2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 /****************************************************************************
31 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
32 path or anything including wildcards.
33 We're assuming here that '/' is not the second byte in any multibyte char
34 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
36 ****************************************************************************/
38 /* Custom version for processing POSIX paths. */
39 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
41 static NTSTATUS check_path_syntax_internal(char *path,
43 bool *p_last_component_contains_wcard)
47 NTSTATUS ret = NT_STATUS_OK;
48 bool start_of_name_component = True;
49 bool stream_started = false;
51 *p_last_component_contains_wcard = False;
58 return NT_STATUS_OBJECT_NAME_INVALID;
61 return NT_STATUS_OBJECT_NAME_INVALID;
63 if (strchr_m(&s[1], ':')) {
64 return NT_STATUS_OBJECT_NAME_INVALID;
70 if ((*s == ':') && !posix_path && !stream_started) {
71 if (*p_last_component_contains_wcard) {
72 return NT_STATUS_OBJECT_NAME_INVALID;
74 /* Stream names allow more characters than file names.
75 We're overloading posix_path here to allow a wider
76 range of characters. If stream_started is true this
77 is still a Windows path even if posix_path is true.
80 stream_started = true;
81 start_of_name_component = false;
85 return NT_STATUS_OBJECT_NAME_INVALID;
89 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
91 * Safe to assume is not the second part of a mb char
92 * as this is handled below.
94 /* Eat multiple '/' or '\\' */
95 while (IS_PATH_SEP(*s,posix_path)) {
98 if ((d != path) && (*s != '\0')) {
99 /* We only care about non-leading or trailing '/' or '\\' */
103 start_of_name_component = True;
105 *p_last_component_contains_wcard = False;
109 if (start_of_name_component) {
110 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
111 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
114 * No mb char starts with '.' so we're safe checking the directory separator here.
117 /* If we just added a '/' - delete it */
118 if ((d > path) && (*(d-1) == '/')) {
123 /* Are we at the start ? Can't go back further if so. */
125 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
128 /* Go back one level... */
129 /* We know this is safe as '/' cannot be part of a mb sequence. */
130 /* NOTE - if this assumption is invalid we are not in good shape... */
131 /* Decrement d first as d points to the *next* char to write into. */
132 for (d--; d > path; d--) {
136 s += 2; /* Else go past the .. */
137 /* We're still at the start of a name component, just the previous one. */
140 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
152 if (*s <= 0x1f || *s == '|') {
153 return NT_STATUS_OBJECT_NAME_INVALID;
161 *p_last_component_contains_wcard = True;
170 /* Get the size of the next MB character. */
171 next_codepoint(s,&siz);
189 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
191 return NT_STATUS_INVALID_PARAMETER;
194 start_of_name_component = False;
202 /****************************************************************************
203 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
204 No wildcards allowed.
205 ****************************************************************************/
207 NTSTATUS check_path_syntax(char *path)
210 return check_path_syntax_internal(path, False, &ignore);
213 /****************************************************************************
214 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
215 Wildcards allowed - p_contains_wcard returns true if the last component contained
217 ****************************************************************************/
219 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
221 return check_path_syntax_internal(path, False, p_contains_wcard);
224 /****************************************************************************
225 Check the path for a POSIX client.
226 We're assuming here that '/' is not the second byte in any multibyte char
227 set (a safe assumption).
228 ****************************************************************************/
230 NTSTATUS check_path_syntax_posix(char *path)
233 return check_path_syntax_internal(path, True, &ignore);
236 /****************************************************************************
237 Pull a string and check the path allowing a wilcard - provide for error return.
238 ****************************************************************************/
240 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
241 const char *base_ptr,
248 bool *contains_wcard)
254 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
258 *err = NT_STATUS_INVALID_PARAMETER;
262 *contains_wcard = False;
264 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
266 * For a DFS path the function parse_dfs_path()
267 * will do the path processing, just make a copy.
273 if (lp_posix_pathnames()) {
274 *err = check_path_syntax_posix(*pp_dest);
276 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 /****************************************************************************
283 Pull a string and check the path - provide for error return.
284 ****************************************************************************/
286 size_t srvstr_get_path(TALLOC_CTX *ctx,
287 const char *base_ptr,
296 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
297 src_len, flags, err, &ignore);
300 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
301 char **pp_dest, const char *src, int flags,
302 NTSTATUS *err, bool *contains_wcard)
304 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
305 pp_dest, src, smbreq_bufrem(req, src),
306 flags, err, contains_wcard);
309 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
310 char **pp_dest, const char *src, int flags,
314 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
315 flags, err, &ignore);
318 /****************************************************************************
319 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
320 ****************************************************************************/
322 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
325 if (!(fsp) || !(conn)) {
326 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
329 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
330 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 /****************************************************************************
337 Check if we have a correct fsp pointing to a file.
338 ****************************************************************************/
340 bool check_fsp(connection_struct *conn, struct smb_request *req,
343 if (!check_fsp_open(conn, req, fsp)) {
346 if ((fsp)->is_directory) {
347 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
350 if ((fsp)->fh->fd == -1) {
351 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
354 (fsp)->num_smb_operations++;
358 /****************************************************************************
359 Check if we have a correct fsp pointing to a quota fake file. Replacement for
360 the CHECK_NTQUOTA_HANDLE_OK macro.
361 ****************************************************************************/
363 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
366 if (!check_fsp_open(conn, req, fsp)) {
370 if (fsp->is_directory) {
374 if (fsp->fake_file_handle == NULL) {
378 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
382 if (fsp->fake_file_handle->private_data == NULL) {
389 /****************************************************************************
390 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
391 ****************************************************************************/
393 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
396 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
397 && (req->vuid == (fsp)->vuid)) {
401 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
405 static bool netbios_session_retarget(const char *name, int name_type)
408 char *trim_name_type;
409 const char *retarget_parm;
412 int retarget_type = 0x20;
413 int retarget_port = 139;
414 struct sockaddr_storage retarget_addr;
415 struct sockaddr_in *in_addr;
419 if (get_socket_port(smbd_server_fd()) != 139) {
423 trim_name = talloc_strdup(talloc_tos(), name);
424 if (trim_name == NULL) {
427 trim_char(trim_name, ' ', ' ');
429 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
431 if (trim_name_type == NULL) {
435 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
436 trim_name_type, NULL);
437 if (retarget_parm == NULL) {
438 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 if (retarget_parm == NULL) {
445 retarget = talloc_strdup(trim_name, retarget_parm);
446 if (retarget == NULL) {
450 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
452 p = strchr(retarget, ':');
455 retarget_port = atoi(p);
458 p = strchr_m(retarget, '#');
461 sscanf(p, "%x", &retarget_type);
464 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
466 DEBUG(10, ("could not resolve %s\n", retarget));
470 if (retarget_addr.ss_family != AF_INET) {
471 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
475 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
477 _smb_setlen(outbuf, 6);
478 SCVAL(outbuf, 0, 0x84);
479 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
480 *(uint16_t *)(outbuf+8) = htons(retarget_port);
482 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
484 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
490 TALLOC_FREE(trim_name);
494 /****************************************************************************
495 Reply to a (netbios-level) special message.
496 ****************************************************************************/
498 void reply_special(char *inbuf)
500 int msg_type = CVAL(inbuf,0);
501 int msg_flags = CVAL(inbuf,1);
503 char name_type1, name_type2;
504 struct smbd_server_connection *sconn = smbd_server_conn;
507 * We only really use 4 bytes of the outbuf, but for the smb_setlen
508 * calculation & friends (srv_send_smb uses that) we need the full smb
511 char outbuf[smb_size];
515 memset(outbuf, '\0', sizeof(outbuf));
517 smb_setlen(outbuf,0);
520 case 0x81: /* session request */
522 if (sconn->nbt.got_session) {
523 exit_server_cleanly("multiple session request not permitted");
526 SCVAL(outbuf,0,0x82);
528 if (name_len(inbuf+4) > 50 ||
529 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
530 DEBUG(0,("Invalid name length in session request\n"));
533 name_type1 = name_extract(inbuf,4,name1);
534 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
535 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
536 name1, name_type1, name2, name_type2));
538 if (netbios_session_retarget(name1, name_type1)) {
539 exit_server_cleanly("retargeted client");
542 set_local_machine_name(name1, True);
543 set_remote_machine_name(name2, True);
545 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
546 get_local_machine_name(), get_remote_machine_name(),
549 if (name_type2 == 'R') {
550 /* We are being asked for a pathworks session ---
552 SCVAL(outbuf, 0,0x83);
556 /* only add the client's machine name to the list
557 of possibly valid usernames if we are operating
558 in share mode security */
559 if (lp_security() == SEC_SHARE) {
560 add_session_user(sconn, get_remote_machine_name());
563 reload_services(True);
566 sconn->nbt.got_session = true;
569 case 0x89: /* session keepalive request
570 (some old clients produce this?) */
571 SCVAL(outbuf,0,SMBkeepalive);
575 case 0x82: /* positive session response */
576 case 0x83: /* negative session response */
577 case 0x84: /* retarget session response */
578 DEBUG(0,("Unexpected session response\n"));
581 case SMBkeepalive: /* session keepalive */
586 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
587 msg_type, msg_flags));
589 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
593 /****************************************************************************
595 conn POINTER CAN BE NULL HERE !
596 ****************************************************************************/
598 void reply_tcon(struct smb_request *req)
600 connection_struct *conn = req->conn;
602 char *service_buf = NULL;
603 char *password = NULL;
608 DATA_BLOB password_blob;
609 TALLOC_CTX *ctx = talloc_tos();
610 struct smbd_server_connection *sconn = smbd_server_conn;
612 START_PROFILE(SMBtcon);
614 if (req->buflen < 4) {
615 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
616 END_PROFILE(SMBtcon);
620 p = (const char *)req->buf + 1;
621 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
623 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
625 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
628 if (service_buf == NULL || password == NULL || dev == NULL) {
629 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
630 END_PROFILE(SMBtcon);
633 p = strrchr_m(service_buf,'\\');
637 service = service_buf;
640 password_blob = data_blob(password, pwlen+1);
642 conn = make_connection(sconn,service,password_blob,dev,
643 req->vuid,&nt_status);
646 data_blob_clear_free(&password_blob);
649 reply_nterror(req, nt_status);
650 END_PROFILE(SMBtcon);
654 reply_outbuf(req, 2, 0);
655 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
656 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
657 SSVAL(req->outbuf,smb_tid,conn->cnum);
659 DEBUG(3,("tcon service=%s cnum=%d\n",
660 service, conn->cnum));
662 END_PROFILE(SMBtcon);
666 /****************************************************************************
667 Reply to a tcon and X.
668 conn POINTER CAN BE NULL HERE !
669 ****************************************************************************/
671 void reply_tcon_and_X(struct smb_request *req)
673 connection_struct *conn = req->conn;
674 const char *service = NULL;
676 TALLOC_CTX *ctx = talloc_tos();
677 /* what the cleint thinks the device is */
678 char *client_devicetype = NULL;
679 /* what the server tells the client the share represents */
680 const char *server_devicetype;
686 struct smbd_server_connection *sconn = smbd_server_conn;
688 START_PROFILE(SMBtconX);
691 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
692 END_PROFILE(SMBtconX);
696 passlen = SVAL(req->vwv+3, 0);
697 tcon_flags = SVAL(req->vwv+2, 0);
699 /* we might have to close an old one */
700 if ((tcon_flags & 0x1) && conn) {
701 close_cnum(conn,req->vuid);
706 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
707 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
708 END_PROFILE(SMBtconX);
712 if (sconn->smb1.negprot.encrypted_passwords) {
713 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
714 if (lp_security() == SEC_SHARE) {
716 * Security = share always has a pad byte
717 * after the password.
719 p = (const char *)req->buf + passlen + 1;
721 p = (const char *)req->buf + passlen;
724 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
725 /* Ensure correct termination */
726 password.data[passlen]=0;
727 p = (const char *)req->buf + passlen + 1;
730 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
733 data_blob_clear_free(&password);
734 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
735 END_PROFILE(SMBtconX);
740 * the service name can be either: \\server\share
741 * or share directly like on the DELL PowerVault 705
744 q = strchr_m(path+2,'\\');
746 data_blob_clear_free(&password);
747 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
748 END_PROFILE(SMBtconX);
756 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
757 &client_devicetype, p,
758 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
760 if (client_devicetype == NULL) {
761 data_blob_clear_free(&password);
762 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
763 END_PROFILE(SMBtconX);
767 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
769 conn = make_connection(sconn, service, password, client_devicetype,
770 req->vuid, &nt_status);
773 data_blob_clear_free(&password);
776 reply_nterror(req, nt_status);
777 END_PROFILE(SMBtconX);
782 server_devicetype = "IPC";
783 else if ( IS_PRINT(conn) )
784 server_devicetype = "LPT1:";
786 server_devicetype = "A:";
788 if (get_Protocol() < PROTOCOL_NT1) {
789 reply_outbuf(req, 2, 0);
790 if (message_push_string(&req->outbuf, server_devicetype,
791 STR_TERMINATE|STR_ASCII) == -1) {
792 reply_nterror(req, NT_STATUS_NO_MEMORY);
793 END_PROFILE(SMBtconX);
797 /* NT sets the fstype of IPC$ to the null string */
798 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
800 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
801 /* Return permissions. */
805 reply_outbuf(req, 7, 0);
808 perm1 = FILE_ALL_ACCESS;
809 perm2 = FILE_ALL_ACCESS;
811 perm1 = CAN_WRITE(conn) ?
816 SIVAL(req->outbuf, smb_vwv3, perm1);
817 SIVAL(req->outbuf, smb_vwv5, perm2);
819 reply_outbuf(req, 3, 0);
822 if ((message_push_string(&req->outbuf, server_devicetype,
823 STR_TERMINATE|STR_ASCII) == -1)
824 || (message_push_string(&req->outbuf, fstype,
825 STR_TERMINATE) == -1)) {
826 reply_nterror(req, NT_STATUS_NO_MEMORY);
827 END_PROFILE(SMBtconX);
831 /* what does setting this bit do? It is set by NT4 and
832 may affect the ability to autorun mounted cdroms */
833 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
834 (lp_csc_policy(SNUM(conn)) << 2));
836 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
837 DEBUG(2,("Serving %s as a Dfs root\n",
838 lp_servicename(SNUM(conn)) ));
839 SSVAL(req->outbuf, smb_vwv2,
840 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
845 DEBUG(3,("tconX service=%s \n",
848 /* set the incoming and outgoing tid to the just created one */
849 SSVAL(req->inbuf,smb_tid,conn->cnum);
850 SSVAL(req->outbuf,smb_tid,conn->cnum);
852 END_PROFILE(SMBtconX);
854 req->tid = conn->cnum;
859 /****************************************************************************
860 Reply to an unknown type.
861 ****************************************************************************/
863 void reply_unknown_new(struct smb_request *req, uint8 type)
865 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
866 smb_fn_name(type), type, type));
867 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
871 /****************************************************************************
873 conn POINTER CAN BE NULL HERE !
874 ****************************************************************************/
876 void reply_ioctl(struct smb_request *req)
878 connection_struct *conn = req->conn;
885 START_PROFILE(SMBioctl);
888 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
889 END_PROFILE(SMBioctl);
893 device = SVAL(req->vwv+1, 0);
894 function = SVAL(req->vwv+2, 0);
895 ioctl_code = (device << 16) + function;
897 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
899 switch (ioctl_code) {
900 case IOCTL_QUERY_JOB_INFO:
904 reply_force_doserror(req, ERRSRV, ERRnosupport);
905 END_PROFILE(SMBioctl);
909 reply_outbuf(req, 8, replysize+1);
910 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
911 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
912 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
913 p = smb_buf(req->outbuf);
914 memset(p, '\0', replysize+1); /* valgrind-safe. */
915 p += 1; /* Allow for alignment */
917 switch (ioctl_code) {
918 case IOCTL_QUERY_JOB_INFO:
920 files_struct *fsp = file_fsp(
921 req, SVAL(req->vwv+0, 0));
923 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
924 END_PROFILE(SMBioctl);
927 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
928 srvstr_push((char *)req->outbuf, req->flags2, p+2,
930 STR_TERMINATE|STR_ASCII);
932 srvstr_push((char *)req->outbuf, req->flags2,
933 p+18, lp_servicename(SNUM(conn)),
934 13, STR_TERMINATE|STR_ASCII);
942 END_PROFILE(SMBioctl);
946 /****************************************************************************
947 Strange checkpath NTSTATUS mapping.
948 ****************************************************************************/
950 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
952 /* Strange DOS error code semantics only for checkpath... */
953 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
954 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
955 /* We need to map to ERRbadpath */
956 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
962 /****************************************************************************
963 Reply to a checkpath.
964 ****************************************************************************/
966 void reply_checkpath(struct smb_request *req)
968 connection_struct *conn = req->conn;
969 struct smb_filename *smb_fname = NULL;
972 TALLOC_CTX *ctx = talloc_tos();
974 START_PROFILE(SMBcheckpath);
976 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
977 STR_TERMINATE, &status);
979 if (!NT_STATUS_IS_OK(status)) {
980 status = map_checkpath_error(req->flags2, status);
981 reply_nterror(req, status);
982 END_PROFILE(SMBcheckpath);
986 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
988 status = filename_convert(ctx,
990 req->flags2 & FLAGS2_DFS_PATHNAMES,
996 if (!NT_STATUS_IS_OK(status)) {
997 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
998 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1000 END_PROFILE(SMBcheckpath);
1006 if (!VALID_STAT(smb_fname->st) &&
1007 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1008 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1009 smb_fname_str_dbg(smb_fname), strerror(errno)));
1010 status = map_nt_error_from_unix(errno);
1014 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1015 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1016 ERRDOS, ERRbadpath);
1020 reply_outbuf(req, 0, 0);
1023 /* We special case this - as when a Windows machine
1024 is parsing a path is steps through the components
1025 one at a time - if a component fails it expects
1026 ERRbadpath, not ERRbadfile.
1028 status = map_checkpath_error(req->flags2, status);
1029 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1031 * Windows returns different error codes if
1032 * the parent directory is valid but not the
1033 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1034 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1035 * if the path is invalid.
