2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
28 #include "smbd/globals.h"
30 extern enum protocol_types Protocol;
32 /****************************************************************************
33 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
34 path or anything including wildcards.
35 We're assuming here that '/' is not the second byte in any multibyte char
36 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
38 ****************************************************************************/
40 /* Custom version for processing POSIX paths. */
41 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
43 static NTSTATUS check_path_syntax_internal(char *path,
45 bool *p_last_component_contains_wcard)
49 NTSTATUS ret = NT_STATUS_OK;
50 bool start_of_name_component = True;
51 bool stream_started = false;
53 *p_last_component_contains_wcard = False;
60 return NT_STATUS_OBJECT_NAME_INVALID;
63 return NT_STATUS_OBJECT_NAME_INVALID;
65 if (strchr_m(&s[1], ':')) {
66 return NT_STATUS_OBJECT_NAME_INVALID;
68 if (StrCaseCmp(s, ":$DATA") != 0) {
69 return NT_STATUS_INVALID_PARAMETER;
75 if (!posix_path && !stream_started && *s == ':') {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
85 stream_started = true;
86 start_of_name_component = false;
90 return NT_STATUS_OBJECT_NAME_INVALID;
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
108 start_of_name_component = True;
110 *p_last_component_contains_wcard = False;
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
119 * No mb char starts with '.' so we're safe checking the directory separator here.
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
128 /* Are we at the start ? Can't go back further if so. */
130 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
133 /* Go back one level... */
134 /* We know this is safe as '/' cannot be part of a mb sequence. */
135 /* NOTE - if this assumption is invalid we are not in good shape... */
136 /* Decrement d first as d points to the *next* char to write into. */
137 for (d--; d > path; d--) {
141 s += 2; /* Else go past the .. */
142 /* We're still at the start of a name component, just the previous one. */
145 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
157 if (*s <= 0x1f || *s == '|') {
158 return NT_STATUS_OBJECT_NAME_INVALID;
166 *p_last_component_contains_wcard = True;
175 /* Get the size of the next MB character. */
176 next_codepoint(s,&siz);
194 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
196 return NT_STATUS_INVALID_PARAMETER;
199 start_of_name_component = False;
207 /****************************************************************************
208 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
209 No wildcards allowed.
210 ****************************************************************************/
212 NTSTATUS check_path_syntax(char *path)
215 return check_path_syntax_internal(path, False, &ignore);
218 /****************************************************************************
219 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
220 Wildcards allowed - p_contains_wcard returns true if the last component contained
222 ****************************************************************************/
224 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
226 return check_path_syntax_internal(path, False, p_contains_wcard);
229 /****************************************************************************
230 Check the path for a POSIX client.
231 We're assuming here that '/' is not the second byte in any multibyte char
232 set (a safe assumption).
233 ****************************************************************************/
235 NTSTATUS check_path_syntax_posix(char *path)
238 return check_path_syntax_internal(path, True, &ignore);
241 /****************************************************************************
242 Pull a string and check the path allowing a wilcard - provide for error return.
243 ****************************************************************************/
245 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
246 const char *base_ptr,
253 bool *contains_wcard)
259 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
263 *err = NT_STATUS_INVALID_PARAMETER;
267 *contains_wcard = False;
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(*pp_dest);
281 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
287 /****************************************************************************
288 Pull a string and check the path - provide for error return.
289 ****************************************************************************/
291 size_t srvstr_get_path(TALLOC_CTX *ctx,
292 const char *base_ptr,
301 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
302 src_len, flags, err, &ignore);
305 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
306 char **pp_dest, const char *src, int flags,
307 NTSTATUS *err, bool *contains_wcard)
309 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
310 pp_dest, src, smbreq_bufrem(req, src),
311 flags, err, contains_wcard);
314 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
315 char **pp_dest, const char *src, int flags,
319 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
320 flags, err, &ignore);
323 /****************************************************************************
324 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
325 ****************************************************************************/
327 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
330 if (!(fsp) || !(conn)) {
331 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
334 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
341 /****************************************************************************
342 Check if we have a correct fsp pointing to a file.
343 ****************************************************************************/
345 bool check_fsp(connection_struct *conn, struct smb_request *req,
348 if (!check_fsp_open(conn, req, fsp)) {
351 if ((fsp)->is_directory) {
352 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
355 if ((fsp)->fh->fd == -1) {
356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
359 (fsp)->num_smb_operations++;
363 /****************************************************************************
364 Check if we have a correct fsp pointing to a quota fake file. Replacement for
365 the CHECK_NTQUOTA_HANDLE_OK macro.
366 ****************************************************************************/
368 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
371 if (!check_fsp_open(conn, req, fsp)) {
375 if (fsp->is_directory) {
379 if (fsp->fake_file_handle == NULL) {
383 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
387 if (fsp->fake_file_handle->private_data == NULL) {
394 /****************************************************************************
395 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
396 ****************************************************************************/
398 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
401 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
402 && (req->vuid == (fsp)->vuid)) {
406 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
410 static bool netbios_session_retarget(const char *name, int name_type)
413 char *trim_name_type;
414 const char *retarget_parm;
417 int retarget_type = 0x20;
418 int retarget_port = 139;
419 struct sockaddr_storage retarget_addr;
420 struct sockaddr_in *in_addr;
424 if (get_socket_port(smbd_server_fd()) != 139) {
428 trim_name = talloc_strdup(talloc_tos(), name);
429 if (trim_name == NULL) {
432 trim_char(trim_name, ' ', ' ');
434 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
436 if (trim_name_type == NULL) {
440 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 trim_name_type, NULL);
442 if (retarget_parm == NULL) {
443 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
446 if (retarget_parm == NULL) {
450 retarget = talloc_strdup(trim_name, retarget_parm);
451 if (retarget == NULL) {
455 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
457 p = strchr(retarget, ':');
460 retarget_port = atoi(p);
463 p = strchr_m(retarget, '#');
466 sscanf(p, "%x", &retarget_type);
469 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
471 DEBUG(10, ("could not resolve %s\n", retarget));
475 if (retarget_addr.ss_family != AF_INET) {
476 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
480 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
482 _smb_setlen(outbuf, 6);
483 SCVAL(outbuf, 0, 0x84);
484 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
485 *(uint16_t *)(outbuf+8) = htons(retarget_port);
487 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
489 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
495 TALLOC_FREE(trim_name);
499 /****************************************************************************
500 Reply to a (netbios-level) special message.
501 ****************************************************************************/
503 void reply_special(char *inbuf)
505 int msg_type = CVAL(inbuf,0);
506 int msg_flags = CVAL(inbuf,1);
508 char name_type1, name_type2;
509 struct smbd_server_connection *sconn = smbd_server_conn;
512 * We only really use 4 bytes of the outbuf, but for the smb_setlen
513 * calculation & friends (srv_send_smb uses that) we need the full smb
516 char outbuf[smb_size];
520 memset(outbuf, '\0', sizeof(outbuf));
522 smb_setlen(outbuf,0);
525 case 0x81: /* session request */
527 if (sconn->nbt.got_session) {
528 exit_server_cleanly("multiple session request not permitted");
531 SCVAL(outbuf,0,0x82);
533 if (name_len(inbuf+4) > 50 ||
534 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
535 DEBUG(0,("Invalid name length in session request\n"));
538 name_type1 = name_extract(inbuf,4,name1);
539 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
540 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
541 name1, name_type1, name2, name_type2));
543 if (netbios_session_retarget(name1, name_type1)) {
544 exit_server_cleanly("retargeted client");
547 set_local_machine_name(name1, True);
548 set_remote_machine_name(name2, True);
550 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
551 get_local_machine_name(), get_remote_machine_name(),
554 if (name_type2 == 'R') {
555 /* We are being asked for a pathworks session ---
557 SCVAL(outbuf, 0,0x83);
561 /* only add the client's machine name to the list
562 of possibly valid usernames if we are operating
563 in share mode security */
564 if (lp_security() == SEC_SHARE) {
565 add_session_user(sconn, get_remote_machine_name());
568 reload_services(True);
571 sconn->nbt.got_session = true;
574 case 0x89: /* session keepalive request
575 (some old clients produce this?) */
576 SCVAL(outbuf,0,SMBkeepalive);
580 case 0x82: /* positive session response */
581 case 0x83: /* negative session response */
582 case 0x84: /* retarget session response */
583 DEBUG(0,("Unexpected session response\n"));
586 case SMBkeepalive: /* session keepalive */
591 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
592 msg_type, msg_flags));
594 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
598 /****************************************************************************
600 conn POINTER CAN BE NULL HERE !
601 ****************************************************************************/
603 void reply_tcon(struct smb_request *req)
605 connection_struct *conn = req->conn;
607 char *service_buf = NULL;
608 char *password = NULL;
613 DATA_BLOB password_blob;
614 TALLOC_CTX *ctx = talloc_tos();
615 struct smbd_server_connection *sconn = smbd_server_conn;
617 START_PROFILE(SMBtcon);
619 if (req->buflen < 4) {
620 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
621 END_PROFILE(SMBtcon);
625 p = (const char *)req->buf + 1;
626 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
628 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
630 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
633 if (service_buf == NULL || password == NULL || dev == NULL) {
634 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
635 END_PROFILE(SMBtcon);
638 p = strrchr_m(service_buf,'\\');
642 service = service_buf;
645 password_blob = data_blob(password, pwlen+1);
647 conn = make_connection(sconn,service,password_blob,dev,
648 req->vuid,&nt_status);
651 data_blob_clear_free(&password_blob);
654 reply_nterror(req, nt_status);
655 END_PROFILE(SMBtcon);
659 reply_outbuf(req, 2, 0);
660 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
661 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
662 SSVAL(req->outbuf,smb_tid,conn->cnum);
664 DEBUG(3,("tcon service=%s cnum=%d\n",
665 service, conn->cnum));
667 END_PROFILE(SMBtcon);
671 /****************************************************************************
672 Reply to a tcon and X.
673 conn POINTER CAN BE NULL HERE !
674 ****************************************************************************/
676 void reply_tcon_and_X(struct smb_request *req)
678 connection_struct *conn = req->conn;
679 const char *service = NULL;
681 TALLOC_CTX *ctx = talloc_tos();
682 /* what the cleint thinks the device is */
683 char *client_devicetype = NULL;
684 /* what the server tells the client the share represents */
685 const char *server_devicetype;
691 struct smbd_server_connection *sconn = smbd_server_conn;
693 START_PROFILE(SMBtconX);
696 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
697 END_PROFILE(SMBtconX);
701 passlen = SVAL(req->vwv+3, 0);
702 tcon_flags = SVAL(req->vwv+2, 0);
704 /* we might have to close an old one */
705 if ((tcon_flags & 0x1) && conn) {
706 close_cnum(conn,req->vuid);
711 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
712 reply_doserror(req, ERRDOS, ERRbuftoosmall);
713 END_PROFILE(SMBtconX);
717 if (sconn->smb1.negprot.encrypted_passwords) {
718 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
719 if (lp_security() == SEC_SHARE) {
721 * Security = share always has a pad byte
722 * after the password.
724 p = (const char *)req->buf + passlen + 1;
726 p = (const char *)req->buf + passlen;
729 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
730 /* Ensure correct termination */
731 password.data[passlen]=0;
732 p = (const char *)req->buf + passlen + 1;
735 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
738 data_blob_clear_free(&password);
739 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
740 END_PROFILE(SMBtconX);
745 * the service name can be either: \\server\share
746 * or share directly like on the DELL PowerVault 705
749 q = strchr_m(path+2,'\\');
751 data_blob_clear_free(&password);
752 reply_doserror(req, ERRDOS, ERRnosuchshare);
753 END_PROFILE(SMBtconX);
761 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
762 &client_devicetype, p,
763 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
765 if (client_devicetype == NULL) {
766 data_blob_clear_free(&password);
767 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
768 END_PROFILE(SMBtconX);
772 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
774 conn = make_connection(sconn, service, password, client_devicetype,
775 req->vuid, &nt_status);
778 data_blob_clear_free(&password);
781 reply_nterror(req, nt_status);
782 END_PROFILE(SMBtconX);
787 server_devicetype = "IPC";
788 else if ( IS_PRINT(conn) )
789 server_devicetype = "LPT1:";
791 server_devicetype = "A:";
793 if (Protocol < PROTOCOL_NT1) {
794 reply_outbuf(req, 2, 0);
795 if (message_push_string(&req->outbuf, server_devicetype,
796 STR_TERMINATE|STR_ASCII) == -1) {
797 reply_nterror(req, NT_STATUS_NO_MEMORY);
798 END_PROFILE(SMBtconX);
802 /* NT sets the fstype of IPC$ to the null string */
803 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
805 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
806 /* Return permissions. */
810 reply_outbuf(req, 7, 0);
813 perm1 = FILE_ALL_ACCESS;
814 perm2 = FILE_ALL_ACCESS;
816 perm1 = CAN_WRITE(conn) ?
821 SIVAL(req->outbuf, smb_vwv3, perm1);
822 SIVAL(req->outbuf, smb_vwv5, perm2);
824 reply_outbuf(req, 3, 0);
827 if ((message_push_string(&req->outbuf, server_devicetype,
828 STR_TERMINATE|STR_ASCII) == -1)
829 || (message_push_string(&req->outbuf, fstype,
830 STR_TERMINATE) == -1)) {
831 reply_nterror(req, NT_STATUS_NO_MEMORY);
832 END_PROFILE(SMBtconX);
836 /* what does setting this bit do? It is set by NT4 and
837 may affect the ability to autorun mounted cdroms */
838 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
839 (lp_csc_policy(SNUM(conn)) << 2));
841 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
842 DEBUG(2,("Serving %s as a Dfs root\n",
843 lp_servicename(SNUM(conn)) ));
844 SSVAL(req->outbuf, smb_vwv2,
845 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
850 DEBUG(3,("tconX service=%s \n",
853 /* set the incoming and outgoing tid to the just created one */
854 SSVAL(req->inbuf,smb_tid,conn->cnum);
855 SSVAL(req->outbuf,smb_tid,conn->cnum);
857 END_PROFILE(SMBtconX);
859 req->tid = conn->cnum;
864 /****************************************************************************
865 Reply to an unknown type.
866 ****************************************************************************/
868 void reply_unknown_new(struct smb_request *req, uint8 type)
870 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
871 smb_fn_name(type), type, type));
872 reply_doserror(req, ERRSRV, ERRunknownsmb);
876 /****************************************************************************
878 conn POINTER CAN BE NULL HERE !
879 ****************************************************************************/
881 void reply_ioctl(struct smb_request *req)
883 connection_struct *conn = req->conn;
890 START_PROFILE(SMBioctl);
893 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
894 END_PROFILE(SMBioctl);
898 device = SVAL(req->vwv+1, 0);
899 function = SVAL(req->vwv+2, 0);
900 ioctl_code = (device << 16) + function;
902 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
904 switch (ioctl_code) {
905 case IOCTL_QUERY_JOB_INFO:
909 reply_doserror(req, ERRSRV, ERRnosupport);
910 END_PROFILE(SMBioctl);
914 reply_outbuf(req, 8, replysize+1);
915 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
916 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
917 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
918 p = smb_buf(req->outbuf);
919 memset(p, '\0', replysize+1); /* valgrind-safe. */
920 p += 1; /* Allow for alignment */
922 switch (ioctl_code) {
923 case IOCTL_QUERY_JOB_INFO:
925 files_struct *fsp = file_fsp(
926 req, SVAL(req->vwv+0, 0));
928 reply_doserror(req, ERRDOS, ERRbadfid);
929 END_PROFILE(SMBioctl);
932 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
933 srvstr_push((char *)req->outbuf, req->flags2, p+2,
935 STR_TERMINATE|STR_ASCII);
937 srvstr_push((char *)req->outbuf, req->flags2,
938 p+18, lp_servicename(SNUM(conn)),
939 13, STR_TERMINATE|STR_ASCII);
947 END_PROFILE(SMBioctl);
951 /****************************************************************************
952 Strange checkpath NTSTATUS mapping.
953 ****************************************************************************/
955 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
957 /* Strange DOS error code semantics only for checkpath... */
958 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
959 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
960 /* We need to map to ERRbadpath */
961 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
967 /****************************************************************************
968 Reply to a checkpath.
969 ****************************************************************************/
971 void reply_checkpath(struct smb_request *req)
973 connection_struct *conn = req->conn;
974 struct smb_filename *smb_fname = NULL;
977 TALLOC_CTX *ctx = talloc_tos();
979 START_PROFILE(SMBcheckpath);
981 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
982 STR_TERMINATE, &status);
984 if (!NT_STATUS_IS_OK(status)) {
985 status = map_checkpath_error(req->flags2, status);
986 reply_nterror(req, status);
987 END_PROFILE(SMBcheckpath);
991 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
993 status = filename_convert(ctx,
995 req->flags2 & FLAGS2_DFS_PATHNAMES,
1001 if (!NT_STATUS_IS_OK(status)) {
1002 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1003 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1004 ERRSRV, ERRbadpath);
1005 END_PROFILE(SMBcheckpath);
1011 if (!VALID_STAT(smb_fname->st) &&
1012 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1013 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1014 smb_fname_str_dbg(smb_fname), strerror(errno)));
1015 status = map_nt_error_from_unix(errno);
1019 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1020 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1021 ERRDOS, ERRbadpath);
1025 reply_outbuf(req, 0, 0);
1028 /* We special case this - as when a Windows machine
1029 is parsing a path is steps through the components
1030 one at a time - if a component fails it expects
1031 ERRbadpath, not ERRbadfile.
1033 status = map_checkpath_error(req->flags2, status);
1034 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1036 * Windows returns different error codes if
1037 * the parent directory is valid but not the
1038 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1039 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1040 * if the path is invalid.
