2 Unix SMB/Netbios implementation.
4 SMB NT transaction handling
5 Copyright (C) Jeremy Allison 1994-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern int DEBUGLEVEL
;
28 extern int smb_read_error
;
29 extern int global_oplock_break
;
30 extern int chain_size
;
31 extern BOOL case_sensitive
;
32 extern BOOL case_preserve
;
33 extern BOOL short_case_preserve
;
35 static void remove_pending_change_notify_requests_by_mid(int mid
);
37 static char *known_nt_pipes
[] = {
51 /****************************************************************************
52 Send the required number of replies back.
53 We assume all fields other than the data fields are
54 set correctly for the type of call.
55 HACK ! Always assumes smb_setup field is zero.
56 ****************************************************************************/
58 static int send_nt_replies(char *inbuf
, char *outbuf
, int bufsize
, uint32 nt_error
, char *params
,
59 int paramsize
, char *pdata
, int datasize
)
62 int data_to_send
= datasize
;
63 int params_to_send
= paramsize
;
67 int params_sent_thistime
, data_sent_thistime
, total_sent_thistime
;
68 int alignment_offset
= 3;
69 int data_alignment_offset
= 0;
72 * Initially set the wcnt area to be 18 - this is true for all
76 set_message(outbuf
,18,0,True
);
80 SSVAL(outbuf
,smb_flg2
, SVAL(outbuf
,smb_flg2
) | FLAGS2_32_BIT_ERROR_CODES
);
86 * If there genuinely are no parameters or data to send just send
90 if(params_to_send
== 0 && data_to_send
== 0) {
91 send_smb(Client
,outbuf
);
96 * When sending params and data ensure that both are nicely aligned.
97 * Only do this alignment when there is also data to send - else
98 * can cause NT redirector problems.
101 if (((params_to_send
% 4) != 0) && (data_to_send
!= 0))
102 data_alignment_offset
= 4 - (params_to_send
% 4);
105 * Space is bufsize minus Netbios over TCP header minus SMB header.
106 * The alignment_offset is to align the param bytes on a four byte
107 * boundary (2 bytes for data len, one byte pad).
108 * NT needs this to work correctly.
111 useable_space
= bufsize
- ((smb_buf(outbuf
)+
112 alignment_offset
+data_alignment_offset
) -
116 * useable_space can never be more than max_send minus the
120 useable_space
= MIN(useable_space
,
121 max_send
- (alignment_offset
+data_alignment_offset
));
124 while (params_to_send
|| data_to_send
) {
127 * Calculate whether we will totally or partially fill this packet.
130 total_sent_thistime
= params_to_send
+ data_to_send
+
131 alignment_offset
+ data_alignment_offset
;
134 * We can never send more than useable_space.
137 total_sent_thistime
= MIN(total_sent_thistime
, useable_space
);
139 set_message(outbuf
, 18, total_sent_thistime
, True
);
142 * Set total params and data to be sent.
145 SIVAL(outbuf
,smb_ntr_TotalParameterCount
,paramsize
);
146 SIVAL(outbuf
,smb_ntr_TotalDataCount
,datasize
);
149 * Calculate how many parameters and data we can fit into
150 * this packet. Parameters get precedence.
153 params_sent_thistime
= MIN(params_to_send
,useable_space
);
154 data_sent_thistime
= useable_space
- params_sent_thistime
;
155 data_sent_thistime
= MIN(data_sent_thistime
,data_to_send
);
157 SIVAL(outbuf
,smb_ntr_ParameterCount
,params_sent_thistime
);
159 if(params_sent_thistime
== 0) {
160 SIVAL(outbuf
,smb_ntr_ParameterOffset
,0);
161 SIVAL(outbuf
,smb_ntr_ParameterDisplacement
,0);
164 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
165 * parameter bytes, however the first 4 bytes of outbuf are
166 * the Netbios over TCP header. Thus use smb_base() to subtract
167 * them from the calculation.
170 SIVAL(outbuf
,smb_ntr_ParameterOffset
,
171 ((smb_buf(outbuf
)+alignment_offset
) - smb_base(outbuf
)));
173 * Absolute displacement of param bytes sent in this packet.
176 SIVAL(outbuf
,smb_ntr_ParameterDisplacement
,pp
- params
);
180 * Deal with the data portion.
183 SIVAL(outbuf
,smb_ntr_DataCount
, data_sent_thistime
);
185 if(data_sent_thistime
== 0) {
186 SIVAL(outbuf
,smb_ntr_DataOffset
,0);
187 SIVAL(outbuf
,smb_ntr_DataDisplacement
, 0);
190 * The offset of the data bytes is the offset of the
191 * parameter bytes plus the number of parameters being sent this time.
194 SIVAL(outbuf
,smb_ntr_DataOffset
,((smb_buf(outbuf
)+alignment_offset
) -
195 smb_base(outbuf
)) + params_sent_thistime
+ data_alignment_offset
);
196 SIVAL(outbuf
,smb_ntr_DataDisplacement
, pd
- pdata
);
200 * Copy the param bytes into the packet.
203 if(params_sent_thistime
)
204 memcpy((smb_buf(outbuf
)+alignment_offset
),pp
,params_sent_thistime
);
207 * Copy in the data bytes
210 if(data_sent_thistime
)
211 memcpy(smb_buf(outbuf
)+alignment_offset
+params_sent_thistime
+
212 data_alignment_offset
,pd
,data_sent_thistime
);
214 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
215 params_sent_thistime
, data_sent_thistime
, useable_space
));
216 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
217 params_to_send
, data_to_send
, paramsize
, datasize
));
219 /* Send the packet */
220 send_smb(Client
,outbuf
);
222 pp
+= params_sent_thistime
;
223 pd
+= data_sent_thistime
;
225 params_to_send
-= params_sent_thistime
;
226 data_to_send
-= data_sent_thistime
;
232 if(params_to_send
< 0 || data_to_send
< 0) {
233 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
234 params_to_send
, data_to_send
));
242 /****************************************************************************
243 (Hopefully) temporary call to fix bugs in NT5.0beta2. This OS sends unicode
244 strings in NT calls AND DOESN'T SET THE UNICODE BIT !!!!!!!
245 ****************************************************************************/
247 static void my_wcstombs(char *dst
, uint16
*src
, size_t len
)
251 for(i
= 0; i
< len
; i
++)
252 dst
[i
] = (char)SVAL(src
,i
*2);
255 static void get_filename( char *fname
, char *inbuf
, int data_offset
, int data_len
, int fname_len
)
257 if(data_len
- fname_len
> 1) {
259 * NT 5.0 Beta 2 has kindly sent us a UNICODE string
260 * without bothering to set the unicode bit. How kind.
262 * Firstly - ensure that the data offset is aligned
263 * on a 2 byte boundary - add one if not.
265 fname_len
= fname_len
/2;
268 my_wcstombs( fname
, (uint16
*)(inbuf
+data_offset
), fname_len
);
270 StrnCpy(fname
,inbuf
+data_offset
,fname_len
);
272 fname
[fname_len
] = '\0';
275 /****************************************************************************
277 ****************************************************************************/
279 static BOOL saved_case_sensitive
;
280 static BOOL saved_case_preserve
;
281 static BOOL saved_short_case_preserve
;
283 /****************************************************************************
285 ****************************************************************************/
287 static void set_posix_case_semantics(uint32 file_attributes
)
289 if(!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
))
292 saved_case_sensitive
= case_sensitive
;
293 saved_case_preserve
= case_preserve
;
294 saved_short_case_preserve
= short_case_preserve
;
297 case_sensitive
= True
;
298 case_preserve
= True
;
299 short_case_preserve
= True
;
302 /****************************************************************************
303 Restore case semantics.
304 ****************************************************************************/
306 static void restore_case_semantics(uint32 file_attributes
)
308 if(!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
))
311 case_sensitive
= saved_case_sensitive
;
312 case_preserve
= saved_case_preserve
;
313 short_case_preserve
= saved_short_case_preserve
;
316 /****************************************************************************
317 Utility function to map create disposition.
318 ****************************************************************************/
320 static int map_create_disposition( uint32 create_disposition
)
324 switch( create_disposition
) {
326 /* create if not exist, fail if exist */
327 ret
= (FILE_CREATE_IF_NOT_EXIST
|FILE_EXISTS_FAIL
);
330 case FILE_OVERWRITE_IF
:
331 /* create if not exist, trunc if exist */
332 ret
= (FILE_CREATE_IF_NOT_EXIST
|FILE_EXISTS_TRUNCATE
);
335 /* fail if not exist, open if exists */
336 ret
= (FILE_FAIL_IF_NOT_EXIST
|FILE_EXISTS_OPEN
);
339 /* create if not exist, open if exists */
340 ret
= (FILE_CREATE_IF_NOT_EXIST
|FILE_EXISTS_OPEN
);
343 /* fail if not exist, truncate if exists */
344 ret
= (FILE_FAIL_IF_NOT_EXIST
|FILE_EXISTS_TRUNCATE
);
347 DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n",
348 create_disposition
));
352 DEBUG(10,("map_create_disposition: Mapped create_disposition %lx to %x\n",
353 (unsigned long)create_disposition
, ret
));
358 /****************************************************************************
359 Utility function to map share modes.
360 ****************************************************************************/
362 static int map_share_mode( BOOL
*pstat_open_only
, char *fname
,
363 uint32 desired_access
, uint32 share_access
, uint32 file_attributes
)
365 int smb_open_mode
= -1;
367 *pstat_open_only
= False
;
369 switch( desired_access
& (FILE_READ_DATA
|FILE_WRITE_DATA
|FILE_APPEND_DATA
) ) {
371 smb_open_mode
= DOS_OPEN_RDONLY
;
373 case FILE_WRITE_DATA
:
374 case FILE_APPEND_DATA
:
375 case FILE_WRITE_DATA
|FILE_APPEND_DATA
:
376 smb_open_mode
= DOS_OPEN_WRONLY
;
378 case FILE_READ_DATA
|FILE_WRITE_DATA
:
379 case FILE_READ_DATA
|FILE_WRITE_DATA
|FILE_APPEND_DATA
:
380 case FILE_READ_DATA
|FILE_APPEND_DATA
:
381 smb_open_mode
= DOS_OPEN_RDWR
;
386 * NB. For DELETE_ACCESS we should really check the
387 * directory permissions, as that is what controls
388 * delete, and for WRITE_DAC_ACCESS we should really
389 * check the ownership, as that is what controls the
390 * chmod. Note that this is *NOT* a security hole (this
391 * note is for you, Andrew) as we are not *allowing*
392 * the access at this point, the actual unlink or
393 * chown or chmod call would do this. We are just helping
394 * clients out by telling them if they have a hope
395 * of any of this succeeding. POSIX acls may still
396 * deny the real call. JRA.