1037 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1038 ERRDOS, ERRbadpath);
1042 reply_nterror(req, status);
1045 TALLOC_FREE(smb_fname);
1046 END_PROFILE(SMBcheckpath);
1050 /****************************************************************************
1052 ****************************************************************************/
1054 void reply_getatr(struct smb_request *req)
1056 connection_struct *conn = req->conn;
1057 struct smb_filename *smb_fname = NULL;
1064 TALLOC_CTX *ctx = talloc_tos();
1065 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1067 START_PROFILE(SMBgetatr);
1069 p = (const char *)req->buf + 1;
1070 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1071 if (!NT_STATUS_IS_OK(status)) {
1072 reply_nterror(req, status);
1076 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1077 under WfWg - weird! */
1078 if (*fname == '\0') {
1079 mode = aHIDDEN | aDIR;
1080 if (!CAN_WRITE(conn)) {
1086 status = filename_convert(ctx,
1088 req->flags2 & FLAGS2_DFS_PATHNAMES,
1093 if (!NT_STATUS_IS_OK(status)) {
1094 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1095 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1096 ERRSRV, ERRbadpath);
1099 reply_nterror(req, status);
1102 if (!VALID_STAT(smb_fname->st) &&
1103 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1104 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1105 smb_fname_str_dbg(smb_fname),
1107 reply_nterror(req, map_nt_error_from_unix(errno));
1111 mode = dos_mode(conn, smb_fname);
1112 size = smb_fname->st.st_ex_size;
1114 if (ask_sharemode) {
1115 struct timespec write_time_ts;
1116 struct file_id fileid;
1118 ZERO_STRUCT(write_time_ts);
1119 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1120 get_file_infos(fileid, NULL, &write_time_ts);
1121 if (!null_timespec(write_time_ts)) {
1122 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1126 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1132 reply_outbuf(req, 10, 0);
1134 SSVAL(req->outbuf,smb_vwv0,mode);
1135 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1136 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1138 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1140 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1142 if (get_Protocol() >= PROTOCOL_NT1) {
1143 SSVAL(req->outbuf, smb_flg2,
1144 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1147 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1148 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1151 TALLOC_FREE(smb_fname);
1153 END_PROFILE(SMBgetatr);
1157 /****************************************************************************
1159 ****************************************************************************/
1161 void reply_setatr(struct smb_request *req)
1163 struct smb_file_time ft;
1164 connection_struct *conn = req->conn;
1165 struct smb_filename *smb_fname = NULL;
1171 TALLOC_CTX *ctx = talloc_tos();
1173 START_PROFILE(SMBsetatr);
1178 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1182 p = (const char *)req->buf + 1;
1183 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1184 if (!NT_STATUS_IS_OK(status)) {
1185 reply_nterror(req, status);
1189 status = filename_convert(ctx,
1191 req->flags2 & FLAGS2_DFS_PATHNAMES,
1196 if (!NT_STATUS_IS_OK(status)) {
1197 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1198 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1199 ERRSRV, ERRbadpath);
1202 reply_nterror(req, status);
1206 if (smb_fname->base_name[0] == '.' &&
1207 smb_fname->base_name[1] == '\0') {
1209 * Not sure here is the right place to catch this
1210 * condition. Might be moved to somewhere else later -- vl
1212 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1216 mode = SVAL(req->vwv+0, 0);
1217 mtime = srv_make_unix_date3(req->vwv+1);
1219 ft.mtime = convert_time_t_to_timespec(mtime);
1220 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1221 if (!NT_STATUS_IS_OK(status)) {
1222 reply_nterror(req, status);
1226 if (mode != FILE_ATTRIBUTE_NORMAL) {
1227 if (VALID_STAT_OF_DIR(smb_fname->st))
1232 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1234 reply_nterror(req, map_nt_error_from_unix(errno));
1239 reply_outbuf(req, 0, 0);
1241 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1244 TALLOC_FREE(smb_fname);
1245 END_PROFILE(SMBsetatr);
1249 /****************************************************************************
1251 ****************************************************************************/
1253 void reply_dskattr(struct smb_request *req)
1255 connection_struct *conn = req->conn;
1256 uint64_t dfree,dsize,bsize;
1257 START_PROFILE(SMBdskattr);
1259 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1260 reply_nterror(req, map_nt_error_from_unix(errno));
1261 END_PROFILE(SMBdskattr);
1265 reply_outbuf(req, 5, 0);
1267 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1268 double total_space, free_space;
1269 /* we need to scale this to a number that DOS6 can handle. We
1270 use floating point so we can handle large drives on systems
1271 that don't have 64 bit integers
1273 we end up displaying a maximum of 2G to DOS systems
1275 total_space = dsize * (double)bsize;
1276 free_space = dfree * (double)bsize;
1278 dsize = (uint64_t)((total_space+63*512) / (64*512));
1279 dfree = (uint64_t)((free_space+63*512) / (64*512));
1281 if (dsize > 0xFFFF) dsize = 0xFFFF;
1282 if (dfree > 0xFFFF) dfree = 0xFFFF;
1284 SSVAL(req->outbuf,smb_vwv0,dsize);
1285 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1286 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1287 SSVAL(req->outbuf,smb_vwv3,dfree);
1289 SSVAL(req->outbuf,smb_vwv0,dsize);
1290 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1291 SSVAL(req->outbuf,smb_vwv2,512);
1292 SSVAL(req->outbuf,smb_vwv3,dfree);
1295 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1297 END_PROFILE(SMBdskattr);
1302 * Utility function to split the filename from the directory.
1304 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1305 char **fname_dir_out,
1306 char **fname_mask_out)
1308 const char *p = NULL;
1309 char *fname_dir = NULL;
1310 char *fname_mask = NULL;
1312 p = strrchr_m(fname_in, '/');
1314 fname_dir = talloc_strdup(ctx, ".");
1315 fname_mask = talloc_strdup(ctx, fname_in);
1317 fname_dir = talloc_strndup(ctx, fname_in,
1318 PTR_DIFF(p, fname_in));
1319 fname_mask = talloc_strdup(ctx, p+1);
1322 if (!fname_dir || !fname_mask) {
1323 TALLOC_FREE(fname_dir);
1324 TALLOC_FREE(fname_mask);
1325 return NT_STATUS_NO_MEMORY;
1328 *fname_dir_out = fname_dir;
1329 *fname_mask_out = fname_mask;
1330 return NT_STATUS_OK;
1333 /****************************************************************************
1335 Can be called from SMBsearch, SMBffirst or SMBfunique.
1336 ****************************************************************************/
1338 void reply_search(struct smb_request *req)
1340 connection_struct *conn = req->conn;
1342 const char *mask = NULL;
1343 char *directory = NULL;
1344 struct smb_filename *smb_fname = NULL;
1348 struct timespec date;
1350 unsigned int numentries = 0;
1351 unsigned int maxentries = 0;
1352 bool finished = False;
1357 bool check_descend = False;
1358 bool expect_close = False;
1360 bool mask_contains_wcard = False;
1361 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1362 TALLOC_CTX *ctx = talloc_tos();
1363 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1364 struct dptr_struct *dirptr = NULL;
1365 struct smbd_server_connection *sconn = smbd_server_conn;
1367 START_PROFILE(SMBsearch);
1370 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1374 if (lp_posix_pathnames()) {
1375 reply_unknown_new(req, req->cmd);
1379 /* If we were called as SMBffirst then we must expect close. */
1380 if(req->cmd == SMBffirst) {
1381 expect_close = True;
1384 reply_outbuf(req, 1, 3);
1385 maxentries = SVAL(req->vwv+0, 0);
1386 dirtype = SVAL(req->vwv+1, 0);
1387 p = (const char *)req->buf + 1;
1388 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1389 &nt_status, &mask_contains_wcard);
1390 if (!NT_STATUS_IS_OK(nt_status)) {
1391 reply_nterror(req, nt_status);
1396 status_len = SVAL(p, 0);
1399 /* dirtype &= ~aDIR; */
1401 if (status_len == 0) {
1402 nt_status = filename_convert(ctx, conn,
1403 req->flags2 & FLAGS2_DFS_PATHNAMES,
1405 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1406 &mask_contains_wcard,
1408 if (!NT_STATUS_IS_OK(nt_status)) {
1409 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1410 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1411 ERRSRV, ERRbadpath);
1414 reply_nterror(req, nt_status);
1418 directory = smb_fname->base_name;
1420 p = strrchr_m(directory,'/');
1421 if ((p != NULL) && (*directory != '/')) {
1423 directory = talloc_strndup(ctx, directory,
1424 PTR_DIFF(p, directory));
1427 directory = talloc_strdup(ctx,".");
1431 reply_nterror(req, NT_STATUS_NO_MEMORY);
1435 memset((char *)status,'\0',21);
1436 SCVAL(status,0,(dirtype & 0x1F));
1438 nt_status = dptr_create(conn,
1444 mask_contains_wcard,
1447 if (!NT_STATUS_IS_OK(nt_status)) {
1448 reply_nterror(req, nt_status);
1451 dptr_num = dptr_dnum(dirptr);
1454 const char *dirpath;
1456 memcpy(status,p,21);
1457 status_dirtype = CVAL(status,0) & 0x1F;
1458 if (status_dirtype != (dirtype & 0x1F)) {
1459 dirtype = status_dirtype;
1462 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1466 dirpath = dptr_path(sconn, dptr_num);
1467 directory = talloc_strdup(ctx, dirpath);
1469 reply_nterror(req, NT_STATUS_NO_MEMORY);
1473 mask = dptr_wcard(sconn, dptr_num);
1478 * For a 'continue' search we have no string. So
1479 * check from the initial saved string.
1481 mask_contains_wcard = ms_has_wild(mask);
1482 dirtype = dptr_attr(sconn, dptr_num);
1485 DEBUG(4,("dptr_num is %d\n",dptr_num));
1487 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1488 dptr_init_search_op(dirptr);
1490 if ((dirtype&0x1F) == aVOLID) {
1491 char buf[DIR_STRUCT_SIZE];
1492 memcpy(buf,status,21);
1493 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1494 0,aVOLID,0,!allow_long_path_components)) {
1495 reply_nterror(req, NT_STATUS_NO_MEMORY);
1498 dptr_fill(sconn, buf+12,dptr_num);
1499 if (dptr_zero(buf+12) && (status_len==0)) {
1504 if (message_push_blob(&req->outbuf,
1505 data_blob_const(buf, sizeof(buf)))
1507 reply_nterror(req, NT_STATUS_NO_MEMORY);
1515 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1518 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1519 directory,lp_dontdescend(SNUM(conn))));
1520 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1521 check_descend = True;
1524 for (i=numentries;(i<maxentries) && !finished;i++) {
1525 finished = !get_dir_entry(ctx,
1536 char buf[DIR_STRUCT_SIZE];
1537 memcpy(buf,status,21);
1538 if (!make_dir_struct(ctx,
1544 convert_timespec_to_time_t(date),
1545 !allow_long_path_components)) {
1546 reply_nterror(req, NT_STATUS_NO_MEMORY);
1549 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1552 if (message_push_blob(&req->outbuf,
1553 data_blob_const(buf, sizeof(buf)))
1555 reply_nterror(req, NT_STATUS_NO_MEMORY);
1565 /* If we were called as SMBffirst with smb_search_id == NULL
1566 and no entries were found then return error and close dirptr
1569 if (numentries == 0) {
1570 dptr_close(sconn, &dptr_num);
1571 } else if(expect_close && status_len == 0) {
1572 /* Close the dptr - we know it's gone */
1573 dptr_close(sconn, &dptr_num);
1576 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1577 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1578 dptr_close(sconn, &dptr_num);
1581 if ((numentries == 0) && !mask_contains_wcard) {
1582 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1586 SSVAL(req->outbuf,smb_vwv0,numentries);
1587 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1588 SCVAL(smb_buf(req->outbuf),0,5);
1589 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1591 /* The replies here are never long name. */
1592 SSVAL(req->outbuf, smb_flg2,
1593 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1594 if (!allow_long_path_components) {
1595 SSVAL(req->outbuf, smb_flg2,
1596 SVAL(req->outbuf, smb_flg2)
1597 & (~FLAGS2_LONG_PATH_COMPONENTS));
1600 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1601 SSVAL(req->outbuf, smb_flg2,
1602 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1604 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1605 smb_fn_name(req->cmd),
1612 TALLOC_FREE(directory);
1613 TALLOC_FREE(smb_fname);
1614 END_PROFILE(SMBsearch);
1618 /****************************************************************************
1619 Reply to a fclose (stop directory search).
1620 ****************************************************************************/
1622 void reply_fclose(struct smb_request *req)
1630 bool path_contains_wcard = False;
1631 TALLOC_CTX *ctx = talloc_tos();
1632 struct smbd_server_connection *sconn = smbd_server_conn;
1634 START_PROFILE(SMBfclose);
1636 if (lp_posix_pathnames()) {
1637 reply_unknown_new(req, req->cmd);
1638 END_PROFILE(SMBfclose);
1642 p = (const char *)req->buf + 1;
1643 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1644 &err, &path_contains_wcard);
1645 if (!NT_STATUS_IS_OK(err)) {
1646 reply_nterror(req, err);
1647 END_PROFILE(SMBfclose);
1651 status_len = SVAL(p,0);
1654 if (status_len == 0) {
1655 reply_force_doserror(req, ERRSRV, ERRsrverror);
1656 END_PROFILE(SMBfclose);
1660 memcpy(status,p,21);
1662 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1663 /* Close the dptr - we know it's gone */
1664 dptr_close(sconn, &dptr_num);
1667 reply_outbuf(req, 1, 0);
1668 SSVAL(req->outbuf,smb_vwv0,0);
1670 DEBUG(3,("search close\n"));
1672 END_PROFILE(SMBfclose);
1676 /****************************************************************************
1678 ****************************************************************************/
1680 void reply_open(struct smb_request *req)
1682 connection_struct *conn = req->conn;
1683 struct smb_filename *smb_fname = NULL;
1695 uint32 create_disposition;
1696 uint32 create_options = 0;
1697 uint32_t private_flags = 0;
1699 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1700 TALLOC_CTX *ctx = talloc_tos();
1702 START_PROFILE(SMBopen);
1705 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1709 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1710 deny_mode = SVAL(req->vwv+0, 0);
1711 dos_attr = SVAL(req->vwv+1, 0);
1713 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1714 STR_TERMINATE, &status);
1715 if (!NT_STATUS_IS_OK(status)) {
1716 reply_nterror(req, status);
1720 status = filename_convert(ctx,
1722 req->flags2 & FLAGS2_DFS_PATHNAMES,
1727 if (!NT_STATUS_IS_OK(status)) {
1728 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1729 reply_botherror(req,
1730 NT_STATUS_PATH_NOT_COVERED,
1731 ERRSRV, ERRbadpath);
1734 reply_nterror(req, status);
1738 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1739 OPENX_FILE_EXISTS_OPEN, &access_mask,
1740 &share_mode, &create_disposition,
1741 &create_options, &private_flags)) {
1742 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1746 status = SMB_VFS_CREATE_FILE(
1749 0, /* root_dir_fid */
1750 smb_fname, /* fname */
1751 access_mask, /* access_mask */
1752 share_mode, /* share_access */
1753 create_disposition, /* create_disposition*/
1754 create_options, /* create_options */
1755 dos_attr, /* file_attributes */
1756 oplock_request, /* oplock_request */
1757 0, /* allocation_size */
1764 if (!NT_STATUS_IS_OK(status)) {
1765 if (open_was_deferred(req->mid)) {
1766 /* We have re-scheduled this call. */
1769 reply_openerror(req, status);
1773 size = smb_fname->st.st_ex_size;
1774 fattr = dos_mode(conn, smb_fname);
1776 /* Deal with other possible opens having a modified
1778 if (ask_sharemode) {
1779 struct timespec write_time_ts;
1781 ZERO_STRUCT(write_time_ts);
1782 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1783 if (!null_timespec(write_time_ts)) {
1784 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1788 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1791 DEBUG(3,("attempt to open a directory %s\n",
1793 close_file(req, fsp, ERROR_CLOSE);
1794 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1795 ERRDOS, ERRnoaccess);
1799 reply_outbuf(req, 7, 0);
1800 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1801 SSVAL(req->outbuf,smb_vwv1,fattr);
1802 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1803 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1805 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1807 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1808 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1810 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1811 SCVAL(req->outbuf,smb_flg,
1812 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1815 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1816 SCVAL(req->outbuf,smb_flg,
1817 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1820 TALLOC_FREE(smb_fname);
1821 END_PROFILE(SMBopen);
1825 /****************************************************************************
1826 Reply to an open and X.
1827 ****************************************************************************/
1829 void reply_open_and_X(struct smb_request *req)
1831 connection_struct *conn = req->conn;
1832 struct smb_filename *smb_fname = NULL;
1837 /* Breakout the oplock request bits so we can set the
1838 reply bits separately. */
1839 int ex_oplock_request;
1840 int core_oplock_request;
1843 int smb_sattr = SVAL(req->vwv+4, 0);
1844 uint32 smb_time = make_unix_date3(req->vwv+6);
1852 uint64_t allocation_size;
1853 ssize_t retval = -1;
1856 uint32 create_disposition;
1857 uint32 create_options = 0;
1858 uint32_t private_flags = 0;
1859 TALLOC_CTX *ctx = talloc_tos();
1861 START_PROFILE(SMBopenX);
1863 if (req->wct < 15) {
1864 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1868 open_flags = SVAL(req->vwv+2, 0);
1869 deny_mode = SVAL(req->vwv+3, 0);
1870 smb_attr = SVAL(req->vwv+5, 0);
1871 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1872 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1873 oplock_request = ex_oplock_request | core_oplock_request;
1874 smb_ofun = SVAL(req->vwv+8, 0);
1875 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1877 /* If it's an IPC, pass off the pipe handler. */
1879 if (lp_nt_pipe_support()) {
1880 reply_open_pipe_and_X(conn, req);
1882 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1887 /* XXXX we need to handle passed times, sattr and flags */
1888 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1889 STR_TERMINATE, &status);
1890 if (!NT_STATUS_IS_OK(status)) {
1891 reply_nterror(req, status);
1895 status = filename_convert(ctx,
1897 req->flags2 & FLAGS2_DFS_PATHNAMES,
1902 if (!NT_STATUS_IS_OK(status)) {
1903 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1904 reply_botherror(req,
1905 NT_STATUS_PATH_NOT_COVERED,
1906 ERRSRV, ERRbadpath);
1909 reply_nterror(req, status);
1913 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1914 &access_mask, &share_mode,
1915 &create_disposition,
1918 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1922 status = SMB_VFS_CREATE_FILE(
1925 0, /* root_dir_fid */
1926 smb_fname, /* fname */
1927 access_mask, /* access_mask */
1928 share_mode, /* share_access */
1929 create_disposition, /* create_disposition*/
1930 create_options, /* create_options */
1931 smb_attr, /* file_attributes */
1932 oplock_request, /* oplock_request */
1933 0, /* allocation_size */
1938 &smb_action); /* pinfo */
1940 if (!NT_STATUS_IS_OK(status)) {
1941 if (open_was_deferred(req->mid)) {
1942 /* We have re-scheduled this call. */
1945 reply_openerror(req, status);
1949 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1950 if the file is truncated or created. */
1951 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1952 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1953 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1954 close_file(req, fsp, ERROR_CLOSE);
1955 reply_nterror(req, NT_STATUS_DISK_FULL);
1958 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1960 close_file(req, fsp, ERROR_CLOSE);
1961 reply_nterror(req, NT_STATUS_DISK_FULL);
1964 smb_fname->st.st_ex_size =
1965 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1968 fattr = dos_mode(conn, smb_fname);
1969 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1971 close_file(req, fsp, ERROR_CLOSE);
1972 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1976 /* If the caller set the extended oplock request bit
1977 and we granted one (by whatever means) - set the
1978 correct bit for extended oplock reply.
1981 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1982 smb_action |= EXTENDED_OPLOCK_GRANTED;
1985 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1986 smb_action |= EXTENDED_OPLOCK_GRANTED;
1989 /* If the caller set the core oplock request bit
1990 and we granted one (by whatever means) - set the
1991 correct bit for core oplock reply.
