search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Do not use the file system GET_REAL_FILENAME for mangled names
[Samba.git] / source3 / smbd / reply.c
blob5cdc59bf9284d030557fce63cac076929e83a7a4
1 /*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 /*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25 */
26
27 #include "includes.h"
28 #include "smbd/globals.h"
29
30 extern enum protocol_types Protocol;
31
32 /****************************************************************************
33 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
34 path or anything including wildcards.
35 We're assuming here that '/' is not the second byte in any multibyte char
36 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
37 set.
38 ****************************************************************************/
39
40 /* Custom version for processing POSIX paths. */
41 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
42
43 static NTSTATUS check_path_syntax_internal(char *path,
44 bool posix_path,
45 bool *p_last_component_contains_wcard)
46 {
47 char *d = path;
48 const char *s = path;
49 NTSTATUS ret = NT_STATUS_OK;
50 bool start_of_name_component = True;
51 bool stream_started = false;
52
53 *p_last_component_contains_wcard = False;
54
55 while (*s) {
56 if (stream_started) {
57 switch (*s) {
58 case '/':
59 case '\\':
60 return NT_STATUS_OBJECT_NAME_INVALID;
61 case ':':
62 if (s[1] == '\0') {
63 return NT_STATUS_OBJECT_NAME_INVALID;
64 }
65 if (strchr_m(&s[1], ':')) {
66 return NT_STATUS_OBJECT_NAME_INVALID;
67 }
68 if (StrCaseCmp(s, ":$DATA") != 0) {
69 return NT_STATUS_INVALID_PARAMETER;
70 }
71 break;
72 }
73 }
74
75 if (!posix_path && !stream_started && *s == ':') {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
78 }
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
83 JRA.
84 */
85 stream_started = true;
86 start_of_name_component = false;
87 posix_path = true;
88
89 if (s[1] == '\0') {
90 return NT_STATUS_OBJECT_NAME_INVALID;
91 }
92 }
93
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
95 /*
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
98 */
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
101 s++;
102 }
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
105 *d++ = '/';
106 }
107
108 start_of_name_component = True;
109 /* New component. */
110 *p_last_component_contains_wcard = False;
111 continue;
112 }
113
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
117
118 /*
119 * No mb char starts with '.' so we're safe checking the directory separator here.
120 */
121
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
124 *(d-1) = '\0';
125 d--;
126 }
127
128 /* Are we at the start ? Can't go back further if so. */
129 if (d <= path) {
130 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
131 break;
132 }
133 /* Go back one level... */
134 /* We know this is safe as '/' cannot be part of a mb sequence. */
135 /* NOTE - if this assumption is invalid we are not in good shape... */
136 /* Decrement d first as d points to the *next* char to write into. */
137 for (d--; d > path; d--) {
138 if (*d == '/')
139 break;
140 }
141 s += 2; /* Else go past the .. */
142 /* We're still at the start of a name component, just the previous one. */
143 continue;
144
145 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
146 if (posix_path) {
147 /* Eat the '.' */
148 s++;
149 continue;
150 }
151 }
152
153 }
154
155 if (!(*s & 0x80)) {
156 if (!posix_path) {
157 if (*s <= 0x1f || *s == '|') {
158 return NT_STATUS_OBJECT_NAME_INVALID;
159 }
160 switch (*s) {
161 case '*':
162 case '?':
163 case '<':
164 case '>':
165 case '"':
166 *p_last_component_contains_wcard = True;
167 break;
168 default:
169 break;
170 }
171 }
172 *d++ = *s++;
173 } else {
174 size_t siz;
175 /* Get the size of the next MB character. */
176 next_codepoint(s,&siz);
177 switch(siz) {
178 case 5:
179 *d++ = *s++;
180 /*fall through*/
181 case 4:
182 *d++ = *s++;
183 /*fall through*/
184 case 3:
185 *d++ = *s++;
186 /*fall through*/
187 case 2:
188 *d++ = *s++;
189 /*fall through*/
190 case 1:
191 *d++ = *s++;
192 break;
193 default:
194 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
195 *d = '\0';
196 return NT_STATUS_INVALID_PARAMETER;
197 }
198 }
199 start_of_name_component = False;
200 }
201
202 *d = '\0';
203
204 return ret;
205 }
206
207 /****************************************************************************
208 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
209 No wildcards allowed.
210 ****************************************************************************/
211
212 NTSTATUS check_path_syntax(char *path)
213 {
214 bool ignore;
215 return check_path_syntax_internal(path, False, &ignore);
216 }
217
218 /****************************************************************************
219 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
220 Wildcards allowed - p_contains_wcard returns true if the last component contained
221 a wildcard.
222 ****************************************************************************/
223
224 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
225 {
226 return check_path_syntax_internal(path, False, p_contains_wcard);
227 }
228
229 /****************************************************************************
230 Check the path for a POSIX client.
231 We're assuming here that '/' is not the second byte in any multibyte char
232 set (a safe assumption).
233 ****************************************************************************/
234
235 NTSTATUS check_path_syntax_posix(char *path)
236 {
237 bool ignore;
238 return check_path_syntax_internal(path, True, &ignore);
239 }
240
241 /****************************************************************************
242 Pull a string and check the path allowing a wilcard - provide for error return.
243 ****************************************************************************/
244
245 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
246 const char *base_ptr,
247 uint16 smb_flags2,
248 char **pp_dest,
249 const char *src,
250 size_t src_len,
251 int flags,
252 NTSTATUS *err,
253 bool *contains_wcard)
254 {
255 size_t ret;
256
257 *pp_dest = NULL;
258
259 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
260 src_len, flags);
261
262 if (!*pp_dest) {
263 *err = NT_STATUS_INVALID_PARAMETER;
264 return ret;
265 }
266
267 *contains_wcard = False;
268
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
270 /*
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
273 */
274 *err = NT_STATUS_OK;
275 return ret;
276 }
277
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(*pp_dest);
280 } else {
281 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 }
283
284 return ret;
285 }
286
287 /****************************************************************************
288 Pull a string and check the path - provide for error return.
289 ****************************************************************************/
290
291 size_t srvstr_get_path(TALLOC_CTX *ctx,
292 const char *base_ptr,
293 uint16 smb_flags2,
294 char **pp_dest,
295 const char *src,
296 size_t src_len,
297 int flags,
298 NTSTATUS *err)
299 {
300 bool ignore;
301 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
302 src_len, flags, err, &ignore);
303 }
304
305 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
306 char **pp_dest, const char *src, int flags,
307 NTSTATUS *err, bool *contains_wcard)
308 {
309 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
310 pp_dest, src, smbreq_bufrem(req, src),
311 flags, err, contains_wcard);
312 }
313
314 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
315 char **pp_dest, const char *src, int flags,
316 NTSTATUS *err)
317 {
318 bool ignore;
319 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
320 flags, err, &ignore);
321 }
322
323 /****************************************************************************
324 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
325 ****************************************************************************/
326
327 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
328 files_struct *fsp)
329 {
330 if (!(fsp) || !(conn)) {
331 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
332 return False;
333 }
334 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 return False;
337 }
338 return True;
339 }
340
341 /****************************************************************************
342 Check if we have a correct fsp pointing to a file.
343 ****************************************************************************/
344
345 bool check_fsp(connection_struct *conn, struct smb_request *req,
346 files_struct *fsp)
347 {
348 if (!check_fsp_open(conn, req, fsp)) {
349 return False;
350 }
351 if ((fsp)->is_directory) {
352 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
353 return False;
354 }
355 if ((fsp)->fh->fd == -1) {
356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
357 return False;
358 }
359 (fsp)->num_smb_operations++;
360 return True;
361 }
362
363 /****************************************************************************
364 Check if we have a correct fsp pointing to a quota fake file. Replacement for
365 the CHECK_NTQUOTA_HANDLE_OK macro.
366 ****************************************************************************/
367
368 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
369 files_struct *fsp)
370 {
371 if (!check_fsp_open(conn, req, fsp)) {
372 return false;
373 }
374
375 if (fsp->is_directory) {
376 return false;
377 }
378
379 if (fsp->fake_file_handle == NULL) {
380 return false;
381 }
382
383 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
384 return false;
385 }
386
387 if (fsp->fake_file_handle->private_data == NULL) {
388 return false;
389 }
390
391 return true;
392 }
393
394 /****************************************************************************
395 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
396 ****************************************************************************/
397
398 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
399 files_struct *fsp)
400 {
401 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
402 && (req->vuid == (fsp)->vuid)) {
403 return True;
404 }
405
406 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
407 return False;
408 }
409
410 /****************************************************************************
411 Reply to a (netbios-level) special message.
412 ****************************************************************************/
413
414 void reply_special(char *inbuf)
415 {
416 int msg_type = CVAL(inbuf,0);
417 int msg_flags = CVAL(inbuf,1);
418 fstring name1,name2;
419 char name_type = 0;
420
421 /*
422 * We only really use 4 bytes of the outbuf, but for the smb_setlen
423 * calculation & friends (srv_send_smb uses that) we need the full smb
424 * header.
425 */
426 char outbuf[smb_size];
427
428 *name1 = *name2 = 0;
429
430 memset(outbuf, '\0', sizeof(outbuf));
431
432 smb_setlen(outbuf,0);
433
434 switch (msg_type) {
435 case 0x81: /* session request */
436
437 if (already_got_session) {
438 exit_server_cleanly("multiple session request not permitted");
439 }
440
441 SCVAL(outbuf,0,0x82);
442 SCVAL(outbuf,3,0);
443 if (name_len(inbuf+4) > 50 ||
444 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
445 DEBUG(0,("Invalid name length in session request\n"));
446 return;
447 }
448 name_extract(inbuf,4,name1);
449 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
450 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
451 name1,name2));
452
453 set_local_machine_name(name1, True);
454 set_remote_machine_name(name2, True);
455
456 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
457 get_local_machine_name(), get_remote_machine_name(),
458 name_type));
459
460 if (name_type == 'R') {
461 /* We are being asked for a pathworks session ---
462 no thanks! */
463 SCVAL(outbuf, 0,0x83);
464 break;
465 }
466
467 /* only add the client's machine name to the list
468 of possibly valid usernames if we are operating
469 in share mode security */
470 if (lp_security() == SEC_SHARE) {
471 add_session_user(get_remote_machine_name());
472 }
473
474 reload_services(True);
475 reopen_logs();
476
477 already_got_session = True;
478 break;
479
480 case 0x89: /* session keepalive request
481 (some old clients produce this?) */
482 SCVAL(outbuf,0,SMBkeepalive);
483 SCVAL(outbuf,3,0);
484 break;
485
486 case 0x82: /* positive session response */
487 case 0x83: /* negative session response */
488 case 0x84: /* retarget session response */
489 DEBUG(0,("Unexpected session response\n"));
490 break;
491
492 case SMBkeepalive: /* session keepalive */
493 default:
494 return;
495 }
496
497 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
498 msg_type, msg_flags));
499
500 srv_send_smb(smbd_server_fd(), outbuf, false, NULL);
501 return;
502 }
503
504 /****************************************************************************
505 Reply to a tcon.
506 conn POINTER CAN BE NULL HERE !
507 ****************************************************************************/
508
509 void reply_tcon(struct smb_request *req)
510 {
511 connection_struct *conn = req->conn;
512 const char *service;
513 char *service_buf = NULL;
514 char *password = NULL;
515 char *dev = NULL;
516 int pwlen=0;
517 NTSTATUS nt_status;
518 const char *p;
519 DATA_BLOB password_blob;
520 TALLOC_CTX *ctx = talloc_tos();
521
522 START_PROFILE(SMBtcon);
523
524 if (req->buflen < 4) {
525 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
526 END_PROFILE(SMBtcon);
527 return;
528 }
529
530 p = (const char *)req->buf + 1;
531 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
532 p += 1;
533 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
534 p += pwlen+1;
535 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
536 p += 1;
537
538 if (service_buf == NULL || password == NULL || dev == NULL) {
539 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
540 END_PROFILE(SMBtcon);
541 return;
542 }
543 p = strrchr_m(service_buf,'\\');
544 if (p) {
545 service = p+1;
546 } else {
547 service = service_buf;
548 }
549
550 password_blob = data_blob(password, pwlen+1);
551
552 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
553 req->conn = conn;
554
555 data_blob_clear_free(&password_blob);
556
557 if (!conn) {
558 reply_nterror(req, nt_status);
559 END_PROFILE(SMBtcon);
560 return;
561 }
562
563 reply_outbuf(req, 2, 0);
564 SSVAL(req->outbuf,smb_vwv0,max_recv);
565 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
566 SSVAL(req->outbuf,smb_tid,conn->cnum);
567
568 DEBUG(3,("tcon service=%s cnum=%d\n",
569 service, conn->cnum));
570
571 END_PROFILE(SMBtcon);
572 return;
573 }
574
575 /****************************************************************************
576 Reply to a tcon and X.
577 conn POINTER CAN BE NULL HERE !
578 ****************************************************************************/
579
580 void reply_tcon_and_X(struct smb_request *req)
581 {
582 connection_struct *conn = req->conn;
583 const char *service = NULL;
584 DATA_BLOB password;
585 TALLOC_CTX *ctx = talloc_tos();
586 /* what the cleint thinks the device is */
587 char *client_devicetype = NULL;
588 /* what the server tells the client the share represents */
589 const char *server_devicetype;
590 NTSTATUS nt_status;
591 int passlen;
592 char *path = NULL;
593 const char *p, *q;
594 uint16 tcon_flags;
595
596 START_PROFILE(SMBtconX);
597
598 if (req->wct < 4) {
599 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
600 END_PROFILE(SMBtconX);
601 return;
602 }
603
604 passlen = SVAL(req->vwv+3, 0);
605 tcon_flags = SVAL(req->vwv+2, 0);
606
607 /* we might have to close an old one */
608 if ((tcon_flags & 0x1) && conn) {
609 close_cnum(conn,req->vuid);
610 req->conn = NULL;
611 conn = NULL;
612 }
613
614 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
615 reply_doserror(req, ERRDOS, ERRbuftoosmall);
616 END_PROFILE(SMBtconX);
617 return;
618 }
619
620 if (global_encrypted_passwords_negotiated) {
621 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
622 if (lp_security() == SEC_SHARE) {
623 /*
624 * Security = share always has a pad byte
625 * after the password.
626 */
627 p = (const char *)req->buf + passlen + 1;
628 } else {
629 p = (const char *)req->buf + passlen;
630 }
631 } else {
632 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
633 /* Ensure correct termination */
634 password.data[passlen]=0;
635 p = (const char *)req->buf + passlen + 1;
636 }
637
638 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
639
640 if (path == NULL) {
641 data_blob_clear_free(&password);
642 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
643 END_PROFILE(SMBtconX);
644 return;
645 }
646
647 /*
648 * the service name can be either: \\server\share
649 * or share directly like on the DELL PowerVault 705
650 */
651 if (*path=='\\') {
652 q = strchr_m(path+2,'\\');
653 if (!q) {
654 data_blob_clear_free(&password);
655 reply_doserror(req, ERRDOS, ERRnosuchshare);
656 END_PROFILE(SMBtconX);
657 return;
658 }
659 service = q+1;
660 } else {
661 service = path;
662 }
663
664 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
665 &client_devicetype, p,
666 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
667
668 if (client_devicetype == NULL) {
669 data_blob_clear_free(&password);
670 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
671 END_PROFILE(SMBtconX);
672 return;
673 }
674
675 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
676
677 conn = make_connection(service, password, client_devicetype,
678 req->vuid, &nt_status);
679 req->conn =conn;
680
681 data_blob_clear_free(&password);
682
683 if (!conn) {
684 reply_nterror(req, nt_status);
685 END_PROFILE(SMBtconX);
686 return;
687 }
688
689 if ( IS_IPC(conn) )
690 server_devicetype = "IPC";
691 else if ( IS_PRINT(conn) )
692 server_devicetype = "LPT1:";
693 else
694 server_devicetype = "A:";
695
696 if (Protocol < PROTOCOL_NT1) {
697 reply_outbuf(req, 2, 0);
698 if (message_push_string(&req->outbuf, server_devicetype,
699 STR_TERMINATE|STR_ASCII) == -1) {
700 reply_nterror(req, NT_STATUS_NO_MEMORY);
701 END_PROFILE(SMBtconX);
702 return;
703 }
704 } else {
705 /* NT sets the fstype of IPC$ to the null string */
706 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
707
708 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
709 /* Return permissions. */
710 uint32 perm1 = 0;
711 uint32 perm2 = 0;
712
713 reply_outbuf(req, 7, 0);
714
715 if (IS_IPC(conn)) {
716 perm1 = FILE_ALL_ACCESS;
717 perm2 = FILE_ALL_ACCESS;
718 } else {
719 perm1 = CAN_WRITE(conn) ?
720 SHARE_ALL_ACCESS :
721 SHARE_READ_ONLY;
722 }
723
724 SIVAL(req->outbuf, smb_vwv3, perm1);
725 SIVAL(req->outbuf, smb_vwv5, perm2);
726 } else {
727 reply_outbuf(req, 3, 0);
728 }
729
730 if ((message_push_string(&req->outbuf, server_devicetype,
731 STR_TERMINATE|STR_ASCII) == -1)
732 || (message_push_string(&req->outbuf, fstype,
733 STR_TERMINATE) == -1)) {
734 reply_nterror(req, NT_STATUS_NO_MEMORY);
735 END_PROFILE(SMBtconX);
736 return;
737 }
738
739 /* what does setting this bit do? It is set by NT4 and
740 may affect the ability to autorun mounted cdroms */
741 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
742 (lp_csc_policy(SNUM(conn)) << 2));
743
744 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
745 DEBUG(2,("Serving %s as a Dfs root\n",
746 lp_servicename(SNUM(conn)) ));
747 SSVAL(req->outbuf, smb_vwv2,
748 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
749 }
750 }
751
752
753 DEBUG(3,("tconX service=%s \n",
754 service));
755
756 /* set the incoming and outgoing tid to the just created one */
757 SSVAL(req->inbuf,smb_tid,conn->cnum);
758 SSVAL(req->outbuf,smb_tid,conn->cnum);
759
760 END_PROFILE(SMBtconX);
761
762 chain_reply(req);
763 return;
764 }
765
766 /****************************************************************************
767 Reply to an unknown type.
768 ****************************************************************************/
769
770 void reply_unknown_new(struct smb_request *req, uint8 type)
771 {
772 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
773 smb_fn_name(type), type, type));
774 reply_doserror(req, ERRSRV, ERRunknownsmb);
775 return;
776 }
777
778 /****************************************************************************
779 Reply to an ioctl.
780 conn POINTER CAN BE NULL HERE !
781 ****************************************************************************/
782
783 void reply_ioctl(struct smb_request *req)
784 {
785 connection_struct *conn = req->conn;
786 uint16 device;
787 uint16 function;
788 uint32 ioctl_code;
789 int replysize;
790 char *p;
791
792 START_PROFILE(SMBioctl);
793
794 if (req->wct < 3) {
795 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
796 END_PROFILE(SMBioctl);
797 return;
798 }
799
800 device = SVAL(req->vwv+1, 0);
801 function = SVAL(req->vwv+2, 0);
802 ioctl_code = (device << 16) + function;
803
804 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
805
806 switch (ioctl_code) {
807 case IOCTL_QUERY_JOB_INFO:
808 replysize = 32;
809 break;
810 default:
811 reply_doserror(req, ERRSRV, ERRnosupport);
812 END_PROFILE(SMBioctl);
813 return;
814 }
815
816 reply_outbuf(req, 8, replysize+1);
817 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
818 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
819 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
820 p = smb_buf(req->outbuf);
821 memset(p, '\0', replysize+1); /* valgrind-safe. */
822 p += 1; /* Allow for alignment */
823
824 switch (ioctl_code) {
825 case IOCTL_QUERY_JOB_INFO:
826 {
827 files_struct *fsp = file_fsp(
828 req, SVAL(req->vwv+0, 0));
829 if (!fsp) {
830 reply_doserror(req, ERRDOS, ERRbadfid);
831 END_PROFILE(SMBioctl);
832 return;
833 }
834 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
835 srvstr_push((char *)req->outbuf, req->flags2, p+2,
836 global_myname(), 15,
837 STR_TERMINATE|STR_ASCII);
838 if (conn) {
839 srvstr_push((char *)req->outbuf, req->flags2,
840 p+18, lp_servicename(SNUM(conn)),
841 13, STR_TERMINATE|STR_ASCII);
842 } else {
843 memset(p+18, 0, 13);
844 }
845 break;
846 }
847 }
848
849 END_PROFILE(SMBioctl);
850 return;
851 }
852
853 /****************************************************************************
854 Strange checkpath NTSTATUS mapping.
855 ****************************************************************************/
856
857 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
858 {
859 /* Strange DOS error code semantics only for checkpath... */
860 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
861 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
862 /* We need to map to ERRbadpath */
863 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
864 }
865 }
866 return status;
867 }
868
869 /****************************************************************************
870 Reply to a checkpath.
871 ****************************************************************************/
872
873 void reply_checkpath(struct smb_request *req)
874 {
875 connection_struct *conn = req->conn;
876 char *name = NULL;
877 SMB_STRUCT_STAT sbuf;
878 NTSTATUS status;
879 TALLOC_CTX *ctx = talloc_tos();
880
881 START_PROFILE(SMBcheckpath);
882
883 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
884 STR_TERMINATE, &status);
885
886 if (!NT_STATUS_IS_OK(status)) {
887 status = map_checkpath_error(req->flags2, status);
888 reply_nterror(req, status);
889 END_PROFILE(SMBcheckpath);
890 return;
891 }
892
893 status = resolve_dfspath(ctx, conn,
894 req->flags2 & FLAGS2_DFS_PATHNAMES,
895 name,
896 &name);
897 if (!NT_STATUS_IS_OK(status)) {
898 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
899 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
900 ERRSRV, ERRbadpath);
901 END_PROFILE(SMBcheckpath);
902 return;
903 }
904 goto path_err;
905 }
906
907 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
908
909 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
910 if (!NT_STATUS_IS_OK(status)) {
911 goto path_err;
912 }
913
914 status = check_name(conn, name);
915 if (!NT_STATUS_IS_OK(status)) {
916 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
917 goto path_err;
918 }
919
920 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
921 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
922 status = map_nt_error_from_unix(errno);
923 goto path_err;
924 }
925
926 if (!S_ISDIR(sbuf.st_mode)) {
927 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
928 ERRDOS, ERRbadpath);
929 END_PROFILE(SMBcheckpath);
930 return;
931 }
932
933 reply_outbuf(req, 0, 0);
934
935 END_PROFILE(SMBcheckpath);
936 return;
937
938 path_err:
939
940 END_PROFILE(SMBcheckpath);
941
942 /* We special case this - as when a Windows machine
943 is parsing a path is steps through the components
944 one at a time - if a component fails it expects
945 ERRbadpath, not ERRbadfile.
946 */
947 status = map_checkpath_error(req->flags2, status);
948 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
949 /*
950 * Windows returns different error codes if
951 * the parent directory is valid but not the
952 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
953 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
954 * if the path is invalid.
