search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
VERSION: Bump version up to 3.6.20.
[Samba.git] / source3 / smbd / nttrans.c
blob4c145e01dcc806a6ccd3204667168be73254abf9
1 /*
2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-2007
5 Copyright (C) Stefan (metze) Metzmacher 2003
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "system/filesys.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "fake_file.h"
26 #include "../libcli/security/security.h"
27 #include "../librpc/gen_ndr/ndr_security.h"
28 #include "passdb/lookup_sid.h"
29 #include "auth.h"
30 #include "ntioctl.h"
31 #include "smbprofile.h"
32 #include "libsmb/libsmb.h"
33
34 extern const struct generic_mapping file_generic_mapping;
35
36 static char *nttrans_realloc(char **ptr, size_t size)
37 {
38 if (ptr==NULL) {
39 smb_panic("nttrans_realloc() called with NULL ptr");
40 }
41
42 *ptr = (char *)SMB_REALLOC(*ptr, size);
43 if(*ptr == NULL) {
44 return NULL;
45 }
46 memset(*ptr,'\0',size);
47 return *ptr;
48 }
49
50 /****************************************************************************
51 Send the required number of replies back.
52 We assume all fields other than the data fields are
53 set correctly for the type of call.
54 HACK ! Always assumes smb_setup field is zero.
55 ****************************************************************************/
56
57 void send_nt_replies(connection_struct *conn,
58 struct smb_request *req, NTSTATUS nt_error,
59 char *params, int paramsize,
60 char *pdata, int datasize)
61 {
62 int data_to_send = datasize;
63 int params_to_send = paramsize;
64 int useable_space;
65 char *pp = params;
66 char *pd = pdata;
67 int params_sent_thistime, data_sent_thistime, total_sent_thistime;
68 int alignment_offset = 1;
69 int data_alignment_offset = 0;
70 struct smbd_server_connection *sconn = req->sconn;
71 int max_send = sconn->smb1.sessions.max_send;
72
73 /*
74 * If there genuinely are no parameters or data to send just send
75 * the empty packet.
76 */
77
78 if(params_to_send == 0 && data_to_send == 0) {
79 reply_outbuf(req, 18, 0);
80 if (NT_STATUS_V(nt_error)) {
81 error_packet_set((char *)req->outbuf,
82 0, 0, nt_error,
83 __LINE__,__FILE__);
84 }
85 show_msg((char *)req->outbuf);
86 if (!srv_send_smb(sconn,
87 (char *)req->outbuf,
88 true, req->seqnum+1,
89 IS_CONN_ENCRYPTED(conn),
90 &req->pcd)) {
91 exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
92 }
93 TALLOC_FREE(req->outbuf);
94 return;
95 }
96
97 /*
98 * When sending params and data ensure that both are nicely aligned.
99 * Only do this alignment when there is also data to send - else
100 * can cause NT redirector problems.
101 */
102
103 if (((params_to_send % 4) != 0) && (data_to_send != 0)) {
104 data_alignment_offset = 4 - (params_to_send % 4);
105 }
106
107 /*
108 * Space is bufsize minus Netbios over TCP header minus SMB header.
109 * The alignment_offset is to align the param bytes on a four byte
110 * boundary (2 bytes for data len, one byte pad).
111 * NT needs this to work correctly.
112 */
113
114 useable_space = max_send - (smb_size
115 + 2 * 18 /* wct */
116 + alignment_offset
117 + data_alignment_offset);
118
119 if (useable_space < 0) {
120 char *msg = talloc_asprintf(
121 talloc_tos(),
122 "send_nt_replies failed sanity useable_space = %d!!!",
123 useable_space);
124 DEBUG(0, ("%s\n", msg));
125 exit_server_cleanly(msg);
126 }
127
128 while (params_to_send || data_to_send) {
129
130 /*
131 * Calculate whether we will totally or partially fill this packet.
132 */
133
134 total_sent_thistime = params_to_send + data_to_send;
135
136 /*
137 * We can never send more than useable_space.
138 */
139
140 total_sent_thistime = MIN(total_sent_thistime, useable_space);
141
142 reply_outbuf(req, 18,
143 total_sent_thistime + alignment_offset
144 + data_alignment_offset);
145
146 /*
147 * Set total params and data to be sent.
148 */
149
150 SIVAL(req->outbuf,smb_ntr_TotalParameterCount,paramsize);
151 SIVAL(req->outbuf,smb_ntr_TotalDataCount,datasize);
152
153 /*
154 * Calculate how many parameters and data we can fit into
155 * this packet. Parameters get precedence.
156 */
157
158 params_sent_thistime = MIN(params_to_send,useable_space);
159 data_sent_thistime = useable_space - params_sent_thistime;
160 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
161
162 SIVAL(req->outbuf, smb_ntr_ParameterCount,
163 params_sent_thistime);
164
165 if(params_sent_thistime == 0) {
166 SIVAL(req->outbuf,smb_ntr_ParameterOffset,0);
167 SIVAL(req->outbuf,smb_ntr_ParameterDisplacement,0);
168 } else {
169 /*
170 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
171 * parameter bytes, however the first 4 bytes of outbuf are
172 * the Netbios over TCP header. Thus use smb_base() to subtract
173 * them from the calculation.
174 */
175
176 SIVAL(req->outbuf,smb_ntr_ParameterOffset,
177 ((smb_buf(req->outbuf)+alignment_offset)
178 - smb_base(req->outbuf)));
179 /*
180 * Absolute displacement of param bytes sent in this packet.
181 */
182
183 SIVAL(req->outbuf, smb_ntr_ParameterDisplacement,
184 pp - params);
185 }
186
187 /*
188 * Deal with the data portion.
189 */
190
191 SIVAL(req->outbuf, smb_ntr_DataCount, data_sent_thistime);
192
193 if(data_sent_thistime == 0) {
194 SIVAL(req->outbuf,smb_ntr_DataOffset,0);
195 SIVAL(req->outbuf,smb_ntr_DataDisplacement, 0);
196 } else {
197 /*
198 * The offset of the data bytes is the offset of the
199 * parameter bytes plus the number of parameters being sent this time.
200 */
201
202 SIVAL(req->outbuf, smb_ntr_DataOffset,
203 ((smb_buf(req->outbuf)+alignment_offset) -
204 smb_base(req->outbuf))
205 + params_sent_thistime + data_alignment_offset);
206 SIVAL(req->outbuf,smb_ntr_DataDisplacement, pd - pdata);
207 }
208
209 /*
210 * Copy the param bytes into the packet.
211 */
212
213 if(params_sent_thistime) {
214 if (alignment_offset != 0) {
215 memset(smb_buf(req->outbuf), 0,
216 alignment_offset);
217 }
218 memcpy((smb_buf(req->outbuf)+alignment_offset), pp,
219 params_sent_thistime);
220 }
221
222 /*
223 * Copy in the data bytes
224 */
225
226 if(data_sent_thistime) {
227 if (data_alignment_offset != 0) {
228 memset((smb_buf(req->outbuf)+alignment_offset+
229 params_sent_thistime), 0,
230 data_alignment_offset);
231 }
232 memcpy(smb_buf(req->outbuf)+alignment_offset
233 +params_sent_thistime+data_alignment_offset,
234 pd,data_sent_thistime);
235 }
236
237 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
238 params_sent_thistime, data_sent_thistime, useable_space));
239 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
240 params_to_send, data_to_send, paramsize, datasize));
241
242 if (NT_STATUS_V(nt_error)) {
243 error_packet_set((char *)req->outbuf,
244 0, 0, nt_error,
245 __LINE__,__FILE__);
246 }
247
248 /* Send the packet */
249 show_msg((char *)req->outbuf);
250 if (!srv_send_smb(sconn,
251 (char *)req->outbuf,
252 true, req->seqnum+1,
253 IS_CONN_ENCRYPTED(conn),
254 &req->pcd)) {
255 exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
256 }
257
258 TALLOC_FREE(req->outbuf);
259
260 pp += params_sent_thistime;
261 pd += data_sent_thistime;
262
263 params_to_send -= params_sent_thistime;
264 data_to_send -= data_sent_thistime;
265
266 /*
267 * Sanity check
268 */
269
270 if(params_to_send < 0 || data_to_send < 0) {
271 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
272 params_to_send, data_to_send));
273 exit_server_cleanly("send_nt_replies: internal error");
274 }
275 }
276 }
277
278 /****************************************************************************
279 Reply to an NT create and X call on a pipe
280 ****************************************************************************/
281
282 static void nt_open_pipe(char *fname, connection_struct *conn,
283 struct smb_request *req, int *ppnum)
284 {
285 files_struct *fsp;
286 NTSTATUS status;
287
288 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
289
290 /* Strip \\ off the name. */
291 fname++;
292
293 status = open_np_file(req, fname, &fsp);
294 if (!NT_STATUS_IS_OK(status)) {
295 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
296 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
297 ERRDOS, ERRbadpipe);
298 return;
299 }
300 reply_nterror(req, status);
301 return;
302 }
303
304 *ppnum = fsp->fnum;
305 return;
306 }
307
308 /****************************************************************************
309 Reply to an NT create and X call for pipes.
310 ****************************************************************************/
311
312 static void do_ntcreate_pipe_open(connection_struct *conn,
313 struct smb_request *req)
314 {
315 char *fname = NULL;
316 int pnum = -1;
317 char *p = NULL;
318 uint32 flags = IVAL(req->vwv+3, 1);
319 TALLOC_CTX *ctx = talloc_tos();
320
321 srvstr_pull_req_talloc(ctx, req, &fname, req->buf, STR_TERMINATE);
322
323 if (!fname) {
324 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
325 ERRDOS, ERRbadpipe);
326 return;
327 }
328 nt_open_pipe(fname, conn, req, &pnum);
329
330 if (req->outbuf) {
331 /* error reply */
332 return;
333 }
334
335 /*
336 * Deal with pipe return.
337 */
338
339 if (flags & EXTENDED_RESPONSE_REQUIRED) {
340 /* This is very strange. We
341 * return 50 words, but only set
342 * the wcnt to 42 ? It's definately
343 * what happens on the wire....
344 */
345 reply_outbuf(req, 50, 0);
346 SCVAL(req->outbuf,smb_wct,42);
347 } else {
348 reply_outbuf(req, 34, 0);
349 }
350
351 p = (char *)req->outbuf + smb_vwv2;
352 p++;
353 SSVAL(p,0,pnum);
354 p += 2;
355 SIVAL(p,0,FILE_WAS_OPENED);
356 p += 4;
357 p += 32;
358 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
359 p += 20;
360 /* File type. */
361 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
362 /* Device state. */
363 SSVAL(p,2, 0x5FF); /* ? */
364 p += 4;
365
366 if (flags & EXTENDED_RESPONSE_REQUIRED) {
367 p += 25;
368 SIVAL(p,0,FILE_GENERIC_ALL);
369 /*
370 * For pipes W2K3 seems to return
371 * 0x12019B next.
372 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
373 */
374 SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
375 }
376
377 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
378
379 chain_reply(req);
380 }
381
382 struct case_semantics_state {
383 connection_struct *conn;
384 bool case_sensitive;
385 bool case_preserve;
386 bool short_case_preserve;
387 };
388
389 /****************************************************************************
390 Restore case semantics.
391 ****************************************************************************/
392
393 static int restore_case_semantics(struct case_semantics_state *state)
394 {
395 state->conn->case_sensitive = state->case_sensitive;
396 state->conn->case_preserve = state->case_preserve;
397 state->conn->short_case_preserve = state->short_case_preserve;
398 return 0;
399 }
400
401 /****************************************************************************
402 Save case semantics.
403 ****************************************************************************/
404
405 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
406 connection_struct *conn)
407 {
408 struct case_semantics_state *result;
409
410 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
411 return NULL;
412 }
413
414 result->conn = conn;
415 result->case_sensitive = conn->case_sensitive;
416 result->case_preserve = conn->case_preserve;
417 result->short_case_preserve = conn->short_case_preserve;
418
419 /* Set to POSIX. */
420 conn->case_sensitive = True;
421 conn->case_preserve = True;
422 conn->short_case_preserve = True;
423
424 talloc_set_destructor(result, restore_case_semantics);
425
426 return result;
427 }
428
429 /****************************************************************************
430 Reply to an NT create and X call.
431 ****************************************************************************/
432
433 void reply_ntcreate_and_X(struct smb_request *req)
434 {
435 connection_struct *conn = req->conn;
436 struct smb_filename *smb_fname = NULL;
437 char *fname = NULL;
438 uint32 flags;
439 uint32 access_mask;
440 uint32 file_attributes;
441 uint32 share_access;
442 uint32 create_disposition;
443 uint32 create_options;
444 uint16 root_dir_fid;
445 uint64_t allocation_size;
446 /* Breakout the oplock request bits so we can set the
447 reply bits separately. */
448 uint32 fattr=0;
449 SMB_OFF_T file_len = 0;
450 int info = 0;
451 files_struct *fsp = NULL;
452 char *p = NULL;
453 struct timespec create_timespec;
454 struct timespec c_timespec;
455 struct timespec a_timespec;
456 struct timespec m_timespec;
457 struct timespec write_time_ts;
458 NTSTATUS status;
459 int oplock_request;
460 uint8_t oplock_granted = NO_OPLOCK_RETURN;
461 struct case_semantics_state *case_state = NULL;
462 TALLOC_CTX *ctx = talloc_tos();
463
464 START_PROFILE(SMBntcreateX);
465
466 if (req->wct < 24) {
467 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
468 goto out;
469 }
470
471 flags = IVAL(req->vwv+3, 1);
472 access_mask = IVAL(req->vwv+7, 1);
473 file_attributes = IVAL(req->vwv+13, 1);
474 share_access = IVAL(req->vwv+15, 1);
475 create_disposition = IVAL(req->vwv+17, 1);
476 create_options = IVAL(req->vwv+19, 1);
477 root_dir_fid = (uint16)IVAL(req->vwv+5, 1);
478
479 allocation_size = BVAL(req->vwv+9, 1);
480
481 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
482 STR_TERMINATE, &status);
483
484 if (!NT_STATUS_IS_OK(status)) {
485 reply_nterror(req, status);
486 goto out;
487 }
488
489 DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
490 "file_attributes = 0x%x, share_access = 0x%x, "
491 "create_disposition = 0x%x create_options = 0x%x "
492 "root_dir_fid = 0x%x, fname = %s\n",
493 (unsigned int)flags,
494 (unsigned int)access_mask,
495 (unsigned int)file_attributes,
496 (unsigned int)share_access,
497 (unsigned int)create_disposition,
498 (unsigned int)create_options,
499 (unsigned int)root_dir_fid,
500 fname));
501
502 /*
503 * we need to remove ignored bits when they come directly from the client
504 * because we reuse some of them for internal stuff
505 */
506 create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
507
508 /*
509 * If it's an IPC, use the pipe handler.