1994 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1995 reply_outbuf(req, 19, 0);
1997 reply_outbuf(req, 15, 0);
2000 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2001 SCVAL(req->outbuf, smb_flg,
2002 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2005 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2006 SCVAL(req->outbuf, smb_flg,
2007 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2010 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2011 SSVAL(req->outbuf,smb_vwv3,fattr);
2012 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2013 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2015 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2017 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2018 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2019 SSVAL(req->outbuf,smb_vwv11,smb_action);
2021 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2022 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
2027 TALLOC_FREE(smb_fname);
2028 END_PROFILE(SMBopenX);
2032 /****************************************************************************
2033 Reply to a SMBulogoffX.
2034 ****************************************************************************/
2036 void reply_ulogoffX(struct smb_request *req)
2038 struct smbd_server_connection *sconn = smbd_server_conn;
2041 START_PROFILE(SMBulogoffX);
2043 vuser = get_valid_user_struct(sconn, req->vuid);
2046 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2050 /* in user level security we are supposed to close any files
2051 open by this user */
2052 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2053 file_close_user(req->vuid);
2056 invalidate_vuid(sconn, req->vuid);
2058 reply_outbuf(req, 2, 0);
2060 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2062 END_PROFILE(SMBulogoffX);
2063 req->vuid = UID_FIELD_INVALID;
2067 /****************************************************************************
2068 Reply to a mknew or a create.
2069 ****************************************************************************/
2071 void reply_mknew(struct smb_request *req)
2073 connection_struct *conn = req->conn;
2074 struct smb_filename *smb_fname = NULL;
2077 struct smb_file_time ft;
2079 int oplock_request = 0;
2081 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2082 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2083 uint32 create_disposition;
2084 uint32 create_options = 0;
2085 TALLOC_CTX *ctx = talloc_tos();
2087 START_PROFILE(SMBcreate);
2091 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2095 fattr = SVAL(req->vwv+0, 0);
2096 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2099 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2101 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2102 STR_TERMINATE, &status);
2103 if (!NT_STATUS_IS_OK(status)) {
2104 reply_nterror(req, status);
2108 status = filename_convert(ctx,
2110 req->flags2 & FLAGS2_DFS_PATHNAMES,
2115 if (!NT_STATUS_IS_OK(status)) {
2116 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2117 reply_botherror(req,
2118 NT_STATUS_PATH_NOT_COVERED,
2119 ERRSRV, ERRbadpath);
2122 reply_nterror(req, status);
2126 if (fattr & aVOLID) {
2127 DEBUG(0,("Attempt to create file (%s) with volid set - "
2128 "please report this\n",
2129 smb_fname_str_dbg(smb_fname)));
2132 if(req->cmd == SMBmknew) {
2133 /* We should fail if file exists. */
2134 create_disposition = FILE_CREATE;
2136 /* Create if file doesn't exist, truncate if it does. */
2137 create_disposition = FILE_OVERWRITE_IF;
2140 status = SMB_VFS_CREATE_FILE(
2143 0, /* root_dir_fid */
2144 smb_fname, /* fname */
2145 access_mask, /* access_mask */
2146 share_mode, /* share_access */
2147 create_disposition, /* create_disposition*/
2148 create_options, /* create_options */
2149 fattr, /* file_attributes */
2150 oplock_request, /* oplock_request */
2151 0, /* allocation_size */
2152 0, /* private_flags */
2158 if (!NT_STATUS_IS_OK(status)) {
2159 if (open_was_deferred(req->mid)) {
2160 /* We have re-scheduled this call. */
2163 reply_openerror(req, status);
2167 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2168 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2169 if (!NT_STATUS_IS_OK(status)) {
2170 END_PROFILE(SMBcreate);
2174 reply_outbuf(req, 1, 0);
2175 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2177 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2178 SCVAL(req->outbuf,smb_flg,
2179 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2182 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2183 SCVAL(req->outbuf,smb_flg,
2184 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2187 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2188 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2189 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2190 (unsigned int)fattr));
2193 TALLOC_FREE(smb_fname);
2194 END_PROFILE(SMBcreate);
2198 /****************************************************************************
2199 Reply to a create temporary file.
2200 ****************************************************************************/
2202 void reply_ctemp(struct smb_request *req)
2204 connection_struct *conn = req->conn;
2205 struct smb_filename *smb_fname = NULL;
2213 TALLOC_CTX *ctx = talloc_tos();
2215 START_PROFILE(SMBctemp);
2218 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2222 fattr = SVAL(req->vwv+0, 0);
2223 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2225 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2226 STR_TERMINATE, &status);
2227 if (!NT_STATUS_IS_OK(status)) {
2228 reply_nterror(req, status);
2232 fname = talloc_asprintf(ctx,
2236 fname = talloc_strdup(ctx, "TMXXXXXX");
2240 reply_nterror(req, NT_STATUS_NO_MEMORY);
2244 status = filename_convert(ctx, conn,
2245 req->flags2 & FLAGS2_DFS_PATHNAMES,
2250 if (!NT_STATUS_IS_OK(status)) {
2251 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2252 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2253 ERRSRV, ERRbadpath);
2256 reply_nterror(req, status);
2260 tmpfd = mkstemp(smb_fname->base_name);
2262 reply_nterror(req, map_nt_error_from_unix(errno));
2266 SMB_VFS_STAT(conn, smb_fname);
2268 /* We should fail if file does not exist. */
2269 status = SMB_VFS_CREATE_FILE(
2272 0, /* root_dir_fid */
2273 smb_fname, /* fname */
2274 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2275 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2276 FILE_OPEN, /* create_disposition*/
2277 0, /* create_options */
2278 fattr, /* file_attributes */
2279 oplock_request, /* oplock_request */
2280 0, /* allocation_size */
2281 0, /* private_flags */
2287 /* close fd from mkstemp() */
2290 if (!NT_STATUS_IS_OK(status)) {
2291 if (open_was_deferred(req->mid)) {
2292 /* We have re-scheduled this call. */
2295 reply_openerror(req, status);
2299 reply_outbuf(req, 1, 0);
2300 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2302 /* the returned filename is relative to the directory */
2303 s = strrchr_m(fsp->fsp_name->base_name, '/');
2305 s = fsp->fsp_name->base_name;
2311 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2312 thing in the byte section. JRA */
2313 SSVALS(p, 0, -1); /* what is this? not in spec */
2315 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2317 reply_nterror(req, NT_STATUS_NO_MEMORY);
2321 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2322 SCVAL(req->outbuf, smb_flg,
2323 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2326 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2327 SCVAL(req->outbuf, smb_flg,
2328 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2331 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2332 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2333 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2335 TALLOC_FREE(smb_fname);
2336 END_PROFILE(SMBctemp);
2340 /*******************************************************************
2341 Check if a user is allowed to rename a file.
2342 ********************************************************************/
2344 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2349 if (!CAN_WRITE(conn)) {
2350 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2353 fmode = dos_mode(conn, fsp->fsp_name);
2354 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2355 return NT_STATUS_NO_SUCH_FILE;
2358 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2359 if (fsp->posix_open) {
2360 return NT_STATUS_OK;
2363 /* If no pathnames are open below this
2364 directory, allow the rename. */
2366 if (file_find_subpath(fsp)) {
2367 return NT_STATUS_ACCESS_DENIED;
2369 return NT_STATUS_OK;
2372 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2373 return NT_STATUS_OK;
2376 return NT_STATUS_ACCESS_DENIED;
2379 /*******************************************************************
2380 * unlink a file with all relevant access checks
2381 *******************************************************************/
2383 static NTSTATUS do_unlink(connection_struct *conn,
2384 struct smb_request *req,
2385 struct smb_filename *smb_fname,
2390 uint32 dirtype_orig = dirtype;
2393 bool posix_paths = lp_posix_pathnames();
2395 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2396 smb_fname_str_dbg(smb_fname),
2399 if (!CAN_WRITE(conn)) {
2400 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2404 ret = SMB_VFS_LSTAT(conn, smb_fname);
2406 ret = SMB_VFS_STAT(conn, smb_fname);
2409 return map_nt_error_from_unix(errno);
2412 fattr = dos_mode(conn, smb_fname);
2414 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2415 dirtype = aDIR|aARCH|aRONLY;
2418 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2420 return NT_STATUS_NO_SUCH_FILE;
2423 if (!dir_check_ftype(conn, fattr, dirtype)) {
2425 return NT_STATUS_FILE_IS_A_DIRECTORY;
2427 return NT_STATUS_NO_SUCH_FILE;
2430 if (dirtype_orig & 0x8000) {
2431 /* These will never be set for POSIX. */
2432 return NT_STATUS_NO_SUCH_FILE;
2436 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2437 return NT_STATUS_FILE_IS_A_DIRECTORY;
2440 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2441 return NT_STATUS_NO_SUCH_FILE;
2444 if (dirtype & 0xFF00) {
2445 /* These will never be set for POSIX. */
2446 return NT_STATUS_NO_SUCH_FILE;
2451 return NT_STATUS_NO_SUCH_FILE;
2454 /* Can't delete a directory. */
2456 return NT_STATUS_FILE_IS_A_DIRECTORY;
2461 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2462 return NT_STATUS_OBJECT_NAME_INVALID;
2463 #endif /* JRATEST */
2465 /* On open checks the open itself will check the share mode, so
2466 don't do it here as we'll get it wrong. */
2468 status = SMB_VFS_CREATE_FILE
2471 0, /* root_dir_fid */
2472 smb_fname, /* fname */
2473 DELETE_ACCESS, /* access_mask */
2474 FILE_SHARE_NONE, /* share_access */
2475 FILE_OPEN, /* create_disposition*/
2476 FILE_NON_DIRECTORY_FILE, /* create_options */
2477 /* file_attributes */
2478 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2479 FILE_ATTRIBUTE_NORMAL,
2480 0, /* oplock_request */
2481 0, /* allocation_size */
2482 0, /* private_flags */
2488 if (!NT_STATUS_IS_OK(status)) {
2489 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2490 nt_errstr(status)));
2494 status = can_set_delete_on_close(fsp, fattr);
2495 if (!NT_STATUS_IS_OK(status)) {
2496 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2498 smb_fname_str_dbg(smb_fname),
2499 nt_errstr(status)));
2500 close_file(req, fsp, NORMAL_CLOSE);
2504 /* The set is across all open files on this dev/inode pair. */
2505 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2506 close_file(req, fsp, NORMAL_CLOSE);
2507 return NT_STATUS_ACCESS_DENIED;
2510 return close_file(req, fsp, NORMAL_CLOSE);
2513 /****************************************************************************
2514 The guts of the unlink command, split out so it may be called by the NT SMB
2516 ****************************************************************************/
2518 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2519 uint32 dirtype, struct smb_filename *smb_fname,
2522 char *fname_dir = NULL;
2523 char *fname_mask = NULL;
2525 NTSTATUS status = NT_STATUS_OK;
2526 TALLOC_CTX *ctx = talloc_tos();
2528 /* Split up the directory from the filename/mask. */
2529 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2530 &fname_dir, &fname_mask);
2531 if (!NT_STATUS_IS_OK(status)) {
2536 * We should only check the mangled cache
2537 * here if unix_convert failed. This means
2538 * that the path in 'mask' doesn't exist
2539 * on the file system and so we need to look
2540 * for a possible mangle. This patch from
2541 * Tine Smukavec <valentin.smukavec@hermes.si>.
2544 if (!VALID_STAT(smb_fname->st) &&
2545 mangle_is_mangled(fname_mask, conn->params)) {
2546 char *new_mask = NULL;
2547 mangle_lookup_name_from_8_3(ctx, fname_mask,
2548 &new_mask, conn->params);
2550 TALLOC_FREE(fname_mask);
2551 fname_mask = new_mask;
2558 * Only one file needs to be unlinked. Append the mask back
2559 * onto the directory.
2561 TALLOC_FREE(smb_fname->base_name);
2562 smb_fname->base_name = talloc_asprintf(smb_fname,
2566 if (!smb_fname->base_name) {
2567 status = NT_STATUS_NO_MEMORY;
2571 dirtype = FILE_ATTRIBUTE_NORMAL;
2574 status = check_name(conn, smb_fname->base_name);
2575 if (!NT_STATUS_IS_OK(status)) {
2579 status = do_unlink(conn, req, smb_fname, dirtype);
2580 if (!NT_STATUS_IS_OK(status)) {
2586 struct smb_Dir *dir_hnd = NULL;
2588 const char *dname = NULL;
2589 char *talloced = NULL;
2591 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2592 status = NT_STATUS_OBJECT_NAME_INVALID;
2596 if (strequal(fname_mask,"????????.???")) {
2597 TALLOC_FREE(fname_mask);
2598 fname_mask = talloc_strdup(ctx, "*");
2600 status = NT_STATUS_NO_MEMORY;
2605 status = check_name(conn, fname_dir);
2606 if (!NT_STATUS_IS_OK(status)) {
2610 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2612 if (dir_hnd == NULL) {
2613 status = map_nt_error_from_unix(errno);
2617 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2618 the pattern matches against the long name, otherwise the short name
2619 We don't implement this yet XXXX
2622 status = NT_STATUS_NO_SUCH_FILE;
2624 while ((dname = ReadDirName(dir_hnd, &offset,
2625 &smb_fname->st, &talloced))) {
2626 TALLOC_CTX *frame = talloc_stackframe();
2628 if (!is_visible_file(conn, fname_dir, dname,
2629 &smb_fname->st, true)) {
2631 TALLOC_FREE(talloced);
2635 /* Quick check for "." and ".." */
2636 if (ISDOT(dname) || ISDOTDOT(dname)) {
2638 TALLOC_FREE(talloced);
2642 if(!mask_match(dname, fname_mask,
2643 conn->case_sensitive)) {
2645 TALLOC_FREE(talloced);
2649 TALLOC_FREE(smb_fname->base_name);
2650 smb_fname->base_name =
2651 talloc_asprintf(smb_fname, "%s/%s",
2654 if (!smb_fname->base_name) {
2655 TALLOC_FREE(dir_hnd);
2656 status = NT_STATUS_NO_MEMORY;
2658 TALLOC_FREE(talloced);
2662 status = check_name(conn, smb_fname->base_name);
2663 if (!NT_STATUS_IS_OK(status)) {
2664 TALLOC_FREE(dir_hnd);
2666 TALLOC_FREE(talloced);
2670 status = do_unlink(conn, req, smb_fname, dirtype);
2671 if (!NT_STATUS_IS_OK(status)) {
2673 TALLOC_FREE(talloced);
2678 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2679 smb_fname->base_name));
2682 TALLOC_FREE(talloced);
2684 TALLOC_FREE(dir_hnd);
2687 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2688 status = map_nt_error_from_unix(errno);
2692 TALLOC_FREE(fname_dir);
2693 TALLOC_FREE(fname_mask);
2697 /****************************************************************************
2699 ****************************************************************************/
2701 void reply_unlink(struct smb_request *req)
2703 connection_struct *conn = req->conn;
2705 struct smb_filename *smb_fname = NULL;
2708 bool path_contains_wcard = False;
2709 TALLOC_CTX *ctx = talloc_tos();
2711 START_PROFILE(SMBunlink);
2714 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2718 dirtype = SVAL(req->vwv+0, 0);
2720 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2721 STR_TERMINATE, &status,
2722 &path_contains_wcard);
2723 if (!NT_STATUS_IS_OK(status)) {
2724 reply_nterror(req, status);
2728 status = filename_convert(ctx, conn,
2729 req->flags2 & FLAGS2_DFS_PATHNAMES,
2731 UCF_COND_ALLOW_WCARD_LCOMP,
2732 &path_contains_wcard,
2734 if (!NT_STATUS_IS_OK(status)) {
2735 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2736 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2737 ERRSRV, ERRbadpath);
2740 reply_nterror(req, status);
2744 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2746 status = unlink_internals(conn, req, dirtype, smb_fname,
2747 path_contains_wcard);
2748 if (!NT_STATUS_IS_OK(status)) {
2749 if (open_was_deferred(req->mid)) {
2750 /* We have re-scheduled this call. */
2753 reply_nterror(req, status);
2757 reply_outbuf(req, 0, 0);
2759 TALLOC_FREE(smb_fname);
2760 END_PROFILE(SMBunlink);
2764 /****************************************************************************
2766 ****************************************************************************/
2768 static void fail_readraw(void)
2770 const char *errstr = talloc_asprintf(talloc_tos(),
2771 "FAIL ! reply_readbraw: socket write fail (%s)",
2776 exit_server_cleanly(errstr);
2779 /****************************************************************************
2780 Fake (read/write) sendfile. Returns -1 on read or write fail.
2781 ****************************************************************************/
2783 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2787 size_t tosend = nread;
2794 bufsize = MIN(nread, 65536);
2796 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2800 while (tosend > 0) {
2804 if (tosend > bufsize) {
2809 ret = read_file(fsp,buf,startpos,cur_read);
2815 /* If we had a short read, fill with zeros. */
2816 if (ret < cur_read) {
2817 memset(buf + ret, '\0', cur_read - ret);
2820 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2825 startpos += cur_read;
2829 return (ssize_t)nread;
2832 #if defined(WITH_SENDFILE)
2833 /****************************************************************************
2834 Deal with the case of sendfile reading less bytes from the file than
2835 requested. Fill with zeros (all we can do).
2836 ****************************************************************************/
2838 static void sendfile_short_send(files_struct *fsp,
2843 #define SHORT_SEND_BUFSIZE 1024
2844 if (nread < headersize) {
2845 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2846 "header for file %s (%s). Terminating\n",
2847 fsp_str_dbg(fsp), strerror(errno)));
2848 exit_server_cleanly("sendfile_short_send failed");
2851 nread -= headersize;
2853 if (nread < smb_maxcnt) {
2854 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2856 exit_server_cleanly("sendfile_short_send: "
2860 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2861 "with zeros !\n", fsp_str_dbg(fsp)));
2863 while (nread < smb_maxcnt) {
2865 * We asked for the real file size and told sendfile
2866 * to not go beyond the end of the file. But it can
2867 * happen that in between our fstat call and the
2868 * sendfile call the file was truncated. This is very
2869 * bad because we have already announced the larger
2870 * number of bytes to the client.
2872 * The best we can do now is to send 0-bytes, just as
2873 * a read from a hole in a sparse file would do.
2875 * This should happen rarely enough that I don't care
2876 * about efficiency here :-)
2880 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2881 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2882 exit_server_cleanly("sendfile_short_send: "
2883 "write_data failed");
2890 #endif /* defined WITH_SENDFILE */
2892 /****************************************************************************
2893 Return a readbraw error (4 bytes of zero).
2894 ****************************************************************************/
2896 static void reply_readbraw_error(void)
2903 ok = smbd_lock_socket(smbd_server_conn);
2905 exit_server_cleanly("failed to lock socket");
2907 if (write_data(smbd_server_fd(),header,4) != 4) {
2910 ok = smbd_unlock_socket(smbd_server_conn);
2912 exit_server_cleanly("failed to unlock socket");
2916 /****************************************************************************
2917 Use sendfile in readbraw.
2918 ****************************************************************************/
2920 static void send_file_readbraw(connection_struct *conn,
2921 struct smb_request *req,
2927 char *outbuf = NULL;
2930 #if defined(WITH_SENDFILE)
2932 * We can only use sendfile on a non-chained packet
2933 * but we can use on a non-oplocked file. tridge proved this
2934 * on a train in Germany :-). JRA.
2935 * reply_readbraw has already checked the length.
2938 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2939 (fsp->wcp == NULL) &&
2940 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
2941 ssize_t sendfile_read = -1;
2943 DATA_BLOB header_blob;
2945 _smb_setlen(header,nread);
2946 header_blob = data_blob_const(header, 4);
2948 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2949 &header_blob, startpos, nread)) == -1) {
2950 /* Returning ENOSYS means no data at all was sent.
2951 * Do this as a normal read. */
2952 if (errno == ENOSYS) {
2953 goto normal_readbraw;
2957 * Special hack for broken Linux with no working sendfile. If we
2958 * return EINTR we sent the header but not the rest of the data.
2959 * Fake this up by doing read/write calls.
2961 if (errno == EINTR) {
2962 /* Ensure we don't do this again. */
2963 set_use_sendfile(SNUM(conn), False);
2964 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2966 if (fake_sendfile(fsp, startpos, nread) == -1) {
2967 DEBUG(0,("send_file_readbraw: "
2968 "fake_sendfile failed for "
2972 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2977 DEBUG(0,("send_file_readbraw: sendfile failed for "
2978 "file %s (%s). Terminating\n",
2979 fsp_str_dbg(fsp), strerror(errno)));
2980 exit_server_cleanly("send_file_readbraw sendfile failed");
2981 } else if (sendfile_read == 0) {
2983 * Some sendfile implementations return 0 to indicate
2984 * that there was a short read, but nothing was
2985 * actually written to the socket. In this case,
2986 * fallback to the normal read path so the header gets
2987 * the correct byte count.
