length, 0);
                         } else {
                                 DEBUG(10,("set_ea: setting ea name %s on file %s.\n",
@@ -402,7 +503,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, const char *fname, s
  static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
  {
         struct ea_list *ea_list_head = NULL;
-       size_t offset = 0;
+       size_t converted_size, offset = 0;
  
         while (offset + 2 < data_size) {
                 struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list);
@@ -420,7 +521,11 @@ static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, siz
                 if (pdata[offset + namelen] != '\0') {
                         return NULL;
                 }
-               pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset]);
+               if (!pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset],
+                                      &converted_size)) {
+                       DEBUG(0,("read_ea_name_list: pull_ascii_talloc "
+                                "failed: %s", strerror(errno)));
+               }
                 if (!eal->ea.name) {
                         return NULL;
                 }
@@ -442,6 +547,7 @@ struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t da
         struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list);
         uint16 val_len;
         unsigned int namelen;
+       size_t converted_size;
  
         if (!eal) {
                 return NULL;
@@ -463,7 +569,10 @@ struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t da
         if (pdata[namelen + 4] != '\0') {
                 return NULL;
         }
-       pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4);
+       if (!pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4, &converted_size)) {
+               DEBUG(0,("read_ea_list_entry: pull_ascii_talloc failed: %s",
+                        strerror(errno)));
+       }
         if (!eal->ea.name) {
                 return NULL;
         }
@@ -635,14 +744,16 @@ void send_trans2_replies(connection_struct *conn,
                                     + alignment_offset
                                     + data_alignment_offset);
  
-       /* useable_space can never be more than max_send minus the alignment offset. */
-
-       useable_space = MIN(useable_space, max_send - (alignment_offset+data_alignment_offset));
+       if (useable_space < 0) {
+               DEBUG(0, ("send_trans2_replies failed sanity useable_space "
+                         "= %d!!!", useable_space));
+               exit_server_cleanly("send_trans2_replies: Not enough space");
+       }
  
         while (params_to_send || data_to_send) {
                 /* Calculate whether we will totally or partially fill this packet */
  
-               total_sent_thistime = params_to_send + data_to_send + alignment_offset + data_alignment_offset;
+               total_sent_thistime = params_to_send + data_to_send;
  
                 /* We can never send more than useable_space */
                 /*
@@ -652,9 +763,16 @@ void send_trans2_replies(connection_struct *conn,
                  * are sent here. Fix from Marc_Jacobsen@hp.com.
                  */
  
-               total_sent_thistime = MIN(total_sent_thistime, useable_space+ alignment_offset + data_alignment_offset);
+               total_sent_thistime = MIN(total_sent_thistime, useable_space);
  
-               reply_outbuf(req, 10, total_sent_thistime);
+               reply_outbuf(req, 10, total_sent_thistime + alignment_offset
+                            + data_alignment_offset);
+
+               /*
+                * We might have SMBtrans2s in req which was transferred to
+                * the outbuf, fix that.
+                */
+               SCVAL(req->outbuf, smb_com, SMBtrans2);
  
                 /* Set total params and data to be sent */
                 SSVAL(req->outbuf,smb_tprcnt,paramsize);
@@ -888,22 +1006,24 @@ static void call_trans2open(connection_struct *conn,
                 return;
         }
  
-       status = create_file(conn,                      /* conn */
-                            req,                       /* req */
-                            0,                         /* root_dir_fid */
-                            fname,                     /* fname */
-                            access_mask,               /* access_mask */
-                            share_mode,                /* share_access */
-                            create_disposition,        /* create_disposition*/
-                            create_options,            /* create_options */
-                            open_attr,                 /* file_attributes */
-                            oplock_request,            /* oplock_request */
-                            open_size,                 /* allocation_size */
-                            NULL,                      /* sd */
-                            ea_list,                   /* ea_list */
-                            &fsp,                      /* result */
-                            &smb_action,               /* pinfo */
-                            &sbuf);                    /* psbuf */
+       status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               req,                                    /* req */
+               0,                                      /* root_dir_fid */
+               fname,                                  /* fname */
+               CFF_DOS_PATH,                           /* create_file_flags */
+               access_mask,                            /* access_mask */
+               share_mode,                             /* share_access */
+               create_disposition,                     /* create_disposition*/
+               create_options,                         /* create_options */
+               open_attr,                              /* file_attributes */
+               oplock_request,                         /* oplock_request */
+               open_size,                              /* allocation_size */
+               NULL,                                   /* sd */
+               ea_list,                                /* ea_list */
+               &fsp,                                   /* result */
+               &smb_action,                            /* pinfo */
+               &sbuf);                                 /* psbuf */
  
         if (!NT_STATUS_IS_OK(status)) {
                 if (open_was_deferred(req->mid)) {
@@ -915,11 +1035,11 @@ static void call_trans2open(connection_struct *conn,
         }
  
         size = get_file_size(sbuf);
-       fattr = dos_mode(conn,fname,&sbuf);
+       fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
         mtime = sbuf.st_mtime;
         inode = sbuf.st_ino;
         if (fattr & aDIR) {
-               close_file(fsp,ERROR_CLOSE);
+               close_file(req, fsp, ERROR_CLOSE);
                 reply_doserror(req, ERRDOS,ERRnoaccess);
                 return;
         }
@@ -952,7 +1072,7 @@ static void call_trans2open(connection_struct *conn,
         SIVAL(params,20,inode);
         SSVAL(params,24,0); /* Padding. */
         if (flags & 8) {
-               uint32 ea_size = estimate_ea_size(conn, fsp, fname);
+               uint32 ea_size = estimate_ea_size(conn, fsp, fsp->fsp_name);
                 SIVAL(params, 26, ea_size);
         } else {
                 SIVAL(params, 26, 0);
@@ -1017,7 +1137,7 @@ static uint32 unix_filetype(mode_t mode)
                 return UNIX_TYPE_SOCKET;
  #endif
  
-       DEBUG(0,("unix_filetype: unknown filetype %u", (unsigned)mode));
+       DEBUG(0,("unix_filetype: unknown filetype %u\n", (unsigned)mode));
         return UNIX_TYPE_UNKNOWN;
  }
  
@@ -1093,6 +1213,32 @@ static NTSTATUS unix_perms_from_wire( connection_struct *conn,
         return NT_STATUS_OK;
  }
  
+/****************************************************************************
+ Needed to show the msdfs symlinks as directories. Modifies psbuf
+ to be a directory if it's a msdfs link.
+****************************************************************************/
+
+static bool check_msdfs_link(connection_struct *conn,
+                               const char *pathname,
+                               SMB_STRUCT_STAT *psbuf)
+{
+       int saved_errno = errno;
+       if(lp_host_msdfs() &&
+               lp_msdfs_root(SNUM(conn)) &&
+               is_msdfs_link(conn, pathname, psbuf)) {
+
+               DEBUG(5,("check_msdfs_link: Masquerading msdfs link %s "
+                       "as a directory\n",
+                       pathname));
+               psbuf->st_mode = (psbuf->st_mode & 0xFFF) | S_IFDIR;
+               errno = saved_errno;
+               return true;
+       }
+       errno = saved_errno;
+       return false;
+}
+
+
  /****************************************************************************
   Get a level dependent lanman2 dir entry.
  ****************************************************************************/
@@ -1105,6 +1251,7 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
                                 int info_level,
                                 int requires_resume_key,
                                 bool dont_descend,
+                               bool ask_sharemode,
                                 char **ppdata,
                                 char *base_data,
                                 char *end_data,
@@ -1125,7 +1272,7 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
         long prev_dirpos=0;
         uint32 mode=0;
         SMB_OFF_T file_size = 0;
-       SMB_BIG_UINT allocation_size = 0;
+       uint64_t allocation_size = 0;
         uint32 len;
         struct timespec mdate_ts, adate_ts, create_date_ts;
         time_t mdate = (time_t)0, adate = (time_t)0, create_date = (time_t)0;
@@ -1257,16 +1404,8 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
                                 /* Needed to show the msdfs symlinks as
                                  * directories */
  
-                               if(lp_host_msdfs() &&
-                                  lp_msdfs_root(SNUM(conn)) &&
-                                  ((ms_dfs_link = is_msdfs_link(conn, pathreal, &sbuf)) == True)) {
-                                       DEBUG(5,("get_lanman2_dir_entry: Masquerading msdfs link %s "
-                                               "as a directory\n",
-                                               pathreal));
-                                       sbuf.st_mode = (sbuf.st_mode & 0xFFF) | S_IFDIR;
-
-                               } else {
-
+                               ms_dfs_link = check_msdfs_link(conn, pathreal, &sbuf);
+                               if (!ms_dfs_link) {
                                         DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n",
                                                 pathreal,strerror(errno)));
                                         TALLOC_FREE(pathreal);
@@ -1295,6 +1434,17 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
                         adate_ts = get_atimespec(&sbuf);
                         create_date_ts = get_create_timespec(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
  
+                       if (ask_sharemode) {
+                               struct timespec write_time_ts;
+                               struct file_id fileid;
+
+                               fileid = vfs_file_id_from_sbuf(conn, &sbuf);
+                               get_file_infos(fileid, NULL, &write_time_ts);
+                               if (!null_timespec(write_time_ts)) {
+                                       mdate_ts = write_time_ts;
+                               }
+                       }
+
                         if (lp_dos_filetime_resolution(SNUM(conn))) {
                                 dos_filetime_timespec(&create_date_ts);
                                 dos_filetime_timespec(&mdate_ts);
@@ -1750,7 +1900,7 @@ static void call_trans2findfirst(connection_struct *conn,
         bool requires_resume_key;
         int info_level;
         char *directory = NULL;
-       const char *mask = NULL;
+       char *mask = NULL;
         char *p;
         int last_entry_off=0;
         int dptr_num = -1;
@@ -1764,6 +1914,7 @@ static void call_trans2findfirst(connection_struct *conn,
         SMB_STRUCT_STAT sbuf;
         struct ea_list *ea_list = NULL;
         NTSTATUS ntstatus = NT_STATUS_OK;
+       bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
         TALLOC_CTX *ctx = talloc_tos();
  
         if (total_params < 13) {
@@ -1802,6 +1953,8 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
                         break;
                 case SMB_FIND_FILE_UNIX:
                 case SMB_FIND_FILE_UNIX_INFO2:
+                       /* Always use filesystem for UNIX mtime query. */
+                       ask_sharemode = false;
                         if (!lp_unix_extensions()) {
                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
                                 return;
@@ -1835,7 +1988,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
                 return;
         }
  