399 if (smb_open_mode
== -1) {
400 if(desired_access
== WRITE_DAC_ACCESS
|| desired_access
== READ_CONTROL_ACCESS
)
401 *pstat_open_only
= True
;
403 if(desired_access
& (DELETE_ACCESS
|WRITE_DAC_ACCESS
|WRITE_OWNER_ACCESS
|
404 FILE_EXECUTE
|FILE_READ_ATTRIBUTES
|
405 FILE_READ_EA
|FILE_WRITE_EA
|SYSTEM_SECURITY_ACCESS
|
406 FILE_WRITE_ATTRIBUTES
|READ_CONTROL_ACCESS
))
407 smb_open_mode
= DOS_OPEN_RDONLY
;
409 DEBUG(0,("map_share_mode: Incorrect value %lx for desired_access to file %s\n",
410 (unsigned long)desired_access
, fname
));
416 * Set the special bit that means allow share delete.
417 * This is held outside the normal share mode bits at 1<<15.
421 if(share_access
& FILE_SHARE_DELETE
)
422 smb_open_mode
|= ALLOW_SHARE_DELETE
;
424 /* Add in the requested share mode. */
425 switch( share_access
& (FILE_SHARE_READ
|FILE_SHARE_WRITE
)) {
426 case FILE_SHARE_READ
:
427 smb_open_mode
|= SET_DENY_MODE(DENY_WRITE
);
429 case FILE_SHARE_WRITE
:
430 smb_open_mode
|= SET_DENY_MODE(DENY_READ
);
432 case (FILE_SHARE_READ
|FILE_SHARE_WRITE
):
433 smb_open_mode
|= SET_DENY_MODE(DENY_NONE
);
435 case FILE_SHARE_NONE
:
436 smb_open_mode
|= SET_DENY_MODE(DENY_ALL
);
441 * Handle an O_SYNC request.
444 if(file_attributes
& FILE_FLAG_WRITE_THROUGH
)
445 smb_open_mode
|= FILE_SYNC_OPENMODE
;
447 DEBUG(10,("map_share_mode: Mapped desired access %lx, share access %lx, file attributes %lx \
448 to open_mode %x\n", (unsigned long)desired_access
, (unsigned long)share_access
,
449 (unsigned long)file_attributes
, smb_open_mode
));
451 return smb_open_mode
;
455 * This is a *disgusting* hack.
456 * This is *so* bad that even I'm embarrassed (and I
457 * have no shame). Here's the deal :
458 * Until we get the correct SPOOLSS code into smbd
459 * then when we're running with NT SMB support then
460 * NT makes this call with a level of zero, and then
461 * immediately follows it with an open request to
462 * the \\SRVSVC pipe. If we allow that open to
463 * succeed then NT barfs when it cannot open the
464 * \\SPOOLSS pipe immediately after and continually
465 * whines saying "Printer name is invalid" forever
466 * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC
467 * to fail, then NT downgrades to using the downlevel code
468 * and everything works as well as before. I hate
469 * myself for adding this code.... JRA.
471 * The HACK_FAIL_TIME define allows only a 2
472 * second window for this to occur, just in
476 static BOOL fail_next_srvsvc
= False
;
477 static time_t fail_time
;
478 #define HACK_FAIL_TIME 2 /* In seconds. */
480 void fail_next_srvsvc_open(void)
482 fail_next_srvsvc
= True
;
483 fail_time
= time(NULL
);
484 DEBUG(10,("fail_next_srvsvc_open: setting up timeout close of \\srvsvc pipe for print fix.\n"));
488 * HACK alert.... see above - JRA.
491 BOOL
should_fail_next_srvsvc_open(const char *pipename
)
494 DEBUG(10,("should_fail_next_srvsvc_open: fail = %d, pipe = %s\n",
495 (int)fail_next_srvsvc
, pipename
));
497 if(fail_next_srvsvc
&& (time(NULL
) > fail_time
+ HACK_FAIL_TIME
)) {
498 fail_next_srvsvc
= False
;
499 fail_time
= (time_t)0;
500 DEBUG(10,("should_fail_next_srvsvc_open: End of timeout close of \\srvsvc pipe for print fix.\n"));
503 if(fail_next_srvsvc
&& strequal(pipename
, "srvsvc")) {
504 fail_next_srvsvc
= False
;
505 DEBUG(10,("should_fail_next_srvsvc_open: Deliberately failing open of \\srvsvc pipe for print fix.\n"));
512 /****************************************************************************
513 Reply to an NT create and X call on a pipe.
514 ****************************************************************************/
515 static int nt_open_pipe(char *fname
, connection_struct
*conn
,
516 char *inbuf
, char *outbuf
, int *ppnum
)
518 pipes_struct
*p
= NULL
;
520 uint16 vuid
= SVAL(inbuf
, smb_uid
);
523 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname
));
525 /* See if it is one we want to handle. */
526 for( i
= 0; known_nt_pipes
[i
]; i
++ )
527 if( strequal(fname
,known_nt_pipes
[i
]))
530 if ( known_nt_pipes
[i
] == NULL
)
531 return(ERROR(ERRSRV
,ERRaccess
));
533 /* Strip \\ off the name. */
536 if(should_fail_next_srvsvc_open(fname
))
537 return (ERROR(ERRSRV
,ERRaccess
));
539 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname
));
541 p
= open_rpc_pipe_p(fname
, conn
, vuid
);
543 return(ERROR(ERRSRV
,ERRnofids
));
550 /****************************************************************************
551 Reply to an NT create and X call.
552 ****************************************************************************/
554 int reply_ntcreate_and_X(connection_struct
*conn
,
555 char *inbuf
,char *outbuf
,int length
,int bufsize
)
558 uint32 flags
= IVAL(inbuf
,smb_ntcreate_Flags
);
559 uint32 desired_access
= IVAL(inbuf
,smb_ntcreate_DesiredAccess
);
560 uint32 file_attributes
= IVAL(inbuf
,smb_ntcreate_FileAttributes
);
561 uint32 share_access
= IVAL(inbuf
,smb_ntcreate_ShareAccess
);
562 uint32 create_disposition
= IVAL(inbuf
,smb_ntcreate_CreateDisposition
);
563 uint32 create_options
= IVAL(inbuf
,smb_ntcreate_CreateOptions
);
564 uint32 fname_len
= MIN(((uint32
)SVAL(inbuf
,smb_ntcreate_NameLength
)),
565 ((uint32
)sizeof(fname
)-1));
566 uint16 root_dir_fid
= (uint16
)IVAL(inbuf
,smb_ntcreate_RootDirectoryFid
);
569 int smb_attr
= (file_attributes
& SAMBA_ATTRIBUTES_MASK
);
570 /* Breakout the oplock request bits so we can set the
571 reply bits separately. */
572 int oplock_request
= 0;
576 SMB_OFF_T file_len
= 0;
577 SMB_STRUCT_STAT sbuf
;
579 BOOL bad_path
= False
;
580 files_struct
*fsp
=NULL
;
582 BOOL stat_open_only
= False
;
585 * We need to construct the open_and_X ofun value from the
586 * NT values, as that's what our code is structured to accept.
589 if((smb_ofun
= map_create_disposition( create_disposition
)) == -1)
590 return(ERROR(ERRDOS
,ERRbadaccess
));
596 if(root_dir_fid
!= 0) {
598 * This filename is relative to a directory fid.
600 files_struct
*dir_fsp
= file_fsp(inbuf
,smb_ntcreate_RootDirectoryFid
);
604 return(ERROR(ERRDOS
,ERRbadfid
));
606 if(!dir_fsp
->is_directory
) {
608 * Check to see if this is a mac fork of some kind.
611 get_filename(&fname
[0], inbuf
, smb_buf(inbuf
)-inbuf
,
612 smb_buflen(inbuf
),fname_len
);
614 if( fname
[0] == ':') {
615 SSVAL(outbuf
, smb_flg2
, FLAGS2_32_BIT_ERROR_CODES
);
616 return(ERROR(0, 0xc0000000|NT_STATUS_OBJECT_PATH_NOT_FOUND
));
618 return(ERROR(ERRDOS
,ERRbadfid
));
622 * Copy in the base directory name.
625 pstrcpy( fname
, dir_fsp
->fsp_name
);
626 dir_name_len
= strlen(fname
);
629 * Ensure it ends in a '\'.
632 if(fname
[dir_name_len
-1] != '\\' && fname
[dir_name_len
-1] != '/') {
633 pstrcat(fname
, "\\");
637 if(fname_len
+ dir_name_len
>= sizeof(pstring
))
638 return(ERROR(ERRSRV
,ERRfilespecs
));
640 get_filename(&fname
[dir_name_len
], inbuf
, smb_buf(inbuf
)-inbuf
,
641 smb_buflen(inbuf
),fname_len
);
645 get_filename(fname
, inbuf
, smb_buf(inbuf
)-inbuf
,
646 smb_buflen(inbuf
),fname_len
);
649 /* If it's an IPC, use the pipe handler. */
651 if (IS_IPC(conn
) && lp_nt_pipe_support()) {
653 int ret
= nt_open_pipe(fname
, conn
, inbuf
, outbuf
, &pnum
);
658 * Deal with pipe return.
