/*
Unix SMB/CIFS implementation.
SMB NT transaction handling
- Copyright (C) Jeremy Allison 1994-1998
+ Copyright (C) Jeremy Allison 1994-2007
Copyright (C) Stefan (metze) Metzmacher 2003
This program is free software; you can redistribute it and/or modify
if (ptr==NULL) {
smb_panic("nttrans_realloc() called with NULL ptr");
}
-
+
*ptr = (char *)SMB_REALLOC(*ptr, size);
if(*ptr == NULL) {
return NULL;
int alignment_offset = 3;
int data_alignment_offset = 0;
- /*
+ /*
* If there genuinely are no parameters or data to send just send
* the empty packet.
*/
data_alignment_offset = 4 - (params_to_send % 4);
}
- /*
+ /*
* Space is bufsize minus Netbios over TCP header minus SMB header.
* The alignment_offset is to align the param bytes on a four byte
- * boundary (2 bytes for data len, one byte pad).
+ * boundary (2 bytes for data len, one byte pad).
* NT needs this to work correctly.
*/
total_sent_thistime = params_to_send + data_to_send +
alignment_offset + data_alignment_offset;
- /*
+ /*
* We can never send more than useable_space.
*/
SIVAL(req->outbuf,smb_ntr_TotalParameterCount,paramsize);
SIVAL(req->outbuf,smb_ntr_TotalDataCount,datasize);
- /*
+ /*
* Calculate how many parameters and data we can fit into
* this packet. Parameters get precedence.
*/
SIVAL(req->outbuf,smb_ntr_ParameterOffset,
((smb_buf(req->outbuf)+alignment_offset)
- smb_base(req->outbuf)));
- /*
+ /*
* Absolute displacement of param bytes sent in this packet.
*/
SIVAL(req->outbuf,smb_ntr_DataDisplacement, pd - pdata);
}
- /*
+ /*
* Copy the param bytes into the packet.
*/
+params_sent_thistime+data_alignment_offset,
pd,data_sent_thistime);
}
-
+
DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
params_sent_thistime, data_sent_thistime, useable_space));
DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
0, 0, nt_error,
__LINE__,__FILE__);
}
-
+
/* Send the packet */
show_msg((char *)req->outbuf);
if (!send_smb(smbd_server_fd(),(char *)req->outbuf)) {
}
TALLOC_FREE(req->outbuf);
-
+
pp += params_sent_thistime;
pd += data_sent_thistime;
-
+
params_to_send -= params_sent_thistime;
data_to_send -= data_sent_thistime;
params_to_send, data_to_send));
return;
}
- }
+ }
}
/****************************************************************************
static void do_ntcreate_pipe_open(connection_struct *conn,
struct smb_request *req)
{
- pstring fname;
+ char *fname = NULL;
int pnum = -1;
char *p = NULL;
uint32 flags = IVAL(req->inbuf,smb_ntcreate_Flags);
+ TALLOC_CTX *ctx = talloc_tos();
- srvstr_pull_buf((char *)req->inbuf, req->flags2, fname,
- smb_buf(req->inbuf), sizeof(fname), STR_TERMINATE);
+ srvstr_pull_buf_talloc(ctx, (char *)req->inbuf, req->flags2, &fname,
+ smb_buf(req->inbuf), STR_TERMINATE);
+ if (!fname) {
+ reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ERRDOS, ERRbadpipe);
+ return;
+ }
nt_open_pipe(fname, conn, req, &pnum);
if (req->outbuf) {
/*
* Deal with pipe return.
- */
+ */
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* This is very strange. We
if (flags & EXTENDED_RESPONSE_REQUIRED) {
p += 25;
SIVAL(p,0,FILE_GENERIC_ALL);
- /*
+ /*
* For pipes W2K3 seems to return
* 0x12019B next.
* This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
- chain_reply_new(req);
+ chain_reply(req);
}
/****************************************************************************
}
reply_outbuf(req, 34, 0);
-
+
p = (char *)req->outbuf + smb_vwv2;
-
+
/* SCVAL(p,0,NO_OPLOCK_RETURN); */
p++;
SSVAL(p,0,fsp->fnum);
DEBUG(5,("reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
- chain_reply_new(req);
+ chain_reply(req);
}
/****************************************************************************
void reply_ntcreate_and_X(connection_struct *conn,
struct smb_request *req)
-{
- pstring fname;
+{
+ char *fname = NULL;
uint32 flags;
uint32 access_mask;
uint32 file_attributes;
BOOL extended_oplock_granted = False;
NTSTATUS status;
struct case_semantics_state *case_state = NULL;
+ TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntcreateX);
/*
* This filename is relative to a directory fid.
