r25117: The mega-patch Jerry was waiting for. Remove all pstrings from
[tprouty/samba.git] / source / smbd / nttrans.c
1 /*
2    Unix SMB/CIFS implementation.
3    SMB NT transaction handling
4    Copyright (C) Jeremy Allison                 1994-2007
5    Copyright (C) Stefan (metze) Metzmacher      2003
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 extern int max_send;
24 extern enum protocol_types Protocol;
25 extern int smb_read_error;
26 extern struct current_user current_user;
27
28 static const char *known_nt_pipes[] = {
29         "\\LANMAN",
30         "\\srvsvc",
31         "\\samr",
32         "\\wkssvc",
33         "\\NETLOGON",
34         "\\ntlsa",
35         "\\ntsvcs",
36         "\\lsass",
37         "\\lsarpc",
38         "\\winreg",
39         "\\initshutdown",
40         "\\spoolss",
41         "\\netdfs",
42         "\\rpcecho",
43         "\\svcctl",
44         "\\eventlog",
45         "\\unixinfo",
46         NULL
47 };
48
49 static char *nttrans_realloc(char **ptr, size_t size)
50 {
51         if (ptr==NULL) {
52                 smb_panic("nttrans_realloc() called with NULL ptr");
53         }
54
55         *ptr = (char *)SMB_REALLOC(*ptr, size);
56         if(*ptr == NULL) {
57                 return NULL;
58         }
59         memset(*ptr,'\0',size);
60         return *ptr;
61 }
62
63 /****************************************************************************
64  Send the required number of replies back.
65  We assume all fields other than the data fields are
66  set correctly for the type of call.
67  HACK ! Always assumes smb_setup field is zero.
68 ****************************************************************************/
69
70 void send_nt_replies(struct smb_request *req, NTSTATUS nt_error,
71                      char *params, int paramsize,
72                      char *pdata, int datasize)
73 {
74         int data_to_send = datasize;
75         int params_to_send = paramsize;
76         int useable_space;
77         char *pp = params;
78         char *pd = pdata;
79         int params_sent_thistime, data_sent_thistime, total_sent_thistime;
80         int alignment_offset = 3;
81         int data_alignment_offset = 0;
82
83         /*
84          * If there genuinely are no parameters or data to send just send
85          * the empty packet.
86          */
87
88         if(params_to_send == 0 && data_to_send == 0) {
89                 reply_outbuf(req, 18, 0);
90                 show_msg((char *)req->outbuf);
91                 return;
92         }
93
94         /*
95          * When sending params and data ensure that both are nicely aligned.
96          * Only do this alignment when there is also data to send - else
97          * can cause NT redirector problems.
98          */
99
100         if (((params_to_send % 4) != 0) && (data_to_send != 0)) {
101                 data_alignment_offset = 4 - (params_to_send % 4);
102         }
103
104         /*
105          * Space is bufsize minus Netbios over TCP header minus SMB header.
106          * The alignment_offset is to align the param bytes on a four byte
107          * boundary (2 bytes for data len, one byte pad).
108          * NT needs this to work correctly.
109          */
110
111         useable_space = max_send - (smb_size
112                                     + 2 * 18 /* wct */
113                                     + alignment_offset
114                                     + data_alignment_offset);
115
116         /*
117          * useable_space can never be more than max_send minus the
118          * alignment offset.
119          */
120
121         useable_space = MIN(useable_space,
122                                 max_send - (alignment_offset+data_alignment_offset));
123
124
125         while (params_to_send || data_to_send) {
126
127                 /*
128                  * Calculate whether we will totally or partially fill this packet.
129                  */
130
131                 total_sent_thistime = params_to_send + data_to_send +
132                                         alignment_offset + data_alignment_offset;
133
134                 /*
135                  * We can never send more than useable_space.
136                  */
137
138                 total_sent_thistime = MIN(total_sent_thistime, useable_space);
139
140                 reply_outbuf(req, 18, total_sent_thistime);
141
142                 /*
143                  * Set total params and data to be sent.
144                  */
145
146                 SIVAL(req->outbuf,smb_ntr_TotalParameterCount,paramsize);
147                 SIVAL(req->outbuf,smb_ntr_TotalDataCount,datasize);
148
149                 /*
150                  * Calculate how many parameters and data we can fit into
151                  * this packet. Parameters get precedence.
152                  */
153
154                 params_sent_thistime = MIN(params_to_send,useable_space);
155                 data_sent_thistime = useable_space - params_sent_thistime;
156                 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
157
158                 SIVAL(req->outbuf, smb_ntr_ParameterCount,
159                       params_sent_thistime);
160
161                 if(params_sent_thistime == 0) {
162                         SIVAL(req->outbuf,smb_ntr_ParameterOffset,0);
163                         SIVAL(req->outbuf,smb_ntr_ParameterDisplacement,0);
164                 } else {
165                         /*
166                          * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
167                          * parameter bytes, however the first 4 bytes of outbuf are
168                          * the Netbios over TCP header. Thus use smb_base() to subtract
169                          * them from the calculation.
170                          */
171
172                         SIVAL(req->outbuf,smb_ntr_ParameterOffset,
173                               ((smb_buf(req->outbuf)+alignment_offset)
174                                - smb_base(req->outbuf)));
175                         /*
176                          * Absolute displacement of param bytes sent in this packet.
177                          */
178
179                         SIVAL(req->outbuf, smb_ntr_ParameterDisplacement,
180                               pp - params);
181                 }
182
183                 /*
184                  * Deal with the data portion.
185                  */
186
187                 SIVAL(req->outbuf, smb_ntr_DataCount, data_sent_thistime);
188
189                 if(data_sent_thistime == 0) {
190                         SIVAL(req->outbuf,smb_ntr_DataOffset,0);
191                         SIVAL(req->outbuf,smb_ntr_DataDisplacement, 0);
192                 } else {
193                         /*
194                          * The offset of the data bytes is the offset of the
195                          * parameter bytes plus the number of parameters being sent this time.
196                          */
197
198                         SIVAL(req->outbuf, smb_ntr_DataOffset,
199                               ((smb_buf(req->outbuf)+alignment_offset) -
200                                smb_base(req->outbuf))
201                               + params_sent_thistime + data_alignment_offset);
202                         SIVAL(req->outbuf,smb_ntr_DataDisplacement, pd - pdata);
203                 }
204
205                 /*
206                  * Copy the param bytes into the packet.
207                  */
208
209                 if(params_sent_thistime) {
210                         if (alignment_offset != 0) {
211                                 memset(smb_buf(req->outbuf), 0,
212                                        alignment_offset);
213                         }
214                         memcpy((smb_buf(req->outbuf)+alignment_offset), pp,
215                                params_sent_thistime);
216                 }
217
218                 /*
219                  * Copy in the data bytes
220                  */
221
222                 if(data_sent_thistime) {
223                         if (data_alignment_offset != 0) {
224                                 memset((smb_buf(req->outbuf)+alignment_offset+
225                                         params_sent_thistime), 0,
226                                        data_alignment_offset);
227                         }
228                         memcpy(smb_buf(req->outbuf)+alignment_offset
229                                +params_sent_thistime+data_alignment_offset,
230                                pd,data_sent_thistime);
231                 }
232
233                 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
234                         params_sent_thistime, data_sent_thistime, useable_space));
235                 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
236                         params_to_send, data_to_send, paramsize, datasize));
237
238                 if (NT_STATUS_V(nt_error)) {
239                         error_packet_set((char *)req->outbuf,
240                                          0, 0, nt_error,
241                                          __LINE__,__FILE__);
242                 }
243
244                 /* Send the packet */
245                 show_msg((char *)req->outbuf);
246                 if (!send_smb(smbd_server_fd(),(char *)req->outbuf)) {
247                         exit_server_cleanly("send_nt_replies: send_smb failed.");
248                 }
249
250                 TALLOC_FREE(req->outbuf);
251
252                 pp += params_sent_thistime;
253                 pd += data_sent_thistime;
254
255                 params_to_send -= params_sent_thistime;
256                 data_to_send -= data_sent_thistime;
257
258                 /*
259                  * Sanity check
260                  */
261
262                 if(params_to_send < 0 || data_to_send < 0) {
263                         DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
264                                 params_to_send, data_to_send));
265                         return;
266                 }
267         }
268 }
269
270 /****************************************************************************
271  Is it an NTFS stream name ?
272 ****************************************************************************/
273
274 BOOL is_ntfs_stream_name(const char *fname)
275 {
276         if (lp_posix_pathnames()) {
277                 return False;
278         }
279         return (strchr_m(fname, ':') != NULL) ? True : False;
280 }
281
282 struct case_semantics_state {
283         connection_struct *conn;
284         BOOL case_sensitive;
285         BOOL case_preserve;
286         BOOL short_case_preserve;
287 };
288
289 /****************************************************************************
290  Restore case semantics.
291 ****************************************************************************/
292 static int restore_case_semantics(struct case_semantics_state *state)
293 {
294         state->conn->case_sensitive = state->case_sensitive;
295         state->conn->case_preserve = state->case_preserve;
296         state->conn->short_case_preserve = state->short_case_preserve;
297         return 0;
298 }
299
300 /****************************************************************************
301  Save case semantics.
302 ****************************************************************************/
303 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
304                                                              connection_struct *conn)
305 {
306         struct case_semantics_state *result;
307
308         if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
309                 DEBUG(0, ("talloc failed\n"));
310                 return NULL;
311         }
312
313         result->conn = conn;
314         result->case_sensitive = conn->case_sensitive;
315         result->case_preserve = conn->case_preserve;
316         result->short_case_preserve = conn->short_case_preserve;
317
318         /* Set to POSIX. */
319         conn->case_sensitive = True;
320         conn->case_preserve = True;
321         conn->short_case_preserve = True;
322
323         talloc_set_destructor(result, restore_case_semantics);
324
325         return result;
326 }
327
328 /****************************************************************************
329  Reply to an NT create and X call on a pipe
330 ****************************************************************************/
331
332 static void nt_open_pipe(char *fname, connection_struct *conn,
333                          struct smb_request *req, int *ppnum)
334 {
335         smb_np_struct *p = NULL;
336         int i;
337
338         DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
339
340         /* See if it is one we want to handle. */
341
342         if (lp_disable_spoolss() && strequal(fname, "\\spoolss")) {
343                 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
344                                 ERRDOS, ERRbadpipe);
345                 return;
346         }
347
348         for( i = 0; known_nt_pipes[i]; i++ ) {
349                 if( strequal(fname,known_nt_pipes[i])) {
350                         break;
351                 }
352         }
353
354         if ( known_nt_pipes[i] == NULL ) {
355                 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
356                                 ERRDOS, ERRbadpipe);
357                 return;
358         }
359
360         /* Strip \\ off the name. */
361         fname++;
362
363         DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
364
365         p = open_rpc_pipe_p(fname, conn, req->vuid);
366         if (!p) {
367                 reply_doserror(req, ERRSRV, ERRnofids);
368                 return;
369         }
370
371         /* TODO: Add pipe to db */
372
373         if ( !store_pipe_opendb( p ) ) {
374                 DEBUG(3,("nt_open_pipe: failed to store %s pipe open.\n", fname));
375         }
376
377         *ppnum = p->pnum;
378         return;
379 }
380
381 /****************************************************************************
382  Reply to an NT create and X call for pipes.
383 ****************************************************************************/
384
385 static void do_ntcreate_pipe_open(connection_struct *conn,
386                                   struct smb_request *req)
387 {
388         char *fname = NULL;
389         int pnum = -1;
390         char *p = NULL;
391         uint32 flags = IVAL(req->inbuf,smb_ntcreate_Flags);
392         TALLOC_CTX *ctx = talloc_tos();
393
394         srvstr_pull_buf_talloc(ctx, (char *)req->inbuf, req->flags2, &fname,
395                         smb_buf(req->inbuf), STR_TERMINATE);
396
397         if (!fname) {
398                 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
399                                 ERRDOS, ERRbadpipe);
400                 return;
401         }
402         nt_open_pipe(fname, conn, req, &pnum);
403
404         if (req->outbuf) {
405                 /* error reply */
406                 return;
407         }
408
409         /*
410          * Deal with pipe return.
411          */
412
413         if (flags & EXTENDED_RESPONSE_REQUIRED) {
414                 /* This is very strange. We
415                  * return 50 words, but only set
416                  * the wcnt to 42 ? It's definately
417                  * what happens on the wire....
