2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2004.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
33 unsigned int smb_echo_count = 0;
34 extern uint32 global_client_caps;
36 extern struct current_user current_user;
37 extern BOOL global_encrypted_passwords_negotiated;
39 /****************************************************************************
40 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
44 ****************************************************************************/
46 NTSTATUS check_path_syntax(pstring destname, const pstring srcname)
49 const char *s = srcname;
50 NTSTATUS ret = NT_STATUS_OK;
51 BOOL start_of_name_component = True;
52 unsigned int num_bad_components = 0;
55 if (IS_DIRECTORY_SEP(*s)) {
57 * Safe to assume is not the second part of a mb char as this is handled below.
59 /* Eat multiple '/' or '\\' */
60 while (IS_DIRECTORY_SEP(*s)) {
63 if ((d != destname) && (*s != '\0')) {
64 /* We only care about non-leading or trailing '/' or '\\' */
68 start_of_name_component = True;
72 if (start_of_name_component) {
73 if ((s[0] == '.') && (s[1] == '.') && (IS_DIRECTORY_SEP(s[2]) || s[2] == '\0')) {
74 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
77 * No mb char starts with '.' so we're safe checking the directory separator here.
80 /* If we just added a '/' - delete it */
81 if ((d > destname) && (*(d-1) == '/')) {
86 /* Are we at the start ? Can't go back further if so. */
88 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
91 /* Go back one level... */
92 /* We know this is safe as '/' cannot be part of a mb sequence. */
93 /* NOTE - if this assumption is invalid we are not in good shape... */
94 /* Decrement d first as d points to the *next* char to write into. */
95 for (d--; d > destname; d--) {
99 s += 2; /* Else go past the .. */
100 /* We're still at the start of a name component, just the previous one. */
102 if (num_bad_components) {
103 /* Hmmm. Should we only decrement the bad_components if
104 we're removing a bad component ? Need to check this. JRA. */
105 num_bad_components--;
110 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_DIRECTORY_SEP(s[1]))) {
111 /* Component of pathname can't be "." only. */
112 ret = NT_STATUS_OBJECT_NAME_INVALID;
113 num_bad_components++;
121 return NT_STATUS_OBJECT_NAME_INVALID;
129 return NT_STATUS_OBJECT_NAME_INVALID;
135 switch(next_mb_char_size(s)) {
146 DEBUG(0,("check_path_syntax: character length assumptions invalid !\n"));
148 return NT_STATUS_INVALID_PARAMETER;
151 if (start_of_name_component && num_bad_components) {
152 num_bad_components++;
154 start_of_name_component = False;
157 if (NT_STATUS_EQUAL(ret, NT_STATUS_OBJECT_NAME_INVALID)) {
158 if (num_bad_components > 1) {
159 ret = NT_STATUS_OBJECT_PATH_NOT_FOUND;
167 /****************************************************************************
168 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
169 path or anything including wildcards.
170 We're assuming here that '/' is not the second byte in any multibyte char
171 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
173 ****************************************************************************/
175 NTSTATUS check_path_syntax_wcard(pstring destname, const pstring srcname, BOOL *p_contains_wcard)
178 const char *s = srcname;
179 NTSTATUS ret = NT_STATUS_OK;
180 BOOL start_of_name_component = True;
181 unsigned int num_bad_components = 0;
183 *p_contains_wcard = False;
186 if (IS_DIRECTORY_SEP(*s)) {
188 * Safe to assume is not the second part of a mb char as this is handled below.
190 /* Eat multiple '/' or '\\' */
191 while (IS_DIRECTORY_SEP(*s)) {
194 if ((d != destname) && (*s != '\0')) {
195 /* We only care about non-leading or trailing '/' or '\\' */
199 start_of_name_component = True;
203 if (start_of_name_component) {
204 if ((s[0] == '.') && (s[1] == '.') && (IS_DIRECTORY_SEP(s[2]) || s[2] == '\0')) {
205 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
208 * No mb char starts with '.' so we're safe checking the directory separator here.
211 /* If we just added a '/' - delete it */
212 if ((d > destname) && (*(d-1) == '/')) {
217 /* Are we at the start ? Can't go back further if so. */
219 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
222 /* Go back one level... */
223 /* We know this is safe as '/' cannot be part of a mb sequence. */
224 /* NOTE - if this assumption is invalid we are not in good shape... */
225 /* Decrement d first as d points to the *next* char to write into. */
226 for (d--; d > destname; d--) {
230 s += 2; /* Else go past the .. */
231 /* We're still at the start of a name component, just the previous one. */
233 if (num_bad_components) {
234 /* Hmmm. Should we only decrement the bad_components if
235 we're removing a bad component ? Need to check this. JRA. */
236 num_bad_components--;
241 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_DIRECTORY_SEP(s[1]))) {
242 /* Component of pathname can't be "." only. */
243 ret = NT_STATUS_OBJECT_NAME_INVALID;
244 num_bad_components++;
252 return NT_STATUS_OBJECT_NAME_INVALID;
254 if (!*p_contains_wcard) {
261 *p_contains_wcard = True;
269 switch(next_mb_char_size(s)) {
283 DEBUG(0,("check_path_syntax_wcard: character length assumptions invalid !\n"));
285 return NT_STATUS_INVALID_PARAMETER;
288 if (start_of_name_component && num_bad_components) {
289 num_bad_components++;
291 start_of_name_component = False;
294 if (NT_STATUS_EQUAL(ret, NT_STATUS_OBJECT_NAME_INVALID)) {
295 /* For some strange reason being called from findfirst changes
296 the num_components number to cause the error return to change. JRA. */
297 if (num_bad_components > 2) {
298 ret = NT_STATUS_OBJECT_PATH_NOT_FOUND;
306 /****************************************************************************
307 Check the path for a POSIX client.
308 We're assuming here that '/' is not the second byte in any multibyte char
309 set (a safe assumption).
310 ****************************************************************************/
312 NTSTATUS check_path_syntax_posix(pstring destname, const pstring srcname)
315 const char *s = srcname;
316 NTSTATUS ret = NT_STATUS_OK;
317 BOOL start_of_name_component = True;
322 * Safe to assume is not the second part of a mb char as this is handled below.
324 /* Eat multiple '/' or '\\' */
328 if ((d != destname) && (*s != '\0')) {
329 /* We only care about non-leading or trailing '/' */
333 start_of_name_component = True;
337 if (start_of_name_component) {
338 if ((s[0] == '.') && (s[1] == '.') && (s[2] == '/' || s[2] == '\0')) {
339 /* Uh oh - "/../" or "/..\0" ! */
342 * No mb char starts with '.' so we're safe checking the directory separator here.
345 /* If we just added a '/' - delete it */
346 if ((d > destname) && (*(d-1) == '/')) {
351 /* Are we at the start ? Can't go back further if so. */
353 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
356 /* Go back one level... */
357 /* We know this is safe as '/' cannot be part of a mb sequence. */
358 /* NOTE - if this assumption is invalid we are not in good shape... */
359 /* Decrement d first as d points to the *next* char to write into. */
360 for (d--; d > destname; d--) {
364 s += 2; /* Else go past the .. */
367 } else if ((s[0] == '.') && ((s[1] == '\0') || (s[1] == '/'))) {
377 switch(next_mb_char_size(s)) {
391 DEBUG(0,("check_path_syntax_posix: character length assumptions invalid !\n"));
393 return NT_STATUS_INVALID_PARAMETER;
396 start_of_name_component = False;
403 /****************************************************************************
404 Pull a string and check the path allowing a wilcard - provide for error return.
405 ****************************************************************************/
407 size_t srvstr_get_path_wcard(char *inbuf, char *dest, const char *src, size_t dest_len, size_t src_len, int flags,
408 NTSTATUS *err, BOOL *contains_wcard)
411 char *tmppath_ptr = tmppath;
414 SMB_ASSERT(dest_len == sizeof(pstring));
418 ret = srvstr_pull_buf( inbuf, tmppath_ptr, src, dest_len, flags);
420 ret = srvstr_pull( inbuf, tmppath_ptr, src, dest_len, src_len, flags);
423 *contains_wcard = False;
425 if (lp_posix_pathnames()) {
426 *err = check_path_syntax_posix(dest, tmppath);
428 *err = check_path_syntax_wcard(dest, tmppath, contains_wcard);
434 /****************************************************************************
435 Pull a string and check the path - provide for error return.
436 ****************************************************************************/
438 size_t srvstr_get_path(char *inbuf, char *dest, const char *src, size_t dest_len, size_t src_len, int flags, NTSTATUS *err)
441 char *tmppath_ptr = tmppath;
444 SMB_ASSERT(dest_len == sizeof(pstring));
448 ret = srvstr_pull_buf( inbuf, tmppath_ptr, src, dest_len, flags);
450 ret = srvstr_pull( inbuf, tmppath_ptr, src, dest_len, src_len, flags);
452 if (lp_posix_pathnames()) {
453 *err = check_path_syntax_posix(dest, tmppath);
455 *err = check_path_syntax(dest, tmppath);
461 /****************************************************************************
462 Reply to a special message.
463 ****************************************************************************/
465 int reply_special(char *inbuf,char *outbuf)
468 int msg_type = CVAL(inbuf,0);
469 int msg_flags = CVAL(inbuf,1);
473 static BOOL already_got_session = False;
477 memset(outbuf,'\0',smb_size);
479 smb_setlen(outbuf,0);
482 case 0x81: /* session request */
484 if (already_got_session) {
485 exit_server("multiple session request not permitted");
488 SCVAL(outbuf,0,0x82);
490 if (name_len(inbuf+4) > 50 ||
491 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
492 DEBUG(0,("Invalid name length in session request\n"));
495 name_extract(inbuf,4,name1);
496 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
497 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
500 set_local_machine_name(name1, True);
501 set_remote_machine_name(name2, True);
503 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
504 get_local_machine_name(), get_remote_machine_name(),
507 if (name_type == 'R') {
508 /* We are being asked for a pathworks session ---
510 SCVAL(outbuf, 0,0x83);
514 /* only add the client's machine name to the list
515 of possibly valid usernames if we are operating
516 in share mode security */
517 if (lp_security() == SEC_SHARE) {
518 add_session_user(get_remote_machine_name());
521 reload_services(True);
524 already_got_session = True;
527 case 0x89: /* session keepalive request
528 (some old clients produce this?) */
529 SCVAL(outbuf,0,SMBkeepalive);
533 case 0x82: /* positive session response */
534 case 0x83: /* negative session response */
535 case 0x84: /* retarget session response */
536 DEBUG(0,("Unexpected session response\n"));
539 case SMBkeepalive: /* session keepalive */
544 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
545 msg_type, msg_flags));
550 /****************************************************************************
552 conn POINTER CAN BE NULL HERE !
553 ****************************************************************************/
555 int reply_tcon(connection_struct *conn,
556 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
563 uint16 vuid = SVAL(inbuf,smb_uid);
567 DATA_BLOB password_blob;
569 START_PROFILE(SMBtcon);
571 *service_buf = *password = *dev = 0;
573 p = smb_buf(inbuf)+1;
574 p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1;
575 pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1;
577 p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1;
579 p = strrchr_m(service_buf,'\\');
583 service = service_buf;
586 password_blob = data_blob(password, pwlen+1);
588 conn = make_connection(service,password_blob,dev,vuid,&nt_status);
590 data_blob_clear_free(&password_blob);
593 END_PROFILE(SMBtcon);
594 return ERROR_NT(nt_status);
597 outsize = set_message(outbuf,2,0,True);
598 SSVAL(outbuf,smb_vwv0,max_recv);
599 SSVAL(outbuf,smb_vwv1,conn->cnum);
600 SSVAL(outbuf,smb_tid,conn->cnum);
602 DEBUG(3,("tcon service=%s cnum=%d\n",
603 service, conn->cnum));
605 END_PROFILE(SMBtcon);
609 /****************************************************************************
610 Reply to a tcon and X.
611 conn POINTER CAN BE NULL HERE !
612 ****************************************************************************/
614 int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
619 /* what the cleint thinks the device is */
620 fstring client_devicetype;
621 /* what the server tells the client the share represents */
622 const char *server_devicetype;
624 uint16 vuid = SVAL(inbuf,smb_uid);
625 int passlen = SVAL(inbuf,smb_vwv3);
629 START_PROFILE(SMBtconX);
631 *service = *client_devicetype = 0;
633 /* we might have to close an old one */
634 if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
635 close_cnum(conn,vuid);
638 if (passlen > MAX_PASS_LEN) {
639 return ERROR_DOS(ERRDOS,ERRbuftoosmall);
642 if (global_encrypted_passwords_negotiated) {
643 password = data_blob(smb_buf(inbuf),passlen);
645 password = data_blob(smb_buf(inbuf),passlen+1);
646 /* Ensure correct termination */
647 password.data[passlen]=0;
650 p = smb_buf(inbuf) + passlen;
651 p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE);
654 * the service name can be either: \\server\share
655 * or share directly like on the DELL PowerVault 705
658 q = strchr_m(path+2,'\\');
660 END_PROFILE(SMBtconX);
661 return(ERROR_DOS(ERRDOS,ERRnosuchshare));
663 fstrcpy(service,q+1);
666 fstrcpy(service,path);
668 p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII);
670 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
672 conn = make_connection(service,password,client_devicetype,vuid,&nt_status);
674 data_blob_clear_free(&password);
677 END_PROFILE(SMBtconX);
678 return ERROR_NT(nt_status);
682 server_devicetype = "IPC";
683 else if ( IS_PRINT(conn) )
684 server_devicetype = "LPT1:";
686 server_devicetype = "A:";
688 if (Protocol < PROTOCOL_NT1) {
689 set_message(outbuf,2,0,True);
691 p += srvstr_push(outbuf, p, server_devicetype, -1,
692 STR_TERMINATE|STR_ASCII);
693 set_message_end(outbuf,p);
695 /* NT sets the fstype of IPC$ to the null string */
696 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
698 set_message(outbuf,3,0,True);
701 p += srvstr_push(outbuf, p, server_devicetype, -1,
702 STR_TERMINATE|STR_ASCII);
703 p += srvstr_push(outbuf, p, fstype, -1,
706 set_message_end(outbuf,p);
708 /* what does setting this bit do? It is set by NT4 and
709 may affect the ability to autorun mounted cdroms */
710 SSVAL(outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
711 (lp_csc_policy(SNUM(conn)) << 2));
713 init_dfsroot(conn, inbuf, outbuf);
717 DEBUG(3,("tconX service=%s \n",
720 /* set the incoming and outgoing tid to the just created one */
721 SSVAL(inbuf,smb_tid,conn->cnum);
722 SSVAL(outbuf,smb_tid,conn->cnum);
724 END_PROFILE(SMBtconX);
725 return chain_reply(inbuf,outbuf,length,bufsize);
728 /****************************************************************************
729 Reply to an unknown type.
730 ****************************************************************************/
732 int reply_unknown(char *inbuf,char *outbuf)
735 type = CVAL(inbuf,smb_com);
737 DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
738 smb_fn_name(type), type, type));
740 return(ERROR_DOS(ERRSRV,ERRunknownsmb));
743 /****************************************************************************
745 conn POINTER CAN BE NULL HERE !
746 ****************************************************************************/
748 int reply_ioctl(connection_struct *conn,
749 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
751 uint16 device = SVAL(inbuf,smb_vwv1);
752 uint16 function = SVAL(inbuf,smb_vwv2);
753 uint32 ioctl_code = (device << 16) + function;
754 int replysize, outsize;
756 START_PROFILE(SMBioctl);
758 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
760 switch (ioctl_code) {
761 case IOCTL_QUERY_JOB_INFO:
765 END_PROFILE(SMBioctl);
766 return(ERROR_DOS(ERRSRV,ERRnosupport));
769 outsize = set_message(outbuf,8,replysize+1,True);
770 SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
771 SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
772 SSVAL(outbuf,smb_vwv6,52); /* Offset to data */
773 p = smb_buf(outbuf) + 1; /* Allow for alignment */
775 switch (ioctl_code) {
776 case IOCTL_QUERY_JOB_INFO:
778 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
780 END_PROFILE(SMBioctl);
781 return(UNIXERROR(ERRDOS,ERRbadfid));
783 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
784 srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII);
786 srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII);
792 END_PROFILE(SMBioctl);
796 /****************************************************************************
798 ****************************************************************************/
800 int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
805 BOOL bad_path = False;
806 SMB_STRUCT_STAT sbuf;
809 START_PROFILE(SMBchkpth);
811 srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status);
812 if (!NT_STATUS_IS_OK(status)) {
813 END_PROFILE(SMBchkpth);
815 /* Strange DOS error code semantics only for chkpth... */
816 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
817 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
818 /* We need to map to ERRbadpath */
819 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
822 return ERROR_NT(status);
825 RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
827 unix_convert(name,conn,0,&bad_path,&sbuf);
829 END_PROFILE(SMBchkpth);
830 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
833 if (check_name(name,conn)) {
834 if (VALID_STAT(sbuf) || SMB_VFS_STAT(conn,name,&sbuf) == 0)
835 if (!(ok = S_ISDIR(sbuf.st_mode))) {
836 END_PROFILE(SMBchkpth);
837 return ERROR_BOTH(NT_STATUS_NOT_A_DIRECTORY,ERRDOS,ERRbadpath);
842 /* We special case this - as when a Windows machine
843 is parsing a path is steps through the components
844 one at a time - if a component fails it expects
845 ERRbadpath, not ERRbadfile.
847 if(errno == ENOENT) {
849 * Windows returns different error codes if
850 * the parent directory is valid but not the
851 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
852 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
853 * if the path is invalid. This is different from set_bad_path_error()
854 * in the non-NT error case.