*/
- pstring rel_fname;
+ char *rel_fname = NULL;
files_struct *dir_fsp = file_fsp(
SVAL(req->inbuf, smb_ntcreate_RootDirectoryFid));
size_t dir_name_len;
if(!dir_fsp->is_directory) {
- srvstr_get_path((char *)req->inbuf, req->flags2, fname,
- smb_buf(req->inbuf), sizeof(fname), 0,
+ srvstr_get_path(ctx, (char *)req->inbuf,
+ req->flags2, &fname,
+ smb_buf(req->inbuf), 0,
STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
* Copy in the base directory name.
*/
- pstrcpy( fname, dir_fsp->fsp_name );
- dir_name_len = strlen(fname);
+ dir_name_len = strlen(dir_fsp->fsp_name);
+ fname = TALLOC_SIZE(ctx, dir_name_len+2);
+ if (!fname) {
+ reply_nterror(
+ req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBntcreateX);
+ return;
+ }
+ memcpy(fname, dir_fsp->fsp_name, dir_name_len+1);
/*
- * Ensure it ends in a '\'.
+ * Ensure it ends in a '/'.
+ * We used TALLOC_SIZE +2 to add space for the '/'.
*/
- if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
- pstrcat(fname, "/");
+ if(dir_name_len && (fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
+ fname[dir_name_len] = '/';
+ fname[dir_name_len+1] = '\0';
dir_name_len++;
}
- srvstr_get_path((char *)req->inbuf, req->flags2, rel_fname,
- smb_buf(req->inbuf), sizeof(rel_fname), 0,
+ srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &rel_fname,
+ smb_buf(req->inbuf), 0,
STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
END_PROFILE(SMBntcreateX);
return;
}
- pstrcat(fname, rel_fname);
+ fname = talloc_asprintf(ctx, "%s%s",
+ fname,
+ rel_fname);
+ if (!fname) {
+ reply_nterror(
+ req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBntcreateX);
+ return;
+ }
} else {
- srvstr_get_path((char *)req->inbuf, req->flags2, fname,
- smb_buf(req->inbuf), sizeof(fname), 0,
+ srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
+ smb_buf(req->inbuf), 0,
STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
}
-
+
/*
- * Now contruct the smb_open_mode value from the filename,
+ * Now contruct the smb_open_mode value from the filename,
* desired access and the share access.
*/
- status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES, fname);
+ status = resolve_dfspath(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ &fname);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
/*
* Ordinary file or directory.
*/
-
+
/*
* Check if POSIX semantics are wanted.
*/
-
+
if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
case_state = set_posix_case_semantics(NULL, conn);
file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
}
-
- status = unix_convert(conn, fname, False, NULL, &sbuf);
+
+ status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(case_state);
reply_nterror(req, status);
file_attributes,
&info, &fsp);
- TALLOC_FREE(case_state);
-
- if(!NT_STATUS_IS_OK(status)) {
- if (!use_nt_status() && NT_STATUS_EQUAL(
- status, NT_STATUS_OBJECT_NAME_COLLISION)) {
- status = NT_STATUS_DOS(ERRDOS, ERRfilexists);
- }
- reply_nterror(req, status);
- END_PROFILE(SMBntcreateX);
- return;
- }
-
} else {
/*
oplock_request,
&info, &fsp);
- if (!NT_STATUS_IS_OK(status)) {
- /* We cheat here. There are two cases we
- * care about. One is a directory rename,
- * where the NT client will attempt to
- * open the source directory for
- * DELETE access. Note that when the
- * NT client does this it does *not*
- * set the directory bit in the
- * request packet. This is translated
- * into a read/write open
- * request. POSIX states that any open
- * for write request on a directory
- * will generate an EISDIR error, so
- * we can catch this here and open a
- * pseudo handle that is flagged as a
- * directory. The second is an open
- * for a permissions read only, which
- * we handle in the open_file_stat case. JRA.
- */
+ /* We cheat here. There are two cases we
+ * care about. One is a directory rename,
+ * where the NT client will attempt to
+ * open the source directory for
+ * DELETE access. Note that when the
+ * NT client does this it does *not*
+ * set the directory bit in the
+ * request packet. This is translated
+ * into a read/write open
+ * request. POSIX states that any open
+ * for write request on a directory
+ * will generate an EISDIR error, so
+ * we can catch this here and open a
+ * pseudo handle that is flagged as a
+ * directory. The second is an open
+ * for a permissions read only, which
+ * we handle in the open_file_stat case. JRA.