418                  */
419                 reply_outbuf(req, 50, 0);
420                 SCVAL(req->outbuf,smb_wct,42);
421         } else {
422                 reply_outbuf(req, 34, 0);
423         }
424
425         p = (char *)req->outbuf + smb_vwv2;
426         p++;
427         SSVAL(p,0,pnum);
428         p += 2;
429         SIVAL(p,0,FILE_WAS_OPENED);
430         p += 4;
431         p += 32;
432         SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
433         p += 20;
434         /* File type. */
435         SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
436         /* Device state. */
437         SSVAL(p,2, 0x5FF); /* ? */
438         p += 4;
439
440         if (flags & EXTENDED_RESPONSE_REQUIRED) {
441                 p += 25;
442                 SIVAL(p,0,FILE_GENERIC_ALL);
443                 /*
444                  * For pipes W2K3 seems to return
445                  * 0x12019B next.
446                  * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
447                  */
448                 SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
449         }
450
451         DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
452
453         chain_reply(req);
454 }
455
456 /****************************************************************************
457  Reply to an NT create and X call for a quota file.
458 ****************************************************************************/
459
460 static void reply_ntcreate_and_X_quota(connection_struct *conn,
461                                        struct smb_request *req,
462                                        enum FAKE_FILE_TYPE fake_file_type,
463                                        const char *fname)
464 {
465         char *p;
466         uint32 desired_access = IVAL(req->inbuf,smb_ntcreate_DesiredAccess);
467         files_struct *fsp;
468         NTSTATUS status;
469
470         status = open_fake_file(conn, fake_file_type, fname, desired_access,
471                                 &fsp);
472
473         if (!NT_STATUS_IS_OK(status)) {
474                 reply_nterror(req, status);
475                 return;
476         }
477
478         reply_outbuf(req, 34, 0);
479
480         p = (char *)req->outbuf + smb_vwv2;
481
482         /* SCVAL(p,0,NO_OPLOCK_RETURN); */
483         p++;
484         SSVAL(p,0,fsp->fnum);
485
486         DEBUG(5,("reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
487
488         chain_reply(req);
489 }
490
491 /****************************************************************************
492  Reply to an NT create and X call.
493 ****************************************************************************/
494
495 void reply_ntcreate_and_X(connection_struct *conn,
496                           struct smb_request *req)
497 {
498         char *fname = NULL;
499         uint32 flags;
500         uint32 access_mask;
501         uint32 file_attributes;
502         uint32 share_access;
503         uint32 create_disposition;
504         uint32 create_options;
505         uint16 root_dir_fid;
506         SMB_BIG_UINT allocation_size;
507         /* Breakout the oplock request bits so we can set the
508            reply bits separately. */
509         int oplock_request = 0;
510         uint32 fattr=0;
511         SMB_OFF_T file_len = 0;
512         SMB_STRUCT_STAT sbuf;
513         int info = 0;
514         files_struct *fsp = NULL;
515         char *p = NULL;
516         struct timespec c_timespec;
517         struct timespec a_timespec;
518         struct timespec m_timespec;
519         BOOL extended_oplock_granted = False;
520         NTSTATUS status;
521         struct case_semantics_state *case_state = NULL;
522         TALLOC_CTX *ctx = talloc_tos();
523
524         START_PROFILE(SMBntcreateX);
525
526         if (req->wct < 24) {
527                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
528                 return;
529         }
530
531         flags = IVAL(req->inbuf,smb_ntcreate_Flags);
532         access_mask = IVAL(req->inbuf,smb_ntcreate_DesiredAccess);
533         file_attributes = IVAL(req->inbuf,smb_ntcreate_FileAttributes);
534         share_access = IVAL(req->inbuf,smb_ntcreate_ShareAccess);
535         create_disposition = IVAL(req->inbuf,smb_ntcreate_CreateDisposition);
536         create_options = IVAL(req->inbuf,smb_ntcreate_CreateOptions);
537         root_dir_fid = (uint16)IVAL(req->inbuf,smb_ntcreate_RootDirectoryFid);
538
539         allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_ntcreate_AllocationSize);
540 #ifdef LARGE_SMB_OFF_T
541         allocation_size |= (((SMB_BIG_UINT)IVAL(req->inbuf,smb_ntcreate_AllocationSize + 4)) << 32);
542 #endif
543
544         DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
545                   "file_attributes = 0x%x, share_access = 0x%x, "
546                   "create_disposition = 0x%x create_options = 0x%x "
547                   "root_dir_fid = 0x%x\n",
548                         (unsigned int)flags,
549                         (unsigned int)access_mask,
550                         (unsigned int)file_attributes,
551                         (unsigned int)share_access,
552                         (unsigned int)create_disposition,
553                         (unsigned int)create_options,
554                         (unsigned int)root_dir_fid ));
555
556         /*
557          * If it's an IPC, use the pipe handler.
558          */
559
560         if (IS_IPC(conn)) {
561                 if (lp_nt_pipe_support()) {
562                         do_ntcreate_pipe_open(conn, req);
563                         END_PROFILE(SMBntcreateX);
564                         return;
565                 } else {
566                         reply_doserror(req, ERRDOS, ERRnoaccess);
567                         END_PROFILE(SMBntcreateX);
568                         return;
569                 }
570         }
571
572         if (create_options & FILE_OPEN_BY_FILE_ID) {
573                 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
574                 END_PROFILE(SMBntcreateX);
575                 return;
576         }
577
578         /*
579          * Get the file name.
580          */
581
582         if(root_dir_fid != 0) {
583                 /*
584                  * This filename is relative to a directory fid.
585                  */
586                 char *rel_fname = NULL;
587                 files_struct *dir_fsp = file_fsp(
588                         SVAL(req->inbuf, smb_ntcreate_RootDirectoryFid));
589                 size_t dir_name_len;
590
591                 if(!dir_fsp) {
592                         reply_doserror(req, ERRDOS, ERRbadfid);
593                         END_PROFILE(SMBntcreateX);
594                         return;
595                 }
596
597                 if(!dir_fsp->is_directory) {
598
599                         srvstr_get_path(ctx, (char *)req->inbuf,
600                                         req->flags2, &fname,
601                                         smb_buf(req->inbuf), 0,
602                                         STR_TERMINATE, &status);
603                         if (!NT_STATUS_IS_OK(status)) {
604                                 reply_nterror(req, status);
605                                 END_PROFILE(SMBntcreateX);
606                                 return;
607                         }
608
609                         /*
610                          * Check to see if this is a mac fork of some kind.
611                          */
612
613                         if( is_ntfs_stream_name(fname)) {
614                                 reply_nterror(
615                                         req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
616                                 END_PROFILE(SMBntcreateX);
617                                 return;
618                         }
619
620                         /*
621                           we need to handle the case when we get a
622                           relative open relative to a file and the
623                           pathname is blank - this is a reopen!
624                           (hint from demyn plantenberg)
625                         */
626
627                         reply_doserror(req, ERRDOS, ERRbadfid);
628                         END_PROFILE(SMBntcreateX);
629                         return;
630                 }
631
632                 /*
633                  * Copy in the base directory name.
634                  */
635
636                 dir_name_len = strlen(dir_fsp->fsp_name);
637                 fname = TALLOC_SIZE(ctx, dir_name_len+2);
638                 if (!fname) {
639                         reply_nterror(
640                                 req, NT_STATUS_NO_MEMORY);
641                         END_PROFILE(SMBntcreateX);
642                         return;
643                 }
644                 memcpy(fname, dir_fsp->fsp_name, dir_name_len+1);
645
646                 /*
647                  * Ensure it ends in a '/'.
648                  * We used TALLOC_SIZE +2 to add space for the '/'.
649                  */
650
651                 if(dir_name_len && (fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
652                         fname[dir_name_len] = '/';
653                         fname[dir_name_len+1] = '\0';
654                         dir_name_len++;
655                 }
656
657                 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &rel_fname,
658                                 smb_buf(req->inbuf), 0,
659                                 STR_TERMINATE, &status);
660                 if (!NT_STATUS_IS_OK(status)) {
661                         reply_nterror(req, status);
662                         END_PROFILE(SMBntcreateX);
663                         return;
664                 }
665                 fname = talloc_asprintf(ctx, "%s%s",
666                                         fname,
667                                         rel_fname);
668                 if (!fname) {
669                         reply_nterror(
670                                 req, NT_STATUS_NO_MEMORY);
671                         END_PROFILE(SMBntcreateX);
672                         return;
673                 }
674         } else {
675                 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
676                                 smb_buf(req->inbuf), 0,
677                                 STR_TERMINATE, &status);
678                 if (!NT_STATUS_IS_OK(status)) {
679                         reply_nterror(req, status);
680                         END_PROFILE(SMBntcreateX);
681                         return;
682                 }
683
684                 /*
685                  * Check to see if this is a mac fork of some kind.
686                  */
687
688                 if( is_ntfs_stream_name(fname)) {
689                         enum FAKE_FILE_TYPE fake_file_type = is_fake_file(fname);
690                         if (fake_file_type!=FAKE_FILE_TYPE_NONE) {
691                                 /*
692                                  * Here we go! support for changing the disk quotas --metze
693                                  *
694                                  * We need to fake up to open this MAGIC QUOTA file 
695                                  * and return a valid FID.
696                                  *
697                                  * w2k close this file directly after openening
698                                  * xp also tries a QUERY_FILE_INFO on the file and then close it
699                                  */
700                                 reply_ntcreate_and_X_quota(conn, req,
701                                                           fake_file_type, fname);
702                         } else {
703                                 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
704                         }
705                         END_PROFILE(SMBntcreateX);
706                         return;
707                 }
708         }
709
710         /*
711          * Now contruct the smb_open_mode value from the filename,
712          * desired access and the share access.
713          */
714         status = resolve_dfspath(ctx, conn,
715                                 req->flags2 & FLAGS2_DFS_PATHNAMES,
716                                 fname,
717                                 &fname);
718         if (!NT_STATUS_IS_OK(status)) {
719                 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
720                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
721                                         ERRSRV, ERRbadpath);
722                 }
723                 else {
724                         reply_nterror(req, status);
725                 }
726                 END_PROFILE(SMBntcreateX);
727                 return;
728         }
729
730         oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
731         if (oplock_request) {
732                 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
733         }
734
735         /*
736          * Ordinary file or directory.
737          */
738
739         /*
740          * Check if POSIX semantics are wanted.
741          */
742
743         if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
744                 case_state = set_posix_case_semantics(NULL, conn);
745                 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
746         }
747
748         status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
749         if (!NT_STATUS_IS_OK(status)) {
750                 TALLOC_FREE(case_state);
751                 reply_nterror(req, status);
752                 END_PROFILE(SMBntcreateX);
753                 return;
754         }
755         /* All file access must go through check_name() */
756         status = check_name(conn, fname);
757         if (!NT_STATUS_IS_OK(status)) {
758                 TALLOC_FREE(case_state);
759                 reply_nterror(req, status);
760                 END_PROFILE(SMBntcreateX);
761                 return;
762         }
763
764         /* This is the correct thing to do (check every time) but can_delete is
765            expensive (it may have to read the parent directory permissions). So
766            for now we're not doing it unless we have a strong hint the client
767            is really going to delete this file. If the client is forcing FILE_CREATE
768            let the filesystem take care of the permissions. */
769
770         /* Setting FILE_SHARE_DELETE is the hint. */
771
772         if (lp_acl_check_permissions(SNUM(conn))
773             && (create_disposition != FILE_CREATE)
774             && (share_access & FILE_SHARE_DELETE)
775             && (access_mask & DELETE_ACCESS)) {
776                 if ((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY) ||
777                                 !can_delete_file_in_directory(conn, fname)) {
778                         TALLOC_FREE(case_state);
779                         reply_nterror(req, NT_STATUS_ACCESS_DENIED);
780                         END_PROFILE(SMBntcreateX);
781                         return;
782                 }
783         }
784
785 #if 0
786         /* We need to support SeSecurityPrivilege for this. */
787         if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
788                         !user_has_privileges(current_user.nt_user_token,
789                                 &se_security)) {
790                 TALLOC_FREE(case_state);
791                 END_PROFILE(SMBntcreateX);
792                 return ERROR_NT(NT_STATUS_PRIVILEGE_NOT_HELD);
793         }
794 #endif
795
796         /*
797          * If it's a request for a directory open, deal with it separately.