661 set_message(outbuf
,34,0,True
);
663 p
= outbuf
+ smb_vwv2
;
667 SIVAL(p
,0,FILE_WAS_OPENED
);
670 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
673 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
675 SSVAL(p
,2, 0x5FF); /* ? */
677 DEBUG(5,("reply_ntcreate_and_X: open pipe = %s\n", fname
));
679 return chain_reply(inbuf
,outbuf
,length
,bufsize
);
683 * Now contruct the smb_open_mode value from the filename,
684 * desired access and the share access.
687 if((smb_open_mode
= map_share_mode(&stat_open_only
, fname
, desired_access
,
689 file_attributes
)) == -1)
690 return(ERROR(ERRDOS
,ERRbadaccess
));
692 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
693 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
696 * Ordinary file or directory.
700 * Check if POSIX semantics are wanted.
703 set_posix_case_semantics(file_attributes
);
705 unix_convert(fname
,conn
,0,&bad_path
,NULL
);
709 restore_case_semantics(file_attributes
);
710 return(ERROR(ERRSRV
,ERRnofids
));
713 if (!check_name(fname
,conn
)) {
714 if((errno
== ENOENT
) && bad_path
) {
715 unix_ERR_class
= ERRDOS
;
716 unix_ERR_code
= ERRbadpath
;
720 restore_case_semantics(file_attributes
);
722 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
725 unixmode
= unix_mode(conn
,smb_attr
| aARCH
);
728 * If it's a request for a directory open, deal with it separately.
731 if(create_options
& FILE_DIRECTORY_FILE
) {
734 open_directory(fsp
, conn
, fname
, smb_ofun
,
735 unixmode
, &smb_action
);
737 restore_case_semantics(file_attributes
);
741 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
745 * Ordinary file case.
748 /* NB. We have a potential bug here. If we
749 * cause an oplock break to ourselves, then we
750 * could end up processing filename related
751 * SMB requests whilst we await the oplock
752 * break response. As we may have changed the
753 * filename case semantics to be POSIX-like,
754 * this could mean a filename request could
755 * fail when it should succeed. This is a rare
756 * condition, but eventually we must arrange
757 * to restore the correct case semantics
758 * before issuing an oplock break request to
759 * our client. JRA. */
761 open_file_shared(fsp
,conn
,fname
,smb_open_mode
,
762 smb_ofun
,unixmode
, oplock_request
,&rmode
,&smb_action
);
765 /* We cheat here. There are two cases we
766 * care about. One is a directory rename,
767 * where the NT client will attempt to
768 * open the source directory for
769 * DELETE access. Note that when the
770 * NT client does this it does *not*
771 * set the directory bit in the
772 * request packet. This is translated
773 * into a read/write open
774 * request. POSIX states that any open
775 * for write request on a directory
776 * will generate an EISDIR error, so
777 * we can catch this here and open a
778 * pseudo handle that is flagged as a
779 * directory. The second is an open
780 * for a permissions read only, which
781 * we handle in the open_file_stat case. JRA.
784 if(errno
== EISDIR
) {
787 * We only fall back to directory open if no oplock was
788 * requested and no read/write data was requested.
791 if(oplock_request
|| (desired_access
& (FILE_READ_DATA
|FILE_WRITE_DATA
|
792 FILE_APPEND_DATA
|FILE_READ_ATTRIBUTES
|FILE_READ_EA
|
793 FILE_WRITE_ATTRIBUTES
|FILE_WRITE_EA
))) {
794 SSVAL(outbuf
, smb_flg2
, FLAGS2_32_BIT_ERROR_CODES
);
795 return(ERROR(0, 0xc0000000|NT_STATUS_FILE_IS_A_DIRECTORY
));
799 open_directory(fsp
, conn
, fname
, smb_ofun
, unixmode
, &smb_action
);
803 restore_case_semantics(file_attributes
);
804 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
806 } else if (errno
== EACCES
&& stat_open_only
) {
809 * We couldn't open normally and all we want
810 * are the permissions. Try and do a stat open.
815 open_file_stat(fsp
,conn
,fname
,smb_open_mode
,&sbuf
,&smb_action
);
819 restore_case_semantics(file_attributes
);
820 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
825 if((errno
== ENOENT
) && bad_path
) {
826 unix_ERR_class
= ERRDOS
;
827 unix_ERR_code
= ERRbadpath
;
832 restore_case_semantics(file_attributes
);
834 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
839 if(fsp
->is_directory
) {
840 if(dos_stat(fsp
->fsp_name
, &sbuf
) != 0) {
841 close_file(fsp
,True
);
842 restore_case_semantics(file_attributes
);
843 return(ERROR(ERRDOS
,ERRnoaccess
));
846 if (!fsp
->stat_open
&& sys_fstat(fsp
->fd_ptr
->fd
,&sbuf
) != 0) {
847 close_file(fsp
,False
);
848 restore_case_semantics(file_attributes
);
849 return(ERROR(ERRDOS
,ERRnoaccess
));
853 restore_case_semantics(file_attributes
);
855 file_len
= sbuf
.st_size
;
856 fmode
= dos_mode(conn
,fname
,&sbuf
);
858 fmode
= FILE_ATTRIBUTE_NORMAL
;
859 if (!fsp
->is_directory
&& (fmode
& aDIR
)) {
860 close_file(fsp
,False
);
861 return(ERROR(ERRDOS
,ERRnoaccess
));
865 * If the caller set the extended oplock request bit
866 * and we granted one (by whatever means) - set the
867 * correct bit for extended oplock reply.
870 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
)))
871 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
873 if(oplock_request
&& fsp
->granted_oplock
)
874 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
876 set_message(outbuf
,34,0,True
);
878 p
= outbuf
+ smb_vwv2
;
881 * Currently as we don't support level II oplocks we just report
882 * exclusive & batch here.
885 SCVAL(p
,0, (smb_action
& EXTENDED_OPLOCK_GRANTED
? BATCH_OPLOCK
: 0));
888 SSVAL(p
,0,fsp
->fnum
);
890 SIVAL(p
,0,smb_action
);
894 put_long_date(p
,get_create_time(&sbuf
,lp_fake_dir_create_times(SNUM(conn
))));
896 put_long_date(p
,sbuf
.st_atime
); /* access time */
898 put_long_date(p
,sbuf
.st_mtime
); /* write time */
900 put_long_date(p
,sbuf
.st_mtime
); /* change time */
902 SIVAL(p
,0,fmode
); /* File Attributes. */
904 SOFF_T(p
, 0, file_len
);
906 SOFF_T(p
,0,file_len
);
908 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
910 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
912 return chain_reply(inbuf
,outbuf
,length
,bufsize
);
915 /****************************************************************************
916 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
917 ****************************************************************************/
918 static int call_nt_transact_create(connection_struct
*conn
,
919 char *inbuf
, char *outbuf
, int length
,
921 char **ppsetup
, char **ppparams
,
925 char *params
= *ppparams
;
926 uint32 flags
= IVAL(params
,0);
927 uint32 desired_access
= IVAL(params
,8);
928 uint32 file_attributes
= IVAL(params
,20);
929 uint32 share_access
= IVAL(params
,24);
930 uint32 create_disposition
= IVAL(params
,28);
931 uint32 create_options
= IVAL(params
,32);
932 uint32 fname_len
= MIN(((uint32
)IVAL(params
,44)),
933 ((uint32
)sizeof(fname
)-1));
934 uint16 root_dir_fid
= (uint16
)IVAL(params
,4);
937 int smb_attr
= (file_attributes
& SAMBA_ATTRIBUTES_MASK
);
938 /* Breakout the oplock request bits so we can set the
939 reply bits separately. */
940 int oplock_request
= 0;
944 SMB_OFF_T file_len
= 0;
945 SMB_STRUCT_STAT sbuf
;
947 BOOL bad_path
= False
;
948 files_struct
*fsp
= NULL
;
950 BOOL stat_open_only
= False
;
953 * We need to construct the open_and_X ofun value from the
954 * NT values, as that's what our code is structured to accept.
957 if((smb_ofun
= map_create_disposition( create_disposition
)) == -1)
958 return(ERROR(ERRDOS
,ERRbadaccess
));
964 if(root_dir_fid
!= 0) {
966 * This filename is relative to a directory fid.
969 files_struct
*dir_fsp
= file_fsp(params
,4);
973 return(ERROR(ERRDOS
,ERRbadfid
));
975 if(!dir_fsp
->is_directory
) {
977 * Check to see if this is a mac fork of some kind.
980 StrnCpy(fname
,params
+53,fname_len
);
981 fname
[fname_len
] = '\0';
983 if( fname
[0] == ':') {
984 SSVAL(outbuf
, smb_flg2
, FLAGS2_32_BIT_ERROR_CODES
);
985 return(ERROR(0, 0xc0000000|NT_STATUS_OBJECT_PATH_NOT_FOUND
));
988 return(ERROR(ERRDOS
,ERRbadfid
));
992 * Copy in the base directory name.
995 pstrcpy( fname
, dir_fsp
->fsp_name
);
996 dir_name_len
= strlen(fname
);
999 * Ensure it ends in a '\'.
1002 if((fname
[dir_name_len
-1] != '\\') && (fname
[dir_name_len
-1] != '/')) {
1003 pstrcat(fname
, "\\");
1007 if(fname_len
+ dir_name_len
>= sizeof(pstring
))
1008 return(ERROR(ERRSRV
,ERRfilespecs
));
1010 StrnCpy(&fname
[dir_name_len
], params
+53, fname_len
);
1011 fname
[dir_name_len
+fname_len
] = '\0';
1014 StrnCpy(fname
,params
+53,fname_len
);
1015 fname
[fname_len
] = '\0';
1018 /* If it's an IPC, use the pipe handler. */
1020 int ret
= nt_open_pipe(fname
, conn
, inbuf
, outbuf
, &pnum
);
1023 smb_action
= FILE_WAS_OPENED
;
1027 * Now contruct the smb_open_mode value from the desired access
1028 * and the share access.