+ */
- if (NT_STATUS_EQUAL(status,
- NT_STATUS_FILE_IS_A_DIRECTORY)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
- /*
- * Fail the open if it was explicitly a non-directory file.
- */
+ /*
+ * Fail the open if it was explicitly a non-directory
+ * file.
+ */
- if (create_options & FILE_NON_DIRECTORY_FILE) {
- TALLOC_FREE(case_state);
- reply_force_nterror(req, NT_STATUS_FILE_IS_A_DIRECTORY);
- END_PROFILE(SMBntcreateX);
- return;
- }
-
- oplock_request = 0;
- status = open_directory(conn, req, fname,
- &sbuf,
- access_mask,
- share_access,
- create_disposition,
- create_options,
- file_attributes,
- &info, &fsp);
-
- if(!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(case_state);
- if (!use_nt_status() && NT_STATUS_EQUAL(
- status, NT_STATUS_OBJECT_NAME_COLLISION)) {
- status = NT_STATUS_DOS(ERRDOS, ERRfilexists);
- }
- reply_nterror(req, status);
- END_PROFILE(SMBntcreateX);
- return;
- }
- } else {
+ if (create_options & FILE_NON_DIRECTORY_FILE) {
TALLOC_FREE(case_state);
+ reply_force_nterror(req,
+ NT_STATUS_FILE_IS_A_DIRECTORY);
END_PROFILE(SMBntcreateX);
- if (open_was_deferred(req->mid)) {
- /* We have re-scheduled this call. */
- return;
- }
- reply_nterror(req, status);
return;
}
- }
+
+ oplock_request = 0;
+ status = open_directory(conn, req, fname,
+ &sbuf,
+ access_mask,
+ share_access,
+ create_disposition,
+ create_options,
+ file_attributes,
+ &info, &fsp);
+ }
}
-
+
TALLOC_FREE(case_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ if (open_was_deferred(req->mid)) {
+ /* We have re-scheduled this call. */
+ END_PROFILE(SMBntcreateX);
+ return;
+ }
+ reply_openerror(req, status);
+ END_PROFILE(SMBntcreateX);
+ return;
+ }
+
file_len = sbuf.st_size;
fattr = dos_mode(conn,fname,&sbuf);
if(fattr == 0) {
reply_doserror(req, ERRDOS, ERRnoaccess);
END_PROFILE(SMBntcreateX);
return;
- }
-
+ }
+
/* Save the requested allocation size. */
if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
if (allocation_size && (allocation_size > (SMB_BIG_UINT)file_len)) {
}
}
- /*
+ /*
* If the caller set the extended oplock request bit
* and we granted one (by whatever means) - set the
* correct bit for extended oplock reply.
}
p = (char *)req->outbuf + smb_vwv2;
-
+
/*
* Currently as we don't support level II oplocks we just report
* exclusive & batch here.
} else {
SCVAL(p,0,NO_OPLOCK_RETURN);
}
-
+
p++;
SSVAL(p,0,fsp->fnum);
p += 2;
DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
- chain_reply_new(req);
+ chain_reply(req);
END_PROFILE(SMBntcreateX);
return;
}
char **ppparams, uint32 parameter_count,
char **ppdata, uint32 data_count)
{
- pstring fname;
+ char *fname = NULL;
char *params = *ppparams;
int pnum = -1;
char *p = NULL;
NTSTATUS status;
size_t param_len;
uint32 flags;
+ TALLOC_CTX *ctx = talloc_tos();
/*
* Ensure minimum number of parameters sent.
flags = IVAL(params,0);
- srvstr_get_path(params, req->flags2, fname, params+53,
- sizeof(fname), parameter_count-53, STR_TERMINATE,
+ srvstr_get_path(ctx, params, req->flags2, &fname, params+53,
+ parameter_count-53, STR_TERMINATE,
&status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
/* Error return */
return;
}
-
+
/* Realloc the size of parameters and data we will return */
if (flags & EXTENDED_RESPONSE_REQUIRED) {
/* Extended response is 32 more byyes. */
reply_doserror(req, ERRDOS, ERRnomem);
return;
}
-
+
p = params;
SCVAL(p,0,NO_OPLOCK_RETURN);
-
+
p += 2;
SSVAL(p,0,pnum);
p += 2;
SIVAL(p,0,FILE_WAS_OPENED);
p += 8;
-
+
p += 32;
SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
p += 20;
/* Device state. */
SSVAL(p,2, 0x5FF); /* ? */
p += 4;
-
+
if (flags & EXTENDED_RESPONSE_REQUIRED) {
p += 25;
SIVAL(p,0,FILE_GENERIC_ALL);
- /*
+ /*
* For pipes W2K3 seems to return
* 0x12019B next.