510 */
511
512 if (IS_IPC(conn)) {
513 if (lp_nt_pipe_support()) {
514 do_ntcreate_pipe_open(conn, req);
515 goto out;
516 }
517 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
518 goto out;
519 }
520
521 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
522 if (oplock_request) {
523 oplock_request |= (flags & REQUEST_BATCH_OPLOCK)
524 ? BATCH_OPLOCK : 0;
525 }
526
527 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
528 case_state = set_posix_case_semantics(ctx, conn);
529 if (!case_state) {
530 reply_nterror(req, NT_STATUS_NO_MEMORY);
531 goto out;
532 }
533 }
534
535 status = filename_convert(ctx,
536 conn,
537 req->flags2 & FLAGS2_DFS_PATHNAMES,
538 fname,
539 (create_disposition == FILE_CREATE)
540 ? UCF_CREATING_FILE : 0,
541 NULL,
542 &smb_fname);
543
544 TALLOC_FREE(case_state);
545
546 if (!NT_STATUS_IS_OK(status)) {
547 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
548 reply_botherror(req,
549 NT_STATUS_PATH_NOT_COVERED,
550 ERRSRV, ERRbadpath);
551 goto out;
552 }
553 reply_nterror(req, status);
554 goto out;
555 }
556
557 /*
558 * Bug #6898 - clients using Windows opens should
559 * never be able to set this attribute into the
560 * VFS.
561 */
562 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
563
564 status = SMB_VFS_CREATE_FILE(
565 conn, /* conn */
566 req, /* req */
567 root_dir_fid, /* root_dir_fid */
568 smb_fname, /* fname */
569 access_mask, /* access_mask */
570 share_access, /* share_access */
571 create_disposition, /* create_disposition*/
572 create_options, /* create_options */
573 file_attributes, /* file_attributes */
574 oplock_request, /* oplock_request */
575 allocation_size, /* allocation_size */
576 0, /* private_flags */
577 NULL, /* sd */
578 NULL, /* ea_list */
579 &fsp, /* result */
580 &info); /* pinfo */
581
582 if (!NT_STATUS_IS_OK(status)) {
583 if (open_was_deferred(req->mid)) {
584 /* We have re-scheduled this call, no error. */
585 goto out;
586 }
587 reply_openerror(req, status);
588 goto out;
589 }
590
591 /* Ensure we're pointing at the correct stat struct. */
592 TALLOC_FREE(smb_fname);
593 smb_fname = fsp->fsp_name;
594
595 /*
596 * If the caller set the extended oplock request bit
597 * and we granted one (by whatever means) - set the
598 * correct bit for extended oplock reply.
599 */
600
601 if (oplock_request &&
602 (lp_fake_oplocks(SNUM(conn))
603 || EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))) {
604
605 /*
606 * Exclusive oplock granted
607 */
608
609 if (flags & REQUEST_BATCH_OPLOCK) {
610 oplock_granted = BATCH_OPLOCK_RETURN;
611 } else {
612 oplock_granted = EXCLUSIVE_OPLOCK_RETURN;
613 }
614 } else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
615 oplock_granted = LEVEL_II_OPLOCK_RETURN;
616 } else {
617 oplock_granted = NO_OPLOCK_RETURN;
618 }
619
620 file_len = smb_fname->st.st_ex_size;
621
622 if (flags & EXTENDED_RESPONSE_REQUIRED) {
623 /* This is very strange. We
624 * return 50 words, but only set
625 * the wcnt to 42 ? It's definately
626 * what happens on the wire....
627 */
628 reply_outbuf(req, 50, 0);
629 SCVAL(req->outbuf,smb_wct,42);
630 } else {
631 reply_outbuf(req, 34, 0);
632 }
633
634 p = (char *)req->outbuf + smb_vwv2;
635
636 SCVAL(p, 0, oplock_granted);
637
638 p++;
639 SSVAL(p,0,fsp->fnum);
640 p += 2;
641 if ((create_disposition == FILE_SUPERSEDE)
642 && (info == FILE_WAS_OVERWRITTEN)) {
643 SIVAL(p,0,FILE_WAS_SUPERSEDED);
644 } else {
645 SIVAL(p,0,info);
646 }
647 p += 4;
648
649 fattr = dos_mode(conn, smb_fname);
650 if (fattr == 0) {
651 fattr = FILE_ATTRIBUTE_NORMAL;
652 }
653
654 /* Deal with other possible opens having a modified
655 write time. JRA. */
656 ZERO_STRUCT(write_time_ts);
657 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
658 if (!null_timespec(write_time_ts)) {
659 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
660 }
661
662 /* Create time. */
663 create_timespec = get_create_timespec(conn, fsp, smb_fname);
664 a_timespec = smb_fname->st.st_ex_atime;
665 m_timespec = smb_fname->st.st_ex_mtime;
666 c_timespec = get_change_timespec(conn, fsp, smb_fname);
667
668 if (lp_dos_filetime_resolution(SNUM(conn))) {
669 dos_filetime_timespec(&create_timespec);
670 dos_filetime_timespec(&a_timespec);
671 dos_filetime_timespec(&m_timespec);
672 dos_filetime_timespec(&c_timespec);
673 }
674
675 put_long_date_timespec(conn->ts_res, p, create_timespec); /* create time. */
676 p += 8;
677 put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
678 p += 8;
679 put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
680 p += 8;
681 put_long_date_timespec(conn->ts_res, p, c_timespec); /* change time */
682 p += 8;
683 SIVAL(p,0,fattr); /* File Attributes. */
684 p += 4;
685 SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&smb_fname->st));
686 p += 8;
687 SOFF_T(p,0,file_len);
688 p += 8;
689 if (flags & EXTENDED_RESPONSE_REQUIRED) {
690 uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG);
691 size_t num_names = 0;
692 unsigned int num_streams = 0;
693 struct stream_struct *streams = NULL;
694
695 /* Do we have any EA's ? */
696 status = get_ea_names_from_file(ctx, conn, fsp,
697 smb_fname->base_name, NULL, &num_names);
698 if (NT_STATUS_IS_OK(status) && num_names) {
699 file_status &= ~NO_EAS;
700 }
701 status = vfs_streaminfo(conn, NULL, smb_fname->base_name, ctx,
702 &num_streams, &streams);
703 /* There is always one stream, ::$DATA. */
704 if (NT_STATUS_IS_OK(status) && num_streams > 1) {
705 file_status &= ~NO_SUBSTREAMS;
706 }
707 TALLOC_FREE(streams);
708 SSVAL(p,2,file_status);
709 }
710 p += 4;
711 SCVAL(p,0,fsp->is_directory ? 1 : 0);
712
713 if (flags & EXTENDED_RESPONSE_REQUIRED) {
714 uint32 perms = 0;
715 p += 25;
716 if (fsp->is_directory ||
717 can_write_to_file(conn, smb_fname)) {
718 perms = FILE_GENERIC_ALL;
719 } else {
720 perms = FILE_GENERIC_READ|FILE_EXECUTE;
721 }
722 SIVAL(p,0,perms);
723 }
724
725 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n",
726 fsp->fnum, smb_fname_str_dbg(smb_fname)));
727
728 chain_reply(req);
729 out:
730 END_PROFILE(SMBntcreateX);
731 return;
732 }
733
734 /****************************************************************************
735 Reply to a NT_TRANSACT_CREATE call to open a pipe.
736 ****************************************************************************/
737
738 static void do_nt_transact_create_pipe(connection_struct *conn,
739 struct smb_request *req,
740 uint16 **ppsetup, uint32 setup_count,
741 char **ppparams, uint32 parameter_count,
742 char **ppdata, uint32 data_count)
743 {
744 char *fname = NULL;
745 char *params = *ppparams;
746 int pnum = -1;
747 char *p = NULL;
748 NTSTATUS status;
749 size_t param_len;
750 uint32 flags;
751 TALLOC_CTX *ctx = talloc_tos();
752
753 /*
754 * Ensure minimum number of parameters sent.
755 */
756
757 if(parameter_count < 54) {
758 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count));
759 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
760 return;
761 }
762
763 flags = IVAL(params,0);
764
765 srvstr_get_path(ctx, params, req->flags2, &fname, params+53,
766 parameter_count-53, STR_TERMINATE,
767 &status);
768 if (!NT_STATUS_IS_OK(status)) {
769 reply_nterror(req, status);
770 return;
771 }
772
773 nt_open_pipe(fname, conn, req, &pnum);
774
775 if (req->outbuf) {
776 /* Error return */
777 return;
778 }
779
780 /* Realloc the size of parameters and data we will return */
781 if (flags & EXTENDED_RESPONSE_REQUIRED) {
782 /* Extended response is 32 more byyes. */
783 param_len = 101;
784 } else {
785 param_len = 69;
786 }
787 params = nttrans_realloc(ppparams, param_len);
788 if(params == NULL) {
789 reply_nterror(req, NT_STATUS_NO_MEMORY);
790 return;
791 }
792
793 p = params;
794 SCVAL(p,0,NO_OPLOCK_RETURN);
795
796 p += 2;
797 SSVAL(p,0,pnum);
798 p += 2;
799 SIVAL(p,0,FILE_WAS_OPENED);
800 p += 8;
801
802 p += 32;
803 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
804 p += 20;
805 /* File type. */
806 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
807 /* Device state. */
808 SSVAL(p,2, 0x5FF); /* ? */
809 p += 4;
810
811 if (flags & EXTENDED_RESPONSE_REQUIRED) {
812 p += 25;
813 SIVAL(p,0,FILE_GENERIC_ALL);
814 /*
815 * For pipes W2K3 seems to return
816 * 0x12019B next.
817 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
818 */
819 SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
820 }
821
822 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
823
824 /* Send the required number of replies */
825 send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
826
827 return;
828 }
829
830 /*********************************************************************
831 Windows seems to do canonicalization of inheritance bits. Do the
832 same.
833 *********************************************************************/
834
835 static void canonicalize_inheritance_bits(struct security_descriptor *psd)
836 {
837 bool set_auto_inherited = false;
838
839 /*
840 * We need to filter out the
841 * SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
842 * bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
843 * as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
844 * when an ACE is inherited. Otherwise we zero these bits out.
845 * See:
846 *
847 * http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
848 *
849 * for details.