-       ntstatus = unix_convert(ctx, conn, directory, True, &directory, NULL, &sbuf);
+       ntstatus = unix_convert(ctx, conn, directory, True, &directory, &mask, &sbuf);
         if (!NT_STATUS_IS_OK(ntstatus)) {
                 reply_nterror(req, ntstatus);
                 return;
@@ -1851,10 +2004,12 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
         if(p == NULL) {
                 /* Windows and OS/2 systems treat search on the root '\' as if it were '\*' */
                 if((directory[0] == '.') && (directory[1] == '\0')) {
-                       mask = "*";
+                       mask = talloc_strdup(ctx,"*");
+                       if (!mask) {
+                               reply_nterror(req, NT_STATUS_NO_MEMORY);
+                               return;
+                       }
                         mask_contains_wcard = True;
-               } else {
-                       mask = directory;
                 }
                 directory = talloc_strdup(talloc_tos(), "./");
                 if (!directory) {
@@ -1862,7 +2017,6 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
                         return;
                 }
         } else {
-               mask = p+1;
                 *p = 0;
         }
  
@@ -1955,19 +2109,16 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
                         out_of_space = True;
                         finished = False;
                 } else {
-                       TALLOC_CTX *sub_ctx = talloc_stackframe();
-
-                       finished = !get_lanman2_dir_entry(sub_ctx,
+                       finished = !get_lanman2_dir_entry(ctx,
                                         conn,
                                         req->flags2,
                                         mask,dirtype,info_level,
                                         requires_resume_key,dont_descend,
+                                       ask_sharemode,
                                         &p,pdata,data_end,
                                         space_remaining, &out_of_space,
                                         &got_exact_match,
                                         &last_entry_off, ea_list);
-
-                       TALLOC_FREE(sub_ctx);
                 }
  
                 if (finished && out_of_space)
@@ -2040,7 +2191,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
         }
  
         DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
-               smb_fn_name(CVAL(req->inbuf,smb_com)),
+               smb_fn_name(req->cmd),
                 mask, directory, dirtype, numentries ) );
  
         /*
@@ -2100,6 +2251,7 @@ static void call_trans2findnext(connection_struct *conn,
         int space_remaining;
         struct ea_list *ea_list = NULL;
         NTSTATUS ntstatus = NT_STATUS_OK;
+       bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
         TALLOC_CTX *ctx = talloc_tos();
  
         if (total_params < 13) {
@@ -2161,6 +2313,8 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
                         break;
                 case SMB_FIND_FILE_UNIX:
                 case SMB_FIND_FILE_UNIX_INFO2:
+                       /* Always use filesystem for UNIX mtime query. */
+                       ask_sharemode = false;
                         if (!lp_unix_extensions()) {
                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
                                 return;
@@ -2303,19 +2457,16 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
                         out_of_space = True;
                         finished = False;
                 } else {
-                       TALLOC_CTX *sub_ctx = talloc_stackframe();
-
-                       finished = !get_lanman2_dir_entry(sub_ctx,
+                       finished = !get_lanman2_dir_entry(ctx,
                                                 conn,
                                                 req->flags2,
                                                 mask,dirtype,info_level,
                                                 requires_resume_key,dont_descend,
+                                               ask_sharemode,
                                                 &p,pdata,data_end,
                                                 space_remaining, &out_of_space,
                                                 &got_exact_match,
                                                 &last_entry_off, ea_list);
-
-                       TALLOC_FREE(sub_ctx);
                 }
  
                 if (finished && out_of_space)
@@ -2338,7 +2489,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
         }
  
         DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
-               smb_fn_name(CVAL(req->inbuf,smb_com)),
+               smb_fn_name(req->cmd),
                 mask, directory, dirtype, numentries ) );
  
         /* Check if we can close the dirptr */
@@ -2365,6 +2516,41 @@ unsigned char *create_volume_objectid(connection_struct *conn, unsigned char obj
         return objid;
  }
  
+static void samba_extended_info_version(struct smb_extended_info *extended_info)
+{
+       SMB_ASSERT(extended_info != NULL);
+
+       extended_info->samba_magic = SAMBA_EXTENDED_INFO_MAGIC;
+       extended_info->samba_version = ((SAMBA_VERSION_MAJOR & 0xff) << 24)
+                                      | ((SAMBA_VERSION_MINOR & 0xff) << 16)
+                                      | ((SAMBA_VERSION_RELEASE & 0xff) << 8);
+#ifdef SAMBA_VERSION_REVISION
+       extended_info->samba_version |= (tolower(*SAMBA_VERSION_REVISION) - 'a' + 1) & 0xff;
+#endif
+       extended_info->samba_subversion = 0;
+#ifdef SAMBA_VERSION_RC_RELEASE
+       extended_info->samba_subversion |= (SAMBA_VERSION_RC_RELEASE & 0xff) << 24;
+#else
+#ifdef SAMBA_VERSION_PRE_RELEASE
+       extended_info->samba_subversion |= (SAMBA_VERSION_PRE_RELEASE & 0xff) << 16;
+#endif
+#endif
+#ifdef SAMBA_VERSION_VENDOR_PATCH
+       extended_info->samba_subversion |= (SAMBA_VERSION_VENDOR_PATCH & 0xffff);
+#endif
+       extended_info->samba_gitcommitdate = 0;
+#ifdef SAMBA_VERSION_GIT_COMMIT_TIME
+       unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_GIT_COMMIT_TIME);
+#endif
+
+       memset(extended_info->samba_version_string, 0,
+              sizeof(extended_info->samba_version_string));
+
+       snprintf (extended_info->samba_version_string,
+                 sizeof(extended_info->samba_version_string),
+                 "%s", samba_version_string());
+}
+
  /****************************************************************************
   Reply to a TRANS2_QFSINFO (query filesystem info).
  ****************************************************************************/
@@ -2383,8 +2569,8 @@ static void call_trans2qfsinfo(connection_struct *conn,
         const char *vname = volume_label(SNUM(conn));
         int snum = SNUM(conn);
         char *fstype = lp_fstype(SNUM(conn));
-       int quota_flag = 0;
-
+       uint32 additional_flags = 0;
+       
         if (total_params < 2) {
                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
                 return;
@@ -2435,22 +2621,22 @@ static void call_trans2qfsinfo(connection_struct *conn,
         switch (info_level) {
                 case SMB_INFO_ALLOCATION:
                 {
-                       SMB_BIG_UINT dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
+                       uint64_t dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
                         data_len = 18;
-                       if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
+                       if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (uint64_t)-1) {
                                 reply_unixerror(req, ERRHRD, ERRgeneral);
                                 return;
                         }
  
                         block_size = lp_block_size(snum);
                         if (bsize < block_size) {
-                               SMB_BIG_UINT factor = block_size/bsize;
+                               uint64_t factor = block_size/bsize;
                                 bsize = block_size;
                                 dsize /= factor;
                                 dfree /= factor;
                         }
                         if (bsize > block_size) {
-                               SMB_BIG_UINT factor = bsize/block_size;
+                               uint64_t factor = bsize/block_size;
                                 bsize = block_size;
                                 dsize *= factor;
                                 dfree *= factor;
@@ -2497,16 +2683,21 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_dev, (unsi
                 case SMB_QUERY_FS_ATTRIBUTE_INFO:
                 case SMB_FS_ATTRIBUTE_INFORMATION:
  
-
+                       additional_flags = 0;
  #if defined(HAVE_SYS_QUOTAS)
-                       quota_flag = FILE_VOLUME_QUOTAS;
+                       additional_flags |= FILE_VOLUME_QUOTAS;
  #endif
  
+                       if(lp_nt_acl_support(SNUM(conn))) {
+                               additional_flags |= FILE_PERSISTENT_ACLS;
+                       }
+
+                       /* Capabilities are filled in at connection time through STATVFS call */
+                       additional_flags |= conn->fs_capabilities;
+
                         SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
-                               (lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)|
-                               FILE_SUPPORTS_OBJECT_IDS|
-                               FILE_UNICODE_ON_DISK|
-                               quota_flag); /* FS ATTRIBUTES */
+                               FILE_SUPPORTS_OBJECT_IDS|FILE_UNICODE_ON_DISK|
+                               additional_flags); /* FS ATTRIBUTES */
  
                         SIVAL(pdata,4,255); /* Max filename component length */
                         /* NOTE! the fstype must *not* be null terminated or win98 won't recognise it
@@ -2550,21 +2741,21 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_dev, (unsi
                 case SMB_QUERY_FS_SIZE_INFO:
                 case SMB_FS_SIZE_INFORMATION:
                 {
-                       SMB_BIG_UINT dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
+                       uint64_t dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
                         data_len = 24;
-                       if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
+                       if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (uint64_t)-1) {
                                 reply_unixerror(req, ERRHRD, ERRgeneral);
                                 return;
                         }
                         block_size = lp_block_size(snum);
                         if (bsize < block_size) {
-                               SMB_BIG_UINT factor = block_size/bsize;
+                               uint64_t factor = block_size/bsize;
                                 bsize = block_size;
                                 dsize /= factor;
                                 dfree /= factor;
                         }
                         if (bsize > block_size) {
-                               SMB_BIG_UINT factor = bsize/block_size;
+                               uint64_t factor = bsize/block_size;
                                 bsize = block_size;
                                 dsize *= factor;
                                 dfree *= factor;
@@ -2583,21 +2774,21 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
  
                 case SMB_FS_FULL_SIZE_INFORMATION:
                 {
-                       SMB_BIG_UINT dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
+                       uint64_t dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
                         data_len = 32;
-                       if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
+                       if (get_dfree_info(conn,".",False,&bsize,&dfree,&dsize) == (uint64_t)-1) {
                                 reply_unixerror(req, ERRHRD, ERRgeneral);
                                 return;
                         }
                         block_size = lp_block_size(snum);
                         if (bsize < block_size) {
-                               SMB_BIG_UINT factor = block_size/bsize;
+                               uint64_t factor = block_size/bsize;
                                 bsize = block_size;
                                 dsize /= factor;
                                 dfree /= factor;
                         }
                         if (bsize > block_size) {
-                               SMB_BIG_UINT factor = bsize/block_size;
+                               uint64_t factor = bsize/block_size;
                                 bsize = block_size;
                                 dsize *= factor;
                                 dfree *= factor;
@@ -2628,8 +2819,8 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                  * what we have to send --metze:
                  *
                  * Unknown1:            24 NULL bytes
-                * Soft Quota Treshold: 8 bytes seems like SMB_BIG_UINT or so
-                * Hard Quota Limit:    8 bytes seems like SMB_BIG_UINT or so
+                * Soft Quota Treshold: 8 bytes seems like uint64_t or so
+                * Hard Quota Limit:    8 bytes seems like uint64_t or so
                  * Quota Flags:         2 byte :
                  * Unknown3:            6 NULL bytes
                  *
@@ -2657,9 +2848,11 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                         fsp.fnum = -1;
                         