798          */
799
800         if(create_options & FILE_DIRECTORY_FILE) {
801
802                 /* Can't open a temp directory. IFS kit test. */
803                 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
804                         TALLOC_FREE(case_state);
805                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
806                         END_PROFILE(SMBntcreateX);
807                         return;
808                 }
809
810                 oplock_request = 0;
811                 status = open_directory(conn, req, fname, &sbuf,
812                                         access_mask,
813                                         share_access,
814                                         create_disposition,
815                                         create_options,
816                                         file_attributes,
817                                         &info, &fsp);
818
819         } else {
820
821                 /*
822                  * Ordinary file case.
823                  */
824
825                 /* NB. We have a potential bug here. If we
826                  * cause an oplock break to ourselves, then we
827                  * could end up processing filename related
828                  * SMB requests whilst we await the oplock
829                  * break response. As we may have changed the
830                  * filename case semantics to be POSIX-like,
831                  * this could mean a filename request could
832                  * fail when it should succeed. This is a rare
833                  * condition, but eventually we must arrange
834                  * to restore the correct case semantics
835                  * before issuing an oplock break request to
836                  * our client. JRA.  */
837
838                 status = open_file_ntcreate(conn, req, fname, &sbuf,
839                                         access_mask,
840                                         share_access,
841                                         create_disposition,
842                                         create_options,
843                                         file_attributes,
844                                         oplock_request,
845                                         &info, &fsp);
846
847                 /* We cheat here. There are two cases we
848                  * care about. One is a directory rename,
849                  * where the NT client will attempt to
850                  * open the source directory for
851                  * DELETE access. Note that when the
852                  * NT client does this it does *not*
853                  * set the directory bit in the
854                  * request packet. This is translated
855                  * into a read/write open
856                  * request. POSIX states that any open
857                  * for write request on a directory
858                  * will generate an EISDIR error, so
859                  * we can catch this here and open a
860                  * pseudo handle that is flagged as a
861                  * directory. The second is an open
862                  * for a permissions read only, which
863                  * we handle in the open_file_stat case. JRA.
864                  */
865
866                 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
867
868                         /*
869                          * Fail the open if it was explicitly a non-directory
870                          * file.
871                          */
872
873                         if (create_options & FILE_NON_DIRECTORY_FILE) {
874                                 TALLOC_FREE(case_state);
875                                 reply_force_nterror(req,
876                                                 NT_STATUS_FILE_IS_A_DIRECTORY);
877                                 END_PROFILE(SMBntcreateX);
878                                 return;
879                         }
880
881                         oplock_request = 0;
882                         status = open_directory(conn, req, fname,
883                                                 &sbuf,
884                                                 access_mask,
885                                                 share_access,
886                                                 create_disposition,
887                                                 create_options,
888                                                 file_attributes,
889                                                 &info, &fsp);
890                 }
891         }
892
893         TALLOC_FREE(case_state);
894
895         if (!NT_STATUS_IS_OK(status)) {
896                 if (open_was_deferred(req->mid)) {
897                         /* We have re-scheduled this call. */
898                         END_PROFILE(SMBntcreateX);
899                         return;
900                 }
901                 reply_openerror(req, status);
902                 END_PROFILE(SMBntcreateX);
903                 return;
904         }
905
906         file_len = sbuf.st_size;
907         fattr = dos_mode(conn,fname,&sbuf);
908         if(fattr == 0) {
909                 fattr = FILE_ATTRIBUTE_NORMAL;
910         }
911         if (!fsp->is_directory && (fattr & aDIR)) {
912                 close_file(fsp,ERROR_CLOSE);
913                 reply_doserror(req, ERRDOS, ERRnoaccess);
914                 END_PROFILE(SMBntcreateX);
915                 return;
916         }
917
918         /* Save the requested allocation size. */
919         if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
920                 if (allocation_size && (allocation_size > (SMB_BIG_UINT)file_len)) {
921                         fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
922                         if (fsp->is_directory) {
923                                 close_file(fsp,ERROR_CLOSE);
924                                 /* Can't set allocation size on a directory. */
925                                 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
926                                 END_PROFILE(SMBntcreateX);
927                                 return;
928                         }
929                         if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
930                                 close_file(fsp,ERROR_CLOSE);
931                                 reply_nterror(req, NT_STATUS_DISK_FULL);
932                                 END_PROFILE(SMBntcreateX);
933                                 return;
934                         }
935                 } else {
936                         fsp->initial_allocation_size = smb_roundup(fsp->conn,(SMB_BIG_UINT)file_len);
937                 }
938         }
939
940         /*
941          * If the caller set the extended oplock request bit
942          * and we granted one (by whatever means) - set the
943          * correct bit for extended oplock reply.
944          */
945
946         if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
947                 extended_oplock_granted = True;
948         }
949
950         if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
951                 extended_oplock_granted = True;
952         }
953
954         if (flags & EXTENDED_RESPONSE_REQUIRED) {
955                 /* This is very strange. We
956                  * return 50 words, but only set
957                  * the wcnt to 42 ? It's definately
958                  * what happens on the wire....
959                  */
960                 reply_outbuf(req, 50, 0);
961                 SCVAL(req->outbuf,smb_wct,42);
962         } else {
963                 reply_outbuf(req, 34, 0);
964         }
965
966         p = (char *)req->outbuf + smb_vwv2;
967
968         /*
969          * Currently as we don't support level II oplocks we just report
970          * exclusive & batch here.
971          */
972
973         if (extended_oplock_granted) {
974                 if (flags & REQUEST_BATCH_OPLOCK) {
975                         SCVAL(p,0, BATCH_OPLOCK_RETURN);
976                 } else {
977                         SCVAL(p,0, EXCLUSIVE_OPLOCK_RETURN);
978                 }
979         } else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
980                 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
981         } else {
982                 SCVAL(p,0,NO_OPLOCK_RETURN);
983         }
984
985         p++;
986         SSVAL(p,0,fsp->fnum);
987         p += 2;
988         if ((create_disposition == FILE_SUPERSEDE) && (info == FILE_WAS_OVERWRITTEN)) {
989                 SIVAL(p,0,FILE_WAS_SUPERSEDED);
990         } else {
991                 SIVAL(p,0,info);
992         }
993         p += 4;
994
995         /* Create time. */
996         c_timespec = get_create_timespec(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
997         a_timespec = get_atimespec(&sbuf);
998         m_timespec = get_mtimespec(&sbuf);
999
1000         if (lp_dos_filetime_resolution(SNUM(conn))) {
1001                 dos_filetime_timespec(&c_timespec);
1002                 dos_filetime_timespec(&a_timespec);
1003                 dos_filetime_timespec(&m_timespec);
1004         }
1005
1006         put_long_date_timespec(p, c_timespec); /* create time. */
1007         p += 8;
1008         put_long_date_timespec(p, a_timespec); /* access time */
1009         p += 8;
1010         put_long_date_timespec(p, m_timespec); /* write time */
1011         p += 8;
1012         put_long_date_timespec(p, m_timespec); /* change time */
1013         p += 8;
1014         SIVAL(p,0,fattr); /* File Attributes. */
1015         p += 4;
1016         SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf));
1017         p += 8;
1018         SOFF_T(p,0,file_len);
1019         p += 8;
1020         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1021                 SSVAL(p,2,0x7);
1022         }
1023         p += 4;
1024         SCVAL(p,0,fsp->is_directory ? 1 : 0);
1025
1026         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1027                 uint32 perms = 0;
1028                 p += 25;
1029                 if (fsp->is_directory || can_write_to_file(conn, fname, &sbuf)) {
1030                         perms = FILE_GENERIC_ALL;
1031                 } else {
1032                         perms = FILE_GENERIC_READ|FILE_EXECUTE;
1033                 }
1034                 SIVAL(p,0,perms);
1035         }
1036
1037         DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
1038
1039         chain_reply(req);
1040         END_PROFILE(SMBntcreateX);
1041         return;
1042 }
1043
1044 /****************************************************************************
1045  Reply to a NT_TRANSACT_CREATE call to open a pipe.
1046 ****************************************************************************/
1047
1048 static void do_nt_transact_create_pipe(connection_struct *conn,
1049                                        struct smb_request *req,
1050                                        uint16 **ppsetup, uint32 setup_count,
1051                                        char **ppparams, uint32 parameter_count,
1052                                        char **ppdata, uint32 data_count)
1053 {
1054         char *fname = NULL;
1055         char *params = *ppparams;
1056         int pnum = -1;
1057         char *p = NULL;
1058         NTSTATUS status;
1059         size_t param_len;
1060         uint32 flags;
1061         TALLOC_CTX *ctx = talloc_tos();
1062
1063         /*
1064          * Ensure minimum number of parameters sent.
1065          */
1066
1067         if(parameter_count < 54) {
1068                 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count));
1069                 reply_doserror(req, ERRDOS, ERRnoaccess);
1070                 return;
1071         }
1072
1073         flags = IVAL(params,0);
1074
1075         srvstr_get_path(ctx, params, req->flags2, &fname, params+53,
1076                         parameter_count-53, STR_TERMINATE,
1077                         &status);
1078         if (!NT_STATUS_IS_OK(status)) {
1079                 reply_nterror(req, status);
1080                 return;
1081         }
1082
1083         nt_open_pipe(fname, conn, req, &pnum);
1084
1085         if (req->outbuf) {
1086                 /* Error return */
1087                 return;
1088         }
1089
1090         /* Realloc the size of parameters and data we will return */
1091         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1092                 /* Extended response is 32 more byyes. */
1093                 param_len = 101;
1094         } else {
1095                 param_len = 69;
1096         }
1097         params = nttrans_realloc(ppparams, param_len);
1098         if(params == NULL) {
1099                 reply_doserror(req, ERRDOS, ERRnomem);
1100                 return;
1101         }
1102
1103         p = params;
1104         SCVAL(p,0,NO_OPLOCK_RETURN);
1105
1106         p += 2;
1107         SSVAL(p,0,pnum);
1108         p += 2;
1109         SIVAL(p,0,FILE_WAS_OPENED);
1110         p += 8;
1111
1112         p += 32;
1113         SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
1114         p += 20;
1115         /* File type. */
1116         SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
1117         /* Device state. */
1118         SSVAL(p,2, 0x5FF); /* ? */
1119         p += 4;
1120
1121         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1122                 p += 25;
1123                 SIVAL(p,0,FILE_GENERIC_ALL);
1124                 /*
1125                  * For pipes W2K3 seems to return
1126                  * 0x12019B next.
1127                  * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
1128                  */
1129                 SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
1130         }
1131
1132         DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
1133
1134         /* Send the required number of replies */
1135         send_nt_replies(req, NT_STATUS_OK, params, param_len, *ppdata, 0);
1136
1137         return;
1138 }
1139
1140 /****************************************************************************
1141  Internal fn to set security descriptors.
1142 ****************************************************************************/
1143
1144 static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security_info_sent)
1145 {
1146         prs_struct pd;
1147         SEC_DESC *psd = NULL;
1148         TALLOC_CTX *mem_ctx;
1149         NTSTATUS status;
1150
1151         if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
1152                 return NT_STATUS_OK;
1153         }
1154
1155         /*
1156          * Init the parse struct we will unmarshall from.
1157          */
1158
1159         if ((mem_ctx = talloc_init("set_sd")) == NULL) {
1160                 DEBUG(0,("set_sd: talloc_init failed.\n"));
1161                 return NT_STATUS_NO_MEMORY;
1162         }
1163
1164         prs_init(&pd, 0, mem_ctx, UNMARSHALL);
1165
1166         /*
1167          * Setup the prs_struct to point at the memory we just
1168          * allocated.
1169          */
1170
1171         prs_give_memory( &pd, data, sd_len, False);
1172
1173         /*
1174          * Finally, unmarshall from the data buffer.
1175          */
1176
1177         if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1178                 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
1179                 /*
1180                  * Return access denied for want of a better error message..