* This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
}
DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
-
+
/* Send the required number of replies */
send_nt_replies(req, NT_STATUS_OK, params, param_len, *ppdata, 0);
-
+
return;
}
SEC_DESC *psd = NULL;
TALLOC_CTX *mem_ctx;
NTSTATUS status;
-
+
if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
return NT_STATUS_OK;
}
* Setup the prs_struct to point at the memory we just
* allocated.
*/
-
+
prs_give_memory( &pd, data, sd_len, False);
/*
DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
/*
* Return access denied for want of a better error message..
- */
+ */
talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
-
+
if (psd->owner_sid==0) {
security_info_sent &= ~OWNER_SECURITY_INFORMATION;
}
if (psd->dacl==0) {
security_info_sent &= ~DACL_SECURITY_INFORMATION;
}
-
+
status = SMB_VFS_FSET_NT_ACL( fsp, fsp->fh->fd, security_info_sent, psd);
-
+
talloc_destroy(mem_ctx);
return status;
}
/****************************************************************************
Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
****************************************************************************/
-
+
static struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
{
struct ea_list *ea_list_head = NULL;
}
offset += next_offset;
}
-
+
return ea_list_head;
}
char **ppdata, uint32 data_count,
uint32 max_data_count)
{
- pstring fname;
+ char *fname = NULL;
char *params = *ppparams;
char *data = *ppdata;
/* Breakout the oplock request bits so we can set the reply bits separately. */
struct timespec a_timespec;
struct timespec m_timespec;
struct ea_list *ea_list = NULL;
- TALLOC_CTX *ctx = NULL;
char *pdata = NULL;
NTSTATUS status;
size_t param_len;
struct case_semantics_state *case_state = NULL;
+ TALLOC_CTX *ctx = talloc_tos();
DEBUG(5,("call_nt_transact_create\n"));
/*
* This filename is relative to a directory fid.
*/
+ char *tmpname = NULL;
files_struct *dir_fsp = file_fsp(SVAL(params,4));
size_t dir_name_len;
}
if(!dir_fsp->is_directory) {
- srvstr_get_path(params, req->flags2, fname,
- params+53, sizeof(fname),
+ srvstr_get_path(ctx, params, req->flags2, &fname,
+ params+53,
parameter_count-53, STR_TERMINATE,
&status);
if (!NT_STATUS_IS_OK(status)) {
* Copy in the base directory name.
*/
- pstrcpy( fname, dir_fsp->fsp_name );
- dir_name_len = strlen(fname);
+ dir_name_len = strlen(dir_fsp->fsp_name);
+ fname = TALLOC_SIZE(ctx, dir_name_len+2);
+ if (!fname) {
+ reply_nterror(
+ req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBntcreateX);
+ return;
+ }
+ memcpy(fname, dir_fsp->fsp_name, dir_name_len+1);
/*
- * Ensure it ends in a '\'.
+ * Ensure it ends in a '/'.
+ * We used TALLOC_SIZE +2 to add space for the '/'.
*/
- if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
- pstrcat(fname, "/");
+ if(dir_name_len && (fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
+ fname[dir_name_len] = '/';
+ fname[dir_name_len+1] = '\0';
dir_name_len++;
}
- {
- pstring tmpname;
- srvstr_get_path(params, req->flags2, tmpname,
- params+53, sizeof(tmpname),
- parameter_count-53, STR_TERMINATE,
- &status);
- if (!NT_STATUS_IS_OK(status)) {
- reply_nterror(req, status);
- return;
- }
- pstrcat(fname, tmpname);
+ srvstr_get_path(ctx, params, req->flags2, &tmpname,
+ params+53,
+ parameter_count-53, STR_TERMINATE,
+ &status);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
+ fname = talloc_asprintf(ctx, "%s%s",
+ fname,
+ tmpname);
+ if (!fname) {
+ reply_nterror(
+ req, NT_STATUS_NO_MEMORY);
+ return;
}
} else {
- srvstr_get_path(params, req->flags2, fname, params+53,
- sizeof(fname), parameter_count-53,
+ srvstr_get_path(ctx, params, req->flags2, &fname, params+53,
+ parameter_count-53,
STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
/*
* Ordinary file or directory.
*/
-
+
/*
* Check if POSIX semantics are wanted.
