2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-2007
5 Copyright (C) Stefan (metze) Metzmacher 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/filesys.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "fake_file.h"
26 #include "../libcli/security/security.h"
27 #include "../librpc/gen_ndr/ndr_security.h"
28 #include "passdb/lookup_sid.h"
31 #include "smbprofile.h"
32 #include "libsmb/libsmb.h"
34 extern const struct generic_mapping file_generic_mapping
;
36 static char *nttrans_realloc(char **ptr
, size_t size
)
39 smb_panic("nttrans_realloc() called with NULL ptr");
42 *ptr
= (char *)SMB_REALLOC(*ptr
, size
);
46 memset(*ptr
,'\0',size
);
50 /****************************************************************************
51 Send the required number of replies back.
52 We assume all fields other than the data fields are
53 set correctly for the type of call.
54 HACK ! Always assumes smb_setup field is zero.
55 ****************************************************************************/
57 void send_nt_replies(connection_struct
*conn
,
58 struct smb_request
*req
, NTSTATUS nt_error
,
59 char *params
, int paramsize
,
60 char *pdata
, int datasize
)
62 int data_to_send
= datasize
;
63 int params_to_send
= paramsize
;
67 int params_sent_thistime
, data_sent_thistime
, total_sent_thistime
;
68 int alignment_offset
= 1;
69 int data_alignment_offset
= 0;
70 struct smbd_server_connection
*sconn
= req
->sconn
;
71 int max_send
= sconn
->smb1
.sessions
.max_send
;
74 * If there genuinely are no parameters or data to send just send
78 if(params_to_send
== 0 && data_to_send
== 0) {
79 reply_outbuf(req
, 18, 0);
80 if (NT_STATUS_V(nt_error
)) {
81 error_packet_set((char *)req
->outbuf
,
85 show_msg((char *)req
->outbuf
);
86 if (!srv_send_smb(sconn
,
89 IS_CONN_ENCRYPTED(conn
),
91 exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
93 TALLOC_FREE(req
->outbuf
);
98 * When sending params and data ensure that both are nicely aligned.
99 * Only do this alignment when there is also data to send - else
100 * can cause NT redirector problems.
103 if (((params_to_send
% 4) != 0) && (data_to_send
!= 0)) {
104 data_alignment_offset
= 4 - (params_to_send
% 4);
108 * Space is bufsize minus Netbios over TCP header minus SMB header.
109 * The alignment_offset is to align the param bytes on a four byte
110 * boundary (2 bytes for data len, one byte pad).
111 * NT needs this to work correctly.
114 useable_space
= max_send
- (smb_size
117 + data_alignment_offset
);
119 if (useable_space
< 0) {
120 char *msg
= talloc_asprintf(
122 "send_nt_replies failed sanity useable_space = %d!!!",
124 DEBUG(0, ("%s\n", msg
));
125 exit_server_cleanly(msg
);
128 while (params_to_send
|| data_to_send
) {
131 * Calculate whether we will totally or partially fill this packet.
134 total_sent_thistime
= params_to_send
+ data_to_send
;
137 * We can never send more than useable_space.
140 total_sent_thistime
= MIN(total_sent_thistime
, useable_space
);
142 reply_outbuf(req
, 18,
143 total_sent_thistime
+ alignment_offset
144 + data_alignment_offset
);
147 * Set total params and data to be sent.
150 SIVAL(req
->outbuf
,smb_ntr_TotalParameterCount
,paramsize
);
151 SIVAL(req
->outbuf
,smb_ntr_TotalDataCount
,datasize
);
154 * Calculate how many parameters and data we can fit into
155 * this packet. Parameters get precedence.
158 params_sent_thistime
= MIN(params_to_send
,useable_space
);
159 data_sent_thistime
= useable_space
- params_sent_thistime
;
160 data_sent_thistime
= MIN(data_sent_thistime
,data_to_send
);
162 SIVAL(req
->outbuf
, smb_ntr_ParameterCount
,
163 params_sent_thistime
);
165 if(params_sent_thistime
== 0) {
166 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,0);
167 SIVAL(req
->outbuf
,smb_ntr_ParameterDisplacement
,0);
170 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
171 * parameter bytes, however the first 4 bytes of outbuf are
172 * the Netbios over TCP header. Thus use smb_base() to subtract
173 * them from the calculation.
176 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,
177 ((smb_buf(req
->outbuf
)+alignment_offset
)
178 - smb_base(req
->outbuf
)));
180 * Absolute displacement of param bytes sent in this packet.
183 SIVAL(req
->outbuf
, smb_ntr_ParameterDisplacement
,
188 * Deal with the data portion.
191 SIVAL(req
->outbuf
, smb_ntr_DataCount
, data_sent_thistime
);
193 if(data_sent_thistime
== 0) {
194 SIVAL(req
->outbuf
,smb_ntr_DataOffset
,0);
195 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, 0);
198 * The offset of the data bytes is the offset of the
199 * parameter bytes plus the number of parameters being sent this time.
202 SIVAL(req
->outbuf
, smb_ntr_DataOffset
,
203 ((smb_buf(req
->outbuf
)+alignment_offset
) -
204 smb_base(req
->outbuf
))
205 + params_sent_thistime
+ data_alignment_offset
);
206 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, pd
- pdata
);
210 * Copy the param bytes into the packet.
213 if(params_sent_thistime
) {
214 if (alignment_offset
!= 0) {
215 memset(smb_buf(req
->outbuf
), 0,
218 memcpy((smb_buf(req
->outbuf
)+alignment_offset
), pp
,
219 params_sent_thistime
);
223 * Copy in the data bytes
226 if(data_sent_thistime
) {
227 if (data_alignment_offset
!= 0) {
228 memset((smb_buf(req
->outbuf
)+alignment_offset
+
229 params_sent_thistime
), 0,
230 data_alignment_offset
);
232 memcpy(smb_buf(req
->outbuf
)+alignment_offset
233 +params_sent_thistime
+data_alignment_offset
,
234 pd
,data_sent_thistime
);
237 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
238 params_sent_thistime
, data_sent_thistime
, useable_space
));
239 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
240 params_to_send
, data_to_send
, paramsize
, datasize
));
242 if (NT_STATUS_V(nt_error
)) {
243 error_packet_set((char *)req
->outbuf
,
248 /* Send the packet */
249 show_msg((char *)req
->outbuf
);
250 if (!srv_send_smb(sconn
,
253 IS_CONN_ENCRYPTED(conn
),
255 exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
258 TALLOC_FREE(req
->outbuf
);
260 pp
+= params_sent_thistime
;
261 pd
+= data_sent_thistime
;
263 params_to_send
-= params_sent_thistime
;
264 data_to_send
-= data_sent_thistime
;
270 if(params_to_send
< 0 || data_to_send
< 0) {
271 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
272 params_to_send
, data_to_send
));
273 exit_server_cleanly("send_nt_replies: internal error");
278 /****************************************************************************
279 Reply to an NT create and X call on a pipe
280 ****************************************************************************/
282 static void nt_open_pipe(char *fname
, connection_struct
*conn
,
283 struct smb_request
*req
, int *ppnum
)
288 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname
));
290 /* Strip \\ off the name. */
293 status
= open_np_file(req
, fname
, &fsp
);
294 if (!NT_STATUS_IS_OK(status
)) {
295 if (NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
296 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
300 reply_nterror(req
, status
);
308 /****************************************************************************
309 Reply to an NT create and X call for pipes.
310 ****************************************************************************/
312 static void do_ntcreate_pipe_open(connection_struct
*conn
,
313 struct smb_request
*req
)
318 uint32 flags
= IVAL(req
->vwv
+3, 1);
319 TALLOC_CTX
*ctx
= talloc_tos();
321 srvstr_pull_req_talloc(ctx
, req
, &fname
, req
->buf
, STR_TERMINATE
);
324 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
328 nt_open_pipe(fname
, conn
, req
, &pnum
);
336 * Deal with pipe return.
339 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
340 /* This is very strange. We
341 * return 50 words, but only set
342 * the wcnt to 42 ? It's definately
343 * what happens on the wire....
345 reply_outbuf(req
, 50, 0);
346 SCVAL(req
->outbuf
,smb_wct
,42);
348 reply_outbuf(req
, 34, 0);
351 p
= (char *)req
->outbuf
+ smb_vwv2
;
355 SIVAL(p
,0,FILE_WAS_OPENED
);
358 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
361 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
363 SSVAL(p
,2, 0x5FF); /* ? */
366 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
368 SIVAL(p
,0,FILE_GENERIC_ALL
);
370 * For pipes W2K3 seems to return
372 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
374 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
377 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname
));
382 struct case_semantics_state
{
383 connection_struct
*conn
;
386 bool short_case_preserve
;
389 /****************************************************************************
390 Restore case semantics.
391 ****************************************************************************/
393 static int restore_case_semantics(struct case_semantics_state
*state
)
395 state
->conn
->case_sensitive
= state
->case_sensitive
;
396 state
->conn
->case_preserve
= state
->case_preserve
;
397 state
->conn
->short_case_preserve
= state
->short_case_preserve
;
401 /****************************************************************************
403 ****************************************************************************/
405 static struct case_semantics_state
*set_posix_case_semantics(TALLOC_CTX
*mem_ctx
,
406 connection_struct
*conn
)
408 struct case_semantics_state
*result
;
410 if (!(result
= talloc(mem_ctx
, struct case_semantics_state
))) {
415 result
->case_sensitive
= conn
->case_sensitive
;
416 result
->case_preserve
= conn
->case_preserve
;
417 result
->short_case_preserve
= conn
->short_case_preserve
;
420 conn
->case_sensitive
= True
;
421 conn
->case_preserve
= True
;
422 conn
->short_case_preserve
= True
;
424 talloc_set_destructor(result
, restore_case_semantics
);
429 /****************************************************************************
430 Reply to an NT create and X call.
431 ****************************************************************************/
433 void reply_ntcreate_and_X(struct smb_request
*req
)
435 connection_struct
*conn
= req
->conn
;
436 struct smb_filename
*smb_fname
= NULL
;
440 uint32 file_attributes
;
442 uint32 create_disposition
;
443 uint32 create_options
;
445 uint64_t allocation_size
;
446 /* Breakout the oplock request bits so we can set the
447 reply bits separately. */
449 SMB_OFF_T file_len
= 0;
451 files_struct
*fsp
= NULL
;
453 struct timespec create_timespec
;
454 struct timespec c_timespec
;
455 struct timespec a_timespec
;
456 struct timespec m_timespec
;
457 struct timespec write_time_ts
;
460 uint8_t oplock_granted
= NO_OPLOCK_RETURN
;
461 struct case_semantics_state
*case_state
= NULL
;
462 TALLOC_CTX
*ctx
= talloc_tos();
464 START_PROFILE(SMBntcreateX
);
467 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
471 flags
= IVAL(req
->vwv
+3, 1);
472 access_mask
= IVAL(req
->vwv
+7, 1);
473 file_attributes
= IVAL(req
->vwv
+13, 1);
474 share_access
= IVAL(req
->vwv
+15, 1);
475 create_disposition
= IVAL(req
->vwv
+17, 1);
476 create_options
= IVAL(req
->vwv
+19, 1);
477 root_dir_fid
= (uint16
)IVAL(req
->vwv
+5, 1);
479 allocation_size
= BVAL(req
->vwv
+9, 1);
481 srvstr_get_path_req(ctx
, req
, &fname
, (const char *)req
->buf
,
482 STR_TERMINATE
, &status
);
484 if (!NT_STATUS_IS_OK(status
)) {
485 reply_nterror(req
, status
);
489 DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
490 "file_attributes = 0x%x, share_access = 0x%x, "
491 "create_disposition = 0x%x create_options = 0x%x "
492 "root_dir_fid = 0x%x, fname = %s\n",
494 (unsigned int)access_mask
,
495 (unsigned int)file_attributes
,
496 (unsigned int)share_access
,
497 (unsigned int)create_disposition
,
498 (unsigned int)create_options
,
499 (unsigned int)root_dir_fid
,
503 * we need to remove ignored bits when they come directly from the client
504 * because we reuse some of them for internal stuff
506 create_options
&= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK
;
509 * If it's an IPC, use the pipe handler.
