search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
VERSION: Bump version up to 3.6.20.
[Samba.git] / source3 / smbd / reply.c
blob0585a6edc96a706bffa5e7d730ec6758277fd57d
1 /*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 /*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25 */
26
27 #include "includes.h"
28 #include "system/filesys.h"
29 #include "printing.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "fake_file.h"
33 #include "rpc_client/rpc_client.h"
34 #include "../librpc/gen_ndr/ndr_spoolss_c.h"
35 #include "rpc_client/cli_spoolss.h"
36 #include "rpc_client/init_spoolss.h"
37 #include "rpc_server/rpc_ncacn_np.h"
38 #include "libcli/security/security.h"
39 #include "libsmb/nmblib.h"
40 #include "auth.h"
41 #include "smbprofile.h"
42
43 /****************************************************************************
44 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
45 path or anything including wildcards.
46 We're assuming here that '/' is not the second byte in any multibyte char
47 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
48 set.
49 ****************************************************************************/
50
51 /* Custom version for processing POSIX paths. */
52 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
53
54 static NTSTATUS check_path_syntax_internal(char *path,
55 bool posix_path,
56 bool *p_last_component_contains_wcard)
57 {
58 char *d = path;
59 const char *s = path;
60 NTSTATUS ret = NT_STATUS_OK;
61 bool start_of_name_component = True;
62 bool stream_started = false;
63
64 *p_last_component_contains_wcard = False;
65
66 while (*s) {
67 if (stream_started) {
68 switch (*s) {
69 case '/':
70 case '\\':
71 return NT_STATUS_OBJECT_NAME_INVALID;
72 case ':':
73 if (s[1] == '\0') {
74 return NT_STATUS_OBJECT_NAME_INVALID;
75 }
76 if (strchr_m(&s[1], ':')) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
78 }
79 break;
80 }
81 }
82
83 if ((*s == ':') && !posix_path && !stream_started) {
84 if (*p_last_component_contains_wcard) {
85 return NT_STATUS_OBJECT_NAME_INVALID;
86 }
87 /* Stream names allow more characters than file names.
88 We're overloading posix_path here to allow a wider
89 range of characters. If stream_started is true this
90 is still a Windows path even if posix_path is true.
91 JRA.
92 */
93 stream_started = true;
94 start_of_name_component = false;
95 posix_path = true;
96
97 if (s[1] == '\0') {
98 return NT_STATUS_OBJECT_NAME_INVALID;
99 }
100 }
101
102 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
103 /*
104 * Safe to assume is not the second part of a mb char
105 * as this is handled below.
106 */
107 /* Eat multiple '/' or '\\' */
108 while (IS_PATH_SEP(*s,posix_path)) {
109 s++;
110 }
111 if ((d != path) && (*s != '\0')) {
112 /* We only care about non-leading or trailing '/' or '\\' */
113 *d++ = '/';
114 }
115
116 start_of_name_component = True;
117 /* New component. */
118 *p_last_component_contains_wcard = False;
119 continue;
120 }
121
122 if (start_of_name_component) {
123 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
124 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
125
126 /*
127 * No mb char starts with '.' so we're safe checking the directory separator here.
128 */
129
130 /* If we just added a '/' - delete it */
131 if ((d > path) && (*(d-1) == '/')) {
132 *(d-1) = '\0';
133 d--;
134 }
135
136 /* Are we at the start ? Can't go back further if so. */
137 if (d <= path) {
138 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
139 break;
140 }
141 /* Go back one level... */
142 /* We know this is safe as '/' cannot be part of a mb sequence. */
143 /* NOTE - if this assumption is invalid we are not in good shape... */
144 /* Decrement d first as d points to the *next* char to write into. */
145 for (d--; d > path; d--) {
146 if (*d == '/')
147 break;
148 }
149 s += 2; /* Else go past the .. */
150 /* We're still at the start of a name component, just the previous one. */
151 continue;
152
153 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
154 if (posix_path) {
155 /* Eat the '.' */
156 s++;
157 continue;
158 }
159 }
160
161 }
162
163 if (!(*s & 0x80)) {
164 if (!posix_path) {
165 if (*s <= 0x1f || *s == '|') {
166 return NT_STATUS_OBJECT_NAME_INVALID;
167 }
168 switch (*s) {
169 case '*':
170 case '?':
171 case '<':
172 case '>':
173 case '"':
174 *p_last_component_contains_wcard = True;
175 break;
176 default:
177 break;
178 }
179 }
180 *d++ = *s++;
181 } else {
182 size_t siz;
183 /* Get the size of the next MB character. */
184 next_codepoint(s,&siz);
185 switch(siz) {
186 case 5:
187 *d++ = *s++;
188 /*fall through*/
189 case 4:
190 *d++ = *s++;
191 /*fall through*/
192 case 3:
193 *d++ = *s++;
194 /*fall through*/
195 case 2:
196 *d++ = *s++;
197 /*fall through*/
198 case 1:
199 *d++ = *s++;
200 break;
201 default:
202 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
203 *d = '\0';
204 return NT_STATUS_INVALID_PARAMETER;
205 }
206 }
207 start_of_name_component = False;
208 }
209
210 *d = '\0';
211
212 return ret;
213 }
214
215 /****************************************************************************
216 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
217 No wildcards allowed.
218 ****************************************************************************/
219
220 NTSTATUS check_path_syntax(char *path)
221 {
222 bool ignore;
223 return check_path_syntax_internal(path, False, &ignore);
224 }
225
226 /****************************************************************************
227 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
228 Wildcards allowed - p_contains_wcard returns true if the last component contained
229 a wildcard.
230 ****************************************************************************/
231
232 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
233 {
234 return check_path_syntax_internal(path, False, p_contains_wcard);
235 }
236
237 /****************************************************************************
238 Check the path for a POSIX client.
239 We're assuming here that '/' is not the second byte in any multibyte char
240 set (a safe assumption).
241 ****************************************************************************/
242
243 NTSTATUS check_path_syntax_posix(char *path)
244 {
245 bool ignore;
246 return check_path_syntax_internal(path, True, &ignore);
247 }
248
249 /****************************************************************************
250 Pull a string and check the path allowing a wilcard - provide for error return.
251 ****************************************************************************/
252
253 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
254 const char *base_ptr,
255 uint16 smb_flags2,
256 char **pp_dest,
257 const char *src,
258 size_t src_len,
259 int flags,
260 NTSTATUS *err,
261 bool *contains_wcard)
262 {
263 size_t ret;
264
265 *pp_dest = NULL;
266
267 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
268 src_len, flags);
269
270 if (!*pp_dest) {
271 *err = NT_STATUS_INVALID_PARAMETER;
272 return ret;
273 }
274
275 *contains_wcard = False;
276
277 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
278 /*
279 * For a DFS path the function parse_dfs_path()
280 * will do the path processing, just make a copy.
281 */
282 *err = NT_STATUS_OK;
283 return ret;
284 }
285
286 if (lp_posix_pathnames()) {
287 *err = check_path_syntax_posix(*pp_dest);
288 } else {
289 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
290 }
291
292 return ret;
293 }
294
295 /****************************************************************************
296 Pull a string and check the path - provide for error return.
297 ****************************************************************************/
298
299 size_t srvstr_get_path(TALLOC_CTX *ctx,
300 const char *base_ptr,
301 uint16 smb_flags2,
302 char **pp_dest,
303 const char *src,
304 size_t src_len,
305 int flags,
306 NTSTATUS *err)
307 {
308 bool ignore;
309 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
310 src_len, flags, err, &ignore);
311 }
312
313 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
314 char **pp_dest, const char *src, int flags,
315 NTSTATUS *err, bool *contains_wcard)
316 {
317 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
318 pp_dest, src, smbreq_bufrem(req, src),
319 flags, err, contains_wcard);
320 }
321
322 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
323 char **pp_dest, const char *src, int flags,
324 NTSTATUS *err)
325 {
326 bool ignore;
327 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
328 flags, err, &ignore);
329 }
330
331 /****************************************************************************
332 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
333 ****************************************************************************/
334
335 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
336 files_struct *fsp)
337 {
338 if ((fsp == NULL) || (conn == NULL)) {
339 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
340 return False;
341 }
342 if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) {
343 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
344 return False;
345 }
346 return True;
347 }
348
349 /****************************************************************************
350 Check if we have a correct fsp pointing to a file.
351 ****************************************************************************/
352
353 bool check_fsp(connection_struct *conn, struct smb_request *req,
354 files_struct *fsp)
355 {
356 if (!check_fsp_open(conn, req, fsp)) {
357 return False;
358 }
359 if (fsp->is_directory) {
360 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
361 return False;
362 }
363 if (fsp->fh->fd == -1) {
364 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
365 return False;
366 }
367 fsp->num_smb_operations++;
368 return True;
369 }
370
371 /****************************************************************************
372 Check if we have a correct fsp pointing to a quota fake file. Replacement for
373 the CHECK_NTQUOTA_HANDLE_OK macro.
374 ****************************************************************************/
375
376 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
377 files_struct *fsp)
378 {
379 if (!check_fsp_open(conn, req, fsp)) {
380 return false;
381 }
382
383 if (fsp->is_directory) {
384 return false;
385 }
386
387 if (fsp->fake_file_handle == NULL) {
388 return false;
389 }
390
391 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
392 return false;
393 }
394
395 if (fsp->fake_file_handle->private_data == NULL) {
396 return false;
397 }
398
399 return true;
400 }
401
402 static bool netbios_session_retarget(struct smbd_server_connection *sconn,
403 const char *name, int name_type)
404 {
405 char *trim_name;
406 char *trim_name_type;
407 const char *retarget_parm;
408 char *retarget;
409 char *p;
410 int retarget_type = 0x20;
411 int retarget_port = 139;
412 struct sockaddr_storage retarget_addr;
413 struct sockaddr_in *in_addr;
414 bool ret = false;
415 uint8_t outbuf[10];
416
417 if (get_socket_port(sconn->sock) != 139) {
418 return false;
419 }
420
421 trim_name = talloc_strdup(talloc_tos(), name);
422 if (trim_name == NULL) {
423 goto fail;
424 }
425 trim_char(trim_name, ' ', ' ');
426
427 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
428 name_type);
429 if (trim_name_type == NULL) {
430 goto fail;
431 }
432
433 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
434 trim_name_type, NULL);
435 if (retarget_parm == NULL) {
436 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
437 trim_name, NULL);
438 }
439 if (retarget_parm == NULL) {
440 goto fail;
441 }
442
443 retarget = talloc_strdup(trim_name, retarget_parm);
444 if (retarget == NULL) {
445 goto fail;
446 }
447
448 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
449
450 p = strchr(retarget, ':');
451 if (p != NULL) {
452 *p++ = '\0';
453 retarget_port = atoi(p);
454 }
455
456 p = strchr_m(retarget, '#');
457 if (p != NULL) {
458 *p++ = '\0';
459 if (sscanf(p, "%x", &retarget_type) != 1) {
460 goto fail;
461 }
462 }
463
464 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
465 if (!ret) {
466 DEBUG(10, ("could not resolve %s\n", retarget));
467 goto fail;
468 }
469
470 if (retarget_addr.ss_family != AF_INET) {
471 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
472 goto fail;
473 }
474
475 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
476
477 _smb_setlen(outbuf, 6);
478 SCVAL(outbuf, 0, 0x84);
479 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
480 *(uint16_t *)(outbuf+8) = htons(retarget_port);
481
482 if (!srv_send_smb(sconn, (char *)outbuf, false, 0, false,
483 NULL)) {
484 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
485 "failed.");
486 }
487
488 ret = true;
489 fail:
490 TALLOC_FREE(trim_name);
491 return ret;
492 }
493
494 /****************************************************************************
495 Reply to a (netbios-level) special message.
496 ****************************************************************************/
497
498 void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inbuf_size)
499 {
500 int msg_type = CVAL(inbuf,0);
501 int msg_flags = CVAL(inbuf,1);
502 /*
503 * We only really use 4 bytes of the outbuf, but for the smb_setlen
504 * calculation & friends (srv_send_smb uses that) we need the full smb
505 * header.
506 */
507 char outbuf[smb_size];
508
509 memset(outbuf, '\0', sizeof(outbuf));
510
511 smb_setlen(outbuf,0);
512
513 switch (msg_type) {
514 case 0x81: /* session request */
515 {
516 /* inbuf_size is guarenteed to be at least 4. */
517 fstring name1,name2;
518 int name_type1, name_type2;
519 int name_len1, name_len2;
520
521 *name1 = *name2 = 0;
522
523 if (sconn->nbt.got_session) {
524 exit_server_cleanly("multiple session request not permitted");
525 }
526
527 SCVAL(outbuf,0,0x82);
528 SCVAL(outbuf,3,0);
529
530 /* inbuf_size is guaranteed to be at least 4. */
531 name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
532 if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
533 DEBUG(0,("Invalid name length in session request\n"));
534 break;
535 }
536 name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
537 if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
538 DEBUG(0,("Invalid name length in session request\n"));
539 break;
540 }
541
542 name_type1 = name_extract((unsigned char *)inbuf,
543 inbuf_size,(unsigned int)4,name1);
544 name_type2 = name_extract((unsigned char *)inbuf,
545 inbuf_size,(unsigned int)(4 + name_len1),name2);
546
547 if (name_type1 == -1 || name_type2 == -1) {
548 DEBUG(0,("Invalid name type in session request\n"));
549 break;
550 }
551
552 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
553 name1, name_type1, name2, name_type2));
554
555 if (netbios_session_retarget(sconn, name1, name_type1)) {
556 exit_server_cleanly("retargeted client");
557 }
558
559 /*
560 * Windows NT/2k uses "*SMBSERVER" and XP uses
561 * "*SMBSERV" arrggg!!!
562 */
563 if (strequal(name1, "*SMBSERVER ")
564 || strequal(name1, "*SMBSERV ")) {
565 fstrcpy(name1, sconn->client_id.addr);
566 }
567
568 set_local_machine_name(name1, True);
569 set_remote_machine_name(name2, True);
570
571 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
572 get_local_machine_name(), get_remote_machine_name(),
573 name_type2));
574
575 if (name_type2 == 'R') {
576 /* We are being asked for a pathworks session ---
577 no thanks! */
578 SCVAL(outbuf, 0,0x83);
579 break;
580 }
581
582 /* only add the client's machine name to the list
583 of possibly valid usernames if we are operating
584 in share mode security */
585 if (lp_security() == SEC_SHARE) {
586 add_session_user(sconn, get_remote_machine_name());
587 }
588
589 reload_services(sconn->msg_ctx, sconn->sock, True);
590 reopen_logs();
591
592 sconn->nbt.got_session = true;
593 break;
594 }
595
596 case 0x89: /* session keepalive request
597 (some old clients produce this?) */
598 SCVAL(outbuf,0,SMBkeepalive);
599 SCVAL(outbuf,3,0);
600 break;
601
602 case 0x82: /* positive session response */
603 case 0x83: /* negative session response */
604 case 0x84: /* retarget session response */
605 DEBUG(0,("Unexpected session response\n"));
606 break;
607
608 case SMBkeepalive: /* session keepalive */
609 default:
610 return;
611 }
612
613 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
614 msg_type, msg_flags));
615
616 srv_send_smb(sconn, outbuf, false, 0, false, NULL);
617 return;
618 }
619
620 /****************************************************************************
621 Reply to a tcon.
622 conn POINTER CAN BE NULL HERE !
623 ****************************************************************************/
624
625 void reply_tcon(struct smb_request *req)
626 {
627 connection_struct *conn = req->conn;
628 const char *service;
629 char *service_buf = NULL;
630 char *password = NULL;
631 char *dev = NULL;
632 int pwlen=0;
633 NTSTATUS nt_status;
634 const char *p;
635 DATA_BLOB password_blob;
636 TALLOC_CTX *ctx = talloc_tos();
637 struct smbd_server_connection *sconn = req->sconn;
638
639 START_PROFILE(SMBtcon);
640
641 if (req->buflen < 4) {
642 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
643 END_PROFILE(SMBtcon);
644 return;
645 }
646
647 p = (const char *)req->buf + 1;
648 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
649 p += 1;
650 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
651 p += pwlen+1;
652 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
653 p += 1;
654
655 if (service_buf == NULL || password == NULL || dev == NULL) {
656 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
657 END_PROFILE(SMBtcon);
658 return;
659 }
660 p = strrchr_m(service_buf,'\\');
661 if (p) {
662 service = p+1;
663 } else {
664 service = service_buf;
665 }
666
667 password_blob = data_blob(password, pwlen+1);
668
669 conn = make_connection(sconn,service,password_blob,dev,
670 req->vuid,&nt_status);
671 req->conn = conn;
672
673 data_blob_clear_free(&password_blob);
674
675 if (!conn) {
676 reply_nterror(req, nt_status);
677 END_PROFILE(SMBtcon);
678 return;
679 }
680
681 reply_outbuf(req, 2, 0);
682 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
683 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
684 SSVAL(req->outbuf,smb_tid,conn->cnum);
685
686 DEBUG(3,("tcon service=%s cnum=%d\n",
687 service, conn->cnum));
688
689 END_PROFILE(SMBtcon);
690 return;
691 }
692
693 /****************************************************************************
694 Reply to a tcon and X.
695 conn POINTER CAN BE NULL HERE !
696 ****************************************************************************/
697
698 void reply_tcon_and_X(struct smb_request *req)
699 {
700 connection_struct *conn = req->conn;
701 const char *service = NULL;
702 DATA_BLOB password;
703 TALLOC_CTX *ctx = talloc_tos();
704 /* what the cleint thinks the device is */
705 char *client_devicetype = NULL;
706 /* what the server tells the client the share represents */
707 const char *server_devicetype;
708 NTSTATUS nt_status;
709 int passlen;
710 char *path = NULL;
711 const char *p, *q;
712 uint16 tcon_flags;
713 struct smbd_server_connection *sconn = req->sconn;
714
715 START_PROFILE(SMBtconX);
716
717 if (req->wct < 4) {
718 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
719 END_PROFILE(SMBtconX);
720 return;
721 }
722
723 passlen = SVAL(req->vwv+3, 0);
724 tcon_flags = SVAL(req->vwv+2, 0);
725
726 /* we might have to close an old one */
727 if ((tcon_flags & 0x1) && conn) {
728 close_cnum(conn,req->vuid);
729 req->conn = NULL;
730 conn = NULL;
731 }
732
733 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
734 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
735 END_PROFILE(SMBtconX);
736 return;
737 }
738
739 if (sconn->smb1.negprot.encrypted_passwords) {
740 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
741 if (lp_security() == SEC_SHARE) {
742 /*
743 * Security = share always has a pad byte
744 * after the password.
745 */
746 p = (const char *)req->buf + passlen + 1;
747 } else {
748 p = (const char *)req->buf + passlen;
749 }
750 } else {
751 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
752 /* Ensure correct termination */
753 password.data[passlen]=0;
754 p = (const char *)req->buf + passlen + 1;
755 }
756
757 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
758
759 if (path == NULL) {
760 data_blob_clear_free(&password);
761 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
762 END_PROFILE(SMBtconX);
763 return;
764 }
765
766 /*
767 * the service name can be either: \\server\share
768 * or share directly like on the DELL PowerVault 705
769 */
770 if (*path=='\\') {
771 q = strchr_m(path+2,'\\');
772 if (!q) {
773 data_blob_clear_free(&password);
774 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
775 END_PROFILE(SMBtconX);
776 return;
777 }
778 service = q+1;
779 } else {
780 service = path;
781 }
782
783 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
784 &client_devicetype, p,
785 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
786
787 if (client_devicetype == NULL) {
788 data_blob_clear_free(&password);
789 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
790 END_PROFILE(SMBtconX);
791 return;
792 }
793
794 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
795
796 conn = make_connection(sconn, service, password, client_devicetype,
797 req->vuid, &nt_status);
798 req->conn =conn;
799
800 data_blob_clear_free(&password);
801
802 if (!conn) {
803 reply_nterror(req, nt_status);
804 END_PROFILE(SMBtconX);
805 return;
806 }
807
808 if ( IS_IPC(conn) )
809 server_devicetype = "IPC";
810 else if ( IS_PRINT(conn) )
811 server_devicetype = "LPT1:";
812 else
813 server_devicetype = "A:";
814
815 if (get_Protocol() < PROTOCOL_NT1) {
816 reply_outbuf(req, 2, 0);
817 if (message_push_string(&req->outbuf, server_devicetype,
818 STR_TERMINATE|STR_ASCII) == -1) {
819 reply_nterror(req, NT_STATUS_NO_MEMORY);
820 END_PROFILE(SMBtconX);
821 return;
822 }
823 } else {
824 /* NT sets the fstype of IPC$ to the null string */
825 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
826
827 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
828 /* Return permissions. */
829 uint32 perm1 = 0;
830 uint32 perm2 = 0;
831
832 reply_outbuf(req, 7, 0);
833
834 if (IS_IPC(conn)) {
835 perm1 = FILE_ALL_ACCESS;
836 perm2 = FILE_ALL_ACCESS;
837 } else {
838 perm1 = conn->share_access;
839 }
840
841 SIVAL(req->outbuf, smb_vwv3, perm1);
842 SIVAL(req->outbuf, smb_vwv5, perm2);
843 } else {
844 reply_outbuf(req, 3, 0);
845 }
846
847 if ((message_push_string(&req->outbuf, server_devicetype,
848 STR_TERMINATE|STR_ASCII) == -1)
849 || (message_push_string(&req->outbuf, fstype,
850 STR_TERMINATE) == -1)) {
851 reply_nterror(req, NT_STATUS_NO_MEMORY);
852 END_PROFILE(SMBtconX);
853 return;
854 }
855
856 /* what does setting this bit do? It is set by NT4 and
857 may affect the ability to autorun mounted cdroms */
858 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
859 (lp_csc_policy(SNUM(conn)) << 2));
860
861 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
862 DEBUG(2,("Serving %s as a Dfs root\n",
863 lp_servicename(SNUM(conn)) ));
864 SSVAL(req->outbuf, smb_vwv2,
865 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
866 }
867 }
868
869
870 DEBUG(3,("tconX service=%s \n",
871 service));
872
873 /* set the incoming and outgoing tid to the just created one */
874 SSVAL(req->inbuf,smb_tid,conn->cnum);
875 SSVAL(req->outbuf,smb_tid,conn->cnum);
876
877 END_PROFILE(SMBtconX);
878
879 req->tid = conn->cnum;
880 chain_reply(req);
881 return;
882 }
883
884 /****************************************************************************
885 Reply to an unknown type.
886 ****************************************************************************/
887
888 void reply_unknown_new(struct smb_request *req, uint8 type)
889 {
890 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
891 smb_fn_name(type), type, type));
892 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
893 return;
894 }
895
896 /****************************************************************************
897 Reply to an ioctl.
898 conn POINTER CAN BE NULL HERE !
899 ****************************************************************************/
900
901 void reply_ioctl(struct smb_request *req)
902 {
903 connection_struct *conn = req->conn;
904 uint16 device;
905 uint16 function;
906 uint32 ioctl_code;
907 int replysize;
908 char *p;
909
910 START_PROFILE(SMBioctl);
911
912 if (req->wct < 3) {
913 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
914 END_PROFILE(SMBioctl);
915 return;
916 }
917
918 device = SVAL(req->vwv+1, 0);
919 function = SVAL(req->vwv+2, 0);
920 ioctl_code = (device << 16) + function;
921
922 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
923
924 switch (ioctl_code) {
925 case IOCTL_QUERY_JOB_INFO:
926 replysize = 32;
927 break;
928 default:
929 reply_force_doserror(req, ERRSRV, ERRnosupport);
930 END_PROFILE(SMBioctl);
931 return;
932 }
933
934 reply_outbuf(req, 8, replysize+1);
935 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
936 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
937 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
938 p = smb_buf(req->outbuf);
939 memset(p, '\0', replysize+1); /* valgrind-safe. */
940 p += 1; /* Allow for alignment */
941
942 switch (ioctl_code) {
943 case IOCTL_QUERY_JOB_INFO:
944 {
945 files_struct *fsp = file_fsp(
946 req, SVAL(req->vwv+0, 0));
947 if (!fsp) {
948 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
949 END_PROFILE(SMBioctl);
950 return;
951 }
952 /* Job number */
953 if (fsp->print_file) {
954 SSVAL(p, 0, fsp->print_file->rap_jobid);
955 } else {
956 SSVAL(p, 0, 0);
957 }
958 srvstr_push((char *)req->outbuf, req->flags2, p+2,
959 global_myname(), 15,
960 STR_TERMINATE|STR_ASCII);
961 if (conn) {
962 srvstr_push((char *)req->outbuf, req->flags2,
963 p+18, lp_servicename(SNUM(conn)),
964 13, STR_TERMINATE|STR_ASCII);
965 } else {
966 memset(p+18, 0, 13);
967 }
968 break;
969 }
970 }
971
972 END_PROFILE(SMBioctl);
973 return;
974 }
975
976 /****************************************************************************
977 Strange checkpath NTSTATUS mapping.
978 ****************************************************************************/
979
980 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
981 {
982 /* Strange DOS error code semantics only for checkpath... */
983 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
984 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
985 /* We need to map to ERRbadpath */
986 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
987 }
988 }
989 return status;
990 }
991
992 /****************************************************************************
993 Reply to a checkpath.
994 ****************************************************************************/
995
996 void reply_checkpath(struct smb_request *req)
997 {
998 connection_struct *conn = req->conn;
999 struct smb_filename *smb_fname = NULL;
1000 char *name = NULL;
1001 NTSTATUS status;
1002 TALLOC_CTX *ctx = talloc_tos();
1003
1004 START_PROFILE(SMBcheckpath);
1005
1006 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
1007 STR_TERMINATE, &status);
1008
1009 if (!NT_STATUS_IS_OK(status)) {
1010 status = map_checkpath_error(req->flags2, status);
1011 reply_nterror(req, status);
1012 END_PROFILE(SMBcheckpath);
1013 return;
1014 }
1015
1016 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
1017
1018 status = filename_convert(ctx,
1019 conn,
1020 req->flags2 & FLAGS2_DFS_PATHNAMES,
1021 name,
1022 0,
1023 NULL,
1024 &smb_fname);
1025
1026 if (!NT_STATUS_IS_OK(status)) {
1027 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1028 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1029 ERRSRV, ERRbadpath);
1030 END_PROFILE(SMBcheckpath);
1031 return;
1032 }
1033 goto path_err;
1034 }
1035
1036 if (!VALID_STAT(smb_fname->st) &&
1037 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1038 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1039 smb_fname_str_dbg(smb_fname), strerror(errno)));
1040 status = map_nt_error_from_unix(errno);
1041 goto path_err;
1042 }
1043
1044 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1045 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1046 ERRDOS, ERRbadpath);
1047 goto out;
1048 }
1049
1050 reply_outbuf(req, 0, 0);
1051
1052 path_err:
1053 /* We special case this - as when a Windows machine
1054 is parsing a path is steps through the components
1055 one at a time - if a component fails it expects
1056 ERRbadpath, not ERRbadfile.
1057 */
1058 status = map_checkpath_error(req->flags2, status);
1059 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1060 /*
1061 * Windows returns different error codes if
1062 * the parent directory is valid but not the
1063 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1064 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1065 * if the path is invalid.