*/
case_state = set_posix_case_semantics(NULL, conn);
file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
}
-
- status = resolve_dfspath(conn, req->flags2 & FLAGS2_DFS_PATHNAMES,
- fname);
+
+ status = resolve_dfspath(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ &fname);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(case_state);
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
return;
}
- status = unix_convert(conn, fname, False, NULL, &sbuf);
+ status = unix_convert(conn, fname, False, &fname, NULL, &sbuf);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(case_state);
reply_nterror(req, status);
pdata = data + sd_len;
/* We have already checked that ea_len <= data_count here. */
- ea_list = read_nttrans_ea_list(tmp_talloc_ctx(), pdata,
+ ea_list = read_nttrans_ea_list(talloc_tos(), pdata,
ea_len);
if (!ea_list ) {
TALLOC_FREE(case_state);
create_options,
file_attributes,
&info, &fsp);
- if(!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(case_state);
- reply_nterror(req, status);
- return;
- }
-
} else {
/*
oplock_request,
&info, &fsp);
- if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status,
- NT_STATUS_FILE_IS_A_DIRECTORY)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
- /*
- * Fail the open if it was explicitly a non-directory file.
- */
+ /*
+ * Fail the open if it was explicitly a non-directory file.
+ */
- if (create_options & FILE_NON_DIRECTORY_FILE) {
- TALLOC_FREE(case_state);
- reply_force_nterror(
- req,
- NT_STATUS_FILE_IS_A_DIRECTORY);
- return;
- }
-
- oplock_request = 0;
- status = open_directory(conn, req, fname,
- &sbuf,
- access_mask,
- share_access,
- create_disposition,
- create_options,
- file_attributes,
- &info, &fsp);
- if(!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(case_state);
- reply_nterror(req, status);
- return;
- }
- } else {
+ if (create_options & FILE_NON_DIRECTORY_FILE) {
TALLOC_FREE(case_state);
- if (open_was_deferred(req->mid)) {
- /* We have re-scheduled this call. */
- return;
- }
- reply_nterror(req, status);
+ reply_force_nterror(
+ req,
+ NT_STATUS_FILE_IS_A_DIRECTORY);
return;
}
- }
+
+ oplock_request = 0;
+ status = open_directory(conn, req, fname,
+ &sbuf,
+ access_mask,
+ share_access,
+ create_disposition,
+ create_options,
+ file_attributes,
+ &info, &fsp);
+ }
+ }
+
+ TALLOC_FREE(case_state);
+
+ if(!NT_STATUS_IS_OK(status)) {
+ if (open_was_deferred(req->mid)) {
+ /* We have re-scheduled this call. */
+ return;
+ }
+ reply_openerror(req, status);
+ return;
}
/*
* According to the MS documentation, the only time the security
* descriptor is applied to the opened file is iff we *created* the
* file; an existing file stays the same.
- *
+ *
* Also, it seems (from observation) that you can open the file with
* any access mask but you can still write the sd. We need to override
* the granted access before we call set_sd
status = set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION);
if (!NT_STATUS_IS_OK(status)) {
- talloc_destroy(ctx);
close_file(fsp,ERROR_CLOSE);
TALLOC_FREE(case_state);
reply_nterror(req, status);
}
fsp->access_mask = saved_access_mask;
}
-
+
if (ea_len && (info == FILE_WAS_CREATED)) {
status = set_ea(conn, fsp, fname, ea_list);
if (!NT_STATUS_IS_OK(status)) {
close_file(fsp,ERROR_CLOSE);
reply_doserror(req, ERRDOS, ERRnoaccess);
return;
- }
-
+ }
+
/* Save the requested allocation size. */
if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(params,12);
}
}
- /*
+ /*
* If the caller set the extended oplock request bit
* and we granted one (by whatever means) - set the
* correct bit for extended oplock reply.
} else {
SCVAL(p,0,NO_OPLOCK_RETURN);
}
-
+
p += 2;
SSVAL(p,0,fsp->fnum);
p += 2;
/*
* Go through and cancel any pending change notifies.
*/
-
+
START_PROFILE(SMBntcancel);
remove_pending_change_notify_requests_by_mid(req->mid);
remove_pending_lock_requests_by_mid(req->mid);
srv_cancel_sign_response(req->mid);
-
+
DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid));
END_PROFILE(SMBntcancel);
static NTSTATUS copy_internals(connection_struct *conn,
struct smb_request *req,
- char *oldname, char *newname, uint32 attrs)
+ const char *oldname_in,
+ const char *newname_in,
+ uint32 attrs)
{
SMB_STRUCT_STAT sbuf1, sbuf2;
- pstring last_component_oldname;
- pstring last_component_newname;
+ char *oldname = NULL;
+ char *newname = NULL;
+ char *last_component_oldname = NULL;
+ char *last_component_newname = NULL;
files_struct *fsp1,*fsp2;
uint32 fattr;
int info;
return NT_STATUS_MEDIA_WRITE_PROTECTED;
}
- status = unix_convert(conn, oldname, False, last_component_oldname, &sbuf1);
+ status = unix_convert(conn, oldname_in, False, &oldname,
+ &last_component_oldname, &sbuf1);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_NO_SUCH_FILE;
}
- status = unix_convert(conn, newname, False, last_component_newname, &sbuf2);
+ status = unix_convert(conn, newname_in, False, &newname,
+ &last_component_newname, &sbuf2);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return status;
}
- DEBUG(10,("copy_internals: doing file copy %s to %s\n", oldname, newname));
+ DEBUG(10,("copy_internals: doing file copy %s to %s\n",
+ oldname, newname));
status = open_file_ntcreate(conn, req, oldname, &sbuf1,
FILE_READ_DATA, /* Read-only. */
Reply to a NT rename request.