955 */
956 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
957 ERRDOS, ERRbadpath);
958 return;
959 }
960
961 reply_nterror(req, status);
962 }
963
964 /****************************************************************************
965 Reply to a getatr.
966 ****************************************************************************/
967
968 void reply_getatr(struct smb_request *req)
969 {
970 connection_struct *conn = req->conn;
971 char *fname = NULL;
972 SMB_STRUCT_STAT sbuf;
973 int mode=0;
974 SMB_OFF_T size=0;
975 time_t mtime=0;
976 const char *p;
977 NTSTATUS status;
978 TALLOC_CTX *ctx = talloc_tos();
979
980 START_PROFILE(SMBgetatr);
981
982 p = (const char *)req->buf + 1;
983 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
984 if (!NT_STATUS_IS_OK(status)) {
985 reply_nterror(req, status);
986 END_PROFILE(SMBgetatr);
987 return;
988 }
989
990 status = resolve_dfspath(ctx, conn,
991 req->flags2 & FLAGS2_DFS_PATHNAMES,
992 fname,
993 &fname);
994 if (!NT_STATUS_IS_OK(status)) {
995 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
996 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
997 ERRSRV, ERRbadpath);
998 END_PROFILE(SMBgetatr);
999 return;
1000 }
1001 reply_nterror(req, status);
1002 END_PROFILE(SMBgetatr);
1003 return;
1004 }
1005
1006 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1007 under WfWg - weird! */
1008 if (*fname == '\0') {
1009 mode = aHIDDEN | aDIR;
1010 if (!CAN_WRITE(conn)) {
1011 mode |= aRONLY;
1012 }
1013 size = 0;
1014 mtime = 0;
1015 } else {
1016 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1017 if (!NT_STATUS_IS_OK(status)) {
1018 reply_nterror(req, status);
1019 END_PROFILE(SMBgetatr);
1020 return;
1021 }
1022 status = check_name(conn, fname);
1023 if (!NT_STATUS_IS_OK(status)) {
1024 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1025 reply_nterror(req, status);
1026 END_PROFILE(SMBgetatr);
1027 return;
1028 }
1029 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1030 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1031 reply_unixerror(req, ERRDOS,ERRbadfile);
1032 END_PROFILE(SMBgetatr);
1033 return;
1034 }
1035
1036 mode = dos_mode(conn,fname,&sbuf);
1037 size = sbuf.st_size;
1038 mtime = sbuf.st_mtime;
1039 if (mode & aDIR) {
1040 size = 0;
1041 }
1042 }
1043
1044 reply_outbuf(req, 10, 0);
1045
1046 SSVAL(req->outbuf,smb_vwv0,mode);
1047 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1048 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1049 } else {
1050 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1051 }
1052 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1053
1054 if (Protocol >= PROTOCOL_NT1) {
1055 SSVAL(req->outbuf, smb_flg2,
1056 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1057 }
1058
1059 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1060
1061 END_PROFILE(SMBgetatr);
1062 return;
1063 }
1064
1065 /****************************************************************************
1066 Reply to a setatr.
1067 ****************************************************************************/
1068
1069 void reply_setatr(struct smb_request *req)
1070 {
1071 struct smb_file_time ft;
1072 connection_struct *conn = req->conn;
1073 char *fname = NULL;
1074 int mode;
1075 time_t mtime;
1076 SMB_STRUCT_STAT sbuf;
1077 const char *p;
1078 NTSTATUS status;
1079 TALLOC_CTX *ctx = talloc_tos();
1080
1081 START_PROFILE(SMBsetatr);
1082
1083 ZERO_STRUCT(ft);
1084
1085 if (req->wct < 2) {
1086 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1087 return;
1088 }
1089
1090 p = (const char *)req->buf + 1;
1091 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1092 if (!NT_STATUS_IS_OK(status)) {
1093 reply_nterror(req, status);
1094 END_PROFILE(SMBsetatr);
1095 return;
1096 }
1097
1098 status = resolve_dfspath(ctx, conn,
1099 req->flags2 & FLAGS2_DFS_PATHNAMES,
1100 fname,
1101 &fname);
1102 if (!NT_STATUS_IS_OK(status)) {
1103 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1104 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1105 ERRSRV, ERRbadpath);
1106 END_PROFILE(SMBsetatr);
1107 return;
1108 }
1109 reply_nterror(req, status);
1110 END_PROFILE(SMBsetatr);
1111 return;
1112 }
1113
1114 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1115 if (!NT_STATUS_IS_OK(status)) {
1116 reply_nterror(req, status);
1117 END_PROFILE(SMBsetatr);
1118 return;
1119 }
1120
1121 status = check_name(conn, fname);
1122 if (!NT_STATUS_IS_OK(status)) {
1123 reply_nterror(req, status);
1124 END_PROFILE(SMBsetatr);
1125 return;
1126 }
1127
1128 if (fname[0] == '.' && fname[1] == '\0') {
1129 /*
1130 * Not sure here is the right place to catch this
1131 * condition. Might be moved to somewhere else later -- vl
1132 */
1133 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1134 END_PROFILE(SMBsetatr);
1135 return;
1136 }
1137
1138 mode = SVAL(req->vwv+0, 0);
1139 mtime = srv_make_unix_date3(req->vwv+1);
1140
1141 ft.mtime = convert_time_t_to_timespec(mtime);
1142 status = smb_set_file_time(conn, NULL, fname,
1143 &sbuf, &ft, true);
1144 if (!NT_STATUS_IS_OK(status)) {
1145 reply_unixerror(req, ERRDOS, ERRnoaccess);
1146 END_PROFILE(SMBsetatr);
1147 return;
1148 }
1149
1150 if (mode != FILE_ATTRIBUTE_NORMAL) {
1151 if (VALID_STAT_OF_DIR(sbuf))
1152 mode |= aDIR;
1153 else
1154 mode &= ~aDIR;
1155
1156 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1157 reply_unixerror(req, ERRDOS, ERRnoaccess);
1158 END_PROFILE(SMBsetatr);
1159 return;
1160 }
1161 }
1162
1163 reply_outbuf(req, 0, 0);
1164
1165 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1166
1167 END_PROFILE(SMBsetatr);
1168 return;
1169 }
1170
1171 /****************************************************************************
1172 Reply to a dskattr.
1173 ****************************************************************************/
1174
1175 void reply_dskattr(struct smb_request *req)
1176 {
1177 connection_struct *conn = req->conn;
1178 uint64_t dfree,dsize,bsize;
1179 START_PROFILE(SMBdskattr);
1180
1181 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1182 reply_unixerror(req, ERRHRD, ERRgeneral);
1183 END_PROFILE(SMBdskattr);
1184 return;
1185 }
1186
1187 reply_outbuf(req, 5, 0);
1188
1189 if (Protocol <= PROTOCOL_LANMAN2) {
1190 double total_space, free_space;
1191 /* we need to scale this to a number that DOS6 can handle. We
1192 use floating point so we can handle large drives on systems
1193 that don't have 64 bit integers
1194
1195 we end up displaying a maximum of 2G to DOS systems
1196 */
1197 total_space = dsize * (double)bsize;
1198 free_space = dfree * (double)bsize;
1199
1200 dsize = (uint64_t)((total_space+63*512) / (64*512));
1201 dfree = (uint64_t)((free_space+63*512) / (64*512));
1202
1203 if (dsize > 0xFFFF) dsize = 0xFFFF;
1204 if (dfree > 0xFFFF) dfree = 0xFFFF;
1205
1206 SSVAL(req->outbuf,smb_vwv0,dsize);
1207 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1208 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1209 SSVAL(req->outbuf,smb_vwv3,dfree);
1210 } else {
1211 SSVAL(req->outbuf,smb_vwv0,dsize);
1212 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1213 SSVAL(req->outbuf,smb_vwv2,512);
1214 SSVAL(req->outbuf,smb_vwv3,dfree);
1215 }
1216
1217 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1218
1219 END_PROFILE(SMBdskattr);
1220 return;
1221 }
1222
1223 /****************************************************************************
1224 Reply to a search.
1225 Can be called from SMBsearch, SMBffirst or SMBfunique.
1226 ****************************************************************************/
1227
1228 void reply_search(struct smb_request *req)
1229 {
1230 connection_struct *conn = req->conn;
1231 const char *mask = NULL;
1232 char *directory = NULL;
1233 char *fname = NULL;
1234 SMB_OFF_T size;
1235 uint32 mode;
1236 time_t date;
1237 uint32 dirtype;
1238 unsigned int numentries = 0;
1239 unsigned int maxentries = 0;
1240 bool finished = False;
1241 const char *p;
1242 int status_len;
1243 char *path = NULL;
1244 char status[21];
1245 int dptr_num= -1;
1246 bool check_descend = False;
1247 bool expect_close = False;
1248 NTSTATUS nt_status;
1249 bool mask_contains_wcard = False;
1250 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1251 TALLOC_CTX *ctx = talloc_tos();
1252 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1253
1254 START_PROFILE(SMBsearch);
1255
1256 if (req->wct < 2) {
1257 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1258 END_PROFILE(SMBsearch);
1259 return;
1260 }
1261
1262 if (lp_posix_pathnames()) {
1263 reply_unknown_new(req, req->cmd);
1264 END_PROFILE(SMBsearch);
1265 return;
1266 }
1267
1268 /* If we were called as SMBffirst then we must expect close. */
1269 if(req->cmd == SMBffirst) {
1270 expect_close = True;
1271 }
1272
1273 reply_outbuf(req, 1, 3);
1274 maxentries = SVAL(req->vwv+0, 0);
1275 dirtype = SVAL(req->vwv+1, 0);
1276 p = (const char *)req->buf + 1;
1277 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1278 &nt_status, &mask_contains_wcard);
1279 if (!NT_STATUS_IS_OK(nt_status)) {
1280 reply_nterror(req, nt_status);
1281 END_PROFILE(SMBsearch);
1282 return;
1283 }
1284
1285 nt_status = resolve_dfspath_wcard(ctx, conn,
1286 req->flags2 & FLAGS2_DFS_PATHNAMES,
1287 path,
1288 &path,
1289 &mask_contains_wcard);
1290 if (!NT_STATUS_IS_OK(nt_status)) {
1291 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1292 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1293 ERRSRV, ERRbadpath);
1294 END_PROFILE(SMBsearch);
1295 return;
1296 }
1297 reply_nterror(req, nt_status);
1298 END_PROFILE(SMBsearch);
1299 return;
1300 }
1301
1302 p++;
1303 status_len = SVAL(p, 0);
1304 p += 2;
1305
1306 /* dirtype &= ~aDIR; */
1307
1308 if (status_len == 0) {
1309 SMB_STRUCT_STAT sbuf;
1310
1311 nt_status = unix_convert(ctx, conn, path, True,
1312 &directory, NULL, &sbuf);
1313 if (!NT_STATUS_IS_OK(nt_status)) {
1314 reply_nterror(req, nt_status);
1315 END_PROFILE(SMBsearch);
1316 return;
1317 }
1318
1319 nt_status = check_name(conn, directory);
1320 if (!NT_STATUS_IS_OK(nt_status)) {
1321 reply_nterror(req, nt_status);
1322 END_PROFILE(SMBsearch);
1323 return;
1324 }
1325
1326 p = strrchr_m(directory,'/');
1327 if ((p != NULL) && (*directory != '/')) {
1328 mask = p + 1;
1329 directory = talloc_strndup(ctx, directory,
1330 PTR_DIFF(p, directory));
1331 } else {
1332 mask = directory;
1333 directory = talloc_strdup(ctx,".");
1334 }
1335
1336 if (!directory) {
1337 reply_nterror(req, NT_STATUS_NO_MEMORY);
1338 END_PROFILE(SMBsearch);
1339 return;
1340 }
1341
1342 memset((char *)status,'\0',21);
1343 SCVAL(status,0,(dirtype & 0x1F));
1344
1345 nt_status = dptr_create(conn,
1346 directory,
1347 True,
1348 expect_close,
1349 req->smbpid,
1350 mask,
1351 mask_contains_wcard,
1352 dirtype,
1353 &conn->dirptr);
1354 if (!NT_STATUS_IS_OK(nt_status)) {
1355 reply_nterror(req, nt_status);
1356 END_PROFILE(SMBsearch);
1357 return;
1358 }
1359 dptr_num = dptr_dnum(conn->dirptr);
1360 } else {
1361 int status_dirtype;
1362
1363 memcpy(status,p,21);
1364 status_dirtype = CVAL(status,0) & 0x1F;
1365 if (status_dirtype != (dirtype & 0x1F)) {
1366 dirtype = status_dirtype;
1367 }
1368
1369 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1370 if (!conn->dirptr) {
1371 goto SearchEmpty;
1372 }
1373 string_set(&conn->dirpath,dptr_path(dptr_num));
1374 mask = dptr_wcard(dptr_num);
1375 if (!mask) {
1376 goto SearchEmpty;
1377 }
1378 /*
1379 * For a 'continue' search we have no string. So
1380 * check from the initial saved string.
1381 */
1382 mask_contains_wcard = ms_has_wild(mask);
1383 dirtype = dptr_attr(dptr_num);
1384 }
1385
1386 DEBUG(4,("dptr_num is %d\n",dptr_num));
1387
1388 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1389 dptr_init_search_op(conn->dirptr);
1390
1391 if ((dirtype&0x1F) == aVOLID) {
1392 char buf[DIR_STRUCT_SIZE];
1393 memcpy(buf,status,21);
1394 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1395 0,aVOLID,0,!allow_long_path_components)) {
1396 reply_nterror(req, NT_STATUS_NO_MEMORY);
1397 END_PROFILE(SMBsearch);
1398 return;
1399 }
1400 dptr_fill(buf+12,dptr_num);
1401 if (dptr_zero(buf+12) && (status_len==0)) {
1402 numentries = 1;
1403 } else {
1404 numentries = 0;
1405 }
1406 if (message_push_blob(&req->outbuf,
1407 data_blob_const(buf, sizeof(buf)))
1408 == -1) {
1409 reply_nterror(req, NT_STATUS_NO_MEMORY);
1410 END_PROFILE(SMBsearch);
1411 return;
1412 }
1413 } else {
1414 unsigned int i;
1415 maxentries = MIN(
1416 maxentries,
1417 ((BUFFER_SIZE -
1418 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1419 /DIR_STRUCT_SIZE));
1420
1421 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1422 conn->dirpath,lp_dontdescend(SNUM(conn))));
1423 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1424 check_descend = True;
1425 }
1426
1427 for (i=numentries;(i<maxentries) && !finished;i++) {
1428 finished = !get_dir_entry(ctx,
1429 conn,
1430 mask,
1431 dirtype,
1432 &fname,
1433 &size,
1434 &mode,
1435 &date,
1436 check_descend,
1437 ask_sharemode);
1438 if (!finished) {
1439 char buf[DIR_STRUCT_SIZE];
1440 memcpy(buf,status,21);
1441 if (!make_dir_struct(ctx,
1442 buf,
1443 mask,
1444 fname,
1445 size,
1446 mode,
1447 date,
1448 !allow_long_path_components)) {
1449 reply_nterror(req, NT_STATUS_NO_MEMORY);
1450 END_PROFILE(SMBsearch);
1451 return;
1452 }
1453 if (!dptr_fill(buf+12,dptr_num)) {
1454 break;
1455 }
1456 if (message_push_blob(&req->outbuf,
1457 data_blob_const(buf, sizeof(buf)))
1458 == -1) {
1459 reply_nterror(req, NT_STATUS_NO_MEMORY);
1460 END_PROFILE(SMBsearch);
1461 return;
1462 }
1463 numentries++;
1464 }
1465 }
1466 }
1467
1468 SearchEmpty:
1469
1470 /* If we were called as SMBffirst with smb_search_id == NULL
1471 and no entries were found then return error and close dirptr
1472 (X/Open spec) */
1473
1474 if (numentries == 0) {
1475 dptr_close(&dptr_num);
1476 } else if(expect_close && status_len == 0) {
1477 /* Close the dptr - we know it's gone */
1478 dptr_close(&dptr_num);
1479 }
1480
1481 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1482 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1483 dptr_close(&dptr_num);
1484 }
1485
1486 if ((numentries == 0) && !mask_contains_wcard) {
1487 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1488 END_PROFILE(SMBsearch);
1489 return;
1490 }
1491
1492 SSVAL(req->outbuf,smb_vwv0,numentries);
1493 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1494 SCVAL(smb_buf(req->outbuf),0,5);
1495 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1496
1497 /* The replies here are never long name. */
1498 SSVAL(req->outbuf, smb_flg2,
1499 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1500 if (!allow_long_path_components) {
1501 SSVAL(req->outbuf, smb_flg2,
1502 SVAL(req->outbuf, smb_flg2)
1503 & (~FLAGS2_LONG_PATH_COMPONENTS));
1504 }
1505
1506 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1507 SSVAL(req->outbuf, smb_flg2,
1508 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1509
1510 if (!directory) {
1511 directory = dptr_path(dptr_num);
1512 }
1513
1514 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1515 smb_fn_name(req->cmd),
1516 mask,
1517 directory ? directory : "./",
1518 dirtype,
1519 numentries,
1520 maxentries ));
1521
1522 END_PROFILE(SMBsearch);
1523 return;
1524 }
1525
1526 /****************************************************************************
1527 Reply to a fclose (stop directory search).
1528 ****************************************************************************/
1529
1530 void reply_fclose(struct smb_request *req)
1531 {
1532 int status_len;
1533 char status[21];
1534 int dptr_num= -2;
1535 const char *p;
1536 char *path = NULL;
1537 NTSTATUS err;
1538 bool path_contains_wcard = False;
1539 TALLOC_CTX *ctx = talloc_tos();
1540
1541 START_PROFILE(SMBfclose);
1542
1543 if (lp_posix_pathnames()) {
1544 reply_unknown_new(req, req->cmd);
1545 END_PROFILE(SMBfclose);
1546 return;
1547 }
1548
1549 p = (const char *)req->buf + 1;
1550 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1551 &err, &path_contains_wcard);
1552 if (!NT_STATUS_IS_OK(err)) {
1553 reply_nterror(req, err);
1554 END_PROFILE(SMBfclose);
1555 return;
1556 }
1557 p++;
1558 status_len = SVAL(p,0);
1559 p += 2;
1560
1561 if (status_len == 0) {
1562 reply_doserror(req, ERRSRV, ERRsrverror);
1563 END_PROFILE(SMBfclose);
1564 return;
1565 }
1566
1567 memcpy(status,p,21);
1568
1569 if(dptr_fetch(status+12,&dptr_num)) {
1570 /* Close the dptr - we know it's gone */
1571 dptr_close(&dptr_num);
1572 }
1573
1574 reply_outbuf(req, 1, 0);
1575 SSVAL(req->outbuf,smb_vwv0,0);
1576
1577 DEBUG(3,("search close\n"));
1578
1579 END_PROFILE(SMBfclose);
1580 return;
1581 }
1582
1583 /****************************************************************************
1584 Reply to an open.
1585 ****************************************************************************/
1586
1587 void reply_open(struct smb_request *req)
1588 {
1589 connection_struct *conn = req->conn;
1590 char *fname = NULL;
1591 uint32 fattr=0;
1592 SMB_OFF_T size = 0;
1593 time_t mtime=0;
1594 int info;
1595 SMB_STRUCT_STAT sbuf;
1596 files_struct *fsp;
1597 int oplock_request;
1598 int deny_mode;
1599 uint32 dos_attr;
1600 uint32 access_mask;
1601 uint32 share_mode;
1602 uint32 create_disposition;
1603 uint32 create_options = 0;
1604 NTSTATUS status;
1605 TALLOC_CTX *ctx = talloc_tos();
1606
1607 START_PROFILE(SMBopen);
1608
1609 SET_STAT_INVALID(sbuf);
1610
1611 if (req->wct < 2) {
1612 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1613 END_PROFILE(SMBopen);
1614 return;
1615 }
1616
1617 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1618 deny_mode = SVAL(req->vwv+0, 0);
1619 dos_attr = SVAL(req->vwv+1, 0);
1620
1621 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1622 STR_TERMINATE, &status);
1623 if (!NT_STATUS_IS_OK(status)) {
1624 reply_nterror(req, status);
1625 END_PROFILE(SMBopen);
1626 return;
1627 }
1628
1629 if (!map_open_params_to_ntcreate(
1630 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1631 &share_mode, &create_disposition, &create_options)) {
1632 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1633 END_PROFILE(SMBopen);
1634 return;
1635 }
1636
1637 status = SMB_VFS_CREATE_FILE(
1638 conn, /* conn */
1639 req, /* req */
1640 0, /* root_dir_fid */
1641 fname, /* fname */
1642 CFF_DOS_PATH, /* create_file_flags */
1643 access_mask, /* access_mask */
1644 share_mode, /* share_access */
1645 create_disposition, /* create_disposition*/
1646 create_options, /* create_options */
1647 dos_attr, /* file_attributes */
1648 oplock_request, /* oplock_request */
1649 0, /* allocation_size */
1650 NULL, /* sd */
1651 NULL, /* ea_list */
1652 &fsp, /* result */
1653 &info, /* pinfo */
1654 &sbuf); /* psbuf */
1655
1656 if (!NT_STATUS_IS_OK(status)) {
1657 if (open_was_deferred(req->mid)) {
1658 /* We have re-scheduled this call. */
1659 END_PROFILE(SMBopen);
1660 return;
1661 }
1662 reply_openerror(req, status);
1663 END_PROFILE(SMBopen);
1664 return;
1665 }
1666
1667 size = sbuf.st_size;
1668 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1669 mtime = sbuf.st_mtime;
1670
1671 if (fattr & aDIR) {
1672 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1673 close_file(req, fsp, ERROR_CLOSE);
1674 reply_doserror(req, ERRDOS,ERRnoaccess);
1675 END_PROFILE(SMBopen);
1676 return;
1677 }
1678
1679 reply_outbuf(req, 7, 0);
1680 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1681 SSVAL(req->outbuf,smb_vwv1,fattr);
1682 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1683 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1684 } else {
1685 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1686 }
1687 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1688 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1689
1690 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1691 SCVAL(req->outbuf,smb_flg,
1692 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1693 }
1694
1695 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1696 SCVAL(req->outbuf,smb_flg,
1697 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1698 }
1699 END_PROFILE(SMBopen);
1700 return;
1701 }
1702
1703 /****************************************************************************
1704 Reply to an open and X.
1705 ****************************************************************************/
1706
1707 void reply_open_and_X(struct smb_request *req)
1708 {
1709 connection_struct *conn = req->conn;
1710 char *fname = NULL;
1711 uint16 open_flags;
1712 int deny_mode;
1713 uint32 smb_attr;
1714 /* Breakout the oplock request bits so we can set the
1715 reply bits separately. */
1716 int ex_oplock_request;
1717 int core_oplock_request;
1718 int oplock_request;
1719 #if 0
1720 int smb_sattr = SVAL(req->vwv+4, 0);
1721 uint32 smb_time = make_unix_date3(req->vwv+6);
1722 #endif
1723 int smb_ofun;
1724 uint32 fattr=0;
1725 int mtime=0;
1726 SMB_STRUCT_STAT sbuf;
1727 int smb_action = 0;
1728 files_struct *fsp;
1729 NTSTATUS status;
1730 uint64_t allocation_size;
1731 ssize_t retval = -1;
1732 uint32 access_mask;
1733 uint32 share_mode;
1734 uint32 create_disposition;
1735 uint32 create_options = 0;
1736 TALLOC_CTX *ctx = talloc_tos();
1737
1738 START_PROFILE(SMBopenX);
1739
1740 if (req->wct < 15) {
1741 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1742 END_PROFILE(SMBopenX);
1743 return;
1744 }
1745
1746 SET_STAT_INVALID(sbuf);
1747
1748 open_flags = SVAL(req->vwv+2, 0);
1749 deny_mode = SVAL(req->vwv+3, 0);
1750 smb_attr = SVAL(req->vwv+5, 0);
1751 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1752 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1753 oplock_request = ex_oplock_request | core_oplock_request;
1754 smb_ofun = SVAL(req->vwv+8, 0);
1755 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1756
1757 /* If it's an IPC, pass off the pipe handler. */
1758 if (IS_IPC(conn)) {
1759 if (lp_nt_pipe_support()) {
1760 reply_open_pipe_and_X(conn, req);
1761 } else {
1762 reply_doserror(req, ERRSRV, ERRaccess);
1763 }
1764 END_PROFILE(SMBopenX);
1765 return;
1766 }
1767
1768 /* XXXX we need to handle passed times, sattr and flags */
1769 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1770 STR_TERMINATE, &status);
1771 if (!NT_STATUS_IS_OK(status)) {
1772 reply_nterror(req, status);
1773 END_PROFILE(SMBopenX);
1774 return;
1775 }
1776
1777 if (!map_open_params_to_ntcreate(
1778 fname, deny_mode, smb_ofun, &access_mask,
1779 &share_mode, &create_disposition, &create_options)) {
1780 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1781 END_PROFILE(SMBopenX);
1782 return;
1783 }
1784
1785 status = SMB_VFS_CREATE_FILE(
1786 conn, /* conn */
1787 req, /* req */
1788 0, /* root_dir_fid */
1789 fname, /* fname */
1790 CFF_DOS_PATH, /* create_file_flags */
1791 access_mask, /* access_mask */
1792 share_mode, /* share_access */
1793 create_disposition, /* create_disposition*/
1794 create_options, /* create_options */
1795 smb_attr, /* file_attributes */
1796 oplock_request, /* oplock_request */
1797 0, /* allocation_size */
1798 NULL, /* sd */
1799 NULL, /* ea_list */
1800 &fsp, /* result */
1801 &smb_action, /* pinfo */
1802 &sbuf); /* psbuf */
1803
1804 if (!NT_STATUS_IS_OK(status)) {
1805 END_PROFILE(SMBopenX);
1806 if (open_was_deferred(req->mid)) {
1807 /* We have re-scheduled this call. */
1808 return;
1809 }
1810 reply_openerror(req, status);
1811 return;
1812 }
1813
1814 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1815 if the file is truncated or created. */
1816 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1817 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1818 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1819 close_file(req, fsp, ERROR_CLOSE);
1820 reply_nterror(req, NT_STATUS_DISK_FULL);
1821 END_PROFILE(SMBopenX);
1822 return;
1823 }
1824 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1825 if (retval < 0) {
1826 close_file(req, fsp, ERROR_CLOSE);
1827 reply_nterror(req, NT_STATUS_DISK_FULL);
1828 END_PROFILE(SMBopenX);
1829 return;
1830 }
1831 sbuf.st_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf);
1832 }
1833
1834 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1835 mtime = sbuf.st_mtime;
1836 if (fattr & aDIR) {
1837 close_file(req, fsp, ERROR_CLOSE);
1838 reply_doserror(req, ERRDOS, ERRnoaccess);
1839 END_PROFILE(SMBopenX);
1840 return;
1841 }
1842
1843 /* If the caller set the extended oplock request bit
1844 and we granted one (by whatever means) - set the
1845 correct bit for extended oplock reply.
1846 */
1847
1848 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1849 smb_action |= EXTENDED_OPLOCK_GRANTED;
1850 }
1851
1852 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1853 smb_action |= EXTENDED_OPLOCK_GRANTED;
1854 }
1855
1856 /* If the caller set the core oplock request bit
1857 and we granted one (by whatever means) - set the
1858 correct bit for core oplock reply.