850 */
851
852 if ((psd->type & (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ))
853 == (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
854 set_auto_inherited = true;
855 }
856
857 psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ);
858 if (set_auto_inherited) {
859 psd->type |= SEC_DESC_DACL_AUTO_INHERITED;
860 }
861 }
862
863 /****************************************************************************
864 Internal fn to set security descriptors.
865 ****************************************************************************/
866
867 NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
868 uint32_t security_info_sent)
869 {
870 NTSTATUS status;
871
872 if (!CAN_WRITE(fsp->conn)) {
873 return NT_STATUS_ACCESS_DENIED;
874 }
875
876 if (!lp_nt_acl_support(SNUM(fsp->conn))) {
877 return NT_STATUS_OK;
878 }
879
880 if (psd->owner_sid == NULL) {
881 security_info_sent &= ~SECINFO_OWNER;
882 }
883 if (psd->group_sid == NULL) {
884 security_info_sent &= ~SECINFO_GROUP;
885 }
886
887 /* Ensure we have at least one thing set. */
888 if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
889 /* Just like W2K3 */
890 return NT_STATUS_OK;
891 }
892
893 /* Ensure we have the rights to do this. */
894 if (security_info_sent & SECINFO_OWNER) {
895 if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
896 return NT_STATUS_ACCESS_DENIED;
897 }
898 }
899
900 if (security_info_sent & SECINFO_GROUP) {
901 if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
902 return NT_STATUS_ACCESS_DENIED;
903 }
904 }
905
906 if (security_info_sent & SECINFO_DACL) {
907 if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
908 return NT_STATUS_ACCESS_DENIED;
909 }
910 /* Convert all the generic bits. */
911 if (psd->dacl) {
912 security_acl_map_generic(psd->dacl, &file_generic_mapping);
913 }
914 }
915
916 if (security_info_sent & SECINFO_SACL) {
917 if (!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
918 return NT_STATUS_ACCESS_DENIED;
919 }
920 /* Convert all the generic bits. */
921 if (psd->sacl) {
922 security_acl_map_generic(psd->sacl, &file_generic_mapping);
923 }
924 }
925
926 canonicalize_inheritance_bits(psd);
927
928 if (DEBUGLEVEL >= 10) {
929 DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
930 NDR_PRINT_DEBUG(security_descriptor, psd);
931 }
932
933 status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd);
934
935 TALLOC_FREE(psd);
936
937 return status;
938 }
939
940 /****************************************************************************
941 Internal fn to set security descriptors from a data blob.
942 ****************************************************************************/
943
944 NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
945 uint32_t security_info_sent)
946 {
947 struct security_descriptor *psd = NULL;
948 NTSTATUS status;
949
950 if (sd_len == 0) {
951 return NT_STATUS_INVALID_PARAMETER;
952 }
953
954 status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
955
956 if (!NT_STATUS_IS_OK(status)) {
957 return status;
958 }
959
960 return set_sd(fsp, psd, security_info_sent);
961 }
962
963 /****************************************************************************
964 Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
965 ****************************************************************************/
966
967 struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
968 {
969 struct ea_list *ea_list_head = NULL;
970 size_t offset = 0;
971
972 if (data_size < 4) {
973 return NULL;
974 }
975
976 while (offset + 4 <= data_size) {
977 size_t next_offset = IVAL(pdata,offset);
978 struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset + 4, data_size - offset - 4, NULL);
979
980 if (!eal) {
981 return NULL;
982 }
983
984 DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
985 if (next_offset == 0) {
986 break;
987 }
988
989 /* Integer wrap protection for the increment. */
990 if (offset + next_offset < offset) {
991 break;
992 }
993
994 offset += next_offset;
995
996 /* Integer wrap protection for while loop. */
997 if (offset + 4 < offset) {
998 break;
999 }
1000
1001 }
1002
1003 return ea_list_head;
1004 }
1005
1006 /****************************************************************************
1007 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1008 ****************************************************************************/
1009
1010 static void call_nt_transact_create(connection_struct *conn,
1011 struct smb_request *req,
1012 uint16 **ppsetup, uint32 setup_count,
1013 char **ppparams, uint32 parameter_count,
1014 char **ppdata, uint32 data_count,
1015 uint32 max_data_count)
1016 {
1017 struct smb_filename *smb_fname = NULL;
1018 char *fname = NULL;
1019 char *params = *ppparams;
1020 char *data = *ppdata;
1021 /* Breakout the oplock request bits so we can set the reply bits separately. */
1022 uint32 fattr=0;
1023 SMB_OFF_T file_len = 0;
1024 int info = 0;
1025 files_struct *fsp = NULL;
1026 char *p = NULL;
1027 uint32 flags;
1028 uint32 access_mask;
1029 uint32 file_attributes;
1030 uint32 share_access;
1031 uint32 create_disposition;
1032 uint32 create_options;
1033 uint32 sd_len;
1034 struct security_descriptor *sd = NULL;
1035 uint32 ea_len;
1036 uint16 root_dir_fid;
1037 struct timespec create_timespec;
1038 struct timespec c_timespec;
1039 struct timespec a_timespec;
1040 struct timespec m_timespec;
1041 struct timespec write_time_ts;
1042 struct ea_list *ea_list = NULL;
1043 NTSTATUS status;
1044 size_t param_len;
1045 uint64_t allocation_size;
1046 int oplock_request;
1047 uint8_t oplock_granted;
1048 struct case_semantics_state *case_state = NULL;
1049 TALLOC_CTX *ctx = talloc_tos();
1050
1051 DEBUG(5,("call_nt_transact_create\n"));
1052
1053 /*
1054 * If it's an IPC, use the pipe handler.
1055 */
1056
1057 if (IS_IPC(conn)) {
1058 if (lp_nt_pipe_support()) {
1059 do_nt_transact_create_pipe(
1060 conn, req,
1061 ppsetup, setup_count,
1062 ppparams, parameter_count,
1063 ppdata, data_count);
1064 goto out;
1065 }
1066 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1067 goto out;
1068 }
1069
1070 /*
1071 * Ensure minimum number of parameters sent.
1072 */
1073
1074 if(parameter_count < 54) {
1075 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count));
1076 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1077 goto out;
1078 }
1079
1080 flags = IVAL(params,0);
1081 access_mask = IVAL(params,8);
1082 file_attributes = IVAL(params,20);
1083 share_access = IVAL(params,24);
1084 create_disposition = IVAL(params,28);
1085 create_options = IVAL(params,32);
1086 sd_len = IVAL(params,36);
1087 ea_len = IVAL(params,40);
1088 root_dir_fid = (uint16)IVAL(params,4);
1089 allocation_size = BVAL(params,12);
1090
1091 /*
1092 * we need to remove ignored bits when they come directly from the client
1093 * because we reuse some of them for internal stuff
1094 */
1095 create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
1096
1097 /* Ensure the data_len is correct for the sd and ea values given. */
1098 if ((ea_len + sd_len > data_count)
1099 || (ea_len > data_count) || (sd_len > data_count)
1100 || (ea_len + sd_len < ea_len) || (ea_len + sd_len < sd_len)) {
1101 DEBUG(10, ("call_nt_transact_create - ea_len = %u, sd_len = "
1102 "%u, data_count = %u\n", (unsigned int)ea_len,
1103 (unsigned int)sd_len, (unsigned int)data_count));
1104 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1105 goto out;
1106 }
1107
1108 if (sd_len) {
1109 DEBUG(10, ("call_nt_transact_create - sd_len = %d\n",
1110 sd_len));
1111
1112 status = unmarshall_sec_desc(ctx, (uint8_t *)data, sd_len,
1113 &sd);
1114 if (!NT_STATUS_IS_OK(status)) {
1115 DEBUG(10, ("call_nt_transact_create: "
1116 "unmarshall_sec_desc failed: %s\n",
1117 nt_errstr(status)));
1118 reply_nterror(req, status);
1119 goto out;
1120 }
1121 }
1122
1123 if (ea_len) {
1124 if (!lp_ea_support(SNUM(conn))) {
1125 DEBUG(10, ("call_nt_transact_create - ea_len = %u but "
1126 "EA's not supported.\n",
1127 (unsigned int)ea_len));
1128 reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
1129 goto out;
1130 }
1131
1132 if (ea_len < 10) {
1133 DEBUG(10,("call_nt_transact_create - ea_len = %u - "
1134 "too small (should be more than 10)\n",
1135 (unsigned int)ea_len ));
1136 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1137 goto out;
1138 }
1139
1140 /* We have already checked that ea_len <= data_count here. */
1141 ea_list = read_nttrans_ea_list(talloc_tos(), data + sd_len,
1142 ea_len);
1143 if (ea_list == NULL) {
1144 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1145 goto out;
1146 }
1147 }
1148
1149 srvstr_get_path(ctx, params, req->flags2, &fname,
1150 params+53, parameter_count-53,
1151 STR_TERMINATE, &status);
1152 if (!NT_STATUS_IS_OK(status)) {
1153 reply_nterror(req, status);
1154 goto out;
1155 }
1156
1157 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1158 case_state = set_posix_case_semantics(ctx, conn);
1159 if (!case_state) {
1160 reply_nterror(req, NT_STATUS_NO_MEMORY);
1161 goto out;
1162 }
1163 }
1164
1165 status = filename_convert(ctx,
1166 conn,
1167 req->flags2 & FLAGS2_DFS_PATHNAMES,
1168 fname,
1169 (create_disposition == FILE_CREATE)
1170 ? UCF_CREATING_FILE : 0,
1171 NULL,
1172 &smb_fname);
1173
1174 TALLOC_FREE(case_state);
1175
1176 if (!NT_STATUS_IS_OK(status)) {
1177 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1178 reply_botherror(req,
1179 NT_STATUS_PATH_NOT_COVERED,
1180 ERRSRV, ERRbadpath);
1181 goto out;
1182 }
1183 reply_nterror(req, status);
1184 goto out;
1185 }
1186
1187 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1188 if (oplock_request) {
1189 oplock_request |= (flags & REQUEST_BATCH_OPLOCK)
1190 ? BATCH_OPLOCK : 0;
1191 }
1192
1193 /*
1194 * Bug #6898 - clients using Windows opens should
1195 * never be able to set this attribute into the
1196 * VFS.
1197 */
1198 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
1199
1200 status = SMB_VFS_CREATE_FILE(
1201 conn, /* conn */
1202 req, /* req */
1203 root_dir_fid, /* root_dir_fid */
1204 smb_fname, /* fname */
1205 access_mask, /* access_mask */
1206 share_access, /* share_access */
1207 create_disposition, /* create_disposition*/
1208 create_options, /* create_options */
1209 file_attributes, /* file_attributes */
1210 oplock_request, /* oplock_request */
1211 allocation_size, /* allocation_size */
1212 0, /* private_flags */
1213 sd, /* sd */
1214 ea_list, /* ea_list */
1215 &fsp, /* result */
1216 &info); /* pinfo */
1217
1218 if(!NT_STATUS_IS_OK(status)) {
1219 if (open_was_deferred(req->mid)) {
1220 /* We have re-scheduled this call, no error. */
1221 return;
1222 }
1223 reply_openerror(req, status);
1224 goto out;
1225 }
1226
1227 /* Ensure we're pointing at the correct stat struct. */
1228 TALLOC_FREE(smb_fname);
1229 smb_fname = fsp->fsp_name;
1230
1231 /*
1232 * If the caller set the extended oplock request bit
1233 * and we granted one (by whatever means) - set the
1234 * correct bit for extended oplock reply.
1235 */
1236
1237 if (oplock_request &&
1238 (lp_fake_oplocks(SNUM(conn))
1239 || EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))) {
1240
1241 /*
1242 * Exclusive oplock granted
1243 */
1244
1245 if (flags & REQUEST_BATCH_OPLOCK) {
1246 oplock_granted = BATCH_OPLOCK_RETURN;
1247 } else {
1248 oplock_granted = EXCLUSIVE_OPLOCK_RETURN;
1249 }
1250 } else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
1251 oplock_granted = LEVEL_II_OPLOCK_RETURN;
1252 } else {
1253 oplock_granted = NO_OPLOCK_RETURN;
1254 }
1255
1256 file_len = smb_fname->st.st_ex_size;
1257
1258 /* Realloc the size of parameters and data we will return */
1259 if (flags & EXTENDED_RESPONSE_REQUIRED) {
1260 /* Extended response is 32 more byyes. */
1261 param_len = 101;
1262 } else {
1263 param_len = 69;
1264 }
1265 params = nttrans_realloc(ppparams, param_len);
1266 if(params == NULL) {
1267 reply_nterror(req, NT_STATUS_NO_MEMORY);
1268 goto out;
1269 }
1270
1271 p = params;
1272 SCVAL(p, 0, oplock_granted);
1273
1274 p += 2;
1275 SSVAL(p,0,fsp->fnum);
1276 p += 2;
1277 if ((create_disposition == FILE_SUPERSEDE)
1278 && (info == FILE_WAS_OVERWRITTEN)) {
1279 SIVAL(p,0,FILE_WAS_SUPERSEDED);
1280 } else {
1281 SIVAL(p,0,info);
1282 }
1283 p += 8;
1284
1285 fattr = dos_mode(conn, smb_fname);
1286 if (fattr == 0) {
1287 fattr = FILE_ATTRIBUTE_NORMAL;
1288 }
1289
1290 /* Deal with other possible opens having a modified
1291 write time. JRA. */
1292 ZERO_STRUCT(write_time_ts);
1293 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
1294 if (!null_timespec(write_time_ts)) {
1295 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1296 }
1297
1298 /* Create time. */
1299 create_timespec = get_create_timespec(conn, fsp, smb_fname);
1300 a_timespec = smb_fname->st.st_ex_atime;
1301 m_timespec = smb_fname->st.st_ex_mtime;
1302 c_timespec = get_change_timespec(conn, fsp, smb_fname);
1303
1304 if (lp_dos_filetime_resolution(SNUM(conn))) {
1305 dos_filetime_timespec(&create_timespec);
1306 dos_filetime_timespec(&a_timespec);
1307 dos_filetime_timespec(&m_timespec);
1308 dos_filetime_timespec(&c_timespec);
1309 }
1310
1311 put_long_date_timespec(conn->ts_res, p, create_timespec); /* create time. */
1312 p += 8;
1313 put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
1314 p += 8;
1315 put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
1316 p += 8;
1317 put_long_date_timespec(conn->ts_res, p, c_timespec); /* change time */
1318 p += 8;
1319 SIVAL(p,0,fattr); /* File Attributes. */
1320 p += 4;
1321 SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st));
1322 p += 8;
1323 SOFF_T(p,0,file_len);
1324 p += 8;
1325 if (flags & EXTENDED_RESPONSE_REQUIRED) {
1326 uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG);
1327 size_t num_names = 0;
1328 unsigned int num_streams = 0;
1329 struct stream_struct *streams = NULL;
1330
1331 /* Do we have any EA's ? */
1332 status = get_ea_names_from_file(ctx, conn, fsp,
1333 smb_fname->base_name, NULL, &num_names);
1334 if (NT_STATUS_IS_OK(status) && num_names) {
1335 file_status &= ~NO_EAS;
1336 }
1337 status = vfs_streaminfo(conn, NULL, smb_fname->base_name, ctx,
1338 &num_streams, &streams);
1339 /* There is always one stream, ::$DATA. */
1340 if (NT_STATUS_IS_OK(status) && num_streams > 1) {
1341 file_status &= ~NO_SUBSTREAMS;
1342 }
1343 TALLOC_FREE(streams);
1344 SSVAL(p,2,file_status);
1345 }
1346 p += 4;
1347 SCVAL(p,0,fsp->is_directory ? 1 : 0);
1348
1349 if (flags & EXTENDED_RESPONSE_REQUIRED) {
1350 uint32 perms = 0;
1351 p += 25;
1352 if (fsp->is_directory ||
1353 can_write_to_file(conn, smb_fname)) {
1354 perms = FILE_GENERIC_ALL;
1355 } else {
1356 perms = FILE_GENERIC_READ|FILE_EXECUTE;
1357 }
1358 SIVAL(p,0,perms);
1359 }
1360
1361 DEBUG(5,("call_nt_transact_create: open name = %s\n",
1362 smb_fname_str_dbg(smb_fname)));
1363
1364 /* Send the required number of replies */
1365 send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
1366 out:
1367 return;
1368 }
1369
1370 /****************************************************************************
1371 Reply to a NT CANCEL request.
1372 conn POINTER CAN BE NULL HERE !