1066 */
1067 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1068 ERRDOS, ERRbadpath);
1069 goto out;
1070 }
1071
1072 reply_nterror(req, status);
1073
1074 out:
1075 TALLOC_FREE(smb_fname);
1076 END_PROFILE(SMBcheckpath);
1077 return;
1078 }
1079
1080 /****************************************************************************
1081 Reply to a getatr.
1082 ****************************************************************************/
1083
1084 void reply_getatr(struct smb_request *req)
1085 {
1086 connection_struct *conn = req->conn;
1087 struct smb_filename *smb_fname = NULL;
1088 char *fname = NULL;
1089 int mode=0;
1090 SMB_OFF_T size=0;
1091 time_t mtime=0;
1092 const char *p;
1093 NTSTATUS status;
1094 TALLOC_CTX *ctx = talloc_tos();
1095 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1096
1097 START_PROFILE(SMBgetatr);
1098
1099 p = (const char *)req->buf + 1;
1100 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1101 if (!NT_STATUS_IS_OK(status)) {
1102 reply_nterror(req, status);
1103 goto out;
1104 }
1105
1106 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1107 under WfWg - weird! */
1108 if (*fname == '\0') {
1109 mode = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
1110 if (!CAN_WRITE(conn)) {
1111 mode |= FILE_ATTRIBUTE_READONLY;
1112 }
1113 size = 0;
1114 mtime = 0;
1115 } else {
1116 status = filename_convert(ctx,
1117 conn,
1118 req->flags2 & FLAGS2_DFS_PATHNAMES,
1119 fname,
1120 0,
1121 NULL,
1122 &smb_fname);
1123 if (!NT_STATUS_IS_OK(status)) {
1124 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1125 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1126 ERRSRV, ERRbadpath);
1127 goto out;
1128 }
1129 reply_nterror(req, status);
1130 goto out;
1131 }
1132 if (!VALID_STAT(smb_fname->st) &&
1133 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1134 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1135 smb_fname_str_dbg(smb_fname),
1136 strerror(errno)));
1137 reply_nterror(req, map_nt_error_from_unix(errno));
1138 goto out;
1139 }
1140
1141 mode = dos_mode(conn, smb_fname);
1142 size = smb_fname->st.st_ex_size;
1143
1144 if (ask_sharemode) {
1145 struct timespec write_time_ts;
1146 struct file_id fileid;
1147
1148 ZERO_STRUCT(write_time_ts);
1149 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1150 get_file_infos(fileid, 0, NULL, &write_time_ts);
1151 if (!null_timespec(write_time_ts)) {
1152 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1153 }
1154 }
1155
1156 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1157 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
1158 size = 0;
1159 }
1160 }
1161
1162 reply_outbuf(req, 10, 0);
1163
1164 SSVAL(req->outbuf,smb_vwv0,mode);
1165 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1166 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1167 } else {
1168 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1169 }
1170 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1171
1172 if (get_Protocol() >= PROTOCOL_NT1) {
1173 SSVAL(req->outbuf, smb_flg2,
1174 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1175 }
1176
1177 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1178 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1179
1180 out:
1181 TALLOC_FREE(smb_fname);
1182 TALLOC_FREE(fname);
1183 END_PROFILE(SMBgetatr);
1184 return;
1185 }
1186
1187 /****************************************************************************
1188 Reply to a setatr.
1189 ****************************************************************************/
1190
1191 void reply_setatr(struct smb_request *req)
1192 {
1193 struct smb_file_time ft;
1194 connection_struct *conn = req->conn;
1195 struct smb_filename *smb_fname = NULL;
1196 char *fname = NULL;
1197 int mode;
1198 time_t mtime;
1199 const char *p;
1200 NTSTATUS status;
1201 TALLOC_CTX *ctx = talloc_tos();
1202
1203 START_PROFILE(SMBsetatr);
1204
1205 ZERO_STRUCT(ft);
1206
1207 if (req->wct < 2) {
1208 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1209 goto out;
1210 }
1211
1212 p = (const char *)req->buf + 1;
1213 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1214 if (!NT_STATUS_IS_OK(status)) {
1215 reply_nterror(req, status);
1216 goto out;
1217 }
1218
1219 status = filename_convert(ctx,
1220 conn,
1221 req->flags2 & FLAGS2_DFS_PATHNAMES,
1222 fname,
1223 0,
1224 NULL,
1225 &smb_fname);
1226 if (!NT_STATUS_IS_OK(status)) {
1227 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1228 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1229 ERRSRV, ERRbadpath);
1230 goto out;
1231 }
1232 reply_nterror(req, status);
1233 goto out;
1234 }
1235
1236 if (smb_fname->base_name[0] == '.' &&
1237 smb_fname->base_name[1] == '\0') {
1238 /*
1239 * Not sure here is the right place to catch this
1240 * condition. Might be moved to somewhere else later -- vl
1241 */
1242 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1243 goto out;
1244 }
1245
1246 mode = SVAL(req->vwv+0, 0);
1247 mtime = srv_make_unix_date3(req->vwv+1);
1248
1249 ft.mtime = convert_time_t_to_timespec(mtime);
1250 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1251 if (!NT_STATUS_IS_OK(status)) {
1252 reply_nterror(req, status);
1253 goto out;
1254 }
1255
1256 if (mode != FILE_ATTRIBUTE_NORMAL) {
1257 if (VALID_STAT_OF_DIR(smb_fname->st))
1258 mode |= FILE_ATTRIBUTE_DIRECTORY;
1259 else
1260 mode &= ~FILE_ATTRIBUTE_DIRECTORY;
1261
1262 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1263 false) != 0) {
1264 reply_nterror(req, map_nt_error_from_unix(errno));
1265 goto out;
1266 }
1267 }
1268
1269 reply_outbuf(req, 0, 0);
1270
1271 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1272 mode));
1273 out:
1274 TALLOC_FREE(smb_fname);
1275 END_PROFILE(SMBsetatr);
1276 return;
1277 }
1278
1279 /****************************************************************************
1280 Reply to a dskattr.
1281 ****************************************************************************/
1282
1283 void reply_dskattr(struct smb_request *req)
1284 {
1285 connection_struct *conn = req->conn;
1286 uint64_t dfree,dsize,bsize;
1287 START_PROFILE(SMBdskattr);
1288
1289 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1290 reply_nterror(req, map_nt_error_from_unix(errno));
1291 END_PROFILE(SMBdskattr);
1292 return;
1293 }
1294
1295 reply_outbuf(req, 5, 0);
1296
1297 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1298 double total_space, free_space;
1299 /* we need to scale this to a number that DOS6 can handle. We
1300 use floating point so we can handle large drives on systems
1301 that don't have 64 bit integers
1302
1303 we end up displaying a maximum of 2G to DOS systems
1304 */
1305 total_space = dsize * (double)bsize;
1306 free_space = dfree * (double)bsize;
1307
1308 dsize = (uint64_t)((total_space+63*512) / (64*512));
1309 dfree = (uint64_t)((free_space+63*512) / (64*512));
1310
1311 if (dsize > 0xFFFF) dsize = 0xFFFF;
1312 if (dfree > 0xFFFF) dfree = 0xFFFF;
1313
1314 SSVAL(req->outbuf,smb_vwv0,dsize);
1315 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1316 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1317 SSVAL(req->outbuf,smb_vwv3,dfree);
1318 } else {
1319 SSVAL(req->outbuf,smb_vwv0,dsize);
1320 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1321 SSVAL(req->outbuf,smb_vwv2,512);
1322 SSVAL(req->outbuf,smb_vwv3,dfree);
1323 }
1324
1325 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1326
1327 END_PROFILE(SMBdskattr);
1328 return;
1329 }
1330
1331 /*
1332 * Utility function to split the filename from the directory.
1333 */
1334 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1335 char **fname_dir_out,
1336 char **fname_mask_out)
1337 {
1338 const char *p = NULL;
1339 char *fname_dir = NULL;
1340 char *fname_mask = NULL;
1341
1342 p = strrchr_m(fname_in, '/');
1343 if (!p) {
1344 fname_dir = talloc_strdup(ctx, ".");
1345 fname_mask = talloc_strdup(ctx, fname_in);
1346 } else {
1347 fname_dir = talloc_strndup(ctx, fname_in,
1348 PTR_DIFF(p, fname_in));
1349 fname_mask = talloc_strdup(ctx, p+1);
1350 }
1351
1352 if (!fname_dir || !fname_mask) {
1353 TALLOC_FREE(fname_dir);
1354 TALLOC_FREE(fname_mask);
1355 return NT_STATUS_NO_MEMORY;
1356 }
1357
1358 *fname_dir_out = fname_dir;
1359 *fname_mask_out = fname_mask;
1360 return NT_STATUS_OK;
1361 }
1362
1363 /****************************************************************************
1364 Reply to a search.
1365 Can be called from SMBsearch, SMBffirst or SMBfunique.
1366 ****************************************************************************/
1367
1368 void reply_search(struct smb_request *req)
1369 {
1370 connection_struct *conn = req->conn;
1371 char *path = NULL;
1372 const char *mask = NULL;
1373 char *directory = NULL;
1374 struct smb_filename *smb_fname = NULL;
1375 char *fname = NULL;
1376 SMB_OFF_T size;
1377 uint32 mode;
1378 struct timespec date;
1379 uint32 dirtype;
1380 unsigned int numentries = 0;
1381 unsigned int maxentries = 0;
1382 bool finished = False;
1383 const char *p;
1384 int status_len;
1385 char status[21];
1386 int dptr_num= -1;
1387 bool check_descend = False;
1388 bool expect_close = False;
1389 NTSTATUS nt_status;
1390 bool mask_contains_wcard = False;
1391 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1392 TALLOC_CTX *ctx = talloc_tos();
1393 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1394 struct dptr_struct *dirptr = NULL;
1395 struct smbd_server_connection *sconn = req->sconn;
1396
1397 START_PROFILE(SMBsearch);
1398
1399 if (req->wct < 2) {
1400 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1401 goto out;
1402 }
1403
1404 if (lp_posix_pathnames()) {
1405 reply_unknown_new(req, req->cmd);
1406 goto out;
1407 }
1408
1409 /* If we were called as SMBffirst then we must expect close. */
1410 if(req->cmd == SMBffirst) {
1411 expect_close = True;
1412 }
1413
1414 reply_outbuf(req, 1, 3);
1415 maxentries = SVAL(req->vwv+0, 0);
1416 dirtype = SVAL(req->vwv+1, 0);
1417 p = (const char *)req->buf + 1;
1418 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1419 &nt_status, &mask_contains_wcard);
1420 if (!NT_STATUS_IS_OK(nt_status)) {
1421 reply_nterror(req, nt_status);
1422 goto out;
1423 }
1424
1425 p++;
1426 status_len = SVAL(p, 0);
1427 p += 2;
1428
1429 /* dirtype &= ~FILE_ATTRIBUTE_DIRECTORY; */
1430
1431 if (status_len == 0) {
1432 nt_status = filename_convert(ctx, conn,
1433 req->flags2 & FLAGS2_DFS_PATHNAMES,
1434 path,
1435 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1436 &mask_contains_wcard,
1437 &smb_fname);
1438 if (!NT_STATUS_IS_OK(nt_status)) {
1439 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1440 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1441 ERRSRV, ERRbadpath);
1442 goto out;
1443 }
1444 reply_nterror(req, nt_status);
1445 goto out;
1446 }
1447
1448 directory = smb_fname->base_name;
1449
1450 p = strrchr_m(directory,'/');
1451 if ((p != NULL) && (*directory != '/')) {
1452 mask = p + 1;
1453 directory = talloc_strndup(ctx, directory,
1454 PTR_DIFF(p, directory));
1455 } else {
1456 mask = directory;
1457 directory = talloc_strdup(ctx,".");
1458 }
1459
1460 if (!directory) {
1461 reply_nterror(req, NT_STATUS_NO_MEMORY);
1462 goto out;
1463 }
1464
1465 memset((char *)status,'\0',21);
1466 SCVAL(status,0,(dirtype & 0x1F));
1467
1468 nt_status = dptr_create(conn,
1469 NULL, /* fsp */
1470 directory,
1471 True,
1472 expect_close,
1473 req->smbpid,
1474 mask,
1475 mask_contains_wcard,
1476 dirtype,
1477 &dirptr);
1478 if (!NT_STATUS_IS_OK(nt_status)) {
1479 reply_nterror(req, nt_status);
1480 goto out;
1481 }
1482 dptr_num = dptr_dnum(dirptr);
1483 } else {
1484 int status_dirtype;
1485 const char *dirpath;
1486
1487 memcpy(status,p,21);
1488 status_dirtype = CVAL(status,0) & 0x1F;
1489 if (status_dirtype != (dirtype & 0x1F)) {
1490 dirtype = status_dirtype;
1491 }
1492
1493 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1494 if (!dirptr) {
1495 goto SearchEmpty;
1496 }
1497 dirpath = dptr_path(sconn, dptr_num);
1498 directory = talloc_strdup(ctx, dirpath);
1499 if (!directory) {
1500 reply_nterror(req, NT_STATUS_NO_MEMORY);
1501 goto out;
1502 }
1503
1504 mask = dptr_wcard(sconn, dptr_num);
1505 if (!mask) {
1506 goto SearchEmpty;
1507 }
1508 /*
1509 * For a 'continue' search we have no string. So
1510 * check from the initial saved string.
1511 */
1512 mask_contains_wcard = ms_has_wild(mask);
1513 dirtype = dptr_attr(sconn, dptr_num);
1514 }
1515
1516 DEBUG(4,("dptr_num is %d\n",dptr_num));
1517
1518 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1519 dptr_init_search_op(dirptr);
1520
1521 if ((dirtype&0x1F) == FILE_ATTRIBUTE_VOLUME) {
1522 char buf[DIR_STRUCT_SIZE];
1523 memcpy(buf,status,21);
1524 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1525 0,FILE_ATTRIBUTE_VOLUME,0,!allow_long_path_components)) {
1526 reply_nterror(req, NT_STATUS_NO_MEMORY);
1527 goto out;
1528 }
1529 dptr_fill(sconn, buf+12,dptr_num);
1530 if (dptr_zero(buf+12) && (status_len==0)) {
1531 numentries = 1;
1532 } else {
1533 numentries = 0;
1534 }
1535 if (message_push_blob(&req->outbuf,
1536 data_blob_const(buf, sizeof(buf)))
1537 == -1) {
1538 reply_nterror(req, NT_STATUS_NO_MEMORY);
1539 goto out;
1540 }
1541 } else {
1542 unsigned int i;
1543 maxentries = MIN(
1544 maxentries,
1545 ((BUFFER_SIZE -
1546 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1547 /DIR_STRUCT_SIZE));
1548
1549 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1550 directory,lp_dontdescend(SNUM(conn))));
1551 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1552 check_descend = True;
1553 }
1554
1555 for (i=numentries;(i<maxentries) && !finished;i++) {
1556 finished = !get_dir_entry(ctx,
1557 dirptr,
1558 mask,
1559 dirtype,
1560 &fname,
1561 &size,
1562 &mode,
1563 &date,
1564 check_descend,
1565 ask_sharemode);
1566 if (!finished) {
1567 char buf[DIR_STRUCT_SIZE];
1568 memcpy(buf,status,21);
1569 if (!make_dir_struct(ctx,
1570 buf,
1571 mask,
1572 fname,
1573 size,
1574 mode,
1575 convert_timespec_to_time_t(date),
1576 !allow_long_path_components)) {
1577 reply_nterror(req, NT_STATUS_NO_MEMORY);
1578 goto out;
1579 }
1580 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1581 break;
1582 }
1583 if (message_push_blob(&req->outbuf,
1584 data_blob_const(buf, sizeof(buf)))
1585 == -1) {
1586 reply_nterror(req, NT_STATUS_NO_MEMORY);
1587 goto out;
1588 }
1589 numentries++;
1590 }
1591 }
1592 }
1593
1594 SearchEmpty:
1595
1596 /* If we were called as SMBffirst with smb_search_id == NULL
1597 and no entries were found then return error and close dirptr
1598 (X/Open spec) */
1599
1600 if (numentries == 0) {
1601 dptr_close(sconn, &dptr_num);
1602 } else if(expect_close && status_len == 0) {
1603 /* Close the dptr - we know it's gone */
1604 dptr_close(sconn, &dptr_num);
1605 }
1606
1607 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1608 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1609 dptr_close(sconn, &dptr_num);
1610 }
1611
1612 if ((numentries == 0) && !mask_contains_wcard) {
1613 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1614 goto out;
1615 }
1616
1617 SSVAL(req->outbuf,smb_vwv0,numentries);
1618 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1619 SCVAL(smb_buf(req->outbuf),0,5);
1620 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1621
1622 /* The replies here are never long name. */
1623 SSVAL(req->outbuf, smb_flg2,
1624 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1625 if (!allow_long_path_components) {
1626 SSVAL(req->outbuf, smb_flg2,
1627 SVAL(req->outbuf, smb_flg2)
1628 & (~FLAGS2_LONG_PATH_COMPONENTS));
1629 }
1630
1631 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1632 SSVAL(req->outbuf, smb_flg2,
1633 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1634
1635 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1636 smb_fn_name(req->cmd),
1637 mask,
1638 directory,
1639 dirtype,
1640 numentries,
1641 maxentries ));
1642 out:
1643 TALLOC_FREE(directory);
1644 TALLOC_FREE(smb_fname);
1645 END_PROFILE(SMBsearch);
1646 return;
1647 }
1648
1649 /****************************************************************************
1650 Reply to a fclose (stop directory search).
1651 ****************************************************************************/
1652
1653 void reply_fclose(struct smb_request *req)
1654 {
1655 int status_len;
1656 char status[21];
1657 int dptr_num= -2;
1658 const char *p;
1659 char *path = NULL;
1660 NTSTATUS err;
1661 bool path_contains_wcard = False;
1662 TALLOC_CTX *ctx = talloc_tos();
1663 struct smbd_server_connection *sconn = req->sconn;
1664
1665 START_PROFILE(SMBfclose);
1666
1667 if (lp_posix_pathnames()) {
1668 reply_unknown_new(req, req->cmd);
1669 END_PROFILE(SMBfclose);
1670 return;
1671 }
1672
1673 p = (const char *)req->buf + 1;
1674 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1675 &err, &path_contains_wcard);
1676 if (!NT_STATUS_IS_OK(err)) {
1677 reply_nterror(req, err);
1678 END_PROFILE(SMBfclose);
1679 return;
1680 }
1681 p++;
1682 status_len = SVAL(p,0);
1683 p += 2;
1684
1685 if (status_len == 0) {
1686 reply_force_doserror(req, ERRSRV, ERRsrverror);
1687 END_PROFILE(SMBfclose);
1688 return;
1689 }
1690
1691 memcpy(status,p,21);
1692
1693 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1694 /* Close the dptr - we know it's gone */
1695 dptr_close(sconn, &dptr_num);
1696 }
1697
1698 reply_outbuf(req, 1, 0);
1699 SSVAL(req->outbuf,smb_vwv0,0);
1700
1701 DEBUG(3,("search close\n"));
1702
1703 END_PROFILE(SMBfclose);
1704 return;
1705 }
1706
1707 /****************************************************************************
1708 Reply to an open.
1709 ****************************************************************************/
1710
1711 void reply_open(struct smb_request *req)
1712 {
1713 connection_struct *conn = req->conn;
1714 struct smb_filename *smb_fname = NULL;
1715 char *fname = NULL;
1716 uint32 fattr=0;
1717 SMB_OFF_T size = 0;
1718 time_t mtime=0;
1719 int info;
1720 files_struct *fsp;
1721 int oplock_request;
1722 int deny_mode;
1723 uint32 dos_attr;
1724 uint32 access_mask;
1725 uint32 share_mode;
1726 uint32 create_disposition;
1727 uint32 create_options = 0;
1728 uint32_t private_flags = 0;
1729 NTSTATUS status;
1730 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1731 TALLOC_CTX *ctx = talloc_tos();
1732
1733 START_PROFILE(SMBopen);
1734
1735 if (req->wct < 2) {
1736 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1737 goto out;
1738 }
1739
1740 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1741 deny_mode = SVAL(req->vwv+0, 0);
1742 dos_attr = SVAL(req->vwv+1, 0);
1743
1744 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1745 STR_TERMINATE, &status);
1746 if (!NT_STATUS_IS_OK(status)) {
1747 reply_nterror(req, status);
1748 goto out;
1749 }
1750
1751 if (!map_open_params_to_ntcreate(fname, deny_mode,
1752 OPENX_FILE_EXISTS_OPEN, &access_mask,
1753 &share_mode, &create_disposition,
1754 &create_options, &private_flags)) {
1755 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1756 goto out;
1757 }
1758
1759 status = filename_convert(ctx,
1760 conn,
1761 req->flags2 & FLAGS2_DFS_PATHNAMES,
1762 fname,
1763 (create_disposition == FILE_CREATE)
1764 ? UCF_CREATING_FILE : 0,
1765 NULL,
1766 &smb_fname);
1767 if (!NT_STATUS_IS_OK(status)) {
1768 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1769 reply_botherror(req,
1770 NT_STATUS_PATH_NOT_COVERED,
1771 ERRSRV, ERRbadpath);
1772 goto out;
1773 }
1774 reply_nterror(req, status);
1775 goto out;
1776 }
1777
1778 status = SMB_VFS_CREATE_FILE(
1779 conn, /* conn */
1780 req, /* req */
1781 0, /* root_dir_fid */
1782 smb_fname, /* fname */
1783 access_mask, /* access_mask */
1784 share_mode, /* share_access */
1785 create_disposition, /* create_disposition*/
1786 create_options, /* create_options */
1787 dos_attr, /* file_attributes */
1788 oplock_request, /* oplock_request */
1789 0, /* allocation_size */
1790 private_flags,
1791 NULL, /* sd */
1792 NULL, /* ea_list */
1793 &fsp, /* result */
1794 &info); /* pinfo */
1795
1796 if (!NT_STATUS_IS_OK(status)) {
1797 if (open_was_deferred(req->mid)) {
1798 /* We have re-scheduled this call. */
1799 goto out;
1800 }
1801 reply_openerror(req, status);
1802 goto out;
1803 }
1804
1805 size = smb_fname->st.st_ex_size;
1806 fattr = dos_mode(conn, smb_fname);
1807
1808 /* Deal with other possible opens having a modified
1809 write time. JRA. */
1810 if (ask_sharemode) {
1811 struct timespec write_time_ts;
1812
1813 ZERO_STRUCT(write_time_ts);
1814 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
1815 if (!null_timespec(write_time_ts)) {
1816 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1817 }
1818 }
1819
1820 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1821
1822 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
1823 DEBUG(3,("attempt to open a directory %s\n",
1824 fsp_str_dbg(fsp)));
1825 close_file(req, fsp, ERROR_CLOSE);
1826 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1827 ERRDOS, ERRnoaccess);
1828 goto out;
1829 }
1830
1831 reply_outbuf(req, 7, 0);
1832 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1833 SSVAL(req->outbuf,smb_vwv1,fattr);
1834 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1835 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1836 } else {
1837 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1838 }
1839 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1840 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1841
1842 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1843 SCVAL(req->outbuf,smb_flg,
1844 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1845 }
1846
1847 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1848 SCVAL(req->outbuf,smb_flg,
1849 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1850 }
1851 out:
1852 TALLOC_FREE(smb_fname);
1853 END_PROFILE(SMBopen);
1854 return;
1855 }
1856
1857 /****************************************************************************
1858 Reply to an open and X.
1859 ****************************************************************************/
1860
1861 void reply_open_and_X(struct smb_request *req)
1862 {
1863 connection_struct *conn = req->conn;
1864 struct smb_filename *smb_fname = NULL;
1865 char *fname = NULL;
1866 uint16 open_flags;
1867 int deny_mode;
1868 uint32 smb_attr;
1869 /* Breakout the oplock request bits so we can set the
1870 reply bits separately. */
1871 int ex_oplock_request;
1872 int core_oplock_request;
1873 int oplock_request;
1874 #if 0
1875 int smb_sattr = SVAL(req->vwv+4, 0);
1876 uint32 smb_time = make_unix_date3(req->vwv+6);
1877 #endif
1878 int smb_ofun;
1879 uint32 fattr=0;
1880 int mtime=0;
1881 int smb_action = 0;
1882 files_struct *fsp;
1883 NTSTATUS status;
1884 uint64_t allocation_size;
1885 ssize_t retval = -1;
1886 uint32 access_mask;
1887 uint32 share_mode;
1888 uint32 create_disposition;
1889 uint32 create_options = 0;
1890 uint32_t private_flags = 0;
1891 TALLOC_CTX *ctx = talloc_tos();
1892
1893 START_PROFILE(SMBopenX);
1894
1895 if (req->wct < 15) {
1896 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1897 goto out;
1898 }
1899
1900 open_flags = SVAL(req->vwv+2, 0);
1901 deny_mode = SVAL(req->vwv+3, 0);
1902 smb_attr = SVAL(req->vwv+5, 0);
1903 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1904 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1905 oplock_request = ex_oplock_request | core_oplock_request;
1906 smb_ofun = SVAL(req->vwv+8, 0);
1907 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1908
1909 /* If it's an IPC, pass off the pipe handler. */
1910 if (IS_IPC(conn)) {
1911 if (lp_nt_pipe_support()) {
1912 reply_open_pipe_and_X(conn, req);
1913 } else {
1914 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1915 }
1916 goto out;
1917 }
1918
1919 /* XXXX we need to handle passed times, sattr and flags */
1920 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1921 STR_TERMINATE, &status);
1922 if (!NT_STATUS_IS_OK(status)) {
1923 reply_nterror(req, status);
1924 goto out;
1925 }
1926
1927 if (!map_open_params_to_ntcreate(fname, deny_mode,
1928 smb_ofun,
1929 &access_mask, &share_mode,
1930 &create_disposition,
1931 &create_options,
1932 &private_flags)) {
1933 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1934 goto out;
1935 }
1936
1937 status = filename_convert(ctx,
1938 conn,
1939 req->flags2 & FLAGS2_DFS_PATHNAMES,
1940 fname,
1941 (create_disposition == FILE_CREATE)
1942 ? UCF_CREATING_FILE : 0,
1943 NULL,
1944 &smb_fname);
1945 if (!NT_STATUS_IS_OK(status)) {
1946 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1947 reply_botherror(req,
1948 NT_STATUS_PATH_NOT_COVERED,
1949 ERRSRV, ERRbadpath);
1950 goto out;
1951 }
1952 reply_nterror(req, status);
1953 goto out;
1954 }
1955
1956 status = SMB_VFS_CREATE_FILE(
1957 conn, /* conn */
1958 req, /* req */
1959 0, /* root_dir_fid */
1960 smb_fname, /* fname */
1961 access_mask, /* access_mask */
1962 share_mode, /* share_access */
1963 create_disposition, /* create_disposition*/
1964 create_options, /* create_options */
1965 smb_attr, /* file_attributes */
1966 oplock_request, /* oplock_request */
1967 0, /* allocation_size */
1968 private_flags,
1969 NULL, /* sd */
1970 NULL, /* ea_list */
1971 &fsp, /* result */
1972 &smb_action); /* pinfo */
1973
1974 if (!NT_STATUS_IS_OK(status)) {
1975 if (open_was_deferred(req->mid)) {
1976 /* We have re-scheduled this call. */
1977 goto out;
1978 }
1979 reply_openerror(req, status);
1980 goto out;
1981 }
1982
1983 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1984 if the file is truncated or created. */
1985 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1986 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1987 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1988 close_file(req, fsp, ERROR_CLOSE);
1989 reply_nterror(req, NT_STATUS_DISK_FULL);
1990 goto out;
1991 }
1992 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1993 if (retval < 0) {
1994 close_file(req, fsp, ERROR_CLOSE);
1995 reply_nterror(req, NT_STATUS_DISK_FULL);
1996 goto out;
1997 }
1998 status = vfs_stat_fsp(fsp);
1999 if (!NT_STATUS_IS_OK(status)) {
2000 close_file(req, fsp, ERROR_CLOSE);
2001 reply_nterror(req, status);
2002 goto out;
2003 }
2004 }
2005
2006 fattr = dos_mode(conn, fsp->fsp_name);
2007 mtime = convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime);
2008 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2009 close_file(req, fsp, ERROR_CLOSE);
2010 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2011 goto out;
2012 }
2013
2014 /* If the caller set the extended oplock request bit
2015 and we granted one (by whatever means) - set the
2016 correct bit for extended oplock reply.
2017 */
2018
2019 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2020 smb_action |= EXTENDED_OPLOCK_GRANTED;
2021 }
2022
2023 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2024 smb_action |= EXTENDED_OPLOCK_GRANTED;
2025 }
2026
2027 /* If the caller set the core oplock request bit
2028 and we granted one (by whatever means) - set the
2029 correct bit for core oplock reply.
