s3: smbd: SMB2 - change smbd_dirptr_lanman2_entry() to return an NTSTATUS.
[sfrench/samba-autobuild/.git] / source3 / smbd / trans2.c
1 /*
2    Unix SMB/CIFS implementation.
3    SMB transaction2 handling
4    Copyright (C) Jeremy Allison                 1994-2007
5    Copyright (C) Stefan (metze) Metzmacher      2003
6    Copyright (C) Volker Lendecke                2005-2007
7    Copyright (C) Steve French                   2005
8    Copyright (C) James Peach                    2006-2007
9
10    Extensively modified by Andrew Tridgell, 1995
11
12    This program is free software; you can redistribute it and/or modify
13    it under the terms of the GNU General Public License as published by
14    the Free Software Foundation; either version 3 of the License, or
15    (at your option) any later version.
16
17    This program is distributed in the hope that it will be useful,
18    but WITHOUT ANY WARRANTY; without even the implied warranty of
19    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20    GNU General Public License for more details.
21
22    You should have received a copy of the GNU General Public License
23    along with this program.  If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "includes.h"
27 #include "ntioctl.h"
28 #include "system/filesys.h"
29 #include "version.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "../libcli/auth/libcli_auth.h"
33 #include "../librpc/gen_ndr/xattr.h"
34 #include "../librpc/gen_ndr/ndr_security.h"
35 #include "../librpc/gen_ndr/open_files.h"
36 #include "libcli/security/security.h"
37 #include "trans2.h"
38 #include "auth.h"
39 #include "smbprofile.h"
40 #include "rpc_server/srv_pipe_hnd.h"
41 #include "printing.h"
42 #include "lib/util_ea.h"
43
44 #define DIR_ENTRY_SAFETY_MARGIN 4096
45
46 static char *store_file_unix_basic(connection_struct *conn,
47                                 char *pdata,
48                                 files_struct *fsp,
49                                 const SMB_STRUCT_STAT *psbuf);
50
51 static char *store_file_unix_basic_info2(connection_struct *conn,
52                                 char *pdata,
53                                 files_struct *fsp,
54                                 const SMB_STRUCT_STAT *psbuf);
55
56 /********************************************************************
57  The canonical "check access" based on object handle or path function.
58 ********************************************************************/
59
60 NTSTATUS check_access(connection_struct *conn,
61                                 files_struct *fsp,
62                                 const struct smb_filename *smb_fname,
63                                 uint32_t access_mask)
64 {
65         if (fsp) {
66                 if (!(fsp->access_mask & access_mask)) {
67                         return NT_STATUS_ACCESS_DENIED;
68                 }
69         } else {
70                 NTSTATUS status = smbd_check_access_rights(conn,
71                                         smb_fname,
72                                         false,
73                                         access_mask);
74                 if (!NT_STATUS_IS_OK(status)) {
75                         return status;
76                 }
77         }
78         return NT_STATUS_OK;
79 }
80
81 /********************************************************************
82  Roundup a value to the nearest allocation roundup size boundary.
83  Only do this for Windows clients.
84 ********************************************************************/
85
86 uint64_t smb_roundup(connection_struct *conn, uint64_t val)
87 {
88         uint64_t rval = lp_allocation_roundup_size(SNUM(conn));
89
90         /* Only roundup for Windows clients. */
91         enum remote_arch_types ra_type = get_remote_arch();
92         if (rval && (ra_type != RA_SAMBA) && (ra_type != RA_CIFSFS)) {
93                 val = SMB_ROUNDUP(val,rval);
94         }
95         return val;
96 }
97
98 /********************************************************************
99  Create a 64 bit FileIndex. If the file is on the same device as
100  the root of the share, just return the 64-bit inode. If it isn't,
101  mangle as we used to do.
102 ********************************************************************/
103
104 uint64_t get_FileIndex(connection_struct *conn, const SMB_STRUCT_STAT *psbuf)
105 {
106         uint64_t file_index;
107         if (conn->base_share_dev == psbuf->st_ex_dev) {
108                 return (uint64_t)psbuf->st_ex_ino;
109         }
110         file_index = ((psbuf->st_ex_ino) & UINT32_MAX); /* FileIndexLow */
111         file_index |= ((uint64_t)((psbuf->st_ex_dev) & UINT32_MAX)) << 32; /* FileIndexHigh */
112         return file_index;
113 }
114
115 /****************************************************************************
116  Utility functions for dealing with extended attributes.
117 ****************************************************************************/
118
119 /****************************************************************************
120  Refuse to allow clients to overwrite our private xattrs.
121 ****************************************************************************/
122
123 bool samba_private_attr_name(const char *unix_ea_name)
124 {
125         static const char * const prohibited_ea_names[] = {
126                 SAMBA_POSIX_INHERITANCE_EA_NAME,
127                 SAMBA_XATTR_DOS_ATTRIB,
128                 SAMBA_XATTR_MARKER,
129                 XATTR_NTACL_NAME,
130                 NULL
131         };
132
133         int i;
134
135         for (i = 0; prohibited_ea_names[i]; i++) {
136                 if (strequal( prohibited_ea_names[i], unix_ea_name))
137                         return true;
138         }
139         if (strncasecmp_m(unix_ea_name, SAMBA_XATTR_DOSSTREAM_PREFIX,
140                         strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) == 0) {
141                 return true;
142         }
143         return false;
144 }
145
146 /****************************************************************************
147  Get one EA value. Fill in a struct ea_struct.
148 ****************************************************************************/
149
150 NTSTATUS get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn,
151                       files_struct *fsp, const char *fname,
152                       const char *ea_name, struct ea_struct *pea)
153 {
154         /* Get the value of this xattr. Max size is 64k. */
155         size_t attr_size = 256;
156         char *val = NULL;
157         ssize_t sizeret;
158
159  again:
160
161         val = talloc_realloc(mem_ctx, val, char, attr_size);
162         if (!val) {
163                 return NT_STATUS_NO_MEMORY;
164         }
165
166         if (fsp && fsp->fh->fd != -1) {
167                 sizeret = SMB_VFS_FGETXATTR(fsp, ea_name, val, attr_size);
168         } else {
169                 sizeret = SMB_VFS_GETXATTR(conn, fname, ea_name, val, attr_size);
170         }
171
172         if (sizeret == -1 && errno == ERANGE && attr_size != 65536) {
173                 attr_size = 65536;
174                 goto again;
175         }
176
177         if (sizeret == -1) {
178                 return map_nt_error_from_unix(errno);
179         }
180
181         DEBUG(10,("get_ea_value: EA %s is of length %u\n", ea_name, (unsigned int)sizeret));
182         dump_data(10, (uint8 *)val, sizeret);
183
184         pea->flags = 0;
185         if (strnequal(ea_name, "user.", 5)) {
186                 pea->name = talloc_strdup(mem_ctx, &ea_name[5]);
187         } else {
188                 pea->name = talloc_strdup(mem_ctx, ea_name);
189         }
190         if (pea->name == NULL) {
191                 TALLOC_FREE(val);
192                 return NT_STATUS_NO_MEMORY;
193         }
194         pea->value.data = (unsigned char *)val;
195         pea->value.length = (size_t)sizeret;
196         return NT_STATUS_OK;
197 }
198
199 NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
200                                 files_struct *fsp, const char *fname,
201                                 char ***pnames, size_t *pnum_names)
202 {
203         /* Get a list of all xattrs. Max namesize is 64k. */
204         size_t ea_namelist_size = 1024;
205         char *ea_namelist = NULL;
206
207         char *p;
208         char **names, **tmp;
209         size_t num_names;
210         ssize_t sizeret = -1;
211
212         if (!lp_ea_support(SNUM(conn))) {
213                 if (pnames) {
214                         *pnames = NULL;
215                 }
216                 *pnum_names = 0;
217                 return NT_STATUS_OK;
218         }
219
220         /*
221          * TALLOC the result early to get the talloc hierarchy right.
222          */
223
224         names = talloc_array(mem_ctx, char *, 1);
225         if (names == NULL) {
226                 DEBUG(0, ("talloc failed\n"));
227                 return NT_STATUS_NO_MEMORY;
228         }
229
230         while (ea_namelist_size <= 65536) {
231
232                 ea_namelist = talloc_realloc(
233                         names, ea_namelist, char, ea_namelist_size);
234                 if (ea_namelist == NULL) {
235                         DEBUG(0, ("talloc failed\n"));
236                         TALLOC_FREE(names);
237                         return NT_STATUS_NO_MEMORY;
238                 }
239
240                 if (fsp && fsp->fh->fd != -1) {
241                         sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
242                                                      ea_namelist_size);
243                 } else {
244                         sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist,
245                                                     ea_namelist_size);
246                 }
247
248                 if ((sizeret == -1) && (errno == ERANGE)) {
249                         ea_namelist_size *= 2;
250                 }
251                 else {
252                         break;
253                 }
254         }
255
256         if (sizeret == -1) {
257                 TALLOC_FREE(names);
258                 return map_nt_error_from_unix(errno);
259         }
260
261         DEBUG(10, ("%s: ea_namelist size = %u\n",
262                    __func__, (unsigned int)sizeret));
263
264         if (sizeret == 0) {
265                 TALLOC_FREE(names);
266                 if (pnames) {
267                         *pnames = NULL;
268                 }
269                 *pnum_names = 0;
270                 return NT_STATUS_OK;
271         }
272
273         /*
274          * Ensure the result is 0-terminated
275          */
276
277         if (ea_namelist[sizeret-1] != '\0') {
278                 TALLOC_FREE(names);
279                 return NT_STATUS_INTERNAL_ERROR;
280         }
281
282         /*
283          * count the names
284          */
285         num_names = 0;
286
287         for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
288                 num_names += 1;
289         }
290
291         tmp = talloc_realloc(mem_ctx, names, char *, num_names);
292         if (tmp == NULL) {
293                 DEBUG(0, ("talloc failed\n"));
294                 TALLOC_FREE(names);
295                 return NT_STATUS_NO_MEMORY;
296         }
297
298         names = tmp;
299         num_names = 0;
300
301         for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
302                 names[num_names++] = p;
303         }
304
305         if (pnames) {
306                 *pnames = names;
307         } else {
308                 TALLOC_FREE(names);
309         }
310         *pnum_names = num_names;
311         return NT_STATUS_OK;
312 }
313
314 /****************************************************************************
315  Return a linked list of the total EA's. Plus the total size
316 ****************************************************************************/
317
318 static NTSTATUS get_ea_list_from_file_path(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
319                                       const char *fname, size_t *pea_total_len, struct ea_list **ea_list)
320 {
321         /* Get a list of all xattrs. Max namesize is 64k. */
322         size_t i, num_names;
323         char **names;
324         struct ea_list *ea_list_head = NULL;
325         NTSTATUS status;
326
327         *pea_total_len = 0;
328         *ea_list = NULL;
329
330         status = get_ea_names_from_file(talloc_tos(), conn, fsp, fname,
331                                         &names, &num_names);
332
333         if (!NT_STATUS_IS_OK(status)) {
334                 return status;
335         }
336
337         if (num_names == 0) {
338                 *ea_list = NULL;
339                 return NT_STATUS_OK;
340         }
341
342         for (i=0; i<num_names; i++) {
343                 struct ea_list *listp;
344                 fstring dos_ea_name;
345
346                 if (strnequal(names[i], "system.", 7)
347                     || samba_private_attr_name(names[i]))
348                         continue;
349
350                 /*
351                  * Filter out any underlying POSIX EA names
352                  * that a Windows client can't handle.
353                  */
354                 if (!lp_posix_pathnames() &&
355                                 is_invalid_windows_ea_name(names[i])) {
356                         continue;
357                 }
358
359                 listp = talloc(mem_ctx, struct ea_list);
360                 if (listp == NULL) {
361                         return NT_STATUS_NO_MEMORY;
362                 }
363
364                 status = get_ea_value(listp, conn, fsp,
365                                       fname, names[i],
366                                       &listp->ea);
367
368                 if (!NT_STATUS_IS_OK(status)) {
369                         TALLOC_FREE(listp);
370                         return status;
371                 }
372
373                 if (listp->ea.value.length == 0) {
374                         /*
375                          * We can never return a zero length EA.
376                          * Windows reports the EA's as corrupted.
377                          */
378                         TALLOC_FREE(listp);
379                         continue;
380                 }
381
382                 push_ascii_fstring(dos_ea_name, listp->ea.name);
383
384                 *pea_total_len +=
385                         4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
386
387                 DEBUG(10,("get_ea_list_from_file: total_len = %u, %s, val len "
388                           "= %u\n", (unsigned int)*pea_total_len, dos_ea_name,
389                           (unsigned int)listp->ea.value.length));
390
391                 DLIST_ADD_END(ea_list_head, listp, struct ea_list *);
392
393         }
394
395         /* Add on 4 for total length. */
396         if (*pea_total_len) {
397                 *pea_total_len += 4;
398         }
399
400         DEBUG(10, ("get_ea_list_from_file: total_len = %u\n",
401                    (unsigned int)*pea_total_len));
402
403         *ea_list = ea_list_head;
404         return NT_STATUS_OK;
405 }
406
407 static NTSTATUS get_ea_list_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
408                                       const struct smb_filename *smb_fname, size_t *pea_total_len, struct ea_list **ea_list)
409 {
410         *pea_total_len = 0;
411         *ea_list = NULL;
412
413         if (!lp_ea_support(SNUM(conn))) {
414                 return NT_STATUS_OK;
415         }
416
417         if (is_ntfs_stream_smb_fname(smb_fname)) {
418                 return NT_STATUS_INVALID_PARAMETER;
419         }
420
421         return get_ea_list_from_file_path(mem_ctx, conn, fsp, smb_fname->base_name, pea_total_len, ea_list);
422 }
423
424 /****************************************************************************
425  Fill a qfilepathinfo buffer with EA's. Returns the length of the buffer
426  that was filled.