856 END_PROFILE(SMBchkpth);
857 return ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpath);
860 END_PROFILE(SMBchkpth);
861 return(UNIXERROR(ERRDOS,ERRbadpath));
864 outsize = set_message(outbuf,0,0,False);
865 DEBUG(3,("chkpth %s mode=%d\n", name, (int)SVAL(inbuf,smb_vwv0)));
867 END_PROFILE(SMBchkpth);
871 /****************************************************************************
873 ****************************************************************************/
875 int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
879 SMB_STRUCT_STAT sbuf;
884 BOOL bad_path = False;
888 START_PROFILE(SMBgetatr);
890 p = smb_buf(inbuf) + 1;
891 p += srvstr_get_path(inbuf, fname, p, sizeof(fname), 0, STR_TERMINATE, &status);
892 if (!NT_STATUS_IS_OK(status)) {
893 END_PROFILE(SMBgetatr);
894 return ERROR_NT(status);
897 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
899 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
900 under WfWg - weird! */
902 mode = aHIDDEN | aDIR;
903 if (!CAN_WRITE(conn))
909 unix_convert(fname,conn,0,&bad_path,&sbuf);
911 END_PROFILE(SMBgetatr);
912 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
914 if (check_name(fname,conn)) {
915 if (VALID_STAT(sbuf) || SMB_VFS_STAT(conn,fname,&sbuf) == 0) {
916 mode = dos_mode(conn,fname,&sbuf);
918 mtime = sbuf.st_mtime;
923 DEBUG(3,("stat of %s failed (%s)\n",fname,strerror(errno)));
929 END_PROFILE(SMBgetatr);
930 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadfile);
933 outsize = set_message(outbuf,10,0,True);
935 SSVAL(outbuf,smb_vwv0,mode);
936 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
937 srv_put_dos_date3(outbuf,smb_vwv1,mtime & ~1);
939 srv_put_dos_date3(outbuf,smb_vwv1,mtime);
941 SIVAL(outbuf,smb_vwv3,(uint32)size);
943 if (Protocol >= PROTOCOL_NT1) {
944 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
947 DEBUG( 3, ( "getatr name=%s mode=%d size=%d\n", fname, mode, (uint32)size ) );
949 END_PROFILE(SMBgetatr);
953 /****************************************************************************
955 ****************************************************************************/
957 int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
964 SMB_STRUCT_STAT sbuf;
965 BOOL bad_path = False;
969 START_PROFILE(SMBsetatr);
971 p = smb_buf(inbuf) + 1;
972 p += srvstr_get_path(inbuf, fname, p, sizeof(fname), 0, STR_TERMINATE, &status);
973 if (!NT_STATUS_IS_OK(status)) {
974 END_PROFILE(SMBsetatr);
975 return ERROR_NT(status);
978 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
980 unix_convert(fname,conn,0,&bad_path,&sbuf);
982 END_PROFILE(SMBsetatr);
983 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
986 mode = SVAL(inbuf,smb_vwv0);
987 mtime = srv_make_unix_date3(inbuf+smb_vwv1);
989 if (mode != FILE_ATTRIBUTE_NORMAL) {
990 if (VALID_STAT_OF_DIR(sbuf))
995 if (check_name(fname,conn)) {
996 ok = (file_set_dosmode(conn,fname,mode,&sbuf,False) == 0);
1003 ok = set_filetime(conn,fname,mtime);
1006 END_PROFILE(SMBsetatr);
1007 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRnoaccess);
1010 outsize = set_message(outbuf,0,0,False);
1012 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1014 END_PROFILE(SMBsetatr);
1018 /****************************************************************************
1020 ****************************************************************************/
1022 int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1025 SMB_BIG_UINT dfree,dsize,bsize;
1026 START_PROFILE(SMBdskattr);
1028 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1029 END_PROFILE(SMBdskattr);
1030 return(UNIXERROR(ERRHRD,ERRgeneral));
1033 outsize = set_message(outbuf,5,0,True);
1035 if (Protocol <= PROTOCOL_LANMAN2) {
1036 double total_space, free_space;
1037 /* we need to scale this to a number that DOS6 can handle. We
1038 use floating point so we can handle large drives on systems
1039 that don't have 64 bit integers
1041 we end up displaying a maximum of 2G to DOS systems
1043 total_space = dsize * (double)bsize;
1044 free_space = dfree * (double)bsize;
1046 dsize = (total_space+63*512) / (64*512);
1047 dfree = (free_space+63*512) / (64*512);
1049 if (dsize > 0xFFFF) dsize = 0xFFFF;
1050 if (dfree > 0xFFFF) dfree = 0xFFFF;
1052 SSVAL(outbuf,smb_vwv0,dsize);
1053 SSVAL(outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1054 SSVAL(outbuf,smb_vwv2,512); /* and this must be 512 */
1055 SSVAL(outbuf,smb_vwv3,dfree);
1057 SSVAL(outbuf,smb_vwv0,dsize);
1058 SSVAL(outbuf,smb_vwv1,bsize/512);
1059 SSVAL(outbuf,smb_vwv2,512);
1060 SSVAL(outbuf,smb_vwv3,dfree);
1063 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1065 END_PROFILE(SMBdskattr);
1069 /****************************************************************************
1071 Can be called from SMBsearch, SMBffirst or SMBfunique.
1072 ****************************************************************************/
1074 int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1084 unsigned int numentries = 0;
1085 unsigned int maxentries = 0;
1086 BOOL finished = False;
1093 BOOL check_descend = False;
1094 BOOL expect_close = False;
1095 BOOL can_open = True;
1096 BOOL bad_path = False;
1098 BOOL mask_contains_wcard = False;
1099 BOOL allow_long_path_components = (SVAL(inbuf,smb_flg2) & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1101 START_PROFILE(SMBsearch);
1103 if (lp_posix_pathnames()) {
1104 END_PROFILE(SMBsearch);
1105 return reply_unknown(inbuf, outbuf);
1108 *mask = *directory = *fname = 0;
1110 /* If we were called as SMBffirst then we must expect close. */
1111 if(CVAL(inbuf,smb_com) == SMBffirst)
1112 expect_close = True;
1114 outsize = set_message(outbuf,1,3,True);
1115 maxentries = SVAL(inbuf,smb_vwv0);
1116 dirtype = SVAL(inbuf,smb_vwv1);
1117 p = smb_buf(inbuf) + 1;
1118 p += srvstr_get_path_wcard(inbuf, path, p, sizeof(path), 0, STR_TERMINATE, &nt_status, &mask_contains_wcard);
1119 if (!NT_STATUS_IS_OK(nt_status)) {
1120 END_PROFILE(SMBsearch);
1121 return ERROR_NT(nt_status);
1124 RESOLVE_DFSPATH_WCARD(path, conn, inbuf, outbuf);
1127 status_len = SVAL(p, 0);
1130 /* dirtype &= ~aDIR; */
1132 if (status_len == 0) {
1133 SMB_STRUCT_STAT sbuf;
1136 pstrcpy(directory,path);
1138 unix_convert(directory,conn,0,&bad_path,&sbuf);
1141 if (!check_name(directory,conn))
1144 p = strrchr_m(dir2,'/');
1153 p = strrchr_m(directory,'/');
1159 if (strlen(directory) == 0)
1160 pstrcpy(directory,".");
1161 memset((char *)status,'\0',21);
1162 SCVAL(status,0,(dirtype & 0x1F));
1166 memcpy(status,p,21);
1167 status_dirtype = CVAL(status,0) & 0x1F;
1168 if (status_dirtype != (dirtype & 0x1F))
1169 dirtype = status_dirtype;
1171 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1174 string_set(&conn->dirpath,dptr_path(dptr_num));
1175 pstrcpy(mask, dptr_wcard(dptr_num));
1179 p = smb_buf(outbuf) + 3;
1182 if (status_len == 0) {
1183 dptr_num = dptr_create(conn,directory,True,expect_close,SVAL(inbuf,smb_pid), mask, mask_contains_wcard, dirtype);
1185 if(dptr_num == -2) {
1186 END_PROFILE(SMBsearch);
1187 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRnofids);
1189 END_PROFILE(SMBsearch);
1190 return ERROR_DOS(ERRDOS,ERRnofids);
1193 dirtype = dptr_attr(dptr_num);
1196 DEBUG(4,("dptr_num is %d\n",dptr_num));
1199 if ((dirtype&0x1F) == aVOLID) {
1200 memcpy(p,status,21);
1201 make_dir_struct(p,"???????????",volume_label(SNUM(conn)),
1202 0,aVOLID,0,!allow_long_path_components);
1203 dptr_fill(p+12,dptr_num);
1204 if (dptr_zero(p+12) && (status_len==0))
1208 p += DIR_STRUCT_SIZE;
1211 maxentries = MIN(maxentries, ((BUFFER_SIZE - (p - outbuf))/DIR_STRUCT_SIZE));
1213 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1214 conn->dirpath,lp_dontdescend(SNUM(conn))));
1215 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True))
1216 check_descend = True;
1218 for (i=numentries;(i<maxentries) && !finished;i++) {
1219 finished = !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
1221 memcpy(p,status,21);
1222 make_dir_struct(p,mask,fname,size, mode,date,
1223 !allow_long_path_components);
1224 if (!dptr_fill(p+12,dptr_num)) {
1228 p += DIR_STRUCT_SIZE;
1238 /* If we were called as SMBffirst with smb_search_id == NULL
1239 and no entries were found then return error and close dirptr
1242 if (numentries == 0 || !ok) {
1243 dptr_close(&dptr_num);
1244 } else if(ok && expect_close && status_len == 0) {
1245 /* Close the dptr - we know it's gone */
1246 dptr_close(&dptr_num);
1249 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1250 if(dptr_num >= 0 && CVAL(inbuf,smb_com) == SMBfunique) {
1251 dptr_close(&dptr_num);
1254 if ((numentries == 0) && !mask_contains_wcard) {
1255 return ERROR_BOTH(STATUS_NO_MORE_FILES,ERRDOS,ERRnofiles);
1258 SSVAL(outbuf,smb_vwv0,numentries);
1259 SSVAL(outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1260 SCVAL(smb_buf(outbuf),0,5);
1261 SSVAL(smb_buf(outbuf),1,numentries*DIR_STRUCT_SIZE);
1263 /* The replies here are never long name. */
1264 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1265 if (!allow_long_path_components) {
1266 SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) & (~FLAGS2_LONG_PATH_COMPONENTS));
1269 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1270 SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1272 outsize += DIR_STRUCT_SIZE*numentries;
1273 smb_setlen(outbuf,outsize - 4);
1275 if ((! *directory) && dptr_path(dptr_num))
1276 slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
1278 DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1279 smb_fn_name(CVAL(inbuf,smb_com)),
1280 mask, directory, dirtype, numentries, maxentries ) );
1282 END_PROFILE(SMBsearch);
1286 /****************************************************************************
1287 Reply to a fclose (stop directory search).
1288 ****************************************************************************/
1290 int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1299 BOOL path_contains_wcard = False;
1301 START_PROFILE(SMBfclose);
1303 if (lp_posix_pathnames()) {
1304 END_PROFILE(SMBfclose);
1305 return reply_unknown(inbuf, outbuf);
1308 outsize = set_message(outbuf,1,0,True);
1309 p = smb_buf(inbuf) + 1;
1310 p += srvstr_get_path_wcard(inbuf, path, p, sizeof(path), 0, STR_TERMINATE, &err, &path_contains_wcard);
1311 if (!NT_STATUS_IS_OK(err)) {
1312 END_PROFILE(SMBfclose);
1313 return ERROR_NT(err);
1316 status_len = SVAL(p,0);
1319 if (status_len == 0) {
1320 END_PROFILE(SMBfclose);
1321 return ERROR_DOS(ERRSRV,ERRsrverror);
1324 memcpy(status,p,21);
1326 if(dptr_fetch(status+12,&dptr_num)) {
1327 /* Close the dptr - we know it's gone */
1328 dptr_close(&dptr_num);
1331 SSVAL(outbuf,smb_vwv0,0);
1333 DEBUG(3,("search close\n"));
1335 END_PROFILE(SMBfclose);
1339 /****************************************************************************
1341 ****************************************************************************/
1343 int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1351 SMB_STRUCT_STAT sbuf;
1352 BOOL bad_path = False;
1354 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1356 uint32 dos_attr = SVAL(inbuf,smb_vwv1);
1359 uint32 create_disposition;
1360 uint32 create_options = 0;
1362 START_PROFILE(SMBopen);
1364 deny_mode = SVAL(inbuf,smb_vwv0);
1366 srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), 0, STR_TERMINATE, &status);
1367 if (!NT_STATUS_IS_OK(status)) {
1368 END_PROFILE(SMBopen);
1369 return ERROR_NT(status);
1372 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1374 unix_convert(fname,conn,0,&bad_path,&sbuf);
1376 END_PROFILE(SMBopen);
1377 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1380 if (!map_open_params_to_ntcreate(fname, deny_mode, OPENX_FILE_EXISTS_OPEN,
1381 &access_mask, &share_mode, &create_disposition, &create_options)) {
1382 END_PROFILE(SMBopen);
1383 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1386 status = open_file_ntcreate(conn,fname,&sbuf,
1395 if (!NT_STATUS_IS_OK(status)) {
1396 END_PROFILE(SMBopen);
1397 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1398 /* We have re-scheduled this call. */
1401 return ERROR_NT(status);
1404 size = sbuf.st_size;
1405 fattr = dos_mode(conn,fname,&sbuf);
1406 mtime = sbuf.st_mtime;
1409 DEBUG(3,("attempt to open a directory %s\n",fname));
1410 close_file(fsp,ERROR_CLOSE);
1411 END_PROFILE(SMBopen);
1412 return ERROR_DOS(ERRDOS,ERRnoaccess);
1415 outsize = set_message(outbuf,7,0,True);
1416 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1417 SSVAL(outbuf,smb_vwv1,fattr);
1418 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1419 srv_put_dos_date3(outbuf,smb_vwv2,mtime & ~1);
1421 srv_put_dos_date3(outbuf,smb_vwv2,mtime);
1423 SIVAL(outbuf,smb_vwv4,(uint32)size);
1424 SSVAL(outbuf,smb_vwv6,deny_mode);
1426 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1427 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1430 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1431 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1433 END_PROFILE(SMBopen);
1437 /****************************************************************************
1438 Reply to an open and X.
1439 ****************************************************************************/
1441 int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1444 uint16 open_flags = SVAL(inbuf,smb_vwv2);
1445 int deny_mode = SVAL(inbuf,smb_vwv3);
1446 uint32 smb_attr = SVAL(inbuf,smb_vwv5);
1447 /* Breakout the oplock request bits so we can set the
1448 reply bits separately. */
1449 int ex_oplock_request = EXTENDED_OPLOCK_REQUEST(inbuf);
1450 int core_oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1451 int oplock_request = ex_oplock_request | core_oplock_request;
1453 int smb_sattr = SVAL(inbuf,smb_vwv4);
1454 uint32 smb_time = make_unix_date3(inbuf+smb_vwv6);
1456 int smb_ofun = SVAL(inbuf,smb_vwv8);
1460 SMB_STRUCT_STAT sbuf;
1462 BOOL bad_path = False;
1465 SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv9);
1466 ssize_t retval = -1;
1469 uint32 create_disposition;
1470 uint32 create_options = 0;
1472 START_PROFILE(SMBopenX);
1474 /* If it's an IPC, pass off the pipe handler. */
1476 if (lp_nt_pipe_support()) {
1477 END_PROFILE(SMBopenX);
1478 return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize);
1480 END_PROFILE(SMBopenX);
1481 return ERROR_DOS(ERRSRV,ERRaccess);
1485 /* XXXX we need to handle passed times, sattr and flags */
1486 srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, &status);
1487 if (!NT_STATUS_IS_OK(status)) {
1488 END_PROFILE(SMBopenX);
1489 return ERROR_NT(status);
1492 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1494 unix_convert(fname,conn,0,&bad_path,&sbuf);
1496 END_PROFILE(SMBopenX);
1497 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1500 if (!map_open_params_to_ntcreate(fname, deny_mode, smb_ofun,
1503 &create_disposition,
1505 END_PROFILE(SMBopenX);
1506 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1509 status = open_file_ntcreate(conn,fname,&sbuf,
1518 if (!NT_STATUS_IS_OK(status)) {
1519 END_PROFILE(SMBopenX);
1520 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1521 /* We have re-scheduled this call. */
1524 return ERROR_NT(status);
1527 size = sbuf.st_size;
1529 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1530 if the file is truncated or created. */
1531 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1532 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1533 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1534 close_file(fsp,ERROR_CLOSE);
1535 END_PROFILE(SMBopenX);
1536 return ERROR_NT(NT_STATUS_DISK_FULL);
1538 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1540 close_file(fsp,ERROR_CLOSE);
1541 END_PROFILE(SMBopenX);
1542 return ERROR_NT(NT_STATUS_DISK_FULL);
1544 size = get_allocation_size(conn,fsp,&sbuf);
1547 fattr = dos_mode(conn,fname,&sbuf);
1548 mtime = sbuf.st_mtime;
1550 close_file(fsp,ERROR_CLOSE);
1551 END_PROFILE(SMBopenX);
1552 return ERROR_DOS(ERRDOS,ERRnoaccess);
1555 /* If the caller set the extended oplock request bit
1556 and we granted one (by whatever means) - set the
1557 correct bit for extended oplock reply.
1560 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1561 smb_action |= EXTENDED_OPLOCK_GRANTED;
1564 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1565 smb_action |= EXTENDED_OPLOCK_GRANTED;
1568 /* If the caller set the core oplock request bit
1569 and we granted one (by whatever means) - set the
1570 correct bit for core oplock reply.