2030 */
2031
2032 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2033 reply_outbuf(req, 19, 0);
2034 } else {
2035 reply_outbuf(req, 15, 0);
2036 }
2037
2038 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2039 SCVAL(req->outbuf, smb_flg,
2040 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2041 }
2042
2043 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2044 SCVAL(req->outbuf, smb_flg,
2045 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2046 }
2047
2048 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2049 SSVAL(req->outbuf,smb_vwv3,fattr);
2050 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2051 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2052 } else {
2053 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2054 }
2055 SIVAL(req->outbuf,smb_vwv6,(uint32)fsp->fsp_name->st.st_ex_size);
2056 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2057 SSVAL(req->outbuf,smb_vwv11,smb_action);
2058
2059 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2060 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2061 }
2062
2063 chain_reply(req);
2064 out:
2065 TALLOC_FREE(smb_fname);
2066 END_PROFILE(SMBopenX);
2067 return;
2068 }
2069
2070 /****************************************************************************
2071 Reply to a SMBulogoffX.
2072 ****************************************************************************/
2073
2074 void reply_ulogoffX(struct smb_request *req)
2075 {
2076 struct smbd_server_connection *sconn = req->sconn;
2077 user_struct *vuser;
2078
2079 START_PROFILE(SMBulogoffX);
2080
2081 vuser = get_valid_user_struct(sconn, req->vuid);
2082
2083 if(vuser == NULL) {
2084 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2085 req->vuid));
2086 }
2087
2088 /* in user level security we are supposed to close any files
2089 open by this user */
2090 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2091 file_close_user(sconn, req->vuid);
2092 }
2093
2094 invalidate_vuid(sconn, req->vuid);
2095
2096 reply_outbuf(req, 2, 0);
2097
2098 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2099
2100 END_PROFILE(SMBulogoffX);
2101 req->vuid = UID_FIELD_INVALID;
2102 chain_reply(req);
2103 }
2104
2105 /****************************************************************************
2106 Reply to a mknew or a create.
2107 ****************************************************************************/
2108
2109 void reply_mknew(struct smb_request *req)
2110 {
2111 connection_struct *conn = req->conn;
2112 struct smb_filename *smb_fname = NULL;
2113 char *fname = NULL;
2114 uint32 fattr = 0;
2115 struct smb_file_time ft;
2116 files_struct *fsp;
2117 int oplock_request = 0;
2118 NTSTATUS status;
2119 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2120 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2121 uint32 create_disposition;
2122 uint32 create_options = 0;
2123 TALLOC_CTX *ctx = talloc_tos();
2124
2125 START_PROFILE(SMBcreate);
2126 ZERO_STRUCT(ft);
2127
2128 if (req->wct < 3) {
2129 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2130 goto out;
2131 }
2132
2133 fattr = SVAL(req->vwv+0, 0);
2134 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2135
2136 /* mtime. */
2137 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2138
2139 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2140 STR_TERMINATE, &status);
2141 if (!NT_STATUS_IS_OK(status)) {
2142 reply_nterror(req, status);
2143 goto out;
2144 }
2145
2146 status = filename_convert(ctx,
2147 conn,
2148 req->flags2 & FLAGS2_DFS_PATHNAMES,
2149 fname,
2150 UCF_CREATING_FILE,
2151 NULL,
2152 &smb_fname);
2153 if (!NT_STATUS_IS_OK(status)) {
2154 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2155 reply_botherror(req,
2156 NT_STATUS_PATH_NOT_COVERED,
2157 ERRSRV, ERRbadpath);
2158 goto out;
2159 }
2160 reply_nterror(req, status);
2161 goto out;
2162 }
2163
2164 if (fattr & FILE_ATTRIBUTE_VOLUME) {
2165 DEBUG(0,("Attempt to create file (%s) with volid set - "
2166 "please report this\n",
2167 smb_fname_str_dbg(smb_fname)));
2168 }
2169
2170 if(req->cmd == SMBmknew) {
2171 /* We should fail if file exists. */
2172 create_disposition = FILE_CREATE;
2173 } else {
2174 /* Create if file doesn't exist, truncate if it does. */
2175 create_disposition = FILE_OVERWRITE_IF;
2176 }
2177
2178 status = SMB_VFS_CREATE_FILE(
2179 conn, /* conn */
2180 req, /* req */
2181 0, /* root_dir_fid */
2182 smb_fname, /* fname */
2183 access_mask, /* access_mask */
2184 share_mode, /* share_access */
2185 create_disposition, /* create_disposition*/
2186 create_options, /* create_options */
2187 fattr, /* file_attributes */
2188 oplock_request, /* oplock_request */
2189 0, /* allocation_size */
2190 0, /* private_flags */
2191 NULL, /* sd */
2192 NULL, /* ea_list */
2193 &fsp, /* result */
2194 NULL); /* pinfo */
2195
2196 if (!NT_STATUS_IS_OK(status)) {
2197 if (open_was_deferred(req->mid)) {
2198 /* We have re-scheduled this call. */
2199 goto out;
2200 }
2201 reply_openerror(req, status);
2202 goto out;
2203 }
2204
2205 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2206 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2207 if (!NT_STATUS_IS_OK(status)) {
2208 END_PROFILE(SMBcreate);
2209 goto out;
2210 }
2211
2212 reply_outbuf(req, 1, 0);
2213 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2214
2215 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2216 SCVAL(req->outbuf,smb_flg,
2217 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2218 }
2219
2220 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2221 SCVAL(req->outbuf,smb_flg,
2222 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2223 }
2224
2225 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2226 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2227 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2228 (unsigned int)fattr));
2229
2230 out:
2231 TALLOC_FREE(smb_fname);
2232 END_PROFILE(SMBcreate);
2233 return;
2234 }
2235
2236 /****************************************************************************
2237 Reply to a create temporary file.
2238 ****************************************************************************/
2239
2240 void reply_ctemp(struct smb_request *req)
2241 {
2242 connection_struct *conn = req->conn;
2243 struct smb_filename *smb_fname = NULL;
2244 char *wire_name = NULL;
2245 char *fname = NULL;
2246 uint32 fattr;
2247 files_struct *fsp;
2248 int oplock_request;
2249 char *s;
2250 NTSTATUS status;
2251 int i;
2252 TALLOC_CTX *ctx = talloc_tos();
2253
2254 START_PROFILE(SMBctemp);
2255
2256 if (req->wct < 3) {
2257 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2258 goto out;
2259 }
2260
2261 fattr = SVAL(req->vwv+0, 0);
2262 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2263
2264 srvstr_get_path_req(ctx, req, &wire_name, (const char *)req->buf+1,
2265 STR_TERMINATE, &status);
2266 if (!NT_STATUS_IS_OK(status)) {
2267 reply_nterror(req, status);
2268 goto out;
2269 }
2270
2271 for (i = 0; i < 10; i++) {
2272 if (*wire_name) {
2273 fname = talloc_asprintf(ctx,
2274 "%s/TMP%s",
2275 wire_name,
2276 generate_random_str_list(ctx, 5, "0123456789"));
2277 } else {
2278 fname = talloc_asprintf(ctx,
2279 "TMP%s",
2280 generate_random_str_list(ctx, 5, "0123456789"));
2281 }
2282
2283 if (!fname) {
2284 reply_nterror(req, NT_STATUS_NO_MEMORY);
2285 goto out;
2286 }
2287
2288 status = filename_convert(ctx, conn,
2289 req->flags2 & FLAGS2_DFS_PATHNAMES,
2290 fname,
2291 UCF_CREATING_FILE,
2292 NULL,
2293 &smb_fname);
2294 if (!NT_STATUS_IS_OK(status)) {
2295 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2296 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2297 ERRSRV, ERRbadpath);
2298 goto out;
2299 }
2300 reply_nterror(req, status);
2301 goto out;
2302 }
2303
2304 /* Create the file. */
2305 status = SMB_VFS_CREATE_FILE(
2306 conn, /* conn */
2307 req, /* req */
2308 0, /* root_dir_fid */
2309 smb_fname, /* fname */
2310 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2311 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2312 FILE_CREATE, /* create_disposition*/
2313 0, /* create_options */
2314 fattr, /* file_attributes */
2315 oplock_request, /* oplock_request */
2316 0, /* allocation_size */
2317 0, /* private_flags */
2318 NULL, /* sd */
2319 NULL, /* ea_list */
2320 &fsp, /* result */
2321 NULL); /* pinfo */
2322
2323 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
2324 TALLOC_FREE(fname);
2325 TALLOC_FREE(smb_fname);
2326 continue;
2327 }
2328
2329 if (!NT_STATUS_IS_OK(status)) {
2330 if (open_was_deferred(req->mid)) {
2331 /* We have re-scheduled this call. */
2332 goto out;
2333 }
2334 reply_openerror(req, status);
2335 goto out;
2336 }
2337
2338 break;
2339 }
2340
2341 if (i == 10) {
2342 /* Collision after 10 times... */
2343 reply_nterror(req, status);
2344 goto out;
2345 }
2346
2347 reply_outbuf(req, 1, 0);
2348 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2349
2350 /* the returned filename is relative to the directory */
2351 s = strrchr_m(fsp->fsp_name->base_name, '/');
2352 if (!s) {
2353 s = fsp->fsp_name->base_name;
2354 } else {
2355 s++;
2356 }
2357
2358 #if 0
2359 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2360 thing in the byte section. JRA */
2361 SSVALS(p, 0, -1); /* what is this? not in spec */
2362 #endif
2363 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2364 == -1) {
2365 reply_nterror(req, NT_STATUS_NO_MEMORY);
2366 goto out;
2367 }
2368
2369 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2370 SCVAL(req->outbuf, smb_flg,
2371 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2372 }
2373
2374 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2375 SCVAL(req->outbuf, smb_flg,
2376 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2377 }
2378
2379 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2380 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2381 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2382 out:
2383 TALLOC_FREE(smb_fname);
2384 TALLOC_FREE(fname);
2385 TALLOC_FREE(wire_name);
2386 END_PROFILE(SMBctemp);
2387 return;
2388 }
2389
2390 /*******************************************************************
2391 Check if a user is allowed to rename a file.
2392 ********************************************************************/
2393
2394 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2395 uint16 dirtype)
2396 {
2397 if (!CAN_WRITE(conn)) {
2398 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2399 }
2400
2401 if ((dirtype & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) !=
2402 (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2403 /* Only bother to read the DOS attribute if we might deny the
2404 rename on the grounds of attribute missmatch. */
2405 uint32_t fmode = dos_mode(conn, fsp->fsp_name);
2406 if ((fmode & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2407 return NT_STATUS_NO_SUCH_FILE;
2408 }
2409 }
2410
2411 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2412 if (fsp->posix_open) {
2413 return NT_STATUS_OK;
2414 }
2415
2416 /* If no pathnames are open below this
2417 directory, allow the rename. */
2418
2419 if (file_find_subpath(fsp)) {
2420 return NT_STATUS_ACCESS_DENIED;
2421 }
2422 return NT_STATUS_OK;
2423 }
2424
2425 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2426 return NT_STATUS_OK;
2427 }
2428
2429 return NT_STATUS_ACCESS_DENIED;
2430 }
2431
2432 /*******************************************************************
2433 * unlink a file with all relevant access checks
2434 *******************************************************************/
2435
2436 static NTSTATUS do_unlink(connection_struct *conn,
2437 struct smb_request *req,
2438 struct smb_filename *smb_fname,
2439 uint32 dirtype)
2440 {
2441 uint32 fattr;
2442 files_struct *fsp;
2443 uint32 dirtype_orig = dirtype;
2444 NTSTATUS status;
2445 int ret;
2446 bool posix_paths = lp_posix_pathnames();
2447
2448 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2449 smb_fname_str_dbg(smb_fname),
2450 dirtype));
2451
2452 if (!CAN_WRITE(conn)) {
2453 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2454 }
2455
2456 if (posix_paths) {
2457 ret = SMB_VFS_LSTAT(conn, smb_fname);
2458 } else {
2459 ret = SMB_VFS_STAT(conn, smb_fname);
2460 }
2461 if (ret != 0) {
2462 return map_nt_error_from_unix(errno);
2463 }
2464
2465 fattr = dos_mode(conn, smb_fname);
2466
2467 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2468 dirtype = FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY;
2469 }
2470
2471 dirtype &= (FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
2472 if (!dirtype) {
2473 return NT_STATUS_NO_SUCH_FILE;
2474 }
2475
2476 if (!dir_check_ftype(conn, fattr, dirtype)) {
2477 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2478 return NT_STATUS_FILE_IS_A_DIRECTORY;
2479 }
2480 return NT_STATUS_NO_SUCH_FILE;
2481 }
2482
2483 if (dirtype_orig & 0x8000) {
2484 /* These will never be set for POSIX. */
2485 return NT_STATUS_NO_SUCH_FILE;
2486 }
2487
2488 #if 0
2489 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2490 return NT_STATUS_FILE_IS_A_DIRECTORY;
2491 }
2492
2493 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2494 return NT_STATUS_NO_SUCH_FILE;
2495 }
2496
2497 if (dirtype & 0xFF00) {
2498 /* These will never be set for POSIX. */
2499 return NT_STATUS_NO_SUCH_FILE;
2500 }
2501
2502 dirtype &= 0xFF;
2503 if (!dirtype) {
2504 return NT_STATUS_NO_SUCH_FILE;
2505 }
2506
2507 /* Can't delete a directory. */
2508 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2509 return NT_STATUS_FILE_IS_A_DIRECTORY;
2510 }
2511 #endif
2512
2513 #if 0 /* JRATEST */
2514 else if (dirtype & FILE_ATTRIBUTE_DIRECTORY) /* Asked for a directory and it isn't. */
2515 return NT_STATUS_OBJECT_NAME_INVALID;
2516 #endif /* JRATEST */
2517
2518 /* On open checks the open itself will check the share mode, so
2519 don't do it here as we'll get it wrong. */
2520
2521 status = SMB_VFS_CREATE_FILE
2522 (conn, /* conn */
2523 req, /* req */
2524 0, /* root_dir_fid */
2525 smb_fname, /* fname */
2526 DELETE_ACCESS, /* access_mask */
2527 FILE_SHARE_NONE, /* share_access */
2528 FILE_OPEN, /* create_disposition*/
2529 FILE_NON_DIRECTORY_FILE, /* create_options */
2530 /* file_attributes */
2531 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2532 FILE_ATTRIBUTE_NORMAL,
2533 0, /* oplock_request */
2534 0, /* allocation_size */
2535 0, /* private_flags */
2536 NULL, /* sd */
2537 NULL, /* ea_list */
2538 &fsp, /* result */
2539 NULL); /* pinfo */
2540
2541 if (!NT_STATUS_IS_OK(status)) {
2542 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2543 nt_errstr(status)));
2544 return status;
2545 }
2546
2547 status = can_set_delete_on_close(fsp, fattr);
2548 if (!NT_STATUS_IS_OK(status)) {
2549 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2550 "(%s)\n",
2551 smb_fname_str_dbg(smb_fname),
2552 nt_errstr(status)));
2553 close_file(req, fsp, NORMAL_CLOSE);
2554 return status;
2555 }
2556
2557 /* The set is across all open files on this dev/inode pair. */
2558 if (!set_delete_on_close(fsp, true,
2559 conn->session_info->security_token,
2560 &conn->session_info->utok)) {
2561 close_file(req, fsp, NORMAL_CLOSE);
2562 return NT_STATUS_ACCESS_DENIED;
2563 }
2564
2565 return close_file(req, fsp, NORMAL_CLOSE);
2566 }
2567
2568 /****************************************************************************
2569 The guts of the unlink command, split out so it may be called by the NT SMB
2570 code.
2571 ****************************************************************************/
2572
2573 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2574 uint32 dirtype, struct smb_filename *smb_fname,
2575 bool has_wild)
2576 {
2577 char *fname_dir = NULL;
2578 char *fname_mask = NULL;
2579 int count=0;
2580 NTSTATUS status = NT_STATUS_OK;
2581 TALLOC_CTX *ctx = talloc_tos();
2582
2583 /* Split up the directory from the filename/mask. */
2584 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2585 &fname_dir, &fname_mask);
2586 if (!NT_STATUS_IS_OK(status)) {
2587 goto out;
2588 }
2589
2590 /*
2591 * We should only check the mangled cache
2592 * here if unix_convert failed. This means
2593 * that the path in 'mask' doesn't exist
2594 * on the file system and so we need to look
2595 * for a possible mangle. This patch from
2596 * Tine Smukavec <valentin.smukavec@hermes.si>.
2597 */
2598
2599 if (!VALID_STAT(smb_fname->st) &&
2600 mangle_is_mangled(fname_mask, conn->params)) {
2601 char *new_mask = NULL;
2602 mangle_lookup_name_from_8_3(ctx, fname_mask,
2603 &new_mask, conn->params);
2604 if (new_mask) {
2605 TALLOC_FREE(fname_mask);
2606 fname_mask = new_mask;
2607 }
2608 }
2609
2610 if (!has_wild) {
2611
2612 /*
2613 * Only one file needs to be unlinked. Append the mask back
2614 * onto the directory.
2615 */
2616 TALLOC_FREE(smb_fname->base_name);
2617 if (ISDOT(fname_dir)) {
2618 /* Ensure we use canonical names on open. */
2619 smb_fname->base_name = talloc_asprintf(smb_fname,
2620 "%s",
2621 fname_mask);
2622 } else {
2623 smb_fname->base_name = talloc_asprintf(smb_fname,
2624 "%s/%s",
2625 fname_dir,
2626 fname_mask);
2627 }
2628 if (!smb_fname->base_name) {
2629 status = NT_STATUS_NO_MEMORY;
2630 goto out;
2631 }
2632 if (dirtype == 0) {
2633 dirtype = FILE_ATTRIBUTE_NORMAL;
2634 }
2635
2636 status = check_name(conn, smb_fname->base_name);
2637 if (!NT_STATUS_IS_OK(status)) {
2638 goto out;
2639 }
2640
2641 status = do_unlink(conn, req, smb_fname, dirtype);
2642 if (!NT_STATUS_IS_OK(status)) {
2643 goto out;
2644 }
2645
2646 count++;
2647 } else {
2648 struct smb_Dir *dir_hnd = NULL;
2649 long offset = 0;
2650 const char *dname = NULL;
2651 char *talloced = NULL;
2652
2653 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == FILE_ATTRIBUTE_DIRECTORY) {
2654 status = NT_STATUS_OBJECT_NAME_INVALID;
2655 goto out;
2656 }
2657
2658 if (strequal(fname_mask,"????????.???")) {
2659 TALLOC_FREE(fname_mask);
2660 fname_mask = talloc_strdup(ctx, "*");
2661 if (!fname_mask) {
2662 status = NT_STATUS_NO_MEMORY;
2663 goto out;
2664 }
2665 }
2666
2667 status = check_name(conn, fname_dir);
2668 if (!NT_STATUS_IS_OK(status)) {
2669 goto out;
2670 }
2671
2672 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2673 dirtype);
2674 if (dir_hnd == NULL) {
2675 status = map_nt_error_from_unix(errno);
2676 goto out;
2677 }
2678
2679 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2680 the pattern matches against the long name, otherwise the short name
2681 We don't implement this yet XXXX
2682 */
2683
2684 status = NT_STATUS_NO_SUCH_FILE;
2685
2686 while ((dname = ReadDirName(dir_hnd, &offset,
2687 &smb_fname->st, &talloced))) {
2688 TALLOC_CTX *frame = talloc_stackframe();
2689
2690 if (!is_visible_file(conn, fname_dir, dname,
2691 &smb_fname->st, true)) {
2692 TALLOC_FREE(frame);
2693 TALLOC_FREE(talloced);
2694 continue;
2695 }
2696
2697 /* Quick check for "." and ".." */
2698 if (ISDOT(dname) || ISDOTDOT(dname)) {
2699 TALLOC_FREE(frame);
2700 TALLOC_FREE(talloced);
2701 continue;
2702 }
2703
2704 if(!mask_match(dname, fname_mask,
2705 conn->case_sensitive)) {
2706 TALLOC_FREE(frame);
2707 TALLOC_FREE(talloced);
2708 continue;
2709 }
2710
2711 TALLOC_FREE(smb_fname->base_name);
2712 if (ISDOT(fname_dir)) {
2713 /* Ensure we use canonical names on open. */
2714 smb_fname->base_name =
2715 talloc_asprintf(smb_fname, "%s",
2716 dname);
2717 } else {
2718 smb_fname->base_name =
2719 talloc_asprintf(smb_fname, "%s/%s",
2720 fname_dir, dname);
2721 }
2722
2723 if (!smb_fname->base_name) {
2724 TALLOC_FREE(dir_hnd);
2725 status = NT_STATUS_NO_MEMORY;
2726 TALLOC_FREE(frame);
2727 TALLOC_FREE(talloced);
2728 goto out;
2729 }
2730
2731 status = check_name(conn, smb_fname->base_name);
2732 if (!NT_STATUS_IS_OK(status)) {
2733 TALLOC_FREE(dir_hnd);
2734 TALLOC_FREE(frame);
2735 TALLOC_FREE(talloced);
2736 goto out;
2737 }
2738
2739 status = do_unlink(conn, req, smb_fname, dirtype);
2740 if (!NT_STATUS_IS_OK(status)) {
2741 TALLOC_FREE(frame);
2742 TALLOC_FREE(talloced);
2743 continue;
2744 }
2745
2746 count++;
2747 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2748 smb_fname->base_name));
2749
2750 TALLOC_FREE(frame);
2751 TALLOC_FREE(talloced);
2752 }
2753 TALLOC_FREE(dir_hnd);
2754 }
2755
2756 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2757 status = map_nt_error_from_unix(errno);
2758 }
2759
2760 out:
2761 TALLOC_FREE(fname_dir);
2762 TALLOC_FREE(fname_mask);
2763 return status;
2764 }
2765
2766 /****************************************************************************
2767 Reply to a unlink
2768 ****************************************************************************/
2769
2770 void reply_unlink(struct smb_request *req)
2771 {
2772 connection_struct *conn = req->conn;
2773 char *name = NULL;
2774 struct smb_filename *smb_fname = NULL;
2775 uint32 dirtype;
2776 NTSTATUS status;
2777 bool path_contains_wcard = False;
2778 TALLOC_CTX *ctx = talloc_tos();
2779
2780 START_PROFILE(SMBunlink);
2781
2782 if (req->wct < 1) {
2783 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2784 goto out;
2785 }
2786
2787 dirtype = SVAL(req->vwv+0, 0);
2788
2789 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2790 STR_TERMINATE, &status,
2791 &path_contains_wcard);
2792 if (!NT_STATUS_IS_OK(status)) {
2793 reply_nterror(req, status);
2794 goto out;
2795 }
2796
2797 status = filename_convert(ctx, conn,
2798 req->flags2 & FLAGS2_DFS_PATHNAMES,
2799 name,
2800 UCF_COND_ALLOW_WCARD_LCOMP,
2801 &path_contains_wcard,
2802 &smb_fname);
2803 if (!NT_STATUS_IS_OK(status)) {
2804 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2805 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2806 ERRSRV, ERRbadpath);
2807 goto out;
2808 }
2809 reply_nterror(req, status);
2810 goto out;
2811 }
2812
2813 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2814
2815 status = unlink_internals(conn, req, dirtype, smb_fname,
2816 path_contains_wcard);
2817 if (!NT_STATUS_IS_OK(status)) {
2818 if (open_was_deferred(req->mid)) {
2819 /* We have re-scheduled this call. */
2820 goto out;
2821 }
2822 reply_nterror(req, status);
2823 goto out;
2824 }
2825
2826 reply_outbuf(req, 0, 0);
2827 out:
2828 TALLOC_FREE(smb_fname);
2829 END_PROFILE(SMBunlink);
2830 return;
2831 }
2832
2833 /****************************************************************************
2834 Fail for readbraw.
2835 ****************************************************************************/
2836
2837 static void fail_readraw(void)
2838 {
2839 const char *errstr = talloc_asprintf(talloc_tos(),
2840 "FAIL ! reply_readbraw: socket write fail (%s)",
2841 strerror(errno));
2842 if (!errstr) {
2843 errstr = "";
2844 }
2845 exit_server_cleanly(errstr);
2846 }
2847
2848 /****************************************************************************
2849 Fake (read/write) sendfile. Returns -1 on read or write fail.
2850 ****************************************************************************/
2851
2852 ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos, size_t nread)
2853 {
2854 size_t bufsize;
2855 size_t tosend = nread;
2856 char *buf;
2857
2858 if (nread == 0) {
2859 return 0;
2860 }
2861
2862 bufsize = MIN(nread, 65536);
2863
2864 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2865 return -1;
2866 }
2867
2868 while (tosend > 0) {
2869 ssize_t ret;
2870 size_t cur_read;
2871
2872 if (tosend > bufsize) {
2873 cur_read = bufsize;
2874 } else {
2875 cur_read = tosend;
2876 }
2877 ret = read_file(fsp,buf,startpos,cur_read);
2878 if (ret == -1) {
2879 SAFE_FREE(buf);
2880 return -1;
2881 }
2882
2883 /* If we had a short read, fill with zeros. */
2884 if (ret < cur_read) {
2885 memset(buf + ret, '\0', cur_read - ret);
2886 }
2887
2888 if (write_data(fsp->conn->sconn->sock, buf, cur_read)
2889 != cur_read) {
2890 char addr[INET6_ADDRSTRLEN];
2891 /*
2892 * Try and give an error message saying what
2893 * client failed.
2894 */
2895 DEBUG(0, ("write_data failed for client %s. "
2896 "Error %s\n",
2897 get_peer_addr(fsp->conn->sconn->sock, addr,
2898 sizeof(addr)),
2899 strerror(errno)));
2900 SAFE_FREE(buf);
2901 return -1;
2902 }
2903 tosend -= cur_read;
2904 startpos += cur_read;
2905 }
2906
2907 SAFE_FREE(buf);
2908 return (ssize_t)nread;
2909 }
2910
2911 /****************************************************************************
2912 Deal with the case of sendfile reading less bytes from the file than
2913 requested. Fill with zeros (all we can do).
2914 ****************************************************************************/
2915
2916 void sendfile_short_send(files_struct *fsp,
2917 ssize_t nread,
2918 size_t headersize,
2919 size_t smb_maxcnt)
2920 {
2921 #define SHORT_SEND_BUFSIZE 1024
2922 if (nread < headersize) {
2923 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2924 "header for file %s (%s). Terminating\n",
2925 fsp_str_dbg(fsp), strerror(errno)));
2926 exit_server_cleanly("sendfile_short_send failed");
2927 }
2928
2929 nread -= headersize;
2930
2931 if (nread < smb_maxcnt) {
2932 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2933 if (!buf) {
2934 exit_server_cleanly("sendfile_short_send: "
2935 "malloc failed");
2936 }
2937
2938 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2939 "with zeros !\n", fsp_str_dbg(fsp)));
2940
2941 while (nread < smb_maxcnt) {
2942 /*
2943 * We asked for the real file size and told sendfile
2944 * to not go beyond the end of the file. But it can
2945 * happen that in between our fstat call and the
2946 * sendfile call the file was truncated. This is very
2947 * bad because we have already announced the larger
2948 * number of bytes to the client.
2949 *
2950 * The best we can do now is to send 0-bytes, just as
2951 * a read from a hole in a sparse file would do.
2952 *
2953 * This should happen rarely enough that I don't care
2954 * about efficiency here :-)
2955 */
2956 size_t to_write;
2957
2958 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2959 if (write_data(fsp->conn->sconn->sock, buf, to_write)
2960 != to_write) {
2961 char addr[INET6_ADDRSTRLEN];
2962 /*
2963 * Try and give an error message saying what
2964 * client failed.
2965 */
2966 DEBUG(0, ("write_data failed for client %s. "
2967 "Error %s\n",
2968 get_peer_addr(
2969 fsp->conn->sconn->sock, addr,
2970 sizeof(addr)),
2971 strerror(errno)));
2972 exit_server_cleanly("sendfile_short_send: "
2973 "write_data failed");
2974 }
2975 nread += to_write;
2976 }
2977 SAFE_FREE(buf);
2978 }
2979 }
2980
2981 /****************************************************************************
2982 Return a readbraw error (4 bytes of zero).
2983 ****************************************************************************/
2984
2985 static void reply_readbraw_error(struct smbd_server_connection *sconn)
2986 {
2987 char header[4];
2988
2989 SIVAL(header,0,0);
2990
2991 smbd_lock_socket(sconn);
2992 if (write_data(sconn->sock,header,4) != 4) {
2993 char addr[INET6_ADDRSTRLEN];
2994 /*
2995 * Try and give an error message saying what
2996 * client failed.
2997 */
2998 DEBUG(0, ("write_data failed for client %s. "
2999 "Error %s\n",
3000 get_peer_addr(sconn->sock, addr, sizeof(addr)),
3001 strerror(errno)));
3002
3003 fail_readraw();
3004 }
3005 smbd_unlock_socket(sconn);
3006 }
3007
3008 /****************************************************************************
3009 Use sendfile in readbraw.
3010 ****************************************************************************/
3011
3012 static void send_file_readbraw(connection_struct *conn,
3013 struct smb_request *req,
3014 files_struct *fsp,
3015 SMB_OFF_T startpos,
3016 size_t nread,
3017 ssize_t mincount)
3018 {
3019 struct smbd_server_connection *sconn = req->sconn;
3020 char *outbuf = NULL;
3021 ssize_t ret=0;
3022
3023 /*
3024 * We can only use sendfile on a non-chained packet
3025 * but we can use on a non-oplocked file. tridge proved this
3026 * on a train in Germany :-). JRA.
3027 * reply_readbraw has already checked the length.
3028 */
3029
3030 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
3031 (fsp->wcp == NULL) &&
3032 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3033 ssize_t sendfile_read = -1;
3034 char header[4];
3035 DATA_BLOB header_blob;
3036
3037 _smb_setlen(header,nread);
3038 header_blob = data_blob_const(header, 4);
3039
3040 sendfile_read = SMB_VFS_SENDFILE(sconn->sock, fsp,
3041 &header_blob, startpos,
3042 nread);
3043 if (sendfile_read == -1) {
3044 /* Returning ENOSYS means no data at all was sent.
3045 * Do this as a normal read. */
3046 if (errno == ENOSYS) {
3047 goto normal_readbraw;
3048 }
3049
3050 /*
3051 * Special hack for broken Linux with no working sendfile. If we
3052 * return EINTR we sent the header but not the rest of the data.
3053 * Fake this up by doing read/write calls.
3054 */
3055 if (errno == EINTR) {
3056 /* Ensure we don't do this again. */
3057 set_use_sendfile(SNUM(conn), False);
3058 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
3059
3060 if (fake_sendfile(fsp, startpos, nread) == -1) {
3061 DEBUG(0,("send_file_readbraw: "
3062 "fake_sendfile failed for "
3063 "file %s (%s).\n",
3064 fsp_str_dbg(fsp),
3065 strerror(errno)));
3066 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
3067 }
3068 return;
3069 }
3070
3071 DEBUG(0,("send_file_readbraw: sendfile failed for "
3072 "file %s (%s). Terminating\n",
3073 fsp_str_dbg(fsp), strerror(errno)));
3074 exit_server_cleanly("send_file_readbraw sendfile failed");
3075 } else if (sendfile_read == 0) {
3076 /*
3077 * Some sendfile implementations return 0 to indicate
3078 * that there was a short read, but nothing was
3079 * actually written to the socket. In this case,
3080 * fallback to the normal read path so the header gets
3081 * the correct byte count.