1031 if((smb_open_mode
= map_share_mode( &stat_open_only
, fname
, desired_access
,
1032 share_access
, file_attributes
)) == -1)
1033 return(ERROR(ERRDOS
,ERRbadaccess
));
1035 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
1036 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
1039 * Check if POSIX semantics are wanted.
1042 set_posix_case_semantics(file_attributes
);
1044 unix_convert(fname
,conn
,0,&bad_path
,NULL
);
1048 restore_case_semantics(file_attributes
);
1049 return(ERROR(ERRSRV
,ERRnofids
));
1052 if (!check_name(fname
,conn
)) {
1053 if((errno
== ENOENT
) && bad_path
) {
1054 unix_ERR_class
= ERRDOS
;
1055 unix_ERR_code
= ERRbadpath
;
1059 restore_case_semantics(file_attributes
);
1061 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1064 unixmode
= unix_mode(conn
,smb_attr
| aARCH
);
1067 * If it's a request for a directory open, deal with it separately.
1070 if(create_options
& FILE_DIRECTORY_FILE
) {
1075 * We will get a create directory here if the Win32
1076 * app specified a security descriptor in the
1077 * CreateDirectory() call.
1080 open_directory(fsp
, conn
, fname
, smb_ofun
, unixmode
, &smb_action
);
1084 restore_case_semantics(file_attributes
);
1085 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1088 if(dos_stat(fsp
->fsp_name
, &sbuf
) != 0) {
1089 close_file(fsp
,True
);
1090 restore_case_semantics(file_attributes
);
1091 return(ERROR(ERRDOS
,ERRnoaccess
));
1097 * Ordinary file case.
1100 open_file_shared(fsp
,conn
,fname
,smb_open_mode
,smb_ofun
,unixmode
,
1101 oplock_request
,&rmode
,&smb_action
);
1105 if(errno
== EACCES
&& stat_open_only
) {
1108 * We couldn't open normally and all we want
1109 * are the permissions. Try and do a stat open.
1114 open_file_stat(fsp
,conn
,fname
,smb_open_mode
,&sbuf
,&smb_action
);
1118 restore_case_semantics(file_attributes
);
1119 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1123 if((errno
== ENOENT
) && bad_path
) {
1124 unix_ERR_class
= ERRDOS
;
1125 unix_ERR_code
= ERRbadpath
;
1129 restore_case_semantics(file_attributes
);
1131 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1135 if (!fsp
->stat_open
&& sys_fstat(fsp
->fd_ptr
->fd
,&sbuf
) != 0) {
1136 close_file(fsp
,False
);
1138 restore_case_semantics(file_attributes
);
1140 return(ERROR(ERRDOS
,ERRnoaccess
));
1143 file_len
= sbuf
.st_size
;
1144 fmode
= dos_mode(conn
,fname
,&sbuf
);
1146 fmode
= FILE_ATTRIBUTE_NORMAL
;
1149 close_file(fsp
,False
);
1150 restore_case_semantics(file_attributes
);
1151 return(ERROR(ERRDOS
,ERRnoaccess
));
1155 * If the caller set the extended oplock request bit
1156 * and we granted one (by whatever means) - set the
1157 * correct bit for extended oplock reply.
1160 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
)))
1161 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
1163 if(oplock_request
&& fsp
->granted_oplock
)
1164 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
1168 restore_case_semantics(file_attributes
);
1170 /* Realloc the size of parameters and data we will return */
1171 params
= *ppparams
= Realloc(*ppparams
, 69);
1173 return(ERROR(ERRDOS
,ERRnomem
));
1175 memset((char *)params
,'\0',69);
1178 SCVAL(p
,0, (smb_action
& EXTENDED_OPLOCK_GRANTED
? BATCH_OPLOCK
: 0));
1183 SSVAL(p
,0,fsp
->fnum
);
1186 SIVAL(p
,0,smb_action
);
1191 * Deal with pipe return.
1194 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
1197 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
1199 SSVAL(p
,2, 0x5FF); /* ? */
1202 * Deal with file return.
1205 put_long_date(p
,get_create_time(&sbuf
,lp_fake_dir_create_times(SNUM(conn
))));
1207 put_long_date(p
,sbuf
.st_atime
); /* access time */
1209 put_long_date(p
,sbuf
.st_mtime
); /* write time */
1211 put_long_date(p
,sbuf
.st_mtime
); /* change time */
1213 SIVAL(p
,0,fmode
); /* File Attributes. */
1215 SOFF_T(p
,0,file_len
);
1217 SOFF_T(p
,0,file_len
);
1220 /* Send the required number of replies */
1221 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, params
, 69, *ppdata
, 0);
1226 /****************************************************************************
1227 Reply to a NT CANCEL request.
1228 ****************************************************************************/
1229 int reply_ntcancel(connection_struct
*conn
,
1230 char *inbuf
,char *outbuf
,int length
,int bufsize
)
1233 * Go through and cancel any pending change notifies.
1236 int mid
= SVAL(inbuf
,smb_mid
);
1237 remove_pending_change_notify_requests_by_mid(mid
);
1238 remove_pending_lock_requests_by_mid(mid
);
1240 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid
));
1245 /****************************************************************************
1246 Reply to an unsolicited SMBNTtranss - just ignore it!
1247 ****************************************************************************/
1248 int reply_nttranss(connection_struct
*conn
,
1249 char *inbuf
,char *outbuf
,int length
,int bufsize
)
1251 DEBUG(4,("Ignoring nttranss of length %d\n",length
));
1255 /****************************************************************************
1256 Reply to an NT transact rename command.
1257 ****************************************************************************/
1259 static int call_nt_transact_rename(connection_struct
*conn
,
1260 char *inbuf
, char *outbuf
, int length
,
1262 char **ppsetup
, char **ppparams
, char **ppdata
)
1264 char *params
= *ppparams
;
1266 files_struct
*fsp
= file_fsp(params
, 0);
1267 BOOL replace_if_exists
= (SVAL(params
,2) & RENAME_REPLACE_IF_EXISTS
) ? True
: False
;
1268 uint32 fname_len
= MIN((((uint32
)IVAL(inbuf
,smb_nt_TotalParameterCount
)-4)),
1269 ((uint32
)sizeof(new_name
)-1));
1272 CHECK_FSP(fsp
, conn
);
1273 StrnCpy(new_name
,params
+4,fname_len
);
1274 new_name
[fname_len
] = '\0';
1276 outsize
= rename_internals(conn
, inbuf
, outbuf
, fsp
->fsp_name
,
1277 new_name
, replace_if_exists
);
1280 * Rename was successful.
1282 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, NULL
, 0, NULL
, 0);
1284 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
1285 fsp
->fsp_name
, new_name
));
1293 /****************************************************************************
1294 This is the structure to keep the information needed to
1295 determine if a directory has changed.
1296 *****************************************************************************/
1299 time_t modify_time
; /* Info from the directory we're monitoring. */
1300 time_t status_time
; /* Info from the directory we're monitoring. */
1301 time_t total_time
; /* Total time of all directory entries - don't care if it wraps. */
1302 unsigned int num_entries
; /* Zero or the number of files in the directory. */
1305 /****************************************************************************
1306 This is the structure to queue to implement NT change
1307 notify. It consists of smb_size bytes stored from the
1308 transact command (to keep the mid, tid etc around).
1309 Plus the fid to examine and the time to check next.
1310 *****************************************************************************/
1313 ubi_slNode msg_next
;
1315 connection_struct
*conn
;
1317 time_t next_check_time
;
1318 change_hash_data change_data
;
1319 char request_buf
[smb_size
];
1320 } change_notify_buf
;
1322 static ubi_slList change_notify_queue
= { NULL
, (ubi_slNodePtr
)&change_notify_queue
, 0};
1324 /****************************************************************************
1325 Setup the common parts of the return packet and send it.
1326 *****************************************************************************/
1328 static void change_notify_reply_packet(char *inbuf
, int error_class
, uint32 error_code
)
1331 char outbuf
[smb_size
+38];
1333 memset(outbuf
, '\0', sizeof(outbuf
));
1334 construct_reply_common(inbuf
, outbuf
);
1337 * If we're returning a 'too much in the directory changed' we need to
1338 * set this is an NT error status flags. If we don't then the (probably
1339 * untested) code in the NT redirector has a bug in that it doesn't re-issue
1340 * the change notify.... Ah - I *love* it when I get so deeply into this I
1341 * can even determine how MS failed to test stuff and why.... :-). JRA.
1344 if(error_class
== 0) /* NT Error. */
1345 SSVAL(outbuf
,smb_flg2
, SVAL(outbuf
,smb_flg2
) | FLAGS2_32_BIT_ERROR_CODES
);
1347 ERROR(error_class
,error_code
);
1350 * Seems NT needs a transact command with an error code
1351 * in it. This is a longer packet than a simple error.
1353 set_message(outbuf
,18,0,False
);
1355 send_smb(Client
,outbuf
);
1358 /****************************************************************************
1359 Create the hash we will use to determine if the contents changed.
1360 *****************************************************************************/
1362 static BOOL
create_directory_notify_hash( change_notify_buf
*cnbp
, change_hash_data
*change_data
)
1365 files_struct
*fsp
= cnbp
->fsp
;
1367 memset((char *)change_data
, '\0', sizeof(change_data
));
1370 * Store the current timestamp on the directory we are monitoring.