1042 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1043 ERRDOS, ERRbadpath);
1047 reply_nterror(req, status);
1050 TALLOC_FREE(smb_fname);
1051 END_PROFILE(SMBcheckpath);
1055 /****************************************************************************
1057 ****************************************************************************/
1059 void reply_getatr(struct smb_request *req)
1061 connection_struct *conn = req->conn;
1062 struct smb_filename *smb_fname = NULL;
1069 TALLOC_CTX *ctx = talloc_tos();
1070 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1072 START_PROFILE(SMBgetatr);
1074 p = (const char *)req->buf + 1;
1075 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1076 if (!NT_STATUS_IS_OK(status)) {
1077 reply_nterror(req, status);
1081 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1082 under WfWg - weird! */
1083 if (*fname == '\0') {
1084 mode = aHIDDEN | aDIR;
1085 if (!CAN_WRITE(conn)) {
1091 status = filename_convert(ctx,
1093 req->flags2 & FLAGS2_DFS_PATHNAMES,
1098 if (!NT_STATUS_IS_OK(status)) {
1099 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1100 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1101 ERRSRV, ERRbadpath);
1104 reply_nterror(req, status);
1107 if (!VALID_STAT(smb_fname->st) &&
1108 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1109 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1110 smb_fname_str_dbg(smb_fname),
1112 reply_nterror(req, map_nt_error_from_unix(errno));
1116 mode = dos_mode(conn, smb_fname);
1117 size = smb_fname->st.st_ex_size;
1119 if (ask_sharemode) {
1120 struct timespec write_time_ts;
1121 struct file_id fileid;
1123 ZERO_STRUCT(write_time_ts);
1124 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1125 get_file_infos(fileid, NULL, &write_time_ts);
1126 if (!null_timespec(write_time_ts)) {
1127 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1131 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1137 reply_outbuf(req, 10, 0);
1139 SSVAL(req->outbuf,smb_vwv0,mode);
1140 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1141 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1143 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1145 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1147 if (Protocol >= PROTOCOL_NT1) {
1148 SSVAL(req->outbuf, smb_flg2,
1149 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1152 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1153 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1156 TALLOC_FREE(smb_fname);
1158 END_PROFILE(SMBgetatr);
1162 /****************************************************************************
1164 ****************************************************************************/
1166 void reply_setatr(struct smb_request *req)
1168 struct smb_file_time ft;
1169 connection_struct *conn = req->conn;
1170 struct smb_filename *smb_fname = NULL;
1176 TALLOC_CTX *ctx = talloc_tos();
1178 START_PROFILE(SMBsetatr);
1183 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1187 p = (const char *)req->buf + 1;
1188 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1189 if (!NT_STATUS_IS_OK(status)) {
1190 reply_nterror(req, status);
1194 status = filename_convert(ctx,
1196 req->flags2 & FLAGS2_DFS_PATHNAMES,
1201 if (!NT_STATUS_IS_OK(status)) {
1202 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1203 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1204 ERRSRV, ERRbadpath);
1207 reply_nterror(req, status);
1211 if (smb_fname->base_name[0] == '.' &&
1212 smb_fname->base_name[1] == '\0') {
1214 * Not sure here is the right place to catch this
1215 * condition. Might be moved to somewhere else later -- vl
1217 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1221 mode = SVAL(req->vwv+0, 0);
1222 mtime = srv_make_unix_date3(req->vwv+1);
1224 ft.mtime = convert_time_t_to_timespec(mtime);
1225 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1226 if (!NT_STATUS_IS_OK(status)) {
1227 reply_nterror(req, status);
1231 if (mode != FILE_ATTRIBUTE_NORMAL) {
1232 if (VALID_STAT_OF_DIR(smb_fname->st))
1237 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1239 reply_nterror(req, map_nt_error_from_unix(errno));
1244 reply_outbuf(req, 0, 0);
1246 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1249 TALLOC_FREE(smb_fname);
1250 END_PROFILE(SMBsetatr);
1254 /****************************************************************************
1256 ****************************************************************************/
1258 void reply_dskattr(struct smb_request *req)
1260 connection_struct *conn = req->conn;
1261 uint64_t dfree,dsize,bsize;
1262 START_PROFILE(SMBdskattr);
1264 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1265 reply_nterror(req, map_nt_error_from_unix(errno));
1266 END_PROFILE(SMBdskattr);
1270 reply_outbuf(req, 5, 0);
1272 if (Protocol <= PROTOCOL_LANMAN2) {
1273 double total_space, free_space;
1274 /* we need to scale this to a number that DOS6 can handle. We
1275 use floating point so we can handle large drives on systems
1276 that don't have 64 bit integers
1278 we end up displaying a maximum of 2G to DOS systems
1280 total_space = dsize * (double)bsize;
1281 free_space = dfree * (double)bsize;
1283 dsize = (uint64_t)((total_space+63*512) / (64*512));
1284 dfree = (uint64_t)((free_space+63*512) / (64*512));
1286 if (dsize > 0xFFFF) dsize = 0xFFFF;
1287 if (dfree > 0xFFFF) dfree = 0xFFFF;
1289 SSVAL(req->outbuf,smb_vwv0,dsize);
1290 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1291 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1292 SSVAL(req->outbuf,smb_vwv3,dfree);
1294 SSVAL(req->outbuf,smb_vwv0,dsize);
1295 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1296 SSVAL(req->outbuf,smb_vwv2,512);
1297 SSVAL(req->outbuf,smb_vwv3,dfree);
1300 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1302 END_PROFILE(SMBdskattr);
1307 * Utility function to split the filename from the directory.
1309 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1310 char **fname_dir_out,
1311 char **fname_mask_out)
1313 const char *p = NULL;
1314 char *fname_dir = NULL;
1315 char *fname_mask = NULL;
1317 p = strrchr_m(fname_in, '/');
1319 fname_dir = talloc_strdup(ctx, ".");
1320 fname_mask = talloc_strdup(ctx, fname_in);
1322 fname_dir = talloc_strndup(ctx, fname_in,
1323 PTR_DIFF(p, fname_in));
1324 fname_mask = talloc_strdup(ctx, p+1);
1327 if (!fname_dir || !fname_mask) {
1328 TALLOC_FREE(fname_dir);
1329 TALLOC_FREE(fname_mask);
1330 return NT_STATUS_NO_MEMORY;
1333 *fname_dir_out = fname_dir;
1334 *fname_mask_out = fname_mask;
1335 return NT_STATUS_OK;
1338 /****************************************************************************
1340 Can be called from SMBsearch, SMBffirst or SMBfunique.
1341 ****************************************************************************/
1343 void reply_search(struct smb_request *req)
1345 connection_struct *conn = req->conn;
1347 const char *mask = NULL;
1348 char *directory = NULL;
1349 struct smb_filename *smb_fname = NULL;
1353 struct timespec date;
1355 unsigned int numentries = 0;
1356 unsigned int maxentries = 0;
1357 bool finished = False;
1362 bool check_descend = False;
1363 bool expect_close = False;
1365 bool mask_contains_wcard = False;
1366 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1367 TALLOC_CTX *ctx = talloc_tos();
1368 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1370 START_PROFILE(SMBsearch);
1373 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1377 if (lp_posix_pathnames()) {
1378 reply_unknown_new(req, req->cmd);
1382 /* If we were called as SMBffirst then we must expect close. */
1383 if(req->cmd == SMBffirst) {
1384 expect_close = True;
1387 reply_outbuf(req, 1, 3);
1388 maxentries = SVAL(req->vwv+0, 0);
1389 dirtype = SVAL(req->vwv+1, 0);
1390 p = (const char *)req->buf + 1;
1391 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1392 &nt_status, &mask_contains_wcard);
1393 if (!NT_STATUS_IS_OK(nt_status)) {
1394 reply_nterror(req, nt_status);
1399 status_len = SVAL(p, 0);
1402 /* dirtype &= ~aDIR; */
1404 if (status_len == 0) {
1405 nt_status = filename_convert(ctx, conn,
1406 req->flags2 & FLAGS2_DFS_PATHNAMES,
1408 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1409 &mask_contains_wcard,
1411 if (!NT_STATUS_IS_OK(nt_status)) {
1412 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1413 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1414 ERRSRV, ERRbadpath);
1417 reply_nterror(req, nt_status);
1421 directory = smb_fname->base_name;
1423 p = strrchr_m(directory,'/');
1424 if ((p != NULL) && (*directory != '/')) {
1426 directory = talloc_strndup(ctx, directory,
1427 PTR_DIFF(p, directory));
1430 directory = talloc_strdup(ctx,".");
1434 reply_nterror(req, NT_STATUS_NO_MEMORY);
1438 memset((char *)status,'\0',21);
1439 SCVAL(status,0,(dirtype & 0x1F));
1441 nt_status = dptr_create(conn,
1447 mask_contains_wcard,
1450 if (!NT_STATUS_IS_OK(nt_status)) {
1451 reply_nterror(req, nt_status);
1454 dptr_num = dptr_dnum(conn->dirptr);
1458 memcpy(status,p,21);
1459 status_dirtype = CVAL(status,0) & 0x1F;
1460 if (status_dirtype != (dirtype & 0x1F)) {
1461 dirtype = status_dirtype;
1464 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1465 if (!conn->dirptr) {
1468 string_set(&conn->dirpath,dptr_path(dptr_num));
1469 mask = dptr_wcard(dptr_num);
1474 * For a 'continue' search we have no string. So
1475 * check from the initial saved string.
1477 mask_contains_wcard = ms_has_wild(mask);
1478 dirtype = dptr_attr(dptr_num);
1481 DEBUG(4,("dptr_num is %d\n",dptr_num));
1483 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1484 dptr_init_search_op(conn->dirptr);
1486 if ((dirtype&0x1F) == aVOLID) {
1487 char buf[DIR_STRUCT_SIZE];
1488 memcpy(buf,status,21);
1489 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1490 0,aVOLID,0,!allow_long_path_components)) {
1491 reply_nterror(req, NT_STATUS_NO_MEMORY);
1494 dptr_fill(buf+12,dptr_num);
1495 if (dptr_zero(buf+12) && (status_len==0)) {
1500 if (message_push_blob(&req->outbuf,
1501 data_blob_const(buf, sizeof(buf)))
1503 reply_nterror(req, NT_STATUS_NO_MEMORY);
1511 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1514 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1515 conn->dirpath,lp_dontdescend(SNUM(conn))));
1516 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1517 check_descend = True;
1520 for (i=numentries;(i<maxentries) && !finished;i++) {
1521 finished = !get_dir_entry(ctx,
1532 char buf[DIR_STRUCT_SIZE];
1533 memcpy(buf,status,21);
1534 if (!make_dir_struct(ctx,
1540 convert_timespec_to_time_t(date),
1541 !allow_long_path_components)) {
1542 reply_nterror(req, NT_STATUS_NO_MEMORY);
1545 if (!dptr_fill(buf+12,dptr_num)) {
1548 if (message_push_blob(&req->outbuf,
1549 data_blob_const(buf, sizeof(buf)))
1551 reply_nterror(req, NT_STATUS_NO_MEMORY);
1561 /* If we were called as SMBffirst with smb_search_id == NULL
1562 and no entries were found then return error and close dirptr
1565 if (numentries == 0) {
1566 dptr_close(&dptr_num);
1567 } else if(expect_close && status_len == 0) {
1568 /* Close the dptr - we know it's gone */
1569 dptr_close(&dptr_num);
1572 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1573 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1574 dptr_close(&dptr_num);
1577 if ((numentries == 0) && !mask_contains_wcard) {
1578 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1582 SSVAL(req->outbuf,smb_vwv0,numentries);
1583 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1584 SCVAL(smb_buf(req->outbuf),0,5);
1585 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1587 /* The replies here are never long name. */
1588 SSVAL(req->outbuf, smb_flg2,
1589 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1590 if (!allow_long_path_components) {
1591 SSVAL(req->outbuf, smb_flg2,
1592 SVAL(req->outbuf, smb_flg2)
1593 & (~FLAGS2_LONG_PATH_COMPONENTS));
1596 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1597 SSVAL(req->outbuf, smb_flg2,
1598 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1601 directory = dptr_path(dptr_num);
1604 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1605 smb_fn_name(req->cmd),
1607 directory ? directory : "./",
1612 TALLOC_FREE(smb_fname);
1613 END_PROFILE(SMBsearch);
1617 /****************************************************************************
1618 Reply to a fclose (stop directory search).
1619 ****************************************************************************/
1621 void reply_fclose(struct smb_request *req)
1629 bool path_contains_wcard = False;
1630 TALLOC_CTX *ctx = talloc_tos();
1632 START_PROFILE(SMBfclose);
1634 if (lp_posix_pathnames()) {
1635 reply_unknown_new(req, req->cmd);
1636 END_PROFILE(SMBfclose);
1640 p = (const char *)req->buf + 1;
1641 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1642 &err, &path_contains_wcard);
1643 if (!NT_STATUS_IS_OK(err)) {
1644 reply_nterror(req, err);
1645 END_PROFILE(SMBfclose);
1649 status_len = SVAL(p,0);
1652 if (status_len == 0) {
1653 reply_doserror(req, ERRSRV, ERRsrverror);
1654 END_PROFILE(SMBfclose);
1658 memcpy(status,p,21);
1660 if(dptr_fetch(status+12,&dptr_num)) {
1661 /* Close the dptr - we know it's gone */
1662 dptr_close(&dptr_num);
1665 reply_outbuf(req, 1, 0);
1666 SSVAL(req->outbuf,smb_vwv0,0);
1668 DEBUG(3,("search close\n"));
1670 END_PROFILE(SMBfclose);
1674 /****************************************************************************
1676 ****************************************************************************/
1678 void reply_open(struct smb_request *req)
1680 connection_struct *conn = req->conn;
1681 struct smb_filename *smb_fname = NULL;
1693 uint32 create_disposition;
1694 uint32 create_options = 0;
1696 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1697 TALLOC_CTX *ctx = talloc_tos();
1699 START_PROFILE(SMBopen);
1702 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1706 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1707 deny_mode = SVAL(req->vwv+0, 0);
1708 dos_attr = SVAL(req->vwv+1, 0);
1710 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1711 STR_TERMINATE, &status);
1712 if (!NT_STATUS_IS_OK(status)) {
1713 reply_nterror(req, status);
1717 status = filename_convert(ctx,
1719 req->flags2 & FLAGS2_DFS_PATHNAMES,
1724 if (!NT_STATUS_IS_OK(status)) {
1725 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1726 reply_botherror(req,
1727 NT_STATUS_PATH_NOT_COVERED,
1728 ERRSRV, ERRbadpath);
1731 reply_nterror(req, status);
1735 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1736 OPENX_FILE_EXISTS_OPEN, &access_mask,
1737 &share_mode, &create_disposition,
1739 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1743 status = SMB_VFS_CREATE_FILE(
1746 0, /* root_dir_fid */
1747 smb_fname, /* fname */
1748 access_mask, /* access_mask */
1749 share_mode, /* share_access */
1750 create_disposition, /* create_disposition*/
1751 create_options, /* create_options */
1752 dos_attr, /* file_attributes */
1753 oplock_request, /* oplock_request */
1754 0, /* allocation_size */
1760 if (!NT_STATUS_IS_OK(status)) {
1761 if (open_was_deferred(req->mid)) {
1762 /* We have re-scheduled this call. */
1765 reply_openerror(req, status);
1769 size = smb_fname->st.st_ex_size;
1770 fattr = dos_mode(conn, smb_fname);
1772 /* Deal with other possible opens having a modified
1774 if (ask_sharemode) {
1775 struct timespec write_time_ts;
1777 ZERO_STRUCT(write_time_ts);
1778 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1779 if (!null_timespec(write_time_ts)) {
1780 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1784 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1787 DEBUG(3,("attempt to open a directory %s\n",
1789 close_file(req, fsp, ERROR_CLOSE);
1790 reply_doserror(req, ERRDOS,ERRnoaccess);
1794 reply_outbuf(req, 7, 0);
1795 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1796 SSVAL(req->outbuf,smb_vwv1,fattr);
1797 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1798 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1800 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1802 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1803 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1805 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1806 SCVAL(req->outbuf,smb_flg,
1807 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1810 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1811 SCVAL(req->outbuf,smb_flg,
1812 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1815 TALLOC_FREE(smb_fname);
1816 END_PROFILE(SMBopen);
1820 /****************************************************************************
1821 Reply to an open and X.
1822 ****************************************************************************/
1824 void reply_open_and_X(struct smb_request *req)
1826 connection_struct *conn = req->conn;
1827 struct smb_filename *smb_fname = NULL;
1832 /* Breakout the oplock request bits so we can set the
1833 reply bits separately. */
1834 int ex_oplock_request;
1835 int core_oplock_request;
1838 int smb_sattr = SVAL(req->vwv+4, 0);
1839 uint32 smb_time = make_unix_date3(req->vwv+6);
1847 uint64_t allocation_size;
1848 ssize_t retval = -1;
1851 uint32 create_disposition;
1852 uint32 create_options = 0;
1853 TALLOC_CTX *ctx = talloc_tos();
1855 START_PROFILE(SMBopenX);
1857 if (req->wct < 15) {
1858 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1862 open_flags = SVAL(req->vwv+2, 0);
1863 deny_mode = SVAL(req->vwv+3, 0);
1864 smb_attr = SVAL(req->vwv+5, 0);
1865 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1866 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1867 oplock_request = ex_oplock_request | core_oplock_request;
1868 smb_ofun = SVAL(req->vwv+8, 0);
1869 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1871 /* If it's an IPC, pass off the pipe handler. */
1873 if (lp_nt_pipe_support()) {
1874 reply_open_pipe_and_X(conn, req);
1876 reply_doserror(req, ERRSRV, ERRaccess);
1881 /* XXXX we need to handle passed times, sattr and flags */
1882 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1883 STR_TERMINATE, &status);
1884 if (!NT_STATUS_IS_OK(status)) {
1885 reply_nterror(req, status);
1889 status = filename_convert(ctx,
1891 req->flags2 & FLAGS2_DFS_PATHNAMES,
1896 if (!NT_STATUS_IS_OK(status)) {
1897 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1898 reply_botherror(req,
1899 NT_STATUS_PATH_NOT_COVERED,
1900 ERRSRV, ERRbadpath);
1903 reply_nterror(req, status);
1907 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1908 &access_mask, &share_mode,
1909 &create_disposition,
1911 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1915 status = SMB_VFS_CREATE_FILE(
1918 0, /* root_dir_fid */
1919 smb_fname, /* fname */
1920 access_mask, /* access_mask */
1921 share_mode, /* share_access */
1922 create_disposition, /* create_disposition*/
1923 create_options, /* create_options */
1924 smb_attr, /* file_attributes */
1925 oplock_request, /* oplock_request */
1926 0, /* allocation_size */
1930 &smb_action); /* pinfo */
1932 if (!NT_STATUS_IS_OK(status)) {
1933 if (open_was_deferred(req->mid)) {
1934 /* We have re-scheduled this call. */
1937 reply_openerror(req, status);
1941 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1942 if the file is truncated or created. */
1943 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1944 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1945 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1946 close_file(req, fsp, ERROR_CLOSE);
1947 reply_nterror(req, NT_STATUS_DISK_FULL);
1950 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1952 close_file(req, fsp, ERROR_CLOSE);
1953 reply_nterror(req, NT_STATUS_DISK_FULL);
1956 smb_fname->st.st_ex_size =
1957 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1960 fattr = dos_mode(conn, smb_fname);
1961 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1963 close_file(req, fsp, ERROR_CLOSE);
1964 reply_doserror(req, ERRDOS, ERRnoaccess);
1968 /* If the caller set the extended oplock request bit
1969 and we granted one (by whatever means) - set the
1970 correct bit for extended oplock reply.
1973 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1974 smb_action |= EXTENDED_OPLOCK_GRANTED;
1977 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1978 smb_action |= EXTENDED_OPLOCK_GRANTED;
1981 /* If the caller set the core oplock request bit
1982 and we granted one (by whatever means) - set the
1983 correct bit for core oplock reply.
