*/
#include "includes.h"
+#include "system/filesys.h"
#include "version.h"
+#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/xattr.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "trans2.h"
+#include "auth.h"
+#include "smbprofile.h"
#define DIR_ENTRY_SAFETY_MARGIN 4096
return val;
}
+/********************************************************************
+ Create a 64 bit FileIndex. If the file is on the same device as
+ the root of the share, just return the 64-bit inode. If it isn't,
+ mangle as we used to do.
+********************************************************************/
+
+uint64_t get_FileIndex(connection_struct *conn, const SMB_STRUCT_STAT *psbuf)
+{
+ uint64_t file_index;
+ if (conn->base_share_dev == psbuf->st_ex_dev) {
+ return (uint64_t)psbuf->st_ex_ino;
+ }
+ file_index = ((psbuf->st_ex_ino) & UINT32_MAX); /* FileIndexLow */
+ file_index |= ((uint64_t)((psbuf->st_ex_dev) & UINT32_MAX)) << 32; /* FileIndexHigh */
+ return file_index;
+}
+
/****************************************************************************
Utility functions for dealing with extended attributes.
****************************************************************************/
return NT_STATUS_EAS_NOT_SUPPORTED;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* For now setting EAs on streams isn't supported. */
fname = smb_fname->base_name;
int alignment_offset = 1; /* JRA. This used to be 3. Set to 1 to make netmon parse ok. */
int data_alignment_offset = 0;
bool overflow = False;
- struct smbd_server_connection *sconn = smbd_server_conn;
+ struct smbd_server_connection *sconn = req->sconn;
int max_send = sconn->smb1.sessions.max_send;
/* Modify the data_to_send and datasize and set the error if
if(params_to_send == 0 && data_to_send == 0) {
reply_outbuf(req, 10, 0);
show_msg((char *)req->outbuf);
- if (!srv_send_smb(smbd_server_fd(),
+ if (!srv_send_smb(sconn,
(char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn),
/* Send the packet */
show_msg((char *)req->outbuf);
- if (!srv_send_smb(smbd_server_fd(),
+ if (!srv_send_smb(sconn,
(char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn),
uint32_t reskey=0;
uint64_t file_size = 0;
uint64_t allocation_size = 0;
+ uint64_t file_index = 0;
uint32_t len;
struct timespec mdate_ts, adate_ts, cdate_ts, create_date_ts;
time_t mdate = (time_t)0, adate = (time_t)0, create_date = (time_t)0;
}
allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn, NULL, &smb_fname->st);
+ file_index = get_FileIndex(conn, &smb_fname->st);
+
mdate_ts = smb_fname->st.st_ex_mtime;
adate_ts = smb_fname->st.st_ex_atime;
create_date_ts = get_create_timespec(conn, NULL, smb_fname);
p +=4;
}
SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
- SIVAL(p,0,smb_fname->st.st_ex_ino); p += 4; /* FileIndexLow */
- SIVAL(p,0,smb_fname->st.st_ex_dev); p += 4; /* FileIndexHigh */
+ SBVAL(p,0,file_index); p += 8;
len = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
STR_TERMINATE_ASCII);
}
p += 26;
SSVAL(p,0,0); p += 2; /* Reserved ? */
- SIVAL(p,0,smb_fname->st.st_ex_ino); p += 4; /* FileIndexLow */
- SIVAL(p,0,smb_fname->st.st_ex_dev); p += 4; /* FileIndexHigh */
+ SBVAL(p,0,file_index); p += 8;
len = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
STR_TERMINATE_ASCII);
bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
TALLOC_CTX *ctx = talloc_tos();
struct dptr_struct *dirptr = NULL;
- struct smbd_server_connection *sconn = smbd_server_conn;
+ struct smbd_server_connection *sconn = req->sconn;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
}
mask_contains_wcard = True;
}
- directory = talloc_strdup(talloc_tos(), "./");
+ } else {
+ *p = 0;
+ }
+
+ if (p == NULL || p == directory) {
+ /* Ensure we don't have a directory name of "". */
+ directory = talloc_strdup(talloc_tos(), ".");
if (!directory) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
- } else {
- *p = 0;
}
DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
needed as lanman2 assumes these are being saved between calls */
ntstatus = dptr_create(conn,
+ NULL, /* fsp */
directory,
False,
True,
bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
TALLOC_CTX *ctx = talloc_tos();
struct dptr_struct *dirptr;
- struct smbd_server_connection *sconn = smbd_server_conn;
+ struct smbd_server_connection *sconn = req->sconn;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