1181                  */
1182                 talloc_destroy(mem_ctx);
1183                 return NT_STATUS_NO_MEMORY;
1184         }
1185
1186         if (psd->owner_sid==0) {
1187                 security_info_sent &= ~OWNER_SECURITY_INFORMATION;
1188         }
1189         if (psd->group_sid==0) {
1190                 security_info_sent &= ~GROUP_SECURITY_INFORMATION;
1191         }
1192         if (psd->sacl==0) {
1193                 security_info_sent &= ~SACL_SECURITY_INFORMATION;
1194         }
1195         if (psd->dacl==0) {
1196                 security_info_sent &= ~DACL_SECURITY_INFORMATION;
1197         }
1198
1199         status = SMB_VFS_FSET_NT_ACL( fsp, fsp->fh->fd, security_info_sent, psd);
1200
1201         talloc_destroy(mem_ctx);
1202         return status;
1203 }
1204
1205 /****************************************************************************
1206  Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
1207 ****************************************************************************/
1208
1209 static struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
1210 {
1211         struct ea_list *ea_list_head = NULL;
1212         size_t offset = 0;
1213
1214         if (data_size < 4) {
1215                 return NULL;
1216         }
1217
1218         while (offset + 4 <= data_size) {
1219                 size_t next_offset = IVAL(pdata,offset);
1220                 struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset + 4, data_size - offset - 4, NULL);
1221
1222                 if (!eal) {
1223                         return NULL;
1224                 }
1225
1226                 DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
1227                 if (next_offset == 0) {
1228                         break;
1229                 }
1230                 offset += next_offset;
1231         }
1232
1233         return ea_list_head;
1234 }
1235
1236 /****************************************************************************
1237  Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1238 ****************************************************************************/
1239
1240 static void call_nt_transact_create(connection_struct *conn,
1241                                     struct smb_request *req,
1242                                     uint16 **ppsetup, uint32 setup_count,
1243                                     char **ppparams, uint32 parameter_count,
1244                                     char **ppdata, uint32 data_count,
1245                                     uint32 max_data_count)
1246 {
1247         char *fname = NULL;
1248         char *params = *ppparams;
1249         char *data = *ppdata;
1250         /* Breakout the oplock request bits so we can set the reply bits separately. */
1251         int oplock_request = 0;
1252         uint32 fattr=0;
1253         SMB_OFF_T file_len = 0;
1254         SMB_STRUCT_STAT sbuf;
1255         int info = 0;
1256         files_struct *fsp = NULL;
1257         char *p = NULL;
1258         BOOL extended_oplock_granted = False;
1259         uint32 flags;
1260         uint32 access_mask;
1261         uint32 file_attributes;
1262         uint32 share_access;
1263         uint32 create_disposition;
1264         uint32 create_options;
1265         uint32 sd_len;
1266         uint32 ea_len;
1267         uint16 root_dir_fid;
1268         struct timespec c_timespec;
1269         struct timespec a_timespec;
1270         struct timespec m_timespec;
1271         struct ea_list *ea_list = NULL;
1272         char *pdata = NULL;
1273         NTSTATUS status;
1274         size_t param_len;
1275         struct case_semantics_state *case_state = NULL;
1276         TALLOC_CTX *ctx = talloc_tos();
1277
1278         DEBUG(5,("call_nt_transact_create\n"));
1279
1280         /*
1281          * If it's an IPC, use the pipe handler.
1282          */
1283
1284         if (IS_IPC(conn)) {
1285                 if (lp_nt_pipe_support()) {
1286                         do_nt_transact_create_pipe(
1287                                 conn, req,
1288                                 ppsetup, setup_count,
1289                                 ppparams, parameter_count,
1290                                 ppdata, data_count);
1291                         return;
1292                 } else {
1293                         reply_doserror(req, ERRDOS, ERRnoaccess);
1294                         return;
1295                 }
1296         }
1297
1298         /*
1299          * Ensure minimum number of parameters sent.
1300          */
1301
1302         if(parameter_count < 54) {
1303                 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count));
1304                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1305                 return;
1306         }
1307
1308         flags = IVAL(params,0);
1309         access_mask = IVAL(params,8);
1310         file_attributes = IVAL(params,20);
1311         share_access = IVAL(params,24);
1312         create_disposition = IVAL(params,28);
1313         create_options = IVAL(params,32);
1314         sd_len = IVAL(params,36);
1315         ea_len = IVAL(params,40);
1316         root_dir_fid = (uint16)IVAL(params,4);
1317
1318         /* Ensure the data_len is correct for the sd and ea values given. */
1319         if ((ea_len + sd_len > data_count) ||
1320                         (ea_len > data_count) || (sd_len > data_count) ||
1321                         (ea_len + sd_len < ea_len) || (ea_len + sd_len < sd_len)) {
1322                 DEBUG(10,("call_nt_transact_create - ea_len = %u, sd_len = %u, data_count = %u\n",
1323                         (unsigned int)ea_len, (unsigned int)sd_len, (unsigned int)data_count ));
1324                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1325                 return;
1326         }
1327
1328         if (ea_len) {
1329                 if (!lp_ea_support(SNUM(conn))) {
1330                         DEBUG(10,("call_nt_transact_create - ea_len = %u but EA's not supported.\n",
1331                                 (unsigned int)ea_len ));
1332                         reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
1333                         return;
1334                 }
1335
1336                 if (ea_len < 10) {
1337                         DEBUG(10,("call_nt_transact_create - ea_len = %u - too small (should be more than 10)\n",
1338                                 (unsigned int)ea_len ));
1339                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1340                         return;
1341                 }
1342         }
1343
1344         if (create_options & FILE_OPEN_BY_FILE_ID) {
1345                 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
1346                 return;
1347         }
1348
1349         /*
1350          * Get the file name.
1351          */
1352
1353         if(root_dir_fid != 0) {
1354                 /*
1355                  * This filename is relative to a directory fid.
1356                  */
1357                 char *tmpname = NULL;
1358                 files_struct *dir_fsp = file_fsp(SVAL(params,4));
1359                 size_t dir_name_len;
1360
1361                 if(!dir_fsp) {
1362                         reply_doserror(req, ERRDOS, ERRbadfid);
1363                         return;
1364                 }
1365
1366                 if(!dir_fsp->is_directory) {
1367                         srvstr_get_path(ctx, params, req->flags2, &fname,
1368                                         params+53,
1369                                         parameter_count-53, STR_TERMINATE,
1370                                         &status);
1371                         if (!NT_STATUS_IS_OK(status)) {
1372                                 reply_nterror(req, status);
1373                                 return;
1374                         }
1375
1376                         /*
1377                          * Check to see if this is a mac fork of some kind.
1378                          */
1379
1380                         if( is_ntfs_stream_name(fname)) {
1381                                 reply_nterror(req,
1382                                               NT_STATUS_OBJECT_PATH_NOT_FOUND);
1383                                 return;
1384                         }
1385
1386                         reply_doserror(req, ERRDOS, ERRbadfid);
1387                         return;
1388                 }
1389
1390                 /*
1391                  * Copy in the base directory name.
1392                  */
1393
1394                 dir_name_len = strlen(dir_fsp->fsp_name);
1395                 fname = TALLOC_SIZE(ctx, dir_name_len+2);
1396                 if (!fname) {
1397                         reply_nterror(
1398                                 req, NT_STATUS_NO_MEMORY);
1399                         END_PROFILE(SMBntcreateX);
1400                         return;
1401                 }
1402                 memcpy(fname, dir_fsp->fsp_name, dir_name_len+1);
1403
1404                 /*
1405                  * Ensure it ends in a '/'.
1406                  * We used TALLOC_SIZE +2 to add space for the '/'.
1407                  */
1408
1409                 if(dir_name_len && (fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
1410                         fname[dir_name_len] = '/';
1411                         fname[dir_name_len+1] = '\0';
1412                         dir_name_len++;
1413                 }
1414
1415                 srvstr_get_path(ctx, params, req->flags2, &tmpname,
1416                                 params+53,
1417                                 parameter_count-53, STR_TERMINATE,
1418                                 &status);
1419                 if (!NT_STATUS_IS_OK(status)) {
1420                         reply_nterror(req, status);
1421                         return;
1422                 }
1423                 fname = talloc_asprintf(ctx, "%s%s",
1424                                         fname,
1425                                         tmpname);
1426                 if (!fname) {
1427                         reply_nterror(
1428                                 req, NT_STATUS_NO_MEMORY);
1429                         return;
1430                 }
1431         } else {
1432                 srvstr_get_path(ctx, params, req->flags2, &fname, params+53,
1433                                 parameter_count-53,
1434                                 STR_TERMINATE, &status);
1435                 if (!NT_STATUS_IS_OK(status)) {
1436                         reply_nterror(req, status);
1437                         return;
1438                 }
1439
1440                 /*
1441                  * Check to see if this is a mac fork of some kind.
1442                  */
1443
1444                 if( is_ntfs_stream_name(fname)) {
1445                         reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
1446                         return;
1447                 }
1448         }
1449
1450         oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1451         if (oplock_request) {
1452                 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
1453         }
1454
1455         /*
1456          * Ordinary file or directory.
1457          */
1458
1459         /*
1460          * Check if POSIX semantics are wanted.
1461          */
1462
1463         if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1464                 case_state = set_posix_case_semantics(NULL, conn);
1465                 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
1466         }
1467
1468         status = resolve_dfspath(ctx, conn,
1469                                 req->flags2 & FLAGS2_DFS_PATHNAMES,
1470                                 fname,
1471                                 &fname);
1472         if (!NT_STATUS_IS_OK(status)) {
1473                 TALLOC_FREE(case_state);
1474                 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1475                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1476                                         ERRSRV, ERRbadpath);
1477                         return;
1478                 }
1479                 reply_nterror(req, status);
1480                 return;
1481         }
1482
1483         status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
1484         if (!NT_STATUS_IS_OK(status)) {
1485                 TALLOC_FREE(case_state);
1486                 reply_nterror(req, status);
1487                 return;
1488         }
1489         /* All file access must go through check_name() */
1490         status = check_name(conn, fname);
1491         if (!NT_STATUS_IS_OK(status)) {
1492                 TALLOC_FREE(case_state);
1493                 reply_nterror(req, status);
1494                 return;
1495         }
1496
1497         /* This is the correct thing to do (check every time) but can_delete is
1498            expensive (it may have to read the parent directory permissions). So
1499            for now we're not doing it unless we have a strong hint the client
1500            is really going to delete this file. If the client is forcing FILE_CREATE
1501            let the filesystem take care of the permissions. */
1502
1503         /* Setting FILE_SHARE_DELETE is the hint. */
1504
1505         if (lp_acl_check_permissions(SNUM(conn))
1506             && (create_disposition != FILE_CREATE)
1507             && (share_access & FILE_SHARE_DELETE)
1508             && (access_mask & DELETE_ACCESS)) {
1509                 if ((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY) ||
1510                                 !can_delete_file_in_directory(conn, fname)) {
1511                         TALLOC_FREE(case_state);
1512                         reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1513                         return;
1514                 }
1515         }
1516
1517 #if 0
1518         /* We need to support SeSecurityPrivilege for this. */
1519         if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
1520                         !user_has_privileges(current_user.nt_user_token,
1521                                 &se_security)) {
1522                 TALLOC_FREE(case_state);
1523                 reply_nterror(req, NT_STATUS_PRIVILEGE_NOT_HELD);
1524                 return;
1525         }
1526 #endif
1527
1528         if (ea_len) {
1529                 pdata = data + sd_len;
1530
1531                 /* We have already checked that ea_len <= data_count here. */
1532                 ea_list = read_nttrans_ea_list(talloc_tos(), pdata,
1533                                                ea_len);
1534                 if (!ea_list ) {
1535                         TALLOC_FREE(case_state);
1536                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1537                         return;
1538                 }
1539         }
1540
1541         /*
1542          * If it's a request for a directory open, deal with it separately.
1543          */
1544
1545         if(create_options & FILE_DIRECTORY_FILE) {
1546
1547                 /* Can't open a temp directory. IFS kit test. */
1548                 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
1549                         TALLOC_FREE(case_state);
1550                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1551                         return;
1552                 }
1553
1554                 /*
1555                  * We will get a create directory here if the Win32
1556                  * app specified a security descriptor in the 
1557                  * CreateDirectory() call.
1558                  */
1559
1560                 oplock_request = 0;
1561                 status = open_directory(conn, req, fname, &sbuf,
1562                                         access_mask,
1563                                         share_access,
1564                                         create_disposition,
1565                                         create_options,
1566                                         file_attributes,
1567                                         &info, &fsp);
1568         } else {
1569
1570                 /*
1571                  * Ordinary file case.