1373 if(dos_stat(fsp
->fsp_name
, &st
) < 0) {
1374 DEBUG(0,("create_directory_notify_hash: Unable to stat name = %s. \
1375 Error was %s\n", fsp
->fsp_name
, strerror(errno
) ));
1379 change_data
->modify_time
= st
.st_mtime
;
1380 change_data
->status_time
= st
.st_ctime
;
1383 * If we are to watch for changes that are only stored
1384 * in inodes of files, not in the directory inode, we must
1385 * scan the directory and produce a unique identifier with
1386 * which we can determine if anything changed. We use the
1387 * modify and change times from all the files in the
1388 * directory, added together (ignoring wrapping if it's
1389 * larger than the max time_t value).
1392 if(cnbp
->flags
& (FILE_NOTIFY_CHANGE_SIZE
|FILE_NOTIFY_CHANGE_LAST_WRITE
)) {
1396 size_t remaining_len
;
1397 size_t fullname_len
;
1398 void *dp
= OpenDir(cnbp
->conn
, fsp
->fsp_name
, True
);
1401 DEBUG(0,("create_directory_notify_hash: Unable to open directory = %s. \
1402 Error was %s\n", fsp
->fsp_name
, strerror(errno
) ));
1406 change_data
->num_entries
= 0;
1408 pstrcpy(full_name
, fsp
->fsp_name
);
1409 pstrcat(full_name
, "/");
1411 fullname_len
= strlen(full_name
);
1412 remaining_len
= sizeof(full_name
) - fullname_len
- 1;
1413 p
= &full_name
[fullname_len
];
1415 while ((fname
= ReadDirName(dp
))) {
1416 if(strequal(fname
, ".") || strequal(fname
, ".."))
1419 change_data
->num_entries
++;
1420 safe_strcpy( p
, fname
, remaining_len
);
1422 memset(&st
, '\0', sizeof(st
));
1425 * Do the stat - but ignore errors.
1428 if(dos_stat(full_name
, &st
) < 0) {
1429 DEBUG(5,("create_directory_notify_hash: Unable to stat content file = %s. \
1430 Error was %s\n", fsp
->fsp_name
, strerror(errno
) ));
1432 change_data
->total_time
+= (st
.st_mtime
+ st
.st_ctime
);
1441 /****************************************************************************
1442 Delete entries by fnum from the change notify pending queue.
1443 *****************************************************************************/
1445 void remove_pending_change_notify_requests_by_fid(files_struct
*fsp
)
1447 change_notify_buf
*cnbp
= (change_notify_buf
*)ubi_slFirst( &change_notify_queue
);
1448 change_notify_buf
*prev
= NULL
;
1450 while(cnbp
!= NULL
) {
1451 if(cnbp
->fsp
->fnum
== fsp
->fnum
) {
1452 free((char *)ubi_slRemNext( &change_notify_queue
, prev
));
1453 cnbp
= (change_notify_buf
*)(prev
? ubi_slNext(prev
) : ubi_slFirst(&change_notify_queue
));
1458 cnbp
= (change_notify_buf
*)ubi_slNext(cnbp
);
1462 /****************************************************************************
1463 Delete entries by mid from the change notify pending queue. Always send reply.
1464 *****************************************************************************/
1466 static void remove_pending_change_notify_requests_by_mid(int mid
)
1468 change_notify_buf
*cnbp
= (change_notify_buf
*)ubi_slFirst( &change_notify_queue
);
1469 change_notify_buf
*prev
= NULL
;
1471 while(cnbp
!= NULL
) {
1472 if(SVAL(cnbp
->request_buf
,smb_mid
) == mid
) {
1473 change_notify_reply_packet(cnbp
->request_buf
,0,0xC0000000 |NT_STATUS_CANCELLED
);
1474 free((char *)ubi_slRemNext( &change_notify_queue
, prev
));
1475 cnbp
= (change_notify_buf
*)(prev
? ubi_slNext(prev
) : ubi_slFirst(&change_notify_queue
));
1480 cnbp
= (change_notify_buf
*)ubi_slNext(cnbp
);
1484 /****************************************************************************
1485 Delete entries by filename and cnum from the change notify pending queue.
1487 *****************************************************************************/
1489 void remove_pending_change_notify_requests_by_filename(files_struct
*fsp
)
1491 change_notify_buf
*cnbp
= (change_notify_buf
*)ubi_slFirst( &change_notify_queue
);
1492 change_notify_buf
*prev
= NULL
;
1494 while(cnbp
!= NULL
) {
1496 * We know it refers to the same directory if the connection number and
1497 * the filename are identical.
1499 if((cnbp
->fsp
->conn
== fsp
->conn
) && strequal(cnbp
->fsp
->fsp_name
,fsp
->fsp_name
)) {
1500 change_notify_reply_packet(cnbp
->request_buf
,0,0xC0000000 |NT_STATUS_CANCELLED
);
1501 free((char *)ubi_slRemNext( &change_notify_queue
, prev
));
1502 cnbp
= (change_notify_buf
*)(prev
? ubi_slNext(prev
) : ubi_slFirst(&change_notify_queue
));
1507 cnbp
= (change_notify_buf
*)ubi_slNext(cnbp
);
1511 /****************************************************************************
1512 Process the change notify queue. Note that this is only called as root.
1513 *****************************************************************************/
1515 void process_pending_change_notify_queue(time_t t
)
1517 change_notify_buf
*cnbp
= (change_notify_buf
*)ubi_slFirst( &change_notify_queue
);
1518 change_notify_buf
*prev
= NULL
;
1523 if(cnbp
->next_check_time
>= t
)
1527 * It's time to check. Go through the queue and see if
1528 * the timestamps changed.
1531 while((cnbp
!= NULL
) && (cnbp
->next_check_time
<= t
)) {
1532 change_hash_data change_data
;
1533 connection_struct
*conn
= cnbp
->conn
;
1534 uint16 vuid
= (lp_security() == SEC_SHARE
) ? UID_FIELD_INVALID
:
1535 SVAL(cnbp
->request_buf
,smb_uid
);
1538 * Ensure we don't have any old chain_fsp values
1539 * sitting around....
1544 if(!become_user(conn
,vuid
)) {
1545 DEBUG(0,("process_pending_change_notify_queue: Unable to become user vuid=%d.\n",
1548 * Remove the entry and return an error to the client.
1550 change_notify_reply_packet(cnbp
->request_buf
,ERRSRV
,ERRaccess
);
1551 free((char *)ubi_slRemNext( &change_notify_queue
, prev
));
1552 cnbp
= (change_notify_buf
*)(prev
? ubi_slNext(prev
) : ubi_slFirst(&change_notify_queue
));
1556 if(!become_service(conn
,True
)) {
1557 DEBUG(0,("process_pending_change_notify_queue: Unable to become service Error was %s.\n", strerror(errno
) ));
1559 * Remove the entry and return an error to the client.
1561 change_notify_reply_packet(cnbp
->request_buf
,ERRSRV
,ERRaccess
);
1562 free((char *)ubi_slRemNext( &change_notify_queue
, prev
));
1563 cnbp
= (change_notify_buf
*)(prev
? ubi_slNext(prev
) : ubi_slFirst(&change_notify_queue
));
1568 if(!create_directory_notify_hash( cnbp
, &change_data
)) {
1569 DEBUG(0,("process_pending_change_notify_queue: Unable to create change data for \
1570 directory %s\n", cnbp
->fsp
->fsp_name
));
1572 * Remove the entry and return an error to the client.
1574 change_notify_reply_packet(cnbp
->request_buf
,ERRSRV
,ERRaccess
);
1575 free((char *)ubi_slRemNext( &change_notify_queue
, prev
));
1576 cnbp
= (change_notify_buf
*)(prev
? ubi_slNext(prev
) : ubi_slFirst(&change_notify_queue
));
1581 if(memcmp( (char *)&cnbp
->change_data
, (char *)&change_data
, sizeof(change_data
))) {
1583 * Remove the entry and return a change notify to the client.
1585 DEBUG(5,("process_pending_change_notify_queue: directory name = %s changed.\n",
1586 cnbp
->fsp
->fsp_name
));
1587 change_notify_reply_packet(cnbp
->request_buf
,0,NT_STATUS_NOTIFY_ENUM_DIR
);
1588 free((char *)ubi_slRemNext( &change_notify_queue
, prev
));
1589 cnbp
= (change_notify_buf
*)(prev
? ubi_slNext(prev
) : ubi_slFirst(&change_notify_queue
));
1597 * Move to the next in the list.
1600 cnbp
= (change_notify_buf
*)ubi_slNext(cnbp
);
1604 /****************************************************************************
1605 Reply to a notify change - queue the request and
1606 don't allow a directory to be opened.
1607 ****************************************************************************/
1609 static int call_nt_transact_notify_change(connection_struct
*conn
,
1610 char *inbuf
, char *outbuf
, int length
,
1613 char **ppparams
, char **ppdata
)
1615 char *setup
= *ppsetup
;
1617 change_notify_buf
*cnbp
;
1619 fsp
= file_fsp(setup
,4);
1621 DEBUG(3,("call_nt_transact_notify_change\n"));
1624 return(ERROR(ERRDOS
,ERRbadfid
));
1626 if((!fsp
->open
) || (!fsp
->is_directory
) || (conn
!= fsp
->conn
))
1627 return(ERROR(ERRDOS
,ERRbadfid
));
1630 * Now queue an entry on the notify change stack. We timestamp
1631 * the entry we are adding so that we know when to scan next.
1632 * We only need to save smb_size bytes from this incoming packet
1633 * as we will always by returning a 'read the directory yourself'
1637 if((cnbp
= (change_notify_buf
*)malloc(sizeof(change_notify_buf
))) == NULL
) {
1638 DEBUG(0,("call_nt_transact_notify_change: malloc fail !\n" ));
1642 memset((char *)cnbp
, '\0', sizeof(change_notify_buf
));
1644 memcpy(cnbp
->request_buf
, inbuf
, smb_size
);
1647 cnbp
->next_check_time
= time(NULL
) + lp_change_notify_timeout();
1648 cnbp
->flags
= IVAL(setup
, 0);
1650 if(!create_directory_notify_hash( cnbp
, &cnbp
->change_data
)) {
1652 return(UNIXERROR(ERRDOS
,ERRbadfid
));
1656 * Adding to the tail enables us to check only
1657 * the head when scanning for change, as this entry
1658 * is forced to have the first timeout expiration.