                         /* access check */
-                       if (current_user.ut.uid != 0) {
-                               DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
-                                       lp_servicename(SNUM(conn)),conn->user));
+                       if (conn->server_info->utok.uid != 0) {
+                               DEBUG(0,("set_user_quota: access_denied "
+                                        "service [%s] user [%s]\n",
+                                        lp_servicename(SNUM(conn)),
+                                        conn->server_info->unix_name));
                                 reply_doserror(req, ERRDOS, ERRnoaccess);
                                 return;
                         }
@@ -2675,9 +2868,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                         DEBUG(10,("SMB_FS_QUOTA_INFORMATION: for service [%s]\n",lp_servicename(SNUM(conn))));          
                 
                         /* Unknown1 24 NULL bytes*/
-                       SBIG_UINT(pdata,0,(SMB_BIG_UINT)0);
-                       SBIG_UINT(pdata,8,(SMB_BIG_UINT)0);
-                       SBIG_UINT(pdata,16,(SMB_BIG_UINT)0);
+                       SBIG_UINT(pdata,0,(uint64_t)0);
+                       SBIG_UINT(pdata,8,(uint64_t)0);
+                       SBIG_UINT(pdata,16,(uint64_t)0);
                 
                         /* Default Soft Quota 8 bytes */
                         SBIG_UINT(pdata,24,quotas.softlim);
@@ -2698,7 +2891,14 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                 case SMB_FS_OBJECTID_INFORMATION:
                 {
                         unsigned char objid[16];
+                       struct smb_extended_info extended_info;
                         memcpy(pdata,create_volume_objectid(conn, objid),16);
+                       samba_extended_info_version (&extended_info);
+                       SIVAL(pdata,16,extended_info.samba_magic);
+                       SIVAL(pdata,20,extended_info.samba_version);
+                       SIVAL(pdata,24,extended_info.samba_subversion);
+                       SBIG_UINT(pdata,28,extended_info.samba_gitcommitdate);
+                       memcpy(pdata+36,extended_info.samba_version_string,28);
                         data_len = 64;
                         break;
                 }
@@ -2743,7 +2943,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                         /* We have POSIX ACLs, pathname, encryption, 
                          * large read/write, and locking capability. */
  
-                       SBIG_UINT(pdata,4,((SMB_BIG_UINT)(
+                       SBIG_UINT(pdata,4,((uint64_t)(
                                         CIFS_UNIX_POSIX_ACLS_CAP|
                                         CIFS_UNIX_POSIX_PATHNAMES_CAP|
                                         CIFS_UNIX_FCNTL_LOCKS_CAP|
@@ -2812,7 +3012,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                          * in our list of SIDs.
                          */
                         if (nt_token_check_sid(&global_sid_Builtin_Guests,
-                                   current_user.nt_user_token)) {
+                                              conn->server_info->ptok)) {
                                 flags |= SMB_WHOAMI_GUEST;
                         }
  
@@ -2820,7 +3020,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                          * is in our list of SIDs.
                          */
                         if (nt_token_check_sid(&global_sid_Authenticated_Users,
-                                   current_user.nt_user_token)) {
+                                              conn->server_info->ptok)) {
                                 flags &= ~SMB_WHOAMI_GUEST;
                         }
  
@@ -2836,16 +3036,18 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                             + 4 /* num_sids */
                             + 4 /* SID bytes */
                             + 4 /* pad/reserved */
-                           + (current_user.ut.ngroups * 8)
+                           + (conn->server_info->utok.ngroups * 8)
                                 /* groups list */
-                           + (current_user.nt_user_token->num_sids *
+                           + (conn->server_info->ptok->num_sids *
                                     SID_MAX_SIZE)
                                 /* SID list */;
  
                         SIVAL(pdata, 0, flags);
                         SIVAL(pdata, 4, SMB_WHOAMI_MASK);
-                       SBIG_UINT(pdata, 8, (SMB_BIG_UINT)current_user.ut.uid);
-                       SBIG_UINT(pdata, 16, (SMB_BIG_UINT)current_user.ut.gid);
+                       SBIG_UINT(pdata, 8,
+                                 (uint64_t)conn->server_info->utok.uid);
+                       SBIG_UINT(pdata, 16,
+                                 (uint64_t)conn->server_info->utok.gid);
  
  
                         if (data_len >= max_data_bytes) {
@@ -2860,18 +3062,18 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                                 break;
                         }
  
-                       SIVAL(pdata, 24, current_user.ut.ngroups);
-                       SIVAL(pdata, 28,
-                               current_user.nt_user_token->num_sids);
+                       SIVAL(pdata, 24, conn->server_info->utok.ngroups);
+                       SIVAL(pdata, 28, conn->server_info->num_sids);
  
                         /* We walk the SID list twice, but this call is fairly
                          * infrequent, and I don't expect that it's performance
                          * sensitive -- jpeach
                          */
                         for (i = 0, sid_bytes = 0;
-                           i < current_user.nt_user_token->num_sids; ++i) {
+                            i < conn->server_info->ptok->num_sids; ++i) {
                                 sid_bytes += ndr_size_dom_sid(
-                                       &current_user.nt_user_token->user_sids[i], 0);
+                                       &conn->server_info->ptok->user_sids[i],
+                                       0);
                         }
  
                         /* SID list byte count */
@@ -2882,20 +3084,21 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                         data_len = 40;
  
                         /* GID list */
-                       for (i = 0; i < current_user.ut.ngroups; ++i) {
+                       for (i = 0; i < conn->server_info->utok.ngroups; ++i) {
                                 SBIG_UINT(pdata, data_len,
-                                       (SMB_BIG_UINT)current_user.ut.groups[i]);
+                                         (uint64_t)conn->server_info->utok.groups[i]);
                                 data_len += 8;
                         }
  
                         /* SID list */
                         for (i = 0;
-                           i < current_user.nt_user_token->num_sids; ++i) {
+                           i < conn->server_info->ptok->num_sids; ++i) {
                                 int sid_len = ndr_size_dom_sid(
-                                       &current_user.nt_user_token->user_sids[i], 0);
+                                       &conn->server_info->ptok->user_sids[i],
+                                       0);
  
                                 sid_linearize(pdata + data_len, sid_len,
-                                   &current_user.nt_user_token->user_sids[i]);
+                                   &conn->server_info->ptok->user_sids[i]);
                                 data_len += sid_len;
                         }
  
@@ -2923,7 +3126,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                             max_data_bytes);
  
         DEBUG( 4, ( "%s info_level = %d\n",
-                   smb_fn_name(CVAL(req->inbuf,smb_com)), info_level) );
+                   smb_fn_name(req->cmd), info_level) );
  
         return;
  }
@@ -3048,7 +3251,7 @@ cap_low = 0x%x, cap_high = 0x%x\n",
                                 }
  
                                 DEBUG( 4,("call_trans2setfsinfo: "
-                                       "request transport encrption.\n"));
+                                       "request transport encryption.\n"));
  
                                 status = srv_request_encryption_setup(conn,
                                                                 (unsigned char **)ppdata,
@@ -3090,9 +3293,11 @@ cap_low = 0x%x, cap_high = 0x%x\n",
                                 ZERO_STRUCT(quotas);
  
                                 /* access check */
-                               if ((current_user.ut.uid != 0)||!CAN_WRITE(conn)) {
+                               if ((conn->server_info->utok.uid != 0)
+                                   ||!CAN_WRITE(conn)) {
                                         DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
-                                               lp_servicename(SNUM(conn)),conn->user));
+                                                lp_servicename(SNUM(conn)),
+                                                conn->server_info->unix_name));
                                         reply_doserror(req, ERRSRV, ERRaccess);
                                         return;
                                 }
@@ -3101,8 +3306,10 @@ cap_low = 0x%x, cap_high = 0x%x\n",
                                  * but we didn't use the last 6 bytes for now 
                                  * --metze 
                                  */
-                               fsp = file_fsp(SVAL(params,0));
-                               if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
+                               fsp = file_fsp(req, SVAL(params,0));
+
+                               if (!check_fsp_ntquota_handle(conn, req,
+                                                             fsp)) {
                                         DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
                                         reply_nterror(
                                                 req, NT_STATUS_INVALID_HANDLE);
@@ -3120,10 +3327,10 @@ cap_low = 0x%x, cap_high = 0x%x\n",
                         
                                 /* unknown_1 24 NULL bytes in pdata*/
                 
-                               /* the soft quotas 8 bytes (SMB_BIG_UINT)*/
-                               quotas.softlim = (SMB_BIG_UINT)IVAL(pdata,24);
+                               /* the soft quotas 8 bytes (uint64_t)*/
+                               quotas.softlim = (uint64_t)IVAL(pdata,24);
  #ifdef LARGE_SMB_OFF_T
-                               quotas.softlim |= (((SMB_BIG_UINT)IVAL(pdata,28)) << 32);
+                               quotas.softlim |= (((uint64_t)IVAL(pdata,28)) << 32);
  #else /* LARGE_SMB_OFF_T */
                                 if ((IVAL(pdata,28) != 0)&&
                                         ((quotas.softlim != 0xFFFFFFFF)||
@@ -3136,10 +3343,10 @@ cap_low = 0x%x, cap_high = 0x%x\n",
                                 }
  #endif /* LARGE_SMB_OFF_T */
                 