1572                  */
1573
1574                 status = open_file_ntcreate(conn,req,fname,&sbuf,
1575                                         access_mask,
1576                                         share_access,
1577                                         create_disposition,
1578                                         create_options,
1579                                         file_attributes,
1580                                         oplock_request,
1581                                         &info, &fsp);
1582
1583                 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
1584
1585                         /*
1586                          * Fail the open if it was explicitly a non-directory file.
1587                          */
1588
1589                         if (create_options & FILE_NON_DIRECTORY_FILE) {
1590                                 TALLOC_FREE(case_state);
1591                                 reply_force_nterror(
1592                                         req,
1593                                         NT_STATUS_FILE_IS_A_DIRECTORY);
1594                                 return;
1595                         }
1596
1597                         oplock_request = 0;
1598                         status = open_directory(conn, req, fname,
1599                                                 &sbuf,
1600                                                 access_mask,
1601                                                 share_access,
1602                                                 create_disposition,
1603                                                 create_options,
1604                                                 file_attributes,
1605                                                 &info, &fsp);
1606                 }
1607         }
1608
1609         TALLOC_FREE(case_state);
1610
1611         if(!NT_STATUS_IS_OK(status)) {
1612                 if (open_was_deferred(req->mid)) {
1613                         /* We have re-scheduled this call. */
1614                         return;
1615                 }
1616                 reply_openerror(req, status);
1617                 return;
1618         }
1619
1620         /*
1621          * According to the MS documentation, the only time the security
1622          * descriptor is applied to the opened file is iff we *created* the
1623          * file; an existing file stays the same.
1624          *
1625          * Also, it seems (from observation) that you can open the file with
1626          * any access mask but you can still write the sd. We need to override
1627          * the granted access before we call set_sd
1628          * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
1629          */
1630
1631         if (lp_nt_acl_support(SNUM(conn)) && sd_len && info == FILE_WAS_CREATED) {
1632                 uint32 saved_access_mask = fsp->access_mask;
1633
1634                 /* We have already checked that sd_len <= data_count here. */
1635
1636                 fsp->access_mask = FILE_GENERIC_ALL;
1637
1638                 status = set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION);
1639                 if (!NT_STATUS_IS_OK(status)) {
1640                         close_file(fsp,ERROR_CLOSE);
1641                         TALLOC_FREE(case_state);
1642                         reply_nterror(req, status);
1643                         return;
1644                 }
1645                 fsp->access_mask = saved_access_mask;
1646         }
1647
1648         if (ea_len && (info == FILE_WAS_CREATED)) {
1649                 status = set_ea(conn, fsp, fname, ea_list);
1650                 if (!NT_STATUS_IS_OK(status)) {
1651                         close_file(fsp,ERROR_CLOSE);
1652                         TALLOC_FREE(case_state);
1653                         reply_nterror(req, status);
1654                         return;
1655                 }
1656         }
1657
1658         TALLOC_FREE(case_state);
1659
1660         file_len = sbuf.st_size;
1661         fattr = dos_mode(conn,fname,&sbuf);
1662         if(fattr == 0) {
1663                 fattr = FILE_ATTRIBUTE_NORMAL;
1664         }
1665         if (!fsp->is_directory && (fattr & aDIR)) {
1666                 close_file(fsp,ERROR_CLOSE);
1667                 reply_doserror(req, ERRDOS, ERRnoaccess);
1668                 return;
1669         }
1670
1671         /* Save the requested allocation size. */
1672         if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
1673                 SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(params,12);
1674 #ifdef LARGE_SMB_OFF_T
1675                 allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32);
1676 #endif
1677                 if (allocation_size && (allocation_size > file_len)) {
1678                         fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1679                         if (fsp->is_directory) {
1680                                 close_file(fsp,ERROR_CLOSE);
1681                                 /* Can't set allocation size on a directory. */
1682                                 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1683                                 return;
1684                         }
1685                         if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1686                                 close_file(fsp,ERROR_CLOSE);
1687                                 reply_nterror(req, NT_STATUS_DISK_FULL);
1688                                 return;
1689                         }
1690                 } else {
1691                         fsp->initial_allocation_size = smb_roundup(fsp->conn, (SMB_BIG_UINT)file_len);
1692                 }
1693         }
1694
1695         /*
1696          * If the caller set the extended oplock request bit
1697          * and we granted one (by whatever means) - set the
1698          * correct bit for extended oplock reply.
1699          */
1700
1701         if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1702                 extended_oplock_granted = True;
1703         }
1704
1705         if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1706                 extended_oplock_granted = True;
1707         }
1708
1709         /* Realloc the size of parameters and data we will return */
1710         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1711                 /* Extended response is 32 more byyes. */
1712                 param_len = 101;
1713         } else {
1714                 param_len = 69;
1715         }
1716         params = nttrans_realloc(ppparams, param_len);
1717         if(params == NULL) {
1718                 reply_doserror(req, ERRDOS, ERRnomem);
1719                 return;
1720         }
1721
1722         p = params;
1723         if (extended_oplock_granted) {
1724                 if (flags & REQUEST_BATCH_OPLOCK) {
1725                         SCVAL(p,0, BATCH_OPLOCK_RETURN);
1726                 } else {
1727                         SCVAL(p,0, EXCLUSIVE_OPLOCK_RETURN);
1728                 }
1729         } else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
1730                 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
1731         } else {
1732                 SCVAL(p,0,NO_OPLOCK_RETURN);
1733         }
1734
1735         p += 2;
1736         SSVAL(p,0,fsp->fnum);
1737         p += 2;
1738         if ((create_disposition == FILE_SUPERSEDE) && (info == FILE_WAS_OVERWRITTEN)) {
1739                 SIVAL(p,0,FILE_WAS_SUPERSEDED);
1740         } else {
1741                 SIVAL(p,0,info);
1742         }
1743         p += 8;
1744
1745         /* Create time. */
1746         c_timespec = get_create_timespec(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
1747         a_timespec = get_atimespec(&sbuf);
1748         m_timespec = get_mtimespec(&sbuf);
1749
1750         if (lp_dos_filetime_resolution(SNUM(conn))) {
1751                 dos_filetime_timespec(&c_timespec);
1752                 dos_filetime_timespec(&a_timespec);
1753                 dos_filetime_timespec(&m_timespec);
1754         }
1755
1756         put_long_date_timespec(p, c_timespec); /* create time. */
1757         p += 8;
1758         put_long_date_timespec(p, a_timespec); /* access time */
1759         p += 8;
1760         put_long_date_timespec(p, m_timespec); /* write time */
1761         p += 8;
1762         put_long_date_timespec(p, m_timespec); /* change time */
1763         p += 8;
1764         SIVAL(p,0,fattr); /* File Attributes. */
1765         p += 4;
1766         SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf));
1767         p += 8;
1768         SOFF_T(p,0,file_len);
1769         p += 8;
1770         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1771                 SSVAL(p,2,0x7);
1772         }
1773         p += 4;
1774         SCVAL(p,0,fsp->is_directory ? 1 : 0);
1775
1776         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1777                 uint32 perms = 0;
1778                 p += 25;
1779                 if (fsp->is_directory || can_write_to_file(conn, fname, &sbuf)) {
1780                         perms = FILE_GENERIC_ALL;
1781                 } else {
1782                         perms = FILE_GENERIC_READ|FILE_EXECUTE;
1783                 }
1784                 SIVAL(p,0,perms);
1785         }
1786
1787         DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
1788
1789         /* Send the required number of replies */
1790         send_nt_replies(req, NT_STATUS_OK, params, param_len, *ppdata, 0);
1791
1792         return;
1793 }
1794
1795 /****************************************************************************
1796  Reply to a NT CANCEL request.
1797  conn POINTER CAN BE NULL HERE !
1798 ****************************************************************************/
1799
1800 void reply_ntcancel(connection_struct *conn, struct smb_request *req)
1801 {
1802         /*
1803          * Go through and cancel any pending change notifies.
1804          */
1805
1806         START_PROFILE(SMBntcancel);
1807         remove_pending_change_notify_requests_by_mid(req->mid);
1808         remove_pending_lock_requests_by_mid(req->mid);
1809         srv_cancel_sign_response(req->mid);
1810
1811         DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid));
1812
1813         END_PROFILE(SMBntcancel);
1814         return;
1815 }
1816
1817 /****************************************************************************
1818  Copy a file.
1819 ****************************************************************************/
1820
1821 static NTSTATUS copy_internals(connection_struct *conn,
1822                                struct smb_request *req,
1823                                const char *oldname_in,
1824                                const char *newname_in,
1825                                uint32 attrs)
1826 {
1827         SMB_STRUCT_STAT sbuf1, sbuf2;
1828         char *oldname = NULL;
1829         char *newname = NULL;
1830         char *last_component_oldname = NULL;
1831         char *last_component_newname = NULL;
1832         files_struct *fsp1,*fsp2;
1833         uint32 fattr;
1834         int info;
1835         SMB_OFF_T ret=-1;
1836         NTSTATUS status = NT_STATUS_OK;
1837
1838         ZERO_STRUCT(sbuf1);
1839         ZERO_STRUCT(sbuf2);
1840
1841         if (!CAN_WRITE(conn)) {
1842                 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1843         }
1844
1845         status = unix_convert(conn, oldname_in, False, &oldname,
1846                         &last_component_oldname, &sbuf1);
1847         if (!NT_STATUS_IS_OK(status)) {
1848                 return status;
1849         }
1850
1851         status = check_name(conn, oldname);
1852         if (!NT_STATUS_IS_OK(status)) {
1853                 return status;
1854         }
1855
1856         /* Source must already exist. */
1857         if (!VALID_STAT(sbuf1)) {
1858                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1859         }
1860         /* Ensure attributes match. */
1861         fattr = dos_mode(conn,oldname,&sbuf1);
1862         if ((fattr & ~attrs) & (aHIDDEN | aSYSTEM)) {
1863                 return NT_STATUS_NO_SUCH_FILE;
1864         }
1865
1866         status = unix_convert(conn, newname_in, False, &newname,
1867                         &last_component_newname, &sbuf2);
1868         if (!NT_STATUS_IS_OK(status)) {
1869                 return status;
1870         }
1871
1872         status = check_name(conn, newname);
1873         if (!NT_STATUS_IS_OK(status)) {
1874                 return status;
1875         }
1876
1877         /* Disallow if newname already exists. */
1878         if (VALID_STAT(sbuf2)) {
1879                 return NT_STATUS_OBJECT_NAME_COLLISION;
1880         }
1881
1882         /* No links from a directory. */
1883         if (S_ISDIR(sbuf1.st_mode)) {
1884                 return NT_STATUS_FILE_IS_A_DIRECTORY;
1885         }
1886
1887         /* Ensure this is within the share. */
1888         status = check_reduced_name(conn, oldname);
1889         if (!NT_STATUS_IS_OK(status)) {
1890                 return status;
1891         }
1892
1893         DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1894                                 oldname, newname));
1895
1896         status = open_file_ntcreate(conn, req, oldname, &sbuf1,
1897                         FILE_READ_DATA, /* Read-only. */
1898                         FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
1899                         FILE_OPEN,
1900                         0, /* No create options. */
1901                         FILE_ATTRIBUTE_NORMAL,
1902                         NO_OPLOCK,
1903                         &info, &fsp1);
1904
1905         if (!NT_STATUS_IS_OK(status)) {
1906                 return status;
1907         }
1908
1909         status = open_file_ntcreate(conn, req, newname, &sbuf2,
1910                         FILE_WRITE_DATA, /* Read-only. */
1911                         FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
1912                         FILE_CREATE,
1913                         0, /* No create options. */
1914                         fattr,
1915                         NO_OPLOCK,
1916                         &info, &fsp2);
1917
1918         if (!NT_STATUS_IS_OK(status)) {
1919                 close_file(fsp1,ERROR_CLOSE);
1920                 return status;
1921         }
1922
1923         if (sbuf1.st_size) {
1924                 ret = vfs_transfer_file(fsp1, fsp2, sbuf1.st_size);
1925         }
1926
1927         /*
1928          * As we are opening fsp1 read-only we only expect
1929          * an error on close on fsp2 if we are out of space.
1930          * Thus we don't look at the error return from the
1931          * close of fsp1.