1859 */
1860
1861 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1862 reply_outbuf(req, 19, 0);
1863 } else {
1864 reply_outbuf(req, 15, 0);
1865 }
1866
1867 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1868 SCVAL(req->outbuf, smb_flg,
1869 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1870 }
1871
1872 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1873 SCVAL(req->outbuf, smb_flg,
1874 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1875 }
1876
1877 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1878 SSVAL(req->outbuf,smb_vwv3,fattr);
1879 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1880 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1881 } else {
1882 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1883 }
1884 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1885 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1886 SSVAL(req->outbuf,smb_vwv11,smb_action);
1887
1888 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1889 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1890 }
1891
1892 END_PROFILE(SMBopenX);
1893 chain_reply(req);
1894 return;
1895 }
1896
1897 /****************************************************************************
1898 Reply to a SMBulogoffX.
1899 ****************************************************************************/
1900
1901 void reply_ulogoffX(struct smb_request *req)
1902 {
1903 user_struct *vuser;
1904
1905 START_PROFILE(SMBulogoffX);
1906
1907 vuser = get_valid_user_struct(req->vuid);
1908
1909 if(vuser == NULL) {
1910 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1911 req->vuid));
1912 }
1913
1914 /* in user level security we are supposed to close any files
1915 open by this user */
1916 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1917 file_close_user(req->vuid);
1918 }
1919
1920 invalidate_vuid(req->vuid);
1921
1922 reply_outbuf(req, 2, 0);
1923
1924 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1925
1926 END_PROFILE(SMBulogoffX);
1927 chain_reply(req);
1928 }
1929
1930 /****************************************************************************
1931 Reply to a mknew or a create.
1932 ****************************************************************************/
1933
1934 void reply_mknew(struct smb_request *req)
1935 {
1936 connection_struct *conn = req->conn;
1937 char *fname = NULL;
1938 uint32 fattr = 0;
1939 struct smb_file_time ft;
1940 files_struct *fsp;
1941 int oplock_request = 0;
1942 SMB_STRUCT_STAT sbuf;
1943 NTSTATUS status;
1944 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1945 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1946 uint32 create_disposition;
1947 uint32 create_options = 0;
1948 TALLOC_CTX *ctx = talloc_tos();
1949
1950 START_PROFILE(SMBcreate);
1951 ZERO_STRUCT(ft);
1952 SET_STAT_INVALID(sbuf);
1953
1954 if (req->wct < 3) {
1955 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1956 END_PROFILE(SMBcreate);
1957 return;
1958 }
1959
1960 fattr = SVAL(req->vwv+0, 0);
1961 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1962
1963 /* mtime. */
1964 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1965
1966 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1967 STR_TERMINATE, &status);
1968 if (!NT_STATUS_IS_OK(status)) {
1969 reply_nterror(req, status);
1970 END_PROFILE(SMBcreate);
1971 return;
1972 }
1973
1974 if (fattr & aVOLID) {
1975 DEBUG(0,("Attempt to create file (%s) with volid set - "
1976 "please report this\n", fname));
1977 }
1978
1979 if(req->cmd == SMBmknew) {
1980 /* We should fail if file exists. */
1981 create_disposition = FILE_CREATE;
1982 } else {
1983 /* Create if file doesn't exist, truncate if it does. */
1984 create_disposition = FILE_OVERWRITE_IF;
1985 }
1986
1987 status = SMB_VFS_CREATE_FILE(
1988 conn, /* conn */
1989 req, /* req */
1990 0, /* root_dir_fid */
1991 fname, /* fname */
1992 CFF_DOS_PATH, /* create_file_flags */
1993 access_mask, /* access_mask */
1994 share_mode, /* share_access */
1995 create_disposition, /* create_disposition*/
1996 create_options, /* create_options */
1997 fattr, /* file_attributes */
1998 oplock_request, /* oplock_request */
1999 0, /* allocation_size */
2000 NULL, /* sd */
2001 NULL, /* ea_list */
2002 &fsp, /* result */
2003 NULL, /* pinfo */
2004 &sbuf); /* psbuf */
2005
2006 if (!NT_STATUS_IS_OK(status)) {
2007 END_PROFILE(SMBcreate);
2008 if (open_was_deferred(req->mid)) {
2009 /* We have re-scheduled this call. */
2010 return;
2011 }
2012 reply_openerror(req, status);
2013 return;
2014 }
2015
2016 ft.atime = get_atimespec(&sbuf); /* atime. */
2017 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, &ft, true);
2018 if (!NT_STATUS_IS_OK(status)) {
2019 END_PROFILE(SMBcreate);
2020 reply_openerror(req, status);
2021 return;
2022 }
2023
2024 reply_outbuf(req, 1, 0);
2025 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2026
2027 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2028 SCVAL(req->outbuf,smb_flg,
2029 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2030 }
2031
2032 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2033 SCVAL(req->outbuf,smb_flg,
2034 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2035 }
2036
2037 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2038 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2039 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2040
2041 END_PROFILE(SMBcreate);
2042 return;
2043 }
2044
2045 /****************************************************************************
2046 Reply to a create temporary file.
2047 ****************************************************************************/
2048
2049 void reply_ctemp(struct smb_request *req)
2050 {
2051 connection_struct *conn = req->conn;
2052 char *fname = NULL;
2053 uint32 fattr;
2054 files_struct *fsp;
2055 int oplock_request;
2056 int tmpfd;
2057 SMB_STRUCT_STAT sbuf;
2058 char *s;
2059 NTSTATUS status;
2060 TALLOC_CTX *ctx = talloc_tos();
2061
2062 START_PROFILE(SMBctemp);
2063
2064 if (req->wct < 3) {
2065 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2066 END_PROFILE(SMBctemp);
2067 return;
2068 }
2069
2070 fattr = SVAL(req->vwv+0, 0);
2071 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2072
2073 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2074 STR_TERMINATE, &status);
2075 if (!NT_STATUS_IS_OK(status)) {
2076 reply_nterror(req, status);
2077 END_PROFILE(SMBctemp);
2078 return;
2079 }
2080 if (*fname) {
2081 fname = talloc_asprintf(ctx,
2082 "%s/TMXXXXXX",
2083 fname);
2084 } else {
2085 fname = talloc_strdup(ctx, "TMXXXXXX");
2086 }
2087
2088 if (!fname) {
2089 reply_nterror(req, NT_STATUS_NO_MEMORY);
2090 END_PROFILE(SMBctemp);
2091 return;
2092 }
2093
2094 status = resolve_dfspath(ctx, conn,
2095 req->flags2 & FLAGS2_DFS_PATHNAMES,
2096 fname,
2097 &fname);
2098 if (!NT_STATUS_IS_OK(status)) {
2099 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2100 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2101 ERRSRV, ERRbadpath);
2102 END_PROFILE(SMBctemp);
2103 return;
2104 }
2105 reply_nterror(req, status);
2106 END_PROFILE(SMBctemp);
2107 return;
2108 }
2109
2110 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2111 if (!NT_STATUS_IS_OK(status)) {
2112 reply_nterror(req, status);
2113 END_PROFILE(SMBctemp);
2114 return;
2115 }
2116
2117 status = check_name(conn, fname);
2118 if (!NT_STATUS_IS_OK(status)) {
2119 reply_nterror(req, status);
2120 END_PROFILE(SMBctemp);
2121 return;
2122 }
2123
2124 tmpfd = smb_mkstemp(fname);
2125 if (tmpfd == -1) {
2126 reply_unixerror(req, ERRDOS, ERRnoaccess);
2127 END_PROFILE(SMBctemp);
2128 return;
2129 }
2130
2131 SET_STAT_INVALID(sbuf);
2132 SMB_VFS_STAT(conn,fname,&sbuf);
2133
2134 /* We should fail if file does not exist. */
2135 status = SMB_VFS_CREATE_FILE(
2136 conn, /* conn */
2137 req, /* req */
2138 0, /* root_dir_fid */
2139 fname, /* fname */
2140 0, /* create_file_flags */
2141 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2142 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2143 FILE_OPEN, /* create_disposition*/
2144 0, /* create_options */
2145 fattr, /* file_attributes */
2146 oplock_request, /* oplock_request */
2147 0, /* allocation_size */
2148 NULL, /* sd */
2149 NULL, /* ea_list */
2150 &fsp, /* result */
2151 NULL, /* pinfo */
2152 &sbuf); /* psbuf */
2153
2154 /* close fd from smb_mkstemp() */
2155 close(tmpfd);
2156
2157 if (!NT_STATUS_IS_OK(status)) {
2158 if (open_was_deferred(req->mid)) {
2159 /* We have re-scheduled this call. */
2160 END_PROFILE(SMBctemp);
2161 return;
2162 }
2163 reply_openerror(req, status);
2164 END_PROFILE(SMBctemp);
2165 return;
2166 }
2167
2168 reply_outbuf(req, 1, 0);
2169 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2170
2171 /* the returned filename is relative to the directory */
2172 s = strrchr_m(fsp->fsp_name, '/');
2173 if (!s) {
2174 s = fsp->fsp_name;
2175 } else {
2176 s++;
2177 }
2178
2179 #if 0
2180 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2181 thing in the byte section. JRA */
2182 SSVALS(p, 0, -1); /* what is this? not in spec */
2183 #endif
2184 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2185 == -1) {
2186 reply_nterror(req, NT_STATUS_NO_MEMORY);
2187 END_PROFILE(SMBctemp);
2188 return;
2189 }
2190
2191 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2192 SCVAL(req->outbuf, smb_flg,
2193 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2194 }
2195
2196 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2197 SCVAL(req->outbuf, smb_flg,
2198 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2199 }
2200
2201 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2202 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2203 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2204
2205 END_PROFILE(SMBctemp);
2206 return;
2207 }
2208
2209 /*******************************************************************
2210 Check if a user is allowed to rename a file.
2211 ********************************************************************/
2212
2213 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2214 uint16 dirtype, SMB_STRUCT_STAT *pst)
2215 {
2216 uint32 fmode;
2217
2218 if (!CAN_WRITE(conn)) {
2219 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2220 }
2221
2222 fmode = dos_mode(conn, fsp->fsp_name, pst);
2223 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2224 return NT_STATUS_NO_SUCH_FILE;
2225 }
2226
2227 if (S_ISDIR(pst->st_mode)) {
2228 if (fsp->posix_open) {
2229 return NT_STATUS_OK;
2230 }
2231
2232 /* If no pathnames are open below this
2233 directory, allow the rename. */
2234
2235 if (file_find_subpath(fsp)) {
2236 return NT_STATUS_ACCESS_DENIED;
2237 }
2238 return NT_STATUS_OK;
2239 }
2240
2241 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2242 return NT_STATUS_OK;
2243 }
2244
2245 return NT_STATUS_ACCESS_DENIED;
2246 }
2247
2248 /*******************************************************************
2249 * unlink a file with all relevant access checks
2250 *******************************************************************/
2251
2252 static NTSTATUS do_unlink(connection_struct *conn,
2253 struct smb_request *req,
2254 const char *fname,
2255 uint32 dirtype)
2256 {
2257 SMB_STRUCT_STAT sbuf;
2258 uint32 fattr;
2259 files_struct *fsp;
2260 uint32 dirtype_orig = dirtype;
2261 NTSTATUS status;
2262
2263 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2264
2265 if (!CAN_WRITE(conn)) {
2266 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2267 }
2268
2269 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2270 return map_nt_error_from_unix(errno);
2271 }
2272
2273 fattr = dos_mode(conn,fname,&sbuf);
2274
2275 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2276 dirtype = aDIR|aARCH|aRONLY;
2277 }
2278
2279 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2280 if (!dirtype) {
2281 return NT_STATUS_NO_SUCH_FILE;
2282 }
2283
2284 if (!dir_check_ftype(conn, fattr, dirtype)) {
2285 if (fattr & aDIR) {
2286 return NT_STATUS_FILE_IS_A_DIRECTORY;
2287 }
2288 return NT_STATUS_NO_SUCH_FILE;
2289 }
2290
2291 if (dirtype_orig & 0x8000) {
2292 /* These will never be set for POSIX. */
2293 return NT_STATUS_NO_SUCH_FILE;
2294 }
2295
2296 #if 0
2297 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2298 return NT_STATUS_FILE_IS_A_DIRECTORY;
2299 }
2300
2301 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2302 return NT_STATUS_NO_SUCH_FILE;
2303 }
2304
2305 if (dirtype & 0xFF00) {
2306 /* These will never be set for POSIX. */
2307 return NT_STATUS_NO_SUCH_FILE;
2308 }
2309
2310 dirtype &= 0xFF;
2311 if (!dirtype) {
2312 return NT_STATUS_NO_SUCH_FILE;
2313 }
2314
2315 /* Can't delete a directory. */
2316 if (fattr & aDIR) {
2317 return NT_STATUS_FILE_IS_A_DIRECTORY;
2318 }
2319 #endif
2320
2321 #if 0 /* JRATEST */
2322 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2323 return NT_STATUS_OBJECT_NAME_INVALID;
2324 #endif /* JRATEST */
2325
2326 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2327
2328 On a Windows share, a file with read-only dosmode can be opened with
2329 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2330 fails with NT_STATUS_CANNOT_DELETE error.
2331
2332 This semantic causes a problem that a user can not
2333 rename a file with read-only dosmode on a Samba share
2334 from a Windows command prompt (i.e. cmd.exe, but can rename
2335 from Windows Explorer).
2336 */
2337
2338 if (!lp_delete_readonly(SNUM(conn))) {
2339 if (fattr & aRONLY) {
2340 return NT_STATUS_CANNOT_DELETE;
2341 }
2342 }
2343
2344 /* On open checks the open itself will check the share mode, so
2345 don't do it here as we'll get it wrong. */
2346
2347 status = SMB_VFS_CREATE_FILE
2348 (conn, /* conn */
2349 req, /* req */
2350 0, /* root_dir_fid */
2351 fname, /* fname */
2352 0, /* create_file_flags */
2353 DELETE_ACCESS, /* access_mask */
2354 FILE_SHARE_NONE, /* share_access */
2355 FILE_OPEN, /* create_disposition*/
2356 FILE_NON_DIRECTORY_FILE, /* create_options */
2357 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2358 0, /* oplock_request */
2359 0, /* allocation_size */
2360 NULL, /* sd */
2361 NULL, /* ea_list */
2362 &fsp, /* result */
2363 NULL, /* pinfo */
2364 &sbuf); /* psbuf */
2365
2366 if (!NT_STATUS_IS_OK(status)) {
2367 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2368 nt_errstr(status)));
2369 return status;
2370 }
2371
2372 /* The set is across all open files on this dev/inode pair. */
2373 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2374 close_file(req, fsp, NORMAL_CLOSE);
2375 return NT_STATUS_ACCESS_DENIED;
2376 }
2377
2378 return close_file(req, fsp, NORMAL_CLOSE);
2379 }
2380
2381 /****************************************************************************
2382 The guts of the unlink command, split out so it may be called by the NT SMB
2383 code.
2384 ****************************************************************************/
2385
2386 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2387 uint32 dirtype, const char *name_in, bool has_wild)
2388 {
2389 const char *directory = NULL;
2390 char *mask = NULL;
2391 char *name = NULL;
2392 char *p = NULL;
2393 int count=0;
2394 NTSTATUS status = NT_STATUS_OK;
2395 SMB_STRUCT_STAT sbuf, st;
2396 TALLOC_CTX *ctx = talloc_tos();
2397
2398 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2399 if (!NT_STATUS_IS_OK(status)) {
2400 return status;
2401 }
2402
2403 p = strrchr_m(name,'/');
2404 if (!p) {
2405 directory = talloc_strdup(ctx, ".");
2406 if (!directory) {
2407 return NT_STATUS_NO_MEMORY;
2408 }
2409 mask = name;
2410 } else {
2411 *p = 0;
2412 directory = name;
2413 mask = p+1;
2414 }
2415
2416 /*
2417 * We should only check the mangled cache
2418 * here if unix_convert failed. This means
2419 * that the path in 'mask' doesn't exist
2420 * on the file system and so we need to look
2421 * for a possible mangle. This patch from
2422 * Tine Smukavec <valentin.smukavec@hermes.si>.
2423 */
2424
2425 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2426 char *new_mask = NULL;
2427 mangle_lookup_name_from_8_3(ctx,
2428 mask,
2429 &new_mask,
2430 conn->params );
2431 if (new_mask) {
2432 mask = new_mask;
2433 }
2434 }
2435
2436 if (!has_wild) {
2437 directory = talloc_asprintf(ctx,
2438 "%s/%s",
2439 directory,
2440 mask);
2441 if (!directory) {
2442 return NT_STATUS_NO_MEMORY;
2443 }
2444 if (dirtype == 0) {
2445 dirtype = FILE_ATTRIBUTE_NORMAL;
2446 }
2447
2448 status = check_name(conn, directory);
2449 if (!NT_STATUS_IS_OK(status)) {
2450 return status;
2451 }
2452
2453 status = do_unlink(conn, req, directory, dirtype);
2454 if (!NT_STATUS_IS_OK(status)) {
2455 return status;
2456 }
2457
2458 count++;
2459 } else {
2460 struct smb_Dir *dir_hnd = NULL;
2461 long offset = 0;
2462 const char *dname;
2463
2464 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2465 return NT_STATUS_OBJECT_NAME_INVALID;
2466 }
2467
2468 if (strequal(mask,"????????.???")) {
2469 mask[0] = '*';
2470 mask[1] = '\0';
2471 }
2472
2473 status = check_name(conn, directory);
2474 if (!NT_STATUS_IS_OK(status)) {
2475 return status;
2476 }
2477
2478 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2479 dirtype);
2480 if (dir_hnd == NULL) {
2481 return map_nt_error_from_unix(errno);
2482 }
2483
2484 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2485 the pattern matches against the long name, otherwise the short name
2486 We don't implement this yet XXXX
2487 */
2488
2489 status = NT_STATUS_NO_SUCH_FILE;
2490
2491 while ((dname = ReadDirName(dir_hnd, &offset, &st))) {
2492 char *fname = NULL;
2493
2494 if (!is_visible_file(conn, directory, dname, &st,
2495 true))
2496 {
2497 continue;
2498 }
2499
2500 /* Quick check for "." and ".." */
2501 if (ISDOT(dname) || ISDOTDOT(dname)) {
2502 continue;
2503 }
2504
2505 if(!mask_match(dname, mask, conn->case_sensitive)) {
2506 continue;
2507 }
2508
2509 fname = talloc_asprintf(ctx, "%s/%s",
2510 directory,
2511 dname);
2512 if (!fname) {
2513 return NT_STATUS_NO_MEMORY;
2514 }
2515
2516 status = check_name(conn, fname);
2517 if (!NT_STATUS_IS_OK(status)) {
2518 TALLOC_FREE(dir_hnd);
2519 return status;
2520 }
2521
2522 status = do_unlink(conn, req, fname, dirtype);
2523 if (!NT_STATUS_IS_OK(status)) {
2524 TALLOC_FREE(fname);
2525 continue;
2526 }
2527
2528 count++;
2529 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2530 fname));
2531
2532 TALLOC_FREE(fname);
2533 }
2534 TALLOC_FREE(dir_hnd);
2535 }
2536
2537 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2538 status = map_nt_error_from_unix(errno);
2539 }
2540
2541 return status;
2542 }
2543
2544 /****************************************************************************
2545 Reply to a unlink
2546 ****************************************************************************/
2547
2548 void reply_unlink(struct smb_request *req)
2549 {
2550 connection_struct *conn = req->conn;
2551 char *name = NULL;
2552 uint32 dirtype;
2553 NTSTATUS status;
2554 bool path_contains_wcard = False;
2555 TALLOC_CTX *ctx = talloc_tos();
2556
2557 START_PROFILE(SMBunlink);
2558
2559 if (req->wct < 1) {
2560 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2561 END_PROFILE(SMBunlink);
2562 return;
2563 }
2564
2565 dirtype = SVAL(req->vwv+0, 0);
2566
2567 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2568 STR_TERMINATE, &status,
2569 &path_contains_wcard);
2570 if (!NT_STATUS_IS_OK(status)) {
2571 reply_nterror(req, status);
2572 END_PROFILE(SMBunlink);
2573 return;
2574 }
2575
2576 status = resolve_dfspath_wcard(ctx, conn,
2577 req->flags2 & FLAGS2_DFS_PATHNAMES,
2578 name,
2579 &name,
2580 &path_contains_wcard);
2581 if (!NT_STATUS_IS_OK(status)) {
2582 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2583 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2584 ERRSRV, ERRbadpath);
2585 END_PROFILE(SMBunlink);
2586 return;
2587 }
2588 reply_nterror(req, status);
2589 END_PROFILE(SMBunlink);
2590 return;
2591 }
2592
2593 DEBUG(3,("reply_unlink : %s\n",name));
2594
2595 status = unlink_internals(conn, req, dirtype, name,
2596 path_contains_wcard);
2597 if (!NT_STATUS_IS_OK(status)) {
2598 if (open_was_deferred(req->mid)) {
2599 /* We have re-scheduled this call. */
2600 END_PROFILE(SMBunlink);
2601 return;
2602 }
2603 reply_nterror(req, status);
2604 END_PROFILE(SMBunlink);
2605 return;
2606 }
2607
2608 reply_outbuf(req, 0, 0);
2609 END_PROFILE(SMBunlink);
2610
2611 return;
2612 }
2613
2614 /****************************************************************************
2615 Fail for readbraw.
2616 ****************************************************************************/
2617
2618 static void fail_readraw(void)
2619 {
2620 const char *errstr = talloc_asprintf(talloc_tos(),
2621 "FAIL ! reply_readbraw: socket write fail (%s)",
2622 strerror(errno));
2623 if (!errstr) {
2624 errstr = "";
2625 }
2626 exit_server_cleanly(errstr);
2627 }
2628
2629 /****************************************************************************
2630 Fake (read/write) sendfile. Returns -1 on read or write fail.
2631 ****************************************************************************/
2632
2633 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2634 size_t nread)
2635 {
2636 size_t bufsize;
2637 size_t tosend = nread;
2638 char *buf;
2639
2640 if (nread == 0) {
2641 return 0;
2642 }
2643
2644 bufsize = MIN(nread, 65536);
2645
2646 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2647 return -1;
2648 }
2649
2650 while (tosend > 0) {
2651 ssize_t ret;
2652 size_t cur_read;
2653
2654 if (tosend > bufsize) {
2655 cur_read = bufsize;
2656 } else {
2657 cur_read = tosend;
2658 }
2659 ret = read_file(fsp,buf,startpos,cur_read);
2660 if (ret == -1) {
2661 SAFE_FREE(buf);
2662 return -1;
2663 }
2664
2665 /* If we had a short read, fill with zeros. */
2666 if (ret < cur_read) {
2667 memset(buf, '\0', cur_read - ret);
2668 }
2669
2670 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2671 SAFE_FREE(buf);
2672 return -1;
2673 }
2674 tosend -= cur_read;
2675 startpos += cur_read;
2676 }
2677
2678 SAFE_FREE(buf);
2679 return (ssize_t)nread;
2680 }
2681
2682 #if defined(WITH_SENDFILE)
2683 /****************************************************************************
2684 Deal with the case of sendfile reading less bytes from the file than
2685 requested. Fill with zeros (all we can do).
2686 ****************************************************************************/
2687
2688 static void sendfile_short_send(files_struct *fsp,
2689 ssize_t nread,
2690 size_t headersize,
2691 size_t smb_maxcnt)
2692 {
2693 if (nread < headersize) {
2694 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2695 "header for file %s (%s). Terminating\n",
2696 fsp->fsp_name, strerror(errno) ));
2697 exit_server_cleanly("sendfile_short_send failed");
2698 }
2699
2700 nread -= headersize;
2701
2702 if (nread < smb_maxcnt) {
2703 char *buf = SMB_CALLOC_ARRAY(char, 1024);
2704 if (!buf) {
2705 exit_server_cleanly("sendfile_short_send: "
2706 "malloc failed");
2707 }
2708
2709 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2710 "with zeros !\n", fsp->fsp_name));
2711
2712 while (nread < smb_maxcnt) {
2713 /*
2714 * We asked for the real file size and told sendfile
2715 * to not go beyond the end of the file. But it can
2716 * happen that in between our fstat call and the
2717 * sendfile call the file was truncated. This is very
2718 * bad because we have already announced the larger
2719 * number of bytes to the client.
2720 *
2721 * The best we can do now is to send 0-bytes, just as
2722 * a read from a hole in a sparse file would do.
2723 *
2724 * This should happen rarely enough that I don't care
2725 * about efficiency here :-)
2726 */
2727 size_t to_write;
2728
2729 to_write = MIN(sizeof(buf), smb_maxcnt - nread);
2730 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2731 exit_server_cleanly("sendfile_short_send: "
2732 "write_data failed");
2733 }
2734 nread += to_write;
2735 }
2736 SAFE_FREE(buf);
2737 }
2738 }
2739 #endif /* defined WITH_SENDFILE */
2740
2741 /****************************************************************************
2742 Return a readbraw error (4 bytes of zero).
2743 ****************************************************************************/
2744
2745 static void reply_readbraw_error(void)
2746 {
2747 char header[4];
2748 SIVAL(header,0,0);
2749 if (write_data(smbd_server_fd(),header,4) != 4) {
2750 fail_readraw();
2751 }
2752 }
2753
2754 /****************************************************************************
2755 Use sendfile in readbraw.
2756 ****************************************************************************/
2757
2758 static void send_file_readbraw(connection_struct *conn,
2759 struct smb_request *req,
2760 files_struct *fsp,
2761 SMB_OFF_T startpos,
2762 size_t nread,
2763 ssize_t mincount)
2764 {
2765 char *outbuf = NULL;
2766 ssize_t ret=0;
2767
2768 #if defined(WITH_SENDFILE)
2769 /*
2770 * We can only use sendfile on a non-chained packet
2771 * but we can use on a non-oplocked file. tridge proved this
2772 * on a train in Germany :-). JRA.
2773 * reply_readbraw has already checked the length.
2774 */
2775
2776 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2777 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2778 ssize_t sendfile_read = -1;
2779 char header[4];
2780 DATA_BLOB header_blob;
2781
2782 _smb_setlen(header,nread);
2783 header_blob = data_blob_const(header, 4);
2784
2785 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2786 &header_blob, startpos, nread)) == -1) {
2787 /* Returning ENOSYS means no data at all was sent.
2788 * Do this as a normal read. */
2789 if (errno == ENOSYS) {
2790 goto normal_readbraw;
2791 }
2792
2793 /*
2794 * Special hack for broken Linux with no working sendfile. If we
2795 * return EINTR we sent the header but not the rest of the data.
2796 * Fake this up by doing read/write calls.
2797 */
2798 if (errno == EINTR) {
2799 /* Ensure we don't do this again. */
2800 set_use_sendfile(SNUM(conn), False);
2801 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2802
2803 if (fake_sendfile(fsp, startpos, nread) == -1) {
2804 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2805 fsp->fsp_name, strerror(errno) ));
2806 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2807 }
2808 return;
2809 }
2810
2811 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2812 fsp->fsp_name, strerror(errno) ));
2813 exit_server_cleanly("send_file_readbraw sendfile failed");
2814 } else if (sendfile_read == 0) {
2815 /*
2816 * Some sendfile implementations return 0 to indicate
2817 * that there was a short read, but nothing was
2818 * actually written to the socket. In this case,
2819 * fallback to the normal read path so the header gets
2820 * the correct byte count.
2821 */
2822 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2823 "bytes falling back to the normal read: "
2824 "%s\n", fsp->fsp_name));
2825 goto normal_readbraw;
2826 }
2827
2828 /* Deal with possible short send. */
2829 if (sendfile_read != 4+nread) {
2830 sendfile_short_send(fsp, sendfile_read, 4, nread);
2831 }
2832 return;
2833 }
2834
2835 normal_readbraw:
2836 #endif
2837
2838 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2839 if (!outbuf) {
2840 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2841 (unsigned)(nread+4)));
2842 reply_readbraw_error();
2843 return;
2844 }
2845
2846 if (nread > 0) {
2847 ret = read_file(fsp,outbuf+4,startpos,nread);
2848 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2849 if (ret < mincount)
2850 ret = 0;
2851 #else
2852 if (ret < nread)
2853 ret = 0;
2854 #endif
2855 }
2856
2857 _smb_setlen(outbuf,ret);
2858 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2859 fail_readraw();
2860
2861 TALLOC_FREE(outbuf);
2862 }
2863
2864 /****************************************************************************
2865 Reply to a readbraw (core+ protocol).
2866 ****************************************************************************/
2867
2868 void reply_readbraw(struct smb_request *req)
2869 {
2870 connection_struct *conn = req->conn;
2871 ssize_t maxcount,mincount;
2872 size_t nread = 0;
2873 SMB_OFF_T startpos;
2874 files_struct *fsp;
2875 struct lock_struct lock;
2876 SMB_STRUCT_STAT st;
2877 SMB_OFF_T size = 0;
2878
2879 START_PROFILE(SMBreadbraw);
2880
2881 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2882 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2883 "raw reads/writes are disallowed.");
2884 }
2885
2886 if (req->wct < 8) {
2887 reply_readbraw_error();
2888 END_PROFILE(SMBreadbraw);
2889 return;
2890 }
2891
2892 /*
2893 * Special check if an oplock break has been issued
2894 * and the readraw request croses on the wire, we must
2895 * return a zero length response here.