1986 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1987 reply_outbuf(req, 19, 0);
1989 reply_outbuf(req, 15, 0);
1992 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1993 SCVAL(req->outbuf, smb_flg,
1994 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1997 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1998 SCVAL(req->outbuf, smb_flg,
1999 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2002 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2003 SSVAL(req->outbuf,smb_vwv3,fattr);
2004 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2005 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2007 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2009 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2010 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2011 SSVAL(req->outbuf,smb_vwv11,smb_action);
2013 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2014 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
2019 TALLOC_FREE(smb_fname);
2020 END_PROFILE(SMBopenX);
2024 /****************************************************************************
2025 Reply to a SMBulogoffX.
2026 ****************************************************************************/
2028 void reply_ulogoffX(struct smb_request *req)
2030 struct smbd_server_connection *sconn = smbd_server_conn;
2033 START_PROFILE(SMBulogoffX);
2035 vuser = get_valid_user_struct(sconn, req->vuid);
2038 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2042 /* in user level security we are supposed to close any files
2043 open by this user */
2044 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2045 file_close_user(req->vuid);
2048 invalidate_vuid(sconn, req->vuid);
2050 reply_outbuf(req, 2, 0);
2052 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2054 END_PROFILE(SMBulogoffX);
2055 req->vuid = UID_FIELD_INVALID;
2059 /****************************************************************************
2060 Reply to a mknew or a create.
2061 ****************************************************************************/
2063 void reply_mknew(struct smb_request *req)
2065 connection_struct *conn = req->conn;
2066 struct smb_filename *smb_fname = NULL;
2069 struct smb_file_time ft;
2071 int oplock_request = 0;
2073 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2074 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2075 uint32 create_disposition;
2076 uint32 create_options = 0;
2077 TALLOC_CTX *ctx = talloc_tos();
2079 START_PROFILE(SMBcreate);
2083 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2087 fattr = SVAL(req->vwv+0, 0);
2088 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2091 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2093 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2094 STR_TERMINATE, &status);
2095 if (!NT_STATUS_IS_OK(status)) {
2096 reply_nterror(req, status);
2100 status = filename_convert(ctx,
2102 req->flags2 & FLAGS2_DFS_PATHNAMES,
2107 if (!NT_STATUS_IS_OK(status)) {
2108 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2109 reply_botherror(req,
2110 NT_STATUS_PATH_NOT_COVERED,
2111 ERRSRV, ERRbadpath);
2114 reply_nterror(req, status);
2118 if (fattr & aVOLID) {
2119 DEBUG(0,("Attempt to create file (%s) with volid set - "
2120 "please report this\n",
2121 smb_fname_str_dbg(smb_fname)));
2124 if(req->cmd == SMBmknew) {
2125 /* We should fail if file exists. */
2126 create_disposition = FILE_CREATE;
2128 /* Create if file doesn't exist, truncate if it does. */
2129 create_disposition = FILE_OVERWRITE_IF;
2132 status = SMB_VFS_CREATE_FILE(
2135 0, /* root_dir_fid */
2136 smb_fname, /* fname */
2137 access_mask, /* access_mask */
2138 share_mode, /* share_access */
2139 create_disposition, /* create_disposition*/
2140 create_options, /* create_options */
2141 fattr, /* file_attributes */
2142 oplock_request, /* oplock_request */
2143 0, /* allocation_size */
2149 if (!NT_STATUS_IS_OK(status)) {
2150 if (open_was_deferred(req->mid)) {
2151 /* We have re-scheduled this call. */
2154 reply_openerror(req, status);
2158 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2159 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2160 if (!NT_STATUS_IS_OK(status)) {
2161 END_PROFILE(SMBcreate);
2165 reply_outbuf(req, 1, 0);
2166 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2168 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2169 SCVAL(req->outbuf,smb_flg,
2170 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2173 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2174 SCVAL(req->outbuf,smb_flg,
2175 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2178 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2179 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2180 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2181 (unsigned int)fattr));
2184 TALLOC_FREE(smb_fname);
2185 END_PROFILE(SMBcreate);
2189 /****************************************************************************
2190 Reply to a create temporary file.
2191 ****************************************************************************/
2193 void reply_ctemp(struct smb_request *req)
2195 connection_struct *conn = req->conn;
2196 struct smb_filename *smb_fname = NULL;
2204 TALLOC_CTX *ctx = talloc_tos();
2206 START_PROFILE(SMBctemp);
2209 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2213 fattr = SVAL(req->vwv+0, 0);
2214 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2216 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2217 STR_TERMINATE, &status);
2218 if (!NT_STATUS_IS_OK(status)) {
2219 reply_nterror(req, status);
2223 fname = talloc_asprintf(ctx,
2227 fname = talloc_strdup(ctx, "TMXXXXXX");
2231 reply_nterror(req, NT_STATUS_NO_MEMORY);
2235 status = filename_convert(ctx, conn,
2236 req->flags2 & FLAGS2_DFS_PATHNAMES,
2241 if (!NT_STATUS_IS_OK(status)) {
2242 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2243 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2244 ERRSRV, ERRbadpath);
2247 reply_nterror(req, status);
2251 tmpfd = mkstemp(smb_fname->base_name);
2253 reply_nterror(req, map_nt_error_from_unix(errno));
2257 SMB_VFS_STAT(conn, smb_fname);
2259 /* We should fail if file does not exist. */
2260 status = SMB_VFS_CREATE_FILE(
2263 0, /* root_dir_fid */
2264 smb_fname, /* fname */
2265 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2266 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2267 FILE_OPEN, /* create_disposition*/
2268 0, /* create_options */
2269 fattr, /* file_attributes */
2270 oplock_request, /* oplock_request */
2271 0, /* allocation_size */
2277 /* close fd from mkstemp() */
2280 if (!NT_STATUS_IS_OK(status)) {
2281 if (open_was_deferred(req->mid)) {
2282 /* We have re-scheduled this call. */
2285 reply_openerror(req, status);
2289 reply_outbuf(req, 1, 0);
2290 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2292 /* the returned filename is relative to the directory */
2293 s = strrchr_m(fsp->fsp_name->base_name, '/');
2295 s = fsp->fsp_name->base_name;
2301 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2302 thing in the byte section. JRA */
2303 SSVALS(p, 0, -1); /* what is this? not in spec */
2305 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2307 reply_nterror(req, NT_STATUS_NO_MEMORY);
2311 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2312 SCVAL(req->outbuf, smb_flg,
2313 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2316 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2317 SCVAL(req->outbuf, smb_flg,
2318 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2321 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2322 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2323 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2325 TALLOC_FREE(smb_fname);
2326 END_PROFILE(SMBctemp);
2330 /*******************************************************************
2331 Check if a user is allowed to rename a file.
2332 ********************************************************************/
2334 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2335 uint16 dirtype, SMB_STRUCT_STAT *pst)
2339 if (!CAN_WRITE(conn)) {
2340 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2343 fmode = dos_mode(conn, fsp->fsp_name);
2344 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2345 return NT_STATUS_NO_SUCH_FILE;
2348 if (S_ISDIR(pst->st_ex_mode)) {
2349 if (fsp->posix_open) {
2350 return NT_STATUS_OK;
2353 /* If no pathnames are open below this
2354 directory, allow the rename. */
2356 if (file_find_subpath(fsp)) {
2357 return NT_STATUS_ACCESS_DENIED;
2359 return NT_STATUS_OK;
2362 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2363 return NT_STATUS_OK;
2366 return NT_STATUS_ACCESS_DENIED;
2369 /*******************************************************************
2370 * unlink a file with all relevant access checks
2371 *******************************************************************/
2373 static NTSTATUS do_unlink(connection_struct *conn,
2374 struct smb_request *req,
2375 struct smb_filename *smb_fname,
2380 uint32 dirtype_orig = dirtype;
2383 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2384 smb_fname_str_dbg(smb_fname),
2387 if (!CAN_WRITE(conn)) {
2388 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2391 if (SMB_VFS_LSTAT(conn, smb_fname) != 0) {
2392 return map_nt_error_from_unix(errno);
2395 fattr = dos_mode(conn, smb_fname);
2397 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2398 dirtype = aDIR|aARCH|aRONLY;
2401 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2403 return NT_STATUS_NO_SUCH_FILE;
2406 if (!dir_check_ftype(conn, fattr, dirtype)) {
2408 return NT_STATUS_FILE_IS_A_DIRECTORY;
2410 return NT_STATUS_NO_SUCH_FILE;
2413 if (dirtype_orig & 0x8000) {
2414 /* These will never be set for POSIX. */
2415 return NT_STATUS_NO_SUCH_FILE;
2419 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2420 return NT_STATUS_FILE_IS_A_DIRECTORY;
2423 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2424 return NT_STATUS_NO_SUCH_FILE;
2427 if (dirtype & 0xFF00) {
2428 /* These will never be set for POSIX. */
2429 return NT_STATUS_NO_SUCH_FILE;
2434 return NT_STATUS_NO_SUCH_FILE;
2437 /* Can't delete a directory. */
2439 return NT_STATUS_FILE_IS_A_DIRECTORY;
2444 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2445 return NT_STATUS_OBJECT_NAME_INVALID;
2446 #endif /* JRATEST */
2448 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2450 On a Windows share, a file with read-only dosmode can be opened with
2451 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2452 fails with NT_STATUS_CANNOT_DELETE error.
2454 This semantic causes a problem that a user can not
2455 rename a file with read-only dosmode on a Samba share
2456 from a Windows command prompt (i.e. cmd.exe, but can rename
2457 from Windows Explorer).
2460 if (!lp_delete_readonly(SNUM(conn))) {
2461 if (fattr & aRONLY) {
2462 return NT_STATUS_CANNOT_DELETE;
2466 /* On open checks the open itself will check the share mode, so
2467 don't do it here as we'll get it wrong. */
2469 status = SMB_VFS_CREATE_FILE
2472 0, /* root_dir_fid */
2473 smb_fname, /* fname */
2474 DELETE_ACCESS, /* access_mask */
2475 FILE_SHARE_NONE, /* share_access */
2476 FILE_OPEN, /* create_disposition*/
2477 FILE_NON_DIRECTORY_FILE, /* create_options */
2478 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2479 0, /* oplock_request */
2480 0, /* allocation_size */
2486 if (!NT_STATUS_IS_OK(status)) {
2487 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2488 nt_errstr(status)));
2492 /* The set is across all open files on this dev/inode pair. */
2493 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2494 close_file(req, fsp, NORMAL_CLOSE);
2495 return NT_STATUS_ACCESS_DENIED;
2498 return close_file(req, fsp, NORMAL_CLOSE);
2501 /****************************************************************************
2502 The guts of the unlink command, split out so it may be called by the NT SMB
2504 ****************************************************************************/
2506 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2507 uint32 dirtype, struct smb_filename *smb_fname,
2510 char *fname_dir = NULL;
2511 char *fname_mask = NULL;
2513 NTSTATUS status = NT_STATUS_OK;
2514 TALLOC_CTX *ctx = talloc_tos();
2516 /* Split up the directory from the filename/mask. */
2517 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2518 &fname_dir, &fname_mask);
2519 if (!NT_STATUS_IS_OK(status)) {
2524 * We should only check the mangled cache
2525 * here if unix_convert failed. This means
2526 * that the path in 'mask' doesn't exist
2527 * on the file system and so we need to look
2528 * for a possible mangle. This patch from
2529 * Tine Smukavec <valentin.smukavec@hermes.si>.
2532 if (!VALID_STAT(smb_fname->st) &&
2533 mangle_is_mangled(fname_mask, conn->params)) {
2534 char *new_mask = NULL;
2535 mangle_lookup_name_from_8_3(ctx, fname_mask,
2536 &new_mask, conn->params);
2538 TALLOC_FREE(fname_mask);
2539 fname_mask = new_mask;
2546 * Only one file needs to be unlinked. Append the mask back
2547 * onto the directory.
2549 TALLOC_FREE(smb_fname->base_name);
2550 smb_fname->base_name = talloc_asprintf(smb_fname,
2554 if (!smb_fname->base_name) {
2555 status = NT_STATUS_NO_MEMORY;
2559 dirtype = FILE_ATTRIBUTE_NORMAL;
2562 status = check_name(conn, smb_fname->base_name);
2563 if (!NT_STATUS_IS_OK(status)) {
2567 status = do_unlink(conn, req, smb_fname, dirtype);
2568 if (!NT_STATUS_IS_OK(status)) {
2574 struct smb_Dir *dir_hnd = NULL;
2578 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2579 status = NT_STATUS_OBJECT_NAME_INVALID;
2583 if (strequal(fname_mask,"????????.???")) {
2584 TALLOC_FREE(fname_mask);
2585 fname_mask = talloc_strdup(ctx, "*");
2587 status = NT_STATUS_NO_MEMORY;
2592 status = check_name(conn, fname_dir);
2593 if (!NT_STATUS_IS_OK(status)) {
2597 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2599 if (dir_hnd == NULL) {
2600 status = map_nt_error_from_unix(errno);
2604 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2605 the pattern matches against the long name, otherwise the short name
2606 We don't implement this yet XXXX
2609 status = NT_STATUS_NO_SUCH_FILE;
2611 while ((dname = ReadDirName(dir_hnd, &offset,
2613 TALLOC_CTX *frame = talloc_stackframe();
2615 if (!is_visible_file(conn, fname_dir, dname,
2616 &smb_fname->st, true)) {
2621 /* Quick check for "." and ".." */
2622 if (ISDOT(dname) || ISDOTDOT(dname)) {
2627 if(!mask_match(dname, fname_mask,
2628 conn->case_sensitive)) {
2633 TALLOC_FREE(smb_fname->base_name);
2634 smb_fname->base_name =
2635 talloc_asprintf(smb_fname, "%s/%s",
2638 if (!smb_fname->base_name) {
2639 TALLOC_FREE(dir_hnd);
2640 status = NT_STATUS_NO_MEMORY;
2645 status = check_name(conn, smb_fname->base_name);
2646 if (!NT_STATUS_IS_OK(status)) {
2647 TALLOC_FREE(dir_hnd);
2652 status = do_unlink(conn, req, smb_fname, dirtype);
2653 if (!NT_STATUS_IS_OK(status)) {
2659 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2660 smb_fname->base_name));
2664 TALLOC_FREE(dir_hnd);
2667 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2668 status = map_nt_error_from_unix(errno);
2672 TALLOC_FREE(fname_dir);
2673 TALLOC_FREE(fname_mask);
2677 /****************************************************************************
2679 ****************************************************************************/
2681 void reply_unlink(struct smb_request *req)
2683 connection_struct *conn = req->conn;
2685 struct smb_filename *smb_fname = NULL;
2688 bool path_contains_wcard = False;
2689 TALLOC_CTX *ctx = talloc_tos();
2691 START_PROFILE(SMBunlink);
2694 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2698 dirtype = SVAL(req->vwv+0, 0);
2700 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2701 STR_TERMINATE, &status,
2702 &path_contains_wcard);
2703 if (!NT_STATUS_IS_OK(status)) {
2704 reply_nterror(req, status);
2708 status = filename_convert(ctx, conn,
2709 req->flags2 & FLAGS2_DFS_PATHNAMES,
2711 UCF_COND_ALLOW_WCARD_LCOMP,
2712 &path_contains_wcard,
2714 if (!NT_STATUS_IS_OK(status)) {
2715 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2716 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2717 ERRSRV, ERRbadpath);
2720 reply_nterror(req, status);
2724 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2726 status = unlink_internals(conn, req, dirtype, smb_fname,
2727 path_contains_wcard);
2728 if (!NT_STATUS_IS_OK(status)) {
2729 if (open_was_deferred(req->mid)) {
2730 /* We have re-scheduled this call. */
2733 reply_nterror(req, status);
2737 reply_outbuf(req, 0, 0);
2739 TALLOC_FREE(smb_fname);
2740 END_PROFILE(SMBunlink);
2744 /****************************************************************************
2746 ****************************************************************************/
2748 static void fail_readraw(void)
2750 const char *errstr = talloc_asprintf(talloc_tos(),
2751 "FAIL ! reply_readbraw: socket write fail (%s)",
2756 exit_server_cleanly(errstr);
2759 /****************************************************************************
2760 Fake (read/write) sendfile. Returns -1 on read or write fail.
2761 ****************************************************************************/
2763 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2767 size_t tosend = nread;
2774 bufsize = MIN(nread, 65536);
2776 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2780 while (tosend > 0) {
2784 if (tosend > bufsize) {
2789 ret = read_file(fsp,buf,startpos,cur_read);
2795 /* If we had a short read, fill with zeros. */
2796 if (ret < cur_read) {
2797 memset(buf + ret, '\0', cur_read - ret);
2800 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2805 startpos += cur_read;
2809 return (ssize_t)nread;
2812 #if defined(WITH_SENDFILE)
2813 /****************************************************************************
2814 Deal with the case of sendfile reading less bytes from the file than
2815 requested. Fill with zeros (all we can do).
2816 ****************************************************************************/
2818 static void sendfile_short_send(files_struct *fsp,
2823 #define SHORT_SEND_BUFSIZE 1024
2824 if (nread < headersize) {
2825 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2826 "header for file %s (%s). Terminating\n",
2827 fsp_str_dbg(fsp), strerror(errno)));
2828 exit_server_cleanly("sendfile_short_send failed");
2831 nread -= headersize;
2833 if (nread < smb_maxcnt) {
2834 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2836 exit_server_cleanly("sendfile_short_send: "
2840 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2841 "with zeros !\n", fsp_str_dbg(fsp)));
2843 while (nread < smb_maxcnt) {
2845 * We asked for the real file size and told sendfile
2846 * to not go beyond the end of the file. But it can
2847 * happen that in between our fstat call and the
2848 * sendfile call the file was truncated. This is very
2849 * bad because we have already announced the larger
2850 * number of bytes to the client.
2852 * The best we can do now is to send 0-bytes, just as
2853 * a read from a hole in a sparse file would do.
2855 * This should happen rarely enough that I don't care
2856 * about efficiency here :-)
2860 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2861 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2862 exit_server_cleanly("sendfile_short_send: "
2863 "write_data failed");
2870 #endif /* defined WITH_SENDFILE */
2872 /****************************************************************************
2873 Return a readbraw error (4 bytes of zero).
2874 ****************************************************************************/
2876 static void reply_readbraw_error(void)
2880 if (write_data(smbd_server_fd(),header,4) != 4) {
2885 /****************************************************************************
2886 Use sendfile in readbraw.
2887 ****************************************************************************/
2889 static void send_file_readbraw(connection_struct *conn,
2890 struct smb_request *req,
2896 char *outbuf = NULL;
2899 #if defined(WITH_SENDFILE)
2901 * We can only use sendfile on a non-chained packet
2902 * but we can use on a non-oplocked file. tridge proved this
2903 * on a train in Germany :-). JRA.
2904 * reply_readbraw has already checked the length.
2907 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2908 (fsp->wcp == NULL) &&
2909 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
2910 ssize_t sendfile_read = -1;
2912 DATA_BLOB header_blob;
2914 _smb_setlen(header,nread);
2915 header_blob = data_blob_const(header, 4);
2917 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2918 &header_blob, startpos, nread)) == -1) {
2919 /* Returning ENOSYS means no data at all was sent.
2920 * Do this as a normal read. */
2921 if (errno == ENOSYS) {
2922 goto normal_readbraw;
2926 * Special hack for broken Linux with no working sendfile. If we
2927 * return EINTR we sent the header but not the rest of the data.
2928 * Fake this up by doing read/write calls.
2930 if (errno == EINTR) {
2931 /* Ensure we don't do this again. */
2932 set_use_sendfile(SNUM(conn), False);
2933 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2935 if (fake_sendfile(fsp, startpos, nread) == -1) {
2936 DEBUG(0,("send_file_readbraw: "
2937 "fake_sendfile failed for "
2941 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2946 DEBUG(0,("send_file_readbraw: sendfile failed for "
2947 "file %s (%s). Terminating\n",
2948 fsp_str_dbg(fsp), strerror(errno)));
2949 exit_server_cleanly("send_file_readbraw sendfile failed");
2950 } else if (sendfile_read == 0) {
2952 * Some sendfile implementations return 0 to indicate
2953 * that there was a short read, but nothing was
2954 * actually written to the socket. In this case,
2955 * fallback to the normal read path so the header gets
2956 * the correct byte count.
2958 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2959 "bytes falling back to the normal read: "
2960 "%s\n", fsp_str_dbg(fsp)));
2961 goto normal_readbraw;
2964 /* Deal with possible short send. */
2965 if (sendfile_read != 4+nread) {
2966 sendfile_short_send(fsp, sendfile_read, 4, nread);
2974 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2976 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2977 (unsigned)(nread+4)));
2978 reply_readbraw_error();
2983 ret = read_file(fsp,outbuf+4,startpos,nread);
2984 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2993 _smb_setlen(outbuf,ret);
2994 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2997 TALLOC_FREE(outbuf);
3000 /****************************************************************************
3001 Reply to a readbraw (core+ protocol).
3002 ****************************************************************************/
3004 void reply_readbraw(struct smb_request *req)
3006 connection_struct *conn = req->conn;
3007 ssize_t maxcount,mincount;
3011 struct lock_struct lock;
3015 START_PROFILE(SMBreadbraw);
3017 if (srv_is_signing_active(smbd_server_conn) ||
3018 is_encrypted_packet(req->inbuf)) {
3019 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3020 "raw reads/writes are disallowed.");
3024 reply_readbraw_error();
3025 END_PROFILE(SMBreadbraw);
3030 * Special check if an oplock break has been issued
3031 * and the readraw request croses on the wire, we must
3032 * return a zero length response here.
3035 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3038 * We have to do a check_fsp by hand here, as
3039 * we must always return 4 zero bytes on error,
3043 if (!fsp || !conn || conn != fsp->conn ||
3044 req->vuid != fsp->vuid ||
3045 fsp->is_directory || fsp->fh->fd == -1) {
3047 * fsp could be NULL here so use the value from the packet. JRA.
3049 DEBUG(3,("reply_readbraw: fnum %d not valid "
3051 (int)SVAL(req->vwv+0, 0)));
3052 reply_readbraw_error();
3053 END_PROFILE(SMBreadbraw);
3057 /* Do a "by hand" version of CHECK_READ. */
3058 if (!(fsp->can_read ||
3059 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3060 (fsp->access_mask & FILE_EXECUTE)))) {
3061 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3062 (int)SVAL(req->vwv+0, 0)));
3063 reply_readbraw_error();
3064 END_PROFILE(SMBreadbraw);
3068 flush_write_cache(fsp, READRAW_FLUSH);
3070 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3071 if(req->wct == 10) {
3073 * This is a large offset (64 bit) read.
3075 #ifdef LARGE_SMB_OFF_T
3077 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3079 #else /* !LARGE_SMB_OFF_T */
3082 * Ensure we haven't been sent a >32 bit offset.