1932          */
1933         close_file(fsp1,NORMAL_CLOSE);
1934
1935         /* Ensure the modtime is set correctly on the destination file. */
1936         fsp_set_pending_modtime(fsp2, get_mtimespec(&sbuf1));
1937
1938         status = close_file(fsp2,NORMAL_CLOSE);
1939
1940         /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it
1941            creates the file. This isn't the correct thing to do in the copy
1942            case. JRA */
1943         file_set_dosmode(conn, newname, fattr, &sbuf2,
1944                          parent_dirname(newname));
1945
1946         if (ret < (SMB_OFF_T)sbuf1.st_size) {
1947                 return NT_STATUS_DISK_FULL;
1948         }
1949
1950         if (!NT_STATUS_IS_OK(status)) {
1951                 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1952                         nt_errstr(status), oldname, newname));
1953         }
1954         return status;
1955 }
1956
1957 /****************************************************************************
1958  Reply to a NT rename request.
1959 ****************************************************************************/
1960
1961 void reply_ntrename(connection_struct *conn, struct smb_request *req)
1962 {
1963         char *oldname = NULL;
1964         char *newname = NULL;
1965         char *p;
1966         NTSTATUS status;
1967         BOOL src_has_wcard = False;
1968         BOOL dest_has_wcard = False;
1969         uint32 attrs;
1970         uint16 rename_type;
1971         TALLOC_CTX *ctx = talloc_tos();
1972
1973         START_PROFILE(SMBntrename);
1974
1975         if (req->wct < 4) {
1976                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1977                 END_PROFILE(SMBntrename);
1978                 return;
1979         }
1980
1981         attrs = SVAL(req->inbuf,smb_vwv0);
1982         rename_type = SVAL(req->inbuf,smb_vwv1);
1983
1984         p = smb_buf(req->inbuf) + 1;
1985         p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &oldname, p,
1986                                    0, STR_TERMINATE, &status,
1987                                    &src_has_wcard);
1988         if (!NT_STATUS_IS_OK(status)) {
1989                 reply_nterror(req, status);
1990                 END_PROFILE(SMBntrename);
1991                 return;
1992         }
1993
1994         if( is_ntfs_stream_name(oldname)) {
1995                 /* Can't rename a stream. */
1996                 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1997                 END_PROFILE(SMBntrename);
1998                 return;
1999         }
2000
2001         if (ms_has_wild(oldname)) {
2002                 reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
2003                 END_PROFILE(SMBntrename);
2004                 return;
2005         }
2006
2007         p++;
2008         p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
2009                                    0, STR_TERMINATE, &status,
2010                                    &dest_has_wcard);
2011         if (!NT_STATUS_IS_OK(status)) {
2012                 reply_nterror(req, status);
2013                 END_PROFILE(SMBntrename);
2014                 return;
2015         }
2016
2017         status = resolve_dfspath(ctx, conn,
2018                                 req->flags2 & FLAGS2_DFS_PATHNAMES,
2019                                 oldname,
2020                                 &oldname);
2021         if (!NT_STATUS_IS_OK(status)) {
2022                 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2023                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2024                                         ERRSRV, ERRbadpath);
2025                         END_PROFILE(SMBntrename);
2026                         return;
2027                 }
2028                 reply_nterror(req, status);
2029                 END_PROFILE(SMBntrename);
2030                 return;
2031         }
2032
2033         status = resolve_dfspath(ctx, conn,
2034                                 req->flags2 & FLAGS2_DFS_PATHNAMES,
2035                                 newname,
2036                                 &newname);
2037         if (!NT_STATUS_IS_OK(status)) {
2038                 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2039                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2040                                         ERRSRV, ERRbadpath);
2041                         END_PROFILE(SMBntrename);
2042                         return;
2043                 }
2044                 reply_nterror(req, status);
2045                 END_PROFILE(SMBntrename);
2046                 return;
2047         }
2048
2049         DEBUG(3,("reply_ntrename : %s -> %s\n",oldname,newname));
2050
2051         switch(rename_type) {
2052                 case RENAME_FLAG_RENAME:
2053                         status = rename_internals(ctx, conn, req, oldname,
2054                                         newname, attrs, False, src_has_wcard,
2055                                         dest_has_wcard);
2056                         break;
2057                 case RENAME_FLAG_HARD_LINK:
2058                         if (src_has_wcard || dest_has_wcard) {
2059                                 /* No wildcards. */
2060                                 status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
2061                         } else {
2062                                 status = hardlink_internals(conn,
2063                                                 oldname,
2064                                                 newname);
2065                         }
2066                         break;
2067                 case RENAME_FLAG_COPY:
2068                         if (src_has_wcard || dest_has_wcard) {
2069                                 /* No wildcards. */
2070                                 status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
2071                         } else {
2072                                 status = copy_internals(conn, req, oldname,
2073                                                         newname, attrs);
2074                         }
2075                         break;
2076                 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
2077                         status = NT_STATUS_INVALID_PARAMETER;
2078                         break;
2079                 default:
2080                         status = NT_STATUS_ACCESS_DENIED; /* Default error. */
2081                         break;
2082         }
2083
2084         if (!NT_STATUS_IS_OK(status)) {
2085                 if (open_was_deferred(req->mid)) {
2086                         /* We have re-scheduled this call. */
2087                         END_PROFILE(SMBntrename);
2088                         return;
2089                 }
2090
2091                 reply_nterror(req, status);
2092                 END_PROFILE(SMBntrename);
2093                 return;
2094         }
2095
2096         reply_outbuf(req, 0, 0);
2097
2098         END_PROFILE(SMBntrename);
2099         return;
2100 }
2101
2102 /****************************************************************************
2103  Reply to a notify change - queue the request and
2104  don't allow a directory to be opened.
2105 ****************************************************************************/
2106
2107 static void call_nt_transact_notify_change(connection_struct *conn,
2108                                            struct smb_request *req,
2109                                            uint16 **ppsetup,
2110                                            uint32 setup_count,
2111                                            char **ppparams,
2112                                            uint32 parameter_count,
2113                                            char **ppdata, uint32 data_count,
2114                                            uint32 max_data_count,
2115                                            uint32 max_param_count)
2116 {
2117         uint16 *setup = *ppsetup;
2118         files_struct *fsp;
2119         uint32 filter;
2120         NTSTATUS status;
2121         BOOL recursive;
2122
2123         if(setup_count < 6) {
2124                 reply_doserror(req, ERRDOS, ERRbadfunc);
2125                 return;
2126         }
2127
2128         fsp = file_fsp(SVAL(setup,4));
2129         filter = IVAL(setup, 0);
2130         recursive = (SVAL(setup, 6) != 0) ? True : False;
2131
2132         DEBUG(3,("call_nt_transact_notify_change\n"));
2133
2134         if(!fsp) {
2135                 reply_doserror(req, ERRDOS, ERRbadfid);
2136                 return;
2137         }
2138
2139         {
2140                 char *filter_string;
2141
2142                 if (!(filter_string = notify_filter_string(NULL, filter))) {
2143                         reply_nterror(req,NT_STATUS_NO_MEMORY);
2144                         return;
2145                 }
2146
2147                 DEBUG(3,("call_nt_transact_notify_change: notify change "
2148                          "called on %s, filter = %s, recursive = %d\n",
2149                          fsp->fsp_name, filter_string, recursive));
2150
2151                 TALLOC_FREE(filter_string);
2152         }
2153
2154         if((!fsp->is_directory) || (conn != fsp->conn)) {
2155                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2156                 return;
2157         }
2158
2159         if (fsp->notify == NULL) {
2160
2161                 status = change_notify_create(fsp, filter, recursive);
2162
2163                 if (!NT_STATUS_IS_OK(status)) {
2164                         DEBUG(10, ("change_notify_create returned %s\n",
2165                                    nt_errstr(status)));
2166                         reply_nterror(req, status);
2167                         return;
2168                 }
2169         }
2170
2171         if (fsp->notify->num_changes != 0) {
2172
2173                 /*
2174                  * We've got changes pending, respond immediately
2175                  */
2176
2177                 /*
2178                  * TODO: write a torture test to check the filtering behaviour
2179                  * here.
2180                  */
2181
2182                 change_notify_reply(req->inbuf, max_param_count, fsp->notify);
2183
2184                 /*
2185                  * change_notify_reply() above has independently sent its
2186                  * results
2187                  */
2188                 return;
2189         }
2190
2191         /*
2192          * No changes pending, queue the request
2193          */
2194
2195         status = change_notify_add_request(req->inbuf, max_param_count, filter,
2196                         recursive, fsp);
2197         if (!NT_STATUS_IS_OK(status)) {
2198                 reply_nterror(req, status);
2199         }
2200         return;
2201 }
2202
2203 /****************************************************************************
2204  Reply to an NT transact rename command.
2205 ****************************************************************************/
2206
2207 static void call_nt_transact_rename(connection_struct *conn,
2208                                     struct smb_request *req,
2209                                     uint16 **ppsetup, uint32 setup_count,
2210                                     char **ppparams, uint32 parameter_count,
2211                                     char **ppdata, uint32 data_count,
2212                                     uint32 max_data_count)
2213 {
2214         char *params = *ppparams;
2215         char *new_name = NULL;
2216         files_struct *fsp = NULL;
2217         BOOL replace_if_exists = False;
2218         BOOL dest_has_wcard = False;
2219         NTSTATUS status;
2220         TALLOC_CTX *ctx = talloc_tos();
2221
2222         if(parameter_count < 5) {
2223                 reply_doserror(req, ERRDOS, ERRbadfunc);
2224                 return;
2225         }
2226
2227         fsp = file_fsp(SVAL(params, 0));
2228         replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
2229         if (!check_fsp(conn, req, fsp, &current_user)) {
2230                 return;
2231         }
2232         srvstr_get_path_wcard(ctx, params, req->flags2, &new_name, params+4,
2233                               parameter_count - 4,
2234                               STR_TERMINATE, &status, &dest_has_wcard);
2235         if (!NT_STATUS_IS_OK(status)) {
2236                 reply_nterror(req, status);
2237                 return;
2238         }
2239
2240         status = rename_internals(ctx,
2241                         conn,
2242                         req,
2243                         fsp->fsp_name,
2244                         new_name,
2245                         0,
2246                         replace_if_exists,
2247                         False,
2248                         dest_has_wcard);
2249
2250         if (!NT_STATUS_IS_OK(status)) {
2251                 if (open_was_deferred(req->mid)) {
2252                         /* We have re-scheduled this call. */
2253                         return;
2254                 }
2255                 reply_nterror(req, status);
2256                 return;
2257         }
2258
2259         /*
2260          * Rename was successful.
2261          */
2262         send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
2263
2264         DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
2265                  fsp->fsp_name, new_name));
2266
2267         return;
2268 }
2269
2270 /******************************************************************************
2271  Fake up a completely empty SD.
2272 *******************************************************************************/
2273
2274 static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
2275 {
2276         size_t sd_size;
2277
2278         *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
2279         if(!*ppsd) {
2280                 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
2281                 sd_size = 0;
2282         }
2283
2284         return sd_size;
2285 }
2286
2287 /****************************************************************************
2288  Reply to query a security descriptor.
2289 ****************************************************************************/
2290
2291 static void call_nt_transact_query_security_desc(connection_struct *conn,
2292                                                  struct smb_request *req,
2293                                                  uint16 **ppsetup,
2294                                                  uint32 setup_count,
2295                                                  char **ppparams,
2296                                                  uint32 parameter_count,
2297                                                  char **ppdata,
2298                                                  uint32 data_count,
2299                                                  uint32 max_data_count)
2300 {
2301         char *params = *ppparams;
2302         char *data = *ppdata;
2303         prs_struct pd;
2304         SEC_DESC *psd = NULL;
2305         size_t sd_size;
2306         uint32 security_info_wanted;
2307         TALLOC_CTX *mem_ctx;
2308         files_struct *fsp = NULL;
2309
2310         if(parameter_count < 8) {
2311                 reply_doserror(req, ERRDOS, ERRbadfunc);
2312                 return;
2313         }
2314
2315         fsp = file_fsp(SVAL(params,0));
2316         if(!fsp) {
2317                 reply_doserror(req, ERRDOS, ERRbadfid);
2318                 return;
2319         }
2320
2321         security_info_wanted = IVAL(params,4);
2322
2323         DEBUG(3,("call_nt_transact_query_security_desc: file = %s, info_wanted = 0x%x\n", fsp->fsp_name,
2324                         (unsigned int)security_info_wanted ));
2325
2326         params = nttrans_realloc(ppparams, 4);
2327         if(params == NULL) {
2328                 reply_doserror(req, ERRDOS, ERRnomem);
2329                 return;
2330         }
2331
2332         if ((mem_ctx = talloc_init("call_nt_transact_query_security_desc")) == NULL) {
2333                 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
2334                 reply_doserror(req, ERRDOS, ERRnomem);
2335                 return;
2336         }
2337
2338         /*
2339          * Get the permissions to return.