-                               /* the hard quotas 8 bytes (SMB_BIG_UINT)*/
-                               quotas.hardlim = (SMB_BIG_UINT)IVAL(pdata,32);
+                               /* the hard quotas 8 bytes (uint64_t)*/
+                               quotas.hardlim = (uint64_t)IVAL(pdata,32);
  #ifdef LARGE_SMB_OFF_T
-                               quotas.hardlim |= (((SMB_BIG_UINT)IVAL(pdata,36)) << 32);
+                               quotas.hardlim |= (((uint64_t)IVAL(pdata,36)) << 32);
  #else /* LARGE_SMB_OFF_T */
                                 if ((IVAL(pdata,36) != 0)&&
                                         ((quotas.hardlim != 0xFFFFFFFF)||
@@ -3473,6 +3680,72 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
         return pdata;
  }
  
+static NTSTATUS marshall_stream_info(unsigned int num_streams,
+                                    const struct stream_struct *streams,
+                                    char *data,
+                                    unsigned int max_data_bytes,
+                                    unsigned int *data_size)
+{
+       unsigned int i;
+       unsigned int ofs = 0;
+
+       for (i=0; i<num_streams; i++) {
+               unsigned int next_offset;
+               size_t namelen;
+               smb_ucs2_t *namebuf;
+
+               if (!push_ucs2_talloc(talloc_tos(), &namebuf,
+                                     streams[i].name, &namelen) ||
+                   namelen <= 2)
+               {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               /*
+                * name_buf is now null-terminated, we need to marshall as not
+                * terminated
+                */
+
+               namelen -= 2;
+
+               if (ofs + 24 + namelen > max_data_bytes) {
+                       TALLOC_FREE(namebuf);
+                       return NT_STATUS_BUFFER_TOO_SMALL;
+               }
+
+               SIVAL(data, ofs+4, namelen);
+               SOFF_T(data, ofs+8, streams[i].size);
+               SOFF_T(data, ofs+16, streams[i].alloc_size);
+               memcpy(data+ofs+24, namebuf, namelen);
+               TALLOC_FREE(namebuf);
+
+               next_offset = ofs + 24 + namelen;
+
+               if (i == num_streams-1) {
+                       SIVAL(data, ofs, 0);
+               }
+               else {
+                       unsigned int align = ndr_align_size(next_offset, 8);
+
+                       if (next_offset + align > max_data_bytes) {
+                               return NT_STATUS_BUFFER_TOO_SMALL;
+                       }
+
+                       memset(data+next_offset, 0, align);
+                       next_offset += align;
+
+                       SIVAL(data, ofs, next_offset - ofs);
+                       ofs = next_offset;
+               }
+
+               ofs = next_offset;
+       }
+
+       *data_size = ofs;
+
+       return NT_STATUS_OK;
+}
+
  /****************************************************************************
   Reply to a TRANSACT2_QFILEINFO on a PIPE !
  ****************************************************************************/
@@ -3489,7 +3762,7 @@ static void call_trans2qpipeinfo(connection_struct *conn,
         unsigned int data_size = 0;
         unsigned int param_size = 2;
         uint16 info_level;
-       smb_np_struct *p_pipe = NULL;
+       files_struct *fsp;
  
         if (!params) {
                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -3501,8 +3774,8 @@ static void call_trans2qpipeinfo(connection_struct *conn,
                 return;
         }
  
-       p_pipe = get_rpc_pipe_p(SVAL(params,0));
-       if (p_pipe == NULL) {
+       fsp = file_fsp(req, SVAL(params,0));
+       if (!fsp_is_np(fsp)) {
                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
                 return;
         }
@@ -3563,7 +3836,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
         int mode=0;
         int nlink;
         SMB_OFF_T file_size=0;
-       SMB_BIG_UINT allocation_size=0;
+       uint64_t allocation_size=0;
         unsigned int data_size = 0;
         unsigned int param_size = 2;
         SMB_STRUCT_STAT sbuf;
@@ -3577,11 +3850,12 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
         int len;
         time_t create_time, mtime, atime;
         struct timespec create_time_ts, mtime_ts, atime_ts;
+       struct timespec write_time_ts;
         files_struct *fsp = NULL;
         struct file_id fileid;
         struct ea_list *ea_list = NULL;
-       uint32 access_mask = 0x12019F; /* Default - GENERIC_EXECUTE mapping from Windows */
         char *lock_data = NULL;
+       bool ms_dfs_link = false;
         TALLOC_CTX *ctx = talloc_tos();
  
         if (!params) {
@@ -3590,6 +3864,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
         }
  
         ZERO_STRUCT(sbuf);
+       ZERO_STRUCT(write_time_ts);
  
         if (tran_call == TRANSACT2_QFILEINFO) {
                 if (total_params < 4) {
@@ -3605,7 +3880,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
                         return;
                 }
  
-               fsp = file_fsp(SVAL(params,0));
+               fsp = file_fsp(req, SVAL(params,0));
                 info_level = SVAL(params,2);
  
                 DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = %d\n", info_level));
@@ -3616,7 +3891,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
                 }
  
                 /* Initial check for valid fsp ptr. */
-               if (!check_fsp_open(conn, req, fsp, &current_user)) {
+               if (!check_fsp_open(conn, req, fsp)) {
                         return;
                 }
  
@@ -3654,12 +3929,12 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
                         }
  
                         fileid = vfs_file_id_from_sbuf(conn, &sbuf);
-                       delete_pending = get_delete_on_close_flag(fileid);
+                       get_file_infos(fileid, &delete_pending, &write_time_ts);
                 } else {
                         /*
                          * Original code - this is an open file.
                          */
-                       if (!check_fsp(conn, req, fsp, &current_user)) {
+                       if (!check_fsp(conn, req, fsp)) {
                                 return;
                         }
  
@@ -3670,8 +3945,7 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
                         }
                         pos = fsp->fh->position_information;
                         fileid = vfs_file_id_from_sbuf(conn, &sbuf);
-                       delete_pending = get_delete_on_close_flag(fileid);
-                       access_mask = fsp->access_mask;
+                       get_file_infos(fileid, &delete_pending, &write_time_ts);
                 }
  
         } else {
@@ -3727,6 +4001,46 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
                         return;
                 }
  
+               if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
+                   && is_ntfs_stream_name(fname)) {
+                       char *base;
+                       SMB_STRUCT_STAT bsbuf;
+
+                       status = split_ntfs_stream_name(talloc_tos(), fname,
+                                                       &base, NULL);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DEBUG(10, ("create_file_unixpath: "
+                                       "split_ntfs_stream_name failed: %s\n",
+                                       nt_errstr(status)));
+                               reply_nterror(req, status);
+                               return;
+                       }
+
+                       SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
+
+                       if (INFO_LEVEL_IS_UNIX(info_level)) {
+                               /* Always do lstat for UNIX calls. */
+                               if (SMB_VFS_LSTAT(conn,base,&bsbuf)) {
+                                       DEBUG(3,("call_trans2qfilepathinfo: SMB_VFS_LSTAT of %s failed (%s)\n",base,strerror(errno)));
+                                       reply_unixerror(req,ERRDOS,ERRbadpath);
+                                       return;
+                               }
+                       } else {
+                               if (SMB_VFS_STAT(conn,base,&bsbuf) != 0) {
+                                       DEBUG(3,("call_trans2qfilepathinfo: fileinfo of %s failed (%s)\n",base,strerror(errno)));
+                                       reply_unixerror(req,ERRDOS,ERRbadpath);
+                                       return;
+                               }
+                       }
+
+                       fileid = vfs_file_id_from_sbuf(conn, &bsbuf);
+                       get_file_infos(fileid, &delete_pending, NULL);
+                       if (delete_pending) {
+                               reply_nterror(req, NT_STATUS_DELETE_PENDING);
+                               return;
+                       }
+               }
+
                 if (INFO_LEVEL_IS_UNIX(info_level)) {
                         /* Always do lstat for UNIX calls. */
                         if (SMB_VFS_LSTAT(conn,fname,&sbuf)) {
@@ -3734,31 +4048,25 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
                                 reply_unixerror(req, ERRDOS, ERRbadpath);
                                 return;
                         }
+
                 } else if (!VALID_STAT(sbuf) && SMB_VFS_STAT(conn,fname,&sbuf) && (info_level != SMB_INFO_IS_NAME_VALID)) {
-                       DEBUG(3,("call_trans2qfilepathinfo: SMB_VFS_STAT of %s failed (%s)\n",fname,strerror(errno)));
-                       reply_unixerror(req, ERRDOS, ERRbadpath);
-                       return;
+                       ms_dfs_link = check_msdfs_link(conn,fname,&sbuf);
+
+                       if (!ms_dfs_link) {
+                               DEBUG(3,("call_trans2qfilepathinfo: SMB_VFS_STAT of %s failed (%s)\n",fname,strerror(errno)));
+                               reply_unixerror(req, ERRDOS, ERRbadpath);
+                               return;
+                       }
                 }
  
                 fileid = vfs_file_id_from_sbuf(conn, &sbuf);
-               delete_pending = get_delete_on_close_flag(fileid);
+               get_file_infos(fileid, &delete_pending, &write_time_ts);
                 if (delete_pending) {
                         reply_nterror(req, NT_STATUS_DELETE_PENDING);
                         return;
                 }
         }
  
-       nlink = sbuf.st_nlink;
-
-       if ((nlink > 0) && S_ISDIR(sbuf.st_mode)) {
-               /* NTFS does not seem to count ".." */
-               nlink -= 1;
-       }
-
-       if ((nlink > 0) && delete_pending) {
-               nlink -= 1;
-       }
-
         if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
                 return;
@@ -3773,10 +4081,24 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
         else
                 base_name = p+1;
  
-       mode = dos_mode(conn,fname,&sbuf);
+       if (ms_dfs_link) {
+               mode = dos_mode_msdfs(conn,fname,&sbuf);
+       } else {
+               mode = dos_mode(conn,fname,&sbuf);
+       }
         if (!mode)
                 mode = FILE_ATTRIBUTE_NORMAL;
  
+       nlink = sbuf.st_nlink;
+
+       if (nlink && (mode&aDIR)) {
+               nlink = 1;
+       }
+
+       if ((nlink > 0) && delete_pending) {
+               nlink -= 1;
+       }
+
         fullpathname = fname;
         if (!(mode & aDIR))
                 file_size = get_file_size(sbuf);
@@ -3867,25 +4189,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
  
         allocation_size = get_allocation_size(conn,fsp,&sbuf);
  