3085 if(IVAL(req->vwv+8, 0) != 0) {
3086 DEBUG(0,("reply_readbraw: large offset "
3087 "(%x << 32) used and we don't support "
3088 "64 bit offsets.\n",
3089 (unsigned int)IVAL(req->vwv+8, 0) ));
3090 reply_readbraw_error();
3091 END_PROFILE(SMBreadbraw);
3095 #endif /* LARGE_SMB_OFF_T */
3098 DEBUG(0,("reply_readbraw: negative 64 bit "
3099 "readraw offset (%.0f) !\n",
3100 (double)startpos ));
3101 reply_readbraw_error();
3102 END_PROFILE(SMBreadbraw);
3107 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3108 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3110 /* ensure we don't overrun the packet size */
3111 maxcount = MIN(65535,maxcount);
3113 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3114 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3117 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3118 reply_readbraw_error();
3119 END_PROFILE(SMBreadbraw);
3123 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
3124 size = st.st_ex_size;
3127 if (startpos >= size) {
3130 nread = MIN(maxcount,(size - startpos));
3133 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3134 if (nread < mincount)
3138 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3139 "min=%lu nread=%lu\n",
3140 fsp->fnum, (double)startpos,
3141 (unsigned long)maxcount,
3142 (unsigned long)mincount,
3143 (unsigned long)nread ) );
3145 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3147 DEBUG(5,("reply_readbraw finished\n"));
3149 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3151 END_PROFILE(SMBreadbraw);
3156 #define DBGC_CLASS DBGC_LOCKING
3158 /****************************************************************************
3159 Reply to a lockread (core+ protocol).
3160 ****************************************************************************/
3162 void reply_lockread(struct smb_request *req)
3164 connection_struct *conn = req->conn;
3171 struct byte_range_lock *br_lck = NULL;
3173 struct smbd_server_connection *sconn = smbd_server_conn;
3175 START_PROFILE(SMBlockread);
3178 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3179 END_PROFILE(SMBlockread);
3183 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3185 if (!check_fsp(conn, req, fsp)) {
3186 END_PROFILE(SMBlockread);
3190 if (!CHECK_READ(fsp,req)) {
3191 reply_doserror(req, ERRDOS, ERRbadaccess);
3192 END_PROFILE(SMBlockread);
3196 numtoread = SVAL(req->vwv+1, 0);
3197 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3199 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3201 reply_outbuf(req, 5, numtoread + 3);
3203 data = smb_buf(req->outbuf) + 3;
3206 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3207 * protocol request that predates the read/write lock concept.
3208 * Thus instead of asking for a read lock here we need to ask
3209 * for a write lock. JRA.
3210 * Note that the requested lock size is unaffected by max_recv.
3213 br_lck = do_lock(smbd_messaging_context(),
3216 (uint64_t)numtoread,
3220 False, /* Non-blocking lock. */
3224 TALLOC_FREE(br_lck);
3226 if (NT_STATUS_V(status)) {
3227 reply_nterror(req, status);
3228 END_PROFILE(SMBlockread);
3233 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3236 if (numtoread > sconn->smb1.negprot.max_recv) {
3237 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3238 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3239 (unsigned int)numtoread,
3240 (unsigned int)sconn->smb1.negprot.max_recv));
3241 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3243 nread = read_file(fsp,data,startpos,numtoread);
3246 reply_nterror(req, map_nt_error_from_unix(errno));
3247 END_PROFILE(SMBlockread);
3251 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3253 SSVAL(req->outbuf,smb_vwv0,nread);
3254 SSVAL(req->outbuf,smb_vwv5,nread+3);
3255 p = smb_buf(req->outbuf);
3256 SCVAL(p,0,0); /* pad byte. */
3259 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3260 fsp->fnum, (int)numtoread, (int)nread));
3262 END_PROFILE(SMBlockread);
3267 #define DBGC_CLASS DBGC_ALL
3269 /****************************************************************************
3271 ****************************************************************************/
3273 void reply_read(struct smb_request *req)
3275 connection_struct *conn = req->conn;
3282 struct lock_struct lock;
3283 struct smbd_server_connection *sconn = smbd_server_conn;
3285 START_PROFILE(SMBread);
3288 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3289 END_PROFILE(SMBread);
3293 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3295 if (!check_fsp(conn, req, fsp)) {
3296 END_PROFILE(SMBread);
3300 if (!CHECK_READ(fsp,req)) {
3301 reply_doserror(req, ERRDOS, ERRbadaccess);
3302 END_PROFILE(SMBread);
3306 numtoread = SVAL(req->vwv+1, 0);
3307 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3309 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3312 * The requested read size cannot be greater than max_recv. JRA.
3314 if (numtoread > sconn->smb1.negprot.max_recv) {
3315 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3316 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3317 (unsigned int)numtoread,
3318 (unsigned int)sconn->smb1.negprot.max_recv));
3319 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3322 reply_outbuf(req, 5, numtoread+3);
3324 data = smb_buf(req->outbuf) + 3;
3326 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3327 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3330 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3331 reply_doserror(req, ERRDOS,ERRlock);
3332 END_PROFILE(SMBread);
3337 nread = read_file(fsp,data,startpos,numtoread);
3340 reply_nterror(req, map_nt_error_from_unix(errno));
3344 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3346 SSVAL(req->outbuf,smb_vwv0,nread);
3347 SSVAL(req->outbuf,smb_vwv5,nread+3);
3348 SCVAL(smb_buf(req->outbuf),0,1);
3349 SSVAL(smb_buf(req->outbuf),1,nread);
3351 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3352 fsp->fnum, (int)numtoread, (int)nread ) );
3355 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3357 END_PROFILE(SMBread);
3361 /****************************************************************************
3363 ****************************************************************************/
3365 static int setup_readX_header(struct smb_request *req, char *outbuf,
3371 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3372 data = smb_buf(outbuf);
3374 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3376 SCVAL(outbuf,smb_vwv0,0xFF);
3377 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3378 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3379 SSVAL(outbuf,smb_vwv6,
3381 + 1 /* the wct field */
3382 + 12 * sizeof(uint16_t) /* vwv */
3383 + 2); /* the buflen field */
3384 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3385 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3386 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3387 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3391 /****************************************************************************
3392 Reply to a read and X - possibly using sendfile.
3393 ****************************************************************************/
3395 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3396 files_struct *fsp, SMB_OFF_T startpos,
3399 SMB_STRUCT_STAT sbuf;
3401 struct lock_struct lock;
3402 int saved_errno = 0;
3404 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3405 reply_nterror(req, map_nt_error_from_unix(errno));
3409 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3410 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3413 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3414 reply_doserror(req, ERRDOS, ERRlock);
3418 if (!S_ISREG(sbuf.st_ex_mode) || (startpos > sbuf.st_ex_size)
3419 || (smb_maxcnt > (sbuf.st_ex_size - startpos))) {
3421 * We already know that we would do a short read, so don't
3422 * try the sendfile() path.
3424 goto nosendfile_read;
3427 #if defined(WITH_SENDFILE)
3429 * We can only use sendfile on a non-chained packet
3430 * but we can use on a non-oplocked file. tridge proved this
3431 * on a train in Germany :-). JRA.
3434 if (!req_is_in_chain(req) &&
3435 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3436 (fsp->wcp == NULL) &&
3437 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
3438 uint8 headerbuf[smb_size + 12 * 2];
3442 * Set up the packet header before send. We
3443 * assume here the sendfile will work (get the
3444 * correct amount of data).
3447 header = data_blob_const(headerbuf, sizeof(headerbuf));
3449 construct_reply_common_req(req, (char *)headerbuf);
3450 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3452 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3453 /* Returning ENOSYS means no data at all was sent.
3454 Do this as a normal read. */
3455 if (errno == ENOSYS) {
3460 * Special hack for broken Linux with no working sendfile. If we
3461 * return EINTR we sent the header but not the rest of the data.
3462 * Fake this up by doing read/write calls.
3465 if (errno == EINTR) {
3466 /* Ensure we don't do this again. */
3467 set_use_sendfile(SNUM(conn), False);
3468 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3469 nread = fake_sendfile(fsp, startpos,
3472 DEBUG(0,("send_file_readX: "
3473 "fake_sendfile failed for "
3477 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3479 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3480 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3481 /* No outbuf here means successful sendfile. */
3485 DEBUG(0,("send_file_readX: sendfile failed for file "
3486 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3488 exit_server_cleanly("send_file_readX sendfile failed");
3489 } else if (nread == 0) {
3491 * Some sendfile implementations return 0 to indicate
3492 * that there was a short read, but nothing was
3493 * actually written to the socket. In this case,
3494 * fallback to the normal read path so the header gets
3495 * the correct byte count.
3497 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3498 "falling back to the normal read: %s\n",
3503 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3504 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3506 /* Deal with possible short send. */
3507 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3508 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3510 /* No outbuf here means successful sendfile. */
3511 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3512 SMB_PERFCOUNT_END(&req->pcd);
3520 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3521 uint8 headerbuf[smb_size + 2*12];
3523 construct_reply_common_req(req, (char *)headerbuf);
3524 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3526 /* Send out the header. */
3527 if (write_data(smbd_server_fd(), (char *)headerbuf,
3528 sizeof(headerbuf)) != sizeof(headerbuf)) {
3529 DEBUG(0,("send_file_readX: write_data failed for file "
3530 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3532 exit_server_cleanly("send_file_readX sendfile failed");
3534 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3536 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3537 "file %s (%s).\n", fsp_str_dbg(fsp),
3539 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3546 reply_outbuf(req, 12, smb_maxcnt);
3548 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3549 saved_errno = errno;
3551 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3554 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3558 setup_readX_header(req, (char *)req->outbuf, nread);
3560 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3561 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3567 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3568 TALLOC_FREE(req->outbuf);
3572 /****************************************************************************
3573 Reply to a read and X.
3574 ****************************************************************************/
3576 void reply_read_and_X(struct smb_request *req)
3578 connection_struct *conn = req->conn;
3582 bool big_readX = False;
3584 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3587 START_PROFILE(SMBreadX);
3589 if ((req->wct != 10) && (req->wct != 12)) {
3590 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3594 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3595 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3596 smb_maxcnt = SVAL(req->vwv+5, 0);
3598 /* If it's an IPC, pass off the pipe handler. */
3600 reply_pipe_read_and_X(req);
3601 END_PROFILE(SMBreadX);
3605 if (!check_fsp(conn, req, fsp)) {
3606 END_PROFILE(SMBreadX);
3610 if (!CHECK_READ(fsp,req)) {
3611 reply_doserror(req, ERRDOS,ERRbadaccess);
3612 END_PROFILE(SMBreadX);
3616 if (global_client_caps & CAP_LARGE_READX) {
3617 size_t upper_size = SVAL(req->vwv+7, 0);
3618 smb_maxcnt |= (upper_size<<16);
3619 if (upper_size > 1) {
3620 /* Can't do this on a chained packet. */
3621 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3622 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3623 END_PROFILE(SMBreadX);
3626 /* We currently don't do this on signed or sealed data. */
3627 if (srv_is_signing_active(smbd_server_conn) ||
3628 is_encrypted_packet(req->inbuf)) {
3629 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3630 END_PROFILE(SMBreadX);
3633 /* Is there room in the reply for this data ? */
3634 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3636 NT_STATUS_INVALID_PARAMETER);
3637 END_PROFILE(SMBreadX);
3644 if (req->wct == 12) {
3645 #ifdef LARGE_SMB_OFF_T
3647 * This is a large offset (64 bit) read.
3649 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3651 #else /* !LARGE_SMB_OFF_T */
3654 * Ensure we haven't been sent a >32 bit offset.
3657 if(IVAL(req->vwv+10, 0) != 0) {
3658 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3659 "used and we don't support 64 bit offsets.\n",
3660 (unsigned int)IVAL(req->vwv+10, 0) ));
3661 END_PROFILE(SMBreadX);
3662 reply_doserror(req, ERRDOS, ERRbadaccess);
3666 #endif /* LARGE_SMB_OFF_T */
3671 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3675 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3678 END_PROFILE(SMBreadX);
3682 /****************************************************************************
3683 Error replies to writebraw must have smb_wct == 1. Fix this up.
3684 ****************************************************************************/
3686 void error_to_writebrawerr(struct smb_request *req)
3688 uint8 *old_outbuf = req->outbuf;
3690 reply_outbuf(req, 1, 0);
3692 memcpy(req->outbuf, old_outbuf, smb_size);
3693 TALLOC_FREE(old_outbuf);
3696 /****************************************************************************
3697 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3698 ****************************************************************************/
3700 void reply_writebraw(struct smb_request *req)
3702 connection_struct *conn = req->conn;
3705 ssize_t total_written=0;
3706 size_t numtowrite=0;
3712 struct lock_struct lock;
3715 START_PROFILE(SMBwritebraw);
3718 * If we ever reply with an error, it must have the SMB command
3719 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3722 SCVAL(req->inbuf,smb_com,SMBwritec);
3724 if (srv_is_signing_active(smbd_server_conn)) {
3725 END_PROFILE(SMBwritebraw);
3726 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3727 "raw reads/writes are disallowed.");
3730 if (req->wct < 12) {
3731 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3732 error_to_writebrawerr(req);
3733 END_PROFILE(SMBwritebraw);
3737 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3738 if (!check_fsp(conn, req, fsp)) {
3739 error_to_writebrawerr(req);
3740 END_PROFILE(SMBwritebraw);
3744 if (!CHECK_WRITE(fsp)) {
3745 reply_doserror(req, ERRDOS, ERRbadaccess);
3746 error_to_writebrawerr(req);
3747 END_PROFILE(SMBwritebraw);
3751 tcount = IVAL(req->vwv+1, 0);
3752 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3753 write_through = BITSETW(req->vwv+7,0);
3755 /* We have to deal with slightly different formats depending
3756 on whether we are using the core+ or lanman1.0 protocol */
3758 if(Protocol <= PROTOCOL_COREPLUS) {
3759 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3760 data = smb_buf(req->inbuf);
3762 numtowrite = SVAL(req->vwv+10, 0);
3763 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3766 /* Ensure we don't write bytes past the end of this packet. */
3767 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3768 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3769 error_to_writebrawerr(req);
3770 END_PROFILE(SMBwritebraw);
3774 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3775 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3778 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3779 reply_doserror(req, ERRDOS, ERRlock);
3780 error_to_writebrawerr(req);
3781 END_PROFILE(SMBwritebraw);
3786 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3789 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3790 "wrote=%d sync=%d\n",
3791 fsp->fnum, (double)startpos, (int)numtowrite,
3792 (int)nwritten, (int)write_through));
3794 if (nwritten < (ssize_t)numtowrite) {
3795 reply_doserror(req, ERRHRD, ERRdiskfull);
3796 error_to_writebrawerr(req);
3800 total_written = nwritten;
3802 /* Allocate a buffer of 64k + length. */
3803 buf = TALLOC_ARRAY(NULL, char, 65540);
3805 reply_doserror(req, ERRDOS, ERRnomem);
3806 error_to_writebrawerr(req);
3810 /* Return a SMBwritebraw message to the redirector to tell
3811 * it to send more bytes */
3813 memcpy(buf, req->inbuf, smb_size);
3814 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3815 SCVAL(buf,smb_com,SMBwritebraw);
3816 SSVALS(buf,smb_vwv0,0xFFFF);
3818 if (!srv_send_smb(smbd_server_fd(),
3820 false, 0, /* no signing */
3821 IS_CONN_ENCRYPTED(conn),
3823 exit_server_cleanly("reply_writebraw: srv_send_smb "
3827 /* Now read the raw data into the buffer and write it */
3828 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3830 if (!NT_STATUS_IS_OK(status)) {
3831 exit_server_cleanly("secondary writebraw failed");
3834 /* Set up outbuf to return the correct size */
3835 reply_outbuf(req, 1, 0);
3837 if (numtowrite != 0) {
3839 if (numtowrite > 0xFFFF) {
3840 DEBUG(0,("reply_writebraw: Oversize secondary write "
3841 "raw requested (%u). Terminating\n",
3842 (unsigned int)numtowrite ));
3843 exit_server_cleanly("secondary writebraw failed");
3846 if (tcount > nwritten+numtowrite) {
3847 DEBUG(3,("reply_writebraw: Client overestimated the "
3849 (int)tcount,(int)nwritten,(int)numtowrite));
3852 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3854 if (!NT_STATUS_IS_OK(status)) {
3855 DEBUG(0,("reply_writebraw: Oversize secondary write "
3856 "raw read failed (%s). Terminating\n",
3857 nt_errstr(status)));
3858 exit_server_cleanly("secondary writebraw failed");
3861 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3862 if (nwritten == -1) {
3864 reply_nterror(req, map_nt_error_from_unix(errno));
3865 error_to_writebrawerr(req);
3869 if (nwritten < (ssize_t)numtowrite) {
3870 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3871 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3875 total_written += nwritten;
3880 SSVAL(req->outbuf,smb_vwv0,total_written);
3882 status = sync_file(conn, fsp, write_through);
3883 if (!NT_STATUS_IS_OK(status)) {
3884 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3885 fsp_str_dbg(fsp), nt_errstr(status)));
3886 reply_nterror(req, status);
3887 error_to_writebrawerr(req);
3891 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3893 fsp->fnum, (double)startpos, (int)numtowrite,
3894 (int)total_written));
3896 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3898 /* We won't return a status if write through is not selected - this
3899 * follows what WfWg does */
3900 END_PROFILE(SMBwritebraw);
3902 if (!write_through && total_written==tcount) {
3904 #if RABBIT_PELLET_FIX
3906 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3907 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3910 if (!send_keepalive(smbd_server_fd())) {
3911 exit_server_cleanly("reply_writebraw: send of "
3912 "keepalive failed");
3915 TALLOC_FREE(req->outbuf);
3920 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3922 END_PROFILE(SMBwritebraw);
3927 #define DBGC_CLASS DBGC_LOCKING
3929 /****************************************************************************
3930 Reply to a writeunlock (core+).
3931 ****************************************************************************/
3933 void reply_writeunlock(struct smb_request *req)
3935 connection_struct *conn = req->conn;
3936 ssize_t nwritten = -1;
3940 NTSTATUS status = NT_STATUS_OK;
3942 struct lock_struct lock;
3943 int saved_errno = 0;
3945 START_PROFILE(SMBwriteunlock);
3948 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3949 END_PROFILE(SMBwriteunlock);
3953 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3955 if (!check_fsp(conn, req, fsp)) {
3956 END_PROFILE(SMBwriteunlock);
3960 if (!CHECK_WRITE(fsp)) {
3961 reply_doserror(req, ERRDOS,ERRbadaccess);
3962 END_PROFILE(SMBwriteunlock);
3966 numtowrite = SVAL(req->vwv+1, 0);
3967 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3968 data = (const char *)req->buf + 3;
3971 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3972 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3975 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3976 reply_doserror(req, ERRDOS, ERRlock);
3977 END_PROFILE(SMBwriteunlock);
3982 /* The special X/Open SMB protocol handling of
3983 zero length writes is *NOT* done for
3985 if(numtowrite == 0) {
3988 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3989 saved_errno = errno;
3992 status = sync_file(conn, fsp, False /* write through */);
3993 if (!NT_STATUS_IS_OK(status)) {
3994 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3995 fsp_str_dbg(fsp), nt_errstr(status)));
3996 reply_nterror(req, status);
4001 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4005 if((nwritten < numtowrite) && (numtowrite != 0)) {
4006 reply_doserror(req, ERRHRD, ERRdiskfull);
4011 status = do_unlock(smbd_messaging_context(),
4014 (uint64_t)numtowrite,
4018 if (NT_STATUS_V(status)) {
4019 reply_nterror(req, status);
4024 reply_outbuf(req, 1, 0);
4026 SSVAL(req->outbuf,smb_vwv0,nwritten);
4028 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4029 fsp->fnum, (int)numtowrite, (int)nwritten));
4033 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4036 END_PROFILE(SMBwriteunlock);
4041 #define DBGC_CLASS DBGC_ALL
4043 /****************************************************************************
4045 ****************************************************************************/
4047 void reply_write(struct smb_request *req)
4049 connection_struct *conn = req->conn;
4051 ssize_t nwritten = -1;
4055 struct lock_struct lock;
4057 int saved_errno = 0;
4059 START_PROFILE(SMBwrite);
4062 END_PROFILE(SMBwrite);
4063 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4067 /* If it's an IPC, pass off the pipe handler. */
4069 reply_pipe_write(req);
4070 END_PROFILE(SMBwrite);
4074 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4076 if (!check_fsp(conn, req, fsp)) {
4077 END_PROFILE(SMBwrite);
4081 if (!CHECK_WRITE(fsp)) {
4082 reply_doserror(req, ERRDOS, ERRbadaccess);
4083 END_PROFILE(SMBwrite);
4087 numtowrite = SVAL(req->vwv+1, 0);
4088 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4089 data = (const char *)req->buf + 3;
4091 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4092 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4095 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4096 reply_doserror(req, ERRDOS, ERRlock);
4097 END_PROFILE(SMBwrite);
4102 * X/Open SMB protocol says that if smb_vwv1 is
4103 * zero then the file size should be extended or
4104 * truncated to the size given in smb_vwv[2-3].