2340          */
2341
2342         if (!lp_nt_acl_support(SNUM(conn))) {
2343                 sd_size = get_null_nt_acl(mem_ctx, &psd);
2344         } else {
2345                 sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd);
2346         }
2347
2348         if (sd_size == 0) {
2349                 talloc_destroy(mem_ctx);
2350                 reply_unixerror(req, ERRDOS, ERRnoaccess);
2351                 return;
2352         }
2353
2354         DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
2355
2356         SIVAL(params,0,(uint32)sd_size);
2357
2358         if(max_data_count < sd_size) {
2359
2360                 send_nt_replies(req, NT_STATUS_BUFFER_TOO_SMALL,
2361                                 params, 4, *ppdata, 0);
2362                 talloc_destroy(mem_ctx);
2363                 return;
2364         }
2365
2366         /*
2367          * Allocate the data we will point this at.
2368          */
2369
2370         data = nttrans_realloc(ppdata, sd_size);
2371         if(data == NULL) {
2372                 talloc_destroy(mem_ctx);
2373                 reply_doserror(req, ERRDOS, ERRnomem);
2374                 return;
2375         }
2376
2377         /*
2378          * Init the parse struct we will marshall into.
2379          */
2380
2381         prs_init(&pd, 0, mem_ctx, MARSHALL);
2382
2383         /*
2384          * Setup the prs_struct to point at the memory we just
2385          * allocated.
2386          */
2387
2388         prs_give_memory( &pd, data, (uint32)sd_size, False);
2389
2390         /*
2391          * Finally, linearize into the outgoing buffer.
2392          */
2393
2394         if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
2395                 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
2396 security descriptor.\n"));
2397                 /*
2398                  * Return access denied for want of a better error message..
2399                  */
2400                 talloc_destroy(mem_ctx);
2401                 reply_unixerror(req, ERRDOS, ERRnoaccess);
2402                 return;
2403         }
2404
2405         /*
2406          * Now we can delete the security descriptor.
2407          */
2408
2409         talloc_destroy(mem_ctx);
2410
2411         send_nt_replies(req, NT_STATUS_OK, params, 4, data, (int)sd_size);
2412         return;
2413 }
2414
2415 /****************************************************************************
2416  Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2417 ****************************************************************************/
2418
2419 static void call_nt_transact_set_security_desc(connection_struct *conn,
2420                                                struct smb_request *req,
2421                                                uint16 **ppsetup,
2422                                                uint32 setup_count,
2423                                                char **ppparams,
2424                                                uint32 parameter_count,
2425                                                char **ppdata,
2426                                                uint32 data_count,
2427                                                uint32 max_data_count)
2428 {
2429         char *params= *ppparams;
2430         char *data = *ppdata;
2431         files_struct *fsp = NULL;
2432         uint32 security_info_sent = 0;
2433         NTSTATUS nt_status;
2434
2435         if(parameter_count < 8) {
2436                 reply_doserror(req, ERRDOS, ERRbadfunc);
2437                 return;
2438         }
2439
2440         if((fsp = file_fsp(SVAL(params,0))) == NULL) {
2441                 reply_doserror(req, ERRDOS, ERRbadfid);
2442                 return;
2443         }
2444
2445         if(!lp_nt_acl_support(SNUM(conn))) {
2446                 goto done;
2447         }
2448
2449         security_info_sent = IVAL(params,4);
2450
2451         DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
2452                 (unsigned int)security_info_sent ));
2453
2454         if (data_count == 0) {
2455                 reply_doserror(req, ERRDOS, ERRnoaccess);
2456                 return;
2457         }
2458
2459         if (!NT_STATUS_IS_OK(nt_status = set_sd( fsp, data, data_count, security_info_sent))) {
2460                 reply_nterror(req, nt_status);
2461                 return;
2462         }
2463
2464   done:
2465
2466         send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
2467         return;
2468 }
2469
2470 /****************************************************************************
2471  Reply to NT IOCTL
2472 ****************************************************************************/
2473
2474 static void call_nt_transact_ioctl(connection_struct *conn,
2475                                    struct smb_request *req,
2476                                    uint16 **ppsetup, uint32 setup_count,
2477                                    char **ppparams, uint32 parameter_count,
2478                                    char **ppdata, uint32 data_count,
2479                                    uint32 max_data_count)
2480 {
2481         uint32 function;
2482         uint16 fidnum;
2483         files_struct *fsp;
2484         uint8 isFSctl;
2485         uint8 compfilter;
2486         static BOOL logged_message;
2487         char *pdata = *ppdata;
2488
2489         if (setup_count != 8) {
2490                 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count));
2491                 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
2492                 return;
2493         }
2494
2495         function = IVAL(*ppsetup, 0);
2496         fidnum = SVAL(*ppsetup, 4);
2497         isFSctl = CVAL(*ppsetup, 6);
2498         compfilter = CVAL(*ppsetup, 7);
2499
2500         DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n", 
2501                  function, fidnum, isFSctl, compfilter));
2502
2503         fsp=file_fsp(fidnum);
2504         /* this check is done in each implemented function case for now
2505            because I don't want to break anything... --metze
2506         FSP_BELONGS_CONN(fsp,conn);*/
2507
2508         switch (function) {
2509         case FSCTL_SET_SPARSE:
2510                 /* pretend this succeeded - tho strictly we should
2511                    mark the file sparse (if the local fs supports it)
2512                    so we can know if we need to pre-allocate or not */
2513
2514                 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum));
2515                 send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
2516                 return;
2517
2518         case FSCTL_CREATE_OR_GET_OBJECT_ID:
2519         {
2520                 unsigned char objid[16];
2521
2522                 /* This should return the object-id on this file.
2523                  * I think I'll make this be the inode+dev. JRA.
2524                  */
2525
2526                 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum));
2527
2528                 if (!fsp_belongs_conn(conn, req, fsp, &current_user)) {
2529                         return;
2530                 }
2531
2532                 data_count = 64;
2533                 pdata = nttrans_realloc(ppdata, data_count);
2534                 if (pdata == NULL) {
2535                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2536                         return;
2537                 }
2538                 push_file_id_16(pdata, &fsp->file_id);
2539                 memcpy(pdata+16,create_volume_objectid(conn,objid),16);
2540                 push_file_id_16(pdata+32, &fsp->file_id);
2541                 send_nt_replies(req, NT_STATUS_OK, NULL, 0,
2542                                 pdata, data_count);
2543                 return;
2544         }
2545
2546         case FSCTL_GET_REPARSE_POINT:
2547                 /* pretend this fail - my winXP does it like this
2548                  * --metze
2549                  */
2550
2551                 DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
2552                 reply_nterror(req, NT_STATUS_NOT_A_REPARSE_POINT);
2553                 return;
2554
2555         case FSCTL_SET_REPARSE_POINT:
2556                 /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case.
2557                  * --metze
2558                  */
2559
2560                 DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
2561                 reply_nterror(req, NT_STATUS_NOT_A_REPARSE_POINT);
2562                 return;
2563
2564         case FSCTL_GET_SHADOW_COPY_DATA: /* don't know if this name is right...*/
2565         {
2566                 /*
2567                  * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
2568                  * and return their volume names.  If max_data_count is 16, then it is just
2569                  * asking for the number of volumes and length of the combined names.
2570                  *
2571                  * pdata is the data allocated by our caller, but that uses
2572                  * total_data_count (which is 0 in our case) rather than max_data_count.
2573                  * Allocate the correct amount and return the pointer to let
2574                  * it be deallocated when we return.
2575                  */
2576                 SHADOW_COPY_DATA *shadow_data = NULL;
2577                 TALLOC_CTX *shadow_mem_ctx = NULL;
2578                 BOOL labels = False;
2579                 uint32 labels_data_count = 0;
2580                 uint32 i;
2581                 char *cur_pdata;
2582
2583                 if (!fsp_belongs_conn(conn, req, fsp, &current_user)) {
2584                         return;
2585                 }
2586
2587                 if (max_data_count < 16) {
2588                         DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
2589                                 max_data_count));
2590                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2591                         return;
2592                 }
2593
2594                 if (max_data_count > 16) {
2595                         labels = True;
2596                 }
2597
2598                 shadow_mem_ctx = talloc_init("SHADOW_COPY_DATA");
2599                 if (shadow_mem_ctx == NULL) {
2600                         DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
2601                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2602                         return;
2603                 }
2604
2605                 shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
2606                 if (shadow_data == NULL) {
2607                         DEBUG(0,("TALLOC_ZERO() failed!\n"));
2608                         talloc_destroy(shadow_mem_ctx);
2609                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2610                         return;
2611                 }
2612
2613                 shadow_data->mem_ctx = shadow_mem_ctx;
2614
2615                 /*
2616                  * Call the VFS routine to actually do the work.
2617                  */
2618                 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) {
2619                         talloc_destroy(shadow_data->mem_ctx);
2620                         if (errno == ENOSYS) {
2621                                 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n", 
2622                                         conn->connectpath));
2623                                 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
2624                                 return;
2625                         } else {
2626                                 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n", 
2627                                         conn->connectpath));
2628                                 reply_nterror(req, NT_STATUS_UNSUCCESSFUL);
2629                                 return;
2630                         }
2631                 }
2632
2633                 labels_data_count = (shadow_data->num_volumes*2*sizeof(SHADOW_COPY_LABEL))+2;
2634
2635                 if (!labels) {
2636                         data_count = 16;
2637                 } else {
2638                         data_count = 12+labels_data_count+4;
2639                 }
2640
2641                 if (max_data_count<data_count) {
2642                         DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
2643                                 max_data_count,data_count));
2644                         talloc_destroy(shadow_data->mem_ctx);
2645                         reply_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
2646                         return;
2647                 }
2648
2649                 pdata = nttrans_realloc(ppdata, data_count);
2650                 if (pdata == NULL) {
2651                         talloc_destroy(shadow_data->mem_ctx);
2652                         reply_nterror(req, NT_STATUS_NO_MEMORY);
2653                         return;
2654                 }
2655
2656                 cur_pdata = pdata;
2657
2658                 /* num_volumes 4 bytes */
2659                 SIVAL(pdata,0,shadow_data->num_volumes);
2660
2661                 if (labels) {
2662                         /* num_labels 4 bytes */
2663                         SIVAL(pdata,4,shadow_data->num_volumes);
2664                 }
2665
2666                 /* needed_data_count 4 bytes */
2667                 SIVAL(pdata,8,labels_data_count);
2668
2669                 cur_pdata+=12;
2670
2671                 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
2672                         shadow_data->num_volumes,fsp->fsp_name));
2673                 if (labels && shadow_data->labels) {
2674                         for (i=0;i<shadow_data->num_volumes;i++) {
2675                                 srvstr_push(pdata, req->flags2,
2676                                             cur_pdata, shadow_data->labels[i],
2677                                             2*sizeof(SHADOW_COPY_LABEL),
2678                                             STR_UNICODE|STR_TERMINATE);
2679                                 cur_pdata+=2*sizeof(SHADOW_COPY_LABEL);
2680                                 DEBUGADD(10,("Label[%u]: '%s'\n",i,shadow_data->labels[i]));
2681                         }
2682                 }
2683
2684                 talloc_destroy(shadow_data->mem_ctx);
2685
2686                 send_nt_replies(req, NT_STATUS_OK, NULL, 0,
2687                                 pdata, data_count);
2688
2689                 return;
2690         }
2691
2692         case FSCTL_FIND_FILES_BY_SID: /* I hope this name is right */
2693         {
2694                 /* pretend this succeeded -
2695                  *
2696                  * we have to send back a list with all files owned by this SID
2697                  *
2698                  * but I have to check that --metze
2699                  */
2700                 DOM_SID sid;
2701                 uid_t uid;
2702                 size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
2703
2704                 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
2705
2706                 if (!fsp_belongs_conn(conn, req, fsp, &current_user)) {
2707                         return;
2708                 }
2709
2710                 /* unknown 4 bytes: this is not the length of the sid :-(  */
2711                 /*unknown = IVAL(pdata,0);*/
2712
2713                 sid_parse(pdata+4,sid_len,&sid);
2714                 DEBUGADD(10,("for SID: %s\n",sid_string_static(&sid)));
2715
2716                 if (!sid_to_uid(&sid, &uid)) {
2717                         DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2718                                 sid_string_static(&sid),(unsigned long)sid_len));
2719                         uid = (-1);
2720                 }
2721
2722                 /* we can take a look at the find source :-)
2723                  *
2724                  * find ./ -uid $uid  -name '*'   is what we need here
2725                  *
2726                  *
2727                  * and send 4bytes len and then NULL terminated unicode strings
2728                  * for each file
2729                  *
2730                  * but I don't know how to deal with the paged results
2731                  * (maybe we can hang the result anywhere in the fsp struct)
2732                  *
2733                  * we don't send all files at once
2734                  * and at the next we should *not* start from the beginning,
2735                  * so we have to cache the result
2736                  *
2737                  * --metze
2738                  */
2739
2740                 /* this works for now... */
2741                 send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
2742                 return;
2743         }
2744         default:
2745                 if (!logged_message) {
2746                         logged_message = True; /* Only print this once... */
2747                         DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n",
2748                                  function));
2749                 }
2750         }
2751
2752         reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
2753 }
2754
2755
2756 #ifdef HAVE_SYS_QUOTAS
2757 /****************************************************************************
2758  Reply to get user quota
2759 ****************************************************************************/
2760
2761 static void call_nt_transact_get_user_quota(connection_struct *conn,
2762                                             struct smb_request *req,
2763                                             uint16 **ppsetup,
2764                                             uint32 setup_count,
2765                                             char **ppparams,
2766                                             uint32 parameter_count,
2767                                             char **ppdata,
2768                                             uint32 data_count,
2769                                             uint32 max_data_count)
2770 {
2771         NTSTATUS nt_status = NT_STATUS_OK;
2772         char *params = *ppparams;
2773         char *pdata = *ppdata;
2774         char *entry;
2775         int data_len=0,param_len=0;
2776         int qt_len=0;
2777         int entry_len = 0;
2778         files_struct *fsp = NULL;
2779         uint16 level = 0;
2780         size_t sid_len;
2781         DOM_SID sid;
2782         BOOL start_enum = True;
2783         SMB_NTQUOTA_STRUCT qt;
2784         SMB_NTQUOTA_LIST *tmp_list;
2785         SMB_NTQUOTA_HANDLE *qt_handle = NULL;
2786
2787         ZERO_STRUCT(qt);
2788
2789         /* access check */
2790         if (current_user.ut.uid != 0) {
2791                 DEBUG(1,("get_user_quota: access_denied service [%s] user [%s]\n",
2792                         lp_servicename(SNUM(conn)),conn->user));
2793                 reply_doserror(req, ERRDOS, ERRnoaccess);
2794                 return;
2795         }
2796
2797         /*
2798          * Ensure minimum number of parameters sent.