513 if (lp_nt_pipe_support()) {
514 do_ntcreate_pipe_open(conn
, req
);
517 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
521 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
522 if (oplock_request
) {
523 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
)
527 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
528 case_state
= set_posix_case_semantics(ctx
, conn
);
530 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
535 status
= filename_convert(ctx
,
537 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
539 (create_disposition
== FILE_CREATE
)
540 ? UCF_CREATING_FILE
: 0,
544 TALLOC_FREE(case_state
);
546 if (!NT_STATUS_IS_OK(status
)) {
547 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
549 NT_STATUS_PATH_NOT_COVERED
,
553 reply_nterror(req
, status
);
558 * Bug #6898 - clients using Windows opens should
559 * never be able to set this attribute into the
562 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
564 status
= SMB_VFS_CREATE_FILE(
567 root_dir_fid
, /* root_dir_fid */
568 smb_fname
, /* fname */
569 access_mask
, /* access_mask */
570 share_access
, /* share_access */
571 create_disposition
, /* create_disposition*/
572 create_options
, /* create_options */
573 file_attributes
, /* file_attributes */
574 oplock_request
, /* oplock_request */
575 allocation_size
, /* allocation_size */
576 0, /* private_flags */
582 if (!NT_STATUS_IS_OK(status
)) {
583 if (open_was_deferred(req
->mid
)) {
584 /* We have re-scheduled this call, no error. */
587 reply_openerror(req
, status
);
591 /* Ensure we're pointing at the correct stat struct. */
592 TALLOC_FREE(smb_fname
);
593 smb_fname
= fsp
->fsp_name
;
596 * If the caller set the extended oplock request bit
597 * and we granted one (by whatever means) - set the
598 * correct bit for extended oplock reply.
601 if (oplock_request
&&
602 (lp_fake_oplocks(SNUM(conn
))
603 || EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
))) {
606 * Exclusive oplock granted
609 if (flags
& REQUEST_BATCH_OPLOCK
) {
610 oplock_granted
= BATCH_OPLOCK_RETURN
;
612 oplock_granted
= EXCLUSIVE_OPLOCK_RETURN
;
614 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
615 oplock_granted
= LEVEL_II_OPLOCK_RETURN
;
617 oplock_granted
= NO_OPLOCK_RETURN
;
620 file_len
= smb_fname
->st
.st_ex_size
;
622 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
623 /* This is very strange. We
624 * return 50 words, but only set
625 * the wcnt to 42 ? It's definately
626 * what happens on the wire....
628 reply_outbuf(req
, 50, 0);
629 SCVAL(req
->outbuf
,smb_wct
,42);
631 reply_outbuf(req
, 34, 0);
634 p
= (char *)req
->outbuf
+ smb_vwv2
;
636 SCVAL(p
, 0, oplock_granted
);
639 SSVAL(p
,0,fsp
->fnum
);
641 if ((create_disposition
== FILE_SUPERSEDE
)
642 && (info
== FILE_WAS_OVERWRITTEN
)) {
643 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
649 fattr
= dos_mode(conn
, smb_fname
);
651 fattr
= FILE_ATTRIBUTE_NORMAL
;
654 /* Deal with other possible opens having a modified
656 ZERO_STRUCT(write_time_ts
);
657 get_file_infos(fsp
->file_id
, 0, NULL
, &write_time_ts
);
658 if (!null_timespec(write_time_ts
)) {
659 update_stat_ex_mtime(&smb_fname
->st
, write_time_ts
);
663 create_timespec
= get_create_timespec(conn
, fsp
, smb_fname
);
664 a_timespec
= smb_fname
->st
.st_ex_atime
;
665 m_timespec
= smb_fname
->st
.st_ex_mtime
;
666 c_timespec
= get_change_timespec(conn
, fsp
, smb_fname
);
668 if (lp_dos_filetime_resolution(SNUM(conn
))) {
669 dos_filetime_timespec(&create_timespec
);
670 dos_filetime_timespec(&a_timespec
);
671 dos_filetime_timespec(&m_timespec
);
672 dos_filetime_timespec(&c_timespec
);
675 put_long_date_timespec(conn
->ts_res
, p
, create_timespec
); /* create time. */
677 put_long_date_timespec(conn
->ts_res
, p
, a_timespec
); /* access time */
679 put_long_date_timespec(conn
->ts_res
, p
, m_timespec
); /* write time */
681 put_long_date_timespec(conn
->ts_res
, p
, c_timespec
); /* change time */
683 SIVAL(p
,0,fattr
); /* File Attributes. */
685 SOFF_T(p
, 0, SMB_VFS_GET_ALLOC_SIZE(conn
,fsp
,&smb_fname
->st
));
687 SOFF_T(p
,0,file_len
);
689 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
690 uint16_t file_status
= (NO_EAS
|NO_SUBSTREAMS
|NO_REPARSETAG
);
691 size_t num_names
= 0;
692 unsigned int num_streams
= 0;
693 struct stream_struct
*streams
= NULL
;
695 /* Do we have any EA's ? */
696 status
= get_ea_names_from_file(ctx
, conn
, fsp
,
697 smb_fname
->base_name
, NULL
, &num_names
);
698 if (NT_STATUS_IS_OK(status
) && num_names
) {
699 file_status
&= ~NO_EAS
;
701 status
= vfs_streaminfo(conn
, NULL
, smb_fname
->base_name
, ctx
,
702 &num_streams
, &streams
);
703 /* There is always one stream, ::$DATA. */
704 if (NT_STATUS_IS_OK(status
) && num_streams
> 1) {
705 file_status
&= ~NO_SUBSTREAMS
;
707 TALLOC_FREE(streams
);
708 SSVAL(p
,2,file_status
);
711 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
713 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
716 if (fsp
->is_directory
||
717 can_write_to_file(conn
, smb_fname
)) {
718 perms
= FILE_GENERIC_ALL
;
720 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
725 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n",
726 fsp
->fnum
, smb_fname_str_dbg(smb_fname
)));
730 END_PROFILE(SMBntcreateX
);
734 /****************************************************************************
735 Reply to a NT_TRANSACT_CREATE call to open a pipe.
736 ****************************************************************************/
738 static void do_nt_transact_create_pipe(connection_struct
*conn
,
739 struct smb_request
*req
,
740 uint16
**ppsetup
, uint32 setup_count
,
741 char **ppparams
, uint32 parameter_count
,
742 char **ppdata
, uint32 data_count
)
745 char *params
= *ppparams
;
751 TALLOC_CTX
*ctx
= talloc_tos();
754 * Ensure minimum number of parameters sent.
757 if(parameter_count
< 54) {
758 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
759 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
763 flags
= IVAL(params
,0);
765 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
, params
+53,
766 parameter_count
-53, STR_TERMINATE
,
768 if (!NT_STATUS_IS_OK(status
)) {
769 reply_nterror(req
, status
);
773 nt_open_pipe(fname
, conn
, req
, &pnum
);
780 /* Realloc the size of parameters and data we will return */
781 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
782 /* Extended response is 32 more byyes. */
787 params
= nttrans_realloc(ppparams
, param_len
);
789 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
794 SCVAL(p
,0,NO_OPLOCK_RETURN
);
799 SIVAL(p
,0,FILE_WAS_OPENED
);
803 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
806 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
808 SSVAL(p
,2, 0x5FF); /* ? */
811 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
813 SIVAL(p
,0,FILE_GENERIC_ALL
);
815 * For pipes W2K3 seems to return
817 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
819 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
822 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname
));
824 /* Send the required number of replies */
825 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
830 /*********************************************************************
831 Windows seems to do canonicalization of inheritance bits. Do the
833 *********************************************************************/
835 static void canonicalize_inheritance_bits(struct security_descriptor
*psd
)
837 bool set_auto_inherited
= false;
840 * We need to filter out the
841 * SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
842 * bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
843 * as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
844 * when an ACE is inherited. Otherwise we zero these bits out.
847 * http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
852 if ((psd
->type
& (SEC_DESC_DACL_AUTO_INHERITED
|SEC_DESC_DACL_AUTO_INHERIT_REQ
))
853 == (SEC_DESC_DACL_AUTO_INHERITED
|SEC_DESC_DACL_AUTO_INHERIT_REQ
)) {
854 set_auto_inherited
= true;
857 psd
->type
&= ~(SEC_DESC_DACL_AUTO_INHERITED
|SEC_DESC_DACL_AUTO_INHERIT_REQ
);
858 if (set_auto_inherited
) {
859 psd
->type
|= SEC_DESC_DACL_AUTO_INHERITED
;
863 /****************************************************************************
864 Internal fn to set security descriptors.
865 ****************************************************************************/
867 NTSTATUS
set_sd(files_struct
*fsp
, struct security_descriptor
*psd
,
868 uint32_t security_info_sent
)
872 if (!CAN_WRITE(fsp
->conn
)) {
873 return NT_STATUS_ACCESS_DENIED
;
876 if (!lp_nt_acl_support(SNUM(fsp
->conn
))) {
880 if (psd
->owner_sid
== NULL
) {
881 security_info_sent
&= ~SECINFO_OWNER
;
883 if (psd
->group_sid
== NULL
) {
884 security_info_sent
&= ~SECINFO_GROUP
;
887 /* Ensure we have at least one thing set. */
888 if ((security_info_sent
& (SECINFO_OWNER
|SECINFO_GROUP
|SECINFO_DACL
|SECINFO_SACL
)) == 0) {
893 /* Ensure we have the rights to do this. */
894 if (security_info_sent
& SECINFO_OWNER
) {
895 if (!(fsp
->access_mask
& SEC_STD_WRITE_OWNER
)) {
896 return NT_STATUS_ACCESS_DENIED
;
900 if (security_info_sent
& SECINFO_GROUP
) {
901 if (!(fsp
->access_mask
& SEC_STD_WRITE_OWNER
)) {
902 return NT_STATUS_ACCESS_DENIED
;
906 if (security_info_sent
& SECINFO_DACL
) {
907 if (!(fsp
->access_mask
& SEC_STD_WRITE_DAC
)) {
908 return NT_STATUS_ACCESS_DENIED
;
910 /* Convert all the generic bits. */
912 security_acl_map_generic(psd
->dacl
, &file_generic_mapping
);
916 if (security_info_sent
& SECINFO_SACL
) {
917 if (!(fsp
->access_mask
& SEC_FLAG_SYSTEM_SECURITY
)) {
918 return NT_STATUS_ACCESS_DENIED
;
920 /* Convert all the generic bits. */
922 security_acl_map_generic(psd
->sacl
, &file_generic_mapping
);
926 canonicalize_inheritance_bits(psd
);
928 if (DEBUGLEVEL
>= 10) {
929 DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp
)));
930 NDR_PRINT_DEBUG(security_descriptor
, psd
);
933 status
= SMB_VFS_FSET_NT_ACL(fsp
, security_info_sent
, psd
);
940 /****************************************************************************