4107 if(numtowrite == 0) {
4109 * This is actually an allocate call, and set EOF. JRA.
4111 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4113 reply_nterror(req, NT_STATUS_DISK_FULL);
4116 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4118 reply_nterror(req, NT_STATUS_DISK_FULL);
4121 trigger_write_time_update_immediate(fsp);
4123 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4126 status = sync_file(conn, fsp, False);
4127 if (!NT_STATUS_IS_OK(status)) {
4128 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4129 fsp_str_dbg(fsp), nt_errstr(status)));
4130 reply_nterror(req, status);
4135 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4139 if((nwritten == 0) && (numtowrite != 0)) {
4140 reply_doserror(req, ERRHRD, ERRdiskfull);
4144 reply_outbuf(req, 1, 0);
4146 SSVAL(req->outbuf,smb_vwv0,nwritten);
4148 if (nwritten < (ssize_t)numtowrite) {
4149 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4150 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4153 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4156 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4158 END_PROFILE(SMBwrite);
4162 /****************************************************************************
4163 Ensure a buffer is a valid writeX for recvfile purposes.
4164 ****************************************************************************/
4166 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4167 (2*14) + /* word count (including bcc) */ \
4170 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4173 connection_struct *conn = NULL;
4174 unsigned int doff = 0;
4175 size_t len = smb_len_large(inbuf);
4176 struct smbd_server_connection *sconn = smbd_server_conn;
4178 if (is_encrypted_packet(inbuf)) {
4179 /* Can't do this on encrypted
4184 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4188 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4189 CVAL(inbuf,smb_wct) != 14) {
4190 DEBUG(10,("is_valid_writeX_buffer: chained or "
4191 "invalid word length.\n"));
4195 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4197 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4201 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4204 if (IS_PRINT(conn)) {
4205 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4208 doff = SVAL(inbuf,smb_vwv11);
4210 numtowrite = SVAL(inbuf,smb_vwv10);
4212 if (len > doff && len - doff > 0xFFFF) {
4213 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4216 if (numtowrite == 0) {
4217 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4221 /* Ensure the sizes match up. */
4222 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4223 /* no pad byte...old smbclient :-( */
4224 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4226 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4230 if (len - doff != numtowrite) {
4231 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4232 "len = %u, doff = %u, numtowrite = %u\n",
4235 (unsigned int)numtowrite ));
4239 DEBUG(10,("is_valid_writeX_buffer: true "
4240 "len = %u, doff = %u, numtowrite = %u\n",
4243 (unsigned int)numtowrite ));
4248 /****************************************************************************
4249 Reply to a write and X.
4250 ****************************************************************************/
4252 void reply_write_and_X(struct smb_request *req)
4254 connection_struct *conn = req->conn;
4256 struct lock_struct lock;
4261 unsigned int smb_doff;
4262 unsigned int smblen;
4266 START_PROFILE(SMBwriteX);
4268 if ((req->wct != 12) && (req->wct != 14)) {
4269 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4270 END_PROFILE(SMBwriteX);
4274 numtowrite = SVAL(req->vwv+10, 0);
4275 smb_doff = SVAL(req->vwv+11, 0);
4276 smblen = smb_len(req->inbuf);
4278 if (req->unread_bytes > 0xFFFF ||
4279 (smblen > smb_doff &&
4280 smblen - smb_doff > 0xFFFF)) {
4281 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4284 if (req->unread_bytes) {
4285 /* Can't do a recvfile write on IPC$ */
4287 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4288 END_PROFILE(SMBwriteX);
4291 if (numtowrite != req->unread_bytes) {
4292 reply_doserror(req, ERRDOS, ERRbadmem);
4293 END_PROFILE(SMBwriteX);
4297 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4298 smb_doff + numtowrite > smblen) {
4299 reply_doserror(req, ERRDOS, ERRbadmem);
4300 END_PROFILE(SMBwriteX);
4305 /* If it's an IPC, pass off the pipe handler. */
4307 if (req->unread_bytes) {
4308 reply_doserror(req, ERRDOS, ERRbadmem);
4309 END_PROFILE(SMBwriteX);
4312 reply_pipe_write_and_X(req);
4313 END_PROFILE(SMBwriteX);
4317 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4318 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4319 write_through = BITSETW(req->vwv+7,0);
4321 if (!check_fsp(conn, req, fsp)) {
4322 END_PROFILE(SMBwriteX);
4326 if (!CHECK_WRITE(fsp)) {
4327 reply_doserror(req, ERRDOS, ERRbadaccess);
4328 END_PROFILE(SMBwriteX);
4332 data = smb_base(req->inbuf) + smb_doff;
4334 if(req->wct == 14) {
4335 #ifdef LARGE_SMB_OFF_T
4337 * This is a large offset (64 bit) write.
4339 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4341 #else /* !LARGE_SMB_OFF_T */
4344 * Ensure we haven't been sent a >32 bit offset.
4347 if(IVAL(req->vwv+12, 0) != 0) {
4348 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4349 "used and we don't support 64 bit offsets.\n",
4350 (unsigned int)IVAL(req->vwv+12, 0) ));
4351 reply_doserror(req, ERRDOS, ERRbadaccess);
4352 END_PROFILE(SMBwriteX);
4356 #endif /* LARGE_SMB_OFF_T */
4359 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4360 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4363 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4364 reply_doserror(req, ERRDOS, ERRlock);
4365 END_PROFILE(SMBwriteX);
4369 /* X/Open SMB protocol says that, unlike SMBwrite
4370 if the length is zero then NO truncation is
4371 done, just a write of zero. To truncate a file,
4374 if(numtowrite == 0) {
4378 if ((req->unread_bytes == 0) &&
4379 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4384 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4388 reply_nterror(req, map_nt_error_from_unix(errno));
4392 if((nwritten == 0) && (numtowrite != 0)) {
4393 reply_doserror(req, ERRHRD, ERRdiskfull);
4397 reply_outbuf(req, 6, 0);
4398 SSVAL(req->outbuf,smb_vwv2,nwritten);
4399 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4401 if (nwritten < (ssize_t)numtowrite) {
4402 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4403 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4406 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4407 fsp->fnum, (int)numtowrite, (int)nwritten));
4409 status = sync_file(conn, fsp, write_through);
4410 if (!NT_STATUS_IS_OK(status)) {
4411 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4412 fsp_str_dbg(fsp), nt_errstr(status)));
4413 reply_nterror(req, status);
4417 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4419 END_PROFILE(SMBwriteX);
4424 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4426 END_PROFILE(SMBwriteX);
4430 /****************************************************************************
4432 ****************************************************************************/
4434 void reply_lseek(struct smb_request *req)
4436 connection_struct *conn = req->conn;
4442 START_PROFILE(SMBlseek);
4445 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4446 END_PROFILE(SMBlseek);
4450 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4452 if (!check_fsp(conn, req, fsp)) {
4456 flush_write_cache(fsp, SEEK_FLUSH);
4458 mode = SVAL(req->vwv+1, 0) & 3;
4459 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4460 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4469 res = fsp->fh->pos + startpos;
4480 if (umode == SEEK_END) {
4481 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4482 if(errno == EINVAL) {
4483 SMB_OFF_T current_pos = startpos;
4484 SMB_STRUCT_STAT sbuf;
4486 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4488 map_nt_error_from_unix(errno));
4489 END_PROFILE(SMBlseek);
4493 current_pos += sbuf.st_ex_size;
4495 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4500 reply_nterror(req, map_nt_error_from_unix(errno));
4501 END_PROFILE(SMBlseek);
4508 reply_outbuf(req, 2, 0);
4509 SIVAL(req->outbuf,smb_vwv0,res);
4511 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4512 fsp->fnum, (double)startpos, (double)res, mode));
4514 END_PROFILE(SMBlseek);
4518 /****************************************************************************
4520 ****************************************************************************/
4522 void reply_flush(struct smb_request *req)
4524 connection_struct *conn = req->conn;
4528 START_PROFILE(SMBflush);
4531 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4535 fnum = SVAL(req->vwv+0, 0);
4536 fsp = file_fsp(req, fnum);
4538 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4543 file_sync_all(conn);
4545 NTSTATUS status = sync_file(conn, fsp, True);
4546 if (!NT_STATUS_IS_OK(status)) {
4547 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4548 fsp_str_dbg(fsp), nt_errstr(status)));
4549 reply_nterror(req, status);
4550 END_PROFILE(SMBflush);
4555 reply_outbuf(req, 0, 0);
4557 DEBUG(3,("flush\n"));
4558 END_PROFILE(SMBflush);
4562 /****************************************************************************
4564 conn POINTER CAN BE NULL HERE !
4565 ****************************************************************************/
4567 void reply_exit(struct smb_request *req)
4569 START_PROFILE(SMBexit);
4571 file_close_pid(req->smbpid, req->vuid);
4573 reply_outbuf(req, 0, 0);
4575 DEBUG(3,("exit\n"));
4577 END_PROFILE(SMBexit);
4581 /****************************************************************************
4582 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4583 ****************************************************************************/
4585 void reply_close(struct smb_request *req)
4587 connection_struct *conn = req->conn;
4588 NTSTATUS status = NT_STATUS_OK;
4589 files_struct *fsp = NULL;
4590 START_PROFILE(SMBclose);
4593 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4594 END_PROFILE(SMBclose);
4598 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4601 * We can only use check_fsp if we know it's not a directory.
4604 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4605 reply_doserror(req, ERRDOS, ERRbadfid);
4606 END_PROFILE(SMBclose);
4610 if(fsp->is_directory) {
4612 * Special case - close NT SMB directory handle.
4614 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4615 status = close_file(req, fsp, NORMAL_CLOSE);
4619 * Close ordinary file.
4622 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4623 fsp->fh->fd, fsp->fnum,
4624 conn->num_files_open));
4627 * Take care of any time sent in the close.
4630 t = srv_make_unix_date3(req->vwv+1);
4631 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4634 * close_file() returns the unix errno if an error
4635 * was detected on close - normally this is due to
4636 * a disk full error. If not then it was probably an I/O error.
4639 status = close_file(req, fsp, NORMAL_CLOSE);
4642 if (!NT_STATUS_IS_OK(status)) {
4643 reply_nterror(req, status);
4644 END_PROFILE(SMBclose);
4648 reply_outbuf(req, 0, 0);
4649 END_PROFILE(SMBclose);
4653 /****************************************************************************
4654 Reply to a writeclose (Core+ protocol).
4655 ****************************************************************************/
4657 void reply_writeclose(struct smb_request *req)
4659 connection_struct *conn = req->conn;
4661 ssize_t nwritten = -1;
4662 NTSTATUS close_status = NT_STATUS_OK;
4665 struct timespec mtime;
4667 struct lock_struct lock;
4669 START_PROFILE(SMBwriteclose);
4672 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4673 END_PROFILE(SMBwriteclose);
4677 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4679 if (!check_fsp(conn, req, fsp)) {
4680 END_PROFILE(SMBwriteclose);
4683 if (!CHECK_WRITE(fsp)) {
4684 reply_doserror(req, ERRDOS,ERRbadaccess);
4685 END_PROFILE(SMBwriteclose);
4689 numtowrite = SVAL(req->vwv+1, 0);
4690 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4691 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4692 data = (const char *)req->buf + 1;
4695 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4696 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4699 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4700 reply_doserror(req, ERRDOS,ERRlock);
4701 END_PROFILE(SMBwriteclose);
4706 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4708 set_close_write_time(fsp, mtime);
4711 * More insanity. W2K only closes the file if writelen > 0.
4716 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4717 "file %s\n", fsp_str_dbg(fsp)));
4718 close_status = close_file(req, fsp, NORMAL_CLOSE);
4721 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4722 fsp->fnum, (int)numtowrite, (int)nwritten,
4723 conn->num_files_open));
4725 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4726 reply_doserror(req, ERRHRD, ERRdiskfull);
4730 if(!NT_STATUS_IS_OK(close_status)) {
4731 reply_nterror(req, close_status);
4735 reply_outbuf(req, 1, 0);
4737 SSVAL(req->outbuf,smb_vwv0,nwritten);
4741 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4744 END_PROFILE(SMBwriteclose);
4749 #define DBGC_CLASS DBGC_LOCKING
4751 /****************************************************************************
4753 ****************************************************************************/
4755 void reply_lock(struct smb_request *req)
4757 connection_struct *conn = req->conn;
4758 uint64_t count,offset;
4761 struct byte_range_lock *br_lck = NULL;
4763 START_PROFILE(SMBlock);
4766 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4767 END_PROFILE(SMBlock);
4771 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4773 if (!check_fsp(conn, req, fsp)) {
4774 END_PROFILE(SMBlock);
4778 count = (uint64_t)IVAL(req->vwv+1, 0);
4779 offset = (uint64_t)IVAL(req->vwv+3, 0);
4781 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4782 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4784 br_lck = do_lock(smbd_messaging_context(),
4791 False, /* Non-blocking lock. */
4796 TALLOC_FREE(br_lck);
4798 if (NT_STATUS_V(status)) {
4799 reply_nterror(req, status);
4800 END_PROFILE(SMBlock);
4804 reply_outbuf(req, 0, 0);
4806 END_PROFILE(SMBlock);
4810 /****************************************************************************
4812 ****************************************************************************/
4814 void reply_unlock(struct smb_request *req)
4816 connection_struct *conn = req->conn;
4817 uint64_t count,offset;
4821 START_PROFILE(SMBunlock);
4824 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4825 END_PROFILE(SMBunlock);
4829 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4831 if (!check_fsp(conn, req, fsp)) {
4832 END_PROFILE(SMBunlock);
4836 count = (uint64_t)IVAL(req->vwv+1, 0);
4837 offset = (uint64_t)IVAL(req->vwv+3, 0);
4839 status = do_unlock(smbd_messaging_context(),
4846 if (NT_STATUS_V(status)) {
4847 reply_nterror(req, status);
4848 END_PROFILE(SMBunlock);
4852 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4853 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4855 reply_outbuf(req, 0, 0);
4857 END_PROFILE(SMBunlock);
4862 #define DBGC_CLASS DBGC_ALL
4864 /****************************************************************************
4866 conn POINTER CAN BE NULL HERE !
4867 ****************************************************************************/
4869 void reply_tdis(struct smb_request *req)
4871 connection_struct *conn = req->conn;
4872 START_PROFILE(SMBtdis);
4875 DEBUG(4,("Invalid connection in tdis\n"));
4876 reply_doserror(req, ERRSRV, ERRinvnid);
4877 END_PROFILE(SMBtdis);
4883 close_cnum(conn,req->vuid);
4886 reply_outbuf(req, 0, 0);
4887 END_PROFILE(SMBtdis);
4891 /****************************************************************************
4893 conn POINTER CAN BE NULL HERE !
4894 ****************************************************************************/
4896 void reply_echo(struct smb_request *req)
4898 connection_struct *conn = req->conn;
4899 struct smb_perfcount_data local_pcd;
4900 struct smb_perfcount_data *cur_pcd;
4904 START_PROFILE(SMBecho);
4906 smb_init_perfcount_data(&local_pcd);
4909 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4910 END_PROFILE(SMBecho);
4914 smb_reverb = SVAL(req->vwv+0, 0);
4916 reply_outbuf(req, 1, req->buflen);
4918 /* copy any incoming data back out */
4919 if (req->buflen > 0) {
4920 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4923 if (smb_reverb > 100) {
4924 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4928 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4930 /* this makes sure we catch the request pcd */
4931 if (seq_num == smb_reverb) {
4932 cur_pcd = &req->pcd;
4934 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4935 cur_pcd = &local_pcd;
4938 SSVAL(req->outbuf,smb_vwv0,seq_num);
4940 show_msg((char *)req->outbuf);
4941 if (!srv_send_smb(smbd_server_fd(),
4942 (char *)req->outbuf,
4943 true, req->seqnum+1,
4944 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4946 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4949 DEBUG(3,("echo %d times\n", smb_reverb));
4951 TALLOC_FREE(req->outbuf);
4953 END_PROFILE(SMBecho);
4957 /****************************************************************************
4958 Reply to a printopen.
4959 ****************************************************************************/
4961 void reply_printopen(struct smb_request *req)
4963 connection_struct *conn = req->conn;
4965 SMB_STRUCT_STAT sbuf;
4968 START_PROFILE(SMBsplopen);
4971 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4972 END_PROFILE(SMBsplopen);
4976 if (!CAN_PRINT(conn)) {
4977 reply_doserror(req, ERRDOS, ERRnoaccess);
4978 END_PROFILE(SMBsplopen);
4982 status = file_new(req, conn, &fsp);
4983 if(!NT_STATUS_IS_OK(status)) {
4984 reply_nterror(req, status);
4985 END_PROFILE(SMBsplopen);
4989 /* Open for exclusive use, write only. */
4990 status = print_fsp_open(req, conn, NULL, req->vuid, fsp, &sbuf);
4992 if (!NT_STATUS_IS_OK(status)) {
4993 file_free(req, fsp);
4994 reply_nterror(req, status);
4995 END_PROFILE(SMBsplopen);
4999 reply_outbuf(req, 1, 0);
5000 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5002 DEBUG(3,("openprint fd=%d fnum=%d\n",
5003 fsp->fh->fd, fsp->fnum));
5005 END_PROFILE(SMBsplopen);
5009 /****************************************************************************
5010 Reply to a printclose.
5011 ****************************************************************************/
5013 void reply_printclose(struct smb_request *req)
5015 connection_struct *conn = req->conn;
5019 START_PROFILE(SMBsplclose);
5022 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5023 END_PROFILE(SMBsplclose);
5027 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5029 if (!check_fsp(conn, req, fsp)) {
5030 END_PROFILE(SMBsplclose);
5034 if (!CAN_PRINT(conn)) {
5035 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
5036 END_PROFILE(SMBsplclose);
5040 DEBUG(3,("printclose fd=%d fnum=%d\n",
5041 fsp->fh->fd,fsp->fnum));
5043 status = close_file(req, fsp, NORMAL_CLOSE);
5045 if(!NT_STATUS_IS_OK(status)) {
5046 reply_nterror(req, status);
5047 END_PROFILE(SMBsplclose);
5051 reply_outbuf(req, 0, 0);
5053 END_PROFILE(SMBsplclose);
5057 /****************************************************************************
5058 Reply to a printqueue.
5059 ****************************************************************************/
5061 void reply_printqueue(struct smb_request *req)
5063 connection_struct *conn = req->conn;
5067 START_PROFILE(SMBsplretq);
5070 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5071 END_PROFILE(SMBsplretq);
5075 max_count = SVAL(req->vwv+0, 0);
5076 start_index = SVAL(req->vwv+1, 0);
5078 /* we used to allow the client to get the cnum wrong, but that
5079 is really quite gross and only worked when there was only
5080 one printer - I think we should now only accept it if they
5081 get it right (tridge) */
5082 if (!CAN_PRINT(conn)) {
5083 reply_doserror(req, ERRDOS, ERRnoaccess);
5084 END_PROFILE(SMBsplretq);
5088 reply_outbuf(req, 2, 3);
5089 SSVAL(req->outbuf,smb_vwv0,0);
5090 SSVAL(req->outbuf,smb_vwv1,0);
5091 SCVAL(smb_buf(req->outbuf),0,1);
5092 SSVAL(smb_buf(req->outbuf),1,0);
5094 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5095 start_index, max_count));
5098 print_queue_struct *queue = NULL;
5099 print_status_struct status;
5100 int count = print_queue_status(SNUM(conn), &queue, &status);
5101 int num_to_get = ABS(max_count);
5102 int first = (max_count>0?start_index:start_index+max_count+1);
5108 num_to_get = MIN(num_to_get,count-first);
5111 for (i=first;i<first+num_to_get;i++) {
5115 srv_put_dos_date2(p,0,queue[i].time);
5116 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5117 SSVAL(p,5, queue[i].job);
5118 SIVAL(p,7,queue[i].size);
5120 srvstr_push(blob, req->flags2, p+12,
5121 queue[i].fs_user, 16, STR_ASCII);
5123 if (message_push_blob(
5126 blob, sizeof(blob))) == -1) {
5127 reply_nterror(req, NT_STATUS_NO_MEMORY);
5128 END_PROFILE(SMBsplretq);
5134 SSVAL(req->outbuf,smb_vwv0,count);
5135 SSVAL(req->outbuf,smb_vwv1,
5136 (max_count>0?first+count:first-1));
5137 SCVAL(smb_buf(req->outbuf),0,1);
5138 SSVAL(smb_buf(req->outbuf),1,28*count);
5143 DEBUG(3,("%d entries returned in queue\n",count));
5146 END_PROFILE(SMBsplretq);
5150 /****************************************************************************