extended_info->samba_subversion |= (SAMBA_VERSION_VENDOR_PATCH & 0xffff);
#endif
extended_info->samba_gitcommitdate = 0;
-#ifdef SAMBA_VERSION_GIT_COMMIT_TIME
- unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_GIT_COMMIT_TIME);
+#ifdef SAMBA_VERSION_COMMIT_TIME
+ unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_COMMIT_TIME);
#endif
memset(extended_info->samba_version_string, 0,
fsp.fnum = -1;
/* access check */
- if (conn->server_info->utok.uid != sec_initial_uid()) {
+ if (get_current_uid(conn) != 0) {
DEBUG(0,("set_user_quota: access_denied "
"service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),
- conn->server_info->unix_name));
+ conn->session_info->unix_name));
return NT_STATUS_ACCESS_DENIED;
}
case SMB_QUERY_CIFS_UNIX_INFO:
{
bool large_write = lp_min_receive_file_size() &&
- !srv_is_signing_active(smbd_server_conn);
- bool large_read = !srv_is_signing_active(smbd_server_conn);
+ !srv_is_signing_active(conn->sconn);
+ bool large_read = !srv_is_signing_active(conn->sconn);
int encrypt_caps = 0;
if (!lp_unix_extensions()) {
* in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Builtin_Guests,
- conn->server_info->ptok)) {
+ conn->session_info->security_token)) {
flags |= SMB_WHOAMI_GUEST;
}
* is in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Authenticated_Users,
- conn->server_info->ptok)) {
+ conn->session_info->security_token)) {
flags &= ~SMB_WHOAMI_GUEST;
}
+ 4 /* num_sids */
+ 4 /* SID bytes */
+ 4 /* pad/reserved */
- + (conn->server_info->utok.ngroups * 8)
+ + (conn->session_info->utok.ngroups * 8)
/* groups list */
- + (conn->server_info->ptok->num_sids *
+ + (conn->session_info->security_token->num_sids *
SID_MAX_SIZE)
/* SID list */;
SIVAL(pdata, 0, flags);
SIVAL(pdata, 4, SMB_WHOAMI_MASK);
SBIG_UINT(pdata, 8,
- (uint64_t)conn->server_info->utok.uid);
+ (uint64_t)conn->session_info->utok.uid);
SBIG_UINT(pdata, 16,
- (uint64_t)conn->server_info->utok.gid);
+ (uint64_t)conn->session_info->utok.gid);
if (data_len >= max_data_bytes) {
break;
}
- SIVAL(pdata, 24, conn->server_info->utok.ngroups);
- SIVAL(pdata, 28, conn->server_info->num_sids);
+ SIVAL(pdata, 24, conn->session_info->utok.ngroups);
+ SIVAL(pdata, 28, conn->session_info->security_token->num_sids);
/* We walk the SID list twice, but this call is fairly
* infrequent, and I don't expect that it's performance
* sensitive -- jpeach
*/
for (i = 0, sid_bytes = 0;
- i < conn->server_info->ptok->num_sids; ++i) {
+ i < conn->session_info->security_token->num_sids; ++i) {
sid_bytes += ndr_size_dom_sid(
- &conn->server_info->ptok->user_sids[i],
+ &conn->session_info->security_token->sids[i],
0);
}
data_len = 40;
/* GID list */
- for (i = 0; i < conn->server_info->utok.ngroups; ++i) {
+ for (i = 0; i < conn->session_info->utok.ngroups; ++i) {
SBIG_UINT(pdata, data_len,
- (uint64_t)conn->server_info->utok.groups[i]);
+ (uint64_t)conn->session_info->utok.groups[i]);
data_len += 8;
}
/* SID list */
for (i = 0;
- i < conn->server_info->ptok->num_sids; ++i) {
+ i < conn->session_info->security_token->num_sids; ++i) {
int sid_len = ndr_size_dom_sid(
- &conn->server_info->ptok->user_sids[i],
+ &conn->session_info->security_token->sids[i],
0);
sid_linearize(pdata + data_len, sid_len,
- &conn->server_info->ptok->user_sids[i]);
+ &conn->session_info->security_token->sids[i]);
data_len += sid_len;
}
return;
}
- if (smbd_server_conn->smb1.echo_handler.trusted_fde) {
+ if (req->sconn->smb1.echo_handler.trusted_fde) {
DEBUG( 2,("call_trans2setfsinfo: "
"request transport encryption disabled"
"with 'fork echo handler = yes'\n"));
ZERO_STRUCT(quotas);
/* access check */
- if ((conn->server_info->utok.uid != sec_initial_uid())
- ||!CAN_WRITE(conn)) {
+ if ((get_current_uid(conn) != 0) || !CAN_WRITE(conn)) {
DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),
- conn->server_info->unix_name));
+ conn->session_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
files_struct *fsp,
const SMB_STRUCT_STAT *psbuf)
{
+ uint64_t file_index = get_FileIndex(conn, psbuf);
+
DEBUG(10,("store_file_unix_basic: SMB_QUERY_FILE_UNIX_BASIC\n"));
DEBUG(4,("store_file_unix_basic: st_mode=%o\n",(int)psbuf->st_ex_mode));
SIVAL(pdata,4,0);
pdata += 8;
- SINO_T_VAL(pdata,0,(SMB_INO_T)psbuf->st_ex_ino); /* inode number */
+ SINO_T_VAL(pdata,0,(SMB_INO_T)file_index); /* inode number */