941 Internal fn to set security descriptors from a data blob.
942 ****************************************************************************/
944 NTSTATUS
set_sd_blob(files_struct
*fsp
, uint8_t *data
, uint32_t sd_len
,
945 uint32_t security_info_sent
)
947 struct security_descriptor
*psd
= NULL
;
951 return NT_STATUS_INVALID_PARAMETER
;
954 status
= unmarshall_sec_desc(talloc_tos(), data
, sd_len
, &psd
);
956 if (!NT_STATUS_IS_OK(status
)) {
960 return set_sd(fsp
, psd
, security_info_sent
);
963 /****************************************************************************
964 Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
965 ****************************************************************************/
967 struct ea_list
*read_nttrans_ea_list(TALLOC_CTX
*ctx
, const char *pdata
, size_t data_size
)
969 struct ea_list
*ea_list_head
= NULL
;
976 while (offset
+ 4 <= data_size
) {
977 size_t next_offset
= IVAL(pdata
,offset
);
978 struct ea_list
*eal
= read_ea_list_entry(ctx
, pdata
+ offset
+ 4, data_size
- offset
- 4, NULL
);
984 DLIST_ADD_END(ea_list_head
, eal
, struct ea_list
*);
985 if (next_offset
== 0) {
989 /* Integer wrap protection for the increment. */
990 if (offset
+ next_offset
< offset
) {
994 offset
+= next_offset
;
996 /* Integer wrap protection for while loop. */
997 if (offset
+ 4 < offset
) {
1003 return ea_list_head
;
1006 /****************************************************************************
1007 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1008 ****************************************************************************/
1010 static void call_nt_transact_create(connection_struct
*conn
,
1011 struct smb_request
*req
,
1012 uint16
**ppsetup
, uint32 setup_count
,
1013 char **ppparams
, uint32 parameter_count
,
1014 char **ppdata
, uint32 data_count
,
1015 uint32 max_data_count
)
1017 struct smb_filename
*smb_fname
= NULL
;
1019 char *params
= *ppparams
;
1020 char *data
= *ppdata
;
1021 /* Breakout the oplock request bits so we can set the reply bits separately. */
1023 SMB_OFF_T file_len
= 0;
1025 files_struct
*fsp
= NULL
;
1029 uint32 file_attributes
;
1030 uint32 share_access
;
1031 uint32 create_disposition
;
1032 uint32 create_options
;
1034 struct security_descriptor
*sd
= NULL
;
1036 uint16 root_dir_fid
;
1037 struct timespec create_timespec
;
1038 struct timespec c_timespec
;
1039 struct timespec a_timespec
;
1040 struct timespec m_timespec
;
1041 struct timespec write_time_ts
;
1042 struct ea_list
*ea_list
= NULL
;
1045 uint64_t allocation_size
;
1047 uint8_t oplock_granted
;
1048 struct case_semantics_state
*case_state
= NULL
;
1049 TALLOC_CTX
*ctx
= talloc_tos();
1051 DEBUG(5,("call_nt_transact_create\n"));
1054 * If it's an IPC, use the pipe handler.
1058 if (lp_nt_pipe_support()) {
1059 do_nt_transact_create_pipe(
1061 ppsetup
, setup_count
,
1062 ppparams
, parameter_count
,
1063 ppdata
, data_count
);
1066 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1071 * Ensure minimum number of parameters sent.
1074 if(parameter_count
< 54) {
1075 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1076 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1080 flags
= IVAL(params
,0);
1081 access_mask
= IVAL(params
,8);
1082 file_attributes
= IVAL(params
,20);
1083 share_access
= IVAL(params
,24);
1084 create_disposition
= IVAL(params
,28);
1085 create_options
= IVAL(params
,32);
1086 sd_len
= IVAL(params
,36);
1087 ea_len
= IVAL(params
,40);
1088 root_dir_fid
= (uint16
)IVAL(params
,4);
1089 allocation_size
= BVAL(params
,12);
1092 * we need to remove ignored bits when they come directly from the client
1093 * because we reuse some of them for internal stuff
1095 create_options
&= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK
;
1097 /* Ensure the data_len is correct for the sd and ea values given. */
1098 if ((ea_len
+ sd_len
> data_count
)
1099 || (ea_len
> data_count
) || (sd_len
> data_count
)
1100 || (ea_len
+ sd_len
< ea_len
) || (ea_len
+ sd_len
< sd_len
)) {
1101 DEBUG(10, ("call_nt_transact_create - ea_len = %u, sd_len = "
1102 "%u, data_count = %u\n", (unsigned int)ea_len
,
1103 (unsigned int)sd_len
, (unsigned int)data_count
));
1104 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1109 DEBUG(10, ("call_nt_transact_create - sd_len = %d\n",
1112 status
= unmarshall_sec_desc(ctx
, (uint8_t *)data
, sd_len
,
1114 if (!NT_STATUS_IS_OK(status
)) {
1115 DEBUG(10, ("call_nt_transact_create: "
1116 "unmarshall_sec_desc failed: %s\n",
1117 nt_errstr(status
)));
1118 reply_nterror(req
, status
);
1124 if (!lp_ea_support(SNUM(conn
))) {
1125 DEBUG(10, ("call_nt_transact_create - ea_len = %u but "
1126 "EA's not supported.\n",
1127 (unsigned int)ea_len
));
1128 reply_nterror(req
, NT_STATUS_EAS_NOT_SUPPORTED
);
1133 DEBUG(10,("call_nt_transact_create - ea_len = %u - "
1134 "too small (should be more than 10)\n",
1135 (unsigned int)ea_len
));
1136 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1140 /* We have already checked that ea_len <= data_count here. */
1141 ea_list
= read_nttrans_ea_list(talloc_tos(), data
+ sd_len
,
1143 if (ea_list
== NULL
) {
1144 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1149 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
,
1150 params
+53, parameter_count
-53,
1151 STR_TERMINATE
, &status
);
1152 if (!NT_STATUS_IS_OK(status
)) {
1153 reply_nterror(req
, status
);
1157 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
1158 case_state
= set_posix_case_semantics(ctx
, conn
);
1160 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1165 status
= filename_convert(ctx
,
1167 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1169 (create_disposition
== FILE_CREATE
)
1170 ? UCF_CREATING_FILE
: 0,
1174 TALLOC_FREE(case_state
);
1176 if (!NT_STATUS_IS_OK(status
)) {
1177 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
1178 reply_botherror(req
,
1179 NT_STATUS_PATH_NOT_COVERED
,
1180 ERRSRV
, ERRbadpath
);
1183 reply_nterror(req
, status
);
1187 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
1188 if (oplock_request
) {
1189 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
)
1194 * Bug #6898 - clients using Windows opens should
1195 * never be able to set this attribute into the
1198 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
1200 status
= SMB_VFS_CREATE_FILE(
1203 root_dir_fid
, /* root_dir_fid */
1204 smb_fname
, /* fname */
1205 access_mask
, /* access_mask */
1206 share_access
, /* share_access */
1207 create_disposition
, /* create_disposition*/
1208 create_options
, /* create_options */
1209 file_attributes
, /* file_attributes */
1210 oplock_request
, /* oplock_request */
1211 allocation_size
, /* allocation_size */
1212 0, /* private_flags */
1214 ea_list
, /* ea_list */
1218 if(!NT_STATUS_IS_OK(status
)) {
1219 if (open_was_deferred(req
->mid
)) {
1220 /* We have re-scheduled this call, no error. */
1223 reply_openerror(req
, status
);
1227 /* Ensure we're pointing at the correct stat struct. */
1228 TALLOC_FREE(smb_fname
);
1229 smb_fname
= fsp
->fsp_name
;
1232 * If the caller set the extended oplock request bit
1233 * and we granted one (by whatever means) - set the
1234 * correct bit for extended oplock reply.
1237 if (oplock_request
&&
1238 (lp_fake_oplocks(SNUM(conn
))
1239 || EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
))) {
1242 * Exclusive oplock granted
1245 if (flags
& REQUEST_BATCH_OPLOCK
) {
1246 oplock_granted
= BATCH_OPLOCK_RETURN
;
1248 oplock_granted
= EXCLUSIVE_OPLOCK_RETURN
;
1250 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
1251 oplock_granted
= LEVEL_II_OPLOCK_RETURN
;
1253 oplock_granted
= NO_OPLOCK_RETURN
;
1256 file_len
= smb_fname
->st
.st_ex_size
;
1258 /* Realloc the size of parameters and data we will return */
1259 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1260 /* Extended response is 32 more byyes. */
1265 params
= nttrans_realloc(ppparams
, param_len
);
1266 if(params
== NULL
) {
1267 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1272 SCVAL(p
, 0, oplock_granted
);
1275 SSVAL(p
,0,fsp
->fnum
);
1277 if ((create_disposition
== FILE_SUPERSEDE
)
1278 && (info
== FILE_WAS_OVERWRITTEN
)) {
1279 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
1285 fattr
= dos_mode(conn
, smb_fname
);
1287 fattr
= FILE_ATTRIBUTE_NORMAL
;
1290 /* Deal with other possible opens having a modified
1292 ZERO_STRUCT(write_time_ts
);
1293 get_file_infos(fsp
->file_id
, 0, NULL
, &write_time_ts
);
1294 if (!null_timespec(write_time_ts
)) {
1295 update_stat_ex_mtime(&smb_fname
->st
, write_time_ts
);
1299 create_timespec
= get_create_timespec(conn
, fsp
, smb_fname
);
1300 a_timespec
= smb_fname
->st
.st_ex_atime
;
1301 m_timespec
= smb_fname
->st
.st_ex_mtime
;
1302 c_timespec
= get_change_timespec(conn
, fsp
, smb_fname
);
1304 if (lp_dos_filetime_resolution(SNUM(conn
))) {
1305 dos_filetime_timespec(&create_timespec
);
1306 dos_filetime_timespec(&a_timespec
);
1307 dos_filetime_timespec(&m_timespec
);
1308 dos_filetime_timespec(&c_timespec
);
1311 put_long_date_timespec(conn
->ts_res
, p
, create_timespec
); /* create time. */
1313 put_long_date_timespec(conn
->ts_res
, p
, a_timespec
); /* access time */
1315 put_long_date_timespec(conn
->ts_res
, p
, m_timespec
); /* write time */
1317 put_long_date_timespec(conn
->ts_res
, p
, c_timespec
); /* change time */
1319 SIVAL(p
,0,fattr
); /* File Attributes. */
1321 SOFF_T(p
, 0, SMB_VFS_GET_ALLOC_SIZE(conn
, fsp
, &smb_fname
->st
));
1323 SOFF_T(p
,0,file_len
);
1325 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1326 uint16_t file_status
= (NO_EAS
|NO_SUBSTREAMS
|NO_REPARSETAG
);
1327 size_t num_names
= 0;
1328 unsigned int num_streams
= 0;
1329 struct stream_struct
*streams
= NULL
;
1331 /* Do we have any EA's ? */
1332 status
= get_ea_names_from_file(ctx
, conn
, fsp
,
1333 smb_fname
->base_name
, NULL
, &num_names
);
1334 if (NT_STATUS_IS_OK(status
) && num_names
) {
1335 file_status
&= ~NO_EAS
;
1337 status
= vfs_streaminfo(conn
, NULL
, smb_fname
->base_name
, ctx
,
1338 &num_streams
, &streams
);
1339 /* There is always one stream, ::$DATA. */
1340 if (NT_STATUS_IS_OK(status
) && num_streams
> 1) {
1341 file_status
&= ~NO_SUBSTREAMS
;
1343 TALLOC_FREE(streams
);
1344 SSVAL(p
,2,file_status
);
1347 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1349 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1352 if (fsp
->is_directory
||
1353 can_write_to_file(conn
, smb_fname
)) {
1354 perms
= FILE_GENERIC_ALL
;
1356 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1361 DEBUG(5,("call_nt_transact_create: open name = %s\n",
1362 smb_fname_str_dbg(smb_fname
)));
1364 /* Send the required number of replies */
1365 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1370 /****************************************************************************
1371 Reply to a NT CANCEL request.
1372 conn POINTER CAN BE NULL HERE !