5151 Reply to a printwrite.
5152 ****************************************************************************/
5154 void reply_printwrite(struct smb_request *req)
5156 connection_struct *conn = req->conn;
5161 START_PROFILE(SMBsplwr);
5164 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5165 END_PROFILE(SMBsplwr);
5169 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5171 if (!check_fsp(conn, req, fsp)) {
5172 END_PROFILE(SMBsplwr);
5176 if (!CAN_PRINT(conn)) {
5177 reply_doserror(req, ERRDOS, ERRnoaccess);
5178 END_PROFILE(SMBsplwr);
5182 if (!CHECK_WRITE(fsp)) {
5183 reply_doserror(req, ERRDOS, ERRbadaccess);
5184 END_PROFILE(SMBsplwr);
5188 numtowrite = SVAL(req->buf, 1);
5190 if (req->buflen < numtowrite + 3) {
5191 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5192 END_PROFILE(SMBsplwr);
5196 data = (const char *)req->buf + 3;
5198 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5199 reply_nterror(req, map_nt_error_from_unix(errno));
5200 END_PROFILE(SMBsplwr);
5204 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5206 END_PROFILE(SMBsplwr);
5210 /****************************************************************************
5212 ****************************************************************************/
5214 void reply_mkdir(struct smb_request *req)
5216 connection_struct *conn = req->conn;
5217 struct smb_filename *smb_dname = NULL;
5218 char *directory = NULL;
5220 TALLOC_CTX *ctx = talloc_tos();
5222 START_PROFILE(SMBmkdir);
5224 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5225 STR_TERMINATE, &status);
5226 if (!NT_STATUS_IS_OK(status)) {
5227 reply_nterror(req, status);
5231 status = filename_convert(ctx, conn,
5232 req->flags2 & FLAGS2_DFS_PATHNAMES,
5237 if (!NT_STATUS_IS_OK(status)) {
5238 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5239 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5240 ERRSRV, ERRbadpath);
5243 reply_nterror(req, status);
5247 status = create_directory(conn, req, smb_dname);
5249 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5251 if (!NT_STATUS_IS_OK(status)) {
5253 if (!use_nt_status()
5254 && NT_STATUS_EQUAL(status,
5255 NT_STATUS_OBJECT_NAME_COLLISION)) {
5257 * Yes, in the DOS error code case we get a
5258 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5259 * samba4 torture test.
5261 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5264 reply_nterror(req, status);
5268 reply_outbuf(req, 0, 0);
5270 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5272 TALLOC_FREE(smb_dname);
5273 END_PROFILE(SMBmkdir);
5277 /****************************************************************************
5278 Static function used by reply_rmdir to delete an entire directory
5279 tree recursively. Return True on ok, False on fail.
5280 ****************************************************************************/
5282 static bool recursive_rmdir(TALLOC_CTX *ctx,
5283 connection_struct *conn,
5284 struct smb_filename *smb_dname)
5286 const char *dname = NULL;
5290 struct smb_Dir *dir_hnd;
5292 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
5294 dir_hnd = OpenDir(talloc_tos(), conn, smb_dname->base_name, NULL, 0);
5298 while((dname = ReadDirName(dir_hnd, &offset, &st))) {
5299 struct smb_filename *smb_dname_full = NULL;
5300 char *fullname = NULL;
5301 bool do_break = true;
5304 if (ISDOT(dname) || ISDOTDOT(dname)) {
5308 if (!is_visible_file(conn, smb_dname->base_name, dname, &st,
5313 /* Construct the full name. */
5314 fullname = talloc_asprintf(ctx,
5316 smb_dname->base_name,
5323 status = create_synthetic_smb_fname(talloc_tos(), fullname,
5326 if (!NT_STATUS_IS_OK(status)) {
5330 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
5334 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
5335 if(!recursive_rmdir(ctx, conn, smb_dname_full)) {
5338 if(SMB_VFS_RMDIR(conn,
5339 smb_dname_full->base_name) != 0) {
5342 } else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
5346 /* Successful iteration. */
5350 TALLOC_FREE(smb_dname_full);
5351 TALLOC_FREE(fullname);
5357 TALLOC_FREE(dir_hnd);
5361 /****************************************************************************
5362 The internals of the rmdir code - called elsewhere.
5363 ****************************************************************************/
5365 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5366 connection_struct *conn,
5367 struct smb_filename *smb_dname)
5372 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
5374 /* Might be a symlink. */
5375 if(SMB_VFS_LSTAT(conn, smb_dname) != 0) {
5376 return map_nt_error_from_unix(errno);
5379 if (S_ISLNK(smb_dname->st.st_ex_mode)) {
5380 /* Is what it points to a directory ? */
5381 if(SMB_VFS_STAT(conn, smb_dname) != 0) {
5382 return map_nt_error_from_unix(errno);
5384 if (!(S_ISDIR(smb_dname->st.st_ex_mode))) {
5385 return NT_STATUS_NOT_A_DIRECTORY;
5387 ret = SMB_VFS_UNLINK(conn, smb_dname);
5389 ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
5392 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5393 FILE_NOTIFY_CHANGE_DIR_NAME,
5394 smb_dname->base_name);
5395 return NT_STATUS_OK;
5398 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5400 * Check to see if the only thing in this directory are
5401 * vetoed files/directories. If so then delete them and
5402 * retry. If we fail to delete any of them (and we *don't*
5403 * do a recursive delete) then fail the rmdir.
5407 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5408 smb_dname->base_name, NULL,
5411 if(dir_hnd == NULL) {
5416 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5417 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5419 if (!is_visible_file(conn, smb_dname->base_name, dname,
5422 if(!IS_VETO_PATH(conn, dname)) {
5423 TALLOC_FREE(dir_hnd);
5429 /* We only have veto files/directories.
5430 * Are we allowed to delete them ? */
5432 if(!lp_recursive_veto_delete(SNUM(conn))) {
5433 TALLOC_FREE(dir_hnd);
5438 /* Do a recursive delete. */
5439 RewindDir(dir_hnd,&dirpos);
5440 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5441 struct smb_filename *smb_dname_full = NULL;
5442 char *fullname = NULL;
5443 bool do_break = true;
5446 if (ISDOT(dname) || ISDOTDOT(dname)) {
5449 if (!is_visible_file(conn, smb_dname->base_name, dname,
5454 fullname = talloc_asprintf(ctx,
5456 smb_dname->base_name,
5464 status = create_synthetic_smb_fname(talloc_tos(),
5468 if (!NT_STATUS_IS_OK(status)) {
5469 errno = map_errno_from_nt_status(status);
5473 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
5476 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
5477 if(!recursive_rmdir(ctx, conn,
5481 if(SMB_VFS_RMDIR(conn,
5482 smb_dname_full->base_name) != 0) {
5485 } else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
5489 /* Successful iteration. */
5493 TALLOC_FREE(fullname);
5494 TALLOC_FREE(smb_dname_full);
5498 TALLOC_FREE(dir_hnd);
5499 /* Retry the rmdir */
5500 ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
5506 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5507 "%s\n", smb_fname_str_dbg(smb_dname),
5509 return map_nt_error_from_unix(errno);
5512 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5513 FILE_NOTIFY_CHANGE_DIR_NAME,
5514 smb_dname->base_name);
5516 return NT_STATUS_OK;
5519 /****************************************************************************
5521 ****************************************************************************/
5523 void reply_rmdir(struct smb_request *req)
5525 connection_struct *conn = req->conn;
5526 struct smb_filename *smb_dname = NULL;
5527 char *directory = NULL;
5529 TALLOC_CTX *ctx = talloc_tos();
5531 START_PROFILE(SMBrmdir);
5533 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5534 STR_TERMINATE, &status);
5535 if (!NT_STATUS_IS_OK(status)) {
5536 reply_nterror(req, status);
5540 status = filename_convert(ctx, conn,
5541 req->flags2 & FLAGS2_DFS_PATHNAMES,
5546 if (!NT_STATUS_IS_OK(status)) {
5547 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5548 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5549 ERRSRV, ERRbadpath);
5552 reply_nterror(req, status);
5556 if (is_ntfs_stream_smb_fname(smb_dname)) {
5557 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5561 dptr_closepath(smb_dname->base_name, req->smbpid);
5562 status = rmdir_internals(ctx, conn, smb_dname);
5563 if (!NT_STATUS_IS_OK(status)) {
5564 reply_nterror(req, status);
5568 reply_outbuf(req, 0, 0);
5570 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5572 TALLOC_FREE(smb_dname);
5573 END_PROFILE(SMBrmdir);
5577 /*******************************************************************
5578 Resolve wildcards in a filename rename.
5579 ********************************************************************/
5581 static bool resolve_wildcards(TALLOC_CTX *ctx,
5586 char *name2_copy = NULL;
5591 char *p,*p2, *pname1, *pname2;
5593 name2_copy = talloc_strdup(ctx, name2);
5598 pname1 = strrchr_m(name1,'/');
5599 pname2 = strrchr_m(name2_copy,'/');
5601 if (!pname1 || !pname2) {
5605 /* Truncate the copy of name2 at the last '/' */
5608 /* Now go past the '/' */
5612 root1 = talloc_strdup(ctx, pname1);
5613 root2 = talloc_strdup(ctx, pname2);
5615 if (!root1 || !root2) {
5619 p = strrchr_m(root1,'.');
5622 ext1 = talloc_strdup(ctx, p+1);
5624 ext1 = talloc_strdup(ctx, "");
5626 p = strrchr_m(root2,'.');
5629 ext2 = talloc_strdup(ctx, p+1);
5631 ext2 = talloc_strdup(ctx, "");
5634 if (!ext1 || !ext2) {
5642 /* Hmmm. Should this be mb-aware ? */
5645 } else if (*p2 == '*') {
5647 root2 = talloc_asprintf(ctx, "%s%s",
5666 /* Hmmm. Should this be mb-aware ? */
5669 } else if (*p2 == '*') {
5671 ext2 = talloc_asprintf(ctx, "%s%s",
5687 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5692 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5704 /****************************************************************************
5705 Ensure open files have their names updated. Updated to notify other smbd's
5707 ****************************************************************************/
5709 static void rename_open_files(connection_struct *conn,
5710 struct share_mode_lock *lck,
5711 const struct smb_filename *smb_fname_dst)
5714 bool did_rename = False;
5717 for(fsp = file_find_di_first(lck->id); fsp;
5718 fsp = file_find_di_next(fsp)) {
5719 /* fsp_name is a relative path under the fsp. To change this for other
5720 sharepaths we need to manipulate relative paths. */
5721 /* TODO - create the absolute path and manipulate the newname
5722 relative to the sharepath. */
5723 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5726 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5727 "(file_id %s) from %s -> %s\n", fsp->fnum,
5728 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5729 smb_fname_str_dbg(smb_fname_dst)));
5731 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5732 if (NT_STATUS_IS_OK(status)) {
5738 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5739 "for %s\n", file_id_string_tos(&lck->id),
5740 smb_fname_str_dbg(smb_fname_dst)));
5743 /* Send messages to all smbd's (not ourself) that the name has changed. */
5744 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5749 /****************************************************************************
5750 We need to check if the source path is a parent directory of the destination
5751 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5752 refuse the rename with a sharing violation. Under UNIX the above call can
5753 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5754 probably need to check that the client is a Windows one before disallowing
5755 this as a UNIX client (one with UNIX extensions) can know the source is a
5756 symlink and make this decision intelligently. Found by an excellent bug
5757 report from <AndyLiebman@aol.com>.
5758 ****************************************************************************/
5760 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5761 const struct smb_filename *smb_fname_dst)
5763 const char *psrc = smb_fname_src->base_name;
5764 const char *pdst = smb_fname_dst->base_name;
5767 if (psrc[0] == '.' && psrc[1] == '/') {
5770 if (pdst[0] == '.' && pdst[1] == '/') {
5773 if ((slen = strlen(psrc)) > strlen(pdst)) {
5776 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5780 * Do the notify calls from a rename
5783 static void notify_rename(connection_struct *conn, bool is_dir,
5784 const struct smb_filename *smb_fname_src,
5785 const struct smb_filename *smb_fname_dst)
5787 char *parent_dir_src = NULL;
5788 char *parent_dir_dst = NULL;
5791 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5792 : FILE_NOTIFY_CHANGE_FILE_NAME;
5794 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5795 &parent_dir_src, NULL) ||
5796 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5797 &parent_dir_dst, NULL)) {
5801 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5802 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5803 smb_fname_src->base_name);
5804 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5805 smb_fname_dst->base_name);
5808 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5809 smb_fname_src->base_name);
5810 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5811 smb_fname_dst->base_name);
5814 /* this is a strange one. w2k3 gives an additional event for
5815 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5816 files, but not directories */
5818 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5819 FILE_NOTIFY_CHANGE_ATTRIBUTES
5820 |FILE_NOTIFY_CHANGE_CREATION,
5821 smb_fname_dst->base_name);
5824 TALLOC_FREE(parent_dir_src);
5825 TALLOC_FREE(parent_dir_dst);
5828 /****************************************************************************
5829 Rename an open file - given an fsp.
5830 ****************************************************************************/
5832 NTSTATUS rename_internals_fsp(connection_struct *conn,
5834 const struct smb_filename *smb_fname_dst_in,
5836 bool replace_if_exists)
5838 TALLOC_CTX *ctx = talloc_tos();
5839 struct smb_filename *smb_fname_src = NULL;
5840 struct smb_filename *smb_fname_dst = NULL;
5841 SMB_STRUCT_STAT sbuf;
5842 NTSTATUS status = NT_STATUS_OK;
5843 struct share_mode_lock *lck = NULL;
5844 bool dst_exists, old_is_stream, new_is_stream;
5848 status = check_name(conn, smb_fname_dst_in->base_name);
5849 if (!NT_STATUS_IS_OK(status)) {
5853 /* Make a copy of the src and dst smb_fname structs */
5854 status = copy_smb_filename(ctx, fsp->fsp_name, &smb_fname_src);
5855 if (!NT_STATUS_IS_OK(status)) {
5859 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5860 if (!NT_STATUS_IS_OK(status)) {
5864 /* Ensure the dst smb_fname contains a '/' */
5865 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5867 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5868 smb_fname_dst->base_name);
5870 status = NT_STATUS_NO_MEMORY;
5873 TALLOC_FREE(smb_fname_dst->base_name);
5874 smb_fname_dst->base_name = tmp;
5878 * Check for special case with case preserving and not
5879 * case sensitive. If the old last component differs from the original
5880 * last component only by case, then we should allow
5881 * the rename (user is trying to change the case of the
5884 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5885 strequal(smb_fname_src->base_name, smb_fname_dst->base_name) &&
5886 strequal(smb_fname_src->stream_name, smb_fname_dst->stream_name)) {
5888 char *fname_dst_lcomp_base_mod = NULL;
5889 struct smb_filename *smb_fname_orig_lcomp = NULL;
5892 * Get the last component of the destination name. Note that
5893 * we guarantee that destination name contains a '/' character
5896 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5897 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5898 if (!fname_dst_lcomp_base_mod) {
5899 status = NT_STATUS_NO_MEMORY;
5904 * Create an smb_filename struct using the original last
5905 * component of the destination.
5907 status = create_synthetic_smb_fname_split(ctx,
5908 smb_fname_dst->original_lcomp, NULL,
5909 &smb_fname_orig_lcomp);
5910 if (!NT_STATUS_IS_OK(status)) {
5911 TALLOC_FREE(fname_dst_lcomp_base_mod);
5915 /* If the base names only differ by case, use original. */
5916 if(!strcsequal(fname_dst_lcomp_base_mod,
5917 smb_fname_orig_lcomp->base_name)) {
5920 * Replace the modified last component with the
5923 *last_slash = '\0'; /* Truncate at the '/' */
5924 tmp = talloc_asprintf(smb_fname_dst,
5926 smb_fname_dst->base_name,
5927 smb_fname_orig_lcomp->base_name);
5929 status = NT_STATUS_NO_MEMORY;
5930 TALLOC_FREE(fname_dst_lcomp_base_mod);
5931 TALLOC_FREE(smb_fname_orig_lcomp);
5934 TALLOC_FREE(smb_fname_dst->base_name);
5935 smb_fname_dst->base_name = tmp;
5938 /* If the stream_names only differ by case, use original. */
5939 if(!strcsequal(smb_fname_dst->stream_name,
5940 smb_fname_orig_lcomp->stream_name)) {
5942 /* Use the original stream. */
5943 tmp = talloc_strdup(smb_fname_dst,
5944 smb_fname_orig_lcomp->stream_name);
5946 status = NT_STATUS_NO_MEMORY;
5947 TALLOC_FREE(fname_dst_lcomp_base_mod);
5948 TALLOC_FREE(smb_fname_orig_lcomp);
5951 TALLOC_FREE(smb_fname_dst->stream_name);
5952 smb_fname_dst->stream_name = tmp;
5954 TALLOC_FREE(fname_dst_lcomp_base_mod);
5955 TALLOC_FREE(smb_fname_orig_lcomp);
5959 * If the src and dest names are identical - including case,
5960 * don't do the rename, just return success.
5963 if (strcsequal(smb_fname_src->base_name, smb_fname_dst->base_name) &&
5964 strcsequal(smb_fname_src->stream_name,
5965 smb_fname_dst->stream_name)) {
5966 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
5967 "- returning success\n",
5968 smb_fname_str_dbg(smb_fname_dst)));
5969 status = NT_STATUS_OK;
5973 old_is_stream = is_ntfs_stream_smb_fname(smb_fname_src);
5974 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
5976 /* Return the correct error code if both names aren't streams. */
5977 if (!old_is_stream && new_is_stream) {
5978 status = NT_STATUS_OBJECT_NAME_INVALID;
5982 if (old_is_stream && !new_is_stream) {
5983 status = NT_STATUS_INVALID_PARAMETER;
5987 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
5989 if(!replace_if_exists && dst_exists) {
5990 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
5991 "%s -> %s\n", smb_fname_str_dbg(smb_fname_src),
5992 smb_fname_str_dbg(smb_fname_dst)));
5993 status = NT_STATUS_OBJECT_NAME_COLLISION;
5998 struct file_id fileid = vfs_file_id_from_sbuf(conn,
5999 &smb_fname_dst->st);
6000 files_struct *dst_fsp = file_find_di_first(fileid);
6001 /* The file can be open when renaming a stream */
6002 if (dst_fsp && !new_is_stream) {
6003 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6004 status = NT_STATUS_ACCESS_DENIED;
6009 /* Ensure we have a valid stat struct for the source. */
6010 if (fsp->fh->fd != -1) {
6011 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
6012 status = map_nt_error_from_unix(errno);
6017 if (fsp->posix_open) {
6018 ret = SMB_VFS_LSTAT(conn, smb_fname_src);
6021 ret = SMB_VFS_STAT(conn, smb_fname_src);
6024 status = map_nt_error_from_unix(errno);
6027 sbuf = smb_fname_src->st;
6030 status = can_rename(conn, fsp, attrs, &sbuf);
6032 if (!NT_STATUS_IS_OK(status)) {
6033 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6034 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6035 smb_fname_str_dbg(smb_fname_dst)));
6036 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6037 status = NT_STATUS_ACCESS_DENIED;
6041 if (rename_path_prefix_equal(smb_fname_src, smb_fname_dst)) {
6042 status = NT_STATUS_ACCESS_DENIED;
6045 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
6049 * We have the file open ourselves, so not being able to get the
6050 * corresponding share mode lock is a fatal error.