427 ****************************************************************************/
428
429 static unsigned int fill_ea_buffer(TALLOC_CTX *mem_ctx, char *pdata, unsigned int total_data_size,
430         connection_struct *conn, struct ea_list *ea_list)
431 {
432         unsigned int ret_data_size = 4;
433         char *p = pdata;
434
435         SMB_ASSERT(total_data_size >= 4);
436
437         if (!lp_ea_support(SNUM(conn))) {
438                 SIVAL(pdata,4,0);
439                 return 4;
440         }
441
442         for (p = pdata + 4; ea_list; ea_list = ea_list->next) {
443                 size_t dos_namelen;
444                 fstring dos_ea_name;
445                 push_ascii_fstring(dos_ea_name, ea_list->ea.name);
446                 dos_namelen = strlen(dos_ea_name);
447                 if (dos_namelen > 255 || dos_namelen == 0) {
448                         break;
449                 }
450                 if (ea_list->ea.value.length > 65535) {
451                         break;
452                 }
453                 if (4 + dos_namelen + 1 + ea_list->ea.value.length > total_data_size) {
454                         break;
455                 }
456
457                 /* We know we have room. */
458                 SCVAL(p,0,ea_list->ea.flags);
459                 SCVAL(p,1,dos_namelen);
460                 SSVAL(p,2,ea_list->ea.value.length);
461                 strlcpy(p+4, dos_ea_name, dos_namelen+1);
462                 memcpy( p + 4 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length);
463
464                 total_data_size -= 4 + dos_namelen + 1 + ea_list->ea.value.length;
465                 p += 4 + dos_namelen + 1 + ea_list->ea.value.length;
466         }
467
468         ret_data_size = PTR_DIFF(p, pdata);
469         DEBUG(10,("fill_ea_buffer: data_size = %u\n", ret_data_size ));
470         SIVAL(pdata,0,ret_data_size);
471         return ret_data_size;
472 }
473
474 static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
475                                        char *pdata,
476                                        unsigned int total_data_size,
477                                        unsigned int *ret_data_size,
478                                        connection_struct *conn,
479                                        struct ea_list *ea_list)
480 {
481         uint8_t *p = (uint8_t *)pdata;
482         uint8_t *last_start = NULL;
483         bool do_store_data = (pdata != NULL);
484
485         *ret_data_size = 0;
486
487         if (!lp_ea_support(SNUM(conn))) {
488                 return NT_STATUS_NO_EAS_ON_FILE;
489         }
490
491         for (; ea_list; ea_list = ea_list->next) {
492                 size_t dos_namelen;
493                 fstring dos_ea_name;
494                 size_t this_size;
495                 size_t pad = 0;
496
497                 if (last_start != NULL && do_store_data) {
498                         SIVAL(last_start, 0, PTR_DIFF(p, last_start));
499                 }
500                 last_start = p;
501
502                 push_ascii_fstring(dos_ea_name, ea_list->ea.name);
503                 dos_namelen = strlen(dos_ea_name);
504                 if (dos_namelen > 255 || dos_namelen == 0) {
505                         return NT_STATUS_INTERNAL_ERROR;
506                 }
507                 if (ea_list->ea.value.length > 65535) {
508                         return NT_STATUS_INTERNAL_ERROR;
509                 }
510
511                 this_size = 0x08 + dos_namelen + 1 + ea_list->ea.value.length;
512
513                 if (ea_list->next) {
514                         pad = (4 - (this_size % 4)) % 4;
515                         this_size += pad;
516                 }
517
518                 if (do_store_data) {
519                         if (this_size > total_data_size) {
520                                 return NT_STATUS_INFO_LENGTH_MISMATCH;
521                         }
522
523                         /* We know we have room. */
524                         SIVAL(p, 0x00, 0); /* next offset */
525                         SCVAL(p, 0x04, ea_list->ea.flags);
526                         SCVAL(p, 0x05, dos_namelen);
527                         SSVAL(p, 0x06, ea_list->ea.value.length);
528                         strlcpy((char *)(p+0x08), dos_ea_name, dos_namelen+1);
529                         memcpy(p + 0x08 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length);
530                         if (pad) {
531                                 memset(p + 0x08 + dos_namelen + 1 + ea_list->ea.value.length,
532                                         '\0',
533                                         pad);
534                         }
535                         total_data_size -= this_size;
536                 }
537
538                 p += this_size;
539         }
540
541         *ret_data_size = PTR_DIFF(p, pdata);
542         DEBUG(10,("fill_ea_chained_buffer: data_size = %u\n", *ret_data_size));
543         return NT_STATUS_OK;
544 }
545
546 static unsigned int estimate_ea_size(connection_struct *conn, files_struct *fsp, const struct smb_filename *smb_fname)
547 {
548         size_t total_ea_len = 0;
549         TALLOC_CTX *mem_ctx;
550         struct ea_list *ea_list = NULL;
551
552         if (!lp_ea_support(SNUM(conn))) {
553                 return 0;
554         }
555         mem_ctx = talloc_stackframe();
556
557         /* If this is a stream fsp, then we need to instead find the
558          * estimated ea len from the main file, not the stream
559          * (streams cannot have EAs), but the estimate isn't just 0 in
560          * this case! */
561         if (is_ntfs_stream_smb_fname(smb_fname)) {
562                 fsp = NULL;
563         }
564         (void)get_ea_list_from_file_path(mem_ctx, conn, fsp, smb_fname->base_name, &total_ea_len, &ea_list);
565         if(conn->sconn->using_smb2) {
566                 NTSTATUS status;
567                 unsigned int ret_data_size;
568                 /*
569                  * We're going to be using fill_ea_chained_buffer() to
570                  * marshall EA's - this size is significantly larger
571                  * than the SMB1 buffer. Re-calculate the size without
572                  * marshalling.
573                  */
574                 status = fill_ea_chained_buffer(mem_ctx,
575                                                 NULL,
576                                                 0,
577                                                 &ret_data_size,
578                                                 conn,
579                                                 ea_list);
580                 if (!NT_STATUS_IS_OK(status)) {
581                         ret_data_size = 0;
582                 }
583                 total_ea_len = ret_data_size;
584         }
585         TALLOC_FREE(mem_ctx);
586         return total_ea_len;
587 }
588
589 /****************************************************************************
590  Ensure the EA name is case insensitive by matching any existing EA name.
591 ****************************************************************************/
592
593 static void canonicalize_ea_name(connection_struct *conn, files_struct *fsp, const char *fname, fstring unix_ea_name)
594 {
595         size_t total_ea_len;
596         TALLOC_CTX *mem_ctx = talloc_tos();
597         struct ea_list *ea_list;
598         NTSTATUS status = get_ea_list_from_file_path(mem_ctx, conn, fsp, fname, &total_ea_len, &ea_list);
599         if (!NT_STATUS_IS_OK(status)) {
600                 return;
601         }
602
603         for (; ea_list; ea_list = ea_list->next) {
604                 if (strequal(&unix_ea_name[5], ea_list->ea.name)) {
605                         DEBUG(10,("canonicalize_ea_name: %s -> %s\n",
606                                 &unix_ea_name[5], ea_list->ea.name));
607                         strlcpy(&unix_ea_name[5], ea_list->ea.name, sizeof(fstring)-5);
608                         break;
609                 }
610         }
611 }
612
613 /****************************************************************************
614  Set or delete an extended attribute.
615 ****************************************************************************/
616
617 NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
618                 const struct smb_filename *smb_fname, struct ea_list *ea_list)
619 {
620         NTSTATUS status;
621         char *fname = NULL;
622
623         if (!lp_ea_support(SNUM(conn))) {
624                 return NT_STATUS_EAS_NOT_SUPPORTED;
625         }
626
627         status = check_access(conn, fsp, smb_fname, FILE_WRITE_EA);
628         if (!NT_STATUS_IS_OK(status)) {
629                 return status;
630         }
631
632         /* Setting EAs on streams isn't supported. */
633         if (is_ntfs_stream_smb_fname(smb_fname)) {
634                 return NT_STATUS_INVALID_PARAMETER;
635         }
636
637         /*
638          * Filter out invalid Windows EA names - before
639          * we set *any* of them.
640          */
641
642         if (ea_list_has_invalid_name(ea_list)) {
643                 return STATUS_INVALID_EA_NAME;
644         }
645
646         fname = smb_fname->base_name;
647
648         for (;ea_list; ea_list = ea_list->next) {
649                 int ret;
650                 fstring unix_ea_name;
651
652                 fstrcpy(unix_ea_name, "user."); /* All EA's must start with user. */
653                 fstrcat(unix_ea_name, ea_list->ea.name);
654
655                 canonicalize_ea_name(conn, fsp, fname, unix_ea_name);
656
657                 DEBUG(10,("set_ea: ea_name %s ealen = %u\n", unix_ea_name, (unsigned int)ea_list->ea.value.length));
658
659                 if (samba_private_attr_name(unix_ea_name)) {
660                         DEBUG(10,("set_ea: ea name %s is a private Samba name.\n", unix_ea_name));
661                         return NT_STATUS_ACCESS_DENIED;
662                 }
663
664                 if (ea_list->ea.value.length == 0) {
665                         /* Remove the attribute. */
666                         if (fsp && (fsp->fh->fd != -1)) {
667                                 DEBUG(10,("set_ea: deleting ea name %s on "
668                                           "file %s by file descriptor.\n",
669                                           unix_ea_name, fsp_str_dbg(fsp)));
670                                 ret = SMB_VFS_FREMOVEXATTR(fsp, unix_ea_name);
671                         } else {
672                                 DEBUG(10,("set_ea: deleting ea name %s on file %s.\n",
673                                         unix_ea_name, fname));
674                                 ret = SMB_VFS_REMOVEXATTR(conn, fname, unix_ea_name);
675                         }
676 #ifdef ENOATTR
677                         /* Removing a non existent attribute always succeeds. */
678                         if (ret == -1 && errno == ENOATTR) {
679                                 DEBUG(10,("set_ea: deleting ea name %s didn't exist - succeeding by default.\n",
680                                                 unix_ea_name));
681                                 ret = 0;
682                         }
683 #endif
684                 } else {
685                         if (fsp && (fsp->fh->fd != -1)) {
686                                 DEBUG(10,("set_ea: setting ea name %s on file "
687                                           "%s by file descriptor.\n",
688                                           unix_ea_name, fsp_str_dbg(fsp)));
689                                 ret = SMB_VFS_FSETXATTR(fsp, unix_ea_name,
690                                                         ea_list->ea.value.data, ea_list->ea.value.length, 0);
691                         } else {
692                                 DEBUG(10,("set_ea: setting ea name %s on file %s.\n",
693                                         unix_ea_name, fname));
694                                 ret = SMB_VFS_SETXATTR(conn, fname, unix_ea_name,
695                                                         ea_list->ea.value.data, ea_list->ea.value.length, 0);
696                         }
697                 }
698
699                 if (ret == -1) {
700 #ifdef ENOTSUP
701                         if (errno == ENOTSUP) {
702                                 return NT_STATUS_EAS_NOT_SUPPORTED;
703                         }
704 #endif
705                         return map_nt_error_from_unix(errno);
706                 }
707
708         }
709         return NT_STATUS_OK;
710 }
711 /****************************************************************************
712  Read a list of EA names from an incoming data buffer. Create an ea_list with them.
713 ****************************************************************************/
714
715 static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
716 {
717         struct ea_list *ea_list_head = NULL;
718         size_t converted_size, offset = 0;
719
720         while (offset + 2 < data_size) {
721                 struct ea_list *eal = talloc_zero(ctx, struct ea_list);
722                 unsigned int namelen = CVAL(pdata,offset);
723
724                 offset++; /* Go past the namelen byte. */
725
726                 /* integer wrap paranioa. */
727                 if ((offset + namelen < offset) || (offset + namelen < namelen) ||
728                                 (offset > data_size) || (namelen > data_size) ||
729                                 (offset + namelen >= data_size)) {
730                         break;
731                 }
732                 /* Ensure the name is null terminated. */
733                 if (pdata[offset + namelen] != '\0') {
734                         return NULL;
735                 }
736                 if (!pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset],
737                                        &converted_size)) {
738                         DEBUG(0,("read_ea_name_list: pull_ascii_talloc "
739                                  "failed: %s", strerror(errno)));
740                 }
741                 if (!eal->ea.name) {
742                         return NULL;
743                 }
744
745                 offset += (namelen + 1); /* Go past the name + terminating zero. */
746                 DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
747                 DEBUG(10,("read_ea_name_list: read ea name %s\n", eal->ea.name));
748         }
749
750         return ea_list_head;
751 }
752
753 /****************************************************************************
754  Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
755 ****************************************************************************/
756
757 static struct ea_list *read_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
758 {
759         struct ea_list *ea_list_head = NULL;
760         size_t offset = 0;
761         size_t bytes_used = 0;
762
763         while (offset < data_size) {
764                 struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset, data_size - offset, &bytes_used);
765
766                 if (!eal) {
767                         return NULL;
768                 }
769
770                 DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
771                 offset += bytes_used;
772         }
773
774         return ea_list_head;
775 }
776
777 /****************************************************************************
778  Count the total EA size needed.
779 ****************************************************************************/
780
781 static size_t ea_list_size(struct ea_list *ealist)
782 {
783         fstring dos_ea_name;
784         struct ea_list *listp;
785         size_t ret = 0;
786
787         for (listp = ealist; listp; listp = listp->next) {
788                 push_ascii_fstring(dos_ea_name, listp->ea.name);
789                 ret += 4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
790         }
791         /* Add on 4 for total length. */
792         if (ret) {
793                 ret += 4;
794         }
795
796         return ret;
797 }
798
799 /****************************************************************************
800  Return a union of EA's from a file list and a list of names.
801  The TALLOC context for the two lists *MUST* be identical as we steal
802  memory from one list to add to another. JRA.
803 ****************************************************************************/
804
805 static struct ea_list *ea_list_union(struct ea_list *name_list, struct ea_list *file_list, size_t *total_ea_len)
806 {
807         struct ea_list *nlistp, *flistp;
808
809         for (nlistp = name_list; nlistp; nlistp = nlistp->next) {
810                 for (flistp = file_list; flistp; flistp = flistp->next) {
811                         if (strequal(nlistp->ea.name, flistp->ea.name)) {
812                                 break;
813                         }
814                 }
815
816                 if (flistp) {
817                         /* Copy the data from this entry. */
818                         nlistp->ea.flags = flistp->ea.flags;
819                         nlistp->ea.value = flistp->ea.value;
820                 } else {
821                         /* Null entry. */
822                         nlistp->ea.flags = 0;
823                         ZERO_STRUCT(nlistp->ea.value);
824                 }
825         }
826
827         *total_ea_len = ea_list_size(name_list);
828         return name_list;
829 }
830
831 /****************************************************************************
832   Send the required number of replies back.
833   We assume all fields other than the data fields are
834   set correctly for the type of call.
835   HACK ! Always assumes smb_setup field is zero.
836 ****************************************************************************/
837
838 void send_trans2_replies(connection_struct *conn,
839                         struct smb_request *req,
840                         NTSTATUS status,
841                          const char *params,
842                          int paramsize,
843                          const char *pdata,
844                          int datasize,
845                          int max_data_bytes)
846 {
847         /* As we are using a protocol > LANMAN1 then the max_send
848          variable must have been set in the sessetupX call.
849          This takes precedence over the max_xmit field in the
850          global struct. These different max_xmit variables should
851          be merged as this is now too confusing */
852
853         int data_to_send = datasize;
854         int params_to_send = paramsize;
855         int useable_space;
856         const char *pp = params;
857         const char *pd = pdata;
858         int params_sent_thistime, data_sent_thistime, total_sent_thistime;
859         int alignment_offset = 1; /* JRA. This used to be 3. Set to 1 to make netmon parse ok. */
860         int data_alignment_offset = 0;
861         bool overflow = False;
862         struct smbXsrv_connection *xconn = req->xconn;
863         struct smbd_server_connection *sconn = xconn->sconn;
864         int max_send = xconn->smb1.sessions.max_send;
865
866         /* Modify the data_to_send and datasize and set the error if
867            we're trying to send more than max_data_bytes. We still send
868            the part of the packet(s) that fit. Strange, but needed
869            for OS/2. */
870
871         if (max_data_bytes > 0 && datasize > max_data_bytes) {
872                 DEBUG(5,("send_trans2_replies: max_data_bytes %d exceeded by data %d\n",
873                         max_data_bytes, datasize ));
874                 datasize = data_to_send = max_data_bytes;
875                 overflow = True;
876         }
877
878         /* If there genuinely are no parameters or data to send just send the empty packet */
879
880         if(params_to_send == 0 && data_to_send == 0) {
881                 reply_outbuf(req, 10, 0);
882                 if (NT_STATUS_V(status)) {
883                         uint8_t eclass;
884                         uint32_t ecode;
885                         ntstatus_to_dos(status, &eclass, &ecode);
886                         error_packet_set((char *)req->outbuf,
887                                         eclass, ecode, status,
888                                         __LINE__,__FILE__);
889                 }
890                 show_msg((char *)req->outbuf);
891                 if (!srv_send_smb(sconn,
892                                 (char *)req->outbuf,
893                                 true, req->seqnum+1,
894                                 IS_CONN_ENCRYPTED(conn),
895                                 &req->pcd)) {
896                         exit_server_cleanly("send_trans2_replies: srv_send_smb failed.");
897                 }
898                 TALLOC_FREE(req->outbuf);
899                 return;
900         }
901
902         /* When sending params and data ensure that both are nicely aligned */
903         /* Only do this alignment when there is also data to send - else
904                 can cause NT redirector problems. */
905
906         if (((params_to_send % 4) != 0) && (data_to_send != 0))
907                 data_alignment_offset = 4 - (params_to_send % 4);
908
909         /* Space is bufsize minus Netbios over TCP header minus SMB header */
910         /* The alignment_offset is to align the param bytes on an even byte
911                 boundary. NT 4.0 Beta needs this to work correctly. */
912
913         useable_space = max_send - (smb_size
914                                     + 2 * 10 /* wct */
915                                     + alignment_offset
916                                     + data_alignment_offset);
917
918         if (useable_space < 0) {
919                 DEBUG(0, ("send_trans2_replies failed sanity useable_space "
920                           "= %d!!!", useable_space));
921                 exit_server_cleanly("send_trans2_replies: Not enough space");
922         }
923
924         while (params_to_send || data_to_send) {
925                 /* Calculate whether we will totally or partially fill this packet */
926
927                 total_sent_thistime = params_to_send + data_to_send;
928
929                 /* We can never send more than useable_space */
930                 /*
931                  * Note that 'useable_space' does not include the alignment offsets,
932                  * but we must include the alignment offsets in the calculation of
933                  * the length of the data we send over the wire, as the alignment offsets
934                  * are sent here. Fix from Marc_Jacobsen@hp.com.