1373 ****************************************************************************/
1374
1375 void reply_ntcancel(struct smb_request *req)
1376 {
1377 /*
1378 * Go through and cancel any pending change notifies.
1379 */
1380
1381 START_PROFILE(SMBntcancel);
1382 srv_cancel_sign_response(req->sconn);
1383 remove_pending_change_notify_requests_by_mid(req->sconn, req->mid);
1384 remove_pending_lock_requests_by_mid_smb1(req->sconn, req->mid);
1385
1386 DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n",
1387 (unsigned long long)req->mid));
1388
1389 END_PROFILE(SMBntcancel);
1390 return;
1391 }
1392
1393 /****************************************************************************
1394 Copy a file.
1395 ****************************************************************************/
1396
1397 static NTSTATUS copy_internals(TALLOC_CTX *ctx,
1398 connection_struct *conn,
1399 struct smb_request *req,
1400 struct smb_filename *smb_fname_src,
1401 struct smb_filename *smb_fname_dst,
1402 uint32 attrs)
1403 {
1404 files_struct *fsp1,*fsp2;
1405 uint32 fattr;
1406 int info;
1407 SMB_OFF_T ret=-1;
1408 NTSTATUS status = NT_STATUS_OK;
1409 char *parent;
1410
1411 if (!CAN_WRITE(conn)) {
1412 status = NT_STATUS_MEDIA_WRITE_PROTECTED;
1413 goto out;
1414 }
1415
1416 /* Source must already exist. */
1417 if (!VALID_STAT(smb_fname_src->st)) {
1418 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
1419 goto out;
1420 }
1421
1422 /* Ensure attributes match. */
1423 fattr = dos_mode(conn, smb_fname_src);
1424 if ((fattr & ~attrs) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
1425 status = NT_STATUS_NO_SUCH_FILE;
1426 goto out;
1427 }
1428
1429 /* Disallow if dst file already exists. */
1430 if (VALID_STAT(smb_fname_dst->st)) {
1431 status = NT_STATUS_OBJECT_NAME_COLLISION;
1432 goto out;
1433 }
1434
1435 /* No links from a directory. */
1436 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
1437 status = NT_STATUS_FILE_IS_A_DIRECTORY;
1438 goto out;
1439 }
1440
1441 DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1442 smb_fname_str_dbg(smb_fname_src),
1443 smb_fname_str_dbg(smb_fname_dst)));
1444
1445 status = SMB_VFS_CREATE_FILE(
1446 conn, /* conn */
1447 req, /* req */
1448 0, /* root_dir_fid */
1449 smb_fname_src, /* fname */
1450 FILE_READ_DATA|FILE_READ_ATTRIBUTES|
1451 FILE_READ_EA, /* access_mask */
1452 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
1453 FILE_SHARE_DELETE),
1454 FILE_OPEN, /* create_disposition*/
1455 0, /* create_options */
1456 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
1457 NO_OPLOCK, /* oplock_request */
1458 0, /* allocation_size */
1459 0, /* private_flags */
1460 NULL, /* sd */
1461 NULL, /* ea_list */
1462 &fsp1, /* result */
1463 &info); /* pinfo */
1464
1465 if (!NT_STATUS_IS_OK(status)) {
1466 goto out;
1467 }
1468
1469 status = SMB_VFS_CREATE_FILE(
1470 conn, /* conn */
1471 req, /* req */
1472 0, /* root_dir_fid */
1473 smb_fname_dst, /* fname */
1474 FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|
1475 FILE_WRITE_EA, /* access_mask */
1476 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
1477 FILE_SHARE_DELETE),
1478 FILE_CREATE, /* create_disposition*/
1479 0, /* create_options */
1480 fattr, /* file_attributes */
1481 NO_OPLOCK, /* oplock_request */
1482 0, /* allocation_size */
1483 0, /* private_flags */
1484 NULL, /* sd */
1485 NULL, /* ea_list */
1486 &fsp2, /* result */
1487 &info); /* pinfo */
1488
1489 if (!NT_STATUS_IS_OK(status)) {
1490 close_file(NULL, fsp1, ERROR_CLOSE);
1491 goto out;
1492 }
1493
1494 if (smb_fname_src->st.st_ex_size) {
1495 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
1496 }
1497
1498 /*
1499 * As we are opening fsp1 read-only we only expect
1500 * an error on close on fsp2 if we are out of space.
1501 * Thus we don't look at the error return from the
1502 * close of fsp1.
1503 */
1504 close_file(NULL, fsp1, NORMAL_CLOSE);
1505
1506 /* Ensure the modtime is set correctly on the destination file. */
1507 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
1508
1509 status = close_file(NULL, fsp2, NORMAL_CLOSE);
1510
1511 /* Grrr. We have to do this as open_file_ntcreate adds FILE_ATTRIBUTE_ARCHIVE when it
1512 creates the file. This isn't the correct thing to do in the copy
1513 case. JRA */
1514 if (!parent_dirname(talloc_tos(), smb_fname_dst->base_name, &parent,
1515 NULL)) {
1516 status = NT_STATUS_NO_MEMORY;
1517 goto out;
1518 }
1519 file_set_dosmode(conn, smb_fname_dst, fattr, parent, false);
1520 TALLOC_FREE(parent);
1521
1522 if (ret < (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
1523 status = NT_STATUS_DISK_FULL;
1524 goto out;
1525 }
1526 out:
1527 if (!NT_STATUS_IS_OK(status)) {
1528 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1529 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
1530 smb_fname_str_dbg(smb_fname_dst)));
1531 }
1532
1533 return status;
1534 }
1535
1536 /****************************************************************************
1537 Reply to a NT rename request.
1538 ****************************************************************************/
1539
1540 void reply_ntrename(struct smb_request *req)
1541 {
1542 connection_struct *conn = req->conn;
1543 struct smb_filename *smb_fname_old = NULL;
1544 struct smb_filename *smb_fname_new = NULL;
1545 char *oldname = NULL;
1546 char *newname = NULL;
1547 const char *p;
1548 NTSTATUS status;
1549 bool src_has_wcard = False;
1550 bool dest_has_wcard = False;
1551 uint32 attrs;
1552 uint32_t ucf_flags_src = 0;
1553 uint32_t ucf_flags_dst = 0;
1554 uint16 rename_type;
1555 TALLOC_CTX *ctx = talloc_tos();
1556 bool stream_rename = false;
1557
1558 START_PROFILE(SMBntrename);
1559
1560 if (req->wct < 4) {
1561 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1562 goto out;
1563 }
1564
1565 attrs = SVAL(req->vwv+0, 0);
1566 rename_type = SVAL(req->vwv+1, 0);
1567
1568 p = (const char *)req->buf + 1;
1569 p += srvstr_get_path_req_wcard(ctx, req, &oldname, p, STR_TERMINATE,
1570 &status, &src_has_wcard);
1571 if (!NT_STATUS_IS_OK(status)) {
1572 reply_nterror(req, status);
1573 goto out;
1574 }
1575
1576 if (ms_has_wild(oldname)) {
1577 reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
1578 goto out;
1579 }
1580
1581 p++;
1582 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
1583 &status, &dest_has_wcard);
1584 if (!NT_STATUS_IS_OK(status)) {
1585 reply_nterror(req, status);
1586 goto out;
1587 }
1588
1589 if (!lp_posix_pathnames()) {
1590 /* The newname must begin with a ':' if the
1591 oldname contains a ':'. */
1592 if (strchr_m(oldname, ':')) {
1593 if (newname[0] != ':') {
1594 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1595 goto out;
1596 }
1597 stream_rename = true;
1598 }
1599 }
1600
1601 /*
1602 * If this is a rename operation, allow wildcards and save the
1603 * destination's last component.
1604 */
1605 if (rename_type == RENAME_FLAG_RENAME) {
1606 ucf_flags_src = UCF_COND_ALLOW_WCARD_LCOMP;
1607 ucf_flags_dst = UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP;
1608 }
1609
1610 /* rename_internals() calls unix_convert(), so don't call it here. */
1611 status = filename_convert(ctx, conn,
1612 req->flags2 & FLAGS2_DFS_PATHNAMES,
1613 oldname,
1614 ucf_flags_src,
1615 NULL,
1616 &smb_fname_old);
1617 if (!NT_STATUS_IS_OK(status)) {
1618 if (NT_STATUS_EQUAL(status,
1619 NT_STATUS_PATH_NOT_COVERED)) {
1620 reply_botherror(req,
1621 NT_STATUS_PATH_NOT_COVERED,
1622 ERRSRV, ERRbadpath);
1623 goto out;
1624 }
1625 reply_nterror(req, status);
1626 goto out;
1627 }
1628
1629 status = filename_convert(ctx, conn,
1630 req->flags2 & FLAGS2_DFS_PATHNAMES,
1631 newname,
1632 ucf_flags_dst,
1633 &dest_has_wcard,
1634 &smb_fname_new);
1635 if (!NT_STATUS_IS_OK(status)) {
1636 if (NT_STATUS_EQUAL(status,
1637 NT_STATUS_PATH_NOT_COVERED)) {
1638 reply_botherror(req,
1639 NT_STATUS_PATH_NOT_COVERED,
1640 ERRSRV, ERRbadpath);
1641 goto out;
1642 }
1643 reply_nterror(req, status);
1644 goto out;
1645 }
1646
1647 if (stream_rename) {
1648 /* smb_fname_new must be the same as smb_fname_old. */
1649 TALLOC_FREE(smb_fname_new->base_name);
1650 smb_fname_new->base_name = talloc_strdup(smb_fname_new,
1651 smb_fname_old->base_name);
1652 if (!smb_fname_new->base_name) {
1653 reply_nterror(req, NT_STATUS_NO_MEMORY);
1654 goto out;
1655 }
1656 }
1657
1658 DEBUG(3,("reply_ntrename: %s -> %s\n",
1659 smb_fname_str_dbg(smb_fname_old),
1660 smb_fname_str_dbg(smb_fname_new)));
1661
1662 switch(rename_type) {
1663 case RENAME_FLAG_RENAME:
1664 status = rename_internals(ctx, conn, req,
1665 smb_fname_old, smb_fname_new,
1666 attrs, False, src_has_wcard,
1667 dest_has_wcard,
1668 DELETE_ACCESS);
1669 break;
1670 case RENAME_FLAG_HARD_LINK:
1671 if (src_has_wcard || dest_has_wcard) {
1672 /* No wildcards. */
1673 status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
1674 } else {
1675 status = hardlink_internals(ctx, conn,
1676 req,
1677 false,
1678 smb_fname_old,
1679 smb_fname_new);
1680 }
1681 break;
1682 case RENAME_FLAG_COPY:
1683 if (src_has_wcard || dest_has_wcard) {
1684 /* No wildcards. */
1685 status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
1686 } else {
1687 status = copy_internals(ctx, conn, req,
1688 smb_fname_old,
1689 smb_fname_new,
1690 attrs);
1691 }
1692 break;
1693 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
1694 status = NT_STATUS_INVALID_PARAMETER;
1695 break;
1696 default:
1697 status = NT_STATUS_ACCESS_DENIED; /* Default error. */
1698 break;
1699 }
1700
1701 if (!NT_STATUS_IS_OK(status)) {
1702 if (open_was_deferred(req->mid)) {
1703 /* We have re-scheduled this call. */
1704 goto out;
1705 }
1706
1707 reply_nterror(req, status);
1708 goto out;
1709 }
1710
1711 reply_outbuf(req, 0, 0);
1712 out:
1713 END_PROFILE(SMBntrename);
1714 return;
1715 }
1716
1717 /****************************************************************************
1718 Reply to a notify change - queue the request and
1719 don't allow a directory to be opened.