1573 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1574 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1577 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1578 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1581 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1582 set_message(outbuf,19,0,True);
1584 set_message(outbuf,15,0,True);
1586 SSVAL(outbuf,smb_vwv2,fsp->fnum);
1587 SSVAL(outbuf,smb_vwv3,fattr);
1588 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1589 srv_put_dos_date3(outbuf,smb_vwv4,mtime & ~1);
1591 srv_put_dos_date3(outbuf,smb_vwv4,mtime);
1593 SIVAL(outbuf,smb_vwv6,(uint32)size);
1594 SSVAL(outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1595 SSVAL(outbuf,smb_vwv11,smb_action);
1597 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1598 SIVAL(outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1601 END_PROFILE(SMBopenX);
1602 return chain_reply(inbuf,outbuf,length,bufsize);
1605 /****************************************************************************
1606 Reply to a SMBulogoffX.
1607 conn POINTER CAN BE NULL HERE !
1608 ****************************************************************************/
1610 int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
1612 uint16 vuid = SVAL(inbuf,smb_uid);
1613 user_struct *vuser = get_valid_user_struct(vuid);
1614 START_PROFILE(SMBulogoffX);
1617 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n", vuid));
1619 /* in user level security we are supposed to close any files
1620 open by this user */
1621 if ((vuser != 0) && (lp_security() != SEC_SHARE))
1622 file_close_user(vuid);
1624 invalidate_vuid(vuid);
1626 set_message(outbuf,2,0,True);
1628 DEBUG( 3, ( "ulogoffX vuid=%d\n", vuid ) );
1630 END_PROFILE(SMBulogoffX);
1631 return chain_reply(inbuf,outbuf,length,bufsize);
1634 /****************************************************************************
1635 Reply to a mknew or a create.
1636 ****************************************************************************/
1638 int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1643 uint32 fattr = SVAL(inbuf,smb_vwv0);
1644 BOOL bad_path = False;
1646 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1647 SMB_STRUCT_STAT sbuf;
1649 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1650 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1651 uint32 create_disposition;
1652 uint32 create_options = 0;
1654 START_PROFILE(SMBcreate);
1656 com = SVAL(inbuf,smb_com);
1658 srvstr_get_path(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), 0, STR_TERMINATE, &status);
1659 if (!NT_STATUS_IS_OK(status)) {
1660 END_PROFILE(SMBcreate);
1661 return ERROR_NT(status);
1664 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1666 unix_convert(fname,conn,0,&bad_path,&sbuf);
1668 END_PROFILE(SMBcreate);
1669 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1672 if (fattr & aVOLID) {
1673 DEBUG(0,("Attempt to create file (%s) with volid set - please report this\n",fname));
1676 if(com == SMBmknew) {
1677 /* We should fail if file exists. */
1678 create_disposition = FILE_CREATE;
1680 /* Create if file doesn't exist, truncate if it does. */
1681 create_disposition = FILE_OVERWRITE_IF;
1684 /* Open file using ntcreate. */
1685 status = open_file_ntcreate(conn,fname,&sbuf,
1694 if (!NT_STATUS_IS_OK(status)) {
1695 END_PROFILE(SMBcreate);
1696 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1697 /* We have re-scheduled this call. */
1700 return ERROR_NT(status);
1703 outsize = set_message(outbuf,1,0,True);
1704 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1706 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1707 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1710 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1711 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1714 DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
1715 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n", fname, fsp->fh->fd, (unsigned int)fattr ) );
1717 END_PROFILE(SMBcreate);
1721 /****************************************************************************
1722 Reply to a create temporary file.
1723 ****************************************************************************/
1725 int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
1729 uint32 fattr = SVAL(inbuf,smb_vwv0);
1730 BOOL bad_path = False;
1732 int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
1734 SMB_STRUCT_STAT sbuf;
1737 unsigned int namelen;
1739 START_PROFILE(SMBctemp);
1741 srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), 0, STR_TERMINATE, &status);
1742 if (!NT_STATUS_IS_OK(status)) {
1743 END_PROFILE(SMBctemp);
1744 return ERROR_NT(status);
1747 pstrcat(fname,"/TMXXXXXX");
1749 pstrcat(fname,"TMXXXXXX");
1752 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1754 unix_convert(fname,conn,0,&bad_path,&sbuf);
1756 END_PROFILE(SMBctemp);
1757 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
1760 tmpfd = smb_mkstemp(fname);
1762 END_PROFILE(SMBctemp);
1763 return(UNIXERROR(ERRDOS,ERRnoaccess));
1766 SMB_VFS_STAT(conn,fname,&sbuf);
1768 /* We should fail if file does not exist. */
1769 status = open_file_ntcreate(conn,fname,&sbuf,
1770 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
1771 FILE_SHARE_READ|FILE_SHARE_WRITE,
1778 /* close fd from smb_mkstemp() */
1781 if (!NT_STATUS_IS_OK(status)) {
1782 END_PROFILE(SMBctemp);
1783 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
1784 /* We have re-scheduled this call. */
1787 return ERROR_NT(status);
1790 outsize = set_message(outbuf,1,0,True);
1791 SSVAL(outbuf,smb_vwv0,fsp->fnum);
1793 /* the returned filename is relative to the directory */
1794 s = strrchr_m(fname, '/');
1801 p = smb_buf(outbuf);
1803 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
1804 thing in the byte section. JRA */
1805 SSVALS(p, 0, -1); /* what is this? not in spec */
1807 namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);
1809 outsize = set_message_end(outbuf, p);
1811 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1812 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1815 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1816 SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1819 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
1820 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
1821 (unsigned int)sbuf.st_mode ) );
1823 END_PROFILE(SMBctemp);
1827 /*******************************************************************
1828 Check if a user is allowed to rename a file.
1829 ********************************************************************/
1831 static NTSTATUS can_rename(connection_struct *conn, char *fname, uint16 dirtype, SMB_STRUCT_STAT *pst)
1837 if (!CAN_WRITE(conn)) {
1838 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1841 fmode = dos_mode(conn,fname,pst);
1842 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
1843 return NT_STATUS_NO_SUCH_FILE;
1846 if (S_ISDIR(pst->st_mode)) {
1847 return NT_STATUS_OK;
1850 status = open_file_ntcreate(conn, fname, pst,
1852 FILE_SHARE_READ|FILE_SHARE_WRITE,
1855 FILE_ATTRIBUTE_NORMAL,
1859 if (!NT_STATUS_IS_OK(status)) {
1860 return NT_STATUS_ACCESS_DENIED;
1862 close_file(fsp,NORMAL_CLOSE);
1863 return NT_STATUS_OK;
1866 /*******************************************************************
1867 Check if a user is allowed to delete a file.
1868 ********************************************************************/
1870 NTSTATUS can_delete(connection_struct *conn, char *fname, uint32 dirtype, BOOL bad_path, BOOL check_is_at_open)
1872 SMB_STRUCT_STAT sbuf;
1877 DEBUG(10,("can_delete: %s, dirtype = %d\n", fname, dirtype ));
1879 if (!CAN_WRITE(conn)) {
1880 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1883 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
1884 if(errno == ENOENT) {
1886 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1888 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1891 return map_nt_error_from_unix(errno);
1894 fattr = dos_mode(conn,fname,&sbuf);
1896 /* Can't delete a directory. */
1898 return NT_STATUS_FILE_IS_A_DIRECTORY;
1902 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
1903 return NT_STATUS_OBJECT_NAME_INVALID;
1904 #endif /* JRATEST */
1906 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
1908 On a Windows share, a file with read-only dosmode can be opened with
1909 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
1910 fails with NT_STATUS_CANNOT_DELETE error.
1912 This semantic causes a problem that a user can not
1913 rename a file with read-only dosmode on a Samba share
1914 from a Windows command prompt (i.e. cmd.exe, but can rename
1915 from Windows Explorer).
1918 if (!check_is_at_open && !lp_delete_readonly(SNUM(conn))) {
1919 if (fattr & aRONLY) {
1920 return NT_STATUS_CANNOT_DELETE;
1923 if ((fattr & ~dirtype) & (aHIDDEN | aSYSTEM)) {
1924 return NT_STATUS_NO_SUCH_FILE;
1927 if (check_is_at_open) {
1928 if (!can_delete_file_in_directory(conn, fname)) {
1929 return NT_STATUS_ACCESS_DENIED;
1932 /* On open checks the open itself will check the share mode, so
1933 don't do it here as we'll get it wrong. */
1935 status = open_file_ntcreate(conn, fname, &sbuf,
1940 FILE_ATTRIBUTE_NORMAL,
1944 if (!NT_STATUS_IS_OK(status)) {
1947 close_file(fsp,NORMAL_CLOSE);
1949 return NT_STATUS_OK;
1952 /****************************************************************************
1953 The guts of the unlink command, split out so it may be called by the NT SMB
1955 ****************************************************************************/
1957 NTSTATUS unlink_internals(connection_struct *conn, uint32 dirtype, char *name, BOOL has_wild)
1963 NTSTATUS error = NT_STATUS_OK;
1964 BOOL bad_path = False;
1966 SMB_STRUCT_STAT sbuf;
1968 *directory = *mask = 0;
1970 rc = unix_convert(name,conn,0,&bad_path,&sbuf);
1972 p = strrchr_m(name,'/');
1974 pstrcpy(directory,".");
1978 pstrcpy(directory,name);
1983 * We should only check the mangled cache
1984 * here if unix_convert failed. This means
1985 * that the path in 'mask' doesn't exist
1986 * on the file system and so we need to look
1987 * for a possible mangle. This patch from
1988 * Tine Smukavec <valentin.smukavec@hermes.si>.
1991 if (!rc && mangle_is_mangled(mask,conn->params))
1992 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
1995 pstrcat(directory,"/");
1996 pstrcat(directory,mask);
1997 error = can_delete(conn,directory,dirtype,bad_path,False);
1998 if (!NT_STATUS_IS_OK(error))
2001 if (SMB_VFS_UNLINK(conn,directory) == 0) {
2005 struct smb_Dir *dir_hnd = NULL;
2008 if (strequal(mask,"????????.???"))
2011 if (check_name(directory,conn))
2012 dir_hnd = OpenDir(conn, directory, mask, dirtype);
2014 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2015 the pattern matches against the long name, otherwise the short name
2016 We don't implement this yet XXXX
2021 error = NT_STATUS_NO_SUCH_FILE;
2023 while ((dname = ReadDirName(dir_hnd, &offset))) {
2026 BOOL sys_direntry = False;
2027 pstrcpy(fname,dname);
2029 if (!is_visible_file(conn, directory, dname, &st, True)) {
2033 /* Quick check for "." and ".." */
2034 if (fname[0] == '.') {
2035 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
2036 if ((dirtype & FILE_ATTRIBUTE_DIRECTORY) && (dirtype & FILE_ATTRIBUTE_SYSTEM)) {
2037 sys_direntry = True;
2044 if(!mask_match(fname, mask, conn->case_sensitive))
2048 error = NT_STATUS_OBJECT_NAME_INVALID;
2049 DEBUG(3,("unlink_internals: system directory delete denied [%s] mask [%s]\n",
2054 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
2055 error = can_delete(conn,fname,dirtype,bad_path,False);
2056 if (!NT_STATUS_IS_OK(error)) {
2059 if (SMB_VFS_UNLINK(conn,fname) == 0)
2061 DEBUG(3,("unlink_internals: succesful unlink [%s]\n",fname));
2067 if (count == 0 && NT_STATUS_IS_OK(error)) {
2068 error = map_nt_error_from_unix(errno);
2074 /****************************************************************************
2076 ****************************************************************************/
2078 int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
2085 BOOL path_contains_wcard = False;
2087 START_PROFILE(SMBunlink);
2089 dirtype = SVAL(inbuf,smb_vwv0);
2091 srvstr_get_path_wcard(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status, &path_contains_wcard);
2092 if (!NT_STATUS_IS_OK(status)) {
2093 END_PROFILE(SMBunlink);
2094 return ERROR_NT(status);
2097 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
2099 DEBUG(3,("reply_unlink : %s\n",name));
2101 status = unlink_internals(conn, dirtype, name, path_contains_wcard);
2102 if (!NT_STATUS_IS_OK(status)) {
2103 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
2104 /* We have re-scheduled this call. */
2107 return ERROR_NT(status);
2111 * Win2k needs a changenotify request response before it will
2112 * update after a rename..
2114 process_pending_change_notify_queue((time_t)0);
2116 outsize = set_message(outbuf,0,0,False);
2118 END_PROFILE(SMBunlink);
2122 /****************************************************************************
2124 ****************************************************************************/
2126 static void fail_readraw(void)
2129 slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
2131 exit_server(errstr);
2134 #if defined(WITH_SENDFILE)
2135 /****************************************************************************
2136 Fake (read/write) sendfile. Returns -1 on read or write fail.
2137 ****************************************************************************/
2139 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos, size_t nread, char *buf, int bufsize)
2143 /* Paranioa check... */
2144 if (nread > bufsize) {
2149 ret = read_file(fsp,buf,startpos,nread);
2155 /* If we had a short read, fill with zeros. */
2157 memset(buf, '\0', nread - ret);
2160 if (write_data(smbd_server_fd(),buf,nread) != nread) {
2164 return (ssize_t)nread;
2168 /****************************************************************************
2169 Use sendfile in readbraw.
2170 ****************************************************************************/
2172 void send_file_readbraw(connection_struct *conn, files_struct *fsp, SMB_OFF_T startpos, size_t nread,
2173 ssize_t mincount, char *outbuf, int out_buffsize)
2177 #if defined(WITH_SENDFILE)
2179 * We can only use sendfile on a non-chained packet
2180 * but we can use on a non-oplocked file. tridge proved this
2181 * on a train in Germany :-). JRA.
2182 * reply_readbraw has already checked the length.
2185 if ( (chain_size == 0) && (nread > 0) &&
2186 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2189 _smb_setlen(outbuf,nread);
2190 header.data = (uint8 *)outbuf;
2194 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, nread) == -1) {
2195 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2196 if (errno == ENOSYS) {
2197 goto normal_readbraw;
2201 * Special hack for broken Linux with no working sendfile. If we
2202 * return EINTR we sent the header but not the rest of the data.
2203 * Fake this up by doing read/write calls.
2205 if (errno == EINTR) {
2206 /* Ensure we don't do this again. */
2207 set_use_sendfile(SNUM(conn), False);
2208 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2210 if (fake_sendfile(fsp, startpos, nread, outbuf + 4, out_buffsize - 4) == -1) {
2211 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2212 fsp->fsp_name, strerror(errno) ));
2213 exit_server("send_file_readbraw fake_sendfile failed");
2218 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2219 fsp->fsp_name, strerror(errno) ));
2220 exit_server("send_file_readbraw sendfile failed");
2230 ret = read_file(fsp,outbuf+4,startpos,nread);
2231 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2240 _smb_setlen(outbuf,ret);
2241 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2245 /****************************************************************************
2246 Reply to a readbraw (core+ protocol).
2247 ****************************************************************************/
2249 int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int out_buffsize)
2251 ssize_t maxcount,mincount;
2254 char *header = outbuf;
2256 START_PROFILE(SMBreadbraw);
2258 if (srv_is_signing_active()) {
2259 exit_server("reply_readbraw: SMB signing is active - raw reads/writes are disallowed.");
2263 * Special check if an oplock break has been issued
2264 * and the readraw request croses on the wire, we must
2265 * return a zero length response here.
2268 fsp = file_fsp(inbuf,smb_vwv0);
2270 if (!FNUM_OK(fsp,conn) || !fsp->can_read) {
2272 * fsp could be NULL here so use the value from the packet. JRA.
2274 DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",(int)SVAL(inbuf,smb_vwv0)));
2275 _smb_setlen(header,0);
2276 if (write_data(smbd_server_fd(),header,4) != 4)
2278 END_PROFILE(SMBreadbraw);
2282 CHECK_FSP(fsp,conn);
2284 flush_write_cache(fsp, READRAW_FLUSH);
2286 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
2287 if(CVAL(inbuf,smb_wct) == 10) {
2289 * This is a large offset (64 bit) read.
2291 #ifdef LARGE_SMB_OFF_T
2293 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv8)) << 32);
2295 #else /* !LARGE_SMB_OFF_T */
2298 * Ensure we haven't been sent a >32 bit offset.
2301 if(IVAL(inbuf,smb_vwv8) != 0) {
2302 DEBUG(0,("readbraw - large offset (%x << 32) used and we don't support \
2303 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv8) ));
2304 _smb_setlen(header,0);
2305 if (write_data(smbd_server_fd(),header,4) != 4)
2307 END_PROFILE(SMBreadbraw);
2311 #endif /* LARGE_SMB_OFF_T */
2314 DEBUG(0,("readbraw - negative 64 bit readraw offset (%.0f) !\n", (double)startpos ));
2315 _smb_setlen(header,0);
2316 if (write_data(smbd_server_fd(),header,4) != 4)
2318 END_PROFILE(SMBreadbraw);
2322 maxcount = (SVAL(inbuf,smb_vwv3) & 0xFFFF);
2323 mincount = (SVAL(inbuf,smb_vwv4) & 0xFFFF);
2325 /* ensure we don't overrun the packet size */
2326 maxcount = MIN(65535,maxcount);
2328 if (!is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2332 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st) == 0) {
2336 if (startpos >= size) {
2339 nread = MIN(maxcount,(size - startpos));
2343 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2344 if (nread < mincount)
2348 DEBUG( 3, ( "readbraw fnum=%d start=%.0f max=%lu min=%lu nread=%lu\n", fsp->fnum, (double)startpos,
2349 (unsigned long)maxcount, (unsigned long)mincount, (unsigned long)nread ) );
2351 send_file_readbraw(conn, fsp, startpos, nread, mincount, outbuf, out_buffsize);
2353 DEBUG(5,("readbraw finished\n"));
2354 END_PROFILE(SMBreadbraw);
2359 #define DBGC_CLASS DBGC_LOCKING
2361 /****************************************************************************
2362 Reply to a lockread (core+ protocol).
2363 ****************************************************************************/
2365 int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz)
2373 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2374 struct byte_range_lock *br_lck = NULL;
2375 START_PROFILE(SMBlockread);
2377 CHECK_FSP(fsp,conn);
2378 if (!CHECK_READ(fsp,inbuf)) {
2379 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2382 release_level_2_oplocks_on_change(fsp);
2384 numtoread = SVAL(inbuf,smb_vwv1);
2385 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2387 outsize = set_message(outbuf,5,3,True);
2388 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2389 data = smb_buf(outbuf) + 3;
2392 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2393 * protocol request that predates the read/write lock concept.