935                  */
936
937                 total_sent_thistime = MIN(total_sent_thistime, useable_space);
938
939                 reply_outbuf(req, 10, total_sent_thistime + alignment_offset
940                              + data_alignment_offset);
941
942                 /* Set total params and data to be sent */
943                 SSVAL(req->outbuf,smb_tprcnt,paramsize);
944                 SSVAL(req->outbuf,smb_tdrcnt,datasize);
945
946                 /* Calculate how many parameters and data we can fit into
947                  * this packet. Parameters get precedence
948                  */
949
950                 params_sent_thistime = MIN(params_to_send,useable_space);
951                 data_sent_thistime = useable_space - params_sent_thistime;
952                 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
953
954                 SSVAL(req->outbuf,smb_prcnt, params_sent_thistime);
955
956                 /* smb_proff is the offset from the start of the SMB header to the
957                         parameter bytes, however the first 4 bytes of outbuf are
958                         the Netbios over TCP header. Thus use smb_base() to subtract
959                         them from the calculation */
960
961                 SSVAL(req->outbuf,smb_proff,
962                       ((smb_buf(req->outbuf)+alignment_offset)
963                        - smb_base(req->outbuf)));
964
965                 if(params_sent_thistime == 0)
966                         SSVAL(req->outbuf,smb_prdisp,0);
967                 else
968                         /* Absolute displacement of param bytes sent in this packet */
969                         SSVAL(req->outbuf,smb_prdisp,pp - params);
970
971                 SSVAL(req->outbuf,smb_drcnt, data_sent_thistime);
972                 if(data_sent_thistime == 0) {
973                         SSVAL(req->outbuf,smb_droff,0);
974                         SSVAL(req->outbuf,smb_drdisp, 0);
975                 } else {
976                         /* The offset of the data bytes is the offset of the
977                                 parameter bytes plus the number of parameters being sent this time */
978                         SSVAL(req->outbuf, smb_droff,
979                               ((smb_buf(req->outbuf)+alignment_offset)
980                                - smb_base(req->outbuf))
981                               + params_sent_thistime + data_alignment_offset);
982                         SSVAL(req->outbuf,smb_drdisp, pd - pdata);
983                 }
984
985                 /* Initialize the padding for alignment */
986
987                 if (alignment_offset != 0) {
988                         memset(smb_buf(req->outbuf), 0, alignment_offset);
989                 }
990
991                 /* Copy the param bytes into the packet */
992
993                 if(params_sent_thistime) {
994                         memcpy((smb_buf(req->outbuf)+alignment_offset), pp,
995                                params_sent_thistime);
996                 }
997
998                 /* Copy in the data bytes */
999                 if(data_sent_thistime) {
1000                         if (data_alignment_offset != 0) {
1001                                 memset((smb_buf(req->outbuf)+alignment_offset+
1002                                         params_sent_thistime), 0,
1003                                        data_alignment_offset);
1004                         }
1005                         memcpy(smb_buf(req->outbuf)+alignment_offset
1006                                +params_sent_thistime+data_alignment_offset,
1007                                pd,data_sent_thistime);
1008                 }
1009
1010                 DEBUG(9,("t2_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
1011                         params_sent_thistime, data_sent_thistime, useable_space));
1012                 DEBUG(9,("t2_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
1013                         params_to_send, data_to_send, paramsize, datasize));
1014
1015                 if (overflow) {
1016                         error_packet_set((char *)req->outbuf,
1017                                          ERRDOS,ERRbufferoverflow,
1018                                          STATUS_BUFFER_OVERFLOW,
1019                                          __LINE__,__FILE__);
1020                 } else if (NT_STATUS_V(status)) {
1021                         uint8_t eclass;
1022                         uint32_t ecode;
1023                         ntstatus_to_dos(status, &eclass, &ecode);
1024                         error_packet_set((char *)req->outbuf,
1025                                         eclass, ecode, status,
1026                                         __LINE__,__FILE__);
1027                 }
1028
1029                 /* Send the packet */
1030                 show_msg((char *)req->outbuf);
1031                 if (!srv_send_smb(sconn,
1032                                 (char *)req->outbuf,
1033                                 true, req->seqnum+1,
1034                                 IS_CONN_ENCRYPTED(conn),
1035                                 &req->pcd))
1036                         exit_server_cleanly("send_trans2_replies: srv_send_smb failed.");
1037
1038                 TALLOC_FREE(req->outbuf);
1039
1040                 pp += params_sent_thistime;
1041                 pd += data_sent_thistime;
1042
1043                 params_to_send -= params_sent_thistime;
1044                 data_to_send -= data_sent_thistime;
1045
1046                 /* Sanity check */
1047                 if(params_to_send < 0 || data_to_send < 0) {
1048                         DEBUG(0,("send_trans2_replies failed sanity check pts = %d, dts = %d\n!!!",
1049                                 params_to_send, data_to_send));
1050                         return;
1051                 }
1052         }
1053
1054         return;
1055 }
1056
1057 /****************************************************************************
1058  Reply to a TRANSACT2_OPEN.
1059 ****************************************************************************/
1060
1061 static void call_trans2open(connection_struct *conn,
1062                             struct smb_request *req,
1063                             char **pparams, int total_params,
1064                             char **ppdata, int total_data,
1065                             unsigned int max_data_bytes)
1066 {
1067         struct smb_filename *smb_fname = NULL;
1068         char *params = *pparams;
1069         char *pdata = *ppdata;
1070         int deny_mode;
1071         int32 open_attr;
1072         bool oplock_request;
1073 #if 0
1074         bool return_additional_info;
1075         int16 open_sattr;
1076         time_t open_time;
1077 #endif
1078         int open_ofun;
1079         uint32 open_size;
1080         char *pname;
1081         char *fname = NULL;
1082         off_t size=0;
1083         int fattr=0,mtime=0;
1084         SMB_INO_T inode = 0;
1085         int smb_action = 0;
1086         files_struct *fsp;
1087         struct ea_list *ea_list = NULL;
1088         uint16 flags = 0;
1089         NTSTATUS status;
1090         uint32 access_mask;
1091         uint32 share_mode;
1092         uint32 create_disposition;
1093         uint32 create_options = 0;
1094         uint32_t private_flags = 0;
1095         TALLOC_CTX *ctx = talloc_tos();
1096
1097         /*
1098          * Ensure we have enough parameters to perform the operation.
1099          */
1100
1101         if (total_params < 29) {
1102                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1103                 goto out;
1104         }
1105
1106         flags = SVAL(params, 0);
1107         deny_mode = SVAL(params, 2);
1108         open_attr = SVAL(params,6);
1109         oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1110         if (oplock_request) {
1111                 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
1112         }
1113
1114 #if 0
1115         return_additional_info = BITSETW(params,0);
1116         open_sattr = SVAL(params, 4);
1117         open_time = make_unix_date3(params+8);
1118 #endif
1119         open_ofun = SVAL(params,12);
1120         open_size = IVAL(params,14);
1121         pname = &params[28];
1122
1123         if (IS_IPC(conn)) {
1124                 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1125                 goto out;
1126         }
1127
1128         srvstr_get_path(ctx, params, req->flags2, &fname, pname,
1129                         total_params - 28, STR_TERMINATE,
1130                         &status);
1131         if (!NT_STATUS_IS_OK(status)) {
1132                 reply_nterror(req, status);
1133                 goto out;
1134         }
1135
1136         DEBUG(3,("call_trans2open %s deny_mode=0x%x attr=%d ofun=0x%x size=%d\n",
1137                 fname, (unsigned int)deny_mode, (unsigned int)open_attr,
1138                 (unsigned int)open_ofun, open_size));
1139
1140         status = filename_convert(ctx,
1141                                 conn,
1142                                 req->flags2 & FLAGS2_DFS_PATHNAMES,
1143                                 fname,
1144                                 0,
1145                                 NULL,
1146                                 &smb_fname);
1147         if (!NT_STATUS_IS_OK(status)) {
1148                 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1149                         reply_botherror(req,
1150                                 NT_STATUS_PATH_NOT_COVERED,
1151                                 ERRSRV, ERRbadpath);
1152                         goto out;
1153                 }
1154                 reply_nterror(req, status);
1155                 goto out;
1156         }
1157
1158         if (open_ofun == 0) {
1159                 reply_nterror(req, NT_STATUS_OBJECT_NAME_COLLISION);
1160                 goto out;
1161         }
1162
1163         if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
1164                                          open_ofun,
1165                                          &access_mask, &share_mode,
1166                                          &create_disposition,
1167                                          &create_options,
1168                                          &private_flags)) {
1169                 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1170                 goto out;
1171         }
1172
1173         /* Any data in this call is an EA list. */
1174         if (total_data && (total_data != 4)) {
1175                 if (total_data < 10) {
1176                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1177                         goto out;
1178                 }
1179
1180                 if (IVAL(pdata,0) > total_data) {
1181                         DEBUG(10,("call_trans2open: bad total data size (%u) > %u\n",
1182                                 IVAL(pdata,0), (unsigned int)total_data));
1183                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1184                         goto out;
1185                 }
1186
1187                 ea_list = read_ea_list(talloc_tos(), pdata + 4,
1188                                        total_data - 4);
1189                 if (!ea_list) {
1190                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1191                         goto out;
1192                 }
1193
1194                 if (!lp_ea_support(SNUM(conn))) {
1195                         reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
1196                         goto out;
1197                 }
1198
1199                 if (ea_list_has_invalid_name(ea_list)) {
1200                         int param_len = 30;
1201                         *pparams = (char *)SMB_REALLOC(*pparams, param_len);
1202                         if(*pparams == NULL ) {
1203                                 reply_nterror(req, NT_STATUS_NO_MEMORY);
1204                                 goto out;
1205                         }
1206                         params = *pparams;
1207                         memset(params, '\0', param_len);
1208                         send_trans2_replies(conn, req, STATUS_INVALID_EA_NAME,
1209                                 params, param_len, NULL, 0, max_data_bytes);
1210                         goto out;
1211                 }
1212         }
1213
1214         status = SMB_VFS_CREATE_FILE(
1215                 conn,                                   /* conn */
1216                 req,                                    /* req */
1217                 0,                                      /* root_dir_fid */
1218                 smb_fname,                              /* fname */
1219                 access_mask,                            /* access_mask */
1220                 share_mode,                             /* share_access */
1221                 create_disposition,                     /* create_disposition*/
1222                 create_options,                         /* create_options */
1223                 open_attr,                              /* file_attributes */
1224                 oplock_request,                         /* oplock_request */
1225                 NULL,                                   /* lease */
1226                 open_size,                              /* allocation_size */
1227                 private_flags,
1228                 NULL,                                   /* sd */
1229                 ea_list,                                /* ea_list */
1230                 &fsp,                                   /* result */
1231                 &smb_action);                           /* psbuf */
1232
1233         if (!NT_STATUS_IS_OK(status)) {
1234                 if (open_was_deferred(req->sconn, req->mid)) {
1235                         /* We have re-scheduled this call. */
1236                         goto out;
1237                 }
1238                 reply_openerror(req, status);
1239                 goto out;
1240         }
1241
1242         size = get_file_size_stat(&smb_fname->st);
1243         fattr = dos_mode(conn, smb_fname);
1244         mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1245         inode = smb_fname->st.st_ex_ino;
1246         if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
1247                 close_file(req, fsp, ERROR_CLOSE);
1248                 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1249                 goto out;
1250         }
1251
1252         /* Realloc the size of parameters and data we will return */
1253         *pparams = (char *)SMB_REALLOC(*pparams, 30);
1254         if(*pparams == NULL ) {
1255                 reply_nterror(req, NT_STATUS_NO_MEMORY);
1256                 goto out;
1257         }
1258         params = *pparams;
1259
1260         SSVAL(params,0,fsp->fnum);
1261         SSVAL(params,2,fattr);
1262         srv_put_dos_date2(params,4, mtime);
1263         SIVAL(params,8, (uint32)size);
1264         SSVAL(params,12,deny_mode);
1265         SSVAL(params,14,0); /* open_type - file or directory. */
1266         SSVAL(params,16,0); /* open_state - only valid for IPC device. */
1267
1268         if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1269                 smb_action |= EXTENDED_OPLOCK_GRANTED;
1270         }
1271
1272         SSVAL(params,18,smb_action);
1273
1274         /*
1275          * WARNING - this may need to be changed if SMB_INO_T <> 4 bytes.