1720 ****************************************************************************/
1721
1722 static void smbd_smb1_notify_reply(struct smb_request *req,
1723 NTSTATUS error_code,
1724 uint8_t *buf, size_t len)
1725 {
1726 send_nt_replies(req->conn, req, error_code, (char *)buf, len, NULL, 0);
1727 }
1728
1729 static void call_nt_transact_notify_change(connection_struct *conn,
1730 struct smb_request *req,
1731 uint16 **ppsetup,
1732 uint32 setup_count,
1733 char **ppparams,
1734 uint32 parameter_count,
1735 char **ppdata, uint32 data_count,
1736 uint32 max_data_count,
1737 uint32 max_param_count)
1738 {
1739 uint16 *setup = *ppsetup;
1740 files_struct *fsp;
1741 uint32 filter;
1742 NTSTATUS status;
1743 bool recursive;
1744
1745 if(setup_count < 6) {
1746 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1747 return;
1748 }
1749
1750 fsp = file_fsp(req, SVAL(setup,4));
1751 filter = IVAL(setup, 0);
1752 recursive = (SVAL(setup, 6) != 0) ? True : False;
1753
1754 DEBUG(3,("call_nt_transact_notify_change\n"));
1755
1756 if(!fsp) {
1757 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1758 return;
1759 }
1760
1761 {
1762 char *filter_string;
1763
1764 if (!(filter_string = notify_filter_string(NULL, filter))) {
1765 reply_nterror(req,NT_STATUS_NO_MEMORY);
1766 return;
1767 }
1768
1769 DEBUG(3,("call_nt_transact_notify_change: notify change "
1770 "called on %s, filter = %s, recursive = %d\n",
1771 fsp_str_dbg(fsp), filter_string, recursive));
1772
1773 TALLOC_FREE(filter_string);
1774 }
1775
1776 if((!fsp->is_directory) || (conn != fsp->conn)) {
1777 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1778 return;
1779 }
1780
1781 if (fsp->notify == NULL) {
1782
1783 status = change_notify_create(fsp, filter, recursive);
1784
1785 if (!NT_STATUS_IS_OK(status)) {
1786 DEBUG(10, ("change_notify_create returned %s\n",
1787 nt_errstr(status)));
1788 reply_nterror(req, status);
1789 return;
1790 }
1791 }
1792
1793 if (fsp->notify->num_changes != 0) {
1794
1795 /*
1796 * We've got changes pending, respond immediately
1797 */
1798
1799 /*
1800 * TODO: write a torture test to check the filtering behaviour
1801 * here.
1802 */
1803
1804 change_notify_reply(req,
1805 NT_STATUS_OK,
1806 max_param_count,
1807 fsp->notify,
1808 smbd_smb1_notify_reply);
1809
1810 /*
1811 * change_notify_reply() above has independently sent its
1812 * results
1813 */
1814 return;
1815 }
1816
1817 /*
1818 * No changes pending, queue the request
1819 */
1820
1821 status = change_notify_add_request(req,
1822 max_param_count,
1823 filter,
1824 recursive, fsp,
1825 smbd_smb1_notify_reply);
1826 if (!NT_STATUS_IS_OK(status)) {
1827 reply_nterror(req, status);
1828 }
1829 return;
1830 }
1831
1832 /****************************************************************************
1833 Reply to an NT transact rename command.
1834 ****************************************************************************/
1835
1836 static void call_nt_transact_rename(connection_struct *conn,
1837 struct smb_request *req,
1838 uint16 **ppsetup, uint32 setup_count,
1839 char **ppparams, uint32 parameter_count,
1840 char **ppdata, uint32 data_count,
1841 uint32 max_data_count)
1842 {
1843 char *params = *ppparams;
1844 char *new_name = NULL;
1845 files_struct *fsp = NULL;
1846 bool dest_has_wcard = False;
1847 NTSTATUS status;
1848 TALLOC_CTX *ctx = talloc_tos();
1849
1850 if(parameter_count < 5) {
1851 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1852 return;
1853 }
1854
1855 fsp = file_fsp(req, SVAL(params, 0));
1856 if (!check_fsp(conn, req, fsp)) {
1857 return;
1858 }
1859 srvstr_get_path_wcard(ctx, params, req->flags2, &new_name, params+4,
1860 parameter_count - 4,
1861 STR_TERMINATE, &status, &dest_has_wcard);
1862 if (!NT_STATUS_IS_OK(status)) {
1863 reply_nterror(req, status);
1864 return;
1865 }
1866
1867 /*
1868 * W2K3 ignores this request as the RAW-RENAME test
1869 * demonstrates, so we do.
1870 */
1871 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
1872
1873 DEBUG(3,("nt transact rename from = %s, to = %s ignored!\n",
1874 fsp_str_dbg(fsp), new_name));
1875
1876 return;
1877 }
1878
1879 /******************************************************************************
1880 Fake up a completely empty SD.
1881 *******************************************************************************/
1882
1883 static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, struct security_descriptor **ppsd)
1884 {
1885 size_t sd_size;
1886
1887 *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
1888 if(!*ppsd) {
1889 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
1890 return NT_STATUS_NO_MEMORY;
1891 }
1892
1893 return NT_STATUS_OK;
1894 }
1895
1896 /****************************************************************************
1897 Reply to query a security descriptor.
1898 Callable from SMB2 and SMB2.
1899 If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with
1900 the required size.
1901 ****************************************************************************/
1902
1903 NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
1904 TALLOC_CTX *mem_ctx,
1905 files_struct *fsp,
1906 uint32_t security_info_wanted,
1907 uint32_t max_data_count,
1908 uint8_t **ppmarshalled_sd,
1909 size_t *psd_size)
1910 {
1911 NTSTATUS status;
1912 struct security_descriptor *psd = NULL;
1913
1914 /*
1915 * Get the permissions to return.
1916 */
1917
1918 if ((security_info_wanted & SECINFO_SACL) &&
1919 !(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
1920 return NT_STATUS_ACCESS_DENIED;
1921 }
1922
1923 if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) &&
1924 !(fsp->access_mask & SEC_STD_READ_CONTROL)) {
1925 return NT_STATUS_ACCESS_DENIED;
1926 }
1927
1928 if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
1929 SECINFO_GROUP|SECINFO_SACL)) {
1930 /* Don't return SECINFO_LABEL if anything else was
1931 requested. See bug #8458. */
1932 security_info_wanted &= ~SECINFO_LABEL;
1933 }
1934
1935 if (!lp_nt_acl_support(SNUM(conn))) {
1936 status = get_null_nt_acl(mem_ctx, &psd);
1937 } else if (security_info_wanted & SECINFO_LABEL) {
1938 /* Like W2K3 return a null object. */
1939 status = get_null_nt_acl(mem_ctx, &psd);
1940 } else {
1941 status = SMB_VFS_FGET_NT_ACL(
1942 fsp, security_info_wanted, &psd);
1943 }
1944 if (!NT_STATUS_IS_OK(status)) {
1945 return status;
1946 }
1947
1948 if (!(security_info_wanted & SECINFO_OWNER)) {
1949 psd->owner_sid = NULL;
1950 }
1951 if (!(security_info_wanted & SECINFO_GROUP)) {
1952 psd->group_sid = NULL;
1953 }
1954 if (!(security_info_wanted & SECINFO_DACL)) {
1955 psd->type &= ~SEC_DESC_DACL_PRESENT;
1956 psd->dacl = NULL;
1957 }
1958 if (!(security_info_wanted & SECINFO_SACL)) {
1959 psd->type &= ~SEC_DESC_SACL_PRESENT;
1960 psd->sacl = NULL;
1961 }
1962
1963 /* If the SACL/DACL is NULL, but was requested, we mark that it is
1964 * present in the reply to match Windows behavior */
1965 if (psd->sacl == NULL &&
1966 security_info_wanted & SECINFO_SACL)
1967 psd->type |= SEC_DESC_SACL_PRESENT;
1968 if (psd->dacl == NULL &&
1969 security_info_wanted & SECINFO_DACL)
1970 psd->type |= SEC_DESC_DACL_PRESENT;
1971
1972 if (security_info_wanted & SECINFO_LABEL) {
1973 /* Like W2K3 return a null object. */
1974 psd->owner_sid = NULL;
1975 psd->group_sid = NULL;
1976 psd->dacl = NULL;
1977 psd->sacl = NULL;
1978 psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
1979 }
1980
1981 *psd_size = ndr_size_security_descriptor(psd, 0);
1982
1983 DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n",
1984 (unsigned long)*psd_size));
1985
1986 if (DEBUGLEVEL >= 10) {
1987 DEBUG(10,("smbd_do_query_security_desc for file %s\n",
1988 fsp_str_dbg(fsp)));
1989 NDR_PRINT_DEBUG(security_descriptor, psd);
1990 }
1991
1992 if (max_data_count < *psd_size) {
1993 TALLOC_FREE(psd);
1994 return NT_STATUS_BUFFER_TOO_SMALL;
1995 }
1996
1997 status = marshall_sec_desc(mem_ctx, psd,
1998 ppmarshalled_sd, psd_size);
1999
2000 if (!NT_STATUS_IS_OK(status)) {
2001 TALLOC_FREE(psd);
2002 return status;
2003 }
2004
2005 TALLOC_FREE(psd);
2006 return NT_STATUS_OK;
2007 }
2008
2009 /****************************************************************************
2010 SMB1 reply to query a security descriptor.
2011 ****************************************************************************/
2012
2013 static void call_nt_transact_query_security_desc(connection_struct *conn,
2014 struct smb_request *req,
2015 uint16 **ppsetup,
2016 uint32 setup_count,
2017 char **ppparams,
2018 uint32 parameter_count,
2019 char **ppdata,
2020 uint32 data_count,
2021 uint32 max_data_count)
2022 {
2023 char *params = *ppparams;
2024 char *data = *ppdata;
2025 size_t sd_size = 0;
2026 uint32 security_info_wanted;
2027 files_struct *fsp = NULL;
2028 NTSTATUS status;
2029 uint8_t *marshalled_sd = NULL;
2030
2031 if(parameter_count < 8) {
2032 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2033 return;
2034 }
2035
2036 fsp = file_fsp(req, SVAL(params,0));
2037 if(!fsp) {
2038 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
2039 return;
2040 }
2041
2042 security_info_wanted = IVAL(params,4);
2043
2044 DEBUG(3,("call_nt_transact_query_security_desc: file = %s, "
2045 "info_wanted = 0x%x\n", fsp_str_dbg(fsp),
2046 (unsigned int)security_info_wanted));
2047
2048 params = nttrans_realloc(ppparams, 4);
2049 if(params == NULL) {
2050 reply_nterror(req, NT_STATUS_NO_MEMORY);
2051 return;
2052 }
2053
2054 /*
2055 * Get the permissions to return.
2056 */
2057
2058 status = smbd_do_query_security_desc(conn,
2059 talloc_tos(),
2060 fsp,
2061 security_info_wanted,
2062 max_data_count,
2063 &marshalled_sd,
2064 &sd_size);
2065
2066 if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
2067 SIVAL(params,0,(uint32_t)sd_size);
2068 send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
2069 params, 4, NULL, 0);
2070 return;
2071 }
2072
2073 if (!NT_STATUS_IS_OK(status)) {
2074 reply_nterror(req, status);
2075 return;
2076 }
2077
2078 SMB_ASSERT(sd_size > 0);
2079
2080 SIVAL(params,0,(uint32_t)sd_size);
2081
2082 if (max_data_count < sd_size) {
2083 send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
2084 params, 4, NULL, 0);
2085 return;
2086 }
2087
2088 /*
2089 * Allocate the data we will return.
2090 */
2091
2092 data = nttrans_realloc(ppdata, sd_size);
2093 if(data == NULL) {
2094 reply_nterror(req, NT_STATUS_NO_MEMORY);
2095 return;
2096 }
2097
2098 memcpy(data, marshalled_sd, sd_size);
2099
2100 send_nt_replies(conn, req, NT_STATUS_OK, params, 4, data, (int)sd_size);
2101
2102 return;
2103 }
2104
2105 /****************************************************************************
2106 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2107 ****************************************************************************/
2108
2109 static void call_nt_transact_set_security_desc(connection_struct *conn,
2110 struct smb_request *req,
2111 uint16 **ppsetup,
2112 uint32 setup_count,
2113 char **ppparams,
2114 uint32 parameter_count,
2115 char **ppdata,
2116 uint32 data_count,
2117 uint32 max_data_count)
2118 {
2119 char *params= *ppparams;
2120 char *data = *ppdata;
2121 files_struct *fsp = NULL;
2122 uint32 security_info_sent = 0;
2123 NTSTATUS status;
2124
2125 if(parameter_count < 8) {
2126 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2127 return;
2128 }
2129
2130 if((fsp = file_fsp(req, SVAL(params,0))) == NULL) {
2131 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
2132 return;
2133 }
2134
2135 if (!CAN_WRITE(fsp->conn)) {
2136 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2137 return;
2138 }
2139
2140 if(!lp_nt_acl_support(SNUM(conn))) {
2141 goto done;
2142 }
2143
2144 security_info_sent = IVAL(params,4);
2145
2146 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n",
2147 fsp_str_dbg(fsp), (unsigned int)security_info_sent));
2148
2149 if (data_count == 0) {
2150 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2151 return;
2152 }
2153
2154 status = set_sd_blob(fsp, (uint8 *)data, data_count, security_info_sent);
2155
2156 if (!NT_STATUS_IS_OK(status)) {
2157 reply_nterror(req, status);
2158 return;
2159 }
2160
2161 done:
2162 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
2163 return;
2164 }
2165
2166 /*
2167 * Implement the default fsctl operation.