****************************************************************************/
-int reply_ntrename(connection_struct *conn,
- char *inbuf,char *outbuf,int length,int bufsize)
+void reply_ntrename(connection_struct *conn, struct smb_request *req)
{
- int outsize = 0;
- pstring oldname;
- pstring newname;
+ char *oldname = NULL;
+ char *newname = NULL;
char *p;
NTSTATUS status;
BOOL src_has_wcard = False;
BOOL dest_has_wcard = False;
- uint32 attrs = SVAL(inbuf,smb_vwv0);
- uint16 rename_type = SVAL(inbuf,smb_vwv1);
- struct smb_request req;
+ uint32 attrs;
+ uint16 rename_type;
+ TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntrename);
- init_smb_request(&req, (uint8 *)inbuf);
+ if (req->wct < 4) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBntrename);
+ return;
+ }
- p = smb_buf(inbuf) + 1;
- p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), oldname, p,
- sizeof(oldname), 0, STR_TERMINATE, &status,
+ attrs = SVAL(req->inbuf,smb_vwv0);
+ rename_type = SVAL(req->inbuf,smb_vwv1);
+
+ p = smb_buf(req->inbuf) + 1;
+ p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &oldname, p,
+ 0, STR_TERMINATE, &status,
&src_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
END_PROFILE(SMBntrename);
- return ERROR_NT(status);
+ return;
}
if( is_ntfs_stream_name(oldname)) {
/* Can't rename a stream. */
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
END_PROFILE(SMBntrename);
- return ERROR_NT(NT_STATUS_ACCESS_DENIED);
+ return;
}
if (ms_has_wild(oldname)) {
+ reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
END_PROFILE(SMBntrename);
- return ERROR_NT(NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
+ return;
}
p++;
- p += srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), newname, p,
- sizeof(newname), 0, STR_TERMINATE, &status,
+ p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
+ 0, STR_TERMINATE, &status,
&dest_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
END_PROFILE(SMBntrename);
- return ERROR_NT(status);
+ return;
}
-
- status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, oldname);
+
+ status = resolve_dfspath(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ oldname,
+ &oldname);
if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBntrename);
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
- return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
+ reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
+ ERRSRV, ERRbadpath);
+ END_PROFILE(SMBntrename);
+ return;
}
- return ERROR_NT(status);
+ reply_nterror(req, status);
+ END_PROFILE(SMBntrename);
+ return;
}
- status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, newname);
+ status = resolve_dfspath(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ newname,
+ &newname);
if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBntrename);
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
- return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath);
+ reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
+ ERRSRV, ERRbadpath);
+ END_PROFILE(SMBntrename);
+ return;
}
- return ERROR_NT(status);
+ reply_nterror(req, status);
+ END_PROFILE(SMBntrename);
+ return;
}
DEBUG(3,("reply_ntrename : %s -> %s\n",oldname,newname));
-
+
switch(rename_type) {
case RENAME_FLAG_RENAME:
- status = rename_internals(conn, &req, oldname, newname,
- attrs, False, src_has_wcard,
- dest_has_wcard);
+ status = rename_internals(ctx, conn, req, oldname,
+ newname, attrs, False, src_has_wcard,
+ dest_has_wcard);
break;
case RENAME_FLAG_HARD_LINK:
if (src_has_wcard || dest_has_wcard) {
/* No wildcards. */
status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
} else {
- status = hardlink_internals(conn, oldname, newname);
+ status = hardlink_internals(conn,
+ oldname,
+ newname);
}
break;
case RENAME_FLAG_COPY:
/* No wildcards. */
status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
} else {
- status = copy_internals(conn, &req, oldname,
+ status = copy_internals(conn, req, oldname,
newname, attrs);
}
break;
}
if (!NT_STATUS_IS_OK(status)) {
- END_PROFILE(SMBntrename);
- if (open_was_deferred(SVAL(inbuf,smb_mid))) {
+ if (open_was_deferred(req->mid)) {
/* We have re-scheduled this call. */
- return -1;
+ END_PROFILE(SMBntrename);
+ return;
}
- return ERROR_NT(status);
+
+ reply_nterror(req, status);
+ END_PROFILE(SMBntrename);
+ return;
}
- outsize = set_message(inbuf,outbuf,0,0,False);
-
+ reply_outbuf(req, 0, 0);
+
END_PROFILE(SMBntrename);
- return(outsize);
+ return;
}
/****************************************************************************
- Reply to a notify change - queue the request and
+ Reply to a notify change - queue the request and
don't allow a directory to be opened.