2394 * Thus instead of asking for a read lock here we need to ask
2395 * for a write lock. JRA.
2396 * Note that the requested lock size is unaffected by max_recv.
2399 br_lck = do_lock(fsp,
2400 (uint32)SVAL(inbuf,smb_pid),
2401 (SMB_BIG_UINT)numtoread,
2402 (SMB_BIG_UINT)startpos,
2405 False, /* Non-blocking lock. */
2407 TALLOC_FREE(br_lck);
2409 if (NT_STATUS_V(status)) {
2410 END_PROFILE(SMBlockread);
2411 return ERROR_NT(status);
2415 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2418 if (numtoread > max_recv) {
2419 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2420 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2421 (unsigned int)numtoread, (unsigned int)max_recv ));
2422 numtoread = MIN(numtoread,max_recv);
2424 nread = read_file(fsp,data,startpos,numtoread);
2427 END_PROFILE(SMBlockread);
2428 return(UNIXERROR(ERRDOS,ERRnoaccess));
2432 SSVAL(outbuf,smb_vwv0,nread);
2433 SSVAL(outbuf,smb_vwv5,nread+3);
2434 SSVAL(smb_buf(outbuf),1,nread);
2436 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
2437 fsp->fnum, (int)numtoread, (int)nread));
2439 END_PROFILE(SMBlockread);
2444 #define DBGC_CLASS DBGC_ALL
2446 /****************************************************************************
2448 ****************************************************************************/
2450 int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2457 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2458 START_PROFILE(SMBread);
2460 CHECK_FSP(fsp,conn);
2461 if (!CHECK_READ(fsp,inbuf)) {
2462 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2465 numtoread = SVAL(inbuf,smb_vwv1);
2466 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2468 outsize = set_message(outbuf,5,3,True);
2469 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
2471 * The requested read size cannot be greater than max_recv. JRA.
2473 if (numtoread > max_recv) {
2474 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
2475 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2476 (unsigned int)numtoread, (unsigned int)max_recv ));
2477 numtoread = MIN(numtoread,max_recv);
2480 data = smb_buf(outbuf) + 3;
2482 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2483 END_PROFILE(SMBread);
2484 return ERROR_DOS(ERRDOS,ERRlock);
2488 nread = read_file(fsp,data,startpos,numtoread);
2491 END_PROFILE(SMBread);
2492 return(UNIXERROR(ERRDOS,ERRnoaccess));
2496 SSVAL(outbuf,smb_vwv0,nread);
2497 SSVAL(outbuf,smb_vwv5,nread+3);
2498 SCVAL(smb_buf(outbuf),0,1);
2499 SSVAL(smb_buf(outbuf),1,nread);
2501 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
2502 fsp->fnum, (int)numtoread, (int)nread ) );
2504 END_PROFILE(SMBread);
2508 /****************************************************************************
2509 Reply to a read and X - possibly using sendfile.
2510 ****************************************************************************/
2512 int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length, int len_outbuf,
2513 files_struct *fsp, SMB_OFF_T startpos, size_t smb_maxcnt)
2517 char *data = smb_buf(outbuf);
2519 #if defined(WITH_SENDFILE)
2521 * We can only use sendfile on a non-chained packet
2522 * but we can use on a non-oplocked file. tridge proved this
2523 * on a train in Germany :-). JRA.
2526 if ((chain_size == 0) && (CVAL(inbuf,smb_vwv0) == 0xFF) &&
2527 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
2528 SMB_STRUCT_STAT sbuf;
2531 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1)
2532 return(UNIXERROR(ERRDOS,ERRnoaccess));
2534 if (startpos > sbuf.st_size)
2537 if (smb_maxcnt > (sbuf.st_size - startpos))
2538 smb_maxcnt = (sbuf.st_size - startpos);
2540 if (smb_maxcnt == 0)
2544 * Set up the packet header before send. We
2545 * assume here the sendfile will work (get the
2546 * correct amount of data).
2549 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2550 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
2551 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2552 SSVAL(outbuf,smb_vwv7,((smb_maxcnt >> 16) & 1));
2553 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
2554 SCVAL(outbuf,smb_vwv0,0xFF);
2555 set_message(outbuf,12,smb_maxcnt,False);
2556 header.data = (uint8 *)outbuf;
2557 header.length = data - outbuf;
2560 if ((nread = SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, smb_maxcnt)) == -1) {
2561 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
2562 if (errno == ENOSYS) {
2567 * Special hack for broken Linux with no working sendfile. If we
2568 * return EINTR we sent the header but not the rest of the data.
2569 * Fake this up by doing read/write calls.
2572 if (errno == EINTR) {
2573 /* Ensure we don't do this again. */
2574 set_use_sendfile(SNUM(conn), False);
2575 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
2577 if ((nread = fake_sendfile(fsp, startpos, smb_maxcnt, data,
2578 len_outbuf - (data-outbuf))) == -1) {
2579 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
2580 fsp->fsp_name, strerror(errno) ));
2581 exit_server("send_file_readX: fake_sendfile failed");
2583 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
2584 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2585 /* Returning -1 here means successful sendfile. */
2589 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
2590 fsp->fsp_name, strerror(errno) ));
2591 exit_server("send_file_readX sendfile failed");
2594 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
2595 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2596 /* Returning -1 here means successful sendfile. */
2604 nread = read_file(fsp,data,startpos,smb_maxcnt);
2607 return(UNIXERROR(ERRDOS,ERRnoaccess));
2610 outsize = set_message(outbuf,12,nread,False);
2611 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
2612 SSVAL(outbuf,smb_vwv5,nread);
2613 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
2614 SSVAL(outbuf,smb_vwv7,((nread >> 16) & 1));
2615 SSVAL(smb_buf(outbuf),-2,nread);
2617 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
2618 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
2620 /* Returning the number of bytes we want to send back - including header. */
2624 /****************************************************************************
2625 Reply to a read and X.
2626 ****************************************************************************/
2628 int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
2630 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
2631 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2633 size_t smb_maxcnt = SVAL(inbuf,smb_vwv5);
2635 size_t smb_mincnt = SVAL(inbuf,smb_vwv6);
2638 START_PROFILE(SMBreadX);
2640 /* If it's an IPC, pass off the pipe handler. */
2642 END_PROFILE(SMBreadX);
2643 return reply_pipe_read_and_X(inbuf,outbuf,length,bufsize);
2646 CHECK_FSP(fsp,conn);
2647 if (!CHECK_READ(fsp,inbuf)) {
2648 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2651 set_message(outbuf,12,0,True);
2653 if (global_client_caps & CAP_LARGE_READX) {
2654 if (SVAL(inbuf,smb_vwv7) == 1) {
2655 smb_maxcnt |= (1<<16);
2657 if (smb_maxcnt > BUFFER_SIZE) {
2658 DEBUG(0,("reply_read_and_X - read too large (%u) for reply buffer %u\n",
2659 (unsigned int)smb_maxcnt, (unsigned int)BUFFER_SIZE));
2660 END_PROFILE(SMBreadX);
2661 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
2665 if(CVAL(inbuf,smb_wct) == 12) {
2666 #ifdef LARGE_SMB_OFF_T
2668 * This is a large offset (64 bit) read.
2670 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv10)) << 32);
2672 #else /* !LARGE_SMB_OFF_T */
2675 * Ensure we haven't been sent a >32 bit offset.
2678 if(IVAL(inbuf,smb_vwv10) != 0) {
2679 DEBUG(0,("reply_read_and_X - large offset (%x << 32) used and we don't support \
2680 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv10) ));
2681 END_PROFILE(SMBreadX);
2682 return ERROR_DOS(ERRDOS,ERRbadaccess);
2685 #endif /* LARGE_SMB_OFF_T */
2689 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)smb_maxcnt,(SMB_BIG_UINT)startpos, READ_LOCK)) {
2690 END_PROFILE(SMBreadX);
2691 return ERROR_DOS(ERRDOS,ERRlock);
2694 if (schedule_aio_read_and_X(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt)) {
2695 END_PROFILE(SMBreadX);
2699 nread = send_file_readX(conn, inbuf, outbuf, length, bufsize, fsp, startpos, smb_maxcnt);
2701 nread = chain_reply(inbuf,outbuf,length,bufsize);
2703 END_PROFILE(SMBreadX);
2707 /****************************************************************************
2708 Reply to a writebraw (core+ or LANMAN1.0 protocol).
2709 ****************************************************************************/
2711 int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
2714 ssize_t total_written=0;
2715 size_t numtowrite=0;
2720 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2722 START_PROFILE(SMBwritebraw);
2724 if (srv_is_signing_active()) {
2725 exit_server("reply_writebraw: SMB signing is active - raw reads/writes are disallowed.");
2728 CHECK_FSP(fsp,conn);
2729 if (!CHECK_WRITE(fsp)) {
2730 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2733 tcount = IVAL(inbuf,smb_vwv1);
2734 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
2735 write_through = BITSETW(inbuf+smb_vwv7,0);
2737 /* We have to deal with slightly different formats depending
2738 on whether we are using the core+ or lanman1.0 protocol */
2740 if(Protocol <= PROTOCOL_COREPLUS) {
2741 numtowrite = SVAL(smb_buf(inbuf),-2);
2742 data = smb_buf(inbuf);
2744 numtowrite = SVAL(inbuf,smb_vwv10);
2745 data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
2748 /* force the error type */
2749 SCVAL(inbuf,smb_com,SMBwritec);
2750 SCVAL(outbuf,smb_com,SMBwritec);
2752 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2753 END_PROFILE(SMBwritebraw);
2754 return(ERROR_DOS(ERRDOS,ERRlock));
2758 nwritten = write_file(fsp,data,startpos,numtowrite);
2760 DEBUG(3,("writebraw1 fnum=%d start=%.0f num=%d wrote=%d sync=%d\n",
2761 fsp->fnum, (double)startpos, (int)numtowrite, (int)nwritten, (int)write_through));
2763 if (nwritten < (ssize_t)numtowrite) {
2764 END_PROFILE(SMBwritebraw);
2765 return(UNIXERROR(ERRHRD,ERRdiskfull));
2768 total_written = nwritten;
2770 /* Return a message to the redirector to tell it to send more bytes */
2771 SCVAL(outbuf,smb_com,SMBwritebraw);
2772 SSVALS(outbuf,smb_vwv0,-1);
2773 outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
2775 if (!send_smb(smbd_server_fd(),outbuf))
2776 exit_server("reply_writebraw: send_smb failed.");
2778 /* Now read the raw data into the buffer and write it */
2779 if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
2780 exit_server("secondary writebraw failed");
2783 /* Even though this is not an smb message, smb_len returns the generic length of an smb message */
2784 numtowrite = smb_len(inbuf);
2786 /* Set up outbuf to return the correct return */
2787 outsize = set_message(outbuf,1,0,True);
2788 SCVAL(outbuf,smb_com,SMBwritec);
2790 if (numtowrite != 0) {
2792 if (numtowrite > BUFFER_SIZE) {
2793 DEBUG(0,("reply_writebraw: Oversize secondary write raw requested (%u). Terminating\n",
2794 (unsigned int)numtowrite ));
2795 exit_server("secondary writebraw failed");
2798 if (tcount > nwritten+numtowrite) {
2799 DEBUG(3,("Client overestimated the write %d %d %d\n",
2800 (int)tcount,(int)nwritten,(int)numtowrite));
2803 if (read_data( smbd_server_fd(), inbuf+4, numtowrite) != numtowrite ) {
2804 DEBUG(0,("reply_writebraw: Oversize secondary write raw read failed (%s). Terminating\n",
2806 exit_server("secondary writebraw failed");
2809 nwritten = write_file(fsp,inbuf+4,startpos+nwritten,numtowrite);
2810 if (nwritten == -1) {
2811 END_PROFILE(SMBwritebraw);
2812 return(UNIXERROR(ERRHRD,ERRdiskfull));
2815 if (nwritten < (ssize_t)numtowrite) {
2816 SCVAL(outbuf,smb_rcls,ERRHRD);
2817 SSVAL(outbuf,smb_err,ERRdiskfull);
2821 total_written += nwritten;
2824 SSVAL(outbuf,smb_vwv0,total_written);
2826 sync_file(conn, fsp, write_through);
2828 DEBUG(3,("writebraw2 fnum=%d start=%.0f num=%d wrote=%d\n",
2829 fsp->fnum, (double)startpos, (int)numtowrite,(int)total_written));
2831 /* we won't return a status if write through is not selected - this follows what WfWg does */
2832 END_PROFILE(SMBwritebraw);
2833 if (!write_through && total_written==tcount) {
2835 #if RABBIT_PELLET_FIX
2837 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
2838 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
2840 if (!send_keepalive(smbd_server_fd()))
2841 exit_server("reply_writebraw: send of keepalive failed");
2850 #define DBGC_CLASS DBGC_LOCKING
2852 /****************************************************************************
2853 Reply to a writeunlock (core+).
2854 ****************************************************************************/
2856 int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf,
2857 int size, int dum_buffsize)
2859 ssize_t nwritten = -1;
2863 NTSTATUS status = NT_STATUS_OK;
2864 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2866 START_PROFILE(SMBwriteunlock);
2868 CHECK_FSP(fsp,conn);
2869 if (!CHECK_WRITE(fsp)) {
2870 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2873 numtowrite = SVAL(inbuf,smb_vwv1);
2874 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2875 data = smb_buf(inbuf) + 3;
2877 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2878 END_PROFILE(SMBwriteunlock);
2879 return ERROR_DOS(ERRDOS,ERRlock);
2882 /* The special X/Open SMB protocol handling of
2883 zero length writes is *NOT* done for
2885 if(numtowrite == 0) {
2888 nwritten = write_file(fsp,data,startpos,numtowrite);
2891 sync_file(conn, fsp, False /* write through */);
2893 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
2894 END_PROFILE(SMBwriteunlock);
2895 return(UNIXERROR(ERRHRD,ERRdiskfull));
2899 status = do_unlock(fsp,
2900 (uint32)SVAL(inbuf,smb_pid),
2901 (SMB_BIG_UINT)numtowrite,
2902 (SMB_BIG_UINT)startpos,
2905 if (NT_STATUS_V(status)) {
2906 END_PROFILE(SMBwriteunlock);
2907 return ERROR_NT(status);
2911 outsize = set_message(outbuf,1,0,True);
2913 SSVAL(outbuf,smb_vwv0,nwritten);
2915 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
2916 fsp->fnum, (int)numtowrite, (int)nwritten));
2918 END_PROFILE(SMBwriteunlock);
2923 #define DBGC_CLASS DBGC_ALL
2925 /****************************************************************************
2927 ****************************************************************************/
2929 int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int dum_buffsize)
2932 ssize_t nwritten = -1;
2935 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
2937 START_PROFILE(SMBwrite);
2939 /* If it's an IPC, pass off the pipe handler. */
2941 END_PROFILE(SMBwrite);
2942 return reply_pipe_write(inbuf,outbuf,size,dum_buffsize);
2945 CHECK_FSP(fsp,conn);
2946 if (!CHECK_WRITE(fsp)) {
2947 return(ERROR_DOS(ERRDOS,ERRbadaccess));
2950 numtowrite = SVAL(inbuf,smb_vwv1);
2951 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
2952 data = smb_buf(inbuf) + 3;
2954 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
2955 END_PROFILE(SMBwrite);
2956 return ERROR_DOS(ERRDOS,ERRlock);
2960 * X/Open SMB protocol says that if smb_vwv1 is
2961 * zero then the file size should be extended or
2962 * truncated to the size given in smb_vwv[2-3].
2965 if(numtowrite == 0) {
2967 * This is actually an allocate call, and set EOF. JRA.
2969 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
2971 END_PROFILE(SMBwrite);
2972 return ERROR_NT(NT_STATUS_DISK_FULL);
2974 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
2976 END_PROFILE(SMBwrite);
2977 return ERROR_NT(NT_STATUS_DISK_FULL);
2980 nwritten = write_file(fsp,data,startpos,numtowrite);
2982 sync_file(conn, fsp, False);
2984 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
2985 END_PROFILE(SMBwrite);
2986 return(UNIXERROR(ERRHRD,ERRdiskfull));
2989 outsize = set_message(outbuf,1,0,True);
2991 SSVAL(outbuf,smb_vwv0,nwritten);
2993 if (nwritten < (ssize_t)numtowrite) {
2994 SCVAL(outbuf,smb_rcls,ERRHRD);
2995 SSVAL(outbuf,smb_err,ERRdiskfull);
2998 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3000 END_PROFILE(SMBwrite);
3004 /****************************************************************************
3005 Reply to a write and X.
3006 ****************************************************************************/
3008 int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
3010 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
3011 SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
3012 size_t numtowrite = SVAL(inbuf,smb_vwv10);
3013 BOOL write_through = BITSETW(inbuf+smb_vwv7,0);
3014 ssize_t nwritten = -1;
3015 unsigned int smb_doff = SVAL(inbuf,smb_vwv11);
3016 unsigned int smblen = smb_len(inbuf);
3018 BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
3019 START_PROFILE(SMBwriteX);
3021 /* If it's an IPC, pass off the pipe handler. */
3023 END_PROFILE(SMBwriteX);
3024 return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize);
3027 CHECK_FSP(fsp,conn);
3028 if (!CHECK_WRITE(fsp)) {
3029 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3032 set_message(outbuf,6,0,True);
3034 /* Deal with possible LARGE_WRITEX */
3036 numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
3039 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
3040 END_PROFILE(SMBwriteX);
3041 return ERROR_DOS(ERRDOS,ERRbadmem);
3044 data = smb_base(inbuf) + smb_doff;
3046 if(CVAL(inbuf,smb_wct) == 14) {
3047 #ifdef LARGE_SMB_OFF_T
3049 * This is a large offset (64 bit) write.