6053 SMB_ASSERT(lck != NULL);
6055 if(SMB_VFS_RENAME(conn, smb_fname_src, smb_fname_dst) == 0) {
6056 uint32 create_options = fsp->fh->private_options;
6058 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6059 "%s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6060 smb_fname_str_dbg(smb_fname_dst)));
6062 notify_rename(conn, fsp->is_directory, smb_fname_src,
6065 rename_open_files(conn, lck, smb_fname_dst);
6068 * A rename acts as a new file create w.r.t. allowing an initial delete
6069 * on close, probably because in Windows there is a new handle to the
6070 * new file. If initial delete on close was requested but not
6071 * originally set, we need to set it here. This is probably not 100% correct,
6072 * but will work for the CIFSFS client which in non-posix mode
6073 * depends on these semantics. JRA.
6076 if (create_options & FILE_DELETE_ON_CLOSE) {
6077 status = can_set_delete_on_close(fsp, True, 0);
6079 if (NT_STATUS_IS_OK(status)) {
6080 /* Note that here we set the *inital* delete on close flag,
6081 * not the regular one. The magic gets handled in close. */
6082 fsp->initial_delete_on_close = True;
6086 status = NT_STATUS_OK;
6092 if (errno == ENOTDIR || errno == EISDIR) {
6093 status = NT_STATUS_OBJECT_NAME_COLLISION;
6095 status = map_nt_error_from_unix(errno);
6098 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6099 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6100 smb_fname_str_dbg(smb_fname_dst)));
6103 TALLOC_FREE(smb_fname_src);
6104 TALLOC_FREE(smb_fname_dst);
6109 /****************************************************************************
6110 The guts of the rename command, split out so it may be called by the NT SMB
6112 ****************************************************************************/
6114 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6115 connection_struct *conn,
6116 struct smb_request *req,
6117 struct smb_filename *smb_fname_src,
6118 struct smb_filename *smb_fname_dst,
6120 bool replace_if_exists,
6123 uint32_t access_mask)
6125 char *fname_src_dir = NULL;
6126 char *fname_src_mask = NULL;
6128 NTSTATUS status = NT_STATUS_OK;
6129 struct smb_Dir *dir_hnd = NULL;
6132 int create_options = 0;
6133 bool posix_pathnames = lp_posix_pathnames();
6136 * Split the old name into directory and last component
6137 * strings. Note that unix_convert may have stripped off a
6138 * leading ./ from both name and newname if the rename is
6139 * at the root of the share. We need to make sure either both
6140 * name and newname contain a / character or neither of them do
6141 * as this is checked in resolve_wildcards().
6144 /* Split up the directory from the filename/mask. */
6145 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6146 &fname_src_dir, &fname_src_mask);
6147 if (!NT_STATUS_IS_OK(status)) {
6148 status = NT_STATUS_NO_MEMORY;
6153 * We should only check the mangled cache
6154 * here if unix_convert failed. This means
6155 * that the path in 'mask' doesn't exist
6156 * on the file system and so we need to look
6157 * for a possible mangle. This patch from
6158 * Tine Smukavec <valentin.smukavec@hermes.si>.
6161 if (!VALID_STAT(smb_fname_src->st) &&
6162 mangle_is_mangled(fname_src_mask, conn->params)) {
6163 char *new_mask = NULL;
6164 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6167 TALLOC_FREE(fname_src_mask);
6168 fname_src_mask = new_mask;
6172 if (!src_has_wild) {
6176 * Only one file needs to be renamed. Append the mask back
6177 * onto the directory.
6179 TALLOC_FREE(smb_fname_src->base_name);
6180 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6184 if (!smb_fname_src->base_name) {
6185 status = NT_STATUS_NO_MEMORY;
6189 /* Ensure dst fname contains a '/' also */
6190 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
6192 tmp = talloc_asprintf(smb_fname_dst, "./%s",
6193 smb_fname_dst->base_name);
6195 status = NT_STATUS_NO_MEMORY;
6198 TALLOC_FREE(smb_fname_dst->base_name);
6199 smb_fname_dst->base_name = tmp;
6202 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6203 "case_preserve = %d, short case preserve = %d, "
6204 "directory = %s, newname = %s, "
6205 "last_component_dest = %s\n",
6206 conn->case_sensitive, conn->case_preserve,
6207 conn->short_case_preserve,
6208 smb_fname_str_dbg(smb_fname_src),
6209 smb_fname_str_dbg(smb_fname_dst),
6210 smb_fname_dst->original_lcomp));
6212 /* The dest name still may have wildcards. */
6213 if (dest_has_wild) {
6214 char *fname_dst_mod = NULL;
6215 if (!resolve_wildcards(smb_fname_dst,
6216 smb_fname_src->base_name,
6217 smb_fname_dst->base_name,
6219 DEBUG(6, ("rename_internals: resolve_wildcards "
6221 smb_fname_src->base_name,
6222 smb_fname_dst->base_name));
6223 status = NT_STATUS_NO_MEMORY;
6226 TALLOC_FREE(smb_fname_dst->base_name);
6227 smb_fname_dst->base_name = fname_dst_mod;
6230 ZERO_STRUCT(smb_fname_src->st);
6231 if (posix_pathnames) {
6232 SMB_VFS_LSTAT(conn, smb_fname_src);
6234 SMB_VFS_STAT(conn, smb_fname_src);
6237 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6238 create_options |= FILE_DIRECTORY_FILE;
6241 status = SMB_VFS_CREATE_FILE(
6244 0, /* root_dir_fid */
6245 smb_fname_src, /* fname */
6246 access_mask, /* access_mask */
6247 (FILE_SHARE_READ | /* share_access */
6249 FILE_OPEN, /* create_disposition*/
6250 create_options, /* create_options */
6251 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6252 0, /* oplock_request */
6253 0, /* allocation_size */
6259 if (!NT_STATUS_IS_OK(status)) {
6260 DEBUG(3, ("Could not open rename source %s: %s\n",
6261 smb_fname_str_dbg(smb_fname_src),
6262 nt_errstr(status)));
6266 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6267 attrs, replace_if_exists);
6269 close_file(req, fsp, NORMAL_CLOSE);
6271 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6272 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6273 smb_fname_str_dbg(smb_fname_dst)));
6279 * Wildcards - process each file that matches.
6281 if (strequal(fname_src_mask, "????????.???")) {
6282 TALLOC_FREE(fname_src_mask);
6283 fname_src_mask = talloc_strdup(ctx, "*");
6284 if (!fname_src_mask) {
6285 status = NT_STATUS_NO_MEMORY;
6290 status = check_name(conn, fname_src_dir);
6291 if (!NT_STATUS_IS_OK(status)) {
6295 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6297 if (dir_hnd == NULL) {
6298 status = map_nt_error_from_unix(errno);
6302 status = NT_STATUS_NO_SUCH_FILE;
6304 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6305 * - gentest fix. JRA
6308 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st))) {
6309 files_struct *fsp = NULL;
6310 char *destname = NULL;
6311 bool sysdir_entry = False;
6313 /* Quick check for "." and ".." */
6314 if (ISDOT(dname) || ISDOTDOT(dname)) {
6316 sysdir_entry = True;
6322 if (!is_visible_file(conn, fname_src_dir, dname,
6323 &smb_fname_src->st, false)) {
6327 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6332 status = NT_STATUS_OBJECT_NAME_INVALID;
6336 TALLOC_FREE(smb_fname_src->base_name);
6337 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6341 if (!smb_fname_src->base_name) {
6342 status = NT_STATUS_NO_MEMORY;
6346 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6347 smb_fname_dst->base_name,
6349 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6350 smb_fname_src->base_name, destname));
6354 status = NT_STATUS_NO_MEMORY;
6358 TALLOC_FREE(smb_fname_dst->base_name);
6359 smb_fname_dst->base_name = destname;
6361 ZERO_STRUCT(smb_fname_src->st);
6362 if (posix_pathnames) {
6363 SMB_VFS_LSTAT(conn, smb_fname_src);
6365 SMB_VFS_STAT(conn, smb_fname_src);
6370 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6371 create_options |= FILE_DIRECTORY_FILE;
6374 status = SMB_VFS_CREATE_FILE(
6377 0, /* root_dir_fid */
6378 smb_fname_src, /* fname */
6379 access_mask, /* access_mask */
6380 (FILE_SHARE_READ | /* share_access */
6382 FILE_OPEN, /* create_disposition*/
6383 create_options, /* create_options */
6384 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6385 0, /* oplock_request */
6386 0, /* allocation_size */
6392 if (!NT_STATUS_IS_OK(status)) {
6393 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6394 "returned %s rename %s -> %s\n",
6396 smb_fname_str_dbg(smb_fname_src),
6397 smb_fname_str_dbg(smb_fname_dst)));
6401 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6403 if (!smb_fname_dst->original_lcomp) {
6404 status = NT_STATUS_NO_MEMORY;
6408 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6409 attrs, replace_if_exists);
6411 close_file(req, fsp, NORMAL_CLOSE);
6413 if (!NT_STATUS_IS_OK(status)) {
6414 DEBUG(3, ("rename_internals_fsp returned %s for "
6415 "rename %s -> %s\n", nt_errstr(status),
6416 smb_fname_str_dbg(smb_fname_src),
6417 smb_fname_str_dbg(smb_fname_dst)));
6423 DEBUG(3,("rename_internals: doing rename on %s -> "
6424 "%s\n", smb_fname_str_dbg(smb_fname_src),
6425 smb_fname_str_dbg(smb_fname_src)));
6428 TALLOC_FREE(dir_hnd);
6430 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6431 status = map_nt_error_from_unix(errno);
6435 TALLOC_FREE(fname_src_dir);
6436 TALLOC_FREE(fname_src_mask);
6440 /****************************************************************************
6442 ****************************************************************************/
6444 void reply_mv(struct smb_request *req)
6446 connection_struct *conn = req->conn;
6448 char *newname = NULL;
6452 bool src_has_wcard = False;
6453 bool dest_has_wcard = False;
6454 TALLOC_CTX *ctx = talloc_tos();
6455 struct smb_filename *smb_fname_src = NULL;
6456 struct smb_filename *smb_fname_dst = NULL;
6458 START_PROFILE(SMBmv);
6461 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6465 attrs = SVAL(req->vwv+0, 0);
6467 p = (const char *)req->buf + 1;
6468 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6469 &status, &src_has_wcard);
6470 if (!NT_STATUS_IS_OK(status)) {
6471 reply_nterror(req, status);
6475 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6476 &status, &dest_has_wcard);
6477 if (!NT_STATUS_IS_OK(status)) {
6478 reply_nterror(req, status);
6482 status = filename_convert(ctx,
6484 req->flags2 & FLAGS2_DFS_PATHNAMES,
6486 UCF_COND_ALLOW_WCARD_LCOMP,
6490 if (!NT_STATUS_IS_OK(status)) {
6491 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6492 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6493 ERRSRV, ERRbadpath);
6496 reply_nterror(req, status);
6500 status = filename_convert(ctx,
6502 req->flags2 & FLAGS2_DFS_PATHNAMES,
6504 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6508 if (!NT_STATUS_IS_OK(status)) {
6509 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6510 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6511 ERRSRV, ERRbadpath);
6514 reply_nterror(req, status);
6518 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6519 smb_fname_str_dbg(smb_fname_dst)));
6521 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6522 attrs, False, src_has_wcard, dest_has_wcard,
6524 if (!NT_STATUS_IS_OK(status)) {
6525 if (open_was_deferred(req->mid)) {
6526 /* We have re-scheduled this call. */
6529 reply_nterror(req, status);
6533 reply_outbuf(req, 0, 0);
6535 TALLOC_FREE(smb_fname_src);
6536 TALLOC_FREE(smb_fname_dst);
6541 /*******************************************************************
6542 Copy a file as part of a reply_copy.
6543 ******************************************************************/
6546 * TODO: check error codes on all callers
6549 NTSTATUS copy_file(TALLOC_CTX *ctx,
6550 connection_struct *conn,
6551 struct smb_filename *smb_fname_src,
6552 struct smb_filename *smb_fname_dst,
6555 bool target_is_directory)
6557 struct smb_filename *smb_fname_dst_tmp = NULL;
6559 files_struct *fsp1,*fsp2;
6561 uint32 new_create_disposition;
6565 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6566 if (!NT_STATUS_IS_OK(status)) {
6571 * If the target is a directory, extract the last component from the
6572 * src filename and append it to the dst filename
6574 if (target_is_directory) {
6577 /* dest/target can't be a stream if it's a directory. */
6578 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6580 p = strrchr_m(smb_fname_src->base_name,'/');
6584 p = smb_fname_src->base_name;
6586 smb_fname_dst_tmp->base_name =
6587 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6589 if (!smb_fname_dst_tmp->base_name) {
6590 status = NT_STATUS_NO_MEMORY;
6595 status = vfs_file_exist(conn, smb_fname_src);
6596 if (!NT_STATUS_IS_OK(status)) {
6600 if (!target_is_directory && count) {
6601 new_create_disposition = FILE_OPEN;
6603 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6605 &new_create_disposition,
6607 status = NT_STATUS_INVALID_PARAMETER;
6612 /* Open the src file for reading. */
6613 status = SMB_VFS_CREATE_FILE(
6616 0, /* root_dir_fid */
6617 smb_fname_src, /* fname */
6618 FILE_GENERIC_READ, /* access_mask */
6619 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6620 FILE_OPEN, /* create_disposition*/
6621 0, /* create_options */
6622 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6623 INTERNAL_OPEN_ONLY, /* oplock_request */
6624 0, /* allocation_size */
6630 if (!NT_STATUS_IS_OK(status)) {
6634 dosattrs = dos_mode(conn, smb_fname_src);
6636 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6637 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6640 /* Open the dst file for writing. */
6641 status = SMB_VFS_CREATE_FILE(
6644 0, /* root_dir_fid */
6645 smb_fname_dst, /* fname */
6646 FILE_GENERIC_WRITE, /* access_mask */
6647 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6648 new_create_disposition, /* create_disposition*/
6649 0, /* create_options */
6650 dosattrs, /* file_attributes */
6651 INTERNAL_OPEN_ONLY, /* oplock_request */
6652 0, /* allocation_size */
6658 if (!NT_STATUS_IS_OK(status)) {
6659 close_file(NULL, fsp1, ERROR_CLOSE);
6663 if ((ofun&3) == 1) {
6664 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6665 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6667 * Stop the copy from occurring.
6670 smb_fname_src->st.st_ex_size = 0;
6674 /* Do the actual copy. */
6675 if (smb_fname_src->st.st_ex_size) {
6676 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6679 close_file(NULL, fsp1, NORMAL_CLOSE);
6681 /* Ensure the modtime is set correctly on the destination file. */
6682 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6685 * As we are opening fsp1 read-only we only expect
6686 * an error on close on fsp2 if we are out of space.
6687 * Thus we don't look at the error return from the
6690 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6692 if (!NT_STATUS_IS_OK(status)) {
6696 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6697 status = NT_STATUS_DISK_FULL;
6701 status = NT_STATUS_OK;
6704 TALLOC_FREE(smb_fname_dst_tmp);
6708 /****************************************************************************
6709 Reply to a file copy.
6710 ****************************************************************************/
6712 void reply_copy(struct smb_request *req)
6714 connection_struct *conn = req->conn;
6715 struct smb_filename *smb_fname_src = NULL;
6716 struct smb_filename *smb_fname_dst = NULL;
6717 char *fname_src = NULL;
6718 char *fname_dst = NULL;
6719 char *fname_src_mask = NULL;
6720 char *fname_src_dir = NULL;
6723 int error = ERRnoaccess;
6727 bool target_is_directory=False;
6728 bool source_has_wild = False;
6729 bool dest_has_wild = False;
6731 TALLOC_CTX *ctx = talloc_tos();
6733 START_PROFILE(SMBcopy);
6736 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6740 tid2 = SVAL(req->vwv+0, 0);
6741 ofun = SVAL(req->vwv+1, 0);
6742 flags = SVAL(req->vwv+2, 0);
6744 p = (const char *)req->buf;
6745 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6746 &status, &source_has_wild);
6747 if (!NT_STATUS_IS_OK(status)) {
6748 reply_nterror(req, status);
6751 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6752 &status, &dest_has_wild);
6753 if (!NT_STATUS_IS_OK(status)) {
6754 reply_nterror(req, status);
6758 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6760 if (tid2 != conn->cnum) {
6761 /* can't currently handle inter share copies XXXX */
6762 DEBUG(3,("Rejecting inter-share copy\n"));
6763 reply_doserror(req, ERRSRV, ERRinvdevice);
6767 status = filename_convert(ctx, conn,
6768 req->flags2 & FLAGS2_DFS_PATHNAMES,
6770 UCF_COND_ALLOW_WCARD_LCOMP,
6773 if (!NT_STATUS_IS_OK(status)) {
6774 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6775 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6776 ERRSRV, ERRbadpath);
6779 reply_nterror(req, status);
6783 status = filename_convert(ctx, conn,
6784 req->flags2 & FLAGS2_DFS_PATHNAMES,
6786 UCF_COND_ALLOW_WCARD_LCOMP,
6789 if (!NT_STATUS_IS_OK(status)) {
6790 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6791 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6792 ERRSRV, ERRbadpath);
6795 reply_nterror(req, status);
6799 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6801 if ((flags&1) && target_is_directory) {
6802 reply_doserror(req, ERRDOS, ERRbadfile);
6806 if ((flags&2) && !target_is_directory) {
6807 reply_doserror(req, ERRDOS, ERRbadpath);
6811 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6812 /* wants a tree copy! XXXX */
6813 DEBUG(3,("Rejecting tree copy\n"));
6814 reply_doserror(req, ERRSRV, ERRerror);
6818 /* Split up the directory from the filename/mask. */
6819 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6820 &fname_src_dir, &fname_src_mask);
6821 if (!NT_STATUS_IS_OK(status)) {
6822 reply_nterror(req, NT_STATUS_NO_MEMORY);
6827 * We should only check the mangled cache
6828 * here if unix_convert failed. This means
6829 * that the path in 'mask' doesn't exist
6830 * on the file system and so we need to look
6831 * for a possible mangle. This patch from
6832 * Tine Smukavec <valentin.smukavec@hermes.si>.
6834 if (!VALID_STAT(smb_fname_src->st) &&
6835 mangle_is_mangled(fname_src_mask, conn->params)) {
6836 char *new_mask = NULL;
6837 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6838 &new_mask, conn->params);
6840 /* Use demangled name if one was successfully found. */
6842 TALLOC_FREE(fname_src_mask);
6843 fname_src_mask = new_mask;
6847 if (!source_has_wild) {
6850 * Only one file needs to be copied. Append the mask back onto
6853 TALLOC_FREE(smb_fname_src->base_name);
6854 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6858 if (!smb_fname_src->base_name) {
6859 reply_nterror(req, NT_STATUS_NO_MEMORY);
6863 if (dest_has_wild) {
6864 char *fname_dst_mod = NULL;
6865 if (!resolve_wildcards(smb_fname_dst,
6866 smb_fname_src->base_name,
6867 smb_fname_dst->base_name,
6869 reply_nterror(req, NT_STATUS_NO_MEMORY);
6872 TALLOC_FREE(smb_fname_dst->base_name);
6873 smb_fname_dst->base_name = fname_dst_mod;
6876 status = check_name(conn, smb_fname_src->base_name);
6877 if (!NT_STATUS_IS_OK(status)) {
6878 reply_nterror(req, status);
6882 status = check_name(conn, smb_fname_dst->base_name);
6883 if (!NT_STATUS_IS_OK(status)) {
6884 reply_nterror(req, status);
6888 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6889 ofun, count, target_is_directory);
6891 if(!NT_STATUS_IS_OK(status)) {
6892 reply_nterror(req, status);
6898 struct smb_Dir *dir_hnd = NULL;
6899 const char *dname = NULL;
6903 * There is a wildcard that requires us to actually read the
6904 * src dir and copy each file matching the mask to the dst.