-       if (fsp) {
-               if (!null_timespec(fsp->pending_modtime)) {
-                       /* the pending modtime overrides the current modtime */
-                       mtime_ts = fsp->pending_modtime;
-               }
-       } else {
-               files_struct *fsp1;
+       if (!fsp) {
                 /* Do we have this path open ? */
+               files_struct *fsp1;
                 fileid = vfs_file_id_from_sbuf(conn, &sbuf);
                 fsp1 = file_find_di_first(fileid);
-               if (fsp1 && !null_timespec(fsp1->pending_modtime)) {
-                       /* the pending modtime overrides the current modtime */
-                       mtime_ts = fsp1->pending_modtime;
-               }
                 if (fsp1 && fsp1->initial_allocation_size) {
                         allocation_size = get_allocation_size(conn, fsp1, &sbuf);
                 }
         }
  
+       if (!null_timespec(write_time_ts) && !INFO_LEVEL_IS_UNIX(info_level)) {
+               mtime_ts = write_time_ts;
+       }
+
         if (lp_dos_filetime_resolution(SNUM(conn))) {
                 dos_filetime_timespec(&create_time_ts);
                 dos_filetime_timespec(&mtime_ts);
@@ -4132,7 +4449,12 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
  
                 case SMB_FILE_ACCESS_INFORMATION:
                         DEBUG(10,("call_trans2qfilepathinfo: SMB_FILE_ACCESS_INFORMATION\n"));
-                       SIVAL(pdata,0,access_mask);
+                       if (fsp) {
+                               SIVAL(pdata,0,fsp->access_mask);
+                       } else {
+                               /* GENERIC_EXECUTE mapping from Windows */
+                               SIVAL(pdata,0,0x12019F);
+                       }
                         data_size = 4;
                         break;
  
@@ -4171,28 +4493,49 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
                         data_size = 4;
                         break;
  
-#if 0
                 /*
-                * NT4 server just returns "invalid query" to this - if we try to answer
-                * it then NTws gets a BSOD! (tridge).
-                * W2K seems to want this. JRA.
+                * NT4 server just returns "invalid query" to this - if we try
+                * to answer it then NTws gets a BSOD! (tridge).  W2K seems to
+                * want this. JRA.
+                */
+               /* The first statement above is false - verified using Thursby
+                * client against NT4 -- gcolley.
                  */
                 case SMB_QUERY_FILE_STREAM_INFO:
-#endif
-               case SMB_FILE_STREAM_INFORMATION:
-                       DEBUG(10,("call_trans2qfilepathinfo: SMB_FILE_STREAM_INFORMATION\n"));
-                       if (mode & aDIR) {
-                               data_size = 0;
-                       } else {
-                               size_t byte_len = dos_PutUniCode(pdata+24,"::$DATA", (size_t)0xE, False);
-                               SIVAL(pdata,0,0); /* ??? */
-                               SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */
-                               SOFF_T(pdata,8,file_size);
-                               SOFF_T(pdata,16,allocation_size);
-                               data_size = 24 + byte_len;
+               case SMB_FILE_STREAM_INFORMATION: {
+                       unsigned int num_streams;
+                       struct stream_struct *streams;
+                       NTSTATUS status;
+
+                       DEBUG(10,("call_trans2qfilepathinfo: "
+                                 "SMB_FILE_STREAM_INFORMATION\n"));
+
+                       status = SMB_VFS_STREAMINFO(
+                               conn, fsp, fname, talloc_tos(),
+                               &num_streams, &streams);
+
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DEBUG(10, ("could not get stream info: %s\n",
+                                          nt_errstr(status)));
+                               reply_nterror(req, status);
+                               return;
                         }
-                       break;
  
+                       status = marshall_stream_info(num_streams, streams,
+                                                     pdata, max_data_bytes,
+                                                     &data_size);
+
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DEBUG(10, ("marshall_stream_info failed: %s\n",
+                                          nt_errstr(status)));
+                               reply_nterror(req, status);
+                               return;
+                       }
+
+                       TALLOC_FREE(streams);
+
+                       break;
+               }
                 case SMB_QUERY_COMPRESSION_INFO:
                 case SMB_FILE_COMPRESSION_INFORMATION:
                         DEBUG(10,("call_trans2qfilepathinfo: SMB_FILE_COMPRESSION_INFORMATION\n"));
@@ -4390,8 +4733,8 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
                 case SMB_QUERY_POSIX_LOCK:
                 {
                         NTSTATUS status = NT_STATUS_INVALID_LEVEL;
-                       SMB_BIG_UINT count;
-                       SMB_BIG_UINT offset;
+                       uint64_t count;
+                       uint64_t offset;
                         uint32 lock_pid;
                         enum brl_type lock_type;
  
@@ -4419,13 +4762,13 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
  
                         lock_pid = IVAL(pdata, POSIX_LOCK_PID_OFFSET);
  #if defined(HAVE_LONGLONG)
-                       offset = (((SMB_BIG_UINT) IVAL(pdata,(POSIX_LOCK_START_OFFSET+4))) << 32) |
-                                       ((SMB_BIG_UINT) IVAL(pdata,POSIX_LOCK_START_OFFSET));
-                       count = (((SMB_BIG_UINT) IVAL(pdata,(POSIX_LOCK_LEN_OFFSET+4))) << 32) |
-                                       ((SMB_BIG_UINT) IVAL(pdata,POSIX_LOCK_LEN_OFFSET));
+                       offset = (((uint64_t) IVAL(pdata,(POSIX_LOCK_START_OFFSET+4))) << 32) |
+                                       ((uint64_t) IVAL(pdata,POSIX_LOCK_START_OFFSET));
+                       count = (((uint64_t) IVAL(pdata,(POSIX_LOCK_LEN_OFFSET+4))) << 32) |
+                                       ((uint64_t) IVAL(pdata,POSIX_LOCK_LEN_OFFSET));
  #else /* HAVE_LONGLONG */
-                       offset = (SMB_BIG_UINT)IVAL(pdata,POSIX_LOCK_START_OFFSET);
-                       count = (SMB_BIG_UINT)IVAL(pdata,POSIX_LOCK_LEN_OFFSET);
+                       offset = (uint64_t)IVAL(pdata,POSIX_LOCK_START_OFFSET);
+                       count = (uint64_t)IVAL(pdata,POSIX_LOCK_LEN_OFFSET);
  #endif /* HAVE_LONGLONG */
  
                         status = query_lock(fsp,
@@ -4554,12 +4897,12 @@ NTSTATUS hardlink_internals(TALLOC_CTX *ctx,
   Deal with setting the time from any of the setfilepathinfo functions.
  ****************************************************************************/
  
-static NTSTATUS smb_set_file_time(connection_struct *conn,
-                               files_struct *fsp,
-                               const char *fname,
-                               const SMB_STRUCT_STAT *psbuf,
-                               struct timespec ts[2],
-                               bool setting_write_time)
+NTSTATUS smb_set_file_time(connection_struct *conn,
+                          files_struct *fsp,
+                          const char *fname,
+                          const SMB_STRUCT_STAT *psbuf,
+                          struct timespec ts[2],
+                          bool setting_write_time)
  {
         uint32 action =
                 FILE_NOTIFY_CHANGE_LAST_ACCESS
@@ -4601,7 +4944,7 @@ static NTSTATUS smb_set_file_time(connection_struct *conn,
                 }
         }
  
-       if(fsp != NULL) {
+       if (setting_write_time) {
                 /*
                  * This was a setfileinfo on an open file.
                  * NT does this a lot. We also need to 
@@ -4612,15 +4955,28 @@ static NTSTATUS smb_set_file_time(connection_struct *conn,
                  * away and will set it on file close and after a write. JRA.
                  */
  
-               if (!null_timespec(ts[1])) {
-                       DEBUG(10,("smb_set_file_time: setting pending modtime to %s\n",
-                               time_to_asc(convert_timespec_to_time_t(ts[1])) ));
-                       fsp_set_pending_modtime(fsp, ts[1]);
-               }
+               DEBUG(10,("smb_set_file_time: setting pending modtime to %s\n",
+                         time_to_asc(convert_timespec_to_time_t(ts[1])) ));
  
+               if (fsp != NULL) {
+                       if (fsp->base_fsp) {
+                               set_sticky_write_time_fsp(fsp->base_fsp, ts[1]);
+                       } else {
+                               set_sticky_write_time_fsp(fsp, ts[1]);
+                       }
+               } else {
+                       set_sticky_write_time_path(conn, fname,
+                                           vfs_file_id_from_sbuf(conn, psbuf),
+                                           ts[1]);
+               }
         }
+
         DEBUG(10,("smb_set_file_time: setting utimes to modified values.\n"));
  
+       if (fsp && fsp->base_fsp) {
+               fname = fsp->base_fsp->fsp_name;
+       }
+
         if(file_ntimes(conn, fname, ts)!=0) {
                 return map_nt_error_from_unix(errno);
         }
@@ -4699,18 +5055,30 @@ static NTSTATUS smb_set_file_size(connection_struct *conn,
                 if (vfs_set_filelen(fsp, size) == -1) {
                         return map_nt_error_from_unix(errno);
                 }
+               trigger_write_time_update_immediate(fsp);
                 return NT_STATUS_OK;
         }
  
-       status = open_file_ntcreate(conn, req, fname, psbuf,
-                               FILE_WRITE_DATA,
-                               FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-                               FILE_OPEN,
-                               0,
-                               FILE_ATTRIBUTE_NORMAL,
-                               FORCE_OPLOCK_BREAK_TO_NONE,
-                               NULL, &new_fsp);
-       
+        status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               req,                                    /* req */
+               0,                                      /* root_dir_fid */
+               fname,                                  /* fname */
+               0,                                      /* create_file_flags */
+               FILE_WRITE_ATTRIBUTES,                  /* access_mask */
+               (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
+                   FILE_SHARE_DELETE),
+               FILE_OPEN,                              /* create_disposition*/
+               0,                                      /* create_options */
+               FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
+               FORCE_OPLOCK_BREAK_TO_NONE,             /* oplock_request */
+               0,                                      /* allocation_size */
+               NULL,                                   /* sd */
+               NULL,                                   /* ea_list */
+               &new_fsp,                               /* result */
+               NULL,                                   /* pinfo */
+               psbuf);                                 /* psbuf */
+
         if (!NT_STATUS_IS_OK(status)) {
                 /* NB. We check for open_was_deferred in the caller. */
                 return status;
@@ -4718,11 +5086,12 @@ static NTSTATUS smb_set_file_size(connection_struct *conn,
  
         if (vfs_set_filelen(new_fsp, size) == -1) {
                 status = map_nt_error_from_unix(errno);
-               close_file(new_fsp,NORMAL_CLOSE);
+               close_file(req, new_fsp,NORMAL_CLOSE);
                 return status;
         }
  