1276          */
1277         SIVAL(params,20,inode);
1278         SSVAL(params,24,0); /* Padding. */
1279         if (flags & 8) {
1280                 uint32 ea_size = estimate_ea_size(conn, fsp,
1281                                                   smb_fname);
1282                 SIVAL(params, 26, ea_size);
1283         } else {
1284                 SIVAL(params, 26, 0);
1285         }
1286
1287         /* Send the required number of replies */
1288         send_trans2_replies(conn, req, NT_STATUS_OK, params, 30, *ppdata, 0, max_data_bytes);
1289  out:
1290         TALLOC_FREE(smb_fname);
1291 }
1292
1293 /*********************************************************
1294  Routine to check if a given string matches exactly.
1295  as a special case a mask of "." does NOT match. That
1296  is required for correct wildcard semantics
1297  Case can be significant or not.
1298 **********************************************************/
1299
1300 static bool exact_match(bool has_wild,
1301                         bool case_sensitive,
1302                         const char *str,
1303                         const char *mask)
1304 {
1305         if (mask[0] == '.' && mask[1] == 0) {
1306                 return false;
1307         }
1308
1309         if (has_wild) {
1310                 return false;
1311         }
1312
1313         if (case_sensitive) {
1314                 return strcmp(str,mask)==0;
1315         } else {
1316                 return strcasecmp_m(str,mask) == 0;
1317         }
1318 }
1319
1320 /****************************************************************************
1321  Return the filetype for UNIX extensions.
1322 ****************************************************************************/
1323
1324 static uint32 unix_filetype(mode_t mode)
1325 {
1326         if(S_ISREG(mode))
1327                 return UNIX_TYPE_FILE;
1328         else if(S_ISDIR(mode))
1329                 return UNIX_TYPE_DIR;
1330 #ifdef S_ISLNK
1331         else if(S_ISLNK(mode))
1332                 return UNIX_TYPE_SYMLINK;
1333 #endif
1334 #ifdef S_ISCHR
1335         else if(S_ISCHR(mode))
1336                 return UNIX_TYPE_CHARDEV;
1337 #endif
1338 #ifdef S_ISBLK
1339         else if(S_ISBLK(mode))
1340                 return UNIX_TYPE_BLKDEV;
1341 #endif
1342 #ifdef S_ISFIFO
1343         else if(S_ISFIFO(mode))
1344                 return UNIX_TYPE_FIFO;
1345 #endif
1346 #ifdef S_ISSOCK
1347         else if(S_ISSOCK(mode))
1348                 return UNIX_TYPE_SOCKET;
1349 #endif
1350
1351         DEBUG(0,("unix_filetype: unknown filetype %u\n", (unsigned)mode));
1352         return UNIX_TYPE_UNKNOWN;
1353 }
1354
1355 /****************************************************************************
1356  Map wire perms onto standard UNIX permissions. Obey share restrictions.
1357 ****************************************************************************/
1358
1359 enum perm_type { PERM_NEW_FILE, PERM_NEW_DIR, PERM_EXISTING_FILE, PERM_EXISTING_DIR};
1360
1361 static NTSTATUS unix_perms_from_wire( connection_struct *conn,
1362                                 const SMB_STRUCT_STAT *psbuf,
1363                                 uint32 perms,
1364                                 enum perm_type ptype,
1365                                 mode_t *ret_perms)
1366 {
1367         mode_t ret = 0;
1368
1369         if (perms == SMB_MODE_NO_CHANGE) {
1370                 if (!VALID_STAT(*psbuf)) {
1371                         return NT_STATUS_INVALID_PARAMETER;
1372                 } else {
1373                         *ret_perms = psbuf->st_ex_mode;
1374                         return NT_STATUS_OK;
1375                 }
1376         }
1377
1378         ret |= ((perms & UNIX_X_OTH ) ? S_IXOTH : 0);
1379         ret |= ((perms & UNIX_W_OTH ) ? S_IWOTH : 0);
1380         ret |= ((perms & UNIX_R_OTH ) ? S_IROTH : 0);
1381         ret |= ((perms & UNIX_X_GRP ) ? S_IXGRP : 0);
1382         ret |= ((perms & UNIX_W_GRP ) ? S_IWGRP : 0);
1383         ret |= ((perms & UNIX_R_GRP ) ? S_IRGRP : 0);
1384         ret |= ((perms & UNIX_X_USR ) ? S_IXUSR : 0);
1385         ret |= ((perms & UNIX_W_USR ) ? S_IWUSR : 0);
1386         ret |= ((perms & UNIX_R_USR ) ? S_IRUSR : 0);
1387 #ifdef S_ISVTX
1388         ret |= ((perms & UNIX_STICKY ) ? S_ISVTX : 0);
1389 #endif
1390 #ifdef S_ISGID
1391         ret |= ((perms & UNIX_SET_GID ) ? S_ISGID : 0);
1392 #endif
1393 #ifdef S_ISUID
1394         ret |= ((perms & UNIX_SET_UID ) ? S_ISUID : 0);
1395 #endif
1396
1397         if (ptype == PERM_NEW_FILE) {
1398                 /*
1399                  * "create mask"/"force create mode" are
1400                  * only applied to new files, not existing ones.
1401                  */
1402                 ret &= lp_create_mask(SNUM(conn));
1403                 /* Add in force bits */
1404                 ret |= lp_force_create_mode(SNUM(conn));
1405         } else if (ptype == PERM_NEW_DIR) {
1406                 /*
1407                  * "directory mask"/"force directory mode" are
1408                  * only applied to new directories, not existing ones.
1409                  */
1410                 ret &= lp_directory_mask(SNUM(conn));
1411                 /* Add in force bits */
1412                 ret |= lp_force_directory_mode(SNUM(conn));
1413         }
1414
1415         *ret_perms = ret;
1416         return NT_STATUS_OK;
1417 }
1418
1419 /****************************************************************************
1420  Needed to show the msdfs symlinks as directories. Modifies psbuf
1421  to be a directory if it's a msdfs link.
1422 ****************************************************************************/
1423
1424 static bool check_msdfs_link(connection_struct *conn,
1425                                 const char *pathname,
1426                                 SMB_STRUCT_STAT *psbuf)
1427 {
1428         int saved_errno = errno;
1429         if(lp_host_msdfs() &&
1430                 lp_msdfs_root(SNUM(conn)) &&
1431                 is_msdfs_link(conn, pathname, psbuf)) {
1432
1433                 DEBUG(5,("check_msdfs_link: Masquerading msdfs link %s "
1434                         "as a directory\n",
1435                         pathname));
1436                 psbuf->st_ex_mode = (psbuf->st_ex_mode & 0xFFF) | S_IFDIR;
1437                 errno = saved_errno;
1438                 return true;
1439         }
1440         errno = saved_errno;
1441         return false;
1442 }
1443
1444
1445 /****************************************************************************
1446  Get a level dependent lanman2 dir entry.
1447 ****************************************************************************/
1448
1449 struct smbd_dirptr_lanman2_state {
1450         connection_struct *conn;
1451         uint32_t info_level;
1452         bool check_mangled_names;
1453         bool has_wild;
1454         bool got_exact_match;
1455 };
1456
1457 static bool smbd_dirptr_lanman2_match_fn(TALLOC_CTX *ctx,
1458                                          void *private_data,
1459                                          const char *dname,
1460                                          const char *mask,
1461                                          char **_fname)
1462 {
1463         struct smbd_dirptr_lanman2_state *state =
1464                 (struct smbd_dirptr_lanman2_state *)private_data;
1465         bool ok;
1466         char mangled_name[13]; /* mangled 8.3 name. */
1467         bool got_match;
1468         const char *fname;
1469
1470         /* Mangle fname if it's an illegal name. */
1471         if (mangle_must_mangle(dname, state->conn->params)) {
1472                 ok = name_to_8_3(dname, mangled_name,
1473                                  true, state->conn->params);
1474                 if (!ok) {
1475                         return false;
1476                 }
1477                 fname = mangled_name;
1478         } else {
1479                 fname = dname;
1480         }
1481
1482         got_match = exact_match(state->has_wild,
1483                                 state->conn->case_sensitive,
1484                                 fname, mask);
1485         state->got_exact_match = got_match;
1486         if (!got_match) {
1487                 got_match = mask_match(fname, mask,
1488                                        state->conn->case_sensitive);
1489         }
1490
1491         if(!got_match && state->check_mangled_names &&
1492            !mangle_is_8_3(fname, false, state->conn->params)) {
1493                 /*
1494                  * It turns out that NT matches wildcards against
1495                  * both long *and* short names. This may explain some
1496                  * of the wildcard wierdness from old DOS clients
1497                  * that some people have been seeing.... JRA.
1498                  */
1499                 /* Force the mangling into 8.3. */
1500                 ok = name_to_8_3(fname, mangled_name,
1501                                  false, state->conn->params);
1502                 if (!ok) {
1503                         return false;
1504                 }
1505
1506                 got_match = exact_match(state->has_wild,
1507                                         state->conn->case_sensitive,
1508                                         mangled_name, mask);
1509                 state->got_exact_match = got_match;
1510                 if (!got_match) {
1511                         got_match = mask_match(mangled_name, mask,
1512                                                state->conn->case_sensitive);
1513                 }
1514         }
1515
1516         if (!got_match) {
1517                 return false;
1518         }
1519
1520         *_fname = talloc_strdup(ctx, fname);
1521         if (*_fname == NULL) {
1522                 return false;
1523         }
1524
1525         return true;
1526 }
1527
1528 static bool smbd_dirptr_lanman2_mode_fn(TALLOC_CTX *ctx,
1529                                         void *private_data,
1530                                         struct smb_filename *smb_fname,
1531                                         uint32_t *_mode)
1532 {
1533         struct smbd_dirptr_lanman2_state *state =
1534                 (struct smbd_dirptr_lanman2_state *)private_data;
1535         bool ms_dfs_link = false;
1536         uint32_t mode = 0;
1537
1538         if (INFO_LEVEL_IS_UNIX(state->info_level)) {
1539                 if (SMB_VFS_LSTAT(state->conn, smb_fname) != 0) {
1540                         DEBUG(5,("smbd_dirptr_lanman2_mode_fn: "
1541                                  "Couldn't lstat [%s] (%s)\n",
1542                                  smb_fname_str_dbg(smb_fname),
1543                                  strerror(errno)));
1544                         return false;
1545                 }
1546         } else if (!VALID_STAT(smb_fname->st) &&
1547                    SMB_VFS_STAT(state->conn, smb_fname) != 0) {
1548                 /* Needed to show the msdfs symlinks as
1549                  * directories */
1550
1551                 ms_dfs_link = check_msdfs_link(state->conn,
1552                                                smb_fname->base_name,
1553                                                &smb_fname->st);
1554                 if (!ms_dfs_link) {
1555                         DEBUG(5,("smbd_dirptr_lanman2_mode_fn: "
1556                                  "Couldn't stat [%s] (%s)\n",
1557                                  smb_fname_str_dbg(smb_fname),
1558                                  strerror(errno)));
1559                         return false;
1560                 }
1561         }
1562
1563         if (ms_dfs_link) {
1564                 mode = dos_mode_msdfs(state->conn, smb_fname);
1565         } else {
1566                 mode = dos_mode(state->conn, smb_fname);
1567         }
1568
1569         *_mode = mode;
1570         return true;
1571 }
1572
1573 static NTSTATUS smbd_marshall_dir_entry(TALLOC_CTX *ctx,
1574                                     connection_struct *conn,
1575                                     uint16_t flags2,
1576                                     uint32_t info_level,
1577                                     struct ea_list *name_list,
1578                                     bool check_mangled_names,
1579                                     bool requires_resume_key,
1580                                     uint32_t mode,
1581                                     const char *fname,
1582                                     const struct smb_filename *smb_fname,
1583                                     int space_remaining,
1584                                     uint8_t align,
1585                                     bool do_pad,
1586                                     char *base_data,
1587                                     char **ppdata,
1588                                     char *end_data,
1589                                     uint64_t *last_entry_off)
1590 {
1591         char *p, *q, *pdata = *ppdata;
1592         uint32_t reskey=0;
1593         uint64_t file_size = 0;
1594         uint64_t allocation_size = 0;
1595         uint64_t file_index = 0;
1596         size_t len = 0;
1597         struct timespec mdate_ts, adate_ts, cdate_ts, create_date_ts;
1598         time_t mdate = (time_t)0, adate = (time_t)0, create_date = (time_t)0;
1599         char *nameptr;
1600         char *last_entry_ptr;
1601         bool was_8_3;
1602         int off;
1603         int pad = 0;
1604         NTSTATUS status;
1605
1606         ZERO_STRUCT(mdate_ts);
1607         ZERO_STRUCT(adate_ts);
1608         ZERO_STRUCT(create_date_ts);
1609         ZERO_STRUCT(cdate_ts);
1610
1611         if (!(mode & FILE_ATTRIBUTE_DIRECTORY)) {
1612                 file_size = get_file_size_stat(&smb_fname->st);
1613         }
1614         allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn, NULL, &smb_fname->st);
1615
1616         file_index = get_FileIndex(conn, &smb_fname->st);
1617
1618         mdate_ts = smb_fname->st.st_ex_mtime;
1619         adate_ts = smb_fname->st.st_ex_atime;
1620         create_date_ts = get_create_timespec(conn, NULL, smb_fname);
1621         cdate_ts = get_change_timespec(conn, NULL, smb_fname);
1622
1623         if (lp_dos_filetime_resolution(SNUM(conn))) {
1624                 dos_filetime_timespec(&create_date_ts);
1625                 dos_filetime_timespec(&mdate_ts);
1626                 dos_filetime_timespec(&adate_ts);
1627                 dos_filetime_timespec(&cdate_ts);
1628         }
1629
1630         create_date = convert_timespec_to_time_t(create_date_ts);
1631         mdate = convert_timespec_to_time_t(mdate_ts);
1632         adate = convert_timespec_to_time_t(adate_ts);
1633
1634         /* align the record */
1635         SMB_ASSERT(align >= 1);
1636
1637         off = (int)PTR_DIFF(pdata, base_data);
1638         pad = (off + (align-1)) & ~(align-1);
1639         pad -= off;
1640
1641         if (pad && pad > space_remaining) {
1642                 DEBUG(9,("smbd_marshall_dir_entry: out of space "
1643                         "for padding (wanted %u, had %d)\n",
1644                         (unsigned int)pad,
1645                         space_remaining ));
1646                 return STATUS_MORE_ENTRIES; /* Not finished - just out of space */
1647         }
1648
1649         off += pad;
1650         /* initialize padding to 0 */
1651         if (pad) {
1652                 memset(pdata, 0, pad);
1653         }
1654         space_remaining -= pad;
1655
1656         DEBUG(10,("smbd_marshall_dir_entry: space_remaining = %d\n",
1657                 space_remaining ));
1658
1659         pdata += pad;
1660         p = pdata;
1661         last_entry_ptr = p;
1662
1663         pad = 0;
1664         off = 0;
1665
1666         switch (info_level) {
1667         case SMB_FIND_INFO_STANDARD:
1668                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_INFO_STANDARD\n"));
1669                 if(requires_resume_key) {
1670                         SIVAL(p,0,reskey);
1671                         p += 4;
1672                 }
1673                 srv_put_dos_date2(p,0,create_date);
1674                 srv_put_dos_date2(p,4,adate);
1675                 srv_put_dos_date2(p,8,mdate);
1676                 SIVAL(p,12,(uint32)file_size);
1677                 SIVAL(p,16,(uint32)allocation_size);
1678                 SSVAL(p,20,mode);
1679                 p += 23;
1680                 nameptr = p;
1681                 if (flags2 & FLAGS2_UNICODE_STRINGS) {
1682                         p += ucs2_align(base_data, p, 0);
1683                 }
1684                 status = srvstr_push(base_data, flags2, p,
1685                                   fname, PTR_DIFF(end_data, p),
1686                                   STR_TERMINATE, &len);
1687                 if (!NT_STATUS_IS_OK(status)) {
1688                         return status;
1689                 }
1690                 if (flags2 & FLAGS2_UNICODE_STRINGS) {
1691                         if (len > 2) {
1692                                 SCVAL(nameptr, -1, len - 2);
1693                         } else {
1694                                 SCVAL(nameptr, -1, 0);
1695                         }
1696                 } else {
1697                         if (len > 1) {
1698                                 SCVAL(nameptr, -1, len - 1);
1699                         } else {
1700                                 SCVAL(nameptr, -1, 0);
1701                         }
1702                 }
1703                 p += len;
1704                 break;
1705
1706         case SMB_FIND_EA_SIZE:
1707                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_EA_SIZE\n"));
1708                 if (requires_resume_key) {
1709                         SIVAL(p,0,reskey);
1710                         p += 4;
1711                 }
1712                 srv_put_dos_date2(p,0,create_date);
1713                 srv_put_dos_date2(p,4,adate);
1714                 srv_put_dos_date2(p,8,mdate);
1715                 SIVAL(p,12,(uint32)file_size);