****************************************************************************/
uint32 max_data_count)
{
char *params = *ppparams;
- pstring new_name;
+ char *new_name = NULL;
files_struct *fsp = NULL;
BOOL replace_if_exists = False;
BOOL dest_has_wcard = False;
NTSTATUS status;
+ TALLOC_CTX *ctx = talloc_tos();
if(parameter_count < 5) {
reply_doserror(req, ERRDOS, ERRbadfunc);
if (!check_fsp(conn, req, fsp, ¤t_user)) {
return;
}
- srvstr_get_path_wcard(params, req->flags2, new_name, params+4,
- sizeof(new_name), parameter_count - 4,
+ srvstr_get_path_wcard(ctx, params, req->flags2, &new_name, params+4,
+ parameter_count - 4,
STR_TERMINATE, &status, &dest_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
}
- status = rename_internals(conn, req, fsp->fsp_name,
- new_name, 0, replace_if_exists, False, dest_has_wcard);
+ status = rename_internals(ctx,
+ conn,
+ req,
+ fsp->fsp_name,
+ new_name,
+ 0,
+ replace_if_exists,
+ False,
+ dest_has_wcard);
if (!NT_STATUS_IS_OK(status)) {
if (open_was_deferred(req->mid)) {
* Rename was successful.
*/
send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
-
- DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
+
+ DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
fsp->fsp_name, new_name));
-
+
return;
}
security descriptor.\n"));
/*
* Return access denied for want of a better error message..
- */
+ */
talloc_destroy(mem_ctx);
reply_unixerror(req, ERRDOS, ERRnoaccess);
return;
send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
return;
}
-
+
/****************************************************************************
Reply to NT IOCTL
****************************************************************************/
DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum));
send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
return;
-
+
case FSCTL_CREATE_OR_GET_OBJECT_ID:
{
unsigned char objid[16];
DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
reply_nterror(req, NT_STATUS_NOT_A_REPARSE_POINT);
return;
-
+
case FSCTL_GET_SHADOW_COPY_DATA: /* don't know if this name is right...*/
{
/*
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
-
+
shadow_data->mem_ctx = shadow_mem_ctx;
-
+
/*
* Call the VFS routine to actually do the work.
*/
talloc_destroy(shadow_data->mem_ctx);
reply_nterror(req, NT_STATUS_NO_MEMORY);
return;
- }
+ }
cur_pdata = pdata;
return;
}
-
+
case FSCTL_FIND_FILES_BY_SID: /* I hope this name is right */
{
- /* pretend this succeeded -
- *
+ /* pretend this succeeded -
+ *
* we have to send back a list with all files owned by this SID
*
* but I have to check that --metze
DOM_SID sid;
uid_t uid;
size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
-
+
DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
if (!fsp_belongs_conn(conn, req, fsp, ¤t_user)) {
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
-
+
sid_parse(pdata+4,sid_len,&sid);
DEBUGADD(10,("for SID: %s\n",sid_string_static(&sid)));
sid_string_static(&sid),(unsigned long)sid_len));
uid = (-1);
}
-
+
/* we can take a look at the find source :-)
*
* find ./ -uid $uid -name '*' is what we need here
* (maybe we can hang the result anywhere in the fsp struct)
*
* we don't send all files at once
- * and at the next we should *not* start from the beginning,
- * so we have to cache the result
+ * and at the next we should *not* start from the beginning,
+ * so we have to cache the result
*
* --metze
*/
-
+
/* this works for now... */
send_nt_replies(req, NT_STATUS_OK, NULL, 0, NULL, 0);
return;
- }
+ }
default:
if (!logged_message) {
logged_message = True; /* Only print this once... */
#ifdef HAVE_SYS_QUOTAS
/****************************************************************************
- Reply to get user quota
+ Reply to get user quota
****************************************************************************/
static void call_nt_transact_get_user_quota(connection_struct *conn,
reply_doserror(req, ERRDOS, ERRinvalidparam);
return;
}
-
+
/* maybe we can check the quota_fnum */
fsp = file_fsp(SVAL(params,0));
if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->pd;
level = SVAL(params,2);
-
- /* unknown 12 bytes leading in params */
-
+
+ /* unknown 12 bytes leading in params */