2989 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2990 "bytes falling back to the normal read: "
2991 "%s\n", fsp_str_dbg(fsp)));
2992 goto normal_readbraw;
2995 /* Deal with possible short send. */
2996 if (sendfile_read != 4+nread) {
2997 sendfile_short_send(fsp, sendfile_read, 4, nread);
3005 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
3007 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
3008 (unsigned)(nread+4)));
3009 reply_readbraw_error();
3014 ret = read_file(fsp,outbuf+4,startpos,nread);
3015 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3024 _smb_setlen(outbuf,ret);
3025 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
3028 TALLOC_FREE(outbuf);
3031 /****************************************************************************
3032 Reply to a readbraw (core+ protocol).
3033 ****************************************************************************/
3035 void reply_readbraw(struct smb_request *req)
3037 connection_struct *conn = req->conn;
3038 ssize_t maxcount,mincount;
3042 struct lock_struct lock;
3045 START_PROFILE(SMBreadbraw);
3047 if (srv_is_signing_active(smbd_server_conn) ||
3048 is_encrypted_packet(req->inbuf)) {
3049 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3050 "raw reads/writes are disallowed.");
3054 reply_readbraw_error();
3055 END_PROFILE(SMBreadbraw);
3059 if (smbd_server_conn->smb1.echo_handler.trusted_fde) {
3060 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of"
3061 "'fork echo handler = yes'\n"));
3062 reply_readbraw_error();
3063 END_PROFILE(SMBreadbraw);
3068 * Special check if an oplock break has been issued
3069 * and the readraw request croses on the wire, we must
3070 * return a zero length response here.
3073 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3076 * We have to do a check_fsp by hand here, as
3077 * we must always return 4 zero bytes on error,
3081 if (!fsp || !conn || conn != fsp->conn ||
3082 req->vuid != fsp->vuid ||
3083 fsp->is_directory || fsp->fh->fd == -1) {
3085 * fsp could be NULL here so use the value from the packet. JRA.
3087 DEBUG(3,("reply_readbraw: fnum %d not valid "
3089 (int)SVAL(req->vwv+0, 0)));
3090 reply_readbraw_error();
3091 END_PROFILE(SMBreadbraw);
3095 /* Do a "by hand" version of CHECK_READ. */
3096 if (!(fsp->can_read ||
3097 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3098 (fsp->access_mask & FILE_EXECUTE)))) {
3099 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3100 (int)SVAL(req->vwv+0, 0)));
3101 reply_readbraw_error();
3102 END_PROFILE(SMBreadbraw);
3106 flush_write_cache(fsp, READRAW_FLUSH);
3108 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3109 if(req->wct == 10) {
3111 * This is a large offset (64 bit) read.
3113 #ifdef LARGE_SMB_OFF_T
3115 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3117 #else /* !LARGE_SMB_OFF_T */
3120 * Ensure we haven't been sent a >32 bit offset.
3123 if(IVAL(req->vwv+8, 0) != 0) {
3124 DEBUG(0,("reply_readbraw: large offset "
3125 "(%x << 32) used and we don't support "
3126 "64 bit offsets.\n",
3127 (unsigned int)IVAL(req->vwv+8, 0) ));
3128 reply_readbraw_error();
3129 END_PROFILE(SMBreadbraw);
3133 #endif /* LARGE_SMB_OFF_T */
3136 DEBUG(0,("reply_readbraw: negative 64 bit "
3137 "readraw offset (%.0f) !\n",
3138 (double)startpos ));
3139 reply_readbraw_error();
3140 END_PROFILE(SMBreadbraw);
3145 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3146 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3148 /* ensure we don't overrun the packet size */
3149 maxcount = MIN(65535,maxcount);
3151 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3152 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3155 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3156 reply_readbraw_error();
3157 END_PROFILE(SMBreadbraw);
3161 if (fsp_stat(fsp) == 0) {
3162 size = fsp->fsp_name->st.st_ex_size;
3165 if (startpos >= size) {
3168 nread = MIN(maxcount,(size - startpos));
3171 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3172 if (nread < mincount)
3176 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3177 "min=%lu nread=%lu\n",
3178 fsp->fnum, (double)startpos,
3179 (unsigned long)maxcount,
3180 (unsigned long)mincount,
3181 (unsigned long)nread ) );
3183 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3185 DEBUG(5,("reply_readbraw finished\n"));
3187 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3189 END_PROFILE(SMBreadbraw);
3194 #define DBGC_CLASS DBGC_LOCKING
3196 /****************************************************************************
3197 Reply to a lockread (core+ protocol).
3198 ****************************************************************************/
3200 void reply_lockread(struct smb_request *req)
3202 connection_struct *conn = req->conn;
3209 struct byte_range_lock *br_lck = NULL;
3211 struct smbd_server_connection *sconn = smbd_server_conn;
3213 START_PROFILE(SMBlockread);
3216 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3217 END_PROFILE(SMBlockread);
3221 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3223 if (!check_fsp(conn, req, fsp)) {
3224 END_PROFILE(SMBlockread);
3228 if (!CHECK_READ(fsp,req)) {
3229 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3230 END_PROFILE(SMBlockread);
3234 numtoread = SVAL(req->vwv+1, 0);
3235 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3237 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3239 reply_outbuf(req, 5, numtoread + 3);
3241 data = smb_buf(req->outbuf) + 3;
3244 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3245 * protocol request that predates the read/write lock concept.
3246 * Thus instead of asking for a read lock here we need to ask
3247 * for a write lock. JRA.
3248 * Note that the requested lock size is unaffected by max_recv.
3251 br_lck = do_lock(smbd_messaging_context(),
3254 (uint64_t)numtoread,
3258 False, /* Non-blocking lock. */
3262 TALLOC_FREE(br_lck);
3264 if (NT_STATUS_V(status)) {
3265 reply_nterror(req, status);
3266 END_PROFILE(SMBlockread);
3271 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3274 if (numtoread > sconn->smb1.negprot.max_recv) {
3275 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3276 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3277 (unsigned int)numtoread,
3278 (unsigned int)sconn->smb1.negprot.max_recv));
3279 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3281 nread = read_file(fsp,data,startpos,numtoread);
3284 reply_nterror(req, map_nt_error_from_unix(errno));
3285 END_PROFILE(SMBlockread);
3289 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3291 SSVAL(req->outbuf,smb_vwv0,nread);
3292 SSVAL(req->outbuf,smb_vwv5,nread+3);
3293 p = smb_buf(req->outbuf);
3294 SCVAL(p,0,0); /* pad byte. */
3297 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3298 fsp->fnum, (int)numtoread, (int)nread));
3300 END_PROFILE(SMBlockread);
3305 #define DBGC_CLASS DBGC_ALL
3307 /****************************************************************************
3309 ****************************************************************************/
3311 void reply_read(struct smb_request *req)
3313 connection_struct *conn = req->conn;
3320 struct lock_struct lock;
3321 struct smbd_server_connection *sconn = smbd_server_conn;
3323 START_PROFILE(SMBread);
3326 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3327 END_PROFILE(SMBread);
3331 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3333 if (!check_fsp(conn, req, fsp)) {
3334 END_PROFILE(SMBread);
3338 if (!CHECK_READ(fsp,req)) {
3339 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3340 END_PROFILE(SMBread);
3344 numtoread = SVAL(req->vwv+1, 0);
3345 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3347 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3350 * The requested read size cannot be greater than max_recv. JRA.
3352 if (numtoread > sconn->smb1.negprot.max_recv) {
3353 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3354 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3355 (unsigned int)numtoread,
3356 (unsigned int)sconn->smb1.negprot.max_recv));
3357 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3360 reply_outbuf(req, 5, numtoread+3);
3362 data = smb_buf(req->outbuf) + 3;
3364 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3365 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3368 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3369 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3370 END_PROFILE(SMBread);
3375 nread = read_file(fsp,data,startpos,numtoread);
3378 reply_nterror(req, map_nt_error_from_unix(errno));
3382 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3384 SSVAL(req->outbuf,smb_vwv0,nread);
3385 SSVAL(req->outbuf,smb_vwv5,nread+3);
3386 SCVAL(smb_buf(req->outbuf),0,1);
3387 SSVAL(smb_buf(req->outbuf),1,nread);
3389 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3390 fsp->fnum, (int)numtoread, (int)nread ) );
3393 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3395 END_PROFILE(SMBread);
3399 /****************************************************************************
3401 ****************************************************************************/
3403 static int setup_readX_header(struct smb_request *req, char *outbuf,
3409 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3410 data = smb_buf(outbuf);
3412 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3414 SCVAL(outbuf,smb_vwv0,0xFF);
3415 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3416 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3417 SSVAL(outbuf,smb_vwv6,
3419 + 1 /* the wct field */
3420 + 12 * sizeof(uint16_t) /* vwv */
3421 + 2); /* the buflen field */
3422 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3423 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3424 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3425 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3429 /****************************************************************************
3430 Reply to a read and X - possibly using sendfile.
3431 ****************************************************************************/
3433 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3434 files_struct *fsp, SMB_OFF_T startpos,
3438 struct lock_struct lock;
3439 int saved_errno = 0;
3441 if(fsp_stat(fsp) == -1) {
3442 reply_nterror(req, map_nt_error_from_unix(errno));
3446 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3447 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3450 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3451 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3455 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3456 (startpos > fsp->fsp_name->st.st_ex_size)
3457 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3459 * We already know that we would do a short read, so don't
3460 * try the sendfile() path.
3462 goto nosendfile_read;
3465 if (smbd_server_conn->smb1.echo_handler.trusted_fde) {
3466 goto nosendfile_read;
3469 #if defined(WITH_SENDFILE)
3471 * We can only use sendfile on a non-chained packet
3472 * but we can use on a non-oplocked file. tridge proved this
3473 * on a train in Germany :-). JRA.
3476 if (!req_is_in_chain(req) &&
3477 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3478 (fsp->wcp == NULL) &&
3479 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
3480 uint8 headerbuf[smb_size + 12 * 2];
3484 * Set up the packet header before send. We
3485 * assume here the sendfile will work (get the
3486 * correct amount of data).
3489 header = data_blob_const(headerbuf, sizeof(headerbuf));
3491 construct_reply_common_req(req, (char *)headerbuf);
3492 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3494 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3495 /* Returning ENOSYS means no data at all was sent.
3496 Do this as a normal read. */
3497 if (errno == ENOSYS) {
3502 * Special hack for broken Linux with no working sendfile. If we
3503 * return EINTR we sent the header but not the rest of the data.
3504 * Fake this up by doing read/write calls.
3507 if (errno == EINTR) {
3508 /* Ensure we don't do this again. */
3509 set_use_sendfile(SNUM(conn), False);
3510 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3511 nread = fake_sendfile(fsp, startpos,
3514 DEBUG(0,("send_file_readX: "
3515 "fake_sendfile failed for "
3519 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3521 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3522 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3523 /* No outbuf here means successful sendfile. */
3527 DEBUG(0,("send_file_readX: sendfile failed for file "
3528 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3530 exit_server_cleanly("send_file_readX sendfile failed");
3531 } else if (nread == 0) {
3533 * Some sendfile implementations return 0 to indicate
3534 * that there was a short read, but nothing was
3535 * actually written to the socket. In this case,
3536 * fallback to the normal read path so the header gets
3537 * the correct byte count.
3539 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3540 "falling back to the normal read: %s\n",
3545 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3546 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3548 /* Deal with possible short send. */
3549 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3550 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3552 /* No outbuf here means successful sendfile. */
3553 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3554 SMB_PERFCOUNT_END(&req->pcd);
3562 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3563 uint8 headerbuf[smb_size + 2*12];
3565 construct_reply_common_req(req, (char *)headerbuf);
3566 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3568 /* Send out the header. */
3569 if (write_data(smbd_server_fd(), (char *)headerbuf,
3570 sizeof(headerbuf)) != sizeof(headerbuf)) {
3571 DEBUG(0,("send_file_readX: write_data failed for file "
3572 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3574 exit_server_cleanly("send_file_readX sendfile failed");
3576 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3578 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3579 "file %s (%s).\n", fsp_str_dbg(fsp),
3581 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3588 reply_outbuf(req, 12, smb_maxcnt);
3590 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3591 saved_errno = errno;
3593 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3596 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3600 setup_readX_header(req, (char *)req->outbuf, nread);
3602 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3603 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3609 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3610 TALLOC_FREE(req->outbuf);
3614 /****************************************************************************
3615 Reply to a read and X.
3616 ****************************************************************************/
3618 void reply_read_and_X(struct smb_request *req)
3620 connection_struct *conn = req->conn;
3624 bool big_readX = False;
3626 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3629 START_PROFILE(SMBreadX);
3631 if ((req->wct != 10) && (req->wct != 12)) {
3632 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3636 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3637 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3638 smb_maxcnt = SVAL(req->vwv+5, 0);
3640 /* If it's an IPC, pass off the pipe handler. */
3642 reply_pipe_read_and_X(req);
3643 END_PROFILE(SMBreadX);
3647 if (!check_fsp(conn, req, fsp)) {
3648 END_PROFILE(SMBreadX);
3652 if (!CHECK_READ(fsp,req)) {
3653 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3654 END_PROFILE(SMBreadX);
3658 if (global_client_caps & CAP_LARGE_READX) {
3659 size_t upper_size = SVAL(req->vwv+7, 0);
3660 smb_maxcnt |= (upper_size<<16);
3661 if (upper_size > 1) {
3662 /* Can't do this on a chained packet. */
3663 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3664 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3665 END_PROFILE(SMBreadX);
3668 /* We currently don't do this on signed or sealed data. */
3669 if (srv_is_signing_active(smbd_server_conn) ||
3670 is_encrypted_packet(req->inbuf)) {
3671 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3672 END_PROFILE(SMBreadX);
3675 /* Is there room in the reply for this data ? */
3676 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3678 NT_STATUS_INVALID_PARAMETER);
3679 END_PROFILE(SMBreadX);
3686 if (req->wct == 12) {
3687 #ifdef LARGE_SMB_OFF_T
3689 * This is a large offset (64 bit) read.
3691 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3693 #else /* !LARGE_SMB_OFF_T */
3696 * Ensure we haven't been sent a >32 bit offset.
3699 if(IVAL(req->vwv+10, 0) != 0) {
3700 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3701 "used and we don't support 64 bit offsets.\n",
3702 (unsigned int)IVAL(req->vwv+10, 0) ));
3703 END_PROFILE(SMBreadX);
3704 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3708 #endif /* LARGE_SMB_OFF_T */
3713 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3717 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3720 END_PROFILE(SMBreadX);
3724 /****************************************************************************
3725 Error replies to writebraw must have smb_wct == 1. Fix this up.
3726 ****************************************************************************/
3728 void error_to_writebrawerr(struct smb_request *req)
3730 uint8 *old_outbuf = req->outbuf;
3732 reply_outbuf(req, 1, 0);
3734 memcpy(req->outbuf, old_outbuf, smb_size);
3735 TALLOC_FREE(old_outbuf);
3738 /****************************************************************************
3739 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3740 ****************************************************************************/
3742 void reply_writebraw(struct smb_request *req)
3744 connection_struct *conn = req->conn;
3747 ssize_t total_written=0;
3748 size_t numtowrite=0;
3754 struct lock_struct lock;
3757 START_PROFILE(SMBwritebraw);
3760 * If we ever reply with an error, it must have the SMB command
3761 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3764 SCVAL(req->inbuf,smb_com,SMBwritec);
3766 if (srv_is_signing_active(smbd_server_conn)) {
3767 END_PROFILE(SMBwritebraw);
3768 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3769 "raw reads/writes are disallowed.");
3772 if (req->wct < 12) {
3773 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3774 error_to_writebrawerr(req);
3775 END_PROFILE(SMBwritebraw);
3779 if (smbd_server_conn->smb1.echo_handler.trusted_fde) {
3780 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of"
3781 "'fork echo handler = yes'\n"));
3782 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3783 error_to_writebrawerr(req);
3784 END_PROFILE(SMBwritebraw);
3788 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3789 if (!check_fsp(conn, req, fsp)) {
3790 error_to_writebrawerr(req);
3791 END_PROFILE(SMBwritebraw);
3795 if (!CHECK_WRITE(fsp)) {
3796 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3797 error_to_writebrawerr(req);
3798 END_PROFILE(SMBwritebraw);
3802 tcount = IVAL(req->vwv+1, 0);
3803 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3804 write_through = BITSETW(req->vwv+7,0);
3806 if (fsp->print_file) {
3807 /* Print files ignore the offset - use end of file. */
3808 startpos = (SMB_OFF_T)-1;
3811 /* We have to deal with slightly different formats depending
3812 on whether we are using the core+ or lanman1.0 protocol */
3814 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3815 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3816 data = smb_buf(req->inbuf);
3818 numtowrite = SVAL(req->vwv+10, 0);
3819 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3822 /* Ensure we don't write bytes past the end of this packet. */
3823 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3824 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3825 error_to_writebrawerr(req);
3826 END_PROFILE(SMBwritebraw);
3830 if (!fsp->print_file) {
3831 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3832 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3835 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3836 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3837 error_to_writebrawerr(req);
3838 END_PROFILE(SMBwritebraw);
3844 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3847 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3848 "wrote=%d sync=%d\n",
3849 fsp->fnum, (double)startpos, (int)numtowrite,
3850 (int)nwritten, (int)write_through));
3852 if (nwritten < (ssize_t)numtowrite) {
3853 reply_nterror(req, NT_STATUS_DISK_FULL);
3854 error_to_writebrawerr(req);
3858 total_written = nwritten;
3860 /* Allocate a buffer of 64k + length. */
3861 buf = TALLOC_ARRAY(NULL, char, 65540);
3863 reply_nterror(req, NT_STATUS_NO_MEMORY);
3864 error_to_writebrawerr(req);
3868 /* Return a SMBwritebraw message to the redirector to tell
3869 * it to send more bytes */
3871 memcpy(buf, req->inbuf, smb_size);
3872 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
3873 SCVAL(buf,smb_com,SMBwritebraw);
3874 SSVALS(buf,smb_vwv0,0xFFFF);
3876 if (!srv_send_smb(smbd_server_fd(),
3878 false, 0, /* no signing */
3879 IS_CONN_ENCRYPTED(conn),
3881 exit_server_cleanly("reply_writebraw: srv_send_smb "
3885 /* Now read the raw data into the buffer and write it */
3886 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3888 if (!NT_STATUS_IS_OK(status)) {
3889 exit_server_cleanly("secondary writebraw failed");
3892 /* Set up outbuf to return the correct size */
3893 reply_outbuf(req, 1, 0);
3895 if (numtowrite != 0) {
3897 if (numtowrite > 0xFFFF) {
3898 DEBUG(0,("reply_writebraw: Oversize secondary write "
3899 "raw requested (%u). Terminating\n",
3900 (unsigned int)numtowrite ));
3901 exit_server_cleanly("secondary writebraw failed");
3904 if (tcount > nwritten+numtowrite) {
3905 DEBUG(3,("reply_writebraw: Client overestimated the "
3907 (int)tcount,(int)nwritten,(int)numtowrite));
3910 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3912 if (!NT_STATUS_IS_OK(status)) {
3913 DEBUG(0,("reply_writebraw: Oversize secondary write "
3914 "raw read failed (%s). Terminating\n",
3915 nt_errstr(status)));
3916 exit_server_cleanly("secondary writebraw failed");
3919 if (fsp->print_file) {
3920 nwritten = write_file(req,fsp,buf+4,(SMB_OFF_T)-1,numtowrite);
3922 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3924 if (nwritten == -1) {
3926 reply_nterror(req, map_nt_error_from_unix(errno));
3927 error_to_writebrawerr(req);
3931 if (nwritten < (ssize_t)numtowrite) {
3932 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3933 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3937 total_written += nwritten;
3942 SSVAL(req->outbuf,smb_vwv0,total_written);
3944 status = sync_file(conn, fsp, write_through);
3945 if (!NT_STATUS_IS_OK(status)) {
3946 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3947 fsp_str_dbg(fsp), nt_errstr(status)));
3948 reply_nterror(req, status);
3949 error_to_writebrawerr(req);
3953 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3955 fsp->fnum, (double)startpos, (int)numtowrite,
3956 (int)total_written));
3958 if (!fsp->print_file) {
3959 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3962 /* We won't return a status if write through is not selected - this
3963 * follows what WfWg does */
3964 END_PROFILE(SMBwritebraw);
3966 if (!write_through && total_written==tcount) {
3968 #if RABBIT_PELLET_FIX
3970 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3971 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3974 if (!send_keepalive(smbd_server_fd())) {
3975 exit_server_cleanly("reply_writebraw: send of "
3976 "keepalive failed");
3979 TALLOC_FREE(req->outbuf);
3984 if (!fsp->print_file) {
3985 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3988 END_PROFILE(SMBwritebraw);
3993 #define DBGC_CLASS DBGC_LOCKING
3995 /****************************************************************************