1716                 SIVAL(p,16,(uint32)allocation_size);
1717                 SSVAL(p,20,mode);
1718                 {
1719                         unsigned int ea_size = estimate_ea_size(conn, NULL,
1720                                                                 smb_fname);
1721                         SIVAL(p,22,ea_size); /* Extended attributes */
1722                 }
1723                 p += 27;
1724                 nameptr = p - 1;
1725                 status = srvstr_push(base_data, flags2,
1726                                   p, fname, PTR_DIFF(end_data, p),
1727                                   STR_TERMINATE | STR_NOALIGN, &len);
1728                 if (!NT_STATUS_IS_OK(status)) {
1729                         return status;
1730                 }
1731                 if (flags2 & FLAGS2_UNICODE_STRINGS) {
1732                         if (len > 2) {
1733                                 len -= 2;
1734                         } else {
1735                                 len = 0;
1736                         }
1737                 } else {
1738                         if (len > 1) {
1739                                 len -= 1;
1740                         } else {
1741                                 len = 0;
1742                         }
1743                 }
1744                 SCVAL(nameptr,0,len);
1745                 p += len;
1746                 SCVAL(p,0,0); p += 1; /* Extra zero byte ? - why.. */
1747                 break;
1748
1749         case SMB_FIND_EA_LIST:
1750         {
1751                 struct ea_list *file_list = NULL;
1752                 size_t ea_len = 0;
1753
1754                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_EA_LIST\n"));
1755                 if (!name_list) {
1756                         return NT_STATUS_INVALID_PARAMETER;
1757                 }
1758                 if (requires_resume_key) {
1759                         SIVAL(p,0,reskey);
1760                         p += 4;
1761                 }
1762                 srv_put_dos_date2(p,0,create_date);
1763                 srv_put_dos_date2(p,4,adate);
1764                 srv_put_dos_date2(p,8,mdate);
1765                 SIVAL(p,12,(uint32)file_size);
1766                 SIVAL(p,16,(uint32)allocation_size);
1767                 SSVAL(p,20,mode);
1768                 p += 22; /* p now points to the EA area. */
1769
1770                 status = get_ea_list_from_file(ctx, conn, NULL,
1771                                                smb_fname,
1772                                                &ea_len, &file_list);
1773                 if (!NT_STATUS_IS_OK(status)) {
1774                         file_list = NULL;
1775                 }
1776                 name_list = ea_list_union(name_list, file_list, &ea_len);
1777
1778                 /* We need to determine if this entry will fit in the space available. */
1779                 /* Max string size is 255 bytes. */
1780                 if (PTR_DIFF(p + 255 + ea_len,pdata) > space_remaining) {
1781                         DEBUG(9,("smbd_marshall_dir_entry: out of space "
1782                                 "(wanted %u, had %d)\n",
1783                                 (unsigned int)PTR_DIFF(p + 255 + ea_len,pdata),
1784                                 space_remaining ));
1785                         return STATUS_MORE_ENTRIES; /* Not finished - just out of space */
1786                 }
1787
1788                 /* Push the ea_data followed by the name. */
1789                 p += fill_ea_buffer(ctx, p, space_remaining, conn, name_list);
1790                 nameptr = p;
1791                 status = srvstr_push(base_data, flags2,
1792                                   p + 1, fname, PTR_DIFF(end_data, p+1),
1793                                   STR_TERMINATE | STR_NOALIGN, &len);
1794                 if (!NT_STATUS_IS_OK(status)) {
1795                         return status;
1796                 }
1797                 if (flags2 & FLAGS2_UNICODE_STRINGS) {
1798                         if (len > 2) {
1799                                 len -= 2;
1800                         } else {
1801                                 len = 0;
1802                         }
1803                 } else {
1804                         if (len > 1) {
1805                                 len -= 1;
1806                         } else {
1807                                 len = 0;
1808                         }
1809                 }
1810                 SCVAL(nameptr,0,len);
1811                 p += len + 1;
1812                 SCVAL(p,0,0); p += 1; /* Extra zero byte ? - why.. */
1813                 break;
1814         }
1815
1816         case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
1817                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO\n"));
1818                 was_8_3 = mangle_is_8_3(fname, True, conn->params);
1819                 p += 4;
1820                 SIVAL(p,0,reskey); p += 4;
1821                 put_long_date_timespec(conn->ts_res,p,create_date_ts); p += 8;
1822                 put_long_date_timespec(conn->ts_res,p,adate_ts); p += 8;
1823                 put_long_date_timespec(conn->ts_res,p,mdate_ts); p += 8;
1824                 put_long_date_timespec(conn->ts_res,p,cdate_ts); p += 8;
1825                 SOFF_T(p,0,file_size); p += 8;
1826                 SOFF_T(p,0,allocation_size); p += 8;
1827                 SIVAL(p,0,mode); p += 4;
1828                 q = p; p += 4; /* q is placeholder for name length. */
1829                 if (mode & FILE_ATTRIBUTE_REPARSE_POINT) {
1830                         SIVAL(p, 0, IO_REPARSE_TAG_DFS);
1831                 } else {
1832                         unsigned int ea_size = estimate_ea_size(conn, NULL,
1833                                                                 smb_fname);
1834                         SIVAL(p,0,ea_size); /* Extended attributes */
1835                 }
1836                 p += 4;
1837                 /* Clear the short name buffer. This is
1838                  * IMPORTANT as not doing so will trigger
1839                  * a Win2k client bug. JRA.
1840                  */
1841                 if (!was_8_3 && check_mangled_names) {
1842                         char mangled_name[13]; /* mangled 8.3 name. */
1843                         if (!name_to_8_3(fname,mangled_name,True,
1844                                            conn->params)) {
1845                                 /* Error - mangle failed ! */
1846                                 memset(mangled_name,'\0',12);
1847                         }
1848                         mangled_name[12] = 0;
1849                         status = srvstr_push(base_data, flags2,
1850                                           p+2, mangled_name, 24,
1851                                           STR_UPPER|STR_UNICODE, &len);
1852                         if (!NT_STATUS_IS_OK(status)) {
1853                                 return status;
1854                         }
1855                         if (len < 24) {
1856                                 memset(p + 2 + len,'\0',24 - len);
1857                         }
1858                         SSVAL(p, 0, len);
1859                 } else {
1860                         memset(p,'\0',26);
1861                 }
1862                 p += 2 + 24;
1863                 status = srvstr_push(base_data, flags2, p,
1864                                   fname, PTR_DIFF(end_data, p),
1865                                   STR_TERMINATE_ASCII, &len);
1866                 if (!NT_STATUS_IS_OK(status)) {
1867                         return status;
1868                 }
1869                 SIVAL(q,0,len);
1870                 p += len;
1871
1872                 len = PTR_DIFF(p, pdata);
1873                 pad = (len + (align-1)) & ~(align-1);
1874                 /*
1875                  * offset to the next entry, the caller
1876                  * will overwrite it for the last entry
1877                  * that's why we always include the padding
1878                  */
1879                 SIVAL(pdata,0,pad);
1880                 /*
1881                  * set padding to zero
1882                  */
1883                 if (do_pad) {
1884                         memset(p, 0, pad - len);
1885                         p = pdata + pad;
1886                 } else {
1887                         p = pdata + len;
1888                 }
1889                 break;
1890
1891         case SMB_FIND_FILE_DIRECTORY_INFO:
1892                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_DIRECTORY_INFO\n"));
1893                 p += 4;
1894                 SIVAL(p,0,reskey); p += 4;
1895                 put_long_date_timespec(conn->ts_res,p,create_date_ts); p += 8;
1896                 put_long_date_timespec(conn->ts_res,p,adate_ts); p += 8;
1897                 put_long_date_timespec(conn->ts_res,p,mdate_ts); p += 8;
1898                 put_long_date_timespec(conn->ts_res,p,cdate_ts); p += 8;
1899                 SOFF_T(p,0,file_size); p += 8;
1900                 SOFF_T(p,0,allocation_size); p += 8;
1901                 SIVAL(p,0,mode); p += 4;
1902                 status = srvstr_push(base_data, flags2,
1903                                   p + 4, fname, PTR_DIFF(end_data, p+4),
1904                                   STR_TERMINATE_ASCII, &len);
1905                 if (!NT_STATUS_IS_OK(status)) {
1906                         return status;
1907                 }
1908                 SIVAL(p,0,len);
1909                 p += 4 + len;
1910
1911                 len = PTR_DIFF(p, pdata);
1912                 pad = (len + (align-1)) & ~(align-1);
1913                 /*
1914                  * offset to the next entry, the caller
1915                  * will overwrite it for the last entry
1916                  * that's why we always include the padding
1917                  */
1918                 SIVAL(pdata,0,pad);
1919                 /*
1920                  * set padding to zero
1921                  */
1922                 if (do_pad) {
1923                         memset(p, 0, pad - len);
1924                         p = pdata + pad;
1925                 } else {
1926                         p = pdata + len;
1927                 }
1928                 break;
1929
1930         case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
1931                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_FULL_DIRECTORY_INFO\n"));
1932                 p += 4;
1933                 SIVAL(p,0,reskey); p += 4;
1934                 put_long_date_timespec(conn->ts_res,p,create_date_ts); p += 8;
1935                 put_long_date_timespec(conn->ts_res,p,adate_ts); p += 8;
1936                 put_long_date_timespec(conn->ts_res,p,mdate_ts); p += 8;
1937                 put_long_date_timespec(conn->ts_res,p,cdate_ts); p += 8;
1938                 SOFF_T(p,0,file_size); p += 8;
1939                 SOFF_T(p,0,allocation_size); p += 8;
1940                 SIVAL(p,0,mode); p += 4;
1941                 q = p; p += 4; /* q is placeholder for name length. */
1942                 {
1943                         unsigned int ea_size = estimate_ea_size(conn, NULL,
1944                                                                 smb_fname);
1945                         SIVAL(p,0,ea_size); /* Extended attributes */
1946                         p +=4;
1947                 }
1948                 status = srvstr_push(base_data, flags2, p,
1949                                   fname, PTR_DIFF(end_data, p),
1950                                   STR_TERMINATE_ASCII, &len);
1951                 if (!NT_STATUS_IS_OK(status)) {
1952                         return status;
1953                 }
1954                 SIVAL(q, 0, len);
1955                 p += len;
1956
1957                 len = PTR_DIFF(p, pdata);
1958                 pad = (len + (align-1)) & ~(align-1);
1959                 /*
1960                  * offset to the next entry, the caller
1961                  * will overwrite it for the last entry
1962                  * that's why we always include the padding
1963                  */
1964                 SIVAL(pdata,0,pad);
1965                 /*
1966                  * set padding to zero
1967                  */
1968                 if (do_pad) {
1969                         memset(p, 0, pad - len);
1970                         p = pdata + pad;
1971                 } else {
1972                         p = pdata + len;
1973                 }
1974                 break;
1975
1976         case SMB_FIND_FILE_NAMES_INFO:
1977                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_NAMES_INFO\n"));
1978                 p += 4;
1979                 SIVAL(p,0,reskey); p += 4;
1980                 p += 4;
1981                 /* this must *not* be null terminated or w2k gets in a loop trying to set an
1982                    acl on a dir (tridge) */
1983                 status = srvstr_push(base_data, flags2, p,
1984                                   fname, PTR_DIFF(end_data, p),
1985                                   STR_TERMINATE_ASCII, &len);
1986                 if (!NT_STATUS_IS_OK(status)) {
1987                         return status;
1988                 }
1989                 SIVAL(p, -4, len);
1990                 p += len;
1991
1992                 len = PTR_DIFF(p, pdata);
1993                 pad = (len + (align-1)) & ~(align-1);
1994                 /*
1995                  * offset to the next entry, the caller
1996                  * will overwrite it for the last entry
1997                  * that's why we always include the padding
1998                  */
1999                 SIVAL(pdata,0,pad);
2000                 /*
2001                  * set padding to zero
2002                  */
2003                 if (do_pad) {
2004                         memset(p, 0, pad - len);
2005                         p = pdata + pad;
2006                 } else {
2007                         p = pdata + len;
2008                 }
2009                 break;
2010
2011         case SMB_FIND_ID_FULL_DIRECTORY_INFO:
2012                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_ID_FULL_DIRECTORY_INFO\n"));
2013                 p += 4;
2014                 SIVAL(p,0,reskey); p += 4;
2015                 put_long_date_timespec(conn->ts_res,p,create_date_ts); p += 8;
2016                 put_long_date_timespec(conn->ts_res,p,adate_ts); p += 8;
2017                 put_long_date_timespec(conn->ts_res,p,mdate_ts); p += 8;
2018                 put_long_date_timespec(conn->ts_res,p,cdate_ts); p += 8;
2019                 SOFF_T(p,0,file_size); p += 8;
2020                 SOFF_T(p,0,allocation_size); p += 8;
2021                 SIVAL(p,0,mode); p += 4;
2022                 q = p; p += 4; /* q is placeholder for name length. */
2023                 if (mode & FILE_ATTRIBUTE_REPARSE_POINT) {
2024                         SIVAL(p, 0, IO_REPARSE_TAG_DFS);
2025                 } else {
2026                         unsigned int ea_size = estimate_ea_size(conn, NULL,
2027                                                                 smb_fname);
2028                         SIVAL(p,0,ea_size); /* Extended attributes */
2029                 }
2030                 p += 4;
2031                 SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
2032                 SBVAL(p,0,file_index); p += 8;
2033                 status = srvstr_push(base_data, flags2, p,
2034                                   fname, PTR_DIFF(end_data, p),
2035                                   STR_TERMINATE_ASCII, &len);
2036                 if (!NT_STATUS_IS_OK(status)) {
2037                         return status;
2038                 }
2039                 SIVAL(q, 0, len);
2040                 p += len;
2041
2042                 len = PTR_DIFF(p, pdata);
2043                 pad = (len + (align-1)) & ~(align-1);
2044                 /*
2045                  * offset to the next entry, the caller
2046                  * will overwrite it for the last entry
2047                  * that's why we always include the padding
2048                  */
2049                 SIVAL(pdata,0,pad);
2050                 /*
2051                  * set padding to zero
2052                  */
2053                 if (do_pad) {
2054                         memset(p, 0, pad - len);
2055                         p = pdata + pad;
2056                 } else {
2057                         p = pdata + len;
2058                 }
2059                 break;
2060
2061         case SMB_FIND_ID_BOTH_DIRECTORY_INFO:
2062                 DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_ID_BOTH_DIRECTORY_INFO\n"));
2063                 was_8_3 = mangle_is_8_3(fname, True, conn->params);
2064                 p += 4;
2065                 SIVAL(p,0,reskey); p += 4;
2066                 put_long_date_timespec(conn->ts_res,p,create_date_ts); p += 8;
2067                 put_long_date_timespec(conn->ts_res,p,adate_ts); p += 8;
2068                 put_long_date_timespec(conn->ts_res,p,mdate_ts); p += 8;
2069                 put_long_date_timespec(conn->ts_res,p,cdate_ts); p += 8;
2070                 SOFF_T(p,0,file_size); p += 8;
2071                 SOFF_T(p,0,allocation_size); p += 8;
2072                 SIVAL(p,0,mode); p += 4;
2073                 q = p; p += 4; /* q is placeholder for name length */
2074                 if (mode & FILE_ATTRIBUTE_REPARSE_POINT) {
2075                         SIVAL(p, 0, IO_REPARSE_TAG_DFS);
2076                 } else {
2077                         unsigned int ea_size = estimate_ea_size(conn, NULL,
2078                                                                 smb_fname);
2079                         SIVAL(p,0,ea_size); /* Extended attributes */
2080                 }
2081                 p += 4;
2082                 /* Clear the short name buffer. This is
2083                  * IMPORTANT as not doing so will trigger
2084                  * a Win2k client bug. JRA.