1373 ****************************************************************************/
1375 void reply_ntcancel(struct smb_request
*req
)
1378 * Go through and cancel any pending change notifies.
1381 START_PROFILE(SMBntcancel
);
1382 srv_cancel_sign_response(req
->sconn
);
1383 remove_pending_change_notify_requests_by_mid(req
->sconn
, req
->mid
);
1384 remove_pending_lock_requests_by_mid_smb1(req
->sconn
, req
->mid
);
1386 DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n",
1387 (unsigned long long)req
->mid
));
1389 END_PROFILE(SMBntcancel
);
1393 /****************************************************************************
1395 ****************************************************************************/
1397 static NTSTATUS
copy_internals(TALLOC_CTX
*ctx
,
1398 connection_struct
*conn
,
1399 struct smb_request
*req
,
1400 struct smb_filename
*smb_fname_src
,
1401 struct smb_filename
*smb_fname_dst
,
1404 files_struct
*fsp1
,*fsp2
;
1408 NTSTATUS status
= NT_STATUS_OK
;
1411 if (!CAN_WRITE(conn
)) {
1412 status
= NT_STATUS_MEDIA_WRITE_PROTECTED
;
1416 /* Source must already exist. */
1417 if (!VALID_STAT(smb_fname_src
->st
)) {
1418 status
= NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1422 /* Ensure attributes match. */
1423 fattr
= dos_mode(conn
, smb_fname_src
);
1424 if ((fattr
& ~attrs
) & (FILE_ATTRIBUTE_HIDDEN
| FILE_ATTRIBUTE_SYSTEM
)) {
1425 status
= NT_STATUS_NO_SUCH_FILE
;
1429 /* Disallow if dst file already exists. */
1430 if (VALID_STAT(smb_fname_dst
->st
)) {
1431 status
= NT_STATUS_OBJECT_NAME_COLLISION
;
1435 /* No links from a directory. */
1436 if (S_ISDIR(smb_fname_src
->st
.st_ex_mode
)) {
1437 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
1441 DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1442 smb_fname_str_dbg(smb_fname_src
),
1443 smb_fname_str_dbg(smb_fname_dst
)));
1445 status
= SMB_VFS_CREATE_FILE(
1448 0, /* root_dir_fid */
1449 smb_fname_src
, /* fname */
1450 FILE_READ_DATA
|FILE_READ_ATTRIBUTES
|
1451 FILE_READ_EA
, /* access_mask */
1452 (FILE_SHARE_READ
| FILE_SHARE_WRITE
| /* share_access */
1454 FILE_OPEN
, /* create_disposition*/
1455 0, /* create_options */
1456 FILE_ATTRIBUTE_NORMAL
, /* file_attributes */
1457 NO_OPLOCK
, /* oplock_request */
1458 0, /* allocation_size */
1459 0, /* private_flags */
1465 if (!NT_STATUS_IS_OK(status
)) {
1469 status
= SMB_VFS_CREATE_FILE(
1472 0, /* root_dir_fid */
1473 smb_fname_dst
, /* fname */
1474 FILE_WRITE_DATA
|FILE_WRITE_ATTRIBUTES
|
1475 FILE_WRITE_EA
, /* access_mask */
1476 (FILE_SHARE_READ
| FILE_SHARE_WRITE
| /* share_access */
1478 FILE_CREATE
, /* create_disposition*/
1479 0, /* create_options */
1480 fattr
, /* file_attributes */
1481 NO_OPLOCK
, /* oplock_request */
1482 0, /* allocation_size */
1483 0, /* private_flags */
1489 if (!NT_STATUS_IS_OK(status
)) {
1490 close_file(NULL
, fsp1
, ERROR_CLOSE
);
1494 if (smb_fname_src
->st
.st_ex_size
) {
1495 ret
= vfs_transfer_file(fsp1
, fsp2
, smb_fname_src
->st
.st_ex_size
);
1499 * As we are opening fsp1 read-only we only expect
1500 * an error on close on fsp2 if we are out of space.
1501 * Thus we don't look at the error return from the
1504 close_file(NULL
, fsp1
, NORMAL_CLOSE
);
1506 /* Ensure the modtime is set correctly on the destination file. */
1507 set_close_write_time(fsp2
, smb_fname_src
->st
.st_ex_mtime
);
1509 status
= close_file(NULL
, fsp2
, NORMAL_CLOSE
);
1511 /* Grrr. We have to do this as open_file_ntcreate adds FILE_ATTRIBUTE_ARCHIVE when it
1512 creates the file. This isn't the correct thing to do in the copy
1514 if (!parent_dirname(talloc_tos(), smb_fname_dst
->base_name
, &parent
,
1516 status
= NT_STATUS_NO_MEMORY
;
1519 file_set_dosmode(conn
, smb_fname_dst
, fattr
, parent
, false);
1520 TALLOC_FREE(parent
);
1522 if (ret
< (SMB_OFF_T
)smb_fname_src
->st
.st_ex_size
) {
1523 status
= NT_STATUS_DISK_FULL
;
1527 if (!NT_STATUS_IS_OK(status
)) {
1528 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1529 nt_errstr(status
), smb_fname_str_dbg(smb_fname_src
),
1530 smb_fname_str_dbg(smb_fname_dst
)));
1536 /****************************************************************************
1537 Reply to a NT rename request.
1538 ****************************************************************************/
1540 void reply_ntrename(struct smb_request
*req
)
1542 connection_struct
*conn
= req
->conn
;
1543 struct smb_filename
*smb_fname_old
= NULL
;
1544 struct smb_filename
*smb_fname_new
= NULL
;
1545 char *oldname
= NULL
;
1546 char *newname
= NULL
;
1549 bool src_has_wcard
= False
;
1550 bool dest_has_wcard
= False
;
1552 uint32_t ucf_flags_src
= 0;
1553 uint32_t ucf_flags_dst
= 0;
1555 TALLOC_CTX
*ctx
= talloc_tos();
1556 bool stream_rename
= false;
1558 START_PROFILE(SMBntrename
);
1561 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1565 attrs
= SVAL(req
->vwv
+0, 0);
1566 rename_type
= SVAL(req
->vwv
+1, 0);
1568 p
= (const char *)req
->buf
+ 1;
1569 p
+= srvstr_get_path_req_wcard(ctx
, req
, &oldname
, p
, STR_TERMINATE
,
1570 &status
, &src_has_wcard
);
1571 if (!NT_STATUS_IS_OK(status
)) {
1572 reply_nterror(req
, status
);
1576 if (ms_has_wild(oldname
)) {
1577 reply_nterror(req
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
);
1582 p
+= srvstr_get_path_req_wcard(ctx
, req
, &newname
, p
, STR_TERMINATE
,
1583 &status
, &dest_has_wcard
);
1584 if (!NT_STATUS_IS_OK(status
)) {
1585 reply_nterror(req
, status
);
1589 if (!lp_posix_pathnames()) {
1590 /* The newname must begin with a ':' if the
1591 oldname contains a ':'. */
1592 if (strchr_m(oldname
, ':')) {
1593 if (newname
[0] != ':') {
1594 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1597 stream_rename
= true;
1602 * If this is a rename operation, allow wildcards and save the
1603 * destination's last component.
1605 if (rename_type
== RENAME_FLAG_RENAME
) {
1606 ucf_flags_src
= UCF_COND_ALLOW_WCARD_LCOMP
;
1607 ucf_flags_dst
= UCF_COND_ALLOW_WCARD_LCOMP
| UCF_SAVE_LCOMP
;
1610 /* rename_internals() calls unix_convert(), so don't call it here. */
1611 status
= filename_convert(ctx
, conn
,
1612 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1617 if (!NT_STATUS_IS_OK(status
)) {
1618 if (NT_STATUS_EQUAL(status
,
1619 NT_STATUS_PATH_NOT_COVERED
)) {
1620 reply_botherror(req
,
1621 NT_STATUS_PATH_NOT_COVERED
,
1622 ERRSRV
, ERRbadpath
);
1625 reply_nterror(req
, status
);
1629 status
= filename_convert(ctx
, conn
,
1630 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1635 if (!NT_STATUS_IS_OK(status
)) {
1636 if (NT_STATUS_EQUAL(status
,
1637 NT_STATUS_PATH_NOT_COVERED
)) {
1638 reply_botherror(req
,
1639 NT_STATUS_PATH_NOT_COVERED
,
1640 ERRSRV
, ERRbadpath
);
1643 reply_nterror(req
, status
);
1647 if (stream_rename
) {
1648 /* smb_fname_new must be the same as smb_fname_old. */
1649 TALLOC_FREE(smb_fname_new
->base_name
);
1650 smb_fname_new
->base_name
= talloc_strdup(smb_fname_new
,
1651 smb_fname_old
->base_name
);
1652 if (!smb_fname_new
->base_name
) {
1653 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1658 DEBUG(3,("reply_ntrename: %s -> %s\n",
1659 smb_fname_str_dbg(smb_fname_old
),
1660 smb_fname_str_dbg(smb_fname_new
)));
1662 switch(rename_type
) {
1663 case RENAME_FLAG_RENAME
:
1664 status
= rename_internals(ctx
, conn
, req
,
1665 smb_fname_old
, smb_fname_new
,
1666 attrs
, False
, src_has_wcard
,
1670 case RENAME_FLAG_HARD_LINK
:
1671 if (src_has_wcard
|| dest_has_wcard
) {
1673 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
1675 status
= hardlink_internals(ctx
, conn
,
1682 case RENAME_FLAG_COPY
:
1683 if (src_has_wcard
|| dest_has_wcard
) {
1685 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
1687 status
= copy_internals(ctx
, conn
, req
,
1693 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION
:
1694 status
= NT_STATUS_INVALID_PARAMETER
;
1697 status
= NT_STATUS_ACCESS_DENIED
; /* Default error. */
1701 if (!NT_STATUS_IS_OK(status
)) {
1702 if (open_was_deferred(req
->mid
)) {
1703 /* We have re-scheduled this call. */
1707 reply_nterror(req
, status
);
1711 reply_outbuf(req
, 0, 0);
1713 END_PROFILE(SMBntrename
);
1717 /****************************************************************************
1718 Reply to a notify change - queue the request and
1719 don't allow a directory to be opened.