3996 Reply to a writeunlock (core+).
3997 ****************************************************************************/
3999 void reply_writeunlock(struct smb_request *req)
4001 connection_struct *conn = req->conn;
4002 ssize_t nwritten = -1;
4006 NTSTATUS status = NT_STATUS_OK;
4008 struct lock_struct lock;
4009 int saved_errno = 0;
4011 START_PROFILE(SMBwriteunlock);
4014 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4015 END_PROFILE(SMBwriteunlock);
4019 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4021 if (!check_fsp(conn, req, fsp)) {
4022 END_PROFILE(SMBwriteunlock);
4026 if (!CHECK_WRITE(fsp)) {
4027 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4028 END_PROFILE(SMBwriteunlock);
4032 numtowrite = SVAL(req->vwv+1, 0);
4033 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4034 data = (const char *)req->buf + 3;
4036 if (fsp->print_file) {
4037 /* Print files ignore the offset - use end of file. */
4038 startpos = (SMB_OFF_T)-1;
4039 } else if (numtowrite) {
4040 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4041 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4044 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4045 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4046 END_PROFILE(SMBwriteunlock);
4051 /* The special X/Open SMB protocol handling of
4052 zero length writes is *NOT* done for
4054 if(numtowrite == 0) {
4057 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4058 saved_errno = errno;
4061 status = sync_file(conn, fsp, False /* write through */);
4062 if (!NT_STATUS_IS_OK(status)) {
4063 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4064 fsp_str_dbg(fsp), nt_errstr(status)));
4065 reply_nterror(req, status);
4070 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4074 if((nwritten < numtowrite) && (numtowrite != 0)) {
4075 reply_nterror(req, NT_STATUS_DISK_FULL);
4079 if (numtowrite && !fsp->print_file) {
4080 status = do_unlock(smbd_messaging_context(),
4083 (uint64_t)numtowrite,
4087 if (NT_STATUS_V(status)) {
4088 reply_nterror(req, status);
4093 reply_outbuf(req, 1, 0);
4095 SSVAL(req->outbuf,smb_vwv0,nwritten);
4097 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4098 fsp->fnum, (int)numtowrite, (int)nwritten));
4101 if (numtowrite && !fsp->print_file) {
4102 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4105 END_PROFILE(SMBwriteunlock);
4110 #define DBGC_CLASS DBGC_ALL
4112 /****************************************************************************
4114 ****************************************************************************/
4116 void reply_write(struct smb_request *req)
4118 connection_struct *conn = req->conn;
4120 ssize_t nwritten = -1;
4124 struct lock_struct lock;
4126 int saved_errno = 0;
4128 START_PROFILE(SMBwrite);
4131 END_PROFILE(SMBwrite);
4132 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4136 /* If it's an IPC, pass off the pipe handler. */
4138 reply_pipe_write(req);
4139 END_PROFILE(SMBwrite);
4143 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4145 if (!check_fsp(conn, req, fsp)) {
4146 END_PROFILE(SMBwrite);
4150 if (!CHECK_WRITE(fsp)) {
4151 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4152 END_PROFILE(SMBwrite);
4156 numtowrite = SVAL(req->vwv+1, 0);
4157 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4158 data = (const char *)req->buf + 3;
4160 if (fsp->print_file) {
4161 /* Print files ignore the offset - use end of file. */
4162 startpos = (SMB_OFF_T)-1;
4164 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4165 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4168 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4169 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4170 END_PROFILE(SMBwrite);
4176 * X/Open SMB protocol says that if smb_vwv1 is
4177 * zero then the file size should be extended or
4178 * truncated to the size given in smb_vwv[2-3].
4181 if(numtowrite == 0) {
4183 * This is actually an allocate call, and set EOF. JRA.
4185 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4187 reply_nterror(req, NT_STATUS_DISK_FULL);
4190 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4192 reply_nterror(req, NT_STATUS_DISK_FULL);
4195 trigger_write_time_update_immediate(fsp);
4197 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4200 status = sync_file(conn, fsp, False);
4201 if (!NT_STATUS_IS_OK(status)) {
4202 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4203 fsp_str_dbg(fsp), nt_errstr(status)));
4204 reply_nterror(req, status);
4209 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4213 if((nwritten == 0) && (numtowrite != 0)) {
4214 reply_nterror(req, NT_STATUS_DISK_FULL);
4218 reply_outbuf(req, 1, 0);
4220 SSVAL(req->outbuf,smb_vwv0,nwritten);
4222 if (nwritten < (ssize_t)numtowrite) {
4223 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4224 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4227 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4230 if (!fsp->print_file) {
4231 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4234 END_PROFILE(SMBwrite);
4238 /****************************************************************************
4239 Ensure a buffer is a valid writeX for recvfile purposes.
4240 ****************************************************************************/
4242 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4243 (2*14) + /* word count (including bcc) */ \
4246 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4249 connection_struct *conn = NULL;
4250 unsigned int doff = 0;
4251 size_t len = smb_len_large(inbuf);
4252 struct smbd_server_connection *sconn = smbd_server_conn;
4254 if (is_encrypted_packet(inbuf)) {
4255 /* Can't do this on encrypted
4260 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4264 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4265 CVAL(inbuf,smb_wct) != 14) {
4266 DEBUG(10,("is_valid_writeX_buffer: chained or "
4267 "invalid word length.\n"));
4271 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4273 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4277 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4280 if (IS_PRINT(conn)) {
4281 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4284 doff = SVAL(inbuf,smb_vwv11);
4286 numtowrite = SVAL(inbuf,smb_vwv10);
4288 if (len > doff && len - doff > 0xFFFF) {
4289 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4292 if (numtowrite == 0) {
4293 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4297 /* Ensure the sizes match up. */
4298 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4299 /* no pad byte...old smbclient :-( */
4300 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4302 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4306 if (len - doff != numtowrite) {
4307 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4308 "len = %u, doff = %u, numtowrite = %u\n",
4311 (unsigned int)numtowrite ));
4315 DEBUG(10,("is_valid_writeX_buffer: true "
4316 "len = %u, doff = %u, numtowrite = %u\n",
4319 (unsigned int)numtowrite ));
4324 /****************************************************************************
4325 Reply to a write and X.
4326 ****************************************************************************/
4328 void reply_write_and_X(struct smb_request *req)
4330 connection_struct *conn = req->conn;
4332 struct lock_struct lock;
4337 unsigned int smb_doff;
4338 unsigned int smblen;
4342 START_PROFILE(SMBwriteX);
4344 if ((req->wct != 12) && (req->wct != 14)) {
4345 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4346 END_PROFILE(SMBwriteX);
4350 numtowrite = SVAL(req->vwv+10, 0);
4351 smb_doff = SVAL(req->vwv+11, 0);
4352 smblen = smb_len(req->inbuf);
4354 if (req->unread_bytes > 0xFFFF ||
4355 (smblen > smb_doff &&
4356 smblen - smb_doff > 0xFFFF)) {
4357 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4360 if (req->unread_bytes) {
4361 /* Can't do a recvfile write on IPC$ */
4363 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4364 END_PROFILE(SMBwriteX);
4367 if (numtowrite != req->unread_bytes) {
4368 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4369 END_PROFILE(SMBwriteX);
4373 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4374 smb_doff + numtowrite > smblen) {
4375 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4376 END_PROFILE(SMBwriteX);
4381 /* If it's an IPC, pass off the pipe handler. */
4383 if (req->unread_bytes) {
4384 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4385 END_PROFILE(SMBwriteX);
4388 reply_pipe_write_and_X(req);
4389 END_PROFILE(SMBwriteX);
4393 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4394 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4395 write_through = BITSETW(req->vwv+7,0);
4397 if (!check_fsp(conn, req, fsp)) {
4398 END_PROFILE(SMBwriteX);
4402 if (!CHECK_WRITE(fsp)) {
4403 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4404 END_PROFILE(SMBwriteX);
4408 data = smb_base(req->inbuf) + smb_doff;
4410 if(req->wct == 14) {
4411 #ifdef LARGE_SMB_OFF_T
4413 * This is a large offset (64 bit) write.
4415 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4417 #else /* !LARGE_SMB_OFF_T */
4420 * Ensure we haven't been sent a >32 bit offset.
4423 if(IVAL(req->vwv+12, 0) != 0) {
4424 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4425 "used and we don't support 64 bit offsets.\n",
4426 (unsigned int)IVAL(req->vwv+12, 0) ));
4427 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4428 END_PROFILE(SMBwriteX);
4432 #endif /* LARGE_SMB_OFF_T */
4435 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4436 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4439 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4440 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4441 END_PROFILE(SMBwriteX);
4445 /* X/Open SMB protocol says that, unlike SMBwrite
4446 if the length is zero then NO truncation is
4447 done, just a write of zero. To truncate a file,
4450 if(numtowrite == 0) {
4454 if ((req->unread_bytes == 0) &&
4455 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4460 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4464 reply_nterror(req, map_nt_error_from_unix(errno));
4468 if((nwritten == 0) && (numtowrite != 0)) {
4469 reply_nterror(req, NT_STATUS_DISK_FULL);
4473 reply_outbuf(req, 6, 0);
4474 SSVAL(req->outbuf,smb_vwv2,nwritten);
4475 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4477 if (nwritten < (ssize_t)numtowrite) {
4478 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4479 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4482 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4483 fsp->fnum, (int)numtowrite, (int)nwritten));
4485 status = sync_file(conn, fsp, write_through);
4486 if (!NT_STATUS_IS_OK(status)) {
4487 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4488 fsp_str_dbg(fsp), nt_errstr(status)));
4489 reply_nterror(req, status);
4493 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4495 END_PROFILE(SMBwriteX);
4500 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4502 END_PROFILE(SMBwriteX);
4506 /****************************************************************************
4508 ****************************************************************************/
4510 void reply_lseek(struct smb_request *req)
4512 connection_struct *conn = req->conn;
4518 START_PROFILE(SMBlseek);
4521 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4522 END_PROFILE(SMBlseek);
4526 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4528 if (!check_fsp(conn, req, fsp)) {
4532 flush_write_cache(fsp, SEEK_FLUSH);
4534 mode = SVAL(req->vwv+1, 0) & 3;
4535 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4536 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4545 res = fsp->fh->pos + startpos;
4556 if (umode == SEEK_END) {
4557 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4558 if(errno == EINVAL) {
4559 SMB_OFF_T current_pos = startpos;
4561 if(fsp_stat(fsp) == -1) {
4563 map_nt_error_from_unix(errno));
4564 END_PROFILE(SMBlseek);
4568 current_pos += fsp->fsp_name->st.st_ex_size;
4570 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4575 reply_nterror(req, map_nt_error_from_unix(errno));
4576 END_PROFILE(SMBlseek);
4583 reply_outbuf(req, 2, 0);
4584 SIVAL(req->outbuf,smb_vwv0,res);
4586 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4587 fsp->fnum, (double)startpos, (double)res, mode));
4589 END_PROFILE(SMBlseek);
4593 /****************************************************************************
4595 ****************************************************************************/
4597 void reply_flush(struct smb_request *req)
4599 connection_struct *conn = req->conn;
4603 START_PROFILE(SMBflush);
4606 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4610 fnum = SVAL(req->vwv+0, 0);
4611 fsp = file_fsp(req, fnum);
4613 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4618 file_sync_all(conn);
4620 NTSTATUS status = sync_file(conn, fsp, True);
4621 if (!NT_STATUS_IS_OK(status)) {
4622 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4623 fsp_str_dbg(fsp), nt_errstr(status)));
4624 reply_nterror(req, status);
4625 END_PROFILE(SMBflush);
4630 reply_outbuf(req, 0, 0);
4632 DEBUG(3,("flush\n"));
4633 END_PROFILE(SMBflush);
4637 /****************************************************************************
4639 conn POINTER CAN BE NULL HERE !
4640 ****************************************************************************/
4642 void reply_exit(struct smb_request *req)
4644 START_PROFILE(SMBexit);
4646 file_close_pid(req->smbpid, req->vuid);
4648 reply_outbuf(req, 0, 0);
4650 DEBUG(3,("exit\n"));
4652 END_PROFILE(SMBexit);
4656 /****************************************************************************
4657 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4658 ****************************************************************************/
4660 void reply_close(struct smb_request *req)
4662 connection_struct *conn = req->conn;
4663 NTSTATUS status = NT_STATUS_OK;
4664 files_struct *fsp = NULL;
4665 START_PROFILE(SMBclose);
4668 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4669 END_PROFILE(SMBclose);
4673 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4676 * We can only use check_fsp if we know it's not a directory.
4679 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4680 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
4681 END_PROFILE(SMBclose);
4685 if(fsp->is_directory) {
4687 * Special case - close NT SMB directory handle.
4689 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4690 status = close_file(req, fsp, NORMAL_CLOSE);
4694 * Close ordinary file.
4697 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4698 fsp->fh->fd, fsp->fnum,
4699 conn->num_files_open));
4702 * Take care of any time sent in the close.
4705 t = srv_make_unix_date3(req->vwv+1);
4706 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4709 * close_file() returns the unix errno if an error
4710 * was detected on close - normally this is due to
4711 * a disk full error. If not then it was probably an I/O error.
4714 status = close_file(req, fsp, NORMAL_CLOSE);
4717 if (!NT_STATUS_IS_OK(status)) {
4718 reply_nterror(req, status);
4719 END_PROFILE(SMBclose);
4723 reply_outbuf(req, 0, 0);
4724 END_PROFILE(SMBclose);
4728 /****************************************************************************
4729 Reply to a writeclose (Core+ protocol).
4730 ****************************************************************************/
4732 void reply_writeclose(struct smb_request *req)
4734 connection_struct *conn = req->conn;
4736 ssize_t nwritten = -1;
4737 NTSTATUS close_status = NT_STATUS_OK;
4740 struct timespec mtime;
4742 struct lock_struct lock;
4744 START_PROFILE(SMBwriteclose);
4747 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4748 END_PROFILE(SMBwriteclose);
4752 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4754 if (!check_fsp(conn, req, fsp)) {
4755 END_PROFILE(SMBwriteclose);
4758 if (!CHECK_WRITE(fsp)) {
4759 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4760 END_PROFILE(SMBwriteclose);
4764 numtowrite = SVAL(req->vwv+1, 0);
4765 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4766 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4767 data = (const char *)req->buf + 1;
4769 if (fsp->print_file) {
4770 /* Print files ignore the offset - use end of file. */
4771 startpos = (SMB_OFF_T)-1;
4772 } else if (numtowrite) {
4773 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4774 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4777 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4778 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4779 END_PROFILE(SMBwriteclose);
4784 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4786 set_close_write_time(fsp, mtime);
4789 * More insanity. W2K only closes the file if writelen > 0.
4794 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4795 "file %s\n", fsp_str_dbg(fsp)));
4796 close_status = close_file(req, fsp, NORMAL_CLOSE);
4799 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4800 fsp->fnum, (int)numtowrite, (int)nwritten,
4801 conn->num_files_open));
4803 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4804 reply_nterror(req, NT_STATUS_DISK_FULL);
4808 if(!NT_STATUS_IS_OK(close_status)) {
4809 reply_nterror(req, close_status);
4813 reply_outbuf(req, 1, 0);
4815 SSVAL(req->outbuf,smb_vwv0,nwritten);
4818 if (numtowrite && !fsp->print_file) {
4819 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4822 END_PROFILE(SMBwriteclose);
4827 #define DBGC_CLASS DBGC_LOCKING
4829 /****************************************************************************
4831 ****************************************************************************/
4833 void reply_lock(struct smb_request *req)
4835 connection_struct *conn = req->conn;
4836 uint64_t count,offset;
4839 struct byte_range_lock *br_lck = NULL;
4841 START_PROFILE(SMBlock);
4844 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4845 END_PROFILE(SMBlock);
4849 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4851 if (!check_fsp(conn, req, fsp)) {
4852 END_PROFILE(SMBlock);
4856 count = (uint64_t)IVAL(req->vwv+1, 0);
4857 offset = (uint64_t)IVAL(req->vwv+3, 0);
4859 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4860 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4862 br_lck = do_lock(smbd_messaging_context(),
4869 False, /* Non-blocking lock. */
4874 TALLOC_FREE(br_lck);
4876 if (NT_STATUS_V(status)) {
4877 reply_nterror(req, status);
4878 END_PROFILE(SMBlock);
4882 reply_outbuf(req, 0, 0);
4884 END_PROFILE(SMBlock);
4888 /****************************************************************************
4890 ****************************************************************************/
4892 void reply_unlock(struct smb_request *req)
4894 connection_struct *conn = req->conn;
4895 uint64_t count,offset;
4899 START_PROFILE(SMBunlock);
4902 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4903 END_PROFILE(SMBunlock);
4907 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4909 if (!check_fsp(conn, req, fsp)) {
4910 END_PROFILE(SMBunlock);
4914 count = (uint64_t)IVAL(req->vwv+1, 0);
4915 offset = (uint64_t)IVAL(req->vwv+3, 0);
4917 status = do_unlock(smbd_messaging_context(),
4924 if (NT_STATUS_V(status)) {
4925 reply_nterror(req, status);
4926 END_PROFILE(SMBunlock);
4930 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4931 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4933 reply_outbuf(req, 0, 0);
4935 END_PROFILE(SMBunlock);
4940 #define DBGC_CLASS DBGC_ALL
4942 /****************************************************************************
4944 conn POINTER CAN BE NULL HERE !
4945 ****************************************************************************/
4947 void reply_tdis(struct smb_request *req)
4949 connection_struct *conn = req->conn;
4950 START_PROFILE(SMBtdis);
4953 DEBUG(4,("Invalid connection in tdis\n"));
4954 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
4955 END_PROFILE(SMBtdis);
4961 close_cnum(conn,req->vuid);
4964 reply_outbuf(req, 0, 0);
4965 END_PROFILE(SMBtdis);
4969 /****************************************************************************
4971 conn POINTER CAN BE NULL HERE !