3051 startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv12)) << 32);
3053 #else /* !LARGE_SMB_OFF_T */
3056 * Ensure we haven't been sent a >32 bit offset.
3059 if(IVAL(inbuf,smb_vwv12) != 0) {
3060 DEBUG(0,("reply_write_and_X - large offset (%x << 32) used and we don't support \
3061 64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv12) ));
3062 END_PROFILE(SMBwriteX);
3063 return ERROR_DOS(ERRDOS,ERRbadaccess);
3066 #endif /* LARGE_SMB_OFF_T */
3069 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3070 END_PROFILE(SMBwriteX);
3071 return ERROR_DOS(ERRDOS,ERRlock);
3074 /* X/Open SMB protocol says that, unlike SMBwrite
3075 if the length is zero then NO truncation is
3076 done, just a write of zero. To truncate a file,
3079 if(numtowrite == 0) {
3083 if (schedule_aio_write_and_X(conn, inbuf, outbuf, length, bufsize,
3084 fsp,data,startpos,numtowrite)) {
3085 END_PROFILE(SMBwriteX);
3089 nwritten = write_file(fsp,data,startpos,numtowrite);
3092 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3093 END_PROFILE(SMBwriteX);
3094 return(UNIXERROR(ERRHRD,ERRdiskfull));
3097 SSVAL(outbuf,smb_vwv2,nwritten);
3099 SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1);
3101 if (nwritten < (ssize_t)numtowrite) {
3102 SCVAL(outbuf,smb_rcls,ERRHRD);
3103 SSVAL(outbuf,smb_err,ERRdiskfull);
3106 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
3107 fsp->fnum, (int)numtowrite, (int)nwritten));
3109 sync_file(conn, fsp, write_through);
3111 END_PROFILE(SMBwriteX);
3112 return chain_reply(inbuf,outbuf,length,bufsize);
3115 /****************************************************************************
3117 ****************************************************************************/
3119 int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3125 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3126 START_PROFILE(SMBlseek);
3128 CHECK_FSP(fsp,conn);
3130 flush_write_cache(fsp, SEEK_FLUSH);
3132 mode = SVAL(inbuf,smb_vwv1) & 3;
3133 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
3134 startpos = (SMB_OFF_T)IVALS(inbuf,smb_vwv2);
3143 res = fsp->fh->pos + startpos;
3154 if (umode == SEEK_END) {
3155 if((res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,startpos,umode)) == -1) {
3156 if(errno == EINVAL) {
3157 SMB_OFF_T current_pos = startpos;
3158 SMB_STRUCT_STAT sbuf;
3160 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd, &sbuf) == -1) {
3161 END_PROFILE(SMBlseek);
3162 return(UNIXERROR(ERRDOS,ERRnoaccess));
3165 current_pos += sbuf.st_size;
3167 res = SMB_VFS_LSEEK(fsp,fsp->fh->fd,0,SEEK_SET);
3172 END_PROFILE(SMBlseek);
3173 return(UNIXERROR(ERRDOS,ERRnoaccess));
3179 outsize = set_message(outbuf,2,0,True);
3180 SIVAL(outbuf,smb_vwv0,res);
3182 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
3183 fsp->fnum, (double)startpos, (double)res, mode));
3185 END_PROFILE(SMBlseek);
3189 /****************************************************************************
3191 ****************************************************************************/
3193 int reply_flush(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
3195 int outsize = set_message(outbuf,0,0,False);
3196 uint16 fnum = SVAL(inbuf,smb_vwv0);
3197 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3198 START_PROFILE(SMBflush);
3201 CHECK_FSP(fsp,conn);
3204 file_sync_all(conn);
3206 sync_file(conn,fsp, True);
3209 DEBUG(3,("flush\n"));
3210 END_PROFILE(SMBflush);
3214 /****************************************************************************
3216 conn POINTER CAN BE NULL HERE !
3217 ****************************************************************************/
3219 int reply_exit(connection_struct *conn,
3220 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3223 START_PROFILE(SMBexit);
3225 file_close_pid(SVAL(inbuf,smb_pid),SVAL(inbuf,smb_uid));
3227 outsize = set_message(outbuf,0,0,False);
3229 DEBUG(3,("exit\n"));
3231 END_PROFILE(SMBexit);
3235 /****************************************************************************
3236 Reply to a close - has to deal with closing a directory opened by NT SMB's.
3237 ****************************************************************************/
3239 int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size,
3244 int32 eclass = 0, err = 0;
3245 files_struct *fsp = NULL;
3246 START_PROFILE(SMBclose);
3248 outsize = set_message(outbuf,0,0,False);
3250 /* If it's an IPC, pass off to the pipe handler. */
3252 END_PROFILE(SMBclose);
3253 return reply_pipe_close(conn, inbuf,outbuf);
3256 fsp = file_fsp(inbuf,smb_vwv0);
3259 * We can only use CHECK_FSP if we know it's not a directory.
3262 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
3263 END_PROFILE(SMBclose);
3264 return ERROR_DOS(ERRDOS,ERRbadfid);
3267 if(fsp->is_directory) {
3269 * Special case - close NT SMB directory handle.
3271 DEBUG(3,("close %s fnum=%d\n", fsp->is_directory ? "directory" : "stat file open", fsp->fnum));
3272 close_file(fsp,NORMAL_CLOSE);
3275 * Close ordinary file.
3280 /* Save the name for time set in close. */
3281 pstrcpy( file_name, fsp->fsp_name);
3283 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
3284 fsp->fh->fd, fsp->fnum,
3285 conn->num_files_open));
3288 * Take care of any time sent in the close.
3291 mtime = srv_make_unix_date3(inbuf+smb_vwv1);
3292 fsp_set_pending_modtime(fsp, mtime);
3295 * close_file() returns the unix errno if an error
3296 * was detected on close - normally this is due to
3297 * a disk full error. If not then it was probably an I/O error.
3300 if((close_err = close_file(fsp,NORMAL_CLOSE)) != 0) {
3302 END_PROFILE(SMBclose);
3303 return (UNIXERROR(ERRHRD,ERRgeneral));
3307 /* We have a cached error */
3309 END_PROFILE(SMBclose);
3310 return ERROR_DOS(eclass,err);
3313 END_PROFILE(SMBclose);
3317 /****************************************************************************
3318 Reply to a writeclose (Core+ protocol).
3319 ****************************************************************************/
3321 int reply_writeclose(connection_struct *conn,
3322 char *inbuf,char *outbuf, int size, int dum_buffsize)
3325 ssize_t nwritten = -1;
3331 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3332 START_PROFILE(SMBwriteclose);
3334 CHECK_FSP(fsp,conn);
3335 if (!CHECK_WRITE(fsp)) {
3336 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3339 numtowrite = SVAL(inbuf,smb_vwv1);
3340 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
3341 mtime = srv_make_unix_date3(inbuf+smb_vwv4);
3342 data = smb_buf(inbuf) + 1;
3344 if (numtowrite && is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3345 END_PROFILE(SMBwriteclose);
3346 return ERROR_DOS(ERRDOS,ERRlock);
3349 nwritten = write_file(fsp,data,startpos,numtowrite);
3351 set_filetime(conn, fsp->fsp_name,mtime);
3354 * More insanity. W2K only closes the file if writelen > 0.
3359 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
3361 close_err = close_file(fsp,NORMAL_CLOSE);
3364 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
3365 fsp->fnum, (int)numtowrite, (int)nwritten,
3366 conn->num_files_open));
3368 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3369 END_PROFILE(SMBwriteclose);
3370 return(UNIXERROR(ERRHRD,ERRdiskfull));
3373 if(close_err != 0) {
3375 END_PROFILE(SMBwriteclose);
3376 return(UNIXERROR(ERRHRD,ERRgeneral));
3379 outsize = set_message(outbuf,1,0,True);
3381 SSVAL(outbuf,smb_vwv0,nwritten);
3382 END_PROFILE(SMBwriteclose);
3387 #define DBGC_CLASS DBGC_LOCKING
3389 /****************************************************************************
3391 ****************************************************************************/
3393 int reply_lock(connection_struct *conn,
3394 char *inbuf,char *outbuf, int length, int dum_buffsize)
3396 int outsize = set_message(outbuf,0,0,False);
3397 SMB_BIG_UINT count,offset;
3399 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3400 struct byte_range_lock *br_lck = NULL;
3402 START_PROFILE(SMBlock);
3404 CHECK_FSP(fsp,conn);
3406 release_level_2_oplocks_on_change(fsp);
3408 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3409 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3411 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3412 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
3414 br_lck = do_lock(fsp,
3415 (uint32)SVAL(inbuf,smb_pid),
3420 False, /* Non-blocking lock. */
3423 TALLOC_FREE(br_lck);
3425 if (NT_STATUS_V(status)) {
3426 END_PROFILE(SMBlock);
3427 return ERROR_NT(status);
3430 END_PROFILE(SMBlock);
3434 /****************************************************************************
3436 ****************************************************************************/
3438 int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size,
3441 int outsize = set_message(outbuf,0,0,False);
3442 SMB_BIG_UINT count,offset;
3444 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3445 START_PROFILE(SMBunlock);
3447 CHECK_FSP(fsp,conn);
3449 count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
3450 offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
3452 status = do_unlock(fsp,
3453 (uint32)SVAL(inbuf,smb_pid),
3458 if (NT_STATUS_V(status)) {
3459 END_PROFILE(SMBunlock);
3460 return ERROR_NT(status);
3463 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
3464 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
3466 END_PROFILE(SMBunlock);
3471 #define DBGC_CLASS DBGC_ALL
3473 /****************************************************************************
3475 conn POINTER CAN BE NULL HERE !
3476 ****************************************************************************/
3478 int reply_tdis(connection_struct *conn,
3479 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3481 int outsize = set_message(outbuf,0,0,False);
3483 START_PROFILE(SMBtdis);
3485 vuid = SVAL(inbuf,smb_uid);
3488 DEBUG(4,("Invalid connection in tdis\n"));
3489 END_PROFILE(SMBtdis);
3490 return ERROR_DOS(ERRSRV,ERRinvnid);
3495 close_cnum(conn,vuid);
3497 END_PROFILE(SMBtdis);
3501 /****************************************************************************
3503 conn POINTER CAN BE NULL HERE !
3504 ****************************************************************************/
3506 int reply_echo(connection_struct *conn,
3507 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3509 int smb_reverb = SVAL(inbuf,smb_vwv0);
3511 unsigned int data_len = smb_buflen(inbuf);
3512 int outsize = set_message(outbuf,1,data_len,True);
3513 START_PROFILE(SMBecho);
3515 if (data_len > BUFFER_SIZE) {
3516 DEBUG(0,("reply_echo: data_len too large.\n"));
3517 END_PROFILE(SMBecho);
3521 /* copy any incoming data back out */
3523 memcpy(smb_buf(outbuf),smb_buf(inbuf),data_len);
3525 if (smb_reverb > 100) {
3526 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
3530 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
3531 SSVAL(outbuf,smb_vwv0,seq_num);
3533 smb_setlen(outbuf,outsize - 4);
3536 if (!send_smb(smbd_server_fd(),outbuf))
3537 exit_server("reply_echo: send_smb failed.");
3540 DEBUG(3,("echo %d times\n", smb_reverb));
3544 END_PROFILE(SMBecho);
3548 /****************************************************************************
3549 Reply to a printopen.
3550 ****************************************************************************/
3552 int reply_printopen(connection_struct *conn,
3553 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3559 START_PROFILE(SMBsplopen);
3561 if (!CAN_PRINT(conn)) {
3562 END_PROFILE(SMBsplopen);
3563 return ERROR_DOS(ERRDOS,ERRnoaccess);
3566 /* Open for exclusive use, write only. */
3567 status = print_fsp_open(conn, NULL, &fsp);
3569 if (!NT_STATUS_IS_OK(status)) {
3570 END_PROFILE(SMBsplopen);
3571 return(ERROR_NT(status));
3574 outsize = set_message(outbuf,1,0,True);
3575 SSVAL(outbuf,smb_vwv0,fsp->fnum);
3577 DEBUG(3,("openprint fd=%d fnum=%d\n",
3578 fsp->fh->fd, fsp->fnum));
3580 END_PROFILE(SMBsplopen);
3584 /****************************************************************************
3585 Reply to a printclose.
3586 ****************************************************************************/
3588 int reply_printclose(connection_struct *conn,
3589 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3591 int outsize = set_message(outbuf,0,0,False);
3592 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3594 START_PROFILE(SMBsplclose);
3596 CHECK_FSP(fsp,conn);
3598 if (!CAN_PRINT(conn)) {
3599 END_PROFILE(SMBsplclose);
3600 return ERROR_NT(NT_STATUS_UNSUCCESSFUL);
3603 DEBUG(3,("printclose fd=%d fnum=%d\n",
3604 fsp->fh->fd,fsp->fnum));
3606 close_err = close_file(fsp,NORMAL_CLOSE);
3608 if(close_err != 0) {
3610 END_PROFILE(SMBsplclose);
3611 return(UNIXERROR(ERRHRD,ERRgeneral));
3614 END_PROFILE(SMBsplclose);
3618 /****************************************************************************
3619 Reply to a printqueue.
3620 ****************************************************************************/
3622 int reply_printqueue(connection_struct *conn,
3623 char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3625 int outsize = set_message(outbuf,2,3,True);
3626 int max_count = SVAL(inbuf,smb_vwv0);
3627 int start_index = SVAL(inbuf,smb_vwv1);
3628 START_PROFILE(SMBsplretq);
3630 /* we used to allow the client to get the cnum wrong, but that
3631 is really quite gross and only worked when there was only
3632 one printer - I think we should now only accept it if they
3633 get it right (tridge) */
3634 if (!CAN_PRINT(conn)) {
3635 END_PROFILE(SMBsplretq);
3636 return ERROR_DOS(ERRDOS,ERRnoaccess);
3639 SSVAL(outbuf,smb_vwv0,0);
3640 SSVAL(outbuf,smb_vwv1,0);
3641 SCVAL(smb_buf(outbuf),0,1);
3642 SSVAL(smb_buf(outbuf),1,0);
3644 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
3645 start_index, max_count));
3648 print_queue_struct *queue = NULL;
3649 print_status_struct status;
3650 char *p = smb_buf(outbuf) + 3;
3651 int count = print_queue_status(SNUM(conn), &queue, &status);
3652 int num_to_get = ABS(max_count);
3653 int first = (max_count>0?start_index:start_index+max_count+1);
3659 num_to_get = MIN(num_to_get,count-first);
3662 for (i=first;i<first+num_to_get;i++) {
3663 srv_put_dos_date2(p,0,queue[i].time);
3664 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
3665 SSVAL(p,5, queue[i].job);
3666 SIVAL(p,7,queue[i].size);
3668 srvstr_push(outbuf, p+12, queue[i].fs_user, 16, STR_ASCII);
3673 outsize = set_message(outbuf,2,28*count+3,False);
3674 SSVAL(outbuf,smb_vwv0,count);
3675 SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1));
3676 SCVAL(smb_buf(outbuf),0,1);
3677 SSVAL(smb_buf(outbuf),1,28*count);
3682 DEBUG(3,("%d entries returned in queue\n",count));
3685 END_PROFILE(SMBsplretq);
3689 /****************************************************************************
3690 Reply to a printwrite.
3691 ****************************************************************************/
3693 int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3696 int outsize = set_message(outbuf,0,0,False);
3698 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
3700 START_PROFILE(SMBsplwr);
3702 if (!CAN_PRINT(conn)) {
3703 END_PROFILE(SMBsplwr);
3704 return ERROR_DOS(ERRDOS,ERRnoaccess);
3707 CHECK_FSP(fsp,conn);
3708 if (!CHECK_WRITE(fsp)) {
3709 return(ERROR_DOS(ERRDOS,ERRbadaccess));
3712 numtowrite = SVAL(smb_buf(inbuf),1);
3713 data = smb_buf(inbuf) + 3;
3715 if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
3716 END_PROFILE(SMBsplwr);
3717 return(UNIXERROR(ERRHRD,ERRdiskfull));
3720 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
3722 END_PROFILE(SMBsplwr);
3726 /****************************************************************************
3727 The guts of the mkdir command, split out so it may be called by the NT SMB
3729 ****************************************************************************/
3731 NTSTATUS mkdir_internal(connection_struct *conn, const pstring directory, BOOL bad_path)
3735 if(!CAN_WRITE(conn)) {
3736 DEBUG(5,("mkdir_internal: failing create on read-only share %s\n", lp_servicename(SNUM(conn))));
3738 return map_nt_error_from_unix(errno);
3742 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
3745 if (!check_name(directory, conn)) {
3746 if(errno == ENOENT) {
3748 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
3750 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3753 return map_nt_error_from_unix(errno);
3756 ret = vfs_MkDir(conn,directory,unix_mode(conn,aDIR,directory,True));
3758 if(errno == ENOENT) {
3759 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3761 return map_nt_error_from_unix(errno);
3764 return NT_STATUS_OK;
3767 /****************************************************************************
3769 ****************************************************************************/
3771 int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3776 BOOL bad_path = False;
3777 SMB_STRUCT_STAT sbuf;
3779 START_PROFILE(SMBmkdir);
3781 srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, &status);
3782 if (!NT_STATUS_IS_OK(status)) {
3783 END_PROFILE(SMBmkdir);
3784 return ERROR_NT(status);
3787 RESOLVE_DFSPATH(directory, conn, inbuf, outbuf);
3789 unix_convert(directory,conn,0,&bad_path,&sbuf);
3791 if( is_ntfs_stream_name(directory)) {
3792 DEBUG(5,("reply_mkdir: failing create on filename %s with colon in name\n", directory));
3793 END_PROFILE(SMBmkdir);
3794 return ERROR_NT(NT_STATUS_NOT_A_DIRECTORY);
3797 status = mkdir_internal(conn, directory,bad_path);
3798 if (!NT_STATUS_IS_OK(status)) {
3800 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION) &&
3803 * Yes, in the DOS error code case we get a
3804 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
3805 * samba4 torture test.