1720 ****************************************************************************/
1722 static void smbd_smb1_notify_reply(struct smb_request
*req
,
1723 NTSTATUS error_code
,
1724 uint8_t *buf
, size_t len
)
1726 send_nt_replies(req
->conn
, req
, error_code
, (char *)buf
, len
, NULL
, 0);
1729 static void call_nt_transact_notify_change(connection_struct
*conn
,
1730 struct smb_request
*req
,
1734 uint32 parameter_count
,
1735 char **ppdata
, uint32 data_count
,
1736 uint32 max_data_count
,
1737 uint32 max_param_count
)
1739 uint16
*setup
= *ppsetup
;
1745 if(setup_count
< 6) {
1746 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1750 fsp
= file_fsp(req
, SVAL(setup
,4));
1751 filter
= IVAL(setup
, 0);
1752 recursive
= (SVAL(setup
, 6) != 0) ? True
: False
;
1754 DEBUG(3,("call_nt_transact_notify_change\n"));
1757 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
1762 char *filter_string
;
1764 if (!(filter_string
= notify_filter_string(NULL
, filter
))) {
1765 reply_nterror(req
,NT_STATUS_NO_MEMORY
);
1769 DEBUG(3,("call_nt_transact_notify_change: notify change "
1770 "called on %s, filter = %s, recursive = %d\n",
1771 fsp_str_dbg(fsp
), filter_string
, recursive
));
1773 TALLOC_FREE(filter_string
);
1776 if((!fsp
->is_directory
) || (conn
!= fsp
->conn
)) {
1777 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1781 if (fsp
->notify
== NULL
) {
1783 status
= change_notify_create(fsp
, filter
, recursive
);
1785 if (!NT_STATUS_IS_OK(status
)) {
1786 DEBUG(10, ("change_notify_create returned %s\n",
1787 nt_errstr(status
)));
1788 reply_nterror(req
, status
);
1793 if (fsp
->notify
->num_changes
!= 0) {
1796 * We've got changes pending, respond immediately
1800 * TODO: write a torture test to check the filtering behaviour
1804 change_notify_reply(req
,
1808 smbd_smb1_notify_reply
);
1811 * change_notify_reply() above has independently sent its
1818 * No changes pending, queue the request
1821 status
= change_notify_add_request(req
,
1825 smbd_smb1_notify_reply
);
1826 if (!NT_STATUS_IS_OK(status
)) {
1827 reply_nterror(req
, status
);
1832 /****************************************************************************
1833 Reply to an NT transact rename command.
1834 ****************************************************************************/
1836 static void call_nt_transact_rename(connection_struct
*conn
,
1837 struct smb_request
*req
,
1838 uint16
**ppsetup
, uint32 setup_count
,
1839 char **ppparams
, uint32 parameter_count
,
1840 char **ppdata
, uint32 data_count
,
1841 uint32 max_data_count
)
1843 char *params
= *ppparams
;
1844 char *new_name
= NULL
;
1845 files_struct
*fsp
= NULL
;
1846 bool dest_has_wcard
= False
;
1848 TALLOC_CTX
*ctx
= talloc_tos();
1850 if(parameter_count
< 5) {
1851 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1855 fsp
= file_fsp(req
, SVAL(params
, 0));
1856 if (!check_fsp(conn
, req
, fsp
)) {
1859 srvstr_get_path_wcard(ctx
, params
, req
->flags2
, &new_name
, params
+4,
1860 parameter_count
- 4,
1861 STR_TERMINATE
, &status
, &dest_has_wcard
);
1862 if (!NT_STATUS_IS_OK(status
)) {
1863 reply_nterror(req
, status
);
1868 * W2K3 ignores this request as the RAW-RENAME test
1869 * demonstrates, so we do.
1871 send_nt_replies(conn
, req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
1873 DEBUG(3,("nt transact rename from = %s, to = %s ignored!\n",
1874 fsp_str_dbg(fsp
), new_name
));
1879 /******************************************************************************
1880 Fake up a completely empty SD.
1881 *******************************************************************************/
1883 static NTSTATUS
get_null_nt_acl(TALLOC_CTX
*mem_ctx
, struct security_descriptor
**ppsd
)
1887 *ppsd
= make_standard_sec_desc( mem_ctx
, &global_sid_World
, &global_sid_World
, NULL
, &sd_size
);
1889 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
1890 return NT_STATUS_NO_MEMORY
;
1893 return NT_STATUS_OK
;
1896 /****************************************************************************
1897 Reply to query a security descriptor.
1898 Callable from SMB2 and SMB2.
1899 If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with
1901 ****************************************************************************/
1903 NTSTATUS
smbd_do_query_security_desc(connection_struct
*conn
,
1904 TALLOC_CTX
*mem_ctx
,
1906 uint32_t security_info_wanted
,
1907 uint32_t max_data_count
,
1908 uint8_t **ppmarshalled_sd
,
1912 struct security_descriptor
*psd
= NULL
;
1915 * Get the permissions to return.
1918 if ((security_info_wanted
& SECINFO_SACL
) &&
1919 !(fsp
->access_mask
& SEC_FLAG_SYSTEM_SECURITY
)) {
1920 return NT_STATUS_ACCESS_DENIED
;
1923 if ((security_info_wanted
& (SECINFO_DACL
|SECINFO_OWNER
|SECINFO_GROUP
)) &&
1924 !(fsp
->access_mask
& SEC_STD_READ_CONTROL
)) {
1925 return NT_STATUS_ACCESS_DENIED
;
1928 if (security_info_wanted
& (SECINFO_DACL
|SECINFO_OWNER
|
1929 SECINFO_GROUP
|SECINFO_SACL
)) {
1930 /* Don't return SECINFO_LABEL if anything else was
1931 requested. See bug #8458. */
1932 security_info_wanted
&= ~SECINFO_LABEL
;
1935 if (!lp_nt_acl_support(SNUM(conn
))) {
1936 status
= get_null_nt_acl(mem_ctx
, &psd
);
1937 } else if (security_info_wanted
& SECINFO_LABEL
) {
1938 /* Like W2K3 return a null object. */
1939 status
= get_null_nt_acl(mem_ctx
, &psd
);
1941 status
= SMB_VFS_FGET_NT_ACL(
1942 fsp
, security_info_wanted
, &psd
);
1944 if (!NT_STATUS_IS_OK(status
)) {
1948 if (!(security_info_wanted
& SECINFO_OWNER
)) {
1949 psd
->owner_sid
= NULL
;
1951 if (!(security_info_wanted
& SECINFO_GROUP
)) {
1952 psd
->group_sid
= NULL
;
1954 if (!(security_info_wanted
& SECINFO_DACL
)) {
1955 psd
->type
&= ~SEC_DESC_DACL_PRESENT
;
1958 if (!(security_info_wanted
& SECINFO_SACL
)) {
1959 psd
->type
&= ~SEC_DESC_SACL_PRESENT
;
1963 /* If the SACL/DACL is NULL, but was requested, we mark that it is
1964 * present in the reply to match Windows behavior */
1965 if (psd
->sacl
== NULL
&&
1966 security_info_wanted
& SECINFO_SACL
)
1967 psd
->type
|= SEC_DESC_SACL_PRESENT
;
1968 if (psd
->dacl
== NULL
&&
1969 security_info_wanted
& SECINFO_DACL
)
1970 psd
->type
|= SEC_DESC_DACL_PRESENT
;
1972 if (security_info_wanted
& SECINFO_LABEL
) {
1973 /* Like W2K3 return a null object. */
1974 psd
->owner_sid
= NULL
;
1975 psd
->group_sid
= NULL
;
1978 psd
->type
&= ~(SEC_DESC_DACL_PRESENT
|SEC_DESC_SACL_PRESENT
);
1981 *psd_size
= ndr_size_security_descriptor(psd
, 0);
1983 DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n",
1984 (unsigned long)*psd_size
));
1986 if (DEBUGLEVEL
>= 10) {
1987 DEBUG(10,("smbd_do_query_security_desc for file %s\n",
1989 NDR_PRINT_DEBUG(security_descriptor
, psd
);
1992 if (max_data_count
< *psd_size
) {
1994 return NT_STATUS_BUFFER_TOO_SMALL
;
1997 status
= marshall_sec_desc(mem_ctx
, psd
,
1998 ppmarshalled_sd
, psd_size
);
2000 if (!NT_STATUS_IS_OK(status
)) {
2006 return NT_STATUS_OK
;
2009 /****************************************************************************
2010 SMB1 reply to query a security descriptor.
2011 ****************************************************************************/
2013 static void call_nt_transact_query_security_desc(connection_struct
*conn
,
2014 struct smb_request
*req
,
2018 uint32 parameter_count
,
2021 uint32 max_data_count
)
2023 char *params
= *ppparams
;
2024 char *data
= *ppdata
;
2026 uint32 security_info_wanted
;
2027 files_struct
*fsp
= NULL
;
2029 uint8_t *marshalled_sd
= NULL
;
2031 if(parameter_count
< 8) {
2032 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2036 fsp
= file_fsp(req
, SVAL(params
,0));
2038 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2042 security_info_wanted
= IVAL(params
,4);
2044 DEBUG(3,("call_nt_transact_query_security_desc: file = %s, "
2045 "info_wanted = 0x%x\n", fsp_str_dbg(fsp
),
2046 (unsigned int)security_info_wanted
));
2048 params
= nttrans_realloc(ppparams
, 4);
2049 if(params
== NULL
) {
2050 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2055 * Get the permissions to return.
2058 status
= smbd_do_query_security_desc(conn
,
2061 security_info_wanted
,
2066 if (NT_STATUS_EQUAL(status
, NT_STATUS_BUFFER_TOO_SMALL
)) {
2067 SIVAL(params
,0,(uint32_t)sd_size
);
2068 send_nt_replies(conn
, req
, NT_STATUS_BUFFER_TOO_SMALL
,
2069 params
, 4, NULL
, 0);
2073 if (!NT_STATUS_IS_OK(status
)) {
2074 reply_nterror(req
, status
);
2078 SMB_ASSERT(sd_size
> 0);
2080 SIVAL(params
,0,(uint32_t)sd_size
);
2082 if (max_data_count
< sd_size
) {
2083 send_nt_replies(conn
, req
, NT_STATUS_BUFFER_TOO_SMALL
,
2084 params
, 4, NULL
, 0);
2089 * Allocate the data we will return.
2092 data
= nttrans_realloc(ppdata
, sd_size
);
2094 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2098 memcpy(data
, marshalled_sd
, sd_size
);
2100 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, 4, data
, (int)sd_size
);
2105 /****************************************************************************
2106 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2107 ****************************************************************************/
2109 static void call_nt_transact_set_security_desc(connection_struct
*conn
,
2110 struct smb_request
*req
,
2114 uint32 parameter_count
,
2117 uint32 max_data_count
)
2119 char *params
= *ppparams
;
2120 char *data
= *ppdata
;
2121 files_struct
*fsp
= NULL
;
2122 uint32 security_info_sent
= 0;
2125 if(parameter_count
< 8) {
2126 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2130 if((fsp
= file_fsp(req
, SVAL(params
,0))) == NULL
) {
2131 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2135 if (!CAN_WRITE(fsp
->conn
)) {
2136 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2140 if(!lp_nt_acl_support(SNUM(conn
))) {
2144 security_info_sent
= IVAL(params
,4);
2146 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n",
2147 fsp_str_dbg(fsp
), (unsigned int)security_info_sent
));
2149 if (data_count
== 0) {
2150 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2154 status
= set_sd_blob(fsp
, (uint8
*)data
, data_count
, security_info_sent
);
2156 if (!NT_STATUS_IS_OK(status
)) {
2157 reply_nterror(req
, status
);
2162 send_nt_replies(conn
, req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2167 * Implement the default fsctl operation.
2170 static bool vfswrap_logged_ioctl_message
= false;
2173 * In 3.6 we do not have a SMB_VFS_FSCTL() function
2174 * it's just faked to make it more look like
2177 NTSTATUS
smb_fsctl(struct files_struct
*fsp
,
2180 uint16_t req_flags
, /* Needed for UNICODE ... */
2181 const uint8_t *_in_data
,
2183 uint8_t **_out_data
,
2184 uint32_t max_out_len
,
2187 const char *in_data
= (const char *)_in_data
;
2188 char **out_data
= (char **)_out_data
;
2191 case FSCTL_SET_SPARSE
:
2193 bool set_sparse
= true;
2196 if (in_len
>= 1 && in_data
[0] == 0) {
2200 status
= file_set_sparse(fsp
->conn
, fsp
, set_sparse
);
2202 DEBUG(NT_STATUS_IS_OK(status
) ? 10 : 9,
2203 ("FSCTL_SET_SPARSE: fname[%s] set[%u] - %s\n",
2204 smb_fname_str_dbg(fsp
->fsp_name
), set_sparse
,
2205 nt_errstr(status
)));
2210 case FSCTL_CREATE_OR_GET_OBJECT_ID
:
2212 unsigned char objid
[16];
2213 char *return_data
= NULL
;
2215 /* This should return the object-id on this file.