1661 ubi_slAddTail(&change_notify_queue
, cnbp
);
1663 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
1664 name = %s\n", fsp
->fsp_name
));
1669 /****************************************************************************
1670 Map unix perms to NT.
1671 ****************************************************************************/
1673 static SEC_ACCESS
map_unix_perms( int *pacl_type
, mode_t perm
, int r_mask
, int w_mask
, int x_mask
, BOOL is_directory
)
1678 *pacl_type
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
1680 if((perm
& (r_mask
|w_mask
|x_mask
)) == (r_mask
|w_mask
|x_mask
)) {
1681 nt_mask
= UNIX_ACCESS_RWX
;
1682 } else if((perm
& (r_mask
|w_mask
|x_mask
)) == 0) {
1683 nt_mask
= UNIX_ACCESS_NONE
;
1685 nt_mask
|= (perm
& r_mask
) ? UNIX_ACCESS_R
: 0;
1687 nt_mask
|= (perm
& w_mask
) ? UNIX_ACCESS_W
: 0;
1689 nt_mask
|= (perm
& w_mask
) ? UNIX_ACCESS_W
: 0;
1690 nt_mask
|= (perm
& x_mask
) ? UNIX_ACCESS_X
: 0;
1692 init_sec_access(&sa
,nt_mask
);
1696 /****************************************************************************
1697 Reply to query a security descriptor from an fsp. If it succeeds it allocates
1698 the space for the return elements and returns True.
1699 ****************************************************************************/
1701 static size_t get_nt_acl(files_struct
*fsp
, SEC_DESC
**ppdesc
)
1703 extern DOM_SID global_sam_sid
;
1704 extern DOM_SID global_sid_World
;
1705 SMB_STRUCT_STAT sbuf
;
1706 SEC_ACE ace_list
[6];
1709 size_t sec_desc_size
;
1710 SEC_ACL
*psa
= NULL
;
1711 SEC_ACCESS owner_access
;
1713 SEC_ACCESS group_access
;
1715 SEC_ACCESS other_access
;
1721 if(!lp_nt_acl_support()) {
1722 sid_copy( &owner_sid
, &global_sid_World
);
1723 sid_copy( &group_sid
, &global_sid_World
);
1726 if(fsp
->is_directory
|| fsp
->fd_ptr
== NULL
) {
1727 if(dos_stat(fsp
->fsp_name
, &sbuf
) != 0) {
1731 if(sys_fstat(fsp
->fd_ptr
->fd
,&sbuf
) != 0) {
1737 * Get the owner, group and world SIDs.
1740 sid_copy(&owner_sid
, &global_sam_sid
);
1741 sid_copy(&group_sid
, &global_sam_sid
);
1742 sid_append_rid(&owner_sid
, pdb_uid_to_user_rid(sbuf
.st_uid
));
1743 sid_append_rid(&group_sid
, pdb_gid_to_group_rid(sbuf
.st_gid
));
1746 * Create the generic 3 element UNIX acl.
1749 owner_access
= map_unix_perms(&owner_acl_type
, sbuf
.st_mode
,
1750 S_IRUSR
, S_IWUSR
, S_IXUSR
, fsp
->is_directory
);
1751 group_access
= map_unix_perms(&grp_acl_type
, sbuf
.st_mode
,
1752 S_IRGRP
, S_IWGRP
, S_IXGRP
, fsp
->is_directory
);
1753 other_access
= map_unix_perms(&other_acl_type
, sbuf
.st_mode
,
1754 S_IROTH
, S_IWOTH
, S_IXOTH
, fsp
->is_directory
);
1756 if(owner_access
.mask
)
1757 init_sec_ace(&ace_list
[num_acls
++], &owner_sid
, owner_acl_type
,
1760 if(group_access
.mask
)
1761 init_sec_ace(&ace_list
[num_acls
++], &group_sid
, grp_acl_type
,
1764 if(other_access
.mask
)
1765 init_sec_ace(&ace_list
[num_acls
++], &global_sid_World
, other_acl_type
,
1768 if(fsp
->is_directory
) {
1770 * For directory ACLs we also add in the inherited permissions
1771 * ACE entries. These are the permissions a file would get when
1772 * being created in the directory.
1774 mode_t mode
= unix_mode( fsp
->conn
, FILE_ATTRIBUTE_ARCHIVE
);
1776 owner_access
= map_unix_perms(&owner_acl_type
, mode
,
1777 S_IRUSR
, S_IWUSR
, S_IXUSR
, fsp
->is_directory
);
1778 group_access
= map_unix_perms(&grp_acl_type
, mode
,
1779 S_IRGRP
, S_IWGRP
, S_IXGRP
, fsp
->is_directory
);
1780 other_access
= map_unix_perms(&other_acl_type
, mode
,
1781 S_IROTH
, S_IWOTH
, S_IXOTH
, fsp
->is_directory
);
1783 if(owner_access
.mask
)
1784 init_sec_ace(&ace_list
[num_acls
++], &owner_sid
, owner_acl_type
,
1785 owner_access
, SEC_ACE_FLAG_OBJECT_INHERIT
|SEC_ACE_FLAG_INHERIT_ONLY
);
1787 if(group_access
.mask
)
1788 init_sec_ace(&ace_list
[num_acls
++], &group_sid
, grp_acl_type
,
1789 group_access
, SEC_ACE_FLAG_OBJECT_INHERIT
|SEC_ACE_FLAG_INHERIT_ONLY
);
1791 if(other_access
.mask
)
1792 init_sec_ace(&ace_list
[num_acls
++], &global_sid_World
, other_acl_type
,
1793 other_access
, SEC_ACE_FLAG_OBJECT_INHERIT
|SEC_ACE_FLAG_INHERIT_ONLY
);
1797 if((psa
= make_sec_acl( 3, num_acls
, ace_list
)) == NULL
) {
1798 DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
1803 *ppdesc
= make_standard_sec_desc( &owner_sid
, &group_sid
, psa
, &sec_desc_size
);
1806 DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
1812 return sec_desc_size
;
1815 /****************************************************************************
1816 Reply to query a security descriptor - currently this is not implemented (it
1817 is planned to be though). Right now it just returns the same thing NT would
1818 when queried on a FAT filesystem. JRA.
1819 ****************************************************************************/
1821 static int call_nt_transact_query_security_desc(connection_struct
*conn
,
1822 char *inbuf
, char *outbuf
,
1823 int length
, int bufsize
,
1824 char **ppsetup
, char **ppparams
, char **ppdata
)
1826 uint32 max_data_count
= IVAL(inbuf
,smb_nt_MaxDataCount
);
1827 char *params
= *ppparams
;
1828 char *data
= *ppdata
;
1831 size_t sec_desc_size
;
1833 files_struct
*fsp
= file_fsp(params
,0);
1836 return(ERROR(ERRDOS
,ERRbadfid
));
1838 DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp
->fsp_name
));
1840 params
= *ppparams
= Realloc(*ppparams
, 4);
1842 return(ERROR(ERRDOS
,ERRnomem
));
1845 * Get the permissions to return.
1848 if((sec_desc_size
= get_nt_acl(fsp
, &psd
)) == 0)
1849 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1851 DEBUG(3,("call_nt_transact_query_security_desc: sec_desc_size = %d.\n",(int)sec_desc_size
));
1853 SIVAL(params
,0,(uint32
)sec_desc_size
);
1855 if(max_data_count
< sec_desc_size
) {
1857 free_sec_desc(&psd
);
1859 send_nt_replies(inbuf
, outbuf
, bufsize
, 0xC0000000|NT_STATUS_BUFFER_TOO_SMALL
,
1860 params
, 4, *ppdata
, 0);
1865 * Allocate the data we will point this at.
1868 data
= *ppdata
= Realloc(*ppdata
, sec_desc_size
);
1870 free_sec_desc(&psd
);
1871 return(ERROR(ERRDOS
,ERRnomem
));
1874 memset(data
, '\0', sec_desc_size
);
1877 * Init the parse struct we will marshall into.
1880 prs_init(&pd
, 0, 4, MARSHALL
);
1883 * Setup the prs_struct to point at the memory we just
1887 prs_give_memory( &pd
, data
, (uint32
)sec_desc_size
, False
);
1890 * Finally, linearize into the outgoing buffer.
1893 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
1894 free_sec_desc(&psd
);
1895 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
1896 security descriptor.\n"));
1898 * Return access denied for want of a better error message..
1900 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1904 * Now we can delete the security descriptor.