2896 */
2897
2898 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2899
2900 /*
2901 * We have to do a check_fsp by hand here, as
2902 * we must always return 4 zero bytes on error,
2903 * not a NTSTATUS.
2904 */
2905
2906 if (!fsp || !conn || conn != fsp->conn ||
2907 req->vuid != fsp->vuid ||
2908 fsp->is_directory || fsp->fh->fd == -1) {
2909 /*
2910 * fsp could be NULL here so use the value from the packet. JRA.
2911 */
2912 DEBUG(3,("reply_readbraw: fnum %d not valid "
2913 "- cache prime?\n",
2914 (int)SVAL(req->vwv+0, 0)));
2915 reply_readbraw_error();
2916 END_PROFILE(SMBreadbraw);
2917 return;
2918 }
2919
2920 /* Do a "by hand" version of CHECK_READ. */
2921 if (!(fsp->can_read ||
2922 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2923 (fsp->access_mask & FILE_EXECUTE)))) {
2924 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2925 (int)SVAL(req->vwv+0, 0)));
2926 reply_readbraw_error();
2927 END_PROFILE(SMBreadbraw);
2928 return;
2929 }
2930
2931 flush_write_cache(fsp, READRAW_FLUSH);
2932
2933 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2934 if(req->wct == 10) {
2935 /*
2936 * This is a large offset (64 bit) read.
2937 */
2938 #ifdef LARGE_SMB_OFF_T
2939
2940 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2941
2942 #else /* !LARGE_SMB_OFF_T */
2943
2944 /*
2945 * Ensure we haven't been sent a >32 bit offset.
2946 */
2947
2948 if(IVAL(req->vwv+8, 0) != 0) {
2949 DEBUG(0,("reply_readbraw: large offset "
2950 "(%x << 32) used and we don't support "
2951 "64 bit offsets.\n",
2952 (unsigned int)IVAL(req->vwv+8, 0) ));
2953 reply_readbraw_error();
2954 END_PROFILE(SMBreadbraw);
2955 return;
2956 }
2957
2958 #endif /* LARGE_SMB_OFF_T */
2959
2960 if(startpos < 0) {
2961 DEBUG(0,("reply_readbraw: negative 64 bit "
2962 "readraw offset (%.0f) !\n",
2963 (double)startpos ));
2964 reply_readbraw_error();
2965 END_PROFILE(SMBreadbraw);
2966 return;
2967 }
2968 }
2969
2970 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
2971 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
2972
2973 /* ensure we don't overrun the packet size */
2974 maxcount = MIN(65535,maxcount);
2975
2976 init_strict_lock_struct(fsp, (uint32)req->smbpid,
2977 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
2978 &lock);
2979
2980 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
2981 reply_readbraw_error();
2982 END_PROFILE(SMBreadbraw);
2983 return;
2984 }
2985
2986 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2987 size = st.st_size;
2988 }
2989
2990 if (startpos >= size) {
2991 nread = 0;
2992 } else {
2993 nread = MIN(maxcount,(size - startpos));
2994 }
2995
2996 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2997 if (nread < mincount)
2998 nread = 0;
2999 #endif
3000
3001 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3002 "min=%lu nread=%lu\n",
3003 fsp->fnum, (double)startpos,
3004 (unsigned long)maxcount,
3005 (unsigned long)mincount,
3006 (unsigned long)nread ) );
3007
3008 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3009
3010 DEBUG(5,("reply_readbraw finished\n"));
3011
3012 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3013
3014 END_PROFILE(SMBreadbraw);
3015 return;
3016 }
3017
3018 #undef DBGC_CLASS
3019 #define DBGC_CLASS DBGC_LOCKING
3020
3021 /****************************************************************************
3022 Reply to a lockread (core+ protocol).
3023 ****************************************************************************/
3024
3025 void reply_lockread(struct smb_request *req)
3026 {
3027 connection_struct *conn = req->conn;
3028 ssize_t nread = -1;
3029 char *data;
3030 SMB_OFF_T startpos;
3031 size_t numtoread;
3032 NTSTATUS status;
3033 files_struct *fsp;
3034 struct byte_range_lock *br_lck = NULL;
3035 char *p = NULL;
3036
3037 START_PROFILE(SMBlockread);
3038
3039 if (req->wct < 5) {
3040 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3041 END_PROFILE(SMBlockread);
3042 return;
3043 }
3044
3045 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3046
3047 if (!check_fsp(conn, req, fsp)) {
3048 END_PROFILE(SMBlockread);
3049 return;
3050 }
3051
3052 if (!CHECK_READ(fsp,req)) {
3053 reply_doserror(req, ERRDOS, ERRbadaccess);
3054 END_PROFILE(SMBlockread);
3055 return;
3056 }
3057
3058 numtoread = SVAL(req->vwv+1, 0);
3059 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3060
3061 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3062
3063 reply_outbuf(req, 5, numtoread + 3);
3064
3065 data = smb_buf(req->outbuf) + 3;
3066
3067 /*
3068 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3069 * protocol request that predates the read/write lock concept.
3070 * Thus instead of asking for a read lock here we need to ask
3071 * for a write lock. JRA.
3072 * Note that the requested lock size is unaffected by max_recv.
3073 */
3074
3075 br_lck = do_lock(smbd_messaging_context(),
3076 fsp,
3077 req->smbpid,
3078 (uint64_t)numtoread,
3079 (uint64_t)startpos,
3080 WRITE_LOCK,
3081 WINDOWS_LOCK,
3082 False, /* Non-blocking lock. */
3083 &status,
3084 NULL,
3085 NULL);
3086 TALLOC_FREE(br_lck);
3087
3088 if (NT_STATUS_V(status)) {
3089 reply_nterror(req, status);
3090 END_PROFILE(SMBlockread);
3091 return;
3092 }
3093
3094 /*
3095 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3096 */
3097
3098 if (numtoread > max_recv) {
3099 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3100 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3101 (unsigned int)numtoread, (unsigned int)max_recv ));
3102 numtoread = MIN(numtoread,max_recv);
3103 }
3104 nread = read_file(fsp,data,startpos,numtoread);
3105
3106 if (nread < 0) {
3107 reply_unixerror(req, ERRDOS, ERRnoaccess);
3108 END_PROFILE(SMBlockread);
3109 return;
3110 }
3111
3112 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3113
3114 SSVAL(req->outbuf,smb_vwv0,nread);
3115 SSVAL(req->outbuf,smb_vwv5,nread+3);
3116 p = smb_buf(req->outbuf);
3117 SCVAL(p,0,0); /* pad byte. */
3118 SSVAL(p,1,nread);
3119
3120 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3121 fsp->fnum, (int)numtoread, (int)nread));
3122
3123 END_PROFILE(SMBlockread);
3124 return;
3125 }
3126
3127 #undef DBGC_CLASS
3128 #define DBGC_CLASS DBGC_ALL
3129
3130 /****************************************************************************
3131 Reply to a read.
3132 ****************************************************************************/
3133
3134 void reply_read(struct smb_request *req)
3135 {
3136 connection_struct *conn = req->conn;
3137 size_t numtoread;
3138 ssize_t nread = 0;
3139 char *data;
3140 SMB_OFF_T startpos;
3141 int outsize = 0;
3142 files_struct *fsp;
3143 struct lock_struct lock;
3144
3145 START_PROFILE(SMBread);
3146
3147 if (req->wct < 3) {
3148 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3149 END_PROFILE(SMBread);
3150 return;
3151 }
3152
3153 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3154
3155 if (!check_fsp(conn, req, fsp)) {
3156 END_PROFILE(SMBread);
3157 return;
3158 }
3159
3160 if (!CHECK_READ(fsp,req)) {
3161 reply_doserror(req, ERRDOS, ERRbadaccess);
3162 END_PROFILE(SMBread);
3163 return;
3164 }
3165
3166 numtoread = SVAL(req->vwv+1, 0);
3167 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3168
3169 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3170
3171 /*
3172 * The requested read size cannot be greater than max_recv. JRA.
3173 */
3174 if (numtoread > max_recv) {
3175 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3176 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3177 (unsigned int)numtoread, (unsigned int)max_recv ));
3178 numtoread = MIN(numtoread,max_recv);
3179 }
3180
3181 reply_outbuf(req, 5, numtoread+3);
3182
3183 data = smb_buf(req->outbuf) + 3;
3184
3185 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3186 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3187 &lock);
3188
3189 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3190 reply_doserror(req, ERRDOS,ERRlock);
3191 END_PROFILE(SMBread);
3192 return;
3193 }
3194
3195 if (numtoread > 0)
3196 nread = read_file(fsp,data,startpos,numtoread);
3197
3198 if (nread < 0) {
3199 reply_unixerror(req, ERRDOS,ERRnoaccess);
3200 goto strict_unlock;
3201 }
3202
3203 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3204
3205 SSVAL(req->outbuf,smb_vwv0,nread);
3206 SSVAL(req->outbuf,smb_vwv5,nread+3);
3207 SCVAL(smb_buf(req->outbuf),0,1);
3208 SSVAL(smb_buf(req->outbuf),1,nread);
3209
3210 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3211 fsp->fnum, (int)numtoread, (int)nread ) );
3212
3213 strict_unlock:
3214 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3215
3216 END_PROFILE(SMBread);
3217 return;
3218 }
3219
3220 /****************************************************************************
3221 Setup readX header.
3222 ****************************************************************************/
3223
3224 static int setup_readX_header(struct smb_request *req, char *outbuf,
3225 size_t smb_maxcnt)
3226 {
3227 int outsize;
3228 char *data;
3229
3230 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3231 data = smb_buf(outbuf);
3232
3233 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3234
3235 SCVAL(outbuf,smb_vwv0,0xFF);
3236 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3237 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3238 SSVAL(outbuf,smb_vwv6,
3239 req_wct_ofs(req)
3240 + 1 /* the wct field */
3241 + 12 * sizeof(uint16_t) /* vwv */
3242 + 2); /* the buflen field */
3243 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3244 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3245 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3246 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3247 return outsize;
3248 }
3249
3250 /****************************************************************************
3251 Reply to a read and X - possibly using sendfile.
3252 ****************************************************************************/
3253
3254 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3255 files_struct *fsp, SMB_OFF_T startpos,
3256 size_t smb_maxcnt)
3257 {
3258 SMB_STRUCT_STAT sbuf;
3259 ssize_t nread = -1;
3260
3261 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3262 reply_unixerror(req, ERRDOS, ERRnoaccess);
3263 return;
3264 }
3265
3266 if (startpos > sbuf.st_size) {
3267 smb_maxcnt = 0;
3268 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3269 smb_maxcnt = (sbuf.st_size - startpos);
3270 }
3271
3272 if (smb_maxcnt == 0) {
3273 goto normal_read;
3274 }
3275
3276 #if defined(WITH_SENDFILE)
3277 /*
3278 * We can only use sendfile on a non-chained packet
3279 * but we can use on a non-oplocked file. tridge proved this
3280 * on a train in Germany :-). JRA.
3281 */
3282
3283 if (!req_is_in_chain(req) &&
3284 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3285 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3286 uint8 headerbuf[smb_size + 12 * 2];
3287 DATA_BLOB header;
3288
3289 /*
3290 * Set up the packet header before send. We
3291 * assume here the sendfile will work (get the
3292 * correct amount of data).
3293 */
3294
3295 header = data_blob_const(headerbuf, sizeof(headerbuf));
3296
3297 construct_reply_common_req(req, (char *)headerbuf);
3298 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3299
3300 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3301 /* Returning ENOSYS means no data at all was sent.
3302 Do this as a normal read. */
3303 if (errno == ENOSYS) {
3304 goto normal_read;
3305 }
3306
3307 /*
3308 * Special hack for broken Linux with no working sendfile. If we
3309 * return EINTR we sent the header but not the rest of the data.
3310 * Fake this up by doing read/write calls.
3311 */
3312
3313 if (errno == EINTR) {
3314 /* Ensure we don't do this again. */
3315 set_use_sendfile(SNUM(conn), False);
3316 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3317 nread = fake_sendfile(fsp, startpos,
3318 smb_maxcnt);
3319 if (nread == -1) {
3320 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3321 fsp->fsp_name, strerror(errno) ));
3322 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3323 }
3324 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3325 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3326 /* No outbuf here means successful sendfile. */
3327 TALLOC_FREE(req->outbuf);
3328 return;
3329 }
3330
3331 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3332 fsp->fsp_name, strerror(errno) ));
3333 exit_server_cleanly("send_file_readX sendfile failed");
3334 } else if (nread == 0) {
3335 /*
3336 * Some sendfile implementations return 0 to indicate
3337 * that there was a short read, but nothing was
3338 * actually written to the socket. In this case,
3339 * fallback to the normal read path so the header gets
3340 * the correct byte count.
3341 */
3342 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3343 "falling back to the normal read: %s\n",
3344 fsp->fsp_name));
3345 goto normal_read;
3346 }
3347
3348 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3349 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3350
3351 /* Deal with possible short send. */
3352 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3353 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3354 }
3355
3356 /* No outbuf here means successful sendfile. */
3357 TALLOC_FREE(req->outbuf);
3358 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3359 SMB_PERFCOUNT_END(&req->pcd);
3360 return;
3361 }
3362 #endif
3363
3364 normal_read:
3365
3366 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3367 uint8 headerbuf[smb_size + 2*12];
3368
3369 construct_reply_common_req(req, (char *)headerbuf);
3370 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3371
3372 /* Send out the header. */
3373 if (write_data(smbd_server_fd(), (char *)headerbuf,
3374 sizeof(headerbuf)) != sizeof(headerbuf)) {
3375 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3376 fsp->fsp_name, strerror(errno) ));
3377 exit_server_cleanly("send_file_readX sendfile failed");
3378 }
3379 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3380 if (nread == -1) {
3381 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3382 fsp->fsp_name, strerror(errno) ));
3383 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3384 }
3385 TALLOC_FREE(req->outbuf);
3386 return;
3387 }
3388
3389 reply_outbuf(req, 12, smb_maxcnt);
3390
3391 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3392 if (nread < 0) {
3393 reply_unixerror(req, ERRDOS, ERRnoaccess);
3394 return;
3395 }
3396
3397 setup_readX_header(req, (char *)req->outbuf, nread);
3398
3399 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3400 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3401
3402 chain_reply(req);
3403 }
3404
3405 /****************************************************************************
3406 Reply to a read and X.
3407 ****************************************************************************/
3408
3409 void reply_read_and_X(struct smb_request *req)
3410 {
3411 connection_struct *conn = req->conn;
3412 files_struct *fsp;
3413 SMB_OFF_T startpos;
3414 size_t smb_maxcnt;
3415 struct lock_struct lock;
3416 bool big_readX = False;
3417 #if 0
3418 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3419 #endif
3420
3421 START_PROFILE(SMBreadX);
3422
3423 if ((req->wct != 10) && (req->wct != 12)) {
3424 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3425 return;
3426 }
3427
3428 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3429 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3430 smb_maxcnt = SVAL(req->vwv+5, 0);
3431
3432 /* If it's an IPC, pass off the pipe handler. */
3433 if (IS_IPC(conn)) {
3434 reply_pipe_read_and_X(req);
3435 END_PROFILE(SMBreadX);
3436 return;
3437 }
3438
3439 if (!check_fsp(conn, req, fsp)) {
3440 END_PROFILE(SMBreadX);
3441 return;
3442 }
3443
3444 if (!CHECK_READ(fsp,req)) {
3445 reply_doserror(req, ERRDOS,ERRbadaccess);
3446 END_PROFILE(SMBreadX);
3447 return;
3448 }
3449
3450 if (global_client_caps & CAP_LARGE_READX) {
3451 size_t upper_size = SVAL(req->vwv+7, 0);
3452 smb_maxcnt |= (upper_size<<16);
3453 if (upper_size > 1) {
3454 /* Can't do this on a chained packet. */
3455 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3456 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3457 END_PROFILE(SMBreadX);
3458 return;
3459 }
3460 /* We currently don't do this on signed or sealed data. */
3461 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3462 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3463 END_PROFILE(SMBreadX);
3464 return;
3465 }
3466 /* Is there room in the reply for this data ? */
3467 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3468 reply_nterror(req,
3469 NT_STATUS_INVALID_PARAMETER);
3470 END_PROFILE(SMBreadX);
3471 return;
3472 }
3473 big_readX = True;
3474 }
3475 }
3476
3477 if (req->wct == 12) {
3478 #ifdef LARGE_SMB_OFF_T
3479 /*
3480 * This is a large offset (64 bit) read.
3481 */
3482 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3483
3484 #else /* !LARGE_SMB_OFF_T */
3485
3486 /*
3487 * Ensure we haven't been sent a >32 bit offset.
3488 */
3489
3490 if(IVAL(req->vwv+10, 0) != 0) {
3491 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3492 "used and we don't support 64 bit offsets.\n",
3493 (unsigned int)IVAL(req->vwv+10, 0) ));
3494 END_PROFILE(SMBreadX);
3495 reply_doserror(req, ERRDOS, ERRbadaccess);
3496 return;
3497 }
3498
3499 #endif /* LARGE_SMB_OFF_T */
3500
3501 }
3502
3503 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3504 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3505 &lock);
3506
3507 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3508 END_PROFILE(SMBreadX);
3509 reply_doserror(req, ERRDOS, ERRlock);
3510 return;
3511 }
3512
3513 if (!big_readX &&
3514 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3515 goto strict_unlock;
3516 }
3517
3518 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3519
3520 strict_unlock:
3521 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3522
3523 END_PROFILE(SMBreadX);
3524 return;
3525 }
3526
3527 /****************************************************************************
3528 Error replies to writebraw must have smb_wct == 1. Fix this up.
3529 ****************************************************************************/
3530
3531 void error_to_writebrawerr(struct smb_request *req)
3532 {
3533 uint8 *old_outbuf = req->outbuf;
3534
3535 reply_outbuf(req, 1, 0);
3536
3537 memcpy(req->outbuf, old_outbuf, smb_size);
3538 TALLOC_FREE(old_outbuf);
3539 }
3540
3541 /****************************************************************************
3542 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3543 ****************************************************************************/
3544
3545 void reply_writebraw(struct smb_request *req)
3546 {
3547 connection_struct *conn = req->conn;
3548 char *buf = NULL;
3549 ssize_t nwritten=0;
3550 ssize_t total_written=0;
3551 size_t numtowrite=0;
3552 size_t tcount;
3553 SMB_OFF_T startpos;
3554 char *data=NULL;
3555 bool write_through;
3556 files_struct *fsp;
3557 struct lock_struct lock;
3558 NTSTATUS status;
3559
3560 START_PROFILE(SMBwritebraw);
3561
3562 /*
3563 * If we ever reply with an error, it must have the SMB command
3564 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3565 * we're finished.
3566 */
3567 SCVAL(req->inbuf,smb_com,SMBwritec);
3568
3569 if (srv_is_signing_active()) {
3570 END_PROFILE(SMBwritebraw);
3571 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3572 "raw reads/writes are disallowed.");
3573 }
3574
3575 if (req->wct < 12) {
3576 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3577 error_to_writebrawerr(req);
3578 END_PROFILE(SMBwritebraw);
3579 return;
3580 }
3581
3582 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3583 if (!check_fsp(conn, req, fsp)) {
3584 error_to_writebrawerr(req);
3585 END_PROFILE(SMBwritebraw);
3586 return;
3587 }
3588
3589 if (!CHECK_WRITE(fsp)) {
3590 reply_doserror(req, ERRDOS, ERRbadaccess);
3591 error_to_writebrawerr(req);
3592 END_PROFILE(SMBwritebraw);
3593 return;
3594 }
3595
3596 tcount = IVAL(req->vwv+1, 0);
3597 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3598 write_through = BITSETW(req->vwv+7,0);
3599
3600 /* We have to deal with slightly different formats depending
3601 on whether we are using the core+ or lanman1.0 protocol */
3602
3603 if(Protocol <= PROTOCOL_COREPLUS) {
3604 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3605 data = smb_buf(req->inbuf);
3606 } else {
3607 numtowrite = SVAL(req->vwv+10, 0);
3608 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3609 }
3610
3611 /* Ensure we don't write bytes past the end of this packet. */
3612 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3613 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3614 error_to_writebrawerr(req);
3615 END_PROFILE(SMBwritebraw);
3616 return;
3617 }
3618
3619 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3620 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3621 &lock);
3622
3623 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3624 reply_doserror(req, ERRDOS, ERRlock);
3625 error_to_writebrawerr(req);
3626 END_PROFILE(SMBwritebraw);
3627 return;
3628 }
3629
3630 if (numtowrite>0) {
3631 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3632 }
3633
3634 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3635 "wrote=%d sync=%d\n",
3636 fsp->fnum, (double)startpos, (int)numtowrite,
3637 (int)nwritten, (int)write_through));
3638
3639 if (nwritten < (ssize_t)numtowrite) {
3640 reply_unixerror(req, ERRHRD, ERRdiskfull);
3641 error_to_writebrawerr(req);
3642 goto strict_unlock;
3643 }
3644
3645 total_written = nwritten;
3646
3647 /* Allocate a buffer of 64k + length. */
3648 buf = TALLOC_ARRAY(NULL, char, 65540);
3649 if (!buf) {
3650 reply_doserror(req, ERRDOS, ERRnomem);
3651 error_to_writebrawerr(req);
3652 goto strict_unlock;
3653 }
3654
3655 /* Return a SMBwritebraw message to the redirector to tell
3656 * it to send more bytes */
3657
3658 memcpy(buf, req->inbuf, smb_size);
3659 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3660 SCVAL(buf,smb_com,SMBwritebraw);
3661 SSVALS(buf,smb_vwv0,0xFFFF);
3662 show_msg(buf);
3663 if (!srv_send_smb(smbd_server_fd(),
3664 buf,
3665 IS_CONN_ENCRYPTED(conn),
3666 &req->pcd)) {
3667 exit_server_cleanly("reply_writebraw: srv_send_smb "
3668 "failed.");
3669 }
3670
3671 /* Now read the raw data into the buffer and write it */
3672 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3673 &numtowrite);
3674 if (!NT_STATUS_IS_OK(status)) {
3675 exit_server_cleanly("secondary writebraw failed");
3676 }
3677
3678 /* Set up outbuf to return the correct size */
3679 reply_outbuf(req, 1, 0);
3680
3681 if (numtowrite != 0) {
3682
3683 if (numtowrite > 0xFFFF) {
3684 DEBUG(0,("reply_writebraw: Oversize secondary write "
3685 "raw requested (%u). Terminating\n",
3686 (unsigned int)numtowrite ));
3687 exit_server_cleanly("secondary writebraw failed");
3688 }
3689
3690 if (tcount > nwritten+numtowrite) {
3691 DEBUG(3,("reply_writebraw: Client overestimated the "
3692 "write %d %d %d\n",
3693 (int)tcount,(int)nwritten,(int)numtowrite));
3694 }
3695
3696 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3697
3698 if (!NT_STATUS_IS_OK(status)) {
3699 DEBUG(0,("reply_writebraw: Oversize secondary write "
3700 "raw read failed (%s). Terminating\n",
3701 nt_errstr(status)));
3702 exit_server_cleanly("secondary writebraw failed");
3703 }
3704
3705 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3706 if (nwritten == -1) {
3707 TALLOC_FREE(buf);
3708 reply_unixerror(req, ERRHRD, ERRdiskfull);
3709 error_to_writebrawerr(req);
3710 goto strict_unlock;
3711 }
3712
3713 if (nwritten < (ssize_t)numtowrite) {
3714 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3715 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3716 }
3717
3718 if (nwritten > 0) {
3719 total_written += nwritten;
3720 }
3721 }
3722
3723 TALLOC_FREE(buf);
3724 SSVAL(req->outbuf,smb_vwv0,total_written);
3725
3726 status = sync_file(conn, fsp, write_through);
3727 if (!NT_STATUS_IS_OK(status)) {
3728 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3729 fsp->fsp_name, nt_errstr(status) ));
3730 reply_nterror(req, status);
3731 error_to_writebrawerr(req);
3732 goto strict_unlock;
3733 }
3734
3735 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3736 "wrote=%d\n",
3737 fsp->fnum, (double)startpos, (int)numtowrite,
3738 (int)total_written));
3739
3740 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3741
3742 /* We won't return a status if write through is not selected - this
3743 * follows what WfWg does */
3744 END_PROFILE(SMBwritebraw);
3745
3746 if (!write_through && total_written==tcount) {
3747
3748 #if RABBIT_PELLET_FIX
3749 /*
3750 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3751 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3752 * JRA.