2168 */
2169
2170 static bool vfswrap_logged_ioctl_message = false;
2171
2172 /*
2173 * In 3.6 we do not have a SMB_VFS_FSCTL() function
2174 * it's just faked to make it more look like
2175 * master (4.0)
2176 */
2177 NTSTATUS smb_fsctl(struct files_struct *fsp,
2178 TALLOC_CTX *ctx,
2179 uint32_t function,
2180 uint16_t req_flags, /* Needed for UNICODE ... */
2181 const uint8_t *_in_data,
2182 uint32_t in_len,
2183 uint8_t **_out_data,
2184 uint32_t max_out_len,
2185 uint32_t *out_len)
2186 {
2187 const char *in_data = (const char *)_in_data;
2188 char **out_data = (char **)_out_data;
2189
2190 switch (function) {
2191 case FSCTL_SET_SPARSE:
2192 {
2193 bool set_sparse = true;
2194 NTSTATUS status;
2195
2196 if (in_len >= 1 && in_data[0] == 0) {
2197 set_sparse = false;
2198 }
2199
2200 status = file_set_sparse(fsp->conn, fsp, set_sparse);
2201
2202 DEBUG(NT_STATUS_IS_OK(status) ? 10 : 9,
2203 ("FSCTL_SET_SPARSE: fname[%s] set[%u] - %s\n",
2204 smb_fname_str_dbg(fsp->fsp_name), set_sparse,
2205 nt_errstr(status)));
2206
2207 return status;
2208 }
2209
2210 case FSCTL_CREATE_OR_GET_OBJECT_ID:
2211 {
2212 unsigned char objid[16];
2213 char *return_data = NULL;
2214
2215 /* This should return the object-id on this file.
2216 * I think I'll make this be the inode+dev. JRA.
2217 */
2218
2219 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fsp->fnum));
2220
2221 *out_len = (max_out_len >= 64) ? 64 : max_out_len;
2222 /* Hmmm, will this cause problems if less data asked for? */
2223 return_data = talloc_array(ctx, char, 64);
2224 if (return_data == NULL) {
2225 return NT_STATUS_NO_MEMORY;
2226 }
2227
2228 /* For backwards compatibility only store the dev/inode. */
2229 push_file_id_16(return_data, &fsp->file_id);
2230 memcpy(return_data+16,create_volume_objectid(fsp->conn,objid),16);
2231 push_file_id_16(return_data+32, &fsp->file_id);
2232 *out_data = return_data;
2233 return NT_STATUS_OK;
2234 }
2235
2236 case FSCTL_GET_REPARSE_POINT:
2237 {
2238 /* Fail it with STATUS_NOT_A_REPARSE_POINT */
2239 DEBUG(10, ("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X] Status: NOT_IMPLEMENTED\n", fsp->fnum));
2240 return NT_STATUS_NOT_A_REPARSE_POINT;
2241 }
2242
2243 case FSCTL_SET_REPARSE_POINT:
2244 {
2245 /* Fail it with STATUS_NOT_A_REPARSE_POINT */
2246 DEBUG(10, ("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X] Status: NOT_IMPLEMENTED\n", fsp->fnum));
2247 return NT_STATUS_NOT_A_REPARSE_POINT;
2248 }
2249
2250 case FSCTL_GET_SHADOW_COPY_DATA:
2251 {
2252 /*
2253 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
2254 * and return their volume names. If max_data_count is 16, then it is just
2255 * asking for the number of volumes and length of the combined names.
2256 *
2257 * pdata is the data allocated by our caller, but that uses
2258 * total_data_count (which is 0 in our case) rather than max_data_count.
2259 * Allocate the correct amount and return the pointer to let
2260 * it be deallocated when we return.
2261 */
2262 struct shadow_copy_data *shadow_data = NULL;
2263 bool labels = False;
2264 uint32 labels_data_count = 0;
2265 uint32 i;
2266 char *cur_pdata = NULL;
2267
2268 if (max_out_len < 16) {
2269 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
2270 max_out_len));
2271 return NT_STATUS_INVALID_PARAMETER;
2272 }
2273
2274 if (max_out_len > 16) {
2275 labels = True;
2276 }
2277
2278 shadow_data = talloc_zero(ctx, struct shadow_copy_data);
2279 if (shadow_data == NULL) {
2280 DEBUG(0,("TALLOC_ZERO() failed!\n"));
2281 return NT_STATUS_NO_MEMORY;
2282 }
2283
2284 /*
2285 * Call the VFS routine to actually do the work.
2286 */
2287 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) {
2288 TALLOC_FREE(shadow_data);
2289 if (errno == ENOSYS) {
2290 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n",
2291 fsp->conn->connectpath));
2292 return NT_STATUS_NOT_SUPPORTED;
2293 } else {
2294 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n",
2295 fsp->conn->connectpath));
2296 return NT_STATUS_UNSUCCESSFUL;
2297 }
2298 }
2299
2300 labels_data_count = (shadow_data->num_volumes * 2 *
2301 sizeof(SHADOW_COPY_LABEL)) + 2;
2302
2303 if (!labels) {
2304 *out_len = 16;
2305 } else {
2306 *out_len = 12 + labels_data_count + 4;
2307 }
2308
2309 if (max_out_len < *out_len) {
2310 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
2311 max_out_len, *out_len));
2312 TALLOC_FREE(shadow_data);
2313 return NT_STATUS_BUFFER_TOO_SMALL;
2314 }
2315
2316 cur_pdata = talloc_array(ctx, char, *out_len);
2317 if (cur_pdata == NULL) {
2318 TALLOC_FREE(shadow_data);
2319 return NT_STATUS_NO_MEMORY;
2320 }
2321
2322 *out_data = cur_pdata;
2323
2324 /* num_volumes 4 bytes */
2325 SIVAL(cur_pdata, 0, shadow_data->num_volumes);
2326
2327 if (labels) {
2328 /* num_labels 4 bytes */
2329 SIVAL(cur_pdata, 4, shadow_data->num_volumes);
2330 }
2331
2332 /* needed_data_count 4 bytes */
2333 SIVAL(cur_pdata, 8, labels_data_count + 4);
2334
2335 cur_pdata += 12;
2336
2337 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
2338 shadow_data->num_volumes, fsp_str_dbg(fsp)));
2339 if (labels && shadow_data->labels) {
2340 for (i=0; i<shadow_data->num_volumes; i++) {
2341 srvstr_push(cur_pdata, req_flags,
2342 cur_pdata, shadow_data->labels[i],
2343 2 * sizeof(SHADOW_COPY_LABEL),
2344 STR_UNICODE|STR_TERMINATE);
2345 cur_pdata += 2 * sizeof(SHADOW_COPY_LABEL);
2346 DEBUGADD(10,("Label[%u]: '%s'\n",i,shadow_data->labels[i]));
2347 }
2348 }
2349
2350 TALLOC_FREE(shadow_data);
2351
2352 return NT_STATUS_OK;
2353 }
2354
2355 case FSCTL_FIND_FILES_BY_SID:
2356 {
2357 /* pretend this succeeded -
2358 *
2359 * we have to send back a list with all files owned by this SID
2360 *
2361 * but I have to check that --metze
2362 */
2363 struct dom_sid sid;
2364 uid_t uid;
2365 size_t sid_len;
2366
2367 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n", fsp->fnum));
2368
2369 if (in_len < 8) {
2370 /* NT_STATUS_BUFFER_TOO_SMALL maybe? */
2371 return NT_STATUS_INVALID_PARAMETER;
2372 }
2373
2374 sid_len = MIN(in_len - 4,SID_MAX_SIZE);
2375
2376 /* unknown 4 bytes: this is not the length of the sid :-( */
2377 /*unknown = IVAL(pdata,0);*/
2378
2379 if (!sid_parse(in_data + 4, sid_len, &sid)) {
2380 return NT_STATUS_INVALID_PARAMETER;
2381 }
2382 DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
2383
2384 if (!sid_to_uid(&sid, &uid)) {
2385 DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2386 sid_string_dbg(&sid),
2387 (unsigned long)sid_len));
2388 uid = (-1);
2389 }
2390
2391 /* we can take a look at the find source :-)
2392 *
2393 * find ./ -uid $uid -name '*' is what we need here
2394 *
2395 *
2396 * and send 4bytes len and then NULL terminated unicode strings
2397 * for each file
2398 *
2399 * but I don't know how to deal with the paged results
2400 * (maybe we can hang the result anywhere in the fsp struct)
2401 *
2402 * but I don't know how to deal with the paged results
2403 * (maybe we can hang the result anywhere in the fsp struct)
2404 *
2405 * we don't send all files at once
2406 * and at the next we should *not* start from the beginning,
2407 * so we have to cache the result
2408 *
2409 * --metze
2410 */
2411
2412 /* this works for now... */
2413 return NT_STATUS_OK;
2414 }
2415
2416 case FSCTL_QUERY_ALLOCATED_RANGES:
2417 {
2418 /* FIXME: This is just a dummy reply, telling that all of the
2419 * file is allocated. MKS cp needs that.
2420 * Adding the real allocated ranges via FIEMAP on Linux
2421 * and SEEK_DATA/SEEK_HOLE on Solaris is needed to make
2422 * this FSCTL correct for sparse files.
2423 */
2424 NTSTATUS status;
2425 uint64_t offset, length;
2426 char *out_data_tmp = NULL;
2427
2428 if (in_len != 16) {
2429 DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: data_count(%u) != 16 is invalid!\n",
2430 in_len));
2431 return NT_STATUS_INVALID_PARAMETER;
2432 }
2433
2434 if (max_out_len < 16) {
2435 DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: max_out_len (%u) < 16 is invalid!\n",
2436 max_out_len));
2437 return NT_STATUS_INVALID_PARAMETER;
2438 }
2439
2440 offset = BVAL(in_data,0);
2441 length = BVAL(in_data,8);
2442
2443 if (offset + length < offset) {
2444 /* No 64-bit integer wrap. */
2445 return NT_STATUS_INVALID_PARAMETER;
2446 }
2447
2448 /* Shouldn't this be SMB_VFS_STAT ... ? */
2449 status = vfs_stat_fsp(fsp);
2450 if (!NT_STATUS_IS_OK(status)) {
2451 return status;
2452 }
2453
2454 *out_len = 16;
2455 out_data_tmp = talloc_array(ctx, char, *out_len);
2456 if (out_data_tmp == NULL) {
2457 DEBUG(10, ("unable to allocate memory for response\n"));
2458 return NT_STATUS_NO_MEMORY;
2459 }
2460
2461 if (offset > fsp->fsp_name->st.st_ex_size ||
2462 fsp->fsp_name->st.st_ex_size == 0 ||
2463 length == 0) {
2464 memset(out_data_tmp, 0, *out_len);
2465 } else {
2466 uint64_t end = offset + length;
2467 end = MIN(end, fsp->fsp_name->st.st_ex_size);
2468 SBVAL(out_data_tmp, 0, 0);
2469 SBVAL(out_data_tmp, 8, end);
2470 }
2471
2472 *out_data = out_data_tmp;
2473
2474 return NT_STATUS_OK;
2475 }
2476
2477 case FSCTL_IS_VOLUME_DIRTY:
2478 {
2479 DEBUG(10,("FSCTL_IS_VOLUME_DIRTY: called on FID[0x%04X] "
2480 "(but not implemented)\n", fsp->fnum));
2481 /*
2482 * http://msdn.microsoft.com/en-us/library/cc232128%28PROT.10%29.aspx
2483 * says we have to respond with NT_STATUS_INVALID_PARAMETER
2484 */
2485 return NT_STATUS_INVALID_PARAMETER;
2486 }
2487
2488 default:
2489 /*
2490 * Only print once ... unfortunately there could be lots of
2491 * different FSCTLs that are called.
2492 */
2493 if (!vfswrap_logged_ioctl_message) {
2494 vfswrap_logged_ioctl_message = true;
2495 DEBUG(2, ("%s (0x%x): Currently not implemented.\n",
2496 __FUNCTION__, function));
2497 }
2498 }
2499
2500 return NT_STATUS_NOT_SUPPORTED;
2501 }
2502
2503 /****************************************************************************
2504 Reply to NT IOCTL
2505 ****************************************************************************/
2506
2507 static void call_nt_transact_ioctl(connection_struct *conn,
2508 struct smb_request *req,
2509 uint16 **ppsetup, uint32 setup_count,
2510 char **ppparams, uint32 parameter_count,
2511 char **ppdata, uint32 data_count,
2512 uint32 max_data_count)
2513 {
2514 NTSTATUS status;
2515 uint32 function;
2516 uint16 fidnum;
2517 files_struct *fsp;
2518 uint8 isFSctl;
2519 uint8 compfilter;
2520 char *out_data = NULL;
2521 uint32 out_data_len = 0;
2522 char *pdata = *ppdata;
2523 TALLOC_CTX *ctx = talloc_tos();
2524
2525 if (setup_count != 8) {
2526 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count));
2527 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
2528 return;
2529 }
2530
2531 function = IVAL(*ppsetup, 0);
2532 fidnum = SVAL(*ppsetup, 4);
2533 isFSctl = CVAL(*ppsetup, 6);
2534 compfilter = CVAL(*ppsetup, 7);
2535
2536 DEBUG(10, ("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
2537 function, fidnum, isFSctl, compfilter));
2538
2539 fsp=file_fsp(req, fidnum);
2540
2541 /*
2542 * We don't really implement IOCTLs, especially on files.
2543 */
2544 if (!isFSctl) {
2545 DEBUG(10, ("isFSctl: 0x%02X indicates IOCTL, not FSCTL!\n",
2546 isFSctl));
2547 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
2548 return;
2549 }
2550
2551 /* Has to be for an open file! */
2552 if (!check_fsp_open(conn, req, fsp)) {
2553 return;
2554 }
2555
2556 /*
2557 * out_data might be allocated by the VFS module, but talloc should be
2558 * used, and should be cleaned up when the request ends.