-       close_file(new_fsp,NORMAL_CLOSE);
+       trigger_write_time_update_immediate(new_fsp);
+       close_file(req, new_fsp,NORMAL_CLOSE);
         return NT_STATUS_OK;
  }
  
@@ -4759,17 +5128,12 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       ctx = talloc_init("SMB_INFO_SET_EA");
-       if (!ctx) {
-               return NT_STATUS_NO_MEMORY;
-       }
+       ctx = talloc_tos();
         ea_list = read_ea_list(ctx, pdata + 4, total_data - 4);
         if (!ea_list) {
-               talloc_destroy(ctx);
                 return NT_STATUS_INVALID_PARAMETER;
         }
         status = set_ea(conn, fsp, fname, ea_list);
-       talloc_destroy(ctx);
  
         return status;
  }
@@ -4813,7 +5177,8 @@ static NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
         }
  
         /* The set is across all open files on this dev/inode pair. */
-       if (!set_delete_on_close(fsp, delete_on_close, &current_user.ut)) {
+       if (!set_delete_on_close(fsp, delete_on_close,
+                                &conn->server_info->utok)) {
                 return NT_STATUS_ACCESS_DENIED;
         }
         return NT_STATUS_OK;
@@ -4828,7 +5193,7 @@ static NTSTATUS smb_file_position_information(connection_struct *conn,
                                 int total_data,
                                 files_struct *fsp)
  {
-       SMB_BIG_UINT position_information;
+       uint64_t position_information;
  
         if (total_data < 8) {
                 return NT_STATUS_INVALID_PARAMETER;
@@ -4839,9 +5204,9 @@ static NTSTATUS smb_file_position_information(connection_struct *conn,
                 return NT_STATUS_OK;
         }
  
-       position_information = (SMB_BIG_UINT)IVAL(pdata,0);
+       position_information = (uint64_t)IVAL(pdata,0);
  #ifdef LARGE_SMB_OFF_T
-       position_information |= (((SMB_BIG_UINT)IVAL(pdata,4)) << 32);
+       position_information |= (((uint64_t)IVAL(pdata,4)) << 32);
  #else /* LARGE_SMB_OFF_T */
         if (IVAL(pdata,4) != 0) {
                 /* more than 32 bits? */
@@ -5049,26 +5414,42 @@ static NTSTATUS smb_file_rename_information(connection_struct *conn,
                 return NT_STATUS_NOT_SUPPORTED;
         }
  
-       /* Create the base directory. */
-       base_name = talloc_strdup(ctx, fname);
-       if (!base_name) {
-               return NT_STATUS_NO_MEMORY;
-       }
-       p = strrchr_m(base_name, '/');
-       if (p) {
-               p[1] = '\0';
+       if (fsp && fsp->base_fsp) {
+               if (newname[0] != ':') {
+                       return NT_STATUS_NOT_SUPPORTED;
+               }
+               base_name = talloc_asprintf(ctx, "%s%s",
+                                          fsp->base_fsp->fsp_name,
+                                          newname);
+               if (!base_name) {
+                       return NT_STATUS_NO_MEMORY;
+               }
         } else {
-               base_name = talloc_strdup(ctx, "./");
+               if (is_ntfs_stream_name(newname)) {
+                       return NT_STATUS_NOT_SUPPORTED;
+               }
+
+               /* Create the base directory. */
+               base_name = talloc_strdup(ctx, fname);
+               if (!base_name) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               p = strrchr_m(base_name, '/');
+               if (p) {
+                       p[1] = '\0';
+               } else {
+                       base_name = talloc_strdup(ctx, "./");
+                       if (!base_name) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
+               }
+               /* Append the new name. */
+               base_name = talloc_asprintf_append(base_name,
+                               "%s",
+                               newname);
                 if (!base_name) {
                         return NT_STATUS_NO_MEMORY;
                 }
-       }
-       /* Append the new name. */
-       base_name = talloc_asprintf_append(base_name,
-                       "%s",
-                       newname);
-       if (!base_name) {
-               return NT_STATUS_NO_MEMORY;
         }
  
         if (fsp) {
@@ -5100,7 +5481,8 @@ static NTSTATUS smb_file_rename_information(connection_struct *conn,
                 DEBUG(10,("smb_file_rename_information: SMB_FILE_RENAME_INFORMATION %s -> %s\n",
                         fname, base_name ));
                 status = rename_internals(ctx, conn, req, fname, base_name, 0,
-                                         overwrite, False, dest_has_wcard);
+                                       overwrite, False, dest_has_wcard,
+                                       FILE_WRITE_ATTRIBUTES);
         }
  
         return status;
@@ -5174,13 +5556,13 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
  ****************************************************************************/
  
  static NTSTATUS smb_set_posix_lock(connection_struct *conn,
-                               const struct smb_request *req,
+                               struct smb_request *req,
                                 const char *pdata,
                                 int total_data,
                                 files_struct *fsp)
  {
-       SMB_BIG_UINT count;
-       SMB_BIG_UINT offset;
+       uint64_t count;
+       uint64_t offset;
         uint32 lock_pid;
         bool blocking_lock = False;
         enum brl_type lock_type;
@@ -5227,13 +5609,13 @@ static NTSTATUS smb_set_posix_lock(connection_struct *conn,
  
         lock_pid = IVAL(pdata, POSIX_LOCK_PID_OFFSET);
  #if defined(HAVE_LONGLONG)
-       offset = (((SMB_BIG_UINT) IVAL(pdata,(POSIX_LOCK_START_OFFSET+4))) << 32) |
-                       ((SMB_BIG_UINT) IVAL(pdata,POSIX_LOCK_START_OFFSET));
-       count = (((SMB_BIG_UINT) IVAL(pdata,(POSIX_LOCK_LEN_OFFSET+4))) << 32) |
-                       ((SMB_BIG_UINT) IVAL(pdata,POSIX_LOCK_LEN_OFFSET));
+       offset = (((uint64_t) IVAL(pdata,(POSIX_LOCK_START_OFFSET+4))) << 32) |
+                       ((uint64_t) IVAL(pdata,POSIX_LOCK_START_OFFSET));
+       count = (((uint64_t) IVAL(pdata,(POSIX_LOCK_LEN_OFFSET+4))) << 32) |
+                       ((uint64_t) IVAL(pdata,POSIX_LOCK_LEN_OFFSET));
  #else /* HAVE_LONGLONG */
-       offset = (SMB_BIG_UINT)IVAL(pdata,POSIX_LOCK_START_OFFSET);
-       count = (SMB_BIG_UINT)IVAL(pdata,POSIX_LOCK_LEN_OFFSET);
+       offset = (uint64_t)IVAL(pdata,POSIX_LOCK_START_OFFSET);
+       count = (uint64_t)IVAL(pdata,POSIX_LOCK_LEN_OFFSET);
  #endif /* HAVE_LONGLONG */
  
         DEBUG(10,("smb_set_posix_lock: file %s, lock_type = %u,"
@@ -5406,7 +5788,7 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn,
                                         const char *fname,
                                         SMB_STRUCT_STAT *psbuf)
  {
-       SMB_BIG_UINT allocation_size = 0;
+       uint64_t allocation_size = 0;
         NTSTATUS status = NT_STATUS_OK;
         files_struct *new_fsp = NULL;
  
@@ -5418,9 +5800,9 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       allocation_size = (SMB_BIG_UINT)IVAL(pdata,0);
+       allocation_size = (uint64_t)IVAL(pdata,0);
  #ifdef LARGE_SMB_OFF_T
-       allocation_size |= (((SMB_BIG_UINT)IVAL(pdata,4)) << 32);
+       allocation_size |= (((uint64_t)IVAL(pdata,4)) << 32);
  #else /* LARGE_SMB_OFF_T */
         if (IVAL(pdata,4) != 0) {
                 /* more than 32 bits? */
@@ -5447,27 +5829,35 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn,
                         }
                 }
                 /* But always update the time. */
-               if (null_timespec(fsp->pending_modtime)) {
-                       /*
-                        * This is equivalent to a write. Ensure it's seen immediately
-                        * if there are no pending writes.
-                        */
-                       set_filetime(fsp->conn, fsp->fsp_name,
-                                       timespec_current());
-               }
+               /*
+                * This is equivalent to a write. Ensure it's seen immediately
+                * if there are no pending writes.
+                */
+               trigger_write_time_update_immediate(fsp);
                 return NT_STATUS_OK;
         }
  
         /* Pathname or stat or directory file. */
  
-       status = open_file_ntcreate(conn, req, fname, psbuf,
-                               FILE_WRITE_DATA,
-                               FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-                               FILE_OPEN,
-                               0,
-                               FILE_ATTRIBUTE_NORMAL,
-                               FORCE_OPLOCK_BREAK_TO_NONE,
-                               NULL, &new_fsp);
+       status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               req,                                    /* req */
+               0,                                      /* root_dir_fid */
+               fname,                                  /* fname */
+               0,                                      /* create_file_flags */
+               FILE_WRITE_DATA,                        /* access_mask */
+               (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
+                   FILE_SHARE_DELETE),
+               FILE_OPEN,                              /* create_disposition*/
+               0,                                      /* create_options */
+               FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
+               FORCE_OPLOCK_BREAK_TO_NONE,             /* oplock_request */
+               0,                                      /* allocation_size */
+               NULL,                                   /* sd */
+               NULL,                                   /* ea_list */
+               &new_fsp,                               /* result */
+               NULL,                                   /* pinfo */
+               psbuf);                                 /* psbuf */
  
         if (!NT_STATUS_IS_OK(status)) {
                 /* NB. We check for open_was_deferred in the caller. */
@@ -5478,18 +5868,19 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn,
         if (allocation_size != get_file_size(*psbuf)) {
                 if (vfs_allocate_file_space(new_fsp, allocation_size) == -1) {
                         status = map_nt_error_from_unix(errno);
-                       close_file(new_fsp,NORMAL_CLOSE);
+                       close_file(req, new_fsp, NORMAL_CLOSE);
                         return status;
                 }
         }
  