3753 */
3754 if (!send_keepalive(smbd_server_fd())) {
3755 exit_server_cleanly("reply_writebraw: send of "
3756 "keepalive failed");
3757 }
3758 #endif
3759 TALLOC_FREE(req->outbuf);
3760 }
3761 return;
3762
3763 strict_unlock:
3764 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3765
3766 END_PROFILE(SMBwritebraw);
3767 return;
3768 }
3769
3770 #undef DBGC_CLASS
3771 #define DBGC_CLASS DBGC_LOCKING
3772
3773 /****************************************************************************
3774 Reply to a writeunlock (core+).
3775 ****************************************************************************/
3776
3777 void reply_writeunlock(struct smb_request *req)
3778 {
3779 connection_struct *conn = req->conn;
3780 ssize_t nwritten = -1;
3781 size_t numtowrite;
3782 SMB_OFF_T startpos;
3783 const char *data;
3784 NTSTATUS status = NT_STATUS_OK;
3785 files_struct *fsp;
3786 struct lock_struct lock;
3787
3788 START_PROFILE(SMBwriteunlock);
3789
3790 if (req->wct < 5) {
3791 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3792 END_PROFILE(SMBwriteunlock);
3793 return;
3794 }
3795
3796 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3797
3798 if (!check_fsp(conn, req, fsp)) {
3799 END_PROFILE(SMBwriteunlock);
3800 return;
3801 }
3802
3803 if (!CHECK_WRITE(fsp)) {
3804 reply_doserror(req, ERRDOS,ERRbadaccess);
3805 END_PROFILE(SMBwriteunlock);
3806 return;
3807 }
3808
3809 numtowrite = SVAL(req->vwv+1, 0);
3810 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3811 data = (const char *)req->buf + 3;
3812
3813 if (numtowrite) {
3814 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3815 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3816 &lock);
3817
3818 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3819 reply_doserror(req, ERRDOS, ERRlock);
3820 END_PROFILE(SMBwriteunlock);
3821 return;
3822 }
3823 }
3824
3825 /* The special X/Open SMB protocol handling of
3826 zero length writes is *NOT* done for
3827 this call */
3828 if(numtowrite == 0) {
3829 nwritten = 0;
3830 } else {
3831 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3832 }
3833
3834 status = sync_file(conn, fsp, False /* write through */);
3835 if (!NT_STATUS_IS_OK(status)) {
3836 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3837 fsp->fsp_name, nt_errstr(status) ));
3838 reply_nterror(req, status);
3839 goto strict_unlock;
3840 }
3841
3842 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3843 reply_unixerror(req, ERRHRD, ERRdiskfull);
3844 goto strict_unlock;
3845 }
3846
3847 if (numtowrite) {
3848 status = do_unlock(smbd_messaging_context(),
3849 fsp,
3850 req->smbpid,
3851 (uint64_t)numtowrite,
3852 (uint64_t)startpos,
3853 WINDOWS_LOCK);
3854
3855 if (NT_STATUS_V(status)) {
3856 reply_nterror(req, status);
3857 goto strict_unlock;
3858 }
3859 }
3860
3861 reply_outbuf(req, 1, 0);
3862
3863 SSVAL(req->outbuf,smb_vwv0,nwritten);
3864
3865 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3866 fsp->fnum, (int)numtowrite, (int)nwritten));
3867
3868 strict_unlock:
3869 if (numtowrite) {
3870 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3871 }
3872
3873 END_PROFILE(SMBwriteunlock);
3874 return;
3875 }
3876
3877 #undef DBGC_CLASS
3878 #define DBGC_CLASS DBGC_ALL
3879
3880 /****************************************************************************
3881 Reply to a write.
3882 ****************************************************************************/
3883
3884 void reply_write(struct smb_request *req)
3885 {
3886 connection_struct *conn = req->conn;
3887 size_t numtowrite;
3888 ssize_t nwritten = -1;
3889 SMB_OFF_T startpos;
3890 const char *data;
3891 files_struct *fsp;
3892 struct lock_struct lock;
3893 NTSTATUS status;
3894
3895 START_PROFILE(SMBwrite);
3896
3897 if (req->wct < 5) {
3898 END_PROFILE(SMBwrite);
3899 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3900 return;
3901 }
3902
3903 /* If it's an IPC, pass off the pipe handler. */
3904 if (IS_IPC(conn)) {
3905 reply_pipe_write(req);
3906 END_PROFILE(SMBwrite);
3907 return;
3908 }
3909
3910 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3911
3912 if (!check_fsp(conn, req, fsp)) {
3913 END_PROFILE(SMBwrite);
3914 return;
3915 }
3916
3917 if (!CHECK_WRITE(fsp)) {
3918 reply_doserror(req, ERRDOS, ERRbadaccess);
3919 END_PROFILE(SMBwrite);
3920 return;
3921 }
3922
3923 numtowrite = SVAL(req->vwv+1, 0);
3924 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3925 data = (const char *)req->buf + 3;
3926
3927 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3928 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3929 &lock);
3930
3931 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3932 reply_doserror(req, ERRDOS, ERRlock);
3933 END_PROFILE(SMBwrite);
3934 return;
3935 }
3936
3937 /*
3938 * X/Open SMB protocol says that if smb_vwv1 is
3939 * zero then the file size should be extended or
3940 * truncated to the size given in smb_vwv[2-3].
3941 */
3942
3943 if(numtowrite == 0) {
3944 /*
3945 * This is actually an allocate call, and set EOF. JRA.
3946 */
3947 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3948 if (nwritten < 0) {
3949 reply_nterror(req, NT_STATUS_DISK_FULL);
3950 goto strict_unlock;
3951 }
3952 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3953 if (nwritten < 0) {
3954 reply_nterror(req, NT_STATUS_DISK_FULL);
3955 goto strict_unlock;
3956 }
3957 trigger_write_time_update_immediate(fsp);
3958 } else {
3959 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3960 }
3961
3962 status = sync_file(conn, fsp, False);
3963 if (!NT_STATUS_IS_OK(status)) {
3964 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3965 fsp->fsp_name, nt_errstr(status) ));
3966 reply_nterror(req, status);
3967 goto strict_unlock;
3968 }
3969
3970 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3971 reply_unixerror(req, ERRHRD, ERRdiskfull);
3972 goto strict_unlock;
3973 }
3974
3975 reply_outbuf(req, 1, 0);
3976
3977 SSVAL(req->outbuf,smb_vwv0,nwritten);
3978
3979 if (nwritten < (ssize_t)numtowrite) {
3980 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3981 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3982 }
3983
3984 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3985
3986 strict_unlock:
3987 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3988
3989 END_PROFILE(SMBwrite);
3990 return;
3991 }
3992
3993 /****************************************************************************
3994 Ensure a buffer is a valid writeX for recvfile purposes.
3995 ****************************************************************************/
3996
3997 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3998 (2*14) + /* word count (including bcc) */ \
3999 1 /* pad byte */)
4000
4001 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4002 {
4003 size_t numtowrite;
4004 connection_struct *conn = NULL;
4005 unsigned int doff = 0;
4006 size_t len = smb_len_large(inbuf);
4007
4008 if (is_encrypted_packet(inbuf)) {
4009 /* Can't do this on encrypted
4010 * connections. */
4011 return false;
4012 }
4013
4014 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4015 return false;
4016 }
4017
4018 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4019 CVAL(inbuf,smb_wct) != 14) {
4020 DEBUG(10,("is_valid_writeX_buffer: chained or "
4021 "invalid word length.\n"));
4022 return false;
4023 }
4024
4025 conn = conn_find(SVAL(inbuf, smb_tid));
4026 if (conn == NULL) {
4027 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4028 return false;
4029 }
4030 if (IS_IPC(conn)) {
4031 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4032 return false;
4033 }
4034 if (IS_PRINT(conn)) {
4035 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4036 return false;
4037 }
4038 doff = SVAL(inbuf,smb_vwv11);
4039
4040 numtowrite = SVAL(inbuf,smb_vwv10);
4041
4042 if (len > doff && len - doff > 0xFFFF) {
4043 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4044 }
4045
4046 if (numtowrite == 0) {
4047 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4048 return false;
4049 }
4050
4051 /* Ensure the sizes match up. */
4052 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4053 /* no pad byte...old smbclient :-( */
4054 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4055 (unsigned int)doff,
4056 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4057 return false;
4058 }
4059
4060 if (len - doff != numtowrite) {
4061 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4062 "len = %u, doff = %u, numtowrite = %u\n",
4063 (unsigned int)len,
4064 (unsigned int)doff,
4065 (unsigned int)numtowrite ));
4066 return false;
4067 }
4068
4069 DEBUG(10,("is_valid_writeX_buffer: true "
4070 "len = %u, doff = %u, numtowrite = %u\n",
4071 (unsigned int)len,
4072 (unsigned int)doff,
4073 (unsigned int)numtowrite ));
4074
4075 return true;
4076 }
4077
4078 /****************************************************************************
4079 Reply to a write and X.
4080 ****************************************************************************/
4081
4082 void reply_write_and_X(struct smb_request *req)
4083 {
4084 connection_struct *conn = req->conn;
4085 files_struct *fsp;
4086 struct lock_struct lock;
4087 SMB_OFF_T startpos;
4088 size_t numtowrite;
4089 bool write_through;
4090 ssize_t nwritten;
4091 unsigned int smb_doff;
4092 unsigned int smblen;
4093 char *data;
4094 NTSTATUS status;
4095
4096 START_PROFILE(SMBwriteX);
4097
4098 if ((req->wct != 12) && (req->wct != 14)) {
4099 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4100 END_PROFILE(SMBwriteX);
4101 return;
4102 }
4103
4104 numtowrite = SVAL(req->vwv+10, 0);
4105 smb_doff = SVAL(req->vwv+11, 0);
4106 smblen = smb_len(req->inbuf);
4107
4108 if (req->unread_bytes > 0xFFFF ||
4109 (smblen > smb_doff &&
4110 smblen - smb_doff > 0xFFFF)) {
4111 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4112 }
4113
4114 if (req->unread_bytes) {
4115 /* Can't do a recvfile write on IPC$ */
4116 if (IS_IPC(conn)) {
4117 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4118 END_PROFILE(SMBwriteX);
4119 return;
4120 }
4121 if (numtowrite != req->unread_bytes) {
4122 reply_doserror(req, ERRDOS, ERRbadmem);
4123 END_PROFILE(SMBwriteX);
4124 return;
4125 }
4126 } else {
4127 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4128 smb_doff + numtowrite > smblen) {
4129 reply_doserror(req, ERRDOS, ERRbadmem);
4130 END_PROFILE(SMBwriteX);
4131 return;
4132 }
4133 }
4134
4135 /* If it's an IPC, pass off the pipe handler. */
4136 if (IS_IPC(conn)) {
4137 if (req->unread_bytes) {
4138 reply_doserror(req, ERRDOS, ERRbadmem);
4139 END_PROFILE(SMBwriteX);
4140 return;
4141 }
4142 reply_pipe_write_and_X(req);
4143 END_PROFILE(SMBwriteX);
4144 return;
4145 }
4146
4147 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4148 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4149 write_through = BITSETW(req->vwv+7,0);
4150
4151 if (!check_fsp(conn, req, fsp)) {
4152 END_PROFILE(SMBwriteX);
4153 return;
4154 }
4155
4156 if (!CHECK_WRITE(fsp)) {
4157 reply_doserror(req, ERRDOS, ERRbadaccess);
4158 END_PROFILE(SMBwriteX);
4159 return;
4160 }
4161
4162 data = smb_base(req->inbuf) + smb_doff;
4163
4164 if(req->wct == 14) {
4165 #ifdef LARGE_SMB_OFF_T
4166 /*
4167 * This is a large offset (64 bit) write.
4168 */
4169 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4170
4171 #else /* !LARGE_SMB_OFF_T */
4172
4173 /*
4174 * Ensure we haven't been sent a >32 bit offset.
4175 */
4176
4177 if(IVAL(req->vwv+12, 0) != 0) {
4178 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4179 "used and we don't support 64 bit offsets.\n",
4180 (unsigned int)IVAL(req->vwv+12, 0) ));
4181 reply_doserror(req, ERRDOS, ERRbadaccess);
4182 END_PROFILE(SMBwriteX);
4183 return;
4184 }
4185
4186 #endif /* LARGE_SMB_OFF_T */
4187 }
4188
4189 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4190 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4191 &lock);
4192
4193 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4194 reply_doserror(req, ERRDOS, ERRlock);
4195 END_PROFILE(SMBwriteX);
4196 return;
4197 }
4198
4199 /* X/Open SMB protocol says that, unlike SMBwrite
4200 if the length is zero then NO truncation is
4201 done, just a write of zero. To truncate a file,
4202 use SMBwrite. */
4203
4204 if(numtowrite == 0) {
4205 nwritten = 0;
4206 } else {
4207
4208 if ((req->unread_bytes == 0) &&
4209 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4210 numtowrite)) {
4211 goto strict_unlock;
4212 }
4213
4214 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4215 }
4216
4217 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4218 reply_unixerror(req, ERRHRD, ERRdiskfull);
4219 goto strict_unlock;
4220 }
4221
4222 reply_outbuf(req, 6, 0);
4223 SSVAL(req->outbuf,smb_vwv2,nwritten);
4224 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4225
4226 if (nwritten < (ssize_t)numtowrite) {
4227 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4228 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4229 }
4230
4231 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4232 fsp->fnum, (int)numtowrite, (int)nwritten));
4233
4234 status = sync_file(conn, fsp, write_through);
4235 if (!NT_STATUS_IS_OK(status)) {
4236 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4237 fsp->fsp_name, nt_errstr(status) ));
4238 reply_nterror(req, status);
4239 goto strict_unlock;
4240 }
4241
4242 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4243
4244 END_PROFILE(SMBwriteX);
4245 chain_reply(req);
4246 return;
4247
4248 strict_unlock:
4249 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4250
4251 END_PROFILE(SMBwriteX);
4252 return;
4253 }
4254
4255 /****************************************************************************
4256 Reply to a lseek.
4257 ****************************************************************************/
4258
4259 void reply_lseek(struct smb_request *req)
4260 {
4261 connection_struct *conn = req->conn;
4262 SMB_OFF_T startpos;
4263 SMB_OFF_T res= -1;
4264 int mode,umode;
4265 files_struct *fsp;
4266
4267 START_PROFILE(SMBlseek);
4268
4269 if (req->wct < 4) {
4270 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4271 END_PROFILE(SMBlseek);
4272 return;
4273 }
4274
4275 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4276
4277 if (!check_fsp(conn, req, fsp)) {
4278 return;
4279 }
4280
4281 flush_write_cache(fsp, SEEK_FLUSH);
4282
4283 mode = SVAL(req->vwv+1, 0) & 3;
4284 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4285 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4286
4287 switch (mode) {
4288 case 0:
4289 umode = SEEK_SET;
4290 res = startpos;
4291 break;
4292 case 1:
4293 umode = SEEK_CUR;
4294 res = fsp->fh->pos + startpos;
4295 break;
4296 case 2:
4297 umode = SEEK_END;
4298 break;
4299 default:
4300 umode = SEEK_SET;
4301 res = startpos;
4302 break;
4303 }
4304
4305 if (umode == SEEK_END) {
4306 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4307 if(errno == EINVAL) {
4308 SMB_OFF_T current_pos = startpos;
4309 SMB_STRUCT_STAT sbuf;
4310
4311 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4312 reply_unixerror(req, ERRDOS,
4313 ERRnoaccess);
4314 END_PROFILE(SMBlseek);
4315 return;
4316 }
4317
4318 current_pos += sbuf.st_size;
4319 if(current_pos < 0)
4320 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4321 }
4322 }
4323
4324 if(res == -1) {
4325 reply_unixerror(req, ERRDOS, ERRnoaccess);
4326 END_PROFILE(SMBlseek);
4327 return;
4328 }
4329 }
4330
4331 fsp->fh->pos = res;
4332
4333 reply_outbuf(req, 2, 0);
4334 SIVAL(req->outbuf,smb_vwv0,res);
4335
4336 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4337 fsp->fnum, (double)startpos, (double)res, mode));
4338
4339 END_PROFILE(SMBlseek);
4340 return;
4341 }
4342
4343 /****************************************************************************
4344 Reply to a flush.
4345 ****************************************************************************/
4346
4347 void reply_flush(struct smb_request *req)
4348 {
4349 connection_struct *conn = req->conn;
4350 uint16 fnum;
4351 files_struct *fsp;
4352
4353 START_PROFILE(SMBflush);
4354
4355 if (req->wct < 1) {
4356 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4357 return;
4358 }
4359
4360 fnum = SVAL(req->vwv+0, 0);
4361 fsp = file_fsp(req, fnum);
4362
4363 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4364 return;
4365 }
4366
4367 if (!fsp) {
4368 file_sync_all(conn);
4369 } else {
4370 NTSTATUS status = sync_file(conn, fsp, True);
4371 if (!NT_STATUS_IS_OK(status)) {
4372 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4373 fsp->fsp_name, nt_errstr(status) ));
4374 reply_nterror(req, status);
4375 END_PROFILE(SMBflush);
4376 return;
4377 }
4378 }
4379
4380 reply_outbuf(req, 0, 0);
4381
4382 DEBUG(3,("flush\n"));
4383 END_PROFILE(SMBflush);
4384 return;
4385 }
4386
4387 /****************************************************************************
4388 Reply to a exit.
4389 conn POINTER CAN BE NULL HERE !
4390 ****************************************************************************/
4391
4392 void reply_exit(struct smb_request *req)
4393 {
4394 START_PROFILE(SMBexit);
4395
4396 file_close_pid(req->smbpid, req->vuid);
4397
4398 reply_outbuf(req, 0, 0);
4399
4400 DEBUG(3,("exit\n"));
4401
4402 END_PROFILE(SMBexit);
4403 return;
4404 }
4405
4406 /****************************************************************************
4407 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4408 ****************************************************************************/
4409
4410 void reply_close(struct smb_request *req)
4411 {
4412 connection_struct *conn = req->conn;
4413 NTSTATUS status = NT_STATUS_OK;
4414 files_struct *fsp = NULL;
4415 START_PROFILE(SMBclose);
4416
4417 if (req->wct < 3) {
4418 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4419 END_PROFILE(SMBclose);
4420 return;
4421 }
4422
4423 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4424
4425 /*
4426 * We can only use check_fsp if we know it's not a directory.
4427 */
4428
4429 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4430 reply_doserror(req, ERRDOS, ERRbadfid);
4431 END_PROFILE(SMBclose);
4432 return;
4433 }
4434
4435 if(fsp->is_directory) {
4436 /*
4437 * Special case - close NT SMB directory handle.
4438 */
4439 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4440 status = close_file(req, fsp, NORMAL_CLOSE);
4441 } else {
4442 time_t t;
4443 /*
4444 * Close ordinary file.
4445 */
4446
4447 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4448 fsp->fh->fd, fsp->fnum,
4449 conn->num_files_open));
4450
4451 /*
4452 * Take care of any time sent in the close.
4453 */
4454
4455 t = srv_make_unix_date3(req->vwv+1);
4456 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4457
4458 /*
4459 * close_file() returns the unix errno if an error
4460 * was detected on close - normally this is due to
4461 * a disk full error. If not then it was probably an I/O error.
4462 */
4463
4464 status = close_file(req, fsp, NORMAL_CLOSE);
4465 }
4466
4467 if (!NT_STATUS_IS_OK(status)) {
4468 reply_nterror(req, status);
4469 END_PROFILE(SMBclose);
4470 return;
4471 }
4472
4473 reply_outbuf(req, 0, 0);
4474 END_PROFILE(SMBclose);
4475 return;
4476 }
4477
4478 /****************************************************************************
4479 Reply to a writeclose (Core+ protocol).
4480 ****************************************************************************/
4481
4482 void reply_writeclose(struct smb_request *req)
4483 {
4484 connection_struct *conn = req->conn;
4485 size_t numtowrite;
4486 ssize_t nwritten = -1;
4487 NTSTATUS close_status = NT_STATUS_OK;
4488 SMB_OFF_T startpos;
4489 const char *data;
4490 struct timespec mtime;
4491 files_struct *fsp;
4492 struct lock_struct lock;
4493
4494 START_PROFILE(SMBwriteclose);
4495
4496 if (req->wct < 6) {
4497 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4498 END_PROFILE(SMBwriteclose);
4499 return;
4500 }
4501
4502 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4503
4504 if (!check_fsp(conn, req, fsp)) {
4505 END_PROFILE(SMBwriteclose);
4506 return;
4507 }
4508 if (!CHECK_WRITE(fsp)) {
4509 reply_doserror(req, ERRDOS,ERRbadaccess);
4510 END_PROFILE(SMBwriteclose);
4511 return;
4512 }
4513
4514 numtowrite = SVAL(req->vwv+1, 0);
4515 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4516 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4517 data = (const char *)req->buf + 1;
4518
4519 if (numtowrite) {
4520 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4521 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4522 &lock);
4523
4524 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4525 reply_doserror(req, ERRDOS,ERRlock);
4526 END_PROFILE(SMBwriteclose);
4527 return;
4528 }
4529 }
4530
4531 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4532
4533 set_close_write_time(fsp, mtime);
4534
4535 /*
4536 * More insanity. W2K only closes the file if writelen > 0.
4537 * JRA.
4538 */
4539
4540 if (numtowrite) {
4541 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4542 fsp->fsp_name ));
4543 close_status = close_file(req, fsp, NORMAL_CLOSE);
4544 }
4545
4546 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4547 fsp->fnum, (int)numtowrite, (int)nwritten,
4548 conn->num_files_open));
4549
4550 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4551 reply_doserror(req, ERRHRD, ERRdiskfull);
4552 goto strict_unlock;
4553 }
4554
4555 if(!NT_STATUS_IS_OK(close_status)) {
4556 reply_nterror(req, close_status);
4557 goto strict_unlock;
4558 }
4559
4560 reply_outbuf(req, 1, 0);
4561
4562 SSVAL(req->outbuf,smb_vwv0,nwritten);
4563
4564 strict_unlock:
4565 if (numtowrite) {
4566 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4567 }
4568
4569 END_PROFILE(SMBwriteclose);
4570 return;
4571 }
4572
4573 #undef DBGC_CLASS
4574 #define DBGC_CLASS DBGC_LOCKING
4575
4576 /****************************************************************************
4577 Reply to a lock.
4578 ****************************************************************************/
4579
4580 void reply_lock(struct smb_request *req)
4581 {
4582 connection_struct *conn = req->conn;
4583 uint64_t count,offset;
4584 NTSTATUS status;
4585 files_struct *fsp;
4586 struct byte_range_lock *br_lck = NULL;
4587
4588 START_PROFILE(SMBlock);
4589
4590 if (req->wct < 5) {
4591 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4592 END_PROFILE(SMBlock);
4593 return;
4594 }
4595
4596 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4597
4598 if (!check_fsp(conn, req, fsp)) {
4599 END_PROFILE(SMBlock);
4600 return;
4601 }
4602
4603 count = (uint64_t)IVAL(req->vwv+1, 0);
4604 offset = (uint64_t)IVAL(req->vwv+3, 0);
4605
4606 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4607 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4608
4609 br_lck = do_lock(smbd_messaging_context(),
4610 fsp,
4611 req->smbpid,
4612 count,
4613 offset,
4614 WRITE_LOCK,
4615 WINDOWS_LOCK,
4616 False, /* Non-blocking lock. */
4617 &status,
4618 NULL,
4619 NULL);
4620
4621 TALLOC_FREE(br_lck);
4622
4623 if (NT_STATUS_V(status)) {
4624 reply_nterror(req, status);
4625 END_PROFILE(SMBlock);
4626 return;
4627 }
4628
4629 reply_outbuf(req, 0, 0);
4630
4631 END_PROFILE(SMBlock);
4632 return;
4633 }
4634
4635 /****************************************************************************
4636 Reply to a unlock.
4637 ****************************************************************************/
4638
4639 void reply_unlock(struct smb_request *req)
4640 {
4641 connection_struct *conn = req->conn;
4642 uint64_t count,offset;
4643 NTSTATUS status;
4644 files_struct *fsp;
4645
4646 START_PROFILE(SMBunlock);
4647
4648 if (req->wct < 5) {
4649 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4650 END_PROFILE(SMBunlock);
4651 return;
4652 }
4653
4654 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4655
4656 if (!check_fsp(conn, req, fsp)) {
4657 END_PROFILE(SMBunlock);
4658 return;
4659 }
4660
4661 count = (uint64_t)IVAL(req->vwv+1, 0);
4662 offset = (uint64_t)IVAL(req->vwv+3, 0);
4663
4664 status = do_unlock(smbd_messaging_context(),
4665 fsp,
4666 req->smbpid,
4667 count,
4668 offset,
4669 WINDOWS_LOCK);
4670
4671 if (NT_STATUS_V(status)) {
4672 reply_nterror(req, status);
4673 END_PROFILE(SMBunlock);
4674 return;
4675 }
4676
4677 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4678 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4679
4680 reply_outbuf(req, 0, 0);
4681
4682 END_PROFILE(SMBunlock);
4683 return;
4684 }
4685
4686 #undef DBGC_CLASS
4687 #define DBGC_CLASS DBGC_ALL
4688
4689 /****************************************************************************
4690 Reply to a tdis.
4691 conn POINTER CAN BE NULL HERE !
4692 ****************************************************************************/
4693
4694 void reply_tdis(struct smb_request *req)
4695 {
4696 connection_struct *conn = req->conn;
4697 START_PROFILE(SMBtdis);
4698
4699 if (!conn) {
4700 DEBUG(4,("Invalid connection in tdis\n"));
4701 reply_doserror(req, ERRSRV, ERRinvnid);
4702 END_PROFILE(SMBtdis);
4703 return;
4704 }
4705
4706 conn->used = False;
4707
4708 close_cnum(conn,req->vuid);
4709 req->conn = NULL;
4710
4711 reply_outbuf(req, 0, 0);
4712 END_PROFILE(SMBtdis);
4713 return;
4714 }
4715
4716 /****************************************************************************
4717 Reply to a echo.
4718 conn POINTER CAN BE NULL HERE !