2559 */
2560 status = smb_fsctl(fsp,
2561 ctx,
2562 function,
2563 req->flags2,
2564 (uint8_t *)pdata,
2565 data_count,
2566 (uint8_t **)&out_data,
2567 max_data_count,
2568 &out_data_len);
2569 if (!NT_STATUS_IS_OK(status)) {
2570 reply_nterror(req, status);
2571 } else {
2572 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, out_data, out_data_len);
2573 }
2574 }
2575
2576
2577 #ifdef HAVE_SYS_QUOTAS
2578 /****************************************************************************
2579 Reply to get user quota
2580 ****************************************************************************/
2581
2582 static void call_nt_transact_get_user_quota(connection_struct *conn,
2583 struct smb_request *req,
2584 uint16 **ppsetup,
2585 uint32 setup_count,
2586 char **ppparams,
2587 uint32 parameter_count,
2588 char **ppdata,
2589 uint32 data_count,
2590 uint32 max_data_count)
2591 {
2592 NTSTATUS nt_status = NT_STATUS_OK;
2593 char *params = *ppparams;
2594 char *pdata = *ppdata;
2595 char *entry;
2596 int data_len=0,param_len=0;
2597 int qt_len=0;
2598 int entry_len = 0;
2599 files_struct *fsp = NULL;
2600 uint16 level = 0;
2601 size_t sid_len;
2602 struct dom_sid sid;
2603 bool start_enum = True;
2604 SMB_NTQUOTA_STRUCT qt;
2605 SMB_NTQUOTA_LIST *tmp_list;
2606 SMB_NTQUOTA_HANDLE *qt_handle = NULL;
2607
2608 ZERO_STRUCT(qt);
2609
2610 /* access check */
2611 if (get_current_uid(conn) != 0) {
2612 DEBUG(1,("get_user_quota: access_denied service [%s] user "
2613 "[%s]\n", lp_servicename(SNUM(conn)),
2614 conn->session_info->unix_name));
2615 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2616 return;
2617 }
2618
2619 /*
2620 * Ensure minimum number of parameters sent.
2621 */
2622
2623 if (parameter_count < 4) {
2624 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count));
2625 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2626 return;
2627 }
2628
2629 /* maybe we can check the quota_fnum */
2630 fsp = file_fsp(req, SVAL(params,0));
2631 if (!check_fsp_ntquota_handle(conn, req, fsp)) {
2632 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2633 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
2634 return;
2635 }
2636
2637 /* the NULL pointer checking for fsp->fake_file_handle->pd
2638 * is done by CHECK_NTQUOTA_HANDLE_OK()
2639 */
2640 qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->private_data;
2641
2642 level = SVAL(params,2);
2643
2644 /* unknown 12 bytes leading in params */
2645
2646 switch (level) {
2647 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE:
2648 /* seems that we should continue with the enum here --metze */
2649
2650 if (qt_handle->quota_list!=NULL &&
2651 qt_handle->tmp_list==NULL) {
2652
2653 /* free the list */
2654 free_ntquota_list(&(qt_handle->quota_list));
2655
2656 /* Realloc the size of parameters and data we will return */
2657 param_len = 4;
2658 params = nttrans_realloc(ppparams, param_len);
2659 if(params == NULL) {
2660 reply_nterror(req, NT_STATUS_NO_MEMORY);
2661 return;
2662 }
2663
2664 data_len = 0;
2665 SIVAL(params,0,data_len);
2666
2667 break;
2668 }
2669
2670 start_enum = False;
2671
2672 case TRANSACT_GET_USER_QUOTA_LIST_START:
2673
2674 if (qt_handle->quota_list==NULL &&
2675 qt_handle->tmp_list==NULL) {
2676 start_enum = True;
2677 }
2678
2679 if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0) {
2680 reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
2681 return;
2682 }
2683
2684 /* Realloc the size of parameters and data we will return */
2685 param_len = 4;
2686 params = nttrans_realloc(ppparams, param_len);
2687 if(params == NULL) {
2688 reply_nterror(req, NT_STATUS_NO_MEMORY);
2689 return;
2690 }
2691
2692 /* we should not trust the value in max_data_count*/
2693 max_data_count = MIN(max_data_count,2048);
2694
2695 pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
2696 if(pdata == NULL) {
2697 reply_nterror(req, NT_STATUS_NO_MEMORY);
2698 return;
2699 }
2700
2701 entry = pdata;
2702
2703 /* set params Size of returned Quota Data 4 bytes*/
2704 /* but set it later when we know it */
2705
2706 /* for each entry push the data */
2707
2708 if (start_enum) {
2709 qt_handle->tmp_list = qt_handle->quota_list;
2710 }
2711
2712 tmp_list = qt_handle->tmp_list;
2713
2714 for (;((tmp_list!=NULL)&&((qt_len +40+SID_MAX_SIZE)<max_data_count));
2715 tmp_list=tmp_list->next,entry+=entry_len,qt_len+=entry_len) {
2716
2717 sid_len = ndr_size_dom_sid(
2718 &tmp_list->quotas->sid, 0);
2719 entry_len = 40 + sid_len;
2720
2721 /* nextoffset entry 4 bytes */
2722 SIVAL(entry,0,entry_len);
2723
2724 /* then the len of the SID 4 bytes */
2725 SIVAL(entry,4,sid_len);
2726
2727 /* unknown data 8 bytes uint64_t */
2728 SBIG_UINT(entry,8,(uint64_t)0); /* this is not 0 in windows...-metze*/
2729
2730 /* the used disk space 8 bytes uint64_t */
2731 SBIG_UINT(entry,16,tmp_list->quotas->usedspace);
2732
2733 /* the soft quotas 8 bytes uint64_t */
2734 SBIG_UINT(entry,24,tmp_list->quotas->softlim);
2735
2736 /* the hard quotas 8 bytes uint64_t */
2737 SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
2738
2739 /* and now the SID */
2740 sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
2741 }
2742
2743 qt_handle->tmp_list = tmp_list;
2744
2745 /* overwrite the offset of the last entry */
2746 SIVAL(entry-entry_len,0,0);
2747
2748 data_len = 4+qt_len;
2749 /* overwrite the params quota_data_len */
2750 SIVAL(params,0,data_len);
2751
2752 break;
2753
2754 case TRANSACT_GET_USER_QUOTA_FOR_SID:
2755
2756 /* unknown 4 bytes IVAL(pdata,0) */
2757
2758 if (data_count < 8) {
2759 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
2760 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2761 return;
2762 }
2763
2764 sid_len = IVAL(pdata,4);
2765 /* Ensure this is less than 1mb. */
2766 if (sid_len > (1024*1024)) {
2767 reply_nterror(req, NT_STATUS_NO_MEMORY);
2768 return;
2769 }
2770
2771 if (data_count < 8+sid_len) {
2772 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
2773 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2774 return;
2775 }
2776
2777 data_len = 4+40+sid_len;
2778
2779 if (max_data_count < data_len) {
2780 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2781 max_data_count, data_len));
2782 param_len = 4;
2783 SIVAL(params,0,data_len);
2784 data_len = 0;
2785 nt_status = NT_STATUS_BUFFER_TOO_SMALL;
2786 break;
2787 }
2788
2789 if (!sid_parse(pdata+8,sid_len,&sid)) {
2790 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2791 return;
2792 }
2793
2794 if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
2795 ZERO_STRUCT(qt);
2796 /*
2797 * we have to return zero's in all fields
2798 * instead of returning an error here
2799 * --metze
2800 */
2801 }
2802
2803 /* Realloc the size of parameters and data we will return */
2804 param_len = 4;
2805 params = nttrans_realloc(ppparams, param_len);
2806 if(params == NULL) {
2807 reply_nterror(req, NT_STATUS_NO_MEMORY);
2808 return;
2809 }
2810
2811 pdata = nttrans_realloc(ppdata, data_len);
2812 if(pdata == NULL) {
2813 reply_nterror(req, NT_STATUS_NO_MEMORY);
2814 return;
2815 }
2816
2817 entry = pdata;
2818
2819 /* set params Size of returned Quota Data 4 bytes*/
2820 SIVAL(params,0,data_len);
2821
2822 /* nextoffset entry 4 bytes */
2823 SIVAL(entry,0,0);
2824
2825 /* then the len of the SID 4 bytes */
2826 SIVAL(entry,4,sid_len);
2827
2828 /* unknown data 8 bytes uint64_t */
2829 SBIG_UINT(entry,8,(uint64_t)0); /* this is not 0 in windows...-mezte*/
2830
2831 /* the used disk space 8 bytes uint64_t */
2832 SBIG_UINT(entry,16,qt.usedspace);
2833
2834 /* the soft quotas 8 bytes uint64_t */
2835 SBIG_UINT(entry,24,qt.softlim);
2836
2837 /* the hard quotas 8 bytes uint64_t */
2838 SBIG_UINT(entry,32,qt.hardlim);
2839
2840 /* and now the SID */
2841 sid_linearize(entry+40, sid_len, &sid);
2842
2843 break;
2844
2845 default:
2846 DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp->fnum,level));
2847 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
2848 return;
2849 break;
2850 }
2851
2852 send_nt_replies(conn, req, nt_status, params, param_len,
2853 pdata, data_len);
2854 }
2855
2856 /****************************************************************************
2857 Reply to set user quota
2858 ****************************************************************************/
2859
2860 static void call_nt_transact_set_user_quota(connection_struct *conn,
2861 struct smb_request *req,
2862 uint16 **ppsetup,
2863 uint32 setup_count,
2864 char **ppparams,
2865 uint32 parameter_count,
2866 char **ppdata,
2867 uint32 data_count,
2868 uint32 max_data_count)
2869 {
2870 char *params = *ppparams;
2871 char *pdata = *ppdata;
2872 int data_len=0,param_len=0;
2873 SMB_NTQUOTA_STRUCT qt;
2874 size_t sid_len;
2875 struct dom_sid sid;
2876 files_struct *fsp = NULL;
2877
2878 ZERO_STRUCT(qt);
2879
2880 /* access check */
2881 if (get_current_uid(conn) != 0) {
2882 DEBUG(1,("set_user_quota: access_denied service [%s] user "
2883 "[%s]\n", lp_servicename(SNUM(conn)),
2884 conn->session_info->unix_name));
2885 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2886 return;
2887 }
2888
2889 /*
2890 * Ensure minimum number of parameters sent.
2891 */
2892
2893 if (parameter_count < 2) {
2894 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count));
2895 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2896 return;
2897 }
2898
2899 /* maybe we can check the quota_fnum */
2900 fsp = file_fsp(req, SVAL(params,0));
2901 if (!check_fsp_ntquota_handle(conn, req, fsp)) {
2902 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2903 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
2904 return;
2905 }
2906
2907 if (data_count < 40) {
2908 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40));
2909 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2910 return;
2911 }
2912
2913 /* offset to next quota record.
2914 * 4 bytes IVAL(pdata,0)
2915 * unused here...
2916 */
2917
2918 /* sid len */
2919 sid_len = IVAL(pdata,4);
2920
2921 if (data_count < 40+sid_len || (40+sid_len < sid_len)) {
2922 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len));
2923 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2924 return;
2925 }
2926
2927 /* unknown 8 bytes in pdata
2928 * maybe its the change time in NTTIME
2929 */
2930
2931 /* the used space 8 bytes (uint64_t)*/
2932 qt.usedspace = BVAL(pdata,16);
2933
2934 /* the soft quotas 8 bytes (uint64_t)*/
2935 qt.softlim = BVAL(pdata,24);
2936
2937 /* the hard quotas 8 bytes (uint64_t)*/
2938 qt.hardlim = BVAL(pdata,32);
2939
2940 if (!sid_parse(pdata+40,sid_len,&sid)) {
2941 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2942 return;
2943 }
2944
2945 DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
2946
2947 /* 44 unknown bytes left... */
2948
2949 if (vfs_set_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
2950 reply_nterror(req, NT_STATUS_INTERNAL_ERROR);
2951 return;
2952 }
2953
2954 send_nt_replies(conn, req, NT_STATUS_OK, params, param_len,
2955 pdata, data_len);
2956 }
2957 #endif /* HAVE_SYS_QUOTAS */
2958
2959 static void handle_nttrans(connection_struct *conn,
2960 struct trans_state *state,
2961 struct smb_request *req)
2962 {
2963 if (get_Protocol() >= PROTOCOL_NT1) {
2964 req->flags2 |= 0x40; /* IS_LONG_NAME */
2965 SSVAL(req->inbuf,smb_flg2,req->flags2);
2966 }
2967
2968
2969 SMB_PERFCOUNT_SET_SUBOP(&req->pcd, state->call);
2970
2971 /* Now we must call the relevant NT_TRANS function */
2972 switch(state->call) {
2973 case NT_TRANSACT_CREATE:
2974 {
2975 START_PROFILE(NT_transact_create);
2976 call_nt_transact_create(
2977 conn, req,
2978 &state->setup, state->setup_count,
2979 &state->param, state->total_param,
2980 &state->data, state->total_data,
2981 state->max_data_return);
2982 END_PROFILE(NT_transact_create);
2983 break;
2984 }
2985
2986 case NT_TRANSACT_IOCTL:
2987 {
2988 START_PROFILE(NT_transact_ioctl);
2989 call_nt_transact_ioctl(
2990 conn, req,
2991 &state->setup, state->setup_count,
2992 &state->param, state->total_param,
2993 &state->data, state->total_data,
2994 state->max_data_return);
2995 END_PROFILE(NT_transact_ioctl);
2996 break;
2997 }
2998
2999 case NT_TRANSACT_SET_SECURITY_DESC:
3000 {
3001 START_PROFILE(NT_transact_set_security_desc);
3002 call_nt_transact_set_security_desc(
3003 conn, req,
3004 &state->setup, state->setup_count,
3005 &state->param, state->total_param,
3006 &state->data, state->total_data,
3007 state->max_data_return);
3008 END_PROFILE(NT_transact_set_security_desc);
3009 break;
3010 }
3011
3012 case NT_TRANSACT_NOTIFY_CHANGE:
3013 {
3014 START_PROFILE(NT_transact_notify_change);
3015 call_nt_transact_notify_change(
3016 conn, req,
3017 &state->setup, state->setup_count,
3018 &state->param, state->total_param,
3019 &state->data, state->total_data,
3020 state->max_data_return,
3021 state->max_param_return);
3022 END_PROFILE(NT_transact_notify_change);
3023 break;
3024 }
3025
3026 case NT_TRANSACT_RENAME:
3027 {
3028 START_PROFILE(NT_transact_rename);
3029 call_nt_transact_rename(
3030 conn, req,
3031 &state->setup, state->setup_count,
3032 &state->param, state->total_param,
3033 &state->data, state->total_data,
3034 state->max_data_return);
3035 END_PROFILE(NT_transact_rename);
3036 break;
3037 }
3038
3039 case NT_TRANSACT_QUERY_SECURITY_DESC:
3040 {
3041 START_PROFILE(NT_transact_query_security_desc);
3042 call_nt_transact_query_security_desc(
3043 conn, req,
3044 &state->setup, state->setup_count,
3045 &state->param, state->total_param,
3046 &state->data, state->total_data,
3047 state->max_data_return);
3048 END_PROFILE(NT_transact_query_security_desc);
3049 break;
3050 }
3051
3052 #ifdef HAVE_SYS_QUOTAS
3053 case NT_TRANSACT_GET_USER_QUOTA:
3054 {
3055 START_PROFILE(NT_transact_get_user_quota);
3056 call_nt_transact_get_user_quota(
3057 conn, req,
3058 &state->setup, state->setup_count,
3059 &state->param, state->total_param,
3060 &state->data, state->total_data,
3061 state->max_data_return);
3062 END_PROFILE(NT_transact_get_user_quota);
3063 break;
3064 }
3065
3066 case NT_TRANSACT_SET_USER_QUOTA:
3067 {
3068 START_PROFILE(NT_transact_set_user_quota);
3069 call_nt_transact_set_user_quota(
3070 conn, req,
3071 &state->setup, state->setup_count,
3072 &state->param, state->total_param,
3073 &state->data, state->total_data,
3074 state->max_data_return);
3075 END_PROFILE(NT_transact_set_user_quota);
3076 break;
3077 }
3078 #endif /* HAVE_SYS_QUOTAS */
3079
3080 default:
3081 /* Error in request */
3082 DEBUG(0,("handle_nttrans: Unknown request %d in "
3083 "nttrans call\n", state->call));
3084 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
3085 return;
3086 }
3087 return;
3088 }
3089
3090 /****************************************************************************