4972 ****************************************************************************/
4974 void reply_echo(struct smb_request *req)
4976 connection_struct *conn = req->conn;
4977 struct smb_perfcount_data local_pcd;
4978 struct smb_perfcount_data *cur_pcd;
4982 START_PROFILE(SMBecho);
4984 smb_init_perfcount_data(&local_pcd);
4987 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4988 END_PROFILE(SMBecho);
4992 smb_reverb = SVAL(req->vwv+0, 0);
4994 reply_outbuf(req, 1, req->buflen);
4996 /* copy any incoming data back out */
4997 if (req->buflen > 0) {
4998 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5001 if (smb_reverb > 100) {
5002 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5006 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5008 /* this makes sure we catch the request pcd */
5009 if (seq_num == smb_reverb) {
5010 cur_pcd = &req->pcd;
5012 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5013 cur_pcd = &local_pcd;
5016 SSVAL(req->outbuf,smb_vwv0,seq_num);
5018 show_msg((char *)req->outbuf);
5019 if (!srv_send_smb(smbd_server_fd(),
5020 (char *)req->outbuf,
5021 true, req->seqnum+1,
5022 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5024 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5027 DEBUG(3,("echo %d times\n", smb_reverb));
5029 TALLOC_FREE(req->outbuf);
5031 END_PROFILE(SMBecho);
5035 /****************************************************************************
5036 Reply to a printopen.
5037 ****************************************************************************/
5039 void reply_printopen(struct smb_request *req)
5041 connection_struct *conn = req->conn;
5045 START_PROFILE(SMBsplopen);
5048 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5049 END_PROFILE(SMBsplopen);
5053 if (!CAN_PRINT(conn)) {
5054 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5055 END_PROFILE(SMBsplopen);
5059 status = file_new(req, conn, &fsp);
5060 if(!NT_STATUS_IS_OK(status)) {
5061 reply_nterror(req, status);
5062 END_PROFILE(SMBsplopen);
5066 /* Open for exclusive use, write only. */
5067 status = print_fsp_open(req, conn, NULL, req->vuid, fsp);
5069 if (!NT_STATUS_IS_OK(status)) {
5070 file_free(req, fsp);
5071 reply_nterror(req, status);
5072 END_PROFILE(SMBsplopen);
5076 reply_outbuf(req, 1, 0);
5077 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5079 DEBUG(3,("openprint fd=%d fnum=%d\n",
5080 fsp->fh->fd, fsp->fnum));
5082 END_PROFILE(SMBsplopen);
5086 /****************************************************************************
5087 Reply to a printclose.
5088 ****************************************************************************/
5090 void reply_printclose(struct smb_request *req)
5092 connection_struct *conn = req->conn;
5096 START_PROFILE(SMBsplclose);
5099 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5100 END_PROFILE(SMBsplclose);
5104 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5106 if (!check_fsp(conn, req, fsp)) {
5107 END_PROFILE(SMBsplclose);
5111 if (!CAN_PRINT(conn)) {
5112 reply_force_doserror(req, ERRSRV, ERRerror);
5113 END_PROFILE(SMBsplclose);
5117 DEBUG(3,("printclose fd=%d fnum=%d\n",
5118 fsp->fh->fd,fsp->fnum));
5120 status = close_file(req, fsp, NORMAL_CLOSE);
5122 if(!NT_STATUS_IS_OK(status)) {
5123 reply_nterror(req, status);
5124 END_PROFILE(SMBsplclose);
5128 reply_outbuf(req, 0, 0);
5130 END_PROFILE(SMBsplclose);
5134 /****************************************************************************
5135 Reply to a printqueue.
5136 ****************************************************************************/
5138 void reply_printqueue(struct smb_request *req)
5140 connection_struct *conn = req->conn;
5144 START_PROFILE(SMBsplretq);
5147 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5148 END_PROFILE(SMBsplretq);
5152 max_count = SVAL(req->vwv+0, 0);
5153 start_index = SVAL(req->vwv+1, 0);
5155 /* we used to allow the client to get the cnum wrong, but that
5156 is really quite gross and only worked when there was only
5157 one printer - I think we should now only accept it if they
5158 get it right (tridge) */
5159 if (!CAN_PRINT(conn)) {
5160 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5161 END_PROFILE(SMBsplretq);
5165 reply_outbuf(req, 2, 3);
5166 SSVAL(req->outbuf,smb_vwv0,0);
5167 SSVAL(req->outbuf,smb_vwv1,0);
5168 SCVAL(smb_buf(req->outbuf),0,1);
5169 SSVAL(smb_buf(req->outbuf),1,0);
5171 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5172 start_index, max_count));
5175 print_queue_struct *queue = NULL;
5176 print_status_struct status;
5177 int count = print_queue_status(SNUM(conn), &queue, &status);
5178 int num_to_get = ABS(max_count);
5179 int first = (max_count>0?start_index:start_index+max_count+1);
5185 num_to_get = MIN(num_to_get,count-first);
5188 for (i=first;i<first+num_to_get;i++) {
5192 srv_put_dos_date2(p,0,queue[i].time);
5193 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5194 SSVAL(p,5, queue[i].job);
5195 SIVAL(p,7,queue[i].size);
5197 srvstr_push(blob, req->flags2, p+12,
5198 queue[i].fs_user, 16, STR_ASCII);
5200 if (message_push_blob(
5203 blob, sizeof(blob))) == -1) {
5204 reply_nterror(req, NT_STATUS_NO_MEMORY);
5205 END_PROFILE(SMBsplretq);
5211 SSVAL(req->outbuf,smb_vwv0,count);
5212 SSVAL(req->outbuf,smb_vwv1,
5213 (max_count>0?first+count:first-1));
5214 SCVAL(smb_buf(req->outbuf),0,1);
5215 SSVAL(smb_buf(req->outbuf),1,28*count);
5220 DEBUG(3,("%d entries returned in queue\n",count));
5223 END_PROFILE(SMBsplretq);
5227 /****************************************************************************
5228 Reply to a printwrite.
5229 ****************************************************************************/
5231 void reply_printwrite(struct smb_request *req)
5233 connection_struct *conn = req->conn;
5238 START_PROFILE(SMBsplwr);
5241 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5242 END_PROFILE(SMBsplwr);
5246 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5248 if (!check_fsp(conn, req, fsp)) {
5249 END_PROFILE(SMBsplwr);
5253 if (!CAN_PRINT(conn)) {
5254 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5255 END_PROFILE(SMBsplwr);
5259 if (!CHECK_WRITE(fsp)) {
5260 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5261 END_PROFILE(SMBsplwr);
5265 numtowrite = SVAL(req->buf, 1);
5267 if (req->buflen < numtowrite + 3) {
5268 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5269 END_PROFILE(SMBsplwr);
5273 data = (const char *)req->buf + 3;
5275 if (write_file(req,fsp,data,(SMB_OFF_T)-1,numtowrite) != numtowrite) {
5276 reply_nterror(req, map_nt_error_from_unix(errno));
5277 END_PROFILE(SMBsplwr);
5281 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5283 END_PROFILE(SMBsplwr);
5287 /****************************************************************************
5289 ****************************************************************************/
5291 void reply_mkdir(struct smb_request *req)
5293 connection_struct *conn = req->conn;
5294 struct smb_filename *smb_dname = NULL;
5295 char *directory = NULL;
5297 TALLOC_CTX *ctx = talloc_tos();
5299 START_PROFILE(SMBmkdir);
5301 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5302 STR_TERMINATE, &status);
5303 if (!NT_STATUS_IS_OK(status)) {
5304 reply_nterror(req, status);
5308 status = filename_convert(ctx, conn,
5309 req->flags2 & FLAGS2_DFS_PATHNAMES,
5314 if (!NT_STATUS_IS_OK(status)) {
5315 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5316 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5317 ERRSRV, ERRbadpath);
5320 reply_nterror(req, status);
5324 status = create_directory(conn, req, smb_dname);
5326 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5328 if (!NT_STATUS_IS_OK(status)) {
5330 if (!use_nt_status()
5331 && NT_STATUS_EQUAL(status,
5332 NT_STATUS_OBJECT_NAME_COLLISION)) {
5334 * Yes, in the DOS error code case we get a
5335 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5336 * samba4 torture test.
5338 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5341 reply_nterror(req, status);
5345 reply_outbuf(req, 0, 0);
5347 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5349 TALLOC_FREE(smb_dname);
5350 END_PROFILE(SMBmkdir);
5354 /****************************************************************************
5356 ****************************************************************************/
5358 void reply_rmdir(struct smb_request *req)
5360 connection_struct *conn = req->conn;
5361 struct smb_filename *smb_dname = NULL;
5362 char *directory = NULL;
5364 TALLOC_CTX *ctx = talloc_tos();
5365 files_struct *fsp = NULL;
5367 struct smbd_server_connection *sconn = smbd_server_conn;
5369 START_PROFILE(SMBrmdir);
5371 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5372 STR_TERMINATE, &status);
5373 if (!NT_STATUS_IS_OK(status)) {
5374 reply_nterror(req, status);
5378 status = filename_convert(ctx, conn,
5379 req->flags2 & FLAGS2_DFS_PATHNAMES,
5384 if (!NT_STATUS_IS_OK(status)) {
5385 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5386 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5387 ERRSRV, ERRbadpath);
5390 reply_nterror(req, status);
5394 if (is_ntfs_stream_smb_fname(smb_dname)) {
5395 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5399 status = SMB_VFS_CREATE_FILE(
5402 0, /* root_dir_fid */
5403 smb_dname, /* fname */
5404 DELETE_ACCESS, /* access_mask */
5405 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5407 FILE_OPEN, /* create_disposition*/
5408 FILE_DIRECTORY_FILE, /* create_options */
5409 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5410 0, /* oplock_request */
5411 0, /* allocation_size */
5412 0, /* private_flags */
5418 if (!NT_STATUS_IS_OK(status)) {
5419 if (open_was_deferred(req->mid)) {
5420 /* We have re-scheduled this call. */
5423 reply_nterror(req, status);
5427 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5428 if (!NT_STATUS_IS_OK(status)) {
5429 close_file(req, fsp, ERROR_CLOSE);
5430 reply_nterror(req, status);
5434 if (!set_delete_on_close(fsp, true, &conn->server_info->utok)) {
5435 close_file(req, fsp, ERROR_CLOSE);
5436 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5440 status = close_file(req, fsp, NORMAL_CLOSE);
5441 if (!NT_STATUS_IS_OK(status)) {
5442 reply_nterror(req, status);
5444 reply_outbuf(req, 0, 0);
5447 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5449 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5451 TALLOC_FREE(smb_dname);
5452 END_PROFILE(SMBrmdir);
5456 /*******************************************************************
5457 Resolve wildcards in a filename rename.
5458 ********************************************************************/
5460 static bool resolve_wildcards(TALLOC_CTX *ctx,
5465 char *name2_copy = NULL;
5470 char *p,*p2, *pname1, *pname2;
5472 name2_copy = talloc_strdup(ctx, name2);
5477 pname1 = strrchr_m(name1,'/');
5478 pname2 = strrchr_m(name2_copy,'/');
5480 if (!pname1 || !pname2) {
5484 /* Truncate the copy of name2 at the last '/' */
5487 /* Now go past the '/' */
5491 root1 = talloc_strdup(ctx, pname1);
5492 root2 = talloc_strdup(ctx, pname2);
5494 if (!root1 || !root2) {
5498 p = strrchr_m(root1,'.');
5501 ext1 = talloc_strdup(ctx, p+1);
5503 ext1 = talloc_strdup(ctx, "");
5505 p = strrchr_m(root2,'.');
5508 ext2 = talloc_strdup(ctx, p+1);
5510 ext2 = talloc_strdup(ctx, "");
5513 if (!ext1 || !ext2) {
5521 /* Hmmm. Should this be mb-aware ? */
5524 } else if (*p2 == '*') {
5526 root2 = talloc_asprintf(ctx, "%s%s",
5545 /* Hmmm. Should this be mb-aware ? */
5548 } else if (*p2 == '*') {
5550 ext2 = talloc_asprintf(ctx, "%s%s",
5566 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5571 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5583 /****************************************************************************
5584 Ensure open files have their names updated. Updated to notify other smbd's
5586 ****************************************************************************/
5588 static void rename_open_files(connection_struct *conn,
5589 struct share_mode_lock *lck,
5590 const struct smb_filename *smb_fname_dst)
5593 bool did_rename = False;
5596 for(fsp = file_find_di_first(lck->id); fsp;
5597 fsp = file_find_di_next(fsp)) {
5598 /* fsp_name is a relative path under the fsp. To change this for other
5599 sharepaths we need to manipulate relative paths. */
5600 /* TODO - create the absolute path and manipulate the newname
5601 relative to the sharepath. */
5602 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5605 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5606 "(file_id %s) from %s -> %s\n", fsp->fnum,
5607 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5608 smb_fname_str_dbg(smb_fname_dst)));
5610 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5611 if (NT_STATUS_IS_OK(status)) {
5617 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5618 "for %s\n", file_id_string_tos(&lck->id),
5619 smb_fname_str_dbg(smb_fname_dst)));
5622 /* Send messages to all smbd's (not ourself) that the name has changed. */
5623 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5628 /****************************************************************************
5629 We need to check if the source path is a parent directory of the destination
5630 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5631 refuse the rename with a sharing violation. Under UNIX the above call can
5632 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5633 probably need to check that the client is a Windows one before disallowing
5634 this as a UNIX client (one with UNIX extensions) can know the source is a
5635 symlink and make this decision intelligently. Found by an excellent bug
5636 report from <AndyLiebman@aol.com>.
5637 ****************************************************************************/
5639 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5640 const struct smb_filename *smb_fname_dst)
5642 const char *psrc = smb_fname_src->base_name;
5643 const char *pdst = smb_fname_dst->base_name;
5646 if (psrc[0] == '.' && psrc[1] == '/') {
5649 if (pdst[0] == '.' && pdst[1] == '/') {
5652 if ((slen = strlen(psrc)) > strlen(pdst)) {
5655 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5659 * Do the notify calls from a rename
5662 static void notify_rename(connection_struct *conn, bool is_dir,
5663 const struct smb_filename *smb_fname_src,
5664 const struct smb_filename *smb_fname_dst)
5666 char *parent_dir_src = NULL;
5667 char *parent_dir_dst = NULL;
5670 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5671 : FILE_NOTIFY_CHANGE_FILE_NAME;
5673 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5674 &parent_dir_src, NULL) ||
5675 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5676 &parent_dir_dst, NULL)) {
5680 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5681 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5682 smb_fname_src->base_name);
5683 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5684 smb_fname_dst->base_name);
5687 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5688 smb_fname_src->base_name);
5689 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5690 smb_fname_dst->base_name);
5693 /* this is a strange one. w2k3 gives an additional event for
5694 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5695 files, but not directories */
5697 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5698 FILE_NOTIFY_CHANGE_ATTRIBUTES
5699 |FILE_NOTIFY_CHANGE_CREATION,
5700 smb_fname_dst->base_name);
5703 TALLOC_FREE(parent_dir_src);
5704 TALLOC_FREE(parent_dir_dst);
5707 /****************************************************************************
5708 Rename an open file - given an fsp.
5709 ****************************************************************************/
5711 NTSTATUS rename_internals_fsp(connection_struct *conn,
5713 const struct smb_filename *smb_fname_dst_in,
5715 bool replace_if_exists)
5717 TALLOC_CTX *ctx = talloc_tos();
5718 struct smb_filename *smb_fname_dst = NULL;
5719 NTSTATUS status = NT_STATUS_OK;
5720 struct share_mode_lock *lck = NULL;
5721 bool dst_exists, old_is_stream, new_is_stream;
5723 status = check_name(conn, smb_fname_dst_in->base_name);
5724 if (!NT_STATUS_IS_OK(status)) {
5728 /* Make a copy of the dst smb_fname structs */
5730 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5731 if (!NT_STATUS_IS_OK(status)) {
5735 /* Ensure the dst smb_fname contains a '/' */
5736 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5738 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5739 smb_fname_dst->base_name);
5741 status = NT_STATUS_NO_MEMORY;
5744 TALLOC_FREE(smb_fname_dst->base_name);
5745 smb_fname_dst->base_name = tmp;
5749 * Check for special case with case preserving and not
5750 * case sensitive. If the old last component differs from the original
5751 * last component only by case, then we should allow
5752 * the rename (user is trying to change the case of the
5755 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5756 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5757 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
5759 char *fname_dst_lcomp_base_mod = NULL;
5760 struct smb_filename *smb_fname_orig_lcomp = NULL;
5763 * Get the last component of the destination name. Note that
5764 * we guarantee that destination name contains a '/' character
5767 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5768 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5769 if (!fname_dst_lcomp_base_mod) {
5770 status = NT_STATUS_NO_MEMORY;
5775 * Create an smb_filename struct using the original last
5776 * component of the destination.
5778 status = create_synthetic_smb_fname_split(ctx,
5779 smb_fname_dst->original_lcomp, NULL,
5780 &smb_fname_orig_lcomp);
5781 if (!NT_STATUS_IS_OK(status)) {
5782 TALLOC_FREE(fname_dst_lcomp_base_mod);
5786 /* If the base names only differ by case, use original. */
5787 if(!strcsequal(fname_dst_lcomp_base_mod,
5788 smb_fname_orig_lcomp->base_name)) {
5791 * Replace the modified last component with the
5794 *last_slash = '\0'; /* Truncate at the '/' */
5795 tmp = talloc_asprintf(smb_fname_dst,
5797 smb_fname_dst->base_name,
5798 smb_fname_orig_lcomp->base_name);
5800 status = NT_STATUS_NO_MEMORY;
5801 TALLOC_FREE(fname_dst_lcomp_base_mod);
5802 TALLOC_FREE(smb_fname_orig_lcomp);
5805 TALLOC_FREE(smb_fname_dst->base_name);
5806 smb_fname_dst->base_name = tmp;
5809 /* If the stream_names only differ by case, use original. */
5810 if(!strcsequal(smb_fname_dst->stream_name,
5811 smb_fname_orig_lcomp->stream_name)) {
5813 /* Use the original stream. */
5814 tmp = talloc_strdup(smb_fname_dst,
5815 smb_fname_orig_lcomp->stream_name);
5817 status = NT_STATUS_NO_MEMORY;
5818 TALLOC_FREE(fname_dst_lcomp_base_mod);
5819 TALLOC_FREE(smb_fname_orig_lcomp);
5822 TALLOC_FREE(smb_fname_dst->stream_name);
5823 smb_fname_dst->stream_name = tmp;
5825 TALLOC_FREE(fname_dst_lcomp_base_mod);
5826 TALLOC_FREE(smb_fname_orig_lcomp);
5830 * If the src and dest names are identical - including case,
5831 * don't do the rename, just return success.
5834 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
5835 strcsequal(fsp->fsp_name->stream_name,
5836 smb_fname_dst->stream_name)) {
5837 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
5838 "- returning success\n",
5839 smb_fname_str_dbg(smb_fname_dst)));
5840 status = NT_STATUS_OK;
5844 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
5845 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
5847 /* Return the correct error code if both names aren't streams. */
5848 if (!old_is_stream && new_is_stream) {
5849 status = NT_STATUS_OBJECT_NAME_INVALID;
5853 if (old_is_stream && !new_is_stream) {
5854 status = NT_STATUS_INVALID_PARAMETER;
5858 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
5860 if(!replace_if_exists && dst_exists) {
5861 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
5862 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5863 smb_fname_str_dbg(smb_fname_dst)));
5864 status = NT_STATUS_OBJECT_NAME_COLLISION;
5869 struct file_id fileid = vfs_file_id_from_sbuf(conn,
5870 &smb_fname_dst->st);
5871 files_struct *dst_fsp = file_find_di_first(fileid);
5872 /* The file can be open when renaming a stream */
5873 if (dst_fsp && !new_is_stream) {
5874 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5875 status = NT_STATUS_ACCESS_DENIED;
5880 /* Ensure we have a valid stat struct for the source. */
5881 status = vfs_stat_fsp(fsp);
5882 if (!NT_STATUS_IS_OK(status)) {
5886 status = can_rename(conn, fsp, attrs);
5888 if (!NT_STATUS_IS_OK(status)) {
5889 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5890 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5891 smb_fname_str_dbg(smb_fname_dst)));
5892 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5893 status = NT_STATUS_ACCESS_DENIED;
5897 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
5898 status = NT_STATUS_ACCESS_DENIED;
5901 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5905 * We have the file open ourselves, so not being able to get the
5906 * corresponding share mode lock is a fatal error.
5909 SMB_ASSERT(lck != NULL);
5911 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
5912 uint32 create_options = fsp->fh->private_options;
5914 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
5915 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
5916 smb_fname_str_dbg(smb_fname_dst)));
5918 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
5921 rename_open_files(conn, lck, smb_fname_dst);
5924 * A rename acts as a new file create w.r.t. allowing an initial delete
5925 * on close, probably because in Windows there is a new handle to the
5926 * new file. If initial delete on close was requested but not
5927 * originally set, we need to set it here. This is probably not 100% correct,
5928 * but will work for the CIFSFS client which in non-posix mode
5929 * depends on these semantics. JRA.