         /* Changing the allocation size should set the last mod time. */
-       /* Don't need to call set_filetime as this will be flushed on
-        * close. */
-
-       fsp_set_pending_modtime(new_fsp, timespec_current());
+       /*
+        * This is equivalent to a write. Ensure it's seen immediately
+        * if there are no pending writes.
+        */
+       trigger_write_time_update_immediate(new_fsp);
  
-       close_file(new_fsp,NORMAL_CLOSE);
+       close_file(req, new_fsp, NORMAL_CLOSE);
         return NT_STATUS_OK;
  }
  
@@ -5601,7 +5992,7 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn,
          */
  
         if (lp_inherit_perms(SNUM(conn))) {
-               inherit_access_acl(
+               inherit_access_posix_acl(
                         conn, parent_dirname(fname),
                         fname, unixmode);
         }
@@ -5890,19 +6281,27 @@ static NTSTATUS smb_posix_mkdir(connection_struct *conn,
         DEBUG(10,("smb_posix_mkdir: file %s, mode 0%o\n",
                 fname, (unsigned int)unixmode ));
  
-       status = open_directory(conn, req,
-                               fname,
-                               psbuf,
-                               FILE_READ_ATTRIBUTES, /* Just a stat open */
-                               FILE_SHARE_NONE, /* Ignored for stat opens */
-                               FILE_CREATE,
-                               0,
-                               mod_unixmode,
-                               &info,
-                               &fsp);
+       status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               req,                                    /* req */
+               0,                                      /* root_dir_fid */
+               fname,                                  /* fname */
+               0,                                      /* create_file_flags */
+               FILE_READ_ATTRIBUTES,                   /* access_mask */
+               FILE_SHARE_NONE,                        /* share_access */
+               FILE_CREATE,                            /* create_disposition*/
+               FILE_DIRECTORY_FILE,                    /* create_options */
+               mod_unixmode,                           /* file_attributes */
+               0,                                      /* oplock_request */
+               0,                                      /* allocation_size */
+               NULL,                                   /* sd */
+               NULL,                                   /* ea_list */
+               &fsp,                                   /* result */
+               &info,                                  /* pinfo */
+               psbuf);                                 /* psbuf */
  
          if (NT_STATUS_IS_OK(status)) {
-                close_file(fsp, NORMAL_CLOSE);
+                close_file(req, fsp, NORMAL_CLOSE);
          }
  
         info_level_return = SVAL(pdata,16);
@@ -6056,17 +6455,25 @@ static NTSTATUS smb_posix_open(connection_struct *conn,
                 (unsigned int)wire_open_mode,
                 (unsigned int)unixmode ));
  
-       status = open_file_ntcreate(conn, req,
-                               fname,
-                               psbuf,
-                               access_mask,
-                               FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-                               create_disp,
-                               0,              /* no create options yet. */
-                               mod_unixmode,
-                               oplock_request,
-                               &info,
-                               &fsp);
+        status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               req,                                    /* req */
+               0,                                      /* root_dir_fid */
+               fname,                                  /* fname */
+               0,                                      /* create_file_flags */
+               access_mask,                            /* access_mask */
+               (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
+                   FILE_SHARE_DELETE),
+               create_disp,                            /* create_disposition*/
+               0,                                      /* create_options */
+               mod_unixmode,                           /* file_attributes */
+               oplock_request,                         /* oplock_request */
+               0,                                      /* allocation_size */
+               NULL,                                   /* sd */
+               NULL,                                   /* ea_list */
+               &fsp,                                   /* result */
+               &info,                                  /* pinfo */
+               psbuf);                                 /* psbuf */
  
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
@@ -6095,7 +6502,7 @@ static NTSTATUS smb_posix_open(connection_struct *conn,
         /* Realloc the data size */
         *ppdata = (char *)SMB_REALLOC(*ppdata,*pdata_return_size);
         if (*ppdata == NULL) {
-               close_file(fsp,ERROR_CLOSE);
+               close_file(req, fsp, ERROR_CLOSE);
                 *pdata_return_size = 0;
                 return NT_STATUS_NO_MEMORY;
         }
@@ -6151,6 +6558,7 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
         uint16 flags = 0;
         char del = 1;
         int info = 0;
+       int create_options = 0;
         int i;
         struct share_mode_lock *lck = NULL;
  
@@ -6174,30 +6582,28 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
                 fname));
  
         if (VALID_STAT_OF_DIR(*psbuf)) {
-               status = open_directory(conn, req,
-                                       fname,
-                                       psbuf,
-                                       DELETE_ACCESS,
-                                       FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-                                       FILE_OPEN,
-                                       0,
-                                       FILE_FLAG_POSIX_SEMANTICS|0777,
-                                       &info,
-                                       &fsp);
-       } else {
-
-               status = open_file_ntcreate(conn, req,
-                               fname,
-                               psbuf,
-                               DELETE_ACCESS,
-                               FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-                               FILE_OPEN,
-                               0,
-                               FILE_FLAG_POSIX_SEMANTICS|0777,
-                               0, /* No oplock, but break existing ones. */
-                               &info,
-                               &fsp);
-       }
+               create_options |= FILE_DIRECTORY_FILE;
+       }
+
+        status = SMB_VFS_CREATE_FILE(
+               conn,                                   /* conn */
+               req,                                    /* req */
+               0,                                      /* root_dir_fid */
+               fname,                                  /* fname */
+               0,                                      /* create_file_flags */
+               DELETE_ACCESS,                          /* access_mask */
+               (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
+                   FILE_SHARE_DELETE),
+               FILE_OPEN,                              /* create_disposition*/
+               create_options,                         /* create_options */
+               FILE_FLAG_POSIX_SEMANTICS|0777,         /* file_attributes */
+               0,                                      /* oplock_request */
+               0,                                      /* allocation_size */
+               NULL,                                   /* sd */
+               NULL,                                   /* ea_list */
+               &fsp,                                   /* result */
+               &info,                                  /* pinfo */
+               psbuf);                                 /* psbuf */
  
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
@@ -6208,11 +6614,12 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
          * non-POSIX opens return SHARING_VIOLATION.
          */
  
-       lck = get_share_mode_lock(NULL, fsp->file_id, NULL, NULL);
+       lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
+                                 NULL);
         if (lck == NULL) {
                 DEBUG(0, ("smb_posix_unlink: Could not get share mode "
                         "lock for file %s\n", fsp->fsp_name));
-               close_file(fsp, NORMAL_CLOSE);
+               close_file(req, fsp, NORMAL_CLOSE);
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
@@ -6228,7 +6635,7 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
                                 continue;
                         }
                         /* Fail with sharing violation. */
-                       close_file(fsp, NORMAL_CLOSE);
+                       close_file(req, fsp, NORMAL_CLOSE);
                         TALLOC_FREE(lck);
                         return NT_STATUS_SHARING_VIOLATION;
                 }
@@ -6245,12 +6652,12 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
                                                 psbuf);
  
         if (!NT_STATUS_IS_OK(status)) {
-               close_file(fsp, NORMAL_CLOSE);
+               close_file(req, fsp, NORMAL_CLOSE);
                 TALLOC_FREE(lck);
                 return status;
         }
         TALLOC_FREE(lck);
-       return close_file(fsp, NORMAL_CLOSE);
+       return close_file(req, fsp, NORMAL_CLOSE);
  }
  
  /****************************************************************************
@@ -6287,9 +6694,9 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
                         return;
                 }
  
-               fsp = file_fsp(SVAL(params,0));
+               fsp = file_fsp(req, SVAL(params,0));
                 /* Basic check for non-null fsp. */
-               if (!check_fsp_open(conn, req, fsp, &current_user)) {
+               if (!check_fsp_open(conn, req, fsp)) {
                         return;
                 }
                 info_level = SVAL(params,2);
@@ -6342,7 +6749,7 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
                         /*
                          * Original code - this is an open file.
                          */
-                       if (!check_fsp(conn, req, fsp, &current_user)) {
+                       if (!check_fsp(conn, req, fsp)) {
                                 return;
                         }
  
@@ -6434,11 +6841,6 @@ static void call_trans2setfilepathinfo(connection_struct *conn,
  
         SSVAL(params,0,0);
  
-       if (fsp && !null_timespec(fsp->pending_modtime)) {
-               /* the pending modtime overrides the current modtime */
-               set_mtimespec(&sbuf, fsp->pending_modtime);
-       }
-
         switch (info_level) {
  
                 case SMB_INFO_STANDARD:
@@ -6775,10 +7177,11 @@ static void call_trans2mkdir(connection_struct *conn, struct smb_request *req,
                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
                         return;
                 }
-       } else if (IVAL(pdata,0) != 4) {
-               reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
-               return;
         }
+       /* If total_data == 4 Windows doesn't care what values
+        * are placed in that field, it just ignores them.
+        * The System i QNTC IBM SMB client puts bad values here,
+        * so ignore them. */
  
         status = create_directory(conn, req, directory);
  
@@ -6960,7 +7363,7 @@ static void call_trans2ioctl(connection_struct *conn,
                              unsigned int max_data_bytes)
  {
         char *pdata = *ppdata;
-       files_struct *fsp = file_fsp(SVAL(req->inbuf,smb_vwv15));
+       files_struct *fsp = file_fsp(req, SVAL(req->vwv+15, 0));
  
         /* check for an invalid fid before proceeding */
  
@@ -6969,8 +7372,8 @@ static void call_trans2ioctl(connection_struct *conn,
                 return;
         }
  
-       if ((SVAL(req->inbuf,(smb_setup+4)) == LMCAT_SPL)
-           && (SVAL(req->inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
+       if ((SVAL(req->vwv+16, 0) == LMCAT_SPL)
+           && (SVAL(req->vwv+17, 0) == LMFUNC_GETJOBID)) {
                 *ppdata = (char *)SMB_REALLOC(*ppdata, 32);
                 if (*ppdata == NULL) {
                         reply_nterror(req, NT_STATUS_NO_MEMORY);
@@ -7013,7 +7416,7 @@ void reply_findclose(struct smb_request *req)
                 return;
         }
  