1907 free_sec_desc(&psd
);
1909 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, params
, 4, data
, (int)sec_desc_size
);
1913 /****************************************************************************
1915 ****************************************************************************/
1917 static BOOL
validate_unix_sid( DOM_SID
*psid
, uint32
*prid
, DOM_SID
*sd_sid
)
1919 extern DOM_SID global_sam_sid
;
1923 DEBUG(5,("validate_unix_sid: sid missing.\n"));
1927 sid_copy(psid
, sd_sid
);
1928 sid_copy(&sid
, sd_sid
);
1930 if(!sid_split_rid(&sid
, prid
)) {
1931 DEBUG(5,("validate_unix_sid: cannot get RID from sid.\n"));
1935 if(!sid_equal( &sid
, &global_sam_sid
)) {
1936 DEBUG(5,("validate_unix_sid: sid is not ours.\n"));
1943 /****************************************************************************
1944 Map NT perms to UNIX.
1945 ****************************************************************************/
1947 static mode_t
map_nt_perms( SEC_ACCESS sec_access
, int type
)
1953 if(sec_access
.mask
& GENERIC_ALL_ACCESS
)
1954 mode
= S_IRUSR
|S_IWUSR
|S_IXUSR
;
1956 mode
|= (sec_access
.mask
& GENERIC_READ_ACCESS
) ? S_IRUSR
: 0;
1957 mode
|= (sec_access
.mask
& GENERIC_WRITE_ACCESS
) ? S_IWUSR
: 0;
1958 mode
|= (sec_access
.mask
& GENERIC_EXECUTE_ACCESS
) ? S_IXUSR
: 0;
1962 if(sec_access
.mask
& GENERIC_ALL_ACCESS
)
1963 mode
= S_IRGRP
|S_IWGRP
|S_IXGRP
;
1965 mode
|= (sec_access
.mask
& GENERIC_READ_ACCESS
) ? S_IRGRP
: 0;
1966 mode
|= (sec_access
.mask
& GENERIC_WRITE_ACCESS
) ? S_IWGRP
: 0;
1967 mode
|= (sec_access
.mask
& GENERIC_EXECUTE_ACCESS
) ? S_IXGRP
: 0;
1971 if(sec_access
.mask
& GENERIC_ALL_ACCESS
)
1972 mode
= S_IROTH
|S_IWOTH
|S_IXOTH
;
1974 mode
|= (sec_access
.mask
& GENERIC_READ_ACCESS
) ? S_IROTH
: 0;
1975 mode
|= (sec_access
.mask
& GENERIC_WRITE_ACCESS
) ? S_IWOTH
: 0;
1976 mode
|= (sec_access
.mask
& GENERIC_EXECUTE_ACCESS
) ? S_IXOTH
: 0;
1984 /****************************************************************************
1985 Unpack a SEC_DESC into a owner, group and set of UNIX permissions.
1986 ****************************************************************************/
1988 static BOOL
unpack_nt_permissions(uid_t
*puser
, gid_t
*pgrp
, mode_t
*pmode
, uint32 security_info_sent
,
1989 SEC_DESC
*psd
, BOOL is_directory
)
1991 extern DOM_SID global_sid_World
;
1996 SEC_ACL
*dacl
= psd
->dacl
;
2003 if(security_info_sent
== 0) {
2004 DEBUG(0,("unpack_unix_permissions: no security info sent !\n"));
2009 * Validate the owner and group SID's.
2012 memset(&owner_sid
, '\0', sizeof(owner_sid
));
2013 memset(&grp_sid
, '\0', sizeof(grp_sid
));
2015 DEBUG(5,("unpack_unix_permissions: validating owner_sid.\n"));
2018 * Don't immediately fail if the owner sid cannot be validated.
2019 * This may be a group chown only set.
2022 if(!validate_unix_sid( &owner_sid
, &owner_rid
, psd
->owner_sid
))
2023 DEBUG(3,("unpack_unix_permissions: unable to validate owner sid.\n"));
2024 else if(security_info_sent
& OWNER_SECURITY_INFORMATION
)
2025 *puser
= pdb_user_rid_to_uid(owner_rid
);
2028 * Don't immediately fail if the group sid cannot be validated.
2029 * This may be an owner chown only set.
2032 if(!validate_unix_sid( &grp_sid
, &grp_rid
, psd
->grp_sid
))
2033 DEBUG(3,("unpack_unix_permissions: unable to validate group sid.\n"));
2034 else if(security_info_sent
& GROUP_SECURITY_INFORMATION
)
2035 *pgrp
= pdb_user_rid_to_gid(grp_rid
);
2038 * If no DACL then this is a chown only security descriptor.
2041 if(!(security_info_sent
& DACL_SECURITY_INFORMATION
) || !dacl
) {
2047 * Now go through the DACL and ensure that
2048 * any owner/group sids match.
2051 for(i
= 0; i
< dacl
->num_aces
; i
++) {
2053 SEC_ACE
*psa
= &dacl
->ace_list
[i
];
2055 if((psa
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
) &&
2056 (psa
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
)) {
2057 DEBUG(3,("unpack_unix_permissions: unable to set anything but an ALLOW or DENY ACE.\n"));
2062 * Ignore or remove bits we don't care about on a directory ACE.
2066 if(psa
->flags
& SEC_ACE_FLAG_INHERIT_ONLY
) {
2067 DEBUG(3,("unpack_unix_permissions: ignoring inherit only ACE.\n"));
2071 psa
->flags
&= ~(SEC_ACE_FLAG_OBJECT_INHERIT
|SEC_ACE_FLAG_CONTAINER_INHERIT
);
2074 if(psa
->flags
!= 0) {
2075 DEBUG(1,("unpack_unix_permissions: unable to set ACE flags (%x).\n",
2076 (unsigned int)psa
->flags
));
2081 * The security mask may be UNIX_ACCESS_NONE which should map into
2082 * no permissions (we overload the WRITE_OWNER bit for this) or it
2083 * should be one of the ALL/EXECUTE/READ/WRITE bits. Arrange for this
2084 * to be so. Any other bits override the UNIX_ACCESS_NONE bit.
2087 psa
->info
.mask
&= (GENERIC_ALL_ACCESS
|GENERIC_EXECUTE_ACCESS
|GENERIC_WRITE_ACCESS
|
2088 GENERIC_READ_ACCESS
|UNIX_ACCESS_NONE
);
2090 if(psa
->info
.mask
!= UNIX_ACCESS_NONE
)
2091 psa
->info
.mask
&= ~UNIX_ACCESS_NONE
;
2093 sid_copy(&ace_sid
, &psa
->sid
);
2095 if(sid_equal(&ace_sid
, &owner_sid
)) {
2097 * Map the desired permissions into owner perms.
2100 if(psa
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
)
2101 *pmode
|= map_nt_perms( psa
->info
, S_IRUSR
);
2103 *pmode
&= ~(map_nt_perms( psa
->info
, S_IRUSR
));
2105 } else if( sid_equal(&ace_sid
, &grp_sid
)) {
2107 * Map the desired permissions into group perms.
2110 if(psa
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
)
2111 *pmode
|= map_nt_perms( psa
->info
, S_IRGRP
);
2113 *pmode
&= ~(map_nt_perms( psa
->info
, S_IRGRP
));
2115 } else if( sid_equal(&ace_sid
, &global_sid_World
)) {
2117 * Map the desired permissions into other perms.
2120 if(psa
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
)
2121 *pmode
|= map_nt_perms( psa
->info
, S_IROTH
);
2123 *pmode
&= ~(map_nt_perms( psa
->info
, S_IROTH
));
2126 DEBUG(0,("unpack_unix_permissions: unknown SID used in ACL.\n"));
2134 /****************************************************************************
2135 Reply to set a security descriptor. Map to UNIX perms.
2136 ****************************************************************************/
2138 static int call_nt_transact_set_security_desc(connection_struct
*conn
,
2139 char *inbuf
, char *outbuf
, int length
,
2140 int bufsize
, char **ppsetup
,
2141 char **ppparams
, char **ppdata
)
2143 uint32 total_parameter_count
= IVAL(inbuf
, smb_nts_TotalParameterCount
);
2144 char *params
= *ppparams
;
2145 char *data
= *ppdata
;
2147 SEC_DESC
*psd
= NULL
;
2148 uint32 total_data_count
= (uint32
)IVAL(inbuf
, smb_nts_TotalDataCount
);
2149 uid_t user
= (uid_t
)-1;
2150 gid_t grp
= (gid_t
)-1;
2152 SMB_STRUCT_STAT sbuf
;
2153 files_struct
*fsp
= NULL
;
2154 uint32 security_info_sent
= 0;
2156 if(!lp_nt_acl_support())
2157 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
2159 if(total_parameter_count
< 8)
2160 return(ERROR(ERRDOS
,ERRbadfunc
));
2162 if((fsp
= file_fsp(params
,0)) == NULL
)
2163 return(ERROR(ERRDOS
,ERRbadfid
));
2165 security_info_sent
= IVAL(params
,4);
2167 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp
->fsp_name
,
2168 (unsigned int)security_info_sent
));
2171 * Init the parse struct we will unmarshall from.
2174 prs_init(&pd
, 0, 4, UNMARSHALL
);
2177 * Setup the prs_struct to point at the memory we just
2181 prs_give_memory( &pd
, data
, total_data_count
, False
);
2184 * Finally, unmarshall from the data buffer.
2187 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
2188 free_sec_desc(&psd
);
2189 DEBUG(0,("call_nt_transact_set_security_desc: Error in unmarshalling \
2190 security descriptor.\n"));
2192 * Return access denied for want of a better error message..
2194 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
2198 * Unpack the user/group/world id's and permissions.
2201 if(!unpack_nt_permissions( &user
, &grp
, &perms
, security_info_sent
, psd
, fsp
->is_directory
)) {
2202 free_sec_desc(&psd
);
2203 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
2207 * Get the current state of the file.
2210 if(fsp
->is_directory
) {
2211 if(dos_stat(fsp
->fsp_name
, &sbuf
) != 0) {
2212 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
2218 if(fsp
->fd_ptr
== NULL
)
2219 ret
= dos_stat(fsp
->fsp_name
, &sbuf
);
2221 ret
= sys_fstat(fsp
->fd_ptr
->fd
,&sbuf
);
2224 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
2228 * Do we need to chown ?
2231 if((user
!= (uid_t
)-1 || grp
!= (uid_t
)-1) && (sbuf
.st_uid
!= user
|| sbuf
.st_gid
!= grp
)) {
2233 DEBUG(3,("call_nt_transact_set_security_desc: chown %s. uid = %u, gid = %u.\n",
2234 fsp
->fsp_name
, (unsigned int)user
, (unsigned int)grp
));
2236 if(dos_chown( fsp
->fsp_name
, user
, grp
) == -1) {
2237 DEBUG(3,("call_nt_transact_set_security_desc: chown %s, %u, %u failed. Error = %s.\n",
2238 fsp
->fsp_name
, (unsigned int)user
, (unsigned int)grp
, strerror(errno
) ));
2239 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
2244 * Only change security if we got a DACL.