4719 ****************************************************************************/
4720
4721 void reply_echo(struct smb_request *req)
4722 {
4723 connection_struct *conn = req->conn;
4724 struct smb_perfcount_data local_pcd;
4725 struct smb_perfcount_data *cur_pcd;
4726 int smb_reverb;
4727 int seq_num;
4728
4729 START_PROFILE(SMBecho);
4730
4731 smb_init_perfcount_data(&local_pcd);
4732
4733 if (req->wct < 1) {
4734 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4735 END_PROFILE(SMBecho);
4736 return;
4737 }
4738
4739 smb_reverb = SVAL(req->vwv+0, 0);
4740
4741 reply_outbuf(req, 1, req->buflen);
4742
4743 /* copy any incoming data back out */
4744 if (req->buflen > 0) {
4745 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4746 }
4747
4748 if (smb_reverb > 100) {
4749 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4750 smb_reverb = 100;
4751 }
4752
4753 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4754
4755 /* this makes sure we catch the request pcd */
4756 if (seq_num == smb_reverb) {
4757 cur_pcd = &req->pcd;
4758 } else {
4759 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4760 cur_pcd = &local_pcd;
4761 }
4762
4763 SSVAL(req->outbuf,smb_vwv0,seq_num);
4764
4765 show_msg((char *)req->outbuf);
4766 if (!srv_send_smb(smbd_server_fd(),
4767 (char *)req->outbuf,
4768 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4769 cur_pcd))
4770 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4771 }
4772
4773 DEBUG(3,("echo %d times\n", smb_reverb));
4774
4775 TALLOC_FREE(req->outbuf);
4776
4777 END_PROFILE(SMBecho);
4778 return;
4779 }
4780
4781 /****************************************************************************
4782 Reply to a printopen.
4783 ****************************************************************************/
4784
4785 void reply_printopen(struct smb_request *req)
4786 {
4787 connection_struct *conn = req->conn;
4788 files_struct *fsp;
4789 SMB_STRUCT_STAT sbuf;
4790 NTSTATUS status;
4791
4792 START_PROFILE(SMBsplopen);
4793
4794 if (req->wct < 2) {
4795 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4796 END_PROFILE(SMBsplopen);
4797 return;
4798 }
4799
4800 if (!CAN_PRINT(conn)) {
4801 reply_doserror(req, ERRDOS, ERRnoaccess);
4802 END_PROFILE(SMBsplopen);
4803 return;
4804 }
4805
4806 status = file_new(req, conn, &fsp);
4807 if(!NT_STATUS_IS_OK(status)) {
4808 reply_nterror(req, status);
4809 END_PROFILE(SMBsplopen);
4810 return;
4811 }
4812
4813 /* Open for exclusive use, write only. */
4814 status = print_fsp_open(req, conn, NULL, req->vuid, fsp, &sbuf);
4815
4816 if (!NT_STATUS_IS_OK(status)) {
4817 reply_nterror(req, status);
4818 END_PROFILE(SMBsplopen);
4819 return;
4820 }
4821
4822 reply_outbuf(req, 1, 0);
4823 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4824
4825 DEBUG(3,("openprint fd=%d fnum=%d\n",
4826 fsp->fh->fd, fsp->fnum));
4827
4828 END_PROFILE(SMBsplopen);
4829 return;
4830 }
4831
4832 /****************************************************************************
4833 Reply to a printclose.
4834 ****************************************************************************/
4835
4836 void reply_printclose(struct smb_request *req)
4837 {
4838 connection_struct *conn = req->conn;
4839 files_struct *fsp;
4840 NTSTATUS status;
4841
4842 START_PROFILE(SMBsplclose);
4843
4844 if (req->wct < 1) {
4845 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4846 END_PROFILE(SMBsplclose);
4847 return;
4848 }
4849
4850 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4851
4852 if (!check_fsp(conn, req, fsp)) {
4853 END_PROFILE(SMBsplclose);
4854 return;
4855 }
4856
4857 if (!CAN_PRINT(conn)) {
4858 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4859 END_PROFILE(SMBsplclose);
4860 return;
4861 }
4862
4863 DEBUG(3,("printclose fd=%d fnum=%d\n",
4864 fsp->fh->fd,fsp->fnum));
4865
4866 status = close_file(req, fsp, NORMAL_CLOSE);
4867
4868 if(!NT_STATUS_IS_OK(status)) {
4869 reply_nterror(req, status);
4870 END_PROFILE(SMBsplclose);
4871 return;
4872 }
4873
4874 reply_outbuf(req, 0, 0);
4875
4876 END_PROFILE(SMBsplclose);
4877 return;
4878 }
4879
4880 /****************************************************************************
4881 Reply to a printqueue.
4882 ****************************************************************************/
4883
4884 void reply_printqueue(struct smb_request *req)
4885 {
4886 connection_struct *conn = req->conn;
4887 int max_count;
4888 int start_index;
4889
4890 START_PROFILE(SMBsplretq);
4891
4892 if (req->wct < 2) {
4893 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4894 END_PROFILE(SMBsplretq);
4895 return;
4896 }
4897
4898 max_count = SVAL(req->vwv+0, 0);
4899 start_index = SVAL(req->vwv+1, 0);
4900
4901 /* we used to allow the client to get the cnum wrong, but that
4902 is really quite gross and only worked when there was only
4903 one printer - I think we should now only accept it if they
4904 get it right (tridge) */
4905 if (!CAN_PRINT(conn)) {
4906 reply_doserror(req, ERRDOS, ERRnoaccess);
4907 END_PROFILE(SMBsplretq);
4908 return;
4909 }
4910
4911 reply_outbuf(req, 2, 3);
4912 SSVAL(req->outbuf,smb_vwv0,0);
4913 SSVAL(req->outbuf,smb_vwv1,0);
4914 SCVAL(smb_buf(req->outbuf),0,1);
4915 SSVAL(smb_buf(req->outbuf),1,0);
4916
4917 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4918 start_index, max_count));
4919
4920 {
4921 print_queue_struct *queue = NULL;
4922 print_status_struct status;
4923 int count = print_queue_status(SNUM(conn), &queue, &status);
4924 int num_to_get = ABS(max_count);
4925 int first = (max_count>0?start_index:start_index+max_count+1);
4926 int i;
4927
4928 if (first >= count)
4929 num_to_get = 0;
4930 else
4931 num_to_get = MIN(num_to_get,count-first);
4932
4933
4934 for (i=first;i<first+num_to_get;i++) {
4935 char blob[28];
4936 char *p = blob;
4937
4938 srv_put_dos_date2(p,0,queue[i].time);
4939 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4940 SSVAL(p,5, queue[i].job);
4941 SIVAL(p,7,queue[i].size);
4942 SCVAL(p,11,0);
4943 srvstr_push(blob, req->flags2, p+12,
4944 queue[i].fs_user, 16, STR_ASCII);
4945
4946 if (message_push_blob(
4947 &req->outbuf,
4948 data_blob_const(
4949 blob, sizeof(blob))) == -1) {
4950 reply_nterror(req, NT_STATUS_NO_MEMORY);
4951 END_PROFILE(SMBsplretq);
4952 return;
4953 }
4954 }
4955
4956 if (count > 0) {
4957 SSVAL(req->outbuf,smb_vwv0,count);
4958 SSVAL(req->outbuf,smb_vwv1,
4959 (max_count>0?first+count:first-1));
4960 SCVAL(smb_buf(req->outbuf),0,1);
4961 SSVAL(smb_buf(req->outbuf),1,28*count);
4962 }
4963
4964 SAFE_FREE(queue);
4965
4966 DEBUG(3,("%d entries returned in queue\n",count));
4967 }
4968
4969 END_PROFILE(SMBsplretq);
4970 return;
4971 }
4972
4973 /****************************************************************************
4974 Reply to a printwrite.
4975 ****************************************************************************/
4976
4977 void reply_printwrite(struct smb_request *req)
4978 {
4979 connection_struct *conn = req->conn;
4980 int numtowrite;
4981 const char *data;
4982 files_struct *fsp;
4983
4984 START_PROFILE(SMBsplwr);
4985
4986 if (req->wct < 1) {
4987 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4988 END_PROFILE(SMBsplwr);
4989 return;
4990 }
4991
4992 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4993
4994 if (!check_fsp(conn, req, fsp)) {
4995 END_PROFILE(SMBsplwr);
4996 return;
4997 }
4998
4999 if (!CAN_PRINT(conn)) {
5000 reply_doserror(req, ERRDOS, ERRnoaccess);
5001 END_PROFILE(SMBsplwr);
5002 return;
5003 }
5004
5005 if (!CHECK_WRITE(fsp)) {
5006 reply_doserror(req, ERRDOS, ERRbadaccess);
5007 END_PROFILE(SMBsplwr);
5008 return;
5009 }
5010
5011 numtowrite = SVAL(req->buf, 1);
5012
5013 if (req->buflen < numtowrite + 3) {
5014 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5015 END_PROFILE(SMBsplwr);
5016 return;
5017 }
5018
5019 data = (const char *)req->buf + 3;
5020
5021 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5022 reply_unixerror(req, ERRHRD, ERRdiskfull);
5023 END_PROFILE(SMBsplwr);
5024 return;
5025 }
5026
5027 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5028
5029 END_PROFILE(SMBsplwr);
5030 return;
5031 }
5032
5033 /****************************************************************************
5034 Reply to a mkdir.
5035 ****************************************************************************/
5036
5037 void reply_mkdir(struct smb_request *req)
5038 {
5039 connection_struct *conn = req->conn;
5040 char *directory = NULL;
5041 NTSTATUS status;
5042 SMB_STRUCT_STAT sbuf;
5043 TALLOC_CTX *ctx = talloc_tos();
5044
5045 START_PROFILE(SMBmkdir);
5046
5047 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5048 STR_TERMINATE, &status);
5049 if (!NT_STATUS_IS_OK(status)) {
5050 reply_nterror(req, status);
5051 END_PROFILE(SMBmkdir);
5052 return;
5053 }
5054
5055 status = resolve_dfspath(ctx, conn,
5056 req->flags2 & FLAGS2_DFS_PATHNAMES,
5057 directory,
5058 &directory);
5059 if (!NT_STATUS_IS_OK(status)) {
5060 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5061 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5062 ERRSRV, ERRbadpath);
5063 END_PROFILE(SMBmkdir);
5064 return;
5065 }
5066 reply_nterror(req, status);
5067 END_PROFILE(SMBmkdir);
5068 return;
5069 }
5070
5071 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
5072 if (!NT_STATUS_IS_OK(status)) {
5073 reply_nterror(req, status);
5074 END_PROFILE(SMBmkdir);
5075 return;
5076 }
5077
5078 status = check_name(conn, directory);
5079 if (!NT_STATUS_IS_OK(status)) {
5080 reply_nterror(req, status);
5081 END_PROFILE(SMBmkdir);
5082 return;
5083 }
5084
5085 status = create_directory(conn, req, directory);
5086
5087 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5088
5089 if (!NT_STATUS_IS_OK(status)) {
5090
5091 if (!use_nt_status()
5092 && NT_STATUS_EQUAL(status,
5093 NT_STATUS_OBJECT_NAME_COLLISION)) {
5094 /*
5095 * Yes, in the DOS error code case we get a
5096 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5097 * samba4 torture test.
5098 */
5099 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5100 }
5101
5102 reply_nterror(req, status);
5103 END_PROFILE(SMBmkdir);
5104 return;
5105 }
5106
5107 reply_outbuf(req, 0, 0);
5108
5109 DEBUG( 3, ( "mkdir %s\n", directory ) );
5110
5111 END_PROFILE(SMBmkdir);
5112 return;
5113 }
5114
5115 /****************************************************************************
5116 Static function used by reply_rmdir to delete an entire directory
5117 tree recursively. Return True on ok, False on fail.
5118 ****************************************************************************/
5119
5120 static bool recursive_rmdir(TALLOC_CTX *ctx,
5121 connection_struct *conn,
5122 char *directory)
5123 {
5124 const char *dname = NULL;
5125 bool ret = True;
5126 long offset = 0;
5127 SMB_STRUCT_STAT st;
5128 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
5129 NULL, 0);
5130
5131 if(dir_hnd == NULL)
5132 return False;
5133
5134 while((dname = ReadDirName(dir_hnd, &offset, &st))) {
5135 char *fullname = NULL;
5136
5137 if (ISDOT(dname) || ISDOTDOT(dname)) {
5138 continue;
5139 }
5140
5141 if (!is_visible_file(conn, directory, dname, &st, False)) {
5142 continue;
5143 }
5144
5145 /* Construct the full name. */
5146 fullname = talloc_asprintf(ctx,
5147 "%s/%s",
5148 directory,
5149 dname);
5150 if (!fullname) {
5151 errno = ENOMEM;
5152 ret = False;
5153 break;
5154 }
5155
5156 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5157 ret = False;
5158 break;
5159 }
5160
5161 if(st.st_mode & S_IFDIR) {
5162 if(!recursive_rmdir(ctx, conn, fullname)) {
5163 ret = False;
5164 break;
5165 }
5166 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5167 ret = False;
5168 break;
5169 }
5170 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5171 ret = False;
5172 break;
5173 }
5174 TALLOC_FREE(fullname);
5175 }
5176 TALLOC_FREE(dir_hnd);
5177 return ret;
5178 }
5179
5180 /****************************************************************************
5181 The internals of the rmdir code - called elsewhere.
5182 ****************************************************************************/
5183
5184 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5185 connection_struct *conn,
5186 const char *directory)
5187 {
5188 int ret;
5189 SMB_STRUCT_STAT st;
5190
5191 /* Might be a symlink. */
5192 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
5193 return map_nt_error_from_unix(errno);
5194 }
5195
5196 if (S_ISLNK(st.st_mode)) {
5197 /* Is what it points to a directory ? */
5198 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
5199 return map_nt_error_from_unix(errno);
5200 }
5201 if (!(S_ISDIR(st.st_mode))) {
5202 return NT_STATUS_NOT_A_DIRECTORY;
5203 }
5204 ret = SMB_VFS_UNLINK(conn,directory);
5205 } else {
5206 ret = SMB_VFS_RMDIR(conn,directory);
5207 }
5208 if (ret == 0) {
5209 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5210 FILE_NOTIFY_CHANGE_DIR_NAME,
5211 directory);
5212 return NT_STATUS_OK;
5213 }
5214
5215 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5216 /*
5217 * Check to see if the only thing in this directory are
5218 * vetoed files/directories. If so then delete them and
5219 * retry. If we fail to delete any of them (and we *don't*
5220 * do a recursive delete) then fail the rmdir.
5221 */
5222 const char *dname;
5223 long dirpos = 0;
5224 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5225 directory, NULL, 0);
5226
5227 if(dir_hnd == NULL) {
5228 errno = ENOTEMPTY;
5229 goto err;
5230 }
5231
5232 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5233 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5234 continue;
5235 if (!is_visible_file(conn, directory, dname, &st, False))
5236 continue;
5237 if(!IS_VETO_PATH(conn, dname)) {
5238 TALLOC_FREE(dir_hnd);
5239 errno = ENOTEMPTY;
5240 goto err;
5241 }
5242 }
5243
5244 /* We only have veto files/directories.
5245 * Are we allowed to delete them ? */
5246
5247 if(!lp_recursive_veto_delete(SNUM(conn))) {
5248 TALLOC_FREE(dir_hnd);
5249 errno = ENOTEMPTY;
5250 goto err;
5251 }
5252
5253 /* Do a recursive delete. */
5254 RewindDir(dir_hnd,&dirpos);
5255 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5256 char *fullname = NULL;
5257
5258 if (ISDOT(dname) || ISDOTDOT(dname)) {
5259 continue;
5260 }
5261 if (!is_visible_file(conn, directory, dname, &st, False)) {
5262 continue;
5263 }
5264
5265 fullname = talloc_asprintf(ctx,
5266 "%s/%s",
5267 directory,
5268 dname);
5269
5270 if(!fullname) {
5271 errno = ENOMEM;
5272 break;
5273 }
5274
5275 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5276 break;
5277 }
5278 if(st.st_mode & S_IFDIR) {
5279 if(!recursive_rmdir(ctx, conn, fullname)) {
5280 break;
5281 }
5282 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5283 break;
5284 }
5285 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5286 break;
5287 }
5288 TALLOC_FREE(fullname);
5289 }
5290 TALLOC_FREE(dir_hnd);
5291 /* Retry the rmdir */
5292 ret = SMB_VFS_RMDIR(conn,directory);
5293 }
5294
5295 err:
5296
5297 if (ret != 0) {
5298 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5299 "%s\n", directory,strerror(errno)));
5300 return map_nt_error_from_unix(errno);
5301 }
5302
5303 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5304 FILE_NOTIFY_CHANGE_DIR_NAME,
5305 directory);
5306
5307 return NT_STATUS_OK;
5308 }
5309
5310 /****************************************************************************
5311 Reply to a rmdir.
5312 ****************************************************************************/
5313
5314 void reply_rmdir(struct smb_request *req)
5315 {
5316 connection_struct *conn = req->conn;
5317 char *directory = NULL;
5318 SMB_STRUCT_STAT sbuf;
5319 NTSTATUS status;
5320 TALLOC_CTX *ctx = talloc_tos();
5321
5322 START_PROFILE(SMBrmdir);
5323
5324 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5325 STR_TERMINATE, &status);
5326 if (!NT_STATUS_IS_OK(status)) {
5327 reply_nterror(req, status);
5328 END_PROFILE(SMBrmdir);
5329 return;
5330 }
5331
5332 status = resolve_dfspath(ctx, conn,
5333 req->flags2 & FLAGS2_DFS_PATHNAMES,
5334 directory,
5335 &directory);
5336 if (!NT_STATUS_IS_OK(status)) {
5337 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5338 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5339 ERRSRV, ERRbadpath);
5340 END_PROFILE(SMBrmdir);
5341 return;
5342 }
5343 reply_nterror(req, status);
5344 END_PROFILE(SMBrmdir);
5345 return;
5346 }
5347
5348 status = unix_convert(ctx, conn, directory, False, &directory,
5349 NULL, &sbuf);
5350 if (!NT_STATUS_IS_OK(status)) {
5351 reply_nterror(req, status);
5352 END_PROFILE(SMBrmdir);
5353 return;
5354 }
5355
5356 status = check_name(conn, directory);
5357 if (!NT_STATUS_IS_OK(status)) {
5358 reply_nterror(req, status);
5359 END_PROFILE(SMBrmdir);
5360 return;
5361 }
5362
5363 dptr_closepath(directory, req->smbpid);
5364 status = rmdir_internals(ctx, conn, directory);
5365 if (!NT_STATUS_IS_OK(status)) {
5366 reply_nterror(req, status);
5367 END_PROFILE(SMBrmdir);
5368 return;
5369 }
5370
5371 reply_outbuf(req, 0, 0);
5372
5373 DEBUG( 3, ( "rmdir %s\n", directory ) );
5374
5375 END_PROFILE(SMBrmdir);
5376 return;
5377 }
5378
5379 /*******************************************************************
5380 Resolve wildcards in a filename rename.
5381 ********************************************************************/
5382
5383 static bool resolve_wildcards(TALLOC_CTX *ctx,
5384 const char *name1,
5385 const char *name2,
5386 char **pp_newname)
5387 {
5388 char *name2_copy = NULL;
5389 char *root1 = NULL;
5390 char *root2 = NULL;
5391 char *ext1 = NULL;
5392 char *ext2 = NULL;
5393 char *p,*p2, *pname1, *pname2;
5394
5395 name2_copy = talloc_strdup(ctx, name2);
5396 if (!name2_copy) {
5397 return False;
5398 }
5399
5400 pname1 = strrchr_m(name1,'/');
5401 pname2 = strrchr_m(name2_copy,'/');
5402
5403 if (!pname1 || !pname2) {
5404 return False;
5405 }
5406
5407 /* Truncate the copy of name2 at the last '/' */
5408 *pname2 = '\0';
5409
5410 /* Now go past the '/' */
5411 pname1++;
5412 pname2++;
5413
5414 root1 = talloc_strdup(ctx, pname1);
5415 root2 = talloc_strdup(ctx, pname2);
5416
5417 if (!root1 || !root2) {
5418 return False;
5419 }
5420
5421 p = strrchr_m(root1,'.');
5422 if (p) {
5423 *p = 0;
5424 ext1 = talloc_strdup(ctx, p+1);
5425 } else {
5426 ext1 = talloc_strdup(ctx, "");
5427 }
5428 p = strrchr_m(root2,'.');
5429 if (p) {
5430 *p = 0;
5431 ext2 = talloc_strdup(ctx, p+1);
5432 } else {
5433 ext2 = talloc_strdup(ctx, "");
5434 }
5435
5436 if (!ext1 || !ext2) {
5437 return False;
5438 }
5439
5440 p = root1;
5441 p2 = root2;
5442 while (*p2) {
5443 if (*p2 == '?') {
5444 /* Hmmm. Should this be mb-aware ? */
5445 *p2 = *p;
5446 p2++;
5447 } else if (*p2 == '*') {
5448 *p2 = '\0';
5449 root2 = talloc_asprintf(ctx, "%s%s",
5450 root2,
5451 p);
5452 if (!root2) {
5453 return False;
5454 }
5455 break;
5456 } else {
5457 p2++;
5458 }
5459 if (*p) {
5460 p++;
5461 }
5462 }
5463
5464 p = ext1;
5465 p2 = ext2;
5466 while (*p2) {
5467 if (*p2 == '?') {
5468 /* Hmmm. Should this be mb-aware ? */
5469 *p2 = *p;
5470 p2++;
5471 } else if (*p2 == '*') {
5472 *p2 = '\0';
5473 ext2 = talloc_asprintf(ctx, "%s%s",
5474 ext2,
5475 p);
5476 if (!ext2) {
5477 return False;
5478 }
5479 break;
5480 } else {
5481 p2++;
5482 }
5483 if (*p) {
5484 p++;
5485 }
5486 }
5487
5488 if (*ext2) {
5489 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5490 name2_copy,
5491 root2,
5492 ext2);
5493 } else {
5494 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5495 name2_copy,
5496 root2);
5497 }
5498
5499 if (!*pp_newname) {
5500 return False;
5501 }
5502
5503 return True;
5504 }
5505
5506 /****************************************************************************
5507 Ensure open files have their names updated. Updated to notify other smbd's
5508 asynchronously.
5509 ****************************************************************************/
5510
5511 static void rename_open_files(connection_struct *conn,
5512 struct share_mode_lock *lck,
5513 const char *newname)
5514 {
5515 files_struct *fsp;
5516 bool did_rename = False;
5517
5518 for(fsp = file_find_di_first(lck->id); fsp;
5519 fsp = file_find_di_next(fsp)) {
5520 /* fsp_name is a relative path under the fsp. To change this for other
5521 sharepaths we need to manipulate relative paths. */
5522 /* TODO - create the absolute path and manipulate the newname
5523 relative to the sharepath. */
5524 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5525 continue;
5526 }
5527 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5528 fsp->fnum, file_id_string_tos(&fsp->file_id),
5529 fsp->fsp_name, newname ));
5530 string_set(&fsp->fsp_name, newname);
5531 did_rename = True;
5532 }
5533
5534 if (!did_rename) {
5535 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5536 file_id_string_tos(&lck->id), newname ));
5537 }
5538
5539 /* Send messages to all smbd's (not ourself) that the name has changed. */
5540 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5541 newname);
5542 }
5543
5544 /****************************************************************************
5545 We need to check if the source path is a parent directory of the destination
5546 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5547 refuse the rename with a sharing violation. Under UNIX the above call can
5548 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5549 probably need to check that the client is a Windows one before disallowing
5550 this as a UNIX client (one with UNIX extensions) can know the source is a
5551 symlink and make this decision intelligently. Found by an excellent bug
5552 report from <AndyLiebman@aol.com>.
5553 ****************************************************************************/
5554
5555 static bool rename_path_prefix_equal(const char *src, const char *dest)
5556 {
5557 const char *psrc = src;
5558 const char *pdst = dest;
5559 size_t slen;
5560
5561 if (psrc[0] == '.' && psrc[1] == '/') {
5562 psrc += 2;
5563 }
5564 if (pdst[0] == '.' && pdst[1] == '/') {
5565 pdst += 2;
5566 }
5567 if ((slen = strlen(psrc)) > strlen(pdst)) {
5568 return False;
5569 }
5570 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5571 }
5572
5573 /*
5574 * Do the notify calls from a rename
5575 */
5576
5577 static void notify_rename(connection_struct *conn, bool is_dir,
5578 const char *oldpath, const char *newpath)
5579 {
5580 char *olddir, *newdir;
5581 const char *oldname, *newname;
5582 uint32 mask;
5583
5584 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5585 : FILE_NOTIFY_CHANGE_FILE_NAME;
5586
5587 if (!parent_dirname(talloc_tos(), oldpath, &olddir, &oldname)
5588 || !parent_dirname(talloc_tos(), newpath, &newdir, &newname)) {
5589 TALLOC_FREE(olddir);
5590 return;
5591 }
5592
5593 if (strcmp(olddir, newdir) == 0) {
5594 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5595 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5596 }
5597 else {
5598 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5599 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5600 }
5601 TALLOC_FREE(olddir);
5602 TALLOC_FREE(newdir);
5603
5604 /* this is a strange one. w2k3 gives an additional event for
5605 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5606 files, but not directories */
5607 if (!is_dir) {
5608 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5609 FILE_NOTIFY_CHANGE_ATTRIBUTES
5610 |FILE_NOTIFY_CHANGE_CREATION,
5611 newpath);
5612 }
5613 }
5614
5615 /****************************************************************************
5616 Rename an open file - given an fsp.
5617 ****************************************************************************/
5618
5619 NTSTATUS rename_internals_fsp(connection_struct *conn,
5620 files_struct *fsp,
5621 char *newname,
5622 const char *newname_last_component,
5623 uint32 attrs,
5624 bool replace_if_exists)
5625 {
5626 TALLOC_CTX *ctx = talloc_tos();
5627 SMB_STRUCT_STAT sbuf, sbuf1;
5628 NTSTATUS status = NT_STATUS_OK;
5629 struct share_mode_lock *lck = NULL;
5630 bool dst_exists, old_is_stream, new_is_stream;
5631
5632 ZERO_STRUCT(sbuf);
5633
5634 status = check_name(conn, newname);
5635 if (!NT_STATUS_IS_OK(status)) {
5636 return status;
5637 }
5638
5639 /* Ensure newname contains a '/' */
5640 if(strrchr_m(newname,'/') == 0) {
5641 newname = talloc_asprintf(ctx,
5642 "./%s",
5643 newname);
5644 if (!newname) {
5645 return NT_STATUS_NO_MEMORY;
5646 }
5647 }
5648
5649 /*
5650 * Check for special case with case preserving and not
5651 * case sensitive. If the old last component differs from the original
5652 * last component only by case, then we should allow
5653 * the rename (user is trying to change the case of the
5654 * filename).
5655 */
5656
5657 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5658 strequal(newname, fsp->fsp_name)) {
5659 char *p;
5660 char *newname_modified_last_component = NULL;
5661
5662 /*
5663 * Get the last component of the modified name.
5664 * Note that we guarantee that newname contains a '/'
5665 * character above.