2085                  */
2086                 if (!was_8_3 && check_mangled_names) {
2087                         char mangled_name[13]; /* mangled 8.3 name. */
2088                         if (!name_to_8_3(fname,mangled_name,True,
2089                                         conn->params)) {
2090                                 /* Error - mangle failed ! */
2091                                 memset(mangled_name,'\0',12);
2092                         }
2093                         mangled_name[12] = 0;
2094                         status = srvstr_push(base_data, flags2,
2095                                           p+2, mangled_name, 24,
2096                                           STR_UPPER|STR_UNICODE, &len);
2097                         if (!NT_STATUS_IS_OK(status)) {
2098                                 return status;
2099                         }
2100                         SSVAL(p, 0, len);
2101                         if (len < 24) {
2102                                 memset(p + 2 + len,'\0',24 - len);
2103                         }
2104                         SSVAL(p, 0, len);
2105                 } else {
2106                         memset(p,'\0',26);
2107                 }
2108                 p += 26;
2109                 SSVAL(p,0,0); p += 2; /* Reserved ? */
2110                 SBVAL(p,0,file_index); p += 8;
2111                 status = srvstr_push(base_data, flags2, p,
2112                                   fname, PTR_DIFF(end_data, p),
2113                                   STR_TERMINATE_ASCII, &len);
2114                 if (!NT_STATUS_IS_OK(status)) {
2115                         return status;
2116                 }
2117                 SIVAL(q,0,len);
2118                 p += len;
2119
2120                 len = PTR_DIFF(p, pdata);
2121                 pad = (len + (align-1)) & ~(align-1);
2122                 /*
2123                  * offset to the next entry, the caller
2124                  * will overwrite it for the last entry
2125                  * that's why we always include the padding
2126                  */
2127                 SIVAL(pdata,0,pad);
2128                 /*
2129                  * set padding to zero
2130                  */
2131                 if (do_pad) {
2132                         memset(p, 0, pad - len);
2133                         p = pdata + pad;
2134                 } else {
2135                         p = pdata + len;
2136                 }
2137                 break;
2138
2139         /* CIFS UNIX Extension. */
2140
2141         case SMB_FIND_FILE_UNIX:
2142         case SMB_FIND_FILE_UNIX_INFO2:
2143                 p+= 4;
2144                 SIVAL(p,0,reskey); p+= 4;    /* Used for continuing search. */
2145
2146                 /* Begin of SMB_QUERY_FILE_UNIX_BASIC */
2147
2148                 if (info_level == SMB_FIND_FILE_UNIX) {
2149                         DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_UNIX\n"));
2150                         p = store_file_unix_basic(conn, p,
2151                                                 NULL, &smb_fname->st);
2152                         status = srvstr_push(base_data, flags2, p,
2153                                           fname, PTR_DIFF(end_data, p),
2154                                           STR_TERMINATE, &len);
2155                         if (!NT_STATUS_IS_OK(status)) {
2156                                 return status;
2157                         }
2158                 } else {
2159                         DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_UNIX_INFO2\n"));
2160                         p = store_file_unix_basic_info2(conn, p,
2161                                                 NULL, &smb_fname->st);
2162                         nameptr = p;
2163                         p += 4;
2164                         status = srvstr_push(base_data, flags2, p, fname,
2165                                           PTR_DIFF(end_data, p), 0, &len);
2166                         if (!NT_STATUS_IS_OK(status)) {
2167                                 return status;
2168                         }
2169                         SIVAL(nameptr, 0, len);
2170                 }
2171
2172                 p += len;
2173
2174                 len = PTR_DIFF(p, pdata);
2175                 pad = (len + (align-1)) & ~(align-1);
2176                 /*
2177                  * offset to the next entry, the caller
2178                  * will overwrite it for the last entry
2179                  * that's why we always include the padding
2180                  */
2181                 SIVAL(pdata,0,pad);
2182                 /*
2183                  * set padding to zero
2184                  */
2185                 if (do_pad) {
2186                         memset(p, 0, pad - len);
2187                         p = pdata + pad;
2188                 } else {
2189                         p = pdata + len;
2190                 }
2191                 /* End of SMB_QUERY_FILE_UNIX_BASIC */
2192
2193                 break;
2194
2195         default:
2196                 return NT_STATUS_INVALID_LEVEL;
2197         }
2198
2199         if (PTR_DIFF(p,pdata) > space_remaining) {
2200                 DEBUG(9,("smbd_marshall_dir_entry: out of space "
2201                         "(wanted %u, had %d)\n",
2202                         (unsigned int)PTR_DIFF(p,pdata),
2203                         space_remaining ));
2204                 return STATUS_MORE_ENTRIES; /* Not finished - just out of space */
2205         }
2206
2207         /* Setup the last entry pointer, as an offset from base_data */
2208         *last_entry_off = PTR_DIFF(last_entry_ptr,base_data);
2209         /* Advance the data pointer to the next slot */
2210         *ppdata = p;
2211
2212         return NT_STATUS_OK;
2213 }
2214
2215 NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
2216                                connection_struct *conn,
2217                                struct dptr_struct *dirptr,
2218                                uint16 flags2,
2219                                const char *path_mask,
2220                                uint32 dirtype,
2221                                int info_level,
2222                                int requires_resume_key,
2223                                bool dont_descend,
2224                                bool ask_sharemode,
2225                                uint8_t align,
2226                                bool do_pad,
2227                                char **ppdata,
2228                                char *base_data,
2229                                char *end_data,
2230                                int space_remaining,
2231                                bool *out_of_space,
2232                                bool *got_exact_match,
2233                                int *_last_entry_off,
2234                                struct ea_list *name_list)
2235 {
2236         const char *p;
2237         const char *mask = NULL;
2238         long prev_dirpos = 0;
2239         uint32_t mode = 0;
2240         char *fname = NULL;
2241         struct smb_filename *smb_fname = NULL;
2242         struct smbd_dirptr_lanman2_state state;
2243         bool ok;
2244         uint64_t last_entry_off = 0;
2245         NTSTATUS status;
2246
2247         ZERO_STRUCT(state);
2248         state.conn = conn;
2249         state.info_level = info_level;
2250         state.check_mangled_names = lp_mangled_names(conn->params);
2251         state.has_wild = dptr_has_wild(dirptr);
2252         state.got_exact_match = false;
2253
2254         *out_of_space = false;
2255         *got_exact_match = false;
2256
2257         p = strrchr_m(path_mask,'/');
2258         if(p != NULL) {
2259                 if(p[1] == '\0') {
2260                         mask = "*.*";
2261                 } else {
2262                         mask = p+1;
2263                 }
2264         } else {
2265                 mask = path_mask;
2266         }
2267
2268         ok = smbd_dirptr_get_entry(ctx,
2269                                    dirptr,
2270                                    mask,
2271                                    dirtype,
2272                                    dont_descend,
2273                                    ask_sharemode,
2274                                    smbd_dirptr_lanman2_match_fn,
2275                                    smbd_dirptr_lanman2_mode_fn,
2276                                    &state,
2277                                    &fname,
2278                                    &smb_fname,
2279                                    &mode,
2280                                    &prev_dirpos);
2281         if (!ok) {
2282                 return NT_STATUS_END_OF_FILE;
2283         }
2284
2285         *got_exact_match = state.got_exact_match;
2286
2287         status = smbd_marshall_dir_entry(ctx,
2288                                      conn,
2289                                      flags2,
2290                                      info_level,
2291                                      name_list,
2292                                      state.check_mangled_names,
2293                                      requires_resume_key,
2294                                      mode,
2295                                      fname,
2296                                      smb_fname,
2297                                      space_remaining,
2298                                      align,
2299                                      do_pad,
2300                                      base_data,
2301                                      ppdata,
2302                                      end_data,
2303                                      &last_entry_off);
2304         TALLOC_FREE(fname);
2305         TALLOC_FREE(smb_fname);
2306         if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2307                 *out_of_space = true;
2308                 dptr_SeekDir(dirptr, prev_dirpos);
2309                 return status;
2310         }
2311         if (!NT_STATUS_IS_OK(status)) {
2312                 return status;
2313         }
2314
2315         *_last_entry_off = last_entry_off;
2316         return NT_STATUS_OK;
2317 }
2318
2319 static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
2320                                 connection_struct *conn,
2321                                 struct dptr_struct *dirptr,
2322                                 uint16 flags2,
2323                                 const char *path_mask,
2324                                 uint32 dirtype,
2325                                 int info_level,
2326                                 bool requires_resume_key,
2327                                 bool dont_descend,
2328                                 bool ask_sharemode,
2329                                 char **ppdata,
2330                                 char *base_data,
2331                                 char *end_data,
2332                                 int space_remaining,
2333                                 bool *out_of_space,
2334                                 bool *got_exact_match,
2335                                 int *last_entry_off,
2336                                 struct ea_list *name_list)
2337 {
2338         uint8_t align = 4;
2339         const bool do_pad = true;
2340         NTSTATUS status;
2341
2342         if (info_level >= 1 && info_level <= 3) {
2343                 /* No alignment on earlier info levels. */
2344                 align = 1;
2345         }
2346
2347         status = smbd_dirptr_lanman2_entry(ctx, conn, dirptr, flags2,
2348                                          path_mask, dirtype, info_level,
2349                                          requires_resume_key, dont_descend, ask_sharemode,
2350                                          align, do_pad,
2351                                          ppdata, base_data, end_data,
2352                                          space_remaining,
2353                                          out_of_space, got_exact_match,
2354                                          last_entry_off, name_list);
2355         return NT_STATUS_IS_OK(status);
2356 }
2357
2358 /****************************************************************************
2359  Reply to a TRANS2_FINDFIRST.
2360 ****************************************************************************/
2361
2362 static void call_trans2findfirst(connection_struct *conn,
2363                                  struct smb_request *req,
2364                                  char **pparams, int total_params,
2365                                  char **ppdata, int total_data,
2366                                  unsigned int max_data_bytes)
2367 {
2368         /* We must be careful here that we don't return more than the
2369                 allowed number of data bytes. If this means returning fewer than
2370                 maxentries then so be it. We assume that the redirector has
2371                 enough room for the fixed number of parameter bytes it has
2372                 requested. */
2373         struct smb_filename *smb_dname = NULL;
2374         char *params = *pparams;
2375         char *pdata = *ppdata;
2376         char *data_end;
2377         uint32 dirtype;
2378         int maxentries;
2379         uint16 findfirst_flags;
2380         bool close_after_first;
2381         bool close_if_end;
2382         bool requires_resume_key;
2383         int info_level;
2384         char *directory = NULL;
2385         char *mask = NULL;
2386         char *p;
2387         int last_entry_off=0;
2388         int dptr_num = -1;
2389         int numentries = 0;
2390         int i;
2391         bool finished = False;
2392         bool dont_descend = False;
2393         bool out_of_space = False;
2394         int space_remaining;
2395         bool mask_contains_wcard = False;
2396         struct ea_list *ea_list = NULL;
2397         NTSTATUS ntstatus = NT_STATUS_OK;
2398         bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
2399         TALLOC_CTX *ctx = talloc_tos();
2400         struct dptr_struct *dirptr = NULL;
2401         struct smbd_server_connection *sconn = req->sconn;
2402         uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP);
2403         bool backup_priv = false;
2404
2405         if (total_params < 13) {
2406                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2407                 goto out;
2408         }
2409
2410         dirtype = SVAL(params,0);
2411         maxentries = SVAL(params,2);
2412         findfirst_flags = SVAL(params,4);
2413         close_after_first = (findfirst_flags & FLAG_TRANS2_FIND_CLOSE);
2414         close_if_end = (findfirst_flags & FLAG_TRANS2_FIND_CLOSE_IF_END);
2415         requires_resume_key = (findfirst_flags & FLAG_TRANS2_FIND_REQUIRE_RESUME);
2416         backup_priv = ((findfirst_flags & FLAG_TRANS2_FIND_BACKUP_INTENT) &&
2417                                 security_token_has_privilege(get_current_nttok(conn),
2418                                                 SEC_PRIV_BACKUP));
2419
2420         info_level = SVAL(params,6);
2421
2422         DEBUG(3,("call_trans2findfirst: dirtype = %x, maxentries = %d, close_after_first=%d, \
2423 close_if_end = %d requires_resume_key = %d backup_priv = %d level = 0x%x, max_data_bytes = %d\n",
2424                 (unsigned int)dirtype, maxentries, close_after_first, close_if_end, requires_resume_key,
2425                 (int)backup_priv,
2426                 info_level, max_data_bytes));
2427
2428         if (!maxentries) {
2429                 /* W2K3 seems to treat zero as 1. */
2430                 maxentries = 1;
2431         }
2432
2433         switch (info_level) {
2434                 case SMB_FIND_INFO_STANDARD:
2435                 case SMB_FIND_EA_SIZE:
2436                 case SMB_FIND_EA_LIST:
2437                 case SMB_FIND_FILE_DIRECTORY_INFO:
2438                 case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
2439                 case SMB_FIND_FILE_NAMES_INFO:
2440                 case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
2441                 case SMB_FIND_ID_FULL_DIRECTORY_INFO:
2442                 case SMB_FIND_ID_BOTH_DIRECTORY_INFO:
2443                         break;
2444                 case SMB_FIND_FILE_UNIX:
2445                 case SMB_FIND_FILE_UNIX_INFO2:
2446                         /* Always use filesystem for UNIX mtime query. */
2447                         ask_sharemode = false;
2448                         if (!lp_unix_extensions()) {
2449                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2450                                 goto out;
2451                         }
2452                         ucf_flags |= UCF_UNIX_NAME_LOOKUP;
2453                         break;
2454                 default:
2455                         reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2456                         goto out;
2457         }
2458
2459         srvstr_get_path_wcard(ctx, params, req->flags2, &directory,
2460                               params+12, total_params - 12,
2461                               STR_TERMINATE, &ntstatus, &mask_contains_wcard);
2462         if (!NT_STATUS_IS_OK(ntstatus)) {
2463                 reply_nterror(req, ntstatus);
2464                 goto out;
2465         }
2466
2467         if (backup_priv) {
2468                 become_root();
2469                 ntstatus = filename_convert_with_privilege(ctx,
2470                                 conn,
2471                                 req,
2472                                 directory,
2473                                 ucf_flags,
2474                                 &mask_contains_wcard,
2475                                 &smb_dname);
2476         } else {
2477                 ntstatus = filename_convert(ctx, conn,
2478                                     req->flags2 & FLAGS2_DFS_PATHNAMES,
2479                                     directory,
2480                                     ucf_flags,
2481                                     &mask_contains_wcard,
2482                                     &smb_dname);
2483         }
2484
2485         if (!NT_STATUS_IS_OK(ntstatus)) {
2486                 if (NT_STATUS_EQUAL(ntstatus,NT_STATUS_PATH_NOT_COVERED)) {
2487                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2488                                         ERRSRV, ERRbadpath);
2489                         goto out;
2490                 }
2491                 reply_nterror(req, ntstatus);
2492                 goto out;
2493         }
2494
2495         mask = smb_dname->original_lcomp;
2496
2497         directory = smb_dname->base_name;
2498
2499         p = strrchr_m(directory,'/');
2500         if(p == NULL) {
2501                 /* Windows and OS/2 systems treat search on the root '\' as if it were '\*' */
2502                 if((directory[0] == '.') && (directory[1] == '\0')) {
2503                         mask = talloc_strdup(ctx,"*");
2504                         if (!mask) {
2505                                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2506                                 goto out;
2507                         }
2508                         mask_contains_wcard = True;
2509                 }
2510         } else {
2511                 *p = 0;
2512         }
2513