pdata += 8;
SIVAL(pdata,0, unix_perms_to_wire(psbuf->st_ex_mode)); /* Standard UNIX file permissions */
/* Do we have this path open ? */
files_struct *fsp1;
struct file_id fileid = vfs_file_id_from_sbuf(conn, psbuf);
- fsp1 = file_find_di_first(fileid);
+ fsp1 = file_find_di_first(conn->sconn, fileid);
if (fsp1 && fsp1->initial_allocation_size) {
allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn, fsp1, psbuf);
}
I think this causes us to fail the IFSKIT
BasicFileInformationTest. -tpot */
- file_index = ((psbuf->st_ex_ino) & UINT32_MAX); /* FileIndexLow */
- file_index |= ((uint64_t)((psbuf->st_ex_dev) & UINT32_MAX)) << 32; /* FileIndexHigh */
+ file_index = get_FileIndex(conn, psbuf);
switch (info_level) {
case SMB_INFO_STANDARD:
pdata = store_file_unix_basic(conn, pdata, fsp, psbuf);
data_size = PTR_DIFF(pdata,(*ppdata));
- {
- int i;
- DEBUG(4,("smbd_do_qfilepathinfo: SMB_QUERY_FILE_UNIX_BASIC "));
-
- for (i=0; i<100; i++)
- DEBUG(4,("%d=%x, ",i, (*ppdata)[i]));
- DEBUG(4,("\n"));
- }
+ DEBUG(4,("smbd_do_qfilepathinfo: "
+ "SMB_QUERY_FILE_UNIX_BASIC\n"));
+ dump_data(4, (uint8_t *)(*ppdata), data_size);
break;
uint16 num_file_acls = 0;
uint16 num_def_acls = 0;
- if (fsp && !fsp->is_directory && (fsp->fh->fd != -1)) {
+ if (fsp && fsp->fh->fd != -1) {
file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
} else {
file_acl =
enum brl_type lock_type;
/* We need an open file with a real fd for this. */
- if (!fsp || fsp->is_directory || fsp->fh->fd == -1) {
+ if (!fsp || fsp->fh->fd == -1) {
return NT_STATUS_INVALID_LEVEL;
}
/* We know this name is ok, it's already passed the checks. */
- } else if(fsp->is_directory || fsp->fh->fd == -1) {
+ } else if(fsp->fh->fd == -1) {
/*
* This is actually a QFILEINFO on a directory
* handle (returned from an NT SMB). NT5.0 seems
}
fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
- get_file_infos(fileid, &delete_pending, &write_time_ts);
+ get_file_infos(fileid, fsp->name_hash, &delete_pending, &write_time_ts);
} else {
/*
* Original code - this is an open file.
*/
- if (!check_fsp(conn, req, fsp)) {
- return;
- }
-
if (SMB_VFS_FSTAT(fsp, &smb_fname->st) != 0) {
DEBUG(3, ("fstat of fnum %d failed (%s)\n",
fsp->fnum, strerror(errno)));
return;
}
fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
- get_file_infos(fileid, &delete_pending, &write_time_ts);
+ get_file_infos(fileid, fsp->name_hash, &delete_pending, &write_time_ts);
}
} else {
+ uint32_t name_hash;
char *fname = NULL;
/* qpathinfo */
}
}
+ status = file_name_hash(conn,
+ smb_fname_str_dbg(smb_fname_base),
+ &name_hash);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(smb_fname_base);
+ reply_nterror(req, status);
+ return;
+ }
+
fileid = vfs_file_id_from_sbuf(conn,
&smb_fname_base->st);
TALLOC_FREE(smb_fname_base);
- get_file_infos(fileid, &delete_pending, NULL);
+ get_file_infos(fileid, name_hash, &delete_pending, NULL);
if (delete_pending) {
reply_nterror(req, NT_STATUS_DELETE_PENDING);
return;
}
}
+ status = file_name_hash(conn,
+ smb_fname_str_dbg(smb_fname),
+ &name_hash);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
+
fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
- get_file_infos(fileid, &delete_pending, &write_time_ts);
+ get_file_infos(fileid, name_hash, &delete_pending, &write_time_ts);
if (delete_pending) {
reply_nterror(req, NT_STATUS_DELETE_PENDING);
return;
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* get some defaults (no modifications) if any info is zero or -1. */
if (null_timespec(ft->create_time)) {
action &= ~FILE_NOTIFY_CHANGE_CREATION;
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size));
if (size == get_file_size_stat(psbuf)) {
if (!ea_list) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
status = set_ea(conn, fsp, smb_fname, ea_list);
return status;
if (!ea_list) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n",
/* The set is across all open files on this dev/inode pair. */
if (!set_delete_on_close(fsp, delete_on_close,
- &conn->server_info->utok)) {
+ &conn->session_info->utok)) {
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
newname,
- 0,
+ UCF_SAVE_LCOMP,
NULL,
&smb_fname_dst);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- /* Ok, this looks wrong to me, but appears to
- * be how SMB2 renames work. CHECK WITH Microsoft !