3091 Reply to a SMBNTtrans.
3092 ****************************************************************************/
3093
3094 void reply_nttrans(struct smb_request *req)
3095 {
3096 connection_struct *conn = req->conn;
3097 uint32_t pscnt;
3098 uint32_t psoff;
3099 uint32_t dscnt;
3100 uint32_t dsoff;
3101 uint16 function_code;
3102 NTSTATUS result;
3103 struct trans_state *state;
3104
3105 START_PROFILE(SMBnttrans);
3106
3107 if (req->wct < 19) {
3108 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3109 END_PROFILE(SMBnttrans);
3110 return;
3111 }
3112
3113 pscnt = IVAL(req->vwv+9, 1);
3114 psoff = IVAL(req->vwv+11, 1);
3115 dscnt = IVAL(req->vwv+13, 1);
3116 dsoff = IVAL(req->vwv+15, 1);
3117 function_code = SVAL(req->vwv+18, 0);
3118
3119 if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
3120 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3121 END_PROFILE(SMBnttrans);
3122 return;
3123 }
3124
3125 result = allow_new_trans(conn->pending_trans, req->mid);
3126 if (!NT_STATUS_IS_OK(result)) {
3127 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result)));
3128 reply_nterror(req, result);
3129 END_PROFILE(SMBnttrans);
3130 return;
3131 }
3132
3133 if ((state = TALLOC_P(conn, struct trans_state)) == NULL) {
3134 reply_nterror(req, NT_STATUS_NO_MEMORY);
3135 END_PROFILE(SMBnttrans);
3136 return;
3137 }
3138
3139 state->cmd = SMBnttrans;
3140
3141 state->mid = req->mid;
3142 state->vuid = req->vuid;
3143 state->total_data = IVAL(req->vwv+3, 1);
3144 state->data = NULL;
3145 state->total_param = IVAL(req->vwv+1, 1);
3146 state->param = NULL;
3147 state->max_data_return = IVAL(req->vwv+7, 1);
3148 state->max_param_return = IVAL(req->vwv+5, 1);
3149
3150 /* setup count is in *words* */
3151 state->setup_count = 2*CVAL(req->vwv+17, 1);
3152 state->setup = NULL;
3153 state->call = function_code;
3154
3155 DEBUG(10, ("num_setup=%u, "
3156 "param_total=%u, this_param=%u, max_param=%u, "
3157 "data_total=%u, this_data=%u, max_data=%u, "
3158 "param_offset=%u, data_offset=%u\n",
3159 (unsigned)state->setup_count,
3160 (unsigned)state->total_param, (unsigned)pscnt,
3161 (unsigned)state->max_param_return,
3162 (unsigned)state->total_data, (unsigned)dscnt,
3163 (unsigned)state->max_data_return,
3164 (unsigned)psoff, (unsigned)dsoff));
3165
3166 /*
3167 * All nttrans messages we handle have smb_wct == 19 +
3168 * state->setup_count. Ensure this is so as a sanity check.
3169 */
3170
3171 if(req->wct != 19 + (state->setup_count/2)) {
3172 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
3173 req->wct, 19 + (state->setup_count/2)));
3174 goto bad_param;
3175 }
3176
3177 /* Don't allow more than 128mb for each value. */
3178 if ((state->total_data > (1024*1024*128)) ||
3179 (state->total_param > (1024*1024*128))) {
3180 reply_nterror(req, NT_STATUS_NO_MEMORY);
3181 END_PROFILE(SMBnttrans);
3182 return;
3183 }
3184
3185 if ((dscnt > state->total_data) || (pscnt > state->total_param))
3186 goto bad_param;
3187
3188 if (state->total_data) {
3189
3190 if (trans_oob(state->total_data, 0, dscnt)
3191 || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) {
3192 goto bad_param;
3193 }
3194
3195 /* Can't use talloc here, the core routines do realloc on the
3196 * params and data. */
3197 if ((state->data = (char *)SMB_MALLOC(state->total_data)) == NULL) {
3198 DEBUG(0,("reply_nttrans: data malloc fail for %u "
3199 "bytes !\n", (unsigned int)state->total_data));
3200 TALLOC_FREE(state);
3201 reply_nterror(req, NT_STATUS_NO_MEMORY);
3202 END_PROFILE(SMBnttrans);
3203 return;
3204 }
3205
3206 memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt);
3207 }
3208
3209 if (state->total_param) {
3210
3211 if (trans_oob(state->total_param, 0, pscnt)
3212 || trans_oob(smb_len(req->inbuf), psoff, pscnt)) {
3213 goto bad_param;
3214 }
3215
3216 /* Can't use talloc here, the core routines do realloc on the
3217 * params and data. */
3218 if ((state->param = (char *)SMB_MALLOC(state->total_param)) == NULL) {
3219 DEBUG(0,("reply_nttrans: param malloc fail for %u "
3220 "bytes !\n", (unsigned int)state->total_param));
3221 SAFE_FREE(state->data);
3222 TALLOC_FREE(state);
3223 reply_nterror(req, NT_STATUS_NO_MEMORY);
3224 END_PROFILE(SMBnttrans);
3225 return;
3226 }
3227
3228 memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt);
3229 }
3230
3231 state->received_data = dscnt;
3232 state->received_param = pscnt;
3233
3234 if(state->setup_count > 0) {
3235 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
3236 state->setup_count));
3237
3238 /*
3239 * No overflow possible here, state->setup_count is an
3240 * unsigned int, being filled by a single byte from
3241 * CVAL(req->vwv+13, 0) above. The cast in the comparison
3242 * below is not necessary, it's here to clarify things. The
3243 * validity of req->vwv and req->wct has been checked in
3244 * init_smb_request already.
3245 */
3246 if ((state->setup_count/2) + 19 > (unsigned int)req->wct) {
3247 goto bad_param;
3248 }
3249
3250 state->setup = (uint16 *)TALLOC(state, state->setup_count);
3251 if (state->setup == NULL) {
3252 DEBUG(0,("reply_nttrans : Out of memory\n"));
3253 SAFE_FREE(state->data);
3254 SAFE_FREE(state->param);
3255 TALLOC_FREE(state);
3256 reply_nterror(req, NT_STATUS_NO_MEMORY);
3257 END_PROFILE(SMBnttrans);
3258 return;
3259 }
3260
3261 memcpy(state->setup, req->vwv+19, state->setup_count);
3262 dump_data(10, (uint8 *)state->setup, state->setup_count);
3263 }
3264
3265 if ((state->received_data == state->total_data) &&
3266 (state->received_param == state->total_param)) {
3267 handle_nttrans(conn, state, req);
3268 SAFE_FREE(state->param);
3269 SAFE_FREE(state->data);
3270 TALLOC_FREE(state);
3271 END_PROFILE(SMBnttrans);
3272 return;
3273 }
3274
3275 DLIST_ADD(conn->pending_trans, state);
3276
3277 /* We need to send an interim response then receive the rest
3278 of the parameter/data bytes */
3279 reply_outbuf(req, 0, 0);
3280 show_msg((char *)req->outbuf);
3281 END_PROFILE(SMBnttrans);
3282 return;
3283
3284 bad_param:
3285
3286 DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
3287 SAFE_FREE(state->data);
3288 SAFE_FREE(state->param);
3289 TALLOC_FREE(state);
3290 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3291 END_PROFILE(SMBnttrans);
3292 return;
3293 }
3294
3295 /****************************************************************************
3296 Reply to a SMBnttranss
3297 ****************************************************************************/
3298
3299 void reply_nttranss(struct smb_request *req)
3300 {
3301 connection_struct *conn = req->conn;
3302 uint32_t pcnt,poff,dcnt,doff,pdisp,ddisp;
3303 struct trans_state *state;
3304
3305 START_PROFILE(SMBnttranss);
3306
3307 show_msg((char *)req->inbuf);
3308
3309 /* Windows clients expect all replies to
3310 an NT transact secondary (SMBnttranss 0xA1)
3311 to have a command code of NT transact
3312 (SMBnttrans 0xA0). See bug #8989 for details. */
3313 req->cmd = SMBnttrans;
3314
3315 if (req->wct < 18) {
3316 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3317 END_PROFILE(SMBnttranss);
3318 return;
3319 }
3320
3321 for (state = conn->pending_trans; state != NULL;
3322 state = state->next) {
3323 if (state->mid == req->mid) {
3324 break;
3325 }
3326 }
3327
3328 if ((state == NULL) || (state->cmd != SMBnttrans)) {
3329 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3330 END_PROFILE(SMBnttranss);
3331 return;
3332 }
3333
3334 /* Revise state->total_param and state->total_data in case they have
3335 changed downwards */
3336 if (IVAL(req->vwv+1, 1) < state->total_param) {
3337 state->total_param = IVAL(req->vwv+1, 1);
3338 }
3339 if (IVAL(req->vwv+3, 1) < state->total_data) {
3340 state->total_data = IVAL(req->vwv+3, 1);
3341 }
3342
3343 pcnt = IVAL(req->vwv+5, 1);
3344 poff = IVAL(req->vwv+7, 1);
3345 pdisp = IVAL(req->vwv+9, 1);
3346
3347 dcnt = IVAL(req->vwv+11, 1);
3348 doff = IVAL(req->vwv+13, 1);
3349 ddisp = IVAL(req->vwv+15, 1);
3350
3351 state->received_param += pcnt;
3352 state->received_data += dcnt;
3353
3354 if ((state->received_data > state->total_data) ||
3355 (state->received_param > state->total_param))
3356 goto bad_param;
3357
3358 if (pcnt) {
3359 if (trans_oob(state->total_param, pdisp, pcnt)
3360 || trans_oob(smb_len(req->inbuf), poff, pcnt)) {
3361 goto bad_param;
3362 }
3363 memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,pcnt);
3364 }
3365
3366 if (dcnt) {
3367 if (trans_oob(state->total_data, ddisp, dcnt)
3368 || trans_oob(smb_len(req->inbuf), doff, dcnt)) {
3369 goto bad_param;
3370 }
3371 memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt);
3372 }
3373
3374 if ((state->received_param < state->total_param) ||
3375 (state->received_data < state->total_data)) {
3376 END_PROFILE(SMBnttranss);
3377 return;
3378 }
3379
3380 handle_nttrans(conn, state, req);
3381
3382 DLIST_REMOVE(conn->pending_trans, state);
3383 SAFE_FREE(state->data);
3384 SAFE_FREE(state->param);
3385 TALLOC_FREE(state);
3386 END_PROFILE(SMBnttranss);
3387 return;
3388
3389 bad_param:
3390
3391 DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3392 DLIST_REMOVE(conn->pending_trans, state);
3393 SAFE_FREE(state->data);
3394 SAFE_FREE(state->param);
3395 TALLOC_FREE(state);
3396 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3397 END_PROFILE(SMBnttranss);
3398 return;
3399 }
Samba GIT mirror