2514         if (p == NULL || p == directory) {
2515                 /* Ensure we don't have a directory name of "". */
2516                 directory = talloc_strdup(talloc_tos(), ".");
2517                 if (!directory) {
2518                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2519                         goto out;
2520                 }
2521         }
2522
2523         DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
2524
2525         if (info_level == SMB_FIND_EA_LIST) {
2526                 uint32 ea_size;
2527
2528                 if (total_data < 4) {
2529                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2530                         goto out;
2531                 }
2532
2533                 ea_size = IVAL(pdata,0);
2534                 if (ea_size != total_data) {
2535                         DEBUG(4,("call_trans2findfirst: Rejecting EA request with incorrect \
2536 total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pdata,0) ));
2537                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2538                         goto out;
2539                 }
2540
2541                 if (!lp_ea_support(SNUM(conn))) {
2542                         reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
2543                         goto out;
2544                 }
2545
2546                 /* Pull out the list of names. */
2547                 ea_list = read_ea_name_list(ctx, pdata + 4, ea_size - 4);
2548                 if (!ea_list) {
2549                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2550                         goto out;
2551                 }
2552         }
2553
2554         if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) {
2555                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2556                 goto out;
2557         }
2558
2559         *ppdata = (char *)SMB_REALLOC(
2560                 *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
2561         if(*ppdata == NULL ) {
2562                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2563                 goto out;
2564         }
2565         pdata = *ppdata;
2566         data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
2567
2568         /* Realloc the params space */
2569         *pparams = (char *)SMB_REALLOC(*pparams, 10);
2570         if (*pparams == NULL) {
2571                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2572                 goto out;
2573         }
2574         params = *pparams;
2575
2576         /* Save the wildcard match and attribs we are using on this directory -
2577                 needed as lanman2 assumes these are being saved between calls */
2578
2579         ntstatus = dptr_create(conn,
2580                                 req,
2581                                 NULL, /* fsp */
2582                                 directory,
2583                                 False,
2584                                 True,
2585                                 req->smbpid,
2586                                 mask,
2587                                 mask_contains_wcard,
2588                                 dirtype,
2589                                 &dirptr);
2590
2591         if (!NT_STATUS_IS_OK(ntstatus)) {
2592                 reply_nterror(req, ntstatus);
2593                 goto out;
2594         }
2595
2596         if (backup_priv) {
2597                 /* Remember this in case we have
2598                    to do a findnext. */
2599                 dptr_set_priv(dirptr);
2600         }
2601
2602         dptr_num = dptr_dnum(dirptr);
2603         DEBUG(4,("dptr_num is %d, wcard = %s, attr = %d\n", dptr_num, mask, dirtype));
2604
2605         /* Initialize per TRANS2_FIND_FIRST operation data */
2606         dptr_init_search_op(dirptr);
2607
2608         /* We don't need to check for VOL here as this is returned by
2609                 a different TRANS2 call. */
2610
2611         DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
2612                  directory,lp_dont_descend(ctx, SNUM(conn))));
2613         if (in_list(directory,lp_dont_descend(ctx, SNUM(conn)),conn->case_sensitive))
2614                 dont_descend = True;
2615
2616         p = pdata;
2617         space_remaining = max_data_bytes;
2618         out_of_space = False;
2619
2620         for (i=0;(i<maxentries) && !finished && !out_of_space;i++) {
2621                 bool got_exact_match = False;
2622
2623                 /* this is a heuristic to avoid seeking the dirptr except when
2624                         absolutely necessary. It allows for a filename of about 40 chars */
2625                 if (space_remaining < DIRLEN_GUESS && numentries > 0) {
2626                         out_of_space = True;
2627                         finished = False;
2628                 } else {
2629                         finished = !get_lanman2_dir_entry(ctx,
2630                                         conn,
2631                                         dirptr,
2632                                         req->flags2,
2633                                         mask,dirtype,info_level,
2634                                         requires_resume_key,dont_descend,
2635                                         ask_sharemode,
2636                                         &p,pdata,data_end,
2637                                         space_remaining, &out_of_space,
2638                                         &got_exact_match,
2639                                         &last_entry_off, ea_list);
2640                 }
2641
2642                 if (finished && out_of_space)
2643                         finished = False;
2644
2645                 if (!finished && !out_of_space)
2646                         numentries++;
2647
2648                 /*
2649                  * As an optimisation if we know we aren't looking
2650                  * for a wildcard name (ie. the name matches the wildcard exactly)
2651                  * then we can finish on any (first) match.
2652                  * This speeds up large directory searches. JRA.
2653                  */
2654
2655                 if(got_exact_match)
2656                         finished = True;
2657
2658                 /* Ensure space_remaining never goes -ve. */
2659                 if (PTR_DIFF(p,pdata) > max_data_bytes) {
2660                         space_remaining = 0;
2661                         out_of_space = true;
2662                 } else {
2663                         space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
2664                 }
2665         }
2666
2667         /* Check if we can close the dirptr */
2668         if(close_after_first || (finished && close_if_end)) {
2669                 DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num));
2670                 dptr_close(sconn, &dptr_num);
2671         }
2672
2673         /*
2674          * If there are no matching entries we must return ERRDOS/ERRbadfile -
2675          * from observation of NT. NB. This changes to ERRDOS,ERRnofiles if
2676          * the protocol level is less than NT1. Tested with smbclient. JRA.
2677          * This should fix the OS/2 client bug #2335.
2678          */
2679
2680         if(numentries == 0) {
2681                 dptr_close(sconn, &dptr_num);
2682                 if (get_Protocol() < PROTOCOL_NT1) {
2683                         reply_force_doserror(req, ERRDOS, ERRnofiles);
2684                         goto out;
2685                 } else {
2686                         reply_botherror(req, NT_STATUS_NO_SUCH_FILE,
2687                                         ERRDOS, ERRbadfile);
2688                         goto out;
2689                 }
2690         }
2691
2692         /* At this point pdata points to numentries directory entries. */
2693
2694         /* Set up the return parameter block */
2695         SSVAL(params,0,dptr_num);
2696         SSVAL(params,2,numentries);
2697         SSVAL(params,4,finished);
2698         SSVAL(params,6,0); /* Never an EA error */
2699         SSVAL(params,8,last_entry_off);
2700
2701         send_trans2_replies(conn, req, NT_STATUS_OK, params, 10, pdata, PTR_DIFF(p,pdata),
2702                             max_data_bytes);
2703
2704         if ((! *directory) && dptr_path(sconn, dptr_num)) {
2705                 directory = talloc_strdup(talloc_tos(),dptr_path(sconn, dptr_num));
2706                 if (!directory) {
2707                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2708                 }
2709         }
2710
2711         DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
2712                 smb_fn_name(req->cmd),
2713                 mask, directory, dirtype, numentries ) );
2714
2715         /*
2716          * Force a name mangle here to ensure that the
2717          * mask as an 8.3 name is top of the mangled cache.
2718          * The reasons for this are subtle. Don't remove
2719          * this code unless you know what you are doing
2720          * (see PR#13758). JRA.
2721          */
2722
2723         if(!mangle_is_8_3_wildcards( mask, False, conn->params)) {
2724                 char mangled_name[13];
2725                 name_to_8_3(mask, mangled_name, True, conn->params);
2726         }
2727  out:
2728
2729         if (backup_priv) {
2730                 unbecome_root();
2731         }
2732
2733         TALLOC_FREE(smb_dname);
2734         return;
2735 }
2736
2737 /****************************************************************************
2738  Reply to a TRANS2_FINDNEXT.
2739 ****************************************************************************/
2740
2741 static void call_trans2findnext(connection_struct *conn,
2742                                 struct smb_request *req,
2743                                 char **pparams, int total_params,
2744                                 char **ppdata, int total_data,
2745                                 unsigned int max_data_bytes)
2746 {
2747         /* We must be careful here that we don't return more than the
2748                 allowed number of data bytes. If this means returning fewer than
2749                 maxentries then so be it. We assume that the redirector has
2750                 enough room for the fixed number of parameter bytes it has
2751                 requested. */
2752         char *params = *pparams;
2753         char *pdata = *ppdata;
2754         char *data_end;
2755         int dptr_num;
2756         int maxentries;
2757         uint16 info_level;
2758         uint32 resume_key;
2759         uint16 findnext_flags;
2760         bool close_after_request;
2761         bool close_if_end;
2762         bool requires_resume_key;
2763         bool continue_bit;
2764         bool mask_contains_wcard = False;
2765         char *resume_name = NULL;
2766         const char *mask = NULL;
2767         const char *directory = NULL;
2768         char *p = NULL;
2769         uint16 dirtype;
2770         int numentries = 0;
2771         int i, last_entry_off=0;
2772         bool finished = False;
2773         bool dont_descend = False;
2774         bool out_of_space = False;
2775         int space_remaining;
2776         struct ea_list *ea_list = NULL;
2777         NTSTATUS ntstatus = NT_STATUS_OK;
2778         bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
2779         TALLOC_CTX *ctx = talloc_tos();
2780         struct dptr_struct *dirptr;
2781         struct smbd_server_connection *sconn = req->sconn;
2782         bool backup_priv = false; 
2783
2784         if (total_params < 13) {
2785                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2786                 return;
2787         }
2788
2789         dptr_num = SVAL(params,0);
2790         maxentries = SVAL(params,2);
2791         info_level = SVAL(params,4);
2792         resume_key = IVAL(params,6);
2793         findnext_flags = SVAL(params,10);
2794         close_after_request = (findnext_flags & FLAG_TRANS2_FIND_CLOSE);
2795         close_if_end = (findnext_flags & FLAG_TRANS2_FIND_CLOSE_IF_END);
2796         requires_resume_key = (findnext_flags & FLAG_TRANS2_FIND_REQUIRE_RESUME);
2797         continue_bit = (findnext_flags & FLAG_TRANS2_FIND_CONTINUE);
2798
2799         if (!continue_bit) {
2800                 /* We only need resume_name if continue_bit is zero. */
2801                 srvstr_get_path_wcard(ctx, params, req->flags2, &resume_name,
2802                               params+12,
2803                               total_params - 12, STR_TERMINATE, &ntstatus,
2804                               &mask_contains_wcard);
2805                 if (!NT_STATUS_IS_OK(ntstatus)) {
2806                         /* Win9x or OS/2 can send a resume name of ".." or ".". This will cause the parser to
2807                            complain (it thinks we're asking for the directory above the shared
2808                            path or an invalid name). Catch this as the resume name is only compared, never used in
2809                            a file access. JRA. */
2810                         srvstr_pull_talloc(ctx, params, req->flags2,
2811                                 &resume_name, params+12,
2812                                 total_params - 12,
2813                                 STR_TERMINATE);
2814
2815                         if (!resume_name || !(ISDOT(resume_name) || ISDOTDOT(resume_name))) {
2816                                 reply_nterror(req, ntstatus);
2817                                 return;
2818                         }
2819                 }
2820         }
2821
2822         DEBUG(3,("call_trans2findnext: dirhandle = %d, max_data_bytes = %d, maxentries = %d, \
2823 close_after_request=%d, close_if_end = %d requires_resume_key = %d \
2824 resume_key = %d resume name = %s continue=%d level = %d\n",
2825                 dptr_num, max_data_bytes, maxentries, close_after_request, close_if_end, 
2826                 requires_resume_key, resume_key,
2827                 resume_name ? resume_name : "(NULL)", continue_bit, info_level));
2828
2829         if (!maxentries) {
2830                 /* W2K3 seems to treat zero as 1. */
2831                 maxentries = 1;
2832         }
2833
2834         switch (info_level) {
2835                 case SMB_FIND_INFO_STANDARD:
2836                 case SMB_FIND_EA_SIZE:
2837                 case SMB_FIND_EA_LIST:
2838                 case SMB_FIND_FILE_DIRECTORY_INFO:
2839                 case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
2840                 case SMB_FIND_FILE_NAMES_INFO:
2841                 case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
2842                 case SMB_FIND_ID_FULL_DIRECTORY_INFO:
2843                 case SMB_FIND_ID_BOTH_DIRECTORY_INFO:
2844                         break;
2845                 case SMB_FIND_FILE_UNIX:
2846                 case SMB_FIND_FILE_UNIX_INFO2:
2847                         /* Always use filesystem for UNIX mtime query. */
2848                         ask_sharemode = false;
2849                         if (!lp_unix_extensions()) {
2850                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2851                                 return;
2852                         }
2853                         break;
2854                 default:
2855                         reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2856                         return;
2857         }
2858
2859         if (info_level == SMB_FIND_EA_LIST) {
2860                 uint32 ea_size;
2861
2862                 if (total_data < 4) {
2863                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2864                         return;
2865                 }
2866
2867                 ea_size = IVAL(pdata,0);
2868                 if (ea_size != total_data) {
2869                         DEBUG(4,("call_trans2findnext: Rejecting EA request with incorrect \
2870 total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pdata,0) ));
2871                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2872                         return;
2873                 }
2874
2875                 if (!lp_ea_support(SNUM(conn))) {
2876                         reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
2877                         return;
2878                 }
2879
2880                 /* Pull out the list of names. */
2881                 ea_list = read_ea_name_list(ctx, pdata + 4, ea_size - 4);
2882                 if (!ea_list) {
2883                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2884                         return;
2885                 }
2886         }
2887
2888         if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) {
2889                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2890                 return;
2891         }
2892
2893         *ppdata = (char *)SMB_REALLOC(
2894                 *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
2895         if(*ppdata == NULL) {
2896                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2897                 return;
2898         }
2899
2900         pdata = *ppdata;
2901         data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
2902
2903         /* Realloc the params space */
2904         *pparams = (char *)SMB_REALLOC(*pparams, 6*SIZEOFWORD);
2905         if(*pparams == NULL ) {
2906                 reply_nterror(req, NT_STATUS_NO_MEMORY);
2907                 return;
2908         }
2909
2910         params = *pparams;
2911
2912         /* Check that the dptr is valid */
2913         if(!(dirptr = dptr_fetch_lanman2(sconn, dptr_num))) {
2914                 reply_nterror(req, STATUS_NO_MORE_FILES);
2915                 return;
2916         }
2917
2918         directory = dptr_path(sconn, dptr_num);
2919
2920         /* Get the wildcard mask from the dptr */
2921         if((mask = dptr_wcard(sconn, dptr_num))== NULL) {
2922                 DEBUG(2,("dptr_num %d has no wildcard\n", dptr_num));
2923                 reply_nterror(req, STATUS_NO_MORE_FILES);
2924                 return;
2925         }
2926
2927         /* Get the attr mask from the dptr */
2928         dirtype = dptr_attr(sconn, dptr_num);
2929
2930         backup_priv = dptr_get_priv(dirptr);
2931
2932         DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%lX,%ld) "
2933                 "backup_priv = %d\n",
2934                 dptr_num, mask, dirtype,
2935                 (long)dirptr,
2936                 dptr_TellDir(dirptr),
2937                 (int)backup_priv));
2938
2939         /* Initialize per TRANS2_FIND_NEXT operation data */
2940         dptr_init_search_op(dirptr);
2941
2942         /* We don't need to check for VOL here as this is returned by
2943                 a different TRANS2 call. */
2944
2945         DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
2946                  directory,lp_dont_descend(ctx, SNUM(conn))));
2947         if (in_list(directory,lp_dont_descend(ctx, SNUM(conn)),conn->case_sensitive))
2948                 dont_descend = True;
2949
2950         p = pdata;
2951         space_remaining = max_data_bytes;
2952         out_of_space = False;
2953
2954         if (backup_priv) {
2955                 become_root();
2956         }
2957
2958         /*
2959          * Seek to the correct position. We no longer use the resume key but
2960          * depend on the last file name instead.