2216 * I think I'll make this be the inode+dev. JRA.
2219 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fsp
->fnum
));
2221 *out_len
= (max_out_len
>= 64) ? 64 : max_out_len
;
2222 /* Hmmm, will this cause problems if less data asked for? */
2223 return_data
= talloc_array(ctx
, char, 64);
2224 if (return_data
== NULL
) {
2225 return NT_STATUS_NO_MEMORY
;
2228 /* For backwards compatibility only store the dev/inode. */
2229 push_file_id_16(return_data
, &fsp
->file_id
);
2230 memcpy(return_data
+16,create_volume_objectid(fsp
->conn
,objid
),16);
2231 push_file_id_16(return_data
+32, &fsp
->file_id
);
2232 *out_data
= return_data
;
2233 return NT_STATUS_OK
;
2236 case FSCTL_GET_REPARSE_POINT
:
2238 /* Fail it with STATUS_NOT_A_REPARSE_POINT */
2239 DEBUG(10, ("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X] Status: NOT_IMPLEMENTED\n", fsp
->fnum
));
2240 return NT_STATUS_NOT_A_REPARSE_POINT
;
2243 case FSCTL_SET_REPARSE_POINT
:
2245 /* Fail it with STATUS_NOT_A_REPARSE_POINT */
2246 DEBUG(10, ("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X] Status: NOT_IMPLEMENTED\n", fsp
->fnum
));
2247 return NT_STATUS_NOT_A_REPARSE_POINT
;
2250 case FSCTL_GET_SHADOW_COPY_DATA
:
2253 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
2254 * and return their volume names. If max_data_count is 16, then it is just
2255 * asking for the number of volumes and length of the combined names.
2257 * pdata is the data allocated by our caller, but that uses
2258 * total_data_count (which is 0 in our case) rather than max_data_count.
2259 * Allocate the correct amount and return the pointer to let
2260 * it be deallocated when we return.
2262 struct shadow_copy_data
*shadow_data
= NULL
;
2263 bool labels
= False
;
2264 uint32 labels_data_count
= 0;
2266 char *cur_pdata
= NULL
;
2268 if (max_out_len
< 16) {
2269 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
2271 return NT_STATUS_INVALID_PARAMETER
;
2274 if (max_out_len
> 16) {
2278 shadow_data
= talloc_zero(ctx
, struct shadow_copy_data
);
2279 if (shadow_data
== NULL
) {
2280 DEBUG(0,("TALLOC_ZERO() failed!\n"));
2281 return NT_STATUS_NO_MEMORY
;
2285 * Call the VFS routine to actually do the work.
2287 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp
, shadow_data
, labels
)!=0) {
2288 TALLOC_FREE(shadow_data
);
2289 if (errno
== ENOSYS
) {
2290 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n",
2291 fsp
->conn
->connectpath
));
2292 return NT_STATUS_NOT_SUPPORTED
;
2294 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n",
2295 fsp
->conn
->connectpath
));
2296 return NT_STATUS_UNSUCCESSFUL
;
2300 labels_data_count
= (shadow_data
->num_volumes
* 2 *
2301 sizeof(SHADOW_COPY_LABEL
)) + 2;
2306 *out_len
= 12 + labels_data_count
+ 4;
2309 if (max_out_len
< *out_len
) {
2310 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
2311 max_out_len
, *out_len
));
2312 TALLOC_FREE(shadow_data
);
2313 return NT_STATUS_BUFFER_TOO_SMALL
;
2316 cur_pdata
= talloc_array(ctx
, char, *out_len
);
2317 if (cur_pdata
== NULL
) {
2318 TALLOC_FREE(shadow_data
);
2319 return NT_STATUS_NO_MEMORY
;
2322 *out_data
= cur_pdata
;
2324 /* num_volumes 4 bytes */
2325 SIVAL(cur_pdata
, 0, shadow_data
->num_volumes
);
2328 /* num_labels 4 bytes */
2329 SIVAL(cur_pdata
, 4, shadow_data
->num_volumes
);
2332 /* needed_data_count 4 bytes */
2333 SIVAL(cur_pdata
, 8, labels_data_count
+ 4);
2337 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
2338 shadow_data
->num_volumes
, fsp_str_dbg(fsp
)));
2339 if (labels
&& shadow_data
->labels
) {
2340 for (i
=0; i
<shadow_data
->num_volumes
; i
++) {
2341 srvstr_push(cur_pdata
, req_flags
,
2342 cur_pdata
, shadow_data
->labels
[i
],
2343 2 * sizeof(SHADOW_COPY_LABEL
),
2344 STR_UNICODE
|STR_TERMINATE
);
2345 cur_pdata
+= 2 * sizeof(SHADOW_COPY_LABEL
);
2346 DEBUGADD(10,("Label[%u]: '%s'\n",i
,shadow_data
->labels
[i
]));
2350 TALLOC_FREE(shadow_data
);
2352 return NT_STATUS_OK
;
2355 case FSCTL_FIND_FILES_BY_SID
:
2357 /* pretend this succeeded -
2359 * we have to send back a list with all files owned by this SID
2361 * but I have to check that --metze
2367 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n", fsp
->fnum
));
2370 /* NT_STATUS_BUFFER_TOO_SMALL maybe? */
2371 return NT_STATUS_INVALID_PARAMETER
;
2374 sid_len
= MIN(in_len
- 4,SID_MAX_SIZE
);
2376 /* unknown 4 bytes: this is not the length of the sid :-( */
2377 /*unknown = IVAL(pdata,0);*/
2379 if (!sid_parse(in_data
+ 4, sid_len
, &sid
)) {
2380 return NT_STATUS_INVALID_PARAMETER
;
2382 DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid
)));
2384 if (!sid_to_uid(&sid
, &uid
)) {
2385 DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2386 sid_string_dbg(&sid
),
2387 (unsigned long)sid_len
));
2391 /* we can take a look at the find source :-)
2393 * find ./ -uid $uid -name '*' is what we need here
2396 * and send 4bytes len and then NULL terminated unicode strings
2399 * but I don't know how to deal with the paged results
2400 * (maybe we can hang the result anywhere in the fsp struct)
2402 * but I don't know how to deal with the paged results
2403 * (maybe we can hang the result anywhere in the fsp struct)
2405 * we don't send all files at once
2406 * and at the next we should *not* start from the beginning,
2407 * so we have to cache the result
2412 /* this works for now... */
2413 return NT_STATUS_OK
;
2416 case FSCTL_QUERY_ALLOCATED_RANGES
:
2418 /* FIXME: This is just a dummy reply, telling that all of the
2419 * file is allocated. MKS cp needs that.
2420 * Adding the real allocated ranges via FIEMAP on Linux
2421 * and SEEK_DATA/SEEK_HOLE on Solaris is needed to make
2422 * this FSCTL correct for sparse files.
2425 uint64_t offset
, length
;
2426 char *out_data_tmp
= NULL
;
2429 DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: data_count(%u) != 16 is invalid!\n",
2431 return NT_STATUS_INVALID_PARAMETER
;
2434 if (max_out_len
< 16) {
2435 DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: max_out_len (%u) < 16 is invalid!\n",
2437 return NT_STATUS_INVALID_PARAMETER
;
2440 offset
= BVAL(in_data
,0);
2441 length
= BVAL(in_data
,8);
2443 if (offset
+ length
< offset
) {
2444 /* No 64-bit integer wrap. */
2445 return NT_STATUS_INVALID_PARAMETER
;
2448 /* Shouldn't this be SMB_VFS_STAT ... ? */
2449 status
= vfs_stat_fsp(fsp
);
2450 if (!NT_STATUS_IS_OK(status
)) {
2455 out_data_tmp
= talloc_array(ctx
, char, *out_len
);
2456 if (out_data_tmp
== NULL
) {
2457 DEBUG(10, ("unable to allocate memory for response\n"));
2458 return NT_STATUS_NO_MEMORY
;
2461 if (offset
> fsp
->fsp_name
->st
.st_ex_size
||
2462 fsp
->fsp_name
->st
.st_ex_size
== 0 ||
2464 memset(out_data_tmp
, 0, *out_len
);
2466 uint64_t end
= offset
+ length
;
2467 end
= MIN(end
, fsp
->fsp_name
->st
.st_ex_size
);
2468 SBVAL(out_data_tmp
, 0, 0);
2469 SBVAL(out_data_tmp
, 8, end
);
2472 *out_data
= out_data_tmp
;
2474 return NT_STATUS_OK
;
2477 case FSCTL_IS_VOLUME_DIRTY
:
2479 DEBUG(10,("FSCTL_IS_VOLUME_DIRTY: called on FID[0x%04X] "
2480 "(but not implemented)\n", fsp
->fnum
));
2482 * http://msdn.microsoft.com/en-us/library/cc232128%28PROT.10%29.aspx
2483 * says we have to respond with NT_STATUS_INVALID_PARAMETER
2485 return NT_STATUS_INVALID_PARAMETER
;
2490 * Only print once ... unfortunately there could be lots of
2491 * different FSCTLs that are called.
2493 if (!vfswrap_logged_ioctl_message
) {
2494 vfswrap_logged_ioctl_message
= true;
2495 DEBUG(2, ("%s (0x%x): Currently not implemented.\n",
2496 __FUNCTION__
, function
));
2500 return NT_STATUS_NOT_SUPPORTED
;
2503 /****************************************************************************
2505 ****************************************************************************/
2507 static void call_nt_transact_ioctl(connection_struct
*conn
,
2508 struct smb_request
*req
,
2509 uint16
**ppsetup
, uint32 setup_count
,
2510 char **ppparams
, uint32 parameter_count
,
2511 char **ppdata
, uint32 data_count
,
2512 uint32 max_data_count
)
2520 char *out_data
= NULL
;
2521 uint32 out_data_len
= 0;
2522 char *pdata
= *ppdata
;
2523 TALLOC_CTX
*ctx
= talloc_tos();
2525 if (setup_count
!= 8) {
2526 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count
));
2527 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2531 function
= IVAL(*ppsetup
, 0);
2532 fidnum
= SVAL(*ppsetup
, 4);
2533 isFSctl
= CVAL(*ppsetup
, 6);
2534 compfilter
= CVAL(*ppsetup
, 7);
2536 DEBUG(10, ("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
2537 function
, fidnum
, isFSctl
, compfilter
));
2539 fsp
=file_fsp(req
, fidnum
);
2542 * We don't really implement IOCTLs, especially on files.
2545 DEBUG(10, ("isFSctl: 0x%02X indicates IOCTL, not FSCTL!\n",
2547 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2551 /* Has to be for an open file! */
2552 if (!check_fsp_open(conn
, req
, fsp
)) {
2557 * out_data might be allocated by the VFS module, but talloc should be
2558 * used, and should be cleaned up when the request ends.
2560 status
= smb_fsctl(fsp
,
2566 (uint8_t **)&out_data
,
2569 if (!NT_STATUS_IS_OK(status
)) {
2570 reply_nterror(req
, status
);
2572 send_nt_replies(conn
, req
, NT_STATUS_OK
, NULL
, 0, out_data
, out_data_len
);
2577 #ifdef HAVE_SYS_QUOTAS
2578 /****************************************************************************
2579 Reply to get user quota
2580 ****************************************************************************/
2582 static void call_nt_transact_get_user_quota(connection_struct
*conn
,
2583 struct smb_request
*req
,
2587 uint32 parameter_count
,
2590 uint32 max_data_count
)
2592 NTSTATUS nt_status
= NT_STATUS_OK
;
2593 char *params
= *ppparams
;
2594 char *pdata
= *ppdata
;
2596 int data_len
=0,param_len
=0;
2599 files_struct
*fsp
= NULL
;
2603 bool start_enum
= True
;
2604 SMB_NTQUOTA_STRUCT qt
;
2605 SMB_NTQUOTA_LIST
*tmp_list
;
2606 SMB_NTQUOTA_HANDLE
*qt_handle
= NULL
;
2611 if (get_current_uid(conn
) != 0) {
2612 DEBUG(1,("get_user_quota: access_denied service [%s] user "
2613 "[%s]\n", lp_servicename(SNUM(conn
)),
2614 conn
->session_info
->unix_name
));
2615 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2620 * Ensure minimum number of parameters sent.