-       dptr_num = SVALS(req->inbuf,smb_vwv0);
+       dptr_num = SVALS(req->vwv+0, 0);
  
         DEBUG(3,("reply_findclose, dptr_num = %d\n", dptr_num));
  
@@ -7043,7 +7446,7 @@ void reply_findnclose(struct smb_request *req)
                 return;
         }
         
-       dptr_num = SVAL(req->inbuf,smb_vwv0);
+       dptr_num = SVAL(req->vwv+0, 0);
  
         DEBUG(3,("reply_findnclose, dptr_num = %d\n", dptr_num));
  
@@ -7233,7 +7636,6 @@ void reply_trans2(struct smb_request *req)
         unsigned int psoff;
         unsigned int pscnt;
         unsigned int tran_call;
-       int size;
         struct trans_state *state;
         NTSTATUS result;
  
@@ -7245,12 +7647,11 @@ void reply_trans2(struct smb_request *req)
                 return;
         }
  
-       dsoff = SVAL(req->inbuf, smb_dsoff);
-       dscnt = SVAL(req->inbuf, smb_dscnt);
-       psoff = SVAL(req->inbuf, smb_psoff);
-       pscnt = SVAL(req->inbuf, smb_pscnt);
-       tran_call = SVAL(req->inbuf, smb_setup0);
-       size = smb_len(req->inbuf) + 4;
+       dsoff = SVAL(req->vwv+12, 0);
+       dscnt = SVAL(req->vwv+11, 0);
+       psoff = SVAL(req->vwv+10, 0);
+       pscnt = SVAL(req->vwv+9, 0);
+       tran_call = SVAL(req->vwv+14, 0);
  
         result = allow_new_trans(conn->pending_trans, req->mid);
         if (!NT_STATUS_IS_OK(result)) {
@@ -7277,7 +7678,7 @@ void reply_trans2(struct smb_request *req)
                 }
         }
  
-       if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
+       if ((state = TALLOC_P(conn, struct trans_state)) == NULL) {
                 DEBUG(0, ("talloc failed\n"));
                 reply_nterror(req, NT_STATUS_NO_MEMORY);
                 END_PROFILE(SMBtrans2);
@@ -7288,17 +7689,17 @@ void reply_trans2(struct smb_request *req)
  
         state->mid = req->mid;
         state->vuid = req->vuid;
-       state->setup_count = SVAL(req->inbuf, smb_suwcnt);
+       state->setup_count = SVAL(req->vwv+13, 0);
         state->setup = NULL;
-       state->total_param = SVAL(req->inbuf, smb_tpscnt);
+       state->total_param = SVAL(req->vwv+0, 0);
         state->param = NULL;
-       state->total_data =  SVAL(req->inbuf, smb_tdscnt);
+       state->total_data =  SVAL(req->vwv+1, 0);
         state->data = NULL;
-       state->max_param_return = SVAL(req->inbuf, smb_mprcnt);
-       state->max_data_return  = SVAL(req->inbuf, smb_mdrcnt);
-       state->max_setup_return = SVAL(req->inbuf, smb_msrcnt);
-       state->close_on_completion = BITSETW(req->inbuf+smb_vwv5,0);
-       state->one_way = BITSETW(req->inbuf+smb_vwv5,1);
+       state->max_param_return = SVAL(req->vwv+2, 0);
+       state->max_data_return  = SVAL(req->vwv+3, 0);
+       state->max_setup_return = SVAL(req->vwv+4, 0);
+       state->close_on_completion = BITSETW(req->vwv+5, 0);
+       state->one_way = BITSETW(req->vwv+5, 1);
  
         state->call = tran_call;
  
@@ -7315,8 +7716,8 @@ void reply_trans2(struct smb_request *req)
                  */
                 if ( (state->setup_count == 4)
                      && (tran_call == TRANSACT2_IOCTL)
-                    && (SVAL(req->inbuf,(smb_setup+4)) == LMCAT_SPL)
-                    && (SVAL(req->inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
+                    && (SVAL(req->vwv+16, 0) == LMCAT_SPL)
+                    && (SVAL(req->vwv+17, 0) == LMFUNC_GETJOBID)) {
                         DEBUG(2,("Got Trans2 DevIOctl jobid\n"));
                 } else {
                         DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",state->setup_count));
@@ -7332,6 +7733,12 @@ void reply_trans2(struct smb_request *req)
                 goto bad_param;
  
         if (state->total_data) {
+
+               if (trans_oob(state->total_data, 0, dscnt)
+                   || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) {
+                       goto bad_param;
+               }
+
                 /* Can't use talloc here, the core routines do realloc on the
                  * params and data. */
                 state->data = (char *)SMB_MALLOC(state->total_data);
@@ -7343,17 +7750,17 @@ void reply_trans2(struct smb_request *req)
                         END_PROFILE(SMBtrans2);
                         return;
                 }
-               if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
-                       goto bad_param;
-               if ((smb_base(req->inbuf)+dsoff+dscnt
-                    > (char *)req->inbuf + size) ||
-                   (smb_base(req->inbuf)+dsoff+dscnt < smb_base(req->inbuf)))
-                       goto bad_param;
  
                 memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt);
         }
  
         if (state->total_param) {
+
+               if (trans_oob(state->total_param, 0, pscnt)
+                   || trans_oob(smb_len(req->inbuf), psoff, pscnt)) {
+                       goto bad_param;
+               }
+
                 /* Can't use talloc here, the core routines do realloc on the
                  * params and data. */
                 state->param = (char *)SMB_MALLOC(state->total_param);
@@ -7366,12 +7773,6 @@ void reply_trans2(struct smb_request *req)
                         END_PROFILE(SMBtrans2);
                         return;
                 } 
-               if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
-                       goto bad_param;
-               if ((smb_base(req->inbuf)+psoff+pscnt
-                    > (char *)req->inbuf + size) ||
-                   (smb_base(req->inbuf)+psoff+pscnt < smb_base(req->inbuf)))
-                       goto bad_param;
  
                 memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt);
         }
@@ -7420,7 +7821,6 @@ void reply_transs2(struct smb_request *req)
         connection_struct *conn = req->conn;
         unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
         struct trans_state *state;
-       int size;
  
         START_PROFILE(SMBtranss2);
  
@@ -7432,8 +7832,6 @@ void reply_transs2(struct smb_request *req)
                 return;
         }
  
-       size = smb_len(req->inbuf)+4;
-
         for (state = conn->pending_trans; state != NULL;
              state = state->next) {
                 if (state->mid == req->mid) {
@@ -7450,18 +7848,18 @@ void reply_transs2(struct smb_request *req)
         /* Revise state->total_param and state->total_data in case they have
            changed downwards */
  
-       if (SVAL(req->inbuf, smb_tpscnt) < state->total_param)
-               state->total_param = SVAL(req->inbuf, smb_tpscnt);
-       if (SVAL(req->inbuf, smb_tdscnt) < state->total_data)
-               state->total_data = SVAL(req->inbuf, smb_tdscnt);
+       if (SVAL(req->vwv+0, 0) < state->total_param)
+               state->total_param = SVAL(req->vwv+0, 0);
+       if (SVAL(req->vwv+1, 0) < state->total_data)
+               state->total_data = SVAL(req->vwv+1, 0);
  
-       pcnt = SVAL(req->inbuf, smb_spscnt);
-       poff = SVAL(req->inbuf, smb_spsoff);
-       pdisp = SVAL(req->inbuf, smb_spsdisp);
+       pcnt = SVAL(req->vwv+2, 0);
+       poff = SVAL(req->vwv+3, 0);
+       pdisp = SVAL(req->vwv+4, 0);
  
-       dcnt = SVAL(req->inbuf, smb_sdscnt);
-       doff = SVAL(req->inbuf, smb_sdsoff);
-       ddisp = SVAL(req->inbuf, smb_sdsdisp);
+       dcnt = SVAL(req->vwv+5, 0);
+       doff = SVAL(req->vwv+6, 0);
+       ddisp = SVAL(req->vwv+7, 0);
  
         state->received_param += pcnt;
         state->received_data += dcnt;
@@ -7471,39 +7869,19 @@ void reply_transs2(struct smb_request *req)
                 goto bad_param;
  
         if (pcnt) {
-               if (pdisp+pcnt > state->total_param)
+               if (trans_oob(state->total_param, pdisp, pcnt)
+                   || trans_oob(smb_len(req->inbuf), poff, pcnt)) {
                         goto bad_param;
-               if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
-                       goto bad_param;
-               if (pdisp > state->total_param)
-                       goto bad_param;
-               if ((smb_base(req->inbuf) + poff + pcnt
-                    > (char *)req->inbuf + size) ||
-                   (smb_base(req->inbuf) + poff + pcnt < smb_base(req->inbuf)))
-                       goto bad_param;
-               if (state->param + pdisp < state->param)
-                       goto bad_param;
-
-               memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,
-                      pcnt);
+               }
+               memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,pcnt);
         }
  
         if (dcnt) {
-               if (ddisp+dcnt > state->total_data)
-                       goto bad_param;
-               if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
-                       goto bad_param;
-               if (ddisp > state->total_data)
-                       goto bad_param;
-               if ((smb_base(req->inbuf) + doff + dcnt
-                    > (char *)req->inbuf + size) ||
-                   (smb_base(req->inbuf) + doff + dcnt < smb_base(req->inbuf)))
-                       goto bad_param;
-               if (state->data + ddisp < state->data)
+               if (trans_oob(state->total_data, ddisp, dcnt)
+                   || trans_oob(smb_len(req->inbuf), doff, dcnt)) {
                         goto bad_param;
-
-               memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,
-                      dcnt);      
+               }
+               memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt);
         }
  
         if ((state->received_param < state->total_param) ||
@@ -7512,12 +7890,6 @@ void reply_transs2(struct smb_request *req)
                 return;
         }
  
-       /*
-        * construct_reply_common will copy smb_com from inbuf to
-        * outbuf. SMBtranss2 is wrong here.
-        */
-       SCVAL(req->inbuf,smb_com,SMBtrans2);
-
         handle_trans2(conn, req, state);
  
         DLIST_REMOVE(conn->pending_trans, state);