2961          */
2962
2963         if(!continue_bit && resume_name && *resume_name) {
2964                 SMB_STRUCT_STAT st;
2965
2966                 long current_pos = 0;
2967                 /*
2968                  * Remember, name_to_8_3 is called by
2969                  * get_lanman2_dir_entry(), so the resume name
2970                  * could be mangled. Ensure we check the unmangled name.
2971                  */
2972
2973                 if (mangle_is_mangled(resume_name, conn->params)) {
2974                         char *new_resume_name = NULL;
2975                         mangle_lookup_name_from_8_3(ctx,
2976                                                 resume_name,
2977                                                 &new_resume_name,
2978                                                 conn->params);
2979                         if (new_resume_name) {
2980                                 resume_name = new_resume_name;
2981                         }
2982                 }
2983
2984                 /*
2985                  * Fix for NT redirector problem triggered by resume key indexes
2986                  * changing between directory scans. We now return a resume key of 0
2987                  * and instead look for the filename to continue from (also given
2988                  * to us by NT/95/smbfs/smbclient). If no other scans have been done between the
2989                  * findfirst/findnext (as is usual) then the directory pointer
2990                  * should already be at the correct place.
2991                  */
2992
2993                 finished = !dptr_SearchDir(dirptr, resume_name, &current_pos, &st);
2994         } /* end if resume_name && !continue_bit */
2995
2996         for (i=0;(i<(int)maxentries) && !finished && !out_of_space ;i++) {
2997                 bool got_exact_match = False;
2998
2999                 /* this is a heuristic to avoid seeking the dirptr except when 
3000                         absolutely necessary. It allows for a filename of about 40 chars */
3001                 if (space_remaining < DIRLEN_GUESS && numentries > 0) {
3002                         out_of_space = True;
3003                         finished = False;
3004                 } else {
3005                         finished = !get_lanman2_dir_entry(ctx,
3006                                                 conn,
3007                                                 dirptr,
3008                                                 req->flags2,
3009                                                 mask,dirtype,info_level,
3010                                                 requires_resume_key,dont_descend,
3011                                                 ask_sharemode,
3012                                                 &p,pdata,data_end,
3013                                                 space_remaining, &out_of_space,
3014                                                 &got_exact_match,
3015                                                 &last_entry_off, ea_list);
3016                 }
3017
3018                 if (finished && out_of_space)
3019                         finished = False;
3020
3021                 if (!finished && !out_of_space)
3022                         numentries++;
3023
3024                 /*
3025                  * As an optimisation if we know we aren't looking
3026                  * for a wildcard name (ie. the name matches the wildcard exactly)
3027                  * then we can finish on any (first) match.
3028                  * This speeds up large directory searches. JRA.
3029                  */
3030
3031                 if(got_exact_match)
3032                         finished = True;
3033
3034                 space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
3035         }
3036
3037         DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
3038                 smb_fn_name(req->cmd),
3039                 mask, directory, dirtype, numentries ) );
3040
3041         /* Check if we can close the dirptr */
3042         if(close_after_request || (finished && close_if_end)) {
3043                 DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num));
3044                 dptr_close(sconn, &dptr_num); /* This frees up the saved mask */
3045         }
3046
3047         if (backup_priv) {
3048                 unbecome_root();
3049         }
3050
3051         /* Set up the return parameter block */
3052         SSVAL(params,0,numentries);
3053         SSVAL(params,2,finished);
3054         SSVAL(params,4,0); /* Never an EA error */
3055         SSVAL(params,6,last_entry_off);
3056
3057         send_trans2_replies(conn, req, NT_STATUS_OK, params, 8, pdata, PTR_DIFF(p,pdata),
3058                             max_data_bytes);
3059
3060         return;
3061 }
3062
3063 unsigned char *create_volume_objectid(connection_struct *conn, unsigned char objid[16])
3064 {
3065         E_md4hash(lp_servicename(talloc_tos(), SNUM(conn)),objid);
3066         return objid;
3067 }
3068
3069 static void samba_extended_info_version(struct smb_extended_info *extended_info)
3070 {
3071         SMB_ASSERT(extended_info != NULL);
3072
3073         extended_info->samba_magic = SAMBA_EXTENDED_INFO_MAGIC;
3074         extended_info->samba_version = ((SAMBA_VERSION_MAJOR & 0xff) << 24)
3075                                        | ((SAMBA_VERSION_MINOR & 0xff) << 16)
3076                                        | ((SAMBA_VERSION_RELEASE & 0xff) << 8);
3077 #ifdef SAMBA_VERSION_REVISION
3078         extended_info->samba_version |= (tolower(*SAMBA_VERSION_REVISION) - 'a' + 1) & 0xff;
3079 #endif
3080         extended_info->samba_subversion = 0;
3081 #ifdef SAMBA_VERSION_RC_RELEASE
3082         extended_info->samba_subversion |= (SAMBA_VERSION_RC_RELEASE & 0xff) << 24;
3083 #else
3084 #ifdef SAMBA_VERSION_PRE_RELEASE
3085         extended_info->samba_subversion |= (SAMBA_VERSION_PRE_RELEASE & 0xff) << 16;
3086 #endif
3087 #endif
3088 #ifdef SAMBA_VERSION_VENDOR_PATCH
3089         extended_info->samba_subversion |= (SAMBA_VERSION_VENDOR_PATCH & 0xffff);
3090 #endif
3091         extended_info->samba_gitcommitdate = 0;
3092 #ifdef SAMBA_VERSION_COMMIT_TIME
3093         unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_COMMIT_TIME);
3094 #endif
3095
3096         memset(extended_info->samba_version_string, 0,
3097                sizeof(extended_info->samba_version_string));
3098
3099         snprintf (extended_info->samba_version_string,
3100                   sizeof(extended_info->samba_version_string),
3101                   "%s", samba_version_string());
3102 }
3103
3104 NTSTATUS smbd_do_qfsinfo(struct smbXsrv_connection *xconn,
3105                          connection_struct *conn,
3106                          TALLOC_CTX *mem_ctx,
3107                          uint16_t info_level,
3108                          uint16_t flags2,
3109                          unsigned int max_data_bytes,
3110                          size_t *fixed_portion,
3111                          struct smb_filename *fname,
3112                          char **ppdata,
3113                          int *ret_data_len)
3114 {
3115         char *pdata, *end_data;
3116         int data_len = 0;
3117         size_t len = 0;
3118         const char *vname = volume_label(talloc_tos(), SNUM(conn));
3119         int snum = SNUM(conn);
3120         const char *fstype = lp_fstype(SNUM(conn));
3121         const char *filename = NULL;
3122         uint32 additional_flags = 0;
3123         struct smb_filename smb_fname;
3124         SMB_STRUCT_STAT st;
3125         NTSTATUS status = NT_STATUS_OK;
3126
3127         if (fname == NULL || fname->base_name == NULL) {
3128                 filename = ".";
3129         } else {
3130                 filename = fname->base_name;
3131         }
3132
3133         if (IS_IPC(conn)) {
3134                 if (info_level != SMB_QUERY_CIFS_UNIX_INFO) {
3135                         DEBUG(0,("smbd_do_qfsinfo: not an allowed "
3136                                 "info level (0x%x) on IPC$.\n",
3137                                 (unsigned int)info_level));
3138                         return NT_STATUS_ACCESS_DENIED;
3139                 }
3140         }
3141
3142         DEBUG(3,("smbd_do_qfsinfo: level = %d\n", info_level));
3143
3144         ZERO_STRUCT(smb_fname);
3145         smb_fname.base_name = discard_const_p(char, filename);
3146
3147         if(SMB_VFS_STAT(conn, &smb_fname) != 0) {
3148                 DEBUG(2,("stat of . failed (%s)\n", strerror(errno)));
3149                 return map_nt_error_from_unix(errno);
3150         }
3151
3152         st = smb_fname.st;
3153
3154         if (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN < max_data_bytes) {
3155                 return NT_STATUS_INVALID_PARAMETER;
3156         }
3157
3158         *ppdata = (char *)SMB_REALLOC(
3159                 *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
3160         if (*ppdata == NULL) {
3161                 return NT_STATUS_NO_MEMORY;
3162         }
3163
3164         pdata = *ppdata;
3165         memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
3166         end_data = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
3167
3168         *fixed_portion = 0;
3169
3170         switch (info_level) {
3171                 case SMB_INFO_ALLOCATION:
3172                 {
3173                         uint64_t dfree,dsize,bsize,block_size,sectors_per_unit,bytes_per_sector;
3174                         data_len = 18;
3175                         if (get_dfree_info(conn,filename,False,&bsize,&dfree,&dsize) == (uint64_t)-1) {
3176                                 return map_nt_error_from_unix(errno);
3177                         }
3178
3179                         block_size = lp_block_size(snum);
3180                         if (bsize < block_size) {
3181                                 uint64_t factor = block_size/bsize;
3182                                 bsize = block_size;
3183                                 dsize /= factor;
3184                                 dfree /= factor;
3185                         }
3186                         if (bsize > block_size) {
3187                                 uint64_t factor = bsize/block_size;
3188                                 bsize = block_size;
3189                                 dsize *= factor;
3190                                 dfree *= factor;
3191                         }
3192                         bytes_per_sector = 512;
3193                         sectors_per_unit = bsize/bytes_per_sector;
3194
3195                         DEBUG(5,("smbd_do_qfsinfo : SMB_INFO_ALLOCATION id=%x, bsize=%u, cSectorUnit=%u, \
3196 cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_ex_dev, (unsigned int)bsize, (unsigned int)sectors_per_unit,
3197                                 (unsigned int)bytes_per_sector, (unsigned int)dsize, (unsigned int)dfree));
3198
3199                         SIVAL(pdata,l1_idFileSystem,st.st_ex_dev);
3200                         SIVAL(pdata,l1_cSectorUnit,sectors_per_unit);
3201                         SIVAL(pdata,l1_cUnit,dsize);
3202                         SIVAL(pdata,l1_cUnitAvail,dfree);
3203                         SSVAL(pdata,l1_cbSector,bytes_per_sector);
3204                         break;
3205                 }
3206
3207                 case SMB_INFO_VOLUME:
3208                         /* Return volume name */
3209                         /* 
3210                          * Add volume serial number - hash of a combination of
3211                          * the called hostname and the service name.
3212                          */
3213                         SIVAL(pdata,0,str_checksum(lp_servicename(talloc_tos(), snum)) ^ (str_checksum(get_local_machine_name())<<16) );
3214                         /*
3215                          * Win2k3 and previous mess this up by sending a name length
3216                          * one byte short. I believe only older clients (OS/2 Win9x) use
3217                          * this call so try fixing this by adding a terminating null to
3218                          * the pushed string. The change here was adding the STR_TERMINATE. JRA.
3219                          */
3220                         status = srvstr_push(
3221                                 pdata, flags2,
3222                                 pdata+l2_vol_szVolLabel, vname,
3223                                 PTR_DIFF(end_data, pdata+l2_vol_szVolLabel),
3224                                 STR_NOALIGN|STR_TERMINATE, &len);
3225                         if (!NT_STATUS_IS_OK(status)) {
3226                                 return status;
3227                         }
3228                         SCVAL(pdata,l2_vol_cch,len);
3229                         data_len = l2_vol_szVolLabel + len;
3230                         DEBUG(5,("smbd_do_qfsinfo : time = %x, namelen = %u, name = %s\n",
3231                                  (unsigned)convert_timespec_to_time_t(st.st_ex_ctime),
3232                                  (unsigned)len, vname));
3233                         break;
3234
3235                 case SMB_QUERY_FS_ATTRIBUTE_INFO:
3236                 case SMB_FS_ATTRIBUTE_INFORMATION:
3237
3238                         additional_flags = 0;
3239 #if defined(HAVE_SYS_QUOTAS)
3240                         additional_flags |= FILE_VOLUME_QUOTAS;
3241 #endif
3242
3243                         if(lp_nt_acl_support(SNUM(conn))) {
3244                                 additional_flags |= FILE_PERSISTENT_ACLS;
3245                         }
3246
3247                         /* Capabilities are filled in at connection time through STATVFS call */
3248                         additional_flags |= conn->fs_capabilities;
3249                         additional_flags |= lp_parm_int(conn->params->service,
3250                                                         "share", "fake_fscaps",
3251                                                         0);
3252
3253                         SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
3254                                 FILE_SUPPORTS_OBJECT_IDS|FILE_UNICODE_ON_DISK|
3255                                 additional_flags); /* FS ATTRIBUTES */
3256
3257                         SIVAL(pdata,4,255); /* Max filename component length */
3258                         /* NOTE! the fstype must *not* be null terminated or win98 won't recognise it
3259                                 and will think we can't do long filenames */
3260                         status = srvstr_push(pdata, flags2, pdata+12, fstype,
3261                                           PTR_DIFF(end_data, pdata+12),
3262                                           STR_UNICODE, &len);
3263                         if (!NT_STATUS_IS_OK(status)) {
3264                                 return status;
3265                         }
3266                         SIVAL(pdata,8,len);
3267                         data_len = 12 + len;
3268                         if (max_data_bytes >= 16 && data_len > max_data_bytes) {
3269                                 /* the client only requested a portion of the
3270                                    file system name */
3271                                 data_len = max_data_bytes;
3272                                 status = STATUS_BUFFER_OVERFLOW;
3273                         }
3274                         *fixed_portion = 16;
3275                         break;
3276
3277                 case SMB_QUERY_FS_LABEL_INFO:
3278                 case SMB_FS_LABEL_INFORMATION:
3279                         status = srvstr_push(pdata, flags2, pdata+4, vname,
3280                                           PTR_DIFF(end_data, pdata+4), 0, &len);
3281                         if (!NT_STATUS_IS_OK(status)) {
3282                                 return status;
3283                         }
3284                         data_len = 4 + len;
3285                         SIVAL(pdata,0,len);
3286                         break;
3287
3288                 case SMB_QUERY_FS_VOLUME_INFO:      
3289                 case SMB_FS_VOLUME_INFORMATION:
3290
3291                         /* 
3292                          * Add volume serial number - hash of a combination of
3293                          * the called hostname and the service name.
3294                          */
3295                         SIVAL(pdata,8,str_checksum(lp_servicename(talloc_tos(), snum)) ^
3296                                 (str_checksum(get_local_machine_name())<<16));
3297
3298                         /* Max label len is 32 characters. */
3299                         status = srvstr_push(pdata, flags2, pdata+18, vname,
3300                                           PTR_DIFF(end_data, pdata+18),
3301                                           STR_UNICODE, &len);
3302                         if (!NT_STATUS_IS_OK(status)) {
3303                                 return status;
3304                         }
3305                         SIVAL(pdata,12,len);
3306                         data_len = 18+len;
3307
3308                         DEBUG(5,("smbd_do_qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n",