3082 */
3083 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
3084 "bytes falling back to the normal read: "
3085 "%s\n", fsp_str_dbg(fsp)));
3086 goto normal_readbraw;
3087 }
3088
3089 /* Deal with possible short send. */
3090 if (sendfile_read != 4+nread) {
3091 sendfile_short_send(fsp, sendfile_read, 4, nread);
3092 }
3093 return;
3094 }
3095
3096 normal_readbraw:
3097
3098 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
3099 if (!outbuf) {
3100 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
3101 (unsigned)(nread+4)));
3102 reply_readbraw_error(sconn);
3103 return;
3104 }
3105
3106 if (nread > 0) {
3107 ret = read_file(fsp,outbuf+4,startpos,nread);
3108 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3109 if (ret < mincount)
3110 ret = 0;
3111 #else
3112 if (ret < nread)
3113 ret = 0;
3114 #endif
3115 }
3116
3117 _smb_setlen(outbuf,ret);
3118 if (write_data(sconn->sock, outbuf, 4+ret) != 4+ret) {
3119 char addr[INET6_ADDRSTRLEN];
3120 /*
3121 * Try and give an error message saying what
3122 * client failed.
3123 */
3124 DEBUG(0, ("write_data failed for client %s. "
3125 "Error %s\n",
3126 get_peer_addr(fsp->conn->sconn->sock, addr,
3127 sizeof(addr)),
3128 strerror(errno)));
3129
3130 fail_readraw();
3131 }
3132
3133 TALLOC_FREE(outbuf);
3134 }
3135
3136 /****************************************************************************
3137 Reply to a readbraw (core+ protocol).
3138 ****************************************************************************/
3139
3140 void reply_readbraw(struct smb_request *req)
3141 {
3142 connection_struct *conn = req->conn;
3143 struct smbd_server_connection *sconn = req->sconn;
3144 ssize_t maxcount,mincount;
3145 size_t nread = 0;
3146 SMB_OFF_T startpos;
3147 files_struct *fsp;
3148 struct lock_struct lock;
3149 SMB_OFF_T size = 0;
3150
3151 START_PROFILE(SMBreadbraw);
3152
3153 if (srv_is_signing_active(sconn) || req->encrypted) {
3154 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3155 "raw reads/writes are disallowed.");
3156 }
3157
3158 if (req->wct < 8) {
3159 reply_readbraw_error(sconn);
3160 END_PROFILE(SMBreadbraw);
3161 return;
3162 }
3163
3164 if (sconn->smb1.echo_handler.trusted_fde) {
3165 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3166 "'async smb echo handler = yes'\n"));
3167 reply_readbraw_error(sconn);
3168 END_PROFILE(SMBreadbraw);
3169 return;
3170 }
3171
3172 /*
3173 * Special check if an oplock break has been issued
3174 * and the readraw request croses on the wire, we must
3175 * return a zero length response here.
3176 */
3177
3178 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3179
3180 /*
3181 * We have to do a check_fsp by hand here, as
3182 * we must always return 4 zero bytes on error,
3183 * not a NTSTATUS.
3184 */
3185
3186 if (!fsp || !conn || conn != fsp->conn ||
3187 req->vuid != fsp->vuid ||
3188 fsp->is_directory || fsp->fh->fd == -1) {
3189 /*
3190 * fsp could be NULL here so use the value from the packet. JRA.
3191 */
3192 DEBUG(3,("reply_readbraw: fnum %d not valid "
3193 "- cache prime?\n",
3194 (int)SVAL(req->vwv+0, 0)));
3195 reply_readbraw_error(sconn);
3196 END_PROFILE(SMBreadbraw);
3197 return;
3198 }
3199
3200 /* Do a "by hand" version of CHECK_READ. */
3201 if (!(fsp->can_read ||
3202 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3203 (fsp->access_mask & FILE_EXECUTE)))) {
3204 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3205 (int)SVAL(req->vwv+0, 0)));
3206 reply_readbraw_error(sconn);
3207 END_PROFILE(SMBreadbraw);
3208 return;
3209 }
3210
3211 flush_write_cache(fsp, READRAW_FLUSH);
3212
3213 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3214 if(req->wct == 10) {
3215 /*
3216 * This is a large offset (64 bit) read.
3217 */
3218 #ifdef LARGE_SMB_OFF_T
3219
3220 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3221
3222 #else /* !LARGE_SMB_OFF_T */
3223
3224 /*
3225 * Ensure we haven't been sent a >32 bit offset.
3226 */
3227
3228 if(IVAL(req->vwv+8, 0) != 0) {
3229 DEBUG(0,("reply_readbraw: large offset "
3230 "(%x << 32) used and we don't support "
3231 "64 bit offsets.\n",
3232 (unsigned int)IVAL(req->vwv+8, 0) ));
3233 reply_readbraw_error(sconn);
3234 END_PROFILE(SMBreadbraw);
3235 return;
3236 }
3237
3238 #endif /* LARGE_SMB_OFF_T */
3239
3240 if(startpos < 0) {
3241 DEBUG(0,("reply_readbraw: negative 64 bit "
3242 "readraw offset (%.0f) !\n",
3243 (double)startpos ));
3244 reply_readbraw_error(sconn);
3245 END_PROFILE(SMBreadbraw);
3246 return;
3247 }
3248 }
3249
3250 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3251 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3252
3253 /* ensure we don't overrun the packet size */
3254 maxcount = MIN(65535,maxcount);
3255
3256 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3257 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3258 &lock);
3259
3260 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3261 reply_readbraw_error(sconn);
3262 END_PROFILE(SMBreadbraw);
3263 return;
3264 }
3265
3266 if (fsp_stat(fsp) == 0) {
3267 size = fsp->fsp_name->st.st_ex_size;
3268 }
3269
3270 if (startpos >= size) {
3271 nread = 0;
3272 } else {
3273 nread = MIN(maxcount,(size - startpos));
3274 }
3275
3276 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3277 if (nread < mincount)
3278 nread = 0;
3279 #endif
3280
3281 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3282 "min=%lu nread=%lu\n",
3283 fsp->fnum, (double)startpos,
3284 (unsigned long)maxcount,
3285 (unsigned long)mincount,
3286 (unsigned long)nread ) );
3287
3288 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3289
3290 DEBUG(5,("reply_readbraw finished\n"));
3291
3292 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3293
3294 END_PROFILE(SMBreadbraw);
3295 return;
3296 }
3297
3298 #undef DBGC_CLASS
3299 #define DBGC_CLASS DBGC_LOCKING
3300
3301 /****************************************************************************
3302 Reply to a lockread (core+ protocol).
3303 ****************************************************************************/
3304
3305 void reply_lockread(struct smb_request *req)
3306 {
3307 connection_struct *conn = req->conn;
3308 ssize_t nread = -1;
3309 char *data;
3310 SMB_OFF_T startpos;
3311 size_t numtoread;
3312 NTSTATUS status;
3313 files_struct *fsp;
3314 struct byte_range_lock *br_lck = NULL;
3315 char *p = NULL;
3316 struct smbd_server_connection *sconn = req->sconn;
3317
3318 START_PROFILE(SMBlockread);
3319
3320 if (req->wct < 5) {
3321 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3322 END_PROFILE(SMBlockread);
3323 return;
3324 }
3325
3326 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3327
3328 if (!check_fsp(conn, req, fsp)) {
3329 END_PROFILE(SMBlockread);
3330 return;
3331 }
3332
3333 if (!CHECK_READ(fsp,req)) {
3334 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3335 END_PROFILE(SMBlockread);
3336 return;
3337 }
3338
3339 numtoread = SVAL(req->vwv+1, 0);
3340 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3341
3342 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3343
3344 reply_outbuf(req, 5, numtoread + 3);
3345
3346 data = smb_buf(req->outbuf) + 3;
3347
3348 /*
3349 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3350 * protocol request that predates the read/write lock concept.
3351 * Thus instead of asking for a read lock here we need to ask
3352 * for a write lock. JRA.
3353 * Note that the requested lock size is unaffected by max_recv.
3354 */
3355
3356 br_lck = do_lock(req->sconn->msg_ctx,
3357 fsp,
3358 (uint64_t)req->smbpid,
3359 (uint64_t)numtoread,
3360 (uint64_t)startpos,
3361 WRITE_LOCK,
3362 WINDOWS_LOCK,
3363 False, /* Non-blocking lock. */
3364 &status,
3365 NULL,
3366 NULL);
3367 TALLOC_FREE(br_lck);
3368
3369 if (NT_STATUS_V(status)) {
3370 reply_nterror(req, status);
3371 END_PROFILE(SMBlockread);
3372 return;
3373 }
3374
3375 /*
3376 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3377 */
3378
3379 if (numtoread > sconn->smb1.negprot.max_recv) {
3380 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3381 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3382 (unsigned int)numtoread,
3383 (unsigned int)sconn->smb1.negprot.max_recv));
3384 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3385 }
3386 nread = read_file(fsp,data,startpos,numtoread);
3387
3388 if (nread < 0) {
3389 reply_nterror(req, map_nt_error_from_unix(errno));
3390 END_PROFILE(SMBlockread);
3391 return;
3392 }
3393
3394 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3395
3396 SSVAL(req->outbuf,smb_vwv0,nread);
3397 SSVAL(req->outbuf,smb_vwv5,nread+3);
3398 p = smb_buf(req->outbuf);
3399 SCVAL(p,0,0); /* pad byte. */
3400 SSVAL(p,1,nread);
3401
3402 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3403 fsp->fnum, (int)numtoread, (int)nread));
3404
3405 END_PROFILE(SMBlockread);
3406 return;
3407 }
3408
3409 #undef DBGC_CLASS
3410 #define DBGC_CLASS DBGC_ALL
3411
3412 /****************************************************************************
3413 Reply to a read.
3414 ****************************************************************************/
3415
3416 void reply_read(struct smb_request *req)
3417 {
3418 connection_struct *conn = req->conn;
3419 size_t numtoread;
3420 ssize_t nread = 0;
3421 char *data;
3422 SMB_OFF_T startpos;
3423 int outsize = 0;
3424 files_struct *fsp;
3425 struct lock_struct lock;
3426 struct smbd_server_connection *sconn = req->sconn;
3427
3428 START_PROFILE(SMBread);
3429
3430 if (req->wct < 3) {
3431 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3432 END_PROFILE(SMBread);
3433 return;
3434 }
3435
3436 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3437
3438 if (!check_fsp(conn, req, fsp)) {
3439 END_PROFILE(SMBread);
3440 return;
3441 }
3442
3443 if (!CHECK_READ(fsp,req)) {
3444 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3445 END_PROFILE(SMBread);
3446 return;
3447 }
3448
3449 numtoread = SVAL(req->vwv+1, 0);
3450 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3451
3452 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3453
3454 /*
3455 * The requested read size cannot be greater than max_recv. JRA.
3456 */
3457 if (numtoread > sconn->smb1.negprot.max_recv) {
3458 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3459 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3460 (unsigned int)numtoread,
3461 (unsigned int)sconn->smb1.negprot.max_recv));
3462 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3463 }
3464
3465 reply_outbuf(req, 5, numtoread+3);
3466
3467 data = smb_buf(req->outbuf) + 3;
3468
3469 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3470 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3471 &lock);
3472
3473 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3474 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3475 END_PROFILE(SMBread);
3476 return;
3477 }
3478
3479 if (numtoread > 0)
3480 nread = read_file(fsp,data,startpos,numtoread);
3481
3482 if (nread < 0) {
3483 reply_nterror(req, map_nt_error_from_unix(errno));
3484 goto strict_unlock;
3485 }
3486
3487 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3488
3489 SSVAL(req->outbuf,smb_vwv0,nread);
3490 SSVAL(req->outbuf,smb_vwv5,nread+3);
3491 SCVAL(smb_buf(req->outbuf),0,1);
3492 SSVAL(smb_buf(req->outbuf),1,nread);
3493
3494 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3495 fsp->fnum, (int)numtoread, (int)nread ) );
3496
3497 strict_unlock:
3498 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3499
3500 END_PROFILE(SMBread);
3501 return;
3502 }
3503
3504 /****************************************************************************
3505 Setup readX header.
3506 ****************************************************************************/
3507
3508 static int setup_readX_header(struct smb_request *req, char *outbuf,
3509 size_t smb_maxcnt)
3510 {
3511 int outsize;
3512 char *data;
3513
3514 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3515 data = smb_buf(outbuf);
3516
3517 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3518
3519 SCVAL(outbuf,smb_vwv0,0xFF);
3520 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3521 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3522 SSVAL(outbuf,smb_vwv6,
3523 req_wct_ofs(req)
3524 + 1 /* the wct field */
3525 + 12 * sizeof(uint16_t) /* vwv */
3526 + 2); /* the buflen field */
3527 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3528 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3529 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3530 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3531 return outsize;
3532 }
3533
3534 /****************************************************************************
3535 Reply to a read and X - possibly using sendfile.
3536 ****************************************************************************/
3537
3538 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3539 files_struct *fsp, SMB_OFF_T startpos,
3540 size_t smb_maxcnt)
3541 {
3542 ssize_t nread = -1;
3543 struct lock_struct lock;
3544 int saved_errno = 0;
3545
3546 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3547 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3548 &lock);
3549
3550 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3551 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3552 return;
3553 }
3554
3555 /*
3556 * We can only use sendfile on a non-chained packet
3557 * but we can use on a non-oplocked file. tridge proved this
3558 * on a train in Germany :-). JRA.
3559 */
3560
3561 if (!req_is_in_chain(req) &&
3562 !req->encrypted && (fsp->base_fsp == NULL) &&
3563 (fsp->wcp == NULL) &&
3564 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3565 uint8 headerbuf[smb_size + 12 * 2];
3566 DATA_BLOB header;
3567
3568 if(fsp_stat(fsp) == -1) {
3569 reply_nterror(req, map_nt_error_from_unix(errno));
3570 goto strict_unlock;
3571 }
3572
3573 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3574 (startpos > fsp->fsp_name->st.st_ex_size) ||
3575 (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3576 /*
3577 * We already know that we would do a short read, so don't
3578 * try the sendfile() path.
3579 */
3580 goto nosendfile_read;
3581 }
3582
3583 /*
3584 * Set up the packet header before send. We
3585 * assume here the sendfile will work (get the
3586 * correct amount of data).
3587 */
3588
3589 header = data_blob_const(headerbuf, sizeof(headerbuf));
3590
3591 construct_reply_common_req(req, (char *)headerbuf);
3592 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3593
3594 nread = SMB_VFS_SENDFILE(req->sconn->sock, fsp, &header,
3595 startpos, smb_maxcnt);
3596 if (nread == -1) {
3597 /* Returning ENOSYS means no data at all was sent.
3598 Do this as a normal read. */
3599 if (errno == ENOSYS) {
3600 goto normal_read;
3601 }
3602
3603 /*
3604 * Special hack for broken Linux with no working sendfile. If we
3605 * return EINTR we sent the header but not the rest of the data.
3606 * Fake this up by doing read/write calls.
3607 */
3608
3609 if (errno == EINTR) {
3610 /* Ensure we don't do this again. */
3611 set_use_sendfile(SNUM(conn), False);
3612 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3613 nread = fake_sendfile(fsp, startpos,
3614 smb_maxcnt);
3615 if (nread == -1) {
3616 DEBUG(0,("send_file_readX: "
3617 "fake_sendfile failed for "
3618 "file %s (%s).\n",
3619 fsp_str_dbg(fsp),
3620 strerror(errno)));
3621 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3622 }
3623 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3624 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3625 /* No outbuf here means successful sendfile. */
3626 goto strict_unlock;
3627 }
3628
3629 DEBUG(0,("send_file_readX: sendfile failed for file "
3630 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3631 strerror(errno)));
3632 exit_server_cleanly("send_file_readX sendfile failed");
3633 } else if (nread == 0) {
3634 /*
3635 * Some sendfile implementations return 0 to indicate
3636 * that there was a short read, but nothing was
3637 * actually written to the socket. In this case,
3638 * fallback to the normal read path so the header gets
3639 * the correct byte count.
3640 */
3641 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3642 "falling back to the normal read: %s\n",
3643 fsp_str_dbg(fsp)));
3644 goto normal_read;
3645 }
3646
3647 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3648 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3649
3650 /* Deal with possible short send. */
3651 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3652 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3653 }
3654 /* No outbuf here means successful sendfile. */
3655 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3656 SMB_PERFCOUNT_END(&req->pcd);
3657 goto strict_unlock;
3658 }
3659
3660 normal_read:
3661
3662 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3663 uint8 headerbuf[smb_size + 2*12];
3664
3665 construct_reply_common_req(req, (char *)headerbuf);
3666 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3667
3668 /* Send out the header. */
3669 if (write_data(req->sconn->sock, (char *)headerbuf,
3670 sizeof(headerbuf)) != sizeof(headerbuf)) {
3671
3672 char addr[INET6_ADDRSTRLEN];
3673 /*
3674 * Try and give an error message saying what
3675 * client failed.
3676 */
3677 DEBUG(0, ("write_data failed for client %s. "
3678 "Error %s\n",
3679 get_peer_addr(req->sconn->sock, addr,
3680 sizeof(addr)),
3681 strerror(errno)));
3682
3683 DEBUG(0,("send_file_readX: write_data failed for file "
3684 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3685 strerror(errno)));
3686 exit_server_cleanly("send_file_readX sendfile failed");
3687 }
3688 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3689 if (nread == -1) {
3690 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3691 "file %s (%s).\n", fsp_str_dbg(fsp),
3692 strerror(errno)));
3693 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3694 }
3695 goto strict_unlock;
3696 }
3697
3698 nosendfile_read:
3699
3700 reply_outbuf(req, 12, smb_maxcnt);
3701
3702 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3703 saved_errno = errno;
3704
3705 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3706
3707 if (nread < 0) {
3708 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3709 return;
3710 }
3711
3712 setup_readX_header(req, (char *)req->outbuf, nread);
3713
3714 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3715 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3716
3717 chain_reply(req);
3718 return;
3719
3720 strict_unlock:
3721 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3722 TALLOC_FREE(req->outbuf);
3723 return;
3724 }
3725
3726 /****************************************************************************
3727 Reply to a read and X.
3728 ****************************************************************************/
3729
3730 void reply_read_and_X(struct smb_request *req)
3731 {
3732 connection_struct *conn = req->conn;
3733 files_struct *fsp;
3734 SMB_OFF_T startpos;
3735 size_t smb_maxcnt;
3736 bool big_readX = False;
3737 #if 0
3738 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3739 #endif
3740
3741 START_PROFILE(SMBreadX);
3742
3743 if ((req->wct != 10) && (req->wct != 12)) {
3744 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3745 return;
3746 }
3747
3748 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3749 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3750 smb_maxcnt = SVAL(req->vwv+5, 0);
3751
3752 /* If it's an IPC, pass off the pipe handler. */
3753 if (IS_IPC(conn)) {
3754 reply_pipe_read_and_X(req);
3755 END_PROFILE(SMBreadX);
3756 return;
3757 }
3758
3759 if (!check_fsp(conn, req, fsp)) {
3760 END_PROFILE(SMBreadX);
3761 return;
3762 }
3763
3764 if (!CHECK_READ(fsp,req)) {
3765 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3766 END_PROFILE(SMBreadX);
3767 return;
3768 }
3769
3770 if (global_client_caps & CAP_LARGE_READX) {
3771 size_t upper_size = SVAL(req->vwv+7, 0);
3772 smb_maxcnt |= (upper_size<<16);
3773 if (upper_size > 1) {
3774 /* Can't do this on a chained packet. */
3775 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3776 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3777 END_PROFILE(SMBreadX);
3778 return;
3779 }
3780 /* We currently don't do this on signed or sealed data. */
3781 if (srv_is_signing_active(req->sconn) || req->encrypted) {
3782 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3783 END_PROFILE(SMBreadX);
3784 return;
3785 }
3786 /* Is there room in the reply for this data ? */
3787 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3788 reply_nterror(req,
3789 NT_STATUS_INVALID_PARAMETER);
3790 END_PROFILE(SMBreadX);
3791 return;
3792 }
3793 big_readX = True;
3794 }
3795 }
3796
3797 if (req->wct == 12) {
3798 #ifdef LARGE_SMB_OFF_T
3799 /*
3800 * This is a large offset (64 bit) read.
3801 */
3802 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3803
3804 #else /* !LARGE_SMB_OFF_T */
3805
3806 /*
3807 * Ensure we haven't been sent a >32 bit offset.
3808 */
3809
3810 if(IVAL(req->vwv+10, 0) != 0) {
3811 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3812 "used and we don't support 64 bit offsets.\n",
3813 (unsigned int)IVAL(req->vwv+10, 0) ));
3814 END_PROFILE(SMBreadX);
3815 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3816 return;
3817 }
3818
3819 #endif /* LARGE_SMB_OFF_T */
3820
3821 }
3822
3823 if (!big_readX) {
3824 NTSTATUS status = schedule_aio_read_and_X(conn,
3825 req,
3826 fsp,
3827 startpos,
3828 smb_maxcnt);
3829 if (NT_STATUS_IS_OK(status)) {
3830 /* Read scheduled - we're done. */
3831 goto out;
3832 }
3833 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
3834 /* Real error - report to client. */
3835 END_PROFILE(SMBreadX);
3836 reply_nterror(req, status);
3837 return;
3838 }
3839 /* NT_STATUS_RETRY - fall back to sync read. */
3840 }
3841
3842 smbd_lock_socket(req->sconn);
3843 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3844 smbd_unlock_socket(req->sconn);
3845
3846 out:
3847 END_PROFILE(SMBreadX);
3848 return;
3849 }
3850
3851 /****************************************************************************
3852 Error replies to writebraw must have smb_wct == 1. Fix this up.
3853 ****************************************************************************/
3854
3855 void error_to_writebrawerr(struct smb_request *req)
3856 {
3857 uint8 *old_outbuf = req->outbuf;
3858
3859 reply_outbuf(req, 1, 0);
3860
3861 memcpy(req->outbuf, old_outbuf, smb_size);
3862 TALLOC_FREE(old_outbuf);
3863 }
3864
3865 /****************************************************************************
3866 Read 4 bytes of a smb packet and return the smb length of the packet.
3867 Store the result in the buffer. This version of the function will
3868 never return a session keepalive (length of zero).
3869 Timeout is in milliseconds.
3870 ****************************************************************************/
3871
3872 static NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
3873 size_t *len)
3874 {
3875 uint8_t msgtype = SMBkeepalive;
3876
3877 while (msgtype == SMBkeepalive) {
3878 NTSTATUS status;
3879
3880 status = read_smb_length_return_keepalive(fd, inbuf, timeout,
3881 len);
3882 if (!NT_STATUS_IS_OK(status)) {
3883 char addr[INET6_ADDRSTRLEN];
3884 /* Try and give an error message
3885 * saying what client failed. */
3886 DEBUG(0, ("read_fd_with_timeout failed for "
3887 "client %s read error = %s.\n",
3888 get_peer_addr(fd,addr,sizeof(addr)),
3889 nt_errstr(status)));
3890 return status;
3891 }
3892
3893 msgtype = CVAL(inbuf, 0);
3894 }
3895
3896 DEBUG(10,("read_smb_length: got smb length of %lu\n",
3897 (unsigned long)len));
3898
3899 return NT_STATUS_OK;
3900 }
3901
3902 /****************************************************************************
3903 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3904 ****************************************************************************/
3905
3906 void reply_writebraw(struct smb_request *req)
3907 {
3908 connection_struct *conn = req->conn;
3909 char *buf = NULL;
3910 ssize_t nwritten=0;
3911 ssize_t total_written=0;
3912 size_t numtowrite=0;
3913 size_t tcount;
3914 SMB_OFF_T startpos;
3915 char *data=NULL;
3916 bool write_through;
3917 files_struct *fsp;
3918 struct lock_struct lock;
3919 NTSTATUS status;
3920
3921 START_PROFILE(SMBwritebraw);
3922
3923 /*
3924 * If we ever reply with an error, it must have the SMB command
3925 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3926 * we're finished.
3927 */
3928 SCVAL(req->inbuf,smb_com,SMBwritec);
3929
3930 if (srv_is_signing_active(req->sconn)) {
3931 END_PROFILE(SMBwritebraw);
3932 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3933 "raw reads/writes are disallowed.");
3934 }
3935
3936 if (req->wct < 12) {
3937 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3938 error_to_writebrawerr(req);
3939 END_PROFILE(SMBwritebraw);
3940 return;
3941 }
3942
3943 if (req->sconn->smb1.echo_handler.trusted_fde) {
3944 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
3945 "'async smb echo handler = yes'\n"));
3946 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3947 error_to_writebrawerr(req);
3948 END_PROFILE(SMBwritebraw);
3949 return;
3950 }
3951
3952 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3953 if (!check_fsp(conn, req, fsp)) {
3954 error_to_writebrawerr(req);
3955 END_PROFILE(SMBwritebraw);
3956 return;
3957 }
3958
3959 if (!CHECK_WRITE(fsp)) {
3960 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3961 error_to_writebrawerr(req);
3962 END_PROFILE(SMBwritebraw);
3963 return;
3964 }
3965
3966 tcount = IVAL(req->vwv+1, 0);
3967 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3968 write_through = BITSETW(req->vwv+7,0);
3969
3970 /* We have to deal with slightly different formats depending
3971 on whether we are using the core+ or lanman1.0 protocol */
3972
3973 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3974 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3975 data = smb_buf(req->inbuf);
3976 } else {
3977 numtowrite = SVAL(req->vwv+10, 0);
3978 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3979 }
3980
3981 /* Ensure we don't write bytes past the end of this packet. */
3982 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3983 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3984 error_to_writebrawerr(req);
3985 END_PROFILE(SMBwritebraw);
3986 return;
3987 }
3988
3989 if (!fsp->print_file) {
3990 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3991 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3992 &lock);
3993
3994 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3995 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3996 error_to_writebrawerr(req);
3997 END_PROFILE(SMBwritebraw);
3998 return;
3999 }
4000 }
4001
4002 if (numtowrite>0) {
4003 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4004 }
4005
4006 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
4007 "wrote=%d sync=%d\n",
4008 fsp->fnum, (double)startpos, (int)numtowrite,
4009 (int)nwritten, (int)write_through));
4010
4011 if (nwritten < (ssize_t)numtowrite) {
4012 reply_nterror(req, NT_STATUS_DISK_FULL);
4013 error_to_writebrawerr(req);
4014 goto strict_unlock;
4015 }
4016
4017 total_written = nwritten;
4018
4019 /* Allocate a buffer of 64k + length. */
4020 buf = TALLOC_ARRAY(NULL, char, 65540);
4021 if (!buf) {
4022 reply_nterror(req, NT_STATUS_NO_MEMORY);
4023 error_to_writebrawerr(req);
4024 goto strict_unlock;
4025 }
4026
4027 /* Return a SMBwritebraw message to the redirector to tell
4028 * it to send more bytes */
4029
4030 memcpy(buf, req->inbuf, smb_size);
4031 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
4032 SCVAL(buf,smb_com,SMBwritebraw);
4033 SSVALS(buf,smb_vwv0,0xFFFF);
4034 show_msg(buf);
4035 if (!srv_send_smb(req->sconn,
4036 buf,
4037 false, 0, /* no signing */
4038 IS_CONN_ENCRYPTED(conn),
4039 &req->pcd)) {
4040 exit_server_cleanly("reply_writebraw: srv_send_smb "
4041 "failed.");
4042 }
4043
4044 /* Now read the raw data into the buffer and write it */
4045 status = read_smb_length(req->sconn->sock, buf, SMB_SECONDARY_WAIT,
4046 &numtowrite);
4047 if (!NT_STATUS_IS_OK(status)) {
4048 exit_server_cleanly("secondary writebraw failed");
4049 }
4050
4051 /* Set up outbuf to return the correct size */
4052 reply_outbuf(req, 1, 0);
4053
4054 if (numtowrite != 0) {
4055
4056 if (numtowrite > 0xFFFF) {
4057 DEBUG(0,("reply_writebraw: Oversize secondary write "
4058 "raw requested (%u). Terminating\n",
4059 (unsigned int)numtowrite ));
4060 exit_server_cleanly("secondary writebraw failed");
4061 }
4062
4063 if (tcount > nwritten+numtowrite) {
4064 DEBUG(3,("reply_writebraw: Client overestimated the "
4065 "write %d %d %d\n",
4066 (int)tcount,(int)nwritten,(int)numtowrite));
4067 }
4068
4069 status = read_data(req->sconn->sock, buf+4, numtowrite);
4070
4071 if (!NT_STATUS_IS_OK(status)) {
4072 char addr[INET6_ADDRSTRLEN];
4073 /* Try and give an error message
4074 * saying what client failed. */
4075 DEBUG(0, ("reply_writebraw: Oversize secondary write "
4076 "raw read failed (%s) for client %s. "
4077 "Terminating\n", nt_errstr(status),
4078 get_peer_addr(req->sconn->sock, addr,
4079 sizeof(addr))));
4080 exit_server_cleanly("secondary writebraw failed");
4081 }
4082
4083 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
4084 if (nwritten == -1) {
4085 TALLOC_FREE(buf);
4086 reply_nterror(req, map_nt_error_from_unix(errno));
4087 error_to_writebrawerr(req);
4088 goto strict_unlock;
4089 }
4090
4091 if (nwritten < (ssize_t)numtowrite) {
4092 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4093 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4094 }
4095
4096 if (nwritten > 0) {
4097 total_written += nwritten;
4098 }
4099 }
4100
4101 TALLOC_FREE(buf);
4102 SSVAL(req->outbuf,smb_vwv0,total_written);
4103
4104 status = sync_file(conn, fsp, write_through);
4105 if (!NT_STATUS_IS_OK(status)) {
4106 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
4107 fsp_str_dbg(fsp), nt_errstr(status)));
4108 reply_nterror(req, status);
4109 error_to_writebrawerr(req);
4110 goto strict_unlock;
4111 }
4112
4113 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
4114 "wrote=%d\n",
4115 fsp->fnum, (double)startpos, (int)numtowrite,
4116 (int)total_written));
4117
4118 if (!fsp->print_file) {
4119 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4120 }
4121
4122 /* We won't return a status if write through is not selected - this
4123 * follows what WfWg does */
4124 END_PROFILE(SMBwritebraw);
4125
4126 if (!write_through && total_written==tcount) {
4127
4128 #if RABBIT_PELLET_FIX
4129 /*
4130 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
4131 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
4132 * JRA.