3807 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
3810 END_PROFILE(SMBmkdir);
3811 return ERROR_NT(status);
3814 if (lp_inherit_owner(SNUM(conn))) {
3815 /* Ensure we're checking for a symlink here.... */
3816 /* We don't want to get caught by a symlink racer. */
3818 if(SMB_VFS_LSTAT(conn,directory, &sbuf) != 0) {
3819 END_PROFILE(SMBmkdir);
3820 return(UNIXERROR(ERRDOS,ERRnoaccess));
3823 if(!S_ISDIR(sbuf.st_mode)) {
3824 DEBUG(0,("reply_mkdir: %s is not a directory !\n", directory ));
3825 END_PROFILE(SMBmkdir);
3826 return(UNIXERROR(ERRDOS,ERRnoaccess));
3829 change_owner_to_parent(conn, NULL, directory, &sbuf);
3832 outsize = set_message(outbuf,0,0,False);
3834 DEBUG( 3, ( "mkdir %s ret=%d\n", directory, outsize ) );
3836 END_PROFILE(SMBmkdir);
3840 /****************************************************************************
3841 Static function used by reply_rmdir to delete an entire directory
3842 tree recursively. Return False on ok, True on fail.
3843 ****************************************************************************/
3845 static BOOL recursive_rmdir(connection_struct *conn, char *directory)
3847 const char *dname = NULL;
3850 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
3855 while((dname = ReadDirName(dir_hnd, &offset))) {
3859 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3862 if (!is_visible_file(conn, directory, dname, &st, False))
3865 /* Construct the full name. */
3866 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
3872 pstrcpy(fullname, directory);
3873 pstrcat(fullname, "/");
3874 pstrcat(fullname, dname);
3876 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
3881 if(st.st_mode & S_IFDIR) {
3882 if(recursive_rmdir(conn, fullname)!=0) {
3886 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
3890 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
3899 /****************************************************************************
3900 The internals of the rmdir code - called elsewhere.
3901 ****************************************************************************/
3903 BOOL rmdir_internals(connection_struct *conn, char *directory)
3908 ok = (SMB_VFS_RMDIR(conn,directory) == 0);
3909 if(!ok && ((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
3911 * Check to see if the only thing in this directory are
3912 * vetoed files/directories. If so then delete them and
3913 * retry. If we fail to delete any of them (and we *don't*
3914 * do a recursive delete) then fail the rmdir.
3916 BOOL all_veto_files = True;
3918 struct smb_Dir *dir_hnd = OpenDir(conn, directory, NULL, 0);
3920 if(dir_hnd != NULL) {
3922 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
3923 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3925 if (!is_visible_file(conn, directory, dname, &st, False))
3927 if(!IS_VETO_PATH(conn, dname)) {
3928 all_veto_files = False;
3933 if(all_veto_files) {
3934 RewindDir(dir_hnd,&dirpos);
3935 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
3938 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
3940 if (!is_visible_file(conn, directory, dname, &st, False))
3943 /* Construct the full name. */
3944 if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
3949 pstrcpy(fullname, directory);
3950 pstrcat(fullname, "/");
3951 pstrcat(fullname, dname);
3953 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0)
3955 if(st.st_mode & S_IFDIR) {
3956 if(lp_recursive_veto_delete(SNUM(conn))) {
3957 if(recursive_rmdir(conn, fullname) != 0)
3960 if(SMB_VFS_RMDIR(conn,fullname) != 0)
3962 } else if(SMB_VFS_UNLINK(conn,fullname) != 0)
3966 /* Retry the rmdir */
3967 ok = (SMB_VFS_RMDIR(conn,directory) == 0);
3977 DEBUG(3,("rmdir_internals: couldn't remove directory %s : %s\n", directory,strerror(errno)));
3982 /****************************************************************************
3984 ****************************************************************************/
3986 int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
3991 BOOL bad_path = False;
3992 SMB_STRUCT_STAT sbuf;
3994 START_PROFILE(SMBrmdir);
3996 srvstr_get_path(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, &status);
3997 if (!NT_STATUS_IS_OK(status)) {
3998 END_PROFILE(SMBrmdir);
3999 return ERROR_NT(status);
4002 RESOLVE_DFSPATH(directory, conn, inbuf, outbuf)
4004 unix_convert(directory,conn, NULL,&bad_path,&sbuf);
4006 END_PROFILE(SMBrmdir);
4007 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
4010 if (check_name(directory,conn)) {
4011 dptr_closepath(directory,SVAL(inbuf,smb_pid));
4012 ok = rmdir_internals(conn, directory);
4016 END_PROFILE(SMBrmdir);
4017 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS, ERRbadpath);
4020 outsize = set_message(outbuf,0,0,False);
4022 DEBUG( 3, ( "rmdir %s\n", directory ) );
4024 END_PROFILE(SMBrmdir);
4028 /*******************************************************************
4029 Resolve wildcards in a filename rename.
4030 Note that name is in UNIX charset and thus potentially can be more
4031 than fstring buffer (255 bytes) especially in default UTF-8 case.
4032 Therefore, we use pstring inside and all calls should ensure that
4033 name2 is at least pstring-long (they do already)
4034 ********************************************************************/
4036 static BOOL resolve_wildcards(const char *name1, char *name2)
4038 pstring root1,root2;
4040 char *p,*p2, *pname1, *pname2;
4041 int available_space, actual_space;
4044 pname1 = strrchr_m(name1,'/');
4045 pname2 = strrchr_m(name2,'/');
4047 if (!pname1 || !pname2)
4050 pstrcpy(root1,pname1);
4051 pstrcpy(root2,pname2);
4052 p = strrchr_m(root1,'.');
4059 p = strrchr_m(root2,'.');
4073 } else if (*p2 == '*') {
4089 } else if (*p2 == '*') {
4099 available_space = sizeof(pstring) - PTR_DIFF(pname2, name2);
4102 actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
4103 if (actual_space >= available_space - 1) {
4104 DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n",
4105 actual_space - available_space));
4108 pstrcpy_base(pname2, root2, name2);
4114 /****************************************************************************
4115 Ensure open files have their names updated. Updated to notify other smbd's
4117 ****************************************************************************/
4119 static void rename_open_files(connection_struct *conn, struct share_mode_lock *lck,
4120 SMB_DEV_T dev, SMB_INO_T inode, const char *newname)
4123 BOOL did_rename = False;
4125 for(fsp = file_find_di_first(dev, inode); fsp; fsp = file_find_di_next(fsp)) {
4126 /* fsp_name is a relative path under the fsp. To change this for other
4127 sharepaths we need to manipulate relative paths. */
4128 /* TODO - create the absolute path and manipulate the newname
4129 relative to the sharepath. */
4130 if (fsp->conn != conn) {
4133 DEBUG(10,("rename_open_files: renaming file fnum %d (dev = %x, inode = %.0f) from %s -> %s\n",
4134 fsp->fnum, (unsigned int)fsp->dev, (double)fsp->inode,
4135 fsp->fsp_name, newname ));
4136 string_set(&fsp->fsp_name, newname);
4141 DEBUG(10,("rename_open_files: no open files on dev %x, inode %.0f for %s\n",
4142 (unsigned int)dev, (double)inode, newname ));
4145 /* Send messages to all smbd's (not ourself) that the name has changed. */
4146 rename_share_filename(lck, conn->connectpath, newname);
4149 /****************************************************************************
4150 We need to check if the source path is a parent directory of the destination
4151 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
4152 refuse the rename with a sharing violation. Under UNIX the above call can
4153 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
4154 probably need to check that the client is a Windows one before disallowing
4155 this as a UNIX client (one with UNIX extensions) can know the source is a
4156 symlink and make this decision intelligently. Found by an excellent bug
4157 report from <AndyLiebman@aol.com>.
4158 ****************************************************************************/
4160 static BOOL rename_path_prefix_equal(const char *src, const char *dest)
4162 const char *psrc = src;
4163 const char *pdst = dest;
4166 if (psrc[0] == '.' && psrc[1] == '/') {
4169 if (pdst[0] == '.' && pdst[1] == '/') {
4172 if ((slen = strlen(psrc)) > strlen(pdst)) {
4175 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
4178 /****************************************************************************
4179 Rename an open file - given an fsp.
4180 ****************************************************************************/
4182 NTSTATUS rename_internals_fsp(connection_struct *conn, files_struct *fsp, char *newname, uint32 attrs, BOOL replace_if_exists)
4184 SMB_STRUCT_STAT sbuf;
4185 BOOL bad_path = False;
4186 pstring newname_last_component;
4187 NTSTATUS error = NT_STATUS_OK;
4190 struct share_mode_lock *lck = NULL;
4193 rcdest = unix_convert(newname,conn,newname_last_component,&bad_path,&sbuf);
4195 /* Quick check for "." and ".." */
4196 if (!bad_path && newname_last_component[0] == '.') {
4197 if (!newname_last_component[1] || (newname_last_component[1] == '.' && !newname_last_component[2])) {
4198 return NT_STATUS_ACCESS_DENIED;
4201 if (!rcdest && bad_path) {
4202 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4205 /* Ensure newname contains a '/' */
4206 if(strrchr_m(newname,'/') == 0) {
4209 pstrcpy(tmpstr, "./");
4210 pstrcat(tmpstr, newname);
4211 pstrcpy(newname, tmpstr);
4215 * Check for special case with case preserving and not
4216 * case sensitive. If the old last component differs from the original
4217 * last component only by case, then we should allow
4218 * the rename (user is trying to change the case of the
4222 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
4223 strequal(newname, fsp->fsp_name)) {
4225 pstring newname_modified_last_component;
4228 * Get the last component of the modified name.
4229 * Note that we guarantee that newname contains a '/'
4232 p = strrchr_m(newname,'/');
4233 pstrcpy(newname_modified_last_component,p+1);
4235 if(strcsequal(newname_modified_last_component,
4236 newname_last_component) == False) {
4238 * Replace the modified last component with
4241 pstrcpy(p+1, newname_last_component);
4246 * If the src and dest names are identical - including case,
4247 * don't do the rename, just return success.
4250 if (strcsequal(fsp->fsp_name, newname)) {
4251 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
4253 return NT_STATUS_OK;
4256 dest_exists = vfs_object_exist(conn,newname,NULL);
4258 if(!replace_if_exists && dest_exists) {
4259 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
4260 fsp->fsp_name,newname));
4261 return NT_STATUS_OBJECT_NAME_COLLISION;
4264 error = can_rename(conn,newname,attrs,&sbuf);
4266 if (dest_exists && !NT_STATUS_IS_OK(error)) {
4267 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4268 nt_errstr(error), fsp->fsp_name,newname));
4269 if (NT_STATUS_EQUAL(error,NT_STATUS_SHARING_VIOLATION))
4270 error = NT_STATUS_ACCESS_DENIED;
4274 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
4275 return NT_STATUS_ACCESS_DENIED;
4278 lck = get_share_mode_lock(NULL, fsp->dev, fsp->inode, NULL, NULL);
4280 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
4281 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
4282 fsp->fsp_name,newname));
4283 rename_open_files(conn, lck, fsp->dev, fsp->inode, newname);
4285 return NT_STATUS_OK;
4290 if (errno == ENOTDIR || errno == EISDIR) {
4291 error = NT_STATUS_OBJECT_NAME_COLLISION;
4293 error = map_nt_error_from_unix(errno);
4296 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
4297 nt_errstr(error), fsp->fsp_name,newname));
4302 /****************************************************************************
4303 The guts of the rename command, split out so it may be called by the NT SMB
4305 ****************************************************************************/
4307 NTSTATUS rename_internals(connection_struct *conn, char *name, char *newname, uint32 attrs, BOOL replace_if_exists, BOOL has_wild)
4311 pstring last_component_src;
4312 pstring last_component_dest;
4314 BOOL bad_path_src = False;
4315 BOOL bad_path_dest = False;
4317 NTSTATUS error = NT_STATUS_OK;
4320 SMB_STRUCT_STAT sbuf1, sbuf2;
4321 struct share_mode_lock *lck = NULL;
4323 *directory = *mask = 0;
4328 rc = unix_convert(name,conn,last_component_src,&bad_path_src,&sbuf1);
4329 if (!rc && bad_path_src) {
4330 if (ms_has_wild(last_component_src))
4331 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4332 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4335 /* Quick check for "." and ".." */
4336 if (last_component_src[0] == '.') {
4337 if (!last_component_src[1] || (last_component_src[1] == '.' && !last_component_src[2])) {
4338 return NT_STATUS_OBJECT_NAME_INVALID;
4342 rcdest = unix_convert(newname,conn,last_component_dest,&bad_path_dest,&sbuf2);
4344 /* Quick check for "." and ".." */
4345 if (last_component_dest[0] == '.') {
4346 if (!last_component_dest[1] || (last_component_dest[1] == '.' && !last_component_dest[2])) {
4347 return NT_STATUS_OBJECT_NAME_INVALID;
4352 * Split the old name into directory and last component
4353 * strings. Note that unix_convert may have stripped off a
4354 * leading ./ from both name and newname if the rename is
4355 * at the root of the share. We need to make sure either both
4356 * name and newname contain a / character or neither of them do
4357 * as this is checked in resolve_wildcards().
4360 p = strrchr_m(name,'/');
4362 pstrcpy(directory,".");
4366 pstrcpy(directory,name);
4368 *p = '/'; /* Replace needed for exceptional test below. */
4372 * We should only check the mangled cache
4373 * here if unix_convert failed. This means
4374 * that the path in 'mask' doesn't exist
4375 * on the file system and so we need to look
4376 * for a possible mangle. This patch from
4377 * Tine Smukavec <valentin.smukavec@hermes.si>.
4380 if (!rc && mangle_is_mangled(mask, conn->params))
4381 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
4385 * No wildcards - just process the one file.
4387 BOOL is_short_name = mangle_is_8_3(name, True, conn->params);
4389 /* Add a terminating '/' to the directory name. */
4390 pstrcat(directory,"/");
4391 pstrcat(directory,mask);
4393 /* Ensure newname contains a '/' also */
4394 if(strrchr_m(newname,'/') == 0) {
4397 pstrcpy(tmpstr, "./");
4398 pstrcat(tmpstr, newname);
4399 pstrcpy(newname, tmpstr);
4402 DEBUG(3,("rename_internals: case_sensitive = %d, case_preserve = %d, short case preserve = %d, \
4403 directory = %s, newname = %s, last_component_dest = %s, is_8_3 = %d\n",
4404 conn->case_sensitive, conn->case_preserve, conn->short_case_preserve, directory,
4405 newname, last_component_dest, is_short_name));
4408 * Check for special case with case preserving and not
4409 * case sensitive, if directory and newname are identical,
4410 * and the old last component differs from the original
4411 * last component only by case, then we should allow
4412 * the rename (user is trying to change the case of the
4415 if((conn->case_sensitive == False) &&
4416 (((conn->case_preserve == True) &&
4417 (is_short_name == False)) ||
4418 ((conn->short_case_preserve == True) &&
4419 (is_short_name == True))) &&
4420 strcsequal(directory, newname)) {
4421 pstring modified_last_component;
4424 * Get the last component of the modified name.
4425 * Note that we guarantee that newname contains a '/'
4428 p = strrchr_m(newname,'/');
4429 pstrcpy(modified_last_component,p+1);
4431 if(strcsequal(modified_last_component,
4432 last_component_dest) == False) {
4434 * Replace the modified last component with
4437 pstrcpy(p+1, last_component_dest);
4441 resolve_wildcards(directory,newname);
4444 * The source object must exist.
4447 if (!vfs_object_exist(conn, directory, &sbuf1)) {
4448 DEBUG(3,("rename_internals: source doesn't exist doing rename %s -> %s\n",
4449 directory,newname));
4451 if (errno == ENOTDIR || errno == EISDIR || errno == ENOENT) {
4453 * Must return different errors depending on whether the parent
4454 * directory existed or not.
4457 p = strrchr_m(directory, '/');
4459 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4461 if (vfs_object_exist(conn, directory, NULL))
4462 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4463 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4465 error = map_nt_error_from_unix(errno);
4466 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4467 nt_errstr(error), directory,newname));
4472 if (!rcdest && bad_path_dest) {
4473 if (ms_has_wild(last_component_dest))
4474 return NT_STATUS_OBJECT_NAME_INVALID;
4475 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4478 error = can_rename(conn,directory,attrs,&sbuf1);
4480 if (!NT_STATUS_IS_OK(error)) {
4481 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4482 nt_errstr(error), directory,newname));
4487 * If the src and dest names are identical - including case,
4488 * don't do the rename, just return success.