- * jra.
- */
- if (fsp->oplock_type != NO_OPLOCK) {
- return NT_STATUS_SHARING_VIOLATION;
- }
-
if (fsp->base_fsp) {
/* newname must be a stream name. */
if (newname[0] != ':') {
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
newname,
- 0,
+ UCF_SAVE_LCOMP,
NULL,
&smb_fname_dst);
if (!NT_STATUS_IS_OK(status)) {
if (p) {
p[1] = '\0';
} else {
- base_name = talloc_strdup(ctx, "./");
+ base_name = talloc_strdup(ctx, "");
if (!base_name) {
return NT_STATUS_NO_MEMORY;
}
(double)offset ));
if (lock_type == UNLOCK_LOCK) {
- status = do_unlock(smbd_messaging_context(),
+ status = do_unlock(req->sconn->msg_ctx,
fsp,
smblctx,
count,
} else {
uint64_t block_smblctx;
- struct byte_range_lock *br_lck = do_lock(smbd_messaging_context(),
+ struct byte_range_lock *br_lck = do_lock(req->sconn->msg_ctx,
fsp,
smblctx,
count,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* Set the attributes */
dosmode = IVAL(pdata,32);
status = smb_set_file_dosmode(conn, smb_fname, dosmode);
return NT_STATUS_INVALID_PARAMETER;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* create time */
ft.create_time = convert_time_t_to_timespec(srv_make_unix_date2(pdata));
/* access time */
allocation_size = smb_roundup(conn, allocation_size);
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
DEBUG(10,("smb_set_file_allocation_info: file %s : setting new "
"allocation size to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)allocation_size));
"file %s to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)size));
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
return smb_set_file_size(conn, req,
fsp,
smb_fname,
files_struct *all_fsps = NULL;
bool modify_mtime = true;
struct file_id id;
+ struct smb_filename *smb_fname_tmp = NULL;
SMB_STRUCT_STAT sbuf;
ZERO_STRUCT(ft);
sbuf = smb_fname->st;
if (!VALID_STAT(sbuf)) {
- struct smb_filename *smb_fname_tmp = NULL;
/*
* The only valid use of this is to create character and block
* devices, and named pipes. This is deprecated (IMHO) and
}
sbuf = smb_fname_tmp->st;
- TALLOC_FREE(smb_fname_tmp);
+ smb_fname = smb_fname_tmp;
/* Ensure we don't try and change anything else. */
raw_unixmode = SMB_MODE_NO_CHANGE;
}
id = vfs_file_id_from_sbuf(conn, &sbuf);
- for(all_fsps = file_find_di_first(id); all_fsps;
+ for(all_fsps = file_find_di_first(conn->sconn, id); all_fsps;
all_fsps = file_find_di_next(all_fsps)) {
/*
* We're setting the time explicitly for UNIX.
return;
}
- if(fsp->is_directory || fsp->fh->fd == -1) {
+ if(fsp->fh->fd == -1) {
/*
* This is actually a SETFILEINFO on a directory
* handle (returned from an NT SMB). NT5.0 seems
/*
* Original code - this is an open file.
*/
- if (!check_fsp(conn, req, fsp)) {
- return;
- }
-
if (SMB_VFS_FSTAT(fsp, &smb_fname->st) != 0) {
DEBUG(3,("call_trans2setfilepathinfo: fstat "
"of fnum %d failed (%s)\n", fsp->fnum,
/* We have re-scheduled this call. */
return;
}
- if (blocking_lock_was_deferred_smb1(req->mid)) {
+ if (blocking_lock_was_deferred_smb1(req->sconn, req->mid)) {
/* We have re-scheduled this call. */
return;
}
void reply_findclose(struct smb_request *req)
{
int dptr_num;
- struct smbd_server_connection *sconn = smbd_server_conn;
+ struct smbd_server_connection *sconn = req->sconn;
START_PROFILE(SMBfindclose);