4133 */
4134 if (!send_keepalive(req->sconn->sock)) {
4135 exit_server_cleanly("reply_writebraw: send of "
4136 "keepalive failed");
4137 }
4138 #endif
4139 TALLOC_FREE(req->outbuf);
4140 }
4141 return;
4142
4143 strict_unlock:
4144 if (!fsp->print_file) {
4145 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4146 }
4147
4148 END_PROFILE(SMBwritebraw);
4149 return;
4150 }
4151
4152 #undef DBGC_CLASS
4153 #define DBGC_CLASS DBGC_LOCKING
4154
4155 /****************************************************************************
4156 Reply to a writeunlock (core+).
4157 ****************************************************************************/
4158
4159 void reply_writeunlock(struct smb_request *req)
4160 {
4161 connection_struct *conn = req->conn;
4162 ssize_t nwritten = -1;
4163 size_t numtowrite;
4164 SMB_OFF_T startpos;
4165 const char *data;
4166 NTSTATUS status = NT_STATUS_OK;
4167 files_struct *fsp;
4168 struct lock_struct lock;
4169 int saved_errno = 0;
4170
4171 START_PROFILE(SMBwriteunlock);
4172
4173 if (req->wct < 5) {
4174 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4175 END_PROFILE(SMBwriteunlock);
4176 return;
4177 }
4178
4179 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4180
4181 if (!check_fsp(conn, req, fsp)) {
4182 END_PROFILE(SMBwriteunlock);
4183 return;
4184 }
4185
4186 if (!CHECK_WRITE(fsp)) {
4187 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4188 END_PROFILE(SMBwriteunlock);
4189 return;
4190 }
4191
4192 numtowrite = SVAL(req->vwv+1, 0);
4193 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4194 data = (const char *)req->buf + 3;
4195
4196 if (!fsp->print_file && numtowrite > 0) {
4197 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4198 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4199 &lock);
4200
4201 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4202 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4203 END_PROFILE(SMBwriteunlock);
4204 return;
4205 }
4206 }
4207
4208 /* The special X/Open SMB protocol handling of
4209 zero length writes is *NOT* done for
4210 this call */
4211 if(numtowrite == 0) {
4212 nwritten = 0;
4213 } else {
4214 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4215 saved_errno = errno;
4216 }
4217
4218 status = sync_file(conn, fsp, False /* write through */);
4219 if (!NT_STATUS_IS_OK(status)) {
4220 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4221 fsp_str_dbg(fsp), nt_errstr(status)));
4222 reply_nterror(req, status);
4223 goto strict_unlock;
4224 }
4225
4226 if(nwritten < 0) {
4227 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4228 goto strict_unlock;
4229 }
4230
4231 if((nwritten < numtowrite) && (numtowrite != 0)) {
4232 reply_nterror(req, NT_STATUS_DISK_FULL);
4233 goto strict_unlock;
4234 }
4235
4236 if (numtowrite && !fsp->print_file) {
4237 status = do_unlock(req->sconn->msg_ctx,
4238 fsp,
4239 (uint64_t)req->smbpid,
4240 (uint64_t)numtowrite,
4241 (uint64_t)startpos,
4242 WINDOWS_LOCK);
4243
4244 if (NT_STATUS_V(status)) {
4245 reply_nterror(req, status);
4246 goto strict_unlock;
4247 }
4248 }
4249
4250 reply_outbuf(req, 1, 0);
4251
4252 SSVAL(req->outbuf,smb_vwv0,nwritten);
4253
4254 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4255 fsp->fnum, (int)numtowrite, (int)nwritten));
4256
4257 strict_unlock:
4258 if (numtowrite && !fsp->print_file) {
4259 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4260 }
4261
4262 END_PROFILE(SMBwriteunlock);
4263 return;
4264 }
4265
4266 #undef DBGC_CLASS
4267 #define DBGC_CLASS DBGC_ALL
4268
4269 /****************************************************************************
4270 Reply to a write.
4271 ****************************************************************************/
4272
4273 void reply_write(struct smb_request *req)
4274 {
4275 connection_struct *conn = req->conn;
4276 size_t numtowrite;
4277 ssize_t nwritten = -1;
4278 SMB_OFF_T startpos;
4279 const char *data;
4280 files_struct *fsp;
4281 struct lock_struct lock;
4282 NTSTATUS status;
4283 int saved_errno = 0;
4284
4285 START_PROFILE(SMBwrite);
4286
4287 if (req->wct < 5) {
4288 END_PROFILE(SMBwrite);
4289 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4290 return;
4291 }
4292
4293 /* If it's an IPC, pass off the pipe handler. */
4294 if (IS_IPC(conn)) {
4295 reply_pipe_write(req);
4296 END_PROFILE(SMBwrite);
4297 return;
4298 }
4299
4300 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4301
4302 if (!check_fsp(conn, req, fsp)) {
4303 END_PROFILE(SMBwrite);
4304 return;
4305 }
4306
4307 if (!CHECK_WRITE(fsp)) {
4308 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4309 END_PROFILE(SMBwrite);
4310 return;
4311 }
4312
4313 numtowrite = SVAL(req->vwv+1, 0);
4314 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4315 data = (const char *)req->buf + 3;
4316
4317 if (!fsp->print_file) {
4318 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4319 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4320 &lock);
4321
4322 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4323 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4324 END_PROFILE(SMBwrite);
4325 return;
4326 }
4327 }
4328
4329 /*
4330 * X/Open SMB protocol says that if smb_vwv1 is
4331 * zero then the file size should be extended or
4332 * truncated to the size given in smb_vwv[2-3].
4333 */
4334
4335 if(numtowrite == 0) {
4336 /*
4337 * This is actually an allocate call, and set EOF. JRA.
4338 */
4339 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4340 if (nwritten < 0) {
4341 reply_nterror(req, NT_STATUS_DISK_FULL);
4342 goto strict_unlock;
4343 }
4344 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4345 if (nwritten < 0) {
4346 reply_nterror(req, NT_STATUS_DISK_FULL);
4347 goto strict_unlock;
4348 }
4349 trigger_write_time_update_immediate(fsp);
4350 } else {
4351 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4352 }
4353
4354 status = sync_file(conn, fsp, False);
4355 if (!NT_STATUS_IS_OK(status)) {
4356 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4357 fsp_str_dbg(fsp), nt_errstr(status)));
4358 reply_nterror(req, status);
4359 goto strict_unlock;
4360 }
4361
4362 if(nwritten < 0) {
4363 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4364 goto strict_unlock;
4365 }
4366
4367 if((nwritten == 0) && (numtowrite != 0)) {
4368 reply_nterror(req, NT_STATUS_DISK_FULL);
4369 goto strict_unlock;
4370 }
4371
4372 reply_outbuf(req, 1, 0);
4373
4374 SSVAL(req->outbuf,smb_vwv0,nwritten);
4375
4376 if (nwritten < (ssize_t)numtowrite) {
4377 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4378 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4379 }
4380
4381 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4382
4383 strict_unlock:
4384 if (!fsp->print_file) {
4385 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4386 }
4387
4388 END_PROFILE(SMBwrite);
4389 return;
4390 }
4391
4392 /****************************************************************************
4393 Ensure a buffer is a valid writeX for recvfile purposes.
4394 ****************************************************************************/
4395
4396 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4397 (2*14) + /* word count (including bcc) */ \
4398 1 /* pad byte */)
4399
4400 bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
4401 const uint8_t *inbuf)
4402 {
4403 size_t numtowrite;
4404 connection_struct *conn = NULL;
4405 unsigned int doff = 0;
4406 size_t len = smb_len_large(inbuf);
4407
4408 if (is_encrypted_packet(inbuf)) {
4409 /* Can't do this on encrypted
4410 * connections. */
4411 return false;
4412 }
4413
4414 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4415 return false;
4416 }
4417
4418 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4419 CVAL(inbuf,smb_wct) != 14) {
4420 DEBUG(10,("is_valid_writeX_buffer: chained or "
4421 "invalid word length.\n"));
4422 return false;
4423 }
4424
4425 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4426 if (conn == NULL) {
4427 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4428 return false;
4429 }
4430 if (IS_IPC(conn)) {
4431 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4432 return false;
4433 }
4434 if (IS_PRINT(conn)) {
4435 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4436 return false;
4437 }
4438 doff = SVAL(inbuf,smb_vwv11);
4439
4440 numtowrite = SVAL(inbuf,smb_vwv10);
4441
4442 if (len > doff && len - doff > 0xFFFF) {
4443 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4444 }
4445
4446 if (numtowrite == 0) {
4447 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4448 return false;
4449 }
4450
4451 /* Ensure the sizes match up. */
4452 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4453 /* no pad byte...old smbclient :-( */
4454 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4455 (unsigned int)doff,
4456 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4457 return false;
4458 }
4459
4460 if (len - doff != numtowrite) {
4461 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4462 "len = %u, doff = %u, numtowrite = %u\n",
4463 (unsigned int)len,
4464 (unsigned int)doff,
4465 (unsigned int)numtowrite ));
4466 return false;
4467 }
4468
4469 DEBUG(10,("is_valid_writeX_buffer: true "
4470 "len = %u, doff = %u, numtowrite = %u\n",
4471 (unsigned int)len,
4472 (unsigned int)doff,
4473 (unsigned int)numtowrite ));
4474
4475 return true;
4476 }
4477
4478 /****************************************************************************
4479 Reply to a write and X.
4480 ****************************************************************************/
4481
4482 void reply_write_and_X(struct smb_request *req)
4483 {
4484 connection_struct *conn = req->conn;
4485 files_struct *fsp;
4486 struct lock_struct lock;
4487 SMB_OFF_T startpos;
4488 size_t numtowrite;
4489 bool write_through;
4490 ssize_t nwritten;
4491 unsigned int smb_doff;
4492 unsigned int smblen;
4493 char *data;
4494 NTSTATUS status;
4495 int saved_errno = 0;
4496
4497 START_PROFILE(SMBwriteX);
4498
4499 if ((req->wct != 12) && (req->wct != 14)) {
4500 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4501 END_PROFILE(SMBwriteX);
4502 return;
4503 }
4504
4505 numtowrite = SVAL(req->vwv+10, 0);
4506 smb_doff = SVAL(req->vwv+11, 0);
4507 smblen = smb_len(req->inbuf);
4508
4509 if (req->unread_bytes > 0xFFFF ||
4510 (smblen > smb_doff &&
4511 smblen - smb_doff > 0xFFFF)) {
4512 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4513 }
4514
4515 if (req->unread_bytes) {
4516 /* Can't do a recvfile write on IPC$ */
4517 if (IS_IPC(conn)) {
4518 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4519 END_PROFILE(SMBwriteX);
4520 return;
4521 }
4522 if (numtowrite != req->unread_bytes) {
4523 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4524 END_PROFILE(SMBwriteX);
4525 return;
4526 }
4527 } else {
4528 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4529 smb_doff + numtowrite > smblen) {
4530 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4531 END_PROFILE(SMBwriteX);
4532 return;
4533 }
4534 }
4535
4536 /* If it's an IPC, pass off the pipe handler. */
4537 if (IS_IPC(conn)) {
4538 if (req->unread_bytes) {
4539 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4540 END_PROFILE(SMBwriteX);
4541 return;
4542 }
4543 reply_pipe_write_and_X(req);
4544 END_PROFILE(SMBwriteX);
4545 return;
4546 }
4547
4548 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4549 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4550 write_through = BITSETW(req->vwv+7,0);
4551
4552 if (!check_fsp(conn, req, fsp)) {
4553 END_PROFILE(SMBwriteX);
4554 return;
4555 }
4556
4557 if (!CHECK_WRITE(fsp)) {
4558 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4559 END_PROFILE(SMBwriteX);
4560 return;
4561 }
4562
4563 data = smb_base(req->inbuf) + smb_doff;
4564
4565 if(req->wct == 14) {
4566 #ifdef LARGE_SMB_OFF_T
4567 /*
4568 * This is a large offset (64 bit) write.
4569 */
4570 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4571
4572 #else /* !LARGE_SMB_OFF_T */
4573
4574 /*
4575 * Ensure we haven't been sent a >32 bit offset.
4576 */
4577
4578 if(IVAL(req->vwv+12, 0) != 0) {
4579 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4580 "used and we don't support 64 bit offsets.\n",
4581 (unsigned int)IVAL(req->vwv+12, 0) ));
4582 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4583 END_PROFILE(SMBwriteX);
4584 return;
4585 }
4586
4587 #endif /* LARGE_SMB_OFF_T */
4588 }
4589
4590 /* X/Open SMB protocol says that, unlike SMBwrite
4591 if the length is zero then NO truncation is
4592 done, just a write of zero. To truncate a file,
4593 use SMBwrite. */
4594
4595 if(numtowrite == 0) {
4596 nwritten = 0;
4597 } else {
4598 if (req->unread_bytes == 0) {
4599 status = schedule_aio_write_and_X(conn,
4600 req,
4601 fsp,
4602 data,
4603 startpos,
4604 numtowrite);
4605
4606 if (NT_STATUS_IS_OK(status)) {
4607 /* write scheduled - we're done. */
4608 goto out;
4609 }
4610 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4611 /* Real error - report to client. */
4612 reply_nterror(req, status);
4613 goto out;
4614 }
4615 /* NT_STATUS_RETRY - fall through to sync write. */
4616 }
4617
4618 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4619 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4620 &lock);
4621
4622 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4623 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4624 goto out;
4625 }
4626
4627 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4628 saved_errno = errno;
4629
4630 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4631 }
4632
4633 if(nwritten < 0) {
4634 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4635 goto out;
4636 }
4637
4638 if((nwritten == 0) && (numtowrite != 0)) {
4639 reply_nterror(req, NT_STATUS_DISK_FULL);
4640 goto out;
4641 }
4642
4643 reply_outbuf(req, 6, 0);
4644 SSVAL(req->outbuf,smb_vwv2,nwritten);
4645 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4646
4647 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4648 fsp->fnum, (int)numtowrite, (int)nwritten));
4649
4650 status = sync_file(conn, fsp, write_through);
4651 if (!NT_STATUS_IS_OK(status)) {
4652 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4653 fsp_str_dbg(fsp), nt_errstr(status)));
4654 reply_nterror(req, status);
4655 goto out;
4656 }
4657
4658 END_PROFILE(SMBwriteX);
4659 chain_reply(req);
4660 return;
4661
4662 out:
4663 END_PROFILE(SMBwriteX);
4664 return;
4665 }
4666
4667 /****************************************************************************
4668 Reply to a lseek.
4669 ****************************************************************************/
4670
4671 void reply_lseek(struct smb_request *req)
4672 {
4673 connection_struct *conn = req->conn;
4674 SMB_OFF_T startpos;
4675 SMB_OFF_T res= -1;
4676 int mode,umode;
4677 files_struct *fsp;
4678
4679 START_PROFILE(SMBlseek);
4680
4681 if (req->wct < 4) {
4682 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4683 END_PROFILE(SMBlseek);
4684 return;
4685 }
4686
4687 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4688
4689 if (!check_fsp(conn, req, fsp)) {
4690 return;
4691 }
4692
4693 flush_write_cache(fsp, SEEK_FLUSH);
4694
4695 mode = SVAL(req->vwv+1, 0) & 3;
4696 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4697 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4698
4699 switch (mode) {
4700 case 0:
4701 umode = SEEK_SET;
4702 res = startpos;
4703 break;
4704 case 1:
4705 umode = SEEK_CUR;
4706 res = fsp->fh->pos + startpos;
4707 break;
4708 case 2:
4709 umode = SEEK_END;
4710 break;
4711 default:
4712 umode = SEEK_SET;
4713 res = startpos;
4714 break;
4715 }
4716
4717 if (umode == SEEK_END) {
4718 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4719 if(errno == EINVAL) {
4720 SMB_OFF_T current_pos = startpos;
4721
4722 if(fsp_stat(fsp) == -1) {
4723 reply_nterror(req,
4724 map_nt_error_from_unix(errno));
4725 END_PROFILE(SMBlseek);
4726 return;
4727 }
4728
4729 current_pos += fsp->fsp_name->st.st_ex_size;
4730 if(current_pos < 0)
4731 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4732 }
4733 }
4734
4735 if(res == -1) {
4736 reply_nterror(req, map_nt_error_from_unix(errno));
4737 END_PROFILE(SMBlseek);
4738 return;
4739 }
4740 }
4741
4742 fsp->fh->pos = res;
4743
4744 reply_outbuf(req, 2, 0);
4745 SIVAL(req->outbuf,smb_vwv0,res);
4746
4747 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4748 fsp->fnum, (double)startpos, (double)res, mode));
4749
4750 END_PROFILE(SMBlseek);
4751 return;
4752 }
4753
4754 /****************************************************************************
4755 Reply to a flush.
4756 ****************************************************************************/
4757
4758 void reply_flush(struct smb_request *req)
4759 {
4760 connection_struct *conn = req->conn;
4761 uint16 fnum;
4762 files_struct *fsp;
4763
4764 START_PROFILE(SMBflush);
4765
4766 if (req->wct < 1) {
4767 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4768 return;
4769 }
4770
4771 fnum = SVAL(req->vwv+0, 0);
4772 fsp = file_fsp(req, fnum);
4773
4774 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4775 return;
4776 }
4777
4778 if (!fsp) {
4779 file_sync_all(conn);
4780 } else {
4781 NTSTATUS status = sync_file(conn, fsp, True);
4782 if (!NT_STATUS_IS_OK(status)) {
4783 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4784 fsp_str_dbg(fsp), nt_errstr(status)));
4785 reply_nterror(req, status);
4786 END_PROFILE(SMBflush);
4787 return;
4788 }
4789 }
4790
4791 reply_outbuf(req, 0, 0);
4792
4793 DEBUG(3,("flush\n"));
4794 END_PROFILE(SMBflush);
4795 return;
4796 }
4797
4798 /****************************************************************************
4799 Reply to a exit.
4800 conn POINTER CAN BE NULL HERE !
4801 ****************************************************************************/
4802
4803 void reply_exit(struct smb_request *req)
4804 {
4805 START_PROFILE(SMBexit);
4806
4807 file_close_pid(req->sconn, req->smbpid, req->vuid);
4808
4809 reply_outbuf(req, 0, 0);
4810
4811 DEBUG(3,("exit\n"));
4812
4813 END_PROFILE(SMBexit);
4814 return;
4815 }
4816
4817 /****************************************************************************
4818 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4819 ****************************************************************************/
4820
4821 void reply_close(struct smb_request *req)
4822 {
4823 connection_struct *conn = req->conn;
4824 NTSTATUS status = NT_STATUS_OK;
4825 files_struct *fsp = NULL;
4826 START_PROFILE(SMBclose);
4827
4828 if (req->wct < 3) {
4829 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4830 END_PROFILE(SMBclose);
4831 return;
4832 }
4833
4834 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4835
4836 /*
4837 * We can only use check_fsp if we know it's not a directory.
4838 */
4839
4840 if (!check_fsp_open(conn, req, fsp)) {
4841 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
4842 END_PROFILE(SMBclose);
4843 return;
4844 }
4845
4846 if(fsp->is_directory) {
4847 /*
4848 * Special case - close NT SMB directory handle.
4849 */
4850 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4851 status = close_file(req, fsp, NORMAL_CLOSE);
4852 } else {
4853 time_t t;
4854 /*
4855 * Close ordinary file.
4856 */
4857
4858 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4859 fsp->fh->fd, fsp->fnum,
4860 conn->num_files_open));
4861
4862 /*
4863 * Take care of any time sent in the close.
4864 */
4865
4866 t = srv_make_unix_date3(req->vwv+1);
4867 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4868
4869 /*
4870 * close_file() returns the unix errno if an error
4871 * was detected on close - normally this is due to
4872 * a disk full error. If not then it was probably an I/O error.
4873 */
4874
4875 status = close_file(req, fsp, NORMAL_CLOSE);
4876 }
4877
4878 if (!NT_STATUS_IS_OK(status)) {
4879 reply_nterror(req, status);
4880 END_PROFILE(SMBclose);
4881 return;
4882 }
4883
4884 reply_outbuf(req, 0, 0);
4885 END_PROFILE(SMBclose);
4886 return;
4887 }
4888
4889 /****************************************************************************
4890 Reply to a writeclose (Core+ protocol).
4891 ****************************************************************************/
4892
4893 void reply_writeclose(struct smb_request *req)
4894 {
4895 connection_struct *conn = req->conn;
4896 size_t numtowrite;
4897 ssize_t nwritten = -1;
4898 NTSTATUS close_status = NT_STATUS_OK;
4899 SMB_OFF_T startpos;
4900 const char *data;
4901 struct timespec mtime;
4902 files_struct *fsp;
4903 struct lock_struct lock;
4904
4905 START_PROFILE(SMBwriteclose);
4906
4907 if (req->wct < 6) {
4908 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4909 END_PROFILE(SMBwriteclose);
4910 return;
4911 }
4912
4913 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4914
4915 if (!check_fsp(conn, req, fsp)) {
4916 END_PROFILE(SMBwriteclose);
4917 return;
4918 }
4919 if (!CHECK_WRITE(fsp)) {
4920 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4921 END_PROFILE(SMBwriteclose);
4922 return;
4923 }
4924
4925 numtowrite = SVAL(req->vwv+1, 0);
4926 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4927 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4928 data = (const char *)req->buf + 1;
4929
4930 if (!fsp->print_file) {
4931 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4932 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4933 &lock);
4934
4935 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4936 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4937 END_PROFILE(SMBwriteclose);
4938 return;
4939 }
4940 }
4941
4942 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4943
4944 set_close_write_time(fsp, mtime);
4945
4946 /*
4947 * More insanity. W2K only closes the file if writelen > 0.
4948 * JRA.
4949 */
4950
4951 if (numtowrite) {
4952 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4953 "file %s\n", fsp_str_dbg(fsp)));
4954 close_status = close_file(req, fsp, NORMAL_CLOSE);
4955 }
4956
4957 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4958 fsp->fnum, (int)numtowrite, (int)nwritten,
4959 conn->num_files_open));
4960
4961 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4962 reply_nterror(req, NT_STATUS_DISK_FULL);
4963 goto strict_unlock;
4964 }
4965
4966 if(!NT_STATUS_IS_OK(close_status)) {
4967 reply_nterror(req, close_status);
4968 goto strict_unlock;
4969 }
4970
4971 reply_outbuf(req, 1, 0);
4972
4973 SSVAL(req->outbuf,smb_vwv0,nwritten);
4974
4975 strict_unlock:
4976 if (numtowrite && !fsp->print_file) {
4977 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4978 }
4979
4980 END_PROFILE(SMBwriteclose);
4981 return;
4982 }
4983
4984 #undef DBGC_CLASS
4985 #define DBGC_CLASS DBGC_LOCKING
4986
4987 /****************************************************************************
4988 Reply to a lock.
4989 ****************************************************************************/
4990
4991 void reply_lock(struct smb_request *req)
4992 {
4993 connection_struct *conn = req->conn;
4994 uint64_t count,offset;
4995 NTSTATUS status;
4996 files_struct *fsp;
4997 struct byte_range_lock *br_lck = NULL;
4998
4999 START_PROFILE(SMBlock);
5000
5001 if (req->wct < 5) {
5002 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5003 END_PROFILE(SMBlock);
5004 return;
5005 }
5006
5007 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5008
5009 if (!check_fsp(conn, req, fsp)) {
5010 END_PROFILE(SMBlock);
5011 return;
5012 }
5013
5014 count = (uint64_t)IVAL(req->vwv+1, 0);
5015 offset = (uint64_t)IVAL(req->vwv+3, 0);
5016
5017 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
5018 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
5019
5020 br_lck = do_lock(req->sconn->msg_ctx,
5021 fsp,
5022 (uint64_t)req->smbpid,
5023 count,
5024 offset,
5025 WRITE_LOCK,
5026 WINDOWS_LOCK,
5027 False, /* Non-blocking lock. */
5028 &status,
5029 NULL,
5030 NULL);
5031
5032 TALLOC_FREE(br_lck);
5033
5034 if (NT_STATUS_V(status)) {
5035 reply_nterror(req, status);
5036 END_PROFILE(SMBlock);
5037 return;
5038 }
5039
5040 reply_outbuf(req, 0, 0);
5041
5042 END_PROFILE(SMBlock);
5043 return;
5044 }
5045
5046 /****************************************************************************
5047 Reply to a unlock.
5048 ****************************************************************************/
5049
5050 void reply_unlock(struct smb_request *req)
5051 {
5052 connection_struct *conn = req->conn;
5053 uint64_t count,offset;
5054 NTSTATUS status;
5055 files_struct *fsp;
5056
5057 START_PROFILE(SMBunlock);
5058
5059 if (req->wct < 5) {
5060 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5061 END_PROFILE(SMBunlock);
5062 return;
5063 }
5064
5065 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5066
5067 if (!check_fsp(conn, req, fsp)) {
5068 END_PROFILE(SMBunlock);
5069 return;
5070 }
5071
5072 count = (uint64_t)IVAL(req->vwv+1, 0);
5073 offset = (uint64_t)IVAL(req->vwv+3, 0);
5074
5075 status = do_unlock(req->sconn->msg_ctx,
5076 fsp,
5077 (uint64_t)req->smbpid,
5078 count,
5079 offset,
5080 WINDOWS_LOCK);
5081
5082 if (NT_STATUS_V(status)) {
5083 reply_nterror(req, status);
5084 END_PROFILE(SMBunlock);
5085 return;
5086 }
5087
5088 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
5089 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
5090
5091 reply_outbuf(req, 0, 0);
5092
5093 END_PROFILE(SMBunlock);
5094 return;
5095 }
5096
5097 #undef DBGC_CLASS
5098 #define DBGC_CLASS DBGC_ALL
5099
5100 /****************************************************************************
5101 Reply to a tdis.
5102 conn POINTER CAN BE NULL HERE !
5103 ****************************************************************************/
5104
5105 void reply_tdis(struct smb_request *req)
5106 {
5107 connection_struct *conn = req->conn;
5108 START_PROFILE(SMBtdis);
5109
5110 if (!conn) {
5111 DEBUG(4,("Invalid connection in tdis\n"));
5112 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
5113 END_PROFILE(SMBtdis);
5114 return;
5115 }
5116
5117 conn->used = False;
5118
5119 close_cnum(conn,req->vuid);
5120 req->conn = NULL;
5121
5122 reply_outbuf(req, 0, 0);
5123 END_PROFILE(SMBtdis);
5124 return;
5125 }
5126
5127 /****************************************************************************
5128 Reply to a echo.
5129 conn POINTER CAN BE NULL HERE !