4491 if (strcsequal(directory, newname)) {
4492 rename_open_files(conn, NULL, sbuf1.st_dev, sbuf1.st_ino, newname);
4493 DEBUG(3,("rename_internals: identical names in rename %s - returning success\n", directory));
4494 return NT_STATUS_OK;
4497 if(!replace_if_exists && vfs_object_exist(conn,newname,NULL)) {
4498 DEBUG(3,("rename_internals: dest exists doing rename %s -> %s\n",
4499 directory,newname));
4500 return NT_STATUS_OBJECT_NAME_COLLISION;
4503 if (rename_path_prefix_equal(directory, newname)) {
4504 return NT_STATUS_SHARING_VIOLATION;
4507 lck = get_share_mode_lock(NULL, sbuf1.st_dev, sbuf1.st_ino, NULL, NULL);
4509 if(SMB_VFS_RENAME(conn,directory, newname) == 0) {
4510 DEBUG(3,("rename_internals: succeeded doing rename on %s -> %s\n",
4511 directory,newname));
4512 rename_open_files(conn, lck, sbuf1.st_dev, sbuf1.st_ino, newname);
4514 return NT_STATUS_OK;
4518 if (errno == ENOTDIR || errno == EISDIR)
4519 error = NT_STATUS_OBJECT_NAME_COLLISION;
4521 error = map_nt_error_from_unix(errno);
4523 DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
4524 nt_errstr(error), directory,newname));
4529 * Wildcards - process each file that matches.
4531 struct smb_Dir *dir_hnd = NULL;
4535 if (strequal(mask,"????????.???"))
4538 if (check_name(directory,conn))
4539 dir_hnd = OpenDir(conn, directory, mask, attrs);
4543 error = NT_STATUS_NO_SUCH_FILE;
4544 /* Was error = NT_STATUS_OBJECT_NAME_NOT_FOUND; - gentest fix. JRA */
4546 while ((dname = ReadDirName(dir_hnd, &offset))) {
4548 BOOL sysdir_entry = False;
4550 pstrcpy(fname,dname);
4552 /* Quick check for "." and ".." */
4553 if (fname[0] == '.') {
4554 if (!fname[1] || (fname[1] == '.' && !fname[2])) {
4556 sysdir_entry = True;
4563 if (!is_visible_file(conn, directory, dname, &sbuf1, False))
4566 if(!mask_match(fname, mask, conn->case_sensitive))
4570 error = NT_STATUS_OBJECT_NAME_INVALID;
4574 error = NT_STATUS_ACCESS_DENIED;
4575 slprintf(fname,sizeof(fname)-1,"%s/%s",directory,dname);
4576 if (!vfs_object_exist(conn, fname, &sbuf1)) {
4577 error = NT_STATUS_OBJECT_NAME_NOT_FOUND;
4578 DEBUG(6,("rename %s failed. Error %s\n", fname, nt_errstr(error)));
4581 error = can_rename(conn,fname,attrs,&sbuf1);
4582 if (!NT_STATUS_IS_OK(error)) {
4583 DEBUG(6,("rename %s refused\n", fname));
4586 pstrcpy(destname,newname);
4588 if (!resolve_wildcards(fname,destname)) {
4589 DEBUG(6,("resolve_wildcards %s %s failed\n",
4594 if (strcsequal(fname,destname)) {
4595 rename_open_files(conn, NULL, sbuf1.st_dev, sbuf1.st_ino, newname);
4596 DEBUG(3,("rename_internals: identical names in wildcard rename %s - success\n", fname));
4598 error = NT_STATUS_OK;
4602 if (!replace_if_exists &&
4603 vfs_file_exist(conn,destname, NULL)) {
4604 DEBUG(6,("file_exist %s\n", destname));
4605 error = NT_STATUS_OBJECT_NAME_COLLISION;
4609 if (rename_path_prefix_equal(fname, destname)) {
4610 return NT_STATUS_SHARING_VIOLATION;
4613 lck = get_share_mode_lock(NULL, sbuf1.st_dev, sbuf1.st_ino, NULL, NULL);
4615 if (!SMB_VFS_RENAME(conn,fname,destname)) {
4616 rename_open_files(conn, lck, sbuf1.st_dev, sbuf1.st_ino, newname);
4618 error = NT_STATUS_OK;
4621 DEBUG(3,("rename_internals: doing rename on %s -> %s\n",fname,destname));
4626 if (!NT_STATUS_EQUAL(error,NT_STATUS_NO_SUCH_FILE)) {
4627 if (!rcdest && bad_path_dest) {
4628 if (ms_has_wild(last_component_dest))
4629 return NT_STATUS_OBJECT_NAME_INVALID;
4630 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
4635 if (count == 0 && NT_STATUS_IS_OK(error)) {
4636 error = map_nt_error_from_unix(errno);
4642 /****************************************************************************
4644 ****************************************************************************/
4646 int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
4653 uint32 attrs = SVAL(inbuf,smb_vwv0);
4655 BOOL path_contains_wcard = False;
4657 START_PROFILE(SMBmv);
4659 p = smb_buf(inbuf) + 1;
4660 p += srvstr_get_path_wcard(inbuf, name, p, sizeof(name), 0, STR_TERMINATE, &status, &path_contains_wcard);
4661 if (!NT_STATUS_IS_OK(status)) {
4663 return ERROR_NT(status);
4666 p += srvstr_get_path(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status);
4667 if (!NT_STATUS_IS_OK(status)) {
4669 return ERROR_NT(status);
4672 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
4673 RESOLVE_DFSPATH_WCARD(newname, conn, inbuf, outbuf);
4675 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
4677 status = rename_internals(conn, name, newname, attrs, False, path_contains_wcard);
4678 if (!NT_STATUS_IS_OK(status)) {
4680 if (open_was_deferred(SVAL(inbuf,smb_mid))) {
4681 /* We have re-scheduled this call. */
4684 return ERROR_NT(status);
4688 * Win2k needs a changenotify request response before it will
4689 * update after a rename..
4691 process_pending_change_notify_queue((time_t)0);
4692 outsize = set_message(outbuf,0,0,False);
4698 /*******************************************************************
4699 Copy a file as part of a reply_copy.
4700 ******************************************************************/
4702 BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun,
4703 int count,BOOL target_is_directory, int *err_ret)
4705 SMB_STRUCT_STAT src_sbuf, sbuf2;
4707 files_struct *fsp1,*fsp2;
4710 uint32 new_create_disposition;
4715 pstrcpy(dest,dest1);
4716 if (target_is_directory) {
4717 char *p = strrchr_m(src,'/');
4727 if (!vfs_file_exist(conn,src,&src_sbuf)) {
4731 if (!target_is_directory && count) {
4732 new_create_disposition = FILE_OPEN;
4734 if (!map_open_params_to_ntcreate(dest1,0,ofun,
4735 NULL, NULL, &new_create_disposition, NULL)) {
4740 status = open_file_ntcreate(conn,src,&src_sbuf,
4742 FILE_SHARE_READ|FILE_SHARE_WRITE,
4745 FILE_ATTRIBUTE_NORMAL,
4749 if (!NT_STATUS_IS_OK(status)) {
4753 dosattrs = dos_mode(conn, src, &src_sbuf);
4754 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
4755 ZERO_STRUCTP(&sbuf2);
4758 status = open_file_ntcreate(conn,dest,&sbuf2,
4760 FILE_SHARE_READ|FILE_SHARE_WRITE,
4761 new_create_disposition,
4767 if (!NT_STATUS_IS_OK(status)) {
4768 close_file(fsp1,ERROR_CLOSE);
4772 if ((ofun&3) == 1) {
4773 if(SMB_VFS_LSEEK(fsp2,fsp2->fh->fd,0,SEEK_END) == -1) {
4774 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
4776 * Stop the copy from occurring.
4779 src_sbuf.st_size = 0;
4783 if (src_sbuf.st_size) {
4784 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
4787 close_file(fsp1,NORMAL_CLOSE);
4789 /* Ensure the modtime is set correctly on the destination file. */
4790 fsp_set_pending_modtime( fsp2, src_sbuf.st_mtime);
4793 * As we are opening fsp1 read-only we only expect
4794 * an error on close on fsp2 if we are out of space.
4795 * Thus we don't look at the error return from the
4798 *err_ret = close_file(fsp2,NORMAL_CLOSE);
4800 return(ret == (SMB_OFF_T)src_sbuf.st_size);
4803 /****************************************************************************
4804 Reply to a file copy.
4805 ****************************************************************************/
4807 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4812 pstring mask,newname;
4815 int error = ERRnoaccess;
4819 int tid2 = SVAL(inbuf,smb_vwv0);
4820 int ofun = SVAL(inbuf,smb_vwv1);
4821 int flags = SVAL(inbuf,smb_vwv2);
4822 BOOL target_is_directory=False;
4823 BOOL bad_path1 = False;
4824 BOOL bad_path2 = False;
4825 BOOL path_contains_wcard1 = False;
4826 BOOL path_contains_wcard2 = False;
4828 SMB_STRUCT_STAT sbuf1, sbuf2;
4830 START_PROFILE(SMBcopy);
4832 *directory = *mask = 0;
4835 p += srvstr_get_path_wcard(inbuf, name, p, sizeof(name), 0, STR_TERMINATE, &status, &path_contains_wcard1);
4836 if (!NT_STATUS_IS_OK(status)) {
4837 END_PROFILE(SMBcopy);
4838 return ERROR_NT(status);
4840 p += srvstr_get_path_wcard(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status, &path_contains_wcard2);
4841 if (!NT_STATUS_IS_OK(status)) {
4842 END_PROFILE(SMBcopy);
4843 return ERROR_NT(status);
4846 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
4848 if (tid2 != conn->cnum) {
4849 /* can't currently handle inter share copies XXXX */
4850 DEBUG(3,("Rejecting inter-share copy\n"));
4851 END_PROFILE(SMBcopy);
4852 return ERROR_DOS(ERRSRV,ERRinvdevice);
4855 RESOLVE_DFSPATH_WCARD(name, conn, inbuf, outbuf);
4856 RESOLVE_DFSPATH_WCARD(newname, conn, inbuf, outbuf);
4858 rc = unix_convert(name,conn,0,&bad_path1,&sbuf1);
4859 unix_convert(newname,conn,0,&bad_path2,&sbuf2);
4861 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
4863 if ((flags&1) && target_is_directory) {
4864 END_PROFILE(SMBcopy);
4865 return ERROR_DOS(ERRDOS,ERRbadfile);
4868 if ((flags&2) && !target_is_directory) {
4869 END_PROFILE(SMBcopy);
4870 return ERROR_DOS(ERRDOS,ERRbadpath);
4873 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
4874 /* wants a tree copy! XXXX */
4875 DEBUG(3,("Rejecting tree copy\n"));
4876 END_PROFILE(SMBcopy);
4877 return ERROR_DOS(ERRSRV,ERRerror);
4880 p = strrchr_m(name,'/');
4882 pstrcpy(directory,"./");
4886 pstrcpy(directory,name);
4891 * We should only check the mangled cache
4892 * here if unix_convert failed. This means
4893 * that the path in 'mask' doesn't exist
4894 * on the file system and so we need to look
4895 * for a possible mangle. This patch from
4896 * Tine Smukavec <valentin.smukavec@hermes.si>.
4899 if (!rc && mangle_is_mangled(mask, conn->params))
4900 mangle_check_cache( mask, sizeof(pstring)-1, conn->params );
4902 has_wild = path_contains_wcard1;
4905 pstrcat(directory,"/");
4906 pstrcat(directory,mask);
4907 if (resolve_wildcards(directory,newname) &&
4908 copy_file(directory,newname,conn,ofun, count,target_is_directory,&err))
4912 END_PROFILE(SMBcopy);
4913 return(UNIXERROR(ERRHRD,ERRgeneral));
4916 exists = vfs_file_exist(conn,directory,NULL);
4919 struct smb_Dir *dir_hnd = NULL;
4923 if (strequal(mask,"????????.???"))
4926 if (check_name(directory,conn))
4927 dir_hnd = OpenDir(conn, directory, mask, 0);
4933 while ((dname = ReadDirName(dir_hnd, &offset))) {
4935 pstrcpy(fname,dname);
4937 if (!is_visible_file(conn, directory, dname, &sbuf1, False))
4940 if(!mask_match(fname, mask, conn->case_sensitive))
4943 error = ERRnoaccess;
4944 slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
4945 pstrcpy(destname,newname);
4946 if (resolve_wildcards(fname,destname) &&
4947 copy_file(fname,destname,conn,ofun,
4948 count,target_is_directory,&err))
4950 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname,destname));
4958 /* Error on close... */
4960 END_PROFILE(SMBcopy);
4961 return(UNIXERROR(ERRHRD,ERRgeneral));
4965 END_PROFILE(SMBcopy);
4966 return ERROR_DOS(ERRDOS,error);
4968 if((errno == ENOENT) && (bad_path1 || bad_path2) &&
4970 /* Samba 3.0.22 has ERRDOS/ERRbadpath in the
4971 * DOS error code case
4973 return ERROR_DOS(ERRDOS, ERRbadpath);
4975 END_PROFILE(SMBcopy);
4976 return(UNIXERROR(ERRDOS,error));
4980 outsize = set_message(outbuf,1,0,True);
4981 SSVAL(outbuf,smb_vwv0,count);
4983 END_PROFILE(SMBcopy);
4987 /****************************************************************************
4989 ****************************************************************************/
4991 int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
4999 START_PROFILE(pathworks_setdir);
5002 if (!CAN_SETDIR(snum)) {
5003 END_PROFILE(pathworks_setdir);
5004 return ERROR_DOS(ERRDOS,ERRnoaccess);
5007 srvstr_get_path(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), 0, STR_TERMINATE, &status);
5008 if (!NT_STATUS_IS_OK(status)) {
5009 END_PROFILE(pathworks_setdir);
5010 return ERROR_NT(status);
5013 RESOLVE_DFSPATH(newdir, conn, inbuf, outbuf);
5015 if (strlen(newdir) == 0) {
5018 ok = vfs_directory_exist(conn,newdir,NULL);
5020 set_conn_connectpath(conn,newdir);
5024 END_PROFILE(pathworks_setdir);
5025 return ERROR_DOS(ERRDOS,ERRbadpath);
5028 outsize = set_message(outbuf,0,0,False);
5029 SCVAL(outbuf,smb_reh,CVAL(inbuf,smb_reh));
5031 DEBUG(3,("setdir %s\n", newdir));
5033 END_PROFILE(pathworks_setdir);
5038 #define DBGC_CLASS DBGC_LOCKING
5040 /****************************************************************************
5041 Get a lock pid, dealing with large count requests.
5042 ****************************************************************************/
5044 uint32 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
5046 if(!large_file_format)
5047 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
5049 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
5052 /****************************************************************************
5053 Get a lock count, dealing with large count requests.
5054 ****************************************************************************/
5056 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
5058 SMB_BIG_UINT count = 0;
5060 if(!large_file_format) {
5061 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
5064 #if defined(HAVE_LONGLONG)
5065 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
5066 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
5067 #else /* HAVE_LONGLONG */
5070 * NT4.x seems to be broken in that it sends large file (64 bit)
5071 * lockingX calls even if the CAP_LARGE_FILES was *not*
5072 * negotiated. For boxes without large unsigned ints truncate the
5073 * lock count by dropping the top 32 bits.
5076 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
5077 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
5078 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
5079 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
5080 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
5083 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
5084 #endif /* HAVE_LONGLONG */
5090 #if !defined(HAVE_LONGLONG)
5091 /****************************************************************************
5092 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
5093 ****************************************************************************/
5095 static uint32 map_lock_offset(uint32 high, uint32 low)
5099 uint32 highcopy = high;
5102 * Try and find out how many significant bits there are in high.
5105 for(i = 0; highcopy; i++)
5109 * We use 31 bits not 32 here as POSIX
5110 * lock offsets may not be negative.
5113 mask = (~0) << (31 - i);
5116 return 0; /* Fail. */
5122 #endif /* !defined(HAVE_LONGLONG) */
5124 /****************************************************************************
5125 Get a lock offset, dealing with large offset requests.
5126 ****************************************************************************/
5128 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
5130 SMB_BIG_UINT offset = 0;
5134 if(!large_file_format) {
5135 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
5138 #if defined(HAVE_LONGLONG)
5139 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
5140 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
5141 #else /* HAVE_LONGLONG */
5144 * NT4.x seems to be broken in that it sends large file (64 bit)
5145 * lockingX calls even if the CAP_LARGE_FILES was *not*
5146 * negotiated. For boxes without large unsigned ints mangle the
5147 * lock offset by mapping the top 32 bits onto the lower 32.
5150 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
5151 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5152 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
5155 if((new_low = map_lock_offset(high, low)) == 0) {
5157 return (SMB_BIG_UINT)-1;
5160 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
5161 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
5162 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
5163 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
5166 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
5167 #endif /* HAVE_LONGLONG */
5173 /****************************************************************************
5174 Reply to a lockingX request.
5175 ****************************************************************************/
5177 int reply_lockingX(connection_struct *conn, char *inbuf, char *outbuf,
5178 int length, int bufsize)
5180 files_struct *fsp = file_fsp(inbuf,smb_vwv2);
5181 unsigned char locktype = CVAL(inbuf,smb_vwv3);
5182 unsigned char oplocklevel = CVAL(inbuf,smb_vwv3+1);
5183 uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
5184 uint16 num_locks = SVAL(inbuf,smb_vwv7);
5185 SMB_BIG_UINT count = 0, offset = 0;
5187 int32 lock_timeout = IVAL(inbuf,smb_vwv4);
5190 BOOL large_file_format =
5191 (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
5193 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5195 START_PROFILE(SMBlockingX);
5197 CHECK_FSP(fsp,conn);
5199 data = smb_buf(inbuf);
5201 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
5202 /* we don't support these - and CANCEL_LOCK makes w2k
5203 and XP reboot so I don't really want to be
5204 compatible! (tridge) */
5205 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
5208 /* Check if this is an oplock break on a file
5209 we have granted an oplock on.