2623 if (parameter_count
< 4) {
2624 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count
));
2625 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2629 /* maybe we can check the quota_fnum */
2630 fsp
= file_fsp(req
, SVAL(params
,0));
2631 if (!check_fsp_ntquota_handle(conn
, req
, fsp
)) {
2632 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2633 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2637 /* the NULL pointer checking for fsp->fake_file_handle->pd
2638 * is done by CHECK_NTQUOTA_HANDLE_OK()
2640 qt_handle
= (SMB_NTQUOTA_HANDLE
*)fsp
->fake_file_handle
->private_data
;
2642 level
= SVAL(params
,2);
2644 /* unknown 12 bytes leading in params */
2647 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE
:
2648 /* seems that we should continue with the enum here --metze */
2650 if (qt_handle
->quota_list
!=NULL
&&
2651 qt_handle
->tmp_list
==NULL
) {
2654 free_ntquota_list(&(qt_handle
->quota_list
));
2656 /* Realloc the size of parameters and data we will return */
2658 params
= nttrans_realloc(ppparams
, param_len
);
2659 if(params
== NULL
) {
2660 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2665 SIVAL(params
,0,data_len
);
2672 case TRANSACT_GET_USER_QUOTA_LIST_START
:
2674 if (qt_handle
->quota_list
==NULL
&&
2675 qt_handle
->tmp_list
==NULL
) {
2679 if (start_enum
&& vfs_get_user_ntquota_list(fsp
,&(qt_handle
->quota_list
))!=0) {
2680 reply_nterror(req
, NT_STATUS_INTERNAL_ERROR
);
2684 /* Realloc the size of parameters and data we will return */
2686 params
= nttrans_realloc(ppparams
, param_len
);
2687 if(params
== NULL
) {
2688 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2692 /* we should not trust the value in max_data_count*/
2693 max_data_count
= MIN(max_data_count
,2048);
2695 pdata
= nttrans_realloc(ppdata
, max_data_count
);/* should be max data count from client*/
2697 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2703 /* set params Size of returned Quota Data 4 bytes*/
2704 /* but set it later when we know it */
2706 /* for each entry push the data */
2709 qt_handle
->tmp_list
= qt_handle
->quota_list
;
2712 tmp_list
= qt_handle
->tmp_list
;
2714 for (;((tmp_list
!=NULL
)&&((qt_len
+40+SID_MAX_SIZE
)<max_data_count
));
2715 tmp_list
=tmp_list
->next
,entry
+=entry_len
,qt_len
+=entry_len
) {
2717 sid_len
= ndr_size_dom_sid(
2718 &tmp_list
->quotas
->sid
, 0);
2719 entry_len
= 40 + sid_len
;
2721 /* nextoffset entry 4 bytes */
2722 SIVAL(entry
,0,entry_len
);
2724 /* then the len of the SID 4 bytes */
2725 SIVAL(entry
,4,sid_len
);
2727 /* unknown data 8 bytes uint64_t */
2728 SBIG_UINT(entry
,8,(uint64_t)0); /* this is not 0 in windows...-metze*/
2730 /* the used disk space 8 bytes uint64_t */
2731 SBIG_UINT(entry
,16,tmp_list
->quotas
->usedspace
);
2733 /* the soft quotas 8 bytes uint64_t */
2734 SBIG_UINT(entry
,24,tmp_list
->quotas
->softlim
);
2736 /* the hard quotas 8 bytes uint64_t */
2737 SBIG_UINT(entry
,32,tmp_list
->quotas
->hardlim
);
2739 /* and now the SID */
2740 sid_linearize(entry
+40, sid_len
, &tmp_list
->quotas
->sid
);
2743 qt_handle
->tmp_list
= tmp_list
;
2745 /* overwrite the offset of the last entry */
2746 SIVAL(entry
-entry_len
,0,0);
2748 data_len
= 4+qt_len
;
2749 /* overwrite the params quota_data_len */
2750 SIVAL(params
,0,data_len
);
2754 case TRANSACT_GET_USER_QUOTA_FOR_SID
:
2756 /* unknown 4 bytes IVAL(pdata,0) */
2758 if (data_count
< 8) {
2759 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count
,8));
2760 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
2764 sid_len
= IVAL(pdata
,4);
2765 /* Ensure this is less than 1mb. */
2766 if (sid_len
> (1024*1024)) {
2767 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2771 if (data_count
< 8+sid_len
) {
2772 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count
,(unsigned long)(8+sid_len
)));
2773 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
2777 data_len
= 4+40+sid_len
;
2779 if (max_data_count
< data_len
) {
2780 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2781 max_data_count
, data_len
));
2783 SIVAL(params
,0,data_len
);
2785 nt_status
= NT_STATUS_BUFFER_TOO_SMALL
;
2789 if (!sid_parse(pdata
+8,sid_len
,&sid
)) {
2790 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2794 if (vfs_get_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
2797 * we have to return zero's in all fields
2798 * instead of returning an error here
2803 /* Realloc the size of parameters and data we will return */
2805 params
= nttrans_realloc(ppparams
, param_len
);
2806 if(params
== NULL
) {
2807 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2811 pdata
= nttrans_realloc(ppdata
, data_len
);
2813 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2819 /* set params Size of returned Quota Data 4 bytes*/
2820 SIVAL(params
,0,data_len
);
2822 /* nextoffset entry 4 bytes */
2825 /* then the len of the SID 4 bytes */
2826 SIVAL(entry
,4,sid_len
);
2828 /* unknown data 8 bytes uint64_t */
2829 SBIG_UINT(entry
,8,(uint64_t)0); /* this is not 0 in windows...-mezte*/
2831 /* the used disk space 8 bytes uint64_t */
2832 SBIG_UINT(entry
,16,qt
.usedspace
);
2834 /* the soft quotas 8 bytes uint64_t */
2835 SBIG_UINT(entry
,24,qt
.softlim
);
2837 /* the hard quotas 8 bytes uint64_t */
2838 SBIG_UINT(entry
,32,qt
.hardlim
);
2840 /* and now the SID */
2841 sid_linearize(entry
+40, sid_len
, &sid
);
2846 DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp
->fnum
,level
));
2847 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
2852 send_nt_replies(conn
, req
, nt_status
, params
, param_len
,
2856 /****************************************************************************
2857 Reply to set user quota
2858 ****************************************************************************/
2860 static void call_nt_transact_set_user_quota(connection_struct
*conn
,
2861 struct smb_request
*req
,
2865 uint32 parameter_count
,
2868 uint32 max_data_count
)
2870 char *params
= *ppparams
;
2871 char *pdata
= *ppdata
;
2872 int data_len
=0,param_len
=0;
2873 SMB_NTQUOTA_STRUCT qt
;
2876 files_struct
*fsp
= NULL
;
2881 if (get_current_uid(conn
) != 0) {
2882 DEBUG(1,("set_user_quota: access_denied service [%s] user "
2883 "[%s]\n", lp_servicename(SNUM(conn
)),
2884 conn
->session_info
->unix_name
));
2885 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2890 * Ensure minimum number of parameters sent.
2893 if (parameter_count
< 2) {
2894 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count
));
2895 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2899 /* maybe we can check the quota_fnum */
2900 fsp
= file_fsp(req
, SVAL(params
,0));
2901 if (!check_fsp_ntquota_handle(conn
, req
, fsp
)) {
2902 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2903 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2907 if (data_count
< 40) {
2908 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count
,40));
2909 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2913 /* offset to next quota record.
2914 * 4 bytes IVAL(pdata,0)
2919 sid_len
= IVAL(pdata
,4);
2921 if (data_count
< 40+sid_len
|| (40+sid_len
< sid_len
)) {
2922 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count
,(unsigned long)40+sid_len
));
2923 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2927 /* unknown 8 bytes in pdata
2928 * maybe its the change time in NTTIME
2931 /* the used space 8 bytes (uint64_t)*/
2932 qt
.usedspace
= BVAL(pdata
,16);
2934 /* the soft quotas 8 bytes (uint64_t)*/
2935 qt
.softlim
= BVAL(pdata
,24);
2937 /* the hard quotas 8 bytes (uint64_t)*/
2938 qt
.hardlim
= BVAL(pdata
,32);
2940 if (!sid_parse(pdata
+40,sid_len
,&sid
)) {
2941 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2945 DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid
)));
2947 /* 44 unknown bytes left... */
2949 if (vfs_set_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
2950 reply_nterror(req
, NT_STATUS_INTERNAL_ERROR
);
2954 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, param_len
,
2957 #endif /* HAVE_SYS_QUOTAS */
2959 static void handle_nttrans(connection_struct
*conn
,
2960 struct trans_state
*state
,
2961 struct smb_request
*req
)
2963 if (get_Protocol() >= PROTOCOL_NT1
) {
2964 req
->flags2
|= 0x40; /* IS_LONG_NAME */
2965 SSVAL(req
->inbuf
,smb_flg2
,req
->flags2
);
2969 SMB_PERFCOUNT_SET_SUBOP(&req
->pcd
, state
->call
);
2971 /* Now we must call the relevant NT_TRANS function */
2972 switch(state
->call
) {
2973 case NT_TRANSACT_CREATE
:
2975 START_PROFILE(NT_transact_create
);
2976 call_nt_transact_create(
2978 &state
->setup
, state
->setup_count
,
2979 &state
->param
, state
->total_param
,
2980 &state
->data
, state
->total_data
,
2981 state
->max_data_return
);
2982 END_PROFILE(NT_transact_create
);
2986 case NT_TRANSACT_IOCTL
:
2988 START_PROFILE(NT_transact_ioctl
);
2989 call_nt_transact_ioctl(
2991 &state
->setup
, state
->setup_count
,
2992 &state
->param
, state
->total_param
,
2993 &state
->data
, state
->total_data
,
2994 state
->max_data_return
);
2995 END_PROFILE(NT_transact_ioctl
);
2999 case NT_TRANSACT_SET_SECURITY_DESC
:
3001 START_PROFILE(NT_transact_set_security_desc
);
3002 call_nt_transact_set_security_desc(
3004 &state
->setup
, state
->setup_count
,
3005 &state
->param
, state
->total_param
,
3006 &state
->data
, state
->total_data
,
3007 state
->max_data_return
);
3008 END_PROFILE(NT_transact_set_security_desc
);
3012 case NT_TRANSACT_NOTIFY_CHANGE
:
3014 START_PROFILE(NT_transact_notify_change
);
3015 call_nt_transact_notify_change(
3017 &state
->setup
, state
->setup_count
,
3018 &state
->param
, state
->total_param
,
3019 &state
->data
, state
->total_data
,
3020 state
->max_data_return
,
3021 state
->max_param_return
);
3022 END_PROFILE(NT_transact_notify_change
);
3026 case NT_TRANSACT_RENAME
:
3028 START_PROFILE(NT_transact_rename
);
3029 call_nt_transact_rename(
3031 &state
->setup
, state
->setup_count
,
3032 &state
->param
, state
->total_param
,
3033 &state
->data
, state
->total_data
,
3034 state
->max_data_return
);
3035 END_PROFILE(NT_transact_rename
);
3039 case NT_TRANSACT_QUERY_SECURITY_DESC
:
3041 START_PROFILE(NT_transact_query_security_desc
);
3042 call_nt_transact_query_security_desc(
3044 &state
->setup
, state
->setup_count
,
3045 &state
->param
, state
->total_param
,
3046 &state
->data
, state
->total_data
,
3047 state
->max_data_return
);
3048 END_PROFILE(NT_transact_query_security_desc
);
3052 #ifdef HAVE_SYS_QUOTAS
3053 case NT_TRANSACT_GET_USER_QUOTA
:
3055 START_PROFILE(NT_transact_get_user_quota
);
3056 call_nt_transact_get_user_quota(
3058 &state
->setup
, state
->setup_count
,
3059 &state
->param
, state
->total_param
,
3060 &state
->data
, state
->total_data
,
3061 state
->max_data_return
);
3062 END_PROFILE(NT_transact_get_user_quota
);
3066 case NT_TRANSACT_SET_USER_QUOTA
:
3068 START_PROFILE(NT_transact_set_user_quota
);
3069 call_nt_transact_set_user_quota(
3071 &state
->setup
, state
->setup_count
,
3072 &state
->param
, state
->total_param
,
3073 &state
->data
, state
->total_data
,
3074 state
->max_data_return
);
3075 END_PROFILE(NT_transact_set_user_quota
);
3078 #endif /* HAVE_SYS_QUOTAS */
3081 /* Error in request */
3082 DEBUG(0,("handle_nttrans: Unknown request %d in "
3083 "nttrans call\n", state
->call
));
3084 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
3090 /****************************************************************************