5130 ****************************************************************************/
5131
5132 void reply_echo(struct smb_request *req)
5133 {
5134 connection_struct *conn = req->conn;
5135 struct smb_perfcount_data local_pcd;
5136 struct smb_perfcount_data *cur_pcd;
5137 int smb_reverb;
5138 int seq_num;
5139
5140 START_PROFILE(SMBecho);
5141
5142 smb_init_perfcount_data(&local_pcd);
5143
5144 if (req->wct < 1) {
5145 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5146 END_PROFILE(SMBecho);
5147 return;
5148 }
5149
5150 smb_reverb = SVAL(req->vwv+0, 0);
5151
5152 reply_outbuf(req, 1, req->buflen);
5153
5154 /* copy any incoming data back out */
5155 if (req->buflen > 0) {
5156 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5157 }
5158
5159 if (smb_reverb > 100) {
5160 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5161 smb_reverb = 100;
5162 }
5163
5164 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5165
5166 /* this makes sure we catch the request pcd */
5167 if (seq_num == smb_reverb) {
5168 cur_pcd = &req->pcd;
5169 } else {
5170 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5171 cur_pcd = &local_pcd;
5172 }
5173
5174 SSVAL(req->outbuf,smb_vwv0,seq_num);
5175
5176 show_msg((char *)req->outbuf);
5177 if (!srv_send_smb(req->sconn,
5178 (char *)req->outbuf,
5179 true, req->seqnum+1,
5180 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5181 cur_pcd))
5182 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5183 }
5184
5185 DEBUG(3,("echo %d times\n", smb_reverb));
5186
5187 TALLOC_FREE(req->outbuf);
5188
5189 END_PROFILE(SMBecho);
5190 return;
5191 }
5192
5193 /****************************************************************************
5194 Reply to a printopen.
5195 ****************************************************************************/
5196
5197 void reply_printopen(struct smb_request *req)
5198 {
5199 connection_struct *conn = req->conn;
5200 files_struct *fsp;
5201 NTSTATUS status;
5202
5203 START_PROFILE(SMBsplopen);
5204
5205 if (req->wct < 2) {
5206 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5207 END_PROFILE(SMBsplopen);
5208 return;
5209 }
5210
5211 if (!CAN_PRINT(conn)) {
5212 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5213 END_PROFILE(SMBsplopen);
5214 return;
5215 }
5216
5217 status = file_new(req, conn, &fsp);
5218 if(!NT_STATUS_IS_OK(status)) {
5219 reply_nterror(req, status);
5220 END_PROFILE(SMBsplopen);
5221 return;
5222 }
5223
5224 /* Open for exclusive use, write only. */
5225 status = print_spool_open(fsp, NULL, req->vuid);
5226
5227 if (!NT_STATUS_IS_OK(status)) {
5228 file_free(req, fsp);
5229 reply_nterror(req, status);
5230 END_PROFILE(SMBsplopen);
5231 return;
5232 }
5233
5234 reply_outbuf(req, 1, 0);
5235 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5236
5237 DEBUG(3,("openprint fd=%d fnum=%d\n",
5238 fsp->fh->fd, fsp->fnum));
5239
5240 END_PROFILE(SMBsplopen);
5241 return;
5242 }
5243
5244 /****************************************************************************
5245 Reply to a printclose.
5246 ****************************************************************************/
5247
5248 void reply_printclose(struct smb_request *req)
5249 {
5250 connection_struct *conn = req->conn;
5251 files_struct *fsp;
5252 NTSTATUS status;
5253
5254 START_PROFILE(SMBsplclose);
5255
5256 if (req->wct < 1) {
5257 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5258 END_PROFILE(SMBsplclose);
5259 return;
5260 }
5261
5262 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5263
5264 if (!check_fsp(conn, req, fsp)) {
5265 END_PROFILE(SMBsplclose);
5266 return;
5267 }
5268
5269 if (!CAN_PRINT(conn)) {
5270 reply_force_doserror(req, ERRSRV, ERRerror);
5271 END_PROFILE(SMBsplclose);
5272 return;
5273 }
5274
5275 DEBUG(3,("printclose fd=%d fnum=%d\n",
5276 fsp->fh->fd,fsp->fnum));
5277
5278 status = close_file(req, fsp, NORMAL_CLOSE);
5279
5280 if(!NT_STATUS_IS_OK(status)) {
5281 reply_nterror(req, status);
5282 END_PROFILE(SMBsplclose);
5283 return;
5284 }
5285
5286 reply_outbuf(req, 0, 0);
5287
5288 END_PROFILE(SMBsplclose);
5289 return;
5290 }
5291
5292 /****************************************************************************
5293 Reply to a printqueue.
5294 ****************************************************************************/
5295
5296 void reply_printqueue(struct smb_request *req)
5297 {
5298 connection_struct *conn = req->conn;
5299 int max_count;
5300 int start_index;
5301
5302 START_PROFILE(SMBsplretq);
5303
5304 if (req->wct < 2) {
5305 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5306 END_PROFILE(SMBsplretq);
5307 return;
5308 }
5309
5310 max_count = SVAL(req->vwv+0, 0);
5311 start_index = SVAL(req->vwv+1, 0);
5312
5313 /* we used to allow the client to get the cnum wrong, but that
5314 is really quite gross and only worked when there was only
5315 one printer - I think we should now only accept it if they
5316 get it right (tridge) */
5317 if (!CAN_PRINT(conn)) {
5318 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5319 END_PROFILE(SMBsplretq);
5320 return;
5321 }
5322
5323 reply_outbuf(req, 2, 3);
5324 SSVAL(req->outbuf,smb_vwv0,0);
5325 SSVAL(req->outbuf,smb_vwv1,0);
5326 SCVAL(smb_buf(req->outbuf),0,1);
5327 SSVAL(smb_buf(req->outbuf),1,0);
5328
5329 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5330 start_index, max_count));
5331
5332 {
5333 TALLOC_CTX *mem_ctx = talloc_tos();
5334 NTSTATUS status;
5335 WERROR werr;
5336 const char *sharename = lp_servicename(SNUM(conn));
5337 struct rpc_pipe_client *cli = NULL;
5338 struct dcerpc_binding_handle *b = NULL;
5339 struct policy_handle handle;
5340 struct spoolss_DevmodeContainer devmode_ctr;
5341 union spoolss_JobInfo *info;
5342 uint32_t count;
5343 uint32_t num_to_get;
5344 uint32_t first;
5345 uint32_t i;
5346
5347 ZERO_STRUCT(handle);
5348
5349 status = rpc_pipe_open_interface(conn,
5350 &ndr_table_spoolss.syntax_id,
5351 conn->session_info,
5352 &conn->sconn->client_id,
5353 conn->sconn->msg_ctx,
5354 &cli);
5355 if (!NT_STATUS_IS_OK(status)) {
5356 DEBUG(0, ("reply_printqueue: "
5357 "could not connect to spoolss: %s\n",
5358 nt_errstr(status)));
5359 reply_nterror(req, status);
5360 goto out;
5361 }
5362 b = cli->binding_handle;
5363
5364 ZERO_STRUCT(devmode_ctr);
5365
5366 status = dcerpc_spoolss_OpenPrinter(b, mem_ctx,
5367 sharename,
5368 NULL, devmode_ctr,
5369 SEC_FLAG_MAXIMUM_ALLOWED,
5370 &handle,
5371 &werr);
5372 if (!NT_STATUS_IS_OK(status)) {
5373 reply_nterror(req, status);
5374 goto out;
5375 }
5376 if (!W_ERROR_IS_OK(werr)) {
5377 reply_nterror(req, werror_to_ntstatus(werr));
5378 goto out;
5379 }
5380
5381 werr = rpccli_spoolss_enumjobs(cli, mem_ctx,
5382 &handle,
5383 0, /* firstjob */
5384 0xff, /* numjobs */
5385 2, /* level */
5386 0, /* offered */
5387 &count,
5388 &info);
5389 if (!W_ERROR_IS_OK(werr)) {
5390 reply_nterror(req, werror_to_ntstatus(werr));
5391 goto out;
5392 }
5393
5394 if (max_count > 0) {
5395 first = start_index;
5396 } else {
5397 first = start_index + max_count + 1;
5398 }
5399
5400 if (first >= count) {
5401 num_to_get = first;
5402 } else {
5403 num_to_get = first + MIN(ABS(max_count), count - first);
5404 }
5405
5406 for (i = first; i < num_to_get; i++) {
5407 char blob[28];
5408 char *p = blob;
5409 time_t qtime = spoolss_Time_to_time_t(&info[i].info2.submitted);
5410 int qstatus;
5411 uint16_t qrapjobid = pjobid_to_rap(sharename,
5412 info[i].info2.job_id);
5413
5414 if (info[i].info2.status == JOB_STATUS_PRINTING) {
5415 qstatus = 2;
5416 } else {
5417 qstatus = 3;
5418 }
5419
5420 srv_put_dos_date2(p, 0, qtime);
5421 SCVAL(p, 4, qstatus);
5422 SSVAL(p, 5, qrapjobid);
5423 SIVAL(p, 7, info[i].info2.size);
5424 SCVAL(p, 11, 0);
5425 srvstr_push(blob, req->flags2, p+12,
5426 info[i].info2.notify_name, 16, STR_ASCII);
5427
5428 if (message_push_blob(
5429 &req->outbuf,
5430 data_blob_const(
5431 blob, sizeof(blob))) == -1) {
5432 reply_nterror(req, NT_STATUS_NO_MEMORY);
5433 goto out;
5434 }
5435 }
5436
5437 if (count > 0) {
5438 SSVAL(req->outbuf,smb_vwv0,count);
5439 SSVAL(req->outbuf,smb_vwv1,
5440 (max_count>0?first+count:first-1));
5441 SCVAL(smb_buf(req->outbuf),0,1);
5442 SSVAL(smb_buf(req->outbuf),1,28*count);
5443 }
5444
5445
5446 DEBUG(3, ("%u entries returned in queue\n",
5447 (unsigned)count));
5448
5449 out:
5450 if (b && is_valid_policy_hnd(&handle)) {
5451 dcerpc_spoolss_ClosePrinter(b, mem_ctx, &handle, &werr);
5452 }
5453
5454 }
5455
5456 END_PROFILE(SMBsplretq);
5457 return;
5458 }
5459
5460 /****************************************************************************
5461 Reply to a printwrite.
5462 ****************************************************************************/
5463
5464 void reply_printwrite(struct smb_request *req)
5465 {
5466 connection_struct *conn = req->conn;
5467 int numtowrite;
5468 const char *data;
5469 files_struct *fsp;
5470
5471 START_PROFILE(SMBsplwr);
5472
5473 if (req->wct < 1) {
5474 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5475 END_PROFILE(SMBsplwr);
5476 return;
5477 }
5478
5479 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5480
5481 if (!check_fsp(conn, req, fsp)) {
5482 END_PROFILE(SMBsplwr);
5483 return;
5484 }
5485
5486 if (!fsp->print_file) {
5487 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5488 END_PROFILE(SMBsplwr);
5489 return;
5490 }
5491
5492 if (!CHECK_WRITE(fsp)) {
5493 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5494 END_PROFILE(SMBsplwr);
5495 return;
5496 }
5497
5498 numtowrite = SVAL(req->buf, 1);
5499
5500 if (req->buflen < numtowrite + 3) {
5501 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5502 END_PROFILE(SMBsplwr);
5503 return;
5504 }
5505
5506 data = (const char *)req->buf + 3;
5507
5508 if (write_file(req,fsp,data,(SMB_OFF_T)-1,numtowrite) != numtowrite) {
5509 reply_nterror(req, map_nt_error_from_unix(errno));
5510 END_PROFILE(SMBsplwr);
5511 return;
5512 }
5513
5514 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5515
5516 END_PROFILE(SMBsplwr);
5517 return;
5518 }
5519
5520 /****************************************************************************
5521 Reply to a mkdir.
5522 ****************************************************************************/
5523
5524 void reply_mkdir(struct smb_request *req)
5525 {
5526 connection_struct *conn = req->conn;
5527 struct smb_filename *smb_dname = NULL;
5528 char *directory = NULL;
5529 NTSTATUS status;
5530 TALLOC_CTX *ctx = talloc_tos();
5531
5532 START_PROFILE(SMBmkdir);
5533
5534 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5535 STR_TERMINATE, &status);
5536 if (!NT_STATUS_IS_OK(status)) {
5537 reply_nterror(req, status);
5538 goto out;
5539 }
5540
5541 status = filename_convert(ctx, conn,
5542 req->flags2 & FLAGS2_DFS_PATHNAMES,
5543 directory,
5544 UCF_CREATING_FILE,
5545 NULL,
5546 &smb_dname);
5547 if (!NT_STATUS_IS_OK(status)) {
5548 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5549 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5550 ERRSRV, ERRbadpath);
5551 goto out;
5552 }
5553 reply_nterror(req, status);
5554 goto out;
5555 }
5556
5557 status = create_directory(conn, req, smb_dname);
5558
5559 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5560
5561 if (!NT_STATUS_IS_OK(status)) {
5562
5563 if (!use_nt_status()
5564 && NT_STATUS_EQUAL(status,
5565 NT_STATUS_OBJECT_NAME_COLLISION)) {
5566 /*
5567 * Yes, in the DOS error code case we get a
5568 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5569 * samba4 torture test.
5570 */
5571 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5572 }
5573
5574 reply_nterror(req, status);
5575 goto out;
5576 }
5577
5578 reply_outbuf(req, 0, 0);
5579
5580 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5581 out:
5582 TALLOC_FREE(smb_dname);
5583 END_PROFILE(SMBmkdir);
5584 return;
5585 }
5586
5587 /****************************************************************************
5588 Reply to a rmdir.
5589 ****************************************************************************/
5590
5591 void reply_rmdir(struct smb_request *req)
5592 {
5593 connection_struct *conn = req->conn;
5594 struct smb_filename *smb_dname = NULL;
5595 char *directory = NULL;
5596 NTSTATUS status;
5597 TALLOC_CTX *ctx = talloc_tos();
5598 files_struct *fsp = NULL;
5599 int info = 0;
5600 struct smbd_server_connection *sconn = req->sconn;
5601
5602 START_PROFILE(SMBrmdir);
5603
5604 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5605 STR_TERMINATE, &status);
5606 if (!NT_STATUS_IS_OK(status)) {
5607 reply_nterror(req, status);
5608 goto out;
5609 }
5610
5611 status = filename_convert(ctx, conn,
5612 req->flags2 & FLAGS2_DFS_PATHNAMES,
5613 directory,
5614 0,
5615 NULL,
5616 &smb_dname);
5617 if (!NT_STATUS_IS_OK(status)) {
5618 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5619 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5620 ERRSRV, ERRbadpath);
5621 goto out;
5622 }
5623 reply_nterror(req, status);
5624 goto out;
5625 }
5626
5627 if (is_ntfs_stream_smb_fname(smb_dname)) {
5628 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5629 goto out;
5630 }
5631
5632 status = SMB_VFS_CREATE_FILE(
5633 conn, /* conn */
5634 req, /* req */
5635 0, /* root_dir_fid */
5636 smb_dname, /* fname */
5637 DELETE_ACCESS, /* access_mask */
5638 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5639 FILE_SHARE_DELETE),
5640 FILE_OPEN, /* create_disposition*/
5641 FILE_DIRECTORY_FILE, /* create_options */
5642 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5643 0, /* oplock_request */
5644 0, /* allocation_size */
5645 0, /* private_flags */
5646 NULL, /* sd */
5647 NULL, /* ea_list */
5648 &fsp, /* result */
5649 &info); /* pinfo */
5650
5651 if (!NT_STATUS_IS_OK(status)) {
5652 if (open_was_deferred(req->mid)) {
5653 /* We have re-scheduled this call. */
5654 goto out;
5655 }
5656 reply_nterror(req, status);
5657 goto out;
5658 }
5659
5660 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5661 if (!NT_STATUS_IS_OK(status)) {
5662 close_file(req, fsp, ERROR_CLOSE);
5663 reply_nterror(req, status);
5664 goto out;
5665 }
5666
5667 if (!set_delete_on_close(fsp, true,
5668 conn->session_info->security_token,
5669 &conn->session_info->utok)) {
5670 close_file(req, fsp, ERROR_CLOSE);
5671 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5672 goto out;
5673 }
5674
5675 status = close_file(req, fsp, NORMAL_CLOSE);
5676 if (!NT_STATUS_IS_OK(status)) {
5677 reply_nterror(req, status);
5678 } else {
5679 reply_outbuf(req, 0, 0);
5680 }
5681
5682 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5683
5684 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5685 out:
5686 TALLOC_FREE(smb_dname);
5687 END_PROFILE(SMBrmdir);
5688 return;
5689 }
5690
5691 /*******************************************************************
5692 Resolve wildcards in a filename rename.
5693 ********************************************************************/
5694
5695 static bool resolve_wildcards(TALLOC_CTX *ctx,
5696 const char *name1,
5697 const char *name2,
5698 char **pp_newname)
5699 {
5700 char *name2_copy = NULL;
5701 char *root1 = NULL;
5702 char *root2 = NULL;
5703 char *ext1 = NULL;
5704 char *ext2 = NULL;
5705 char *p,*p2, *pname1, *pname2;
5706
5707 name2_copy = talloc_strdup(ctx, name2);
5708 if (!name2_copy) {
5709 return False;
5710 }
5711
5712 pname1 = strrchr_m(name1,'/');
5713 pname2 = strrchr_m(name2_copy,'/');
5714
5715 if (!pname1 || !pname2) {
5716 return False;
5717 }
5718
5719 /* Truncate the copy of name2 at the last '/' */
5720 *pname2 = '\0';
5721
5722 /* Now go past the '/' */
5723 pname1++;
5724 pname2++;
5725
5726 root1 = talloc_strdup(ctx, pname1);
5727 root2 = talloc_strdup(ctx, pname2);
5728
5729 if (!root1 || !root2) {
5730 return False;
5731 }
5732
5733 p = strrchr_m(root1,'.');
5734 if (p) {
5735 *p = 0;
5736 ext1 = talloc_strdup(ctx, p+1);
5737 } else {
5738 ext1 = talloc_strdup(ctx, "");
5739 }
5740 p = strrchr_m(root2,'.');
5741 if (p) {
5742 *p = 0;
5743 ext2 = talloc_strdup(ctx, p+1);
5744 } else {
5745 ext2 = talloc_strdup(ctx, "");
5746 }
5747
5748 if (!ext1 || !ext2) {
5749 return False;
5750 }
5751
5752 p = root1;
5753 p2 = root2;
5754 while (*p2) {
5755 if (*p2 == '?') {
5756 /* Hmmm. Should this be mb-aware ? */
5757 *p2 = *p;
5758 p2++;
5759 } else if (*p2 == '*') {
5760 *p2 = '\0';
5761 root2 = talloc_asprintf(ctx, "%s%s",
5762 root2,
5763 p);
5764 if (!root2) {
5765 return False;
5766 }
5767 break;
5768 } else {
5769 p2++;
5770 }
5771 if (*p) {
5772 p++;
5773 }
5774 }
5775
5776 p = ext1;
5777 p2 = ext2;
5778 while (*p2) {
5779 if (*p2 == '?') {
5780 /* Hmmm. Should this be mb-aware ? */
5781 *p2 = *p;
5782 p2++;
5783 } else if (*p2 == '*') {
5784 *p2 = '\0';
5785 ext2 = talloc_asprintf(ctx, "%s%s",
5786 ext2,
5787 p);
5788 if (!ext2) {
5789 return False;
5790 }
5791 break;
5792 } else {
5793 p2++;
5794 }
5795 if (*p) {
5796 p++;
5797 }
5798 }
5799
5800 if (*ext2) {
5801 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5802 name2_copy,
5803 root2,
5804 ext2);
5805 } else {
5806 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5807 name2_copy,
5808 root2);
5809 }
5810
5811 if (!*pp_newname) {
5812 return False;
5813 }
5814
5815 return True;
5816 }
5817
5818 /****************************************************************************
5819 Ensure open files have their names updated. Updated to notify other smbd's
5820 asynchronously.
5821 ****************************************************************************/
5822
5823 static void rename_open_files(connection_struct *conn,
5824 struct share_mode_lock *lck,
5825 uint32_t orig_name_hash,
5826 const struct smb_filename *smb_fname_dst)
5827 {
5828 files_struct *fsp;
5829 bool did_rename = False;
5830 NTSTATUS status;
5831 uint32_t new_name_hash;
5832
5833 for(fsp = file_find_di_first(conn->sconn, lck->id); fsp;
5834 fsp = file_find_di_next(fsp)) {
5835 /* fsp_name is a relative path under the fsp. To change this for other
5836 sharepaths we need to manipulate relative paths. */
5837 /* TODO - create the absolute path and manipulate the newname
5838 relative to the sharepath. */
5839 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5840 continue;
5841 }
5842 if (fsp->name_hash != orig_name_hash) {
5843 continue;
5844 }
5845 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5846 "(file_id %s) from %s -> %s\n", fsp->fnum,
5847 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5848 smb_fname_str_dbg(smb_fname_dst)));
5849
5850 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5851 if (NT_STATUS_IS_OK(status)) {
5852 did_rename = True;
5853 new_name_hash = fsp->name_hash;
5854 }
5855 }
5856
5857 if (!did_rename) {
5858 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5859 "for %s\n", file_id_string_tos(&lck->id),
5860 smb_fname_str_dbg(smb_fname_dst)));
5861 }
5862
5863 /* Send messages to all smbd's (not ourself) that the name has changed. */
5864 rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
5865 orig_name_hash, new_name_hash,
5866 smb_fname_dst);
5867
5868 }
5869
5870 /****************************************************************************
5871 We need to check if the source path is a parent directory of the destination
5872 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5873 refuse the rename with a sharing violation. Under UNIX the above call can
5874 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5875 probably need to check that the client is a Windows one before disallowing
5876 this as a UNIX client (one with UNIX extensions) can know the source is a
5877 symlink and make this decision intelligently. Found by an excellent bug
5878 report from <AndyLiebman@aol.com>.
5879 ****************************************************************************/
5880
5881 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5882 const struct smb_filename *smb_fname_dst)
5883 {
5884 const char *psrc = smb_fname_src->base_name;
5885 const char *pdst = smb_fname_dst->base_name;
5886 size_t slen;
5887
5888 if (psrc[0] == '.' && psrc[1] == '/') {
5889 psrc += 2;
5890 }
5891 if (pdst[0] == '.' && pdst[1] == '/') {
5892 pdst += 2;
5893 }
5894 if ((slen = strlen(psrc)) > strlen(pdst)) {
5895 return False;
5896 }
5897 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5898 }
5899
5900 /*
5901 * Do the notify calls from a rename
5902 */
5903
5904 static void notify_rename(connection_struct *conn, bool is_dir,
5905 const struct smb_filename *smb_fname_src,
5906 const struct smb_filename *smb_fname_dst)
5907 {
5908 char *parent_dir_src = NULL;
5909 char *parent_dir_dst = NULL;
5910 uint32 mask;
5911
5912 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5913 : FILE_NOTIFY_CHANGE_FILE_NAME;
5914
5915 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5916 &parent_dir_src, NULL) ||
5917 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5918 &parent_dir_dst, NULL)) {
5919 goto out;
5920 }
5921
5922 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5923 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5924 smb_fname_src->base_name);
5925 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5926 smb_fname_dst->base_name);
5927 }
5928 else {
5929 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5930 smb_fname_src->base_name);
5931 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5932 smb_fname_dst->base_name);
5933 }
5934
5935 /* this is a strange one. w2k3 gives an additional event for
5936 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5937 files, but not directories */
5938 if (!is_dir) {
5939 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5940 FILE_NOTIFY_CHANGE_ATTRIBUTES
5941 |FILE_NOTIFY_CHANGE_CREATION,
5942 smb_fname_dst->base_name);
5943 }
5944 out:
5945 TALLOC_FREE(parent_dir_src);
5946 TALLOC_FREE(parent_dir_dst);
5947 }
5948
5949 /****************************************************************************
5950 Returns an error if the parent directory for a filename is open in an
5951 incompatible way.
5952 ****************************************************************************/
5953
5954 static NTSTATUS parent_dirname_compatible_open(connection_struct *conn,
5955 const struct smb_filename *smb_fname_dst_in)
5956 {
5957 char *parent_dir = NULL;
5958 struct smb_filename smb_fname_parent;
5959 struct file_id id;
5960 files_struct *fsp = NULL;
5961 int ret;
5962
5963 if (!parent_dirname(talloc_tos(), smb_fname_dst_in->base_name,
5964 &parent_dir, NULL)) {
5965 return NT_STATUS_NO_MEMORY;
5966 }
5967 ZERO_STRUCT(smb_fname_parent);
5968 smb_fname_parent.base_name = parent_dir;
5969
5970 ret = SMB_VFS_LSTAT(conn, &smb_fname_parent);
5971 if (ret == -1) {
5972 return map_nt_error_from_unix(errno);
5973 }
5974
5975 /*
5976 * We're only checking on this smbd here, mostly good
5977 * enough.. and will pass tests.
5978 */
5979
5980 id = vfs_file_id_from_sbuf(conn, &smb_fname_parent.st);
5981 for (fsp = file_find_di_first(conn->sconn, id); fsp;
5982 fsp = file_find_di_next(fsp)) {
5983 if (fsp->access_mask & DELETE_ACCESS) {
5984 return NT_STATUS_SHARING_VIOLATION;
5985 }
5986 }
5987 return NT_STATUS_OK;
5988 }
5989
5990 /****************************************************************************
5991 Rename an open file - given an fsp.
5992 ****************************************************************************/
5993
5994 NTSTATUS rename_internals_fsp(connection_struct *conn,
5995 files_struct *fsp,
5996 const struct smb_filename *smb_fname_dst_in,
5997 uint32 attrs,
5998 bool replace_if_exists)
5999 {
6000 TALLOC_CTX *ctx = talloc_tos();
6001 struct smb_filename *smb_fname_dst = NULL;
6002 NTSTATUS status = NT_STATUS_OK;
6003 struct share_mode_lock *lck = NULL;
6004 bool dst_exists, old_is_stream, new_is_stream;
6005
6006 status = check_name(conn, smb_fname_dst_in->base_name);
6007 if (!NT_STATUS_IS_OK(status)) {
6008 return status;
6009 }
6010
6011 status = parent_dirname_compatible_open(conn, smb_fname_dst_in);
6012 if (!NT_STATUS_IS_OK(status)) {
6013 return status;
6014 }
6015
6016 /* Make a copy of the dst smb_fname structs */
6017
6018 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
6019 if (!NT_STATUS_IS_OK(status)) {
6020 goto out;
6021 }
6022
6023 /*
6024 * Check for special case with case preserving and not
6025 * case sensitive. If the old last component differs from the original
6026 * last component only by case, then we should allow
6027 * the rename (user is trying to change the case of the
6028 * filename).
6029 */
6030 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
6031 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6032 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
6033 char *last_slash;
6034 char *fname_dst_lcomp_base_mod = NULL;
6035 struct smb_filename *smb_fname_orig_lcomp = NULL;
6036
6037 /*
6038 * Get the last component of the destination name.
6039 */
6040 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
6041 if (last_slash) {
6042 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
6043 } else {
6044 fname_dst_lcomp_base_mod = talloc_strdup(ctx, smb_fname_dst->base_name);
6045 }
6046 if (!fname_dst_lcomp_base_mod) {
6047 status = NT_STATUS_NO_MEMORY;
6048 goto out;
6049 }
6050
6051 /*
6052 * Create an smb_filename struct using the original last
6053 * component of the destination.
6054 */
6055 status = create_synthetic_smb_fname_split(ctx,
6056 smb_fname_dst->original_lcomp, NULL,
6057 &smb_fname_orig_lcomp);
6058 if (!NT_STATUS_IS_OK(status)) {
6059 TALLOC_FREE(fname_dst_lcomp_base_mod);
6060 goto out;
6061 }
6062
6063 /* If the base names only differ by case, use original. */
6064 if(!strcsequal(fname_dst_lcomp_base_mod,
6065 smb_fname_orig_lcomp->base_name)) {
6066 char *tmp;
6067 /*
6068 * Replace the modified last component with the
6069 * original.
6070 */
6071 if (last_slash) {
6072 *last_slash = '\0'; /* Truncate at the '/' */
6073 tmp = talloc_asprintf(smb_fname_dst,
6074 "%s/%s",
6075 smb_fname_dst->base_name,
6076 smb_fname_orig_lcomp->base_name);
6077 } else {
6078 tmp = talloc_asprintf(smb_fname_dst,
6079 "%s",
6080 smb_fname_orig_lcomp->base_name);
6081 }
6082 if (tmp == NULL) {
6083 status = NT_STATUS_NO_MEMORY;
6084 TALLOC_FREE(fname_dst_lcomp_base_mod);
6085 TALLOC_FREE(smb_fname_orig_lcomp);
6086 goto out;
6087 }
6088 TALLOC_FREE(smb_fname_dst->base_name);
6089 smb_fname_dst->base_name = tmp;
6090 }
6091
6092 /* If the stream_names only differ by case, use original. */
6093 if(!strcsequal(smb_fname_dst->stream_name,
6094 smb_fname_orig_lcomp->stream_name)) {
6095 char *tmp = NULL;
6096 /* Use the original stream. */
6097 tmp = talloc_strdup(smb_fname_dst,
6098 smb_fname_orig_lcomp->stream_name);
6099 if (tmp == NULL) {
6100 status = NT_STATUS_NO_MEMORY;
6101 TALLOC_FREE(fname_dst_lcomp_base_mod);
6102 TALLOC_FREE(smb_fname_orig_lcomp);
6103 goto out;
6104 }
6105 TALLOC_FREE(smb_fname_dst->stream_name);
6106 smb_fname_dst->stream_name = tmp;
6107 }
6108 TALLOC_FREE(fname_dst_lcomp_base_mod);
6109 TALLOC_FREE(smb_fname_orig_lcomp);
6110 }
6111
6112 /*
6113 * If the src and dest names are identical - including case,
6114 * don't do the rename, just return success.