6905 * Right now streams won't be copied, but this could
6906 * presumably be added with a nested loop for reach dir entry.
6908 SMB_ASSERT(!smb_fname_src->stream_name);
6909 SMB_ASSERT(!smb_fname_dst->stream_name);
6911 smb_fname_src->stream_name = NULL;
6912 smb_fname_dst->stream_name = NULL;
6914 if (strequal(fname_src_mask,"????????.???")) {
6915 TALLOC_FREE(fname_src_mask);
6916 fname_src_mask = talloc_strdup(ctx, "*");
6917 if (!fname_src_mask) {
6918 reply_nterror(req, NT_STATUS_NO_MEMORY);
6923 status = check_name(conn, fname_src_dir);
6924 if (!NT_STATUS_IS_OK(status)) {
6925 reply_nterror(req, status);
6929 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6930 if (dir_hnd == NULL) {
6931 status = map_nt_error_from_unix(errno);
6932 reply_nterror(req, status);
6938 /* Iterate over the src dir copying each entry to the dst. */
6939 while ((dname = ReadDirName(dir_hnd, &offset,
6940 &smb_fname_src->st))) {
6941 char *destname = NULL;
6943 if (ISDOT(dname) || ISDOTDOT(dname)) {
6947 if (!is_visible_file(conn, fname_src_dir, dname,
6948 &smb_fname_src->st, false)) {
6952 if(!mask_match(dname, fname_src_mask,
6953 conn->case_sensitive)) {
6957 error = ERRnoaccess;
6959 /* Get the src smb_fname struct setup. */
6960 TALLOC_FREE(smb_fname_src->base_name);
6961 smb_fname_src->base_name =
6962 talloc_asprintf(smb_fname_src, "%s/%s",
6963 fname_src_dir, dname);
6965 if (!smb_fname_src->base_name) {
6966 TALLOC_FREE(dir_hnd);
6967 reply_nterror(req, NT_STATUS_NO_MEMORY);
6971 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6972 smb_fname_dst->base_name,
6977 TALLOC_FREE(dir_hnd);
6978 reply_nterror(req, NT_STATUS_NO_MEMORY);
6982 TALLOC_FREE(smb_fname_dst->base_name);
6983 smb_fname_dst->base_name = destname;
6985 status = check_name(conn, smb_fname_src->base_name);
6986 if (!NT_STATUS_IS_OK(status)) {
6987 TALLOC_FREE(dir_hnd);
6988 reply_nterror(req, status);
6992 status = check_name(conn, smb_fname_dst->base_name);
6993 if (!NT_STATUS_IS_OK(status)) {
6994 TALLOC_FREE(dir_hnd);
6995 reply_nterror(req, status);
6999 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7000 smb_fname_src->base_name,
7001 smb_fname_dst->base_name));
7003 status = copy_file(ctx, conn, smb_fname_src,
7004 smb_fname_dst, ofun, count,
7005 target_is_directory);
7006 if (NT_STATUS_IS_OK(status)) {
7010 TALLOC_FREE(dir_hnd);
7014 reply_doserror(req, ERRDOS, error);
7018 reply_outbuf(req, 1, 0);
7019 SSVAL(req->outbuf,smb_vwv0,count);
7021 TALLOC_FREE(smb_fname_src);
7022 TALLOC_FREE(smb_fname_dst);
7023 TALLOC_FREE(fname_src);
7024 TALLOC_FREE(fname_dst);
7025 TALLOC_FREE(fname_src_mask);
7026 TALLOC_FREE(fname_src_dir);
7028 END_PROFILE(SMBcopy);
7033 #define DBGC_CLASS DBGC_LOCKING
7035 /****************************************************************************
7036 Get a lock pid, dealing with large count requests.
7037 ****************************************************************************/
7039 uint32 get_lock_pid(const uint8_t *data, int data_offset,
7040 bool large_file_format)
7042 if(!large_file_format)
7043 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
7045 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7048 /****************************************************************************
7049 Get a lock count, dealing with large count requests.
7050 ****************************************************************************/
7052 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7053 bool large_file_format)
7057 if(!large_file_format) {
7058 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7061 #if defined(HAVE_LONGLONG)
7062 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7063 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7064 #else /* HAVE_LONGLONG */
7067 * NT4.x seems to be broken in that it sends large file (64 bit)
7068 * lockingX calls even if the CAP_LARGE_FILES was *not*
7069 * negotiated. For boxes without large unsigned ints truncate the
7070 * lock count by dropping the top 32 bits.
7073 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7074 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7075 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7076 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7077 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7080 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7081 #endif /* HAVE_LONGLONG */
7087 #if !defined(HAVE_LONGLONG)
7088 /****************************************************************************
7089 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7090 ****************************************************************************/
7092 static uint32 map_lock_offset(uint32 high, uint32 low)
7096 uint32 highcopy = high;
7099 * Try and find out how many significant bits there are in high.
7102 for(i = 0; highcopy; i++)
7106 * We use 31 bits not 32 here as POSIX
7107 * lock offsets may not be negative.
7110 mask = (~0) << (31 - i);
7113 return 0; /* Fail. */
7119 #endif /* !defined(HAVE_LONGLONG) */
7121 /****************************************************************************
7122 Get a lock offset, dealing with large offset requests.
7123 ****************************************************************************/
7125 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7126 bool large_file_format, bool *err)
7128 uint64_t offset = 0;
7132 if(!large_file_format) {
7133 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7136 #if defined(HAVE_LONGLONG)
7137 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7138 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7139 #else /* HAVE_LONGLONG */
7142 * NT4.x seems to be broken in that it sends large file (64 bit)
7143 * lockingX calls even if the CAP_LARGE_FILES was *not*
7144 * negotiated. For boxes without large unsigned ints mangle the
7145 * lock offset by mapping the top 32 bits onto the lower 32.
7148 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7149 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7150 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7153 if((new_low = map_lock_offset(high, low)) == 0) {
7155 return (uint64_t)-1;
7158 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7159 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7160 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7161 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7164 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7165 #endif /* HAVE_LONGLONG */
7171 NTSTATUS smbd_do_locking(struct smb_request *req,
7175 uint16_t num_ulocks,
7176 struct smbd_lock_element *ulocks,
7178 struct smbd_lock_element *locks,
7181 connection_struct *conn = req->conn;
7183 NTSTATUS status = NT_STATUS_OK;
7187 /* Data now points at the beginning of the list
7188 of smb_unlkrng structs */
7189 for(i = 0; i < (int)num_ulocks; i++) {
7190 struct smbd_lock_element *e = &ulocks[i];
7192 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7193 "pid %u, file %s\n",
7196 (unsigned int)e->smbpid,
7199 if (e->brltype != UNLOCK_LOCK) {
7200 /* this can only happen with SMB2 */
7201 return NT_STATUS_INVALID_PARAMETER;
7204 status = do_unlock(smbd_messaging_context(),
7211 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7212 nt_errstr(status)));
7214 if (!NT_STATUS_IS_OK(status)) {
7219 /* Setup the timeout in seconds. */
7221 if (!lp_blocking_locks(SNUM(conn))) {
7225 /* Data now points at the beginning of the list
7226 of smb_lkrng structs */
7228 for(i = 0; i < (int)num_locks; i++) {
7229 struct smbd_lock_element *e = &locks[i];
7231 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for pid "
7232 "%u, file %s timeout = %d\n",
7235 (unsigned int)e->smbpid,
7239 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7240 struct blocking_lock_record *blr = NULL;
7242 if (lp_blocking_locks(SNUM(conn))) {
7244 /* Schedule a message to ourselves to
7245 remove the blocking lock record and
7246 return the right error. */
7248 blr = blocking_lock_cancel(fsp,
7254 NT_STATUS_FILE_LOCK_CONFLICT);
7256 return NT_STATUS_DOS(
7258 ERRcancelviolation);
7261 /* Remove a matching pending lock. */
7262 status = do_lock_cancel(fsp,
7269 bool blocking_lock = timeout ? true : false;
7270 bool defer_lock = false;
7271 struct byte_range_lock *br_lck;
7272 uint32_t block_smbpid;
7274 br_lck = do_lock(smbd_messaging_context(),
7286 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7287 /* Windows internal resolution for blocking locks seems
7288 to be about 200ms... Don't wait for less than that. JRA. */
7289 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7290 timeout = lp_lock_spin_time();
7295 /* This heuristic seems to match W2K3 very well. If a
7296 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7297 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7298 far as I can tell. Replacement for do_lock_spin(). JRA. */
7300 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7301 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7303 timeout = lp_lock_spin_time();
7306 if (br_lck && defer_lock) {
7308 * A blocking lock was requested. Package up
7309 * this smb into a queued request and push it
7310 * onto the blocking lock queue.
7312 if(push_blocking_lock_request(br_lck,
7323 TALLOC_FREE(br_lck);
7325 return NT_STATUS_OK;
7329 TALLOC_FREE(br_lck);
7332 if (!NT_STATUS_IS_OK(status)) {
7337 /* If any of the above locks failed, then we must unlock
7338 all of the previous locks (X/Open spec). */
7340 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7342 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7343 i = -1; /* we want to skip the for loop */
7347 * Ensure we don't do a remove on the lock that just failed,
7348 * as under POSIX rules, if we have a lock already there, we
7349 * will delete it (and we shouldn't) .....
7351 for(i--; i >= 0; i--) {
7352 struct smbd_lock_element *e = &locks[i];
7354 do_unlock(smbd_messaging_context(),
7364 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7365 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7367 return NT_STATUS_OK;
7370 /****************************************************************************
7371 Reply to a lockingX request.
7372 ****************************************************************************/
7374 void reply_lockingX(struct smb_request *req)
7376 connection_struct *conn = req->conn;
7378 unsigned char locktype;
7379 unsigned char oplocklevel;
7384 const uint8_t *data;
7385 bool large_file_format;
7387 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7388 struct smbd_lock_element *ulocks;
7389 struct smbd_lock_element *locks;
7392 START_PROFILE(SMBlockingX);
7395 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7396 END_PROFILE(SMBlockingX);
7400 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7401 locktype = CVAL(req->vwv+3, 0);
7402 oplocklevel = CVAL(req->vwv+3, 1);
7403 num_ulocks = SVAL(req->vwv+6, 0);
7404 num_locks = SVAL(req->vwv+7, 0);
7405 lock_timeout = IVAL(req->vwv+4, 0);
7406 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7408 if (!check_fsp(conn, req, fsp)) {
7409 END_PROFILE(SMBlockingX);
7415 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7416 /* we don't support these - and CANCEL_LOCK makes w2k
7417 and XP reboot so I don't really want to be
7418 compatible! (tridge) */
7419 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
7420 END_PROFILE(SMBlockingX);
7424 /* Check if this is an oplock break on a file
7425 we have granted an oplock on.
7427 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7428 /* Client can insist on breaking to none. */
7429 bool break_to_none = (oplocklevel == 0);
7432 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7433 "for fnum = %d\n", (unsigned int)oplocklevel,
7437 * Make sure we have granted an exclusive or batch oplock on
7441 if (fsp->oplock_type == 0) {
7443 /* The Samba4 nbench simulator doesn't understand
7444 the difference between break to level2 and break
7445 to none from level2 - it sends oplock break
7446 replies in both cases. Don't keep logging an error
7447 message here - just ignore it. JRA. */
7449 DEBUG(5,("reply_lockingX: Error : oplock break from "
7450 "client for fnum = %d (oplock=%d) and no "
7451 "oplock granted on this file (%s).\n",
7452 fsp->fnum, fsp->oplock_type,
7455 /* if this is a pure oplock break request then don't
7457 if (num_locks == 0 && num_ulocks == 0) {
7458 END_PROFILE(SMBlockingX);
7461 END_PROFILE(SMBlockingX);
7462 reply_doserror(req, ERRDOS, ERRlock);
7467 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7469 result = remove_oplock(fsp);
7471 result = downgrade_oplock(fsp);
7475 DEBUG(0, ("reply_lockingX: error in removing "
7476 "oplock on file %s\n", fsp_str_dbg(fsp)));
7477 /* Hmmm. Is this panic justified? */
7478 smb_panic("internal tdb error");
7481 reply_to_oplock_break_requests(fsp);
7483 /* if this is a pure oplock break request then don't send a
7485 if (num_locks == 0 && num_ulocks == 0) {
7486 /* Sanity check - ensure a pure oplock break is not a
7488 if(CVAL(req->vwv+0, 0) != 0xff)
7489 DEBUG(0,("reply_lockingX: Error : pure oplock "
7490 "break is a chained %d request !\n",
7491 (unsigned int)CVAL(req->vwv+0, 0)));
7492 END_PROFILE(SMBlockingX);
7498 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7499 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7500 END_PROFILE(SMBlockingX);
7504 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7505 if (ulocks == NULL) {
7506 reply_nterror(req, NT_STATUS_NO_MEMORY);
7507 END_PROFILE(SMBlockingX);
7511 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7512 if (locks == NULL) {
7513 reply_nterror(req, NT_STATUS_NO_MEMORY);
7514 END_PROFILE(SMBlockingX);
7518 /* Data now points at the beginning of the list
7519 of smb_unlkrng structs */
7520 for(i = 0; i < (int)num_ulocks; i++) {
7521 ulocks[i].smbpid = get_lock_pid(data, i, large_file_format);
7522 ulocks[i].count = get_lock_count(data, i, large_file_format);
7523 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7524 ulocks[i].brltype = UNLOCK_LOCK;
7527 * There is no error code marked "stupid client bug".... :-).
7530 END_PROFILE(SMBlockingX);
7531 reply_doserror(req, ERRDOS, ERRnoaccess);
7536 /* Now do any requested locks */
7537 data += ((large_file_format ? 20 : 10)*num_ulocks);
7539 /* Data now points at the beginning of the list
7540 of smb_lkrng structs */
7542 for(i = 0; i < (int)num_locks; i++) {
7543 locks[i].smbpid = get_lock_pid(data, i, large_file_format);
7544 locks[i].count = get_lock_count(data, i, large_file_format);
7545 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7547 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7548 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7549 locks[i].brltype = PENDING_READ_LOCK;
7551 locks[i].brltype = READ_LOCK;
7554 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7555 locks[i].brltype = PENDING_WRITE_LOCK;
7557 locks[i].brltype = WRITE_LOCK;
7562 * There is no error code marked "stupid client bug".... :-).
7565 END_PROFILE(SMBlockingX);
7566 reply_doserror(req, ERRDOS, ERRnoaccess);
7571 status = smbd_do_locking(req, fsp,
7572 locktype, lock_timeout,
7576 if (!NT_STATUS_IS_OK(status)) {
7577 END_PROFILE(SMBlockingX);
7578 reply_nterror(req, status);
7582 END_PROFILE(SMBlockingX);
7586 reply_outbuf(req, 2, 0);
7588 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7589 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7591 END_PROFILE(SMBlockingX);
7596 #define DBGC_CLASS DBGC_ALL
7598 /****************************************************************************
7599 Reply to a SMBreadbmpx (read block multiplex) request.
7600 Always reply with an error, if someone has a platform really needs this,
7601 please contact vl@samba.org
7602 ****************************************************************************/
7604 void reply_readbmpx(struct smb_request *req)
7606 START_PROFILE(SMBreadBmpx);
7607 reply_doserror(req, ERRSRV, ERRuseSTD);
7608 END_PROFILE(SMBreadBmpx);
7612 /****************************************************************************
7613 Reply to a SMBreadbs (read block multiplex secondary) request.
7614 Always reply with an error, if someone has a platform really needs this,
7615 please contact vl@samba.org
7616 ****************************************************************************/
7618 void reply_readbs(struct smb_request *req)
7620 START_PROFILE(SMBreadBs);
7621 reply_doserror(req, ERRSRV, ERRuseSTD);
7622 END_PROFILE(SMBreadBs);
7626 /****************************************************************************
7627 Reply to a SMBsetattrE.
7628 ****************************************************************************/
7630 void reply_setattrE(struct smb_request *req)
7632 connection_struct *conn = req->conn;
7633 struct smb_file_time ft;
7637 START_PROFILE(SMBsetattrE);
7641 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7645 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7647 if(!fsp || (fsp->conn != conn)) {
7648 reply_doserror(req, ERRDOS, ERRbadfid);
7653 * Convert the DOS times into unix times.
7656 ft.atime = convert_time_t_to_timespec(
7657 srv_make_unix_date2(req->vwv+3));
7658 ft.mtime = convert_time_t_to_timespec(
7659 srv_make_unix_date2(req->vwv+5));
7660 ft.create_time = convert_time_t_to_timespec(
7661 srv_make_unix_date2(req->vwv+1));
7663 reply_outbuf(req, 0, 0);
7666 * Patch from Ray Frush <frush@engr.colostate.edu>
7667 * Sometimes times are sent as zero - ignore them.
7670 /* Ensure we have a valid stat struct for the source. */
7671 if (fsp->fh->fd != -1) {
7672 if (SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) == -1) {
7673 status = map_nt_error_from_unix(errno);
7674 reply_nterror(req, status);
7680 if (fsp->posix_open) {
7681 ret = SMB_VFS_LSTAT(conn, fsp->fsp_name);
7683 ret = SMB_VFS_STAT(conn, fsp->fsp_name);
7686 status = map_nt_error_from_unix(errno);
7687 reply_nterror(req, status);
7692 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7693 if (!NT_STATUS_IS_OK(status)) {
7694 reply_doserror(req, ERRDOS, ERRnoaccess);
7698 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7701 (unsigned int)ft.atime.tv_sec,
7702 (unsigned int)ft.mtime.tv_sec,
7703 (unsigned int)ft.create_time.tv_sec
7706 END_PROFILE(SMBsetattrE);
7711 /* Back from the dead for OS/2..... JRA. */
7713 /****************************************************************************
7714 Reply to a SMBwritebmpx (write block multiplex primary) request.
7715 Always reply with an error, if someone has a platform really needs this,
7716 please contact vl@samba.org
7717 ****************************************************************************/
7719 void reply_writebmpx(struct smb_request *req)
7721 START_PROFILE(SMBwriteBmpx);
7722 reply_doserror(req, ERRSRV, ERRuseSTD);
7723 END_PROFILE(SMBwriteBmpx);
7727 /****************************************************************************
7728 Reply to a SMBwritebs (write block multiplex secondary) request.
7729 Always reply with an error, if someone has a platform really needs this,
7730 please contact vl@samba.org
7731 ****************************************************************************/
7733 void reply_writebs(struct smb_request *req)
7735 START_PROFILE(SMBwriteBs);
7736 reply_doserror(req, ERRSRV, ERRuseSTD);
7737 END_PROFILE(SMBwriteBs);
7741 /****************************************************************************
7742 Reply to a SMBgetattrE.
7743 ****************************************************************************/
7745 void reply_getattrE(struct smb_request *req)
7747 connection_struct *conn = req->conn;
7748 SMB_STRUCT_STAT sbuf;
7751 struct timespec create_ts;
7753 START_PROFILE(SMBgetattrE);
7756 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7757 END_PROFILE(SMBgetattrE);
7761 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7763 if(!fsp || (fsp->conn != conn)) {
7764 reply_doserror(req, ERRDOS, ERRbadfid);
7765 END_PROFILE(SMBgetattrE);
7769 /* Do an fstat on this file */
7770 if(fsp_stat(fsp, &sbuf)) {
7771 reply_nterror(req, map_nt_error_from_unix(errno));
7772 END_PROFILE(SMBgetattrE);
7776 fsp->fsp_name->st = sbuf;
7778 mode = dos_mode(conn, fsp->fsp_name);
7781 * Convert the times into dos times. Set create
7782 * date to be last modify date as UNIX doesn't save
7786 reply_outbuf(req, 11, 0);
7788 create_ts = sbuf.st_ex_btime;
7789 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7790 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7791 convert_timespec_to_time_t(sbuf.st_ex_atime));
7792 /* Should we check pending modtime here ? JRA */
7793 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7794 convert_timespec_to_time_t(sbuf.st_ex_mtime));
7797 SIVAL(req->outbuf, smb_vwv6, 0);
7798 SIVAL(req->outbuf, smb_vwv8, 0);
7800 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf);
7801 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_ex_size);
7802 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7804 SSVAL(req->outbuf,smb_vwv10, mode);
7806 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7808 END_PROFILE(SMBgetattrE);