5211 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
5212 /* Client can insist on breaking to none. */
5213 BOOL break_to_none = (oplocklevel == 0);
5216 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
5217 "for fnum = %d\n", (unsigned int)oplocklevel,
5221 * Make sure we have granted an exclusive or batch oplock on
5225 if (fsp->oplock_type == 0) {
5227 /* The Samba4 nbench simulator doesn't understand
5228 the difference between break to level2 and break
5229 to none from level2 - it sends oplock break
5230 replies in both cases. Don't keep logging an error
5231 message here - just ignore it. JRA. */
5233 DEBUG(5,("reply_lockingX: Error : oplock break from "
5234 "client for fnum = %d (oplock=%d) and no "
5235 "oplock granted on this file (%s).\n",
5236 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
5238 /* if this is a pure oplock break request then don't
5240 if (num_locks == 0 && num_ulocks == 0) {
5241 END_PROFILE(SMBlockingX);
5244 END_PROFILE(SMBlockingX);
5245 return ERROR_DOS(ERRDOS,ERRlock);
5249 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
5251 result = remove_oplock(fsp);
5253 result = downgrade_oplock(fsp);
5257 DEBUG(0, ("reply_lockingX: error in removing "
5258 "oplock on file %s\n", fsp->fsp_name));
5259 /* Hmmm. Is this panic justified? */
5260 smb_panic("internal tdb error");
5263 reply_to_oplock_break_requests(fsp);
5265 /* if this is a pure oplock break request then don't send a
5267 if (num_locks == 0 && num_ulocks == 0) {
5268 /* Sanity check - ensure a pure oplock break is not a
5270 if(CVAL(inbuf,smb_vwv0) != 0xff)
5271 DEBUG(0,("reply_lockingX: Error : pure oplock "
5272 "break is a chained %d request !\n",
5273 (unsigned int)CVAL(inbuf,smb_vwv0) ));
5274 END_PROFILE(SMBlockingX);
5280 * We do this check *after* we have checked this is not a oplock break
5281 * response message. JRA.
5284 release_level_2_oplocks_on_change(fsp);
5286 /* Data now points at the beginning of the list
5287 of smb_unlkrng structs */
5288 for(i = 0; i < (int)num_ulocks; i++) {
5289 lock_pid = get_lock_pid( data, i, large_file_format);
5290 count = get_lock_count( data, i, large_file_format);
5291 offset = get_lock_offset( data, i, large_file_format, &err);
5294 * There is no error code marked "stupid client bug".... :-).
5297 END_PROFILE(SMBlockingX);
5298 return ERROR_DOS(ERRDOS,ERRnoaccess);
5301 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
5302 "pid %u, file %s\n", (double)offset, (double)count,
5303 (unsigned int)lock_pid, fsp->fsp_name ));
5305 status = do_unlock(fsp,
5311 if (NT_STATUS_V(status)) {
5312 END_PROFILE(SMBlockingX);
5313 return ERROR_NT(status);
5317 /* Setup the timeout in seconds. */
5319 if (!lp_blocking_locks(SNUM(conn))) {
5323 /* Now do any requested locks */
5324 data += ((large_file_format ? 20 : 10)*num_ulocks);
5326 /* Data now points at the beginning of the list
5327 of smb_lkrng structs */
5329 for(i = 0; i < (int)num_locks; i++) {
5330 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
5331 READ_LOCK:WRITE_LOCK);
5332 lock_pid = get_lock_pid( data, i, large_file_format);
5333 count = get_lock_count( data, i, large_file_format);
5334 offset = get_lock_offset( data, i, large_file_format, &err);
5337 * There is no error code marked "stupid client bug".... :-).
5340 END_PROFILE(SMBlockingX);
5341 return ERROR_DOS(ERRDOS,ERRnoaccess);
5344 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
5345 "%u, file %s timeout = %d\n", (double)offset,
5346 (double)count, (unsigned int)lock_pid,
5347 fsp->fsp_name, (int)lock_timeout ));
5349 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
5350 if (lp_blocking_locks(SNUM(conn))) {
5352 /* Schedule a message to ourselves to
5353 remove the blocking lock record and
5354 return the right error. */
5356 if (!blocking_lock_cancel(fsp,
5362 NT_STATUS_FILE_LOCK_CONFLICT)) {
5363 END_PROFILE(SMBlockingX);
5364 return ERROR_NT(NT_STATUS_DOS(ERRDOS, ERRcancelviolation));
5367 /* Remove a matching pending lock. */
5368 status = do_lock_cancel(fsp,
5374 BOOL blocking_lock = lock_timeout ? True : False;
5375 BOOL defer_lock = False;
5376 struct byte_range_lock *br_lck;
5378 br_lck = do_lock(fsp,
5387 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
5388 /* Windows internal resolution for blocking locks seems
5389 to be about 200ms... Don't wait for less than that. JRA. */
5390 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
5391 lock_timeout = lp_lock_spin_time();
5396 /* This heuristic seems to match W2K3 very well. If a
5397 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
5398 it pretends we asked for a timeout of between 150 - 300 milliseconds as
5399 far as I can tell. Replacement for do_lock_spin(). JRA. */
5401 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
5402 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
5404 lock_timeout = lp_lock_spin_time();
5407 if (br_lck && defer_lock) {
5409 * A blocking lock was requested. Package up
5410 * this smb into a queued request and push it
5411 * onto the blocking lock queue.
5413 if(push_blocking_lock_request(br_lck,
5423 TALLOC_FREE(br_lck);
5424 END_PROFILE(SMBlockingX);
5429 TALLOC_FREE(br_lck);
5432 if (NT_STATUS_V(status)) {
5433 END_PROFILE(SMBlockingX);
5434 return ERROR_NT(status);
5438 /* If any of the above locks failed, then we must unlock
5439 all of the previous locks (X/Open spec). */
5441 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
5445 * Ensure we don't do a remove on the lock that just failed,
5446 * as under POSIX rules, if we have a lock already there, we
5447 * will delete it (and we shouldn't) .....
5449 for(i--; i >= 0; i--) {
5450 lock_pid = get_lock_pid( data, i, large_file_format);
5451 count = get_lock_count( data, i, large_file_format);
5452 offset = get_lock_offset( data, i, large_file_format,
5456 * There is no error code marked "stupid client
5460 END_PROFILE(SMBlockingX);
5461 return ERROR_DOS(ERRDOS,ERRnoaccess);
5470 END_PROFILE(SMBlockingX);
5471 return ERROR_NT(status);
5474 set_message(outbuf,2,0,True);
5476 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
5477 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
5479 END_PROFILE(SMBlockingX);
5480 return chain_reply(inbuf,outbuf,length,bufsize);
5484 #define DBGC_CLASS DBGC_ALL
5486 /****************************************************************************
5487 Reply to a SMBreadbmpx (read block multiplex) request.
5488 ****************************************************************************/
5490 int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
5501 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5502 START_PROFILE(SMBreadBmpx);
5504 /* this function doesn't seem to work - disable by default */
5505 if (!lp_readbmpx()) {
5506 END_PROFILE(SMBreadBmpx);
5507 return ERROR_DOS(ERRSRV,ERRuseSTD);
5510 outsize = set_message(outbuf,8,0,True);
5512 CHECK_FSP(fsp,conn);
5513 if (!CHECK_READ(fsp,inbuf)) {
5514 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5517 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1);
5518 maxcount = SVAL(inbuf,smb_vwv3);
5520 data = smb_buf(outbuf);
5521 pad = ((long)data)%4;
5526 max_per_packet = bufsize-(outsize+pad);
5530 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
5531 END_PROFILE(SMBreadBmpx);
5532 return ERROR_DOS(ERRDOS,ERRlock);
5536 size_t N = MIN(max_per_packet,tcount-total_read);
5538 nread = read_file(fsp,data,startpos,N);
5543 if (nread < (ssize_t)N)
5544 tcount = total_read + nread;
5546 set_message(outbuf,8,nread+pad,False);
5547 SIVAL(outbuf,smb_vwv0,startpos);
5548 SSVAL(outbuf,smb_vwv2,tcount);
5549 SSVAL(outbuf,smb_vwv6,nread);
5550 SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
5553 if (!send_smb(smbd_server_fd(),outbuf))
5554 exit_server("reply_readbmpx: send_smb failed.");
5556 total_read += nread;
5558 } while (total_read < (ssize_t)tcount);
5560 END_PROFILE(SMBreadBmpx);
5564 /****************************************************************************
5565 Reply to a SMBsetattrE.
5566 ****************************************************************************/
5568 int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5570 struct utimbuf unix_times;
5572 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5573 START_PROFILE(SMBsetattrE);
5575 outsize = set_message(outbuf,0,0,False);
5577 if(!fsp || (fsp->conn != conn)) {
5578 END_PROFILE(SMBsetattrE);
5579 return ERROR_DOS(ERRDOS,ERRbadfid);
5583 * Convert the DOS times into unix times. Ignore create
5584 * time as UNIX can't set this.
5587 unix_times.actime = srv_make_unix_date2(inbuf+smb_vwv3);
5588 unix_times.modtime = srv_make_unix_date2(inbuf+smb_vwv5);
5591 * Patch from Ray Frush <frush@engr.colostate.edu>
5592 * Sometimes times are sent as zero - ignore them.
5595 if (null_mtime(unix_times.actime) && null_mtime(unix_times.modtime)) {
5596 /* Ignore request */
5597 if( DEBUGLVL( 3 ) ) {
5598 dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
5599 dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
5601 END_PROFILE(SMBsetattrE);
5603 } else if (!null_mtime(unix_times.actime) && null_mtime(unix_times.modtime)) {
5604 /* set modify time = to access time if modify time was unset */
5605 unix_times.modtime = unix_times.actime;
5608 /* Set the date on this file */
5609 /* Should we set pending modtime here ? JRA */
5610 if(file_utime(conn, fsp->fsp_name, &unix_times)) {
5611 END_PROFILE(SMBsetattrE);
5612 return ERROR_DOS(ERRDOS,ERRnoaccess);
5615 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%d modtime=%d\n",
5616 fsp->fnum, (int)unix_times.actime, (int)unix_times.modtime ) );
5618 END_PROFILE(SMBsetattrE);
5623 /* Back from the dead for OS/2..... JRA. */
5625 /****************************************************************************
5626 Reply to a SMBwritebmpx (write block multiplex primary) request.
5627 ****************************************************************************/
5629 int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5632 ssize_t nwritten = -1;
5639 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5640 START_PROFILE(SMBwriteBmpx);
5642 CHECK_FSP(fsp,conn);
5643 if (!CHECK_WRITE(fsp)) {
5644 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5646 if (HAS_CACHED_ERROR(fsp)) {
5647 return(CACHED_ERROR(fsp));
5650 tcount = SVAL(inbuf,smb_vwv1);
5651 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3);
5652 write_through = BITSETW(inbuf+smb_vwv7,0);
5653 numtowrite = SVAL(inbuf,smb_vwv10);
5654 smb_doff = SVAL(inbuf,smb_vwv11);
5656 data = smb_base(inbuf) + smb_doff;
5658 /* If this fails we need to send an SMBwriteC response,
5659 not an SMBwritebmpx - set this up now so we don't forget */
5660 SCVAL(outbuf,smb_com,SMBwritec);
5662 if (is_locked(fsp,(uint32)SVAL(inbuf,smb_pid),(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK)) {
5663 END_PROFILE(SMBwriteBmpx);
5664 return(ERROR_DOS(ERRDOS,ERRlock));
5667 nwritten = write_file(fsp,data,startpos,numtowrite);
5669 sync_file(conn, fsp, write_through);
5671 if(nwritten < (ssize_t)numtowrite) {
5672 END_PROFILE(SMBwriteBmpx);
5673 return(UNIXERROR(ERRHRD,ERRdiskfull));
5676 /* If the maximum to be written to this file
5677 is greater than what we just wrote then set
5678 up a secondary struct to be attached to this
5679 fd, we will use this to cache error messages etc. */
5681 if((ssize_t)tcount > nwritten) {
5682 write_bmpx_struct *wbms;
5683 if(fsp->wbmpx_ptr != NULL)
5684 wbms = fsp->wbmpx_ptr; /* Use an existing struct */
5686 wbms = SMB_MALLOC_P(write_bmpx_struct);
5688 DEBUG(0,("Out of memory in reply_readmpx\n"));
5689 END_PROFILE(SMBwriteBmpx);
5690 return(ERROR_DOS(ERRSRV,ERRnoresource));
5692 wbms->wr_mode = write_through;
5693 wbms->wr_discard = False; /* No errors yet */
5694 wbms->wr_total_written = nwritten;
5695 wbms->wr_errclass = 0;
5697 fsp->wbmpx_ptr = wbms;
5700 /* We are returning successfully, set the message type back to
5702 SCVAL(outbuf,smb_com,SMBwriteBmpx);
5704 outsize = set_message(outbuf,1,0,True);
5706 SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
5708 DEBUG( 3, ( "writebmpx fnum=%d num=%d wrote=%d\n",
5709 fsp->fnum, (int)numtowrite, (int)nwritten ) );
5711 if (write_through && tcount==nwritten) {
5712 /* We need to send both a primary and a secondary response */
5713 smb_setlen(outbuf,outsize - 4);
5715 if (!send_smb(smbd_server_fd(),outbuf))
5716 exit_server("reply_writebmpx: send_smb failed.");
5718 /* Now the secondary */
5719 outsize = set_message(outbuf,1,0,True);
5720 SCVAL(outbuf,smb_com,SMBwritec);
5721 SSVAL(outbuf,smb_vwv0,nwritten);
5724 END_PROFILE(SMBwriteBmpx);
5728 /****************************************************************************
5729 Reply to a SMBwritebs (write block multiplex secondary) request.
5730 ****************************************************************************/
5732 int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
5735 ssize_t nwritten = -1;
5742 write_bmpx_struct *wbms;
5743 BOOL send_response = False;
5744 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5745 START_PROFILE(SMBwriteBs);
5747 CHECK_FSP(fsp,conn);
5748 if (!CHECK_WRITE(fsp)) {
5749 return(ERROR_DOS(ERRDOS,ERRbadaccess));
5752 tcount = SVAL(inbuf,smb_vwv1);
5753 startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2);
5754 numtowrite = SVAL(inbuf,smb_vwv6);
5755 smb_doff = SVAL(inbuf,smb_vwv7);
5757 data = smb_base(inbuf) + smb_doff;
5759 /* We need to send an SMBwriteC response, not an SMBwritebs */
5760 SCVAL(outbuf,smb_com,SMBwritec);
5762 /* This fd should have an auxiliary struct attached,
5763 check that it does */
5764 wbms = fsp->wbmpx_ptr;
5766 END_PROFILE(SMBwriteBs);
5770 /* If write through is set we can return errors, else we must cache them */
5771 write_through = wbms->wr_mode;
5773 /* Check for an earlier error */
5774 if(wbms->wr_discard) {
5775 END_PROFILE(SMBwriteBs);
5776 return -1; /* Just discard the packet */
5779 nwritten = write_file(fsp,data,startpos,numtowrite);
5781 sync_file(conn, fsp, write_through);
5783 if (nwritten < (ssize_t)numtowrite) {
5785 /* We are returning an error - we can delete the aux struct */
5788 fsp->wbmpx_ptr = NULL;
5789 END_PROFILE(SMBwriteBs);
5790 return(ERROR_DOS(ERRHRD,ERRdiskfull));
5792 wbms->wr_errclass = ERRHRD;
5793 wbms->wr_error = ERRdiskfull;
5794 wbms->wr_status = NT_STATUS_DISK_FULL;
5795 wbms->wr_discard = True;
5796 END_PROFILE(SMBwriteBs);
5800 /* Increment the total written, if this matches tcount
5801 we can discard the auxiliary struct (hurrah !) and return a writeC */
5802 wbms->wr_total_written += nwritten;
5803 if(wbms->wr_total_written >= tcount) {
5804 if (write_through) {
5805 outsize = set_message(outbuf,1,0,True);
5806 SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);
5807 send_response = True;
5811 fsp->wbmpx_ptr = NULL;
5815 END_PROFILE(SMBwriteBs);
5819 END_PROFILE(SMBwriteBs);
5823 /****************************************************************************
5824 Reply to a SMBgetattrE.
5825 ****************************************************************************/
5827 int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
5829 SMB_STRUCT_STAT sbuf;
5832 files_struct *fsp = file_fsp(inbuf,smb_vwv0);
5833 START_PROFILE(SMBgetattrE);
5835 outsize = set_message(outbuf,11,0,True);
5837 if(!fsp || (fsp->conn != conn)) {
5838 END_PROFILE(SMBgetattrE);
5839 return ERROR_DOS(ERRDOS,ERRbadfid);
5842 /* Do an fstat on this file */
5843 if(fsp_stat(fsp, &sbuf)) {
5844 END_PROFILE(SMBgetattrE);
5845 return(UNIXERROR(ERRDOS,ERRnoaccess));
5848 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
5851 * Convert the times into dos times. Set create
5852 * date to be last modify date as UNIX doesn't save
5856 srv_put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
5857 srv_put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
5858 /* Should we check pending modtime here ? JRA */
5859 srv_put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
5862 SIVAL(outbuf,smb_vwv6,0);
5863 SIVAL(outbuf,smb_vwv8,0);
5865 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
5866 SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
5867 SIVAL(outbuf,smb_vwv8,allocation_size);
5869 SSVAL(outbuf,smb_vwv10, mode);
5871 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
5873 END_PROFILE(SMBgetattrE);