6115 */
6116
6117 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6118 strcsequal(fsp->fsp_name->stream_name,
6119 smb_fname_dst->stream_name)) {
6120 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
6121 "- returning success\n",
6122 smb_fname_str_dbg(smb_fname_dst)));
6123 status = NT_STATUS_OK;
6124 goto out;
6125 }
6126
6127 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
6128 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
6129
6130 /* Return the correct error code if both names aren't streams. */
6131 if (!old_is_stream && new_is_stream) {
6132 status = NT_STATUS_OBJECT_NAME_INVALID;
6133 goto out;
6134 }
6135
6136 if (old_is_stream && !new_is_stream) {
6137 status = NT_STATUS_INVALID_PARAMETER;
6138 goto out;
6139 }
6140
6141 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6142
6143 if(!replace_if_exists && dst_exists) {
6144 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6145 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6146 smb_fname_str_dbg(smb_fname_dst)));
6147 status = NT_STATUS_OBJECT_NAME_COLLISION;
6148 goto out;
6149 }
6150
6151 if (dst_exists) {
6152 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6153 &smb_fname_dst->st);
6154 files_struct *dst_fsp = file_find_di_first(conn->sconn,
6155 fileid);
6156 /* The file can be open when renaming a stream */
6157 if (dst_fsp && !new_is_stream) {
6158 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6159 status = NT_STATUS_ACCESS_DENIED;
6160 goto out;
6161 }
6162 }
6163
6164 /* Ensure we have a valid stat struct for the source. */
6165 status = vfs_stat_fsp(fsp);
6166 if (!NT_STATUS_IS_OK(status)) {
6167 goto out;
6168 }
6169
6170 status = can_rename(conn, fsp, attrs);
6171
6172 if (!NT_STATUS_IS_OK(status)) {
6173 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6174 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6175 smb_fname_str_dbg(smb_fname_dst)));
6176 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6177 status = NT_STATUS_ACCESS_DENIED;
6178 goto out;
6179 }
6180
6181 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6182 status = NT_STATUS_ACCESS_DENIED;
6183 }
6184
6185 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
6186 NULL);
6187
6188 /*
6189 * We have the file open ourselves, so not being able to get the
6190 * corresponding share mode lock is a fatal error.
6191 */
6192
6193 SMB_ASSERT(lck != NULL);
6194
6195 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6196 uint32 create_options = fsp->fh->private_options;
6197
6198 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6199 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6200 smb_fname_str_dbg(smb_fname_dst)));
6201
6202 if (!fsp->is_directory &&
6203 !lp_posix_pathnames() &&
6204 (lp_map_archive(SNUM(conn)) ||
6205 lp_store_dos_attributes(SNUM(conn)))) {
6206 /* We must set the archive bit on the newly
6207 renamed file. */
6208 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
6209 uint32_t old_dosmode = dos_mode(conn,
6210 smb_fname_dst);
6211 file_set_dosmode(conn,
6212 smb_fname_dst,
6213 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
6214 NULL,
6215 true);
6216 }
6217 }
6218
6219 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6220 smb_fname_dst);
6221
6222 rename_open_files(conn, lck, fsp->name_hash, smb_fname_dst);
6223
6224 /*
6225 * A rename acts as a new file create w.r.t. allowing an initial delete
6226 * on close, probably because in Windows there is a new handle to the
6227 * new file. If initial delete on close was requested but not
6228 * originally set, we need to set it here. This is probably not 100% correct,
6229 * but will work for the CIFSFS client which in non-posix mode
6230 * depends on these semantics. JRA.
6231 */
6232
6233 if (create_options & FILE_DELETE_ON_CLOSE) {
6234 status = can_set_delete_on_close(fsp, 0);
6235
6236 if (NT_STATUS_IS_OK(status)) {
6237 /* Note that here we set the *inital* delete on close flag,
6238 * not the regular one. The magic gets handled in close. */
6239 fsp->initial_delete_on_close = True;
6240 }
6241 }
6242 TALLOC_FREE(lck);
6243 status = NT_STATUS_OK;
6244 goto out;
6245 }
6246
6247 TALLOC_FREE(lck);
6248
6249 if (errno == ENOTDIR || errno == EISDIR) {
6250 status = NT_STATUS_OBJECT_NAME_COLLISION;
6251 } else {
6252 status = map_nt_error_from_unix(errno);
6253 }
6254
6255 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6256 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6257 smb_fname_str_dbg(smb_fname_dst)));
6258
6259 out:
6260 TALLOC_FREE(smb_fname_dst);
6261
6262 return status;
6263 }
6264
6265 /****************************************************************************
6266 The guts of the rename command, split out so it may be called by the NT SMB
6267 code.
6268 ****************************************************************************/
6269
6270 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6271 connection_struct *conn,
6272 struct smb_request *req,
6273 struct smb_filename *smb_fname_src,
6274 struct smb_filename *smb_fname_dst,
6275 uint32 attrs,
6276 bool replace_if_exists,
6277 bool src_has_wild,
6278 bool dest_has_wild,
6279 uint32_t access_mask)
6280 {
6281 char *fname_src_dir = NULL;
6282 char *fname_src_mask = NULL;
6283 int count=0;
6284 NTSTATUS status = NT_STATUS_OK;
6285 struct smb_Dir *dir_hnd = NULL;
6286 const char *dname = NULL;
6287 char *talloced = NULL;
6288 long offset = 0;
6289 int create_options = 0;
6290 bool posix_pathnames = lp_posix_pathnames();
6291
6292 /*
6293 * Split the old name into directory and last component
6294 * strings. Note that unix_convert may have stripped off a
6295 * leading ./ from both name and newname if the rename is
6296 * at the root of the share. We need to make sure either both
6297 * name and newname contain a / character or neither of them do
6298 * as this is checked in resolve_wildcards().
6299 */
6300
6301 /* Split up the directory from the filename/mask. */
6302 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6303 &fname_src_dir, &fname_src_mask);
6304 if (!NT_STATUS_IS_OK(status)) {
6305 status = NT_STATUS_NO_MEMORY;
6306 goto out;
6307 }
6308
6309 /*
6310 * We should only check the mangled cache
6311 * here if unix_convert failed. This means
6312 * that the path in 'mask' doesn't exist
6313 * on the file system and so we need to look
6314 * for a possible mangle. This patch from
6315 * Tine Smukavec <valentin.smukavec@hermes.si>.
6316 */
6317
6318 if (!VALID_STAT(smb_fname_src->st) &&
6319 mangle_is_mangled(fname_src_mask, conn->params)) {
6320 char *new_mask = NULL;
6321 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6322 conn->params);
6323 if (new_mask) {
6324 TALLOC_FREE(fname_src_mask);
6325 fname_src_mask = new_mask;
6326 }
6327 }
6328
6329 if (!src_has_wild) {
6330 files_struct *fsp;
6331
6332 /*
6333 * Only one file needs to be renamed. Append the mask back
6334 * onto the directory.
6335 */
6336 TALLOC_FREE(smb_fname_src->base_name);
6337 if (ISDOT(fname_src_dir)) {
6338 /* Ensure we use canonical names on open. */
6339 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6340 "%s",
6341 fname_src_mask);
6342 } else {
6343 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6344 "%s/%s",
6345 fname_src_dir,
6346 fname_src_mask);
6347 }
6348 if (!smb_fname_src->base_name) {
6349 status = NT_STATUS_NO_MEMORY;
6350 goto out;
6351 }
6352
6353 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6354 "case_preserve = %d, short case preserve = %d, "
6355 "directory = %s, newname = %s, "
6356 "last_component_dest = %s\n",
6357 conn->case_sensitive, conn->case_preserve,
6358 conn->short_case_preserve,
6359 smb_fname_str_dbg(smb_fname_src),
6360 smb_fname_str_dbg(smb_fname_dst),
6361 smb_fname_dst->original_lcomp));
6362
6363 /* The dest name still may have wildcards. */
6364 if (dest_has_wild) {
6365 char *fname_dst_mod = NULL;
6366 if (!resolve_wildcards(smb_fname_dst,
6367 smb_fname_src->base_name,
6368 smb_fname_dst->base_name,
6369 &fname_dst_mod)) {
6370 DEBUG(6, ("rename_internals: resolve_wildcards "
6371 "%s %s failed\n",
6372 smb_fname_src->base_name,
6373 smb_fname_dst->base_name));
6374 status = NT_STATUS_NO_MEMORY;
6375 goto out;
6376 }
6377 TALLOC_FREE(smb_fname_dst->base_name);
6378 smb_fname_dst->base_name = fname_dst_mod;
6379 }
6380
6381 ZERO_STRUCT(smb_fname_src->st);
6382 if (posix_pathnames) {
6383 SMB_VFS_LSTAT(conn, smb_fname_src);
6384 } else {
6385 SMB_VFS_STAT(conn, smb_fname_src);
6386 }
6387
6388 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6389 create_options |= FILE_DIRECTORY_FILE;
6390 }
6391
6392 status = SMB_VFS_CREATE_FILE(
6393 conn, /* conn */
6394 req, /* req */
6395 0, /* root_dir_fid */
6396 smb_fname_src, /* fname */
6397 access_mask, /* access_mask */
6398 (FILE_SHARE_READ | /* share_access */
6399 FILE_SHARE_WRITE),
6400 FILE_OPEN, /* create_disposition*/
6401 create_options, /* create_options */
6402 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6403 0, /* oplock_request */
6404 0, /* allocation_size */
6405 0, /* private_flags */
6406 NULL, /* sd */
6407 NULL, /* ea_list */
6408 &fsp, /* result */
6409 NULL); /* pinfo */
6410
6411 if (!NT_STATUS_IS_OK(status)) {
6412 DEBUG(3, ("Could not open rename source %s: %s\n",
6413 smb_fname_str_dbg(smb_fname_src),
6414 nt_errstr(status)));
6415 goto out;
6416 }
6417
6418 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6419 attrs, replace_if_exists);
6420
6421 close_file(req, fsp, NORMAL_CLOSE);
6422
6423 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6424 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6425 smb_fname_str_dbg(smb_fname_dst)));
6426
6427 goto out;
6428 }
6429
6430 /*
6431 * Wildcards - process each file that matches.
6432 */
6433 if (strequal(fname_src_mask, "????????.???")) {
6434 TALLOC_FREE(fname_src_mask);
6435 fname_src_mask = talloc_strdup(ctx, "*");
6436 if (!fname_src_mask) {
6437 status = NT_STATUS_NO_MEMORY;
6438 goto out;
6439 }
6440 }
6441
6442 status = check_name(conn, fname_src_dir);
6443 if (!NT_STATUS_IS_OK(status)) {
6444 goto out;
6445 }
6446
6447 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6448 attrs);
6449 if (dir_hnd == NULL) {
6450 status = map_nt_error_from_unix(errno);
6451 goto out;
6452 }
6453
6454 status = NT_STATUS_NO_SUCH_FILE;
6455 /*
6456 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6457 * - gentest fix. JRA
6458 */
6459
6460 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6461 &talloced))) {
6462 files_struct *fsp = NULL;
6463 char *destname = NULL;
6464 bool sysdir_entry = False;
6465
6466 /* Quick check for "." and ".." */
6467 if (ISDOT(dname) || ISDOTDOT(dname)) {
6468 if (attrs & FILE_ATTRIBUTE_DIRECTORY) {
6469 sysdir_entry = True;
6470 } else {
6471 TALLOC_FREE(talloced);
6472 continue;
6473 }
6474 }
6475
6476 if (!is_visible_file(conn, fname_src_dir, dname,
6477 &smb_fname_src->st, false)) {
6478 TALLOC_FREE(talloced);
6479 continue;
6480 }
6481
6482 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6483 TALLOC_FREE(talloced);
6484 continue;
6485 }
6486
6487 if (sysdir_entry) {
6488 status = NT_STATUS_OBJECT_NAME_INVALID;
6489 break;
6490 }
6491
6492 TALLOC_FREE(smb_fname_src->base_name);
6493 if (ISDOT(fname_src_dir)) {
6494 /* Ensure we use canonical names on open. */
6495 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6496 "%s",
6497 dname);
6498 } else {
6499 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6500 "%s/%s",
6501 fname_src_dir,
6502 dname);
6503 }
6504 if (!smb_fname_src->base_name) {
6505 status = NT_STATUS_NO_MEMORY;
6506 goto out;
6507 }
6508
6509 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6510 smb_fname_dst->base_name,
6511 &destname)) {
6512 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6513 smb_fname_src->base_name, destname));
6514 TALLOC_FREE(talloced);
6515 continue;
6516 }
6517 if (!destname) {
6518 status = NT_STATUS_NO_MEMORY;
6519 goto out;
6520 }
6521
6522 TALLOC_FREE(smb_fname_dst->base_name);
6523 smb_fname_dst->base_name = destname;
6524
6525 ZERO_STRUCT(smb_fname_src->st);
6526 if (posix_pathnames) {
6527 SMB_VFS_LSTAT(conn, smb_fname_src);
6528 } else {
6529 SMB_VFS_STAT(conn, smb_fname_src);
6530 }
6531
6532 create_options = 0;
6533
6534 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6535 create_options |= FILE_DIRECTORY_FILE;
6536 }
6537
6538 status = SMB_VFS_CREATE_FILE(
6539 conn, /* conn */
6540 req, /* req */
6541 0, /* root_dir_fid */
6542 smb_fname_src, /* fname */
6543 access_mask, /* access_mask */
6544 (FILE_SHARE_READ | /* share_access */
6545 FILE_SHARE_WRITE),
6546 FILE_OPEN, /* create_disposition*/
6547 create_options, /* create_options */
6548 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6549 0, /* oplock_request */
6550 0, /* allocation_size */
6551 0, /* private_flags */
6552 NULL, /* sd */
6553 NULL, /* ea_list */
6554 &fsp, /* result */
6555 NULL); /* pinfo */
6556
6557 if (!NT_STATUS_IS_OK(status)) {
6558 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6559 "returned %s rename %s -> %s\n",
6560 nt_errstr(status),
6561 smb_fname_str_dbg(smb_fname_src),
6562 smb_fname_str_dbg(smb_fname_dst)));
6563 break;
6564 }
6565
6566 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6567 dname);
6568 if (!smb_fname_dst->original_lcomp) {
6569 status = NT_STATUS_NO_MEMORY;
6570 goto out;
6571 }
6572
6573 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6574 attrs, replace_if_exists);
6575
6576 close_file(req, fsp, NORMAL_CLOSE);
6577
6578 if (!NT_STATUS_IS_OK(status)) {
6579 DEBUG(3, ("rename_internals_fsp returned %s for "
6580 "rename %s -> %s\n", nt_errstr(status),
6581 smb_fname_str_dbg(smb_fname_src),
6582 smb_fname_str_dbg(smb_fname_dst)));
6583 break;
6584 }
6585
6586 count++;
6587
6588 DEBUG(3,("rename_internals: doing rename on %s -> "
6589 "%s\n", smb_fname_str_dbg(smb_fname_src),
6590 smb_fname_str_dbg(smb_fname_src)));
6591 TALLOC_FREE(talloced);
6592 }
6593 TALLOC_FREE(dir_hnd);
6594
6595 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6596 status = map_nt_error_from_unix(errno);
6597 }
6598
6599 out:
6600 TALLOC_FREE(talloced);
6601 TALLOC_FREE(fname_src_dir);
6602 TALLOC_FREE(fname_src_mask);
6603 return status;
6604 }
6605
6606 /****************************************************************************
6607 Reply to a mv.
6608 ****************************************************************************/
6609
6610 void reply_mv(struct smb_request *req)
6611 {
6612 connection_struct *conn = req->conn;
6613 char *name = NULL;
6614 char *newname = NULL;
6615 const char *p;
6616 uint32 attrs;
6617 NTSTATUS status;
6618 bool src_has_wcard = False;
6619 bool dest_has_wcard = False;
6620 TALLOC_CTX *ctx = talloc_tos();
6621 struct smb_filename *smb_fname_src = NULL;
6622 struct smb_filename *smb_fname_dst = NULL;
6623 uint32_t src_ucf_flags = lp_posix_pathnames() ? UCF_UNIX_NAME_LOOKUP : UCF_COND_ALLOW_WCARD_LCOMP;
6624 uint32_t dst_ucf_flags = UCF_SAVE_LCOMP | (lp_posix_pathnames() ? 0 : UCF_COND_ALLOW_WCARD_LCOMP);
6625 bool stream_rename = false;
6626
6627 START_PROFILE(SMBmv);
6628
6629 if (req->wct < 1) {
6630 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6631 goto out;
6632 }
6633
6634 attrs = SVAL(req->vwv+0, 0);
6635
6636 p = (const char *)req->buf + 1;
6637 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6638 &status, &src_has_wcard);
6639 if (!NT_STATUS_IS_OK(status)) {
6640 reply_nterror(req, status);
6641 goto out;
6642 }
6643 p++;
6644 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6645 &status, &dest_has_wcard);
6646 if (!NT_STATUS_IS_OK(status)) {
6647 reply_nterror(req, status);
6648 goto out;
6649 }
6650
6651 if (!lp_posix_pathnames()) {
6652 /* The newname must begin with a ':' if the
6653 name contains a ':'. */
6654 if (strchr_m(name, ':')) {
6655 if (newname[0] != ':') {
6656 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6657 goto out;
6658 }
6659 stream_rename = true;
6660 }
6661 }
6662
6663 status = filename_convert(ctx,
6664 conn,
6665 req->flags2 & FLAGS2_DFS_PATHNAMES,
6666 name,
6667 src_ucf_flags,
6668 &src_has_wcard,
6669 &smb_fname_src);
6670
6671 if (!NT_STATUS_IS_OK(status)) {
6672 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6673 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6674 ERRSRV, ERRbadpath);
6675 goto out;
6676 }
6677 reply_nterror(req, status);
6678 goto out;
6679 }
6680
6681 status = filename_convert(ctx,
6682 conn,
6683 req->flags2 & FLAGS2_DFS_PATHNAMES,
6684 newname,
6685 dst_ucf_flags,
6686 &dest_has_wcard,
6687 &smb_fname_dst);
6688
6689 if (!NT_STATUS_IS_OK(status)) {
6690 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6691 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6692 ERRSRV, ERRbadpath);
6693 goto out;
6694 }
6695 reply_nterror(req, status);
6696 goto out;
6697 }
6698
6699 if (stream_rename) {
6700 /* smb_fname_dst->base_name must be the same as
6701 smb_fname_src->base_name. */
6702 TALLOC_FREE(smb_fname_dst->base_name);
6703 smb_fname_dst->base_name = talloc_strdup(smb_fname_dst,
6704 smb_fname_src->base_name);
6705 if (!smb_fname_dst->base_name) {
6706 reply_nterror(req, NT_STATUS_NO_MEMORY);
6707 goto out;
6708 }
6709 }
6710
6711 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6712 smb_fname_str_dbg(smb_fname_dst)));
6713
6714 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6715 attrs, False, src_has_wcard, dest_has_wcard,
6716 DELETE_ACCESS);
6717 if (!NT_STATUS_IS_OK(status)) {
6718 if (open_was_deferred(req->mid)) {
6719 /* We have re-scheduled this call. */
6720 goto out;
6721 }
6722 reply_nterror(req, status);
6723 goto out;
6724 }
6725
6726 reply_outbuf(req, 0, 0);
6727 out:
6728 TALLOC_FREE(smb_fname_src);
6729 TALLOC_FREE(smb_fname_dst);
6730 END_PROFILE(SMBmv);
6731 return;
6732 }
6733
6734 /*******************************************************************
6735 Copy a file as part of a reply_copy.
6736 ******************************************************************/
6737
6738 /*
6739 * TODO: check error codes on all callers
6740 */
6741
6742 NTSTATUS copy_file(TALLOC_CTX *ctx,
6743 connection_struct *conn,
6744 struct smb_filename *smb_fname_src,
6745 struct smb_filename *smb_fname_dst,
6746 int ofun,
6747 int count,
6748 bool target_is_directory)
6749 {
6750 struct smb_filename *smb_fname_dst_tmp = NULL;
6751 SMB_OFF_T ret=-1;
6752 files_struct *fsp1,*fsp2;
6753 uint32 dosattrs;
6754 uint32 new_create_disposition;
6755 NTSTATUS status;
6756
6757
6758 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6759 if (!NT_STATUS_IS_OK(status)) {
6760 return status;
6761 }
6762
6763 /*
6764 * If the target is a directory, extract the last component from the
6765 * src filename and append it to the dst filename
6766 */
6767 if (target_is_directory) {
6768 const char *p;
6769
6770 /* dest/target can't be a stream if it's a directory. */
6771 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6772
6773 p = strrchr_m(smb_fname_src->base_name,'/');
6774 if (p) {
6775 p++;
6776 } else {
6777 p = smb_fname_src->base_name;
6778 }
6779 smb_fname_dst_tmp->base_name =
6780 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6781 p);
6782 if (!smb_fname_dst_tmp->base_name) {
6783 status = NT_STATUS_NO_MEMORY;
6784 goto out;
6785 }
6786 }
6787
6788 status = vfs_file_exist(conn, smb_fname_src);
6789 if (!NT_STATUS_IS_OK(status)) {
6790 goto out;
6791 }
6792
6793 if (!target_is_directory && count) {
6794 new_create_disposition = FILE_OPEN;
6795 } else {
6796 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp->base_name,
6797 0, ofun,
6798 NULL, NULL,
6799 &new_create_disposition,
6800 NULL,
6801 NULL)) {
6802 status = NT_STATUS_INVALID_PARAMETER;
6803 goto out;
6804 }
6805 }
6806
6807 /* Open the src file for reading. */
6808 status = SMB_VFS_CREATE_FILE(
6809 conn, /* conn */
6810 NULL, /* req */
6811 0, /* root_dir_fid */
6812 smb_fname_src, /* fname */
6813 FILE_GENERIC_READ, /* access_mask */
6814 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6815 FILE_OPEN, /* create_disposition*/
6816 0, /* create_options */
6817 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6818 INTERNAL_OPEN_ONLY, /* oplock_request */
6819 0, /* allocation_size */
6820 0, /* private_flags */
6821 NULL, /* sd */
6822 NULL, /* ea_list */
6823 &fsp1, /* result */
6824 NULL); /* psbuf */
6825
6826 if (!NT_STATUS_IS_OK(status)) {
6827 goto out;
6828 }
6829
6830 dosattrs = dos_mode(conn, smb_fname_src);
6831
6832 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6833 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6834 }
6835
6836 /* Open the dst file for writing. */
6837 status = SMB_VFS_CREATE_FILE(
6838 conn, /* conn */
6839 NULL, /* req */
6840 0, /* root_dir_fid */
6841 smb_fname_dst, /* fname */
6842 FILE_GENERIC_WRITE, /* access_mask */
6843 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6844 new_create_disposition, /* create_disposition*/
6845 0, /* create_options */
6846 dosattrs, /* file_attributes */
6847 INTERNAL_OPEN_ONLY, /* oplock_request */
6848 0, /* allocation_size */
6849 0, /* private_flags */
6850 NULL, /* sd */
6851 NULL, /* ea_list */
6852 &fsp2, /* result */
6853 NULL); /* psbuf */
6854
6855 if (!NT_STATUS_IS_OK(status)) {
6856 close_file(NULL, fsp1, ERROR_CLOSE);
6857 goto out;
6858 }
6859
6860 if (ofun & OPENX_FILE_EXISTS_OPEN) {
6861 ret = SMB_VFS_LSEEK(fsp2, 0, SEEK_END);
6862 if (ret == -1) {
6863 DEBUG(0, ("error - vfs lseek returned error %s\n",
6864 strerror(errno)));
6865 status = map_nt_error_from_unix(errno);
6866 close_file(NULL, fsp1, ERROR_CLOSE);
6867 close_file(NULL, fsp2, ERROR_CLOSE);
6868 goto out;
6869 }
6870 }
6871
6872 /* Do the actual copy. */
6873 if (smb_fname_src->st.st_ex_size) {
6874 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6875 } else {
6876 ret = 0;
6877 }
6878
6879 close_file(NULL, fsp1, NORMAL_CLOSE);
6880
6881 /* Ensure the modtime is set correctly on the destination file. */
6882 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6883
6884 /*
6885 * As we are opening fsp1 read-only we only expect
6886 * an error on close on fsp2 if we are out of space.
6887 * Thus we don't look at the error return from the
6888 * close of fsp1.
6889 */
6890 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6891
6892 if (!NT_STATUS_IS_OK(status)) {
6893 goto out;
6894 }
6895
6896 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6897 status = NT_STATUS_DISK_FULL;
6898 goto out;
6899 }
6900
6901 status = NT_STATUS_OK;
6902
6903 out:
6904 TALLOC_FREE(smb_fname_dst_tmp);
6905 return status;
6906 }
6907
6908 /****************************************************************************
6909 Reply to a file copy.
6910 ****************************************************************************/
6911
6912 void reply_copy(struct smb_request *req)
6913 {
6914 connection_struct *conn = req->conn;
6915 struct smb_filename *smb_fname_src = NULL;
6916 struct smb_filename *smb_fname_dst = NULL;
6917 char *fname_src = NULL;
6918 char *fname_dst = NULL;
6919 char *fname_src_mask = NULL;
6920 char *fname_src_dir = NULL;
6921 const char *p;
6922 int count=0;
6923 int error = ERRnoaccess;
6924 int tid2;
6925 int ofun;
6926 int flags;
6927 bool target_is_directory=False;
6928 bool source_has_wild = False;
6929 bool dest_has_wild = False;
6930 NTSTATUS status;
6931 TALLOC_CTX *ctx = talloc_tos();
6932
6933 START_PROFILE(SMBcopy);
6934
6935 if (req->wct < 3) {
6936 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6937 goto out;
6938 }
6939
6940 tid2 = SVAL(req->vwv+0, 0);
6941 ofun = SVAL(req->vwv+1, 0);
6942 flags = SVAL(req->vwv+2, 0);
6943
6944 p = (const char *)req->buf;
6945 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6946 &status, &source_has_wild);
6947 if (!NT_STATUS_IS_OK(status)) {
6948 reply_nterror(req, status);
6949 goto out;
6950 }
6951 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6952 &status, &dest_has_wild);
6953 if (!NT_STATUS_IS_OK(status)) {
6954 reply_nterror(req, status);
6955 goto out;
6956 }
6957
6958 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6959
6960 if (tid2 != conn->cnum) {
6961 /* can't currently handle inter share copies XXXX */
6962 DEBUG(3,("Rejecting inter-share copy\n"));
6963 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
6964 goto out;
6965 }
6966
6967 status = filename_convert(ctx, conn,
6968 req->flags2 & FLAGS2_DFS_PATHNAMES,
6969 fname_src,
6970 UCF_COND_ALLOW_WCARD_LCOMP,
6971 &source_has_wild,
6972 &smb_fname_src);
6973 if (!NT_STATUS_IS_OK(status)) {
6974 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6975 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6976 ERRSRV, ERRbadpath);
6977 goto out;
6978 }
6979 reply_nterror(req, status);
6980 goto out;
6981 }
6982
6983 status = filename_convert(ctx, conn,
6984 req->flags2 & FLAGS2_DFS_PATHNAMES,
6985 fname_dst,
6986 UCF_COND_ALLOW_WCARD_LCOMP,
6987 &dest_has_wild,
6988 &smb_fname_dst);
6989 if (!NT_STATUS_IS_OK(status)) {
6990 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6991 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6992 ERRSRV, ERRbadpath);
6993 goto out;
6994 }
6995 reply_nterror(req, status);
6996 goto out;
6997 }
6998
6999 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
7000
7001 if ((flags&1) && target_is_directory) {
7002 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
7003 goto out;
7004 }
7005
7006 if ((flags&2) && !target_is_directory) {
7007 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
7008 goto out;
7009 }
7010
7011 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
7012 /* wants a tree copy! XXXX */
7013 DEBUG(3,("Rejecting tree copy\n"));
7014 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7015 goto out;
7016 }
7017
7018 /* Split up the directory from the filename/mask. */
7019 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
7020 &fname_src_dir, &fname_src_mask);
7021 if (!NT_STATUS_IS_OK(status)) {
7022 reply_nterror(req, NT_STATUS_NO_MEMORY);
7023 goto out;
7024 }
7025
7026 /*
7027 * We should only check the mangled cache
7028 * here if unix_convert failed. This means
7029 * that the path in 'mask' doesn't exist
7030 * on the file system and so we need to look
7031 * for a possible mangle. This patch from
7032 * Tine Smukavec <valentin.smukavec@hermes.si>.
7033 */
7034 if (!VALID_STAT(smb_fname_src->st) &&
7035 mangle_is_mangled(fname_src_mask, conn->params)) {
7036 char *new_mask = NULL;
7037 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
7038 &new_mask, conn->params);
7039
7040 /* Use demangled name if one was successfully found. */
7041 if (new_mask) {
7042 TALLOC_FREE(fname_src_mask);
7043 fname_src_mask = new_mask;
7044 }
7045 }
7046
7047 if (!source_has_wild) {
7048
7049 /*
7050 * Only one file needs to be copied. Append the mask back onto
7051 * the directory.