5932 if (create_options & FILE_DELETE_ON_CLOSE) {
5933 status = can_set_delete_on_close(fsp, 0);
5935 if (NT_STATUS_IS_OK(status)) {
5936 /* Note that here we set the *inital* delete on close flag,
5937 * not the regular one. The magic gets handled in close. */
5938 fsp->initial_delete_on_close = True;
5942 status = NT_STATUS_OK;
5948 if (errno == ENOTDIR || errno == EISDIR) {
5949 status = NT_STATUS_OBJECT_NAME_COLLISION;
5951 status = map_nt_error_from_unix(errno);
5954 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
5955 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
5956 smb_fname_str_dbg(smb_fname_dst)));
5959 TALLOC_FREE(smb_fname_dst);
5964 /****************************************************************************
5965 The guts of the rename command, split out so it may be called by the NT SMB
5967 ****************************************************************************/
5969 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5970 connection_struct *conn,
5971 struct smb_request *req,
5972 struct smb_filename *smb_fname_src,
5973 struct smb_filename *smb_fname_dst,
5975 bool replace_if_exists,
5978 uint32_t access_mask)
5980 char *fname_src_dir = NULL;
5981 char *fname_src_mask = NULL;
5983 NTSTATUS status = NT_STATUS_OK;
5984 struct smb_Dir *dir_hnd = NULL;
5985 const char *dname = NULL;
5986 char *talloced = NULL;
5988 int create_options = 0;
5989 bool posix_pathnames = lp_posix_pathnames();
5992 * Split the old name into directory and last component
5993 * strings. Note that unix_convert may have stripped off a
5994 * leading ./ from both name and newname if the rename is
5995 * at the root of the share. We need to make sure either both
5996 * name and newname contain a / character or neither of them do
5997 * as this is checked in resolve_wildcards().
6000 /* Split up the directory from the filename/mask. */
6001 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6002 &fname_src_dir, &fname_src_mask);
6003 if (!NT_STATUS_IS_OK(status)) {
6004 status = NT_STATUS_NO_MEMORY;
6009 * We should only check the mangled cache
6010 * here if unix_convert failed. This means
6011 * that the path in 'mask' doesn't exist
6012 * on the file system and so we need to look
6013 * for a possible mangle. This patch from
6014 * Tine Smukavec <valentin.smukavec@hermes.si>.
6017 if (!VALID_STAT(smb_fname_src->st) &&
6018 mangle_is_mangled(fname_src_mask, conn->params)) {
6019 char *new_mask = NULL;
6020 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6023 TALLOC_FREE(fname_src_mask);
6024 fname_src_mask = new_mask;
6028 if (!src_has_wild) {
6032 * Only one file needs to be renamed. Append the mask back
6033 * onto the directory.
6035 TALLOC_FREE(smb_fname_src->base_name);
6036 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6040 if (!smb_fname_src->base_name) {
6041 status = NT_STATUS_NO_MEMORY;
6045 /* Ensure dst fname contains a '/' also */
6046 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
6048 tmp = talloc_asprintf(smb_fname_dst, "./%s",
6049 smb_fname_dst->base_name);
6051 status = NT_STATUS_NO_MEMORY;
6054 TALLOC_FREE(smb_fname_dst->base_name);
6055 smb_fname_dst->base_name = tmp;
6058 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6059 "case_preserve = %d, short case preserve = %d, "
6060 "directory = %s, newname = %s, "
6061 "last_component_dest = %s\n",
6062 conn->case_sensitive, conn->case_preserve,
6063 conn->short_case_preserve,
6064 smb_fname_str_dbg(smb_fname_src),
6065 smb_fname_str_dbg(smb_fname_dst),
6066 smb_fname_dst->original_lcomp));
6068 /* The dest name still may have wildcards. */
6069 if (dest_has_wild) {
6070 char *fname_dst_mod = NULL;
6071 if (!resolve_wildcards(smb_fname_dst,
6072 smb_fname_src->base_name,
6073 smb_fname_dst->base_name,
6075 DEBUG(6, ("rename_internals: resolve_wildcards "
6077 smb_fname_src->base_name,
6078 smb_fname_dst->base_name));
6079 status = NT_STATUS_NO_MEMORY;
6082 TALLOC_FREE(smb_fname_dst->base_name);
6083 smb_fname_dst->base_name = fname_dst_mod;
6086 ZERO_STRUCT(smb_fname_src->st);
6087 if (posix_pathnames) {
6088 SMB_VFS_LSTAT(conn, smb_fname_src);
6090 SMB_VFS_STAT(conn, smb_fname_src);
6093 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6094 create_options |= FILE_DIRECTORY_FILE;
6097 status = SMB_VFS_CREATE_FILE(
6100 0, /* root_dir_fid */
6101 smb_fname_src, /* fname */
6102 access_mask, /* access_mask */
6103 (FILE_SHARE_READ | /* share_access */
6105 FILE_OPEN, /* create_disposition*/
6106 create_options, /* create_options */
6107 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6108 0, /* oplock_request */
6109 0, /* allocation_size */
6110 0, /* private_flags */
6116 if (!NT_STATUS_IS_OK(status)) {
6117 DEBUG(3, ("Could not open rename source %s: %s\n",
6118 smb_fname_str_dbg(smb_fname_src),
6119 nt_errstr(status)));
6123 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6124 attrs, replace_if_exists);
6126 close_file(req, fsp, NORMAL_CLOSE);
6128 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6129 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6130 smb_fname_str_dbg(smb_fname_dst)));
6136 * Wildcards - process each file that matches.
6138 if (strequal(fname_src_mask, "????????.???")) {
6139 TALLOC_FREE(fname_src_mask);
6140 fname_src_mask = talloc_strdup(ctx, "*");
6141 if (!fname_src_mask) {
6142 status = NT_STATUS_NO_MEMORY;
6147 status = check_name(conn, fname_src_dir);
6148 if (!NT_STATUS_IS_OK(status)) {
6152 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6154 if (dir_hnd == NULL) {
6155 status = map_nt_error_from_unix(errno);
6159 status = NT_STATUS_NO_SUCH_FILE;
6161 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6162 * - gentest fix. JRA
6165 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6167 files_struct *fsp = NULL;
6168 char *destname = NULL;
6169 bool sysdir_entry = False;
6171 /* Quick check for "." and ".." */
6172 if (ISDOT(dname) || ISDOTDOT(dname)) {
6174 sysdir_entry = True;
6176 TALLOC_FREE(talloced);
6181 if (!is_visible_file(conn, fname_src_dir, dname,
6182 &smb_fname_src->st, false)) {
6183 TALLOC_FREE(talloced);
6187 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6188 TALLOC_FREE(talloced);
6193 status = NT_STATUS_OBJECT_NAME_INVALID;
6197 TALLOC_FREE(smb_fname_src->base_name);
6198 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6202 if (!smb_fname_src->base_name) {
6203 status = NT_STATUS_NO_MEMORY;
6207 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6208 smb_fname_dst->base_name,
6210 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6211 smb_fname_src->base_name, destname));
6212 TALLOC_FREE(talloced);
6216 status = NT_STATUS_NO_MEMORY;
6220 TALLOC_FREE(smb_fname_dst->base_name);
6221 smb_fname_dst->base_name = destname;
6223 ZERO_STRUCT(smb_fname_src->st);
6224 if (posix_pathnames) {
6225 SMB_VFS_LSTAT(conn, smb_fname_src);
6227 SMB_VFS_STAT(conn, smb_fname_src);
6232 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6233 create_options |= FILE_DIRECTORY_FILE;
6236 status = SMB_VFS_CREATE_FILE(
6239 0, /* root_dir_fid */
6240 smb_fname_src, /* fname */
6241 access_mask, /* access_mask */
6242 (FILE_SHARE_READ | /* share_access */
6244 FILE_OPEN, /* create_disposition*/
6245 create_options, /* create_options */
6246 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6247 0, /* oplock_request */
6248 0, /* allocation_size */
6249 0, /* private_flags */
6255 if (!NT_STATUS_IS_OK(status)) {
6256 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6257 "returned %s rename %s -> %s\n",
6259 smb_fname_str_dbg(smb_fname_src),
6260 smb_fname_str_dbg(smb_fname_dst)));
6264 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6266 if (!smb_fname_dst->original_lcomp) {
6267 status = NT_STATUS_NO_MEMORY;
6271 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6272 attrs, replace_if_exists);
6274 close_file(req, fsp, NORMAL_CLOSE);
6276 if (!NT_STATUS_IS_OK(status)) {
6277 DEBUG(3, ("rename_internals_fsp returned %s for "
6278 "rename %s -> %s\n", nt_errstr(status),
6279 smb_fname_str_dbg(smb_fname_src),
6280 smb_fname_str_dbg(smb_fname_dst)));
6286 DEBUG(3,("rename_internals: doing rename on %s -> "
6287 "%s\n", smb_fname_str_dbg(smb_fname_src),
6288 smb_fname_str_dbg(smb_fname_src)));
6289 TALLOC_FREE(talloced);
6291 TALLOC_FREE(dir_hnd);
6293 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6294 status = map_nt_error_from_unix(errno);
6298 TALLOC_FREE(talloced);
6299 TALLOC_FREE(fname_src_dir);
6300 TALLOC_FREE(fname_src_mask);
6304 /****************************************************************************
6306 ****************************************************************************/
6308 void reply_mv(struct smb_request *req)
6310 connection_struct *conn = req->conn;
6312 char *newname = NULL;
6316 bool src_has_wcard = False;
6317 bool dest_has_wcard = False;
6318 TALLOC_CTX *ctx = talloc_tos();
6319 struct smb_filename *smb_fname_src = NULL;
6320 struct smb_filename *smb_fname_dst = NULL;
6322 START_PROFILE(SMBmv);
6325 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6329 attrs = SVAL(req->vwv+0, 0);
6331 p = (const char *)req->buf + 1;
6332 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6333 &status, &src_has_wcard);
6334 if (!NT_STATUS_IS_OK(status)) {
6335 reply_nterror(req, status);
6339 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6340 &status, &dest_has_wcard);
6341 if (!NT_STATUS_IS_OK(status)) {
6342 reply_nterror(req, status);
6346 status = filename_convert(ctx,
6348 req->flags2 & FLAGS2_DFS_PATHNAMES,
6350 UCF_COND_ALLOW_WCARD_LCOMP,
6354 if (!NT_STATUS_IS_OK(status)) {
6355 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6356 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6357 ERRSRV, ERRbadpath);
6360 reply_nterror(req, status);
6364 status = filename_convert(ctx,
6366 req->flags2 & FLAGS2_DFS_PATHNAMES,
6368 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6372 if (!NT_STATUS_IS_OK(status)) {
6373 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6374 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6375 ERRSRV, ERRbadpath);
6378 reply_nterror(req, status);
6382 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6383 smb_fname_str_dbg(smb_fname_dst)));
6385 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6386 attrs, False, src_has_wcard, dest_has_wcard,
6388 if (!NT_STATUS_IS_OK(status)) {
6389 if (open_was_deferred(req->mid)) {
6390 /* We have re-scheduled this call. */
6393 reply_nterror(req, status);
6397 reply_outbuf(req, 0, 0);
6399 TALLOC_FREE(smb_fname_src);
6400 TALLOC_FREE(smb_fname_dst);
6405 /*******************************************************************
6406 Copy a file as part of a reply_copy.
6407 ******************************************************************/
6410 * TODO: check error codes on all callers
6413 NTSTATUS copy_file(TALLOC_CTX *ctx,
6414 connection_struct *conn,
6415 struct smb_filename *smb_fname_src,
6416 struct smb_filename *smb_fname_dst,
6419 bool target_is_directory)
6421 struct smb_filename *smb_fname_dst_tmp = NULL;
6423 files_struct *fsp1,*fsp2;
6425 uint32 new_create_disposition;
6429 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6430 if (!NT_STATUS_IS_OK(status)) {
6435 * If the target is a directory, extract the last component from the
6436 * src filename and append it to the dst filename
6438 if (target_is_directory) {
6441 /* dest/target can't be a stream if it's a directory. */
6442 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6444 p = strrchr_m(smb_fname_src->base_name,'/');
6448 p = smb_fname_src->base_name;
6450 smb_fname_dst_tmp->base_name =
6451 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6453 if (!smb_fname_dst_tmp->base_name) {
6454 status = NT_STATUS_NO_MEMORY;
6459 status = vfs_file_exist(conn, smb_fname_src);
6460 if (!NT_STATUS_IS_OK(status)) {
6464 if (!target_is_directory && count) {
6465 new_create_disposition = FILE_OPEN;
6467 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6469 &new_create_disposition,
6472 status = NT_STATUS_INVALID_PARAMETER;
6477 /* Open the src file for reading. */
6478 status = SMB_VFS_CREATE_FILE(
6481 0, /* root_dir_fid */
6482 smb_fname_src, /* fname */
6483 FILE_GENERIC_READ, /* access_mask */
6484 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6485 FILE_OPEN, /* create_disposition*/
6486 0, /* create_options */
6487 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6488 INTERNAL_OPEN_ONLY, /* oplock_request */
6489 0, /* allocation_size */
6490 0, /* private_flags */
6496 if (!NT_STATUS_IS_OK(status)) {
6500 dosattrs = dos_mode(conn, smb_fname_src);
6502 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6503 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6506 /* Open the dst file for writing. */
6507 status = SMB_VFS_CREATE_FILE(
6510 0, /* root_dir_fid */
6511 smb_fname_dst, /* fname */
6512 FILE_GENERIC_WRITE, /* access_mask */
6513 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6514 new_create_disposition, /* create_disposition*/
6515 0, /* create_options */
6516 dosattrs, /* file_attributes */
6517 INTERNAL_OPEN_ONLY, /* oplock_request */
6518 0, /* allocation_size */
6519 0, /* private_flags */
6525 if (!NT_STATUS_IS_OK(status)) {
6526 close_file(NULL, fsp1, ERROR_CLOSE);
6530 if ((ofun&3) == 1) {
6531 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6532 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6534 * Stop the copy from occurring.
6537 smb_fname_src->st.st_ex_size = 0;
6541 /* Do the actual copy. */
6542 if (smb_fname_src->st.st_ex_size) {
6543 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6546 close_file(NULL, fsp1, NORMAL_CLOSE);
6548 /* Ensure the modtime is set correctly on the destination file. */
6549 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6552 * As we are opening fsp1 read-only we only expect
6553 * an error on close on fsp2 if we are out of space.
6554 * Thus we don't look at the error return from the
6557 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6559 if (!NT_STATUS_IS_OK(status)) {
6563 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6564 status = NT_STATUS_DISK_FULL;
6568 status = NT_STATUS_OK;
6571 TALLOC_FREE(smb_fname_dst_tmp);
6575 /****************************************************************************
6576 Reply to a file copy.
6577 ****************************************************************************/
6579 void reply_copy(struct smb_request *req)
6581 connection_struct *conn = req->conn;
6582 struct smb_filename *smb_fname_src = NULL;
6583 struct smb_filename *smb_fname_dst = NULL;
6584 char *fname_src = NULL;
6585 char *fname_dst = NULL;
6586 char *fname_src_mask = NULL;
6587 char *fname_src_dir = NULL;
6590 int error = ERRnoaccess;
6594 bool target_is_directory=False;
6595 bool source_has_wild = False;
6596 bool dest_has_wild = False;
6598 TALLOC_CTX *ctx = talloc_tos();
6600 START_PROFILE(SMBcopy);
6603 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6607 tid2 = SVAL(req->vwv+0, 0);
6608 ofun = SVAL(req->vwv+1, 0);
6609 flags = SVAL(req->vwv+2, 0);
6611 p = (const char *)req->buf;
6612 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6613 &status, &source_has_wild);
6614 if (!NT_STATUS_IS_OK(status)) {
6615 reply_nterror(req, status);
6618 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6619 &status, &dest_has_wild);
6620 if (!NT_STATUS_IS_OK(status)) {
6621 reply_nterror(req, status);
6625 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6627 if (tid2 != conn->cnum) {
6628 /* can't currently handle inter share copies XXXX */
6629 DEBUG(3,("Rejecting inter-share copy\n"));
6630 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
6634 status = filename_convert(ctx, conn,
6635 req->flags2 & FLAGS2_DFS_PATHNAMES,
6637 UCF_COND_ALLOW_WCARD_LCOMP,
6640 if (!NT_STATUS_IS_OK(status)) {
6641 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6642 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6643 ERRSRV, ERRbadpath);
6646 reply_nterror(req, status);
6650 status = filename_convert(ctx, conn,
6651 req->flags2 & FLAGS2_DFS_PATHNAMES,
6653 UCF_COND_ALLOW_WCARD_LCOMP,
6656 if (!NT_STATUS_IS_OK(status)) {
6657 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6658 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6659 ERRSRV, ERRbadpath);
6662 reply_nterror(req, status);
6666 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6668 if ((flags&1) && target_is_directory) {
6669 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
6673 if ((flags&2) && !target_is_directory) {
6674 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
6678 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6679 /* wants a tree copy! XXXX */
6680 DEBUG(3,("Rejecting tree copy\n"));
6681 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6685 /* Split up the directory from the filename/mask. */
6686 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6687 &fname_src_dir, &fname_src_mask);
6688 if (!NT_STATUS_IS_OK(status)) {
6689 reply_nterror(req, NT_STATUS_NO_MEMORY);
6694 * We should only check the mangled cache
6695 * here if unix_convert failed. This means
6696 * that the path in 'mask' doesn't exist
6697 * on the file system and so we need to look
6698 * for a possible mangle. This patch from
6699 * Tine Smukavec <valentin.smukavec@hermes.si>.
6701 if (!VALID_STAT(smb_fname_src->st) &&
6702 mangle_is_mangled(fname_src_mask, conn->params)) {
6703 char *new_mask = NULL;
6704 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6705 &new_mask, conn->params);
6707 /* Use demangled name if one was successfully found. */
6709 TALLOC_FREE(fname_src_mask);
6710 fname_src_mask = new_mask;
6714 if (!source_has_wild) {
6717 * Only one file needs to be copied. Append the mask back onto
6720 TALLOC_FREE(smb_fname_src->base_name);
6721 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6725 if (!smb_fname_src->base_name) {
6726 reply_nterror(req, NT_STATUS_NO_MEMORY);
6730 if (dest_has_wild) {
6731 char *fname_dst_mod = NULL;
6732 if (!resolve_wildcards(smb_fname_dst,
6733 smb_fname_src->base_name,
6734 smb_fname_dst->base_name,
6736 reply_nterror(req, NT_STATUS_NO_MEMORY);
6739 TALLOC_FREE(smb_fname_dst->base_name);
6740 smb_fname_dst->base_name = fname_dst_mod;
6743 status = check_name(conn, smb_fname_src->base_name);
6744 if (!NT_STATUS_IS_OK(status)) {
6745 reply_nterror(req, status);
6749 status = check_name(conn, smb_fname_dst->base_name);
6750 if (!NT_STATUS_IS_OK(status)) {
6751 reply_nterror(req, status);
6755 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6756 ofun, count, target_is_directory);
6758 if(!NT_STATUS_IS_OK(status)) {
6759 reply_nterror(req, status);
6765 struct smb_Dir *dir_hnd = NULL;
6766 const char *dname = NULL;
6767 char *talloced = NULL;
6771 * There is a wildcard that requires us to actually read the
6772 * src dir and copy each file matching the mask to the dst.
6773 * Right now streams won't be copied, but this could
6774 * presumably be added with a nested loop for reach dir entry.