5666 */
5667 p = strrchr_m(newname,'/');
5668 newname_modified_last_component = talloc_strdup(ctx,
5669 p+1);
5670 if (!newname_modified_last_component) {
5671 return NT_STATUS_NO_MEMORY;
5672 }
5673
5674 if(strcsequal(newname_modified_last_component,
5675 newname_last_component) == False) {
5676 /*
5677 * Replace the modified last component with
5678 * the original.
5679 */
5680 *p = '\0'; /* Truncate at the '/' */
5681 newname = talloc_asprintf(ctx,
5682 "%s/%s",
5683 newname,
5684 newname_last_component);
5685 }
5686 }
5687
5688 /*
5689 * If the src and dest names are identical - including case,
5690 * don't do the rename, just return success.
5691 */
5692
5693 if (strcsequal(fsp->fsp_name, newname)) {
5694 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5695 newname));
5696 return NT_STATUS_OK;
5697 }
5698
5699 old_is_stream = is_ntfs_stream_name(fsp->fsp_name);
5700 new_is_stream = is_ntfs_stream_name(newname);
5701
5702 /* Return the correct error code if both names aren't streams. */
5703 if (!old_is_stream && new_is_stream) {
5704 return NT_STATUS_OBJECT_NAME_INVALID;
5705 }
5706
5707 if (old_is_stream && !new_is_stream) {
5708 return NT_STATUS_INVALID_PARAMETER;
5709 }
5710
5711 /*
5712 * Have vfs_object_exist also fill sbuf1
5713 */
5714 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5715
5716 if(!replace_if_exists && dst_exists) {
5717 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5718 fsp->fsp_name,newname));
5719 return NT_STATUS_OBJECT_NAME_COLLISION;
5720 }
5721
5722 if (dst_exists) {
5723 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5724 files_struct *dst_fsp = file_find_di_first(fileid);
5725 /* The file can be open when renaming a stream */
5726 if (dst_fsp && !new_is_stream) {
5727 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5728 return NT_STATUS_ACCESS_DENIED;
5729 }
5730 }
5731
5732 /* Ensure we have a valid stat struct for the source. */
5733 if (fsp->fh->fd != -1) {
5734 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5735 return map_nt_error_from_unix(errno);
5736 }
5737 } else {
5738 int ret = -1;
5739 if (fsp->posix_open) {
5740 ret = SMB_VFS_LSTAT(conn,fsp->fsp_name,&sbuf);
5741 } else {
5742 ret = SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf);
5743 }
5744 if (ret == -1) {
5745 return map_nt_error_from_unix(errno);
5746 }
5747 }
5748
5749 status = can_rename(conn, fsp, attrs, &sbuf);
5750
5751 if (!NT_STATUS_IS_OK(status)) {
5752 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5753 nt_errstr(status), fsp->fsp_name,newname));
5754 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5755 status = NT_STATUS_ACCESS_DENIED;
5756 return status;
5757 }
5758
5759 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5760 return NT_STATUS_ACCESS_DENIED;
5761 }
5762
5763 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5764 NULL);
5765
5766 /*
5767 * We have the file open ourselves, so not being able to get the
5768 * corresponding share mode lock is a fatal error.
5769 */
5770
5771 SMB_ASSERT(lck != NULL);
5772
5773 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5774 uint32 create_options = fsp->fh->private_options;
5775
5776 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5777 fsp->fsp_name,newname));
5778
5779 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5780
5781 rename_open_files(conn, lck, newname);
5782
5783 /*
5784 * A rename acts as a new file create w.r.t. allowing an initial delete
5785 * on close, probably because in Windows there is a new handle to the
5786 * new file. If initial delete on close was requested but not
5787 * originally set, we need to set it here. This is probably not 100% correct,
5788 * but will work for the CIFSFS client which in non-posix mode
5789 * depends on these semantics. JRA.
5790 */
5791
5792 if (create_options & FILE_DELETE_ON_CLOSE) {
5793 status = can_set_delete_on_close(fsp, True, 0);
5794
5795 if (NT_STATUS_IS_OK(status)) {
5796 /* Note that here we set the *inital* delete on close flag,
5797 * not the regular one. The magic gets handled in close. */
5798 fsp->initial_delete_on_close = True;
5799 }
5800 }
5801 TALLOC_FREE(lck);
5802 return NT_STATUS_OK;
5803 }
5804
5805 TALLOC_FREE(lck);
5806
5807 if (errno == ENOTDIR || errno == EISDIR) {
5808 status = NT_STATUS_OBJECT_NAME_COLLISION;
5809 } else {
5810 status = map_nt_error_from_unix(errno);
5811 }
5812
5813 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5814 nt_errstr(status), fsp->fsp_name,newname));
5815
5816 return status;
5817 }
5818
5819 /****************************************************************************
5820 The guts of the rename command, split out so it may be called by the NT SMB
5821 code.
5822 ****************************************************************************/
5823
5824 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5825 connection_struct *conn,
5826 struct smb_request *req,
5827 const char *name_in,
5828 const char *newname_in,
5829 uint32 attrs,
5830 bool replace_if_exists,
5831 bool src_has_wild,
5832 bool dest_has_wild,
5833 uint32_t access_mask)
5834 {
5835 char *directory = NULL;
5836 char *mask = NULL;
5837 char *last_component_src = NULL;
5838 char *last_component_dest = NULL;
5839 char *name = NULL;
5840 char *newname = NULL;
5841 char *p;
5842 int count=0;
5843 NTSTATUS status = NT_STATUS_OK;
5844 SMB_STRUCT_STAT sbuf1, sbuf2;
5845 struct smb_Dir *dir_hnd = NULL;
5846 const char *dname;
5847 long offset = 0;
5848 int create_options = 0;
5849 bool posix_pathnames = lp_posix_pathnames();
5850
5851 ZERO_STRUCT(sbuf1);
5852 ZERO_STRUCT(sbuf2);
5853
5854 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5855 &last_component_src, &sbuf1);
5856 if (!NT_STATUS_IS_OK(status)) {
5857 return status;
5858 }
5859
5860 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5861 &last_component_dest, &sbuf2);
5862 if (!NT_STATUS_IS_OK(status)) {
5863 return status;
5864 }
5865
5866 /*
5867 * Split the old name into directory and last component
5868 * strings. Note that unix_convert may have stripped off a
5869 * leading ./ from both name and newname if the rename is
5870 * at the root of the share. We need to make sure either both
5871 * name and newname contain a / character or neither of them do
5872 * as this is checked in resolve_wildcards().
5873 */
5874
5875 p = strrchr_m(name,'/');
5876 if (!p) {
5877 directory = talloc_strdup(ctx, ".");
5878 if (!directory) {
5879 return NT_STATUS_NO_MEMORY;
5880 }
5881 mask = name;
5882 } else {
5883 *p = 0;
5884 directory = talloc_strdup(ctx, name);
5885 if (!directory) {
5886 return NT_STATUS_NO_MEMORY;
5887 }
5888 mask = p+1;
5889 *p = '/'; /* Replace needed for exceptional test below. */
5890 }
5891
5892 /*
5893 * We should only check the mangled cache
5894 * here if unix_convert failed. This means
5895 * that the path in 'mask' doesn't exist
5896 * on the file system and so we need to look
5897 * for a possible mangle. This patch from
5898 * Tine Smukavec <valentin.smukavec@hermes.si>.
5899 */
5900
5901 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5902 char *new_mask = NULL;
5903 mangle_lookup_name_from_8_3(ctx,
5904 mask,
5905 &new_mask,
5906 conn->params );
5907 if (new_mask) {
5908 mask = new_mask;
5909 }
5910 }
5911
5912 if (!src_has_wild) {
5913 files_struct *fsp;
5914
5915 /*
5916 * No wildcards - just process the one file.
5917 */
5918 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5919
5920 /* Add a terminating '/' to the directory name. */
5921 directory = talloc_asprintf_append(directory,
5922 "/%s",
5923 mask);
5924 if (!directory) {
5925 return NT_STATUS_NO_MEMORY;
5926 }
5927
5928 /* Ensure newname contains a '/' also */
5929 if(strrchr_m(newname,'/') == 0) {
5930 newname = talloc_asprintf(ctx,
5931 "./%s",
5932 newname);
5933 if (!newname) {
5934 return NT_STATUS_NO_MEMORY;
5935 }
5936 }
5937
5938 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5939 "case_preserve = %d, short case preserve = %d, "
5940 "directory = %s, newname = %s, "
5941 "last_component_dest = %s, is_8_3 = %d\n",
5942 conn->case_sensitive, conn->case_preserve,
5943 conn->short_case_preserve, directory,
5944 newname, last_component_dest, is_short_name));
5945
5946 /* The dest name still may have wildcards. */
5947 if (dest_has_wild) {
5948 char *mod_newname = NULL;
5949 if (!resolve_wildcards(ctx,
5950 directory,newname,&mod_newname)) {
5951 DEBUG(6, ("rename_internals: resolve_wildcards "
5952 "%s %s failed\n",
5953 directory,
5954 newname));
5955 return NT_STATUS_NO_MEMORY;
5956 }
5957 newname = mod_newname;
5958 }
5959
5960 ZERO_STRUCT(sbuf1);
5961 if (posix_pathnames) {
5962 SMB_VFS_LSTAT(conn, directory, &sbuf1);
5963 } else {
5964 SMB_VFS_STAT(conn, directory, &sbuf1);
5965 }
5966
5967 if (S_ISDIR(sbuf1.st_mode)) {
5968 create_options |= FILE_DIRECTORY_FILE;
5969 }
5970
5971 status = SMB_VFS_CREATE_FILE(
5972 conn, /* conn */
5973 req, /* req */
5974 0, /* root_dir_fid */
5975 directory, /* fname */
5976 0, /* create_file_flags */
5977 access_mask, /* access_mask */
5978 (FILE_SHARE_READ | /* share_access */
5979 FILE_SHARE_WRITE),
5980 FILE_OPEN, /* create_disposition*/
5981 create_options, /* create_options */
5982 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
5983 0, /* oplock_request */
5984 0, /* allocation_size */
5985 NULL, /* sd */
5986 NULL, /* ea_list */
5987 &fsp, /* result */
5988 NULL, /* pinfo */
5989 &sbuf1); /* psbuf */
5990
5991 if (!NT_STATUS_IS_OK(status)) {
5992 DEBUG(3, ("Could not open rename source %s: %s\n",
5993 directory, nt_errstr(status)));
5994 return status;
5995 }
5996
5997 status = rename_internals_fsp(conn, fsp, newname,
5998 last_component_dest,
5999 attrs, replace_if_exists);
6000
6001 close_file(req, fsp, NORMAL_CLOSE);
6002
6003 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6004 nt_errstr(status), directory,newname));
6005
6006 return status;
6007 }
6008
6009 /*
6010 * Wildcards - process each file that matches.
6011 */
6012 if (strequal(mask,"????????.???")) {
6013 mask[0] = '*';
6014 mask[1] = '\0';
6015 }
6016
6017 status = check_name(conn, directory);
6018 if (!NT_STATUS_IS_OK(status)) {
6019 return status;
6020 }
6021
6022 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
6023 if (dir_hnd == NULL) {
6024 return map_nt_error_from_unix(errno);
6025 }
6026
6027 status = NT_STATUS_NO_SUCH_FILE;
6028 /*
6029 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6030 * - gentest fix. JRA
6031 */
6032
6033 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6034 files_struct *fsp = NULL;
6035 char *fname = NULL;
6036 char *destname = NULL;
6037 bool sysdir_entry = False;
6038
6039 /* Quick check for "." and ".." */
6040 if (ISDOT(dname) || ISDOTDOT(dname)) {
6041 if (attrs & aDIR) {
6042 sysdir_entry = True;
6043 } else {
6044 continue;
6045 }
6046 }
6047
6048 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6049 continue;
6050 }
6051
6052 if(!mask_match(dname, mask, conn->case_sensitive)) {
6053 continue;
6054 }
6055
6056 if (sysdir_entry) {
6057 status = NT_STATUS_OBJECT_NAME_INVALID;
6058 break;
6059 }
6060
6061 fname = talloc_asprintf(ctx,
6062 "%s/%s",
6063 directory,
6064 dname);
6065 if (!fname) {
6066 return NT_STATUS_NO_MEMORY;
6067 }
6068
6069 if (!resolve_wildcards(ctx,
6070 fname,newname,&destname)) {
6071 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6072 fname, destname));
6073 TALLOC_FREE(fname);
6074 continue;
6075 }
6076 if (!destname) {
6077 return NT_STATUS_NO_MEMORY;
6078 }
6079
6080 ZERO_STRUCT(sbuf1);
6081 if (posix_pathnames) {
6082 SMB_VFS_LSTAT(conn, fname, &sbuf1);
6083 } else {
6084 SMB_VFS_STAT(conn, fname, &sbuf1);
6085 }
6086
6087 create_options = 0;
6088
6089 if (S_ISDIR(sbuf1.st_mode)) {
6090 create_options |= FILE_DIRECTORY_FILE;
6091 }
6092
6093 status = SMB_VFS_CREATE_FILE(
6094 conn, /* conn */
6095 req, /* req */
6096 0, /* root_dir_fid */
6097 fname, /* fname */
6098 0, /* create_file_flags */
6099 access_mask, /* access_mask */
6100 (FILE_SHARE_READ | /* share_access */
6101 FILE_SHARE_WRITE),
6102 FILE_OPEN, /* create_disposition*/
6103 create_options, /* create_options */
6104 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6105 0, /* oplock_request */
6106 0, /* allocation_size */
6107 NULL, /* sd */
6108 NULL, /* ea_list */
6109 &fsp, /* result */
6110 NULL, /* pinfo */
6111 &sbuf1); /* psbuf */
6112
6113 if (!NT_STATUS_IS_OK(status)) {
6114 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6115 "returned %s rename %s -> %s\n",
6116 nt_errstr(status), directory, newname));
6117 break;
6118 }
6119
6120 status = rename_internals_fsp(conn, fsp, destname, dname,
6121 attrs, replace_if_exists);
6122
6123 close_file(req, fsp, NORMAL_CLOSE);
6124
6125 if (!NT_STATUS_IS_OK(status)) {
6126 DEBUG(3, ("rename_internals_fsp returned %s for "
6127 "rename %s -> %s\n", nt_errstr(status),
6128 directory, newname));
6129 break;
6130 }
6131
6132 count++;
6133
6134 DEBUG(3,("rename_internals: doing rename on %s -> "
6135 "%s\n",fname,destname));
6136
6137 TALLOC_FREE(fname);
6138 TALLOC_FREE(destname);
6139 }
6140 TALLOC_FREE(dir_hnd);
6141
6142 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6143 status = map_nt_error_from_unix(errno);
6144 }
6145
6146 return status;
6147 }
6148
6149 /****************************************************************************
6150 Reply to a mv.
6151 ****************************************************************************/
6152
6153 void reply_mv(struct smb_request *req)
6154 {
6155 connection_struct *conn = req->conn;
6156 char *name = NULL;
6157 char *newname = NULL;
6158 const char *p;
6159 uint32 attrs;
6160 NTSTATUS status;
6161 bool src_has_wcard = False;
6162 bool dest_has_wcard = False;
6163 TALLOC_CTX *ctx = talloc_tos();
6164
6165 START_PROFILE(SMBmv);
6166
6167 if (req->wct < 1) {
6168 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6169 END_PROFILE(SMBmv);
6170 return;
6171 }
6172
6173 attrs = SVAL(req->vwv+0, 0);
6174
6175 p = (const char *)req->buf + 1;
6176 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6177 &status, &src_has_wcard);
6178 if (!NT_STATUS_IS_OK(status)) {
6179 reply_nterror(req, status);
6180 END_PROFILE(SMBmv);
6181 return;
6182 }
6183 p++;
6184 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6185 &status, &dest_has_wcard);
6186 if (!NT_STATUS_IS_OK(status)) {
6187 reply_nterror(req, status);
6188 END_PROFILE(SMBmv);
6189 return;
6190 }
6191
6192 status = resolve_dfspath_wcard(ctx, conn,
6193 req->flags2 & FLAGS2_DFS_PATHNAMES,
6194 name,
6195 &name,
6196 &src_has_wcard);
6197 if (!NT_STATUS_IS_OK(status)) {
6198 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6199 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6200 ERRSRV, ERRbadpath);
6201 END_PROFILE(SMBmv);
6202 return;
6203 }
6204 reply_nterror(req, status);
6205 END_PROFILE(SMBmv);
6206 return;
6207 }
6208
6209 status = resolve_dfspath_wcard(ctx, conn,
6210 req->flags2 & FLAGS2_DFS_PATHNAMES,
6211 newname,
6212 &newname,
6213 &dest_has_wcard);
6214 if (!NT_STATUS_IS_OK(status)) {
6215 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6216 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6217 ERRSRV, ERRbadpath);
6218 END_PROFILE(SMBmv);
6219 return;
6220 }
6221 reply_nterror(req, status);
6222 END_PROFILE(SMBmv);
6223 return;
6224 }
6225
6226 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
6227
6228 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
6229 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
6230 if (!NT_STATUS_IS_OK(status)) {
6231 if (open_was_deferred(req->mid)) {
6232 /* We have re-scheduled this call. */
6233 END_PROFILE(SMBmv);
6234 return;
6235 }
6236 reply_nterror(req, status);
6237 END_PROFILE(SMBmv);
6238 return;
6239 }
6240
6241 reply_outbuf(req, 0, 0);
6242
6243 END_PROFILE(SMBmv);
6244 return;
6245 }
6246
6247 /*******************************************************************
6248 Copy a file as part of a reply_copy.
6249 ******************************************************************/
6250
6251 /*
6252 * TODO: check error codes on all callers
6253 */
6254
6255 NTSTATUS copy_file(TALLOC_CTX *ctx,
6256 connection_struct *conn,
6257 const char *src,
6258 const char *dest1,
6259 int ofun,
6260 int count,
6261 bool target_is_directory)
6262 {
6263 SMB_STRUCT_STAT src_sbuf, sbuf2;
6264 SMB_OFF_T ret=-1;
6265 files_struct *fsp1,*fsp2;
6266 char *dest = NULL;
6267 uint32 dosattrs;
6268 uint32 new_create_disposition;
6269 NTSTATUS status;
6270
6271 dest = talloc_strdup(ctx, dest1);
6272 if (!dest) {
6273 return NT_STATUS_NO_MEMORY;
6274 }
6275 if (target_is_directory) {
6276 const char *p = strrchr_m(src,'/');
6277 if (p) {
6278 p++;
6279 } else {
6280 p = src;
6281 }
6282 dest = talloc_asprintf_append(dest,
6283 "/%s",
6284 p);
6285 if (!dest) {
6286 return NT_STATUS_NO_MEMORY;
6287 }
6288 }
6289
6290 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6291 TALLOC_FREE(dest);
6292 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6293 }
6294
6295 if (!target_is_directory && count) {
6296 new_create_disposition = FILE_OPEN;
6297 } else {
6298 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6299 NULL, NULL, &new_create_disposition, NULL)) {
6300 TALLOC_FREE(dest);
6301 return NT_STATUS_INVALID_PARAMETER;
6302 }
6303 }
6304
6305 status = SMB_VFS_CREATE_FILE(
6306 conn, /* conn */
6307 NULL, /* req */
6308 0, /* root_dir_fid */
6309 src, /* fname */
6310 0, /* create_file_flags */
6311 FILE_GENERIC_READ, /* access_mask */
6312 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6313 FILE_OPEN, /* create_disposition*/
6314 0, /* create_options */
6315 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6316 INTERNAL_OPEN_ONLY, /* oplock_request */
6317 0, /* allocation_size */
6318 NULL, /* sd */
6319 NULL, /* ea_list */
6320 &fsp1, /* result */
6321 NULL, /* pinfo */
6322 &src_sbuf); /* psbuf */
6323
6324 if (!NT_STATUS_IS_OK(status)) {
6325 TALLOC_FREE(dest);
6326 return status;
6327 }
6328
6329 dosattrs = dos_mode(conn, src, &src_sbuf);
6330 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6331 ZERO_STRUCTP(&sbuf2);
6332 }
6333
6334 status = SMB_VFS_CREATE_FILE(
6335 conn, /* conn */
6336 NULL, /* req */
6337 0, /* root_dir_fid */
6338 dest, /* fname */
6339 0, /* create_file_flags */
6340 FILE_GENERIC_WRITE, /* access_mask */
6341 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6342 new_create_disposition, /* create_disposition*/
6343 0, /* create_options */
6344 dosattrs, /* file_attributes */
6345 INTERNAL_OPEN_ONLY, /* oplock_request */
6346 0, /* allocation_size */
6347 NULL, /* sd */
6348 NULL, /* ea_list */
6349 &fsp2, /* result */
6350 NULL, /* pinfo */
6351 &sbuf2); /* psbuf */
6352
6353 TALLOC_FREE(dest);
6354
6355 if (!NT_STATUS_IS_OK(status)) {
6356 close_file(NULL, fsp1, ERROR_CLOSE);
6357 return status;
6358 }
6359
6360 if ((ofun&3) == 1) {
6361 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6362 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6363 /*
6364 * Stop the copy from occurring.
6365 */
6366 ret = -1;
6367 src_sbuf.st_size = 0;
6368 }
6369 }
6370
6371 if (src_sbuf.st_size) {
6372 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6373 }
6374
6375 close_file(NULL, fsp1, NORMAL_CLOSE);
6376
6377 /* Ensure the modtime is set correctly on the destination file. */
6378 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6379
6380 /*
6381 * As we are opening fsp1 read-only we only expect
6382 * an error on close on fsp2 if we are out of space.
6383 * Thus we don't look at the error return from the
6384 * close of fsp1.
6385 */
6386 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6387
6388 if (!NT_STATUS_IS_OK(status)) {
6389 return status;
6390 }
6391
6392 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6393 return NT_STATUS_DISK_FULL;
6394 }
6395
6396 return NT_STATUS_OK;
6397 }
6398
6399 /****************************************************************************
6400 Reply to a file copy.
6401 ****************************************************************************/
6402
6403 void reply_copy(struct smb_request *req)
6404 {
6405 connection_struct *conn = req->conn;
6406 char *name = NULL;
6407 char *newname = NULL;
6408 char *directory = NULL;
6409 const char *mask = NULL;
6410 const char mask_star[] = "*";
6411 const char *p;
6412 int count=0;
6413 int error = ERRnoaccess;
6414 int err = 0;
6415 int tid2;
6416 int ofun;
6417 int flags;
6418 bool target_is_directory=False;
6419 bool source_has_wild = False;
6420 bool dest_has_wild = False;
6421 SMB_STRUCT_STAT sbuf1, sbuf2;
6422 NTSTATUS status;
6423 TALLOC_CTX *ctx = talloc_tos();
6424
6425 START_PROFILE(SMBcopy);
6426
6427 if (req->wct < 3) {
6428 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6429 END_PROFILE(SMBcopy);
6430 return;
6431 }
6432
6433 tid2 = SVAL(req->vwv+0, 0);
6434 ofun = SVAL(req->vwv+1, 0);
6435 flags = SVAL(req->vwv+2, 0);
6436
6437 p = (const char *)req->buf;
6438 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6439 &status, &source_has_wild);
6440 if (!NT_STATUS_IS_OK(status)) {
6441 reply_nterror(req, status);
6442 END_PROFILE(SMBcopy);
6443 return;
6444 }
6445 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6446 &status, &dest_has_wild);
6447 if (!NT_STATUS_IS_OK(status)) {
6448 reply_nterror(req, status);
6449 END_PROFILE(SMBcopy);
6450 return;
6451 }
6452
6453 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6454
6455 if (tid2 != conn->cnum) {
6456 /* can't currently handle inter share copies XXXX */
6457 DEBUG(3,("Rejecting inter-share copy\n"));
6458 reply_doserror(req, ERRSRV, ERRinvdevice);
6459 END_PROFILE(SMBcopy);
6460 return;
6461 }
6462
6463 status = resolve_dfspath_wcard(ctx, conn,
6464 req->flags2 & FLAGS2_DFS_PATHNAMES,
6465 name,
6466 &name,
6467 &source_has_wild);
6468 if (!NT_STATUS_IS_OK(status)) {
6469 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6470 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6471 ERRSRV, ERRbadpath);
6472 END_PROFILE(SMBcopy);
6473 return;
6474 }
6475 reply_nterror(req, status);
6476 END_PROFILE(SMBcopy);
6477 return;
6478 }
6479
6480 status = resolve_dfspath_wcard(ctx, conn,
6481 req->flags2 & FLAGS2_DFS_PATHNAMES,
6482 newname,
6483 &newname,
6484 &dest_has_wild);
6485 if (!NT_STATUS_IS_OK(status)) {
6486 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6487 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6488 ERRSRV, ERRbadpath);
6489 END_PROFILE(SMBcopy);
6490 return;
6491 }
6492 reply_nterror(req, status);
6493 END_PROFILE(SMBcopy);
6494 return;
6495 }
6496
6497 status = unix_convert(ctx, conn, name, source_has_wild,
6498 &name, NULL, &sbuf1);
6499 if (!NT_STATUS_IS_OK(status)) {
6500 reply_nterror(req, status);
6501 END_PROFILE(SMBcopy);
6502 return;
6503 }
6504
6505 status = unix_convert(ctx, conn, newname, dest_has_wild,
6506 &newname, NULL, &sbuf2);
6507 if (!NT_STATUS_IS_OK(status)) {
6508 reply_nterror(req, status);
6509 END_PROFILE(SMBcopy);
6510 return;
6511 }
6512
6513 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6514
6515 if ((flags&1) && target_is_directory) {
6516 reply_doserror(req, ERRDOS, ERRbadfile);
6517 END_PROFILE(SMBcopy);
6518 return;
6519 }
6520
6521 if ((flags&2) && !target_is_directory) {
6522 reply_doserror(req, ERRDOS, ERRbadpath);
6523 END_PROFILE(SMBcopy);
6524 return;
6525 }
6526
6527 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6528 /* wants a tree copy! XXXX */
6529 DEBUG(3,("Rejecting tree copy\n"));
6530 reply_doserror(req, ERRSRV, ERRerror);
6531 END_PROFILE(SMBcopy);
6532 return;
6533 }
6534
6535 p = strrchr_m(name,'/');
6536 if (p != NULL) {
6537 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6538 mask = p+1;
6539 } else {
6540 directory = talloc_strdup(ctx, "./");
6541 mask = name;
6542 }
6543
6544 if (!directory) {
6545 reply_nterror(req, NT_STATUS_NO_MEMORY);
6546 END_PROFILE(SMBcopy);
6547 return;
6548 }
6549
6550 /*
6551 * We should only check the mangled cache
6552 * here if unix_convert failed. This means
6553 * that the path in 'mask' doesn't exist
6554 * on the file system and so we need to look
6555 * for a possible mangle. This patch from
6556 * Tine Smukavec <valentin.smukavec@hermes.si>.