7052 */
7053 TALLOC_FREE(smb_fname_src->base_name);
7054 if (ISDOT(fname_src_dir)) {
7055 /* Ensure we use canonical names on open. */
7056 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7057 "%s",
7058 fname_src_mask);
7059 } else {
7060 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7061 "%s/%s",
7062 fname_src_dir,
7063 fname_src_mask);
7064 }
7065 if (!smb_fname_src->base_name) {
7066 reply_nterror(req, NT_STATUS_NO_MEMORY);
7067 goto out;
7068 }
7069
7070 if (dest_has_wild) {
7071 char *fname_dst_mod = NULL;
7072 if (!resolve_wildcards(smb_fname_dst,
7073 smb_fname_src->base_name,
7074 smb_fname_dst->base_name,
7075 &fname_dst_mod)) {
7076 reply_nterror(req, NT_STATUS_NO_MEMORY);
7077 goto out;
7078 }
7079 TALLOC_FREE(smb_fname_dst->base_name);
7080 smb_fname_dst->base_name = fname_dst_mod;
7081 }
7082
7083 status = check_name(conn, smb_fname_src->base_name);
7084 if (!NT_STATUS_IS_OK(status)) {
7085 reply_nterror(req, status);
7086 goto out;
7087 }
7088
7089 status = check_name(conn, smb_fname_dst->base_name);
7090 if (!NT_STATUS_IS_OK(status)) {
7091 reply_nterror(req, status);
7092 goto out;
7093 }
7094
7095 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
7096 ofun, count, target_is_directory);
7097
7098 if(!NT_STATUS_IS_OK(status)) {
7099 reply_nterror(req, status);
7100 goto out;
7101 } else {
7102 count++;
7103 }
7104 } else {
7105 struct smb_Dir *dir_hnd = NULL;
7106 const char *dname = NULL;
7107 char *talloced = NULL;
7108 long offset = 0;
7109
7110 /*
7111 * There is a wildcard that requires us to actually read the
7112 * src dir and copy each file matching the mask to the dst.
7113 * Right now streams won't be copied, but this could
7114 * presumably be added with a nested loop for reach dir entry.
7115 */
7116 SMB_ASSERT(!smb_fname_src->stream_name);
7117 SMB_ASSERT(!smb_fname_dst->stream_name);
7118
7119 smb_fname_src->stream_name = NULL;
7120 smb_fname_dst->stream_name = NULL;
7121
7122 if (strequal(fname_src_mask,"????????.???")) {
7123 TALLOC_FREE(fname_src_mask);
7124 fname_src_mask = talloc_strdup(ctx, "*");
7125 if (!fname_src_mask) {
7126 reply_nterror(req, NT_STATUS_NO_MEMORY);
7127 goto out;
7128 }
7129 }
7130
7131 status = check_name(conn, fname_src_dir);
7132 if (!NT_STATUS_IS_OK(status)) {
7133 reply_nterror(req, status);
7134 goto out;
7135 }
7136
7137 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
7138 if (dir_hnd == NULL) {
7139 status = map_nt_error_from_unix(errno);
7140 reply_nterror(req, status);
7141 goto out;
7142 }
7143
7144 error = ERRbadfile;
7145
7146 /* Iterate over the src dir copying each entry to the dst. */
7147 while ((dname = ReadDirName(dir_hnd, &offset,
7148 &smb_fname_src->st, &talloced))) {
7149 char *destname = NULL;
7150
7151 if (ISDOT(dname) || ISDOTDOT(dname)) {
7152 TALLOC_FREE(talloced);
7153 continue;
7154 }
7155
7156 if (!is_visible_file(conn, fname_src_dir, dname,
7157 &smb_fname_src->st, false)) {
7158 TALLOC_FREE(talloced);
7159 continue;
7160 }
7161
7162 if(!mask_match(dname, fname_src_mask,
7163 conn->case_sensitive)) {
7164 TALLOC_FREE(talloced);
7165 continue;
7166 }
7167
7168 error = ERRnoaccess;
7169
7170 /* Get the src smb_fname struct setup. */
7171 TALLOC_FREE(smb_fname_src->base_name);
7172 if (ISDOT(fname_src_dir)) {
7173 /* Ensure we use canonical names on open. */
7174 smb_fname_src->base_name =
7175 talloc_asprintf(smb_fname_src, "%s",
7176 dname);
7177 } else {
7178 smb_fname_src->base_name =
7179 talloc_asprintf(smb_fname_src, "%s/%s",
7180 fname_src_dir, dname);
7181 }
7182
7183 if (!smb_fname_src->base_name) {
7184 TALLOC_FREE(dir_hnd);
7185 TALLOC_FREE(talloced);
7186 reply_nterror(req, NT_STATUS_NO_MEMORY);
7187 goto out;
7188 }
7189
7190 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
7191 smb_fname_dst->base_name,
7192 &destname)) {
7193 TALLOC_FREE(talloced);
7194 continue;
7195 }
7196 if (!destname) {
7197 TALLOC_FREE(dir_hnd);
7198 TALLOC_FREE(talloced);
7199 reply_nterror(req, NT_STATUS_NO_MEMORY);
7200 goto out;
7201 }
7202
7203 TALLOC_FREE(smb_fname_dst->base_name);
7204 smb_fname_dst->base_name = destname;
7205
7206 status = check_name(conn, smb_fname_src->base_name);
7207 if (!NT_STATUS_IS_OK(status)) {
7208 TALLOC_FREE(dir_hnd);
7209 TALLOC_FREE(talloced);
7210 reply_nterror(req, status);
7211 goto out;
7212 }
7213
7214 status = check_name(conn, smb_fname_dst->base_name);
7215 if (!NT_STATUS_IS_OK(status)) {
7216 TALLOC_FREE(dir_hnd);
7217 TALLOC_FREE(talloced);
7218 reply_nterror(req, status);
7219 goto out;
7220 }
7221
7222 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7223 smb_fname_src->base_name,
7224 smb_fname_dst->base_name));
7225
7226 status = copy_file(ctx, conn, smb_fname_src,
7227 smb_fname_dst, ofun, count,
7228 target_is_directory);
7229 if (NT_STATUS_IS_OK(status)) {
7230 count++;
7231 }
7232
7233 TALLOC_FREE(talloced);
7234 }
7235 TALLOC_FREE(dir_hnd);
7236 }
7237
7238 if (count == 0) {
7239 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
7240 goto out;
7241 }
7242
7243 reply_outbuf(req, 1, 0);
7244 SSVAL(req->outbuf,smb_vwv0,count);
7245 out:
7246 TALLOC_FREE(smb_fname_src);
7247 TALLOC_FREE(smb_fname_dst);
7248 TALLOC_FREE(fname_src);
7249 TALLOC_FREE(fname_dst);
7250 TALLOC_FREE(fname_src_mask);
7251 TALLOC_FREE(fname_src_dir);
7252
7253 END_PROFILE(SMBcopy);
7254 return;
7255 }
7256
7257 #undef DBGC_CLASS
7258 #define DBGC_CLASS DBGC_LOCKING
7259
7260 /****************************************************************************
7261 Get a lock pid, dealing with large count requests.
7262 ****************************************************************************/
7263
7264 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
7265 bool large_file_format)
7266 {
7267 if(!large_file_format)
7268 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
7269 else
7270 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7271 }
7272
7273 /****************************************************************************
7274 Get a lock count, dealing with large count requests.
7275 ****************************************************************************/
7276
7277 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7278 bool large_file_format)
7279 {
7280 uint64_t count = 0;
7281
7282 if(!large_file_format) {
7283 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7284 } else {
7285
7286 #if defined(HAVE_LONGLONG)
7287 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7288 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7289 #else /* HAVE_LONGLONG */
7290
7291 /*
7292 * NT4.x seems to be broken in that it sends large file (64 bit)
7293 * lockingX calls even if the CAP_LARGE_FILES was *not*
7294 * negotiated. For boxes without large unsigned ints truncate the
7295 * lock count by dropping the top 32 bits.
7296 */
7297
7298 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7299 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7300 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7301 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7302 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7303 }
7304
7305 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7306 #endif /* HAVE_LONGLONG */
7307 }
7308
7309 return count;
7310 }
7311
7312 #if !defined(HAVE_LONGLONG)
7313 /****************************************************************************
7314 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7315 ****************************************************************************/
7316
7317 static uint32 map_lock_offset(uint32 high, uint32 low)
7318 {
7319 unsigned int i;
7320 uint32 mask = 0;
7321 uint32 highcopy = high;
7322
7323 /*
7324 * Try and find out how many significant bits there are in high.
7325 */
7326
7327 for(i = 0; highcopy; i++)
7328 highcopy >>= 1;
7329
7330 /*
7331 * We use 31 bits not 32 here as POSIX
7332 * lock offsets may not be negative.
7333 */
7334
7335 mask = (~0) << (31 - i);
7336
7337 if(low & mask)
7338 return 0; /* Fail. */
7339
7340 high <<= (31 - i);
7341
7342 return (high|low);
7343 }
7344 #endif /* !defined(HAVE_LONGLONG) */
7345
7346 /****************************************************************************
7347 Get a lock offset, dealing with large offset requests.
7348 ****************************************************************************/
7349
7350 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7351 bool large_file_format, bool *err)
7352 {
7353 uint64_t offset = 0;
7354
7355 *err = False;
7356
7357 if(!large_file_format) {
7358 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7359 } else {
7360
7361 #if defined(HAVE_LONGLONG)
7362 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7363 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7364 #else /* HAVE_LONGLONG */
7365
7366 /*
7367 * NT4.x seems to be broken in that it sends large file (64 bit)
7368 * lockingX calls even if the CAP_LARGE_FILES was *not*
7369 * negotiated. For boxes without large unsigned ints mangle the
7370 * lock offset by mapping the top 32 bits onto the lower 32.
7371 */
7372
7373 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7374 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7375 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7376 uint32 new_low = 0;
7377
7378 if((new_low = map_lock_offset(high, low)) == 0) {
7379 *err = True;
7380 return (uint64_t)-1;
7381 }
7382
7383 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7384 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7385 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7386 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7387 }
7388
7389 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7390 #endif /* HAVE_LONGLONG */
7391 }
7392
7393 return offset;
7394 }
7395
7396 NTSTATUS smbd_do_locking(struct smb_request *req,
7397 files_struct *fsp,
7398 uint8_t type,
7399 int32_t timeout,
7400 uint16_t num_ulocks,
7401 struct smbd_lock_element *ulocks,
7402 uint16_t num_locks,
7403 struct smbd_lock_element *locks,
7404 bool *async)
7405 {
7406 connection_struct *conn = req->conn;
7407 int i;
7408 NTSTATUS status = NT_STATUS_OK;
7409
7410 *async = false;
7411
7412 /* Data now points at the beginning of the list
7413 of smb_unlkrng structs */
7414 for(i = 0; i < (int)num_ulocks; i++) {
7415 struct smbd_lock_element *e = &ulocks[i];
7416
7417 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7418 "pid %u, file %s\n",
7419 (double)e->offset,
7420 (double)e->count,
7421 (unsigned int)e->smblctx,
7422 fsp_str_dbg(fsp)));
7423
7424 if (e->brltype != UNLOCK_LOCK) {
7425 /* this can only happen with SMB2 */
7426 return NT_STATUS_INVALID_PARAMETER;
7427 }
7428
7429 status = do_unlock(req->sconn->msg_ctx,
7430 fsp,
7431 e->smblctx,
7432 e->count,
7433 e->offset,
7434 WINDOWS_LOCK);
7435
7436 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7437 nt_errstr(status)));
7438
7439 if (!NT_STATUS_IS_OK(status)) {
7440 return status;
7441 }
7442 }
7443
7444 /* Setup the timeout in seconds. */
7445
7446 if (!lp_blocking_locks(SNUM(conn))) {
7447 timeout = 0;
7448 }
7449
7450 /* Data now points at the beginning of the list
7451 of smb_lkrng structs */
7452
7453 for(i = 0; i < (int)num_locks; i++) {
7454 struct smbd_lock_element *e = &locks[i];
7455
7456 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7457 "%llu, file %s timeout = %d\n",
7458 (double)e->offset,
7459 (double)e->count,
7460 (unsigned long long)e->smblctx,
7461 fsp_str_dbg(fsp),
7462 (int)timeout));
7463
7464 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7465 struct blocking_lock_record *blr = NULL;
7466
7467 if (num_locks > 1) {
7468 /*
7469 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7470 * if the lock vector contains one entry. When given mutliple cancel
7471 * requests in a single PDU we expect the server to return an
7472 * error. Windows servers seem to accept the request but only
7473 * cancel the first lock.
7474 * JRA - Do what Windows does (tm) :-).
7475 */
7476
7477 #if 0
7478 /* MS-CIFS (2.2.4.32.1) behavior. */
7479 return NT_STATUS_DOS(ERRDOS,
7480 ERRcancelviolation);
7481 #else
7482 /* Windows behavior. */
7483 if (i != 0) {
7484 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7485 "cancel request\n"));
7486 continue;
7487 }
7488 #endif
7489 }
7490
7491 if (lp_blocking_locks(SNUM(conn))) {
7492
7493 /* Schedule a message to ourselves to
7494 remove the blocking lock record and
7495 return the right error. */
7496
7497 blr = blocking_lock_cancel_smb1(fsp,
7498 e->smblctx,
7499 e->offset,
7500 e->count,
7501 WINDOWS_LOCK,
7502 type,
7503 NT_STATUS_FILE_LOCK_CONFLICT);
7504 if (blr == NULL) {
7505 return NT_STATUS_DOS(
7506 ERRDOS,
7507 ERRcancelviolation);
7508 }
7509 }
7510 /* Remove a matching pending lock. */
7511 status = do_lock_cancel(fsp,
7512 e->smblctx,
7513 e->count,
7514 e->offset,
7515 WINDOWS_LOCK,
7516 blr);
7517 } else {
7518 bool blocking_lock = timeout ? true : false;
7519 bool defer_lock = false;
7520 struct byte_range_lock *br_lck;
7521 uint64_t block_smblctx;
7522
7523 br_lck = do_lock(req->sconn->msg_ctx,
7524 fsp,
7525 e->smblctx,
7526 e->count,
7527 e->offset,
7528 e->brltype,
7529 WINDOWS_LOCK,
7530 blocking_lock,
7531 &status,
7532 &block_smblctx,
7533 NULL);
7534
7535 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7536 /* Windows internal resolution for blocking locks seems
7537 to be about 200ms... Don't wait for less than that. JRA. */
7538 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7539 timeout = lp_lock_spin_time();
7540 }
7541 defer_lock = true;
7542 }
7543
7544 /* If a lock sent with timeout of zero would fail, and
7545 * this lock has been requested multiple times,
7546 * according to brl_lock_failed() we convert this
7547 * request to a blocking lock with a timeout of between
7548 * 150 - 300 milliseconds.
7549 *
7550 * If lp_lock_spin_time() has been set to 0, we skip
7551 * this blocking retry and fail immediately.
7552 *
7553 * Replacement for do_lock_spin(). JRA. */
7554
7555 if (!req->sconn->using_smb2 &&
7556 br_lck && lp_blocking_locks(SNUM(conn)) &&
7557 lp_lock_spin_time() && !blocking_lock &&
7558 NT_STATUS_EQUAL((status),
7559 NT_STATUS_FILE_LOCK_CONFLICT))
7560 {
7561 defer_lock = true;
7562 timeout = lp_lock_spin_time();
7563 }
7564
7565 if (br_lck && defer_lock) {
7566 /*
7567 * A blocking lock was requested. Package up
7568 * this smb into a queued request and push it
7569 * onto the blocking lock queue.
7570 */
7571 if(push_blocking_lock_request(br_lck,
7572 req,
7573 fsp,
7574 timeout,
7575 i,
7576 e->smblctx,
7577 e->brltype,
7578 WINDOWS_LOCK,
7579 e->offset,
7580 e->count,
7581 block_smblctx)) {
7582 TALLOC_FREE(br_lck);
7583 *async = true;
7584 return NT_STATUS_OK;
7585 }
7586 }
7587
7588 TALLOC_FREE(br_lck);
7589 }
7590
7591 if (!NT_STATUS_IS_OK(status)) {
7592 break;
7593 }
7594 }
7595
7596 /* If any of the above locks failed, then we must unlock
7597 all of the previous locks (X/Open spec). */
7598
7599 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7600
7601 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7602 i = -1; /* we want to skip the for loop */
7603 }
7604
7605 /*
7606 * Ensure we don't do a remove on the lock that just failed,
7607 * as under POSIX rules, if we have a lock already there, we
7608 * will delete it (and we shouldn't) .....
7609 */
7610 for(i--; i >= 0; i--) {
7611 struct smbd_lock_element *e = &locks[i];
7612
7613 do_unlock(req->sconn->msg_ctx,
7614 fsp,
7615 e->smblctx,
7616 e->count,
7617 e->offset,
7618 WINDOWS_LOCK);
7619 }
7620 return status;
7621 }
7622
7623 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7624 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7625
7626 return NT_STATUS_OK;
7627 }
7628
7629 /****************************************************************************
7630 Reply to a lockingX request.
7631 ****************************************************************************/
7632
7633 void reply_lockingX(struct smb_request *req)
7634 {
7635 connection_struct *conn = req->conn;
7636 files_struct *fsp;
7637 unsigned char locktype;
7638 unsigned char oplocklevel;
7639 uint16 num_ulocks;
7640 uint16 num_locks;
7641 int32 lock_timeout;
7642 int i;
7643 const uint8_t *data;
7644 bool large_file_format;
7645 bool err;
7646 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7647 struct smbd_lock_element *ulocks;
7648 struct smbd_lock_element *locks;
7649 bool async = false;
7650
7651 START_PROFILE(SMBlockingX);
7652
7653 if (req->wct < 8) {
7654 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7655 END_PROFILE(SMBlockingX);
7656 return;
7657 }
7658
7659 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7660 locktype = CVAL(req->vwv+3, 0);
7661 oplocklevel = CVAL(req->vwv+3, 1);
7662 num_ulocks = SVAL(req->vwv+6, 0);
7663 num_locks = SVAL(req->vwv+7, 0);
7664 lock_timeout = IVAL(req->vwv+4, 0);
7665 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7666
7667 if (!check_fsp(conn, req, fsp)) {
7668 END_PROFILE(SMBlockingX);
7669 return;
7670 }
7671
7672 data = req->buf;
7673
7674 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7675 /* we don't support these - and CANCEL_LOCK makes w2k
7676 and XP reboot so I don't really want to be
7677 compatible! (tridge) */
7678 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7679 END_PROFILE(SMBlockingX);
7680 return;
7681 }
7682
7683 /* Check if this is an oplock break on a file
7684 we have granted an oplock on.
7685 */
7686 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7687 /* Client can insist on breaking to none. */
7688 bool break_to_none = (oplocklevel == 0);
7689 bool result;
7690
7691 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7692 "for fnum = %d\n", (unsigned int)oplocklevel,
7693 fsp->fnum ));
7694
7695 /*
7696 * Make sure we have granted an exclusive or batch oplock on
7697 * this file.
7698 */
7699
7700 if (fsp->oplock_type == 0) {
7701
7702 /* The Samba4 nbench simulator doesn't understand
7703 the difference between break to level2 and break
7704 to none from level2 - it sends oplock break
7705 replies in both cases. Don't keep logging an error
7706 message here - just ignore it. JRA. */
7707
7708 DEBUG(5,("reply_lockingX: Error : oplock break from "
7709 "client for fnum = %d (oplock=%d) and no "
7710 "oplock granted on this file (%s).\n",
7711 fsp->fnum, fsp->oplock_type,
7712 fsp_str_dbg(fsp)));
7713
7714 /* if this is a pure oplock break request then don't
7715 * send a reply */
7716 if (num_locks == 0 && num_ulocks == 0) {
7717 END_PROFILE(SMBlockingX);
7718 return;
7719 } else {
7720 END_PROFILE(SMBlockingX);
7721 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7722 return;
7723 }
7724 }
7725
7726 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7727 (break_to_none)) {
7728 result = remove_oplock(fsp);
7729 } else {
7730 result = downgrade_oplock(fsp);
7731 }
7732
7733 if (!result) {
7734 DEBUG(0, ("reply_lockingX: error in removing "
7735 "oplock on file %s\n", fsp_str_dbg(fsp)));
7736 /* Hmmm. Is this panic justified? */
7737 smb_panic("internal tdb error");
7738 }
7739
7740 reply_to_oplock_break_requests(fsp);
7741
7742 /* if this is a pure oplock break request then don't send a
7743 * reply */
7744 if (num_locks == 0 && num_ulocks == 0) {
7745 /* Sanity check - ensure a pure oplock break is not a
7746 chained request. */
7747 if(CVAL(req->vwv+0, 0) != 0xff)
7748 DEBUG(0,("reply_lockingX: Error : pure oplock "
7749 "break is a chained %d request !\n",
7750 (unsigned int)CVAL(req->vwv+0, 0)));
7751 END_PROFILE(SMBlockingX);
7752 return;
7753 }
7754 }
7755
7756 if (req->buflen <
7757 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7758 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7759 END_PROFILE(SMBlockingX);
7760 return;
7761 }
7762
7763 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7764 if (ulocks == NULL) {
7765 reply_nterror(req, NT_STATUS_NO_MEMORY);
7766 END_PROFILE(SMBlockingX);
7767 return;
7768 }
7769
7770 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7771 if (locks == NULL) {
7772 reply_nterror(req, NT_STATUS_NO_MEMORY);
7773 END_PROFILE(SMBlockingX);
7774 return;
7775 }
7776
7777 /* Data now points at the beginning of the list
7778 of smb_unlkrng structs */
7779 for(i = 0; i < (int)num_ulocks; i++) {
7780 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
7781 ulocks[i].count = get_lock_count(data, i, large_file_format);
7782 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7783 ulocks[i].brltype = UNLOCK_LOCK;
7784
7785 /*
7786 * There is no error code marked "stupid client bug".... :-).
7787 */
7788 if(err) {
7789 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7790 END_PROFILE(SMBlockingX);
7791 return;
7792 }
7793 }
7794
7795 /* Now do any requested locks */
7796 data += ((large_file_format ? 20 : 10)*num_ulocks);
7797
7798 /* Data now points at the beginning of the list
7799 of smb_lkrng structs */
7800
7801 for(i = 0; i < (int)num_locks; i++) {
7802 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
7803 locks[i].count = get_lock_count(data, i, large_file_format);
7804 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7805
7806 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7807 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7808 locks[i].brltype = PENDING_READ_LOCK;
7809 } else {
7810 locks[i].brltype = READ_LOCK;
7811 }
7812 } else {
7813 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7814 locks[i].brltype = PENDING_WRITE_LOCK;
7815 } else {
7816 locks[i].brltype = WRITE_LOCK;
7817 }
7818 }
7819
7820 /*
7821 * There is no error code marked "stupid client bug".... :-).
7822 */
7823 if(err) {
7824 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7825 END_PROFILE(SMBlockingX);
7826 return;
7827 }
7828 }
7829
7830 status = smbd_do_locking(req, fsp,
7831 locktype, lock_timeout,
7832 num_ulocks, ulocks,
7833 num_locks, locks,
7834 &async);
7835 if (!NT_STATUS_IS_OK(status)) {
7836 END_PROFILE(SMBlockingX);
7837 reply_nterror(req, status);
7838 return;
7839 }
7840 if (async) {
7841 END_PROFILE(SMBlockingX);
7842 return;
7843 }
7844
7845 reply_outbuf(req, 2, 0);
7846
7847 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7848 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7849
7850 END_PROFILE(SMBlockingX);
7851 chain_reply(req);
7852 }
7853
7854 #undef DBGC_CLASS
7855 #define DBGC_CLASS DBGC_ALL
7856
7857 /****************************************************************************
7858 Reply to a SMBreadbmpx (read block multiplex) request.
7859 Always reply with an error, if someone has a platform really needs this,
7860 please contact vl@samba.org
7861 ****************************************************************************/
7862
7863 void reply_readbmpx(struct smb_request *req)
7864 {
7865 START_PROFILE(SMBreadBmpx);
7866 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7867 END_PROFILE(SMBreadBmpx);
7868 return;
7869 }
7870
7871 /****************************************************************************
7872 Reply to a SMBreadbs (read block multiplex secondary) request.
7873 Always reply with an error, if someone has a platform really needs this,
7874 please contact vl@samba.org
7875 ****************************************************************************/
7876
7877 void reply_readbs(struct smb_request *req)
7878 {
7879 START_PROFILE(SMBreadBs);
7880 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7881 END_PROFILE(SMBreadBs);
7882 return;
7883 }
7884
7885 /****************************************************************************
7886 Reply to a SMBsetattrE.
7887 ****************************************************************************/
7888
7889 void reply_setattrE(struct smb_request *req)
7890 {
7891 connection_struct *conn = req->conn;
7892 struct smb_file_time ft;
7893 files_struct *fsp;
7894 NTSTATUS status;
7895
7896 START_PROFILE(SMBsetattrE);
7897 ZERO_STRUCT(ft);
7898
7899 if (req->wct < 7) {
7900 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7901 goto out;
7902 }
7903
7904 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7905
7906 if(!fsp || (fsp->conn != conn)) {
7907 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7908 goto out;
7909 }
7910
7911 /*
7912 * Convert the DOS times into unix times.
7913 */
7914
7915 ft.atime = convert_time_t_to_timespec(
7916 srv_make_unix_date2(req->vwv+3));
7917 ft.mtime = convert_time_t_to_timespec(
7918 srv_make_unix_date2(req->vwv+5));
7919 ft.create_time = convert_time_t_to_timespec(
7920 srv_make_unix_date2(req->vwv+1));
7921
7922 reply_outbuf(req, 0, 0);
7923
7924 /*
7925 * Patch from Ray Frush <frush@engr.colostate.edu>
7926 * Sometimes times are sent as zero - ignore them.
7927 */
7928
7929 /* Ensure we have a valid stat struct for the source. */
7930 status = vfs_stat_fsp(fsp);
7931 if (!NT_STATUS_IS_OK(status)) {
7932 reply_nterror(req, status);
7933 goto out;
7934 }
7935
7936 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7937 if (!NT_STATUS_IS_OK(status)) {
7938 reply_nterror(req, status);
7939 goto out;
7940 }
7941
7942 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7943 " createtime=%u\n",
7944 fsp->fnum,
7945 (unsigned int)ft.atime.tv_sec,
7946 (unsigned int)ft.mtime.tv_sec,
7947 (unsigned int)ft.create_time.tv_sec
7948 ));
7949 out:
7950 END_PROFILE(SMBsetattrE);
7951 return;
7952 }
7953
7954
7955 /* Back from the dead for OS/2..... JRA. */
7956
7957 /****************************************************************************
7958 Reply to a SMBwritebmpx (write block multiplex primary) request.
7959 Always reply with an error, if someone has a platform really needs this,
7960 please contact vl@samba.org
7961 ****************************************************************************/
7962
7963 void reply_writebmpx(struct smb_request *req)
7964 {
7965 START_PROFILE(SMBwriteBmpx);
7966 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7967 END_PROFILE(SMBwriteBmpx);
7968 return;
7969 }
7970
7971 /****************************************************************************
7972 Reply to a SMBwritebs (write block multiplex secondary) request.
7973 Always reply with an error, if someone has a platform really needs this,
7974 please contact vl@samba.org
7975 ****************************************************************************/
7976
7977 void reply_writebs(struct smb_request *req)
7978 {
7979 START_PROFILE(SMBwriteBs);
7980 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7981 END_PROFILE(SMBwriteBs);
7982 return;
7983 }
7984
7985 /****************************************************************************
7986 Reply to a SMBgetattrE.
7987 ****************************************************************************/
7988
7989 void reply_getattrE(struct smb_request *req)
7990 {
7991 connection_struct *conn = req->conn;
7992 int mode;
7993 files_struct *fsp;
7994 struct timespec create_ts;
7995
7996 START_PROFILE(SMBgetattrE);
7997
7998 if (req->wct < 1) {
7999 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
8000 END_PROFILE(SMBgetattrE);
8001 return;
8002 }
8003
8004 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
8005
8006 if(!fsp || (fsp->conn != conn)) {
8007 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
8008 END_PROFILE(SMBgetattrE);
8009 return;
8010 }
8011
8012 /* Do an fstat on this file */
8013 if(fsp_stat(fsp)) {
8014 reply_nterror(req, map_nt_error_from_unix(errno));
8015 END_PROFILE(SMBgetattrE);
8016 return;
8017 }
8018
8019 mode = dos_mode(conn, fsp->fsp_name);
8020
8021 /*
8022 * Convert the times into dos times. Set create
8023 * date to be last modify date as UNIX doesn't save
8024 * this.
8025 */
8026
8027 reply_outbuf(req, 11, 0);
8028
8029 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
8030 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
8031 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
8032 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
8033 /* Should we check pending modtime here ? JRA */
8034 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
8035 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
8036
8037 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
8038 SIVAL(req->outbuf, smb_vwv6, 0);
8039 SIVAL(req->outbuf, smb_vwv8, 0);
8040 } else {
8041 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
8042 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
8043 SIVAL(req->outbuf, smb_vwv8, allocation_size);
8044 }
8045 SSVAL(req->outbuf,smb_vwv10, mode);
8046
8047 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
8048
8049 END_PROFILE(SMBgetattrE);
8050 return;
8051 }
Samba GIT mirror