6776 SMB_ASSERT(!smb_fname_src->stream_name);
6777 SMB_ASSERT(!smb_fname_dst->stream_name);
6779 smb_fname_src->stream_name = NULL;
6780 smb_fname_dst->stream_name = NULL;
6782 if (strequal(fname_src_mask,"????????.???")) {
6783 TALLOC_FREE(fname_src_mask);
6784 fname_src_mask = talloc_strdup(ctx, "*");
6785 if (!fname_src_mask) {
6786 reply_nterror(req, NT_STATUS_NO_MEMORY);
6791 status = check_name(conn, fname_src_dir);
6792 if (!NT_STATUS_IS_OK(status)) {
6793 reply_nterror(req, status);
6797 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6798 if (dir_hnd == NULL) {
6799 status = map_nt_error_from_unix(errno);
6800 reply_nterror(req, status);
6806 /* Iterate over the src dir copying each entry to the dst. */
6807 while ((dname = ReadDirName(dir_hnd, &offset,
6808 &smb_fname_src->st, &talloced))) {
6809 char *destname = NULL;
6811 if (ISDOT(dname) || ISDOTDOT(dname)) {
6812 TALLOC_FREE(talloced);
6816 if (!is_visible_file(conn, fname_src_dir, dname,
6817 &smb_fname_src->st, false)) {
6818 TALLOC_FREE(talloced);
6822 if(!mask_match(dname, fname_src_mask,
6823 conn->case_sensitive)) {
6824 TALLOC_FREE(talloced);
6828 error = ERRnoaccess;
6830 /* Get the src smb_fname struct setup. */
6831 TALLOC_FREE(smb_fname_src->base_name);
6832 smb_fname_src->base_name =
6833 talloc_asprintf(smb_fname_src, "%s/%s",
6834 fname_src_dir, dname);
6836 if (!smb_fname_src->base_name) {
6837 TALLOC_FREE(dir_hnd);
6838 TALLOC_FREE(talloced);
6839 reply_nterror(req, NT_STATUS_NO_MEMORY);
6843 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6844 smb_fname_dst->base_name,
6846 TALLOC_FREE(talloced);
6850 TALLOC_FREE(dir_hnd);
6851 TALLOC_FREE(talloced);
6852 reply_nterror(req, NT_STATUS_NO_MEMORY);
6856 TALLOC_FREE(smb_fname_dst->base_name);
6857 smb_fname_dst->base_name = destname;
6859 status = check_name(conn, smb_fname_src->base_name);
6860 if (!NT_STATUS_IS_OK(status)) {
6861 TALLOC_FREE(dir_hnd);
6862 TALLOC_FREE(talloced);
6863 reply_nterror(req, status);
6867 status = check_name(conn, smb_fname_dst->base_name);
6868 if (!NT_STATUS_IS_OK(status)) {
6869 TALLOC_FREE(dir_hnd);
6870 TALLOC_FREE(talloced);
6871 reply_nterror(req, status);
6875 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
6876 smb_fname_src->base_name,
6877 smb_fname_dst->base_name));
6879 status = copy_file(ctx, conn, smb_fname_src,
6880 smb_fname_dst, ofun, count,
6881 target_is_directory);
6882 if (NT_STATUS_IS_OK(status)) {
6886 TALLOC_FREE(talloced);
6888 TALLOC_FREE(dir_hnd);
6892 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
6896 reply_outbuf(req, 1, 0);
6897 SSVAL(req->outbuf,smb_vwv0,count);
6899 TALLOC_FREE(smb_fname_src);
6900 TALLOC_FREE(smb_fname_dst);
6901 TALLOC_FREE(fname_src);
6902 TALLOC_FREE(fname_dst);
6903 TALLOC_FREE(fname_src_mask);
6904 TALLOC_FREE(fname_src_dir);
6906 END_PROFILE(SMBcopy);
6911 #define DBGC_CLASS DBGC_LOCKING
6913 /****************************************************************************
6914 Get a lock pid, dealing with large count requests.
6915 ****************************************************************************/
6917 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6918 bool large_file_format)
6920 if(!large_file_format)
6921 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6923 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6926 /****************************************************************************
6927 Get a lock count, dealing with large count requests.
6928 ****************************************************************************/
6930 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6931 bool large_file_format)
6935 if(!large_file_format) {
6936 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6939 #if defined(HAVE_LONGLONG)
6940 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6941 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6942 #else /* HAVE_LONGLONG */
6945 * NT4.x seems to be broken in that it sends large file (64 bit)
6946 * lockingX calls even if the CAP_LARGE_FILES was *not*
6947 * negotiated. For boxes without large unsigned ints truncate the
6948 * lock count by dropping the top 32 bits.
6951 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6952 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6953 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6954 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6955 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6958 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6959 #endif /* HAVE_LONGLONG */
6965 #if !defined(HAVE_LONGLONG)
6966 /****************************************************************************
6967 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6968 ****************************************************************************/
6970 static uint32 map_lock_offset(uint32 high, uint32 low)
6974 uint32 highcopy = high;
6977 * Try and find out how many significant bits there are in high.
6980 for(i = 0; highcopy; i++)
6984 * We use 31 bits not 32 here as POSIX
6985 * lock offsets may not be negative.
6988 mask = (~0) << (31 - i);
6991 return 0; /* Fail. */
6997 #endif /* !defined(HAVE_LONGLONG) */
6999 /****************************************************************************
7000 Get a lock offset, dealing with large offset requests.
7001 ****************************************************************************/
7003 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7004 bool large_file_format, bool *err)
7006 uint64_t offset = 0;
7010 if(!large_file_format) {
7011 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7014 #if defined(HAVE_LONGLONG)
7015 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7016 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7017 #else /* HAVE_LONGLONG */
7020 * NT4.x seems to be broken in that it sends large file (64 bit)
7021 * lockingX calls even if the CAP_LARGE_FILES was *not*
7022 * negotiated. For boxes without large unsigned ints mangle the
7023 * lock offset by mapping the top 32 bits onto the lower 32.
7026 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7027 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7028 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7031 if((new_low = map_lock_offset(high, low)) == 0) {
7033 return (uint64_t)-1;
7036 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7037 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7038 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7039 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7042 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7043 #endif /* HAVE_LONGLONG */
7049 NTSTATUS smbd_do_locking(struct smb_request *req,
7053 uint16_t num_ulocks,
7054 struct smbd_lock_element *ulocks,
7056 struct smbd_lock_element *locks,
7059 connection_struct *conn = req->conn;
7061 NTSTATUS status = NT_STATUS_OK;
7065 /* Data now points at the beginning of the list
7066 of smb_unlkrng structs */
7067 for(i = 0; i < (int)num_ulocks; i++) {
7068 struct smbd_lock_element *e = &ulocks[i];
7070 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7071 "pid %u, file %s\n",
7074 (unsigned int)e->smbpid,
7077 if (e->brltype != UNLOCK_LOCK) {
7078 /* this can only happen with SMB2 */
7079 return NT_STATUS_INVALID_PARAMETER;
7082 status = do_unlock(smbd_messaging_context(),
7089 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7090 nt_errstr(status)));
7092 if (!NT_STATUS_IS_OK(status)) {
7097 /* Setup the timeout in seconds. */
7099 if (!lp_blocking_locks(SNUM(conn))) {
7103 /* Data now points at the beginning of the list
7104 of smb_lkrng structs */
7106 for(i = 0; i < (int)num_locks; i++) {
7107 struct smbd_lock_element *e = &locks[i];
7109 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for pid "
7110 "%u, file %s timeout = %d\n",
7113 (unsigned int)e->smbpid,
7117 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7118 struct blocking_lock_record *blr = NULL;
7120 if (num_locks > 1) {
7122 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7123 * if the lock vector contains one entry. When given mutliple cancel
7124 * requests in a single PDU we expect the server to return an
7125 * error. Windows servers seem to accept the request but only
7126 * cancel the first lock.
7127 * JRA - Do what Windows does (tm) :-).
7131 /* MS-CIFS (2.2.4.32.1) behavior. */
7132 return NT_STATUS_DOS(ERRDOS,
7133 ERRcancelviolation);
7135 /* Windows behavior. */
7137 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7138 "cancel request\n"));
7144 if (lp_blocking_locks(SNUM(conn))) {
7146 /* Schedule a message to ourselves to
7147 remove the blocking lock record and
7148 return the right error. */
7150 blr = blocking_lock_cancel(fsp,
7156 NT_STATUS_FILE_LOCK_CONFLICT);
7158 return NT_STATUS_DOS(
7160 ERRcancelviolation);
7163 /* Remove a matching pending lock. */
7164 status = do_lock_cancel(fsp,
7171 bool blocking_lock = timeout ? true : false;
7172 bool defer_lock = false;
7173 struct byte_range_lock *br_lck;
7174 uint32_t block_smbpid;
7176 br_lck = do_lock(smbd_messaging_context(),
7188 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7189 /* Windows internal resolution for blocking locks seems
7190 to be about 200ms... Don't wait for less than that. JRA. */
7191 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7192 timeout = lp_lock_spin_time();
7197 /* If a lock sent with timeout of zero would fail, and
7198 * this lock has been requested multiple times,
7199 * according to brl_lock_failed() we convert this
7200 * request to a blocking lock with a timeout of between
7201 * 150 - 300 milliseconds.
7203 * If lp_lock_spin_time() has been set to 0, we skip
7204 * this blocking retry and fail immediately.
7206 * Replacement for do_lock_spin(). JRA. */
7208 if (br_lck && lp_blocking_locks(SNUM(conn)) &&
7209 lp_lock_spin_time() && !blocking_lock &&
7210 NT_STATUS_EQUAL((status),
7211 NT_STATUS_FILE_LOCK_CONFLICT))
7214 timeout = lp_lock_spin_time();
7217 if (br_lck && defer_lock) {
7219 * A blocking lock was requested. Package up
7220 * this smb into a queued request and push it
7221 * onto the blocking lock queue.
7223 if(push_blocking_lock_request(br_lck,
7234 TALLOC_FREE(br_lck);
7236 return NT_STATUS_OK;
7240 TALLOC_FREE(br_lck);
7243 if (!NT_STATUS_IS_OK(status)) {
7248 /* If any of the above locks failed, then we must unlock
7249 all of the previous locks (X/Open spec). */
7251 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7253 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7254 i = -1; /* we want to skip the for loop */
7258 * Ensure we don't do a remove on the lock that just failed,
7259 * as under POSIX rules, if we have a lock already there, we
7260 * will delete it (and we shouldn't) .....
7262 for(i--; i >= 0; i--) {
7263 struct smbd_lock_element *e = &locks[i];
7265 do_unlock(smbd_messaging_context(),
7275 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7276 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7278 return NT_STATUS_OK;
7281 /****************************************************************************
7282 Reply to a lockingX request.
7283 ****************************************************************************/
7285 void reply_lockingX(struct smb_request *req)
7287 connection_struct *conn = req->conn;
7289 unsigned char locktype;
7290 unsigned char oplocklevel;
7295 const uint8_t *data;
7296 bool large_file_format;
7298 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7299 struct smbd_lock_element *ulocks;
7300 struct smbd_lock_element *locks;
7303 START_PROFILE(SMBlockingX);
7306 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7307 END_PROFILE(SMBlockingX);
7311 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7312 locktype = CVAL(req->vwv+3, 0);
7313 oplocklevel = CVAL(req->vwv+3, 1);
7314 num_ulocks = SVAL(req->vwv+6, 0);
7315 num_locks = SVAL(req->vwv+7, 0);
7316 lock_timeout = IVAL(req->vwv+4, 0);
7317 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7319 if (!check_fsp(conn, req, fsp)) {
7320 END_PROFILE(SMBlockingX);
7326 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7327 /* we don't support these - and CANCEL_LOCK makes w2k
7328 and XP reboot so I don't really want to be
7329 compatible! (tridge) */
7330 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7331 END_PROFILE(SMBlockingX);
7335 /* Check if this is an oplock break on a file
7336 we have granted an oplock on.
7338 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7339 /* Client can insist on breaking to none. */
7340 bool break_to_none = (oplocklevel == 0);
7343 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7344 "for fnum = %d\n", (unsigned int)oplocklevel,
7348 * Make sure we have granted an exclusive or batch oplock on
7352 if (fsp->oplock_type == 0) {
7354 /* The Samba4 nbench simulator doesn't understand
7355 the difference between break to level2 and break
7356 to none from level2 - it sends oplock break
7357 replies in both cases. Don't keep logging an error
7358 message here - just ignore it. JRA. */
7360 DEBUG(5,("reply_lockingX: Error : oplock break from "
7361 "client for fnum = %d (oplock=%d) and no "
7362 "oplock granted on this file (%s).\n",
7363 fsp->fnum, fsp->oplock_type,
7366 /* if this is a pure oplock break request then don't
7368 if (num_locks == 0 && num_ulocks == 0) {
7369 END_PROFILE(SMBlockingX);
7372 END_PROFILE(SMBlockingX);
7373 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7378 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7380 result = remove_oplock(fsp);
7382 result = downgrade_oplock(fsp);
7386 DEBUG(0, ("reply_lockingX: error in removing "
7387 "oplock on file %s\n", fsp_str_dbg(fsp)));
7388 /* Hmmm. Is this panic justified? */
7389 smb_panic("internal tdb error");
7392 reply_to_oplock_break_requests(fsp);
7394 /* if this is a pure oplock break request then don't send a
7396 if (num_locks == 0 && num_ulocks == 0) {
7397 /* Sanity check - ensure a pure oplock break is not a
7399 if(CVAL(req->vwv+0, 0) != 0xff)
7400 DEBUG(0,("reply_lockingX: Error : pure oplock "
7401 "break is a chained %d request !\n",
7402 (unsigned int)CVAL(req->vwv+0, 0)));
7403 END_PROFILE(SMBlockingX);
7409 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7410 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7411 END_PROFILE(SMBlockingX);
7415 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7416 if (ulocks == NULL) {
7417 reply_nterror(req, NT_STATUS_NO_MEMORY);
7418 END_PROFILE(SMBlockingX);
7422 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7423 if (locks == NULL) {
7424 reply_nterror(req, NT_STATUS_NO_MEMORY);
7425 END_PROFILE(SMBlockingX);
7429 /* Data now points at the beginning of the list
7430 of smb_unlkrng structs */
7431 for(i = 0; i < (int)num_ulocks; i++) {
7432 ulocks[i].smbpid = get_lock_pid(data, i, large_file_format);
7433 ulocks[i].count = get_lock_count(data, i, large_file_format);
7434 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7435 ulocks[i].brltype = UNLOCK_LOCK;
7438 * There is no error code marked "stupid client bug".... :-).
7441 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7442 END_PROFILE(SMBlockingX);
7447 /* Now do any requested locks */
7448 data += ((large_file_format ? 20 : 10)*num_ulocks);
7450 /* Data now points at the beginning of the list
7451 of smb_lkrng structs */
7453 for(i = 0; i < (int)num_locks; i++) {
7454 locks[i].smbpid = get_lock_pid(data, i, large_file_format);
7455 locks[i].count = get_lock_count(data, i, large_file_format);
7456 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7458 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7459 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7460 locks[i].brltype = PENDING_READ_LOCK;
7462 locks[i].brltype = READ_LOCK;
7465 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7466 locks[i].brltype = PENDING_WRITE_LOCK;
7468 locks[i].brltype = WRITE_LOCK;
7473 * There is no error code marked "stupid client bug".... :-).
7476 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7477 END_PROFILE(SMBlockingX);
7482 status = smbd_do_locking(req, fsp,
7483 locktype, lock_timeout,
7487 if (!NT_STATUS_IS_OK(status)) {
7488 END_PROFILE(SMBlockingX);
7489 reply_nterror(req, status);
7493 END_PROFILE(SMBlockingX);
7497 reply_outbuf(req, 2, 0);
7499 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7500 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7502 END_PROFILE(SMBlockingX);
7507 #define DBGC_CLASS DBGC_ALL
7509 /****************************************************************************
7510 Reply to a SMBreadbmpx (read block multiplex) request.
7511 Always reply with an error, if someone has a platform really needs this,
7512 please contact vl@samba.org
7513 ****************************************************************************/
7515 void reply_readbmpx(struct smb_request *req)
7517 START_PROFILE(SMBreadBmpx);
7518 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7519 END_PROFILE(SMBreadBmpx);
7523 /****************************************************************************
7524 Reply to a SMBreadbs (read block multiplex secondary) request.
7525 Always reply with an error, if someone has a platform really needs this,
7526 please contact vl@samba.org
7527 ****************************************************************************/
7529 void reply_readbs(struct smb_request *req)
7531 START_PROFILE(SMBreadBs);
7532 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7533 END_PROFILE(SMBreadBs);
7537 /****************************************************************************
7538 Reply to a SMBsetattrE.
7539 ****************************************************************************/
7541 void reply_setattrE(struct smb_request *req)
7543 connection_struct *conn = req->conn;
7544 struct smb_file_time ft;
7548 START_PROFILE(SMBsetattrE);
7552 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7556 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7558 if(!fsp || (fsp->conn != conn)) {
7559 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7564 * Convert the DOS times into unix times.
7567 ft.atime = convert_time_t_to_timespec(
7568 srv_make_unix_date2(req->vwv+3));
7569 ft.mtime = convert_time_t_to_timespec(
7570 srv_make_unix_date2(req->vwv+5));
7571 ft.create_time = convert_time_t_to_timespec(
7572 srv_make_unix_date2(req->vwv+1));
7574 reply_outbuf(req, 0, 0);
7577 * Patch from Ray Frush <frush@engr.colostate.edu>
7578 * Sometimes times are sent as zero - ignore them.
7581 /* Ensure we have a valid stat struct for the source. */
7582 status = vfs_stat_fsp(fsp);
7583 if (!NT_STATUS_IS_OK(status)) {
7584 reply_nterror(req, status);
7588 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7589 if (!NT_STATUS_IS_OK(status)) {
7590 reply_nterror(req, status);
7594 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7597 (unsigned int)ft.atime.tv_sec,
7598 (unsigned int)ft.mtime.tv_sec,
7599 (unsigned int)ft.create_time.tv_sec
7602 END_PROFILE(SMBsetattrE);
7607 /* Back from the dead for OS/2..... JRA. */
7609 /****************************************************************************
7610 Reply to a SMBwritebmpx (write block multiplex primary) request.
7611 Always reply with an error, if someone has a platform really needs this,
7612 please contact vl@samba.org
7613 ****************************************************************************/
7615 void reply_writebmpx(struct smb_request *req)
7617 START_PROFILE(SMBwriteBmpx);
7618 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7619 END_PROFILE(SMBwriteBmpx);
7623 /****************************************************************************
7624 Reply to a SMBwritebs (write block multiplex secondary) request.
7625 Always reply with an error, if someone has a platform really needs this,
7626 please contact vl@samba.org
7627 ****************************************************************************/
7629 void reply_writebs(struct smb_request *req)
7631 START_PROFILE(SMBwriteBs);
7632 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7633 END_PROFILE(SMBwriteBs);
7637 /****************************************************************************
7638 Reply to a SMBgetattrE.
7639 ****************************************************************************/
7641 void reply_getattrE(struct smb_request *req)
7643 connection_struct *conn = req->conn;
7646 struct timespec create_ts;
7648 START_PROFILE(SMBgetattrE);
7651 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7652 END_PROFILE(SMBgetattrE);
7656 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7658 if(!fsp || (fsp->conn != conn)) {
7659 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7660 END_PROFILE(SMBgetattrE);
7664 /* Do an fstat on this file */
7666 reply_nterror(req, map_nt_error_from_unix(errno));
7667 END_PROFILE(SMBgetattrE);
7671 mode = dos_mode(conn, fsp->fsp_name);
7674 * Convert the times into dos times. Set create
7675 * date to be last modify date as UNIX doesn't save
7679 reply_outbuf(req, 11, 0);
7681 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
7682 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7683 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7684 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
7685 /* Should we check pending modtime here ? JRA */
7686 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7687 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
7690 SIVAL(req->outbuf, smb_vwv6, 0);
7691 SIVAL(req->outbuf, smb_vwv8, 0);
7693 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
7694 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
7695 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7697 SSVAL(req->outbuf,smb_vwv10, mode);
7699 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7701 END_PROFILE(SMBgetattrE);