2247 if((security_info_sent
& DACL_SECURITY_INFORMATION
) && (psd
->dacl
!= NULL
)) {
2249 free_sec_desc(&psd
);
2252 * Check to see if we need to change anything.
2255 if(fsp
->is_directory
) {
2257 perms
&= lp_dir_mode(SNUM(conn
));
2258 perms
|= lp_force_dir_mode(SNUM(conn
));
2262 perms
&= lp_create_mode(SNUM(conn
));
2263 perms
|= lp_force_create_mode(SNUM(conn
));
2268 * Do we need to chmod ?
2271 if(sbuf
.st_mode
!= perms
) {
2273 DEBUG(3,("call_nt_transact_set_security_desc: chmod %s. perms = 0%o.\n",
2274 fsp
->fsp_name
, (unsigned int)perms
));
2276 if(dos_chmod( fsp
->fsp_name
, perms
) == -1) {
2277 DEBUG(3,("call_nt_transact_set_security_desc: chmod %s, 0%o failed. Error = %s.\n",
2278 fsp
->fsp_name
, (unsigned int)perms
, strerror(errno
) ));
2279 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
2284 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, NULL
, 0, NULL
, 0);
2288 /****************************************************************************
2289 Reply to IOCTL - not implemented - no plans.
2290 ****************************************************************************/
2291 static int call_nt_transact_ioctl(connection_struct
*conn
,
2292 char *inbuf
, char *outbuf
, int length
,
2294 char **ppsetup
, char **ppparams
, char **ppdata
)
2296 static BOOL logged_message
= False
;
2298 if(!logged_message
) {
2299 DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
2300 logged_message
= True
; /* Only print this once... */
2302 return(ERROR(ERRSRV
,ERRnosupport
));
2305 /****************************************************************************
2306 Reply to a SMBNTtrans.
2307 ****************************************************************************/
2308 int reply_nttrans(connection_struct
*conn
,
2309 char *inbuf
,char *outbuf
,int length
,int bufsize
)
2312 #if 0 /* Not used. */
2313 uint16 max_setup_count
= CVAL(inbuf
, smb_nt_MaxSetupCount
);
2314 uint32 max_parameter_count
= IVAL(inbuf
, smb_nt_MaxParameterCount
);
2315 uint32 max_data_count
= IVAL(inbuf
,smb_nt_MaxDataCount
);
2316 #endif /* Not used. */
2317 uint32 total_parameter_count
= IVAL(inbuf
, smb_nt_TotalParameterCount
);
2318 uint32 total_data_count
= IVAL(inbuf
, smb_nt_TotalDataCount
);
2319 uint32 parameter_count
= IVAL(inbuf
,smb_nt_ParameterCount
);
2320 uint32 parameter_offset
= IVAL(inbuf
,smb_nt_ParameterOffset
);
2321 uint32 data_count
= IVAL(inbuf
,smb_nt_DataCount
);
2322 uint32 data_offset
= IVAL(inbuf
,smb_nt_DataOffset
);
2323 uint16 setup_count
= 2*CVAL(inbuf
,smb_nt_SetupCount
); /* setup count is in *words* */
2324 uint16 function_code
= SVAL( inbuf
, smb_nt_Function
);
2325 char *params
= NULL
, *data
= NULL
, *setup
= NULL
;
2326 uint32 num_params_sofar
, num_data_sofar
;
2328 if(global_oplock_break
&& (function_code
== NT_TRANSACT_CREATE
)) {
2330 * Queue this open message as we are the process of an oplock break.
2333 DEBUG(2,("reply_nttrans: queueing message NT_TRANSACT_CREATE \
2334 due to being in oplock break state.\n" ));
2336 push_oplock_pending_smb_message( inbuf
, length
);
2340 outsize
= set_message(outbuf
,0,0,True
);
2343 * All nttrans messages we handle have smb_wct == 19 + setup_count.
2344 * Ensure this is so as a sanity check.
2347 if(CVAL(inbuf
, smb_wct
) != 19 + (setup_count
/2)) {
2348 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
2349 CVAL(inbuf
, smb_wct
), 19 + (setup_count
/2)));
2350 return(ERROR(ERRSRV
,ERRerror
));
2353 /* Allocate the space for the setup, the maximum needed parameters and data */
2356 setup
= (char *)malloc(setup_count
);
2357 if (total_parameter_count
> 0)
2358 params
= (char *)malloc(total_parameter_count
);
2359 if (total_data_count
> 0)
2360 data
= (char *)malloc(total_data_count
);
2362 if ((total_parameter_count
&& !params
) || (total_data_count
&& !data
) ||
2363 (setup_count
&& !setup
)) {
2364 DEBUG(0,("reply_nttrans : Out of memory\n"));
2365 return(ERROR(ERRDOS
,ERRnomem
));
2368 /* Copy the param and data bytes sent with this request into
2369 the params buffer */
2370 num_params_sofar
= parameter_count
;
2371 num_data_sofar
= data_count
;
2373 if (parameter_count
> total_parameter_count
|| data_count
> total_data_count
)
2374 exit_server("reply_nttrans: invalid sizes in packet.\n");
2377 memcpy( setup
, &inbuf
[smb_nt_SetupStart
], setup_count
);
2378 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count
));
2379 dump_data(10, setup
, setup_count
);
2382 memcpy( params
, smb_base(inbuf
) + parameter_offset
, parameter_count
);
2383 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count
));
2384 dump_data(10, params
, parameter_count
);
2387 memcpy( data
, smb_base(inbuf
) + data_offset
, data_count
);
2388 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count
));
2389 dump_data(10, data
, data_count
);
2392 if(num_data_sofar
< total_data_count
|| num_params_sofar
< total_parameter_count
) {
2393 /* We need to send an interim response then receive the rest
2394 of the parameter/data bytes */
2395 outsize
= set_message(outbuf
,0,0,True
);
2396 send_smb(Client
,outbuf
);
2398 while( num_data_sofar
< total_data_count
|| num_params_sofar
< total_parameter_count
) {
2401 ret
= receive_next_smb(inbuf
,bufsize
,SMB_SECONDARY_WAIT
);
2403 if((ret
&& (CVAL(inbuf
, smb_com
) != SMBnttranss
)) || !ret
) {
2404 outsize
= set_message(outbuf
,0,0,True
);
2406 DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
2408 DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
2409 (smb_read_error
== READ_ERROR
) ? "error" : "timeout" ));
2417 return(ERROR(ERRSRV
,ERRerror
));
2420 /* Revise total_params and total_data in case they have changed downwards */
2421 total_parameter_count
= IVAL(inbuf
, smb_nts_TotalParameterCount
);
2422 total_data_count
= IVAL(inbuf
, smb_nts_TotalDataCount
);
2423 num_params_sofar
+= (parameter_count
= IVAL(inbuf
,smb_nts_ParameterCount
));
2424 num_data_sofar
+= ( data_count
= IVAL(inbuf
, smb_nts_DataCount
));
2425 if (num_params_sofar
> total_parameter_count
|| num_data_sofar
> total_data_count
)
2426 exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
2428 memcpy( ¶ms
[ IVAL(inbuf
, smb_nts_ParameterDisplacement
)],
2429 smb_base(inbuf
) + IVAL(inbuf
, smb_nts_ParameterOffset
), parameter_count
);
2430 memcpy( &data
[IVAL(inbuf
, smb_nts_DataDisplacement
)],
2431 smb_base(inbuf
)+ IVAL(inbuf
, smb_nts_DataOffset
), data_count
);
2435 if (Protocol
>= PROTOCOL_NT1
) {
2436 uint16 flg2
= SVAL(outbuf
,smb_flg2
);
2437 SSVAL(outbuf
,smb_flg2
,flg2
| 0x40); /* IS_LONG_NAME */
2440 /* Now we must call the relevant NT_TRANS function */
2441 switch(function_code
) {
2442 case NT_TRANSACT_CREATE
:
2443 outsize
= call_nt_transact_create(conn
, inbuf
, outbuf
, length
, bufsize
,
2444 &setup
, ¶ms
, &data
);
2446 case NT_TRANSACT_IOCTL
:
2447 outsize
= call_nt_transact_ioctl(conn
,
2448 inbuf
, outbuf
, length
, bufsize
,
2449 &setup
, ¶ms
, &data
);
2451 case NT_TRANSACT_SET_SECURITY_DESC
:
2452 outsize
= call_nt_transact_set_security_desc(conn
, inbuf
, outbuf
,
2454 &setup
, ¶ms
, &data
);
2456 case NT_TRANSACT_NOTIFY_CHANGE
:
2457 outsize
= call_nt_transact_notify_change(conn
, inbuf
, outbuf
,
2459 &setup
, ¶ms
, &data
);
2461 case NT_TRANSACT_RENAME
:
2462 outsize
= call_nt_transact_rename(conn
, inbuf
, outbuf
, length
,
2464 &setup
, ¶ms
, &data
);
2467 case NT_TRANSACT_QUERY_SECURITY_DESC
:
2468 outsize
= call_nt_transact_query_security_desc(conn
, inbuf
, outbuf
,
2470 &setup
, ¶ms
, &data
);
2473 /* Error in request */
2474 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code
));
2481 return (ERROR(ERRSRV
,ERRerror
));
2484 /* As we do not know how many data packets will need to be
2485 returned here the various call_nt_transact_xxxx calls
2486 must send their own. Thus a call_nt_transact_xxxx routine only
2487 returns a value other than -1 when it wants to send
2497 return outsize
; /* If a correct response was needed the call_nt_transact_xxxx
2498 calls have already sent it. If outsize != -1 then it is
2499 returning an error packet. */