2799          */
2800
2801         if (parameter_count < 4) {
2802                 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count));
2803                 reply_doserror(req, ERRDOS, ERRinvalidparam);
2804                 return;
2805         }
2806
2807         /* maybe we can check the quota_fnum */
2808         fsp = file_fsp(SVAL(params,0));
2809         if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
2810                 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2811                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
2812                 return;
2813         }
2814
2815         /* the NULL pointer checking for fsp->fake_file_handle->pd
2816          * is done by CHECK_NTQUOTA_HANDLE_OK()
2817          */
2818         qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->pd;
2819
2820         level = SVAL(params,2);
2821
2822         /* unknown 12 bytes leading in params */
2823
2824         switch (level) {
2825                 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE:
2826                         /* seems that we should continue with the enum here --metze */
2827
2828                         if (qt_handle->quota_list!=NULL &&
2829                             qt_handle->tmp_list==NULL) {
2830
2831                                 /* free the list */
2832                                 free_ntquota_list(&(qt_handle->quota_list));
2833
2834                                 /* Realloc the size of parameters and data we will return */
2835                                 param_len = 4;
2836                                 params = nttrans_realloc(ppparams, param_len);
2837                                 if(params == NULL) {
2838                                         reply_doserror(req, ERRDOS, ERRnomem);
2839                                         return;
2840                                 }
2841
2842                                 data_len = 0;
2843                                 SIVAL(params,0,data_len);
2844
2845                                 break;
2846                         }
2847
2848                         start_enum = False;
2849
2850                 case TRANSACT_GET_USER_QUOTA_LIST_START:
2851
2852                         if (qt_handle->quota_list==NULL &&
2853                                 qt_handle->tmp_list==NULL) {
2854                                 start_enum = True;
2855                         }
2856
2857                         if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0) {
2858                                 reply_doserror(req, ERRSRV, ERRerror);
2859                                 return;
2860                         }
2861
2862                         /* Realloc the size of parameters and data we will return */
2863                         param_len = 4;
2864                         params = nttrans_realloc(ppparams, param_len);
2865                         if(params == NULL) {
2866                                 reply_doserror(req, ERRDOS, ERRnomem);
2867                                 return;
2868                         }
2869
2870                         /* we should not trust the value in max_data_count*/
2871                         max_data_count = MIN(max_data_count,2048);
2872
2873                         pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
2874                         if(pdata == NULL) {
2875                                 reply_doserror(req, ERRDOS, ERRnomem);
2876                                 return;
2877                         }
2878
2879                         entry = pdata;
2880
2881                         /* set params Size of returned Quota Data 4 bytes*/
2882                         /* but set it later when we know it */
2883
2884                         /* for each entry push the data */
2885
2886                         if (start_enum) {
2887                                 qt_handle->tmp_list = qt_handle->quota_list;
2888                         }
2889
2890                         tmp_list = qt_handle->tmp_list;
2891
2892                         for (;((tmp_list!=NULL)&&((qt_len +40+SID_MAX_SIZE)<max_data_count));
2893                                 tmp_list=tmp_list->next,entry+=entry_len,qt_len+=entry_len) {
2894
2895                                 sid_len = sid_size(&tmp_list->quotas->sid);
2896                                 entry_len = 40 + sid_len;
2897
2898                                 /* nextoffset entry 4 bytes */
2899                                 SIVAL(entry,0,entry_len);
2900
2901                                 /* then the len of the SID 4 bytes */
2902                                 SIVAL(entry,4,sid_len);
2903
2904                                 /* unknown data 8 bytes SMB_BIG_UINT */
2905                                 SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-metze*/
2906
2907                                 /* the used disk space 8 bytes SMB_BIG_UINT */
2908                                 SBIG_UINT(entry,16,tmp_list->quotas->usedspace);
2909
2910                                 /* the soft quotas 8 bytes SMB_BIG_UINT */
2911                                 SBIG_UINT(entry,24,tmp_list->quotas->softlim);
2912
2913                                 /* the hard quotas 8 bytes SMB_BIG_UINT */
2914                                 SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
2915
2916                                 /* and now the SID */
2917                                 sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
2918                         }
2919
2920                         qt_handle->tmp_list = tmp_list;
2921
2922                         /* overwrite the offset of the last entry */
2923                         SIVAL(entry-entry_len,0,0);
2924
2925                         data_len = 4+qt_len;
2926                         /* overwrite the params quota_data_len */
2927                         SIVAL(params,0,data_len);
2928
2929                         break;
2930
2931                 case TRANSACT_GET_USER_QUOTA_FOR_SID:
2932
2933                         /* unknown 4 bytes IVAL(pdata,0) */
2934
2935                         if (data_count < 8) {
2936                                 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
2937                                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2938                                 return;
2939                         }
2940
2941                         sid_len = IVAL(pdata,4);
2942                         /* Ensure this is less than 1mb. */
2943                         if (sid_len > (1024*1024)) {
2944                                 reply_doserror(req, ERRDOS, ERRnomem);
2945                                 return;
2946                         }
2947
2948                         if (data_count < 8+sid_len) {
2949                                 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
2950                                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2951                                 return;
2952                         }
2953
2954                         data_len = 4+40+sid_len;
2955
2956                         if (max_data_count < data_len) {
2957                                 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2958                                         max_data_count, data_len));
2959                                 param_len = 4;
2960                                 SIVAL(params,0,data_len);
2961                                 data_len = 0;
2962                                 nt_status = NT_STATUS_BUFFER_TOO_SMALL;
2963                                 break;
2964                         }
2965
2966                         sid_parse(pdata+8,sid_len,&sid);
2967
2968                         if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
2969                                 ZERO_STRUCT(qt);
2970                                 /*
2971                                  * we have to return zero's in all fields
2972                                  * instead of returning an error here
2973                                  * --metze
2974                                  */
2975                         }
2976
2977                         /* Realloc the size of parameters and data we will return */
2978                         param_len = 4;
2979                         params = nttrans_realloc(ppparams, param_len);
2980                         if(params == NULL) {
2981                                 reply_doserror(req, ERRDOS, ERRnomem);
2982                                 return;
2983                         }
2984
2985                         pdata = nttrans_realloc(ppdata, data_len);
2986                         if(pdata == NULL) {
2987                                 reply_doserror(req, ERRDOS, ERRnomem);
2988                                 return;
2989                         }
2990
2991                         entry = pdata;
2992
2993                         /* set params Size of returned Quota Data 4 bytes*/
2994                         SIVAL(params,0,data_len);
2995
2996                         /* nextoffset entry 4 bytes */
2997                         SIVAL(entry,0,0);
2998
2999                         /* then the len of the SID 4 bytes */
3000                         SIVAL(entry,4,sid_len);
3001
3002                         /* unknown data 8 bytes SMB_BIG_UINT */
3003                         SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-mezte*/
3004
3005                         /* the used disk space 8 bytes SMB_BIG_UINT */
3006                         SBIG_UINT(entry,16,qt.usedspace);
3007
3008                         /* the soft quotas 8 bytes SMB_BIG_UINT */
3009                         SBIG_UINT(entry,24,qt.softlim);
3010
3011                         /* the hard quotas 8 bytes SMB_BIG_UINT */
3012                         SBIG_UINT(entry,32,qt.hardlim);
3013
3014                         /* and now the SID */
3015                         sid_linearize(entry+40, sid_len, &sid);
3016
3017                         break;
3018
3019                 default:
3020                         DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp->fnum,level));
3021                         reply_doserror(req, ERRSRV, ERRerror);
3022                         return;
3023                         break;
3024         }
3025
3026         send_nt_replies(req, nt_status, params, param_len,
3027                         pdata, data_len);
3028 }
3029
3030 /****************************************************************************
3031  Reply to set user quota
3032 ****************************************************************************/
3033
3034 static void call_nt_transact_set_user_quota(connection_struct *conn,
3035                                             struct smb_request *req,
3036                                             uint16 **ppsetup,
3037                                             uint32 setup_count,
3038                                             char **ppparams,
3039                                             uint32 parameter_count,
3040                                             char **ppdata,
3041                                             uint32 data_count,
3042                                             uint32 max_data_count)
3043 {
3044         char *params = *ppparams;
3045         char *pdata = *ppdata;
3046         int data_len=0,param_len=0;
3047         SMB_NTQUOTA_STRUCT qt;
3048         size_t sid_len;
3049         DOM_SID sid;
3050         files_struct *fsp = NULL;
3051
3052         ZERO_STRUCT(qt);
3053
3054         /* access check */
3055         if (current_user.ut.uid != 0) {
3056                 DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n",
3057                         lp_servicename(SNUM(conn)),conn->user));
3058                 reply_doserror(req, ERRDOS, ERRnoaccess);
3059                 return;
3060         }
3061
3062         /*
3063          * Ensure minimum number of parameters sent.
3064          */
3065
3066         if (parameter_count < 2) {
3067                 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count));
3068                 reply_doserror(req, ERRDOS, ERRinvalidparam);
3069                 return;
3070         }
3071
3072         /* maybe we can check the quota_fnum */
3073         fsp = file_fsp(SVAL(params,0));
3074         if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
3075                 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
3076                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
3077                 return;
3078         }
3079
3080         if (data_count < 40) {
3081                 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40));
3082                 reply_doserror(req, ERRDOS, ERRunknownlevel);
3083                 return;
3084         }
3085
3086         /* offset to next quota record.
3087          * 4 bytes IVAL(pdata,0)
3088          * unused here...
3089          */
3090
3091         /* sid len */
3092         sid_len = IVAL(pdata,4);
3093
3094         if (data_count < 40+sid_len) {