3091 Reply to a SMBNTtrans.
3092 ****************************************************************************/
3094 void reply_nttrans(struct smb_request
*req
)
3096 connection_struct
*conn
= req
->conn
;
3101 uint16 function_code
;
3103 struct trans_state
*state
;
3105 START_PROFILE(SMBnttrans
);
3107 if (req
->wct
< 19) {
3108 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3109 END_PROFILE(SMBnttrans
);
3113 pscnt
= IVAL(req
->vwv
+9, 1);
3114 psoff
= IVAL(req
->vwv
+11, 1);
3115 dscnt
= IVAL(req
->vwv
+13, 1);
3116 dsoff
= IVAL(req
->vwv
+15, 1);
3117 function_code
= SVAL(req
->vwv
+18, 0);
3119 if (IS_IPC(conn
) && (function_code
!= NT_TRANSACT_CREATE
)) {
3120 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
3121 END_PROFILE(SMBnttrans
);
3125 result
= allow_new_trans(conn
->pending_trans
, req
->mid
);
3126 if (!NT_STATUS_IS_OK(result
)) {
3127 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result
)));
3128 reply_nterror(req
, result
);
3129 END_PROFILE(SMBnttrans
);
3133 if ((state
= TALLOC_P(conn
, struct trans_state
)) == NULL
) {
3134 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
3135 END_PROFILE(SMBnttrans
);
3139 state
->cmd
= SMBnttrans
;
3141 state
->mid
= req
->mid
;
3142 state
->vuid
= req
->vuid
;
3143 state
->total_data
= IVAL(req
->vwv
+3, 1);
3145 state
->total_param
= IVAL(req
->vwv
+1, 1);
3146 state
->param
= NULL
;
3147 state
->max_data_return
= IVAL(req
->vwv
+7, 1);
3148 state
->max_param_return
= IVAL(req
->vwv
+5, 1);
3150 /* setup count is in *words* */
3151 state
->setup_count
= 2*CVAL(req
->vwv
+17, 1);
3152 state
->setup
= NULL
;
3153 state
->call
= function_code
;
3155 DEBUG(10, ("num_setup=%u, "
3156 "param_total=%u, this_param=%u, max_param=%u, "
3157 "data_total=%u, this_data=%u, max_data=%u, "
3158 "param_offset=%u, data_offset=%u\n",
3159 (unsigned)state
->setup_count
,
3160 (unsigned)state
->total_param
, (unsigned)pscnt
,
3161 (unsigned)state
->max_param_return
,
3162 (unsigned)state
->total_data
, (unsigned)dscnt
,
3163 (unsigned)state
->max_data_return
,
3164 (unsigned)psoff
, (unsigned)dsoff
));
3167 * All nttrans messages we handle have smb_wct == 19 +
3168 * state->setup_count. Ensure this is so as a sanity check.
3171 if(req
->wct
!= 19 + (state
->setup_count
/2)) {
3172 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
3173 req
->wct
, 19 + (state
->setup_count
/2)));
3177 /* Don't allow more than 128mb for each value. */
3178 if ((state
->total_data
> (1024*1024*128)) ||
3179 (state
->total_param
> (1024*1024*128))) {
3180 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
3181 END_PROFILE(SMBnttrans
);
3185 if ((dscnt
> state
->total_data
) || (pscnt
> state
->total_param
))
3188 if (state
->total_data
) {
3190 if (trans_oob(state
->total_data
, 0, dscnt
)
3191 || trans_oob(smb_len(req
->inbuf
), dsoff
, dscnt
)) {
3195 /* Can't use talloc here, the core routines do realloc on the
3196 * params and data. */
3197 if ((state
->data
= (char *)SMB_MALLOC(state
->total_data
)) == NULL
) {
3198 DEBUG(0,("reply_nttrans: data malloc fail for %u "
3199 "bytes !\n", (unsigned int)state
->total_data
));
3201 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
3202 END_PROFILE(SMBnttrans
);
3206 memcpy(state
->data
,smb_base(req
->inbuf
)+dsoff
,dscnt
);
3209 if (state
->total_param
) {
3211 if (trans_oob(state
->total_param
, 0, pscnt
)
3212 || trans_oob(smb_len(req
->inbuf
), psoff
, pscnt
)) {
3216 /* Can't use talloc here, the core routines do realloc on the
3217 * params and data. */
3218 if ((state
->param
= (char *)SMB_MALLOC(state
->total_param
)) == NULL
) {
3219 DEBUG(0,("reply_nttrans: param malloc fail for %u "
3220 "bytes !\n", (unsigned int)state
->total_param
));
3221 SAFE_FREE(state
->data
);
3223 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
3224 END_PROFILE(SMBnttrans
);
3228 memcpy(state
->param
,smb_base(req
->inbuf
)+psoff
,pscnt
);
3231 state
->received_data
= dscnt
;
3232 state
->received_param
= pscnt
;
3234 if(state
->setup_count
> 0) {
3235 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
3236 state
->setup_count
));
3239 * No overflow possible here, state->setup_count is an
3240 * unsigned int, being filled by a single byte from
3241 * CVAL(req->vwv+13, 0) above. The cast in the comparison
3242 * below is not necessary, it's here to clarify things. The
3243 * validity of req->vwv and req->wct has been checked in
3244 * init_smb_request already.
3246 if ((state
->setup_count
/2) + 19 > (unsigned int)req
->wct
) {
3250 state
->setup
= (uint16
*)TALLOC(state
, state
->setup_count
);
3251 if (state
->setup
== NULL
) {
3252 DEBUG(0,("reply_nttrans : Out of memory\n"));
3253 SAFE_FREE(state
->data
);
3254 SAFE_FREE(state
->param
);
3256 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
3257 END_PROFILE(SMBnttrans
);
3261 memcpy(state
->setup
, req
->vwv
+19, state
->setup_count
);
3262 dump_data(10, (uint8
*)state
->setup
, state
->setup_count
);
3265 if ((state
->received_data
== state
->total_data
) &&
3266 (state
->received_param
== state
->total_param
)) {
3267 handle_nttrans(conn
, state
, req
);
3268 SAFE_FREE(state
->param
);
3269 SAFE_FREE(state
->data
);
3271 END_PROFILE(SMBnttrans
);
3275 DLIST_ADD(conn
->pending_trans
, state
);
3277 /* We need to send an interim response then receive the rest
3278 of the parameter/data bytes */
3279 reply_outbuf(req
, 0, 0);
3280 show_msg((char *)req
->outbuf
);
3281 END_PROFILE(SMBnttrans
);
3286 DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
3287 SAFE_FREE(state
->data
);
3288 SAFE_FREE(state
->param
);
3290 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3291 END_PROFILE(SMBnttrans
);
3295 /****************************************************************************
3296 Reply to a SMBnttranss
3297 ****************************************************************************/
3299 void reply_nttranss(struct smb_request
*req
)
3301 connection_struct
*conn
= req
->conn
;
3302 uint32_t pcnt
,poff
,dcnt
,doff
,pdisp
,ddisp
;
3303 struct trans_state
*state
;
3305 START_PROFILE(SMBnttranss
);
3307 show_msg((char *)req
->inbuf
);
3309 /* Windows clients expect all replies to
3310 an NT transact secondary (SMBnttranss 0xA1)
3311 to have a command code of NT transact
3312 (SMBnttrans 0xA0). See bug #8989 for details. */
3313 req
->cmd
= SMBnttrans
;
3315 if (req
->wct
< 18) {
3316 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3317 END_PROFILE(SMBnttranss
);
3321 for (state
= conn
->pending_trans
; state
!= NULL
;
3322 state
= state
->next
) {
3323 if (state
->mid
== req
->mid
) {
3328 if ((state
== NULL
) || (state
->cmd
!= SMBnttrans
)) {
3329 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3330 END_PROFILE(SMBnttranss
);
3334 /* Revise state->total_param and state->total_data in case they have
3335 changed downwards */
3336 if (IVAL(req
->vwv
+1, 1) < state
->total_param
) {
3337 state
->total_param
= IVAL(req
->vwv
+1, 1);
3339 if (IVAL(req
->vwv
+3, 1) < state
->total_data
) {
3340 state
->total_data
= IVAL(req
->vwv
+3, 1);
3343 pcnt
= IVAL(req
->vwv
+5, 1);
3344 poff
= IVAL(req
->vwv
+7, 1);
3345 pdisp
= IVAL(req
->vwv
+9, 1);
3347 dcnt
= IVAL(req
->vwv
+11, 1);
3348 doff
= IVAL(req
->vwv
+13, 1);
3349 ddisp
= IVAL(req
->vwv
+15, 1);
3351 state
->received_param
+= pcnt
;
3352 state
->received_data
+= dcnt
;
3354 if ((state
->received_data
> state
->total_data
) ||
3355 (state
->received_param
> state
->total_param
))
3359 if (trans_oob(state
->total_param
, pdisp
, pcnt
)
3360 || trans_oob(smb_len(req
->inbuf
), poff
, pcnt
)) {
3363 memcpy(state
->param
+pdisp
, smb_base(req
->inbuf
)+poff
,pcnt
);
3367 if (trans_oob(state
->total_data
, ddisp
, dcnt
)
3368 || trans_oob(smb_len(req
->inbuf
), doff
, dcnt
)) {
3371 memcpy(state
->data
+ddisp
, smb_base(req
->inbuf
)+doff
,dcnt
);
3374 if ((state
->received_param
< state
->total_param
) ||
3375 (state
->received_data
< state
->total_data
)) {
3376 END_PROFILE(SMBnttranss
);
3380 handle_nttrans(conn
, state
, req
);
3382 DLIST_REMOVE(conn
->pending_trans
, state
);
3383 SAFE_FREE(state
->data
);
3384 SAFE_FREE(state
->param
);
3386 END_PROFILE(SMBnttranss
);
3391 DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3392 DLIST_REMOVE(conn
->pending_trans
, state
);
3393 SAFE_FREE(state
->data
);
3394 SAFE_FREE(state
->param
);
3396 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3397 END_PROFILE(SMBnttranss
);