+
switch (level) {
case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE:
/* seems that we should continue with the enum here --metze */
- if (qt_handle->quota_list!=NULL &&
+ if (qt_handle->quota_list!=NULL &&
qt_handle->tmp_list==NULL) {
-
+
/* free the list */
free_ntquota_list(&(qt_handle->quota_list));
/* we should not trust the value in max_data_count*/
max_data_count = MIN(max_data_count,2048);
-
+
pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
if(pdata == NULL) {
reply_doserror(req, ERRDOS, ERRnomem);
/* set params Size of returned Quota Data 4 bytes*/
/* but set it later when we know it */
-
+
/* for each entry push the data */
if (start_enum) {
/* nextoffset entry 4 bytes */
SIVAL(entry,0,entry_len);
-
+
/* then the len of the SID 4 bytes */
SIVAL(entry,4,sid_len);
-
+
/* unknown data 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-metze*/
-
+
/* the used disk space 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,16,tmp_list->quotas->usedspace);
-
+
/* the soft quotas 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,24,tmp_list->quotas->softlim);
-
+
/* the hard quotas 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
-
+
/* and now the SID */
sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
}
-
+
qt_handle->tmp_list = tmp_list;
-
+
/* overwrite the offset of the last entry */
SIVAL(entry-entry_len,0,0);
break;
case TRANSACT_GET_USER_QUOTA_FOR_SID:
-
- /* unknown 4 bytes IVAL(pdata,0) */
-
+
+ /* unknown 4 bytes IVAL(pdata,0) */
+
if (data_count < 8) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
reply_doserror(req, ERRDOS, ERRunknownlevel);
}
sid_parse(pdata+8,sid_len,&sid);
-
+
if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
ZERO_STRUCT(qt);
- /*
- * we have to return zero's in all fields
+ /*
+ * we have to return zero's in all fields
* instead of returning an error here
* --metze
*/
/* set params Size of returned Quota Data 4 bytes*/
SIVAL(params,0,data_len);
-
+
/* nextoffset entry 4 bytes */
SIVAL(entry,0,0);
-
+
/* then the len of the SID 4 bytes */
SIVAL(entry,4,sid_len);
-
+
/* unknown data 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-mezte*/
-
+
/* the used disk space 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,16,qt.usedspace);
-
+
/* the soft quotas 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,24,qt.softlim);
-
+
/* the hard quotas 8 bytes SMB_BIG_UINT */
SBIG_UINT(entry,32,qt.hardlim);
-
+
/* and now the SID */
sid_linearize(entry+40, sid_len, &sid);
reply_doserror(req, ERRDOS, ERRinvalidparam);
return;
}
-
+
/* maybe we can check the quota_fnum */
fsp = file_fsp(SVAL(params,0));
if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
return;
}
- /* unknown 8 bytes in pdata
+ /* unknown 8 bytes in pdata
* maybe its the change time in NTTIME
*/
return;
}
#endif /* LARGE_SMB_OFF_T */
-
+
sid_parse(pdata+40,sid_len,&sid);
DEBUGADD(8,("SID: %s\n",sid_string_static(&sid)));
&state->data, state->total_data,
state->max_data_return);
END_PROFILE(NT_transact_set_user_quota);
- break;
+ break;
}
#endif /* HAVE_SYS_QUOTAS */
state->setup = NULL;
state->call = function_code;
- /*
+ /*
* All nttrans messages we handle have smb_wct == 19 +
* state->setup_count. Ensure this is so as a sanity check.
*/
reply_doserror(req, ERRDOS, ERRnomem);
END_PROFILE(SMBnttrans);
return;
- }
+ }
if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
goto bad_param;
if ((smb_base(req->inbuf)+dsoff+dscnt
reply_doserror(req, ERRDOS, ERRnomem);
END_PROFILE(SMBnttrans);
return;
- }
+ }
if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
goto bad_param;
if ((smb_base(req->inbuf)+psoff+pscnt
END_PROFILE(SMBnttrans);
return;
}
-
+
/****************************************************************************
Reply to a SMBnttranss
****************************************************************************/
state->received_param += pcnt;
state->received_data += dcnt;
-
+
if ((state->received_data > state->total_data) ||
(state->received_param > state->total_param))
goto bad_param;
goto bad_param;
memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,
- dcnt);
+ dcnt);
}
if ((state->received_param < state->total_param) ||