6557 */
6558
6559 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6560 char *new_mask = NULL;
6561 mangle_lookup_name_from_8_3(ctx,
6562 mask,
6563 &new_mask,
6564 conn->params );
6565 if (new_mask) {
6566 mask = new_mask;
6567 }
6568 }
6569
6570 if (!source_has_wild) {
6571 directory = talloc_asprintf_append(directory,
6572 "/%s",
6573 mask);
6574 if (dest_has_wild) {
6575 char *mod_newname = NULL;
6576 if (!resolve_wildcards(ctx,
6577 directory,newname,&mod_newname)) {
6578 reply_nterror(req, NT_STATUS_NO_MEMORY);
6579 END_PROFILE(SMBcopy);
6580 return;
6581 }
6582 newname = mod_newname;
6583 }
6584
6585 status = check_name(conn, directory);
6586 if (!NT_STATUS_IS_OK(status)) {
6587 reply_nterror(req, status);
6588 END_PROFILE(SMBcopy);
6589 return;
6590 }
6591
6592 status = check_name(conn, newname);
6593 if (!NT_STATUS_IS_OK(status)) {
6594 reply_nterror(req, status);
6595 END_PROFILE(SMBcopy);
6596 return;
6597 }
6598
6599 status = copy_file(ctx,conn,directory,newname,ofun,
6600 count,target_is_directory);
6601
6602 if(!NT_STATUS_IS_OK(status)) {
6603 reply_nterror(req, status);
6604 END_PROFILE(SMBcopy);
6605 return;
6606 } else {
6607 count++;
6608 }
6609 } else {
6610 struct smb_Dir *dir_hnd = NULL;
6611 const char *dname = NULL;
6612 long offset = 0;
6613
6614 if (strequal(mask,"????????.???")) {
6615 mask = mask_star;
6616 }
6617
6618 status = check_name(conn, directory);
6619 if (!NT_STATUS_IS_OK(status)) {
6620 reply_nterror(req, status);
6621 END_PROFILE(SMBcopy);
6622 return;
6623 }
6624
6625 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6626 if (dir_hnd == NULL) {
6627 status = map_nt_error_from_unix(errno);
6628 reply_nterror(req, status);
6629 END_PROFILE(SMBcopy);
6630 return;
6631 }
6632
6633 error = ERRbadfile;
6634
6635 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6636 char *destname = NULL;
6637 char *fname = NULL;
6638
6639 if (ISDOT(dname) || ISDOTDOT(dname)) {
6640 continue;
6641 }
6642
6643 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6644 continue;
6645 }
6646
6647 if(!mask_match(dname, mask, conn->case_sensitive)) {
6648 continue;
6649 }
6650
6651 error = ERRnoaccess;
6652 fname = talloc_asprintf(ctx,
6653 "%s/%s",
6654 directory,
6655 dname);
6656 if (!fname) {
6657 TALLOC_FREE(dir_hnd);
6658 reply_nterror(req, NT_STATUS_NO_MEMORY);
6659 END_PROFILE(SMBcopy);
6660 return;
6661 }
6662
6663 if (!resolve_wildcards(ctx,
6664 fname,newname,&destname)) {
6665 continue;
6666 }
6667 if (!destname) {
6668 TALLOC_FREE(dir_hnd);
6669 reply_nterror(req, NT_STATUS_NO_MEMORY);
6670 END_PROFILE(SMBcopy);
6671 return;
6672 }
6673
6674 status = check_name(conn, fname);
6675 if (!NT_STATUS_IS_OK(status)) {
6676 TALLOC_FREE(dir_hnd);
6677 reply_nterror(req, status);
6678 END_PROFILE(SMBcopy);
6679 return;
6680 }
6681
6682 status = check_name(conn, destname);
6683 if (!NT_STATUS_IS_OK(status)) {
6684 TALLOC_FREE(dir_hnd);
6685 reply_nterror(req, status);
6686 END_PROFILE(SMBcopy);
6687 return;
6688 }
6689
6690 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6691
6692 status = copy_file(ctx,conn,fname,destname,ofun,
6693 count,target_is_directory);
6694 if (NT_STATUS_IS_OK(status)) {
6695 count++;
6696 }
6697 TALLOC_FREE(fname);
6698 TALLOC_FREE(destname);
6699 }
6700 TALLOC_FREE(dir_hnd);
6701 }
6702
6703 if (count == 0) {
6704 if(err) {
6705 /* Error on close... */
6706 errno = err;
6707 reply_unixerror(req, ERRHRD, ERRgeneral);
6708 END_PROFILE(SMBcopy);
6709 return;
6710 }
6711
6712 reply_doserror(req, ERRDOS, error);
6713 END_PROFILE(SMBcopy);
6714 return;
6715 }
6716
6717 reply_outbuf(req, 1, 0);
6718 SSVAL(req->outbuf,smb_vwv0,count);
6719
6720 END_PROFILE(SMBcopy);
6721 return;
6722 }
6723
6724 #undef DBGC_CLASS
6725 #define DBGC_CLASS DBGC_LOCKING
6726
6727 /****************************************************************************
6728 Get a lock pid, dealing with large count requests.
6729 ****************************************************************************/
6730
6731 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6732 bool large_file_format)
6733 {
6734 if(!large_file_format)
6735 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6736 else
6737 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6738 }
6739
6740 /****************************************************************************
6741 Get a lock count, dealing with large count requests.
6742 ****************************************************************************/
6743
6744 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6745 bool large_file_format)
6746 {
6747 uint64_t count = 0;
6748
6749 if(!large_file_format) {
6750 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6751 } else {
6752
6753 #if defined(HAVE_LONGLONG)
6754 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6755 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6756 #else /* HAVE_LONGLONG */
6757
6758 /*
6759 * NT4.x seems to be broken in that it sends large file (64 bit)
6760 * lockingX calls even if the CAP_LARGE_FILES was *not*
6761 * negotiated. For boxes without large unsigned ints truncate the
6762 * lock count by dropping the top 32 bits.
6763 */
6764
6765 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6766 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6767 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6768 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6769 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6770 }
6771
6772 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6773 #endif /* HAVE_LONGLONG */
6774 }
6775
6776 return count;
6777 }
6778
6779 #if !defined(HAVE_LONGLONG)
6780 /****************************************************************************
6781 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6782 ****************************************************************************/
6783
6784 static uint32 map_lock_offset(uint32 high, uint32 low)
6785 {
6786 unsigned int i;
6787 uint32 mask = 0;
6788 uint32 highcopy = high;
6789
6790 /*
6791 * Try and find out how many significant bits there are in high.
6792 */
6793
6794 for(i = 0; highcopy; i++)
6795 highcopy >>= 1;
6796
6797 /*
6798 * We use 31 bits not 32 here as POSIX
6799 * lock offsets may not be negative.
6800 */
6801
6802 mask = (~0) << (31 - i);
6803
6804 if(low & mask)
6805 return 0; /* Fail. */
6806
6807 high <<= (31 - i);
6808
6809 return (high|low);
6810 }
6811 #endif /* !defined(HAVE_LONGLONG) */
6812
6813 /****************************************************************************
6814 Get a lock offset, dealing with large offset requests.
6815 ****************************************************************************/
6816
6817 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6818 bool large_file_format, bool *err)
6819 {
6820 uint64_t offset = 0;
6821
6822 *err = False;
6823
6824 if(!large_file_format) {
6825 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6826 } else {
6827
6828 #if defined(HAVE_LONGLONG)
6829 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6830 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6831 #else /* HAVE_LONGLONG */
6832
6833 /*
6834 * NT4.x seems to be broken in that it sends large file (64 bit)
6835 * lockingX calls even if the CAP_LARGE_FILES was *not*
6836 * negotiated. For boxes without large unsigned ints mangle the
6837 * lock offset by mapping the top 32 bits onto the lower 32.
6838 */
6839
6840 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6841 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6842 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6843 uint32 new_low = 0;
6844
6845 if((new_low = map_lock_offset(high, low)) == 0) {
6846 *err = True;
6847 return (uint64_t)-1;
6848 }
6849
6850 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6851 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6852 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6853 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6854 }
6855
6856 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6857 #endif /* HAVE_LONGLONG */
6858 }
6859
6860 return offset;
6861 }
6862
6863 /****************************************************************************
6864 Reply to a lockingX request.
6865 ****************************************************************************/
6866
6867 void reply_lockingX(struct smb_request *req)
6868 {
6869 connection_struct *conn = req->conn;
6870 files_struct *fsp;
6871 unsigned char locktype;
6872 unsigned char oplocklevel;
6873 uint16 num_ulocks;
6874 uint16 num_locks;
6875 uint64_t count = 0, offset = 0;
6876 uint32 lock_pid;
6877 int32 lock_timeout;
6878 int i;
6879 const uint8_t *data;
6880 bool large_file_format;
6881 bool err;
6882 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6883
6884 START_PROFILE(SMBlockingX);
6885
6886 if (req->wct < 8) {
6887 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6888 END_PROFILE(SMBlockingX);
6889 return;
6890 }
6891
6892 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6893 locktype = CVAL(req->vwv+3, 0);
6894 oplocklevel = CVAL(req->vwv+3, 1);
6895 num_ulocks = SVAL(req->vwv+6, 0);
6896 num_locks = SVAL(req->vwv+7, 0);
6897 lock_timeout = IVAL(req->vwv+4, 0);
6898 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6899
6900 if (!check_fsp(conn, req, fsp)) {
6901 END_PROFILE(SMBlockingX);
6902 return;
6903 }
6904
6905 data = req->buf;
6906
6907 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6908 /* we don't support these - and CANCEL_LOCK makes w2k
6909 and XP reboot so I don't really want to be
6910 compatible! (tridge) */
6911 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6912 END_PROFILE(SMBlockingX);
6913 return;
6914 }
6915
6916 /* Check if this is an oplock break on a file
6917 we have granted an oplock on.
6918 */
6919 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6920 /* Client can insist on breaking to none. */
6921 bool break_to_none = (oplocklevel == 0);
6922 bool result;
6923
6924 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6925 "for fnum = %d\n", (unsigned int)oplocklevel,
6926 fsp->fnum ));
6927
6928 /*
6929 * Make sure we have granted an exclusive or batch oplock on
6930 * this file.
6931 */
6932
6933 if (fsp->oplock_type == 0) {
6934
6935 /* The Samba4 nbench simulator doesn't understand
6936 the difference between break to level2 and break
6937 to none from level2 - it sends oplock break
6938 replies in both cases. Don't keep logging an error
6939 message here - just ignore it. JRA. */
6940
6941 DEBUG(5,("reply_lockingX: Error : oplock break from "
6942 "client for fnum = %d (oplock=%d) and no "
6943 "oplock granted on this file (%s).\n",
6944 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6945
6946 /* if this is a pure oplock break request then don't
6947 * send a reply */
6948 if (num_locks == 0 && num_ulocks == 0) {
6949 END_PROFILE(SMBlockingX);
6950 return;
6951 } else {
6952 END_PROFILE(SMBlockingX);
6953 reply_doserror(req, ERRDOS, ERRlock);
6954 return;
6955 }
6956 }
6957
6958 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6959 (break_to_none)) {
6960 result = remove_oplock(fsp);
6961 } else {
6962 result = downgrade_oplock(fsp);
6963 }
6964
6965 if (!result) {
6966 DEBUG(0, ("reply_lockingX: error in removing "
6967 "oplock on file %s\n", fsp->fsp_name));
6968 /* Hmmm. Is this panic justified? */
6969 smb_panic("internal tdb error");
6970 }
6971
6972 reply_to_oplock_break_requests(fsp);
6973
6974 /* if this is a pure oplock break request then don't send a
6975 * reply */
6976 if (num_locks == 0 && num_ulocks == 0) {
6977 /* Sanity check - ensure a pure oplock break is not a
6978 chained request. */
6979 if(CVAL(req->vwv+0, 0) != 0xff)
6980 DEBUG(0,("reply_lockingX: Error : pure oplock "
6981 "break is a chained %d request !\n",
6982 (unsigned int)CVAL(req->vwv+0, 0)));
6983 END_PROFILE(SMBlockingX);
6984 return;
6985 }
6986 }
6987
6988 if (req->buflen <
6989 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6990 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6991 END_PROFILE(SMBlockingX);
6992 return;
6993 }
6994
6995 /* Data now points at the beginning of the list
6996 of smb_unlkrng structs */
6997 for(i = 0; i < (int)num_ulocks; i++) {
6998 lock_pid = get_lock_pid( data, i, large_file_format);
6999 count = get_lock_count( data, i, large_file_format);
7000 offset = get_lock_offset( data, i, large_file_format, &err);
7001
7002 /*
7003 * There is no error code marked "stupid client bug".... :-).
7004 */
7005 if(err) {
7006 END_PROFILE(SMBlockingX);
7007 reply_doserror(req, ERRDOS, ERRnoaccess);
7008 return;
7009 }
7010
7011 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
7012 "pid %u, file %s\n", (double)offset, (double)count,
7013 (unsigned int)lock_pid, fsp->fsp_name ));
7014
7015 status = do_unlock(smbd_messaging_context(),
7016 fsp,
7017 lock_pid,
7018 count,
7019 offset,
7020 WINDOWS_LOCK);
7021
7022 DEBUG(10, ("reply_lockingX: unlock returned %s\n",
7023 nt_errstr(status)));
7024
7025 if (NT_STATUS_V(status)) {
7026 END_PROFILE(SMBlockingX);
7027 reply_nterror(req, status);
7028 return;
7029 }
7030 }
7031
7032 /* Setup the timeout in seconds. */
7033
7034 if (!lp_blocking_locks(SNUM(conn))) {
7035 lock_timeout = 0;
7036 }
7037
7038 /* Now do any requested locks */
7039 data += ((large_file_format ? 20 : 10)*num_ulocks);
7040
7041 /* Data now points at the beginning of the list
7042 of smb_lkrng structs */
7043
7044 for(i = 0; i < (int)num_locks; i++) {
7045 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
7046 READ_LOCK:WRITE_LOCK);
7047 lock_pid = get_lock_pid( data, i, large_file_format);
7048 count = get_lock_count( data, i, large_file_format);
7049 offset = get_lock_offset( data, i, large_file_format, &err);
7050
7051 /*
7052 * There is no error code marked "stupid client bug".... :-).
7053 */
7054 if(err) {
7055 END_PROFILE(SMBlockingX);
7056 reply_doserror(req, ERRDOS, ERRnoaccess);
7057 return;
7058 }
7059
7060 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
7061 "%u, file %s timeout = %d\n", (double)offset,
7062 (double)count, (unsigned int)lock_pid,
7063 fsp->fsp_name, (int)lock_timeout ));
7064
7065 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7066 struct blocking_lock_record *blr = NULL;
7067
7068 if (lp_blocking_locks(SNUM(conn))) {
7069
7070 /* Schedule a message to ourselves to
7071 remove the blocking lock record and
7072 return the right error. */
7073
7074 blr = blocking_lock_cancel(fsp,
7075 lock_pid,
7076 offset,
7077 count,
7078 WINDOWS_LOCK,
7079 locktype,
7080 NT_STATUS_FILE_LOCK_CONFLICT);
7081 if (blr == NULL) {
7082 END_PROFILE(SMBlockingX);
7083 reply_nterror(
7084 req,
7085 NT_STATUS_DOS(
7086 ERRDOS,
7087 ERRcancelviolation));
7088 return;
7089 }
7090 }
7091 /* Remove a matching pending lock. */
7092 status = do_lock_cancel(fsp,
7093 lock_pid,
7094 count,
7095 offset,
7096 WINDOWS_LOCK,
7097 blr);
7098 } else {
7099 bool blocking_lock = lock_timeout ? True : False;
7100 bool defer_lock = False;
7101 struct byte_range_lock *br_lck;
7102 uint32 block_smbpid;
7103
7104 br_lck = do_lock(smbd_messaging_context(),
7105 fsp,
7106 lock_pid,
7107 count,
7108 offset,
7109 lock_type,
7110 WINDOWS_LOCK,
7111 blocking_lock,
7112 &status,
7113 &block_smbpid,
7114 NULL);
7115
7116 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7117 /* Windows internal resolution for blocking locks seems
7118 to be about 200ms... Don't wait for less than that. JRA. */
7119 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
7120 lock_timeout = lp_lock_spin_time();
7121 }
7122 defer_lock = True;
7123 }
7124
7125 /* This heuristic seems to match W2K3 very well. If a
7126 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7127 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7128 far as I can tell. Replacement for do_lock_spin(). JRA. */
7129
7130 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7131 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7132 defer_lock = True;
7133 lock_timeout = lp_lock_spin_time();
7134 }
7135
7136 if (br_lck && defer_lock) {
7137 /*
7138 * A blocking lock was requested. Package up
7139 * this smb into a queued request and push it
7140 * onto the blocking lock queue.
7141 */
7142 if(push_blocking_lock_request(br_lck,
7143 req,
7144 fsp,
7145 lock_timeout,
7146 i,
7147 lock_pid,
7148 lock_type,
7149 WINDOWS_LOCK,
7150 offset,
7151 count,
7152 block_smbpid)) {
7153 TALLOC_FREE(br_lck);
7154 END_PROFILE(SMBlockingX);
7155 return;
7156 }
7157 }
7158
7159 TALLOC_FREE(br_lck);
7160 }
7161
7162 if (NT_STATUS_V(status)) {
7163 END_PROFILE(SMBlockingX);
7164 reply_nterror(req, status);
7165 return;
7166 }
7167 }
7168
7169 /* If any of the above locks failed, then we must unlock
7170 all of the previous locks (X/Open spec). */
7171
7172 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
7173 (i != num_locks) &&
7174 (num_locks != 0)) {
7175 /*
7176 * Ensure we don't do a remove on the lock that just failed,
7177 * as under POSIX rules, if we have a lock already there, we
7178 * will delete it (and we shouldn't) .....
7179 */
7180 for(i--; i >= 0; i--) {
7181 lock_pid = get_lock_pid( data, i, large_file_format);
7182 count = get_lock_count( data, i, large_file_format);
7183 offset = get_lock_offset( data, i, large_file_format,
7184 &err);
7185
7186 /*
7187 * There is no error code marked "stupid client
7188 * bug".... :-).
7189 */
7190 if(err) {
7191 END_PROFILE(SMBlockingX);
7192 reply_doserror(req, ERRDOS, ERRnoaccess);
7193 return;
7194 }
7195
7196 do_unlock(smbd_messaging_context(),
7197 fsp,
7198 lock_pid,
7199 count,
7200 offset,
7201 WINDOWS_LOCK);
7202 }
7203 END_PROFILE(SMBlockingX);
7204 reply_nterror(req, status);
7205 return;
7206 }
7207
7208 reply_outbuf(req, 2, 0);
7209
7210 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7211 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7212
7213 END_PROFILE(SMBlockingX);
7214 chain_reply(req);
7215 }
7216
7217 #undef DBGC_CLASS
7218 #define DBGC_CLASS DBGC_ALL
7219
7220 /****************************************************************************
7221 Reply to a SMBreadbmpx (read block multiplex) request.
7222 Always reply with an error, if someone has a platform really needs this,
7223 please contact vl@samba.org
7224 ****************************************************************************/
7225
7226 void reply_readbmpx(struct smb_request *req)
7227 {
7228 START_PROFILE(SMBreadBmpx);
7229 reply_doserror(req, ERRSRV, ERRuseSTD);
7230 END_PROFILE(SMBreadBmpx);
7231 return;
7232 }
7233
7234 /****************************************************************************
7235 Reply to a SMBreadbs (read block multiplex secondary) request.
7236 Always reply with an error, if someone has a platform really needs this,
7237 please contact vl@samba.org
7238 ****************************************************************************/
7239
7240 void reply_readbs(struct smb_request *req)
7241 {
7242 START_PROFILE(SMBreadBs);
7243 reply_doserror(req, ERRSRV, ERRuseSTD);
7244 END_PROFILE(SMBreadBs);
7245 return;
7246 }
7247
7248 /****************************************************************************
7249 Reply to a SMBsetattrE.
7250 ****************************************************************************/
7251
7252 void reply_setattrE(struct smb_request *req)
7253 {
7254 connection_struct *conn = req->conn;
7255 struct smb_file_time ft;
7256 files_struct *fsp;
7257 SMB_STRUCT_STAT sbuf;
7258 NTSTATUS status;
7259
7260 START_PROFILE(SMBsetattrE);
7261 ZERO_STRUCT(ft);
7262
7263 if (req->wct < 7) {
7264 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7265 END_PROFILE(SMBsetattrE);
7266 return;
7267 }
7268
7269 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7270
7271 if(!fsp || (fsp->conn != conn)) {
7272 reply_doserror(req, ERRDOS, ERRbadfid);
7273 END_PROFILE(SMBsetattrE);
7274 return;
7275 }
7276
7277
7278 /*
7279 * Convert the DOS times into unix times.
7280 */
7281
7282 ft.atime = convert_time_t_to_timespec(
7283 srv_make_unix_date2(req->vwv+3));
7284 ft.mtime = convert_time_t_to_timespec(
7285 srv_make_unix_date2(req->vwv+5));
7286 ft.create_time = convert_time_t_to_timespec(
7287 srv_make_unix_date2(req->vwv+1));
7288
7289 reply_outbuf(req, 0, 0);
7290
7291 /*
7292 * Patch from Ray Frush <frush@engr.colostate.edu>
7293 * Sometimes times are sent as zero - ignore them.
7294 */
7295
7296 /* Ensure we have a valid stat struct for the source. */
7297 if (fsp->fh->fd != -1) {
7298 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7299 status = map_nt_error_from_unix(errno);
7300 reply_nterror(req, status);
7301 END_PROFILE(SMBsetattrE);
7302 return;
7303 }
7304 } else {
7305 int ret = -1;
7306
7307 if (fsp->posix_open) {
7308 ret = SMB_VFS_LSTAT(conn, fsp->fsp_name, &sbuf);
7309 } else {
7310 ret = SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf);
7311 }
7312 if (ret == -1) {
7313 status = map_nt_error_from_unix(errno);
7314 reply_nterror(req, status);
7315 END_PROFILE(SMBsetattrE);
7316 return;
7317 }
7318 }
7319
7320 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7321 &sbuf, &ft, true);
7322 if (!NT_STATUS_IS_OK(status)) {
7323 reply_doserror(req, ERRDOS, ERRnoaccess);
7324 END_PROFILE(SMBsetattrE);
7325 return;
7326 }
7327
7328 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7329 " createtime=%u\n",
7330 fsp->fnum,
7331 (unsigned int)ft.atime.tv_sec,
7332 (unsigned int)ft.mtime.tv_sec,
7333 (unsigned int)ft.create_time.tv_sec
7334 ));
7335
7336 END_PROFILE(SMBsetattrE);
7337 return;
7338 }
7339
7340
7341 /* Back from the dead for OS/2..... JRA. */
7342
7343 /****************************************************************************
7344 Reply to a SMBwritebmpx (write block multiplex primary) request.
7345 Always reply with an error, if someone has a platform really needs this,
7346 please contact vl@samba.org
7347 ****************************************************************************/
7348
7349 void reply_writebmpx(struct smb_request *req)
7350 {
7351 START_PROFILE(SMBwriteBmpx);
7352 reply_doserror(req, ERRSRV, ERRuseSTD);
7353 END_PROFILE(SMBwriteBmpx);
7354 return;
7355 }
7356
7357 /****************************************************************************
7358 Reply to a SMBwritebs (write block multiplex secondary) request.
7359 Always reply with an error, if someone has a platform really needs this,
7360 please contact vl@samba.org
7361 ****************************************************************************/
7362
7363 void reply_writebs(struct smb_request *req)
7364 {
7365 START_PROFILE(SMBwriteBs);
7366 reply_doserror(req, ERRSRV, ERRuseSTD);
7367 END_PROFILE(SMBwriteBs);
7368 return;
7369 }
7370
7371 /****************************************************************************
7372 Reply to a SMBgetattrE.
7373 ****************************************************************************/
7374
7375 void reply_getattrE(struct smb_request *req)
7376 {
7377 connection_struct *conn = req->conn;
7378 SMB_STRUCT_STAT sbuf;
7379 int mode;
7380 files_struct *fsp;
7381 struct timespec create_ts;
7382
7383 START_PROFILE(SMBgetattrE);
7384
7385 if (req->wct < 1) {
7386 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7387 END_PROFILE(SMBgetattrE);
7388 return;
7389 }
7390
7391 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7392
7393 if(!fsp || (fsp->conn != conn)) {
7394 reply_doserror(req, ERRDOS, ERRbadfid);
7395 END_PROFILE(SMBgetattrE);
7396 return;
7397 }
7398
7399 /* Do an fstat on this file */
7400 if(fsp_stat(fsp, &sbuf)) {
7401 reply_unixerror(req, ERRDOS, ERRnoaccess);
7402 END_PROFILE(SMBgetattrE);
7403 return;
7404 }
7405
7406 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7407
7408 /*
7409 * Convert the times into dos times. Set create
7410 * date to be last modify date as UNIX doesn't save
7411 * this.
7412 */
7413
7414 reply_outbuf(req, 11, 0);
7415
7416 create_ts = get_create_timespec(&sbuf,
7417 lp_fake_dir_create_times(SNUM(conn)));
7418 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7419 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7420 /* Should we check pending modtime here ? JRA */
7421 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7422
7423 if (mode & aDIR) {
7424 SIVAL(req->outbuf, smb_vwv6, 0);
7425 SIVAL(req->outbuf, smb_vwv8, 0);
7426 } else {
7427 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf);
7428 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7429 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7430 }
7431 SSVAL(req->outbuf,smb_vwv10, mode);
7432
7433 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7434
7435 END_PROFILE(SMBgetattrE);
7436 return;
7437 }
Samba GIT mirror